diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-06-09 11:03:52 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-06-09 11:03:52 -0400 |
| commit | 3365924e96ce7e106e5cfee8b8e7475b900a2e52 (patch) | |
| tree | 6125ddd808cb936221bc5ea161cfe1431a4ffb92 | |
| parent | Grsec/PaX: 3.1-{3.2.69,3.14.43,4.0.4}-201506021902 (diff) | |
| download | hardened-patchset-20150608.tar.gz hardened-patchset-20150608.tar.bz2 hardened-patchset-20150608.zip | |
Grsec/PaX: 3.1-{3.2.69,3.14.44,4.0.5}-20150608225120150608
| -rw-r--r-- | 3.14.44/0000_README (renamed from 3.14.43/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch (renamed from 3.14.43/4420_grsecurity-3.1-3.14.43-201506021902.patch) | 445 | ||||
| -rw-r--r-- | 3.14.44/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.43/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.43/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.43/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4435_grsec-mute-warnings.patch (renamed from 3.14.43/4435_grsec-mute-warnings.patch) | 4 | ||||
| -rw-r--r-- | 3.14.44/4440_grsec-remove-protected-paths.patch (renamed from 3.14.43/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.43/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.43/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4470_disable-compat_vdso.patch (renamed from 3.14.43/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.44/4475_emutramp_default_on.patch (renamed from 3.14.43/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.69/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch (renamed from 3.2.69/4420_grsecurity-3.1-3.2.69-201506021858.patch) | 206 | ||||
| -rw-r--r-- | 3.2.69/4435_grsec-mute-warnings.patch | 4 | ||||
| -rw-r--r-- | 4.0.5/0000_README (renamed from 4.0.4/0000_README) | 2 | ||||
| -rw-r--r-- | 4.0.5/4420_grsecurity-3.1-4.0.5-201506082251.patch (renamed from 4.0.4/4420_grsecurity-3.1-4.0.4-201506021902.patch) | 495 | ||||
| -rw-r--r-- | 4.0.5/4425_grsec_remove_EI_PAX.patch (renamed from 4.0.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.0.4/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4430_grsec-remove-localversion-grsec.patch (renamed from 4.0.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4435_grsec-mute-warnings.patch (renamed from 4.0.4/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4440_grsec-remove-protected-paths.patch (renamed from 4.0.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4450_grsec-kconfig-default-gids.patch (renamed from 4.0.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.0.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4470_disable-compat_vdso.patch (renamed from 4.0.4/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 4.0.5/4475_emutramp_default_on.patch (renamed from 4.0.4/4475_emutramp_default_on.patch) | 0 |
25 files changed, 690 insertions, 470 deletions
diff --git a/3.14.43/0000_README b/3.14.44/0000_README index 6fbd85f..2105f07 100644 --- a/3.14.43/0000_README +++ b/3.14.44/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-3.14.43-201506021902.patch +Patch: 4420_grsecurity-3.1-3.14.44-201506082249.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.43/4420_grsecurity-3.1-3.14.43-201506021902.patch b/3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch index af87f48..3556faf 100644 --- a/3.14.43/4420_grsecurity-3.1-3.14.43-201506021902.patch +++ b/3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch @@ -295,22 +295,22 @@ index 5d91ba1..ef1d374 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index ae5f1e6..3c30412 100644 +index 9f2471c..0adedd5 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ HOSTCC = gcc HOSTCXX = g++ --HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer +-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu89 -HOSTCXXFLAGS = -O2 -+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks ++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 +HOSTCFLAGS += $(call cc-option, -Wno-empty-body) +HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds # Decide whether to build built-in, modular, or both. # Normally, just do built-in. -@@ -423,8 +424,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ +@@ -425,8 +426,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ # Rules shared between *config targets and build targets # Basic helpers built in scripts/ @@ -321,7 +321,7 @@ index ae5f1e6..3c30412 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -585,6 +586,75 @@ else +@@ -587,6 +588,75 @@ else KBUILD_CFLAGS += -O2 endif @@ -397,7 +397,7 @@ index ae5f1e6..3c30412 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -781,7 +851,7 @@ export mod_sign_cmd +@@ -783,7 +853,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -406,7 +406,7 @@ index ae5f1e6..3c30412 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -830,6 +900,8 @@ endif +@@ -832,6 +902,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -415,7 +415,7 @@ index ae5f1e6..3c30412 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -841,7 +913,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -424,7 +424,7 @@ index ae5f1e6..3c30412 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -884,10 +956,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -438,7 +438,7 @@ index ae5f1e6..3c30412 100644 prepare: prepare0 # Generate some files -@@ -993,6 +1068,8 @@ all: modules +@@ -995,6 +1070,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -447,7 +447,7 @@ index ae5f1e6..3c30412 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1010,7 +1087,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -456,7 +456,7 @@ index ae5f1e6..3c30412 100644 # Target to install modules PHONY += modules_install -@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1076,7 +1153,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -468,7 +468,7 @@ index ae5f1e6..3c30412 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1113,7 +1193,7 @@ distclean: mrproper +@@ -1115,7 +1195,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -477,7 +477,7 @@ index ae5f1e6..3c30412 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules +@@ -1277,6 +1357,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -486,7 +486,7 @@ index ae5f1e6..3c30412 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1414,17 +1496,21 @@ else +@@ -1416,17 +1498,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -512,7 +512,7 @@ index ae5f1e6..3c30412 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1434,11 +1520,15 @@ endif +@@ -1436,11 +1522,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -2647,7 +2647,7 @@ index 1879e8d..b2207fc 100644 #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index a2dcafd..1048b5a 100644 +index 98dd389..e6878f2 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -10,18 +10,46 @@ @@ -2700,7 +2700,7 @@ index a2dcafd..1048b5a 100644 .align 5 /* * This is the fast syscall return path. We do as little as -@@ -411,6 +439,12 @@ ENTRY(vector_swi) +@@ -413,6 +441,12 @@ ENTRY(vector_swi) USER( ldr scno, [lr, #-4] ) @ get SWI instruction #endif @@ -37316,7 +37316,7 @@ index 997540d..cebb4c5 100644 * Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121 */ diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 36605ab..6ef6d4b 100644 +index b65d79c..27ae93d 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1239,7 +1239,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -37329,7 +37329,7 @@ index 36605ab..6ef6d4b 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 538574f..4344396 100644 +index b1c0fcd..fcc0dd1 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -43247,7 +43247,7 @@ index 708081b..fe2d4ab 100644 int in_i = 1, temp_i = 1, curr_i = 1; enum iio_chan_type type; diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c -index 38d5a63..cf2c2ea 100644 +index 20b69bf..122e05b 100644 --- a/drivers/hwmon/nct6775.c +++ b/drivers/hwmon/nct6775.c @@ -944,10 +944,10 @@ static struct attribute_group * @@ -45141,7 +45141,7 @@ index 5b8f938..b73d657 100644 .callback = ss4200_led_dmi_callback, .ident = "Intel SS4200-E", diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index 0bf1e4e..0552eb9 100644 +index 19da222..0552eb9 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -97,9 +97,17 @@ static __init int map_switcher(void) @@ -45171,15 +45171,6 @@ index 0bf1e4e..0552eb9 100644 end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", -@@ -176,7 +184,7 @@ static void unmap_switcher(void) - bool lguest_address_ok(const struct lguest *lg, - unsigned long addr, unsigned long len) - { -- return (addr+len) / PAGE_SIZE < lg->pfn_limit && (addr+len >= addr); -+ return addr+len <= lg->pfn_limit * PAGE_SIZE && (addr+len >= addr); - } - - /* diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c index bfb39bb..08a603b 100644 --- a/drivers/lguest/page_tables.c @@ -45755,28 +45746,6 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ -diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c -index 683e685..9afd00b 100644 ---- a/drivers/md/raid0.c -+++ b/drivers/md/raid0.c -@@ -531,6 +531,9 @@ static void raid0_make_request(struct mddev *mddev, struct bio *bio) - ? (sector & (chunk_sects-1)) - : sector_div(sector, chunk_sects)); - -+ /* Restore due to sector_div */ -+ sector = bio->bi_iter.bi_sector; -+ - if (sectors < bio_sectors(bio)) { - split = bio_split(bio, sectors, GFP_NOIO, fs_bio_set); - bio_chain(split, bio); -@@ -538,7 +541,6 @@ static void raid0_make_request(struct mddev *mddev, struct bio *bio) - split = bio; - } - -- sector = bio->bi_iter.bi_sector; - zone = find_zone(mddev->private, §or); - tmp_dev = map_sector(mddev, zone, sector, §or); - split->bi_bdev = tmp_dev->bdev; diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index b96ee9d..1d38b21 100644 --- a/drivers/md/raid1.c @@ -45863,7 +45832,7 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 3545faf..1431c5a 100644 +index b98c70e..83d3273 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -942,23 +942,23 @@ async_copy_data(int frombio, struct bio *bio, struct page *page, @@ -45919,7 +45888,7 @@ index 3545faf..1431c5a 100644 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); conf->active_name = 0; -@@ -1995,21 +2003,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1996,21 +2004,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -45945,7 +45914,7 @@ index 3545faf..1431c5a 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2037,7 +2045,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2038,7 +2046,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -52263,7 +52232,7 @@ index 4a0d7c9..3d658d7 100644 .show_host_node_name = 1, .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index 1f42662..bf9836c 100644 +index b5f22a9..c67e04d 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h @@ -546,8 +546,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); @@ -52502,10 +52471,10 @@ index e3e794e..f72f20c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index e8abb73..faa6fbe 100644 +index a107064..a14c333 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2967,7 +2967,7 @@ static int sd_probe(struct device *dev) +@@ -2958,7 +2958,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -53874,7 +53843,7 @@ index 1deaca4..c8582d4 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 2ebe47b..3205833 100644 +index 5bfd807..337352af 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -58981,10 +58950,10 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c -index a5cc476..8586f7c 100644 +index 5af64e9..053fe2f 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c -@@ -1588,7 +1588,7 @@ void xen_irq_resume(void) +@@ -1592,7 +1592,7 @@ void xen_irq_resume(void) restore_pirqs(); } @@ -58993,7 +58962,7 @@ index a5cc476..8586f7c 100644 .name = "xen-dyn", .irq_disable = disable_dynirq, -@@ -1602,7 +1602,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { +@@ -1606,7 +1606,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { .irq_retrigger = retrigger_dynirq, }; @@ -59002,7 +58971,7 @@ index a5cc476..8586f7c 100644 .name = "xen-pirq", .irq_startup = startup_pirq, -@@ -1622,7 +1622,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { +@@ -1626,7 +1626,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { .irq_retrigger = retrigger_dynirq, }; @@ -65825,7 +65794,7 @@ index ca0ba15..0fa3257 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 78f4608..0f8b54b 100644 +index 35240a7..96dd7cf 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -66459,15 +66428,10 @@ index 78f4608..0f8b54b 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -816,12 +1253,21 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -816,6 +1253,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif -- total_size = total_mapping_size(elf_phdata, -- loc->elf_ex.e_phnum); -- if (!total_size) { -- error = -EINVAL; -- goto out_free_dentry; + +#ifdef CONFIG_PAX_RANDMMAP + /* PaX: randomize base address at the default exe base if requested */ @@ -66479,14 +66443,13 @@ index 78f4608..0f8b54b 100644 +#endif + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias); + elf_flags |= MAP_FIXED; - } ++ } +#endif + -+ total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum); - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -854,9 +1300,9 @@ static int load_elf_binary(struct linux_binprm *bprm) + total_size = total_mapping_size(elf_phdata, + loc->elf_ex.e_phnum); + if (!total_size) { +@@ -854,9 +1305,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -66499,7 +66462,7 @@ index 78f4608..0f8b54b 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -895,17 +1341,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -895,17 +1346,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -66551,7 +66514,7 @@ index 78f4608..0f8b54b 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1127,7 +1601,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1127,7 +1606,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -66560,7 +66523,7 @@ index 78f4608..0f8b54b 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1165,7 +1639,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1165,7 +1644,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -66569,7 +66532,7 @@ index 78f4608..0f8b54b 100644 goto whole; /* -@@ -1372,9 +1846,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1372,9 +1851,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -66581,7 +66544,7 @@ index 78f4608..0f8b54b 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1383,7 +1857,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1383,7 +1862,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -66590,7 +66553,7 @@ index 78f4608..0f8b54b 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2007,14 +2481,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2007,14 +2486,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -66607,7 +66570,7 @@ index 78f4608..0f8b54b 100644 return size; } -@@ -2105,7 +2579,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2105,7 +2584,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -66616,7 +66579,7 @@ index 78f4608..0f8b54b 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2133,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2133,7 +2612,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -66625,7 +66588,7 @@ index 78f4608..0f8b54b 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2166,7 +2640,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2166,7 +2645,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -66634,7 +66597,7 @@ index 78f4608..0f8b54b 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2207,6 +2681,167 @@ out: +@@ -2207,6 +2686,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -68016,7 +67979,7 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index a9231c8..f87d4b8 100644 +index 1d7e8a3..f87d4b8 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) @@ -68093,24 +68056,6 @@ index a9231c8..f87d4b8 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1135,13 +1135,13 @@ ascend: - /* might go back up the wrong parent if we have had a rename. */ - if (need_seqretry(&rename_lock, seq)) - goto rename_retry; -- next = child->d_child.next; -- while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)) { -+ /* go into the first sibling still alive */ -+ do { -+ next = child->d_child.next; - if (next == &this_parent->d_subdirs) - goto ascend; - child = list_entry(next, struct dentry, d_child); -- next = next->next; -- } -+ } while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)); - rcu_read_unlock(); - goto resume; - } @@ -1269,7 +1269,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) * loop in shrink_dcache_parent() might not make any progress * and loop forever. @@ -69586,7 +69531,7 @@ index ef68665..5deacdc 100644 return 0; } diff --git a/fs/fhandle.c b/fs/fhandle.c -index 999ff5c..2281df9 100644 +index d59712d..2281df9 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -8,6 +8,7 @@ @@ -69616,18 +69561,6 @@ index 999ff5c..2281df9 100644 retval = -EPERM; goto out_err; } -@@ -195,8 +195,9 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, - goto out_err; - } - /* copy the full handle */ -- if (copy_from_user(handle, ufh, -- sizeof(struct file_handle) + -+ *handle = f_handle; -+ if (copy_from_user(&handle->f_handle, -+ &ufh->f_handle, - f_handle.handle_bytes)) { - retval = -EFAULT; - goto out_handle; diff --git a/fs/file.c b/fs/file.c index eb56a13..ccee850 100644 --- a/fs/file.c @@ -72990,7 +72923,7 @@ index 17679f2..85f4981 100644 } putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c -index 78fd0d0..6757bcf 100644 +index 78fd0d0..e829d3e 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -37,7 +37,7 @@ unsigned int pipe_max_size = 1048576; @@ -73020,7 +72953,109 @@ index 78fd0d0..6757bcf 100644 mutex_unlock(&pipe->mutex); } EXPORT_SYMBOL(pipe_unlock); -@@ -449,9 +449,9 @@ redo: +@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe) + } + + static int +-pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, +- int atomic) ++pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov, ++ size_t *remaining, int atomic) + { + unsigned long copy; + +- while (len > 0) { ++ while (*remaining > 0) { + while (!iov->iov_len) + iov++; +- copy = min_t(unsigned long, len, iov->iov_len); ++ copy = min_t(unsigned long, *remaining, iov->iov_len); + + if (atomic) { +- if (__copy_from_user_inatomic(to, iov->iov_base, copy)) ++ if (__copy_from_user_inatomic(addr + *offset, ++ iov->iov_base, copy)) + return -EFAULT; + } else { +- if (copy_from_user(to, iov->iov_base, copy)) ++ if (copy_from_user(addr + *offset, ++ iov->iov_base, copy)) + return -EFAULT; + } +- to += copy; +- len -= copy; ++ *offset += copy; ++ *remaining -= copy; + iov->iov_base += copy; + iov->iov_len -= copy; + } +@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, + } + + static int +-pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, +- int atomic) ++pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset, ++ size_t *remaining, int atomic) + { + unsigned long copy; + +- while (len > 0) { ++ while (*remaining > 0) { + while (!iov->iov_len) + iov++; +- copy = min_t(unsigned long, len, iov->iov_len); ++ copy = min_t(unsigned long, *remaining, iov->iov_len); + + if (atomic) { +- if (__copy_to_user_inatomic(iov->iov_base, from, copy)) ++ if (__copy_to_user_inatomic(iov->iov_base, ++ addr + *offset, copy)) + return -EFAULT; + } else { +- if (copy_to_user(iov->iov_base, from, copy)) ++ if (copy_to_user(iov->iov_base, ++ addr + *offset, copy)) + return -EFAULT; + } +- from += copy; +- len -= copy; ++ *offset += copy; ++ *remaining -= copy; + iov->iov_base += copy; + iov->iov_len -= copy; + } +@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, + struct pipe_buffer *buf = pipe->bufs + curbuf; + const struct pipe_buf_operations *ops = buf->ops; + void *addr; +- size_t chars = buf->len; ++ size_t chars = buf->len, remaining; + int error, atomic; + + if (chars > total_len) +@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, + } + + atomic = !iov_fault_in_pages_write(iov, chars); ++ remaining = chars; + redo: + addr = ops->map(pipe, buf, atomic); +- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); ++ error = pipe_iov_copy_to_user(iov, addr, &buf->offset, ++ &remaining, atomic); + ops->unmap(pipe, buf, addr); + if (unlikely(error)) { + /* +@@ -426,7 +432,6 @@ redo: + break; + } + ret += chars; +- buf->offset += chars; + buf->len -= chars; + + /* Was it a packet buffer? Clean up and exit */ +@@ -449,9 +454,9 @@ redo: } if (bufs) /* More to do? */ continue; @@ -73032,7 +73067,7 @@ index 78fd0d0..6757bcf 100644 /* syscall merging: Usually we must not sleep * if O_NONBLOCK is set, or if we got some data. * But if a writer sleeps in kernel space, then -@@ -513,7 +513,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, +@@ -513,7 +518,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, ret = 0; __pipe_lock(pipe); @@ -73041,7 +73076,26 @@ index 78fd0d0..6757bcf 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; goto out; -@@ -562,7 +562,7 @@ redo1: +@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, + if (ops->can_merge && offset + chars <= PAGE_SIZE) { + int error, atomic = 1; + void *addr; ++ size_t remaining = chars; + + error = ops->confirm(pipe, buf); + if (error) +@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, + iov_fault_in_pages_read(iov, chars); + redo1: + addr = ops->map(pipe, buf, atomic); +- error = pipe_iov_copy_from_user(offset + addr, iov, +- chars, atomic); ++ error = pipe_iov_copy_from_user(addr, &offset, iov, ++ &remaining, atomic); + ops->unmap(pipe, buf, addr); + ret = error; + do_wakeup = 1; +@@ -562,7 +568,7 @@ redo1: for (;;) { int bufs; @@ -73050,7 +73104,34 @@ index 78fd0d0..6757bcf 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -653,9 +653,9 @@ redo2: +@@ -575,6 +581,8 @@ redo1: + struct page *page = pipe->tmp_page; + char *src; + int error, atomic = 1; ++ int offset = 0; ++ size_t remaining; + + if (!page) { + page = alloc_page(GFP_HIGHUSER); +@@ -595,14 +603,15 @@ redo1: + chars = total_len; + + iov_fault_in_pages_read(iov, chars); ++ remaining = chars; + redo2: + if (atomic) + src = kmap_atomic(page); + else + src = kmap(page); + +- error = pipe_iov_copy_from_user(src, iov, chars, +- atomic); ++ error = pipe_iov_copy_from_user(src, &offset, iov, ++ &remaining, atomic); + if (atomic) + kunmap_atomic(src); + else +@@ -653,9 +662,9 @@ redo2: kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } @@ -73062,7 +73143,7 @@ index 78fd0d0..6757bcf 100644 } out: __pipe_unlock(pipe); -@@ -710,7 +710,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -710,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait) mask = 0; if (filp->f_mode & FMODE_READ) { mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; @@ -73071,7 +73152,7 @@ index 78fd0d0..6757bcf 100644 mask |= POLLHUP; } -@@ -720,7 +720,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -720,7 +729,7 @@ pipe_poll(struct file *filp, poll_table *wait) * Most Unices do not set POLLERR for FIFOs but on Linux they * behave exactly like pipes for poll(). */ @@ -73080,7 +73161,7 @@ index 78fd0d0..6757bcf 100644 mask |= POLLERR; } -@@ -732,7 +732,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe) +@@ -732,7 +741,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe) int kill = 0; spin_lock(&inode->i_lock); @@ -73089,7 +73170,7 @@ index 78fd0d0..6757bcf 100644 inode->i_pipe = NULL; kill = 1; } -@@ -749,11 +749,11 @@ pipe_release(struct inode *inode, struct file *file) +@@ -749,11 +758,11 @@ pipe_release(struct inode *inode, struct file *file) __pipe_lock(pipe); if (file->f_mode & FMODE_READ) @@ -73104,7 +73185,7 @@ index 78fd0d0..6757bcf 100644 wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); -@@ -818,7 +818,7 @@ void free_pipe_info(struct pipe_inode_info *pipe) +@@ -818,7 +827,7 @@ void free_pipe_info(struct pipe_inode_info *pipe) kfree(pipe); } @@ -73113,7 +73194,7 @@ index 78fd0d0..6757bcf 100644 /* * pipefs_dname() is called from d_path(). -@@ -848,8 +848,9 @@ static struct inode * get_pipe_inode(void) +@@ -848,8 +857,9 @@ static struct inode * get_pipe_inode(void) goto fail_iput; inode->i_pipe = pipe; @@ -73125,7 +73206,7 @@ index 78fd0d0..6757bcf 100644 inode->i_fop = &pipefifo_fops; /* -@@ -1028,17 +1029,17 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -1028,17 +1038,17 @@ static int fifo_open(struct inode *inode, struct file *filp) spin_lock(&inode->i_lock); if (inode->i_pipe) { pipe = inode->i_pipe; @@ -73146,7 +73227,7 @@ index 78fd0d0..6757bcf 100644 spin_unlock(&inode->i_lock); free_pipe_info(pipe); pipe = inode->i_pipe; -@@ -1063,10 +1064,10 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -1063,10 +1073,10 @@ static int fifo_open(struct inode *inode, struct file *filp) * opened, even when there is no process writing the FIFO. */ pipe->r_counter++; @@ -73159,7 +73240,7 @@ index 78fd0d0..6757bcf 100644 if ((filp->f_flags & O_NONBLOCK)) { /* suppress POLLHUP until we have * seen a writer */ -@@ -1085,14 +1086,14 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -1085,14 +1095,14 @@ static int fifo_open(struct inode *inode, struct file *filp) * errno=ENXIO when there is no process reading the FIFO. */ ret = -ENXIO; @@ -73177,7 +73258,7 @@ index 78fd0d0..6757bcf 100644 if (wait_for_partner(pipe, &pipe->r_counter)) goto err_wr; } -@@ -1106,11 +1107,11 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -1106,11 +1116,11 @@ static int fifo_open(struct inode *inode, struct file *filp) * the process can at least talk to itself. */ @@ -73192,7 +73273,7 @@ index 78fd0d0..6757bcf 100644 wake_up_partner(pipe); break; -@@ -1124,13 +1125,13 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -1124,13 +1134,13 @@ static int fifo_open(struct inode *inode, struct file *filp) return 0; err_rd: @@ -73208,7 +73289,7 @@ index 78fd0d0..6757bcf 100644 wake_up_interruptible(&pipe->wait); ret = -ERESTARTSYS; goto err; -@@ -1208,7 +1209,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) +@@ -1208,7 +1218,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) * Currently we rely on the pipe array holding a power-of-2 number * of pages. */ @@ -73217,7 +73298,7 @@ index 78fd0d0..6757bcf 100644 { unsigned long nr_pages; -@@ -1256,13 +1257,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) +@@ -1256,13 +1266,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) switch (cmd) { case F_SETPIPE_SZ: { @@ -91801,10 +91882,10 @@ index b8e9a43..632678d 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index e13b3ae..5f450e6 100644 +index b84e786..2e320a9 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -977,7 +977,7 @@ struct ata_port_operations { +@@ -986,7 +986,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -97259,7 +97340,7 @@ index 18711f3..a8e4c7b 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index 0a09e48..b46b3d78 100644 +index 0a09e48..4a1a597 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -97407,7 +97488,27 @@ index 0a09e48..b46b3d78 100644 set_fs(oldfs); if ((err == -ERESTART_RESTARTBLOCK) && rmtp && -@@ -1128,7 +1129,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, +@@ -895,7 +896,8 @@ long compat_get_bitmap(unsigned long *mask, const compat_ulong_t __user *umask, + * bitmap. We must however ensure the end of the + * kernel bitmap is zeroed. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__get_user(um, umask)) + return -EFAULT; + } else { +@@ -937,7 +939,8 @@ long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask, + * We dont want to write past the end of the userspace + * bitmap. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__put_user(um, umask)) + return -EFAULT; + } +@@ -1128,7 +1131,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -104085,7 +104186,7 @@ index bb2b201..46abaf9 100644 /* diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c -index a28df52..02dccaa 100644 +index 1164961..02dccaa 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -26,7 +26,7 @@ @@ -104097,16 +104198,6 @@ index a28df52..02dccaa 100644 long align, res = 0; unsigned long c; -@@ -57,7 +57,8 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, - return res + find_zero(data) + 1 - align; - } - res += sizeof(unsigned long); -- if (unlikely(max < sizeof(unsigned long))) -+ /* We already handled 'unsigned long' bytes. Did we do it all ? */ -+ if (unlikely(max <= sizeof(unsigned long))) - break; - max -= sizeof(unsigned long); - if (unlikely(__get_user(c,(unsigned long __user *)(src+res)))) diff --git a/lib/swiotlb.c b/lib/swiotlb.c index b604b83..c0547f6 100644 --- a/lib/swiotlb.c @@ -105554,7 +105645,7 @@ index 749e1c6..f7fbc29 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index e8fff0f..8d10fb5 100644 +index 936866e..25f7b73 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -112705,6 +112796,34 @@ index 3f0ec06..230c2c5 100644 .set_link_af = inet6_set_link_af, }; +diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c +index 4c11cbc..1ca51c7 100644 +--- a/net/ipv6/addrconf_core.c ++++ b/net/ipv6/addrconf_core.c +@@ -126,6 +126,14 @@ static void snmp6_free_dev(struct inet6_dev *idev) + snmp_mib_free((void __percpu **)idev->stats.ipv6); + } + ++static void in6_dev_finish_destroy_rcu(struct rcu_head *head) ++{ ++ struct inet6_dev *idev = container_of(head, struct inet6_dev, rcu); ++ ++ snmp6_free_dev(idev); ++ kfree(idev); ++} ++ + /* Nobody refers to this device, we may destroy it. */ + + void in6_dev_finish_destroy(struct inet6_dev *idev) +@@ -144,7 +152,6 @@ void in6_dev_finish_destroy(struct inet6_dev *idev) + pr_warn("Freeing alive inet6 device %p\n", idev); + return; + } +- snmp6_free_dev(idev); +- kfree_rcu(idev, rcu); ++ call_rcu(&idev->rcu, in6_dev_finish_destroy_rcu); + } + EXPORT_SYMBOL(in6_dev_finish_destroy); diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index d935889..d0f3a63 100644 --- a/net/ipv6/af_inet6.c @@ -115673,7 +115792,7 @@ index dfa532f..1dcfb44 100644 } diff --git a/net/socket.c b/net/socket.c -index 1b2c2d6..ba09864 100644 +index b72fc13..50e43ff 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -115867,7 +115986,7 @@ index 1b2c2d6..ba09864 100644 if (kmsg->msg_namelen < 0) return -EINVAL; -@@ -2062,7 +2131,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2060,7 +2129,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -115876,7 +115995,7 @@ index 1b2c2d6..ba09864 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2213,7 +2282,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2211,7 +2280,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -115885,7 +116004,7 @@ index 1b2c2d6..ba09864 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2242,7 +2311,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2238,7 +2307,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -115894,7 +116013,7 @@ index 1b2c2d6..ba09864 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2886,7 +2955,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2882,7 +2951,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -115903,7 +116022,7 @@ index 1b2c2d6..ba09864 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2997,7 +3066,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2993,7 +3062,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -115912,7 +116031,7 @@ index 1b2c2d6..ba09864 100644 set_fs(old_fs); return err; -@@ -3090,7 +3159,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3086,7 +3155,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -115921,7 +116040,7 @@ index 1b2c2d6..ba09864 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3174,7 +3243,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3170,7 +3239,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -115930,7 +116049,7 @@ index 1b2c2d6..ba09864 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3401,8 +3470,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3397,8 +3466,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -115941,7 +116060,7 @@ index 1b2c2d6..ba09864 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3422,7 +3491,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3418,7 +3487,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; diff --git a/3.14.43/4425_grsec_remove_EI_PAX.patch b/3.14.44/4425_grsec_remove_EI_PAX.patch index a80a5d7..a80a5d7 100644 --- a/3.14.43/4425_grsec_remove_EI_PAX.patch +++ b/3.14.44/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.43/4427_force_XATTR_PAX_tmpfs.patch b/3.14.44/4427_force_XATTR_PAX_tmpfs.patch index 4c236cc..4c236cc 100644 --- a/3.14.43/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.44/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.43/4430_grsec-remove-localversion-grsec.patch b/3.14.44/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.43/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.44/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.43/4435_grsec-mute-warnings.patch b/3.14.44/4435_grsec-mute-warnings.patch index 392cefb..558c435 100644 --- a/3.14.43/4435_grsec-mute-warnings.patch +++ b/3.14.44/4435_grsec-mute-warnings.patch @@ -35,8 +35,8 @@ Acked-by: Christian Heim <phreak@gentoo.org> HOSTCC = gcc HOSTCXX = g++ --HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks +-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 ++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 HOSTCFLAGS += $(call cc-option, -Wno-empty-body) HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds diff --git a/3.14.43/4440_grsec-remove-protected-paths.patch b/3.14.44/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.43/4440_grsec-remove-protected-paths.patch +++ b/3.14.44/4440_grsec-remove-protected-paths.patch diff --git a/3.14.43/4450_grsec-kconfig-default-gids.patch b/3.14.44/4450_grsec-kconfig-default-gids.patch index b96defc..b96defc 100644 --- a/3.14.43/4450_grsec-kconfig-default-gids.patch +++ b/3.14.44/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.43/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.44/4465_selinux-avc_audit-log-curr_ip.patch index bba906e..bba906e 100644 --- a/3.14.43/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.44/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.43/4470_disable-compat_vdso.patch b/3.14.44/4470_disable-compat_vdso.patch index 3b3953b..3b3953b 100644 --- a/3.14.43/4470_disable-compat_vdso.patch +++ b/3.14.44/4470_disable-compat_vdso.patch diff --git a/3.14.43/4475_emutramp_default_on.patch b/3.14.44/4475_emutramp_default_on.patch index a128205..a128205 100644 --- a/3.14.43/4475_emutramp_default_on.patch +++ b/3.14.44/4475_emutramp_default_on.patch diff --git a/3.2.69/0000_README b/3.2.69/0000_README index 26a7110..c5e335b 100644 --- a/3.2.69/0000_README +++ b/3.2.69/0000_README @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch From: http://www.kernel.org Desc: Linux 3.2.69 -Patch: 4420_grsecurity-3.1-3.2.69-201506021858.patch +Patch: 4420_grsecurity-3.1-3.2.69-201506082246.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506021858.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch index e2400cb..35a63ac 100644 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506021858.patch +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch @@ -282,7 +282,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index 8071888..3889f72 100644 +index 8071888..b024b7b 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -291,7 +291,7 @@ index 8071888..3889f72 100644 HOSTCXX = g++ -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -HOSTCXXFLAGS = -O2 -+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks ++HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 +HOSTCFLAGS += $(call cc-option, -Wno-empty-body) +HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds @@ -44585,7 +44585,7 @@ index e9c6a60..a1d04d6 100644 seq_printf(m, " {CurRepSz=%d} x {CurRepDepth=%d} = %d bytes ^= 0x%x\n", ioc->reply_sz, ioc->reply_depth, ioc->reply_sz*ioc->reply_depth, sz); diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 9d95042..b808101 100644 +index 9d950429..b808101 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -64522,7 +64522,7 @@ index bd8ae78..539d250 100644 ldm_crit ("Out of memory."); return false; diff --git a/fs/pipe.c b/fs/pipe.c -index 8ca88fc..a2aefd9 100644 +index 8ca88fc..db6ce82 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -33,7 +33,7 @@ unsigned int pipe_max_size = 1048576; @@ -64534,7 +64534,109 @@ index 8ca88fc..a2aefd9 100644 /* * We use a start+len construction, which provides full use of the -@@ -437,9 +437,9 @@ redo: +@@ -103,25 +103,27 @@ void pipe_wait(struct pipe_inode_info *pipe) + } + + static int +-pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, +- int atomic) ++pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov, ++ size_t *remaining, int atomic) + { + unsigned long copy; + +- while (len > 0) { ++ while (*remaining > 0) { + while (!iov->iov_len) + iov++; +- copy = min_t(unsigned long, len, iov->iov_len); ++ copy = min_t(unsigned long, *remaining, iov->iov_len); + + if (atomic) { +- if (__copy_from_user_inatomic(to, iov->iov_base, copy)) ++ if (__copy_from_user_inatomic(addr + *offset, ++ iov->iov_base, copy)) + return -EFAULT; + } else { +- if (copy_from_user(to, iov->iov_base, copy)) ++ if (copy_from_user(addr + *offset, ++ iov->iov_base, copy)) + return -EFAULT; + } +- to += copy; +- len -= copy; ++ *offset += copy; ++ *remaining -= copy; + iov->iov_base += copy; + iov->iov_len -= copy; + } +@@ -129,25 +131,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, + } + + static int +-pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, +- int atomic) ++pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset, ++ size_t *remaining, int atomic) + { + unsigned long copy; + +- while (len > 0) { ++ while (*remaining > 0) { + while (!iov->iov_len) + iov++; +- copy = min_t(unsigned long, len, iov->iov_len); ++ copy = min_t(unsigned long, *remaining, iov->iov_len); + + if (atomic) { +- if (__copy_to_user_inatomic(iov->iov_base, from, copy)) ++ if (__copy_to_user_inatomic(iov->iov_base, ++ addr + *offset, copy)) + return -EFAULT; + } else { +- if (copy_to_user(iov->iov_base, from, copy)) ++ if (copy_to_user(iov->iov_base, ++ addr + *offset, copy)) + return -EFAULT; + } +- from += copy; +- len -= copy; ++ *offset += copy; ++ *remaining -= copy; + iov->iov_base += copy; + iov->iov_len -= copy; + } +@@ -383,7 +387,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, + struct pipe_buffer *buf = pipe->bufs + curbuf; + const struct pipe_buf_operations *ops = buf->ops; + void *addr; +- size_t chars = buf->len; ++ size_t chars = buf->len, remaining; + int error, atomic; + + if (chars > total_len) +@@ -397,9 +401,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, + } + + atomic = !iov_fault_in_pages_write(iov, chars); ++ remaining = chars; + redo: + addr = ops->map(pipe, buf, atomic); +- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); ++ error = pipe_iov_copy_to_user(iov, addr, &buf->offset, ++ &remaining, atomic); + ops->unmap(pipe, buf, addr); + if (unlikely(error)) { + /* +@@ -414,7 +420,6 @@ redo: + break; + } + ret += chars; +- buf->offset += chars; + buf->len -= chars; + + /* Was it a packet buffer? Clean up and exit */ +@@ -437,9 +442,9 @@ redo: } if (bufs) /* More to do? */ continue; @@ -64546,7 +64648,7 @@ index 8ca88fc..a2aefd9 100644 /* syscall merging: Usually we must not sleep * if O_NONBLOCK is set, or if we got some data. * But if a writer sleeps in kernel space, then -@@ -503,7 +503,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, +@@ -503,7 +508,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; @@ -64555,7 +64657,26 @@ index 8ca88fc..a2aefd9 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; goto out; -@@ -552,7 +552,7 @@ redo1: +@@ -521,6 +526,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, + if (ops->can_merge && offset + chars <= PAGE_SIZE) { + int error, atomic = 1; + void *addr; ++ size_t remaining = chars; + + error = ops->confirm(pipe, buf); + if (error) +@@ -529,8 +535,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, + iov_fault_in_pages_read(iov, chars); + redo1: + addr = ops->map(pipe, buf, atomic); +- error = pipe_iov_copy_from_user(offset + addr, iov, +- chars, atomic); ++ error = pipe_iov_copy_from_user(addr, &offset, iov, ++ &remaining, atomic); + ops->unmap(pipe, buf, addr); + ret = error; + do_wakeup = 1; +@@ -552,7 +558,7 @@ redo1: for (;;) { int bufs; @@ -64564,7 +64685,34 @@ index 8ca88fc..a2aefd9 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -643,9 +643,9 @@ redo2: +@@ -565,6 +571,8 @@ redo1: + struct page *page = pipe->tmp_page; + char *src; + int error, atomic = 1; ++ int offset = 0; ++ size_t remaining; + + if (!page) { + page = alloc_page(GFP_HIGHUSER); +@@ -585,14 +593,15 @@ redo1: + chars = total_len; + + iov_fault_in_pages_read(iov, chars); ++ remaining = chars; + redo2: + if (atomic) + src = kmap_atomic(page, KM_USER0); + else + src = kmap(page); + +- error = pipe_iov_copy_from_user(src, iov, chars, +- atomic); ++ error = pipe_iov_copy_from_user(src, &offset, iov, ++ &remaining, atomic); + if (atomic) + kunmap_atomic(src, KM_USER0); + else +@@ -643,9 +652,9 @@ redo2: kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); do_wakeup = 0; } @@ -64576,7 +64724,7 @@ index 8ca88fc..a2aefd9 100644 } out: mutex_unlock(&inode->i_mutex); -@@ -712,7 +712,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -712,7 +721,7 @@ pipe_poll(struct file *filp, poll_table *wait) mask = 0; if (filp->f_mode & FMODE_READ) { mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; @@ -64585,7 +64733,7 @@ index 8ca88fc..a2aefd9 100644 mask |= POLLHUP; } -@@ -722,7 +722,7 @@ pipe_poll(struct file *filp, poll_table *wait) +@@ -722,7 +731,7 @@ pipe_poll(struct file *filp, poll_table *wait) * Most Unices do not set POLLERR for FIFOs but on Linux they * behave exactly like pipes for poll(). */ @@ -64594,7 +64742,7 @@ index 8ca88fc..a2aefd9 100644 mask |= POLLERR; } -@@ -736,10 +736,10 @@ pipe_release(struct inode *inode, int decr, int decw) +@@ -736,10 +745,10 @@ pipe_release(struct inode *inode, int decr, int decw) mutex_lock(&inode->i_mutex); pipe = inode->i_pipe; @@ -64608,7 +64756,7 @@ index 8ca88fc..a2aefd9 100644 free_pipe_info(inode); } else { wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); -@@ -829,7 +829,7 @@ pipe_read_open(struct inode *inode, struct file *filp) +@@ -829,7 +838,7 @@ pipe_read_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -64617,7 +64765,7 @@ index 8ca88fc..a2aefd9 100644 } mutex_unlock(&inode->i_mutex); -@@ -846,7 +846,7 @@ pipe_write_open(struct inode *inode, struct file *filp) +@@ -846,7 +855,7 @@ pipe_write_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; @@ -64626,7 +64774,7 @@ index 8ca88fc..a2aefd9 100644 } mutex_unlock(&inode->i_mutex); -@@ -867,9 +867,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) +@@ -867,9 +876,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp) if (inode->i_pipe) { ret = 0; if (filp->f_mode & FMODE_READ) @@ -64638,7 +64786,7 @@ index 8ca88fc..a2aefd9 100644 } mutex_unlock(&inode->i_mutex); -@@ -961,7 +961,7 @@ void free_pipe_info(struct inode *inode) +@@ -961,7 +970,7 @@ void free_pipe_info(struct inode *inode) inode->i_pipe = NULL; } @@ -64647,7 +64795,7 @@ index 8ca88fc..a2aefd9 100644 /* * pipefs_dname() is called from d_path(). -@@ -991,7 +991,8 @@ static struct inode * get_pipe_inode(void) +@@ -991,7 +1000,8 @@ static struct inode * get_pipe_inode(void) goto fail_iput; inode->i_pipe = pipe; @@ -64657,7 +64805,7 @@ index 8ca88fc..a2aefd9 100644 inode->i_fop = &rdwr_pipefifo_fops; /* -@@ -1203,7 +1204,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) +@@ -1203,7 +1213,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) * Currently we rely on the pipe array holding a power-of-2 number * of pages. */ @@ -64666,7 +64814,7 @@ index 8ca88fc..a2aefd9 100644 { unsigned long nr_pages; -@@ -1253,13 +1254,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) +@@ -1253,13 +1263,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) switch (cmd) { case F_SETPIPE_SZ: { @@ -89395,7 +89543,7 @@ index eafb6dd..59c908d 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index a6d0649..f44fb27 100644 +index a6d0649..1e3815f 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -89552,6 +89700,26 @@ index a6d0649..f44fb27 100644 set_fs(oldfs); if ((err == -ERESTART_RESTARTBLOCK) && rmtp && +@@ -855,7 +856,8 @@ long compat_get_bitmap(unsigned long *mask, const compat_ulong_t __user *umask, + * bitmap. We must however ensure the end of the + * kernel bitmap is zeroed. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__get_user(um, umask)) + return -EFAULT; + } else { +@@ -897,7 +899,8 @@ long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask, + * We dont want to write past the end of the userspace + * bitmap. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__put_user(um, umask)) + return -EFAULT; + } diff --git a/kernel/configs.c b/kernel/configs.c index 42e8fa0..9e7406b 100644 --- a/kernel/configs.c diff --git a/3.2.69/4435_grsec-mute-warnings.patch b/3.2.69/4435_grsec-mute-warnings.patch index da01ac7..baa71cb 100644 --- a/3.2.69/4435_grsec-mute-warnings.patch +++ b/3.2.69/4435_grsec-mute-warnings.patch @@ -35,8 +35,8 @@ Acked-by: Christian Heim <phreak@gentoo.org> HOSTCC = gcc HOSTCXX = g++ --HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -+HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks +-HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 ++HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -std=gnu89 HOSTCFLAGS += $(call cc-option, -Wno-empty-body) HOSTCXXFLAGS = -O2 -Wall -W -Wno-array-bounds diff --git a/4.0.4/0000_README b/4.0.5/0000_README index 2b2ce68..06efdbb 100644 --- a/4.0.4/0000_README +++ b/4.0.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.0.4-201506021902.patch +Patch: 4420_grsecurity-3.1-4.0.5-201506082251.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.0.4/4420_grsecurity-3.1-4.0.4-201506021902.patch b/4.0.5/4420_grsecurity-3.1-4.0.5-201506082251.patch index 802855c..8498741 100644 --- a/4.0.4/4420_grsecurity-3.1-4.0.4-201506021902.patch +++ b/4.0.5/4420_grsecurity-3.1-4.0.5-201506082251.patch @@ -373,7 +373,7 @@ index 4d68ec8..9546b75 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 3d16bcc..c31faf4 100644 +index 1880cf7..a141b1e 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2603,7 +2603,7 @@ index 672b219..4aa120a 100644 #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index f8ccc21..83d192f 100644 +index 4e7f40c..0f9ee2c 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -11,18 +11,46 @@ @@ -2656,7 +2656,7 @@ index f8ccc21..83d192f 100644 .align 5 /* * This is the fast syscall return path. We do as little as -@@ -171,6 +199,12 @@ ENTRY(vector_swi) +@@ -173,6 +201,12 @@ ENTRY(vector_swi) USER( ldr scno, [lr, #-4] ) @ get SWI instruction #endif @@ -4321,7 +4321,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index 4e6ef89..21c27f2 100644 +index 7186382..0c145cf 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -41,6 +41,22 @@ @@ -7235,7 +7235,7 @@ index 47f11c7..3420df2 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h -index 3391d06..c23a2cc 100644 +index 78c9fd3..42fa66a 100644 --- a/arch/parisc/include/asm/elf.h +++ b/arch/parisc/include/asm/elf.h @@ -342,6 +342,13 @@ struct pt_regs; /* forward declaration... */ @@ -7419,10 +7419,10 @@ index 3c63a82..b1d6ee9 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index e1ffea2..46ed66e 100644 +index 5aba01a..47cdd5a 100644 --- a/arch/parisc/kernel/sys_parisc.c +++ b/arch/parisc/kernel/sys_parisc.c -@@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -92,6 +92,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long task_size = TASK_SIZE; int do_color_align, last_mmap; struct vm_unmapped_area_info info; @@ -7430,7 +7430,7 @@ index e1ffea2..46ed66e 100644 if (len > task_size) return -ENOMEM; -@@ -106,6 +107,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -109,6 +110,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, goto found_addr; } @@ -7441,7 +7441,7 @@ index e1ffea2..46ed66e 100644 if (addr) { if (do_color_align && last_mmap) addr = COLOR_ALIGN(addr, last_mmap, pgoff); -@@ -124,6 +129,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -127,6 +132,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, info.high_limit = mmap_upper_limit(); info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0; info.align_offset = shared_align_offset(last_mmap, pgoff); @@ -7449,7 +7449,7 @@ index e1ffea2..46ed66e 100644 addr = vm_unmapped_area(&info); found_addr: -@@ -143,6 +149,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -146,6 +152,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long addr = addr0; int do_color_align, last_mmap; struct vm_unmapped_area_info info; @@ -7457,7 +7457,7 @@ index e1ffea2..46ed66e 100644 #ifdef CONFIG_64BIT /* This should only ever run for 32-bit processes. */ -@@ -167,6 +174,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -170,6 +177,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, } /* requesting a specific address */ @@ -7468,7 +7468,7 @@ index e1ffea2..46ed66e 100644 if (addr) { if (do_color_align && last_mmap) addr = COLOR_ALIGN(addr, last_mmap, pgoff); -@@ -184,6 +195,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -187,6 +198,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.high_limit = mm->mmap_base; info.align_mask = last_mmap ? (PAGE_MASK & (SHM_COLOUR - 1)) : 0; info.align_offset = shared_align_offset(last_mmap, pgoff); @@ -7476,7 +7476,7 @@ index e1ffea2..46ed66e 100644 addr = vm_unmapped_area(&info); if (!(addr & ~PAGE_MASK)) goto found_addr; -@@ -249,6 +261,13 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -252,6 +264,13 @@ void arch_pick_mmap_layout(struct mm_struct *mm) mm->mmap_legacy_base = mmap_legacy_base(); mm->mmap_base = mmap_upper_limit(); @@ -21445,7 +21445,7 @@ index 6596433..1ad6eaf 100644 "index%1lu", i); if (unlikely(retval)) { diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 3c036cb..3b5677d 100644 +index 11dd8f2..fd88f68 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -47,6 +47,7 @@ @@ -21505,7 +21505,7 @@ index 3c036cb..3b5677d 100644 } else pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg); } -@@ -743,7 +744,7 @@ static int mce_timed_out(u64 *t, const char *msg) +@@ -746,7 +747,7 @@ static int mce_timed_out(u64 *t, const char *msg) * might have been modified by someone else. */ rmb(); @@ -21514,7 +21514,7 @@ index 3c036cb..3b5677d 100644 wait_for_panic(); if (!mca_cfg.monarch_timeout) goto out; -@@ -1669,7 +1670,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1672,7 +1673,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -21523,7 +21523,7 @@ index 3c036cb..3b5677d 100644 unexpected_machine_check; /* -@@ -1692,7 +1693,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1695,7 +1696,9 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -21533,7 +21533,7 @@ index 3c036cb..3b5677d 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1706,7 +1709,7 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1709,7 +1712,7 @@ void mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -21542,7 +21542,7 @@ index 3c036cb..3b5677d 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1714,7 +1717,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1717,7 +1720,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -21551,7 +21551,7 @@ index 3c036cb..3b5677d 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1722,7 +1725,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1725,7 +1728,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -21560,7 +21560,7 @@ index 3c036cb..3b5677d 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1733,7 +1736,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1736,7 +1739,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -21569,7 +21569,7 @@ index 3c036cb..3b5677d 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2408,7 +2411,7 @@ static __init void mce_init_banks(void) +@@ -2411,7 +2414,7 @@ static __init void mce_init_banks(void) for (i = 0; i < mca_cfg.banks; i++) { struct mce_bank *b = &mce_banks[i]; @@ -21578,7 +21578,7 @@ index 3c036cb..3b5677d 100644 sysfs_attr_init(&a->attr); a->attr.name = b->attrname; -@@ -2515,7 +2518,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2518,7 +2521,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -21762,7 +21762,7 @@ index 2589906..1ca1000 100644 intel_ds_init(); diff --git a/arch/x86/kernel/cpu/perf_event_intel_rapl.c b/arch/x86/kernel/cpu/perf_event_intel_rapl.c -index c4bb8b8..9f7384d 100644 +index 76d8cbe..e5f9681 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_rapl.c +++ b/arch/x86/kernel/cpu/perf_event_intel_rapl.c @@ -465,7 +465,7 @@ static struct attribute *rapl_events_hsw_attr[] = { @@ -25071,7 +25071,7 @@ index 05fd74f..c3548b1 100644 +EXPORT_SYMBOL(cpu_pgd); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index d5651fc..29c740d 100644 +index f341d56..d9b527b 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -68,7 +68,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -28646,10 +28646,10 @@ index cdc6cf9..e04f495 100644 if ((unsigned long)buf % 64 || fx_only) { u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 8a80737..bac4961 100644 +index 307f9ec..0d8aa91 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c -@@ -182,15 +182,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, +@@ -186,15 +186,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -28673,7 +28673,7 @@ index 8a80737..bac4961 100644 vcpu->arch.cpuid_nent = cpuid->nent; kvm_apic_set_version(vcpu); kvm_x86_ops->cpuid_update(vcpu); -@@ -203,15 +208,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, +@@ -207,15 +212,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, struct kvm_cpuid2 *cpuid, struct kvm_cpuid_entry2 __user *entries) { @@ -28723,7 +28723,7 @@ index 4ee827d..a14eff9 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index fd49c86..77e1aa0 100644 +index 6e6d115..43fecbf 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -343,7 +343,7 @@ retry_walk: @@ -28736,7 +28736,7 @@ index fd49c86..77e1aa0 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index cc618c8..3f72f76 100644 +index a4e62fc..fbbad55 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -3568,7 +3568,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) @@ -28763,7 +28763,7 @@ index cc618c8..3f72f76 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index a60bd3a..748e856 100644 +index 5318d64..ff5f7aa 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1440,12 +1440,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -28950,10 +28950,10 @@ index a60bd3a..748e856 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index e222ba5..6f0f2de 100644 +index 8838057..8f42ce3 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1897,8 +1897,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1895,8 +1895,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -28964,7 +28964,7 @@ index e222ba5..6f0f2de 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2835,6 +2835,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2833,6 +2833,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -28973,7 +28973,7 @@ index e222ba5..6f0f2de 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -5739,7 +5741,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5737,7 +5739,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -36707,7 +36707,7 @@ index 26eb70c..4d66ddf 100644 * Broken _BQC workaround http://bugzilla.kernel.org/show_bug.cgi?id=13121 */ diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 61a9c07..ea98fa1 100644 +index 287c4ba..6a600bc 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1252,7 +1252,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -36720,7 +36720,7 @@ index 61a9c07..ea98fa1 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 23dac3b..89ada44 100644 +index 87b4b7f..d876fbd 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -40508,10 +40508,10 @@ index 94a58a0..f5eba42 100644 container_of(_dev_attr, struct dmi_device_attribute, dev_attr) diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index 2eebd28b..4261350 100644 +index ccc2018..56a33c5 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c -@@ -893,7 +893,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), +@@ -894,7 +894,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), if (buf == NULL) return -1; @@ -42902,7 +42902,7 @@ index 17ae2eb..21b71dd 100644 int in_i = 1, temp_i = 1, curr_i = 1, humidity_i = 1; enum iio_chan_type type; diff --git a/drivers/hwmon/nct6683.c b/drivers/hwmon/nct6683.c -index f3830db..9f4d6d5 100644 +index 37f0170..414ec2c 100644 --- a/drivers/hwmon/nct6683.c +++ b/drivers/hwmon/nct6683.c @@ -397,11 +397,11 @@ static struct attribute_group * @@ -42921,7 +42921,7 @@ index f3830db..9f4d6d5 100644 int i, j, count; diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c -index 1be4117..88ae1e1 100644 +index 0773930..6f04305 100644 --- a/drivers/hwmon/nct6775.c +++ b/drivers/hwmon/nct6775.c @@ -952,10 +952,10 @@ static struct attribute_group * @@ -44245,10 +44245,10 @@ index 48882c1..93e0987 100644 CMD_SET_TYPE(cmd, CMD_COMPL_WAIT); } diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c -index a3adde6..988ee96 100644 +index bd6252b..0716605 100644 --- a/drivers/iommu/arm-smmu.c +++ b/drivers/iommu/arm-smmu.c -@@ -338,7 +338,7 @@ enum arm_smmu_domain_stage { +@@ -331,7 +331,7 @@ enum arm_smmu_domain_stage { struct arm_smmu_domain { struct arm_smmu_device *smmu; @@ -44257,7 +44257,7 @@ index a3adde6..988ee96 100644 spinlock_t pgtbl_lock; struct arm_smmu_cfg cfg; enum arm_smmu_domain_stage stage; -@@ -833,7 +833,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, +@@ -807,7 +807,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, { int irq, start, ret = 0; unsigned long ias, oas; @@ -44266,7 +44266,7 @@ index a3adde6..988ee96 100644 struct io_pgtable_cfg pgtbl_cfg; enum io_pgtable_fmt fmt; struct arm_smmu_domain *smmu_domain = domain->priv; -@@ -918,14 +918,16 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, +@@ -892,14 +892,16 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, }; smmu_domain->smmu = smmu; @@ -44286,7 +44286,7 @@ index a3adde6..988ee96 100644 /* Initialise the context bank with our page table cfg */ arm_smmu_init_context_bank(smmu_domain, &pgtbl_cfg); -@@ -946,7 +948,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, +@@ -920,7 +922,7 @@ static int arm_smmu_init_domain_context(struct iommu_domain *domain, mutex_unlock(&smmu_domain->init_mutex); /* Publish page table ops for map/unmap */ @@ -44295,7 +44295,7 @@ index a3adde6..988ee96 100644 return 0; out_clear_smmu: -@@ -979,8 +981,7 @@ static void arm_smmu_destroy_domain_context(struct iommu_domain *domain) +@@ -953,8 +955,7 @@ static void arm_smmu_destroy_domain_context(struct iommu_domain *domain) free_irq(irq, domain); } @@ -44305,7 +44305,7 @@ index a3adde6..988ee96 100644 __arm_smmu_free_bitmap(smmu->context_map, cfg->cbndx); } -@@ -1204,13 +1205,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova, +@@ -1178,13 +1179,13 @@ static int arm_smmu_map(struct iommu_domain *domain, unsigned long iova, int ret; unsigned long flags; struct arm_smmu_domain *smmu_domain = domain->priv; @@ -44322,7 +44322,7 @@ index a3adde6..988ee96 100644 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags); return ret; } -@@ -1221,13 +1222,13 @@ static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova, +@@ -1195,13 +1196,13 @@ static size_t arm_smmu_unmap(struct iommu_domain *domain, unsigned long iova, size_t ret; unsigned long flags; struct arm_smmu_domain *smmu_domain = domain->priv; @@ -44339,7 +44339,7 @@ index a3adde6..988ee96 100644 spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags); return ret; } -@@ -1238,7 +1239,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain, +@@ -1212,7 +1213,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain, struct arm_smmu_domain *smmu_domain = domain->priv; struct arm_smmu_device *smmu = smmu_domain->smmu; struct arm_smmu_cfg *cfg = &smmu_domain->cfg; @@ -44348,7 +44348,7 @@ index a3adde6..988ee96 100644 struct device *dev = smmu->dev; void __iomem *cb_base; u32 tmp; -@@ -1261,7 +1262,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain, +@@ -1235,7 +1236,7 @@ static phys_addr_t arm_smmu_iova_to_phys_hard(struct iommu_domain *domain, dev_err(dev, "iova to phys timed out on 0x%pad. Falling back to software table walk.\n", &iova); @@ -44357,7 +44357,7 @@ index a3adde6..988ee96 100644 } phys = readl_relaxed(cb_base + ARM_SMMU_CB_PAR_LO); -@@ -1282,9 +1283,9 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, +@@ -1256,9 +1257,9 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, phys_addr_t ret; unsigned long flags; struct arm_smmu_domain *smmu_domain = domain->priv; @@ -44369,7 +44369,7 @@ index a3adde6..988ee96 100644 return 0; spin_lock_irqsave(&smmu_domain->pgtbl_lock, flags); -@@ -1292,7 +1293,7 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, +@@ -1266,7 +1267,7 @@ static phys_addr_t arm_smmu_iova_to_phys(struct iommu_domain *domain, smmu_domain->stage == ARM_SMMU_DOMAIN_S1) { ret = arm_smmu_iova_to_phys_hard(domain, iova); } else { @@ -44378,7 +44378,7 @@ index a3adde6..988ee96 100644 } spin_unlock_irqrestore(&smmu_domain->pgtbl_lock, flags); -@@ -1651,7 +1652,9 @@ static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu) +@@ -1625,7 +1626,9 @@ static int arm_smmu_device_cfg_probe(struct arm_smmu_device *smmu) size |= SZ_64K | SZ_512M; } @@ -45246,7 +45246,7 @@ index 87f7dff..7300125 100644 { struct dsp_conf *conf; diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index 7dc93aa..9263d05 100644 +index 312ffd3..9263d05 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -96,9 +96,17 @@ static __init int map_switcher(void) @@ -45276,15 +45276,6 @@ index 7dc93aa..9263d05 100644 end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", -@@ -173,7 +181,7 @@ static void unmap_switcher(void) - bool lguest_address_ok(const struct lguest *lg, - unsigned long addr, unsigned long len) - { -- return (addr+len) / PAGE_SIZE < lg->pfn_limit && (addr+len >= addr); -+ return addr+len <= lg->pfn_limit * PAGE_SIZE && (addr+len >= addr); - } - - /* diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c index e3abebc9..6a35328 100644 --- a/drivers/lguest/page_tables.c @@ -45587,7 +45578,7 @@ index f8b37d4..5c5cafd 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 6554d91..b0221c2 100644 +index 757f1ba..bf9ec8f 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -303,7 +303,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -45622,7 +45613,7 @@ index 79f6941..b33b4e0 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 8001fe9..83c927d 100644 +index 9b4e30a..83c927d 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -188,9 +188,9 @@ struct mapped_device { @@ -45637,45 +45628,7 @@ index 8001fe9..83c927d 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1642,8 +1642,7 @@ static int dm_merge_bvec(struct request_queue *q, - struct mapped_device *md = q->queuedata; - struct dm_table *map = dm_get_live_table_fast(md); - struct dm_target *ti; -- sector_t max_sectors; -- int max_size = 0; -+ sector_t max_sectors, max_size = 0; - - if (unlikely(!map)) - goto out; -@@ -1658,8 +1657,16 @@ static int dm_merge_bvec(struct request_queue *q, - max_sectors = min(max_io_len(bvm->bi_sector, ti), - (sector_t) queue_max_sectors(q)); - max_size = (max_sectors << SECTOR_SHIFT) - bvm->bi_size; -- if (unlikely(max_size < 0)) /* this shouldn't _ever_ happen */ -- max_size = 0; -+ -+ /* -+ * FIXME: this stop-gap fix _must_ be cleaned up (by passing a sector_t -+ * to the targets' merge function since it holds sectors not bytes). -+ * Just doing this as an interim fix for stable@ because the more -+ * comprehensive cleanup of switching to sector_t will impact every -+ * DM target that implements a ->merge hook. -+ */ -+ if (max_size > INT_MAX) -+ max_size = INT_MAX; - - /* - * merge_bvec_fn() returns number of bytes -@@ -1667,7 +1674,7 @@ static int dm_merge_bvec(struct request_queue *q, - * max is precomputed maximal io size - */ - if (max_size && ti->type->merge) -- max_size = ti->type->merge(ti, bvm, biovec, max_size); -+ max_size = ti->type->merge(ti, bvm, biovec, (int) max_size); - /* - * If the target doesn't support merge method and some of the devices - * provided their merge_bvec method (we know this by looking for the -@@ -2163,8 +2170,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -2170,8 +2170,8 @@ static struct mapped_device *alloc_dev(int minor) spin_lock_init(&md->deferred_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -45686,7 +45639,7 @@ index 8001fe9..83c927d 100644 INIT_LIST_HEAD(&md->uevent_list); INIT_LIST_HEAD(&md->table_devices); spin_lock_init(&md->uevent_lock); -@@ -2329,7 +2336,7 @@ static void event_callback(void *context) +@@ -2336,7 +2336,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -45695,7 +45648,7 @@ index 8001fe9..83c927d 100644 wake_up(&md->eventq); } -@@ -3175,18 +3182,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -3182,18 +3182,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -45718,7 +45671,7 @@ index 8001fe9..83c927d 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index e47d1dd..ebc3480 100644 +index 907534b..8b3554e 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -191,10 +191,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev); @@ -45790,7 +45743,7 @@ index e47d1dd..ebc3480 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -7083,7 +7083,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -7085,7 +7085,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -45799,7 +45752,7 @@ index e47d1dd..ebc3480 100644 return 0; } if (v == (void*)2) { -@@ -7186,7 +7186,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7188,7 +7188,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -45808,7 +45761,7 @@ index e47d1dd..ebc3480 100644 return error; } -@@ -7203,7 +7203,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7205,7 +7205,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -45817,7 +45770,7 @@ index e47d1dd..ebc3480 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7250,7 +7250,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7252,7 +7252,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -45889,28 +45842,6 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ -diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c -index 3b5d7f7..903391c 100644 ---- a/drivers/md/raid0.c -+++ b/drivers/md/raid0.c -@@ -517,6 +517,9 @@ static void raid0_make_request(struct mddev *mddev, struct bio *bio) - ? (sector & (chunk_sects-1)) - : sector_div(sector, chunk_sects)); - -+ /* Restore due to sector_div */ -+ sector = bio->bi_iter.bi_sector; -+ - if (sectors < bio_sectors(bio)) { - split = bio_split(bio, sectors, GFP_NOIO, fs_bio_set); - bio_chain(split, bio); -@@ -524,7 +527,6 @@ static void raid0_make_request(struct mddev *mddev, struct bio *bio) - split = bio; - } - -- sector = bio->bi_iter.bi_sector; - zone = find_zone(mddev->private, §or); - tmp_dev = map_sector(mddev, zone, sector, §or); - split->bi_bdev = tmp_dev->bdev; diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index d34e238..34f8d98 100644 --- a/drivers/md/raid1.c @@ -45997,7 +45928,7 @@ index a7196c4..439f012 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index cd2f96b..3876e63 100644 +index 007ab86..d11593d 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -947,23 +947,23 @@ async_copy_data(int frombio, struct bio *bio, struct page **page, @@ -46053,7 +45984,7 @@ index cd2f96b..3876e63 100644 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); conf->active_name = 0; -@@ -2014,21 +2022,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2015,21 +2023,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -46079,7 +46010,7 @@ index cd2f96b..3876e63 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2056,7 +2064,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2057,7 +2065,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -50459,10 +50390,10 @@ index 0ffb6ff..c0b7f0e 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 69935aa..c1ca128 100644 +index cb72edb..242b24f 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1836,7 +1836,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1837,7 +1837,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -50471,7 +50402,7 @@ index 69935aa..c1ca128 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1857,7 +1857,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1858,7 +1858,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -53139,10 +53070,10 @@ index ae45bd9..c32a586 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 3290a3e..d65ac1c 100644 +index a661d33..1b693d4 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -3006,7 +3006,7 @@ static int sd_probe(struct device *dev) +@@ -2997,7 +2997,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -54321,7 +54252,7 @@ index 14c54e0..1efd4f2 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index c434376..114ce13 100644 +index bce16e4..1120a85 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1644,7 +1644,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -54343,7 +54274,7 @@ index c434376..114ce13 100644 dlci->modem_rx = 0; diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index cf6e0f2..4283167 100644 +index cc57a3a..b39622b 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -116,7 +116,7 @@ struct n_tty_data { @@ -54355,7 +54286,7 @@ index cf6e0f2..4283167 100644 size_t line_start; /* protected by output lock */ -@@ -2547,6 +2547,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2561,6 +2561,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -54365,10 +54296,10 @@ index cf6e0f2..4283167 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index e72ee62..d977ad9 100644 +index 4d5e840..a2340a6 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -848,8 +848,10 @@ static void __init unix98_pty_init(void) +@@ -849,8 +849,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -59462,10 +59393,10 @@ index 3c14e43..2630570 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c -index 2b8553b..e1a482b 100644 +index 3838795..0d48d61 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c -@@ -1564,7 +1564,7 @@ void xen_irq_resume(void) +@@ -1568,7 +1568,7 @@ void xen_irq_resume(void) restore_pirqs(); } @@ -59474,7 +59405,7 @@ index 2b8553b..e1a482b 100644 .name = "xen-dyn", .irq_disable = disable_dynirq, -@@ -1578,7 +1578,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { +@@ -1582,7 +1582,7 @@ static struct irq_chip xen_dynamic_chip __read_mostly = { .irq_retrigger = retrigger_dynirq, }; @@ -59483,7 +59414,7 @@ index 2b8553b..e1a482b 100644 .name = "xen-pirq", .irq_startup = startup_pirq, -@@ -1598,7 +1598,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { +@@ -1602,7 +1602,7 @@ static struct irq_chip xen_pirq_chip __read_mostly = { .irq_retrigger = retrigger_dynirq, }; @@ -66292,7 +66223,7 @@ index 4c55668..eeae150 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index d925f55..d31f527 100644 +index 8081aba..bd60d68 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -66913,15 +66844,10 @@ index d925f55..d31f527 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -925,12 +1364,21 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -925,6 +1364,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif -- total_size = total_mapping_size(elf_phdata, -- loc->elf_ex.e_phnum); -- if (!total_size) { -- error = -EINVAL; -- goto out_free_dentry; + +#ifdef CONFIG_PAX_RANDMMAP + /* PaX: randomize base address at the default exe base if requested */ @@ -66933,14 +66859,13 @@ index d925f55..d31f527 100644 +#endif + load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias); + elf_flags |= MAP_FIXED; - } ++ } +#endif + -+ total_size = total_mapping_size(elf_phdata, loc->elf_ex.e_phnum); - } - - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -962,9 +1410,9 @@ static int load_elf_binary(struct linux_binprm *bprm) + total_size = total_mapping_size(elf_phdata, + loc->elf_ex.e_phnum); + if (!total_size) { +@@ -962,9 +1415,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -66953,7 +66878,7 @@ index d925f55..d31f527 100644 /* set_brk can never work. Avoid overflows. */ retval = -EINVAL; goto out_free_dentry; -@@ -1000,16 +1448,43 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -1000,16 +1453,43 @@ static int load_elf_binary(struct linux_binprm *bprm) if (retval) goto out_free_dentry; if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -67002,7 +66927,7 @@ index d925f55..d31f527 100644 load_bias, interp_elf_phdata); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1237,7 +1712,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1237,7 +1717,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -67011,7 +66936,7 @@ index d925f55..d31f527 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1275,7 +1750,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1275,7 +1755,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -67020,7 +66945,7 @@ index d925f55..d31f527 100644 goto whole; /* -@@ -1482,9 +1957,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1482,9 +1962,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -67032,7 +66957,7 @@ index d925f55..d31f527 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1493,7 +1968,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1493,7 +1973,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -67041,7 +66966,7 @@ index d925f55..d31f527 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2213,7 +2688,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2213,7 +2693,7 @@ static int elf_core_dump(struct coredump_params *cprm) vma = next_vma(vma, gate_vma)) { unsigned long dump_size; @@ -67050,7 +66975,7 @@ index d925f55..d31f527 100644 vma_filesz[i++] = dump_size; vma_data_size += dump_size; } -@@ -2321,6 +2796,167 @@ out: +@@ -2321,6 +2801,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -68387,7 +68312,7 @@ index bbbe139..b76fae5 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index c71e373..05e38ae 100644 +index 922f23e..05e38ae 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -511,7 +511,7 @@ static void __dentry_kill(struct dentry *dentry) @@ -68507,24 +68432,6 @@ index c71e373..05e38ae 100644 d_lru_isolate(lru, dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1205,13 +1205,13 @@ ascend: - /* might go back up the wrong parent if we have had a rename. */ - if (need_seqretry(&rename_lock, seq)) - goto rename_retry; -- next = child->d_child.next; -- while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)) { -+ /* go into the first sibling still alive */ -+ do { -+ next = child->d_child.next; - if (next == &this_parent->d_subdirs) - goto ascend; - child = list_entry(next, struct dentry, d_child); -- next = next->next; -- } -+ } while (unlikely(child->d_flags & DCACHE_DENTRY_KILLED)); - rcu_read_unlock(); - goto resume; - } @@ -1336,7 +1336,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) } else { if (dentry->d_flags & DCACHE_LRU_LIST) @@ -68684,7 +68591,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 00400cf..b9d927b 100644 +index 1202445..3065053 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -68893,7 +68800,7 @@ index 00400cf..b9d927b 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -675,10 +721,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -68904,7 +68811,7 @@ index 00400cf..b9d927b 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -687,8 +729,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -690,8 +732,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -68933,7 +68840,7 @@ index 00400cf..b9d927b 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -707,13 +769,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -710,13 +772,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -68947,7 +68854,7 @@ index 00400cf..b9d927b 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -737,6 +792,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -740,6 +795,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -68975,7 +68882,7 @@ index 00400cf..b9d927b 100644 if (ret) ret = -EFAULT; -@@ -781,8 +857,10 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) +@@ -784,8 +860,10 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) if (err) goto exit; @@ -68987,7 +68894,7 @@ index 00400cf..b9d927b 100644 out: return file; -@@ -815,7 +893,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -818,7 +896,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -68996,7 +68903,7 @@ index 00400cf..b9d927b 100644 set_fs(old_fs); return result; } -@@ -860,6 +938,7 @@ static int exec_mmap(struct mm_struct *mm) +@@ -863,6 +941,7 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm = mm; tsk->active_mm = mm; activate_mm(active_mm, mm); @@ -69004,7 +68911,7 @@ index 00400cf..b9d927b 100644 tsk->mm->vmacache_seqnum = 0; vmacache_flush(tsk); task_unlock(tsk); -@@ -926,10 +1005,14 @@ static int de_thread(struct task_struct *tsk) +@@ -929,10 +1008,14 @@ static int de_thread(struct task_struct *tsk) if (!thread_group_leader(tsk)) { struct task_struct *leader = tsk->group_leader; @@ -69020,7 +68927,7 @@ index 00400cf..b9d927b 100644 if (likely(leader->exit_state)) break; __set_current_state(TASK_KILLABLE); -@@ -1258,7 +1341,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) +@@ -1261,7 +1344,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -69029,7 +68936,7 @@ index 00400cf..b9d927b 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; else p->fs->in_exec = 1; -@@ -1459,6 +1542,31 @@ static int exec_binprm(struct linux_binprm *bprm) +@@ -1462,6 +1545,31 @@ static int exec_binprm(struct linux_binprm *bprm) return ret; } @@ -69061,7 +68968,7 @@ index 00400cf..b9d927b 100644 /* * sys_execve() executes a new program. */ -@@ -1467,6 +1575,11 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1470,6 +1578,11 @@ static int do_execveat_common(int fd, struct filename *filename, struct user_arg_ptr envp, int flags) { @@ -69073,7 +68980,7 @@ index 00400cf..b9d927b 100644 char *pathbuf = NULL; struct linux_binprm *bprm; struct file *file; -@@ -1476,6 +1589,8 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1479,6 +1592,8 @@ static int do_execveat_common(int fd, struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); @@ -69082,7 +68989,7 @@ index 00400cf..b9d927b 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1513,6 +1628,11 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1516,6 +1631,11 @@ static int do_execveat_common(int fd, struct filename *filename, if (IS_ERR(file)) goto out_unmark; @@ -69094,7 +69001,7 @@ index 00400cf..b9d927b 100644 sched_exec(); bprm->file = file; -@@ -1539,6 +1659,11 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1542,6 +1662,11 @@ static int do_execveat_common(int fd, struct filename *filename, } bprm->interp = bprm->filename; @@ -69106,7 +69013,7 @@ index 00400cf..b9d927b 100644 retval = bprm_mm_init(bprm); if (retval) goto out_unmark; -@@ -1555,24 +1680,70 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1558,24 +1683,70 @@ static int do_execveat_common(int fd, struct filename *filename, if (retval < 0) goto out; @@ -69181,7 +69088,7 @@ index 00400cf..b9d927b 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1584,6 +1755,14 @@ static int do_execveat_common(int fd, struct filename *filename, +@@ -1587,6 +1758,14 @@ static int do_execveat_common(int fd, struct filename *filename, put_files_struct(displaced); return retval; @@ -69196,7 +69103,7 @@ index 00400cf..b9d927b 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1730,3 +1909,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, +@@ -1733,3 +1912,312 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd, argv, envp, flags); } #endif @@ -69931,7 +69838,7 @@ index ee85cd4..9dd0d20 100644 } EXPORT_SYMBOL(__f_setown); diff --git a/fs/fhandle.c b/fs/fhandle.c -index 999ff5c..2281df9 100644 +index d59712d..2281df9 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -8,6 +8,7 @@ @@ -69961,18 +69868,6 @@ index 999ff5c..2281df9 100644 retval = -EPERM; goto out_err; } -@@ -195,8 +195,9 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, - goto out_err; - } - /* copy the full handle */ -- if (copy_from_user(handle, ufh, -- sizeof(struct file_handle) + -+ *handle = f_handle; -+ if (copy_from_user(&handle->f_handle, -+ &ufh->f_handle, - f_handle.handle_bytes)) { - retval = -EFAULT; - goto out_handle; diff --git a/fs/file.c b/fs/file.c index ee738ea..f6c15629 100644 --- a/fs/file.c @@ -71858,7 +71753,7 @@ index 5d30c56..8c45372 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c -index 6acc964..eca491f 100644 +index 345b35f..da7e0da 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c @@ -182,7 +182,7 @@ struct kernfs_node *kernfs_get_parent(struct kernfs_node *kn) @@ -71870,7 +71765,7 @@ index 6acc964..eca491f 100644 { unsigned long hash = init_name_hash(); unsigned int len = strlen(name); -@@ -831,6 +831,12 @@ static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry, +@@ -838,6 +838,12 @@ static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry, ret = scops->mkdir(parent, dentry->d_name.name, mode); kernfs_put_active(parent); @@ -72653,7 +72548,7 @@ index 50a8583..44c470a 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 38ed1e1..8500e56 100644 +index 13b0f7b..1ee96e7 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1480,6 +1480,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -72694,7 +72589,7 @@ index 38ed1e1..8500e56 100644 { return sys_umount(name, 0); } -@@ -2670,6 +2676,16 @@ long do_mount(const char *dev_name, const char __user *dir_name, +@@ -2673,6 +2679,16 @@ long do_mount(const char *dev_name, const char __user *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -72711,7 +72606,7 @@ index 38ed1e1..8500e56 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2683,7 +2699,10 @@ long do_mount(const char *dev_name, const char __user *dir_name, +@@ -2686,7 +2702,10 @@ long do_mount(const char *dev_name, const char __user *dir_name, retval = do_new_mount(&path, type_page, flags, mnt_flags, dev_name, data_page); dput_out: @@ -72722,7 +72617,7 @@ index 38ed1e1..8500e56 100644 return retval; } -@@ -2701,7 +2720,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2704,7 +2723,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -72731,7 +72626,7 @@ index 38ed1e1..8500e56 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2717,7 +2736,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2720,7 +2739,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return ERR_PTR(ret); } new_ns->ns.ops = &mntns_operations; @@ -72740,7 +72635,7 @@ index 38ed1e1..8500e56 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2727,7 +2746,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2730,7 +2749,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -72749,7 +72644,7 @@ index 38ed1e1..8500e56 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2848,8 +2867,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2851,8 +2870,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -72760,7 +72655,7 @@ index 38ed1e1..8500e56 100644 { int ret; char *kernel_type; -@@ -2955,6 +2974,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2958,6 +2977,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -72772,7 +72667,7 @@ index 38ed1e1..8500e56 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3235,7 +3259,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns) +@@ -3238,7 +3262,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -73371,7 +73266,7 @@ index 44a3be1..5e97aa1 100644 } putname(tmp); diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index 5f0d199..13b74b9 100644 +index bf8537c..c16ef7d 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -172,7 +172,7 @@ void ovl_path_lower(struct dentry *dentry, struct path *path) @@ -89709,10 +89604,10 @@ index 667c311..abac2a7 100644 }; diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 51bd1e7..0486343 100644 +index eb6fafe..9360779 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h -@@ -34,6 +34,13 @@ struct vm_area_struct; +@@ -35,6 +35,13 @@ struct vm_area_struct; #define ___GFP_NO_KSWAPD 0x400000u #define ___GFP_OTHER_NODE 0x800000u #define ___GFP_WRITE 0x1000000u @@ -89726,7 +89621,7 @@ index 51bd1e7..0486343 100644 /* If the above are modified, __GFP_BITS_SHIFT may need updating */ /* -@@ -90,6 +97,7 @@ struct vm_area_struct; +@@ -92,6 +99,7 @@ struct vm_area_struct; #define __GFP_NO_KSWAPD ((__force gfp_t)___GFP_NO_KSWAPD) #define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE) /* On behalf of other node */ #define __GFP_WRITE ((__force gfp_t)___GFP_WRITE) /* Allocator intends to dirty page */ @@ -89734,7 +89629,7 @@ index 51bd1e7..0486343 100644 /* * This may seem redundant, but it's a way of annotating false positives vs. -@@ -97,7 +105,7 @@ struct vm_area_struct; +@@ -99,7 +107,7 @@ struct vm_area_struct; */ #define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK) @@ -89743,7 +89638,7 @@ index 51bd1e7..0486343 100644 #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1)) /* This equals 0, but use constants in case they ever change */ -@@ -152,6 +160,8 @@ struct vm_area_struct; +@@ -154,6 +162,8 @@ struct vm_area_struct; /* 4GB DMA on some platforms */ #define GFP_DMA32 __GFP_DMA32 @@ -91557,10 +91452,10 @@ index d12b210..d91fd76 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 6b08cc1..248c5e9 100644 +index f8994b4..c1dec7a 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -980,7 +980,7 @@ struct ata_port_operations { +@@ -989,7 +989,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -94163,7 +94058,7 @@ index ff307b5..f1a4468 100644 #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index 358a337..8829c1f 100644 +index 790752a..36d9b54 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -225,7 +225,7 @@ struct tty_port { @@ -96892,7 +96787,7 @@ index 29a7b2c..a64e30a 100644 list_for_each_entry(task, &cset->tasks, cg_list) { if (count++ > MAX_TASKS_SHOWN_PER_CSS) diff --git a/kernel/compat.c b/kernel/compat.c -index 24f0061..ea80802 100644 +index 24f0061..762ec00 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -97037,7 +96932,27 @@ index 24f0061..ea80802 100644 set_fs(oldfs); if ((err == -ERESTART_RESTARTBLOCK) && rmtp && -@@ -1145,7 +1146,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, +@@ -912,7 +913,8 @@ long compat_get_bitmap(unsigned long *mask, const compat_ulong_t __user *umask, + * bitmap. We must however ensure the end of the + * kernel bitmap is zeroed. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__get_user(um, umask)) + return -EFAULT; + } else { +@@ -954,7 +956,8 @@ long compat_put_bitmap(compat_ulong_t __user *umask, unsigned long *mask, + * We dont want to write past the end of the userspace + * bitmap. + */ +- if (nr_compat_longs-- > 0) { ++ if (nr_compat_longs) { ++ nr_compat_longs--; + if (__put_user(um, umask)) + return -EFAULT; + } +@@ -1145,7 +1148,7 @@ COMPAT_SYSCALL_DEFINE2(sched_rr_get_interval, mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -98846,7 +98761,7 @@ index 1d96dd0..994ff19 100644 default: diff --git a/kernel/module.c b/kernel/module.c -index ec53f59..67d9655 100644 +index 538794c..76d7957 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -59,6 +59,7 @@ @@ -99628,7 +99543,7 @@ index ec53f59..67d9655 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Ftrace init must be called in the MODULE_STATE_UNFORMED state */ -@@ -3373,11 +3540,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3376,11 +3543,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -99641,7 +99556,7 @@ index ec53f59..67d9655 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3390,7 +3556,8 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3393,7 +3559,8 @@ static int load_module(struct load_info *info, const char __user *uargs, mutex_unlock(&module_mutex); free_module: /* Free lock-classes; relies on the preceding sync_rcu() */ @@ -99651,7 +99566,7 @@ index ec53f59..67d9655 100644 module_deallocate(mod, info); free_copy: -@@ -3467,10 +3634,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3470,10 +3637,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -99671,7 +99586,7 @@ index ec53f59..67d9655 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3718,7 +3891,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3721,7 +3894,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -99680,7 +99595,7 @@ index ec53f59..67d9655 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3727,7 +3900,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3730,7 +3903,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading" : "Live"); /* Used by oprofile and other similar tools. */ @@ -99689,7 +99604,7 @@ index ec53f59..67d9655 100644 /* Taints info */ if (mod->taints) -@@ -3763,7 +3936,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3766,7 +3939,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -99707,7 +99622,7 @@ index ec53f59..67d9655 100644 return 0; } module_init(proc_modules_init); -@@ -3824,7 +4007,8 @@ struct module *__module_address(unsigned long addr) +@@ -3827,7 +4010,8 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -99717,7 +99632,7 @@ index ec53f59..67d9655 100644 return NULL; list_for_each_entry_rcu(mod, &modules, list) { -@@ -3865,11 +4049,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3868,11 +4052,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -101264,7 +101179,7 @@ index 8d0f35d..c16360d 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 3d5f6f6..a94298f 100644 +index f4da2cb..e44587b 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1862,7 +1862,7 @@ void set_numabalancing_state(bool enabled) @@ -101307,7 +101222,7 @@ index 3d5f6f6..a94298f 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3459,6 +3464,7 @@ recheck: +@@ -3462,6 +3467,7 @@ recheck: if (policy != p->policy && !rlim_rtprio) return -EPERM; @@ -101315,7 +101230,7 @@ index 3d5f6f6..a94298f 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4946,6 +4952,7 @@ void idle_task_exit(void) +@@ -4945,6 +4951,7 @@ void idle_task_exit(void) if (mm != &init_mm) { switch_mm(mm, &init_mm, current); @@ -101323,7 +101238,7 @@ index 3d5f6f6..a94298f 100644 finish_arch_post_lock_switch(); } mmdrop(mm); -@@ -5041,7 +5048,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -5040,7 +5047,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -101332,7 +101247,7 @@ index 3d5f6f6..a94298f 100644 { .procname = "sched_domain", .mode = 0555, -@@ -5058,17 +5065,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -5057,17 +5064,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -101354,7 +101269,7 @@ index 3d5f6f6..a94298f 100644 /* * In the intermediate directories, both the child directory and -@@ -5076,22 +5083,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -5075,22 +5082,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -101386,7 +101301,7 @@ index 3d5f6f6..a94298f 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -5111,7 +5121,7 @@ set_table_entry(struct ctl_table *entry, +@@ -5110,7 +5120,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -101395,7 +101310,7 @@ index 3d5f6f6..a94298f 100644 if (table == NULL) return NULL; -@@ -5149,9 +5159,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5148,9 +5158,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -101407,7 +101322,7 @@ index 3d5f6f6..a94298f 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5178,11 +5188,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5177,11 +5187,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -101422,7 +101337,7 @@ index 3d5f6f6..a94298f 100644 if (entry == NULL) return; -@@ -5205,8 +5217,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5204,8 +5216,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -102157,10 +102072,10 @@ index 1b001ed..55ef9e4 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index bee0c1f..a23fe2d 100644 +index 38f586c..14386a7 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c -@@ -1391,7 +1391,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1393,7 +1393,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -103970,7 +103885,7 @@ index e0af6ff..fcc9f15 100644 /* diff --git a/lib/strnlen_user.c b/lib/strnlen_user.c -index a28df52..02dccaa 100644 +index 1164961..02dccaa 100644 --- a/lib/strnlen_user.c +++ b/lib/strnlen_user.c @@ -26,7 +26,7 @@ @@ -103982,16 +103897,6 @@ index a28df52..02dccaa 100644 long align, res = 0; unsigned long c; -@@ -57,7 +57,8 @@ static inline long do_strnlen_user(const char __user *src, unsigned long count, - return res + find_zero(data) + 1 - align; - } - res += sizeof(unsigned long); -- if (unlikely(max < sizeof(unsigned long))) -+ /* We already handled 'unsigned long' bytes. Did we do it all ? */ -+ if (unlikely(max <= sizeof(unsigned long))) - break; - max -= sizeof(unsigned long); - if (unlikely(__get_user(c,(unsigned long __user *)(src+res)))) diff --git a/lib/swiotlb.c b/lib/swiotlb.c index 4abda07..b9d3765 100644 --- a/lib/swiotlb.c @@ -104514,10 +104419,10 @@ index a96da5b..42ebd54 100644 extern void set_pageblock_order(void); unsigned long reclaim_clean_pages_from_list(struct zone *zone, diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index 5405aff..483406d 100644 +index f0fe4f2..898208c 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c -@@ -365,7 +365,7 @@ static void print_unreferenced(struct seq_file *seq, +@@ -366,7 +366,7 @@ static void print_unreferenced(struct seq_file *seq, for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; @@ -104526,7 +104431,7 @@ index 5405aff..483406d 100644 } } -@@ -1911,7 +1911,7 @@ static int __init kmemleak_late_init(void) +@@ -1912,7 +1912,7 @@ static int __init kmemleak_late_init(void) return -ENOMEM; } @@ -105420,7 +105325,7 @@ index 97839f5..4bc5530 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index de5dc5e..68a4ea3 100644 +index 0f7d73b..737047f 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -703,6 +703,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -112400,6 +112305,34 @@ index b603002..0de5c88 100644 int ret; /* +diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c +index 98cc4cd..0768c4e 100644 +--- a/net/ipv6/addrconf_core.c ++++ b/net/ipv6/addrconf_core.c +@@ -133,6 +133,14 @@ static void snmp6_free_dev(struct inet6_dev *idev) + free_percpu(idev->stats.ipv6); + } + ++static void in6_dev_finish_destroy_rcu(struct rcu_head *head) ++{ ++ struct inet6_dev *idev = container_of(head, struct inet6_dev, rcu); ++ ++ snmp6_free_dev(idev); ++ kfree(idev); ++} ++ + /* Nobody refers to this device, we may destroy it. */ + + void in6_dev_finish_destroy(struct inet6_dev *idev) +@@ -151,7 +159,6 @@ void in6_dev_finish_destroy(struct inet6_dev *idev) + pr_warn("Freeing alive inet6 device %p\n", idev); + return; + } +- snmp6_free_dev(idev); +- kfree_rcu(idev, rcu); ++ call_rcu(&idev->rcu, in6_dev_finish_destroy_rcu); + } + EXPORT_SYMBOL(in6_dev_finish_destroy); diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index e8c4400..a4cd5da 100644 --- a/net/ipv6/af_inet6.c @@ -113354,7 +113287,7 @@ index dd4ff36..3462997 100644 if (local->use_chanctx) *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 8d53d65..a4ac794 100644 +index 81e8dc5..5b77c58 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -29,6 +29,7 @@ @@ -113365,7 +113298,7 @@ index 8d53d65..a4ac794 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -1126,7 +1127,7 @@ struct ieee80211_local { +@@ -1129,7 +1130,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; diff --git a/4.0.4/4425_grsec_remove_EI_PAX.patch b/4.0.5/4425_grsec_remove_EI_PAX.patch index a80a5d7..a80a5d7 100644 --- a/4.0.4/4425_grsec_remove_EI_PAX.patch +++ b/4.0.5/4425_grsec_remove_EI_PAX.patch diff --git a/4.0.4/4427_force_XATTR_PAX_tmpfs.patch b/4.0.5/4427_force_XATTR_PAX_tmpfs.patch index a789f0b..a789f0b 100644 --- a/4.0.4/4427_force_XATTR_PAX_tmpfs.patch +++ b/4.0.5/4427_force_XATTR_PAX_tmpfs.patch diff --git a/4.0.4/4430_grsec-remove-localversion-grsec.patch b/4.0.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/4.0.4/4430_grsec-remove-localversion-grsec.patch +++ b/4.0.5/4430_grsec-remove-localversion-grsec.patch diff --git a/4.0.4/4435_grsec-mute-warnings.patch b/4.0.5/4435_grsec-mute-warnings.patch index b7564e4..b7564e4 100644 --- a/4.0.4/4435_grsec-mute-warnings.patch +++ b/4.0.5/4435_grsec-mute-warnings.patch diff --git a/4.0.4/4440_grsec-remove-protected-paths.patch b/4.0.5/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/4.0.4/4440_grsec-remove-protected-paths.patch +++ b/4.0.5/4440_grsec-remove-protected-paths.patch diff --git a/4.0.4/4450_grsec-kconfig-default-gids.patch b/4.0.5/4450_grsec-kconfig-default-gids.patch index 61d903e..61d903e 100644 --- a/4.0.4/4450_grsec-kconfig-default-gids.patch +++ b/4.0.5/4450_grsec-kconfig-default-gids.patch diff --git a/4.0.4/4465_selinux-avc_audit-log-curr_ip.patch b/4.0.5/4465_selinux-avc_audit-log-curr_ip.patch index ba89596..ba89596 100644 --- a/4.0.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/4.0.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/4.0.4/4470_disable-compat_vdso.patch b/4.0.5/4470_disable-compat_vdso.patch index 7aefa02..7aefa02 100644 --- a/4.0.4/4470_disable-compat_vdso.patch +++ b/4.0.5/4470_disable-compat_vdso.patch diff --git a/4.0.4/4475_emutramp_default_on.patch b/4.0.5/4475_emutramp_default_on.patch index a128205..a128205 100644 --- a/4.0.4/4475_emutramp_default_on.patch +++ b/4.0.5/4475_emutramp_default_on.patch |