* [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.16/, 3.2.62/, 3.15.9/, 3.15.8/, 3.14.15/, 3.2.61/
2014-08-19 14:07 [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.16/, 3.2.62/, 3.15.9/, 3.15.8/, 3.14.15/, 3.2.61/ Anthony G. Basile
@ 2014-08-11 22:35 ` Anthony G. Basile
0 siblings, 0 replies; 2+ messages in thread
From: Anthony G. Basile @ 2014-08-11 22:35 UTC (permalink / raw
To: gentoo-commits
commit: 57f18994252ed101648a261f83f589f64b29504f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 11 22:37:16 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Aug 11 22:37:16 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=57f18994
Grsec/PaX: 3.0-{3.2.62,3.14.16,3.15.9}-201408110025
---
{3.14.15 => 3.14.16}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.14.16-201408110024.patch | 462 ++-
.../4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
.../4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
.../4470_disable-compat_vdso.patch | 2 +-
.../4475_emutramp_default_on.patch | 0
{3.15.8 => 3.15.9}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.15.9-201408110025.patch | 464 ++-
{3.15.8 => 3.15.9}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.15.8 => 3.15.9}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.15.8 => 3.15.9}/4470_disable-compat_vdso.patch | 2 +-
{3.15.8 => 3.15.9}/4475_emutramp_default_on.patch | 0
{3.2.61 => 3.2.62}/0000_README | 6 +-
{3.2.61 => 3.2.62}/1021_linux-3.2.22.patch | 0
{3.2.61 => 3.2.62}/1022_linux-3.2.23.patch | 0
{3.2.61 => 3.2.62}/1023_linux-3.2.24.patch | 0
{3.2.61 => 3.2.62}/1024_linux-3.2.25.patch | 0
{3.2.61 => 3.2.62}/1025_linux-3.2.26.patch | 0
{3.2.61 => 3.2.62}/1026_linux-3.2.27.patch | 0
{3.2.61 => 3.2.62}/1027_linux-3.2.28.patch | 0
{3.2.61 => 3.2.62}/1028_linux-3.2.29.patch | 0
{3.2.61 => 3.2.62}/1029_linux-3.2.30.patch | 0
{3.2.61 => 3.2.62}/1030_linux-3.2.31.patch | 0
{3.2.61 => 3.2.62}/1031_linux-3.2.32.patch | 0
{3.2.61 => 3.2.62}/1032_linux-3.2.33.patch | 0
{3.2.61 => 3.2.62}/1033_linux-3.2.34.patch | 0
{3.2.61 => 3.2.62}/1034_linux-3.2.35.patch | 0
{3.2.61 => 3.2.62}/1035_linux-3.2.36.patch | 0
{3.2.61 => 3.2.62}/1036_linux-3.2.37.patch | 0
{3.2.61 => 3.2.62}/1037_linux-3.2.38.patch | 0
{3.2.61 => 3.2.62}/1038_linux-3.2.39.patch | 0
{3.2.61 => 3.2.62}/1039_linux-3.2.40.patch | 0
{3.2.61 => 3.2.62}/1040_linux-3.2.41.patch | 0
{3.2.61 => 3.2.62}/1041_linux-3.2.42.patch | 0
{3.2.61 => 3.2.62}/1042_linux-3.2.43.patch | 0
{3.2.61 => 3.2.62}/1043_linux-3.2.44.patch | 0
{3.2.61 => 3.2.62}/1044_linux-3.2.45.patch | 0
{3.2.61 => 3.2.62}/1045_linux-3.2.46.patch | 0
{3.2.61 => 3.2.62}/1046_linux-3.2.47.patch | 0
{3.2.61 => 3.2.62}/1047_linux-3.2.48.patch | 0
{3.2.61 => 3.2.62}/1048_linux-3.2.49.patch | 0
{3.2.61 => 3.2.62}/1049_linux-3.2.50.patch | 0
{3.2.61 => 3.2.62}/1050_linux-3.2.51.patch | 0
{3.2.61 => 3.2.62}/1051_linux-3.2.52.patch | 0
{3.2.61 => 3.2.62}/1052_linux-3.2.53.patch | 0
{3.2.61 => 3.2.62}/1053_linux-3.2.54.patch | 0
{3.2.61 => 3.2.62}/1054_linux-3.2.55.patch | 0
{3.2.61 => 3.2.62}/1055_linux-3.2.56.patch | 0
{3.2.61 => 3.2.62}/1056_linux-3.2.57.patch | 0
{3.2.61 => 3.2.62}/1057_linux-3.2.58.patch | 0
{3.2.61 => 3.2.62}/1058_linux-3.2.59.patch | 0
{3.2.61 => 3.2.62}/1059_linux-3.2.60.patch | 0
{3.2.61 => 3.2.62}/1060_linux-3.2.61.patch | 0
3.2.62/1061_linux-3.2.62.patch | 3129 ++++++++++++++++++++
.../4420_grsecurity-3.0-3.2.62-201408110020.patch | 472 ++-
{3.2.61 => 3.2.62}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 4 +-
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.2.61 => 3.2.62}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.2.61 => 3.2.62}/4470_disable-compat_vdso.patch | 2 +-
{3.2.61 => 3.2.62}/4475_emutramp_default_on.patch | 0
74 files changed, 3751 insertions(+), 796 deletions(-)
diff --git a/3.14.15/0000_README b/3.14.16/0000_README
similarity index 96%
rename from 3.14.15/0000_README
rename to 3.14.16/0000_README
index d7dc469..c6cf3fc 100644
--- a/3.14.15/0000_README
+++ b/3.14.16/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.15-201408032014.patch
+Patch: 4420_grsecurity-3.0-3.14.16-201408110024.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
similarity index 99%
rename from 3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch
rename to 3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
index 96db0fa..cd58a6f 100644
--- a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch
+++ b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 188523e..5c8d8ee 100644
+index 8b22e24..7f4d29b 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -313,10 +313,13 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -585,6 +586,72 @@ else
+@@ -585,6 +586,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -386,7 +389,7 @@ index 188523e..5c8d8ee 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -781,7 +848,7 @@ export mod_sign_cmd
+@@ -781,7 +851,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -395,7 +398,7 @@ index 188523e..5c8d8ee 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -830,6 +897,8 @@ endif
+@@ -830,6 +900,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -404,7 +407,7 @@ index 188523e..5c8d8ee 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -839,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -413,7 +416,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -882,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -427,7 +430,7 @@ index 188523e..5c8d8ee 100644
prepare: prepare0
# Generate some files
-@@ -993,6 +1065,8 @@ all: modules
+@@ -993,6 +1068,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -436,7 +439,7 @@ index 188523e..5c8d8ee 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1008,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -445,7 +448,7 @@ index 188523e..5c8d8ee 100644
# Target to install modules
PHONY += modules_install
-@@ -1074,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -457,7 +460,7 @@ index 188523e..5c8d8ee 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1113,7 +1190,7 @@ distclean: mrproper
+@@ -1113,7 +1193,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -466,7 +469,7 @@ index 188523e..5c8d8ee 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1275,6 +1352,8 @@ PHONY += $(module-dirs) modules
+@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -475,7 +478,7 @@ index 188523e..5c8d8ee 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1414,17 +1493,21 @@ else
+@@ -1414,17 +1496,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -501,7 +504,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1434,11 +1517,15 @@ endif
+@@ -1434,11 +1520,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -4329,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index b68c6b2..f66c492 100644
+index f15c22e..d830561 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,6 +39,22 @@
@@ -12643,7 +12646,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 7324107..a63fd9f 100644
+index c718d9f..511e6fa 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -126,7 +126,7 @@ config X86
@@ -12672,7 +12675,7 @@ index 7324107..a63fd9f 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1112,7 +1113,7 @@ choice
+@@ -1129,7 +1130,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12681,7 +12684,7 @@ index 7324107..a63fd9f 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1149,7 +1150,7 @@ config NOHIGHMEM
+@@ -1166,7 +1167,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12690,7 +12693,7 @@ index 7324107..a63fd9f 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1202,7 +1203,7 @@ config PAGE_OFFSET
+@@ -1219,7 +1220,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12699,7 +12702,7 @@ index 7324107..a63fd9f 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz
+@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12707,7 +12710,7 @@ index 7324107..a63fd9f 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS
+@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12718,7 +12721,7 @@ index 7324107..a63fd9f 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -17184,7 +17187,7 @@ index 91d9c69..dfae7d0 100644
* Convert a virtual cached pointer to an uncached pointer
*/
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
-index bba3cf8..06bc8da 100644
+index 0a8b519..80e7d5b 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
@@ -18395,21 +18398,24 @@ index e22c1db..23a625a 100644
}
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index c883bf7..19970b3 100644
+index 7166e25..baaa6fe 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define MODULES_EXEC_VADDR MODULES_VADDR
+#define MODULES_EXEC_END MODULES_END
-+
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL)
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
+
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
-
++
#define EARLY_DYNAMIC_PAGE_TABLES 64
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 94e40f1..ebd03e4 100644
--- a/arch/x86/include/asm/pgtable_types.h
@@ -20768,7 +20774,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index cb648c8..91cb07e 100644
+index 56bac86..9d8df82 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -22489,7 +22495,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c87810b..413d83f 100644
+index c5a9cb9..228d280 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22848,7 +22854,7 @@ index c87810b..413d83f 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -577,14 +784,34 @@ ldt_ss:
+@@ -580,14 +787,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22886,7 +22892,7 @@ index c87810b..413d83f 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -613,20 +840,18 @@ work_resched:
+@@ -617,20 +844,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22909,7 +22915,7 @@ index c87810b..413d83f 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -647,7 +872,7 @@ work_notifysig_v86:
+@@ -651,7 +876,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22918,7 +22924,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -655,11 +880,14 @@ syscall_trace_entry:
+@@ -659,11 +884,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22934,7 +22940,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -672,26 +900,30 @@ syscall_exit_work:
+@@ -676,26 +904,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22969,9 +22975,9 @@ index c87810b..413d83f 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -707,8 +939,15 @@ END(syscall_badsys)
- * normal stack and adjusts ESP with the matching offset.
+@@ -712,8 +944,15 @@ END(syscall_badsys)
*/
+ #ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -22987,7 +22993,7 @@ index c87810b..413d83f 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -761,7 +1000,7 @@ vector=vector+1
+@@ -769,7 +1008,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22996,7 +23002,7 @@ index c87810b..413d83f 100644
.previous
END(interrupt)
-@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error)
+@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -23005,7 +23011,7 @@ index c87810b..413d83f 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -23014,7 +23020,7 @@ index c87810b..413d83f 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error)
+@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -23023,7 +23029,7 @@ index c87810b..413d83f 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -853,18 +1092,18 @@ ENTRY(device_not_available)
+@@ -861,18 +1100,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -23045,7 +23051,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(overflow)
-@@ -874,7 +1113,7 @@ ENTRY(overflow)
+@@ -882,7 +1121,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -23054,7 +23060,7 @@ index c87810b..413d83f 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -883,7 +1122,7 @@ ENTRY(bounds)
+@@ -891,7 +1130,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -23063,7 +23069,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -892,7 +1131,7 @@ ENTRY(invalid_op)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -23072,7 +23078,7 @@ index c87810b..413d83f 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -23081,7 +23087,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS)
+@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -23090,7 +23096,7 @@ index c87810b..413d83f 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -917,7 +1156,7 @@ ENTRY(segment_not_present)
+@@ -925,7 +1164,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -23099,7 +23105,7 @@ index c87810b..413d83f 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -925,7 +1164,7 @@ ENTRY(stack_segment)
+@@ -933,7 +1172,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -23108,7 +23114,7 @@ index c87810b..413d83f 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -933,7 +1172,7 @@ ENTRY(alignment_check)
+@@ -941,7 +1180,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -23117,7 +23123,7 @@ index c87810b..413d83f 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -942,7 +1181,7 @@ ENTRY(divide_error)
+@@ -950,7 +1189,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -23126,7 +23132,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -952,7 +1191,7 @@ ENTRY(machine_check)
+@@ -960,7 +1199,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -23135,7 +23141,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -23144,7 +23150,7 @@ index c87810b..413d83f 100644
/*
* End of kprobes section
*/
-@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -23153,7 +23159,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1105,7 +1344,7 @@ ftrace_graph_call:
+@@ -1113,7 +1352,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -23162,7 +23168,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1209,7 +1448,7 @@ trace:
+@@ -1217,7 +1456,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -23171,7 +23177,7 @@ index c87810b..413d83f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -23180,7 +23186,7 @@ index c87810b..413d83f 100644
.globl return_to_handler
return_to_handler:
-@@ -1293,15 +1532,18 @@ error_code:
+@@ -1301,15 +1540,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -23201,7 +23207,7 @@ index c87810b..413d83f 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1344,7 +1586,7 @@ debug_stack_correct:
+@@ -1352,7 +1594,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -23210,7 +23216,7 @@ index c87810b..413d83f 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1382,6 +1624,9 @@ nmi_stack_correct:
+@@ -1392,6 +1634,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -23220,7 +23226,7 @@ index c87810b..413d83f 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1418,12 +1663,15 @@ nmi_espfix_stack:
+@@ -1429,13 +1674,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -23231,13 +23237,14 @@ index c87810b..413d83f 100644
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+ #endif
CFI_ENDPROC
-END(nmi)
+ENDPROC(nmi)
ENTRY(int3)
RING0_INT_FRAME
-@@ -1436,14 +1684,14 @@ ENTRY(int3)
+@@ -1448,14 +1696,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -23254,7 +23261,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault)
+@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -23264,19 +23271,19 @@ index c87810b..413d83f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1e96c36..3ff710a 100644
+index 03cd2a8..05a9aed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -59,6 +59,8 @@
- #include <asm/context_tracking.h>
+@@ -60,6 +60,8 @@
#include <asm/smap.h>
+ #include <asm/pgtable_types.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -80,8 +82,9 @@
+@@ -81,8 +83,9 @@
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(function_hook)
@@ -23287,7 +23294,7 @@ index 1e96c36..3ff710a 100644
/* skip is set if stack has been adjusted */
.macro ftrace_caller_setup skip=0
-@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call)
+@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -23298,7 +23305,7 @@ index 1e96c36..3ff710a 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before compare (in SS location)*/
-@@ -191,7 +195,7 @@ ftrace_restore_flags:
+@@ -192,7 +196,7 @@ ftrace_restore_flags:
popfq
jmp ftrace_stub
@@ -23307,7 +23314,7 @@ index 1e96c36..3ff710a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -212,6 +216,7 @@ ENTRY(function_hook)
+@@ -213,6 +217,7 @@ ENTRY(function_hook)
#endif
GLOBAL(ftrace_stub)
@@ -23315,7 +23322,7 @@ index 1e96c36..3ff710a 100644
retq
trace:
-@@ -225,12 +230,13 @@ trace:
+@@ -226,12 +231,13 @@ trace:
#endif
subq $MCOUNT_INSN_SIZE, %rdi
@@ -23330,7 +23337,7 @@ index 1e96c36..3ff710a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller)
+@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -23341,7 +23348,7 @@ index 1e96c36..3ff710a 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -269,7 +276,9 @@ GLOBAL(return_to_handler)
+@@ -270,7 +277,9 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -23351,7 +23358,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
+@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23782,7 +23789,7 @@ index 1e96c36..3ff710a 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23791,7 +23798,7 @@ index 1e96c36..3ff710a 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23819,7 +23826,7 @@ index 1e96c36..3ff710a 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23859,7 +23866,7 @@ index 1e96c36..3ff710a 100644
je 1f
SWAPGS
/*
-@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23878,7 +23885,7 @@ index 1e96c36..3ff710a 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -514,9 +939,52 @@ ENTRY(save_paranoid)
+@@ -515,9 +940,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23933,7 +23940,7 @@ index 1e96c36..3ff710a 100644
.popsection
/*
-@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23942,7 +23949,7 @@ index 1e96c36..3ff710a 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork)
+@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23959,7 +23966,7 @@ index 1e96c36..3ff710a 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1059,7 @@ END(ret_from_fork)
+@@ -594,7 +1060,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23968,7 +23975,7 @@ index 1e96c36..3ff710a 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23994,7 +24001,7 @@ index 1e96c36..3ff710a 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -639,10 +1112,13 @@ sysret_check:
+@@ -640,10 +1113,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -24009,7 +24016,7 @@ index 1e96c36..3ff710a 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -701,6 +1177,9 @@ auditsys:
+@@ -702,6 +1178,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -24019,7 +24026,7 @@ index 1e96c36..3ff710a 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -722,7 +1201,7 @@ sysret_audit:
+@@ -723,7 +1202,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -24028,7 +24035,7 @@ index 1e96c36..3ff710a 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1209,15 @@ tracesys:
+@@ -731,12 +1210,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -24045,7 +24052,7 @@ index 1e96c36..3ff710a 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -765,7 +1247,9 @@ GLOBAL(int_with_check)
+@@ -766,7 +1248,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -24056,7 +24063,7 @@ index 1e96c36..3ff710a 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1295,7 @@ int_restore_rest:
+@@ -812,7 +1296,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -24065,7 +24072,7 @@ index 1e96c36..3ff710a 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1308,10 @@ ENTRY(stub_\func)
+@@ -825,9 +1309,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -24078,7 +24085,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1321,10 @@ ENTRY(\label)
+@@ -837,9 +1322,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -24090,7 +24097,7 @@ index 1e96c36..3ff710a 100644
.endm
FORK_LIKE clone
-@@ -846,19 +1332,6 @@ END(\label)
+@@ -847,19 +1333,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -24110,7 +24117,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -870,7 +1343,7 @@ ENTRY(stub_execve)
+@@ -871,7 +1344,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24119,7 +24126,7 @@ index 1e96c36..3ff710a 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24128,7 +24135,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24137,7 +24144,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve)
+@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24146,7 +24153,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -952,7 +1425,7 @@ vector=vector+1
+@@ -953,7 +1426,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -24155,7 +24162,7 @@ index 1e96c36..3ff710a 100644
.previous
END(interrupt)
-@@ -969,8 +1442,8 @@ END(interrupt)
+@@ -970,8 +1443,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -24166,7 +24173,7 @@ index 1e96c36..3ff710a 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -997,14 +1470,14 @@ ret_from_intr:
+@@ -998,14 +1471,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -24185,7 +24192,7 @@ index 1e96c36..3ff710a 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */
+@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -24202,16 +24209,32 @@ index 1e96c36..3ff710a 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel)
+@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel)
+ jmp exit_intr
#endif
-
CFI_ENDPROC
-END(common_interrupt)
+ENDPROC(common_interrupt)
- /*
- * End of kprobes section
- */
-@@ -1130,7 +1607,7 @@ ENTRY(\sym)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+@@ -1167,13 +1644,13 @@ __do_double_fault:
+ cmpq $native_irq_return_iret,%rax
+ jne do_double_fault /* This shouldn't happen... */
+ movq PER_CPU_VAR(kernel_stack),%rax
+- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
++ subq $(6*8),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+-END(__do_double_fault)
++ENDPROC(__do_double_fault)
+ #else
+ # define __do_double_fault do_double_fault
+ #endif
+@@ -1195,7 +1672,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -24220,7 +24243,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1218,7 +1695,7 @@ ENTRY(\sym)
+@@ -1283,7 +1760,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24229,7 +24252,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1236,10 +1713,10 @@ ENTRY(\sym)
+@@ -1301,10 +1778,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24242,7 +24265,7 @@ index 1e96c36..3ff710a 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,12 +1729,18 @@ ENTRY(\sym)
+@@ -1317,12 +1794,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -24262,7 +24285,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro errorentry sym do_sym
-@@ -1275,7 +1758,7 @@ ENTRY(\sym)
+@@ -1340,7 +1823,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24271,7 +24294,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1306,7 +1789,7 @@ ENTRY(\sym)
+@@ -1371,7 +1854,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24280,7 +24303,7 @@ index 1e96c36..3ff710a 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1336,9 +1819,10 @@ gs_change:
+@@ -1401,9 +1884,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24292,7 +24315,7 @@ index 1e96c36..3ff710a 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24304,7 +24327,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24313,7 +24336,7 @@ index 1e96c36..3ff710a 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24322,7 +24345,7 @@ index 1e96c36..3ff710a 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit)
+@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24358,7 +24381,7 @@ index 1e96c36..3ff710a 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1557,7 +2057,7 @@ paranoid_schedule:
+@@ -1622,7 +2122,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24367,7 +24390,7 @@ index 1e96c36..3ff710a 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1584,12 +2084,23 @@ ENTRY(error_entry)
+@@ -1649,12 +2149,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -24392,7 +24415,7 @@ index 1e96c36..3ff710a 100644
ret
/*
-@@ -1616,7 +2127,7 @@ bstep_iret:
+@@ -1681,7 +2192,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -24401,7 +24424,7 @@ index 1e96c36..3ff710a 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1627,7 +2138,7 @@ ENTRY(error_exit)
+@@ -1692,7 +2203,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24410,7 +24433,7 @@ index 1e96c36..3ff710a 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1636,7 +2147,7 @@ ENTRY(error_exit)
+@@ -1701,7 +2212,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24419,7 +24442,7 @@ index 1e96c36..3ff710a 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1694,9 +2205,11 @@ ENTRY(nmi)
+@@ -1759,9 +2270,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24432,7 +24455,7 @@ index 1e96c36..3ff710a 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1730,8 +2243,7 @@ nested_nmi:
+@@ -1795,8 +2308,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24442,7 +24465,7 @@ index 1e96c36..3ff710a 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1749,6 +2261,7 @@ nested_nmi_out:
+@@ -1814,6 +2326,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24450,7 +24473,7 @@ index 1e96c36..3ff710a 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1845,13 +2358,13 @@ end_repeat_nmi:
+@@ -1910,13 +2423,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24466,7 +24489,7 @@ index 1e96c36..3ff710a 100644
DEFAULT_FRAME 0
/*
-@@ -1861,9 +2374,9 @@ end_repeat_nmi:
+@@ -1926,9 +2439,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24478,7 +24501,7 @@ index 1e96c36..3ff710a 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1872,31 +2385,36 @@ end_repeat_nmi:
+@@ -1937,31 +2450,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -24520,6 +24543,19 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
+diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
+index 94d857f..bf1f0bf 100644
+--- a/arch/x86/kernel/espfix_64.c
++++ b/arch/x86/kernel/espfix_64.c
+@@ -197,7 +197,7 @@ void init_espfix_ap(void)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+- ACCESS_ONCE(espfix_pages[page]) = stack_page;
++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
+
+ unlock_done:
+ mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 1ffc32d..e52c745 100644
--- a/arch/x86/kernel/ftrace.c
@@ -26002,10 +26038,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index dcbbaa1..81ae763 100644
+index c37886d..d851d32 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -26021,7 +26057,7 @@ index dcbbaa1..81ae763 100644
#endif
}
if (oldsize) {
-@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -26030,7 +26066,7 @@ index dcbbaa1..81ae763 100644
return 0;
}
-@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -26055,7 +26091,7 @@ index dcbbaa1..81ae763 100644
return retval;
}
-@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -26066,9 +26102,9 @@ index dcbbaa1..81ae763 100644
+ }
+#endif
+
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27459,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index a32da80..041a4ff 100644
+index 395be6d..11665af 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused)
@@ -27484,7 +27520,7 @@ index a32da80..041a4ff 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27495,7 +27531,7 @@ index a32da80..041a4ff 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
@@ -27512,7 +27548,7 @@ index a32da80..041a4ff 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35813,7 +35849,7 @@ index fd14be1..e3c79c0 100644
#
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index f1d633a..a75c5f7 100644
+index d6bfb87..876ee18 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -25,6 +25,7 @@
@@ -35824,7 +35860,7 @@ index f1d633a..a75c5f7 100644
enum {
VDSO_DISABLED = 0,
-@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map)
+@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35833,7 +35869,7 @@ index f1d633a..a75c5f7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -250,7 +251,7 @@ static int __init gate_vma_init(void)
+@@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -35842,7 +35878,7 @@ index f1d633a..a75c5f7 100644
return 0;
}
-@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
if (compat)
addr = VDSO_HIGH_BASE;
else {
@@ -35859,7 +35895,7 @@ index f1d633a..a75c5f7 100644
if (compat_uses_vma || !compat) {
/*
-@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
}
current_thread_info()->sysenter_return =
@@ -35873,7 +35909,7 @@ index f1d633a..a75c5f7 100644
up_write(&mm->mmap_sem);
-@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init);
+@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -35889,7 +35925,7 @@ index f1d633a..a75c5f7 100644
return NULL;
}
-@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
+@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
* Check to see if the corresponding task was created in compat vdso
* mode.
*/
@@ -36582,26 +36618,6 @@ index 2648797..92ed21f 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index 966f893..6a3ad80 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -21,6 +21,7 @@
- #include <linux/module.h>
- #include <linux/net.h>
- #include <linux/rwsem.h>
-+#include <linux/security.h>
-
- struct alg_type_list {
- const struct af_alg_type *type;
-@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
-
- sock_init_data(newsock, sk2);
- sock_graft(sk2, newsock);
-+ security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
- if (err) {
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -39529,10 +39545,10 @@ index 18448a7..d5fad43 100644
/* Force all MSRs to the same value */
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 199b52b..e3503bb 100644
+index 153f4b9..d47054a 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
#endif
mutex_lock(&cpufreq_governor_mutex);
@@ -39541,7 +39557,7 @@ index 199b52b..e3503bb 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -39550,7 +39566,7 @@ index 199b52b..e3503bb 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -39570,7 +39586,7 @@ index 199b52b..e3503bb 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n", __func__,
-@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
@@ -39584,7 +39600,7 @@ index 199b52b..e3503bb 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
-@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
* Check if driver provides function to enable boost -
* if not, use cpufreq_boost_set_sw as default
*/
@@ -50470,25 +50486,10 @@ index d8afec8..3ec7152 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 62ec84b..384f684 100644
+index 64e487a..384f684 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
- scsi_next_command(cmd);
- return;
- }
-+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) {
-+ /*
-+ * Certain non BLOCK_PC requests are commands that don't
-+ * actually transfer anything (FLUSH), so cannot use
-+ * good_bytes != blk_rq_bytes(req) as the signal for an error.
-+ * This sets the error explicitly for the problem case.
-+ */
-+ error = __scsi_error_from_host_byte(cmd, result);
- }
-
- /* no bidi support for !REQ_TYPE_BLOCK_PC yet */
-@@ -1474,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -50497,7 +50498,7 @@ index 62ec84b..384f684 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1500,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -63137,6 +63138,19 @@ index 15f9d98..082c625 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
+index 8f854dd..d0fec26 100644
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
+ char *p = data + *result;
+
+ acl = get_acl(inode, type);
+- if (!acl)
++ if (IS_ERR_OR_NULL(acl))
+ return 0;
+
+ posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f23a6ca..730ddcc 100644
--- a/fs/nfsd/nfs4proc.c
@@ -80441,10 +80455,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..5c4bdee
+index 0000000..b87dd26
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,252 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -80456,6 +80470,9 @@ index 0000000..5c4bdee
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -82371,7 +82388,7 @@ index 1841b58..fbeebf8 100644
#define preempt_set_need_resched() \
do { \
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index fa47e27..c08e034 100644
+index cbf094f..86007b7 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold
@@ -85877,7 +85894,7 @@ index 93b6139..8d628b7 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 9c7fd4c..650b4f1 100644
+index 58c132d..ac3f3b0 100644
--- a/init/main.c
+++ b/init/main.c
@@ -97,6 +97,8 @@ extern void radix_tree_init(void);
@@ -85965,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -85996,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644
return ret;
}
-@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename)
+@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(getname_kernel(init_filename),
@@ -86007,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644
}
static int try_to_run_init_process(const char *init_filename)
-@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename)
+@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename)
return ret;
}
@@ -86018,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644
static noinline void __init kernel_init_freeable(void);
static int __ref kernel_init(void *unused)
-@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused)
+@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused)
ramdisk_execute_command, ret);
}
@@ -86030,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644
/*
* We try each of these until one succeeds.
*
-@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -86039,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -89701,7 +89718,7 @@ index 14f9a8d..98ee610 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 4dae9cb..039ffbb 100644
+index 8c086e6..a52bc51 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -90706,7 +90723,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 0aae0fc..2ba2b81 100644
+index 515e212..268a828 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -93559,23 +93576,6 @@ index 539eeb9..e24a987 100644
error = 0;
if (end == start)
return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index 5b6b003..9b35da2 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
- {
- struct mem_cgroup_eventfd_list *ev;
-
-+ spin_lock(&memcg_oom_lock);
-+
- list_for_each_entry(ev, &memcg->oom_notify, list)
- eventfd_signal(ev->eventfd, 1);
-+
-+ spin_unlock(&memcg_oom_lock);
- return 0;
- }
-
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 33365e9..2234ef9 100644
--- a/mm/memory-failure.c
@@ -96220,7 +96220,7 @@ index 8740213..f87e25b 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index d013dba..d5ae30d 100644
+index 9f45f87..749bfd8 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -96233,7 +96233,7 @@ index d013dba..d5ae30d 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 7e7f947..254d009 100644
+index 62e400d..2072e4e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -98241,7 +98241,7 @@ index 876fbe8..8bbea9f 100644
#undef __HANDLE_ITEM
}
diff --git a/net/atm/lec.c b/net/atm/lec.c
-index 5a2f602..9396143 100644
+index 5a2f602..93961433 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry)
@@ -102123,28 +102123,6 @@ index 7932697..a13d158 100644
} while (!res);
return res;
}
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index ec66063..1e05bbd 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
diff --git a/3.14.15/4425_grsec_remove_EI_PAX.patch b/3.14.16/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.14.15/4425_grsec_remove_EI_PAX.patch
rename to 3.14.16/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.15/4427_force_XATTR_PAX_tmpfs.patch b/3.14.16/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.14.15/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.14.16/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.15/4430_grsec-remove-localversion-grsec.patch b/3.14.16/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.14.15/4430_grsec-remove-localversion-grsec.patch
rename to 3.14.16/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.15/4435_grsec-mute-warnings.patch b/3.14.16/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.14.15/4435_grsec-mute-warnings.patch
rename to 3.14.16/4435_grsec-mute-warnings.patch
diff --git a/3.14.15/4440_grsec-remove-protected-paths.patch b/3.14.16/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.14.15/4440_grsec-remove-protected-paths.patch
rename to 3.14.16/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.15/4450_grsec-kconfig-default-gids.patch b/3.14.16/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.14.15/4450_grsec-kconfig-default-gids.patch
rename to 3.14.16/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.15/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.16/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.14.15/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.14.16/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.15/4470_disable-compat_vdso.patch b/3.14.16/4470_disable-compat_vdso.patch
similarity index 98%
rename from 3.14.15/4470_disable-compat_vdso.patch
rename to 3.14.16/4470_disable-compat_vdso.patch
index 677174c..35a4840 100644
--- a/3.14.15/4470_disable-compat_vdso.patch
+++ b/3.14.16/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1841,17 +1841,8 @@
+@@ -1859,17 +1859,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.14.15/4475_emutramp_default_on.patch b/3.14.16/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.14.15/4475_emutramp_default_on.patch
rename to 3.14.16/4475_emutramp_default_on.patch
diff --git a/3.15.8/0000_README b/3.15.9/0000_README
similarity index 96%
rename from 3.15.8/0000_README
rename to 3.15.9/0000_README
index e6666ca..1b914bb 100644
--- a/3.15.8/0000_README
+++ b/3.15.9/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.15.8-201408040708.patch
+Patch: 4420_grsecurity-3.0-3.15.9-201408110025.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
similarity index 99%
rename from 3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch
rename to 3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
index 923c63e..eb185bb 100644
--- a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch
+++ b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
@@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index d5d9a22..998d19e 100644
+index 25b85ab..131efa3 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -313,10 +313,13 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -600,6 +601,72 @@ else
+@@ -600,6 +601,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -386,7 +389,7 @@ index d5d9a22..998d19e 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -818,7 +885,7 @@ export mod_sign_cmd
+@@ -818,7 +888,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -395,7 +398,7 @@ index d5d9a22..998d19e 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -867,6 +934,8 @@ endif
+@@ -867,6 +937,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -404,7 +407,7 @@ index d5d9a22..998d19e 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -876,7 +945,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -876,7 +948,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -413,7 +416,7 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -919,10 +988,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -919,10 +991,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -427,7 +430,7 @@ index d5d9a22..998d19e 100644
prepare: prepare0
# Generate some files
-@@ -1030,6 +1102,8 @@ all: modules
+@@ -1030,6 +1105,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -436,7 +439,7 @@ index d5d9a22..998d19e 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1045,7 +1119,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1045,7 +1122,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -445,7 +448,7 @@ index d5d9a22..998d19e 100644
# Target to install modules
PHONY += modules_install
-@@ -1111,7 +1185,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1111,7 +1188,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -457,7 +460,7 @@ index d5d9a22..998d19e 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1150,7 +1227,7 @@ distclean: mrproper
+@@ -1150,7 +1230,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -466,7 +469,7 @@ index d5d9a22..998d19e 100644
-type f -print | xargs rm -f
-@@ -1311,6 +1388,8 @@ PHONY += $(module-dirs) modules
+@@ -1311,6 +1391,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -475,7 +478,7 @@ index d5d9a22..998d19e 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1450,17 +1529,21 @@ else
+@@ -1450,17 +1532,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -501,7 +504,7 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1470,11 +1553,15 @@ endif
+@@ -1470,11 +1556,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -4367,7 +4370,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index b68c6b2..f66c492 100644
+index f15c22e..d830561 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,6 +39,22 @@
@@ -12309,7 +12312,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 512e45f..2d49d9d 100644
+index 1dd1408..be4ce12 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -127,7 +127,7 @@ config X86
@@ -12338,7 +12341,7 @@ index 512e45f..2d49d9d 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1055,6 +1056,7 @@ choice
+@@ -1072,6 +1073,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12346,7 +12349,7 @@ index 512e45f..2d49d9d 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1091,6 +1093,7 @@ config NOHIGHMEM
+@@ -1108,6 +1110,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12354,7 +12357,7 @@ index 512e45f..2d49d9d 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1143,7 +1146,7 @@ config PAGE_OFFSET
+@@ -1160,7 +1163,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12363,7 +12366,7 @@ index 512e45f..2d49d9d 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1556,6 +1559,7 @@ source kernel/Kconfig.hz
+@@ -1573,6 +1576,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12371,7 +12374,7 @@ index 512e45f..2d49d9d 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1707,7 +1711,9 @@ config X86_NEED_RELOCS
+@@ -1724,7 +1728,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12382,7 +12385,7 @@ index 512e45f..2d49d9d 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1790,6 +1796,7 @@ config COMPAT_VDSO
+@@ -1807,6 +1813,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -16835,7 +16838,7 @@ index b8237d8..3e8864e 100644
* Convert a virtual cached pointer to an uncached pointer
*/
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
-index bba3cf8..06bc8da 100644
+index 0a8b519..80e7d5b 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
@@ -18051,21 +18054,24 @@ index e22c1db..23a625a 100644
}
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index c883bf7..19970b3 100644
+index 7166e25..baaa6fe 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define MODULES_EXEC_VADDR MODULES_VADDR
+#define MODULES_EXEC_END MODULES_END
-+
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL)
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
+
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
-
++
#define EARLY_DYNAMIC_PAGE_TABLES 64
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index eb3d449..8d95316 100644
--- a/arch/x86/include/asm/pgtable_types.h
@@ -20361,7 +20367,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index f4d9600..b45af01 100644
+index 491ef3e..7da98ce 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -22034,7 +22040,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c87810b..413d83f 100644
+index c5a9cb9..228d280 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22393,7 +22399,7 @@ index c87810b..413d83f 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -577,14 +784,34 @@ ldt_ss:
+@@ -580,14 +787,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22431,7 +22437,7 @@ index c87810b..413d83f 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -613,20 +840,18 @@ work_resched:
+@@ -617,20 +844,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22454,7 +22460,7 @@ index c87810b..413d83f 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -647,7 +872,7 @@ work_notifysig_v86:
+@@ -651,7 +876,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22463,7 +22469,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -655,11 +880,14 @@ syscall_trace_entry:
+@@ -659,11 +884,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22479,7 +22485,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -672,26 +900,30 @@ syscall_exit_work:
+@@ -676,26 +904,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22514,9 +22520,9 @@ index c87810b..413d83f 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -707,8 +939,15 @@ END(syscall_badsys)
- * normal stack and adjusts ESP with the matching offset.
+@@ -712,8 +944,15 @@ END(syscall_badsys)
*/
+ #ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -22532,7 +22538,7 @@ index c87810b..413d83f 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -761,7 +1000,7 @@ vector=vector+1
+@@ -769,7 +1008,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22541,7 +22547,7 @@ index c87810b..413d83f 100644
.previous
END(interrupt)
-@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error)
+@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -22550,7 +22556,7 @@ index c87810b..413d83f 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -22559,7 +22565,7 @@ index c87810b..413d83f 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error)
+@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -22568,7 +22574,7 @@ index c87810b..413d83f 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -853,18 +1092,18 @@ ENTRY(device_not_available)
+@@ -861,18 +1100,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -22590,7 +22596,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(overflow)
-@@ -874,7 +1113,7 @@ ENTRY(overflow)
+@@ -882,7 +1121,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -22599,7 +22605,7 @@ index c87810b..413d83f 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -883,7 +1122,7 @@ ENTRY(bounds)
+@@ -891,7 +1130,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -22608,7 +22614,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -892,7 +1131,7 @@ ENTRY(invalid_op)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -22617,7 +22623,7 @@ index c87810b..413d83f 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -22626,7 +22632,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS)
+@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -22635,7 +22641,7 @@ index c87810b..413d83f 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -917,7 +1156,7 @@ ENTRY(segment_not_present)
+@@ -925,7 +1164,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -22644,7 +22650,7 @@ index c87810b..413d83f 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -925,7 +1164,7 @@ ENTRY(stack_segment)
+@@ -933,7 +1172,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -22653,7 +22659,7 @@ index c87810b..413d83f 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -933,7 +1172,7 @@ ENTRY(alignment_check)
+@@ -941,7 +1180,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -22662,7 +22668,7 @@ index c87810b..413d83f 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -942,7 +1181,7 @@ ENTRY(divide_error)
+@@ -950,7 +1189,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -22671,7 +22677,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -952,7 +1191,7 @@ ENTRY(machine_check)
+@@ -960,7 +1199,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -22680,7 +22686,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -22689,7 +22695,7 @@ index c87810b..413d83f 100644
/*
* End of kprobes section
*/
-@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -22698,7 +22704,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1105,7 +1344,7 @@ ftrace_graph_call:
+@@ -1113,7 +1352,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -22707,7 +22713,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1209,7 +1448,7 @@ trace:
+@@ -1217,7 +1456,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -22716,7 +22722,7 @@ index c87810b..413d83f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -22725,7 +22731,7 @@ index c87810b..413d83f 100644
.globl return_to_handler
return_to_handler:
-@@ -1293,15 +1532,18 @@ error_code:
+@@ -1301,15 +1540,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -22746,7 +22752,7 @@ index c87810b..413d83f 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1344,7 +1586,7 @@ debug_stack_correct:
+@@ -1352,7 +1594,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -22755,7 +22761,7 @@ index c87810b..413d83f 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1382,6 +1624,9 @@ nmi_stack_correct:
+@@ -1392,6 +1634,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -22765,7 +22771,7 @@ index c87810b..413d83f 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1418,12 +1663,15 @@ nmi_espfix_stack:
+@@ -1429,13 +1674,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -22776,13 +22782,14 @@ index c87810b..413d83f 100644
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+ #endif
CFI_ENDPROC
-END(nmi)
+ENDPROC(nmi)
ENTRY(int3)
RING0_INT_FRAME
-@@ -1436,14 +1684,14 @@ ENTRY(int3)
+@@ -1448,14 +1696,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -22799,7 +22806,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault)
+@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -22809,19 +22816,19 @@ index c87810b..413d83f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1e96c36..3ff710a 100644
+index 03cd2a8..05a9aed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -59,6 +59,8 @@
- #include <asm/context_tracking.h>
+@@ -60,6 +60,8 @@
#include <asm/smap.h>
+ #include <asm/pgtable_types.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -80,8 +82,9 @@
+@@ -81,8 +83,9 @@
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(function_hook)
@@ -22832,7 +22839,7 @@ index 1e96c36..3ff710a 100644
/* skip is set if stack has been adjusted */
.macro ftrace_caller_setup skip=0
-@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call)
+@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -22843,7 +22850,7 @@ index 1e96c36..3ff710a 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before compare (in SS location)*/
-@@ -191,7 +195,7 @@ ftrace_restore_flags:
+@@ -192,7 +196,7 @@ ftrace_restore_flags:
popfq
jmp ftrace_stub
@@ -22852,7 +22859,7 @@ index 1e96c36..3ff710a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -212,6 +216,7 @@ ENTRY(function_hook)
+@@ -213,6 +217,7 @@ ENTRY(function_hook)
#endif
GLOBAL(ftrace_stub)
@@ -22860,7 +22867,7 @@ index 1e96c36..3ff710a 100644
retq
trace:
-@@ -225,12 +230,13 @@ trace:
+@@ -226,12 +231,13 @@ trace:
#endif
subq $MCOUNT_INSN_SIZE, %rdi
@@ -22875,7 +22882,7 @@ index 1e96c36..3ff710a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller)
+@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -22886,7 +22893,7 @@ index 1e96c36..3ff710a 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -269,7 +276,9 @@ GLOBAL(return_to_handler)
+@@ -270,7 +277,9 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -22896,7 +22903,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
+@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23327,7 +23334,7 @@ index 1e96c36..3ff710a 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23336,7 +23343,7 @@ index 1e96c36..3ff710a 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23364,7 +23371,7 @@ index 1e96c36..3ff710a 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23404,7 +23411,7 @@ index 1e96c36..3ff710a 100644
je 1f
SWAPGS
/*
-@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23423,7 +23430,7 @@ index 1e96c36..3ff710a 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -514,9 +939,52 @@ ENTRY(save_paranoid)
+@@ -515,9 +940,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23478,7 +23485,7 @@ index 1e96c36..3ff710a 100644
.popsection
/*
-@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23487,7 +23494,7 @@ index 1e96c36..3ff710a 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork)
+@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23504,7 +23511,7 @@ index 1e96c36..3ff710a 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1059,7 @@ END(ret_from_fork)
+@@ -594,7 +1060,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23513,7 +23520,7 @@ index 1e96c36..3ff710a 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23539,7 +23546,7 @@ index 1e96c36..3ff710a 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -639,10 +1112,13 @@ sysret_check:
+@@ -640,10 +1113,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23554,7 +23561,7 @@ index 1e96c36..3ff710a 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -701,6 +1177,9 @@ auditsys:
+@@ -702,6 +1178,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -23564,7 +23571,7 @@ index 1e96c36..3ff710a 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -722,7 +1201,7 @@ sysret_audit:
+@@ -723,7 +1202,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -23573,7 +23580,7 @@ index 1e96c36..3ff710a 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1209,15 @@ tracesys:
+@@ -731,12 +1210,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -23590,7 +23597,7 @@ index 1e96c36..3ff710a 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -765,7 +1247,9 @@ GLOBAL(int_with_check)
+@@ -766,7 +1248,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23601,7 +23608,7 @@ index 1e96c36..3ff710a 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1295,7 @@ int_restore_rest:
+@@ -812,7 +1296,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23610,7 +23617,7 @@ index 1e96c36..3ff710a 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1308,10 @@ ENTRY(stub_\func)
+@@ -825,9 +1309,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23623,7 +23630,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1321,10 @@ ENTRY(\label)
+@@ -837,9 +1322,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23635,7 +23642,7 @@ index 1e96c36..3ff710a 100644
.endm
FORK_LIKE clone
-@@ -846,19 +1332,6 @@ END(\label)
+@@ -847,19 +1333,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23655,7 +23662,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -870,7 +1343,7 @@ ENTRY(stub_execve)
+@@ -871,7 +1344,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23664,7 +23671,7 @@ index 1e96c36..3ff710a 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23673,7 +23680,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23682,7 +23689,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve)
+@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23691,7 +23698,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -952,7 +1425,7 @@ vector=vector+1
+@@ -953,7 +1426,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23700,7 +23707,7 @@ index 1e96c36..3ff710a 100644
.previous
END(interrupt)
-@@ -969,8 +1442,8 @@ END(interrupt)
+@@ -970,8 +1443,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -23711,7 +23718,7 @@ index 1e96c36..3ff710a 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -997,14 +1470,14 @@ ret_from_intr:
+@@ -998,14 +1471,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -23730,7 +23737,7 @@ index 1e96c36..3ff710a 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */
+@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23747,16 +23754,32 @@ index 1e96c36..3ff710a 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel)
+@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel)
+ jmp exit_intr
#endif
-
CFI_ENDPROC
-END(common_interrupt)
+ENDPROC(common_interrupt)
- /*
- * End of kprobes section
- */
-@@ -1130,7 +1607,7 @@ ENTRY(\sym)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+@@ -1167,13 +1644,13 @@ __do_double_fault:
+ cmpq $native_irq_return_iret,%rax
+ jne do_double_fault /* This shouldn't happen... */
+ movq PER_CPU_VAR(kernel_stack),%rax
+- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
++ subq $(6*8),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+-END(__do_double_fault)
++ENDPROC(__do_double_fault)
+ #else
+ # define __do_double_fault do_double_fault
+ #endif
+@@ -1195,7 +1672,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -23765,7 +23788,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1218,7 +1695,7 @@ ENTRY(\sym)
+@@ -1283,7 +1760,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23774,7 +23797,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1236,10 +1713,10 @@ ENTRY(\sym)
+@@ -1301,10 +1778,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23787,7 +23810,7 @@ index 1e96c36..3ff710a 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,12 +1729,18 @@ ENTRY(\sym)
+@@ -1317,12 +1794,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -23807,7 +23830,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro errorentry sym do_sym
-@@ -1275,7 +1758,7 @@ ENTRY(\sym)
+@@ -1340,7 +1823,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23816,7 +23839,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1306,7 +1789,7 @@ ENTRY(\sym)
+@@ -1371,7 +1854,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23825,7 +23848,7 @@ index 1e96c36..3ff710a 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1336,9 +1819,10 @@ gs_change:
+@@ -1401,9 +1884,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -23837,7 +23860,7 @@ index 1e96c36..3ff710a 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -23849,7 +23872,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -23858,7 +23881,7 @@ index 1e96c36..3ff710a 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -23867,7 +23890,7 @@ index 1e96c36..3ff710a 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit)
+@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -23903,7 +23926,7 @@ index 1e96c36..3ff710a 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1557,7 +2057,7 @@ paranoid_schedule:
+@@ -1622,7 +2122,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -23912,7 +23935,7 @@ index 1e96c36..3ff710a 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1584,12 +2084,23 @@ ENTRY(error_entry)
+@@ -1649,12 +2149,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -23937,7 +23960,7 @@ index 1e96c36..3ff710a 100644
ret
/*
-@@ -1616,7 +2127,7 @@ bstep_iret:
+@@ -1681,7 +2192,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -23946,7 +23969,7 @@ index 1e96c36..3ff710a 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1627,7 +2138,7 @@ ENTRY(error_exit)
+@@ -1692,7 +2203,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -23955,7 +23978,7 @@ index 1e96c36..3ff710a 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1636,7 +2147,7 @@ ENTRY(error_exit)
+@@ -1701,7 +2212,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -23964,7 +23987,7 @@ index 1e96c36..3ff710a 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1694,9 +2205,11 @@ ENTRY(nmi)
+@@ -1759,9 +2270,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -23977,7 +24000,7 @@ index 1e96c36..3ff710a 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1730,8 +2243,7 @@ nested_nmi:
+@@ -1795,8 +2308,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -23987,7 +24010,7 @@ index 1e96c36..3ff710a 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1749,6 +2261,7 @@ nested_nmi_out:
+@@ -1814,6 +2326,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -23995,7 +24018,7 @@ index 1e96c36..3ff710a 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1845,13 +2358,13 @@ end_repeat_nmi:
+@@ -1910,13 +2423,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24011,7 +24034,7 @@ index 1e96c36..3ff710a 100644
DEFAULT_FRAME 0
/*
-@@ -1861,9 +2374,9 @@ end_repeat_nmi:
+@@ -1926,9 +2439,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24023,7 +24046,7 @@ index 1e96c36..3ff710a 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1872,31 +2385,36 @@ end_repeat_nmi:
+@@ -1937,31 +2450,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -24065,6 +24088,19 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
+diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
+index 94d857f..bf1f0bf 100644
+--- a/arch/x86/kernel/espfix_64.c
++++ b/arch/x86/kernel/espfix_64.c
+@@ -197,7 +197,7 @@ void init_espfix_ap(void)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+- ACCESS_ONCE(espfix_pages[page]) = stack_page;
++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
+
+ unlock_done:
+ mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 52819e8..b6d1dbd 100644
--- a/arch/x86/kernel/ftrace.c
@@ -25518,10 +25554,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index dcbbaa1..81ae763 100644
+index c37886d..d851d32 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -25537,7 +25573,7 @@ index dcbbaa1..81ae763 100644
#endif
}
if (oldsize) {
-@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -25546,7 +25582,7 @@ index dcbbaa1..81ae763 100644
return 0;
}
-@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -25571,7 +25607,7 @@ index dcbbaa1..81ae763 100644
return retval;
}
-@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -25582,9 +25618,9 @@ index dcbbaa1..81ae763 100644
+ }
+#endif
+
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27020,7 +27056,7 @@ index be8e1bd..a3d93fa 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index ae2fd975..c0c8d10 100644
+index 5492798..a3bd4f2 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -230,14 +230,17 @@ static void notrace start_secondary(void *unused)
@@ -27045,7 +27081,7 @@ index ae2fd975..c0c8d10 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -757,8 +760,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -764,8 +767,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27056,7 +27092,7 @@ index ae2fd975..c0c8d10 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -767,10 +771,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -774,10 +778,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
#endif
@@ -27070,7 +27106,7 @@ index ae2fd975..c0c8d10 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -916,6 +920,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -923,6 +927,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35376,7 +35412,7 @@ index c580d12..0a0ba35 100644
GCOV_PROFILE := n
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index 310c5f0..766d0a7 100644
+index 3adf2e6..a0b5576 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -29,6 +29,7 @@
@@ -35387,7 +35423,7 @@ index 310c5f0..766d0a7 100644
#ifdef CONFIG_COMPAT_VDSO
#define VDSO_DEFAULT 0
-@@ -99,7 +100,7 @@ void syscall32_cpu_init(void)
+@@ -98,7 +99,7 @@ void syscall32_cpu_init(void)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35396,7 +35432,7 @@ index 310c5f0..766d0a7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -167,7 +168,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -166,7 +167,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
down_write(&mm->mmap_sem);
@@ -35405,7 +35441,7 @@ index 310c5f0..766d0a7 100644
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
-@@ -175,7 +176,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -174,7 +175,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
addr += VDSO_OFFSET(VDSO_PREV_PAGES);
@@ -35414,7 +35450,7 @@ index 310c5f0..766d0a7 100644
/*
* MAYWRITE to allow gdb to COW and set breakpoints
-@@ -224,11 +225,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -223,11 +224,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
#endif
current_thread_info()->sysenter_return =
@@ -35428,7 +35464,7 @@ index 310c5f0..766d0a7 100644
up_write(&mm->mmap_sem);
-@@ -282,8 +283,14 @@ __initcall(ia32_binfmt_init);
+@@ -274,8 +275,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -36118,26 +36154,6 @@ index 2648797..92ed21f 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index 966f893..6a3ad80 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -21,6 +21,7 @@
- #include <linux/module.h>
- #include <linux/net.h>
- #include <linux/rwsem.h>
-+#include <linux/security.h>
-
- struct alg_type_list {
- const struct af_alg_type *type;
-@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
-
- sock_init_data(newsock, sk2);
- sock_graft(sk2, newsock);
-+ security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
- if (err) {
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -40395,7 +40411,7 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index b91dfbe..b7fb16d 100644
+index c83eb75..d205e5b2 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -11179,13 +11179,13 @@ struct intel_quirk {
@@ -49893,25 +49909,10 @@ index 88d46fe..7351be5 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 9db097a..c4ccdef 100644
+index d99ab3b..c4ccdef 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -806,6 +806,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
- scsi_next_command(cmd);
- return;
- }
-+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) {
-+ /*
-+ * Certain non BLOCK_PC requests are commands that don't
-+ * actually transfer anything (FLUSH), so cannot use
-+ * good_bytes != blk_rq_bytes(req) as the signal for an error.
-+ * This sets the error explicitly for the problem case.
-+ */
-+ error = __scsi_error_from_host_byte(cmd, result);
- }
-
- /* no bidi support for !REQ_TYPE_BLOCK_PC yet */
-@@ -1464,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1472,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -49920,7 +49921,7 @@ index 9db097a..c4ccdef 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1490,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1498,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -62604,6 +62605,19 @@ index c79f3e7..d61d671 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
+index 8f854dd..d0fec26 100644
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
+ char *p = data + *result;
+
+ acl = get_acl(inode, type);
+- if (!acl)
++ if (IS_ERR_OR_NULL(acl))
+ return 0;
+
+ posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 95e3720..46c23fa 100644
--- a/fs/nfsd/nfs4proc.c
@@ -62998,7 +63012,7 @@ index a7cdd56..c583144 100644
/* Copy the blockcheck stats from the superblock probe */
osb->osb_ecc_stats = *stats;
diff --git a/fs/open.c b/fs/open.c
-index 9d64679..75f925c 100644
+index dd24f21..c1f4b3a 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -32,6 +32,8 @@
@@ -63028,7 +63042,7 @@ index 9d64679..75f925c 100644
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
sb_end_write(inode->i_sb);
-@@ -381,6 +387,9 @@ retry:
+@@ -380,6 +386,9 @@ retry:
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
@@ -63038,7 +63052,7 @@ index 9d64679..75f925c 100644
out_path_release:
path_put(&path);
if (retry_estale(res, lookup_flags)) {
-@@ -412,6 +421,8 @@ retry:
+@@ -411,6 +420,8 @@ retry:
if (error)
goto dput_and_out;
@@ -63047,7 +63061,7 @@ index 9d64679..75f925c 100644
set_fs_pwd(current->fs, &path);
dput_and_out:
-@@ -441,6 +452,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
+@@ -440,6 +451,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
goto out_putf;
error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
@@ -63061,7 +63075,7 @@ index 9d64679..75f925c 100644
if (!error)
set_fs_pwd(current->fs, &f.file->f_path);
out_putf:
-@@ -470,7 +488,13 @@ retry:
+@@ -469,7 +487,13 @@ retry:
if (error)
goto dput_and_out;
@@ -63075,7 +63089,7 @@ index 9d64679..75f925c 100644
error = 0;
dput_and_out:
path_put(&path);
-@@ -494,6 +518,16 @@ static int chmod_common(struct path *path, umode_t mode)
+@@ -493,6 +517,16 @@ static int chmod_common(struct path *path, umode_t mode)
return error;
retry_deleg:
mutex_lock(&inode->i_mutex);
@@ -63092,7 +63106,7 @@ index 9d64679..75f925c 100644
error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
-@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
+@@ -558,6 +592,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
@@ -63102,7 +63116,7 @@ index 9d64679..75f925c 100644
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
-@@ -978,6 +1015,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -977,6 +1014,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
} else {
fsnotify_open(f);
fd_install(fd, f);
@@ -79940,10 +79954,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..13ac2e2
+index 0000000..e6d120f
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,252 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -79955,6 +79969,9 @@ index 0000000..13ac2e2
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -81876,7 +81893,7 @@ index de83b4e..c4b997d 100644
#define preempt_set_need_resched() \
do { \
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index 8752f75..2b80c0f 100644
+index 7847301..29cd406 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -110,6 +110,8 @@ static inline __printf(1, 2) __cold
@@ -85394,7 +85411,7 @@ index a8497fa..35b3c90 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 48655ce..d0113e4 100644
+index eb0ea86..b91cd60 100644
--- a/init/main.c
+++ b/init/main.c
@@ -97,6 +97,8 @@ extern void radix_tree_init(void);
@@ -85482,7 +85499,7 @@ index 48655ce..d0113e4 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -85513,7 +85530,7 @@ index 48655ce..d0113e4 100644
return ret;
}
-@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename)
+@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(getname_kernel(init_filename),
@@ -85524,7 +85541,7 @@ index 48655ce..d0113e4 100644
}
static int try_to_run_init_process(const char *init_filename)
-@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename)
+@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename)
return ret;
}
@@ -85535,7 +85552,7 @@ index 48655ce..d0113e4 100644
static noinline void __init kernel_init_freeable(void);
static int __ref kernel_init(void *unused)
-@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused)
+@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused)
ramdisk_execute_command, ret);
}
@@ -85547,7 +85564,7 @@ index 48655ce..d0113e4 100644
/*
* We try each of these until one succeeds.
*
-@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -85556,7 +85573,7 @@ index 48655ce..d0113e4 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -89239,7 +89256,7 @@ index 14f9a8d..98ee610 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 221229c..c76ca0a 100644
+index 63594be..8444e0f 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -90271,7 +90288,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 084d17f..e416b9f 100644
+index 8da7e49..ef10a02 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -93127,23 +93144,6 @@ index a402f8f..f5e5daa 100644
error = 0;
if (end == start)
return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index 67c927a..fe99d96 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -5544,8 +5544,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
- {
- struct mem_cgroup_eventfd_list *ev;
-
-+ spin_lock(&memcg_oom_lock);
-+
- list_for_each_entry(ev, &memcg->oom_notify, list)
- eventfd_signal(ev->eventfd, 1);
-+
-+ spin_unlock(&memcg_oom_lock);
- return 0;
- }
-
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index eb8fb72..ae36cf3 100644
--- a/mm/memory-failure.c
@@ -95813,7 +95813,7 @@ index 431fd7c..8674512 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 154af21..86e447f 100644
+index f972182..e7f7c07 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -95826,7 +95826,7 @@ index 154af21..86e447f 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index d64f5f9..9005ab5 100644
+index e98306f..3311d5e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -101970,28 +101970,6 @@ index 3397fe6..861fd1a 100644
}
if (inet->cmsg_flags)
ip_cmsg_recv(msg, skb);
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index 950909f..13752d9 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1365,7 +1365,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1491,7 +1491,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
diff --git a/3.15.8/4425_grsec_remove_EI_PAX.patch b/3.15.9/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.15.8/4425_grsec_remove_EI_PAX.patch
rename to 3.15.9/4425_grsec_remove_EI_PAX.patch
diff --git a/3.15.8/4427_force_XATTR_PAX_tmpfs.patch b/3.15.9/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.15.8/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.15.9/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.15.8/4430_grsec-remove-localversion-grsec.patch b/3.15.9/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.15.8/4430_grsec-remove-localversion-grsec.patch
rename to 3.15.9/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.15.8/4435_grsec-mute-warnings.patch b/3.15.9/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.15.8/4435_grsec-mute-warnings.patch
rename to 3.15.9/4435_grsec-mute-warnings.patch
diff --git a/3.15.8/4440_grsec-remove-protected-paths.patch b/3.15.9/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.15.8/4440_grsec-remove-protected-paths.patch
rename to 3.15.9/4440_grsec-remove-protected-paths.patch
diff --git a/3.15.8/4450_grsec-kconfig-default-gids.patch b/3.15.9/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.15.8/4450_grsec-kconfig-default-gids.patch
rename to 3.15.9/4450_grsec-kconfig-default-gids.patch
diff --git a/3.15.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.9/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.15.8/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.15.9/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.15.8/4470_disable-compat_vdso.patch b/3.15.9/4470_disable-compat_vdso.patch
similarity index 99%
rename from 3.15.8/4470_disable-compat_vdso.patch
rename to 3.15.9/4470_disable-compat_vdso.patch
index 7852848..0215f1e 100644
--- a/3.15.8/4470_disable-compat_vdso.patch
+++ b/3.15.9/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1793,29 +1793,8 @@
+@@ -1811,29 +1811,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.15.8/4475_emutramp_default_on.patch b/3.15.9/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.15.8/4475_emutramp_default_on.patch
rename to 3.15.9/4475_emutramp_default_on.patch
diff --git a/3.2.61/0000_README b/3.2.62/0000_README
similarity index 97%
rename from 3.2.61/0000_README
rename to 3.2.62/0000_README
index c3587c8..aed2e0b 100644
--- a/3.2.61/0000_README
+++ b/3.2.62/0000_README
@@ -162,7 +162,11 @@ Patch: 1060_linux-3.2.61.patch
From: http://www.kernel.org
Desc: Linux 3.2.61
-Patch: 4420_grsecurity-3.0-3.2.61-201408032011.patch
+Patch: 1061_linux-3.2.62.patch
+From: http://www.kernel.org
+Desc: Linux 3.2.62
+
+Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.61/1021_linux-3.2.22.patch b/3.2.62/1021_linux-3.2.22.patch
similarity index 100%
rename from 3.2.61/1021_linux-3.2.22.patch
rename to 3.2.62/1021_linux-3.2.22.patch
diff --git a/3.2.61/1022_linux-3.2.23.patch b/3.2.62/1022_linux-3.2.23.patch
similarity index 100%
rename from 3.2.61/1022_linux-3.2.23.patch
rename to 3.2.62/1022_linux-3.2.23.patch
diff --git a/3.2.61/1023_linux-3.2.24.patch b/3.2.62/1023_linux-3.2.24.patch
similarity index 100%
rename from 3.2.61/1023_linux-3.2.24.patch
rename to 3.2.62/1023_linux-3.2.24.patch
diff --git a/3.2.61/1024_linux-3.2.25.patch b/3.2.62/1024_linux-3.2.25.patch
similarity index 100%
rename from 3.2.61/1024_linux-3.2.25.patch
rename to 3.2.62/1024_linux-3.2.25.patch
diff --git a/3.2.61/1025_linux-3.2.26.patch b/3.2.62/1025_linux-3.2.26.patch
similarity index 100%
rename from 3.2.61/1025_linux-3.2.26.patch
rename to 3.2.62/1025_linux-3.2.26.patch
diff --git a/3.2.61/1026_linux-3.2.27.patch b/3.2.62/1026_linux-3.2.27.patch
similarity index 100%
rename from 3.2.61/1026_linux-3.2.27.patch
rename to 3.2.62/1026_linux-3.2.27.patch
diff --git a/3.2.61/1027_linux-3.2.28.patch b/3.2.62/1027_linux-3.2.28.patch
similarity index 100%
rename from 3.2.61/1027_linux-3.2.28.patch
rename to 3.2.62/1027_linux-3.2.28.patch
diff --git a/3.2.61/1028_linux-3.2.29.patch b/3.2.62/1028_linux-3.2.29.patch
similarity index 100%
rename from 3.2.61/1028_linux-3.2.29.patch
rename to 3.2.62/1028_linux-3.2.29.patch
diff --git a/3.2.61/1029_linux-3.2.30.patch b/3.2.62/1029_linux-3.2.30.patch
similarity index 100%
rename from 3.2.61/1029_linux-3.2.30.patch
rename to 3.2.62/1029_linux-3.2.30.patch
diff --git a/3.2.61/1030_linux-3.2.31.patch b/3.2.62/1030_linux-3.2.31.patch
similarity index 100%
rename from 3.2.61/1030_linux-3.2.31.patch
rename to 3.2.62/1030_linux-3.2.31.patch
diff --git a/3.2.61/1031_linux-3.2.32.patch b/3.2.62/1031_linux-3.2.32.patch
similarity index 100%
rename from 3.2.61/1031_linux-3.2.32.patch
rename to 3.2.62/1031_linux-3.2.32.patch
diff --git a/3.2.61/1032_linux-3.2.33.patch b/3.2.62/1032_linux-3.2.33.patch
similarity index 100%
rename from 3.2.61/1032_linux-3.2.33.patch
rename to 3.2.62/1032_linux-3.2.33.patch
diff --git a/3.2.61/1033_linux-3.2.34.patch b/3.2.62/1033_linux-3.2.34.patch
similarity index 100%
rename from 3.2.61/1033_linux-3.2.34.patch
rename to 3.2.62/1033_linux-3.2.34.patch
diff --git a/3.2.61/1034_linux-3.2.35.patch b/3.2.62/1034_linux-3.2.35.patch
similarity index 100%
rename from 3.2.61/1034_linux-3.2.35.patch
rename to 3.2.62/1034_linux-3.2.35.patch
diff --git a/3.2.61/1035_linux-3.2.36.patch b/3.2.62/1035_linux-3.2.36.patch
similarity index 100%
rename from 3.2.61/1035_linux-3.2.36.patch
rename to 3.2.62/1035_linux-3.2.36.patch
diff --git a/3.2.61/1036_linux-3.2.37.patch b/3.2.62/1036_linux-3.2.37.patch
similarity index 100%
rename from 3.2.61/1036_linux-3.2.37.patch
rename to 3.2.62/1036_linux-3.2.37.patch
diff --git a/3.2.61/1037_linux-3.2.38.patch b/3.2.62/1037_linux-3.2.38.patch
similarity index 100%
rename from 3.2.61/1037_linux-3.2.38.patch
rename to 3.2.62/1037_linux-3.2.38.patch
diff --git a/3.2.61/1038_linux-3.2.39.patch b/3.2.62/1038_linux-3.2.39.patch
similarity index 100%
rename from 3.2.61/1038_linux-3.2.39.patch
rename to 3.2.62/1038_linux-3.2.39.patch
diff --git a/3.2.61/1039_linux-3.2.40.patch b/3.2.62/1039_linux-3.2.40.patch
similarity index 100%
rename from 3.2.61/1039_linux-3.2.40.patch
rename to 3.2.62/1039_linux-3.2.40.patch
diff --git a/3.2.61/1040_linux-3.2.41.patch b/3.2.62/1040_linux-3.2.41.patch
similarity index 100%
rename from 3.2.61/1040_linux-3.2.41.patch
rename to 3.2.62/1040_linux-3.2.41.patch
diff --git a/3.2.61/1041_linux-3.2.42.patch b/3.2.62/1041_linux-3.2.42.patch
similarity index 100%
rename from 3.2.61/1041_linux-3.2.42.patch
rename to 3.2.62/1041_linux-3.2.42.patch
diff --git a/3.2.61/1042_linux-3.2.43.patch b/3.2.62/1042_linux-3.2.43.patch
similarity index 100%
rename from 3.2.61/1042_linux-3.2.43.patch
rename to 3.2.62/1042_linux-3.2.43.patch
diff --git a/3.2.61/1043_linux-3.2.44.patch b/3.2.62/1043_linux-3.2.44.patch
similarity index 100%
rename from 3.2.61/1043_linux-3.2.44.patch
rename to 3.2.62/1043_linux-3.2.44.patch
diff --git a/3.2.61/1044_linux-3.2.45.patch b/3.2.62/1044_linux-3.2.45.patch
similarity index 100%
rename from 3.2.61/1044_linux-3.2.45.patch
rename to 3.2.62/1044_linux-3.2.45.patch
diff --git a/3.2.61/1045_linux-3.2.46.patch b/3.2.62/1045_linux-3.2.46.patch
similarity index 100%
rename from 3.2.61/1045_linux-3.2.46.patch
rename to 3.2.62/1045_linux-3.2.46.patch
diff --git a/3.2.61/1046_linux-3.2.47.patch b/3.2.62/1046_linux-3.2.47.patch
similarity index 100%
rename from 3.2.61/1046_linux-3.2.47.patch
rename to 3.2.62/1046_linux-3.2.47.patch
diff --git a/3.2.61/1047_linux-3.2.48.patch b/3.2.62/1047_linux-3.2.48.patch
similarity index 100%
rename from 3.2.61/1047_linux-3.2.48.patch
rename to 3.2.62/1047_linux-3.2.48.patch
diff --git a/3.2.61/1048_linux-3.2.49.patch b/3.2.62/1048_linux-3.2.49.patch
similarity index 100%
rename from 3.2.61/1048_linux-3.2.49.patch
rename to 3.2.62/1048_linux-3.2.49.patch
diff --git a/3.2.61/1049_linux-3.2.50.patch b/3.2.62/1049_linux-3.2.50.patch
similarity index 100%
rename from 3.2.61/1049_linux-3.2.50.patch
rename to 3.2.62/1049_linux-3.2.50.patch
diff --git a/3.2.61/1050_linux-3.2.51.patch b/3.2.62/1050_linux-3.2.51.patch
similarity index 100%
rename from 3.2.61/1050_linux-3.2.51.patch
rename to 3.2.62/1050_linux-3.2.51.patch
diff --git a/3.2.61/1051_linux-3.2.52.patch b/3.2.62/1051_linux-3.2.52.patch
similarity index 100%
rename from 3.2.61/1051_linux-3.2.52.patch
rename to 3.2.62/1051_linux-3.2.52.patch
diff --git a/3.2.61/1052_linux-3.2.53.patch b/3.2.62/1052_linux-3.2.53.patch
similarity index 100%
rename from 3.2.61/1052_linux-3.2.53.patch
rename to 3.2.62/1052_linux-3.2.53.patch
diff --git a/3.2.61/1053_linux-3.2.54.patch b/3.2.62/1053_linux-3.2.54.patch
similarity index 100%
rename from 3.2.61/1053_linux-3.2.54.patch
rename to 3.2.62/1053_linux-3.2.54.patch
diff --git a/3.2.61/1054_linux-3.2.55.patch b/3.2.62/1054_linux-3.2.55.patch
similarity index 100%
rename from 3.2.61/1054_linux-3.2.55.patch
rename to 3.2.62/1054_linux-3.2.55.patch
diff --git a/3.2.61/1055_linux-3.2.56.patch b/3.2.62/1055_linux-3.2.56.patch
similarity index 100%
rename from 3.2.61/1055_linux-3.2.56.patch
rename to 3.2.62/1055_linux-3.2.56.patch
diff --git a/3.2.61/1056_linux-3.2.57.patch b/3.2.62/1056_linux-3.2.57.patch
similarity index 100%
rename from 3.2.61/1056_linux-3.2.57.patch
rename to 3.2.62/1056_linux-3.2.57.patch
diff --git a/3.2.61/1057_linux-3.2.58.patch b/3.2.62/1057_linux-3.2.58.patch
similarity index 100%
rename from 3.2.61/1057_linux-3.2.58.patch
rename to 3.2.62/1057_linux-3.2.58.patch
diff --git a/3.2.61/1058_linux-3.2.59.patch b/3.2.62/1058_linux-3.2.59.patch
similarity index 100%
rename from 3.2.61/1058_linux-3.2.59.patch
rename to 3.2.62/1058_linux-3.2.59.patch
diff --git a/3.2.61/1059_linux-3.2.60.patch b/3.2.62/1059_linux-3.2.60.patch
similarity index 100%
rename from 3.2.61/1059_linux-3.2.60.patch
rename to 3.2.62/1059_linux-3.2.60.patch
diff --git a/3.2.61/1060_linux-3.2.61.patch b/3.2.62/1060_linux-3.2.61.patch
similarity index 100%
rename from 3.2.61/1060_linux-3.2.61.patch
rename to 3.2.62/1060_linux-3.2.61.patch
diff --git a/3.2.62/1061_linux-3.2.62.patch b/3.2.62/1061_linux-3.2.62.patch
new file mode 100644
index 0000000..34217f0
--- /dev/null
+++ b/3.2.62/1061_linux-3.2.62.patch
@@ -0,0 +1,3129 @@
+diff --git a/Makefile b/Makefile
+index f8b642d..30a5c65 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 2
+-SUBLEVEL = 61
++SUBLEVEL = 62
+ EXTRAVERSION =
+ NAME = Saber-toothed Squirrel
+
+diff --git a/arch/alpha/include/asm/io.h b/arch/alpha/include/asm/io.h
+index 56ff965..6365ef2 100644
+--- a/arch/alpha/include/asm/io.h
++++ b/arch/alpha/include/asm/io.h
+@@ -490,6 +490,11 @@ extern inline void writeq(u64 b, volatile void __iomem *addr)
+ }
+ #endif
+
++#define ioread16be(p) be16_to_cpu(ioread16(p))
++#define ioread32be(p) be32_to_cpu(ioread32(p))
++#define iowrite16be(v,p) iowrite16(cpu_to_be16(v), (p))
++#define iowrite32be(v,p) iowrite32(cpu_to_be32(v), (p))
++
+ #define inb_p inb
+ #define inw_p inw
+ #define inl_p inl
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index 790ea68..082bd36 100644
+--- a/arch/arm/Kconfig
++++ b/arch/arm/Kconfig
+@@ -1,6 +1,7 @@
+ config ARM
+ bool
+ default y
++ select ARCH_SUPPORTS_ATOMIC_RMW
+ select HAVE_DMA_API_DEBUG
+ select HAVE_IDE if PCI || ISA || PCMCIA
+ select HAVE_MEMBLOCK
+diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S
+index 650d5923..94b0650 100644
+--- a/arch/arm/lib/memset.S
++++ b/arch/arm/lib/memset.S
+@@ -14,27 +14,15 @@
+
+ .text
+ .align 5
+- .word 0
+-
+-1: subs r2, r2, #4 @ 1 do we have enough
+- blt 5f @ 1 bytes to align with?
+- cmp r3, #2 @ 1
+- strltb r1, [r0], #1 @ 1
+- strleb r1, [r0], #1 @ 1
+- strb r1, [r0], #1 @ 1
+- add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3))
+-/*
+- * The pointer is now aligned and the length is adjusted. Try doing the
+- * memset again.
+- */
+
+ ENTRY(memset)
+ ands r3, r0, #3 @ 1 unaligned?
+- bne 1b @ 1
++ mov ip, r0 @ preserve r0 as return value
++ bne 6f @ 1
+ /*
+- * we know that the pointer in r0 is aligned to a word boundary.
++ * we know that the pointer in ip is aligned to a word boundary.
+ */
+- orr r1, r1, r1, lsl #8
++1: orr r1, r1, r1, lsl #8
+ orr r1, r1, r1, lsl #16
+ mov r3, r1
+ cmp r2, #16
+@@ -43,29 +31,28 @@ ENTRY(memset)
+ #if ! CALGN(1)+0
+
+ /*
+- * We need an extra register for this loop - save the return address and
+- * use the LR
++ * We need 2 extra registers for this loop - use r8 and the LR
+ */
+- str lr, [sp, #-4]!
+- mov ip, r1
++ stmfd sp!, {r8, lr}
++ mov r8, r1
+ mov lr, r1
+
+ 2: subs r2, r2, #64
+- stmgeia r0!, {r1, r3, ip, lr} @ 64 bytes at a time.
+- stmgeia r0!, {r1, r3, ip, lr}
+- stmgeia r0!, {r1, r3, ip, lr}
+- stmgeia r0!, {r1, r3, ip, lr}
++ stmgeia ip!, {r1, r3, r8, lr} @ 64 bytes at a time.
++ stmgeia ip!, {r1, r3, r8, lr}
++ stmgeia ip!, {r1, r3, r8, lr}
++ stmgeia ip!, {r1, r3, r8, lr}
+ bgt 2b
+- ldmeqfd sp!, {pc} @ Now <64 bytes to go.
++ ldmeqfd sp!, {r8, pc} @ Now <64 bytes to go.
+ /*
+ * No need to correct the count; we're only testing bits from now on
+ */
+ tst r2, #32
+- stmneia r0!, {r1, r3, ip, lr}
+- stmneia r0!, {r1, r3, ip, lr}
++ stmneia ip!, {r1, r3, r8, lr}
++ stmneia ip!, {r1, r3, r8, lr}
+ tst r2, #16
+- stmneia r0!, {r1, r3, ip, lr}
+- ldr lr, [sp], #4
++ stmneia ip!, {r1, r3, r8, lr}
++ ldmfd sp!, {r8, lr}
+
+ #else
+
+@@ -74,54 +61,63 @@ ENTRY(memset)
+ * whole cache lines at once.
+ */
+
+- stmfd sp!, {r4-r7, lr}
++ stmfd sp!, {r4-r8, lr}
+ mov r4, r1
+ mov r5, r1
+ mov r6, r1
+ mov r7, r1
+- mov ip, r1
++ mov r8, r1
+ mov lr, r1
+
+ cmp r2, #96
+- tstgt r0, #31
++ tstgt ip, #31
+ ble 3f
+
+- and ip, r0, #31
+- rsb ip, ip, #32
+- sub r2, r2, ip
+- movs ip, ip, lsl #(32 - 4)
+- stmcsia r0!, {r4, r5, r6, r7}
+- stmmiia r0!, {r4, r5}
+- tst ip, #(1 << 30)
+- mov ip, r1
+- strne r1, [r0], #4
++ and r8, ip, #31
++ rsb r8, r8, #32
++ sub r2, r2, r8
++ movs r8, r8, lsl #(32 - 4)
++ stmcsia ip!, {r4, r5, r6, r7}
++ stmmiia ip!, {r4, r5}
++ tst r8, #(1 << 30)
++ mov r8, r1
++ strne r1, [ip], #4
+
+ 3: subs r2, r2, #64
+- stmgeia r0!, {r1, r3-r7, ip, lr}
+- stmgeia r0!, {r1, r3-r7, ip, lr}
++ stmgeia ip!, {r1, r3-r8, lr}
++ stmgeia ip!, {r1, r3-r8, lr}
+ bgt 3b
+- ldmeqfd sp!, {r4-r7, pc}
++ ldmeqfd sp!, {r4-r8, pc}
+
+ tst r2, #32
+- stmneia r0!, {r1, r3-r7, ip, lr}
++ stmneia ip!, {r1, r3-r8, lr}
+ tst r2, #16
+- stmneia r0!, {r4-r7}
+- ldmfd sp!, {r4-r7, lr}
++ stmneia ip!, {r4-r7}
++ ldmfd sp!, {r4-r8, lr}
+
+ #endif
+
+ 4: tst r2, #8
+- stmneia r0!, {r1, r3}
++ stmneia ip!, {r1, r3}
+ tst r2, #4
+- strne r1, [r0], #4
++ strne r1, [ip], #4
+ /*
+ * When we get here, we've got less than 4 bytes to zero. We
+ * may have an unaligned pointer as well.
+ */
+ 5: tst r2, #2
+- strneb r1, [r0], #1
+- strneb r1, [r0], #1
++ strneb r1, [ip], #1
++ strneb r1, [ip], #1
+ tst r2, #1
+- strneb r1, [r0], #1
++ strneb r1, [ip], #1
+ mov pc, lr
++
++6: subs r2, r2, #4 @ 1 do we have enough
++ blt 5b @ 1 bytes to align with?
++ cmp r3, #2 @ 1
++ strltb r1, [ip], #1 @ 1
++ strleb r1, [ip], #1 @ 1
++ strb r1, [ip], #1 @ 1
++ add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3))
++ b 1b
+ ENDPROC(memset)
+diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
+index 655e948..449f955 100644
+--- a/arch/arm/mach-omap2/mux.c
++++ b/arch/arm/mach-omap2/mux.c
+@@ -182,8 +182,10 @@ static int __init _omap_mux_get_by_name(struct omap_mux_partition *partition,
+ m0_entry = mux->muxnames[0];
+
+ /* First check for full name in mode0.muxmode format */
+- if (mode0_len && strncmp(muxname, m0_entry, mode0_len))
+- continue;
++ if (mode0_len)
++ if (strncmp(muxname, m0_entry, mode0_len) ||
++ (strlen(m0_entry) != mode0_len))
++ continue;
+
+ /* Then check for muxmode only */
+ for (i = 0; i < OMAP_MUX_NR_MODES; i++) {
+diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
+index 16ef838..bec952d 100644
+--- a/arch/powerpc/Kconfig
++++ b/arch/powerpc/Kconfig
+@@ -137,6 +137,7 @@ config PPC
+ select HAVE_BPF_JIT if (PPC64 && NET)
+ select HAVE_ARCH_JUMP_LABEL
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config EARLY_PRINTK
+ bool
+diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
+index afe82bc..b76230b 100644
+--- a/arch/s390/kernel/ptrace.c
++++ b/arch/s390/kernel/ptrace.c
+@@ -292,7 +292,9 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data)
+ * psw and gprs are stored on the stack
+ */
+ if (addr == (addr_t) &dummy->regs.psw.mask &&
+- ((data & ~PSW_MASK_USER) != psw_user_bits ||
++ (((data^psw_user_bits) & ~PSW_MASK_USER) ||
++ (((data^psw_user_bits) & PSW_MASK_ASC) &&
++ ((data|psw_user_bits) & PSW_MASK_ASC) == PSW_MASK_ASC) ||
+ ((data & PSW_MASK_EA) && !(data & PSW_MASK_BA))))
+ /* Invalid psw mask. */
+ return -EINVAL;
+@@ -595,7 +597,10 @@ static int __poke_user_compat(struct task_struct *child,
+ */
+ if (addr == (addr_t) &dummy32->regs.psw.mask) {
+ /* Build a 64 bit psw mask from 31 bit mask. */
+- if ((tmp & ~PSW32_MASK_USER) != psw32_user_bits)
++ if (((tmp^psw32_user_bits) & ~PSW32_MASK_USER) ||
++ (((tmp^psw32_user_bits) & PSW32_MASK_ASC) &&
++ ((tmp|psw32_user_bits) & PSW32_MASK_ASC)
++ == PSW32_MASK_ASC))
+ /* Invalid psw mask. */
+ return -EINVAL;
+ regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) |
+diff --git a/arch/score/Kconfig b/arch/score/Kconfig
+index df169e8..beb9f21 100644
+--- a/arch/score/Kconfig
++++ b/arch/score/Kconfig
+@@ -108,3 +108,6 @@ source "security/Kconfig"
+ source "crypto/Kconfig"
+
+ source "lib/Kconfig"
++
++config NO_IOMEM
++ def_bool y
+diff --git a/arch/score/include/asm/io.h b/arch/score/include/asm/io.h
+index fbbfd71..574c8827 100644
+--- a/arch/score/include/asm/io.h
++++ b/arch/score/include/asm/io.h
+@@ -5,5 +5,4 @@
+
+ #define virt_to_bus virt_to_phys
+ #define bus_to_virt phys_to_virt
+-
+ #endif /* _ASM_SCORE_IO_H */
+diff --git a/arch/score/include/asm/pgalloc.h b/arch/score/include/asm/pgalloc.h
+index 059a61b..716b3fd 100644
+--- a/arch/score/include/asm/pgalloc.h
++++ b/arch/score/include/asm/pgalloc.h
+@@ -2,7 +2,7 @@
+ #define _ASM_SCORE_PGALLOC_H
+
+ #include <linux/mm.h>
+-
++#include <linux/highmem.h>
+ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
+ pte_t *pte)
+ {
+diff --git a/arch/score/kernel/entry.S b/arch/score/kernel/entry.S
+index 83bb960..89702ac 100644
+--- a/arch/score/kernel/entry.S
++++ b/arch/score/kernel/entry.S
+@@ -264,7 +264,7 @@ resume_kernel:
+ disable_irq
+ lw r8, [r28, TI_PRE_COUNT]
+ cmpz.c r8
+- bne r8, restore_all
++ bne restore_all
+ need_resched:
+ lw r8, [r28, TI_FLAGS]
+ andri.c r9, r8, _TIF_NEED_RESCHED
+@@ -408,7 +408,7 @@ ENTRY(handle_sys)
+ sw r9, [r0, PT_EPC]
+
+ cmpi.c r27, __NR_syscalls # check syscall number
+- bgeu illegal_syscall
++ bcs illegal_syscall
+
+ slli r8, r27, 2 # get syscall routine
+ la r11, sys_call_table
+diff --git a/arch/score/kernel/init_task.c b/arch/score/kernel/init_task.c
+index baa03ee..753a9f1 100644
+--- a/arch/score/kernel/init_task.c
++++ b/arch/score/kernel/init_task.c
+@@ -23,6 +23,7 @@
+
+ #include <linux/init_task.h>
+ #include <linux/mqueue.h>
++#include <linux/export.h>
+
+ static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
+ static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
+diff --git a/arch/score/kernel/vmlinux.lds.S b/arch/score/kernel/vmlinux.lds.S
+index eebcbaa..7274b5c 100644
+--- a/arch/score/kernel/vmlinux.lds.S
++++ b/arch/score/kernel/vmlinux.lds.S
+@@ -49,6 +49,7 @@ SECTIONS
+ }
+
+ . = ALIGN(16);
++ _sdata = .; /* Start of data section */
+ RODATA
+
+ EXCEPTION_TABLE(16)
+diff --git a/arch/score/mm/init.c b/arch/score/mm/init.c
+index cee6bce..150a3e6 100644
+--- a/arch/score/mm/init.c
++++ b/arch/score/mm/init.c
+@@ -34,6 +34,7 @@
+ #include <linux/proc_fs.h>
+ #include <linux/sched.h>
+ #include <linux/initrd.h>
++#include <linux/export.h>
+
+ #include <asm/sections.h>
+ #include <asm/tlb.h>
+diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
+index 88d442d..f2f3574d 100644
+--- a/arch/sparc/Kconfig
++++ b/arch/sparc/Kconfig
+@@ -57,6 +57,7 @@ config SPARC64
+ select IRQ_PREFLOW_FASTEOI
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
+ select HAVE_C_RECORDMCOUNT
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config ARCH_DEFCONFIG
+ string
+diff --git a/arch/unicore32/Kconfig b/arch/unicore32/Kconfig
+index 942ed61..35e8ff1 100644
+--- a/arch/unicore32/Kconfig
++++ b/arch/unicore32/Kconfig
+@@ -6,6 +6,7 @@ config UNICORE32
+ select HAVE_DMA_ATTRS
+ select HAVE_KERNEL_GZIP
+ select HAVE_KERNEL_BZIP2
++ select GENERIC_ATOMIC64
+ select HAVE_KERNEL_LZO
+ select HAVE_KERNEL_LZMA
+ select GENERIC_FIND_FIRST_BIT
+diff --git a/arch/unicore32/include/asm/io.h b/arch/unicore32/include/asm/io.h
+index 1a5c5a5..499594f 100644
+--- a/arch/unicore32/include/asm/io.h
++++ b/arch/unicore32/include/asm/io.h
+@@ -37,6 +37,7 @@ extern void __uc32_iounmap(volatile void __iomem *addr);
+ */
+ #define ioremap(cookie, size) __uc32_ioremap(cookie, size)
+ #define ioremap_cached(cookie, size) __uc32_ioremap_cached(cookie, size)
++#define ioremap_nocache(cookie, size) __uc32_ioremap(cookie, size)
+ #define iounmap(cookie) __uc32_iounmap(cookie)
+
+ /*
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index fb2e69d..901447e 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -75,6 +75,7 @@ config X86
+ select HAVE_BPF_JIT if (X86_64 && NET)
+ select CLKEVT_I8253
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config INSTRUCTION_DECODER
+ def_bool (KPROBES || PERF_EVENTS)
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index cfb5a40..b3eb9a7 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -98,7 +98,7 @@
+ #define KVM_REFILL_PAGES 25
+ #define KVM_MAX_CPUID_ENTRIES 80
+ #define KVM_NR_FIXED_MTRR_REGION 88
+-#define KVM_NR_VAR_MTRR 8
++#define KVM_NR_VAR_MTRR 10
+
+ #define ASYNC_PF_PER_VCPU 64
+
+@@ -418,7 +418,7 @@ struct kvm_vcpu_arch {
+ bool nmi_injected; /* Trying to inject an NMI this entry */
+
+ struct mtrr_state_type mtrr_state;
+- u32 pat;
++ u64 pat;
+
+ int switch_db_regs;
+ unsigned long db[KVM_NR_DB_REGS];
+diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
+index 4bb12f7..cba1883 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel.c
++++ b/arch/x86/kernel/cpu/perf_event_intel.c
+@@ -1048,6 +1048,15 @@ again:
+ intel_pmu_lbr_read();
+
+ /*
++ * CondChgd bit 63 doesn't mean any overflow status. Ignore
++ * and clear the bit.
++ */
++ if (__test_and_clear_bit(63, (unsigned long *)&status)) {
++ if (!status)
++ goto done;
++ }
++
++ /*
+ * PEBS overflow sets bit 62 in the global status register
+ */
+ if (__test_and_clear_bit(62, (unsigned long *)&status)) {
+diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
+index db090f6..dd52355 100644
+--- a/arch/x86/kernel/entry_32.S
++++ b/arch/x86/kernel/entry_32.S
+@@ -429,8 +429,8 @@ sysenter_do_call:
+ cmpl $(nr_syscalls), %eax
+ jae sysenter_badsys
+ call *sys_call_table(,%eax,4)
+- movl %eax,PT_EAX(%esp)
+ sysenter_after_call:
++ movl %eax,PT_EAX(%esp)
+ LOCKDEP_SYS_EXIT
+ DISABLE_INTERRUPTS(CLBR_ANY)
+ TRACE_IRQS_OFF
+@@ -512,6 +512,7 @@ ENTRY(system_call)
+ jae syscall_badsys
+ syscall_call:
+ call *sys_call_table(,%eax,4)
++syscall_after_call:
+ movl %eax,PT_EAX(%esp) # store the return value
+ syscall_exit:
+ LOCKDEP_SYS_EXIT
+@@ -553,11 +554,6 @@ ENTRY(iret_exc)
+
+ CFI_RESTORE_STATE
+ ldt_ss:
+- larl PT_OLDSS(%esp), %eax
+- jnz restore_nocheck
+- testl $0x00400000, %eax # returning to 32bit stack?
+- jnz restore_nocheck # allright, normal return
+-
+ #ifdef CONFIG_PARAVIRT
+ /*
+ * The kernel can't run on a non-flat stack if paravirt mode
+@@ -681,12 +677,12 @@ syscall_fault:
+ END(syscall_fault)
+
+ syscall_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
+- jmp syscall_exit
++ movl $-ENOSYS,%eax
++ jmp syscall_after_call
+ END(syscall_badsys)
+
+ sysenter_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
++ movl $-ENOSYS,%eax
+ jmp sysenter_after_call
+ END(syscall_badsys)
+ CFI_ENDPROC
+diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
+index be1ef57..dec49d3 100644
+--- a/arch/x86/mm/ioremap.c
++++ b/arch/x86/mm/ioremap.c
+@@ -50,6 +50,21 @@ int ioremap_change_attr(unsigned long vaddr, unsigned long size,
+ return err;
+ }
+
++static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
++ void *arg)
++{
++ unsigned long i;
++
++ for (i = 0; i < nr_pages; ++i)
++ if (pfn_valid(start_pfn + i) &&
++ !PageReserved(pfn_to_page(start_pfn + i)))
++ return 1;
++
++ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
++
++ return 0;
++}
++
+ /*
+ * Remap an arbitrary physical address space into the kernel virtual
+ * address space. Needed when the kernel wants to access high addresses
+@@ -93,14 +108,11 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
+ /*
+ * Don't allow anybody to remap normal RAM that we're using..
+ */
++ pfn = phys_addr >> PAGE_SHIFT;
+ last_pfn = last_addr >> PAGE_SHIFT;
+- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
+- int is_ram = page_is_ram(pfn);
+-
+- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
+- return NULL;
+- WARN_ON_ONCE(is_ram);
+- }
++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL,
++ __ioremap_check_ram) == 1)
++ return NULL;
+
+ /*
+ * Mappings have to be page-aligned
+diff --git a/crypto/testmgr.h b/crypto/testmgr.h
+index 37b4d8f..a4de4ae 100644
+--- a/crypto/testmgr.h
++++ b/crypto/testmgr.h
+@@ -10428,38 +10428,40 @@ static struct pcomp_testvec zlib_decomp_tv_template[] = {
+ static struct comp_testvec lzo_comp_tv_template[] = {
+ {
+ .inlen = 70,
+- .outlen = 46,
++ .outlen = 57,
+ .input = "Join us now and share the software "
+ "Join us now and share the software ",
+ .output = "\x00\x0d\x4a\x6f\x69\x6e\x20\x75"
+- "\x73\x20\x6e\x6f\x77\x20\x61\x6e"
+- "\x64\x20\x73\x68\x61\x72\x65\x20"
+- "\x74\x68\x65\x20\x73\x6f\x66\x74"
+- "\x77\x70\x01\x01\x4a\x6f\x69\x6e"
+- "\x3d\x88\x00\x11\x00\x00",
++ "\x73\x20\x6e\x6f\x77\x20\x61\x6e"
++ "\x64\x20\x73\x68\x61\x72\x65\x20"
++ "\x74\x68\x65\x20\x73\x6f\x66\x74"
++ "\x77\x70\x01\x32\x88\x00\x0c\x65"
++ "\x20\x74\x68\x65\x20\x73\x6f\x66"
++ "\x74\x77\x61\x72\x65\x20\x11\x00"
++ "\x00",
+ }, {
+ .inlen = 159,
+- .outlen = 133,
++ .outlen = 131,
+ .input = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+- .output = "\x00\x2b\x54\x68\x69\x73\x20\x64"
++ .output = "\x00\x2c\x54\x68\x69\x73\x20\x64"
+ "\x6f\x63\x75\x6d\x65\x6e\x74\x20"
+ "\x64\x65\x73\x63\x72\x69\x62\x65"
+ "\x73\x20\x61\x20\x63\x6f\x6d\x70"
+ "\x72\x65\x73\x73\x69\x6f\x6e\x20"
+ "\x6d\x65\x74\x68\x6f\x64\x20\x62"
+ "\x61\x73\x65\x64\x20\x6f\x6e\x20"
+- "\x74\x68\x65\x20\x4c\x5a\x4f\x2b"
+- "\x8c\x00\x0d\x61\x6c\x67\x6f\x72"
+- "\x69\x74\x68\x6d\x2e\x20\x20\x54"
+- "\x68\x69\x73\x2a\x54\x01\x02\x66"
+- "\x69\x6e\x65\x73\x94\x06\x05\x61"
+- "\x70\x70\x6c\x69\x63\x61\x74\x76"
+- "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+- "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+- "\x20\x69\x6e\x20\x55\x42\x49\x46"
+- "\x53\x2e\x11\x00\x00",
++ "\x74\x68\x65\x20\x4c\x5a\x4f\x20"
++ "\x2a\x8c\x00\x09\x61\x6c\x67\x6f"
++ "\x72\x69\x74\x68\x6d\x2e\x20\x20"
++ "\x2e\x54\x01\x03\x66\x69\x6e\x65"
++ "\x73\x20\x74\x06\x05\x61\x70\x70"
++ "\x6c\x69\x63\x61\x74\x76\x0a\x6f"
++ "\x66\x88\x02\x60\x09\x27\xf0\x00"
++ "\x0c\x20\x75\x73\x65\x64\x20\x69"
++ "\x6e\x20\x55\x42\x49\x46\x53\x2e"
++ "\x11\x00\x00",
+ },
+ };
+
+diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
+index c749b93..a79332a 100644
+--- a/drivers/acpi/battery.c
++++ b/drivers/acpi/battery.c
+@@ -34,6 +34,7 @@
+ #include <linux/dmi.h>
+ #include <linux/slab.h>
+ #include <linux/suspend.h>
++#include <linux/delay.h>
+ #include <asm/unaligned.h>
+
+ #ifdef CONFIG_ACPI_PROCFS_POWER
+@@ -1055,6 +1056,28 @@ static int battery_notify(struct notifier_block *nb,
+ return 0;
+ }
+
++/*
++ * Some machines'(E,G Lenovo Z480) ECs are not stable
++ * during boot up and this causes battery driver fails to be
++ * probed due to failure of getting battery information
++ * from EC sometimes. After several retries, the operation
++ * may work. So add retry code here and 20ms sleep between
++ * every retries.
++ */
++static int acpi_battery_update_retry(struct acpi_battery *battery)
++{
++ int retry, ret;
++
++ for (retry = 5; retry; retry--) {
++ ret = acpi_battery_update(battery);
++ if (!ret)
++ break;
++
++ msleep(20);
++ }
++ return ret;
++}
++
+ static int acpi_battery_add(struct acpi_device *device)
+ {
+ int result = 0;
+@@ -1074,9 +1097,11 @@ static int acpi_battery_add(struct acpi_device *device)
+ if (ACPI_SUCCESS(acpi_get_handle(battery->device->handle,
+ "_BIX", &handle)))
+ set_bit(ACPI_BATTERY_XINFO_PRESENT, &battery->flags);
+- result = acpi_battery_update(battery);
++
++ result = acpi_battery_update_retry(battery);
+ if (result)
+ goto fail;
++
+ #ifdef CONFIG_ACPI_PROCFS_POWER
+ result = acpi_battery_add_fs(device);
+ #endif
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
+index 3923064..48fd158 100644
+--- a/drivers/acpi/ec.c
++++ b/drivers/acpi/ec.c
+@@ -81,6 +81,9 @@ enum {
+ EC_FLAGS_BLOCKED, /* Transactions are blocked */
+ };
+
++#define ACPI_EC_COMMAND_POLL 0x01 /* Available for command byte */
++#define ACPI_EC_COMMAND_COMPLETE 0x02 /* Completed last byte */
++
+ /* ec.c is compiled in acpi namespace so this shows up as acpi.ec_delay param */
+ static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY;
+ module_param(ec_delay, uint, 0644);
+@@ -116,7 +119,7 @@ struct transaction {
+ u8 ri;
+ u8 wlen;
+ u8 rlen;
+- bool done;
++ u8 flags;
+ };
+
+ struct acpi_ec *boot_ec, *first_ec;
+@@ -157,53 +160,74 @@ static inline void acpi_ec_write_data(struct acpi_ec *ec, u8 data)
+ outb(data, ec->data_addr);
+ }
+
+-static int ec_transaction_done(struct acpi_ec *ec)
++static int ec_transaction_completed(struct acpi_ec *ec)
+ {
+ unsigned long flags;
+ int ret = 0;
+ spin_lock_irqsave(&ec->curr_lock, flags);
+- if (!ec->curr || ec->curr->done)
++ if (ec->curr && (ec->curr->flags & ACPI_EC_COMMAND_COMPLETE))
+ ret = 1;
+ spin_unlock_irqrestore(&ec->curr_lock, flags);
+ return ret;
+ }
+
+-static void start_transaction(struct acpi_ec *ec)
++static bool advance_transaction(struct acpi_ec *ec)
+ {
+- ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0;
+- ec->curr->done = false;
+- acpi_ec_write_cmd(ec, ec->curr->command);
+-}
+-
+-static void advance_transaction(struct acpi_ec *ec, u8 status)
+-{
+- unsigned long flags;
+- spin_lock_irqsave(&ec->curr_lock, flags);
+- if (!ec->curr)
+- goto unlock;
+- if (ec->curr->wlen > ec->curr->wi) {
+- if ((status & ACPI_EC_FLAG_IBF) == 0)
+- acpi_ec_write_data(ec,
+- ec->curr->wdata[ec->curr->wi++]);
+- else
+- goto err;
+- } else if (ec->curr->rlen > ec->curr->ri) {
+- if ((status & ACPI_EC_FLAG_OBF) == 1) {
+- ec->curr->rdata[ec->curr->ri++] = acpi_ec_read_data(ec);
+- if (ec->curr->rlen == ec->curr->ri)
+- ec->curr->done = true;
++ struct transaction *t;
++ u8 status;
++ bool wakeup = false;
++
++ pr_debug(PREFIX "===== %s =====\n", in_interrupt() ? "IRQ" : "TASK");
++ status = acpi_ec_read_status(ec);
++ t = ec->curr;
++ if (!t)
++ goto err;
++ if (t->flags & ACPI_EC_COMMAND_POLL) {
++ if (t->wlen > t->wi) {
++ if ((status & ACPI_EC_FLAG_IBF) == 0)
++ acpi_ec_write_data(ec, t->wdata[t->wi++]);
++ else
++ goto err;
++ } else if (t->rlen > t->ri) {
++ if ((status & ACPI_EC_FLAG_OBF) == 1) {
++ t->rdata[t->ri++] = acpi_ec_read_data(ec);
++ if (t->rlen == t->ri) {
++ t->flags |= ACPI_EC_COMMAND_COMPLETE;
++ wakeup = true;
++ }
++ } else
++ goto err;
++ } else if (t->wlen == t->wi &&
++ (status & ACPI_EC_FLAG_IBF) == 0) {
++ t->flags |= ACPI_EC_COMMAND_COMPLETE;
++ wakeup = true;
++ }
++ return wakeup;
++ } else {
++ if ((status & ACPI_EC_FLAG_IBF) == 0) {
++ acpi_ec_write_cmd(ec, t->command);
++ t->flags |= ACPI_EC_COMMAND_POLL;
+ } else
+ goto err;
+- } else if (ec->curr->wlen == ec->curr->wi &&
+- (status & ACPI_EC_FLAG_IBF) == 0)
+- ec->curr->done = true;
+- goto unlock;
++ return wakeup;
++ }
+ err:
+- /* false interrupt, state didn't change */
+- if (in_interrupt())
+- ++ec->curr->irq_count;
+-unlock:
+- spin_unlock_irqrestore(&ec->curr_lock, flags);
++ /*
++ * If SCI bit is set, then don't think it's a false IRQ
++ * otherwise will take a not handled IRQ as a false one.
++ */
++ if (!(status & ACPI_EC_FLAG_SCI)) {
++ if (in_interrupt() && t)
++ ++t->irq_count;
++ }
++ return wakeup;
++}
++
++static void start_transaction(struct acpi_ec *ec)
++{
++ ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0;
++ ec->curr->flags = 0;
++ (void)advance_transaction(ec);
+ }
+
+ static int acpi_ec_sync_query(struct acpi_ec *ec, u8 *data);
+@@ -228,15 +252,17 @@ static int ec_poll(struct acpi_ec *ec)
+ /* don't sleep with disabled interrupts */
+ if (EC_FLAGS_MSI || irqs_disabled()) {
+ udelay(ACPI_EC_MSI_UDELAY);
+- if (ec_transaction_done(ec))
++ if (ec_transaction_completed(ec))
+ return 0;
+ } else {
+ if (wait_event_timeout(ec->wait,
+- ec_transaction_done(ec),
++ ec_transaction_completed(ec),
+ msecs_to_jiffies(1)))
+ return 0;
+ }
+- advance_transaction(ec, acpi_ec_read_status(ec));
++ spin_lock_irqsave(&ec->curr_lock, flags);
++ (void)advance_transaction(ec);
++ spin_unlock_irqrestore(&ec->curr_lock, flags);
+ } while (time_before(jiffies, delay));
+ pr_debug(PREFIX "controller reset, restart transaction\n");
+ spin_lock_irqsave(&ec->curr_lock, flags);
+@@ -268,23 +294,6 @@ static int acpi_ec_transaction_unlocked(struct acpi_ec *ec,
+ return ret;
+ }
+
+-static int ec_check_ibf0(struct acpi_ec *ec)
+-{
+- u8 status = acpi_ec_read_status(ec);
+- return (status & ACPI_EC_FLAG_IBF) == 0;
+-}
+-
+-static int ec_wait_ibf0(struct acpi_ec *ec)
+-{
+- unsigned long delay = jiffies + msecs_to_jiffies(ec_delay);
+- /* interrupt wait manually if GPE mode is not active */
+- while (time_before(jiffies, delay))
+- if (wait_event_timeout(ec->wait, ec_check_ibf0(ec),
+- msecs_to_jiffies(1)))
+- return 0;
+- return -ETIME;
+-}
+-
+ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ {
+ int status;
+@@ -305,13 +314,8 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ goto unlock;
+ }
+ }
+- if (ec_wait_ibf0(ec)) {
+- pr_err(PREFIX "input buffer is not empty, "
+- "aborting transaction\n");
+- status = -ETIME;
+- goto end;
+- }
+- pr_debug(PREFIX "transaction start\n");
++ pr_debug(PREFIX "transaction start (cmd=0x%02x, addr=0x%02x)\n",
++ t->command, t->wdata ? t->wdata[0] : 0);
+ /* disable GPE during transaction if storm is detected */
+ if (test_bit(EC_FLAGS_GPE_STORM, &ec->flags)) {
+ /* It has to be disabled, so that it doesn't trigger. */
+@@ -327,12 +331,12 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ /* It is safe to enable the GPE outside of the transaction. */
+ acpi_enable_gpe(NULL, ec->gpe);
+ } else if (t->irq_count > ec_storm_threshold) {
+- pr_info(PREFIX "GPE storm detected, "
+- "transactions will use polling mode\n");
++ pr_info(PREFIX "GPE storm detected(%d GPEs), "
++ "transactions will use polling mode\n",
++ t->irq_count);
+ set_bit(EC_FLAGS_GPE_STORM, &ec->flags);
+ }
+ pr_debug(PREFIX "transaction end\n");
+-end:
+ if (ec->global_lock)
+ acpi_release_global_lock(glk);
+ unlock:
+@@ -404,7 +408,7 @@ int ec_burst_disable(void)
+
+ EXPORT_SYMBOL(ec_burst_disable);
+
+-int ec_read(u8 addr, u8 * val)
++int ec_read(u8 addr, u8 *val)
+ {
+ int err;
+ u8 temp_data;
+@@ -642,16 +646,14 @@ static int ec_check_sci(struct acpi_ec *ec, u8 state)
+ static u32 acpi_ec_gpe_handler(acpi_handle gpe_device,
+ u32 gpe_number, void *data)
+ {
++ unsigned long flags;
+ struct acpi_ec *ec = data;
+
+- pr_debug(PREFIX "~~~> interrupt\n");
+-
+- advance_transaction(ec, acpi_ec_read_status(ec));
+- if (ec_transaction_done(ec) &&
+- (acpi_ec_read_status(ec) & ACPI_EC_FLAG_IBF) == 0) {
++ spin_lock_irqsave(&ec->curr_lock, flags);
++ if (advance_transaction(ec))
+ wake_up(&ec->wait);
+- ec_check_sci(ec, acpi_ec_read_status(ec));
+- }
++ spin_unlock_irqrestore(&ec->curr_lock, flags);
++ ec_check_sci(ec, acpi_ec_read_status(ec));
+ return ACPI_INTERRUPT_HANDLED | ACPI_REENABLE_GPE;
+ }
+
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index 2b662725..2ddf736 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4711,6 +4711,10 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words)
+ * ata_qc_new - Request an available ATA command, for queueing
+ * @ap: target port
+ *
++ * Some ATA host controllers may implement a queue depth which is less
++ * than ATA_MAX_QUEUE. So we shouldn't allocate a tag which is beyond
++ * the hardware limitation.
++ *
+ * LOCKING:
+ * None.
+ */
+@@ -4718,14 +4722,15 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words)
+ static struct ata_queued_cmd *ata_qc_new(struct ata_port *ap)
+ {
+ struct ata_queued_cmd *qc = NULL;
++ unsigned int max_queue = ap->host->n_tags;
+ unsigned int i, tag;
+
+ /* no command while frozen */
+ if (unlikely(ap->pflags & ATA_PFLAG_FROZEN))
+ return NULL;
+
+- for (i = 0; i < ATA_MAX_QUEUE; i++) {
+- tag = (i + ap->last_tag + 1) % ATA_MAX_QUEUE;
++ for (i = 0, tag = ap->last_tag + 1; i < max_queue; i++, tag++) {
++ tag = tag < max_queue ? tag : 0;
+
+ /* the last tag is reserved for internal command. */
+ if (tag == ATA_TAG_INTERNAL)
+@@ -5918,6 +5923,7 @@ void ata_host_init(struct ata_host *host, struct device *dev,
+ {
+ spin_lock_init(&host->lock);
+ mutex_init(&host->eh_mutex);
++ host->n_tags = ATA_MAX_QUEUE - 1;
+ host->dev = dev;
+ host->flags = flags;
+ host->ops = ops;
+@@ -5998,6 +6004,8 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+ {
+ int i, rc;
+
++ host->n_tags = clamp(sht->can_queue, 1, ATA_MAX_QUEUE - 1);
++
+ /* host must have been started */
+ if (!(host->flags & ATA_HOST_STARTED)) {
+ dev_err(host->dev, "BUG: trying to register unstarted host\n");
+diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
+index 25373df..5d069c7 100644
+--- a/drivers/char/applicom.c
++++ b/drivers/char/applicom.c
+@@ -345,7 +345,6 @@ out:
+ free_irq(apbs[i].irq, &dummy);
+ iounmap(apbs[i].RamIO);
+ }
+- pci_disable_device(dev);
+ return ret;
+ }
+
+diff --git a/drivers/gpu/drm/radeon/atombios_dp.c b/drivers/gpu/drm/radeon/atombios_dp.c
+index 3254d51e..e8a3c31 100644
+--- a/drivers/gpu/drm/radeon/atombios_dp.c
++++ b/drivers/gpu/drm/radeon/atombios_dp.c
+@@ -89,7 +89,7 @@ static int radeon_process_aux_ch(struct radeon_i2c_chan *chan,
+ /* flags not zero */
+ if (args.v1.ucReplyStatus == 2) {
+ DRM_DEBUG_KMS("dp_aux_ch flags not zero\n");
+- return -EBUSY;
++ return -EIO;
+ }
+
+ /* error */
+diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
+index 3291ab8..ad5d774 100644
+--- a/drivers/gpu/drm/radeon/radeon_display.c
++++ b/drivers/gpu/drm/radeon/radeon_display.c
+@@ -697,6 +697,10 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector)
+ struct radeon_device *rdev = dev->dev_private;
+ int ret = 0;
+
++ /* don't leak the edid if we already fetched it in detect() */
++ if (radeon_connector->edid)
++ goto got_edid;
++
+ /* on hw with routers, select right port */
+ if (radeon_connector->router.ddc_valid)
+ radeon_router_select_ddc_port(radeon_connector);
+@@ -736,6 +740,7 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector)
+ radeon_connector->edid = radeon_bios_get_hardcoded_edid(rdev);
+ }
+ if (radeon_connector->edid) {
++got_edid:
+ drm_mode_connector_update_edid_property(&radeon_connector->base, radeon_connector->edid);
+ ret = drm_add_edid_modes(&radeon_connector->base, radeon_connector->edid);
+ drm_edid_to_eld(&radeon_connector->base, radeon_connector->edid);
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+index 907c26f..7f16ff2 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+@@ -179,7 +179,6 @@ static int vmw_fb_set_par(struct fb_info *info)
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_POSITION_Y, info->var.yoffset);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_WIDTH, info->var.xres);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_HEIGHT, info->var.yres);
+- vmw_write(vmw_priv, SVGA_REG_BYTES_PER_LINE, info->fix.line_length);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_ID, SVGA_ID_INVALID);
+ }
+
+diff --git a/drivers/hwmon/adm1029.c b/drivers/hwmon/adm1029.c
+index 0b8a3b1..3dbf405 100644
+--- a/drivers/hwmon/adm1029.c
++++ b/drivers/hwmon/adm1029.c
+@@ -228,6 +228,9 @@ static ssize_t set_fan_div(struct device *dev,
+ /* Update the value */
+ reg = (reg & 0x3F) | (val << 6);
+
++ /* Update the cache */
++ data->fan_div[attr->index] = reg;
++
+ /* Write value */
+ i2c_smbus_write_byte_data(client,
+ ADM1029_REG_FAN_DIV[attr->index], reg);
+diff --git a/drivers/hwmon/adm1031.c b/drivers/hwmon/adm1031.c
+index 0683e6b..5f11e23 100644
+--- a/drivers/hwmon/adm1031.c
++++ b/drivers/hwmon/adm1031.c
+@@ -352,6 +352,7 @@ set_auto_temp_min(struct device *dev, struct device_attribute *attr,
+ int nr = to_sensor_dev_attr(attr)->index;
+ int val = simple_strtol(buf, NULL, 10);
+
++ val = clamp_val(val, 0, 127000);
+ mutex_lock(&data->update_lock);
+ data->auto_temp[nr] = AUTO_TEMP_MIN_TO_REG(val, data->auto_temp[nr]);
+ adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr),
+@@ -376,6 +377,7 @@ set_auto_temp_max(struct device *dev, struct device_attribute *attr,
+ int nr = to_sensor_dev_attr(attr)->index;
+ int val = simple_strtol(buf, NULL, 10);
+
++ val = clamp_val(val, 0, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = AUTO_TEMP_MAX_TO_REG(val, data->auto_temp[nr], data->pwm[nr]);
+ adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr),
+@@ -651,7 +653,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_min[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_MIN(nr),
+@@ -668,7 +670,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_MAX(nr),
+@@ -685,7 +687,7 @@ static ssize_t set_temp_crit(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_crit[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_CRIT(nr),
+diff --git a/drivers/hwmon/adt7470.c b/drivers/hwmon/adt7470.c
+index a9726c1..3a15fd6 100644
+--- a/drivers/hwmon/adt7470.c
++++ b/drivers/hwmon/adt7470.c
+@@ -515,7 +515,7 @@ static ssize_t set_temp_min(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->temp_min[attr->index] = temp;
+@@ -549,7 +549,7 @@ static ssize_t set_temp_max(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->temp_max[attr->index] = temp;
+@@ -826,7 +826,7 @@ static ssize_t set_pwm_tmin(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->pwm_tmin[attr->index] = temp;
+diff --git a/drivers/hwmon/amc6821.c b/drivers/hwmon/amc6821.c
+index 4033974..75be6c4 100644
+--- a/drivers/hwmon/amc6821.c
++++ b/drivers/hwmon/amc6821.c
+@@ -715,7 +715,7 @@ static SENSOR_DEVICE_ATTR(temp1_max_alarm, S_IRUGO,
+ get_temp_alarm, NULL, IDX_TEMP1_MAX);
+ static SENSOR_DEVICE_ATTR(temp1_crit_alarm, S_IRUGO,
+ get_temp_alarm, NULL, IDX_TEMP1_CRIT);
+-static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO | S_IWUSR,
++static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO,
+ get_temp, NULL, IDX_TEMP2_INPUT);
+ static SENSOR_DEVICE_ATTR(temp2_min, S_IRUGO | S_IWUSR, get_temp,
+ set_temp, IDX_TEMP2_MIN);
+diff --git a/drivers/hwmon/emc2103.c b/drivers/hwmon/emc2103.c
+index af914ad..a074d21 100644
+--- a/drivers/hwmon/emc2103.c
++++ b/drivers/hwmon/emc2103.c
+@@ -248,9 +248,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *da,
+ if (result < 0)
+ return -EINVAL;
+
+- val = DIV_ROUND_CLOSEST(val, 1000);
+- if ((val < -63) || (val > 127))
+- return -EINVAL;
++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127);
+
+ mutex_lock(&data->update_lock);
+ data->temp_min[nr] = val;
+@@ -272,9 +270,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *da,
+ if (result < 0)
+ return -EINVAL;
+
+- val = DIV_ROUND_CLOSEST(val, 1000);
+- if ((val < -63) || (val > 127))
+- return -EINVAL;
++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127);
+
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = val;
+@@ -386,15 +382,14 @@ static ssize_t set_fan_target(struct device *dev, struct device_attribute *da,
+ {
+ struct emc2103_data *data = emc2103_update_device(dev);
+ struct i2c_client *client = to_i2c_client(dev);
+- long rpm_target;
++ unsigned long rpm_target;
+
+- int result = strict_strtol(buf, 10, &rpm_target);
++ int result = kstrtoul(buf, 10, &rpm_target);
+ if (result < 0)
+ return -EINVAL;
+
+ /* Datasheet states 16384 as maximum RPM target (table 3.2) */
+- if ((rpm_target < 0) || (rpm_target > 16384))
+- return -EINVAL;
++ rpm_target = clamp_val(rpm_target, 0, 16384);
+
+ mutex_lock(&data->update_lock);
+
+diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
+index 97b2e21..cf065df 100644
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -582,7 +582,7 @@ int alloc_iommu(struct dmar_drhd_unit *drhd)
+ {
+ struct intel_iommu *iommu;
+ int map_size;
+- u32 ver;
++ u32 ver, sts;
+ static int iommu_allocated = 0;
+ int agaw = 0;
+ int msagaw = 0;
+@@ -652,6 +652,15 @@ int alloc_iommu(struct dmar_drhd_unit *drhd)
+ (unsigned long long)iommu->cap,
+ (unsigned long long)iommu->ecap);
+
++ /* Reflect status in gcmd */
++ sts = readl(iommu->reg + DMAR_GSTS_REG);
++ if (sts & DMA_GSTS_IRES)
++ iommu->gcmd |= DMA_GCMD_IRE;
++ if (sts & DMA_GSTS_TES)
++ iommu->gcmd |= DMA_GCMD_TE;
++ if (sts & DMA_GSTS_QIES)
++ iommu->gcmd |= DMA_GCMD_QIE;
++
+ raw_spin_lock_init(&iommu->register_lock);
+
+ drhd->iommu = iommu;
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
+index bb1e579..276ef38 100644
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -3630,6 +3630,7 @@ static struct notifier_block device_nb = {
+ int __init intel_iommu_init(void)
+ {
+ int ret = 0;
++ struct dmar_drhd_unit *drhd;
+
+ /* VT-d is required for a TXT/tboot launch, so enforce that */
+ force_on = tboot_force_iommu();
+@@ -3640,6 +3641,20 @@ int __init intel_iommu_init(void)
+ return -ENODEV;
+ }
+
++ /*
++ * Disable translation if already enabled prior to OS handover.
++ */
++ for_each_drhd_unit(drhd) {
++ struct intel_iommu *iommu;
++
++ if (drhd->ignored)
++ continue;
++
++ iommu = drhd->iommu;
++ if (iommu->gcmd & DMA_GCMD_TE)
++ iommu_disable_translation(iommu);
++ }
++
+ if (dmar_dev_scope_init() < 0) {
+ if (force_on)
+ panic("tboot: Failed to initialize DMAR device scope\n");
+diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
+index ea5dd28..39a08be 100644
+--- a/drivers/md/dm-io.c
++++ b/drivers/md/dm-io.c
+@@ -10,6 +10,7 @@
+ #include <linux/device-mapper.h>
+
+ #include <linux/bio.h>
++#include <linux/completion.h>
+ #include <linux/mempool.h>
+ #include <linux/module.h>
+ #include <linux/sched.h>
+@@ -34,7 +35,7 @@ struct dm_io_client {
+ struct io {
+ unsigned long error_bits;
+ atomic_t count;
+- struct task_struct *sleeper;
++ struct completion *wait;
+ struct dm_io_client *client;
+ io_notify_fn callback;
+ void *context;
+@@ -122,8 +123,8 @@ static void dec_count(struct io *io, unsigned int region, int error)
+ invalidate_kernel_vmap_range(io->vma_invalidate_address,
+ io->vma_invalidate_size);
+
+- if (io->sleeper)
+- wake_up_process(io->sleeper);
++ if (io->wait)
++ complete(io->wait);
+
+ else {
+ unsigned long r = io->error_bits;
+@@ -384,6 +385,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+ */
+ volatile char io_[sizeof(struct io) + __alignof__(struct io) - 1];
+ struct io *io = (struct io *)PTR_ALIGN(&io_, __alignof__(struct io));
++ DECLARE_COMPLETION_ONSTACK(wait);
+
+ if (num_regions > 1 && (rw & RW_MASK) != WRITE) {
+ WARN_ON(1);
+@@ -392,7 +394,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+
+ io->error_bits = 0;
+ atomic_set(&io->count, 1); /* see dispatch_io() */
+- io->sleeper = current;
++ io->wait = &wait;
+ io->client = client;
+
+ io->vma_invalidate_address = dp->vma_invalidate_address;
+@@ -400,15 +402,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+
+ dispatch_io(rw, num_regions, where, dp, io, 1);
+
+- while (1) {
+- set_current_state(TASK_UNINTERRUPTIBLE);
+-
+- if (!atomic_read(&io->count))
+- break;
+-
+- io_schedule();
+- }
+- set_current_state(TASK_RUNNING);
++ wait_for_completion(&wait);
+
+ if (error_bits)
+ *error_bits = io->error_bits;
+@@ -431,7 +425,7 @@ static int async_io(struct dm_io_client *client, unsigned int num_regions,
+ io = mempool_alloc(client->pool, GFP_NOIO);
+ io->error_bits = 0;
+ atomic_set(&io->count, 1); /* see dispatch_io() */
+- io->sleeper = NULL;
++ io->wait = NULL;
+ io->client = client;
+ io->callback = fn;
+ io->context = context;
+diff --git a/drivers/md/md.c b/drivers/md/md.c
+index 30a7b52..ea8a181 100644
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -7144,6 +7144,19 @@ void md_do_sync(struct mddev *mddev)
+ rdev->recovery_offset < j)
+ j = rdev->recovery_offset;
+ rcu_read_unlock();
++
++ /* If there is a bitmap, we need to make sure all
++ * writes that started before we added a spare
++ * complete before we start doing a recovery.
++ * Otherwise the write might complete and (via
++ * bitmap_endwrite) set a bit in the bitmap after the
++ * recovery has checked that bit and skipped that
++ * region.
++ */
++ if (mddev->bitmap) {
++ mddev->pers->quiesce(mddev, 1);
++ mddev->pers->quiesce(mddev, 0);
++ }
+ }
+
+ printk(KERN_INFO "md: %s of RAID array %s\n", desc, mdname(mddev));
+diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
+index df5a09a..b555be0 100644
+--- a/drivers/net/ethernet/intel/igb/igb_main.c
++++ b/drivers/net/ethernet/intel/igb/igb_main.c
+@@ -6610,6 +6610,8 @@ static int __igb_shutdown(struct pci_dev *pdev, bool *enable_wake)
+
+ if (netif_running(netdev))
+ igb_close(netdev);
++ else
++ igb_reset(adapter);
+
+ igb_clear_interrupt_scheme(adapter);
+
+diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c
+index bd08919..5092148 100644
+--- a/drivers/net/ethernet/sun/sunvnet.c
++++ b/drivers/net/ethernet/sun/sunvnet.c
+@@ -1089,6 +1089,24 @@ static struct vnet * __devinit vnet_find_or_create(const u64 *local_mac)
+ return vp;
+ }
+
++static void vnet_cleanup(void)
++{
++ struct vnet *vp;
++ struct net_device *dev;
++
++ mutex_lock(&vnet_list_mutex);
++ while (!list_empty(&vnet_list)) {
++ vp = list_first_entry(&vnet_list, struct vnet, list);
++ list_del(&vp->list);
++ dev = vp->dev;
++ /* vio_unregister_driver() should have cleaned up port_list */
++ BUG_ON(!list_empty(&vp->port_list));
++ unregister_netdev(dev);
++ free_netdev(dev);
++ }
++ mutex_unlock(&vnet_list_mutex);
++}
++
+ static const char *local_mac_prop = "local-mac-address";
+
+ static struct vnet * __devinit vnet_find_parent(struct mdesc_handle *hp,
+@@ -1249,7 +1267,6 @@ static int vnet_port_remove(struct vio_dev *vdev)
+
+ kfree(port);
+
+- unregister_netdev(vp->dev);
+ }
+ return 0;
+ }
+@@ -1280,6 +1297,7 @@ static int __init vnet_init(void)
+ static void __exit vnet_exit(void)
+ {
+ vio_unregister_driver(&vnet_port_driver);
++ vnet_cleanup();
+ }
+
+ module_init(vnet_init);
+diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
+index d552fa3..d696536 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
+@@ -440,14 +440,6 @@ int iwlagn_commit_rxon(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
+ /* always get timestamp with Rx frame */
+ ctx->staging.flags |= RXON_FLG_TSF2HOST_MSK;
+
+- /*
+- * force CTS-to-self frames protection if RTS-CTS is not preferred
+- * one aggregation protection method
+- */
+- if (!(priv->cfg->ht_params &&
+- priv->cfg->ht_params->use_rts_for_aggregation))
+- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN;
+-
+ if ((ctx->vif && ctx->vif->bss_conf.use_short_slot) ||
+ !(ctx->staging.flags & RXON_FLG_BAND_24G_MSK))
+ ctx->staging.flags |= RXON_FLG_SHORT_SLOT_MSK;
+@@ -880,11 +872,6 @@ void iwlagn_bss_info_changed(struct ieee80211_hw *hw,
+ else
+ ctx->staging.flags &= ~RXON_FLG_TGG_PROTECT_MSK;
+
+- if (bss_conf->use_cts_prot)
+- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN;
+- else
+- ctx->staging.flags &= ~RXON_FLG_SELF_CTS_EN;
+-
+ memcpy(ctx->staging.bssid_addr, bss_conf->bssid, ETH_ALEN);
+
+ if (vif->type == NL80211_IFTYPE_AP ||
+diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c
+index 5baa12a..018276f 100644
+--- a/drivers/net/wireless/mwifiex/main.c
++++ b/drivers/net/wireless/mwifiex/main.c
+@@ -458,6 +458,7 @@ mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
+ }
+
+ tx_info = MWIFIEX_SKB_TXCB(skb);
++ memset(tx_info, 0, sizeof(*tx_info));
+ tx_info->bss_index = priv->bss_index;
+ mwifiex_fill_buffer(skb);
+
+diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c
+index 36aca4b..4aabbdc 100644
+--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
+@@ -490,7 +490,8 @@ static void purge_requests(struct ibmvscsi_host_data *hostdata, int error_code)
+ evt->hostdata->dev);
+ if (evt->cmnd_done)
+ evt->cmnd_done(evt->cmnd);
+- } else if (evt->done)
++ } else if (evt->done && evt->crq.format != VIOSRP_MAD_FORMAT &&
++ evt->iu.srp.login_req.opcode != SRP_LOGIN_REQ)
+ evt->done(evt);
+ free_event_struct(&evt->hostdata->pool, evt);
+ spin_lock_irqsave(hostdata->host->host_lock, flags);
+diff --git a/drivers/scsi/ibmvscsi/rpa_vscsi.c b/drivers/scsi/ibmvscsi/rpa_vscsi.c
+index f48ae01..920c02e 100644
+--- a/drivers/scsi/ibmvscsi/rpa_vscsi.c
++++ b/drivers/scsi/ibmvscsi/rpa_vscsi.c
+@@ -104,6 +104,11 @@ static struct viosrp_crq *crq_queue_next_crq(struct crq_queue *queue)
+ if (crq->valid & 0x80) {
+ if (++queue->cur == queue->size)
+ queue->cur = 0;
++
++ /* Ensure the read of the valid bit occurs before reading any
++ * other bits of the CRQ entry
++ */
++ rmb();
+ } else
+ crq = NULL;
+ spin_unlock_irqrestore(&queue->lock, flags);
+@@ -122,6 +127,11 @@ static int rpavscsi_send_crq(struct ibmvscsi_host_data *hostdata,
+ {
+ struct vio_dev *vdev = to_vio_dev(hostdata->dev);
+
++ /*
++ * Ensure the command buffer is flushed to memory before handing it
++ * over to the VIOS to prevent it from fetching any stale data.
++ */
++ mb();
+ return plpar_hcall_norets(H_SEND_CRQ, vdev->unit_address, word1, word2);
+ }
+
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
+index f6d2b62..5c6b5f5 100644
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -2149,7 +2149,10 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer)
+ }
+
+ sdkp->DPOFUA = (data.device_specific & 0x10) != 0;
+- if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) {
++ if (sdp->broken_fua) {
++ sd_printk(KERN_NOTICE, sdkp, "Disabling FUA\n");
++ sdkp->DPOFUA = 0;
++ } else if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) {
+ sd_printk(KERN_NOTICE, sdkp,
+ "Uses READ/WRITE(6), disabling FUA\n");
+ sdkp->DPOFUA = 0;
+diff --git a/drivers/scsi/sym53c8xx_2/sym_hipd.c b/drivers/scsi/sym53c8xx_2/sym_hipd.c
+index d92fe40..6b349e3 100644
+--- a/drivers/scsi/sym53c8xx_2/sym_hipd.c
++++ b/drivers/scsi/sym53c8xx_2/sym_hipd.c
+@@ -3000,7 +3000,11 @@ sym_dequeue_from_squeue(struct sym_hcb *np, int i, int target, int lun, int task
+ if ((target == -1 || cp->target == target) &&
+ (lun == -1 || cp->lun == lun) &&
+ (task == -1 || cp->tag == task)) {
++#ifdef SYM_OPT_HANDLE_DEVICE_QUEUEING
+ sym_set_cam_status(cp->cmd, DID_SOFT_ERROR);
++#else
++ sym_set_cam_status(cp->cmd, DID_REQUEUE);
++#endif
+ sym_remque(&cp->link_ccbq);
+ sym_insque_tail(&cp->link_ccbq, &np->comp_ccbq);
+ }
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index 12f3a37..3807294 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -655,6 +655,26 @@ static int hub_usb3_port_disable(struct usb_hub *hub, int port1)
+ if (!hub_is_superspeed(hub->hdev))
+ return -EINVAL;
+
++ ret = hub_port_status(hub, port1, &portstatus, &portchange);
++ if (ret < 0)
++ return ret;
++
++ /*
++ * USB controller Advanced Micro Devices, Inc. [AMD] FCH USB XHCI
++ * Controller [1022:7814] will have spurious result making the following
++ * usb 3.0 device hotplugging route to the 2.0 root hub and recognized
++ * as high-speed device if we set the usb 3.0 port link state to
++ * Disabled. Since it's already in USB_SS_PORT_LS_RX_DETECT state, we
++ * check the state here to avoid the bug.
++ */
++ if ((portstatus & USB_PORT_STAT_LINK_STATE) ==
++ USB_SS_PORT_LS_RX_DETECT) {
++ dev_dbg(hub->intfdev,
++ "Not disabling port %d; link state is RxDetect\n",
++ port1);
++ return ret;
++ }
++
+ ret = hub_set_port_link_state(hub, port1, USB_SS_PORT_LS_SS_DISABLED);
+ if (ret) {
+ dev_err(hub->intfdev, "cannot disable port %d (err = %d)\n",
+diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
+index 0e641a1..c635c4c 100644
+--- a/drivers/usb/gadget/f_fs.c
++++ b/drivers/usb/gadget/f_fs.c
+@@ -1376,11 +1376,13 @@ static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
+ ffs->ep0req->context = ffs;
+
+ lang = ffs->stringtabs;
+- for (lang = ffs->stringtabs; *lang; ++lang) {
+- struct usb_string *str = (*lang)->strings;
+- int id = first_id;
+- for (; str->s; ++id, ++str)
+- str->id = id;
++ if (lang) {
++ for (; *lang; ++lang) {
++ struct usb_string *str = (*lang)->strings;
++ int id = first_id;
++ for (; str->s; ++id, ++str)
++ str->id = id;
++ }
+ }
+
+ ffs->gadget = cdev->gadget;
+diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
+index 107e6b4..517cadb 100644
+--- a/drivers/usb/host/xhci-hub.c
++++ b/drivers/usb/host/xhci-hub.c
+@@ -21,6 +21,7 @@
+ */
+
+ #include <linux/gfp.h>
++#include <linux/device.h>
+ #include <asm/unaligned.h>
+
+ #include "xhci.h"
+@@ -993,7 +994,9 @@ int xhci_bus_suspend(struct usb_hcd *hcd)
+ t2 |= PORT_LINK_STROBE | XDEV_U3;
+ set_bit(port_index, &bus_state->bus_suspended);
+ }
+- if (hcd->self.root_hub->do_remote_wakeup) {
++ if (hcd->self.root_hub->do_remote_wakeup
++ && device_may_wakeup(hcd->self.controller)) {
++
+ if (t1 & PORT_CONNECT) {
+ t2 |= PORT_WKOC_E | PORT_WKDISC_E;
+ t2 &= ~PORT_WKCONN_E;
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index 1886544..bc5ee84 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -3521,7 +3521,7 @@ static unsigned int xhci_get_burst_count(struct xhci_hcd *xhci,
+ return 0;
+
+ max_burst = urb->ep->ss_ep_comp.bMaxBurst;
+- return roundup(total_packet_count, max_burst + 1) - 1;
++ return DIV_ROUND_UP(total_packet_count, max_burst + 1) - 1;
+ }
+
+ /*
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index b2eac8d..457a7ac 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -946,7 +946,7 @@ int xhci_suspend(struct xhci_hcd *xhci)
+ */
+ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+ {
+- u32 command, temp = 0;
++ u32 command, temp = 0, status;
+ struct usb_hcd *hcd = xhci_to_hcd(xhci);
+ struct usb_hcd *secondary_hcd;
+ int retval = 0;
+@@ -1070,8 +1070,12 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+
+ done:
+ if (retval == 0) {
+- usb_hcd_resume_root_hub(hcd);
+- usb_hcd_resume_root_hub(xhci->shared_hcd);
++ /* Resume root hubs only when have pending events. */
++ status = readl(&xhci->op_regs->status);
++ if (status & STS_EINT) {
++ usb_hcd_resume_root_hub(hcd);
++ usb_hcd_resume_root_hub(xhci->shared_hcd);
++ }
+ }
+
+ /*
+diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
+index 01fd64a..3de63f5 100644
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -159,6 +159,7 @@ static const struct usb_device_id id_table[] = {
+ { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */
+ { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */
+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
++ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
+ { USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */
+ { USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */
+ { USB_DEVICE(0x1E29, 0x0501) }, /* Festo CMSP */
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 6e08639..d6e6205 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -731,7 +731,8 @@ static struct usb_device_id id_table_combined [] = {
+ { USB_DEVICE(FTDI_VID, FTDI_ACG_HFDUAL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_YEI_SERVOCENTER31_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_THORLABS_PID) },
+- { USB_DEVICE(TESTO_VID, TESTO_USB_INTERFACE_PID) },
++ { USB_DEVICE(TESTO_VID, TESTO_1_PID) },
++ { USB_DEVICE(TESTO_VID, TESTO_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GAMMA_SCOUT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13M_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13S_PID) },
+@@ -1591,14 +1592,17 @@ static void ftdi_set_max_packet_size(struct usb_serial_port *port)
+ struct usb_device *udev = serial->dev;
+
+ struct usb_interface *interface = serial->interface;
+- struct usb_endpoint_descriptor *ep_desc = &interface->cur_altsetting->endpoint[1].desc;
++ struct usb_endpoint_descriptor *ep_desc;
+
+ unsigned num_endpoints;
+- int i;
++ unsigned i;
+
+ num_endpoints = interface->cur_altsetting->desc.bNumEndpoints;
+ dev_info(&udev->dev, "Number of endpoints %d\n", num_endpoints);
+
++ if (!num_endpoints)
++ return;
++
+ /* NOTE: some customers have programmed FT232R/FT245R devices
+ * with an endpoint size of 0 - not good. In this case, we
+ * want to override the endpoint descriptor setting and use a
+diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
+index 677cf49..55af915 100644
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -798,7 +798,8 @@
+ * Submitted by Colin Leroy
+ */
+ #define TESTO_VID 0x128D
+-#define TESTO_USB_INTERFACE_PID 0x0001
++#define TESTO_1_PID 0x0001
++#define TESTO_3_PID 0x0003
+
+ /*
+ * Mobility Electronics products.
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
+index a0f47d5..7a1c91e 100644
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -377,8 +377,12 @@ static void option_instat_callback(struct urb *urb);
+ /* Olivetti products */
+ #define OLIVETTI_VENDOR_ID 0x0b3c
+ #define OLIVETTI_PRODUCT_OLICARD100 0xc000
++#define OLIVETTI_PRODUCT_OLICARD120 0xc001
++#define OLIVETTI_PRODUCT_OLICARD140 0xc002
+ #define OLIVETTI_PRODUCT_OLICARD145 0xc003
++#define OLIVETTI_PRODUCT_OLICARD155 0xc004
+ #define OLIVETTI_PRODUCT_OLICARD200 0xc005
++#define OLIVETTI_PRODUCT_OLICARD160 0xc00a
+ #define OLIVETTI_PRODUCT_OLICARD500 0xc00b
+
+ /* Celot products */
+@@ -1494,6 +1498,8 @@ static const struct usb_device_id option_ids[] = {
+ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1426, 0xff, 0xff, 0xff), /* ZTE MF91 */
+ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
++ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1428, 0xff, 0xff, 0xff), /* Telewell TW-LTE 4G v2 */
++ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1533, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1534, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1535, 0xff, 0xff, 0xff) },
+@@ -1631,15 +1637,21 @@ static const struct usb_device_id option_ids[] = {
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC25_MDMNET) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, /* HC28 enumerates with Siemens or Cinterion VID depending on FW revision */
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) },
+-
+- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD120),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD140),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD155),
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200),
+- .driver_info = (kernel_ulong_t)&net_intf6_blacklist
+- },
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD160),
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD500),
+- .driver_info = (kernel_ulong_t)&net_intf4_blacklist
+- },
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
+ { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
+ { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) },
+diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c
+index eb660bb..b8dc0c5 100644
+--- a/drivers/usb/storage/scsiglue.c
++++ b/drivers/usb/storage/scsiglue.c
+@@ -255,6 +255,10 @@ static int slave_configure(struct scsi_device *sdev)
+ US_FL_SCM_MULT_TARG)) &&
+ us->protocol == USB_PR_BULK)
+ us->use_last_sector_hacks = 1;
++
++ /* A few buggy USB-ATA bridges don't understand FUA */
++ if (us->fflags & US_FL_BROKEN_FUA)
++ sdev->broken_fua = 1;
+ } else {
+
+ /* Non-disk-type devices don't need to blacklist any pages
+diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
+index 49d222d..e588a11 100644
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -1916,6 +1916,13 @@ UNUSUAL_DEV( 0x14cd, 0x6600, 0x0201, 0x0201,
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_IGNORE_RESIDUE ),
+
++/* Reported by Michael Büsch <m@bues.ch> */
++UNUSUAL_DEV( 0x152d, 0x0567, 0x0114, 0x0114,
++ "JMicron",
++ "USB to ATA/ATAPI Bridge",
++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
++ US_FL_BROKEN_FUA ),
++
+ /* Reported by Alexandre Oliva <oliva@lsd.ic.unicamp.br>
+ * JMicron responds to USN and several other SCSI ioctls with a
+ * residue that causes subsequent I/O requests to fail. */
+diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
+index ce4fa08..c8af7e5 100644
+--- a/drivers/xen/manage.c
++++ b/drivers/xen/manage.c
+@@ -93,7 +93,6 @@ static int xen_suspend(void *data)
+
+ if (!si->cancelled) {
+ xen_irq_resume();
+- xen_console_resume();
+ xen_timer_resume();
+ }
+
+@@ -149,6 +148,10 @@ static void do_suspend(void)
+
+ err = stop_machine(xen_suspend, &si, cpumask_of(0));
+
++ /* Resume console as early as possible. */
++ if (!si.cancelled)
++ xen_console_resume();
++
+ dpm_resume_noirq(si.cancelled ? PMSG_THAW : PMSG_RESTORE);
+
+ if (err) {
+diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
+index a559c80..e5206fc 100644
+--- a/fs/ceph/snap.c
++++ b/fs/ceph/snap.c
+@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
+
+ /* alloc new snap context */
+ err = -ENOMEM;
+- if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc))
++ if (num > (SIZE_MAX - sizeof(*snapc)) / sizeof(u64))
+ goto fail;
+ snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
+ if (!snapc)
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index acf2baf..6581ee7 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -1663,8 +1663,6 @@ static int parse_options(char *options, struct super_block *sb,
+ return 0;
+ if (option < 0)
+ return 0;
+- if (option == 0)
+- option = EXT4_DEF_MAX_BATCH_TIME;
+ sbi->s_max_batch_time = option;
+ break;
+ case Opt_min_batch_time:
+@@ -2726,10 +2724,11 @@ static void print_daily_error_info(unsigned long arg)
+ es = sbi->s_es;
+
+ if (es->s_error_count)
+- ext4_msg(sb, KERN_NOTICE, "error count: %u",
++ /* fsck newer than v1.41.13 is needed to clean this condition. */
++ ext4_msg(sb, KERN_NOTICE, "error count since last fsck: %u",
+ le32_to_cpu(es->s_error_count));
+ if (es->s_first_error_time) {
+- printk(KERN_NOTICE "EXT4-fs (%s): initial error at %u: %.*s:%d",
++ printk(KERN_NOTICE "EXT4-fs (%s): initial error at time %u: %.*s:%d",
+ sb->s_id, le32_to_cpu(es->s_first_error_time),
+ (int) sizeof(es->s_first_error_func),
+ es->s_first_error_func,
+@@ -2743,7 +2742,7 @@ static void print_daily_error_info(unsigned long arg)
+ printk("\n");
+ }
+ if (es->s_last_error_time) {
+- printk(KERN_NOTICE "EXT4-fs (%s): last error at %u: %.*s:%d",
++ printk(KERN_NOTICE "EXT4-fs (%s): last error at time %u: %.*s:%d",
+ sb->s_id, le32_to_cpu(es->s_last_error_time),
+ (int) sizeof(es->s_last_error_func),
+ es->s_last_error_func,
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
+index 06e2f73..e13558c 100644
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -161,7 +161,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
+ inode = ACCESS_ONCE(entry->d_inode);
+ if (inode && is_bad_inode(inode))
+ return 0;
+- else if (fuse_dentry_time(entry) < get_jiffies_64()) {
++ else if (time_before64(fuse_dentry_time(entry), get_jiffies_64())) {
+ int err;
+ struct fuse_entry_out outarg;
+ struct fuse_conn *fc;
+@@ -849,7 +849,7 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat,
+ int err;
+ bool r;
+
+- if (fi->i_time < get_jiffies_64()) {
++ if (time_before64(fi->i_time, get_jiffies_64())) {
+ r = true;
+ err = fuse_do_getattr(inode, stat, file);
+ } else {
+@@ -1009,7 +1009,7 @@ static int fuse_permission(struct inode *inode, int mask)
+ ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
+ struct fuse_inode *fi = get_fuse_inode(inode);
+
+- if (fi->i_time < get_jiffies_64()) {
++ if (time_before64(fi->i_time, get_jiffies_64())) {
+ refreshed = true;
+
+ err = fuse_perm_getattr(inode, mask);
+diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
+index 912c250..afc0f706 100644
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -437,6 +437,17 @@ static const match_table_t tokens = {
+ {OPT_ERR, NULL}
+ };
+
++static int fuse_match_uint(substring_t *s, unsigned int *res)
++{
++ int err = -ENOMEM;
++ char *buf = match_strdup(s);
++ if (buf) {
++ err = kstrtouint(buf, 10, res);
++ kfree(buf);
++ }
++ return err;
++}
++
+ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ {
+ char *p;
+@@ -447,6 +458,7 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ while ((p = strsep(&opt, ",")) != NULL) {
+ int token;
+ int value;
++ unsigned uv;
+ substring_t args[MAX_OPT_ARGS];
+ if (!*p)
+ continue;
+@@ -470,16 +482,16 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ break;
+
+ case OPT_USER_ID:
+- if (match_int(&args[0], &value))
++ if (fuse_match_uint(&args[0], &uv))
+ return 0;
+- d->user_id = value;
++ d->user_id = uv;
+ d->user_id_present = 1;
+ break;
+
+ case OPT_GROUP_ID:
+- if (match_int(&args[0], &value))
++ if (fuse_match_uint(&args[0], &uv))
+ return 0;
+- d->group_id = value;
++ d->group_id = uv;
+ d->group_id_present = 1;
+ break;
+
+diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
+index 18ea4d9..86dc68a 100644
+--- a/fs/jbd2/transaction.c
++++ b/fs/jbd2/transaction.c
+@@ -1388,9 +1388,12 @@ int jbd2_journal_stop(handle_t *handle)
+ * to perform a synchronous write. We do this to detect the
+ * case where a single process is doing a stream of sync
+ * writes. No point in waiting for joiners in that case.
++ *
++ * Setting max_batch_time to 0 disables this completely.
+ */
+ pid = current->pid;
+- if (handle->h_sync && journal->j_last_sync_writer != pid) {
++ if (handle->h_sync && journal->j_last_sync_writer != pid &&
++ journal->j_max_batch_time) {
+ u64 commit_time, trans_time;
+
+ journal->j_last_sync_writer = pid;
+diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
+index 315a1ba..eebccfe 100644
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -529,15 +529,6 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
+
+ switch (create->cr_type) {
+ case NF4LNK:
+- /* ugh! we have to null-terminate the linktext, or
+- * vfs_symlink() will choke. it is always safe to
+- * null-terminate by brute force, since at worst we
+- * will overwrite the first byte of the create namelen
+- * in the XDR buffer, which has already been extracted
+- * during XDR decode.
+- */
+- create->cr_linkname[create->cr_linklen] = 0;
+-
+ status = nfsd_symlink(rqstp, &cstate->current_fh,
+ create->cr_name, create->cr_namelen,
+ create->cr_linkname, create->cr_linklen,
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index a7933dd..9d2c52b 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -482,7 +482,18 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create
+ READ_BUF(4);
+ READ32(create->cr_linklen);
+ READ_BUF(create->cr_linklen);
+- SAVEMEM(create->cr_linkname, create->cr_linklen);
++ /*
++ * The VFS will want a null-terminated string, and
++ * null-terminating in place isn't safe since this might
++ * end on a page boundary:
++ */
++ create->cr_linkname =
++ kmalloc(create->cr_linklen + 1, GFP_KERNEL);
++ if (!create->cr_linkname)
++ return nfserr_jukebox;
++ memcpy(create->cr_linkname, p, create->cr_linklen);
++ create->cr_linkname[create->cr_linklen] = '\0';
++ defer_free(argp, kfree, create->cr_linkname);
+ break;
+ case NF4BLK:
+ case NF4CHR:
+diff --git a/fs/xfs/xfs_alloc.c b/fs/xfs/xfs_alloc.c
+index ce84ffd..896f1d9 100644
+--- a/fs/xfs/xfs_alloc.c
++++ b/fs/xfs/xfs_alloc.c
+@@ -1075,12 +1075,13 @@ restart:
+ * If we couldn't get anything, give up.
+ */
+ if (bno_cur_lt == NULL && bno_cur_gt == NULL) {
++ xfs_btree_del_cursor(cnt_cur, XFS_BTREE_NOERROR);
++
+ if (!forced++) {
+ trace_xfs_alloc_near_busy(args);
+ xfs_log_force(args->mp, XFS_LOG_SYNC);
+ goto restart;
+ }
+-
+ trace_xfs_alloc_size_neither(args);
+ args->agbno = NULLAGBLOCK;
+ return 0;
+diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
+index 6bd325f..19a2404 100644
+--- a/include/drm/drm_mem_util.h
++++ b/include/drm/drm_mem_util.h
+@@ -31,7 +31,7 @@
+
+ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ {
+- if (size != 0 && nmemb > ULONG_MAX / size)
++ if (size != 0 && nmemb > SIZE_MAX / size)
+ return NULL;
+
+ if (size * nmemb <= PAGE_SIZE)
+@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
+ static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
+ {
+- if (size != 0 && nmemb > ULONG_MAX / size)
++ if (size != 0 && nmemb > SIZE_MAX / size)
+ return NULL;
+
+ if (size * nmemb <= PAGE_SIZE)
+diff --git a/include/linux/kernel.h b/include/linux/kernel.h
+index a70783d..0b8ca35 100644
+--- a/include/linux/kernel.h
++++ b/include/linux/kernel.h
+@@ -34,6 +34,7 @@
+ #define LLONG_MAX ((long long)(~0ULL>>1))
+ #define LLONG_MIN (-LLONG_MAX - 1)
+ #define ULLONG_MAX (~0ULL)
++#define SIZE_MAX (~(size_t)0)
+
+ #define STACK_MAGIC 0xdeadbeef
+
+diff --git a/include/linux/libata.h b/include/linux/libata.h
+index 375dfdf..d773b21 100644
+--- a/include/linux/libata.h
++++ b/include/linux/libata.h
+@@ -540,6 +540,7 @@ struct ata_host {
+ struct device *dev;
+ void __iomem * const *iomap;
+ unsigned int n_ports;
++ unsigned int n_tags; /* nr of NCQ tags */
+ void *private_data;
+ struct ata_port_operations *ops;
+ unsigned long flags;
+diff --git a/include/linux/math64.h b/include/linux/math64.h
+index b8ba855..2913b86 100644
+--- a/include/linux/math64.h
++++ b/include/linux/math64.h
+@@ -6,7 +6,8 @@
+
+ #if BITS_PER_LONG == 64
+
+-#define div64_long(x,y) div64_s64((x),(y))
++#define div64_long(x, y) div64_s64((x), (y))
++#define div64_ul(x, y) div64_u64((x), (y))
+
+ /**
+ * div_u64_rem - unsigned 64bit divide with 32bit divisor with remainder
+@@ -47,7 +48,8 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
+
+ #elif BITS_PER_LONG == 32
+
+-#define div64_long(x,y) div_s64((x),(y))
++#define div64_long(x, y) div_s64((x), (y))
++#define div64_ul(x, y) div_u64((x), (y))
+
+ #ifndef div_u64_rem
+ static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index 40c2726..1b4ea29 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -2583,22 +2583,5 @@ static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size)
+
+ return true;
+ }
+-
+-/**
+- * skb_gso_network_seglen - Return length of individual segments of a gso packet
+- *
+- * @skb: GSO skb
+- *
+- * skb_gso_network_seglen is used to determine the real size of the
+- * individual segments, including Layer3 (IP, IPv6) and L4 headers (TCP/UDP).
+- *
+- * The MAC/L2 header is not accounted for.
+- */
+-static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb)
+-{
+- unsigned int hdr_len = skb_transport_header(skb) -
+- skb_network_header(skb);
+- return hdr_len + skb_gso_transport_seglen(skb);
+-}
+ #endif /* __KERNEL__ */
+ #endif /* _LINUX_SKBUFF_H */
+diff --git a/include/linux/slab.h b/include/linux/slab.h
+index a595dce..67d5d94 100644
+--- a/include/linux/slab.h
++++ b/include/linux/slab.h
+@@ -242,7 +242,7 @@ size_t ksize(const void *);
+ */
+ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
+ {
+- if (size != 0 && n > ULONG_MAX / size)
++ if (size != 0 && n > SIZE_MAX / size)
+ return NULL;
+ return __kmalloc(n * size, flags);
+ }
+diff --git a/include/linux/usb_usual.h b/include/linux/usb_usual.h
+index 17df360..88413e9 100644
+--- a/include/linux/usb_usual.h
++++ b/include/linux/usb_usual.h
+@@ -64,7 +64,9 @@
+ US_FLAG(NO_READ_CAPACITY_16, 0x00080000) \
+ /* cannot handle READ_CAPACITY_16 */ \
+ US_FLAG(INITIAL_READ10, 0x00100000) \
+- /* Initial READ(10) (and others) must be retried */
++ /* Initial READ(10) (and others) must be retried */ \
++ US_FLAG(BROKEN_FUA, 0x01000000) \
++ /* Cannot handle FUA in WRITE or READ CDBs */ \
+
+ #define US_FLAG(name, value) US_FL_##name = value ,
+ enum { US_DO_ALL_FLAGS };
+diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
+index 3152cc3..377ba61 100644
+--- a/include/scsi/scsi_device.h
++++ b/include/scsi/scsi_device.h
+@@ -151,6 +151,7 @@ struct scsi_device {
+ unsigned no_read_disc_info:1; /* Avoid READ_DISC_INFO cmds */
+ unsigned no_read_capacity_16:1; /* Avoid READ_CAPACITY_16 cmds */
+ unsigned is_visible:1; /* is the device visible in sysfs */
++ unsigned broken_fua:1; /* Don't set FUA bit */
+
+ DECLARE_BITMAP(supported_events, SDEV_EVT_MAXBITS); /* supported events */
+ struct list_head event_list; /* asserted events */
+diff --git a/kernel/Kconfig.locks b/kernel/Kconfig.locks
+index 5068e2a..61ebb49 100644
+--- a/kernel/Kconfig.locks
++++ b/kernel/Kconfig.locks
+@@ -198,5 +198,9 @@ config INLINE_WRITE_UNLOCK_IRQ
+ config INLINE_WRITE_UNLOCK_IRQRESTORE
+ def_bool !DEBUG_SPINLOCK && ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
+
++config ARCH_SUPPORTS_ATOMIC_RMW
++ bool
++
+ config MUTEX_SPIN_ON_OWNER
+- def_bool SMP && !DEBUG_MUTEXES
++ def_bool y
++ depends on SMP && !DEBUG_MUTEXES && ARCH_SUPPORTS_ATOMIC_RMW
+diff --git a/kernel/cpuset.c b/kernel/cpuset.c
+index 1e2c5f0..4346f9a 100644
+--- a/kernel/cpuset.c
++++ b/kernel/cpuset.c
+@@ -1152,7 +1152,13 @@ done:
+
+ int current_cpuset_is_being_rebound(void)
+ {
+- return task_cs(current) == cpuset_being_rebound;
++ int ret;
++
++ rcu_read_lock();
++ ret = task_cs(current) == cpuset_being_rebound;
++ rcu_read_unlock();
++
++ return ret;
+ }
+
+ static int update_relax_domain_level(struct cpuset *cs, s64 val)
+diff --git a/kernel/sched_debug.c b/kernel/sched_debug.c
+index f4010e2..704ffe3 100644
+--- a/kernel/sched_debug.c
++++ b/kernel/sched_debug.c
+@@ -467,7 +467,7 @@ void proc_sched_show_task(struct task_struct *p, struct seq_file *m)
+
+ avg_atom = p->se.sum_exec_runtime;
+ if (nr_switches)
+- do_div(avg_atom, nr_switches);
++ avg_atom = div64_ul(avg_atom, nr_switches);
+ else
+ avg_atom = -1LL;
+
+diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
+index 0907e43..eb198a3 100644
+--- a/kernel/time/alarmtimer.c
++++ b/kernel/time/alarmtimer.c
+@@ -563,9 +563,14 @@ static int alarm_timer_set(struct k_itimer *timr, int flags,
+ struct itimerspec *new_setting,
+ struct itimerspec *old_setting)
+ {
++ ktime_t exp;
++
+ if (!rtcdev)
+ return -ENOTSUPP;
+
++ if (flags & ~TIMER_ABSTIME)
++ return -EINVAL;
++
+ if (old_setting)
+ alarm_timer_get(timr, old_setting);
+
+@@ -575,8 +580,16 @@ static int alarm_timer_set(struct k_itimer *timr, int flags,
+
+ /* start the timer */
+ timr->it.alarm.interval = timespec_to_ktime(new_setting->it_interval);
+- alarm_start(&timr->it.alarm.alarmtimer,
+- timespec_to_ktime(new_setting->it_value));
++ exp = timespec_to_ktime(new_setting->it_value);
++ /* Convert (if necessary) to absolute time */
++ if (flags != TIMER_ABSTIME) {
++ ktime_t now;
++
++ now = alarm_bases[timr->it.alarm.alarmtimer.type].gettime();
++ exp = ktime_add(now, exp);
++ }
++
++ alarm_start(&timr->it.alarm.alarmtimer, exp);
+ return 0;
+ }
+
+@@ -708,6 +721,9 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags,
+ if (!alarmtimer_get_rtcdev())
+ return -ENOTSUPP;
+
++ if (flags & ~TIMER_ABSTIME)
++ return -EINVAL;
++
+ if (!capable(CAP_WAKE_ALARM))
+ return -EPERM;
+
+diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
+index e9a45f1..2695d72 100644
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -325,8 +325,10 @@ void tick_nohz_stop_sched_tick(int inidle)
+ tick_do_timer_cpu = TICK_DO_TIMER_NONE;
+ }
+
+- if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE))
++ if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE)) {
++ ts->sleep_length = (ktime_t) { .tv64 = NSEC_PER_SEC/HZ };
+ goto end;
++ }
+
+ if (need_resched())
+ goto end;
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index c5a12a7..0c348a6 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -3244,8 +3244,6 @@ tracing_poll_pipe(struct file *filp, poll_table *poll_table)
+ */
+ return POLLIN | POLLRDNORM;
+ } else {
+- if (!trace_empty(iter))
+- return POLLIN | POLLRDNORM;
+ poll_wait(filp, &trace_wait, poll_table);
+ if (!trace_empty(iter))
+ return POLLIN | POLLRDNORM;
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c
+index 6f886d9..d2c43a2 100644
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -2344,6 +2344,7 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
+ } else {
+ if (cow)
+ huge_ptep_set_wrprotect(src, addr, src_pte);
++ entry = huge_ptep_get(src_pte);
+ ptepage = pte_page(entry);
+ get_page(ptepage);
+ page_dup_rmap(ptepage);
+diff --git a/mm/kmemleak.c b/mm/kmemleak.c
+index f3b2a00..cc8cf1d 100644
+--- a/mm/kmemleak.c
++++ b/mm/kmemleak.c
+@@ -744,7 +744,9 @@ static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp)
+ }
+
+ spin_lock_irqsave(&object->lock, flags);
+- if (ptr + size > object->pointer + object->size) {
++ if (size == SIZE_MAX) {
++ size = object->pointer + object->size - ptr;
++ } else if (ptr + size > object->pointer + object->size) {
+ kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr);
+ dump_object_info(object);
+ kmem_cache_free(scan_area_cache, area);
+diff --git a/mm/mempolicy.c b/mm/mempolicy.c
+index 2b5bcc9..c9f7e6f 100644
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -1983,7 +1983,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old)
+ } else
+ *new = *old;
+
+- rcu_read_lock();
+ if (current_cpuset_is_being_rebound()) {
+ nodemask_t mems = cpuset_mems_allowed(current);
+ if (new->flags & MPOL_F_REBINDING)
+@@ -1991,7 +1990,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old)
+ else
+ mpol_rebind_policy(new, &mems, MPOL_REBIND_ONCE);
+ }
+- rcu_read_unlock();
+ atomic_set(&new->refcnt, 1);
+ return new;
+ }
+diff --git a/mm/shmem.c b/mm/shmem.c
+index a78acf0..1371021 100644
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -76,6 +76,17 @@ static struct vfsmount *shm_mnt;
+ /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
+ #define SHORT_SYMLINK_LEN 128
+
++/*
++ * vmtruncate_range() communicates with shmem_fault via
++ * inode->i_private (with i_mutex making sure that it has only one user at
++ * a time): we would prefer not to enlarge the shmem inode just for that.
++ */
++struct shmem_falloc {
++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
++ pgoff_t start; /* start of range currently being fallocated */
++ pgoff_t next; /* the next page offset to be fallocated */
++};
++
+ struct shmem_xattr {
+ struct list_head list; /* anchored by shmem_inode_info->xattr_list */
+ char *name; /* xattr name */
+@@ -488,22 +499,19 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ }
+
+ index = start;
+- for ( ; ; ) {
++ while (index <= end) {
+ cond_resched();
+ pvec.nr = shmem_find_get_pages_and_swap(mapping, index,
+ min(end - index, (pgoff_t)PAGEVEC_SIZE - 1) + 1,
+ pvec.pages, indices);
+ if (!pvec.nr) {
+- if (index == start)
++ /* If all gone or hole-punch, we're done */
++ if (index == start || end != -1)
+ break;
++ /* But if truncating, restart to make sure all gone */
+ index = start;
+ continue;
+ }
+- if (index == start && indices[0] > end) {
+- shmem_deswap_pagevec(&pvec);
+- pagevec_release(&pvec);
+- break;
+- }
+ mem_cgroup_uncharge_start();
+ for (i = 0; i < pagevec_count(&pvec); i++) {
+ struct page *page = pvec.pages[i];
+@@ -513,8 +521,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ break;
+
+ if (radix_tree_exceptional_entry(page)) {
+- nr_swaps_freed += !shmem_free_swap(mapping,
+- index, page);
++ if (shmem_free_swap(mapping, index, page)) {
++ /* Swap was replaced by page: retry */
++ index--;
++ break;
++ }
++ nr_swaps_freed++;
+ continue;
+ }
+
+@@ -522,6 +534,11 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ if (page->mapping == mapping) {
+ VM_BUG_ON(PageWriteback(page));
+ truncate_inode_page(mapping, page);
++ } else {
++ /* Page was replaced by swap: retry */
++ unlock_page(page);
++ index--;
++ break;
+ }
+ unlock_page(page);
+ }
+@@ -1060,6 +1077,63 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ int error;
+ int ret = VM_FAULT_LOCKED;
+
++ /*
++ * Trinity finds that probing a hole which tmpfs is punching can
++ * prevent the hole-punch from ever completing: which in turn
++ * locks writers out with its hold on i_mutex. So refrain from
++ * faulting pages into the hole while it's being punched. Although
++ * shmem_truncate_range() does remove the additions, it may be unable to
++ * keep up, as each new page needs its own unmap_mapping_range() call,
++ * and the i_mmap tree grows ever slower to scan if new vmas are added.
++ *
++ * It does not matter if we sometimes reach this check just before the
++ * hole-punch begins, so that one fault then races with the punch:
++ * we just need to make racing faults a rare case.
++ *
++ * The implementation below would be much simpler if we just used a
++ * standard mutex or completion: but we cannot take i_mutex in fault,
++ * and bloating every shmem inode for this unlikely case would be sad.
++ */
++ if (unlikely(inode->i_private)) {
++ struct shmem_falloc *shmem_falloc;
++
++ spin_lock(&inode->i_lock);
++ shmem_falloc = inode->i_private;
++ if (shmem_falloc &&
++ vmf->pgoff >= shmem_falloc->start &&
++ vmf->pgoff < shmem_falloc->next) {
++ wait_queue_head_t *shmem_falloc_waitq;
++ DEFINE_WAIT(shmem_fault_wait);
++
++ ret = VM_FAULT_NOPAGE;
++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
++ /* It's polite to up mmap_sem if we can */
++ up_read(&vma->vm_mm->mmap_sem);
++ ret = VM_FAULT_RETRY;
++ }
++
++ shmem_falloc_waitq = shmem_falloc->waitq;
++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
++ TASK_UNINTERRUPTIBLE);
++ spin_unlock(&inode->i_lock);
++ schedule();
++
++ /*
++ * shmem_falloc_waitq points into the vmtruncate_range()
++ * stack of the hole-punching task: shmem_falloc_waitq
++ * is usually invalid by the time we reach here, but
++ * finish_wait() does not dereference it in that case;
++ * though i_lock needed lest racing with wake_up_all().
++ */
++ spin_lock(&inode->i_lock);
++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
++ spin_unlock(&inode->i_lock);
++ return ret;
++ }
++ spin_unlock(&inode->i_lock);
++ }
++
+ error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
+ if (error)
+ return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
+@@ -1071,6 +1145,47 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ return ret;
+ }
+
++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
++{
++ /*
++ * If the underlying filesystem is not going to provide
++ * a way to truncate a range of blocks (punch a hole) -
++ * we should return failure right now.
++ * Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range().
++ */
++ if (inode->i_op->truncate_range != shmem_truncate_range)
++ return -ENOSYS;
++
++ mutex_lock(&inode->i_mutex);
++ {
++ struct shmem_falloc shmem_falloc;
++ struct address_space *mapping = inode->i_mapping;
++ loff_t unmap_start = round_up(lstart, PAGE_SIZE);
++ loff_t unmap_end = round_down(1 + lend, PAGE_SIZE) - 1;
++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
++
++ shmem_falloc.waitq = &shmem_falloc_waitq;
++ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
++ spin_lock(&inode->i_lock);
++ inode->i_private = &shmem_falloc;
++ spin_unlock(&inode->i_lock);
++
++ if ((u64)unmap_end > (u64)unmap_start)
++ unmap_mapping_range(mapping, unmap_start,
++ 1 + unmap_end - unmap_start, 0);
++ shmem_truncate_range(inode, lstart, lend);
++ /* No need to unmap again: hole-punching leaves COWed pages */
++
++ spin_lock(&inode->i_lock);
++ inode->i_private = NULL;
++ wake_up_all(&shmem_falloc_waitq);
++ spin_unlock(&inode->i_lock);
++ }
++ mutex_unlock(&inode->i_mutex);
++ return 0;
++}
++
+ #ifdef CONFIG_NUMA
+ static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol)
+ {
+@@ -2496,6 +2611,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ }
+ EXPORT_SYMBOL_GPL(shmem_truncate_range);
+
++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
++{
++ /* Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range(). */
++ return -ENOSYS;
++}
++
+ #define shmem_vm_ops generic_file_vm_ops
+ #define shmem_file_operations ramfs_file_operations
+ #define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev)
+diff --git a/mm/truncate.c b/mm/truncate.c
+index 00fb58a..40d186f 100644
+--- a/mm/truncate.c
++++ b/mm/truncate.c
+@@ -602,28 +602,3 @@ int vmtruncate(struct inode *inode, loff_t newsize)
+ return 0;
+ }
+ EXPORT_SYMBOL(vmtruncate);
+-
+-int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+-{
+- struct address_space *mapping = inode->i_mapping;
+- loff_t holebegin = round_up(lstart, PAGE_SIZE);
+- loff_t holelen = 1 + lend - holebegin;
+-
+- /*
+- * If the underlying filesystem is not going to provide
+- * a way to truncate a range of blocks (punch a hole) -
+- * we should return failure right now.
+- */
+- if (!inode->i_op->truncate_range)
+- return -ENOSYS;
+-
+- mutex_lock(&inode->i_mutex);
+- inode_dio_wait(inode);
+- unmap_mapping_range(mapping, holebegin, holelen, 1);
+- inode->i_op->truncate_range(inode, lstart, lend);
+- /* unmap again to remove racily COWed private pages */
+- unmap_mapping_range(mapping, holebegin, holelen, 1);
+- mutex_unlock(&inode->i_mutex);
+-
+- return 0;
+-}
+diff --git a/mm/vmalloc.c b/mm/vmalloc.c
+index eeba3bb..1431458 100644
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -349,6 +349,12 @@ static struct vmap_area *alloc_vmap_area(unsigned long size,
+ if (unlikely(!va))
+ return ERR_PTR(-ENOMEM);
+
++ /*
++ * Only scan the relevant parts containing pointers to other objects
++ * to avoid false negatives.
++ */
++ kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask & GFP_RECLAIM_MASK);
++
+ retry:
+ spin_lock(&vmap_area_lock);
+ /*
+@@ -1644,11 +1650,11 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+ insert_vmalloc_vmlist(area);
+
+ /*
+- * A ref_count = 3 is needed because the vm_struct and vmap_area
+- * structures allocated in the __get_vm_area_node() function contain
+- * references to the virtual address of the vmalloc'ed block.
++ * A ref_count = 2 is needed because vm_struct allocated in
++ * __get_vm_area_node() contains a reference to the virtual address of
++ * the vmalloc'ed block.
+ */
+- kmemleak_alloc(addr, real_size, 3, gfp_mask);
++ kmemleak_alloc(addr, real_size, 2, gfp_mask);
+
+ return addr;
+
+diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
+index e860a4f..77d3532 100644
+--- a/net/8021q/vlan_core.c
++++ b/net/8021q/vlan_core.c
+@@ -96,8 +96,11 @@ EXPORT_SYMBOL(vlan_dev_vlan_id);
+
+ static struct sk_buff *vlan_reorder_header(struct sk_buff *skb)
+ {
+- if (skb_cow(skb, skb_headroom(skb)) < 0)
++ if (skb_cow(skb, skb_headroom(skb)) < 0) {
++ kfree_skb(skb);
+ return NULL;
++ }
++
+ memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN);
+ skb->mac_header += VLAN_HLEN;
+ return skb;
+diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
+index 334d4cd..79aaac2 100644
+--- a/net/appletalk/ddp.c
++++ b/net/appletalk/ddp.c
+@@ -1494,8 +1494,6 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev,
+ goto drop;
+
+ /* Queue packet (standard) */
+- skb->sk = sock;
+-
+ if (sock_queue_rcv_skb(sock, skb) < 0)
+ goto drop;
+
+@@ -1649,7 +1647,6 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
+ if (!skb)
+ goto out;
+
+- skb->sk = sk;
+ skb_reserve(skb, ddp_dl->header_length);
+ skb_reserve(skb, dev->hard_header_len);
+ skb->dev = dev;
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
+index 7beaf10..0900a17 100644
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1062,6 +1062,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ int err;
++ int hdrlen;
+
+ s_h = cb->args[0];
+ s_idx = cb->args[1];
+@@ -1069,8 +1070,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ rcu_read_lock();
+ cb->seq = net->dev_base_seq;
+
+- if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ /* A hack to preserve kernel<->userspace interface.
++ * The correct header is ifinfomsg. It is consistent with rtnl_getlink.
++ * However, before Linux v3.9 the code here assumed rtgenmsg and that's
++ * what iproute2 < v3.9.0 used.
++ * We can detect the old iproute2. Even including the IFLA_EXT_MASK
++ * attribute, its netlink message is shorter than struct ifinfomsg.
++ */
++ hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
++
++ if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+@@ -1917,9 +1927,13 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ u16 min_ifinfo_dump_size = 0;
++ int hdrlen;
++
++ /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */
++ hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
+
+- if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ }
+diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
+index c32be29..2022b46 100644
+--- a/net/dns_resolver/dns_query.c
++++ b/net/dns_resolver/dns_query.c
+@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
+ if (!*_result)
+ goto put;
+
+- memcpy(*_result, upayload->data, len + 1);
++ memcpy(*_result, upayload->data, len);
++ (*_result)[len] = '\0';
++
+ if (_expiry)
+ *_expiry = rkey->expiry;
+
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
+index 75b0860..7f7e670 100644
+--- a/net/ipv4/igmp.c
++++ b/net/ipv4/igmp.c
+@@ -1862,6 +1862,10 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
+
+ rtnl_lock();
+ in_dev = ip_mc_find_dev(net, imr);
++ if (!in_dev) {
++ ret = -ENODEV;
++ goto out;
++ }
+ ifindex = imr->imr_ifindex;
+ for (imlp = &inet->mc_list;
+ (iml = rtnl_dereference(*imlp)) != NULL;
+@@ -1879,16 +1883,14 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
+
+ *imlp = iml->next_rcu;
+
+- if (in_dev)
+- ip_mc_dec_group(in_dev, group);
++ ip_mc_dec_group(in_dev, group);
+ rtnl_unlock();
+ /* decrease mem now to avoid the memleak warning */
+ atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
+ kfree_rcu(iml, rcu);
+ return 0;
+ }
+- if (!in_dev)
+- ret = -ENODEV;
++out:
+ rtnl_unlock();
+ return ret;
+ }
+diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
+index 7593f3a..29a07b6 100644
+--- a/net/ipv4/ip_forward.c
++++ b/net/ipv4/ip_forward.c
+@@ -39,68 +39,6 @@
+ #include <net/route.h>
+ #include <net/xfrm.h>
+
+-static bool ip_may_fragment(const struct sk_buff *skb)
+-{
+- return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
+- skb->local_df;
+-}
+-
+-static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
+-{
+- if (skb->len <= mtu)
+- return false;
+-
+- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
+- return false;
+-
+- return true;
+-}
+-
+-static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
+-{
+- unsigned int mtu;
+-
+- if (skb->local_df || !skb_is_gso(skb))
+- return false;
+-
+- mtu = dst_mtu(skb_dst(skb));
+-
+- /* if seglen > mtu, do software segmentation for IP fragmentation on
+- * output. DF bit cannot be set since ip_forward would have sent
+- * icmp error.
+- */
+- return skb_gso_network_seglen(skb) > mtu;
+-}
+-
+-/* called if GSO skb needs to be fragmented on forward */
+-static int ip_forward_finish_gso(struct sk_buff *skb)
+-{
+- struct sk_buff *segs;
+- int ret = 0;
+-
+- segs = skb_gso_segment(skb, 0);
+- if (IS_ERR(segs)) {
+- kfree_skb(skb);
+- return -ENOMEM;
+- }
+-
+- consume_skb(skb);
+-
+- do {
+- struct sk_buff *nskb = segs->next;
+- int err;
+-
+- segs->next = NULL;
+- err = dst_output(segs);
+-
+- if (err && ret == 0)
+- ret = err;
+- segs = nskb;
+- } while (segs);
+-
+- return ret;
+-}
+-
+ static int ip_forward_finish(struct sk_buff *skb)
+ {
+ struct ip_options * opt = &(IPCB(skb)->opt);
+@@ -110,9 +48,6 @@ static int ip_forward_finish(struct sk_buff *skb)
+ if (unlikely(opt->optlen))
+ ip_forward_options(skb);
+
+- if (ip_gso_exceeds_dst_mtu(skb))
+- return ip_forward_finish_gso(skb);
+-
+ return dst_output(skb);
+ }
+
+@@ -152,7 +87,8 @@ int ip_forward(struct sk_buff *skb)
+ if (opt->is_strictroute && opt->nexthop != rt->rt_gateway)
+ goto sr_failed;
+
+- if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, dst_mtu(&rt->dst))) {
++ if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) &&
++ (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
+ IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS);
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+ htonl(dst_mtu(&rt->dst)));
+diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
+index 40eb4fc..08623e2 100644
+--- a/net/ipv4/ip_options.c
++++ b/net/ipv4/ip_options.c
+@@ -277,6 +277,10 @@ int ip_options_compile(struct net *net,
+ optptr++;
+ continue;
+ }
++ if (unlikely(l < 2)) {
++ pp_ptr = optptr;
++ goto error;
++ }
+ optlen = optptr[1];
+ if (optlen<2 || optlen>l) {
+ pp_ptr = optptr;
+diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
+index b550815..c3b44d5 100644
+--- a/net/ipv4/netfilter/ipt_ULOG.c
++++ b/net/ipv4/netfilter/ipt_ULOG.c
+@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
+ ub->qlen++;
+
+ pm = NLMSG_DATA(nlh);
++ memset(pm, 0, sizeof(*pm));
+
+ /* We might not have a timestamp, get one */
+ if (skb->tstamp.tv64 == 0)
+@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum,
+ strncpy(pm->prefix, prefix, sizeof(pm->prefix));
+ else if (loginfo->prefix[0] != '\0')
+ strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
+- else
+- *(pm->prefix) = '\0';
+
+ if (in && in->hard_header_len > 0 &&
+ skb->mac_header != skb->network_header &&
+@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
+
+ if (in)
+ strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
+- else
+- pm->indev_name[0] = '\0';
+
+ if (out)
+ strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
+- else
+- pm->outdev_name[0] = '\0';
+
+ /* copy_len <= skb->len, so can't fail. */
+ if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index c1ed01e..afe6886 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -1305,7 +1305,7 @@ static int tcp_match_skb_to_sack(struct sock *sk, struct sk_buff *skb,
+ unsigned int new_len = (pkt_len / mss) * mss;
+ if (!in_sack && new_len < pkt_len) {
+ new_len += mss;
+- if (new_len > skb->len)
++ if (new_len >= skb->len)
+ return 0;
+ }
+ pkt_len = new_len;
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index 14753d3..064b5c9 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -381,17 +381,6 @@ static inline int ip6_forward_finish(struct sk_buff *skb)
+ return dst_output(skb);
+ }
+
+-static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
+-{
+- if (skb->len <= mtu || skb->local_df)
+- return false;
+-
+- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
+- return false;
+-
+- return true;
+-}
+-
+ int ip6_forward(struct sk_buff *skb)
+ {
+ struct dst_entry *dst = skb_dst(skb);
+@@ -515,7 +504,7 @@ int ip6_forward(struct sk_buff *skb)
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+
+- if (ip6_pkt_too_big(skb, mtu)) {
++ if (skb->len > mtu && !skb_is_gso(skb)) {
+ /* Again, force OUTPUT device used as source address */
+ skb->dev = dst->dev;
+ icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index e0f0934..437fb59 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
+ int err;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (optlen < sizeof(int))
+ return -EINVAL;
+@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level,
+ struct pppol2tp_session *ps;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (get_user(len, (int __user *) optlen))
+ return -EFAULT;
+diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
+index 72f4253..93acfa1 100644
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@ -3688,6 +3688,7 @@ void __net_init ip_vs_control_net_cleanup_sysctl(struct net *net)
+ cancel_delayed_work_sync(&ipvs->defense_work);
+ cancel_work_sync(&ipvs->defense_work.work);
+ unregister_net_sysctl_table(ipvs->sysctl_hdr);
++ ip_vs_stop_estimator(net, &ipvs->tot_stats);
+ }
+
+ #else
+@@ -3743,7 +3744,6 @@ void __net_exit ip_vs_control_net_cleanup(struct net *net)
+ struct netns_ipvs *ipvs = net_ipvs(net);
+
+ ip_vs_trash_cleanup(net);
+- ip_vs_stop_estimator(net, &ipvs->tot_stats);
+ ip_vs_control_net_cleanup_sysctl(net);
+ proc_net_remove(net, "ip_vs_stats_percpu");
+ proc_net_remove(net, "ip_vs_stats");
+diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
+index 8a84017..57da447 100644
+--- a/net/sctp/ulpevent.c
++++ b/net/sctp/ulpevent.c
+@@ -373,9 +373,10 @@ fail:
+ * specification [SCTP] and any extensions for a list of possible
+ * error formats.
+ */
+-struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+- const struct sctp_association *asoc, struct sctp_chunk *chunk,
+- __u16 flags, gfp_t gfp)
++struct sctp_ulpevent *
++sctp_ulpevent_make_remote_error(const struct sctp_association *asoc,
++ struct sctp_chunk *chunk, __u16 flags,
++ gfp_t gfp)
+ {
+ struct sctp_ulpevent *event;
+ struct sctp_remote_error *sre;
+@@ -394,8 +395,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+ /* Copy the skb to a new skb with room for us to prepend
+ * notification with.
+ */
+- skb = skb_copy_expand(chunk->skb, sizeof(struct sctp_remote_error),
+- 0, gfp);
++ skb = skb_copy_expand(chunk->skb, sizeof(*sre), 0, gfp);
+
+ /* Pull off the rest of the cause TLV from the chunk. */
+ skb_pull(chunk->skb, elen);
+@@ -406,62 +406,21 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+ event = sctp_skb2event(skb);
+ sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
+
+- sre = (struct sctp_remote_error *)
+- skb_push(skb, sizeof(struct sctp_remote_error));
++ sre = (struct sctp_remote_error *) skb_push(skb, sizeof(*sre));
+
+ /* Trim the buffer to the right length. */
+- skb_trim(skb, sizeof(struct sctp_remote_error) + elen);
++ skb_trim(skb, sizeof(*sre) + elen);
+
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_type:
+- * It should be SCTP_REMOTE_ERROR.
+- */
++ /* RFC6458, Section 6.1.3. SCTP_REMOTE_ERROR */
++ memset(sre, 0, sizeof(*sre));
+ sre->sre_type = SCTP_REMOTE_ERROR;
+-
+- /*
+- * Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_flags: 16 bits (unsigned integer)
+- * Currently unused.
+- */
+ sre->sre_flags = 0;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_length: sizeof (__u32)
+- *
+- * This field is the total length of the notification data,
+- * including the notification header.
+- */
+ sre->sre_length = skb->len;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_error: 16 bits (unsigned integer)
+- * This value represents one of the Operational Error causes defined in
+- * the SCTP specification, in network byte order.
+- */
+ sre->sre_error = cause;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_assoc_id: sizeof (sctp_assoc_t)
+- *
+- * The association id field, holds the identifier for the association.
+- * All notifications for a given association have the same association
+- * identifier. For TCP style socket, this field is ignored.
+- */
+ sctp_ulpevent_set_owner(event, asoc);
+ sre->sre_assoc_id = sctp_assoc2id(asoc);
+
+ return event;
+-
+ fail:
+ return NULL;
+ }
+@@ -904,7 +863,9 @@ __u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event)
+ return notification->sn_header.sn_type;
+ }
+
+-/* Copy out the sndrcvinfo into a msghdr. */
++/* RFC6458, Section 5.3.2. SCTP Header Information Structure
++ * (SCTP_SNDRCV, DEPRECATED)
++ */
+ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
+ struct msghdr *msghdr)
+ {
+@@ -913,74 +874,21 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
+ if (sctp_ulpevent_is_notification(event))
+ return;
+
+- /* Sockets API Extensions for SCTP
+- * Section 5.2.2 SCTP Header Information Structure (SCTP_SNDRCV)
+- *
+- * sinfo_stream: 16 bits (unsigned integer)
+- *
+- * For recvmsg() the SCTP stack places the message's stream number in
+- * this value.
+- */
++ memset(&sinfo, 0, sizeof(sinfo));
+ sinfo.sinfo_stream = event->stream;
+- /* sinfo_ssn: 16 bits (unsigned integer)
+- *
+- * For recvmsg() this value contains the stream sequence number that
+- * the remote endpoint placed in the DATA chunk. For fragmented
+- * messages this is the same number for all deliveries of the message
+- * (if more than one recvmsg() is needed to read the message).
+- */
+ sinfo.sinfo_ssn = event->ssn;
+- /* sinfo_ppid: 32 bits (unsigned integer)
+- *
+- * In recvmsg() this value is
+- * the same information that was passed by the upper layer in the peer
+- * application. Please note that byte order issues are NOT accounted
+- * for and this information is passed opaquely by the SCTP stack from
+- * one end to the other.
+- */
+ sinfo.sinfo_ppid = event->ppid;
+- /* sinfo_flags: 16 bits (unsigned integer)
+- *
+- * This field may contain any of the following flags and is composed of
+- * a bitwise OR of these values.
+- *
+- * recvmsg() flags:
+- *
+- * SCTP_UNORDERED - This flag is present when the message was sent
+- * non-ordered.
+- */
+ sinfo.sinfo_flags = event->flags;
+- /* sinfo_tsn: 32 bit (unsigned integer)
+- *
+- * For the receiving side, this field holds a TSN that was
+- * assigned to one of the SCTP Data Chunks.
+- */
+ sinfo.sinfo_tsn = event->tsn;
+- /* sinfo_cumtsn: 32 bit (unsigned integer)
+- *
+- * This field will hold the current cumulative TSN as
+- * known by the underlying SCTP layer. Note this field is
+- * ignored when sending and only valid for a receive
+- * operation when sinfo_flags are set to SCTP_UNORDERED.
+- */
+ sinfo.sinfo_cumtsn = event->cumtsn;
+- /* sinfo_assoc_id: sizeof (sctp_assoc_t)
+- *
+- * The association handle field, sinfo_assoc_id, holds the identifier
+- * for the association announced in the COMMUNICATION_UP notification.
+- * All notifications for a given association have the same identifier.
+- * Ignored for one-to-one style sockets.
+- */
+ sinfo.sinfo_assoc_id = sctp_assoc2id(event->asoc);
+-
+- /* context value that is set via SCTP_CONTEXT socket option. */
++ /* Context value that is set via SCTP_CONTEXT socket option. */
+ sinfo.sinfo_context = event->asoc->default_rcv_context;
+-
+ /* These fields are not used while receiving. */
+ sinfo.sinfo_timetolive = 0;
+
+ put_cmsg(msghdr, IPPROTO_SCTP, SCTP_SNDRCV,
+- sizeof(struct sctp_sndrcvinfo), (void *)&sinfo);
++ sizeof(sinfo), &sinfo);
+ }
+
+ /* Do accounting for bytes received and hold a reference to the association
+diff --git a/tools/usb/ffs-test.c b/tools/usb/ffs-test.c
+index f17dfee..726af27 100644
+--- a/tools/usb/ffs-test.c
++++ b/tools/usb/ffs-test.c
+@@ -143,8 +143,8 @@ static const struct {
+ .header = {
+ .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC),
+ .length = cpu_to_le32(sizeof descriptors),
+- .fs_count = 3,
+- .hs_count = 3,
++ .fs_count = cpu_to_le32(3),
++ .hs_count = cpu_to_le32(3),
+ },
+ .fs_descs = {
+ .intf = {
diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
similarity index 99%
rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch
rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
index d00d89e..0c9beb1 100644
--- a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch
+++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
@@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644
==============================================================
diff --git a/Makefile b/Makefile
-index f8b642d..8741e65 100644
+index 30a5c65..efb1be9 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -315,10 +315,13 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +571,72 @@ else
+@@ -564,6 +571,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -388,7 +391,7 @@ index f8b642d..8741e65 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -592,9 +665,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
+@@ -592,9 +668,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
endif
endif
@@ -401,7 +404,7 @@ index f8b642d..8741e65 100644
endif
ifdef CONFIG_DEBUG_INFO_REDUCED
-@@ -708,7 +783,7 @@ export mod_strip_cmd
+@@ -708,7 +786,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -410,7 +413,7 @@ index f8b642d..8741e65 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +1007,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +1010,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -419,7 +422,7 @@ index f8b642d..8741e65 100644
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +1018,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +1021,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -428,7 +431,7 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -981,10 +1058,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
+@@ -981,10 +1061,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
archprepare: archscripts prepare1 scripts_basic
@@ -442,7 +445,7 @@ index f8b642d..8741e65 100644
prepare: prepare0
# Generate some files
-@@ -1089,6 +1169,8 @@ all: modules
+@@ -1089,6 +1172,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -451,7 +454,7 @@ index f8b642d..8741e65 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1104,7 +1186,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1104,7 +1189,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -460,7 +463,7 @@ index f8b642d..8741e65 100644
# Target to install modules
PHONY += modules_install
-@@ -1164,6 +1246,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
+@@ -1164,6 +1249,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
arch/*/include/generated
MRPROPER_FILES += .config .config.old .version .old_version \
include/linux/version.h \
@@ -470,7 +473,7 @@ index f8b642d..8741e65 100644
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
# clean - Delete most, but leave enough to build external modules
-@@ -1200,7 +1285,7 @@ distclean: mrproper
+@@ -1200,7 +1288,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -479,7 +482,7 @@ index f8b642d..8741e65 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1361,6 +1446,8 @@ PHONY += $(module-dirs) modules
+@@ -1361,6 +1449,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -488,7 +491,7 @@ index f8b642d..8741e65 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1487,17 +1574,21 @@ else
+@@ -1487,17 +1577,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -514,7 +517,7 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1507,11 +1598,15 @@ endif
+@@ -1507,11 +1601,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -897,10 +900,10 @@ index fadd5f8..904e73a 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 790ea68..e8c6879 100644
+index 082bd36..da47cc5 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
-@@ -2012,6 +2012,7 @@ config XIP_PHYS_ADDR
+@@ -2013,6 +2013,7 @@ config XIP_PHYS_ADDR
config KEXEC
bool "Kexec system call (EXPERIMENTAL)"
depends on EXPERIMENTAL
@@ -5124,10 +5127,10 @@ index 18162ce..94de376 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
-index 16ef838..4eac98f 100644
+index bec952d..f6dbe5d 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
-@@ -346,6 +346,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE
+@@ -347,6 +347,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE
config KEXEC
bool "kexec system call (EXPERIMENTAL)"
depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP && !PPC_47x)) && EXPERIMENTAL
@@ -9978,7 +9981,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index fb2e69d..440cb91 100644
+index 901447e..38d9380 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -75,6 +75,7 @@ config X86
@@ -9986,10 +9989,10 @@ index fb2e69d..440cb91 100644
select CLKEVT_I8253
select ARCH_HAVE_NMI_SAFE_CMPXCHG
+ select HAVE_ARCH_SECCOMP_FILTER
+ select ARCH_SUPPORTS_ATOMIC_RMW
config INSTRUCTION_DECODER
- def_bool (KPROBES || PERF_EVENTS)
-@@ -235,7 +236,7 @@ config X86_HT
+@@ -236,7 +237,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
@@ -9998,7 +10001,7 @@ index fb2e69d..440cb91 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -525,6 +526,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -526,6 +527,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig PARAVIRT_GUEST
bool "Paravirtualized guest support"
@@ -10006,7 +10009,7 @@ index fb2e69d..440cb91 100644
---help---
Say Y here to get to see options related to running Linux under
various hypervisors. This option alone does not add any kernel code.
-@@ -1022,7 +1024,7 @@ choice
+@@ -1023,7 +1025,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -10015,7 +10018,7 @@ index fb2e69d..440cb91 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1059,7 +1061,7 @@ config NOHIGHMEM
+@@ -1060,7 +1062,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -10024,7 +10027,7 @@ index fb2e69d..440cb91 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1113,7 +1115,7 @@ config PAGE_OFFSET
+@@ -1114,7 +1116,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -10033,7 +10036,7 @@ index fb2e69d..440cb91 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1496,6 +1498,7 @@ config SECCOMP
+@@ -1497,6 +1499,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
@@ -10041,7 +10044,7 @@ index fb2e69d..440cb91 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1514,6 +1517,7 @@ source kernel/Kconfig.hz
+@@ -1515,6 +1518,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -10049,7 +10052,7 @@ index fb2e69d..440cb91 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1616,6 +1620,8 @@ config X86_NEED_RELOCS
+@@ -1617,6 +1621,8 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -10058,7 +10061,7 @@ index fb2e69d..440cb91 100644
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1647,9 +1653,10 @@ config HOTPLUG_CPU
+@@ -1648,9 +1654,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
@@ -13744,7 +13747,7 @@ index 5478825..839e88c 100644
#define flush_insn_slot(p) do { } while (0)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index cfb5a40..fc8880d 100644
+index b3eb9a7..7c34d91 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -459,7 +459,7 @@ struct kvm_arch {
@@ -18411,7 +18414,7 @@ index cd28a35..c72ed9a 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index db090f6..2886e27 100644
+index dd52355..371d3b9 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -180,13 +180,153 @@
@@ -18677,7 +18680,7 @@ index db090f6..2886e27 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -423,14 +591,18 @@ sysenter_past_esp:
+@@ -423,6 +591,10 @@ sysenter_past_esp:
GET_THREAD_INFO(%ebp)
@@ -18688,15 +18691,6 @@ index db090f6..2886e27 100644
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz sysenter_audit
sysenter_do_call:
- cmpl $(nr_syscalls), %eax
- jae sysenter_badsys
- call *sys_call_table(,%eax,4)
-- movl %eax,PT_EAX(%esp)
- sysenter_after_call:
-+ movl %eax,PT_EAX(%esp)
- LOCKDEP_SYS_EXIT
- DISABLE_INTERRUPTS(CLBR_ANY)
- TRACE_IRQS_OFF
@@ -438,12 +610,24 @@ sysenter_after_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
@@ -18764,15 +18758,7 @@ index db090f6..2886e27 100644
# system call tracing in operation / emulation
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz syscall_trace_entry
-@@ -512,6 +710,7 @@ ENTRY(system_call)
- jae syscall_badsys
- syscall_call:
- call *sys_call_table(,%eax,4)
-+syscall_after_call:
- movl %eax,PT_EAX(%esp) # store the return value
- syscall_exit:
- LOCKDEP_SYS_EXIT
-@@ -523,6 +722,15 @@ syscall_exit:
+@@ -524,6 +722,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -18788,7 +18774,7 @@ index db090f6..2886e27 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -582,14 +790,34 @@ ldt_ss:
+@@ -578,14 +785,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -18826,7 +18812,7 @@ index db090f6..2886e27 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -618,34 +846,28 @@ work_resched:
+@@ -614,34 +841,28 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -18866,7 +18852,7 @@ index db090f6..2886e27 100644
# perform syscall exit tracing
ALIGN
-@@ -653,11 +875,14 @@ syscall_trace_entry:
+@@ -649,11 +870,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -18882,7 +18868,7 @@ index db090f6..2886e27 100644
# perform syscall exit tracing
ALIGN
-@@ -670,25 +895,29 @@ syscall_exit_work:
+@@ -666,25 +890,29 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -18903,23 +18889,20 @@ index db090f6..2886e27 100644
+ENDPROC(syscall_fault)
syscall_badsys:
-- movl $-ENOSYS,PT_EAX(%esp)
-- jmp syscall_exit
+ movl $-ENOSYS,%eax
+ jmp syscall_after_call
-END(syscall_badsys)
-+ movl $-ENOSYS,%eax
-+ jmp syscall_after_call
+ENDPROC(syscall_badsys)
sysenter_badsys:
-- movl $-ENOSYS,PT_EAX(%esp)
-+ movl $-ENOSYS,%eax
+ movl $-ENOSYS,%eax
jmp sysenter_after_call
-END(syscall_badsys)
+ENDPROC(sysenter_badsys)
CFI_ENDPROC
/*
* End of kprobes section
-@@ -762,6 +991,36 @@ ptregs_clone:
+@@ -758,6 +986,36 @@ ptregs_clone:
CFI_ENDPROC
ENDPROC(ptregs_clone)
@@ -18956,7 +18939,7 @@ index db090f6..2886e27 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -771,8 +1030,15 @@ ENDPROC(ptregs_clone)
+@@ -767,8 +1025,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -18974,7 +18957,7 @@ index db090f6..2886e27 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -825,7 +1091,7 @@ vector=vector+1
+@@ -821,7 +1086,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -18983,7 +18966,7 @@ index db090f6..2886e27 100644
.previous
END(interrupt)
-@@ -873,7 +1139,7 @@ ENTRY(coprocessor_error)
+@@ -869,7 +1134,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -18992,7 +18975,7 @@ index db090f6..2886e27 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -894,7 +1160,7 @@ ENTRY(simd_coprocessor_error)
+@@ -890,7 +1155,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -19001,7 +18984,7 @@ index db090f6..2886e27 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -902,7 +1168,7 @@ ENTRY(device_not_available)
+@@ -898,7 +1163,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -19010,7 +18993,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -911,12 +1177,12 @@ ENTRY(native_iret)
+@@ -907,12 +1172,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -19025,7 +19008,7 @@ index db090f6..2886e27 100644
#endif
ENTRY(overflow)
-@@ -925,7 +1191,7 @@ ENTRY(overflow)
+@@ -921,7 +1186,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -19034,7 +19017,7 @@ index db090f6..2886e27 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -933,7 +1199,7 @@ ENTRY(bounds)
+@@ -929,7 +1194,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -19043,7 +19026,7 @@ index db090f6..2886e27 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -941,7 +1207,7 @@ ENTRY(invalid_op)
+@@ -937,7 +1202,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -19052,7 +19035,7 @@ index db090f6..2886e27 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -949,35 +1215,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -945,35 +1210,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -19093,7 +19076,7 @@ index db090f6..2886e27 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -985,7 +1251,7 @@ ENTRY(divide_error)
+@@ -981,7 +1246,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -19102,7 +19085,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -994,7 +1260,7 @@ ENTRY(machine_check)
+@@ -990,7 +1255,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -19111,7 +19094,7 @@ index db090f6..2886e27 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -1003,7 +1269,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -999,7 +1264,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -19120,7 +19103,7 @@ index db090f6..2886e27 100644
/*
* End of kprobes section
*/
-@@ -1119,7 +1385,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1115,7 +1380,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -19129,7 +19112,7 @@ index db090f6..2886e27 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1148,7 +1414,7 @@ ftrace_graph_call:
+@@ -1144,7 +1409,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -19138,7 +19121,7 @@ index db090f6..2886e27 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1184,7 +1450,7 @@ trace:
+@@ -1180,7 +1445,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -19147,7 +19130,7 @@ index db090f6..2886e27 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1205,7 +1471,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1201,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -19156,7 +19139,7 @@ index db090f6..2886e27 100644
.globl return_to_handler
return_to_handler:
-@@ -1219,7 +1485,6 @@ return_to_handler:
+@@ -1215,7 +1480,6 @@ return_to_handler:
jmp *%ecx
#endif
@@ -19164,7 +19147,7 @@ index db090f6..2886e27 100644
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1265,15 +1530,18 @@ error_code:
+@@ -1261,15 +1525,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -19185,7 +19168,7 @@ index db090f6..2886e27 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1315,7 +1583,7 @@ debug_stack_correct:
+@@ -1311,7 +1578,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -19194,7 +19177,7 @@ index db090f6..2886e27 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1352,6 +1620,9 @@ nmi_stack_correct:
+@@ -1348,6 +1615,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -19204,7 +19187,7 @@ index db090f6..2886e27 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1388,12 +1659,15 @@ nmi_espfix_stack:
+@@ -1384,12 +1654,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -19221,7 +19204,7 @@ index db090f6..2886e27 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1405,14 +1679,14 @@ ENTRY(int3)
+@@ -1401,14 +1674,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -19238,7 +19221,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1420,7 +1694,7 @@ ENTRY(async_page_fault)
+@@ -1416,7 +1689,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -29322,19 +29305,21 @@ index 7b179b4..6bd17777 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index be1ef57..406f1c2 100644
+index dec49d3..e2bd3f0 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
-@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
- int is_ram = page_is_ram(pfn);
+@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
+ unsigned long i;
+
+ for (i = 0; i < nr_pages; ++i)
+- if (pfn_valid(start_pfn + i) &&
+- !PageReserved(pfn_to_page(start_pfn + i)))
++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 ||
++ !PageReserved(pfn_to_page(start_pfn + i))))
+ return 1;
-- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
-+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn))))
- return NULL;
- WARN_ON_ONCE(is_ram);
- }
-@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot);
+ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
+@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot);
*
* Caller must ensure there is only one unmapping for the same pointer.
*/
@@ -29343,7 +29328,7 @@ index be1ef57..406f1c2 100644
{
struct vm_struct *p, *o;
-@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -327,6 +327,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
if (page_is_ram(start >> PAGE_SHIFT))
@@ -29353,7 +29338,7 @@ index be1ef57..406f1c2 100644
return __va(phys);
addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
-@@ -327,6 +330,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -339,6 +342,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
{
if (page_is_ram(phys >> PAGE_SHIFT))
@@ -29363,7 +29348,7 @@ index be1ef57..406f1c2 100644
return;
iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK));
-@@ -344,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str)
+@@ -356,7 +362,7 @@ static int __init early_ioremap_debug_setup(char *str)
early_param("early_ioremap_debug", early_ioremap_debug_setup);
static __initdata int after_paging_init;
@@ -29372,7 +29357,7 @@ index be1ef57..406f1c2 100644
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
-@@ -381,8 +387,7 @@ void __init early_ioremap_init(void)
+@@ -393,8 +399,7 @@ void __init early_ioremap_init(void)
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -32604,10 +32589,10 @@ index de2802c..2260da9 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 2b662725..202bcc8 100644
+index 2ddf736..e60d263 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4782,7 +4782,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4787,7 +4787,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -32616,7 +32601,7 @@ index 2b662725..202bcc8 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4798,7 +4798,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4803,7 +4803,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -32625,7 +32610,7 @@ index 2b662725..202bcc8 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5803,6 +5803,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5808,6 +5808,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -32633,7 +32618,7 @@ index 2b662725..202bcc8 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5816,8 +5817,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5821,8 +5822,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -42003,7 +41988,7 @@ index 7ead065..832d24d 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 30a7b52..a8e0833 100644
+index ea8a181..4d3faed 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -47751,10 +47736,10 @@ index 21a045e..ec89e03 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index f6d2b62..d9aa1a4 100644
+index 5c6b5f5..475317d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2632,7 +2632,7 @@ static int sd_probe(struct device *dev)
+@@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev)
device_initialize(&sdkp->dev);
sdkp->dev.parent = dev;
sdkp->dev.class = &sd_disk_class;
@@ -50312,7 +50297,7 @@ index 032e5a6..bc422e4 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 12f3a37..8802889 100644
+index 3807294..cc1fc93 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -25,6 +25,7 @@
@@ -50323,7 +50308,7 @@ index 12f3a37..8802889 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -3420,6 +3421,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -3440,6 +3441,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
return;
}
@@ -50432,7 +50417,7 @@ index 347bb05..63e1b73 100644
return 0;
}
diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
-index 0e641a1..49e6ac7 100644
+index c635c4c..dc91e75 100644
--- a/drivers/usb/gadget/f_fs.c
+++ b/drivers/usb/gadget/f_fs.c
@@ -1212,6 +1212,7 @@ static struct file_system_type ffs_fs_type = {
@@ -58277,7 +58262,7 @@ index f3358ab..fbb1d90 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index acf2baf..31c5131 100644
+index 6581ee7..96fd5e1 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = {
@@ -58307,7 +58292,7 @@ index acf2baf..31c5131 100644
"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
#ifdef CONFIG_QUOTA
-@@ -2469,7 +2473,7 @@ struct ext4_attr {
+@@ -2467,7 +2471,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
int offset;
@@ -58316,7 +58301,7 @@ index acf2baf..31c5131 100644
static int parse_strtoul(const char *buf,
unsigned long max, unsigned long *value)
-@@ -3175,7 +3179,6 @@ int ext4_calculate_overhead(struct super_block *sb)
+@@ -3174,7 +3178,6 @@ int ext4_calculate_overhead(struct super_block *sb)
ext4_fsblk_t overhead = 0;
char *buf = (char *) get_zeroed_page(GFP_KERNEL);
@@ -58324,7 +58309,7 @@ index acf2baf..31c5131 100644
if (!buf)
return -ENOMEM;
-@@ -5052,7 +5055,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb)
+@@ -5051,7 +5054,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb)
return 0;
return 1;
}
@@ -58332,7 +58317,7 @@ index acf2baf..31c5131 100644
#else
static inline void register_as_ext2(void) { }
static inline void unregister_as_ext2(void) { }
-@@ -5085,7 +5087,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb)
+@@ -5084,7 +5086,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb)
return 0;
return 1;
}
@@ -58340,7 +58325,7 @@ index acf2baf..31c5131 100644
#else
static inline void register_as_ext3(void) { }
static inline void unregister_as_ext3(void) { }
-@@ -5099,6 +5100,7 @@ static struct file_system_type ext4_fs_type = {
+@@ -5098,6 +5099,7 @@ static struct file_system_type ext4_fs_type = {
.kill_sb = kill_block_super,
.fs_flags = FS_REQUIRES_DEV,
};
@@ -60081,7 +60066,7 @@ index cf0098d..a849907 100644
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 06e2f73..e6c5fc8 100644
+index e13558c..56ca611 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1150,7 +1150,7 @@ static char *read_link(struct dentry *dentry)
@@ -60094,10 +60079,10 @@ index 06e2f73..e6c5fc8 100644
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
-index 912c250..f0aee59 100644
+index afc0f706..a5489ea 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
-@@ -1094,6 +1094,7 @@ static struct file_system_type fuse_fs_type = {
+@@ -1106,6 +1106,7 @@ static struct file_system_type fuse_fs_type = {
.mount = fuse_mount,
.kill_sb = fuse_kill_sb_anon,
};
@@ -60105,7 +60090,7 @@ index 912c250..f0aee59 100644
#ifdef CONFIG_BLOCK
static struct dentry *fuse_mount_blk(struct file_system_type *fs_type,
-@@ -1123,6 +1124,7 @@ static struct file_system_type fuseblk_fs_type = {
+@@ -1135,6 +1136,7 @@ static struct file_system_type fuseblk_fs_type = {
.kill_sb = fuse_kill_sb_blk,
.fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE,
};
@@ -61354,10 +61339,10 @@ index 1943898..396c460 100644
-
#endif /* CONFIG_NFS_V4 */
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 315a1ba..aec2a5f 100644
+index eebccfe..a2ed0a1 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
-@@ -1048,7 +1048,7 @@ struct nfsd4_operation {
+@@ -1039,7 +1039,7 @@ struct nfsd4_operation {
char *op_name;
/* Try to get response size before operation */
nfsd4op_rsize op_rsize_bop;
@@ -61367,10 +61352,10 @@ index 315a1ba..aec2a5f 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index a7933dd..243e586 100644
+index 9d2c52b..c9d6c2aa 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
-@@ -1445,7 +1445,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
@@ -61379,7 +61364,7 @@ index a7933dd..243e586 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1485,7 +1485,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1496,7 +1496,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
[OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
};
@@ -61388,7 +61373,7 @@ index a7933dd..243e586 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1547,7 +1547,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1558,7 +1558,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
};
struct nfsd4_minorversion_ops {
@@ -77057,28 +77042,6 @@ index 73b0712..2e581af 100644
struct drm_connector_helper_funcs {
int (*get_modes)(struct drm_connector *connector);
-diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
-index 6bd325f..19a2404 100644
---- a/include/drm/drm_mem_util.h
-+++ b/include/drm/drm_mem_util.h
-@@ -31,7 +31,7 @@
-
- static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
- {
-- if (size != 0 && nmemb > ULONG_MAX / size)
-+ if (size != 0 && nmemb > SIZE_MAX / size)
- return NULL;
-
- if (size * nmemb <= PAGE_SIZE)
-@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
- /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
- static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
- {
-- if (size != 0 && nmemb > ULONG_MAX / size)
-+ if (size != 0 && nmemb > SIZE_MAX / size)
- return NULL;
-
- if (size * nmemb <= PAGE_SIZE)
diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h
index 26c1f78..6722682 100644
--- a/include/drm/ttm/ttm_memory.h
@@ -79417,10 +79380,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..2a0fe35
+index 0000000..bc1de4cb
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,228 @@
+@@ -0,0 +1,231 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -79432,6 +79395,9 @@ index 0000000..2a0fe35
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -79978,18 +79944,10 @@ index 3875719..4663bc3 100644
/* This macro allows us to keep printk typechecking */
static __printf(1, 2)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
-index a70783d..bf1dd28 100644
+index 0b8ca35..bf1dd28 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
-@@ -34,6 +34,7 @@
- #define LLONG_MAX ((long long)(~0ULL>>1))
- #define LLONG_MIN (-LLONG_MAX - 1)
- #define ULLONG_MAX (~0ULL)
-+#define SIZE_MAX (~(size_t)0)
-
- #define STACK_MAGIC 0xdeadbeef
-
-@@ -696,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
+@@ -697,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
* @condition: the condition which the compiler should know is false.
*
* If you have some code which relies on certain constants being equal, or
@@ -80165,10 +80123,10 @@ index f93d8c1..71244f6 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 375dfdf..7dca34f 100644
+index d773b21..95a0913 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -913,7 +913,7 @@ struct ata_port_operations {
+@@ -914,7 +914,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
@@ -80226,10 +80184,10 @@ index 88e78de..c63979a 100644
} apparmor_audit_data;
#endif
diff --git a/include/linux/math64.h b/include/linux/math64.h
-index b8ba855..bfdffd0 100644
+index 2913b86..fa383945 100644
--- a/include/linux/math64.h
+++ b/include/linux/math64.h
-@@ -14,7 +14,7 @@
+@@ -15,7 +15,7 @@
* This is commonly provided by 32bit archs to provide an optimized 64bit
* divide.
*/
@@ -80238,7 +80196,7 @@ index b8ba855..bfdffd0 100644
{
*remainder = dividend % divisor;
return dividend / divisor;
-@@ -32,7 +32,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
+@@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
/**
* div64_u64 - unsigned 64bit divide with 64bit divisor
*/
@@ -80247,8 +80205,8 @@ index b8ba855..bfdffd0 100644
{
return dividend / divisor;
}
-@@ -50,7 +50,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
- #define div64_long(x,y) div_s64((x),(y))
+@@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
+ #define div64_ul(x, y) div_u64((x), (y))
#ifndef div_u64_rem
-static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
@@ -80256,7 +80214,7 @@ index b8ba855..bfdffd0 100644
{
*remainder = do_div(dividend, divisor);
return dividend;
-@@ -62,7 +62,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder);
+@@ -64,7 +64,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder);
#endif
#ifndef div64_u64
@@ -80265,7 +80223,7 @@ index b8ba855..bfdffd0 100644
#endif
#ifndef div64_s64
-@@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
+@@ -81,7 +81,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
* divide.
*/
#ifndef div_u64
@@ -82406,7 +82364,7 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 40c2726..21dc3e2 100644
+index 1b4ea29..9347e29 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb);
@@ -82483,7 +82441,7 @@ index 40c2726..21dc3e2 100644
static inline void nf_reset_trace(struct sk_buff *skb)
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index a595dce..e710d26 100644
+index 67d5d94..51dd834 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -11,14 +11,29 @@
@@ -84484,10 +84442,10 @@ index 5d1a758..1dbf795 100644
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index 3152cc3..3b3394f 100644
+index 377ba61..1b6890c 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
-@@ -161,9 +161,9 @@ struct scsi_device {
+@@ -162,9 +162,9 @@ struct scsi_device {
unsigned int max_device_blocked; /* what device_blocked counts down from */
#define SCSI_DEFAULT_DEVICE_BLOCKED 3
@@ -91710,10 +91668,10 @@ index 73e416d..cfc6f69 100644
sys_tz = *tz;
update_vsyscall_tz();
diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
-index 0907e43..56a6a92 100644
+index eb198a3..45909ed 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
-@@ -773,7 +773,7 @@ static int __init alarmtimer_init(void)
+@@ -789,7 +789,7 @@ static int __init alarmtimer_init(void)
struct platform_device *pdev;
int error = 0;
int i;
@@ -92270,7 +92228,7 @@ index 648f25a..5971796 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index c5a12a7..4d94416 100644
+index 0c348a6..454324b 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2656,7 +2656,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
@@ -92282,7 +92240,7 @@ index c5a12a7..4d94416 100644
{
/* do nothing if flag is already set */
if (!!(trace_flags & mask) == !!enabled)
-@@ -4248,10 +4248,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4246,10 +4246,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -92294,7 +92252,7 @@ index c5a12a7..4d94416 100644
static int once;
if (d_tracer)
-@@ -4271,10 +4270,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4269,10 +4268,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
@@ -93952,7 +93910,7 @@ index ed0ed8a..cc835b97 100644
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 6f886d9..7218ed0 100644
+index d2c43a2..2213df3 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2009,15 +2009,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -93997,7 +93955,7 @@ index 6f886d9..7218ed0 100644
if (ret)
goto out;
-@@ -2516,6 +2520,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2517,6 +2521,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -94025,7 +93983,7 @@ index 6f886d9..7218ed0 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
*/
-@@ -2618,6 +2643,11 @@ retry_avoidcopy:
+@@ -2619,6 +2644,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -94037,7 +93995,7 @@ index 6f886d9..7218ed0 100644
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2769,6 +2799,10 @@ retry:
+@@ -2770,6 +2800,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -94048,7 +94006,7 @@ index 6f886d9..7218ed0 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2798,6 +2832,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2799,6 +2833,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -94059,7 +94017,7 @@ index 6f886d9..7218ed0 100644
ptep = huge_pte_offset(mm, address);
if (ptep) {
entry = huge_ptep_get(ptep);
-@@ -2809,6 +2847,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2810,6 +2848,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
@@ -94099,7 +94057,7 @@ index 0c26b5e..1cc340f 100644
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index f3b2a00..5899e43 100644
+index cc8cf1d..677c52d 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq,
@@ -94111,7 +94069,7 @@ index f3b2a00..5899e43 100644
}
}
-@@ -1745,7 +1745,7 @@ static int __init kmemleak_late_init(void)
+@@ -1747,7 +1747,7 @@ static int __init kmemleak_late_init(void)
return -ENOMEM;
}
@@ -95040,7 +94998,7 @@ index 483e66505..32583a0 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 2b5bcc9..7d7a6c9 100644
+index c9f7e6f..45a779e 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -652,6 +652,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -97508,7 +97466,7 @@ index f3f6fd3..0d91a63 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index a78acf0..a31df98 100644
+index 1371021..c2094c7 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
@@ -97527,9 +97485,9 @@ index a78acf0..a31df98 100644
-#define SHORT_SYMLINK_LEN 128
+#define SHORT_SYMLINK_LEN 64
- struct shmem_xattr {
- struct list_head list; /* anchored by shmem_inode_info->xattr_list */
-@@ -1809,6 +1809,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+ /*
+ * vmtruncate_range() communicates with shmem_fault via
+@@ -1924,6 +1924,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -97541,7 +97499,7 @@ index a78acf0..a31df98 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -1862,6 +1867,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -1977,6 +1982,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
@@ -97557,7 +97515,7 @@ index a78acf0..a31df98 100644
if (size == 0)
value = ""; /* empty EA, do not remove */
-@@ -2195,8 +2209,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2310,8 +2324,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -98674,7 +98632,7 @@ index 136ac4f..f917fa9 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index eeba3bb..abb9ae6 100644
+index 1431458..3eef1a6 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -27,10 +27,67 @@
@@ -98845,7 +98803,7 @@ index eeba3bb..abb9ae6 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -1151,10 +1244,24 @@ void __init vmalloc_init(void)
+@@ -1157,10 +1250,24 @@ void __init vmalloc_init(void)
for_each_possible_cpu(i) {
struct vmap_block_queue *vbq;
@@ -98870,7 +98828,7 @@ index eeba3bb..abb9ae6 100644
}
/* Import existing vmlist entries. */
-@@ -1295,6 +1402,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1301,6 +1408,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
@@ -98887,7 +98845,7 @@ index eeba3bb..abb9ae6 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1469,7 +1586,7 @@ static void __vunmap(const void *addr, int deallocate_pages)
+@@ -1475,7 +1592,7 @@ static void __vunmap(const void *addr, int deallocate_pages)
kfree(area);
return;
}
@@ -98896,7 +98854,7 @@ index eeba3bb..abb9ae6 100644
/**
* vfree - release memory allocated by vmalloc()
* @addr: memory base address
-@@ -1478,15 +1595,26 @@ static void __vunmap(const void *addr, int deallocate_pages)
+@@ -1484,15 +1601,26 @@ static void __vunmap(const void *addr, int deallocate_pages)
* obtained from vmalloc(), vmalloc_32() or __vmalloc(). If @addr is
* NULL, no operation is performed.
*
@@ -98926,7 +98884,7 @@ index eeba3bb..abb9ae6 100644
}
EXPORT_SYMBOL(vfree);
-@@ -1503,10 +1631,28 @@ void vunmap(const void *addr)
+@@ -1509,10 +1637,28 @@ void vunmap(const void *addr)
{
BUG_ON(in_interrupt());
might_sleep();
@@ -98956,7 +98914,7 @@ index eeba3bb..abb9ae6 100644
/**
* vmap - map an array of pages into virtually contiguous space
* @pages: array of page pointers
-@@ -1527,6 +1673,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1533,6 +1679,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
@@ -98968,7 +98926,7 @@ index eeba3bb..abb9ae6 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1628,6 +1779,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1634,6 +1785,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
@@ -98982,7 +98940,7 @@ index eeba3bb..abb9ae6 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1801,10 +1959,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1807,10 +1965,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -98994,7 +98952,7 @@ index eeba3bb..abb9ae6 100644
-1, __builtin_return_address(0));
}
-@@ -2099,6 +2256,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2105,6 +2262,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -99003,7 +98961,7 @@ index eeba3bb..abb9ae6 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2351,8 +2510,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
+@@ -2357,8 +2516,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
return NULL;
}
@@ -99014,7 +98972,7 @@ index eeba3bb..abb9ae6 100644
if (!vas || !vms)
goto err_free;
-@@ -2536,11 +2695,15 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2542,11 +2701,15 @@ static int s_show(struct seq_file *m, void *p)
{
struct vm_struct *v = p;
@@ -100720,7 +100678,7 @@ index 80aeac9..b08d0a8 100644
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 7beaf10..3c8226d 100644
+index 0900a17..f3fb6aa 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -57,7 +57,7 @@ struct rtnl_link {
@@ -101075,21 +101033,6 @@ index d50a13c..1f612ff 100644
return -EFAULT;
*lenp = len;
-diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
-index c32be29..2022b46 100644
---- a/net/dns_resolver/dns_query.c
-+++ b/net/dns_resolver/dns_query.c
-@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
- if (!*_result)
- goto put;
-
-- memcpy(*_result, upayload->data, len + 1);
-+ memcpy(*_result, upayload->data, len);
-+ (*_result)[len] = '\0';
-+
- if (_expiry)
- *_expiry = rkey->expiry;
-
diff --git a/net/econet/Kconfig b/net/econet/Kconfig
index 39a2d29..f39c0fe 100644
--- a/net/econet/Kconfig
@@ -101737,41 +101680,6 @@ index a639967..8f44480 100644
if (!clusterip_procdir) {
pr_err("Unable to proc dir entry\n");
ret = -ENOMEM;
-diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
-index b550815..c3b44d5 100644
---- a/net/ipv4/netfilter/ipt_ULOG.c
-+++ b/net/ipv4/netfilter/ipt_ULOG.c
-@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
- ub->qlen++;
-
- pm = NLMSG_DATA(nlh);
-+ memset(pm, 0, sizeof(*pm));
-
- /* We might not have a timestamp, get one */
- if (skb->tstamp.tv64 == 0)
-@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum,
- strncpy(pm->prefix, prefix, sizeof(pm->prefix));
- else if (loginfo->prefix[0] != '\0')
- strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
-- else
-- *(pm->prefix) = '\0';
-
- if (in && in->hard_header_len > 0 &&
- skb->mac_header != skb->network_header &&
-@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
-
- if (in)
- strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
-- else
-- pm->indev_name[0] = '\0';
-
- if (out)
- strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
-- else
-- pm->outdev_name[0] = '\0';
-
- /* copy_len <= skb->len, so can't fail. */
- if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index d495d4b..c95851f 100644
--- a/net/ipv4/ping.c
@@ -102231,7 +102139,7 @@ index 739b073..7ac6591 100644
hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index c1ed01e..bb914c3 100644
+index afe6886..297e5fb 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4739,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
@@ -102773,10 +102681,10 @@ index 1567fb1..29af910 100644
dst = NULL;
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 14753d3..0a31044 100644
+index 064b5c9..bd9ff9d 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -611,7 +611,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+@@ -600,7 +600,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
{
@@ -102785,7 +102693,7 @@ index 14753d3..0a31044 100644
int ident;
if (rt && !(rt->dst.flags & DST_NOPEER)) {
-@@ -625,7 +625,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+@@ -614,7 +614,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
return;
}
}
@@ -103613,28 +103521,6 @@ index 93a41a0..d4b4edb 100644
NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id);
NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id);
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index e0f0934..437fb59 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, (int __user *) optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index a1839c0..4e06b9b 100644
--- a/net/llc/llc_proc.c
@@ -103936,7 +103822,7 @@ index 6dc7d7d..e45913a 100644
if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
cp->protocol == IPPROTO_SCTP) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index 72f4253..c9a3f57 100644
+index 93acfa1..e846c43 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
@@ -105500,26 +105386,6 @@ index 8da4481..d02565e 100644
tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha)
+ (rtt >> sctp_rto_alpha);
} else {
-diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
-index 8a84017..d4faa70 100644
---- a/net/sctp/ulpevent.c
-+++ b/net/sctp/ulpevent.c
-@@ -418,6 +418,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
- * sre_type:
- * It should be SCTP_REMOTE_ERROR.
- */
-+ memset(sre, 0, sizeof(*sre));
- sre->sre_type = SCTP_REMOTE_ERROR;
-
- /*
-@@ -921,6 +922,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
- * For recvmsg() the SCTP stack places the message's stream number in
- * this value.
- */
-+ memset(&sinfo, 0, sizeof(sinfo));
- sinfo.sinfo_stream = event->stream;
- /* sinfo_ssn: 16 bits (unsigned integer)
- *
diff --git a/net/socket.c b/net/socket.c
index 3faa358..3d43f20 100644
--- a/net/socket.c
diff --git a/3.2.61/4425_grsec_remove_EI_PAX.patch b/3.2.62/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.2.61/4425_grsec_remove_EI_PAX.patch
rename to 3.2.62/4425_grsec_remove_EI_PAX.patch
diff --git a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch
similarity index 95%
rename from 3.2.61/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.2.62/4427_force_XATTR_PAX_tmpfs.patch
index 8c7a533..a5527a5 100644
--- a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch
@@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge.
diff -Naur a/mm/shmem.c b/mm/shmem.c
--- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400
+++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400
-@@ -1809,11 +1809,7 @@
+@@ -1924,11 +1924,7 @@
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -1867,14 +1863,12 @@
+@@ -1982,14 +1978,12 @@
if (err)
return err;
diff --git a/3.2.61/4430_grsec-remove-localversion-grsec.patch b/3.2.62/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.2.61/4430_grsec-remove-localversion-grsec.patch
rename to 3.2.62/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.61/4435_grsec-mute-warnings.patch b/3.2.62/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.2.61/4435_grsec-mute-warnings.patch
rename to 3.2.62/4435_grsec-mute-warnings.patch
diff --git a/3.2.61/4440_grsec-remove-protected-paths.patch b/3.2.62/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.2.61/4440_grsec-remove-protected-paths.patch
rename to 3.2.62/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.61/4450_grsec-kconfig-default-gids.patch b/3.2.62/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.2.61/4450_grsec-kconfig-default-gids.patch
rename to 3.2.62/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.61/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.2.61/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.61/4470_disable-compat_vdso.patch b/3.2.62/4470_disable-compat_vdso.patch
similarity index 98%
rename from 3.2.61/4470_disable-compat_vdso.patch
rename to 3.2.62/4470_disable-compat_vdso.patch
index f6eb9f7..0aedd26 100644
--- a/3.2.61/4470_disable-compat_vdso.patch
+++ b/3.2.62/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1654,17 +1654,8 @@
+@@ -1655,17 +1655,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.2.61/4475_emutramp_default_on.patch b/3.2.62/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.2.61/4475_emutramp_default_on.patch
rename to 3.2.62/4475_emutramp_default_on.patch
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.16/, 3.2.62/, 3.15.9/, 3.15.8/, 3.14.15/, 3.2.61/
@ 2014-08-19 14:07 Anthony G. Basile
2014-08-11 22:35 ` Anthony G. Basile
0 siblings, 1 reply; 2+ messages in thread
From: Anthony G. Basile @ 2014-08-19 14:07 UTC (permalink / raw
To: gentoo-commits
commit: 57f18994252ed101648a261f83f589f64b29504f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 11 22:37:16 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Aug 11 22:37:16 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=57f18994
Grsec/PaX: 3.0-{3.2.62,3.14.16,3.15.9}-201408110025
---
{3.14.15 => 3.14.16}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.14.16-201408110024.patch | 462 ++-
.../4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
.../4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
.../4470_disable-compat_vdso.patch | 2 +-
.../4475_emutramp_default_on.patch | 0
{3.15.8 => 3.15.9}/0000_README | 2 +-
.../4420_grsecurity-3.0-3.15.9-201408110025.patch | 464 ++-
{3.15.8 => 3.15.9}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 0
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.15.8 => 3.15.9}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.15.8 => 3.15.9}/4470_disable-compat_vdso.patch | 2 +-
{3.15.8 => 3.15.9}/4475_emutramp_default_on.patch | 0
{3.2.61 => 3.2.62}/0000_README | 6 +-
{3.2.61 => 3.2.62}/1021_linux-3.2.22.patch | 0
{3.2.61 => 3.2.62}/1022_linux-3.2.23.patch | 0
{3.2.61 => 3.2.62}/1023_linux-3.2.24.patch | 0
{3.2.61 => 3.2.62}/1024_linux-3.2.25.patch | 0
{3.2.61 => 3.2.62}/1025_linux-3.2.26.patch | 0
{3.2.61 => 3.2.62}/1026_linux-3.2.27.patch | 0
{3.2.61 => 3.2.62}/1027_linux-3.2.28.patch | 0
{3.2.61 => 3.2.62}/1028_linux-3.2.29.patch | 0
{3.2.61 => 3.2.62}/1029_linux-3.2.30.patch | 0
{3.2.61 => 3.2.62}/1030_linux-3.2.31.patch | 0
{3.2.61 => 3.2.62}/1031_linux-3.2.32.patch | 0
{3.2.61 => 3.2.62}/1032_linux-3.2.33.patch | 0
{3.2.61 => 3.2.62}/1033_linux-3.2.34.patch | 0
{3.2.61 => 3.2.62}/1034_linux-3.2.35.patch | 0
{3.2.61 => 3.2.62}/1035_linux-3.2.36.patch | 0
{3.2.61 => 3.2.62}/1036_linux-3.2.37.patch | 0
{3.2.61 => 3.2.62}/1037_linux-3.2.38.patch | 0
{3.2.61 => 3.2.62}/1038_linux-3.2.39.patch | 0
{3.2.61 => 3.2.62}/1039_linux-3.2.40.patch | 0
{3.2.61 => 3.2.62}/1040_linux-3.2.41.patch | 0
{3.2.61 => 3.2.62}/1041_linux-3.2.42.patch | 0
{3.2.61 => 3.2.62}/1042_linux-3.2.43.patch | 0
{3.2.61 => 3.2.62}/1043_linux-3.2.44.patch | 0
{3.2.61 => 3.2.62}/1044_linux-3.2.45.patch | 0
{3.2.61 => 3.2.62}/1045_linux-3.2.46.patch | 0
{3.2.61 => 3.2.62}/1046_linux-3.2.47.patch | 0
{3.2.61 => 3.2.62}/1047_linux-3.2.48.patch | 0
{3.2.61 => 3.2.62}/1048_linux-3.2.49.patch | 0
{3.2.61 => 3.2.62}/1049_linux-3.2.50.patch | 0
{3.2.61 => 3.2.62}/1050_linux-3.2.51.patch | 0
{3.2.61 => 3.2.62}/1051_linux-3.2.52.patch | 0
{3.2.61 => 3.2.62}/1052_linux-3.2.53.patch | 0
{3.2.61 => 3.2.62}/1053_linux-3.2.54.patch | 0
{3.2.61 => 3.2.62}/1054_linux-3.2.55.patch | 0
{3.2.61 => 3.2.62}/1055_linux-3.2.56.patch | 0
{3.2.61 => 3.2.62}/1056_linux-3.2.57.patch | 0
{3.2.61 => 3.2.62}/1057_linux-3.2.58.patch | 0
{3.2.61 => 3.2.62}/1058_linux-3.2.59.patch | 0
{3.2.61 => 3.2.62}/1059_linux-3.2.60.patch | 0
{3.2.61 => 3.2.62}/1060_linux-3.2.61.patch | 0
3.2.62/1061_linux-3.2.62.patch | 3129 ++++++++++++++++++++
.../4420_grsecurity-3.0-3.2.62-201408110020.patch | 472 ++-
{3.2.61 => 3.2.62}/4425_grsec_remove_EI_PAX.patch | 0
.../4427_force_XATTR_PAX_tmpfs.patch | 4 +-
.../4430_grsec-remove-localversion-grsec.patch | 0
{3.2.61 => 3.2.62}/4435_grsec-mute-warnings.patch | 0
.../4440_grsec-remove-protected-paths.patch | 0
.../4450_grsec-kconfig-default-gids.patch | 0
.../4465_selinux-avc_audit-log-curr_ip.patch | 0
{3.2.61 => 3.2.62}/4470_disable-compat_vdso.patch | 2 +-
{3.2.61 => 3.2.62}/4475_emutramp_default_on.patch | 0
74 files changed, 3751 insertions(+), 796 deletions(-)
diff --git a/3.14.15/0000_README b/3.14.16/0000_README
similarity index 96%
rename from 3.14.15/0000_README
rename to 3.14.16/0000_README
index d7dc469..c6cf3fc 100644
--- a/3.14.15/0000_README
+++ b/3.14.16/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.15-201408032014.patch
+Patch: 4420_grsecurity-3.0-3.14.16-201408110024.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
similarity index 99%
rename from 3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch
rename to 3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
index 96db0fa..cd58a6f 100644
--- a/3.14.15/4420_grsecurity-3.0-3.14.15-201408032014.patch
+++ b/3.14.16/4420_grsecurity-3.0-3.14.16-201408110024.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 188523e..5c8d8ee 100644
+index 8b22e24..7f4d29b 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -313,10 +313,13 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -585,6 +586,72 @@ else
+@@ -585,6 +586,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -386,7 +389,7 @@ index 188523e..5c8d8ee 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -781,7 +848,7 @@ export mod_sign_cmd
+@@ -781,7 +851,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -395,7 +398,7 @@ index 188523e..5c8d8ee 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -830,6 +897,8 @@ endif
+@@ -830,6 +900,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -404,7 +407,7 @@ index 188523e..5c8d8ee 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -839,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -413,7 +416,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -882,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -427,7 +430,7 @@ index 188523e..5c8d8ee 100644
prepare: prepare0
# Generate some files
-@@ -993,6 +1065,8 @@ all: modules
+@@ -993,6 +1068,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -436,7 +439,7 @@ index 188523e..5c8d8ee 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1008,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -445,7 +448,7 @@ index 188523e..5c8d8ee 100644
# Target to install modules
PHONY += modules_install
-@@ -1074,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -457,7 +460,7 @@ index 188523e..5c8d8ee 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1113,7 +1190,7 @@ distclean: mrproper
+@@ -1113,7 +1193,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -466,7 +469,7 @@ index 188523e..5c8d8ee 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1275,6 +1352,8 @@ PHONY += $(module-dirs) modules
+@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -475,7 +478,7 @@ index 188523e..5c8d8ee 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1414,17 +1493,21 @@ else
+@@ -1414,17 +1496,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -501,7 +504,7 @@ index 188523e..5c8d8ee 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1434,11 +1517,15 @@ endif
+@@ -1434,11 +1520,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -4329,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index b68c6b2..f66c492 100644
+index f15c22e..d830561 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,6 +39,22 @@
@@ -12643,7 +12646,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 7324107..a63fd9f 100644
+index c718d9f..511e6fa 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -126,7 +126,7 @@ config X86
@@ -12672,7 +12675,7 @@ index 7324107..a63fd9f 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1112,7 +1113,7 @@ choice
+@@ -1129,7 +1130,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12681,7 +12684,7 @@ index 7324107..a63fd9f 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1149,7 +1150,7 @@ config NOHIGHMEM
+@@ -1166,7 +1167,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12690,7 +12693,7 @@ index 7324107..a63fd9f 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1202,7 +1203,7 @@ config PAGE_OFFSET
+@@ -1219,7 +1220,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12699,7 +12702,7 @@ index 7324107..a63fd9f 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz
+@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12707,7 +12710,7 @@ index 7324107..a63fd9f 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS
+@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12718,7 +12721,7 @@ index 7324107..a63fd9f 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -17184,7 +17187,7 @@ index 91d9c69..dfae7d0 100644
* Convert a virtual cached pointer to an uncached pointer
*/
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
-index bba3cf8..06bc8da 100644
+index 0a8b519..80e7d5b 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
@@ -18395,21 +18398,24 @@ index e22c1db..23a625a 100644
}
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index c883bf7..19970b3 100644
+index 7166e25..baaa6fe 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define MODULES_EXEC_VADDR MODULES_VADDR
+#define MODULES_EXEC_END MODULES_END
-+
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL)
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
+
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
-
++
#define EARLY_DYNAMIC_PAGE_TABLES 64
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index 94e40f1..ebd03e4 100644
--- a/arch/x86/include/asm/pgtable_types.h
@@ -20768,7 +20774,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index cb648c8..91cb07e 100644
+index 56bac86..9d8df82 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -22489,7 +22495,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c87810b..413d83f 100644
+index c5a9cb9..228d280 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22848,7 +22854,7 @@ index c87810b..413d83f 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -577,14 +784,34 @@ ldt_ss:
+@@ -580,14 +787,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22886,7 +22892,7 @@ index c87810b..413d83f 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -613,20 +840,18 @@ work_resched:
+@@ -617,20 +844,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22909,7 +22915,7 @@ index c87810b..413d83f 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -647,7 +872,7 @@ work_notifysig_v86:
+@@ -651,7 +876,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22918,7 +22924,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -655,11 +880,14 @@ syscall_trace_entry:
+@@ -659,11 +884,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22934,7 +22940,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -672,26 +900,30 @@ syscall_exit_work:
+@@ -676,26 +904,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22969,9 +22975,9 @@ index c87810b..413d83f 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -707,8 +939,15 @@ END(syscall_badsys)
- * normal stack and adjusts ESP with the matching offset.
+@@ -712,8 +944,15 @@ END(syscall_badsys)
*/
+ #ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -22987,7 +22993,7 @@ index c87810b..413d83f 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -761,7 +1000,7 @@ vector=vector+1
+@@ -769,7 +1008,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22996,7 +23002,7 @@ index c87810b..413d83f 100644
.previous
END(interrupt)
-@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error)
+@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -23005,7 +23011,7 @@ index c87810b..413d83f 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -23014,7 +23020,7 @@ index c87810b..413d83f 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error)
+@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -23023,7 +23029,7 @@ index c87810b..413d83f 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -853,18 +1092,18 @@ ENTRY(device_not_available)
+@@ -861,18 +1100,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -23045,7 +23051,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(overflow)
-@@ -874,7 +1113,7 @@ ENTRY(overflow)
+@@ -882,7 +1121,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -23054,7 +23060,7 @@ index c87810b..413d83f 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -883,7 +1122,7 @@ ENTRY(bounds)
+@@ -891,7 +1130,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -23063,7 +23069,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -892,7 +1131,7 @@ ENTRY(invalid_op)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -23072,7 +23078,7 @@ index c87810b..413d83f 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -23081,7 +23087,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS)
+@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -23090,7 +23096,7 @@ index c87810b..413d83f 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -917,7 +1156,7 @@ ENTRY(segment_not_present)
+@@ -925,7 +1164,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -23099,7 +23105,7 @@ index c87810b..413d83f 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -925,7 +1164,7 @@ ENTRY(stack_segment)
+@@ -933,7 +1172,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -23108,7 +23114,7 @@ index c87810b..413d83f 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -933,7 +1172,7 @@ ENTRY(alignment_check)
+@@ -941,7 +1180,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -23117,7 +23123,7 @@ index c87810b..413d83f 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -942,7 +1181,7 @@ ENTRY(divide_error)
+@@ -950,7 +1189,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -23126,7 +23132,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -952,7 +1191,7 @@ ENTRY(machine_check)
+@@ -960,7 +1199,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -23135,7 +23141,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -23144,7 +23150,7 @@ index c87810b..413d83f 100644
/*
* End of kprobes section
*/
-@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -23153,7 +23159,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1105,7 +1344,7 @@ ftrace_graph_call:
+@@ -1113,7 +1352,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -23162,7 +23168,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1209,7 +1448,7 @@ trace:
+@@ -1217,7 +1456,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -23171,7 +23177,7 @@ index c87810b..413d83f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -23180,7 +23186,7 @@ index c87810b..413d83f 100644
.globl return_to_handler
return_to_handler:
-@@ -1293,15 +1532,18 @@ error_code:
+@@ -1301,15 +1540,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -23201,7 +23207,7 @@ index c87810b..413d83f 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1344,7 +1586,7 @@ debug_stack_correct:
+@@ -1352,7 +1594,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -23210,7 +23216,7 @@ index c87810b..413d83f 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1382,6 +1624,9 @@ nmi_stack_correct:
+@@ -1392,6 +1634,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -23220,7 +23226,7 @@ index c87810b..413d83f 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1418,12 +1663,15 @@ nmi_espfix_stack:
+@@ -1429,13 +1674,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -23231,13 +23237,14 @@ index c87810b..413d83f 100644
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+ #endif
CFI_ENDPROC
-END(nmi)
+ENDPROC(nmi)
ENTRY(int3)
RING0_INT_FRAME
-@@ -1436,14 +1684,14 @@ ENTRY(int3)
+@@ -1448,14 +1696,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -23254,7 +23261,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault)
+@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -23264,19 +23271,19 @@ index c87810b..413d83f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1e96c36..3ff710a 100644
+index 03cd2a8..05a9aed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -59,6 +59,8 @@
- #include <asm/context_tracking.h>
+@@ -60,6 +60,8 @@
#include <asm/smap.h>
+ #include <asm/pgtable_types.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -80,8 +82,9 @@
+@@ -81,8 +83,9 @@
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(function_hook)
@@ -23287,7 +23294,7 @@ index 1e96c36..3ff710a 100644
/* skip is set if stack has been adjusted */
.macro ftrace_caller_setup skip=0
-@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call)
+@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -23298,7 +23305,7 @@ index 1e96c36..3ff710a 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before compare (in SS location)*/
-@@ -191,7 +195,7 @@ ftrace_restore_flags:
+@@ -192,7 +196,7 @@ ftrace_restore_flags:
popfq
jmp ftrace_stub
@@ -23307,7 +23314,7 @@ index 1e96c36..3ff710a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -212,6 +216,7 @@ ENTRY(function_hook)
+@@ -213,6 +217,7 @@ ENTRY(function_hook)
#endif
GLOBAL(ftrace_stub)
@@ -23315,7 +23322,7 @@ index 1e96c36..3ff710a 100644
retq
trace:
-@@ -225,12 +230,13 @@ trace:
+@@ -226,12 +231,13 @@ trace:
#endif
subq $MCOUNT_INSN_SIZE, %rdi
@@ -23330,7 +23337,7 @@ index 1e96c36..3ff710a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller)
+@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -23341,7 +23348,7 @@ index 1e96c36..3ff710a 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -269,7 +276,9 @@ GLOBAL(return_to_handler)
+@@ -270,7 +277,9 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -23351,7 +23358,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
+@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23782,7 +23789,7 @@ index 1e96c36..3ff710a 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23791,7 +23798,7 @@ index 1e96c36..3ff710a 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23819,7 +23826,7 @@ index 1e96c36..3ff710a 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23859,7 +23866,7 @@ index 1e96c36..3ff710a 100644
je 1f
SWAPGS
/*
-@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23878,7 +23885,7 @@ index 1e96c36..3ff710a 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -514,9 +939,52 @@ ENTRY(save_paranoid)
+@@ -515,9 +940,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23933,7 +23940,7 @@ index 1e96c36..3ff710a 100644
.popsection
/*
-@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23942,7 +23949,7 @@ index 1e96c36..3ff710a 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork)
+@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23959,7 +23966,7 @@ index 1e96c36..3ff710a 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1059,7 @@ END(ret_from_fork)
+@@ -594,7 +1060,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23968,7 +23975,7 @@ index 1e96c36..3ff710a 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23994,7 +24001,7 @@ index 1e96c36..3ff710a 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -639,10 +1112,13 @@ sysret_check:
+@@ -640,10 +1113,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -24009,7 +24016,7 @@ index 1e96c36..3ff710a 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -701,6 +1177,9 @@ auditsys:
+@@ -702,6 +1178,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -24019,7 +24026,7 @@ index 1e96c36..3ff710a 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -722,7 +1201,7 @@ sysret_audit:
+@@ -723,7 +1202,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -24028,7 +24035,7 @@ index 1e96c36..3ff710a 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1209,15 @@ tracesys:
+@@ -731,12 +1210,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -24045,7 +24052,7 @@ index 1e96c36..3ff710a 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -765,7 +1247,9 @@ GLOBAL(int_with_check)
+@@ -766,7 +1248,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -24056,7 +24063,7 @@ index 1e96c36..3ff710a 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1295,7 @@ int_restore_rest:
+@@ -812,7 +1296,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -24065,7 +24072,7 @@ index 1e96c36..3ff710a 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1308,10 @@ ENTRY(stub_\func)
+@@ -825,9 +1309,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -24078,7 +24085,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1321,10 @@ ENTRY(\label)
+@@ -837,9 +1322,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -24090,7 +24097,7 @@ index 1e96c36..3ff710a 100644
.endm
FORK_LIKE clone
-@@ -846,19 +1332,6 @@ END(\label)
+@@ -847,19 +1333,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -24110,7 +24117,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -870,7 +1343,7 @@ ENTRY(stub_execve)
+@@ -871,7 +1344,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24119,7 +24126,7 @@ index 1e96c36..3ff710a 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24128,7 +24135,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24137,7 +24144,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve)
+@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -24146,7 +24153,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -952,7 +1425,7 @@ vector=vector+1
+@@ -953,7 +1426,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -24155,7 +24162,7 @@ index 1e96c36..3ff710a 100644
.previous
END(interrupt)
-@@ -969,8 +1442,8 @@ END(interrupt)
+@@ -970,8 +1443,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -24166,7 +24173,7 @@ index 1e96c36..3ff710a 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -997,14 +1470,14 @@ ret_from_intr:
+@@ -998,14 +1471,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -24185,7 +24192,7 @@ index 1e96c36..3ff710a 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */
+@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -24202,16 +24209,32 @@ index 1e96c36..3ff710a 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel)
+@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel)
+ jmp exit_intr
#endif
-
CFI_ENDPROC
-END(common_interrupt)
+ENDPROC(common_interrupt)
- /*
- * End of kprobes section
- */
-@@ -1130,7 +1607,7 @@ ENTRY(\sym)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+@@ -1167,13 +1644,13 @@ __do_double_fault:
+ cmpq $native_irq_return_iret,%rax
+ jne do_double_fault /* This shouldn't happen... */
+ movq PER_CPU_VAR(kernel_stack),%rax
+- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
++ subq $(6*8),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+-END(__do_double_fault)
++ENDPROC(__do_double_fault)
+ #else
+ # define __do_double_fault do_double_fault
+ #endif
+@@ -1195,7 +1672,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -24220,7 +24243,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1218,7 +1695,7 @@ ENTRY(\sym)
+@@ -1283,7 +1760,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24229,7 +24252,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1236,10 +1713,10 @@ ENTRY(\sym)
+@@ -1301,10 +1778,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24242,7 +24265,7 @@ index 1e96c36..3ff710a 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,12 +1729,18 @@ ENTRY(\sym)
+@@ -1317,12 +1794,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -24262,7 +24285,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro errorentry sym do_sym
-@@ -1275,7 +1758,7 @@ ENTRY(\sym)
+@@ -1340,7 +1823,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24271,7 +24294,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1306,7 +1789,7 @@ ENTRY(\sym)
+@@ -1371,7 +1854,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -24280,7 +24303,7 @@ index 1e96c36..3ff710a 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1336,9 +1819,10 @@ gs_change:
+@@ -1401,9 +1884,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24292,7 +24315,7 @@ index 1e96c36..3ff710a 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24304,7 +24327,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24313,7 +24336,7 @@ index 1e96c36..3ff710a 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24322,7 +24345,7 @@ index 1e96c36..3ff710a 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit)
+@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24358,7 +24381,7 @@ index 1e96c36..3ff710a 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1557,7 +2057,7 @@ paranoid_schedule:
+@@ -1622,7 +2122,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24367,7 +24390,7 @@ index 1e96c36..3ff710a 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1584,12 +2084,23 @@ ENTRY(error_entry)
+@@ -1649,12 +2149,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -24392,7 +24415,7 @@ index 1e96c36..3ff710a 100644
ret
/*
-@@ -1616,7 +2127,7 @@ bstep_iret:
+@@ -1681,7 +2192,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -24401,7 +24424,7 @@ index 1e96c36..3ff710a 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1627,7 +2138,7 @@ ENTRY(error_exit)
+@@ -1692,7 +2203,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24410,7 +24433,7 @@ index 1e96c36..3ff710a 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1636,7 +2147,7 @@ ENTRY(error_exit)
+@@ -1701,7 +2212,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24419,7 +24442,7 @@ index 1e96c36..3ff710a 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1694,9 +2205,11 @@ ENTRY(nmi)
+@@ -1759,9 +2270,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24432,7 +24455,7 @@ index 1e96c36..3ff710a 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1730,8 +2243,7 @@ nested_nmi:
+@@ -1795,8 +2308,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24442,7 +24465,7 @@ index 1e96c36..3ff710a 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1749,6 +2261,7 @@ nested_nmi_out:
+@@ -1814,6 +2326,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24450,7 +24473,7 @@ index 1e96c36..3ff710a 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1845,13 +2358,13 @@ end_repeat_nmi:
+@@ -1910,13 +2423,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24466,7 +24489,7 @@ index 1e96c36..3ff710a 100644
DEFAULT_FRAME 0
/*
-@@ -1861,9 +2374,9 @@ end_repeat_nmi:
+@@ -1926,9 +2439,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24478,7 +24501,7 @@ index 1e96c36..3ff710a 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1872,31 +2385,36 @@ end_repeat_nmi:
+@@ -1937,31 +2450,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -24520,6 +24543,19 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
+diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
+index 94d857f..bf1f0bf 100644
+--- a/arch/x86/kernel/espfix_64.c
++++ b/arch/x86/kernel/espfix_64.c
+@@ -197,7 +197,7 @@ void init_espfix_ap(void)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+- ACCESS_ONCE(espfix_pages[page]) = stack_page;
++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
+
+ unlock_done:
+ mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 1ffc32d..e52c745 100644
--- a/arch/x86/kernel/ftrace.c
@@ -26002,10 +26038,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index dcbbaa1..81ae763 100644
+index c37886d..d851d32 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -26021,7 +26057,7 @@ index dcbbaa1..81ae763 100644
#endif
}
if (oldsize) {
-@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -26030,7 +26066,7 @@ index dcbbaa1..81ae763 100644
return 0;
}
-@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -26055,7 +26091,7 @@ index dcbbaa1..81ae763 100644
return retval;
}
-@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -26066,9 +26102,9 @@ index dcbbaa1..81ae763 100644
+ }
+#endif
+
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27459,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index a32da80..041a4ff 100644
+index 395be6d..11665af 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused)
@@ -27484,7 +27520,7 @@ index a32da80..041a4ff 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27495,7 +27531,7 @@ index a32da80..041a4ff 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
@@ -27512,7 +27548,7 @@ index a32da80..041a4ff 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35813,7 +35849,7 @@ index fd14be1..e3c79c0 100644
#
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index f1d633a..a75c5f7 100644
+index d6bfb87..876ee18 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -25,6 +25,7 @@
@@ -35824,7 +35860,7 @@ index f1d633a..a75c5f7 100644
enum {
VDSO_DISABLED = 0,
-@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map)
+@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35833,7 +35869,7 @@ index f1d633a..a75c5f7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -250,7 +251,7 @@ static int __init gate_vma_init(void)
+@@ -249,7 +250,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -35842,7 +35878,7 @@ index f1d633a..a75c5f7 100644
return 0;
}
-@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
if (compat)
addr = VDSO_HIGH_BASE;
else {
@@ -35859,7 +35895,7 @@ index f1d633a..a75c5f7 100644
if (compat_uses_vma || !compat) {
/*
-@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
}
current_thread_info()->sysenter_return =
@@ -35873,7 +35909,7 @@ index f1d633a..a75c5f7 100644
up_write(&mm->mmap_sem);
-@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init);
+@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -35889,7 +35925,7 @@ index f1d633a..a75c5f7 100644
return NULL;
}
-@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
+@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
* Check to see if the corresponding task was created in compat vdso
* mode.
*/
@@ -36582,26 +36618,6 @@ index 2648797..92ed21f 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index 966f893..6a3ad80 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -21,6 +21,7 @@
- #include <linux/module.h>
- #include <linux/net.h>
- #include <linux/rwsem.h>
-+#include <linux/security.h>
-
- struct alg_type_list {
- const struct af_alg_type *type;
-@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
-
- sock_init_data(newsock, sk2);
- sock_graft(sk2, newsock);
-+ security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
- if (err) {
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -39529,10 +39545,10 @@ index 18448a7..d5fad43 100644
/* Force all MSRs to the same value */
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index 199b52b..e3503bb 100644
+index 153f4b9..d47054a 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
+@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
#endif
mutex_lock(&cpufreq_governor_mutex);
@@ -39541,7 +39557,7 @@ index 199b52b..e3503bb 100644
mutex_unlock(&cpufreq_governor_mutex);
return;
}
-@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -39550,7 +39566,7 @@ index 199b52b..e3503bb 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state)
+@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state)
return 0;
write_lock_irqsave(&cpufreq_driver_lock, flags);
@@ -39570,7 +39586,7 @@ index 199b52b..e3503bb 100644
write_unlock_irqrestore(&cpufreq_driver_lock, flags);
pr_err("%s: Cannot %s BOOST\n", __func__,
-@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
@@ -39584,7 +39600,7 @@ index 199b52b..e3503bb 100644
write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
-@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
* Check if driver provides function to enable boost -
* if not, use cpufreq_boost_set_sw as default
*/
@@ -50470,25 +50486,10 @@ index d8afec8..3ec7152 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 62ec84b..384f684 100644
+index 64e487a..384f684 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
- scsi_next_command(cmd);
- return;
- }
-+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) {
-+ /*
-+ * Certain non BLOCK_PC requests are commands that don't
-+ * actually transfer anything (FLUSH), so cannot use
-+ * good_bytes != blk_rq_bytes(req) as the signal for an error.
-+ * This sets the error explicitly for the problem case.
-+ */
-+ error = __scsi_error_from_host_byte(cmd, result);
- }
-
- /* no bidi support for !REQ_TYPE_BLOCK_PC yet */
-@@ -1474,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -50497,7 +50498,7 @@ index 62ec84b..384f684 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1500,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -63137,6 +63138,19 @@ index 15f9d98..082c625 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
+index 8f854dd..d0fec26 100644
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
+ char *p = data + *result;
+
+ acl = get_acl(inode, type);
+- if (!acl)
++ if (IS_ERR_OR_NULL(acl))
+ return 0;
+
+ posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f23a6ca..730ddcc 100644
--- a/fs/nfsd/nfs4proc.c
@@ -80441,10 +80455,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..5c4bdee
+index 0000000..b87dd26
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,252 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -80456,6 +80470,9 @@ index 0000000..5c4bdee
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -82371,7 +82388,7 @@ index 1841b58..fbeebf8 100644
#define preempt_set_need_resched() \
do { \
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index fa47e27..c08e034 100644
+index cbf094f..86007b7 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold
@@ -85877,7 +85894,7 @@ index 93b6139..8d628b7 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 9c7fd4c..650b4f1 100644
+index 58c132d..ac3f3b0 100644
--- a/init/main.c
+++ b/init/main.c
@@ -97,6 +97,8 @@ extern void radix_tree_init(void);
@@ -85965,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -85996,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644
return ret;
}
-@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename)
+@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(getname_kernel(init_filename),
@@ -86007,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644
}
static int try_to_run_init_process(const char *init_filename)
-@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename)
+@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename)
return ret;
}
@@ -86018,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644
static noinline void __init kernel_init_freeable(void);
static int __ref kernel_init(void *unused)
-@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused)
+@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused)
ramdisk_execute_command, ret);
}
@@ -86030,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644
/*
* We try each of these until one succeeds.
*
-@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -86039,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -89701,7 +89718,7 @@ index 14f9a8d..98ee610 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 4dae9cb..039ffbb 100644
+index 8c086e6..a52bc51 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -90706,7 +90723,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 0aae0fc..2ba2b81 100644
+index 515e212..268a828 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -93559,23 +93576,6 @@ index 539eeb9..e24a987 100644
error = 0;
if (end == start)
return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index 5b6b003..9b35da2 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
- {
- struct mem_cgroup_eventfd_list *ev;
-
-+ spin_lock(&memcg_oom_lock);
-+
- list_for_each_entry(ev, &memcg->oom_notify, list)
- eventfd_signal(ev->eventfd, 1);
-+
-+ spin_unlock(&memcg_oom_lock);
- return 0;
- }
-
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index 33365e9..2234ef9 100644
--- a/mm/memory-failure.c
@@ -96220,7 +96220,7 @@ index 8740213..f87e25b 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index d013dba..d5ae30d 100644
+index 9f45f87..749bfd8 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -96233,7 +96233,7 @@ index d013dba..d5ae30d 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 7e7f947..254d009 100644
+index 62e400d..2072e4e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -98241,7 +98241,7 @@ index 876fbe8..8bbea9f 100644
#undef __HANDLE_ITEM
}
diff --git a/net/atm/lec.c b/net/atm/lec.c
-index 5a2f602..9396143 100644
+index 5a2f602..93961433 100644
--- a/net/atm/lec.c
+++ b/net/atm/lec.c
@@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry)
@@ -102123,28 +102123,6 @@ index 7932697..a13d158 100644
} while (!res);
return res;
}
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index ec66063..1e05bbd 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
diff --git a/3.14.15/4425_grsec_remove_EI_PAX.patch b/3.14.16/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.14.15/4425_grsec_remove_EI_PAX.patch
rename to 3.14.16/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.15/4427_force_XATTR_PAX_tmpfs.patch b/3.14.16/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.14.15/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.14.16/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.15/4430_grsec-remove-localversion-grsec.patch b/3.14.16/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.14.15/4430_grsec-remove-localversion-grsec.patch
rename to 3.14.16/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.15/4435_grsec-mute-warnings.patch b/3.14.16/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.14.15/4435_grsec-mute-warnings.patch
rename to 3.14.16/4435_grsec-mute-warnings.patch
diff --git a/3.14.15/4440_grsec-remove-protected-paths.patch b/3.14.16/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.14.15/4440_grsec-remove-protected-paths.patch
rename to 3.14.16/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.15/4450_grsec-kconfig-default-gids.patch b/3.14.16/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.14.15/4450_grsec-kconfig-default-gids.patch
rename to 3.14.16/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.15/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.16/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.14.15/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.14.16/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.15/4470_disable-compat_vdso.patch b/3.14.16/4470_disable-compat_vdso.patch
similarity index 98%
rename from 3.14.15/4470_disable-compat_vdso.patch
rename to 3.14.16/4470_disable-compat_vdso.patch
index 677174c..35a4840 100644
--- a/3.14.15/4470_disable-compat_vdso.patch
+++ b/3.14.16/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1841,17 +1841,8 @@
+@@ -1859,17 +1859,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.14.15/4475_emutramp_default_on.patch b/3.14.16/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.14.15/4475_emutramp_default_on.patch
rename to 3.14.16/4475_emutramp_default_on.patch
diff --git a/3.15.8/0000_README b/3.15.9/0000_README
similarity index 96%
rename from 3.15.8/0000_README
rename to 3.15.9/0000_README
index e6666ca..1b914bb 100644
--- a/3.15.8/0000_README
+++ b/3.15.9/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.15.8-201408040708.patch
+Patch: 4420_grsecurity-3.0-3.15.9-201408110025.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
similarity index 99%
rename from 3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch
rename to 3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
index 923c63e..eb185bb 100644
--- a/3.15.8/4420_grsecurity-3.0-3.15.8-201408040708.patch
+++ b/3.15.9/4420_grsecurity-3.0-3.15.9-201408110025.patch
@@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index d5d9a22..998d19e 100644
+index 25b85ab..131efa3 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -313,10 +313,13 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -600,6 +601,72 @@ else
+@@ -600,6 +601,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -386,7 +389,7 @@ index d5d9a22..998d19e 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifdef CONFIG_READABLE_ASM
-@@ -818,7 +885,7 @@ export mod_sign_cmd
+@@ -818,7 +888,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -395,7 +398,7 @@ index d5d9a22..998d19e 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -867,6 +934,8 @@ endif
+@@ -867,6 +937,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -404,7 +407,7 @@ index d5d9a22..998d19e 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -876,7 +945,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -876,7 +948,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -413,7 +416,7 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=$@
define filechk_kernel.release
-@@ -919,10 +988,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -919,10 +991,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -427,7 +430,7 @@ index d5d9a22..998d19e 100644
prepare: prepare0
# Generate some files
-@@ -1030,6 +1102,8 @@ all: modules
+@@ -1030,6 +1105,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -436,7 +439,7 @@ index d5d9a22..998d19e 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1045,7 +1119,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1045,7 +1122,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -445,7 +448,7 @@ index d5d9a22..998d19e 100644
# Target to install modules
PHONY += modules_install
-@@ -1111,7 +1185,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1111,7 +1188,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -457,7 +460,7 @@ index d5d9a22..998d19e 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1150,7 +1227,7 @@ distclean: mrproper
+@@ -1150,7 +1230,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -466,7 +469,7 @@ index d5d9a22..998d19e 100644
-type f -print | xargs rm -f
-@@ -1311,6 +1388,8 @@ PHONY += $(module-dirs) modules
+@@ -1311,6 +1391,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -475,7 +478,7 @@ index d5d9a22..998d19e 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1450,17 +1529,21 @@ else
+@@ -1450,17 +1532,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -501,7 +504,7 @@ index d5d9a22..998d19e 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1470,11 +1553,15 @@ endif
+@@ -1470,11 +1556,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -4367,7 +4370,7 @@ index 5e85ed3..b10a7ed 100644
}
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index b68c6b2..f66c492 100644
+index f15c22e..d830561 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -39,6 +39,22 @@
@@ -12309,7 +12312,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 512e45f..2d49d9d 100644
+index 1dd1408..be4ce12 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -127,7 +127,7 @@ config X86
@@ -12338,7 +12341,7 @@ index 512e45f..2d49d9d 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1055,6 +1056,7 @@ choice
+@@ -1072,6 +1073,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12346,7 +12349,7 @@ index 512e45f..2d49d9d 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1091,6 +1093,7 @@ config NOHIGHMEM
+@@ -1108,6 +1110,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12354,7 +12357,7 @@ index 512e45f..2d49d9d 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1143,7 +1146,7 @@ config PAGE_OFFSET
+@@ -1160,7 +1163,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12363,7 +12366,7 @@ index 512e45f..2d49d9d 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1556,6 +1559,7 @@ source kernel/Kconfig.hz
+@@ -1573,6 +1576,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12371,7 +12374,7 @@ index 512e45f..2d49d9d 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1707,7 +1711,9 @@ config X86_NEED_RELOCS
+@@ -1724,7 +1728,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12382,7 +12385,7 @@ index 512e45f..2d49d9d 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1790,6 +1796,7 @@ config COMPAT_VDSO
+@@ -1807,6 +1813,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -16835,7 +16838,7 @@ index b8237d8..3e8864e 100644
* Convert a virtual cached pointer to an uncached pointer
*/
diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h
-index bba3cf8..06bc8da 100644
+index 0a8b519..80e7d5b 100644
--- a/arch/x86/include/asm/irqflags.h
+++ b/arch/x86/include/asm/irqflags.h
@@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void)
@@ -18051,21 +18054,24 @@ index e22c1db..23a625a 100644
}
diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h
-index c883bf7..19970b3 100644
+index 7166e25..baaa6fe 100644
--- a/arch/x86/include/asm/pgtable_64_types.h
+++ b/arch/x86/include/asm/pgtable_64_types.h
-@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t;
+@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t;
#define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
#define MODULES_END _AC(0xffffffffff000000, UL)
#define MODULES_LEN (MODULES_END - MODULES_VADDR)
+#define MODULES_EXEC_VADDR MODULES_VADDR
+#define MODULES_EXEC_END MODULES_END
-+
+ #define ESPFIX_PGD_ENTRY _AC(-2, UL)
+ #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT)
+
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
-
++
#define EARLY_DYNAMIC_PAGE_TABLES 64
+ #endif /* _ASM_X86_PGTABLE_64_DEFS_H */
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
index eb3d449..8d95316 100644
--- a/arch/x86/include/asm/pgtable_types.h
@@ -20361,7 +20367,7 @@ index 7b0a55a..ad115bf 100644
/* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
-index f4d9600..b45af01 100644
+index 491ef3e..7da98ce 100644
--- a/arch/x86/kernel/Makefile
+++ b/arch/x86/kernel/Makefile
@@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o
@@ -22034,7 +22040,7 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index c87810b..413d83f 100644
+index c5a9cb9..228d280 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -22393,7 +22399,7 @@ index c87810b..413d83f 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -577,14 +784,34 @@ ldt_ss:
+@@ -580,14 +787,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22431,7 +22437,7 @@ index c87810b..413d83f 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -613,20 +840,18 @@ work_resched:
+@@ -617,20 +844,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22454,7 +22460,7 @@ index c87810b..413d83f 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -647,7 +872,7 @@ work_notifysig_v86:
+@@ -651,7 +876,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22463,7 +22469,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -655,11 +880,14 @@ syscall_trace_entry:
+@@ -659,11 +884,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22479,7 +22485,7 @@ index c87810b..413d83f 100644
# perform syscall exit tracing
ALIGN
-@@ -672,26 +900,30 @@ syscall_exit_work:
+@@ -676,26 +904,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22514,9 +22520,9 @@ index c87810b..413d83f 100644
CFI_ENDPROC
/*
* End of kprobes section
-@@ -707,8 +939,15 @@ END(syscall_badsys)
- * normal stack and adjusts ESP with the matching offset.
+@@ -712,8 +944,15 @@ END(syscall_badsys)
*/
+ #ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
- mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */
- mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */
@@ -22532,7 +22538,7 @@ index c87810b..413d83f 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -761,7 +1000,7 @@ vector=vector+1
+@@ -769,7 +1008,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22541,7 +22547,7 @@ index c87810b..413d83f 100644
.previous
END(interrupt)
-@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error)
+@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -22550,7 +22556,7 @@ index c87810b..413d83f 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
+@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -22559,7 +22565,7 @@ index c87810b..413d83f 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error)
+@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -22568,7 +22574,7 @@ index c87810b..413d83f 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -853,18 +1092,18 @@ ENTRY(device_not_available)
+@@ -861,18 +1100,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -22590,7 +22596,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(overflow)
-@@ -874,7 +1113,7 @@ ENTRY(overflow)
+@@ -882,7 +1121,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -22599,7 +22605,7 @@ index c87810b..413d83f 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -883,7 +1122,7 @@ ENTRY(bounds)
+@@ -891,7 +1130,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -22608,7 +22614,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -892,7 +1131,7 @@ ENTRY(invalid_op)
+@@ -900,7 +1139,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -22617,7 +22623,7 @@ index c87810b..413d83f 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -22626,7 +22632,7 @@ index c87810b..413d83f 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS)
+@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -22635,7 +22641,7 @@ index c87810b..413d83f 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -917,7 +1156,7 @@ ENTRY(segment_not_present)
+@@ -925,7 +1164,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -22644,7 +22650,7 @@ index c87810b..413d83f 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -925,7 +1164,7 @@ ENTRY(stack_segment)
+@@ -933,7 +1172,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -22653,7 +22659,7 @@ index c87810b..413d83f 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -933,7 +1172,7 @@ ENTRY(alignment_check)
+@@ -941,7 +1180,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -22662,7 +22668,7 @@ index c87810b..413d83f 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -942,7 +1181,7 @@ ENTRY(divide_error)
+@@ -950,7 +1189,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -22671,7 +22677,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -952,7 +1191,7 @@ ENTRY(machine_check)
+@@ -960,7 +1199,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -22680,7 +22686,7 @@ index c87810b..413d83f 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -22689,7 +22695,7 @@ index c87810b..413d83f 100644
/*
* End of kprobes section
*/
-@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -22698,7 +22704,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1105,7 +1344,7 @@ ftrace_graph_call:
+@@ -1113,7 +1352,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -22707,7 +22713,7 @@ index c87810b..413d83f 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1209,7 +1448,7 @@ trace:
+@@ -1217,7 +1456,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -22716,7 +22722,7 @@ index c87810b..413d83f 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -22725,7 +22731,7 @@ index c87810b..413d83f 100644
.globl return_to_handler
return_to_handler:
-@@ -1293,15 +1532,18 @@ error_code:
+@@ -1301,15 +1540,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -22746,7 +22752,7 @@ index c87810b..413d83f 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1344,7 +1586,7 @@ debug_stack_correct:
+@@ -1352,7 +1594,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -22755,7 +22761,7 @@ index c87810b..413d83f 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1382,6 +1624,9 @@ nmi_stack_correct:
+@@ -1392,6 +1634,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -22765,7 +22771,7 @@ index c87810b..413d83f 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1418,12 +1663,15 @@ nmi_espfix_stack:
+@@ -1429,13 +1674,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -22776,13 +22782,14 @@ index c87810b..413d83f 100644
lss 12+4(%esp), %esp # back to espfix stack
CFI_ADJUST_CFA_OFFSET -24
jmp irq_return
+ #endif
CFI_ENDPROC
-END(nmi)
+ENDPROC(nmi)
ENTRY(int3)
RING0_INT_FRAME
-@@ -1436,14 +1684,14 @@ ENTRY(int3)
+@@ -1448,14 +1696,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -22799,7 +22806,7 @@ index c87810b..413d83f 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault)
+@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -22809,19 +22816,19 @@ index c87810b..413d83f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 1e96c36..3ff710a 100644
+index 03cd2a8..05a9aed 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
-@@ -59,6 +59,8 @@
- #include <asm/context_tracking.h>
+@@ -60,6 +60,8 @@
#include <asm/smap.h>
+ #include <asm/pgtable_types.h>
#include <linux/err.h>
+#include <asm/pgtable.h>
+#include <asm/alternative-asm.h>
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -80,8 +82,9 @@
+@@ -81,8 +83,9 @@
#ifdef CONFIG_DYNAMIC_FTRACE
ENTRY(function_hook)
@@ -22832,7 +22839,7 @@ index 1e96c36..3ff710a 100644
/* skip is set if stack has been adjusted */
.macro ftrace_caller_setup skip=0
-@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call)
+@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call)
#endif
GLOBAL(ftrace_stub)
@@ -22843,7 +22850,7 @@ index 1e96c36..3ff710a 100644
ENTRY(ftrace_regs_caller)
/* Save the current flags before compare (in SS location)*/
-@@ -191,7 +195,7 @@ ftrace_restore_flags:
+@@ -192,7 +196,7 @@ ftrace_restore_flags:
popfq
jmp ftrace_stub
@@ -22852,7 +22859,7 @@ index 1e96c36..3ff710a 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -212,6 +216,7 @@ ENTRY(function_hook)
+@@ -213,6 +217,7 @@ ENTRY(function_hook)
#endif
GLOBAL(ftrace_stub)
@@ -22860,7 +22867,7 @@ index 1e96c36..3ff710a 100644
retq
trace:
-@@ -225,12 +230,13 @@ trace:
+@@ -226,12 +231,13 @@ trace:
#endif
subq $MCOUNT_INSN_SIZE, %rdi
@@ -22875,7 +22882,7 @@ index 1e96c36..3ff710a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller)
+@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller)
MCOUNT_RESTORE_FRAME
@@ -22886,7 +22893,7 @@ index 1e96c36..3ff710a 100644
GLOBAL(return_to_handler)
subq $24, %rsp
-@@ -269,7 +276,9 @@ GLOBAL(return_to_handler)
+@@ -270,7 +277,9 @@ GLOBAL(return_to_handler)
movq 8(%rsp), %rdx
movq (%rsp), %rax
addq $24, %rsp
@@ -22896,7 +22903,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64)
+@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23327,7 +23334,7 @@ index 1e96c36..3ff710a 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23336,7 +23343,7 @@ index 1e96c36..3ff710a 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23364,7 +23371,7 @@ index 1e96c36..3ff710a 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23404,7 +23411,7 @@ index 1e96c36..3ff710a 100644
je 1f
SWAPGS
/*
-@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23423,7 +23430,7 @@ index 1e96c36..3ff710a 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -514,9 +939,52 @@ ENTRY(save_paranoid)
+@@ -515,9 +940,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23478,7 +23485,7 @@ index 1e96c36..3ff710a 100644
.popsection
/*
-@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork)
+@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23487,7 +23494,7 @@ index 1e96c36..3ff710a 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork)
+@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23504,7 +23511,7 @@ index 1e96c36..3ff710a 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1059,7 @@ END(ret_from_fork)
+@@ -594,7 +1060,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23513,7 +23520,7 @@ index 1e96c36..3ff710a 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23539,7 +23546,7 @@ index 1e96c36..3ff710a 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -639,10 +1112,13 @@ sysret_check:
+@@ -640,10 +1113,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23554,7 +23561,7 @@ index 1e96c36..3ff710a 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -701,6 +1177,9 @@ auditsys:
+@@ -702,6 +1178,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -23564,7 +23571,7 @@ index 1e96c36..3ff710a 100644
LOAD_ARGS 0 /* reload call-clobbered registers */
jmp system_call_fastpath
-@@ -722,7 +1201,7 @@ sysret_audit:
+@@ -723,7 +1202,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -23573,7 +23580,7 @@ index 1e96c36..3ff710a 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1209,15 @@ tracesys:
+@@ -731,12 +1210,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -23590,7 +23597,7 @@ index 1e96c36..3ff710a 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -765,7 +1247,9 @@ GLOBAL(int_with_check)
+@@ -766,7 +1248,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23601,7 +23608,7 @@ index 1e96c36..3ff710a 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1295,7 @@ int_restore_rest:
+@@ -812,7 +1296,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23610,7 +23617,7 @@ index 1e96c36..3ff710a 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1308,10 @@ ENTRY(stub_\func)
+@@ -825,9 +1309,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23623,7 +23630,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1321,10 @@ ENTRY(\label)
+@@ -837,9 +1322,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23635,7 +23642,7 @@ index 1e96c36..3ff710a 100644
.endm
FORK_LIKE clone
-@@ -846,19 +1332,6 @@ END(\label)
+@@ -847,19 +1333,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23655,7 +23662,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -870,7 +1343,7 @@ ENTRY(stub_execve)
+@@ -871,7 +1344,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23664,7 +23671,7 @@ index 1e96c36..3ff710a 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23673,7 +23680,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23682,7 +23689,7 @@ index 1e96c36..3ff710a 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve)
+@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23691,7 +23698,7 @@ index 1e96c36..3ff710a 100644
#endif
-@@ -952,7 +1425,7 @@ vector=vector+1
+@@ -953,7 +1426,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23700,7 +23707,7 @@ index 1e96c36..3ff710a 100644
.previous
END(interrupt)
-@@ -969,8 +1442,8 @@ END(interrupt)
+@@ -970,8 +1443,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -23711,7 +23718,7 @@ index 1e96c36..3ff710a 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -997,14 +1470,14 @@ ret_from_intr:
+@@ -998,14 +1471,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -23730,7 +23737,7 @@ index 1e96c36..3ff710a 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */
+@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23747,16 +23754,32 @@ index 1e96c36..3ff710a 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel)
+@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel)
+ jmp exit_intr
#endif
-
CFI_ENDPROC
-END(common_interrupt)
+ENDPROC(common_interrupt)
- /*
- * End of kprobes section
- */
-@@ -1130,7 +1607,7 @@ ENTRY(\sym)
+
+ /*
+ * If IRET takes a fault on the espfix stack, then we
+@@ -1167,13 +1644,13 @@ __do_double_fault:
+ cmpq $native_irq_return_iret,%rax
+ jne do_double_fault /* This shouldn't happen... */
+ movq PER_CPU_VAR(kernel_stack),%rax
+- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */
++ subq $(6*8),%rax /* Reset to original stack */
+ movq %rax,RSP(%rdi)
+ movq $0,(%rax) /* Missing (lost) #GP error code */
+ movq $general_protection,RIP(%rdi)
+ retq
+ CFI_ENDPROC
+-END(__do_double_fault)
++ENDPROC(__do_double_fault)
+ #else
+ # define __do_double_fault do_double_fault
+ #endif
+@@ -1195,7 +1672,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -23765,7 +23788,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1218,7 +1695,7 @@ ENTRY(\sym)
+@@ -1283,7 +1760,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23774,7 +23797,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1236,10 +1713,10 @@ ENTRY(\sym)
+@@ -1301,10 +1778,10 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23787,7 +23810,7 @@ index 1e96c36..3ff710a 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,12 +1729,18 @@ ENTRY(\sym)
+@@ -1317,12 +1794,18 @@ ENTRY(\sym)
TRACE_IRQS_OFF_DEBUG
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
@@ -23807,7 +23830,7 @@ index 1e96c36..3ff710a 100644
.endm
.macro errorentry sym do_sym
-@@ -1275,7 +1758,7 @@ ENTRY(\sym)
+@@ -1340,7 +1823,7 @@ ENTRY(\sym)
call \do_sym
jmp error_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23816,7 +23839,7 @@ index 1e96c36..3ff710a 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1306,7 +1789,7 @@ ENTRY(\sym)
+@@ -1371,7 +1854,7 @@ ENTRY(\sym)
call \do_sym
jmp paranoid_exit /* %ebx: no swapgs flag */
CFI_ENDPROC
@@ -23825,7 +23848,7 @@ index 1e96c36..3ff710a 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1336,9 +1819,10 @@ gs_change:
+@@ -1401,9 +1884,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -23837,7 +23860,7 @@ index 1e96c36..3ff710a 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -23849,7 +23872,7 @@ index 1e96c36..3ff710a 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -23858,7 +23881,7 @@ index 1e96c36..3ff710a 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -23867,7 +23890,7 @@ index 1e96c36..3ff710a 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit)
+@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -23903,7 +23926,7 @@ index 1e96c36..3ff710a 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1557,7 +2057,7 @@ paranoid_schedule:
+@@ -1622,7 +2122,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -23912,7 +23935,7 @@ index 1e96c36..3ff710a 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1584,12 +2084,23 @@ ENTRY(error_entry)
+@@ -1649,12 +2149,23 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -23937,7 +23960,7 @@ index 1e96c36..3ff710a 100644
ret
/*
-@@ -1616,7 +2127,7 @@ bstep_iret:
+@@ -1681,7 +2192,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -23946,7 +23969,7 @@ index 1e96c36..3ff710a 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1627,7 +2138,7 @@ ENTRY(error_exit)
+@@ -1692,7 +2203,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -23955,7 +23978,7 @@ index 1e96c36..3ff710a 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1636,7 +2147,7 @@ ENTRY(error_exit)
+@@ -1701,7 +2212,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -23964,7 +23987,7 @@ index 1e96c36..3ff710a 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1694,9 +2205,11 @@ ENTRY(nmi)
+@@ -1759,9 +2270,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -23977,7 +24000,7 @@ index 1e96c36..3ff710a 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1730,8 +2243,7 @@ nested_nmi:
+@@ -1795,8 +2308,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -23987,7 +24010,7 @@ index 1e96c36..3ff710a 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1749,6 +2261,7 @@ nested_nmi_out:
+@@ -1814,6 +2326,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -23995,7 +24018,7 @@ index 1e96c36..3ff710a 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1845,13 +2358,13 @@ end_repeat_nmi:
+@@ -1910,13 +2423,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24011,7 +24034,7 @@ index 1e96c36..3ff710a 100644
DEFAULT_FRAME 0
/*
-@@ -1861,9 +2374,9 @@ end_repeat_nmi:
+@@ -1926,9 +2439,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24023,7 +24046,7 @@ index 1e96c36..3ff710a 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1872,31 +2385,36 @@ end_repeat_nmi:
+@@ -1937,31 +2450,36 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -24065,6 +24088,19 @@ index 1e96c36..3ff710a 100644
/*
* End of kprobes section
+diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c
+index 94d857f..bf1f0bf 100644
+--- a/arch/x86/kernel/espfix_64.c
++++ b/arch/x86/kernel/espfix_64.c
+@@ -197,7 +197,7 @@ void init_espfix_ap(void)
+ set_pte(&pte_p[n*PTE_STRIDE], pte);
+
+ /* Job is done for this CPU and any CPU which shares this page */
+- ACCESS_ONCE(espfix_pages[page]) = stack_page;
++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page;
+
+ unlock_done:
+ mutex_unlock(&espfix_init_mutex);
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c
index 52819e8..b6d1dbd 100644
--- a/arch/x86/kernel/ftrace.c
@@ -25518,10 +25554,10 @@ index c2bedae..25e7ab60 100644
.name = "data",
.mode = S_IRUGO,
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
-index dcbbaa1..81ae763 100644
+index c37886d..d851d32 100644
--- a/arch/x86/kernel/ldt.c
+++ b/arch/x86/kernel/ldt.c
-@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
if (reload) {
#ifdef CONFIG_SMP
preempt_disable();
@@ -25537,7 +25573,7 @@ index dcbbaa1..81ae763 100644
#endif
}
if (oldsize) {
-@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old)
return err;
for (i = 0; i < old->size; i++)
@@ -25546,7 +25582,7 @@ index dcbbaa1..81ae763 100644
return 0;
}
-@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm)
retval = copy_ldt(&mm->context, &old_mm->context);
mutex_unlock(&old_mm->context.lock);
}
@@ -25571,7 +25607,7 @@ index dcbbaa1..81ae763 100644
return retval;
}
-@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode)
}
}
@@ -25582,9 +25618,9 @@ index dcbbaa1..81ae763 100644
+ }
+#endif
+
- /*
- * On x86-64 we do not support 16-bit segments due to
- * IRET leaking the high bits of the kernel stack address.
+ if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) {
+ error = -EINVAL;
+ goto out_unlock;
diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c
index 1667b1d..16492c5 100644
--- a/arch/x86/kernel/machine_kexec_32.c
@@ -27020,7 +27056,7 @@ index be8e1bd..a3d93fa 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index ae2fd975..c0c8d10 100644
+index 5492798..a3bd4f2 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
@@ -230,14 +230,17 @@ static void notrace start_secondary(void *unused)
@@ -27045,7 +27081,7 @@ index ae2fd975..c0c8d10 100644
/*
* Check TSC synchronization with the BP:
*/
-@@ -757,8 +760,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -764,8 +767,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
alternatives_enable_smp();
idle->thread.sp = (unsigned long) (((struct pt_regs *)
@@ -27056,7 +27092,7 @@ index ae2fd975..c0c8d10 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -767,10 +771,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -774,10 +778,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
#endif
@@ -27070,7 +27106,7 @@ index ae2fd975..c0c8d10 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -916,6 +920,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -923,6 +927,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
@@ -35376,7 +35412,7 @@ index c580d12..0a0ba35 100644
GCOV_PROFILE := n
diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c
-index 310c5f0..766d0a7 100644
+index 3adf2e6..a0b5576 100644
--- a/arch/x86/vdso/vdso32-setup.c
+++ b/arch/x86/vdso/vdso32-setup.c
@@ -29,6 +29,7 @@
@@ -35387,7 +35423,7 @@ index 310c5f0..766d0a7 100644
#ifdef CONFIG_COMPAT_VDSO
#define VDSO_DEFAULT 0
-@@ -99,7 +100,7 @@ void syscall32_cpu_init(void)
+@@ -98,7 +99,7 @@ void syscall32_cpu_init(void)
void enable_sep_cpu(void)
{
int cpu = get_cpu();
@@ -35396,7 +35432,7 @@ index 310c5f0..766d0a7 100644
if (!boot_cpu_has(X86_FEATURE_SEP)) {
put_cpu();
-@@ -167,7 +168,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -166,7 +167,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
down_write(&mm->mmap_sem);
@@ -35405,7 +35441,7 @@ index 310c5f0..766d0a7 100644
if (IS_ERR_VALUE(addr)) {
ret = addr;
goto up_fail;
-@@ -175,7 +176,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -174,7 +175,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
addr += VDSO_OFFSET(VDSO_PREV_PAGES);
@@ -35414,7 +35450,7 @@ index 310c5f0..766d0a7 100644
/*
* MAYWRITE to allow gdb to COW and set breakpoints
-@@ -224,11 +225,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -223,11 +224,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
#endif
current_thread_info()->sysenter_return =
@@ -35428,7 +35464,7 @@ index 310c5f0..766d0a7 100644
up_write(&mm->mmap_sem);
-@@ -282,8 +283,14 @@ __initcall(ia32_binfmt_init);
+@@ -274,8 +275,14 @@ __initcall(ia32_binfmt_init);
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -36118,26 +36154,6 @@ index 2648797..92ed21f 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
-diff --git a/crypto/af_alg.c b/crypto/af_alg.c
-index 966f893..6a3ad80 100644
---- a/crypto/af_alg.c
-+++ b/crypto/af_alg.c
-@@ -21,6 +21,7 @@
- #include <linux/module.h>
- #include <linux/net.h>
- #include <linux/rwsem.h>
-+#include <linux/security.h>
-
- struct alg_type_list {
- const struct af_alg_type *type;
-@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
-
- sock_init_data(newsock, sk2);
- sock_graft(sk2, newsock);
-+ security_sk_clone(sk, sk2);
-
- err = type->accept(ask->private, sk2);
- if (err) {
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -40395,7 +40411,7 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index b91dfbe..b7fb16d 100644
+index c83eb75..d205e5b2 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
@@ -11179,13 +11179,13 @@ struct intel_quirk {
@@ -49893,25 +49909,10 @@ index 88d46fe..7351be5 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index 9db097a..c4ccdef 100644
+index d99ab3b..c4ccdef 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -806,6 +806,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
- scsi_next_command(cmd);
- return;
- }
-+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) {
-+ /*
-+ * Certain non BLOCK_PC requests are commands that don't
-+ * actually transfer anything (FLUSH), so cannot use
-+ * good_bytes != blk_rq_bytes(req) as the signal for an error.
-+ * This sets the error explicitly for the problem case.
-+ */
-+ error = __scsi_error_from_host_byte(cmd, result);
- }
-
- /* no bidi support for !REQ_TYPE_BLOCK_PC yet */
-@@ -1464,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1472,7 +1472,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -49920,7 +49921,7 @@ index 9db097a..c4ccdef 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1490,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1498,9 +1498,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -62604,6 +62605,19 @@ index c79f3e7..d61d671 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
+index 8f854dd..d0fec26 100644
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
+ char *p = data + *result;
+
+ acl = get_acl(inode, type);
+- if (!acl)
++ if (IS_ERR_OR_NULL(acl))
+ return 0;
+
+ posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 95e3720..46c23fa 100644
--- a/fs/nfsd/nfs4proc.c
@@ -62998,7 +63012,7 @@ index a7cdd56..c583144 100644
/* Copy the blockcheck stats from the superblock probe */
osb->osb_ecc_stats = *stats;
diff --git a/fs/open.c b/fs/open.c
-index 9d64679..75f925c 100644
+index dd24f21..c1f4b3a 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -32,6 +32,8 @@
@@ -63028,7 +63042,7 @@ index 9d64679..75f925c 100644
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
sb_end_write(inode->i_sb);
-@@ -381,6 +387,9 @@ retry:
+@@ -380,6 +386,9 @@ retry:
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
@@ -63038,7 +63052,7 @@ index 9d64679..75f925c 100644
out_path_release:
path_put(&path);
if (retry_estale(res, lookup_flags)) {
-@@ -412,6 +421,8 @@ retry:
+@@ -411,6 +420,8 @@ retry:
if (error)
goto dput_and_out;
@@ -63047,7 +63061,7 @@ index 9d64679..75f925c 100644
set_fs_pwd(current->fs, &path);
dput_and_out:
-@@ -441,6 +452,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
+@@ -440,6 +451,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
goto out_putf;
error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
@@ -63061,7 +63075,7 @@ index 9d64679..75f925c 100644
if (!error)
set_fs_pwd(current->fs, &f.file->f_path);
out_putf:
-@@ -470,7 +488,13 @@ retry:
+@@ -469,7 +487,13 @@ retry:
if (error)
goto dput_and_out;
@@ -63075,7 +63089,7 @@ index 9d64679..75f925c 100644
error = 0;
dput_and_out:
path_put(&path);
-@@ -494,6 +518,16 @@ static int chmod_common(struct path *path, umode_t mode)
+@@ -493,6 +517,16 @@ static int chmod_common(struct path *path, umode_t mode)
return error;
retry_deleg:
mutex_lock(&inode->i_mutex);
@@ -63092,7 +63106,7 @@ index 9d64679..75f925c 100644
error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
-@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
+@@ -558,6 +592,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
@@ -63102,7 +63116,7 @@ index 9d64679..75f925c 100644
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
-@@ -978,6 +1015,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -977,6 +1014,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
} else {
fsnotify_open(f);
fd_install(fd, f);
@@ -79940,10 +79954,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..13ac2e2
+index 0000000..e6d120f
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,249 @@
+@@ -0,0 +1,252 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -79955,6 +79969,9 @@ index 0000000..13ac2e2
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -81876,7 +81893,7 @@ index de83b4e..c4b997d 100644
#define preempt_set_need_resched() \
do { \
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index 8752f75..2b80c0f 100644
+index 7847301..29cd406 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
@@ -110,6 +110,8 @@ static inline __printf(1, 2) __cold
@@ -85394,7 +85411,7 @@ index a8497fa..35b3c90 100644
next_state = Reset;
return 0;
diff --git a/init/main.c b/init/main.c
-index 48655ce..d0113e4 100644
+index eb0ea86..b91cd60 100644
--- a/init/main.c
+++ b/init/main.c
@@ -97,6 +97,8 @@ extern void radix_tree_init(void);
@@ -85482,7 +85499,7 @@ index 48655ce..d0113e4 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -85513,7 +85530,7 @@ index 48655ce..d0113e4 100644
return ret;
}
-@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename)
+@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(getname_kernel(init_filename),
@@ -85524,7 +85541,7 @@ index 48655ce..d0113e4 100644
}
static int try_to_run_init_process(const char *init_filename)
-@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename)
+@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename)
return ret;
}
@@ -85535,7 +85552,7 @@ index 48655ce..d0113e4 100644
static noinline void __init kernel_init_freeable(void);
static int __ref kernel_init(void *unused)
-@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused)
+@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused)
ramdisk_execute_command, ret);
}
@@ -85547,7 +85564,7 @@ index 48655ce..d0113e4 100644
/*
* We try each of these until one succeeds.
*
-@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
@@ -85556,7 +85573,7 @@ index 48655ce..d0113e4 100644
pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -89239,7 +89256,7 @@ index 14f9a8d..98ee610 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
-index 221229c..c76ca0a 100644
+index 63594be..8444e0f 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file)
@@ -90271,7 +90288,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 084d17f..e416b9f 100644
+index 8da7e49..ef10a02 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -93127,23 +93144,6 @@ index a402f8f..f5e5daa 100644
error = 0;
if (end == start)
return error;
-diff --git a/mm/memcontrol.c b/mm/memcontrol.c
-index 67c927a..fe99d96 100644
---- a/mm/memcontrol.c
-+++ b/mm/memcontrol.c
-@@ -5544,8 +5544,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg)
- {
- struct mem_cgroup_eventfd_list *ev;
-
-+ spin_lock(&memcg_oom_lock);
-+
- list_for_each_entry(ev, &memcg->oom_notify, list)
- eventfd_signal(ev->eventfd, 1);
-+
-+ spin_unlock(&memcg_oom_lock);
- return 0;
- }
-
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index eb8fb72..ae36cf3 100644
--- a/mm/memory-failure.c
@@ -95813,7 +95813,7 @@ index 431fd7c..8674512 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index 154af21..86e447f 100644
+index f972182..e7f7c07 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint,
@@ -95826,7 +95826,7 @@ index 154af21..86e447f 100644
unsigned long bg_thresh,
unsigned long dirty,
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index d64f5f9..9005ab5 100644
+index e98306f..3311d5e 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -61,6 +61,7 @@
@@ -101970,28 +101970,6 @@ index 3397fe6..861fd1a 100644
}
if (inet->cmsg_flags)
ip_cmsg_recv(msg, skb);
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index 950909f..13752d9 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1365,7 +1365,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1491,7 +1491,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
diff --git a/3.15.8/4425_grsec_remove_EI_PAX.patch b/3.15.9/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.15.8/4425_grsec_remove_EI_PAX.patch
rename to 3.15.9/4425_grsec_remove_EI_PAX.patch
diff --git a/3.15.8/4427_force_XATTR_PAX_tmpfs.patch b/3.15.9/4427_force_XATTR_PAX_tmpfs.patch
similarity index 100%
rename from 3.15.8/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.15.9/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.15.8/4430_grsec-remove-localversion-grsec.patch b/3.15.9/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.15.8/4430_grsec-remove-localversion-grsec.patch
rename to 3.15.9/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.15.8/4435_grsec-mute-warnings.patch b/3.15.9/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.15.8/4435_grsec-mute-warnings.patch
rename to 3.15.9/4435_grsec-mute-warnings.patch
diff --git a/3.15.8/4440_grsec-remove-protected-paths.patch b/3.15.9/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.15.8/4440_grsec-remove-protected-paths.patch
rename to 3.15.9/4440_grsec-remove-protected-paths.patch
diff --git a/3.15.8/4450_grsec-kconfig-default-gids.patch b/3.15.9/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.15.8/4450_grsec-kconfig-default-gids.patch
rename to 3.15.9/4450_grsec-kconfig-default-gids.patch
diff --git a/3.15.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.9/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.15.8/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.15.9/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.15.8/4470_disable-compat_vdso.patch b/3.15.9/4470_disable-compat_vdso.patch
similarity index 99%
rename from 3.15.8/4470_disable-compat_vdso.patch
rename to 3.15.9/4470_disable-compat_vdso.patch
index 7852848..0215f1e 100644
--- a/3.15.8/4470_disable-compat_vdso.patch
+++ b/3.15.9/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1793,29 +1793,8 @@
+@@ -1811,29 +1811,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.15.8/4475_emutramp_default_on.patch b/3.15.9/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.15.8/4475_emutramp_default_on.patch
rename to 3.15.9/4475_emutramp_default_on.patch
diff --git a/3.2.61/0000_README b/3.2.62/0000_README
similarity index 97%
rename from 3.2.61/0000_README
rename to 3.2.62/0000_README
index c3587c8..aed2e0b 100644
--- a/3.2.61/0000_README
+++ b/3.2.62/0000_README
@@ -162,7 +162,11 @@ Patch: 1060_linux-3.2.61.patch
From: http://www.kernel.org
Desc: Linux 3.2.61
-Patch: 4420_grsecurity-3.0-3.2.61-201408032011.patch
+Patch: 1061_linux-3.2.62.patch
+From: http://www.kernel.org
+Desc: Linux 3.2.62
+
+Patch: 4420_grsecurity-3.0-3.2.62-201408110020.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.61/1021_linux-3.2.22.patch b/3.2.62/1021_linux-3.2.22.patch
similarity index 100%
rename from 3.2.61/1021_linux-3.2.22.patch
rename to 3.2.62/1021_linux-3.2.22.patch
diff --git a/3.2.61/1022_linux-3.2.23.patch b/3.2.62/1022_linux-3.2.23.patch
similarity index 100%
rename from 3.2.61/1022_linux-3.2.23.patch
rename to 3.2.62/1022_linux-3.2.23.patch
diff --git a/3.2.61/1023_linux-3.2.24.patch b/3.2.62/1023_linux-3.2.24.patch
similarity index 100%
rename from 3.2.61/1023_linux-3.2.24.patch
rename to 3.2.62/1023_linux-3.2.24.patch
diff --git a/3.2.61/1024_linux-3.2.25.patch b/3.2.62/1024_linux-3.2.25.patch
similarity index 100%
rename from 3.2.61/1024_linux-3.2.25.patch
rename to 3.2.62/1024_linux-3.2.25.patch
diff --git a/3.2.61/1025_linux-3.2.26.patch b/3.2.62/1025_linux-3.2.26.patch
similarity index 100%
rename from 3.2.61/1025_linux-3.2.26.patch
rename to 3.2.62/1025_linux-3.2.26.patch
diff --git a/3.2.61/1026_linux-3.2.27.patch b/3.2.62/1026_linux-3.2.27.patch
similarity index 100%
rename from 3.2.61/1026_linux-3.2.27.patch
rename to 3.2.62/1026_linux-3.2.27.patch
diff --git a/3.2.61/1027_linux-3.2.28.patch b/3.2.62/1027_linux-3.2.28.patch
similarity index 100%
rename from 3.2.61/1027_linux-3.2.28.patch
rename to 3.2.62/1027_linux-3.2.28.patch
diff --git a/3.2.61/1028_linux-3.2.29.patch b/3.2.62/1028_linux-3.2.29.patch
similarity index 100%
rename from 3.2.61/1028_linux-3.2.29.patch
rename to 3.2.62/1028_linux-3.2.29.patch
diff --git a/3.2.61/1029_linux-3.2.30.patch b/3.2.62/1029_linux-3.2.30.patch
similarity index 100%
rename from 3.2.61/1029_linux-3.2.30.patch
rename to 3.2.62/1029_linux-3.2.30.patch
diff --git a/3.2.61/1030_linux-3.2.31.patch b/3.2.62/1030_linux-3.2.31.patch
similarity index 100%
rename from 3.2.61/1030_linux-3.2.31.patch
rename to 3.2.62/1030_linux-3.2.31.patch
diff --git a/3.2.61/1031_linux-3.2.32.patch b/3.2.62/1031_linux-3.2.32.patch
similarity index 100%
rename from 3.2.61/1031_linux-3.2.32.patch
rename to 3.2.62/1031_linux-3.2.32.patch
diff --git a/3.2.61/1032_linux-3.2.33.patch b/3.2.62/1032_linux-3.2.33.patch
similarity index 100%
rename from 3.2.61/1032_linux-3.2.33.patch
rename to 3.2.62/1032_linux-3.2.33.patch
diff --git a/3.2.61/1033_linux-3.2.34.patch b/3.2.62/1033_linux-3.2.34.patch
similarity index 100%
rename from 3.2.61/1033_linux-3.2.34.patch
rename to 3.2.62/1033_linux-3.2.34.patch
diff --git a/3.2.61/1034_linux-3.2.35.patch b/3.2.62/1034_linux-3.2.35.patch
similarity index 100%
rename from 3.2.61/1034_linux-3.2.35.patch
rename to 3.2.62/1034_linux-3.2.35.patch
diff --git a/3.2.61/1035_linux-3.2.36.patch b/3.2.62/1035_linux-3.2.36.patch
similarity index 100%
rename from 3.2.61/1035_linux-3.2.36.patch
rename to 3.2.62/1035_linux-3.2.36.patch
diff --git a/3.2.61/1036_linux-3.2.37.patch b/3.2.62/1036_linux-3.2.37.patch
similarity index 100%
rename from 3.2.61/1036_linux-3.2.37.patch
rename to 3.2.62/1036_linux-3.2.37.patch
diff --git a/3.2.61/1037_linux-3.2.38.patch b/3.2.62/1037_linux-3.2.38.patch
similarity index 100%
rename from 3.2.61/1037_linux-3.2.38.patch
rename to 3.2.62/1037_linux-3.2.38.patch
diff --git a/3.2.61/1038_linux-3.2.39.patch b/3.2.62/1038_linux-3.2.39.patch
similarity index 100%
rename from 3.2.61/1038_linux-3.2.39.patch
rename to 3.2.62/1038_linux-3.2.39.patch
diff --git a/3.2.61/1039_linux-3.2.40.patch b/3.2.62/1039_linux-3.2.40.patch
similarity index 100%
rename from 3.2.61/1039_linux-3.2.40.patch
rename to 3.2.62/1039_linux-3.2.40.patch
diff --git a/3.2.61/1040_linux-3.2.41.patch b/3.2.62/1040_linux-3.2.41.patch
similarity index 100%
rename from 3.2.61/1040_linux-3.2.41.patch
rename to 3.2.62/1040_linux-3.2.41.patch
diff --git a/3.2.61/1041_linux-3.2.42.patch b/3.2.62/1041_linux-3.2.42.patch
similarity index 100%
rename from 3.2.61/1041_linux-3.2.42.patch
rename to 3.2.62/1041_linux-3.2.42.patch
diff --git a/3.2.61/1042_linux-3.2.43.patch b/3.2.62/1042_linux-3.2.43.patch
similarity index 100%
rename from 3.2.61/1042_linux-3.2.43.patch
rename to 3.2.62/1042_linux-3.2.43.patch
diff --git a/3.2.61/1043_linux-3.2.44.patch b/3.2.62/1043_linux-3.2.44.patch
similarity index 100%
rename from 3.2.61/1043_linux-3.2.44.patch
rename to 3.2.62/1043_linux-3.2.44.patch
diff --git a/3.2.61/1044_linux-3.2.45.patch b/3.2.62/1044_linux-3.2.45.patch
similarity index 100%
rename from 3.2.61/1044_linux-3.2.45.patch
rename to 3.2.62/1044_linux-3.2.45.patch
diff --git a/3.2.61/1045_linux-3.2.46.patch b/3.2.62/1045_linux-3.2.46.patch
similarity index 100%
rename from 3.2.61/1045_linux-3.2.46.patch
rename to 3.2.62/1045_linux-3.2.46.patch
diff --git a/3.2.61/1046_linux-3.2.47.patch b/3.2.62/1046_linux-3.2.47.patch
similarity index 100%
rename from 3.2.61/1046_linux-3.2.47.patch
rename to 3.2.62/1046_linux-3.2.47.patch
diff --git a/3.2.61/1047_linux-3.2.48.patch b/3.2.62/1047_linux-3.2.48.patch
similarity index 100%
rename from 3.2.61/1047_linux-3.2.48.patch
rename to 3.2.62/1047_linux-3.2.48.patch
diff --git a/3.2.61/1048_linux-3.2.49.patch b/3.2.62/1048_linux-3.2.49.patch
similarity index 100%
rename from 3.2.61/1048_linux-3.2.49.patch
rename to 3.2.62/1048_linux-3.2.49.patch
diff --git a/3.2.61/1049_linux-3.2.50.patch b/3.2.62/1049_linux-3.2.50.patch
similarity index 100%
rename from 3.2.61/1049_linux-3.2.50.patch
rename to 3.2.62/1049_linux-3.2.50.patch
diff --git a/3.2.61/1050_linux-3.2.51.patch b/3.2.62/1050_linux-3.2.51.patch
similarity index 100%
rename from 3.2.61/1050_linux-3.2.51.patch
rename to 3.2.62/1050_linux-3.2.51.patch
diff --git a/3.2.61/1051_linux-3.2.52.patch b/3.2.62/1051_linux-3.2.52.patch
similarity index 100%
rename from 3.2.61/1051_linux-3.2.52.patch
rename to 3.2.62/1051_linux-3.2.52.patch
diff --git a/3.2.61/1052_linux-3.2.53.patch b/3.2.62/1052_linux-3.2.53.patch
similarity index 100%
rename from 3.2.61/1052_linux-3.2.53.patch
rename to 3.2.62/1052_linux-3.2.53.patch
diff --git a/3.2.61/1053_linux-3.2.54.patch b/3.2.62/1053_linux-3.2.54.patch
similarity index 100%
rename from 3.2.61/1053_linux-3.2.54.patch
rename to 3.2.62/1053_linux-3.2.54.patch
diff --git a/3.2.61/1054_linux-3.2.55.patch b/3.2.62/1054_linux-3.2.55.patch
similarity index 100%
rename from 3.2.61/1054_linux-3.2.55.patch
rename to 3.2.62/1054_linux-3.2.55.patch
diff --git a/3.2.61/1055_linux-3.2.56.patch b/3.2.62/1055_linux-3.2.56.patch
similarity index 100%
rename from 3.2.61/1055_linux-3.2.56.patch
rename to 3.2.62/1055_linux-3.2.56.patch
diff --git a/3.2.61/1056_linux-3.2.57.patch b/3.2.62/1056_linux-3.2.57.patch
similarity index 100%
rename from 3.2.61/1056_linux-3.2.57.patch
rename to 3.2.62/1056_linux-3.2.57.patch
diff --git a/3.2.61/1057_linux-3.2.58.patch b/3.2.62/1057_linux-3.2.58.patch
similarity index 100%
rename from 3.2.61/1057_linux-3.2.58.patch
rename to 3.2.62/1057_linux-3.2.58.patch
diff --git a/3.2.61/1058_linux-3.2.59.patch b/3.2.62/1058_linux-3.2.59.patch
similarity index 100%
rename from 3.2.61/1058_linux-3.2.59.patch
rename to 3.2.62/1058_linux-3.2.59.patch
diff --git a/3.2.61/1059_linux-3.2.60.patch b/3.2.62/1059_linux-3.2.60.patch
similarity index 100%
rename from 3.2.61/1059_linux-3.2.60.patch
rename to 3.2.62/1059_linux-3.2.60.patch
diff --git a/3.2.61/1060_linux-3.2.61.patch b/3.2.62/1060_linux-3.2.61.patch
similarity index 100%
rename from 3.2.61/1060_linux-3.2.61.patch
rename to 3.2.62/1060_linux-3.2.61.patch
diff --git a/3.2.62/1061_linux-3.2.62.patch b/3.2.62/1061_linux-3.2.62.patch
new file mode 100644
index 0000000..34217f0
--- /dev/null
+++ b/3.2.62/1061_linux-3.2.62.patch
@@ -0,0 +1,3129 @@
+diff --git a/Makefile b/Makefile
+index f8b642d..30a5c65 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 3
+ PATCHLEVEL = 2
+-SUBLEVEL = 61
++SUBLEVEL = 62
+ EXTRAVERSION =
+ NAME = Saber-toothed Squirrel
+
+diff --git a/arch/alpha/include/asm/io.h b/arch/alpha/include/asm/io.h
+index 56ff965..6365ef2 100644
+--- a/arch/alpha/include/asm/io.h
++++ b/arch/alpha/include/asm/io.h
+@@ -490,6 +490,11 @@ extern inline void writeq(u64 b, volatile void __iomem *addr)
+ }
+ #endif
+
++#define ioread16be(p) be16_to_cpu(ioread16(p))
++#define ioread32be(p) be32_to_cpu(ioread32(p))
++#define iowrite16be(v,p) iowrite16(cpu_to_be16(v), (p))
++#define iowrite32be(v,p) iowrite32(cpu_to_be32(v), (p))
++
+ #define inb_p inb
+ #define inw_p inw
+ #define inl_p inl
+diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
+index 790ea68..082bd36 100644
+--- a/arch/arm/Kconfig
++++ b/arch/arm/Kconfig
+@@ -1,6 +1,7 @@
+ config ARM
+ bool
+ default y
++ select ARCH_SUPPORTS_ATOMIC_RMW
+ select HAVE_DMA_API_DEBUG
+ select HAVE_IDE if PCI || ISA || PCMCIA
+ select HAVE_MEMBLOCK
+diff --git a/arch/arm/lib/memset.S b/arch/arm/lib/memset.S
+index 650d5923..94b0650 100644
+--- a/arch/arm/lib/memset.S
++++ b/arch/arm/lib/memset.S
+@@ -14,27 +14,15 @@
+
+ .text
+ .align 5
+- .word 0
+-
+-1: subs r2, r2, #4 @ 1 do we have enough
+- blt 5f @ 1 bytes to align with?
+- cmp r3, #2 @ 1
+- strltb r1, [r0], #1 @ 1
+- strleb r1, [r0], #1 @ 1
+- strb r1, [r0], #1 @ 1
+- add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3))
+-/*
+- * The pointer is now aligned and the length is adjusted. Try doing the
+- * memset again.
+- */
+
+ ENTRY(memset)
+ ands r3, r0, #3 @ 1 unaligned?
+- bne 1b @ 1
++ mov ip, r0 @ preserve r0 as return value
++ bne 6f @ 1
+ /*
+- * we know that the pointer in r0 is aligned to a word boundary.
++ * we know that the pointer in ip is aligned to a word boundary.
+ */
+- orr r1, r1, r1, lsl #8
++1: orr r1, r1, r1, lsl #8
+ orr r1, r1, r1, lsl #16
+ mov r3, r1
+ cmp r2, #16
+@@ -43,29 +31,28 @@ ENTRY(memset)
+ #if ! CALGN(1)+0
+
+ /*
+- * We need an extra register for this loop - save the return address and
+- * use the LR
++ * We need 2 extra registers for this loop - use r8 and the LR
+ */
+- str lr, [sp, #-4]!
+- mov ip, r1
++ stmfd sp!, {r8, lr}
++ mov r8, r1
+ mov lr, r1
+
+ 2: subs r2, r2, #64
+- stmgeia r0!, {r1, r3, ip, lr} @ 64 bytes at a time.
+- stmgeia r0!, {r1, r3, ip, lr}
+- stmgeia r0!, {r1, r3, ip, lr}
+- stmgeia r0!, {r1, r3, ip, lr}
++ stmgeia ip!, {r1, r3, r8, lr} @ 64 bytes at a time.
++ stmgeia ip!, {r1, r3, r8, lr}
++ stmgeia ip!, {r1, r3, r8, lr}
++ stmgeia ip!, {r1, r3, r8, lr}
+ bgt 2b
+- ldmeqfd sp!, {pc} @ Now <64 bytes to go.
++ ldmeqfd sp!, {r8, pc} @ Now <64 bytes to go.
+ /*
+ * No need to correct the count; we're only testing bits from now on
+ */
+ tst r2, #32
+- stmneia r0!, {r1, r3, ip, lr}
+- stmneia r0!, {r1, r3, ip, lr}
++ stmneia ip!, {r1, r3, r8, lr}
++ stmneia ip!, {r1, r3, r8, lr}
+ tst r2, #16
+- stmneia r0!, {r1, r3, ip, lr}
+- ldr lr, [sp], #4
++ stmneia ip!, {r1, r3, r8, lr}
++ ldmfd sp!, {r8, lr}
+
+ #else
+
+@@ -74,54 +61,63 @@ ENTRY(memset)
+ * whole cache lines at once.
+ */
+
+- stmfd sp!, {r4-r7, lr}
++ stmfd sp!, {r4-r8, lr}
+ mov r4, r1
+ mov r5, r1
+ mov r6, r1
+ mov r7, r1
+- mov ip, r1
++ mov r8, r1
+ mov lr, r1
+
+ cmp r2, #96
+- tstgt r0, #31
++ tstgt ip, #31
+ ble 3f
+
+- and ip, r0, #31
+- rsb ip, ip, #32
+- sub r2, r2, ip
+- movs ip, ip, lsl #(32 - 4)
+- stmcsia r0!, {r4, r5, r6, r7}
+- stmmiia r0!, {r4, r5}
+- tst ip, #(1 << 30)
+- mov ip, r1
+- strne r1, [r0], #4
++ and r8, ip, #31
++ rsb r8, r8, #32
++ sub r2, r2, r8
++ movs r8, r8, lsl #(32 - 4)
++ stmcsia ip!, {r4, r5, r6, r7}
++ stmmiia ip!, {r4, r5}
++ tst r8, #(1 << 30)
++ mov r8, r1
++ strne r1, [ip], #4
+
+ 3: subs r2, r2, #64
+- stmgeia r0!, {r1, r3-r7, ip, lr}
+- stmgeia r0!, {r1, r3-r7, ip, lr}
++ stmgeia ip!, {r1, r3-r8, lr}
++ stmgeia ip!, {r1, r3-r8, lr}
+ bgt 3b
+- ldmeqfd sp!, {r4-r7, pc}
++ ldmeqfd sp!, {r4-r8, pc}
+
+ tst r2, #32
+- stmneia r0!, {r1, r3-r7, ip, lr}
++ stmneia ip!, {r1, r3-r8, lr}
+ tst r2, #16
+- stmneia r0!, {r4-r7}
+- ldmfd sp!, {r4-r7, lr}
++ stmneia ip!, {r4-r7}
++ ldmfd sp!, {r4-r8, lr}
+
+ #endif
+
+ 4: tst r2, #8
+- stmneia r0!, {r1, r3}
++ stmneia ip!, {r1, r3}
+ tst r2, #4
+- strne r1, [r0], #4
++ strne r1, [ip], #4
+ /*
+ * When we get here, we've got less than 4 bytes to zero. We
+ * may have an unaligned pointer as well.
+ */
+ 5: tst r2, #2
+- strneb r1, [r0], #1
+- strneb r1, [r0], #1
++ strneb r1, [ip], #1
++ strneb r1, [ip], #1
+ tst r2, #1
+- strneb r1, [r0], #1
++ strneb r1, [ip], #1
+ mov pc, lr
++
++6: subs r2, r2, #4 @ 1 do we have enough
++ blt 5b @ 1 bytes to align with?
++ cmp r3, #2 @ 1
++ strltb r1, [ip], #1 @ 1
++ strleb r1, [ip], #1 @ 1
++ strb r1, [ip], #1 @ 1
++ add r2, r2, r3 @ 1 (r2 = r2 - (4 - r3))
++ b 1b
+ ENDPROC(memset)
+diff --git a/arch/arm/mach-omap2/mux.c b/arch/arm/mach-omap2/mux.c
+index 655e948..449f955 100644
+--- a/arch/arm/mach-omap2/mux.c
++++ b/arch/arm/mach-omap2/mux.c
+@@ -182,8 +182,10 @@ static int __init _omap_mux_get_by_name(struct omap_mux_partition *partition,
+ m0_entry = mux->muxnames[0];
+
+ /* First check for full name in mode0.muxmode format */
+- if (mode0_len && strncmp(muxname, m0_entry, mode0_len))
+- continue;
++ if (mode0_len)
++ if (strncmp(muxname, m0_entry, mode0_len) ||
++ (strlen(m0_entry) != mode0_len))
++ continue;
+
+ /* Then check for muxmode only */
+ for (i = 0; i < OMAP_MUX_NR_MODES; i++) {
+diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
+index 16ef838..bec952d 100644
+--- a/arch/powerpc/Kconfig
++++ b/arch/powerpc/Kconfig
+@@ -137,6 +137,7 @@ config PPC
+ select HAVE_BPF_JIT if (PPC64 && NET)
+ select HAVE_ARCH_JUMP_LABEL
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config EARLY_PRINTK
+ bool
+diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
+index afe82bc..b76230b 100644
+--- a/arch/s390/kernel/ptrace.c
++++ b/arch/s390/kernel/ptrace.c
+@@ -292,7 +292,9 @@ static int __poke_user(struct task_struct *child, addr_t addr, addr_t data)
+ * psw and gprs are stored on the stack
+ */
+ if (addr == (addr_t) &dummy->regs.psw.mask &&
+- ((data & ~PSW_MASK_USER) != psw_user_bits ||
++ (((data^psw_user_bits) & ~PSW_MASK_USER) ||
++ (((data^psw_user_bits) & PSW_MASK_ASC) &&
++ ((data|psw_user_bits) & PSW_MASK_ASC) == PSW_MASK_ASC) ||
+ ((data & PSW_MASK_EA) && !(data & PSW_MASK_BA))))
+ /* Invalid psw mask. */
+ return -EINVAL;
+@@ -595,7 +597,10 @@ static int __poke_user_compat(struct task_struct *child,
+ */
+ if (addr == (addr_t) &dummy32->regs.psw.mask) {
+ /* Build a 64 bit psw mask from 31 bit mask. */
+- if ((tmp & ~PSW32_MASK_USER) != psw32_user_bits)
++ if (((tmp^psw32_user_bits) & ~PSW32_MASK_USER) ||
++ (((tmp^psw32_user_bits) & PSW32_MASK_ASC) &&
++ ((tmp|psw32_user_bits) & PSW32_MASK_ASC)
++ == PSW32_MASK_ASC))
+ /* Invalid psw mask. */
+ return -EINVAL;
+ regs->psw.mask = (regs->psw.mask & ~PSW_MASK_USER) |
+diff --git a/arch/score/Kconfig b/arch/score/Kconfig
+index df169e8..beb9f21 100644
+--- a/arch/score/Kconfig
++++ b/arch/score/Kconfig
+@@ -108,3 +108,6 @@ source "security/Kconfig"
+ source "crypto/Kconfig"
+
+ source "lib/Kconfig"
++
++config NO_IOMEM
++ def_bool y
+diff --git a/arch/score/include/asm/io.h b/arch/score/include/asm/io.h
+index fbbfd71..574c8827 100644
+--- a/arch/score/include/asm/io.h
++++ b/arch/score/include/asm/io.h
+@@ -5,5 +5,4 @@
+
+ #define virt_to_bus virt_to_phys
+ #define bus_to_virt phys_to_virt
+-
+ #endif /* _ASM_SCORE_IO_H */
+diff --git a/arch/score/include/asm/pgalloc.h b/arch/score/include/asm/pgalloc.h
+index 059a61b..716b3fd 100644
+--- a/arch/score/include/asm/pgalloc.h
++++ b/arch/score/include/asm/pgalloc.h
+@@ -2,7 +2,7 @@
+ #define _ASM_SCORE_PGALLOC_H
+
+ #include <linux/mm.h>
+-
++#include <linux/highmem.h>
+ static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
+ pte_t *pte)
+ {
+diff --git a/arch/score/kernel/entry.S b/arch/score/kernel/entry.S
+index 83bb960..89702ac 100644
+--- a/arch/score/kernel/entry.S
++++ b/arch/score/kernel/entry.S
+@@ -264,7 +264,7 @@ resume_kernel:
+ disable_irq
+ lw r8, [r28, TI_PRE_COUNT]
+ cmpz.c r8
+- bne r8, restore_all
++ bne restore_all
+ need_resched:
+ lw r8, [r28, TI_FLAGS]
+ andri.c r9, r8, _TIF_NEED_RESCHED
+@@ -408,7 +408,7 @@ ENTRY(handle_sys)
+ sw r9, [r0, PT_EPC]
+
+ cmpi.c r27, __NR_syscalls # check syscall number
+- bgeu illegal_syscall
++ bcs illegal_syscall
+
+ slli r8, r27, 2 # get syscall routine
+ la r11, sys_call_table
+diff --git a/arch/score/kernel/init_task.c b/arch/score/kernel/init_task.c
+index baa03ee..753a9f1 100644
+--- a/arch/score/kernel/init_task.c
++++ b/arch/score/kernel/init_task.c
+@@ -23,6 +23,7 @@
+
+ #include <linux/init_task.h>
+ #include <linux/mqueue.h>
++#include <linux/export.h>
+
+ static struct signal_struct init_signals = INIT_SIGNALS(init_signals);
+ static struct sighand_struct init_sighand = INIT_SIGHAND(init_sighand);
+diff --git a/arch/score/kernel/vmlinux.lds.S b/arch/score/kernel/vmlinux.lds.S
+index eebcbaa..7274b5c 100644
+--- a/arch/score/kernel/vmlinux.lds.S
++++ b/arch/score/kernel/vmlinux.lds.S
+@@ -49,6 +49,7 @@ SECTIONS
+ }
+
+ . = ALIGN(16);
++ _sdata = .; /* Start of data section */
+ RODATA
+
+ EXCEPTION_TABLE(16)
+diff --git a/arch/score/mm/init.c b/arch/score/mm/init.c
+index cee6bce..150a3e6 100644
+--- a/arch/score/mm/init.c
++++ b/arch/score/mm/init.c
+@@ -34,6 +34,7 @@
+ #include <linux/proc_fs.h>
+ #include <linux/sched.h>
+ #include <linux/initrd.h>
++#include <linux/export.h>
+
+ #include <asm/sections.h>
+ #include <asm/tlb.h>
+diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig
+index 88d442d..f2f3574d 100644
+--- a/arch/sparc/Kconfig
++++ b/arch/sparc/Kconfig
+@@ -57,6 +57,7 @@ config SPARC64
+ select IRQ_PREFLOW_FASTEOI
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
+ select HAVE_C_RECORDMCOUNT
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config ARCH_DEFCONFIG
+ string
+diff --git a/arch/unicore32/Kconfig b/arch/unicore32/Kconfig
+index 942ed61..35e8ff1 100644
+--- a/arch/unicore32/Kconfig
++++ b/arch/unicore32/Kconfig
+@@ -6,6 +6,7 @@ config UNICORE32
+ select HAVE_DMA_ATTRS
+ select HAVE_KERNEL_GZIP
+ select HAVE_KERNEL_BZIP2
++ select GENERIC_ATOMIC64
+ select HAVE_KERNEL_LZO
+ select HAVE_KERNEL_LZMA
+ select GENERIC_FIND_FIRST_BIT
+diff --git a/arch/unicore32/include/asm/io.h b/arch/unicore32/include/asm/io.h
+index 1a5c5a5..499594f 100644
+--- a/arch/unicore32/include/asm/io.h
++++ b/arch/unicore32/include/asm/io.h
+@@ -37,6 +37,7 @@ extern void __uc32_iounmap(volatile void __iomem *addr);
+ */
+ #define ioremap(cookie, size) __uc32_ioremap(cookie, size)
+ #define ioremap_cached(cookie, size) __uc32_ioremap_cached(cookie, size)
++#define ioremap_nocache(cookie, size) __uc32_ioremap(cookie, size)
+ #define iounmap(cookie) __uc32_iounmap(cookie)
+
+ /*
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index fb2e69d..901447e 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -75,6 +75,7 @@ config X86
+ select HAVE_BPF_JIT if (X86_64 && NET)
+ select CLKEVT_I8253
+ select ARCH_HAVE_NMI_SAFE_CMPXCHG
++ select ARCH_SUPPORTS_ATOMIC_RMW
+
+ config INSTRUCTION_DECODER
+ def_bool (KPROBES || PERF_EVENTS)
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
+index cfb5a40..b3eb9a7 100644
+--- a/arch/x86/include/asm/kvm_host.h
++++ b/arch/x86/include/asm/kvm_host.h
+@@ -98,7 +98,7 @@
+ #define KVM_REFILL_PAGES 25
+ #define KVM_MAX_CPUID_ENTRIES 80
+ #define KVM_NR_FIXED_MTRR_REGION 88
+-#define KVM_NR_VAR_MTRR 8
++#define KVM_NR_VAR_MTRR 10
+
+ #define ASYNC_PF_PER_VCPU 64
+
+@@ -418,7 +418,7 @@ struct kvm_vcpu_arch {
+ bool nmi_injected; /* Trying to inject an NMI this entry */
+
+ struct mtrr_state_type mtrr_state;
+- u32 pat;
++ u64 pat;
+
+ int switch_db_regs;
+ unsigned long db[KVM_NR_DB_REGS];
+diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
+index 4bb12f7..cba1883 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel.c
++++ b/arch/x86/kernel/cpu/perf_event_intel.c
+@@ -1048,6 +1048,15 @@ again:
+ intel_pmu_lbr_read();
+
+ /*
++ * CondChgd bit 63 doesn't mean any overflow status. Ignore
++ * and clear the bit.
++ */
++ if (__test_and_clear_bit(63, (unsigned long *)&status)) {
++ if (!status)
++ goto done;
++ }
++
++ /*
+ * PEBS overflow sets bit 62 in the global status register
+ */
+ if (__test_and_clear_bit(62, (unsigned long *)&status)) {
+diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
+index db090f6..dd52355 100644
+--- a/arch/x86/kernel/entry_32.S
++++ b/arch/x86/kernel/entry_32.S
+@@ -429,8 +429,8 @@ sysenter_do_call:
+ cmpl $(nr_syscalls), %eax
+ jae sysenter_badsys
+ call *sys_call_table(,%eax,4)
+- movl %eax,PT_EAX(%esp)
+ sysenter_after_call:
++ movl %eax,PT_EAX(%esp)
+ LOCKDEP_SYS_EXIT
+ DISABLE_INTERRUPTS(CLBR_ANY)
+ TRACE_IRQS_OFF
+@@ -512,6 +512,7 @@ ENTRY(system_call)
+ jae syscall_badsys
+ syscall_call:
+ call *sys_call_table(,%eax,4)
++syscall_after_call:
+ movl %eax,PT_EAX(%esp) # store the return value
+ syscall_exit:
+ LOCKDEP_SYS_EXIT
+@@ -553,11 +554,6 @@ ENTRY(iret_exc)
+
+ CFI_RESTORE_STATE
+ ldt_ss:
+- larl PT_OLDSS(%esp), %eax
+- jnz restore_nocheck
+- testl $0x00400000, %eax # returning to 32bit stack?
+- jnz restore_nocheck # allright, normal return
+-
+ #ifdef CONFIG_PARAVIRT
+ /*
+ * The kernel can't run on a non-flat stack if paravirt mode
+@@ -681,12 +677,12 @@ syscall_fault:
+ END(syscall_fault)
+
+ syscall_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
+- jmp syscall_exit
++ movl $-ENOSYS,%eax
++ jmp syscall_after_call
+ END(syscall_badsys)
+
+ sysenter_badsys:
+- movl $-ENOSYS,PT_EAX(%esp)
++ movl $-ENOSYS,%eax
+ jmp sysenter_after_call
+ END(syscall_badsys)
+ CFI_ENDPROC
+diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
+index be1ef57..dec49d3 100644
+--- a/arch/x86/mm/ioremap.c
++++ b/arch/x86/mm/ioremap.c
+@@ -50,6 +50,21 @@ int ioremap_change_attr(unsigned long vaddr, unsigned long size,
+ return err;
+ }
+
++static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
++ void *arg)
++{
++ unsigned long i;
++
++ for (i = 0; i < nr_pages; ++i)
++ if (pfn_valid(start_pfn + i) &&
++ !PageReserved(pfn_to_page(start_pfn + i)))
++ return 1;
++
++ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
++
++ return 0;
++}
++
+ /*
+ * Remap an arbitrary physical address space into the kernel virtual
+ * address space. Needed when the kernel wants to access high addresses
+@@ -93,14 +108,11 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
+ /*
+ * Don't allow anybody to remap normal RAM that we're using..
+ */
++ pfn = phys_addr >> PAGE_SHIFT;
+ last_pfn = last_addr >> PAGE_SHIFT;
+- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
+- int is_ram = page_is_ram(pfn);
+-
+- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
+- return NULL;
+- WARN_ON_ONCE(is_ram);
+- }
++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL,
++ __ioremap_check_ram) == 1)
++ return NULL;
+
+ /*
+ * Mappings have to be page-aligned
+diff --git a/crypto/testmgr.h b/crypto/testmgr.h
+index 37b4d8f..a4de4ae 100644
+--- a/crypto/testmgr.h
++++ b/crypto/testmgr.h
+@@ -10428,38 +10428,40 @@ static struct pcomp_testvec zlib_decomp_tv_template[] = {
+ static struct comp_testvec lzo_comp_tv_template[] = {
+ {
+ .inlen = 70,
+- .outlen = 46,
++ .outlen = 57,
+ .input = "Join us now and share the software "
+ "Join us now and share the software ",
+ .output = "\x00\x0d\x4a\x6f\x69\x6e\x20\x75"
+- "\x73\x20\x6e\x6f\x77\x20\x61\x6e"
+- "\x64\x20\x73\x68\x61\x72\x65\x20"
+- "\x74\x68\x65\x20\x73\x6f\x66\x74"
+- "\x77\x70\x01\x01\x4a\x6f\x69\x6e"
+- "\x3d\x88\x00\x11\x00\x00",
++ "\x73\x20\x6e\x6f\x77\x20\x61\x6e"
++ "\x64\x20\x73\x68\x61\x72\x65\x20"
++ "\x74\x68\x65\x20\x73\x6f\x66\x74"
++ "\x77\x70\x01\x32\x88\x00\x0c\x65"
++ "\x20\x74\x68\x65\x20\x73\x6f\x66"
++ "\x74\x77\x61\x72\x65\x20\x11\x00"
++ "\x00",
+ }, {
+ .inlen = 159,
+- .outlen = 133,
++ .outlen = 131,
+ .input = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+- .output = "\x00\x2b\x54\x68\x69\x73\x20\x64"
++ .output = "\x00\x2c\x54\x68\x69\x73\x20\x64"
+ "\x6f\x63\x75\x6d\x65\x6e\x74\x20"
+ "\x64\x65\x73\x63\x72\x69\x62\x65"
+ "\x73\x20\x61\x20\x63\x6f\x6d\x70"
+ "\x72\x65\x73\x73\x69\x6f\x6e\x20"
+ "\x6d\x65\x74\x68\x6f\x64\x20\x62"
+ "\x61\x73\x65\x64\x20\x6f\x6e\x20"
+- "\x74\x68\x65\x20\x4c\x5a\x4f\x2b"
+- "\x8c\x00\x0d\x61\x6c\x67\x6f\x72"
+- "\x69\x74\x68\x6d\x2e\x20\x20\x54"
+- "\x68\x69\x73\x2a\x54\x01\x02\x66"
+- "\x69\x6e\x65\x73\x94\x06\x05\x61"
+- "\x70\x70\x6c\x69\x63\x61\x74\x76"
+- "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+- "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+- "\x20\x69\x6e\x20\x55\x42\x49\x46"
+- "\x53\x2e\x11\x00\x00",
++ "\x74\x68\x65\x20\x4c\x5a\x4f\x20"
++ "\x2a\x8c\x00\x09\x61\x6c\x67\x6f"
++ "\x72\x69\x74\x68\x6d\x2e\x20\x20"
++ "\x2e\x54\x01\x03\x66\x69\x6e\x65"
++ "\x73\x20\x74\x06\x05\x61\x70\x70"
++ "\x6c\x69\x63\x61\x74\x76\x0a\x6f"
++ "\x66\x88\x02\x60\x09\x27\xf0\x00"
++ "\x0c\x20\x75\x73\x65\x64\x20\x69"
++ "\x6e\x20\x55\x42\x49\x46\x53\x2e"
++ "\x11\x00\x00",
+ },
+ };
+
+diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
+index c749b93..a79332a 100644
+--- a/drivers/acpi/battery.c
++++ b/drivers/acpi/battery.c
+@@ -34,6 +34,7 @@
+ #include <linux/dmi.h>
+ #include <linux/slab.h>
+ #include <linux/suspend.h>
++#include <linux/delay.h>
+ #include <asm/unaligned.h>
+
+ #ifdef CONFIG_ACPI_PROCFS_POWER
+@@ -1055,6 +1056,28 @@ static int battery_notify(struct notifier_block *nb,
+ return 0;
+ }
+
++/*
++ * Some machines'(E,G Lenovo Z480) ECs are not stable
++ * during boot up and this causes battery driver fails to be
++ * probed due to failure of getting battery information
++ * from EC sometimes. After several retries, the operation
++ * may work. So add retry code here and 20ms sleep between
++ * every retries.
++ */
++static int acpi_battery_update_retry(struct acpi_battery *battery)
++{
++ int retry, ret;
++
++ for (retry = 5; retry; retry--) {
++ ret = acpi_battery_update(battery);
++ if (!ret)
++ break;
++
++ msleep(20);
++ }
++ return ret;
++}
++
+ static int acpi_battery_add(struct acpi_device *device)
+ {
+ int result = 0;
+@@ -1074,9 +1097,11 @@ static int acpi_battery_add(struct acpi_device *device)
+ if (ACPI_SUCCESS(acpi_get_handle(battery->device->handle,
+ "_BIX", &handle)))
+ set_bit(ACPI_BATTERY_XINFO_PRESENT, &battery->flags);
+- result = acpi_battery_update(battery);
++
++ result = acpi_battery_update_retry(battery);
+ if (result)
+ goto fail;
++
+ #ifdef CONFIG_ACPI_PROCFS_POWER
+ result = acpi_battery_add_fs(device);
+ #endif
+diff --git a/drivers/acpi/ec.c b/drivers/acpi/ec.c
+index 3923064..48fd158 100644
+--- a/drivers/acpi/ec.c
++++ b/drivers/acpi/ec.c
+@@ -81,6 +81,9 @@ enum {
+ EC_FLAGS_BLOCKED, /* Transactions are blocked */
+ };
+
++#define ACPI_EC_COMMAND_POLL 0x01 /* Available for command byte */
++#define ACPI_EC_COMMAND_COMPLETE 0x02 /* Completed last byte */
++
+ /* ec.c is compiled in acpi namespace so this shows up as acpi.ec_delay param */
+ static unsigned int ec_delay __read_mostly = ACPI_EC_DELAY;
+ module_param(ec_delay, uint, 0644);
+@@ -116,7 +119,7 @@ struct transaction {
+ u8 ri;
+ u8 wlen;
+ u8 rlen;
+- bool done;
++ u8 flags;
+ };
+
+ struct acpi_ec *boot_ec, *first_ec;
+@@ -157,53 +160,74 @@ static inline void acpi_ec_write_data(struct acpi_ec *ec, u8 data)
+ outb(data, ec->data_addr);
+ }
+
+-static int ec_transaction_done(struct acpi_ec *ec)
++static int ec_transaction_completed(struct acpi_ec *ec)
+ {
+ unsigned long flags;
+ int ret = 0;
+ spin_lock_irqsave(&ec->curr_lock, flags);
+- if (!ec->curr || ec->curr->done)
++ if (ec->curr && (ec->curr->flags & ACPI_EC_COMMAND_COMPLETE))
+ ret = 1;
+ spin_unlock_irqrestore(&ec->curr_lock, flags);
+ return ret;
+ }
+
+-static void start_transaction(struct acpi_ec *ec)
++static bool advance_transaction(struct acpi_ec *ec)
+ {
+- ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0;
+- ec->curr->done = false;
+- acpi_ec_write_cmd(ec, ec->curr->command);
+-}
+-
+-static void advance_transaction(struct acpi_ec *ec, u8 status)
+-{
+- unsigned long flags;
+- spin_lock_irqsave(&ec->curr_lock, flags);
+- if (!ec->curr)
+- goto unlock;
+- if (ec->curr->wlen > ec->curr->wi) {
+- if ((status & ACPI_EC_FLAG_IBF) == 0)
+- acpi_ec_write_data(ec,
+- ec->curr->wdata[ec->curr->wi++]);
+- else
+- goto err;
+- } else if (ec->curr->rlen > ec->curr->ri) {
+- if ((status & ACPI_EC_FLAG_OBF) == 1) {
+- ec->curr->rdata[ec->curr->ri++] = acpi_ec_read_data(ec);
+- if (ec->curr->rlen == ec->curr->ri)
+- ec->curr->done = true;
++ struct transaction *t;
++ u8 status;
++ bool wakeup = false;
++
++ pr_debug(PREFIX "===== %s =====\n", in_interrupt() ? "IRQ" : "TASK");
++ status = acpi_ec_read_status(ec);
++ t = ec->curr;
++ if (!t)
++ goto err;
++ if (t->flags & ACPI_EC_COMMAND_POLL) {
++ if (t->wlen > t->wi) {
++ if ((status & ACPI_EC_FLAG_IBF) == 0)
++ acpi_ec_write_data(ec, t->wdata[t->wi++]);
++ else
++ goto err;
++ } else if (t->rlen > t->ri) {
++ if ((status & ACPI_EC_FLAG_OBF) == 1) {
++ t->rdata[t->ri++] = acpi_ec_read_data(ec);
++ if (t->rlen == t->ri) {
++ t->flags |= ACPI_EC_COMMAND_COMPLETE;
++ wakeup = true;
++ }
++ } else
++ goto err;
++ } else if (t->wlen == t->wi &&
++ (status & ACPI_EC_FLAG_IBF) == 0) {
++ t->flags |= ACPI_EC_COMMAND_COMPLETE;
++ wakeup = true;
++ }
++ return wakeup;
++ } else {
++ if ((status & ACPI_EC_FLAG_IBF) == 0) {
++ acpi_ec_write_cmd(ec, t->command);
++ t->flags |= ACPI_EC_COMMAND_POLL;
+ } else
+ goto err;
+- } else if (ec->curr->wlen == ec->curr->wi &&
+- (status & ACPI_EC_FLAG_IBF) == 0)
+- ec->curr->done = true;
+- goto unlock;
++ return wakeup;
++ }
+ err:
+- /* false interrupt, state didn't change */
+- if (in_interrupt())
+- ++ec->curr->irq_count;
+-unlock:
+- spin_unlock_irqrestore(&ec->curr_lock, flags);
++ /*
++ * If SCI bit is set, then don't think it's a false IRQ
++ * otherwise will take a not handled IRQ as a false one.
++ */
++ if (!(status & ACPI_EC_FLAG_SCI)) {
++ if (in_interrupt() && t)
++ ++t->irq_count;
++ }
++ return wakeup;
++}
++
++static void start_transaction(struct acpi_ec *ec)
++{
++ ec->curr->irq_count = ec->curr->wi = ec->curr->ri = 0;
++ ec->curr->flags = 0;
++ (void)advance_transaction(ec);
+ }
+
+ static int acpi_ec_sync_query(struct acpi_ec *ec, u8 *data);
+@@ -228,15 +252,17 @@ static int ec_poll(struct acpi_ec *ec)
+ /* don't sleep with disabled interrupts */
+ if (EC_FLAGS_MSI || irqs_disabled()) {
+ udelay(ACPI_EC_MSI_UDELAY);
+- if (ec_transaction_done(ec))
++ if (ec_transaction_completed(ec))
+ return 0;
+ } else {
+ if (wait_event_timeout(ec->wait,
+- ec_transaction_done(ec),
++ ec_transaction_completed(ec),
+ msecs_to_jiffies(1)))
+ return 0;
+ }
+- advance_transaction(ec, acpi_ec_read_status(ec));
++ spin_lock_irqsave(&ec->curr_lock, flags);
++ (void)advance_transaction(ec);
++ spin_unlock_irqrestore(&ec->curr_lock, flags);
+ } while (time_before(jiffies, delay));
+ pr_debug(PREFIX "controller reset, restart transaction\n");
+ spin_lock_irqsave(&ec->curr_lock, flags);
+@@ -268,23 +294,6 @@ static int acpi_ec_transaction_unlocked(struct acpi_ec *ec,
+ return ret;
+ }
+
+-static int ec_check_ibf0(struct acpi_ec *ec)
+-{
+- u8 status = acpi_ec_read_status(ec);
+- return (status & ACPI_EC_FLAG_IBF) == 0;
+-}
+-
+-static int ec_wait_ibf0(struct acpi_ec *ec)
+-{
+- unsigned long delay = jiffies + msecs_to_jiffies(ec_delay);
+- /* interrupt wait manually if GPE mode is not active */
+- while (time_before(jiffies, delay))
+- if (wait_event_timeout(ec->wait, ec_check_ibf0(ec),
+- msecs_to_jiffies(1)))
+- return 0;
+- return -ETIME;
+-}
+-
+ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ {
+ int status;
+@@ -305,13 +314,8 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ goto unlock;
+ }
+ }
+- if (ec_wait_ibf0(ec)) {
+- pr_err(PREFIX "input buffer is not empty, "
+- "aborting transaction\n");
+- status = -ETIME;
+- goto end;
+- }
+- pr_debug(PREFIX "transaction start\n");
++ pr_debug(PREFIX "transaction start (cmd=0x%02x, addr=0x%02x)\n",
++ t->command, t->wdata ? t->wdata[0] : 0);
+ /* disable GPE during transaction if storm is detected */
+ if (test_bit(EC_FLAGS_GPE_STORM, &ec->flags)) {
+ /* It has to be disabled, so that it doesn't trigger. */
+@@ -327,12 +331,12 @@ static int acpi_ec_transaction(struct acpi_ec *ec, struct transaction *t)
+ /* It is safe to enable the GPE outside of the transaction. */
+ acpi_enable_gpe(NULL, ec->gpe);
+ } else if (t->irq_count > ec_storm_threshold) {
+- pr_info(PREFIX "GPE storm detected, "
+- "transactions will use polling mode\n");
++ pr_info(PREFIX "GPE storm detected(%d GPEs), "
++ "transactions will use polling mode\n",
++ t->irq_count);
+ set_bit(EC_FLAGS_GPE_STORM, &ec->flags);
+ }
+ pr_debug(PREFIX "transaction end\n");
+-end:
+ if (ec->global_lock)
+ acpi_release_global_lock(glk);
+ unlock:
+@@ -404,7 +408,7 @@ int ec_burst_disable(void)
+
+ EXPORT_SYMBOL(ec_burst_disable);
+
+-int ec_read(u8 addr, u8 * val)
++int ec_read(u8 addr, u8 *val)
+ {
+ int err;
+ u8 temp_data;
+@@ -642,16 +646,14 @@ static int ec_check_sci(struct acpi_ec *ec, u8 state)
+ static u32 acpi_ec_gpe_handler(acpi_handle gpe_device,
+ u32 gpe_number, void *data)
+ {
++ unsigned long flags;
+ struct acpi_ec *ec = data;
+
+- pr_debug(PREFIX "~~~> interrupt\n");
+-
+- advance_transaction(ec, acpi_ec_read_status(ec));
+- if (ec_transaction_done(ec) &&
+- (acpi_ec_read_status(ec) & ACPI_EC_FLAG_IBF) == 0) {
++ spin_lock_irqsave(&ec->curr_lock, flags);
++ if (advance_transaction(ec))
+ wake_up(&ec->wait);
+- ec_check_sci(ec, acpi_ec_read_status(ec));
+- }
++ spin_unlock_irqrestore(&ec->curr_lock, flags);
++ ec_check_sci(ec, acpi_ec_read_status(ec));
+ return ACPI_INTERRUPT_HANDLED | ACPI_REENABLE_GPE;
+ }
+
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index 2b662725..2ddf736 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -4711,6 +4711,10 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words)
+ * ata_qc_new - Request an available ATA command, for queueing
+ * @ap: target port
+ *
++ * Some ATA host controllers may implement a queue depth which is less
++ * than ATA_MAX_QUEUE. So we shouldn't allocate a tag which is beyond
++ * the hardware limitation.
++ *
+ * LOCKING:
+ * None.
+ */
+@@ -4718,14 +4722,15 @@ void swap_buf_le16(u16 *buf, unsigned int buf_words)
+ static struct ata_queued_cmd *ata_qc_new(struct ata_port *ap)
+ {
+ struct ata_queued_cmd *qc = NULL;
++ unsigned int max_queue = ap->host->n_tags;
+ unsigned int i, tag;
+
+ /* no command while frozen */
+ if (unlikely(ap->pflags & ATA_PFLAG_FROZEN))
+ return NULL;
+
+- for (i = 0; i < ATA_MAX_QUEUE; i++) {
+- tag = (i + ap->last_tag + 1) % ATA_MAX_QUEUE;
++ for (i = 0, tag = ap->last_tag + 1; i < max_queue; i++, tag++) {
++ tag = tag < max_queue ? tag : 0;
+
+ /* the last tag is reserved for internal command. */
+ if (tag == ATA_TAG_INTERNAL)
+@@ -5918,6 +5923,7 @@ void ata_host_init(struct ata_host *host, struct device *dev,
+ {
+ spin_lock_init(&host->lock);
+ mutex_init(&host->eh_mutex);
++ host->n_tags = ATA_MAX_QUEUE - 1;
+ host->dev = dev;
+ host->flags = flags;
+ host->ops = ops;
+@@ -5998,6 +6004,8 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
+ {
+ int i, rc;
+
++ host->n_tags = clamp(sht->can_queue, 1, ATA_MAX_QUEUE - 1);
++
+ /* host must have been started */
+ if (!(host->flags & ATA_HOST_STARTED)) {
+ dev_err(host->dev, "BUG: trying to register unstarted host\n");
+diff --git a/drivers/char/applicom.c b/drivers/char/applicom.c
+index 25373df..5d069c7 100644
+--- a/drivers/char/applicom.c
++++ b/drivers/char/applicom.c
+@@ -345,7 +345,6 @@ out:
+ free_irq(apbs[i].irq, &dummy);
+ iounmap(apbs[i].RamIO);
+ }
+- pci_disable_device(dev);
+ return ret;
+ }
+
+diff --git a/drivers/gpu/drm/radeon/atombios_dp.c b/drivers/gpu/drm/radeon/atombios_dp.c
+index 3254d51e..e8a3c31 100644
+--- a/drivers/gpu/drm/radeon/atombios_dp.c
++++ b/drivers/gpu/drm/radeon/atombios_dp.c
+@@ -89,7 +89,7 @@ static int radeon_process_aux_ch(struct radeon_i2c_chan *chan,
+ /* flags not zero */
+ if (args.v1.ucReplyStatus == 2) {
+ DRM_DEBUG_KMS("dp_aux_ch flags not zero\n");
+- return -EBUSY;
++ return -EIO;
+ }
+
+ /* error */
+diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c
+index 3291ab8..ad5d774 100644
+--- a/drivers/gpu/drm/radeon/radeon_display.c
++++ b/drivers/gpu/drm/radeon/radeon_display.c
+@@ -697,6 +697,10 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector)
+ struct radeon_device *rdev = dev->dev_private;
+ int ret = 0;
+
++ /* don't leak the edid if we already fetched it in detect() */
++ if (radeon_connector->edid)
++ goto got_edid;
++
+ /* on hw with routers, select right port */
+ if (radeon_connector->router.ddc_valid)
+ radeon_router_select_ddc_port(radeon_connector);
+@@ -736,6 +740,7 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector)
+ radeon_connector->edid = radeon_bios_get_hardcoded_edid(rdev);
+ }
+ if (radeon_connector->edid) {
++got_edid:
+ drm_mode_connector_update_edid_property(&radeon_connector->base, radeon_connector->edid);
+ ret = drm_add_edid_modes(&radeon_connector->base, radeon_connector->edid);
+ drm_edid_to_eld(&radeon_connector->base, radeon_connector->edid);
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+index 907c26f..7f16ff2 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+@@ -179,7 +179,6 @@ static int vmw_fb_set_par(struct fb_info *info)
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_POSITION_Y, info->var.yoffset);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_WIDTH, info->var.xres);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_HEIGHT, info->var.yres);
+- vmw_write(vmw_priv, SVGA_REG_BYTES_PER_LINE, info->fix.line_length);
+ vmw_write(vmw_priv, SVGA_REG_DISPLAY_ID, SVGA_ID_INVALID);
+ }
+
+diff --git a/drivers/hwmon/adm1029.c b/drivers/hwmon/adm1029.c
+index 0b8a3b1..3dbf405 100644
+--- a/drivers/hwmon/adm1029.c
++++ b/drivers/hwmon/adm1029.c
+@@ -228,6 +228,9 @@ static ssize_t set_fan_div(struct device *dev,
+ /* Update the value */
+ reg = (reg & 0x3F) | (val << 6);
+
++ /* Update the cache */
++ data->fan_div[attr->index] = reg;
++
+ /* Write value */
+ i2c_smbus_write_byte_data(client,
+ ADM1029_REG_FAN_DIV[attr->index], reg);
+diff --git a/drivers/hwmon/adm1031.c b/drivers/hwmon/adm1031.c
+index 0683e6b..5f11e23 100644
+--- a/drivers/hwmon/adm1031.c
++++ b/drivers/hwmon/adm1031.c
+@@ -352,6 +352,7 @@ set_auto_temp_min(struct device *dev, struct device_attribute *attr,
+ int nr = to_sensor_dev_attr(attr)->index;
+ int val = simple_strtol(buf, NULL, 10);
+
++ val = clamp_val(val, 0, 127000);
+ mutex_lock(&data->update_lock);
+ data->auto_temp[nr] = AUTO_TEMP_MIN_TO_REG(val, data->auto_temp[nr]);
+ adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr),
+@@ -376,6 +377,7 @@ set_auto_temp_max(struct device *dev, struct device_attribute *attr,
+ int nr = to_sensor_dev_attr(attr)->index;
+ int val = simple_strtol(buf, NULL, 10);
+
++ val = clamp_val(val, 0, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = AUTO_TEMP_MAX_TO_REG(val, data->auto_temp[nr], data->pwm[nr]);
+ adm1031_write_value(client, ADM1031_REG_AUTO_TEMP(nr),
+@@ -651,7 +653,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_min[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_MIN(nr),
+@@ -668,7 +670,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_MAX(nr),
+@@ -685,7 +687,7 @@ static ssize_t set_temp_crit(struct device *dev, struct device_attribute *attr,
+ int val;
+
+ val = simple_strtol(buf, NULL, 10);
+- val = SENSORS_LIMIT(val, -55000, nr == 0 ? 127750 : 127875);
++ val = clamp_val(val, -55000, 127000);
+ mutex_lock(&data->update_lock);
+ data->temp_crit[nr] = TEMP_TO_REG(val);
+ adm1031_write_value(client, ADM1031_REG_TEMP_CRIT(nr),
+diff --git a/drivers/hwmon/adt7470.c b/drivers/hwmon/adt7470.c
+index a9726c1..3a15fd6 100644
+--- a/drivers/hwmon/adt7470.c
++++ b/drivers/hwmon/adt7470.c
+@@ -515,7 +515,7 @@ static ssize_t set_temp_min(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->temp_min[attr->index] = temp;
+@@ -549,7 +549,7 @@ static ssize_t set_temp_max(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->temp_max[attr->index] = temp;
+@@ -826,7 +826,7 @@ static ssize_t set_pwm_tmin(struct device *dev,
+ return -EINVAL;
+
+ temp = DIV_ROUND_CLOSEST(temp, 1000);
+- temp = SENSORS_LIMIT(temp, 0, 255);
++ temp = clamp_val(temp, -128, 127);
+
+ mutex_lock(&data->lock);
+ data->pwm_tmin[attr->index] = temp;
+diff --git a/drivers/hwmon/amc6821.c b/drivers/hwmon/amc6821.c
+index 4033974..75be6c4 100644
+--- a/drivers/hwmon/amc6821.c
++++ b/drivers/hwmon/amc6821.c
+@@ -715,7 +715,7 @@ static SENSOR_DEVICE_ATTR(temp1_max_alarm, S_IRUGO,
+ get_temp_alarm, NULL, IDX_TEMP1_MAX);
+ static SENSOR_DEVICE_ATTR(temp1_crit_alarm, S_IRUGO,
+ get_temp_alarm, NULL, IDX_TEMP1_CRIT);
+-static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO | S_IWUSR,
++static SENSOR_DEVICE_ATTR(temp2_input, S_IRUGO,
+ get_temp, NULL, IDX_TEMP2_INPUT);
+ static SENSOR_DEVICE_ATTR(temp2_min, S_IRUGO | S_IWUSR, get_temp,
+ set_temp, IDX_TEMP2_MIN);
+diff --git a/drivers/hwmon/emc2103.c b/drivers/hwmon/emc2103.c
+index af914ad..a074d21 100644
+--- a/drivers/hwmon/emc2103.c
++++ b/drivers/hwmon/emc2103.c
+@@ -248,9 +248,7 @@ static ssize_t set_temp_min(struct device *dev, struct device_attribute *da,
+ if (result < 0)
+ return -EINVAL;
+
+- val = DIV_ROUND_CLOSEST(val, 1000);
+- if ((val < -63) || (val > 127))
+- return -EINVAL;
++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127);
+
+ mutex_lock(&data->update_lock);
+ data->temp_min[nr] = val;
+@@ -272,9 +270,7 @@ static ssize_t set_temp_max(struct device *dev, struct device_attribute *da,
+ if (result < 0)
+ return -EINVAL;
+
+- val = DIV_ROUND_CLOSEST(val, 1000);
+- if ((val < -63) || (val > 127))
+- return -EINVAL;
++ val = clamp_val(DIV_ROUND_CLOSEST(val, 1000), -63, 127);
+
+ mutex_lock(&data->update_lock);
+ data->temp_max[nr] = val;
+@@ -386,15 +382,14 @@ static ssize_t set_fan_target(struct device *dev, struct device_attribute *da,
+ {
+ struct emc2103_data *data = emc2103_update_device(dev);
+ struct i2c_client *client = to_i2c_client(dev);
+- long rpm_target;
++ unsigned long rpm_target;
+
+- int result = strict_strtol(buf, 10, &rpm_target);
++ int result = kstrtoul(buf, 10, &rpm_target);
+ if (result < 0)
+ return -EINVAL;
+
+ /* Datasheet states 16384 as maximum RPM target (table 3.2) */
+- if ((rpm_target < 0) || (rpm_target > 16384))
+- return -EINVAL;
++ rpm_target = clamp_val(rpm_target, 0, 16384);
+
+ mutex_lock(&data->update_lock);
+
+diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c
+index 97b2e21..cf065df 100644
+--- a/drivers/iommu/dmar.c
++++ b/drivers/iommu/dmar.c
+@@ -582,7 +582,7 @@ int alloc_iommu(struct dmar_drhd_unit *drhd)
+ {
+ struct intel_iommu *iommu;
+ int map_size;
+- u32 ver;
++ u32 ver, sts;
+ static int iommu_allocated = 0;
+ int agaw = 0;
+ int msagaw = 0;
+@@ -652,6 +652,15 @@ int alloc_iommu(struct dmar_drhd_unit *drhd)
+ (unsigned long long)iommu->cap,
+ (unsigned long long)iommu->ecap);
+
++ /* Reflect status in gcmd */
++ sts = readl(iommu->reg + DMAR_GSTS_REG);
++ if (sts & DMA_GSTS_IRES)
++ iommu->gcmd |= DMA_GCMD_IRE;
++ if (sts & DMA_GSTS_TES)
++ iommu->gcmd |= DMA_GCMD_TE;
++ if (sts & DMA_GSTS_QIES)
++ iommu->gcmd |= DMA_GCMD_QIE;
++
+ raw_spin_lock_init(&iommu->register_lock);
+
+ drhd->iommu = iommu;
+diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c
+index bb1e579..276ef38 100644
+--- a/drivers/iommu/intel-iommu.c
++++ b/drivers/iommu/intel-iommu.c
+@@ -3630,6 +3630,7 @@ static struct notifier_block device_nb = {
+ int __init intel_iommu_init(void)
+ {
+ int ret = 0;
++ struct dmar_drhd_unit *drhd;
+
+ /* VT-d is required for a TXT/tboot launch, so enforce that */
+ force_on = tboot_force_iommu();
+@@ -3640,6 +3641,20 @@ int __init intel_iommu_init(void)
+ return -ENODEV;
+ }
+
++ /*
++ * Disable translation if already enabled prior to OS handover.
++ */
++ for_each_drhd_unit(drhd) {
++ struct intel_iommu *iommu;
++
++ if (drhd->ignored)
++ continue;
++
++ iommu = drhd->iommu;
++ if (iommu->gcmd & DMA_GCMD_TE)
++ iommu_disable_translation(iommu);
++ }
++
+ if (dmar_dev_scope_init() < 0) {
+ if (force_on)
+ panic("tboot: Failed to initialize DMAR device scope\n");
+diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c
+index ea5dd28..39a08be 100644
+--- a/drivers/md/dm-io.c
++++ b/drivers/md/dm-io.c
+@@ -10,6 +10,7 @@
+ #include <linux/device-mapper.h>
+
+ #include <linux/bio.h>
++#include <linux/completion.h>
+ #include <linux/mempool.h>
+ #include <linux/module.h>
+ #include <linux/sched.h>
+@@ -34,7 +35,7 @@ struct dm_io_client {
+ struct io {
+ unsigned long error_bits;
+ atomic_t count;
+- struct task_struct *sleeper;
++ struct completion *wait;
+ struct dm_io_client *client;
+ io_notify_fn callback;
+ void *context;
+@@ -122,8 +123,8 @@ static void dec_count(struct io *io, unsigned int region, int error)
+ invalidate_kernel_vmap_range(io->vma_invalidate_address,
+ io->vma_invalidate_size);
+
+- if (io->sleeper)
+- wake_up_process(io->sleeper);
++ if (io->wait)
++ complete(io->wait);
+
+ else {
+ unsigned long r = io->error_bits;
+@@ -384,6 +385,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+ */
+ volatile char io_[sizeof(struct io) + __alignof__(struct io) - 1];
+ struct io *io = (struct io *)PTR_ALIGN(&io_, __alignof__(struct io));
++ DECLARE_COMPLETION_ONSTACK(wait);
+
+ if (num_regions > 1 && (rw & RW_MASK) != WRITE) {
+ WARN_ON(1);
+@@ -392,7 +394,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+
+ io->error_bits = 0;
+ atomic_set(&io->count, 1); /* see dispatch_io() */
+- io->sleeper = current;
++ io->wait = &wait;
+ io->client = client;
+
+ io->vma_invalidate_address = dp->vma_invalidate_address;
+@@ -400,15 +402,7 @@ static int sync_io(struct dm_io_client *client, unsigned int num_regions,
+
+ dispatch_io(rw, num_regions, where, dp, io, 1);
+
+- while (1) {
+- set_current_state(TASK_UNINTERRUPTIBLE);
+-
+- if (!atomic_read(&io->count))
+- break;
+-
+- io_schedule();
+- }
+- set_current_state(TASK_RUNNING);
++ wait_for_completion(&wait);
+
+ if (error_bits)
+ *error_bits = io->error_bits;
+@@ -431,7 +425,7 @@ static int async_io(struct dm_io_client *client, unsigned int num_regions,
+ io = mempool_alloc(client->pool, GFP_NOIO);
+ io->error_bits = 0;
+ atomic_set(&io->count, 1); /* see dispatch_io() */
+- io->sleeper = NULL;
++ io->wait = NULL;
+ io->client = client;
+ io->callback = fn;
+ io->context = context;
+diff --git a/drivers/md/md.c b/drivers/md/md.c
+index 30a7b52..ea8a181 100644
+--- a/drivers/md/md.c
++++ b/drivers/md/md.c
+@@ -7144,6 +7144,19 @@ void md_do_sync(struct mddev *mddev)
+ rdev->recovery_offset < j)
+ j = rdev->recovery_offset;
+ rcu_read_unlock();
++
++ /* If there is a bitmap, we need to make sure all
++ * writes that started before we added a spare
++ * complete before we start doing a recovery.
++ * Otherwise the write might complete and (via
++ * bitmap_endwrite) set a bit in the bitmap after the
++ * recovery has checked that bit and skipped that
++ * region.
++ */
++ if (mddev->bitmap) {
++ mddev->pers->quiesce(mddev, 1);
++ mddev->pers->quiesce(mddev, 0);
++ }
+ }
+
+ printk(KERN_INFO "md: %s of RAID array %s\n", desc, mdname(mddev));
+diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
+index df5a09a..b555be0 100644
+--- a/drivers/net/ethernet/intel/igb/igb_main.c
++++ b/drivers/net/ethernet/intel/igb/igb_main.c
+@@ -6610,6 +6610,8 @@ static int __igb_shutdown(struct pci_dev *pdev, bool *enable_wake)
+
+ if (netif_running(netdev))
+ igb_close(netdev);
++ else
++ igb_reset(adapter);
+
+ igb_clear_interrupt_scheme(adapter);
+
+diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c
+index bd08919..5092148 100644
+--- a/drivers/net/ethernet/sun/sunvnet.c
++++ b/drivers/net/ethernet/sun/sunvnet.c
+@@ -1089,6 +1089,24 @@ static struct vnet * __devinit vnet_find_or_create(const u64 *local_mac)
+ return vp;
+ }
+
++static void vnet_cleanup(void)
++{
++ struct vnet *vp;
++ struct net_device *dev;
++
++ mutex_lock(&vnet_list_mutex);
++ while (!list_empty(&vnet_list)) {
++ vp = list_first_entry(&vnet_list, struct vnet, list);
++ list_del(&vp->list);
++ dev = vp->dev;
++ /* vio_unregister_driver() should have cleaned up port_list */
++ BUG_ON(!list_empty(&vp->port_list));
++ unregister_netdev(dev);
++ free_netdev(dev);
++ }
++ mutex_unlock(&vnet_list_mutex);
++}
++
+ static const char *local_mac_prop = "local-mac-address";
+
+ static struct vnet * __devinit vnet_find_parent(struct mdesc_handle *hp,
+@@ -1249,7 +1267,6 @@ static int vnet_port_remove(struct vio_dev *vdev)
+
+ kfree(port);
+
+- unregister_netdev(vp->dev);
+ }
+ return 0;
+ }
+@@ -1280,6 +1297,7 @@ static int __init vnet_init(void)
+ static void __exit vnet_exit(void)
+ {
+ vio_unregister_driver(&vnet_port_driver);
++ vnet_cleanup();
+ }
+
+ module_init(vnet_init);
+diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
+index d552fa3..d696536 100644
+--- a/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
++++ b/drivers/net/wireless/iwlwifi/iwl-agn-rxon.c
+@@ -440,14 +440,6 @@ int iwlagn_commit_rxon(struct iwl_priv *priv, struct iwl_rxon_context *ctx)
+ /* always get timestamp with Rx frame */
+ ctx->staging.flags |= RXON_FLG_TSF2HOST_MSK;
+
+- /*
+- * force CTS-to-self frames protection if RTS-CTS is not preferred
+- * one aggregation protection method
+- */
+- if (!(priv->cfg->ht_params &&
+- priv->cfg->ht_params->use_rts_for_aggregation))
+- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN;
+-
+ if ((ctx->vif && ctx->vif->bss_conf.use_short_slot) ||
+ !(ctx->staging.flags & RXON_FLG_BAND_24G_MSK))
+ ctx->staging.flags |= RXON_FLG_SHORT_SLOT_MSK;
+@@ -880,11 +872,6 @@ void iwlagn_bss_info_changed(struct ieee80211_hw *hw,
+ else
+ ctx->staging.flags &= ~RXON_FLG_TGG_PROTECT_MSK;
+
+- if (bss_conf->use_cts_prot)
+- ctx->staging.flags |= RXON_FLG_SELF_CTS_EN;
+- else
+- ctx->staging.flags &= ~RXON_FLG_SELF_CTS_EN;
+-
+ memcpy(ctx->staging.bssid_addr, bss_conf->bssid, ETH_ALEN);
+
+ if (vif->type == NL80211_IFTYPE_AP ||
+diff --git a/drivers/net/wireless/mwifiex/main.c b/drivers/net/wireless/mwifiex/main.c
+index 5baa12a..018276f 100644
+--- a/drivers/net/wireless/mwifiex/main.c
++++ b/drivers/net/wireless/mwifiex/main.c
+@@ -458,6 +458,7 @@ mwifiex_hard_start_xmit(struct sk_buff *skb, struct net_device *dev)
+ }
+
+ tx_info = MWIFIEX_SKB_TXCB(skb);
++ memset(tx_info, 0, sizeof(*tx_info));
+ tx_info->bss_index = priv->bss_index;
+ mwifiex_fill_buffer(skb);
+
+diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c
+index 36aca4b..4aabbdc 100644
+--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
++++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
+@@ -490,7 +490,8 @@ static void purge_requests(struct ibmvscsi_host_data *hostdata, int error_code)
+ evt->hostdata->dev);
+ if (evt->cmnd_done)
+ evt->cmnd_done(evt->cmnd);
+- } else if (evt->done)
++ } else if (evt->done && evt->crq.format != VIOSRP_MAD_FORMAT &&
++ evt->iu.srp.login_req.opcode != SRP_LOGIN_REQ)
+ evt->done(evt);
+ free_event_struct(&evt->hostdata->pool, evt);
+ spin_lock_irqsave(hostdata->host->host_lock, flags);
+diff --git a/drivers/scsi/ibmvscsi/rpa_vscsi.c b/drivers/scsi/ibmvscsi/rpa_vscsi.c
+index f48ae01..920c02e 100644
+--- a/drivers/scsi/ibmvscsi/rpa_vscsi.c
++++ b/drivers/scsi/ibmvscsi/rpa_vscsi.c
+@@ -104,6 +104,11 @@ static struct viosrp_crq *crq_queue_next_crq(struct crq_queue *queue)
+ if (crq->valid & 0x80) {
+ if (++queue->cur == queue->size)
+ queue->cur = 0;
++
++ /* Ensure the read of the valid bit occurs before reading any
++ * other bits of the CRQ entry
++ */
++ rmb();
+ } else
+ crq = NULL;
+ spin_unlock_irqrestore(&queue->lock, flags);
+@@ -122,6 +127,11 @@ static int rpavscsi_send_crq(struct ibmvscsi_host_data *hostdata,
+ {
+ struct vio_dev *vdev = to_vio_dev(hostdata->dev);
+
++ /*
++ * Ensure the command buffer is flushed to memory before handing it
++ * over to the VIOS to prevent it from fetching any stale data.
++ */
++ mb();
+ return plpar_hcall_norets(H_SEND_CRQ, vdev->unit_address, word1, word2);
+ }
+
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
+index f6d2b62..5c6b5f5 100644
+--- a/drivers/scsi/sd.c
++++ b/drivers/scsi/sd.c
+@@ -2149,7 +2149,10 @@ sd_read_cache_type(struct scsi_disk *sdkp, unsigned char *buffer)
+ }
+
+ sdkp->DPOFUA = (data.device_specific & 0x10) != 0;
+- if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) {
++ if (sdp->broken_fua) {
++ sd_printk(KERN_NOTICE, sdkp, "Disabling FUA\n");
++ sdkp->DPOFUA = 0;
++ } else if (sdkp->DPOFUA && !sdkp->device->use_10_for_rw) {
+ sd_printk(KERN_NOTICE, sdkp,
+ "Uses READ/WRITE(6), disabling FUA\n");
+ sdkp->DPOFUA = 0;
+diff --git a/drivers/scsi/sym53c8xx_2/sym_hipd.c b/drivers/scsi/sym53c8xx_2/sym_hipd.c
+index d92fe40..6b349e3 100644
+--- a/drivers/scsi/sym53c8xx_2/sym_hipd.c
++++ b/drivers/scsi/sym53c8xx_2/sym_hipd.c
+@@ -3000,7 +3000,11 @@ sym_dequeue_from_squeue(struct sym_hcb *np, int i, int target, int lun, int task
+ if ((target == -1 || cp->target == target) &&
+ (lun == -1 || cp->lun == lun) &&
+ (task == -1 || cp->tag == task)) {
++#ifdef SYM_OPT_HANDLE_DEVICE_QUEUEING
+ sym_set_cam_status(cp->cmd, DID_SOFT_ERROR);
++#else
++ sym_set_cam_status(cp->cmd, DID_REQUEUE);
++#endif
+ sym_remque(&cp->link_ccbq);
+ sym_insque_tail(&cp->link_ccbq, &np->comp_ccbq);
+ }
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index 12f3a37..3807294 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
+@@ -655,6 +655,26 @@ static int hub_usb3_port_disable(struct usb_hub *hub, int port1)
+ if (!hub_is_superspeed(hub->hdev))
+ return -EINVAL;
+
++ ret = hub_port_status(hub, port1, &portstatus, &portchange);
++ if (ret < 0)
++ return ret;
++
++ /*
++ * USB controller Advanced Micro Devices, Inc. [AMD] FCH USB XHCI
++ * Controller [1022:7814] will have spurious result making the following
++ * usb 3.0 device hotplugging route to the 2.0 root hub and recognized
++ * as high-speed device if we set the usb 3.0 port link state to
++ * Disabled. Since it's already in USB_SS_PORT_LS_RX_DETECT state, we
++ * check the state here to avoid the bug.
++ */
++ if ((portstatus & USB_PORT_STAT_LINK_STATE) ==
++ USB_SS_PORT_LS_RX_DETECT) {
++ dev_dbg(hub->intfdev,
++ "Not disabling port %d; link state is RxDetect\n",
++ port1);
++ return ret;
++ }
++
+ ret = hub_set_port_link_state(hub, port1, USB_SS_PORT_LS_SS_DISABLED);
+ if (ret) {
+ dev_err(hub->intfdev, "cannot disable port %d (err = %d)\n",
+diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
+index 0e641a1..c635c4c 100644
+--- a/drivers/usb/gadget/f_fs.c
++++ b/drivers/usb/gadget/f_fs.c
+@@ -1376,11 +1376,13 @@ static int functionfs_bind(struct ffs_data *ffs, struct usb_composite_dev *cdev)
+ ffs->ep0req->context = ffs;
+
+ lang = ffs->stringtabs;
+- for (lang = ffs->stringtabs; *lang; ++lang) {
+- struct usb_string *str = (*lang)->strings;
+- int id = first_id;
+- for (; str->s; ++id, ++str)
+- str->id = id;
++ if (lang) {
++ for (; *lang; ++lang) {
++ struct usb_string *str = (*lang)->strings;
++ int id = first_id;
++ for (; str->s; ++id, ++str)
++ str->id = id;
++ }
+ }
+
+ ffs->gadget = cdev->gadget;
+diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
+index 107e6b4..517cadb 100644
+--- a/drivers/usb/host/xhci-hub.c
++++ b/drivers/usb/host/xhci-hub.c
+@@ -21,6 +21,7 @@
+ */
+
+ #include <linux/gfp.h>
++#include <linux/device.h>
+ #include <asm/unaligned.h>
+
+ #include "xhci.h"
+@@ -993,7 +994,9 @@ int xhci_bus_suspend(struct usb_hcd *hcd)
+ t2 |= PORT_LINK_STROBE | XDEV_U3;
+ set_bit(port_index, &bus_state->bus_suspended);
+ }
+- if (hcd->self.root_hub->do_remote_wakeup) {
++ if (hcd->self.root_hub->do_remote_wakeup
++ && device_may_wakeup(hcd->self.controller)) {
++
+ if (t1 & PORT_CONNECT) {
+ t2 |= PORT_WKOC_E | PORT_WKDISC_E;
+ t2 &= ~PORT_WKCONN_E;
+diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
+index 1886544..bc5ee84 100644
+--- a/drivers/usb/host/xhci-ring.c
++++ b/drivers/usb/host/xhci-ring.c
+@@ -3521,7 +3521,7 @@ static unsigned int xhci_get_burst_count(struct xhci_hcd *xhci,
+ return 0;
+
+ max_burst = urb->ep->ss_ep_comp.bMaxBurst;
+- return roundup(total_packet_count, max_burst + 1) - 1;
++ return DIV_ROUND_UP(total_packet_count, max_burst + 1) - 1;
+ }
+
+ /*
+diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
+index b2eac8d..457a7ac 100644
+--- a/drivers/usb/host/xhci.c
++++ b/drivers/usb/host/xhci.c
+@@ -946,7 +946,7 @@ int xhci_suspend(struct xhci_hcd *xhci)
+ */
+ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+ {
+- u32 command, temp = 0;
++ u32 command, temp = 0, status;
+ struct usb_hcd *hcd = xhci_to_hcd(xhci);
+ struct usb_hcd *secondary_hcd;
+ int retval = 0;
+@@ -1070,8 +1070,12 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated)
+
+ done:
+ if (retval == 0) {
+- usb_hcd_resume_root_hub(hcd);
+- usb_hcd_resume_root_hub(xhci->shared_hcd);
++ /* Resume root hubs only when have pending events. */
++ status = readl(&xhci->op_regs->status);
++ if (status & STS_EINT) {
++ usb_hcd_resume_root_hub(hcd);
++ usb_hcd_resume_root_hub(xhci->shared_hcd);
++ }
+ }
+
+ /*
+diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
+index 01fd64a..3de63f5 100644
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -159,6 +159,7 @@ static const struct usb_device_id id_table[] = {
+ { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */
+ { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */
+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
++ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
+ { USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */
+ { USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */
+ { USB_DEVICE(0x1E29, 0x0501) }, /* Festo CMSP */
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 6e08639..d6e6205 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -731,7 +731,8 @@ static struct usb_device_id id_table_combined [] = {
+ { USB_DEVICE(FTDI_VID, FTDI_ACG_HFDUAL_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_YEI_SERVOCENTER31_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_THORLABS_PID) },
+- { USB_DEVICE(TESTO_VID, TESTO_USB_INTERFACE_PID) },
++ { USB_DEVICE(TESTO_VID, TESTO_1_PID) },
++ { USB_DEVICE(TESTO_VID, TESTO_3_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_GAMMA_SCOUT_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13M_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_TACTRIX_OPENPORT_13S_PID) },
+@@ -1591,14 +1592,17 @@ static void ftdi_set_max_packet_size(struct usb_serial_port *port)
+ struct usb_device *udev = serial->dev;
+
+ struct usb_interface *interface = serial->interface;
+- struct usb_endpoint_descriptor *ep_desc = &interface->cur_altsetting->endpoint[1].desc;
++ struct usb_endpoint_descriptor *ep_desc;
+
+ unsigned num_endpoints;
+- int i;
++ unsigned i;
+
+ num_endpoints = interface->cur_altsetting->desc.bNumEndpoints;
+ dev_info(&udev->dev, "Number of endpoints %d\n", num_endpoints);
+
++ if (!num_endpoints)
++ return;
++
+ /* NOTE: some customers have programmed FT232R/FT245R devices
+ * with an endpoint size of 0 - not good. In this case, we
+ * want to override the endpoint descriptor setting and use a
+diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
+index 677cf49..55af915 100644
+--- a/drivers/usb/serial/ftdi_sio_ids.h
++++ b/drivers/usb/serial/ftdi_sio_ids.h
+@@ -798,7 +798,8 @@
+ * Submitted by Colin Leroy
+ */
+ #define TESTO_VID 0x128D
+-#define TESTO_USB_INTERFACE_PID 0x0001
++#define TESTO_1_PID 0x0001
++#define TESTO_3_PID 0x0003
+
+ /*
+ * Mobility Electronics products.
+diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
+index a0f47d5..7a1c91e 100644
+--- a/drivers/usb/serial/option.c
++++ b/drivers/usb/serial/option.c
+@@ -377,8 +377,12 @@ static void option_instat_callback(struct urb *urb);
+ /* Olivetti products */
+ #define OLIVETTI_VENDOR_ID 0x0b3c
+ #define OLIVETTI_PRODUCT_OLICARD100 0xc000
++#define OLIVETTI_PRODUCT_OLICARD120 0xc001
++#define OLIVETTI_PRODUCT_OLICARD140 0xc002
+ #define OLIVETTI_PRODUCT_OLICARD145 0xc003
++#define OLIVETTI_PRODUCT_OLICARD155 0xc004
+ #define OLIVETTI_PRODUCT_OLICARD200 0xc005
++#define OLIVETTI_PRODUCT_OLICARD160 0xc00a
+ #define OLIVETTI_PRODUCT_OLICARD500 0xc00b
+
+ /* Celot products */
+@@ -1494,6 +1498,8 @@ static const struct usb_device_id option_ids[] = {
+ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1426, 0xff, 0xff, 0xff), /* ZTE MF91 */
+ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
++ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1428, 0xff, 0xff, 0xff), /* Telewell TW-LTE 4G v2 */
++ .driver_info = (kernel_ulong_t)&net_intf2_blacklist },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1533, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1534, 0xff, 0xff, 0xff) },
+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x1535, 0xff, 0xff, 0xff) },
+@@ -1631,15 +1637,21 @@ static const struct usb_device_id option_ids[] = {
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC25_MDMNET) },
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDM) }, /* HC28 enumerates with Siemens or Cinterion VID depending on FW revision */
+ { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) },
+-
+- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD120),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD140),
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD155),
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200),
+- .driver_info = (kernel_ulong_t)&net_intf6_blacklist
+- },
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD160),
++ .driver_info = (kernel_ulong_t)&net_intf6_blacklist },
+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD500),
+- .driver_info = (kernel_ulong_t)&net_intf4_blacklist
+- },
++ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
+ { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
+ { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
+ { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) },
+diff --git a/drivers/usb/storage/scsiglue.c b/drivers/usb/storage/scsiglue.c
+index eb660bb..b8dc0c5 100644
+--- a/drivers/usb/storage/scsiglue.c
++++ b/drivers/usb/storage/scsiglue.c
+@@ -255,6 +255,10 @@ static int slave_configure(struct scsi_device *sdev)
+ US_FL_SCM_MULT_TARG)) &&
+ us->protocol == USB_PR_BULK)
+ us->use_last_sector_hacks = 1;
++
++ /* A few buggy USB-ATA bridges don't understand FUA */
++ if (us->fflags & US_FL_BROKEN_FUA)
++ sdev->broken_fua = 1;
+ } else {
+
+ /* Non-disk-type devices don't need to blacklist any pages
+diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h
+index 49d222d..e588a11 100644
+--- a/drivers/usb/storage/unusual_devs.h
++++ b/drivers/usb/storage/unusual_devs.h
+@@ -1916,6 +1916,13 @@ UNUSUAL_DEV( 0x14cd, 0x6600, 0x0201, 0x0201,
+ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
+ US_FL_IGNORE_RESIDUE ),
+
++/* Reported by Michael Büsch <m@bues.ch> */
++UNUSUAL_DEV( 0x152d, 0x0567, 0x0114, 0x0114,
++ "JMicron",
++ "USB to ATA/ATAPI Bridge",
++ USB_SC_DEVICE, USB_PR_DEVICE, NULL,
++ US_FL_BROKEN_FUA ),
++
+ /* Reported by Alexandre Oliva <oliva@lsd.ic.unicamp.br>
+ * JMicron responds to USN and several other SCSI ioctls with a
+ * residue that causes subsequent I/O requests to fail. */
+diff --git a/drivers/xen/manage.c b/drivers/xen/manage.c
+index ce4fa08..c8af7e5 100644
+--- a/drivers/xen/manage.c
++++ b/drivers/xen/manage.c
+@@ -93,7 +93,6 @@ static int xen_suspend(void *data)
+
+ if (!si->cancelled) {
+ xen_irq_resume();
+- xen_console_resume();
+ xen_timer_resume();
+ }
+
+@@ -149,6 +148,10 @@ static void do_suspend(void)
+
+ err = stop_machine(xen_suspend, &si, cpumask_of(0));
+
++ /* Resume console as early as possible. */
++ if (!si.cancelled)
++ xen_console_resume();
++
+ dpm_resume_noirq(si.cancelled ? PMSG_THAW : PMSG_RESTORE);
+
+ if (err) {
+diff --git a/fs/ceph/snap.c b/fs/ceph/snap.c
+index a559c80..e5206fc 100644
+--- a/fs/ceph/snap.c
++++ b/fs/ceph/snap.c
+@@ -331,7 +331,7 @@ static int build_snap_context(struct ceph_snap_realm *realm)
+
+ /* alloc new snap context */
+ err = -ENOMEM;
+- if (num > ULONG_MAX / sizeof(u64) - sizeof(*snapc))
++ if (num > (SIZE_MAX - sizeof(*snapc)) / sizeof(u64))
+ goto fail;
+ snapc = kzalloc(sizeof(*snapc) + num*sizeof(u64), GFP_NOFS);
+ if (!snapc)
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index acf2baf..6581ee7 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -1663,8 +1663,6 @@ static int parse_options(char *options, struct super_block *sb,
+ return 0;
+ if (option < 0)
+ return 0;
+- if (option == 0)
+- option = EXT4_DEF_MAX_BATCH_TIME;
+ sbi->s_max_batch_time = option;
+ break;
+ case Opt_min_batch_time:
+@@ -2726,10 +2724,11 @@ static void print_daily_error_info(unsigned long arg)
+ es = sbi->s_es;
+
+ if (es->s_error_count)
+- ext4_msg(sb, KERN_NOTICE, "error count: %u",
++ /* fsck newer than v1.41.13 is needed to clean this condition. */
++ ext4_msg(sb, KERN_NOTICE, "error count since last fsck: %u",
+ le32_to_cpu(es->s_error_count));
+ if (es->s_first_error_time) {
+- printk(KERN_NOTICE "EXT4-fs (%s): initial error at %u: %.*s:%d",
++ printk(KERN_NOTICE "EXT4-fs (%s): initial error at time %u: %.*s:%d",
+ sb->s_id, le32_to_cpu(es->s_first_error_time),
+ (int) sizeof(es->s_first_error_func),
+ es->s_first_error_func,
+@@ -2743,7 +2742,7 @@ static void print_daily_error_info(unsigned long arg)
+ printk("\n");
+ }
+ if (es->s_last_error_time) {
+- printk(KERN_NOTICE "EXT4-fs (%s): last error at %u: %.*s:%d",
++ printk(KERN_NOTICE "EXT4-fs (%s): last error at time %u: %.*s:%d",
+ sb->s_id, le32_to_cpu(es->s_last_error_time),
+ (int) sizeof(es->s_last_error_func),
+ es->s_last_error_func,
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
+index 06e2f73..e13558c 100644
+--- a/fs/fuse/dir.c
++++ b/fs/fuse/dir.c
+@@ -161,7 +161,7 @@ static int fuse_dentry_revalidate(struct dentry *entry, struct nameidata *nd)
+ inode = ACCESS_ONCE(entry->d_inode);
+ if (inode && is_bad_inode(inode))
+ return 0;
+- else if (fuse_dentry_time(entry) < get_jiffies_64()) {
++ else if (time_before64(fuse_dentry_time(entry), get_jiffies_64())) {
+ int err;
+ struct fuse_entry_out outarg;
+ struct fuse_conn *fc;
+@@ -849,7 +849,7 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat,
+ int err;
+ bool r;
+
+- if (fi->i_time < get_jiffies_64()) {
++ if (time_before64(fi->i_time, get_jiffies_64())) {
+ r = true;
+ err = fuse_do_getattr(inode, stat, file);
+ } else {
+@@ -1009,7 +1009,7 @@ static int fuse_permission(struct inode *inode, int mask)
+ ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))) {
+ struct fuse_inode *fi = get_fuse_inode(inode);
+
+- if (fi->i_time < get_jiffies_64()) {
++ if (time_before64(fi->i_time, get_jiffies_64())) {
+ refreshed = true;
+
+ err = fuse_perm_getattr(inode, mask);
+diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
+index 912c250..afc0f706 100644
+--- a/fs/fuse/inode.c
++++ b/fs/fuse/inode.c
+@@ -437,6 +437,17 @@ static const match_table_t tokens = {
+ {OPT_ERR, NULL}
+ };
+
++static int fuse_match_uint(substring_t *s, unsigned int *res)
++{
++ int err = -ENOMEM;
++ char *buf = match_strdup(s);
++ if (buf) {
++ err = kstrtouint(buf, 10, res);
++ kfree(buf);
++ }
++ return err;
++}
++
+ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ {
+ char *p;
+@@ -447,6 +458,7 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ while ((p = strsep(&opt, ",")) != NULL) {
+ int token;
+ int value;
++ unsigned uv;
+ substring_t args[MAX_OPT_ARGS];
+ if (!*p)
+ continue;
+@@ -470,16 +482,16 @@ static int parse_fuse_opt(char *opt, struct fuse_mount_data *d, int is_bdev)
+ break;
+
+ case OPT_USER_ID:
+- if (match_int(&args[0], &value))
++ if (fuse_match_uint(&args[0], &uv))
+ return 0;
+- d->user_id = value;
++ d->user_id = uv;
+ d->user_id_present = 1;
+ break;
+
+ case OPT_GROUP_ID:
+- if (match_int(&args[0], &value))
++ if (fuse_match_uint(&args[0], &uv))
+ return 0;
+- d->group_id = value;
++ d->group_id = uv;
+ d->group_id_present = 1;
+ break;
+
+diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c
+index 18ea4d9..86dc68a 100644
+--- a/fs/jbd2/transaction.c
++++ b/fs/jbd2/transaction.c
+@@ -1388,9 +1388,12 @@ int jbd2_journal_stop(handle_t *handle)
+ * to perform a synchronous write. We do this to detect the
+ * case where a single process is doing a stream of sync
+ * writes. No point in waiting for joiners in that case.
++ *
++ * Setting max_batch_time to 0 disables this completely.
+ */
+ pid = current->pid;
+- if (handle->h_sync && journal->j_last_sync_writer != pid) {
++ if (handle->h_sync && journal->j_last_sync_writer != pid &&
++ journal->j_max_batch_time) {
+ u64 commit_time, trans_time;
+
+ journal->j_last_sync_writer = pid;
+diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
+index 315a1ba..eebccfe 100644
+--- a/fs/nfsd/nfs4proc.c
++++ b/fs/nfsd/nfs4proc.c
+@@ -529,15 +529,6 @@ nfsd4_create(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
+
+ switch (create->cr_type) {
+ case NF4LNK:
+- /* ugh! we have to null-terminate the linktext, or
+- * vfs_symlink() will choke. it is always safe to
+- * null-terminate by brute force, since at worst we
+- * will overwrite the first byte of the create namelen
+- * in the XDR buffer, which has already been extracted
+- * during XDR decode.
+- */
+- create->cr_linkname[create->cr_linklen] = 0;
+-
+ status = nfsd_symlink(rqstp, &cstate->current_fh,
+ create->cr_name, create->cr_namelen,
+ create->cr_linkname, create->cr_linklen,
+diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
+index a7933dd..9d2c52b 100644
+--- a/fs/nfsd/nfs4xdr.c
++++ b/fs/nfsd/nfs4xdr.c
+@@ -482,7 +482,18 @@ nfsd4_decode_create(struct nfsd4_compoundargs *argp, struct nfsd4_create *create
+ READ_BUF(4);
+ READ32(create->cr_linklen);
+ READ_BUF(create->cr_linklen);
+- SAVEMEM(create->cr_linkname, create->cr_linklen);
++ /*
++ * The VFS will want a null-terminated string, and
++ * null-terminating in place isn't safe since this might
++ * end on a page boundary:
++ */
++ create->cr_linkname =
++ kmalloc(create->cr_linklen + 1, GFP_KERNEL);
++ if (!create->cr_linkname)
++ return nfserr_jukebox;
++ memcpy(create->cr_linkname, p, create->cr_linklen);
++ create->cr_linkname[create->cr_linklen] = '\0';
++ defer_free(argp, kfree, create->cr_linkname);
+ break;
+ case NF4BLK:
+ case NF4CHR:
+diff --git a/fs/xfs/xfs_alloc.c b/fs/xfs/xfs_alloc.c
+index ce84ffd..896f1d9 100644
+--- a/fs/xfs/xfs_alloc.c
++++ b/fs/xfs/xfs_alloc.c
+@@ -1075,12 +1075,13 @@ restart:
+ * If we couldn't get anything, give up.
+ */
+ if (bno_cur_lt == NULL && bno_cur_gt == NULL) {
++ xfs_btree_del_cursor(cnt_cur, XFS_BTREE_NOERROR);
++
+ if (!forced++) {
+ trace_xfs_alloc_near_busy(args);
+ xfs_log_force(args->mp, XFS_LOG_SYNC);
+ goto restart;
+ }
+-
+ trace_xfs_alloc_size_neither(args);
+ args->agbno = NULLAGBLOCK;
+ return 0;
+diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
+index 6bd325f..19a2404 100644
+--- a/include/drm/drm_mem_util.h
++++ b/include/drm/drm_mem_util.h
+@@ -31,7 +31,7 @@
+
+ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ {
+- if (size != 0 && nmemb > ULONG_MAX / size)
++ if (size != 0 && nmemb > SIZE_MAX / size)
+ return NULL;
+
+ if (size * nmemb <= PAGE_SIZE)
+@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
+ /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
+ static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
+ {
+- if (size != 0 && nmemb > ULONG_MAX / size)
++ if (size != 0 && nmemb > SIZE_MAX / size)
+ return NULL;
+
+ if (size * nmemb <= PAGE_SIZE)
+diff --git a/include/linux/kernel.h b/include/linux/kernel.h
+index a70783d..0b8ca35 100644
+--- a/include/linux/kernel.h
++++ b/include/linux/kernel.h
+@@ -34,6 +34,7 @@
+ #define LLONG_MAX ((long long)(~0ULL>>1))
+ #define LLONG_MIN (-LLONG_MAX - 1)
+ #define ULLONG_MAX (~0ULL)
++#define SIZE_MAX (~(size_t)0)
+
+ #define STACK_MAGIC 0xdeadbeef
+
+diff --git a/include/linux/libata.h b/include/linux/libata.h
+index 375dfdf..d773b21 100644
+--- a/include/linux/libata.h
++++ b/include/linux/libata.h
+@@ -540,6 +540,7 @@ struct ata_host {
+ struct device *dev;
+ void __iomem * const *iomap;
+ unsigned int n_ports;
++ unsigned int n_tags; /* nr of NCQ tags */
+ void *private_data;
+ struct ata_port_operations *ops;
+ unsigned long flags;
+diff --git a/include/linux/math64.h b/include/linux/math64.h
+index b8ba855..2913b86 100644
+--- a/include/linux/math64.h
++++ b/include/linux/math64.h
+@@ -6,7 +6,8 @@
+
+ #if BITS_PER_LONG == 64
+
+-#define div64_long(x,y) div64_s64((x),(y))
++#define div64_long(x, y) div64_s64((x), (y))
++#define div64_ul(x, y) div64_u64((x), (y))
+
+ /**
+ * div_u64_rem - unsigned 64bit divide with 32bit divisor with remainder
+@@ -47,7 +48,8 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
+
+ #elif BITS_PER_LONG == 32
+
+-#define div64_long(x,y) div_s64((x),(y))
++#define div64_long(x, y) div_s64((x), (y))
++#define div64_ul(x, y) div_u64((x), (y))
+
+ #ifndef div_u64_rem
+ static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
+diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
+index 40c2726..1b4ea29 100644
+--- a/include/linux/skbuff.h
++++ b/include/linux/skbuff.h
+@@ -2583,22 +2583,5 @@ static inline bool skb_is_recycleable(const struct sk_buff *skb, int skb_size)
+
+ return true;
+ }
+-
+-/**
+- * skb_gso_network_seglen - Return length of individual segments of a gso packet
+- *
+- * @skb: GSO skb
+- *
+- * skb_gso_network_seglen is used to determine the real size of the
+- * individual segments, including Layer3 (IP, IPv6) and L4 headers (TCP/UDP).
+- *
+- * The MAC/L2 header is not accounted for.
+- */
+-static inline unsigned int skb_gso_network_seglen(const struct sk_buff *skb)
+-{
+- unsigned int hdr_len = skb_transport_header(skb) -
+- skb_network_header(skb);
+- return hdr_len + skb_gso_transport_seglen(skb);
+-}
+ #endif /* __KERNEL__ */
+ #endif /* _LINUX_SKBUFF_H */
+diff --git a/include/linux/slab.h b/include/linux/slab.h
+index a595dce..67d5d94 100644
+--- a/include/linux/slab.h
++++ b/include/linux/slab.h
+@@ -242,7 +242,7 @@ size_t ksize(const void *);
+ */
+ static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
+ {
+- if (size != 0 && n > ULONG_MAX / size)
++ if (size != 0 && n > SIZE_MAX / size)
+ return NULL;
+ return __kmalloc(n * size, flags);
+ }
+diff --git a/include/linux/usb_usual.h b/include/linux/usb_usual.h
+index 17df360..88413e9 100644
+--- a/include/linux/usb_usual.h
++++ b/include/linux/usb_usual.h
+@@ -64,7 +64,9 @@
+ US_FLAG(NO_READ_CAPACITY_16, 0x00080000) \
+ /* cannot handle READ_CAPACITY_16 */ \
+ US_FLAG(INITIAL_READ10, 0x00100000) \
+- /* Initial READ(10) (and others) must be retried */
++ /* Initial READ(10) (and others) must be retried */ \
++ US_FLAG(BROKEN_FUA, 0x01000000) \
++ /* Cannot handle FUA in WRITE or READ CDBs */ \
+
+ #define US_FLAG(name, value) US_FL_##name = value ,
+ enum { US_DO_ALL_FLAGS };
+diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
+index 3152cc3..377ba61 100644
+--- a/include/scsi/scsi_device.h
++++ b/include/scsi/scsi_device.h
+@@ -151,6 +151,7 @@ struct scsi_device {
+ unsigned no_read_disc_info:1; /* Avoid READ_DISC_INFO cmds */
+ unsigned no_read_capacity_16:1; /* Avoid READ_CAPACITY_16 cmds */
+ unsigned is_visible:1; /* is the device visible in sysfs */
++ unsigned broken_fua:1; /* Don't set FUA bit */
+
+ DECLARE_BITMAP(supported_events, SDEV_EVT_MAXBITS); /* supported events */
+ struct list_head event_list; /* asserted events */
+diff --git a/kernel/Kconfig.locks b/kernel/Kconfig.locks
+index 5068e2a..61ebb49 100644
+--- a/kernel/Kconfig.locks
++++ b/kernel/Kconfig.locks
+@@ -198,5 +198,9 @@ config INLINE_WRITE_UNLOCK_IRQ
+ config INLINE_WRITE_UNLOCK_IRQRESTORE
+ def_bool !DEBUG_SPINLOCK && ARCH_INLINE_WRITE_UNLOCK_IRQRESTORE
+
++config ARCH_SUPPORTS_ATOMIC_RMW
++ bool
++
+ config MUTEX_SPIN_ON_OWNER
+- def_bool SMP && !DEBUG_MUTEXES
++ def_bool y
++ depends on SMP && !DEBUG_MUTEXES && ARCH_SUPPORTS_ATOMIC_RMW
+diff --git a/kernel/cpuset.c b/kernel/cpuset.c
+index 1e2c5f0..4346f9a 100644
+--- a/kernel/cpuset.c
++++ b/kernel/cpuset.c
+@@ -1152,7 +1152,13 @@ done:
+
+ int current_cpuset_is_being_rebound(void)
+ {
+- return task_cs(current) == cpuset_being_rebound;
++ int ret;
++
++ rcu_read_lock();
++ ret = task_cs(current) == cpuset_being_rebound;
++ rcu_read_unlock();
++
++ return ret;
+ }
+
+ static int update_relax_domain_level(struct cpuset *cs, s64 val)
+diff --git a/kernel/sched_debug.c b/kernel/sched_debug.c
+index f4010e2..704ffe3 100644
+--- a/kernel/sched_debug.c
++++ b/kernel/sched_debug.c
+@@ -467,7 +467,7 @@ void proc_sched_show_task(struct task_struct *p, struct seq_file *m)
+
+ avg_atom = p->se.sum_exec_runtime;
+ if (nr_switches)
+- do_div(avg_atom, nr_switches);
++ avg_atom = div64_ul(avg_atom, nr_switches);
+ else
+ avg_atom = -1LL;
+
+diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
+index 0907e43..eb198a3 100644
+--- a/kernel/time/alarmtimer.c
++++ b/kernel/time/alarmtimer.c
+@@ -563,9 +563,14 @@ static int alarm_timer_set(struct k_itimer *timr, int flags,
+ struct itimerspec *new_setting,
+ struct itimerspec *old_setting)
+ {
++ ktime_t exp;
++
+ if (!rtcdev)
+ return -ENOTSUPP;
+
++ if (flags & ~TIMER_ABSTIME)
++ return -EINVAL;
++
+ if (old_setting)
+ alarm_timer_get(timr, old_setting);
+
+@@ -575,8 +580,16 @@ static int alarm_timer_set(struct k_itimer *timr, int flags,
+
+ /* start the timer */
+ timr->it.alarm.interval = timespec_to_ktime(new_setting->it_interval);
+- alarm_start(&timr->it.alarm.alarmtimer,
+- timespec_to_ktime(new_setting->it_value));
++ exp = timespec_to_ktime(new_setting->it_value);
++ /* Convert (if necessary) to absolute time */
++ if (flags != TIMER_ABSTIME) {
++ ktime_t now;
++
++ now = alarm_bases[timr->it.alarm.alarmtimer.type].gettime();
++ exp = ktime_add(now, exp);
++ }
++
++ alarm_start(&timr->it.alarm.alarmtimer, exp);
+ return 0;
+ }
+
+@@ -708,6 +721,9 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags,
+ if (!alarmtimer_get_rtcdev())
+ return -ENOTSUPP;
+
++ if (flags & ~TIMER_ABSTIME)
++ return -EINVAL;
++
+ if (!capable(CAP_WAKE_ALARM))
+ return -EPERM;
+
+diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c
+index e9a45f1..2695d72 100644
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -325,8 +325,10 @@ void tick_nohz_stop_sched_tick(int inidle)
+ tick_do_timer_cpu = TICK_DO_TIMER_NONE;
+ }
+
+- if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE))
++ if (unlikely(ts->nohz_mode == NOHZ_MODE_INACTIVE)) {
++ ts->sleep_length = (ktime_t) { .tv64 = NSEC_PER_SEC/HZ };
+ goto end;
++ }
+
+ if (need_resched())
+ goto end;
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index c5a12a7..0c348a6 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -3244,8 +3244,6 @@ tracing_poll_pipe(struct file *filp, poll_table *poll_table)
+ */
+ return POLLIN | POLLRDNORM;
+ } else {
+- if (!trace_empty(iter))
+- return POLLIN | POLLRDNORM;
+ poll_wait(filp, &trace_wait, poll_table);
+ if (!trace_empty(iter))
+ return POLLIN | POLLRDNORM;
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c
+index 6f886d9..d2c43a2 100644
+--- a/mm/hugetlb.c
++++ b/mm/hugetlb.c
+@@ -2344,6 +2344,7 @@ int copy_hugetlb_page_range(struct mm_struct *dst, struct mm_struct *src,
+ } else {
+ if (cow)
+ huge_ptep_set_wrprotect(src, addr, src_pte);
++ entry = huge_ptep_get(src_pte);
+ ptepage = pte_page(entry);
+ get_page(ptepage);
+ page_dup_rmap(ptepage);
+diff --git a/mm/kmemleak.c b/mm/kmemleak.c
+index f3b2a00..cc8cf1d 100644
+--- a/mm/kmemleak.c
++++ b/mm/kmemleak.c
+@@ -744,7 +744,9 @@ static void add_scan_area(unsigned long ptr, size_t size, gfp_t gfp)
+ }
+
+ spin_lock_irqsave(&object->lock, flags);
+- if (ptr + size > object->pointer + object->size) {
++ if (size == SIZE_MAX) {
++ size = object->pointer + object->size - ptr;
++ } else if (ptr + size > object->pointer + object->size) {
+ kmemleak_warn("Scan area larger than object 0x%08lx\n", ptr);
+ dump_object_info(object);
+ kmem_cache_free(scan_area_cache, area);
+diff --git a/mm/mempolicy.c b/mm/mempolicy.c
+index 2b5bcc9..c9f7e6f 100644
+--- a/mm/mempolicy.c
++++ b/mm/mempolicy.c
+@@ -1983,7 +1983,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old)
+ } else
+ *new = *old;
+
+- rcu_read_lock();
+ if (current_cpuset_is_being_rebound()) {
+ nodemask_t mems = cpuset_mems_allowed(current);
+ if (new->flags & MPOL_F_REBINDING)
+@@ -1991,7 +1990,6 @@ struct mempolicy *__mpol_dup(struct mempolicy *old)
+ else
+ mpol_rebind_policy(new, &mems, MPOL_REBIND_ONCE);
+ }
+- rcu_read_unlock();
+ atomic_set(&new->refcnt, 1);
+ return new;
+ }
+diff --git a/mm/shmem.c b/mm/shmem.c
+index a78acf0..1371021 100644
+--- a/mm/shmem.c
++++ b/mm/shmem.c
+@@ -76,6 +76,17 @@ static struct vfsmount *shm_mnt;
+ /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
+ #define SHORT_SYMLINK_LEN 128
+
++/*
++ * vmtruncate_range() communicates with shmem_fault via
++ * inode->i_private (with i_mutex making sure that it has only one user at
++ * a time): we would prefer not to enlarge the shmem inode just for that.
++ */
++struct shmem_falloc {
++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
++ pgoff_t start; /* start of range currently being fallocated */
++ pgoff_t next; /* the next page offset to be fallocated */
++};
++
+ struct shmem_xattr {
+ struct list_head list; /* anchored by shmem_inode_info->xattr_list */
+ char *name; /* xattr name */
+@@ -488,22 +499,19 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ }
+
+ index = start;
+- for ( ; ; ) {
++ while (index <= end) {
+ cond_resched();
+ pvec.nr = shmem_find_get_pages_and_swap(mapping, index,
+ min(end - index, (pgoff_t)PAGEVEC_SIZE - 1) + 1,
+ pvec.pages, indices);
+ if (!pvec.nr) {
+- if (index == start)
++ /* If all gone or hole-punch, we're done */
++ if (index == start || end != -1)
+ break;
++ /* But if truncating, restart to make sure all gone */
+ index = start;
+ continue;
+ }
+- if (index == start && indices[0] > end) {
+- shmem_deswap_pagevec(&pvec);
+- pagevec_release(&pvec);
+- break;
+- }
+ mem_cgroup_uncharge_start();
+ for (i = 0; i < pagevec_count(&pvec); i++) {
+ struct page *page = pvec.pages[i];
+@@ -513,8 +521,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ break;
+
+ if (radix_tree_exceptional_entry(page)) {
+- nr_swaps_freed += !shmem_free_swap(mapping,
+- index, page);
++ if (shmem_free_swap(mapping, index, page)) {
++ /* Swap was replaced by page: retry */
++ index--;
++ break;
++ }
++ nr_swaps_freed++;
+ continue;
+ }
+
+@@ -522,6 +534,11 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ if (page->mapping == mapping) {
+ VM_BUG_ON(PageWriteback(page));
+ truncate_inode_page(mapping, page);
++ } else {
++ /* Page was replaced by swap: retry */
++ unlock_page(page);
++ index--;
++ break;
+ }
+ unlock_page(page);
+ }
+@@ -1060,6 +1077,63 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ int error;
+ int ret = VM_FAULT_LOCKED;
+
++ /*
++ * Trinity finds that probing a hole which tmpfs is punching can
++ * prevent the hole-punch from ever completing: which in turn
++ * locks writers out with its hold on i_mutex. So refrain from
++ * faulting pages into the hole while it's being punched. Although
++ * shmem_truncate_range() does remove the additions, it may be unable to
++ * keep up, as each new page needs its own unmap_mapping_range() call,
++ * and the i_mmap tree grows ever slower to scan if new vmas are added.
++ *
++ * It does not matter if we sometimes reach this check just before the
++ * hole-punch begins, so that one fault then races with the punch:
++ * we just need to make racing faults a rare case.
++ *
++ * The implementation below would be much simpler if we just used a
++ * standard mutex or completion: but we cannot take i_mutex in fault,
++ * and bloating every shmem inode for this unlikely case would be sad.
++ */
++ if (unlikely(inode->i_private)) {
++ struct shmem_falloc *shmem_falloc;
++
++ spin_lock(&inode->i_lock);
++ shmem_falloc = inode->i_private;
++ if (shmem_falloc &&
++ vmf->pgoff >= shmem_falloc->start &&
++ vmf->pgoff < shmem_falloc->next) {
++ wait_queue_head_t *shmem_falloc_waitq;
++ DEFINE_WAIT(shmem_fault_wait);
++
++ ret = VM_FAULT_NOPAGE;
++ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
++ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
++ /* It's polite to up mmap_sem if we can */
++ up_read(&vma->vm_mm->mmap_sem);
++ ret = VM_FAULT_RETRY;
++ }
++
++ shmem_falloc_waitq = shmem_falloc->waitq;
++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
++ TASK_UNINTERRUPTIBLE);
++ spin_unlock(&inode->i_lock);
++ schedule();
++
++ /*
++ * shmem_falloc_waitq points into the vmtruncate_range()
++ * stack of the hole-punching task: shmem_falloc_waitq
++ * is usually invalid by the time we reach here, but
++ * finish_wait() does not dereference it in that case;
++ * though i_lock needed lest racing with wake_up_all().
++ */
++ spin_lock(&inode->i_lock);
++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
++ spin_unlock(&inode->i_lock);
++ return ret;
++ }
++ spin_unlock(&inode->i_lock);
++ }
++
+ error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
+ if (error)
+ return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
+@@ -1071,6 +1145,47 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+ return ret;
+ }
+
++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
++{
++ /*
++ * If the underlying filesystem is not going to provide
++ * a way to truncate a range of blocks (punch a hole) -
++ * we should return failure right now.
++ * Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range().
++ */
++ if (inode->i_op->truncate_range != shmem_truncate_range)
++ return -ENOSYS;
++
++ mutex_lock(&inode->i_mutex);
++ {
++ struct shmem_falloc shmem_falloc;
++ struct address_space *mapping = inode->i_mapping;
++ loff_t unmap_start = round_up(lstart, PAGE_SIZE);
++ loff_t unmap_end = round_down(1 + lend, PAGE_SIZE) - 1;
++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
++
++ shmem_falloc.waitq = &shmem_falloc_waitq;
++ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
++ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
++ spin_lock(&inode->i_lock);
++ inode->i_private = &shmem_falloc;
++ spin_unlock(&inode->i_lock);
++
++ if ((u64)unmap_end > (u64)unmap_start)
++ unmap_mapping_range(mapping, unmap_start,
++ 1 + unmap_end - unmap_start, 0);
++ shmem_truncate_range(inode, lstart, lend);
++ /* No need to unmap again: hole-punching leaves COWed pages */
++
++ spin_lock(&inode->i_lock);
++ inode->i_private = NULL;
++ wake_up_all(&shmem_falloc_waitq);
++ spin_unlock(&inode->i_lock);
++ }
++ mutex_unlock(&inode->i_mutex);
++ return 0;
++}
++
+ #ifdef CONFIG_NUMA
+ static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol)
+ {
+@@ -2496,6 +2611,12 @@ void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+ }
+ EXPORT_SYMBOL_GPL(shmem_truncate_range);
+
++int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
++{
++ /* Only CONFIG_SHMEM shmem.c ever supported i_op->truncate_range(). */
++ return -ENOSYS;
++}
++
+ #define shmem_vm_ops generic_file_vm_ops
+ #define shmem_file_operations ramfs_file_operations
+ #define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev)
+diff --git a/mm/truncate.c b/mm/truncate.c
+index 00fb58a..40d186f 100644
+--- a/mm/truncate.c
++++ b/mm/truncate.c
+@@ -602,28 +602,3 @@ int vmtruncate(struct inode *inode, loff_t newsize)
+ return 0;
+ }
+ EXPORT_SYMBOL(vmtruncate);
+-
+-int vmtruncate_range(struct inode *inode, loff_t lstart, loff_t lend)
+-{
+- struct address_space *mapping = inode->i_mapping;
+- loff_t holebegin = round_up(lstart, PAGE_SIZE);
+- loff_t holelen = 1 + lend - holebegin;
+-
+- /*
+- * If the underlying filesystem is not going to provide
+- * a way to truncate a range of blocks (punch a hole) -
+- * we should return failure right now.
+- */
+- if (!inode->i_op->truncate_range)
+- return -ENOSYS;
+-
+- mutex_lock(&inode->i_mutex);
+- inode_dio_wait(inode);
+- unmap_mapping_range(mapping, holebegin, holelen, 1);
+- inode->i_op->truncate_range(inode, lstart, lend);
+- /* unmap again to remove racily COWed private pages */
+- unmap_mapping_range(mapping, holebegin, holelen, 1);
+- mutex_unlock(&inode->i_mutex);
+-
+- return 0;
+-}
+diff --git a/mm/vmalloc.c b/mm/vmalloc.c
+index eeba3bb..1431458 100644
+--- a/mm/vmalloc.c
++++ b/mm/vmalloc.c
+@@ -349,6 +349,12 @@ static struct vmap_area *alloc_vmap_area(unsigned long size,
+ if (unlikely(!va))
+ return ERR_PTR(-ENOMEM);
+
++ /*
++ * Only scan the relevant parts containing pointers to other objects
++ * to avoid false negatives.
++ */
++ kmemleak_scan_area(&va->rb_node, SIZE_MAX, gfp_mask & GFP_RECLAIM_MASK);
++
+ retry:
+ spin_lock(&vmap_area_lock);
+ /*
+@@ -1644,11 +1650,11 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+ insert_vmalloc_vmlist(area);
+
+ /*
+- * A ref_count = 3 is needed because the vm_struct and vmap_area
+- * structures allocated in the __get_vm_area_node() function contain
+- * references to the virtual address of the vmalloc'ed block.
++ * A ref_count = 2 is needed because vm_struct allocated in
++ * __get_vm_area_node() contains a reference to the virtual address of
++ * the vmalloc'ed block.
+ */
+- kmemleak_alloc(addr, real_size, 3, gfp_mask);
++ kmemleak_alloc(addr, real_size, 2, gfp_mask);
+
+ return addr;
+
+diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
+index e860a4f..77d3532 100644
+--- a/net/8021q/vlan_core.c
++++ b/net/8021q/vlan_core.c
+@@ -96,8 +96,11 @@ EXPORT_SYMBOL(vlan_dev_vlan_id);
+
+ static struct sk_buff *vlan_reorder_header(struct sk_buff *skb)
+ {
+- if (skb_cow(skb, skb_headroom(skb)) < 0)
++ if (skb_cow(skb, skb_headroom(skb)) < 0) {
++ kfree_skb(skb);
+ return NULL;
++ }
++
+ memmove(skb->data - ETH_HLEN, skb->data - VLAN_ETH_HLEN, 2 * ETH_ALEN);
+ skb->mac_header += VLAN_HLEN;
+ return skb;
+diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
+index 334d4cd..79aaac2 100644
+--- a/net/appletalk/ddp.c
++++ b/net/appletalk/ddp.c
+@@ -1494,8 +1494,6 @@ static int atalk_rcv(struct sk_buff *skb, struct net_device *dev,
+ goto drop;
+
+ /* Queue packet (standard) */
+- skb->sk = sock;
+-
+ if (sock_queue_rcv_skb(sock, skb) < 0)
+ goto drop;
+
+@@ -1649,7 +1647,6 @@ static int atalk_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
+ if (!skb)
+ goto out;
+
+- skb->sk = sk;
+ skb_reserve(skb, ddp_dl->header_length);
+ skb_reserve(skb, dev->hard_header_len);
+ skb->dev = dev;
+diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
+index 7beaf10..0900a17 100644
+--- a/net/core/rtnetlink.c
++++ b/net/core/rtnetlink.c
+@@ -1062,6 +1062,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ int err;
++ int hdrlen;
+
+ s_h = cb->args[0];
+ s_idx = cb->args[1];
+@@ -1069,8 +1070,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
+ rcu_read_lock();
+ cb->seq = net->dev_base_seq;
+
+- if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ /* A hack to preserve kernel<->userspace interface.
++ * The correct header is ifinfomsg. It is consistent with rtnl_getlink.
++ * However, before Linux v3.9 the code here assumed rtgenmsg and that's
++ * what iproute2 < v3.9.0 used.
++ * We can detect the old iproute2. Even including the IFLA_EXT_MASK
++ * attribute, its netlink message is shorter than struct ifinfomsg.
++ */
++ hdrlen = nlmsg_len(cb->nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
++
++ if (nlmsg_parse(cb->nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+@@ -1917,9 +1927,13 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh)
+ struct nlattr *tb[IFLA_MAX+1];
+ u32 ext_filter_mask = 0;
+ u16 min_ifinfo_dump_size = 0;
++ int hdrlen;
++
++ /* Same kernel<->userspace interface hack as in rtnl_dump_ifinfo. */
++ hdrlen = nlmsg_len(nlh) < sizeof(struct ifinfomsg) ?
++ sizeof(struct rtgenmsg) : sizeof(struct ifinfomsg);
+
+- if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX,
+- ifla_policy) >= 0) {
++ if (nlmsg_parse(nlh, hdrlen, tb, IFLA_MAX, ifla_policy) >= 0) {
+ if (tb[IFLA_EXT_MASK])
+ ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]);
+ }
+diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
+index c32be29..2022b46 100644
+--- a/net/dns_resolver/dns_query.c
++++ b/net/dns_resolver/dns_query.c
+@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
+ if (!*_result)
+ goto put;
+
+- memcpy(*_result, upayload->data, len + 1);
++ memcpy(*_result, upayload->data, len);
++ (*_result)[len] = '\0';
++
+ if (_expiry)
+ *_expiry = rkey->expiry;
+
+diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
+index 75b0860..7f7e670 100644
+--- a/net/ipv4/igmp.c
++++ b/net/ipv4/igmp.c
+@@ -1862,6 +1862,10 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
+
+ rtnl_lock();
+ in_dev = ip_mc_find_dev(net, imr);
++ if (!in_dev) {
++ ret = -ENODEV;
++ goto out;
++ }
+ ifindex = imr->imr_ifindex;
+ for (imlp = &inet->mc_list;
+ (iml = rtnl_dereference(*imlp)) != NULL;
+@@ -1879,16 +1883,14 @@ int ip_mc_leave_group(struct sock *sk, struct ip_mreqn *imr)
+
+ *imlp = iml->next_rcu;
+
+- if (in_dev)
+- ip_mc_dec_group(in_dev, group);
++ ip_mc_dec_group(in_dev, group);
+ rtnl_unlock();
+ /* decrease mem now to avoid the memleak warning */
+ atomic_sub(sizeof(*iml), &sk->sk_omem_alloc);
+ kfree_rcu(iml, rcu);
+ return 0;
+ }
+- if (!in_dev)
+- ret = -ENODEV;
++out:
+ rtnl_unlock();
+ return ret;
+ }
+diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
+index 7593f3a..29a07b6 100644
+--- a/net/ipv4/ip_forward.c
++++ b/net/ipv4/ip_forward.c
+@@ -39,68 +39,6 @@
+ #include <net/route.h>
+ #include <net/xfrm.h>
+
+-static bool ip_may_fragment(const struct sk_buff *skb)
+-{
+- return unlikely((ip_hdr(skb)->frag_off & htons(IP_DF)) == 0) ||
+- skb->local_df;
+-}
+-
+-static bool ip_exceeds_mtu(const struct sk_buff *skb, unsigned int mtu)
+-{
+- if (skb->len <= mtu)
+- return false;
+-
+- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
+- return false;
+-
+- return true;
+-}
+-
+-static bool ip_gso_exceeds_dst_mtu(const struct sk_buff *skb)
+-{
+- unsigned int mtu;
+-
+- if (skb->local_df || !skb_is_gso(skb))
+- return false;
+-
+- mtu = dst_mtu(skb_dst(skb));
+-
+- /* if seglen > mtu, do software segmentation for IP fragmentation on
+- * output. DF bit cannot be set since ip_forward would have sent
+- * icmp error.
+- */
+- return skb_gso_network_seglen(skb) > mtu;
+-}
+-
+-/* called if GSO skb needs to be fragmented on forward */
+-static int ip_forward_finish_gso(struct sk_buff *skb)
+-{
+- struct sk_buff *segs;
+- int ret = 0;
+-
+- segs = skb_gso_segment(skb, 0);
+- if (IS_ERR(segs)) {
+- kfree_skb(skb);
+- return -ENOMEM;
+- }
+-
+- consume_skb(skb);
+-
+- do {
+- struct sk_buff *nskb = segs->next;
+- int err;
+-
+- segs->next = NULL;
+- err = dst_output(segs);
+-
+- if (err && ret == 0)
+- ret = err;
+- segs = nskb;
+- } while (segs);
+-
+- return ret;
+-}
+-
+ static int ip_forward_finish(struct sk_buff *skb)
+ {
+ struct ip_options * opt = &(IPCB(skb)->opt);
+@@ -110,9 +48,6 @@ static int ip_forward_finish(struct sk_buff *skb)
+ if (unlikely(opt->optlen))
+ ip_forward_options(skb);
+
+- if (ip_gso_exceeds_dst_mtu(skb))
+- return ip_forward_finish_gso(skb);
+-
+ return dst_output(skb);
+ }
+
+@@ -152,7 +87,8 @@ int ip_forward(struct sk_buff *skb)
+ if (opt->is_strictroute && opt->nexthop != rt->rt_gateway)
+ goto sr_failed;
+
+- if (!ip_may_fragment(skb) && ip_exceeds_mtu(skb, dst_mtu(&rt->dst))) {
++ if (unlikely(skb->len > dst_mtu(&rt->dst) && !skb_is_gso(skb) &&
++ (ip_hdr(skb)->frag_off & htons(IP_DF))) && !skb->local_df) {
+ IP_INC_STATS(dev_net(rt->dst.dev), IPSTATS_MIB_FRAGFAILS);
+ icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED,
+ htonl(dst_mtu(&rt->dst)));
+diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
+index 40eb4fc..08623e2 100644
+--- a/net/ipv4/ip_options.c
++++ b/net/ipv4/ip_options.c
+@@ -277,6 +277,10 @@ int ip_options_compile(struct net *net,
+ optptr++;
+ continue;
+ }
++ if (unlikely(l < 2)) {
++ pp_ptr = optptr;
++ goto error;
++ }
+ optlen = optptr[1];
+ if (optlen<2 || optlen>l) {
+ pp_ptr = optptr;
+diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
+index b550815..c3b44d5 100644
+--- a/net/ipv4/netfilter/ipt_ULOG.c
++++ b/net/ipv4/netfilter/ipt_ULOG.c
+@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
+ ub->qlen++;
+
+ pm = NLMSG_DATA(nlh);
++ memset(pm, 0, sizeof(*pm));
+
+ /* We might not have a timestamp, get one */
+ if (skb->tstamp.tv64 == 0)
+@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum,
+ strncpy(pm->prefix, prefix, sizeof(pm->prefix));
+ else if (loginfo->prefix[0] != '\0')
+ strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
+- else
+- *(pm->prefix) = '\0';
+
+ if (in && in->hard_header_len > 0 &&
+ skb->mac_header != skb->network_header &&
+@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
+
+ if (in)
+ strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
+- else
+- pm->indev_name[0] = '\0';
+
+ if (out)
+ strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
+- else
+- pm->outdev_name[0] = '\0';
+
+ /* copy_len <= skb->len, so can't fail. */
+ if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
+diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
+index c1ed01e..afe6886 100644
+--- a/net/ipv4/tcp_input.c
++++ b/net/ipv4/tcp_input.c
+@@ -1305,7 +1305,7 @@ static int tcp_match_skb_to_sack(struct sock *sk, struct sk_buff *skb,
+ unsigned int new_len = (pkt_len / mss) * mss;
+ if (!in_sack && new_len < pkt_len) {
+ new_len += mss;
+- if (new_len > skb->len)
++ if (new_len >= skb->len)
+ return 0;
+ }
+ pkt_len = new_len;
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
+index 14753d3..064b5c9 100644
+--- a/net/ipv6/ip6_output.c
++++ b/net/ipv6/ip6_output.c
+@@ -381,17 +381,6 @@ static inline int ip6_forward_finish(struct sk_buff *skb)
+ return dst_output(skb);
+ }
+
+-static bool ip6_pkt_too_big(const struct sk_buff *skb, unsigned int mtu)
+-{
+- if (skb->len <= mtu || skb->local_df)
+- return false;
+-
+- if (skb_is_gso(skb) && skb_gso_network_seglen(skb) <= mtu)
+- return false;
+-
+- return true;
+-}
+-
+ int ip6_forward(struct sk_buff *skb)
+ {
+ struct dst_entry *dst = skb_dst(skb);
+@@ -515,7 +504,7 @@ int ip6_forward(struct sk_buff *skb)
+ if (mtu < IPV6_MIN_MTU)
+ mtu = IPV6_MIN_MTU;
+
+- if (ip6_pkt_too_big(skb, mtu)) {
++ if (skb->len > mtu && !skb_is_gso(skb)) {
+ /* Again, force OUTPUT device used as source address */
+ skb->dev = dst->dev;
+ icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu);
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index e0f0934..437fb59 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
+ int err;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (optlen < sizeof(int))
+ return -EINVAL;
+@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level,
+ struct pppol2tp_session *ps;
+
+ if (level != SOL_PPPOL2TP)
+- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
++ return -EINVAL;
+
+ if (get_user(len, (int __user *) optlen))
+ return -EFAULT;
+diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
+index 72f4253..93acfa1 100644
+--- a/net/netfilter/ipvs/ip_vs_ctl.c
++++ b/net/netfilter/ipvs/ip_vs_ctl.c
+@@ -3688,6 +3688,7 @@ void __net_init ip_vs_control_net_cleanup_sysctl(struct net *net)
+ cancel_delayed_work_sync(&ipvs->defense_work);
+ cancel_work_sync(&ipvs->defense_work.work);
+ unregister_net_sysctl_table(ipvs->sysctl_hdr);
++ ip_vs_stop_estimator(net, &ipvs->tot_stats);
+ }
+
+ #else
+@@ -3743,7 +3744,6 @@ void __net_exit ip_vs_control_net_cleanup(struct net *net)
+ struct netns_ipvs *ipvs = net_ipvs(net);
+
+ ip_vs_trash_cleanup(net);
+- ip_vs_stop_estimator(net, &ipvs->tot_stats);
+ ip_vs_control_net_cleanup_sysctl(net);
+ proc_net_remove(net, "ip_vs_stats_percpu");
+ proc_net_remove(net, "ip_vs_stats");
+diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
+index 8a84017..57da447 100644
+--- a/net/sctp/ulpevent.c
++++ b/net/sctp/ulpevent.c
+@@ -373,9 +373,10 @@ fail:
+ * specification [SCTP] and any extensions for a list of possible
+ * error formats.
+ */
+-struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+- const struct sctp_association *asoc, struct sctp_chunk *chunk,
+- __u16 flags, gfp_t gfp)
++struct sctp_ulpevent *
++sctp_ulpevent_make_remote_error(const struct sctp_association *asoc,
++ struct sctp_chunk *chunk, __u16 flags,
++ gfp_t gfp)
+ {
+ struct sctp_ulpevent *event;
+ struct sctp_remote_error *sre;
+@@ -394,8 +395,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+ /* Copy the skb to a new skb with room for us to prepend
+ * notification with.
+ */
+- skb = skb_copy_expand(chunk->skb, sizeof(struct sctp_remote_error),
+- 0, gfp);
++ skb = skb_copy_expand(chunk->skb, sizeof(*sre), 0, gfp);
+
+ /* Pull off the rest of the cause TLV from the chunk. */
+ skb_pull(chunk->skb, elen);
+@@ -406,62 +406,21 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
+ event = sctp_skb2event(skb);
+ sctp_ulpevent_init(event, MSG_NOTIFICATION, skb->truesize);
+
+- sre = (struct sctp_remote_error *)
+- skb_push(skb, sizeof(struct sctp_remote_error));
++ sre = (struct sctp_remote_error *) skb_push(skb, sizeof(*sre));
+
+ /* Trim the buffer to the right length. */
+- skb_trim(skb, sizeof(struct sctp_remote_error) + elen);
++ skb_trim(skb, sizeof(*sre) + elen);
+
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_type:
+- * It should be SCTP_REMOTE_ERROR.
+- */
++ /* RFC6458, Section 6.1.3. SCTP_REMOTE_ERROR */
++ memset(sre, 0, sizeof(*sre));
+ sre->sre_type = SCTP_REMOTE_ERROR;
+-
+- /*
+- * Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_flags: 16 bits (unsigned integer)
+- * Currently unused.
+- */
+ sre->sre_flags = 0;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_length: sizeof (__u32)
+- *
+- * This field is the total length of the notification data,
+- * including the notification header.
+- */
+ sre->sre_length = skb->len;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_error: 16 bits (unsigned integer)
+- * This value represents one of the Operational Error causes defined in
+- * the SCTP specification, in network byte order.
+- */
+ sre->sre_error = cause;
+-
+- /* Socket Extensions for SCTP
+- * 5.3.1.3 SCTP_REMOTE_ERROR
+- *
+- * sre_assoc_id: sizeof (sctp_assoc_t)
+- *
+- * The association id field, holds the identifier for the association.
+- * All notifications for a given association have the same association
+- * identifier. For TCP style socket, this field is ignored.
+- */
+ sctp_ulpevent_set_owner(event, asoc);
+ sre->sre_assoc_id = sctp_assoc2id(asoc);
+
+ return event;
+-
+ fail:
+ return NULL;
+ }
+@@ -904,7 +863,9 @@ __u16 sctp_ulpevent_get_notification_type(const struct sctp_ulpevent *event)
+ return notification->sn_header.sn_type;
+ }
+
+-/* Copy out the sndrcvinfo into a msghdr. */
++/* RFC6458, Section 5.3.2. SCTP Header Information Structure
++ * (SCTP_SNDRCV, DEPRECATED)
++ */
+ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
+ struct msghdr *msghdr)
+ {
+@@ -913,74 +874,21 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
+ if (sctp_ulpevent_is_notification(event))
+ return;
+
+- /* Sockets API Extensions for SCTP
+- * Section 5.2.2 SCTP Header Information Structure (SCTP_SNDRCV)
+- *
+- * sinfo_stream: 16 bits (unsigned integer)
+- *
+- * For recvmsg() the SCTP stack places the message's stream number in
+- * this value.
+- */
++ memset(&sinfo, 0, sizeof(sinfo));
+ sinfo.sinfo_stream = event->stream;
+- /* sinfo_ssn: 16 bits (unsigned integer)
+- *
+- * For recvmsg() this value contains the stream sequence number that
+- * the remote endpoint placed in the DATA chunk. For fragmented
+- * messages this is the same number for all deliveries of the message
+- * (if more than one recvmsg() is needed to read the message).
+- */
+ sinfo.sinfo_ssn = event->ssn;
+- /* sinfo_ppid: 32 bits (unsigned integer)
+- *
+- * In recvmsg() this value is
+- * the same information that was passed by the upper layer in the peer
+- * application. Please note that byte order issues are NOT accounted
+- * for and this information is passed opaquely by the SCTP stack from
+- * one end to the other.
+- */
+ sinfo.sinfo_ppid = event->ppid;
+- /* sinfo_flags: 16 bits (unsigned integer)
+- *
+- * This field may contain any of the following flags and is composed of
+- * a bitwise OR of these values.
+- *
+- * recvmsg() flags:
+- *
+- * SCTP_UNORDERED - This flag is present when the message was sent
+- * non-ordered.
+- */
+ sinfo.sinfo_flags = event->flags;
+- /* sinfo_tsn: 32 bit (unsigned integer)
+- *
+- * For the receiving side, this field holds a TSN that was
+- * assigned to one of the SCTP Data Chunks.
+- */
+ sinfo.sinfo_tsn = event->tsn;
+- /* sinfo_cumtsn: 32 bit (unsigned integer)
+- *
+- * This field will hold the current cumulative TSN as
+- * known by the underlying SCTP layer. Note this field is
+- * ignored when sending and only valid for a receive
+- * operation when sinfo_flags are set to SCTP_UNORDERED.
+- */
+ sinfo.sinfo_cumtsn = event->cumtsn;
+- /* sinfo_assoc_id: sizeof (sctp_assoc_t)
+- *
+- * The association handle field, sinfo_assoc_id, holds the identifier
+- * for the association announced in the COMMUNICATION_UP notification.
+- * All notifications for a given association have the same identifier.
+- * Ignored for one-to-one style sockets.
+- */
+ sinfo.sinfo_assoc_id = sctp_assoc2id(event->asoc);
+-
+- /* context value that is set via SCTP_CONTEXT socket option. */
++ /* Context value that is set via SCTP_CONTEXT socket option. */
+ sinfo.sinfo_context = event->asoc->default_rcv_context;
+-
+ /* These fields are not used while receiving. */
+ sinfo.sinfo_timetolive = 0;
+
+ put_cmsg(msghdr, IPPROTO_SCTP, SCTP_SNDRCV,
+- sizeof(struct sctp_sndrcvinfo), (void *)&sinfo);
++ sizeof(sinfo), &sinfo);
+ }
+
+ /* Do accounting for bytes received and hold a reference to the association
+diff --git a/tools/usb/ffs-test.c b/tools/usb/ffs-test.c
+index f17dfee..726af27 100644
+--- a/tools/usb/ffs-test.c
++++ b/tools/usb/ffs-test.c
+@@ -143,8 +143,8 @@ static const struct {
+ .header = {
+ .magic = cpu_to_le32(FUNCTIONFS_DESCRIPTORS_MAGIC),
+ .length = cpu_to_le32(sizeof descriptors),
+- .fs_count = 3,
+- .hs_count = 3,
++ .fs_count = cpu_to_le32(3),
++ .hs_count = cpu_to_le32(3),
+ },
+ .fs_descs = {
+ .intf = {
diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
similarity index 99%
rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch
rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
index d00d89e..0c9beb1 100644
--- a/3.2.61/4420_grsecurity-3.0-3.2.61-201408032011.patch
+++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408110020.patch
@@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644
==============================================================
diff --git a/Makefile b/Makefile
-index f8b642d..8741e65 100644
+index 30a5c65..efb1be9 100644
--- a/Makefile
+++ b/Makefile
@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -315,10 +315,13 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=scripts/basic
$(Q)rm -f .tmp_quiet_recordmcount
-@@ -564,6 +571,72 @@ else
+@@ -564,6 +571,75 @@ else
KBUILD_CFLAGS += -O2
endif
++# Tell gcc to never replace conditional load with a non-conditional one
++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
++
+ifndef DISABLE_PAX_PLUGINS
+ifeq ($(call cc-ifversion, -ge, 0408, y), y)
+PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)")
@@ -388,7 +391,7 @@ index f8b642d..8741e65 100644
include $(srctree)/arch/$(SRCARCH)/Makefile
ifneq ($(CONFIG_FRAME_WARN),0)
-@@ -592,9 +665,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
+@@ -592,9 +668,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
endif
endif
@@ -401,7 +404,7 @@ index f8b642d..8741e65 100644
endif
ifdef CONFIG_DEBUG_INFO_REDUCED
-@@ -708,7 +783,7 @@ export mod_strip_cmd
+@@ -708,7 +786,7 @@ export mod_strip_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -410,7 +413,7 @@ index f8b642d..8741e65 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -932,6 +1007,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
+@@ -932,6 +1010,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -419,7 +422,7 @@ index f8b642d..8741e65 100644
$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -941,7 +1018,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
+@@ -941,7 +1021,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -428,7 +431,7 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -981,10 +1058,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
+@@ -981,10 +1061,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
archprepare: archscripts prepare1 scripts_basic
@@ -442,7 +445,7 @@ index f8b642d..8741e65 100644
prepare: prepare0
# Generate some files
-@@ -1089,6 +1169,8 @@ all: modules
+@@ -1089,6 +1172,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -451,7 +454,7 @@ index f8b642d..8741e65 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -1104,7 +1186,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -1104,7 +1189,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -460,7 +463,7 @@ index f8b642d..8741e65 100644
# Target to install modules
PHONY += modules_install
-@@ -1164,6 +1246,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
+@@ -1164,6 +1249,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
arch/*/include/generated
MRPROPER_FILES += .config .config.old .version .old_version \
include/linux/version.h \
@@ -470,7 +473,7 @@ index f8b642d..8741e65 100644
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
# clean - Delete most, but leave enough to build external modules
-@@ -1200,7 +1285,7 @@ distclean: mrproper
+@@ -1200,7 +1288,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -479,7 +482,7 @@ index f8b642d..8741e65 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1361,6 +1446,8 @@ PHONY += $(module-dirs) modules
+@@ -1361,6 +1449,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -488,7 +491,7 @@ index f8b642d..8741e65 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1487,17 +1574,21 @@ else
+@@ -1487,17 +1577,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -514,7 +517,7 @@ index f8b642d..8741e65 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1507,11 +1598,15 @@ endif
+@@ -1507,11 +1601,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -897,10 +900,10 @@ index fadd5f8..904e73a 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 790ea68..e8c6879 100644
+index 082bd36..da47cc5 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
-@@ -2012,6 +2012,7 @@ config XIP_PHYS_ADDR
+@@ -2013,6 +2013,7 @@ config XIP_PHYS_ADDR
config KEXEC
bool "Kexec system call (EXPERIMENTAL)"
depends on EXPERIMENTAL
@@ -5124,10 +5127,10 @@ index 18162ce..94de376 100644
/*
* If for any reason at all we couldn't handle the fault, make
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
-index 16ef838..4eac98f 100644
+index bec952d..f6dbe5d 100644
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
-@@ -346,6 +346,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE
+@@ -347,6 +347,7 @@ config ARCH_ENABLE_MEMORY_HOTREMOVE
config KEXEC
bool "kexec system call (EXPERIMENTAL)"
depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP && !PPC_47x)) && EXPERIMENTAL
@@ -9978,7 +9981,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index fb2e69d..440cb91 100644
+index 901447e..38d9380 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -75,6 +75,7 @@ config X86
@@ -9986,10 +9989,10 @@ index fb2e69d..440cb91 100644
select CLKEVT_I8253
select ARCH_HAVE_NMI_SAFE_CMPXCHG
+ select HAVE_ARCH_SECCOMP_FILTER
+ select ARCH_SUPPORTS_ATOMIC_RMW
config INSTRUCTION_DECODER
- def_bool (KPROBES || PERF_EVENTS)
-@@ -235,7 +236,7 @@ config X86_HT
+@@ -236,7 +237,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
@@ -9998,7 +10001,7 @@ index fb2e69d..440cb91 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -525,6 +526,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -526,6 +527,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig PARAVIRT_GUEST
bool "Paravirtualized guest support"
@@ -10006,7 +10009,7 @@ index fb2e69d..440cb91 100644
---help---
Say Y here to get to see options related to running Linux under
various hypervisors. This option alone does not add any kernel code.
-@@ -1022,7 +1024,7 @@ choice
+@@ -1023,7 +1025,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -10015,7 +10018,7 @@ index fb2e69d..440cb91 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1059,7 +1061,7 @@ config NOHIGHMEM
+@@ -1060,7 +1062,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -10024,7 +10027,7 @@ index fb2e69d..440cb91 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1113,7 +1115,7 @@ config PAGE_OFFSET
+@@ -1114,7 +1116,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -10033,7 +10036,7 @@ index fb2e69d..440cb91 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1496,6 +1498,7 @@ config SECCOMP
+@@ -1497,6 +1499,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)"
@@ -10041,7 +10044,7 @@ index fb2e69d..440cb91 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1514,6 +1517,7 @@ source kernel/Kconfig.hz
+@@ -1515,6 +1518,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -10049,7 +10052,7 @@ index fb2e69d..440cb91 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1616,6 +1620,8 @@ config X86_NEED_RELOCS
+@@ -1617,6 +1621,8 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -10058,7 +10061,7 @@ index fb2e69d..440cb91 100644
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1647,9 +1653,10 @@ config HOTPLUG_CPU
+@@ -1648,9 +1654,10 @@ config HOTPLUG_CPU
Say N if you want to disable CPU hotplug.
config COMPAT_VDSO
@@ -13744,7 +13747,7 @@ index 5478825..839e88c 100644
#define flush_insn_slot(p) do { } while (0)
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
-index cfb5a40..fc8880d 100644
+index b3eb9a7..7c34d91 100644
--- a/arch/x86/include/asm/kvm_host.h
+++ b/arch/x86/include/asm/kvm_host.h
@@ -459,7 +459,7 @@ struct kvm_arch {
@@ -18411,7 +18414,7 @@ index cd28a35..c72ed9a 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index db090f6..2886e27 100644
+index dd52355..371d3b9 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -180,13 +180,153 @@
@@ -18677,7 +18680,7 @@ index db090f6..2886e27 100644
movl %ebp,PT_EBP(%esp)
.section __ex_table,"a"
.align 4
-@@ -423,14 +591,18 @@ sysenter_past_esp:
+@@ -423,6 +591,10 @@ sysenter_past_esp:
GET_THREAD_INFO(%ebp)
@@ -18688,15 +18691,6 @@ index db090f6..2886e27 100644
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz sysenter_audit
sysenter_do_call:
- cmpl $(nr_syscalls), %eax
- jae sysenter_badsys
- call *sys_call_table(,%eax,4)
-- movl %eax,PT_EAX(%esp)
- sysenter_after_call:
-+ movl %eax,PT_EAX(%esp)
- LOCKDEP_SYS_EXIT
- DISABLE_INTERRUPTS(CLBR_ANY)
- TRACE_IRQS_OFF
@@ -438,12 +610,24 @@ sysenter_after_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
@@ -18764,15 +18758,7 @@ index db090f6..2886e27 100644
# system call tracing in operation / emulation
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz syscall_trace_entry
-@@ -512,6 +710,7 @@ ENTRY(system_call)
- jae syscall_badsys
- syscall_call:
- call *sys_call_table(,%eax,4)
-+syscall_after_call:
- movl %eax,PT_EAX(%esp) # store the return value
- syscall_exit:
- LOCKDEP_SYS_EXIT
-@@ -523,6 +722,15 @@ syscall_exit:
+@@ -524,6 +722,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -18788,7 +18774,7 @@ index db090f6..2886e27 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -582,14 +790,34 @@ ldt_ss:
+@@ -578,14 +785,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -18826,7 +18812,7 @@ index db090f6..2886e27 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -618,34 +846,28 @@ work_resched:
+@@ -614,34 +841,28 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -18866,7 +18852,7 @@ index db090f6..2886e27 100644
# perform syscall exit tracing
ALIGN
-@@ -653,11 +875,14 @@ syscall_trace_entry:
+@@ -649,11 +870,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -18882,7 +18868,7 @@ index db090f6..2886e27 100644
# perform syscall exit tracing
ALIGN
-@@ -670,25 +895,29 @@ syscall_exit_work:
+@@ -666,25 +890,29 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -18903,23 +18889,20 @@ index db090f6..2886e27 100644
+ENDPROC(syscall_fault)
syscall_badsys:
-- movl $-ENOSYS,PT_EAX(%esp)
-- jmp syscall_exit
+ movl $-ENOSYS,%eax
+ jmp syscall_after_call
-END(syscall_badsys)
-+ movl $-ENOSYS,%eax
-+ jmp syscall_after_call
+ENDPROC(syscall_badsys)
sysenter_badsys:
-- movl $-ENOSYS,PT_EAX(%esp)
-+ movl $-ENOSYS,%eax
+ movl $-ENOSYS,%eax
jmp sysenter_after_call
-END(syscall_badsys)
+ENDPROC(sysenter_badsys)
CFI_ENDPROC
/*
* End of kprobes section
-@@ -762,6 +991,36 @@ ptregs_clone:
+@@ -758,6 +986,36 @@ ptregs_clone:
CFI_ENDPROC
ENDPROC(ptregs_clone)
@@ -18956,7 +18939,7 @@ index db090f6..2886e27 100644
.macro FIXUP_ESPFIX_STACK
/*
* Switch back for ESPFIX stack to the normal zerobased stack
-@@ -771,8 +1030,15 @@ ENDPROC(ptregs_clone)
+@@ -767,8 +1025,15 @@ ENDPROC(ptregs_clone)
* normal stack and adjusts ESP with the matching offset.
*/
/* fixup the stack */
@@ -18974,7 +18957,7 @@ index db090f6..2886e27 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -825,7 +1091,7 @@ vector=vector+1
+@@ -821,7 +1086,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -18983,7 +18966,7 @@ index db090f6..2886e27 100644
.previous
END(interrupt)
-@@ -873,7 +1139,7 @@ ENTRY(coprocessor_error)
+@@ -869,7 +1134,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -18992,7 +18975,7 @@ index db090f6..2886e27 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -894,7 +1160,7 @@ ENTRY(simd_coprocessor_error)
+@@ -890,7 +1155,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -19001,7 +18984,7 @@ index db090f6..2886e27 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -902,7 +1168,7 @@ ENTRY(device_not_available)
+@@ -898,7 +1163,7 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -19010,7 +18993,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_PARAVIRT
ENTRY(native_iret)
-@@ -911,12 +1177,12 @@ ENTRY(native_iret)
+@@ -907,12 +1172,12 @@ ENTRY(native_iret)
.align 4
.long native_iret, iret_exc
.previous
@@ -19025,7 +19008,7 @@ index db090f6..2886e27 100644
#endif
ENTRY(overflow)
-@@ -925,7 +1191,7 @@ ENTRY(overflow)
+@@ -921,7 +1186,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -19034,7 +19017,7 @@ index db090f6..2886e27 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -933,7 +1199,7 @@ ENTRY(bounds)
+@@ -929,7 +1194,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -19043,7 +19026,7 @@ index db090f6..2886e27 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -941,7 +1207,7 @@ ENTRY(invalid_op)
+@@ -937,7 +1202,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -19052,7 +19035,7 @@ index db090f6..2886e27 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -949,35 +1215,35 @@ ENTRY(coprocessor_segment_overrun)
+@@ -945,35 +1210,35 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -19093,7 +19076,7 @@ index db090f6..2886e27 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -985,7 +1251,7 @@ ENTRY(divide_error)
+@@ -981,7 +1246,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -19102,7 +19085,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -994,7 +1260,7 @@ ENTRY(machine_check)
+@@ -990,7 +1255,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -19111,7 +19094,7 @@ index db090f6..2886e27 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -1003,7 +1269,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -999,7 +1264,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -19120,7 +19103,7 @@ index db090f6..2886e27 100644
/*
* End of kprobes section
*/
-@@ -1119,7 +1385,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
+@@ -1115,7 +1380,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
ENTRY(mcount)
ret
@@ -19129,7 +19112,7 @@ index db090f6..2886e27 100644
ENTRY(ftrace_caller)
cmpl $0, function_trace_stop
-@@ -1148,7 +1414,7 @@ ftrace_graph_call:
+@@ -1144,7 +1409,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -19138,7 +19121,7 @@ index db090f6..2886e27 100644
#else /* ! CONFIG_DYNAMIC_FTRACE */
-@@ -1184,7 +1450,7 @@ trace:
+@@ -1180,7 +1445,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -19147,7 +19130,7 @@ index db090f6..2886e27 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1205,7 +1471,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1201,7 +1466,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -19156,7 +19139,7 @@ index db090f6..2886e27 100644
.globl return_to_handler
return_to_handler:
-@@ -1219,7 +1485,6 @@ return_to_handler:
+@@ -1215,7 +1480,6 @@ return_to_handler:
jmp *%ecx
#endif
@@ -19164,7 +19147,7 @@ index db090f6..2886e27 100644
#include "syscall_table_32.S"
syscall_table_size=(.-sys_call_table)
-@@ -1265,15 +1530,18 @@ error_code:
+@@ -1261,15 +1525,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -19185,7 +19168,7 @@ index db090f6..2886e27 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1315,7 +1583,7 @@ debug_stack_correct:
+@@ -1311,7 +1578,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -19194,7 +19177,7 @@ index db090f6..2886e27 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1352,6 +1620,9 @@ nmi_stack_correct:
+@@ -1348,6 +1615,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -19204,7 +19187,7 @@ index db090f6..2886e27 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1388,12 +1659,15 @@ nmi_espfix_stack:
+@@ -1384,12 +1654,15 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -19221,7 +19204,7 @@ index db090f6..2886e27 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1405,14 +1679,14 @@ ENTRY(int3)
+@@ -1401,14 +1674,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -19238,7 +19221,7 @@ index db090f6..2886e27 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1420,7 +1694,7 @@ ENTRY(async_page_fault)
+@@ -1416,7 +1689,7 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -29322,19 +29305,21 @@ index 7b179b4..6bd17777 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index be1ef57..406f1c2 100644
+index dec49d3..e2bd3f0 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
-@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
- int is_ram = page_is_ram(pfn);
+@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
+ unsigned long i;
+
+ for (i = 0; i < nr_pages; ++i)
+- if (pfn_valid(start_pfn + i) &&
+- !PageReserved(pfn_to_page(start_pfn + i)))
++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 ||
++ !PageReserved(pfn_to_page(start_pfn + i))))
+ return 1;
-- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
-+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn))))
- return NULL;
- WARN_ON_ONCE(is_ram);
- }
-@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot);
+ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
+@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot);
*
* Caller must ensure there is only one unmapping for the same pointer.
*/
@@ -29343,7 +29328,7 @@ index be1ef57..406f1c2 100644
{
struct vm_struct *p, *o;
-@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -327,6 +327,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
if (page_is_ram(start >> PAGE_SHIFT))
@@ -29353,7 +29338,7 @@ index be1ef57..406f1c2 100644
return __va(phys);
addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
-@@ -327,6 +330,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -339,6 +342,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
{
if (page_is_ram(phys >> PAGE_SHIFT))
@@ -29363,7 +29348,7 @@ index be1ef57..406f1c2 100644
return;
iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK));
-@@ -344,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str)
+@@ -356,7 +362,7 @@ static int __init early_ioremap_debug_setup(char *str)
early_param("early_ioremap_debug", early_ioremap_debug_setup);
static __initdata int after_paging_init;
@@ -29372,7 +29357,7 @@ index be1ef57..406f1c2 100644
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
-@@ -381,8 +387,7 @@ void __init early_ioremap_init(void)
+@@ -393,8 +399,7 @@ void __init early_ioremap_init(void)
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -32604,10 +32589,10 @@ index de2802c..2260da9 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 2b662725..202bcc8 100644
+index 2ddf736..e60d263 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
-@@ -4782,7 +4782,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
+@@ -4787,7 +4787,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -32616,7 +32601,7 @@ index 2b662725..202bcc8 100644
ap = qc->ap;
qc->flags = 0;
-@@ -4798,7 +4798,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
+@@ -4803,7 +4803,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -32625,7 +32610,7 @@ index 2b662725..202bcc8 100644
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-@@ -5803,6 +5803,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5808,6 +5808,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
return;
spin_lock(&lock);
@@ -32633,7 +32618,7 @@ index 2b662725..202bcc8 100644
for (cur = ops->inherits; cur; cur = cur->inherits) {
void **inherit = (void **)cur;
-@@ -5816,8 +5817,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
+@@ -5821,8 +5822,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
if (IS_ERR(*pp))
*pp = NULL;
@@ -42003,7 +41988,7 @@ index 7ead065..832d24d 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 30a7b52..a8e0833 100644
+index ea8a181..4d3faed 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -47751,10 +47736,10 @@ index 21a045e..ec89e03 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index f6d2b62..d9aa1a4 100644
+index 5c6b5f5..475317d 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2632,7 +2632,7 @@ static int sd_probe(struct device *dev)
+@@ -2635,7 +2635,7 @@ static int sd_probe(struct device *dev)
device_initialize(&sdkp->dev);
sdkp->dev.parent = dev;
sdkp->dev.class = &sd_disk_class;
@@ -50312,7 +50297,7 @@ index 032e5a6..bc422e4 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 12f3a37..8802889 100644
+index 3807294..cc1fc93 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -25,6 +25,7 @@
@@ -50323,7 +50308,7 @@ index 12f3a37..8802889 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -3420,6 +3421,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -3440,6 +3441,9 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
return;
}
@@ -50432,7 +50417,7 @@ index 347bb05..63e1b73 100644
return 0;
}
diff --git a/drivers/usb/gadget/f_fs.c b/drivers/usb/gadget/f_fs.c
-index 0e641a1..49e6ac7 100644
+index c635c4c..dc91e75 100644
--- a/drivers/usb/gadget/f_fs.c
+++ b/drivers/usb/gadget/f_fs.c
@@ -1212,6 +1212,7 @@ static struct file_system_type ffs_fs_type = {
@@ -58277,7 +58262,7 @@ index f3358ab..fbb1d90 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index acf2baf..31c5131 100644
+index 6581ee7..96fd5e1 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = {
@@ -58307,7 +58292,7 @@ index acf2baf..31c5131 100644
"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
#ifdef CONFIG_QUOTA
-@@ -2469,7 +2473,7 @@ struct ext4_attr {
+@@ -2467,7 +2471,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
int offset;
@@ -58316,7 +58301,7 @@ index acf2baf..31c5131 100644
static int parse_strtoul(const char *buf,
unsigned long max, unsigned long *value)
-@@ -3175,7 +3179,6 @@ int ext4_calculate_overhead(struct super_block *sb)
+@@ -3174,7 +3178,6 @@ int ext4_calculate_overhead(struct super_block *sb)
ext4_fsblk_t overhead = 0;
char *buf = (char *) get_zeroed_page(GFP_KERNEL);
@@ -58324,7 +58309,7 @@ index acf2baf..31c5131 100644
if (!buf)
return -ENOMEM;
-@@ -5052,7 +5055,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb)
+@@ -5051,7 +5054,6 @@ static inline int ext2_feature_set_ok(struct super_block *sb)
return 0;
return 1;
}
@@ -58332,7 +58317,7 @@ index acf2baf..31c5131 100644
#else
static inline void register_as_ext2(void) { }
static inline void unregister_as_ext2(void) { }
-@@ -5085,7 +5087,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb)
+@@ -5084,7 +5086,6 @@ static inline int ext3_feature_set_ok(struct super_block *sb)
return 0;
return 1;
}
@@ -58340,7 +58325,7 @@ index acf2baf..31c5131 100644
#else
static inline void register_as_ext3(void) { }
static inline void unregister_as_ext3(void) { }
-@@ -5099,6 +5100,7 @@ static struct file_system_type ext4_fs_type = {
+@@ -5098,6 +5099,7 @@ static struct file_system_type ext4_fs_type = {
.kill_sb = kill_block_super,
.fs_flags = FS_REQUIRES_DEV,
};
@@ -60081,7 +60066,7 @@ index cf0098d..a849907 100644
if (!ret)
ret = -EPIPE;
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 06e2f73..e6c5fc8 100644
+index e13558c..56ca611 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1150,7 +1150,7 @@ static char *read_link(struct dentry *dentry)
@@ -60094,10 +60079,10 @@ index 06e2f73..e6c5fc8 100644
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
-index 912c250..f0aee59 100644
+index afc0f706..a5489ea 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
-@@ -1094,6 +1094,7 @@ static struct file_system_type fuse_fs_type = {
+@@ -1106,6 +1106,7 @@ static struct file_system_type fuse_fs_type = {
.mount = fuse_mount,
.kill_sb = fuse_kill_sb_anon,
};
@@ -60105,7 +60090,7 @@ index 912c250..f0aee59 100644
#ifdef CONFIG_BLOCK
static struct dentry *fuse_mount_blk(struct file_system_type *fs_type,
-@@ -1123,6 +1124,7 @@ static struct file_system_type fuseblk_fs_type = {
+@@ -1135,6 +1136,7 @@ static struct file_system_type fuseblk_fs_type = {
.kill_sb = fuse_kill_sb_blk,
.fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE,
};
@@ -61354,10 +61339,10 @@ index 1943898..396c460 100644
-
#endif /* CONFIG_NFS_V4 */
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index 315a1ba..aec2a5f 100644
+index eebccfe..a2ed0a1 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
-@@ -1048,7 +1048,7 @@ struct nfsd4_operation {
+@@ -1039,7 +1039,7 @@ struct nfsd4_operation {
char *op_name;
/* Try to get response size before operation */
nfsd4op_rsize op_rsize_bop;
@@ -61367,10 +61352,10 @@ index 315a1ba..aec2a5f 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index a7933dd..243e586 100644
+index 9d2c52b..c9d6c2aa 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
-@@ -1445,7 +1445,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
@@ -61379,7 +61364,7 @@ index a7933dd..243e586 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1485,7 +1485,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1496,7 +1496,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
[OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
};
@@ -61388,7 +61373,7 @@ index a7933dd..243e586 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1547,7 +1547,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1558,7 +1558,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
};
struct nfsd4_minorversion_ops {
@@ -77057,28 +77042,6 @@ index 73b0712..2e581af 100644
struct drm_connector_helper_funcs {
int (*get_modes)(struct drm_connector *connector);
-diff --git a/include/drm/drm_mem_util.h b/include/drm/drm_mem_util.h
-index 6bd325f..19a2404 100644
---- a/include/drm/drm_mem_util.h
-+++ b/include/drm/drm_mem_util.h
-@@ -31,7 +31,7 @@
-
- static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
- {
-- if (size != 0 && nmemb > ULONG_MAX / size)
-+ if (size != 0 && nmemb > SIZE_MAX / size)
- return NULL;
-
- if (size * nmemb <= PAGE_SIZE)
-@@ -44,7 +44,7 @@ static __inline__ void *drm_calloc_large(size_t nmemb, size_t size)
- /* Modeled after cairo's malloc_ab, it's like calloc but without the zeroing. */
- static __inline__ void *drm_malloc_ab(size_t nmemb, size_t size)
- {
-- if (size != 0 && nmemb > ULONG_MAX / size)
-+ if (size != 0 && nmemb > SIZE_MAX / size)
- return NULL;
-
- if (size * nmemb <= PAGE_SIZE)
diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h
index 26c1f78..6722682 100644
--- a/include/drm/ttm/ttm_memory.h
@@ -79417,10 +79380,10 @@ index 0000000..b02ba9d
+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..2a0fe35
+index 0000000..bc1de4cb
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,228 @@
+@@ -0,0 +1,231 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -79432,6 +79395,9 @@ index 0000000..2a0fe35
+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
+#endif
++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
++#endif
+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
+#endif
@@ -79978,18 +79944,10 @@ index 3875719..4663bc3 100644
/* This macro allows us to keep printk typechecking */
static __printf(1, 2)
diff --git a/include/linux/kernel.h b/include/linux/kernel.h
-index a70783d..bf1dd28 100644
+index 0b8ca35..bf1dd28 100644
--- a/include/linux/kernel.h
+++ b/include/linux/kernel.h
-@@ -34,6 +34,7 @@
- #define LLONG_MAX ((long long)(~0ULL>>1))
- #define LLONG_MIN (-LLONG_MAX - 1)
- #define ULLONG_MAX (~0ULL)
-+#define SIZE_MAX (~(size_t)0)
-
- #define STACK_MAGIC 0xdeadbeef
-
-@@ -696,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
+@@ -697,24 +697,30 @@ static inline void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) { }
* @condition: the condition which the compiler should know is false.
*
* If you have some code which relies on certain constants being equal, or
@@ -80165,10 +80123,10 @@ index f93d8c1..71244f6 100644
int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
diff --git a/include/linux/libata.h b/include/linux/libata.h
-index 375dfdf..7dca34f 100644
+index d773b21..95a0913 100644
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
-@@ -913,7 +913,7 @@ struct ata_port_operations {
+@@ -914,7 +914,7 @@ struct ata_port_operations {
* fields must be pointers.
*/
const struct ata_port_operations *inherits;
@@ -80226,10 +80184,10 @@ index 88e78de..c63979a 100644
} apparmor_audit_data;
#endif
diff --git a/include/linux/math64.h b/include/linux/math64.h
-index b8ba855..bfdffd0 100644
+index 2913b86..fa383945 100644
--- a/include/linux/math64.h
+++ b/include/linux/math64.h
-@@ -14,7 +14,7 @@
+@@ -15,7 +15,7 @@
* This is commonly provided by 32bit archs to provide an optimized 64bit
* divide.
*/
@@ -80238,7 +80196,7 @@ index b8ba855..bfdffd0 100644
{
*remainder = dividend % divisor;
return dividend / divisor;
-@@ -32,7 +32,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
+@@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
/**
* div64_u64 - unsigned 64bit divide with 64bit divisor
*/
@@ -80247,8 +80205,8 @@ index b8ba855..bfdffd0 100644
{
return dividend / divisor;
}
-@@ -50,7 +50,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
- #define div64_long(x,y) div_s64((x),(y))
+@@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
+ #define div64_ul(x, y) div_u64((x), (y))
#ifndef div_u64_rem
-static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
@@ -80256,7 +80214,7 @@ index b8ba855..bfdffd0 100644
{
*remainder = do_div(dividend, divisor);
return dividend;
-@@ -62,7 +62,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder);
+@@ -64,7 +64,7 @@ extern s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder);
#endif
#ifndef div64_u64
@@ -80265,7 +80223,7 @@ index b8ba855..bfdffd0 100644
#endif
#ifndef div64_s64
-@@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
+@@ -81,7 +81,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
* divide.
*/
#ifndef div_u64
@@ -82406,7 +82364,7 @@ index 92808b8..c28cac4 100644
/* shm_mode upper byte flags */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 40c2726..21dc3e2 100644
+index 1b4ea29..9347e29 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb);
@@ -82483,7 +82441,7 @@ index 40c2726..21dc3e2 100644
static inline void nf_reset_trace(struct sk_buff *skb)
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index a595dce..e710d26 100644
+index 67d5d94..51dd834 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
@@ -11,14 +11,29 @@
@@ -84484,10 +84442,10 @@ index 5d1a758..1dbf795 100644
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index 3152cc3..3b3394f 100644
+index 377ba61..1b6890c 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
-@@ -161,9 +161,9 @@ struct scsi_device {
+@@ -162,9 +162,9 @@ struct scsi_device {
unsigned int max_device_blocked; /* what device_blocked counts down from */
#define SCSI_DEFAULT_DEVICE_BLOCKED 3
@@ -91710,10 +91668,10 @@ index 73e416d..cfc6f69 100644
sys_tz = *tz;
update_vsyscall_tz();
diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
-index 0907e43..56a6a92 100644
+index eb198a3..45909ed 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
-@@ -773,7 +773,7 @@ static int __init alarmtimer_init(void)
+@@ -789,7 +789,7 @@ static int __init alarmtimer_init(void)
struct platform_device *pdev;
int error = 0;
int i;
@@ -92270,7 +92228,7 @@ index 648f25a..5971796 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index c5a12a7..4d94416 100644
+index 0c348a6..454324b 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2656,7 +2656,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
@@ -92282,7 +92240,7 @@ index c5a12a7..4d94416 100644
{
/* do nothing if flag is already set */
if (!!(trace_flags & mask) == !!enabled)
-@@ -4248,10 +4248,9 @@ static const struct file_operations tracing_dyn_info_fops = {
+@@ -4246,10 +4246,9 @@ static const struct file_operations tracing_dyn_info_fops = {
};
#endif
@@ -92294,7 +92252,7 @@ index c5a12a7..4d94416 100644
static int once;
if (d_tracer)
-@@ -4271,10 +4270,9 @@ struct dentry *tracing_init_dentry(void)
+@@ -4269,10 +4268,9 @@ struct dentry *tracing_init_dentry(void)
return d_tracer;
}
@@ -93952,7 +93910,7 @@ index ed0ed8a..cc835b97 100644
/* if an huge pmd materialized from under us just retry later */
if (unlikely(pmd_trans_huge(*pmd)))
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 6f886d9..7218ed0 100644
+index d2c43a2..2213df3 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2009,15 +2009,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -93997,7 +93955,7 @@ index 6f886d9..7218ed0 100644
if (ret)
goto out;
-@@ -2516,6 +2520,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2517,6 +2521,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -94025,7 +93983,7 @@ index 6f886d9..7218ed0 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
*/
-@@ -2618,6 +2643,11 @@ retry_avoidcopy:
+@@ -2619,6 +2644,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -94037,7 +93995,7 @@ index 6f886d9..7218ed0 100644
/* Make the old page be freed below */
new_page = old_page;
mmu_notifier_invalidate_range_end(mm,
-@@ -2769,6 +2799,10 @@ retry:
+@@ -2770,6 +2800,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -94048,7 +94006,7 @@ index 6f886d9..7218ed0 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2798,6 +2832,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2799,6 +2833,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -94059,7 +94017,7 @@ index 6f886d9..7218ed0 100644
ptep = huge_pte_offset(mm, address);
if (ptep) {
entry = huge_ptep_get(ptep);
-@@ -2809,6 +2847,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2810,6 +2848,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(h - hstates);
}
@@ -94099,7 +94057,7 @@ index 0c26b5e..1cc340f 100644
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
-index f3b2a00..5899e43 100644
+index cc8cf1d..677c52d 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq,
@@ -94111,7 +94069,7 @@ index f3b2a00..5899e43 100644
}
}
-@@ -1745,7 +1745,7 @@ static int __init kmemleak_late_init(void)
+@@ -1747,7 +1747,7 @@ static int __init kmemleak_late_init(void)
return -ENOMEM;
}
@@ -95040,7 +94998,7 @@ index 483e66505..32583a0 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 2b5bcc9..7d7a6c9 100644
+index c9f7e6f..45a779e 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -652,6 +652,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -97508,7 +97466,7 @@ index f3f6fd3..0d91a63 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index a78acf0..a31df98 100644
+index 1371021..c2094c7 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
@@ -97527,9 +97485,9 @@ index a78acf0..a31df98 100644
-#define SHORT_SYMLINK_LEN 128
+#define SHORT_SYMLINK_LEN 64
- struct shmem_xattr {
- struct list_head list; /* anchored by shmem_inode_info->xattr_list */
-@@ -1809,6 +1809,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+ /*
+ * vmtruncate_range() communicates with shmem_fault via
+@@ -1924,6 +1924,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -97541,7 +97499,7 @@ index a78acf0..a31df98 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -1862,6 +1867,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -1977,6 +1982,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
@@ -97557,7 +97515,7 @@ index a78acf0..a31df98 100644
if (size == 0)
value = ""; /* empty EA, do not remove */
-@@ -2195,8 +2209,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2310,8 +2324,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -98674,7 +98632,7 @@ index 136ac4f..f917fa9 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index eeba3bb..abb9ae6 100644
+index 1431458..3eef1a6 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -27,10 +27,67 @@
@@ -98845,7 +98803,7 @@ index eeba3bb..abb9ae6 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -1151,10 +1244,24 @@ void __init vmalloc_init(void)
+@@ -1157,10 +1250,24 @@ void __init vmalloc_init(void)
for_each_possible_cpu(i) {
struct vmap_block_queue *vbq;
@@ -98870,7 +98828,7 @@ index eeba3bb..abb9ae6 100644
}
/* Import existing vmlist entries. */
-@@ -1295,6 +1402,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1301,6 +1408,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
@@ -98887,7 +98845,7 @@ index eeba3bb..abb9ae6 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1469,7 +1586,7 @@ static void __vunmap(const void *addr, int deallocate_pages)
+@@ -1475,7 +1592,7 @@ static void __vunmap(const void *addr, int deallocate_pages)
kfree(area);
return;
}
@@ -98896,7 +98854,7 @@ index eeba3bb..abb9ae6 100644
/**
* vfree - release memory allocated by vmalloc()
* @addr: memory base address
-@@ -1478,15 +1595,26 @@ static void __vunmap(const void *addr, int deallocate_pages)
+@@ -1484,15 +1601,26 @@ static void __vunmap(const void *addr, int deallocate_pages)
* obtained from vmalloc(), vmalloc_32() or __vmalloc(). If @addr is
* NULL, no operation is performed.
*
@@ -98926,7 +98884,7 @@ index eeba3bb..abb9ae6 100644
}
EXPORT_SYMBOL(vfree);
-@@ -1503,10 +1631,28 @@ void vunmap(const void *addr)
+@@ -1509,10 +1637,28 @@ void vunmap(const void *addr)
{
BUG_ON(in_interrupt());
might_sleep();
@@ -98956,7 +98914,7 @@ index eeba3bb..abb9ae6 100644
/**
* vmap - map an array of pages into virtually contiguous space
* @pages: array of page pointers
-@@ -1527,6 +1673,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1533,6 +1679,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
@@ -98968,7 +98926,7 @@ index eeba3bb..abb9ae6 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1628,6 +1779,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1634,6 +1785,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
@@ -98982,7 +98940,7 @@ index eeba3bb..abb9ae6 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1801,10 +1959,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1807,10 +1965,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -98994,7 +98952,7 @@ index eeba3bb..abb9ae6 100644
-1, __builtin_return_address(0));
}
-@@ -2099,6 +2256,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2105,6 +2262,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -99003,7 +98961,7 @@ index eeba3bb..abb9ae6 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2351,8 +2510,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
+@@ -2357,8 +2516,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
return NULL;
}
@@ -99014,7 +98972,7 @@ index eeba3bb..abb9ae6 100644
if (!vas || !vms)
goto err_free;
-@@ -2536,11 +2695,15 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2542,11 +2701,15 @@ static int s_show(struct seq_file *m, void *p)
{
struct vm_struct *v = p;
@@ -100720,7 +100678,7 @@ index 80aeac9..b08d0a8 100644
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 7beaf10..3c8226d 100644
+index 0900a17..f3fb6aa 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -57,7 +57,7 @@ struct rtnl_link {
@@ -101075,21 +101033,6 @@ index d50a13c..1f612ff 100644
return -EFAULT;
*lenp = len;
-diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
-index c32be29..2022b46 100644
---- a/net/dns_resolver/dns_query.c
-+++ b/net/dns_resolver/dns_query.c
-@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
- if (!*_result)
- goto put;
-
-- memcpy(*_result, upayload->data, len + 1);
-+ memcpy(*_result, upayload->data, len);
-+ (*_result)[len] = '\0';
-+
- if (_expiry)
- *_expiry = rkey->expiry;
-
diff --git a/net/econet/Kconfig b/net/econet/Kconfig
index 39a2d29..f39c0fe 100644
--- a/net/econet/Kconfig
@@ -101737,41 +101680,6 @@ index a639967..8f44480 100644
if (!clusterip_procdir) {
pr_err("Unable to proc dir entry\n");
ret = -ENOMEM;
-diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
-index b550815..c3b44d5 100644
---- a/net/ipv4/netfilter/ipt_ULOG.c
-+++ b/net/ipv4/netfilter/ipt_ULOG.c
-@@ -202,6 +202,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
- ub->qlen++;
-
- pm = NLMSG_DATA(nlh);
-+ memset(pm, 0, sizeof(*pm));
-
- /* We might not have a timestamp, get one */
- if (skb->tstamp.tv64 == 0)
-@@ -218,8 +219,6 @@ static void ipt_ulog_packet(unsigned int hooknum,
- strncpy(pm->prefix, prefix, sizeof(pm->prefix));
- else if (loginfo->prefix[0] != '\0')
- strncpy(pm->prefix, loginfo->prefix, sizeof(pm->prefix));
-- else
-- *(pm->prefix) = '\0';
-
- if (in && in->hard_header_len > 0 &&
- skb->mac_header != skb->network_header &&
-@@ -231,13 +230,9 @@ static void ipt_ulog_packet(unsigned int hooknum,
-
- if (in)
- strncpy(pm->indev_name, in->name, sizeof(pm->indev_name));
-- else
-- pm->indev_name[0] = '\0';
-
- if (out)
- strncpy(pm->outdev_name, out->name, sizeof(pm->outdev_name));
-- else
-- pm->outdev_name[0] = '\0';
-
- /* copy_len <= skb->len, so can't fail. */
- if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
index d495d4b..c95851f 100644
--- a/net/ipv4/ping.c
@@ -102231,7 +102139,7 @@ index 739b073..7ac6591 100644
hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index c1ed01e..bb914c3 100644
+index afe6886..297e5fb 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4739,7 +4739,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
@@ -102773,10 +102681,10 @@ index 1567fb1..29af910 100644
dst = NULL;
}
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 14753d3..0a31044 100644
+index 064b5c9..bd9ff9d 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -611,7 +611,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
+@@ -600,7 +600,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
{
@@ -102785,7 +102693,7 @@ index 14753d3..0a31044 100644
int ident;
if (rt && !(rt->dst.flags & DST_NOPEER)) {
-@@ -625,7 +625,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
+@@ -614,7 +614,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
return;
}
}
@@ -103613,28 +103521,6 @@ index 93a41a0..d4b4edb 100644
NLA_PUT_U32(skb, L2TP_ATTR_CONN_ID, tunnel->tunnel_id);
NLA_PUT_U32(skb, L2TP_ATTR_SESSION_ID, session->session_id);
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index e0f0934..437fb59 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname,
- int err;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (optlen < sizeof(int))
- return -EINVAL;
-@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level,
- struct pppol2tp_session *ps;
-
- if (level != SOL_PPPOL2TP)
-- return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-+ return -EINVAL;
-
- if (get_user(len, (int __user *) optlen))
- return -EFAULT;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index a1839c0..4e06b9b 100644
--- a/net/llc/llc_proc.c
@@ -103936,7 +103822,7 @@ index 6dc7d7d..e45913a 100644
if ((ipvs->sync_state & IP_VS_STATE_MASTER) &&
cp->protocol == IPPROTO_SCTP) {
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index 72f4253..c9a3f57 100644
+index 93acfa1..e846c43 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
@@ -105500,26 +105386,6 @@ index 8da4481..d02565e 100644
tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha)
+ (rtt >> sctp_rto_alpha);
} else {
-diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
-index 8a84017..d4faa70 100644
---- a/net/sctp/ulpevent.c
-+++ b/net/sctp/ulpevent.c
-@@ -418,6 +418,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
- * sre_type:
- * It should be SCTP_REMOTE_ERROR.
- */
-+ memset(sre, 0, sizeof(*sre));
- sre->sre_type = SCTP_REMOTE_ERROR;
-
- /*
-@@ -921,6 +922,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
- * For recvmsg() the SCTP stack places the message's stream number in
- * this value.
- */
-+ memset(&sinfo, 0, sizeof(sinfo));
- sinfo.sinfo_stream = event->stream;
- /* sinfo_ssn: 16 bits (unsigned integer)
- *
diff --git a/net/socket.c b/net/socket.c
index 3faa358..3d43f20 100644
--- a/net/socket.c
diff --git a/3.2.61/4425_grsec_remove_EI_PAX.patch b/3.2.62/4425_grsec_remove_EI_PAX.patch
similarity index 100%
rename from 3.2.61/4425_grsec_remove_EI_PAX.patch
rename to 3.2.62/4425_grsec_remove_EI_PAX.patch
diff --git a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch
similarity index 95%
rename from 3.2.61/4427_force_XATTR_PAX_tmpfs.patch
rename to 3.2.62/4427_force_XATTR_PAX_tmpfs.patch
index 8c7a533..a5527a5 100644
--- a/3.2.61/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.2.62/4427_force_XATTR_PAX_tmpfs.patch
@@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge.
diff -Naur a/mm/shmem.c b/mm/shmem.c
--- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400
+++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400
-@@ -1809,11 +1809,7 @@
+@@ -1924,11 +1924,7 @@
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -1867,14 +1863,12 @@
+@@ -1982,14 +1978,12 @@
if (err)
return err;
diff --git a/3.2.61/4430_grsec-remove-localversion-grsec.patch b/3.2.62/4430_grsec-remove-localversion-grsec.patch
similarity index 100%
rename from 3.2.61/4430_grsec-remove-localversion-grsec.patch
rename to 3.2.62/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.2.61/4435_grsec-mute-warnings.patch b/3.2.62/4435_grsec-mute-warnings.patch
similarity index 100%
rename from 3.2.61/4435_grsec-mute-warnings.patch
rename to 3.2.62/4435_grsec-mute-warnings.patch
diff --git a/3.2.61/4440_grsec-remove-protected-paths.patch b/3.2.62/4440_grsec-remove-protected-paths.patch
similarity index 100%
rename from 3.2.61/4440_grsec-remove-protected-paths.patch
rename to 3.2.62/4440_grsec-remove-protected-paths.patch
diff --git a/3.2.61/4450_grsec-kconfig-default-gids.patch b/3.2.62/4450_grsec-kconfig-default-gids.patch
similarity index 100%
rename from 3.2.61/4450_grsec-kconfig-default-gids.patch
rename to 3.2.62/4450_grsec-kconfig-default-gids.patch
diff --git a/3.2.61/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
similarity index 100%
rename from 3.2.61/4465_selinux-avc_audit-log-curr_ip.patch
rename to 3.2.62/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.2.61/4470_disable-compat_vdso.patch b/3.2.62/4470_disable-compat_vdso.patch
similarity index 98%
rename from 3.2.61/4470_disable-compat_vdso.patch
rename to 3.2.62/4470_disable-compat_vdso.patch
index f6eb9f7..0aedd26 100644
--- a/3.2.61/4470_disable-compat_vdso.patch
+++ b/3.2.62/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -1654,17 +1654,8 @@
+@@ -1655,17 +1655,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/3.2.61/4475_emutramp_default_on.patch b/3.2.62/4475_emutramp_default_on.patch
similarity index 100%
rename from 3.2.61/4475_emutramp_default_on.patch
rename to 3.2.62/4475_emutramp_default_on.patch
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-19 14:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-08-19 14:07 [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.16/, 3.2.62/, 3.15.9/, 3.15.8/, 3.14.15/, 3.2.61/ Anthony G. Basile
2014-08-11 22:35 ` Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox