diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-10-20 15:02:00 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-10-20 15:02:00 -0400 |
| commit | 7cd96027458ad8b9d968e28798df380d38f0f1c2 (patch) | |
| tree | 76be4a4ce18b7ff0edd812a7f05bb1195eb3ff03 | |
| parent | Grsec/PaX: 3.0-{3.2.63,3.14.21,3.16.5}-201410132000 (diff) | |
| download | hardened-patchset-7cd96027458ad8b9d968e28798df380d38f0f1c2.tar.gz hardened-patchset-7cd96027458ad8b9d968e28798df380d38f0f1c2.tar.bz2 hardened-patchset-7cd96027458ad8b9d968e28798df380d38f0f1c2.zip | |
Grsec/PaX: 3.0-{3.2.63,3.14.22,3.17.1}-20141019205120141019
| -rw-r--r-- | 3.14.22/0000_README (renamed from 3.14.21/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch (renamed from 3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch) | 779 | ||||
| -rw-r--r-- | 3.14.22/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.21/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.22/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.21/4427_force_XATTR_PAX_tmpfs.patch) | 4 | ||||
| -rw-r--r-- | 3.14.22/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.21/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.22/4435_grsec-mute-warnings.patch (renamed from 3.14.21/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.22/4440_grsec-remove-protected-paths.patch (renamed from 3.14.21/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.22/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.21/4450_grsec-kconfig-default-gids.patch) | 6 | ||||
| -rw-r--r-- | 3.14.22/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.16.5/4465_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
| -rw-r--r-- | 3.14.22/4470_disable-compat_vdso.patch (renamed from 3.14.21/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.22/4475_emutramp_default_on.patch (renamed from 3.14.21/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/0000_README (renamed from 3.16.5/0000_README) | 2 | ||||
| -rw-r--r-- | 3.17.1/4420_grsecurity-3.0-3.17.1-201410192051.patch (renamed from 3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch) | 16540 | ||||
| -rw-r--r-- | 3.17.1/4425_grsec_remove_EI_PAX.patch (renamed from 3.16.5/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.16.5/4427_force_XATTR_PAX_tmpfs.patch) | 4 | ||||
| -rw-r--r-- | 3.17.1/4430_grsec-remove-localversion-grsec.patch (renamed from 3.16.5/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/4435_grsec-mute-warnings.patch (renamed from 3.16.5/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/4440_grsec-remove-protected-paths.patch (renamed from 3.16.5/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/4450_grsec-kconfig-default-gids.patch (renamed from 3.16.5/4450_grsec-kconfig-default-gids.patch) | 6 | ||||
| -rw-r--r-- | 3.17.1/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.21/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.17.1/4470_disable-compat_vdso.patch (renamed from 3.16.5/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.17.1/4475_emutramp_default_on.patch (renamed from 3.16.5/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.63/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch (renamed from 3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch) | 224 | ||||
| -rw-r--r-- | 3.2.63/4427_force_XATTR_PAX_tmpfs.patch | 4 | ||||
| -rw-r--r-- | 3.2.63/4450_grsec-kconfig-default-gids.patch | 6 | ||||
| -rw-r--r-- | 3.2.63/4465_selinux-avc_audit-log-curr_ip.patch | 2 |
27 files changed, 5267 insertions, 12318 deletions
diff --git a/3.14.21/0000_README b/3.14.22/0000_README index 485a73e..9652232 100644 --- a/3.14.21/0000_README +++ b/3.14.22/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.21-201410131959.patch +Patch: 4420_grsecurity-3.0-3.14.22-201410192047.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch b/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch index 61e17cf..8d0df77 100644 --- a/3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch +++ b/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 41e6e19..abeca4e 100644 +index a59980e..46601e4 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -10053,19 +10053,22 @@ index 96efa7a..16858bf 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a5f01ac..703b554 100644 +index a5f01ac..a8811dd 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,6 +63,8 @@ struct thread_info { +@@ -63,7 +63,10 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; +- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + - unsigned long fpregs[0] __attribute__ ((aligned(64))); ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] ++ __attribute__ ((aligned(64))); }; -@@ -188,12 +190,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #endif /* !(__ASSEMBLY__) */ +@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ /* flag bit 4 is available */ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ @@ -10080,7 +10083,7 @@ index a5f01ac..703b554 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -213,12 +216,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -16579,10 +16582,22 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 9c999c1..3860cb8 100644 +index 9c999c1..5718a82 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h -@@ -243,7 +243,25 @@ extern int force_personality32; +@@ -155,8 +155,9 @@ do { \ + #define elf_check_arch(x) \ + ((x)->e_machine == EM_X86_64) + +-#define compat_elf_check_arch(x) \ +- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) ++#define compat_elf_check_arch(x) \ ++ (elf_check_arch_ia32(x) || \ ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + + #if __USER32_DS != __USER_DS + # error "The following code assumes __USER32_DS == __USER_DS" +@@ -243,7 +244,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -16608,7 +16623,7 @@ index 9c999c1..3860cb8 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -296,16 +314,12 @@ do { \ +@@ -296,16 +315,12 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -16627,7 +16642,7 @@ index 9c999c1..3860cb8 100644 } while (0) #define AT_SYSINFO 32 -@@ -320,7 +334,7 @@ else \ +@@ -320,7 +335,7 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -16636,7 +16651,7 @@ index 9c999c1..3860cb8 100644 #define VDSO_ENTRY \ ((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall)) -@@ -336,9 +350,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, +@@ -336,9 +351,6 @@ extern int x32_setup_additional_pages(struct linux_binprm *bprm, extern int syscall32_setup_pages(struct linux_binprm *, int exstack); #define compat_arch_setup_additional_pages syscall32_setup_pages @@ -28545,10 +28560,18 @@ index 2de1bc0..22251ee 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3927528..fc19971 100644 +index 3927528..cd7f2ac 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1320,12 +1320,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -441,6 +441,7 @@ struct vcpu_vmx { + #endif + int gs_ldt_reload_needed; + int fs_reload_needed; ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */ + } host_state; + struct { + int vm86_active; +@@ -1320,12 +1321,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -28563,7 +28586,7 @@ index 3927528..fc19971 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1585,7 +1585,11 @@ static void reload_tss(void) +@@ -1585,7 +1586,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -28575,7 +28598,7 @@ index 3927528..fc19971 100644 load_TR_desc(); } -@@ -1809,6 +1813,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1809,6 +1814,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -28586,7 +28609,7 @@ index 3927528..fc19971 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2098,7 +2106,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2098,7 +2107,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -28595,7 +28618,7 @@ index 3927528..fc19971 100644 { u64 host_tsc, tsc_offset; -@@ -3024,8 +3032,11 @@ static __init int hardware_setup(void) +@@ -3024,8 +3033,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -28609,7 +28632,7 @@ index 3927528..fc19971 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3036,13 +3047,15 @@ static __init int hardware_setup(void) +@@ -3036,13 +3048,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -28629,18 +28652,26 @@ index 3927528..fc19971 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4165,7 +4178,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4162,10 +4176,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + u32 low32, high32; + unsigned long tmpl; + struct desc_ptr dt; ++ unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ -+ +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif ++ ++ /* Save the most likely value for this task's CR4 in the VMCS. */ ++ cr4 = read_cr4(); ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ ++ vmx->host_state.vmcs_host_cr4 = cr4; vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -4187,7 +4203,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4187,7 +4208,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -28649,7 +28680,29 @@ index 3927528..fc19971 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7265,6 +7281,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7186,7 +7207,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +- unsigned long debugctlmsr; ++ unsigned long debugctlmsr, cr4; + + /* Record the guest's net vcpu time for enforced NMI injections. */ + if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) +@@ -7207,6 +7228,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); + ++ cr4 = read_cr4(); ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { ++ vmcs_writel(HOST_CR4, cr4); ++ vmx->host_state.vmcs_host_cr4 = cr4; ++ } ++ + /* When single-stepping over STI and MOV SS, we must clear the + * corresponding interruptibility bits in the guest state. Otherwise + * vmentry fails as it then expects bit 14 (BS) in pending debug +@@ -7265,6 +7292,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -28662,7 +28715,7 @@ index 3927528..fc19971 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7317,6 +7339,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7317,6 +7350,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -28674,7 +28727,7 @@ index 3927528..fc19971 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7330,7 +7357,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7330,7 +7368,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -28683,7 +28736,7 @@ index 3927528..fc19971 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7339,8 +7366,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7339,8 +7377,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -47092,6 +47145,26 @@ index 13f9636..228040f 100644 }; static void bna_attr_init(struct bna_ioceth *ioceth) +diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c +index 669eeb4..1566ef0 100644 +--- a/drivers/net/ethernet/brocade/bna/bnad.c ++++ b/drivers/net/ethernet/brocade/bna/bnad.c +@@ -552,6 +552,7 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + len = (vec == nvecs) ? + last_fraglen : unmap->vector.len; ++ skb->truesize += unmap->vector.len; + totlen += len; + + skb_fill_page_desc(skb, skb_shinfo(skb)->nr_frags, +@@ -563,7 +564,6 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + skb->len += totlen; + skb->data_len += totlen; +- skb->truesize += totlen; + } + + static inline void diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -47205,6 +47278,20 @@ index 5184e2a..acb28c3 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index dff0977..6df4b1d 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -1270,6 +1270,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) + struct ixgbe_hw *hw = &adapter->hw; + u32 regval; + ++ if (vf >= adapter->num_vfs) ++ return -EINVAL; ++ + adapter->vfinfo[vf].spoofchk_enabled = setting; + + regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index 089b713..28d87ae 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -47397,10 +47484,10 @@ index bf0d55e..82bcfbd1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index 7f1abb7..6434b33 100644 +index fbf7dcd..ad71499 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -992,13 +992,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -993,13 +993,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -47423,7 +47510,7 @@ index 7f1abb7..6434b33 100644 return rtnl_link_register(ops); }; -@@ -1052,7 +1054,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1053,7 +1055,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47433,10 +47520,10 @@ index 7f1abb7..6434b33 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 3381c4f..dea5fd5 100644 +index 0c6adaa..0784e3f 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -47445,7 +47532,7 @@ index 3381c4f..dea5fd5 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -47455,9 +47542,18 @@ index 3381c4f..dea5fd5 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 72ff14b..11d442d 100644 +index 72ff14b..e860630 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c +@@ -601,7 +601,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + if (file == ppp->owner) + ppp_shutdown_interface(ppp); + } +- if (atomic_long_read(&file->f_count) <= 2) { ++ if (atomic_long_read(&file->f_count) < 2) { + ppp_release(NULL, file); + err = 0; + } else @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -47490,7 +47586,7 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 26d8c29..bbc6837 100644 +index 979fe43..1f1230c 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c @@ -2874,7 +2874,7 @@ static int team_device_event(struct notifier_block *unused, @@ -47665,9 +47761,58 @@ index 841b608..198a8b7 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 40ad25d..8703023 100644 +index 9b40532..e3294ac 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c +@@ -1447,9 +1447,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) + if (!in6_dev) + goto out; + +- if (!pskb_may_pull(skb, skb->len)) +- goto out; +- + iphdr = ipv6_hdr(skb); + saddr = &iphdr->saddr; + daddr = &iphdr->daddr; +@@ -1770,6 +1767,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + struct pcpu_sw_netstats *tx_stats, *rx_stats; + union vxlan_addr loopback; + union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; ++ struct net_device *dev = skb->dev; ++ int len = skb->len; + + tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); + rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); +@@ -1793,16 +1792,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + + u64_stats_update_begin(&tx_stats->syncp); + tx_stats->tx_packets++; +- tx_stats->tx_bytes += skb->len; ++ tx_stats->tx_bytes += len; + u64_stats_update_end(&tx_stats->syncp); + + if (netif_rx(skb) == NET_RX_SUCCESS) { + u64_stats_update_begin(&rx_stats->syncp); + rx_stats->rx_packets++; +- rx_stats->rx_bytes += skb->len; ++ rx_stats->rx_bytes += len; + u64_stats_update_end(&rx_stats->syncp); + } else { +- skb->dev->stats.rx_dropped++; ++ dev->stats.rx_dropped++; + } + } + +@@ -1977,7 +1976,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + return arp_reduce(dev, skb); + #if IS_ENABLED(CONFIG_IPV6) + else if (ntohs(eth->h_proto) == ETH_P_IPV6 && +- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && ++ pskb_may_pull(skb, sizeof(struct ipv6hdr) ++ + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *msg; + @@ -2846,7 +2846,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -53193,7 +53338,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 263612c..dbc0f3d 100644 +index 445d62a..e0657a3 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -53204,7 +53349,7 @@ index 263612c..dbc0f3d 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4551,6 +4552,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -58523,10 +58668,22 @@ index ff286f3..8153a14 100644 .attrs = attrs, }; diff --git a/fs/buffer.c b/fs/buffer.c -index 71e2d0e..8673b7b 100644 +index 71e2d0e..7e40912 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3430,7 +3430,7 @@ void __init buffer_init(void) +@@ -2313,6 +2313,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, + err = 0; + + balance_dirty_pages_ratelimited(mapping); ++ ++ if (unlikely(fatal_signal_pending(current))) { ++ err = -EINTR; ++ goto out; ++ } + } + + /* page covers the boundary, find the boundary offset */ +@@ -3430,7 +3435,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -58725,6 +58882,19 @@ index 5e0982a..ca18377 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c +index dc66c9e..5fa0c34 100644 +--- a/fs/ceph/ioctl.c ++++ b/fs/ceph/ioctl.c +@@ -42,7 +42,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc, + /* validate striping parameters */ + if ((l->object_size & ~PAGE_MASK) || + (l->stripe_unit & ~PAGE_MASK) || +- (l->stripe_unit != 0 && ++ ((unsigned)l->stripe_unit != 0 && + ((unsigned)l->object_size % (unsigned)l->stripe_unit))) + return -EINVAL; + diff --git a/fs/ceph/super.c b/fs/ceph/super.c index 10a4ccb..92dbc5e 100644 --- a/fs/ceph/super.c @@ -63478,7 +63648,7 @@ index dd2f2c5..27e6c48 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 75536db..5cda729 100644 +index 75536db..7ec079e 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -63596,7 +63766,17 @@ index 75536db..5cda729 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2829,6 +2853,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, + /* make sure we can reach put_old from new_root */ + if (!is_path_reachable(old_mnt, old.dentry, &new)) + goto out4; ++ /* make certain new is below the root */ ++ if (!is_path_reachable(new_mnt, new.dentry, &root)) ++ goto out4; + root_mp->m_count++; /* pin it so it won't go away */ + lock_mount_hash(); + detach_mnt(new_mnt, &parent_path); +@@ -3060,7 +3087,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -63862,6 +64042,23 @@ index 287a22c..4e56e4e 100644 group->fanotify_data.f_flags = event_f_flags; #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS oevent->response = 0; +diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c +index 43ab1e1..9c8187e 100644 +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -165,8 +165,10 @@ static void inotify_free_group_priv(struct fsnotify_group *group) + /* ideally the idr is empty and we won't hit the BUG in the callback */ + idr_for_each(&group->inotify_data.idr, idr_callback, group); + idr_destroy(&group->inotify_data.idr); +- atomic_dec(&group->inotify_data.user->inotify_devs); +- free_uid(group->inotify_data.user); ++ if (group->inotify_data.user) { ++ atomic_dec(&group->inotify_data.user->inotify_devs); ++ free_uid(group->inotify_data.user); ++ } + } + + static void inotify_free_event(struct fsnotify_event *fsn_event) diff --git a/fs/notify/notification.c b/fs/notify/notification.c index 1e58402..bb2d6f4 100644 --- a/fs/notify/notification.c @@ -66722,6 +66919,19 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; +diff --git a/fs/super.c b/fs/super.c +index 7624267..88a6bc6 100644 +--- a/fs/super.c ++++ b/fs/super.c +@@ -81,6 +81,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, + inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); + dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); + total_objects = dentries + inodes + fs_objects + 1; ++ if (!total_objects) ++ total_objects = 1; + + /* proportion the scan between the caches */ + dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index ee0d761..b346c58 100644 --- a/fs/sysfs/dir.c @@ -83856,7 +84066,7 @@ index 1e2cd2e..0288750 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 15ede6a..80161c3 100644 +index ad8f859..e93b2e4 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -662,7 +662,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -83895,7 +84105,7 @@ index 15ede6a..80161c3 100644 struct iovec *to, int size); int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen, struct iovec *iov); -@@ -2721,6 +2721,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2722,6 +2722,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -84970,13 +85180,13 @@ index 734d9b5..48a9a4b 100644 return; } diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index c55aeed..b3393f4 100644 +index cf92728..9236ee6 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h -@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { - void (*addr2sockaddr)(struct sock *sk, struct sockaddr *); +@@ -63,7 +63,7 @@ struct inet_connection_sock_af_ops { int (*bind_conflict)(const struct sock *sk, const struct inet_bind_bucket *tb, bool relax); + void (*mtu_reduced)(struct sock *sk); -}; +} __do_const; @@ -85467,7 +85677,7 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 2f7bc43..530dadc 100644 +index f66b2b1..5233aa0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -348,7 +348,7 @@ struct sock { @@ -85479,7 +85689,7 @@ index 2f7bc43..530dadc 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1036,7 +1036,7 @@ struct proto { +@@ -1035,7 +1035,7 @@ struct proto { void (*destroy_cgroup)(struct mem_cgroup *memcg); struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); #endif @@ -85488,7 +85698,7 @@ index 2f7bc43..530dadc 100644 /* * Bits in struct cg_proto.flags -@@ -1223,7 +1223,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) +@@ -1222,7 +1222,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -85497,7 +85707,7 @@ index 2f7bc43..530dadc 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1368,7 +1368,7 @@ struct sock_iocb { +@@ -1367,7 +1367,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -85506,7 +85716,7 @@ index 2f7bc43..530dadc 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1829,7 +1829,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -85515,7 +85725,7 @@ index 2f7bc43..530dadc 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2092,7 +2092,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2091,7 +2091,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -85525,10 +85735,10 @@ index 2f7bc43..530dadc 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 743acce..44a58b0 100644 +index 1f0d847..613237a 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -541,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -542,7 +542,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -85537,7 +85747,7 @@ index 743acce..44a58b0 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -710,8 +710,8 @@ struct tcp_skb_cb { +@@ -711,8 +711,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -85548,7 +85758,7 @@ index 743acce..44a58b0 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -725,7 +725,7 @@ struct tcp_skb_cb { +@@ -728,7 +728,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -88247,7 +88457,7 @@ index e2c6853..9a6397e 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 0b0dc02..4730710 100644 +index 0b0dc02..5f3eb62 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -88276,7 +88486,16 @@ index 0b0dc02..4730710 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -380,6 +381,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -329,6 +330,8 @@ static void get_futex_key_refs(union futex_key *key) + case FUT_OFF_MMSHARED: + futex_get_mm(key); /* implies MB (B) */ + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + +@@ -380,6 +383,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -88288,7 +88507,7 @@ index 0b0dc02..4730710 100644 /* * The futex address must be "naturally" aligned. */ -@@ -579,7 +585,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -579,7 +587,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -88297,7 +88516,7 @@ index 0b0dc02..4730710 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -3020,6 +3026,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -3020,6 +3028,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -88305,7 +88524,7 @@ index 0b0dc02..4730710 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3031,8 +3038,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3031,8 +3040,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -89108,7 +89327,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 6716a1f..9ddc1e1 100644 +index 6716a1f..acc7443 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -89303,7 +89522,17 @@ index 6716a1f..9ddc1e1 100644 set_memory_ro); } } -@@ -1862,16 +1881,19 @@ static void free_module(struct module *mod) +@@ -1841,7 +1860,9 @@ static void free_module(struct module *mod) + + /* We leave it in list to prevent duplicate loads, but make sure + * that noone uses it while it's being deconstructed. */ ++ mutex_lock(&module_mutex); + mod->state = MODULE_STATE_UNFORMED; ++ mutex_unlock(&module_mutex); + + /* Remove dynamic debug info */ + ddebug_remove_module(mod->name); +@@ -1862,16 +1883,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -89326,7 +89555,7 @@ index 6716a1f..9ddc1e1 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1940,9 +1962,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1940,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -89358,7 +89587,7 @@ index 6716a1f..9ddc1e1 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1963,7 +2007,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1963,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -89368,7 +89597,7 @@ index 6716a1f..9ddc1e1 100644 break; } -@@ -1982,11 +2028,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -89389,7 +89618,7 @@ index 6716a1f..9ddc1e1 100644 return ret; } -@@ -2070,22 +2125,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2070,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -89416,7 +89645,7 @@ index 6716a1f..9ddc1e1 100644 } pr_debug("Init section allocation order:\n"); -@@ -2099,23 +2144,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2099,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -89445,7 +89674,7 @@ index 6716a1f..9ddc1e1 100644 } } -@@ -2288,7 +2323,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2288,7 +2325,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -89454,7 +89683,7 @@ index 6716a1f..9ddc1e1 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2305,13 +2340,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2305,13 +2342,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -89472,7 +89701,7 @@ index 6716a1f..9ddc1e1 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2329,12 +2364,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2329,12 +2366,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -89489,7 +89718,7 @@ index 6716a1f..9ddc1e1 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2346,6 +2383,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2346,6 +2385,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -89498,7 +89727,7 @@ index 6716a1f..9ddc1e1 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2379,17 +2418,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2379,17 +2420,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -89537,7 +89766,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2646,7 +2701,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2646,7 +2703,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -89553,7 +89782,7 @@ index 6716a1f..9ddc1e1 100644 return ERR_PTR(-ENOEXEC); } -@@ -2662,8 +2725,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2662,8 +2727,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -89568,7 +89797,7 @@ index 6716a1f..9ddc1e1 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2688,7 +2757,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2688,7 +2759,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -89577,7 +89806,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } -@@ -2782,7 +2851,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2782,7 +2853,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -89586,7 +89815,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2792,11 +2861,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2792,11 +2863,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -89602,7 +89831,7 @@ index 6716a1f..9ddc1e1 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2805,13 +2874,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2805,13 +2876,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -89652,7 +89881,7 @@ index 6716a1f..9ddc1e1 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2822,16 +2923,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2822,16 +2925,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -89705,7 +89934,7 @@ index 6716a1f..9ddc1e1 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2888,12 +3018,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2888,12 +3020,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -89724,7 +89953,7 @@ index 6716a1f..9ddc1e1 100644 set_fs(old_fs); } -@@ -2950,8 +3080,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2950,8 +3082,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -89737,7 +89966,7 @@ index 6716a1f..9ddc1e1 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2964,7 +3096,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2964,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -89747,7 +89976,7 @@ index 6716a1f..9ddc1e1 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3018,16 +3152,16 @@ static int do_init_module(struct module *mod) +@@ -3018,16 +3154,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -89772,7 +90001,7 @@ index 6716a1f..9ddc1e1 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3088,11 +3222,12 @@ static int do_init_module(struct module *mod) +@@ -3088,11 +3224,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -89790,7 +90019,7 @@ index 6716a1f..9ddc1e1 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3235,9 +3370,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3235,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -89829,7 +90058,7 @@ index 6716a1f..9ddc1e1 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3253,13 +3417,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3253,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -89843,7 +90072,7 @@ index 6716a1f..9ddc1e1 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3297,11 +3454,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3297,11 +3456,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -89856,7 +90085,7 @@ index 6716a1f..9ddc1e1 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3384,10 +3540,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3384,10 +3542,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -89876,7 +90105,7 @@ index 6716a1f..9ddc1e1 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3638,7 +3800,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3638,7 +3802,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -89885,7 +90114,7 @@ index 6716a1f..9ddc1e1 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3647,7 +3809,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3647,7 +3811,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -89894,7 +90123,7 @@ index 6716a1f..9ddc1e1 100644 /* Taints info */ if (mod->taints) -@@ -3683,7 +3845,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3683,7 +3847,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -89912,7 +90141,7 @@ index 6716a1f..9ddc1e1 100644 return 0; } module_init(proc_modules_init); -@@ -3744,14 +3916,14 @@ struct module *__module_address(unsigned long addr) +@@ -3744,14 +3918,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -89930,7 +90159,7 @@ index 6716a1f..9ddc1e1 100644 return mod; } return NULL; -@@ -3786,11 +3958,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3786,11 +3960,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -99711,7 +99940,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 37bddf7..c78c480 100644 +index 3ed11a5..c177c8f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -100065,7 +100294,7 @@ index 7c8ffd9..0cb3687 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index df9e6b1..6e68e4e 100644 +index 723fa7d..81bd037 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -100100,7 +100329,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index aef1500..4b61acd 100644 +index b0db904..70b5ea2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -100179,10 +100408,47 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 8f6391b..40bc442 100644 +index baf6fc4..783639a 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -360,18 +360,29 @@ refill: + goto end; + } + nc->frag.size = PAGE_SIZE << order; +-recycle: +- atomic_set(&nc->frag.page->_count, NETDEV_PAGECNT_MAX_BIAS); ++ /* Even if we own the page, we do not use atomic_set(). ++ * This would break get_page_unless_zero() users. ++ */ ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - 1, ++ &nc->frag.page->_count); + nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; + nc->frag.offset = 0; + } + + if (nc->frag.offset + fragsz > nc->frag.size) { +- /* avoid unnecessary locked operations if possible */ +- if ((atomic_read(&nc->frag.page->_count) == nc->pagecnt_bias) || +- atomic_sub_and_test(nc->pagecnt_bias, &nc->frag.page->_count)) +- goto recycle; +- goto refill; ++ if (atomic_read(&nc->frag.page->_count) != nc->pagecnt_bias) { ++ if (!atomic_sub_and_test(nc->pagecnt_bias, ++ &nc->frag.page->_count)) ++ goto refill; ++ /* OK, page count is 0, we can safely set it */ ++ atomic_set(&nc->frag.page->_count, ++ NETDEV_PAGECNT_MAX_BIAS); ++ } else { ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - nc->pagecnt_bias, ++ &nc->frag.page->_count); ++ } ++ nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; ++ nc->frag.offset = 0; + } + + data = page_address(nc->frag.page) + nc->frag.offset; +@@ -2004,7 +2015,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -100191,7 +100457,7 @@ index 8f6391b..40bc442 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3221,13 +3221,15 @@ void __init skb_init(void) +@@ -3225,13 +3236,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -100210,7 +100476,7 @@ index 8f6391b..40bc442 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index c806956..e5599ea 100644 +index c806956..b63d825 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -100297,7 +100563,16 @@ index c806956..e5599ea 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -1731,6 +1731,8 @@ EXPORT_SYMBOL(sock_kmalloc); + */ + void sock_kfree_s(struct sock *sk, void *mem, int size) + { ++ if (WARN_ON_ONCE(!mem)) ++ return; + kfree(mem); + atomic_sub(size, &sk->sk_omem_alloc); + } +@@ -2375,7 +2377,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -100306,7 +100581,7 @@ index c806956..e5599ea 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2503,6 +2505,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -100314,7 +100589,7 @@ index c806956..e5599ea 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2524,7 +2527,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -100642,6 +100917,27 @@ index 9d43468..ffa28cc 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c +index 2d24f29..70fee98 100644 +--- a/net/ipv4/gre_offload.c ++++ b/net/ipv4/gre_offload.c +@@ -56,13 +56,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, + + csum = !!(greh->flags & GRE_CSUM); + +- if (unlikely(!pskb_may_pull(skb, ghl))) +- goto out; +- + /* setup inner skb. */ + skb->protocol = greh->protocol; + skb->encapsulation = 0; + ++ if (unlikely(!pskb_may_pull(skb, ghl))) ++ goto out; ++ + __skb_pull(skb, ghl); + skb_reset_mac_header(skb); + skb_set_network_header(skb, skb_inner_network_offset(skb)); diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 0d1e2cb..4501a2c 100644 --- a/net/ipv4/inet_connection_sock.c @@ -100805,6 +101101,43 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index ed88d78..844323b 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1487,6 +1487,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + struct sk_buff *nskb; + struct sock *sk; + struct inet_sock *inet; ++ int err; + + if (ip_options_echo(&replyopts.opt.opt, skb)) + return; +@@ -1525,8 +1526,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + sock_net_set(sk, net); + __skb_queue_head_init(&sk->sk_write_queue); + sk->sk_sndbuf = sysctl_wmem_default; +- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, +- &ipc, &rt, MSG_DONTWAIT); ++ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, ++ len, 0, &ipc, &rt, MSG_DONTWAIT); ++ if (unlikely(err)) { ++ ip_flush_pending_frames(sk); ++ goto out; ++ } ++ + nskb = skb_peek(&sk->sk_write_queue); + if (nskb) { + if (arg->csumoffset >= 0) +@@ -1538,7 +1544,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); + ip_push_pending_frames(sk, &fl4); + } +- ++out: + put_cpu_var(unicast_sock); + + ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c @@ -100828,6 +101161,24 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c +index 65b664d..791a419 100644 +--- a/net/ipv4/ip_tunnel_core.c ++++ b/net/ipv4/ip_tunnel_core.c +@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) + skb_pull_rcsum(skb, hdr_len); + + if (inner_proto == htons(ETH_P_TEB)) { +- struct ethhdr *eh = (struct ethhdr *)skb->data; ++ struct ethhdr *eh; + + if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) + return -ENOMEM; + ++ eh = (struct ethhdr *)skb->data; + if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) + skb->protocol = eh->h_proto; + else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -101141,7 +101492,7 @@ index 11c8d81..d67116b 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index ca5a01e..8c5cdb4 100644 +index 487bb62..bc101aa 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -101383,7 +101734,7 @@ index 44eba05..b36864b 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 3898694..9bd1a03 100644 +index 2291791..7b62d2b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk) @@ -101395,7 +101746,7 @@ index 3898694..9bd1a03 100644 sk->sk_max_pacing_rate); } -@@ -4484,7 +4484,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4482,7 +4482,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -101404,7 +101755,7 @@ index 3898694..9bd1a03 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5561,6 +5561,7 @@ discard: +@@ -5559,6 +5559,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -101412,7 +101763,7 @@ index 3898694..9bd1a03 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5611,6 +5612,7 @@ discard: +@@ -5609,6 +5610,7 @@ discard: goto discard; #endif } @@ -101420,7 +101771,7 @@ index 3898694..9bd1a03 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5657,7 +5659,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5655,7 +5657,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -101430,7 +101781,7 @@ index 3898694..9bd1a03 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 1e4eac7..a66fa4a 100644 +index a782d5b..28f0ae5 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -101444,7 +101795,7 @@ index 1e4eac7..a66fa4a 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1829,6 +1833,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1830,6 +1834,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -101454,7 +101805,7 @@ index 1e4eac7..a66fa4a 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1974,12 +1981,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1975,12 +1982,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -101477,7 +101828,7 @@ index 1e4eac7..a66fa4a 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2033,6 +2047,10 @@ csum_error: +@@ -2034,6 +2048,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -101729,7 +102080,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..7c5abd70 100644 +index 3f0ec06..495548c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -101741,7 +102092,7 @@ index 6c7fa08..7c5abd70 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2395,7 +2395,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2390,7 +2390,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -101750,7 +102101,7 @@ index 6c7fa08..7c5abd70 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3528,16 +3528,23 @@ static const struct file_operations if6_fops = { +@@ -3523,16 +3523,23 @@ static const struct file_operations if6_fops = { .release = seq_release_net, }; @@ -101775,7 +102126,7 @@ index 6c7fa08..7c5abd70 100644 } static struct pernet_operations if6_proc_net_ops = { -@@ -4146,7 +4153,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4141,7 +4148,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -101784,7 +102135,7 @@ index 6c7fa08..7c5abd70 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, dev->ifindex, 1); @@ -101798,7 +102149,7 @@ index 6c7fa08..7c5abd70 100644 } dst_hold(&ifp->rt->dst); -@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -101807,7 +102158,7 @@ index 6c7fa08..7c5abd70 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101816,7 +102167,7 @@ index 6c7fa08..7c5abd70 100644 int ret; /* -@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101863,7 +102214,7 @@ index 7b32652..0bc348b 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 2465d18..bc5bf7f 100644 +index cb57aa8..01c248e 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,7 +71,7 @@ struct ip6gre_net { @@ -101902,6 +102253,18 @@ index 2465d18..bc5bf7f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c +index b2f0915..066db10 100644 +--- a/net/ipv6/ip6_offload.c ++++ b/net/ipv6/ip6_offload.c +@@ -46,6 +46,7 @@ static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) + if (unlikely(!pskb_may_pull(skb, len))) + break; + ++ opth = (void *)skb->data; + proto = opth->nexthdr; + __skb_pull(skb, len); + } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 9120339..cfdd84f 100644 --- a/net/ipv6/ip6_tunnel.c @@ -102254,7 +102617,7 @@ index 7cc1102..7785931 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index fe548ba..0dfa744 100644 +index b12b11b..13856f9 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -102266,6 +102629,29 @@ index fe548ba..0dfa744 100644 static int sit_net_id __read_mostly; struct sit_net { +@@ -484,11 +484,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) + */ + static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + { +- const struct iphdr *iph = (const struct iphdr *) skb->data; ++ int ihl = ((const struct iphdr *)skb->data)->ihl*4; + struct rt6_info *rt; + struct sk_buff *skb2; + +- if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8)) ++ if (!pskb_may_pull(skb, ihl + sizeof(struct ipv6hdr) + 8)) + return 1; + + skb2 = skb_clone(skb, GFP_ATOMIC); +@@ -497,7 +497,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + return 1; + + skb_dst_drop(skb2); +- skb_pull(skb2, iph->ihl * 4); ++ skb_pull(skb2, ihl); + skb_reset_network_header(skb2); + + rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); @@ -1683,7 +1683,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -102289,7 +102675,7 @@ index 7f405a1..eabef92 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 889079b..a04512c 100644 +index a4f890d..5db3708 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -103431,7 +103817,7 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 0dfe894..7702a84 100644 +index c375d73..d4abd23 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) @@ -103443,6 +103829,15 @@ index 0dfe894..7702a84 100644 } static void netlink_rcv_wake(struct sock *sk) +@@ -707,7 +707,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, + * after validation, the socket and the ring may only be used by a + * single process, otherwise we fall back to copying. + */ +- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || ++ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || + atomic_read(&nlk->mapped) > 1) + excl = false; + @@ -3003,7 +3003,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, @@ -103465,18 +103860,10 @@ index b74aa07..d41926e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 48a6a93..d2c096b 100644 +index 48b1817..d2c096b 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -635,6 +635,7 @@ static void init_prb_bdqc(struct packet_sock *po, - p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); - p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; - -+ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv); - prb_init_ft_ops(p1, req_u); - prb_setup_retire_blk_timer(po, tx_ring); - prb_open_block(p1, pbd); -@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1846,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -103485,7 +103872,7 @@ index 48a6a93..d2c096b 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1855,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -103494,26 +103881,7 @@ index 48a6a93..d2c096b 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, - if ((int)snaplen < 0) - snaplen = 0; - } -+ } else if (unlikely(macoff + snaplen > -+ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) { -+ u32 nval; -+ -+ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff; -+ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n", -+ snaplen, nval, macoff); -+ snaplen = nval; -+ if (unlikely((int)snaplen < 0)) { -+ snaplen = 0; -+ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len; -+ } - } - spin_lock(&sk->sk_receive_queue.lock); - h.raw = packet_current_rx_frame(po, skb, -@@ -3449,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3462,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -103522,7 +103890,7 @@ index 48a6a93..d2c096b 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3495,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3508,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -103531,29 +103899,6 @@ index 48a6a93..d2c096b 100644 return -EFAULT; return 0; } -@@ -3779,6 +3792,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - goto out; - if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) - goto out; -+ if (po->tp_version >= TPACKET_V3 && -+ (int)(req->tp_block_size - -+ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) -+ goto out; - if (unlikely(req->tp_frame_size < po->tp_hdrlen + - po->tp_reserve)) - goto out; -diff --git a/net/packet/internal.h b/net/packet/internal.h -index eb9580a..cdddf6a 100644 ---- a/net/packet/internal.h -+++ b/net/packet/internal.h -@@ -29,6 +29,7 @@ struct tpacket_kbdq_core { - char *pkblk_start; - char *pkblk_end; - int kblk_size; -+ unsigned int max_frame_len; - unsigned int knum_blocks; - uint64_t knxt_seq_num; - char *prev; diff --git a/net/phonet/pep.c b/net/phonet/pep.c index e774117..900b8b7 100644 --- a/net/phonet/pep.c @@ -103738,6 +104083,42 @@ index 4503335..db566b4 100644 } #endif +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index 4e37c1c..40084d8 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + + if (rs->rs_bound_addr == 0) { + ret = -ENOTCONN; /* XXX not a great errno */ +- goto out; ++ goto out_ret; + } + + if (args->nr_local > UIO_MAXIOV) { + ret = -EMSGSIZE; +- goto out; ++ goto out_ret; + } + + /* Check whether to allocate the iovec area */ +@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); + if (!iovs) { + ret = -ENOMEM; +- goto out; ++ goto out_ret; + } + } + +@@ -696,6 +696,7 @@ out: + if (iovs != iovstack) + sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); + kfree(pages); ++out_ret: + if (ret) + rds_rdma_free_op(op); + else diff --git a/net/rds/rds.h b/net/rds/rds.h index 48f8ffc..0ef3eec 100644 --- a/net/rds/rds.h @@ -105161,10 +105542,10 @@ index 0917f04..f4e3d8c 100644 if (!proc_create("x25/route", S_IRUGO, init_net.proc_net, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 1d5c7bf..f762f1f 100644 +index 59cf325..e7fa6f0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -327,7 +327,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -332,7 +332,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -105173,7 +105554,7 @@ index 1d5c7bf..f762f1f 100644 if (del_timer(&policy->polq.hold_timer)) xfrm_pol_put(policy); -@@ -661,7 +661,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -666,7 +666,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -105182,7 +105563,7 @@ index 1d5c7bf..f762f1f 100644 /* After previous checking, family can either be AF_INET or AF_INET6 */ if (policy->family == AF_INET) -@@ -1761,7 +1761,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1766,7 +1766,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); @@ -105191,7 +105572,7 @@ index 1d5c7bf..f762f1f 100644 return xdst; } -@@ -2572,11 +2572,12 @@ void xfrm_garbage_collect(struct net *net) +@@ -2604,11 +2604,12 @@ void xfrm_garbage_collect(struct net *net) } EXPORT_SYMBOL(xfrm_garbage_collect); @@ -105205,7 +105586,7 @@ index 1d5c7bf..f762f1f 100644 static void xfrm_init_pmtu(struct dst_entry *dst) { -@@ -2626,7 +2627,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2658,7 +2659,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -105214,7 +105595,7 @@ index 1d5c7bf..f762f1f 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2714,8 +2715,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2746,8 +2747,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -105223,7 +105604,7 @@ index 1d5c7bf..f762f1f 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2769,7 +2768,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2801,7 +2800,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -105231,7 +105612,7 @@ index 1d5c7bf..f762f1f 100644 } return err; } -@@ -3159,7 +3157,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3191,7 +3189,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -107200,7 +107581,7 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index e294b86..eda45c55 100644 +index e294b86..4fc9b7f 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -107212,6 +107593,22 @@ index e294b86..eda45c55 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); +@@ -470,6 +468,7 @@ next_inode: + list_entry(sbsec->isec_head.next, + struct inode_security_struct, list); + struct inode *inode = isec->inode; ++ list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + inode = igrab(inode); + if (inode) { +@@ -478,7 +477,6 @@ next_inode: + iput(inode); + } + spin_lock(&sbsec->isec_lock); +- list_del_init(&isec->list); + goto next_inode; + } + spin_unlock(&sbsec->isec_lock); @@ -5759,7 +5757,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif diff --git a/3.14.21/4425_grsec_remove_EI_PAX.patch b/3.14.22/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.21/4425_grsec_remove_EI_PAX.patch +++ b/3.14.22/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.21/4427_force_XATTR_PAX_tmpfs.patch b/3.14.22/4427_force_XATTR_PAX_tmpfs.patch index 11a7d2c..dcc7fb5 100644 --- a/3.14.21/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.22/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -2298,11 +2298,7 @@ +@@ -2300,11 +2300,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2358,14 +2354,12 @@ +@@ -2360,14 +2360,12 @@ if (err) return err; diff --git a/3.14.21/4430_grsec-remove-localversion-grsec.patch b/3.14.22/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.21/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.22/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.21/4435_grsec-mute-warnings.patch b/3.14.22/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.21/4435_grsec-mute-warnings.patch +++ b/3.14.22/4435_grsec-mute-warnings.patch diff --git a/3.14.21/4440_grsec-remove-protected-paths.patch b/3.14.22/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.21/4440_grsec-remove-protected-paths.patch +++ b/3.14.22/4440_grsec-remove-protected-paths.patch diff --git a/3.14.21/4450_grsec-kconfig-default-gids.patch b/3.14.22/4450_grsec-kconfig-default-gids.patch index 0451e5a..ff7afeb 100644 --- a/3.14.21/4450_grsec-kconfig-default-gids.patch +++ b/3.14.22/4450_grsec-kconfig-default-gids.patch @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -1003,7 +1003,7 @@ +@@ -1005,7 +1005,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -1024,7 +1024,7 @@ +@@ -1026,7 +1026,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -1042,7 +1042,7 @@ +@@ -1044,7 +1044,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.16.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.22/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..f92c155 100644 --- a/3.16.5/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.22/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1137,6 +1137,27 @@ +@@ -1139,6 +1139,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.14.21/4470_disable-compat_vdso.patch b/3.14.22/4470_disable-compat_vdso.patch index d5eed75..d5eed75 100644 --- a/3.14.21/4470_disable-compat_vdso.patch +++ b/3.14.22/4470_disable-compat_vdso.patch diff --git a/3.14.21/4475_emutramp_default_on.patch b/3.14.22/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.21/4475_emutramp_default_on.patch +++ b/3.14.22/4475_emutramp_default_on.patch diff --git a/3.16.5/0000_README b/3.17.1/0000_README index cfb5601..8290db0 100644 --- a/3.16.5/0000_README +++ b/3.17.1/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.16.5-201410132000.patch +Patch: 4420_grsecurity-3.0-3.17.1-201410192051.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch b/3.17.1/4420_grsecurity-3.0-3.17.1-201410192051.patch index b90fe39..77eea49 100644 --- a/3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch +++ b/3.17.1/4420_grsecurity-3.0-3.17.1-201410192051.patch @@ -234,25 +234,89 @@ index 9de9813..1462492 100644 zconf.hash.c +zconf.lex.c zoffset.h -diff --git a/Documentation/filesystems/vfs.txt b/Documentation/filesystems/vfs.txt -index a1d0d7a..61d65cc 100644 ---- a/Documentation/filesystems/vfs.txt -+++ b/Documentation/filesystems/vfs.txt -@@ -1053,7 +1053,8 @@ struct dentry_operations { - If the 'rcu_walk' parameter is true, then the caller is doing a - pathwalk in RCU-walk mode. Sleeping is not permitted in this mode, - and the caller can be asked to leave it and call again by returning -- -ECHILD. -+ -ECHILD. -EISDIR may also be returned to tell pathwalk to -+ ignore d_automount or any mounts. - - This function is only used if DCACHE_MANAGE_TRANSIT is set on the - dentry being transited from. +diff --git a/Documentation/kbuild/makefiles.txt b/Documentation/kbuild/makefiles.txt +index 764f599..c600e2f 100644 +--- a/Documentation/kbuild/makefiles.txt ++++ b/Documentation/kbuild/makefiles.txt +@@ -23,10 +23,11 @@ This document describes the Linux kernel Makefiles. + === 4 Host Program support + --- 4.1 Simple Host Program + --- 4.2 Composite Host Programs +- --- 4.3 Using C++ for host programs +- --- 4.4 Controlling compiler options for host programs +- --- 4.5 When host programs are actually built +- --- 4.6 Using hostprogs-$(CONFIG_FOO) ++ --- 4.3 Defining shared libraries ++ --- 4.4 Using C++ for host programs ++ --- 4.5 Controlling compiler options for host programs ++ --- 4.6 When host programs are actually built ++ --- 4.7 Using hostprogs-$(CONFIG_FOO) + + === 5 Kbuild clean infrastructure + +@@ -642,7 +643,29 @@ Both possibilities are described in the following. + Finally, the two .o files are linked to the executable, lxdialog. + Note: The syntax <executable>-y is not permitted for host-programs. + +---- 4.3 Using C++ for host programs ++--- 4.3 Defining shared libraries ++ ++ Objects with extension .so are considered shared libraries, and ++ will be compiled as position independent objects. ++ Kbuild provides support for shared libraries, but the usage ++ shall be restricted. ++ In the following example the libkconfig.so shared library is used ++ to link the executable conf. ++ ++ Example: ++ #scripts/kconfig/Makefile ++ hostprogs-y := conf ++ conf-objs := conf.o libkconfig.so ++ libkconfig-objs := expr.o type.o ++ ++ Shared libraries always require a corresponding -objs line, and ++ in the example above the shared library libkconfig is composed by ++ the two objects expr.o and type.o. ++ expr.o and type.o will be built as position independent code and ++ linked as a shared library libkconfig.so. C++ is not supported for ++ shared libraries. ++ ++--- 4.4 Using C++ for host programs + + kbuild offers support for host programs written in C++. This was + introduced solely to support kconfig, and is not recommended +@@ -665,7 +688,7 @@ Both possibilities are described in the following. + qconf-cxxobjs := qconf.o + qconf-objs := check.o + +---- 4.4 Controlling compiler options for host programs ++--- 4.5 Controlling compiler options for host programs + + When compiling host programs, it is possible to set specific flags. + The programs will always be compiled utilising $(HOSTCC) passed +@@ -693,7 +716,7 @@ Both possibilities are described in the following. + When linking qconf, it will be passed the extra option + "-L$(QTDIR)/lib". + +---- 4.5 When host programs are actually built ++--- 4.6 When host programs are actually built + + Kbuild will only build host-programs when they are referenced + as a prerequisite. +@@ -724,7 +747,7 @@ Both possibilities are described in the following. + This will tell kbuild to build lxdialog even if not referenced in + any rule. + +---- 4.6 Using hostprogs-$(CONFIG_FOO) ++--- 4.7 Using hostprogs-$(CONFIG_FOO) + + A typical pattern in a Kbuild file looks like this: + diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index f896f68..817e3ea 100644 +index 1edd5fd..84fd32e 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1138,6 +1138,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1155,6 +1155,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. Default: 1024 @@ -263,7 +327,7 @@ index f896f68..817e3ea 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2141,6 +2145,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2175,6 +2179,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings @@ -274,7 +338,7 @@ index f896f68..817e3ea 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2418,6 +2426,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2467,6 +2475,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -300,506 +364,8 @@ index f896f68..817e3ea 100644 pcbit= [HW,ISDN] pcd. [PARIDE] -diff --git a/Documentation/networking/filter.txt b/Documentation/networking/filter.txt -index ee78eba..a06b48d 100644 ---- a/Documentation/networking/filter.txt -+++ b/Documentation/networking/filter.txt -@@ -277,11 +277,10 @@ Possible BPF extensions are shown in the following table: - mark skb->mark - queue skb->queue_mapping - hatype skb->dev->type -- rxhash skb->hash -+ rxhash skb->rxhash - cpu raw_smp_processor_id() - vlan_tci vlan_tx_tag_get(skb) - vlan_pr vlan_tx_tag_present(skb) -- rand prandom_u32() - - These extensions can also be prefixed with '#'. - Examples for low-level BPF: -@@ -309,18 +308,6 @@ Examples for low-level BPF: - ret #-1 - drop: ret #0 - --** icmp random packet sampling, 1 in 4 -- ldh [12] -- jne #0x800, drop -- ldb [23] -- jneq #1, drop -- # get a random uint32 number -- ld rand -- mod #4 -- jneq #1, drop -- ret #-1 -- drop: ret #0 -- - ** SECCOMP filter example: - - ld [4] /* offsetof(struct seccomp_data, arch) */ -@@ -559,456 +546,6 @@ ffffffffa0069c8f + <x>: - For BPF JIT developers, bpf_jit_disasm, bpf_asm and bpf_dbg provides a useful - toolchain for developing and testing the kernel's JIT compiler. - --BPF kernel internals ---------------------- --Internally, for the kernel interpreter, a different instruction set --format with similar underlying principles from BPF described in previous --paragraphs is being used. However, the instruction set format is modelled --closer to the underlying architecture to mimic native instruction sets, so --that a better performance can be achieved (more details later). This new --ISA is called 'eBPF' or 'internal BPF' interchangeably. (Note: eBPF which --originates from [e]xtended BPF is not the same as BPF extensions! While --eBPF is an ISA, BPF extensions date back to classic BPF's 'overloading' --of BPF_LD | BPF_{B,H,W} | BPF_ABS instruction.) -- --It is designed to be JITed with one to one mapping, which can also open up --the possibility for GCC/LLVM compilers to generate optimized eBPF code through --an eBPF backend that performs almost as fast as natively compiled code. -- --The new instruction set was originally designed with the possible goal in --mind to write programs in "restricted C" and compile into eBPF with a optional --GCC/LLVM backend, so that it can just-in-time map to modern 64-bit CPUs with --minimal performance overhead over two steps, that is, C -> eBPF -> native code. -- --Currently, the new format is being used for running user BPF programs, which --includes seccomp BPF, classic socket filters, cls_bpf traffic classifier, --team driver's classifier for its load-balancing mode, netfilter's xt_bpf --extension, PTP dissector/classifier, and much more. They are all internally --converted by the kernel into the new instruction set representation and run --in the eBPF interpreter. For in-kernel handlers, this all works transparently --by using sk_unattached_filter_create() for setting up the filter, resp. --sk_unattached_filter_destroy() for destroying it. The macro --SK_RUN_FILTER(filter, ctx) transparently invokes eBPF interpreter or JITed --code to run the filter. 'filter' is a pointer to struct sk_filter that we --got from sk_unattached_filter_create(), and 'ctx' the given context (e.g. --skb pointer). All constraints and restrictions from sk_chk_filter() apply --before a conversion to the new layout is being done behind the scenes! -- --Currently, the classic BPF format is being used for JITing on most of the --architectures. Only x86-64 performs JIT compilation from eBPF instruction set, --however, future work will migrate other JIT compilers as well, so that they --will profit from the very same benefits. -- --Some core changes of the new internal format: -- --- Number of registers increase from 2 to 10: -- -- The old format had two registers A and X, and a hidden frame pointer. The -- new layout extends this to be 10 internal registers and a read-only frame -- pointer. Since 64-bit CPUs are passing arguments to functions via registers -- the number of args from eBPF program to in-kernel function is restricted -- to 5 and one register is used to accept return value from an in-kernel -- function. Natively, x86_64 passes first 6 arguments in registers, aarch64/ -- sparcv9/mips64 have 7 - 8 registers for arguments; x86_64 has 6 callee saved -- registers, and aarch64/sparcv9/mips64 have 11 or more callee saved registers. -- -- Therefore, eBPF calling convention is defined as: -- -- * R0 - return value from in-kernel function, and exit value for eBPF program -- * R1 - R5 - arguments from eBPF program to in-kernel function -- * R6 - R9 - callee saved registers that in-kernel function will preserve -- * R10 - read-only frame pointer to access stack -- -- Thus, all eBPF registers map one to one to HW registers on x86_64, aarch64, -- etc, and eBPF calling convention maps directly to ABIs used by the kernel on -- 64-bit architectures. -- -- On 32-bit architectures JIT may map programs that use only 32-bit arithmetic -- and may let more complex programs to be interpreted. -- -- R0 - R5 are scratch registers and eBPF program needs spill/fill them if -- necessary across calls. Note that there is only one eBPF program (== one -- eBPF main routine) and it cannot call other eBPF functions, it can only -- call predefined in-kernel functions, though. -- --- Register width increases from 32-bit to 64-bit: -- -- Still, the semantics of the original 32-bit ALU operations are preserved -- via 32-bit subregisters. All eBPF registers are 64-bit with 32-bit lower -- subregisters that zero-extend into 64-bit if they are being written to. -- That behavior maps directly to x86_64 and arm64 subregister definition, but -- makes other JITs more difficult. -- -- 32-bit architectures run 64-bit internal BPF programs via interpreter. -- Their JITs may convert BPF programs that only use 32-bit subregisters into -- native instruction set and let the rest being interpreted. -- -- Operation is 64-bit, because on 64-bit architectures, pointers are also -- 64-bit wide, and we want to pass 64-bit values in/out of kernel functions, -- so 32-bit eBPF registers would otherwise require to define register-pair -- ABI, thus, there won't be able to use a direct eBPF register to HW register -- mapping and JIT would need to do combine/split/move operations for every -- register in and out of the function, which is complex, bug prone and slow. -- Another reason is the use of atomic 64-bit counters. -- --- Conditional jt/jf targets replaced with jt/fall-through: -- -- While the original design has constructs such as "if (cond) jump_true; -- else jump_false;", they are being replaced into alternative constructs like -- "if (cond) jump_true; /* else fall-through */". -- --- Introduces bpf_call insn and register passing convention for zero overhead -- calls from/to other kernel functions: -- -- Before an in-kernel function call, the internal BPF program needs to -- place function arguments into R1 to R5 registers to satisfy calling -- convention, then the interpreter will take them from registers and pass -- to in-kernel function. If R1 - R5 registers are mapped to CPU registers -- that are used for argument passing on given architecture, the JIT compiler -- doesn't need to emit extra moves. Function arguments will be in the correct -- registers and BPF_CALL instruction will be JITed as single 'call' HW -- instruction. This calling convention was picked to cover common call -- situations without performance penalty. -- -- After an in-kernel function call, R1 - R5 are reset to unreadable and R0 has -- a return value of the function. Since R6 - R9 are callee saved, their state -- is preserved across the call. -- -- For example, consider three C functions: -- -- u64 f1() { return (*_f2)(1); } -- u64 f2(u64 a) { return f3(a + 1, a); } -- u64 f3(u64 a, u64 b) { return a - b; } -- -- GCC can compile f1, f3 into x86_64: -- -- f1: -- movl $1, %edi -- movq _f2(%rip), %rax -- jmp *%rax -- f3: -- movq %rdi, %rax -- subq %rsi, %rax -- ret -- -- Function f2 in eBPF may look like: -- -- f2: -- bpf_mov R2, R1 -- bpf_add R1, 1 -- bpf_call f3 -- bpf_exit -- -- If f2 is JITed and the pointer stored to '_f2'. The calls f1 -> f2 -> f3 and -- returns will be seamless. Without JIT, __sk_run_filter() interpreter needs to -- be used to call into f2. -- -- For practical reasons all eBPF programs have only one argument 'ctx' which is -- already placed into R1 (e.g. on __sk_run_filter() startup) and the programs -- can call kernel functions with up to 5 arguments. Calls with 6 or more arguments -- are currently not supported, but these restrictions can be lifted if necessary -- in the future. -- -- On 64-bit architectures all register map to HW registers one to one. For -- example, x86_64 JIT compiler can map them as ... -- -- R0 - rax -- R1 - rdi -- R2 - rsi -- R3 - rdx -- R4 - rcx -- R5 - r8 -- R6 - rbx -- R7 - r13 -- R8 - r14 -- R9 - r15 -- R10 - rbp -- -- ... since x86_64 ABI mandates rdi, rsi, rdx, rcx, r8, r9 for argument passing -- and rbx, r12 - r15 are callee saved. -- -- Then the following internal BPF pseudo-program: -- -- bpf_mov R6, R1 /* save ctx */ -- bpf_mov R2, 2 -- bpf_mov R3, 3 -- bpf_mov R4, 4 -- bpf_mov R5, 5 -- bpf_call foo -- bpf_mov R7, R0 /* save foo() return value */ -- bpf_mov R1, R6 /* restore ctx for next call */ -- bpf_mov R2, 6 -- bpf_mov R3, 7 -- bpf_mov R4, 8 -- bpf_mov R5, 9 -- bpf_call bar -- bpf_add R0, R7 -- bpf_exit -- -- After JIT to x86_64 may look like: -- -- push %rbp -- mov %rsp,%rbp -- sub $0x228,%rsp -- mov %rbx,-0x228(%rbp) -- mov %r13,-0x220(%rbp) -- mov %rdi,%rbx -- mov $0x2,%esi -- mov $0x3,%edx -- mov $0x4,%ecx -- mov $0x5,%r8d -- callq foo -- mov %rax,%r13 -- mov %rbx,%rdi -- mov $0x2,%esi -- mov $0x3,%edx -- mov $0x4,%ecx -- mov $0x5,%r8d -- callq bar -- add %r13,%rax -- mov -0x228(%rbp),%rbx -- mov -0x220(%rbp),%r13 -- leaveq -- retq -- -- Which is in this example equivalent in C to: -- -- u64 bpf_filter(u64 ctx) -- { -- return foo(ctx, 2, 3, 4, 5) + bar(ctx, 6, 7, 8, 9); -- } -- -- In-kernel functions foo() and bar() with prototype: u64 (*)(u64 arg1, u64 -- arg2, u64 arg3, u64 arg4, u64 arg5); will receive arguments in proper -- registers and place their return value into '%rax' which is R0 in eBPF. -- Prologue and epilogue are emitted by JIT and are implicit in the -- interpreter. R0-R5 are scratch registers, so eBPF program needs to preserve -- them across the calls as defined by calling convention. -- -- For example the following program is invalid: -- -- bpf_mov R1, 1 -- bpf_call foo -- bpf_mov R0, R1 -- bpf_exit -- -- After the call the registers R1-R5 contain junk values and cannot be read. -- In the future an eBPF verifier can be used to validate internal BPF programs. -- --Also in the new design, eBPF is limited to 4096 insns, which means that any --program will terminate quickly and will only call a fixed number of kernel --functions. Original BPF and the new format are two operand instructions, --which helps to do one-to-one mapping between eBPF insn and x86 insn during JIT. -- --The input context pointer for invoking the interpreter function is generic, --its content is defined by a specific use case. For seccomp register R1 points --to seccomp_data, for converted BPF filters R1 points to a skb. -- --A program, that is translated internally consists of the following elements: -- -- op:16, jt:8, jf:8, k:32 ==> op:8, dst_reg:4, src_reg:4, off:16, imm:32 -- --So far 87 internal BPF instructions were implemented. 8-bit 'op' opcode field --has room for new instructions. Some of them may use 16/24/32 byte encoding. New --instructions must be multiple of 8 bytes to preserve backward compatibility. -- --Internal BPF is a general purpose RISC instruction set. Not every register and --every instruction are used during translation from original BPF to new format. --For example, socket filters are not using 'exclusive add' instruction, but --tracing filters may do to maintain counters of events, for example. Register R9 --is not used by socket filters either, but more complex filters may be running --out of registers and would have to resort to spill/fill to stack. -- --Internal BPF can used as generic assembler for last step performance --optimizations, socket filters and seccomp are using it as assembler. Tracing --filters may use it as assembler to generate code from kernel. In kernel usage --may not be bounded by security considerations, since generated internal BPF code --may be optimizing internal code path and not being exposed to the user space. --Safety of internal BPF can come from a verifier (TBD). In such use cases as --described, it may be used as safe instruction set. -- --Just like the original BPF, the new format runs within a controlled environment, --is deterministic and the kernel can easily prove that. The safety of the program --can be determined in two steps: first step does depth-first-search to disallow --loops and other CFG validation; second step starts from the first insn and --descends all possible paths. It simulates execution of every insn and observes --the state change of registers and stack. -- --eBPF opcode encoding ---------------------- -- --eBPF is reusing most of the opcode encoding from classic to simplify conversion --of classic BPF to eBPF. For arithmetic and jump instructions the 8-bit 'code' --field is divided into three parts: -- -- +----------------+--------+--------------------+ -- | 4 bits | 1 bit | 3 bits | -- | operation code | source | instruction class | -- +----------------+--------+--------------------+ -- (MSB) (LSB) -- --Three LSB bits store instruction class which is one of: -- -- Classic BPF classes: eBPF classes: -- -- BPF_LD 0x00 BPF_LD 0x00 -- BPF_LDX 0x01 BPF_LDX 0x01 -- BPF_ST 0x02 BPF_ST 0x02 -- BPF_STX 0x03 BPF_STX 0x03 -- BPF_ALU 0x04 BPF_ALU 0x04 -- BPF_JMP 0x05 BPF_JMP 0x05 -- BPF_RET 0x06 [ class 6 unused, for future if needed ] -- BPF_MISC 0x07 BPF_ALU64 0x07 -- --When BPF_CLASS(code) == BPF_ALU or BPF_JMP, 4th bit encodes source operand ... -- -- BPF_K 0x00 -- BPF_X 0x08 -- -- * in classic BPF, this means: -- -- BPF_SRC(code) == BPF_X - use register X as source operand -- BPF_SRC(code) == BPF_K - use 32-bit immediate as source operand -- -- * in eBPF, this means: -- -- BPF_SRC(code) == BPF_X - use 'src_reg' register as source operand -- BPF_SRC(code) == BPF_K - use 32-bit immediate as source operand -- --... and four MSB bits store operation code. -- --If BPF_CLASS(code) == BPF_ALU or BPF_ALU64 [ in eBPF ], BPF_OP(code) is one of: -- -- BPF_ADD 0x00 -- BPF_SUB 0x10 -- BPF_MUL 0x20 -- BPF_DIV 0x30 -- BPF_OR 0x40 -- BPF_AND 0x50 -- BPF_LSH 0x60 -- BPF_RSH 0x70 -- BPF_NEG 0x80 -- BPF_MOD 0x90 -- BPF_XOR 0xa0 -- BPF_MOV 0xb0 /* eBPF only: mov reg to reg */ -- BPF_ARSH 0xc0 /* eBPF only: sign extending shift right */ -- BPF_END 0xd0 /* eBPF only: endianness conversion */ -- --If BPF_CLASS(code) == BPF_JMP, BPF_OP(code) is one of: -- -- BPF_JA 0x00 -- BPF_JEQ 0x10 -- BPF_JGT 0x20 -- BPF_JGE 0x30 -- BPF_JSET 0x40 -- BPF_JNE 0x50 /* eBPF only: jump != */ -- BPF_JSGT 0x60 /* eBPF only: signed '>' */ -- BPF_JSGE 0x70 /* eBPF only: signed '>=' */ -- BPF_CALL 0x80 /* eBPF only: function call */ -- BPF_EXIT 0x90 /* eBPF only: function return */ -- --So BPF_ADD | BPF_X | BPF_ALU means 32-bit addition in both classic BPF --and eBPF. There are only two registers in classic BPF, so it means A += X. --In eBPF it means dst_reg = (u32) dst_reg + (u32) src_reg; similarly, --BPF_XOR | BPF_K | BPF_ALU means A ^= imm32 in classic BPF and analogous --src_reg = (u32) src_reg ^ (u32) imm32 in eBPF. -- --Classic BPF is using BPF_MISC class to represent A = X and X = A moves. --eBPF is using BPF_MOV | BPF_X | BPF_ALU code instead. Since there are no --BPF_MISC operations in eBPF, the class 7 is used as BPF_ALU64 to mean --exactly the same operations as BPF_ALU, but with 64-bit wide operands --instead. So BPF_ADD | BPF_X | BPF_ALU64 means 64-bit addition, i.e.: --dst_reg = dst_reg + src_reg -- --Classic BPF wastes the whole BPF_RET class to represent a single 'ret' --operation. Classic BPF_RET | BPF_K means copy imm32 into return register --and perform function exit. eBPF is modeled to match CPU, so BPF_JMP | BPF_EXIT --in eBPF means function exit only. The eBPF program needs to store return --value into register R0 before doing a BPF_EXIT. Class 6 in eBPF is currently --unused and reserved for future use. -- --For load and store instructions the 8-bit 'code' field is divided as: -- -- +--------+--------+-------------------+ -- | 3 bits | 2 bits | 3 bits | -- | mode | size | instruction class | -- +--------+--------+-------------------+ -- (MSB) (LSB) -- --Size modifier is one of ... -- -- BPF_W 0x00 /* word */ -- BPF_H 0x08 /* half word */ -- BPF_B 0x10 /* byte */ -- BPF_DW 0x18 /* eBPF only, double word */ -- --... which encodes size of load/store operation: -- -- B - 1 byte -- H - 2 byte -- W - 4 byte -- DW - 8 byte (eBPF only) -- --Mode modifier is one of: -- -- BPF_IMM 0x00 /* classic BPF only, reserved in eBPF */ -- BPF_ABS 0x20 -- BPF_IND 0x40 -- BPF_MEM 0x60 -- BPF_LEN 0x80 /* classic BPF only, reserved in eBPF */ -- BPF_MSH 0xa0 /* classic BPF only, reserved in eBPF */ -- BPF_XADD 0xc0 /* eBPF only, exclusive add */ -- --eBPF has two non-generic instructions: (BPF_ABS | <size> | BPF_LD) and --(BPF_IND | <size> | BPF_LD) which are used to access packet data. -- --They had to be carried over from classic to have strong performance of --socket filters running in eBPF interpreter. These instructions can only --be used when interpreter context is a pointer to 'struct sk_buff' and --have seven implicit operands. Register R6 is an implicit input that must --contain pointer to sk_buff. Register R0 is an implicit output which contains --the data fetched from the packet. Registers R1-R5 are scratch registers --and must not be used to store the data across BPF_ABS | BPF_LD or --BPF_IND | BPF_LD instructions. -- --These instructions have implicit program exit condition as well. When --eBPF program is trying to access the data beyond the packet boundary, --the interpreter will abort the execution of the program. JIT compilers --therefore must preserve this property. src_reg and imm32 fields are --explicit inputs to these instructions. -- --For example: -- -- BPF_IND | BPF_W | BPF_LD means: -- -- R0 = ntohl(*(u32 *) (((struct sk_buff *) R6)->data + src_reg + imm32)) -- and R1 - R5 were scratched. -- --Unlike classic BPF instruction set, eBPF has generic load/store operations: -- --BPF_MEM | <size> | BPF_STX: *(size *) (dst_reg + off) = src_reg --BPF_MEM | <size> | BPF_ST: *(size *) (dst_reg + off) = imm32 --BPF_MEM | <size> | BPF_LDX: dst_reg = *(size *) (src_reg + off) --BPF_XADD | BPF_W | BPF_STX: lock xadd *(u32 *)(dst_reg + off16) += src_reg --BPF_XADD | BPF_DW | BPF_STX: lock xadd *(u64 *)(dst_reg + off16) += src_reg -- --Where size is one of: BPF_B or BPF_H or BPF_W or BPF_DW. Note that 1 and --2 byte atomic increments are not supported. -- --Testing --------- -- --Next to the BPF toolchain, the kernel also ships a test module that contains --various test cases for classic and internal BPF that can be executed against --the BPF interpreter and JIT compiler. It can be found in lib/test_bpf.c and --enabled via Kconfig: -- -- CONFIG_TEST_BPF=m -- --After the module has been built and installed, the test suite can be executed --via insmod or modprobe against 'test_bpf' module. Results of the test cases --including timings in nsec can be found in the kernel log (dmesg). -- - Misc - ---- - -@@ -1024,4 +561,3 @@ the underlying architecture. - - Jay Schulist <jschlst@samba.org> - Daniel Borkmann <dborkman@redhat.com> --Alexei Starovoitov <ast@plumgrid.com> diff --git a/Makefile b/Makefile -index 41efc3d..8d20d06 100644 +index 4669409..95d8745 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -814,7 +380,7 @@ index 41efc3d..8d20d06 100644 ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1) HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \ -@@ -449,8 +450,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ +@@ -450,8 +451,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ # Rules shared between *config targets and build targets # Basic helpers built in scripts/ @@ -825,13 +391,10 @@ index 41efc3d..8d20d06 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -621,6 +622,75 @@ else - KBUILD_CFLAGS += -O2 - endif +@@ -625,6 +626,72 @@ endif + # Tell gcc to never replace conditional load with a non-conditional one + KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -+# Tell gcc to never replace conditional load with a non-conditional one -+KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) -+ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -901,16 +464,16 @@ index 41efc3d..8d20d06 100644 ifdef CONFIG_READABLE_ASM # Disable optimizations that make assembler listings hard to read. # reorder blocks reorders the control in the function -@@ -692,7 +762,7 @@ KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments) - - ifdef CONFIG_DEBUG_INFO +@@ -717,7 +784,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) + else KBUILD_CFLAGS += -g + endif -KBUILD_AFLAGS += -Wa,-gdwarf-2 +KBUILD_AFLAGS += -Wa,--gdwarf-2 endif - - ifdef CONFIG_DEBUG_INFO_REDUCED -@@ -839,7 +909,7 @@ export mod_sign_cmd + ifdef CONFIG_DEBUG_INFO_DWARF4 + KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,) +@@ -867,7 +934,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -919,7 +482,7 @@ index 41efc3d..8d20d06 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -888,6 +958,8 @@ endif +@@ -916,6 +983,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -928,7 +491,7 @@ index 41efc3d..8d20d06 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -897,7 +969,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -925,7 +994,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -937,7 +500,7 @@ index 41efc3d..8d20d06 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -940,10 +1012,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -968,10 +1037,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -951,7 +514,7 @@ index 41efc3d..8d20d06 100644 prepare: prepare0 # Generate some files -@@ -1051,6 +1126,8 @@ all: modules +@@ -1086,6 +1158,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -960,7 +523,7 @@ index 41efc3d..8d20d06 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1066,7 +1143,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1101,7 +1175,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -969,7 +532,7 @@ index 41efc3d..8d20d06 100644 # Target to install modules PHONY += modules_install -@@ -1132,7 +1209,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1167,7 +1241,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -981,7 +544,7 @@ index 41efc3d..8d20d06 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1171,7 +1251,7 @@ distclean: mrproper +@@ -1206,7 +1283,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -990,7 +553,7 @@ index 41efc3d..8d20d06 100644 -type f -print | xargs rm -f -@@ -1332,6 +1412,8 @@ PHONY += $(module-dirs) modules +@@ -1372,6 +1449,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -999,7 +562,7 @@ index 41efc3d..8d20d06 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1471,17 +1553,21 @@ else +@@ -1512,17 +1591,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -1025,7 +588,7 @@ index 41efc3d..8d20d06 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1491,11 +1577,15 @@ endif +@@ -1532,11 +1615,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -1374,10 +937,10 @@ index 98838a0..b304fb4 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 290f02ee..a639059 100644 +index 32cbbd5..c102df9 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1787,7 +1787,7 @@ config ALIGNMENT_TRAP +@@ -1719,7 +1719,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -1386,7 +949,7 @@ index 290f02ee..a639059 100644 default y if CPU_FEROCEON help Implement faster copy_to_user and clear_user methods for CPU -@@ -2051,6 +2051,7 @@ config XIP_PHYS_ADDR +@@ -1983,6 +1983,7 @@ config XIP_PHYS_ADDR config KEXEC bool "Kexec system call (EXPERIMENTAL)" depends on (!SMP || PM_SLEEP_SMP) @@ -2107,7 +1670,7 @@ index 75fe66b..ba3dee4 100644 #endif diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index 79ecb4f..6b0bbdd 100644 +index 10e78d0..dc8505d 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -116,7 +116,7 @@ struct cpu_cache_fns { @@ -2219,10 +1782,10 @@ index 6ddbe44..b5e38b1 100644 static inline void set_domain(unsigned val) { } static inline void modify_domain(unsigned dom, unsigned type) { } diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h -index f4b46d3..abc9b2b 100644 +index afb9caf..9a0bac0 100644 --- a/arch/arm/include/asm/elf.h +++ b/arch/arm/include/asm/elf.h -@@ -114,7 +114,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); +@@ -115,7 +115,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -2238,7 +1801,7 @@ index f4b46d3..abc9b2b 100644 /* When the program starts, a1 contains a pointer to a function to be registered with atexit, as per the SVR4 ABI. A value of 0 means we -@@ -124,10 +131,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); +@@ -125,10 +132,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); extern void elf_set_personality(const struct elf32_hdr *); #define SET_PERSONALITY(ex) elf_set_personality(&(ex)) @@ -2521,10 +2084,10 @@ index 219ac88..73ec32a 100644 * These are the memory types, defined to be compatible with * pre-ARMv6 CPUs cacheable and bufferable bits: XXCB diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h -index 626989f..9d67a33 100644 +index 9fd61c7..f8f1cff 100644 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h -@@ -75,6 +75,7 @@ +@@ -76,6 +76,7 @@ #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ #define PTE_EXT_NG (_AT(pteval_t, 1) << 11) /* nG */ @@ -2533,18 +2096,18 @@ index 626989f..9d67a33 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index 85c60ad..b0bbd7e 100644 +index 06e0bc0..e60c2d3 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h -@@ -82,6 +82,7 @@ - #define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */ +@@ -81,6 +81,7 @@ + #define L_PTE_USER (_AT(pteval_t, 1) << 6) /* AP[1] */ #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */ +#define L_PTE_PXN (_AT(pteval_t, 1) << 53) /* PXN */ #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */ - #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */ - #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */ -@@ -95,6 +96,7 @@ + #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) + #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) +@@ -96,6 +97,7 @@ /* * To be used in assembly code with the upper page attributes. */ @@ -2553,7 +2116,7 @@ index 85c60ad..b0bbd7e 100644 #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h -index 5478e5d..f5b5cb3 100644 +index 01baef0..73c156e 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -33,6 +33,9 @@ @@ -2636,7 +2199,7 @@ index 5478e5d..f5b5cb3 100644 */ #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG -@@ -265,7 +313,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } +@@ -269,7 +317,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | @@ -2672,10 +2235,10 @@ index 2ec765c..beb1fe16 100644 struct of_cpu_method { const char *method; diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index e4e4208..086684a 100644 +index fc44d37..acc63c4 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -88,9 +88,9 @@ struct thread_info { +@@ -89,9 +89,9 @@ struct thread_info { .flags = 0, \ .preempt_count = INIT_PREEMPT_COUNT, \ .addr_limit = KERNEL_DS, \ @@ -2688,7 +2251,7 @@ index e4e4208..086684a 100644 .restart_block = { \ .fn = do_no_restart_syscall, \ }, \ -@@ -164,7 +164,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -165,7 +165,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ @@ -2701,7 +2264,7 @@ index e4e4208..086684a 100644 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -178,10 +182,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -179,10 +183,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) @@ -2737,7 +2300,7 @@ index 5f833f7..76e6644 100644 } diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 75d9579..b5b40e4 100644 +index 4767eb9..bf00668 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -18,6 +18,7 @@ @@ -2788,7 +2351,7 @@ index 75d9579..b5b40e4 100644 #define __addr_ok(addr) ({ \ unsigned long flag; \ __asm__("cmp %2, %0; movlo %0, #0" \ -@@ -150,8 +178,12 @@ extern int __get_user_4(void *); +@@ -198,8 +226,12 @@ extern int __get_user_64t_4(void *); #define get_user(x,p) \ ({ \ @@ -2802,7 +2365,7 @@ index 75d9579..b5b40e4 100644 }) extern int __put_user_1(void *, unsigned int); -@@ -196,8 +228,12 @@ extern int __put_user_8(void *, unsigned long long); +@@ -244,8 +276,12 @@ extern int __put_user_8(void *, unsigned long long); #define put_user(x,p) \ ({ \ @@ -2816,7 +2379,7 @@ index 75d9579..b5b40e4 100644 }) #else /* CONFIG_MMU */ -@@ -221,6 +257,7 @@ static inline void set_fs(mm_segment_t fs) +@@ -269,6 +305,7 @@ static inline void set_fs(mm_segment_t fs) #endif /* CONFIG_MMU */ @@ -2824,7 +2387,7 @@ index 75d9579..b5b40e4 100644 #define access_ok(type,addr,size) (__range_ok(addr,size) == 0) #define user_addr_max() \ -@@ -238,13 +275,17 @@ static inline void set_fs(mm_segment_t fs) +@@ -286,13 +323,17 @@ static inline void set_fs(mm_segment_t fs) #define __get_user(x,ptr) \ ({ \ long __gu_err = 0; \ @@ -2842,7 +2405,7 @@ index 75d9579..b5b40e4 100644 (void) 0; \ }) -@@ -320,13 +361,17 @@ do { \ +@@ -368,13 +409,17 @@ do { \ #define __put_user(x,ptr) \ ({ \ long __pu_err = 0; \ @@ -2860,7 +2423,7 @@ index 75d9579..b5b40e4 100644 (void) 0; \ }) -@@ -426,11 +471,44 @@ do { \ +@@ -474,11 +519,44 @@ do { \ #ifdef CONFIG_MMU @@ -2908,7 +2471,7 @@ index 75d9579..b5b40e4 100644 #else #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) -@@ -439,6 +517,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l +@@ -487,6 +565,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -2918,7 +2481,7 @@ index 75d9579..b5b40e4 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -448,6 +529,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -496,6 +577,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -2942,7 +2505,7 @@ index 5af0ed1..cea83883 100644 #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */ diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c -index f7b450f..f5364c5 100644 +index a88671c..1cc895e 100644 --- a/arch/arm/kernel/armksyms.c +++ b/arch/arm/kernel/armksyms.c @@ -55,7 +55,7 @@ EXPORT_SYMBOL(arm_delay_ops); @@ -2968,7 +2531,7 @@ index f7b450f..f5364c5 100644 EXPORT_SYMBOL(__get_user_1); EXPORT_SYMBOL(__get_user_2); diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S -index 52a949a..d8bbcab 100644 +index 36276cd..9d7b13b 100644 --- a/arch/arm/kernel/entry-armv.S +++ b/arch/arm/kernel/entry-armv.S @@ -47,6 +47,87 @@ @@ -3143,7 +2706,7 @@ index 52a949a..d8bbcab 100644 -4: str r4, [sp, #S_PC] @ retry current instruction +4: pax_close_userland + str r4, [sp, #S_PC] @ retry current instruction - mov pc, r9 + ret r9 .popsection .pushsection __ex_table,"a" @@ -698,7 +802,7 @@ ENTRY(__switch_to) @@ -3165,11 +2728,11 @@ index 52a949a..d8bbcab 100644 #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index 7139d4a..feaf37f 100644 +index e52fe5a..1b0a924 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S -@@ -10,18 +10,46 @@ - +@@ -11,18 +11,46 @@ + #include <asm/assembler.h> #include <asm/unistd.h> #include <asm/ftrace.h> +#include <asm/domain.h> @@ -3218,7 +2781,7 @@ index 7139d4a..feaf37f 100644 .align 5 /* * This is the fast syscall return path. We do as little as -@@ -405,6 +433,12 @@ ENTRY(vector_swi) +@@ -406,6 +434,12 @@ ENTRY(vector_swi) USER( ldr scno, [lr, #-4] ) @ get SWI instruction #endif @@ -3232,7 +2795,7 @@ index 7139d4a..feaf37f 100644 #if defined(CONFIG_OABI_COMPAT) diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S -index 0325dbf..e8e47ff 100644 +index 2fdf867..6e909e4 100644 --- a/arch/arm/kernel/entry-header.S +++ b/arch/arm/kernel/entry-header.S @@ -188,6 +188,60 @@ @@ -3306,7 +2869,7 @@ index 0325dbf..e8e47ff 100644 msr spsr_cxsf, \rpsr #if defined(CONFIG_CPU_V6) || defined(CONFIG_CPU_32v6K) @ We must avoid clrex due to Cortex-A15 erratum #830321 -@@ -260,6 +317,9 @@ +@@ -254,6 +311,9 @@ blne trace_hardirqs_off #endif .endif @@ -3332,7 +2895,7 @@ index 918875d..cd5fa27 100644 flush_icache_range((unsigned long)base + offset, offset + length); diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S -index 2c35f0f..7747ee6 100644 +index 664eee8..f470938 100644 --- a/arch/arm/kernel/head.S +++ b/arch/arm/kernel/head.S @@ -437,7 +437,7 @@ __enable_mmu: @@ -3345,7 +2908,7 @@ index 2c35f0f..7747ee6 100644 mcr p15, 0, r4, c2, c0, 0 @ load page table pointer #endif diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c -index 45e4781..8eac93d 100644 +index 6a4dffe..4a86a70 100644 --- a/arch/arm/kernel/module.c +++ b/arch/arm/kernel/module.c @@ -38,12 +38,39 @@ @@ -3547,7 +3110,7 @@ index 0c27ed6..b67388e 100644 if (secure_computing(scno) == -1) return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 8a16ee5..4f560e5 100644 +index 84db893d..bd8213a 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -104,21 +104,23 @@ EXPORT_SYMBOL(elf_hwcap); @@ -3653,10 +3216,10 @@ index bd19834..e4d8c66 100644 - return page; -} diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index 7c4fada..8581286 100644 +index bbe22fc..d7737f5 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c -@@ -73,7 +73,7 @@ enum ipi_msg_type { +@@ -76,7 +76,7 @@ enum ipi_msg_type { static DECLARE_COMPLETION(cpu_running); @@ -3689,10 +3252,10 @@ index 7a3be1d..b00c7de 100644 start, end); itcm_present = true; diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index da11b28..1e2696e 100644 +index a964c9f..cf2a5b1 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -62,7 +62,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); +@@ -64,7 +64,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) { #ifdef CONFIG_KALLSYMS @@ -3701,7 +3264,7 @@ index da11b28..1e2696e 100644 #else printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); #endif -@@ -264,6 +264,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; +@@ -266,6 +266,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; static int die_owner = -1; static unsigned int die_nest_count; @@ -3710,7 +3273,7 @@ index da11b28..1e2696e 100644 static unsigned long oops_begin(void) { int cpu; -@@ -306,6 +308,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -308,6 +310,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -3720,7 +3283,7 @@ index da11b28..1e2696e 100644 if (signr) do_exit(signr); } -@@ -885,7 +890,11 @@ void __init early_trap_init(void *vectors_base) +@@ -887,7 +892,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -3734,7 +3297,7 @@ index da11b28..1e2696e 100644 /* * on V7-M there is no need to copy the vector table to a dedicated diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 7bcee5c..e2f3249 100644 +index 6f57cb9..645f8c4 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -3804,7 +3367,7 @@ index 7bcee5c..e2f3249 100644 __data_loc = .; #endif diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c -index 3c82b37..69fa3d2 100644 +index a99e0cd..ab56421d 100644 --- a/arch/arm/kvm/arm.c +++ b/arch/arm/kvm/arm.c @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors; @@ -3816,7 +3379,7 @@ index 3c82b37..69fa3d2 100644 static u8 kvm_next_vmid; static DEFINE_SPINLOCK(kvm_vmid_lock); -@@ -409,7 +409,7 @@ void force_vm_exit(const cpumask_t *mask) +@@ -372,7 +372,7 @@ void force_vm_exit(const cpumask_t *mask) */ static bool need_new_vmid_gen(struct kvm *kvm) { @@ -3825,7 +3388,7 @@ index 3c82b37..69fa3d2 100644 } /** -@@ -442,7 +442,7 @@ static void update_vttbr(struct kvm *kvm) +@@ -405,7 +405,7 @@ static void update_vttbr(struct kvm *kvm) /* First user of a new VMID generation? */ if (unlikely(kvm_next_vmid == 0)) { @@ -3834,7 +3397,7 @@ index 3c82b37..69fa3d2 100644 kvm_next_vmid = 1; /* -@@ -459,7 +459,7 @@ static void update_vttbr(struct kvm *kvm) +@@ -422,7 +422,7 @@ static void update_vttbr(struct kvm *kvm) kvm_call_hyp(__kvm_flush_vm_context); } @@ -3843,7 +3406,7 @@ index 3c82b37..69fa3d2 100644 kvm->arch.vmid = kvm_next_vmid; kvm_next_vmid++; -@@ -1034,7 +1034,7 @@ static void check_kvm_target_cpu(void *ret) +@@ -997,7 +997,7 @@ static void check_kvm_target_cpu(void *ret) /** * Initialize Hyp-mode and memory mappings on all CPUs. */ @@ -3964,10 +3527,10 @@ index 7d08b43..f7ca7ea 100644 #include "csumpartialcopygeneric.S" diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c -index 5306de3..aed6d03 100644 +index 312d43e..21d2322 100644 --- a/arch/arm/lib/delay.c +++ b/arch/arm/lib/delay.c -@@ -28,7 +28,7 @@ +@@ -29,7 +29,7 @@ /* * Default to the loop-based delay implementation. */ @@ -4011,43 +3574,6 @@ index f7a07a5..258e1f7 100644 pr_info("AT91: sram at 0x%lx of 0x%x mapped at 0x%lx\n", base, length, desc->virtual); -diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index 255f33a..507b157 100644 ---- a/arch/arm/mach-kirkwood/common.c -+++ b/arch/arm/mach-kirkwood/common.c -@@ -157,7 +157,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) - clk_gate_ops.disable(hw); - } - --static struct clk_ops clk_gate_fn_ops; -+static int clk_gate_fn_is_enabled(struct clk_hw *hw) -+{ -+ return clk_gate_ops.is_enabled(hw); -+} -+ -+static struct clk_ops clk_gate_fn_ops = { -+ .enable = clk_gate_fn_enable, -+ .disable = clk_gate_fn_disable, -+ .is_enabled = clk_gate_fn_is_enabled, -+}; - - static struct clk __init *clk_register_gate_fn(struct device *dev, - const char *name, -@@ -191,14 +200,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev, - gate_fn->fn_en = fn_en; - gate_fn->fn_dis = fn_dis; - -- /* ops is the gate ops, but with our enable/disable functions */ -- if (clk_gate_fn_ops.enable != clk_gate_fn_enable || -- clk_gate_fn_ops.disable != clk_gate_fn_disable) { -- clk_gate_fn_ops = clk_gate_ops; -- clk_gate_fn_ops.enable = clk_gate_fn_enable; -- clk_gate_fn_ops.disable = clk_gate_fn_disable; -- } -- - clk = clk_register(dev, &gate_fn->gate.hw); - - if (IS_ERR(clk)) diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c index 2bdc323..cf1c607 100644 --- a/arch/arm/mach-mvebu/coherency.c @@ -4084,7 +3610,7 @@ index aead77a..a2253fa 100644 }; diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c -index 8bc1338..8b28b69 100644 +index 2f97228..6ce10e1 100644 --- a/arch/arm/mach-omap2/gpmc.c +++ b/arch/arm/mach-omap2/gpmc.c @@ -151,7 +151,6 @@ struct omap3_gpmc_regs { @@ -4166,7 +3692,7 @@ index 37843a7..a98df13 100644 }; diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c -index 01ef59d..32ae28a8 100644 +index d22c30d..23697a1 100644 --- a/arch/arm/mach-omap2/omap_device.c +++ b/arch/arm/mach-omap2/omap_device.c @@ -510,7 +510,7 @@ void omap_device_delete(struct omap_device *od) @@ -4207,7 +3733,7 @@ index 78c02b3..c94109a 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 8fd87a3..099ed60 100644 +index 9e91a4e..357ed0d 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -4271,7 +3797,7 @@ index 97d6607..8429d14 100644 sizeof(struct omap_wd_timer_platform_data)); WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n", diff --git a/arch/arm/mach-tegra/cpuidle-tegra20.c b/arch/arm/mach-tegra/cpuidle-tegra20.c -index b82dcae..44ee5b6 100644 +index b30bf5c..d0825bf 100644 --- a/arch/arm/mach-tegra/cpuidle-tegra20.c +++ b/arch/arm/mach-tegra/cpuidle-tegra20.c @@ -180,7 +180,7 @@ static int tegra20_idle_lp2_coupled(struct cpuidle_device *dev, @@ -4302,7 +3828,7 @@ index 2dea8b5..6499da2 100644 extern void ux500_cpu_die(unsigned int cpu); diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig -index c348eae..456a1a4 100644 +index ae69809..2665202 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -446,6 +446,7 @@ config CPU_32v5 @@ -4339,10 +3865,10 @@ index c348eae..456a1a4 100644 If all of the binaries and libraries which run on your platform diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c -index 33ca980..6b23b44 100644 +index 83792f4..c25d36b 100644 --- a/arch/arm/mm/alignment.c +++ b/arch/arm/mm/alignment.c -@@ -215,10 +215,12 @@ union offset_union { +@@ -216,10 +216,12 @@ union offset_union { #define __get16_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v, a = addr; \ @@ -4355,7 +3881,7 @@ index 33ca980..6b23b44 100644 if (err) \ goto fault; \ } while (0) -@@ -232,6 +234,7 @@ union offset_union { +@@ -233,6 +235,7 @@ union offset_union { #define __get32_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v, a = addr; \ @@ -4363,7 +3889,7 @@ index 33ca980..6b23b44 100644 __get8_unaligned_check(ins,v,a,err); \ val = v << ((BE) ? 24 : 0); \ __get8_unaligned_check(ins,v,a,err); \ -@@ -240,6 +243,7 @@ union offset_union { +@@ -241,6 +244,7 @@ union offset_union { val |= v << ((BE) ? 8 : 16); \ __get8_unaligned_check(ins,v,a,err); \ val |= v << ((BE) ? 0 : 24); \ @@ -4371,7 +3897,7 @@ index 33ca980..6b23b44 100644 if (err) \ goto fault; \ } while (0) -@@ -253,6 +257,7 @@ union offset_union { +@@ -254,6 +258,7 @@ union offset_union { #define __put16_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v = val, a = addr; \ @@ -4379,7 +3905,7 @@ index 33ca980..6b23b44 100644 __asm__( FIRST_BYTE_16 \ ARM( "1: "ins" %1, [%2], #1\n" ) \ THUMB( "1: "ins" %1, [%2]\n" ) \ -@@ -272,6 +277,7 @@ union offset_union { +@@ -273,6 +278,7 @@ union offset_union { " .popsection\n" \ : "=r" (err), "=&r" (v), "=&r" (a) \ : "0" (err), "1" (v), "2" (a)); \ @@ -4387,7 +3913,7 @@ index 33ca980..6b23b44 100644 if (err) \ goto fault; \ } while (0) -@@ -285,6 +291,7 @@ union offset_union { +@@ -286,6 +292,7 @@ union offset_union { #define __put32_unaligned_check(ins,val,addr) \ do { \ unsigned int err = 0, v = val, a = addr; \ @@ -4395,7 +3921,7 @@ index 33ca980..6b23b44 100644 __asm__( FIRST_BYTE_32 \ ARM( "1: "ins" %1, [%2], #1\n" ) \ THUMB( "1: "ins" %1, [%2]\n" ) \ -@@ -314,6 +321,7 @@ union offset_union { +@@ -315,6 +322,7 @@ union offset_union { " .popsection\n" \ : "=r" (err), "=&r" (v), "=&r" (a) \ : "0" (err), "1" (v), "2" (a)); \ @@ -4404,7 +3930,7 @@ index 33ca980..6b23b44 100644 goto fault; \ } while (0) diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c -index 7c3fb41..bfb87d8 100644 +index 5f2c988..221412d 100644 --- a/arch/arm/mm/cache-l2x0.c +++ b/arch/arm/mm/cache-l2x0.c @@ -41,7 +41,7 @@ struct l2c_init_data { @@ -4896,7 +4422,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index 6e3ba8d..9cbb4d7 100644 +index 8348ed6..b73a807 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -40,6 +40,22 @@ @@ -5279,6 +4805,30 @@ index 6e3ba8d..9cbb4d7 100644 } } +diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c +index a37b989..5c9ae75 100644 +--- a/arch/arm/net/bpf_jit_32.c ++++ b/arch/arm/net/bpf_jit_32.c +@@ -71,7 +71,11 @@ struct jit_ctx { + #endif + }; + ++#ifdef CONFIG_GRKERNSEC_BPF_HARDEN ++int bpf_jit_enable __read_only; ++#else + int bpf_jit_enable __read_mostly; ++#endif + + static u64 jit_get_skb_b(struct sk_buff *skb, unsigned offset) + { +@@ -930,5 +934,6 @@ void bpf_jit_free(struct bpf_prog *fp) + { + if (fp->jited) + module_free(NULL, fp->bpf_func); +- kfree(fp); ++ ++ bpf_prog_unlock_free(fp); + } diff --git a/arch/arm/plat-iop/setup.c b/arch/arm/plat-iop/setup.c index 5b217f4..c23f40e 100644 --- a/arch/arm/plat-iop/setup.c @@ -5575,7 +5125,7 @@ index 836f147..4cf23f5 100644 if (!(addr & ~PAGE_MASK)) goto success; diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h -index f4ca594..adc72fd6 100644 +index 2635117..fa223cb 100644 --- a/arch/hexagon/include/asm/cache.h +++ b/arch/hexagon/include/asm/cache.h @@ -21,9 +21,11 @@ @@ -5593,10 +5143,10 @@ index f4ca594..adc72fd6 100644 #define __cacheline_aligned __aligned(L1_CACHE_BYTES) #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) diff --git a/arch/ia64/Kconfig b/arch/ia64/Kconfig -index 2f3abcf..e63c7fa 100644 +index c84c88b..2a6e1ba 100644 --- a/arch/ia64/Kconfig +++ b/arch/ia64/Kconfig -@@ -547,6 +547,7 @@ source "drivers/sn/Kconfig" +@@ -549,6 +549,7 @@ source "drivers/sn/Kconfig" config KEXEC bool "kexec system call" depends on !IA64_HP_SIM && (!SMP || HOTPLUG_CPU) @@ -5605,7 +5155,7 @@ index 2f3abcf..e63c7fa 100644 kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile -index f37238f..810b95f 100644 +index 5441b14..039a446 100644 --- a/arch/ia64/Makefile +++ b/arch/ia64/Makefile @@ -99,5 +99,6 @@ endef @@ -6054,7 +5604,7 @@ index 76069c1..c2aa816 100644 } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 25c3502..560dae7 100644 +index 6b33457..88b5124 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -6077,6 +5627,15 @@ index 25c3502..560dae7 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); down_write(¤t->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { +@@ -286,7 +299,7 @@ static int __init gate_vma_init(void) + gate_vma.vm_start = FIXADDR_USER_START; + gate_vma.vm_end = FIXADDR_USER_END; + gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; +- gate_vma.vm_page_prot = __P101; ++ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); + + return 0; + } diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h index 40b3ee9..8c2c112 100644 --- a/arch/m32r/include/asm/cache.h @@ -6148,7 +5707,7 @@ index c7591e8..ecef036 100644 #define smp_load_acquire(p) \ diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c -index 3c52fa6..11b2ad8 100644 +index 3c32075..ae0ae75 100644 --- a/arch/metag/mm/hugetlbpage.c +++ b/arch/metag/mm/hugetlbpage.c @@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len) @@ -6178,10 +5737,10 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig -index 4e238e6..7c9ed92 100644 +index 574c430..470200d 100644 --- a/arch/mips/Kconfig +++ b/arch/mips/Kconfig -@@ -2392,6 +2392,7 @@ source "kernel/Kconfig.preempt" +@@ -2399,6 +2399,7 @@ source "kernel/Kconfig.preempt" config KEXEC bool "Kexec system call" @@ -7140,10 +6699,10 @@ index b4db69f..8f3b093 100644 #define SMP_CACHE_SHIFT L1_CACHE_SHIFT #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h -index d414405..6bb4ba2 100644 +index 1d38fe0..9beabc9 100644 --- a/arch/mips/include/asm/elf.h +++ b/arch/mips/include/asm/elf.h -@@ -398,13 +398,16 @@ extern const char *__elf_platform; +@@ -381,13 +381,16 @@ extern const char *__elf_platform; #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) #endif @@ -7281,7 +6840,7 @@ index 46dfc3c..a16b13a 100644 /** diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index 5699ec3..95def83 100644 +index 3be8180..c4798d5 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h @@ -120,7 +120,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, @@ -7310,7 +6869,7 @@ index b336037..5b874cc 100644 /* diff --git a/arch/mips/include/asm/pgtable.h b/arch/mips/include/asm/pgtable.h -index 539ddd1..8783f9a 100644 +index df49a30..c0d3dd6 100644 --- a/arch/mips/include/asm/pgtable.h +++ b/arch/mips/include/asm/pgtable.h @@ -20,6 +20,9 @@ @@ -7396,7 +6955,7 @@ index 1188e00..41cf144 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 71df942..199dd19 100644 +index 9287678..f870e47 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; @@ -7412,7 +6971,7 @@ index 71df942..199dd19 100644 + #include <asm/processor.h> - /* These MUST be defined before elf.h gets included */ + #include <linux/module.h> diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c index 50b3648..c2f3cec 100644 --- a/arch/mips/kernel/i8259.c @@ -7484,10 +7043,10 @@ index d2bfbc2..a8eacd2 100644 } #else diff --git a/arch/mips/kernel/pm-cps.c b/arch/mips/kernel/pm-cps.c -index c4c2069..bde8051 100644 +index 0614717..002fa43 100644 --- a/arch/mips/kernel/pm-cps.c +++ b/arch/mips/kernel/pm-cps.c -@@ -168,7 +168,7 @@ int cps_pm_enter_state(enum cps_pm_state state) +@@ -172,7 +172,7 @@ int cps_pm_enter_state(enum cps_pm_state state) nc_core_ready_count = nc_addr; /* Ensure ready_count is zero-initialised before the assembly runs */ @@ -7497,10 +7056,10 @@ index c4c2069..bde8051 100644 /* Run the generated entry code */ diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 0a1ec0f..d9e93b6 100644 +index 636b074..8fbb91f 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -572,15 +572,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -520,15 +520,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -7517,10 +7076,10 @@ index 0a1ec0f..d9e93b6 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index aae7119..8b16434 100644 +index 645b3c4..909c75a 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -762,6 +762,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -761,6 +761,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -7531,7 +7090,7 @@ index aae7119..8b16434 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -778,6 +782,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) +@@ -777,6 +781,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) tracehook_report_syscall_entry(regs)) ret = -1; @@ -7645,10 +7204,10 @@ index 2242bdd..b284048 100644 } /* Arrange for an interrupt in a short while */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c -index 51706d6..ec1178c 100644 +index 22b19c2..c5cc8c4 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c -@@ -687,7 +687,18 @@ asmlinkage void do_ov(struct pt_regs *regs) +@@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs) siginfo_t info; prev_state = exception_enter(); @@ -7668,19 +7227,19 @@ index 51706d6..ec1178c 100644 info.si_code = FPE_INTOVF; info.si_signo = SIGFPE; -diff --git a/arch/mips/kvm/kvm_mips.c b/arch/mips/kvm/kvm_mips.c -index f3c56a1..6a2f01c 100644 ---- a/arch/mips/kvm/kvm_mips.c -+++ b/arch/mips/kvm/kvm_mips.c -@@ -841,7 +841,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) +diff --git a/arch/mips/kvm/mips.c b/arch/mips/kvm/mips.c +index cd71141..e02c4df 100644 +--- a/arch/mips/kvm/mips.c ++++ b/arch/mips/kvm/mips.c +@@ -839,7 +839,7 @@ long kvm_arch_vm_ioctl(struct file *filp, unsigned int ioctl, unsigned long arg) return r; } -int kvm_arch_init(void *opaque) +int kvm_arch_init(const void *opaque) { - int ret; - + if (kvm_mips_callbacks) { + kvm_err("kvm: module already exists\n"); diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c index becc42b..9e43d4b 100644 --- a/arch/mips/mm/fault.c @@ -7829,6 +7388,18 @@ index f1baadd..5472dca 100644 int __virt_addr_valid(const volatile void *kaddr) { return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); +diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c +index 9f7ecbd..6e370fc 100644 +--- a/arch/mips/net/bpf_jit.c ++++ b/arch/mips/net/bpf_jit.c +@@ -1428,5 +1428,6 @@ void bpf_jit_free(struct bpf_prog *fp) + { + if (fp->jited) + module_free(NULL, fp->bpf_func); +- kfree(fp); ++ ++ bpf_prog_unlock_free(fp); + } diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c index 59cccd9..f39ac2f 100644 --- a/arch/mips/pci/pci-octeon.c @@ -8508,10 +8079,10 @@ index 3ca9c11..d163ef7 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig -index 80b94b0..a3274fb 100644 +index 4bc7b62..107e0b2 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig -@@ -398,6 +398,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE +@@ -399,6 +399,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE config KEXEC bool "kexec system call" depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP)) @@ -8554,18 +8125,18 @@ index bab79a1..4a3eabc 100644 #define smp_load_acquire(p) \ diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h -index ed0afc1..0332825 100644 +index 34a05a1..a1f2c67 100644 --- a/arch/powerpc/include/asm/cache.h +++ b/arch/powerpc/include/asm/cache.h -@@ -3,6 +3,7 @@ - +@@ -4,6 +4,7 @@ #ifdef __KERNEL__ + #include <asm/reg.h> +#include <linux/const.h> /* bytes per L1 cache line */ #if defined(CONFIG_8xx) || defined(CONFIG_403GCX) -@@ -22,7 +23,7 @@ +@@ -23,7 +24,7 @@ #define L1_CACHE_SHIFT 7 #endif @@ -8706,10 +8277,10 @@ index 8565c25..2865190 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h -index 32e4e21..62afb12 100644 +index 26fe1ae..987ffc5 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h -@@ -230,8 +230,9 @@ extern long long virt_phys_offset; +@@ -227,8 +227,9 @@ extern long long virt_phys_offset; * and needs to be executable. This means the whole heap ends * up being executable. */ @@ -8721,7 +8292,7 @@ index 32e4e21..62afb12 100644 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) -@@ -259,6 +260,9 @@ extern long long virt_phys_offset; +@@ -256,6 +257,9 @@ extern long long virt_phys_offset; #define is_kernel_addr(x) ((x) >= PAGE_OFFSET) #endif @@ -8813,7 +8384,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index bffd89d..a6641ed 100644 +index 0c05059..7e056e4 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -251,6 +251,7 @@ @@ -9078,10 +8649,10 @@ index bb9cac6..5181202 100644 ld r4,_DAR(r1) bl bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index a7d36b1..53af150 100644 +index 050f79a..f385bfe 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -1637,10 +1637,10 @@ handle_page_fault: +@@ -1593,10 +1593,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -9094,10 +8665,10 @@ index a7d36b1..53af150 100644 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c -index 248ee7e..1eb60dd 100644 +index 4c5891d..a5d88bb 100644 --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c -@@ -447,6 +447,8 @@ void migrate_irqs(void) +@@ -461,6 +461,8 @@ void migrate_irqs(void) } #endif @@ -9106,7 +8677,7 @@ index 248ee7e..1eb60dd 100644 static inline void check_stack_overflow(void) { #ifdef CONFIG_DEBUG_STACKOVERFLOW -@@ -459,6 +461,7 @@ static inline void check_stack_overflow(void) +@@ -473,6 +475,7 @@ static inline void check_stack_overflow(void) printk("do_IRQ: stack overflow: %ld\n", sp - sizeof(struct thread_info)); dump_stack(); @@ -9157,7 +8728,7 @@ index 6cff040..74ac5d1b 100644 sechdrs, module); #endif diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index be99774..9879c82 100644 +index bf44ae9..6d2ce71 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1039,8 +1039,8 @@ void show_regs(struct pt_regs * regs) @@ -9171,7 +8742,7 @@ index be99774..9879c82 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1554,10 +1554,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1558,10 +1558,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -9184,16 +8755,16 @@ index be99774..9879c82 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1577,7 +1577,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1581,7 +1581,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; -- printk("--- Exception: %lx at %pS\n LR = %pS\n", -+ printk("--- Exception: %lx at %pA\n LR = %pA\n", +- printk("--- interrupt: %lx at %pS\n LR = %pS\n", ++ printk("--- interrupt: %lx at %pA\n LR = %pA\n", regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1613,58 +1613,3 @@ void notrace __ppc64_runlatch_off(void) +@@ -1617,58 +1617,3 @@ void notrace __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -9292,10 +8863,10 @@ index 2e3d2bf..35df241 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 1bc5a17..910d3f3 100644 +index b171001..4ac7ac5 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -1012,7 +1012,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -1011,7 +1011,7 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -9305,10 +8876,10 @@ index 1bc5a17..910d3f3 100644 tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp; } else { diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 97c1e4b..f427f81 100644 +index 2cb0c94..c0c0bc9 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -755,7 +755,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, +@@ -754,7 +754,7 @@ int handle_rt_signal64(struct ksignal *ksig, sigset_t *set, struct pt_regs *regs current->thread.fp_state.fpscr = 0; /* Set up to return from userspace. */ @@ -9318,7 +8889,7 @@ index 97c1e4b..f427f81 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 239f1cd..5359f76 100644 +index 0dc43f9..7893068 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) @@ -9341,7 +8912,7 @@ index 239f1cd..5359f76 100644 } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c -index ce74c33..0803371 100644 +index f174351..5722009 100644 --- a/arch/powerpc/kernel/vdso.c +++ b/arch/powerpc/kernel/vdso.c @@ -35,6 +35,7 @@ @@ -9371,10 +8942,10 @@ index ce74c33..0803371 100644 rc = vdso_base; goto fail_mmapsem; diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c -index 61c738a..b1092d6 100644 +index 4c79284..0e462c3 100644 --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c -@@ -1195,7 +1195,7 @@ void kvmppc_init_lpid(unsigned long nr_lpids_param) +@@ -1338,7 +1338,7 @@ void kvmppc_init_lpid(unsigned long nr_lpids_param) } EXPORT_SYMBOL_GPL(kvmppc_init_lpid); @@ -9617,6 +9188,18 @@ index b0c75cc..ef7fb93 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c +index 3afa6f4..40c53ff 100644 +--- a/arch/powerpc/net/bpf_jit_comp.c ++++ b/arch/powerpc/net/bpf_jit_comp.c +@@ -697,5 +697,6 @@ void bpf_jit_free(struct bpf_prog *fp) + { + if (fp->jited) + module_free(NULL, fp->bpf_func); +- kfree(fp); ++ ++ bpf_prog_unlock_free(fp); + } diff --git a/arch/powerpc/platforms/cell/celleb_scc_pciex.c b/arch/powerpc/platforms/cell/celleb_scc_pciex.c index 4278acf..67fd0e6 100644 --- a/arch/powerpc/platforms/cell/celleb_scc_pciex.c @@ -9633,7 +9216,7 @@ index 4278acf..67fd0e6 100644 static void pciex_clear_intr_all(unsigned int __iomem *base) diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c -index 9098692..3d54cd1 100644 +index d966bbe..372124a 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c @@ -280,9 +280,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) @@ -9944,6 +9527,17 @@ index 9b436c2..54fbf0a 100644 mm->get_unmapped_area = s390_get_unmapped_area_topdown; } } +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index 61e45b7..f2833c5 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -887,5 +887,5 @@ void bpf_jit_free(struct bpf_prog *fp) + module_free(NULL, header); + + free_filter: +- kfree(fp); ++ bpf_prog_unlock_free(fp); + } diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h index ae3d59f..f65f075 100644 --- a/arch/score/include/asm/cache.h @@ -10562,19 +10156,22 @@ index 96efa7a..16858bf 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a5f01ac..703b554 100644 +index a5f01ac..a8811dd 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,6 +63,8 @@ struct thread_info { +@@ -63,7 +63,10 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; +- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + - unsigned long fpregs[0] __attribute__ ((aligned(64))); ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] ++ __attribute__ ((aligned(64))); }; -@@ -188,12 +190,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #endif /* !(__ASSEMBLY__) */ +@@ -188,12 +191,13 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ /* flag bit 4 is available */ #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ @@ -10589,7 +10186,7 @@ index a5f01ac..703b554 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -213,12 +216,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -213,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -10764,7 +10361,7 @@ index 50e7b62..79fae35 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index 027e099..6d4178f 100644 +index 0be7bf9..2b1cba8 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -161,7 +161,7 @@ static void show_regwindow(struct pt_regs *regs) @@ -10856,7 +10453,7 @@ index c13c9f2..d572c34 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c -index 41aa247..eadfb74 100644 +index f7ba875..b65677e 100644 --- a/arch/sparc/kernel/smp_64.c +++ b/arch/sparc/kernel/smp_64.c @@ -883,7 +883,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) @@ -12564,10 +12161,10 @@ index d329537..2c3746a 100644 pte_t *huge_pte_alloc(struct mm_struct *mm, diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c -index 2cfb0f2..e917d9f 100644 +index 98ac8e8..ba7dd39 100644 --- a/arch/sparc/mm/init_64.c +++ b/arch/sparc/mm/init_64.c -@@ -189,9 +189,9 @@ unsigned long sparc64_kern_sec_context __read_mostly; +@@ -190,9 +190,9 @@ unsigned long sparc64_kern_sec_context __read_mostly; int num_kernel_image_mappings; #ifdef CONFIG_DEBUG_DCFLUSH @@ -12579,7 +12176,7 @@ index 2cfb0f2..e917d9f 100644 #endif #endif -@@ -199,7 +199,7 @@ inline void flush_dcache_page_impl(struct page *page) +@@ -200,7 +200,7 @@ inline void flush_dcache_page_impl(struct page *page) { BUG_ON(tlb_type == hypervisor); #ifdef CONFIG_DEBUG_DCFLUSH @@ -12588,7 +12185,7 @@ index 2cfb0f2..e917d9f 100644 #endif #ifdef DCACHE_ALIASING_POSSIBLE -@@ -471,10 +471,10 @@ void mmu_info(struct seq_file *m) +@@ -472,10 +472,10 @@ void mmu_info(struct seq_file *m) #ifdef CONFIG_DEBUG_DCFLUSH seq_printf(m, "DCPageFlushes\t: %d\n", @@ -12601,11 +12198,23 @@ index 2cfb0f2..e917d9f 100644 #endif /* CONFIG_SMP */ #endif /* CONFIG_DEBUG_DCFLUSH */ } +diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c +index ece4af0..f04b862 100644 +--- a/arch/sparc/net/bpf_jit_comp.c ++++ b/arch/sparc/net/bpf_jit_comp.c +@@ -823,5 +823,6 @@ void bpf_jit_free(struct bpf_prog *fp) + { + if (fp->jited) + module_free(NULL, fp->bpf_func); +- kfree(fp); ++ ++ bpf_prog_unlock_free(fp); + } diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig -index 4f3006b..453f625f 100644 +index 7fcd492..1311074 100644 --- a/arch/tile/Kconfig +++ b/arch/tile/Kconfig -@@ -192,6 +192,7 @@ source "kernel/Kconfig.hz" +@@ -191,6 +191,7 @@ source "kernel/Kconfig.hz" config KEXEC bool "kexec system call" @@ -12736,7 +12345,7 @@ index 2e0a6b1..a64d0f5 100644 #endif diff --git a/arch/um/include/asm/page.h b/arch/um/include/asm/page.h -index 5ff53d9..5850cdf 100644 +index 71c5d13..4c7b9f1 100644 --- a/arch/um/include/asm/page.h +++ b/arch/um/include/asm/page.h @@ -14,6 +14,9 @@ @@ -12806,18 +12415,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 27adfd9..2362ac6 100644 +index 3632743..630a8bb 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -22,6 +22,7 @@ config X86_64 - config X86 - def_bool y - select ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS -+ select ARCH_HAS_FAST_MULTIPLIER - select ARCH_MIGHT_HAVE_PC_PARPORT - select ARCH_MIGHT_HAVE_PC_SERIO - select HAVE_AOUT if X86_32 -@@ -128,7 +129,7 @@ config X86 +@@ -130,7 +130,7 @@ config X86 select RTC_LIB select HAVE_DEBUG_STACKOVERFLOW select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64 @@ -12826,7 +12427,7 @@ index 27adfd9..2362ac6 100644 select GENERIC_CPU_AUTOPROBE select HAVE_ARCH_AUDITSYSCALL select ARCH_SUPPORTS_ATOMIC_RMW -@@ -253,7 +254,7 @@ config X86_HT +@@ -258,7 +258,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -12835,7 +12436,7 @@ index 27adfd9..2362ac6 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -549,6 +550,7 @@ config SCHED_OMIT_FRAME_POINTER +@@ -555,6 +555,7 @@ config SCHED_OMIT_FRAME_POINTER menuconfig HYPERVISOR_GUEST bool "Linux guest support" @@ -12843,7 +12444,7 @@ index 27adfd9..2362ac6 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1076,6 +1078,7 @@ choice +@@ -1083,6 +1084,7 @@ choice config NOHIGHMEM bool "off" @@ -12851,7 +12452,7 @@ index 27adfd9..2362ac6 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1112,6 +1115,7 @@ config NOHIGHMEM +@@ -1119,6 +1121,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12859,7 +12460,7 @@ index 27adfd9..2362ac6 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1164,7 +1168,7 @@ config PAGE_OFFSET +@@ -1171,7 +1174,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12868,7 +12469,7 @@ index 27adfd9..2362ac6 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1578,6 +1582,7 @@ source kernel/Kconfig.hz +@@ -1586,6 +1589,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12876,7 +12477,7 @@ index 27adfd9..2362ac6 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1728,7 +1733,9 @@ config X86_NEED_RELOCS +@@ -1771,7 +1775,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12887,7 +12488,7 @@ index 27adfd9..2362ac6 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1811,6 +1818,7 @@ config COMPAT_VDSO +@@ -1854,6 +1860,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -12949,10 +12550,10 @@ index 61bd2ad..50b625d 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 33f71b0..c2cefa2 100644 +index 60087ca..9d9500e 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile -@@ -71,9 +71,6 @@ ifeq ($(CONFIG_X86_32),y) +@@ -68,9 +68,6 @@ ifeq ($(CONFIG_X86_32),y) # CPU-specific tuning. Anything which can be shared with UML should go here. include $(srctree)/arch/x86/Makefile_32.cpu KBUILD_CFLAGS += $(cflags-y) @@ -12962,7 +12563,7 @@ index 33f71b0..c2cefa2 100644 else BITS := 64 UTS_MACHINE := x86_64 -@@ -114,6 +111,9 @@ else +@@ -111,6 +108,9 @@ else KBUILD_CFLAGS += $(call cc-option,-maccumulate-outgoing-args) endif @@ -12972,7 +12573,15 @@ index 33f71b0..c2cefa2 100644 # Make sure compiler does not have buggy stack-protector support. ifdef CONFIG_CC_STACKPROTECTOR cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh -@@ -271,3 +271,12 @@ define archhelp +@@ -184,6 +184,7 @@ archheaders: + $(Q)$(MAKE) $(build)=arch/x86/syscalls all + + archprepare: ++ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) + ifeq ($(CONFIG_KEXEC_FILE),y) + $(Q)$(MAKE) $(build)=arch/x86/purgatory arch/x86/purgatory/kexec-purgatory.c + endif +@@ -274,3 +275,9 @@ define archhelp echo ' FDINITRD=file initrd for the booted kernel' echo ' kvmconfig - Enable additional options for guest kernel support' endef @@ -12982,9 +12591,6 @@ index 33f71b0..c2cefa2 100644 +*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils. +*** Please upgrade your binutils to 2.18 or newer +endef -+ -+archprepare: -+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile index dbe8dd2..2f0a98f 100644 --- a/arch/x86/boot/Makefile @@ -13243,7 +12849,7 @@ index 1fd7d57..0f7d096 100644 err = check_cpuflags(); } else if (err == 0x01 && diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index 7a6d43a..edf6e40 100644 +index 16ef025..91e033b 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S @@ -438,10 +438,14 @@ setup_data: .quad 0 # 64-bit physical pointer to @@ -14254,7 +13860,7 @@ index e3531f8..e123f35 100644 ret; ENDPROC(cast6_xts_dec_8way) diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S -index dbc4339..de6e120 100644 +index 26d49eb..c0a8c84 100644 --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S @@ -45,6 +45,7 @@ @@ -14265,7 +13871,7 @@ index dbc4339..de6e120 100644 ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction -@@ -312,6 +313,7 @@ do_return: +@@ -309,6 +310,7 @@ do_return: popq %rsi popq %rdi popq %rbx @@ -14870,7 +14476,7 @@ index d21ff89..6da8e6e 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index f9e181a..300544c 100644 +index f9e181a..db313b5 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c @@ -218,7 +218,7 @@ asmlinkage long sys32_sigreturn(void) @@ -14927,13 +14533,12 @@ index f9e181a..300544c 100644 if (ksig->ka.sa.sa_flags & SA_RESTORER) restorer = ksig->ka.sa.sa_restorer; +- else + else if (current->mm->context.vdso) + /* Return stub is in 32bit vsyscall page */ -+ restorer = (void __force_user *)(current->mm->context.vdso + -+ selected_vdso32->sym___kernel_rt_sigreturn); - else -- restorer = current->mm->context.vdso + -- selected_vdso32->sym___kernel_rt_sigreturn; + restorer = current->mm->context.vdso + + selected_vdso32->sym___kernel_rt_sigreturn; ++ else + restorer = frame->retcode; put_user_ex(ptr_to_compat(restorer), &frame->pretcode); @@ -15370,7 +14975,7 @@ index 372231c..51b537d 100644 .long \orig - . .long \alt - . diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h -index 0a3f9c9..c9d081d 100644 +index 473bdbe..b1e3377 100644 --- a/arch/x86/include/asm/alternative.h +++ b/arch/x86/include/asm/alternative.h @@ -106,7 +106,7 @@ static inline int alternatives_text_reserved(void *start, void *end) @@ -15392,7 +14997,7 @@ index 0a3f9c9..c9d081d 100644 ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \ ".popsection" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 19b0eba..12254cd 100644 +index 465b309..ab7e51f 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) @@ -16267,7 +15872,7 @@ index 46e9052..ae45136 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/barrier.h b/arch/x86/include/asm/barrier.h -index 5c7198c..44180b5 100644 +index 0f4460b..fa1ee19 100644 --- a/arch/x86/include/asm/barrier.h +++ b/arch/x86/include/asm/barrier.h @@ -107,7 +107,7 @@ @@ -16289,7 +15894,7 @@ index 5c7198c..44180b5 100644 #define smp_load_acquire(p) \ diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index afcd35d..d01b118 100644 +index cfe3b95..d01b118 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -50,7 +50,7 @@ @@ -16373,15 +15978,6 @@ index afcd35d..d01b118 100644 { int bitpos = -1; /* -@@ -497,8 +497,6 @@ static __always_inline int fls64(__u64 x) - - #include <asm-generic/bitops/sched.h> - --#define ARCH_HAS_FAST_MULTIPLIER 1 -- - #include <asm/arch_hweight.h> - - #include <asm-generic/bitops/const_hweight.h> diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h index 4fa687a..60f2d39 100644 --- a/arch/x86/include/asm/boot.h @@ -16646,10 +16242,10 @@ index f50de69..2b0a458 100644 clac(); return ret; diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index d47786a..2d8883e 100644 +index 99c105d7..2f667ac 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h -@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) +@@ -16,8 +16,12 @@ extern void __cmpxchg_wrong_size(void) __compiletime_error("Bad argument size for cmpxchg"); extern void __xadd_wrong_size(void) __compiletime_error("Bad argument size for xadd"); @@ -16662,7 +16258,7 @@ index d47786a..2d8883e 100644 /* * Constants for operation sizes. On 32-bit, the 64-bit size it set to -@@ -67,6 +71,38 @@ extern void __add_wrong_size(void) +@@ -69,6 +73,38 @@ extern void __add_wrong_size(void) __ret; \ }) @@ -16725,28 +16321,27 @@ index 59c6c40..5e0b22c 100644 struct compat_timespec { compat_time_t tv_sec; diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index e265ff9..72c253b 100644 +index bb9b258..5fad1bf 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -203,7 +203,7 @@ - #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ - #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ - #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ +@@ -203,14 +203,14 @@ + #define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */ + #define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */ + - +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */ - /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ - #define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ -@@ -211,7 +211,7 @@ - #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ - #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ - #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ --#define X86_FEATURE_SMEP (9*32+ 7) /* Supervisor Mode Execution Protection */ -+#define X86_FEATURE_SMEP (9*32+ 7) /* Supervisor Mode Execution Prevention */ - #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ - #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ - #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -359,6 +359,7 @@ extern const char * const x86_power_flags[32]; + #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ + #define X86_FEATURE_TSC_ADJUST ( 9*32+ 1) /* TSC adjustment MSR 0x3b */ + #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */ + #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */ + #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */ +-#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Protection */ ++#define X86_FEATURE_SMEP ( 9*32+ 7) /* Supervisor Mode Execution Prevention */ + #define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */ + #define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */ + #define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */ +@@ -370,6 +370,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; #undef cpu_has_centaur_mcr #define cpu_has_centaur_mcr 0 @@ -16754,7 +16349,7 @@ index e265ff9..72c253b 100644 #endif /* CONFIG_X86_64 */ #if __GNUC__ >= 4 -@@ -411,7 +412,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -422,7 +423,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) #ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS t_warn: @@ -16764,7 +16359,7 @@ index e265ff9..72c253b 100644 return false; #endif -@@ -431,7 +433,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -442,7 +444,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -16773,7 +16368,7 @@ index e265ff9..72c253b 100644 "3: movb $1,%0\n" "4:\n" ".previous\n" -@@ -468,7 +470,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -479,7 +481,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) " .byte 2b - 1b\n" /* src len */ " .byte 4f - 3f\n" /* repl len */ ".previous\n" @@ -16782,7 +16377,7 @@ index e265ff9..72c253b 100644 "3: .byte 0xe9\n .long %l[t_no] - 2b\n" "4:\n" ".previous\n" -@@ -501,7 +503,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -512,7 +514,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -16791,7 +16386,7 @@ index e265ff9..72c253b 100644 "3: movb $0,%0\n" "4:\n" ".previous\n" -@@ -515,7 +517,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -526,7 +528,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */ ".previous\n" @@ -17059,7 +16654,7 @@ index ced283a..ffe04cc 100644 union { u64 v64; diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 1a055c8..a1701de 100644 +index 1a055c8..1a5082a 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -75,9 +75,6 @@ typedef struct user_fxsr_struct elf_fpxregset_t; @@ -17072,7 +16667,19 @@ index 1a055c8..a1701de 100644 #if defined(CONFIG_X86_32) || defined(CONFIG_COMPAT) extern unsigned int vdso32_enabled; #endif -@@ -248,7 +245,25 @@ extern int force_personality32; +@@ -160,8 +157,9 @@ do { \ + #define elf_check_arch(x) \ + ((x)->e_machine == EM_X86_64) + +-#define compat_elf_check_arch(x) \ +- (elf_check_arch_ia32(x) || (x)->e_machine == EM_X86_64) ++#define compat_elf_check_arch(x) \ ++ (elf_check_arch_ia32(x) || \ ++ (IS_ENABLED(CONFIG_X86_X32_ABI) && (x)->e_machine == EM_X86_64)) + + #if __USER32_DS != __USER_DS + # error "The following code assumes __USER32_DS == __USER_DS" +@@ -248,7 +246,25 @@ extern int force_personality32; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -17098,7 +16705,7 @@ index 1a055c8..a1701de 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. This could be done in user space, -@@ -297,17 +312,13 @@ do { \ +@@ -297,17 +313,13 @@ do { \ #define ARCH_DLINFO \ do { \ @@ -17118,7 +16725,7 @@ index 1a055c8..a1701de 100644 } while (0) #define AT_SYSINFO 32 -@@ -322,10 +333,10 @@ else \ +@@ -322,10 +334,10 @@ else \ #endif /* !CONFIG_X86_32 */ @@ -17131,7 +16738,7 @@ index 1a055c8..a1701de 100644 selected_vdso32->sym___kernel_vsyscall) struct linux_binprm; -@@ -337,9 +348,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -337,9 +349,6 @@ extern int compat_arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp); #define compat_arch_setup_additional_pages compat_arch_setup_additional_pages @@ -17187,7 +16794,7 @@ index 1c7eefe..d0e4702 100644 }; diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 115e368..76ecf6c 100644 +index 412ecec..c1ea43a 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h @@ -124,8 +124,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk) @@ -17300,7 +16907,7 @@ index 4615906..788c817 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h -index a203659..9889f1c 100644 +index ccffa53..3c90c87 100644 --- a/arch/x86/include/asm/i8259.h +++ b/arch/x86/include/asm/i8259.h @@ -62,7 +62,7 @@ struct legacy_pic { @@ -17643,10 +17250,10 @@ index 876e74e..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index be12c53..07fd3ca 100644 +index 166af2a..648c200 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h -@@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm); +@@ -28,6 +28,20 @@ void destroy_context(struct mm_struct *mm); static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) { @@ -17667,7 +17274,7 @@ index be12c53..07fd3ca 100644 #ifdef CONFIG_SMP if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); -@@ -34,16 +48,59 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -38,16 +52,59 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, struct task_struct *tsk) { unsigned cpu = smp_processor_id(); @@ -17724,10 +17331,10 @@ index be12c53..07fd3ca 100644 +#else load_cr3(next->pgd); +#endif + trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); /* Stop flush ipis for the previous mm */ - cpumask_clear_cpu(cpu, mm_cpumask(prev)); -@@ -51,9 +108,67 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -56,9 +113,67 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, /* Load the LDT, if the LDT is different: */ if (unlikely(prev->context.ldt != next->context.ldt)) load_LDT_nolock(&next->context); @@ -17796,13 +17403,14 @@ index be12c53..07fd3ca 100644 this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); -@@ -70,11 +185,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, +@@ -75,12 +190,29 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, * tlb flush IPI delivery. We must reload CR3 * to make sure to use no freed page tables. */ + +#ifndef CONFIG_PAX_PER_CPU_PGD load_cr3(next->pgd); + trace_tlb_flush(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); +#endif + load_LDT_nolock(&next->context); @@ -17907,7 +17515,7 @@ index 5f2fc44..106caa6 100644 void unregister_nmi_handler(unsigned int, const char *); diff --git a/arch/x86/include/asm/page.h b/arch/x86/include/asm/page.h -index 775873d..04cd306 100644 +index 802dde3..9183e68 100644 --- a/arch/x86/include/asm/page.h +++ b/arch/x86/include/asm/page.h @@ -52,6 +52,7 @@ static inline void copy_user_page(void *to, void *from, unsigned long vaddr, @@ -17942,7 +17550,7 @@ index 775873d..04cd306 100644 #include <asm-generic/memory_model.h> diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h -index 0f1ddee..e2fc3d1 100644 +index f408caf..4a0455e 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -7,9 +7,9 @@ @@ -18710,10 +18318,10 @@ index 7024c12..71c46b9 100644 /* diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index a4ea023..2ff3cb8 100644 +index eb71ec7..f06532a 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -128,7 +128,7 @@ struct cpuinfo_x86 { +@@ -127,7 +127,7 @@ struct cpuinfo_x86 { /* Index into per_cpu list: */ u16 cpu_index; u32 microcode; @@ -18722,7 +18330,7 @@ index a4ea023..2ff3cb8 100644 #define X86_VENDOR_INTEL 0 #define X86_VENDOR_CYRIX 1 -@@ -199,9 +199,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx, +@@ -198,9 +198,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx, : "memory"); } @@ -18745,7 +18353,7 @@ index a4ea023..2ff3cb8 100644 } #ifdef CONFIG_X86_32 -@@ -283,7 +295,7 @@ struct tss_struct { +@@ -282,7 +294,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -18754,7 +18362,7 @@ index a4ea023..2ff3cb8 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -479,6 +491,7 @@ struct thread_struct { +@@ -478,6 +490,7 @@ struct thread_struct { unsigned short ds; unsigned short fsindex; unsigned short gsindex; @@ -18762,7 +18370,7 @@ index a4ea023..2ff3cb8 100644 #endif #ifdef CONFIG_X86_32 unsigned long ip; -@@ -588,29 +601,8 @@ static inline void load_sp0(struct tss_struct *tss, +@@ -587,29 +600,8 @@ static inline void load_sp0(struct tss_struct *tss, extern unsigned long mmu_cr4_features; extern u32 *trampoline_cr4_features; @@ -18794,7 +18402,7 @@ index a4ea023..2ff3cb8 100644 typedef struct { unsigned long seg; -@@ -836,11 +828,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -837,11 +829,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -18815,7 +18423,7 @@ index a4ea023..2ff3cb8 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -854,7 +853,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -855,7 +854,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -18824,7 +18432,7 @@ index a4ea023..2ff3cb8 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -865,11 +864,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -866,11 +865,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -18837,7 +18445,7 @@ index a4ea023..2ff3cb8 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -884,7 +879,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -885,7 +880,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -18846,7 +18454,7 @@ index a4ea023..2ff3cb8 100644 __regs__ - 1; \ }) -@@ -894,13 +889,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -895,13 +890,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -18862,7 +18470,7 @@ index a4ea023..2ff3cb8 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -911,11 +906,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -912,11 +907,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -18876,7 +18484,7 @@ index a4ea023..2ff3cb8 100644 } /* -@@ -943,6 +938,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -944,6 +939,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -18887,7 +18495,7 @@ index a4ea023..2ff3cb8 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -969,7 +968,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves) +@@ -970,7 +969,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves) return 0; } @@ -18896,7 +18504,7 @@ index a4ea023..2ff3cb8 100644 extern void free_init_pages(char *what, unsigned long begin, unsigned long end); void default_idle(void); -@@ -979,6 +978,6 @@ bool xen_set_default_idle(void); +@@ -980,6 +979,6 @@ bool xen_set_default_idle(void); #define xen_set_default_idle 0 #endif @@ -18979,7 +18587,7 @@ index 6205f0c..688a3a9 100644 return *(unsigned long *)((unsigned long)regs + offset); } diff --git a/arch/x86/include/asm/qrwlock.h b/arch/x86/include/asm/qrwlock.h -index 70f46f0..adfbdb4 100644 +index ae0e241..e80b10b 100644 --- a/arch/x86/include/asm/qrwlock.h +++ b/arch/x86/include/asm/qrwlock.h @@ -7,8 +7,8 @@ @@ -20818,33 +20426,31 @@ index c949923..c22bfa4 100644 unsigned long mfn; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h -index d949ef2..479b9d1 100644 +index 7e7a79a..0824666 100644 --- a/arch/x86/include/asm/xsave.h +++ b/arch/x86/include/asm/xsave.h -@@ -82,8 +82,11 @@ static inline int xsave_user(struct xsave_struct __user *buf) +@@ -228,12 +228,16 @@ static inline int xsave_user(struct xsave_struct __user *buf) if (unlikely(err)) return -EFAULT; + pax_open_userland(); __asm__ __volatile__(ASM_STAC "\n" -- "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" +- "1:"XSAVE"\n" + "1:" + __copyuser_seg -+ ".byte " REX_PREFIX "0x0f,0xae,0x27\n" ++ XSAVE"\n" "2: " ASM_CLAC "\n" - ".section .fixup,\"ax\"\n" - "3: movl $-1,%[err]\n" -@@ -93,18 +96,22 @@ static inline int xsave_user(struct xsave_struct __user *buf) - : [err] "=r" (err) + xstate_fault : "D" (buf), "a" (-1), "d" (-1), "0" (0) : "memory"); + pax_close_userland(); return err; } +@@ -243,16 +247,20 @@ static inline int xsave_user(struct xsave_struct __user *buf) static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) { - int err; + int err = 0; - struct xsave_struct *xstate = ((__force struct xsave_struct *)buf); + struct xsave_struct *xstate = ((__force_kernel struct xsave_struct *)buf); u32 lmask = mask; @@ -20852,15 +20458,12 @@ index d949ef2..479b9d1 100644 + pax_open_userland(); __asm__ __volatile__(ASM_STAC "\n" -- "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" +- "1:"XRSTOR"\n" + "1:" + __copyuser_seg -+ ".byte " REX_PREFIX "0x0f,0xae,0x2f\n" ++ XRSTOR"\n" "2: " ASM_CLAC "\n" - ".section .fixup,\"ax\"\n" - "3: movl $-1,%[err]\n" -@@ -114,6 +121,7 @@ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) - : [err] "=r" (err) + xstate_fault : "D" (xstate), "a" (lmask), "d" (hmask), "0" (0) : "memory"); /* memory required? */ + pax_close_userland(); @@ -20893,7 +20496,7 @@ index 7b0a55a..ad115bf 100644 /* top of stack page */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index 047f9ff..4ba5ea6 100644 +index ada2e2d..ca69e16 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -20906,10 +20509,10 @@ index 047f9ff..4ba5ea6 100644 obj-$(CONFIG_X86_64) += mcount_64.o obj-y += syscall_$(BITS).o vsyscall_gtod.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index 86281ff..e046fc2 100644 +index b436fc7..1ba7044 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c -@@ -1296,7 +1296,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) +@@ -1272,7 +1272,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) * If your system is blacklisted here, but you find that acpi=force * works for you, please contact linux-acpi@vger.kernel.org */ @@ -20918,7 +20521,7 @@ index 86281ff..e046fc2 100644 /* * Boxes that need ACPI disabled */ -@@ -1371,7 +1371,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { +@@ -1347,7 +1347,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { }; /* second table for DMI checks that should run after early-quirks */ @@ -21132,7 +20735,7 @@ index 703130f..27a155d 100644 bp_int3_handler = handler; bp_int3_addr = (u8 *)addr + sizeof(int3); diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index ad28db7..c538b2c 100644 +index 6776027..972266c 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -201,7 +201,7 @@ int first_system_vector = 0xfe; @@ -21144,7 +20747,7 @@ index ad28db7..c538b2c 100644 int pic_mode; -@@ -2000,7 +2000,7 @@ static inline void __smp_error_interrupt(struct pt_regs *regs) +@@ -1989,7 +1989,7 @@ static inline void __smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v = apic_read(APIC_ESR); ack_APIC_irq(); @@ -21154,7 +20757,7 @@ index ad28db7..c538b2c 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x", smp_processor_id(), v); diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c -index 7c1b294..e71d27f 100644 +index de918c4..32eed23 100644 --- a/arch/x86/kernel/apic/apic_flat_64.c +++ b/arch/x86/kernel/apic/apic_flat_64.c @@ -154,7 +154,7 @@ static int flat_probe(void) @@ -21166,7 +20769,7 @@ index 7c1b294..e71d27f 100644 .name = "flat", .probe = flat_probe, .acpi_madt_oem_check = flat_acpi_madt_oem_check, -@@ -268,7 +268,7 @@ static int physflat_probe(void) +@@ -260,7 +260,7 @@ static int physflat_probe(void) return 0; } @@ -21176,10 +20779,10 @@ index 7c1b294..e71d27f 100644 .name = "physical flat", .probe = physflat_probe, diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c -index 8c7c982..a225910 100644 +index b205cdb..d8503ff 100644 --- a/arch/x86/kernel/apic/apic_noop.c +++ b/arch/x86/kernel/apic/apic_noop.c -@@ -118,7 +118,7 @@ static void noop_apic_write(u32 reg, u32 v) +@@ -108,7 +108,7 @@ static void noop_apic_write(u32 reg, u32 v) WARN_ON_ONCE(cpu_has_apic && !disable_apic); } @@ -21189,10 +20792,10 @@ index 8c7c982..a225910 100644 .probe = noop_probe, .acpi_madt_oem_check = NULL, diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c -index e4840aa..e7d9dac 100644 +index c4a8d63..fe893ac 100644 --- a/arch/x86/kernel/apic/bigsmp_32.c +++ b/arch/x86/kernel/apic/bigsmp_32.c -@@ -152,7 +152,7 @@ static int probe_bigsmp(void) +@@ -147,7 +147,7 @@ static int probe_bigsmp(void) return dmi_bigsmp; } @@ -21202,10 +20805,10 @@ index e4840aa..e7d9dac 100644 .name = "bigsmp", .probe = probe_bigsmp, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 81e08ef..abc77e5 100644 +index 337ce5a..c8d98b4 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c -@@ -1042,7 +1042,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, +@@ -1230,7 +1230,7 @@ out: } EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); @@ -21214,7 +20817,7 @@ index 81e08ef..abc77e5 100644 { /* Used to the online set of cpus does not change * during assign_irq_vector. -@@ -1050,7 +1050,7 @@ void lock_vector_lock(void) +@@ -1238,7 +1238,7 @@ void lock_vector_lock(void) raw_spin_lock(&vector_lock); } @@ -21223,7 +20826,7 @@ index 81e08ef..abc77e5 100644 { raw_spin_unlock(&vector_lock); } -@@ -2349,7 +2349,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2465,7 +2465,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -21232,7 +20835,7 @@ index 81e08ef..abc77e5 100644 #ifdef CONFIG_GENERIC_PENDING_IRQ static bool io_apic_level_ack_pending(struct irq_cfg *cfg) -@@ -2490,7 +2490,7 @@ static void ack_apic_level(struct irq_data *data) +@@ -2606,7 +2606,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -21242,7 +20845,7 @@ index 81e08ef..abc77e5 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c -index cceb352..a635fd8 100644 +index bda4886..f9c7195 100644 --- a/arch/x86/kernel/apic/probe_32.c +++ b/arch/x86/kernel/apic/probe_32.c @@ -72,7 +72,7 @@ static int probe_default(void) @@ -21255,7 +20858,7 @@ index cceb352..a635fd8 100644 .name = "default", .probe = probe_default, diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c -index e66766b..1c008ba 100644 +index 6ce600f..cb44af8 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c @@ -182,7 +182,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) @@ -21277,7 +20880,7 @@ index e66766b..1c008ba 100644 .name = "cluster x2apic", .probe = x2apic_cluster_probe, diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c -index 6d600eb..0300c00 100644 +index 6fae733..5ca17af 100644 --- a/arch/x86/kernel/apic/x2apic_phys.c +++ b/arch/x86/kernel/apic/x2apic_phys.c @@ -88,7 +88,7 @@ static int x2apic_phys_probe(void) @@ -21290,7 +20893,7 @@ index 6d600eb..0300c00 100644 .name = "physical x2apic", .probe = x2apic_phys_probe, diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c -index 293b41d..4df25fd 100644 +index 004f017..8fbc8b5 100644 --- a/arch/x86/kernel/apic/x2apic_uv_x.c +++ b/arch/x86/kernel/apic/x2apic_uv_x.c @@ -350,7 +350,7 @@ static int uv_probe(void) @@ -21445,10 +21048,10 @@ index 7fd54f0..0691410 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += rdrand.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index ce8b8ff..d7d8851 100644 +index 60e5497..8efbd2f 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -728,7 +728,7 @@ static void init_amd(struct cpuinfo_x86 *c) +@@ -711,7 +711,7 @@ static void init_amd(struct cpuinfo_x86 *c) static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -21458,7 +21061,7 @@ index ce8b8ff..d7d8851 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index ef1b93f..150db65 100644 +index e4ab2b4..d487ba5 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = { @@ -21522,7 +21125,7 @@ index ef1b93f..150db65 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -295,6 +241,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) +@@ -303,6 +249,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) } } @@ -21582,7 +21185,7 @@ index ef1b93f..150db65 100644 /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization -@@ -395,7 +394,7 @@ void switch_to_new_gdt(int cpu) +@@ -403,7 +402,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -21591,7 +21194,7 @@ index ef1b93f..150db65 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -885,6 +884,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -893,6 +892,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); @@ -21602,7 +21205,7 @@ index ef1b93f..150db65 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -893,6 +896,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -901,6 +904,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -21613,7 +21216,7 @@ index ef1b93f..150db65 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -973,7 +980,7 @@ static void syscall32_cpu_init(void) +@@ -981,7 +988,7 @@ static void syscall32_cpu_init(void) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -21622,7 +21225,7 @@ index ef1b93f..150db65 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -1113,14 +1120,16 @@ static __init int setup_disablecpuid(char *arg) +@@ -1121,14 +1128,16 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -21643,7 +21246,7 @@ index ef1b93f..150db65 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1283,7 +1292,7 @@ void cpu_init(void) +@@ -1291,7 +1300,7 @@ void cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -21652,7 +21255,7 @@ index ef1b93f..150db65 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1318,7 +1327,6 @@ void cpu_init(void) +@@ -1326,7 +1335,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -21660,7 +21263,7 @@ index ef1b93f..150db65 100644 enable_x2apic(); /* -@@ -1370,7 +1378,7 @@ void cpu_init(void) +@@ -1378,7 +1386,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -21670,7 +21273,7 @@ index ef1b93f..150db65 100644 show_ucode_info_early(); diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 9c8f739..902a9c5 100644 +index c703507..28535e3 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c @@ -1026,6 +1026,22 @@ static struct attribute *default_attrs[] = { @@ -21761,7 +21364,7 @@ index 9c8f739..902a9c5 100644 "index%1lu", i); if (unlikely(retval)) { diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 9a79c8d..158c2f1 100644 +index bd9ccda..38314e7 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -21885,7 +21488,7 @@ index 9a79c8d..158c2f1 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2414,7 +2417,7 @@ static __init void mce_init_banks(void) +@@ -2413,7 +2416,7 @@ static __init void mce_init_banks(void) for (i = 0; i < mca_cfg.banks; i++) { struct mce_bank *b = &mce_banks[i]; @@ -21894,7 +21497,7 @@ index 9a79c8d..158c2f1 100644 sysfs_attr_init(&a->attr); a->attr.name = b->attrname; -@@ -2521,7 +2524,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2520,7 +2523,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -22091,10 +21694,10 @@ index 619f769..d510008 100644 .attrs = NULL, /* patched at runtime */ }; diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -index ae6552a..b5be2d3 100644 +index 0939f86..69730af 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -@@ -3694,7 +3694,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) +@@ -3691,7 +3691,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) static int __init uncore_type_init(struct intel_uncore_type *type) { struct intel_uncore_pmu *pmus; @@ -22130,10 +21733,10 @@ index 3225ae6c..ee3c6db 100644 .notifier_call = cpuid_class_cpu_callback, }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index 507de80..ebaae2a 100644 +index a618fcd..200e95b 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c -@@ -58,7 +58,7 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) +@@ -104,7 +104,7 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) #ifdef CONFIG_X86_32 struct pt_regs fixed_regs; @@ -22583,7 +22186,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 0d0c9d4..f65b4f6 100644 +index 4b0e1df..884b67e 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -23058,12 +22661,12 @@ index 0d0c9d4..f65b4f6 100644 sysenter_badsys: movl $-ENOSYS,%eax jmp sysenter_after_call --END(syscall_badsys) +-END(sysenter_badsys) +ENDPROC(sysenter_badsys) CFI_ENDPROC .macro FIXUP_ESPFIX_STACK -@@ -696,8 +928,15 @@ END(syscall_badsys) +@@ -696,8 +928,15 @@ END(sysenter_badsys) */ #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ @@ -23246,8 +22849,8 @@ index 0d0c9d4..f65b4f6 100644 +ENDPROC(mcount) ENTRY(ftrace_caller) - cmpl $0, function_trace_stop -@@ -1089,7 +1328,7 @@ ftrace_graph_call: + pushl %eax +@@ -1086,7 +1325,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -23256,7 +22859,7 @@ index 0d0c9d4..f65b4f6 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1193,7 +1432,7 @@ trace: +@@ -1184,7 +1423,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -23265,7 +22868,7 @@ index 0d0c9d4..f65b4f6 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1211,7 +1450,7 @@ ENTRY(ftrace_graph_caller) +@@ -1202,7 +1441,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -23274,7 +22877,7 @@ index 0d0c9d4..f65b4f6 100644 .globl return_to_handler return_to_handler: -@@ -1272,15 +1511,18 @@ error_code: +@@ -1263,15 +1502,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -23295,7 +22898,7 @@ index 0d0c9d4..f65b4f6 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1323,7 +1565,7 @@ debug_stack_correct: +@@ -1314,7 +1556,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -23304,7 +22907,7 @@ index 0d0c9d4..f65b4f6 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1363,6 +1605,9 @@ nmi_stack_correct: +@@ -1354,6 +1596,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -23314,7 +22917,7 @@ index 0d0c9d4..f65b4f6 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1400,13 +1645,16 @@ nmi_espfix_stack: +@@ -1391,13 +1636,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23332,7 +22935,7 @@ index 0d0c9d4..f65b4f6 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1419,14 +1667,14 @@ ENTRY(int3) +@@ -1410,14 +1658,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23349,7 +22952,7 @@ index 0d0c9d4..f65b4f6 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1435,6 +1683,6 @@ ENTRY(async_page_fault) +@@ -1426,6 +1674,6 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -23358,7 +22961,7 @@ index 0d0c9d4..f65b4f6 100644 #endif diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c844f08..966a50e 100644 +index 2fac134..b020fca 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -23838,7 +23441,7 @@ index c844f08..966a50e 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -242,25 +647,26 @@ ENDPROC(native_usergs_sysret64) +@@ -241,25 +646,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23878,7 +23481,7 @@ index c844f08..966a50e 100644 je 1f SWAPGS /* -@@ -280,6 +686,18 @@ ENDPROC(native_usergs_sysret64) +@@ -279,6 +685,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23897,7 +23500,7 @@ index c844f08..966a50e 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -309,9 +727,52 @@ ENTRY(save_paranoid) +@@ -308,9 +726,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23952,7 +23555,7 @@ index c844f08..966a50e 100644 /* * A newly forked process directly context switches into this address. -@@ -332,7 +793,7 @@ ENTRY(ret_from_fork) +@@ -331,7 +792,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23961,7 +23564,7 @@ index c844f08..966a50e 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -342,15 +803,13 @@ ENTRY(ret_from_fork) +@@ -341,15 +802,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23978,7 +23581,7 @@ index c844f08..966a50e 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -387,7 +846,7 @@ END(ret_from_fork) +@@ -386,7 +845,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23987,7 +23590,7 @@ index c844f08..966a50e 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -400,16 +859,23 @@ GLOBAL(system_call_after_swapgs) +@@ -399,16 +858,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -24013,7 +23616,7 @@ index c844f08..966a50e 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -433,10 +899,13 @@ sysret_check: +@@ -432,10 +898,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -24028,7 +23631,7 @@ index c844f08..966a50e 100644 /* * sysretq will re-enable interrupts: */ -@@ -495,6 +964,9 @@ auditsys: +@@ -494,6 +963,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -24038,7 +23641,7 @@ index c844f08..966a50e 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -516,7 +988,7 @@ sysret_audit: +@@ -515,7 +987,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -24047,7 +23650,7 @@ index c844f08..966a50e 100644 jz auditsys #endif SAVE_REST -@@ -524,12 +996,15 @@ tracesys: +@@ -523,12 +995,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -24064,7 +23667,7 @@ index c844f08..966a50e 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -559,7 +1034,9 @@ GLOBAL(int_with_check) +@@ -558,7 +1033,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -24075,7 +23678,7 @@ index c844f08..966a50e 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -605,7 +1082,7 @@ int_restore_rest: +@@ -604,7 +1081,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -24084,7 +23687,7 @@ index c844f08..966a50e 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -618,9 +1095,10 @@ ENTRY(stub_\func) +@@ -617,9 +1094,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -24097,7 +23700,7 @@ index c844f08..966a50e 100644 .endm .macro FIXED_FRAME label,func -@@ -630,9 +1108,10 @@ ENTRY(\label) +@@ -629,9 +1107,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -24109,7 +23712,7 @@ index c844f08..966a50e 100644 .endm FORK_LIKE clone -@@ -640,19 +1119,6 @@ END(\label) +@@ -639,19 +1118,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -24129,7 +23732,7 @@ index c844f08..966a50e 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -664,7 +1130,7 @@ ENTRY(stub_execve) +@@ -663,7 +1129,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24138,7 +23741,7 @@ index c844f08..966a50e 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -681,7 +1147,7 @@ ENTRY(stub_rt_sigreturn) +@@ -680,7 +1146,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24147,7 +23750,7 @@ index c844f08..966a50e 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -695,7 +1161,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -694,7 +1160,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24156,7 +23759,7 @@ index c844f08..966a50e 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -709,7 +1175,7 @@ ENTRY(stub_x32_execve) +@@ -708,7 +1174,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24165,7 +23768,7 @@ index c844f08..966a50e 100644 #endif -@@ -746,7 +1212,7 @@ vector=vector+1 +@@ -745,7 +1211,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -24174,7 +23777,7 @@ index c844f08..966a50e 100644 .previous END(interrupt) -@@ -763,8 +1229,8 @@ END(interrupt) +@@ -762,8 +1228,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -24185,7 +23788,7 @@ index c844f08..966a50e 100644 SAVE_ARGS_IRQ call \func .endm -@@ -787,14 +1253,14 @@ ret_from_intr: +@@ -786,14 +1252,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -24204,7 +23807,7 @@ index c844f08..966a50e 100644 je retint_kernel /* Interrupt came from user space */ -@@ -816,12 +1282,35 @@ retint_swapgs: /* return to user-space */ +@@ -815,12 +1281,35 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24240,7 +23843,7 @@ index c844f08..966a50e 100644 /* * The iretq could re-enable interrupts: */ -@@ -934,7 +1423,7 @@ ENTRY(retint_kernel) +@@ -933,7 +1422,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC @@ -24249,7 +23852,7 @@ index c844f08..966a50e 100644 /* * If IRET takes a fault on the espfix stack, then we -@@ -956,13 +1445,13 @@ __do_double_fault: +@@ -955,13 +1444,13 @@ __do_double_fault: cmpq $native_irq_return_iret,%rax jne do_double_fault /* This shouldn't happen... */ movq PER_CPU_VAR(kernel_stack),%rax @@ -24265,7 +23868,7 @@ index c844f08..966a50e 100644 #else # define __do_double_fault do_double_fault #endif -@@ -979,7 +1468,7 @@ ENTRY(\sym) +@@ -978,7 +1467,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24274,7 +23877,7 @@ index c844f08..966a50e 100644 .endm #ifdef CONFIG_TRACING -@@ -1052,7 +1541,7 @@ apicinterrupt IRQ_WORK_VECTOR \ +@@ -1051,7 +1540,7 @@ apicinterrupt IRQ_WORK_VECTOR \ /* * Exception entry points. */ @@ -24283,7 +23886,7 @@ index c844f08..966a50e 100644 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 ENTRY(\sym) -@@ -1103,6 +1592,12 @@ ENTRY(\sym) +@@ -1102,6 +1591,12 @@ ENTRY(\sym) .endif .if \shift_ist != -1 @@ -24296,7 +23899,7 @@ index c844f08..966a50e 100644 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist) .endif -@@ -1119,7 +1614,7 @@ ENTRY(\sym) +@@ -1118,7 +1613,7 @@ ENTRY(\sym) .endif CFI_ENDPROC @@ -24305,7 +23908,7 @@ index c844f08..966a50e 100644 .endm #ifdef CONFIG_TRACING -@@ -1160,9 +1655,10 @@ gs_change: +@@ -1159,9 +1654,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24317,7 +23920,7 @@ index c844f08..966a50e 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1190,9 +1686,10 @@ ENTRY(do_softirq_own_stack) +@@ -1189,9 +1685,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24329,7 +23932,7 @@ index c844f08..966a50e 100644 #ifdef CONFIG_XEN idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0 -@@ -1230,7 +1727,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1229,7 +1726,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24338,7 +23941,7 @@ index c844f08..966a50e 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1289,7 +1786,7 @@ ENTRY(xen_failsafe_callback) +@@ -1288,7 +1785,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24347,7 +23950,7 @@ index c844f08..966a50e 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1336,18 +1833,33 @@ ENTRY(paranoid_exit) +@@ -1335,18 +1832,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24383,7 +23986,7 @@ index c844f08..966a50e 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1376,7 +1888,7 @@ paranoid_schedule: +@@ -1375,7 +1887,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24392,9 +23995,9 @@ index c844f08..966a50e 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1403,12 +1915,23 @@ ENTRY(error_entry) - movq_cfi r14, R14+8 - movq_cfi r15, R15+8 +@@ -1402,12 +1914,23 @@ ENTRY(error_entry) + movq %r14, R14+8(%rsp) + movq %r15, R15+8(%rsp) xorl %ebx,%ebx - testl $3,CS+8(%rsp) + testb $3,CS+8(%rsp) @@ -24557,7 +24160,7 @@ index 94d857f..bf1f0bf 100644 unlock_done: mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index cbc4a91..b38ee45 100644 +index 3386dc9..28bdf81 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -88,7 +88,7 @@ static unsigned long text_ip_addr(unsigned long ip) @@ -25368,7 +24971,7 @@ index 05fd74f..c3548b1 100644 +EXPORT_SYMBOL(cpu_pgd); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index d5dd808..b6432cf 100644 +index a9a4229..6f4d476 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -25940,7 +25543,7 @@ index 67e6d19..731ed28 100644 if (val == DIE_GPF) { diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c -index f304773..551e63c 100644 +index f1314d0..15f3154 100644 --- a/arch/x86/kernel/kprobes/opt.c +++ b/arch/x86/kernel/kprobes/opt.c @@ -79,6 +79,7 @@ found: @@ -25965,10 +25568,10 @@ index f304773..551e63c 100644 */ - rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; + rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE; - if (abs(rel) > 0x7fffffff) + if (abs(rel) > 0x7fffffff) { + __arch_remove_optimized_kprobe(op, 0); return -ERANGE; - -@@ -352,16 +354,18 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -354,16 +356,18 @@ int arch_prepare_optimized_kprobe(struct optimized_kprobe *op) op->optinsn.size = ret; /* Copy arch-dep-instance from template */ @@ -25990,7 +25593,7 @@ index f304773..551e63c 100644 (u8 *)op->kp.addr + op->optinsn.size); flush_icache_range((unsigned long) buf, -@@ -386,7 +390,7 @@ void arch_optimize_kprobes(struct list_head *oplist) +@@ -388,7 +392,7 @@ void arch_optimize_kprobes(struct list_head *oplist) WARN_ON(kprobe_disabled(&op->kp)); /* Backup instructions which will be replaced by jump address */ @@ -25999,7 +25602,7 @@ index f304773..551e63c 100644 RELATIVE_ADDR_SIZE); insn_buf[0] = RELATIVEJUMP_OPCODE; -@@ -434,7 +438,7 @@ int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter) +@@ -436,7 +440,7 @@ int setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter) /* This kprobe is really able to run optimized path. */ op = container_of(p, struct optimized_kprobe, kp); /* Detour through copied instructions */ @@ -26121,7 +25724,7 @@ index 1667b1d..16492c5 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/mcount_64.S b/arch/x86/kernel/mcount_64.S -index c050a01..5774072 100644 +index c73aecf..4c63630 100644 --- a/arch/x86/kernel/mcount_64.S +++ b/arch/x86/kernel/mcount_64.S @@ -7,7 +7,7 @@ @@ -26144,7 +25747,7 @@ index c050a01..5774072 100644 /* skip is set if stack has been adjusted */ .macro ftrace_caller_setup skip=0 -@@ -66,8 +67,9 @@ GLOBAL(ftrace_graph_call) +@@ -62,8 +63,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -26155,7 +25758,7 @@ index c050a01..5774072 100644 ENTRY(ftrace_regs_caller) /* Save the current flags before compare (in SS location)*/ -@@ -135,7 +137,7 @@ ftrace_restore_flags: +@@ -127,7 +129,7 @@ GLOBAL(ftrace_regs_call) popfq jmp ftrace_stub @@ -26164,7 +25767,7 @@ index c050a01..5774072 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -156,6 +158,7 @@ ENTRY(function_hook) +@@ -145,6 +147,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -26172,7 +25775,7 @@ index c050a01..5774072 100644 retq trace: -@@ -169,12 +172,13 @@ trace: +@@ -158,12 +161,13 @@ trace: #endif subq $MCOUNT_INSN_SIZE, %rdi @@ -26187,7 +25790,7 @@ index c050a01..5774072 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -196,8 +200,9 @@ ENTRY(ftrace_graph_caller) +@@ -185,8 +189,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -26198,7 +25801,7 @@ index c050a01..5774072 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -213,5 +218,7 @@ GLOBAL(return_to_handler) +@@ -202,5 +207,7 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -26726,7 +26329,7 @@ index ca7f0d5..8996469 100644 CFI_ENDPROC diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 4505e2a..ae28b0d 100644 +index f804dc9..7c62095 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -26745,10 +26348,10 @@ index 4505e2a..ae28b0d 100644 __alignof__(union thread_xstate), - SLAB_PANIC | SLAB_NOTRACK, NULL); + SLAB_PANIC | SLAB_NOTRACK | SLAB_USERCOPY, NULL); + setup_xstate_comp(); } - /* -@@ -105,7 +106,7 @@ void exit_thread(void) +@@ -106,7 +107,7 @@ void exit_thread(void) unsigned long *bp = t->io_bitmap_ptr; if (bp) { @@ -26757,7 +26360,7 @@ index 4505e2a..ae28b0d 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -125,6 +126,9 @@ void flush_thread(void) +@@ -126,6 +127,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -26767,7 +26370,7 @@ index 4505e2a..ae28b0d 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); drop_init_fpu(tsk); -@@ -271,7 +275,7 @@ static void __exit_idle(void) +@@ -272,7 +276,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -26776,7 +26379,7 @@ index 4505e2a..ae28b0d 100644 return; __exit_idle(); } -@@ -324,7 +328,7 @@ bool xen_set_default_idle(void) +@@ -325,7 +329,7 @@ bool xen_set_default_idle(void) return ret; } #endif @@ -26785,7 +26388,7 @@ index 4505e2a..ae28b0d 100644 { local_irq_disable(); /* -@@ -453,16 +457,37 @@ static int __init idle_setup(char *str) +@@ -454,16 +458,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -27197,10 +26800,10 @@ index 2f355d2..e75ed0a 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 52b1157..c6e67c4 100644 +index 17962e6..47f55db 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c -@@ -68,6 +68,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d) +@@ -69,6 +69,11 @@ static int __init set_bios_reboot(const struct dmi_system_id *d) void __noreturn machine_real_restart(unsigned int type) { @@ -27212,7 +26815,7 @@ index 52b1157..c6e67c4 100644 local_irq_disable(); /* -@@ -95,7 +100,29 @@ void __noreturn machine_real_restart(unsigned int type) +@@ -96,7 +101,29 @@ void __noreturn machine_real_restart(unsigned int type) /* Jump to the identity-mapped low memory code */ #ifdef CONFIG_X86_32 @@ -27243,7 +26846,7 @@ index 52b1157..c6e67c4 100644 "rm" (real_mode_header->machine_real_restart_asm), "a" (type)); #else -@@ -486,7 +513,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -500,7 +527,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * This means that this function can never return, it can misbehave * by not rebooting properly and hanging. */ @@ -27252,7 +26855,7 @@ index 52b1157..c6e67c4 100644 { int i; int attempt = 0; -@@ -610,13 +637,13 @@ void native_machine_shutdown(void) +@@ -620,13 +647,13 @@ void native_machine_shutdown(void) #endif } @@ -27268,7 +26871,7 @@ index 52b1157..c6e67c4 100644 { pr_notice("machine restart\n"); -@@ -625,7 +652,7 @@ static void native_machine_restart(char *__unused) +@@ -635,7 +662,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -27277,7 +26880,7 @@ index 52b1157..c6e67c4 100644 { /* Stop other cpus and apics */ machine_shutdown(); -@@ -635,7 +662,7 @@ static void native_machine_halt(void) +@@ -645,7 +672,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -27286,7 +26889,7 @@ index 52b1157..c6e67c4 100644 { if (pm_power_off) { if (!reboot_force) -@@ -644,9 +671,10 @@ static void native_machine_power_off(void) +@@ -654,9 +681,10 @@ static void native_machine_power_off(void) } /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -27326,7 +26929,7 @@ index 3fd2c69..a444264 100644 identity_mapped: /* set return address to 0 if not preserving context */ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 78a0e62..5c2e510 100644 +index 41ead8d..7ccde23 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c @@ -110,6 +110,7 @@ @@ -27612,10 +27215,10 @@ index be8e1bd..a3d93fa 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 215815b..9a814fd 100644 +index 42a2dca..35a07aa 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -230,14 +230,17 @@ static void notrace start_secondary(void *unused) +@@ -226,14 +226,17 @@ static void notrace start_secondary(void *unused) enable_start_cpu0 = 0; @@ -27637,7 +27240,7 @@ index 215815b..9a814fd 100644 /* * Check TSC synchronization with the BP: */ -@@ -764,8 +767,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -760,8 +763,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27648,7 +27251,7 @@ index 215815b..9a814fd 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -774,10 +778,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -770,10 +774,10 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); #endif @@ -27662,7 +27265,7 @@ index 215815b..9a814fd 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -923,6 +927,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -919,6 +923,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -28057,7 +27660,7 @@ index 91a4496..bb87552 100644 #ifdef CONFIG_DEBUG_FS diff --git a/arch/x86/kernel/time.c b/arch/x86/kernel/time.c -index bf7ef5c..59d0ac9 100644 +index 0fa2960..91eabbe 100644 --- a/arch/x86/kernel/time.c +++ b/arch/x86/kernel/time.c @@ -30,9 +30,9 @@ unsigned long profile_pc(struct pt_regs *regs) @@ -28307,7 +27910,7 @@ index 0d0e922..0886373 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c -index ea03031..34a5cdda 100644 +index b6025f9..0cc6a1d 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data) @@ -28781,10 +28384,10 @@ index e48b674..a451dd9 100644 .read = native_io_apic_read, .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index a4b451c..8dfe1ad 100644 +index 940b142..0ad3a10 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c -@@ -164,18 +164,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) +@@ -167,18 +167,18 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) /* Setup the bytes not touched by the [f]xsave and reserved for SW. */ sw_bytes = ia32_frame ? &fx_sw_reserved_ia32 : &fx_sw_reserved; @@ -28806,7 +28409,7 @@ index a4b451c..8dfe1ad 100644 /* * For legacy compatible, we always set FP/SSE bits in the bit -@@ -190,7 +190,7 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) +@@ -193,7 +193,7 @@ static inline int save_xstate_epilog(void __user *buf, int ia32_frame) */ xstate_bv |= XSTATE_FPSSE; @@ -28815,7 +28418,7 @@ index a4b451c..8dfe1ad 100644 return err; } -@@ -199,6 +199,7 @@ static inline int save_user_xstate(struct xsave_struct __user *buf) +@@ -202,6 +202,7 @@ static inline int save_user_xstate(struct xsave_struct __user *buf) { int err; @@ -28823,7 +28426,7 @@ index a4b451c..8dfe1ad 100644 if (use_xsave()) err = xsave_user(buf); else if (use_fxsr()) -@@ -311,6 +312,7 @@ sanitize_restored_xstate(struct task_struct *tsk, +@@ -314,6 +315,7 @@ sanitize_restored_xstate(struct task_struct *tsk, */ static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only) { @@ -28883,7 +28486,7 @@ index 38a0afe..94421a9 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 453e5fb..214168f 100644 +index 08e8a89..0e9183e 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -28909,10 +28512,10 @@ index 4107765..d9eb358 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index b5e994a..35b5866 100644 +index ddf7427..e3b93f9 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3541,7 +3541,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3547,7 +3547,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -28924,7 +28527,7 @@ index b5e994a..35b5866 100644 load_TR_desc(); } -@@ -3942,6 +3946,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3948,6 +3952,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -28936,10 +28539,18 @@ index b5e994a..35b5866 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 801332e..eeff1cc 100644 +index bfe11cf..d567dc0 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1339,12 +1339,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -453,6 +453,7 @@ struct vcpu_vmx { + int gs_ldt_reload_needed; + int fs_reload_needed; + u64 msr_host_bndcfgs; ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */ + } host_state; + struct { + int vm86_active; +@@ -1340,12 +1341,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -28954,7 +28565,7 @@ index 801332e..eeff1cc 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1604,7 +1604,11 @@ static void reload_tss(void) +@@ -1605,7 +1606,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -28966,7 +28577,7 @@ index 801332e..eeff1cc 100644 load_TR_desc(); } -@@ -1832,6 +1836,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1833,6 +1838,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -28977,7 +28588,7 @@ index 801332e..eeff1cc 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2121,7 +2129,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) +@@ -2122,7 +2131,7 @@ static void setup_msrs(struct vcpu_vmx *vmx) * reads and returns guest's timestamp counter "register" * guest_tsc = host_tsc + tsc_offset -- 21.3 */ @@ -28986,7 +28597,7 @@ index 801332e..eeff1cc 100644 { u64 host_tsc, tsc_offset; -@@ -3093,8 +3101,11 @@ static __init int hardware_setup(void) +@@ -3110,8 +3119,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -29000,7 +28611,7 @@ index 801332e..eeff1cc 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3105,13 +3116,15 @@ static __init int hardware_setup(void) +@@ -3122,13 +3134,15 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_apicv()) enable_apicv = 0; @@ -29020,18 +28631,26 @@ index 801332e..eeff1cc 100644 if (nested) nested_vmx_setup_ctls_msrs(); -@@ -4221,7 +4234,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4235,10 +4249,17 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) + u32 low32, high32; + unsigned long tmpl; + struct desc_ptr dt; ++ unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ -+ +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif ++ ++ /* Save the most likely value for this task's CR4 in the VMCS. */ ++ cr4 = read_cr4(); ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ ++ vmx->host_state.vmcs_host_cr4 = cr4; vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -4243,7 +4259,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) +@@ -4260,7 +4281,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ vmx->host_idt_base = dt.address; @@ -29040,7 +28659,29 @@ index 801332e..eeff1cc 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -7413,6 +7429,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7376,7 +7397,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); +- unsigned long debugctlmsr; ++ unsigned long debugctlmsr, cr4; + + /* Record the guest's net vcpu time for enforced NMI injections. */ + if (unlikely(!cpu_has_virtual_nmis() && vmx->soft_vnmi_blocked)) +@@ -7397,6 +7418,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); + ++ cr4 = read_cr4(); ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { ++ vmcs_writel(HOST_CR4, cr4); ++ vmx->host_state.vmcs_host_cr4 = cr4; ++ } ++ + /* When single-stepping over STI and MOV SS, we must clear the + * corresponding interruptibility bits in the guest state. Otherwise + * vmentry fails as it then expects bit 14 (BS) in pending debug +@@ -7453,6 +7480,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -29053,7 +28694,7 @@ index 801332e..eeff1cc 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -7465,6 +7487,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7505,6 +7538,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -29065,7 +28706,7 @@ index 801332e..eeff1cc 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -7478,7 +7505,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7518,7 +7556,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -29074,7 +28715,7 @@ index 801332e..eeff1cc 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -7487,8 +7514,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -7527,8 +7565,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -29096,10 +28737,10 @@ index 801332e..eeff1cc 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index ef432f8..a630659 100644 +index 8f1e22d..f6eee20 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1808,8 +1808,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1827,8 +1827,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -29110,7 +28751,7 @@ index ef432f8..a630659 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2729,6 +2729,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2749,6 +2749,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -29119,7 +28760,7 @@ index ef432f8..a630659 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5567,7 +5569,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5609,7 +5611,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -31991,7 +31632,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 3664279..c6a7830 100644 +index a241946..d7a04cf 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -14,12 +14,19 @@ @@ -32175,16 +31816,19 @@ index 3664279..c6a7830 100644 return 1; #endif return 0; -@@ -576,7 +660,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) +@@ -576,9 +660,9 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) } static const char nx_warning[] = KERN_CRIT -"kernel tried to execute NX-protected page - exploit attempt? (uid: %d)\n"; +"kernel tried to execute NX-protected page - exploit attempt? (uid: %d, task: %s, pid: %d)\n"; + static const char smep_warning[] = KERN_CRIT +-"unable to execute userspace code (SMEP?) (uid: %d)\n"; ++"unable to execute userspace code (SMEP?) (uid: %d, task: %s, pid: %d)\n"; static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -585,7 +669,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -587,7 +671,7 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, if (!oops_may_print()) return; @@ -32193,12 +31837,17 @@ index 3664279..c6a7830 100644 unsigned int level; pgd_t *pgd; pte_t *pte; -@@ -596,9 +680,21 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -598,13 +682,25 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, pte = lookup_address_in_pgd(pgd, address, &level); if (pte && pte_present(*pte) && !pte_exec(*pte)) - printk(nx_warning, from_kuid(&init_user_ns, current_uid())); + printk(nx_warning, from_kuid_munged(&init_user_ns, current_uid()), current->comm, task_pid_nr(current)); + if (pte && pte_present(*pte) && pte_exec(*pte) && + (pgd_flags(*pgd) & _PAGE_USER) && + (read_cr4() & X86_CR4_SMEP)) +- printk(smep_warning, from_kuid(&init_user_ns, current_uid())); ++ printk(smep_warning, from_kuid(&init_user_ns, current_uid()), current->comm, task_pid_nr(current)); } +#ifdef CONFIG_PAX_KERNEXEC @@ -32216,7 +31865,7 @@ index 3664279..c6a7830 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -779,6 +875,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -785,6 +881,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, return; } #endif @@ -32239,7 +31888,7 @@ index 3664279..c6a7830 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -870,7 +982,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -32248,7 +31897,7 @@ index 3664279..c6a7830 100644 code = BUS_MCEERR_AR; } #endif -@@ -918,6 +1030,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -924,6 +1036,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -32348,7 +31997,7 @@ index 3664279..c6a7830 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -985,6 +1190,9 @@ int show_unhandled_signals = 1; +@@ -991,6 +1196,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -32358,7 +32007,7 @@ index 3664279..c6a7830 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1019,7 +1227,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -1025,7 +1233,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -32367,7 +32016,7 @@ index 3664279..c6a7830 100644 return false; return true; -@@ -1047,6 +1255,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1053,6 +1261,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, tsk = current; mm = tsk->mm; @@ -32390,7 +32039,7 @@ index 3664279..c6a7830 100644 /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1124,7 +1348,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1130,7 +1354,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -32399,7 +32048,7 @@ index 3664279..c6a7830 100644 local_irq_enable(); error_code |= PF_USER; flags |= FAULT_FLAG_USER; -@@ -1171,6 +1395,11 @@ retry: +@@ -1177,6 +1401,11 @@ retry: might_sleep(); } @@ -32411,7 +32060,7 @@ index 3664279..c6a7830 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1182,18 +1411,24 @@ retry: +@@ -1188,18 +1417,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -32447,7 +32096,7 @@ index 3664279..c6a7830 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1309,3 +1544,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1316,3 +1551,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) } NOKPROBE_SYMBOL(trace_do_page_fault); #endif /* CONFIG_TRACING */ @@ -32883,7 +32532,7 @@ index 8b977eb..4732c33 100644 #endif /* CONFIG_HUGETLB_PAGE */ diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index f971306..e83e0f6 100644 +index 66dba36..f8082ec 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -4,6 +4,7 @@ @@ -32901,9 +32550,9 @@ index f971306..e83e0f6 100644 +#include <asm/desc.h> +#include <asm/bios_ebda.h> - #include "mm_internal.h" - -@@ -563,7 +566,18 @@ void __init init_mem_mapping(void) + /* + * We need to define the tracepoints somewhere, and tlb.c +@@ -570,7 +573,18 @@ void __init init_mem_mapping(void) early_ioremap_page_table_range_init(); #endif @@ -32922,7 +32571,7 @@ index f971306..e83e0f6 100644 __flush_tlb_all(); early_memtest(0, max_pfn_mapped << PAGE_SHIFT); -@@ -579,10 +593,40 @@ void __init init_mem_mapping(void) +@@ -586,10 +600,40 @@ void __init init_mem_mapping(void) * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -32964,7 +32613,7 @@ index f971306..e83e0f6 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -628,8 +672,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -635,8 +679,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -33083,7 +32732,7 @@ index f971306..e83e0f6 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index e395048..cd38278 100644 +index 7d05565..bfc5338 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void); @@ -33311,7 +32960,7 @@ index e395048..cd38278 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -883,6 +885,7 @@ void set_kernel_text_rw(void) +@@ -884,6 +886,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -33319,7 +32968,7 @@ index e395048..cd38278 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -897,6 +900,7 @@ void set_kernel_text_ro(void) +@@ -898,6 +901,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -33327,7 +32976,7 @@ index e395048..cd38278 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -925,6 +929,7 @@ void mark_rodata_ro(void) +@@ -926,6 +930,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -33336,7 +32985,7 @@ index e395048..cd38278 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index df1a992..94c272c 100644 +index 5621c47..5e17b7390 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -33460,7 +33109,7 @@ index df1a992..94c272c 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -1195,8 +1216,8 @@ static struct vm_operations_struct gate_vma_ops = { +@@ -1196,8 +1217,8 @@ static struct vm_operations_struct gate_vma_ops = { static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_ADDR, .vm_end = VSYSCALL_ADDR + PAGE_SIZE, @@ -33566,7 +33215,7 @@ index dd89a13..d77bdcc 100644 pte = kmemcheck_pte_lookup(address); diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c -index 25e7e13..1964579 100644 +index 919b912..9267313 100644 --- a/arch/x86/mm/mmap.c +++ b/arch/x86/mm/mmap.c @@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) @@ -34255,7 +33904,7 @@ index 90555bf..f5f1828 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index dd8dda1..9e9b0f6 100644 +index ee61c36..e6fedeb 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -48,7 +48,11 @@ void leave_mm(int cpu) @@ -34267,9 +33916,9 @@ index dd8dda1..9e9b0f6 100644 load_cr3(swapper_pg_dir); +#endif + - } - } - EXPORT_SYMBOL_GPL(leave_mm); + /* + * This gets called in the idle path where RCU + * functions differently. Tracing normally diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c new file mode 100644 index 0000000..dace51c @@ -34314,10 +33963,10 @@ index 0000000..dace51c +EXPORT_SYMBOL(__pax_close_userland); +#endif diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S -index 6440221..f746de8 100644 +index 6440221..f84b5c7 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S -@@ -9,19 +9,17 @@ +@@ -9,6 +9,7 @@ */ #include <linux/linkage.h> #include <asm/dwarf2.h> @@ -34325,23 +33974,7 @@ index 6440221..f746de8 100644 /* * Calling convention : -- * rbx : skb pointer (callee saved) -+ * rdi : skb pointer - * esi : offset of byte(s) to fetch in skb (can be scratched) -- * r10 : copy of skb->data -+ * r8 : copy of skb->data - * r9d : hlen = skb->len - skb->data_len - */ --#define SKBDATA %r10 -+#define SKBDATA %r8 - #define SKF_MAX_NEG_OFF $(-0x200000) /* SKF_LL_OFF from filter.h */ --#define MAX_BPF_STACK (512 /* from filter.h */ + \ -- 32 /* space for rbx,r13,r14,r15 */ + \ -- 8 /* space for skb_copy_bits */) - - sk_load_word: - .globl sk_load_word -@@ -38,6 +36,7 @@ sk_load_word_positive_offset: +@@ -38,6 +39,7 @@ sk_load_word_positive_offset: jle bpf_slow_path_word mov (SKBDATA,%rsi),%eax bswap %eax /* ntohl() */ @@ -34349,7 +33982,7 @@ index 6440221..f746de8 100644 ret sk_load_half: -@@ -55,6 +54,7 @@ sk_load_half_positive_offset: +@@ -55,6 +57,7 @@ sk_load_half_positive_offset: jle bpf_slow_path_half movzwl (SKBDATA,%rsi),%eax rol $8,%ax # ntohs() @@ -34357,67 +33990,24 @@ index 6440221..f746de8 100644 ret sk_load_byte: -@@ -69,45 +69,83 @@ sk_load_byte_positive_offset: +@@ -69,6 +72,7 @@ sk_load_byte_positive_offset: cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte */ jle bpf_slow_path_byte movzbl (SKBDATA,%rsi),%eax + pax_force_retaddr -+ ret -+ -+/** -+ * sk_load_byte_msh - BPF_S_LDX_B_MSH helper -+ * -+ * Implements BPF_S_LDX_B_MSH : ldxb 4*([offset]&0xf) -+ * Must preserve A accumulator (%eax) -+ * Inputs : %esi is the offset value -+ */ -+sk_load_byte_msh: -+ .globl sk_load_byte_msh -+ test %esi,%esi -+ js bpf_slow_path_byte_msh_neg -+ -+sk_load_byte_msh_positive_offset: -+ .globl sk_load_byte_msh_positive_offset -+ cmp %esi,%r9d /* if (offset >= hlen) goto bpf_slow_path_byte_msh */ -+ jle bpf_slow_path_byte_msh -+ movzbl (SKBDATA,%rsi),%ebx -+ and $15,%bl -+ shl $2,%bl -+ pax_force_retaddr ret /* rsi contains offset and can be scratched */ - #define bpf_slow_path_common(LEN) \ -- mov %rbx, %rdi; /* arg1 == skb */ \ -+ push %rdi; /* save skb */ \ - push %r9; \ - push SKBDATA; \ - /* rsi already has offset */ \ - mov $LEN,%ecx; /* len */ \ -- lea - MAX_BPF_STACK + 32(%rbp),%rdx; \ -+ lea -12(%rbp),%rdx; \ - call skb_copy_bits; \ - test %eax,%eax; \ - pop SKBDATA; \ -- pop %r9; -+ pop %r9; \ -+ pop %rdi - - - bpf_slow_path_word: - bpf_slow_path_common(4) +@@ -90,6 +94,7 @@ bpf_slow_path_word: js bpf_error -- mov - MAX_BPF_STACK + 32(%rbp),%eax -+ mov -12(%rbp),%eax + mov - MAX_BPF_STACK + 32(%rbp),%eax bswap %eax + pax_force_retaddr ret bpf_slow_path_half: - bpf_slow_path_common(2) - js bpf_error -- mov - MAX_BPF_STACK + 32(%rbp),%ax -+ mov -12(%rbp),%ax +@@ -98,12 +103,14 @@ bpf_slow_path_half: + mov - MAX_BPF_STACK + 32(%rbp),%ax rol $8,%ax movzwl %ax,%eax + pax_force_retaddr @@ -34426,40 +34016,12 @@ index 6440221..f746de8 100644 bpf_slow_path_byte: bpf_slow_path_common(1) js bpf_error -- movzbl - MAX_BPF_STACK + 32(%rbp),%eax -+ movzbl -12(%rbp),%eax -+ pax_force_retaddr -+ ret -+ -+bpf_slow_path_byte_msh: -+ xchg %eax,%ebx /* dont lose A , X is about to be scratched */ -+ bpf_slow_path_common(1) -+ js bpf_error -+ movzbl -12(%rbp),%eax -+ and $15,%al -+ shl $2,%al -+ xchg %eax,%ebx + movzbl - MAX_BPF_STACK + 32(%rbp),%eax + pax_force_retaddr ret #define sk_negative_common(SIZE) \ -- mov %rbx, %rdi; /* arg1 == skb */ \ -+ push %rdi; /* save skb */ \ - push %r9; \ - push SKBDATA; \ - /* rsi already has offset */ \ -@@ -116,8 +154,10 @@ bpf_slow_path_byte: - test %rax,%rax; \ - pop SKBDATA; \ - pop %r9; \ -+ pop %rdi; \ - jz bpf_error - -+ - bpf_slow_path_word_neg: - cmp SKF_MAX_NEG_OFF, %esi /* test range */ - jl bpf_error /* offset lower -> error */ -@@ -126,6 +166,7 @@ sk_load_word_negative_offset: +@@ -126,6 +133,7 @@ sk_load_word_negative_offset: sk_negative_common(4) mov (%rax), %eax bswap %eax @@ -34467,7 +34029,7 @@ index 6440221..f746de8 100644 ret bpf_slow_path_half_neg: -@@ -137,6 +178,7 @@ sk_load_half_negative_offset: +@@ -137,6 +145,7 @@ sk_load_half_negative_offset: mov (%rax),%ax rol $8,%ax movzwl %ax,%eax @@ -34475,276 +34037,37 @@ index 6440221..f746de8 100644 ret bpf_slow_path_byte_neg: -@@ -146,14 +188,27 @@ sk_load_byte_negative_offset: +@@ -146,6 +155,7 @@ sk_load_byte_negative_offset: .globl sk_load_byte_negative_offset sk_negative_common(1) movzbl (%rax), %eax + pax_force_retaddr -+ ret -+ -+bpf_slow_path_byte_msh_neg: -+ cmp SKF_MAX_NEG_OFF, %esi -+ jl bpf_error -+sk_load_byte_msh_negative_offset: -+ .globl sk_load_byte_msh_negative_offset -+ xchg %eax,%ebx /* dont lose A , X is about to be scratched */ -+ sk_negative_common(1) -+ movzbl (%rax),%eax -+ and $15,%al -+ shl $2,%al -+ xchg %eax,%ebx -+ pax_force_retaddr ret bpf_error: - # force a return 0 from jit handler -- xor %eax,%eax -- mov - MAX_BPF_STACK(%rbp),%rbx -- mov - MAX_BPF_STACK + 8(%rbp),%r13 -- mov - MAX_BPF_STACK + 16(%rbp),%r14 -- mov - MAX_BPF_STACK + 24(%rbp),%r15 -+ xor %eax,%eax -+ mov -8(%rbp),%rbx +@@ -156,4 +166,5 @@ bpf_error: + mov - MAX_BPF_STACK + 16(%rbp),%r14 + mov - MAX_BPF_STACK + 24(%rbp),%r15 leaveq + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 99bef86..bdfb5c6 100644 +index 5c8cb80..728d0cd 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -1,7 +1,6 @@ - /* bpf_jit_comp.c : BPF JIT compiler - * - * Copyright (C) 2011-2013 Eric Dumazet (eric.dumazet@gmail.com) -- * Internal BPF Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License -@@ -15,16 +14,28 @@ +@@ -15,7 +15,11 @@ #include <linux/if_vlan.h> #include <linux/random.h> -+/* -+ * Conventions : -+ * EAX : BPF A accumulator -+ * EBX : BPF X accumulator -+ * RDI : pointer to skb (first argument given to JIT function) -+ * RBP : frame pointer (even if CONFIG_FRAME_POINTER=n) -+ * ECX,EDX,ESI : scratch registers -+ * r9d : skb->len - skb->data_len (headlen) -+ * r8 : skb->data -+ * -8(RBP) : saved RBX value -+ * -16(RBP)..-80(RBP) : BPF_MEMWORDS values -+ */ ++#ifdef CONFIG_GRKERNSEC_BPF_HARDEN ++int bpf_jit_enable __read_only; ++#else int bpf_jit_enable __read_mostly; ++#endif /* * assembly code in arch/x86/net/bpf_jit.S - */ --extern u8 sk_load_word[], sk_load_half[], sk_load_byte[]; -+extern u8 sk_load_word[], sk_load_half[], sk_load_byte[], sk_load_byte_msh[]; - extern u8 sk_load_word_positive_offset[], sk_load_half_positive_offset[]; --extern u8 sk_load_byte_positive_offset[]; -+extern u8 sk_load_byte_positive_offset[], sk_load_byte_msh_positive_offset[]; - extern u8 sk_load_word_negative_offset[], sk_load_half_negative_offset[]; --extern u8 sk_load_byte_negative_offset[]; -+extern u8 sk_load_byte_negative_offset[], sk_load_byte_msh_negative_offset[]; - - static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) - { -@@ -39,50 +50,113 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) - return ptr + len; - } - -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+#define MAX_INSTR_CODE_SIZE 96 -+#else -+#define MAX_INSTR_CODE_SIZE 64 -+#endif -+ - #define EMIT(bytes, len) do { prog = emit_code(prog, bytes, len); } while (0) - - #define EMIT1(b1) EMIT(b1, 1) - #define EMIT2(b1, b2) EMIT((b1) + ((b2) << 8), 2) - #define EMIT3(b1, b2, b3) EMIT((b1) + ((b2) << 8) + ((b3) << 16), 3) - #define EMIT4(b1, b2, b3, b4) EMIT((b1) + ((b2) << 8) + ((b3) << 16) + ((b4) << 24), 4) --#define EMIT1_off32(b1, off) \ -- do {EMIT1(b1); EMIT(off, 4); } while (0) --#define EMIT2_off32(b1, b2, off) \ -- do {EMIT2(b1, b2); EMIT(off, 4); } while (0) --#define EMIT3_off32(b1, b2, b3, off) \ -- do {EMIT3(b1, b2, b3); EMIT(off, 4); } while (0) --#define EMIT4_off32(b1, b2, b3, b4, off) \ -- do {EMIT4(b1, b2, b3, b4); EMIT(off, 4); } while (0) -+ -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+/* original constant will appear in ecx */ -+#define DILUTE_CONST_SEQUENCE(_off, _key) \ -+do { \ -+ /* mov ecx, randkey */ \ -+ EMIT1(0xb9); \ -+ EMIT(_key, 4); \ -+ /* xor ecx, randkey ^ off */ \ -+ EMIT2(0x81, 0xf1); \ -+ EMIT((_key) ^ (_off), 4); \ -+} while (0) -+ -+#define EMIT1_off32(b1, _off) \ -+do { \ -+ switch (b1) { \ -+ case 0x05: /* add eax, imm32 */ \ -+ case 0x2d: /* sub eax, imm32 */ \ -+ case 0x25: /* and eax, imm32 */ \ -+ case 0x0d: /* or eax, imm32 */ \ -+ case 0xb8: /* mov eax, imm32 */ \ -+ case 0x35: /* xor eax, imm32 */ \ -+ case 0x3d: /* cmp eax, imm32 */ \ -+ case 0xa9: /* test eax, imm32 */ \ -+ DILUTE_CONST_SEQUENCE(_off, randkey); \ -+ EMIT2((b1) - 4, 0xc8); /* convert imm instruction to eax, ecx */\ -+ break; \ -+ case 0xbb: /* mov ebx, imm32 */ \ -+ DILUTE_CONST_SEQUENCE(_off, randkey); \ -+ /* mov ebx, ecx */ \ -+ EMIT2(0x89, 0xcb); \ -+ break; \ -+ case 0xbe: /* mov esi, imm32 */ \ -+ DILUTE_CONST_SEQUENCE(_off, randkey); \ -+ /* mov esi, ecx */ \ -+ EMIT2(0x89, 0xce); \ -+ break; \ -+ case 0xe8: /* call rel imm32, always to known funcs */ \ -+ EMIT1(b1); \ -+ EMIT(_off, 4); \ -+ break; \ -+ case 0xe9: /* jmp rel imm32 */ \ -+ EMIT1(b1); \ -+ EMIT(_off, 4); \ -+ /* prevent fall-through, we're not called if off = 0 */ \ -+ EMIT(0xcccccccc, 4); \ -+ EMIT(0xcccccccc, 4); \ -+ break; \ -+ default: \ -+ BUILD_BUG(); \ -+ } \ -+} while (0) -+ -+#define EMIT2_off32(b1, b2, _off) \ -+do { \ -+ if ((b1) == 0x8d && (b2) == 0xb3) { /* lea esi, [rbx+imm32] */ \ -+ EMIT2(0x8d, 0xb3); /* lea esi, [rbx+randkey] */ \ -+ EMIT(randkey, 4); \ -+ EMIT2(0x8d, 0xb6); /* lea esi, [esi+off-randkey] */ \ -+ EMIT((_off) - randkey, 4); \ -+ } else if ((b1) == 0x69 && (b2) == 0xc0) { /* imul eax, imm32 */\ -+ DILUTE_CONST_SEQUENCE(_off, randkey); \ -+ /* imul eax, ecx */ \ -+ EMIT3(0x0f, 0xaf, 0xc1); \ -+ } else { \ -+ BUILD_BUG(); \ -+ } \ -+} while (0) -+#else -+#define EMIT1_off32(b1, off) do { EMIT1(b1); EMIT(off, 4);} while (0) -+#define EMIT2_off32(b1, b2, off) do { EMIT2(b1, b2); EMIT(off, 4);} while (0) -+#endif -+ -+#define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ -+#define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ - - static inline bool is_imm8(int value) - { - return value <= 127 && value >= -128; - } - --static inline bool is_simm32(s64 value) -+static inline bool is_near(int offset) - { -- return value == (s64) (s32) value; -+ return offset <= 127 && offset >= -128; - } - --/* mov dst, src */ --#define EMIT_mov(DST, SRC) \ -- do {if (DST != SRC) \ -- EMIT3(add_2mod(0x48, DST, SRC), 0x89, add_2reg(0xC0, DST, SRC)); \ -- } while (0) -- --static int bpf_size_to_x86_bytes(int bpf_size) --{ -- if (bpf_size == BPF_W) -- return 4; -- else if (bpf_size == BPF_H) -- return 2; -- else if (bpf_size == BPF_B) -- return 1; -- else if (bpf_size == BPF_DW) -- return 4; /* imm32 */ -- else -- return 0; --} -+#define EMIT_JMP(offset) \ -+do { \ -+ if (offset) { \ -+ if (is_near(offset)) \ -+ EMIT2(0xeb, offset); /* jmp .+off8 */ \ -+ else \ -+ EMIT1_off32(0xe9, offset); /* jmp .+off32 */ \ -+ } \ -+} while (0) - - /* list of x86 cond jumps opcodes (. + s8) - * Add 0x10 (and an extra 0x0f) to generate far jumps (. + s32) -@@ -93,8 +167,46 @@ static int bpf_size_to_x86_bytes(int bpf_size) - #define X86_JNE 0x75 - #define X86_JBE 0x76 - #define X86_JA 0x77 --#define X86_JGE 0x7D --#define X86_JG 0x7F -+ -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+#define APPEND_FLOW_VERIFY() \ -+do { \ -+ /* mov ecx, randkey */ \ -+ EMIT1(0xb9); \ -+ EMIT(randkey, 4); \ -+ /* cmp ecx, randkey */ \ -+ EMIT2(0x81, 0xf9); \ -+ EMIT(randkey, 4); \ -+ /* jz after 8 int 3s */ \ -+ EMIT2(0x74, 0x08); \ -+ EMIT(0xcccccccc, 4); \ -+ EMIT(0xcccccccc, 4); \ -+} while (0) -+#else -+#define APPEND_FLOW_VERIFY() do { } while (0) -+#endif -+ -+#define EMIT_COND_JMP(op, offset) \ -+do { \ -+ if (is_near(offset)) \ -+ EMIT2(op, offset); /* jxx .+off8 */ \ -+ else { \ -+ EMIT2(0x0f, op + 0x10); \ -+ EMIT(offset, 4); /* jxx .+off32 */ \ -+ APPEND_FLOW_VERIFY(); \ -+ } \ -+} while (0) -+ -+#define COND_SEL(CODE, TOP, FOP) \ -+ case CODE: \ -+ t_op = TOP; \ -+ f_op = FOP; \ -+ goto cond_branch -+ -+ -+#define SEEN_DATAREF 1 /* might call external helpers */ -+#define SEEN_XREG 2 /* ebx is used */ -+#define SEEN_MEM 4 /* use mem[] for temporary storage */ - - static inline void bpf_flush_icache(void *start, void *end) - { -@@ -109,804 +221,646 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -109,36 +113,32 @@ static inline void bpf_flush_icache(void *start, void *end) #define CHOOSE_LOAD_FUNC(K, func) \ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative_offset : func) : func##_positive_offset) @@ -34755,27 +34078,8 @@ index 99bef86..bdfb5c6 100644 - */ - u8 image[]; -}; -+/* Helper to find the offset of pkt_type in sk_buff -+ * We want to make sure its still a 3bit field starting at a byte boundary. -+ */ -+#define PKT_TYPE_MAX 7 -+static int pkt_type_offset(void) -+{ -+ struct sk_buff skb_probe = { -+ .pkt_type = ~0, -+ }; -+ char *ct = (char *)&skb_probe; -+ unsigned int off; - +- -static struct bpf_binary_header *bpf_alloc_binary(unsigned int proglen, -+ for (off = 0; off < sizeof(struct sk_buff); off++) { -+ if (ct[off] == PKT_TYPE_MAX) -+ return off; -+ } -+ pr_err_once("Please fix pkt_type_offset(), as pkt_type couldn't be found\n"); -+ return -1; -+} -+ +/* Note : for security reasons, bpf code will follow a randomly + * sized amount of int3 instructions + */ @@ -34811,1388 +34115,76 @@ index 99bef86..bdfb5c6 100644 return header; } --/* pick a register outside of BPF range for JIT internal work */ --#define AUX_REG (MAX_BPF_REG + 1) -- --/* the following table maps BPF registers to x64 registers. -- * x64 register r12 is unused, since if used as base address register -- * in load/store instructions, it always needs an extra byte of encoding -- */ --static const int reg2hex[] = { -- [BPF_REG_0] = 0, /* rax */ -- [BPF_REG_1] = 7, /* rdi */ -- [BPF_REG_2] = 6, /* rsi */ -- [BPF_REG_3] = 2, /* rdx */ -- [BPF_REG_4] = 1, /* rcx */ -- [BPF_REG_5] = 0, /* r8 */ -- [BPF_REG_6] = 3, /* rbx callee saved */ -- [BPF_REG_7] = 5, /* r13 callee saved */ -- [BPF_REG_8] = 6, /* r14 callee saved */ -- [BPF_REG_9] = 7, /* r15 callee saved */ -- [BPF_REG_FP] = 5, /* rbp readonly */ -- [AUX_REG] = 3, /* r11 temp register */ --}; -- --/* is_ereg() == true if BPF register 'reg' maps to x64 r8..r15 -- * which need extra byte of encoding. -- * rax,rcx,...,rbp have simpler encoding -- */ --static inline bool is_ereg(u32 reg) --{ -- if (reg == BPF_REG_5 || reg == AUX_REG || -- (reg >= BPF_REG_7 && reg <= BPF_REG_9)) -- return true; -- else -- return false; --} -- --/* add modifiers if 'reg' maps to x64 registers r8..r15 */ --static inline u8 add_1mod(u8 byte, u32 reg) --{ -- if (is_ereg(reg)) -- byte |= 1; -- return byte; --} -- --static inline u8 add_2mod(u8 byte, u32 r1, u32 r2) --{ -- if (is_ereg(r1)) -- byte |= 1; -- if (is_ereg(r2)) -- byte |= 4; -- return byte; --} -- --/* encode 'dst_reg' register into x64 opcode 'byte' */ --static inline u8 add_1reg(u8 byte, u32 dst_reg) --{ -- return byte + reg2hex[dst_reg]; --} -- --/* encode 'dst_reg' and 'src_reg' registers into x64 opcode 'byte' */ --static inline u8 add_2reg(u8 byte, u32 dst_reg, u32 src_reg) --{ -- return byte + reg2hex[dst_reg] + (reg2hex[src_reg] << 3); --} -- --struct jit_context { -- unsigned int cleanup_addr; /* epilogue code offset */ -- bool seen_ld_abs; --}; -- --static int do_jit(struct sk_filter *bpf_prog, int *addrs, u8 *image, -- int oldproglen, struct jit_context *ctx) --{ -- struct sock_filter_int *insn = bpf_prog->insnsi; -- int insn_cnt = bpf_prog->len; -- u8 temp[64]; -- int i; -- int proglen = 0; -- u8 *prog = temp; -- int stacksize = MAX_BPF_STACK + -- 32 /* space for rbx, r13, r14, r15 */ + -- 8 /* space for skb_copy_bits() buffer */; -- -- EMIT1(0x55); /* push rbp */ -- EMIT3(0x48, 0x89, 0xE5); /* mov rbp,rsp */ -- -- /* sub rsp, stacksize */ -- EMIT3_off32(0x48, 0x81, 0xEC, stacksize); -- -- /* all classic BPF filters use R6(rbx) save it */ -- -- /* mov qword ptr [rbp-X],rbx */ -- EMIT3_off32(0x48, 0x89, 0x9D, -stacksize); -- -- /* sk_convert_filter() maps classic BPF register X to R7 and uses R8 -- * as temporary, so all tcpdump filters need to spill/fill R7(r13) and -- * R8(r14). R9(r15) spill could be made conditional, but there is only -- * one 'bpf_error' return path out of helper functions inside bpf_jit.S -- * The overhead of extra spill is negligible for any filter other -- * than synthetic ones. Therefore not worth adding complexity. -- */ -- -- /* mov qword ptr [rbp-X],r13 */ -- EMIT3_off32(0x4C, 0x89, 0xAD, -stacksize + 8); -- /* mov qword ptr [rbp-X],r14 */ -- EMIT3_off32(0x4C, 0x89, 0xB5, -stacksize + 16); -- /* mov qword ptr [rbp-X],r15 */ -- EMIT3_off32(0x4C, 0x89, 0xBD, -stacksize + 24); -- -- /* clear A and X registers */ -- EMIT2(0x31, 0xc0); /* xor eax, eax */ -- EMIT3(0x4D, 0x31, 0xED); /* xor r13, r13 */ -- -- if (ctx->seen_ld_abs) { -- /* r9d : skb->len - skb->data_len (headlen) -- * r10 : skb->data -- */ -- if (is_imm8(offsetof(struct sk_buff, len))) -- /* mov %r9d, off8(%rdi) */ -- EMIT4(0x44, 0x8b, 0x4f, -- offsetof(struct sk_buff, len)); -- else -- /* mov %r9d, off32(%rdi) */ -- EMIT3_off32(0x44, 0x8b, 0x8f, -- offsetof(struct sk_buff, len)); -- -- if (is_imm8(offsetof(struct sk_buff, data_len))) -- /* sub %r9d, off8(%rdi) */ -- EMIT4(0x44, 0x2b, 0x4f, -- offsetof(struct sk_buff, data_len)); -- else -- EMIT3_off32(0x44, 0x2b, 0x8f, -- offsetof(struct sk_buff, data_len)); -- -- if (is_imm8(offsetof(struct sk_buff, data))) -- /* mov %r10, off8(%rdi) */ -- EMIT4(0x4c, 0x8b, 0x57, -- offsetof(struct sk_buff, data)); -- else -- /* mov %r10, off32(%rdi) */ -- EMIT3_off32(0x4c, 0x8b, 0x97, -- offsetof(struct sk_buff, data)); -- } -- -- for (i = 0; i < insn_cnt; i++, insn++) { -- const s32 imm32 = insn->imm; -- u32 dst_reg = insn->dst_reg; -- u32 src_reg = insn->src_reg; -- u8 b1 = 0, b2 = 0, b3 = 0; -- s64 jmp_offset; -- u8 jmp_cond; -- int ilen; -- u8 *func; -- -- switch (insn->code) { -- /* ALU */ -- case BPF_ALU | BPF_ADD | BPF_X: -- case BPF_ALU | BPF_SUB | BPF_X: -- case BPF_ALU | BPF_AND | BPF_X: -- case BPF_ALU | BPF_OR | BPF_X: -- case BPF_ALU | BPF_XOR | BPF_X: -- case BPF_ALU64 | BPF_ADD | BPF_X: -- case BPF_ALU64 | BPF_SUB | BPF_X: -- case BPF_ALU64 | BPF_AND | BPF_X: -- case BPF_ALU64 | BPF_OR | BPF_X: -- case BPF_ALU64 | BPF_XOR | BPF_X: -- switch (BPF_OP(insn->code)) { -- case BPF_ADD: b2 = 0x01; break; -- case BPF_SUB: b2 = 0x29; break; -- case BPF_AND: b2 = 0x21; break; -- case BPF_OR: b2 = 0x09; break; -- case BPF_XOR: b2 = 0x31; break; -- } -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- EMIT1(add_2mod(0x48, dst_reg, src_reg)); -- else if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT1(add_2mod(0x40, dst_reg, src_reg)); -- EMIT2(b2, add_2reg(0xC0, dst_reg, src_reg)); -- break; -- -- /* mov dst, src */ -- case BPF_ALU64 | BPF_MOV | BPF_X: -- EMIT_mov(dst_reg, src_reg); -- break; -- -- /* mov32 dst, src */ -- case BPF_ALU | BPF_MOV | BPF_X: -- if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT1(add_2mod(0x40, dst_reg, src_reg)); -- EMIT2(0x89, add_2reg(0xC0, dst_reg, src_reg)); -- break; -- -- /* neg dst */ -- case BPF_ALU | BPF_NEG: -- case BPF_ALU64 | BPF_NEG: -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- EMIT1(add_1mod(0x48, dst_reg)); -- else if (is_ereg(dst_reg)) -- EMIT1(add_1mod(0x40, dst_reg)); -- EMIT2(0xF7, add_1reg(0xD8, dst_reg)); -- break; -- -- case BPF_ALU | BPF_ADD | BPF_K: -- case BPF_ALU | BPF_SUB | BPF_K: -- case BPF_ALU | BPF_AND | BPF_K: -- case BPF_ALU | BPF_OR | BPF_K: -- case BPF_ALU | BPF_XOR | BPF_K: -- case BPF_ALU64 | BPF_ADD | BPF_K: -- case BPF_ALU64 | BPF_SUB | BPF_K: -- case BPF_ALU64 | BPF_AND | BPF_K: -- case BPF_ALU64 | BPF_OR | BPF_K: -- case BPF_ALU64 | BPF_XOR | BPF_K: -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- EMIT1(add_1mod(0x48, dst_reg)); -- else if (is_ereg(dst_reg)) -- EMIT1(add_1mod(0x40, dst_reg)); -- -- switch (BPF_OP(insn->code)) { -- case BPF_ADD: b3 = 0xC0; break; -- case BPF_SUB: b3 = 0xE8; break; -- case BPF_AND: b3 = 0xE0; break; -- case BPF_OR: b3 = 0xC8; break; -- case BPF_XOR: b3 = 0xF0; break; -- } -- -- if (is_imm8(imm32)) -- EMIT3(0x83, add_1reg(b3, dst_reg), imm32); -- else -- EMIT2_off32(0x81, add_1reg(b3, dst_reg), imm32); -- break; -- -- case BPF_ALU64 | BPF_MOV | BPF_K: -- /* optimization: if imm32 is positive, -- * use 'mov eax, imm32' (which zero-extends imm32) -- * to save 2 bytes -- */ -- if (imm32 < 0) { -- /* 'mov rax, imm32' sign extends imm32 */ -- b1 = add_1mod(0x48, dst_reg); -- b2 = 0xC7; -- b3 = 0xC0; -- EMIT3_off32(b1, b2, add_1reg(b3, dst_reg), imm32); -- break; -- } -- -- case BPF_ALU | BPF_MOV | BPF_K: -- /* mov %eax, imm32 */ -- if (is_ereg(dst_reg)) -- EMIT1(add_1mod(0x40, dst_reg)); -- EMIT1_off32(add_1reg(0xB8, dst_reg), imm32); -- break; -- -- /* dst %= src, dst /= src, dst %= imm32, dst /= imm32 */ -- case BPF_ALU | BPF_MOD | BPF_X: -- case BPF_ALU | BPF_DIV | BPF_X: -- case BPF_ALU | BPF_MOD | BPF_K: -- case BPF_ALU | BPF_DIV | BPF_K: -- case BPF_ALU64 | BPF_MOD | BPF_X: -- case BPF_ALU64 | BPF_DIV | BPF_X: -- case BPF_ALU64 | BPF_MOD | BPF_K: -- case BPF_ALU64 | BPF_DIV | BPF_K: -- EMIT1(0x50); /* push rax */ -- EMIT1(0x52); /* push rdx */ -- -- if (BPF_SRC(insn->code) == BPF_X) -- /* mov r11, src_reg */ -- EMIT_mov(AUX_REG, src_reg); -- else -- /* mov r11, imm32 */ -- EMIT3_off32(0x49, 0xC7, 0xC3, imm32); -- -- /* mov rax, dst_reg */ -- EMIT_mov(BPF_REG_0, dst_reg); -- -- /* xor edx, edx -- * equivalent to 'xor rdx, rdx', but one byte less -- */ -- EMIT2(0x31, 0xd2); -- -- if (BPF_SRC(insn->code) == BPF_X) { -- /* if (src_reg == 0) return 0 */ -- -- /* cmp r11, 0 */ -- EMIT4(0x49, 0x83, 0xFB, 0x00); -- -- /* jne .+9 (skip over pop, pop, xor and jmp) */ -- EMIT2(X86_JNE, 1 + 1 + 2 + 5); -- EMIT1(0x5A); /* pop rdx */ -- EMIT1(0x58); /* pop rax */ -- EMIT2(0x31, 0xc0); /* xor eax, eax */ -- -- /* jmp cleanup_addr -- * addrs[i] - 11, because there are 11 bytes -- * after this insn: div, mov, pop, pop, mov -- */ -- jmp_offset = ctx->cleanup_addr - (addrs[i] - 11); -- EMIT1_off32(0xE9, jmp_offset); -- } -- -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- /* div r11 */ -- EMIT3(0x49, 0xF7, 0xF3); -- else -- /* div r11d */ -- EMIT3(0x41, 0xF7, 0xF3); -- -- if (BPF_OP(insn->code) == BPF_MOD) -- /* mov r11, rdx */ -- EMIT3(0x49, 0x89, 0xD3); -- else -- /* mov r11, rax */ -- EMIT3(0x49, 0x89, 0xC3); -- -- EMIT1(0x5A); /* pop rdx */ -- EMIT1(0x58); /* pop rax */ -- -- /* mov dst_reg, r11 */ -- EMIT_mov(dst_reg, AUX_REG); -- break; -- -- case BPF_ALU | BPF_MUL | BPF_K: -- case BPF_ALU | BPF_MUL | BPF_X: -- case BPF_ALU64 | BPF_MUL | BPF_K: -- case BPF_ALU64 | BPF_MUL | BPF_X: -- EMIT1(0x50); /* push rax */ -- EMIT1(0x52); /* push rdx */ -- -- /* mov r11, dst_reg */ -- EMIT_mov(AUX_REG, dst_reg); -- -- if (BPF_SRC(insn->code) == BPF_X) -- /* mov rax, src_reg */ -- EMIT_mov(BPF_REG_0, src_reg); -- else -- /* mov rax, imm32 */ -- EMIT3_off32(0x48, 0xC7, 0xC0, imm32); -- -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- EMIT1(add_1mod(0x48, AUX_REG)); -- else if (is_ereg(AUX_REG)) -- EMIT1(add_1mod(0x40, AUX_REG)); -- /* mul(q) r11 */ -- EMIT2(0xF7, add_1reg(0xE0, AUX_REG)); -- -- /* mov r11, rax */ -- EMIT_mov(AUX_REG, BPF_REG_0); -- -- EMIT1(0x5A); /* pop rdx */ -- EMIT1(0x58); /* pop rax */ -- -- /* mov dst_reg, r11 */ -- EMIT_mov(dst_reg, AUX_REG); -- break; -- -- /* shifts */ -- case BPF_ALU | BPF_LSH | BPF_K: -- case BPF_ALU | BPF_RSH | BPF_K: -- case BPF_ALU | BPF_ARSH | BPF_K: -- case BPF_ALU64 | BPF_LSH | BPF_K: -- case BPF_ALU64 | BPF_RSH | BPF_K: -- case BPF_ALU64 | BPF_ARSH | BPF_K: -- if (BPF_CLASS(insn->code) == BPF_ALU64) -- EMIT1(add_1mod(0x48, dst_reg)); -- else if (is_ereg(dst_reg)) -- EMIT1(add_1mod(0x40, dst_reg)); -- -- switch (BPF_OP(insn->code)) { -- case BPF_LSH: b3 = 0xE0; break; -- case BPF_RSH: b3 = 0xE8; break; -- case BPF_ARSH: b3 = 0xF8; break; -- } -- EMIT3(0xC1, add_1reg(b3, dst_reg), imm32); -- break; -- -- case BPF_ALU | BPF_END | BPF_FROM_BE: -- switch (imm32) { -- case 16: -- /* emit 'ror %ax, 8' to swap lower 2 bytes */ -- EMIT1(0x66); -- if (is_ereg(dst_reg)) -- EMIT1(0x41); -- EMIT3(0xC1, add_1reg(0xC8, dst_reg), 8); -- break; -- case 32: -- /* emit 'bswap eax' to swap lower 4 bytes */ -- if (is_ereg(dst_reg)) -- EMIT2(0x41, 0x0F); -- else -- EMIT1(0x0F); -- EMIT1(add_1reg(0xC8, dst_reg)); -- break; -- case 64: -- /* emit 'bswap rax' to swap 8 bytes */ -- EMIT3(add_1mod(0x48, dst_reg), 0x0F, -- add_1reg(0xC8, dst_reg)); -- break; -- } -- break; -- -- case BPF_ALU | BPF_END | BPF_FROM_LE: -- break; -- -- /* ST: *(u8*)(dst_reg + off) = imm */ -- case BPF_ST | BPF_MEM | BPF_B: -- if (is_ereg(dst_reg)) -- EMIT2(0x41, 0xC6); -- else -- EMIT1(0xC6); -- goto st; -- case BPF_ST | BPF_MEM | BPF_H: -- if (is_ereg(dst_reg)) -- EMIT3(0x66, 0x41, 0xC7); -- else -- EMIT2(0x66, 0xC7); -- goto st; -- case BPF_ST | BPF_MEM | BPF_W: -- if (is_ereg(dst_reg)) -- EMIT2(0x41, 0xC7); -- else -- EMIT1(0xC7); -- goto st; -- case BPF_ST | BPF_MEM | BPF_DW: -- EMIT2(add_1mod(0x48, dst_reg), 0xC7); -- --st: if (is_imm8(insn->off)) -- EMIT2(add_1reg(0x40, dst_reg), insn->off); -- else -- EMIT1_off32(add_1reg(0x80, dst_reg), insn->off); -- -- EMIT(imm32, bpf_size_to_x86_bytes(BPF_SIZE(insn->code))); -- break; -- -- /* STX: *(u8*)(dst_reg + off) = src_reg */ -- case BPF_STX | BPF_MEM | BPF_B: -- /* emit 'mov byte ptr [rax + off], al' */ -- if (is_ereg(dst_reg) || is_ereg(src_reg) || -- /* have to add extra byte for x86 SIL, DIL regs */ -- src_reg == BPF_REG_1 || src_reg == BPF_REG_2) -- EMIT2(add_2mod(0x40, dst_reg, src_reg), 0x88); -- else -- EMIT1(0x88); -- goto stx; -- case BPF_STX | BPF_MEM | BPF_H: -- if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT3(0x66, add_2mod(0x40, dst_reg, src_reg), 0x89); -- else -- EMIT2(0x66, 0x89); -- goto stx; -- case BPF_STX | BPF_MEM | BPF_W: -- if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT2(add_2mod(0x40, dst_reg, src_reg), 0x89); -- else -- EMIT1(0x89); -- goto stx; -- case BPF_STX | BPF_MEM | BPF_DW: -- EMIT2(add_2mod(0x48, dst_reg, src_reg), 0x89); --stx: if (is_imm8(insn->off)) -- EMIT2(add_2reg(0x40, dst_reg, src_reg), insn->off); -- else -- EMIT1_off32(add_2reg(0x80, dst_reg, src_reg), -- insn->off); -- break; -- -- /* LDX: dst_reg = *(u8*)(src_reg + off) */ -- case BPF_LDX | BPF_MEM | BPF_B: -- /* emit 'movzx rax, byte ptr [rax + off]' */ -- EMIT3(add_2mod(0x48, src_reg, dst_reg), 0x0F, 0xB6); -- goto ldx; -- case BPF_LDX | BPF_MEM | BPF_H: -- /* emit 'movzx rax, word ptr [rax + off]' */ -- EMIT3(add_2mod(0x48, src_reg, dst_reg), 0x0F, 0xB7); -- goto ldx; -- case BPF_LDX | BPF_MEM | BPF_W: -- /* emit 'mov eax, dword ptr [rax+0x14]' */ -- if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT2(add_2mod(0x40, src_reg, dst_reg), 0x8B); -- else -- EMIT1(0x8B); -- goto ldx; -- case BPF_LDX | BPF_MEM | BPF_DW: -- /* emit 'mov rax, qword ptr [rax+0x14]' */ -- EMIT2(add_2mod(0x48, src_reg, dst_reg), 0x8B); --ldx: /* if insn->off == 0 we can save one extra byte, but -- * special case of x86 r13 which always needs an offset -- * is not worth the hassle -- */ -- if (is_imm8(insn->off)) -- EMIT2(add_2reg(0x40, src_reg, dst_reg), insn->off); -- else -- EMIT1_off32(add_2reg(0x80, src_reg, dst_reg), -- insn->off); -- break; -- -- /* STX XADD: lock *(u32*)(dst_reg + off) += src_reg */ -- case BPF_STX | BPF_XADD | BPF_W: -- /* emit 'lock add dword ptr [rax + off], eax' */ -- if (is_ereg(dst_reg) || is_ereg(src_reg)) -- EMIT3(0xF0, add_2mod(0x40, dst_reg, src_reg), 0x01); -- else -- EMIT2(0xF0, 0x01); -- goto xadd; -- case BPF_STX | BPF_XADD | BPF_DW: -- EMIT3(0xF0, add_2mod(0x48, dst_reg, src_reg), 0x01); --xadd: if (is_imm8(insn->off)) -- EMIT2(add_2reg(0x40, dst_reg, src_reg), insn->off); -- else -- EMIT1_off32(add_2reg(0x80, dst_reg, src_reg), -- insn->off); -- break; -- -- /* call */ -- case BPF_JMP | BPF_CALL: -- func = (u8 *) __bpf_call_base + imm32; -- jmp_offset = func - (image + addrs[i]); -- if (ctx->seen_ld_abs) { -- EMIT2(0x41, 0x52); /* push %r10 */ -- EMIT2(0x41, 0x51); /* push %r9 */ -- /* need to adjust jmp offset, since -- * pop %r9, pop %r10 take 4 bytes after call insn -- */ -- jmp_offset += 4; -- } -- if (!imm32 || !is_simm32(jmp_offset)) { -- pr_err("unsupported bpf func %d addr %p image %p\n", -- imm32, func, image); -- return -EINVAL; -- } -- EMIT1_off32(0xE8, jmp_offset); -- if (ctx->seen_ld_abs) { -- EMIT2(0x41, 0x59); /* pop %r9 */ -- EMIT2(0x41, 0x5A); /* pop %r10 */ -- } -- break; -- -- /* cond jump */ -- case BPF_JMP | BPF_JEQ | BPF_X: -- case BPF_JMP | BPF_JNE | BPF_X: -- case BPF_JMP | BPF_JGT | BPF_X: -- case BPF_JMP | BPF_JGE | BPF_X: -- case BPF_JMP | BPF_JSGT | BPF_X: -- case BPF_JMP | BPF_JSGE | BPF_X: -- /* cmp dst_reg, src_reg */ -- EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x39, -- add_2reg(0xC0, dst_reg, src_reg)); -- goto emit_cond_jmp; -- -- case BPF_JMP | BPF_JSET | BPF_X: -- /* test dst_reg, src_reg */ -- EMIT3(add_2mod(0x48, dst_reg, src_reg), 0x85, -- add_2reg(0xC0, dst_reg, src_reg)); -- goto emit_cond_jmp; -- -- case BPF_JMP | BPF_JSET | BPF_K: -- /* test dst_reg, imm32 */ -- EMIT1(add_1mod(0x48, dst_reg)); -- EMIT2_off32(0xF7, add_1reg(0xC0, dst_reg), imm32); -- goto emit_cond_jmp; -- -- case BPF_JMP | BPF_JEQ | BPF_K: -- case BPF_JMP | BPF_JNE | BPF_K: -- case BPF_JMP | BPF_JGT | BPF_K: -- case BPF_JMP | BPF_JGE | BPF_K: -- case BPF_JMP | BPF_JSGT | BPF_K: -- case BPF_JMP | BPF_JSGE | BPF_K: -- /* cmp dst_reg, imm8/32 */ -- EMIT1(add_1mod(0x48, dst_reg)); -- -- if (is_imm8(imm32)) -- EMIT3(0x83, add_1reg(0xF8, dst_reg), imm32); -- else -- EMIT2_off32(0x81, add_1reg(0xF8, dst_reg), imm32); -- --emit_cond_jmp: /* convert BPF opcode to x86 */ -- switch (BPF_OP(insn->code)) { -- case BPF_JEQ: -- jmp_cond = X86_JE; -- break; -- case BPF_JSET: -- case BPF_JNE: -- jmp_cond = X86_JNE; -- break; -- case BPF_JGT: -- /* GT is unsigned '>', JA in x86 */ -- jmp_cond = X86_JA; -- break; -- case BPF_JGE: -- /* GE is unsigned '>=', JAE in x86 */ -- jmp_cond = X86_JAE; -- break; -- case BPF_JSGT: -- /* signed '>', GT in x86 */ -- jmp_cond = X86_JG; -- break; -- case BPF_JSGE: -- /* signed '>=', GE in x86 */ -- jmp_cond = X86_JGE; -- break; -- default: /* to silence gcc warning */ -- return -EFAULT; -- } -- jmp_offset = addrs[i + insn->off] - addrs[i]; -- if (is_imm8(jmp_offset)) { -- EMIT2(jmp_cond, jmp_offset); -- } else if (is_simm32(jmp_offset)) { -- EMIT2_off32(0x0F, jmp_cond + 0x10, jmp_offset); -- } else { -- pr_err("cond_jmp gen bug %llx\n", jmp_offset); -- return -EFAULT; -- } -- -- break; -- -- case BPF_JMP | BPF_JA: -- jmp_offset = addrs[i + insn->off] - addrs[i]; -- if (!jmp_offset) -- /* optimize out nop jumps */ -- break; --emit_jmp: -- if (is_imm8(jmp_offset)) { -- EMIT2(0xEB, jmp_offset); -- } else if (is_simm32(jmp_offset)) { -- EMIT1_off32(0xE9, jmp_offset); -- } else { -- pr_err("jmp gen bug %llx\n", jmp_offset); -- return -EFAULT; -- } -- break; -- -- case BPF_LD | BPF_IND | BPF_W: -- func = sk_load_word; -- goto common_load; -- case BPF_LD | BPF_ABS | BPF_W: -- func = CHOOSE_LOAD_FUNC(imm32, sk_load_word); --common_load: ctx->seen_ld_abs = true; -- jmp_offset = func - (image + addrs[i]); -- if (!func || !is_simm32(jmp_offset)) { -- pr_err("unsupported bpf func %d addr %p image %p\n", -- imm32, func, image); -- return -EINVAL; -- } -- if (BPF_MODE(insn->code) == BPF_ABS) { -- /* mov %esi, imm32 */ -- EMIT1_off32(0xBE, imm32); -- } else { -- /* mov %rsi, src_reg */ -- EMIT_mov(BPF_REG_2, src_reg); -- if (imm32) { -- if (is_imm8(imm32)) -- /* add %esi, imm8 */ -- EMIT3(0x83, 0xC6, imm32); -- else -- /* add %esi, imm32 */ -- EMIT2_off32(0x81, 0xC6, imm32); -- } -- } -- /* skb pointer is in R6 (%rbx), it will be copied into -- * %rdi if skb_copy_bits() call is necessary. -- * sk_load_* helpers also use %r10 and %r9d. -- * See bpf_jit.S -- */ -- EMIT1_off32(0xE8, jmp_offset); /* call */ -- break; -- -- case BPF_LD | BPF_IND | BPF_H: -- func = sk_load_half; -- goto common_load; -- case BPF_LD | BPF_ABS | BPF_H: -- func = CHOOSE_LOAD_FUNC(imm32, sk_load_half); -- goto common_load; -- case BPF_LD | BPF_IND | BPF_B: -- func = sk_load_byte; -- goto common_load; -- case BPF_LD | BPF_ABS | BPF_B: -- func = CHOOSE_LOAD_FUNC(imm32, sk_load_byte); -- goto common_load; -- -- case BPF_JMP | BPF_EXIT: -- if (i != insn_cnt - 1) { -- jmp_offset = ctx->cleanup_addr - addrs[i]; -- goto emit_jmp; -- } -- /* update cleanup_addr */ -- ctx->cleanup_addr = proglen; -- /* mov rbx, qword ptr [rbp-X] */ -- EMIT3_off32(0x48, 0x8B, 0x9D, -stacksize); -- /* mov r13, qword ptr [rbp-X] */ -- EMIT3_off32(0x4C, 0x8B, 0xAD, -stacksize + 8); -- /* mov r14, qword ptr [rbp-X] */ -- EMIT3_off32(0x4C, 0x8B, 0xB5, -stacksize + 16); -- /* mov r15, qword ptr [rbp-X] */ -- EMIT3_off32(0x4C, 0x8B, 0xBD, -stacksize + 24); -- -- EMIT1(0xC9); /* leave */ -- EMIT1(0xC3); /* ret */ -- break; -- -- default: -- /* By design x64 JIT should support all BPF instructions -- * This error will be seen if new instruction was added -- * to interpreter, but not to JIT -- * or if there is junk in sk_filter -- */ -- pr_err("bpf_jit: unknown opcode %02x\n", insn->code); -- return -EINVAL; -- } -- -- ilen = prog - temp; -- if (image) { -- if (unlikely(proglen + ilen > oldproglen)) { -- pr_err("bpf_jit_compile fatal error\n"); -- return -EFAULT; -- } -- memcpy(image + proglen, temp, ilen); -- } -- proglen += ilen; -- addrs[i] = proglen; -- prog = temp; -- } -- return proglen; --} -- --void bpf_jit_compile(struct sk_filter *prog) --{ --} -- --void bpf_int_jit_compile(struct sk_filter *prog) --{ -- struct bpf_binary_header *header = NULL; -- int proglen, oldproglen = 0; -- struct jit_context ctx = {}; -+void bpf_jit_compile(struct sk_filter *fp) -+{ -+ u8 temp[MAX_INSTR_CODE_SIZE]; -+ u8 *prog; -+ unsigned int proglen, oldproglen = 0; -+ int ilen, i; -+ int t_offset, f_offset; -+ u8 t_op, f_op, seen = 0, pass; - u8 *image = NULL; -- int *addrs; -- int pass; -- int i; -+ u8 *header = NULL; -+ u8 *func; -+ int pc_ret0 = -1; /* bpf index of first RET #0 instruction (if any) */ -+ unsigned int cleanup_addr; /* epilogue code offset */ -+ unsigned int *addrs; -+ const struct sock_filter *filter = fp->insns; -+ int flen = fp->len; -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ unsigned int randkey; -+#endif - - if (!bpf_jit_enable) - return; - -- if (!prog || !prog->len) -- return; -- -- addrs = kmalloc(prog->len * sizeof(*addrs), GFP_KERNEL); -- if (!addrs) -+ addrs = kmalloc(flen * sizeof(*addrs), GFP_KERNEL); -+ if (addrs == NULL) - return; - - /* Before first pass, make a rough estimation of addrs[] -- * each bpf instruction is translated to less than 64 bytes -+ * each bpf instruction is translated to less than MAX_INSTR_CODE_SIZE bytes - */ -- for (proglen = 0, i = 0; i < prog->len; i++) { -- proglen += 64; -+ for (proglen = 0, i = 0; i < flen; i++) { -+ proglen += MAX_INSTR_CODE_SIZE; +@@ -853,7 +853,9 @@ common_load: ctx->seen_ld_abs = true; + pr_err("bpf_jit_compile fatal error\n"); + return -EFAULT; + } ++ pax_open_kernel(); + memcpy(image + proglen, temp, ilen); ++ pax_close_kernel(); + } + proglen += ilen; addrs[i] = proglen; - } -- ctx.cleanup_addr = proglen; -+ cleanup_addr = proglen; /* epilogue address */ +@@ -868,7 +870,7 @@ void bpf_jit_compile(struct bpf_prog *prog) - for (pass = 0; pass < 10; pass++) { -- proglen = do_jit(prog, addrs, image, oldproglen, &ctx); -- if (proglen <= 0) { -- image = NULL; -- if (header) + void bpf_int_jit_compile(struct bpf_prog *prog) + { +- struct bpf_binary_header *header = NULL; ++ u8 *header = NULL; + int proglen, oldproglen = 0; + struct jit_context ctx = {}; + u8 *image = NULL; +@@ -900,7 +902,7 @@ void bpf_int_jit_compile(struct bpf_prog *prog) + if (proglen <= 0) { + image = NULL; + if (header) - module_free(NULL, header); -- goto out; -+ u8 seen_or_pass0 = (pass == 0) ? (SEEN_XREG | SEEN_DATAREF | SEEN_MEM) : seen; -+ /* no prologue/epilogue for trivial filters (RET something) */ -+ proglen = 0; -+ prog = temp; -+ -+ if (seen_or_pass0) { -+ EMIT4(0x55, 0x48, 0x89, 0xe5); /* push %rbp; mov %rsp,%rbp */ -+ EMIT4(0x48, 0x83, 0xec, 96); /* subq $96,%rsp */ -+ /* note : must save %rbx in case bpf_error is hit */ -+ if (seen_or_pass0 & (SEEN_XREG | SEEN_DATAREF)) -+ EMIT4(0x48, 0x89, 0x5d, 0xf8); /* mov %rbx, -8(%rbp) */ -+ if (seen_or_pass0 & SEEN_XREG) -+ CLEAR_X(); /* make sure we dont leek kernel memory */ -+ -+ /* -+ * If this filter needs to access skb data, -+ * loads r9 and r8 with : -+ * r9 = skb->len - skb->data_len -+ * r8 = skb->data -+ */ -+ if (seen_or_pass0 & SEEN_DATAREF) { -+ if (offsetof(struct sk_buff, len) <= 127) -+ /* mov off8(%rdi),%r9d */ -+ EMIT4(0x44, 0x8b, 0x4f, offsetof(struct sk_buff, len)); -+ else { -+ /* mov off32(%rdi),%r9d */ -+ EMIT3(0x44, 0x8b, 0x8f); -+ EMIT(offsetof(struct sk_buff, len), 4); -+ } -+ if (is_imm8(offsetof(struct sk_buff, data_len))) -+ /* sub off8(%rdi),%r9d */ -+ EMIT4(0x44, 0x2b, 0x4f, offsetof(struct sk_buff, data_len)); -+ else { -+ EMIT3(0x44, 0x2b, 0x8f); -+ EMIT(offsetof(struct sk_buff, data_len), 4); -+ } -+ -+ if (is_imm8(offsetof(struct sk_buff, data))) -+ /* mov off8(%rdi),%r8 */ -+ EMIT4(0x4c, 0x8b, 0x47, offsetof(struct sk_buff, data)); -+ else { -+ /* mov off32(%rdi),%r8 */ -+ EMIT3(0x4c, 0x8b, 0x87); -+ EMIT(offsetof(struct sk_buff, data), 4); -+ } -+ } ++ module_free_exec(NULL, image); + goto out; } -+ -+ switch (filter[0].code) { -+ case BPF_S_RET_K: -+ case BPF_S_LD_W_LEN: -+ case BPF_S_ANC_PROTOCOL: -+ case BPF_S_ANC_IFINDEX: -+ case BPF_S_ANC_MARK: -+ case BPF_S_ANC_RXHASH: -+ case BPF_S_ANC_CPU: -+ case BPF_S_ANC_VLAN_TAG: -+ case BPF_S_ANC_VLAN_TAG_PRESENT: -+ case BPF_S_ANC_QUEUE: -+ case BPF_S_ANC_PKTTYPE: -+ case BPF_S_LD_W_ABS: -+ case BPF_S_LD_H_ABS: -+ case BPF_S_LD_B_ABS: -+ /* first instruction sets A register (or is RET 'constant') */ -+ break; -+ default: -+ /* make sure we dont leak kernel information to user */ -+ CLEAR_A(); /* A = 0 */ -+ } -+ -+ for (i = 0; i < flen; i++) { -+ unsigned int K = filter[i].k; -+ -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ randkey = prandom_u32(); -+#endif -+ -+ switch (filter[i].code) { -+ case BPF_S_ALU_ADD_X: /* A += X; */ -+ seen |= SEEN_XREG; -+ EMIT2(0x01, 0xd8); /* add %ebx,%eax */ -+ break; -+ case BPF_S_ALU_ADD_K: /* A += K; */ -+ if (!K) -+ break; -+ if (is_imm8(K)) -+ EMIT3(0x83, 0xc0, K); /* add imm8,%eax */ -+ else -+ EMIT1_off32(0x05, K); /* add imm32,%eax */ -+ break; -+ case BPF_S_ALU_SUB_X: /* A -= X; */ -+ seen |= SEEN_XREG; -+ EMIT2(0x29, 0xd8); /* sub %ebx,%eax */ -+ break; -+ case BPF_S_ALU_SUB_K: /* A -= K */ -+ if (!K) -+ break; -+ if (is_imm8(K)) -+ EMIT3(0x83, 0xe8, K); /* sub imm8,%eax */ -+ else -+ EMIT1_off32(0x2d, K); /* sub imm32,%eax */ -+ break; -+ case BPF_S_ALU_MUL_X: /* A *= X; */ -+ seen |= SEEN_XREG; -+ EMIT3(0x0f, 0xaf, 0xc3); /* imul %ebx,%eax */ -+ break; -+ case BPF_S_ALU_MUL_K: /* A *= K */ -+ if (is_imm8(K)) -+ EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ -+ else -+ EMIT2_off32(0x69, 0xc0, K); /* imul imm32,%eax */ -+ break; -+ case BPF_S_ALU_DIV_X: /* A /= X; */ -+ seen |= SEEN_XREG; -+ EMIT2(0x85, 0xdb); /* test %ebx,%ebx */ -+ if (pc_ret0 > 0) { -+ /* addrs[pc_ret0 - 1] is start address of target -+ * (addrs[i] - 4) is the address following this jmp -+ * ("xor %edx,%edx; div %ebx" being 4 bytes long) -+ */ -+ EMIT_COND_JMP(X86_JE, addrs[pc_ret0 - 1] - -+ (addrs[i] - 4)); -+ } else { -+ EMIT_COND_JMP(X86_JNE, 2 + 5); -+ CLEAR_A(); -+ EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 4)); /* jmp .+off32 */ -+ } -+ EMIT4(0x31, 0xd2, 0xf7, 0xf3); /* xor %edx,%edx; div %ebx */ -+ break; -+ case BPF_S_ALU_MOD_X: /* A %= X; */ -+ seen |= SEEN_XREG; -+ EMIT2(0x85, 0xdb); /* test %ebx,%ebx */ -+ if (pc_ret0 > 0) { -+ /* addrs[pc_ret0 - 1] is start address of target -+ * (addrs[i] - 6) is the address following this jmp -+ * ("xor %edx,%edx; div %ebx;mov %edx,%eax" being 6 bytes long) -+ */ -+ EMIT_COND_JMP(X86_JE, addrs[pc_ret0 - 1] - -+ (addrs[i] - 6)); -+ } else { -+ EMIT_COND_JMP(X86_JNE, 2 + 5); -+ CLEAR_A(); -+ EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 6)); /* jmp .+off32 */ -+ } -+ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ -+ EMIT2(0xf7, 0xf3); /* div %ebx */ -+ EMIT2(0x89, 0xd0); /* mov %edx,%eax */ -+ break; -+ case BPF_S_ALU_MOD_K: /* A %= K; */ -+ if (K == 1) { -+ CLEAR_A(); -+ break; -+ } -+ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ DILUTE_CONST_SEQUENCE(K, randkey); -+#else -+ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */ -+#endif -+ EMIT2(0xf7, 0xf1); /* div %ecx */ -+ EMIT2(0x89, 0xd0); /* mov %edx,%eax */ -+ break; -+ case BPF_S_ALU_DIV_K: /* A /= K */ -+ if (K == 1) -+ break; -+ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ DILUTE_CONST_SEQUENCE(K, randkey); -+#else -+ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */ -+#endif -+ EMIT2(0xf7, 0xf1); /* div %ecx */ -+ break; -+ case BPF_S_ALU_AND_X: -+ seen |= SEEN_XREG; -+ EMIT2(0x21, 0xd8); /* and %ebx,%eax */ -+ break; -+ case BPF_S_ALU_AND_K: -+ if (K >= 0xFFFFFF00) { -+ EMIT2(0x24, K & 0xFF); /* and imm8,%al */ -+ } else if (K >= 0xFFFF0000) { -+ EMIT2(0x66, 0x25); /* and imm16,%ax */ -+ EMIT(K, 2); -+ } else { -+ EMIT1_off32(0x25, K); /* and imm32,%eax */ -+ } -+ break; -+ case BPF_S_ALU_OR_X: -+ seen |= SEEN_XREG; -+ EMIT2(0x09, 0xd8); /* or %ebx,%eax */ -+ break; -+ case BPF_S_ALU_OR_K: -+ if (is_imm8(K)) -+ EMIT3(0x83, 0xc8, K); /* or imm8,%eax */ -+ else -+ EMIT1_off32(0x0d, K); /* or imm32,%eax */ -+ break; -+ case BPF_S_ANC_ALU_XOR_X: /* A ^= X; */ -+ case BPF_S_ALU_XOR_X: -+ seen |= SEEN_XREG; -+ EMIT2(0x31, 0xd8); /* xor %ebx,%eax */ -+ break; -+ case BPF_S_ALU_XOR_K: /* A ^= K; */ -+ if (K == 0) -+ break; -+ if (is_imm8(K)) -+ EMIT3(0x83, 0xf0, K); /* xor imm8,%eax */ -+ else -+ EMIT1_off32(0x35, K); /* xor imm32,%eax */ -+ break; -+ case BPF_S_ALU_LSH_X: /* A <<= X; */ -+ seen |= SEEN_XREG; -+ EMIT4(0x89, 0xd9, 0xd3, 0xe0); /* mov %ebx,%ecx; shl %cl,%eax */ -+ break; -+ case BPF_S_ALU_LSH_K: -+ if (K == 0) -+ break; -+ else if (K == 1) -+ EMIT2(0xd1, 0xe0); /* shl %eax */ -+ else -+ EMIT3(0xc1, 0xe0, K); -+ break; -+ case BPF_S_ALU_RSH_X: /* A >>= X; */ -+ seen |= SEEN_XREG; -+ EMIT4(0x89, 0xd9, 0xd3, 0xe8); /* mov %ebx,%ecx; shr %cl,%eax */ -+ break; -+ case BPF_S_ALU_RSH_K: /* A >>= K; */ -+ if (K == 0) -+ break; -+ else if (K == 1) -+ EMIT2(0xd1, 0xe8); /* shr %eax */ -+ else -+ EMIT3(0xc1, 0xe8, K); -+ break; -+ case BPF_S_ALU_NEG: -+ EMIT2(0xf7, 0xd8); /* neg %eax */ -+ break; -+ case BPF_S_RET_K: -+ if (!K) { -+ if (pc_ret0 == -1) -+ pc_ret0 = i; -+ CLEAR_A(); -+ } else { -+ EMIT1_off32(0xb8, K); /* mov $imm32,%eax */ -+ } -+ /* fallinto */ -+ case BPF_S_RET_A: -+ if (seen_or_pass0) { -+ if (i != flen - 1) { -+ EMIT_JMP(cleanup_addr - addrs[i]); -+ break; -+ } -+ if (seen_or_pass0 & SEEN_XREG) -+ EMIT4(0x48, 0x8b, 0x5d, 0xf8); /* mov -8(%rbp),%rbx */ -+ EMIT1(0xc9); /* leaveq */ -+ } -+ EMIT1(0xc3); /* ret */ -+ break; -+ case BPF_S_MISC_TAX: /* X = A */ -+ seen |= SEEN_XREG; -+ EMIT2(0x89, 0xc3); /* mov %eax,%ebx */ -+ break; -+ case BPF_S_MISC_TXA: /* A = X */ -+ seen |= SEEN_XREG; -+ EMIT2(0x89, 0xd8); /* mov %ebx,%eax */ -+ break; -+ case BPF_S_LD_IMM: /* A = K */ -+ if (!K) -+ CLEAR_A(); -+ else -+ EMIT1_off32(0xb8, K); /* mov $imm32,%eax */ -+ break; -+ case BPF_S_LDX_IMM: /* X = K */ -+ seen |= SEEN_XREG; -+ if (!K) -+ CLEAR_X(); -+ else -+ EMIT1_off32(0xbb, K); /* mov $imm32,%ebx */ -+ break; -+ case BPF_S_LD_MEM: /* A = mem[K] : mov off8(%rbp),%eax */ -+ seen |= SEEN_MEM; -+ EMIT3(0x8b, 0x45, 0xf0 - K*4); -+ break; -+ case BPF_S_LDX_MEM: /* X = mem[K] : mov off8(%rbp),%ebx */ -+ seen |= SEEN_XREG | SEEN_MEM; -+ EMIT3(0x8b, 0x5d, 0xf0 - K*4); -+ break; -+ case BPF_S_ST: /* mem[K] = A : mov %eax,off8(%rbp) */ -+ seen |= SEEN_MEM; -+ EMIT3(0x89, 0x45, 0xf0 - K*4); -+ break; -+ case BPF_S_STX: /* mem[K] = X : mov %ebx,off8(%rbp) */ -+ seen |= SEEN_XREG | SEEN_MEM; -+ EMIT3(0x89, 0x5d, 0xf0 - K*4); -+ break; -+ case BPF_S_LD_W_LEN: /* A = skb->len; */ -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4); -+ if (is_imm8(offsetof(struct sk_buff, len))) -+ /* mov off8(%rdi),%eax */ -+ EMIT3(0x8b, 0x47, offsetof(struct sk_buff, len)); -+ else { -+ EMIT2(0x8b, 0x87); -+ EMIT(offsetof(struct sk_buff, len), 4); -+ } -+ break; -+ case BPF_S_LDX_W_LEN: /* X = skb->len; */ -+ seen |= SEEN_XREG; -+ if (is_imm8(offsetof(struct sk_buff, len))) -+ /* mov off8(%rdi),%ebx */ -+ EMIT3(0x8b, 0x5f, offsetof(struct sk_buff, len)); -+ else { -+ EMIT2(0x8b, 0x9f); -+ EMIT(offsetof(struct sk_buff, len), 4); -+ } -+ break; -+ case BPF_S_ANC_PROTOCOL: /* A = ntohs(skb->protocol); */ -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2); -+ if (is_imm8(offsetof(struct sk_buff, protocol))) { -+ /* movzwl off8(%rdi),%eax */ -+ EMIT4(0x0f, 0xb7, 0x47, offsetof(struct sk_buff, protocol)); -+ } else { -+ EMIT3(0x0f, 0xb7, 0x87); /* movzwl off32(%rdi),%eax */ -+ EMIT(offsetof(struct sk_buff, protocol), 4); -+ } -+ EMIT2(0x86, 0xc4); /* ntohs() : xchg %al,%ah */ -+ break; -+ case BPF_S_ANC_IFINDEX: -+ if (is_imm8(offsetof(struct sk_buff, dev))) { -+ /* movq off8(%rdi),%rax */ -+ EMIT4(0x48, 0x8b, 0x47, offsetof(struct sk_buff, dev)); -+ } else { -+ EMIT3(0x48, 0x8b, 0x87); /* movq off32(%rdi),%rax */ -+ EMIT(offsetof(struct sk_buff, dev), 4); -+ } -+ EMIT3(0x48, 0x85, 0xc0); /* test %rax,%rax */ -+ EMIT_COND_JMP(X86_JE, cleanup_addr - (addrs[i] - 6)); -+ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); -+ EMIT2(0x8b, 0x80); /* mov off32(%rax),%eax */ -+ EMIT(offsetof(struct net_device, ifindex), 4); -+ break; -+ case BPF_S_ANC_MARK: -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4); -+ if (is_imm8(offsetof(struct sk_buff, mark))) { -+ /* mov off8(%rdi),%eax */ -+ EMIT3(0x8b, 0x47, offsetof(struct sk_buff, mark)); -+ } else { -+ EMIT2(0x8b, 0x87); -+ EMIT(offsetof(struct sk_buff, mark), 4); -+ } -+ break; -+ case BPF_S_ANC_RXHASH: -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4); -+ if (is_imm8(offsetof(struct sk_buff, hash))) { -+ /* mov off8(%rdi),%eax */ -+ EMIT3(0x8b, 0x47, offsetof(struct sk_buff, hash)); -+ } else { -+ EMIT2(0x8b, 0x87); -+ EMIT(offsetof(struct sk_buff, hash), 4); -+ } -+ break; -+ case BPF_S_ANC_QUEUE: -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, queue_mapping) != 2); -+ if (is_imm8(offsetof(struct sk_buff, queue_mapping))) { -+ /* movzwl off8(%rdi),%eax */ -+ EMIT4(0x0f, 0xb7, 0x47, offsetof(struct sk_buff, queue_mapping)); -+ } else { -+ EMIT3(0x0f, 0xb7, 0x87); /* movzwl off32(%rdi),%eax */ -+ EMIT(offsetof(struct sk_buff, queue_mapping), 4); -+ } -+ break; -+ case BPF_S_ANC_CPU: -+#ifdef CONFIG_SMP -+ EMIT4(0x65, 0x8b, 0x04, 0x25); /* mov %gs:off32,%eax */ -+ EMIT((u32)(unsigned long)&cpu_number, 4); /* A = smp_processor_id(); */ -+#else -+ CLEAR_A(); -+#endif -+ break; -+ case BPF_S_ANC_VLAN_TAG: -+ case BPF_S_ANC_VLAN_TAG_PRESENT: -+ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2); -+ if (is_imm8(offsetof(struct sk_buff, vlan_tci))) { -+ /* movzwl off8(%rdi),%eax */ -+ EMIT4(0x0f, 0xb7, 0x47, offsetof(struct sk_buff, vlan_tci)); -+ } else { -+ EMIT3(0x0f, 0xb7, 0x87); /* movzwl off32(%rdi),%eax */ -+ EMIT(offsetof(struct sk_buff, vlan_tci), 4); -+ } -+ BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000); -+ if (filter[i].code == BPF_S_ANC_VLAN_TAG) { -+ EMIT3(0x80, 0xe4, 0xef); /* and $0xef,%ah */ -+ } else { -+ EMIT3(0xc1, 0xe8, 0x0c); /* shr $0xc,%eax */ -+ EMIT3(0x83, 0xe0, 0x01); /* and $0x1,%eax */ -+ } -+ break; -+ case BPF_S_ANC_PKTTYPE: -+ { -+ int off = pkt_type_offset(); -+ -+ if (off < 0) -+ goto out; -+ if (is_imm8(off)) { -+ /* movzbl off8(%rdi),%eax */ -+ EMIT4(0x0f, 0xb6, 0x47, off); -+ } else { -+ /* movbl off32(%rdi),%eax */ -+ EMIT3(0x0f, 0xb6, 0x87); -+ EMIT(off, 4); -+ } -+ EMIT3(0x83, 0xe0, PKT_TYPE_MAX); /* and $0x7,%eax */ -+ break; -+ } -+ case BPF_S_LD_W_ABS: -+ func = CHOOSE_LOAD_FUNC(K, sk_load_word); -+common_load: seen |= SEEN_DATAREF; -+ t_offset = func - (image + addrs[i]); -+ EMIT1_off32(0xbe, K); /* mov imm32,%esi */ -+ EMIT1_off32(0xe8, t_offset); /* call */ -+ break; -+ case BPF_S_LD_H_ABS: -+ func = CHOOSE_LOAD_FUNC(K, sk_load_half); -+ goto common_load; -+ case BPF_S_LD_B_ABS: -+ func = CHOOSE_LOAD_FUNC(K, sk_load_byte); -+ goto common_load; -+ case BPF_S_LDX_B_MSH: -+ func = CHOOSE_LOAD_FUNC(K, sk_load_byte_msh); -+ seen |= SEEN_DATAREF | SEEN_XREG; -+ t_offset = func - (image + addrs[i]); -+ EMIT1_off32(0xbe, K); /* mov imm32,%esi */ -+ EMIT1_off32(0xe8, t_offset); /* call sk_load_byte_msh */ -+ break; -+ case BPF_S_LD_W_IND: -+ func = sk_load_word; -+common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; -+ t_offset = func - (image + addrs[i]); -+ if (K) { -+ if (is_imm8(K)) { -+ EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ -+ } else { -+ EMIT2_off32(0x8d, 0xb3, K); /* lea imm32(%rbx),%esi */ -+ } -+ } else { -+ EMIT2(0x89,0xde); /* mov %ebx,%esi */ -+ } -+ EMIT1_off32(0xe8, t_offset); /* call sk_load_xxx_ind */ -+ break; -+ case BPF_S_LD_H_IND: -+ func = sk_load_half; -+ goto common_load_ind; -+ case BPF_S_LD_B_IND: -+ func = sk_load_byte; -+ goto common_load_ind; -+ case BPF_S_JMP_JA: -+ t_offset = addrs[i + K] - addrs[i]; -+ EMIT_JMP(t_offset); -+ break; -+ COND_SEL(BPF_S_JMP_JGT_K, X86_JA, X86_JBE); -+ COND_SEL(BPF_S_JMP_JGE_K, X86_JAE, X86_JB); -+ COND_SEL(BPF_S_JMP_JEQ_K, X86_JE, X86_JNE); -+ COND_SEL(BPF_S_JMP_JSET_K,X86_JNE, X86_JE); -+ COND_SEL(BPF_S_JMP_JGT_X, X86_JA, X86_JBE); -+ COND_SEL(BPF_S_JMP_JGE_X, X86_JAE, X86_JB); -+ COND_SEL(BPF_S_JMP_JEQ_X, X86_JE, X86_JNE); -+ COND_SEL(BPF_S_JMP_JSET_X,X86_JNE, X86_JE); -+ -+cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; -+ t_offset = addrs[i + filter[i].jt] - addrs[i]; -+ -+ /* same targets, can avoid doing the test :) */ -+ if (filter[i].jt == filter[i].jf) { -+ EMIT_JMP(t_offset); -+ break; -+ } -+ -+ switch (filter[i].code) { -+ case BPF_S_JMP_JGT_X: -+ case BPF_S_JMP_JGE_X: -+ case BPF_S_JMP_JEQ_X: -+ seen |= SEEN_XREG; -+ EMIT2(0x39, 0xd8); /* cmp %ebx,%eax */ -+ break; -+ case BPF_S_JMP_JSET_X: -+ seen |= SEEN_XREG; -+ EMIT2(0x85, 0xd8); /* test %ebx,%eax */ -+ break; -+ case BPF_S_JMP_JEQ_K: -+ if (K == 0) { -+ EMIT2(0x85, 0xc0); /* test %eax,%eax */ -+ break; -+ } -+ case BPF_S_JMP_JGT_K: -+ case BPF_S_JMP_JGE_K: -+ if (K <= 127) -+ EMIT3(0x83, 0xf8, K); /* cmp imm8,%eax */ -+ else -+ EMIT1_off32(0x3d, K); /* cmp imm32,%eax */ -+ break; -+ case BPF_S_JMP_JSET_K: -+ if (K <= 0xFF) -+ EMIT2(0xa8, K); /* test imm8,%al */ -+ else if (!(K & 0xFFFF00FF)) -+ EMIT3(0xf6, 0xc4, K >> 8); /* test imm8,%ah */ -+ else if (K <= 0xFFFF) { -+ EMIT2(0x66, 0xa9); /* test imm16,%ax */ -+ EMIT(K, 2); -+ } else { -+ EMIT1_off32(0xa9, K); /* test imm32,%eax */ -+ } -+ break; -+ } -+ if (filter[i].jt != 0) { -+ if (filter[i].jf && f_offset) -+ t_offset += is_near(f_offset) ? 2 : 5; -+ EMIT_COND_JMP(t_op, t_offset); -+ if (filter[i].jf) -+ EMIT_JMP(f_offset); -+ break; -+ } -+ EMIT_COND_JMP(f_op, f_offset); -+ break; -+ default: -+ /* hmm, too complex filter, give up with jit compiler */ -+ goto out; -+ } -+ ilen = prog - temp; -+ if (image) { -+ if (unlikely(proglen + ilen > oldproglen)) { -+ pr_err("bpb_jit_compile fatal error\n"); -+ kfree(addrs); -+ module_free_exec(NULL, image); -+ return; -+ } -+ pax_open_kernel(); -+ memcpy(image + proglen, temp, ilen); -+ pax_close_kernel(); -+ } -+ proglen += ilen; -+ addrs[i] = proglen; -+ prog = temp; -+ } -+ /* last bpf instruction is always a RET : -+ * use it to give the cleanup instruction(s) addr -+ */ -+ cleanup_addr = proglen - 1; /* ret */ -+ if (seen_or_pass0) -+ cleanup_addr -= 1; /* leaveq */ -+ if (seen_or_pass0 & SEEN_XREG) -+ cleanup_addr -= 4; /* mov -8(%rbp),%rbx */ -+ if (image) { - if (proglen != oldproglen) -- pr_err("bpf_jit: proglen=%d != oldproglen=%d\n", -- proglen, oldproglen); -+ pr_err("bpb_jit_compile proglen=%u != oldproglen=%u\n", proglen, oldproglen); - break; - } - if (proglen == oldproglen) { -@@ -918,32 +872,30 @@ void bpf_int_jit_compile(struct sk_filter *prog) - } - - if (bpf_jit_enable > 1) -- bpf_jit_dump(prog->len, proglen, 0, image); -+ bpf_jit_dump(flen, proglen, pass, image); +@@ -922,7 +924,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog) if (image) { bpf_flush_icache(header, image + proglen); - set_memory_ro((unsigned long)header, header->pages); -- prog->bpf_func = (void *)image; -- prog->jited = 1; -+ fp->bpf_func = (void *)image; + prog->bpf_func = (void *)image; + prog->jited = 1; } - out: +@@ -930,23 +931,16 @@ out: kfree(addrs); -+ return; } - static void bpf_jit_free_deferred(struct work_struct *work) - { - struct sk_filter *fp = container_of(work, struct sk_filter, work); - unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; +-static void bpf_jit_free_deferred(struct work_struct *work) +-{ +- struct bpf_prog *fp = container_of(work, struct bpf_prog, work); +- unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; - struct bpf_binary_header *header = (void *)addr; - +- - set_memory_rw(addr, header->pages); - module_free(NULL, header); +- kfree(fp); +-} +- + void bpf_jit_free(struct bpf_prog *fp) + { +- if (fp->jited) { +- INIT_WORK(&fp->work, bpf_jit_free_deferred); +- schedule_work(&fp->work); +- } else { +- kfree(fp); +- } ++ unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; ++ ++ if (!fp->jited) ++ goto free_filter; ++ + set_memory_rw(addr, 1); + module_free_exec(NULL, (void *)addr); - kfree(fp); ++ ++free_filter: ++ bpf_prog_unlock_free(fp); } - - void bpf_jit_free(struct sk_filter *fp) - { -- if (fp->jited) { -+ if (fp->bpf_func != sk_run_filter) { - INIT_WORK(&fp->work, bpf_jit_free_deferred); - schedule_work(&fp->work); - } else { diff --git a/arch/x86/oprofile/backtrace.c b/arch/x86/oprofile/backtrace.c index 5d04be5..2beeaa2 100644 --- a/arch/x86/oprofile/backtrace.c @@ -36313,23 +34305,23 @@ index 71e8a67..6a313bb 100644 struct op_counter_config; diff --git a/arch/x86/pci/intel_mid_pci.c b/arch/x86/pci/intel_mid_pci.c -index 84b9d67..260e5ff 100644 +index b9958c3..24229ab 100644 --- a/arch/x86/pci/intel_mid_pci.c +++ b/arch/x86/pci/intel_mid_pci.c -@@ -245,7 +245,7 @@ int __init intel_mid_pci_init(void) - pr_info("Intel MID platform detected, using MID PCI ops\n"); +@@ -250,7 +250,7 @@ int __init intel_mid_pci_init(void) pci_mmcfg_late_init(); pcibios_enable_irq = intel_mid_pci_irq_enable; + pcibios_disable_irq = intel_mid_pci_irq_disable; - pci_root_ops = intel_mid_pci_ops; + memcpy((void *)&pci_root_ops, &intel_mid_pci_ops, sizeof pci_root_ops); pci_soc_mode = 1; /* Continue with standard init */ return 1; diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c -index 84112f5..6334d60 100644 +index eb500c2..eab9e70 100644 --- a/arch/x86/pci/irq.c +++ b/arch/x86/pci/irq.c -@@ -50,7 +50,7 @@ struct irq_router { +@@ -51,7 +51,7 @@ struct irq_router { struct irq_router_handler { u16 vendor; int (*probe)(struct irq_router *r, struct pci_dev *router, u16 device); @@ -36337,8 +34329,8 @@ index 84112f5..6334d60 100644 +} __do_const; int (*pcibios_enable_irq)(struct pci_dev *dev) = pirq_enable_irq; - void (*pcibios_disable_irq)(struct pci_dev *dev) = NULL; -@@ -790,7 +790,7 @@ static __init int pico_router_probe(struct irq_router *r, struct pci_dev *router + void (*pcibios_disable_irq)(struct pci_dev *dev) = pirq_disable_irq; +@@ -791,7 +791,7 @@ static __init int pico_router_probe(struct irq_router *r, struct pci_dev *router return 0; } @@ -36347,7 +34339,7 @@ index 84112f5..6334d60 100644 { PCI_VENDOR_ID_INTEL, intel_router_probe }, { PCI_VENDOR_ID_AL, ali_router_probe }, { PCI_VENDOR_ID_ITE, ite_router_probe }, -@@ -817,7 +817,7 @@ static struct pci_dev *pirq_router_dev; +@@ -818,7 +818,7 @@ static struct pci_dev *pirq_router_dev; static void __init pirq_find_router(struct irq_router *r) { struct irq_routing_table *rt = pirq_table; @@ -36356,7 +34348,7 @@ index 84112f5..6334d60 100644 #ifdef CONFIG_PCI_BIOS if (!rt->signature) { -@@ -1090,7 +1090,7 @@ static int __init fix_acer_tm360_irqrouting(const struct dmi_system_id *d) +@@ -1091,7 +1091,7 @@ static int __init fix_acer_tm360_irqrouting(const struct dmi_system_id *d) return 0; } @@ -36948,6 +34940,52 @@ index 1bbedc4..eb795b5 100644 } static unsigned long __init intel_mid_calibrate_tsc(void) +diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h +index 46aa25c..7208aeb 100644 +--- a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h ++++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h +@@ -14,6 +14,6 @@ + /* For every CPU addition a new get_<cpuname>_ops interface needs + * to be added. + */ +-extern void *get_penwell_ops(void) __attribute__((weak)); +-extern void *get_cloverview_ops(void) __attribute__((weak)); +-extern void *get_tangier_ops(void) __attribute__((weak)); ++extern const void *get_penwell_ops(void) __attribute__((weak)); ++extern const void *get_cloverview_ops(void) __attribute__((weak)); ++extern const void *get_tangier_ops(void) __attribute__((weak)); +diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c +index 23381d2..8ddc10e 100644 +--- a/arch/x86/platform/intel-mid/mfld.c ++++ b/arch/x86/platform/intel-mid/mfld.c +@@ -64,12 +64,12 @@ static void __init penwell_arch_setup(void) + pm_power_off = mfld_power_off; + } + +-void *get_penwell_ops(void) ++const void *get_penwell_ops(void) + { + return &penwell_ops; + } + +-void *get_cloverview_ops(void) ++const void *get_cloverview_ops(void) + { + return &penwell_ops; + } +diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c +index aaca917..66eadbc 100644 +--- a/arch/x86/platform/intel-mid/mrfl.c ++++ b/arch/x86/platform/intel-mid/mrfl.c +@@ -97,7 +97,7 @@ static struct intel_mid_ops tangier_ops = { + .arch_setup = tangier_arch_setup, + }; + +-void *get_tangier_ops(void) ++const void *get_tangier_ops(void) + { + return &tangier_ops; + } diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c index d6ee929..3637cb5 100644 --- a/arch/x86/platform/olpc/olpc_dt.c @@ -36962,7 +35000,7 @@ index d6ee929..3637cb5 100644 .getproplen = olpc_dt_getproplen, .getproperty = olpc_dt_getproperty, diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 424f4c9..f2a2988 100644 +index 6ec7910..ecdbb11 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c @@ -137,11 +137,8 @@ static void do_fpu_end(void) @@ -37384,10 +35422,10 @@ index 80ffa5b..a33bd15 100644 return 0; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile -index 61b04fe..3134230 100644 +index 5a4affe..9e2d522 100644 --- a/arch/x86/vdso/Makefile +++ b/arch/x86/vdso/Makefile -@@ -170,7 +170,7 @@ quiet_cmd_vdso = VDSO $@ +@@ -174,7 +174,7 @@ quiet_cmd_vdso = VDSO $@ -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' @@ -37397,7 +35435,7 @@ index 61b04fe..3134230 100644 GCOV_PROFILE := n diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index e4f7781..ab5ab26 100644 +index e904c27..b9eaa03 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -14,6 +14,7 @@ @@ -37409,7 +35447,7 @@ index e4f7781..ab5ab26 100644 #ifdef CONFIG_COMPAT_VDSO #define VDSO_DEFAULT 0 diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 5a5176d..e570acd 100644 +index 970463b..da82d3e 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,10 +16,9 @@ @@ -37435,24 +35473,25 @@ index 5a5176d..e570acd 100644 + if (calculate_addr) { addr = vdso_addr(current->mm->start_stack, - image->sym_end_mapping); -@@ -110,13 +114,13 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) - + image->size - image->sym_vvar_start); +@@ -111,14 +115,14 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) down_write(&mm->mmap_sem); -- addr = get_unmapped_area(NULL, addr, image->sym_end_mapping, 0, 0); -+ addr = get_unmapped_area(NULL, addr, image->sym_end_mapping, 0, MAP_EXECUTABLE); + addr = get_unmapped_area(NULL, addr, +- image->size - image->sym_vvar_start, 0, 0); ++ image->size - image->sym_vvar_start, 0, MAP_EXECUTABLE); if (IS_ERR_VALUE(addr)) { ret = addr; goto up_fail; } -- current->mm->context.vdso = (void __user *)addr; -+ mm->context.vdso = addr; + text_start = addr - image->sym_vvar_start; +- current->mm->context.vdso = (void __user *)text_start; ++ mm->context.vdso = text_start; /* * MAYWRITE to allow gdb to COW and set breakpoints -@@ -161,15 +165,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) +@@ -163,15 +167,12 @@ static int map_vdso(const struct vdso_image *image, bool calculate_addr) hpet_address >> PAGE_SHIFT, PAGE_SIZE, pgprot_noncached(PAGE_READONLY)); @@ -37469,7 +35508,7 @@ index 5a5176d..e570acd 100644 up_write(&mm->mmap_sem); return ret; -@@ -189,8 +190,8 @@ static int load_vdso32(void) +@@ -191,8 +192,8 @@ static int load_vdso32(void) if (selected_vdso32->sym_VDSO32_SYSENTER_RETURN) current_thread_info()->sysenter_return = @@ -37480,7 +35519,7 @@ index 5a5176d..e570acd 100644 return 0; } -@@ -199,9 +200,6 @@ static int load_vdso32(void) +@@ -201,9 +202,6 @@ static int load_vdso32(void) #ifdef CONFIG_X86_64 int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { @@ -37490,7 +35529,7 @@ index 5a5176d..e570acd 100644 return map_vdso(&vdso_image_64, true); } -@@ -210,12 +208,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -212,12 +210,8 @@ int compat_arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) { #ifdef CONFIG_X86_X32_ABI @@ -37504,7 +35543,7 @@ index 5a5176d..e570acd 100644 #endif return load_vdso32(); -@@ -227,12 +221,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -229,12 +223,3 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) return load_vdso32(); } #endif @@ -37530,7 +35569,7 @@ index e88fda8..76ce7ce 100644 This is the Linux Xen port. Enabling this will allow the kernel to boot in a paravirtualized environment under the diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index ffb101e..98c0ecf 100644 +index c0cb11f..bed56ff 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -123,8 +123,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -37652,7 +35691,7 @@ index ffb101e..98c0ecf 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 16fb009..9f68b5d 100644 +index 16fb009..02b7801 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) @@ -37664,14 +35703,13 @@ index 16fb009..9f68b5d 100644 { if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; -@@ -1903,8 +1903,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) - /* L3_k[510] -> level2_kernel_pgt +@@ -1904,7 +1904,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) * L3_k[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); + + convert_pfn_mfn(level3_vmalloc_start_pgt); + convert_pfn_mfn(level3_vmalloc_end_pgt); + convert_pfn_mfn(level3_vmemmap_pgt); - /* L3_k[511][506] -> level1_fixmap_pgt */ + /* L3_k[511][507] -> level1_vsyscall_pgt */ convert_pfn_mfn(level2_fixmap_pgt); @@ -37816,7 +35854,7 @@ index 485b695..fda3e7c 100644 mov %rsi,xen_start_info mov $init_thread_union+THREAD_SIZE,%rsp diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h -index 97d8765..c4526ec 100644 +index 28c7e0b..2acfec7 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -10,8 +10,6 @@ @@ -37890,10 +35928,10 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/bio.c b/block/bio.c -index 0ec61c9..93b94060 100644 +index 3e6331d..f970433 100644 --- a/block/bio.c +++ b/block/bio.c -@@ -1159,7 +1159,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, +@@ -1160,7 +1160,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -37902,7 +35940,7 @@ index 0ec61c9..93b94060 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1293,7 +1293,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, +@@ -1294,7 +1294,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -37911,7 +35949,7 @@ index 0ec61c9..93b94060 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1555,7 +1555,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -1556,7 +1556,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -37921,7 +35959,7 @@ index 0ec61c9..93b94060 100644 bio_for_each_segment_all(bvec, bio, i) { char *addr = page_address(bvec->bv_page); diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c -index 28d227c..d4c0bad 100644 +index e17da94..e01cce1 100644 --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c @@ -822,7 +822,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) @@ -37942,18 +35980,6 @@ index 28d227c..d4c0bad 100644 done: spin_lock_init(&blkcg->lock); INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC); -diff --git a/block/blk-exec.c b/block/blk-exec.c -index f4d27b1..9924725 100644 ---- a/block/blk-exec.c -+++ b/block/blk-exec.c -@@ -56,6 +56,7 @@ void blk_execute_rq_nowait(struct request_queue *q, struct gendisk *bd_disk, - bool is_pm_resume; - - WARN_ON(irqs_disabled()); -+ WARN_ON(rq->cmd_type == REQ_TYPE_FS); - - rq->rq_disk = bd_disk; - rq->end_io = done; diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c index 0736729..2ec3b48 100644 --- a/block/blk-iopoll.c @@ -37980,28 +36006,6 @@ index f890d43..97b0482 100644 if (do_copy) bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else -diff --git a/block/blk-mq.c b/block/blk-mq.c -index 06ac59f..034c0ff 100644 ---- a/block/blk-mq.c -+++ b/block/blk-mq.c -@@ -973,14 +973,9 @@ void blk_mq_insert_request(struct request *rq, bool at_head, bool run_queue, - - hctx = q->mq_ops->map_queue(q, ctx->cpu); - -- if (rq->cmd_flags & (REQ_FLUSH | REQ_FUA) && -- !(rq->cmd_flags & (REQ_FLUSH_SEQ))) { -- blk_insert_flush(rq); -- } else { -- spin_lock(&ctx->lock); -- __blk_mq_insert_request(hctx, rq, at_head); -- spin_unlock(&ctx->lock); -- } -+ spin_lock(&ctx->lock); -+ __blk_mq_insert_request(hctx, rq, at_head); -+ spin_unlock(&ctx->lock); - - if (run_queue) - blk_mq_run_hw_queue(hctx, async); diff --git a/block/blk-softirq.c b/block/blk-softirq.c index 53b1737..08177d2e 100644 --- a/block/blk-softirq.c @@ -38047,7 +36051,7 @@ index ff46add..c4ba8ee 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c -index a0926a6..b2b14b2 100644 +index 18b282c..050dbe5 100644 --- a/block/compat_ioctl.c +++ b/block/compat_ioctl.c @@ -156,7 +156,7 @@ static int compat_cdrom_generic_command(struct block_device *bdev, fmode_t mode, @@ -38101,7 +36105,7 @@ index e6723bd..703e4ac 100644 EXPORT_SYMBOL(blk_unregister_region); diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index dc51f46..d5446a8 100644 +index 56d08fd..2e07090 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -293,14 +293,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, @@ -38126,7 +36130,7 @@ index dc51f46..d5446a8 100644 (u8 *) pte, count) < count) { kfree(pte); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 84ab119..a217f27 100644 +index 9b8eaec..c20279a 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p) @@ -38138,7 +36142,7 @@ index 84ab119..a217f27 100644 { return jiffies_to_clock_t(q->sg_timeout); } -@@ -220,8 +220,20 @@ EXPORT_SYMBOL(blk_verify_command); +@@ -227,8 +227,20 @@ EXPORT_SYMBOL(blk_verify_command); static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq, struct sg_io_hdr *hdr, fmode_t mode) { @@ -38160,7 +36164,7 @@ index 84ab119..a217f27 100644 if (blk_verify_command(rq->cmd, mode & FMODE_WRITE)) return -EPERM; -@@ -413,6 +425,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -432,6 +444,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, int err; unsigned int in_len, out_len, bytes, opcode, cmdlen; char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE]; @@ -38169,7 +36173,7 @@ index 84ab119..a217f27 100644 if (!sic) return -EINVAL; -@@ -451,9 +465,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -470,9 +484,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, */ err = -EFAULT; rq->cmd_len = cmdlen; @@ -38190,7 +36194,7 @@ index 84ab119..a217f27 100644 goto error; diff --git a/crypto/cryptd.c b/crypto/cryptd.c -index 7bdd61b..afec999 100644 +index e592c90..c566114 100644 --- a/crypto/cryptd.c +++ b/crypto/cryptd.c @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx { @@ -38247,7 +36251,7 @@ index 6921c7f..78e1af7 100644 /* diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h -index e5bcd91..74f050d 100644 +index 16129c7..8b675cd 100644 --- a/drivers/acpi/apei/apei-internal.h +++ b/drivers/acpi/apei/apei-internal.h @@ -19,7 +19,7 @@ typedef int (*apei_exec_ins_func_t)(struct apei_exec_context *ctx, @@ -38260,19 +36264,19 @@ index e5bcd91..74f050d 100644 struct apei_exec_context { u32 ip; diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c -index dab7cb7..f0d2994 100644 +index fc5f780..e5ac91a 100644 --- a/drivers/acpi/apei/ghes.c +++ b/drivers/acpi/apei/ghes.c -@@ -500,7 +500,7 @@ static void __ghes_print_estatus(const char *pfx, +@@ -478,7 +478,7 @@ static void __ghes_print_estatus(const char *pfx, const struct acpi_hest_generic *generic, - const struct acpi_generic_status *estatus) + const struct acpi_hest_generic_status *estatus) { - static atomic_t seqno; + static atomic_unchecked_t seqno; unsigned int curr_seqno; char pfx_seq[64]; -@@ -511,7 +511,7 @@ static void __ghes_print_estatus(const char *pfx, +@@ -489,7 +489,7 @@ static void __ghes_print_estatus(const char *pfx, else pfx = KERN_ERR; } @@ -38299,7 +36303,7 @@ index a83e3c6..c3d617f 100644 bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj); if (!bgrt_kobj) diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c -index 3d8413d..95f638c 100644 +index 36eb42e..3b2f47e 100644 --- a/drivers/acpi/blacklist.c +++ b/drivers/acpi/blacklist.c @@ -51,7 +51,7 @@ struct acpi_blacklist_item { @@ -38367,10 +36371,10 @@ index 38cb978..352c761 100644 static void delete_gpe_attr_array(void) { diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index d72ce04..d6ab3c2 100644 +index b784e9d..a69a049 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c -@@ -1257,7 +1257,7 @@ int ahci_kick_engine(struct ata_port *ap) +@@ -1252,7 +1252,7 @@ int ahci_kick_engine(struct ata_port *ap) } EXPORT_SYMBOL_GPL(ahci_kick_engine); @@ -38380,10 +36384,10 @@ index d72ce04..d6ab3c2 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index e7f30b5..a8cc9cd 100644 +index 6f67490..f951ead 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); +@@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); static void ata_dev_xfermask(struct ata_device *dev); static unsigned long ata_dev_blacklisted(const struct ata_device *dev); @@ -38392,7 +36396,7 @@ index e7f30b5..a8cc9cd 100644 struct ata_force_param { const char *name; -@@ -4863,7 +4863,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4797,7 +4797,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -38401,7 +36405,7 @@ index e7f30b5..a8cc9cd 100644 ap = qc->ap; qc->flags = 0; -@@ -4879,7 +4879,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4813,7 +4813,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -38410,7 +36414,7 @@ index e7f30b5..a8cc9cd 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5983,6 +5983,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5917,6 +5917,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -38418,7 +36422,7 @@ index e7f30b5..a8cc9cd 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5996,8 +5997,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5930,8 +5931,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -38429,7 +36433,7 @@ index e7f30b5..a8cc9cd 100644 spin_unlock(&lock); } -@@ -6193,7 +6195,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6127,7 +6129,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -38439,7 +36443,7 @@ index e7f30b5..a8cc9cd 100644 } diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index 72691fd..ad104c0 100644 +index 0586f66..1a8f74a 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -4151,7 +4151,7 @@ int ata_sas_port_init(struct ata_port *ap) @@ -38452,7 +36456,7 @@ index 72691fd..ad104c0 100644 } EXPORT_SYMBOL_GPL(ata_sas_port_init); diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h -index 45b5ab3..98446b8 100644 +index 5f4e0cc..ff2c347 100644 --- a/drivers/ata/libata.h +++ b/drivers/ata/libata.h @@ -53,7 +53,7 @@ enum { @@ -38533,7 +36537,7 @@ index f1a9198..f466a4a 100644 } diff --git a/drivers/atm/atmtcp.c b/drivers/atm/atmtcp.c -index 0e3f8f9..765a7a5 100644 +index 480fa6f..947067c 100644 --- a/drivers/atm/atmtcp.c +++ b/drivers/atm/atmtcp.c @@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) @@ -38565,16 +36569,16 @@ index 0e3f8f9..765a7a5 100644 return 0; } -@@ -299,7 +299,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) - out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci)); +@@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) read_unlock(&vcc_sklist_lock); if (!out_vcc) { + result = -EUNATCH; - atomic_inc(&vcc->stats->tx_err); + atomic_inc_unchecked(&vcc->stats->tx_err); goto done; } skb_pull(skb,sizeof(struct atmtcp_hdr)); -@@ -311,8 +311,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) __net_timestamp(new_skb); skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len); out_vcc->push(out_vcc,new_skb); @@ -38586,7 +36590,7 @@ index 0e3f8f9..765a7a5 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index b1955ba..b179940 100644 +index d65975a..0b87e20 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -38732,10 +36736,10 @@ index d4725fc..2d4ea65 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index aa6be26..f70a785 100644 +index c39702b..785b73b 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c -@@ -1690,7 +1690,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1689,7 +1689,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { hprintk("HBUF_ERR! (cid 0x%x)\n", cid); @@ -38744,7 +36748,7 @@ index aa6be26..f70a785 100644 goto return_host_buffers; } -@@ -1717,7 +1717,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1716,7 +1716,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) RBRQ_LEN_ERR(he_dev->rbrq_head) ? "LEN_ERR" : "", vcc->vpi, vcc->vci); @@ -38753,7 +36757,7 @@ index aa6be26..f70a785 100644 goto return_host_buffers; } -@@ -1769,7 +1769,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1768,7 +1768,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) vcc->push(vcc, skb); spin_lock(&he_dev->global_lock); @@ -38762,7 +36766,7 @@ index aa6be26..f70a785 100644 return_host_buffers: ++pdus_assembled; -@@ -2095,7 +2095,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) +@@ -2094,7 +2094,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) tpd->vcc->pop(tpd->vcc, tpd->skb); else dev_kfree_skb_any(tpd->skb); @@ -38771,7 +36775,7 @@ index aa6be26..f70a785 100644 } pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); return; -@@ -2507,7 +2507,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2506,7 +2506,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -38780,7 +36784,7 @@ index aa6be26..f70a785 100644 return -EINVAL; } -@@ -2518,7 +2518,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2517,7 +2517,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -38789,7 +36793,7 @@ index aa6be26..f70a785 100644 return -EINVAL; } #endif -@@ -2530,7 +2530,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2529,7 +2529,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -38798,7 +36802,7 @@ index aa6be26..f70a785 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2572,7 +2572,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2571,7 +2571,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -38807,7 +36811,7 @@ index aa6be26..f70a785 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2603,7 +2603,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2602,7 +2602,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) __enqueue_tpd(he_dev, tpd, cid); spin_unlock_irqrestore(&he_dev->global_lock, flags); @@ -38839,10 +36843,10 @@ index 1dc0519..1aadaf7 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index b621f56..1e3a799 100644 +index 2b24ed0..b3d6acc 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c -@@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) +@@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) else dev_kfree_skb(skb); @@ -38851,7 +36855,7 @@ index b621f56..1e3a799 100644 } atomic_dec(&scq->used); -@@ -1075,13 +1075,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1072,13 +1072,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) if ((sb = dev_alloc_skb(64)) == NULL) { printk("%s: Can't allocate buffers for aal0.\n", card->name); @@ -38867,7 +36871,7 @@ index b621f56..1e3a799 100644 dev_kfree_skb(sb); break; } -@@ -1098,7 +1098,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1095,7 +1095,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) ATM_SKB(sb)->vcc = vcc; __net_timestamp(sb); vcc->push(vcc, sb); @@ -38876,7 +36880,7 @@ index b621f56..1e3a799 100644 cell += ATM_CELL_PAYLOAD; } -@@ -1135,13 +1135,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1132,13 +1132,13 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) "(CDC: %08x)\n", card->name, len, rpp->len, readl(SAR_REG_CDC)); recycle_rx_pool_skb(card, rpp); @@ -38892,7 +36896,7 @@ index b621f56..1e3a799 100644 return; } if (skb_queue_len(&rpp->queue) > 1) { -@@ -1152,7 +1152,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1149,7 +1149,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) RXPRINTK("%s: Can't alloc RX skb.\n", card->name); recycle_rx_pool_skb(card, rpp); @@ -38901,7 +36905,7 @@ index b621f56..1e3a799 100644 return; } if (!atm_charge(vcc, skb->truesize)) { -@@ -1171,7 +1171,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1168,7 +1168,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) __net_timestamp(skb); vcc->push(vcc, skb); @@ -38910,7 +36914,7 @@ index b621f56..1e3a799 100644 return; } -@@ -1193,7 +1193,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) +@@ -1190,7 +1190,7 @@ dequeue_rx(struct idt77252_dev *card, struct rsq_entry *rsqe) __net_timestamp(skb); vcc->push(vcc, skb); @@ -38919,7 +36923,7 @@ index b621f56..1e3a799 100644 if (skb->truesize > SAR_FB_SIZE_3) add_rx_skb(card, 3, SAR_FB_SIZE_3, 1); -@@ -1304,14 +1304,14 @@ idt77252_rx_raw(struct idt77252_dev *card) +@@ -1301,14 +1301,14 @@ idt77252_rx_raw(struct idt77252_dev *card) if (vcc->qos.aal != ATM_AAL0) { RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n", card->name, vpi, vci); @@ -38936,7 +36940,7 @@ index b621f56..1e3a799 100644 goto drop; } -@@ -1330,7 +1330,7 @@ idt77252_rx_raw(struct idt77252_dev *card) +@@ -1327,7 +1327,7 @@ idt77252_rx_raw(struct idt77252_dev *card) ATM_SKB(sb)->vcc = vcc; __net_timestamp(sb); vcc->push(vcc, sb); @@ -38945,7 +36949,7 @@ index b621f56..1e3a799 100644 drop: skb_pull(queue, 64); -@@ -1955,13 +1955,13 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) +@@ -1952,13 +1952,13 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) if (vc == NULL) { printk("%s: NULL connection in send().\n", card->name); @@ -38961,7 +36965,7 @@ index b621f56..1e3a799 100644 dev_kfree_skb(skb); return -EINVAL; } -@@ -1973,14 +1973,14 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) +@@ -1970,14 +1970,14 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) break; default: printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal); @@ -38978,7 +36982,7 @@ index b621f56..1e3a799 100644 dev_kfree_skb(skb); return -EINVAL; } -@@ -1988,7 +1988,7 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) +@@ -1985,7 +1985,7 @@ idt77252_send_skb(struct atm_vcc *vcc, struct sk_buff *skb, int oam) err = queue_skb(card, vc, skb, oam); if (err) { @@ -38987,7 +36991,7 @@ index b621f56..1e3a799 100644 dev_kfree_skb(skb); return err; } -@@ -2011,7 +2011,7 @@ idt77252_send_oam(struct atm_vcc *vcc, void *cell, int flags) +@@ -2008,7 +2008,7 @@ idt77252_send_oam(struct atm_vcc *vcc, void *cell, int flags) skb = dev_alloc_skb(64); if (!skb) { printk("%s: Out of memory in send_oam().\n", card->name); @@ -39360,7 +37364,7 @@ index 9988ac9..7c52585 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 943cf0d..37d15d5 100644 +index 7652e8d..db45069 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -838,7 +838,7 @@ static void solos_bh(unsigned long card_arg) @@ -39526,10 +37530,10 @@ index 25798db..15f130e 100644 while (1) { spin_lock(&req_lock); diff --git a/drivers/base/node.c b/drivers/base/node.c -index 8f7ed99..700dd0c 100644 +index d51c49c..28908df 100644 --- a/drivers/base/node.c +++ b/drivers/base/node.c -@@ -624,7 +624,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) +@@ -623,7 +623,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) struct node_attr { struct device_attribute attr; enum node_states state; @@ -39647,10 +37651,10 @@ index dbb8350..4762f4c 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index 4595c22..d4f6c54 100644 +index ff20f19..018f1da 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -3011,7 +3011,7 @@ static void start_io(ctlr_info_t *h) +@@ -3008,7 +3008,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -39659,7 +37663,7 @@ index 4595c22..d4f6c54 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3021,7 +3021,7 @@ static void start_io(ctlr_info_t *h) +@@ -3018,7 +3018,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -39668,7 +37672,7 @@ index 4595c22..d4f6c54 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3447,17 +3447,17 @@ startio: +@@ -3444,17 +3444,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -39689,7 +37693,7 @@ index 4595c22..d4f6c54 100644 (h->interrupts_enabled == 0)); } -@@ -3490,7 +3490,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3487,7 +3487,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -39698,7 +37702,7 @@ index 4595c22..d4f6c54 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4047,7 +4047,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4044,7 +4044,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -39707,7 +37711,7 @@ index 4595c22..d4f6c54 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4321,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h) +@@ -4318,7 +4318,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -39716,7 +37720,7 @@ index 4595c22..d4f6c54 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5053,7 +5053,7 @@ reinit_after_soft_reset: +@@ -5050,7 +5050,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -39725,7 +37729,7 @@ index 4595c22..d4f6c54 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5103,7 +5103,7 @@ reinit_after_soft_reset: +@@ -5100,7 +5100,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -39734,7 +37738,7 @@ index 4595c22..d4f6c54 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5123,9 +5123,9 @@ reinit_after_soft_reset: +@@ -5120,9 +5120,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -39746,7 +37750,7 @@ index 4595c22..d4f6c54 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5148,7 +5148,7 @@ reinit_after_soft_reset: +@@ -5145,7 +5145,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -39755,7 +37759,7 @@ index 4595c22..d4f6c54 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5220,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5217,7 +5217,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -39954,10 +37958,10 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_bitmap.c b/drivers/block/drbd/drbd_bitmap.c -index 1aa29f8..080c42f 100644 +index 426c97a..8c58607 100644 --- a/drivers/block/drbd/drbd_bitmap.c +++ b/drivers/block/drbd/drbd_bitmap.c -@@ -1042,7 +1042,7 @@ static void bm_page_io_async(struct bm_aio_ctx *ctx, int page_nr, int rw) __must +@@ -1036,7 +1036,7 @@ static void bm_page_io_async(struct drbd_bm_aio_ctx *ctx, int page_nr) __must_ho submit_bio(rw, bio); /* this should not count as user activity and cause the * resync to throttle -- see drbd_rs_should_slow_down(). */ @@ -39967,10 +37971,10 @@ index 1aa29f8..080c42f 100644 } diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index a76ceb3..a4c80cf 100644 +index 1a00001..c0d4253 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -331,7 +331,7 @@ struct drbd_epoch { +@@ -387,7 +387,7 @@ struct drbd_epoch { struct drbd_connection *connection; struct list_head list; unsigned int barrier_nr; @@ -39979,7 +37983,7 @@ index a76ceb3..a4c80cf 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -797,7 +797,7 @@ struct drbd_device { +@@ -948,7 +948,7 @@ struct drbd_device { unsigned int al_tr_number; int al_tr_cycle; wait_queue_head_t seq_wait; @@ -39987,8 +37991,8 @@ index a76ceb3..a4c80cf 100644 + atomic_unchecked_t packet_seq; unsigned int peer_seq; spinlock_t peer_seq_lock; - unsigned int minor; -@@ -807,8 +807,8 @@ struct drbd_device { + unsigned long comm_bm_set; /* communicated number of set bits. */ +@@ -957,8 +957,8 @@ struct drbd_device { struct mutex own_state_mutex; struct mutex *state_mutex; /* either own_state_mutex or first_peer_device(device)->connection->cstate_mutex */ char congestion_reason; /* Why we where congested... */ @@ -39999,7 +38003,7 @@ index a76ceb3..a4c80cf 100644 int rs_last_sect_ev; /* counter to compare with */ int rs_last_events; /* counter of read or write "events" (unit sectors) * on the lower level device when we last looked. */ -@@ -1407,7 +1407,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, +@@ -1569,7 +1569,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -40026,10 +38030,10 @@ index 89c497c..9c736ae 100644 /** diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 960645c..61ede05 100644 +index 9b465bb..00034ecf 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c -@@ -1322,7 +1322,7 @@ static int _drbd_send_ack(struct drbd_peer_device *peer_device, enum drbd_packet +@@ -1328,7 +1328,7 @@ static int _drbd_send_ack(struct drbd_peer_device *peer_device, enum drbd_packet p->sector = sector; p->block_id = block_id; p->blksize = blksize; @@ -40038,7 +38042,7 @@ index 960645c..61ede05 100644 return drbd_send_command(peer_device, sock, cmd, sizeof(*p), NULL, 0); } -@@ -1628,7 +1628,7 @@ int drbd_send_dblock(struct drbd_peer_device *peer_device, struct drbd_request * +@@ -1634,7 +1634,7 @@ int drbd_send_dblock(struct drbd_peer_device *peer_device, struct drbd_request * return -EIO; p->sector = cpu_to_be64(req->i.sector); p->block_id = (unsigned long)req; @@ -40047,7 +38051,7 @@ index 960645c..61ede05 100644 dp_flags = bio_flags_to_wire(peer_device->connection, req->master_bio->bi_rw); if (device->state.conn >= C_SYNC_SOURCE && device->state.conn <= C_PAUSED_SYNC_T) -@@ -1905,8 +1905,8 @@ void drbd_init_set_defaults(struct drbd_device *device) +@@ -1915,8 +1915,8 @@ void drbd_init_set_defaults(struct drbd_device *device) atomic_set(&device->unacked_cnt, 0); atomic_set(&device->local_cnt, 0); atomic_set(&device->pp_in_use_by_net, 0); @@ -40056,9 +38060,9 @@ index 960645c..61ede05 100644 + atomic_set_unchecked(&device->rs_sect_in, 0); + atomic_set_unchecked(&device->rs_sect_ev, 0); atomic_set(&device->ap_in_flight, 0); - atomic_set(&device->md_io_in_use, 0); + atomic_set(&device->md_io.in_use, 0); -@@ -2670,8 +2670,8 @@ void drbd_destroy_connection(struct kref *kref) +@@ -2688,8 +2688,8 @@ void drbd_destroy_connection(struct kref *kref) struct drbd_connection *connection = container_of(kref, struct drbd_connection, kref); struct drbd_resource *resource = connection->resource; @@ -40070,10 +38074,10 @@ index 960645c..61ede05 100644 idr_destroy(&connection->peer_devices); diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index 3f2e167..d3170e4 100644 +index 1cd47df..57c53c0 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c -@@ -3616,7 +3616,7 @@ finish: +@@ -3645,13 +3645,13 @@ finish: void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib) { @@ -40082,9 +38086,7 @@ index 3f2e167..d3170e4 100644 struct sk_buff *msg; struct drbd_genlmsghdr *d_out; unsigned seq; -@@ -3629,7 +3629,7 @@ void drbd_bcast_event(struct drbd_device *device, const struct sib_info *sib) - return; - } + int err = -ENOMEM; - seq = atomic_inc_return(&drbd_genl_seq); + seq = atomic_inc_return_unchecked(&drbd_genl_seq); @@ -40092,10 +38094,10 @@ index 3f2e167..d3170e4 100644 if (!msg) goto failed; diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index 5b17ec8..deaec7d 100644 +index 9342b8d..b6a6825 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -834,7 +834,7 @@ int drbd_connected(struct drbd_peer_device *peer_device) +@@ -870,7 +870,7 @@ int drbd_connected(struct drbd_peer_device *peer_device) struct drbd_device *device = peer_device->device; int err; @@ -40104,7 +38106,7 @@ index 5b17ec8..deaec7d 100644 device->peer_seq = 0; device->state_mutex = peer_device->connection->agreed_pro_version < 100 ? -@@ -1199,7 +1199,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio +@@ -1233,7 +1233,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio do { next_epoch = NULL; @@ -40113,7 +38115,7 @@ index 5b17ec8..deaec7d 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1239,7 +1239,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio +@@ -1273,7 +1273,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_connection *connectio rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -40122,7 +38124,7 @@ index 5b17ec8..deaec7d 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1490,7 +1490,7 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf +@@ -1550,7 +1550,7 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf conn_wait_active_ee_empty(connection); drbd_flush(connection); @@ -40131,7 +38133,7 @@ index 5b17ec8..deaec7d 100644 epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO); if (epoch) break; -@@ -1503,11 +1503,11 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf +@@ -1564,11 +1564,11 @@ static int receive_Barrier(struct drbd_connection *connection, struct packet_inf } epoch->flags = 0; @@ -40145,8 +38147,8 @@ index 5b17ec8..deaec7d 100644 list_add(&epoch->list, &connection->current_epoch->list); connection->current_epoch = epoch; connection->epochs++; -@@ -1739,7 +1739,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto - list_add(&peer_req->w.list, &device->sync_ee); +@@ -1802,7 +1802,7 @@ static int recv_resync_read(struct drbd_peer_device *peer_device, sector_t secto + list_add_tail(&peer_req->w.list, &device->sync_ee); spin_unlock_irq(&device->resource->req_lock); - atomic_add(pi->size >> 9, &device->rs_sect_ev); @@ -40154,7 +38156,7 @@ index 5b17ec8..deaec7d 100644 if (drbd_submit_peer_request(device, peer_req, WRITE, DRBD_FAULT_RS_WR) == 0) return 0; -@@ -1837,7 +1837,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet +@@ -1900,7 +1900,7 @@ static int receive_RSDataReply(struct drbd_connection *connection, struct packet drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size); } @@ -40163,7 +38165,7 @@ index 5b17ec8..deaec7d 100644 return err; } -@@ -2224,7 +2224,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * +@@ -2290,7 +2290,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * err = wait_for_and_update_peer_seq(peer_device, peer_seq); drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size); @@ -40172,7 +38174,7 @@ index 5b17ec8..deaec7d 100644 err2 = drbd_drain_block(peer_device, pi->size); if (!err) err = err2; -@@ -2266,7 +2266,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * +@@ -2334,7 +2334,7 @@ static int receive_Data(struct drbd_connection *connection, struct packet_info * spin_lock(&connection->epoch_lock); peer_req->epoch = connection->current_epoch; @@ -40181,17 +38183,17 @@ index 5b17ec8..deaec7d 100644 atomic_inc(&peer_req->epoch->active); spin_unlock(&connection->epoch_lock); -@@ -2406,7 +2406,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device) +@@ -2479,7 +2479,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device *device) curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - - atomic_read(&device->rs_sect_ev); + atomic_read_unchecked(&device->rs_sect_ev); - if (!device->rs_last_events || curr_events - device->rs_last_events > 64) { - unsigned long rs_left; - int i; -@@ -2540,7 +2540,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet - device->bm_resync_fo = BM_SECT_TO_BIT(sector); + + if (atomic_read(&device->ap_actlog_cnt) + || !device->rs_last_events || curr_events - device->rs_last_events > 64) { +@@ -2618,7 +2618,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet + device->use_csums = true; } else if (pi->cmd == P_OV_REPLY) { /* track progress, we may need to throttle */ - atomic_add(size >> 9, &device->rs_sect_in); @@ -40199,7 +38201,7 @@ index 5b17ec8..deaec7d 100644 peer_req->w.cb = w_e_end_ov_reply; dec_rs_pending(device); /* drbd_rs_begin_io done when we sent this request, -@@ -2601,7 +2601,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet +@@ -2691,7 +2691,7 @@ static int receive_DataRequest(struct drbd_connection *connection, struct packet goto out_free_e; submit_for_resync: @@ -40207,8 +38209,8 @@ index 5b17ec8..deaec7d 100644 + atomic_add_unchecked(size >> 9, &device->rs_sect_ev); submit: - inc_unacked(device); -@@ -4461,7 +4461,7 @@ struct data_cmd { + update_receiver_timing_details(connection, drbd_submit_peer_request); +@@ -4564,7 +4564,7 @@ struct data_cmd { int expect_payload; size_t pkt_size; int (*fn)(struct drbd_connection *, struct packet_info *); @@ -40217,7 +38219,7 @@ index 5b17ec8..deaec7d 100644 static struct data_cmd drbd_cmd_handler[] = { [P_DATA] = { 1, sizeof(struct p_data), receive_Data }, -@@ -4572,7 +4572,7 @@ static void conn_disconnect(struct drbd_connection *connection) +@@ -4678,7 +4678,7 @@ static void conn_disconnect(struct drbd_connection *connection) if (!list_empty(&connection->current_epoch->list)) drbd_err(connection, "ASSERTION FAILED: connection->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ @@ -40226,7 +38228,7 @@ index 5b17ec8..deaec7d 100644 connection->send.seen_any_write_yet = false; drbd_info(connection, "Connection closed\n"); -@@ -5076,7 +5076,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info * +@@ -5182,7 +5182,7 @@ static int got_IsInSync(struct drbd_connection *connection, struct packet_info * put_ldev(device); } dec_rs_pending(device); @@ -40235,7 +38237,7 @@ index 5b17ec8..deaec7d 100644 return 0; } -@@ -5364,7 +5364,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection) +@@ -5470,7 +5470,7 @@ static int connection_finish_peer_reqs(struct drbd_connection *connection) struct asender_cmd { size_t pkt_size; int (*fn)(struct drbd_connection *connection, struct packet_info *); @@ -40245,11 +38247,11 @@ index 5b17ec8..deaec7d 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/drbd/drbd_worker.c b/drivers/block/drbd/drbd_worker.c -index d8f57b6..8dbf4b4 100644 +index 50776b3..1477c3f 100644 --- a/drivers/block/drbd/drbd_worker.c +++ b/drivers/block/drbd/drbd_worker.c -@@ -413,7 +413,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector, - list_add(&peer_req->w.list, &device->read_ee); +@@ -408,7 +408,7 @@ static int read_for_csum(struct drbd_peer_device *peer_device, sector_t sector, + list_add_tail(&peer_req->w.list, &device->read_ee); spin_unlock_irq(&device->resource->req_lock); - atomic_add(size >> 9, &device->rs_sect_ev); @@ -40257,7 +38259,7 @@ index d8f57b6..8dbf4b4 100644 if (drbd_submit_peer_request(device, peer_req, READ, DRBD_FAULT_RS_RD) == 0) return 0; -@@ -558,7 +558,7 @@ static int drbd_rs_number_requests(struct drbd_device *device) +@@ -553,7 +553,7 @@ static int drbd_rs_number_requests(struct drbd_device *device) unsigned int sect_in; /* Number of sectors that came in since the last turn */ int number, mxb; @@ -40266,7 +38268,7 @@ index d8f57b6..8dbf4b4 100644 device->rs_in_flight -= sect_in; rcu_read_lock(); -@@ -1583,8 +1583,8 @@ void drbd_rs_controller_reset(struct drbd_device *device) +@@ -1594,8 +1594,8 @@ void drbd_rs_controller_reset(struct drbd_device *device) { struct fifo_buffer *plan; @@ -40526,10 +38528,10 @@ index a48e05b..6bac831 100644 kfree(usegment); kfree(ksegment); diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c -index b297033..fa217ca 100644 +index 09f17eb..8531d2f 100644 --- a/drivers/char/agp/frontend.c +++ b/drivers/char/agp/frontend.c -@@ -819,7 +819,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) +@@ -806,7 +806,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) if (copy_from_user(&reserve, arg, sizeof(struct agp_region))) return -EFAULT; @@ -40538,7 +38540,7 @@ index b297033..fa217ca 100644 return -EFAULT; client = agp_find_client_by_pid(reserve.pid); -@@ -849,7 +849,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) +@@ -836,7 +836,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) if (segment == NULL) return -ENOMEM; @@ -40812,22 +38814,19 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c -index 8320abd..ec48108 100644 +index 0ea9986..e7b07e4 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c -@@ -2345,9 +2345,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2345,7 +2345,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", - __FILE__, __LINE__, info->device_name, port->count); + __FILE__, __LINE__, info->device_name, atomic_read(&port->count)); -- WARN_ON(!port->count); -+ WARN_ON(!atomic_read(&port->count)); - if (tty_port_close_start(port, tty, filp) == 0) goto cleanup; -@@ -2365,7 +2365,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2363,7 +2363,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__, @@ -40836,7 +38835,7 @@ index 8320abd..ec48108 100644 } /* Wait until the transmitter is empty. -@@ -2507,7 +2507,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2505,7 +2505,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", @@ -40844,8 +38843,8 @@ index 8320abd..ec48108 100644 + __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); /* If port is closing, signal caller to try again */ - if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ -@@ -2527,11 +2527,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) + if (port->flags & ASYNC_CLOSING){ +@@ -2525,11 +2525,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) goto cleanup; } spin_lock(&port->lock); @@ -40859,7 +38858,7 @@ index 8320abd..ec48108 100644 /* 1st open on this device, init hardware */ retval = startup(info, tty); if (retval < 0) -@@ -3920,7 +3920,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -3918,7 +3918,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -40868,7 +38867,7 @@ index 8320abd..ec48108 100644 return -EBUSY; switch (encoding) -@@ -4024,7 +4024,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -4022,7 +4022,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -40877,7 +38876,7 @@ index 8320abd..ec48108 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -4114,7 +4114,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -4112,7 +4112,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name); /* return error if TTY interface open */ @@ -40887,10 +38886,10 @@ index 8320abd..ec48108 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 71529e1..822b036 100644 +index c18d41d..a39afb7 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c -@@ -284,9 +284,6 @@ +@@ -289,9 +289,6 @@ /* * To allow fractional bits to be tracked, the entropy_count field is * denominated in units of 1/8th bits. @@ -40900,7 +38899,7 @@ index 71529e1..822b036 100644 */ #define ENTROPY_SHIFT 3 #define ENTROPY_BITS(r) ((r)->entropy_count >> ENTROPY_SHIFT) -@@ -433,9 +430,9 @@ struct entropy_store { +@@ -439,9 +436,9 @@ struct entropy_store { }; static void push_to_pool(struct work_struct *work); @@ -40913,18 +38912,7 @@ index 71529e1..822b036 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], -@@ -524,8 +521,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, - input_rotate = (input_rotate + (i ? 7 : 14)) & 31; - } - -- ACCESS_ONCE(r->input_rotate) = input_rotate; -- ACCESS_ONCE(r->add_ptr) = i; -+ ACCESS_ONCE_RW(r->input_rotate) = input_rotate; -+ ACCESS_ONCE_RW(r->add_ptr) = i; - smp_wmb(); - - if (out) -@@ -632,7 +629,7 @@ retry: +@@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ do { @@ -40933,7 +38921,7 @@ index 71529e1..822b036 100644 unsigned int add = ((pool_size - entropy_count)*anfrac*3) >> s; -@@ -1177,7 +1174,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1207,7 +1204,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -40942,7 +38930,7 @@ index 71529e1..822b036 100644 ret = -EFAULT; break; } -@@ -1567,7 +1564,7 @@ static char sysctl_bootid[16]; +@@ -1590,7 +1587,7 @@ static char sysctl_bootid[16]; static int proc_do_uuid(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -40951,7 +38939,7 @@ index 71529e1..822b036 100644 unsigned char buf[64], tmp_uuid[16], *uuid; uuid = table->data; -@@ -1597,7 +1594,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, +@@ -1620,7 +1617,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, static int proc_do_entropy(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -41021,7 +39009,7 @@ index 565a947..dcdc06e 100644 acpi_os_unmap_iomem(virt, len); return 0; diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c -index 59f7cb2..bac8b6d 100644 +index 3a56a13..f8cbd25 100644 --- a/drivers/char/tpm/tpm_eventlog.c +++ b/drivers/char/tpm/tpm_eventlog.c @@ -95,7 +95,7 @@ static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos) @@ -41053,7 +39041,7 @@ index 59f7cb2..bac8b6d 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 60aafb8..10c08e0 100644 +index b585b47..488f43e 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -684,7 +684,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -41075,10 +39063,10 @@ index 60aafb8..10c08e0 100644 static int wait_port_writable(struct port *port, bool nonblock) diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c -index 57a078e..c17cde8 100644 +index b9355da..9611f4e 100644 --- a/drivers/clk/clk-composite.c +++ b/drivers/clk/clk-composite.c -@@ -146,7 +146,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name, +@@ -191,7 +191,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name, struct clk *clk; struct clk_init_data init; struct clk_composite *composite; @@ -41198,10 +39186,10 @@ index b0c18ed..1713a80 100644 cpu_notifier_register_begin(); diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 21ab8bc..90ee9f8 100644 +index 61190f6..fcd899a 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -2103,7 +2103,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -2095,7 +2095,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) } mutex_lock(&cpufreq_governor_mutex); @@ -41210,7 +39198,7 @@ index 21ab8bc..90ee9f8 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2319,7 +2319,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2311,7 +2311,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -41219,7 +39207,7 @@ index 21ab8bc..90ee9f8 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2359,13 +2359,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2351,13 +2351,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -41239,7 +39227,7 @@ index 21ab8bc..90ee9f8 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", -@@ -2422,8 +2426,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2414,8 +2418,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -41253,7 +39241,7 @@ index 21ab8bc..90ee9f8 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2438,8 +2445,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2430,8 +2437,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -41321,10 +39309,10 @@ index cc401d1..8197340 100644 struct cs_ops { struct notifier_block *notifier_block; diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c -index 18d4091..434be15 100644 +index ad3f38f..8f086cd 100644 --- a/drivers/cpufreq/cpufreq_ondemand.c +++ b/drivers/cpufreq/cpufreq_ondemand.c -@@ -521,7 +521,7 @@ static void od_exit(struct dbs_data *dbs_data) +@@ -524,7 +524,7 @@ static void od_exit(struct dbs_data *dbs_data) define_get_cpu_dbs_routines(od_cpu_dbs_info); @@ -41333,7 +39321,7 @@ index 18d4091..434be15 100644 .powersave_bias_init_cpu = ondemand_powersave_bias_init_cpu, .powersave_bias_target = generic_powersave_bias_target, .freq_increase = dbs_freq_increase, -@@ -576,14 +576,18 @@ void od_register_powersave_bias_handler(unsigned int (*f) +@@ -579,14 +579,18 @@ void od_register_powersave_bias_handler(unsigned int (*f) (struct cpufreq_policy *, unsigned int, unsigned int), unsigned int powersave_bias) { @@ -41355,10 +39343,10 @@ index 18d4091..434be15 100644 } EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index 86631cb..c34ec78 100644 +index 0668b38..2f3ea18 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -121,10 +121,10 @@ struct pstate_funcs { +@@ -120,10 +120,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -41371,7 +39359,7 @@ index 86631cb..c34ec78 100644 struct perf_limits { int no_turbo; -@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -527,17 +527,17 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; @@ -41379,9 +39367,6 @@ index 86631cb..c34ec78 100644 + pstate_funcs->set(cpu, pstate); } - static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -546,12 +546,12 @@ static inline void intel_pstate_pstate_decrease(struct cpudata *cpu, int steps) - static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { - cpu->pstate.min_pstate = pstate_funcs.get_min(); @@ -41398,20 +39383,20 @@ index 86631cb..c34ec78 100644 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); } -@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -810,9 +810,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); - if (!pstate_funcs.get_max() || -- !pstate_funcs.get_min() || -- !pstate_funcs.get_turbo()) +- !pstate_funcs.get_min() || +- !pstate_funcs.get_turbo()) + if (!pstate_funcs->get_max() || -+ !pstate_funcs->get_min() || -+ !pstate_funcs->get_turbo()) ++ !pstate_funcs->get_min() || ++ !pstate_funcs->get_turbo()) return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -826,7 +826,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -41420,7 +39405,7 @@ index 86631cb..c34ec78 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -838,11 +838,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -41594,10 +39579,10 @@ index 7d4a315..21bb886 100644 if (policy->cpu != 0) return -ENODEV; diff --git a/drivers/cpuidle/driver.c b/drivers/cpuidle/driver.c -index 9634f20..e1499c7 100644 +index e431d11..d0b997e 100644 --- a/drivers/cpuidle/driver.c +++ b/drivers/cpuidle/driver.c -@@ -205,7 +205,7 @@ static int poll_idle(struct cpuidle_device *dev, +@@ -194,7 +194,7 @@ static int poll_idle(struct cpuidle_device *dev, static void poll_idle_init(struct cpuidle_driver *drv) { @@ -41620,7 +39605,7 @@ index ca89412..a7b9c49 100644 cpuidle_curr_governor->rating < gov->rating) cpuidle_switch_governor(gov); diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c -index efe2f17..b8124f9 100644 +index 97c5903..023ad23 100644 --- a/drivers/cpuidle/sysfs.c +++ b/drivers/cpuidle/sysfs.c @@ -135,7 +135,7 @@ static struct attribute *cpuidle_switch_attrs[] = { @@ -41633,7 +39618,7 @@ index efe2f17..b8124f9 100644 .name = "cpuidle", }; diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c -index 12fea3e..1e28f47 100644 +index 8d2a772..33826c9 100644 --- a/drivers/crypto/hifn_795x.c +++ b/drivers/crypto/hifn_795x.c @@ -51,7 +51,7 @@ module_param_string(hifn_pll_ref, hifn_pll_ref, sizeof(hifn_pll_ref), 0444); @@ -41677,10 +39662,10 @@ index 9f90369..bfcacdb 100644 mutex_unlock(&devfreq_list_lock); diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c -index b35007e..55ad549 100644 +index 42d4974..2714f36 100644 --- a/drivers/dma/sh/shdma-base.c +++ b/drivers/dma/sh/shdma-base.c -@@ -267,8 +267,8 @@ static int shdma_alloc_chan_resources(struct dma_chan *chan) +@@ -228,8 +228,8 @@ static int shdma_alloc_chan_resources(struct dma_chan *chan) schan->slave_id = -EINVAL; } @@ -41692,10 +39677,10 @@ index b35007e..55ad549 100644 ret = -ENOMEM; goto edescalloc; diff --git a/drivers/dma/sh/shdmac.c b/drivers/dma/sh/shdmac.c -index 146d5df..3c14970 100644 +index 58eb857..d7e42c8 100644 --- a/drivers/dma/sh/shdmac.c +++ b/drivers/dma/sh/shdmac.c -@@ -514,7 +514,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, +@@ -513,7 +513,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, return ret; } @@ -41721,10 +39706,10 @@ index 592af5f..bb1d583 100644 EXPORT_SYMBOL_GPL(edac_device_alloc_index); diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c -index 01fae82..1dd8289 100644 +index a6cd361..7bdbf53 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c -@@ -152,7 +152,7 @@ static const char * const edac_caps[] = { +@@ -154,7 +154,7 @@ static const char * const edac_caps[] = { struct dev_ch_attribute { struct device_attribute attr; int channel; @@ -41733,7 +39718,7 @@ index 01fae82..1dd8289 100644 #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \ struct dev_ch_attribute dev_attr_legacy_##_name = \ -@@ -1009,14 +1009,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci) +@@ -1011,14 +1011,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci) } if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) { @@ -42002,10 +39987,10 @@ index 17afc51..0ef90cd 100644 dmi_unmap(buf); return 0; diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c -index 1491dd4..aa910db 100644 +index 5b53d61..72cee96 100644 --- a/drivers/firmware/efi/cper.c +++ b/drivers/firmware/efi/cper.c -@@ -41,12 +41,12 @@ +@@ -44,12 +44,12 @@ static char rcd_decode_str[CPER_REC_LEN]; */ u64 cper_next_record_id(void) { @@ -42023,10 +40008,10 @@ index 1491dd4..aa910db 100644 EXPORT_SYMBOL_GPL(cper_next_record_id); diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c -index dc79346..b39bd69 100644 +index 64ecbb5..d921eb3 100644 --- a/drivers/firmware/efi/efi.c +++ b/drivers/firmware/efi/efi.c -@@ -122,14 +122,16 @@ static struct attribute_group efi_subsys_attr_group = { +@@ -126,14 +126,16 @@ static struct attribute_group efi_subsys_attr_group = { }; static struct efivars generic_efivars; @@ -42049,10 +40034,10 @@ index dc79346..b39bd69 100644 return efivars_register(&generic_efivars, &generic_ops, efi_kobj); } diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c -index 463c565..02a5640 100644 +index f256ecd..387dcb1 100644 --- a/drivers/firmware/efi/efivars.c +++ b/drivers/firmware/efi/efivars.c -@@ -588,7 +588,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var) +@@ -589,7 +589,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var) static int create_efivars_bin_attributes(void) { @@ -42078,7 +40063,7 @@ index 2f569aa..c95f4fb 100644 } diff --git a/drivers/gpio/gpio-em.c b/drivers/gpio/gpio-em.c -index cde3605..8b69df7 100644 +index fe49ec3..1ade794 100644 --- a/drivers/gpio/gpio-em.c +++ b/drivers/gpio/gpio-em.c @@ -278,7 +278,7 @@ static int em_gio_probe(struct platform_device *pdev) @@ -42091,7 +40076,7 @@ index cde3605..8b69df7 100644 int ret; diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c -index 7030422..42a3fe9 100644 +index 3784e81..73637b5 100644 --- a/drivers/gpio/gpio-ich.c +++ b/drivers/gpio/gpio-ich.c @@ -94,7 +94,7 @@ struct ichx_desc { @@ -42104,7 +40089,7 @@ index 7030422..42a3fe9 100644 static struct { spinlock_t lock; diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c -index b6ae89e..ac7349c 100644 +index bf6c094..6573caf 100644 --- a/drivers/gpio/gpio-rcar.c +++ b/drivers/gpio/gpio-rcar.c @@ -357,7 +357,7 @@ static int gpio_rcar_probe(struct platform_device *pdev) @@ -42117,7 +40102,7 @@ index b6ae89e..ac7349c 100644 const char *name = dev_name(dev); int ret; diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 66cbcc1..0c5e622 100644 +index dbf28fa..04dad4e 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -224,7 +224,7 @@ static int giu_get_irq(unsigned int irq) @@ -42130,10 +40115,10 @@ index 66cbcc1..0c5e622 100644 return -EINVAL; } diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c -index 810c84f..2c9310d 100644 +index c68d037..2f4f9a9 100644 --- a/drivers/gpio/gpiolib.c +++ b/drivers/gpio/gpiolib.c -@@ -1482,8 +1482,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip) +@@ -529,8 +529,10 @@ static void gpiochip_irqchip_remove(struct gpio_chip *gpiochip) } if (gpiochip->irqchip) { @@ -42146,7 +40131,7 @@ index 810c84f..2c9310d 100644 gpiochip->irqchip = NULL; } } -@@ -1549,8 +1551,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip, +@@ -596,8 +598,11 @@ int gpiochip_irqchip_add(struct gpio_chip *gpiochip, gpiochip->irqchip = NULL; return -EINVAL; } @@ -42161,10 +40146,10 @@ index 810c84f..2c9310d 100644 /* * Prepare the mapping since the irqchip shall be orthogonal to diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index fe94cc1..5e697b3 100644 +index 90e7730..3b41807 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c -@@ -3584,7 +3584,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -3861,7 +3861,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, goto done; } @@ -42174,32 +40159,23 @@ index fe94cc1..5e697b3 100644 ret = -EFAULT; goto done; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 8218078..9960928a 100644 +index 3242e20..7e4f621 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -233,7 +233,7 @@ module_exit(drm_core_exit); - /** - * Copy and IOCTL return string to user space - */ --static int drm_copy_field(char *buf, size_t *buf_len, const char *value) -+static int drm_copy_field(char __user *buf, size_t *buf_len, const char *value) - { - int len; +@@ -463,7 +463,7 @@ void drm_unplug_dev(struct drm_device *dev) -@@ -342,7 +342,7 @@ long drm_ioctl(struct file *filp, - struct drm_file *file_priv = filp->private_data; - struct drm_device *dev; - const struct drm_ioctl_desc *ioctl = NULL; -- drm_ioctl_t *func; -+ drm_ioctl_no_const_t func; - unsigned int nr = DRM_IOCTL_NR(cmd); - int retcode = -EINVAL; - char stack_kdata[128]; + drm_device_set_unplugged(dev); + +- if (dev->open_count == 0) { ++ if (local_read(&dev->open_count) == 0) { + drm_put_dev(dev); + } + mutex_unlock(&drm_global_mutex); diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 021fe5d..abc9ce6 100644 +index 79d5221..7ff73496 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c -@@ -88,7 +88,7 @@ int drm_open(struct inode *inode, struct file *filp) +@@ -89,7 +89,7 @@ int drm_open(struct inode *inode, struct file *filp) return PTR_ERR(minor); dev = minor->dev; @@ -42208,7 +40184,7 @@ index 021fe5d..abc9ce6 100644 need_setup = 1; /* share address_space across all char-devs of a single device */ -@@ -105,7 +105,7 @@ int drm_open(struct inode *inode, struct file *filp) +@@ -106,7 +106,7 @@ int drm_open(struct inode *inode, struct file *filp) return 0; err_undo: @@ -42217,16 +40193,16 @@ index 021fe5d..abc9ce6 100644 drm_minor_release(minor); return retcode; } -@@ -427,7 +427,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -384,7 +384,7 @@ int drm_release(struct inode *inode, struct file *filp) mutex_lock(&drm_global_mutex); - DRM_DEBUG("open_count = %d\n", dev->open_count); + DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count)); - if (dev->driver->preclose) - dev->driver->preclose(dev, file_priv); -@@ -436,10 +436,10 @@ int drm_release(struct inode *inode, struct file *filp) + mutex_lock(&dev->struct_mutex); + list_del(&file_priv->lhead); +@@ -397,10 +397,10 @@ int drm_release(struct inode *inode, struct file *filp) * Begin inline drm_release */ @@ -42239,7 +40215,7 @@ index 021fe5d..abc9ce6 100644 /* Release any auth tokens that might point to this file_priv, (do that under the drm_global_mutex) */ -@@ -540,7 +540,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -471,7 +471,7 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -42310,7 +40286,7 @@ index 3d2e91c..d31c4c9 100644 item->object = NULL; } diff --git a/drivers/gpu/drm/drm_info.c b/drivers/gpu/drm/drm_info.c -index 86feedd..cba70f5 100644 +index ecaf0fa..a49cee9 100644 --- a/drivers/gpu/drm/drm_info.c +++ b/drivers/gpu/drm/drm_info.c @@ -73,10 +73,13 @@ int drm_vm_info(struct seq_file *m, void *data) @@ -42404,32 +40380,19 @@ index 2f4c4343..dd12cd2 100644 else ret = drm_ioctl(filp, cmd, arg); -diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index 14d1646..99f9d49 100644 ---- a/drivers/gpu/drm/drm_stub.c -+++ b/drivers/gpu/drm/drm_stub.c -@@ -455,7 +455,7 @@ void drm_unplug_dev(struct drm_device *dev) - - drm_device_set_unplugged(dev); - -- if (dev->open_count == 0) { -+ if (local_read(&dev->open_count) == 0) { - drm_put_dev(dev); - } - mutex_unlock(&drm_global_mutex); -diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c -index 369b262..09ea3ab 100644 ---- a/drivers/gpu/drm/drm_sysfs.c -+++ b/drivers/gpu/drm/drm_sysfs.c -@@ -505,7 +505,7 @@ static void drm_sysfs_release(struct device *dev) - */ - int drm_sysfs_device_add(struct drm_minor *minor) - { -- char *minor_str; -+ const char *minor_str; - int r; - - if (minor->type == DRM_MINOR_CONTROL) +diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c +index 40be746..fd78faf 100644 +--- a/drivers/gpu/drm/drm_ioctl.c ++++ b/drivers/gpu/drm/drm_ioctl.c +@@ -642,7 +642,7 @@ long drm_ioctl(struct file *filp, + struct drm_file *file_priv = filp->private_data; + struct drm_device *dev; + const struct drm_ioctl_desc *ioctl = NULL; +- drm_ioctl_t *func; ++ drm_ioctl_no_const_t func; + unsigned int nr = DRM_IOCTL_NR(cmd); + int retcode = -EINVAL; + char stack_kdata[128]; diff --git a/drivers/gpu/drm/i810/i810_drv.h b/drivers/gpu/drm/i810/i810_drv.h index d4d16ed..8fb0b51 100644 --- a/drivers/gpu/drm/i810/i810_drv.h @@ -42446,10 +40409,10 @@ index d4d16ed..8fb0b51 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index d443441..ab091dd 100644 +index 9933c26..32cc097 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1290,7 +1290,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1292,7 +1292,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -42459,7 +40422,7 @@ index d443441..ab091dd 100644 static const struct vga_switcheroo_client_ops i915_switcheroo_ops = { diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 3a30133..ef4a743 100644 +index 60998fc..3b244bc 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -891,9 +891,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) @@ -42510,10 +40473,10 @@ index 2e0613e..a8b94d9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index ffaf8be..155f1bb 100644 +index d8324c6..fc9b704 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -11623,13 +11623,13 @@ struct intel_quirk { +@@ -12437,13 +12437,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -42529,7 +40492,7 @@ index ffaf8be..155f1bb 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -11637,18 +11637,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -12451,18 +12451,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -42652,10 +40615,10 @@ index 1b071b8..de8601a 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 8268a4c..5105708 100644 +index dae2c96..324dbe4 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -965,7 +965,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -963,7 +963,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -42665,10 +40628,10 @@ index 8268a4c..5105708 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index b628add..57cd489 100644 +index b02b024..aed7bad 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -99,7 +99,6 @@ struct nouveau_drm { +@@ -119,7 +119,6 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -42690,10 +40653,10 @@ index 462679a..88e32a7 100644 if (nr < DRM_COMMAND_BASE) diff --git a/drivers/gpu/drm/nouveau/nouveau_ttm.c b/drivers/gpu/drm/nouveau/nouveau_ttm.c -index 7e185c1..8f74e5a 100644 +index 53874b7..1db0a68 100644 --- a/drivers/gpu/drm/nouveau/nouveau_ttm.c +++ b/drivers/gpu/drm/nouveau/nouveau_ttm.c -@@ -131,11 +131,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) +@@ -127,11 +127,11 @@ nouveau_vram_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nouveau_vram_manager = { @@ -42710,7 +40673,7 @@ index 7e185c1..8f74e5a 100644 }; static int -@@ -201,11 +201,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) +@@ -196,11 +196,11 @@ nouveau_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nouveau_gart_manager = { @@ -42726,8 +40689,8 @@ index 7e185c1..8f74e5a 100644 + .debug = nouveau_gart_manager_debug }; - #include <core/subdev/vm/nv04.h> -@@ -274,11 +274,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) + /*XXX*/ +@@ -270,11 +270,11 @@ nv04_gart_manager_debug(struct ttm_mem_type_manager *man, const char *prefix) } const struct ttm_mem_type_manager_func nv04_gart_manager = { @@ -42745,10 +40708,10 @@ index 7e185c1..8f74e5a 100644 int diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c -index c110b2c..f237b7a 100644 +index c7592ec..dd45ebc 100644 --- a/drivers/gpu/drm/nouveau/nouveau_vga.c +++ b/drivers/gpu/drm/nouveau/nouveau_vga.c -@@ -70,7 +70,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -72,7 +72,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -43107,10 +41070,10 @@ index 4a85bb6..aaea819 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 52a0cfd..0a63ced 100644 +index 12c8329..a69e2e8 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -1169,7 +1169,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1213,7 +1213,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) * locking inversion with the driver load path. And the access here is * completely racy anyway. So don't bother with locking for now. */ @@ -43223,10 +41186,10 @@ index 23bb64f..69d7234 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index c8a8a51..219dacc 100644 +index 72afe82..056a57a 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -797,7 +797,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) +@@ -801,7 +801,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) man->size = size >> PAGE_SHIFT; } @@ -43235,7 +41198,7 @@ index c8a8a51..219dacc 100644 static const struct vm_operations_struct *ttm_vm_ops = NULL; static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -838,8 +838,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -43247,10 +41210,10 @@ index c8a8a51..219dacc 100644 vma->vm_ops = &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c -index 48c3bc4..e72d5a5 100644 +index 6553fd2..aecd29c 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c -@@ -1173,7 +1173,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor) +@@ -1243,7 +1243,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor) } for (i = 0; i < ARRAY_SIZE(debugfs_files); i++) @@ -43260,7 +41223,7 @@ index 48c3bc4..e72d5a5 100644 err = drm_debugfs_create_files(dc->debugfs_files, ARRAY_SIZE(debugfs_files), diff --git a/drivers/gpu/drm/tegra/dsi.c b/drivers/gpu/drm/tegra/dsi.c -index 97c409f..51e0de0 100644 +index f787445..2df2c65 100644 --- a/drivers/gpu/drm/tegra/dsi.c +++ b/drivers/gpu/drm/tegra/dsi.c @@ -41,7 +41,7 @@ struct tegra_dsi { @@ -43328,7 +41291,7 @@ index dbc2def..0a9f710 100644 kobject_put(&zone->kobj); return ret; diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c -index 3771763..883f206 100644 +index d1da339..829235e 100644 --- a/drivers/gpu/drm/udl/udl_fb.c +++ b/drivers/gpu/drm/udl/udl_fb.c @@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user) @@ -43436,10 +41399,10 @@ index 1319433..a993b0c 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 6b252a8..5975dfe 100644 +index 99f7317..33a835b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -437,7 +437,7 @@ struct vmw_private { +@@ -447,7 +447,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -43552,10 +41515,10 @@ index 0c42376..6febe77 100644 for (;;) { diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c -index 8a8725c2..afed796 100644 +index efd1ffd..0ae13ca 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_marker.c -@@ -151,7 +151,7 @@ int vmw_wait_lag(struct vmw_private *dev_priv, +@@ -135,7 +135,7 @@ int vmw_wait_lag(struct vmw_private *dev_priv, while (!vmw_lag_lt(queue, us)) { spin_lock(&queue->lock); if (list_empty(&queue->head)) @@ -43587,10 +41550,10 @@ index 37ac7b5..d52a5c9 100644 /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 8ed66fd..38ff772 100644 +index 12b6e67..ddd983c 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2488,7 +2488,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2500,7 +2500,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -43599,7 +41562,7 @@ index 8ed66fd..38ff772 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2530,7 +2530,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2542,7 +2542,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -43608,6 +41571,23 @@ index 8ed66fd..38ff772 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); +diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c +index 9bf8637..f462416 100644 +--- a/drivers/hid/hid-logitech-dj.c ++++ b/drivers/hid/hid-logitech-dj.c +@@ -682,6 +682,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, + * device (via hid_input_report() ) and return 1 so hid-core does not do + * anything else with it. + */ ++ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || ++ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { ++ dev_err(&hdev->dev, "%s: invalid device index:%d\n", ++ __func__, dj_report->device_index); ++ return false; ++ } + + /* case 1) */ + if (data[0] != REPORT_ID_DJ_SHORT) diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -43653,7 +41633,7 @@ index 0cb92e3..c7d453d 100644 if (atomic_read(&uhid->report_done)) goto unlock; diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index 284cf66..084c627 100644 +index 531a593..0b43a69 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -365,8 +365,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, @@ -43840,7 +41820,7 @@ index 3288f13..71cfb4e 100644 for (grp = groups; grp->format; grp++) { diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c -index ae208f6..48b6c5b 100644 +index cccef87..06ce8ec 100644 --- a/drivers/hwmon/asus_atk0110.c +++ b/drivers/hwmon/asus_atk0110.c @@ -147,10 +147,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids); @@ -43881,10 +41861,10 @@ index d76f0b7..55ae976 100644 }; diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c -index 632f1dc..57e6a58 100644 +index 7a8a6fb..015c1fd 100644 --- a/drivers/hwmon/ibmaem.c +++ b/drivers/hwmon/ibmaem.c -@@ -926,7 +926,7 @@ static int aem_register_sensors(struct aem_data *data, +@@ -924,7 +924,7 @@ static int aem_register_sensors(struct aem_data *data, struct aem_rw_sensor_template *rw) { struct device *dev = &data->pdev->dev; @@ -43926,10 +41906,10 @@ index 7710f46..427a28d 100644 int i, j, count; diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c -index 59d9a3f..2298fa4 100644 +index 504cbdd..35d6f25 100644 --- a/drivers/hwmon/nct6775.c +++ b/drivers/hwmon/nct6775.c -@@ -944,10 +944,10 @@ static struct attribute_group * +@@ -943,10 +943,10 @@ static struct attribute_group * nct6775_create_attr_group(struct device *dev, struct sensor_template_group *tg, int repeat) { @@ -44123,10 +42103,10 @@ index 0b510ba..4fbb5085 100644 } } diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c -index 4b1f375..770b95f 100644 +index af3e76d..96dfe5e 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c -@@ -551,7 +551,7 @@ static ssize_t iio_write_channel_info(struct device *dev, +@@ -555,7 +555,7 @@ static ssize_t iio_write_channel_info(struct device *dev, } static @@ -44136,7 +42116,7 @@ index 4b1f375..770b95f 100644 struct iio_chan_spec const *chan, ssize_t (*readfunc)(struct device *dev, diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index c323917..6ddea8b 100644 +index e28a494..f7c2671 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -115,7 +115,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -44426,7 +42406,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/mlx4/mad.c b/drivers/infiniband/hw/mlx4/mad.c -index 287ad05..5ae7b44d 100644 +index 82a7dd8..8fb6ba6 100644 --- a/drivers/infiniband/hw/mlx4/mad.c +++ b/drivers/infiniband/hw/mlx4/mad.c @@ -98,7 +98,7 @@ __be64 mlx4_ib_gen_node_guid(void) @@ -44452,7 +42432,7 @@ index ed327e6..ca1739e0 100644 ctx->mcg_wq = create_singlethread_workqueue(name); if (!ctx->mcg_wq) diff --git a/drivers/infiniband/hw/mlx4/mlx4_ib.h b/drivers/infiniband/hw/mlx4/mlx4_ib.h -index 369da3c..223e6e9 100644 +index 6eb743f..a7b0f6d 100644 --- a/drivers/infiniband/hw/mlx4/mlx4_ib.h +++ b/drivers/infiniband/hw/mlx4/mlx4_ib.h @@ -426,7 +426,7 @@ struct mlx4_ib_demux_ctx { @@ -44966,7 +42946,7 @@ index 49eb511..a774366 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 218dd35..97ce31d 100644 +index fef067c..6a25ccd 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -45068,10 +43048,10 @@ index 4a95b22..874c182 100644 #include <linux/gameport.h> #include <linux/jiffies.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 603fe0d..f63decc 100644 +index 177602c..ec78499 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -737,7 +737,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -850,7 +850,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -45080,7 +43060,7 @@ index 603fe0d..f63decc 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -750,7 +750,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -863,7 +863,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -45181,19 +43161,19 @@ index c9a02fe..0debc75 100644 kref_init(&serio_raw->kref); INIT_LIST_HEAD(&serio_raw->client_list); init_waitqueue_head(&serio_raw->wait); -diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index e5555fc..937986d 100644 ---- a/drivers/iommu/iommu.c -+++ b/drivers/iommu/iommu.c -@@ -588,7 +588,7 @@ static struct notifier_block iommu_bus_nb = { - static void iommu_bus_init(struct bus_type *bus, struct iommu_ops *ops) - { - bus_register_notifier(bus, &iommu_bus_nb); -- bus_for_each_dev(bus, NULL, ops, add_iommu_group); -+ bus_for_each_dev(bus, NULL, (void *)ops, add_iommu_group); - } +diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c +index a83cc2a..64462e6 100644 +--- a/drivers/iommu/arm-smmu.c ++++ b/drivers/iommu/arm-smmu.c +@@ -921,7 +921,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, + cfg->irptndx = cfg->cbndx; + } + +- ACCESS_ONCE(smmu_domain->smmu) = smmu; ++ ACCESS_ONCE_RW(smmu_domain->smmu) = smmu; + arm_smmu_init_context_bank(smmu_domain); + spin_unlock_irqrestore(&smmu_domain->lock, flags); - /** diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c index 33c4395..e06447e 100644 --- a/drivers/iommu/irq_remapping.c @@ -45225,10 +43205,10 @@ index 33c4395..e06447e 100644 bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip) diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c -index 7c131cf..035129b 100644 +index dda6dbc..f9adebb 100644 --- a/drivers/irqchip/irq-gic.c +++ b/drivers/irqchip/irq-gic.c -@@ -85,7 +85,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; +@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; * Supported arch specific GIC irq extension. * Default make them NULL. */ @@ -45237,7 +43217,7 @@ index 7c131cf..035129b 100644 .irq_eoi = NULL, .irq_mask = NULL, .irq_unmask = NULL, -@@ -337,7 +337,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) +@@ -312,7 +312,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) chained_irq_exit(chip, desc); } @@ -45260,7 +43240,7 @@ index 8777065..a4a9967 100644 int ret; int k; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index f9a87ed..3fdd854 100644 +index 6a2df32..dc962f1 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c @@ -81,8 +81,8 @@ struct capiminor { @@ -45518,162 +43498,6 @@ index 91d5730..336523e 100644 }; /* The following should better go into a dedicated source file such that -diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c -index 62f0688..38ceac5 100644 ---- a/drivers/isdn/i4l/isdn_ppp.c -+++ b/drivers/isdn/i4l/isdn_ppp.c -@@ -378,15 +378,10 @@ isdn_ppp_release(int min, struct file *file) - is->slcomp = NULL; - #endif - #ifdef CONFIG_IPPP_FILTER -- if (is->pass_filter) { -- sk_unattached_filter_destroy(is->pass_filter); -- is->pass_filter = NULL; -- } -- -- if (is->active_filter) { -- sk_unattached_filter_destroy(is->active_filter); -- is->active_filter = NULL; -- } -+ kfree(is->pass_filter); -+ is->pass_filter = NULL; -+ kfree(is->active_filter); -+ is->active_filter = NULL; - #endif - - /* TODO: if this was the previous master: link the stuff to the new master */ -@@ -442,7 +437,7 @@ static int get_filter(void __user *arg, struct sock_filter **p) - { - struct sock_fprog uprog; - struct sock_filter *code = NULL; -- int len; -+ int len, err; - - if (copy_from_user(&uprog, arg, sizeof(uprog))) - return -EFAULT; -@@ -458,6 +453,12 @@ static int get_filter(void __user *arg, struct sock_filter **p) - if (IS_ERR(code)) - return PTR_ERR(code); - -+ err = sk_chk_filter(code, uprog.len); -+ if (err) { -+ kfree(code); -+ return err; -+ } -+ - *p = code; - return uprog.len; - } -@@ -628,53 +629,25 @@ isdn_ppp_ioctl(int min, struct file *file, unsigned int cmd, unsigned long arg) - #ifdef CONFIG_IPPP_FILTER - case PPPIOCSPASS: - { -- struct sock_fprog_kern fprog; - struct sock_filter *code; -- int err, len = get_filter(argp, &code); -- -+ int len = get_filter(argp, &code); - if (len < 0) - return len; -- -- fprog.len = len; -- fprog.filter = code; -- -- if (is->pass_filter) { -- sk_unattached_filter_destroy(is->pass_filter); -- is->pass_filter = NULL; -- } -- if (fprog.filter != NULL) -- err = sk_unattached_filter_create(&is->pass_filter, -- &fprog); -- else -- err = 0; -- kfree(code); -- -- return err; -+ kfree(is->pass_filter); -+ is->pass_filter = code; -+ is->pass_len = len; -+ break; - } - case PPPIOCSACTIVE: - { -- struct sock_fprog_kern fprog; - struct sock_filter *code; -- int err, len = get_filter(argp, &code); -- -+ int len = get_filter(argp, &code); - if (len < 0) - return len; -- -- fprog.len = len; -- fprog.filter = code; -- -- if (is->active_filter) { -- sk_unattached_filter_destroy(is->active_filter); -- is->active_filter = NULL; -- } -- if (fprog.filter != NULL) -- err = sk_unattached_filter_create(&is->active_filter, -- &fprog); -- else -- err = 0; -- kfree(code); -- -- return err; -+ kfree(is->active_filter); -+ is->active_filter = code; -+ is->active_len = len; -+ break; - } - #endif /* CONFIG_IPPP_FILTER */ - default: -@@ -1174,14 +1147,14 @@ isdn_ppp_push_higher(isdn_net_dev *net_dev, isdn_net_local *lp, struct sk_buff * - } - - if (is->pass_filter -- && SK_RUN_FILTER(is->pass_filter, skb) == 0) { -+ && sk_run_filter(skb, is->pass_filter) == 0) { - if (is->debug & 0x2) - printk(KERN_DEBUG "IPPP: inbound frame filtered.\n"); - kfree_skb(skb); - return; - } - if (!(is->active_filter -- && SK_RUN_FILTER(is->active_filter, skb) == 0)) { -+ && sk_run_filter(skb, is->active_filter) == 0)) { - if (is->debug & 0x2) - printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n"); - lp->huptimer = 0; -@@ -1320,14 +1293,14 @@ isdn_ppp_xmit(struct sk_buff *skb, struct net_device *netdev) - } - - if (ipt->pass_filter -- && SK_RUN_FILTER(ipt->pass_filter, skb) == 0) { -+ && sk_run_filter(skb, ipt->pass_filter) == 0) { - if (ipt->debug & 0x4) - printk(KERN_DEBUG "IPPP: outbound frame filtered.\n"); - kfree_skb(skb); - goto unlock; - } - if (!(ipt->active_filter -- && SK_RUN_FILTER(ipt->active_filter, skb) == 0)) { -+ && sk_run_filter(skb, ipt->active_filter) == 0)) { - if (ipt->debug & 0x4) - printk(KERN_DEBUG "IPPP: link-active filter: resetting huptimer.\n"); - lp->huptimer = 0; -@@ -1517,9 +1490,9 @@ int isdn_ppp_autodial_filter(struct sk_buff *skb, isdn_net_local *lp) - } - - drop |= is->pass_filter -- && SK_RUN_FILTER(is->pass_filter, skb) == 0; -+ && sk_run_filter(skb, is->pass_filter) == 0; - drop |= is->active_filter -- && SK_RUN_FILTER(is->active_filter, skb) == 0; -+ && sk_run_filter(skb, is->active_filter) == 0; - - skb_push(skb, IPPP_MAX_HEADER - 4); - return drop; diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c index 3c5f249..5fac4d0 100644 --- a/drivers/isdn/i4l/isdn_tty.c @@ -45806,7 +43630,7 @@ index f58a354..fbae176 100644 .callback = clevo_mail_led_dmi_callback, .ident = "Clevo D410J", diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c -index 2eb3ef6..295891f 100644 +index 046cb70..6b20d39 100644 --- a/drivers/leds/leds-ss4200.c +++ b/drivers/leds/leds-ss4200.c @@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection"); @@ -45819,10 +43643,10 @@ index 2eb3ef6..295891f 100644 .callback = ss4200_led_dmi_callback, .ident = "Intel SS4200-E", diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index 0bf1e4e..b4bf44e 100644 +index 6590558..a74c5dd 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c -@@ -97,9 +97,17 @@ static __init int map_switcher(void) +@@ -96,9 +96,17 @@ static __init int map_switcher(void) * The end address needs +1 because __get_vm_area allocates an * extra guard page, so we need space for that. */ @@ -45840,7 +43664,7 @@ index 0bf1e4e..b4bf44e 100644 if (!switcher_vma) { err = -ENOMEM; printk("lguest: could not map switcher pages high\n"); -@@ -124,7 +132,7 @@ static __init int map_switcher(void) +@@ -121,7 +129,7 @@ static __init int map_switcher(void) * Now the Switcher is mapped at the right address, we can't fail! * Copy in the compiled-in Switcher code (from x86/switcher_32.S). */ @@ -46151,7 +43975,7 @@ index d1600d2..4c3af3a 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 9227910..f51ca38 100644 +index f9c6cb8..e272df6 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -274,7 +274,7 @@ static struct dm_dev_internal *find_device(struct list_head *l, dev_t dev) @@ -46253,7 +44077,7 @@ index 32b958d..34011e8 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 32fc19c..cb6eba3 100644 +index 1294238..a442227 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -194,10 +194,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -46447,7 +44271,7 @@ index 55de4f6..b1c57fe 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index a46124e..caf0bd55 100644 +index 6703751..187af1e 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) @@ -46610,6 +44434,32 @@ index 9b6c3bb..baeb5c7 100644 #if IS_ENABLED(CONFIG_DVB_DIB3000MB) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, +diff --git a/drivers/media/dvb-frontends/dib7000p.h b/drivers/media/dvb-frontends/dib7000p.h +index 1fea0e9..321ce8f 100644 +--- a/drivers/media/dvb-frontends/dib7000p.h ++++ b/drivers/media/dvb-frontends/dib7000p.h +@@ -64,7 +64,7 @@ struct dib7000p_ops { + int (*get_adc_power)(struct dvb_frontend *fe); + int (*slave_reset)(struct dvb_frontend *fe); + struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg); +-}; ++} __no_const; + + #if IS_ENABLED(CONFIG_DVB_DIB7000P) + void *dib7000p_attach(struct dib7000p_ops *ops); +diff --git a/drivers/media/dvb-frontends/dib8000.h b/drivers/media/dvb-frontends/dib8000.h +index 84cc103..5780c54 100644 +--- a/drivers/media/dvb-frontends/dib8000.h ++++ b/drivers/media/dvb-frontends/dib8000.h +@@ -61,7 +61,7 @@ struct dib8000_ops { + int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff); + int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff); + struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg); +-}; ++} __no_const; + + #if IS_ENABLED(CONFIG_DVB_DIB8000) + void *dib8000_attach(struct dib8000_ops *ops); diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c index ed8cb90..5ef7f79 100644 --- a/drivers/media/pci/cx88/cx88-video.c @@ -46640,8 +44490,60 @@ index 802642d..5534900 100644 /* Parameter declarations */ static int cardtype[IVTV_MAX_CARDS]; +diff --git a/drivers/media/pci/solo6x10/solo6x10-core.c b/drivers/media/pci/solo6x10/solo6x10-core.c +index 172583d..0f806f4 100644 +--- a/drivers/media/pci/solo6x10/solo6x10-core.c ++++ b/drivers/media/pci/solo6x10/solo6x10-core.c +@@ -430,7 +430,7 @@ static void solo_device_release(struct device *dev) + + static int solo_sysfs_init(struct solo_dev *solo_dev) + { +- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr; ++ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr; + struct device *dev = &solo_dev->dev; + const char *driver; + int i; +diff --git a/drivers/media/pci/solo6x10/solo6x10-g723.c b/drivers/media/pci/solo6x10/solo6x10-g723.c +index c7141f2..5301fec 100644 +--- a/drivers/media/pci/solo6x10/solo6x10-g723.c ++++ b/drivers/media/pci/solo6x10/solo6x10-g723.c +@@ -351,7 +351,7 @@ static int solo_snd_pcm_init(struct solo_dev *solo_dev) + + int solo_g723_init(struct solo_dev *solo_dev) + { +- static struct snd_device_ops ops = { NULL }; ++ static struct snd_device_ops ops = { }; + struct snd_card *card; + struct snd_kcontrol_new kctl; + char name[32]; +diff --git a/drivers/media/pci/solo6x10/solo6x10-p2m.c b/drivers/media/pci/solo6x10/solo6x10-p2m.c +index 8c84846..27b4f83 100644 +--- a/drivers/media/pci/solo6x10/solo6x10-p2m.c ++++ b/drivers/media/pci/solo6x10/solo6x10-p2m.c +@@ -73,7 +73,7 @@ int solo_p2m_dma_desc(struct solo_dev *solo_dev, + + /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */ + if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) { +- p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M; ++ p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M; + if (p2m_id < 0) + p2m_id = -p2m_id; + } +diff --git a/drivers/media/pci/solo6x10/solo6x10.h b/drivers/media/pci/solo6x10/solo6x10.h +index c6154b0..73e4ae9 100644 +--- a/drivers/media/pci/solo6x10/solo6x10.h ++++ b/drivers/media/pci/solo6x10/solo6x10.h +@@ -219,7 +219,7 @@ struct solo_dev { + + /* P2M DMA Engine */ + struct solo_p2m_dev p2m_dev[SOLO_NR_P2M]; +- atomic_t p2m_count; ++ atomic_unchecked_t p2m_count; + int p2m_jiffies; + unsigned int p2m_timeouts; + diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index 9a726ea..f5e9b52 100644 +index 2d177fa..5b925a1 100644 --- a/drivers/media/platform/omap/omap_vout.c +++ b/drivers/media/platform/omap/omap_vout.c @@ -63,7 +63,6 @@ enum omap_vout_channels { @@ -46652,7 +44554,7 @@ index 9a726ea..f5e9b52 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -1015,6 +1014,12 @@ static int omap_vout_open(struct file *file) +@@ -1014,6 +1013,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -46665,7 +44567,7 @@ index 9a726ea..f5e9b52 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1032,10 +1037,6 @@ static int omap_vout_open(struct file *file) +@@ -1031,10 +1036,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -46716,7 +44618,7 @@ index b713403..53cb5ad 100644 if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c -index 8a8dbc8..b74c62d 100644 +index b4d2696..91df48e 100644 --- a/drivers/media/platform/s5p-tv/mixer_video.c +++ b/drivers/media/platform/s5p-tv/mixer_video.c @@ -210,7 +210,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) @@ -46829,7 +44731,7 @@ index c9388c4..ce71ece 100644 .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, diff --git a/drivers/media/platform/vivi.c b/drivers/media/platform/vivi.c -index d00bf3d..1301a0c 100644 +index 8033371..de5bca0 100644 --- a/drivers/media/platform/vivi.c +++ b/drivers/media/platform/vivi.c @@ -58,8 +58,8 @@ MODULE_AUTHOR("Mauro Carvalho Chehab, Ted Walther and John Sokol"); @@ -46844,7 +44746,7 @@ index d00bf3d..1301a0c 100644 static unsigned n_devs = 1; diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index d719e59..63f3470 100644 +index 82affae..42833ec 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c @@ -333,6 +333,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo @@ -46908,7 +44810,7 @@ index 8654e0d..0608a64 100644 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg) { diff --git a/drivers/media/radio/radio-si476x.c b/drivers/media/radio/radio-si476x.c -index 2fd9009..278cc1e 100644 +index 633022b..7f10754 100644 --- a/drivers/media/radio/radio-si476x.c +++ b/drivers/media/radio/radio-si476x.c @@ -1445,7 +1445,7 @@ static int si476x_radio_probe(struct platform_device *pdev) @@ -47347,19 +45249,6 @@ index c890fe4..f9b2ae6 100644 } static void cinergyt2_fe_release(struct dvb_frontend *fe) -diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c -index a1c641e..3007da9 100644 ---- a/drivers/media/usb/dvb-usb/cxusb.c -+++ b/drivers/media/usb/dvb-usb/cxusb.c -@@ -1112,7 +1112,7 @@ static struct dib0070_config dib7070p_dib0070_config = { - - struct dib0700_adapter_state { - int (*set_param_save) (struct dvb_frontend *); --}; -+} __no_const; - - static int dib7070_set_param_override(struct dvb_frontend *fe) - { diff --git a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c b/drivers/media/usb/dvb-usb/dvb-usb-firmware.c index 733a7ff..f8b52e3 100644 --- a/drivers/media/usb/dvb-usb/dvb-usb-firmware.c @@ -47434,7 +45323,7 @@ index 733a7ff..f8b52e3 100644 } EXPORT_SYMBOL(usb_cypress_load_firmware); diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c -index ae0f56a..ec71784 100644 +index 2add8c5..c33b854 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c @@ -118,7 +118,7 @@ struct su3000_state { @@ -47447,7 +45336,7 @@ index ae0f56a..ec71784 100644 /* debug */ static int dvb_usb_dw2102_debug; diff --git a/drivers/media/usb/dvb-usb/technisat-usb2.c b/drivers/media/usb/dvb-usb/technisat-usb2.c -index d947e03..87fef42 100644 +index 6b0b8b6b..4038398 100644 --- a/drivers/media/usb/dvb-usb/technisat-usb2.c +++ b/drivers/media/usb/dvb-usb/technisat-usb2.c @@ -87,8 +87,11 @@ struct technisat_usb2_state { @@ -47653,7 +45542,7 @@ index d947e03..87fef42 100644 } diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c -index 7e2411c..cef73ca 100644 +index cca6c2f..77b9a18 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -328,7 +328,7 @@ struct v4l2_buffer32 { @@ -47692,16 +45581,16 @@ index 7e2411c..cef73ca 100644 if (get_user(p, &up->m.planes)) return -EFAULT; uplane32 = compat_ptr(p); -@@ -552,7 +552,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame - get_user(kp->capability, &up->capability) || - get_user(kp->flags, &up->flags)) +@@ -562,7 +562,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_frame + get_user(kp->flags, &up->flags) || + copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt))) return -EFAULT; - kp->base = compat_ptr(tmp); + kp->base = (void __force_kernel *)compat_ptr(tmp); - get_v4l2_pix_format(&kp->fmt, &up->fmt); return 0; } -@@ -658,7 +658,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext + +@@ -667,7 +667,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext n * sizeof(struct v4l2_ext_control32))) return -EFAULT; kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control)); @@ -47710,7 +45599,7 @@ index 7e2411c..cef73ca 100644 while (--n >= 0) { if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols))) return -EFAULT; -@@ -680,7 +680,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext +@@ -689,7 +689,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up) { struct v4l2_ext_control32 __user *ucontrols; @@ -47719,7 +45608,7 @@ index 7e2411c..cef73ca 100644 int n = kp->count; compat_caddr_t p; -@@ -774,7 +774,7 @@ static int put_v4l2_edid32(struct v4l2_edid *kp, struct v4l2_edid32 __user *up) +@@ -783,7 +783,7 @@ static int put_v4l2_edid32(struct v4l2_edid *kp, struct v4l2_edid32 __user *up) put_user(kp->start_block, &up->start_block) || put_user(kp->blocks, &up->blocks) || put_user(tmp, &up->edid) || @@ -47728,21 +45617,6 @@ index 7e2411c..cef73ca 100644 return -EFAULT; return 0; } -diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c -index 55c6832..a91c7a6 100644 ---- a/drivers/media/v4l2-core/v4l2-ctrls.c -+++ b/drivers/media/v4l2-core/v4l2-ctrls.c -@@ -1431,8 +1431,8 @@ static int validate_new(const struct v4l2_ctrl *ctrl, - return 0; - - case V4L2_CTRL_TYPE_STRING: -- len = strlen(c->string); -- if (len < ctrl->minimum) -+ len = strlen_user(c->string); -+ if (!len || len < ctrl->minimum) - return -ERANGE; - if ((len - ctrl->minimum) % ctrl->step) - return -ERANGE; diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c index 015f92a..59e311e 100644 --- a/drivers/media/v4l2-core/v4l2-device.c @@ -47760,10 +45634,10 @@ index 015f92a..59e311e 100644 if (basename[len - 1] >= '0' && basename[len - 1] <= '9') diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c -index 16bffd8..3ab516a 100644 +index d15e167..337f374 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c -@@ -2003,7 +2003,8 @@ struct v4l2_ioctl_info { +@@ -2142,7 +2142,8 @@ struct v4l2_ioctl_info { struct file *file, void *fh, void *p); } u; void (*debug)(const void *arg, bool write_only); @@ -47773,7 +45647,7 @@ index 16bffd8..3ab516a 100644 /* This control needs a priority check */ #define INFO_FL_PRIO (1 << 0) -@@ -2186,7 +2187,7 @@ static long __video_do_ioctl(struct file *file, +@@ -2326,7 +2327,7 @@ static long __video_do_ioctl(struct file *file, struct video_device *vfd = video_devdata(file); const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops; bool write_only = false; @@ -47782,7 +45656,7 @@ index 16bffd8..3ab516a 100644 const struct v4l2_ioctl_info *info; void *fh = file->private_data; struct v4l2_fh *vfh = NULL; -@@ -2276,7 +2277,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +@@ -2413,7 +2414,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, ret = -EINVAL; break; } @@ -47791,7 +45665,7 @@ index 16bffd8..3ab516a 100644 *kernel_ptr = (void **)&buf->m.planes; *array_size = sizeof(struct v4l2_plane) * buf->length; ret = 1; -@@ -2293,7 +2294,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +@@ -2430,7 +2431,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, ret = -EINVAL; break; } @@ -47800,7 +45674,7 @@ index 16bffd8..3ab516a 100644 *kernel_ptr = (void **)&edid->edid; *array_size = edid->blocks * 128; ret = 1; -@@ -2311,7 +2312,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +@@ -2448,7 +2449,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, ret = -EINVAL; break; } @@ -47809,7 +45683,7 @@ index 16bffd8..3ab516a 100644 *kernel_ptr = (void **)&ctrls->controls; *array_size = sizeof(struct v4l2_ext_control) * ctrls->count; -@@ -2412,7 +2413,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, +@@ -2549,7 +2550,7 @@ video_usercopy(struct file *file, unsigned int cmd, unsigned long arg, } if (has_array_args) { @@ -47819,10 +45693,10 @@ index 16bffd8..3ab516a 100644 err = -EFAULT; goto out_array_args; diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index ebc0af7..baed058 100644 +index a896d94..a5d56b1 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6755,8 +6755,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6752,8 +6752,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -47836,7 +45710,7 @@ index ebc0af7..baed058 100644 /* * Rounding UP to nearest 4-kB boundary here... */ -@@ -6769,7 +6774,11 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6766,7 +6771,11 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) ioc->facts.GlobalCredits); seq_printf(m, " Frames @ 0x%p (Dma @ 0x%p)\n", @@ -47849,7 +45723,7 @@ index ebc0af7..baed058 100644 seq_printf(m, " {CurRepSz=%d} x {CurRepDepth=%d} = %d bytes ^= 0x%x\n", ioc->reply_sz, ioc->reply_depth, ioc->reply_sz*ioc->reply_depth, sz); diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 711fcb5..5da1fb0 100644 +index 0707fa2..70ca794 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -47900,35 +45774,6 @@ index 711fcb5..5da1fb0 100644 static inline struct sas_port * mptsas_get_port(struct mptsas_phyinfo *phy_info) { -diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index 2a1c6f2..a04c6a2 100644 ---- a/drivers/message/fusion/mptscsih.c -+++ b/drivers/message/fusion/mptscsih.c -@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost) - - h = shost_priv(SChost); - -- if (h) { -- if (h->info_kbuf == NULL) -- if ((h->info_kbuf = kmalloc(0x1000 /* 4Kb */, GFP_KERNEL)) == NULL) -- return h->info_kbuf; -- h->info_kbuf[0] = '\0'; -+ if (!h) -+ return NULL; - -- mpt_print_ioc_summary(h->ioc, h->info_kbuf, &size, 0, 0); -- h->info_kbuf[size-1] = '\0'; -- } -+ if (h->info_kbuf == NULL) -+ if ((h->info_kbuf = kmalloc(0x1000 /* 4Kb */, GFP_KERNEL)) == NULL) -+ return h->info_kbuf; -+ h->info_kbuf[0] = '\0'; -+ -+ mpt_print_ioc_summary(h->ioc, h->info_kbuf, &size, 0, 0); -+ h->info_kbuf[size-1] = '\0'; - - return h->info_kbuf; - } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c index b7d87cd..3fb36da 100644 --- a/drivers/message/i2o/i2o_proc.c @@ -48121,7 +45966,7 @@ index 92752fb..a7494f6 100644 #endif diff --git a/drivers/mfd/ab8500-debugfs.c b/drivers/mfd/ab8500-debugfs.c -index d1a22aa..d0f7bf7 100644 +index b2c7e3b..85aa4764 100644 --- a/drivers/mfd/ab8500-debugfs.c +++ b/drivers/mfd/ab8500-debugfs.c @@ -100,7 +100,7 @@ static int irq_last; @@ -48134,7 +45979,7 @@ index d1a22aa..d0f7bf7 100644 static u8 avg_sample = SAMPLE_16; diff --git a/drivers/mfd/max8925-i2c.c b/drivers/mfd/max8925-i2c.c -index a83eed5..62a58a9 100644 +index ecbe78e..b2ca870 100644 --- a/drivers/mfd/max8925-i2c.c +++ b/drivers/mfd/max8925-i2c.c @@ -152,7 +152,7 @@ static int max8925_probe(struct i2c_client *client, @@ -48147,7 +45992,7 @@ index a83eed5..62a58a9 100644 if (node && !pdata) { diff --git a/drivers/mfd/tps65910.c b/drivers/mfd/tps65910.c -index f9e42ea..614d240 100644 +index f243e75..322176c 100644 --- a/drivers/mfd/tps65910.c +++ b/drivers/mfd/tps65910.c @@ -230,7 +230,7 @@ static int tps65910_irq_init(struct tps65910 *tps65910, int irq, @@ -48160,7 +46005,7 @@ index f9e42ea..614d240 100644 if (!irq) { dev_warn(tps65910->dev, "No interrupt support, no core IRQ\n"); diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c -index 596b1f6..5b6ab74 100644 +index b1dabba..24a88f2 100644 --- a/drivers/mfd/twl4030-irq.c +++ b/drivers/mfd/twl4030-irq.c @@ -34,6 +34,7 @@ @@ -48596,7 +46441,7 @@ index 82dc574..8539ab2 100644 break; diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c -index 452782b..0c10e40 100644 +index ede41f0..744fbd9 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -574,7 +574,7 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, @@ -48622,10 +46467,10 @@ index f51b5ba..86614a7 100644 /* * dma onto stack is unsafe/nonportable, but callers to this diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h -index 738fa24..1568451 100644 +index 08fd956..370487a 100644 --- a/drivers/mmc/host/dw_mmc.h +++ b/drivers/mmc/host/dw_mmc.h -@@ -257,5 +257,5 @@ struct dw_mci_drv_data { +@@ -262,5 +262,5 @@ struct dw_mci_drv_data { int (*parse_dt)(struct dw_mci *host); int (*execute_tuning)(struct dw_mci_slot *slot, u32 opcode, struct dw_mci_tuning_data *tuning_data); @@ -48633,10 +46478,10 @@ index 738fa24..1568451 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c -index d3f05ad..ba7684b 100644 +index e4d4707..28262a3 100644 --- a/drivers/mmc/host/mmci.c +++ b/drivers/mmc/host/mmci.c -@@ -1515,7 +1515,9 @@ static int mmci_probe(struct amba_device *dev, +@@ -1612,7 +1612,9 @@ static int mmci_probe(struct amba_device *dev, mmc->caps |= MMC_CAP_CMD23; if (variant->busy_detect) { @@ -48699,7 +46544,7 @@ index 423666b..81ff5eb 100644 if (!ECCBUF_SIZE) { /* We should fall back to a general writev implementation. diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index 9f2012a..a81c720 100644 +index 0b071a3..8ec3d5b 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c @@ -24,6 +24,7 @@ @@ -48711,10 +46556,10 @@ index 9f2012a..a81c720 100644 #include "denali.h" diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c -index f638cd8..2cbf586 100644 +index 959cb9b..8520fe5 100644 --- a/drivers/mtd/nand/gpmi-nand/gpmi-nand.c +++ b/drivers/mtd/nand/gpmi-nand/gpmi-nand.c -@@ -387,7 +387,7 @@ void prepare_data_dma(struct gpmi_nand_data *this, enum dma_data_direction dr) +@@ -386,7 +386,7 @@ void prepare_data_dma(struct gpmi_nand_data *this, enum dma_data_direction dr) /* first try to map the upper buffer directly */ if (virt_addr_valid(this->upper_buf) && @@ -48749,10 +46594,10 @@ index cf49c22..971b133 100644 struct sm_sysfs_attribute *vendor_attribute; char *vendor; diff --git a/drivers/net/bonding/bond_netlink.c b/drivers/net/bonding/bond_netlink.c -index 5ab3c18..5c3a836 100644 +index d163e11..f517018 100644 --- a/drivers/net/bonding/bond_netlink.c +++ b/drivers/net/bonding/bond_netlink.c -@@ -542,7 +542,7 @@ nla_put_failure: +@@ -548,7 +548,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -48819,10 +46664,10 @@ index 7330681..7e9e463 100644 /* Scatter/gather IO is not supported, * so it is turned off diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-common.h b/drivers/net/ethernet/amd/xgbe/xgbe-common.h -index bf462ee8..18b8375 100644 +index cc25a3a..c8d72d3 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-common.h +++ b/drivers/net/ethernet/amd/xgbe/xgbe-common.h -@@ -986,14 +986,14 @@ do { \ +@@ -1083,14 +1083,14 @@ do { \ * operations, everything works on mask values. */ #define XMDIO_READ(_pdata, _mmd, _reg) \ @@ -48839,30 +46684,30 @@ index bf462ee8..18b8375 100644 MII_ADDR_C45 | (_mmd << 16) | ((_reg) & 0xffff), (_val))) #define XMDIO_WRITE_BITS(_pdata, _mmd, _reg, _mask, _val) \ -diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c b/drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c -index 6bb76d5..ded47a8 100644 ---- a/drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c -+++ b/drivers/net/ethernet/amd/xgbe/xgbe-debugfs.c -@@ -273,7 +273,7 @@ static ssize_t xpcs_reg_value_read(struct file *filp, char __user *buffer, - struct xgbe_prv_data *pdata = filp->private_data; - unsigned int value; - -- value = pdata->hw_if.read_mmd_regs(pdata, pdata->debugfs_xpcs_mmd, -+ value = pdata->hw_if->read_mmd_regs(pdata, pdata->debugfs_xpcs_mmd, - pdata->debugfs_xpcs_reg); - - return xgbe_common_read(buffer, count, ppos, value); -@@ -291,7 +291,7 @@ static ssize_t xpcs_reg_value_write(struct file *filp, - if (len < 0) - return len; +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c b/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c +index 7d6a49b..e6d403b 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-dcb.c +@@ -188,7 +188,7 @@ static int xgbe_dcb_ieee_setets(struct net_device *netdev, -- pdata->hw_if.write_mmd_regs(pdata, pdata->debugfs_xpcs_mmd, -+ pdata->hw_if->write_mmd_regs(pdata, pdata->debugfs_xpcs_mmd, - pdata->debugfs_xpcs_reg, value); + memcpy(pdata->ets, ets, sizeof(*pdata->ets)); - return len; +- pdata->hw_if.config_dcb_tc(pdata); ++ pdata->hw_if->config_dcb_tc(pdata); + + return 0; + } +@@ -227,7 +227,7 @@ static int xgbe_dcb_ieee_setpfc(struct net_device *netdev, + + memcpy(pdata->pfc, pfc, sizeof(*pdata->pfc)); + +- pdata->hw_if.config_dcb_pfc(pdata); ++ pdata->hw_if->config_dcb_pfc(pdata); + + return 0; + } diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c -index 6f1c859..e96ac1a 100644 +index 1c5d62e..8e14d54 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-desc.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-desc.c @@ -236,7 +236,7 @@ err_ring: @@ -48883,7 +46728,7 @@ index 6f1c859..e96ac1a 100644 struct xgbe_channel *channel; struct xgbe_ring *ring; struct xgbe_ring_desc *rdesc; -@@ -496,7 +496,7 @@ err_out: +@@ -506,7 +506,7 @@ err_out: static void xgbe_realloc_skb(struct xgbe_channel *channel) { struct xgbe_prv_data *pdata = channel->pdata; @@ -48892,7 +46737,7 @@ index 6f1c859..e96ac1a 100644 struct xgbe_ring *ring = channel->rx_ring; struct xgbe_ring_data *rdata; struct sk_buff *skb = NULL; -@@ -540,17 +540,12 @@ static void xgbe_realloc_skb(struct xgbe_channel *channel) +@@ -550,17 +550,12 @@ static void xgbe_realloc_skb(struct xgbe_channel *channel) DBGPR("<--xgbe_realloc_skb\n"); } @@ -48920,10 +46765,10 @@ index 6f1c859..e96ac1a 100644 + .wrapper_rx_desc_init = xgbe_wrapper_rx_descriptor_init, +}; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c -index 002293b..5ced1dd 100644 +index ea27383..d695e45 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-dev.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-dev.c -@@ -2030,7 +2030,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata) +@@ -2463,7 +2463,7 @@ static void xgbe_powerdown_rx(struct xgbe_prv_data *pdata) static int xgbe_init(struct xgbe_prv_data *pdata) { @@ -48932,7 +46777,7 @@ index 002293b..5ced1dd 100644 int ret; DBGPR("-->xgbe_init\n"); -@@ -2096,87 +2096,82 @@ static int xgbe_init(struct xgbe_prv_data *pdata) +@@ -2525,101 +2525,96 @@ static int xgbe_init(struct xgbe_prv_data *pdata) return 0; } @@ -48944,7 +46789,7 @@ index 002293b..5ced1dd 100644 - - hw_if->set_promiscuous_mode = xgbe_set_promiscuous_mode; - hw_if->set_all_multicast_mode = xgbe_set_all_multicast_mode; -- hw_if->set_addn_mac_addrs = xgbe_set_addn_mac_addrs; +- hw_if->add_mac_addresses = xgbe_add_mac_addresses; - hw_if->set_mac_address = xgbe_set_mac_address; - - hw_if->enable_rx_csum = xgbe_enable_rx_csum; @@ -48952,6 +46797,9 @@ index 002293b..5ced1dd 100644 - - hw_if->enable_rx_vlan_stripping = xgbe_enable_rx_vlan_stripping; - hw_if->disable_rx_vlan_stripping = xgbe_disable_rx_vlan_stripping; +- hw_if->enable_rx_vlan_filtering = xgbe_enable_rx_vlan_filtering; +- hw_if->disable_rx_vlan_filtering = xgbe_disable_rx_vlan_filtering; +- hw_if->update_vlan_hash_table = xgbe_update_vlan_hash_table; - - hw_if->read_mmd_regs = xgbe_read_mmd_regs; - hw_if->write_mmd_regs = xgbe_write_mmd_regs; @@ -48981,7 +46829,7 @@ index 002293b..5ced1dd 100644 + + .set_promiscuous_mode = xgbe_set_promiscuous_mode, + .set_all_multicast_mode = xgbe_set_all_multicast_mode, -+ .set_addn_mac_addrs = xgbe_set_addn_mac_addrs, ++ .add_mac_addresses = xgbe_add_mac_addresses, + .set_mac_address = xgbe_set_mac_address, + + .enable_rx_csum = xgbe_enable_rx_csum, @@ -48989,6 +46837,9 @@ index 002293b..5ced1dd 100644 + + .enable_rx_vlan_stripping = xgbe_enable_rx_vlan_stripping, + .disable_rx_vlan_stripping = xgbe_disable_rx_vlan_stripping, ++ .enable_rx_vlan_filtering = xgbe_enable_rx_vlan_filtering, ++ .disable_rx_vlan_filtering = xgbe_disable_rx_vlan_filtering, ++ .update_vlan_hash_table = xgbe_update_vlan_hash_table, + + .read_mmd_regs = xgbe_read_mmd_regs, + .write_mmd_regs = xgbe_write_mmd_regs, @@ -49076,36 +46927,54 @@ index 002293b..5ced1dd 100644 - hw_if->tx_mmc_int = xgbe_tx_mmc_int; - hw_if->rx_mmc_int = xgbe_rx_mmc_int; - hw_if->read_mmc_stats = xgbe_read_mmc_stats; -- -- DBGPR("<--xgbe_init_function_ptrs\n"); --} + .tx_mmc_int = xgbe_tx_mmc_int, + .rx_mmc_int = xgbe_rx_mmc_int, + .read_mmc_stats = xgbe_read_mmc_stats, + + /* For PTP config */ +- hw_if->config_tstamp = xgbe_config_tstamp; +- hw_if->update_tstamp_addend = xgbe_update_tstamp_addend; +- hw_if->set_tstamp_time = xgbe_set_tstamp_time; +- hw_if->get_tstamp_time = xgbe_get_tstamp_time; +- hw_if->get_tx_tstamp = xgbe_get_tx_tstamp; ++ .config_tstamp = xgbe_config_tstamp, ++ .update_tstamp_addend = xgbe_update_tstamp_addend, ++ .set_tstamp_time = xgbe_set_tstamp_time, ++ .get_tstamp_time = xgbe_get_tstamp_time, ++ .get_tx_tstamp = xgbe_get_tx_tstamp, + + /* For Data Center Bridging config */ +- hw_if->config_dcb_tc = xgbe_config_dcb_tc; +- hw_if->config_dcb_pfc = xgbe_config_dcb_pfc; +- +- DBGPR("<--xgbe_init_function_ptrs\n"); +-} ++ .config_dcb_tc = xgbe_config_dcb_tc, ++ .config_dcb_pfc = xgbe_config_dcb_pfc +}; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c -index cfe3d93..07a78ae 100644 +index b26d758..b0d1c3b 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c -@@ -153,7 +153,7 @@ static int xgbe_calc_rx_buf_size(struct net_device *netdev, unsigned int mtu) +@@ -155,7 +155,7 @@ static int xgbe_calc_rx_buf_size(struct net_device *netdev, unsigned int mtu) static void xgbe_enable_rx_tx_ints(struct xgbe_prv_data *pdata) { - struct xgbe_hw_if *hw_if = &pdata->hw_if; + struct xgbe_hw_if *hw_if = pdata->hw_if; struct xgbe_channel *channel; + enum xgbe_int int_id; unsigned int i; - -@@ -170,7 +170,7 @@ static void xgbe_enable_rx_tx_ints(struct xgbe_prv_data *pdata) +@@ -177,7 +177,7 @@ static void xgbe_enable_rx_tx_ints(struct xgbe_prv_data *pdata) static void xgbe_disable_rx_tx_ints(struct xgbe_prv_data *pdata) { - struct xgbe_hw_if *hw_if = &pdata->hw_if; + struct xgbe_hw_if *hw_if = pdata->hw_if; struct xgbe_channel *channel; + enum xgbe_int int_id; unsigned int i; - -@@ -188,7 +188,7 @@ static void xgbe_disable_rx_tx_ints(struct xgbe_prv_data *pdata) +@@ -200,7 +200,7 @@ static void xgbe_disable_rx_tx_ints(struct xgbe_prv_data *pdata) static irqreturn_t xgbe_isr(int irq, void *data) { struct xgbe_prv_data *pdata = data; @@ -49113,8 +46982,8 @@ index cfe3d93..07a78ae 100644 + struct xgbe_hw_if *hw_if = pdata->hw_if; struct xgbe_channel *channel; unsigned int dma_isr, dma_ch_isr; - unsigned int mac_isr; -@@ -403,7 +403,7 @@ static void xgbe_napi_disable(struct xgbe_prv_data *pdata) + unsigned int mac_isr, mac_tssr; +@@ -447,7 +447,7 @@ static void xgbe_napi_disable(struct xgbe_prv_data *pdata, unsigned int del) void xgbe_init_tx_coalesce(struct xgbe_prv_data *pdata) { @@ -49123,7 +46992,7 @@ index cfe3d93..07a78ae 100644 DBGPR("-->xgbe_init_tx_coalesce\n"); -@@ -417,7 +417,7 @@ void xgbe_init_tx_coalesce(struct xgbe_prv_data *pdata) +@@ -461,7 +461,7 @@ void xgbe_init_tx_coalesce(struct xgbe_prv_data *pdata) void xgbe_init_rx_coalesce(struct xgbe_prv_data *pdata) { @@ -49132,7 +47001,7 @@ index cfe3d93..07a78ae 100644 DBGPR("-->xgbe_init_rx_coalesce\n"); -@@ -431,7 +431,7 @@ void xgbe_init_rx_coalesce(struct xgbe_prv_data *pdata) +@@ -475,7 +475,7 @@ void xgbe_init_rx_coalesce(struct xgbe_prv_data *pdata) static void xgbe_free_tx_skbuff(struct xgbe_prv_data *pdata) { @@ -49141,7 +47010,7 @@ index cfe3d93..07a78ae 100644 struct xgbe_channel *channel; struct xgbe_ring *ring; struct xgbe_ring_data *rdata; -@@ -456,7 +456,7 @@ static void xgbe_free_tx_skbuff(struct xgbe_prv_data *pdata) +@@ -500,7 +500,7 @@ static void xgbe_free_tx_skbuff(struct xgbe_prv_data *pdata) static void xgbe_free_rx_skbuff(struct xgbe_prv_data *pdata) { @@ -49150,7 +47019,16 @@ index cfe3d93..07a78ae 100644 struct xgbe_channel *channel; struct xgbe_ring *ring; struct xgbe_ring_data *rdata; -@@ -482,7 +482,7 @@ static void xgbe_free_rx_skbuff(struct xgbe_prv_data *pdata) +@@ -526,7 +526,7 @@ static void xgbe_free_rx_skbuff(struct xgbe_prv_data *pdata) + static void xgbe_adjust_link(struct net_device *netdev) + { + struct xgbe_prv_data *pdata = netdev_priv(netdev); +- struct xgbe_hw_if *hw_if = &pdata->hw_if; ++ struct xgbe_hw_if *hw_if = pdata->hw_if; + struct phy_device *phydev = pdata->phydev; + int new_state = 0; + +@@ -634,7 +634,7 @@ static void xgbe_phy_exit(struct xgbe_prv_data *pdata) int xgbe_powerdown(struct net_device *netdev, unsigned int caller) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49159,7 +47037,7 @@ index cfe3d93..07a78ae 100644 unsigned long flags; DBGPR("-->xgbe_powerdown\n"); -@@ -520,7 +520,7 @@ int xgbe_powerdown(struct net_device *netdev, unsigned int caller) +@@ -672,7 +672,7 @@ int xgbe_powerdown(struct net_device *netdev, unsigned int caller) int xgbe_powerup(struct net_device *netdev, unsigned int caller) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49168,7 +47046,7 @@ index cfe3d93..07a78ae 100644 unsigned long flags; DBGPR("-->xgbe_powerup\n"); -@@ -557,7 +557,7 @@ int xgbe_powerup(struct net_device *netdev, unsigned int caller) +@@ -709,7 +709,7 @@ int xgbe_powerup(struct net_device *netdev, unsigned int caller) static int xgbe_start(struct xgbe_prv_data *pdata) { @@ -49177,7 +47055,7 @@ index cfe3d93..07a78ae 100644 struct net_device *netdev = pdata->netdev; DBGPR("-->xgbe_start\n"); -@@ -583,7 +583,7 @@ static int xgbe_start(struct xgbe_prv_data *pdata) +@@ -735,7 +735,7 @@ static int xgbe_start(struct xgbe_prv_data *pdata) static void xgbe_stop(struct xgbe_prv_data *pdata) { @@ -49186,7 +47064,7 @@ index cfe3d93..07a78ae 100644 struct net_device *netdev = pdata->netdev; DBGPR("-->xgbe_stop\n"); -@@ -603,7 +603,7 @@ static void xgbe_stop(struct xgbe_prv_data *pdata) +@@ -755,7 +755,7 @@ static void xgbe_stop(struct xgbe_prv_data *pdata) static void xgbe_restart_dev(struct xgbe_prv_data *pdata, unsigned int reset) { @@ -49195,7 +47073,16 @@ index cfe3d93..07a78ae 100644 DBGPR("-->xgbe_restart_dev\n"); -@@ -741,8 +741,8 @@ static void xgbe_packet_info(struct xgbe_ring *ring, struct sk_buff *skb, +@@ -952,7 +952,7 @@ static int xgbe_set_hwtstamp_settings(struct xgbe_prv_data *pdata, + return -ERANGE; + } + +- pdata->hw_if.config_tstamp(pdata, mac_tscr); ++ pdata->hw_if->config_tstamp(pdata, mac_tscr); + + memcpy(&pdata->tstamp_config, &config, sizeof(config)); + +@@ -1090,8 +1090,8 @@ static void xgbe_packet_info(struct xgbe_prv_data *pdata, static int xgbe_open(struct net_device *netdev) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49206,7 +47093,7 @@ index cfe3d93..07a78ae 100644 int ret; DBGPR("-->xgbe_open\n"); -@@ -804,8 +804,8 @@ err_clk: +@@ -1171,8 +1171,8 @@ err_phy_init: static int xgbe_close(struct net_device *netdev) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49217,7 +47104,7 @@ index cfe3d93..07a78ae 100644 DBGPR("-->xgbe_close\n"); -@@ -835,8 +835,8 @@ static int xgbe_close(struct net_device *netdev) +@@ -1206,8 +1206,8 @@ static int xgbe_close(struct net_device *netdev) static int xgbe_xmit(struct sk_buff *skb, struct net_device *netdev) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49228,7 +47115,7 @@ index cfe3d93..07a78ae 100644 struct xgbe_channel *channel; struct xgbe_ring *ring; struct xgbe_packet_data *packet; -@@ -903,7 +903,7 @@ tx_netdev_return: +@@ -1276,7 +1276,7 @@ tx_netdev_return: static void xgbe_set_rx_mode(struct net_device *netdev) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49237,7 +47124,7 @@ index cfe3d93..07a78ae 100644 unsigned int pr_mode, am_mode; DBGPR("-->xgbe_set_rx_mode\n"); -@@ -930,7 +930,7 @@ static void xgbe_set_rx_mode(struct net_device *netdev) +@@ -1295,7 +1295,7 @@ static void xgbe_set_rx_mode(struct net_device *netdev) static int xgbe_set_mac_address(struct net_device *netdev, void *addr) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49246,7 +47133,7 @@ index cfe3d93..07a78ae 100644 struct sockaddr *saddr = addr; DBGPR("-->xgbe_set_mac_address\n"); -@@ -976,7 +976,7 @@ static struct rtnl_link_stats64 *xgbe_get_stats64(struct net_device *netdev, +@@ -1362,7 +1362,7 @@ static struct rtnl_link_stats64 *xgbe_get_stats64(struct net_device *netdev, DBGPR("-->%s\n", __func__); @@ -49255,16 +47142,43 @@ index cfe3d93..07a78ae 100644 s->rx_packets = pstats->rxframecount_gb; s->rx_bytes = pstats->rxoctetcount_gb; -@@ -1020,7 +1020,7 @@ static int xgbe_set_features(struct net_device *netdev, +@@ -1389,7 +1389,7 @@ static int xgbe_vlan_rx_add_vid(struct net_device *netdev, __be16 proto, + u16 vid) + { + struct xgbe_prv_data *pdata = netdev_priv(netdev); +- struct xgbe_hw_if *hw_if = &pdata->hw_if; ++ struct xgbe_hw_if *hw_if = pdata->hw_if; + + DBGPR("-->%s\n", __func__); + +@@ -1405,7 +1405,7 @@ static int xgbe_vlan_rx_kill_vid(struct net_device *netdev, __be16 proto, + u16 vid) + { + struct xgbe_prv_data *pdata = netdev_priv(netdev); +- struct xgbe_hw_if *hw_if = &pdata->hw_if; ++ struct xgbe_hw_if *hw_if = pdata->hw_if; + + DBGPR("-->%s\n", __func__); + +@@ -1465,7 +1465,7 @@ static int xgbe_set_features(struct net_device *netdev, netdev_features_t features) { struct xgbe_prv_data *pdata = netdev_priv(netdev); - struct xgbe_hw_if *hw_if = &pdata->hw_if; + struct xgbe_hw_if *hw_if = pdata->hw_if; - unsigned int rxcsum_enabled, rxvlan_enabled; + unsigned int rxcsum, rxvlan, rxvlan_filter; - rxcsum_enabled = !!(pdata->netdev_features & NETIF_F_RXCSUM); -@@ -1072,8 +1072,8 @@ struct net_device_ops *xgbe_get_netdev_ops(void) + rxcsum = pdata->netdev_features & NETIF_F_RXCSUM; +@@ -1521,7 +1521,7 @@ struct net_device_ops *xgbe_get_netdev_ops(void) + static void xgbe_rx_refresh(struct xgbe_channel *channel) + { + struct xgbe_prv_data *pdata = channel->pdata; +- struct xgbe_desc_if *desc_if = &pdata->desc_if; ++ struct xgbe_desc_if *desc_if = pdata->desc_if; + struct xgbe_ring *ring = channel->rx_ring; + struct xgbe_ring_data *rdata; + +@@ -1537,8 +1537,8 @@ static void xgbe_rx_refresh(struct xgbe_channel *channel) static int xgbe_tx_poll(struct xgbe_channel *channel) { struct xgbe_prv_data *pdata = channel->pdata; @@ -49275,22 +47189,20 @@ index cfe3d93..07a78ae 100644 struct xgbe_ring *ring = channel->tx_ring; struct xgbe_ring_data *rdata; struct xgbe_ring_desc *rdesc; -@@ -1124,8 +1124,8 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) +@@ -1590,7 +1590,7 @@ static int xgbe_tx_poll(struct xgbe_channel *channel) static int xgbe_rx_poll(struct xgbe_channel *channel, int budget) { struct xgbe_prv_data *pdata = channel->pdata; - struct xgbe_hw_if *hw_if = &pdata->hw_if; -- struct xgbe_desc_if *desc_if = &pdata->desc_if; + struct xgbe_hw_if *hw_if = pdata->hw_if; -+ struct xgbe_desc_if *desc_if = pdata->desc_if; struct xgbe_ring *ring = channel->rx_ring; struct xgbe_ring_data *rdata; struct xgbe_packet_data *packet; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c -index 8909f2b..719e767 100644 +index 46f6130..f37dde3 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-ethtool.c -@@ -202,7 +202,7 @@ static void xgbe_get_ethtool_stats(struct net_device *netdev, +@@ -203,7 +203,7 @@ static void xgbe_get_ethtool_stats(struct net_device *netdev, DBGPR("-->%s\n", __func__); @@ -49299,7 +47211,7 @@ index 8909f2b..719e767 100644 for (i = 0; i < XGBE_STATS_COUNT; i++) { stat = (u8 *)pdata + xgbe_gstring_stats[i].stat_offset; *data++ = *(u64 *)stat; -@@ -387,7 +387,7 @@ static int xgbe_get_coalesce(struct net_device *netdev, +@@ -378,7 +378,7 @@ static int xgbe_get_coalesce(struct net_device *netdev, struct ethtool_coalesce *ec) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49308,7 +47220,7 @@ index 8909f2b..719e767 100644 unsigned int riwt; DBGPR("-->xgbe_get_coalesce\n"); -@@ -410,7 +410,7 @@ static int xgbe_set_coalesce(struct net_device *netdev, +@@ -401,7 +401,7 @@ static int xgbe_set_coalesce(struct net_device *netdev, struct ethtool_coalesce *ec) { struct xgbe_prv_data *pdata = netdev_priv(netdev); @@ -49318,7 +47230,7 @@ index 8909f2b..719e767 100644 unsigned int tx_frames, tx_usecs; diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-main.c b/drivers/net/ethernet/amd/xgbe/xgbe-main.c -index 5a1891f..1b7888e 100644 +index bdf9cfa..340aea1 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-main.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-main.c @@ -210,12 +210,6 @@ static void xgbe_default_config(struct xgbe_prv_data *pdata) @@ -49334,7 +47246,7 @@ index 5a1891f..1b7888e 100644 static int xgbe_probe(struct platform_device *pdev) { struct xgbe_prv_data *pdata; -@@ -306,9 +300,8 @@ static int xgbe_probe(struct platform_device *pdev) +@@ -328,9 +322,8 @@ static int xgbe_probe(struct platform_device *pdev) netdev->base_addr = (unsigned long)pdata->xgmac_regs; /* Set all the function pointers */ @@ -49347,10 +47259,10 @@ index 5a1891f..1b7888e 100644 /* Issue software reset to device */ hw_if->exit(pdata); diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c -index ea7a5d6..d10a742 100644 +index 6d2221e..47d1325 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c +++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c -@@ -128,7 +128,7 @@ +@@ -127,7 +127,7 @@ static int xgbe_mdio_read(struct mii_bus *mii, int prtad, int mmd_reg) { struct xgbe_prv_data *pdata = mii->priv; @@ -49359,7 +47271,7 @@ index ea7a5d6..d10a742 100644 int mmd_data; DBGPR_MDIO("-->xgbe_mdio_read: prtad=%#x mmd_reg=%#x\n", -@@ -145,7 +145,7 @@ static int xgbe_mdio_write(struct mii_bus *mii, int prtad, int mmd_reg, +@@ -144,7 +144,7 @@ static int xgbe_mdio_write(struct mii_bus *mii, int prtad, int mmd_reg, u16 mmd_val) { struct xgbe_prv_data *pdata = mii->priv; @@ -49368,20 +47280,33 @@ index ea7a5d6..d10a742 100644 int mmd_data = mmd_val; DBGPR_MDIO("-->xgbe_mdio_write: prtad=%#x mmd_reg=%#x mmd_data=%#x\n", -@@ -161,7 +161,7 @@ static int xgbe_mdio_write(struct mii_bus *mii, int prtad, int mmd_reg, - static void xgbe_adjust_link(struct net_device *netdev) - { - struct xgbe_prv_data *pdata = netdev_priv(netdev); -- struct xgbe_hw_if *hw_if = &pdata->hw_if; -+ struct xgbe_hw_if *hw_if = pdata->hw_if; - struct phy_device *phydev = pdata->phydev; - unsigned long flags; - int new_state = 0; +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c b/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c +index 37e64cf..c3b61cf 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-ptp.c +@@ -130,7 +130,7 @@ static cycle_t xgbe_cc_read(const struct cyclecounter *cc) + tstamp_cc); + u64 nsec; + +- nsec = pdata->hw_if.get_tstamp_time(pdata); ++ nsec = pdata->hw_if->get_tstamp_time(pdata); + + return nsec; + } +@@ -159,7 +159,7 @@ static int xgbe_adjfreq(struct ptp_clock_info *info, s32 delta) + + spin_lock_irqsave(&pdata->tstamp_lock, flags); + +- pdata->hw_if.update_tstamp_addend(pdata, addend); ++ pdata->hw_if->update_tstamp_addend(pdata, addend); + + spin_unlock_irqrestore(&pdata->tstamp_lock, flags); + diff --git a/drivers/net/ethernet/amd/xgbe/xgbe.h b/drivers/net/ethernet/amd/xgbe/xgbe.h -index ab06271..a560fa7 100644 +index e9fe6e6..875fbaf 100644 --- a/drivers/net/ethernet/amd/xgbe/xgbe.h +++ b/drivers/net/ethernet/amd/xgbe/xgbe.h -@@ -527,8 +527,8 @@ struct xgbe_prv_data { +@@ -585,8 +585,8 @@ struct xgbe_prv_data { int irq_number; @@ -49390,9 +47315,9 @@ index ab06271..a560fa7 100644 + const struct xgbe_hw_if *hw_if; + const struct xgbe_desc_if *desc_if; - /* Rings for Tx/Rx on a DMA channel */ - struct xgbe_channel *channel; -@@ -611,6 +611,9 @@ struct xgbe_prv_data { + /* AXI DMA settings */ + unsigned int axdomain; +@@ -699,6 +699,9 @@ struct xgbe_prv_data { #endif }; @@ -49455,7 +47380,7 @@ index 718ecd2..2183b2f 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 461acca..2b546ba 100644 +index 31c9f82..e65e986 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -150,6 +150,7 @@ @@ -49485,6 +47410,26 @@ index 13f9636..228040f 100644 }; static void bna_attr_init(struct bna_ioceth *ioceth) +diff --git a/drivers/net/ethernet/brocade/bna/bnad.c b/drivers/net/ethernet/brocade/bna/bnad.c +index ffc92a4..40edc77 100644 +--- a/drivers/net/ethernet/brocade/bna/bnad.c ++++ b/drivers/net/ethernet/brocade/bna/bnad.c +@@ -552,6 +552,7 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + len = (vec == nvecs) ? + last_fraglen : unmap->vector.len; ++ skb->truesize += unmap->vector.len; + totlen += len; + + skb_fill_page_desc(skb, skb_shinfo(skb)->nr_frags, +@@ -563,7 +564,6 @@ bnad_cq_setup_skb_frags(struct bna_rcb *rcb, struct sk_buff *skb, + + skb->len += totlen; + skb->data_len += totlen; +- skb->truesize += totlen; + } + + static inline void diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h index 8cffcdf..aadf043 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -49499,10 +47444,10 @@ index 8cffcdf..aadf043 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c -index a83271c..cf00874 100644 +index e5be511..16cb55c 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c -@@ -2174,7 +2174,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs, +@@ -2355,7 +2355,7 @@ static void get_regs(struct net_device *dev, struct ethtool_regs *regs, int i; struct adapter *ap = netdev2adap(dev); @@ -49512,10 +47457,10 @@ index a83271c..cf00874 100644 if (is_t4(ap->params.chip)) { diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index c05b66d..ed69872 100644 +index cf8b6ff..274271e 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5387,7 +5387,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) for (i=0; i<ETH_ALEN; i++) { tmp.addr[i] = dev->dev_addr[i]; } @@ -49524,7 +47469,7 @@ index c05b66d..ed69872 100644 break; case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5428,7 +5428,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5427,7 +5427,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) spin_lock_irqsave(&lp->lock, flags); memcpy(&statbuf, &lp->pktStats, ioc->len); spin_unlock_irqrestore(&lp->lock, flags); @@ -49534,7 +47479,7 @@ index c05b66d..ed69872 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 1e187fb..d024547 100644 +index 93ff8ef..01e0537 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -533,7 +533,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -49573,7 +47518,7 @@ index 4ff1adc..0ea6bf4 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/intel/i40e/i40e_ptp.c b/drivers/net/ethernet/intel/i40e/i40e_ptp.c -index 101f439..59e7ec6 100644 +index 537b621..07f87ce 100644 --- a/drivers/net/ethernet/intel/i40e/i40e_ptp.c +++ b/drivers/net/ethernet/intel/i40e/i40e_ptp.c @@ -401,7 +401,7 @@ void i40e_ptp_set_increment(struct i40e_pf *pf) @@ -49586,10 +47531,10 @@ index 101f439..59e7ec6 100644 } diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -index 68f87ec..241dbe3 100644 +index 5fd4b52..87aa34b 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -@@ -792,7 +792,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) +@@ -794,7 +794,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) } /* update the base incval used to calculate frequency adjustment */ @@ -49598,6 +47543,20 @@ index 68f87ec..241dbe3 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index c14d4d8..66da603 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -1259,6 +1259,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) + struct ixgbe_hw *hw = &adapter->hw; + u32 regval; + ++ if (vf >= adapter->num_vfs) ++ return -EINVAL; ++ + adapter->vfinfo[vf].spoofchk_enabled = setting; + + regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index 2bbd01f..e8baa64 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -49623,47 +47582,11 @@ index 2bbd01f..e8baa64 100644 fifo->mempool = __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, -diff --git a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c -index 73e6683..464e910 100644 ---- a/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c -+++ b/drivers/net/ethernet/oki-semi/pch_gbe/pch_gbe_main.c -@@ -120,6 +120,10 @@ static void pch_gbe_mdio_write(struct net_device *netdev, int addr, int reg, - int data); - static void pch_gbe_set_multi(struct net_device *netdev); - -+static struct sock_filter ptp_filter[] = { -+ PTP_FILTER -+}; -+ - static int pch_ptp_match(struct sk_buff *skb, u16 uid_hi, u32 uid_lo, u16 seqid) - { - u8 *data = skb->data; -@@ -127,7 +131,7 @@ static int pch_ptp_match(struct sk_buff *skb, u16 uid_hi, u32 uid_lo, u16 seqid) - u16 *hi, *id; - u32 lo; - -- if (ptp_classify_raw(skb) == PTP_CLASS_NONE) -+ if (sk_run_filter(skb, ptp_filter) == PTP_CLASS_NONE) - return 0; - - offset = ETH_HLEN + IPV4_HLEN(data) + UDP_HLEN; -@@ -2631,6 +2635,11 @@ static int pch_gbe_probe(struct pci_dev *pdev, - - adapter->ptp_pdev = pci_get_bus_and_slot(adapter->pdev->bus->number, - PCI_DEVFN(12, 4)); -+ if (ptp_filter_init(ptp_filter, ARRAY_SIZE(ptp_filter))) { -+ dev_err(&pdev->dev, "Bad ptp filter\n"); -+ ret = -EINVAL; -+ goto err_free_netdev; -+ } - - netdev->netdev_ops = &pch_gbe_netdev_ops; - netdev->watchdog_timeo = PCH_GBE_WATCHDOG_PERIOD; diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -index f33559b..c7f50ac 100644 +index 3172cdf..d01ab34 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c -@@ -2176,7 +2176,9 @@ int qlcnic_83xx_configure_opmode(struct qlcnic_adapter *adapter) +@@ -2190,7 +2190,9 @@ int qlcnic_83xx_configure_opmode(struct qlcnic_adapter *adapter) max_tx_rings = QLCNIC_MAX_VNIC_TX_RINGS; } else if (ret == QLC_83XX_DEFAULT_OPMODE) { ahw->nic_mode = QLCNIC_DEFAULT_MODE; @@ -49706,10 +47629,10 @@ index be7d7a6..a8983f8 100644 default: dev_err(&adapter->pdev->dev, "Invalid Virtual NIC opmode\n"); diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c -index e46fc39..abe135b 100644 +index c9f57fb..208bdc1 100644 --- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c +++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_minidump.c -@@ -1228,7 +1228,7 @@ flash_temp: +@@ -1285,7 +1285,7 @@ flash_temp: int qlcnic_dump_fw(struct qlcnic_adapter *adapter) { struct qlcnic_fw_dump *fw_dump = &adapter->ahw->fw_dump; @@ -49719,10 +47642,10 @@ index e46fc39..abe135b 100644 u32 entry_offset, dump, no_entries, buf_offset = 0; int i, k, ops_cnt, ops_index, dump_size = 0; diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 61623e9..ac97c27 100644 +index 0921302..927f761 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -759,22 +759,22 @@ struct rtl8169_private { +@@ -744,22 +744,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -49763,7 +47686,7 @@ index 6b861e3..204ac86 100644 MC_CMD_PTP_IN_SYNCHRONIZE_LEN); EFX_BUG_ON_PARANOID(rc); diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -index 50617c5..b13724c 100644 +index 08c483b..2c4a553 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c @@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) @@ -49777,169 +47700,21 @@ index 50617c5..b13724c 100644 } /* To mask all all interrupts.*/ -diff --git a/drivers/net/ethernet/ti/cpts.c b/drivers/net/ethernet/ti/cpts.c -index 6b56f85..50e285f 100644 ---- a/drivers/net/ethernet/ti/cpts.c -+++ b/drivers/net/ethernet/ti/cpts.c -@@ -33,6 +33,10 @@ - - #ifdef CONFIG_TI_CPTS - -+static struct sock_filter ptp_filter[] = { -+ PTP_FILTER -+}; -+ - #define cpts_read32(c, r) __raw_readl(&c->reg->r) - #define cpts_write32(c, v, r) __raw_writel(v, &c->reg->r) - -@@ -296,7 +300,7 @@ static u64 cpts_find_ts(struct cpts *cpts, struct sk_buff *skb, int ev_type) - u64 ns = 0; - struct cpts_event *event; - struct list_head *this, *next; -- unsigned int class = ptp_classify_raw(skb); -+ unsigned int class = sk_run_filter(skb, ptp_filter); - unsigned long flags; - u16 seqid; - u8 mtype; -@@ -367,6 +371,10 @@ int cpts_register(struct device *dev, struct cpts *cpts, - int err, i; - unsigned long flags; - -+ if (ptp_filter_init(ptp_filter, ARRAY_SIZE(ptp_filter))) { -+ pr_err("cpts: bad ptp filter\n"); -+ return -EINVAL; -+ } - cpts->info = cpts_info; - cpts->clock = ptp_clock_register(&cpts->info, dev); - if (IS_ERR(cpts->clock)) { -diff --git a/drivers/net/ethernet/xscale/Kconfig b/drivers/net/ethernet/xscale/Kconfig -index b81bc9f..3f43101 100644 ---- a/drivers/net/ethernet/xscale/Kconfig -+++ b/drivers/net/ethernet/xscale/Kconfig -@@ -23,7 +23,6 @@ config IXP4XX_ETH - tristate "Intel IXP4xx Ethernet support" - depends on ARM && ARCH_IXP4XX && IXP4XX_NPE && IXP4XX_QMGR - select PHYLIB -- select NET_PTP_CLASSIFY - ---help--- - Say Y here if you want to use built-in Ethernet ports - on IXP4xx processor. -diff --git a/drivers/net/ethernet/xscale/ixp4xx_eth.c b/drivers/net/ethernet/xscale/ixp4xx_eth.c -index f7e0f0f..25283f1 100644 ---- a/drivers/net/ethernet/xscale/ixp4xx_eth.c -+++ b/drivers/net/ethernet/xscale/ixp4xx_eth.c -@@ -256,6 +256,10 @@ static int ports_open; - static struct port *npe_port_tab[MAX_NPES]; - static struct dma_pool *dma_pool; - -+static struct sock_filter ptp_filter[] = { -+ PTP_FILTER -+}; -+ - static int ixp_ptp_match(struct sk_buff *skb, u16 uid_hi, u32 uid_lo, u16 seqid) - { - u8 *data = skb->data; -@@ -263,7 +267,7 @@ static int ixp_ptp_match(struct sk_buff *skb, u16 uid_hi, u32 uid_lo, u16 seqid) - u16 *hi, *id; - u32 lo; - -- if (ptp_classify_raw(skb) != PTP_CLASS_V1_IPV4) -+ if (sk_run_filter(skb, ptp_filter) != PTP_CLASS_V1_IPV4) - return 0; - - offset = ETH_HLEN + IPV4_HLEN(data) + UDP_HLEN; -@@ -1409,6 +1413,11 @@ static int eth_init_one(struct platform_device *pdev) - char phy_id[MII_BUS_ID_SIZE + 3]; - int err; - -+ if (ptp_filter_init(ptp_filter, ARRAY_SIZE(ptp_filter))) { -+ pr_err("ixp4xx_eth: bad ptp filter\n"); -+ return -EINVAL; -+ } -+ - if (!(dev = alloc_etherdev(sizeof(struct port)))) - return -ENOMEM; - diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index 6cc37c1..fdd9d77 100644 +index d5e07de..e3bf20a 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h -@@ -170,7 +170,7 @@ struct rndis_device { - +@@ -171,7 +171,7 @@ struct rndis_device { enum rndis_device_state state; bool link_state; + bool link_change; - atomic_t new_req_id; + atomic_unchecked_t new_req_id; spinlock_t request_lock; struct list_head req_list; -diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c -index d97d5f3..7edf976 100644 ---- a/drivers/net/hyperv/netvsc.c -+++ b/drivers/net/hyperv/netvsc.c -@@ -708,6 +708,7 @@ int netvsc_send(struct hv_device *device, - unsigned int section_index = NETVSC_INVALID_INDEX; - u32 msg_size = 0; - struct sk_buff *skb; -+ u16 q_idx = packet->q_idx; - - - net_device = get_outbound_net_device(device); -@@ -772,24 +773,24 @@ int netvsc_send(struct hv_device *device, - - if (ret == 0) { - atomic_inc(&net_device->num_outstanding_sends); -- atomic_inc(&net_device->queue_sends[packet->q_idx]); -+ atomic_inc(&net_device->queue_sends[q_idx]); - - if (hv_ringbuf_avail_percent(&out_channel->outbound) < - RING_AVAIL_PERCENT_LOWATER) { - netif_tx_stop_queue(netdev_get_tx_queue( -- ndev, packet->q_idx)); -+ ndev, q_idx)); - - if (atomic_read(&net_device-> -- queue_sends[packet->q_idx]) < 1) -+ queue_sends[q_idx]) < 1) - netif_tx_wake_queue(netdev_get_tx_queue( -- ndev, packet->q_idx)); -+ ndev, q_idx)); - } - } else if (ret == -EAGAIN) { - netif_tx_stop_queue(netdev_get_tx_queue( -- ndev, packet->q_idx)); -- if (atomic_read(&net_device->queue_sends[packet->q_idx]) < 1) { -+ ndev, q_idx)); -+ if (atomic_read(&net_device->queue_sends[q_idx]) < 1) { - netif_tx_wake_queue(netdev_get_tx_queue( -- ndev, packet->q_idx)); -+ ndev, q_idx)); - ret = -ENOSPC; - } - } else { -diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c -index 4fd71b7..f152972 100644 ---- a/drivers/net/hyperv/netvsc_drv.c -+++ b/drivers/net/hyperv/netvsc_drv.c -@@ -387,6 +387,7 @@ static int netvsc_start_xmit(struct sk_buff *skb, struct net_device *net) - int hdr_offset; - u32 net_trans_info; - u32 hash; -+ u32 skb_length = skb->len; - - - /* We will atmost need two pages to describe the rndis -@@ -562,7 +563,7 @@ do_send: - - drop: - if (ret == 0) { -- net->stats.tx_bytes += skb->len; -+ net->stats.tx_bytes += skb_length; - net->stats.tx_packets++; - } else { - kfree(packet); diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 99c527a..6a2ce38 100644 +index 2b86f0b..ecc996f 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -102,7 +102,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, @@ -49951,7 +47726,7 @@ index 99c527a..6a2ce38 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -930,7 +930,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -911,7 +911,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -49961,10 +47736,10 @@ index 99c527a..6a2ce38 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 78f18be..1d19c62 100644 +index 9ce854f..e43fa17 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c -@@ -364,7 +364,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) +@@ -365,7 +365,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) phy->transmit_power = 0xbf; dev->netdev_ops = &fake_ops; @@ -49974,7 +47749,7 @@ index 78f18be..1d19c62 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index ef8a5c2..76877d6 100644 +index 726edab..8939092 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -264,7 +264,7 @@ static void macvlan_broadcast_enqueue(struct macvlan_port *port, @@ -49986,7 +47761,7 @@ index ef8a5c2..76877d6 100644 } /* called under rcu_read_lock() from netif_receive_skb */ -@@ -1134,13 +1134,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -1144,13 +1144,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -50009,7 +47784,7 @@ index ef8a5c2..76877d6 100644 return rtnl_link_register(ops); }; -@@ -1220,7 +1222,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1230,7 +1232,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50019,10 +47794,10 @@ index ef8a5c2..76877d6 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 3381c4f..dea5fd5 100644 +index 0c6adaa..0784e3f 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1020,7 +1020,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, +@@ -1018,7 +1018,7 @@ static long macvtap_ioctl(struct file *file, unsigned int cmd, } ret = 0; @@ -50031,7 +47806,7 @@ index 3381c4f..dea5fd5 100644 put_user(q->flags, &ifr->ifr_flags)) ret = -EFAULT; macvtap_put_vlan(vlan); -@@ -1190,7 +1190,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1188,7 +1188,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50040,189 +47815,42 @@ index 3381c4f..dea5fd5 100644 .notifier_call = macvtap_device_event, }; -diff --git a/drivers/net/phy/dp83640.c b/drivers/net/phy/dp83640.c -index 9408157..d53b924 100644 ---- a/drivers/net/phy/dp83640.c -+++ b/drivers/net/phy/dp83640.c -@@ -27,7 +27,6 @@ - #include <linux/module.h> - #include <linux/net_tstamp.h> - #include <linux/netdevice.h> --#include <linux/if_vlan.h> - #include <linux/phy.h> - #include <linux/ptp_classify.h> - #include <linux/ptp_clock_kernel.h> diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index d5b77ef..72ff14b 100644 +index fa0d717..bab8c01 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -143,8 +143,9 @@ struct ppp { - struct sk_buff_head mrq; /* MP: receive reconstruction queue */ - #endif /* CONFIG_PPP_MULTILINK */ - #ifdef CONFIG_PPP_FILTER -- struct sk_filter *pass_filter; /* filter for packets to pass */ -- struct sk_filter *active_filter;/* filter for pkts to reset idle */ -+ struct sock_filter *pass_filter; /* filter for packets to pass */ -+ struct sock_filter *active_filter;/* filter for pkts to reset idle */ -+ unsigned pass_len, active_len; - #endif /* CONFIG_PPP_FILTER */ - struct net *ppp_net; /* the net we belong to */ - struct ppp_link_stats stats64; /* 64 bit network stats */ -@@ -539,7 +540,7 @@ static int get_filter(void __user *arg, struct sock_filter **p) - { - struct sock_fprog uprog; - struct sock_filter *code = NULL; -- int len; -+ int len, err; - - if (copy_from_user(&uprog, arg, sizeof(uprog))) - return -EFAULT; -@@ -554,6 +555,12 @@ static int get_filter(void __user *arg, struct sock_filter **p) - if (IS_ERR(code)) - return PTR_ERR(code); - -+ err = sk_chk_filter(code, uprog.len); -+ if (err) { -+ kfree(code); -+ return err; -+ } -+ - *p = code; - return uprog.len; - } -@@ -748,52 +755,28 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - case PPPIOCSPASS: - { - struct sock_filter *code; -- - err = get_filter(argp, &code); - if (err >= 0) { -- struct sock_fprog_kern fprog = { -- .len = err, -- .filter = code, -- }; -- - ppp_lock(ppp); -- if (ppp->pass_filter) { -- sk_unattached_filter_destroy(ppp->pass_filter); -- ppp->pass_filter = NULL; -- } -- if (fprog.filter != NULL) -- err = sk_unattached_filter_create(&ppp->pass_filter, -- &fprog); -- else -- err = 0; -- kfree(code); -+ kfree(ppp->pass_filter); -+ ppp->pass_filter = code; -+ ppp->pass_len = err; - ppp_unlock(ppp); -+ err = 0; - } - break; - } - case PPPIOCSACTIVE: - { - struct sock_filter *code; -- - err = get_filter(argp, &code); - if (err >= 0) { -- struct sock_fprog_kern fprog = { -- .len = err, -- .filter = code, -- }; -- - ppp_lock(ppp); -- if (ppp->active_filter) { -- sk_unattached_filter_destroy(ppp->active_filter); -- ppp->active_filter = NULL; -- } -- if (fprog.filter != NULL) -- err = sk_unattached_filter_create(&ppp->active_filter, -- &fprog); -- else -- err = 0; -- kfree(code); -+ kfree(ppp->active_filter); -+ ppp->active_filter = code; -+ ppp->active_len = err; - ppp_unlock(ppp); -+ err = 0; - } - break; - } -@@ -1201,7 +1184,7 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) - a four-byte PPP header on each packet */ - *skb_push(skb, 2) = 1; - if (ppp->pass_filter && -- SK_RUN_FILTER(ppp->pass_filter, skb) == 0) { -+ sk_run_filter(skb, ppp->pass_filter) == 0) { - if (ppp->debug & 1) - netdev_printk(KERN_DEBUG, ppp->dev, - "PPP: outbound frame " -@@ -1211,7 +1194,7 @@ ppp_send_frame(struct ppp *ppp, struct sk_buff *skb) +@@ -594,7 +594,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + if (file == ppp->owner) + ppp_shutdown_interface(ppp); } - /* if this packet passes the active filter, record the time */ - if (!(ppp->active_filter && -- SK_RUN_FILTER(ppp->active_filter, skb) == 0)) -+ sk_run_filter(skb, ppp->active_filter) == 0)) - ppp->last_xmit = jiffies; - skb_pull(skb, 2); - #else -@@ -1835,7 +1818,7 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb) - - *skb_push(skb, 2) = 0; - if (ppp->pass_filter && -- SK_RUN_FILTER(ppp->pass_filter, skb) == 0) { -+ sk_run_filter(skb, ppp->pass_filter) == 0) { - if (ppp->debug & 1) - netdev_printk(KERN_DEBUG, ppp->dev, - "PPP: inbound frame " -@@ -1844,7 +1827,7 @@ ppp_receive_nonmp_frame(struct ppp *ppp, struct sk_buff *skb) - return; - } - if (!(ppp->active_filter && -- SK_RUN_FILTER(ppp->active_filter, skb) == 0)) -+ sk_run_filter(skb, ppp->active_filter) == 0)) - ppp->last_recv = jiffies; - __skb_pull(skb, 2); +- if (atomic_long_read(&file->f_count) <= 2) { ++ if (atomic_long_read(&file->f_count) < 2) { + ppp_release(NULL, file); + err = 0; } else -@@ -2689,10 +2672,6 @@ ppp_create_interface(struct net *net, int unit, int *retp) - ppp->minseq = -1; - skb_queue_head_init(&ppp->mrq); - #endif /* CONFIG_PPP_MULTILINK */ --#ifdef CONFIG_PPP_FILTER -- ppp->pass_filter = NULL; -- ppp->active_filter = NULL; --#endif /* CONFIG_PPP_FILTER */ +@@ -1020,7 +1020,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; + struct ppp_stats stats; + struct ppp_comp_stats cstats; +- char *vers; - /* - * drum roll: don't forget to set -@@ -2823,15 +2802,10 @@ static void ppp_destroy_interface(struct ppp *ppp) - skb_queue_purge(&ppp->mrq); - #endif /* CONFIG_PPP_MULTILINK */ - #ifdef CONFIG_PPP_FILTER -- if (ppp->pass_filter) { -- sk_unattached_filter_destroy(ppp->pass_filter); -- ppp->pass_filter = NULL; -- } -- -- if (ppp->active_filter) { -- sk_unattached_filter_destroy(ppp->active_filter); -- ppp->active_filter = NULL; -- } -+ kfree(ppp->pass_filter); -+ ppp->pass_filter = NULL; -+ kfree(ppp->active_filter); -+ ppp->active_filter = NULL; - #endif /* CONFIG_PPP_FILTER */ + switch (cmd) { + case SIOCGPPPSTATS: +@@ -1042,8 +1041,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + break; - kfree_skb(ppp->xmit_pending); + case SIOCGPPPVER: +- vers = PPP_VERSION; +- if (copy_to_user(addr, vers, strlen(vers) + 1)) ++ if (copy_to_user(addr, PPP_VERSION, sizeof(PPP_VERSION))) + break; + err = 0; + break; diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c -index 1252d9c..80e660b 100644 +index 079f7ad..b2a2bfa7 100644 --- a/drivers/net/slip/slhc.c +++ b/drivers/net/slip/slhc.c -@@ -488,7 +488,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) +@@ -487,7 +487,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) register struct tcphdr *thp; register struct iphdr *ip; register struct cstate *cs; @@ -50232,10 +47860,10 @@ index 1252d9c..80e660b 100644 /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index b4958c7..277cb96 100644 +index 1f76c2ea..9681171 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2868,7 +2868,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2862,7 +2862,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50244,61 +47872,11 @@ index b4958c7..277cb96 100644 .notifier_call = team_device_event, }; -diff --git a/drivers/net/team/team_mode_loadbalance.c b/drivers/net/team/team_mode_loadbalance.c -index a58dfeb..dbde341 100644 ---- a/drivers/net/team/team_mode_loadbalance.c -+++ b/drivers/net/team/team_mode_loadbalance.c -@@ -49,7 +49,7 @@ struct lb_port_mapping { - struct lb_priv_ex { - struct team *team; - struct lb_port_mapping tx_hash_to_port_mapping[LB_TX_HASHTABLE_SIZE]; -- struct sock_fprog_kern *orig_fprog; -+ struct sock_fprog *orig_fprog; - struct { - unsigned int refresh_interval; /* in tenths of second */ - struct delayed_work refresh_dw; -@@ -241,15 +241,15 @@ static int lb_bpf_func_get(struct team *team, struct team_gsetter_ctx *ctx) - return 0; - } - --static int __fprog_create(struct sock_fprog_kern **pfprog, u32 data_len, -+static int __fprog_create(struct sock_fprog **pfprog, u32 data_len, - const void *data) - { -- struct sock_fprog_kern *fprog; -+ struct sock_fprog *fprog; - struct sock_filter *filter = (struct sock_filter *) data; - - if (data_len % sizeof(struct sock_filter)) - return -EINVAL; -- fprog = kmalloc(sizeof(*fprog), GFP_KERNEL); -+ fprog = kmalloc(sizeof(struct sock_fprog), GFP_KERNEL); - if (!fprog) - return -ENOMEM; - fprog->filter = kmemdup(filter, data_len, GFP_KERNEL); -@@ -262,7 +262,7 @@ static int __fprog_create(struct sock_fprog_kern **pfprog, u32 data_len, - return 0; - } - --static void __fprog_destroy(struct sock_fprog_kern *fprog) -+static void __fprog_destroy(struct sock_fprog *fprog) - { - kfree(fprog->filter); - kfree(fprog); -@@ -273,7 +273,7 @@ static int lb_bpf_func_set(struct team *team, struct team_gsetter_ctx *ctx) - struct lb_priv *lb_priv = get_lb_priv(team); - struct sk_filter *fp = NULL; - struct sk_filter *orig_fp; -- struct sock_fprog_kern *fprog = NULL; -+ struct sock_fprog *fprog = NULL; - int err; - - if (ctx->data.bin_val.len) { diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 98bad1f..f197d7a 100644 +index acaaf67..a33483d 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1854,7 +1854,7 @@ unlock: +@@ -1855,7 +1855,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -50307,7 +47885,7 @@ index 98bad1f..f197d7a 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1867,6 +1867,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1868,6 +1868,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -50318,7 +47896,7 @@ index 98bad1f..f197d7a 100644 if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index a4272ed..cdd69ff 100644 +index babda7d..e40c90a 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -50330,7 +47908,7 @@ index a4272ed..cdd69ff 100644 #define MOD_AUTHOR "Option Wireless" #define MOD_DESCRIPTION "USB High Speed Option driver" -@@ -1177,7 +1177,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) +@@ -1178,7 +1178,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) struct urb *urb; urb = serial->rx_urb[0]; @@ -50339,7 +47917,7 @@ index a4272ed..cdd69ff 100644 count = put_rxbuf_data(urb, serial); if (count == -1) return; -@@ -1215,7 +1215,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) +@@ -1216,7 +1216,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) DUMP1(urb->transfer_buffer, urb->actual_length); /* Anyone listening? */ @@ -50348,7 +47926,7 @@ index a4272ed..cdd69ff 100644 return; if (serial->parent->port_spec & HSO_INFO_CRC_BUG) -@@ -1277,8 +1277,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) +@@ -1278,8 +1278,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) tty_port_tty_set(&serial->port, tty); /* check for port already opened, if not set the termios */ @@ -50358,7 +47936,7 @@ index a4272ed..cdd69ff 100644 serial->rx_state = RX_IDLE; /* Force default termio settings */ _hso_serial_set_termios(tty, NULL); -@@ -1288,7 +1287,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) +@@ -1289,7 +1288,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) result = hso_start_serial_device(serial->parent, GFP_KERNEL); if (result) { hso_stop_serial_device(serial->parent); @@ -50367,7 +47945,7 @@ index a4272ed..cdd69ff 100644 kref_put(&serial->parent->ref, hso_serial_ref_free); } } else { -@@ -1325,10 +1324,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) +@@ -1326,10 +1325,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) /* reset the rts and dtr */ /* do the actual close */ @@ -50381,7 +47959,7 @@ index a4272ed..cdd69ff 100644 tty_port_tty_set(&serial->port, NULL); if (!usb_gone) hso_stop_serial_device(serial->parent); -@@ -1403,7 +1402,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) +@@ -1404,7 +1403,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) /* the actual setup */ spin_lock_irqsave(&serial->serial_lock, flags); @@ -50390,7 +47968,7 @@ index a4272ed..cdd69ff 100644 _hso_serial_set_termios(tty, old); else tty->termios = *old; -@@ -1872,7 +1871,7 @@ static void intr_callback(struct urb *urb) +@@ -1873,7 +1872,7 @@ static void intr_callback(struct urb *urb) D1("Pending read interrupt on port %d\n", i); spin_lock(&serial->serial_lock); if (serial->rx_state == RX_IDLE && @@ -50399,7 +47977,7 @@ index a4272ed..cdd69ff 100644 /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3045,7 +3044,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3047,7 +3046,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { @@ -50409,10 +47987,10 @@ index a4272ed..cdd69ff 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c -index 3eab74c..fb6097c 100644 +index 604ef21..d1f49a1 100644 --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c -@@ -567,7 +567,7 @@ struct r8152 { +@@ -575,7 +575,7 @@ struct r8152 { void (*up)(struct r8152 *); void (*down)(struct r8152 *); void (*unload)(struct r8152 *); @@ -50444,10 +48022,10 @@ index a2515887..6d13233 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c -index 7d9f84a..7f690da 100644 +index 59caa06..de191b3 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c -@@ -47,7 +47,7 @@ module_param(gso, bool, 0444); +@@ -48,7 +48,7 @@ module_param(gso, bool, 0444); #define RECEIVE_AVG_WEIGHT 64 /* Minimum alignment for mergeable packet buffers. */ @@ -50457,10 +48035,59 @@ index 7d9f84a..7f690da 100644 #define VIRTNET_DRIVER_VERSION "1.0.0" diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 9f79192..838cf95 100644 +index beb377b..b5bbf08 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -2838,7 +2838,7 @@ nla_put_failure: +@@ -1440,9 +1440,6 @@ static int neigh_reduce(struct net_device *dev, struct sk_buff *skb) + if (!in6_dev) + goto out; + +- if (!pskb_may_pull(skb, skb->len)) +- goto out; +- + iphdr = ipv6_hdr(skb); + saddr = &iphdr->saddr; + daddr = &iphdr->daddr; +@@ -1717,6 +1714,8 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + struct pcpu_sw_netstats *tx_stats, *rx_stats; + union vxlan_addr loopback; + union vxlan_addr *remote_ip = &dst_vxlan->default_dst.remote_ip; ++ struct net_device *dev = skb->dev; ++ int len = skb->len; + + tx_stats = this_cpu_ptr(src_vxlan->dev->tstats); + rx_stats = this_cpu_ptr(dst_vxlan->dev->tstats); +@@ -1740,16 +1739,16 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan, + + u64_stats_update_begin(&tx_stats->syncp); + tx_stats->tx_packets++; +- tx_stats->tx_bytes += skb->len; ++ tx_stats->tx_bytes += len; + u64_stats_update_end(&tx_stats->syncp); + + if (netif_rx(skb) == NET_RX_SUCCESS) { + u64_stats_update_begin(&rx_stats->syncp); + rx_stats->rx_packets++; +- rx_stats->rx_bytes += skb->len; ++ rx_stats->rx_bytes += len; + u64_stats_update_end(&rx_stats->syncp); + } else { +- skb->dev->stats.rx_dropped++; ++ dev->stats.rx_dropped++; + } + } + +@@ -1927,7 +1926,8 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) + return arp_reduce(dev, skb); + #if IS_ENABLED(CONFIG_IPV6) + else if (ntohs(eth->h_proto) == ETH_P_IPV6 && +- skb->len >= sizeof(struct ipv6hdr) + sizeof(struct nd_msg) && ++ pskb_may_pull(skb, sizeof(struct ipv6hdr) ++ + sizeof(struct nd_msg)) && + ipv6_hdr(skb)->nexthdr == IPPROTO_ICMPV6) { + struct nd_msg *msg; + +@@ -2750,7 +2750,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -50469,7 +48096,7 @@ index 9f79192..838cf95 100644 .kind = "vxlan", .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, -@@ -2885,7 +2885,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, +@@ -2797,7 +2797,7 @@ static int vxlan_lowerdev_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -50660,7 +48287,7 @@ index 0b60295..b8bfa5b 100644 if (rd == NULL) { result = -ENOMEM; diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c -index 64747d4..17c4cf3 100644 +index e71a2ce..2268d61 100644 --- a/drivers/net/wireless/airo.c +++ b/drivers/net/wireless/airo.c @@ -7846,7 +7846,7 @@ static int writerids(struct net_device *dev, aironet_ioctl *comp) { @@ -50673,7 +48300,7 @@ index 64747d4..17c4cf3 100644 /* Only super-user can write RIDs */ diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c -index d48776e..373d049 100644 +index da92bfa..5a9001a 100644 --- a/drivers/net/wireless/at76c50x-usb.c +++ b/drivers/net/wireless/at76c50x-usb.c @@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state) @@ -50686,10 +48313,10 @@ index d48776e..373d049 100644 return msecs_to_jiffies((s->poll_timeout[2] << 16) | (s->poll_timeout[1] << 8) diff --git a/drivers/net/wireless/ath/ath10k/htc.c b/drivers/net/wireless/ath/ath10k/htc.c -index e493db4..2c1853a 100644 +index 5fdc40d..3975205 100644 --- a/drivers/net/wireless/ath/ath10k/htc.c +++ b/drivers/net/wireless/ath/ath10k/htc.c -@@ -840,7 +840,10 @@ void ath10k_htc_stop(struct ath10k_htc *htc) +@@ -856,7 +856,10 @@ void ath10k_htc_stop(struct ath10k_htc *htc) /* registered target arrival callback from the HIF layer */ int ath10k_htc_init(struct ath10k *ar) { @@ -50701,7 +48328,7 @@ index e493db4..2c1853a 100644 struct ath10k_htc_ep *ep = NULL; struct ath10k_htc *htc = &ar->htc; -@@ -850,8 +853,6 @@ int ath10k_htc_init(struct ath10k *ar) +@@ -866,8 +869,6 @@ int ath10k_htc_init(struct ath10k *ar) ath10k_htc_reset_endpoint_states(htc); /* setup HIF layer callbacks */ @@ -50731,7 +48358,7 @@ index 4716d33..a688310 100644 /* service connection information */ struct ath10k_htc_svc_conn_req { diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index 741b38d..b7ae41b 100644 +index 59af9f9..5f3564f 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -220,8 +220,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -50786,9 +48413,9 @@ index 741b38d..b7ae41b 100644 - ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) + ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen) | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) - | SM(i->txpower, AR_XmitPower) + | SM(i->txpower, AR_XmitPower0) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) -@@ -289,19 +289,19 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -289,27 +289,27 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable : (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0)); @@ -50813,8 +48440,19 @@ index 741b38d..b7ae41b 100644 | set11nRateFlags(i->rates, 1) | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) + | SM(i->rtscts_rate, AR_RTSCTSRate); + +- ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1); +- ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2); +- ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3); ++ ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower, AR_XmitPower1); ++ ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower, AR_XmitPower2); ++ ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower, AR_XmitPower3); + } + + static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds, diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index 729ffbf..49f50e3 100644 +index 71e38e8..5ac96ca 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -39,47 +39,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -50904,9 +48542,9 @@ index 729ffbf..49f50e3 100644 - ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen) + ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen) | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0) - | SM(i->txpower, AR_XmitPower) + | SM(i->txpower, AR_XmitPower0) | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0) -@@ -135,22 +135,22 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) +@@ -135,26 +135,26 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S; ctl12 |= SM(val, AR_PAPRDChainMask); @@ -50932,11 +48570,18 @@ index 729ffbf..49f50e3 100644 - ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding; + ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding; + +- ACCESS_ONCE(ads->ctl20) = SM(i->txpower, AR_XmitPower1); +- ACCESS_ONCE(ads->ctl21) = SM(i->txpower, AR_XmitPower2); +- ACCESS_ONCE(ads->ctl22) = SM(i->txpower, AR_XmitPower3); ++ ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower, AR_XmitPower1); ++ ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower, AR_XmitPower2); ++ ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower, AR_XmitPower3); } static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 0acd4b5..0591c91 100644 +index 51b4ebe..d1929dd 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h @@ -629,7 +629,7 @@ struct ath_hw_private_ops { @@ -50957,6 +48602,39 @@ index 0acd4b5..0591c91 100644 struct ath_nf_limits { s16 max; +diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c +index 4b148bb..ac738fa 100644 +--- a/drivers/net/wireless/ath/ath9k/main.c ++++ b/drivers/net/wireless/ath/ath9k/main.c +@@ -2592,16 +2592,18 @@ void ath9k_fill_chanctx_ops(void) + if (!ath9k_use_chanctx) + return; + +- ath9k_ops.hw_scan = ath9k_hw_scan; +- ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan; +- ath9k_ops.remain_on_channel = ath9k_remain_on_channel; +- ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel; +- ath9k_ops.add_chanctx = ath9k_add_chanctx; +- ath9k_ops.remove_chanctx = ath9k_remove_chanctx; +- ath9k_ops.change_chanctx = ath9k_change_chanctx; +- ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx; +- ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; +- ath9k_ops.mgd_prepare_tx = ath9k_chanctx_force_active; ++ pax_open_kernel(); ++ *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan; ++ *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan; ++ *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel; ++ *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel; ++ *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx; ++ *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx; ++ *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx; ++ *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx; ++ *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx; ++ *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_chanctx_force_active; ++ pax_close_kernel(); + } + + struct ieee80211_ops ath9k_ops = { diff --git a/drivers/net/wireless/b43/phy_lp.c b/drivers/net/wireless/b43/phy_lp.c index 92190da..f3a4c4c 100644 --- a/drivers/net/wireless/b43/phy_lp.c @@ -51122,10 +48800,10 @@ index 0ffb6ff..c0b7f0e 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 788085b..0bc852a 100644 +index 06e04aa..d5e1f0d 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1598,7 +1598,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1684,7 +1684,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -51134,7 +48812,7 @@ index 788085b..0bc852a 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1619,7 +1619,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1705,7 +1705,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -51144,10 +48822,10 @@ index 788085b..0bc852a 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index a312c65..162b13a 100644 +index 1326f61..9e56010f 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -2573,20 +2573,20 @@ static int __init init_mac80211_hwsim(void) +@@ -2575,20 +2575,20 @@ static int __init init_mac80211_hwsim(void) if (channels < 1) return -EINVAL; @@ -51209,7 +48887,7 @@ index d13f25c..2573994 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 5642ccc..01f03eb 100644 +index 8e68f87..c35ba29 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c @@ -250,9 +250,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, @@ -51251,7 +48929,7 @@ index b661f896..ddf7d2b 100644 wl1251_info("using SDIO interrupt"); } diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c -index d50dfac..0a6f5be3 100644 +index 0bccf12..3d95068 100644 --- a/drivers/net/wireless/ti/wl12xx/main.c +++ b/drivers/net/wireless/ti/wl12xx/main.c @@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) @@ -51277,10 +48955,10 @@ index d50dfac..0a6f5be3 100644 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c -index de5b4fa..7996ec6 100644 +index 7af1936..128bb35 100644 --- a/drivers/net/wireless/ti/wl18xx/main.c +++ b/drivers/net/wireless/ti/wl18xx/main.c -@@ -1900,8 +1900,10 @@ static int wl18xx_setup(struct wl1271 *wl) +@@ -1916,8 +1916,10 @@ static int wl18xx_setup(struct wl1271 *wl) } if (!checksum_param) { @@ -51625,7 +49303,7 @@ index 56d8486..f26113f 100644 mutex_lock(&pci_hp_mutex); /* diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c -index a2297db..7c7d161 100644 +index 07aa722..84514b4 100644 --- a/drivers/pci/hotplug/pciehp_core.c +++ b/drivers/pci/hotplug/pciehp_core.c @@ -92,7 +92,7 @@ static int init_slot(struct controller *ctrl) @@ -51638,10 +49316,10 @@ index a2297db..7c7d161 100644 int retval = -ENOMEM; diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c -index 13f3d30..363cb44 100644 +index 5a40516..136d5a7 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c -@@ -523,8 +523,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) +@@ -507,8 +507,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) { struct attribute **msi_attrs; struct attribute *msi_attr; @@ -51652,7 +49330,7 @@ index 13f3d30..363cb44 100644 const struct attribute_group **msi_irq_groups; struct msi_desc *entry; int ret = -ENOMEM; -@@ -584,7 +584,7 @@ error_attrs: +@@ -568,7 +568,7 @@ error_attrs: count = 0; msi_attr = msi_attrs[count]; while (msi_attr) { @@ -51757,10 +49435,10 @@ index 3f155e7..0f4b1f0 100644 &proc_bus_pci_dev_operations); proc_initialized = 1; diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c -index 7f1a2e2..bc4b405 100644 +index d866db8..c827d1f 100644 --- a/drivers/platform/chrome/chromeos_laptop.c +++ b/drivers/platform/chrome/chromeos_laptop.c -@@ -395,7 +395,7 @@ static struct chromeos_laptop cr48 = { +@@ -479,7 +479,7 @@ static struct chromeos_laptop cr48 = { .callback = chromeos_laptop_dmi_matched, \ .driver_data = (void *)&board_ @@ -51770,10 +49448,10 @@ index 7f1a2e2..bc4b405 100644 .ident = "Samsung Series 5 550", .matches = { diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c -index 297b664..ab91e39 100644 +index c5af23b..3d62d5e 100644 --- a/drivers/platform/x86/alienware-wmi.c +++ b/drivers/platform/x86/alienware-wmi.c -@@ -133,7 +133,7 @@ struct wmax_led_args { +@@ -150,7 +150,7 @@ struct wmax_led_args { } __packed; static struct platform_device *platform_device; @@ -51782,7 +49460,7 @@ index 297b664..ab91e39 100644 static struct attribute **zone_attrs; static struct platform_zone *zone_data; -@@ -144,7 +144,7 @@ static struct platform_driver platform_driver = { +@@ -161,7 +161,7 @@ static struct platform_driver platform_driver = { } }; @@ -51792,10 +49470,10 @@ index 297b664..ab91e39 100644 }; diff --git a/drivers/platform/x86/asus-wmi.c b/drivers/platform/x86/asus-wmi.c -index 3c6cced..12e0771 100644 +index 21fc932..ee9394a 100644 --- a/drivers/platform/x86/asus-wmi.c +++ b/drivers/platform/x86/asus-wmi.c -@@ -1592,6 +1592,10 @@ static int show_dsts(struct seq_file *m, void *data) +@@ -1590,6 +1590,10 @@ static int show_dsts(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -51806,7 +49484,7 @@ index 3c6cced..12e0771 100644 err = asus_wmi_get_devstate(asus, asus->debug.dev_id, &retval); if (err < 0) -@@ -1608,6 +1612,10 @@ static int show_devs(struct seq_file *m, void *data) +@@ -1606,6 +1610,10 @@ static int show_devs(struct seq_file *m, void *data) int err; u32 retval = -1; @@ -51817,7 +49495,7 @@ index 3c6cced..12e0771 100644 err = asus_wmi_set_devstate(asus->debug.dev_id, asus->debug.ctrl_param, &retval); -@@ -1632,6 +1640,10 @@ static int show_call(struct seq_file *m, void *data) +@@ -1630,6 +1638,10 @@ static int show_call(struct seq_file *m, void *data) union acpi_object *obj; acpi_status status; @@ -51867,7 +49545,7 @@ index 70222f2..8c8ce66 100644 acpi_status status; diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c -index 9c5a074..06c976a 100644 +index 26ad9ff..7c52909 100644 --- a/drivers/platform/x86/sony-laptop.c +++ b/drivers/platform/x86/sony-laptop.c @@ -2527,7 +2527,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd) @@ -51925,7 +49603,7 @@ index 9c5a074..06c976a 100644 static ssize_t sony_nc_smart_conn_store(struct device *dev, struct device_attribute *attr, diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index d82f196..5458f34 100644 +index 3bbc6eb..7760460 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -52054,7 +49732,7 @@ index cc439fd..8fa30df 100644 #endif /* CONFIG_SYSFS */ diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c -index 5a5a24e..f7a3754 100644 +index 078afd6..fbac9da 100644 --- a/drivers/power/power_supply_core.c +++ b/drivers/power/power_supply_core.c @@ -28,7 +28,10 @@ EXPORT_SYMBOL_GPL(power_supply_class); @@ -52069,7 +49747,7 @@ index 5a5a24e..f7a3754 100644 static bool __power_supply_is_supplied_by(struct power_supply *supplier, struct power_supply *supply) -@@ -639,7 +642,7 @@ static int __init power_supply_class_init(void) +@@ -640,7 +643,7 @@ static int __init power_supply_class_init(void) return PTR_ERR(power_supply_class); power_supply_class->dev_uevent = power_supply_uevent; @@ -52079,10 +49757,10 @@ index 5a5a24e..f7a3754 100644 return 0; } diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c -index 44420d1..967126e 100644 +index 750a202..99c8f4b 100644 --- a/drivers/power/power_supply_sysfs.c +++ b/drivers/power/power_supply_sysfs.c -@@ -230,17 +230,15 @@ static struct attribute_group power_supply_attr_group = { +@@ -234,17 +234,15 @@ static struct attribute_group power_supply_attr_group = { .is_visible = power_supply_attr_is_visible, }; @@ -52291,18 +49969,6 @@ index 84419af..268ede8 100644 power_zone->zone_dev_attrs[count++] = &dev_attr_energy_uj.attr; } -diff --git a/drivers/ptp/Kconfig b/drivers/ptp/Kconfig -index ee3de34..bec7285 100644 ---- a/drivers/ptp/Kconfig -+++ b/drivers/ptp/Kconfig -@@ -8,7 +8,6 @@ config PTP_1588_CLOCK - tristate "PTP clock support" - depends on NET - select PPS -- select NET_PTP_CLASSIFY - help - The IEEE 1588 standard defines a method to precisely - synchronize distributed clocks over Ethernet networks. The diff --git a/drivers/ptp/ptp_private.h b/drivers/ptp/ptp_private.h index 9c5d414..c7900ce 100644 --- a/drivers/ptp/ptp_private.h @@ -52330,10 +49996,10 @@ index 302e626..12579af 100644 da->attr.name = info->pin_config[i].name; da->attr.mode = 0644; diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index 4c1f999..11078c9 100644 +index a3c3785..c901e3a 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3391,7 +3391,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3481,7 +3481,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -52342,7 +50008,7 @@ index 4c1f999..11078c9 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3461,7 +3461,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3551,7 +3551,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.of_node = of_node_get(config->of_node); rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -52484,7 +50150,7 @@ index e693af6..2e525b6 100644 void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); diff --git a/drivers/scsi/bfa/bfa_fcs.c b/drivers/scsi/bfa/bfa_fcs.c -index a3ab5cc..8143622 100644 +index 0f19455..ef7adb5 100644 --- a/drivers/scsi/bfa/bfa_fcs.c +++ b/drivers/scsi/bfa/bfa_fcs.c @@ -38,10 +38,21 @@ struct bfa_fcs_mod_s { @@ -52643,7 +50309,7 @@ index 045c4e1..13de803 100644 error = bus_register(&fcoe_bus_type); if (error) diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c -index 3cbb57a..95e47a3 100644 +index 6de80e3..a11e0ac 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -42,7 +42,7 @@ @@ -52655,7 +50321,7 @@ index 3cbb57a..95e47a3 100644 static void scsi_host_cls_release(struct device *dev) -@@ -369,7 +369,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) +@@ -392,7 +392,7 @@ struct Scsi_Host *scsi_host_alloc(struct scsi_host_template *sht, int privsize) * subtract one because we increment first then return, but we need to * know what the next host number was before increment */ @@ -52665,7 +50331,7 @@ index 3cbb57a..95e47a3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 489e83b..193815b 100644 +index 6b35d0d..2880305 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -701,10 +701,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -52681,7 +50347,7 @@ index 489e83b..193815b 100644 if ((rq->head[rq->current_entry] & 1) == rq->wraparound) { a = rq->head[rq->current_entry]; -@@ -5455,7 +5455,7 @@ static void start_io(struct ctlr_info *h, unsigned long *flags) +@@ -5454,7 +5454,7 @@ static void start_io(struct ctlr_info *h, unsigned long *flags) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -52690,7 +50356,7 @@ index 489e83b..193815b 100644 h->fifo_recently_full = 1; dev_warn(&h->pdev->dev, "fifo full\n"); break; -@@ -5477,7 +5477,7 @@ static void start_io(struct ctlr_info *h, unsigned long *flags) +@@ -5476,7 +5476,7 @@ static void start_io(struct ctlr_info *h, unsigned long *flags) /* Tell the controller execute command */ spin_unlock_irqrestore(&h->lock, *flags); @@ -52699,7 +50365,7 @@ index 489e83b..193815b 100644 spin_lock_irqsave(&h->lock, *flags); } } -@@ -5493,17 +5493,17 @@ static void lock_and_start_io(struct ctlr_info *h) +@@ -5492,17 +5492,17 @@ static void lock_and_start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q) { @@ -52720,7 +50386,7 @@ index 489e83b..193815b 100644 (h->interrupts_enabled == 0); } -@@ -6459,7 +6459,7 @@ static int hpsa_pci_init(struct ctlr_info *h) +@@ -6458,7 +6458,7 @@ static int hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -52729,7 +50395,7 @@ index 489e83b..193815b 100644 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); -@@ -6781,7 +6781,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -6780,7 +6780,7 @@ static void controller_lockup_detected(struct ctlr_info *h) unsigned long flags; u32 lockup_detected; @@ -52738,7 +50404,7 @@ index 489e83b..193815b 100644 spin_lock_irqsave(&h->lock, flags); lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); if (!lockup_detected) { -@@ -7022,7 +7022,7 @@ reinit_after_soft_reset: +@@ -7027,7 +7027,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -52747,7 +50413,7 @@ index 489e83b..193815b 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -7057,7 +7057,7 @@ reinit_after_soft_reset: +@@ -7062,7 +7062,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -52756,7 +50422,7 @@ index 489e83b..193815b 100644 spin_unlock_irqrestore(&h->lock, flags); free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -7076,9 +7076,9 @@ reinit_after_soft_reset: +@@ -7081,9 +7081,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -52768,7 +50434,7 @@ index 489e83b..193815b 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -7104,7 +7104,7 @@ reinit_after_soft_reset: +@@ -7109,7 +7109,7 @@ reinit_after_soft_reset: h->drv_req_rescan = 0; /* Turn the interrupts on so we can service requests */ @@ -52777,7 +50443,7 @@ index 489e83b..193815b 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -7169,7 +7169,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -7174,7 +7174,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -52786,7 +50452,7 @@ index 489e83b..193815b 100644 hpsa_free_irqs_and_disable_msix(h); } -@@ -7287,7 +7287,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) +@@ -7292,7 +7292,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) CFGTBL_Trans_enable_directed_msix | (trans_support & (CFGTBL_Trans_io_accel1 | CFGTBL_Trans_io_accel2)); @@ -52795,7 +50461,7 @@ index 489e83b..193815b 100644 /* This is a bit complicated. There are 8 registers on * the controller which we write to to tell it 8 different -@@ -7329,7 +7329,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) +@@ -7334,7 +7334,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) * perform the superfluous readl() after each command submission. */ if (trans_support & (CFGTBL_Trans_io_accel1 | CFGTBL_Trans_io_accel2)) @@ -52804,7 +50470,7 @@ index 489e83b..193815b 100644 /* Controller spec: zero out this buffer. */ for (i = 0; i < h->nreply_queues; i++) -@@ -7359,12 +7359,12 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) +@@ -7364,12 +7364,12 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 trans_support) * enable outbound interrupt coalescing in accelerator mode; */ if (trans_support & CFGTBL_Trans_io_accel1) { @@ -53176,10 +50842,10 @@ index b0aedce..89c6ca6 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 06f9a5b..82812092 100644 +index a5769a9..718ecc7 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -11296,8 +11296,10 @@ lpfc_init(void) +@@ -11299,8 +11299,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -53193,7 +50859,7 @@ index 06f9a5b..82812092 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 2df11da..e660a2c 100644 +index 7862c55..5aa65df 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -382,7 +382,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -53228,10 +50894,10 @@ index 2df11da..e660a2c 100644 /** diff --git a/drivers/scsi/mpt2sas/mpt2sas_scsih.c b/drivers/scsi/mpt2sas/mpt2sas_scsih.c -index 5055f92..376cd98 100644 +index dd46101..ca80eb9 100644 --- a/drivers/scsi/mpt2sas/mpt2sas_scsih.c +++ b/drivers/scsi/mpt2sas/mpt2sas_scsih.c -@@ -1557,7 +1557,7 @@ _scsih_get_resync(struct device *dev) +@@ -1559,7 +1559,7 @@ _scsih_get_resync(struct device *dev) { struct scsi_device *sdev = to_scsi_device(dev); struct MPT2SAS_ADAPTER *ioc = shost_priv(sdev->host); @@ -53240,7 +50906,7 @@ index 5055f92..376cd98 100644 unsigned long flags; Mpi2RaidVolPage0_t vol_pg0; Mpi2ConfigReply_t mpi_reply; -@@ -1609,7 +1609,7 @@ _scsih_get_state(struct device *dev) +@@ -1611,7 +1611,7 @@ _scsih_get_state(struct device *dev) { struct scsi_device *sdev = to_scsi_device(dev); struct MPT2SAS_ADAPTER *ioc = shost_priv(sdev->host); @@ -53249,16 +50915,16 @@ index 5055f92..376cd98 100644 unsigned long flags; Mpi2RaidVolPage0_t vol_pg0; Mpi2ConfigReply_t mpi_reply; -@@ -6631,7 +6631,7 @@ _scsih_sas_ir_operation_status_event(struct MPT2SAS_ADAPTER *ioc, - struct fw_event_work *fw_event) - { - Mpi2EventDataIrOperationStatus_t *event_data = fw_event->event_data; +@@ -6648,7 +6648,7 @@ _scsih_sas_ir_operation_status_event(struct MPT2SAS_ADAPTER *ioc, + Mpi2EventDataIrOperationStatus_t *event_data = + (Mpi2EventDataIrOperationStatus_t *) + fw_event->event_data; - static struct _raid_device *raid_device; + struct _raid_device *raid_device; unsigned long flags; u16 handle; -@@ -7102,7 +7102,7 @@ _scsih_scan_for_devices_after_reset(struct MPT2SAS_ADAPTER *ioc) +@@ -7119,7 +7119,7 @@ _scsih_scan_for_devices_after_reset(struct MPT2SAS_ADAPTER *ioc) u64 sas_address; struct _sas_device *sas_device; struct _sas_node *expander_device; @@ -53268,7 +50934,7 @@ index 5055f92..376cd98 100644 unsigned long flags; diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index be8ce54..94ed33a 100644 +index 6f3275d..fa5e6b6 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -53397,7 +51063,7 @@ index 16fe519..3b1ec82 100644 .show_host_node_name = 1, .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index d48dea8..0845f78 100644 +index d646540..5b13554 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h @@ -569,8 +569,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); @@ -53412,10 +51078,10 @@ index d48dea8..0845f78 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *, bool); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index d96bfb5..d7afe90 100644 +index be9698d..a328a41 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -1490,8 +1490,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) +@@ -1493,8 +1493,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { /* Ok, a 64bit DMA mask is applicable. */ ha->flags.enable_64bit_addressing = 1; @@ -53442,10 +51108,10 @@ index 8f6d0fb..1b21097 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 3202063..f9f0ff6 100644 +index 199fcf7..3c3a918 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -4494,12 +4494,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -4496,12 +4496,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -53460,7 +51126,7 @@ index 3202063..f9f0ff6 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -6607,7 +6607,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -6609,7 +6609,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -53470,10 +51136,10 @@ index 3202063..f9f0ff6 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 769be4d..371fc61 100644 +index d81f3cc..0093e5b 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c -@@ -648,7 +648,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) +@@ -645,7 +645,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) struct Scsi_Host *host = cmd->device->host; int rtn = 0; @@ -53483,10 +51149,10 @@ index 769be4d..371fc61 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 3f50dfc..86af487 100644 +index aaea4b9..c64408d 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1423,7 +1423,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1581,7 +1581,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -53495,7 +51161,7 @@ index 3f50dfc..86af487 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1449,9 +1449,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1604,9 +1604,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -53508,10 +51174,10 @@ index 3f50dfc..86af487 100644 disposition = scsi_decide_disposition(cmd); if (disposition != SUCCESS && diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index 074e8cc..f612e5c 100644 +index 8b4105a..1f58363 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c -@@ -780,7 +780,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ +@@ -805,7 +805,7 @@ show_iostat_##field(struct device *dev, struct device_attribute *attr, \ char *buf) \ { \ struct scsi_device *sdev = to_scsi_device(dev); \ @@ -53520,24 +51186,11 @@ index 074e8cc..f612e5c 100644 return snprintf(buf, 20, "0x%llx\n", count); \ } \ static DEVICE_ATTR(field, S_IRUGO, show_iostat_##field, NULL) -diff --git a/drivers/scsi/scsi_tgt_lib.c b/drivers/scsi/scsi_tgt_lib.c -index e51add0..1e06a96 100644 ---- a/drivers/scsi/scsi_tgt_lib.c -+++ b/drivers/scsi/scsi_tgt_lib.c -@@ -363,7 +363,7 @@ static int scsi_map_user_pages(struct scsi_tgt_cmd *tcmd, struct scsi_cmnd *cmd, - int err; - - dprintk("%lx %u\n", uaddr, len); -- err = blk_rq_map_user(q, rq, NULL, (void *)uaddr, len, GFP_KERNEL); -+ err = blk_rq_map_user(q, rq, NULL, (void __user *)uaddr, len, GFP_KERNEL); - if (err) { - /* - * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index 521f583..6b15966 100644 +index 5d6f348..18778a6b 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c -@@ -498,7 +498,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, +@@ -501,7 +501,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, * Netlink Infrastructure */ @@ -53546,7 +51199,7 @@ index 521f583..6b15966 100644 /** * fc_get_event_number - Obtain the next sequential FC event number -@@ -511,7 +511,7 @@ static atomic_t fc_event_seq; +@@ -514,7 +514,7 @@ static atomic_t fc_event_seq; u32 fc_get_event_number(void) { @@ -53555,7 +51208,7 @@ index 521f583..6b15966 100644 } EXPORT_SYMBOL(fc_get_event_number); -@@ -655,7 +655,7 @@ static __init int fc_transport_init(void) +@@ -658,7 +658,7 @@ static __init int fc_transport_init(void) { int error; @@ -53564,7 +51217,7 @@ index 521f583..6b15966 100644 error = transport_class_register(&fc_host_class); if (error) -@@ -845,7 +845,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) +@@ -848,7 +848,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val) char *cp; *val = simple_strtoul(buf, &cp, 0); @@ -53574,7 +51227,7 @@ index 521f583..6b15966 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 0102a2d..cc3f8e9 100644 +index 67d43e3..8cee73c 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -53595,7 +51248,7 @@ index 0102a2d..cc3f8e9 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -4511,7 +4511,7 @@ static __init int iscsi_transport_init(void) +@@ -4515,7 +4515,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -53605,11 +51258,11 @@ index 0102a2d..cc3f8e9 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index a0c5bfd..b94db1e 100644 +index ae45bd9..c32a586 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c -@@ -36,7 +36,7 @@ - #include "scsi_transport_srp_internal.h" +@@ -35,7 +35,7 @@ + #include "scsi_priv.h" struct srp_host_attrs { - atomic_t next_port_id; @@ -53617,7 +51270,7 @@ index a0c5bfd..b94db1e 100644 }; #define to_srp_host_attrs(host) ((struct srp_host_attrs *)(host)->shost_data) -@@ -101,7 +101,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, +@@ -100,7 +100,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, struct Scsi_Host *shost = dev_to_shost(dev); struct srp_host_attrs *srp_host = to_srp_host_attrs(shost); @@ -53626,7 +51279,7 @@ index a0c5bfd..b94db1e 100644 return 0; } -@@ -735,7 +735,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -734,7 +734,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, rport_fast_io_fail_timedout); INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout); @@ -53636,10 +51289,10 @@ index a0c5bfd..b94db1e 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index ed2e99e..28cf52b 100644 +index 2c2041c..9d94085 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2959,7 +2959,7 @@ static int sd_probe(struct device *dev) +@@ -3002,7 +3002,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -53649,10 +51302,10 @@ index ed2e99e..28cf52b 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 53268aab..17c2764 100644 +index 01cf888..59e0475 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c -@@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) +@@ -1138,7 +1138,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) sdp->disk->disk_name, MKDEV(SCSI_GENERIC_MAJOR, sdp->index), NULL, @@ -53662,10 +51315,10 @@ index 53268aab..17c2764 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index d4f9670..d37b662 100644 +index ca935df..ae8a3dc 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -2204,7 +2204,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -2210,7 +2210,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -53675,7 +51328,7 @@ index d4f9670..d37b662 100644 static u8 *buf; diff --git a/drivers/staging/android/timed_output.c b/drivers/staging/android/timed_output.c -index c341ac1..bf9799f 100644 +index b41429f..2de5373 100644 --- a/drivers/staging/android/timed_output.c +++ b/drivers/staging/android/timed_output.c @@ -25,7 +25,7 @@ @@ -53687,7 +51340,7 @@ index c341ac1..bf9799f 100644 static ssize_t enable_show(struct device *dev, struct device_attribute *attr, char *buf) -@@ -63,7 +63,7 @@ static int create_timed_output_class(void) +@@ -65,7 +65,7 @@ static int create_timed_output_class(void) timed_output_class = class_create(THIS_MODULE, "timed_output"); if (IS_ERR(timed_output_class)) return PTR_ERR(timed_output_class); @@ -53696,7 +51349,7 @@ index c341ac1..bf9799f 100644 timed_output_class->dev_groups = timed_output_groups; } -@@ -81,7 +81,7 @@ int timed_output_dev_register(struct timed_output_dev *tdev) +@@ -83,7 +83,7 @@ int timed_output_dev_register(struct timed_output_dev *tdev) if (ret < 0) return ret; @@ -53706,7 +51359,7 @@ index c341ac1..bf9799f 100644 MKDEV(0, tdev->index), NULL, "%s", tdev->name); if (IS_ERR(tdev->dev)) diff --git a/drivers/staging/gdm724x/gdm_tty.c b/drivers/staging/gdm724x/gdm_tty.c -index fe47cd3..19a1bd1 100644 +index 001348c..cfaac8a 100644 --- a/drivers/staging/gdm724x/gdm_tty.c +++ b/drivers/staging/gdm724x/gdm_tty.c @@ -44,7 +44,7 @@ @@ -53719,7 +51372,7 @@ index fe47cd3..19a1bd1 100644 static struct tty_driver *gdm_driver[TTY_MAX_COUNT]; static struct gdm *gdm_table[TTY_MAX_COUNT][GDM_TTY_MINOR]; diff --git a/drivers/staging/imx-drm/imx-drm-core.c b/drivers/staging/imx-drm/imx-drm-core.c -index def8280..e3fd96a 100644 +index 6b22106..6c6e641 100644 --- a/drivers/staging/imx-drm/imx-drm-core.c +++ b/drivers/staging/imx-drm/imx-drm-core.c @@ -355,7 +355,7 @@ int imx_drm_add_crtc(struct drm_device *drm, struct drm_crtc *crtc, @@ -53732,7 +51385,7 @@ index def8280..e3fd96a 100644 imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL); diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c -index 3f8020c..649fded 100644 +index bcce919..f30fcf9 100644 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c +++ b/drivers/staging/lustre/lnet/selftest/brw_test.c @@ -488,13 +488,11 @@ brw_server_handle(struct srpc_server_rpc *rpc) @@ -53755,10 +51408,10 @@ index 3f8020c..649fded 100644 srpc_service_t brw_test_service; diff --git a/drivers/staging/lustre/lnet/selftest/framework.c b/drivers/staging/lustre/lnet/selftest/framework.c -index 050723a..fa6fdf1 100644 +index 7e83dff..1f9a545 100644 --- a/drivers/staging/lustre/lnet/selftest/framework.c +++ b/drivers/staging/lustre/lnet/selftest/framework.c -@@ -1635,12 +1635,10 @@ static srpc_service_t sfw_services[] = +@@ -1633,12 +1633,10 @@ static srpc_service_t sfw_services[] = extern sfw_test_client_ops_t ping_test_client; extern srpc_service_t ping_test_service; @@ -53771,7 +51424,7 @@ index 050723a..fa6fdf1 100644 extern void brw_init_test_service(void); -@@ -1684,12 +1682,10 @@ sfw_startup (void) +@@ -1682,12 +1680,10 @@ sfw_startup (void) INIT_LIST_HEAD(&sfw_data.fw_zombie_rpcs); INIT_LIST_HEAD(&sfw_data.fw_zombie_sessions); @@ -53810,7 +51463,7 @@ index 750cac4..e4d751f 100644 srpc_service_t ping_test_service; void ping_init_test_service(void) diff --git a/drivers/staging/lustre/lustre/include/lustre_dlm.h b/drivers/staging/lustre/lustre/include/lustre_dlm.h -index 0c6b784..c64235c 100644 +index 30b1812f..9e5bd0b 100644 --- a/drivers/staging/lustre/lustre/include/lustre_dlm.h +++ b/drivers/staging/lustre/lustre/include/lustre_dlm.h @@ -1141,7 +1141,7 @@ struct ldlm_callback_suite { @@ -53823,10 +51476,10 @@ index 0c6b784..c64235c 100644 /* ldlm_lockd.c */ int ldlm_del_waiting_lock(struct ldlm_lock *lock); diff --git a/drivers/staging/lustre/lustre/include/obd.h b/drivers/staging/lustre/lustre/include/obd.h -index d5c4613..a341678 100644 +index 489bdd3..65058081 100644 --- a/drivers/staging/lustre/lustre/include/obd.h +++ b/drivers/staging/lustre/lustre/include/obd.h -@@ -1439,7 +1439,7 @@ struct md_ops { +@@ -1438,7 +1438,7 @@ struct md_ops { * lprocfs_alloc_md_stats() in obdclass/lprocfs_status.c. Also, add a * wrapper function in include/linux/obd_class.h. */ @@ -53836,51 +51489,51 @@ index d5c4613..a341678 100644 struct lsm_operations { void (*lsm_free)(struct lov_stripe_md *); diff --git a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c -index 986bf38..eab2558f 100644 +index b798daa..b28ca8f 100644 --- a/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c +++ b/drivers/staging/lustre/lustre/ldlm/ldlm_flock.c -@@ -259,7 +259,7 @@ ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags, int first_enq, +@@ -258,7 +258,7 @@ ldlm_process_flock_lock(struct ldlm_lock *req, __u64 *flags, int first_enq, int added = (mode == LCK_NL); int overlaps = 0; int splitted = 0; - const struct ldlm_callback_suite null_cbs = { NULL }; + const struct ldlm_callback_suite null_cbs = { }; - CDEBUG(D_DLMTRACE, "flags %#llx owner "LPU64" pid %u mode %u start " - LPU64" end "LPU64"\n", *flags, + CDEBUG(D_DLMTRACE, "flags %#llx owner %llu pid %u mode %u start %llu end %llu\n", + *flags, new->l_policy_data.l_flock.owner, diff --git a/drivers/staging/lustre/lustre/libcfs/linux/linux-proc.c b/drivers/staging/lustre/lustre/libcfs/linux/linux-proc.c -index e947b91..f408990 100644 +index 13a9266..3439390 100644 --- a/drivers/staging/lustre/lustre/libcfs/linux/linux-proc.c +++ b/drivers/staging/lustre/lustre/libcfs/linux/linux-proc.c -@@ -217,7 +217,7 @@ DECLARE_PROC_HANDLER(proc_debug_mb) - int LL_PROC_PROTO(proc_console_max_delay_cs) +@@ -235,7 +235,7 @@ int proc_console_max_delay_cs(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) { int rc, max_delay_cs; -- ctl_table_t dummy = *table; +- struct ctl_table dummy = *table; + ctl_table_no_const dummy = *table; - cfs_duration_t d; + long d; dummy.data = &max_delay_cs; -@@ -248,7 +248,7 @@ int LL_PROC_PROTO(proc_console_max_delay_cs) - int LL_PROC_PROTO(proc_console_min_delay_cs) +@@ -267,7 +267,7 @@ int proc_console_min_delay_cs(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) { int rc, min_delay_cs; -- ctl_table_t dummy = *table; +- struct ctl_table dummy = *table; + ctl_table_no_const dummy = *table; - cfs_duration_t d; + long d; dummy.data = &min_delay_cs; -@@ -279,7 +279,7 @@ int LL_PROC_PROTO(proc_console_min_delay_cs) - int LL_PROC_PROTO(proc_console_backoff) +@@ -299,7 +299,7 @@ int proc_console_backoff(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) { int rc, backoff; -- ctl_table_t dummy = *table; +- struct ctl_table dummy = *table; + ctl_table_no_const dummy = *table; dummy.data = &backoff; dummy.proc_handler = &proc_dointvec; diff --git a/drivers/staging/lustre/lustre/libcfs/module.c b/drivers/staging/lustre/lustre/libcfs/module.c -index b16ee08..a3db5c6 100644 +index 3396858..c0bd996 100644 --- a/drivers/staging/lustre/lustre/libcfs/module.c +++ b/drivers/staging/lustre/lustre/libcfs/module.c @@ -314,11 +314,11 @@ out: @@ -53901,10 +51554,10 @@ index b16ee08..a3db5c6 100644 extern int insert_proc(void); diff --git a/drivers/staging/lustre/lustre/llite/dir.c b/drivers/staging/lustre/lustre/llite/dir.c -index ae6f61a..03c3d5d 100644 +index efa2faf..03a9836 100644 --- a/drivers/staging/lustre/lustre/llite/dir.c +++ b/drivers/staging/lustre/lustre/llite/dir.c -@@ -660,7 +660,7 @@ int ll_dir_setdirstripe(struct inode *dir, struct lmv_user_md *lump, +@@ -659,7 +659,7 @@ int ll_dir_setdirstripe(struct inode *dir, struct lmv_user_md *lump, int mode; int err; @@ -53913,71 +51566,6 @@ index ae6f61a..03c3d5d 100644 op_data = ll_prep_md_op_data(NULL, dir, NULL, filename, strlen(filename), mode, LUSTRE_OPC_MKDIR, lump); -diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c b/drivers/staging/lustre/lustre/llite/llite_lib.c -index deca27e..22fb433 100644 ---- a/drivers/staging/lustre/lustre/llite/llite_lib.c -+++ b/drivers/staging/lustre/lustre/llite/llite_lib.c -@@ -568,7 +568,7 @@ static int client_common_fill_super(struct super_block *sb, char *md, char *dt, - if (sb->s_root == NULL) { - CERROR("%s: can't make root dentry\n", - ll_get_fsname(sb, NULL, 0)); -- GOTO(out_root, err = -ENOMEM); -+ GOTO(out_lock_cn_cb, err = -ENOMEM); - } - - sbi->ll_sdev_orig = sb->s_dev; -diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c -index f670469..03b7438 100644 ---- a/drivers/staging/media/solo6x10/solo6x10-core.c -+++ b/drivers/staging/media/solo6x10/solo6x10-core.c -@@ -434,7 +434,7 @@ static void solo_device_release(struct device *dev) - - static int solo_sysfs_init(struct solo_dev *solo_dev) - { -- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr; -+ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr; - struct device *dev = &solo_dev->dev; - const char *driver; - int i; -diff --git a/drivers/staging/media/solo6x10/solo6x10-g723.c b/drivers/staging/media/solo6x10/solo6x10-g723.c -index 74f037b..5b5bb76 100644 ---- a/drivers/staging/media/solo6x10/solo6x10-g723.c -+++ b/drivers/staging/media/solo6x10/solo6x10-g723.c -@@ -355,7 +355,7 @@ static int solo_snd_pcm_init(struct solo_dev *solo_dev) - - int solo_g723_init(struct solo_dev *solo_dev) - { -- static struct snd_device_ops ops = { NULL }; -+ static struct snd_device_ops ops = { }; - struct snd_card *card; - struct snd_kcontrol_new kctl; - char name[32]; -diff --git a/drivers/staging/media/solo6x10/solo6x10-p2m.c b/drivers/staging/media/solo6x10/solo6x10-p2m.c -index 7f2f247..d999137 100644 ---- a/drivers/staging/media/solo6x10/solo6x10-p2m.c -+++ b/drivers/staging/media/solo6x10/solo6x10-p2m.c -@@ -77,7 +77,7 @@ int solo_p2m_dma_desc(struct solo_dev *solo_dev, - - /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */ - if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) { -- p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M; -+ p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M; - if (p2m_id < 0) - p2m_id = -p2m_id; - } -diff --git a/drivers/staging/media/solo6x10/solo6x10.h b/drivers/staging/media/solo6x10/solo6x10.h -index 8964f8b..36eb087 100644 ---- a/drivers/staging/media/solo6x10/solo6x10.h -+++ b/drivers/staging/media/solo6x10/solo6x10.h -@@ -237,7 +237,7 @@ struct solo_dev { - - /* P2M DMA Engine */ - struct solo_p2m_dev p2m_dev[SOLO_NR_P2M]; -- atomic_t p2m_count; -+ atomic_unchecked_t p2m_count; - int p2m_jiffies; - unsigned int p2m_timeouts; - diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c index a0f4868..139f1fb 100644 --- a/drivers/staging/octeon/ethernet-rx.c @@ -54011,7 +51599,7 @@ index a0f4868..139f1fb 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index da9dd6b..8e3e0f5 100644 +index 2aa7235..ba3c205 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -247,11 +247,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -54031,31 +51619,18 @@ index da9dd6b..8e3e0f5 100644 } diff --git a/drivers/staging/rtl8188eu/include/hal_intf.h b/drivers/staging/rtl8188eu/include/hal_intf.h -index c59fccd..79f8fc2 100644 +index 56d5c50..a14f4db 100644 --- a/drivers/staging/rtl8188eu/include/hal_intf.h +++ b/drivers/staging/rtl8188eu/include/hal_intf.h -@@ -267,7 +267,7 @@ struct hal_ops { - s32 (*c2h_handler)(struct adapter *padapter, - struct c2h_evt_hdr *c2h_evt); - c2h_id_filter c2h_id_filter_ccx; +@@ -234,7 +234,7 @@ struct hal_ops { + + void (*hal_notch_filter)(struct adapter *adapter, bool enable); + void (*hal_reset_security_engine)(struct adapter *adapter); -}; +} __no_const; enum rt_eeprom_type { EEPROM_93C46, -diff --git a/drivers/staging/rtl8188eu/include/rtw_io.h b/drivers/staging/rtl8188eu/include/rtw_io.h -index e8790f8..b4a5980 100644 ---- a/drivers/staging/rtl8188eu/include/rtw_io.h -+++ b/drivers/staging/rtl8188eu/include/rtw_io.h -@@ -124,7 +124,7 @@ struct _io_ops { - u32 (*_write_scsi)(struct intf_hdl *pintfhdl, u32 cnt, u8 *pmem); - void (*_read_port_cancel)(struct intf_hdl *pintfhdl); - void (*_write_port_cancel)(struct intf_hdl *pintfhdl); --}; -+} __no_const; - - struct io_req { - struct list_head list; diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h index dc23395..cf7e9b1 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -54069,65 +51644,8 @@ index dc23395..cf7e9b1 100644 struct io_req { struct list_head list; -diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h -index a863a98..d272795 100644 ---- a/drivers/staging/usbip/vhci.h -+++ b/drivers/staging/usbip/vhci.h -@@ -83,7 +83,7 @@ struct vhci_hcd { - unsigned resuming:1; - unsigned long re_timeout; - -- atomic_t seqnum; -+ atomic_unchecked_t seqnum; - - /* - * NOTE: -diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index 0007d30..c06a693 100644 ---- a/drivers/staging/usbip/vhci_hcd.c -+++ b/drivers/staging/usbip/vhci_hcd.c -@@ -439,7 +439,7 @@ static void vhci_tx_urb(struct urb *urb) - - spin_lock(&vdev->priv_lock); - -- priv->seqnum = atomic_inc_return(&the_controller->seqnum); -+ priv->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum); - if (priv->seqnum == 0xffff) - dev_info(&urb->dev->dev, "seqnum max\n"); - -@@ -686,7 +686,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) - return -ENOMEM; - } - -- unlink->seqnum = atomic_inc_return(&the_controller->seqnum); -+ unlink->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum); - if (unlink->seqnum == 0xffff) - pr_info("seqnum max\n"); - -@@ -891,7 +891,7 @@ static int vhci_start(struct usb_hcd *hcd) - vdev->rhport = rhport; - } - -- atomic_set(&vhci->seqnum, 0); -+ atomic_set_unchecked(&vhci->seqnum, 0); - spin_lock_init(&vhci->lock); - - hcd->power_budget = 0; /* no limit */ -diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index d07fcb5..358e1e1 100644 ---- a/drivers/staging/usbip/vhci_rx.c -+++ b/drivers/staging/usbip/vhci_rx.c -@@ -80,7 +80,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, - if (!urb) { - pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); - pr_info("max seqnum %d\n", -- atomic_read(&the_controller->seqnum)); -+ atomic_read_unchecked(&the_controller->seqnum)); - usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); - return; - } diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c -index 317c2a8..7876515 100644 +index 164136b..7244df5 100644 --- a/drivers/staging/vt6655/hostap.c +++ b/drivers/staging/vt6655/hostap.c @@ -68,14 +68,13 @@ static int msglevel = MSG_LEVEL_INFO; @@ -54156,16 +51674,6 @@ index 317c2a8..7876515 100644 pDevice->apdev->netdev_ops = &apdev_netdev_ops; pDevice->apdev->type = ARPHRD_IEEE80211; -@@ -350,6 +351,9 @@ static int hostap_set_generic_element(PSDevice pDevice, - { - PSMgmtObject pMgmt = pDevice->pMgmt; - -+ if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE)) -+ return -EINVAL; -+ - memcpy(pMgmt->abyWPAIE, - param->u.generic_elem.data, - param->u.generic_elem.len diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c index e7e9372..161f530 100644 --- a/drivers/target/sbp/sbp_target.c @@ -54253,7 +51761,7 @@ index 4b2b999..cad9fa5 100644 tz->get_temp = NULL; tz->get_trend = NULL; diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index a57bb5a..1f727d33 100644 +index fd66f57..48e6376 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -1570,10 +1570,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) @@ -54553,7 +52061,7 @@ index 7ae6c29..05c6dba 100644 pr_devel("HVSI@%x: Handshaking started\n", pv->termno); diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index 17ee3bf..8d2520d 100644 +index 345cebb..d5a1e9e 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -28,6 +28,7 @@ @@ -54564,10 +52072,10 @@ index 17ee3bf..8d2520d 100644 #include "tty.h" #include "network.h" -@@ -98,10 +99,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) - mutex_unlock(&tty->ipw_tty_mutex); +@@ -93,10 +94,10 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) return -ENODEV; - } + + mutex_lock(&tty->ipw_tty_mutex); - if (tty->port.count == 0) + if (atomic_read(&tty->port.count) == 0) tty->tx_bytes_queued = 0; @@ -54577,7 +52085,7 @@ index 17ee3bf..8d2520d 100644 tty->port.tty = linux_tty; linux_tty->driver_data = tty; -@@ -117,9 +118,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) +@@ -112,9 +113,7 @@ static int ipw_open(struct tty_struct *linux_tty, struct file *filp) static void do_ipw_close(struct ipw_tty *tty) { @@ -54588,7 +52096,7 @@ index 17ee3bf..8d2520d 100644 struct tty_struct *linux_tty = tty->port.tty; if (linux_tty != NULL) { -@@ -140,7 +139,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) +@@ -135,7 +134,7 @@ static void ipw_hangup(struct tty_struct *linux_tty) return; mutex_lock(&tty->ipw_tty_mutex); @@ -54597,7 +52105,7 @@ index 17ee3bf..8d2520d 100644 mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -163,7 +162,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, +@@ -158,7 +157,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, mutex_lock(&tty->ipw_tty_mutex); @@ -54606,7 +52114,7 @@ index 17ee3bf..8d2520d 100644 mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -202,7 +201,7 @@ static int ipw_write(struct tty_struct *linux_tty, +@@ -197,7 +196,7 @@ static int ipw_write(struct tty_struct *linux_tty, return -ENODEV; mutex_lock(&tty->ipw_tty_mutex); @@ -54615,7 +52123,7 @@ index 17ee3bf..8d2520d 100644 mutex_unlock(&tty->ipw_tty_mutex); return -EINVAL; } -@@ -242,7 +241,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) +@@ -237,7 +236,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -54624,7 +52132,7 @@ index 17ee3bf..8d2520d 100644 return -EINVAL; room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; -@@ -284,7 +283,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) +@@ -279,7 +278,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) if (!tty) return 0; @@ -54633,7 +52141,7 @@ index 17ee3bf..8d2520d 100644 return 0; return tty->tx_bytes_queued; -@@ -365,7 +364,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) +@@ -360,7 +359,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -54642,7 +52150,7 @@ index 17ee3bf..8d2520d 100644 return -EINVAL; return get_control_lines(tty); -@@ -381,7 +380,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, +@@ -376,7 +375,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -54651,7 +52159,7 @@ index 17ee3bf..8d2520d 100644 return -EINVAL; return set_control_lines(tty, set, clear); -@@ -395,7 +394,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, +@@ -390,7 +389,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -54660,7 +52168,7 @@ index 17ee3bf..8d2520d 100644 return -EINVAL; /* FIXME: Exactly how is the tty object locked here .. */ -@@ -551,7 +550,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) +@@ -546,7 +545,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) * are gone */ mutex_lock(&ttyj->ipw_tty_mutex); } @@ -54683,7 +52191,7 @@ index 1deaca4..c8582d4 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 2ebe47b..3205833 100644 +index c434376..114ce13 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -54695,7 +52203,7 @@ index 2ebe47b..3205833 100644 kfree(dlci); return NULL; } -@@ -2954,7 +2954,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) +@@ -2958,7 +2958,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) struct gsm_dlci *dlci = tty->driver_data; struct tty_port *port = &dlci->port; @@ -54727,10 +52235,10 @@ index f44f1ba..a8d5915 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 25c9bc7..24077b7 100644 +index 9bbdb1d..dc514ee 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -790,8 +790,10 @@ static void __init unix98_pty_init(void) +@@ -789,8 +789,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -54774,7 +52282,7 @@ index 383c4c7..d408e21 100644 clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); spin_unlock_irqrestore(&info->port.lock, flags); diff --git a/drivers/tty/serial/ioc4_serial.c b/drivers/tty/serial/ioc4_serial.c -index 1274499..f541382 100644 +index aa28209..e08fb85 100644 --- a/drivers/tty/serial/ioc4_serial.c +++ b/drivers/tty/serial/ioc4_serial.c @@ -437,7 +437,7 @@ struct ioc4_soft { @@ -54805,7 +52313,7 @@ index 1274499..f541382 100644 this_mir = this_ir = pending_intrs(soft, intr_type); diff --git a/drivers/tty/serial/kgdb_nmi.c b/drivers/tty/serial/kgdb_nmi.c -index cfadf29..8cf4595 100644 +index 6ec7501..265bcbf 100644 --- a/drivers/tty/serial/kgdb_nmi.c +++ b/drivers/tty/serial/kgdb_nmi.c @@ -51,7 +51,9 @@ static int kgdb_nmi_console_setup(struct console *co, char *options) @@ -54926,10 +52434,10 @@ index a260cde..6b2b5ce 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c -index 72000a6..a190bc4 100644 +index 0da0b54..80ae306 100644 --- a/drivers/tty/serial/msm_serial.c +++ b/drivers/tty/serial/msm_serial.c -@@ -981,7 +981,7 @@ static struct uart_driver msm_uart_driver = { +@@ -989,7 +989,7 @@ static struct uart_driver msm_uart_driver = { .cons = MSM_CONSOLE, }; @@ -54938,7 +52446,7 @@ index 72000a6..a190bc4 100644 static const struct of_device_id msm_uartdm_table[] = { { .compatible = "qcom,msm-uartdm-v1.1", .data = (void *)UARTDM_1P1 }, -@@ -1000,7 +1000,7 @@ static int msm_serial_probe(struct platform_device *pdev) +@@ -1008,7 +1008,7 @@ static int msm_serial_probe(struct platform_device *pdev) int irq; if (pdev->id == -1) @@ -54948,10 +52456,10 @@ index 72000a6..a190bc4 100644 if (unlikely(pdev->id < 0 || pdev->id >= UART_NR)) return -ENXIO; diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index c1d3ebd..f618a93 100644 +index c78f43a..22b1dab 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c -@@ -486,11 +486,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) +@@ -478,11 +478,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) } } @@ -54968,7 +52476,7 @@ index c1d3ebd..f618a93 100644 dbg("s3c24xx_serial_startup: port=%p (%08llx,%p)\n", port, (unsigned long long)port->mapbase, port->membase); -@@ -1164,10 +1169,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1155,10 +1160,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, /* setup info for port */ port->dev = &platdev->dev; @@ -54980,10 +52488,10 @@ index c1d3ebd..f618a93 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index ef2fb36..238d80c 100644 +index 29a7be4..0144e62 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1336,7 +1336,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) +@@ -1343,7 +1343,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) pr_debug("uart_close(%d) called\n", uport ? uport->line : -1); @@ -54992,7 +52500,7 @@ index ef2fb36..238d80c 100644 return; /* -@@ -1463,7 +1463,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1470,7 +1470,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -55001,7 +52509,7 @@ index ef2fb36..238d80c 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1561,7 +1561,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1568,7 +1568,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -55010,7 +52518,7 @@ index ef2fb36..238d80c 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1601,7 +1601,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1600,7 +1600,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -55020,7 +52528,7 @@ index ef2fb36..238d80c 100644 goto end; } diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index d48e040..0f52764 100644 +index b799170..87dafd5 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -3090,7 +3090,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) @@ -55052,7 +52560,7 @@ index d48e040..0f52764 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; -@@ -3297,12 +3297,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3296,10 +3296,10 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready before block on %s count=%d\n", @@ -55060,14 +52568,12 @@ index d48e040..0f52764 100644 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); spin_lock_irqsave(&info->irq_spinlock, flags); - if (!tty_hung_up_p(filp)) { - extra_count = true; -- port->count--; -+ atomic_dec(&port->count); - } +- port->count--; ++ atomic_dec(&port->count); spin_unlock_irqrestore(&info->irq_spinlock, flags); port->blocked_open++; -@@ -3331,7 +3331,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, + +@@ -3327,7 +3327,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready blocking on %s count=%d\n", @@ -55076,10 +52582,10 @@ index d48e040..0f52764 100644 tty_unlock(tty); schedule(); -@@ -3343,12 +3343,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3339,12 +3339,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, /* FIXME: Racy on hangup during close wait */ - if (extra_count) + if (!tty_hung_up_p(filp)) - port->count++; + atomic_inc(&port->count); port->blocked_open--; @@ -55091,7 +52597,7 @@ index d48e040..0f52764 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -3400,7 +3400,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3396,7 +3396,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_open(%s), old ref count = %d\n", @@ -55099,8 +52605,8 @@ index d48e040..0f52764 100644 + __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count)); /* If port is closing, signal caller to try again */ - if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -3419,10 +3419,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) + if (info->port.flags & ASYNC_CLOSING){ +@@ -3415,10 +3415,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -55113,7 +52619,7 @@ index d48e040..0f52764 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -3446,8 +3446,8 @@ cleanup: +@@ -3442,8 +3442,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -55124,7 +52630,7 @@ index d48e040..0f52764 100644 } return retval; -@@ -7665,7 +7665,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -7661,7 +7661,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -55133,7 +52639,7 @@ index d48e040..0f52764 100644 return -EBUSY; switch (encoding) -@@ -7760,7 +7760,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -7756,7 +7756,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -55142,7 +52648,7 @@ index d48e040..0f52764 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -7846,7 +7846,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -7842,7 +7842,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -55152,7 +52658,7 @@ index d48e040..0f52764 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index c359a91..959fc26 100644 +index 0e8c39b..e0cb171 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -55163,7 +52669,7 @@ index c359a91..959fc26 100644 + DBGINFO(("%s open, old ref count = %d\n", info->device_name, atomic_read(&info->port.count))); /* If port is closing, signal caller to try again */ - if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ + if (info->port.flags & ASYNC_CLOSING){ @@ -691,10 +691,10 @@ static int open(struct tty_struct *tty, struct file *filp) mutex_unlock(&info->port.mutex); goto cleanup; @@ -55251,26 +52757,26 @@ index c359a91..959fc26 100644 port->pending_bh && !port->bh_running && !port->bh_requested) { DBGISR(("%s bh queued\n", port->device_name)); -@@ -3302,7 +3302,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3299,7 +3299,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + add_wait_queue(&port->open_wait, &wait); + spin_lock_irqsave(&info->lock, flags); - if (!tty_hung_up_p(filp)) { - extra_count = true; -- port->count--; -+ atomic_dec(&port->count); - } +- port->count--; ++ atomic_dec(&port->count); spin_unlock_irqrestore(&info->lock, flags); port->blocked_open++; -@@ -3339,7 +3339,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + +@@ -3335,7 +3335,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, remove_wait_queue(&port->open_wait, &wait); - if (extra_count) + if (!tty_hung_up_p(filp)) - port->count++; + atomic_inc(&port->count); port->blocked_open--; if (!retval) diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index 53ba853..3c30f6d 100644 +index c3f9091..abe4601 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c @@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -55281,7 +52787,7 @@ index 53ba853..3c30f6d 100644 + __FILE__,__LINE__,tty->driver->name, atomic_read(&info->port.count)); /* If port is closing, signal caller to try again */ - if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ + if (info->port.flags & ASYNC_CLOSING){ @@ -769,10 +769,10 @@ static int open(struct tty_struct *tty, struct file *filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; @@ -55369,7 +52875,7 @@ index 53ba853..3c30f6d 100644 port->pending_bh && !port->bh_running && !port->bh_requested ) { if ( debug_level >= DEBUG_LEVEL_ISR ) -@@ -3319,12 +3319,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3318,10 +3318,10 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() before block, count=%d\n", @@ -55377,14 +52883,12 @@ index 53ba853..3c30f6d 100644 + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); spin_lock_irqsave(&info->lock, flags); - if (!tty_hung_up_p(filp)) { - extra_count = true; -- port->count--; -+ atomic_dec(&port->count); - } +- port->count--; ++ atomic_dec(&port->count); spin_unlock_irqrestore(&info->lock, flags); port->blocked_open++; -@@ -3353,7 +3353,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + +@@ -3349,7 +3349,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() count=%d\n", @@ -55393,10 +52897,10 @@ index 53ba853..3c30f6d 100644 tty_unlock(tty); schedule(); -@@ -3364,12 +3364,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3359,12 +3359,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, + set_current_state(TASK_RUNNING); remove_wait_queue(&port->open_wait, &wait); - - if (extra_count) + if (!tty_hung_up_p(filp)) - port->count++; + atomic_inc(&port->count); port->blocked_open--; @@ -55409,7 +52913,7 @@ index 53ba853..3c30f6d 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 454b658..57b1430 100644 +index 42bad18..447d7a2 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c @@ -1084,7 +1084,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); @@ -55422,10 +52926,10 @@ index 454b658..57b1430 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 3411071..86f2cf2 100644 +index 8fbad34..0db0a39 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3475,7 +3475,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3464,7 +3464,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -55475,10 +52979,10 @@ index 2d822aa..a566234 100644 raw_spin_unlock_irqrestore(&tty_ldiscs_lock, flags); } diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c -index 3f746c8..2f2fcaa 100644 +index 1b93357..ea9f82c 100644 --- a/drivers/tty/tty_port.c +++ b/drivers/tty/tty_port.c -@@ -235,7 +235,7 @@ void tty_port_hangup(struct tty_port *port) +@@ -237,7 +237,7 @@ void tty_port_hangup(struct tty_port *port) unsigned long flags; spin_lock_irqsave(&port->lock, flags); @@ -55487,16 +52991,16 @@ index 3f746c8..2f2fcaa 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; tty = port->tty; if (tty) -@@ -393,7 +393,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -399,7 +399,7 @@ int tty_port_block_til_ready(struct tty_port *port, + /* The port lock protects the port counts */ spin_lock_irqsave(&port->lock, flags); - if (!tty_hung_up_p(filp)) -- port->count--; -+ atomic_dec(&port->count); +- port->count--; ++ atomic_dec(&port->count); port->blocked_open++; spin_unlock_irqrestore(&port->lock, flags); -@@ -435,7 +435,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -441,7 +441,7 @@ int tty_port_block_til_ready(struct tty_port *port, we must not mess that up further */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -55505,7 +53009,7 @@ index 3f746c8..2f2fcaa 100644 port->blocked_open--; if (retval == 0) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -469,19 +469,19 @@ int tty_port_close_start(struct tty_port *port, +@@ -479,19 +479,19 @@ int tty_port_close_start(struct tty_port *port, return 0; } @@ -55532,12 +53036,12 @@ index 3f746c8..2f2fcaa 100644 spin_unlock_irqrestore(&port->lock, flags); return 0; } -@@ -563,7 +563,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, +@@ -592,7 +592,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, + struct file *filp) { spin_lock_irq(&port->lock); - if (!tty_hung_up_p(filp)) -- ++port->count; -+ atomic_inc(&port->count); +- ++port->count; ++ atomic_inc(&port->count); spin_unlock_irq(&port->lock); tty_port_tty_set(port, tty); @@ -55860,10 +53364,10 @@ index 0b59731..46ee7d1 100644 dev->rawdescriptors[i] + (*ppos - pos), min(len, alloclen))) { diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index bec31e2..b8091cd 100644 +index 487abcf..06226dc 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c -@@ -1554,7 +1554,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1550,7 +1550,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) */ usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -55872,7 +53376,7 @@ index bec31e2..b8091cd 100644 usbmon_urb_submit(&hcd->self, urb); /* NOTE requirements on root-hub callers (usbfs and the hub -@@ -1581,7 +1581,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1577,7 +1577,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) urb->hcpriv = NULL; INIT_LIST_HEAD(&urb->urb_list); atomic_dec(&urb->use_count); @@ -55882,7 +53386,7 @@ index bec31e2..b8091cd 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 50e8545..d85ec5b 100644 +index dc84915..cdb6624 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -55893,7 +53397,7 @@ index 50e8545..d85ec5b 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4644,6 +4645,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, +@@ -4662,6 +4663,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -55949,7 +53453,7 @@ index 1236c60..d47a51c 100644 static DEVICE_ATTR_RO(urbnum); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index 4d11449..f4ccabf 100644 +index 2dd2362..1135437 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -433,7 +433,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, @@ -55962,7 +53466,7 @@ index 4d11449..f4ccabf 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index f5b352a..fbe1785 100644 +index 490a6ca..1f8364d 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -615,8 +615,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, @@ -56015,10 +53519,10 @@ index 8cfc319..4868255 100644 return 0; } -diff --git a/drivers/usb/gadget/f_uac1.c b/drivers/usb/gadget/f_uac1.c +diff --git a/drivers/usb/gadget/function/f_uac1.c b/drivers/usb/gadget/function/f_uac1.c index 2b4c82d..06a8ee6 100644 ---- a/drivers/usb/gadget/f_uac1.c -+++ b/drivers/usb/gadget/f_uac1.c +--- a/drivers/usb/gadget/function/f_uac1.c ++++ b/drivers/usb/gadget/function/f_uac1.c @@ -13,6 +13,7 @@ #include <linux/kernel.h> #include <linux/device.h> @@ -56027,10 +53531,10 @@ index 2b4c82d..06a8ee6 100644 #include "u_uac1.h" -diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c +diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index ad0aca8..8ff84865 100644 ---- a/drivers/usb/gadget/u_serial.c -+++ b/drivers/usb/gadget/u_serial.c +--- a/drivers/usb/gadget/function/u_serial.c ++++ b/drivers/usb/gadget/function/u_serial.c @@ -733,9 +733,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) spin_lock_irq(&port->port_lock); @@ -56112,10 +53616,10 @@ index ad0aca8..8ff84865 100644 gs_buf_free(&port->port_write_buf); gs_free_requests(gser->out, &port->read_pool, NULL); gs_free_requests(gser->out, &port->read_queue, NULL); -diff --git a/drivers/usb/gadget/u_uac1.c b/drivers/usb/gadget/u_uac1.c +diff --git a/drivers/usb/gadget/function/u_uac1.c b/drivers/usb/gadget/function/u_uac1.c index 7a55fea..cc0ed4f 100644 ---- a/drivers/usb/gadget/u_uac1.c -+++ b/drivers/usb/gadget/u_uac1.c +--- a/drivers/usb/gadget/function/u_uac1.c ++++ b/drivers/usb/gadget/function/u_uac1.c @@ -16,6 +16,7 @@ #include <linux/ctype.h> #include <linux/random.h> @@ -56251,6 +53755,63 @@ index 307e339..6aa97cb 100644 /* Dynamic bitflag definitions (us->dflags): used in set_bit() etc. */ +diff --git a/drivers/usb/usbip/vhci.h b/drivers/usb/usbip/vhci.h +index a863a98..d272795 100644 +--- a/drivers/usb/usbip/vhci.h ++++ b/drivers/usb/usbip/vhci.h +@@ -83,7 +83,7 @@ struct vhci_hcd { + unsigned resuming:1; + unsigned long re_timeout; + +- atomic_t seqnum; ++ atomic_unchecked_t seqnum; + + /* + * NOTE: +diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c +index c02374b..32d47a9 100644 +--- a/drivers/usb/usbip/vhci_hcd.c ++++ b/drivers/usb/usbip/vhci_hcd.c +@@ -439,7 +439,7 @@ static void vhci_tx_urb(struct urb *urb) + + spin_lock(&vdev->priv_lock); + +- priv->seqnum = atomic_inc_return(&the_controller->seqnum); ++ priv->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum); + if (priv->seqnum == 0xffff) + dev_info(&urb->dev->dev, "seqnum max\n"); + +@@ -686,7 +686,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) + return -ENOMEM; + } + +- unlink->seqnum = atomic_inc_return(&the_controller->seqnum); ++ unlink->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum); + if (unlink->seqnum == 0xffff) + pr_info("seqnum max\n"); + +@@ -891,7 +891,7 @@ static int vhci_start(struct usb_hcd *hcd) + vdev->rhport = rhport; + } + +- atomic_set(&vhci->seqnum, 0); ++ atomic_set_unchecked(&vhci->seqnum, 0); + spin_lock_init(&vhci->lock); + + hcd->power_budget = 0; /* no limit */ +diff --git a/drivers/usb/usbip/vhci_rx.c b/drivers/usb/usbip/vhci_rx.c +index 00e4a54..d676f85 100644 +--- a/drivers/usb/usbip/vhci_rx.c ++++ b/drivers/usb/usbip/vhci_rx.c +@@ -80,7 +80,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, + if (!urb) { + pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); + pr_info("max seqnum %d\n", +- atomic_read(&the_controller->seqnum)); ++ atomic_read_unchecked(&the_controller->seqnum)); + usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); + return; + } diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h index f2a8d29..7bc3fe7 100644 --- a/drivers/usb/wusbcore/wa-hc.h @@ -56274,7 +53835,7 @@ index f2a8d29..7bc3fe7 100644 for (index = 0; index < WA_MAX_BUF_IN_URBS; ++index) usb_init_urb(&(wa->buf_in_urbs[index])); diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c -index 3e2e4ed..060c9b8 100644 +index e279015..c2d0dae 100644 --- a/drivers/usb/wusbcore/wa-xfer.c +++ b/drivers/usb/wusbcore/wa-xfer.c @@ -314,7 +314,7 @@ static void wa_xfer_completion(struct wa_xfer *xfer) @@ -56396,7 +53957,7 @@ index 1b0b233..6f34c2c 100644 err = -ENOSPC; } diff --git a/drivers/video/fbdev/aty/aty128fb.c b/drivers/video/fbdev/aty/aty128fb.c -index 52108be..c7c110d 100644 +index ff60701..814b973 100644 --- a/drivers/video/fbdev/aty/aty128fb.c +++ b/drivers/video/fbdev/aty/aty128fb.c @@ -149,7 +149,7 @@ enum { @@ -56409,7 +53970,7 @@ index 52108be..c7c110d 100644 "PCI", "PRO AGP", diff --git a/drivers/video/fbdev/aty/atyfb_base.c b/drivers/video/fbdev/aty/atyfb_base.c -index c3d0074..0b9077e 100644 +index 37ec09b..98f8862 100644 --- a/drivers/video/fbdev/aty/atyfb_base.c +++ b/drivers/video/fbdev/aty/atyfb_base.c @@ -1326,10 +1326,14 @@ static int atyfb_set_par(struct fb_info *info) @@ -56490,10 +54051,10 @@ index b5e85f6..290f8c7 100644 data = (__u32) (unsigned long) fix->smem_start; err |= put_user(data, &fix32->smem_start); diff --git a/drivers/video/fbdev/hyperv_fb.c b/drivers/video/fbdev/hyperv_fb.c -index e23392e..8a77540 100644 +index 4254336..282567e 100644 --- a/drivers/video/fbdev/hyperv_fb.c +++ b/drivers/video/fbdev/hyperv_fb.c -@@ -235,7 +235,7 @@ static uint screen_fb_size; +@@ -240,7 +240,7 @@ static uint screen_fb_size; static inline int synthvid_send(struct hv_device *hdev, struct synthvid_msg *msg) { @@ -56502,7 +54063,7 @@ index e23392e..8a77540 100644 int ret; msg->pipe_hdr.type = PIPE_MSG_DATA; -@@ -243,7 +243,7 @@ static inline int synthvid_send(struct hv_device *hdev, +@@ -248,7 +248,7 @@ static inline int synthvid_send(struct hv_device *hdev, ret = vmbus_sendpacket(hdev->channel, msg, msg->vid_hdr.size + sizeof(struct pipe_msg_hdr), @@ -59868,10 +57429,10 @@ index 2946712..f737435 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index d72588a..aa2fb30 100644 +index 7337500..2058af6 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -381,7 +381,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -61014,7 +58575,7 @@ index 6d72746..536d1db 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index aeab453..48dbafc 100644 +index 44ee5d2..8b23e53 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1184,9 +1184,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -61087,10 +58648,10 @@ index f70119f..ab5894d 100644 spin_lock_init(&delayed_root->lock); init_waitqueue_head(&delayed_root->wait); diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 47aceb4..7d28b1c 100644 +index 8a8e298..9f904ad 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -3965,9 +3965,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3939,9 +3939,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -61103,7 +58664,7 @@ index 47aceb4..7d28b1c 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -3989,10 +3992,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3963,10 +3966,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -61115,7 +58676,7 @@ index 47aceb4..7d28b1c 100644 up_read(&info->groups_sem); } diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index 8e16bca..6eabd9e 100644 +index c4124de..d7613eb6 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -270,7 +270,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, @@ -61128,7 +58689,7 @@ index 8e16bca..6eabd9e 100644 wake_up(&root->fs_info->transaction_wait); wake_up(&root->fs_info->transaction_blocked_wait); diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c -index 7869936..7e153dc 100644 +index 12e5355..cdf30c6 100644 --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -475,7 +475,7 @@ static int addrm_unknown_feature_attrs(struct btrfs_fs_info *fs_info, bool add) @@ -61141,7 +58702,7 @@ index 7869936..7e153dc 100644 .attrs = attrs, }; diff --git a/fs/btrfs/tree-log.h b/fs/btrfs/tree-log.h -index 7f5b41b..e589c13 100644 +index e2e798a..f454c18 100644 --- a/fs/btrfs/tree-log.h +++ b/fs/btrfs/tree-log.h @@ -41,7 +41,7 @@ static inline void btrfs_init_log_ctx(struct btrfs_log_ctx *ctx) @@ -61154,10 +58715,22 @@ index 7f5b41b..e589c13 100644 static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info, diff --git a/fs/buffer.c b/fs/buffer.c -index 36fdceb..8d8230c 100644 +index 3588a80..3d038a9 100644 --- a/fs/buffer.c +++ b/fs/buffer.c -@@ -3431,7 +3431,7 @@ void __init buffer_init(void) +@@ -2318,6 +2318,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, + err = 0; + + balance_dirty_pages_ratelimited(mapping); ++ ++ if (unlikely(fatal_signal_pending(current))) { ++ err = -EINTR; ++ goto out; ++ } + } + + /* page covers the boundary, find the boundary offset */ +@@ -3424,7 +3429,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -61265,7 +58838,7 @@ index 8c52472..c4e3a69 100644 #else diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c -index 55c0acb..81051b4 100644 +index dad7d95..07475af 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c @@ -312,7 +312,7 @@ try_again: @@ -61308,10 +58881,10 @@ index eccd339..4c1d995 100644 return 0; diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c -index 4b1fb5c..0d2a699 100644 +index 25e745b..220e604 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c -@@ -943,7 +943,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) +@@ -937,7 +937,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) old_fs = get_fs(); set_fs(KERNEL_DS); ret = file->f_op->write( @@ -61356,8 +58929,21 @@ index c29d6ae..719b9bb 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; +diff --git a/fs/ceph/ioctl.c b/fs/ceph/ioctl.c +index a822a6e..4644256 100644 +--- a/fs/ceph/ioctl.c ++++ b/fs/ceph/ioctl.c +@@ -41,7 +41,7 @@ static long __validate_layout(struct ceph_mds_client *mdsc, + /* validate striping parameters */ + if ((l->object_size & ~PAGE_MASK) || + (l->stripe_unit & ~PAGE_MASK) || +- (l->stripe_unit != 0 && ++ ((unsigned)l->stripe_unit != 0 && + ((unsigned)l->object_size % (unsigned)l->stripe_unit))) + return -EINVAL; + diff --git a/fs/ceph/super.c b/fs/ceph/super.c -index 06150fd..192061b 100644 +index f6e1237..796ffd1 100644 --- a/fs/ceph/super.c +++ b/fs/ceph/super.c @@ -895,7 +895,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) @@ -61379,7 +58965,7 @@ index 06150fd..192061b 100644 sb->s_bdi = &fsc->backing_dev_info; return err; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index f3ac415..3d2420c 100644 +index 44ec726..bcb06a3 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -286,8 +286,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, @@ -61423,10 +59009,10 @@ index f3ac415..3d2420c 100644 server->ops->print_stats(m, tcon); } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 8883980..c8ade72 100644 +index 889b984..fcb8431 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -1072,7 +1072,7 @@ cifs_init_request_bufs(void) +@@ -1092,7 +1092,7 @@ cifs_init_request_bufs(void) */ cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + max_hdr_size, 0, @@ -61435,7 +59021,7 @@ index 8883980..c8ade72 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1099,7 +1099,7 @@ cifs_init_request_bufs(void) +@@ -1119,7 +1119,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -61444,7 +59030,7 @@ index 8883980..c8ade72 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1184,8 +1184,8 @@ init_cifs(void) +@@ -1204,8 +1204,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -61456,10 +59042,10 @@ index 8883980..c8ade72 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index c97fd86..e4a8274 100644 +index 25b8392..01e46dc 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -804,35 +804,35 @@ struct cifs_tcon { +@@ -821,35 +821,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -61519,7 +59105,7 @@ index c97fd86..e4a8274 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1169,7 +1169,7 @@ convert_delimiter(char *path, char delim) +@@ -1190,7 +1190,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -61528,7 +59114,7 @@ index c97fd86..e4a8274 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1535,8 +1535,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1557,8 +1557,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -61540,10 +59126,10 @@ index c97fd86..e4a8274 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 9de08c9..b396124 100644 +index 5f29354..359bc0d 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c -@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, +@@ -2056,10 +2056,14 @@ static int cifs_writepages(struct address_space *mapping, index = mapping->writeback_index; /* Start from prev offset */ end = -1; } else { @@ -61560,9 +59146,9 @@ index 9de08c9..b396124 100644 + } scanned = true; } - retry: + server = cifs_sb_master_tcon(cifs_sb)->ses->server; diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index 3b0c62e..f7d090c 100644 +index b7415d5..3984ec0 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -170,7 +170,7 @@ cifs_buf_get(void) @@ -61584,7 +59170,7 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index e9ad8d3..6395e45 100644 +index 52131d8..fd79e97 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c @@ -626,27 +626,27 @@ static void @@ -61693,10 +59279,10 @@ index e9ad8d3..6395e45 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index f325c59..6bba517 100644 +index f522193..586121b 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c -@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) +@@ -414,8 +414,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) #ifdef CONFIG_CIFS_STATS int i; for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) { @@ -61707,7 +59293,7 @@ index f325c59..6bba517 100644 } #endif } -@@ -405,65 +405,65 @@ static void +@@ -455,65 +455,65 @@ static void smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -61814,10 +59400,10 @@ index f325c59..6bba517 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 8707755..8f38739 100644 +index 74b3a66..0c709f3 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2106,8 +2106,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2143,8 +2143,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -61828,7 +59414,7 @@ index 8707755..8f38739 100644 req->FileIndex = cpu_to_le32(index); diff --git a/fs/coda/cache.c b/fs/coda/cache.c -index 1da168c..8bc7ff6 100644 +index 278f8fd..e69c52d 100644 --- a/fs/coda/cache.c +++ b/fs/coda/cache.c @@ -24,7 +24,7 @@ @@ -62006,7 +59592,7 @@ index 4d24d17..4f8c09e 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index e822890..fed89d9 100644 +index afec645..9c65620 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -621,7 +621,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, @@ -62184,7 +59770,7 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index e1308c5..c9c5b6c 100644 +index cb25a1a..fa91d33 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry) @@ -62243,7 +59829,7 @@ index e1308c5..c9c5b6c 100644 spin_unlock(&ret->d_lock); return ret; } -@@ -804,7 +804,7 @@ restart: +@@ -798,7 +798,7 @@ restart: spin_lock(&inode->i_lock); hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { spin_lock(&dentry->d_lock); @@ -62252,7 +59838,7 @@ index e1308c5..c9c5b6c 100644 /* * inform the fs via d_prune that this dentry * is about to be unhashed and destroyed. -@@ -847,7 +847,7 @@ static void shrink_dentry_list(struct list_head *list) +@@ -841,7 +841,7 @@ static void shrink_dentry_list(struct list_head *list) * We found an inuse dentry which was not removed from * the LRU because of laziness during lookup. Do not free it. */ @@ -62261,7 +59847,7 @@ index e1308c5..c9c5b6c 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -885,8 +885,8 @@ static void shrink_dentry_list(struct list_head *list) +@@ -879,8 +879,8 @@ static void shrink_dentry_list(struct list_head *list) dentry = parent; while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) { parent = lock_parent(dentry); @@ -62272,7 +59858,7 @@ index e1308c5..c9c5b6c 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -926,7 +926,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) +@@ -920,7 +920,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) * counts, just remove them from the LRU. Otherwise give them * another pass through the LRU. */ @@ -62281,7 +59867,7 @@ index e1308c5..c9c5b6c 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1261,7 +1261,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1255,7 +1255,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) } else { if (dentry->d_flags & DCACHE_LRU_LIST) d_lru_del(dentry); @@ -62290,7 +59876,7 @@ index e1308c5..c9c5b6c 100644 d_shrink_add(dentry, &data->dispose); data->found++; } -@@ -1309,7 +1309,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1303,7 +1303,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) return D_WALK_CONTINUE; /* root with refcount 1 is fine */ @@ -62299,7 +59885,7 @@ index e1308c5..c9c5b6c 100644 return D_WALK_CONTINUE; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} " -@@ -1318,7 +1318,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1312,7 +1312,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry, @@ -62308,7 +59894,7 @@ index e1308c5..c9c5b6c 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); WARN_ON(1); -@@ -1444,7 +1444,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1438,7 +1438,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -62317,7 +59903,7 @@ index e1308c5..c9c5b6c 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -1462,7 +1462,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1456,7 +1456,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -62326,7 +59912,7 @@ index e1308c5..c9c5b6c 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2225,7 +2225,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2196,7 +2196,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -62335,7 +59921,7 @@ index e1308c5..c9c5b6c 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2324,7 +2324,7 @@ again: +@@ -2295,7 +2295,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -62344,58 +59930,7 @@ index e1308c5..c9c5b6c 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -2401,7 +2401,7 @@ void dentry_update_name_case(struct dentry *dentry, struct qstr *name) - } - EXPORT_SYMBOL(dentry_update_name_case); - --static void switch_names(struct dentry *dentry, struct dentry *target) -+static void switch_names(struct dentry *dentry, struct dentry *target, bool exchange) - { - if (dname_external(target)) { - if (dname_external(dentry)) { -@@ -2429,7 +2429,7 @@ static void switch_names(struct dentry *dentry, struct dentry *target) - target->d_name.len + 1); - target->d_name.name = dentry->d_name.name; - dentry->d_name.name = dentry->d_iname; -- } else { -+ } else if (exchange) { - /* - * Both are internal. - */ -@@ -2439,6 +2439,14 @@ static void switch_names(struct dentry *dentry, struct dentry *target) - swap(((long *) &dentry->d_iname)[i], - ((long *) &target->d_iname)[i]); - } -+ } else { -+ /* -+ * Both are internal. Just copy target to dentry -+ */ -+ memcpy(dentry->d_iname, target->d_name.name, -+ target->d_name.len + 1); -+ dentry->d_name.len = target->d_name.len; -+ return; - } - } - swap(dentry->d_name.len, target->d_name.len); -@@ -2539,7 +2547,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target, - list_del(&target->d_u.d_child); - - /* Switch the names.. */ -- switch_names(dentry, target); -+ switch_names(dentry, target, exchange); - swap(dentry->d_name.hash, target->d_name.hash); - - /* ... and switch the parents */ -@@ -2678,7 +2686,7 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) - - dparent = dentry->d_parent; - -- switch_names(dentry, anon); -+ switch_names(dentry, anon, false); - swap(dentry->d_name.hash, anon->d_name.hash); - - dentry->d_parent = dentry; -@@ -3296,7 +3304,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3300,7 +3300,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -62404,7 +59939,7 @@ index e1308c5..c9c5b6c 100644 } } return D_WALK_CONTINUE; -@@ -3412,7 +3420,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3416,7 +3416,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -62415,7 +59950,7 @@ index e1308c5..c9c5b6c 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 16a46b6..41696fd 100644 +index 1e3b99d..6512101 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -62457,7 +59992,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index a3d33fe..49e9bc9 100644 +index a2b42a9..1e924b3 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -62592,7 +60127,7 @@ index a3d33fe..49e9bc9 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -399,7 +440,7 @@ struct user_arg_ptr { +@@ -395,7 +436,7 @@ struct user_arg_ptr { } ptr; }; @@ -62601,7 +60136,7 @@ index a3d33fe..49e9bc9 100644 { const char __user *native; -@@ -408,14 +449,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -404,14 +445,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -62618,7 +60153,7 @@ index a3d33fe..49e9bc9 100644 return native; } -@@ -434,7 +475,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -430,7 +471,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -62627,7 +60162,7 @@ index a3d33fe..49e9bc9 100644 return -EFAULT; if (i >= max) -@@ -469,7 +510,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -465,7 +506,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -62636,7 +60171,7 @@ index a3d33fe..49e9bc9 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -551,7 +592,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -547,7 +588,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -62645,7 +60180,7 @@ index a3d33fe..49e9bc9 100644 }; set_fs(KERNEL_DS); -@@ -586,7 +627,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -582,7 +623,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -62655,7 +60190,7 @@ index a3d33fe..49e9bc9 100644 /* * ensure there are no vmas between where we want to go -@@ -595,6 +637,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -591,6 +633,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -62666,7 +60201,7 @@ index a3d33fe..49e9bc9 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -675,10 +721,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -671,10 +717,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -62677,7 +60212,7 @@ index a3d33fe..49e9bc9 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -690,8 +732,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -686,8 +728,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -62706,7 +60241,7 @@ index a3d33fe..49e9bc9 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -710,13 +772,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -706,13 +768,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -62720,7 +60255,7 @@ index a3d33fe..49e9bc9 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -740,6 +795,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -736,6 +791,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -62748,7 +60283,7 @@ index a3d33fe..49e9bc9 100644 if (ret) ret = -EFAULT; -@@ -775,6 +851,8 @@ static struct file *do_open_exec(struct filename *name) +@@ -771,6 +847,8 @@ static struct file *do_open_exec(struct filename *name) fsnotify_open(file); @@ -62757,7 +60292,7 @@ index a3d33fe..49e9bc9 100644 err = deny_write_access(file); if (err) goto exit; -@@ -804,7 +882,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -800,7 +878,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -62766,7 +60301,7 @@ index a3d33fe..49e9bc9 100644 set_fs(old_fs); return result; } -@@ -849,6 +927,7 @@ static int exec_mmap(struct mm_struct *mm) +@@ -845,6 +923,7 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm = mm; tsk->active_mm = mm; activate_mm(active_mm, mm); @@ -62774,7 +60309,7 @@ index a3d33fe..49e9bc9 100644 tsk->mm->vmacache_seqnum = 0; vmacache_flush(tsk); task_unlock(tsk); -@@ -1247,7 +1326,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) +@@ -1243,7 +1322,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -62783,7 +60318,7 @@ index a3d33fe..49e9bc9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; else p->fs->in_exec = 1; -@@ -1423,6 +1502,31 @@ static int exec_binprm(struct linux_binprm *bprm) +@@ -1419,6 +1498,31 @@ static int exec_binprm(struct linux_binprm *bprm) return ret; } @@ -62815,7 +60350,7 @@ index a3d33fe..49e9bc9 100644 /* * sys_execve() executes a new program. */ -@@ -1430,6 +1534,11 @@ static int do_execve_common(struct filename *filename, +@@ -1426,6 +1530,11 @@ static int do_execve_common(struct filename *filename, struct user_arg_ptr argv, struct user_arg_ptr envp) { @@ -62827,7 +60362,7 @@ index a3d33fe..49e9bc9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1438,6 +1547,8 @@ static int do_execve_common(struct filename *filename, +@@ -1434,6 +1543,8 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); @@ -62836,7 +60371,7 @@ index a3d33fe..49e9bc9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1475,11 +1586,21 @@ static int do_execve_common(struct filename *filename, +@@ -1471,11 +1582,21 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(file)) goto out_unmark; @@ -62858,7 +60393,7 @@ index a3d33fe..49e9bc9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_unmark; -@@ -1496,24 +1617,70 @@ static int do_execve_common(struct filename *filename, +@@ -1492,24 +1613,70 @@ static int do_execve_common(struct filename *filename, if (retval < 0) goto out; @@ -62933,7 +60468,7 @@ index a3d33fe..49e9bc9 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1524,6 +1691,14 @@ static int do_execve_common(struct filename *filename, +@@ -1520,6 +1687,14 @@ static int do_execve_common(struct filename *filename, put_files_struct(displaced); return retval; @@ -62948,7 +60483,7 @@ index a3d33fe..49e9bc9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1615,3 +1790,312 @@ COMPAT_SYSCALL_DEFINE3(execve, const char __user *, filename, +@@ -1611,3 +1786,312 @@ COMPAT_SYSCALL_DEFINE3(execve, const char __user *, filename, return compat_do_execve(getname(filename), argv, envp); } #endif @@ -63346,7 +60881,7 @@ index c6874be..f8a6ae8 100644 static int diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index fca3820..e1ea241 100644 +index 581ef40..cec52d7 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -553,8 +553,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, @@ -63361,10 +60896,10 @@ index fca3820..e1ea241 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index b687440..6f404a5c 100644 +index b0c225c..0e69bd7 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1276,19 +1276,19 @@ struct ext4_sb_info { +@@ -1275,19 +1275,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -63395,7 +60930,7 @@ index b687440..6f404a5c 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index c3e7418..f62cab3 100644 +index 8b0f9ef..cb9f620 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1901,7 +1901,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -63452,7 +60987,7 @@ index c3e7418..f62cab3 100644 } free_percpu(sbi->s_locality_groups); -@@ -3191,16 +3191,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3192,16 +3192,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -63475,7 +61010,7 @@ index c3e7418..f62cab3 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3627,7 +3627,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3628,7 +3628,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -63484,7 +61019,7 @@ index c3e7418..f62cab3 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3687,7 +3687,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3688,7 +3688,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -63493,7 +61028,7 @@ index c3e7418..f62cab3 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3776,7 +3776,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3777,7 +3777,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -63502,7 +61037,7 @@ index c3e7418..f62cab3 100644 return err; } -@@ -3794,7 +3794,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3795,7 +3795,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -63525,7 +61060,7 @@ index 32bce84..112d969 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index beeb5c4..998c28d 100644 +index 0b28b36..b85d0f53 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -63537,7 +61072,7 @@ index beeb5c4..998c28d 100644 "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; #ifdef CONFIG_QUOTA -@@ -2464,7 +2464,7 @@ struct ext4_attr { +@@ -2460,7 +2460,7 @@ struct ext4_attr { int offset; int deprecated_val; } u; @@ -63572,10 +61107,10 @@ index e738733..9843a6c 100644 static int diff --git a/fs/fcntl.c b/fs/fcntl.c -index 72c82f6..a18b263 100644 +index 22d1c3d..600cf7e 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c -@@ -106,6 +106,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, +@@ -107,6 +107,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, if (err) return err; @@ -63776,7 +61311,7 @@ index 7dca743..543d620 100644 .seq = SEQCNT_ZERO(init_fs.seq), .umask = 0022, diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c -index aec01be..cf81ff9 100644 +index 89acec7..a575262 100644 --- a/fs/fscache/cookie.c +++ b/fs/fscache/cookie.c @@ -19,7 +19,7 @@ @@ -63882,7 +61417,7 @@ index aec01be..cf81ff9 100644 /* Only permit invalidation of data files. Invalidating an index will * require the caller to release all its attachments to the tree rooted -@@ -477,10 +477,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) +@@ -476,10 +476,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) { struct fscache_object *object; @@ -63895,7 +61430,7 @@ index aec01be..cf81ff9 100644 _leave(" [no cookie]"); return; } -@@ -581,12 +581,12 @@ EXPORT_SYMBOL(__fscache_disable_cookie); +@@ -580,12 +580,12 @@ EXPORT_SYMBOL(__fscache_disable_cookie); */ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, bool retire) { @@ -63911,7 +61446,7 @@ index aec01be..cf81ff9 100644 _leave(" [no cookie]"); return; } -@@ -687,7 +687,7 @@ int __fscache_check_consistency(struct fscache_cookie *cookie) +@@ -686,7 +686,7 @@ int __fscache_check_consistency(struct fscache_cookie *cookie) if (test_bit(FSCACHE_IOERROR, &object->cache->flags)) goto inconsistent; @@ -63921,10 +61456,10 @@ index aec01be..cf81ff9 100644 __fscache_use_cookie(cookie); if (fscache_submit_op(object, op) < 0) diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h -index bc6c08f..09c0d96 100644 +index 7872a62..d91b19f 100644 --- a/fs/fscache/internal.h +++ b/fs/fscache/internal.h -@@ -139,8 +139,8 @@ extern void fscache_operation_gc(struct work_struct *); +@@ -137,8 +137,8 @@ extern void fscache_operation_gc(struct work_struct *); extern int fscache_wait_for_deferred_lookup(struct fscache_cookie *); extern int fscache_wait_for_operation_activation(struct fscache_object *, struct fscache_operation *, @@ -63935,7 +61470,7 @@ index bc6c08f..09c0d96 100644 void (*)(struct fscache_operation *)); extern void fscache_invalidate_writes(struct fscache_cookie *); -@@ -159,101 +159,101 @@ extern void fscache_proc_cleanup(void); +@@ -157,101 +157,101 @@ extern void fscache_proc_cleanup(void); * stats.c */ #ifdef CONFIG_FSCACHE_STATS @@ -64118,7 +61653,7 @@ index bc6c08f..09c0d96 100644 extern atomic_t fscache_n_cop_alloc_object; extern atomic_t fscache_n_cop_lookup_object; -@@ -278,6 +278,11 @@ static inline void fscache_stat(atomic_t *stat) +@@ -276,6 +276,11 @@ static inline void fscache_stat(atomic_t *stat) atomic_inc(stat); } @@ -64130,7 +61665,7 @@ index bc6c08f..09c0d96 100644 static inline void fscache_stat_d(atomic_t *stat) { atomic_dec(stat); -@@ -290,6 +295,7 @@ extern const struct file_operations fscache_stats_fops; +@@ -288,6 +293,7 @@ extern const struct file_operations fscache_stats_fops; #define __fscache_stat(stat) (NULL) #define fscache_stat(stat) do {} while (0) @@ -64139,7 +61674,7 @@ index bc6c08f..09c0d96 100644 #endif diff --git a/fs/fscache/object.c b/fs/fscache/object.c -index d3b4539..ed0c659 100644 +index da032da..0076ce7 100644 --- a/fs/fscache/object.c +++ b/fs/fscache/object.c @@ -454,7 +454,7 @@ static const struct fscache_state *fscache_look_up_object(struct fscache_object @@ -64235,7 +61770,7 @@ index d3b4539..ed0c659 100644 break; default: -@@ -992,7 +992,7 @@ static const struct fscache_state *fscache_invalidate_object(struct fscache_obje +@@ -993,7 +993,7 @@ static const struct fscache_state *fscache_invalidate_object(struct fscache_obje { const struct fscache_state *s; @@ -64244,7 +61779,7 @@ index d3b4539..ed0c659 100644 fscache_stat(&fscache_n_cop_invalidate_object); s = _fscache_invalidate_object(object, event); fscache_stat_d(&fscache_n_cop_invalidate_object); -@@ -1007,7 +1007,7 @@ static const struct fscache_state *fscache_update_object(struct fscache_object * +@@ -1008,7 +1008,7 @@ static const struct fscache_state *fscache_update_object(struct fscache_object * { _enter("{OBJ%x},%d", object->debug_id, event); @@ -64380,10 +61915,10 @@ index e7b87a0..a85d47a 100644 ASSERTCMP(atomic_read(&op->usage), ==, 0); ASSERTCMP(op->state, ==, FSCACHE_OP_ST_DEAD); diff --git a/fs/fscache/page.c b/fs/fscache/page.c -index ed70714..67f4982 100644 +index de33b3f..8be4d29 100644 --- a/fs/fscache/page.c +++ b/fs/fscache/page.c -@@ -61,7 +61,7 @@ try_again: +@@ -74,7 +74,7 @@ try_again: val = radix_tree_lookup(&cookie->stores, page->index); if (!val) { rcu_read_unlock(); @@ -64392,7 +61927,7 @@ index ed70714..67f4982 100644 __fscache_uncache_page(cookie, page); return true; } -@@ -91,11 +91,11 @@ try_again: +@@ -104,11 +104,11 @@ try_again: spin_unlock(&cookie->stores_lock); if (xpage) { @@ -64407,7 +61942,7 @@ index ed70714..67f4982 100644 } wake_up_bit(&cookie->flags, 0); -@@ -110,11 +110,11 @@ page_busy: +@@ -123,11 +123,11 @@ page_busy: * sleeping on memory allocation, so we may need to impose a timeout * too. */ if (!(gfp & __GFP_WAIT) || !(gfp & __GFP_FS)) { @@ -64418,10 +61953,10 @@ index ed70714..67f4982 100644 - fscache_stat(&fscache_n_store_vmscan_wait); + fscache_stat_unchecked(&fscache_n_store_vmscan_wait); - __fscache_wait_on_page_write(cookie, page); - gfp &= ~__GFP_WAIT; - goto try_again; -@@ -140,7 +140,7 @@ static void fscache_end_page_write(struct fscache_object *object, + if (!release_page_wait_timeout(cookie, page)) + _debug("fscache writeout timeout page: %p{%lx}", + page, page->index); +@@ -156,7 +156,7 @@ static void fscache_end_page_write(struct fscache_object *object, FSCACHE_COOKIE_STORING_TAG); if (!radix_tree_tag_get(&cookie->stores, page->index, FSCACHE_COOKIE_PENDING_TAG)) { @@ -64430,7 +61965,7 @@ index ed70714..67f4982 100644 xpage = radix_tree_delete(&cookie->stores, page->index); } spin_unlock(&cookie->stores_lock); -@@ -161,7 +161,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) +@@ -177,7 +177,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) _enter("{OBJ%x OP%x}", object->debug_id, op->debug_id); @@ -64439,7 +61974,7 @@ index ed70714..67f4982 100644 if (fscache_object_is_active(object)) { fscache_stat(&fscache_n_cop_attr_changed); -@@ -188,11 +188,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -204,11 +204,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); @@ -64453,16 +61988,16 @@ index ed70714..67f4982 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -214,7 +214,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -230,7 +230,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) if (fscache_submit_exclusive_op(object, op) < 0) - goto nobufs; + goto nobufs_dec; spin_unlock(&cookie->lock); - fscache_stat(&fscache_n_attr_changed_ok); + fscache_stat_unchecked(&fscache_n_attr_changed_ok); fscache_put_operation(op); _leave(" = 0"); return 0; -@@ -225,7 +225,7 @@ nobufs: +@@ -242,7 +242,7 @@ nobufs: kfree(op); if (wake_cookie) __fscache_wake_unused_cookie(cookie); @@ -64471,7 +62006,7 @@ index ed70714..67f4982 100644 _leave(" = %d", -ENOBUFS); return -ENOBUFS; } -@@ -264,7 +264,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( +@@ -281,7 +281,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( /* allocate a retrieval operation and attempt to submit it */ op = kzalloc(sizeof(*op), GFP_NOIO); if (!op) { @@ -64480,7 +62015,7 @@ index ed70714..67f4982 100644 return NULL; } -@@ -294,13 +294,13 @@ int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) +@@ -311,12 +311,12 @@ int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) return 0; } @@ -64489,14 +62024,13 @@ index ed70714..67f4982 100644 jif = jiffies; if (wait_on_bit(&cookie->flags, FSCACHE_COOKIE_LOOKING_UP, - fscache_wait_bit_interruptible, TASK_INTERRUPTIBLE) != 0) { - fscache_stat(&fscache_n_retrievals_intr); + fscache_stat_unchecked(&fscache_n_retrievals_intr); _leave(" = -ERESTARTSYS"); return -ERESTARTSYS; } -@@ -329,8 +329,8 @@ static void fscache_do_cancel_retrieval(struct fscache_operation *_op) +@@ -345,8 +345,8 @@ static void fscache_do_cancel_retrieval(struct fscache_operation *_op) */ int fscache_wait_for_operation_activation(struct fscache_object *object, struct fscache_operation *op, @@ -64507,16 +62041,16 @@ index ed70714..67f4982 100644 void (*do_cancel)(struct fscache_operation *)) { int ret; -@@ -340,7 +340,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object, +@@ -356,7 +356,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object, _debug(">>> WT"); if (stat_op_waits) - fscache_stat(stat_op_waits); + fscache_stat_unchecked(stat_op_waits); if (wait_on_bit(&op->flags, FSCACHE_OP_WAITING, - fscache_wait_bit_interruptible, TASK_INTERRUPTIBLE) != 0) { -@@ -358,7 +358,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object, + ret = fscache_cancel_op(op, do_cancel); +@@ -373,7 +373,7 @@ int fscache_wait_for_operation_activation(struct fscache_object *object, check_if_dead: if (op->state == FSCACHE_OP_ST_CANCELLED) { if (stat_object_dead) @@ -64525,7 +62059,7 @@ index ed70714..67f4982 100644 _leave(" = -ENOBUFS [cancelled]"); return -ENOBUFS; } -@@ -366,7 +366,7 @@ check_if_dead: +@@ -381,7 +381,7 @@ check_if_dead: pr_err("%s() = -ENOBUFS [obj dead %d]\n", __func__, op->state); fscache_cancel_op(op, do_cancel); if (stat_object_dead) @@ -64534,7 +62068,7 @@ index ed70714..67f4982 100644 return -ENOBUFS; } return 0; -@@ -394,7 +394,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -409,7 +409,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -64543,7 +62077,7 @@ index ed70714..67f4982 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -436,7 +436,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -451,7 +451,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, goto nobufs_unlock_dec; spin_unlock(&cookie->lock); @@ -64552,7 +62086,7 @@ index ed70714..67f4982 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -467,15 +467,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -482,15 +482,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -64573,7 +62107,7 @@ index ed70714..67f4982 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -490,7 +490,7 @@ nobufs_unlock: +@@ -505,7 +505,7 @@ nobufs_unlock: __fscache_wake_unused_cookie(cookie); kfree(op); nobufs: @@ -64582,7 +62116,7 @@ index ed70714..67f4982 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -529,7 +529,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -544,7 +544,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, _enter("%p,,%d,,,", cookie, *nr_pages); @@ -64591,7 +62125,7 @@ index ed70714..67f4982 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -567,7 +567,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -582,7 +582,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, goto nobufs_unlock_dec; spin_unlock(&cookie->lock); @@ -64600,7 +62134,7 @@ index ed70714..67f4982 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -598,15 +598,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -613,15 +613,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -64621,7 +62155,7 @@ index ed70714..67f4982 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -621,7 +621,7 @@ nobufs_unlock: +@@ -636,7 +636,7 @@ nobufs_unlock: if (wake_cookie) __fscache_wake_unused_cookie(cookie); nobufs: @@ -64630,7 +62164,7 @@ index ed70714..67f4982 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -646,7 +646,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -661,7 +661,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -64639,7 +62173,7 @@ index ed70714..67f4982 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -680,7 +680,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -695,7 +695,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, goto nobufs_unlock_dec; spin_unlock(&cookie->lock); @@ -64648,7 +62182,7 @@ index ed70714..67f4982 100644 ret = fscache_wait_for_operation_activation( object, &op->op, -@@ -697,11 +697,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -712,11 +712,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ERESTARTSYS) @@ -64663,7 +62197,7 @@ index ed70714..67f4982 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -715,7 +715,7 @@ nobufs_unlock: +@@ -730,7 +730,7 @@ nobufs_unlock: if (wake_cookie) __fscache_wake_unused_cookie(cookie); nobufs: @@ -64672,7 +62206,7 @@ index ed70714..67f4982 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -791,7 +791,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -806,7 +806,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_lock(&cookie->stores_lock); @@ -64681,7 +62215,7 @@ index ed70714..67f4982 100644 /* find a page to store */ page = NULL; -@@ -802,7 +802,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -817,7 +817,7 @@ static void fscache_write_op(struct fscache_operation *_op) page = results[0]; _debug("gang %d [%lx]", n, page->index); if (page->index > op->store_limit) { @@ -64690,7 +62224,7 @@ index ed70714..67f4982 100644 goto superseded; } -@@ -814,7 +814,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -829,7 +829,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -64699,7 +62233,7 @@ index ed70714..67f4982 100644 fscache_stat(&fscache_n_cop_write_page); ret = object->cache->ops->write_page(op, page); fscache_stat_d(&fscache_n_cop_write_page); -@@ -918,7 +918,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -933,7 +933,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERT(PageFsCache(page)); @@ -64708,7 +62242,7 @@ index ed70714..67f4982 100644 if (test_bit(FSCACHE_COOKIE_INVALIDATING, &cookie->flags)) { _leave(" = -ENOBUFS [invalidating]"); -@@ -977,7 +977,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -992,7 +992,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -64717,7 +62251,7 @@ index ed70714..67f4982 100644 op->store_limit = object->store_limit; __fscache_use_cookie(cookie); -@@ -986,8 +986,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -1001,8 +1001,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->lock); radix_tree_preload_end(); @@ -64728,7 +62262,7 @@ index ed70714..67f4982 100644 /* the work queue now carries its own ref on the object */ fscache_put_operation(&op->op); -@@ -995,14 +995,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -1010,14 +1010,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, return 0; already_queued: @@ -64745,7 +62279,7 @@ index ed70714..67f4982 100644 _leave(" = 0"); return 0; -@@ -1024,14 +1024,14 @@ nobufs: +@@ -1039,14 +1039,14 @@ nobufs: kfree(op); if (wake_cookie) __fscache_wake_unused_cookie(cookie); @@ -64762,7 +62296,7 @@ index ed70714..67f4982 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -1049,7 +1049,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) +@@ -1064,7 +1064,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERTCMP(page, !=, NULL); @@ -64771,7 +62305,7 @@ index ed70714..67f4982 100644 /* cache withdrawal may beat us to it */ if (!PageFsCache(page)) -@@ -1100,7 +1100,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page) +@@ -1115,7 +1115,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page) struct fscache_cookie *cookie = op->op.object->cookie; #ifdef CONFIG_FSCACHE_STATS @@ -65206,10 +62740,10 @@ index ca88731..8e9c55d 100644 } diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 0c60482..025724f 100644 +index de1d84a..fd69c0c 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1485,7 +1485,7 @@ static char *read_link(struct dentry *dentry) +@@ -1479,7 +1479,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -65219,10 +62753,10 @@ index 0c60482..025724f 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/hostfs/hostfs_kern.c b/fs/hostfs/hostfs_kern.c -index bb529f3..454c253 100644 +index fd62cae..3494dfa 100644 --- a/fs/hostfs/hostfs_kern.c +++ b/fs/hostfs/hostfs_kern.c -@@ -898,7 +898,7 @@ static void *hostfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -908,7 +908,7 @@ static void *hostfs_follow_link(struct dentry *dentry, struct nameidata *nd) static void hostfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -65282,10 +62816,10 @@ index 1e2872b..7aea000 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 6eecb7f..abec305 100644 +index 26753ba..d19eb34 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -839,16 +839,20 @@ unsigned int get_next_ino(void) +@@ -840,16 +840,20 @@ unsigned int get_next_ino(void) unsigned int *p = &get_cpu_var(last_ino); unsigned int res = *p; @@ -65364,7 +62898,7 @@ index a693f5b..82276a1 100644 unsigned long hash = init_name_hash(); unsigned int len = strlen(name); diff --git a/fs/kernfs/file.c b/fs/kernfs/file.c -index d895b4b..0b8af77 100644 +index 4429d6d..9831f52 100644 --- a/fs/kernfs/file.c +++ b/fs/kernfs/file.c @@ -34,7 +34,7 @@ static DEFINE_MUTEX(kernfs_open_file_mutex); @@ -65497,19 +63031,19 @@ index acd3947..1f896e2 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index be530f9..99a4ea2 100644 +index bb08857..f65e8bf 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -2327,7 +2327,7 @@ void locks_remove_file(struct file *filp) - locks_remove_posix(filp, (fl_owner_t)filp); +@@ -2350,7 +2350,7 @@ void locks_remove_file(struct file *filp) + locks_remove_posix(filp, filp); if (filp->f_op->flock) { - struct file_lock fl = { + struct file_lock flock = { - .fl_owner = (fl_owner_t)filp, + .fl_owner = filp, .fl_pid = current->tgid, .fl_file = filp, -@@ -2335,9 +2335,9 @@ void locks_remove_file(struct file *filp) +@@ -2358,9 +2358,9 @@ void locks_remove_file(struct file *filp) .fl_type = F_UNLCK, .fl_end = OFFSET_MAX, }; @@ -65523,7 +63057,7 @@ index be530f9..99a4ea2 100644 spin_lock(&inode->i_lock); diff --git a/fs/mount.h b/fs/mount.h -index d55297f..f5b28c5 100644 +index 6740a62..ccb472f 100644 --- a/fs/mount.h +++ b/fs/mount.h @@ -11,7 +11,7 @@ struct mnt_namespace { @@ -65537,7 +63071,7 @@ index d55297f..f5b28c5 100644 int mnt_count; @@ -57,7 +57,7 @@ struct mount { int mnt_expiry_mark; /* true if marked for expiry */ - int mnt_pinned; + struct hlist_head mnt_pins; struct path mnt_ex_mountpoint; -}; +} __randomize_layout; @@ -65545,7 +63079,7 @@ index d55297f..f5b28c5 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index d4ca420..d023ae5 100644 +index a7b05bf..9b251d4 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) @@ -65622,103 +63156,7 @@ index d4ca420..d023ae5 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1091,10 +1104,10 @@ int follow_down_one(struct path *path) - } - EXPORT_SYMBOL(follow_down_one); - --static inline bool managed_dentry_might_block(struct dentry *dentry) -+static inline int managed_dentry_rcu(struct dentry *dentry) - { -- return (dentry->d_flags & DCACHE_MANAGE_TRANSIT && -- dentry->d_op->d_manage(dentry, true) < 0); -+ return (dentry->d_flags & DCACHE_MANAGE_TRANSIT) ? -+ dentry->d_op->d_manage(dentry, true) : 0; - } - - /* -@@ -1110,11 +1123,18 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - * Don't forget we might have a non-mountpoint managed dentry - * that wants to block transit. - */ -- if (unlikely(managed_dentry_might_block(path->dentry))) -+ switch (managed_dentry_rcu(path->dentry)) { -+ case -ECHILD: -+ default: - return false; -- -- if (!d_mountpoint(path->dentry)) -+ case -EISDIR: - return true; -+ case 0: -+ break; -+ } -+ -+ if (!d_mountpoint(path->dentry)) -+ return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT); - - mounted = __lookup_mnt(path->mnt, path->dentry); - if (!mounted) -@@ -1130,11 +1150,13 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, - */ - *inode = path->dentry->d_inode; - } -- return read_seqretry(&mount_lock, nd->m_seq); -+ return !read_seqretry(&mount_lock, nd->m_seq) && -+ !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT); - } - - static int follow_dotdot_rcu(struct nameidata *nd) - { -+ struct inode *inode = nd->inode; - if (!nd->root.mnt) - set_root_rcu(nd); - -@@ -1148,6 +1170,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) - struct dentry *parent = old->d_parent; - unsigned seq; - -+ inode = parent->d_inode; - seq = read_seqcount_begin(&parent->d_seq); - if (read_seqcount_retry(&old->d_seq, nd->seq)) - goto failed; -@@ -1157,6 +1180,7 @@ static int follow_dotdot_rcu(struct nameidata *nd) - } - if (!follow_up_rcu(&nd->path)) - break; -+ inode = nd->path.dentry->d_inode; - nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); - } - while (d_mountpoint(nd->path.dentry)) { -@@ -1166,11 +1190,12 @@ static int follow_dotdot_rcu(struct nameidata *nd) - break; - nd->path.mnt = &mounted->mnt; - nd->path.dentry = mounted->mnt.mnt_root; -+ inode = nd->path.dentry->d_inode; - nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); -- if (!read_seqretry(&mount_lock, nd->m_seq)) -+ if (read_seqretry(&mount_lock, nd->m_seq)) - goto failed; - } -- nd->inode = nd->path.dentry->d_inode; -+ nd->inode = inode; - return 0; - - failed: -@@ -1404,11 +1429,8 @@ static int lookup_fast(struct nameidata *nd, - } - path->mnt = mnt; - path->dentry = dentry; -- if (unlikely(!__follow_mount_rcu(nd, path, inode))) -- goto unlazy; -- if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT)) -- goto unlazy; -- return 0; -+ if (likely(__follow_mount_rcu(nd, path, inode))) -+ return 0; - unlazy: - if (unlazy_walk(nd, dentry)) - return -ECHILD; -@@ -1598,6 +1620,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1607,6 +1620,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -65727,8 +63165,8 @@ index d4ca420..d023ae5 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1670,7 +1694,7 @@ EXPORT_SYMBOL(full_name_hash); - static inline unsigned long hash_name(const char *name, unsigned int *hashp) +@@ -1679,7 +1694,7 @@ EXPORT_SYMBOL(full_name_hash); + static inline u64 hash_name(const char *name) { unsigned long a, b, adata, bdata, mask, hash, len; - const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS; @@ -65736,23 +63174,7 @@ index d4ca420..d023ae5 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1899,7 +1923,14 @@ static int path_init(int dfd, const char *name, unsigned int flags, - } - - nd->inode = nd->path.dentry->d_inode; -- return 0; -+ if (!(flags & LOOKUP_RCU)) -+ return 0; -+ if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) -+ return 0; -+ if (!(nd->flags & LOOKUP_ROOT)) -+ nd->root.mnt = NULL; -+ rcu_read_unlock(); -+ return -ECHILD; - } - - static inline int lookup_last(struct nameidata *nd, struct path *path) -@@ -1954,6 +1985,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1968,6 +1983,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -65761,7 +63183,7 @@ index d4ca420..d023ae5 100644 put_link(nd, &link, cookie); } } -@@ -1961,6 +1994,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1975,6 +1992,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -65775,7 +63197,7 @@ index d4ca420..d023ae5 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_can_lookup(nd->path.dentry)) { path_put(&nd->path); -@@ -1988,8 +2028,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -2002,8 +2026,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -65792,7 +63214,7 @@ index d4ca420..d023ae5 100644 return retval; } -@@ -2571,6 +2618,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2585,6 +2616,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -65806,7 +63228,7 @@ index d4ca420..d023ae5 100644 return 0; } -@@ -2802,7 +2856,7 @@ looked_up: +@@ -2816,7 +2854,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -65815,7 +63237,7 @@ index d4ca420..d023ae5 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2837,6 +2891,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2851,6 +2889,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -65833,7 +63255,7 @@ index d4ca420..d023ae5 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2858,6 +2923,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2872,6 +2921,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -65842,7 +63264,7 @@ index d4ca420..d023ae5 100644 } out_no_open: path->dentry = dentry; -@@ -2872,7 +2939,7 @@ out_dput: +@@ -2886,7 +2937,7 @@ out_dput: /* * Handle the last step of open() */ @@ -65851,7 +63273,7 @@ index d4ca420..d023ae5 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2922,6 +2989,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2936,6 +2987,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -65867,7 +63289,7 @@ index d4ca420..d023ae5 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2941,7 +3017,7 @@ retry_lookup: +@@ -2955,7 +3015,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -65876,7 +63298,7 @@ index d4ca420..d023ae5 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2965,11 +3041,28 @@ retry_lookup: +@@ -2979,11 +3039,28 @@ retry_lookup: goto finish_open_created; } @@ -65906,7 +63328,7 @@ index d4ca420..d023ae5 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -3010,6 +3103,11 @@ finish_lookup: +@@ -3024,6 +3101,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -65918,7 +63340,7 @@ index d4ca420..d023ae5 100644 return 1; } -@@ -3019,7 +3117,6 @@ finish_lookup: +@@ -3033,7 +3115,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -65926,7 +63348,7 @@ index d4ca420..d023ae5 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3029,7 +3126,18 @@ finish_open: +@@ -3043,7 +3124,18 @@ finish_open: path_put(&save_parent); return error; } @@ -65945,7 +63367,7 @@ index d4ca420..d023ae5 100644 error = -EISDIR; if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) goto out; -@@ -3192,7 +3300,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3206,7 +3298,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -65954,7 +63376,7 @@ index d4ca420..d023ae5 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3210,7 +3318,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3224,7 +3316,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -65963,7 +63385,7 @@ index d4ca420..d023ae5 100644 put_link(nd, &link, cookie); } out: -@@ -3310,9 +3418,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3324,9 +3416,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -65977,7 +63399,7 @@ index d4ca420..d023ae5 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3364,6 +3474,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3378,6 +3472,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -65998,7 +63420,7 @@ index d4ca420..d023ae5 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3427,6 +3551,17 @@ retry: +@@ -3441,6 +3549,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -66016,7 +63438,7 @@ index d4ca420..d023ae5 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3442,6 +3577,8 @@ retry: +@@ -3456,6 +3575,8 @@ retry: error = vfs_mknod(path.dentry->d_inode,dentry,mode,0); break; } @@ -66025,7 +63447,7 @@ index d4ca420..d023ae5 100644 out: done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { -@@ -3496,9 +3633,16 @@ retry: +@@ -3510,9 +3631,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -66042,7 +63464,7 @@ index d4ca420..d023ae5 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3581,6 +3725,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3595,6 +3723,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -66051,7 +63473,7 @@ index d4ca420..d023ae5 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3613,10 +3759,21 @@ retry: +@@ -3627,10 +3757,21 @@ retry: error = -ENOENT; goto exit3; } @@ -66073,7 +63495,7 @@ index d4ca420..d023ae5 100644 exit3: dput(dentry); exit2: -@@ -3707,6 +3864,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3721,6 +3862,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -66082,7 +63504,7 @@ index d4ca420..d023ae5 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3733,10 +3892,22 @@ retry_deleg: +@@ -3747,10 +3890,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -66105,7 +63527,7 @@ index d4ca420..d023ae5 100644 exit2: dput(dentry); } -@@ -3825,9 +3996,17 @@ retry: +@@ -3839,9 +3994,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -66123,7 +63545,7 @@ index d4ca420..d023ae5 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3931,6 +4110,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3945,6 +4108,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -66131,7 +63553,7 @@ index d4ca420..d023ae5 100644 int how = 0; int error; -@@ -3954,7 +4134,7 @@ retry: +@@ -3968,7 +4132,7 @@ retry: if (error) return error; @@ -66140,7 +63562,7 @@ index d4ca420..d023ae5 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3966,11 +4146,28 @@ retry: +@@ -3980,11 +4144,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -66169,7 +63591,7 @@ index d4ca420..d023ae5 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4280,6 +4477,12 @@ retry_deleg: +@@ -4295,6 +4476,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -66182,7 +63604,7 @@ index d4ca420..d023ae5 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry, flags); if (error) -@@ -4287,6 +4490,9 @@ retry_deleg: +@@ -4302,6 +4489,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode, flags); @@ -66192,7 +63614,7 @@ index d4ca420..d023ae5 100644 exit5: dput(new_dentry); exit4: -@@ -4329,14 +4535,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4344,14 +4534,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int readlink_copy(char __user *buffer, int buflen, const char *link) { @@ -66219,10 +63641,10 @@ index d4ca420..d023ae5 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 140d177..cef9c30 100644 +index ef42d9b..b8dfe4f 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1378,6 +1378,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1360,6 +1360,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -66232,7 +63654,7 @@ index 140d177..cef9c30 100644 return retval; } -@@ -1400,6 +1403,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1382,6 +1385,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -66242,7 +63664,7 @@ index 140d177..cef9c30 100644 return retval; } -@@ -1419,7 +1425,7 @@ static inline bool may_mount(void) +@@ -1401,7 +1407,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -66251,7 +63673,7 @@ index 140d177..cef9c30 100644 { struct path path; struct mount *mnt; -@@ -1461,7 +1467,7 @@ out: +@@ -1443,7 +1449,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -66260,7 +63682,7 @@ index 140d177..cef9c30 100644 { return sys_umount(name, 0); } -@@ -2510,6 +2516,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2492,6 +2498,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -66277,7 +63699,7 @@ index 140d177..cef9c30 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2524,6 +2540,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2506,6 +2522,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -66287,7 +63709,7 @@ index 140d177..cef9c30 100644 return retval; } -@@ -2541,7 +2560,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2523,7 +2542,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -66296,7 +63718,7 @@ index 140d177..cef9c30 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2556,7 +2575,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2538,7 +2557,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -66305,7 +63727,7 @@ index 140d177..cef9c30 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2566,7 +2585,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2548,7 +2567,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -66314,7 +63736,7 @@ index 140d177..cef9c30 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2687,8 +2706,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2669,8 +2688,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -66325,7 +63747,7 @@ index 140d177..cef9c30 100644 { int ret; char *kernel_type; -@@ -2801,6 +2820,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2783,6 +2802,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -66337,7 +63759,17 @@ index 140d177..cef9c30 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3069,7 +3093,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2820,6 +2844,9 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, + /* make sure we can reach put_old from new_root */ + if (!is_path_reachable(old_mnt, old.dentry, &new)) + goto out4; ++ /* make certain new is below the root */ ++ if (!is_path_reachable(new_mnt, new.dentry, &root)) ++ goto out4; + root_mp->m_count++; /* pin it so it won't go away */ + lock_mount_hash(); + detach_mnt(new_mnt, &parent_path); +@@ -3051,7 +3078,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -66360,10 +63792,10 @@ index f4ccfe6..a5cf064 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 9927913..faffc5c 100644 +index 577a36f..1cde799 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1219,16 +1219,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1228,16 +1228,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -66384,10 +63816,10 @@ index 9927913..faffc5c 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 8f029db..3688b84 100644 +index 5e0dc52..64681bc 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1157,7 +1157,7 @@ struct nfsd4_operation { +@@ -1155,7 +1155,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -66397,10 +63829,10 @@ index 8f029db..3688b84 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 1d5103d..7e18dd9 100644 +index b01f6e1..4aab09a 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1539,7 +1539,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1534,7 +1534,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -66410,10 +63842,10 @@ index 1d5103d..7e18dd9 100644 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index 6040da8..4348565 100644 +index ff95676..96cf3f62 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -518,17 +518,20 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -527,17 +527,20 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) { struct svc_cacherep *rp = rqstp->rq_cacherep; struct kvec *resv = &rqstp->rq_res.head[0], *cachv; @@ -66438,7 +63870,7 @@ index 6040da8..4348565 100644 nfsd_reply_cache_free(rp); return; } -@@ -536,7 +539,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -545,7 +548,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) switch (cachetype) { case RC_REPLSTAT: if (len != 1) @@ -66448,10 +63880,10 @@ index 6040da8..4348565 100644 break; case RC_REPLBUFF: diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 140c496..e9cbf14 100644 +index f501a9b..8155556 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -855,7 +855,7 @@ int nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen, +@@ -855,7 +855,7 @@ __be32 nfsd_readv(struct file *file, loff_t offset, struct kvec *vec, int vlen, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -66469,7 +63901,7 @@ index 140c496..e9cbf14 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1482,7 +1482,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1485,7 +1485,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -66584,7 +64016,7 @@ index a80a741..7b96e1b 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 2685bc9..f3462c7 100644 +index b13992a..536c8d8 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, @@ -66598,8 +64030,25 @@ index 2685bc9..f3462c7 100644 goto out_close_fd; #ifdef CONFIG_FANOTIFY_ACCESS_PERMISSIONS +diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c +index 0f88bc0..7d888d7 100644 +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -165,8 +165,10 @@ static void inotify_free_group_priv(struct fsnotify_group *group) + /* ideally the idr is empty and we won't hit the BUG in the callback */ + idr_for_each(&group->inotify_data.idr, idr_callback, group); + idr_destroy(&group->inotify_data.idr); +- atomic_dec(&group->inotify_data.user->inotify_devs); +- free_uid(group->inotify_data.user); ++ if (group->inotify_data.user) { ++ atomic_dec(&group->inotify_data.user->inotify_devs); ++ free_uid(group->inotify_data.user); ++ } + } + + static void inotify_free_event(struct fsnotify_event *fsn_event) diff --git a/fs/notify/notification.c b/fs/notify/notification.c -index 25a07c7..4f1163c 100644 +index a95d8e0..a91a5fd 100644 --- a/fs/notify/notification.c +++ b/fs/notify/notification.c @@ -48,7 +48,7 @@ @@ -66634,10 +64083,10 @@ index 9e38daf..5727cae 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index 5c9e2c8..96e4ba0 100644 +index f5ec1ce..807fd78 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c -@@ -1282,7 +1282,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages, +@@ -1279,7 +1279,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages, char *addr; size_t total = 0; unsigned len; @@ -66770,7 +64219,7 @@ index 0cb889a..6a26b24 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index ddb662b..f701c83 100644 +index 4142546..69375a9 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -300,11 +300,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) @@ -67247,7 +64696,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3e1290b..7ebe5b5 100644 +index cd3653e..25c14e8 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -67339,7 +64788,7 @@ index 3e1290b..7ebe5b5 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -495,9 +546,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -490,9 +541,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -67355,7 +64804,7 @@ index 3e1290b..7ebe5b5 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -519,7 +576,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -514,7 +571,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -67368,7 +64817,7 @@ index 3e1290b..7ebe5b5 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -557,8 +618,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -552,8 +613,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -67385,14 +64834,14 @@ index 3e1290b..7ebe5b5 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -576,6 +644,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR -+int proc_pid_ipaddr(struct task_struct *task, char *buffer) ++int proc_pid_ipaddr(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) +{ -+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip); ++ return seq_printf(m, "%pI4\n", &task->signal->curr_ip); +} +#endif + @@ -67400,7 +64849,7 @@ index 3e1290b..7ebe5b5 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 2d696b0..b9da447 100644 +index baf852b..03fe930 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -67418,8 +64867,8 @@ index 2d696b0..b9da447 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -205,12 +213,28 @@ static int proc_pid_cmdline(struct task_struct *task, char *buffer) - return get_cmdline(task, buffer, PAGE_SIZE); +@@ -208,12 +216,28 @@ static int proc_pid_cmdline(struct seq_file *m, struct pid_namespace *ns, + return 0; } +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP @@ -67428,10 +64877,10 @@ index 2d696b0..b9da447 100644 + _mm->pax_flags & MF_PAX_SEGMEXEC)) +#endif + - static int proc_pid_auxv(struct task_struct *task, char *buffer) + static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) { struct mm_struct *mm = mm_access(task, PTRACE_MODE_READ); - int res = PTR_ERR(mm); if (mm && !IS_ERR(mm)) { unsigned int nwords = 0; + @@ -67447,7 +64896,7 @@ index 2d696b0..b9da447 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -224,7 +248,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -225,7 +249,7 @@ static int proc_pid_auxv(struct seq_file *m, struct pid_namespace *ns, } @@ -67456,7 +64905,7 @@ index 2d696b0..b9da447 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -263,7 +287,7 @@ static void unlock_trace(struct task_struct *task) +@@ -265,7 +289,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -67465,16 +64914,16 @@ index 2d696b0..b9da447 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -486,7 +510,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) - return count; +@@ -487,7 +511,7 @@ static int proc_pid_limits(struct seq_file *m, struct pid_namespace *ns, + return 0; } -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) - static int proc_pid_syscall(struct task_struct *task, char *buffer) + static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) { - long nr; -@@ -515,7 +539,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -517,7 +541,7 @@ static int proc_pid_syscall(struct seq_file *m, struct pid_namespace *ns, /************************************************************************/ /* permission checks */ @@ -67483,7 +64932,7 @@ index 2d696b0..b9da447 100644 { struct task_struct *task; int allowed = 0; -@@ -525,7 +549,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -527,7 +551,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -67495,7 +64944,7 @@ index 2d696b0..b9da447 100644 put_task_struct(task); } return allowed; -@@ -556,10 +583,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -558,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -67531,7 +64980,7 @@ index 2d696b0..b9da447 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -577,7 +629,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -579,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -67543,7 +64992,7 @@ index 2d696b0..b9da447 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -675,6 +731,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -640,6 +696,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; @@ -67555,7 +65004,7 @@ index 2d696b0..b9da447 100644 mm = mm_access(task, mode); put_task_struct(task); -@@ -690,6 +751,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -655,6 +716,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) file->private_data = mm; @@ -67566,7 +65015,7 @@ index 2d696b0..b9da447 100644 return 0; } -@@ -711,6 +776,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -676,6 +741,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -67584,7 +65033,7 @@ index 2d696b0..b9da447 100644 if (!mm) return 0; -@@ -723,7 +799,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -688,7 +764,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -67593,7 +65042,7 @@ index 2d696b0..b9da447 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -815,6 +891,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -780,6 +856,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -67607,7 +65056,7 @@ index 2d696b0..b9da447 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -824,7 +907,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -789,7 +872,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -67616,7 +65065,7 @@ index 2d696b0..b9da447 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1438,7 +1521,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1403,7 +1486,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -67625,7 +65074,7 @@ index 2d696b0..b9da447 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1482,8 +1565,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1447,8 +1530,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -67646,7 +65095,7 @@ index 2d696b0..b9da447 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1533,7 +1626,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1498,7 +1591,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -67658,7 +65107,7 @@ index 2d696b0..b9da447 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1569,10 +1666,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1534,10 +1631,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -67678,7 +65127,7 @@ index 2d696b0..b9da447 100644 } } rcu_read_unlock(); -@@ -1610,11 +1716,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1575,11 +1681,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -67699,7 +65148,7 @@ index 2d696b0..b9da447 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2149,6 +2264,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2114,6 +2229,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -67709,7 +65158,7 @@ index 2d696b0..b9da447 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2179,6 +2297,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2144,6 +2262,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -67719,39 +65168,39 @@ index 2d696b0..b9da447 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2568,7 +2689,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2535,7 +2656,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) - INF("syscall", S_IRUSR, proc_pid_syscall), + ONE("syscall", S_IRUSR, proc_pid_syscall), #endif - INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2593,10 +2714,10 @@ static const struct pid_entry tgid_base_stuff[] = { + ONE("cmdline", S_IRUGO, proc_pid_cmdline), +@@ -2560,10 +2681,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif -#ifdef CONFIG_KALLSYMS +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) - INF("wchan", S_IRUGO, proc_pid_wchan), + ONE("wchan", S_IRUGO, proc_pid_wchan), #endif -#ifdef CONFIG_STACKTRACE +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM) ONE("stack", S_IRUSR, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2630,6 +2751,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2597,6 +2718,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL - INF("hardwall", S_IRUGO, proc_pid_hardwall), + ONE("hardwall", S_IRUGO, proc_pid_hardwall), #endif +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR -+ INF("ipaddr", S_IRUSR, proc_pid_ipaddr), ++ ONE("ipaddr", S_IRUSR, proc_pid_ipaddr), +#endif #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2760,7 +2884,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2727,7 +2851,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -67766,7 +65215,7 @@ index 2d696b0..b9da447 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2798,7 +2929,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2765,7 +2896,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -67778,22 +65227,22 @@ index 2d696b0..b9da447 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2904,7 +3039,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2879,7 +3014,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), -#ifdef CONFIG_HAVE_ARCH_TRACEHOOK +#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP) - INF("syscall", S_IRUSR, proc_pid_syscall), + ONE("syscall", S_IRUSR, proc_pid_syscall), #endif - INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2931,10 +3066,10 @@ static const struct pid_entry tid_base_stuff[] = { + ONE("cmdline", S_IRUGO, proc_pid_cmdline), +@@ -2906,10 +3041,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif -#ifdef CONFIG_KALLSYMS +#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) - INF("wchan", S_IRUGO, proc_pid_wchan), + ONE("wchan", S_IRUGO, proc_pid_wchan), #endif -#ifdef CONFIG_STACKTRACE +#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM) @@ -67833,7 +65282,7 @@ index 50493ed..248166b 100644 } fs_initcall(proc_devices_init); diff --git a/fs/proc/fd.c b/fs/proc/fd.c -index 0788d09..9cc1385 100644 +index 955bb55..71948bd 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -26,7 +26,8 @@ static int seq_show(struct seq_file *m, void *v) @@ -67871,7 +65320,7 @@ index 0788d09..9cc1385 100644 } diff --git a/fs/proc/generic.c b/fs/proc/generic.c -index b7f268e..3bea6b7 100644 +index 317b726..e329aed 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -23,6 +23,7 @@ @@ -68000,7 +65449,7 @@ index b7f268e..3bea6b7 100644 struct proc_dir_entry *parent, const struct file_operations *proc_fops, diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 0adbc02..bee4d0b 100644 +index 333080d..0a35ec4 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -23,11 +23,17 @@ @@ -68048,7 +65497,7 @@ index 0adbc02..bee4d0b 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 3ab6d14..b26174e 100644 +index 7da13e4..68d0981 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -46,9 +46,10 @@ struct proc_dir_entry { @@ -68063,7 +65512,7 @@ index 3ab6d14..b26174e 100644 union proc_op { int (*proc_get_link)(struct dentry *, struct path *); -@@ -67,7 +68,7 @@ struct proc_inode { +@@ -66,7 +67,7 @@ struct proc_inode { struct ctl_table *sysctl_entry; struct proc_ns ns; struct inode vfs_inode; @@ -68072,19 +65521,20 @@ index 3ab6d14..b26174e 100644 /* * General functions -@@ -155,6 +156,9 @@ extern int proc_pid_status(struct seq_file *, struct pid_namespace *, +@@ -154,6 +155,10 @@ extern int proc_pid_status(struct seq_file *, struct pid_namespace *, struct pid *, struct task_struct *); extern int proc_pid_statm(struct seq_file *, struct pid_namespace *, struct pid *, struct task_struct *); +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR -+extern int proc_pid_ipaddr(struct task_struct *task, char *buffer); ++extern int proc_pid_ipaddr(struct seq_file *, struct pid_namespace *, ++ struct pid *, struct task_struct *); +#endif /* * base.c -@@ -181,9 +185,11 @@ extern bool proc_fill_cache(struct file *, struct dir_context *, const char *, i - extern spinlock_t proc_subdir_lock; - +@@ -178,9 +183,11 @@ extern bool proc_fill_cache(struct file *, struct dir_context *, const char *, i + * generic.c + */ extern struct dentry *proc_lookup(struct inode *, struct dentry *, unsigned int); +extern struct dentry *proc_lookup_restrict(struct inode *, struct dentry *, unsigned int); extern struct dentry *proc_lookup_de(struct proc_dir_entry *, struct inode *, @@ -68111,7 +65561,7 @@ index a352d57..cb94a5c 100644 } fs_initcall(proc_interrupts_init); diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index 39e6ef3..2f9cb5e 100644 +index 6df8d07..3321060 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -483,9 +483,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) @@ -68173,7 +65623,7 @@ index 39e6ef3..2f9cb5e 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 7445af0..7c5113c 100644 +index aa1eee0..03dda72 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c @@ -187,7 +187,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) @@ -68199,7 +65649,7 @@ index d4a3574..b421ce9 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index 4677bb7..dad3045 100644 +index a63af3e..b4f262a 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -23,9 +23,27 @@ @@ -68265,7 +65715,7 @@ index 4677bb7..dad3045 100644 net = get_proc_net(inode); if (net == NULL) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index 7129046..6914844 100644 +index f92d5dd..26398ac 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -11,13 +11,21 @@ @@ -68357,7 +65807,7 @@ index 7129046..6914844 100644 d_add(child, inode); } } else { -@@ -641,6 +677,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, +@@ -641,6 +677,9 @@ static int scan(struct ctl_table_header *head, struct ctl_table *table, if ((*pos)++ < ctx->pos) return true; @@ -68463,10 +65913,10 @@ index 7129046..6914844 100644 kfree(ctl_table_arg); goto out; diff --git a/fs/proc/root.c b/fs/proc/root.c -index 5dbadec..473af2f 100644 +index 094e44d..085a877 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -185,7 +185,15 @@ void __init proc_root_init(void) +@@ -188,7 +188,15 @@ void __init proc_root_init(void) proc_mkdir("openprom", NULL); #endif proc_tty_init(); @@ -68600,7 +66050,7 @@ index bf2d03f..f058f9c 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index cfa63ee..fce112e 100644 +index c341568..75852a2 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -13,12 +13,19 @@ @@ -68767,7 +66217,7 @@ index cfa63ee..fce112e 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1398,6 +1449,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1422,6 +1473,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -68781,7 +66231,7 @@ index cfa63ee..fce112e 100644 if (!mm) return 0; -@@ -1415,11 +1473,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1439,11 +1497,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), pol); mpol_cond_put(pol); @@ -68821,7 +66271,7 @@ index 678455d..ebd3245 100644 pid_t tid = vm_is_stack(priv->task, vma, is_pid); diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c -index 382aa89..6b03974 100644 +index a90d6d35..d08047c 100644 --- a/fs/proc/vmcore.c +++ b/fs/proc/vmcore.c @@ -105,9 +105,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count, @@ -68869,7 +66319,7 @@ index 382aa89..6b03974 100644 /* diff --git a/fs/qnx6/qnx6.h b/fs/qnx6/qnx6.h -index b00fcc9..e0c6381 100644 +index d3fb2b6..43a8140 100644 --- a/fs/qnx6/qnx6.h +++ b/fs/qnx6/qnx6.h @@ -74,7 +74,7 @@ enum { @@ -68891,10 +66341,10 @@ index b00fcc9..e0c6381 100644 if (sbi->s_bytesex == BYTESEX_LE) return le32_to_cpu((__force __le32)n); diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c -index 72d2917..c917c12 100644 +index bb2869f..d34ada8 100644 --- a/fs/quota/netlink.c +++ b/fs/quota/netlink.c -@@ -45,7 +45,7 @@ static struct genl_family quota_genl_family = { +@@ -44,7 +44,7 @@ static struct genl_family quota_genl_family = { void quota_send_warning(struct kqid qid, dev_t dev, const char warntype) { @@ -68903,7 +66353,7 @@ index 72d2917..c917c12 100644 struct sk_buff *skb; void *msg_head; int ret; -@@ -61,7 +61,7 @@ void quota_send_warning(struct kqid qid, dev_t dev, +@@ -60,7 +60,7 @@ void quota_send_warning(struct kqid qid, dev_t dev, "VFS: Not enough memory to send quota warning.\n"); return; } @@ -69019,7 +66469,7 @@ index 33fd922..e0d6094 100644 if (error >= 0) error = buf.error; diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c -index 4d5e529..ccdbc84 100644 +index 9c02d96..6562c10 100644 --- a/fs/reiserfs/do_balan.c +++ b/fs/reiserfs/do_balan.c @@ -1887,7 +1887,7 @@ void do_balance(struct tree_balance *tb, struct item_head *ih, @@ -69032,7 +66482,7 @@ index 4d5e529..ccdbc84 100644 /* diff --git a/fs/reiserfs/item_ops.c b/fs/reiserfs/item_ops.c -index cfaee91..b9d0d60 100644 +index aca73dd..e3c558d 100644 --- a/fs/reiserfs/item_ops.c +++ b/fs/reiserfs/item_ops.c @@ -724,18 +724,18 @@ static void errcatch_print_vi(struct virtual_item *vi) @@ -69066,7 +66516,7 @@ index cfaee91..b9d0d60 100644 #if ! (TYPE_STAT_DATA == 0 && TYPE_INDIRECT == 1 && TYPE_DIRECT == 2 && TYPE_DIRENTRY == 3) diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c -index 02b0b7d..c85018b 100644 +index 621b9f3..af527fd 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c @@ -114,7 +114,7 @@ static int show_super(struct seq_file *m, void *unused) @@ -69426,6 +66876,19 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; +diff --git a/fs/super.c b/fs/super.c +index b9a214d..6f8c954 100644 +--- a/fs/super.c ++++ b/fs/super.c +@@ -80,6 +80,8 @@ static unsigned long super_cache_scan(struct shrinker *shrink, + inodes = list_lru_count_node(&sb->s_inode_lru, sc->nid); + dentries = list_lru_count_node(&sb->s_dentry_lru, sc->nid); + total_objects = dentries + inodes + fs_objects + 1; ++ if (!total_objects) ++ total_objects = 1; + + /* proportion the scan between the caches */ + dentries = mult_frac(sc->nr_to_scan, dentries, total_objects); diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 0b45ff4..847de5b 100644 --- a/fs/sysfs/dir.c @@ -69487,7 +66950,7 @@ index 69d4889..a810bd4 100644 if (sbi->s_bytesex == BYTESEX_PDP) return PDP_swab((__force __u32)n); diff --git a/fs/ubifs/io.c b/fs/ubifs/io.c -index 2290d58..7791371 100644 +index fb08b0c..65fcc7e 100644 --- a/fs/ubifs/io.c +++ b/fs/ubifs/io.c @@ -155,7 +155,7 @@ int ubifs_leb_change(struct ubifs_info *c, int lnum, const void *buf, int len) @@ -69499,78 +66962,6 @@ index 2290d58..7791371 100644 { int err; -diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index a932f77..a6a4053 100644 ---- a/fs/udf/inode.c -+++ b/fs/udf/inode.c -@@ -51,7 +51,6 @@ MODULE_LICENSE("GPL"); - - static umode_t udf_convert_permissions(struct fileEntry *); - static int udf_update_inode(struct inode *, int); --static void udf_fill_inode(struct inode *, struct buffer_head *); - static int udf_sync_inode(struct inode *inode); - static int udf_alloc_i_data(struct inode *inode, size_t size); - static sector_t inode_getblk(struct inode *, sector_t, int *, int *); -@@ -1282,8 +1281,11 @@ static void __udf_read_inode(struct inode *inode) - { - struct buffer_head *bh = NULL; - struct fileEntry *fe; -+ struct extendedFileEntry *efe; - uint16_t ident; - struct udf_inode_info *iinfo = UDF_I(inode); -+ struct udf_sb_info *sbi = UDF_SB(inode->i_sb); -+ unsigned int link_count; - unsigned int indirections = 0; - - reread: -@@ -1316,6 +1318,7 @@ reread: - } - - fe = (struct fileEntry *)bh->b_data; -+ efe = (struct extendedFileEntry *)bh->b_data; - - if (fe->icbTag.strategyType == cpu_to_le16(4096)) { - struct buffer_head *ibh; -@@ -1353,22 +1356,6 @@ reread: - make_bad_inode(inode); - return; - } -- udf_fill_inode(inode, bh); -- -- brelse(bh); --} -- --static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) --{ -- struct fileEntry *fe; -- struct extendedFileEntry *efe; -- struct udf_sb_info *sbi = UDF_SB(inode->i_sb); -- struct udf_inode_info *iinfo = UDF_I(inode); -- unsigned int link_count; -- -- fe = (struct fileEntry *)bh->b_data; -- efe = (struct extendedFileEntry *)bh->b_data; -- - if (fe->icbTag.strategyType == cpu_to_le16(4)) - iinfo->i_strat4096 = 0; - else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */ -@@ -1558,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) - } else - make_bad_inode(inode); - } -+ brelse(bh); - } - - static int udf_alloc_i_data(struct inode *inode, size_t size) -@@ -1671,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) - FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); - fe->permissions = cpu_to_le32(udfperms); - -- if (S_ISDIR(inode->i_mode)) -+ if (S_ISDIR(inode->i_mode) && inode->i_nlink > 0) - fe->fileLinkCount = cpu_to_le16(inode->i_nlink - 1); - else - fe->fileLinkCount = cpu_to_le16(inode->i_nlink); diff --git a/fs/udf/misc.c b/fs/udf/misc.c index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c @@ -69783,10 +67174,10 @@ index c69e6d4..cc56af5 100644 mnt_drop_write_file(f.file); } fdput(f); -diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 75c3fe5..b0f6bbe 100644 ---- a/fs/xfs/xfs_bmap.c -+++ b/fs/xfs/xfs_bmap.c +diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c +index 86df952..ac430d6 100644 +--- a/fs/xfs/libxfs/xfs_bmap.c ++++ b/fs/xfs/libxfs/xfs_bmap.c @@ -583,7 +583,7 @@ xfs_bmap_validate_ret( #else @@ -69797,7 +67188,7 @@ index 75c3fe5..b0f6bbe 100644 /* diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c -index 48e99af..54ebae3 100644 +index f1b69ed..3d0222f 100644 --- a/fs/xfs/xfs_dir2_readdir.c +++ b/fs/xfs/xfs_dir2_readdir.c @@ -159,7 +159,12 @@ xfs_dir2_sf_getdents( @@ -69815,7 +67206,7 @@ index 48e99af..54ebae3 100644 return 0; sfep = dp->d_ops->sf_nextentry(sfp, sfep); diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index 8bc1bbc..0d6911b 100644 +index 3799695..0ddc953 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -122,7 +122,7 @@ xfs_find_handle( @@ -69829,10 +67220,10 @@ index 8bc1bbc..0d6911b 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..cdaa3ef +index 0000000..f27264e --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1168 @@ +@@ -0,0 +1,1166 @@ +# +# grecurity configuration +# @@ -69895,19 +67286,17 @@ index 0000000..cdaa3ef + you may not be able to boot into a graphical environment with this + option enabled. In this case, you should use the RBAC system instead. + -+config GRKERNSEC_JIT_HARDEN -+ bool "Harden BPF JIT against spray attacks" ++config GRKERNSEC_BPF_HARDEN ++ bool "Harden BPF interpreter" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on BPF_JIT && X86 + help -+ If you say Y here, the native code generated by the kernel's Berkeley -+ Packet Filter (BPF) JIT engine will be hardened against JIT-spraying -+ attacks that attempt to fit attacker-beneficial instructions in -+ 32bit immediate fields of JIT-generated native instructions. The -+ attacker will generally aim to cause an unintended instruction sequence -+ of JIT-generated native code to execute by jumping into the middle of -+ a generated instruction. This feature effectively randomizes the 32bit -+ immediate constants present in the generated code to thwart such attacks. ++ Unlike previous versions of grsecurity that hardened both the BPF ++ interpreted code against corruption at rest as well as the JIT code ++ against JIT-spray attacks and attacker-controlled immediate values ++ for ROP, this feature will enforce disabling of the new eBPF JIT engine ++ and will ensure the interpreted code is read-only at rest. This feature ++ may be removed at a later time when eBPF stabilizes to entirely revert ++ back to the more secure pre-3.16 BPF interpreter/JIT. + + If you're using KERNEXEC, it's recommended that you enable this option + to supplement the hardening of the kernel. @@ -71063,10 +68452,10 @@ index 0000000..30ababb +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..58223f6 +index 0000000..6ae3aa0 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,2702 @@ +@@ -0,0 +1,2703 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -73580,14 +70969,15 @@ index 0000000..58223f6 + __u8 whr, chr; + __u8 wmin, cmin; + __u8 wsec, csec; -+ struct timespec timeval; ++ struct timespec curtime, starttime; + + if (unlikely(!(gr_status & GR_READY) || !task->acl || + !(task->acl->mode & GR_PROCACCT))) + return; -+ -+ do_posix_clock_monotonic_gettime(&timeval); -+ runtime = timeval.tv_sec - task->start_time.tv_sec; ++ ++ curtime = ns_to_timespec(ktime_get_ns()); ++ starttime = ns_to_timespec(task->start_time); ++ runtime = curtime.tv_sec - starttime.tv_sec; + wday = runtime / (60 * 60 * 24); + runtime -= wday * (60 * 60 * 24); + whr = runtime / (60 * 60); @@ -77528,7 +74918,7 @@ index 0000000..2040e61 +} diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c new file mode 100644 -index 0000000..98011b0 +index 0000000..6b0c9cc --- /dev/null +++ b/grsecurity/gracl_shm.c @@ -0,0 +1,40 @@ @@ -77543,7 +74933,7 @@ index 0000000..98011b0 + +int +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const kuid_t cuid, const int shmid) ++ const u64 shm_createtime, const kuid_t cuid, const int shmid) +{ + struct task_struct *task; + @@ -77558,7 +74948,7 @@ index 0000000..98011b0 + if (unlikely(!task)) + task = find_task_by_vpid(shm_lapid); + -+ if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) || ++ if (unlikely(task && (time_before_eq64(task->start_time, shm_createtime) || + (task_pid_nr(task) == shm_lapid)) && + (task->acl->mode & GR_PROTSHM) && + (task->acl != current->acl))) { @@ -77599,10 +74989,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..baa635c +index 0000000..6d99cec --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,387 @@ +@@ -0,0 +1,385 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -77795,11 +75185,10 @@ index 0000000..baa635c + +int +gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime) ++ const u64 shm_createtime) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT + struct task_struct *p; -+ time_t starttime; + + if (unlikely(!grsec_enable_chroot_shmat)) + return 1; @@ -77811,8 +75200,7 @@ index 0000000..baa635c + read_lock(&tasklist_lock); + + if ((p = find_task_by_vpid_unrestricted(shm_cprid))) { -+ starttime = p->start_time.tv_sec; -+ if (time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime)) { ++ if (time_before_eq64(p->start_time, shm_createtime)) { + if (have_same_root(current, p)) { + goto allow; + } else { @@ -77992,7 +75380,7 @@ index 0000000..baa635c +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..2d3bcb7 +index 0000000..0f9ac91 --- /dev/null +++ b/grsecurity/grsec_disabled.c @@ -0,0 +1,440 @@ @@ -78325,7 +75713,7 @@ index 0000000..2d3bcb7 + +int +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const kuid_t cuid, const int shmid) ++ const u64 shm_createtime, const kuid_t cuid, const int shmid) +{ + return 1; +} @@ -81561,7 +78949,7 @@ index 72d8803..cb9749c 100644 + #endif /* __ASM_GENERIC_UACCESS_H */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index c1c0b0c..05c9588 100644 +index 5ba0360..e85c934 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -231,6 +231,7 @@ @@ -81572,7 +78960,7 @@ index c1c0b0c..05c9588 100644 *(__vermagic) /* Kernel version magic */ \ . = ALIGN(8); \ VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \ -@@ -719,17 +720,18 @@ +@@ -722,17 +723,18 @@ * section in the linker script will go there too. @phdr should have * a leading colon. * @@ -81596,7 +78984,7 @@ index c1c0b0c..05c9588 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h -index 016c2f1..c4baa98 100644 +index 623a59c..1e79ab9 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -34,7 +34,7 @@ struct crypto_type { @@ -81609,7 +78997,7 @@ index 016c2f1..c4baa98 100644 struct crypto_instance { struct crypto_alg alg; diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index 8af71a8..7fe6c19 100644 +index 1968907..7d9ed9f 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -68,6 +68,7 @@ @@ -81620,7 +79008,7 @@ index 8af71a8..7fe6c19 100644 #include <drm/drm.h> #include <drm/drm_sarea.h> #include <drm/drm_vma_manager.h> -@@ -261,10 +262,12 @@ do { \ +@@ -260,10 +261,12 @@ do { \ * \param cmd command. * \param arg argument. */ @@ -81635,7 +79023,7 @@ index 8af71a8..7fe6c19 100644 unsigned long arg); #define DRM_IOCTL_NR(n) _IOC_NR(n) -@@ -280,10 +283,10 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, +@@ -279,10 +282,10 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, struct drm_ioctl_desc { unsigned int cmd; int flags; @@ -81648,7 +79036,7 @@ index 8af71a8..7fe6c19 100644 /** * Creates a driver or general drm_ioctl_desc array entry for the given -@@ -983,7 +986,8 @@ struct drm_info_list { +@@ -946,7 +949,8 @@ struct drm_info_list { int (*show)(struct seq_file*, void*); /** show callback */ u32 driver_features; /**< Required driver features for this entry */ void *data; @@ -81658,7 +79046,7 @@ index 8af71a8..7fe6c19 100644 /** * debugfs node structure. This structure represents a debugfs file. -@@ -1067,7 +1071,7 @@ struct drm_device { +@@ -1030,7 +1034,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ @@ -81823,10 +79211,10 @@ index cbc5833..8123ebc 100644 if (sizeof(l) == 4) return fls(l); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 8699bcf..279485d 100644 +index 518b465..11953e6 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1625,7 +1625,7 @@ struct block_device_operations { +@@ -1627,7 +1627,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -81912,7 +79300,7 @@ index 4ce9056..86caac6 100644 extern struct cleancache_ops * cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h -index 0c287db..5efa775 100644 +index 411dd7e..ee38878 100644 --- a/include/linux/clk-provider.h +++ b/include/linux/clk-provider.h @@ -180,6 +180,7 @@ struct clk_ops { @@ -82162,10 +79550,10 @@ index 34025df..d94bbbc 100644 /* * Users often need to create attribute structures for their configurable diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h -index 8f8ae95..b9b0e6d 100644 +index 7d1955a..d86a3ca 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h -@@ -202,6 +202,7 @@ struct global_attr { +@@ -203,6 +203,7 @@ struct global_attr { ssize_t (*store)(struct kobject *a, struct attribute *b, const char *c, size_t count); }; @@ -82173,7 +79561,7 @@ index 8f8ae95..b9b0e6d 100644 #define define_one_global_ro(_name) \ static struct global_attr _name = \ -@@ -268,7 +269,7 @@ struct cpufreq_driver { +@@ -269,7 +270,7 @@ struct cpufreq_driver { bool boost_supported; bool boost_enabled; int (*set_boost) (int state); @@ -82258,7 +79646,7 @@ index 2997af6..424ddc1 100644 int cpumask_set_cpu_local_first(int i, int numa_node, cpumask_t *dstp); diff --git a/include/linux/cred.h b/include/linux/cred.h -index f61d6c8..d372d95 100644 +index b2d0820..2ecafd3 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -35,7 +35,7 @@ struct group_info { @@ -82289,7 +79677,7 @@ index f61d6c8..d372d95 100644 #endif /** -@@ -322,6 +325,7 @@ static inline void put_cred(const struct cred *_cred) +@@ -331,6 +334,7 @@ static inline void put_cred(const struct cred *_cred) #define task_uid(task) (task_cred_xxx((task), uid)) #define task_euid(task) (task_cred_xxx((task), euid)) @@ -82298,7 +79686,7 @@ index f61d6c8..d372d95 100644 #define current_cred_xxx(xxx) \ ({ \ diff --git a/include/linux/crypto.h b/include/linux/crypto.h -index b92eadf..b4ecdc1 100644 +index d45e949..51cf5ea 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -373,7 +373,7 @@ struct cipher_tfm { @@ -82340,10 +79728,10 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index 3c7ec32..4ca97cc 100644 +index 75a227c..1456987 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h -@@ -133,7 +133,7 @@ struct dentry { +@@ -134,7 +134,7 @@ struct dentry { } d_u; struct list_head d_subdirs; /* our children */ struct hlist_node d_alias; /* inode alias list */ @@ -82379,7 +79767,7 @@ index f1863dc..5c26074 100644 /** * struct devfreq - Device devfreq structure diff --git a/include/linux/device.h b/include/linux/device.h -index af424ac..fd46ddf 100644 +index 43d183a..03b6ba2 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -310,7 +310,7 @@ struct subsys_interface { @@ -82428,7 +79816,7 @@ index 931b709..89b2d89 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index d2c5cc7..d193394 100644 +index 1f9e642..39e4263 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h @@ -1147,9 +1147,9 @@ struct dma_pinned_list { @@ -82444,10 +79832,10 @@ index d2c5cc7..d193394 100644 unsigned int offset, size_t len); diff --git a/include/linux/efi.h b/include/linux/efi.h -index 41bbf8b..bd3a718 100644 +index 45cb4ff..c9b4912 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -1027,6 +1027,7 @@ struct efivar_operations { +@@ -1036,6 +1036,7 @@ struct efivar_operations { efi_set_variable_t *set_variable; efi_query_variable_store_t *query_variable_store; }; @@ -82508,7 +79896,7 @@ index 36f49c4..a2a1f4c 100644 /** diff --git a/include/linux/fb.h b/include/linux/fb.h -index b6bfda9..1f13487 100644 +index 09bb7a1..d98870a 100644 --- a/include/linux/fb.h +++ b/include/linux/fb.h @@ -305,7 +305,7 @@ struct fb_ops { @@ -82534,533 +79922,103 @@ index 230f87b..1fd0485 100644 int iterate_fd(struct files_struct *, unsigned, int (*)(const void *, struct file *, unsigned), diff --git a/include/linux/filter.h b/include/linux/filter.h -index a7e3c48..e568c8e 100644 +index a5227ab..c789945 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h -@@ -9,330 +9,28 @@ +@@ -9,6 +9,11 @@ + #include <linux/skbuff.h> #include <linux/workqueue.h> #include <uapi/linux/filter.h> ++#include <asm/cacheflush.h> ++ ++struct sk_buff; ++struct sock; ++struct seccomp_data; --/* Internally used and optimized filter representation with extended -- * instruction set based on top of classic BPF. -- */ -- --/* instruction classes */ --#define BPF_ALU64 0x07 /* alu mode in double word width */ -- --/* ld/ldx fields */ --#define BPF_DW 0x18 /* double word */ --#define BPF_XADD 0xc0 /* exclusive add */ -- --/* alu/jmp fields */ --#define BPF_MOV 0xb0 /* mov reg to reg */ --#define BPF_ARSH 0xc0 /* sign extending arithmetic shift right */ -- --/* change endianness of a register */ --#define BPF_END 0xd0 /* flags for endianness conversion: */ --#define BPF_TO_LE 0x00 /* convert to little-endian */ --#define BPF_TO_BE 0x08 /* convert to big-endian */ --#define BPF_FROM_LE BPF_TO_LE --#define BPF_FROM_BE BPF_TO_BE -- --#define BPF_JNE 0x50 /* jump != */ --#define BPF_JSGT 0x60 /* SGT is signed '>', GT in x86 */ --#define BPF_JSGE 0x70 /* SGE is signed '>=', GE in x86 */ --#define BPF_CALL 0x80 /* function call */ --#define BPF_EXIT 0x90 /* function return */ -- --/* Register numbers */ --enum { -- BPF_REG_0 = 0, -- BPF_REG_1, -- BPF_REG_2, -- BPF_REG_3, -- BPF_REG_4, -- BPF_REG_5, -- BPF_REG_6, -- BPF_REG_7, -- BPF_REG_8, -- BPF_REG_9, -- BPF_REG_10, -- __MAX_BPF_REG, --}; -- --/* BPF has 10 general purpose 64-bit registers and stack frame. */ --#define MAX_BPF_REG __MAX_BPF_REG -- --/* ArgX, context and stack frame pointer register positions. Note, -- * Arg1, Arg2, Arg3, etc are used as argument mappings of function -- * calls in BPF_CALL instruction. -- */ --#define BPF_REG_ARG1 BPF_REG_1 --#define BPF_REG_ARG2 BPF_REG_2 --#define BPF_REG_ARG3 BPF_REG_3 --#define BPF_REG_ARG4 BPF_REG_4 --#define BPF_REG_ARG5 BPF_REG_5 --#define BPF_REG_CTX BPF_REG_6 --#define BPF_REG_FP BPF_REG_10 -- --/* Additional register mappings for converted user programs. */ --#define BPF_REG_A BPF_REG_0 --#define BPF_REG_X BPF_REG_7 --#define BPF_REG_TMP BPF_REG_8 -- --/* BPF program can access up to 512 bytes of stack space. */ --#define MAX_BPF_STACK 512 -- --/* Helper macros for filter block array initializers. */ -- --/* ALU ops on registers, bpf_add|sub|...: dst_reg += src_reg */ -- --#define BPF_ALU64_REG(OP, DST, SRC) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU64 | BPF_OP(OP) | BPF_X, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = 0 }) -- --#define BPF_ALU32_REG(OP, DST, SRC) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_OP(OP) | BPF_X, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = 0 }) -- --/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */ -- --#define BPF_ALU64_IMM(OP, DST, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU64 | BPF_OP(OP) | BPF_K, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = IMM }) -- --#define BPF_ALU32_IMM(OP, DST, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_OP(OP) | BPF_K, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = IMM }) -- --/* Endianess conversion, cpu_to_{l,b}e(), {l,b}e_to_cpu() */ -- --#define BPF_ENDIAN(TYPE, DST, LEN) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_END | BPF_SRC(TYPE), \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = LEN }) -- --/* Short form of mov, dst_reg = src_reg */ -- --#define BPF_MOV64_REG(DST, SRC) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU64 | BPF_MOV | BPF_X, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = 0 }) -- --#define BPF_MOV32_REG(DST, SRC) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_MOV | BPF_X, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = 0 }) -- --/* Short form of mov, dst_reg = imm32 */ -- --#define BPF_MOV64_IMM(DST, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU64 | BPF_MOV | BPF_K, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = IMM }) -- --#define BPF_MOV32_IMM(DST, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_MOV | BPF_K, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = IMM }) -- --/* Short form of mov based on type, BPF_X: dst_reg = src_reg, BPF_K: dst_reg = imm32 */ -- --#define BPF_MOV64_RAW(TYPE, DST, SRC, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU64 | BPF_MOV | BPF_SRC(TYPE), \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = IMM }) -- --#define BPF_MOV32_RAW(TYPE, DST, SRC, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ALU | BPF_MOV | BPF_SRC(TYPE), \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = IMM }) -- --/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */ -- --#define BPF_LD_ABS(SIZE, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \ -- .dst_reg = 0, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = IMM }) -- --/* Indirect packet access, R0 = *(uint *) (skb->data + src_reg + imm32) */ -- --#define BPF_LD_IND(SIZE, SRC, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_LD | BPF_SIZE(SIZE) | BPF_IND, \ -- .dst_reg = 0, \ -- .src_reg = SRC, \ -- .off = 0, \ -- .imm = IMM }) -- --/* Memory load, dst_reg = *(uint *) (src_reg + off16) */ -- --#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ -- ((struct sock_filter_int) { \ -- .code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = OFF, \ -- .imm = 0 }) -- --/* Memory store, *(uint *) (dst_reg + off16) = src_reg */ -- --#define BPF_STX_MEM(SIZE, DST, SRC, OFF) \ -- ((struct sock_filter_int) { \ -- .code = BPF_STX | BPF_SIZE(SIZE) | BPF_MEM, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = OFF, \ -- .imm = 0 }) -- --/* Memory store, *(uint *) (dst_reg + off16) = imm32 */ -- --#define BPF_ST_MEM(SIZE, DST, OFF, IMM) \ -- ((struct sock_filter_int) { \ -- .code = BPF_ST | BPF_SIZE(SIZE) | BPF_MEM, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = OFF, \ -- .imm = IMM }) -- --/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */ -- --#define BPF_JMP_REG(OP, DST, SRC, OFF) \ -- ((struct sock_filter_int) { \ -- .code = BPF_JMP | BPF_OP(OP) | BPF_X, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = OFF, \ -- .imm = 0 }) -- --/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */ -- --#define BPF_JMP_IMM(OP, DST, IMM, OFF) \ -- ((struct sock_filter_int) { \ -- .code = BPF_JMP | BPF_OP(OP) | BPF_K, \ -- .dst_reg = DST, \ -- .src_reg = 0, \ -- .off = OFF, \ -- .imm = IMM }) -- --/* Function call */ -- --#define BPF_EMIT_CALL(FUNC) \ -- ((struct sock_filter_int) { \ -- .code = BPF_JMP | BPF_CALL, \ -- .dst_reg = 0, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = ((FUNC) - __bpf_call_base) }) -- --/* Raw code statement block */ -- --#define BPF_RAW_INSN(CODE, DST, SRC, OFF, IMM) \ -- ((struct sock_filter_int) { \ -- .code = CODE, \ -- .dst_reg = DST, \ -- .src_reg = SRC, \ -- .off = OFF, \ -- .imm = IMM }) -- --/* Program exit */ -- --#define BPF_EXIT_INSN() \ -- ((struct sock_filter_int) { \ -- .code = BPF_JMP | BPF_EXIT, \ -- .dst_reg = 0, \ -- .src_reg = 0, \ -- .off = 0, \ -- .imm = 0 }) -- --#define bytes_to_bpf_size(bytes) \ --({ \ -- int bpf_size = -EINVAL; \ -- \ -- if (bytes == sizeof(u8)) \ -- bpf_size = BPF_B; \ -- else if (bytes == sizeof(u16)) \ -- bpf_size = BPF_H; \ -- else if (bytes == sizeof(u32)) \ -- bpf_size = BPF_W; \ -- else if (bytes == sizeof(u64)) \ -- bpf_size = BPF_DW; \ -- \ -- bpf_size; \ --}) -- --/* Macro to invoke filter function. */ --#define SK_RUN_FILTER(filter, ctx) (*filter->bpf_func)(ctx, filter->insnsi) -- --struct sock_filter_int { -- __u8 code; /* opcode */ -- __u8 dst_reg:4; /* dest register */ -- __u8 src_reg:4; /* source register */ -- __s16 off; /* signed offset */ -- __s32 imm; /* signed immediate constant */ --}; -- - #ifdef CONFIG_COMPAT --/* A struct sock_filter is architecture independent. */ -+/* -+ * A struct sock_filter is architecture independent. -+ */ - struct compat_sock_fprog { - u16 len; -- compat_uptr_t filter; /* struct sock_filter * */ -+ compat_uptr_t filter; /* struct sock_filter * */ + /* Internally used and optimized filter representation with extended + * instruction set based on top of classic BPF. +@@ -320,20 +325,23 @@ struct sock_fprog_kern { + struct sock_filter *filter; }; - #endif --struct sock_fprog_kern { -- u16 len; -- struct sock_filter *filter; --}; -- - struct sk_buff; - struct sock; +-struct sk_buff; +-struct sock; -struct seccomp_data; ++struct bpf_work_struct { ++ struct bpf_prog *prog; ++ struct work_struct work; ++}; --struct sk_filter { -+struct sk_filter -+{ - atomic_t refcnt; -- u32 jited:1, /* Is our filter JIT'ed? */ -- len:31; /* Number of filter blocks */ -- struct sock_fprog_kern *orig_prog; /* Original BPF program */ -+ unsigned int len; /* Number of filter blocks */ - struct rcu_head rcu; + struct bpf_prog { ++ u32 pages; /* Number of allocated pages */ + u32 jited:1, /* Is our filter JIT'ed? */ + len:31; /* Number of filter blocks */ + struct sock_fprog_kern *orig_prog; /* Original BPF program */ ++ struct bpf_work_struct *work; /* Deferred free work struct */ unsigned int (*bpf_func)(const struct sk_buff *skb, -- const struct sock_filter_int *filter); -+ const struct sock_filter *filter); + const struct bpf_insn *filter); ++ /* Instructions for interpreter */ union { -- struct sock_filter insns[0]; -- struct sock_filter_int insnsi[0]; -+ struct sock_filter insns[0]; - struct work_struct work; + struct sock_filter insns[0]; + struct bpf_insn insnsi[0]; +- struct work_struct work; }; }; -@@ -343,76 +41,25 @@ static inline unsigned int sk_filter_size(unsigned int proglen) - offsetof(struct sk_filter, insns[proglen])); - } --#define sk_filter_proglen(fprog) \ -- (fprog->len * sizeof(fprog->filter[0])) -- --int sk_filter(struct sock *sk, struct sk_buff *skb); -- --void sk_filter_select_runtime(struct sk_filter *fp); --void sk_filter_free(struct sk_filter *fp); -- --int sk_convert_filter(struct sock_filter *prog, int len, -- struct sock_filter_int *new_prog, int *new_len); -- --int sk_unattached_filter_create(struct sk_filter **pfp, -- struct sock_fprog_kern *fprog); --void sk_unattached_filter_destroy(struct sk_filter *fp); -- --int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); --int sk_detach_filter(struct sock *sk); -- --int sk_chk_filter(struct sock_filter *filter, unsigned int flen); --int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, -- unsigned int len); -- --void sk_filter_charge(struct sock *sk, struct sk_filter *fp); --void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp); -- --u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5); --void bpf_int_jit_compile(struct sk_filter *fp); -- --#define BPF_ANC BIT(15) -- --static inline u16 bpf_anc_helper(const struct sock_filter *ftest) --{ -- BUG_ON(ftest->code & BPF_ANC); -- -- switch (ftest->code) { -- case BPF_LD | BPF_W | BPF_ABS: -- case BPF_LD | BPF_H | BPF_ABS: -- case BPF_LD | BPF_B | BPF_ABS: --#define BPF_ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \ -- return BPF_ANC | SKF_AD_##CODE -- switch (ftest->k) { -- BPF_ANCILLARY(PROTOCOL); -- BPF_ANCILLARY(PKTTYPE); -- BPF_ANCILLARY(IFINDEX); -- BPF_ANCILLARY(NLATTR); -- BPF_ANCILLARY(NLATTR_NEST); -- BPF_ANCILLARY(MARK); -- BPF_ANCILLARY(QUEUE); -- BPF_ANCILLARY(HATYPE); -- BPF_ANCILLARY(RXHASH); -- BPF_ANCILLARY(CPU); -- BPF_ANCILLARY(ALU_XOR_X); -- BPF_ANCILLARY(VLAN_TAG); -- BPF_ANCILLARY(VLAN_TAG_PRESENT); -- BPF_ANCILLARY(PAY_OFFSET); -- BPF_ANCILLARY(RANDOM); -- } -- /* Fallthrough. */ -- default: -- return ftest->code; -- } --} -+extern int sk_filter(struct sock *sk, struct sk_buff *skb); -+extern unsigned int sk_run_filter(const struct sk_buff *skb, -+ const struct sock_filter *filter); -+extern int sk_unattached_filter_create(struct sk_filter **pfp, -+ struct sock_fprog *fprog); -+extern void sk_unattached_filter_destroy(struct sk_filter *fp); -+extern int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk); -+extern int sk_detach_filter(struct sock *sk); -+extern int sk_chk_filter(struct sock_filter *filter, unsigned int flen); -+extern int sk_get_filter(struct sock *sk, struct sock_filter __user *filter, unsigned len); -+extern void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to); - - #ifdef CONFIG_BPF_JIT - #include <stdarg.h> - #include <linux/linkage.h> - #include <linux/printk.h> +@@ -353,6 +361,26 @@ static inline unsigned int bpf_prog_size(unsigned int proglen) --void bpf_jit_compile(struct sk_filter *fp); --void bpf_jit_free(struct sk_filter *fp); -+extern void bpf_jit_compile(struct sk_filter *fp); -+extern void bpf_jit_free(struct sk_filter *fp); + #define bpf_classic_proglen(fprog) (fprog->len * sizeof(fprog->filter[0])) - static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, - u32 pass, void *image) -@@ -423,22 +70,90 @@ static inline void bpf_jit_dump(unsigned int flen, unsigned int proglen, - print_hex_dump(KERN_ERR, "JIT code: ", DUMP_PREFIX_OFFSET, - 16, 1, image, proglen, false); - } -+#define SK_RUN_FILTER(FILTER, SKB) (*FILTER->bpf_func)(SKB, FILTER->insns) - #else - #include <linux/slab.h> -- - static inline void bpf_jit_compile(struct sk_filter *fp) - { - } -- - static inline void bpf_jit_free(struct sk_filter *fp) - { - kfree(fp); - } --#endif /* CONFIG_BPF_JIT */ -+#define SK_RUN_FILTER(FILTER, SKB) sk_run_filter(SKB, FILTER->insns) -+#endif ++#ifdef CONFIG_DEBUG_SET_MODULE_RONX ++static inline void bpf_prog_lock_ro(struct bpf_prog *fp) ++{ ++ set_memory_ro((unsigned long)fp, fp->pages); ++} ++ ++static inline void bpf_prog_unlock_ro(struct bpf_prog *fp) ++{ ++ set_memory_rw((unsigned long)fp, fp->pages); ++} ++#else ++static inline void bpf_prog_lock_ro(struct bpf_prog *fp) ++{ ++} ++ ++static inline void bpf_prog_unlock_ro(struct bpf_prog *fp) ++{ ++} ++#endif /* CONFIG_DEBUG_SET_MODULE_RONX */ ++ + int sk_filter(struct sock *sk, struct sk_buff *skb); - static inline int bpf_tell_extensions(void) + void bpf_prog_select_runtime(struct bpf_prog *fp); +@@ -361,6 +389,17 @@ void bpf_prog_free(struct bpf_prog *fp); + int bpf_convert_filter(struct sock_filter *prog, int len, + struct bpf_insn *new_prog, int *new_len); + ++struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags); ++struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, ++ gfp_t gfp_extra_flags); ++void __bpf_prog_free(struct bpf_prog *fp); ++ ++static inline void bpf_prog_unlock_free(struct bpf_prog *fp) ++{ ++ bpf_prog_unlock_ro(fp); ++ __bpf_prog_free(fp); ++} ++ + int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog); + void bpf_prog_destroy(struct bpf_prog *fp); + +@@ -450,7 +489,7 @@ static inline void bpf_jit_compile(struct bpf_prog *fp) + + static inline void bpf_jit_free(struct bpf_prog *fp) { - return SKF_AD_MAX; +- kfree(fp); ++ bpf_prog_unlock_free(fp); } + #endif /* CONFIG_BPF_JIT */ -+enum { -+ BPF_S_RET_K = 1, -+ BPF_S_RET_A, -+ BPF_S_ALU_ADD_K, -+ BPF_S_ALU_ADD_X, -+ BPF_S_ALU_SUB_K, -+ BPF_S_ALU_SUB_X, -+ BPF_S_ALU_MUL_K, -+ BPF_S_ALU_MUL_X, -+ BPF_S_ALU_DIV_X, -+ BPF_S_ALU_MOD_K, -+ BPF_S_ALU_MOD_X, -+ BPF_S_ALU_AND_K, -+ BPF_S_ALU_AND_X, -+ BPF_S_ALU_OR_K, -+ BPF_S_ALU_OR_X, -+ BPF_S_ALU_XOR_K, -+ BPF_S_ALU_XOR_X, -+ BPF_S_ALU_LSH_K, -+ BPF_S_ALU_LSH_X, -+ BPF_S_ALU_RSH_K, -+ BPF_S_ALU_RSH_X, -+ BPF_S_ALU_NEG, -+ BPF_S_LD_W_ABS, -+ BPF_S_LD_H_ABS, -+ BPF_S_LD_B_ABS, -+ BPF_S_LD_W_LEN, -+ BPF_S_LD_W_IND, -+ BPF_S_LD_H_IND, -+ BPF_S_LD_B_IND, -+ BPF_S_LD_IMM, -+ BPF_S_LDX_W_LEN, -+ BPF_S_LDX_B_MSH, -+ BPF_S_LDX_IMM, -+ BPF_S_MISC_TAX, -+ BPF_S_MISC_TXA, -+ BPF_S_ALU_DIV_K, -+ BPF_S_LD_MEM, -+ BPF_S_LDX_MEM, -+ BPF_S_ST, -+ BPF_S_STX, -+ BPF_S_JMP_JA, -+ BPF_S_JMP_JEQ_K, -+ BPF_S_JMP_JEQ_X, -+ BPF_S_JMP_JGE_K, -+ BPF_S_JMP_JGE_X, -+ BPF_S_JMP_JGT_K, -+ BPF_S_JMP_JGT_X, -+ BPF_S_JMP_JSET_K, -+ BPF_S_JMP_JSET_X, -+ /* Ancillary data */ -+ BPF_S_ANC_PROTOCOL, -+ BPF_S_ANC_PKTTYPE, -+ BPF_S_ANC_IFINDEX, -+ BPF_S_ANC_NLATTR, -+ BPF_S_ANC_NLATTR_NEST, -+ BPF_S_ANC_MARK, -+ BPF_S_ANC_QUEUE, -+ BPF_S_ANC_HATYPE, -+ BPF_S_ANC_RXHASH, -+ BPF_S_ANC_CPU, -+ BPF_S_ANC_ALU_XOR_X, -+ BPF_S_ANC_SECCOMP_LD_W, -+ BPF_S_ANC_VLAN_TAG, -+ BPF_S_ANC_VLAN_TAG_PRESENT, -+ BPF_S_ANC_PAY_OFFSET, -+}; -+ - #endif /* __LINUX_FILTER_H__ */ diff --git a/include/linux/frontswap.h b/include/linux/frontswap.h index 8293262..2b3b8bd 100644 --- a/include/linux/frontswap.h @@ -83075,7 +80033,7 @@ index 8293262..2b3b8bd 100644 extern bool frontswap_enabled; extern struct frontswap_ops * diff --git a/include/linux/fs.h b/include/linux/fs.h -index e11d60c..901317a 100644 +index 9418772..0155807 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -401,7 +401,7 @@ struct address_space { @@ -83096,7 +80054,7 @@ index e11d60c..901317a 100644 /* * Radix-tree tags, for tagging dirty and writeback pages within the pagecache -@@ -588,7 +588,7 @@ struct inode { +@@ -613,7 +613,7 @@ struct inode { #endif void *i_private; /* fs or device private pointer */ @@ -83105,7 +80063,7 @@ index e11d60c..901317a 100644 static inline int inode_unhashed(struct inode *inode) { -@@ -781,7 +781,7 @@ struct file { +@@ -806,7 +806,7 @@ struct file { struct list_head f_tfile_llink; #endif /* #ifdef CONFIG_EPOLL */ struct address_space *f_mapping; @@ -83114,7 +80072,7 @@ index e11d60c..901317a 100644 struct file_handle { __u32 handle_bytes; -@@ -909,7 +909,7 @@ struct file_lock { +@@ -934,7 +934,7 @@ struct file_lock { int state; /* state of grant or error if -ve */ } afs; } fl_u; @@ -83123,7 +80081,7 @@ index e11d60c..901317a 100644 /* The following constant reflects the upper bound of the file/locking space */ #ifndef OFFSET_MAX -@@ -1258,7 +1258,7 @@ struct super_block { +@@ -1284,7 +1284,7 @@ struct super_block { struct list_lru s_dentry_lru ____cacheline_aligned_in_smp; struct list_lru s_inode_lru ____cacheline_aligned_in_smp; struct rcu_head rcu; @@ -83132,7 +80090,7 @@ index e11d60c..901317a 100644 extern struct timespec current_fs_time(struct super_block *sb); -@@ -1484,7 +1484,8 @@ struct file_operations { +@@ -1510,7 +1510,8 @@ struct file_operations { long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); int (*show_fdinfo)(struct seq_file *m, struct file *f); @@ -83142,7 +80100,7 @@ index e11d60c..901317a 100644 struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); -@@ -2769,4 +2770,14 @@ static inline bool dir_relax(struct inode *inode) +@@ -2796,4 +2797,14 @@ static inline bool dir_relax(struct inode *inode) return !IS_DEADDIR(inode); } @@ -83281,7 +80239,7 @@ index c0894dd..2fbf10c 100644 }; diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 6eb1fb3..30fe7e4 100644 +index 5e7219d..b1ed627 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h @@ -34,6 +34,13 @@ struct vm_area_struct; @@ -84637,28 +81595,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hash.h b/include/linux/hash.h -index bd1754c..69b7715 100644 +index d0494c3..69b7715 100644 --- a/include/linux/hash.h +++ b/include/linux/hash.h -@@ -37,6 +37,9 @@ static __always_inline u64 hash_64(u64 val, unsigned int bits) - { - u64 hash = val; - -+#if defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 -+ hash = hash * GOLDEN_RATIO_PRIME_64; -+#else - /* Sigh, gcc can't optimise this alone like it does for 32 bits. */ - u64 n = hash; - n <<= 18; -@@ -51,6 +54,7 @@ static __always_inline u64 hash_64(u64 val, unsigned int bits) - hash += n; - n <<= 2; - hash += n; -+#endif - - /* High bits are more random, so use them. */ - return hash >> (64 - bits); -@@ -83,7 +87,7 @@ static inline u32 hash32_ptr(const void *ptr) +@@ -87,7 +87,7 @@ static inline u32 hash32_ptr(const void *ptr) struct fast_hash_ops { u32 (*hash)(const void *data, u32 len, u32 seed); u32 (*hash2)(const u32 *data, u32 len, u32 seed); @@ -84668,7 +81608,7 @@ index bd1754c..69b7715 100644 /** * arch_fast_hash - Caclulates a hash over a given buffer that can have diff --git a/include/linux/highmem.h b/include/linux/highmem.h -index 7fb31da..08b5114 100644 +index 9286a46..373f27f 100644 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -189,6 +189,18 @@ static inline void clear_highpage(struct page *page) @@ -84785,10 +81725,10 @@ index 2df8e8d..3e1280d 100644 #define __meminitconst __constsection(.meminit.rodata) #define __memexit __section(.memexit.text) __exitused __cold notrace diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index 6df7f9f..d0bf699 100644 +index 2bb4c4f3..e0fac69 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h -@@ -156,6 +156,12 @@ extern struct task_group root_task_group; +@@ -149,6 +149,12 @@ extern struct task_group root_task_group; #define INIT_TASK_COMM "swapper" @@ -84801,7 +81741,7 @@ index 6df7f9f..d0bf699 100644 #ifdef CONFIG_RT_MUTEXES # define INIT_RT_MUTEXES(tsk) \ .pi_waiters = RB_ROOT, \ -@@ -203,6 +209,7 @@ extern struct task_group root_task_group; +@@ -196,6 +202,7 @@ extern struct task_group root_task_group; RCU_POINTER_INITIALIZER(cred, &init_cred), \ .comm = INIT_TASK_COMM, \ .thread = INIT_THREAD, \ @@ -84834,7 +81774,7 @@ index 698ad05..8601bb7 100644 extern void __raise_softirq_irqoff(unsigned int nr); diff --git a/include/linux/iommu.h b/include/linux/iommu.h -index b96a5b2..2732d1c 100644 +index 20f9a52..63ee2e3 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -131,7 +131,7 @@ struct iommu_ops { @@ -84847,7 +81787,7 @@ index b96a5b2..2732d1c 100644 #define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */ #define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */ diff --git a/include/linux/ioport.h b/include/linux/ioport.h -index 5e3a906..3131d0f 100644 +index 142ec54..873e033 100644 --- a/include/linux/ioport.h +++ b/include/linux/ioport.h @@ -161,7 +161,7 @@ struct resource *lookup_resource(struct resource *root, resource_size_t start); @@ -84873,7 +81813,7 @@ index 35e7eca..6afb7ad 100644 extern struct ipc_namespace init_ipc_ns; extern atomic_t nr_ipc_ns; diff --git a/include/linux/irq.h b/include/linux/irq.h -index 0d998d8..3a1c782 100644 +index 62af592..cc3b0d0 100644 --- a/include/linux/irq.h +++ b/include/linux/irq.h @@ -344,7 +344,8 @@ struct irq_chip { @@ -84903,22 +81843,6 @@ index 45e2d8c..26d85da 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); -diff --git a/include/linux/isdn_ppp.h b/include/linux/isdn_ppp.h -index 8e10f57..d5f62bc 100644 ---- a/include/linux/isdn_ppp.h -+++ b/include/linux/isdn_ppp.h -@@ -180,8 +180,9 @@ struct ippp_struct { - struct slcompress *slcomp; - #endif - #ifdef CONFIG_IPPP_FILTER -- struct sk_filter *pass_filter; /* filter for packets to pass */ -- struct sk_filter *active_filter; /* filter for pkts to reset idle */ -+ struct sock_filter *pass_filter; /* filter for packets to pass */ -+ struct sock_filter *active_filter; /* filter for pkts to reset idle */ -+ unsigned pass_len, active_len; - #endif - unsigned long debug; - struct isdn_ppp_compressor *compressor,*decompressor; diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h @@ -84988,10 +81912,10 @@ index 6883e19..e854fcb 100644 /* This macro allows us to keep printk typechecking */ static __printf(1, 2) diff --git a/include/linux/key-type.h b/include/linux/key-type.h -index a74c3a8..28d3f21 100644 +index 44792ee..6172f2a 100644 --- a/include/linux/key-type.h +++ b/include/linux/key-type.h -@@ -131,7 +131,7 @@ struct key_type { +@@ -132,7 +132,7 @@ struct key_type { /* internal fields */ struct list_head link; /* link in types list */ struct lock_class_key lock_class; /* key->sem lock class */ @@ -85111,10 +82035,10 @@ index 484604d..0f6c5b6 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index ec4e3bd..14db03a 100644 +index a4c33b3..e854710 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -468,7 +468,7 @@ static inline void kvm_irqfd_exit(void) +@@ -452,7 +452,7 @@ static inline void kvm_irqfd_exit(void) { } #endif @@ -85123,7 +82047,7 @@ index ec4e3bd..14db03a 100644 struct module *module); void kvm_exit(void); -@@ -634,7 +634,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -618,7 +618,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -85158,7 +82082,7 @@ index a6a42dd..6c5ebce 100644 /* diff --git a/include/linux/list.h b/include/linux/list.h -index ef95941..82db65a 100644 +index cbbb96f..602d023 100644 --- a/include/linux/list.h +++ b/include/linux/list.h @@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry); @@ -85306,7 +82230,7 @@ index f230a97..714c006 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index e03dd29..eaf923c 100644 +index 8981cc8..76fd8c2 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp); @@ -85550,7 +82474,7 @@ index e03dd29..eaf923c 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2078,7 +2093,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2085,7 +2100,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -85559,7 +82483,7 @@ index e03dd29..eaf923c 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2113,5 +2128,11 @@ void __init setup_nr_node_ids(void); +@@ -2120,5 +2135,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -85572,7 +82496,7 @@ index e03dd29..eaf923c 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 96c5750..15668ba 100644 +index 6e0b286..90d9c0d 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -308,7 +308,9 @@ struct vm_area_struct { @@ -85636,18 +82560,18 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 6cbd1b6..b1d2f99 100644 +index 318df70..b74ec01 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -412,7 +412,7 @@ struct zone { - unsigned long flags; /* zone flags, see below */ +@@ -518,7 +518,7 @@ struct zone { + ZONE_PADDING(_pad3_) /* Zone statistics */ - atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; + atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS]; + } ____cacheline_internodealigned_in_smp; - /* - * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on + typedef enum { diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h index 44eeef0..a92d3f9 100644 --- a/include/linux/mod_devicetable.h @@ -85671,7 +82595,7 @@ index 44eeef0..a92d3f9 100644 * struct dmi_device_id appears during expansion of * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it diff --git a/include/linux/module.h b/include/linux/module.h -index f520a76..5f898ef 100644 +index 71f282a..b2387e2 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,9 +17,11 @@ @@ -85763,7 +82687,7 @@ index f520a76..5f898ef 100644 #ifndef MODULE_ARCH_INIT #define MODULE_ARCH_INIT {} #endif -@@ -396,16 +400,46 @@ bool is_module_address(unsigned long addr); +@@ -396,18 +400,48 @@ bool is_module_address(unsigned long addr); bool is_module_percpu_address(unsigned long addr); bool is_module_text_address(unsigned long addr); @@ -85799,23 +82723,25 @@ index f520a76..5f898ef 100644 + return within_module_range(addr, mod->module_init_rw, mod->init_size_rw); +} + - static inline int within_module_core(unsigned long addr, const struct module *mod) + static inline bool within_module_core(unsigned long addr, + const struct module *mod) { - return (unsigned long)mod->module_core <= addr && - addr < (unsigned long)mod->module_core + mod->core_size; + return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod); } - static inline int within_module_init(unsigned long addr, const struct module *mod) + static inline bool within_module_init(unsigned long addr, + const struct module *mod) { - return (unsigned long)mod->module_init <= addr && - addr < (unsigned long)mod->module_init + mod->init_size; + return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod); } - /* Search for module by name: must hold module_mutex. */ + static inline bool within_module(unsigned long addr, const struct module *mod) diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index 560ca53..ef621ef 100644 +index 7eeb9bb..68f37e0 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h @@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); @@ -85840,28 +82766,30 @@ index 560ca53..ef621ef 100644 /* * Apply the given relocation to the (simplified) ELF. Return -error * or 0. -@@ -45,7 +57,9 @@ static inline int apply_relocate(Elf_Shdr *sechdrs, +@@ -45,8 +57,10 @@ static inline int apply_relocate(Elf_Shdr *sechdrs, unsigned int relsec, struct module *me) { +#ifdef CONFIG_MODULES - printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); + printk(KERN_ERR "module %s: REL relocation unsupported\n", + module_name(me)); +#endif return -ENOEXEC; } #endif -@@ -67,7 +81,9 @@ static inline int apply_relocate_add(Elf_Shdr *sechdrs, +@@ -68,8 +82,10 @@ static inline int apply_relocate_add(Elf_Shdr *sechdrs, unsigned int relsec, struct module *me) { +#ifdef CONFIG_MODULES - printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); + printk(KERN_ERR "module %s: REL relocation unsupported\n", + module_name(me)); +#endif return -ENOEXEC; } #endif diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index b1990c5..2a6e611 100644 +index 494f99e..5059f63 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -293,7 +293,7 @@ static inline void __kernel_param_unlock(void) @@ -85873,7 +82801,7 @@ index b1990c5..2a6e611 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -432,7 +432,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); +@@ -437,7 +437,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ param_check_##type(name, &(array)[0]); \ @@ -85883,7 +82811,7 @@ index b1990c5..2a6e611 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/mount.h b/include/linux/mount.h -index b0c1e65..fd6baf1 100644 +index 9262e4b..0a45f98 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h @@ -66,7 +66,7 @@ struct vfsmount { @@ -85894,7 +82822,7 @@ index b0c1e65..fd6baf1 100644 +} __randomize_layout; struct file; /* forward dec */ - + struct path; diff --git a/include/linux/namei.h b/include/linux/namei.h index 492de72..1bddcd4 100644 --- a/include/linux/namei.h @@ -85937,10 +82865,10 @@ index 17d8339..81656c0 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 66f9a04..056078d 100644 +index c8e388e..5d8cd9b 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1145,6 +1145,7 @@ struct net_device_ops { +@@ -1147,6 +1147,7 @@ struct net_device_ops { void *priv); int (*ndo_get_lock_subclass)(struct net_device *dev); }; @@ -85948,26 +82876,25 @@ index 66f9a04..056078d 100644 /** * enum net_device_priv_flags - &struct net_device priv_flags -@@ -1312,11 +1313,11 @@ struct net_device { +@@ -1485,10 +1486,10 @@ struct net_device { + struct net_device_stats stats; - /* dropped packets by core network, Do not use this in drivers */ - atomic_long_t rx_dropped; - atomic_long_t tx_dropped; + atomic_long_unchecked_t rx_dropped; + atomic_long_unchecked_t tx_dropped; - /* Stats to monitor carrier on<->off transitions */ - atomic_t carrier_changes; + atomic_unchecked_t carrier_changes; #ifdef CONFIG_WIRELESS_EXT - /* List of functions to handle Wireless Extensions (instead of ioctl). + const struct iw_handler_def * wireless_handlers; diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h -index 2077489..a15e561 100644 +index 2517ece..0bbfcfb 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h -@@ -84,7 +84,7 @@ struct nf_sockopt_ops { +@@ -85,7 +85,7 @@ struct nf_sockopt_ops { #endif /* Use the module struct to lock set/get code in place */ struct module *owner; @@ -86177,10 +83104,10 @@ index 707617a..28a2e7e 100644 #define PMU_EVENT_ATTR(_name, _var, _id, _show) \ static struct perf_pmu_events_attr _var = { \ diff --git a/include/linux/pid_namespace.h b/include/linux/pid_namespace.h -index 7246ef3..1539ea4 100644 +index 1997ffc..4f1f44d 100644 --- a/include/linux/pid_namespace.h +++ b/include/linux/pid_namespace.h -@@ -43,7 +43,7 @@ struct pid_namespace { +@@ -44,7 +44,7 @@ struct pid_namespace { int hide_pid; int reboot; /* group exit code if this pidns was rebooted */ unsigned int proc_inum; @@ -86221,7 +83148,7 @@ index 72c0fe0..26918ed 100644 /* * The PM_EVENT_ messages are also used by drivers implementing the legacy diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h -index 7c1d252..0e7061d 100644 +index ebc4c76..7fab7b0 100644 --- a/include/linux/pm_domain.h +++ b/include/linux/pm_domain.h @@ -44,11 +44,11 @@ struct gpd_dev_ops { @@ -86239,10 +83166,10 @@ index 7c1d252..0e7061d 100644 struct generic_pm_domain { diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index 43fd671..08c96ee 100644 +index 367f49b..d2f5a14 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h -@@ -118,7 +118,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) +@@ -125,7 +125,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) static inline void pm_runtime_mark_last_busy(struct device *dev) { @@ -86378,10 +83305,10 @@ index de83b4e..c4b997d 100644 #define preempt_set_need_resched() \ do { \ diff --git a/include/linux/printk.h b/include/linux/printk.h -index 319ff7e..608849a 100644 +index d78125f..7f36596 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h -@@ -121,6 +121,8 @@ static inline __printf(1, 2) __cold +@@ -124,6 +124,8 @@ static inline __printf(1, 2) __cold void early_printk(const char *s, ...) { } #endif @@ -86390,7 +83317,7 @@ index 319ff7e..608849a 100644 #ifdef CONFIG_PRINTK asmlinkage __printf(5, 0) int vprintk_emit(int facility, int level, -@@ -155,7 +157,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, +@@ -158,7 +160,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, extern int printk_delay_msec; extern int dmesg_restrict; @@ -86469,146 +83396,8 @@ index 34a1e10..70f6bde 100644 struct proc_ns { void *ns; -diff --git a/include/linux/ptp_classify.h b/include/linux/ptp_classify.h -index 7dfed71..1dc420b 100644 ---- a/include/linux/ptp_classify.h -+++ b/include/linux/ptp_classify.h -@@ -23,8 +23,15 @@ - #ifndef _PTP_CLASSIFY_H_ - #define _PTP_CLASSIFY_H_ - -+#include <linux/if_ether.h> -+#include <linux/if_vlan.h> - #include <linux/ip.h> --#include <linux/skbuff.h> -+#include <linux/filter.h> -+#ifdef __KERNEL__ -+#include <linux/in.h> -+#else -+#include <netinet/in.h> -+#endif - - #define PTP_CLASS_NONE 0x00 /* not a PTP event message */ - #define PTP_CLASS_V1 0x01 /* protocol version 1 */ -@@ -37,7 +44,7 @@ - #define PTP_CLASS_PMASK 0xf0 /* mask for the packet type field */ - - #define PTP_CLASS_V1_IPV4 (PTP_CLASS_V1 | PTP_CLASS_IPV4) --#define PTP_CLASS_V1_IPV6 (PTP_CLASS_V1 | PTP_CLASS_IPV6) /* probably DNE */ -+#define PTP_CLASS_V1_IPV6 (PTP_CLASS_V1 | PTP_CLASS_IPV6) /*probably DNE*/ - #define PTP_CLASS_V2_IPV4 (PTP_CLASS_V2 | PTP_CLASS_IPV4) - #define PTP_CLASS_V2_IPV6 (PTP_CLASS_V2 | PTP_CLASS_IPV6) - #define PTP_CLASS_V2_L2 (PTP_CLASS_V2 | PTP_CLASS_L2) -@@ -46,34 +53,88 @@ - #define PTP_EV_PORT 319 - #define PTP_GEN_BIT 0x08 /* indicates general message, if set in message type */ - -+#define OFF_ETYPE 12 -+#define OFF_IHL 14 -+#define OFF_FRAG 20 -+#define OFF_PROTO4 23 -+#define OFF_NEXT 6 -+#define OFF_UDP_DST 2 -+ - #define OFF_PTP_SOURCE_UUID 22 /* PTPv1 only */ - #define OFF_PTP_SEQUENCE_ID 30 - #define OFF_PTP_CONTROL 32 /* PTPv1 only */ - --/* Below defines should actually be removed at some point in time. */ -+#define IPV4_HLEN(data) (((struct iphdr *)(data + OFF_IHL))->ihl << 2) -+ - #define IP6_HLEN 40 - #define UDP_HLEN 8 --#define OFF_IHL 14 -+ -+#define RELOFF_DST4 (ETH_HLEN + OFF_UDP_DST) -+#define OFF_DST6 (ETH_HLEN + IP6_HLEN + OFF_UDP_DST) - #define OFF_PTP6 (ETH_HLEN + IP6_HLEN + UDP_HLEN) --#define IPV4_HLEN(data) (((struct iphdr *)(data + OFF_IHL))->ihl << 2) - --#if defined(CONFIG_NET_PTP_CLASSIFY) --/** -- * ptp_classify_raw - classify a PTP packet -- * @skb: buffer -- * -- * Runs a minimal BPF dissector to classify a network packet to -- * determine the PTP class. In case the skb does not contain any -- * PTP protocol data, PTP_CLASS_NONE will be returned, otherwise -- * PTP_CLASS_V1_IPV{4,6}, PTP_CLASS_V2_IPV{4,6} or -- * PTP_CLASS_V2_{L2,VLAN}, depending on the packet content. -- */ --unsigned int ptp_classify_raw(const struct sk_buff *skb); -+#define OP_AND (BPF_ALU | BPF_AND | BPF_K) -+#define OP_JEQ (BPF_JMP | BPF_JEQ | BPF_K) -+#define OP_JSET (BPF_JMP | BPF_JSET | BPF_K) -+#define OP_LDB (BPF_LD | BPF_B | BPF_ABS) -+#define OP_LDH (BPF_LD | BPF_H | BPF_ABS) -+#define OP_LDHI (BPF_LD | BPF_H | BPF_IND) -+#define OP_LDX (BPF_LDX | BPF_B | BPF_MSH) -+#define OP_OR (BPF_ALU | BPF_OR | BPF_K) -+#define OP_RETA (BPF_RET | BPF_A) -+#define OP_RETK (BPF_RET | BPF_K) - --void __init ptp_classifier_init(void); --#else --static inline void ptp_classifier_init(void) -+static inline int ptp_filter_init(struct sock_filter *f, int len) - { -+ if (OP_LDH == f[0].code) -+ return sk_chk_filter(f, len); -+ else -+ return 0; - } -+ -+#define PTP_FILTER \ -+ {OP_LDH, 0, 0, OFF_ETYPE }, /* */ \ -+ {OP_JEQ, 0, 12, ETH_P_IP }, /* f goto L20 */ \ -+ {OP_LDB, 0, 0, OFF_PROTO4 }, /* */ \ -+ {OP_JEQ, 0, 9, IPPROTO_UDP }, /* f goto L10 */ \ -+ {OP_LDH, 0, 0, OFF_FRAG }, /* */ \ -+ {OP_JSET, 7, 0, 0x1fff }, /* t goto L11 */ \ -+ {OP_LDX, 0, 0, OFF_IHL }, /* */ \ -+ {OP_LDHI, 0, 0, RELOFF_DST4 }, /* */ \ -+ {OP_JEQ, 0, 4, PTP_EV_PORT }, /* f goto L12 */ \ -+ {OP_LDHI, 0, 0, ETH_HLEN + UDP_HLEN }, /* */ \ -+ {OP_AND, 0, 0, PTP_CLASS_VMASK }, /* */ \ -+ {OP_OR, 0, 0, PTP_CLASS_IPV4 }, /* */ \ -+ {OP_RETA, 0, 0, 0 }, /* */ \ -+/*L1x*/ {OP_RETK, 0, 0, PTP_CLASS_NONE }, /* */ \ -+/*L20*/ {OP_JEQ, 0, 9, ETH_P_IPV6 }, /* f goto L40 */ \ -+ {OP_LDB, 0, 0, ETH_HLEN + OFF_NEXT }, /* */ \ -+ {OP_JEQ, 0, 6, IPPROTO_UDP }, /* f goto L30 */ \ -+ {OP_LDH, 0, 0, OFF_DST6 }, /* */ \ -+ {OP_JEQ, 0, 4, PTP_EV_PORT }, /* f goto L31 */ \ -+ {OP_LDH, 0, 0, OFF_PTP6 }, /* */ \ -+ {OP_AND, 0, 0, PTP_CLASS_VMASK }, /* */ \ -+ {OP_OR, 0, 0, PTP_CLASS_IPV6 }, /* */ \ -+ {OP_RETA, 0, 0, 0 }, /* */ \ -+/*L3x*/ {OP_RETK, 0, 0, PTP_CLASS_NONE }, /* */ \ -+/*L40*/ {OP_JEQ, 0, 9, ETH_P_8021Q }, /* f goto L50 */ \ -+ {OP_LDH, 0, 0, OFF_ETYPE + 4 }, /* */ \ -+ {OP_JEQ, 0, 15, ETH_P_1588 }, /* f goto L60 */ \ -+ {OP_LDB, 0, 0, ETH_HLEN + VLAN_HLEN }, /* */ \ -+ {OP_AND, 0, 0, PTP_GEN_BIT }, /* */ \ -+ {OP_JEQ, 0, 12, 0 }, /* f goto L6x */ \ -+ {OP_LDH, 0, 0, ETH_HLEN + VLAN_HLEN }, /* */ \ -+ {OP_AND, 0, 0, PTP_CLASS_VMASK }, /* */ \ -+ {OP_OR, 0, 0, PTP_CLASS_VLAN }, /* */ \ -+ {OP_RETA, 0, 0, 0 }, /* */ \ -+/*L50*/ {OP_JEQ, 0, 7, ETH_P_1588 }, /* f goto L61 */ \ -+ {OP_LDB, 0, 0, ETH_HLEN }, /* */ \ -+ {OP_AND, 0, 0, PTP_GEN_BIT }, /* */ \ -+ {OP_JEQ, 0, 4, 0 }, /* f goto L6x */ \ -+ {OP_LDH, 0, 0, ETH_HLEN }, /* */ \ -+ {OP_AND, 0, 0, PTP_CLASS_VMASK }, /* */ \ -+ {OP_OR, 0, 0, PTP_CLASS_L2 }, /* */ \ -+ {OP_RETA, 0, 0, 0 }, /* */ \ -+/*L6x*/ {OP_RETK, 0, 0, PTP_CLASS_NONE }, -+ - #endif --#endif /* _PTP_CLASSIFY_H_ */ diff --git a/include/linux/quota.h b/include/linux/quota.h -index 0f3c5d3..bc559e3 100644 +index 80d345a..9e89a9a 100644 --- a/include/linux/quota.h +++ b/include/linux/quota.h @@ -70,7 +70,7 @@ struct kqid { /* Type in which we store the quota identifier */ @@ -86696,7 +83485,7 @@ index fea49b5..2ac22bb 100644 diff --git a/include/linux/rculist.h b/include/linux/rculist.h -index 8183b46..a388711 100644 +index 372ad5e..d4373f8 100644 --- a/include/linux/rculist.h +++ b/include/linux/rculist.h @@ -29,8 +29,8 @@ @@ -86849,7 +83638,7 @@ index be57450..31cf65e 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/scatterlist.h b/include/linux/scatterlist.h -index a964f72..b475afb 100644 +index ed8f9e7..999bc96 100644 --- a/include/linux/scatterlist.h +++ b/include/linux/scatterlist.h @@ -1,6 +1,7 @@ @@ -86874,10 +83663,10 @@ index a964f72..b475afb 100644 } diff --git a/include/linux/sched.h b/include/linux/sched.h -index 0376b05..82054c2 100644 +index b867a4d..84f03ad 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -131,6 +131,7 @@ struct fs_struct; +@@ -132,6 +132,7 @@ struct fs_struct; struct perf_event_context; struct blk_plug; struct filename; @@ -86975,7 +83764,7 @@ index 0376b05..82054c2 100644 atomic_t usage; unsigned int flags; /* per process flags, defined below */ unsigned int ptrace; -@@ -1349,8 +1385,8 @@ struct task_struct { +@@ -1345,8 +1381,8 @@ struct task_struct { struct list_head thread_node; struct completion *vfork_done; /* for vfork() */ @@ -86986,7 +83775,7 @@ index 0376b05..82054c2 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1375,11 +1411,6 @@ struct task_struct { +@@ -1371,11 +1407,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -86998,7 +83787,7 @@ index 0376b05..82054c2 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1396,6 +1427,10 @@ struct task_struct { +@@ -1393,6 +1424,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -87009,7 +83798,7 @@ index 0376b05..82054c2 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1472,6 +1507,10 @@ struct task_struct { +@@ -1467,6 +1502,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -87020,7 +83809,7 @@ index 0376b05..82054c2 100644 /* journalling filesystem info */ void *journal_info; -@@ -1510,6 +1549,10 @@ struct task_struct { +@@ -1505,6 +1544,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -87031,7 +83820,7 @@ index 0376b05..82054c2 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1655,7 +1698,78 @@ struct task_struct { +@@ -1644,7 +1687,78 @@ struct task_struct { unsigned int sequential_io; unsigned int sequential_io_avg; #endif @@ -87111,7 +83900,7 @@ index 0376b05..82054c2 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1737,7 +1851,7 @@ struct pid_namespace; +@@ -1726,7 +1840,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -87120,7 +83909,7 @@ index 0376b05..82054c2 100644 { return tsk->pid; } -@@ -2084,6 +2198,25 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2095,6 +2209,25 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -87146,7 +83935,7 @@ index 0376b05..82054c2 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2217,7 +2350,9 @@ void yield(void); +@@ -2228,7 +2361,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -87156,7 +83945,7 @@ index 0376b05..82054c2 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2250,6 +2385,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2261,6 +2396,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -87164,7 +83953,7 @@ index 0376b05..82054c2 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2412,7 +2548,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2425,7 +2561,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -87173,7 +83962,7 @@ index 0376b05..82054c2 100644 extern int do_execve(struct filename *, const char __user * const __user *, -@@ -2614,9 +2750,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2640,9 +2776,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -87197,20 +83986,8 @@ index 596a0e0..bea77ec 100644 extern unsigned int sysctl_sched_latency; extern unsigned int sysctl_sched_min_granularity; -diff --git a/include/linux/seccomp.h b/include/linux/seccomp.h -index 4054b09..6f19cfd 100644 ---- a/include/linux/seccomp.h -+++ b/include/linux/seccomp.h -@@ -76,6 +76,7 @@ static inline int seccomp_mode(struct seccomp *s) - #ifdef CONFIG_SECCOMP_FILTER - extern void put_seccomp_filter(struct task_struct *tsk); - extern void get_seccomp_filter(struct task_struct *tsk); -+extern u32 seccomp_bpf_load(int off); - #else /* CONFIG_SECCOMP_FILTER */ - static inline void put_seccomp_filter(struct task_struct *tsk) - { diff --git a/include/linux/security.h b/include/linux/security.h -index 9c6b972..7e7c704 100644 +index 623f90e..90b39da 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -27,6 +27,7 @@ @@ -87230,7 +84007,7 @@ index 9c6b972..7e7c704 100644 #ifdef CONFIG_MMU extern unsigned long mmap_min_addr; extern unsigned long dac_mmap_min_addr; -@@ -1719,7 +1718,7 @@ struct security_operations { +@@ -1729,7 +1728,7 @@ struct security_operations { struct audit_context *actx); void (*audit_rule_free) (void *lsmrule); #endif /* CONFIG_AUDIT */ @@ -87291,25 +84068,25 @@ index 52e0097..383f21d 100644 int single_release(struct inode *, struct file *); void *__seq_open_private(struct file *, const struct seq_operations *, int); diff --git a/include/linux/shm.h b/include/linux/shm.h -index 57d7770..0936af6 100644 +index 6fb8016..ab4465e 100644 --- a/include/linux/shm.h +++ b/include/linux/shm.h -@@ -20,6 +20,10 @@ struct shmid_kernel /* private to the kernel */ - +@@ -22,6 +22,10 @@ struct shmid_kernel /* private to the kernel */ /* The task created the shm object. NULL if the task is dead. */ struct task_struct *shm_creator; + struct list_head shm_clist; /* list by creator */ +#ifdef CONFIG_GRKERNSEC -+ time_t shm_createtime; ++ u64 shm_createtime; + pid_t shm_lapid; +#endif }; /* shm_mode upper byte flags */ diff --git a/include/linux/signal.h b/include/linux/signal.h -index c9e6536..923b302 100644 +index 750196f..ae7a3a4 100644 --- a/include/linux/signal.h +++ b/include/linux/signal.h -@@ -293,7 +293,7 @@ static inline void allow_signal(int sig) +@@ -292,7 +292,7 @@ static inline void allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -87319,10 +84096,10 @@ index c9e6536..923b302 100644 static inline void disallow_signal(int sig) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index ec89301..4fd29a6 100644 +index abde271..bc9ece1 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -725,7 +725,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, +@@ -728,7 +728,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags, int node); struct sk_buff *build_skb(void *data, unsigned int frag_size); @@ -87331,7 +84108,7 @@ index ec89301..4fd29a6 100644 gfp_t priority) { return __alloc_skb(size, priority, 0, NUMA_NO_NODE); -@@ -1839,7 +1839,7 @@ static inline u32 skb_inner_network_header_len(const struct sk_buff *skb) +@@ -1845,7 +1845,7 @@ static inline u32 skb_inner_network_header_len(const struct sk_buff *skb) return skb->inner_transport_header - skb->inner_network_header; } @@ -87340,7 +84117,7 @@ index ec89301..4fd29a6 100644 { return skb_network_header(skb) - skb->data; } -@@ -1911,7 +1911,7 @@ static inline void skb_pop_rcv_encapsulation(struct sk_buff *skb) +@@ -1917,7 +1917,7 @@ static inline void skb_pop_rcv_encapsulation(struct sk_buff *skb) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -87349,7 +84126,7 @@ index ec89301..4fd29a6 100644 #endif int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2518,7 +2518,7 @@ struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, +@@ -2524,7 +2524,7 @@ struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -87358,16 +84135,7 @@ index ec89301..4fd29a6 100644 struct iovec *to, int size); int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen, struct iovec *iov); -@@ -2664,6 +2664,8 @@ static inline ktime_t net_invalid_timestamp(void) - return ktime_set(0, 0); - } - -+void skb_timestamping_init(void); -+ - #ifdef CONFIG_NETWORK_PHY_TIMESTAMPING - - void skb_clone_tx_timestamp(struct sk_buff *skb); -@@ -2907,6 +2909,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2918,6 +2918,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -87614,7 +84382,7 @@ index 70736b9..37f33db 100644 #ifdef __KERNEL__ diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h -index 1bc7cd0..7912dc2 100644 +index cf61ecd..a4a9bc0 100644 --- a/include/linux/sunrpc/svc.h +++ b/include/linux/sunrpc/svc.h @@ -417,7 +417,7 @@ struct svc_procedure { @@ -87627,7 +84395,7 @@ index 1bc7cd0..7912dc2 100644 /* * Function prototypes. diff --git a/include/linux/sunrpc/svc_rdma.h b/include/linux/sunrpc/svc_rdma.h -index 5cf99a0..c0a1b98 100644 +index 975da75..318c083 100644 --- a/include/linux/sunrpc/svc_rdma.h +++ b/include/linux/sunrpc/svc_rdma.h @@ -53,15 +53,15 @@ extern unsigned int svcrdma_ord; @@ -87683,7 +84451,7 @@ index e7a018e..49f8b17 100644 extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, unsigned long offset, size_t size, diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index b0881a0..559a440 100644 +index 0f86d85..dff3419 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -98,10 +98,16 @@ struct sigaltstack; @@ -87704,7 +84472,7 @@ index b0881a0..559a440 100644 #define __SC_CAST(t, a) (t) a #define __SC_ARGS(t, a) a #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long)) -@@ -379,11 +385,11 @@ asmlinkage long sys_sync(void); +@@ -383,11 +389,11 @@ asmlinkage long sys_sync(void); asmlinkage long sys_fsync(unsigned int fd); asmlinkage long sys_fdatasync(unsigned int fd); asmlinkage long sys_bdflush(int func, long data); @@ -87720,7 +84488,7 @@ index b0881a0..559a440 100644 asmlinkage long sys_truncate(const char __user *path, long length); asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length); asmlinkage long sys_stat(const char __user *filename, -@@ -595,7 +601,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); +@@ -599,7 +605,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *); asmlinkage long sys_send(int, void __user *, size_t, unsigned); asmlinkage long sys_sendto(int, void __user *, size_t, unsigned, @@ -87743,17 +84511,10 @@ index 27b3b0b..e093dd9 100644 extern void register_syscore_ops(struct syscore_ops *ops); extern void unregister_syscore_ops(struct syscore_ops *ops); diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 14a8ff2..fa95f3a 100644 +index b7361f8..341a15a 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h -@@ -34,13 +34,13 @@ struct ctl_table_root; - struct ctl_table_header; - struct ctl_dir; - --typedef struct ctl_table ctl_table; -- - typedef int proc_handler (struct ctl_table *ctl, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); +@@ -39,6 +39,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write, extern int proc_dostring(struct ctl_table *, int, void __user *, size_t *, loff_t *); @@ -87762,14 +84523,13 @@ index 14a8ff2..fa95f3a 100644 extern int proc_dointvec(struct ctl_table *, int, void __user *, size_t *, loff_t *); extern int proc_dointvec_minmax(struct ctl_table *, int, -@@ -115,7 +115,9 @@ struct ctl_table +@@ -113,7 +115,8 @@ struct ctl_table struct ctl_table_poll *poll; void *extra1; void *extra2; -}; +} __do_const __randomize_layout; +typedef struct ctl_table __no_const ctl_table_no_const; -+typedef struct ctl_table ctl_table; struct ctl_node { struct rb_node node; @@ -87847,7 +84607,7 @@ index ff307b5..f1a4468 100644 #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index 1c3316a..ae83b9f 100644 +index 8413294..44391c7 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -202,7 +202,7 @@ struct tty_port { @@ -87868,7 +84628,7 @@ index 1c3316a..ae83b9f 100644 /* Each of a tty's open files has private_data pointing to tty_file_private */ struct tty_file_private { -@@ -550,7 +550,7 @@ extern int tty_port_open(struct tty_port *port, +@@ -548,7 +548,7 @@ extern int tty_port_open(struct tty_port *port, struct tty_struct *tty, struct file *filp); static inline int tty_port_users(struct tty_port *port) { @@ -87878,10 +84638,10 @@ index 1c3316a..ae83b9f 100644 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h -index 756a609..89db85e 100644 +index e48c608..6a19af2 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h -@@ -285,7 +285,7 @@ struct tty_operations { +@@ -287,7 +287,7 @@ struct tty_operations { void (*poll_put_char)(struct tty_driver *driver, int line, char ch); #endif const struct file_operations *proc_fops; @@ -87890,7 +84650,7 @@ index 756a609..89db85e 100644 struct tty_driver { int magic; /* magic number for this structure */ -@@ -319,7 +319,7 @@ struct tty_driver { +@@ -321,7 +321,7 @@ struct tty_driver { const struct tty_operations *ops; struct list_head tty_drivers; @@ -88050,7 +84810,7 @@ index d2465bc..5256de4 100644 void *data, int len, int *actual_length, int timeout); extern int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe, diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h -index e452ba6..78f8e80 100644 +index d5952bb..9a626d4 100644 --- a/include/linux/usb/renesas_usbhs.h +++ b/include/linux/usb/renesas_usbhs.h @@ -39,7 +39,7 @@ enum { @@ -88063,7 +84823,7 @@ index e452ba6..78f8e80 100644 /* * callback functions for platform diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 4836ba3..603f6ee 100644 +index e953726..8edb26a 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h @@ -33,7 +33,7 @@ struct user_namespace { @@ -88165,7 +84925,7 @@ index b483abd..af305ad 100644 #endif #endif /* _LINUX_VGA_SWITCHEROO_H_ */ diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 4b8a891..e9a2863 100644 +index b87696f..1d11de7 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -16,6 +16,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -88293,7 +85053,7 @@ index 91b0a68..0e9adf6 100644 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int); diff --git a/include/linux/zlib.h b/include/linux/zlib.h -index 9c5a6b4..09c9438 100644 +index 92dbbd3..13ab0b3 100644 --- a/include/linux/zlib.h +++ b/include/linux/zlib.h @@ -31,6 +31,7 @@ @@ -88314,10 +85074,10 @@ index 9c5a6b4..09c9438 100644 Returns the number of bytes that needs to be allocated for a per- stream workspace with the specified parameters. A pointer to this diff --git a/include/media/v4l2-dev.h b/include/media/v4l2-dev.h -index eec6e46..82d5641 100644 +index eb76cfd..9fd0e7c 100644 --- a/include/media/v4l2-dev.h +++ b/include/media/v4l2-dev.h -@@ -77,7 +77,7 @@ struct v4l2_file_operations { +@@ -75,7 +75,7 @@ struct v4l2_file_operations { int (*mmap) (struct file *, struct vm_area_struct *); int (*open) (struct file *); int (*release) (struct file *); @@ -88366,13 +85126,13 @@ index a175ba4..196eb82 100644 #define UNIXCB(skb) (*(struct unix_skb_parms *)&((skb)->cb)) #define UNIXSID(skb) (&UNIXCB((skb)).secid) diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h -index 4abdcb2..945c5cc 100644 +index 8df15ad..837fbedd 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h -@@ -601,7 +601,7 @@ struct l2cap_ops { - long (*get_sndtimeo) (struct l2cap_chan *chan); - struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan, - unsigned long len, int nb); +@@ -608,7 +608,7 @@ struct l2cap_ops { + unsigned char *kdata, + struct iovec *iov, + int len); -}; +} __do_const; @@ -88415,7 +85175,7 @@ index 8109a15..504466d 100644 #endif diff --git a/include/net/genetlink.h b/include/net/genetlink.h -index 93695f0..766d71c 100644 +index af10c2c..a431cc5 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -120,7 +120,7 @@ struct genl_ops { @@ -88441,13 +85201,13 @@ index 734d9b5..48a9a4b 100644 return; } diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index 7a43138..bc76865 100644 +index 5fbe656..9ed3d8b 100644 --- a/include/net/inet_connection_sock.h +++ b/include/net/inet_connection_sock.h -@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { - void (*addr2sockaddr)(struct sock *sk, struct sockaddr *); +@@ -63,7 +63,7 @@ struct inet_connection_sock_af_ops { int (*bind_conflict)(const struct sock *sk, const struct inet_bind_bucket *tb, bool relax); + void (*mtu_reduced)(struct sock *sk); -}; +} __do_const; @@ -88467,10 +85227,10 @@ index 01d590e..f69c61d 100644 struct rcu_head rcu; struct inet_peer *gc_next; diff --git a/include/net/ip.h b/include/net/ip.h -index 7596eb2..f7f5fad 100644 +index db4a771..965a42a 100644 --- a/include/net/ip.h +++ b/include/net/ip.h -@@ -309,7 +309,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) +@@ -316,7 +316,7 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) } } @@ -88621,10 +85381,10 @@ index 567c681..cd73ac02 100644 struct llc_sap_state { u8 curr_state; diff --git a/include/net/mac80211.h b/include/net/mac80211.h -index 421b6ec..5a03729 100644 +index dae2e24..89336e6 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h -@@ -4588,7 +4588,7 @@ struct rate_control_ops { +@@ -4650,7 +4650,7 @@ struct rate_control_ops { void (*remove_sta_debugfs)(void *priv, void *priv_sta); u32 (*get_expected_throughput)(void *priv_sta); @@ -88656,7 +85416,7 @@ index 47f4254..fd095bc 100644 static inline int neigh_parms_family(struct neigh_parms *p) { diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index 361d260..903d15f 100644 +index e0d6466..e2f3003 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -129,8 +129,8 @@ struct net { @@ -88691,7 +85451,7 @@ index 361d260..903d15f 100644 /* * Use these carefully. If you implement a network device and it -@@ -344,23 +348,23 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) +@@ -344,12 +348,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) static inline int rt_genid_ipv4(struct net *net) { @@ -88705,21 +85465,8 @@ index 361d260..903d15f 100644 + atomic_inc_unchecked(&net->ipv4.rt_genid); } - #if IS_ENABLED(CONFIG_IPV6) - static inline int rt_genid_ipv6(struct net *net) - { -- return atomic_read(&net->ipv6.rt_genid); -+ return atomic_read_unchecked(&net->ipv6.rt_genid); - } - - static inline void rt_genid_bump_ipv6(struct net *net) - { -- atomic_inc(&net->ipv6.rt_genid); -+ atomic_inc_unchecked(&net->ipv6.rt_genid); - } - #else - static inline int rt_genid_ipv6(struct net *net) -@@ -390,12 +394,12 @@ static inline void rt_genid_bump_all(struct net *net) + extern void (*__fib6_flush_trees)(struct net *net); +@@ -376,12 +380,12 @@ static inline void rt_genid_bump_all(struct net *net) static inline int fnhe_genid(struct net *net) { @@ -88748,7 +85495,7 @@ index 8ba8ce2..99b7fff 100644 size_t len, struct dma_pinned_list *pinned_list); diff --git a/include/net/netlink.h b/include/net/netlink.h -index 2b47eaa..6d5bcc2 100644 +index 6c10762..3e5de0c 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h @@ -521,7 +521,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) @@ -88761,10 +85508,10 @@ index 2b47eaa..6d5bcc2 100644 /** diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h -index 773cce3..6a11852 100644 +index 29d6a94..235d3d8 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h -@@ -13,10 +13,10 @@ struct nf_conntrack_ecache; +@@ -14,10 +14,10 @@ struct nf_conntrack_ecache; struct nf_proto_net { #ifdef CONFIG_SYSCTL struct ctl_table_header *ctl_table_header; @@ -88777,7 +85524,7 @@ index 773cce3..6a11852 100644 #endif #endif unsigned int users; -@@ -59,7 +59,7 @@ struct nf_ip_net { +@@ -60,7 +60,7 @@ struct nf_ip_net { struct nf_icmp_net icmpv6; #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) struct ctl_table_header *ctl_table_header; @@ -88808,10 +85555,10 @@ index aec5e12..807233f 100644 }; #endif diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h -index 19d3446..3c87195 100644 +index eade27a..42894dd 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h -@@ -74,8 +74,8 @@ struct netns_ipv6 { +@@ -75,8 +75,8 @@ struct netns_ipv6 { struct fib_rules_ops *mr6_rules_ops; #endif #endif @@ -88871,7 +85618,7 @@ index d6fcc1f..ca277058 100644 #define INET6_PROTO_NOPOLICY 0x1 #define INET6_PROTO_FINAL 0x2 diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h -index 72240e5..8c14bef 100644 +index e21b9f9..0191ef0 100644 --- a/include/net/rtnetlink.h +++ b/include/net/rtnetlink.h @@ -93,7 +93,7 @@ struct rtnl_link_ops { @@ -88921,12 +85668,12 @@ index 7f4eeb3..37e8fe1 100644 /* Get the size of a DATA chunk payload. */ diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index f38588bf..94c1795 100644 +index 4ff3f67..89ae38e 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h -@@ -507,7 +507,7 @@ struct sctp_pf { - struct sctp_association *asoc); - void (*addr_v4map) (struct sctp_sock *, union sctp_addr *); +@@ -509,7 +509,7 @@ struct sctp_pf { + void (*to_sk_saddr)(union sctp_addr *, struct sock *sk); + void (*to_sk_daddr)(union sctp_addr *, struct sock *sk); struct sctp_af *af; -}; +} __do_const; @@ -88934,10 +85681,10 @@ index f38588bf..94c1795 100644 /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 1563507..20d5d0e 100644 +index b9a5bd0..dcd5f3c 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -349,7 +349,7 @@ struct sock { +@@ -356,7 +356,7 @@ struct sock { unsigned int sk_napi_id; unsigned int sk_ll_usec; #endif @@ -88946,7 +85693,7 @@ index 1563507..20d5d0e 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1038,7 +1038,7 @@ struct proto { +@@ -1053,7 +1053,7 @@ struct proto { void (*destroy_cgroup)(struct mem_cgroup *memcg); struct cg_proto *(*proto_cgroup)(struct mem_cgroup *memcg); #endif @@ -88955,7 +85702,7 @@ index 1563507..20d5d0e 100644 /* * Bits in struct cg_proto.flags -@@ -1225,7 +1225,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) +@@ -1240,7 +1240,7 @@ static inline u64 memcg_memory_allocated_read(struct cg_proto *prot) return ret >> PAGE_SHIFT; } @@ -88964,7 +85711,7 @@ index 1563507..20d5d0e 100644 sk_memory_allocated(const struct sock *sk) { struct proto *prot = sk->sk_prot; -@@ -1370,7 +1370,7 @@ struct sock_iocb { +@@ -1385,7 +1385,7 @@ struct sock_iocb { struct scm_cookie *scm; struct msghdr *msg, async_msg; struct kiocb *kiocb; @@ -88973,41 +85720,7 @@ index 1563507..20d5d0e 100644 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb) { -@@ -1623,6 +1623,33 @@ void sk_common_release(struct sock *sk); - /* Initialise core socket variables */ - void sock_init_data(struct socket *sock, struct sock *sk); - -+void sk_filter_release_rcu(struct rcu_head *rcu); -+ -+/** -+ * sk_filter_release - release a socket filter -+ * @fp: filter to remove -+ * -+ * Remove a filter from a socket and release its resources. -+ */ -+ -+static inline void sk_filter_release(struct sk_filter *fp) -+{ -+ if (atomic_dec_and_test(&fp->refcnt)) -+ call_rcu(&fp->rcu, sk_filter_release_rcu); -+} -+ -+static inline void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) -+{ -+ atomic_sub(sk_filter_size(fp->len), &sk->sk_omem_alloc); -+ sk_filter_release(fp); -+} -+ -+static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp) -+{ -+ atomic_inc(&fp->refcnt); -+ atomic_add(sk_filter_size(fp->len), &sk->sk_omem_alloc); -+} -+ - /* - * Socket reference counting postulates. - * -@@ -1805,7 +1832,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1820,7 +1820,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -89016,7 +85729,7 @@ index 1563507..20d5d0e 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2067,7 +2094,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2091,7 +2091,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -89026,10 +85739,10 @@ index 1563507..20d5d0e 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 7286db8..f1aa7dc 100644 +index 590e01a..76498f3 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -535,7 +535,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -523,7 +523,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -89038,7 +85751,7 @@ index 7286db8..f1aa7dc 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -708,8 +708,8 @@ struct tcp_skb_cb { +@@ -696,8 +696,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -89049,7 +85762,7 @@ index 7286db8..f1aa7dc 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -723,7 +723,7 @@ struct tcp_skb_cb { +@@ -713,7 +713,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -89159,10 +85872,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 758bc9f..9b14934 100644 +index 1a0d184..4fb841f 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -188,9 +188,9 @@ struct scsi_device { +@@ -185,9 +185,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -89176,10 +85889,10 @@ index 758bc9f..9b14934 100644 struct device sdev_gendev, sdev_dev; diff --git a/include/scsi/scsi_transport_fc.h b/include/scsi/scsi_transport_fc.h -index 8c79980..723f6f9 100644 +index 007a0bc..7188db8 100644 --- a/include/scsi/scsi_transport_fc.h +++ b/include/scsi/scsi_transport_fc.h -@@ -752,7 +752,8 @@ struct fc_function_template { +@@ -756,7 +756,8 @@ struct fc_function_template { unsigned long show_host_system_hostname:1; unsigned long disable_target_scan:1; @@ -89203,10 +85916,10 @@ index ae6c3b8..fd748ac 100644 /** * struct snd_compr: Compressed device diff --git a/include/sound/soc.h b/include/sound/soc.h -index ed9e2d7..aad0887 100644 +index c83a334..27c8038 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -798,7 +798,7 @@ struct snd_soc_codec_driver { +@@ -817,7 +817,7 @@ struct snd_soc_codec_driver { /* probe ordering - for components with runtime dependencies */ int probe_order; int remove_order; @@ -89215,14 +85928,14 @@ index ed9e2d7..aad0887 100644 /* SoC platform interface */ struct snd_soc_platform_driver { -@@ -845,7 +845,7 @@ struct snd_soc_platform_driver { +@@ -861,7 +861,7 @@ struct snd_soc_platform_driver { unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); int (*bespoke_trigger)(struct snd_pcm_substream *, int); -}; +} __do_const; - struct snd_soc_platform { + struct snd_soc_dai_link_component { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h index 9ec9864..e2ee1ee 100644 @@ -89297,7 +86010,7 @@ index 0000000..fb634b7 +/* This part must be outside protection */ +#include <trace/define_trace.h> diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h -index 1c09820..7f5ec79 100644 +index 3608beb..df39d8a 100644 --- a/include/trace/events/irq.h +++ b/include/trace/events/irq.h @@ -36,7 +36,7 @@ struct softirq_action; @@ -89548,7 +86261,7 @@ index 0e011eb..82681b1 100644 #ifdef __HAVE_BUILTIN_BSWAP64__ return __builtin_bswap64(val); diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h -index 6d67213..552fdd9 100644 +index 43aaba1..1c30b48 100644 --- a/include/uapi/linux/sysctl.h +++ b/include/uapi/linux/sysctl.h @@ -155,8 +155,6 @@ enum @@ -89561,18 +86274,18 @@ index 6d67213..552fdd9 100644 enum { diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h -index 168ff50..a921df2 100644 +index 778a329..1416ffb 100644 --- a/include/uapi/linux/videodev2.h +++ b/include/uapi/linux/videodev2.h -@@ -1253,7 +1253,7 @@ struct v4l2_ext_control { +@@ -1285,7 +1285,7 @@ struct v4l2_ext_control { union { __s32 value; __s64 value64; - char *string; + char __user *string; - }; - } __attribute__ ((packed)); - + __u8 *p_u8; + __u16 *p_u16; + __u32 *p_u32; diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h index 1590c49..5eab462 100644 --- a/include/uapi/linux/xattr.h @@ -89619,10 +86332,10 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 35685a4..f8e6d37 100644 +index 80a6907..baf7d53 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1105,6 +1105,7 @@ endif # CGROUPS +@@ -1150,6 +1150,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -89630,7 +86343,7 @@ index 35685a4..f8e6d37 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1590,7 +1591,7 @@ config SLUB_DEBUG +@@ -1635,7 +1636,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -89639,7 +86352,7 @@ index 35685a4..f8e6d37 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1878,7 +1879,7 @@ config INIT_ALL_POSSIBLE +@@ -1923,7 +1924,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -89877,10 +86590,19 @@ index ba0a7f36..2bcf1d5 100644 { INIT_THREAD_INFO(init_task) }; +#endif diff --git a/init/initramfs.c b/init/initramfs.c -index a8497fa..35b3c90 100644 +index bece48c..e911bd8 100644 --- a/init/initramfs.c +++ b/init/initramfs.c -@@ -84,7 +84,7 @@ static void __init free_hash(void) +@@ -25,7 +25,7 @@ static ssize_t __init xwrite(int fd, const char *p, size_t count) + + /* sys_write only can write MAX_RW_COUNT aka 2G-4K bytes at most */ + while (count) { +- ssize_t rv = sys_write(fd, p, count); ++ ssize_t rv = sys_write(fd, (char __force_user *)p, count); + + if (rv < 0) { + if (rv == -EINTR || rv == -EAGAIN) +@@ -107,7 +107,7 @@ static void __init free_hash(void) } } @@ -89889,7 +86611,7 @@ index a8497fa..35b3c90 100644 { struct timespec t[2]; -@@ -119,7 +119,7 @@ static void __init dir_utime(void) +@@ -142,7 +142,7 @@ static void __init dir_utime(void) struct dir_entry *de, *tmp; list_for_each_entry_safe(de, tmp, &dir_list, list) { list_del(&de->list); @@ -89898,7 +86620,7 @@ index a8497fa..35b3c90 100644 kfree(de->name); kfree(de); } -@@ -281,7 +281,7 @@ static int __init maybe_link(void) +@@ -304,7 +304,7 @@ static int __init maybe_link(void) if (nlink >= 2) { char *old = find_link(major, minor, ino, mode, collected); if (old) @@ -89907,7 +86629,7 @@ index a8497fa..35b3c90 100644 } return 0; } -@@ -290,11 +290,11 @@ static void __init clean_path(char *path, umode_t mode) +@@ -313,11 +313,11 @@ static void __init clean_path(char *path, umode_t mode) { struct stat st; @@ -89922,7 +86644,7 @@ index a8497fa..35b3c90 100644 } } -@@ -315,7 +315,7 @@ static int __init do_name(void) +@@ -338,7 +338,7 @@ static int __init do_name(void) int openflags = O_WRONLY|O_CREAT; if (ml != 1) openflags |= O_TRUNC; @@ -89931,7 +86653,7 @@ index a8497fa..35b3c90 100644 if (wfd >= 0) { sys_fchown(wfd, uid, gid); -@@ -327,17 +327,17 @@ static int __init do_name(void) +@@ -350,17 +350,17 @@ static int __init do_name(void) } } } else if (S_ISDIR(mode)) { @@ -89956,26 +86678,16 @@ index a8497fa..35b3c90 100644 } } return 0; -@@ -346,15 +346,15 @@ static int __init do_name(void) - static int __init do_copy(void) - { - if (count >= body_len) { -- sys_write(wfd, victim, body_len); -+ sys_write(wfd, (char __force_user *)victim, body_len); +@@ -372,7 +372,7 @@ static int __init do_copy(void) + if (xwrite(wfd, victim, body_len) != body_len) + error("write error"); sys_close(wfd); - do_utime(vcollected, mtime); + do_utime((char __force_user *)vcollected, mtime); kfree(vcollected); eat(body_len); state = SkipIt; - return 0; - } else { -- sys_write(wfd, victim, count); -+ sys_write(wfd, (char __force_user *)victim, count); - body_len -= count; - eat(count); - return 1; -@@ -365,9 +365,9 @@ static int __init do_symlink(void) +@@ -390,9 +390,9 @@ static int __init do_symlink(void) { collected[N_ALIGN(name_len) + body_len] = '\0'; clean_path(collected, 0); @@ -89989,7 +86701,7 @@ index a8497fa..35b3c90 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index e8ae1fe..f60f98c 100644 +index bb1aed9..64f9745 100644 --- a/init/main.c +++ b/init/main.c @@ -98,6 +98,8 @@ extern void radix_tree_init(void); @@ -90074,10 +86786,10 @@ index e8ae1fe..f60f98c 100644 +__setup("pax_softmode=", setup_pax_softmode); +#endif + - static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; - const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; + static const char *argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; + const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -727,7 +798,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) +@@ -728,7 +799,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) struct blacklist_entry *entry; char *fn_name; @@ -90086,7 +86798,7 @@ index e8ae1fe..f60f98c 100644 if (!fn_name) return false; -@@ -779,7 +850,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -780,7 +851,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -90095,7 +86807,7 @@ index e8ae1fe..f60f98c 100644 if (initcall_blacklisted(fn)) return -EPERM; -@@ -789,18 +860,17 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -790,18 +861,17 @@ int __init_or_module do_one_initcall(initcall_t fn) else ret = fn(); @@ -90118,7 +86830,7 @@ index e8ae1fe..f60f98c 100644 return ret; } -@@ -907,8 +977,8 @@ static int run_init_process(const char *init_filename) +@@ -908,8 +978,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -90129,7 +86841,7 @@ index e8ae1fe..f60f98c 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -925,6 +995,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -926,6 +996,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -90140,7 +86852,7 @@ index e8ae1fe..f60f98c 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -949,6 +1023,11 @@ static int __ref kernel_init(void *unused) +@@ -950,6 +1024,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -90152,7 +86864,7 @@ index e8ae1fe..f60f98c 100644 /* * We try each of these until one succeeds. * -@@ -1004,7 +1083,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -1005,7 +1084,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -90161,7 +86873,7 @@ index e8ae1fe..f60f98c 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -1017,11 +1096,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -1018,11 +1097,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -90273,7 +86985,7 @@ index 4fcf39a..d3cc2ec 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/shm.c b/ipc/shm.c -index 89fc354..cf56786 100644 +index 7fc9f9f..95e201f 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -72,6 +72,14 @@ static void shm_destroy(struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -90282,31 +86994,26 @@ index 89fc354..cf56786 100644 +#ifdef CONFIG_GRKERNSEC +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const kuid_t cuid, ++ const u64 shm_createtime, const kuid_t cuid, + const int shmid); +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime); ++ const u64 shm_createtime); +#endif + void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -557,6 +565,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -559,6 +567,9 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); +#ifdef CONFIG_GRKERNSEC -+ { -+ struct timespec timeval; -+ do_posix_clock_monotonic_gettime(&timeval); -+ -+ shp->shm_createtime = timeval.tv_sec; -+ } ++ shp->shm_createtime = ktime_get_ns(); +#endif shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -1092,6 +1108,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1095,6 +1106,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -90319,7 +87026,7 @@ index 89fc354..cf56786 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1116,6 +1138,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1119,6 +1136,15 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -90335,7 +87042,7 @@ index 89fc354..cf56786 100644 ipc_lock_object(&shp->shm_perm); /* check if shm_destroy() is tearing down shp */ -@@ -1128,6 +1159,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1131,6 +1157,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, path = shp->shm_file->f_path; path_get(&path); shp->shm_nattch++; @@ -90369,19 +87076,6 @@ index 27d74e6..8be0be2 100644 /* is there some bit set in requested_mode but not in granted_mode? */ if ((requested_mode & ~granted_mode & 0007) && !ns_capable(ns->user_ns, CAP_IPC_OWNER)) -diff --git a/kernel/acct.c b/kernel/acct.c -index 808a86f..da69695 100644 ---- a/kernel/acct.c -+++ b/kernel/acct.c -@@ -556,7 +556,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, - */ - flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; - current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; -- file->f_op->write(file, (char *)&ac, -+ file->f_op->write(file, (char __force_user *)&ac, - sizeof(acct_t), &file->f_pos); - current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; - set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c index ba2ff5a..c6c0deb 100644 --- a/kernel/audit.c @@ -90444,6 +87138,115 @@ index 21eae3c..66db239 100644 task->sessionid = sessionid; task->loginuid = loginuid; +diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c +index 7f0dbcb..b54bb2c 100644 +--- a/kernel/bpf/core.c ++++ b/kernel/bpf/core.c +@@ -22,6 +22,7 @@ + */ + #include <linux/filter.h> + #include <linux/skbuff.h> ++#include <linux/vmalloc.h> + #include <asm/unaligned.h> + + /* Registers */ +@@ -63,6 +64,67 @@ void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb, int k, uns + return NULL; + } + ++struct bpf_prog *bpf_prog_alloc(unsigned int size, gfp_t gfp_extra_flags) ++{ ++ gfp_t gfp_flags = GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO | ++ gfp_extra_flags; ++ struct bpf_work_struct *ws; ++ struct bpf_prog *fp; ++ ++ size = round_up(size, PAGE_SIZE); ++ fp = __vmalloc(size, gfp_flags, PAGE_KERNEL); ++ if (fp == NULL) ++ return NULL; ++ ++ ws = kmalloc(sizeof(*ws), GFP_KERNEL | gfp_extra_flags); ++ if (ws == NULL) { ++ vfree(fp); ++ return NULL; ++ } ++ ++ fp->pages = size / PAGE_SIZE; ++ fp->work = ws; ++ ++ return fp; ++} ++EXPORT_SYMBOL_GPL(bpf_prog_alloc); ++ ++struct bpf_prog *bpf_prog_realloc(struct bpf_prog *fp_old, unsigned int size, ++ gfp_t gfp_extra_flags) ++{ ++ gfp_t gfp_flags = GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO | ++ gfp_extra_flags; ++ struct bpf_prog *fp; ++ ++ BUG_ON(fp_old == NULL); ++ ++ size = round_up(size, PAGE_SIZE); ++ if (size <= fp_old->pages * PAGE_SIZE) ++ return fp_old; ++ ++ fp = __vmalloc(size, gfp_flags, PAGE_KERNEL); ++ if (fp != NULL) { ++ memcpy(fp, fp_old, fp_old->pages * PAGE_SIZE); ++ fp->pages = size / PAGE_SIZE; ++ ++ /* We keep fp->work from fp_old around in the new ++ * reallocated structure. ++ */ ++ fp_old->work = NULL; ++ __bpf_prog_free(fp_old); ++ } ++ ++ return fp; ++} ++EXPORT_SYMBOL_GPL(bpf_prog_realloc); ++ ++void __bpf_prog_free(struct bpf_prog *fp) ++{ ++ kfree(fp->work); ++ vfree(fp); ++} ++EXPORT_SYMBOL_GPL(__bpf_prog_free); ++ + /* Base function for offset calculation. Needs to go into .text section, + * therefore keeping it non-static as well; will also be used by JITs + * anyway later on, so do not let the compiler omit it. +@@ -523,12 +585,26 @@ void bpf_prog_select_runtime(struct bpf_prog *fp) + + /* Probe if internal BPF can be JITed */ + bpf_int_jit_compile(fp); ++ /* Lock whole bpf_prog as read-only */ ++ bpf_prog_lock_ro(fp); + } + EXPORT_SYMBOL_GPL(bpf_prog_select_runtime); + +-/* free internal BPF program */ ++static void bpf_prog_free_deferred(struct work_struct *work) ++{ ++ struct bpf_work_struct *ws; ++ ++ ws = container_of(work, struct bpf_work_struct, work); ++ bpf_jit_free(ws->prog); ++} ++ ++/* Free internal BPF program */ + void bpf_prog_free(struct bpf_prog *fp) + { +- bpf_jit_free(fp); ++ struct bpf_work_struct *ws = fp->work; ++ ++ INIT_WORK(&ws->work, bpf_prog_free_deferred); ++ ws->prog = fp; ++ schedule_work(&ws->work); + } + EXPORT_SYMBOL_GPL(bpf_prog_free); diff --git a/kernel/capability.c b/kernel/capability.c index 989f5bf..d317ca0 100644 --- a/kernel/capability.c @@ -90543,10 +87346,10 @@ index 989f5bf..d317ca0 100644 +} +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 0a46b2a..53174d4 100644 +index 3a73f99..4f29fea 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5155,6 +5155,14 @@ static void cgroup_release_agent(struct work_struct *work) +@@ -5341,6 +5341,14 @@ static void cgroup_release_agent(struct work_struct *work) release_list); list_del_init(&cgrp->release_list); raw_spin_unlock(&release_list_lock); @@ -90561,7 +87364,7 @@ index 0a46b2a..53174d4 100644 pathbuf = kmalloc(PATH_MAX, GFP_KERNEL); if (!pathbuf) goto continue_free; -@@ -5345,7 +5353,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) +@@ -5539,7 +5547,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) struct task_struct *task; int count = 0; @@ -90571,7 +87374,7 @@ index 0a46b2a..53174d4 100644 list_for_each_entry(task, &cset->tasks, cg_list) { if (count++ > MAX_TASKS_SHOWN_PER_CSS) diff --git a/kernel/compat.c b/kernel/compat.c -index 633394f..bdfa969 100644 +index ebb3c36..1df606e 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -90600,7 +87403,7 @@ index 633394f..bdfa969 100644 HRTIMER_MODE_REL, CLOCK_MONOTONIC); set_fs(oldfs); -@@ -361,7 +362,7 @@ COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set) +@@ -379,7 +380,7 @@ COMPAT_SYSCALL_DEFINE1(sigpending, compat_old_sigset_t __user *, set) mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -90609,7 +87412,7 @@ index 633394f..bdfa969 100644 set_fs(old_fs); if (ret == 0) ret = put_user(s, set); -@@ -451,7 +452,7 @@ COMPAT_SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, +@@ -469,7 +470,7 @@ COMPAT_SYSCALL_DEFINE2(old_getrlimit, unsigned int, resource, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -90618,7 +87421,7 @@ index 633394f..bdfa969 100644 set_fs(old_fs); if (!ret) { -@@ -533,8 +534,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, +@@ -551,8 +552,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, set_fs (KERNEL_DS); ret = sys_wait4(pid, (stat_addr ? @@ -90629,7 +87432,7 @@ index 633394f..bdfa969 100644 set_fs (old_fs); if (ret > 0) { -@@ -560,8 +561,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, +@@ -578,8 +579,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, memset(&info, 0, sizeof(info)); set_fs(KERNEL_DS); @@ -90640,7 +87443,7 @@ index 633394f..bdfa969 100644 set_fs(old_fs); if ((ret < 0) || (info.si_signo == 0)) -@@ -695,8 +696,8 @@ COMPAT_SYSCALL_DEFINE4(timer_settime, timer_t, timer_id, int, flags, +@@ -713,8 +714,8 @@ COMPAT_SYSCALL_DEFINE4(timer_settime, timer_t, timer_id, int, flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_settime(timer_id, flags, @@ -90651,7 +87454,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); if (!err && old && put_compat_itimerspec(old, &oldts)) return -EFAULT; -@@ -713,7 +714,7 @@ COMPAT_SYSCALL_DEFINE2(timer_gettime, timer_t, timer_id, +@@ -731,7 +732,7 @@ COMPAT_SYSCALL_DEFINE2(timer_gettime, timer_t, timer_id, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_gettime(timer_id, @@ -90660,7 +87463,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); if (!err && put_compat_itimerspec(setting, &ts)) return -EFAULT; -@@ -732,7 +733,7 @@ COMPAT_SYSCALL_DEFINE2(clock_settime, clockid_t, which_clock, +@@ -750,7 +751,7 @@ COMPAT_SYSCALL_DEFINE2(clock_settime, clockid_t, which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_settime(which_clock, @@ -90669,7 +87472,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); return err; } -@@ -747,7 +748,7 @@ COMPAT_SYSCALL_DEFINE2(clock_gettime, clockid_t, which_clock, +@@ -765,7 +766,7 @@ COMPAT_SYSCALL_DEFINE2(clock_gettime, clockid_t, which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_gettime(which_clock, @@ -90678,7 +87481,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); if (!err && compat_put_timespec(&ts, tp)) return -EFAULT; -@@ -767,7 +768,7 @@ COMPAT_SYSCALL_DEFINE2(clock_adjtime, clockid_t, which_clock, +@@ -785,7 +786,7 @@ COMPAT_SYSCALL_DEFINE2(clock_adjtime, clockid_t, which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -90687,7 +87490,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); err = compat_put_timex(utp, &txc); -@@ -787,7 +788,7 @@ COMPAT_SYSCALL_DEFINE2(clock_getres, clockid_t, which_clock, +@@ -805,7 +806,7 @@ COMPAT_SYSCALL_DEFINE2(clock_getres, clockid_t, which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_getres(which_clock, @@ -90696,7 +87499,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); if (!err && tp && compat_put_timespec(&ts, tp)) return -EFAULT; -@@ -801,7 +802,7 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) +@@ -819,7 +820,7 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) struct timespec tu; struct compat_timespec __user *rmtp = restart->nanosleep.compat_rmtp; @@ -90705,7 +87508,7 @@ index 633394f..bdfa969 100644 oldfs = get_fs(); set_fs(KERNEL_DS); err = clock_nanosleep_restart(restart); -@@ -833,8 +834,8 @@ COMPAT_SYSCALL_DEFINE4(clock_nanosleep, clockid_t, which_clock, int, flags, +@@ -851,8 +852,8 @@ COMPAT_SYSCALL_DEFINE4(clock_nanosleep, clockid_t, which_clock, int, flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_nanosleep(which_clock, flags, @@ -90716,7 +87519,7 @@ index 633394f..bdfa969 100644 set_fs(oldfs); if ((err == -ERESTART_RESTARTBLOCK) && rmtp && -@@ -1128,7 +1129,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, +@@ -1146,7 +1147,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -90959,7 +87762,7 @@ index 1adf62b..7736e06 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 2f7c760..95b6a66 100644 +index 379650b..30c5180 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1977,7 +1977,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -90981,10 +87784,10 @@ index 2f7c760..95b6a66 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 2065959..5486cad 100644 +index 963bf13..a78dd3e 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -160,8 +160,15 @@ static struct srcu_struct pmus_srcu; +@@ -161,8 +161,15 @@ static struct srcu_struct pmus_srcu; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -91001,7 +87804,7 @@ index 2065959..5486cad 100644 /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -187,7 +194,7 @@ void update_perf_cpu_limits(void) +@@ -188,7 +195,7 @@ void update_perf_cpu_limits(void) tmp *= sysctl_perf_cpu_time_max_percent; do_div(tmp, 100); @@ -91010,7 +87813,7 @@ index 2065959..5486cad 100644 } static int perf_rotate_context(struct perf_cpu_context *cpuctx); -@@ -293,7 +300,7 @@ void perf_sample_event_took(u64 sample_len_ns) +@@ -294,7 +301,7 @@ void perf_sample_event_took(u64 sample_len_ns) } } @@ -91019,7 +87822,7 @@ index 2065959..5486cad 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -3033,7 +3040,7 @@ static void __perf_event_read(void *info) +@@ -3034,7 +3041,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -91028,7 +87831,7 @@ index 2065959..5486cad 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3409,9 +3416,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3410,9 +3417,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -91040,7 +87843,7 @@ index 2065959..5486cad 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3840,10 +3847,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3861,10 +3868,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -91053,7 +87856,7 @@ index 2065959..5486cad 100644 arch_perf_update_userpage(userpg, now); -@@ -4407,7 +4414,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -4428,7 +4435,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -91062,7 +87865,7 @@ index 2065959..5486cad 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -4498,11 +4505,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -4519,11 +4526,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -91076,7 +87879,7 @@ index 2065959..5486cad 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -6811,7 +6818,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6838,7 +6845,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -91085,7 +87888,7 @@ index 2065959..5486cad 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -7090,6 +7097,11 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -7117,6 +7124,11 @@ SYSCALL_DEFINE5(perf_event_open, if (flags & ~PERF_FLAG_ALL) return -EINVAL; @@ -91097,7 +87900,7 @@ index 2065959..5486cad 100644 err = perf_copy_attr(attr_uptr, &attr); if (err) return err; -@@ -7442,10 +7454,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -7469,10 +7481,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -91156,10 +87959,10 @@ index 569b2187..19940d9 100644 /* Callchain handling */ extern struct perf_callchain_entry * diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c -index 6f3254e..e4c1fe4 100644 +index 1d0af8a..9913530 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c -@@ -1670,7 +1670,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) +@@ -1671,7 +1671,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) { struct page *page; uprobe_opcode_t opcode; @@ -91169,10 +87972,10 @@ index 6f3254e..e4c1fe4 100644 pagefault_disable(); result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr, diff --git a/kernel/exit.c b/kernel/exit.c -index e5c4668..592d2e5 100644 +index 32c58f7..9eb6907 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -173,6 +173,10 @@ void release_task(struct task_struct * p) +@@ -173,6 +173,10 @@ void release_task(struct task_struct *p) struct task_struct *leader; int zap_leader; repeat: @@ -91183,7 +87986,7 @@ index e5c4668..592d2e5 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -664,6 +668,8 @@ void do_exit(long code) +@@ -668,6 +672,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -91192,7 +87995,7 @@ index e5c4668..592d2e5 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -680,7 +686,6 @@ void do_exit(long code) +@@ -684,7 +690,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -91200,7 +88003,7 @@ index e5c4668..592d2e5 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -739,6 +744,9 @@ void do_exit(long code) +@@ -742,6 +747,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -91210,7 +88013,7 @@ index e5c4668..592d2e5 100644 exit_mm(tsk); if (group_dead) -@@ -858,7 +866,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -859,7 +867,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -91220,7 +88023,7 @@ index e5c4668..592d2e5 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index b41958b..461e9c2 100644 +index a91e47d..71c9064 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -183,6 +183,48 @@ void thread_info_cache_init(void) @@ -91322,10 +88125,10 @@ index b41958b..461e9c2 100644 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW + tsk->lowmem_stack = lowmem_stack; +#endif - - setup_thread_stack(tsk, orig); - clear_user_return_notifier(tsk); -@@ -323,7 +373,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) + #ifdef CONFIG_SECCOMP + /* + * We must handle setting up seccomp filters once we're under +@@ -332,7 +382,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -91334,7 +88137,7 @@ index b41958b..461e9c2 100644 #endif /* -@@ -337,24 +387,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -346,24 +396,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) tsk->splice_pipe = NULL; tsk->task_frag.page = NULL; @@ -91392,7 +88195,7 @@ index b41958b..461e9c2 100644 + atomic_dec(&inode->i_writecount); + mutex_lock(&mapping->i_mmap_mutex); + if (tmp->vm_flags & VM_SHARED) -+ mapping->i_mmap_writable++; ++ atomic_inc(&mapping->i_mmap_writable); + flush_dcache_mmap_lock(mapping); + /* insert tmp into the share list, just after mpnt */ + if (unlikely(tmp->vm_flags & VM_NONLINEAR)) @@ -91431,7 +88234,7 @@ index b41958b..461e9c2 100644 uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); -@@ -383,55 +501,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -391,55 +509,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -91473,7 +88276,7 @@ index b41958b..461e9c2 100644 - atomic_dec(&inode->i_writecount); - mutex_lock(&mapping->i_mmap_mutex); - if (tmp->vm_flags & VM_SHARED) -- mapping->i_mmap_writable++; +- atomic_inc(&mapping->i_mmap_writable); - flush_dcache_mmap_lock(mapping); - /* insert tmp into the share list, just after mpnt */ - if (unlikely(tmp->vm_flags & VM_NONLINEAR)) @@ -91491,7 +88294,7 @@ index b41958b..461e9c2 100644 } /* -@@ -463,6 +541,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -471,6 +549,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -91523,7 +88326,7 @@ index b41958b..461e9c2 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -472,14 +575,6 @@ out: +@@ -480,14 +583,6 @@ out: up_write(&oldmm->mmap_sem); uprobe_end_dup_mmap(); return retval; @@ -91538,7 +88341,7 @@ index b41958b..461e9c2 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -698,8 +793,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -729,8 +824,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -91549,7 +88352,7 @@ index b41958b..461e9c2 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -918,13 +1013,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -933,13 +1028,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -91571,7 +88374,7 @@ index b41958b..461e9c2 100644 return 0; } -@@ -1133,7 +1235,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) +@@ -1173,7 +1275,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) * parts of the process environment (as per the clone * flags). The actual kick-off is left to the caller. */ @@ -91580,7 +88383,7 @@ index b41958b..461e9c2 100644 unsigned long stack_start, unsigned long stack_size, int __user *child_tidptr, -@@ -1205,6 +1307,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1244,6 +1346,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -91590,7 +88393,7 @@ index b41958b..461e9c2 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1452,6 +1557,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1493,6 +1598,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -91602,7 +88405,7 @@ index b41958b..461e9c2 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1542,6 +1652,8 @@ bad_fork_cleanup_count: +@@ -1583,6 +1693,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -91611,7 +88414,7 @@ index b41958b..461e9c2 100644 return ERR_PTR(retval); } -@@ -1603,6 +1715,7 @@ long do_fork(unsigned long clone_flags, +@@ -1644,6 +1756,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -91619,7 +88422,7 @@ index b41958b..461e9c2 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1619,6 +1732,8 @@ long do_fork(unsigned long clone_flags, +@@ -1660,6 +1773,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -91628,7 +88431,7 @@ index b41958b..461e9c2 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1737,7 +1852,7 @@ void __init proc_caches_init(void) +@@ -1778,7 +1893,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -91637,7 +88440,7 @@ index b41958b..461e9c2 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1777,7 +1892,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1818,7 +1933,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -91646,7 +88449,7 @@ index b41958b..461e9c2 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1884,7 +1999,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1930,7 +2045,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -91657,7 +88460,7 @@ index b41958b..461e9c2 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index c20fb39..0aa434d 100644 +index 815d7af..3d0743b 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -202,7 +202,7 @@ struct futex_pi_state { @@ -91678,7 +88481,16 @@ index c20fb39..0aa434d 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -394,6 +394,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -343,6 +343,8 @@ static void get_futex_key_refs(union futex_key *key) + case FUT_OFF_MMSHARED: + futex_get_mm(key); /* implies MB (B) */ + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + +@@ -394,6 +396,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -91690,7 +88502,7 @@ index c20fb39..0aa434d 100644 /* * The futex address must be "naturally" aligned. */ -@@ -593,7 +598,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -593,7 +600,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -91699,7 +88511,7 @@ index c20fb39..0aa434d 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -3034,6 +3039,7 @@ static void __init futex_detect_cmpxchg(void) +@@ -2998,6 +3005,7 @@ static void __init futex_detect_cmpxchg(void) { #ifndef CONFIG_HAVE_FUTEX_CMPXCHG u32 curval; @@ -91707,7 +88519,7 @@ index c20fb39..0aa434d 100644 /* * This will fail and we want it. Some arch implementations do -@@ -3045,8 +3051,11 @@ static void __init futex_detect_cmpxchg(void) +@@ -3009,8 +3017,11 @@ static void __init futex_detect_cmpxchg(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -91757,40 +88569,6 @@ index b358a80..fc25240 100644 gcov_info_unlink(prev, info); if (gcov_events_enabled) gcov_event(GCOV_REMOVE, info); -diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 3ab2899..c6ad010 100644 ---- a/kernel/hrtimer.c -+++ b/kernel/hrtimer.c -@@ -1449,7 +1449,7 @@ void hrtimer_peek_ahead_timers(void) - local_irq_restore(flags); - } - --static void run_hrtimer_softirq(struct softirq_action *h) -+static __latent_entropy void run_hrtimer_softirq(void) - { - hrtimer_peek_ahead_timers(); - } -diff --git a/kernel/irq_work.c b/kernel/irq_work.c -index a82170e..5b01e7f 100644 ---- a/kernel/irq_work.c -+++ b/kernel/irq_work.c -@@ -191,12 +191,13 @@ static int irq_work_cpu_notify(struct notifier_block *self, - return NOTIFY_OK; - } - --static struct notifier_block cpu_notify; -+static struct notifier_block cpu_notify = { -+ .notifier_call = irq_work_cpu_notify, -+ .priority = 0, -+}; - - static __init int irq_work_init_cpu_notifier(void) - { -- cpu_notify.notifier_call = irq_work_cpu_notify; -- cpu_notify.priority = 0; - register_cpu_notifier(&cpu_notify); - return 0; - } diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 9019f15..9a3c42e 100644 --- a/kernel/jump_label.c @@ -91827,7 +88605,7 @@ index 9019f15..9a3c42e 100644 static int diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c -index cb0cf37..b69e161 100644 +index ae51670..c1a9796 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -11,6 +11,9 @@ @@ -91956,10 +88734,10 @@ index 0aa69ea..a7fcafb 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index 4b8f0c9..fffd0df 100644 +index 2bee072..8979af8 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1045,7 +1045,8 @@ COMPAT_SYSCALL_DEFINE4(kexec_load, compat_ulong_t, entry, +@@ -1349,7 +1349,8 @@ COMPAT_SYSCALL_DEFINE4(kexec_load, compat_ulong_t, entry, compat_ulong_t, flags) { struct compat_kexec_segment in; @@ -92173,7 +88951,7 @@ index 8637e04..8b1d0d8 100644 kernel_cap_t new_cap; int err, i; diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index 734e9a7..0a313b8 100644 +index 3995f54..e247879 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -31,6 +31,9 @@ @@ -92201,7 +88979,7 @@ index 734e9a7..0a313b8 100644 } struct kprobe_insn_cache kprobe_insn_slots = { -@@ -2176,11 +2179,11 @@ static void report_probe(struct seq_file *pi, struct kprobe *p, +@@ -2187,11 +2190,11 @@ static void report_probe(struct seq_file *pi, struct kprobe *p, kprobe_type = "k"; if (sym) @@ -92238,10 +89016,10 @@ index 6683cce..daf8999 100644 .name = "notes", .mode = S_IRUGO, diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c -index d24e433..fa04fb8 100644 +index 88d0d44..e9ce0ee 100644 --- a/kernel/locking/lockdep.c +++ b/kernel/locking/lockdep.c -@@ -597,6 +597,10 @@ static int static_obj(void *obj) +@@ -599,6 +599,10 @@ static int static_obj(void *obj) end = (unsigned long) &_end, addr = (unsigned long) obj; @@ -92252,7 +89030,7 @@ index d24e433..fa04fb8 100644 /* * static variable? */ -@@ -738,6 +742,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) +@@ -740,6 +744,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -92260,7 +89038,7 @@ index d24e433..fa04fb8 100644 printk("the code is fine but needs lockdep annotation.\n"); printk("turning off the locking correctness validator.\n"); dump_stack(); -@@ -3079,7 +3084,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, +@@ -3081,7 +3086,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, if (!class) return 0; } @@ -92319,10 +89097,10 @@ index ef43ac4..2720dfa 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/locking/mcs_spinlock.c b/kernel/locking/mcs_spinlock.c -index be9ee15..39d6233 100644 +index 9887a90..0cd2b1d 100644 --- a/kernel/locking/mcs_spinlock.c +++ b/kernel/locking/mcs_spinlock.c -@@ -102,7 +102,7 @@ bool osq_lock(struct optimistic_spin_queue *lock) +@@ -100,7 +100,7 @@ bool osq_lock(struct optimistic_spin_queue *lock) prev = decode_cpu(old); node->prev = prev; @@ -92331,7 +89109,7 @@ index be9ee15..39d6233 100644 /* * Normally @prev is untouchable after the above store; because at that -@@ -174,8 +174,8 @@ unqueue: +@@ -172,8 +172,8 @@ unqueue: * it will wait in Step-A. */ @@ -92342,7 +89120,7 @@ index be9ee15..39d6233 100644 return false; } -@@ -197,13 +197,13 @@ void osq_unlock(struct optimistic_spin_queue *lock) +@@ -195,13 +195,13 @@ void osq_unlock(struct optimistic_spin_queue *lock) node = this_cpu_ptr(&osq_node); next = xchg(&node->next, NULL); if (next) { @@ -92359,7 +89137,7 @@ index be9ee15..39d6233 100644 #endif diff --git a/kernel/locking/mcs_spinlock.h b/kernel/locking/mcs_spinlock.h -index 74356dc..48dd5e1 100644 +index 23e89c5..8558eac 100644 --- a/kernel/locking/mcs_spinlock.h +++ b/kernel/locking/mcs_spinlock.h @@ -81,7 +81,7 @@ void mcs_spin_lock(struct mcs_spinlock **lock, struct mcs_spinlock *node) @@ -92420,10 +89198,10 @@ index 0799fd3..d06ae3b 100644 extern void debug_mutex_init(struct mutex *lock, const char *name, struct lock_class_key *key); diff --git a/kernel/locking/mutex.c b/kernel/locking/mutex.c -index acca2c1..ddeaea8 100644 +index ae712b2..d0d4a41 100644 --- a/kernel/locking/mutex.c +++ b/kernel/locking/mutex.c -@@ -490,7 +490,7 @@ slowpath: +@@ -486,7 +486,7 @@ slowpath: goto skip_wait; debug_mutex_lock_common(lock, &waiter); @@ -92432,7 +89210,7 @@ index acca2c1..ddeaea8 100644 /* add waiting tasks to the end of the waitqueue (FIFO): */ list_add_tail(&waiter.list, &lock->wait_list); -@@ -534,7 +534,7 @@ slowpath: +@@ -531,7 +531,7 @@ slowpath: schedule_preempt_disabled(); spin_lock_mutex(&lock->wait_lock, flags); } @@ -92441,7 +89219,7 @@ index acca2c1..ddeaea8 100644 /* set it to 0 if there are no waiters left: */ if (likely(list_empty(&lock->wait_list))) atomic_set(&lock->count, 0); -@@ -571,7 +571,7 @@ skip_wait: +@@ -568,7 +568,7 @@ skip_wait: return 0; err: @@ -92545,18 +89323,18 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index 673aeb0..40e276d 100644 +index 03214bd2..6242887 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -61,6 +61,7 @@ +@@ -60,6 +60,7 @@ + #include <linux/jump_label.h> #include <linux/pfn.h> #include <linux/bsearch.h> - #include <linux/fips.h> +#include <linux/grsecurity.h> #include <uapi/linux/module.h> #include "module-internal.h" -@@ -157,7 +158,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); +@@ -156,7 +157,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); /* Bounds of module allocation, for speeding __module_address. * Protected by module_mutex. */ @@ -92566,7 +89344,7 @@ index 673aeb0..40e276d 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -324,7 +326,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -323,7 +325,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -92575,7 +89353,7 @@ index 673aeb0..40e276d 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -349,7 +351,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -348,7 +350,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -92584,7 +89362,7 @@ index 673aeb0..40e276d 100644 return true; } return false; -@@ -489,7 +491,7 @@ static int percpu_modalloc(struct module *mod, struct load_info *info) +@@ -488,7 +490,7 @@ static int percpu_modalloc(struct module *mod, struct load_info *info) if (!pcpusec->sh_size) return 0; @@ -92593,7 +89371,7 @@ index 673aeb0..40e276d 100644 pr_warn("%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1061,7 +1063,7 @@ struct module_attribute module_uevent = +@@ -1060,7 +1062,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -92602,7 +89380,7 @@ index 673aeb0..40e276d 100644 } static struct module_attribute modinfo_coresize = -@@ -1070,7 +1072,7 @@ static struct module_attribute modinfo_coresize = +@@ -1069,7 +1071,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -92611,7 +89389,7 @@ index 673aeb0..40e276d 100644 } static struct module_attribute modinfo_initsize = -@@ -1162,12 +1164,29 @@ static int check_version(Elf_Shdr *sechdrs, +@@ -1161,12 +1163,29 @@ static int check_version(Elf_Shdr *sechdrs, goto bad_version; } @@ -92641,7 +89419,7 @@ index 673aeb0..40e276d 100644 return 0; } -@@ -1283,7 +1302,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1282,7 +1301,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -92650,7 +89428,7 @@ index 673aeb0..40e276d 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1423,7 +1442,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) +@@ -1422,7 +1441,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) { unsigned int notes, loaded, i; struct module_notes_attrs *notes_attrs; @@ -92659,7 +89437,7 @@ index 673aeb0..40e276d 100644 /* failed to create section attributes, so can't create notes */ if (!mod->sect_attrs) -@@ -1535,7 +1554,7 @@ static void del_usage_links(struct module *mod) +@@ -1534,7 +1553,7 @@ static void del_usage_links(struct module *mod) static int module_add_modinfo_attrs(struct module *mod) { struct module_attribute *attr; @@ -92668,7 +89446,7 @@ index 673aeb0..40e276d 100644 int error = 0; int i; -@@ -1756,21 +1775,21 @@ static void set_section_ro_nx(void *base, +@@ -1755,21 +1774,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -92698,7 +89476,7 @@ index 673aeb0..40e276d 100644 set_memory_rw); } -@@ -1783,14 +1802,14 @@ void set_all_modules_text_rw(void) +@@ -1782,14 +1801,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -92719,7 +89497,7 @@ index 673aeb0..40e276d 100644 set_memory_rw); } } -@@ -1806,14 +1825,14 @@ void set_all_modules_text_ro(void) +@@ -1805,14 +1824,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -92740,7 +89518,17 @@ index 673aeb0..40e276d 100644 set_memory_ro); } } -@@ -1864,16 +1883,19 @@ static void free_module(struct module *mod) +@@ -1842,7 +1861,9 @@ static void free_module(struct module *mod) + + /* We leave it in list to prevent duplicate loads, but make sure + * that noone uses it while it's being deconstructed. */ ++ mutex_lock(&module_mutex); + mod->state = MODULE_STATE_UNFORMED; ++ mutex_unlock(&module_mutex); + + /* Remove dynamic debug info */ + ddebug_remove_module(mod->name); +@@ -1863,16 +1884,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -92763,7 +89551,7 @@ index 673aeb0..40e276d 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1942,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1941,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -92795,7 +89583,7 @@ index 673aeb0..40e276d 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* Ignore common symbols */ -@@ -1969,7 +2013,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1968,7 +2014,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -92805,7 +89593,7 @@ index 673aeb0..40e276d 100644 break; } -@@ -1988,11 +2034,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1987,11 +2035,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -92826,7 +89614,7 @@ index 673aeb0..40e276d 100644 return ret; } -@@ -2076,22 +2131,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2075,22 +2132,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -92853,7 +89641,7 @@ index 673aeb0..40e276d 100644 } pr_debug("Init section allocation order:\n"); -@@ -2105,23 +2150,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2104,23 +2151,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -92882,7 +89670,7 @@ index 673aeb0..40e276d 100644 } } -@@ -2294,7 +2329,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2293,7 +2330,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -92891,7 +89679,7 @@ index 673aeb0..40e276d 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2311,13 +2346,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2310,13 +2347,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -92909,7 +89697,7 @@ index 673aeb0..40e276d 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2335,12 +2370,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2334,12 +2371,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -92926,7 +89714,7 @@ index 673aeb0..40e276d 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2352,6 +2389,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2351,6 +2390,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -92935,7 +89723,7 @@ index 673aeb0..40e276d 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2385,17 +2424,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2384,17 +2425,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -92974,7 +89762,7 @@ index 673aeb0..40e276d 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2652,7 +2707,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2648,7 +2705,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) mod = (void *)info->sechdrs[info->index.mod].sh_addr; if (info->index.sym == 0) { @@ -92990,7 +89778,7 @@ index 673aeb0..40e276d 100644 return ERR_PTR(-ENOEXEC); } -@@ -2668,8 +2731,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2664,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -93005,7 +89793,7 @@ index 673aeb0..40e276d 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2694,7 +2763,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2690,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -93014,7 +89802,7 @@ index 673aeb0..40e276d 100644 return 0; } -@@ -2788,7 +2857,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2784,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -93023,7 +89811,7 @@ index 673aeb0..40e276d 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2798,11 +2867,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2794,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -93039,7 +89827,7 @@ index 673aeb0..40e276d 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2811,13 +2880,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2807,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -93089,7 +89877,7 @@ index 673aeb0..40e276d 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2828,16 +2929,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2824,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -93142,7 +89930,7 @@ index 673aeb0..40e276d 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2894,12 +3024,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2890,12 +3022,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -93161,7 +89949,7 @@ index 673aeb0..40e276d 100644 set_fs(old_fs); } -@@ -2956,8 +3086,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) +@@ -2952,8 +3084,10 @@ static struct module *layout_and_allocate(struct load_info *info, int flags) static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -93174,7 +89962,7 @@ index 673aeb0..40e276d 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2970,7 +3102,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2966,7 +3100,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -93184,7 +89972,7 @@ index 673aeb0..40e276d 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3079,11 +3213,12 @@ static int do_init_module(struct module *mod) +@@ -3075,11 +3211,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -93202,7 +89990,7 @@ index 673aeb0..40e276d 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3151,16 +3286,16 @@ static int complete_formation(struct module *mod, struct load_info *info) +@@ -3147,16 +3284,16 @@ static int complete_formation(struct module *mod, struct load_info *info) module_bug_finalize(info->hdr, info->sechdrs, mod); /* Set RO and NX regions for core */ @@ -93227,7 +90015,7 @@ index 673aeb0..40e276d 100644 /* Mark state as coming so strong_try_module_get() ignores us, * but kallsyms etc. can see us. */ -@@ -3244,9 +3379,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3240,9 +3377,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -93266,7 +90054,7 @@ index 673aeb0..40e276d 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3262,13 +3426,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3258,13 +3424,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -93280,7 +90068,7 @@ index 673aeb0..40e276d 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3316,11 +3473,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3312,11 +3471,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -93293,7 +90081,7 @@ index 673aeb0..40e276d 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3403,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3401,10 +3559,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -93313,7 +90101,7 @@ index 673aeb0..40e276d 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3657,7 +3819,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3652,7 +3816,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -93322,7 +90110,7 @@ index 673aeb0..40e276d 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3666,7 +3828,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3661,7 +3825,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -93331,7 +90119,7 @@ index 673aeb0..40e276d 100644 /* Taints info */ if (mod->taints) -@@ -3702,7 +3864,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3697,7 +3861,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -93349,7 +90137,7 @@ index 673aeb0..40e276d 100644 return 0; } module_init(proc_modules_init); -@@ -3763,14 +3935,14 @@ struct module *__module_address(unsigned long addr) +@@ -3758,7 +3932,8 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -93359,15 +90147,7 @@ index 673aeb0..40e276d 100644 return NULL; list_for_each_entry_rcu(mod, &modules, list) { - if (mod->state == MODULE_STATE_UNFORMED) - continue; -- if (within_module_core(addr, mod) -- || within_module_init(addr, mod)) -+ if (within_module_init(addr, mod) || within_module_core(addr, mod)) - return mod; - } - return NULL; -@@ -3805,11 +3977,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3799,11 +3974,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -93470,7 +90250,7 @@ index 161402f..598814c 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index 62e16ce..9db5047b 100644 +index d09dc5c..9abbdff 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -53,7 +53,7 @@ EXPORT_SYMBOL(panic_blink); @@ -93482,7 +90262,7 @@ index 62e16ce..9db5047b 100644 { while (1) cpu_relax(); -@@ -420,7 +420,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -421,7 +421,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, disable_trace_on_warning(); pr_warn("------------[ cut here ]------------\n"); @@ -93491,7 +90271,7 @@ index 62e16ce..9db5047b 100644 raw_smp_processor_id(), current->pid, file, line, caller); if (args) -@@ -474,7 +474,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -475,7 +475,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ __visible void __stack_chk_fail(void) { @@ -93570,145 +90350,8 @@ index db95d8e..a0ca23f 100644 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; -diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 3b89464..5e38379 100644 ---- a/kernel/posix-cpu-timers.c -+++ b/kernel/posix-cpu-timers.c -@@ -1464,14 +1464,14 @@ struct k_clock clock_posix_cpu = { - - static __init int init_posix_cpu_timers(void) - { -- struct k_clock process = { -+ static struct k_clock process = { - .clock_getres = process_cpu_clock_getres, - .clock_get = process_cpu_clock_get, - .timer_create = process_cpu_timer_create, - .nsleep = process_cpu_nsleep, - .nsleep_restart = process_cpu_nsleep_restart, - }; -- struct k_clock thread = { -+ static struct k_clock thread = { - .clock_getres = thread_cpu_clock_getres, - .clock_get = thread_cpu_clock_get, - .timer_create = thread_cpu_timer_create, -diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 424c2d4..679242f 100644 ---- a/kernel/posix-timers.c -+++ b/kernel/posix-timers.c -@@ -43,6 +43,7 @@ - #include <linux/hash.h> - #include <linux/posix-clock.h> - #include <linux/posix-timers.h> -+#include <linux/grsecurity.h> - #include <linux/syscalls.h> - #include <linux/wait.h> - #include <linux/workqueue.h> -@@ -122,7 +123,7 @@ static DEFINE_SPINLOCK(hash_lock); - * which we beg off on and pass to do_sys_settimeofday(). - */ - --static struct k_clock posix_clocks[MAX_CLOCKS]; -+static struct k_clock *posix_clocks[MAX_CLOCKS]; - - /* - * These ones are defined below. -@@ -275,7 +276,7 @@ static int posix_get_tai(clockid_t which_clock, struct timespec *tp) - */ - static __init int init_posix_timers(void) - { -- struct k_clock clock_realtime = { -+ static struct k_clock clock_realtime = { - .clock_getres = hrtimer_get_res, - .clock_get = posix_clock_realtime_get, - .clock_set = posix_clock_realtime_set, -@@ -287,7 +288,7 @@ static __init int init_posix_timers(void) - .timer_get = common_timer_get, - .timer_del = common_timer_del, - }; -- struct k_clock clock_monotonic = { -+ static struct k_clock clock_monotonic = { - .clock_getres = hrtimer_get_res, - .clock_get = posix_ktime_get_ts, - .nsleep = common_nsleep, -@@ -297,19 +298,19 @@ static __init int init_posix_timers(void) - .timer_get = common_timer_get, - .timer_del = common_timer_del, - }; -- struct k_clock clock_monotonic_raw = { -+ static struct k_clock clock_monotonic_raw = { - .clock_getres = hrtimer_get_res, - .clock_get = posix_get_monotonic_raw, - }; -- struct k_clock clock_realtime_coarse = { -+ static struct k_clock clock_realtime_coarse = { - .clock_getres = posix_get_coarse_res, - .clock_get = posix_get_realtime_coarse, - }; -- struct k_clock clock_monotonic_coarse = { -+ static struct k_clock clock_monotonic_coarse = { - .clock_getres = posix_get_coarse_res, - .clock_get = posix_get_monotonic_coarse, - }; -- struct k_clock clock_tai = { -+ static struct k_clock clock_tai = { - .clock_getres = hrtimer_get_res, - .clock_get = posix_get_tai, - .nsleep = common_nsleep, -@@ -319,7 +320,7 @@ static __init int init_posix_timers(void) - .timer_get = common_timer_get, - .timer_del = common_timer_del, - }; -- struct k_clock clock_boottime = { -+ static struct k_clock clock_boottime = { - .clock_getres = hrtimer_get_res, - .clock_get = posix_get_boottime, - .nsleep = common_nsleep, -@@ -531,7 +532,7 @@ void posix_timers_register_clock(const clockid_t clock_id, - return; - } - -- posix_clocks[clock_id] = *new_clock; -+ posix_clocks[clock_id] = new_clock; - } - EXPORT_SYMBOL_GPL(posix_timers_register_clock); - -@@ -577,9 +578,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) - return (id & CLOCKFD_MASK) == CLOCKFD ? - &clock_posix_dynamic : &clock_posix_cpu; - -- if (id >= MAX_CLOCKS || !posix_clocks[id].clock_getres) -+ if (id >= MAX_CLOCKS || !posix_clocks[id] || !posix_clocks[id]->clock_getres) - return NULL; -- return &posix_clocks[id]; -+ return posix_clocks[id]; - } - - static int common_timer_create(struct k_itimer *new_timer) -@@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, - struct k_clock *kc = clockid_to_kclock(which_clock); - struct k_itimer *new_timer; - int error, new_timer_id; -- sigevent_t event; -+ sigevent_t event = { }; - int it_id_set = IT_ID_NOT_SET; - - if (!kc) -@@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, - if (copy_from_user(&new_tp, tp, sizeof (*tp))) - return -EFAULT; - -+ /* only the CLOCK_REALTIME clock can be set, all other clocks -+ have their clock_set fptr set to a nosettime dummy function -+ CLOCK_REALTIME has a NULL clock_set fptr which causes it to -+ call common_clock_set, which calls do_sys_settimeofday, which -+ we hook -+ */ -+ - return kc->clock_set(which_clock, &new_tp); - } - diff --git a/kernel/power/Kconfig b/kernel/power/Kconfig -index 9a83d78..128bfc0 100644 +index e4e4121..71faf14 100644 --- a/kernel/power/Kconfig +++ b/kernel/power/Kconfig @@ -24,6 +24,8 @@ config HIBERNATE_CALLBACKS @@ -93764,10 +90407,10 @@ index 4ee194e..925778f 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 971285d..553e02a 100644 +index 1ce7706..3b07c49 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c -@@ -480,6 +480,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -490,6 +490,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -93841,10 +90484,10 @@ index 54bf5ba..df6e0a2 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index adf9862..9d86345 100644 +index 54e7522..5b82dd6 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -327,7 +327,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -321,7 +321,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; rcu_read_lock(); @@ -93853,7 +90496,7 @@ index adf9862..9d86345 100644 flags |= PT_PTRACE_CAP; rcu_read_unlock(); task->ptrace = flags; -@@ -538,7 +538,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -532,7 +532,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -93862,7 +90505,7 @@ index adf9862..9d86345 100644 return -EFAULT; copied += retval; src += retval; -@@ -806,7 +806,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -800,7 +800,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -93871,7 +90514,7 @@ index adf9862..9d86345 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -1052,14 +1052,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -1046,14 +1046,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -93894,7 +90537,7 @@ index adf9862..9d86345 100644 goto out_put_task_struct; } -@@ -1087,7 +1094,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -1081,7 +1088,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -93903,7 +90546,7 @@ index adf9862..9d86345 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1181,7 +1188,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, +@@ -1175,7 +1182,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, } COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, @@ -93912,7 +90555,7 @@ index adf9862..9d86345 100644 { struct task_struct *child; long ret; -@@ -1197,14 +1204,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, +@@ -1191,14 +1198,21 @@ COMPAT_SYSCALL_DEFINE4(ptrace, compat_long_t, request, compat_long_t, pid, goto out; } @@ -94098,22 +90741,6 @@ index 948a769..5ca842b 100644 for_each_possible_cpu(cpu) { for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; -diff --git a/kernel/rcu/srcu.c b/kernel/rcu/srcu.c -index c639556..cf0a0d5 100644 ---- a/kernel/rcu/srcu.c -+++ b/kernel/rcu/srcu.c -@@ -298,9 +298,9 @@ int __srcu_read_lock(struct srcu_struct *sp) - - idx = ACCESS_ONCE(sp->completed) & 0x1; - preempt_disable(); -- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; -+ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; - smp_mb(); /* B */ /* Avoid leaking the critical section. */ -- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->seq[idx]) += 1; -+ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->seq[idx]) += 1; - preempt_enable(); - return idx; - } diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c index d9efcc1..ea543e9 100644 --- a/kernel/rcu/tiny.c @@ -94162,7 +90789,7 @@ index 858c565..7efd915 100644 static void check_cpu_stalls(void) diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c -index 625d0b0..0bce4d6 100644 +index 1b70cb6..ea62b0a 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c @@ -263,7 +263,7 @@ static void rcu_momentary_dyntick_idle(void) @@ -94278,7 +90905,7 @@ index 625d0b0..0bce4d6 100644 rsp->jiffies_resched = j + j1 / 2; } -@@ -1052,7 +1052,7 @@ static void print_other_cpu_stall(struct rcu_state *rsp) +@@ -1049,7 +1049,7 @@ static void print_other_cpu_stall(struct rcu_state *rsp) raw_spin_unlock_irqrestore(&rnp->lock, flags); return; } @@ -94287,7 +90914,7 @@ index 625d0b0..0bce4d6 100644 raw_spin_unlock_irqrestore(&rnp->lock, flags); /* -@@ -1130,7 +1130,7 @@ static void print_cpu_stall(struct rcu_state *rsp) +@@ -1126,7 +1126,7 @@ static void print_cpu_stall(struct rcu_state *rsp) raw_spin_lock_irqsave(&rnp->lock, flags); if (ULONG_CMP_GE(jiffies, ACCESS_ONCE(rsp->jiffies_stall))) @@ -94296,7 +90923,7 @@ index 625d0b0..0bce4d6 100644 3 * rcu_jiffies_till_stall_check() + 3; raw_spin_unlock_irqrestore(&rnp->lock, flags); -@@ -1214,7 +1214,7 @@ void rcu_cpu_stall_reset(void) +@@ -1210,7 +1210,7 @@ void rcu_cpu_stall_reset(void) struct rcu_state *rsp; for_each_rcu_flavor(rsp) @@ -94305,7 +90932,7 @@ index 625d0b0..0bce4d6 100644 } /* -@@ -1594,7 +1594,7 @@ static int rcu_gp_init(struct rcu_state *rsp) +@@ -1596,7 +1596,7 @@ static int rcu_gp_init(struct rcu_state *rsp) raw_spin_unlock_irq(&rnp->lock); return 0; } @@ -94314,7 +90941,7 @@ index 625d0b0..0bce4d6 100644 if (WARN_ON_ONCE(rcu_gp_in_progress(rsp))) { /* -@@ -1635,9 +1635,9 @@ static int rcu_gp_init(struct rcu_state *rsp) +@@ -1637,9 +1637,9 @@ static int rcu_gp_init(struct rcu_state *rsp) rdp = this_cpu_ptr(rsp->rda); rcu_preempt_check_blocked_tasks(rnp); rnp->qsmask = rnp->qsmaskinit; @@ -94326,7 +90953,7 @@ index 625d0b0..0bce4d6 100644 if (rnp == rdp->mynode) (void)__note_gp_changes(rsp, rnp, rdp); rcu_preempt_boost_start_gp(rnp); -@@ -1687,7 +1687,7 @@ static int rcu_gp_fqs(struct rcu_state *rsp, int fqs_state_in) +@@ -1684,7 +1684,7 @@ static int rcu_gp_fqs(struct rcu_state *rsp, int fqs_state_in) if (ACCESS_ONCE(rsp->gp_flags) & RCU_GP_FLAG_FQS) { raw_spin_lock_irq(&rnp->lock); smp_mb__after_unlock_lock(); @@ -94335,7 +90962,7 @@ index 625d0b0..0bce4d6 100644 raw_spin_unlock_irq(&rnp->lock); } return fqs_state; -@@ -1732,7 +1732,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) +@@ -1729,7 +1729,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) rcu_for_each_node_breadth_first(rsp, rnp) { raw_spin_lock_irq(&rnp->lock); smp_mb__after_unlock_lock(); @@ -94344,7 +90971,7 @@ index 625d0b0..0bce4d6 100644 rdp = this_cpu_ptr(rsp->rda); if (rnp == rdp->mynode) needgp = __note_gp_changes(rsp, rnp, rdp) || needgp; -@@ -1747,14 +1747,14 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) +@@ -1744,14 +1744,14 @@ static void rcu_gp_cleanup(struct rcu_state *rsp) rcu_nocb_gp_set(rnp, nocb); /* Declare grace period done. */ @@ -94361,7 +90988,7 @@ index 625d0b0..0bce4d6 100644 trace_rcu_grace_period(rsp->name, ACCESS_ONCE(rsp->gpnum), TPS("newreq")); -@@ -1879,7 +1879,7 @@ rcu_start_gp_advanced(struct rcu_state *rsp, struct rcu_node *rnp, +@@ -1876,7 +1876,7 @@ rcu_start_gp_advanced(struct rcu_state *rsp, struct rcu_node *rnp, */ return false; } @@ -94370,7 +90997,7 @@ index 625d0b0..0bce4d6 100644 trace_rcu_grace_period(rsp->name, ACCESS_ONCE(rsp->gpnum), TPS("newreq")); -@@ -2100,7 +2100,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, +@@ -2097,7 +2097,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, rsp->qlen += rdp->qlen; rdp->n_cbs_orphaned += rdp->qlen; rdp->qlen_lazy = 0; @@ -94379,30 +91006,16 @@ index 625d0b0..0bce4d6 100644 } /* -@@ -2347,7 +2347,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -2344,7 +2344,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) } smp_mb(); /* List handling before counting for rcu_barrier(). */ rdp->qlen_lazy -= count_lazy; -- ACCESS_ONCE(rdp->qlen) -= count; -+ ACCESS_ONCE_RW(rdp->qlen) -= count; +- ACCESS_ONCE(rdp->qlen) = rdp->qlen - count; ++ ACCESS_ONCE_RW(rdp->qlen) = rdp->qlen - count; rdp->n_cbs_invoked += count; /* Reinstate batch limit if we have worked down the excess. */ -@@ -2492,7 +2492,7 @@ static void force_quiescent_state(struct rcu_state *rsp) - if (rnp_old != NULL) - raw_spin_unlock(&rnp_old->fqslock); - if (ret) { -- ACCESS_ONCE(rsp->n_force_qs_lh)++; -+ ACCESS_ONCE_RW(rsp->n_force_qs_lh)++; - return; - } - rnp_old = rnp; -@@ -2504,11 +2504,11 @@ static void force_quiescent_state(struct rcu_state *rsp) - smp_mb__after_unlock_lock(); - raw_spin_unlock(&rnp_old->fqslock); - if (ACCESS_ONCE(rsp->gp_flags) & RCU_GP_FLAG_FQS) { -- ACCESS_ONCE(rsp->n_force_qs_lh)++; -+ ACCESS_ONCE_RW(rsp->n_force_qs_lh)++; +@@ -2505,7 +2505,7 @@ static void force_quiescent_state(struct rcu_state *rsp) raw_spin_unlock_irqrestore(&rnp_old->lock, flags); return; /* Someone beat us to it. */ } @@ -94411,7 +91024,7 @@ index 625d0b0..0bce4d6 100644 raw_spin_unlock_irqrestore(&rnp_old->lock, flags); wake_up(&rsp->gp_wq); /* Memory barrier implied by wake_up() path. */ } -@@ -2553,7 +2553,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) +@@ -2550,7 +2550,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -94420,8 +91033,8 @@ index 625d0b0..0bce4d6 100644 { struct rcu_state *rsp; -@@ -2665,7 +2665,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), - WARN_ON_ONCE((unsigned long)head & 0x3); /* Misaligned rcu_head! */ +@@ -2662,7 +2662,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), + WARN_ON_ONCE((unsigned long)head & 0x1); /* Misaligned rcu_head! */ if (debug_rcu_head_queue(head)) { /* Probable double call_rcu(), so leak the callback. */ - ACCESS_ONCE(head->func) = rcu_leak_callback; @@ -94429,16 +91042,16 @@ index 625d0b0..0bce4d6 100644 WARN_ONCE(1, "__call_rcu(): Leaked duplicate callback\n"); return; } -@@ -2693,7 +2693,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), +@@ -2690,7 +2690,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), local_irq_restore(flags); return; } -- ACCESS_ONCE(rdp->qlen)++; -+ ACCESS_ONCE_RW(rdp->qlen)++; +- ACCESS_ONCE(rdp->qlen) = rdp->qlen + 1; ++ ACCESS_ONCE_RW(rdp->qlen) = rdp->qlen + 1; if (lazy) rdp->qlen_lazy++; else -@@ -2968,11 +2968,11 @@ void synchronize_sched_expedited(void) +@@ -2965,11 +2965,11 @@ void synchronize_sched_expedited(void) * counter wrap on a 32-bit system. Quite a few more CPUs would of * course be required on a 64-bit system. */ @@ -94452,7 +91065,7 @@ index 625d0b0..0bce4d6 100644 return; } -@@ -2980,7 +2980,7 @@ void synchronize_sched_expedited(void) +@@ -2977,7 +2977,7 @@ void synchronize_sched_expedited(void) * Take a ticket. Note that atomic_inc_return() implies a * full memory barrier. */ @@ -94461,7 +91074,7 @@ index 625d0b0..0bce4d6 100644 firstsnap = snap; get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); -@@ -2993,14 +2993,14 @@ void synchronize_sched_expedited(void) +@@ -2990,14 +2990,14 @@ void synchronize_sched_expedited(void) synchronize_sched_expedited_cpu_stop, NULL) == -EAGAIN) { put_online_cpus(); @@ -94478,7 +91091,7 @@ index 625d0b0..0bce4d6 100644 return; } -@@ -3009,7 +3009,7 @@ void synchronize_sched_expedited(void) +@@ -3006,7 +3006,7 @@ void synchronize_sched_expedited(void) udelay(trycount * num_online_cpus()); } else { wait_rcu_gp(call_rcu_sched); @@ -94487,7 +91100,7 @@ index 625d0b0..0bce4d6 100644 return; } -@@ -3018,7 +3018,7 @@ void synchronize_sched_expedited(void) +@@ -3015,7 +3015,7 @@ void synchronize_sched_expedited(void) if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { /* ensure test happens before caller kfree */ smp_mb__before_atomic(); /* ^^^ */ @@ -94496,7 +91109,7 @@ index 625d0b0..0bce4d6 100644 return; } -@@ -3030,10 +3030,10 @@ void synchronize_sched_expedited(void) +@@ -3027,10 +3027,10 @@ void synchronize_sched_expedited(void) * period works for us. */ get_online_cpus(); @@ -94509,7 +91122,7 @@ index 625d0b0..0bce4d6 100644 /* * Everyone up to our most recent fetch is covered by our grace -@@ -3042,16 +3042,16 @@ void synchronize_sched_expedited(void) +@@ -3039,16 +3039,16 @@ void synchronize_sched_expedited(void) * than we did already did their update. */ do { @@ -94529,25 +91142,25 @@ index 625d0b0..0bce4d6 100644 put_online_cpus(); } -@@ -3257,7 +3257,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -3254,7 +3254,7 @@ static void _rcu_barrier(struct rcu_state *rsp) * ACCESS_ONCE() to prevent the compiler from speculating * the increment to precede the early-exit check. */ -- ACCESS_ONCE(rsp->n_barrier_done)++; -+ ACCESS_ONCE_RW(rsp->n_barrier_done)++; +- ACCESS_ONCE(rsp->n_barrier_done) = rsp->n_barrier_done + 1; ++ ACCESS_ONCE_RW(rsp->n_barrier_done) = rsp->n_barrier_done + 1; WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ -@@ -3307,7 +3307,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -3304,7 +3304,7 @@ static void _rcu_barrier(struct rcu_state *rsp) /* Increment ->n_barrier_done to prevent duplicate work. */ smp_mb(); /* Keep increment after above mechanism. */ -- ACCESS_ONCE(rsp->n_barrier_done)++; -+ ACCESS_ONCE_RW(rsp->n_barrier_done)++; +- ACCESS_ONCE(rsp->n_barrier_done) = rsp->n_barrier_done + 1; ++ ACCESS_ONCE_RW(rsp->n_barrier_done) = rsp->n_barrier_done + 1; WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); smp_mb(); /* Keep increment before caller's subsequent code. */ -@@ -3352,10 +3352,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -3349,10 +3349,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); init_callback_list(rdp); rdp->qlen_lazy = 0; @@ -94560,7 +91173,7 @@ index 625d0b0..0bce4d6 100644 rdp->cpu = cpu; rdp->rsp = rsp; rcu_boot_init_nocb_percpu_data(rdp); -@@ -3388,8 +3388,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -3385,8 +3385,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp) init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; rcu_sysidle_init_percpu_data(rdp->dynticks); @@ -94572,7 +91185,7 @@ index 625d0b0..0bce4d6 100644 /* Add CPU to rcu_node bitmasks. */ diff --git a/kernel/rcu/tree.h b/kernel/rcu/tree.h -index 0f69a79..c85c2dc 100644 +index 6a86eb7..022b506 100644 --- a/kernel/rcu/tree.h +++ b/kernel/rcu/tree.h @@ -87,11 +87,11 @@ struct rcu_dynticks { @@ -94589,7 +91202,7 @@ index 0f69a79..c85c2dc 100644 /* "Idle" excludes userspace execution. */ unsigned long dynticks_idle_jiffies; /* End of last non-NMI non-idle period. */ -@@ -435,17 +435,17 @@ struct rcu_state { +@@ -461,17 +461,17 @@ struct rcu_state { /* _rcu_barrier(). */ /* End of fields guarded by barrier_mutex. */ @@ -94619,7 +91232,7 @@ index 0f69a79..c85c2dc 100644 unsigned long jiffies_force_qs; /* Time at which to invoke */ /* force_quiescent_state(). */ diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h -index 02ac0fb..4aa4a36 100644 +index a7997e2..9787c9e 100644 --- a/kernel/rcu/tree_plugin.h +++ b/kernel/rcu/tree_plugin.h @@ -735,7 +735,7 @@ static int rcu_preempted_readers_exp(struct rcu_node *rnp) @@ -94640,7 +91253,7 @@ index 02ac0fb..4aa4a36 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -1447,7 +1447,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu) +@@ -1452,7 +1452,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu) free_cpumask_var(cm); } @@ -94649,7 +91262,7 @@ index 02ac0fb..4aa4a36 100644 .store = &rcu_cpu_kthread_task, .thread_should_run = rcu_cpu_kthread_should_run, .thread_fn = rcu_cpu_kthread, -@@ -1926,7 +1926,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) +@@ -1932,7 +1932,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) print_cpu_stall_fast_no_hz(fast_no_hz, cpu); pr_err("\t%d: (%lu %s) idle=%03x/%llx/%d softirq=%u/%u %s\n", cpu, ticks_value, ticks_title, @@ -94658,7 +91271,16 @@ index 02ac0fb..4aa4a36 100644 rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting, rdp->softirq_snap, kstat_softirqs_cpu(RCU_SOFTIRQ, cpu), fast_no_hz); -@@ -2079,7 +2079,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, +@@ -2076,7 +2076,7 @@ static void wake_nocb_leader(struct rcu_data *rdp, bool force) + return; + if (ACCESS_ONCE(rdp_leader->nocb_leader_sleep) || force) { + /* Prior xchg orders against prior callback enqueue. */ +- ACCESS_ONCE(rdp_leader->nocb_leader_sleep) = false; ++ ACCESS_ONCE_RW(rdp_leader->nocb_leader_sleep) = false; + wake_up(&rdp_leader->nocb_wq); + } + } +@@ -2101,7 +2101,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, /* Enqueue the callback on the nocb list and update counts. */ old_rhpp = xchg(&rdp->nocb_tail, rhtp); @@ -94667,23 +91289,25 @@ index 02ac0fb..4aa4a36 100644 atomic_long_add(rhcount, &rdp->nocb_q_count); atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy); -@@ -2255,12 +2255,12 @@ static int rcu_nocb_kthread(void *arg) - * Extract queued callbacks, update counts, and wait - * for a grace period to elapse. - */ +@@ -2272,7 +2272,7 @@ wait_again: + continue; /* No CBs here, try next follower. */ + + /* Move callbacks to wait-for-GP list, which is empty. */ - ACCESS_ONCE(rdp->nocb_head) = NULL; + ACCESS_ONCE_RW(rdp->nocb_head) = NULL; - tail = xchg(&rdp->nocb_tail, &rdp->nocb_head); - c = atomic_long_xchg(&rdp->nocb_q_count, 0); - cl = atomic_long_xchg(&rdp->nocb_q_count_lazy, 0); -- ACCESS_ONCE(rdp->nocb_p_count) += c; -- ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl; -+ ACCESS_ONCE_RW(rdp->nocb_p_count) += c; -+ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl; - rcu_nocb_wait_gp(rdp); - - /* Each pass through the following loop invokes a callback. */ -@@ -2286,8 +2286,8 @@ static int rcu_nocb_kthread(void *arg) + rdp->nocb_gp_tail = xchg(&rdp->nocb_tail, &rdp->nocb_head); + rdp->nocb_gp_count = atomic_long_xchg(&rdp->nocb_q_count, 0); + rdp->nocb_gp_count_lazy = +@@ -2398,7 +2398,7 @@ static int rcu_nocb_kthread(void *arg) + list = ACCESS_ONCE(rdp->nocb_follower_head); + BUG_ON(!list); + trace_rcu_nocb_wake(rdp->rsp->name, rdp->cpu, "WokeNonEmpty"); +- ACCESS_ONCE(rdp->nocb_follower_head) = NULL; ++ ACCESS_ONCE_RW(rdp->nocb_follower_head) = NULL; + tail = xchg(&rdp->nocb_follower_tail, &rdp->nocb_follower_head); + c = atomic_long_xchg(&rdp->nocb_follower_count, 0); + cl = atomic_long_xchg(&rdp->nocb_follower_count_lazy, 0); +@@ -2428,8 +2428,8 @@ static int rcu_nocb_kthread(void *arg) list = next; } trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1); @@ -94694,16 +91318,16 @@ index 02ac0fb..4aa4a36 100644 rdp->n_nocbs_invoked += c; } return 0; -@@ -2304,7 +2304,7 @@ static void do_nocb_deferred_wakeup(struct rcu_data *rdp) +@@ -2446,7 +2446,7 @@ static void do_nocb_deferred_wakeup(struct rcu_data *rdp) { if (!rcu_nocb_need_deferred_wakeup(rdp)) return; - ACCESS_ONCE(rdp->nocb_defer_wakeup) = false; + ACCESS_ONCE_RW(rdp->nocb_defer_wakeup) = false; - wake_up(&rdp->nocb_wq); + wake_nocb_leader(rdp, false); trace_rcu_nocb_wake(rdp->rsp->name, rdp->cpu, TPS("DeferredWakeEmpty")); } -@@ -2330,7 +2330,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) +@@ -2510,7 +2510,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%c/%d", rsp->abbr, cpu); BUG_ON(IS_ERR(t)); @@ -94712,7 +91336,7 @@ index 02ac0fb..4aa4a36 100644 } } -@@ -2461,11 +2461,11 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq) +@@ -2641,11 +2641,11 @@ static void rcu_sysidle_enter(struct rcu_dynticks *rdtp, int irq) /* Record start of fully idle period. */ j = jiffies; @@ -94727,7 +91351,7 @@ index 02ac0fb..4aa4a36 100644 } /* -@@ -2530,9 +2530,9 @@ static void rcu_sysidle_exit(struct rcu_dynticks *rdtp, int irq) +@@ -2710,9 +2710,9 @@ static void rcu_sysidle_exit(struct rcu_dynticks *rdtp, int irq) /* Record end of idle period. */ smp_mb__before_atomic(); @@ -94739,7 +91363,7 @@ index 02ac0fb..4aa4a36 100644 /* * If we are the timekeeping CPU, we are permitted to be non-idle -@@ -2573,7 +2573,7 @@ static void rcu_sysidle_check_cpu(struct rcu_data *rdp, bool *isidle, +@@ -2753,7 +2753,7 @@ static void rcu_sysidle_check_cpu(struct rcu_data *rdp, bool *isidle, WARN_ON_ONCE(smp_processor_id() != tick_do_timer_cpu); /* Pick up current idle and NMI-nesting counter and check. */ @@ -94748,7 +91372,7 @@ index 02ac0fb..4aa4a36 100644 if (cur & 0x1) { *isidle = false; /* We are not idle! */ return; -@@ -2622,7 +2622,7 @@ static void rcu_sysidle(unsigned long j) +@@ -2802,7 +2802,7 @@ static void rcu_sysidle(unsigned long j) case RCU_SYSIDLE_NOT: /* First time all are idle, so note a short idle period. */ @@ -94757,7 +91381,7 @@ index 02ac0fb..4aa4a36 100644 break; case RCU_SYSIDLE_SHORT: -@@ -2660,7 +2660,7 @@ static void rcu_sysidle_cancel(void) +@@ -2840,7 +2840,7 @@ static void rcu_sysidle_cancel(void) { smp_mb(); if (full_sysidle_state > RCU_SYSIDLE_SHORT) @@ -94766,7 +91390,7 @@ index 02ac0fb..4aa4a36 100644 } /* -@@ -2708,7 +2708,7 @@ static void rcu_sysidle_cb(struct rcu_head *rhp) +@@ -2888,7 +2888,7 @@ static void rcu_sysidle_cb(struct rcu_head *rhp) smp_mb(); /* grace period precedes setting inuse. */ rshp = container_of(rhp, struct rcu_sysidle_head, rh); @@ -94817,10 +91441,10 @@ index 5cdc62e..cc52e88 100644 } diff --git a/kernel/rcu/update.c b/kernel/rcu/update.c -index bc78835..7691a45 100644 +index 4056d79..c11741a 100644 --- a/kernel/rcu/update.c +++ b/kernel/rcu/update.c -@@ -311,10 +311,10 @@ int rcu_jiffies_till_stall_check(void) +@@ -308,10 +308,10 @@ int rcu_jiffies_till_stall_check(void) * for CONFIG_RCU_CPU_STALL_TIMEOUT. */ if (till_stall_check < 3) { @@ -94834,10 +91458,10 @@ index bc78835..7691a45 100644 } return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; diff --git a/kernel/resource.c b/kernel/resource.c -index 3c2237a..4568d96 100644 +index 60c5a38..ed77193 100644 --- a/kernel/resource.c +++ b/kernel/resource.c -@@ -152,8 +152,18 @@ static const struct file_operations proc_iomem_operations = { +@@ -161,8 +161,18 @@ static const struct file_operations proc_iomem_operations = { static int __init ioresources_init(void) { @@ -94910,10 +91534,10 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 0acf96b..80ba955 100644 +index ec1a286..6b516b8 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -1849,7 +1849,7 @@ void set_numabalancing_state(bool enabled) +@@ -1857,7 +1857,7 @@ void set_numabalancing_state(bool enabled) int sysctl_numa_balancing(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -94922,7 +91546,7 @@ index 0acf96b..80ba955 100644 int err; int state = numabalancing_enabled; -@@ -2312,8 +2312,10 @@ context_switch(struct rq *rq, struct task_struct *prev, +@@ -2320,8 +2320,10 @@ context_switch(struct rq *rq, struct task_struct *prev, next->active_mm = oldmm; atomic_inc(&oldmm->mm_count); enter_lazy_tlb(oldmm, next); @@ -94934,7 +91558,7 @@ index 0acf96b..80ba955 100644 if (!prev->mm) { prev->active_mm = NULL; -@@ -3081,6 +3083,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3103,6 +3105,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = nice_to_rlimit(nice); @@ -94943,7 +91567,7 @@ index 0acf96b..80ba955 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3107,7 +3111,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3129,7 +3133,8 @@ SYSCALL_DEFINE1(nice, int, increment) nice = task_nice(current) + increment; nice = clamp_val(nice, MIN_NICE, MAX_NICE); @@ -94953,7 +91577,7 @@ index 0acf96b..80ba955 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3380,6 +3385,7 @@ recheck: +@@ -3408,6 +3413,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -94961,7 +91585,7 @@ index 0acf96b..80ba955 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4772,6 +4778,7 @@ void idle_task_exit(void) +@@ -4797,6 +4803,7 @@ void idle_task_exit(void) if (mm != &init_mm) { switch_mm(mm, &init_mm, current); @@ -94969,7 +91593,7 @@ index 0acf96b..80ba955 100644 finish_arch_post_lock_switch(); } mmdrop(mm); -@@ -4867,7 +4874,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4892,7 +4899,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -94978,7 +91602,7 @@ index 0acf96b..80ba955 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4884,17 +4891,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4909,17 +4916,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -95000,7 +91624,7 @@ index 0acf96b..80ba955 100644 /* * In the intermediate directories, both the child directory and -@@ -4902,22 +4909,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4927,22 +4934,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -95032,7 +91656,7 @@ index 0acf96b..80ba955 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4937,7 +4947,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4962,7 +4972,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -95041,7 +91665,7 @@ index 0acf96b..80ba955 100644 if (table == NULL) return NULL; -@@ -4975,9 +4985,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5000,9 +5010,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -95053,7 +91677,7 @@ index 0acf96b..80ba955 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5004,11 +5014,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5029,11 +5039,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -95068,7 +91692,7 @@ index 0acf96b..80ba955 100644 if (entry == NULL) return; -@@ -5031,8 +5043,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5056,8 +5068,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -95084,10 +91708,10 @@ index 0acf96b..80ba955 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index fea7d33..84faa94 100644 +index bfa3c86..e58767c 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -1857,7 +1857,7 @@ void task_numa_fault(int last_cpupid, int mem_node, int pages, int flags) +@@ -1873,7 +1873,7 @@ void task_numa_fault(int last_cpupid, int mem_node, int pages, int flags) static void reset_ptenuma_scan(struct task_struct *p) { @@ -95096,7 +91720,7 @@ index fea7d33..84faa94 100644 p->mm->numa_scan_offset = 0; } -@@ -7289,7 +7289,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } +@@ -7339,7 +7339,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -95106,10 +91730,10 @@ index fea7d33..84faa94 100644 struct rq *this_rq = this_rq(); enum cpu_idle_type idle = this_rq->idle_balance ? diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h -index 31cc02e..734fb85 100644 +index 579712f..a338a9d 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h -@@ -1153,7 +1153,7 @@ struct sched_class { +@@ -1146,7 +1146,7 @@ struct sched_class { #ifdef CONFIG_FAIR_GROUP_SCHED void (*task_move_group) (struct task_struct *p, int on_rq); #endif @@ -95119,350 +91743,39 @@ index 31cc02e..734fb85 100644 static inline void put_prev_task(struct rq *rq, struct task_struct *prev) { diff --git a/kernel/seccomp.c b/kernel/seccomp.c -index 301bbc2..eda2da3 100644 +index 44eb005..84922be 100644 --- a/kernel/seccomp.c +++ b/kernel/seccomp.c -@@ -39,7 +39,7 @@ - * is only needed for handling filters shared across tasks. - * @prev: points to a previously installed, or inherited, filter - * @len: the number of instructions in the program -- * @insnsi: the BPF program instructions to evaluate -+ * @insns: the BPF program instructions to evaluate - * - * seccomp_filter objects are organized in a tree linked via the @prev - * pointer. For any task, it appears to be a singly-linked list starting -@@ -54,32 +54,61 @@ - struct seccomp_filter { - atomic_t usage; - struct seccomp_filter *prev; -- struct sk_filter *prog; -+ unsigned short len; /* Instruction count */ -+ struct sock_filter insns[]; - }; - - /* Limit any path through the tree to 256KB worth of instructions. */ - #define MAX_INSNS_PER_PATH ((1 << 18) / sizeof(struct sock_filter)) - --/* -+/** -+ * get_u32 - returns a u32 offset into data -+ * @data: a unsigned 64 bit value -+ * @index: 0 or 1 to return the first or second 32-bits -+ * -+ * This inline exists to hide the length of unsigned long. If a 32-bit -+ * unsigned long is passed in, it will be extended and the top 32-bits will be -+ * 0. If it is a 64-bit unsigned long, then whatever data is resident will be -+ * properly returned. -+ * - * Endianness is explicitly ignored and left for BPF program authors to manage - * as per the specific architecture. - */ --static void populate_seccomp_data(struct seccomp_data *sd) -+static inline u32 get_u32(u64 data, int index) - { -- struct task_struct *task = current; -- struct pt_regs *regs = task_pt_regs(task); -- unsigned long args[6]; -+ return ((u32 *)&data)[index]; -+} - -- sd->nr = syscall_get_nr(task, regs); -- sd->arch = syscall_get_arch(); -- syscall_get_arguments(task, regs, 0, 6, args); -- sd->args[0] = args[0]; -- sd->args[1] = args[1]; -- sd->args[2] = args[2]; -- sd->args[3] = args[3]; -- sd->args[4] = args[4]; -- sd->args[5] = args[5]; -- sd->instruction_pointer = KSTK_EIP(task); -+/* Helper for bpf_load below. */ -+#define BPF_DATA(_name) offsetof(struct seccomp_data, _name) -+/** -+ * bpf_load: checks and returns a pointer to the requested offset -+ * @off: offset into struct seccomp_data to load from -+ * -+ * Returns the requested 32-bits of data. -+ * seccomp_check_filter() should assure that @off is 32-bit aligned -+ * and not out of bounds. Failure to do so is a BUG. -+ */ -+u32 seccomp_bpf_load(int off) -+{ -+ struct pt_regs *regs = task_pt_regs(current); -+ if (off == BPF_DATA(nr)) -+ return syscall_get_nr(current, regs); -+ if (off == BPF_DATA(arch)) -+ return syscall_get_arch(); -+ if (off >= BPF_DATA(args[0]) && off < BPF_DATA(args[6])) { -+ unsigned long value; -+ int arg = (off - BPF_DATA(args[0])) / sizeof(u64); -+ int index = !!(off % sizeof(u64)); -+ syscall_get_arguments(current, regs, arg, 1, &value); -+ return get_u32(value, index); -+ } -+ if (off == BPF_DATA(instruction_pointer)) -+ return get_u32(KSTK_EIP(current), 0); -+ if (off == BPF_DATA(instruction_pointer) + sizeof(u32)) -+ return get_u32(KSTK_EIP(current), 1); -+ /* seccomp_check_filter should make this impossible. */ -+ BUG(); - } - - /** -@@ -103,59 +132,59 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen) - u32 k = ftest->k; - - switch (code) { -- case BPF_LD | BPF_W | BPF_ABS: -- ftest->code = BPF_LDX | BPF_W | BPF_ABS; -+ case BPF_S_LD_W_ABS: -+ ftest->code = BPF_S_ANC_SECCOMP_LD_W; - /* 32-bit aligned and not out of bounds. */ - if (k >= sizeof(struct seccomp_data) || k & 3) - return -EINVAL; - continue; -- case BPF_LD | BPF_W | BPF_LEN: -- ftest->code = BPF_LD | BPF_IMM; -+ case BPF_S_LD_W_LEN: -+ ftest->code = BPF_S_LD_IMM; - ftest->k = sizeof(struct seccomp_data); - continue; -- case BPF_LDX | BPF_W | BPF_LEN: -- ftest->code = BPF_LDX | BPF_IMM; -+ case BPF_S_LDX_W_LEN: -+ ftest->code = BPF_S_LDX_IMM; - ftest->k = sizeof(struct seccomp_data); - continue; - /* Explicitly include allowed calls. */ -- case BPF_RET | BPF_K: -- case BPF_RET | BPF_A: -- case BPF_ALU | BPF_ADD | BPF_K: -- case BPF_ALU | BPF_ADD | BPF_X: -- case BPF_ALU | BPF_SUB | BPF_K: -- case BPF_ALU | BPF_SUB | BPF_X: -- case BPF_ALU | BPF_MUL | BPF_K: -- case BPF_ALU | BPF_MUL | BPF_X: -- case BPF_ALU | BPF_DIV | BPF_K: -- case BPF_ALU | BPF_DIV | BPF_X: -- case BPF_ALU | BPF_AND | BPF_K: -- case BPF_ALU | BPF_AND | BPF_X: -- case BPF_ALU | BPF_OR | BPF_K: -- case BPF_ALU | BPF_OR | BPF_X: -- case BPF_ALU | BPF_XOR | BPF_K: -- case BPF_ALU | BPF_XOR | BPF_X: -- case BPF_ALU | BPF_LSH | BPF_K: -- case BPF_ALU | BPF_LSH | BPF_X: -- case BPF_ALU | BPF_RSH | BPF_K: -- case BPF_ALU | BPF_RSH | BPF_X: -- case BPF_ALU | BPF_NEG: -- case BPF_LD | BPF_IMM: -- case BPF_LDX | BPF_IMM: -- case BPF_MISC | BPF_TAX: -- case BPF_MISC | BPF_TXA: -- case BPF_LD | BPF_MEM: -- case BPF_LDX | BPF_MEM: -- case BPF_ST: -- case BPF_STX: -- case BPF_JMP | BPF_JA: -- case BPF_JMP | BPF_JEQ | BPF_K: -- case BPF_JMP | BPF_JEQ | BPF_X: -- case BPF_JMP | BPF_JGE | BPF_K: -- case BPF_JMP | BPF_JGE | BPF_X: -- case BPF_JMP | BPF_JGT | BPF_K: -- case BPF_JMP | BPF_JGT | BPF_X: -- case BPF_JMP | BPF_JSET | BPF_K: -- case BPF_JMP | BPF_JSET | BPF_X: -+ case BPF_S_RET_K: -+ case BPF_S_RET_A: -+ case BPF_S_ALU_ADD_K: -+ case BPF_S_ALU_ADD_X: -+ case BPF_S_ALU_SUB_K: -+ case BPF_S_ALU_SUB_X: -+ case BPF_S_ALU_MUL_K: -+ case BPF_S_ALU_MUL_X: -+ case BPF_S_ALU_DIV_X: -+ case BPF_S_ALU_AND_K: -+ case BPF_S_ALU_AND_X: -+ case BPF_S_ALU_OR_K: -+ case BPF_S_ALU_OR_X: -+ case BPF_S_ALU_XOR_K: -+ case BPF_S_ALU_XOR_X: -+ case BPF_S_ALU_LSH_K: -+ case BPF_S_ALU_LSH_X: -+ case BPF_S_ALU_RSH_K: -+ case BPF_S_ALU_RSH_X: -+ case BPF_S_ALU_NEG: -+ case BPF_S_LD_IMM: -+ case BPF_S_LDX_IMM: -+ case BPF_S_MISC_TAX: -+ case BPF_S_MISC_TXA: -+ case BPF_S_ALU_DIV_K: -+ case BPF_S_LD_MEM: -+ case BPF_S_LDX_MEM: -+ case BPF_S_ST: -+ case BPF_S_STX: -+ case BPF_S_JMP_JA: -+ case BPF_S_JMP_JEQ_K: -+ case BPF_S_JMP_JEQ_X: -+ case BPF_S_JMP_JGE_K: -+ case BPF_S_JMP_JGE_X: -+ case BPF_S_JMP_JGT_K: -+ case BPF_S_JMP_JGT_X: -+ case BPF_S_JMP_JSET_K: -+ case BPF_S_JMP_JSET_X: - continue; - default: - return -EINVAL; -@@ -173,22 +202,18 @@ static int seccomp_check_filter(struct sock_filter *filter, unsigned int flen) - static u32 seccomp_run_filters(int syscall) - { - struct seccomp_filter *f; -- struct seccomp_data sd; - u32 ret = SECCOMP_RET_ALLOW; - - /* Ensure unexpected behavior doesn't result in failing open. */ - if (WARN_ON(current->seccomp.filter == NULL)) - return SECCOMP_RET_KILL; - -- populate_seccomp_data(&sd); -- - /* - * All filters in the list are evaluated and the lowest BPF return - * value always takes priority (ignoring the DATA). - */ - for (f = current->seccomp.filter; f; f = f->prev) { -- u32 cur_ret = SK_RUN_FILTER(f->prog, (void *)&sd); -- -+ u32 cur_ret = sk_run_filter(NULL, f->insns); - if ((cur_ret & SECCOMP_RET_ACTION) < (ret & SECCOMP_RET_ACTION)) - ret = cur_ret; - } -@@ -206,20 +231,18 @@ static long seccomp_attach_filter(struct sock_fprog *fprog) - struct seccomp_filter *filter; - unsigned long fp_size = fprog->len * sizeof(struct sock_filter); - unsigned long total_insns = fprog->len; -- struct sock_filter *fp; -- int new_len; - long ret; - - if (fprog->len == 0 || fprog->len > BPF_MAXINSNS) - return -EINVAL; - - for (filter = current->seccomp.filter; filter; filter = filter->prev) -- total_insns += filter->prog->len + 4; /* include a 4 instr penalty */ -+ total_insns += filter->len + 4; /* include a 4 instr penalty */ - if (total_insns > MAX_INSNS_PER_PATH) - return -ENOMEM; - - /* -- * Installing a seccomp filter requires that the task has -+ * Installing a seccomp filter requires that the task have - * CAP_SYS_ADMIN in its namespace or be running with no_new_privs. - * This avoids scenarios where unprivileged tasks can affect the - * behavior of privileged children. -@@ -229,51 +252,28 @@ static long seccomp_attach_filter(struct sock_fprog *fprog) - CAP_SYS_ADMIN) != 0) - return -EACCES; - -- fp = kzalloc(fp_size, GFP_KERNEL|__GFP_NOWARN); -- if (!fp) -- return -ENOMEM; -- -- /* Copy the instructions from fprog. */ -- ret = -EFAULT; -- if (copy_from_user(fp, fprog->filter, fp_size)) -- goto free_prog; -- -- /* Check and rewrite the fprog via the skb checker */ -- ret = sk_chk_filter(fp, fprog->len); -- if (ret) -- goto free_prog; -- -- /* Check and rewrite the fprog for seccomp use */ -- ret = seccomp_check_filter(fp, fprog->len); -- if (ret) -- goto free_prog; -- -- /* Convert 'sock_filter' insns to 'sock_filter_int' insns */ -- ret = sk_convert_filter(fp, fprog->len, NULL, &new_len); -- if (ret) -- goto free_prog; -- - /* Allocate a new seccomp_filter */ -- ret = -ENOMEM; -- filter = kzalloc(sizeof(struct seccomp_filter), -+ filter = kzalloc(sizeof(struct seccomp_filter) + fp_size, - GFP_KERNEL|__GFP_NOWARN); +@@ -395,16 +395,15 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) if (!filter) -- goto free_prog; -- -- filter->prog = kzalloc(sk_filter_size(new_len), + goto free_prog; + +- filter->prog = kzalloc(bpf_prog_size(new_len), - GFP_KERNEL|__GFP_NOWARN); -- if (!filter->prog) -- goto free_filter; -- -- ret = sk_convert_filter(fp, fprog->len, filter->prog->insnsi, &new_len); -- if (ret) -- goto free_filter_prog; ++ filter->prog = bpf_prog_alloc(bpf_prog_size(new_len), __GFP_NOWARN); + if (!filter->prog) + goto free_filter; + + ret = bpf_convert_filter(fp, fprog->len, filter->prog->insnsi, &new_len); + if (ret) + goto free_filter_prog; - kfree(fp); -- -+ return -ENOMEM; + ++ kfree(fp); atomic_set(&filter->usage, 1); -- filter->prog->len = new_len; -+ filter->len = fprog->len; + filter->prog->len = new_len; -- sk_filter_select_runtime(filter->prog); -+ /* Copy the instructions from fprog. */ -+ ret = -EFAULT; -+ if (copy_from_user(filter->insns, fprog->filter, fp_size)) -+ goto fail; -+ -+ /* Check and rewrite the fprog via the skb checker */ -+ ret = sk_chk_filter(filter->insns, filter->len); -+ if (ret) -+ goto fail; -+ -+ /* Check and rewrite the fprog for seccomp use */ -+ ret = seccomp_check_filter(filter->insns, filter->len); -+ if (ret) -+ goto fail; +@@ -413,7 +412,7 @@ static struct seccomp_filter *seccomp_prepare_filter(struct sock_fprog *fprog) + return filter; - /* - * If there is an existing filter, make it the prev and don't drop its -@@ -282,13 +282,8 @@ static long seccomp_attach_filter(struct sock_fprog *fprog) - filter->prev = current->seccomp.filter; - current->seccomp.filter = filter; - return 0; -- --free_filter_prog: + free_filter_prog: - kfree(filter->prog); --free_filter: -+fail: ++ __bpf_prog_free(filter->prog); + free_filter: kfree(filter); --free_prog: -- kfree(fp); - return ret; - } - -@@ -298,7 +293,7 @@ free_prog: - * - * Returns 0 on success and non-zero otherwise. - */ --static long seccomp_attach_user_filter(char __user *user_filter) -+long seccomp_attach_user_filter(char __user *user_filter) - { - struct sock_fprog fprog; - long ret = -EFAULT; -@@ -337,7 +332,6 @@ void put_seccomp_filter(struct task_struct *tsk) - while (orig && atomic_dec_and_test(&orig->usage)) { - struct seccomp_filter *freeme = orig; - orig = orig->prev; -- sk_filter_free(freeme->prog); - kfree(freeme); - } - } + free_prog: diff --git a/kernel/signal.c b/kernel/signal.c -index a4077e9..f0d4e5c 100644 +index 8f0876f..1153a5a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -53,12 +53,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -95558,7 +91871,7 @@ index a4077e9..f0d4e5c 100644 return ret; } -@@ -1296,8 +1316,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1300,8 +1320,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -95680,7 +91993,7 @@ index 5918d22..e95d1926 100644 .thread_should_run = ksoftirqd_should_run, .thread_fn = run_ksoftirqd, diff --git a/kernel/sys.c b/kernel/sys.c -index 66a751e..a42497e 100644 +index ce81291..df2ca85 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -148,6 +148,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -95863,7 +92176,7 @@ index 66a751e..a42497e 100644 if (!retval) { if (old_rlim) diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 75b22e2..65c0ac8 100644 +index 75875a7..cd8e838 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -94,7 +94,6 @@ @@ -95929,7 +92242,7 @@ index 75b22e2..65c0ac8 100644 #endif +#ifdef CONFIG_PAX_SOFTMODE -+static ctl_table pax_table[] = { ++static struct ctl_table pax_table[] = { + { + .procname = "softmode", + .data = &pax_softmode, @@ -96020,7 +92333,7 @@ index 75b22e2..65c0ac8 100644 }, { .procname = "perf_event_mlock_kb", -@@ -1338,6 +1379,13 @@ static struct ctl_table vm_table[] = { +@@ -1335,6 +1376,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -96034,7 +92347,7 @@ index 75b22e2..65c0ac8 100644 #else { .procname = "nr_trim_pages", -@@ -1827,6 +1875,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1824,6 +1872,16 @@ int proc_dostring(struct ctl_table *table, int write, (char __user *)buffer, lenp, ppos); } @@ -96051,7 +92364,7 @@ index 75b22e2..65c0ac8 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1932,6 +1990,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1929,6 +1987,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -96060,7 +92373,7 @@ index 75b22e2..65c0ac8 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2109,7 +2169,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2106,7 +2166,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -96069,7 +92382,7 @@ index 75b22e2..65c0ac8 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2137,7 +2197,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2134,7 +2194,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -96077,7 +92390,7 @@ index 75b22e2..65c0ac8 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2146,7 +2205,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2143,7 +2202,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -96085,7 +92398,7 @@ index 75b22e2..65c0ac8 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2706,6 +2764,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2703,6 +2761,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -96098,7 +92411,7 @@ index 75b22e2..65c0ac8 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2762,5 +2826,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2759,5 +2823,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -96132,24 +92445,8 @@ index 13d2f7c..c93d0b0 100644 if (info->attrs[TASKSTATS_CMD_ATTR_REGISTER_CPUMASK]) return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) -diff --git a/kernel/time.c b/kernel/time.c -index 3c49ab4..00a3aea 100644 ---- a/kernel/time.c -+++ b/kernel/time.c -@@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) - return error; - - if (tz) { -+ /* we log in do_settimeofday called below, so don't log twice -+ */ -+ if (!tv) -+ gr_log_timechange(); -+ - sys_tz = *tz; - update_vsyscall_tz(); - if (firsttime) { diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index cd45a07..b8a1463 100644 +index a7077d3..dd48a49 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c @@ -823,7 +823,7 @@ static int __init alarmtimer_init(void) @@ -96161,8 +92458,174 @@ index cd45a07..b8a1463 100644 .clock_getres = alarm_clock_getres, .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, +diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c +index 1c2fe7d..ce7483d 100644 +--- a/kernel/time/hrtimer.c ++++ b/kernel/time/hrtimer.c +@@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void) + local_irq_restore(flags); + } + +-static void run_hrtimer_softirq(struct softirq_action *h) ++static __latent_entropy void run_hrtimer_softirq(void) + { + hrtimer_peek_ahead_timers(); + } +diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c +index 3b89464..5e38379 100644 +--- a/kernel/time/posix-cpu-timers.c ++++ b/kernel/time/posix-cpu-timers.c +@@ -1464,14 +1464,14 @@ struct k_clock clock_posix_cpu = { + + static __init int init_posix_cpu_timers(void) + { +- struct k_clock process = { ++ static struct k_clock process = { + .clock_getres = process_cpu_clock_getres, + .clock_get = process_cpu_clock_get, + .timer_create = process_cpu_timer_create, + .nsleep = process_cpu_nsleep, + .nsleep_restart = process_cpu_nsleep_restart, + }; +- struct k_clock thread = { ++ static struct k_clock thread = { + .clock_getres = thread_cpu_clock_getres, + .clock_get = thread_cpu_clock_get, + .timer_create = thread_cpu_timer_create, +diff --git a/kernel/time/posix-timers.c b/kernel/time/posix-timers.c +index 42b463a..a6b008f 100644 +--- a/kernel/time/posix-timers.c ++++ b/kernel/time/posix-timers.c +@@ -43,6 +43,7 @@ + #include <linux/hash.h> + #include <linux/posix-clock.h> + #include <linux/posix-timers.h> ++#include <linux/grsecurity.h> + #include <linux/syscalls.h> + #include <linux/wait.h> + #include <linux/workqueue.h> +@@ -124,7 +125,7 @@ static DEFINE_SPINLOCK(hash_lock); + * which we beg off on and pass to do_sys_settimeofday(). + */ + +-static struct k_clock posix_clocks[MAX_CLOCKS]; ++static struct k_clock *posix_clocks[MAX_CLOCKS]; + + /* + * These ones are defined below. +@@ -277,7 +278,7 @@ static int posix_get_tai(clockid_t which_clock, struct timespec *tp) + */ + static __init int init_posix_timers(void) + { +- struct k_clock clock_realtime = { ++ static struct k_clock clock_realtime = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_clock_realtime_get, + .clock_set = posix_clock_realtime_set, +@@ -289,7 +290,7 @@ static __init int init_posix_timers(void) + .timer_get = common_timer_get, + .timer_del = common_timer_del, + }; +- struct k_clock clock_monotonic = { ++ static struct k_clock clock_monotonic = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_ktime_get_ts, + .nsleep = common_nsleep, +@@ -299,19 +300,19 @@ static __init int init_posix_timers(void) + .timer_get = common_timer_get, + .timer_del = common_timer_del, + }; +- struct k_clock clock_monotonic_raw = { ++ static struct k_clock clock_monotonic_raw = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_get_monotonic_raw, + }; +- struct k_clock clock_realtime_coarse = { ++ static struct k_clock clock_realtime_coarse = { + .clock_getres = posix_get_coarse_res, + .clock_get = posix_get_realtime_coarse, + }; +- struct k_clock clock_monotonic_coarse = { ++ static struct k_clock clock_monotonic_coarse = { + .clock_getres = posix_get_coarse_res, + .clock_get = posix_get_monotonic_coarse, + }; +- struct k_clock clock_tai = { ++ static struct k_clock clock_tai = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_get_tai, + .nsleep = common_nsleep, +@@ -321,7 +322,7 @@ static __init int init_posix_timers(void) + .timer_get = common_timer_get, + .timer_del = common_timer_del, + }; +- struct k_clock clock_boottime = { ++ static struct k_clock clock_boottime = { + .clock_getres = hrtimer_get_res, + .clock_get = posix_get_boottime, + .nsleep = common_nsleep, +@@ -533,7 +534,7 @@ void posix_timers_register_clock(const clockid_t clock_id, + return; + } + +- posix_clocks[clock_id] = *new_clock; ++ posix_clocks[clock_id] = new_clock; + } + EXPORT_SYMBOL_GPL(posix_timers_register_clock); + +@@ -579,9 +580,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id) + return (id & CLOCKFD_MASK) == CLOCKFD ? + &clock_posix_dynamic : &clock_posix_cpu; + +- if (id >= MAX_CLOCKS || !posix_clocks[id].clock_getres) ++ if (id >= MAX_CLOCKS || !posix_clocks[id] || !posix_clocks[id]->clock_getres) + return NULL; +- return &posix_clocks[id]; ++ return posix_clocks[id]; + } + + static int common_timer_create(struct k_itimer *new_timer) +@@ -599,7 +600,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, + struct k_clock *kc = clockid_to_kclock(which_clock); + struct k_itimer *new_timer; + int error, new_timer_id; +- sigevent_t event; ++ sigevent_t event = { }; + int it_id_set = IT_ID_NOT_SET; + + if (!kc) +@@ -1013,6 +1014,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, + if (copy_from_user(&new_tp, tp, sizeof (*tp))) + return -EFAULT; + ++ /* only the CLOCK_REALTIME clock can be set, all other clocks ++ have their clock_set fptr set to a nosettime dummy function ++ CLOCK_REALTIME has a NULL clock_set fptr which causes it to ++ call common_clock_set, which calls do_sys_settimeofday, which ++ we hook ++ */ ++ + return kc->clock_set(which_clock, &new_tp); + } + +diff --git a/kernel/time/time.c b/kernel/time/time.c +index a9ae20f..d3fbde7 100644 +--- a/kernel/time/time.c ++++ b/kernel/time/time.c +@@ -173,6 +173,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) + return error; + + if (tz) { ++ /* we log in do_settimeofday called below, so don't log twice ++ */ ++ if (!tv) ++ gr_log_timechange(); ++ + sys_tz = *tz; + update_vsyscall_tz(); + if (firsttime) { diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 32d8d6a..11486af 100644 +index ec1791f..6a086cd 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -15,6 +15,7 @@ @@ -96173,15 +92636,37 @@ index 32d8d6a..11486af 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -502,6 +503,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -717,6 +718,8 @@ int do_settimeofday(const struct timespec *tv) if (!timespec_valid_strict(tv)) return -EINVAL; + gr_log_timechange(); + raw_spin_lock_irqsave(&timekeeper_lock, flags); - write_seqcount_begin(&timekeeper_seq); + write_seqcount_begin(&tk_core.seq); +diff --git a/kernel/time/timer.c b/kernel/time/timer.c +index 9bbb834..3caa8ed 100644 +--- a/kernel/time/timer.c ++++ b/kernel/time/timer.c +@@ -1394,7 +1394,7 @@ void update_process_times(int user_tick) + /* + * This function runs timers and the timer-tq in bottom half context. + */ +-static void run_timer_softirq(struct softirq_action *h) ++static __latent_entropy void run_timer_softirq(void) + { + struct tvec_base *base = __this_cpu_read(tvec_bases); + +@@ -1457,7 +1457,7 @@ static void process_timeout(unsigned long __data) + * + * In all cases the return value is guaranteed to be non-negative. + */ +-signed long __sched schedule_timeout(signed long timeout) ++signed long __sched __intentional_overflow(-1) schedule_timeout(signed long timeout) + { + struct timer_list timer; + unsigned long expire; diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c index 61ed862..3b52c65 100644 --- a/kernel/time/timer_list.c @@ -96299,30 +92784,8 @@ index 1fb08f2..ca4bb1e 100644 if (!pe) return -ENOMEM; return 0; -diff --git a/kernel/timer.c b/kernel/timer.c -index 3bb01a3..0e7760e 100644 ---- a/kernel/timer.c -+++ b/kernel/timer.c -@@ -1393,7 +1393,7 @@ void update_process_times(int user_tick) - /* - * This function runs timers and the timer-tq in bottom half context. - */ --static void run_timer_softirq(struct softirq_action *h) -+static __latent_entropy void run_timer_softirq(void) - { - struct tvec_base *base = __this_cpu_read(tvec_bases); - -@@ -1456,7 +1456,7 @@ static void process_timeout(unsigned long __data) - * - * In all cases the return value is guaranteed to be non-negative. - */ --signed long __sched schedule_timeout(signed long timeout) -+signed long __sched __intentional_overflow(-1) schedule_timeout(signed long timeout) - { - struct timer_list timer; - unsigned long expire; diff --git a/kernel/torture.c b/kernel/torture.c -index 40bb511..91190b9 100644 +index d600af2..27a4e9d 100644 --- a/kernel/torture.c +++ b/kernel/torture.c @@ -484,7 +484,7 @@ static int torture_shutdown_notify(struct notifier_block *unused1, @@ -96393,10 +92856,10 @@ index c1bd4ad..4b861dc 100644 ret = -EIO; diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index ca167e6..6cf8f83 100644 +index 5916a8e..5cd3b1f 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1964,12 +1964,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -2128,12 +2128,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -96416,7 +92879,7 @@ index ca167e6..6cf8f83 100644 } /* -@@ -4170,8 +4175,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -4458,8 +4463,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -96428,7 +92891,7 @@ index ca167e6..6cf8f83 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 5186298..0869bc2 100644 +index 2d75c94..5ef6d32 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -96500,7 +92963,7 @@ index 5186298..0869bc2 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -2080,7 +2080,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -96509,7 +92972,7 @@ index 5186298..0869bc2 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2230,7 +2230,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -96518,7 +92981,7 @@ index 5186298..0869bc2 100644 return; } -@@ -2265,7 +2265,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -96527,7 +92990,7 @@ index 5186298..0869bc2 100644 return; } -@@ -2277,7 +2277,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -96536,7 +92999,7 @@ index 5186298..0869bc2 100644 } /* -@@ -2303,7 +2303,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -96545,7 +93008,7 @@ index 5186298..0869bc2 100644 goto out_reset; } -@@ -2359,7 +2359,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -96554,7 +93017,7 @@ index 5186298..0869bc2 100644 goto out_reset; } } -@@ -2407,7 +2407,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -96563,7 +93026,7 @@ index 5186298..0869bc2 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2431,7 +2431,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -96572,7 +93035,7 @@ index 5186298..0869bc2 100644 /* * If this is the first commit on the page, then update -@@ -2464,7 +2464,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -96581,7 +93044,7 @@ index 5186298..0869bc2 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2474,7 +2474,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -96590,7 +93053,7 @@ index 5186298..0869bc2 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2866,7 +2866,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -96599,7 +93062,7 @@ index 5186298..0869bc2 100644 return; } -@@ -2878,7 +2878,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -96608,7 +93071,7 @@ index 5186298..0869bc2 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -3162,7 +3162,7 @@ static inline unsigned long +@@ -3146,7 +3146,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -96617,7 +93080,7 @@ index 5186298..0869bc2 100644 } /** -@@ -3251,7 +3251,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -96626,7 +93089,7 @@ index 5186298..0869bc2 100644 return ret; } -@@ -3274,7 +3274,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -96635,7 +93098,7 @@ index 5186298..0869bc2 100644 return ret; } -@@ -3359,7 +3359,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -96644,7 +93107,7 @@ index 5186298..0869bc2 100644 } return overruns; -@@ -3530,8 +3530,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3514,8 +3514,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -96655,7 +93118,7 @@ index 5186298..0869bc2 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3565,7 +3565,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3549,7 +3549,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -96664,7 +93127,7 @@ index 5186298..0869bc2 100644 /* * Here's the tricky part. -@@ -4137,8 +4137,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4121,8 +4121,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -96675,7 +93138,7 @@ index 5186298..0869bc2 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4148,14 +4148,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4132,14 +4132,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -96694,7 +93157,7 @@ index 5186298..0869bc2 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4560,8 +4560,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4544,8 +4544,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -96706,10 +93169,10 @@ index 5186298..0869bc2 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 291397e..db3836d 100644 +index 8a52839..dd6d7c8 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -3510,7 +3510,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -3487,7 +3487,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -96719,10 +93182,10 @@ index 291397e..db3836d 100644 /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index 9258f5a..9b1e41e 100644 +index 385391f..8d2250f 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h -@@ -1278,7 +1278,7 @@ extern const char *__stop___tracepoint_str[]; +@@ -1280,7 +1280,7 @@ extern const char *__stop___tracepoint_str[]; void trace_printk_init_buffers(void); void trace_printk_start_comm(void); int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); @@ -96752,10 +93215,10 @@ index 57b67b1..66082a9 100644 + return atomic64_inc_return_unchecked(&trace_counter); } diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 2de5362..c4c7003 100644 +index ef06ce7..3ea161d 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1722,7 +1722,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call, +@@ -1720,7 +1720,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call, return 0; } @@ -96804,19 +93267,10 @@ index 0abd9b8..6a663a2 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index f3dad80..d291d61 100644 +index c6977d5..d243785 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c -@@ -322,7 +322,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) - - p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len); - if (!IS_ERR(p)) { -- p = mangle_path(s->buffer + s->len, p, "\n"); -+ p = mangle_path(s->buffer + s->len, p, "\n\\"); - if (p) { - s->len = p - s->buffer; - return 1; -@@ -980,14 +980,16 @@ int register_ftrace_event(struct trace_event *event) +@@ -712,14 +712,16 @@ int register_ftrace_event(struct trace_event *event) goto out; } @@ -96837,6 +93291,19 @@ index f3dad80..d291d61 100644 key = event->type & (EVENT_HASHSIZE - 1); +diff --git a/kernel/trace/trace_seq.c b/kernel/trace/trace_seq.c +index 1f24ed9..10407ec 100644 +--- a/kernel/trace/trace_seq.c ++++ b/kernel/trace/trace_seq.c +@@ -367,7 +367,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) + + p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len); + if (!IS_ERR(p)) { +- p = mangle_path(s->buffer + s->len, p, "\n"); ++ p = mangle_path(s->buffer + s->len, p, "\n\\"); + if (p) { + s->len = p - s->buffer; + return 1; diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c index 8a4e5cb..64f270d 100644 --- a/kernel/trace/trace_stack.c @@ -96851,7 +93318,7 @@ index 8a4e5cb..64f270d 100644 local_irq_save(flags); diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index fcc0256..aee880f 100644 +index aa312b0..395f343 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -82,6 +82,21 @@ int create_user_ns(struct cred *new) @@ -96899,10 +93366,10 @@ index c8eac43..4b5f08f 100644 memcpy(&uts_table, table, sizeof(uts_table)); uts_table.data = get_uts(table, write); diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index c3319bd..67efc3c 100644 +index a8d6914..8fbdb13 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c -@@ -518,7 +518,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; } +@@ -521,7 +521,7 @@ static int watchdog_nmi_enable(unsigned int cpu) { return 0; } static void watchdog_nmi_disable(unsigned int cpu) { return; } #endif /* CONFIG_HARDLOCKUP_DETECTOR */ @@ -96912,10 +93379,10 @@ index c3319bd..67efc3c 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 35974ac..43c9e87 100644 +index 5dbe22a..872413c 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4576,7 +4576,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4507,7 +4507,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -96924,25 +93391,11 @@ index 35974ac..43c9e87 100644 } spin_unlock_irq(&pool->lock); -diff --git a/lib/Kconfig b/lib/Kconfig -index 334f772..74b8ec3 100644 ---- a/lib/Kconfig -+++ b/lib/Kconfig -@@ -51,6 +51,9 @@ config PERCPU_RWSEM - config ARCH_USE_CMPXCHG_LOCKREF - bool - -+config ARCH_HAS_FAST_MULTIPLIER -+ bool -+ - config CRC_CCITT - tristate "CRC-CCITT functions" - help diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 7a638aa..20db901 100644 +index a285900..5e3b26b 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -858,7 +858,7 @@ config DEBUG_MUTEXES +@@ -882,7 +882,7 @@ config DEBUG_MUTEXES config DEBUG_WW_MUTEX_SLOWPATH bool "Wait/wound mutex debugging: Slowpath testing" @@ -96951,7 +93404,7 @@ index 7a638aa..20db901 100644 select DEBUG_LOCK_ALLOC select DEBUG_SPINLOCK select DEBUG_MUTEXES -@@ -871,7 +871,7 @@ config DEBUG_WW_MUTEX_SLOWPATH +@@ -899,7 +899,7 @@ config DEBUG_WW_MUTEX_SLOWPATH config DEBUG_LOCK_ALLOC bool "Lock debugging: detect incorrect freeing of live locks" @@ -96960,7 +93413,7 @@ index 7a638aa..20db901 100644 select DEBUG_SPINLOCK select DEBUG_MUTEXES select LOCKDEP -@@ -885,7 +885,7 @@ config DEBUG_LOCK_ALLOC +@@ -913,7 +913,7 @@ config DEBUG_LOCK_ALLOC config PROVE_LOCKING bool "Lock debugging: prove locking correctness" @@ -96969,7 +93422,7 @@ index 7a638aa..20db901 100644 select LOCKDEP select DEBUG_SPINLOCK select DEBUG_MUTEXES -@@ -936,7 +936,7 @@ config LOCKDEP +@@ -964,7 +964,7 @@ config LOCKDEP config LOCK_STAT bool "Lock usage statistics" @@ -96978,7 +93431,7 @@ index 7a638aa..20db901 100644 select LOCKDEP select DEBUG_SPINLOCK select DEBUG_MUTEXES -@@ -1418,6 +1418,7 @@ config LATENCYTOP +@@ -1437,6 +1437,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS @@ -96986,7 +93439,7 @@ index 7a638aa..20db901 100644 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND && !ARC select KALLSYMS select KALLSYMS_ALL -@@ -1434,7 +1435,7 @@ config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS +@@ -1453,7 +1454,7 @@ config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS config DEBUG_STRICT_USER_COPY_CHECKS bool "Strict user copy size checks" depends on ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS @@ -96995,7 +93448,7 @@ index 7a638aa..20db901 100644 help Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. -@@ -1554,7 +1555,7 @@ endmenu # runtime tests +@@ -1581,7 +1582,7 @@ endmenu # runtime tests config PROVIDE_OHCI1394_DMA_INIT bool "Remote debugging over FireWire early on boot" @@ -97005,18 +93458,10 @@ index 7a638aa..20db901 100644 If you want to debug problems which hang or crash the kernel early on boot and the crashing machine has a FireWire port, you can use diff --git a/lib/Makefile b/lib/Makefile -index ba967a1..2cc869a 100644 +index d6b4bc4..a3724eb 100644 --- a/lib/Makefile +++ b/lib/Makefile -@@ -33,7 +33,6 @@ obj-y += kstrtox.o - obj-$(CONFIG_TEST_KSTRTOX) += test-kstrtox.o - obj-$(CONFIG_TEST_MODULE) += test_module.o - obj-$(CONFIG_TEST_USER_COPY) += test_user_copy.o --obj-$(CONFIG_TEST_BPF) += test_bpf.o - - ifeq ($(CONFIG_DEBUG_KOBJECT),y) - CFLAGS_kobject.o += -DDEBUG -@@ -54,7 +53,7 @@ obj-$(CONFIG_BTREE) += btree.o +@@ -55,7 +55,7 @@ obj-$(CONFIG_BTREE) += btree.o obj-$(CONFIG_INTERVAL_TREE) += interval_tree.o obj-$(CONFIG_ASSOCIATIVE_ARRAY) += assoc_array.o obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o @@ -97039,10 +93484,10 @@ index 114d1be..ab0350c 100644 (val << avg->factor)) >> avg->weight : (val << avg->factor); diff --git a/lib/bitmap.c b/lib/bitmap.c -index 06f7e4f..f3cf2b0 100644 +index 1e031f2..a53eb90 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c -@@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, +@@ -429,7 +429,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, { int c, old_c, totaldigits, ndigits, nchunks, nbits; u32 chunk; @@ -97051,7 +93496,7 @@ index 06f7e4f..f3cf2b0 100644 bitmap_zero(maskp, nmaskbits); -@@ -507,7 +507,7 @@ int bitmap_parse_user(const char __user *ubuf, +@@ -514,7 +514,7 @@ int bitmap_parse_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -97060,7 +93505,7 @@ index 06f7e4f..f3cf2b0 100644 ulen, 1, maskp, nmaskbits); } -@@ -598,7 +598,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, +@@ -605,7 +605,7 @@ static int __bitmap_parselist(const char *buf, unsigned int buflen, { unsigned a, b; int c, old_c, totaldigits; @@ -97069,7 +93514,7 @@ index 06f7e4f..f3cf2b0 100644 int exp_digit, in_range; totaldigits = c = 0; -@@ -698,7 +698,7 @@ int bitmap_parselist_user(const char __user *ubuf, +@@ -700,7 +700,7 @@ int bitmap_parselist_user(const char __user *ubuf, { if (!access_ok(VERIFY_READ, ubuf, ulen)) return -EFAULT; @@ -97161,28 +93606,6 @@ index fea973f..386626f 100644 .hash = jhash, .hash2 = jhash2, }; -diff --git a/lib/hweight.c b/lib/hweight.c -index b7d81ba..9a5c1f2 100644 ---- a/lib/hweight.c -+++ b/lib/hweight.c -@@ -11,7 +11,7 @@ - - unsigned int __sw_hweight32(unsigned int w) - { --#ifdef ARCH_HAS_FAST_MULTIPLIER -+#ifdef CONFIG_ARCH_HAS_FAST_MULTIPLIER - w -= (w >> 1) & 0x55555555; - w = (w & 0x33333333) + ((w >> 2) & 0x33333333); - w = (w + (w >> 4)) & 0x0f0f0f0f; -@@ -49,7 +49,7 @@ unsigned long __sw_hweight64(__u64 w) - return __sw_hweight32((unsigned int)(w >> 32)) + - __sw_hweight32((unsigned int)w); - #elif BITS_PER_LONG == 64 --#ifdef ARCH_HAS_FAST_MULTIPLIER -+#ifdef CONFIG_ARCH_HAS_FAST_MULTIPLIER - w -= (w >> 1) & 0x5555555555555555ul; - w = (w & 0x3333333333333333ul) + ((w >> 2) & 0x3333333333333333ul); - w = (w + (w >> 4)) & 0x0f0f0f0f0f0f0f0ful; diff --git a/lib/inflate.c b/lib/inflate.c index 013a761..c28f3fc 100644 --- a/lib/inflate.c @@ -97470,10 +93893,10 @@ index c24c2f7..f0296f4 100644 +} +EXPORT_SYMBOL(pax_list_del_rcu); diff --git a/lib/lockref.c b/lib/lockref.c -index f07a40d..0a445a7 100644 +index d2233de..fa1a2f6 100644 --- a/lib/lockref.c +++ b/lib/lockref.c -@@ -49,13 +49,13 @@ +@@ -48,13 +48,13 @@ void lockref_get(struct lockref *lockref) { CMPXCHG_LOOP( @@ -97489,7 +93912,7 @@ index f07a40d..0a445a7 100644 spin_unlock(&lockref->lock); } EXPORT_SYMBOL(lockref_get); -@@ -70,7 +70,7 @@ int lockref_get_not_zero(struct lockref *lockref) +@@ -69,7 +69,7 @@ int lockref_get_not_zero(struct lockref *lockref) int retval; CMPXCHG_LOOP( @@ -97498,7 +93921,7 @@ index f07a40d..0a445a7 100644 if (!old.count) return 0; , -@@ -80,7 +80,7 @@ int lockref_get_not_zero(struct lockref *lockref) +@@ -79,7 +79,7 @@ int lockref_get_not_zero(struct lockref *lockref) spin_lock(&lockref->lock); retval = 0; if (lockref->count) { @@ -97507,7 +93930,7 @@ index f07a40d..0a445a7 100644 retval = 1; } spin_unlock(&lockref->lock); -@@ -97,7 +97,7 @@ EXPORT_SYMBOL(lockref_get_not_zero); +@@ -96,7 +96,7 @@ EXPORT_SYMBOL(lockref_get_not_zero); int lockref_get_or_lock(struct lockref *lockref) { CMPXCHG_LOOP( @@ -97516,7 +93939,7 @@ index f07a40d..0a445a7 100644 if (!old.count) break; , -@@ -107,7 +107,7 @@ int lockref_get_or_lock(struct lockref *lockref) +@@ -106,7 +106,7 @@ int lockref_get_or_lock(struct lockref *lockref) spin_lock(&lockref->lock); if (!lockref->count) return 0; @@ -97525,7 +93948,7 @@ index f07a40d..0a445a7 100644 spin_unlock(&lockref->lock); return 1; } -@@ -121,7 +121,7 @@ EXPORT_SYMBOL(lockref_get_or_lock); +@@ -120,7 +120,7 @@ EXPORT_SYMBOL(lockref_get_or_lock); int lockref_put_or_lock(struct lockref *lockref) { CMPXCHG_LOOP( @@ -97534,7 +93957,7 @@ index f07a40d..0a445a7 100644 if (old.count <= 1) break; , -@@ -131,7 +131,7 @@ int lockref_put_or_lock(struct lockref *lockref) +@@ -130,7 +130,7 @@ int lockref_put_or_lock(struct lockref *lockref) spin_lock(&lockref->lock); if (lockref->count <= 1) return 0; @@ -97543,7 +93966,7 @@ index f07a40d..0a445a7 100644 spin_unlock(&lockref->lock); return 1; } -@@ -158,7 +158,7 @@ int lockref_get_not_dead(struct lockref *lockref) +@@ -157,7 +157,7 @@ int lockref_get_not_dead(struct lockref *lockref) int retval; CMPXCHG_LOOP( @@ -97552,7 +93975,7 @@ index f07a40d..0a445a7 100644 if ((int)old.count < 0) return 0; , -@@ -168,7 +168,7 @@ int lockref_get_not_dead(struct lockref *lockref) +@@ -167,7 +167,7 @@ int lockref_get_not_dead(struct lockref *lockref) spin_lock(&lockref->lock); retval = 0; if ((int) lockref->count >= 0) { @@ -97562,7 +93985,7 @@ index f07a40d..0a445a7 100644 } spin_unlock(&lockref->lock); diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c -index 963b703..438bc51 100644 +index a89cf09..1a42c2d 100644 --- a/lib/percpu-refcount.c +++ b/lib/percpu-refcount.c @@ -29,7 +29,7 @@ @@ -97572,8 +93995,8 @@ index 963b703..438bc51 100644 -#define PCPU_COUNT_BIAS (1U << 31) +#define PCPU_COUNT_BIAS (1U << 30) - /** - * percpu_ref_init - initialize a percpu refcount + static unsigned __percpu *pcpu_count_ptr(struct percpu_ref *ref) + { diff --git a/lib/radix-tree.c b/lib/radix-tree.c index 3291a8e..346a91e 100644 --- a/lib/radix-tree.c @@ -97588,11 +94011,11 @@ index 3291a8e..346a91e 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/random32.c b/lib/random32.c -index fa5da61..35fe9af 100644 +index c9b6bf3..4752c6d4 100644 --- a/lib/random32.c +++ b/lib/random32.c -@@ -42,7 +42,7 @@ - static void __init prandom_state_selftest(void); +@@ -46,7 +46,7 @@ static inline void prandom_state_selftest(void) + } #endif -static DEFINE_PER_CPU(struct rnd_state, net_rand_state); @@ -97601,7 +94024,7 @@ index fa5da61..35fe9af 100644 /** * prandom_u32_state - seeded pseudo-random number generator. diff --git a/lib/rbtree.c b/lib/rbtree.c -index 65f4eff..2cfa167 100644 +index c16c81a..4dcbda1 100644 --- a/lib/rbtree.c +++ b/lib/rbtree.c @@ -380,7 +380,9 @@ static inline void dummy_copy(struct rb_node *old, struct rb_node *new) {} @@ -97627,22 +94050,6 @@ index 0922579..9d7adb9 100644 + printk("%lu pages hwpoisoned\n", atomic_long_read_unchecked(&num_poisoned_pages)); #endif } -diff --git a/lib/string.c b/lib/string.c -index 992bf30..f3c6ff5 100644 ---- a/lib/string.c -+++ b/lib/string.c -@@ -807,9 +807,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) - return check_bytes8(start, value, bytes); - - value64 = value; --#if defined(ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 -+#if defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) && BITS_PER_LONG == 64 - value64 *= 0x0101010101010101; --#elif defined(ARCH_HAS_FAST_MULTIPLIER) -+#elif defined(CONFIG_ARCH_HAS_FAST_MULTIPLIER) - value64 *= 0x01010101; - value64 |= value64 << 32; - #else diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index bb2b201..46abaf9 100644 --- a/lib/strncpy_from_user.c @@ -97683,1940 +94090,18 @@ index 4abda07..b9d3765 100644 phys_addr_t paddr = dma_to_phys(hwdev, dev_addr); diff --git a/lib/test_bpf.c b/lib/test_bpf.c -deleted file mode 100644 -index c579e0f..0000000 +index 89e0345..3347efe 100644 --- a/lib/test_bpf.c -+++ /dev/null -@@ -1,1929 +0,0 @@ --/* -- * Testsuite for BPF interpreter and BPF JIT compiler -- * -- * Copyright (c) 2011-2014 PLUMgrid, http://plumgrid.com -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of version 2 of the GNU General Public -- * License as published by the Free Software Foundation. -- * -- * This program is distributed in the hope that it will be useful, but -- * WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * General Public License for more details. -- */ -- --#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -- --#include <linux/init.h> --#include <linux/module.h> --#include <linux/filter.h> --#include <linux/skbuff.h> --#include <linux/netdevice.h> --#include <linux/if_vlan.h> -- --/* General test specific settings */ --#define MAX_SUBTESTS 3 --#define MAX_TESTRUNS 10000 --#define MAX_DATA 128 --#define MAX_INSNS 512 --#define MAX_K 0xffffFFFF -- --/* Few constants used to init test 'skb' */ --#define SKB_TYPE 3 --#define SKB_MARK 0x1234aaaa --#define SKB_HASH 0x1234aaab --#define SKB_QUEUE_MAP 123 --#define SKB_VLAN_TCI 0xffff --#define SKB_DEV_IFINDEX 577 --#define SKB_DEV_TYPE 588 -- --/* Redefine REGs to make tests less verbose */ --#define R0 BPF_REG_0 --#define R1 BPF_REG_1 --#define R2 BPF_REG_2 --#define R3 BPF_REG_3 --#define R4 BPF_REG_4 --#define R5 BPF_REG_5 --#define R6 BPF_REG_6 --#define R7 BPF_REG_7 --#define R8 BPF_REG_8 --#define R9 BPF_REG_9 --#define R10 BPF_REG_10 -- --/* Flags that can be passed to test cases */ --#define FLAG_NO_DATA BIT(0) --#define FLAG_EXPECTED_FAIL BIT(1) -- --enum { -- CLASSIC = BIT(6), /* Old BPF instructions only. */ -- INTERNAL = BIT(7), /* Extended instruction set. */ --}; -- --#define TEST_TYPE_MASK (CLASSIC | INTERNAL) -- --struct bpf_test { -- const char *descr; -- union { -- struct sock_filter insns[MAX_INSNS]; -- struct sock_filter_int insns_int[MAX_INSNS]; -- } u; -- __u8 aux; -- __u8 data[MAX_DATA]; -- struct { -- int data_size; -- __u32 result; -- } test[MAX_SUBTESTS]; --}; -- --static struct bpf_test tests[] = { -- { -- "TAX", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_ALU | BPF_NEG, 0), /* A == -3 */ -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_LEN, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), /* X == len - 3 */ -- BPF_STMT(BPF_LD | BPF_B | BPF_IND, 1), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 10, 20, 30, 40, 50 }, -- { { 2, 10 }, { 3, 20 }, { 4, 30 } }, -- }, -- { -- "TXA", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) /* A == len * 2 */ -- }, -- CLASSIC, -- { 10, 20, 30, 40, 50 }, -- { { 1, 2 }, { 3, 6 }, { 4, 8 } }, -- }, -- { -- "ADD_SUB_MUL_K", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 1), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 2), -- BPF_STMT(BPF_LDX | BPF_IMM, 3), -- BPF_STMT(BPF_ALU | BPF_SUB | BPF_X, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 0xffffffff), -- BPF_STMT(BPF_ALU | BPF_MUL | BPF_K, 3), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC | FLAG_NO_DATA, -- { }, -- { { 0, 0xfffffffd } } -- }, -- { -- "DIV_KX", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 8), -- BPF_STMT(BPF_ALU | BPF_DIV | BPF_K, 2), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_IMM, 0xffffffff), -- BPF_STMT(BPF_ALU | BPF_DIV | BPF_X, 0), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_IMM, 0xffffffff), -- BPF_STMT(BPF_ALU | BPF_DIV | BPF_K, 0x70000000), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC | FLAG_NO_DATA, -- { }, -- { { 0, 0x40000001 } } -- }, -- { -- "AND_OR_LSH_K", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 0xff), -- BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xf0), -- BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 27), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_IMM, 0xf), -- BPF_STMT(BPF_ALU | BPF_OR | BPF_K, 0xf0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC | FLAG_NO_DATA, -- { }, -- { { 0, 0x800000ff }, { 1, 0x800000ff } }, -- }, -- { -- "LD_IMM_0", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 0), /* ld #0 */ -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 0), -- BPF_STMT(BPF_RET | BPF_K, 1), -- }, -- CLASSIC, -- { }, -- { { 1, 1 } }, -- }, -- { -- "LD_IND", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_IND, MAX_K), -- BPF_STMT(BPF_RET | BPF_K, 1) -- }, -- CLASSIC, -- { }, -- { { 1, 0 }, { 10, 0 }, { 60, 0 } }, -- }, -- { -- "LD_ABS", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, 1000), -- BPF_STMT(BPF_RET | BPF_K, 1) -- }, -- CLASSIC, -- { }, -- { { 1, 0 }, { 10, 0 }, { 60, 0 } }, -- }, -- { -- "LD_ABS_LL", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, SKF_LL_OFF), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, SKF_LL_OFF + 1), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 1, 2, 3 }, -- { { 1, 0 }, { 2, 3 } }, -- }, -- { -- "LD_IND_LL", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, SKF_LL_OFF - 1), -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 1, 2, 3, 0xff }, -- { { 1, 1 }, { 3, 3 }, { 4, 0xff } }, -- }, -- { -- "LD_ABS_NET", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, SKF_NET_OFF), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, SKF_NET_OFF + 1), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3 }, -- { { 15, 0 }, { 16, 3 } }, -- }, -- { -- "LD_IND_NET", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, SKF_NET_OFF - 15), -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_IND, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 2, 3 }, -- { { 14, 0 }, { 15, 1 }, { 17, 3 } }, -- }, -- { -- "LD_PKTTYPE", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PKTTYPE), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SKB_TYPE, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 1), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PKTTYPE), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SKB_TYPE, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 1), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PKTTYPE), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, SKB_TYPE, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 1), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, 3 }, { 10, 3 } }, -- }, -- { -- "LD_MARK", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_MARK), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, SKB_MARK}, { 10, SKB_MARK} }, -- }, -- { -- "LD_RXHASH", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_RXHASH), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, SKB_HASH}, { 10, SKB_HASH} }, -- }, -- { -- "LD_QUEUE", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_QUEUE), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, SKB_QUEUE_MAP }, { 10, SKB_QUEUE_MAP } }, -- }, -- { -- "LD_PROTOCOL", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 1), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 20, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 0), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PROTOCOL), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 30, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 0), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { 10, 20, 30 }, -- { { 10, ETH_P_IP }, { 100, ETH_P_IP } }, -- }, -- { -- "LD_VLAN_TAG", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_VLAN_TAG), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { -- { 1, SKB_VLAN_TCI & ~VLAN_TAG_PRESENT }, -- { 10, SKB_VLAN_TCI & ~VLAN_TAG_PRESENT } -- }, -- }, -- { -- "LD_VLAN_TAG_PRESENT", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { -- { 1, !!(SKB_VLAN_TCI & VLAN_TAG_PRESENT) }, -- { 10, !!(SKB_VLAN_TCI & VLAN_TAG_PRESENT) } -- }, -- }, -- { -- "LD_IFINDEX", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_IFINDEX), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, SKB_DEV_IFINDEX }, { 10, SKB_DEV_IFINDEX } }, -- }, -- { -- "LD_HATYPE", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_HATYPE), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, SKB_DEV_TYPE }, { 10, SKB_DEV_TYPE } }, -- }, -- { -- "LD_CPU", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_CPU), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_CPU), -- BPF_STMT(BPF_ALU | BPF_SUB | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, 0 }, { 10, 0 } }, -- }, -- { -- "LD_NLATTR", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_IMM, 2), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_LDX | BPF_IMM, 3), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, --#ifdef __BIG_ENDIAN -- { 0xff, 0xff, 0, 4, 0, 2, 0, 4, 0, 3 }, --#else -- { 0xff, 0xff, 4, 0, 2, 0, 4, 0, 3, 0 }, --#endif -- { { 4, 0 }, { 20, 6 } }, -- }, -- { -- "LD_NLATTR_NEST", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LDX | BPF_IMM, 3), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_NLATTR_NEST), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, --#ifdef __BIG_ENDIAN -- { 0xff, 0xff, 0, 12, 0, 1, 0, 4, 0, 2, 0, 4, 0, 3 }, --#else -- { 0xff, 0xff, 12, 0, 1, 0, 4, 0, 2, 0, 4, 0, 3, 0 }, --#endif -- { { 4, 0 }, { 20, 10 } }, -- }, -- { -- "LD_PAYLOAD_OFF", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PAY_OFFSET), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PAY_OFFSET), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PAY_OFFSET), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PAY_OFFSET), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_PAY_OFFSET), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- /* 00:00:00:00:00:00 > 00:00:00:00:00:00, ethtype IPv4 (0x0800), -- * length 98: 127.0.0.1 > 127.0.0.1: ICMP echo request, -- * id 9737, seq 1, length 64 -- */ -- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -- 0x08, 0x00, -- 0x45, 0x00, 0x00, 0x54, 0xac, 0x8b, 0x40, 0x00, 0x40, -- 0x01, 0x90, 0x1b, 0x7f, 0x00, 0x00, 0x01 }, -- { { 30, 0 }, { 100, 42 } }, -- }, -- { -- "LD_ANC_XOR", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 10), -- BPF_STMT(BPF_LDX | BPF_IMM, 300), -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_ALU_XOR_X), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 4, 10 ^ 300 }, { 20, 10 ^ 300 } }, -- }, -- { -- "SPILL_FILL", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_LD | BPF_IMM, 2), -- BPF_STMT(BPF_ALU | BPF_RSH, 1), -- BPF_STMT(BPF_ALU | BPF_XOR | BPF_X, 0), -- BPF_STMT(BPF_ST, 1), /* M1 = 1 ^ len */ -- BPF_STMT(BPF_ALU | BPF_XOR | BPF_K, 0x80000000), -- BPF_STMT(BPF_ST, 2), /* M2 = 1 ^ len ^ 0x80000000 */ -- BPF_STMT(BPF_STX, 15), /* M3 = len */ -- BPF_STMT(BPF_LDX | BPF_MEM, 1), -- BPF_STMT(BPF_LD | BPF_MEM, 2), -- BPF_STMT(BPF_ALU | BPF_XOR | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 15), -- BPF_STMT(BPF_ALU | BPF_XOR | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { { 1, 0x80000001 }, { 2, 0x80000002 }, { 60, 0x80000000 ^ 60 } } -- }, -- { -- "JEQ", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, 0, 1), -- BPF_STMT(BPF_RET | BPF_K, 1), -- BPF_STMT(BPF_RET | BPF_K, MAX_K) -- }, -- CLASSIC, -- { 3, 3, 3, 3, 3 }, -- { { 1, 0 }, { 3, 1 }, { 4, MAX_K } }, -- }, -- { -- "JGT", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 2), -- BPF_JUMP(BPF_JMP | BPF_JGT | BPF_X, 0, 0, 1), -- BPF_STMT(BPF_RET | BPF_K, 1), -- BPF_STMT(BPF_RET | BPF_K, MAX_K) -- }, -- CLASSIC, -- { 4, 4, 4, 3, 3 }, -- { { 2, 0 }, { 3, 1 }, { 4, MAX_K } }, -- }, -- { -- "JGE", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_LD | BPF_B | BPF_IND, MAX_K), -- BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 1, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 10), -- BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 2, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 20), -- BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 3, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 4, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 40), -- BPF_STMT(BPF_RET | BPF_K, MAX_K) -- }, -- CLASSIC, -- { 1, 2, 3, 4, 5 }, -- { { 1, 20 }, { 3, 40 }, { 5, MAX_K } }, -- }, -- { -- "JSET", -- .u.insns = { -- BPF_JUMP(BPF_JMP | BPF_JA, 0, 0, 0), -- BPF_JUMP(BPF_JMP | BPF_JA, 1, 1, 1), -- BPF_JUMP(BPF_JMP | BPF_JA, 0, 0, 0), -- BPF_JUMP(BPF_JMP | BPF_JA, 0, 0, 0), -- BPF_STMT(BPF_LDX | BPF_LEN, 0), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_SUB | BPF_K, 4), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_LD | BPF_W | BPF_IND, 0), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 1, 0, 1), -- BPF_STMT(BPF_RET | BPF_K, 10), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0x80000000, 0, 1), -- BPF_STMT(BPF_RET | BPF_K, 20), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0xffffff, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0xffffff, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0xffffff, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0xffffff, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0xffffff, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 30), -- BPF_STMT(BPF_RET | BPF_K, MAX_K) -- }, -- CLASSIC, -- { 0, 0xAA, 0x55, 1 }, -- { { 4, 10 }, { 5, 20 }, { 6, MAX_K } }, -- }, -- { -- "tcpdump port 22", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 12), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x86dd, 0, 8), /* IPv6 */ -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 20), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x84, 2, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x6, 1, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x11, 0, 17), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 54), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 14, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 56), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 12, 13), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x0800, 0, 12), /* IPv4 */ -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 23), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x84, 2, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x6, 1, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x11, 0, 8), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 20), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0x1fff, 6, 0), -- BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 14), -- BPF_STMT(BPF_LD | BPF_H | BPF_IND, 14), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 2, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_IND, 16), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 0, 1), -- BPF_STMT(BPF_RET | BPF_K, 0xffff), -- BPF_STMT(BPF_RET | BPF_K, 0), -- }, -- CLASSIC, -- /* 3c:07:54:43:e5:76 > 10:bf:48:d6:43:d6, ethertype IPv4(0x0800) -- * length 114: 10.1.1.149.49700 > 10.1.2.10.22: Flags [P.], -- * seq 1305692979:1305693027, ack 3650467037, win 65535, -- * options [nop,nop,TS val 2502645400 ecr 3971138], length 48 -- */ -- { 0x10, 0xbf, 0x48, 0xd6, 0x43, 0xd6, -- 0x3c, 0x07, 0x54, 0x43, 0xe5, 0x76, -- 0x08, 0x00, -- 0x45, 0x10, 0x00, 0x64, 0x75, 0xb5, -- 0x40, 0x00, 0x40, 0x06, 0xad, 0x2e, /* IP header */ -- 0x0a, 0x01, 0x01, 0x95, /* ip src */ -- 0x0a, 0x01, 0x02, 0x0a, /* ip dst */ -- 0xc2, 0x24, -- 0x00, 0x16 /* dst port */ }, -- { { 10, 0 }, { 30, 0 }, { 100, 65535 } }, -- }, -- { -- "tcpdump complex", -- .u.insns = { -- /* tcpdump -nei eth0 'tcp port 22 and (((ip[2:2] - -- * ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) and -- * (len > 115 or len < 30000000000)' -d -- */ -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 12), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x86dd, 30, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x800, 0, 29), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 23), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 0x6, 0, 27), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 20), -- BPF_JUMP(BPF_JMP | BPF_JSET | BPF_K, 0x1fff, 25, 0), -- BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 14), -- BPF_STMT(BPF_LD | BPF_H | BPF_IND, 14), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 2, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_IND, 16), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, 22, 0, 20), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 16), -- BPF_STMT(BPF_ST, 1), -- BPF_STMT(BPF_LD | BPF_B | BPF_ABS, 14), -- BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xf), -- BPF_STMT(BPF_ALU | BPF_LSH | BPF_K, 2), -- BPF_STMT(BPF_MISC | BPF_TAX, 0x5), /* libpcap emits K on TAX */ -- BPF_STMT(BPF_LD | BPF_MEM, 1), -- BPF_STMT(BPF_ALU | BPF_SUB | BPF_X, 0), -- BPF_STMT(BPF_ST, 5), -- BPF_STMT(BPF_LDX | BPF_B | BPF_MSH, 14), -- BPF_STMT(BPF_LD | BPF_B | BPF_IND, 26), -- BPF_STMT(BPF_ALU | BPF_AND | BPF_K, 0xf0), -- BPF_STMT(BPF_ALU | BPF_RSH | BPF_K, 2), -- BPF_STMT(BPF_MISC | BPF_TAX, 0x9), /* libpcap emits K on TAX */ -- BPF_STMT(BPF_LD | BPF_MEM, 5), -- BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_X, 0, 4, 0), -- BPF_STMT(BPF_LD | BPF_LEN, 0), -- BPF_JUMP(BPF_JMP | BPF_JGT | BPF_K, 0x73, 1, 0), -- BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, 0xfc23ac00, 1, 0), -- BPF_STMT(BPF_RET | BPF_K, 0xffff), -- BPF_STMT(BPF_RET | BPF_K, 0), -- }, -- CLASSIC, -- { 0x10, 0xbf, 0x48, 0xd6, 0x43, 0xd6, -- 0x3c, 0x07, 0x54, 0x43, 0xe5, 0x76, -- 0x08, 0x00, -- 0x45, 0x10, 0x00, 0x64, 0x75, 0xb5, -- 0x40, 0x00, 0x40, 0x06, 0xad, 0x2e, /* IP header */ -- 0x0a, 0x01, 0x01, 0x95, /* ip src */ -- 0x0a, 0x01, 0x02, 0x0a, /* ip dst */ -- 0xc2, 0x24, -- 0x00, 0x16 /* dst port */ }, -- { { 10, 0 }, { 30, 0 }, { 100, 65535 } }, -- }, -- { -- "RET_A", -- .u.insns = { -- /* check that unitialized X and A contain zeros */ -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_RET | BPF_A, 0) -- }, -- CLASSIC, -- { }, -- { {1, 0}, {2, 0} }, -- }, -- { -- "INT: ADD trivial", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R1, 1), -- BPF_ALU64_IMM(BPF_ADD, R1, 2), -- BPF_ALU64_IMM(BPF_MOV, R2, 3), -- BPF_ALU64_REG(BPF_SUB, R1, R2), -- BPF_ALU64_IMM(BPF_ADD, R1, -1), -- BPF_ALU64_IMM(BPF_MUL, R1, 3), -- BPF_ALU64_REG(BPF_MOV, R0, R1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 0xfffffffd } } -- }, -- { -- "INT: MUL_X", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R0, -1), -- BPF_ALU64_IMM(BPF_MOV, R1, -1), -- BPF_ALU64_IMM(BPF_MOV, R2, 3), -- BPF_ALU64_REG(BPF_MUL, R1, R2), -- BPF_JMP_IMM(BPF_JEQ, R1, 0xfffffffd, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOV, R0, 1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 1 } } -- }, -- { -- "INT: MUL_X2", -- .u.insns_int = { -- BPF_ALU32_IMM(BPF_MOV, R0, -1), -- BPF_ALU32_IMM(BPF_MOV, R1, -1), -- BPF_ALU32_IMM(BPF_MOV, R2, 3), -- BPF_ALU64_REG(BPF_MUL, R1, R2), -- BPF_ALU64_IMM(BPF_RSH, R1, 8), -- BPF_JMP_IMM(BPF_JEQ, R1, 0x2ffffff, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_IMM(BPF_MOV, R0, 1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 1 } } -- }, -- { -- "INT: MUL32_X", -- .u.insns_int = { -- BPF_ALU32_IMM(BPF_MOV, R0, -1), -- BPF_ALU64_IMM(BPF_MOV, R1, -1), -- BPF_ALU32_IMM(BPF_MOV, R2, 3), -- BPF_ALU32_REG(BPF_MUL, R1, R2), -- BPF_ALU64_IMM(BPF_RSH, R1, 8), -- BPF_JMP_IMM(BPF_JEQ, R1, 0xffffff, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_IMM(BPF_MOV, R0, 1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 1 } } -- }, -- { -- /* Have to test all register combinations, since -- * JITing of different registers will produce -- * different asm code. -- */ -- "INT: ADD 64-bit", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R0, 0), -- BPF_ALU64_IMM(BPF_MOV, R1, 1), -- BPF_ALU64_IMM(BPF_MOV, R2, 2), -- BPF_ALU64_IMM(BPF_MOV, R3, 3), -- BPF_ALU64_IMM(BPF_MOV, R4, 4), -- BPF_ALU64_IMM(BPF_MOV, R5, 5), -- BPF_ALU64_IMM(BPF_MOV, R6, 6), -- BPF_ALU64_IMM(BPF_MOV, R7, 7), -- BPF_ALU64_IMM(BPF_MOV, R8, 8), -- BPF_ALU64_IMM(BPF_MOV, R9, 9), -- BPF_ALU64_IMM(BPF_ADD, R0, 20), -- BPF_ALU64_IMM(BPF_ADD, R1, 20), -- BPF_ALU64_IMM(BPF_ADD, R2, 20), -- BPF_ALU64_IMM(BPF_ADD, R3, 20), -- BPF_ALU64_IMM(BPF_ADD, R4, 20), -- BPF_ALU64_IMM(BPF_ADD, R5, 20), -- BPF_ALU64_IMM(BPF_ADD, R6, 20), -- BPF_ALU64_IMM(BPF_ADD, R7, 20), -- BPF_ALU64_IMM(BPF_ADD, R8, 20), -- BPF_ALU64_IMM(BPF_ADD, R9, 20), -- BPF_ALU64_IMM(BPF_SUB, R0, 10), -- BPF_ALU64_IMM(BPF_SUB, R1, 10), -- BPF_ALU64_IMM(BPF_SUB, R2, 10), -- BPF_ALU64_IMM(BPF_SUB, R3, 10), -- BPF_ALU64_IMM(BPF_SUB, R4, 10), -- BPF_ALU64_IMM(BPF_SUB, R5, 10), -- BPF_ALU64_IMM(BPF_SUB, R6, 10), -- BPF_ALU64_IMM(BPF_SUB, R7, 10), -- BPF_ALU64_IMM(BPF_SUB, R8, 10), -- BPF_ALU64_IMM(BPF_SUB, R9, 10), -- BPF_ALU64_REG(BPF_ADD, R0, R0), -- BPF_ALU64_REG(BPF_ADD, R0, R1), -- BPF_ALU64_REG(BPF_ADD, R0, R2), -- BPF_ALU64_REG(BPF_ADD, R0, R3), -- BPF_ALU64_REG(BPF_ADD, R0, R4), -- BPF_ALU64_REG(BPF_ADD, R0, R5), -- BPF_ALU64_REG(BPF_ADD, R0, R6), -- BPF_ALU64_REG(BPF_ADD, R0, R7), -- BPF_ALU64_REG(BPF_ADD, R0, R8), -- BPF_ALU64_REG(BPF_ADD, R0, R9), /* R0 == 155 */ -- BPF_JMP_IMM(BPF_JEQ, R0, 155, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R1, R0), -- BPF_ALU64_REG(BPF_ADD, R1, R1), -- BPF_ALU64_REG(BPF_ADD, R1, R2), -- BPF_ALU64_REG(BPF_ADD, R1, R3), -- BPF_ALU64_REG(BPF_ADD, R1, R4), -- BPF_ALU64_REG(BPF_ADD, R1, R5), -- BPF_ALU64_REG(BPF_ADD, R1, R6), -- BPF_ALU64_REG(BPF_ADD, R1, R7), -- BPF_ALU64_REG(BPF_ADD, R1, R8), -- BPF_ALU64_REG(BPF_ADD, R1, R9), /* R1 == 456 */ -- BPF_JMP_IMM(BPF_JEQ, R1, 456, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R2, R0), -- BPF_ALU64_REG(BPF_ADD, R2, R1), -- BPF_ALU64_REG(BPF_ADD, R2, R2), -- BPF_ALU64_REG(BPF_ADD, R2, R3), -- BPF_ALU64_REG(BPF_ADD, R2, R4), -- BPF_ALU64_REG(BPF_ADD, R2, R5), -- BPF_ALU64_REG(BPF_ADD, R2, R6), -- BPF_ALU64_REG(BPF_ADD, R2, R7), -- BPF_ALU64_REG(BPF_ADD, R2, R8), -- BPF_ALU64_REG(BPF_ADD, R2, R9), /* R2 == 1358 */ -- BPF_JMP_IMM(BPF_JEQ, R2, 1358, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R3, R0), -- BPF_ALU64_REG(BPF_ADD, R3, R1), -- BPF_ALU64_REG(BPF_ADD, R3, R2), -- BPF_ALU64_REG(BPF_ADD, R3, R3), -- BPF_ALU64_REG(BPF_ADD, R3, R4), -- BPF_ALU64_REG(BPF_ADD, R3, R5), -- BPF_ALU64_REG(BPF_ADD, R3, R6), -- BPF_ALU64_REG(BPF_ADD, R3, R7), -- BPF_ALU64_REG(BPF_ADD, R3, R8), -- BPF_ALU64_REG(BPF_ADD, R3, R9), /* R3 == 4063 */ -- BPF_JMP_IMM(BPF_JEQ, R3, 4063, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R4, R0), -- BPF_ALU64_REG(BPF_ADD, R4, R1), -- BPF_ALU64_REG(BPF_ADD, R4, R2), -- BPF_ALU64_REG(BPF_ADD, R4, R3), -- BPF_ALU64_REG(BPF_ADD, R4, R4), -- BPF_ALU64_REG(BPF_ADD, R4, R5), -- BPF_ALU64_REG(BPF_ADD, R4, R6), -- BPF_ALU64_REG(BPF_ADD, R4, R7), -- BPF_ALU64_REG(BPF_ADD, R4, R8), -- BPF_ALU64_REG(BPF_ADD, R4, R9), /* R4 == 12177 */ -- BPF_JMP_IMM(BPF_JEQ, R4, 12177, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R5, R0), -- BPF_ALU64_REG(BPF_ADD, R5, R1), -- BPF_ALU64_REG(BPF_ADD, R5, R2), -- BPF_ALU64_REG(BPF_ADD, R5, R3), -- BPF_ALU64_REG(BPF_ADD, R5, R4), -- BPF_ALU64_REG(BPF_ADD, R5, R5), -- BPF_ALU64_REG(BPF_ADD, R5, R6), -- BPF_ALU64_REG(BPF_ADD, R5, R7), -- BPF_ALU64_REG(BPF_ADD, R5, R8), -- BPF_ALU64_REG(BPF_ADD, R5, R9), /* R5 == 36518 */ -- BPF_JMP_IMM(BPF_JEQ, R5, 36518, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R6, R0), -- BPF_ALU64_REG(BPF_ADD, R6, R1), -- BPF_ALU64_REG(BPF_ADD, R6, R2), -- BPF_ALU64_REG(BPF_ADD, R6, R3), -- BPF_ALU64_REG(BPF_ADD, R6, R4), -- BPF_ALU64_REG(BPF_ADD, R6, R5), -- BPF_ALU64_REG(BPF_ADD, R6, R6), -- BPF_ALU64_REG(BPF_ADD, R6, R7), -- BPF_ALU64_REG(BPF_ADD, R6, R8), -- BPF_ALU64_REG(BPF_ADD, R6, R9), /* R6 == 109540 */ -- BPF_JMP_IMM(BPF_JEQ, R6, 109540, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R7, R0), -- BPF_ALU64_REG(BPF_ADD, R7, R1), -- BPF_ALU64_REG(BPF_ADD, R7, R2), -- BPF_ALU64_REG(BPF_ADD, R7, R3), -- BPF_ALU64_REG(BPF_ADD, R7, R4), -- BPF_ALU64_REG(BPF_ADD, R7, R5), -- BPF_ALU64_REG(BPF_ADD, R7, R6), -- BPF_ALU64_REG(BPF_ADD, R7, R7), -- BPF_ALU64_REG(BPF_ADD, R7, R8), -- BPF_ALU64_REG(BPF_ADD, R7, R9), /* R7 == 328605 */ -- BPF_JMP_IMM(BPF_JEQ, R7, 328605, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R8, R0), -- BPF_ALU64_REG(BPF_ADD, R8, R1), -- BPF_ALU64_REG(BPF_ADD, R8, R2), -- BPF_ALU64_REG(BPF_ADD, R8, R3), -- BPF_ALU64_REG(BPF_ADD, R8, R4), -- BPF_ALU64_REG(BPF_ADD, R8, R5), -- BPF_ALU64_REG(BPF_ADD, R8, R6), -- BPF_ALU64_REG(BPF_ADD, R8, R7), -- BPF_ALU64_REG(BPF_ADD, R8, R8), -- BPF_ALU64_REG(BPF_ADD, R8, R9), /* R8 == 985799 */ -- BPF_JMP_IMM(BPF_JEQ, R8, 985799, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_ADD, R9, R0), -- BPF_ALU64_REG(BPF_ADD, R9, R1), -- BPF_ALU64_REG(BPF_ADD, R9, R2), -- BPF_ALU64_REG(BPF_ADD, R9, R3), -- BPF_ALU64_REG(BPF_ADD, R9, R4), -- BPF_ALU64_REG(BPF_ADD, R9, R5), -- BPF_ALU64_REG(BPF_ADD, R9, R6), -- BPF_ALU64_REG(BPF_ADD, R9, R7), -- BPF_ALU64_REG(BPF_ADD, R9, R8), -- BPF_ALU64_REG(BPF_ADD, R9, R9), /* R9 == 2957380 */ -- BPF_ALU64_REG(BPF_MOV, R0, R9), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 2957380 } } -- }, -- { -- "INT: ADD 32-bit", -- .u.insns_int = { -- BPF_ALU32_IMM(BPF_MOV, R0, 20), -- BPF_ALU32_IMM(BPF_MOV, R1, 1), -- BPF_ALU32_IMM(BPF_MOV, R2, 2), -- BPF_ALU32_IMM(BPF_MOV, R3, 3), -- BPF_ALU32_IMM(BPF_MOV, R4, 4), -- BPF_ALU32_IMM(BPF_MOV, R5, 5), -- BPF_ALU32_IMM(BPF_MOV, R6, 6), -- BPF_ALU32_IMM(BPF_MOV, R7, 7), -- BPF_ALU32_IMM(BPF_MOV, R8, 8), -- BPF_ALU32_IMM(BPF_MOV, R9, 9), -- BPF_ALU64_IMM(BPF_ADD, R1, 10), -- BPF_ALU64_IMM(BPF_ADD, R2, 10), -- BPF_ALU64_IMM(BPF_ADD, R3, 10), -- BPF_ALU64_IMM(BPF_ADD, R4, 10), -- BPF_ALU64_IMM(BPF_ADD, R5, 10), -- BPF_ALU64_IMM(BPF_ADD, R6, 10), -- BPF_ALU64_IMM(BPF_ADD, R7, 10), -- BPF_ALU64_IMM(BPF_ADD, R8, 10), -- BPF_ALU64_IMM(BPF_ADD, R9, 10), -- BPF_ALU32_REG(BPF_ADD, R0, R1), -- BPF_ALU32_REG(BPF_ADD, R0, R2), -- BPF_ALU32_REG(BPF_ADD, R0, R3), -- BPF_ALU32_REG(BPF_ADD, R0, R4), -- BPF_ALU32_REG(BPF_ADD, R0, R5), -- BPF_ALU32_REG(BPF_ADD, R0, R6), -- BPF_ALU32_REG(BPF_ADD, R0, R7), -- BPF_ALU32_REG(BPF_ADD, R0, R8), -- BPF_ALU32_REG(BPF_ADD, R0, R9), /* R0 == 155 */ -- BPF_JMP_IMM(BPF_JEQ, R0, 155, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R1, R0), -- BPF_ALU32_REG(BPF_ADD, R1, R1), -- BPF_ALU32_REG(BPF_ADD, R1, R2), -- BPF_ALU32_REG(BPF_ADD, R1, R3), -- BPF_ALU32_REG(BPF_ADD, R1, R4), -- BPF_ALU32_REG(BPF_ADD, R1, R5), -- BPF_ALU32_REG(BPF_ADD, R1, R6), -- BPF_ALU32_REG(BPF_ADD, R1, R7), -- BPF_ALU32_REG(BPF_ADD, R1, R8), -- BPF_ALU32_REG(BPF_ADD, R1, R9), /* R1 == 456 */ -- BPF_JMP_IMM(BPF_JEQ, R1, 456, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R2, R0), -- BPF_ALU32_REG(BPF_ADD, R2, R1), -- BPF_ALU32_REG(BPF_ADD, R2, R2), -- BPF_ALU32_REG(BPF_ADD, R2, R3), -- BPF_ALU32_REG(BPF_ADD, R2, R4), -- BPF_ALU32_REG(BPF_ADD, R2, R5), -- BPF_ALU32_REG(BPF_ADD, R2, R6), -- BPF_ALU32_REG(BPF_ADD, R2, R7), -- BPF_ALU32_REG(BPF_ADD, R2, R8), -- BPF_ALU32_REG(BPF_ADD, R2, R9), /* R2 == 1358 */ -- BPF_JMP_IMM(BPF_JEQ, R2, 1358, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R3, R0), -- BPF_ALU32_REG(BPF_ADD, R3, R1), -- BPF_ALU32_REG(BPF_ADD, R3, R2), -- BPF_ALU32_REG(BPF_ADD, R3, R3), -- BPF_ALU32_REG(BPF_ADD, R3, R4), -- BPF_ALU32_REG(BPF_ADD, R3, R5), -- BPF_ALU32_REG(BPF_ADD, R3, R6), -- BPF_ALU32_REG(BPF_ADD, R3, R7), -- BPF_ALU32_REG(BPF_ADD, R3, R8), -- BPF_ALU32_REG(BPF_ADD, R3, R9), /* R3 == 4063 */ -- BPF_JMP_IMM(BPF_JEQ, R3, 4063, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R4, R0), -- BPF_ALU32_REG(BPF_ADD, R4, R1), -- BPF_ALU32_REG(BPF_ADD, R4, R2), -- BPF_ALU32_REG(BPF_ADD, R4, R3), -- BPF_ALU32_REG(BPF_ADD, R4, R4), -- BPF_ALU32_REG(BPF_ADD, R4, R5), -- BPF_ALU32_REG(BPF_ADD, R4, R6), -- BPF_ALU32_REG(BPF_ADD, R4, R7), -- BPF_ALU32_REG(BPF_ADD, R4, R8), -- BPF_ALU32_REG(BPF_ADD, R4, R9), /* R4 == 12177 */ -- BPF_JMP_IMM(BPF_JEQ, R4, 12177, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R5, R0), -- BPF_ALU32_REG(BPF_ADD, R5, R1), -- BPF_ALU32_REG(BPF_ADD, R5, R2), -- BPF_ALU32_REG(BPF_ADD, R5, R3), -- BPF_ALU32_REG(BPF_ADD, R5, R4), -- BPF_ALU32_REG(BPF_ADD, R5, R5), -- BPF_ALU32_REG(BPF_ADD, R5, R6), -- BPF_ALU32_REG(BPF_ADD, R5, R7), -- BPF_ALU32_REG(BPF_ADD, R5, R8), -- BPF_ALU32_REG(BPF_ADD, R5, R9), /* R5 == 36518 */ -- BPF_JMP_IMM(BPF_JEQ, R5, 36518, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R6, R0), -- BPF_ALU32_REG(BPF_ADD, R6, R1), -- BPF_ALU32_REG(BPF_ADD, R6, R2), -- BPF_ALU32_REG(BPF_ADD, R6, R3), -- BPF_ALU32_REG(BPF_ADD, R6, R4), -- BPF_ALU32_REG(BPF_ADD, R6, R5), -- BPF_ALU32_REG(BPF_ADD, R6, R6), -- BPF_ALU32_REG(BPF_ADD, R6, R7), -- BPF_ALU32_REG(BPF_ADD, R6, R8), -- BPF_ALU32_REG(BPF_ADD, R6, R9), /* R6 == 109540 */ -- BPF_JMP_IMM(BPF_JEQ, R6, 109540, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R7, R0), -- BPF_ALU32_REG(BPF_ADD, R7, R1), -- BPF_ALU32_REG(BPF_ADD, R7, R2), -- BPF_ALU32_REG(BPF_ADD, R7, R3), -- BPF_ALU32_REG(BPF_ADD, R7, R4), -- BPF_ALU32_REG(BPF_ADD, R7, R5), -- BPF_ALU32_REG(BPF_ADD, R7, R6), -- BPF_ALU32_REG(BPF_ADD, R7, R7), -- BPF_ALU32_REG(BPF_ADD, R7, R8), -- BPF_ALU32_REG(BPF_ADD, R7, R9), /* R7 == 328605 */ -- BPF_JMP_IMM(BPF_JEQ, R7, 328605, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R8, R0), -- BPF_ALU32_REG(BPF_ADD, R8, R1), -- BPF_ALU32_REG(BPF_ADD, R8, R2), -- BPF_ALU32_REG(BPF_ADD, R8, R3), -- BPF_ALU32_REG(BPF_ADD, R8, R4), -- BPF_ALU32_REG(BPF_ADD, R8, R5), -- BPF_ALU32_REG(BPF_ADD, R8, R6), -- BPF_ALU32_REG(BPF_ADD, R8, R7), -- BPF_ALU32_REG(BPF_ADD, R8, R8), -- BPF_ALU32_REG(BPF_ADD, R8, R9), /* R8 == 985799 */ -- BPF_JMP_IMM(BPF_JEQ, R8, 985799, 1), -- BPF_EXIT_INSN(), -- BPF_ALU32_REG(BPF_ADD, R9, R0), -- BPF_ALU32_REG(BPF_ADD, R9, R1), -- BPF_ALU32_REG(BPF_ADD, R9, R2), -- BPF_ALU32_REG(BPF_ADD, R9, R3), -- BPF_ALU32_REG(BPF_ADD, R9, R4), -- BPF_ALU32_REG(BPF_ADD, R9, R5), -- BPF_ALU32_REG(BPF_ADD, R9, R6), -- BPF_ALU32_REG(BPF_ADD, R9, R7), -- BPF_ALU32_REG(BPF_ADD, R9, R8), -- BPF_ALU32_REG(BPF_ADD, R9, R9), /* R9 == 2957380 */ -- BPF_ALU32_REG(BPF_MOV, R0, R9), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 2957380 } } -- }, -- { /* Mainly checking JIT here. */ -- "INT: SUB", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R0, 0), -- BPF_ALU64_IMM(BPF_MOV, R1, 1), -- BPF_ALU64_IMM(BPF_MOV, R2, 2), -- BPF_ALU64_IMM(BPF_MOV, R3, 3), -- BPF_ALU64_IMM(BPF_MOV, R4, 4), -- BPF_ALU64_IMM(BPF_MOV, R5, 5), -- BPF_ALU64_IMM(BPF_MOV, R6, 6), -- BPF_ALU64_IMM(BPF_MOV, R7, 7), -- BPF_ALU64_IMM(BPF_MOV, R8, 8), -- BPF_ALU64_IMM(BPF_MOV, R9, 9), -- BPF_ALU64_REG(BPF_SUB, R0, R0), -- BPF_ALU64_REG(BPF_SUB, R0, R1), -- BPF_ALU64_REG(BPF_SUB, R0, R2), -- BPF_ALU64_REG(BPF_SUB, R0, R3), -- BPF_ALU64_REG(BPF_SUB, R0, R4), -- BPF_ALU64_REG(BPF_SUB, R0, R5), -- BPF_ALU64_REG(BPF_SUB, R0, R6), -- BPF_ALU64_REG(BPF_SUB, R0, R7), -- BPF_ALU64_REG(BPF_SUB, R0, R8), -- BPF_ALU64_REG(BPF_SUB, R0, R9), -- BPF_ALU64_IMM(BPF_SUB, R0, 10), -- BPF_JMP_IMM(BPF_JEQ, R0, -55, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R1, R0), -- BPF_ALU64_REG(BPF_SUB, R1, R2), -- BPF_ALU64_REG(BPF_SUB, R1, R3), -- BPF_ALU64_REG(BPF_SUB, R1, R4), -- BPF_ALU64_REG(BPF_SUB, R1, R5), -- BPF_ALU64_REG(BPF_SUB, R1, R6), -- BPF_ALU64_REG(BPF_SUB, R1, R7), -- BPF_ALU64_REG(BPF_SUB, R1, R8), -- BPF_ALU64_REG(BPF_SUB, R1, R9), -- BPF_ALU64_IMM(BPF_SUB, R1, 10), -- BPF_ALU64_REG(BPF_SUB, R2, R0), -- BPF_ALU64_REG(BPF_SUB, R2, R1), -- BPF_ALU64_REG(BPF_SUB, R2, R3), -- BPF_ALU64_REG(BPF_SUB, R2, R4), -- BPF_ALU64_REG(BPF_SUB, R2, R5), -- BPF_ALU64_REG(BPF_SUB, R2, R6), -- BPF_ALU64_REG(BPF_SUB, R2, R7), -- BPF_ALU64_REG(BPF_SUB, R2, R8), -- BPF_ALU64_REG(BPF_SUB, R2, R9), -- BPF_ALU64_IMM(BPF_SUB, R2, 10), -- BPF_ALU64_REG(BPF_SUB, R3, R0), -- BPF_ALU64_REG(BPF_SUB, R3, R1), -- BPF_ALU64_REG(BPF_SUB, R3, R2), -- BPF_ALU64_REG(BPF_SUB, R3, R4), -- BPF_ALU64_REG(BPF_SUB, R3, R5), -- BPF_ALU64_REG(BPF_SUB, R3, R6), -- BPF_ALU64_REG(BPF_SUB, R3, R7), -- BPF_ALU64_REG(BPF_SUB, R3, R8), -- BPF_ALU64_REG(BPF_SUB, R3, R9), -- BPF_ALU64_IMM(BPF_SUB, R3, 10), -- BPF_ALU64_REG(BPF_SUB, R4, R0), -- BPF_ALU64_REG(BPF_SUB, R4, R1), -- BPF_ALU64_REG(BPF_SUB, R4, R2), -- BPF_ALU64_REG(BPF_SUB, R4, R3), -- BPF_ALU64_REG(BPF_SUB, R4, R5), -- BPF_ALU64_REG(BPF_SUB, R4, R6), -- BPF_ALU64_REG(BPF_SUB, R4, R7), -- BPF_ALU64_REG(BPF_SUB, R4, R8), -- BPF_ALU64_REG(BPF_SUB, R4, R9), -- BPF_ALU64_IMM(BPF_SUB, R4, 10), -- BPF_ALU64_REG(BPF_SUB, R5, R0), -- BPF_ALU64_REG(BPF_SUB, R5, R1), -- BPF_ALU64_REG(BPF_SUB, R5, R2), -- BPF_ALU64_REG(BPF_SUB, R5, R3), -- BPF_ALU64_REG(BPF_SUB, R5, R4), -- BPF_ALU64_REG(BPF_SUB, R5, R6), -- BPF_ALU64_REG(BPF_SUB, R5, R7), -- BPF_ALU64_REG(BPF_SUB, R5, R8), -- BPF_ALU64_REG(BPF_SUB, R5, R9), -- BPF_ALU64_IMM(BPF_SUB, R5, 10), -- BPF_ALU64_REG(BPF_SUB, R6, R0), -- BPF_ALU64_REG(BPF_SUB, R6, R1), -- BPF_ALU64_REG(BPF_SUB, R6, R2), -- BPF_ALU64_REG(BPF_SUB, R6, R3), -- BPF_ALU64_REG(BPF_SUB, R6, R4), -- BPF_ALU64_REG(BPF_SUB, R6, R5), -- BPF_ALU64_REG(BPF_SUB, R6, R7), -- BPF_ALU64_REG(BPF_SUB, R6, R8), -- BPF_ALU64_REG(BPF_SUB, R6, R9), -- BPF_ALU64_IMM(BPF_SUB, R6, 10), -- BPF_ALU64_REG(BPF_SUB, R7, R0), -- BPF_ALU64_REG(BPF_SUB, R7, R1), -- BPF_ALU64_REG(BPF_SUB, R7, R2), -- BPF_ALU64_REG(BPF_SUB, R7, R3), -- BPF_ALU64_REG(BPF_SUB, R7, R4), -- BPF_ALU64_REG(BPF_SUB, R7, R5), -- BPF_ALU64_REG(BPF_SUB, R7, R6), -- BPF_ALU64_REG(BPF_SUB, R7, R8), -- BPF_ALU64_REG(BPF_SUB, R7, R9), -- BPF_ALU64_IMM(BPF_SUB, R7, 10), -- BPF_ALU64_REG(BPF_SUB, R8, R0), -- BPF_ALU64_REG(BPF_SUB, R8, R1), -- BPF_ALU64_REG(BPF_SUB, R8, R2), -- BPF_ALU64_REG(BPF_SUB, R8, R3), -- BPF_ALU64_REG(BPF_SUB, R8, R4), -- BPF_ALU64_REG(BPF_SUB, R8, R5), -- BPF_ALU64_REG(BPF_SUB, R8, R6), -- BPF_ALU64_REG(BPF_SUB, R8, R7), -- BPF_ALU64_REG(BPF_SUB, R8, R9), -- BPF_ALU64_IMM(BPF_SUB, R8, 10), -- BPF_ALU64_REG(BPF_SUB, R9, R0), -- BPF_ALU64_REG(BPF_SUB, R9, R1), -- BPF_ALU64_REG(BPF_SUB, R9, R2), -- BPF_ALU64_REG(BPF_SUB, R9, R3), -- BPF_ALU64_REG(BPF_SUB, R9, R4), -- BPF_ALU64_REG(BPF_SUB, R9, R5), -- BPF_ALU64_REG(BPF_SUB, R9, R6), -- BPF_ALU64_REG(BPF_SUB, R9, R7), -- BPF_ALU64_REG(BPF_SUB, R9, R8), -- BPF_ALU64_IMM(BPF_SUB, R9, 10), -- BPF_ALU64_IMM(BPF_SUB, R0, 10), -- BPF_ALU64_IMM(BPF_NEG, R0, 0), -- BPF_ALU64_REG(BPF_SUB, R0, R1), -- BPF_ALU64_REG(BPF_SUB, R0, R2), -- BPF_ALU64_REG(BPF_SUB, R0, R3), -- BPF_ALU64_REG(BPF_SUB, R0, R4), -- BPF_ALU64_REG(BPF_SUB, R0, R5), -- BPF_ALU64_REG(BPF_SUB, R0, R6), -- BPF_ALU64_REG(BPF_SUB, R0, R7), -- BPF_ALU64_REG(BPF_SUB, R0, R8), -- BPF_ALU64_REG(BPF_SUB, R0, R9), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 11 } } -- }, -- { /* Mainly checking JIT here. */ -- "INT: XOR", -- .u.insns_int = { -- BPF_ALU64_REG(BPF_SUB, R0, R0), -- BPF_ALU64_REG(BPF_XOR, R1, R1), -- BPF_JMP_REG(BPF_JEQ, R0, R1, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOV, R0, 10), -- BPF_ALU64_IMM(BPF_MOV, R1, -1), -- BPF_ALU64_REG(BPF_SUB, R1, R1), -- BPF_ALU64_REG(BPF_XOR, R2, R2), -- BPF_JMP_REG(BPF_JEQ, R1, R2, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R2, R2), -- BPF_ALU64_REG(BPF_XOR, R3, R3), -- BPF_ALU64_IMM(BPF_MOV, R0, 10), -- BPF_ALU64_IMM(BPF_MOV, R1, -1), -- BPF_JMP_REG(BPF_JEQ, R2, R3, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R3, R3), -- BPF_ALU64_REG(BPF_XOR, R4, R4), -- BPF_ALU64_IMM(BPF_MOV, R2, 1), -- BPF_ALU64_IMM(BPF_MOV, R5, -1), -- BPF_JMP_REG(BPF_JEQ, R3, R4, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R4, R4), -- BPF_ALU64_REG(BPF_XOR, R5, R5), -- BPF_ALU64_IMM(BPF_MOV, R3, 1), -- BPF_ALU64_IMM(BPF_MOV, R7, -1), -- BPF_JMP_REG(BPF_JEQ, R5, R4, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOV, R5, 1), -- BPF_ALU64_REG(BPF_SUB, R5, R5), -- BPF_ALU64_REG(BPF_XOR, R6, R6), -- BPF_ALU64_IMM(BPF_MOV, R1, 1), -- BPF_ALU64_IMM(BPF_MOV, R8, -1), -- BPF_JMP_REG(BPF_JEQ, R5, R6, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R6, R6), -- BPF_ALU64_REG(BPF_XOR, R7, R7), -- BPF_JMP_REG(BPF_JEQ, R7, R6, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R7, R7), -- BPF_ALU64_REG(BPF_XOR, R8, R8), -- BPF_JMP_REG(BPF_JEQ, R7, R8, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R8, R8), -- BPF_ALU64_REG(BPF_XOR, R9, R9), -- BPF_JMP_REG(BPF_JEQ, R9, R8, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R9, R9), -- BPF_ALU64_REG(BPF_XOR, R0, R0), -- BPF_JMP_REG(BPF_JEQ, R9, R0, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_SUB, R1, R1), -- BPF_ALU64_REG(BPF_XOR, R0, R0), -- BPF_JMP_REG(BPF_JEQ, R9, R0, 2), -- BPF_ALU64_IMM(BPF_MOV, R0, 0), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOV, R0, 1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 1 } } -- }, -- { /* Mainly checking JIT here. */ -- "INT: MUL", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R0, 11), -- BPF_ALU64_IMM(BPF_MOV, R1, 1), -- BPF_ALU64_IMM(BPF_MOV, R2, 2), -- BPF_ALU64_IMM(BPF_MOV, R3, 3), -- BPF_ALU64_IMM(BPF_MOV, R4, 4), -- BPF_ALU64_IMM(BPF_MOV, R5, 5), -- BPF_ALU64_IMM(BPF_MOV, R6, 6), -- BPF_ALU64_IMM(BPF_MOV, R7, 7), -- BPF_ALU64_IMM(BPF_MOV, R8, 8), -- BPF_ALU64_IMM(BPF_MOV, R9, 9), -- BPF_ALU64_REG(BPF_MUL, R0, R0), -- BPF_ALU64_REG(BPF_MUL, R0, R1), -- BPF_ALU64_REG(BPF_MUL, R0, R2), -- BPF_ALU64_REG(BPF_MUL, R0, R3), -- BPF_ALU64_REG(BPF_MUL, R0, R4), -- BPF_ALU64_REG(BPF_MUL, R0, R5), -- BPF_ALU64_REG(BPF_MUL, R0, R6), -- BPF_ALU64_REG(BPF_MUL, R0, R7), -- BPF_ALU64_REG(BPF_MUL, R0, R8), -- BPF_ALU64_REG(BPF_MUL, R0, R9), -- BPF_ALU64_IMM(BPF_MUL, R0, 10), -- BPF_JMP_IMM(BPF_JEQ, R0, 439084800, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_MUL, R1, R0), -- BPF_ALU64_REG(BPF_MUL, R1, R2), -- BPF_ALU64_REG(BPF_MUL, R1, R3), -- BPF_ALU64_REG(BPF_MUL, R1, R4), -- BPF_ALU64_REG(BPF_MUL, R1, R5), -- BPF_ALU64_REG(BPF_MUL, R1, R6), -- BPF_ALU64_REG(BPF_MUL, R1, R7), -- BPF_ALU64_REG(BPF_MUL, R1, R8), -- BPF_ALU64_REG(BPF_MUL, R1, R9), -- BPF_ALU64_IMM(BPF_MUL, R1, 10), -- BPF_ALU64_REG(BPF_MOV, R2, R1), -- BPF_ALU64_IMM(BPF_RSH, R2, 32), -- BPF_JMP_IMM(BPF_JEQ, R2, 0x5a924, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_LSH, R1, 32), -- BPF_ALU64_IMM(BPF_ARSH, R1, 32), -- BPF_JMP_IMM(BPF_JEQ, R1, 0xebb90000, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_REG(BPF_MUL, R2, R0), -- BPF_ALU64_REG(BPF_MUL, R2, R1), -- BPF_ALU64_REG(BPF_MUL, R2, R3), -- BPF_ALU64_REG(BPF_MUL, R2, R4), -- BPF_ALU64_REG(BPF_MUL, R2, R5), -- BPF_ALU64_REG(BPF_MUL, R2, R6), -- BPF_ALU64_REG(BPF_MUL, R2, R7), -- BPF_ALU64_REG(BPF_MUL, R2, R8), -- BPF_ALU64_REG(BPF_MUL, R2, R9), -- BPF_ALU64_IMM(BPF_MUL, R2, 10), -- BPF_ALU64_IMM(BPF_RSH, R2, 32), -- BPF_ALU64_REG(BPF_MOV, R0, R2), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, 0x35d97ef2 } } -- }, -- { -- "INT: ALU MIX", -- .u.insns_int = { -- BPF_ALU64_IMM(BPF_MOV, R0, 11), -- BPF_ALU64_IMM(BPF_ADD, R0, -1), -- BPF_ALU64_IMM(BPF_MOV, R2, 2), -- BPF_ALU64_IMM(BPF_XOR, R2, 3), -- BPF_ALU64_REG(BPF_DIV, R0, R2), -- BPF_JMP_IMM(BPF_JEQ, R0, 10, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOD, R0, 3), -- BPF_JMP_IMM(BPF_JEQ, R0, 1, 1), -- BPF_EXIT_INSN(), -- BPF_ALU64_IMM(BPF_MOV, R0, -1), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { }, -- { { 0, -1 } } -- }, -- { -- "INT: DIV + ABS", -- .u.insns_int = { -- BPF_ALU64_REG(BPF_MOV, R6, R1), -- BPF_LD_ABS(BPF_B, 3), -- BPF_ALU64_IMM(BPF_MOV, R2, 2), -- BPF_ALU32_REG(BPF_DIV, R0, R2), -- BPF_ALU64_REG(BPF_MOV, R8, R0), -- BPF_LD_ABS(BPF_B, 4), -- BPF_ALU64_REG(BPF_ADD, R8, R0), -- BPF_LD_IND(BPF_B, R8, -70), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { 10, 20, 30, 40, 50 }, -- { { 4, 0 }, { 5, 10 } } -- }, -- { -- "INT: DIV by zero", -- .u.insns_int = { -- BPF_ALU64_REG(BPF_MOV, R6, R1), -- BPF_ALU64_IMM(BPF_MOV, R7, 0), -- BPF_LD_ABS(BPF_B, 3), -- BPF_ALU32_REG(BPF_DIV, R0, R7), -- BPF_EXIT_INSN(), -- }, -- INTERNAL, -- { 10, 20, 30, 40, 50 }, -- { { 3, 0 }, { 4, 0 } } -- }, -- { -- "check: missing ret", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_IMM, 1), -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { } -- }, -- { -- "check: div_k_0", -- .u.insns = { -- BPF_STMT(BPF_ALU | BPF_DIV | BPF_K, 0), -- BPF_STMT(BPF_RET | BPF_K, 0) -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { } -- }, -- { -- "check: unknown insn", -- .u.insns = { -- /* seccomp insn, rejected in socket filter */ -- BPF_STMT(BPF_LDX | BPF_W | BPF_ABS, 0), -- BPF_STMT(BPF_RET | BPF_K, 0) -- }, -- CLASSIC | FLAG_EXPECTED_FAIL, -- { }, -- { } -- }, -- { -- "check: out of range spill/fill", -- .u.insns = { -- BPF_STMT(BPF_STX, 16), -- BPF_STMT(BPF_RET | BPF_K, 0) -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { } -- }, -- { -- "JUMPS + HOLES", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JGE, 0, 13, 15), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x90c2894d, 3, 4), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x90c2894d, 1, 2), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JGE, 0, 14, 15), -- BPF_JUMP(BPF_JMP | BPF_JGE, 0, 13, 14), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x2ac28349, 2, 3), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x2ac28349, 1, 2), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JGE, 0, 14, 15), -- BPF_JUMP(BPF_JMP | BPF_JGE, 0, 13, 14), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x90d2ff41, 2, 3), -- BPF_JUMP(BPF_JMP | BPF_JEQ, 0x90d2ff41, 1, 2), -- BPF_STMT(BPF_LD | BPF_H | BPF_ABS, 0), -- BPF_STMT(BPF_RET | BPF_A, 0), -- BPF_STMT(BPF_RET | BPF_A, 0), -- }, -- CLASSIC, -- { 0x00, 0x1b, 0x21, 0x3c, 0x9d, 0xf8, -- 0x90, 0xe2, 0xba, 0x0a, 0x56, 0xb4, -- 0x08, 0x00, -- 0x45, 0x00, 0x00, 0x28, 0x00, 0x00, -- 0x20, 0x00, 0x40, 0x11, 0x00, 0x00, /* IP header */ -- 0xc0, 0xa8, 0x33, 0x01, -- 0xc0, 0xa8, 0x33, 0x02, -- 0xbb, 0xb6, -- 0xa9, 0xfa, -- 0x00, 0x14, 0x00, 0x00, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, -- 0xcc, 0xcc, 0xcc, 0xcc }, -- { { 88, 0x001b } } -- }, -- { -- "check: RET X", -- .u.insns = { -- BPF_STMT(BPF_RET | BPF_X, 0), -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { }, -- }, -- { -- "check: LDX + RET X", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_IMM, 42), -- BPF_STMT(BPF_RET | BPF_X, 0), -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { }, -- }, -- { /* Mainly checking JIT here. */ -- "M[]: alt STX + LDX", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_IMM, 100), -- BPF_STMT(BPF_STX, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 0), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 1), -- BPF_STMT(BPF_LDX | BPF_MEM, 1), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 2), -- BPF_STMT(BPF_LDX | BPF_MEM, 2), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 3), -- BPF_STMT(BPF_LDX | BPF_MEM, 3), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 4), -- BPF_STMT(BPF_LDX | BPF_MEM, 4), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 5), -- BPF_STMT(BPF_LDX | BPF_MEM, 5), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 6), -- BPF_STMT(BPF_LDX | BPF_MEM, 6), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 7), -- BPF_STMT(BPF_LDX | BPF_MEM, 7), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 8), -- BPF_STMT(BPF_LDX | BPF_MEM, 8), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 9), -- BPF_STMT(BPF_LDX | BPF_MEM, 9), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 10), -- BPF_STMT(BPF_LDX | BPF_MEM, 10), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 11), -- BPF_STMT(BPF_LDX | BPF_MEM, 11), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 12), -- BPF_STMT(BPF_LDX | BPF_MEM, 12), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 13), -- BPF_STMT(BPF_LDX | BPF_MEM, 13), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 14), -- BPF_STMT(BPF_LDX | BPF_MEM, 14), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_STX, 15), -- BPF_STMT(BPF_LDX | BPF_MEM, 15), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_K, 1), -- BPF_STMT(BPF_MISC | BPF_TAX, 0), -- BPF_STMT(BPF_RET | BPF_A, 0), -- }, -- CLASSIC | FLAG_NO_DATA, -- { }, -- { { 0, 116 } }, -- }, -- { /* Mainly checking JIT here. */ -- "M[]: full STX + full LDX", -- .u.insns = { -- BPF_STMT(BPF_LDX | BPF_IMM, 0xbadfeedb), -- BPF_STMT(BPF_STX, 0), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xecabedae), -- BPF_STMT(BPF_STX, 1), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xafccfeaf), -- BPF_STMT(BPF_STX, 2), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xbffdcedc), -- BPF_STMT(BPF_STX, 3), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xfbbbdccb), -- BPF_STMT(BPF_STX, 4), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xfbabcbda), -- BPF_STMT(BPF_STX, 5), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xaedecbdb), -- BPF_STMT(BPF_STX, 6), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xadebbade), -- BPF_STMT(BPF_STX, 7), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xfcfcfaec), -- BPF_STMT(BPF_STX, 8), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xbcdddbdc), -- BPF_STMT(BPF_STX, 9), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xfeefdfac), -- BPF_STMT(BPF_STX, 10), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xcddcdeea), -- BPF_STMT(BPF_STX, 11), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xaccfaebb), -- BPF_STMT(BPF_STX, 12), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xbdcccdcf), -- BPF_STMT(BPF_STX, 13), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xaaedecde), -- BPF_STMT(BPF_STX, 14), -- BPF_STMT(BPF_LDX | BPF_IMM, 0xfaeacdad), -- BPF_STMT(BPF_STX, 15), -- BPF_STMT(BPF_LDX | BPF_MEM, 0), -- BPF_STMT(BPF_MISC | BPF_TXA, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 1), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 2), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 3), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 4), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 5), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 6), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 7), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 8), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 9), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 10), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 11), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 12), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 13), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 14), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_LDX | BPF_MEM, 15), -- BPF_STMT(BPF_ALU | BPF_ADD | BPF_X, 0), -- BPF_STMT(BPF_RET | BPF_A, 0), -- }, -- CLASSIC | FLAG_NO_DATA, -- { }, -- { { 0, 0x2a5a5e5 } }, -- }, -- { -- "check: SKF_AD_MAX", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF + SKF_AD_MAX), -- BPF_STMT(BPF_RET | BPF_A, 0), -- }, -- CLASSIC | FLAG_NO_DATA | FLAG_EXPECTED_FAIL, -- { }, -- { }, -- }, -- { /* Passes checker but fails during runtime. */ -- "LD [SKF_AD_OFF-1]", -- .u.insns = { -- BPF_STMT(BPF_LD | BPF_W | BPF_ABS, -- SKF_AD_OFF - 1), -- BPF_STMT(BPF_RET | BPF_K, 1), -- }, -- CLASSIC, -- { }, -- { { 1, 0 } }, -- }, --}; -- --static struct net_device dev; -- --static struct sk_buff *populate_skb(char *buf, int size) --{ -- struct sk_buff *skb; -- -- if (size >= MAX_DATA) -- return NULL; -- -- skb = alloc_skb(MAX_DATA, GFP_KERNEL); -- if (!skb) -- return NULL; -- -- memcpy(__skb_put(skb, size), buf, size); -- -- /* Initialize a fake skb with test pattern. */ -- skb_reset_mac_header(skb); -- skb->protocol = htons(ETH_P_IP); -- skb->pkt_type = SKB_TYPE; -- skb->mark = SKB_MARK; -- skb->hash = SKB_HASH; -- skb->queue_mapping = SKB_QUEUE_MAP; -- skb->vlan_tci = SKB_VLAN_TCI; -- skb->dev = &dev; -- skb->dev->ifindex = SKB_DEV_IFINDEX; -- skb->dev->type = SKB_DEV_TYPE; -- skb_set_network_header(skb, min(size, ETH_HLEN)); -- -- return skb; --} -- --static void *generate_test_data(struct bpf_test *test, int sub) --{ -- if (test->aux & FLAG_NO_DATA) -- return NULL; -- -- /* Test case expects an skb, so populate one. Various -- * subtests generate skbs of different sizes based on -- * the same data. -- */ -- return populate_skb(test->data, test->test[sub].data_size); --} -- --static void release_test_data(const struct bpf_test *test, void *data) --{ -- if (test->aux & FLAG_NO_DATA) -- return; -- -- kfree_skb(data); --} -- --static int probe_filter_length(struct sock_filter *fp) --{ -- int len = 0; -- -- for (len = MAX_INSNS - 1; len > 0; --len) -- if (fp[len].code != 0 || fp[len].k != 0) -- break; -- -- return len + 1; --} -- --static struct sk_filter *generate_filter(int which, int *err) --{ -- struct sk_filter *fp; -- struct sock_fprog_kern fprog; -- unsigned int flen = probe_filter_length(tests[which].u.insns); -- __u8 test_type = tests[which].aux & TEST_TYPE_MASK; -- -- switch (test_type) { -- case CLASSIC: -- fprog.filter = tests[which].u.insns; -- fprog.len = flen; -- -- *err = sk_unattached_filter_create(&fp, &fprog); -- if (tests[which].aux & FLAG_EXPECTED_FAIL) { -- if (*err == -EINVAL) { -- pr_cont("PASS\n"); -- /* Verifier rejected filter as expected. */ -- *err = 0; -- return NULL; -- } else { -- pr_cont("UNEXPECTED_PASS\n"); -- /* Verifier didn't reject the test that's -- * bad enough, just return! -- */ -- *err = -EINVAL; -- return NULL; -- } -- } -- /* We don't expect to fail. */ -- if (*err) { -- pr_cont("FAIL to attach err=%d len=%d\n", -- *err, fprog.len); -- return NULL; -- } -- break; -- -- case INTERNAL: -- fp = kzalloc(sk_filter_size(flen), GFP_KERNEL); -- if (fp == NULL) { -- pr_cont("UNEXPECTED_FAIL no memory left\n"); -- *err = -ENOMEM; -- return NULL; -- } -- -- fp->len = flen; -- memcpy(fp->insnsi, tests[which].u.insns_int, -- fp->len * sizeof(struct sock_filter_int)); -- -- sk_filter_select_runtime(fp); -- break; -- } -- -- *err = 0; -- return fp; --} -- --static void release_filter(struct sk_filter *fp, int which) --{ -- __u8 test_type = tests[which].aux & TEST_TYPE_MASK; -- -- switch (test_type) { -- case CLASSIC: -- sk_unattached_filter_destroy(fp); -- break; -- case INTERNAL: -- sk_filter_free(fp); -- break; -- } --} -- --static int __run_one(const struct sk_filter *fp, const void *data, -- int runs, u64 *duration) --{ -- u64 start, finish; -- int ret, i; -- -- start = ktime_to_us(ktime_get()); -- -- for (i = 0; i < runs; i++) -- ret = SK_RUN_FILTER(fp, data); -- -- finish = ktime_to_us(ktime_get()); -- -- *duration = (finish - start) * 1000ULL; -- do_div(*duration, runs); -- -- return ret; --} -- --static int run_one(const struct sk_filter *fp, struct bpf_test *test) --{ -- int err_cnt = 0, i, runs = MAX_TESTRUNS; -- -- for (i = 0; i < MAX_SUBTESTS; i++) { -- void *data; -- u64 duration; -- u32 ret; -- -- if (test->test[i].data_size == 0 && -- test->test[i].result == 0) -- break; -- -- data = generate_test_data(test, i); -- ret = __run_one(fp, data, runs, &duration); -- release_test_data(test, data); -- -- if (ret == test->test[i].result) { -- pr_cont("%lld ", duration); -- } else { -- pr_cont("ret %d != %d ", ret, -- test->test[i].result); -- err_cnt++; -- } -- } -- -- return err_cnt; --} -- --static __init int test_bpf(void) --{ -- int i, err_cnt = 0, pass_cnt = 0; -- -- for (i = 0; i < ARRAY_SIZE(tests); i++) { -- struct sk_filter *fp; -- int err; -- -- pr_info("#%d %s ", i, tests[i].descr); -- -- fp = generate_filter(i, &err); -- if (fp == NULL) { -- if (err == 0) { -- pass_cnt++; -- continue; -- } -- -- return err; -- } -- err = run_one(fp, &tests[i]); -- release_filter(fp, i); -- -- if (err) { -- pr_cont("FAIL (%d times)\n", err); -- err_cnt++; -- } else { -- pr_cont("PASS\n"); -- pass_cnt++; -- } -- } -- -- pr_info("Summary: %d PASSED, %d FAILED\n", pass_cnt, err_cnt); -- return err_cnt ? -EINVAL : 0; --} -- --static int __init test_bpf_init(void) --{ -- return test_bpf(); --} -- --static void __exit test_bpf_exit(void) --{ --} -- --module_init(test_bpf_init); --module_exit(test_bpf_exit); -- --MODULE_LICENSE("GPL"); ++++ b/lib/test_bpf.c +@@ -1798,7 +1798,7 @@ static struct bpf_prog *generate_filter(int which, int *err) + break; + + case INTERNAL: +- fp = kzalloc(bpf_prog_size(flen), GFP_KERNEL); ++ fp = bpf_prog_alloc(bpf_prog_size(flen), 0); + if (fp == NULL) { + pr_cont("UNEXPECTED_FAIL no memory left\n"); + *err = -ENOMEM; diff --git a/lib/usercopy.c b/lib/usercopy.c index 4f5b1dd..7cab418 100644 --- a/lib/usercopy.c @@ -99771,7 +94256,7 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 3e9977a..205074f 100644 +index 886db21..f514de2 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -333,10 +333,11 @@ config KSM @@ -99821,10 +94306,10 @@ index 1706cbb..f89dbca 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 8163e04..191cb97 100644 +index 90effcd..539aa64 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2074,7 +2074,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -2092,7 +2092,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -99833,7 +94318,7 @@ index 8163e04..191cb97 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2252,6 +2252,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2270,6 +2270,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -99858,10 +94343,10 @@ index 72b8fa3..c5b39f1 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/gup.c b/mm/gup.c -index cc5a9e7..d496acf 100644 +index 91d044b..a58ecf6 100644 --- a/mm/gup.c +++ b/mm/gup.c -@@ -265,11 +265,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, +@@ -270,11 +270,6 @@ static int faultin_page(struct task_struct *tsk, struct vm_area_struct *vma, unsigned int fault_flags = 0; int ret; @@ -99873,7 +94358,7 @@ index cc5a9e7..d496acf 100644 if (*flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -424,14 +419,14 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -436,14 +431,14 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, if (!(gup_flags & FOLL_FORCE)) gup_flags |= FOLL_NUMA; @@ -99890,7 +94375,7 @@ index cc5a9e7..d496acf 100644 if (!vma && in_gate_area(mm, start)) { int ret; ret = get_gate_page(mm, start & PAGE_MASK, -@@ -443,7 +438,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -455,7 +450,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -99899,7 +94384,7 @@ index cc5a9e7..d496acf 100644 return i ? : -EFAULT; if (is_vm_hugetlb_page(vma)) { i = follow_hugetlb_page(mm, vma, pages, vmas, -@@ -498,7 +493,7 @@ next_page: +@@ -510,7 +505,7 @@ next_page: i += page_increm; start += page_increm * PAGE_SIZE; nr_pages -= page_increm; @@ -99909,10 +94394,10 @@ index cc5a9e7..d496acf 100644 } EXPORT_SYMBOL(__get_user_pages); diff --git a/mm/highmem.c b/mm/highmem.c -index b32b70c..e512eb0 100644 +index 123bcd3..0de52ba 100644 --- a/mm/highmem.c +++ b/mm/highmem.c -@@ -138,8 +138,9 @@ static void flush_all_zero_pkmaps(void) +@@ -195,8 +195,9 @@ static void flush_all_zero_pkmaps(void) * So no dangers, even with speculative execution. */ page = pte_page(pkmap_page_table[i]); @@ -99923,7 +94408,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, NULL); need_flush = 1; } -@@ -198,9 +199,11 @@ start: +@@ -259,9 +260,11 @@ start: } } vaddr = PKMAP_ADDR(last_pkmap_nr); @@ -99937,32 +94422,32 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 7ae5444..aea22b2 100644 +index eeceeeb..a209d58 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2253,6 +2253,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2258,6 +2258,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, + struct ctl_table *table, int write, + void __user *buffer, size_t *length, loff_t *ppos) + { ++ ctl_table_no_const t; struct hstate *h = &default_hstate; - unsigned long tmp; + unsigned long tmp = h->max_huge_pages; int ret; -+ ctl_table_no_const hugetlb_table; - +@@ -2265,9 +2266,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, if (!hugepages_supported()) return -ENOTSUPP; -@@ -2262,9 +2263,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, - if (write && hstate_is_gigantic(h) && !gigantic_page_supported()) - return -EINVAL; - table->data = &tmp; - table->maxlen = sizeof(unsigned long); - ret = proc_doulongvec_minmax(table, write, buffer, length, ppos); -+ hugetlb_table = *table; -+ hugetlb_table.data = &tmp; -+ hugetlb_table.maxlen = sizeof(unsigned long); -+ ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos); ++ t = *table; ++ t.data = &tmp; ++ t.maxlen = sizeof(unsigned long); ++ ret = proc_doulongvec_minmax(&t, write, buffer, length, ppos); if (ret) goto out; -@@ -2309,6 +2311,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2302,6 +2304,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -99970,7 +94455,7 @@ index 7ae5444..aea22b2 100644 if (!hugepages_supported()) return -ENOTSUPP; -@@ -2318,9 +2321,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2311,9 +2314,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, if (write && hstate_is_gigantic(h)) return -EINVAL; @@ -99984,8 +94469,8 @@ index 7ae5444..aea22b2 100644 if (ret) goto out; -@@ -2801,6 +2805,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, - return 1; +@@ -2792,6 +2796,27 @@ static void unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, + mutex_unlock(&mapping->i_mmap_mutex); } +#ifdef CONFIG_PAX_SEGMEXEC @@ -100012,7 +94497,7 @@ index 7ae5444..aea22b2 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2918,6 +2943,11 @@ retry_avoidcopy: +@@ -2903,6 +2928,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -100024,7 +94509,7 @@ index 7ae5444..aea22b2 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -3077,6 +3107,10 @@ retry: +@@ -3063,6 +3093,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -100035,7 +94520,7 @@ index 7ae5444..aea22b2 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -3143,6 +3177,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3129,6 +3163,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, struct hstate *h = hstate_vma(vma); struct address_space *mapping; @@ -100046,7 +94531,7 @@ index 7ae5444..aea22b2 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -3156,6 +3194,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3142,6 +3180,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -100074,7 +94559,7 @@ index 7ae5444..aea22b2 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index 7f22a11f..f3c207f 100644 +index a1b651b..f688570 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -109,6 +109,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); @@ -100095,7 +94580,7 @@ index 7f22a11f..f3c207f 100644 extern void set_pageblock_order(void); unsigned long reclaim_clean_pages_from_list(struct zone *zone, diff --git a/mm/iov_iter.c b/mm/iov_iter.c -index 7b5dbd1..af0e329 100644 +index 9a09f20..6ef0515 100644 --- a/mm/iov_iter.c +++ b/mm/iov_iter.c @@ -173,7 +173,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, @@ -100170,7 +94655,7 @@ index d53adf9..03a24bf 100644 set_fs(old_fs); diff --git a/mm/madvise.c b/mm/madvise.c -index a402f8f..f5e5daa 100644 +index 0938b30..199abe8 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct *vma, @@ -100232,7 +94717,7 @@ index a402f8f..f5e5daa 100644 return 0; } -@@ -491,6 +522,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) +@@ -488,6 +519,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) if (end < start) return error; @@ -100250,7 +94735,7 @@ index a402f8f..f5e5daa 100644 if (end == start) return error; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index a013bc9..a897a14 100644 +index 44c6bd2..60369dc3 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -100298,7 +94783,7 @@ index a013bc9..a897a14 100644 unlock_page(hpage); return 0; } -@@ -1186,14 +1186,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1196,14 +1196,14 @@ int memory_failure(unsigned long pfn, int trapno, int flags) */ if (!PageHWPoison(p)) { printk(KERN_ERR "MCE %#lx: just unpoisoned\n", pfn); @@ -100315,7 +94800,7 @@ index a013bc9..a897a14 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1423,7 +1423,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1433,7 +1433,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -100324,7 +94809,7 @@ index a013bc9..a897a14 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1437,7 +1437,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1447,7 +1447,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -100333,7 +94818,7 @@ index a013bc9..a897a14 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1562,11 +1562,11 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1572,11 +1572,11 @@ static int soft_offline_huge_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -100347,7 +94832,7 @@ index a013bc9..a897a14 100644 } } return ret; -@@ -1605,7 +1605,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1615,7 +1615,7 @@ static int __soft_offline_page(struct page *page, int flags) put_page(page); pr_info("soft_offline: %#lx: invalidated\n", pfn); SetPageHWPoison(page); @@ -100356,7 +94841,7 @@ index a013bc9..a897a14 100644 return 0; } -@@ -1656,7 +1656,7 @@ static int __soft_offline_page(struct page *page, int flags) +@@ -1666,7 +1666,7 @@ static int __soft_offline_page(struct page *page, int flags) if (!is_free_buddy_page(page)) pr_info("soft offline: %#lx: page leaked\n", pfn); @@ -100365,7 +94850,7 @@ index a013bc9..a897a14 100644 } } else { pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", -@@ -1726,11 +1726,11 @@ int soft_offline_page(struct page *page, int flags) +@@ -1736,11 +1736,11 @@ int soft_offline_page(struct page *page, int flags) if (PageHuge(page)) { set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); @@ -100380,10 +94865,10 @@ index a013bc9..a897a14 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 533023d..32da202 100644 +index e229970..2917c98 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -100391,7 +94876,7 @@ index 533023d..32da202 100644 start &= PUD_MASK; if (start < floor) return; -@@ -427,6 +428,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -429,6 +430,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -100400,7 +94885,7 @@ index 533023d..32da202 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -446,6 +449,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -448,6 +451,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -100408,7 +94893,7 @@ index 533023d..32da202 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -460,6 +464,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -462,6 +466,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -100667,7 +95152,7 @@ index 533023d..32da202 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2215,6 +2422,12 @@ gotten: +@@ -2216,6 +2423,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -100680,7 +95165,7 @@ index 533023d..32da202 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2266,6 +2479,10 @@ gotten: +@@ -2269,6 +2482,10 @@ gotten: page_remove_rmap(old_page); } @@ -100691,7 +95176,7 @@ index 533023d..32da202 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2539,6 +2756,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2543,6 +2760,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -100703,7 +95188,7 @@ index 533023d..32da202 100644 unlock_page(page); if (page != swapcache) { /* -@@ -2562,6 +2784,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2566,6 +2788,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -100715,7 +95200,7 @@ index 533023d..32da202 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -2581,40 +2808,6 @@ out_release: +@@ -2585,40 +2812,6 @@ out_release: } /* @@ -100756,10 +95241,10 @@ index 533023d..32da202 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2623,27 +2816,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, - unsigned long address, pte_t *page_table, pmd_t *pmd, +@@ -2628,27 +2821,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned int flags) { + struct mem_cgroup *memcg; - struct page *page; + struct page *page = NULL; spinlock_t *ptl; @@ -100789,7 +95274,7 @@ index 533023d..32da202 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -2667,6 +2856,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2672,6 +2861,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -100800,8 +95285,8 @@ index 533023d..32da202 100644 + inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); - setpte: -@@ -2674,6 +2868,12 @@ setpte: + mem_cgroup_commit_charge(page, memcg, false); +@@ -2681,6 +2875,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -100814,7 +95299,7 @@ index 533023d..32da202 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -2905,6 +3105,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2911,6 +3111,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, false, false); @@ -100826,7 +95311,7 @@ index 533023d..32da202 100644 unlock_page(fault_page); unlock_out: pte_unmap_unlock(pte, ptl); -@@ -2946,7 +3151,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2953,7 +3158,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, page_cache_release(fault_page); goto uncharge_out; } @@ -100842,10 +95327,10 @@ index 533023d..32da202 100644 + pax_mirror_anon_pte(vma, address, new_page, ptl); +#endif + + mem_cgroup_commit_charge(new_page, memcg, false); + lru_cache_add_active_or_unevictable(new_page, vma); pte_unmap_unlock(pte, ptl); - unlock_page(fault_page); - page_cache_release(fault_page); -@@ -2994,6 +3210,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3003,6 +3219,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, true, false); @@ -100857,7 +95342,7 @@ index 533023d..32da202 100644 pte_unmap_unlock(pte, ptl); if (set_page_dirty(fault_page)) -@@ -3224,6 +3445,12 @@ static int handle_pte_fault(struct mm_struct *mm, +@@ -3244,6 +3465,12 @@ static int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -100870,7 +95355,7 @@ index 533023d..32da202 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3240,9 +3467,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3263,9 +3490,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -100912,7 +95397,7 @@ index 533023d..32da202 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3370,6 +3629,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3399,6 +3658,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -100936,7 +95421,7 @@ index 533023d..32da202 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3400,6 +3676,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3429,6 +3705,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -100966,17 +95451,8 @@ index 533023d..32da202 100644 +} #endif /* __PAGETABLE_PMD_FOLDED */ - #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3413,7 +3713,7 @@ static int __init gate_vma_init(void) - gate_vma.vm_start = FIXADDR_USER_START; - gate_vma.vm_end = FIXADDR_USER_END; - gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; -- gate_vma.vm_page_prot = __P101; -+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); - - return 0; - } -@@ -3547,8 +3847,8 @@ out: + static int __follow_pte(struct mm_struct *mm, unsigned long address, +@@ -3538,8 +3838,8 @@ out: return ret; } @@ -100987,7 +95463,7 @@ index 533023d..32da202 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3574,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -3565,8 +3865,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -100998,7 +95474,7 @@ index 533023d..32da202 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3583,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3574,7 +3874,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -101007,7 +95483,7 @@ index 533023d..32da202 100644 void *maddr; struct page *page = NULL; -@@ -3642,8 +3942,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3635,8 +3935,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -101018,7 +95494,7 @@ index 533023d..32da202 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3653,11 +3953,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3646,11 +3946,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -101110,10 +95586,10 @@ index 8f5330d..b41914b 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 0bba979..75c0f45 100644 +index 2740360..d20a37d 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1509,8 +1509,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1503,8 +1503,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -101124,7 +95600,7 @@ index 0bba979..75c0f45 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index b1eb536..091d154 100644 +index ce84cb0..6d5a9aa 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -14,6 +14,7 @@ @@ -101135,7 +95611,7 @@ index b1eb536..091d154 100644 #include <linux/sched.h> #include <linux/export.h> #include <linux/rmap.h> -@@ -606,7 +607,7 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -613,7 +614,7 @@ static int do_mlock(unsigned long start, size_t len, int on) { unsigned long nstart, end, tmp; struct vm_area_struct * vma, * prev; @@ -101144,7 +95620,7 @@ index b1eb536..091d154 100644 VM_BUG_ON(start & ~PAGE_MASK); VM_BUG_ON(len != PAGE_ALIGN(len)); -@@ -615,6 +616,9 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -622,6 +623,9 @@ static int do_mlock(unsigned long start, size_t len, int on) return -EINVAL; if (end == start) return 0; @@ -101154,7 +95630,7 @@ index b1eb536..091d154 100644 vma = find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -626,6 +630,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -633,6 +637,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -101166,7 +95642,7 @@ index b1eb536..091d154 100644 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ newflags = vma->vm_flags & ~VM_LOCKED; -@@ -739,6 +748,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) +@@ -746,6 +755,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) locked += current->mm->locked_vm; /* check against resource limits */ @@ -101174,7 +95650,7 @@ index b1eb536..091d154 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); -@@ -776,6 +786,11 @@ static int do_mlockall(int flags) +@@ -783,6 +793,11 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; @@ -101186,7 +95662,7 @@ index b1eb536..091d154 100644 newflags = vma->vm_flags & ~VM_LOCKED; if (flags & MCL_CURRENT) newflags |= VM_LOCKED; -@@ -807,8 +822,10 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -814,8 +829,10 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -101199,10 +95675,10 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 129b847..fbed804 100644 +index c0a3637..c760814 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -40,6 +40,7 @@ +@@ -41,6 +41,7 @@ #include <linux/notifier.h> #include <linux/memory.h> #include <linux/printk.h> @@ -101210,7 +95686,7 @@ index 129b847..fbed804 100644 #include <asm/uaccess.h> #include <asm/cacheflush.h> -@@ -56,6 +57,16 @@ +@@ -57,6 +58,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -101227,7 +95703,7 @@ index 129b847..fbed804 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -75,16 +86,25 @@ static void unmap_region(struct mm_struct *mm, +@@ -76,16 +87,25 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -101256,7 +95732,7 @@ index 129b847..fbed804 100644 } EXPORT_SYMBOL(vm_get_page_prot); -@@ -94,6 +114,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; +@@ -95,6 +115,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ @@ -101264,7 +95740,7 @@ index 129b847..fbed804 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -250,6 +271,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -255,6 +276,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -101272,7 +95748,7 @@ index 129b847..fbed804 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -294,6 +316,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -299,6 +321,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -101285,7 +95761,7 @@ index 129b847..fbed804 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -944,6 +972,12 @@ static int +@@ -949,6 +977,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -101298,7 +95774,7 @@ index 129b847..fbed804 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -963,6 +997,12 @@ static int +@@ -968,6 +1002,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -101311,7 +95787,7 @@ index 129b847..fbed804 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1005,13 +1045,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -1010,13 +1050,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -101333,7 +95809,7 @@ index 129b847..fbed804 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1027,6 +1074,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1032,6 +1079,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -101349,7 +95825,7 @@ index 129b847..fbed804 100644 /* * Can it merge with the predecessor? */ -@@ -1046,9 +1102,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1051,9 +1107,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -101375,7 +95851,7 @@ index 129b847..fbed804 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1062,12 +1133,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -101405,7 +95881,7 @@ index 129b847..fbed804 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1176,8 +1262,10 @@ none: +@@ -1181,8 +1267,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -101418,7 +95894,7 @@ index 129b847..fbed804 100644 mm->total_vm += pages; -@@ -1185,7 +1273,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1190,7 +1278,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -101427,7 +95903,7 @@ index 129b847..fbed804 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1215,6 +1303,7 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1220,6 +1308,7 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -101435,7 +95911,7 @@ index 129b847..fbed804 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1241,7 +1330,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1246,7 +1335,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -101444,7 +95920,7 @@ index 129b847..fbed804 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1267,7 +1356,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1272,7 +1361,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -101453,7 +95929,7 @@ index 129b847..fbed804 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1278,6 +1367,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1283,6 +1372,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -101497,7 +95973,7 @@ index 129b847..fbed804 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1365,6 +1491,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1370,6 +1496,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -101507,7 +95983,7 @@ index 129b847..fbed804 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1458,7 +1587,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1463,7 +1592,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -101516,7 +95992,7 @@ index 129b847..fbed804 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1504,7 +1633,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1509,7 +1638,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -101539,7 +96015,7 @@ index 129b847..fbed804 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1523,11 +1667,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1528,11 +1672,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, /* Clear old maps */ error = -ENOMEM; @@ -101552,7 +96028,7 @@ index 129b847..fbed804 100644 } /* -@@ -1558,6 +1701,16 @@ munmap_back: +@@ -1563,6 +1706,16 @@ munmap_back: goto unacct_error; } @@ -101569,7 +96045,7 @@ index 129b847..fbed804 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1577,6 +1730,13 @@ munmap_back: +@@ -1593,6 +1746,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -101583,7 +96059,7 @@ index 129b847..fbed804 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1610,6 +1770,12 @@ munmap_back: +@@ -1626,6 +1786,12 @@ munmap_back: } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -101594,9 +96070,9 @@ index 129b847..fbed804 100644 +#endif + /* Once vma denies write, undo our temporary denial count */ - if (vm_flags & VM_DENYWRITE) - allow_write_access(file); -@@ -1618,6 +1784,7 @@ out: + if (file) { + if (vm_flags & VM_SHARED) +@@ -1638,6 +1804,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -101604,9 +96080,9 @@ index 129b847..fbed804 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1650,6 +1817,12 @@ unmap_and_free_vma: - unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); - charged = 0; +@@ -1673,6 +1840,12 @@ allow_write_and_free_vma: + if (vm_flags & VM_DENYWRITE) + allow_write_access(file); free_vma: + +#ifdef CONFIG_PAX_SEGMEXEC @@ -101617,7 +96093,7 @@ index 129b847..fbed804 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1657,7 +1830,63 @@ unacct_error: +@@ -1680,7 +1853,63 @@ unacct_error: return error; } @@ -101682,7 +96158,7 @@ index 129b847..fbed804 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1705,11 +1934,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1728,11 +1957,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -101713,7 +96189,7 @@ index 129b847..fbed804 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1759,7 +2006,7 @@ found: +@@ -1782,7 +2029,7 @@ found: return gap_start; } @@ -101722,7 +96198,7 @@ index 129b847..fbed804 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1813,6 +2060,24 @@ check_current: +@@ -1836,6 +2083,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -101747,7 +96223,7 @@ index 129b847..fbed804 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1876,6 +2141,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1899,6 +2164,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -101755,7 +96231,7 @@ index 129b847..fbed804 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1883,11 +2149,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1906,11 +2172,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -101772,7 +96248,7 @@ index 129b847..fbed804 100644 return addr; } -@@ -1896,6 +2166,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1919,6 +2189,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -101780,7 +96256,7 @@ index 129b847..fbed804 100644 return vm_unmapped_area(&info); } #endif -@@ -1914,6 +2185,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1937,6 +2208,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -101788,7 +96264,7 @@ index 129b847..fbed804 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1922,12 +2194,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1945,12 +2217,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -101806,7 +96282,7 @@ index 129b847..fbed804 100644 return addr; } -@@ -1936,6 +2212,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1959,6 +2235,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -101814,7 +96290,7 @@ index 129b847..fbed804 100644 addr = vm_unmapped_area(&info); /* -@@ -1948,6 +2225,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1971,6 +2248,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -101827,7 +96303,7 @@ index 129b847..fbed804 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2048,6 +2331,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2071,6 +2354,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -101856,7 +96332,7 @@ index 129b847..fbed804 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2064,6 +2369,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2087,6 +2392,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -101864,7 +96340,7 @@ index 129b847..fbed804 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2074,6 +2380,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2097,6 +2403,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -101872,7 +96348,7 @@ index 129b847..fbed804 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2103,37 +2410,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2126,37 +2433,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -101930,7 +96406,7 @@ index 129b847..fbed804 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2168,6 +2486,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2191,6 +2509,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -101939,7 +96415,7 @@ index 129b847..fbed804 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2182,6 +2502,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -101948,7 +96424,7 @@ index 129b847..fbed804 100644 /* * We must make sure the anon_vma is allocated -@@ -2195,6 +2517,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2218,6 +2540,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -101964,7 +96440,7 @@ index 129b847..fbed804 100644 vma_lock_anon_vma(vma); /* -@@ -2204,9 +2535,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2227,9 +2558,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -101983,7 +96459,7 @@ index 129b847..fbed804 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2231,13 +2570,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2254,13 +2593,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -102011,7 +96487,7 @@ index 129b847..fbed804 100644 khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); return error; -@@ -2335,6 +2688,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -102025,7 +96501,7 @@ index 129b847..fbed804 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2379,6 +2739,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2402,6 +2762,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -102042,7 +96518,7 @@ index 129b847..fbed804 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2406,14 +2776,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2429,14 +2799,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -102076,7 +96552,7 @@ index 129b847..fbed804 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2426,6 +2815,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2449,6 +2838,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -102099,7 +96575,7 @@ index 129b847..fbed804 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2445,6 +2850,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2468,6 +2873,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -102138,7 +96614,7 @@ index 129b847..fbed804 100644 /* Success. */ if (!err) return 0; -@@ -2454,10 +2891,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2477,10 +2914,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -102158,7 +96634,7 @@ index 129b847..fbed804 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2470,6 +2915,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2493,6 +2938,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -102174,7 +96650,7 @@ index 129b847..fbed804 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2481,11 +2935,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2504,11 +2958,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -102205,7 +96681,7 @@ index 129b847..fbed804 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2560,6 +3033,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2583,6 +3056,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -102214,7 +96690,7 @@ index 129b847..fbed804 100644 return 0; } -@@ -2568,6 +3043,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2591,6 +3066,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -102228,7 +96704,7 @@ index 129b847..fbed804 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2581,16 +3063,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2604,16 +3086,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -102245,7 +96721,7 @@ index 129b847..fbed804 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2604,6 +3076,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2627,6 +3099,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -102253,7 +96729,7 @@ index 129b847..fbed804 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2611,10 +3084,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2634,10 +3107,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -102278,7 +96754,7 @@ index 129b847..fbed804 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2628,21 +3115,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2651,21 +3138,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -102303,7 +96779,7 @@ index 129b847..fbed804 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2656,7 +3142,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2679,7 +3165,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -102312,7 +96788,7 @@ index 129b847..fbed804 100644 return -ENOMEM; } -@@ -2670,10 +3156,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2693,10 +3179,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -102326,7 +96802,7 @@ index 129b847..fbed804 100644 return addr; } -@@ -2735,6 +3222,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2758,6 +3245,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -102334,7 +96810,7 @@ index 129b847..fbed804 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2752,6 +3240,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2775,6 +3263,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -102348,7 +96824,7 @@ index 129b847..fbed804 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2775,7 +3270,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2798,7 +3293,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -102370,7 +96846,7 @@ index 129b847..fbed804 100644 return 0; } -@@ -2794,6 +3303,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2817,6 +3326,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -102379,7 +96855,7 @@ index 129b847..fbed804 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2858,6 +3369,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2881,6 +3392,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -102419,7 +96895,7 @@ index 129b847..fbed804 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2869,6 +3413,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2892,6 +3436,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -102427,7 +96903,7 @@ index 129b847..fbed804 100644 if (cur + npages > lim) return 0; return 1; -@@ -2951,6 +3496,22 @@ static struct vm_area_struct *__install_special_mapping( +@@ -2974,6 +3519,22 @@ static struct vm_area_struct *__install_special_mapping( vma->vm_start = addr; vma->vm_end = addr + len; @@ -102790,7 +97266,7 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 4a852f6..4371a6b 100644 +index a881d96..e5932cd 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -102825,7 +97301,7 @@ index 4a852f6..4371a6b 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -2007,8 +1998,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, +@@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -102836,7 +97312,7 @@ index 4a852f6..4371a6b 100644 { struct vm_area_struct *vma; -@@ -2049,8 +2040,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -2044,8 +2035,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -102847,7 +97323,7 @@ index 4a852f6..4371a6b 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -2059,7 +2050,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -2054,7 +2045,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Access another process' address space. * - source/target buffer must be kernel space */ @@ -102857,10 +97333,10 @@ index 4a852f6..4371a6b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index e0c9430..3c6bf79 100644 +index 91d73ef..0e564d2 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c -@@ -667,7 +667,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, +@@ -664,7 +664,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, * card's bdi_dirty may rush to many times higher than bdi_setpoint. * - the bdi dirty thresh drops quickly due to change of JBOD workload */ @@ -102870,7 +97346,7 @@ index e0c9430..3c6bf79 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index ef44ad7..1056bc7 100644 +index eee9619..155d328 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -102890,7 +97366,7 @@ index ef44ad7..1056bc7 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -745,6 +746,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -751,6 +752,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -102901,7 +97377,7 @@ index ef44ad7..1056bc7 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -761,6 +766,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -767,6 +772,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -102914,7 +97390,7 @@ index ef44ad7..1056bc7 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -784,6 +795,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -790,6 +801,20 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -102935,7 +97411,7 @@ index ef44ad7..1056bc7 100644 void __init __free_pages_bootmem(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -799,6 +824,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) +@@ -805,6 +830,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order) __ClearPageReserved(p); set_page_count(p, 0); @@ -102955,7 +97431,7 @@ index ef44ad7..1056bc7 100644 page_zone(page)->managed_pages += nr_pages; set_page_refcounted(page); __free_pages(page, order); -@@ -927,8 +965,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags) +@@ -933,8 +971,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -102966,17 +97442,35 @@ index ef44ad7..1056bc7 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -2427,7 +2467,7 @@ static void reset_alloc_batches(struct zonelist *zonelist, - continue; +@@ -1612,7 +1652,7 @@ again: + } + + __mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order)); +- if (atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0 && ++ if (atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0 && + !zone_is_fair_depleted(zone)) + zone_set_flag(zone, ZONE_FAIR_DEPLETED); + +@@ -1933,7 +1973,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) + do { mod_zone_page_state(zone, NR_ALLOC_BATCH, high_wmark_pages(zone) - low_wmark_pages(zone) - - atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH])); + atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH])); - } + zone_clear_flag(zone, ZONE_FAIR_DEPLETED); + } while (zone++ != preferred_zone); } +@@ -5702,7 +5742,7 @@ static void __setup_per_zone_wmarks(void) + __mod_zone_page_state(zone, NR_ALLOC_BATCH, + high_wmark_pages(zone) - low_wmark_pages(zone) - +- atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH])); ++ atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH])); + + setup_zone_migrate_reserve(zone); + spin_unlock_irqrestore(&zone->lock, flags); diff --git a/mm/percpu.c b/mm/percpu.c -index 492f601..a32872d 100644 +index da997f9..19040e9 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -123,7 +123,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -102988,19 +97482,6 @@ index 492f601..a32872d 100644 EXPORT_SYMBOL_GPL(pcpu_base_addr); static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ -diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c -index a8b9199..dfb79e0 100644 ---- a/mm/pgtable-generic.c -+++ b/mm/pgtable-generic.c -@@ -195,7 +195,7 @@ void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, - pmd_t entry = *pmdp; - if (pmd_numa(entry)) - entry = pmd_mknonnuma(entry); -- set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(*pmdp)); -+ set_pmd_at(vma->vm_mm, address, pmdp, pmd_mknotpresent(entry)); - flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); - } - #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c index 5077afc..846c9ef 100644 --- a/mm/process_vm_access.c @@ -103053,7 +97534,7 @@ index 5077afc..846c9ef 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 22a4a76..9551288 100644 +index 3e8491c..02abccc 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -103156,7 +97637,7 @@ index 22a4a76..9551288 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index e53ab3a..f7f853d 100644 +index 469f90d..34a09ee 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -103168,7 +97649,7 @@ index e53ab3a..f7f853d 100644 #ifdef CONFIG_SHMEM /* -@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt; +@@ -80,7 +80,7 @@ static struct vfsmount *shm_mnt; #define BOGO_DIRENT_SIZE 20 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */ @@ -103177,7 +97658,7 @@ index e53ab3a..f7f853d 100644 /* * shmem_fallocate communicates with shmem_fault or shmem_writepage via -@@ -2221,6 +2221,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2524,6 +2524,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -103189,7 +97670,7 @@ index e53ab3a..f7f853d 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2276,6 +2281,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2579,6 +2584,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -103205,7 +97686,7 @@ index e53ab3a..f7f853d 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2588,8 +2602,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2962,8 +2976,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -103216,10 +97697,10 @@ index e53ab3a..f7f853d 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index c9103e4..6596d86 100644 +index 7c52b38..dc55dcb 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -311,10 +311,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) +@@ -316,10 +316,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) if ((x)->max_freeable < i) \ (x)->max_freeable = i; \ } while (0) @@ -103236,7 +97717,7 @@ index c9103e4..6596d86 100644 #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -331,6 +333,8 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) +@@ -336,6 +338,8 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) #define STATS_INC_ALLOCMISS(x) do { } while (0) #define STATS_INC_FREEHIT(x) do { } while (0) #define STATS_INC_FREEMISS(x) do { } while (0) @@ -103245,7 +97726,7 @@ index c9103e4..6596d86 100644 #endif #if DEBUG -@@ -447,7 +451,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct page *page, +@@ -452,7 +456,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct page *page, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -103254,7 +97735,7 @@ index c9103e4..6596d86 100644 { u32 offset = (obj - page->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -1558,12 +1562,12 @@ void __init kmem_cache_init(void) +@@ -1462,12 +1466,12 @@ void __init kmem_cache_init(void) */ kmalloc_caches[INDEX_AC] = create_kmalloc_cache("kmalloc-ac", @@ -103269,7 +97750,7 @@ index c9103e4..6596d86 100644 slab_early_init = 0; -@@ -3505,6 +3509,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, +@@ -3384,6 +3388,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp, struct array_cache *ac = cpu_cache_get(cachep); check_irq_off(); @@ -103291,7 +97772,7 @@ index c9103e4..6596d86 100644 kmemleak_free_recursive(objp, cachep->flags); objp = cache_free_debugcheck(cachep, objp, caller); -@@ -3728,6 +3747,7 @@ void kfree(const void *objp) +@@ -3607,6 +3626,7 @@ void kfree(const void *objp) if (unlikely(ZERO_OR_NULL_PTR(objp))) return; @@ -103299,7 +97780,7 @@ index c9103e4..6596d86 100644 local_irq_save(flags); kfree_debugcheck(objp); c = virt_to_cache(objp); -@@ -4169,14 +4189,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) +@@ -4056,14 +4076,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -103326,7 +97807,7 @@ index c9103e4..6596d86 100644 #endif } -@@ -4397,13 +4425,69 @@ static const struct file_operations proc_slabstats_operations = { +@@ -4281,13 +4309,69 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -103398,7 +97879,7 @@ index c9103e4..6596d86 100644 * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object diff --git a/mm/slab.h b/mm/slab.h -index 961a3fb..6b12514 100644 +index 0e0fdd3..c61c735 100644 --- a/mm/slab.h +++ b/mm/slab.h @@ -32,6 +32,15 @@ extern struct list_head slab_caches; @@ -103438,10 +97919,10 @@ index 961a3fb..6b12514 100644 if (slab_equal_or_root(cachep, s)) return cachep; diff --git a/mm/slab_common.c b/mm/slab_common.c -index d31c4ba..1121296 100644 +index d319502..9eb3eb5 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c -@@ -23,11 +23,22 @@ +@@ -25,11 +25,22 @@ #include "slab.h" @@ -103465,7 +97946,7 @@ index d31c4ba..1121296 100644 #ifdef CONFIG_DEBUG_VM static int kmem_cache_sanity_check(const char *name, size_t size) { -@@ -158,7 +169,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align, +@@ -160,7 +171,7 @@ do_kmem_cache_create(char *name, size_t object_size, size_t size, size_t align, if (err) goto out_free_cache; @@ -103474,7 +97955,7 @@ index d31c4ba..1121296 100644 list_add(&s->list, &slab_caches); out: if (err) -@@ -339,8 +350,7 @@ void kmem_cache_destroy(struct kmem_cache *s) +@@ -341,8 +352,7 @@ void kmem_cache_destroy(struct kmem_cache *s) mutex_lock(&slab_mutex); @@ -103484,7 +97965,7 @@ index d31c4ba..1121296 100644 goto out_unlock; if (memcg_cleanup_cache_params(s) != 0) -@@ -360,7 +370,7 @@ void kmem_cache_destroy(struct kmem_cache *s) +@@ -362,7 +372,7 @@ void kmem_cache_destroy(struct kmem_cache *s) rcu_barrier(); memcg_free_cache_params(s); @@ -103493,7 +97974,7 @@ index d31c4ba..1121296 100644 sysfs_slab_remove(s); #else slab_kmem_cache_release(s); -@@ -416,7 +426,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz +@@ -418,7 +428,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n", name, size, err); @@ -103502,7 +97983,7 @@ index d31c4ba..1121296 100644 } struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, -@@ -429,7 +439,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, +@@ -431,7 +441,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, create_boot_cache(s, name, size, flags); list_add(&s->list, &slab_caches); @@ -103511,7 +97992,7 @@ index d31c4ba..1121296 100644 return s; } -@@ -441,6 +451,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; +@@ -443,6 +453,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1]; EXPORT_SYMBOL(kmalloc_dma_caches); #endif @@ -103523,7 +98004,7 @@ index d31c4ba..1121296 100644 /* * Conversion table for small slabs sizes / 8 to the index in the * kmalloc array. This is necessary for slabs < 192 since we have non power -@@ -505,6 +520,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) +@@ -507,6 +522,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags) return kmalloc_dma_caches[index]; #endif @@ -103537,7 +98018,7 @@ index d31c4ba..1121296 100644 return kmalloc_caches[index]; } -@@ -561,7 +583,7 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -563,7 +585,7 @@ void __init create_kmalloc_caches(unsigned long flags) for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) { if (!kmalloc_caches[i]) { kmalloc_caches[i] = create_kmalloc_cache(NULL, @@ -103546,7 +98027,7 @@ index d31c4ba..1121296 100644 } /* -@@ -570,10 +592,10 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -572,10 +594,10 @@ void __init create_kmalloc_caches(unsigned long flags) * earlier power of two caches */ if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6) @@ -103559,7 +98040,7 @@ index d31c4ba..1121296 100644 } /* Kmalloc array is now usable */ -@@ -606,6 +628,23 @@ void __init create_kmalloc_caches(unsigned long flags) +@@ -608,6 +630,23 @@ void __init create_kmalloc_caches(unsigned long flags) } } #endif @@ -103583,7 +98064,7 @@ index d31c4ba..1121296 100644 } #endif /* !CONFIG_SLOB */ -@@ -664,6 +703,9 @@ void print_slabinfo_header(struct seq_file *m) +@@ -666,6 +705,9 @@ void print_slabinfo_header(struct seq_file *m) seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> " "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>"); seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>"); @@ -103965,7 +98446,7 @@ index 21980e0..ed9a648 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 7300480..cb92846 100644 +index 3e8afcc..68c99031 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -207,7 +207,7 @@ struct track { @@ -103977,7 +98458,7 @@ index 7300480..cb92846 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void memcg_propagate_slab_attrs(struct kmem_cache *s); -@@ -546,7 +546,7 @@ static void print_track(const char *s, struct track *t) +@@ -545,7 +545,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -103986,7 +98467,7 @@ index 7300480..cb92846 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2673,6 +2673,14 @@ static __always_inline void slab_free(struct kmem_cache *s, +@@ -2643,6 +2643,14 @@ static __always_inline void slab_free(struct kmem_cache *s, slab_free_hook(s, x); @@ -104001,7 +98482,7 @@ index 7300480..cb92846 100644 redo: /* * Determine the currently cpus per cpu slab. -@@ -2740,7 +2748,7 @@ static int slub_min_objects; +@@ -2710,7 +2718,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -104010,7 +98491,7 @@ index 7300480..cb92846 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3019,6 +3027,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -2986,6 +2994,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) s->inuse = size; if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || @@ -104020,7 +98501,7 @@ index 7300480..cb92846 100644 s->ctor)) { /* * Relocate free pointer after the object if it is not -@@ -3347,6 +3358,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3313,6 +3324,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -104080,7 +98561,7 @@ index 7300480..cb92846 100644 size_t ksize(const void *object) { struct page *page; -@@ -3375,6 +3439,7 @@ void kfree(const void *x) +@@ -3341,6 +3405,7 @@ void kfree(const void *x) if (unlikely(ZERO_OR_NULL_PTR(x))) return; @@ -104088,7 +98569,7 @@ index 7300480..cb92846 100644 page = virt_to_head_page(x); if (unlikely(!PageSlab(page))) { BUG_ON(!PageCompound(page)); -@@ -3680,7 +3745,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3642,7 +3707,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -104097,7 +98578,7 @@ index 7300480..cb92846 100644 return 1; return 0; -@@ -3737,7 +3802,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, +@@ -3699,7 +3764,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, int i; struct kmem_cache *c; @@ -104106,7 +98587,7 @@ index 7300480..cb92846 100644 /* * Adjust the object sizes so that we clear -@@ -3756,7 +3821,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, +@@ -3718,7 +3783,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align, } if (sysfs_slab_alias(s, name)) { @@ -104115,7 +98596,7 @@ index 7300480..cb92846 100644 s = NULL; } } -@@ -3873,7 +3938,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3835,7 +3900,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -104124,7 +98605,7 @@ index 7300480..cb92846 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4156,7 +4221,11 @@ static int list_locations(struct kmem_cache *s, char *buf, +@@ -4116,7 +4181,11 @@ static int list_locations(struct kmem_cache *s, char *buf, len += sprintf(buf + len, "%7ld ", l->count); if (l->addr) @@ -104136,7 +98617,7 @@ index 7300480..cb92846 100644 else len += sprintf(buf + len, "<not-available>"); -@@ -4258,12 +4327,12 @@ static void resiliency_test(void) +@@ -4218,12 +4287,12 @@ static void __init resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -104151,7 +98632,7 @@ index 7300480..cb92846 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4503,13 +4572,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) +@@ -4460,13 +4529,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) { if (!s->ctor) return 0; @@ -104165,12 +98646,12 @@ index 7300480..cb92846 100644 static ssize_t aliases_show(struct kmem_cache *s, char *buf) { -- return sprintf(buf, "%d\n", s->refcount - 1); -+ return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1); +- return sprintf(buf, "%d\n", s->refcount < 0 ? 0 : s->refcount - 1); ++ return sprintf(buf, "%d\n", atomic_read(&s->refcount) < 0 ? 0 : atomic_read(&s->refcount) - 1); } SLAB_ATTR_RO(aliases); -@@ -4597,6 +4670,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) +@@ -4554,6 +4627,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) SLAB_ATTR_RO(cache_dma); #endif @@ -104185,7 +98666,7 @@ index 7300480..cb92846 100644 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) { return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU)); -@@ -4931,6 +5012,9 @@ static struct attribute *slab_attrs[] = { +@@ -4888,6 +4969,9 @@ static struct attribute *slab_attrs[] = { #ifdef CONFIG_ZONE_DMA &cache_dma_attr.attr, #endif @@ -104195,7 +98676,7 @@ index 7300480..cb92846 100644 #ifdef CONFIG_NUMA &remote_node_defrag_ratio_attr.attr, #endif -@@ -5181,6 +5265,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5132,6 +5216,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -104203,7 +98684,7 @@ index 7300480..cb92846 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5254,6 +5339,7 @@ void sysfs_slab_remove(struct kmem_cache *s) +@@ -5205,6 +5290,7 @@ void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -104211,7 +98692,7 @@ index 7300480..cb92846 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5267,6 +5353,7 @@ struct saved_alias { +@@ -5218,6 +5304,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -104219,7 +98700,7 @@ index 7300480..cb92846 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5289,6 +5376,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5240,6 +5327,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -104263,7 +98744,7 @@ index d1b48b6..6e8590e 100644 } } diff --git a/mm/swap.c b/mm/swap.c -index 9e8e347..3c22e0f 100644 +index 6b2dc38..46b79ba 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -31,6 +31,7 @@ @@ -104274,7 +98755,7 @@ index 9e8e347..3c22e0f 100644 #include "internal.h" -@@ -76,6 +77,8 @@ static void __put_compound_page(struct page *page) +@@ -77,6 +78,8 @@ static void __put_compound_page(struct page *page) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -104284,7 +98765,7 @@ index 9e8e347..3c22e0f 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 4c524f7..f7601f17 100644 +index 8798b2e..348f9dd 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -84,7 +84,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -104296,7 +98777,7 @@ index 4c524f7..f7601f17 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1945,7 +1945,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1944,7 +1944,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) spin_unlock(&swap_lock); err = 0; @@ -104305,7 +98786,7 @@ index 4c524f7..f7601f17 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1962,8 +1962,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1961,8 +1961,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -104316,7 +98797,7 @@ index 4c524f7..f7601f17 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -2061,7 +2061,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -2060,7 +2060,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -104325,7 +98806,7 @@ index 4c524f7..f7601f17 100644 return 0; } -@@ -2521,7 +2521,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2520,7 +2520,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -104335,10 +98816,10 @@ index 4c524f7..f7601f17 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 33e9f44..be026b2 100644 +index 093c973..b70a268 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -296,6 +296,12 @@ done: +@@ -202,6 +202,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -104351,7 +98832,7 @@ index 33e9f44..be026b2 100644 mm->get_unmapped_area = arch_get_unmapped_area; } #endif -@@ -472,6 +478,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen) +@@ -378,6 +384,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -104362,7 +98843,7 @@ index 33e9f44..be026b2 100644 if (len > buflen) diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index f64632b..e8c52e7 100644 +index 2b0aa54..b451f74 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -40,6 +40,21 @@ struct vfree_deferred { @@ -104544,7 +99025,7 @@ index f64632b..e8c52e7 100644 } /* Import existing vmlist entries. */ -@@ -1318,6 +1397,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1314,6 +1393,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -104561,7 +99042,7 @@ index f64632b..e8c52e7 100644 if (flags & VM_IOREMAP) align = 1ul << clamp(fls(size), PAGE_SHIFT, IOREMAP_MAX_ORDER); -@@ -1523,6 +1612,23 @@ void vunmap(const void *addr) +@@ -1519,6 +1608,23 @@ void vunmap(const void *addr) } EXPORT_SYMBOL(vunmap); @@ -104585,7 +99066,7 @@ index f64632b..e8c52e7 100644 /** * vmap - map an array of pages into virtually contiguous space * @pages: array of page pointers -@@ -1543,6 +1649,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1539,6 +1645,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -104597,7 +99078,7 @@ index f64632b..e8c52e7 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1643,6 +1754,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1641,6 +1752,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -104611,7 +99092,7 @@ index f64632b..e8c52e7 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNINITIALIZED, start, end, node, gfp_mask, caller); if (!area) -@@ -1819,10 +1937,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1817,10 +1935,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -104623,7 +99104,7 @@ index f64632b..e8c52e7 100644 NUMA_NO_NODE, __builtin_return_address(0)); } -@@ -2129,6 +2246,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr, +@@ -2127,6 +2244,8 @@ int remap_vmalloc_range_partial(struct vm_area_struct *vma, unsigned long uaddr, { struct vm_struct *area; @@ -104632,7 +99113,7 @@ index f64632b..e8c52e7 100644 size = PAGE_ALIGN(size); if (!PAGE_ALIGNED(uaddr) || !PAGE_ALIGNED(kaddr)) -@@ -2611,7 +2730,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -2609,7 +2728,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) @@ -104645,7 +99126,7 @@ index f64632b..e8c52e7 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index b37bd49..4d7b3da 100644 +index e9ab104..de275bd 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -20,6 +20,7 @@ @@ -104703,7 +99184,7 @@ index b37bd49..4d7b3da 100644 } } #endif -@@ -1162,10 +1163,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos) +@@ -1163,10 +1164,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos) stat_items_size += sizeof(struct vm_event_state); #endif @@ -104727,7 +99208,7 @@ index b37bd49..4d7b3da 100644 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) v[i] = global_page_state(i); v += NR_VM_ZONE_STAT_ITEMS; -@@ -1314,10 +1327,16 @@ static int __init setup_vmstat(void) +@@ -1315,10 +1328,16 @@ static int __init setup_vmstat(void) cpu_notifier_register_done(); #endif #ifdef CONFIG_PROC_FS @@ -104749,10 +99230,10 @@ index b37bd49..4d7b3da 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 44ebd5c..1f732bae 100644 +index 64c6bed..b79a5de 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -475,7 +475,7 @@ out: +@@ -481,7 +481,7 @@ out: return NOTIFY_DONE; } @@ -104761,7 +99242,7 @@ index 44ebd5c..1f732bae 100644 .notifier_call = vlan_device_event, }; -@@ -550,8 +550,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -556,8 +556,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; @@ -104772,7 +99253,7 @@ index 44ebd5c..1f732bae 100644 vn = net_generic(net, vlan_net_id); diff --git a/net/9p/client.c b/net/9p/client.c -index 0004cba..feba240 100644 +index e86a9bea..e91f70e 100644 --- a/net/9p/client.c +++ b/net/9p/client.c @@ -596,7 +596,7 @@ static int p9_check_zc_errors(struct p9_client *c, struct p9_req_t *req, @@ -104784,7 +99265,7 @@ index 0004cba..feba240 100644 if (err) { err = -EFAULT; goto out_err; -@@ -1571,7 +1571,7 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset, +@@ -1570,7 +1570,7 @@ p9_client_read(struct p9_fid *fid, char *data, char __user *udata, u64 offset, kernel_buf = 1; indata = data; } else @@ -104793,7 +99274,7 @@ index 0004cba..feba240 100644 /* * response header len is 11 * PDU Header(7) + IO Size (4) -@@ -1646,7 +1646,7 @@ p9_client_write(struct p9_fid *fid, char *data, const char __user *udata, +@@ -1645,7 +1645,7 @@ p9_client_write(struct p9_fid *fid, char *data, const char __user *udata, kernel_buf = 1; odata = data; } else @@ -104837,32 +99318,6 @@ index 80d08f6..de63fd1 100644 set_fs(oldfs); if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN) -diff --git a/net/Kconfig b/net/Kconfig -index d92afe4..ab63892 100644 ---- a/net/Kconfig -+++ b/net/Kconfig -@@ -89,12 +89,8 @@ config NETWORK_SECMARK - to nfmark, but designated for security purposes. - If you are unsure how to answer this question, answer N. - --config NET_PTP_CLASSIFY -- def_bool n -- - config NETWORK_PHY_TIMESTAMPING - bool "Timestamping in PHY devices" -- select NET_PTP_CLASSIFY - help - This allows timestamping of network packets by PHYs with - hardware timestamping capabilities. This option adds some -@@ -269,7 +265,7 @@ config BQL - config BPF_JIT - bool "enable BPF Just In Time compiler" - depends on HAVE_BPF_JIT -- depends on MODULES -+ depends on MODULES && X86 - ---help--- - Berkeley Packet Filter filtering capabilities are normally handled - by an interpreter. This option allows kernel to generate a native diff --git a/net/appletalk/atalk_proc.c b/net/appletalk/atalk_proc.c index af46bc4..f9adfcd 100644 --- a/net/appletalk/atalk_proc.c @@ -104917,7 +99372,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.c b/net/atm/lec.c -index 4c5b8ba..95f7005 100644 +index 4b98f89..5a2f6cb 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry) @@ -105055,10 +99510,10 @@ index 919a5ce..cc6b444 100644 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); if (!table) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index f04224c..f326579 100644 +index 1e80539..676c37a 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -312,7 +312,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) +@@ -313,7 +313,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) /* randomize initial seqno to avoid collision */ get_random_bytes(&random_seqno, sizeof(random_seqno)); @@ -105067,7 +99522,7 @@ index f04224c..f326579 100644 hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); -@@ -917,9 +917,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) +@@ -918,9 +918,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) batadv_ogm_packet->tvlv_len = htons(tvlv_len); /* change sequence number to network order */ @@ -105079,7 +99534,7 @@ index f04224c..f326579 100644 batadv_iv_ogm_slide_own_bcast_window(hard_iface); -@@ -1596,7 +1596,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset, +@@ -1597,7 +1597,7 @@ static void batadv_iv_ogm_process(const struct sk_buff *skb, int ogm_offset, return; /* could be changed by schedule_own_packet() */ @@ -105089,7 +99544,7 @@ index f04224c..f326579 100644 if (ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = true; diff --git a/net/batman-adv/fragmentation.c b/net/batman-adv/fragmentation.c -index 022d18a..919daff 100644 +index fc1835c..eead856 100644 --- a/net/batman-adv/fragmentation.c +++ b/net/batman-adv/fragmentation.c @@ -450,7 +450,7 @@ bool batadv_frag_send_packet(struct sk_buff *skb, @@ -105102,7 +99557,7 @@ index 022d18a..919daff 100644 frag_header.no = 0; frag_header.total_size = htons(skb->len); diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index cbd677f..b783347 100644 +index 5467955..30cc771 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -296,7 +296,7 @@ send: @@ -105164,10 +99619,10 @@ index 8854c05..ee5d5497 100644 atomic_t batman_queue_left; char num_ifaces; diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c -index 80d25c1..aa99a98 100644 +index 115f149..f0ba286 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c -@@ -1044,7 +1044,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -1067,7 +1067,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, uf.event_mask[1] = *((u32 *) f->event_mask + 1); } @@ -105177,10 +99632,10 @@ index 80d25c1..aa99a98 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 323f23c..5e27529 100644 +index 46547b9..f5defc1 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3548,8 +3548,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, +@@ -3569,8 +3569,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -105194,10 +99649,10 @@ index 323f23c..5e27529 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index d0fd8b0..e33d2f9 100644 +index 1884f72..b3b71f9 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c -@@ -628,7 +628,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, +@@ -629,7 +629,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, struct sock *sk = sock->sk; struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; @@ -105207,7 +99662,7 @@ index d0fd8b0..e33d2f9 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -655,7 +656,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, +@@ -656,7 +657,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, opts.max_tx = chan->max_tx; opts.txwin_size = chan->tx_win; @@ -105216,7 +99671,7 @@ index d0fd8b0..e33d2f9 100644 if (copy_from_user((char *) &opts, optval, len)) { err = -EFAULT; break; -@@ -742,7 +743,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -743,7 +744,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, struct bt_security sec; struct bt_power pwr; struct l2cap_conn *conn; @@ -105226,7 +99681,7 @@ index d0fd8b0..e33d2f9 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -766,7 +768,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -767,7 +769,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, sec.level = BT_SECURITY_LOW; @@ -105235,7 +99690,7 @@ index d0fd8b0..e33d2f9 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -861,7 +863,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -862,7 +864,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -105289,10 +99744,10 @@ index 8e385a0..a5bdd8e 100644 tty_port_close(&dev->port, tty, filp); } diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 1059ed3..d70846a 100644 +index 6d69631..b8fdc85 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c -@@ -1524,7 +1524,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1518,7 +1518,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) tmp.valid_hooks = t->table->valid_hooks; } mutex_unlock(&ebt_mutex); @@ -105301,7 +99756,7 @@ index 1059ed3..d70846a 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; -@@ -2330,7 +2330,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, +@@ -2324,7 +2324,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, goto out; tmp.valid_hooks = t->valid_hooks; @@ -105310,7 +99765,7 @@ index 1059ed3..d70846a 100644 ret = -EFAULT; break; } -@@ -2341,7 +2341,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, +@@ -2335,7 +2335,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, tmp.entries_size = t->table->entries_size; tmp.valid_hooks = t->table->valid_hooks; @@ -105320,7 +99775,7 @@ index 1059ed3..d70846a 100644 break; } diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index 0f45522..dab651f 100644 +index f5afda1..dcf770a 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -10,6 +10,7 @@ @@ -105433,10 +99888,10 @@ index 1a19b98..df2b4ec 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 3d9ddc2..ca5d5b6 100644 +index b2f571d..b584643 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c -@@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); +@@ -188,7 +188,7 @@ static void con_fault(struct ceph_connection *con); #define MAX_ADDR_STR_LEN 64 /* 54 is enough */ static char addr_str[ADDR_STR_COUNT][MAX_ADDR_STR_LEN]; @@ -105445,7 +99900,7 @@ index 3d9ddc2..ca5d5b6 100644 static struct page *zero_page; /* used in certain error cases */ -@@ -198,7 +198,7 @@ const char *ceph_pr_addr(const struct sockaddr_storage *ss) +@@ -199,7 +199,7 @@ const char *ceph_pr_addr(const struct sockaddr_storage *ss) struct sockaddr_in *in4 = (struct sockaddr_in *) ss; struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) ss; @@ -105594,19 +100049,8 @@ index bc8aeef..f9c070c 100644 return -EFAULT; a0 = a[0]; a1 = a[1]; -diff --git a/net/core/Makefile b/net/core/Makefile -index 71093d9..a8a035b 100644 ---- a/net/core/Makefile -+++ b/net/core/Makefile -@@ -21,6 +21,5 @@ obj-$(CONFIG_FIB_RULES) += fib_rules.o - obj-$(CONFIG_TRACEPOINTS) += net-traces.o - obj-$(CONFIG_NET_DROP_MONITOR) += drop_monitor.o - obj-$(CONFIG_NETWORK_PHY_TIMESTAMPING) += timestamping.o --obj-$(CONFIG_NET_PTP_CLASSIFY) += ptp_classifier.o - obj-$(CONFIG_CGROUP_NET_PRIO) += netprio_cgroup.o - obj-$(CONFIG_CGROUP_NET_CLASSID) += netclassid_cgroup.o diff --git a/net/core/datagram.c b/net/core/datagram.c -index 488dd1a..7179f0f 100644 +index fdbc9a8..cd6972c 100644 --- a/net/core/datagram.c +++ b/net/core/datagram.c @@ -301,7 +301,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags) @@ -105619,10 +100063,10 @@ index 488dd1a..7179f0f 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 367a586..ef2fe17 100644 +index cf8a95f..2837211 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1672,14 +1672,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1683,14 +1683,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -105639,7 +100083,7 @@ index 367a586..ef2fe17 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2476,7 +2476,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2487,7 +2487,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -105648,7 +100092,7 @@ index 367a586..ef2fe17 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2932,7 +2932,7 @@ recursion_alert: +@@ -2952,7 +2952,7 @@ recursion_alert: rc = -ENETDOWN; rcu_read_unlock_bh(); @@ -105657,7 +100101,7 @@ index 367a586..ef2fe17 100644 kfree_skb(skb); return rc; out: -@@ -3276,7 +3276,7 @@ enqueue: +@@ -3296,7 +3296,7 @@ enqueue: local_irq_restore(flags); @@ -105666,7 +100110,7 @@ index 367a586..ef2fe17 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3353,7 +3353,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3373,7 +3373,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -105675,7 +100119,7 @@ index 367a586..ef2fe17 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3686,7 +3686,7 @@ ncls: +@@ -3706,7 +3706,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -105684,7 +100128,7 @@ index 367a586..ef2fe17 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4406,7 +4406,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4426,7 +4426,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -105693,7 +100137,7 @@ index 367a586..ef2fe17 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -6403,8 +6403,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6480,8 +6480,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -105723,2118 +100167,78 @@ index cf999e0..c59a975 100644 } EXPORT_SYMBOL(dev_load); diff --git a/net/core/filter.c b/net/core/filter.c -index 1dbf646..0f95703 100644 +index d814b8a..b5ab778 100644 --- a/net/core/filter.c +++ b/net/core/filter.c -@@ -1,16 +1,11 @@ - /* - * Linux Socket Filter - Kernel level socket filtering - * -- * Based on the design of the Berkeley Packet Filter. The new -- * internal format has been designed by PLUMgrid: -+ * Author: -+ * Jay Schulist <jschlst@samba.org> - * -- * Copyright (c) 2011 - 2014 PLUMgrid, http://plumgrid.com -- * -- * Authors: -- * -- * Jay Schulist <jschlst@samba.org> -- * Alexei Starovoitov <ast@plumgrid.com> -- * Daniel Borkmann <dborkman@redhat.com> -+ * Based on the design of: -+ * - The Berkeley Packet Filter - * - * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public License -@@ -45,27 +40,6 @@ - #include <linux/seccomp.h> - #include <linux/if_vlan.h> - --/* Registers */ --#define BPF_R0 regs[BPF_REG_0] --#define BPF_R1 regs[BPF_REG_1] --#define BPF_R2 regs[BPF_REG_2] --#define BPF_R3 regs[BPF_REG_3] --#define BPF_R4 regs[BPF_REG_4] --#define BPF_R5 regs[BPF_REG_5] --#define BPF_R6 regs[BPF_REG_6] --#define BPF_R7 regs[BPF_REG_7] --#define BPF_R8 regs[BPF_REG_8] --#define BPF_R9 regs[BPF_REG_9] --#define BPF_R10 regs[BPF_REG_10] -- --/* Named registers */ --#define DST regs[insn->dst_reg] --#define SRC regs[insn->src_reg] --#define FP regs[BPF_REG_FP] --#define ARG1 regs[BPF_REG_ARG1] --#define CTX regs[BPF_REG_CTX] --#define IMM insn->imm -- - /* No hurry in this branch - * - * Exported for the bpf jit load helper. -@@ -78,9 +52,9 @@ void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb, int k, uns - ptr = skb_network_header(skb) + k - SKF_NET_OFF; - else if (k >= SKF_LL_OFF) - ptr = skb_mac_header(skb) + k - SKF_LL_OFF; -+ - if (ptr >= skb->head && ptr + size <= skb_tail_pointer(skb)) - return ptr; -- - return NULL; - } - -@@ -89,7 +63,6 @@ static inline void *load_pointer(const struct sk_buff *skb, int k, - { - if (k >= 0) - return skb_header_pointer(skb, k, size, buffer); -- - return bpf_internal_load_pointer_neg_helper(skb, k, size); - } - -@@ -135,960 +108,309 @@ int sk_filter(struct sock *sk, struct sk_buff *skb) - } - EXPORT_SYMBOL(sk_filter); - --/* Base function for offset calculation. Needs to go into .text section, -- * therefore keeping it non-static as well; will also be used by JITs -- * anyway later on, so do not let the compiler omit it. -- */ --noinline u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5) --{ -- return 0; --} -- - /** -- * __sk_run_filter - run a filter on a given context -- * @ctx: buffer to run the filter on -- * @insn: filter to apply -+ * sk_run_filter - run a filter on a socket -+ * @skb: buffer to run the filter on -+ * @fentry: filter to apply - * -- * Decode and apply filter instructions to the skb->data. Return length to -- * keep, 0 for none. @ctx is the data we are operating on, @insn is the -- * array of filter instructions. -+ * Decode and apply filter instructions to the skb->data. -+ * Return length to keep, 0 for none. @skb is the data we are -+ * filtering, @filter is the array of filter instructions. -+ * Because all jumps are guaranteed to be before last instruction, -+ * and last instruction guaranteed to be a RET, we dont need to check -+ * flen. (We used to pass to this function the length of filter) - */ --static unsigned int __sk_run_filter(void *ctx, const struct sock_filter_int *insn) -+unsigned int sk_run_filter(const struct sk_buff *skb, -+ const struct sock_filter *fentry) - { -- u64 stack[MAX_BPF_STACK / sizeof(u64)]; -- u64 regs[MAX_BPF_REG], tmp; -- static const void *jumptable[256] = { -- [0 ... 255] = &&default_label, -- /* Now overwrite non-defaults ... */ -- /* 32 bit ALU operations */ -- [BPF_ALU | BPF_ADD | BPF_X] = &&ALU_ADD_X, -- [BPF_ALU | BPF_ADD | BPF_K] = &&ALU_ADD_K, -- [BPF_ALU | BPF_SUB | BPF_X] = &&ALU_SUB_X, -- [BPF_ALU | BPF_SUB | BPF_K] = &&ALU_SUB_K, -- [BPF_ALU | BPF_AND | BPF_X] = &&ALU_AND_X, -- [BPF_ALU | BPF_AND | BPF_K] = &&ALU_AND_K, -- [BPF_ALU | BPF_OR | BPF_X] = &&ALU_OR_X, -- [BPF_ALU | BPF_OR | BPF_K] = &&ALU_OR_K, -- [BPF_ALU | BPF_LSH | BPF_X] = &&ALU_LSH_X, -- [BPF_ALU | BPF_LSH | BPF_K] = &&ALU_LSH_K, -- [BPF_ALU | BPF_RSH | BPF_X] = &&ALU_RSH_X, -- [BPF_ALU | BPF_RSH | BPF_K] = &&ALU_RSH_K, -- [BPF_ALU | BPF_XOR | BPF_X] = &&ALU_XOR_X, -- [BPF_ALU | BPF_XOR | BPF_K] = &&ALU_XOR_K, -- [BPF_ALU | BPF_MUL | BPF_X] = &&ALU_MUL_X, -- [BPF_ALU | BPF_MUL | BPF_K] = &&ALU_MUL_K, -- [BPF_ALU | BPF_MOV | BPF_X] = &&ALU_MOV_X, -- [BPF_ALU | BPF_MOV | BPF_K] = &&ALU_MOV_K, -- [BPF_ALU | BPF_DIV | BPF_X] = &&ALU_DIV_X, -- [BPF_ALU | BPF_DIV | BPF_K] = &&ALU_DIV_K, -- [BPF_ALU | BPF_MOD | BPF_X] = &&ALU_MOD_X, -- [BPF_ALU | BPF_MOD | BPF_K] = &&ALU_MOD_K, -- [BPF_ALU | BPF_NEG] = &&ALU_NEG, -- [BPF_ALU | BPF_END | BPF_TO_BE] = &&ALU_END_TO_BE, -- [BPF_ALU | BPF_END | BPF_TO_LE] = &&ALU_END_TO_LE, -- /* 64 bit ALU operations */ -- [BPF_ALU64 | BPF_ADD | BPF_X] = &&ALU64_ADD_X, -- [BPF_ALU64 | BPF_ADD | BPF_K] = &&ALU64_ADD_K, -- [BPF_ALU64 | BPF_SUB | BPF_X] = &&ALU64_SUB_X, -- [BPF_ALU64 | BPF_SUB | BPF_K] = &&ALU64_SUB_K, -- [BPF_ALU64 | BPF_AND | BPF_X] = &&ALU64_AND_X, -- [BPF_ALU64 | BPF_AND | BPF_K] = &&ALU64_AND_K, -- [BPF_ALU64 | BPF_OR | BPF_X] = &&ALU64_OR_X, -- [BPF_ALU64 | BPF_OR | BPF_K] = &&ALU64_OR_K, -- [BPF_ALU64 | BPF_LSH | BPF_X] = &&ALU64_LSH_X, -- [BPF_ALU64 | BPF_LSH | BPF_K] = &&ALU64_LSH_K, -- [BPF_ALU64 | BPF_RSH | BPF_X] = &&ALU64_RSH_X, -- [BPF_ALU64 | BPF_RSH | BPF_K] = &&ALU64_RSH_K, -- [BPF_ALU64 | BPF_XOR | BPF_X] = &&ALU64_XOR_X, -- [BPF_ALU64 | BPF_XOR | BPF_K] = &&ALU64_XOR_K, -- [BPF_ALU64 | BPF_MUL | BPF_X] = &&ALU64_MUL_X, -- [BPF_ALU64 | BPF_MUL | BPF_K] = &&ALU64_MUL_K, -- [BPF_ALU64 | BPF_MOV | BPF_X] = &&ALU64_MOV_X, -- [BPF_ALU64 | BPF_MOV | BPF_K] = &&ALU64_MOV_K, -- [BPF_ALU64 | BPF_ARSH | BPF_X] = &&ALU64_ARSH_X, -- [BPF_ALU64 | BPF_ARSH | BPF_K] = &&ALU64_ARSH_K, -- [BPF_ALU64 | BPF_DIV | BPF_X] = &&ALU64_DIV_X, -- [BPF_ALU64 | BPF_DIV | BPF_K] = &&ALU64_DIV_K, -- [BPF_ALU64 | BPF_MOD | BPF_X] = &&ALU64_MOD_X, -- [BPF_ALU64 | BPF_MOD | BPF_K] = &&ALU64_MOD_K, -- [BPF_ALU64 | BPF_NEG] = &&ALU64_NEG, -- /* Call instruction */ -- [BPF_JMP | BPF_CALL] = &&JMP_CALL, -- /* Jumps */ -- [BPF_JMP | BPF_JA] = &&JMP_JA, -- [BPF_JMP | BPF_JEQ | BPF_X] = &&JMP_JEQ_X, -- [BPF_JMP | BPF_JEQ | BPF_K] = &&JMP_JEQ_K, -- [BPF_JMP | BPF_JNE | BPF_X] = &&JMP_JNE_X, -- [BPF_JMP | BPF_JNE | BPF_K] = &&JMP_JNE_K, -- [BPF_JMP | BPF_JGT | BPF_X] = &&JMP_JGT_X, -- [BPF_JMP | BPF_JGT | BPF_K] = &&JMP_JGT_K, -- [BPF_JMP | BPF_JGE | BPF_X] = &&JMP_JGE_X, -- [BPF_JMP | BPF_JGE | BPF_K] = &&JMP_JGE_K, -- [BPF_JMP | BPF_JSGT | BPF_X] = &&JMP_JSGT_X, -- [BPF_JMP | BPF_JSGT | BPF_K] = &&JMP_JSGT_K, -- [BPF_JMP | BPF_JSGE | BPF_X] = &&JMP_JSGE_X, -- [BPF_JMP | BPF_JSGE | BPF_K] = &&JMP_JSGE_K, -- [BPF_JMP | BPF_JSET | BPF_X] = &&JMP_JSET_X, -- [BPF_JMP | BPF_JSET | BPF_K] = &&JMP_JSET_K, -- /* Program return */ -- [BPF_JMP | BPF_EXIT] = &&JMP_EXIT, -- /* Store instructions */ -- [BPF_STX | BPF_MEM | BPF_B] = &&STX_MEM_B, -- [BPF_STX | BPF_MEM | BPF_H] = &&STX_MEM_H, -- [BPF_STX | BPF_MEM | BPF_W] = &&STX_MEM_W, -- [BPF_STX | BPF_MEM | BPF_DW] = &&STX_MEM_DW, -- [BPF_STX | BPF_XADD | BPF_W] = &&STX_XADD_W, -- [BPF_STX | BPF_XADD | BPF_DW] = &&STX_XADD_DW, -- [BPF_ST | BPF_MEM | BPF_B] = &&ST_MEM_B, -- [BPF_ST | BPF_MEM | BPF_H] = &&ST_MEM_H, -- [BPF_ST | BPF_MEM | BPF_W] = &&ST_MEM_W, -- [BPF_ST | BPF_MEM | BPF_DW] = &&ST_MEM_DW, -- /* Load instructions */ -- [BPF_LDX | BPF_MEM | BPF_B] = &&LDX_MEM_B, -- [BPF_LDX | BPF_MEM | BPF_H] = &&LDX_MEM_H, -- [BPF_LDX | BPF_MEM | BPF_W] = &&LDX_MEM_W, -- [BPF_LDX | BPF_MEM | BPF_DW] = &&LDX_MEM_DW, -- [BPF_LD | BPF_ABS | BPF_W] = &&LD_ABS_W, -- [BPF_LD | BPF_ABS | BPF_H] = &&LD_ABS_H, -- [BPF_LD | BPF_ABS | BPF_B] = &&LD_ABS_B, -- [BPF_LD | BPF_IND | BPF_W] = &&LD_IND_W, -- [BPF_LD | BPF_IND | BPF_H] = &&LD_IND_H, -- [BPF_LD | BPF_IND | BPF_B] = &&LD_IND_B, -- }; - void *ptr; -- int off; -- --#define CONT ({ insn++; goto select_insn; }) --#define CONT_JMP ({ insn++; goto select_insn; }) -- -- FP = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; -- ARG1 = (u64) (unsigned long) ctx; -- -- /* Registers used in classic BPF programs need to be reset first. */ -- regs[BPF_REG_A] = 0; -- regs[BPF_REG_X] = 0; -- --select_insn: -- goto *jumptable[insn->code]; -- -- /* ALU */ --#define ALU(OPCODE, OP) \ -- ALU64_##OPCODE##_X: \ -- DST = DST OP SRC; \ -- CONT; \ -- ALU_##OPCODE##_X: \ -- DST = (u32) DST OP (u32) SRC; \ -- CONT; \ -- ALU64_##OPCODE##_K: \ -- DST = DST OP IMM; \ -- CONT; \ -- ALU_##OPCODE##_K: \ -- DST = (u32) DST OP (u32) IMM; \ -- CONT; -- -- ALU(ADD, +) -- ALU(SUB, -) -- ALU(AND, &) -- ALU(OR, |) -- ALU(LSH, <<) -- ALU(RSH, >>) -- ALU(XOR, ^) -- ALU(MUL, *) --#undef ALU -- ALU_NEG: -- DST = (u32) -DST; -- CONT; -- ALU64_NEG: -- DST = -DST; -- CONT; -- ALU_MOV_X: -- DST = (u32) SRC; -- CONT; -- ALU_MOV_K: -- DST = (u32) IMM; -- CONT; -- ALU64_MOV_X: -- DST = SRC; -- CONT; -- ALU64_MOV_K: -- DST = IMM; -- CONT; -- ALU64_ARSH_X: -- (*(s64 *) &DST) >>= SRC; -- CONT; -- ALU64_ARSH_K: -- (*(s64 *) &DST) >>= IMM; -- CONT; -- ALU64_MOD_X: -- if (unlikely(SRC == 0)) -- return 0; -- tmp = DST; -- DST = do_div(tmp, SRC); -- CONT; -- ALU_MOD_X: -- if (unlikely(SRC == 0)) -- return 0; -- tmp = (u32) DST; -- DST = do_div(tmp, (u32) SRC); -- CONT; -- ALU64_MOD_K: -- tmp = DST; -- DST = do_div(tmp, IMM); -- CONT; -- ALU_MOD_K: -- tmp = (u32) DST; -- DST = do_div(tmp, (u32) IMM); -- CONT; -- ALU64_DIV_X: -- if (unlikely(SRC == 0)) -- return 0; -- do_div(DST, SRC); -- CONT; -- ALU_DIV_X: -- if (unlikely(SRC == 0)) -- return 0; -- tmp = (u32) DST; -- do_div(tmp, (u32) SRC); -- DST = (u32) tmp; -- CONT; -- ALU64_DIV_K: -- do_div(DST, IMM); -- CONT; -- ALU_DIV_K: -- tmp = (u32) DST; -- do_div(tmp, (u32) IMM); -- DST = (u32) tmp; -- CONT; -- ALU_END_TO_BE: -- switch (IMM) { -- case 16: -- DST = (__force u16) cpu_to_be16(DST); -- break; -- case 32: -- DST = (__force u32) cpu_to_be32(DST); -- break; -- case 64: -- DST = (__force u64) cpu_to_be64(DST); -- break; -- } -- CONT; -- ALU_END_TO_LE: -- switch (IMM) { -- case 16: -- DST = (__force u16) cpu_to_le16(DST); -- break; -- case 32: -- DST = (__force u32) cpu_to_le32(DST); -- break; -- case 64: -- DST = (__force u64) cpu_to_le64(DST); -- break; -- } -- CONT; -- -- /* CALL */ -- JMP_CALL: -- /* Function call scratches BPF_R1-BPF_R5 registers, -- * preserves BPF_R6-BPF_R9, and stores return value -- * into BPF_R0. -- */ -- BPF_R0 = (__bpf_call_base + insn->imm)(BPF_R1, BPF_R2, BPF_R3, -- BPF_R4, BPF_R5); -- CONT; -- -- /* JMP */ -- JMP_JA: -- insn += insn->off; -- CONT; -- JMP_JEQ_X: -- if (DST == SRC) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JEQ_K: -- if (DST == IMM) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JNE_X: -- if (DST != SRC) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JNE_K: -- if (DST != IMM) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JGT_X: -- if (DST > SRC) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JGT_K: -- if (DST > IMM) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JGE_X: -- if (DST >= SRC) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JGE_K: -- if (DST >= IMM) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSGT_X: -- if (((s64) DST) > ((s64) SRC)) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSGT_K: -- if (((s64) DST) > ((s64) IMM)) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSGE_X: -- if (((s64) DST) >= ((s64) SRC)) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSGE_K: -- if (((s64) DST) >= ((s64) IMM)) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSET_X: -- if (DST & SRC) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_JSET_K: -- if (DST & IMM) { -- insn += insn->off; -- CONT_JMP; -- } -- CONT; -- JMP_EXIT: -- return BPF_R0; -- -- /* STX and ST and LDX*/ --#define LDST(SIZEOP, SIZE) \ -- STX_MEM_##SIZEOP: \ -- *(SIZE *)(unsigned long) (DST + insn->off) = SRC; \ -- CONT; \ -- ST_MEM_##SIZEOP: \ -- *(SIZE *)(unsigned long) (DST + insn->off) = IMM; \ -- CONT; \ -- LDX_MEM_##SIZEOP: \ -- DST = *(SIZE *)(unsigned long) (SRC + insn->off); \ -- CONT; -- -- LDST(B, u8) -- LDST(H, u16) -- LDST(W, u32) -- LDST(DW, u64) --#undef LDST -- STX_XADD_W: /* lock xadd *(u32 *)(dst_reg + off16) += src_reg */ -- atomic_add((u32) SRC, (atomic_t *)(unsigned long) -- (DST + insn->off)); -- CONT; -- STX_XADD_DW: /* lock xadd *(u64 *)(dst_reg + off16) += src_reg */ -- atomic64_add((u64) SRC, (atomic64_t *)(unsigned long) -- (DST + insn->off)); -- CONT; -- LD_ABS_W: /* BPF_R0 = ntohl(*(u32 *) (skb->data + imm32)) */ -- off = IMM; --load_word: -- /* BPF_LD + BPD_ABS and BPF_LD + BPF_IND insns are -- * only appearing in the programs where ctx == -- * skb. All programs keep 'ctx' in regs[BPF_REG_CTX] -- * == BPF_R6, sk_convert_filter() saves it in BPF_R6, -- * internal BPF verifier will check that BPF_R6 == -- * ctx. -- * -- * BPF_ABS and BPF_IND are wrappers of function calls, -- * so they scratch BPF_R1-BPF_R5 registers, preserve -- * BPF_R6-BPF_R9, and store return value into BPF_R0. -- * -- * Implicit input: -- * ctx == skb == BPF_R6 == CTX -- * -- * Explicit input: -- * SRC == any register -- * IMM == 32-bit immediate -- * -- * Output: -- * BPF_R0 - 8/16/32-bit skb data converted to cpu endianness -- */ -- -- ptr = load_pointer((struct sk_buff *) (unsigned long) CTX, off, 4, &tmp); -- if (likely(ptr != NULL)) { -- BPF_R0 = get_unaligned_be32(ptr); -- CONT; -- } -- -- return 0; -- LD_ABS_H: /* BPF_R0 = ntohs(*(u16 *) (skb->data + imm32)) */ -- off = IMM; --load_half: -- ptr = load_pointer((struct sk_buff *) (unsigned long) CTX, off, 2, &tmp); -- if (likely(ptr != NULL)) { -- BPF_R0 = get_unaligned_be16(ptr); -- CONT; -- } -- -- return 0; -- LD_ABS_B: /* BPF_R0 = *(u8 *) (skb->data + imm32) */ -- off = IMM; --load_byte: -- ptr = load_pointer((struct sk_buff *) (unsigned long) CTX, off, 1, &tmp); -- if (likely(ptr != NULL)) { -- BPF_R0 = *(u8 *)ptr; -- CONT; -- } -- -- return 0; -- LD_IND_W: /* BPF_R0 = ntohl(*(u32 *) (skb->data + src_reg + imm32)) */ -- off = IMM + SRC; -- goto load_word; -- LD_IND_H: /* BPF_R0 = ntohs(*(u16 *) (skb->data + src_reg + imm32)) */ -- off = IMM + SRC; -- goto load_half; -- LD_IND_B: /* BPF_R0 = *(u8 *) (skb->data + src_reg + imm32) */ -- off = IMM + SRC; -- goto load_byte; -- -- default_label: -- /* If we ever reach this, we have a bug somewhere. */ -- WARN_RATELIMIT(1, "unknown opcode %02x\n", insn->code); -- return 0; --} -- --/* Helper to find the offset of pkt_type in sk_buff structure. We want -- * to make sure its still a 3bit field starting at a byte boundary; -- * taken from arch/x86/net/bpf_jit_comp.c. -- */ --#ifdef __BIG_ENDIAN_BITFIELD --#define PKT_TYPE_MAX (7 << 5) -+ u32 A = 0; /* Accumulator */ -+ u32 X = 0; /* Index Register */ -+ u32 mem[BPF_MEMWORDS] = {}; /* Scratch Memory Store */ -+ u32 tmp; -+ int k; -+ -+ /* -+ * Process array of filter instructions. -+ */ -+ for (;; fentry++) { -+#if defined(CONFIG_X86_32) -+#define K (fentry->k) - #else --#define PKT_TYPE_MAX 7 -+ const u32 K = fentry->k; - #endif --static unsigned int pkt_type_offset(void) --{ -- struct sk_buff skb_probe = { .pkt_type = ~0, }; -- u8 *ct = (u8 *) &skb_probe; -- unsigned int off; +@@ -559,7 +559,11 @@ do_pass: -- for (off = 0; off < sizeof(struct sk_buff); off++) { -- if (ct[off] == PKT_TYPE_MAX) -- return off; -- } -- -- pr_err_once("Please fix %s, as pkt_type couldn't be found!\n", __func__); -- return -1; --} -- --static u64 __skb_get_pay_offset(u64 ctx, u64 a, u64 x, u64 r4, u64 r5) --{ -- return __skb_get_poff((struct sk_buff *)(unsigned long) ctx); --} -- --static u64 __skb_get_nlattr(u64 ctx, u64 a, u64 x, u64 r4, u64 r5) --{ -- struct sk_buff *skb = (struct sk_buff *)(unsigned long) ctx; -- struct nlattr *nla; -- -- if (skb_is_nonlinear(skb)) -- return 0; -- -- if (skb->len < sizeof(struct nlattr)) -- return 0; -- -- if (a > skb->len - sizeof(struct nlattr)) -- return 0; -- -- nla = nla_find((struct nlattr *) &skb->data[a], skb->len - a, x); -- if (nla) -- return (void *) nla - (void *) skb->data; -- -- return 0; --} -- --static u64 __skb_get_nlattr_nest(u64 ctx, u64 a, u64 x, u64 r4, u64 r5) --{ -- struct sk_buff *skb = (struct sk_buff *)(unsigned long) ctx; -- struct nlattr *nla; -- -- if (skb_is_nonlinear(skb)) -- return 0; -- -- if (skb->len < sizeof(struct nlattr)) -- return 0; -- -- if (a > skb->len - sizeof(struct nlattr)) -- return 0; -- -- nla = (struct nlattr *) &skb->data[a]; -- if (nla->nla_len > skb->len - a) -- return 0; -- -- nla = nla_find_nested(nla, x); -- if (nla) -- return (void *) nla - (void *) skb->data; -- -- return 0; --} -- --static u64 __get_raw_cpu_id(u64 ctx, u64 a, u64 x, u64 r4, u64 r5) --{ -- return raw_smp_processor_id(); --} -- --/* note that this only generates 32-bit random numbers */ --static u64 __get_random_u32(u64 ctx, u64 a, u64 x, u64 r4, u64 r5) --{ -- return prandom_u32(); --} -- --static bool convert_bpf_extensions(struct sock_filter *fp, -- struct sock_filter_int **insnp) --{ -- struct sock_filter_int *insn = *insnp; -- -- switch (fp->k) { -- case SKF_AD_OFF + SKF_AD_PROTOCOL: -- BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, protocol) != 2); -- -- /* A = *(u16 *) (CTX + offsetof(protocol)) */ -- *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, -- offsetof(struct sk_buff, protocol)); -- /* A = ntohs(A) [emitting a nop or swap16] */ -- *insn = BPF_ENDIAN(BPF_FROM_BE, BPF_REG_A, 16); -- break; -- -- case SKF_AD_OFF + SKF_AD_PKTTYPE: -- *insn = BPF_LDX_MEM(BPF_B, BPF_REG_A, BPF_REG_CTX, -- pkt_type_offset()); -- if (insn->off < 0) -- return false; -- insn++; -- *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, PKT_TYPE_MAX); --#ifdef __BIG_ENDIAN_BITFIELD -- insn++; -- *insn = BPF_ALU32_IMM(BPF_RSH, BPF_REG_A, 5); --#endif -- break; -- -- case SKF_AD_OFF + SKF_AD_IFINDEX: -- case SKF_AD_OFF + SKF_AD_HATYPE: -- BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); -- BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2); -- BUILD_BUG_ON(bytes_to_bpf_size(FIELD_SIZEOF(struct sk_buff, dev)) < 0); -- -- *insn++ = BPF_LDX_MEM(bytes_to_bpf_size(FIELD_SIZEOF(struct sk_buff, dev)), -- BPF_REG_TMP, BPF_REG_CTX, -- offsetof(struct sk_buff, dev)); -- /* if (tmp != 0) goto pc + 1 */ -- *insn++ = BPF_JMP_IMM(BPF_JNE, BPF_REG_TMP, 0, 1); -- *insn++ = BPF_EXIT_INSN(); -- if (fp->k == SKF_AD_OFF + SKF_AD_IFINDEX) -- *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_TMP, -- offsetof(struct net_device, ifindex)); -- else -- *insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_TMP, -- offsetof(struct net_device, type)); -- break; -- -- case SKF_AD_OFF + SKF_AD_MARK: -- BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4); -- -- *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, -- offsetof(struct sk_buff, mark)); -- break; -- -- case SKF_AD_OFF + SKF_AD_RXHASH: -- BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4); -- -- *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, -- offsetof(struct sk_buff, hash)); -- break; -- -- case SKF_AD_OFF + SKF_AD_QUEUE: -- BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, queue_mapping) != 2); -- -- *insn = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, -- offsetof(struct sk_buff, queue_mapping)); -- break; -- -- case SKF_AD_OFF + SKF_AD_VLAN_TAG: -- case SKF_AD_OFF + SKF_AD_VLAN_TAG_PRESENT: -- BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, vlan_tci) != 2); -- BUILD_BUG_ON(VLAN_TAG_PRESENT != 0x1000); -- -- /* A = *(u16 *) (CTX + offsetof(vlan_tci)) */ -- *insn++ = BPF_LDX_MEM(BPF_H, BPF_REG_A, BPF_REG_CTX, -- offsetof(struct sk_buff, vlan_tci)); -- if (fp->k == SKF_AD_OFF + SKF_AD_VLAN_TAG) { -- *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, -- ~VLAN_TAG_PRESENT); -- } else { -- /* A >>= 12 */ -- *insn++ = BPF_ALU32_IMM(BPF_RSH, BPF_REG_A, 12); -- /* A &= 1 */ -- *insn = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 1); -- } -- break; -- -- case SKF_AD_OFF + SKF_AD_PAY_OFFSET: -- case SKF_AD_OFF + SKF_AD_NLATTR: -- case SKF_AD_OFF + SKF_AD_NLATTR_NEST: -- case SKF_AD_OFF + SKF_AD_CPU: -- case SKF_AD_OFF + SKF_AD_RANDOM: -- /* arg1 = CTX */ -- *insn++ = BPF_MOV64_REG(BPF_REG_ARG1, BPF_REG_CTX); -- /* arg2 = A */ -- *insn++ = BPF_MOV64_REG(BPF_REG_ARG2, BPF_REG_A); -- /* arg3 = X */ -- *insn++ = BPF_MOV64_REG(BPF_REG_ARG3, BPF_REG_X); -- /* Emit call(arg1=CTX, arg2=A, arg3=X) */ -- switch (fp->k) { -- case SKF_AD_OFF + SKF_AD_PAY_OFFSET: -- *insn = BPF_EMIT_CALL(__skb_get_pay_offset); -- break; -- case SKF_AD_OFF + SKF_AD_NLATTR: -- *insn = BPF_EMIT_CALL(__skb_get_nlattr); -- break; -- case SKF_AD_OFF + SKF_AD_NLATTR_NEST: -- *insn = BPF_EMIT_CALL(__skb_get_nlattr_nest); -- break; -- case SKF_AD_OFF + SKF_AD_CPU: -- *insn = BPF_EMIT_CALL(__get_raw_cpu_id); -- break; -- case SKF_AD_OFF + SKF_AD_RANDOM: -- *insn = BPF_EMIT_CALL(__get_random_u32); -- break; -- } -- break; -- -- case SKF_AD_OFF + SKF_AD_ALU_XOR_X: -- /* A ^= X */ -- *insn = BPF_ALU32_REG(BPF_XOR, BPF_REG_A, BPF_REG_X); -- break; -- -- default: -- /* This is just a dummy call to avoid letting the compiler -- * evict __bpf_call_base() as an optimization. Placed here -- * where no-one bothers. -- */ -- BUG_ON(__bpf_call_base(0, 0, 0, 0, 0) != 0); -- return false; -- } -- -- *insnp = insn; -- return true; --} -- --/** -- * sk_convert_filter - convert filter program -- * @prog: the user passed filter program -- * @len: the length of the user passed filter program -- * @new_prog: buffer where converted program will be stored -- * @new_len: pointer to store length of converted program -- * -- * Remap 'sock_filter' style BPF instruction set to 'sock_filter_ext' style. -- * Conversion workflow: -- * -- * 1) First pass for calculating the new program length: -- * sk_convert_filter(old_prog, old_len, NULL, &new_len) -- * -- * 2) 2nd pass to remap in two passes: 1st pass finds new -- * jump offsets, 2nd pass remapping: -- * new_prog = kmalloc(sizeof(struct sock_filter_int) * new_len); -- * sk_convert_filter(old_prog, old_len, new_prog, &new_len); -- * -- * User BPF's register A is mapped to our BPF register 6, user BPF -- * register X is mapped to BPF register 7; frame pointer is always -- * register 10; Context 'void *ctx' is stored in register 1, that is, -- * for socket filters: ctx == 'struct sk_buff *', for seccomp: -- * ctx == 'struct seccomp_data *'. -- */ --int sk_convert_filter(struct sock_filter *prog, int len, -- struct sock_filter_int *new_prog, int *new_len) --{ -- int new_flen = 0, pass = 0, target, i; -- struct sock_filter_int *new_insn; -- struct sock_filter *fp; -- int *addrs = NULL; -- u8 bpf_src; -- -- BUILD_BUG_ON(BPF_MEMWORDS * sizeof(u32) > MAX_BPF_STACK); -- BUILD_BUG_ON(BPF_REG_FP + 1 != MAX_BPF_REG); -- -- if (len <= 0 || len > BPF_MAXINSNS) -- return -EINVAL; -- -- if (new_prog) { -- addrs = kcalloc(len, sizeof(*addrs), GFP_KERNEL); -- if (!addrs) -- return -ENOMEM; -- } -- --do_pass: -- new_insn = new_prog; -- fp = prog; -- -- if (new_insn) -- *new_insn = BPF_MOV64_REG(BPF_REG_CTX, BPF_REG_ARG1); -- new_insn++; -- -- for (i = 0; i < len; fp++, i++) { -- struct sock_filter_int tmp_insns[6] = { }; -- struct sock_filter_int *insn = tmp_insns; -- -- if (addrs) -- addrs[i] = new_insn - new_prog; -- -- switch (fp->code) { -- /* All arithmetic insns and skb loads map as-is. */ -- case BPF_ALU | BPF_ADD | BPF_X: -- case BPF_ALU | BPF_ADD | BPF_K: -- case BPF_ALU | BPF_SUB | BPF_X: -- case BPF_ALU | BPF_SUB | BPF_K: -- case BPF_ALU | BPF_AND | BPF_X: -- case BPF_ALU | BPF_AND | BPF_K: -- case BPF_ALU | BPF_OR | BPF_X: -- case BPF_ALU | BPF_OR | BPF_K: -- case BPF_ALU | BPF_LSH | BPF_X: -- case BPF_ALU | BPF_LSH | BPF_K: -- case BPF_ALU | BPF_RSH | BPF_X: -- case BPF_ALU | BPF_RSH | BPF_K: -- case BPF_ALU | BPF_XOR | BPF_X: -- case BPF_ALU | BPF_XOR | BPF_K: -- case BPF_ALU | BPF_MUL | BPF_X: -- case BPF_ALU | BPF_MUL | BPF_K: -- case BPF_ALU | BPF_DIV | BPF_X: -- case BPF_ALU | BPF_DIV | BPF_K: -- case BPF_ALU | BPF_MOD | BPF_X: -- case BPF_ALU | BPF_MOD | BPF_K: -- case BPF_ALU | BPF_NEG: -- case BPF_LD | BPF_ABS | BPF_W: -- case BPF_LD | BPF_ABS | BPF_H: -- case BPF_LD | BPF_ABS | BPF_B: -- case BPF_LD | BPF_IND | BPF_W: -- case BPF_LD | BPF_IND | BPF_H: -- case BPF_LD | BPF_IND | BPF_B: -- /* Check for overloaded BPF extension and -- * directly convert it if found, otherwise -- * just move on with mapping. -- */ -- if (BPF_CLASS(fp->code) == BPF_LD && -- BPF_MODE(fp->code) == BPF_ABS && -- convert_bpf_extensions(fp, &insn)) -- break; -- -- *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k); -- break; -- -- /* Jump transformation cannot use BPF block macros -- * everywhere as offset calculation and target updates -- * require a bit more work than the rest, i.e. jump -- * opcodes map as-is, but offsets need adjustment. -- */ -- --#define BPF_EMIT_JMP \ -- do { \ -- if (target >= len || target < 0) \ -- goto err; \ -- insn->off = addrs ? addrs[target] - addrs[i] - 1 : 0; \ -- /* Adjust pc relative offset for 2nd or 3rd insn. */ \ -- insn->off -= insn - tmp_insns; \ -- } while (0) -- -- case BPF_JMP | BPF_JA: -- target = i + fp->k + 1; -- insn->code = fp->code; -- BPF_EMIT_JMP; -- break; -- -- case BPF_JMP | BPF_JEQ | BPF_K: -- case BPF_JMP | BPF_JEQ | BPF_X: -- case BPF_JMP | BPF_JSET | BPF_K: -- case BPF_JMP | BPF_JSET | BPF_X: -- case BPF_JMP | BPF_JGT | BPF_K: -- case BPF_JMP | BPF_JGT | BPF_X: -- case BPF_JMP | BPF_JGE | BPF_K: -- case BPF_JMP | BPF_JGE | BPF_X: -- if (BPF_SRC(fp->code) == BPF_K && (int) fp->k < 0) { -- /* BPF immediates are signed, zero extend -- * immediate into tmp register and use it -- * in compare insn. -- */ -- *insn++ = BPF_MOV32_IMM(BPF_REG_TMP, fp->k); -- -- insn->dst_reg = BPF_REG_A; -- insn->src_reg = BPF_REG_TMP; -- bpf_src = BPF_X; -- } else { -- insn->dst_reg = BPF_REG_A; -- insn->src_reg = BPF_REG_X; -- insn->imm = fp->k; -- bpf_src = BPF_SRC(fp->code); -+ switch (fentry->code) { -+ case BPF_S_ALU_ADD_X: -+ A += X; -+ continue; -+ case BPF_S_ALU_ADD_K: -+ A += K; -+ continue; -+ case BPF_S_ALU_SUB_X: -+ A -= X; -+ continue; -+ case BPF_S_ALU_SUB_K: -+ A -= K; -+ continue; -+ case BPF_S_ALU_MUL_X: -+ A *= X; -+ continue; -+ case BPF_S_ALU_MUL_K: -+ A *= K; -+ continue; -+ case BPF_S_ALU_DIV_X: -+ if (X == 0) -+ return 0; -+ A /= X; -+ continue; -+ case BPF_S_ALU_DIV_K: -+ A /= K; -+ continue; -+ case BPF_S_ALU_MOD_X: -+ if (X == 0) -+ return 0; -+ A %= X; -+ continue; -+ case BPF_S_ALU_MOD_K: -+ A %= K; -+ continue; -+ case BPF_S_ALU_AND_X: -+ A &= X; -+ continue; -+ case BPF_S_ALU_AND_K: -+ A &= K; -+ continue; -+ case BPF_S_ALU_OR_X: -+ A |= X; -+ continue; -+ case BPF_S_ALU_OR_K: -+ A |= K; -+ continue; -+ case BPF_S_ANC_ALU_XOR_X: -+ case BPF_S_ALU_XOR_X: -+ A ^= X; -+ continue; -+ case BPF_S_ALU_XOR_K: -+ A ^= K; -+ continue; -+ case BPF_S_ALU_LSH_X: -+ A <<= X; -+ continue; -+ case BPF_S_ALU_LSH_K: -+ A <<= K; -+ continue; -+ case BPF_S_ALU_RSH_X: -+ A >>= X; -+ continue; -+ case BPF_S_ALU_RSH_K: -+ A >>= K; -+ continue; -+ case BPF_S_ALU_NEG: -+ A = -A; -+ continue; -+ case BPF_S_JMP_JA: -+ fentry += K; -+ continue; -+ case BPF_S_JMP_JGT_K: -+ fentry += (A > K) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JGE_K: -+ fentry += (A >= K) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JEQ_K: -+ fentry += (A == K) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JSET_K: -+ fentry += (A & K) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JGT_X: -+ fentry += (A > X) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JGE_X: -+ fentry += (A >= X) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JEQ_X: -+ fentry += (A == X) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_JMP_JSET_X: -+ fentry += (A & X) ? fentry->jt : fentry->jf; -+ continue; -+ case BPF_S_LD_W_ABS: -+ k = K; -+load_w: -+ ptr = load_pointer(skb, k, 4, &tmp); -+ if (ptr != NULL) { -+ A = get_unaligned_be32(ptr); -+ continue; - } -- -- /* Common case where 'jump_false' is next insn. */ -- if (fp->jf == 0) { -- insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; -- target = i + fp->jt + 1; -- BPF_EMIT_JMP; -- break; -+ return 0; -+ case BPF_S_LD_H_ABS: -+ k = K; -+load_h: -+ ptr = load_pointer(skb, k, 2, &tmp); -+ if (ptr != NULL) { -+ A = get_unaligned_be16(ptr); -+ continue; - } -- -- /* Convert JEQ into JNE when 'jump_true' is next insn. */ -- if (fp->jt == 0 && BPF_OP(fp->code) == BPF_JEQ) { -- insn->code = BPF_JMP | BPF_JNE | bpf_src; -- target = i + fp->jf + 1; -- BPF_EMIT_JMP; -- break; -+ return 0; -+ case BPF_S_LD_B_ABS: -+ k = K; -+load_b: -+ ptr = load_pointer(skb, k, 1, &tmp); -+ if (ptr != NULL) { -+ A = *(u8 *)ptr; -+ continue; - } -- -- /* Other jumps are mapped into two insns: Jxx and JA. */ -- target = i + fp->jt + 1; -- insn->code = BPF_JMP | BPF_OP(fp->code) | bpf_src; -- BPF_EMIT_JMP; -- insn++; -- -- insn->code = BPF_JMP | BPF_JA; -- target = i + fp->jf + 1; -- BPF_EMIT_JMP; -- break; -- -- /* ldxb 4 * ([14] & 0xf) is remaped into 6 insns. */ -- case BPF_LDX | BPF_MSH | BPF_B: -- /* tmp = A */ -- *insn++ = BPF_MOV64_REG(BPF_REG_TMP, BPF_REG_A); -- /* A = BPF_R0 = *(u8 *) (skb->data + K) */ -- *insn++ = BPF_LD_ABS(BPF_B, fp->k); -- /* A &= 0xf */ -- *insn++ = BPF_ALU32_IMM(BPF_AND, BPF_REG_A, 0xf); -- /* A <<= 2 */ -- *insn++ = BPF_ALU32_IMM(BPF_LSH, BPF_REG_A, 2); -- /* X = A */ -- *insn++ = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); -- /* A = tmp */ -- *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_TMP); -- break; -- -- /* RET_K, RET_A are remaped into 2 insns. */ -- case BPF_RET | BPF_A: -- case BPF_RET | BPF_K: -- *insn++ = BPF_MOV32_RAW(BPF_RVAL(fp->code) == BPF_K ? -- BPF_K : BPF_X, BPF_REG_0, -- BPF_REG_A, fp->k); -- *insn = BPF_EXIT_INSN(); -- break; -- -- /* Store to stack. */ -- case BPF_ST: -- case BPF_STX: -- *insn = BPF_STX_MEM(BPF_W, BPF_REG_FP, BPF_CLASS(fp->code) == -- BPF_ST ? BPF_REG_A : BPF_REG_X, -- -(BPF_MEMWORDS - fp->k) * 4); -- break; -- -- /* Load from stack. */ -- case BPF_LD | BPF_MEM: -- case BPF_LDX | BPF_MEM: -- *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? -- BPF_REG_A : BPF_REG_X, BPF_REG_FP, -- -(BPF_MEMWORDS - fp->k) * 4); -- break; -- -- /* A = K or X = K */ -- case BPF_LD | BPF_IMM: -- case BPF_LDX | BPF_IMM: -- *insn = BPF_MOV32_IMM(BPF_CLASS(fp->code) == BPF_LD ? -- BPF_REG_A : BPF_REG_X, fp->k); -- break; -- -- /* X = A */ -- case BPF_MISC | BPF_TAX: -- *insn = BPF_MOV64_REG(BPF_REG_X, BPF_REG_A); -- break; -- -- /* A = X */ -- case BPF_MISC | BPF_TXA: -- *insn = BPF_MOV64_REG(BPF_REG_A, BPF_REG_X); -- break; -- -- /* A = skb->len or X = skb->len */ -- case BPF_LD | BPF_W | BPF_LEN: -- case BPF_LDX | BPF_W | BPF_LEN: -- *insn = BPF_LDX_MEM(BPF_W, BPF_CLASS(fp->code) == BPF_LD ? -- BPF_REG_A : BPF_REG_X, BPF_REG_CTX, -- offsetof(struct sk_buff, len)); -- break; -- -- /* Access seccomp_data fields. */ -- case BPF_LDX | BPF_ABS | BPF_W: -- /* A = *(u32 *) (ctx + K) */ -- *insn = BPF_LDX_MEM(BPF_W, BPF_REG_A, BPF_REG_CTX, fp->k); -- break; -- -- /* Unkown instruction. */ -+ return 0; -+ case BPF_S_LD_W_LEN: -+ A = skb->len; -+ continue; -+ case BPF_S_LDX_W_LEN: -+ X = skb->len; -+ continue; -+ case BPF_S_LD_W_IND: -+ k = X + K; -+ goto load_w; -+ case BPF_S_LD_H_IND: -+ k = X + K; -+ goto load_h; -+ case BPF_S_LD_B_IND: -+ k = X + K; -+ goto load_b; -+ case BPF_S_LDX_B_MSH: -+ ptr = load_pointer(skb, K, 1, &tmp); -+ if (ptr != NULL) { -+ X = (*(u8 *)ptr & 0xf) << 2; -+ continue; -+ } -+ return 0; -+ case BPF_S_LD_IMM: -+ A = K; -+ continue; -+ case BPF_S_LDX_IMM: -+ X = K; -+ continue; -+ case BPF_S_LD_MEM: -+ A = mem[K&15]; -+ continue; -+ case BPF_S_LDX_MEM: -+ X = mem[K&15]; -+ continue; -+ case BPF_S_MISC_TAX: -+ X = A; -+ continue; -+ case BPF_S_MISC_TXA: -+ A = X; -+ continue; -+ case BPF_S_RET_K: -+ return K; -+ case BPF_S_RET_A: -+ return A; -+ case BPF_S_ST: -+ mem[K&15] = A; -+ continue; -+ case BPF_S_STX: -+ mem[K&15] = X; -+ continue; -+ case BPF_S_ANC_PROTOCOL: -+ A = ntohs(skb->protocol); -+ continue; -+ case BPF_S_ANC_PKTTYPE: -+ A = skb->pkt_type; -+ continue; -+ case BPF_S_ANC_IFINDEX: -+ if (!skb->dev) -+ return 0; -+ A = skb->dev->ifindex; -+ continue; -+ case BPF_S_ANC_MARK: -+ A = skb->mark; -+ continue; -+ case BPF_S_ANC_QUEUE: -+ A = skb->queue_mapping; -+ continue; -+ case BPF_S_ANC_HATYPE: -+ if (!skb->dev) -+ return 0; -+ A = skb->dev->type; -+ continue; -+ case BPF_S_ANC_RXHASH: -+ A = skb->hash; -+ continue; -+ case BPF_S_ANC_CPU: -+ A = raw_smp_processor_id(); -+ continue; -+ case BPF_S_ANC_VLAN_TAG: -+ A = vlan_tx_tag_get(skb); -+ continue; -+ case BPF_S_ANC_VLAN_TAG_PRESENT: -+ A = !!vlan_tx_tag_present(skb); -+ continue; -+ case BPF_S_ANC_PAY_OFFSET: -+ A = __skb_get_poff(skb); -+ continue; -+ case BPF_S_ANC_NLATTR: { -+ struct nlattr *nla; -+ -+ if (skb_is_nonlinear(skb)) -+ return 0; -+ if (skb->len < sizeof(struct nlattr)) -+ return 0; -+ if (A > skb->len - sizeof(struct nlattr)) -+ return 0; -+ -+ nla = nla_find((struct nlattr *)&skb->data[A], -+ skb->len - A, X); -+ if (nla) -+ A = (void *)nla - (void *)skb->data; -+ else -+ A = 0; -+ continue; -+ } -+ case BPF_S_ANC_NLATTR_NEST: { -+ struct nlattr *nla; -+ -+ if (skb_is_nonlinear(skb)) -+ return 0; -+ if (skb->len < sizeof(struct nlattr)) -+ return 0; -+ if (A > skb->len - sizeof(struct nlattr)) -+ return 0; -+ -+ nla = (struct nlattr *)&skb->data[A]; -+ if (nla->nla_len > skb->len - A) -+ return 0; -+ -+ nla = nla_find_nested(nla, X); -+ if (nla) -+ A = (void *)nla - (void *)skb->data; -+ else -+ A = 0; -+ continue; -+ } -+#ifdef CONFIG_SECCOMP_FILTER -+ case BPF_S_ANC_SECCOMP_LD_W: -+ A = seccomp_bpf_load(fentry->k); -+ continue; -+#endif + /* Unkown instruction. */ default: - goto err; + WARN(1, KERN_ALERT "Unknown sock filter code:%u jt:%u tf:%u k:%u\n", -+ fentry->code, fentry->jt, -+ fentry->jf, fentry->k); ++ fp->code, fp->jt, fp->jf, fp->k); ++ kfree(addrs); + BUG(); -+ return 0; ++ return -EINVAL; } -- -- insn++; -- if (new_prog) -- memcpy(new_insn, tmp_insns, -- sizeof(*insn) * (insn - tmp_insns)); -- new_insn += insn - tmp_insns; -- } -- -- if (!new_prog) { -- /* Only calculating new length. */ -- *new_len = new_insn - new_prog; -- return 0; -- } -- -- pass++; -- if (new_flen != new_insn - new_prog) { -- new_flen = new_insn - new_prog; -- if (pass > 2) -- goto err; -- goto do_pass; - } -- kfree(addrs); -- BUG_ON(*new_len != new_flen); - return 0; --err: -- kfree(addrs); -- return -EINVAL; - } -+EXPORT_SYMBOL(sk_run_filter); - --/* Security: -- * -+/* -+ * Security : - * A BPF program is able to use 16 cells of memory to store intermediate -- * values (check u32 mem[BPF_MEMWORDS] in sk_run_filter()). -- * -+ * values (check u32 mem[BPF_MEMWORDS] in sk_run_filter()) - * As we dont want to clear mem[] array for each packet going through - * sk_run_filter(), we check that filter loaded by user never try to read - * a cell if not previously written, and we check all branches to be sure -@@ -1096,46 +418,44 @@ err: - */ - static int check_load_and_stores(struct sock_filter *filter, int flen) - { -- u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ -+ u16 *masks, memvalid = 0; /* one bit per cell, 16 cells */ + insn++; +@@ -606,7 +610,7 @@ static int check_load_and_stores(const struct sock_filter *filter, int flen) + u16 *masks, memvalid = 0; /* One bit per cell, 16 cells */ int pc, ret = 0; - BUILD_BUG_ON(BPF_MEMWORDS > 16); -- -- masks = kmalloc_array(flen, sizeof(*masks), GFP_KERNEL); + BUILD_BUG_ON(BPF_MEMWORDS != 16); -+ masks = kmalloc(flen * sizeof(*masks), GFP_KERNEL); - if (!masks) - return -ENOMEM; -- - memset(masks, 0xff, flen * sizeof(*masks)); - - for (pc = 0; pc < flen; pc++) { - memvalid &= masks[pc]; - - switch (filter[pc].code) { -- case BPF_ST: -- case BPF_STX: -+ case BPF_S_ST: -+ case BPF_S_STX: - memvalid |= (1 << filter[pc].k); - break; -- case BPF_LD | BPF_MEM: -- case BPF_LDX | BPF_MEM: -+ case BPF_S_LD_MEM: -+ case BPF_S_LDX_MEM: - if (!(memvalid & (1 << filter[pc].k))) { - ret = -EINVAL; - goto error; - } - break; -- case BPF_JMP | BPF_JA: -- /* A jump must set masks on target */ -+ case BPF_S_JMP_JA: -+ /* a jump must set masks on target */ - masks[pc + 1 + filter[pc].k] &= memvalid; - memvalid = ~0; - break; -- case BPF_JMP | BPF_JEQ | BPF_K: -- case BPF_JMP | BPF_JEQ | BPF_X: -- case BPF_JMP | BPF_JGE | BPF_K: -- case BPF_JMP | BPF_JGE | BPF_X: -- case BPF_JMP | BPF_JGT | BPF_K: -- case BPF_JMP | BPF_JGT | BPF_X: -- case BPF_JMP | BPF_JSET | BPF_K: -- case BPF_JMP | BPF_JSET | BPF_X: -- /* A jump must set masks on targets */ -+ case BPF_S_JMP_JEQ_K: -+ case BPF_S_JMP_JEQ_X: -+ case BPF_S_JMP_JGE_K: -+ case BPF_S_JMP_JGE_X: -+ case BPF_S_JMP_JGT_K: -+ case BPF_S_JMP_JGT_X: -+ case BPF_S_JMP_JSET_X: -+ case BPF_S_JMP_JSET_K: -+ /* a jump must set masks on targets */ - masks[pc + 1 + filter[pc].jt] &= memvalid; - masks[pc + 1 + filter[pc].jf] &= memvalid; - memvalid = ~0; -@@ -1147,72 +467,6 @@ error: - return ret; - } - --static bool chk_code_allowed(u16 code_to_probe) --{ -- static const bool codes[] = { -- /* 32 bit ALU operations */ -- [BPF_ALU | BPF_ADD | BPF_K] = true, -- [BPF_ALU | BPF_ADD | BPF_X] = true, -- [BPF_ALU | BPF_SUB | BPF_K] = true, -- [BPF_ALU | BPF_SUB | BPF_X] = true, -- [BPF_ALU | BPF_MUL | BPF_K] = true, -- [BPF_ALU | BPF_MUL | BPF_X] = true, -- [BPF_ALU | BPF_DIV | BPF_K] = true, -- [BPF_ALU | BPF_DIV | BPF_X] = true, -- [BPF_ALU | BPF_MOD | BPF_K] = true, -- [BPF_ALU | BPF_MOD | BPF_X] = true, -- [BPF_ALU | BPF_AND | BPF_K] = true, -- [BPF_ALU | BPF_AND | BPF_X] = true, -- [BPF_ALU | BPF_OR | BPF_K] = true, -- [BPF_ALU | BPF_OR | BPF_X] = true, -- [BPF_ALU | BPF_XOR | BPF_K] = true, -- [BPF_ALU | BPF_XOR | BPF_X] = true, -- [BPF_ALU | BPF_LSH | BPF_K] = true, -- [BPF_ALU | BPF_LSH | BPF_X] = true, -- [BPF_ALU | BPF_RSH | BPF_K] = true, -- [BPF_ALU | BPF_RSH | BPF_X] = true, -- [BPF_ALU | BPF_NEG] = true, -- /* Load instructions */ -- [BPF_LD | BPF_W | BPF_ABS] = true, -- [BPF_LD | BPF_H | BPF_ABS] = true, -- [BPF_LD | BPF_B | BPF_ABS] = true, -- [BPF_LD | BPF_W | BPF_LEN] = true, -- [BPF_LD | BPF_W | BPF_IND] = true, -- [BPF_LD | BPF_H | BPF_IND] = true, -- [BPF_LD | BPF_B | BPF_IND] = true, -- [BPF_LD | BPF_IMM] = true, -- [BPF_LD | BPF_MEM] = true, -- [BPF_LDX | BPF_W | BPF_LEN] = true, -- [BPF_LDX | BPF_B | BPF_MSH] = true, -- [BPF_LDX | BPF_IMM] = true, -- [BPF_LDX | BPF_MEM] = true, -- /* Store instructions */ -- [BPF_ST] = true, -- [BPF_STX] = true, -- /* Misc instructions */ -- [BPF_MISC | BPF_TAX] = true, -- [BPF_MISC | BPF_TXA] = true, -- /* Return instructions */ -- [BPF_RET | BPF_K] = true, -- [BPF_RET | BPF_A] = true, -- /* Jump instructions */ -- [BPF_JMP | BPF_JA] = true, -- [BPF_JMP | BPF_JEQ | BPF_K] = true, -- [BPF_JMP | BPF_JEQ | BPF_X] = true, -- [BPF_JMP | BPF_JGE | BPF_K] = true, -- [BPF_JMP | BPF_JGE | BPF_X] = true, -- [BPF_JMP | BPF_JGT | BPF_K] = true, -- [BPF_JMP | BPF_JGT | BPF_X] = true, -- [BPF_JMP | BPF_JSET | BPF_K] = true, -- [BPF_JMP | BPF_JSET | BPF_X] = true, -- }; -- -- if (code_to_probe >= ARRAY_SIZE(codes)) -- return false; -- -- return codes[code_to_probe]; --} -- - /** - * sk_chk_filter - verify socket filter code - * @filter: filter to verify -@@ -1229,303 +483,187 @@ static bool chk_code_allowed(u16 code_to_probe) - */ - int sk_chk_filter(struct sock_filter *filter, unsigned int flen) - { -- bool anc_found; -+ /* -+ * Valid instructions are initialized to non-0. -+ * Invalid instructions are initialized to 0. -+ */ -+ static const u8 codes[] = { -+ [BPF_ALU|BPF_ADD|BPF_K] = BPF_S_ALU_ADD_K, -+ [BPF_ALU|BPF_ADD|BPF_X] = BPF_S_ALU_ADD_X, -+ [BPF_ALU|BPF_SUB|BPF_K] = BPF_S_ALU_SUB_K, -+ [BPF_ALU|BPF_SUB|BPF_X] = BPF_S_ALU_SUB_X, -+ [BPF_ALU|BPF_MUL|BPF_K] = BPF_S_ALU_MUL_K, -+ [BPF_ALU|BPF_MUL|BPF_X] = BPF_S_ALU_MUL_X, -+ [BPF_ALU|BPF_DIV|BPF_X] = BPF_S_ALU_DIV_X, -+ [BPF_ALU|BPF_MOD|BPF_K] = BPF_S_ALU_MOD_K, -+ [BPF_ALU|BPF_MOD|BPF_X] = BPF_S_ALU_MOD_X, -+ [BPF_ALU|BPF_AND|BPF_K] = BPF_S_ALU_AND_K, -+ [BPF_ALU|BPF_AND|BPF_X] = BPF_S_ALU_AND_X, -+ [BPF_ALU|BPF_OR|BPF_K] = BPF_S_ALU_OR_K, -+ [BPF_ALU|BPF_OR|BPF_X] = BPF_S_ALU_OR_X, -+ [BPF_ALU|BPF_XOR|BPF_K] = BPF_S_ALU_XOR_K, -+ [BPF_ALU|BPF_XOR|BPF_X] = BPF_S_ALU_XOR_X, -+ [BPF_ALU|BPF_LSH|BPF_K] = BPF_S_ALU_LSH_K, -+ [BPF_ALU|BPF_LSH|BPF_X] = BPF_S_ALU_LSH_X, -+ [BPF_ALU|BPF_RSH|BPF_K] = BPF_S_ALU_RSH_K, -+ [BPF_ALU|BPF_RSH|BPF_X] = BPF_S_ALU_RSH_X, -+ [BPF_ALU|BPF_NEG] = BPF_S_ALU_NEG, -+ [BPF_LD|BPF_W|BPF_ABS] = BPF_S_LD_W_ABS, -+ [BPF_LD|BPF_H|BPF_ABS] = BPF_S_LD_H_ABS, -+ [BPF_LD|BPF_B|BPF_ABS] = BPF_S_LD_B_ABS, -+ [BPF_LD|BPF_W|BPF_LEN] = BPF_S_LD_W_LEN, -+ [BPF_LD|BPF_W|BPF_IND] = BPF_S_LD_W_IND, -+ [BPF_LD|BPF_H|BPF_IND] = BPF_S_LD_H_IND, -+ [BPF_LD|BPF_B|BPF_IND] = BPF_S_LD_B_IND, -+ [BPF_LD|BPF_IMM] = BPF_S_LD_IMM, -+ [BPF_LDX|BPF_W|BPF_LEN] = BPF_S_LDX_W_LEN, -+ [BPF_LDX|BPF_B|BPF_MSH] = BPF_S_LDX_B_MSH, -+ [BPF_LDX|BPF_IMM] = BPF_S_LDX_IMM, -+ [BPF_MISC|BPF_TAX] = BPF_S_MISC_TAX, -+ [BPF_MISC|BPF_TXA] = BPF_S_MISC_TXA, -+ [BPF_RET|BPF_K] = BPF_S_RET_K, -+ [BPF_RET|BPF_A] = BPF_S_RET_A, -+ [BPF_ALU|BPF_DIV|BPF_K] = BPF_S_ALU_DIV_K, -+ [BPF_LD|BPF_MEM] = BPF_S_LD_MEM, -+ [BPF_LDX|BPF_MEM] = BPF_S_LDX_MEM, -+ [BPF_ST] = BPF_S_ST, -+ [BPF_STX] = BPF_S_STX, -+ [BPF_JMP|BPF_JA] = BPF_S_JMP_JA, -+ [BPF_JMP|BPF_JEQ|BPF_K] = BPF_S_JMP_JEQ_K, -+ [BPF_JMP|BPF_JEQ|BPF_X] = BPF_S_JMP_JEQ_X, -+ [BPF_JMP|BPF_JGE|BPF_K] = BPF_S_JMP_JGE_K, -+ [BPF_JMP|BPF_JGE|BPF_X] = BPF_S_JMP_JGE_X, -+ [BPF_JMP|BPF_JGT|BPF_K] = BPF_S_JMP_JGT_K, -+ [BPF_JMP|BPF_JGT|BPF_X] = BPF_S_JMP_JGT_X, -+ [BPF_JMP|BPF_JSET|BPF_K] = BPF_S_JMP_JSET_K, -+ [BPF_JMP|BPF_JSET|BPF_X] = BPF_S_JMP_JSET_X, -+ }; - int pc; -+ bool anc_found; - if (flen == 0 || flen > BPF_MAXINSNS) + masks = kmalloc_array(flen, sizeof(*masks), GFP_KERNEL); + if (!masks) +@@ -933,7 +937,7 @@ static struct bpf_prog *bpf_migrate_filter(struct bpf_prog *fp) + + /* Expand fp for appending the new filter representation. */ + old_fp = fp; +- fp = krealloc(old_fp, bpf_prog_size(new_len), GFP_KERNEL); ++ fp = bpf_prog_realloc(old_fp, bpf_prog_size(new_len), 0); + if (!fp) { + /* The old_fp is still around in case we couldn't + * allocate new memory, so uncharge on that one. +@@ -1013,11 +1017,11 @@ int bpf_prog_create(struct bpf_prog **pfp, struct sock_fprog_kern *fprog) + if (fprog->filter == NULL) return -EINVAL; -- /* Check the filter code now */ -+ /* check the filter code now */ - for (pc = 0; pc < flen; pc++) { - struct sock_filter *ftest = &filter[pc]; -+ u16 code = ftest->code; - -- /* May we actually operate on this code? */ -- if (!chk_code_allowed(ftest->code)) -+ if (code >= ARRAY_SIZE(codes)) -+ return -EINVAL; -+ code = codes[code]; -+ if (!code) - return -EINVAL; -- - /* Some instructions need special checks */ -- switch (ftest->code) { -- case BPF_ALU | BPF_DIV | BPF_K: -- case BPF_ALU | BPF_MOD | BPF_K: -- /* Check for division by zero */ -+ switch (code) { -+ case BPF_S_ALU_DIV_K: -+ case BPF_S_ALU_MOD_K: -+ /* check for division by zero */ - if (ftest->k == 0) - return -EINVAL; - break; -- case BPF_LD | BPF_MEM: -- case BPF_LDX | BPF_MEM: -- case BPF_ST: -- case BPF_STX: -- /* Check for invalid memory addresses */ -+ case BPF_S_LD_MEM: -+ case BPF_S_LDX_MEM: -+ case BPF_S_ST: -+ case BPF_S_STX: -+ /* check for invalid memory addresses */ - if (ftest->k >= BPF_MEMWORDS) - return -EINVAL; - break; -- case BPF_JMP | BPF_JA: -- /* Note, the large ftest->k might cause loops. -+ case BPF_S_JMP_JA: -+ /* -+ * Note, the large ftest->k might cause loops. - * Compare this with conditional jumps below, - * where offsets are limited. --ANK (981016) - */ -- if (ftest->k >= (unsigned int)(flen - pc - 1)) -+ if (ftest->k >= (unsigned int)(flen-pc-1)) - return -EINVAL; - break; -- case BPF_JMP | BPF_JEQ | BPF_K: -- case BPF_JMP | BPF_JEQ | BPF_X: -- case BPF_JMP | BPF_JGE | BPF_K: -- case BPF_JMP | BPF_JGE | BPF_X: -- case BPF_JMP | BPF_JGT | BPF_K: -- case BPF_JMP | BPF_JGT | BPF_X: -- case BPF_JMP | BPF_JSET | BPF_K: -- case BPF_JMP | BPF_JSET | BPF_X: -- /* Both conditionals must be safe */ -+ case BPF_S_JMP_JEQ_K: -+ case BPF_S_JMP_JEQ_X: -+ case BPF_S_JMP_JGE_K: -+ case BPF_S_JMP_JGE_X: -+ case BPF_S_JMP_JGT_K: -+ case BPF_S_JMP_JGT_X: -+ case BPF_S_JMP_JSET_X: -+ case BPF_S_JMP_JSET_K: -+ /* for conditionals both must be safe */ - if (pc + ftest->jt + 1 >= flen || - pc + ftest->jf + 1 >= flen) - return -EINVAL; - break; -- case BPF_LD | BPF_W | BPF_ABS: -- case BPF_LD | BPF_H | BPF_ABS: -- case BPF_LD | BPF_B | BPF_ABS: -+ case BPF_S_LD_W_ABS: -+ case BPF_S_LD_H_ABS: -+ case BPF_S_LD_B_ABS: - anc_found = false; -- if (bpf_anc_helper(ftest) & BPF_ANC) -- anc_found = true; -- /* Ancillary operation unknown or unsupported */ -+#define ANCILLARY(CODE) case SKF_AD_OFF + SKF_AD_##CODE: \ -+ code = BPF_S_ANC_##CODE; \ -+ anc_found = true; \ -+ break -+ switch (ftest->k) { -+ ANCILLARY(PROTOCOL); -+ ANCILLARY(PKTTYPE); -+ ANCILLARY(IFINDEX); -+ ANCILLARY(NLATTR); -+ ANCILLARY(NLATTR_NEST); -+ ANCILLARY(MARK); -+ ANCILLARY(QUEUE); -+ ANCILLARY(HATYPE); -+ ANCILLARY(RXHASH); -+ ANCILLARY(CPU); -+ ANCILLARY(ALU_XOR_X); -+ ANCILLARY(VLAN_TAG); -+ ANCILLARY(VLAN_TAG_PRESENT); -+ ANCILLARY(PAY_OFFSET); -+ } -+ -+ /* ancillary operation unknown or unsupported */ - if (anc_found == false && ftest->k >= SKF_AD_OFF) - return -EINVAL; - } -+ ftest->code = code; - } - -- /* Last instruction must be a RET code */ -+ /* last instruction must be a RET code */ - switch (filter[flen - 1].code) { -- case BPF_RET | BPF_K: -- case BPF_RET | BPF_A: -+ case BPF_S_RET_K: -+ case BPF_S_RET_A: - return check_load_and_stores(filter, flen); - } -- - return -EINVAL; - } - EXPORT_SYMBOL(sk_chk_filter); - --static int sk_store_orig_filter(struct sk_filter *fp, -- const struct sock_fprog *fprog) --{ -- unsigned int fsize = sk_filter_proglen(fprog); -- struct sock_fprog_kern *fkprog; -- -- fp->orig_prog = kmalloc(sizeof(*fkprog), GFP_KERNEL); -- if (!fp->orig_prog) -- return -ENOMEM; -- -- fkprog = fp->orig_prog; -- fkprog->len = fprog->len; -- fkprog->filter = kmemdup(fp->insns, fsize, GFP_KERNEL); -- if (!fkprog->filter) { -- kfree(fp->orig_prog); -- return -ENOMEM; -- } -- -- return 0; --} -- --static void sk_release_orig_filter(struct sk_filter *fp) --{ -- struct sock_fprog_kern *fprog = fp->orig_prog; -- -- if (fprog) { -- kfree(fprog->filter); -- kfree(fprog); -- } --} -- - /** - * sk_filter_release_rcu - Release a socket filter by rcu_head - * @rcu: rcu_head that contains the sk_filter to free - */ --static void sk_filter_release_rcu(struct rcu_head *rcu) -+void sk_filter_release_rcu(struct rcu_head *rcu) - { - struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu); - -- sk_release_orig_filter(fp); -- sk_filter_free(fp); --} -- --/** -- * sk_filter_release - release a socket filter -- * @fp: filter to remove -- * -- * Remove a filter from a socket and release its resources. -- */ --static void sk_filter_release(struct sk_filter *fp) --{ -- if (atomic_dec_and_test(&fp->refcnt)) -- call_rcu(&fp->rcu, sk_filter_release_rcu); --} -- --void sk_filter_uncharge(struct sock *sk, struct sk_filter *fp) --{ -- atomic_sub(sk_filter_size(fp->len), &sk->sk_omem_alloc); -- sk_filter_release(fp); --} -- --void sk_filter_charge(struct sock *sk, struct sk_filter *fp) --{ -- atomic_inc(&fp->refcnt); -- atomic_add(sk_filter_size(fp->len), &sk->sk_omem_alloc); --} -- --static struct sk_filter *__sk_migrate_realloc(struct sk_filter *fp, -- struct sock *sk, -- unsigned int len) --{ -- struct sk_filter *fp_new; -- -- if (sk == NULL) -- return krealloc(fp, len, GFP_KERNEL); -- -- fp_new = sock_kmalloc(sk, len, GFP_KERNEL); -- if (fp_new) { -- *fp_new = *fp; -- /* As we're keeping orig_prog in fp_new along, -- * we need to make sure we're not evicting it -- * from the old fp. -- */ -- fp->orig_prog = NULL; -- sk_filter_uncharge(sk, fp); -- } -- -- return fp_new; --} -- --static struct sk_filter *__sk_migrate_filter(struct sk_filter *fp, -- struct sock *sk) --{ -- struct sock_filter *old_prog; -- struct sk_filter *old_fp; -- int err, new_len, old_len = fp->len; -- -- /* We are free to overwrite insns et al right here as it -- * won't be used at this point in time anymore internally -- * after the migration to the internal BPF instruction -- * representation. -- */ -- BUILD_BUG_ON(sizeof(struct sock_filter) != -- sizeof(struct sock_filter_int)); -- -- /* Conversion cannot happen on overlapping memory areas, -- * so we need to keep the user BPF around until the 2nd -- * pass. At this time, the user BPF is stored in fp->insns. -- */ -- old_prog = kmemdup(fp->insns, old_len * sizeof(struct sock_filter), -- GFP_KERNEL); -- if (!old_prog) { -- err = -ENOMEM; -- goto out_err; -- } -- -- /* 1st pass: calculate the new program length. */ -- err = sk_convert_filter(old_prog, old_len, NULL, &new_len); -- if (err) -- goto out_err_free; -- -- /* Expand fp for appending the new filter representation. */ -- old_fp = fp; -- fp = __sk_migrate_realloc(old_fp, sk, sk_filter_size(new_len)); -- if (!fp) { -- /* The old_fp is still around in case we couldn't -- * allocate new memory, so uncharge on that one. -- */ -- fp = old_fp; -- err = -ENOMEM; -- goto out_err_free; -- } -- -- fp->len = new_len; -- -- /* 2nd pass: remap sock_filter insns into sock_filter_int insns. */ -- err = sk_convert_filter(old_prog, old_len, fp->insnsi, &new_len); -- if (err) -- /* 2nd sk_convert_filter() can fail only if it fails -- * to allocate memory, remapping must succeed. Note, -- * that at this time old_fp has already been released -- * by __sk_migrate_realloc(). -- */ -- goto out_err_free; -- -- sk_filter_select_runtime(fp); -- -- kfree(old_prog); -- return fp; -- --out_err_free: -- kfree(old_prog); --out_err: -- /* Rollback filter setup. */ -- if (sk != NULL) -- sk_filter_uncharge(sk, fp); -- else -- kfree(fp); -- return ERR_PTR(err); --} -- --void __weak bpf_int_jit_compile(struct sk_filter *prog) --{ --} -- --/** -- * sk_filter_select_runtime - select execution runtime for BPF program -- * @fp: sk_filter populated with internal BPF program -- * -- * try to JIT internal BPF program, if JIT is not available select interpreter -- * BPF program will be executed via SK_RUN_FILTER() macro -- */ --void sk_filter_select_runtime(struct sk_filter *fp) --{ -- fp->bpf_func = (void *) __sk_run_filter; -- -- /* Probe if internal BPF can be JITed */ -- bpf_int_jit_compile(fp); --} --EXPORT_SYMBOL_GPL(sk_filter_select_runtime); -- --/* free internal BPF program */ --void sk_filter_free(struct sk_filter *fp) --{ - bpf_jit_free(fp); - } --EXPORT_SYMBOL_GPL(sk_filter_free); -+EXPORT_SYMBOL(sk_filter_release_rcu); - --static struct sk_filter *__sk_prepare_filter(struct sk_filter *fp, -- struct sock *sk) -+static int __sk_prepare_filter(struct sk_filter *fp) - { - int err; - -- fp->bpf_func = NULL; -- fp->jited = 0; -+ fp->bpf_func = sk_run_filter; - - err = sk_chk_filter(fp->insns, fp->len); -- if (err) { -- if (sk != NULL) -- sk_filter_uncharge(sk, fp); -- else -- kfree(fp); -- return ERR_PTR(err); -- } -+ if (err) -+ return err; - -- /* Probe if we can JIT compile the filter and if so, do -- * the compilation of the filter. -- */ - bpf_jit_compile(fp); -- -- /* JIT compiler couldn't process this filter, so do the -- * internal BPF translation for the optimized interpreter. -- */ -- if (!fp->jited) -- fp = __sk_migrate_filter(fp, sk); -- -- return fp; -+ return 0; - } - - /** - * sk_unattached_filter_create - create an unattached filter -+ * @fprog: the filter program - * @pfp: the unattached filter that is created -- * @fprog: the filter program - * - * Create a filter independent of any socket. We first run some - * sanity checks on it to make sure it does not explode on us later. -@@ -1533,10 +671,11 @@ static struct sk_filter *__sk_prepare_filter(struct sk_filter *fp, - * a negative errno code is returned. On success the return is zero. - */ - int sk_unattached_filter_create(struct sk_filter **pfp, -- struct sock_fprog_kern *fprog) -+ struct sock_fprog *fprog) - { -- unsigned int fsize = sk_filter_proglen(fprog); - struct sk_filter *fp; -+ unsigned int fsize = sizeof(struct sock_filter) * fprog->len; -+ int err; - - /* Make sure new filter is there and in the right amounts. */ - if (fprog->filter == NULL) -@@ -1545,26 +684,20 @@ int sk_unattached_filter_create(struct sk_filter **pfp, - fp = kmalloc(sk_filter_size(fprog->len), GFP_KERNEL); +- fp = kmalloc(bpf_prog_size(fprog->len), GFP_KERNEL); ++ fp = bpf_prog_alloc(bpf_prog_size(fprog->len), 0); if (!fp) return -ENOMEM; -- + - memcpy(fp->insns, fprog->filter, fsize); + memcpy(fp->insns, (void __force_kernel *)fprog->filter, fsize); - atomic_set(&fp->refcnt, 1); fp->len = fprog->len; -- /* Since unattached filters are not copied back to user -- * space through sk_get_filter(), we do not need to hold -- * a copy here, and can spare us the work. -- */ -- fp->orig_prog = NULL; - -- /* __sk_prepare_filter() already takes care of uncharging -- * memory in case something goes wrong. -- */ -- fp = __sk_prepare_filter(fp, NULL); -- if (IS_ERR(fp)) -- return PTR_ERR(fp); -+ err = __sk_prepare_filter(fp); -+ if (err) -+ goto free_mem; - - *pfp = fp; - return 0; -+free_mem: -+ kfree(fp); -+ return err; - } - EXPORT_SYMBOL_GPL(sk_unattached_filter_create); - -@@ -1587,7 +720,7 @@ EXPORT_SYMBOL_GPL(sk_unattached_filter_destroy); - int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) - { - struct sk_filter *fp, *old_fp; -- unsigned int fsize = sk_filter_proglen(fprog); -+ unsigned int fsize = sizeof(struct sock_filter) * fprog->len; - unsigned int sk_fsize = sk_filter_size(fprog->len); - int err; + /* Since unattached filters are not copied back to user +@@ -1069,12 +1073,12 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) + if (fprog->filter == NULL) + return -EINVAL; -@@ -1601,7 +734,6 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) - fp = sock_kmalloc(sk, sk_fsize, GFP_KERNEL); - if (!fp) +- prog = kmalloc(bpf_fsize, GFP_KERNEL); ++ prog = bpf_prog_alloc(bpf_fsize, 0); + if (!prog) return -ENOMEM; -- - if (copy_from_user(fp->insns, fprog->filter, fsize)) { - sock_kfree_s(sk, fp, sk_fsize); - return -EFAULT; -@@ -1610,26 +742,18 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) - atomic_set(&fp->refcnt, 1); - fp->len = fprog->len; -- err = sk_store_orig_filter(fp, fprog); -+ err = __sk_prepare_filter(fp); - if (err) { - sk_filter_uncharge(sk, fp); -- return -ENOMEM; -+ return err; + if (copy_from_user(prog->insns, fprog->filter, fsize)) { +- kfree(prog); ++ __bpf_prog_free(prog); + return -EFAULT; } -- /* __sk_prepare_filter() already takes care of uncharging -- * memory in case something goes wrong. -- */ -- fp = __sk_prepare_filter(fp, sk); -- if (IS_ERR(fp)) -- return PTR_ERR(fp); -- - old_fp = rcu_dereference_protected(sk->sk_filter, - sock_owned_by_user(sk)); - rcu_assign_pointer(sk->sk_filter, fp); +@@ -1082,7 +1086,7 @@ int sk_attach_filter(struct sock_fprog *fprog, struct sock *sk) - if (old_fp) - sk_filter_uncharge(sk, old_fp); -- - return 0; - } - EXPORT_SYMBOL_GPL(sk_attach_filter); -@@ -1649,46 +773,116 @@ int sk_detach_filter(struct sock *sk) - sk_filter_uncharge(sk, filter); - ret = 0; + err = bpf_prog_store_orig_filter(prog, fprog); + if (err) { +- kfree(prog); ++ __bpf_prog_free(prog); + return -ENOMEM; } -- - return ret; - } - EXPORT_SYMBOL_GPL(sk_detach_filter); - --int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, -- unsigned int len) -+void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to) -+{ -+ static const u16 decodes[] = { -+ [BPF_S_ALU_ADD_K] = BPF_ALU|BPF_ADD|BPF_K, -+ [BPF_S_ALU_ADD_X] = BPF_ALU|BPF_ADD|BPF_X, -+ [BPF_S_ALU_SUB_K] = BPF_ALU|BPF_SUB|BPF_K, -+ [BPF_S_ALU_SUB_X] = BPF_ALU|BPF_SUB|BPF_X, -+ [BPF_S_ALU_MUL_K] = BPF_ALU|BPF_MUL|BPF_K, -+ [BPF_S_ALU_MUL_X] = BPF_ALU|BPF_MUL|BPF_X, -+ [BPF_S_ALU_DIV_X] = BPF_ALU|BPF_DIV|BPF_X, -+ [BPF_S_ALU_MOD_K] = BPF_ALU|BPF_MOD|BPF_K, -+ [BPF_S_ALU_MOD_X] = BPF_ALU|BPF_MOD|BPF_X, -+ [BPF_S_ALU_AND_K] = BPF_ALU|BPF_AND|BPF_K, -+ [BPF_S_ALU_AND_X] = BPF_ALU|BPF_AND|BPF_X, -+ [BPF_S_ALU_OR_K] = BPF_ALU|BPF_OR|BPF_K, -+ [BPF_S_ALU_OR_X] = BPF_ALU|BPF_OR|BPF_X, -+ [BPF_S_ALU_XOR_K] = BPF_ALU|BPF_XOR|BPF_K, -+ [BPF_S_ALU_XOR_X] = BPF_ALU|BPF_XOR|BPF_X, -+ [BPF_S_ALU_LSH_K] = BPF_ALU|BPF_LSH|BPF_K, -+ [BPF_S_ALU_LSH_X] = BPF_ALU|BPF_LSH|BPF_X, -+ [BPF_S_ALU_RSH_K] = BPF_ALU|BPF_RSH|BPF_K, -+ [BPF_S_ALU_RSH_X] = BPF_ALU|BPF_RSH|BPF_X, -+ [BPF_S_ALU_NEG] = BPF_ALU|BPF_NEG, -+ [BPF_S_LD_W_ABS] = BPF_LD|BPF_W|BPF_ABS, -+ [BPF_S_LD_H_ABS] = BPF_LD|BPF_H|BPF_ABS, -+ [BPF_S_LD_B_ABS] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_PROTOCOL] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_PKTTYPE] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_IFINDEX] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_NLATTR] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_NLATTR_NEST] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_MARK] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_QUEUE] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_HATYPE] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_RXHASH] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_CPU] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_ALU_XOR_X] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_SECCOMP_LD_W] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_VLAN_TAG] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_VLAN_TAG_PRESENT] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_ANC_PAY_OFFSET] = BPF_LD|BPF_B|BPF_ABS, -+ [BPF_S_LD_W_LEN] = BPF_LD|BPF_W|BPF_LEN, -+ [BPF_S_LD_W_IND] = BPF_LD|BPF_W|BPF_IND, -+ [BPF_S_LD_H_IND] = BPF_LD|BPF_H|BPF_IND, -+ [BPF_S_LD_B_IND] = BPF_LD|BPF_B|BPF_IND, -+ [BPF_S_LD_IMM] = BPF_LD|BPF_IMM, -+ [BPF_S_LDX_W_LEN] = BPF_LDX|BPF_W|BPF_LEN, -+ [BPF_S_LDX_B_MSH] = BPF_LDX|BPF_B|BPF_MSH, -+ [BPF_S_LDX_IMM] = BPF_LDX|BPF_IMM, -+ [BPF_S_MISC_TAX] = BPF_MISC|BPF_TAX, -+ [BPF_S_MISC_TXA] = BPF_MISC|BPF_TXA, -+ [BPF_S_RET_K] = BPF_RET|BPF_K, -+ [BPF_S_RET_A] = BPF_RET|BPF_A, -+ [BPF_S_ALU_DIV_K] = BPF_ALU|BPF_DIV|BPF_K, -+ [BPF_S_LD_MEM] = BPF_LD|BPF_MEM, -+ [BPF_S_LDX_MEM] = BPF_LDX|BPF_MEM, -+ [BPF_S_ST] = BPF_ST, -+ [BPF_S_STX] = BPF_STX, -+ [BPF_S_JMP_JA] = BPF_JMP|BPF_JA, -+ [BPF_S_JMP_JEQ_K] = BPF_JMP|BPF_JEQ|BPF_K, -+ [BPF_S_JMP_JEQ_X] = BPF_JMP|BPF_JEQ|BPF_X, -+ [BPF_S_JMP_JGE_K] = BPF_JMP|BPF_JGE|BPF_K, -+ [BPF_S_JMP_JGE_X] = BPF_JMP|BPF_JGE|BPF_X, -+ [BPF_S_JMP_JGT_K] = BPF_JMP|BPF_JGT|BPF_K, -+ [BPF_S_JMP_JGT_X] = BPF_JMP|BPF_JGT|BPF_X, -+ [BPF_S_JMP_JSET_K] = BPF_JMP|BPF_JSET|BPF_K, -+ [BPF_S_JMP_JSET_X] = BPF_JMP|BPF_JSET|BPF_X, -+ }; -+ u16 code; -+ -+ code = filt->code; -+ -+ to->code = decodes[code]; -+ to->jt = filt->jt; -+ to->jf = filt->jf; -+ to->k = filt->k; -+} -+ -+int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, unsigned int len) - { -- struct sock_fprog_kern *fprog; - struct sk_filter *filter; -- int ret = 0; -+ int i, ret; - - lock_sock(sk); - filter = rcu_dereference_protected(sk->sk_filter, -- sock_owned_by_user(sk)); -+ sock_owned_by_user(sk)); -+ ret = 0; - if (!filter) - goto out; -- -- /* We're copying the filter that has been originally attached, -- * so no conversion/decode needed anymore. -- */ -- fprog = filter->orig_prog; -- -- ret = fprog->len; -+ ret = filter->len; - if (!len) -- /* User space only enquires number of filter blocks. */ - goto out; -- - ret = -EINVAL; -- if (len < fprog->len) -+ if (len < filter->len) - goto out; - ret = -EFAULT; -- if (copy_to_user(ubuf, fprog->filter, sk_filter_proglen(fprog))) -- goto out; -+ for (i = 0; i < filter->len; i++) { -+ struct sock_filter fb; - -- /* Instead of bytes, the API requests to return the number -- * of filter blocks. -- */ -- ret = fprog->len; -+ sk_decode_filter(&filter->insns[i], &fb); -+ if (copy_to_user(&ubuf[i], &fb, sizeof(fb))) -+ goto out; -+ } -+ -+ ret = filter->len; - out: - release_sock(sk); - return ret; diff --git a/net/core/flow.c b/net/core/flow.c index a0348fd..6951c76 100644 --- a/net/core/flow.c @@ -107962,10 +100366,10 @@ index 2bf8329..2eb1423 100644 return 0; diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c -index 1cac29e..fb482f3 100644 +index 9dd0669..c52fb1b 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c -@@ -259,7 +259,7 @@ static ssize_t carrier_changes_show(struct device *dev, +@@ -278,7 +278,7 @@ static ssize_t carrier_changes_show(struct device *dev, { struct net_device *netdev = to_net_dev(dev); return sprintf(buf, fmt_dec, @@ -107975,10 +100379,10 @@ index 1cac29e..fb482f3 100644 static DEVICE_ATTR_RO(carrier_changes); diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c -index 85b6269..fc77ea0 100644 +index 7c6b51a..e9dd57f 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c -@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list, +@@ -445,7 +445,7 @@ static int __register_pernet_operations(struct list_head *list, int error; LIST_HEAD(net_exit_list); @@ -107987,7 +100391,7 @@ index 85b6269..fc77ea0 100644 if (ops->init || (ops->id && ops->size)) { for_each_net(net) { error = ops_init(ops, net); -@@ -456,7 +456,7 @@ static int __register_pernet_operations(struct list_head *list, +@@ -458,7 +458,7 @@ static int __register_pernet_operations(struct list_head *list, out_undo: /* If I have an error cleanup all namespaces I initialized */ @@ -107996,7 +100400,7 @@ index 85b6269..fc77ea0 100644 ops_exit_list(ops, &net_exit_list); ops_free_list(ops, &net_exit_list); return error; -@@ -467,7 +467,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) +@@ -469,7 +469,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) struct net *net; LIST_HEAD(net_exit_list); @@ -108005,7 +100409,7 @@ index 85b6269..fc77ea0 100644 for_each_net(net) list_add_tail(&net->exit_list, &net_exit_list); ops_exit_list(ops, &net_exit_list); -@@ -601,7 +601,7 @@ int register_pernet_device(struct pernet_operations *ops) +@@ -603,7 +603,7 @@ int register_pernet_device(struct pernet_operations *ops) mutex_lock(&net_mutex); error = register_pernet_operations(&pernet_list, ops); if (!error && (first_device == &pernet_list)) @@ -108015,7 +100419,7 @@ index 85b6269..fc77ea0 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index e33937f..b2b4981 100644 +index 907fb5e..8260f040b 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -382,7 +382,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -108037,10 +100441,10 @@ index e33937f..b2b4981 100644 iph->ttl = 64; iph->protocol = IPPROTO_UDP; diff --git a/net/core/pktgen.c b/net/core/pktgen.c -index fc17a9d..d4a3d88 100644 +index 8b849dd..cd88bfc 100644 --- a/net/core/pktgen.c +++ b/net/core/pktgen.c -@@ -3725,7 +3725,7 @@ static int __net_init pg_net_init(struct net *net) +@@ -3723,7 +3723,7 @@ static int __net_init pg_net_init(struct net *net) pn->net = net; INIT_LIST_HEAD(&pn->pktgen_threads); pn->pktgen_exiting = false; @@ -108049,155 +100453,8 @@ index fc17a9d..d4a3d88 100644 if (!pn->proc_dir) { pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; -diff --git a/net/core/ptp_classifier.c b/net/core/ptp_classifier.c -deleted file mode 100644 -index d3027a7..0000000 ---- a/net/core/ptp_classifier.c -+++ /dev/null -@@ -1,141 +0,0 @@ --/* PTP classifier -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of version 2 of the GNU General Public -- * License as published by the Free Software Foundation. -- * -- * This program is distributed in the hope that it will be useful, but -- * WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * General Public License for more details. -- */ -- --/* The below program is the bpf_asm (tools/net/) representation of -- * the opcode array in the ptp_filter structure. -- * -- * For convenience, this can easily be altered and reviewed with -- * bpf_asm and bpf_dbg, e.g. `./bpf_asm -c prog` where prog is a -- * simple file containing the below program: -- * -- * ldh [12] ; load ethertype -- * -- * ; PTP over UDP over IPv4 over Ethernet -- * test_ipv4: -- * jneq #0x800, test_ipv6 ; ETH_P_IP ? -- * ldb [23] ; load proto -- * jneq #17, drop_ipv4 ; IPPROTO_UDP ? -- * ldh [20] ; load frag offset field -- * jset #0x1fff, drop_ipv4 ; don't allow fragments -- * ldxb 4*([14]&0xf) ; load IP header len -- * ldh [x + 16] ; load UDP dst port -- * jneq #319, drop_ipv4 ; is port PTP_EV_PORT ? -- * ldh [x + 22] ; load payload -- * and #0xf ; mask PTP_CLASS_VMASK -- * or #0x10 ; PTP_CLASS_IPV4 -- * ret a ; return PTP class -- * drop_ipv4: ret #0x0 ; PTP_CLASS_NONE -- * -- * ; PTP over UDP over IPv6 over Ethernet -- * test_ipv6: -- * jneq #0x86dd, test_8021q ; ETH_P_IPV6 ? -- * ldb [20] ; load proto -- * jneq #17, drop_ipv6 ; IPPROTO_UDP ? -- * ldh [56] ; load UDP dst port -- * jneq #319, drop_ipv6 ; is port PTP_EV_PORT ? -- * ldh [62] ; load payload -- * and #0xf ; mask PTP_CLASS_VMASK -- * or #0x20 ; PTP_CLASS_IPV6 -- * ret a ; return PTP class -- * drop_ipv6: ret #0x0 ; PTP_CLASS_NONE -- * -- * ; PTP over 802.1Q over Ethernet -- * test_8021q: -- * jneq #0x8100, test_ieee1588 ; ETH_P_8021Q ? -- * ldh [16] ; load inner type -- * jneq #0x88f7, drop_ieee1588 ; ETH_P_1588 ? -- * ldb [18] ; load payload -- * and #0x8 ; as we don't have ports here, test -- * jneq #0x0, drop_ieee1588 ; for PTP_GEN_BIT and drop these -- * ldh [18] ; reload payload -- * and #0xf ; mask PTP_CLASS_VMASK -- * or #0x40 ; PTP_CLASS_V2_VLAN -- * ret a ; return PTP class -- * -- * ; PTP over Ethernet -- * test_ieee1588: -- * jneq #0x88f7, drop_ieee1588 ; ETH_P_1588 ? -- * ldb [14] ; load payload -- * and #0x8 ; as we don't have ports here, test -- * jneq #0x0, drop_ieee1588 ; for PTP_GEN_BIT and drop these -- * ldh [14] ; reload payload -- * and #0xf ; mask PTP_CLASS_VMASK -- * or #0x30 ; PTP_CLASS_L2 -- * ret a ; return PTP class -- * drop_ieee1588: ret #0x0 ; PTP_CLASS_NONE -- */ -- --#include <linux/skbuff.h> --#include <linux/filter.h> --#include <linux/ptp_classify.h> -- --static struct sk_filter *ptp_insns __read_mostly; -- --unsigned int ptp_classify_raw(const struct sk_buff *skb) --{ -- return SK_RUN_FILTER(ptp_insns, skb); --} --EXPORT_SYMBOL_GPL(ptp_classify_raw); -- --void __init ptp_classifier_init(void) --{ -- static struct sock_filter ptp_filter[] __initdata = { -- { 0x28, 0, 0, 0x0000000c }, -- { 0x15, 0, 12, 0x00000800 }, -- { 0x30, 0, 0, 0x00000017 }, -- { 0x15, 0, 9, 0x00000011 }, -- { 0x28, 0, 0, 0x00000014 }, -- { 0x45, 7, 0, 0x00001fff }, -- { 0xb1, 0, 0, 0x0000000e }, -- { 0x48, 0, 0, 0x00000010 }, -- { 0x15, 0, 4, 0x0000013f }, -- { 0x48, 0, 0, 0x00000016 }, -- { 0x54, 0, 0, 0x0000000f }, -- { 0x44, 0, 0, 0x00000010 }, -- { 0x16, 0, 0, 0x00000000 }, -- { 0x06, 0, 0, 0x00000000 }, -- { 0x15, 0, 9, 0x000086dd }, -- { 0x30, 0, 0, 0x00000014 }, -- { 0x15, 0, 6, 0x00000011 }, -- { 0x28, 0, 0, 0x00000038 }, -- { 0x15, 0, 4, 0x0000013f }, -- { 0x28, 0, 0, 0x0000003e }, -- { 0x54, 0, 0, 0x0000000f }, -- { 0x44, 0, 0, 0x00000020 }, -- { 0x16, 0, 0, 0x00000000 }, -- { 0x06, 0, 0, 0x00000000 }, -- { 0x15, 0, 9, 0x00008100 }, -- { 0x28, 0, 0, 0x00000010 }, -- { 0x15, 0, 15, 0x000088f7 }, -- { 0x30, 0, 0, 0x00000012 }, -- { 0x54, 0, 0, 0x00000008 }, -- { 0x15, 0, 12, 0x00000000 }, -- { 0x28, 0, 0, 0x00000012 }, -- { 0x54, 0, 0, 0x0000000f }, -- { 0x44, 0, 0, 0x00000040 }, -- { 0x16, 0, 0, 0x00000000 }, -- { 0x15, 0, 7, 0x000088f7 }, -- { 0x30, 0, 0, 0x0000000e }, -- { 0x54, 0, 0, 0x00000008 }, -- { 0x15, 0, 4, 0x00000000 }, -- { 0x28, 0, 0, 0x0000000e }, -- { 0x54, 0, 0, 0x0000000f }, -- { 0x44, 0, 0, 0x00000030 }, -- { 0x16, 0, 0, 0x00000000 }, -- { 0x06, 0, 0, 0x00000000 }, -- }; -- struct sock_fprog_kern ptp_prog = { -- .len = ARRAY_SIZE(ptp_filter), .filter = ptp_filter, -- }; -- -- BUG_ON(sk_unattached_filter_create(&ptp_insns, &ptp_prog)); --} diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 1063996..0729c19 100644 +index f0493e3..0f43f7a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -108209,13 +100466,13 @@ index 1063996..0729c19 100644 static DEFINE_MUTEX(rtnl_mutex); -@@ -299,10 +299,13 @@ int __rtnl_link_register(struct rtnl_link_ops *ops) - if (rtnl_link_ops_get(ops->kind)) - return -EEXIST; - -- if (!ops->dellink) +@@ -304,10 +304,13 @@ int __rtnl_link_register(struct rtnl_link_ops *ops) + * to use the ops for creating device. So do not + * fill up dellink as well. That disables rtnl_dellink. + */ +- if (ops->setup && !ops->dellink) - ops->dellink = unregister_netdevice_queue; -+ if (!ops->dellink) { ++ if (ops->setup && !ops->dellink) { + pax_open_kernel(); + *(void **)&ops->dellink = unregister_netdevice_queue; + pax_close_kernel(); @@ -108226,7 +100483,7 @@ index 1063996..0729c19 100644 return 0; } EXPORT_SYMBOL_GPL(__rtnl_link_register); -@@ -349,7 +352,7 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops) +@@ -354,7 +357,7 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops) for_each_net(net) { __rtnl_kill_links(net, ops); } @@ -108235,7 +100492,7 @@ index 1063996..0729c19 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -1008,7 +1011,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, +@@ -1014,7 +1017,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, (dev->ifalias && nla_put_string(skb, IFLA_IFALIAS, dev->ifalias)) || nla_put_u32(skb, IFLA_CARRIER_CHANGES, @@ -108285,10 +100542,47 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 58ff88e..af9b458 100644 +index 8d28969..4d36260 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2010,7 +2010,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -360,18 +360,29 @@ refill: + goto end; + } + nc->frag.size = PAGE_SIZE << order; +-recycle: +- atomic_set(&nc->frag.page->_count, NETDEV_PAGECNT_MAX_BIAS); ++ /* Even if we own the page, we do not use atomic_set(). ++ * This would break get_page_unless_zero() users. ++ */ ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - 1, ++ &nc->frag.page->_count); + nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; + nc->frag.offset = 0; + } + + if (nc->frag.offset + fragsz > nc->frag.size) { +- /* avoid unnecessary locked operations if possible */ +- if ((atomic_read(&nc->frag.page->_count) == nc->pagecnt_bias) || +- atomic_sub_and_test(nc->pagecnt_bias, &nc->frag.page->_count)) +- goto recycle; +- goto refill; ++ if (atomic_read(&nc->frag.page->_count) != nc->pagecnt_bias) { ++ if (!atomic_sub_and_test(nc->pagecnt_bias, ++ &nc->frag.page->_count)) ++ goto refill; ++ /* OK, page count is 0, we can safely set it */ ++ atomic_set(&nc->frag.page->_count, ++ NETDEV_PAGECNT_MAX_BIAS); ++ } else { ++ atomic_add(NETDEV_PAGECNT_MAX_BIAS - nc->pagecnt_bias, ++ &nc->frag.page->_count); ++ } ++ nc->pagecnt_bias = NETDEV_PAGECNT_MAX_BIAS; ++ nc->frag.offset = 0; + } + + data = page_address(nc->frag.page) + nc->frag.offset; +@@ -2011,7 +2022,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -108297,7 +100591,7 @@ index 58ff88e..af9b458 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3233,13 +3233,15 @@ void __init skb_init(void) +@@ -3237,13 +3248,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -108316,7 +100610,7 @@ index 58ff88e..af9b458 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index 026e01f..f54f908 100644 +index 9c3f823..bd8c884 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -442,7 +442,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -108349,7 +100643,7 @@ index 026e01f..f54f908 100644 @@ -492,7 +492,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; - if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) { + if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) { - atomic_inc(&sk->sk_drops); + atomic_inc_unchecked(&sk->sk_drops); goto discard_and_relse; @@ -108364,7 +100658,7 @@ index 026e01f..f54f908 100644 goto discard_and_relse; } -@@ -998,12 +998,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -999,12 +999,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -108380,7 +100674,7 @@ index 026e01f..f54f908 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1155,11 +1155,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1142,11 +1142,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -108394,7 +100688,7 @@ index 026e01f..f54f908 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1240,7 +1240,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1227,7 +1227,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -108403,7 +100697,16 @@ index 026e01f..f54f908 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2375,7 +2375,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -1723,6 +1723,8 @@ EXPORT_SYMBOL(sock_kmalloc); + */ + void sock_kfree_s(struct sock *sk, void *mem, int size) + { ++ if (WARN_ON_ONCE(!mem)) ++ return; + kfree(mem); + atomic_sub(size, &sk->sk_omem_alloc); + } +@@ -2369,7 +2371,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -108412,7 +100715,7 @@ index 026e01f..f54f908 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2503,6 +2503,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2497,6 +2499,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -108420,7 +100723,7 @@ index 026e01f..f54f908 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2524,7 +2525,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2518,7 +2521,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -108431,7 +100734,7 @@ index 026e01f..f54f908 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index a4216a4..773e3d7 100644 +index ad704c7..ca48aff 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -9,26 +9,33 @@ @@ -108469,52 +100772,7 @@ index a4216a4..773e3d7 100644 } EXPORT_SYMBOL_GPL(sock_diag_save_cookie); -@@ -52,10 +59,9 @@ EXPORT_SYMBOL_GPL(sock_diag_put_meminfo); - int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk, - struct sk_buff *skb, int attrtype) - { -- struct sock_fprog_kern *fprog; -- struct sk_filter *filter; - struct nlattr *attr; -- unsigned int flen; -+ struct sk_filter *filter; -+ unsigned int len; - int err = 0; - - if (!may_report_filterinfo) { -@@ -64,20 +70,24 @@ int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk, - } - - rcu_read_lock(); -+ - filter = rcu_dereference(sk->sk_filter); -- if (!filter) -- goto out; -+ len = filter ? filter->len * sizeof(struct sock_filter) : 0; - -- fprog = filter->orig_prog; -- flen = sk_filter_proglen(fprog); -- -- attr = nla_reserve(skb, attrtype, flen); -+ attr = nla_reserve(skb, attrtype, len); - if (attr == NULL) { - err = -EMSGSIZE; - goto out; - } - -- memcpy(nla_data(attr), fprog->filter, flen); -+ if (filter) { -+ struct sock_filter *fb = (struct sock_filter *)nla_data(attr); -+ int i; -+ -+ for (i = 0; i < filter->len; i++, fb++) -+ sk_decode_filter(&filter->insns[i], fb); -+ } -+ - out: - rcu_read_unlock(); - return err; -@@ -110,8 +120,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl) +@@ -110,8 +117,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl) mutex_lock(&sock_diag_table_mutex); if (sock_diag_handlers[hndl->family]) err = -EBUSY; @@ -108527,7 +100785,7 @@ index a4216a4..773e3d7 100644 mutex_unlock(&sock_diag_table_mutex); return err; -@@ -127,7 +140,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) +@@ -127,7 +137,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) mutex_lock(&sock_diag_table_mutex); BUG_ON(sock_diag_handlers[family] != hnld); @@ -108538,7 +100796,7 @@ index a4216a4..773e3d7 100644 } EXPORT_SYMBOL_GPL(sock_diag_unregister); diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c -index cf9cd13..8b56af3 100644 +index cf9cd13..50683950 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -32,7 +32,7 @@ static int rps_sock_flow_sysctl(struct ctl_table *table, int write, @@ -108559,6 +100817,15 @@ index cf9cd13..8b56af3 100644 .data = id, .maxlen = IFNAMSIZ, }; +@@ -263,7 +263,7 @@ static struct ctl_table net_core_table[] = { + .mode = 0644, + .proc_handler = proc_dointvec + }, +-#ifdef CONFIG_BPF_JIT ++#if defined(CONFIG_BPF_JIT) && !defined(CONFIG_GRKERNSEC_BPF_HARDEN) + { + .procname = "bpf_jit_enable", + .data = &bpf_jit_enable, @@ -379,13 +379,12 @@ static struct ctl_table netns_core_table[] = { static __net_init int sysctl_core_net_init(struct net *net) @@ -108606,68 +100873,6 @@ index cf9cd13..8b56af3 100644 .init = sysctl_core_net_init, .exit = sysctl_core_net_exit, }; -diff --git a/net/core/timestamping.c b/net/core/timestamping.c -index 6521dfd..661b5a4 100644 ---- a/net/core/timestamping.c -+++ b/net/core/timestamping.c -@@ -23,11 +23,16 @@ - #include <linux/skbuff.h> - #include <linux/export.h> - -+static struct sock_filter ptp_filter[] = { -+ PTP_FILTER -+}; -+ - static unsigned int classify(const struct sk_buff *skb) - { -- if (likely(skb->dev && skb->dev->phydev && -+ if (likely(skb->dev && -+ skb->dev->phydev && - skb->dev->phydev->drv)) -- return ptp_classify_raw(skb); -+ return sk_run_filter(skb, ptp_filter); - else - return PTP_CLASS_NONE; - } -@@ -55,13 +60,11 @@ void skb_clone_tx_timestamp(struct sk_buff *skb) - if (likely(phydev->drv->txtstamp)) { - if (!atomic_inc_not_zero(&sk->sk_refcnt)) - return; -- - clone = skb_clone(skb, GFP_ATOMIC); - if (!clone) { - sock_put(sk); - return; - } -- - clone->sk = sk; - phydev->drv->txtstamp(phydev, clone, type); - } -@@ -86,15 +89,12 @@ void skb_complete_tx_timestamp(struct sk_buff *skb, - } - - *skb_hwtstamps(skb) = *hwtstamps; -- - serr = SKB_EXT_ERR(skb); - memset(serr, 0, sizeof(*serr)); - serr->ee.ee_errno = ENOMSG; - serr->ee.ee_origin = SO_EE_ORIGIN_TIMESTAMPING; - skb->sk = NULL; -- - err = sock_queue_err_skb(sk, skb); -- - sock_put(sk); - if (err) - kfree_skb(skb); -@@ -132,3 +132,8 @@ bool skb_defer_rx_timestamp(struct sk_buff *skb) - return false; - } - EXPORT_SYMBOL_GPL(skb_defer_rx_timestamp); -+ -+void __init skb_timestamping_init(void) -+{ -+ BUG_ON(sk_chk_filter(ptp_filter, ARRAY_SIZE(ptp_filter))); -+} diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index ae011b4..d2d18bf 100644 --- a/net/decnet/af_decnet.c @@ -108716,10 +100921,10 @@ index 5325b54..a0d4d69 100644 *lenp = len; diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c -index 6f1428c..9586b83 100644 +index 32755cb..236d827 100644 --- a/net/ieee802154/reassembly.c +++ b/net/ieee802154/reassembly.c -@@ -438,14 +438,13 @@ static struct ctl_table lowpan_frags_ctl_table[] = { +@@ -433,14 +433,13 @@ static struct ctl_table lowpan_frags_ctl_table[] = { static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) { @@ -108736,7 +100941,7 @@ index 6f1428c..9586b83 100644 GFP_KERNEL); if (table == NULL) goto err_alloc; -@@ -458,9 +457,9 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) +@@ -455,9 +454,9 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -108749,7 +100954,7 @@ index 6f1428c..9586b83 100644 if (hdr == NULL) goto err_reg; -@@ -468,8 +467,7 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) +@@ -465,8 +464,7 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -108760,10 +100965,10 @@ index 6f1428c..9586b83 100644 return -ENOMEM; } diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index e944937..368fe78 100644 +index 214882e..f958b50 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c -@@ -1540,7 +1540,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) +@@ -1548,7 +1548,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -108772,7 +100977,7 @@ index e944937..368fe78 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -1858,7 +1858,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, +@@ -1866,7 +1866,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -108781,7 +100986,7 @@ index e944937..368fe78 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2093,7 +2093,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, +@@ -2101,7 +2101,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) @@ -108790,7 +100995,7 @@ index e944937..368fe78 100644 struct ctl_table_header *sysctl_header; struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; } devinet_sysctl = { -@@ -2215,7 +2215,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2233,7 +2233,7 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL @@ -108799,7 +101004,7 @@ index e944937..368fe78 100644 struct ctl_table_header *forw_hdr; #endif -@@ -2233,7 +2233,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2251,7 +2251,7 @@ static __net_init int devinet_init_net(struct net *net) goto err_alloc_dflt; #ifdef CONFIG_SYSCTL @@ -108808,7 +101013,7 @@ index e944937..368fe78 100644 if (tbl == NULL) goto err_alloc_ctl; -@@ -2253,7 +2253,10 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2271,7 +2271,10 @@ static __net_init int devinet_init_net(struct net *net) goto err_reg_dflt; err = -ENOMEM; @@ -108820,7 +101025,7 @@ index e944937..368fe78 100644 if (forw_hdr == NULL) goto err_reg_ctl; net->ipv4.forw_hdr = forw_hdr; -@@ -2269,8 +2272,7 @@ err_reg_ctl: +@@ -2287,8 +2290,7 @@ err_reg_ctl: err_reg_dflt: __devinet_sysctl_unregister(all); err_reg_all: @@ -108871,6 +101076,27 @@ index b10cd43a..22327f9 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/gre_offload.c b/net/ipv4/gre_offload.c +index 6556263..db77807 100644 +--- a/net/ipv4/gre_offload.c ++++ b/net/ipv4/gre_offload.c +@@ -59,13 +59,13 @@ static struct sk_buff *gre_gso_segment(struct sk_buff *skb, + if (csum) + skb->encap_hdr_csum = 1; + +- if (unlikely(!pskb_may_pull(skb, ghl))) +- goto out; +- + /* setup inner skb. */ + skb->protocol = greh->protocol; + skb->encapsulation = 0; + ++ if (unlikely(!pskb_may_pull(skb, ghl))) ++ goto out; ++ + __skb_pull(skb, ghl); + skb_reset_mac_header(skb); + skb_set_network_header(skb, skb_inner_network_offset(skb)); diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 43116e8..e3e6159 100644 --- a/net/ipv4/inet_hashtables.c @@ -108915,10 +101141,10 @@ index bd5f592..e80e605 100644 p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index ed32313..3762abe 100644 +index 15f0e2b..8cf8177 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c -@@ -284,7 +284,7 @@ static inline int ip_frag_too_far(struct ipq *qp) +@@ -268,7 +268,7 @@ static inline int ip_frag_too_far(struct ipq *qp) return 0; start = qp->rid; @@ -108927,7 +101153,7 @@ index ed32313..3762abe 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -761,12 +761,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -746,12 +746,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -108942,7 +101168,7 @@ index ed32313..3762abe 100644 if (table == NULL) goto err_alloc; -@@ -777,9 +776,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -765,9 +764,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -108955,7 +101181,7 @@ index ed32313..3762abe 100644 if (hdr == NULL) goto err_reg; -@@ -787,8 +787,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -775,8 +775,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -109021,8 +101247,45 @@ index 3d4da2c..40f9c29 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); } +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index 215af2b..c43a1e2 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -1533,6 +1533,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + struct sk_buff *nskb; + struct sock *sk; + struct inet_sock *inet; ++ int err; + + if (ip_options_echo(&replyopts.opt.opt, skb)) + return; +@@ -1572,8 +1573,13 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + sock_net_set(sk, net); + __skb_queue_head_init(&sk->sk_write_queue); + sk->sk_sndbuf = sysctl_wmem_default; +- ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, len, 0, +- &ipc, &rt, MSG_DONTWAIT); ++ err = ip_append_data(sk, &fl4, ip_reply_glue_bits, arg->iov->iov_base, ++ len, 0, &ipc, &rt, MSG_DONTWAIT); ++ if (unlikely(err)) { ++ ip_flush_pending_frames(sk); ++ goto out; ++ } ++ + nskb = skb_peek(&sk->sk_write_queue); + if (nskb) { + if (arg->csumoffset >= 0) +@@ -1585,7 +1591,7 @@ void ip_send_unicast_reply(struct net *net, struct sk_buff *skb, __be32 daddr, + skb_set_queue_mapping(nskb, skb_get_queue_mapping(skb)); + ip_push_pending_frames(sk, &fl4); + } +- ++out: + put_cpu_var(unicast_sock); + + ip_rt_put(rt); diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 64741b9..6f334a2 100644 +index 5cb830c..81a7a56 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1188,7 +1188,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, @@ -109039,13 +101302,31 @@ index 64741b9..6f334a2 100644 if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; -- msg.msg_control = optval; -+ msg.msg_control = (void __force_kernel *)optval; +- msg.msg_control = (__force void *) optval; ++ msg.msg_control = (__force_kernel void *) optval; msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c +index f4c987b..88c386c 100644 +--- a/net/ipv4/ip_tunnel_core.c ++++ b/net/ipv4/ip_tunnel_core.c +@@ -91,11 +91,12 @@ int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, __be16 inner_proto) + skb_pull_rcsum(skb, hdr_len); + + if (inner_proto == htons(ETH_P_TEB)) { +- struct ethhdr *eh = (struct ethhdr *)skb->data; ++ struct ethhdr *eh; + + if (unlikely(!pskb_may_pull(skb, ETH_HLEN))) + return -ENOMEM; + ++ eh = (struct ethhdr *)skb->data; + if (likely(ntohs(eh->h_proto) >= ETH_P_802_3_MIN)) + skb->protocol = eh->h_proto; + else diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c -index b8960f3..0f025db 100644 +index e453cb7..3c8d952 100644 --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -45,7 +45,7 @@ @@ -109067,10 +101348,10 @@ index b8960f3..0f025db 100644 .maxtype = IFLA_VTI_MAX, .policy = vti_policy, diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index b3e86ea..18ce98c 100644 +index 5bbef4f..5bc4fb6 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c -@@ -334,7 +334,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -332,7 +332,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -109079,7 +101360,7 @@ index b3e86ea..18ce98c 100644 set_fs(oldfs); return res; } -@@ -345,7 +345,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -343,7 +343,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -109088,7 +101369,7 @@ index b3e86ea..18ce98c 100644 set_fs(oldfs); return res; } -@@ -356,7 +356,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) +@@ -354,7 +354,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -109231,7 +101512,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 044a0dd..3399751 100644 +index a3c59a0..ec620a50 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -109302,10 +101583,10 @@ index 044a0dd..3399751 100644 static int ping_v4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 2c65160..213ecdf 100644 +index 739db31..74f0210 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -314,7 +314,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -109314,7 +101595,7 @@ index 2c65160..213ecdf 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -748,16 +748,20 @@ static int raw_init(struct sock *sk) +@@ -755,16 +755,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) { @@ -109336,7 +101617,7 @@ index 2c65160..213ecdf 100644 if (get_user(len, optlen)) goto out; -@@ -767,8 +771,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o +@@ -774,8 +778,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len = sizeof(struct icmp_filter); ret = -EFAULT; @@ -109347,7 +101628,7 @@ index 2c65160..213ecdf 100644 goto out; ret = 0; out: return ret; -@@ -997,7 +1001,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1004,7 +1008,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 0, 0L, 0, from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 0, sock_i_ino(sp), @@ -109357,7 +101638,7 @@ index 2c65160..213ecdf 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 1901998..a9a850a 100644 +index cbadb94..691f99e 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = { @@ -109410,7 +101691,7 @@ index 1901998..a9a850a 100644 } EXPORT_SYMBOL(ip_idents_reserve); -@@ -2625,34 +2625,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2623,34 +2623,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -109453,7 +101734,7 @@ index 1901998..a9a850a 100644 err_dup: return -ENOMEM; } -@@ -2675,8 +2675,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2673,8 +2673,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -109464,7 +101745,7 @@ index 1901998..a9a850a 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -@@ -2719,11 +2719,7 @@ int __init ip_rt_init(void) +@@ -2717,11 +2717,7 @@ int __init ip_rt_init(void) { int rc = 0; @@ -109564,10 +101845,10 @@ index 79a007c..5023029 100644 goto err_reg; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 40639c2..dfc86b2 100644 +index a906e02..f3b6a0f 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -754,7 +754,7 @@ static void tcp_update_pacing_rate(struct sock *sk) +@@ -755,7 +755,7 @@ static void tcp_update_pacing_rate(struct sock *sk) * without any lock. We want to make sure compiler wont store * intermediate values in this location. */ @@ -109576,7 +101857,7 @@ index 40639c2..dfc86b2 100644 sk->sk_max_pacing_rate); } -@@ -4478,7 +4478,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4488,7 +4488,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -109585,7 +101866,7 @@ index 40639c2..dfc86b2 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5536,6 +5536,7 @@ discard: +@@ -5546,6 +5546,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -109593,7 +101874,7 @@ index 40639c2..dfc86b2 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5586,6 +5587,7 @@ discard: +@@ -5596,6 +5597,7 @@ discard: goto discard; #endif } @@ -109601,7 +101882,7 @@ index 40639c2..dfc86b2 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5632,7 +5634,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5642,7 +5644,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -109611,7 +101892,7 @@ index 40639c2..dfc86b2 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 77cccda..10122c4 100644 +index cd17f00..1e1f252 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -91,6 +91,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -109625,7 +101906,7 @@ index 77cccda..10122c4 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1591,6 +1595,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1487,6 +1491,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -109635,7 +101916,7 @@ index 77cccda..10122c4 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1737,12 +1744,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1633,12 +1640,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -109658,7 +101939,7 @@ index 77cccda..10122c4 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1796,6 +1810,10 @@ csum_error: +@@ -1704,6 +1718,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -109670,7 +101951,7 @@ index 77cccda..10122c4 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index e68e0d4..0334263 100644 +index 1649988..6251843 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -109710,7 +101991,7 @@ index 3b66610..bfbe23a 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index 286227a..c495a76 100644 +index df90cd1..9ab2c9b 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -109739,7 +102020,7 @@ index 286227a..c495a76 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 7d5a866..4874211 100644 +index f57c0e4..cf24bd0 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -109761,8 +102042,8 @@ index 7d5a866..4874211 100644 struct udp_table udp_table __read_mostly; EXPORT_SYMBOL(udp_table); -@@ -615,6 +620,9 @@ found: - return s; +@@ -594,6 +599,9 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk, + return true; } +extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb); @@ -109771,7 +102052,7 @@ index 7d5a866..4874211 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -952,9 +960,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -931,9 +939,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -109790,7 +102071,7 @@ index 7d5a866..4874211 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1202,7 +1219,7 @@ static unsigned int first_packet_length(struct sock *sk) +@@ -1181,7 +1198,7 @@ static unsigned int first_packet_length(struct sock *sk) IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -109799,7 +102080,7 @@ index 7d5a866..4874211 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1282,6 +1299,10 @@ try_again: +@@ -1261,6 +1278,10 @@ try_again: if (!skb) goto out; @@ -109810,7 +102091,7 @@ index 7d5a866..4874211 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1315,7 +1336,7 @@ try_again: +@@ -1294,7 +1315,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { @@ -109819,7 +102100,7 @@ index 7d5a866..4874211 100644 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } -@@ -1612,7 +1633,7 @@ csum_error: +@@ -1591,7 +1612,7 @@ csum_error: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -109828,7 +102109,7 @@ index 7d5a866..4874211 100644 kfree_skb(skb); return -1; } -@@ -1631,7 +1652,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1610,7 +1631,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -109837,7 +102118,7 @@ index 7d5a866..4874211 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1817,6 +1838,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1807,6 +1828,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -109847,7 +102128,7 @@ index 7d5a866..4874211 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2403,7 +2427,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2393,7 +2417,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -109910,10 +102191,10 @@ index 6156f68..d6ab46d 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 5667b30..2044f61 100644 +index 3e118df..27b16cf 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -593,7 +593,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, +@@ -604,7 +604,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -109922,7 +102203,7 @@ index 5667b30..2044f61 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2390,7 +2390,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2396,7 +2396,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -109931,7 +102212,7 @@ index 5667b30..2044f61 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3516,16 +3516,23 @@ static const struct file_operations if6_fops = { +@@ -3531,16 +3531,23 @@ static const struct file_operations if6_fops = { .release = seq_release_net, }; @@ -109956,7 +102237,7 @@ index 5667b30..2044f61 100644 } static struct pernet_operations if6_proc_net_ops = { -@@ -4141,7 +4148,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4156,7 +4163,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -109965,30 +102246,16 @@ index 5667b30..2044f61 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) - - rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, - dev->ifindex, 1); -- if (rt) { -- dst_hold(&rt->dst); -- if (ip6_del_rt(rt)) -- dst_free(&rt->dst); -- } -+ if (rt && ip6_del_rt(rt)) -+ dst_free(&rt->dst); - } - dst_hold(&ifp->rt->dst); - -@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) - dst_free(&ifp->rt->dst); +@@ -4784,7 +4791,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + rt_genid_bump_ipv6(net); break; } - atomic_inc(&net->ipv6.dev_addr_genid); + atomic_inc_unchecked(&net->ipv6.dev_addr_genid); - rt_genid_bump_ipv6(net); } -@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, + static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4804,7 +4811,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -109997,7 +102264,7 @@ index 5667b30..2044f61 100644 int ret; /* -@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4889,7 +4896,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -110007,23 +102274,23 @@ index 5667b30..2044f61 100644 /* diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c -index 7cb4392..dc96d28 100644 +index 2daa3a1..341066c 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c -@@ -765,7 +765,7 @@ static int __net_init inet6_net_init(struct net *net) - net->ipv6.sysctl.bindv6only = 0; +@@ -766,7 +766,7 @@ static int __net_init inet6_net_init(struct net *net) net->ipv6.sysctl.icmpv6_time = 1*HZ; net->ipv6.sysctl.flowlabel_consistency = 1; + net->ipv6.sysctl.auto_flowlabels = 0; - atomic_set(&net->ipv6.rt_genid, 0); + atomic_set_unchecked(&net->ipv6.rt_genid, 0); err = ipv6_init_mibs(net); if (err) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c -index c3bf2d2..1f00573 100644 +index 2753319..b7e625c 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c -@@ -938,5 +938,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, +@@ -939,5 +939,5 @@ void ip6_dgram_sock_seq_show(struct seq_file *seq, struct sock *sp, 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -110031,10 +102298,10 @@ index c3bf2d2..1f00573 100644 + atomic_read_unchecked(&sp->sk_drops)); } diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c -index f6c84a6..9f2084e 100644 +index 06ba3e5..5c08d38 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c -@@ -990,7 +990,7 @@ static struct ctl_table ipv6_icmp_table_template[] = { +@@ -993,7 +993,7 @@ static struct ctl_table ipv6_icmp_table_template[] = { struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) { @@ -110044,7 +102311,7 @@ index f6c84a6..9f2084e 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 3873181..220ad3f 100644 +index 97299d7..c8e6894 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -71,8 +71,8 @@ struct ip6gre_net { @@ -110058,7 +102325,7 @@ index 3873181..220ad3f 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); -@@ -1280,7 +1280,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1286,7 +1286,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -110067,7 +102334,7 @@ index 3873181..220ad3f 100644 .handler = ip6gre_rcv, .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, -@@ -1638,7 +1638,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { +@@ -1645,7 +1645,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, }; @@ -110076,7 +102343,7 @@ index 3873181..220ad3f 100644 .kind = "ip6gre", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -@@ -1652,7 +1652,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { +@@ -1659,7 +1659,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { .fill_info = ip6gre_fill_info, }; @@ -110085,8 +102352,20 @@ index 3873181..220ad3f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c +index 65eda2a..620a102 100644 +--- a/net/ipv6/ip6_offload.c ++++ b/net/ipv6/ip6_offload.c +@@ -46,6 +46,7 @@ static int ipv6_gso_pull_exthdrs(struct sk_buff *skb, int proto) + if (unlikely(!pskb_may_pull(skb, len))) + break; + ++ opth = (void *)skb->data; + proto = opth->nexthdr; + __skb_pull(skb, len); + } diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index afa0824..04ba530 100644 +index 69a84b4..881c319 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -86,7 +86,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -110098,7 +102377,7 @@ index afa0824..04ba530 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { -@@ -1708,7 +1708,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1714,7 +1714,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -110108,7 +102387,7 @@ index afa0824..04ba530 100644 .maxtype = IFLA_IPTUN_MAX, .policy = ip6_tnl_policy, diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c -index 9aaa6bb..5c13e57 100644 +index 5833a22..6631377 100644 --- a/net/ipv6/ip6_vti.c +++ b/net/ipv6/ip6_vti.c @@ -62,7 +62,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -110120,7 +102399,7 @@ index 9aaa6bb..5c13e57 100644 static int vti6_net_id __read_mostly; struct vti6_net { -@@ -977,7 +977,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { +@@ -981,7 +981,7 @@ static const struct nla_policy vti6_policy[IFLA_VTI_MAX + 1] = { [IFLA_VTI_OKEY] = { .type = NLA_U32 }, }; @@ -110130,10 +102409,10 @@ index 9aaa6bb..5c13e57 100644 .maxtype = IFLA_VTI_MAX, .policy = vti6_policy, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index edb58af..78de133 100644 +index 0c28998..d0a2ecd 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c -@@ -991,7 +991,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, +@@ -995,7 +995,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -110192,10 +102471,10 @@ index e080fbb..412b3cf 100644 case IP6T_SO_GET_ENTRIES: diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index 0d5279f..89d9f6f 100644 +index 6f187c8..34b367f 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c -@@ -90,12 +90,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { +@@ -96,12 +96,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { static int nf_ct_frag6_sysctl_register(struct net *net) { @@ -110210,10 +102489,10 @@ index 0d5279f..89d9f6f 100644 GFP_KERNEL); if (table == NULL) goto err_alloc; -@@ -103,9 +102,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - table[0].data = &net->nf_frag.frags.timeout; - table[1].data = &net->nf_frag.frags.low_thresh; +@@ -112,9 +111,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) table[2].data = &net->nf_frag.frags.high_thresh; + table[2].extra1 = &net->nf_frag.frags.low_thresh; + table[2].extra2 = &init_net.nf_frag.frags.high_thresh; - } - - hdr = register_net_sysctl(net, "net/netfilter", table); @@ -110223,7 +102502,7 @@ index 0d5279f..89d9f6f 100644 if (hdr == NULL) goto err_reg; -@@ -113,8 +112,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net) +@@ -122,8 +121,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net) return 0; err_reg: @@ -110294,7 +102573,7 @@ index 5b7a1ed..d9da205 100644 inet6_unregister_protosw(&pingv6_protosw); } diff --git a/net/ipv6/proc.c b/net/ipv6/proc.c -index 3317440..201764e 100644 +index 2d6f860..b0165f5 100644 --- a/net/ipv6/proc.c +++ b/net/ipv6/proc.c @@ -309,7 +309,7 @@ static int __net_init ipv6_proc_init_net(struct net *net) @@ -110307,7 +102586,7 @@ index 3317440..201764e 100644 goto proc_dev_snmp6_fail; return 0; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index b2dc60b..a6b6c10 100644 +index 39d4422..b0979547 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -388,7 +388,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -110337,7 +102616,7 @@ index b2dc60b..a6b6c10 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -610,7 +610,7 @@ out: +@@ -608,7 +608,7 @@ out: return err; } @@ -110346,7 +102625,7 @@ index b2dc60b..a6b6c10 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -916,12 +916,15 @@ do_confirm: +@@ -914,12 +914,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -110363,7 +102642,7 @@ index b2dc60b..a6b6c10 100644 return 0; default: return -ENOPROTOOPT; -@@ -934,6 +937,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -932,6 +935,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -110371,7 +102650,7 @@ index b2dc60b..a6b6c10 100644 switch (optname) { case ICMPV6_FILTER: -@@ -945,7 +949,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -943,7 +947,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -110382,10 +102661,10 @@ index b2dc60b..a6b6c10 100644 return 0; default: diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index cc85a9b..526a133 100644 +index c6557d9..173e728 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c -@@ -626,12 +626,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { +@@ -627,12 +627,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { static int __net_init ip6_frags_ns_sysctl_register(struct net *net) { @@ -110400,7 +102679,7 @@ index cc85a9b..526a133 100644 if (table == NULL) goto err_alloc; -@@ -642,9 +641,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -646,9 +645,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -110413,7 +102692,7 @@ index cc85a9b..526a133 100644 if (hdr == NULL) goto err_reg; -@@ -652,8 +652,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -656,8 +656,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -110424,10 +102703,10 @@ index cc85a9b..526a133 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index f23fbd2..7868241 100644 +index bafde82..af2c91f 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2971,7 +2971,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -2967,7 +2967,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -110437,7 +102716,7 @@ index f23fbd2..7868241 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index 4f40817..54dcbef 100644 +index 6163f85..0070823 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -110449,7 +102728,30 @@ index 4f40817..54dcbef 100644 static int sit_net_id __read_mostly; struct sit_net { -@@ -1661,7 +1661,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) +@@ -485,11 +485,11 @@ static void ipip6_tunnel_uninit(struct net_device *dev) + */ + static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + { +- const struct iphdr *iph = (const struct iphdr *) skb->data; ++ int ihl = ((const struct iphdr *)skb->data)->ihl*4; + struct rt6_info *rt; + struct sk_buff *skb2; + +- if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8)) ++ if (!pskb_may_pull(skb, ihl + sizeof(struct ipv6hdr) + 8)) + return 1; + + skb2 = skb_clone(skb, GFP_ATOMIC); +@@ -498,7 +498,7 @@ static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb) + return 1; + + skb_dst_drop(skb2); +- skb_pull(skb2, iph->ihl * 4); ++ skb_pull(skb2, ihl); + skb_reset_network_header(skb2); + + rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); +@@ -1662,7 +1662,7 @@ static void ipip6_dellink(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); } @@ -110459,10 +102761,10 @@ index 4f40817..54dcbef 100644 .maxtype = IFLA_IPTUN_MAX, .policy = ipip6_policy, diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c -index 058f3ec..dec973d 100644 +index 0c56c93..ece50df 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c -@@ -61,7 +61,7 @@ static struct ctl_table ipv6_rotable[] = { +@@ -68,7 +68,7 @@ static struct ctl_table ipv6_rotable[] = { static int __net_init ipv6_sysctl_net_init(struct net *net) { @@ -110472,7 +102774,7 @@ index 058f3ec..dec973d 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 229239ad..ee2802f 100644 +index 29964c3..b8caecf 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -102,6 +102,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -110486,7 +102788,7 @@ index 229239ad..ee2802f 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1424,6 +1428,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1333,6 +1337,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -110496,7 +102798,7 @@ index 229239ad..ee2802f 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1508,12 +1515,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1417,12 +1424,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -110519,7 +102821,7 @@ index 229239ad..ee2802f 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1565,6 +1580,10 @@ csum_error: +@@ -1479,6 +1494,10 @@ csum_error: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -110531,7 +102833,7 @@ index 229239ad..ee2802f 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 7092ff7..3fd0eb4 100644 +index 4836af8..0e52bbd 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -76,6 +76,10 @@ static unsigned int udp6_ehashfn(struct net *net, @@ -110545,7 +102847,7 @@ index 7092ff7..3fd0eb4 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk2_rcv_saddr6 = inet6_rcv_saddr(sk2); -@@ -435,7 +439,7 @@ try_again: +@@ -434,7 +438,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { @@ -110554,7 +102856,7 @@ index 7092ff7..3fd0eb4 100644 if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, -@@ -698,7 +702,7 @@ csum_error: +@@ -701,7 +705,7 @@ csum_error: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite); drop: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -110563,7 +102865,7 @@ index 7092ff7..3fd0eb4 100644 kfree_skb(skb); return -1; } -@@ -754,7 +758,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -740,7 +744,7 @@ static void flush_stack(struct sock **stack, unsigned int count, if (likely(skb1 == NULL)) skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -110572,7 +102874,7 @@ index 7092ff7..3fd0eb4 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -920,6 +924,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -915,6 +919,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -110649,10 +102951,10 @@ index e15c16a..7cf07aa 100644 if (!ipx_proc_dir) goto out; diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index 2ba8b97..6d33010 100644 +index 61ceb4c..e788eb8 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c -@@ -317,11 +317,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -317,10 +317,10 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, add_wait_queue(&port->open_wait, &wait); IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", @@ -110660,13 +102962,12 @@ index 2ba8b97..6d33010 100644 + __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); spin_lock_irqsave(&port->lock, flags); - if (!tty_hung_up_p(filp)) -- port->count--; -+ atomic_dec(&port->count); +- port->count--; ++ atomic_dec(&port->count); port->blocked_open++; spin_unlock_irqrestore(&port->lock, flags); -@@ -356,7 +356,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -355,7 +355,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, } IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", @@ -110675,7 +102976,7 @@ index 2ba8b97..6d33010 100644 schedule(); } -@@ -366,12 +366,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -365,12 +365,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -110690,7 +102991,7 @@ index 2ba8b97..6d33010 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -445,12 +445,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) +@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&self->port.lock, flags); @@ -110705,7 +103006,7 @@ index 2ba8b97..6d33010 100644 /* Not really used by us, but lets do it anyway */ self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; -@@ -987,7 +987,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) +@@ -985,7 +985,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) tty_kref_put(port->tty); } port->tty = NULL; @@ -110714,7 +103015,7 @@ index 2ba8b97..6d33010 100644 spin_unlock_irqrestore(&port->lock, flags); wake_up_interruptible(&port->open_wait); -@@ -1344,7 +1344,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) +@@ -1342,7 +1342,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) seq_putc(m, '\n'); seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); @@ -110737,7 +103038,7 @@ index b9ac598..f88cc56 100644 return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 7a95fa4..57be196 100644 +index a089b6b..3ca3b60 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -686,10 +686,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv) @@ -110767,10 +103068,10 @@ index da78793..bdd78cf 100644 }; diff --git a/net/key/af_key.c b/net/key/af_key.c -index ba2a2f9..b658bc3 100644 +index 1847ec4..26ef732 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -3052,10 +3052,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -3049,10 +3049,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -110784,7 +103085,7 @@ index ba2a2f9..b658bc3 100644 return res; } diff --git a/net/l2tp/l2tp_eth.c b/net/l2tp/l2tp_eth.c -index 76125c5..e474828 100644 +index edb78e6..8dc654a 100644 --- a/net/l2tp/l2tp_eth.c +++ b/net/l2tp/l2tp_eth.c @@ -42,12 +42,12 @@ struct l2tp_eth { @@ -110859,20 +103160,6 @@ index 76125c5..e474828 100644 kfree_skb(skb); } -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index 13752d9..b704a93 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -755,7 +755,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, - /* If PMTU discovery was enabled, use the MTU that was discovered */ - dst = sk_dst_get(tunnel->sock); - if (dst != NULL) { -- u32 pmtu = dst_mtu(__sk_dst_get(tunnel->sock)); -+ u32 pmtu = dst_mtu(dst); -+ - if (pmtu != 0) - session->mtu = session->mru = pmtu - - PPPOL2TP_HEADER_OVERHEAD; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c @@ -110887,10 +103174,10 @@ index 1a3c7e0..80f8b0c 100644 goto out; diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 592f4b1..efa7aa9 100644 +index 927b4ea..88a30e2 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c -@@ -864,7 +864,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, +@@ -540,7 +540,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, ret = ieee80211_vif_use_channel(sdata, chandef, IEEE80211_CHANCTX_EXCLUSIVE); } @@ -110899,7 +103186,7 @@ index 592f4b1..efa7aa9 100644 local->_oper_chandef = *chandef; ieee80211_hw_config(local, 0); } -@@ -3574,7 +3574,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, +@@ -3286,7 +3286,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -110908,7 +103195,7 @@ index 592f4b1..efa7aa9 100644 break; ieee80211_queue_work(&local->hw, &local->reconfig_filter); -@@ -3723,8 +3723,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, +@@ -3420,8 +3420,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, if (chanctx_conf) { *chandef = chanctx_conf->def; ret = 0; @@ -110920,7 +103207,7 @@ index 592f4b1..efa7aa9 100644 if (local->use_chanctx) *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index ac9836e..32613c1 100644 +index ef7a089..fe1caf7 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -110931,7 +103218,7 @@ index ac9836e..32613c1 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -1011,7 +1012,7 @@ struct ieee80211_local { +@@ -1055,7 +1056,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -110941,7 +103228,7 @@ index ac9836e..32613c1 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 388b863..6575b55 100644 +index f75e5f1..3d9ad4f 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -531,7 +531,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) @@ -110980,7 +103267,7 @@ index 388b863..6575b55 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -888,7 +888,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -889,7 +889,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -110989,7 +103276,7 @@ index 388b863..6575b55 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -949,7 +949,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -950,7 +950,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); @@ -110998,7 +103285,7 @@ index 388b863..6575b55 100644 ieee80211_clear_tx_pending(local); /* -@@ -989,7 +989,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -990,7 +990,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -111007,7 +103294,7 @@ index 388b863..6575b55 100644 ieee80211_stop_device(local); /* no reconfiguring after stop! */ -@@ -1000,7 +1000,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -1001,7 +1001,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_configure_filter(local); ieee80211_hw_config(local, hw_reconf_flags); @@ -111017,7 +103304,7 @@ index 388b863..6575b55 100644 } diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index d17c26d..43d6bfb 100644 +index e0ab432..36b7b94 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -174,7 +174,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) @@ -111030,7 +103317,7 @@ index d17c26d..43d6bfb 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index d478b88..8c8d157 100644 +index 4c5192e..04cc0d8 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -111042,7 +103329,7 @@ index d478b88..8c8d157 100644 goto suspend; ieee80211_scan_cancel(local); -@@ -58,7 +58,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -59,7 +59,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) cancel_work_sync(&local->dynamic_ps_enable_work); del_timer_sync(&local->dynamic_ps_timer); @@ -111051,7 +103338,7 @@ index d478b88..8c8d157 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -123,7 +123,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -125,7 +125,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) WARN_ON(!list_empty(&local->chanctx_list)); /* stop hardware - this must stop RX */ @@ -111073,24 +103360,11 @@ index 8fdadfd..a4f72b8 100644 return -EBUSY; if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) { -diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c -index 6ff1346..936ca9a 100644 ---- a/net/mac80211/rc80211_pid_debugfs.c -+++ b/net/mac80211/rc80211_pid_debugfs.c -@@ -193,7 +193,7 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf, - - spin_unlock_irqrestore(&events->lock, status); - -- if (copy_to_user(buf, pb, p)) -+ if (p > sizeof(pb) || copy_to_user(buf, pb, p)) - return -EFAULT; - - return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index a6cda52..f3b6776 100644 +index 725af7a..a21a20a 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1548,7 +1548,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1643,7 +1643,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -111099,7 +103373,7 @@ index a6cda52..f3b6776 100644 goto wake_up; /* -@@ -1772,7 +1772,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1869,7 +1869,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) local->in_reconfig = false; barrier(); @@ -111109,10 +103383,10 @@ index a6cda52..f3b6776 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index e9410d1..77b6378 100644 +index 6d77cce..36e2fc3 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -1081,6 +1081,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -1096,6 +1096,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -111130,10 +103404,10 @@ index e9410d1..77b6378 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index bffdad7..f9317d1 100644 +index fad5fdb..ba3672a 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -133,6 +133,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o +@@ -136,6 +136,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o @@ -111208,7 +103482,7 @@ index 5c34e8d..0d8eb7f 100644 if (ipvs->sync_state & IP_VS_STATE_MASTER) ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index 581a658..910e112 100644 +index fd3f444..ab28fa24 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -794,7 +794,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -111229,7 +103503,7 @@ index 581a658..910e112 100644 { .procname = "amemthresh", .maxlen = sizeof(int), -@@ -2075,7 +2075,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -1989,7 +1989,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -111238,7 +103512,7 @@ index 581a658..910e112 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2086,7 +2086,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2000,7 +2000,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -111247,7 +103521,7 @@ index 581a658..910e112 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2564,7 +2564,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2471,7 +2471,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -111256,7 +103530,7 @@ index 581a658..910e112 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3107,7 +3107,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3010,7 +3010,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || nla_put_be16(skb, IPVS_DEST_ATTR_PORT, dest->port) || nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -111265,7 +103539,7 @@ index 581a658..910e112 100644 IP_VS_CONN_F_FWD_MASK)) || nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)) || -@@ -3697,7 +3697,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) +@@ -3600,7 +3600,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) { int idx; struct netns_ipvs *ipvs = net_ipvs(net); @@ -111301,7 +103575,7 @@ index 3f21a2f..a112e85 100644 .procname = "lblcr_expiration", .data = NULL, diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index db80126..ef7110e 100644 +index eadffb2..c2feeae 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -609,7 +609,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, @@ -111322,7 +103596,7 @@ index db80126..ef7110e 100644 else pkts = sysctl_sync_threshold(ipvs); goto sloop; -@@ -895,7 +895,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, +@@ -894,7 +894,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param, if (opt) memcpy(&cp->in_seq, opt, sizeof(*opt)); @@ -111332,10 +103606,10 @@ index db80126..ef7110e 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index 6f70bdd..fb96a71 100644 +index 56896a4..dfe3806 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c -@@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1114,7 +1114,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -111344,7 +103618,7 @@ index 6f70bdd..fb96a71 100644 goto out; } -@@ -1194,7 +1194,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1206,7 +1206,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -111367,10 +103641,10 @@ index a4b5e2a..13b1de3 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 1f4f954..e364ad7 100644 +index de88c4a..ec84234 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1789,6 +1789,10 @@ void nf_conntrack_init_end(void) +@@ -1739,6 +1739,10 @@ void nf_conntrack_init_end(void) #define DYING_NULLS_VAL ((1<<30)+1) #define TEMPLATE_NULLS_VAL ((1<<30)+2) @@ -111381,7 +103655,7 @@ index 1f4f954..e364ad7 100644 int nf_conntrack_init_net(struct net *net) { int ret = -ENOMEM; -@@ -1814,7 +1818,11 @@ int nf_conntrack_init_net(struct net *net) +@@ -1764,7 +1768,11 @@ int nf_conntrack_init_net(struct net *net) if (!net->ct.stat) goto err_pcpu_lists; @@ -111394,10 +103668,10 @@ index 1f4f954..e364ad7 100644 goto err_slabname; diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c -index 1df1761..ce8b88a 100644 +index 4e78c57..ec8fb74 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c -@@ -188,7 +188,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { +@@ -264,7 +264,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { #ifdef CONFIG_SYSCTL static int nf_conntrack_event_init_sysctl(struct net *net) { @@ -111459,10 +103733,10 @@ index 7a394df..bd91a8a 100644 table = kmemdup(tstamp_sysctl_table, sizeof(tstamp_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c -index 85296d4..8becdec 100644 +index daad602..384be13 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c -@@ -243,7 +243,7 @@ static const struct file_operations nflog_file_ops = { +@@ -353,7 +353,7 @@ static const struct file_operations nflog_file_ops = { #ifdef CONFIG_SYSCTL static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3]; @@ -111471,7 +103745,7 @@ index 85296d4..8becdec 100644 static int nf_log_proc_dostring(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) -@@ -274,14 +274,16 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write, +@@ -384,14 +384,16 @@ static int nf_log_proc_dostring(struct ctl_table *table, int write, rcu_assign_pointer(net->nf.nf_loggers[tindex], logger); mutex_unlock(&nf_log_mutex); } else { @@ -111492,10 +103766,10 @@ index 85296d4..8becdec 100644 } diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c -index f042ae5..30ea486 100644 +index c68c1e5..8b5d670 100644 --- a/net/netfilter/nf_sockopt.c +++ b/net/netfilter/nf_sockopt.c -@@ -45,7 +45,7 @@ int nf_register_sockopt(struct nf_sockopt_ops *reg) +@@ -43,7 +43,7 @@ int nf_register_sockopt(struct nf_sockopt_ops *reg) } } @@ -111504,7 +103778,7 @@ index f042ae5..30ea486 100644 out: mutex_unlock(&nf_sockopt_mutex); return ret; -@@ -55,7 +55,7 @@ EXPORT_SYMBOL(nf_register_sockopt); +@@ -53,7 +53,7 @@ EXPORT_SYMBOL(nf_register_sockopt); void nf_unregister_sockopt(struct nf_sockopt_ops *reg) { mutex_lock(&nf_sockopt_mutex); @@ -111514,7 +103788,7 @@ index f042ae5..30ea486 100644 } EXPORT_SYMBOL(nf_unregister_sockopt); diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index d292c8d..9f1e166 100644 +index a11c5ff..aa413a7 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -79,7 +79,7 @@ static int nfnl_log_net_id __read_mostly; @@ -111557,24 +103831,6 @@ index 1840989..6895744 100644 set_fs(old_fs); ret = nla_put(skb, NFTA_MATCH_INFO, XT_ALIGN(m->matchsize), out); kfree(out); -diff --git a/net/netfilter/xt_bpf.c b/net/netfilter/xt_bpf.c -index bbffdbda..12d4da8 100644 ---- a/net/netfilter/xt_bpf.c -+++ b/net/netfilter/xt_bpf.c -@@ -23,11 +23,10 @@ MODULE_ALIAS("ip6t_bpf"); - static int bpf_mt_check(const struct xt_mtchk_param *par) - { - struct xt_bpf_info *info = par->matchinfo; -- struct sock_fprog_kern program; -+ struct sock_fprog program; - - program.len = info->bpf_program_num_elem; -- program.filter = info->bpf_program; -- -+ program.filter = (struct sock_filter __user *) info->bpf_program; - if (sk_unattached_filter_create(&info->filter, &program)) { - pr_info("bpf: check failed: parse error\n"); - return -EINVAL; diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..c566332 @@ -111698,10 +103954,10 @@ index 11de55e..f25e448 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index e6fac7e..cdcd25e 100644 +index c416725..bd22eea 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk) +@@ -265,7 +265,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -111710,7 +103966,16 @@ index e6fac7e..cdcd25e 100644 } static void netlink_rcv_wake(struct sock *sk) -@@ -3058,7 +3058,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -715,7 +715,7 @@ static int netlink_mmap_sendmsg(struct sock *sk, struct msghdr *msg, + * after validation, the socket and the ring may only be used by a + * single process, otherwise we fall back to copying. + */ +- if (atomic_long_read(&sk->sk_socket->file->f_count) > 2 || ++ if (atomic_long_read(&sk->sk_socket->file->f_count) > 1 || + atomic_read(&nlk->mapped) > 1) + excl = false; + +@@ -2996,7 +2996,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb_running, atomic_read(&s->sk_refcnt), @@ -111720,7 +103985,7 @@ index e6fac7e..cdcd25e 100644 ); diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index b85c67c..09705b7 100644 +index 93896d2..b701c88 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -275,7 +275,7 @@ static int packet_direct_xmit(struct sk_buff *skb) @@ -111732,15 +103997,7 @@ index b85c67c..09705b7 100644 kfree_skb(skb); return NET_XMIT_DROP; } -@@ -636,6 +636,7 @@ static void init_prb_bdqc(struct packet_sock *po, - p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); - p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; - -+ p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv); - prb_init_ft_ops(p1, req_u); - prb_setup_retire_blk_timer(po, tx_ring); - prb_open_block(p1, pbd); -@@ -1845,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1842,7 +1842,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -111749,7 +104006,7 @@ index b85c67c..09705b7 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk); -@@ -1854,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1851,7 +1851,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -111758,26 +104015,7 @@ index b85c67c..09705b7 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -1946,6 +1947,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, - if ((int)snaplen < 0) - snaplen = 0; - } -+ } else if (unlikely(macoff + snaplen > -+ GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) { -+ u32 nval; -+ -+ nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff; -+ pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n", -+ snaplen, nval, macoff); -+ snaplen = nval; -+ if (unlikely((int)snaplen < 0)) { -+ snaplen = 0; -+ macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len; -+ } - } - spin_lock(&sk->sk_receive_queue.lock); - h.raw = packet_current_rx_frame(po, skb, -@@ -3459,7 +3472,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3466,7 +3466,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -111786,7 +104024,7 @@ index b85c67c..09705b7 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3505,7 +3518,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3512,7 +3512,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -111795,29 +104033,6 @@ index b85c67c..09705b7 100644 return -EFAULT; return 0; } -@@ -3789,6 +3802,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, - goto out; - if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) - goto out; -+ if (po->tp_version >= TPACKET_V3 && -+ (int)(req->tp_block_size - -+ BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) -+ goto out; - if (unlikely(req->tp_frame_size < po->tp_hdrlen + - po->tp_reserve)) - goto out; -diff --git a/net/packet/internal.h b/net/packet/internal.h -index eb9580a..cdddf6a 100644 ---- a/net/packet/internal.h -+++ b/net/packet/internal.h -@@ -29,6 +29,7 @@ struct tpacket_kbdq_core { - char *pkblk_start; - char *pkblk_end; - int kblk_size; -+ unsigned int max_frame_len; - unsigned int knum_blocks; - uint64_t knxt_seq_num; - char *prev; diff --git a/net/phonet/pep.c b/net/phonet/pep.c index 70a547e..23477fe 100644 --- a/net/phonet/pep.c @@ -112002,6 +104217,42 @@ index aa8bf67..b70133c 100644 } #endif +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index 4e37c1c..40084d8 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + + if (rs->rs_bound_addr == 0) { + ret = -ENOTCONN; /* XXX not a great errno */ +- goto out; ++ goto out_ret; + } + + if (args->nr_local > UIO_MAXIOV) { + ret = -EMSGSIZE; +- goto out; ++ goto out_ret; + } + + /* Check whether to allocate the iovec area */ +@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); + if (!iovs) { + ret = -ENOMEM; +- goto out; ++ goto out_ret; + } + } + +@@ -696,6 +696,7 @@ out: + if (iovs != iovstack) + sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); + kfree(pages); ++out_ret: + if (ret) + rds_rdma_free_op(op); + else diff --git a/net/rds/rds.h b/net/rds/rds.h index 48f8ffc..0ef3eec 100644 --- a/net/rds/rds.h @@ -112343,30 +104594,8 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c -index 13f64df..1618696 100644 ---- a/net/sched/cls_bpf.c -+++ b/net/sched/cls_bpf.c -@@ -160,7 +160,7 @@ static int cls_bpf_modify_existing(struct net *net, struct tcf_proto *tp, - { - struct sock_filter *bpf_ops, *bpf_old; - struct tcf_exts exts; -- struct sock_fprog_kern tmp; -+ struct sock_fprog tmp; - struct sk_filter *fp, *fp_old; - u16 bpf_size, bpf_len; - u32 classid; -@@ -191,7 +191,7 @@ static int cls_bpf_modify_existing(struct net *net, struct tcf_proto *tp, - memcpy(bpf_ops, nla_data(tb[TCA_BPF_OPS]), bpf_size); - - tmp.len = bpf_len; -- tmp.filter = bpf_ops; -+ tmp.filter = (struct sock_filter __user *) bpf_ops; - - ret = sk_unattached_filter_create(&fp, &tmp); - if (ret) diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c -index e1543b0..7ce8bd0 100644 +index fc04fe9..8167357 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -310,7 +310,7 @@ void netif_carrier_on(struct net_device *dev) @@ -112388,10 +104617,10 @@ index e1543b0..7ce8bd0 100644 } } diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c -index 1999592..6684af6 100644 +index 0e4198e..f94193e 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c -@@ -964,7 +964,7 @@ static const struct inet6_protocol sctpv6_protocol = { +@@ -972,7 +972,7 @@ static const struct inet6_protocol sctpv6_protocol = { .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, }; @@ -112400,7 +104629,7 @@ index 1999592..6684af6 100644 .sa_family = AF_INET6, .sctp_xmit = sctp_v6_xmit, .setsockopt = ipv6_setsockopt, -@@ -996,7 +996,7 @@ static struct sctp_af sctp_af_inet6 = { +@@ -1002,7 +1002,7 @@ static struct sctp_af sctp_af_inet6 = { #endif }; @@ -112409,7 +104638,7 @@ index 1999592..6684af6 100644 .event_msgname = sctp_inet6_event_msgname, .skb_msgname = sctp_inet6_skb_msgname, .af_supported = sctp_inet6_af_supported, -@@ -1021,7 +1021,7 @@ void sctp_v6_pf_init(void) +@@ -1029,7 +1029,7 @@ void sctp_v6_pf_init(void) void sctp_v6_pf_exit(void) { @@ -112419,7 +104648,7 @@ index 1999592..6684af6 100644 /* Initialize IPv6 support and register with socket layer. */ diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index 6789d785..0798d76 100644 +index 6240834..cac4b52 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -836,8 +836,10 @@ int sctp_register_af(struct sctp_af *af) @@ -112443,7 +104672,7 @@ index 6789d785..0798d76 100644 .event_msgname = sctp_inet_event_msgname, .skb_msgname = sctp_inet_skb_msgname, .af_supported = sctp_inet_af_supported, -@@ -1037,7 +1039,7 @@ static const struct net_protocol sctp_protocol = { +@@ -1039,7 +1041,7 @@ static const struct net_protocol sctp_protocol = { }; /* IPv4 address related functions. */ @@ -112475,10 +104704,10 @@ index fef2acd..c705c4f 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 4298996..fa5f636 100644 +index 634a2ab..8e93929 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -2176,11 +2176,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -2199,11 +2199,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -112491,9 +104720,9 @@ index 4298996..fa5f636 100644 return -EFAULT; + sctp_sk(sk)->subscribe = subscribe; - /* - * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, -@@ -4260,13 +4262,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, + if (sctp_sk(sk)->subscribe.sctp_data_io_event) + pr_warn_ratelimited(DEPRECATED "%s (pid %d) " +@@ -4372,13 +4374,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -112511,7 +104740,7 @@ index 4298996..fa5f636 100644 return -EFAULT; return 0; } -@@ -4284,6 +4289,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4396,6 +4401,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -112520,7 +104749,7 @@ index 4298996..fa5f636 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4292,7 +4299,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4404,7 +4411,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -112530,7 +104759,7 @@ index 4298996..fa5f636 100644 return -EFAULT; return 0; } -@@ -4667,12 +4675,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4778,12 +4786,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -112547,8 +104776,8 @@ index 4298996..fa5f636 100644 return -EFAULT; return 0; } -@@ -4713,6 +4724,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, - addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; +@@ -4824,6 +4835,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, + ->addr_to_user(sp, &temp); if (space_left < addrlen) return -ENOMEM; + if (addrlen > sizeof(temp) || addrlen < 0) @@ -112557,7 +104786,7 @@ index 4298996..fa5f636 100644 return -EFAULT; to += addrlen; diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c -index 12c7e01..a755b3e 100644 +index 2e9ada1..40f425d 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -321,7 +321,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write, @@ -112587,7 +104816,7 @@ index 12c7e01..a755b3e 100644 int ret, new_value; memset(&tbl, 0, sizeof(struct ctl_table)); -@@ -435,7 +435,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, +@@ -436,7 +436,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, loff_t *ppos) { struct net *net = current->nsproxy->net_ns; @@ -112596,7 +104825,7 @@ index 12c7e01..a755b3e 100644 int new_value, ret; memset(&tbl, 0, sizeof(struct ctl_table)); -@@ -462,7 +462,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, +@@ -463,7 +463,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, int sctp_sysctl_net_register(struct net *net) { @@ -112606,18 +104835,10 @@ index 12c7e01..a755b3e 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index abf56b2..768e89d 100644 +index 4cdbc10..f075204 100644 --- a/net/socket.c +++ b/net/socket.c -@@ -72,7 +72,6 @@ - #include <linux/if_bridge.h> - #include <linux/if_frad.h> - #include <linux/if_vlan.h> --#include <linux/ptp_classify.h> - #include <linux/init.h> - #include <linux/poll.h> - #include <linux/cache.h> -@@ -89,6 +88,7 @@ +@@ -89,6 +89,7 @@ #include <linux/magic.h> #include <linux/slab.h> #include <linux/xattr.h> @@ -112625,7 +104846,7 @@ index abf56b2..768e89d 100644 #include <asm/uaccess.h> #include <asm/unistd.h> -@@ -112,6 +112,8 @@ unsigned int sysctl_net_busy_read __read_mostly; +@@ -113,6 +114,8 @@ unsigned int sysctl_net_busy_read __read_mostly; unsigned int sysctl_net_busy_poll __read_mostly; #endif @@ -112634,7 +104855,7 @@ index abf56b2..768e89d 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); -@@ -163,7 +165,7 @@ static const struct file_operations socket_file_ops = { +@@ -164,7 +167,7 @@ static const struct file_operations socket_file_ops = { */ static DEFINE_SPINLOCK(net_family_lock); @@ -112643,7 +104864,7 @@ index abf56b2..768e89d 100644 /* * Statistics counters of the socket lists -@@ -329,7 +331,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, +@@ -330,7 +333,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, &sockfs_dentry_operations, SOCKFS_MAGIC); } @@ -112652,7 +104873,7 @@ index abf56b2..768e89d 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1257,6 +1259,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1265,6 +1268,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -112661,7 +104882,7 @@ index abf56b2..768e89d 100644 /* Compatibility. -@@ -1277,6 +1281,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1285,6 +1290,20 @@ int __sock_create(struct net *net, int family, int type, int protocol, if (err) return err; @@ -112682,7 +104903,7 @@ index abf56b2..768e89d 100644 /* * Allocate the socket and allow the family to set things up. if * the protocol is 0, the family is instructed to select an appropriate -@@ -1528,6 +1546,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1536,6 +1555,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -112697,7 +104918,7 @@ index abf56b2..768e89d 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1536,6 +1562,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1544,6 +1571,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -112705,7 +104926,7 @@ index abf56b2..768e89d 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1559,10 +1586,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1567,10 +1595,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -112726,7 +104947,7 @@ index abf56b2..768e89d 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1606,6 +1643,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1614,6 +1652,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -112745,7 +104966,7 @@ index abf56b2..768e89d 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1651,6 +1700,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1659,6 +1709,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -112754,7 +104975,7 @@ index abf56b2..768e89d 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1683,6 +1734,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1691,6 +1743,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -112762,7 +104983,7 @@ index abf56b2..768e89d 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1693,6 +1745,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1701,6 +1754,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -112780,7 +105001,7 @@ index abf56b2..768e89d 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1774,6 +1837,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1782,6 +1846,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -112789,7 +105010,7 @@ index abf56b2..768e89d 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1840,7 +1905,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1848,7 +1914,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -112798,17 +105019,7 @@ index abf56b2..768e89d 100644 int err, err2; int fput_needed; -@@ -1988,6 +2053,9 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, - if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) - return -EFAULT; - -+ if (kmsg->msg_name == NULL) -+ kmsg->msg_namelen = 0; -+ - if (kmsg->msg_namelen < 0) - return -EINVAL; - -@@ -2066,7 +2134,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2077,7 +2143,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -112817,7 +105028,7 @@ index abf56b2..768e89d 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2217,7 +2285,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2228,7 +2294,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -112826,7 +105037,7 @@ index abf56b2..768e89d 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2246,7 +2314,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2257,7 +2323,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -112835,18 +105046,7 @@ index abf56b2..768e89d 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2686,7 +2754,9 @@ static int __init sock_init(void) - goto out; - #endif - -- ptp_classifier_init(); -+#ifdef CONFIG_NETWORK_PHY_TIMESTAMPING -+ skb_timestamping_init(); -+#endif - - out: - return err; -@@ -2887,7 +2957,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2898,7 +2964,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -112855,7 +105055,7 @@ index abf56b2..768e89d 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2998,7 +3068,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -3009,7 +3075,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -112864,7 +105064,7 @@ index abf56b2..768e89d 100644 set_fs(old_fs); return err; -@@ -3091,7 +3161,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3102,7 +3168,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -112873,7 +105073,7 @@ index abf56b2..768e89d 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3175,7 +3245,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3186,7 +3252,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -112882,7 +105082,7 @@ index abf56b2..768e89d 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3402,8 +3472,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3413,8 +3479,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -112893,7 +105093,7 @@ index abf56b2..768e89d 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3423,7 +3493,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3434,7 +3500,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -112903,7 +105103,7 @@ index abf56b2..768e89d 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c -index 4ce5ecce..7bef300 100644 +index c548ab2..4e1b68b 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c +++ b/net/sunrpc/auth_gss/svcauth_gss.c @@ -1140,7 +1140,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, @@ -112938,7 +105138,7 @@ index 0663621..c4928d4 100644 goto out_nomem; cd->u.procfs.channel_ent = NULL; diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 2e6ab10..3170800 100644 +index 488ddee..1b31487 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c @@ -1425,7 +1425,9 @@ call_start(struct rpc_task *task) @@ -112953,10 +105153,10 @@ index 2e6ab10..3170800 100644 task->tk_action = call_reserve; } diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index c0365c1..b7f02b3 100644 +index 9358c79..22d0a5b 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -261,9 +261,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -261,9 +261,9 @@ static int rpc_wait_bit_killable(struct wait_bit_key *key) #if defined(RPC_DEBUG) || defined(RPC_TRACEPOINTS) static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -112982,7 +105182,7 @@ index 5453049..465669a 100644 return -ENOMEM; diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index 5de6801..b4e330d 100644 +index 1db5007..6e66296 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1167,7 +1167,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) @@ -113130,10 +105330,10 @@ index c1b6270..05089c1 100644 .proc_handler = read_reset_stat, }, diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c -index 8f92a61..eb13b74 100644 +index e011027..9d3c4e1 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c +++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c -@@ -219,7 +219,7 @@ static int rdma_read_chunk_lcl(struct svcxprt_rdma *xprt, +@@ -220,7 +220,7 @@ static int rdma_read_chunk_lcl(struct svcxprt_rdma *xprt, *page_no = pg_no; *page_offset = pg_off; ret = read; @@ -113142,7 +105342,7 @@ index 8f92a61..eb13b74 100644 return ret; err: svc_rdma_unmap_dma(ctxt); -@@ -355,7 +355,7 @@ static int rdma_read_chunk_frmr(struct svcxprt_rdma *xprt, +@@ -356,7 +356,7 @@ static int rdma_read_chunk_frmr(struct svcxprt_rdma *xprt, *page_no = pg_no; *page_offset = pg_off; ret = read; @@ -113151,7 +105351,7 @@ index 8f92a61..eb13b74 100644 return ret; err: svc_rdma_unmap_dma(ctxt); -@@ -512,7 +512,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp) +@@ -540,7 +540,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp) dto_q); list_del_init(&ctxt->dto_q); } else { @@ -113160,7 +105360,7 @@ index 8f92a61..eb13b74 100644 clear_bit(XPT_DATA, &xprt->xpt_flags); ctxt = NULL; } -@@ -531,7 +531,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp) +@@ -559,7 +559,7 @@ int svc_rdma_recvfrom(struct svc_rqst *rqstp) dprintk("svcrdma: processing ctxt=%p on xprt=%p, rqstp=%p, status=%d\n", ctxt, rdma_xprt, rqstp, ctxt->wc_status); BUG_ON(ctxt->wc_status != IB_WC_SUCCESS); @@ -113170,10 +105370,10 @@ index 8f92a61..eb13b74 100644 /* Build up the XDR from the receive buffers. */ rdma_build_arg_xdr(rqstp, ctxt, ctxt->byte_len); diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c -index 49fd21a..4bc455b 100644 +index 9f1b506..2e0b321 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c +++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c -@@ -206,7 +206,7 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp, +@@ -208,7 +208,7 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp, write_wr.wr.rdma.remote_addr = to; /* Post It */ @@ -113181,9 +105381,9 @@ index 49fd21a..4bc455b 100644 + atomic_inc_unchecked(&rdma_stat_write); if (svc_rdma_send(xprt, &write_wr)) goto err; - return 0; + return write_len - bc; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index 06a5d92..c2fa21a 100644 +index 374feb4..46487d5 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c @@ -295,7 +295,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) @@ -113222,7 +105422,7 @@ index 06a5d92..c2fa21a 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1279,7 +1279,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1264,7 +1264,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); @@ -113490,10 +105690,10 @@ index 0917f04..f4e3d8c 100644 if (!proc_create("x25/route", S_IRUGO, init_net.proc_net, diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 0525d78..cccf7fd 100644 +index fdde51f..4839450 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -325,7 +325,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -330,7 +330,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -113502,7 +105702,7 @@ index 0525d78..cccf7fd 100644 if (del_timer(&policy->polq.hold_timer)) xfrm_pol_put(policy); -@@ -659,7 +659,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -664,7 +664,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -113511,7 +105711,7 @@ index 0525d78..cccf7fd 100644 /* After previous checking, family can either be AF_INET or AF_INET6 */ if (policy->family == AF_INET) -@@ -1749,7 +1749,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1754,7 +1754,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols); @@ -113520,7 +105720,7 @@ index 0525d78..cccf7fd 100644 return xdst; } -@@ -2538,10 +2538,11 @@ void xfrm_garbage_collect(struct net *net) +@@ -2570,10 +2570,11 @@ void xfrm_garbage_collect(struct net *net) } EXPORT_SYMBOL(xfrm_garbage_collect); @@ -113533,7 +105733,7 @@ index 0525d78..cccf7fd 100644 static void xfrm_init_pmtu(struct dst_entry *dst) { -@@ -2591,7 +2592,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2623,7 +2624,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -113542,7 +105742,7 @@ index 0525d78..cccf7fd 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2679,8 +2680,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2711,8 +2712,6 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -113551,7 +105751,7 @@ index 0525d78..cccf7fd 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2734,7 +2733,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2766,7 +2765,6 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -113559,7 +105759,7 @@ index 0525d78..cccf7fd 100644 } return err; } -@@ -3119,7 +3117,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3151,7 +3149,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -113703,12 +105903,12 @@ index bf3e677..c7d426e 100644 endif diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean -index 686cb0d..9d653bf 100644 +index a651cee..6b3b9a3 100644 --- a/scripts/Makefile.clean +++ b/scripts/Makefile.clean @@ -43,7 +43,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn)) - __clean-files := $(extra-y) $(always) \ - $(targets) $(clean-files) \ + __clean-files := $(extra-y) $(extra-m) $(extra-) \ + $(always) $(targets) $(clean-files) \ $(host-progs) \ - $(hostprogs-y) $(hostprogs-m) $(hostprogs-) + $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \ @@ -113717,63 +105917,105 @@ index 686cb0d..9d653bf 100644 __clean-files := $(filter-out $(no-clean-files), $(__clean-files)) diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 6689364..e56dc6a 100644 +index ab5980f..85fd3e1 100644 --- a/scripts/Makefile.host +++ b/scripts/Makefile.host -@@ -31,6 +31,8 @@ - # Note: Shared libraries consisting of C++ files are not supported - +@@ -20,7 +20,19 @@ + # Will compile qconf as a C++ program, and menu as a C program. + # They are linked as C++ code to the executable qconf + ++# hostprogs-y := conf ++# conf-objs := conf.o libkconfig.so ++# libkconfig-objs := expr.o type.o ++# Will create a shared library named libkconfig.so that consists of ++# expr.o and type.o (they are both compiled as C code and the object files ++# are made as position independent code). ++# conf.c is compiled as a C program, and conf.o is linked together with ++# libkconfig.so as the executable conf. ++# Note: Shared libraries consisting of C++ files are not supported ++ __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m)) +__hostcxxlibs := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) # C code # Executables compiled from a single .c file -@@ -54,11 +56,15 @@ host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) - # Shared libaries (only .c supported) - # Shared libraries (.so) - all .so files referenced in "xxx-objs" - host-cshlib := $(sort $(filter %.so, $(host-cobjs))) +@@ -42,6 +54,19 @@ host-cxxmulti := $(foreach m,$(__hostprogs),$(if $($(m)-cxxobjs),$(m))) + # C++ Object (.o) files compiled from .cc files + host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) + ++# Shared libaries (only .c supported) ++# Shared libraries (.so) - all .so files referenced in "xxx-objs" ++host-cshlib := $(sort $(filter %.so, $(host-cobjs))) +host-cshlib += $(sort $(filter %.so, $(__hostlibs))) +host-cxxshlib := $(sort $(filter %.so, $(__hostcxxlibs))) - # Remove .so files from "xxx-objs" - host-cobjs := $(filter-out %.so,$(host-cobjs)) ++# Remove .so files from "xxx-objs" ++host-cobjs := $(filter-out %.so,$(host-cobjs)) +host-cxxobjs := $(filter-out %.so,$(host-cxxobjs)) - --#Object (.o) files used by the shared libaries ++ +# Object (.o) files used by the shared libaries - host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) ++host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) +host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) - ++ # output directory for programs/.o files - # hostprogs-y := tools/build may have been specified. Retrieve directory -@@ -82,7 +88,9 @@ host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) + # hostprogs-y := tools/build may have been specified. + # Retrieve also directory of .o files from prog-objs or prog-cxxobjs notation +@@ -56,6 +81,10 @@ host-cmulti := $(addprefix $(obj)/,$(host-cmulti)) + host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) - host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) ++host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) +host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) - host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) ++host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) +host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) obj-dirs += $(host-objdirs) -@@ -156,6 +164,13 @@ quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ - $(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE - $(call if_changed_dep,host-cshobjs) +@@ -96,7 +125,7 @@ quiet_cmd_host-cmulti = HOSTLD $@ + cmd_host-cmulti = $(HOSTCC) $(HOSTLDFLAGS) -o $@ \ + $(addprefix $(obj)/,$($(@F)-objs)) \ + $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) +-$(host-cmulti): $(obj)/%: $(host-cobjs) FORCE ++$(host-cmulti): $(obj)/%: $(host-cobjs) $(host-cshlib) FORCE + $(call if_changed,host-cmulti) + + # Create .o file from a single .c file +@@ -113,7 +142,7 @@ quiet_cmd_host-cxxmulti = HOSTLD $@ + $(foreach o,objs cxxobjs,\ + $(addprefix $(obj)/,$($(@F)-$(o)))) \ + $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) +-$(host-cxxmulti): $(obj)/%: $(host-cobjs) $(host-cxxobjs) FORCE ++$(host-cxxmulti): $(obj)/%: $(host-cobjs) $(host-cxxobjs) $(host-cshlib) FORCE + $(call if_changed,host-cxxmulti) + + # Create .o file from a single .cc (C++) file +@@ -122,5 +151,37 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ + $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE + $(call if_changed_dep,host-cxxobjs) +# Compile .c file, create position independent .o file ++# host-cshobjs -> .o ++quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ ++ cmd_host-cshobjs = $(HOSTCC) $(hostc_flags) -fPIC -c -o $@ $< ++$(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE ++ $(call if_changed_dep,host-cshobjs) ++ ++# Compile .c file, create position independent .o file +# host-cxxshobjs -> .o +quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ + cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< +$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cxxshobjs) + - # Link a shared library, based on position independent .o files - # *.o -> .so shared library (host-cshlib) - quiet_cmd_host-cshlib = HOSTLLD -shared $@ -@@ -165,5 +180,14 @@ quiet_cmd_host-cshlib = HOSTLLD -shared $@ - $(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE - $(call if_changed,host-cshlib) - ++# Link a shared library, based on position independent .o files ++# *.o -> .so shared library (host-cshlib) ++quiet_cmd_host-cshlib = HOSTLLD -shared $@ ++ cmd_host-cshlib = $(HOSTCC) $(HOSTLDFLAGS) -shared -o $@ \ ++ $(addprefix $(obj)/,$($(@F:.so=-objs))) \ ++ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) ++$(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE ++ $(call if_changed,host-cshlib) ++ +# Link a shared library, based on position independent .o files +# *.o -> .so shared library (host-cxxshlib) +quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ @@ -113784,7 +106026,7 @@ index 6689364..e56dc6a 100644 + $(call if_changed,host-cxxshlib) + targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ -- $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) +- $(host-cxxmulti) $(host-cxxobjs) + $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index b304068..462d24e 100644 @@ -113983,10 +106225,10 @@ index e614ef6..d9d2b01 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 9d9c5b9..a3af177 100644 +index 091d905..77b88c7 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -949,6 +949,7 @@ enum mismatch { +@@ -920,6 +920,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -113994,7 +106236,7 @@ index 9d9c5b9..a3af177 100644 }; struct sectioncheck { -@@ -1035,6 +1036,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1006,6 +1007,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -114007,7 +106249,7 @@ index 9d9c5b9..a3af177 100644 } }; -@@ -1155,10 +1162,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1126,10 +1133,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -114020,7 +106262,7 @@ index 9d9c5b9..a3af177 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1436,6 +1443,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1407,6 +1414,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -114035,7 +106277,7 @@ index 9d9c5b9..a3af177 100644 } fprintf(stderr, "\n"); } -@@ -1687,7 +1702,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1658,7 +1673,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -114044,7 +106286,7 @@ index 9d9c5b9..a3af177 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1819,7 +1834,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1789,7 +1804,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -114053,7 +106295,7 @@ index 9d9c5b9..a3af177 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -2038,7 +2053,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -2008,7 +2023,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -114173,7 +106415,7 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/scripts/tags.sh b/scripts/tags.sh -index e6b011f..2d5f70f 100755 +index 293828b..9fbe696 100755 --- a/scripts/tags.sh +++ b/scripts/tags.sh @@ -26,7 +26,7 @@ else @@ -115222,7 +107464,7 @@ index 9981000..eb21356 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 963dc59..12ebd0c 100644 +index bab0611..f9a0ff5 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -427,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data @@ -115269,7 +107511,7 @@ index 963dc59..12ebd0c 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index f79fa8b..6161868 100644 +index 57da4bd..db453a2 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -118,8 +118,8 @@ int ima_init_template(void); @@ -115355,7 +107597,7 @@ index 5f20da0..444ccf1 100644 #ifdef CONFIG_PERSISTENT_KEYRINGS extern long keyctl_get_persistent(uid_t, key_serial_t); diff --git a/security/keys/key.c b/security/keys/key.c -index 2048a11..101df4c 100644 +index 6d0cad1..8f957df 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -285,7 +285,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, @@ -115367,7 +107609,7 @@ index 2048a11..101df4c 100644 key->index_key.type = type; key->user = user; key->quotalen = quotalen; -@@ -1036,7 +1036,9 @@ int register_key_type(struct key_type *ktype) +@@ -1075,7 +1075,9 @@ int register_key_type(struct key_type *ktype) struct key_type *p; int ret; @@ -115378,7 +107620,7 @@ index 2048a11..101df4c 100644 ret = -EEXIST; down_write(&key_types_sem); -@@ -1048,7 +1050,7 @@ int register_key_type(struct key_type *ktype) +@@ -1087,7 +1089,7 @@ int register_key_type(struct key_type *ktype) } /* store the type */ @@ -115387,7 +107629,7 @@ index 2048a11..101df4c 100644 pr_notice("Key type %s registered\n", ktype->name); ret = 0; -@@ -1070,7 +1072,7 @@ EXPORT_SYMBOL(register_key_type); +@@ -1109,7 +1111,7 @@ EXPORT_SYMBOL(register_key_type); void unregister_key_type(struct key_type *ktype) { down_write(&key_types_sem); @@ -115396,7 +107638,7 @@ index 2048a11..101df4c 100644 downgrade_write(&key_types_sem); key_gc_keytype(ktype); pr_notice("Key type %s unregistered\n", ktype->name); -@@ -1088,10 +1090,10 @@ void __init key_init(void) +@@ -1127,10 +1129,10 @@ void __init key_init(void) 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); /* add the special key types */ @@ -115412,10 +107654,10 @@ index 2048a11..101df4c 100644 /* record the root user tracking */ rb_link_node(&root_key_user.node, diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index cd5bd0c..acd0d5c 100644 +index e26f860..dcbe7ea 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c -@@ -987,7 +987,7 @@ static int keyctl_change_reqkey_auth(struct key *key) +@@ -1002,7 +1002,7 @@ static int keyctl_change_reqkey_auth(struct key *key) /* * Copy the iovec data from userspace */ @@ -115424,7 +107666,7 @@ index cd5bd0c..acd0d5c 100644 unsigned ioc) { for (; ioc > 0; ioc--) { -@@ -1009,7 +1009,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, +@@ -1024,7 +1024,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, * If successful, 0 will be returned. */ long keyctl_instantiate_key_common(key_serial_t id, @@ -115433,7 +107675,7 @@ index cd5bd0c..acd0d5c 100644 unsigned ioc, size_t plen, key_serial_t ringid) -@@ -1104,7 +1104,7 @@ long keyctl_instantiate_key(key_serial_t id, +@@ -1119,7 +1119,7 @@ long keyctl_instantiate_key(key_serial_t id, [0].iov_len = plen }; @@ -115442,7 +107684,7 @@ index cd5bd0c..acd0d5c 100644 } return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); -@@ -1137,7 +1137,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, +@@ -1152,7 +1152,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, if (ret == 0) goto no_payload_free; @@ -115472,7 +107714,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index 31614e9..8b86b12 100644 +index e41b1a8..b66a558 100644 --- a/security/security.c +++ b/security/security.c @@ -33,8 +33,8 @@ @@ -115530,7 +107772,7 @@ index a18f1fa..c9b9fc4 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 83d06db..d4d6861 100644 +index b0e9404..b15da09 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -115542,7 +107784,23 @@ index 83d06db..d4d6861 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5761,7 +5759,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -481,6 +479,7 @@ next_inode: + list_entry(sbsec->isec_head.next, + struct inode_security_struct, list); + struct inode *inode = isec->inode; ++ list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + inode = igrab(inode); + if (inode) { +@@ -489,7 +488,6 @@ next_inode: + iput(inode); + } + spin_lock(&sbsec->isec_lock); +- list_del_init(&isec->list); + goto next_inode; + } + spin_unlock(&sbsec->isec_lock); +@@ -5772,7 +5770,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -115551,7 +107809,7 @@ index 83d06db..d4d6861 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -6114,6 +6112,9 @@ static void selinux_nf_ip_exit(void) +@@ -6128,6 +6126,9 @@ static void selinux_nf_ip_exit(void) #ifdef CONFIG_SECURITY_SELINUX_DISABLE static int selinux_disabled; @@ -115561,7 +107819,7 @@ index 83d06db..d4d6861 100644 int selinux_disable(void) { if (ss_initialized) { -@@ -6131,7 +6132,9 @@ int selinux_disable(void) +@@ -6145,7 +6146,9 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; @@ -115586,7 +107844,7 @@ index 1450f85..a91e0bc 100644 } rtnl_unlock(); diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index f2c3080..813c85e 100644 +index e6ab307..2008c98 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3849,7 +3849,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) @@ -115944,7 +108202,7 @@ index ada69d7..5f65386 100644 } } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index af49721..e85058e 100644 +index 102e8fd..7263bb8 100644 --- a/sound/core/pcm_compat.c +++ b/sound/core/pcm_compat.c @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, @@ -115957,10 +108215,10 @@ index af49721..e85058e 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index b653ab0..a4738e3 100644 +index 8cd2f93..8412c57 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2812,11 +2812,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2815,11 +2815,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -116384,7 +108642,7 @@ index 4c41c90..37f3631 100644 return snd_seq_device_register_driver(SNDRV_SEQ_DEV_ID_EMU10K1_SYNTH, &ops, sizeof(struct snd_emu10k1_synth_arg)); diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c -index 4c20277..91abdce 100644 +index ec6a7d0..4e578f7 100644 --- a/sound/pci/hda/hda_codec.c +++ b/sound/pci/hda/hda_codec.c @@ -966,14 +966,10 @@ find_codec_preset(struct hda_codec *codec) @@ -116404,7 +108662,7 @@ index 4c20277..91abdce 100644 mod_requested++; goto again; } -@@ -2777,7 +2773,7 @@ static int get_kctl_0dB_offset(struct snd_kcontrol *kctl, int *step_to_check) +@@ -2780,7 +2776,7 @@ static int get_kctl_0dB_offset(struct hda_codec *codec, /* FIXME: set_fs() hack for obtaining user-space TLV data */ mm_segment_t fs = get_fs(); set_fs(get_ds()); @@ -116471,10 +108729,10 @@ index 81c916a..516f0bf 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c -index 49acc98..b382009 100644 +index d074aa9..ce3cc44 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c -@@ -2279,8 +2279,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, +@@ -2286,8 +2286,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, if (ret) return ret; @@ -124282,10 +116540,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..77b791f +index 0000000..4dc6368 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5718 @@ +@@ -0,0 +1,5850 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -124338,6 +116596,7 @@ index 0000000..77b791f +cfs_hash_bkt_size_643 cfs_hash_bkt_size 0 643 NULL +unlink_queued_645 unlink_queued 4 645 NULL +dtim_interval_read_654 dtim_interval_read 3 654 NULL ++nvif_notify_new_671 nvif_notify_new 6 671 NULL +mem_rx_free_mem_blks_read_675 mem_rx_free_mem_blks_read 3 675 NULL +persistent_ram_vmap_709 persistent_ram_vmap 2-1 709 NULL +sctp_setsockopt_peer_addr_params_734 sctp_setsockopt_peer_addr_params 3 734 NULL @@ -124363,6 +116622,7 @@ index 0000000..77b791f +_scsih_adjust_queue_depth_1083 _scsih_adjust_queue_depth 2 1083 NULL +llcp_sock_sendmsg_1092 llcp_sock_sendmsg 4 1092 NULL +nfs4_init_nonuniform_client_string_1097 nfs4_init_nonuniform_client_string 3 1097 NULL ++__arch_hweight8_1105 __arch_hweight8 0 1105 NULL +utf8s_to_utf16s_1115 utf8s_to_utf16s 0 1115 NULL +cfg80211_report_obss_beacon_1133 cfg80211_report_obss_beacon 3 1133 NULL +i2400m_rx_ctl_1157 i2400m_rx_ctl 4 1157 NULL @@ -124385,6 +116645,7 @@ index 0000000..77b791f +ffs_1322 ffs 0 1322 NULL +qlcnic_pci_sriov_configure_1327 qlcnic_pci_sriov_configure 2 1327 NULL +btrfs_submit_compressed_write_1347 btrfs_submit_compressed_write 5 1347 NULL ++bond_verify_device_path_1352 bond_verify_device_path 3 1352 NULL +snd_pcm_lib_write1_1358 snd_pcm_lib_write1 0-3 1358 NULL +ipx_sendmsg_1362 ipx_sendmsg 4 1362 NULL +fw_stats_raw_read_1369 fw_stats_raw_read 3 1369 NULL @@ -124431,9 +116692,11 @@ index 0000000..77b791f +SyS_add_key_1900 SyS_add_key 4 1900 NULL +uhid_char_read_1920 uhid_char_read 3 1920 NULL +tx_tx_retry_data_read_1926 tx_tx_retry_data_read 3 1926 NULL ++azx_get_position_1927 azx_get_position 0 1927 NULL +bdev_erase_1933 bdev_erase 3 1933 NULL +ext3_fiemap_1936 ext3_fiemap 4 1936 NULL -+cyttsp_probe_1940 cyttsp_probe 4 1940 NULL ++cyttsp_probe_1940 cyttsp_probe 4 1940 NULL nohasharray ++nvif_object_sclass_1940 nvif_object_sclass 3 1940 &cyttsp_probe_1940 +ieee80211_if_fmt_dot11MeshConfirmTimeout_1945 ieee80211_if_fmt_dot11MeshConfirmTimeout 3 1945 NULL +ivtv_v4l2_read_1964 ivtv_v4l2_read 3 1964 NULL +sel_read_avc_hash_stats_1984 sel_read_avc_hash_stats 3 1984 NULL @@ -124553,11 +116816,13 @@ index 0000000..77b791f +read_file_antenna_diversity_3077 read_file_antenna_diversity 3 3077 NULL +ttusb2_msg_3100 ttusb2_msg 4 3100 NULL +rb_alloc_3102 rb_alloc 1 3102 NULL ++ufshcd_get_rsp_upiu_result_3114 ufshcd_get_rsp_upiu_result 0 3114 NULL +simple_write_to_buffer_3122 simple_write_to_buffer 5-2 3122 NULL +print_time_3132 print_time 0 3132 NULL +fill_write_buffer_3142 fill_write_buffer 3 3142 NULL +CIFSSMBSetPosixACL_3154 CIFSSMBSetPosixACL 5 3154 NULL +uv_num_possible_blades_3177 uv_num_possible_blades 0 3177 NULL ++pkcs7_sig_note_signature_3178 pkcs7_sig_note_signature 5 3178 NULL +uinput_ioctl_handler_3181 uinput_ioctl_handler 2 3181 NULL nohasharray +uvc_video_stats_dump_3181 uvc_video_stats_dump 3 3181 &uinput_ioctl_handler_3181 +compat_do_ip6t_set_ctl_3184 compat_do_ip6t_set_ctl 4 3184 NULL @@ -124698,6 +116963,7 @@ index 0000000..77b791f +ncp__vol2io_4804 ncp__vol2io 5 4804 NULL +C_SYSC_setsockopt_4806 C_SYSC_setsockopt 5 4806 NULL +repair_io_failure_4815 repair_io_failure 4-3 4815 NULL ++scsi_end_request_4839 scsi_end_request 3-4 4839 NULL +gigaset_if_receive_4861 gigaset_if_receive 3 4861 NULL +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL +ocfs2_defrag_extent_4873 ocfs2_defrag_extent 2 4873 NULL @@ -124720,6 +116986,7 @@ index 0000000..77b791f +sound_write_5102 sound_write 3 5102 NULL +i40e_dbg_netdev_ops_write_5117 i40e_dbg_netdev_ops_write 3 5117 NULL +qib_7220_handle_hwerrors_5142 qib_7220_handle_hwerrors 3 5142 NULL ++bucket_table_alloc_5149 bucket_table_alloc 1 5149 NULL +__uwb_addr_print_5161 __uwb_addr_print 2 5161 NULL +iwl_dbgfs_status_read_5171 iwl_dbgfs_status_read 3 5171 NULL +acpi_pcc_get_sqty_5176 acpi_pcc_get_sqty 0 5176 NULL @@ -124768,7 +117035,8 @@ index 0000000..77b791f +ria_page_count_5849 ria_page_count 0 5849 NULL +rx_filter_max_arp_queue_dep_read_5851 rx_filter_max_arp_queue_dep_read 3 5851 NULL +uinput_compat_ioctl_5861 uinput_compat_ioctl 2 5861 NULL -+config_buf_5862 config_buf 0 5862 NULL ++config_buf_5862 config_buf 0 5862 NULL nohasharray ++ufshcd_check_query_response_5862 ufshcd_check_query_response 0 5862 &config_buf_5862 +lprocfs_fid_width_seq_write_5889 lprocfs_fid_width_seq_write 3 5889 NULL +port_show_regs_5904 port_show_regs 3 5904 NULL +rbd_segment_length_5907 rbd_segment_length 0-3-2 5907 NULL @@ -124783,6 +117051,7 @@ index 0000000..77b791f +btrfs_item_offset_6019 btrfs_item_offset 0 6019 NULL +alloc_msg_6072 alloc_msg 1 6072 NULL +sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL ++_random_read_6098 _random_read 3 6098 NULL +ipmi_addr_length_6110 ipmi_addr_length 0 6110 NULL nohasharray +force_static_address_read_6110 force_static_address_read 3 6110 &ipmi_addr_length_6110 +dfs_global_file_write_6112 dfs_global_file_write 3 6112 NULL @@ -124813,7 +117082,8 @@ index 0000000..77b791f +regcache_sync_block_raw_6350 regcache_sync_block_raw 5-4 6350 NULL +mei_dbgfs_read_devstate_6352 mei_dbgfs_read_devstate 3 6352 NULL +arch_gnttab_valloc_6372 arch_gnttab_valloc 2 6372 NULL -+osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL ++osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL nohasharray ++sync_fence_alloc_6378 sync_fence_alloc 1 6378 &osd_req_read_sg_kern_6378 +posix_acl_fix_xattr_userns_6420 posix_acl_fix_xattr_userns 4 6420 NULL +add_transaction_credits_6422 add_transaction_credits 2-3 6422 NULL +ipr_change_queue_depth_6431 ipr_change_queue_depth 2 6431 NULL @@ -124950,6 +117220,7 @@ index 0000000..77b791f +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 NULL +venus_lookup_8121 venus_lookup 4 8121 NULL +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL ++ufshcd_wait_for_dev_cmd_8168 ufshcd_wait_for_dev_cmd 0 8168 NULL +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL +recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL @@ -124980,6 +117251,7 @@ index 0000000..77b791f +batadv_tt_len_8502 batadv_tt_len 0-1 8502 NULL +dev_config_8506 dev_config 3 8506 NULL +ACL_to_cifs_posix_8509 ACL_to_cifs_posix 3 8509 NULL ++nouveau_platform_device_create__8514 nouveau_platform_device_create_ 2 8514 NULL +opticon_process_data_packet_8524 opticon_process_data_packet 3 8524 NULL +user_on_off_8552 user_on_off 2 8552 NULL +profile_remove_8556 profile_remove 3 8556 NULL @@ -124999,6 +117271,7 @@ index 0000000..77b791f +arcfb_write_8702 arcfb_write 3 8702 NULL +i_size_read_8703 i_size_read 0 8703 NULL nohasharray +init_header_8703 init_header 0 8703 &i_size_read_8703 ++ufshcd_get_tr_ocs_8706 ufshcd_get_tr_ocs 0 8706 NULL +HDLC_irq_8709 HDLC_irq 2 8709 NULL +ctrl_out_8712 ctrl_out 3-5 8712 NULL +tracing_max_lat_write_8728 tracing_max_lat_write 3 8728 NULL @@ -125063,8 +117336,10 @@ index 0000000..77b791f +altera_swap_ir_9194 altera_swap_ir 2 9194 NULL +snd_m3_get_pointer_9206 snd_m3_get_pointer 0 9206 NULL +iwl_dbgfs_frame_stats_read_9211 iwl_dbgfs_frame_stats_read 3 9211 NULL ++card_send_command_9215 card_send_command 3 9215 NULL +virtqueue_add_9217 virtqueue_add 4-5 9217 NULL +tx_tx_prepared_descs_read_9221 tx_tx_prepared_descs_read 3 9221 NULL ++l2cap_create_connless_pdu_9222 l2cap_create_connless_pdu 3 9222 NULL +sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL +hfsplus_bnode_read_u16_9262 hfsplus_bnode_read_u16 0 9262 NULL +hdpvr_read_9273 hdpvr_read 3 9273 NULL @@ -125112,6 +117387,7 @@ index 0000000..77b791f +dns_query_9676 dns_query 3 9676 NULL +qib_7322_handle_hwerrors_9678 qib_7322_handle_hwerrors 3 9678 NULL +__erst_read_from_storage_9690 __erst_read_from_storage 0 9690 NULL ++lowpan_control_write_9699 lowpan_control_write 3 9699 NULL +vx_transfer_end_9701 vx_transfer_end 0 9701 NULL +fuse_iter_npages_9705 fuse_iter_npages 0 9705 NULL nohasharray +ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 &fuse_iter_npages_9705 @@ -125156,7 +117432,8 @@ index 0000000..77b791f +gfs2_meta_read_10112 gfs2_meta_read 0 10112 NULL +SyS_migrate_pages_10134 SyS_migrate_pages 2 10134 NULL +aes_decrypt_packets_read_10155 aes_decrypt_packets_read 3 10155 NULL -+rx_out_of_mem_read_10157 rx_out_of_mem_read 3 10157 NULL ++rx_out_of_mem_read_10157 rx_out_of_mem_read 3 10157 NULL nohasharray ++tracing_nsecs_write_10157 tracing_nsecs_write 3 10157 &rx_out_of_mem_read_10157 +hidg_alloc_ep_req_10159 hidg_alloc_ep_req 2 10159 NULL +asd_store_update_bios_10165 asd_store_update_bios 4 10165 NULL +kstrtol_from_user_10168 kstrtol_from_user 2 10168 NULL @@ -125167,6 +117444,7 @@ index 0000000..77b791f +cciss_proc_write_10259 cciss_proc_write 3 10259 NULL +__qlcnic_pci_sriov_enable_10281 __qlcnic_pci_sriov_enable 2 10281 NULL +snd_rme9652_capture_copy_10287 snd_rme9652_capture_copy 5 10287 NULL ++nvif_object_new_10300 nvif_object_new 5 10300 NULL +read_emulate_10310 read_emulate 2-4 10310 NULL +read_file_spectral_count_10320 read_file_spectral_count 3 10320 NULL +compat_SyS_writev_10327 compat_SyS_writev 3 10327 NULL @@ -125246,6 +117524,8 @@ index 0000000..77b791f +of_irq_count_11253 of_irq_count 0 11253 NULL +hugetlbfs_read_11268 hugetlbfs_read 3 11268 NULL +ath6kl_power_params_write_11274 ath6kl_power_params_write 3 11274 NULL ++SYSC_getrandom_11294 SYSC_getrandom 2 11294 NULL ++tipc_msg_build_11304 tipc_msg_build 3-4-5 11304 NULL +__proc_daemon_file_11305 __proc_daemon_file 5 11305 NULL +ext4_xattr_check_names_11314 ext4_xattr_check_names 0 11314 NULL +bcache_dev_sectors_dirty_add_11315 bcache_dev_sectors_dirty_add 3-4 11315 NULL @@ -125274,6 +117554,7 @@ index 0000000..77b791f +i40e_dbg_command_write_11421 i40e_dbg_command_write 3 11421 NULL +bttv_read_11432 bttv_read 3 11432 NULL +create_zero_mask_11453 create_zero_mask 0-1 11453 NULL ++ufshcd_change_queue_depth_11477 ufshcd_change_queue_depth 2 11477 NULL +sca3000_read_first_n_hw_rb_11479 sca3000_read_first_n_hw_rb 2 11479 NULL nohasharray +pci_set_power_state_11479 pci_set_power_state 0 11479 &sca3000_read_first_n_hw_rb_11479 +sd_do_mode_sense_11507 sd_do_mode_sense 5 11507 NULL @@ -125314,6 +117595,7 @@ index 0000000..77b791f +rts51x_read_status_11830 rts51x_read_status 4 11830 NULL +unix_stream_connect_11844 unix_stream_connect 3 11844 NULL +ecryptfs_copy_filename_11868 ecryptfs_copy_filename 4 11868 NULL ++l2cap_chan_send_11878 l2cap_chan_send 3 11878 NULL +ieee80211_rx_bss_info_11887 ieee80211_rx_bss_info 3 11887 NULL +mdc_rename_11899 mdc_rename 4-6 11899 NULL +xstateregs_get_11906 xstateregs_get 4 11906 NULL @@ -125356,6 +117638,7 @@ index 0000000..77b791f +il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288 +bt_sock_recvmsg_12316 bt_sock_recvmsg 4 12316 NULL +usnic_transport_sock_to_str_12322 usnic_transport_sock_to_str 2-0 12322 NULL ++ufshcd_copy_query_response_12324 ufshcd_copy_query_response 0 12324 NULL +pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL +mptctl_ioctl_12355 mptctl_ioctl 2 12355 NULL +__nf_ct_ext_add_length_12364 __nf_ct_ext_add_length 3 12364 NULL @@ -125371,6 +117654,7 @@ index 0000000..77b791f +fnic_trace_ctrl_read_12497 fnic_trace_ctrl_read 3 12497 NULL +__ceph_osdc_start_request_12502 __ceph_osdc_start_request 0 12502 NULL +qib_alloc_fast_reg_mr_12526 qib_alloc_fast_reg_mr 2 12526 NULL ++nvkm_event_init_12565 nvkm_event_init 3-2 12565 NULL +hvc_alloc_12579 hvc_alloc 4 12579 NULL +pcpu_extend_area_map_12589 pcpu_extend_area_map 2 12589 NULL +_iwl_dbgfs_prph_reg_write_12597 _iwl_dbgfs_prph_reg_write 3 12597 NULL @@ -125415,6 +117699,7 @@ index 0000000..77b791f +ocfs2_write_begin_13045 ocfs2_write_begin 3-4 13045 NULL +__dn_setsockopt_13060 __dn_setsockopt 5 13060 NULL nohasharray +ptlrpc_lprocfs_threads_min_seq_write_13060 ptlrpc_lprocfs_threads_min_seq_write 3 13060 &__dn_setsockopt_13060 ++ufshcd_compose_upiu_13076 ufshcd_compose_upiu 0 13076 NULL +xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL +ttm_dma_pool_alloc_new_pages_13105 ttm_dma_pool_alloc_new_pages 3 13105 NULL +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL @@ -125436,6 +117721,7 @@ index 0000000..77b791f +bio_integrity_trim_13259 bio_integrity_trim 3-2 13259 NULL +simple_attr_write_13260 simple_attr_write 3 13260 NULL +pmcraid_notify_aen_13274 pmcraid_notify_aen 3 13274 NULL ++nvkm_ltc_create__13275 nvkm_ltc_create_ 4 13275 NULL +il4965_stats_flag_13281 il4965_stats_flag 0-3 13281 NULL +lpfc_idiag_mbxacc_get_setup_13282 lpfc_idiag_mbxacc_get_setup 0 13282 NULL +nvkm_i2c_pad_create__13292 nvkm_i2c_pad_create_ 5 13292 NULL @@ -125480,6 +117766,7 @@ index 0000000..77b791f +mutex_lock_interruptible_nested_13817 mutex_lock_interruptible_nested 0 13817 NULL +hsi_register_board_info_13820 hsi_register_board_info 2 13820 NULL +___mei_cl_send_13821 ___mei_cl_send 3 13821 NULL ++qce_ahash_hmac_setkey_13837 qce_ahash_hmac_setkey 3 13837 NULL +enc_pools_insert_13849 enc_pools_insert 3 13849 NULL +evdev_ioctl_compat_13851 evdev_ioctl_compat 2 13851 NULL +compat_ip_setsockopt_13870 compat_ip_setsockopt 5 13870 NULL @@ -125552,6 +117839,7 @@ index 0000000..77b791f +SyS_setdomainname_14569 SyS_setdomainname 2 14569 NULL +idmap_pipe_downcall_14591 idmap_pipe_downcall 3 14591 NULL +ceph_osdc_alloc_request_14597 ceph_osdc_alloc_request 3 14597 NULL ++ufshcd_compose_dev_cmd_14626 ufshcd_compose_dev_cmd 0 14626 NULL +dbJoin_14644 dbJoin 0 14644 NULL +profile_replace_14652 profile_replace 3 14652 NULL +usnic_vnic_dump_14662 usnic_vnic_dump 3 14662 NULL @@ -125582,6 +117870,7 @@ index 0000000..77b791f +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL +acpi_os_allocate_14892 acpi_os_allocate 1 14892 NULL +SYSC_readv_14901 SYSC_readv 3 14901 NULL ++netlbl_catmap_walk_14902 netlbl_catmap_walk 0-2 14902 NULL +__arch_hweight64_14923 __arch_hweight64 0 14923 NULL nohasharray +qp_memcpy_to_queue_iov_14923 qp_memcpy_to_queue_iov 5-2 14923 &__arch_hweight64_14923 nohasharray +ptlrpc_prep_req_pool_14923 ptlrpc_prep_req_pool 4 14923 &qp_memcpy_to_queue_iov_14923 @@ -125592,6 +117881,7 @@ index 0000000..77b791f +mce_flush_rx_buffer_14976 mce_flush_rx_buffer 2 14976 NULL +setkey_14987 setkey 3 14987 NULL nohasharray +gpio_twl4030_write_14987 gpio_twl4030_write 1 14987 &setkey_14987 ++sctp_setsockopt_default_sndinfo_15011 sctp_setsockopt_default_sndinfo 3 15011 NULL +blk_integrity_tuple_size_15027 blk_integrity_tuple_size 0 15027 NULL +read_file_node_aggr_15040 read_file_node_aggr 3 15040 NULL +cld_pipe_downcall_15058 cld_pipe_downcall 3 15058 NULL @@ -125610,6 +117900,7 @@ index 0000000..77b791f +bfad_debugfs_write_regrd_15218 bfad_debugfs_write_regrd 3 15218 NULL +iwl_dbgfs_sram_write_15239 iwl_dbgfs_sram_write 3 15239 NULL +il_dbgfs_rx_stats_read_15243 il_dbgfs_rx_stats_read 3 15243 NULL ++wacom_led_putimage_15264 wacom_led_putimage 4 15264 NULL +simple_strtol_15273 simple_strtol 0 15273 NULL +fw_realloc_buffer_15280 fw_realloc_buffer 2 15280 NULL +kovaplus_sysfs_read_15337 kovaplus_sysfs_read 6 15337 NULL @@ -125669,6 +117960,7 @@ index 0000000..77b791f +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 NULL nohasharray +dma_tx_requested_read_16110 dma_tx_requested_read 3 16110 &isr_hw_pm_mode_changes_read_16110 ++udelay_test_write_16111 udelay_test_write 3 16111 NULL +snd_dma_pointer_16126 snd_dma_pointer 0-2 16126 NULL +fsm_init_16134 fsm_init 2 16134 NULL +ext4_xattr_block_get_16148 ext4_xattr_block_get 0 16148 NULL @@ -125701,6 +117993,7 @@ index 0000000..77b791f +sysfs_create_groups_16360 sysfs_create_groups 0 16360 NULL +total_ps_buffered_read_16365 total_ps_buffered_read 3 16365 NULL +iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL ++nv50_pioc_create_16389 nv50_pioc_create 5 16389 NULL +ieee80211_if_read_tsf_16420 ieee80211_if_read_tsf 3 16420 NULL +rxrpc_server_keyring_16431 rxrpc_server_keyring 3 16431 NULL +__bio_add_page_16435 __bio_add_page 0-4 16435 NULL @@ -125720,6 +118013,7 @@ index 0000000..77b791f +rtw_set_wpa_ie_16633 rtw_set_wpa_ie 3 16633 NULL +btrfs_get_token_32_16651 btrfs_get_token_32 0 16651 NULL +__wa_populate_dto_urb_16699 __wa_populate_dto_urb 3-4 16699 NULL ++_iwl_dbgfs_bt_force_ant_write_16701 _iwl_dbgfs_bt_force_ant_write 3 16701 NULL +__proc_lnet_buffers_16717 __proc_lnet_buffers 5 16717 NULL +__copy_to_user_swizzled_16748 __copy_to_user_swizzled 3-4 16748 NULL +arcmsr_adjust_disk_queue_depth_16756 arcmsr_adjust_disk_queue_depth 2 16756 NULL @@ -125737,6 +118031,7 @@ index 0000000..77b791f +snd_gf1_mem_proc_dump_16926 snd_gf1_mem_proc_dump 5 16926 &psb_unlocked_ioctl_16926 +_sp2d_alloc_16944 _sp2d_alloc 1-2-3 16944 NULL +squashfs_read_table_16945 squashfs_read_table 3 16945 NULL ++svcxdr_dupstr_16963 svcxdr_dupstr 3 16963 NULL +keyctl_instantiate_key_iov_16969 keyctl_instantiate_key_iov 3 16969 NULL +ceph_read_dir_17005 ceph_read_dir 3 17005 NULL +copy_counters_to_user_17027 copy_counters_to_user 5 17027 NULL @@ -125753,6 +118048,7 @@ index 0000000..77b791f +do_blockdev_direct_IO_17143 do_blockdev_direct_IO 0-6 17143 NULL +nouveau_instobj_create__17144 nouveau_instobj_create_ 4 17144 NULL +jumpshot_write_data_17151 jumpshot_write_data 4 17151 NULL ++mxt_upload_cfg_mem_17157 mxt_upload_cfg_mem 4 17157 NULL +sep_read_17161 sep_read 3 17161 NULL +befs_nls2utf_17163 befs_nls2utf 3 17163 NULL +tx_tx_start_templates_read_17164 tx_tx_start_templates_read 3 17164 NULL @@ -125792,6 +118088,7 @@ index 0000000..77b791f +__copy_to_user_17551 __copy_to_user 0-3 17551 NULL +copy_from_user_17559 copy_from_user 3-0 17559 NULL +hash_netport4_expire_17573 hash_netport4_expire 4 17573 NULL ++wil_write_file_rxon_17581 wil_write_file_rxon 3 17581 NULL +acpi_ut_create_package_object_17594 acpi_ut_create_package_object 1 17594 NULL +neigh_hash_alloc_17595 neigh_hash_alloc 1 17595 NULL +osst_execute_17607 osst_execute 7-6 17607 NULL @@ -125845,6 +118142,7 @@ index 0000000..77b791f +svc_getnl_18120 svc_getnl 0 18120 NULL +paging32_gpte_to_gfn_lvl_18131 paging32_gpte_to_gfn_lvl 0-2-1 18131 NULL +selinux_inode_setsecurity_18148 selinux_inode_setsecurity 4 18148 NULL ++enable_ints_write_18170 enable_ints_write 3 18170 NULL +pccard_store_cis_18176 pccard_store_cis 6 18176 NULL +orinoco_add_extscan_result_18207 orinoco_add_extscan_result 3 18207 NULL +gsm_control_message_18209 gsm_control_message 4 18209 NULL @@ -125878,6 +118176,7 @@ index 0000000..77b791f +ci_role_write_18388 ci_role_write 3 18388 NULL +hdlc_empty_fifo_18397 hdlc_empty_fifo 2 18397 NULL +adis16136_show_serial_18402 adis16136_show_serial 3 18402 NULL ++nvif_device_init_18418 nvif_device_init 6 18418 NULL +memblock_virt_alloc_node_nopanic_18431 memblock_virt_alloc_node_nopanic 1 18431 NULL +iscsi_create_flashnode_sess_18433 iscsi_create_flashnode_sess 4 18433 NULL +snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL @@ -125898,6 +118197,7 @@ index 0000000..77b791f +filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL +iowarrior_write_18604 iowarrior_write 3 18604 NULL +from_buffer_18625 from_buffer 3 18625 NULL ++kmalloc_kernel_18641 kmalloc_kernel 1 18641 NULL +snd_pcm_oss_write3_18657 snd_pcm_oss_write3 0-3 18657 NULL +ieee80211_if_fmt_rssi_threshold_18664 ieee80211_if_fmt_rssi_threshold 3 18664 NULL +xfs_iext_insert_18667 xfs_iext_insert 3 18667 NULL @@ -125914,6 +118214,7 @@ index 0000000..77b791f +read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL +SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL ++fence_context_alloc_18792 fence_context_alloc 1 18792 NULL +dm_stats_print_18815 dm_stats_print 7 18815 NULL +sys_modify_ldt_18824 sys_modify_ldt 3 18824 NULL +mtf_test_write_18844 mtf_test_write 3 18844 NULL @@ -125921,6 +118222,7 @@ index 0000000..77b791f +ieee80211_if_read_element_ttl_18869 ieee80211_if_read_element_ttl 3 18869 NULL +xlog_find_verify_log_record_18870 xlog_find_verify_log_record 2 18870 NULL +devm_mdiobus_alloc_size_18902 devm_mdiobus_alloc_size 2 18902 NULL ++tracing_thresh_write_18909 tracing_thresh_write 3 18909 NULL +ceph_setxattr_18913 ceph_setxattr 4 18913 NULL +ieee80211_rx_mgmt_disassoc_18927 ieee80211_rx_mgmt_disassoc 3 18927 NULL +snapshot_write_next_18937 snapshot_write_next 0 18937 NULL @@ -125937,6 +118239,7 @@ index 0000000..77b791f +sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL +cifs_readv_from_socket_19109 cifs_readv_from_socket 3 19109 NULL +skb_gro_offset_19123 skb_gro_offset 0 19123 NULL ++cma_bitmap_maxno_19135 cma_bitmap_maxno 0 19135 NULL +snd_als4k_iobase_readl_19136 snd_als4k_iobase_readl 0 19136 NULL +alloc_irdadev_19140 alloc_irdadev 1 19140 NULL +sleep_auth_read_19159 sleep_auth_read 3 19159 NULL @@ -125983,7 +118286,9 @@ index 0000000..77b791f +ieee80211_key_alloc_19575 ieee80211_key_alloc 3 19575 NULL +bm_status_read_19583 bm_status_read 3 19583 NULL +load_xattr_datum_19594 load_xattr_datum 0 19594 NULL ++drbg_sec_strength_19604 drbg_sec_strength 0 19604 NULL +__mei_cl_recv_19636 __mei_cl_recv 3 19636 NULL ++parser_init_19651 parser_init 2 19651 NULL +LoadBitmap_19658 LoadBitmap 2 19658 NULL +memblock_virt_alloc_low_nopanic_19714 memblock_virt_alloc_low_nopanic 1 19714 NULL +read_reg_19723 read_reg 0 19723 NULL @@ -125995,6 +118300,7 @@ index 0000000..77b791f +ocfs2_readpages_19759 ocfs2_readpages 4 19759 NULL +jffs2_acl_from_medium_19762 jffs2_acl_from_medium 2 19762 NULL +readhscx_19769 readhscx 0 19769 NULL ++ath10k_write_htt_max_amsdu_ampdu_19820 ath10k_write_htt_max_amsdu_ampdu 3 19820 NULL +irda_setsockopt_19824 irda_setsockopt 5 19824 NULL +vfs_getxattr_19832 vfs_getxattr 0 19832 NULL +crypt_alloc_buffer_19846 crypt_alloc_buffer 2 19846 NULL @@ -126006,6 +118312,8 @@ index 0000000..77b791f +mangle_name_19923 mangle_name 0 19923 NULL +cgroup_task_count_19930 cgroup_task_count 0 19930 NULL +guest_read_tsc_19931 guest_read_tsc 0 19931 NULL ++azx_get_pos_lpib_19933 azx_get_pos_lpib 0 19933 NULL ++v4l2_ctrl_new_19942 v4l2_ctrl_new 8-12 19942 NULL +iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL +cfg80211_rx_assoc_resp_19944 cfg80211_rx_assoc_resp 4 19944 NULL +ll_xattr_cache_list_19954 ll_xattr_cache_list 0 19954 NULL @@ -126013,6 +118321,7 @@ index 0000000..77b791f +attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL +rtw_set_wps_probe_resp_19989 rtw_set_wps_probe_resp 3 19989 NULL +lustre_pack_request_19992 lustre_pack_request 3 19992 NULL ++find_overflow_devnum_19995 find_overflow_devnum 0 19995 NULL +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL +lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 NULL nohasharray +event_trigger_write_20009 event_trigger_write 3 20009 &lov_stripe_md_size_20009 @@ -126088,6 +118397,7 @@ index 0000000..77b791f +brcmf_p2p_escan_20763 brcmf_p2p_escan 2 20763 NULL +fb_alloc_cmap_gfp_20792 fb_alloc_cmap_gfp 2 20792 NULL +iwl_dbgfs_rxon_flags_read_20795 iwl_dbgfs_rxon_flags_read 3 20795 NULL ++edid_write_20797 edid_write 3 20797 NULL +lowpan_write_20800 lowpan_write 3 20800 NULL +strndup_user_20819 strndup_user 2 20819 NULL +tipc_msg_build_20825 tipc_msg_build 3 20825 NULL @@ -126115,6 +118425,7 @@ index 0000000..77b791f +alg_setsockopt_20985 alg_setsockopt 5 20985 NULL +qib_verbs_send_20999 qib_verbs_send 5-3 20999 NULL +btrfs_inode_ref_name_len_21024 btrfs_inode_ref_name_len 0 21024 NULL ++arch_gnttab_init_21030 arch_gnttab_init 1 21030 NULL +rx_defrag_tkip_called_read_21031 rx_defrag_tkip_called_read 3 21031 NULL +srp_change_queue_depth_21038 srp_change_queue_depth 2 21038 NULL +fsl_edma_prep_dma_cyclic_21042 fsl_edma_prep_dma_cyclic 4-3 21042 NULL @@ -126143,6 +118454,7 @@ index 0000000..77b791f +get_zeroed_page_21322 get_zeroed_page 0 21322 NULL +ftrace_profile_read_21327 ftrace_profile_read 3 21327 NULL +read_file_bool_bmps_21344 read_file_bool_bmps 3 21344 NULL ++azx_get_delay_from_lpib_21348 azx_get_delay_from_lpib 3 21348 NULL +gfs2_ea_get_copy_21353 gfs2_ea_get_copy 0 21353 NULL +allocate_cmdlines_buffer_21355 allocate_cmdlines_buffer 1 21355 NULL +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL @@ -126155,6 +118467,7 @@ index 0000000..77b791f +snapshot_read_next_21426 snapshot_read_next 0 21426 NULL +tcp_bound_to_half_wnd_21429 tcp_bound_to_half_wnd 0-2 21429 NULL +aggr_size_tx_agg_vs_rate_read_21438 aggr_size_tx_agg_vs_rate_read 3 21438 NULL ++nouveau_clock_create__21449 nouveau_clock_create_ 8 21449 NULL +__ertm_hdr_size_21450 __ertm_hdr_size 0 21450 NULL +mei_nfc_send_21477 mei_nfc_send 3 21477 NULL +read_file_xmit_21487 read_file_xmit 3 21487 NULL @@ -126268,6 +118581,7 @@ index 0000000..77b791f +mdc800_device_read_22896 mdc800_device_read 3 22896 NULL +ion_handle_test_kernel_22900 ion_handle_test_kernel 4-3 22900 NULL nohasharray +policy_emit_config_values_22900 policy_emit_config_values 3 22900 &ion_handle_test_kernel_22900 ++nfs4_acl_bytes_22915 nfs4_acl_bytes 0-1 22915 NULL +__set_xattr_22923 __set_xattr 0 22923 NULL +xstateregs_set_22932 xstateregs_set 4 22932 NULL +pcpu_mem_zalloc_22948 pcpu_mem_zalloc 1 22948 NULL @@ -126302,6 +118616,7 @@ index 0000000..77b791f +usblp_write_23178 usblp_write 3 23178 NULL +gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL +mpi_alloc_limb_space_23190 mpi_alloc_limb_space 1 23190 NULL ++tipc_sendmcast_23214 tipc_sendmcast 4 23214 NULL +nft_hash_tbl_alloc_23224 nft_hash_tbl_alloc 1 23224 NULL +tty_buffer_request_room_23228 tty_buffer_request_room 2-0 23228 NULL +xlog_get_bp_23229 xlog_get_bp 2 23229 NULL nohasharray @@ -126465,6 +118780,7 @@ index 0000000..77b791f +packet_sendmsg_24954 packet_sendmsg 4 24954 NULL +twl_i2c_write_u8_24976 twl_i2c_write_u8 3 24976 NULL +llc_ui_sendmsg_24987 llc_ui_sendmsg 4 24987 NULL ++info_debugfs_read_helper_24988 info_debugfs_read_helper 0 24988 NULL +key_conf_hw_key_idx_read_25003 key_conf_hw_key_idx_read 3 25003 NULL +il_dbgfs_channels_read_25005 il_dbgfs_channels_read 3 25005 NULL +ni_660x_num_counters_25031 ni_660x_num_counters 0 25031 NULL @@ -126616,6 +118932,7 @@ index 0000000..77b791f +hhf_zalloc_26912 hhf_zalloc 1 26912 NULL +cfg80211_process_auth_26916 cfg80211_process_auth 3 26916 NULL +x25_asy_change_mtu_26928 x25_asy_change_mtu 2 26928 NULL ++brcmf_usb_dl_cmd_26931 brcmf_usb_dl_cmd 4 26931 NULL +scsi_tgt_copy_sense_26933 scsi_tgt_copy_sense 3 26933 NULL +sctp_setsockopt_adaptation_layer_26935 sctp_setsockopt_adaptation_layer 3 26935 NULL nohasharray +pwr_ps_enter_read_26935 pwr_ps_enter_read 3 26935 &sctp_setsockopt_adaptation_layer_26935 @@ -126636,9 +118953,11 @@ index 0000000..77b791f +drbd_get_capacity_27141 drbd_get_capacity 0 27141 NULL +pms_capture_27142 pms_capture 4 27142 NULL +btmrvl_hscfgcmd_write_27143 btmrvl_hscfgcmd_write 3 27143 NULL ++wil_write_file_wmi_27150 wil_write_file_wmi 3 27150 NULL +snd_compr_calc_avail_27165 snd_compr_calc_avail 0 27165 NULL +ieee80211_if_read_rc_rateidx_mask_5ghz_27183 ieee80211_if_read_rc_rateidx_mask_5ghz 3 27183 NULL -+write_kmem_27225 write_kmem 3 27225 NULL ++write_kmem_27225 write_kmem 3 27225 NULL nohasharray ++svcxdr_tmpalloc_27225 svcxdr_tmpalloc 2 27225 &write_kmem_27225 +dbAllocAG_27228 dbAllocAG 0 27228 NULL +rxrpc_request_key_27235 rxrpc_request_key 3 27235 NULL +ll_track_gid_seq_write_27267 ll_track_gid_seq_write 3 27267 NULL @@ -126711,6 +119030,7 @@ index 0000000..77b791f +init_rs_non_canonical_28059 init_rs_non_canonical 1 28059 NULL +lpfc_idiag_mbxacc_read_28061 lpfc_idiag_mbxacc_read 3 28061 NULL +tx_frag_bad_mblk_num_read_28064 tx_frag_bad_mblk_num_read 3 28064 NULL ++acpi_gsb_i2c_write_bytes_28082 acpi_gsb_i2c_write_bytes 4 28082 NULL +mmc_test_alloc_mem_28102 mmc_test_alloc_mem 3-2 28102 NULL +rx_defrag_need_defrag_read_28117 rx_defrag_need_defrag_read 3 28117 NULL +vgacon_adjust_height_28124 vgacon_adjust_height 2 28124 NULL @@ -126777,11 +119097,13 @@ index 0000000..77b791f +snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL +read_file_btcoex_28743 read_file_btcoex 3 28743 NULL +max_hw_blocks_28748 max_hw_blocks 0 28748 NULL ++nv50_dmac_create_28762 nv50_dmac_create 5 28762 NULL +rpc_pipe_generic_upcall_28766 rpc_pipe_generic_upcall 4 28766 NULL +ath6kl_get_num_reg_28780 ath6kl_get_num_reg 0 28780 NULL +sel_write_member_28800 sel_write_member 3 28800 NULL +iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL +kernel_tree_alloc_28833 kernel_tree_alloc 1 28833 NULL ++parser_init_byteStream_28841 parser_init_byteStream 2 28841 NULL +vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL +ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL +packet_sendmsg_spkt_28885 packet_sendmsg_spkt 4 28885 NULL @@ -126818,6 +119140,7 @@ index 0000000..77b791f +evdev_handle_get_val_29242 evdev_handle_get_val 5-6 29242 NULL +security_context_to_sid_core_29248 security_context_to_sid_core 2 29248 NULL +rbd_osd_req_create_29260 rbd_osd_req_create 3 29260 NULL ++mwifiex_hscfg_write_29262 mwifiex_hscfg_write 3 29262 NULL +prism2_set_genericelement_29277 prism2_set_genericelement 3 29277 NULL +ext4_fiemap_29296 ext4_fiemap 4 29296 NULL +sn9c102_read_29305 sn9c102_read 3 29305 NULL @@ -126841,6 +119164,7 @@ index 0000000..77b791f +usnic_vnic_spec_dump_29508 usnic_vnic_spec_dump 2 29508 NULL +write_file_regidx_29517 write_file_regidx 3 29517 NULL +atk_debugfs_ggrp_read_29522 atk_debugfs_ggrp_read 3 29522 NULL ++mic_vringh_copy_29531 mic_vringh_copy 4 29531 NULL +ftrace_write_29551 ftrace_write 3 29551 NULL +idetape_queue_rw_tail_29562 idetape_queue_rw_tail 3 29562 NULL +leaf_dealloc_29566 leaf_dealloc 3 29566 NULL @@ -126995,6 +119319,7 @@ index 0000000..77b791f +vb2_vmalloc_get_userptr_31374 vb2_vmalloc_get_userptr 3-2 31374 NULL +trace_parser_get_init_31379 trace_parser_get_init 2 31379 NULL +inb_31388 inb 0 31388 NULL ++mp_ioapic_pin_count_31393 mp_ioapic_pin_count 0 31393 NULL +key_ifindex_read_31411 key_ifindex_read 3 31411 NULL +_sp2d_max_pg_31422 _sp2d_max_pg 0 31422 NULL +TSS_checkhmac1_31429 TSS_checkhmac1 5 31429 NULL @@ -127135,6 +119460,7 @@ index 0000000..77b791f +cifs_writedata_alloc_32880 cifs_writedata_alloc 1 32880 NULL nohasharray +ath6kl_usb_submit_ctrl_in_32880 ath6kl_usb_submit_ctrl_in 6 32880 &cifs_writedata_alloc_32880 +vp702x_usb_inout_cmd_32884 vp702x_usb_inout_cmd 4-6 32884 NULL ++visorchannel_dump_section_32893 visorchannel_dump_section 4 32893 NULL +tipc_link_iovec_xmit_fast_32913 tipc_link_iovec_xmit_fast 3 32913 NULL nohasharray +il_dbgfs_tx_stats_read_32913 il_dbgfs_tx_stats_read 3 32913 &tipc_link_iovec_xmit_fast_32913 +zlib_inflate_workspacesize_32927 zlib_inflate_workspacesize 0 32927 NULL @@ -127219,6 +119545,7 @@ index 0000000..77b791f +scrub_setup_recheck_block_33831 scrub_setup_recheck_block 5-4 33831 NULL +ext4_journal_extend_33835 ext4_journal_extend 2 33835 NULL +oz_cdev_write_33852 oz_cdev_write 3 33852 NULL ++azx_get_pos_posbuf_33867 azx_get_pos_posbuf 0 33867 NULL +get_user_pages_33908 get_user_pages 0 33908 NULL +sg_nents_33909 sg_nents 0 33909 NULL +ath6kl_roam_mode_write_33912 ath6kl_roam_mode_write 3 33912 NULL @@ -127232,6 +119559,7 @@ index 0000000..77b791f +lbs_lowrssi_write_34025 lbs_lowrssi_write 3 34025 NULL +ppp_write_34034 ppp_write 3 34034 NULL +tty_insert_flip_string_34042 tty_insert_flip_string 3-0 34042 NULL ++bm_page_io_async_34050 bm_page_io_async 2 34050 NULL +calc_linear_pos_34067 calc_linear_pos 0-4 34067 NULL +memcg_update_all_caches_34068 memcg_update_all_caches 1 34068 NULL +pipeline_pipeline_fifo_full_read_34095 pipeline_pipeline_fifo_full_read 3 34095 NULL @@ -127250,6 +119578,7 @@ index 0000000..77b791f +ext4_get_groups_count_34324 ext4_get_groups_count 0 34324 NULL +pcpu_need_to_extend_34326 pcpu_need_to_extend 0 34326 NULL nohasharray +iov_iter_single_seg_count_34326 iov_iter_single_seg_count 0 34326 &pcpu_need_to_extend_34326 ++proc_thread_self_readlink_34357 proc_thread_self_readlink 3 34357 NULL +crypto_ablkcipher_ivsize_34363 crypto_ablkcipher_ivsize 0 34363 NULL nohasharray +sync_page_io_34363 sync_page_io 3 34363 &crypto_ablkcipher_ivsize_34363 +rngapi_reset_34366 rngapi_reset 3 34366 NULL @@ -127320,6 +119649,7 @@ index 0000000..77b791f +sec_flags2str_34933 sec_flags2str 3 34933 NULL +snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL +do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL ++sdebug_change_qdepth_34994 sdebug_change_qdepth 2 34994 NULL +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL +l2cap_skbuff_fromiovec_35003 l2cap_skbuff_fromiovec 4-3 35003 NULL +sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL @@ -127385,6 +119715,7 @@ index 0000000..77b791f +md_super_write_35703 md_super_write 4 35703 NULL +iwl_dbgfs_disable_ht40_read_35761 iwl_dbgfs_disable_ht40_read 3 35761 NULL +udf_alloc_i_data_35786 udf_alloc_i_data 2 35786 NULL ++alloc_netdev_mqs_35806 alloc_netdev_mqs 1 35806 NULL +pvr2_hdw_cpufw_get_35824 pvr2_hdw_cpufw_get 0-4-2 35824 NULL +tx_tx_cmplt_read_35854 tx_tx_cmplt_read 3 35854 NULL +vx_query_hbuffer_size_35859 vx_query_hbuffer_size 0 35859 NULL @@ -127448,11 +119779,13 @@ index 0000000..77b791f +afs_alloc_flat_call_36399 afs_alloc_flat_call 2-3 36399 NULL +sierra_write_36402 sierra_write 4 36402 NULL +SyS_sethostname_36417 SyS_sethostname 2 36417 NULL ++soc_pcm_codec_params_fixup_36434 soc_pcm_codec_params_fixup 2 36434 NULL +ReadW6692B_36445 ReadW6692B 0 36445 NULL +sctp_tsnmap_init_36446 sctp_tsnmap_init 2 36446 NULL +alloc_etherdev_mqs_36450 alloc_etherdev_mqs 1 36450 NULL +SyS_process_vm_writev_36476 SyS_process_vm_writev 3-5 36476 NULL +b43_nphy_load_samples_36481 b43_nphy_load_samples 3 36481 NULL ++ds1343_nvram_write_36489 ds1343_nvram_write 5-6 36489 NULL +tx_tx_checksum_result_read_36490 tx_tx_checksum_result_read 3 36490 NULL nohasharray +ip6_append_data_36490 ip6_append_data 4 36490 &tx_tx_checksum_result_read_36490 +cmd_loop_36491 cmd_loop 0 36491 NULL @@ -127499,6 +119832,7 @@ index 0000000..77b791f +auok190xfb_write_37001 auok190xfb_write 3 37001 NULL +setxattr_37006 setxattr 4 37006 NULL +ec_i2c_xfer_37029 ec_i2c_xfer 3 37029 NULL ++ieee80211_chsw_switch_vifs_37030 ieee80211_chsw_switch_vifs 2 37030 NULL +command_file_read_37038 command_file_read 3 37038 NULL +figure_loop_size_37051 figure_loop_size 2-3 37051 NULL +qp_broker_create_37053 qp_broker_create 6-5 37053 NULL nohasharray @@ -127571,6 +119905,7 @@ index 0000000..77b791f +dccp_setsockopt_cscov_37766 dccp_setsockopt_cscov 2 37766 NULL +il4965_rs_sta_dbgfs_rate_scale_data_read_37792 il4965_rs_sta_dbgfs_rate_scale_data_read 3 37792 NULL +smk_read_logging_37804 smk_read_logging 3 37804 NULL ++nvkm_notify_init_37806 nvkm_notify_init 6 37806 NULL +ocrdma_alloc_frmr_page_list_37815 ocrdma_alloc_frmr_page_list 2 37815 NULL +rx_decrypt_key_not_found_read_37820 rx_decrypt_key_not_found_read 3 37820 NULL +android_get_p2p_addr_37832 android_get_p2p_addr 0 37832 NULL @@ -127589,11 +119924,13 @@ index 0000000..77b791f +aggr_recv_addba_req_evt_38037 aggr_recv_addba_req_evt 4 38037 NULL +il_dbgfs_chain_noise_read_38044 il_dbgfs_chain_noise_read 3 38044 NULL nohasharray +klsi_105_prepare_write_buffer_38044 klsi_105_prepare_write_buffer 3 38044 &il_dbgfs_chain_noise_read_38044 ++parser_init_guts_38046 parser_init_guts 2 38046 NULL +SyS_llistxattr_38048 SyS_llistxattr 3 38048 NULL +sysfs_do_create_link_38051 sysfs_do_create_link 0 38051 NULL +_xfs_buf_alloc_38058 _xfs_buf_alloc 3 38058 NULL +nsm_create_handle_38060 nsm_create_handle 4 38060 NULL +alloc_ltalkdev_38071 alloc_ltalkdev 1 38071 NULL ++cifs_send_async_read_38077 cifs_send_async_read 2 38077 NULL +xfs_buf_readahead_map_38081 xfs_buf_readahead_map 3 38081 NULL +uwb_mac_addr_print_38085 uwb_mac_addr_print 2 38085 NULL +request_key_auth_new_38092 request_key_auth_new 3 38092 NULL @@ -127613,6 +119950,7 @@ index 0000000..77b791f +osd_req_list_partition_collections_38223 osd_req_list_partition_collections 5 38223 NULL +ceph_decode_16_38239 ceph_decode_16 0 38239 NULL +_ipw_read_reg32_38245 _ipw_read_reg32 0 38245 NULL ++nvkm_dmaobj_create__38250 nvkm_dmaobj_create_ 6 38250 NULL +mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 NULL nohasharray +ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 &mthca_alloc_icm_table_38268 +xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray @@ -127652,7 +119990,9 @@ index 0000000..77b791f +qp_broker_alloc_38646 qp_broker_alloc 6-5 38646 NULL +mmc_send_cxd_data_38655 mmc_send_cxd_data 5 38655 NULL +nouveau_instmem_create__38664 nouveau_instmem_create_ 4 38664 NULL ++ufshcd_read_sdev_qdepth_38676 ufshcd_read_sdev_qdepth 0 38676 NULL +iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL ++tracing_nsecs_read_38689 tracing_nsecs_read 3 38689 NULL +rbio_add_io_page_38700 rbio_add_io_page 6 38700 NULL +w83977af_sir_interrupt_38738 w83977af_sir_interrupt 0 38738 NULL +udf_readpages_38761 udf_readpages 4 38761 NULL @@ -127690,6 +120030,7 @@ index 0000000..77b791f +ubi_more_update_data_39189 ubi_more_update_data 4 39189 NULL +qcam_read_bytes_39205 qcam_read_bytes 0 39205 NULL +ivtv_v4l2_write_39226 ivtv_v4l2_write 3 39226 NULL ++SyS_getrandom_39235 SyS_getrandom 2 39235 NULL +posix_acl_to_xattr_39237 posix_acl_to_xattr 0 39237 NULL +snd_pcm_capture_forward_39248 snd_pcm_capture_forward 2 39248 NULL +r128_compat_ioctl_39250 r128_compat_ioctl 2 39250 NULL nohasharray @@ -127712,6 +120053,7 @@ index 0000000..77b791f +alloc_agpphysmem_i8xx_39427 alloc_agpphysmem_i8xx 1 39427 NULL +mic_desc_size_39464 mic_desc_size 0 39464 NULL +setkey_unaligned_39474 setkey_unaligned 3 39474 NULL ++usif_ioctl_39481 usif_ioctl 3 39481 NULL +ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries_39499 ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries 3 39499 NULL +cl_req_alloc_39523 cl_req_alloc 4 39523 NULL +int_proc_write_39542 int_proc_write 3 39542 NULL @@ -127735,6 +120077,7 @@ index 0000000..77b791f +security_inode_listsecurity_39812 security_inode_listsecurity 0 39812 NULL +snd_pcm_oss_writev3_39818 snd_pcm_oss_writev3 3 39818 NULL +get_priv_size_39828 get_priv_size 0-1 39828 NULL ++netlbl_catmap_walkrng_39885 netlbl_catmap_walkrng 0-2 39885 NULL +pkt_add_39897 pkt_add 3 39897 NULL +read_file_modal_eeprom_39909 read_file_modal_eeprom 3 39909 NULL +gen_pool_add_virt_39913 gen_pool_add_virt 4 39913 NULL @@ -127777,11 +120120,13 @@ index 0000000..77b791f +osst_read_40237 osst_read 3 40237 NULL +lpage_info_slot_40243 lpage_info_slot 1-3 40243 NULL +ocfs2_zero_extend_get_range_40248 ocfs2_zero_extend_get_range 4 40248 NULL -+of_get_child_count_40254 of_get_child_count 0 40254 NULL ++of_get_child_count_40254 of_get_child_count 0 40254 NULL nohasharray ++fsl_edma_prep_dma_cyclic_40254 fsl_edma_prep_dma_cyclic 3-4 40254 &of_get_child_count_40254 +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL +ext2_fiemap_40271 ext2_fiemap 4 40271 NULL +usbnet_read_cmd_40275 usbnet_read_cmd 7 40275 NULL +rx_xfr_hint_trig_read_40283 rx_xfr_hint_trig_read 3 40283 NULL ++tracing_thresh_read_40295 tracing_thresh_read 3 40295 NULL +SyS_bind_40303 SyS_bind 3 40303 NULL +ib_get_mad_data_offset_40336 ib_get_mad_data_offset 0 40336 NULL +mmio_read_40348 mmio_read 4 40348 NULL @@ -127789,6 +120134,7 @@ index 0000000..77b791f +ocfs2_check_range_for_refcount_40365 ocfs2_check_range_for_refcount 3-2 40365 NULL +get_chars_40373 get_chars 3 40373 NULL +fb_prepare_extra_logos_40429 fb_prepare_extra_logos 0-2 40429 NULL ++proc_write_driver_40432 proc_write_driver 3 40432 NULL +tomoyo_update_policy_40458 tomoyo_update_policy 2 40458 NULL +zd_usb_scnprint_id_40459 zd_usb_scnprint_id 0-3 40459 NULL +gp2ap020a00f_write_event_threshold_40461 gp2ap020a00f_write_event_threshold 2 40461 NULL @@ -127868,6 +120214,7 @@ index 0000000..77b791f +erst_read_41260 erst_read 0 41260 NULL +alloc_context_41283 alloc_context 1 41283 NULL +of_count_phandle_with_args_41291 of_count_phandle_with_args 0 41291 NULL ++virtscsi_change_queue_depth_41327 virtscsi_change_queue_depth 2 41327 NULL +o2hb_setup_one_bio_41341 o2hb_setup_one_bio 4 41341 NULL +twl_change_queue_depth_41342 twl_change_queue_depth 2 41342 NULL +rtw_android_set_block_41347 rtw_android_set_block 0 41347 NULL @@ -127910,6 +120257,7 @@ index 0000000..77b791f +ieee80211_if_fmt_bssid_41677 ieee80211_if_fmt_bssid 3 41677 NULL +fill_pcm_stream_name_41685 fill_pcm_stream_name 2 41685 NULL +lov_unpackmd_41701 lov_unpackmd 4 41701 NULL ++connector_write_41709 connector_write 3 41709 NULL +fillonedir_41746 fillonedir 3 41746 NULL +iwl_dbgfs_bt_notif_read_41794 iwl_dbgfs_bt_notif_read 3 41794 NULL +hsi_alloc_controller_41802 hsi_alloc_controller 1 41802 NULL @@ -127940,6 +120288,7 @@ index 0000000..77b791f +jffs2_do_link_42048 jffs2_do_link 6 42048 NULL +ps_poll_upsd_max_ap_turn_read_42050 ps_poll_upsd_max_ap_turn_read 3 42050 NULL +InterfaceTransmitPacket_42058 InterfaceTransmitPacket 3 42058 NULL ++ufshcd_dev_cmd_completion_42080 ufshcd_dev_cmd_completion 0 42080 NULL +scsi_execute_req_42088 scsi_execute_req 5 42088 NULL +sk_chk_filter_42095 sk_chk_filter 2 42095 NULL +submit_inquiry_42108 submit_inquiry 3 42108 NULL @@ -127996,6 +120345,7 @@ index 0000000..77b791f +request_key_and_link_42693 request_key_and_link 4 42693 NULL +vb2_read_42703 vb2_read 3 42703 NULL +read_status_42722 read_status 0 42722 NULL ++iwl_mvm_coex_dump_mbox_old_42727 iwl_mvm_coex_dump_mbox_old 4-3-0 42727 NULL +dvb_demux_ioctl_42733 dvb_demux_ioctl 2 42733 NULL +set_aoe_iflist_42737 set_aoe_iflist 2 42737 NULL +ax25_setsockopt_42740 ax25_setsockopt 5 42740 NULL @@ -128080,6 +120430,7 @@ index 0000000..77b791f +dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4 43679 NULL +max77693_bulk_write_43698 max77693_bulk_write 2-3 43698 NULL +nvkm_connector_create__43711 nvkm_connector_create_ 6 43711 NULL ++fuse_send_read_43725 fuse_send_read 4-0 43725 NULL +drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL +snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL +fuse_conn_congestion_threshold_write_43736 fuse_conn_congestion_threshold_write 3 43736 NULL @@ -128138,6 +120489,7 @@ index 0000000..77b791f +drm_buffer_alloc_44405 drm_buffer_alloc 2 44405 NULL +osst_do_scsi_44410 osst_do_scsi 4 44410 NULL +ieee80211_if_read_rc_rateidx_mcs_mask_5ghz_44423 ieee80211_if_read_rc_rateidx_mcs_mask_5ghz 3 44423 NULL ++mic_virtio_copy_to_user_44472 mic_virtio_copy_to_user 3-4 44472 NULL +write_file_debug_44476 write_file_debug 3 44476 NULL +btrfs_chunk_item_size_44478 btrfs_chunk_item_size 0-1 44478 NULL +sdio_align_size_44489 sdio_align_size 0-2 44489 NULL @@ -128151,6 +120503,7 @@ index 0000000..77b791f +ieee80211_rx_mgmt_assoc_resp_44525 ieee80211_rx_mgmt_assoc_resp 3 44525 NULL +comm_write_44537 comm_write 3 44537 NULL +dgrp_config_proc_write_44571 dgrp_config_proc_write 3 44571 NULL ++l2cap_sock_memcpy_fromiovec_cb_44573 l2cap_sock_memcpy_fromiovec_cb 4 44573 NULL +nouveau_perfmon_create__44602 nouveau_perfmon_create_ 4 44602 NULL +xpcs_mmd_write_44633 xpcs_mmd_write 3 44633 NULL +alloc_ctrl_packet_44667 alloc_ctrl_packet 1 44667 NULL @@ -128248,6 +120601,7 @@ index 0000000..77b791f +bscnl_emit_45699 bscnl_emit 2-5-0 45699 NULL nohasharray +unix_dgram_sendmsg_45699 unix_dgram_sendmsg 4 45699 &bscnl_emit_45699 +sg_proc_write_adio_45704 sg_proc_write_adio 3 45704 NULL ++wlcore_smart_config_decode_event_45714 wlcore_smart_config_decode_event 2-4 45714 NULL +snd_cs46xx_io_read_45734 snd_cs46xx_io_read 5 45734 NULL +rw_copy_check_uvector_45748 rw_copy_check_uvector 3-0 45748 NULL nohasharray +v4l2_ctrl_new_std_45748 v4l2_ctrl_new_std 5 45748 &rw_copy_check_uvector_45748 @@ -128308,6 +120662,7 @@ index 0000000..77b791f +crypto_ablkcipher_reqsize_46411 crypto_ablkcipher_reqsize 0 46411 NULL +ttm_page_pool_get_pages_46431 ttm_page_pool_get_pages 0-5 46431 NULL +cfs_power2_roundup_46433 cfs_power2_roundup 0-1 46433 NULL ++wdata_alloc_and_fillpages_46437 wdata_alloc_and_fillpages 1 46437 NULL +cp210x_set_config_46447 cp210x_set_config 4 46447 NULL +parport_pc_fifo_write_block_46455 parport_pc_fifo_write_block 3 46455 NULL +il_dbgfs_clear_traffic_stats_write_46458 il_dbgfs_clear_traffic_stats_write 3 46458 NULL @@ -128410,6 +120765,7 @@ index 0000000..77b791f +process_vm_rw_47533 process_vm_rw 3-5 47533 NULL nohasharray +vscnprintf_47533 vscnprintf 0-2 47533 &process_vm_rw_47533 +ieee80211_if_fmt_min_discovery_timeout_47539 ieee80211_if_fmt_min_discovery_timeout 3 47539 NULL ++drbg_statelen_47551 drbg_statelen 0 47551 NULL +read_ldt_47570 read_ldt 2 47570 NULL +isku_sysfs_read_last_set_47572 isku_sysfs_read_last_set 6 47572 NULL +btrfs_stack_header_bytenr_47589 btrfs_stack_header_bytenr 0 47589 NULL @@ -128490,6 +120846,7 @@ index 0000000..77b791f +kvm_mmu_pte_write_48340 kvm_mmu_pte_write 2 48340 NULL +skb_add_data_48363 skb_add_data 3 48363 NULL +tx_frag_init_called_read_48377 tx_frag_init_called_read 3 48377 NULL ++ath10k_read_htt_max_amsdu_ampdu_48401 ath10k_read_htt_max_amsdu_ampdu 3 48401 NULL +lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL +uhid_event_from_user_48417 uhid_event_from_user 2 48417 NULL +div64_u64_rem_48418 div64_u64_rem 0-1-2 48418 NULL @@ -128508,6 +120865,7 @@ index 0000000..77b791f +phantom_get_free_48514 phantom_get_free 0 48514 NULL +drbd_bm_capacity_48530 drbd_bm_capacity 0 48530 NULL +raid10_size_48571 raid10_size 0-2-3 48571 NULL ++nvif_notify_init_48578 nvif_notify_init 7 48578 NULL +llog_data_len_48607 llog_data_len 1 48607 NULL +do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL +kernel_sock_ioctl_48644 kernel_sock_ioctl 0 48644 NULL @@ -128585,6 +120943,7 @@ index 0000000..77b791f +__hfsplus_getxattr_49460 __hfsplus_getxattr 0 49460 NULL +agp_3_5_isochronous_node_enable_49465 agp_3_5_isochronous_node_enable 3 49465 NULL +xfs_iformat_local_49472 xfs_iformat_local 4 49472 NULL ++tipc_bclink_get_mtu_49483 tipc_bclink_get_mtu 0 49483 NULL +isr_decrypt_done_read_49490 isr_decrypt_done_read 3 49490 NULL +iwl_dbgfs_disable_power_off_read_49517 iwl_dbgfs_disable_power_off_read 3 49517 NULL +SyS_listxattr_49519 SyS_listxattr 3 49519 NULL @@ -128626,6 +120985,7 @@ index 0000000..77b791f +fiemap_count_to_size_49869 fiemap_count_to_size 0-1 49869 NULL +sctp_setsockopt_bindx_49870 sctp_setsockopt_bindx 3 49870 NULL +osc_brw_49896 osc_brw 4 49896 NULL ++fuse_send_write_49915 fuse_send_write 4-0 49915 NULL +ieee80211_if_fmt_dtim_count_49987 ieee80211_if_fmt_dtim_count 3 49987 NULL +drm_buffer_copy_from_user_49990 drm_buffer_copy_from_user 3 49990 NULL +l2cap_chan_send_49995 l2cap_chan_send 3 49995 NULL @@ -128684,6 +121044,7 @@ index 0000000..77b791f +mei_io_cb_alloc_req_buf_50493 mei_io_cb_alloc_req_buf 2 50493 NULL +pwr_rcvd_awake_beacons_read_50505 pwr_rcvd_awake_beacons_read 3 50505 NULL +ath6kl_set_ap_probe_resp_ies_50539 ath6kl_set_ap_probe_resp_ies 3 50539 NULL ++trigger_request_store_50548 trigger_request_store 4 50548 NULL +usbat_flash_write_data_50553 usbat_flash_write_data 4 50553 NULL +fat_readpages_50582 fat_readpages 4 50582 NULL +iwl_dbgfs_missed_beacon_read_50584 iwl_dbgfs_missed_beacon_read 3 50584 NULL @@ -128787,6 +121148,7 @@ index 0000000..77b791f +v9fs_alloc_rdir_buf_51716 v9fs_alloc_rdir_buf 2 51716 NULL +drm_compat_ioctl_51717 drm_compat_ioctl 2 51717 NULL +sg_read_oxfer_51724 sg_read_oxfer 3 51724 NULL ++str_read_51731 str_read 4 51731 NULL +cm4040_read_51732 cm4040_read 3 51732 NULL +get_user_pages_fast_51751 get_user_pages_fast 0 51751 NULL +ifx_spi_insert_flip_string_51752 ifx_spi_insert_flip_string 3 51752 NULL @@ -128809,6 +121171,7 @@ index 0000000..77b791f +__tcp_mtu_to_mss_51938 __tcp_mtu_to_mss 0-2 51938 NULL +xfrm_alg_len_51940 xfrm_alg_len 0 51940 NULL +scsi_get_vpd_page_51951 scsi_get_vpd_page 4 51951 NULL ++get_clock_info_51952 get_clock_info 4 51952 NULL +snd_mask_min_51969 snd_mask_min 0 51969 NULL +get_zone_51981 get_zone 0-1 51981 NULL +ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL @@ -128834,6 +121197,7 @@ index 0000000..77b791f +hysdn_conf_write_52145 hysdn_conf_write 3 52145 NULL +htable_size_52148 htable_size 0-1 52148 NULL +smk_write_load2_52155 smk_write_load2 3 52155 NULL ++tipc_node_get_mtu_52157 tipc_node_get_mtu 0 52157 NULL +ieee80211_if_read_dot11MeshRetryTimeout_52168 ieee80211_if_read_dot11MeshRetryTimeout 3 52168 NULL +mga_compat_ioctl_52170 mga_compat_ioctl 2 52170 NULL +print_prefix_52176 print_prefix 0 52176 NULL @@ -128899,6 +121263,7 @@ index 0000000..77b791f +carl9170_debugfs_vif_dump_read_52755 carl9170_debugfs_vif_dump_read 3 52755 NULL +ieee80211_if_read_beacon_timeout_52756 ieee80211_if_read_beacon_timeout 3 52756 NULL +nvme_trans_ext_inq_page_52776 nvme_trans_ext_inq_page 3 52776 NULL ++xenvif_write_io_ring_52802 xenvif_write_io_ring 3 52802 NULL +pwr_rcvd_beacons_read_52836 pwr_rcvd_beacons_read 3 52836 NULL +lb_alloc_ep_req_52837 lb_alloc_ep_req 2 52837 NULL +mon_bin_get_event_52863 mon_bin_get_event 4-6 52863 NULL @@ -128919,6 +121284,7 @@ index 0000000..77b791f +btrfs_free_and_pin_reserved_extent_53016 btrfs_free_and_pin_reserved_extent 2 53016 NULL +tx_tx_exch_pending_read_53018 tx_tx_exch_pending_read 3 53018 NULL +bio_cur_bytes_53037 bio_cur_bytes 0 53037 NULL ++nv50_chan_create_53039 nv50_chan_create 5 53039 NULL +regcache_lzo_block_count_53056 regcache_lzo_block_count 0 53056 NULL +cfi_read_query_53066 cfi_read_query 0 53066 NULL +iwl_dbgfs_interrupt_write_53069 iwl_dbgfs_interrupt_write 3 53069 NULL @@ -128942,6 +121308,7 @@ index 0000000..77b791f +btree_keys_bytes_53348 btree_keys_bytes 0 53348 NULL +sock_setbindtodevice_53369 sock_setbindtodevice 3 53369 NULL +get_random_bytes_arch_53370 get_random_bytes_arch 2 53370 NULL ++test_fw_misc_read_53384 test_fw_misc_read 3 53384 NULL +isr_cmd_cmplt_read_53439 isr_cmd_cmplt_read 3 53439 NULL +mwifiex_info_read_53447 mwifiex_info_read 3 53447 NULL +apei_exec_run_optional_53452 apei_exec_run_optional 0 53452 NULL @@ -128960,7 +121327,8 @@ index 0000000..77b791f +cifs_utf16_bytes_53593 cifs_utf16_bytes 0 53593 NULL +proc_uid_map_write_53596 proc_uid_map_write 3 53596 NULL +pfkey_recvmsg_53604 pfkey_recvmsg 4 53604 NULL -+___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1 53626 NULL ++___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1 53626 NULL nohasharray ++wil_write_file_txmgmt_53626 wil_write_file_txmgmt 3 53626 &___alloc_bootmem_nopanic_53626 +ccid_getsockopt_builtin_ccids_53634 ccid_getsockopt_builtin_ccids 2 53634 NULL +nr_sendmsg_53656 nr_sendmsg 4 53656 NULL +fuse_fill_write_pages_53682 fuse_fill_write_pages 0-4 53682 NULL @@ -129038,6 +121406,7 @@ index 0000000..77b791f +copy_gadget_strings_54417 copy_gadget_strings 2-3 54417 NULL +sparse_early_mem_maps_alloc_node_54485 sparse_early_mem_maps_alloc_node 4 54485 NULL +simple_strtoull_54493 simple_strtoull 0 54493 NULL ++l2cap_create_basic_pdu_54508 l2cap_create_basic_pdu 3 54508 NULL +btrfs_ordered_sum_size_54509 btrfs_ordered_sum_size 0-2 54509 NULL +rfc4106_set_key_54519 rfc4106_set_key 3 54519 NULL +vmci_transport_dgram_enqueue_54525 vmci_transport_dgram_enqueue 4 54525 NULL @@ -129135,6 +121504,7 @@ index 0000000..77b791f +si476x_radio_read_rds_blckcnt_blob_55427 si476x_radio_read_rds_blckcnt_blob 3 55427 NULL +__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL +cx23888_ir_rx_read_55473 cx23888_ir_rx_read 3 55473 NULL ++ufshcd_exec_dev_cmd_55479 ufshcd_exec_dev_cmd 0 55479 NULL +snd_pcm_lib_write_55483 snd_pcm_lib_write 0-3 55483 NULL +i2o_pool_alloc_55485 i2o_pool_alloc 4 55485 NULL +batadv_tt_entries_55487 batadv_tt_entries 0-1 55487 NULL @@ -129185,7 +121555,7 @@ index 0000000..77b791f +kvm_write_guest_virt_system_55944 kvm_write_guest_virt_system 4-2 55944 NULL +sel_read_policy_55947 sel_read_policy 3 55947 NULL +ceph_get_direct_page_vector_55956 ceph_get_direct_page_vector 2 55956 NULL -+simple_read_from_buffer_55957 simple_read_from_buffer 5-2 55957 NULL ++simple_read_from_buffer_55957 simple_read_from_buffer 5-2-0 55957 NULL +tx_tx_imm_resp_read_55964 tx_tx_imm_resp_read 3 55964 NULL +btrfs_clone_55977 btrfs_clone 5-3-6 55977 NULL +wa_xfer_create_subset_sg_55992 wa_xfer_create_subset_sg 3-2 55992 NULL @@ -129200,6 +121570,7 @@ index 0000000..77b791f +ath9k_dump_legacy_btcoex_56194 ath9k_dump_legacy_btcoex 0-3 56194 NULL +vring_add_indirect_56222 vring_add_indirect 4 56222 NULL +ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL ++ufshcd_query_descriptor_56236 ufshcd_query_descriptor 0 56236 NULL +do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL +fd_copyin_56247 fd_copyin 3 56247 NULL +sk_rmem_schedule_56255 sk_rmem_schedule 3 56255 NULL @@ -129300,12 +121671,14 @@ index 0000000..77b791f +nl80211_send_deauth_57136 nl80211_send_deauth 4 57136 &rds_ib_sub_signaled_57136 +snd_sonicvibes_getdmac_57140 snd_sonicvibes_getdmac 0 57140 NULL +_iwl_dbgfs_bf_params_write_57141 _iwl_dbgfs_bf_params_write 3 57141 NULL ++acpi_gsb_i2c_read_bytes_57145 acpi_gsb_i2c_read_bytes 4 57145 NULL +udl_prime_create_57159 udl_prime_create 2 57159 NULL +stk_prepare_sio_buffers_57168 stk_prepare_sio_buffers 2 57168 NULL +rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 NULL +hash_netnet6_expire_57191 hash_netnet6_expire 4 57191 NULL +tt3650_ci_msg_57219 tt3650_ci_msg 4 57219 NULL +dma_fifo_alloc_57236 dma_fifo_alloc 2-3-5 57236 NULL ++drbg_blocklen_57239 drbg_blocklen 0 57239 NULL +rsxx_cram_write_57244 rsxx_cram_write 3 57244 NULL +ieee80211_if_fmt_tsf_57249 ieee80211_if_fmt_tsf 3 57249 NULL +oprofilefs_ulong_from_user_57251 oprofilefs_ulong_from_user 3 57251 NULL @@ -129313,6 +121686,7 @@ index 0000000..77b791f +lbs_sleepparams_write_57283 lbs_sleepparams_write 3 57283 NULL +pstore_file_read_57288 pstore_file_read 3 57288 NULL +snd_pcm_read_57289 snd_pcm_read 3 57289 NULL ++string_length_no_trail_57290 string_length_no_trail 0-2 57290 NULL +ftdi_elan_write_57309 ftdi_elan_write 3 57309 NULL +write_file_regval_57313 write_file_regval 3 57313 NULL +__mxt_write_reg_57326 __mxt_write_reg 3 57326 NULL @@ -129371,6 +121745,7 @@ index 0000000..77b791f +iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL +ll_xattr_find_get_lock_57912 ll_xattr_find_get_lock 0 57912 NULL +memcg_caches_array_size_57918 memcg_caches_array_size 0-1 57918 NULL ++mwifiex_hscfg_read_57920 mwifiex_hscfg_read 3 57920 NULL +twl_i2c_write_57923 twl_i2c_write 3-4 57923 NULL +__snd_gf1_look16_57925 __snd_gf1_look16 0 57925 NULL +sel_read_handle_unknown_57933 sel_read_handle_unknown 3 57933 NULL @@ -129387,6 +121762,7 @@ index 0000000..77b791f +ocfs2_find_leaf_58065 ocfs2_find_leaf 0 58065 NULL +dt3155_alloc_coherent_58073 dt3155_alloc_coherent 2 58073 NULL +cm4040_write_58079 cm4040_write 3 58079 NULL ++savemem_58129 savemem 3 58129 NULL +ipv6_flowlabel_opt_58135 ipv6_flowlabel_opt 3 58135 NULL nohasharray +slhc_init_58135 slhc_init 1-2 58135 &ipv6_flowlabel_opt_58135 +garmin_write_bulk_58191 garmin_write_bulk 3 58191 NULL @@ -129402,6 +121778,7 @@ index 0000000..77b791f +r100_mm_rreg_58276 r100_mm_rreg 0 58276 NULL +iscsi_decode_text_input_58292 iscsi_decode_text_input 4 58292 NULL +ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL ++mic_virtio_copy_from_user_58323 mic_virtio_copy_from_user 3 58323 NULL +tx_tx_start_int_templates_read_58324 tx_tx_start_int_templates_read 3 58324 NULL +lstcon_rpc_prep_58325 lstcon_rpc_prep 4 58325 NULL +ext4_ext_truncate_extend_restart_58331 ext4_ext_truncate_extend_restart 3 58331 NULL @@ -129421,6 +121798,7 @@ index 0000000..77b791f +snd_rme96_capture_copy_58484 snd_rme96_capture_copy 5 58484 NULL +btrfs_cont_expand_58498 btrfs_cont_expand 2-3 58498 NULL +tcf_hash_create_58507 tcf_hash_create 4 58507 NULL ++cifs_write_from_iter_58526 cifs_write_from_iter 2 58526 NULL +rndis_add_response_58544 rndis_add_response 2 58544 NULL +wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL +scnprint_mac_oui_58578 scnprint_mac_oui 3-0 58578 NULL @@ -129438,6 +121816,7 @@ index 0000000..77b791f +find_zero_58685 find_zero 0-1 58685 NULL +uwb_bce_print_IEs_58686 uwb_bce_print_IEs 4 58686 NULL +tps6586x_writes_58689 tps6586x_writes 2-3 58689 NULL ++visor_charqueue_create_58703 visor_charqueue_create 1 58703 NULL +vx_send_msg_58711 vx_send_msg 0 58711 NULL +csum_exist_in_range_58730 csum_exist_in_range 2-3 58730 NULL +frames_to_bytes_58741 frames_to_bytes 0-2 58741 NULL @@ -129487,6 +121866,7 @@ index 0000000..77b791f +rx_defrag_in_process_called_read_59338 rx_defrag_in_process_called_read 3 59338 NULL +xfs_attrmulti_attr_set_59346 xfs_attrmulti_attr_set 4 59346 NULL +__map_request_59350 __map_request 0 59350 NULL ++SyS_getrandom_59366 SyS_getrandom 2 59366 NULL +f2fs_fallocate_59377 f2fs_fallocate 4-3 59377 NULL +pvr2_debugifc_print_info_59380 pvr2_debugifc_print_info 3 59380 NULL +journal_init_dev_59384 journal_init_dev 5 59384 NULL @@ -129612,6 +121992,7 @@ index 0000000..77b791f +opticon_write_60775 opticon_write 4 60775 NULL +acl_alloc_num_60778 acl_alloc_num 1-2 60778 NULL +snd_pcm_oss_readv3_60792 snd_pcm_oss_readv3 3 60792 NULL ++nvif_object_init_60848 nvif_object_init 6 60848 NULL +pwr_tx_with_ps_read_60851 pwr_tx_with_ps_read 3 60851 NULL +alloc_buf_60864 alloc_buf 3-2 60864 NULL +generic_writepages_60871 generic_writepages 0 60871 NULL @@ -129667,6 +122048,7 @@ index 0000000..77b791f +snd_pcm_lib_writev_transfer_61483 snd_pcm_lib_writev_transfer 5-4-2 61483 NULL +btrfs_item_size_61485 btrfs_item_size 0 61485 NULL +erst_errno_61526 erst_errno 0 61526 NULL ++proc_write_device_61541 proc_write_device 3 61541 NULL +compat_SyS_select_61542 compat_SyS_select 1 61542 NULL +trace_options_core_write_61551 trace_options_core_write 3 61551 NULL +dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL @@ -129737,6 +122119,7 @@ index 0000000..77b791f +prism54_wpa_bss_ie_get_62173 prism54_wpa_bss_ie_get 0 62173 NULL +write_file_dfs_62180 write_file_dfs 3 62180 NULL +alloc_upcall_62186 alloc_upcall 2 62186 NULL ++rounded_hashtable_size_62198 rounded_hashtable_size 0 62198 NULL +sock_kmalloc_62205 sock_kmalloc 2 62205 NULL +smk_read_syslog_62227 smk_read_syslog 3 62227 NULL +SYSC_setgroups16_62232 SYSC_setgroups16 1 62232 NULL @@ -129767,6 +122150,7 @@ index 0000000..77b791f +vfs_fsync_range_62635 vfs_fsync_range 0 62635 NULL +lpfc_sli4_queue_alloc_62646 lpfc_sli4_queue_alloc 3 62646 NULL +printer_req_alloc_62687 printer_req_alloc 2 62687 NULL ++ieee80211_set_probe_resp_62700 ieee80211_set_probe_resp 3 62700 NULL +bioset_integrity_create_62708 bioset_integrity_create 2 62708 NULL +gfs2_log_write_62717 gfs2_log_write 3 62717 NULL +rdm_62719 rdm 0 62719 NULL @@ -129793,6 +122177,7 @@ index 0000000..77b791f +getdqbuf_62908 getdqbuf 1 62908 NULL +ll_statahead_agl_seq_write_62928 ll_statahead_agl_seq_write 3 62928 NULL +agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL ++nvif_object_mthd_62960 nvif_object_mthd 4 62960 NULL +hwdep_read_62992 hwdep_read 3 62992 NULL +kstrtoull_from_user_63026 kstrtoull_from_user 2 63026 NULL +__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 NULL @@ -129804,6 +122189,7 @@ index 0000000..77b791f +sep_prepare_input_output_dma_table_in_dcb_63087 sep_prepare_input_output_dma_table_in_dcb 4-5 63087 NULL +iwl_dbgfs_sensitivity_read_63116 iwl_dbgfs_sensitivity_read 3 63116 NULL +ext4_chunk_trans_blocks_63123 ext4_chunk_trans_blocks 0-2 63123 NULL ++iwl_mvm_coex_dump_mbox_63153 iwl_mvm_coex_dump_mbox 4-3-0 63153 NULL +smk_write_revoke_subj_63173 smk_write_revoke_subj 3 63173 NULL +SyS_syslog_63178 SyS_syslog 3 63178 NULL +vme_master_read_63221 vme_master_read 0 63221 NULL @@ -129815,6 +122201,7 @@ index 0000000..77b791f +nfsd_vfs_read_63307 nfsd_vfs_read 5 63307 NULL +ath10k_read_fw_dbglog_63323 ath10k_read_fw_dbglog 3 63323 NULL +proc_info_read_63344 proc_info_read 3 63344 NULL ++nvif_device_new_63358 nvif_device_new 5 63358 NULL +ps_upsd_max_sptime_read_63362 ps_upsd_max_sptime_read 3 63362 NULL +idmouse_read_63374 idmouse_read 3 63374 NULL +edac_pci_alloc_ctl_info_63388 edac_pci_alloc_ctl_info 1 63388 NULL nohasharray @@ -129887,16 +122274,19 @@ index 0000000..77b791f +init_bch_64130 init_bch 1-2 64130 NULL +ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL +dlfb_ops_write_64150 dlfb_ops_write 3 64150 NULL ++number_of_tds_64156 number_of_tds 0 64156 NULL +bnx2x_vf_mcast_64166 bnx2x_vf_mcast 4 64166 NULL +cpumask_scnprintf_64170 cpumask_scnprintf 0-2 64170 NULL +kernfs_iop_setxattr_64220 kernfs_iop_setxattr 4 64220 NULL +read_pulse_64227 read_pulse 0-3 64227 NULL +ea_len_64229 ea_len 0 64229 NULL +io_capture_transfer_64276 io_capture_transfer 4 64276 NULL -+btrfs_file_extent_offset_64278 btrfs_file_extent_offset 0 64278 NULL ++btrfs_file_extent_offset_64278 btrfs_file_extent_offset 0 64278 NULL nohasharray ++bpf_check_classic_64278 bpf_check_classic 2 64278 &btrfs_file_extent_offset_64278 +sta_current_tx_rate_read_64286 sta_current_tx_rate_read 3 64286 NULL +xfs_dir_cilookup_result_64288 xfs_dir_cilookup_result 3 64288 NULL nohasharray +event_id_read_64288 event_id_read 3 64288 &xfs_dir_cilookup_result_64288 ++info_debugfs_read_64291 info_debugfs_read 3 64291 NULL +ocfs2_block_check_validate_bhs_64302 ocfs2_block_check_validate_bhs 0 64302 NULL +snd_hda_get_sub_nodes_64304 snd_hda_get_sub_nodes 0 64304 NULL +error_error_bar_retry_read_64305 error_error_bar_retry_read 3 64305 NULL @@ -131476,7 +123866,7 @@ index 0a578fe..b81f62d 100644 }) diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 4b6c01b..16eb755 100644 +index 95519bc..43f5d42 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -76,12 +76,17 @@ LIST_HEAD(vm_list); @@ -131499,7 +123889,7 @@ index 4b6c01b..16eb755 100644 struct dentry *kvm_debugfs_dir; -@@ -761,7 +766,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -763,7 +768,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if ((mem->slot < KVM_USER_MEM_SLOTS) && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -131508,7 +123898,7 @@ index 4b6c01b..16eb755 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -1618,9 +1623,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached); +@@ -1620,9 +1625,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached); int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len) { @@ -131528,7 +123918,7 @@ index 4b6c01b..16eb755 100644 } EXPORT_SYMBOL_GPL(kvm_clear_guest_page); -@@ -1870,7 +1883,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) +@@ -1872,7 +1885,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) return 0; } @@ -131537,7 +123927,7 @@ index 4b6c01b..16eb755 100644 .release = kvm_vcpu_release, .unlocked_ioctl = kvm_vcpu_ioctl, #ifdef CONFIG_COMPAT -@@ -2540,7 +2553,7 @@ out: +@@ -2573,7 +2586,7 @@ out: } #endif @@ -131546,7 +123936,7 @@ index 4b6c01b..16eb755 100644 .release = kvm_vm_release, .unlocked_ioctl = kvm_vm_ioctl, #ifdef CONFIG_COMPAT -@@ -2640,7 +2653,7 @@ out: +@@ -2646,7 +2659,7 @@ out: return r; } @@ -131555,7 +123945,7 @@ index 4b6c01b..16eb755 100644 .unlocked_ioctl = kvm_dev_ioctl, .compat_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, -@@ -2666,7 +2679,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2672,7 +2685,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -131564,7 +123954,7 @@ index 4b6c01b..16eb755 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2722,10 +2735,10 @@ static int hardware_enable_all(void) +@@ -2728,10 +2741,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -131577,7 +123967,7 @@ index 4b6c01b..16eb755 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -3130,7 +3143,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -3136,7 +3149,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -131586,7 +123976,7 @@ index 4b6c01b..16eb755 100644 struct module *module) { int r; -@@ -3177,7 +3190,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3183,7 +3196,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -131595,7 +123985,7 @@ index 4b6c01b..16eb755 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -3187,9 +3200,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3193,9 +3206,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; @@ -131607,7 +123997,7 @@ index 4b6c01b..16eb755 100644 r = misc_register(&kvm_dev); if (r) { -@@ -3199,9 +3214,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -3205,9 +3220,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, register_syscore_ops(&kvm_syscore_ops); diff --git a/3.16.5/4425_grsec_remove_EI_PAX.patch b/3.17.1/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.16.5/4425_grsec_remove_EI_PAX.patch +++ b/3.17.1/4425_grsec_remove_EI_PAX.patch diff --git a/3.16.5/4427_force_XATTR_PAX_tmpfs.patch b/3.17.1/4427_force_XATTR_PAX_tmpfs.patch index 2f1d3b4..21c0171 100644 --- a/3.16.5/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.17.1/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -2219,11 +2219,7 @@ +@@ -2524,11 +2524,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2279,14 +2275,12 @@ +@@ -2584,14 +2580,12 @@ if (err) return err; diff --git a/3.16.5/4430_grsec-remove-localversion-grsec.patch b/3.17.1/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.16.5/4430_grsec-remove-localversion-grsec.patch +++ b/3.17.1/4430_grsec-remove-localversion-grsec.patch diff --git a/3.16.5/4435_grsec-mute-warnings.patch b/3.17.1/4435_grsec-mute-warnings.patch index 4a959cc..4a959cc 100644 --- a/3.16.5/4435_grsec-mute-warnings.patch +++ b/3.17.1/4435_grsec-mute-warnings.patch diff --git a/3.16.5/4440_grsec-remove-protected-paths.patch b/3.17.1/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.16.5/4440_grsec-remove-protected-paths.patch +++ b/3.17.1/4440_grsec-remove-protected-paths.patch diff --git a/3.16.5/4450_grsec-kconfig-default-gids.patch b/3.17.1/4450_grsec-kconfig-default-gids.patch index 0451e5a..8a63d7f 100644 --- a/3.16.5/4450_grsec-kconfig-default-gids.patch +++ b/3.17.1/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -680,7 +680,7 @@ +@@ -678,7 +678,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -911,7 +911,7 @@ +@@ -909,7 +909,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -920,7 +920,7 @@ +@@ -918,7 +918,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT diff --git a/3.14.21/4465_selinux-avc_audit-log-curr_ip.patch b/3.17.1/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.14.21/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.17.1/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.16.5/4470_disable-compat_vdso.patch b/3.17.1/4470_disable-compat_vdso.patch index 431c5bb..dec59f7 100644 --- a/3.16.5/4470_disable-compat_vdso.patch +++ b/3.17.1/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1816,29 +1816,8 @@ +@@ -1858,29 +1858,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.16.5/4475_emutramp_default_on.patch b/3.17.1/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.16.5/4475_emutramp_default_on.patch +++ b/3.17.1/4475_emutramp_default_on.patch diff --git a/3.2.63/0000_README b/3.2.63/0000_README index e9d42c1..35112a1 100644 --- a/3.2.63/0000_README +++ b/3.2.63/0000_README @@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch From: http://www.kernel.org Desc: Linux 3.2.63 -Patch: 4420_grsecurity-3.0-3.2.63-201410131955.patch +Patch: 4420_grsecurity-3.0-3.2.63-201410192044.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch index 05a34d4..7b7e1d2 100644 --- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch +++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201410192044.patch @@ -7444,19 +7444,22 @@ index fa57532..e1a4c53 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 60d86be..ef93645 100644 +index 60d86be..5e005d8 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h -@@ -63,6 +63,8 @@ struct thread_info { +@@ -63,7 +63,10 @@ struct thread_info { struct pt_regs *kern_una_regs; unsigned int kern_una_insn; +- unsigned long fpregs[0] __attribute__ ((aligned(64))); + unsigned long lowest_stack; + - unsigned long fpregs[0] __attribute__ ((aligned(64))); ++ unsigned long fpregs[(7 * 256) / sizeof(unsigned long)] ++ __attribute__ ((aligned(64))); }; -@@ -104,13 +106,15 @@ struct thread_info { + #endif /* !(__ASSEMBLY__) */ +@@ -104,13 +107,15 @@ struct thread_info { #define FAULT_CODE_BLKCOMMIT 0x10 /* Use blk-commit ASI in copy_page */ #if PAGE_SHIFT == 13 @@ -7474,7 +7477,7 @@ index 60d86be..ef93645 100644 #define PREEMPT_ACTIVE 0x10000000 /* -@@ -214,10 +218,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -214,10 +219,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ /* flag bit 6 is available */ #define TIF_32BIT 7 /* 32-bit binary */ @@ -7487,7 +7490,7 @@ index 60d86be..ef93645 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -238,12 +243,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -238,12 +244,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) #define _TIF_FREEZE (1<<TIF_FREEZE) @@ -24701,10 +24704,18 @@ index 2102a17..16e1531 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index a4f6bda..40eb721 100644 +index a4f6bda..a02a77c 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -390,6 +390,7 @@ struct vcpu_vmx { + u16 fs_sel, gs_sel, ldt_sel; + int gs_ldt_reload_needed; + int fs_reload_needed; ++ unsigned long vmcs_host_cr4; /* May not match real cr4 */ + } host_state; + struct { + int vm86_active; +@@ -1099,12 +1100,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -24719,7 +24730,7 @@ index a4f6bda..40eb721 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1305,7 +1305,11 @@ static void reload_tss(void) +@@ -1305,7 +1306,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -24731,7 +24742,7 @@ index a4f6bda..40eb721 100644 load_TR_desc(); } -@@ -1504,6 +1508,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1504,6 +1509,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -24742,7 +24753,7 @@ index a4f6bda..40eb721 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2634,8 +2642,11 @@ static __init int hardware_setup(void) +@@ -2634,8 +2643,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -24756,18 +24767,26 @@ index a4f6bda..40eb721 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3637,7 +3648,10 @@ static void vmx_set_constant_host_state(void) +@@ -3634,10 +3646,17 @@ static void vmx_set_constant_host_state(void) + u32 low32, high32; + unsigned long tmpl; + struct desc_ptr dt; ++ unsigned long cr4; vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */ - vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ -+ +- vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ +#ifndef CONFIG_PAX_PER_CPU_PGD vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ +#endif ++ ++ /* Save the most likely value for this task's CR4 in the VMCS. */ ++ cr4 = read_cr4(); ++ vmcs_writel(HOST_CR4, cr4); /* 22.2.3, 22.2.5 */ ++ vmx->host_state.vmcs_host_cr4 = cr4; vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ -@@ -3649,7 +3663,7 @@ static void vmx_set_constant_host_state(void) +@@ -3649,7 +3668,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -24776,7 +24795,28 @@ index a4f6bda..40eb721 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6178,6 +6192,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6093,6 +6112,7 @@ static void atomic_switch_perf_msrs(struct vcpu_vmx *vmx) + static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); ++ unsigned long cr4; + + if (is_guest_mode(vcpu) && !vmx->nested.nested_run_pending) { + struct vmcs12 *vmcs12 = get_vmcs12(vcpu); +@@ -6123,6 +6143,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (test_bit(VCPU_REGS_RIP, (unsigned long *)&vcpu->arch.regs_dirty)) + vmcs_writel(GUEST_RIP, vcpu->arch.regs[VCPU_REGS_RIP]); + ++ cr4 = read_cr4(); ++ if (unlikely(cr4 != vmx->host_state.vmcs_host_cr4)) { ++ vmcs_writel(HOST_CR4, cr4); ++ vmx->host_state.vmcs_host_cr4 = cr4; ++ } ++ + /* When single-stepping over STI and MOV SS, we must clear the + * corresponding interruptibility bits in the guest state. Otherwise + * vmentry fails as it then expects bit 14 (BS) in pending debug +@@ -6178,6 +6204,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -24789,7 +24829,7 @@ index a4f6bda..40eb721 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6226,6 +6246,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6226,6 +6258,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -24801,7 +24841,7 @@ index a4f6bda..40eb721 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6254,7 +6279,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6254,7 +6291,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -44745,6 +44785,20 @@ index 8e362bb..679d9da 100644 (1 << 8) | /* hthresh */ \ 0x1f) /* pthresh */ +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +index e571356..088ad8d 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c +@@ -895,6 +895,9 @@ int ixgbe_ndo_set_vf_spoofchk(struct net_device *netdev, int vf, bool setting) + struct ixgbe_hw *hw = &adapter->hw; + u32 regval; + ++ if (vf >= adapter->num_vfs) ++ return -EINVAL; ++ + adapter->vfinfo[vf].spoofchk_enabled = setting; + + regval = IXGBE_READ_REG(hw, IXGBE_PFVFSPOOF(vf_target_reg)); diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c index 4c8e199..f7f5587 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c @@ -45018,9 +45072,18 @@ index b0f9015..edcb1f3 100644 }; diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 3ed983c..a1bb418 100644 +index 3ed983c..359f1b9 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c +@@ -588,7 +588,7 @@ static long ppp_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + if (file == ppp->owner) + ppp_shutdown_interface(ppp); + } +- if (atomic_long_read(&file->f_count) <= 2) { ++ if (atomic_long_read(&file->f_count) < 2) { + ppp_release(NULL, file); + err = 0; + } else @@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; @@ -56471,7 +56534,7 @@ index 200f63b..490b833 100644 /* * used by btrfsctl to scan devices when no FS is mounted diff --git a/fs/buffer.c b/fs/buffer.c -index 5f4bde2..b4d23b3 100644 +index 5f4bde2..5df71b8 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -1021,7 +1021,8 @@ grow_dev_page(struct block_device *bdev, sector_t block, @@ -56494,7 +56557,19 @@ index 5f4bde2..b4d23b3 100644 spin_unlock(&inode->i_mapping->private_lock); done: ret = (block < end_block) ? 1 : -ENXIO; -@@ -3316,7 +3318,7 @@ void __init buffer_init(void) +@@ -2256,6 +2258,11 @@ static int cont_expand_zero(struct file *file, struct address_space *mapping, + err = 0; + + balance_dirty_pages_ratelimited(mapping); ++ ++ if (unlikely(fatal_signal_pending(current))) { ++ err = -EINTR; ++ goto out; ++ } + } + + /* page covers the boundary, find the boundary offset */ +@@ -3316,7 +3323,7 @@ void __init buffer_init(void) bh_cachep = kmem_cache_create("buffer_head", sizeof(struct buffer_head), 0, (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC| @@ -62209,6 +62284,23 @@ index 9860f6b..55df672 100644 fanotify_event_metadata.event_len)) goto out_kill_access_response; +diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c +index e3cbd74..2980aa8 100644 +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -198,8 +198,10 @@ static void inotify_free_group_priv(struct fsnotify_group *group) + idr_for_each(&group->inotify_data.idr, idr_callback, group); + idr_remove_all(&group->inotify_data.idr); + idr_destroy(&group->inotify_data.idr); +- atomic_dec(&group->inotify_data.user->inotify_devs); +- free_uid(group->inotify_data.user); ++ if (group->inotify_data.user) { ++ atomic_dec(&group->inotify_data.user->inotify_devs); ++ free_uid(group->inotify_data.user); ++ } + } + + void inotify_free_event_priv(struct fsnotify_event_private_data *fsn_event_priv) diff --git a/fs/notify/notification.c b/fs/notify/notification.c index ee18815..7aa5d01 100644 --- a/fs/notify/notification.c @@ -88023,7 +88115,7 @@ index 13bba30..ee14dbd 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 1bb37d0..29574af 100644 +index 1bb37d0..8d00f9b 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -88052,7 +88144,16 @@ index 1bb37d0..29574af 100644 static const struct futex_q futex_q_init = { /* list gets initialized in queue_me()*/ -@@ -240,6 +241,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -190,6 +191,8 @@ static void get_futex_key_refs(union futex_key *key) + case FUT_OFF_MMSHARED: + atomic_inc(&key->private.mm->mm_count); + break; ++ default: ++ smp_mb(); /* explicit MB (B) */ + } + } + +@@ -240,6 +243,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -88064,7 +88165,7 @@ index 1bb37d0..29574af 100644 /* * The futex address must be "naturally" aligned. */ -@@ -438,7 +444,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, +@@ -438,7 +446,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, static int get_futex_value_locked(u32 *dest, u32 __user *from) { @@ -88073,7 +88174,7 @@ index 1bb37d0..29574af 100644 pagefault_disable(); ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); -@@ -2460,6 +2466,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, +@@ -2460,6 +2468,7 @@ static int futex_wait_requeue_pi(u32 __user *uaddr, unsigned int flags, * shared futexes. We need to compare the keys: */ if (match_futex(&q.key, &key2)) { @@ -88081,7 +88182,7 @@ index 1bb37d0..29574af 100644 ret = -EINVAL; goto out_put_keys; } -@@ -2877,6 +2884,7 @@ static int __init futex_init(void) +@@ -2877,6 +2886,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -88089,7 +88190,7 @@ index 1bb37d0..29574af 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2888,8 +2896,11 @@ static int __init futex_init(void) +@@ -2888,8 +2898,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -102108,7 +102209,7 @@ index 7121d9b..d256e3c 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index 8a2c2dd..3ba3cf1 100644 +index 8a2c2dd..a264b79 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -102221,7 +102322,16 @@ index 8a2c2dd..3ba3cf1 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2027,7 +2027,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -1456,6 +1456,8 @@ EXPORT_SYMBOL(sock_kmalloc); + */ + void sock_kfree_s(struct sock *sk, void *mem, int size) + { ++ if (WARN_ON_ONCE(!mem)) ++ return; + kfree(mem); + atomic_sub(size, &sk->sk_omem_alloc); + } +@@ -2027,7 +2029,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -102230,7 +102340,7 @@ index 8a2c2dd..3ba3cf1 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2564,7 +2564,7 @@ static __net_exit void proto_exit_net(struct net *net) +@@ -2564,7 +2566,7 @@ static __net_exit void proto_exit_net(struct net *net) } @@ -106153,6 +106263,42 @@ index 5e57347..3916042 100644 } #endif +diff --git a/net/rds/rdma.c b/net/rds/rdma.c +index 4e37c1c..40084d8 100644 +--- a/net/rds/rdma.c ++++ b/net/rds/rdma.c +@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + + if (rs->rs_bound_addr == 0) { + ret = -ENOTCONN; /* XXX not a great errno */ +- goto out; ++ goto out_ret; + } + + if (args->nr_local > UIO_MAXIOV) { + ret = -EMSGSIZE; +- goto out; ++ goto out_ret; + } + + /* Check whether to allocate the iovec area */ +@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm, + iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL); + if (!iovs) { + ret = -ENOMEM; +- goto out; ++ goto out_ret; + } + } + +@@ -696,6 +696,7 @@ out: + if (iovs != iovstack) + sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size); + kfree(pages); ++out_ret: + if (ret) + rds_rdma_free_op(op); + else diff --git a/net/rds/rds.h b/net/rds/rds.h index 7eaba18..a3c303f 100644 --- a/net/rds/rds.h @@ -111319,7 +111465,7 @@ index dca1c22..4fa4591 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 69477ff..8be0629 100644 +index 69477ff..3af4da9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -111331,6 +111477,22 @@ index 69477ff..8be0629 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); +@@ -435,6 +433,7 @@ next_inode: + list_entry(sbsec->isec_head.next, + struct inode_security_struct, list); + struct inode *inode = isec->inode; ++ list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + inode = igrab(inode); + if (inode) { +@@ -443,7 +442,6 @@ next_inode: + iput(inode); + } + spin_lock(&sbsec->isec_lock); +- list_del_init(&isec->list); + goto next_inode; + } + spin_unlock(&sbsec->isec_lock); @@ -2035,6 +2033,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) new_tsec->sid = old_tsec->exec_sid; /* Reset exec SID on execve. */ diff --git a/3.2.63/4427_force_XATTR_PAX_tmpfs.patch b/3.2.63/4427_force_XATTR_PAX_tmpfs.patch index a5527a5..caaeed1 100644 --- a/3.2.63/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.2.63/4427_force_XATTR_PAX_tmpfs.patch @@ -6,7 +6,7 @@ namespace supported on tmpfs so that the PaX markings survive emerge. diff -Naur a/mm/shmem.c b/mm/shmem.c --- a/mm/shmem.c 2013-06-11 21:00:18.000000000 -0400 +++ b/mm/shmem.c 2013-06-11 21:08:18.000000000 -0400 -@@ -1924,11 +1924,7 @@ +@@ -1926,11 +1926,7 @@ static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -18,7 +18,7 @@ diff -Naur a/mm/shmem.c b/mm/shmem.c { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -1982,14 +1978,12 @@ +@@ -1984,14 +1980,12 @@ if (err) return err; diff --git a/3.2.63/4450_grsec-kconfig-default-gids.patch b/3.2.63/4450_grsec-kconfig-default-gids.patch index 363dc64..b4a0e64 100644 --- a/3.2.63/4450_grsec-kconfig-default-gids.patch +++ b/3.2.63/4450_grsec-kconfig-default-gids.patch @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -989,7 +989,7 @@ +@@ -991,7 +991,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -1010,7 +1010,7 @@ +@@ -1012,7 +1012,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -1028,7 +1028,7 @@ +@@ -1030,7 +1030,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.2.63/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.63/4465_selinux-avc_audit-log-curr_ip.patch index 3b873e1..ed1cb9b 100644 --- a/3.2.63/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.63/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1123,6 +1123,27 @@ +@@ -1125,6 +1125,27 @@ menu "Logging Options" depends on GRKERNSEC |