diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2011-12-12 14:51:09 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2011-12-12 14:51:09 -0500 |
| commit | 323e2d2349e86fc0cb24dbb18336b2af7b65fe2e (patch) | |
| tree | 97afae87c628f02c68c6c211a9c75cdd7585285b | |
| parent | Grsec/PaX: 2.2.2-2.6.32.49-201112082138 + 2.2.2-3.1.4-201112082139 (diff) | |
| download | hardened-patchset-323e2d2349e86fc0cb24dbb18336b2af7b65fe2e.tar.gz hardened-patchset-323e2d2349e86fc0cb24dbb18336b2af7b65fe2e.tar.bz2 hardened-patchset-323e2d2349e86fc0cb24dbb18336b2af7b65fe2e.zip | |
Grsec/PaX: 2.6.32.49-201112082138 + 2.2.2-3.1.5-201112101853
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch (renamed from 2.6.32/4420_grsecurity-2.2.2-2.6.32.49-201112082138.patch) | 1050 | ||||
| -rw-r--r-- | 3.1.5/0000_README (renamed from 3.1.4/0000_README) | 2 | ||||
| -rw-r--r-- | 3.1.5/1003_linux-3.1.4.patch (renamed from 3.1.4/1003_linux-3.1.4.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch (renamed from 3.1.4/4420_grsecurity-2.2.2-3.1.4-201112082139.patch) | 1031 | ||||
| -rw-r--r-- | 3.1.5/4421_grsec-remove-localversion-grsec.patch (renamed from 3.1.4/4421_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4422_grsec-mute-warnings.patch (renamed from 3.1.4/4422_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4423_grsec-remove-protected-paths.patch (renamed from 3.1.4/4423_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4425_grsec-pax-without-grsec.patch (renamed from 3.1.4/4425_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4430_grsec-kconfig-default-gids.patch (renamed from 3.1.4/4430_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4435_grsec-kconfig-gentoo.patch (renamed from 3.1.4/4435_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4437-grsec-kconfig-proc-user.patch (renamed from 3.1.4/4437-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4440_selinux-avc_audit-log-curr_ip.patch (renamed from 3.1.4/4440_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.1.5/4445_disable-compat_vdso.patch (renamed from 3.1.4/4445_disable-compat_vdso.patch) | 0 |
14 files changed, 1110 insertions, 975 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index c1c7356..60b9d80 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -3,7 +3,7 @@ README Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.2.2-2.6.32.49-201112082138.patch +Patch: 4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.2.2-2.6.32.49-201112082138.patch b/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch index 6bf32ae..bb97e13 100644 --- a/2.6.32/4420_grsecurity-2.2.2-2.6.32.49-201112082138.patch +++ b/2.6.32/4420_grsecurity-2.2.2-2.6.32.50-201112102010.patch @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index a19b0e8..f773d59 100644 +index f38986c..46a251b 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4827,13 +4827,13 @@ index 9ea271e..7b8a271 100644 { - unsigned long ret = ___copy_to_user(to, from, size); + unsigned long ret; -+ + + if ((long)size < 0 || size > INT_MAX) + return size; + + if (!__builtin_constant_p(size)) + check_object_size(from, size, true); - ++ + ret = ___copy_to_user(to, from, size); if (unlikely(ret)) ret = copy_to_user_fixup(to, from, size); @@ -10635,9 +10635,9 @@ index 8b5393e..8143173 100644 +#endif + } -- } - #endif -+ } ++#endif + } +-#endif } #define activate_mm(prev, next) \ @@ -10668,16 +10668,16 @@ index 3e2ce58..caaf478 100644 +#define MODULE_STACKSIZE "4KSTACKS " +#else +#define MODULE_STACKSIZE "" -+#endif -+ + #endif + +#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS +#define MODULE_PAX_KERNEXEC "KERNEXEC_BTS " +#elif defined(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR) +#define MODULE_PAX_KERNEXEC "KERNEXEC_OR " +#else +#define MODULE_PAX_KERNEXEC "" - #endif - ++#endif ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF +#define MODULE_PAX_UDEREF "UDEREF " +#else @@ -11204,14 +11204,15 @@ index 5e67c15..12d5c47 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index c57a301..312bdb4 100644 +index c57a301..6b414ff 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h -@@ -16,10 +16,13 @@ +@@ -16,10 +16,14 @@ extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; -+extern pud_t level3_vmalloc_pgt[512]; ++extern pud_t level3_vmalloc_start_pgt[512]; ++extern pud_t level3_vmalloc_end_pgt[512]; +extern pud_t level3_vmemmap_pgt[512]; +extern pud_t level2_vmemmap_pgt[512]; extern pmd_t level2_kernel_pgt[512]; @@ -11223,7 +11224,7 @@ index c57a301..312bdb4 100644 #define swapper_pg_dir init_level4_pgt -@@ -74,7 +77,9 @@ static inline pte_t native_ptep_get_and_clear(pte_t *xp) +@@ -74,7 +78,9 @@ static inline pte_t native_ptep_get_and_clear(pte_t *xp) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { @@ -11233,7 +11234,7 @@ index c57a301..312bdb4 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -94,6 +99,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -94,6 +100,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -12004,38 +12005,24 @@ index 19c3ce4..8962535 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -163,6 +157,23 @@ struct thread_info { +@@ -163,45 +157,40 @@ struct thread_info { #define alloc_thread_info(tsk) \ ((struct thread_info *)__get_free_pages(THREAD_FLAGS, THREAD_ORDER)) -+#ifdef __ASSEMBLY__ -+/* how to get the thread information struct from ASM */ -+#define GET_THREAD_INFO(reg) \ -+ mov PER_CPU_VAR(current_tinfo), reg -+ -+/* use this one if reg already contains %esp */ -+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) -+#else -+/* how to get the thread information struct from C */ -+DECLARE_PER_CPU(struct thread_info *, current_tinfo); -+ -+static __always_inline struct thread_info *current_thread_info(void) -+{ -+ return percpu_read_stable(current_tinfo); -+} -+#endif -+ - #ifdef CONFIG_X86_32 - - #define STACK_WARN (THREAD_SIZE/8) -@@ -173,35 +184,13 @@ struct thread_info { - */ - #ifndef __ASSEMBLY__ - +-#ifdef CONFIG_X86_32 +- +-#define STACK_WARN (THREAD_SIZE/8) +-/* +- * macros/functions for gaining access to the thread information structure +- * +- * preempt_count needs to be 1 initially, until the scheduler is functional. +- */ +-#ifndef __ASSEMBLY__ +- +- +-/* how to get the current stack pointer from C */ +-register unsigned long current_stack_pointer asm("esp") __used; - - /* how to get the current stack pointer from C */ - register unsigned long current_stack_pointer asm("esp") __used; - -/* how to get the thread information struct from C */ -static inline struct thread_info *current_thread_info(void) -{ @@ -12045,15 +12032,40 @@ index 19c3ce4..8962535 100644 - -#else /* !__ASSEMBLY__ */ - --/* how to get the thread information struct from ASM */ --#define GET_THREAD_INFO(reg) \ ++#ifdef __ASSEMBLY__ + /* how to get the thread information struct from ASM */ + #define GET_THREAD_INFO(reg) \ - movl $-THREAD_SIZE, reg; \ - andl %esp, reg -- --/* use this one if reg already contains %esp */ ++ mov PER_CPU_VAR(current_tinfo), reg + + /* use this one if reg already contains %esp */ -#define GET_THREAD_INFO_WITH_ESP(reg) \ - andl $-THREAD_SIZE, reg -- ++#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) ++#else ++/* how to get the thread information struct from C */ ++DECLARE_PER_CPU(struct thread_info *, current_tinfo); ++ ++static __always_inline struct thread_info *current_thread_info(void) ++{ ++ return percpu_read_stable(current_tinfo); ++} ++#endif ++ ++#ifdef CONFIG_X86_32 ++ ++#define STACK_WARN (THREAD_SIZE/8) ++/* ++ * macros/functions for gaining access to the thread information structure ++ * ++ * preempt_count needs to be 1 initially, until the scheduler is functional. ++ */ ++#ifndef __ASSEMBLY__ ++ ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("esp") __used; + #endif #else /* X86_32 */ @@ -12481,7 +12493,7 @@ index 632fb44..e30e334 100644 long count); long __must_check __strncpy_from_user(char *dst, diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index db24b21..72a9dfc 100644 +index db24b21..f595ae7 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -9,6 +9,9 @@ @@ -12494,19 +12506,24 @@ index db24b21..72a9dfc 100644 /* * Copy To/From Userspace -@@ -19,113 +22,203 @@ __must_check unsigned long - copy_user_generic(void *to, const void *from, unsigned len); +@@ -16,116 +19,205 @@ + + /* Handles exceptions in both to and from, but doesn't do access_ok */ + __must_check unsigned long +-copy_user_generic(void *to, const void *from, unsigned len); ++copy_user_generic(void *to, const void *from, unsigned long len); __must_check unsigned long -copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long - copy_in_user(void __user *to, const void __user *from, unsigned len); +-copy_in_user(void __user *to, const void __user *from, unsigned len); ++copy_in_user(void __user *to, const void __user *from, unsigned long len); static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) -+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size) ++unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) { - int ret = 0; + unsigned ret = 0; @@ -12515,7 +12532,7 @@ index db24b21..72a9dfc 100644 - if (!__builtin_constant_p(size)) - return copy_user_generic(dst, (__force void *)src, size); + -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12586,7 +12603,7 @@ index db24b21..72a9dfc 100644 static __always_inline __must_check -int __copy_to_user(void __user *dst, const void *src, unsigned size) -+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size) ++unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) { - int ret = 0; + unsigned ret = 0; @@ -12597,7 +12614,7 @@ index db24b21..72a9dfc 100644 + + pax_track_stack(); + -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12663,38 +12680,37 @@ index db24b21..72a9dfc 100644 +#endif + + return copy_user_generic((__force_kernel void *)dst, src, size); - } - } - - static __always_inline __must_check --int __copy_in_user(void __user *dst, const void __user *src, unsigned size) -+unsigned long copy_to_user(void __user *to, const void *from, unsigned len) - { -- int ret = 0; ++ } ++} ++ ++static __always_inline __must_check ++unsigned long copy_to_user(void __user *to, const void *from, unsigned long len) ++{ + if (access_ok(VERIFY_WRITE, to, len)) + len = __copy_to_user(to, from, len); + return len; +} + +static __always_inline __must_check -+unsigned long copy_from_user(void *to, const void __user *from, unsigned len) ++unsigned long copy_from_user(void *to, const void __user *from, unsigned long len) +{ -+ if ((int)len < 0) -+ return len; ++ might_fault(); + + if (access_ok(VERIFY_READ, from, len)) + len = __copy_from_user(to, from, len); -+ else if ((int)len > 0) { ++ else if (len < INT_MAX) { + if (!__builtin_constant_p(len)) + check_object_size(to, len, false); + memset(to, 0, len); -+ } + } + return len; -+} -+ -+static __always_inline __must_check -+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size) -+{ + } + + static __always_inline __must_check +-int __copy_in_user(void __user *dst, const void __user *src, unsigned size) ++unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) + { +- int ret = 0; + unsigned ret = 0; might_fault(); @@ -12704,7 +12720,7 @@ index db24b21..72a9dfc 100644 + + pax_track_stack(); + -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12734,7 +12750,7 @@ index db24b21..72a9dfc 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -134,7 +227,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -134,7 +226,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -12743,7 +12759,7 @@ index db24b21..72a9dfc 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -144,7 +237,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -144,7 +236,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -12752,7 +12768,7 @@ index db24b21..72a9dfc 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -153,7 +246,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -153,7 +245,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -12761,7 +12777,7 @@ index db24b21..72a9dfc 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -161,8 +254,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -161,8 +253,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -12780,18 +12796,18 @@ index db24b21..72a9dfc 100644 } } -@@ -176,33 +277,75 @@ __must_check long strlen_user(const char __user *str); +@@ -176,33 +276,75 @@ __must_check long strlen_user(const char __user *str); __must_check unsigned long clear_user(void __user *mem, unsigned long len); __must_check unsigned long __clear_user(void __user *mem, unsigned long len); -__must_check long __copy_from_user_inatomic(void *dst, const void __user *src, - unsigned size); +static __must_check __always_inline unsigned long -+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) ++__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) +{ + pax_track_stack(); + -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12799,6 +12815,7 @@ index db24b21..72a9dfc 100644 + return size; -static __must_check __always_inline int +-__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) + if ((unsigned long)src < PAX_USER_SHADOW_BASE) + src += PAX_USER_SHADOW_BASE; +#endif @@ -12807,10 +12824,10 @@ index db24b21..72a9dfc 100644 +} + +static __must_check __always_inline unsigned long - __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) ++__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) { - return copy_user_generic((__force void *)dst, src, size); -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12825,16 +12842,17 @@ index db24b21..72a9dfc 100644 } -extern long __copy_user_nocache(void *dst, const void __user *src, +- unsigned size, int zerorest); +extern unsigned long __copy_user_nocache(void *dst, const void __user *src, - unsigned size, int zerorest); ++ unsigned long size, int zerorest); -static inline int -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size) -+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned size) ++static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) { might_sleep(); + -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12847,10 +12865,11 @@ index db24b21..72a9dfc 100644 -static inline int -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, +- unsigned size) +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, - unsigned size) ++ unsigned long size) { -+ if ((int)size < 0) ++ if (size > INT_MAX) + return size; + +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -12864,7 +12883,7 @@ index db24b21..72a9dfc 100644 -unsigned long -copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest); +extern unsigned long -+copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest); ++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest); #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h @@ -15571,7 +15590,7 @@ index c097e7d..c689cf4 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 34a56a9..a4abbbe 100644 +index 34a56a9..a98c643 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -53,6 +53,8 @@ @@ -15930,6 +15949,17 @@ index 34a56a9..a4abbbe 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS +@@ -233,8 +517,8 @@ ENDPROC(native_usergs_sysret64) + .endm + + .macro UNFAKE_STACK_FRAME +- addq $8*6, %rsp +- CFI_ADJUST_CFA_OFFSET -(6*8) ++ addq $8*6 + ARG_SKIP, %rsp ++ CFI_ADJUST_CFA_OFFSET -(6*8 + ARG_SKIP) + .endm + + /* @@ -317,7 +601,7 @@ ENTRY(save_args) leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ @@ -16348,9 +16378,12 @@ index 34a56a9..a4abbbe 100644 .section __ex_table,"a" .align 8 -@@ -1195,9 +1564,10 @@ ENTRY(kernel_thread) +@@ -1193,11 +1562,12 @@ ENTRY(kernel_thread) + * of hacks for example to fork off the per-CPU idle tasks. + * [Hopefully no generic code relies on the reschedule -AK] */ - RESTORE_ALL +- RESTORE_ALL ++ RESTORE_REST UNFAKE_STACK_FRAME + pax_force_retaddr ret @@ -16376,9 +16409,11 @@ index 34a56a9..a4abbbe 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1243,9 +1614,10 @@ ENTRY(kernel_execve) +@@ -1241,11 +1612,11 @@ ENTRY(kernel_execve) + RESTORE_REST + testq %rax,%rax je int_ret_from_sys_call - RESTORE_ARGS +- RESTORE_ARGS UNFAKE_STACK_FRAME + pax_force_retaddr ret @@ -16388,7 +16423,7 @@ index 34a56a9..a4abbbe 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1263,9 +1635,10 @@ ENTRY(call_softirq) +@@ -1263,9 +1634,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -16400,7 +16435,7 @@ index 34a56a9..a4abbbe 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1303,7 +1676,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1303,7 +1675,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -16409,7 +16444,7 @@ index 34a56a9..a4abbbe 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1362,7 +1735,7 @@ ENTRY(xen_failsafe_callback) +@@ -1362,7 +1734,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16418,7 +16453,7 @@ index 34a56a9..a4abbbe 100644 #endif /* CONFIG_XEN */ -@@ -1405,16 +1778,31 @@ ENTRY(paranoid_exit) +@@ -1405,16 +1777,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16451,7 +16486,7 @@ index 34a56a9..a4abbbe 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1443,7 +1831,7 @@ paranoid_schedule: +@@ -1443,7 +1830,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16460,7 +16495,7 @@ index 34a56a9..a4abbbe 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1470,12 +1858,13 @@ ENTRY(error_entry) +@@ -1470,12 +1857,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16475,7 +16510,7 @@ index 34a56a9..a4abbbe 100644 ret CFI_ENDPROC -@@ -1497,7 +1886,7 @@ error_kernelspace: +@@ -1497,7 +1885,7 @@ error_kernelspace: cmpq $gs_change,RIP+8(%rsp) je error_swapgs jmp error_sti @@ -16484,7 +16519,7 @@ index 34a56a9..a4abbbe 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1517,7 +1906,7 @@ ENTRY(error_exit) +@@ -1517,7 +1905,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -16493,7 +16528,7 @@ index 34a56a9..a4abbbe 100644 /* runs on exception stack */ -@@ -1529,6 +1918,16 @@ ENTRY(nmi) +@@ -1529,6 +1917,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET 15*8 call save_paranoid DEFAULT_FRAME 0 @@ -16510,7 +16545,7 @@ index 34a56a9..a4abbbe 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1539,12 +1938,28 @@ ENTRY(nmi) +@@ -1539,12 +1937,28 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -16540,7 +16575,7 @@ index 34a56a9..a4abbbe 100644 jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1573,14 +1988,14 @@ nmi_schedule: +@@ -1573,14 +1987,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -17193,7 +17228,7 @@ index 34c3308..6fc4e76 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 780cd92..564ca35 100644 +index 780cd92..758b2a6 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -17205,22 +17240,25 @@ index 780cd92..564ca35 100644 #ifdef CONFIG_PARAVIRT #include <asm/asm-offsets.h> -@@ -38,6 +40,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET) +@@ -38,6 +40,12 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET) L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET) L4_START_KERNEL = pgd_index(__START_KERNEL_map) L3_START_KERNEL = pud_index(__START_KERNEL_map) +L4_VMALLOC_START = pgd_index(VMALLOC_START) +L3_VMALLOC_START = pud_index(VMALLOC_START) ++L4_VMALLOC_END = pgd_index(VMALLOC_END) ++L3_VMALLOC_END = pud_index(VMALLOC_END) +L4_VMEMMAP_START = pgd_index(VMEMMAP_START) +L3_VMEMMAP_START = pud_index(VMEMMAP_START) .text __HEAD -@@ -85,35 +91,22 @@ startup_64: +@@ -85,35 +93,23 @@ startup_64: */ addq %rbp, init_level4_pgt + 0(%rip) addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip) ++ addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip) addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip) @@ -17231,8 +17269,12 @@ index 780cd92..564ca35 100644 - addq %rbp, level3_kernel_pgt + (510*8)(%rip) - addq %rbp, level3_kernel_pgt + (511*8)(%rip) -- -- addq %rbp, level2_fixmap_pgt + (506*8)(%rip) ++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) ++ ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) + + addq %rbp, level2_fixmap_pgt + (506*8)(%rip) - - /* Add an Identity mapping if I am above 1G */ - leaq _text(%rip), %rdi @@ -17242,14 +17284,11 @@ index 780cd92..564ca35 100644 - shrq $PUD_SHIFT, %rax - andq $(PTRS_PER_PUD - 1), %rax - jz ident_complete -+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) - +- - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx - leaq level3_ident_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) - +- - movq %rdi, %rax - shrq $PMD_SHIFT, %rax - andq $(PTRS_PER_PMD - 1), %rax @@ -17257,12 +17296,11 @@ index 780cd92..564ca35 100644 - leaq level2_spare_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -ident_complete: -+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip) + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) /* * Fixup the kernel text+data virtual addresses. Note that -@@ -161,8 +154,8 @@ ENTRY(secondary_startup_64) +@@ -161,8 +157,8 @@ ENTRY(secondary_startup_64) * after the boot processor executes this code. */ @@ -17273,7 +17311,7 @@ index 780cd92..564ca35 100644 movq %rax, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -184,9 +177,15 @@ ENTRY(secondary_startup_64) +@@ -184,9 +180,16 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -17286,11 +17324,12 @@ index 780cd92..564ca35 100644 + btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi) +#endif + btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi) ++ btsq $_PAGE_BIT_NX, 8*L4_VMALLOC_END(%rdi) + btsq $_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi) 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -249,6 +248,7 @@ ENTRY(secondary_startup_64) +@@ -249,6 +252,7 @@ ENTRY(secondary_startup_64) * jump. In addition we need to ensure %cs is set so we make this * a far return. */ @@ -17298,7 +17337,7 @@ index 780cd92..564ca35 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -262,16 +262,16 @@ ENTRY(secondary_startup_64) +@@ -262,16 +266,16 @@ ENTRY(secondary_startup_64) .quad x86_64_start_kernel ENTRY(initial_gs) .quad INIT_PER_CPU_VAR(irq_stack_union) @@ -17317,7 +17356,7 @@ index 780cd92..564ca35 100644 #ifdef CONFIG_EARLY_PRINTK .globl early_idt_handlers early_idt_handlers: -@@ -316,18 +316,23 @@ ENTRY(early_idt_handler) +@@ -316,18 +320,23 @@ ENTRY(early_idt_handler) #endif /* EARLY_PRINTK */ 1: hlt jmp 1b @@ -17334,20 +17373,22 @@ index 780cd92..564ca35 100644 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" early_idt_ripmsg: .asciz "RIP %s\n" --#endif /* CONFIG_EARLY_PRINTK */ - .previous -+#endif /* CONFIG_EARLY_PRINTK */ ++ .previous + #endif /* CONFIG_EARLY_PRINTK */ +- .previous + .section .rodata,"a",@progbits #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -350,13 +355,36 @@ NEXT_PAGE(init_level4_pgt) +@@ -350,13 +359,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_VMALLOC_START*8, 0 -+ .quad level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE ++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE ++ .org init_level4_pgt + L4_VMALLOC_END*8, 0 ++ .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_VMEMMAP_START*8, 0 + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_START_KERNEL*8, 0 @@ -17370,7 +17411,10 @@ index 780cd92..564ca35 100644 + .fill 510,8,0 +#endif + -+NEXT_PAGE(level3_vmalloc_pgt) ++NEXT_PAGE(level3_vmalloc_start_pgt) ++ .fill 512,8,0 ++ ++NEXT_PAGE(level3_vmalloc_end_pgt) + .fill 512,8,0 + +NEXT_PAGE(level3_vmemmap_pgt) @@ -17379,7 +17423,7 @@ index 780cd92..564ca35 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -364,20 +392,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -364,20 +401,23 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -17411,7 +17455,7 @@ index 780cd92..564ca35 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -390,33 +421,55 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -390,33 +430,55 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -18307,10 +18351,10 @@ index 1b1739d..dea6077 100644 ret = paravirt_patch_ident_32(insnbuf, len); - else if (opfunc == _paravirt_ident_64) + else if (opfunc == (void *)_paravirt_ident_64) -+ ret = paravirt_patch_ident_64(insnbuf, len); + ret = paravirt_patch_ident_64(insnbuf, len); +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) + else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) - ret = paravirt_patch_ident_64(insnbuf, len); ++ ret = paravirt_patch_ident_64(insnbuf, len); +#endif else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || @@ -20441,15 +20485,14 @@ index d430e4c..831f817 100644 #define call_vrom_long_func(rom,func,arg) \ - (((VROMLONGFUNC *)(rom->func)) (arg)) -- --static struct vrom_header *vmi_rom; +({\ + u64 __reloc = ((VROMLONGFUNC *)(ktva_ktla(rom.func))) (arg);\ + struct vmi_relocation_info *const __rel = (struct vmi_relocation_info *)&__reloc;\ + __rel->eip = (unsigned char *)ktva_ktla((unsigned long)__rel->eip);\ + __reloc;\ +}) -+ + +-static struct vrom_header *vmi_rom; +static struct vrom_header vmi_rom __attribute((__section__(".vmi.rom"), __aligned__(PAGE_SIZE))); static int disable_pge; static int disable_pse; @@ -20687,7 +20730,8 @@ index 3c68fe2..12c8280 100644 - NOTES :text :note + . += __KERNEL_TEXT_OFFSET; -+ + +- EXCEPTION_TABLE(16) :text = 0x9090 +#ifdef CONFIG_X86_32 + . = ALIGN(PAGE_SIZE); + .vmi.rom : AT(ADDR(.vmi.rom) - LOAD_OFFSET) { @@ -20704,8 +20748,7 @@ index 3c68fe2..12c8280 100644 + . = ALIGN(HPAGE_SIZE); + MODULES_EXEC_END = . - 1; +#endif - -- EXCEPTION_TABLE(16) :text = 0x9090 ++ + } :module +#endif + @@ -22834,20 +22877,82 @@ index 36b0d15..d381858 100644 xor %eax,%eax EXIT diff --git a/arch/x86/lib/rwlock_64.S b/arch/x86/lib/rwlock_64.S -index 05ea55f..f81311a 100644 +index 05ea55f..6345b9a 100644 --- a/arch/x86/lib/rwlock_64.S +++ b/arch/x86/lib/rwlock_64.S -@@ -17,6 +17,7 @@ ENTRY(__write_lock_failed) +@@ -2,6 +2,7 @@ + + #include <linux/linkage.h> + #include <asm/rwlock.h> ++#include <asm/asm.h> + #include <asm/alternative-asm.h> + #include <asm/dwarf2.h> + +@@ -10,13 +11,34 @@ ENTRY(__write_lock_failed) + CFI_STARTPROC + LOCK_PREFIX + addl $RW_LOCK_BIAS,(%rdi) ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ jno 1234f ++ LOCK_PREFIX ++ subl $RW_LOCK_BIAS,(%rdi) ++ int $4 ++1234: ++ _ASM_EXTABLE(1234b, 1234b) ++#endif ++ + 1: rep + nop + cmpl $RW_LOCK_BIAS,(%rdi) + jne 1b LOCK_PREFIX subl $RW_LOCK_BIAS,(%rdi) ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ jno 1234f ++ LOCK_PREFIX ++ addl $RW_LOCK_BIAS,(%rdi) ++ int $4 ++1234: ++ _ASM_EXTABLE(1234b, 1234b) ++#endif ++ jnz __write_lock_failed + pax_force_retaddr ret CFI_ENDPROC END(__write_lock_failed) -@@ -33,6 +34,7 @@ ENTRY(__read_lock_failed) +@@ -26,13 +48,34 @@ ENTRY(__read_lock_failed) + CFI_STARTPROC + LOCK_PREFIX + incl (%rdi) ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ jno 1234f ++ LOCK_PREFIX ++ decl (%rdi) ++ int $4 ++1234: ++ _ASM_EXTABLE(1234b, 1234b) ++#endif ++ + 1: rep + nop + cmpl $1,(%rdi) + js 1b LOCK_PREFIX decl (%rdi) ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ jno 1234f ++ LOCK_PREFIX ++ incl (%rdi) ++ int $4 ++1234: ++ _ASM_EXTABLE(1234b, 1234b) ++#endif ++ js __read_lock_failed + pax_force_retaddr ret @@ -23529,7 +23634,7 @@ index 1f118d4..ec4a953 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..5ef0f95 100644 +index b7c2849..8633ad8 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -42,6 +42,12 @@ long @@ -23558,9 +23663,12 @@ index b7c2849..5ef0f95 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -151,10 +163,18 @@ EXPORT_SYMBOL(strlen_user); +@@ -149,12 +161,20 @@ long strlen_user(const char __user *s) + } + EXPORT_SYMBOL(strlen_user); - unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len) +-unsigned long copy_in_user(void __user *to, const void __user *from, unsigned len) ++unsigned long copy_in_user(void __user *to, const void __user *from, unsigned long len) { - if (access_ok(VERIFY_WRITE, to, len) && access_ok(VERIFY_READ, from, len)) { - return copy_user_generic((__force void *)to, (__force void *)from, len); @@ -23586,7 +23694,7 @@ index b7c2849..5ef0f95 100644 */ unsigned long -copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) -+copy_user_handle_tail(char __user *to, char __user *from, unsigned len, unsigned zerorest) ++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) { char c; unsigned zero_len; @@ -24052,7 +24160,7 @@ index 8ac0d76..3f191dc 100644 if (write) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -956,17 +1175,31 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -956,16 +1175,30 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -24061,7 +24169,11 @@ index 8ac0d76..3f191dc 100644 int write; int fault; -+ /* Get the faulting address: */ +- tsk = current; +- mm = tsk->mm; +- + /* Get the faulting address: */ +- address = read_cr2(); + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -24079,15 +24191,11 @@ index 8ac0d76..3f191dc 100644 + } +#endif + - tsk = current; - mm = tsk->mm; ++ tsk = current; ++ mm = tsk->mm; -- /* Get the faulting address: */ -- address = read_cr2(); -- /* * Detect and handle instructions that would cause a page fault for - * both a tracked kernel page and a userspace page. @@ -1026,7 +1259,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: @@ -26460,18 +26568,18 @@ index ee55754..0013b2e 100644 int clock_gettime(clockid_t, struct timespec *) __attribute__((weak, alias("__vdso_clock_gettime"))); --notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz) +notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz) - { - long ret; -- if (likely(gtod->sysctl_enabled && gtod->clock.vread)) { ++{ ++ long ret; + asm("syscall" : "=a" (ret) : + "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory"); + return ret; +} + -+notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz) -+{ + notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz) + { +- long ret; +- if (likely(gtod->sysctl_enabled && gtod->clock.vread)) { + if (likely(gtod->sysctl_enabled && + ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) || + (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])))) @@ -26792,30 +26900,32 @@ index 0087b00..eecb34f 100644 pgd = (pgd_t *)xen_start_info->pt_base; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3f90a2c..ee0d992 100644 +index 3f90a2c..2c2ad84 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1719,6 +1719,8 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1719,6 +1719,9 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, convert_pfn_mfn(init_level4_pgt); convert_pfn_mfn(level3_ident_pgt); convert_pfn_mfn(level3_kernel_pgt); -+ convert_pfn_mfn(level3_vmalloc_pgt); ++ convert_pfn_mfn(level3_vmalloc_start_pgt); ++ convert_pfn_mfn(level3_vmalloc_end_pgt); + convert_pfn_mfn(level3_vmemmap_pgt); l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1737,7 +1739,10 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1737,7 +1740,11 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); -+ set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO); ++ set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO); ++ set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO); + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1860,6 +1865,7 @@ static __init void xen_post_allocator_init(void) +@@ -1860,6 +1867,7 @@ static __init void xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -26823,7 +26933,7 @@ index 3f90a2c..ee0d992 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -1946,6 +1952,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initdata = { +@@ -1946,6 +1954,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initdata = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -37071,29 +37181,6 @@ index 46990bc..4a251b5 100644 - atomic_long_t flush_tlb_gru; - atomic_long_t flush_tlb_gru_tgh; - atomic_long_t flush_tlb_gru_zero_asid; -- -- atomic_long_t copy_gpa; -- -- atomic_long_t mesq_receive; -- atomic_long_t mesq_receive_none; -- atomic_long_t mesq_send; -- atomic_long_t mesq_send_failed; -- atomic_long_t mesq_noop; -- atomic_long_t mesq_send_unexpected_error; -- atomic_long_t mesq_send_lb_overflow; -- atomic_long_t mesq_send_qlimit_reached; -- atomic_long_t mesq_send_amo_nacked; -- atomic_long_t mesq_send_put_nacked; -- atomic_long_t mesq_qf_not_full; -- atomic_long_t mesq_qf_locked; -- atomic_long_t mesq_qf_noop_not_full; -- atomic_long_t mesq_qf_switch_head_failed; -- atomic_long_t mesq_qf_unexpected_error; -- atomic_long_t mesq_noop_unexpected_error; -- atomic_long_t mesq_noop_lb_overflow; -- atomic_long_t mesq_noop_qlimit_reached; -- atomic_long_t mesq_noop_amo_nacked; -- atomic_long_t mesq_noop_put_nacked; + atomic_long_unchecked_t vdata_alloc; + atomic_long_unchecked_t vdata_free; + atomic_long_unchecked_t gts_alloc; @@ -37149,9 +37236,30 @@ index 46990bc..4a251b5 100644 + atomic_long_unchecked_t flush_tlb_gru; + atomic_long_unchecked_t flush_tlb_gru_tgh; + atomic_long_unchecked_t flush_tlb_gru_zero_asid; -+ + +- atomic_long_t copy_gpa; + atomic_long_unchecked_t copy_gpa; -+ + +- atomic_long_t mesq_receive; +- atomic_long_t mesq_receive_none; +- atomic_long_t mesq_send; +- atomic_long_t mesq_send_failed; +- atomic_long_t mesq_noop; +- atomic_long_t mesq_send_unexpected_error; +- atomic_long_t mesq_send_lb_overflow; +- atomic_long_t mesq_send_qlimit_reached; +- atomic_long_t mesq_send_amo_nacked; +- atomic_long_t mesq_send_put_nacked; +- atomic_long_t mesq_qf_not_full; +- atomic_long_t mesq_qf_locked; +- atomic_long_t mesq_qf_noop_not_full; +- atomic_long_t mesq_qf_switch_head_failed; +- atomic_long_t mesq_qf_unexpected_error; +- atomic_long_t mesq_noop_unexpected_error; +- atomic_long_t mesq_noop_lb_overflow; +- atomic_long_t mesq_noop_qlimit_reached; +- atomic_long_t mesq_noop_amo_nacked; +- atomic_long_t mesq_noop_put_nacked; + atomic_long_unchecked_t mesq_receive; + atomic_long_unchecked_t mesq_receive_none; + atomic_long_unchecked_t mesq_send; @@ -41113,11 +41221,11 @@ index bc3e363..e1a8e50 100644 return errsts; memset(arr, 0, sizeof(arr)); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 1ae7b7c..0a44924 100644 +index 8df12522..c4c1472 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1384,7 +1384,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) - +@@ -1389,7 +1389,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) + shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; - atomic_inc(&cmd->device->iorequest_cnt); @@ -41125,7 +41233,7 @@ index 1ae7b7c..0a44924 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1415,9 +1415,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1420,9 +1420,9 @@ static void scsi_softirq_done(struct request *rq) */ cmd->serial_number = 0; @@ -41371,7 +41479,7 @@ index cda26bb..39fed3f 100644 .open = b3dfg_open, .release = b3dfg_release, diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c -index 80a1071..8c14e17 100644 +index 908f25a..c9a579b 100644 --- a/drivers/staging/comedi/comedi_fops.c +++ b/drivers/staging/comedi/comedi_fops.c @@ -1389,7 +1389,7 @@ void comedi_unmap(struct vm_area_struct *area) @@ -41994,10 +42102,10 @@ index 20cd7db..c2693ff 100644 diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index 8ed5206..92469e3 100644 +index 7fd76fe..673695a 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c -@@ -78,7 +78,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, +@@ -79,7 +79,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, usbip_uerr("cannot find a urb of seqnum %u\n", pdu->base.seqnum); usbip_uinfo("max seqnum %d\n", @@ -47449,7 +47557,7 @@ index fc1e048..28b3441 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index d27d4ec..8d0a444 100644 +index 95b82e8..12a538d 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -155,7 +155,7 @@ cifs_buf_get(void) @@ -49079,13 +49187,26 @@ index edd7434..0725e66 100644 -extern atomic_t fscache_n_op_gc; -extern atomic_t fscache_n_op_cancelled; -extern atomic_t fscache_n_op_rejected; -- ++extern atomic_unchecked_t fscache_n_op_pend; ++extern atomic_unchecked_t fscache_n_op_run; ++extern atomic_unchecked_t fscache_n_op_enqueue; ++extern atomic_unchecked_t fscache_n_op_deferred_release; ++extern atomic_unchecked_t fscache_n_op_release; ++extern atomic_unchecked_t fscache_n_op_gc; ++extern atomic_unchecked_t fscache_n_op_cancelled; ++extern atomic_unchecked_t fscache_n_op_rejected; + -extern atomic_t fscache_n_attr_changed; -extern atomic_t fscache_n_attr_changed_ok; -extern atomic_t fscache_n_attr_changed_nobufs; -extern atomic_t fscache_n_attr_changed_nomem; -extern atomic_t fscache_n_attr_changed_calls; -- ++extern atomic_unchecked_t fscache_n_attr_changed; ++extern atomic_unchecked_t fscache_n_attr_changed_ok; ++extern atomic_unchecked_t fscache_n_attr_changed_nobufs; ++extern atomic_unchecked_t fscache_n_attr_changed_nomem; ++extern atomic_unchecked_t fscache_n_attr_changed_calls; + -extern atomic_t fscache_n_allocs; -extern atomic_t fscache_n_allocs_ok; -extern atomic_t fscache_n_allocs_wait; @@ -49094,7 +49215,15 @@ index edd7434..0725e66 100644 -extern atomic_t fscache_n_allocs_object_dead; -extern atomic_t fscache_n_alloc_ops; -extern atomic_t fscache_n_alloc_op_waits; -- ++extern atomic_unchecked_t fscache_n_allocs; ++extern atomic_unchecked_t fscache_n_allocs_ok; ++extern atomic_unchecked_t fscache_n_allocs_wait; ++extern atomic_unchecked_t fscache_n_allocs_nobufs; ++extern atomic_unchecked_t fscache_n_allocs_intr; ++extern atomic_unchecked_t fscache_n_allocs_object_dead; ++extern atomic_unchecked_t fscache_n_alloc_ops; ++extern atomic_unchecked_t fscache_n_alloc_op_waits; + -extern atomic_t fscache_n_retrievals; -extern atomic_t fscache_n_retrievals_ok; -extern atomic_t fscache_n_retrievals_wait; @@ -49105,84 +49234,6 @@ index edd7434..0725e66 100644 -extern atomic_t fscache_n_retrievals_object_dead; -extern atomic_t fscache_n_retrieval_ops; -extern atomic_t fscache_n_retrieval_op_waits; -- --extern atomic_t fscache_n_stores; --extern atomic_t fscache_n_stores_ok; --extern atomic_t fscache_n_stores_again; --extern atomic_t fscache_n_stores_nobufs; --extern atomic_t fscache_n_stores_oom; --extern atomic_t fscache_n_store_ops; --extern atomic_t fscache_n_store_calls; --extern atomic_t fscache_n_store_pages; --extern atomic_t fscache_n_store_radix_deletes; --extern atomic_t fscache_n_store_pages_over_limit; -- --extern atomic_t fscache_n_store_vmscan_not_storing; --extern atomic_t fscache_n_store_vmscan_gone; --extern atomic_t fscache_n_store_vmscan_busy; --extern atomic_t fscache_n_store_vmscan_cancelled; -- --extern atomic_t fscache_n_marks; --extern atomic_t fscache_n_uncaches; -- --extern atomic_t fscache_n_acquires; --extern atomic_t fscache_n_acquires_null; --extern atomic_t fscache_n_acquires_no_cache; --extern atomic_t fscache_n_acquires_ok; --extern atomic_t fscache_n_acquires_nobufs; --extern atomic_t fscache_n_acquires_oom; -- --extern atomic_t fscache_n_updates; --extern atomic_t fscache_n_updates_null; --extern atomic_t fscache_n_updates_run; -- --extern atomic_t fscache_n_relinquishes; --extern atomic_t fscache_n_relinquishes_null; --extern atomic_t fscache_n_relinquishes_waitcrt; --extern atomic_t fscache_n_relinquishes_retire; -- --extern atomic_t fscache_n_cookie_index; --extern atomic_t fscache_n_cookie_data; --extern atomic_t fscache_n_cookie_special; -- --extern atomic_t fscache_n_object_alloc; --extern atomic_t fscache_n_object_no_alloc; --extern atomic_t fscache_n_object_lookups; --extern atomic_t fscache_n_object_lookups_negative; --extern atomic_t fscache_n_object_lookups_positive; --extern atomic_t fscache_n_object_lookups_timed_out; --extern atomic_t fscache_n_object_created; --extern atomic_t fscache_n_object_avail; --extern atomic_t fscache_n_object_dead; -- --extern atomic_t fscache_n_checkaux_none; --extern atomic_t fscache_n_checkaux_okay; --extern atomic_t fscache_n_checkaux_update; --extern atomic_t fscache_n_checkaux_obsolete; -+extern atomic_unchecked_t fscache_n_op_pend; -+extern atomic_unchecked_t fscache_n_op_run; -+extern atomic_unchecked_t fscache_n_op_enqueue; -+extern atomic_unchecked_t fscache_n_op_deferred_release; -+extern atomic_unchecked_t fscache_n_op_release; -+extern atomic_unchecked_t fscache_n_op_gc; -+extern atomic_unchecked_t fscache_n_op_cancelled; -+extern atomic_unchecked_t fscache_n_op_rejected; -+ -+extern atomic_unchecked_t fscache_n_attr_changed; -+extern atomic_unchecked_t fscache_n_attr_changed_ok; -+extern atomic_unchecked_t fscache_n_attr_changed_nobufs; -+extern atomic_unchecked_t fscache_n_attr_changed_nomem; -+extern atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+extern atomic_unchecked_t fscache_n_allocs; -+extern atomic_unchecked_t fscache_n_allocs_ok; -+extern atomic_unchecked_t fscache_n_allocs_wait; -+extern atomic_unchecked_t fscache_n_allocs_nobufs; -+extern atomic_unchecked_t fscache_n_allocs_intr; -+extern atomic_unchecked_t fscache_n_allocs_object_dead; -+extern atomic_unchecked_t fscache_n_alloc_ops; -+extern atomic_unchecked_t fscache_n_alloc_op_waits; -+ +extern atomic_unchecked_t fscache_n_retrievals; +extern atomic_unchecked_t fscache_n_retrievals_ok; +extern atomic_unchecked_t fscache_n_retrievals_wait; @@ -49193,7 +49244,17 @@ index edd7434..0725e66 100644 +extern atomic_unchecked_t fscache_n_retrievals_object_dead; +extern atomic_unchecked_t fscache_n_retrieval_ops; +extern atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-extern atomic_t fscache_n_stores; +-extern atomic_t fscache_n_stores_ok; +-extern atomic_t fscache_n_stores_again; +-extern atomic_t fscache_n_stores_nobufs; +-extern atomic_t fscache_n_stores_oom; +-extern atomic_t fscache_n_store_ops; +-extern atomic_t fscache_n_store_calls; +-extern atomic_t fscache_n_store_pages; +-extern atomic_t fscache_n_store_radix_deletes; +-extern atomic_t fscache_n_store_pages_over_limit; +extern atomic_unchecked_t fscache_n_stores; +extern atomic_unchecked_t fscache_n_stores_ok; +extern atomic_unchecked_t fscache_n_stores_again; @@ -49204,35 +49265,66 @@ index edd7434..0725e66 100644 +extern atomic_unchecked_t fscache_n_store_pages; +extern atomic_unchecked_t fscache_n_store_radix_deletes; +extern atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-extern atomic_t fscache_n_store_vmscan_not_storing; +-extern atomic_t fscache_n_store_vmscan_gone; +-extern atomic_t fscache_n_store_vmscan_busy; +-extern atomic_t fscache_n_store_vmscan_cancelled; +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; +extern atomic_unchecked_t fscache_n_store_vmscan_gone; +extern atomic_unchecked_t fscache_n_store_vmscan_busy; +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ + +-extern atomic_t fscache_n_marks; +-extern atomic_t fscache_n_uncaches; +extern atomic_unchecked_t fscache_n_marks; +extern atomic_unchecked_t fscache_n_uncaches; -+ + +-extern atomic_t fscache_n_acquires; +-extern atomic_t fscache_n_acquires_null; +-extern atomic_t fscache_n_acquires_no_cache; +-extern atomic_t fscache_n_acquires_ok; +-extern atomic_t fscache_n_acquires_nobufs; +-extern atomic_t fscache_n_acquires_oom; +extern atomic_unchecked_t fscache_n_acquires; +extern atomic_unchecked_t fscache_n_acquires_null; +extern atomic_unchecked_t fscache_n_acquires_no_cache; +extern atomic_unchecked_t fscache_n_acquires_ok; +extern atomic_unchecked_t fscache_n_acquires_nobufs; +extern atomic_unchecked_t fscache_n_acquires_oom; -+ + +-extern atomic_t fscache_n_updates; +-extern atomic_t fscache_n_updates_null; +-extern atomic_t fscache_n_updates_run; +extern atomic_unchecked_t fscache_n_updates; +extern atomic_unchecked_t fscache_n_updates_null; +extern atomic_unchecked_t fscache_n_updates_run; -+ + +-extern atomic_t fscache_n_relinquishes; +-extern atomic_t fscache_n_relinquishes_null; +-extern atomic_t fscache_n_relinquishes_waitcrt; +-extern atomic_t fscache_n_relinquishes_retire; +extern atomic_unchecked_t fscache_n_relinquishes; +extern atomic_unchecked_t fscache_n_relinquishes_null; +extern atomic_unchecked_t fscache_n_relinquishes_waitcrt; +extern atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-extern atomic_t fscache_n_cookie_index; +-extern atomic_t fscache_n_cookie_data; +-extern atomic_t fscache_n_cookie_special; +extern atomic_unchecked_t fscache_n_cookie_index; +extern atomic_unchecked_t fscache_n_cookie_data; +extern atomic_unchecked_t fscache_n_cookie_special; -+ + +-extern atomic_t fscache_n_object_alloc; +-extern atomic_t fscache_n_object_no_alloc; +-extern atomic_t fscache_n_object_lookups; +-extern atomic_t fscache_n_object_lookups_negative; +-extern atomic_t fscache_n_object_lookups_positive; +-extern atomic_t fscache_n_object_lookups_timed_out; +-extern atomic_t fscache_n_object_created; +-extern atomic_t fscache_n_object_avail; +-extern atomic_t fscache_n_object_dead; +extern atomic_unchecked_t fscache_n_object_alloc; +extern atomic_unchecked_t fscache_n_object_no_alloc; +extern atomic_unchecked_t fscache_n_object_lookups; @@ -49242,7 +49334,11 @@ index edd7434..0725e66 100644 +extern atomic_unchecked_t fscache_n_object_created; +extern atomic_unchecked_t fscache_n_object_avail; +extern atomic_unchecked_t fscache_n_object_dead; -+ + +-extern atomic_t fscache_n_checkaux_none; +-extern atomic_t fscache_n_checkaux_okay; +-extern atomic_t fscache_n_checkaux_update; +-extern atomic_t fscache_n_checkaux_obsolete; +extern atomic_unchecked_t fscache_n_checkaux_none; +extern atomic_unchecked_t fscache_n_checkaux_okay; +extern atomic_unchecked_t fscache_n_checkaux_update; @@ -49908,13 +50004,27 @@ index 46435f3..8cddf18 100644 -atomic_t fscache_n_op_gc; -atomic_t fscache_n_op_cancelled; -atomic_t fscache_n_op_rejected; -- ++atomic_unchecked_t fscache_n_op_pend; ++atomic_unchecked_t fscache_n_op_run; ++atomic_unchecked_t fscache_n_op_enqueue; ++atomic_unchecked_t fscache_n_op_requeue; ++atomic_unchecked_t fscache_n_op_deferred_release; ++atomic_unchecked_t fscache_n_op_release; ++atomic_unchecked_t fscache_n_op_gc; ++atomic_unchecked_t fscache_n_op_cancelled; ++atomic_unchecked_t fscache_n_op_rejected; + -atomic_t fscache_n_attr_changed; -atomic_t fscache_n_attr_changed_ok; -atomic_t fscache_n_attr_changed_nobufs; -atomic_t fscache_n_attr_changed_nomem; -atomic_t fscache_n_attr_changed_calls; -- ++atomic_unchecked_t fscache_n_attr_changed; ++atomic_unchecked_t fscache_n_attr_changed_ok; ++atomic_unchecked_t fscache_n_attr_changed_nobufs; ++atomic_unchecked_t fscache_n_attr_changed_nomem; ++atomic_unchecked_t fscache_n_attr_changed_calls; + -atomic_t fscache_n_allocs; -atomic_t fscache_n_allocs_ok; -atomic_t fscache_n_allocs_wait; @@ -49923,7 +50033,15 @@ index 46435f3..8cddf18 100644 -atomic_t fscache_n_allocs_object_dead; -atomic_t fscache_n_alloc_ops; -atomic_t fscache_n_alloc_op_waits; -- ++atomic_unchecked_t fscache_n_allocs; ++atomic_unchecked_t fscache_n_allocs_ok; ++atomic_unchecked_t fscache_n_allocs_wait; ++atomic_unchecked_t fscache_n_allocs_nobufs; ++atomic_unchecked_t fscache_n_allocs_intr; ++atomic_unchecked_t fscache_n_allocs_object_dead; ++atomic_unchecked_t fscache_n_alloc_ops; ++atomic_unchecked_t fscache_n_alloc_op_waits; + -atomic_t fscache_n_retrievals; -atomic_t fscache_n_retrievals_ok; -atomic_t fscache_n_retrievals_wait; @@ -49934,85 +50052,6 @@ index 46435f3..8cddf18 100644 -atomic_t fscache_n_retrievals_object_dead; -atomic_t fscache_n_retrieval_ops; -atomic_t fscache_n_retrieval_op_waits; -- --atomic_t fscache_n_stores; --atomic_t fscache_n_stores_ok; --atomic_t fscache_n_stores_again; --atomic_t fscache_n_stores_nobufs; --atomic_t fscache_n_stores_oom; --atomic_t fscache_n_store_ops; --atomic_t fscache_n_store_calls; --atomic_t fscache_n_store_pages; --atomic_t fscache_n_store_radix_deletes; --atomic_t fscache_n_store_pages_over_limit; -- --atomic_t fscache_n_store_vmscan_not_storing; --atomic_t fscache_n_store_vmscan_gone; --atomic_t fscache_n_store_vmscan_busy; --atomic_t fscache_n_store_vmscan_cancelled; -- --atomic_t fscache_n_marks; --atomic_t fscache_n_uncaches; -- --atomic_t fscache_n_acquires; --atomic_t fscache_n_acquires_null; --atomic_t fscache_n_acquires_no_cache; --atomic_t fscache_n_acquires_ok; --atomic_t fscache_n_acquires_nobufs; --atomic_t fscache_n_acquires_oom; -- --atomic_t fscache_n_updates; --atomic_t fscache_n_updates_null; --atomic_t fscache_n_updates_run; -- --atomic_t fscache_n_relinquishes; --atomic_t fscache_n_relinquishes_null; --atomic_t fscache_n_relinquishes_waitcrt; --atomic_t fscache_n_relinquishes_retire; -- --atomic_t fscache_n_cookie_index; --atomic_t fscache_n_cookie_data; --atomic_t fscache_n_cookie_special; -- --atomic_t fscache_n_object_alloc; --atomic_t fscache_n_object_no_alloc; --atomic_t fscache_n_object_lookups; --atomic_t fscache_n_object_lookups_negative; --atomic_t fscache_n_object_lookups_positive; --atomic_t fscache_n_object_lookups_timed_out; --atomic_t fscache_n_object_created; --atomic_t fscache_n_object_avail; --atomic_t fscache_n_object_dead; -- --atomic_t fscache_n_checkaux_none; --atomic_t fscache_n_checkaux_okay; --atomic_t fscache_n_checkaux_update; --atomic_t fscache_n_checkaux_obsolete; -+atomic_unchecked_t fscache_n_op_pend; -+atomic_unchecked_t fscache_n_op_run; -+atomic_unchecked_t fscache_n_op_enqueue; -+atomic_unchecked_t fscache_n_op_requeue; -+atomic_unchecked_t fscache_n_op_deferred_release; -+atomic_unchecked_t fscache_n_op_release; -+atomic_unchecked_t fscache_n_op_gc; -+atomic_unchecked_t fscache_n_op_cancelled; -+atomic_unchecked_t fscache_n_op_rejected; -+ -+atomic_unchecked_t fscache_n_attr_changed; -+atomic_unchecked_t fscache_n_attr_changed_ok; -+atomic_unchecked_t fscache_n_attr_changed_nobufs; -+atomic_unchecked_t fscache_n_attr_changed_nomem; -+atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+atomic_unchecked_t fscache_n_allocs; -+atomic_unchecked_t fscache_n_allocs_ok; -+atomic_unchecked_t fscache_n_allocs_wait; -+atomic_unchecked_t fscache_n_allocs_nobufs; -+atomic_unchecked_t fscache_n_allocs_intr; -+atomic_unchecked_t fscache_n_allocs_object_dead; -+atomic_unchecked_t fscache_n_alloc_ops; -+atomic_unchecked_t fscache_n_alloc_op_waits; -+ +atomic_unchecked_t fscache_n_retrievals; +atomic_unchecked_t fscache_n_retrievals_ok; +atomic_unchecked_t fscache_n_retrievals_wait; @@ -50023,7 +50062,17 @@ index 46435f3..8cddf18 100644 +atomic_unchecked_t fscache_n_retrievals_object_dead; +atomic_unchecked_t fscache_n_retrieval_ops; +atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-atomic_t fscache_n_stores; +-atomic_t fscache_n_stores_ok; +-atomic_t fscache_n_stores_again; +-atomic_t fscache_n_stores_nobufs; +-atomic_t fscache_n_stores_oom; +-atomic_t fscache_n_store_ops; +-atomic_t fscache_n_store_calls; +-atomic_t fscache_n_store_pages; +-atomic_t fscache_n_store_radix_deletes; +-atomic_t fscache_n_store_pages_over_limit; +atomic_unchecked_t fscache_n_stores; +atomic_unchecked_t fscache_n_stores_ok; +atomic_unchecked_t fscache_n_stores_again; @@ -50034,35 +50083,66 @@ index 46435f3..8cddf18 100644 +atomic_unchecked_t fscache_n_store_pages; +atomic_unchecked_t fscache_n_store_radix_deletes; +atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-atomic_t fscache_n_store_vmscan_not_storing; +-atomic_t fscache_n_store_vmscan_gone; +-atomic_t fscache_n_store_vmscan_busy; +-atomic_t fscache_n_store_vmscan_cancelled; +atomic_unchecked_t fscache_n_store_vmscan_not_storing; +atomic_unchecked_t fscache_n_store_vmscan_gone; +atomic_unchecked_t fscache_n_store_vmscan_busy; +atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ + +-atomic_t fscache_n_marks; +-atomic_t fscache_n_uncaches; +atomic_unchecked_t fscache_n_marks; +atomic_unchecked_t fscache_n_uncaches; -+ + +-atomic_t fscache_n_acquires; +-atomic_t fscache_n_acquires_null; +-atomic_t fscache_n_acquires_no_cache; +-atomic_t fscache_n_acquires_ok; +-atomic_t fscache_n_acquires_nobufs; +-atomic_t fscache_n_acquires_oom; +atomic_unchecked_t fscache_n_acquires; +atomic_unchecked_t fscache_n_acquires_null; +atomic_unchecked_t fscache_n_acquires_no_cache; +atomic_unchecked_t fscache_n_acquires_ok; +atomic_unchecked_t fscache_n_acquires_nobufs; +atomic_unchecked_t fscache_n_acquires_oom; -+ + +-atomic_t fscache_n_updates; +-atomic_t fscache_n_updates_null; +-atomic_t fscache_n_updates_run; +atomic_unchecked_t fscache_n_updates; +atomic_unchecked_t fscache_n_updates_null; +atomic_unchecked_t fscache_n_updates_run; -+ + +-atomic_t fscache_n_relinquishes; +-atomic_t fscache_n_relinquishes_null; +-atomic_t fscache_n_relinquishes_waitcrt; +-atomic_t fscache_n_relinquishes_retire; +atomic_unchecked_t fscache_n_relinquishes; +atomic_unchecked_t fscache_n_relinquishes_null; +atomic_unchecked_t fscache_n_relinquishes_waitcrt; +atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-atomic_t fscache_n_cookie_index; +-atomic_t fscache_n_cookie_data; +-atomic_t fscache_n_cookie_special; +atomic_unchecked_t fscache_n_cookie_index; +atomic_unchecked_t fscache_n_cookie_data; +atomic_unchecked_t fscache_n_cookie_special; -+ + +-atomic_t fscache_n_object_alloc; +-atomic_t fscache_n_object_no_alloc; +-atomic_t fscache_n_object_lookups; +-atomic_t fscache_n_object_lookups_negative; +-atomic_t fscache_n_object_lookups_positive; +-atomic_t fscache_n_object_lookups_timed_out; +-atomic_t fscache_n_object_created; +-atomic_t fscache_n_object_avail; +-atomic_t fscache_n_object_dead; +atomic_unchecked_t fscache_n_object_alloc; +atomic_unchecked_t fscache_n_object_no_alloc; +atomic_unchecked_t fscache_n_object_lookups; @@ -50072,7 +50152,11 @@ index 46435f3..8cddf18 100644 +atomic_unchecked_t fscache_n_object_created; +atomic_unchecked_t fscache_n_object_avail; +atomic_unchecked_t fscache_n_object_dead; -+ + +-atomic_t fscache_n_checkaux_none; +-atomic_t fscache_n_checkaux_okay; +-atomic_t fscache_n_checkaux_update; +-atomic_t fscache_n_checkaux_obsolete; +atomic_unchecked_t fscache_n_checkaux_none; +atomic_unchecked_t fscache_n_checkaux_okay; +atomic_unchecked_t fscache_n_checkaux_update; @@ -50837,33 +50921,33 @@ diff --git a/fs/namei.c b/fs/namei.c index b0afbd4..8d065a1 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -224,14 +224,6 @@ int generic_permission(struct inode *inode, int mask, +@@ -224,6 +224,14 @@ int generic_permission(struct inode *inode, int mask, return ret; /* -- * Read/write DACs are always overridable. -- * Executable DACs are overridable if at least one exec bit is set. -- */ -- if (!(mask & MAY_EXEC) || execute_ok(inode)) -- if (capable(CAP_DAC_OVERRIDE)) -- return 0; -- -- /* - * Searching includes executable on directories, else just read. - */ - mask &= MAY_READ | MAY_WRITE | MAY_EXEC; -@@ -239,6 +231,14 @@ int generic_permission(struct inode *inode, int mask, - if (capable(CAP_DAC_READ_SEARCH)) - return 0; - -+ /* -+ * Read/write DACs are always overridable. -+ * Executable DACs are overridable if at least one exec bit is set. ++ * Searching includes executable on directories, else just read. + */ -+ if (!(mask & MAY_EXEC) || execute_ok(inode)) -+ if (capable(CAP_DAC_OVERRIDE)) ++ mask &= MAY_READ | MAY_WRITE | MAY_EXEC; ++ if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) ++ if (capable(CAP_DAC_READ_SEARCH)) + return 0; + ++ /* + * Read/write DACs are always overridable. + * Executable DACs are overridable if at least one exec bit is set. + */ +@@ -231,14 +239,6 @@ int generic_permission(struct inode *inode, int mask, + if (capable(CAP_DAC_OVERRIDE)) + return 0; + +- /* +- * Searching includes executable on directories, else just read. +- */ +- mask &= MAY_READ | MAY_WRITE | MAY_EXEC; +- if (mask == MAY_READ || (S_ISDIR(inode->i_mode) && !(mask & MAY_WRITE))) +- if (capable(CAP_DAC_READ_SEARCH)) +- return 0; +- return -EACCES; } @@ -51938,6 +52022,31 @@ index 4f01e06..091f6c3 100644 if (IS_ERR(f)) { put_unused_fd(fd); fd = PTR_ERR(f); +diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c +index 6ab70f4..f4103d1 100644 +--- a/fs/partitions/efi.c ++++ b/fs/partitions/efi.c +@@ -231,14 +231,14 @@ alloc_read_gpt_entries(struct block_device *bdev, gpt_header *gpt) + if (!bdev || !gpt) + return NULL; + ++ if (!le32_to_cpu(gpt->num_partition_entries)) ++ return NULL; ++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); ++ if (!pte) ++ return NULL; ++ + count = le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte = kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- + if (read_lba(bdev, le64_to_cpu(gpt->partition_entry_lba), + (u8 *) pte, + count) < count) { diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c index dd6efdb..3babc6c 100644 --- a/fs/partitions/ldm.c @@ -51967,12 +52076,15 @@ index 5765198..7f8e9e0 100644 return 0; /* not a MacOS disk */ } blocks_in_map = be32_to_cpu(part->map_count); -+ printk(" [mac]"); - if (blocks_in_map < 0 || blocks_in_map >= DISK_MAX_PARTS) { - put_dev_sector(sect); - return 0; - } -- printk(" [mac]"); +- if (blocks_in_map < 0 || blocks_in_map >= DISK_MAX_PARTS) { +- put_dev_sector(sect); +- return 0; +- } + printk(" [mac]"); ++ if (blocks_in_map < 0 || blocks_in_map >= DISK_MAX_PARTS) { ++ put_dev_sector(sect); ++ return 0; ++ } for (slot = 1; slot <= blocks_in_map; ++slot) { int pos = slot * secsize; put_dev_sector(sect); @@ -52824,7 +52936,9 @@ index b442dac..aab29cb 100644 } else { if (kern_addr_valid(start)) { - unsigned long n; -- ++ char *elf_buf; ++ mm_segment_t oldfs; + - n = copy_to_user(buffer, (char *)start, tsz); - /* - * We cannot distingush between fault on source @@ -52835,9 +52949,6 @@ index b442dac..aab29cb 100644 - if (n) { - if (clear_user(buffer + tsz - n, - n)) -+ char *elf_buf; -+ mm_segment_t oldfs; -+ + elf_buf = kmalloc(tsz, GFP_KERNEL); + if (!elf_buf) + return -ENOMEM; @@ -64478,6 +64589,34 @@ index b7babf0..a9ac9fc 100644 +#endif + #endif /* _ASM_GENERIC_ATOMIC_LONG_H */ +diff --git a/include/asm-generic/atomic64.h b/include/asm-generic/atomic64.h +index b18ce4f..2ee2843 100644 +--- a/include/asm-generic/atomic64.h ++++ b/include/asm-generic/atomic64.h +@@ -16,6 +16,8 @@ typedef struct { + long long counter; + } atomic64_t; + ++typedef atomic64_t atomic64_unchecked_t; ++ + #define ATOMIC64_INIT(i) { (i) } + + extern long long atomic64_read(const atomic64_t *v); +@@ -39,4 +41,14 @@ extern int atomic64_add_unless(atomic64_t *v, long long a, long long u); + #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0) + #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL) + ++#define atomic64_read_unchecked(v) atomic64_read(v) ++#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) ++#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) ++#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) ++#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) ++#define atomic64_inc_unchecked(v) atomic64_inc(v) ++#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) ++#define atomic64_dec_unchecked(v) atomic64_dec(v) ++#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) ++ + #endif /* _ASM_GENERIC_ATOMIC64_H */ diff --git a/include/asm-generic/bug.h b/include/asm-generic/bug.h index d48ddf0..656a0ac 100644 --- a/include/asm-generic/bug.h @@ -65595,7 +65734,9 @@ index 1b9a47a..6fe2934 100644 struct super_operations { - struct inode *(*alloc_inode)(struct super_block *sb); - void (*destroy_inode)(struct inode *); -- ++ struct inode *(* const alloc_inode)(struct super_block *sb); ++ void (* const destroy_inode)(struct inode *); + - void (*dirty_inode) (struct inode *); - int (*write_inode) (struct inode *, int); - void (*drop_inode) (struct inode *); @@ -65609,12 +65750,6 @@ index 1b9a47a..6fe2934 100644 - int (*remount_fs) (struct super_block *, int *, char *); - void (*clear_inode) (struct inode *); - void (*umount_begin) (struct super_block *); -- -- int (*show_options)(struct seq_file *, struct vfsmount *); -- int (*show_stats)(struct seq_file *, struct vfsmount *); -+ struct inode *(* const alloc_inode)(struct super_block *sb); -+ void (* const destroy_inode)(struct inode *); -+ + void (* const dirty_inode) (struct inode *); + int (* const write_inode) (struct inode *, int); + void (* const drop_inode) (struct inode *); @@ -65628,7 +65763,9 @@ index 1b9a47a..6fe2934 100644 + int (* const remount_fs) (struct super_block *, int *, char *); + void (* const clear_inode) (struct inode *); + void (* const umount_begin) (struct super_block *); -+ + +- int (*show_options)(struct seq_file *, struct vfsmount *); +- int (*show_stats)(struct seq_file *, struct vfsmount *); + int (* const show_options)(struct seq_file *, struct vfsmount *); + int (* const show_stats)(struct seq_file *, struct vfsmount *); #ifdef CONFIG_QUOTA @@ -71939,9 +72076,12 @@ index 4b270e6..2226274 100644 - if (!ptr && mod->init_size) { + kmemleak_not_leak(ptr); + if (!ptr && mod->init_size_rw) { -+ err = -ENOMEM; + err = -ENOMEM; +- goto free_core; + goto free_core_rw; -+ } + } +- memset(ptr, 0, mod->init_size); +- mod->module_init = ptr; + memset(ptr, 0, mod->init_size_rw); + mod->module_init_rw = ptr; + @@ -71960,12 +72100,9 @@ index 4b270e6..2226274 100644 + ptr = module_alloc_update_bounds_rx(mod->init_size_rx); + kmemleak_not_leak(ptr); + if (!ptr && mod->init_size_rx) { - err = -ENOMEM; -- goto free_core; ++ err = -ENOMEM; + goto free_core_rx; - } -- memset(ptr, 0, mod->init_size); -- mod->module_init = ptr; ++ } + + pax_open_kernel(); + memset(ptr, 0, mod->init_size_rx); @@ -74335,7 +74472,7 @@ index 33df60e..ca768bd 100644 #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ) return (USEC_PER_SEC / HZ) * j; diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index 8917fd3..5f0ead6 100644 +index 57b953f..06f149f 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) @@ -74348,7 +74485,7 @@ index 8917fd3..5f0ead6 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 1d1206a..08a7c2f 100644 +index 4a71cff..ffb5548 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -74368,7 +74505,7 @@ index 1d1206a..08a7c2f 100644 } /* must hold xtime_lock */ -@@ -333,6 +334,8 @@ int do_settimeofday(struct timespec *tv) +@@ -337,6 +338,8 @@ int do_settimeofday(struct timespec *tv) if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC) return -EINVAL; @@ -76233,12 +76370,12 @@ index 2d846cf..98134d2 100644 for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { - unsigned int newflags; + unsigned long newflags; -+ + +#ifdef CONFIG_PAX_SEGMEXEC + if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) + break; +#endif - ++ + BUG_ON(vma->vm_end > TASK_SIZE); newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) @@ -77195,8 +77332,8 @@ index 4b80cbf..c5ce1df 100644 * Jeremy Fitzhardinge <jeremy@goop.org> */ +#ifdef CONFIG_PAX_SEGMEXEC -+int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) -+{ + int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) + { + int ret = __do_munmap(mm, start, len); + if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC)) + return ret; @@ -77206,9 +77343,9 @@ index 4b80cbf..c5ce1df 100644 + +int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#else - int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) ++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +#endif - { ++{ unsigned long end; struct vm_area_struct *vma, *prev, *last; @@ -78823,7 +78960,7 @@ index b377ce4..3a891af 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index f34ffd0..28e94b7 100644 +index f34ffd0..e60c44f 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -78978,21 +79115,22 @@ index f34ffd0..28e94b7 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1594,6 +1651,13 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1594,6 +1651,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) return NULL; +#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC, -+ VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); ++ VMALLOC_START, VMALLOC_END, node, ++ gfp_mask, caller); + else +#endif + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); -@@ -1619,6 +1683,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1619,6 +1684,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, return addr; } @@ -79000,7 +79138,7 @@ index f34ffd0..28e94b7 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1635,6 +1700,7 @@ EXPORT_SYMBOL(__vmalloc); +@@ -1635,6 +1701,7 @@ EXPORT_SYMBOL(__vmalloc); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -79008,7 +79146,7 @@ index f34ffd0..28e94b7 100644 void *vmalloc(unsigned long size) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1649,6 +1715,7 @@ EXPORT_SYMBOL(vmalloc); +@@ -1649,6 +1716,7 @@ EXPORT_SYMBOL(vmalloc); * The resulting memory area is zeroed so it can be mapped to userspace * without leaking data. */ @@ -79016,7 +79154,7 @@ index f34ffd0..28e94b7 100644 void *vmalloc_user(unsigned long size) { struct vm_struct *area; -@@ -1676,6 +1743,7 @@ EXPORT_SYMBOL(vmalloc_user); +@@ -1676,6 +1744,7 @@ EXPORT_SYMBOL(vmalloc_user); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -79024,7 +79162,7 @@ index f34ffd0..28e94b7 100644 void *vmalloc_node(unsigned long size, int node) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1698,10 +1766,10 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1698,10 +1767,10 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -79037,7 +79175,7 @@ index f34ffd0..28e94b7 100644 -1, __builtin_return_address(0)); } -@@ -1720,6 +1788,7 @@ void *vmalloc_exec(unsigned long size) +@@ -1720,6 +1789,7 @@ void *vmalloc_exec(unsigned long size) * Allocate enough 32bit PA addressable pages to cover @size from the * page level allocator and map them into contiguous kernel virtual space. */ @@ -79045,7 +79183,7 @@ index f34ffd0..28e94b7 100644 void *vmalloc_32(unsigned long size) { return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1734,6 +1803,7 @@ EXPORT_SYMBOL(vmalloc_32); +@@ -1734,6 +1804,7 @@ EXPORT_SYMBOL(vmalloc_32); * The resulting memory area is 32bit addressable and zeroed so it can be * mapped to userspace without leaking data. */ @@ -79053,7 +79191,7 @@ index f34ffd0..28e94b7 100644 void *vmalloc_32_user(unsigned long size) { struct vm_struct *area; -@@ -1998,6 +2068,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -1998,6 +2069,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -79465,7 +79603,7 @@ index 9559afc..ccd74e1 100644 u32 interface, fmode, numsrc; diff --git a/net/core/dev.c b/net/core/dev.c -index 64eb849..7b5948b 100644 +index 84a0705..575db4c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1047,10 +1047,14 @@ void dev_load(struct net *net, const char *name) @@ -79501,7 +79639,7 @@ index 64eb849..7b5948b 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -2826,7 +2830,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -2827,7 +2831,7 @@ void netif_napi_del(struct napi_struct *napi) EXPORT_SYMBOL(netif_napi_del); @@ -85183,7 +85321,7 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..5b07edd +index 0000000..704a564 --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,303 @@ @@ -85322,7 +85460,7 @@ index 0000000..5b07edd + .type_required = false, + .function_type_required = false, + .handler = handle_no_const_attribute, -+#if __GNUC__ > 4 || __GNUC_MINOR__ >= 7 ++#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = true +#endif +}; @@ -85335,7 +85473,7 @@ index 0000000..5b07edd + .type_required = false, + .function_type_required = false, + .handler = handle_do_const_attribute, -+#if __GNUC__ > 4 || __GNUC_MINOR__ >= 7 ++#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = true +#endif +}; @@ -85423,7 +85561,7 @@ index 0000000..5b07edd + tree var; + referenced_var_iterator rvi; + -+#if __GNUC__ == 4 && __GNUC_MINOR__ == 5 ++#if BUILDING_GCC_VERSION == 4005 + FOR_EACH_REFERENCED_VAR(var, rvi) { +#else + FOR_EACH_REFERENCED_VAR(cfun, var, rvi) { @@ -86019,7 +86157,7 @@ index 0000000..51f747e +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..41dd4b1 +index 0000000..d44f37c --- /dev/null +++ b/tools/gcc/stackleak_plugin.c @@ -0,0 +1,291 @@ @@ -86149,7 +86287,7 @@ index 0000000..41dd4b1 + gsi_insert_after(&gsi, track_stack, GSI_CONTINUE_LINKING); +} + -+#if __GNUC__ == 4 && __GNUC_MINOR__ == 5 ++#if BUILDING_GCC_VERSION == 4005 +static bool gimple_call_builtin_p(gimple stmt, enum built_in_function code) +{ + tree fndecl; @@ -86171,7 +86309,7 @@ index 0000000..41dd4b1 + if (gimple_call_builtin_p(stmt, BUILT_IN_ALLOCA)) + return true; + -+#if __GNUC__ > 4 || __GNUC_MINOR__ >= 7 ++#if BUILDING_GCC_VERSION >= 4007 + if (gimple_call_builtin_p(stmt, BUILT_IN_ALLOCA_WITH_ALIGN)) + return true; +#endif @@ -86247,7 +86385,7 @@ index 0000000..41dd4b1 +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); + // 2. delete call + insn = delete_insn_and_edges(insn); -+#if __GNUC__ > 4 || __GNUC_MINOR__ >= 7 ++#if BUILDING_GCC_VERSION >= 4007 + if (GET_CODE(insn) == NOTE && NOTE_KIND(insn) == NOTE_INSN_CALL_ARG_LOCATION) + insn = delete_insn_and_edges(insn); +#endif diff --git a/3.1.4/0000_README b/3.1.5/0000_README index 2858d71..24e612d 100644 --- a/3.1.4/0000_README +++ b/3.1.5/0000_README @@ -7,7 +7,7 @@ Patch: 1003_linux-3.1.4.patch From: http://www.kernel.org Desc: Linux 3.1.4 -Patch: 4420_grsecurity-2.2.2-3.1.4-201112082139.patch +Patch: 4420_grsecurity-2.2.2-3.1.5-201112101853.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.1.4/1003_linux-3.1.4.patch b/3.1.5/1003_linux-3.1.4.patch index f995031..f995031 100644 --- a/3.1.4/1003_linux-3.1.4.patch +++ b/3.1.5/1003_linux-3.1.4.patch diff --git a/3.1.4/4420_grsecurity-2.2.2-3.1.4-201112082139.patch b/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch index 9a6ec41..67dea05 100644 --- a/3.1.4/4420_grsecurity-2.2.2-3.1.4-201112082139.patch +++ b/3.1.5/4420_grsecurity-2.2.2-3.1.5-201112101853.patch @@ -186,7 +186,7 @@ index d6e6724..a024ce8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 7f8a93b..4435dc9 100644 +index 94ab2ad..1e4a6e8 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -748,7 +748,7 @@ index aeef960..2966009 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 1a347f4..8b4c8a1 100644 +index c9d11ea..5078081 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -759,7 +759,7 @@ index 1a347f4..8b4c8a1 100644 #include <linux/hw_breakpoint.h> #include <linux/cpuidle.h> -@@ -481,12 +480,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -484,12 +483,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -3810,13 +3810,13 @@ index 3e1449f..5293a0e 100644 { - unsigned long ret = ___copy_to_user(to, from, size); + unsigned long ret; -+ + + if ((long)size < 0 || size > INT_MAX) + return size; + + if (!__builtin_constant_p(size)) + check_object_size(from, size, true); - ++ + ret = ___copy_to_user(to, from, size); if (unlikely(ret)) ret = copy_to_user_fixup(to, from, size); @@ -8930,9 +8930,9 @@ index 6902152..399f3a2 100644 +#endif + } -- } - #endif -+ } ++#endif + } +-#endif } #define activate_mm(prev, next) \ @@ -9451,14 +9451,15 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 975f709..3a89693 100644 +index 975f709..107976d 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h -@@ -16,10 +16,13 @@ +@@ -16,10 +16,14 @@ extern pud_t level3_kernel_pgt[512]; extern pud_t level3_ident_pgt[512]; -+extern pud_t level3_vmalloc_pgt[512]; ++extern pud_t level3_vmalloc_start_pgt[512]; ++extern pud_t level3_vmalloc_end_pgt[512]; +extern pud_t level3_vmemmap_pgt[512]; +extern pud_t level2_vmemmap_pgt[512]; extern pmd_t level2_kernel_pgt[512]; @@ -9470,7 +9471,7 @@ index 975f709..3a89693 100644 #define swapper_pg_dir init_level4_pgt -@@ -61,7 +64,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) +@@ -61,7 +65,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte) static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd) { @@ -9480,7 +9481,7 @@ index 975f709..3a89693 100644 } static inline void native_pmd_clear(pmd_t *pmd) -@@ -107,6 +112,13 @@ static inline void native_pud_clear(pud_t *pud) +@@ -107,6 +113,13 @@ static inline void native_pud_clear(pud_t *pud) static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) { @@ -10163,7 +10164,15 @@ index 70bbe39..4ae2bd4 100644 - void *data, - unsigned long *end, - int *graph); -- ++typedef unsigned long walk_stack_t(struct task_struct *task, ++ void *stack_start, ++ unsigned long *stack, ++ unsigned long bp, ++ const struct stacktrace_ops *ops, ++ void *data, ++ unsigned long *end, ++ int *graph); + -extern unsigned long -print_context_stack(struct thread_info *tinfo, - unsigned long *stack, unsigned long bp, @@ -10175,15 +10184,6 @@ index 70bbe39..4ae2bd4 100644 - unsigned long *stack, unsigned long bp, - const struct stacktrace_ops *ops, void *data, - unsigned long *end, int *graph); -+typedef unsigned long walk_stack_t(struct task_struct *task, -+ void *stack_start, -+ unsigned long *stack, -+ unsigned long bp, -+ const struct stacktrace_ops *ops, -+ void *data, -+ unsigned long *end, -+ int *graph); -+ +extern walk_stack_t print_context_stack; +extern walk_stack_t print_context_stack_bp; @@ -10307,38 +10307,24 @@ index a1fe5c1..ee326d8 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -170,6 +164,23 @@ struct thread_info { +@@ -170,45 +164,40 @@ struct thread_info { ret; \ }) -+#ifdef __ASSEMBLY__ -+/* how to get the thread information struct from ASM */ -+#define GET_THREAD_INFO(reg) \ -+ mov PER_CPU_VAR(current_tinfo), reg -+ -+/* use this one if reg already contains %esp */ -+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) -+#else -+/* how to get the thread information struct from C */ -+DECLARE_PER_CPU(struct thread_info *, current_tinfo); -+ -+static __always_inline struct thread_info *current_thread_info(void) -+{ -+ return percpu_read_stable(current_tinfo); -+} -+#endif -+ - #ifdef CONFIG_X86_32 - - #define STACK_WARN (THREAD_SIZE/8) -@@ -180,35 +191,13 @@ struct thread_info { - */ - #ifndef __ASSEMBLY__ - +-#ifdef CONFIG_X86_32 +- +-#define STACK_WARN (THREAD_SIZE/8) +-/* +- * macros/functions for gaining access to the thread information structure +- * +- * preempt_count needs to be 1 initially, until the scheduler is functional. +- */ +-#ifndef __ASSEMBLY__ +- +- +-/* how to get the current stack pointer from C */ +-register unsigned long current_stack_pointer asm("esp") __used; - - /* how to get the current stack pointer from C */ - register unsigned long current_stack_pointer asm("esp") __used; - -/* how to get the thread information struct from C */ -static inline struct thread_info *current_thread_info(void) -{ @@ -10348,15 +10334,40 @@ index a1fe5c1..ee326d8 100644 - -#else /* !__ASSEMBLY__ */ - --/* how to get the thread information struct from ASM */ --#define GET_THREAD_INFO(reg) \ ++#ifdef __ASSEMBLY__ + /* how to get the thread information struct from ASM */ + #define GET_THREAD_INFO(reg) \ - movl $-THREAD_SIZE, reg; \ - andl %esp, reg -- --/* use this one if reg already contains %esp */ ++ mov PER_CPU_VAR(current_tinfo), reg + + /* use this one if reg already contains %esp */ -#define GET_THREAD_INFO_WITH_ESP(reg) \ - andl $-THREAD_SIZE, reg -- ++#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) ++#else ++/* how to get the thread information struct from C */ ++DECLARE_PER_CPU(struct thread_info *, current_tinfo); ++ ++static __always_inline struct thread_info *current_thread_info(void) ++{ ++ return percpu_read_stable(current_tinfo); ++} ++#endif ++ ++#ifdef CONFIG_X86_32 ++ ++#define STACK_WARN (THREAD_SIZE/8) ++/* ++ * macros/functions for gaining access to the thread information structure ++ * ++ * preempt_count needs to be 1 initially, until the scheduler is functional. ++ */ ++#ifndef __ASSEMBLY__ ++ ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("esp") __used; + #endif #else /* X86_32 */ @@ -10711,18 +10722,18 @@ index 566e803..89f1e60 100644 unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); --} + if ((long)n < 0) + return n; ++ ++ return __copy_from_user_ll_nocache_nozero(to, from, n); + } -unsigned long __must_check copy_to_user(void __user *to, - const void *from, unsigned long n); -unsigned long __must_check _copy_from_user(void *to, - const void __user *from, - unsigned long n); -+ return __copy_from_user_ll_nocache_nozero(to, from, n); -+} - +- +extern void copy_to_user_overflow(void) +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS + __compiletime_error("copy_to_user() buffer size is not provably correct") @@ -10803,7 +10814,7 @@ index 566e803..89f1e60 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..d407072 100644 +index 1c66d30..59bd7d4 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -10850,7 +10861,8 @@ index 1c66d30..d407072 100644 static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, - unsigned long n) +- unsigned long n) ++ unsigned n) { - int sz = __compiletime_object_size(to); - @@ -11784,16 +11796,16 @@ index 4f13faf..87db5d2 100644 + +#ifdef CONFIG_PAX_KERNEXEC + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); -+#endif -+ + #endif + +#ifdef CONFIG_PAX_MEMORY_UDEREF + OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); + OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); +#ifdef CONFIG_X86_64 + OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched); +#endif - #endif - ++#endif ++ +#endif + + BLANK(); @@ -14948,8 +14960,12 @@ index e11e394..9aebc5d 100644 - addq %rbp, level3_kernel_pgt + (510*8)(%rip) - addq %rbp, level3_kernel_pgt + (511*8)(%rip) -- -- addq %rbp, level2_fixmap_pgt + (506*8)(%rip) ++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) ++ ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) + + addq %rbp, level2_fixmap_pgt + (506*8)(%rip) - - /* Add an Identity mapping if I am above 1G */ - leaq _text(%rip), %rdi @@ -14959,14 +14975,11 @@ index e11e394..9aebc5d 100644 - shrq $PUD_SHIFT, %rax - andq $(PTRS_PER_PUD - 1), %rax - jz ident_complete -+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) - +- - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx - leaq level3_ident_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) - +- - movq %rdi, %rax - shrq $PMD_SHIFT, %rax - andq $(PTRS_PER_PMD - 1), %rax @@ -14974,7 +14987,6 @@ index e11e394..9aebc5d 100644 - leaq level2_spare_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -ident_complete: -+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip) + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) /* @@ -15043,9 +15055,9 @@ index e11e394..9aebc5d 100644 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" early_idt_ripmsg: .asciz "RIP %s\n" --#endif /* CONFIG_EARLY_PRINTK */ - .previous -+#endif /* CONFIG_EARLY_PRINTK */ ++ .previous + #endif /* CONFIG_EARLY_PRINTK */ +- .previous + .section .rodata,"a",@progbits #define NEXT_PAGE(name) \ @@ -16494,7 +16506,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 9242436..753954d 100644 +index d4a705f..ef8f1a9 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -16506,7 +16518,7 @@ index 9242436..753954d 100644 enum reboot_type reboot_type = BOOT_ACPI; int reboot_force; -@@ -315,13 +315,17 @@ core_initcall(reboot_init); +@@ -324,13 +324,17 @@ core_initcall(reboot_init); extern const unsigned char machine_real_restart_asm[]; extern const u64 machine_real_restart_gdt[3]; @@ -16526,7 +16538,7 @@ index 9242436..753954d 100644 local_irq_disable(); /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -347,14 +351,14 @@ void machine_real_restart(unsigned int type) +@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type) boot)". This seems like a fairly standard thing that gets set by REBOOT.COM programs, and the previous reset routine did this too. */ @@ -16543,7 +16555,7 @@ index 9242436..753954d 100644 /* GDT[0]: GDT self-pointer */ lowmem_gdt[0] = -@@ -365,7 +369,33 @@ void machine_real_restart(unsigned int type) +@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type) GDT_ENTRY(0x009b, restart_pa, 0xffff); /* Jump to the identity-mapped low memory code */ @@ -16577,7 +16589,7 @@ index 9242436..753954d 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -523,7 +553,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -532,7 +562,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -16586,7 +16598,7 @@ index 9242436..753954d 100644 { int i; int attempt = 0; -@@ -647,13 +677,13 @@ void native_machine_shutdown(void) +@@ -656,13 +686,13 @@ void native_machine_shutdown(void) #endif } @@ -16602,7 +16614,7 @@ index 9242436..753954d 100644 { printk("machine restart\n"); -@@ -662,7 +692,7 @@ static void native_machine_restart(char *__unused) +@@ -671,7 +701,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -16611,7 +16623,7 @@ index 9242436..753954d 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -673,7 +703,7 @@ static void native_machine_halt(void) +@@ -682,7 +712,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -16620,7 +16632,7 @@ index 9242436..753954d 100644 { if (pm_power_off) { if (!reboot_force) -@@ -682,6 +712,7 @@ static void native_machine_power_off(void) +@@ -691,6 +721,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -16946,7 +16958,12 @@ index 0b0cb5f..db6b9ed 100644 - const char *const argv[], - const char *const envp[]) +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) -+{ + { +- long __res; +- asm volatile ("int $0x80" +- : "=a" (__res) +- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory"); +- return __res; + unsigned long pax_task_size = TASK_SIZE; + +#ifdef CONFIG_PAX_SEGMEXEC @@ -17054,12 +17071,7 @@ index 0b0cb5f..db6b9ed 100644 +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + const unsigned long len, const unsigned long pgoff, + const unsigned long flags) - { -- long __res; -- asm volatile ("int $0x80" -- : "=a" (__res) -- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory"); -- return __res; ++{ + struct vm_area_struct *vma; + struct mm_struct *mm = current->mm; + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; @@ -21222,16 +21234,13 @@ index e218d5d..35679b4 100644 - */ -unsigned long -copy_to_user(void __user *to, const void *from, unsigned long n) -+void copy_from_user_overflow(void) - { +-{ - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; -+ WARN(1, "Buffer overflow detected!\n"); - } +-} -EXPORT_SYMBOL(copy_to_user); -+EXPORT_SYMBOL(copy_from_user_overflow); - +- -/** - * copy_from_user: - Copy a block of data from user space. - * @to: Destination address, in kernel space. @@ -21250,23 +21259,30 @@ index e218d5d..35679b4 100644 - */ -unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) -+void copy_to_user_overflow(void) - { +-{ - if (access_ok(VERIFY_READ, from, n)) - n = __copy_from_user(to, from, n); - else - memset(to, 0, n); - return n; -+ WARN(1, "Buffer overflow detected!\n"); - } +-} -EXPORT_SYMBOL(_copy_from_user); +- + void copy_from_user_overflow(void) + { + WARN(1, "Buffer overflow detected!\n"); + } + EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} +EXPORT_SYMBOL(copy_to_user_overflow); - --void copy_from_user_overflow(void) ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF +void __set_fs(mm_segment_t x) - { -- WARN(1, "Buffer overflow detected!\n"); ++{ + switch (x.seg) { + case 0: + loadsegment(gs, 0); @@ -21281,8 +21297,7 @@ index e218d5d..35679b4 100644 + BUG(); + } + return; - } --EXPORT_SYMBOL(copy_from_user_overflow); ++} +EXPORT_SYMBOL(__set_fs); + +void set_fs(mm_segment_t x) @@ -21714,7 +21729,7 @@ index 0d17c8c..4f4764f 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -989,19 +1181,33 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -989,18 +1181,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -21725,7 +21740,11 @@ index 0d17c8c..4f4764f 100644 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | (write ? FAULT_FLAG_WRITE : 0); -+ /* Get the faulting address: */ +- tsk = current; +- mm = tsk->mm; +- + /* Get the faulting address: */ +- address = read_cr2(); + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -21743,15 +21762,11 @@ index 0d17c8c..4f4764f 100644 + } +#endif + - tsk = current; - mm = tsk->mm; ++ tsk = current; ++ mm = tsk->mm; -- /* Get the faulting address: */ -- address = read_cr2(); -- /* * Detect and handle instructions that would cause a page fault for - * both a tracked kernel page and a userspace page. @@ -1061,7 +1267,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: @@ -21797,13 +21812,13 @@ index 0d17c8c..4f4764f 100644 + if (unlikely(address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)) { + bad_area(regs, error_code, address); + return; -+ } + } + +#ifdef CONFIG_PAX_SEGMEXEC + if (unlikely((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)) { + bad_area(regs, error_code, address); + return; - } ++ } +#endif + if (unlikely(expand_stack(vma, address))) { @@ -22051,10 +22066,19 @@ index 0d17c8c..4f4764f 100644 + return ret ? -EFAULT : 0; +} diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c -index ea30585..b5e1508 100644 +index ea30585..7d26398 100644 --- a/arch/x86/mm/gup.c +++ b/arch/x86/mm/gup.c -@@ -253,7 +253,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, +@@ -201,6 +201,8 @@ static noinline int gup_huge_pud(pud_t pud, unsigned long addr, + do { + VM_BUG_ON(compound_head(page) != head); + pages[*nr] = page; ++ if (PageTail(page)) ++ get_huge_page_tail(page); + (*nr)++; + page++; + refs++; +@@ -253,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write, addr = start; len = (unsigned long) nr_pages << PAGE_SHIFT; end = start + len; @@ -22064,10 +22088,10 @@ index ea30585..b5e1508 100644 return 0; diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c -index b499626..6fd1882 100644 +index f4f29b1..5cac4fb 100644 --- a/arch/x86/mm/highmem_32.c +++ b/arch/x86/mm/highmem_32.c -@@ -44,7 +44,10 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) +@@ -44,7 +44,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) idx = type + KM_TYPE_NR*smp_processor_id(); vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx); BUG_ON(!pte_none(*(kmap_pte-idx))); @@ -22075,9 +22099,10 @@ index b499626..6fd1882 100644 + pax_open_kernel(); set_pte(kmap_pte-idx, mk_pte(page, prot)); + pax_close_kernel(); ++ + arch_flush_lazy_mmu_mode(); return (void *)vaddr; - } diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c index f581a18..29efd37 100644 --- a/arch/x86/mm/hugetlbpage.c @@ -22306,7 +22331,6 @@ index 87488b9..7129f32 100644 */ int devmem_is_allowed(unsigned long pagenr) { -- if (pagenr <= 256) +#ifdef CONFIG_GRKERNSEC_KMEM + /* allow BDA */ + if (!pagenr) @@ -22324,10 +22348,11 @@ index 87488b9..7129f32 100644 +#endif + + if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT)) - return 1; ++ return 1; +#ifdef CONFIG_GRKERNSEC_KMEM + /* throw out everything else below 1MB */ -+ if (pagenr <= 256) + if (pagenr <= 256) +- return 1; + return 0; +#endif if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) @@ -23231,7 +23256,7 @@ index 8573b83..6372501 100644 + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} +#endif -+ + +#ifdef CONFIG_PAX_PER_CPU_PGD +void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) +{ @@ -23263,7 +23288,7 @@ index 8573b83..6372501 100644 +#define pyd_offset(mm ,address) pud_offset((mm), (address)) +#define PYD_SIZE PUD_SIZE +#endif - ++ +#ifdef CONFIG_PAX_PER_CPU_PGD +static inline void pgd_ctor(struct mm_struct *mm, pgd_t *pgd) {} +static inline void pgd_dtor(pgd_t *pgd) {} @@ -24629,30 +24654,32 @@ index 46c8069..6330d3c 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3dd53f9..9e8ba48 100644 +index 3dd53f9..5aa5df3 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1768,6 +1768,8 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1768,6 +1768,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, convert_pfn_mfn(init_level4_pgt); convert_pfn_mfn(level3_ident_pgt); convert_pfn_mfn(level3_kernel_pgt); -+ convert_pfn_mfn(level3_vmalloc_pgt); ++ convert_pfn_mfn(level3_vmalloc_start_pgt); ++ convert_pfn_mfn(level3_vmalloc_end_pgt); + convert_pfn_mfn(level3_vmemmap_pgt); l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1786,7 +1788,10 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1786,7 +1789,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); -+ set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO); ++ set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO); ++ set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO); + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2000,6 +2005,7 @@ static void __init xen_post_allocator_init(void) +@@ -2000,6 +2007,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -24660,7 +24687,7 @@ index 3dd53f9..9e8ba48 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2081,6 +2087,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2081,6 +2089,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -27757,7 +27784,7 @@ index 98723cb..10ca85b 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index fe738f0..2d03563 100644 +index 2410c40..2d03563 100644 --- a/drivers/gpu/drm/drm_crtc.c +++ b/drivers/gpu/drm/drm_crtc.c @@ -1374,7 +1374,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, @@ -27807,18 +27834,7 @@ index fe738f0..2d03563 100644 if (!num_clips != !clips_ptr) { ret = -EINVAL; -@@ -1868,6 +1868,10 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, - } - - if (num_clips && clips_ptr) { -+ if (num_clips < 0 || num_clips > DRM_MODE_FB_DIRTY_MAX_CLIPS) { -+ ret = -EINVAL; -+ goto out_err1; -+ } - clips = kzalloc(num_clips * sizeof(*clips), GFP_KERNEL); - if (!clips) { - ret = -ENOMEM; -@@ -2272,7 +2276,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2276,7 +2276,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, out_resp->flags = property->flags; if ((out_resp->count_values >= value_count) && value_count) { @@ -27827,7 +27843,7 @@ index fe738f0..2d03563 100644 for (i = 0; i < value_count; i++) { if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) { ret = -EFAULT; -@@ -2285,7 +2289,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2289,7 +2289,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if (property->flags & DRM_MODE_PROP_ENUM) { if ((out_resp->count_enum_blobs >= enum_count) && enum_count) { copied = 0; @@ -27836,7 +27852,7 @@ index fe738f0..2d03563 100644 list_for_each_entry(prop_enum, &property->enum_blob_list, head) { if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) { -@@ -2308,7 +2312,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, +@@ -2312,7 +2312,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, if ((out_resp->count_enum_blobs >= blob_count) && blob_count) { copied = 0; blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; @@ -27845,7 +27861,7 @@ index fe738f0..2d03563 100644 list_for_each_entry(prop_blob, &property->enum_blob_list, head) { if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2369,7 +2373,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2373,7 +2373,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, struct drm_mode_get_blob *out_resp = data; struct drm_property_blob *blob; int ret = 0; @@ -27854,7 +27870,7 @@ index fe738f0..2d03563 100644 if (!drm_core_check_feature(dev, DRIVER_MODESET)) return -EINVAL; -@@ -2383,7 +2387,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, +@@ -2387,7 +2387,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, blob = obj_to_blob(obj); if (out_resp->length == blob->length) { @@ -28264,7 +28280,7 @@ index 4934cf8..1da9c84 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 9cbb0cd..958a31f 100644 +index 73248d0..f7bac29 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -28285,7 +28301,7 @@ index 9cbb0cd..958a31f 100644 if (IS_GEN6(dev)) bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1228,7 +1228,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) +@@ -1229,7 +1229,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) int ret = IRQ_NONE, pipe; bool blc_event = false; @@ -28294,7 +28310,7 @@ index 9cbb0cd..958a31f 100644 iir = I915_READ(IIR); -@@ -1740,7 +1740,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1741,7 +1741,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -28303,7 +28319,7 @@ index 9cbb0cd..958a31f 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1904,7 +1904,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1905,7 +1905,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -28313,7 +28329,7 @@ index 9cbb0cd..958a31f 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index e1340a2..24f40c3 100644 +index 07e7cf3..c75f312 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2205,7 +2205,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -28686,10 +28702,10 @@ index 184628c..30e1725 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c -index bf2b615..c821ec8 100644 +index 285acc4..f4d909f 100644 --- a/drivers/gpu/drm/radeon/radeon_atombios.c +++ b/drivers/gpu/drm/radeon/radeon_atombios.c -@@ -545,6 +545,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) +@@ -569,6 +569,8 @@ bool radeon_get_atom_connector_info_from_object_table(struct drm_device *dev) struct radeon_gpio_rec gpio; struct radeon_hpd hpd; @@ -29097,7 +29113,7 @@ index c72f1c0..18376f1 100644 vga_put(pdev, io_state); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 5be9f47..aa81d42 100644 +index f26ae31..721fe1b 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c @@ -1951,7 +1951,7 @@ static bool hid_ignore(struct hid_device *hdev) @@ -30170,7 +30186,7 @@ index 6fe7987..68637b5 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index c118663..049a3ab 100644 +index a237547..28a9819 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -30225,7 +30241,7 @@ index c118663..049a3ab 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1240,7 +1240,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1242,7 +1242,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -30234,7 +30250,7 @@ index c118663..049a3ab 100644 return cm_node; } -@@ -1298,7 +1298,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1300,7 +1300,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -30243,7 +30259,7 @@ index c118663..049a3ab 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1365,7 +1365,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1367,7 +1367,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -30252,7 +30268,7 @@ index c118663..049a3ab 100644 dev_kfree_skb_any(skb); } -@@ -1428,7 +1428,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1430,7 +1430,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -30261,7 +30277,7 @@ index c118663..049a3ab 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2057,7 +2057,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2059,7 +2059,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -30270,7 +30286,7 @@ index c118663..049a3ab 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2332,7 +2332,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, +@@ -2334,7 +2334,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, add_ref_cm_node(cm_node); } else if (cm_node->state == NES_CM_STATE_TSA) { rem_ref_cm_node(cm_core, cm_node); @@ -30279,7 +30295,7 @@ index c118663..049a3ab 100644 dev_kfree_skb_any(skb); break; } -@@ -2638,7 +2638,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2640,7 +2640,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -30288,7 +30304,7 @@ index c118663..049a3ab 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2660,7 +2660,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2662,7 +2662,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -30297,7 +30313,7 @@ index c118663..049a3ab 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -2791,7 +2791,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -2793,7 +2793,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -30306,7 +30322,7 @@ index c118663..049a3ab 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3001,7 +3001,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3003,7 +3003,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; @@ -30315,7 +30331,7 @@ index c118663..049a3ab 100644 cm_node = (struct nes_cm_node *) cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3067,7 +3067,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3069,7 +3069,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -30324,7 +30340,7 @@ index c118663..049a3ab 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3173,7 +3173,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3175,7 +3175,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -30333,7 +30349,7 @@ index c118663..049a3ab 100644 } cm_id->add_ref(cm_id); -@@ -3278,7 +3278,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3280,7 +3280,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) { return; } @@ -30342,7 +30358,7 @@ index c118663..049a3ab 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3493,7 +3493,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3495,7 +3495,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -30351,7 +30367,7 @@ index c118663..049a3ab 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3529,7 +3529,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3531,7 +3531,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -30360,7 +30376,7 @@ index c118663..049a3ab 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3567,7 +3567,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3569,7 +3569,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32372,31 +32388,6 @@ index 5c3ce24..4915ccb 100644 - atomic_long_t flush_tlb_gru; - atomic_long_t flush_tlb_gru_tgh; - atomic_long_t flush_tlb_gru_zero_asid; -- -- atomic_long_t copy_gpa; -- atomic_long_t read_gpa; -- -- atomic_long_t mesq_receive; -- atomic_long_t mesq_receive_none; -- atomic_long_t mesq_send; -- atomic_long_t mesq_send_failed; -- atomic_long_t mesq_noop; -- atomic_long_t mesq_send_unexpected_error; -- atomic_long_t mesq_send_lb_overflow; -- atomic_long_t mesq_send_qlimit_reached; -- atomic_long_t mesq_send_amo_nacked; -- atomic_long_t mesq_send_put_nacked; -- atomic_long_t mesq_page_overflow; -- atomic_long_t mesq_qf_locked; -- atomic_long_t mesq_qf_noop_not_full; -- atomic_long_t mesq_qf_switch_head_failed; -- atomic_long_t mesq_qf_unexpected_error; -- atomic_long_t mesq_noop_unexpected_error; -- atomic_long_t mesq_noop_lb_overflow; -- atomic_long_t mesq_noop_qlimit_reached; -- atomic_long_t mesq_noop_amo_nacked; -- atomic_long_t mesq_noop_put_nacked; -- atomic_long_t mesq_noop_page_overflow; + atomic_long_unchecked_t vdata_alloc; + atomic_long_unchecked_t vdata_free; + atomic_long_unchecked_t gts_alloc; @@ -32448,10 +32439,33 @@ index 5c3ce24..4915ccb 100644 + atomic_long_unchecked_t flush_tlb_gru; + atomic_long_unchecked_t flush_tlb_gru_tgh; + atomic_long_unchecked_t flush_tlb_gru_zero_asid; -+ + +- atomic_long_t copy_gpa; +- atomic_long_t read_gpa; + atomic_long_unchecked_t copy_gpa; + atomic_long_unchecked_t read_gpa; -+ + +- atomic_long_t mesq_receive; +- atomic_long_t mesq_receive_none; +- atomic_long_t mesq_send; +- atomic_long_t mesq_send_failed; +- atomic_long_t mesq_noop; +- atomic_long_t mesq_send_unexpected_error; +- atomic_long_t mesq_send_lb_overflow; +- atomic_long_t mesq_send_qlimit_reached; +- atomic_long_t mesq_send_amo_nacked; +- atomic_long_t mesq_send_put_nacked; +- atomic_long_t mesq_page_overflow; +- atomic_long_t mesq_qf_locked; +- atomic_long_t mesq_qf_noop_not_full; +- atomic_long_t mesq_qf_switch_head_failed; +- atomic_long_t mesq_qf_unexpected_error; +- atomic_long_t mesq_noop_unexpected_error; +- atomic_long_t mesq_noop_lb_overflow; +- atomic_long_t mesq_noop_qlimit_reached; +- atomic_long_t mesq_noop_amo_nacked; +- atomic_long_t mesq_noop_put_nacked; +- atomic_long_t mesq_noop_page_overflow; + atomic_long_unchecked_t mesq_receive; + atomic_long_unchecked_t mesq_receive_none; + atomic_long_unchecked_t mesq_send; @@ -34968,7 +34982,7 @@ index dd87e86..bc0148c 100644 } diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c -index dccd863..8d35669 100644 +index f8c752e..28bf4fc 100644 --- a/drivers/oprofile/oprof.c +++ b/drivers/oprofile/oprof.c @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work) @@ -36494,10 +36508,10 @@ index 6888b2c..45befa1 100644 return errsts; memset(arr, 0, sizeof(arr)); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index b4d43ae..26edd69 100644 +index 6d219e4..eb3ded3 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1413,7 +1413,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1415,7 +1415,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -36506,7 +36520,7 @@ index b4d43ae..26edd69 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1439,9 +1439,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1441,9 +1441,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -37214,10 +37228,10 @@ index 2ee97e2..0420b86 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index 09c44ab..6692d83 100644 +index 3872b8c..fe6d2f4 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c -@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, +@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, if (!urb) { pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); pr_info("max seqnum %d\n", @@ -43433,10 +43447,10 @@ index a88948b..1e32160 100644 dcache_init(); inode_init(); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index 11f8582..7b633bd 100644 +index 528da01..bd8c23d 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c -@@ -681,7 +681,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, +@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, old_fs = get_fs(); set_fs(get_ds()); rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, @@ -43445,7 +43459,7 @@ index 11f8582..7b633bd 100644 lower_bufsiz); set_fs(old_fs); if (rc < 0) -@@ -727,7 +727,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -737,7 +737,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) } old_fs = get_fs(); set_fs(get_ds()); @@ -43454,7 +43468,7 @@ index 11f8582..7b633bd 100644 set_fs(old_fs); if (rc < 0) { kfree(buf); -@@ -742,7 +742,7 @@ out: +@@ -752,7 +752,7 @@ out: static void ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) { @@ -44773,13 +44787,26 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_op_gc; -extern atomic_t fscache_n_op_cancelled; -extern atomic_t fscache_n_op_rejected; -- ++extern atomic_unchecked_t fscache_n_op_pend; ++extern atomic_unchecked_t fscache_n_op_run; ++extern atomic_unchecked_t fscache_n_op_enqueue; ++extern atomic_unchecked_t fscache_n_op_deferred_release; ++extern atomic_unchecked_t fscache_n_op_release; ++extern atomic_unchecked_t fscache_n_op_gc; ++extern atomic_unchecked_t fscache_n_op_cancelled; ++extern atomic_unchecked_t fscache_n_op_rejected; + -extern atomic_t fscache_n_attr_changed; -extern atomic_t fscache_n_attr_changed_ok; -extern atomic_t fscache_n_attr_changed_nobufs; -extern atomic_t fscache_n_attr_changed_nomem; -extern atomic_t fscache_n_attr_changed_calls; -- ++extern atomic_unchecked_t fscache_n_attr_changed; ++extern atomic_unchecked_t fscache_n_attr_changed_ok; ++extern atomic_unchecked_t fscache_n_attr_changed_nobufs; ++extern atomic_unchecked_t fscache_n_attr_changed_nomem; ++extern atomic_unchecked_t fscache_n_attr_changed_calls; + -extern atomic_t fscache_n_allocs; -extern atomic_t fscache_n_allocs_ok; -extern atomic_t fscache_n_allocs_wait; @@ -44788,7 +44815,15 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_allocs_object_dead; -extern atomic_t fscache_n_alloc_ops; -extern atomic_t fscache_n_alloc_op_waits; -- ++extern atomic_unchecked_t fscache_n_allocs; ++extern atomic_unchecked_t fscache_n_allocs_ok; ++extern atomic_unchecked_t fscache_n_allocs_wait; ++extern atomic_unchecked_t fscache_n_allocs_nobufs; ++extern atomic_unchecked_t fscache_n_allocs_intr; ++extern atomic_unchecked_t fscache_n_allocs_object_dead; ++extern atomic_unchecked_t fscache_n_alloc_ops; ++extern atomic_unchecked_t fscache_n_alloc_op_waits; + -extern atomic_t fscache_n_retrievals; -extern atomic_t fscache_n_retrievals_ok; -extern atomic_t fscache_n_retrievals_wait; @@ -44799,84 +44834,6 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_retrievals_object_dead; -extern atomic_t fscache_n_retrieval_ops; -extern atomic_t fscache_n_retrieval_op_waits; -- --extern atomic_t fscache_n_stores; --extern atomic_t fscache_n_stores_ok; --extern atomic_t fscache_n_stores_again; --extern atomic_t fscache_n_stores_nobufs; --extern atomic_t fscache_n_stores_oom; --extern atomic_t fscache_n_store_ops; --extern atomic_t fscache_n_store_calls; --extern atomic_t fscache_n_store_pages; --extern atomic_t fscache_n_store_radix_deletes; --extern atomic_t fscache_n_store_pages_over_limit; -- --extern atomic_t fscache_n_store_vmscan_not_storing; --extern atomic_t fscache_n_store_vmscan_gone; --extern atomic_t fscache_n_store_vmscan_busy; --extern atomic_t fscache_n_store_vmscan_cancelled; -- --extern atomic_t fscache_n_marks; --extern atomic_t fscache_n_uncaches; -- --extern atomic_t fscache_n_acquires; --extern atomic_t fscache_n_acquires_null; --extern atomic_t fscache_n_acquires_no_cache; --extern atomic_t fscache_n_acquires_ok; --extern atomic_t fscache_n_acquires_nobufs; --extern atomic_t fscache_n_acquires_oom; -- --extern atomic_t fscache_n_updates; --extern atomic_t fscache_n_updates_null; --extern atomic_t fscache_n_updates_run; -- --extern atomic_t fscache_n_relinquishes; --extern atomic_t fscache_n_relinquishes_null; --extern atomic_t fscache_n_relinquishes_waitcrt; --extern atomic_t fscache_n_relinquishes_retire; -- --extern atomic_t fscache_n_cookie_index; --extern atomic_t fscache_n_cookie_data; --extern atomic_t fscache_n_cookie_special; -- --extern atomic_t fscache_n_object_alloc; --extern atomic_t fscache_n_object_no_alloc; --extern atomic_t fscache_n_object_lookups; --extern atomic_t fscache_n_object_lookups_negative; --extern atomic_t fscache_n_object_lookups_positive; --extern atomic_t fscache_n_object_lookups_timed_out; --extern atomic_t fscache_n_object_created; --extern atomic_t fscache_n_object_avail; --extern atomic_t fscache_n_object_dead; -- --extern atomic_t fscache_n_checkaux_none; --extern atomic_t fscache_n_checkaux_okay; --extern atomic_t fscache_n_checkaux_update; --extern atomic_t fscache_n_checkaux_obsolete; -+extern atomic_unchecked_t fscache_n_op_pend; -+extern atomic_unchecked_t fscache_n_op_run; -+extern atomic_unchecked_t fscache_n_op_enqueue; -+extern atomic_unchecked_t fscache_n_op_deferred_release; -+extern atomic_unchecked_t fscache_n_op_release; -+extern atomic_unchecked_t fscache_n_op_gc; -+extern atomic_unchecked_t fscache_n_op_cancelled; -+extern atomic_unchecked_t fscache_n_op_rejected; -+ -+extern atomic_unchecked_t fscache_n_attr_changed; -+extern atomic_unchecked_t fscache_n_attr_changed_ok; -+extern atomic_unchecked_t fscache_n_attr_changed_nobufs; -+extern atomic_unchecked_t fscache_n_attr_changed_nomem; -+extern atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+extern atomic_unchecked_t fscache_n_allocs; -+extern atomic_unchecked_t fscache_n_allocs_ok; -+extern atomic_unchecked_t fscache_n_allocs_wait; -+extern atomic_unchecked_t fscache_n_allocs_nobufs; -+extern atomic_unchecked_t fscache_n_allocs_intr; -+extern atomic_unchecked_t fscache_n_allocs_object_dead; -+extern atomic_unchecked_t fscache_n_alloc_ops; -+extern atomic_unchecked_t fscache_n_alloc_op_waits; -+ +extern atomic_unchecked_t fscache_n_retrievals; +extern atomic_unchecked_t fscache_n_retrievals_ok; +extern atomic_unchecked_t fscache_n_retrievals_wait; @@ -44887,7 +44844,17 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_retrievals_object_dead; +extern atomic_unchecked_t fscache_n_retrieval_ops; +extern atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-extern atomic_t fscache_n_stores; +-extern atomic_t fscache_n_stores_ok; +-extern atomic_t fscache_n_stores_again; +-extern atomic_t fscache_n_stores_nobufs; +-extern atomic_t fscache_n_stores_oom; +-extern atomic_t fscache_n_store_ops; +-extern atomic_t fscache_n_store_calls; +-extern atomic_t fscache_n_store_pages; +-extern atomic_t fscache_n_store_radix_deletes; +-extern atomic_t fscache_n_store_pages_over_limit; +extern atomic_unchecked_t fscache_n_stores; +extern atomic_unchecked_t fscache_n_stores_ok; +extern atomic_unchecked_t fscache_n_stores_again; @@ -44898,35 +44865,66 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_store_pages; +extern atomic_unchecked_t fscache_n_store_radix_deletes; +extern atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-extern atomic_t fscache_n_store_vmscan_not_storing; +-extern atomic_t fscache_n_store_vmscan_gone; +-extern atomic_t fscache_n_store_vmscan_busy; +-extern atomic_t fscache_n_store_vmscan_cancelled; +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; +extern atomic_unchecked_t fscache_n_store_vmscan_gone; +extern atomic_unchecked_t fscache_n_store_vmscan_busy; +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ + +-extern atomic_t fscache_n_marks; +-extern atomic_t fscache_n_uncaches; +extern atomic_unchecked_t fscache_n_marks; +extern atomic_unchecked_t fscache_n_uncaches; -+ + +-extern atomic_t fscache_n_acquires; +-extern atomic_t fscache_n_acquires_null; +-extern atomic_t fscache_n_acquires_no_cache; +-extern atomic_t fscache_n_acquires_ok; +-extern atomic_t fscache_n_acquires_nobufs; +-extern atomic_t fscache_n_acquires_oom; +extern atomic_unchecked_t fscache_n_acquires; +extern atomic_unchecked_t fscache_n_acquires_null; +extern atomic_unchecked_t fscache_n_acquires_no_cache; +extern atomic_unchecked_t fscache_n_acquires_ok; +extern atomic_unchecked_t fscache_n_acquires_nobufs; +extern atomic_unchecked_t fscache_n_acquires_oom; -+ + +-extern atomic_t fscache_n_updates; +-extern atomic_t fscache_n_updates_null; +-extern atomic_t fscache_n_updates_run; +extern atomic_unchecked_t fscache_n_updates; +extern atomic_unchecked_t fscache_n_updates_null; +extern atomic_unchecked_t fscache_n_updates_run; -+ + +-extern atomic_t fscache_n_relinquishes; +-extern atomic_t fscache_n_relinquishes_null; +-extern atomic_t fscache_n_relinquishes_waitcrt; +-extern atomic_t fscache_n_relinquishes_retire; +extern atomic_unchecked_t fscache_n_relinquishes; +extern atomic_unchecked_t fscache_n_relinquishes_null; +extern atomic_unchecked_t fscache_n_relinquishes_waitcrt; +extern atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-extern atomic_t fscache_n_cookie_index; +-extern atomic_t fscache_n_cookie_data; +-extern atomic_t fscache_n_cookie_special; +extern atomic_unchecked_t fscache_n_cookie_index; +extern atomic_unchecked_t fscache_n_cookie_data; +extern atomic_unchecked_t fscache_n_cookie_special; -+ + +-extern atomic_t fscache_n_object_alloc; +-extern atomic_t fscache_n_object_no_alloc; +-extern atomic_t fscache_n_object_lookups; +-extern atomic_t fscache_n_object_lookups_negative; +-extern atomic_t fscache_n_object_lookups_positive; +-extern atomic_t fscache_n_object_lookups_timed_out; +-extern atomic_t fscache_n_object_created; +-extern atomic_t fscache_n_object_avail; +-extern atomic_t fscache_n_object_dead; +extern atomic_unchecked_t fscache_n_object_alloc; +extern atomic_unchecked_t fscache_n_object_no_alloc; +extern atomic_unchecked_t fscache_n_object_lookups; @@ -44936,7 +44934,11 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_object_created; +extern atomic_unchecked_t fscache_n_object_avail; +extern atomic_unchecked_t fscache_n_object_dead; -+ + +-extern atomic_t fscache_n_checkaux_none; +-extern atomic_t fscache_n_checkaux_okay; +-extern atomic_t fscache_n_checkaux_update; +-extern atomic_t fscache_n_checkaux_obsolete; +extern atomic_unchecked_t fscache_n_checkaux_none; +extern atomic_unchecked_t fscache_n_checkaux_okay; +extern atomic_unchecked_t fscache_n_checkaux_update; @@ -45602,13 +45604,27 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_op_gc; -atomic_t fscache_n_op_cancelled; -atomic_t fscache_n_op_rejected; -- ++atomic_unchecked_t fscache_n_op_pend; ++atomic_unchecked_t fscache_n_op_run; ++atomic_unchecked_t fscache_n_op_enqueue; ++atomic_unchecked_t fscache_n_op_requeue; ++atomic_unchecked_t fscache_n_op_deferred_release; ++atomic_unchecked_t fscache_n_op_release; ++atomic_unchecked_t fscache_n_op_gc; ++atomic_unchecked_t fscache_n_op_cancelled; ++atomic_unchecked_t fscache_n_op_rejected; + -atomic_t fscache_n_attr_changed; -atomic_t fscache_n_attr_changed_ok; -atomic_t fscache_n_attr_changed_nobufs; -atomic_t fscache_n_attr_changed_nomem; -atomic_t fscache_n_attr_changed_calls; -- ++atomic_unchecked_t fscache_n_attr_changed; ++atomic_unchecked_t fscache_n_attr_changed_ok; ++atomic_unchecked_t fscache_n_attr_changed_nobufs; ++atomic_unchecked_t fscache_n_attr_changed_nomem; ++atomic_unchecked_t fscache_n_attr_changed_calls; + -atomic_t fscache_n_allocs; -atomic_t fscache_n_allocs_ok; -atomic_t fscache_n_allocs_wait; @@ -45617,7 +45633,15 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_allocs_object_dead; -atomic_t fscache_n_alloc_ops; -atomic_t fscache_n_alloc_op_waits; -- ++atomic_unchecked_t fscache_n_allocs; ++atomic_unchecked_t fscache_n_allocs_ok; ++atomic_unchecked_t fscache_n_allocs_wait; ++atomic_unchecked_t fscache_n_allocs_nobufs; ++atomic_unchecked_t fscache_n_allocs_intr; ++atomic_unchecked_t fscache_n_allocs_object_dead; ++atomic_unchecked_t fscache_n_alloc_ops; ++atomic_unchecked_t fscache_n_alloc_op_waits; + -atomic_t fscache_n_retrievals; -atomic_t fscache_n_retrievals_ok; -atomic_t fscache_n_retrievals_wait; @@ -45628,85 +45652,6 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_retrievals_object_dead; -atomic_t fscache_n_retrieval_ops; -atomic_t fscache_n_retrieval_op_waits; -- --atomic_t fscache_n_stores; --atomic_t fscache_n_stores_ok; --atomic_t fscache_n_stores_again; --atomic_t fscache_n_stores_nobufs; --atomic_t fscache_n_stores_oom; --atomic_t fscache_n_store_ops; --atomic_t fscache_n_store_calls; --atomic_t fscache_n_store_pages; --atomic_t fscache_n_store_radix_deletes; --atomic_t fscache_n_store_pages_over_limit; -- --atomic_t fscache_n_store_vmscan_not_storing; --atomic_t fscache_n_store_vmscan_gone; --atomic_t fscache_n_store_vmscan_busy; --atomic_t fscache_n_store_vmscan_cancelled; -- --atomic_t fscache_n_marks; --atomic_t fscache_n_uncaches; -- --atomic_t fscache_n_acquires; --atomic_t fscache_n_acquires_null; --atomic_t fscache_n_acquires_no_cache; --atomic_t fscache_n_acquires_ok; --atomic_t fscache_n_acquires_nobufs; --atomic_t fscache_n_acquires_oom; -- --atomic_t fscache_n_updates; --atomic_t fscache_n_updates_null; --atomic_t fscache_n_updates_run; -- --atomic_t fscache_n_relinquishes; --atomic_t fscache_n_relinquishes_null; --atomic_t fscache_n_relinquishes_waitcrt; --atomic_t fscache_n_relinquishes_retire; -- --atomic_t fscache_n_cookie_index; --atomic_t fscache_n_cookie_data; --atomic_t fscache_n_cookie_special; -- --atomic_t fscache_n_object_alloc; --atomic_t fscache_n_object_no_alloc; --atomic_t fscache_n_object_lookups; --atomic_t fscache_n_object_lookups_negative; --atomic_t fscache_n_object_lookups_positive; --atomic_t fscache_n_object_lookups_timed_out; --atomic_t fscache_n_object_created; --atomic_t fscache_n_object_avail; --atomic_t fscache_n_object_dead; -- --atomic_t fscache_n_checkaux_none; --atomic_t fscache_n_checkaux_okay; --atomic_t fscache_n_checkaux_update; --atomic_t fscache_n_checkaux_obsolete; -+atomic_unchecked_t fscache_n_op_pend; -+atomic_unchecked_t fscache_n_op_run; -+atomic_unchecked_t fscache_n_op_enqueue; -+atomic_unchecked_t fscache_n_op_requeue; -+atomic_unchecked_t fscache_n_op_deferred_release; -+atomic_unchecked_t fscache_n_op_release; -+atomic_unchecked_t fscache_n_op_gc; -+atomic_unchecked_t fscache_n_op_cancelled; -+atomic_unchecked_t fscache_n_op_rejected; -+ -+atomic_unchecked_t fscache_n_attr_changed; -+atomic_unchecked_t fscache_n_attr_changed_ok; -+atomic_unchecked_t fscache_n_attr_changed_nobufs; -+atomic_unchecked_t fscache_n_attr_changed_nomem; -+atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+atomic_unchecked_t fscache_n_allocs; -+atomic_unchecked_t fscache_n_allocs_ok; -+atomic_unchecked_t fscache_n_allocs_wait; -+atomic_unchecked_t fscache_n_allocs_nobufs; -+atomic_unchecked_t fscache_n_allocs_intr; -+atomic_unchecked_t fscache_n_allocs_object_dead; -+atomic_unchecked_t fscache_n_alloc_ops; -+atomic_unchecked_t fscache_n_alloc_op_waits; -+ +atomic_unchecked_t fscache_n_retrievals; +atomic_unchecked_t fscache_n_retrievals_ok; +atomic_unchecked_t fscache_n_retrievals_wait; @@ -45717,7 +45662,17 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_retrievals_object_dead; +atomic_unchecked_t fscache_n_retrieval_ops; +atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-atomic_t fscache_n_stores; +-atomic_t fscache_n_stores_ok; +-atomic_t fscache_n_stores_again; +-atomic_t fscache_n_stores_nobufs; +-atomic_t fscache_n_stores_oom; +-atomic_t fscache_n_store_ops; +-atomic_t fscache_n_store_calls; +-atomic_t fscache_n_store_pages; +-atomic_t fscache_n_store_radix_deletes; +-atomic_t fscache_n_store_pages_over_limit; +atomic_unchecked_t fscache_n_stores; +atomic_unchecked_t fscache_n_stores_ok; +atomic_unchecked_t fscache_n_stores_again; @@ -45728,35 +45683,66 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_store_pages; +atomic_unchecked_t fscache_n_store_radix_deletes; +atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-atomic_t fscache_n_store_vmscan_not_storing; +-atomic_t fscache_n_store_vmscan_gone; +-atomic_t fscache_n_store_vmscan_busy; +-atomic_t fscache_n_store_vmscan_cancelled; +atomic_unchecked_t fscache_n_store_vmscan_not_storing; +atomic_unchecked_t fscache_n_store_vmscan_gone; +atomic_unchecked_t fscache_n_store_vmscan_busy; +atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ + +-atomic_t fscache_n_marks; +-atomic_t fscache_n_uncaches; +atomic_unchecked_t fscache_n_marks; +atomic_unchecked_t fscache_n_uncaches; -+ + +-atomic_t fscache_n_acquires; +-atomic_t fscache_n_acquires_null; +-atomic_t fscache_n_acquires_no_cache; +-atomic_t fscache_n_acquires_ok; +-atomic_t fscache_n_acquires_nobufs; +-atomic_t fscache_n_acquires_oom; +atomic_unchecked_t fscache_n_acquires; +atomic_unchecked_t fscache_n_acquires_null; +atomic_unchecked_t fscache_n_acquires_no_cache; +atomic_unchecked_t fscache_n_acquires_ok; +atomic_unchecked_t fscache_n_acquires_nobufs; +atomic_unchecked_t fscache_n_acquires_oom; -+ + +-atomic_t fscache_n_updates; +-atomic_t fscache_n_updates_null; +-atomic_t fscache_n_updates_run; +atomic_unchecked_t fscache_n_updates; +atomic_unchecked_t fscache_n_updates_null; +atomic_unchecked_t fscache_n_updates_run; -+ + +-atomic_t fscache_n_relinquishes; +-atomic_t fscache_n_relinquishes_null; +-atomic_t fscache_n_relinquishes_waitcrt; +-atomic_t fscache_n_relinquishes_retire; +atomic_unchecked_t fscache_n_relinquishes; +atomic_unchecked_t fscache_n_relinquishes_null; +atomic_unchecked_t fscache_n_relinquishes_waitcrt; +atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-atomic_t fscache_n_cookie_index; +-atomic_t fscache_n_cookie_data; +-atomic_t fscache_n_cookie_special; +atomic_unchecked_t fscache_n_cookie_index; +atomic_unchecked_t fscache_n_cookie_data; +atomic_unchecked_t fscache_n_cookie_special; -+ + +-atomic_t fscache_n_object_alloc; +-atomic_t fscache_n_object_no_alloc; +-atomic_t fscache_n_object_lookups; +-atomic_t fscache_n_object_lookups_negative; +-atomic_t fscache_n_object_lookups_positive; +-atomic_t fscache_n_object_lookups_timed_out; +-atomic_t fscache_n_object_created; +-atomic_t fscache_n_object_avail; +-atomic_t fscache_n_object_dead; +atomic_unchecked_t fscache_n_object_alloc; +atomic_unchecked_t fscache_n_object_no_alloc; +atomic_unchecked_t fscache_n_object_lookups; @@ -45766,7 +45752,11 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_object_created; +atomic_unchecked_t fscache_n_object_avail; +atomic_unchecked_t fscache_n_object_dead; -+ + +-atomic_t fscache_n_checkaux_none; +-atomic_t fscache_n_checkaux_okay; +-atomic_t fscache_n_checkaux_update; +-atomic_t fscache_n_checkaux_obsolete; +atomic_unchecked_t fscache_n_checkaux_none; +atomic_unchecked_t fscache_n_checkaux_okay; +atomic_unchecked_t fscache_n_checkaux_update; @@ -47567,18 +47557,20 @@ index 6296b40..417c00f 100644 if (!gpt) return NULL; -- count = le32_to_cpu(gpt->num_partition_entries) * -- le32_to_cpu(gpt->sizeof_partition_entry); -- if (!count) + if (!le32_to_cpu(gpt->num_partition_entries)) - return NULL; -- pte = kzalloc(count, GFP_KERNEL); ++ return NULL; + pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); - if (!pte) - return NULL; - -+ count = le32_to_cpu(gpt->num_partition_entries) * -+ le32_to_cpu(gpt->sizeof_partition_entry); ++ if (!pte) ++ return NULL; ++ + count = le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte = kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), (u8 *) pte, count) < count) { @@ -48437,7 +48429,9 @@ index d245cb2..7e645bd 100644 } else { if (kern_addr_valid(start)) { - unsigned long n; -- ++ char *elf_buf; ++ mm_segment_t oldfs; + - n = copy_to_user(buffer, (char *)start, tsz); - /* - * We cannot distingush between fault on source @@ -48448,9 +48442,6 @@ index d245cb2..7e645bd 100644 - if (n) { - if (clear_user(buffer + tsz - n, - n)) -+ char *elf_buf; -+ mm_segment_t oldfs; -+ + elf_buf = kmalloc(tsz, GFP_KERNEL); + if (!elf_buf) + return -ENOMEM; @@ -49586,7 +49577,7 @@ index f7ce7de..e1a5db0 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 673704f..74315c5 100644 +index 474920b..97169a9 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -446,7 +446,7 @@ xfs_vn_put_link( @@ -49598,31 +49589,6 @@ index 673704f..74315c5 100644 if (!IS_ERR(s)) kfree(s); -diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c -index 51fc429..a728e71 100644 ---- a/fs/xfs/xfs_vnodeops.c -+++ b/fs/xfs/xfs_vnodeops.c -@@ -123,13 +123,17 @@ xfs_readlink( - - xfs_ilock(ip, XFS_ILOCK_SHARED); - -- ASSERT(S_ISLNK(ip->i_d.di_mode)); -- ASSERT(ip->i_d.di_size <= MAXPATHLEN); -- - pathlen = ip->i_d.di_size; - if (!pathlen) - goto out; - -+ if (pathlen > MAXPATHLEN) { -+ xfs_alert(mp, "%s: inode (%llu) symlink length (%d) too long", -+ __func__, (unsigned long long)ip->i_ino, pathlen); -+ ASSERT(0); -+ return XFS_ERROR(EFSCORRUPTED); -+ } -+ - if (ip->i_df.if_flags & XFS_IFINLINE) { - memcpy(link, ip->i_df.if_u1.if_data, pathlen); - link[pathlen] = '\0'; diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 index 0000000..9629731 @@ -60028,19 +59994,6 @@ index 73b0712..0b7ef2f 100644 struct drm_connector_helper_funcs { int (*get_modes)(struct drm_connector *connector); -diff --git a/include/drm/drm_mode.h b/include/drm/drm_mode.h -index c4961ea..53dfa109 100644 ---- a/include/drm/drm_mode.h -+++ b/include/drm/drm_mode.h -@@ -233,6 +233,8 @@ struct drm_mode_fb_cmd { - #define DRM_MODE_FB_DIRTY_ANNOTATE_FILL 0x02 - #define DRM_MODE_FB_DIRTY_FLAGS 0x03 - -+#define DRM_MODE_FB_DIRTY_MAX_CLIPS 256 -+ - /* - * Mark a region of a framebuffer as dirty. - * diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h index 26c1f78..6722682 100644 --- a/include/drm/ttm/ttm_memory.h @@ -63804,10 +63757,10 @@ index a094477..bc91db1 100644 #endif diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 78c83e6..db3518d 100644 +index e9ff3fc..9d3e5c7 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h -@@ -47,8 +47,8 @@ struct inet_peer { +@@ -48,8 +48,8 @@ struct inet_peer { */ union { struct { @@ -63818,7 +63771,7 @@ index 78c83e6..db3518d 100644 __u32 tcp_ts; __u32 tcp_ts_stamp; }; -@@ -112,11 +112,11 @@ static inline int inet_getid(struct inet_peer *p, int more) +@@ -113,11 +113,11 @@ static inline int inet_getid(struct inet_peer *p, int more) more++; inet_peer_refcheck(p); do { @@ -65765,7 +65718,7 @@ index 8e6b6f4..9dccf00 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -353,55 +415,13 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -353,53 +415,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -65775,7 +65728,11 @@ index 8e6b6f4..9dccf00 100644 - if (security_vm_enough_memory(len)) - goto fail_nomem; - charge = len; -- } ++ tmp = dup_vma(mm, mpnt); ++ if (!tmp) { ++ retval = -ENOMEM; ++ goto out; + } - tmp = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL); - if (!tmp) - goto fail_nomem; @@ -65807,24 +65764,18 @@ index 8e6b6f4..9dccf00 100644 - vma_prio_tree_add(tmp, mpnt); - flush_dcache_mmap_unlock(mapping); - mutex_unlock(&mapping->i_mmap_mutex); -+ tmp = dup_vma(mm, mpnt); -+ if (!tmp) { -+ retval = -ENOMEM; -+ goto out; - } - - /* +- } +- +- /* - * Clear hugetlb-related page reserves for children. This only - * affects MAP_PRIVATE mappings. Faults generated by the child - * are not guaranteed to succeed, even if read-only - */ - if (is_vm_hugetlb_page(tmp)) - reset_vma_resv_huge_pages(tmp); -- -- /* + + /* * Link in the new vma and copy the page table entries. - */ - *pprev = tmp; @@ -422,6 +442,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; @@ -66104,10 +66055,10 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index a9205e3..1c6f5c0 100644 +index 2043c08..ec81a69 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1391,7 +1391,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1393,7 +1393,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -66117,7 +66068,7 @@ index a9205e3..1c6f5c0 100644 hrtimer_peek_ahead_timers(); } diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index a8ce450..5519bce 100644 +index e6f1f24..6c19597 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop) @@ -66130,7 +66081,7 @@ index a8ce450..5519bce 100644 } static void jump_label_update(struct jump_label_key *key, int enable); -@@ -297,10 +299,12 @@ static void jump_label_invalidate_module_init(struct module *mod) +@@ -298,10 +300,12 @@ static void jump_label_invalidate_module_init(struct module *mod) struct jump_entry *iter_stop = iter_start + mod->num_jump_entries; struct jump_entry *iter; @@ -66887,8 +66838,10 @@ index 04379f92..fba2faf 100644 + kmemleak_not_leak(ptr); + if (!ptr && mod->init_size_rw) { + module_free(mod, mod->module_core_rw); -+ return -ENOMEM; -+ } + return -ENOMEM; + } +- memset(ptr, 0, mod->init_size); +- mod->module_init = ptr; + memset(ptr, 0, mod->init_size_rw); + mod->module_init_rw = ptr; + @@ -66897,10 +66850,8 @@ index 04379f92..fba2faf 100644 + if (!ptr) { + module_free(mod, mod->module_init_rw); + module_free(mod, mod->module_core_rw); - return -ENOMEM; - } -- memset(ptr, 0, mod->init_size); -- mod->module_init = ptr; ++ return -ENOMEM; ++ } + + pax_open_kernel(); + memset(ptr, 0, mod->core_size_rx); @@ -69119,7 +69070,7 @@ index ea5e1a9..8b8df07 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index c7218d1..5f4ecc6 100644 +index 7a90d02..6d8585a 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c @@ -115,7 +115,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) @@ -69132,7 +69083,7 @@ index c7218d1..5f4ecc6 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 2b021b0e..b673a32 100644 +index 6f9798b..f8c4087 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -69143,7 +69094,7 @@ index 2b021b0e..b673a32 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -361,6 +362,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -365,6 +366,8 @@ int do_settimeofday(const struct timespec *tv) if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC) return -EINVAL; @@ -69314,10 +69265,10 @@ index 7c910a5..8b72104 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index c3e4575..cd9c767 100644 +index 48d3762..3b61fce 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1585,12 +1585,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1584,12 +1584,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -69337,7 +69288,7 @@ index c3e4575..cd9c767 100644 } /* -@@ -2607,7 +2612,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2606,7 +2611,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -69393,10 +69344,10 @@ index 17a2d44..85907e2 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 581876f..a91e569 100644 +index c212a7f..7b02394 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1300,10 +1300,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1299,10 +1299,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -69407,7 +69358,7 @@ index 581876f..a91e569 100644 }; static struct ftrace_module_file_ops * -@@ -1324,17 +1320,12 @@ trace_create_file_ops(struct module *mod) +@@ -1323,17 +1319,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -69431,7 +69382,7 @@ index 581876f..a91e569 100644 list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1358,8 +1349,8 @@ static void trace_module_add_events(struct module *mod) +@@ -1357,8 +1348,8 @@ static void trace_module_add_events(struct module *mod) for_each_event(call, start, end) { __trace_add_event_call(*call, mod, @@ -69965,10 +69916,18 @@ index d819d93..468e18f 100644 cond_resched(); } diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index dae27ba..e8d42be 100644 +index bb28a5f..fef0140 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -576,6 +576,7 @@ static void prep_compound_gigantic_page(struct page *page, unsigned long order) + __SetPageHead(page); + for (i = 1; i < nr_pages; i++, p = mem_map_next(p, page, i)) { + __SetPageTail(p); ++ set_page_count(p, 0); + p->first_page = page; + } + } +@@ -2346,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -69996,7 +69955,7 @@ index dae27ba..e8d42be 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. */ -@@ -2447,6 +2468,11 @@ retry_avoidcopy: +@@ -2449,6 +2471,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70008,7 +69967,7 @@ index dae27ba..e8d42be 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2598,6 +2624,10 @@ retry: +@@ -2600,6 +2627,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -70019,7 +69978,7 @@ index dae27ba..e8d42be 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2627,6 +2657,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2629,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -70030,7 +69989,7 @@ index dae27ba..e8d42be 100644 ptep = huge_pte_offset(mm, address); if (ptep) { entry = huge_ptep_get(ptep); -@@ -2638,6 +2672,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2640,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -70912,9 +70871,20 @@ index 9c51f9f..a9416cf 100644 err = -EPERM; goto out; diff --git a/mm/migrate.c b/mm/migrate.c -index 14d0a6a..81ffe69 100644 +index 14d0a6a..0360908 100644 --- a/mm/migrate.c +++ b/mm/migrate.c +@@ -866,9 +866,9 @@ static int unmap_and_move_huge_page(new_page_t get_new_page, + + if (anon_vma) + put_anon_vma(anon_vma); +-out: + unlock_page(hpage); + ++out: + if (rc != -EAGAIN) { + list_del(&hpage->lru); + put_page(hpage); @@ -1124,6 +1124,8 @@ static int do_pages_move(struct mm_struct *mm, struct task_struct *task, unsigned long chunk_start; int err; @@ -72713,7 +72683,7 @@ index 626303b..e9a1785 100644 if (oom_unkillable_task(p, mem, nodemask)) return 0; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 6e8ecb6..50b8879 100644 +index 6e8ecb6..d9e3d7a 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -340,7 +340,7 @@ out: @@ -72725,6 +72695,16 @@ index 6e8ecb6..50b8879 100644 { __free_pages_ok(page, compound_order(page)); } +@@ -355,8 +355,8 @@ void prep_compound_page(struct page *page, unsigned long order) + __SetPageHead(page); + for (i = 1; i < nr_pages; i++) { + struct page *p = page + i; +- + __SetPageTail(p); ++ set_page_count(p, 0); + p->first_page = page; + } + } @@ -653,6 +653,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -72783,6 +72763,14 @@ index 6e8ecb6..50b8879 100644 return 1; } return 0; +@@ -3373,6 +3393,7 @@ static void setup_zone_migrate_reserve(struct zone *zone) + /* Get the start pfn, end pfn and the number of blocks to reserve */ + start_pfn = zone->zone_start_pfn; + end_pfn = start_pfn + zone->spanned_pages; ++ start_pfn = roundup(start_pfn, pageblock_nr_pages); + reserve = roundup(min_wmark_pages(zone), pageblock_nr_pages) >> + pageblock_order; + diff --git a/mm/percpu.c b/mm/percpu.c index bf80e55..c7c3f9a 100644 --- a/mm/percpu.c @@ -72931,7 +72919,7 @@ index 32f6763..431c405 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 6d90a09..3cab423 100644 +index 893c76d..a742de2 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -151,7 +151,7 @@ @@ -72994,7 +72982,7 @@ index 6d90a09..3cab423 100644 #undef CACHE }; -@@ -1571,7 +1571,7 @@ void __init kmem_cache_init(void) +@@ -1572,7 +1572,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73003,7 +72991,7 @@ index 6d90a09..3cab423 100644 NULL); if (INDEX_AC != INDEX_L3) { -@@ -1579,7 +1579,7 @@ void __init kmem_cache_init(void) +@@ -1580,7 +1580,7 @@ void __init kmem_cache_init(void) kmem_cache_create(names[INDEX_L3].name, sizes[INDEX_L3].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73012,7 +73000,7 @@ index 6d90a09..3cab423 100644 NULL); } -@@ -1597,7 +1597,7 @@ void __init kmem_cache_init(void) +@@ -1598,7 +1598,7 @@ void __init kmem_cache_init(void) sizes->cs_cachep = kmem_cache_create(names->name, sizes->cs_size, ARCH_KMALLOC_MINALIGN, @@ -73021,7 +73009,7 @@ index 6d90a09..3cab423 100644 NULL); } #ifdef CONFIG_ZONE_DMA -@@ -4324,10 +4324,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4327,10 +4327,10 @@ static int s_show(struct seq_file *m, void *p) } /* cpu stats */ { @@ -73036,7 +73024,7 @@ index 6d90a09..3cab423 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4584,15 +4584,70 @@ static const struct file_operations proc_slabstats_operations = { +@@ -4587,15 +4587,70 @@ static const struct file_operations proc_slabstats_operations = { static int __init slab_proc_init(void) { @@ -73818,7 +73806,7 @@ index 88ea1bd..0f1dfdb 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 56faf31..75c1a4c 100644 +index 56faf31..862c072 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -73967,7 +73955,16 @@ index 56faf31..75c1a4c 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); -@@ -1672,6 +1734,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1634,6 +1696,8 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, + return NULL; + + addr = __vmalloc_area_node(area, gfp_mask, prot, node, caller); ++ if (!addr) ++ return NULL; + + /* + * In this function, newly allocated vm_struct is not added +@@ -1672,6 +1736,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, gfp_mask, prot, node, caller); } @@ -73975,7 +73972,7 @@ index 56faf31..75c1a4c 100644 void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) { return __vmalloc_node(size, 1, gfp_mask, prot, -1, -@@ -1695,6 +1758,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, +@@ -1695,6 +1760,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -73983,7 +73980,7 @@ index 56faf31..75c1a4c 100644 void *vmalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); -@@ -1711,6 +1775,7 @@ EXPORT_SYMBOL(vmalloc); +@@ -1711,6 +1777,7 @@ EXPORT_SYMBOL(vmalloc); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -73991,7 +73988,7 @@ index 56faf31..75c1a4c 100644 void *vzalloc(unsigned long size) { return __vmalloc_node_flags(size, -1, -@@ -1725,6 +1790,7 @@ EXPORT_SYMBOL(vzalloc); +@@ -1725,6 +1792,7 @@ EXPORT_SYMBOL(vzalloc); * The resulting memory area is zeroed so it can be mapped to userspace * without leaking data. */ @@ -73999,7 +73996,7 @@ index 56faf31..75c1a4c 100644 void *vmalloc_user(unsigned long size) { struct vm_struct *area; -@@ -1752,6 +1818,7 @@ EXPORT_SYMBOL(vmalloc_user); +@@ -1752,6 +1820,7 @@ EXPORT_SYMBOL(vmalloc_user); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74007,7 +74004,7 @@ index 56faf31..75c1a4c 100644 void *vmalloc_node(unsigned long size, int node) { return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, -@@ -1771,6 +1838,7 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1771,6 +1840,7 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc_node() instead. */ @@ -74015,7 +74012,7 @@ index 56faf31..75c1a4c 100644 void *vzalloc_node(unsigned long size, int node) { return __vmalloc_node_flags(size, node, -@@ -1793,10 +1861,10 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1793,10 +1863,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -74028,7 +74025,7 @@ index 56faf31..75c1a4c 100644 -1, __builtin_return_address(0)); } -@@ -1815,6 +1883,7 @@ void *vmalloc_exec(unsigned long size) +@@ -1815,6 +1885,7 @@ void *vmalloc_exec(unsigned long size) * Allocate enough 32bit PA addressable pages to cover @size from the * page level allocator and map them into contiguous kernel virtual space. */ @@ -74036,7 +74033,7 @@ index 56faf31..75c1a4c 100644 void *vmalloc_32(unsigned long size) { return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, -@@ -1829,6 +1898,7 @@ EXPORT_SYMBOL(vmalloc_32); +@@ -1829,6 +1900,7 @@ EXPORT_SYMBOL(vmalloc_32); * The resulting memory area is 32bit addressable and zeroed so it can be * mapped to userspace without leaking data. */ @@ -74044,7 +74041,7 @@ index 56faf31..75c1a4c 100644 void *vmalloc_32_user(unsigned long size) { struct vm_struct *area; -@@ -2091,6 +2161,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2091,6 +2163,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -74408,7 +74405,7 @@ index ea7f031..0615edc 100644 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); } diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c -index 995cbe0..c056d6c 100644 +index e79ff75..215b57d 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -1485,7 +1485,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, @@ -75387,10 +75384,10 @@ index 61714bd..c9cee6d 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 075212e..8713a00 100644 +index 05ac666c..82384a7 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -308,7 +308,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, +@@ -309,7 +309,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, static inline int rt_genid(struct net *net) { @@ -75399,16 +75396,16 @@ index 075212e..8713a00 100644 } #ifdef CONFIG_PROC_FS -@@ -837,7 +837,7 @@ static void rt_cache_invalidate(struct net *net) +@@ -842,7 +842,7 @@ static void rt_cache_invalidate(struct net *net) unsigned char shuffle; get_random_bytes(&shuffle, sizeof(shuffle)); - atomic_add(shuffle + 1U, &net->ipv4.rt_genid); + atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid); + redirect_genid++; } - /* -@@ -2872,7 +2872,7 @@ static int rt_fill_info(struct net *net, +@@ -2920,7 +2920,7 @@ static int rt_fill_info(struct net *net, error = rt->dst.error; if (peer) { inet_peer_refcheck(rt->peer); @@ -76409,7 +76406,7 @@ index 556e7e6..120dcaf 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index acb4423..278c8e5 100644 +index 3d90dad..36884d5 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -209,7 +209,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) diff --git a/3.1.4/4421_grsec-remove-localversion-grsec.patch b/3.1.5/4421_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.1.4/4421_grsec-remove-localversion-grsec.patch +++ b/3.1.5/4421_grsec-remove-localversion-grsec.patch diff --git a/3.1.4/4422_grsec-mute-warnings.patch b/3.1.5/4422_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.1.4/4422_grsec-mute-warnings.patch +++ b/3.1.5/4422_grsec-mute-warnings.patch diff --git a/3.1.4/4423_grsec-remove-protected-paths.patch b/3.1.5/4423_grsec-remove-protected-paths.patch index 4afb3e2..4afb3e2 100644 --- a/3.1.4/4423_grsec-remove-protected-paths.patch +++ b/3.1.5/4423_grsec-remove-protected-paths.patch diff --git a/3.1.4/4425_grsec-pax-without-grsec.patch b/3.1.5/4425_grsec-pax-without-grsec.patch index 8304192..8304192 100644 --- a/3.1.4/4425_grsec-pax-without-grsec.patch +++ b/3.1.5/4425_grsec-pax-without-grsec.patch diff --git a/3.1.4/4430_grsec-kconfig-default-gids.patch b/3.1.5/4430_grsec-kconfig-default-gids.patch index 6a448bf..6a448bf 100644 --- a/3.1.4/4430_grsec-kconfig-default-gids.patch +++ b/3.1.5/4430_grsec-kconfig-default-gids.patch diff --git a/3.1.4/4435_grsec-kconfig-gentoo.patch b/3.1.5/4435_grsec-kconfig-gentoo.patch index 1bc9742..1bc9742 100644 --- a/3.1.4/4435_grsec-kconfig-gentoo.patch +++ b/3.1.5/4435_grsec-kconfig-gentoo.patch diff --git a/3.1.4/4437-grsec-kconfig-proc-user.patch b/3.1.5/4437-grsec-kconfig-proc-user.patch index c588683..c588683 100644 --- a/3.1.4/4437-grsec-kconfig-proc-user.patch +++ b/3.1.5/4437-grsec-kconfig-proc-user.patch diff --git a/3.1.4/4440_selinux-avc_audit-log-curr_ip.patch b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch index 0fd5d2d..0fd5d2d 100644 --- a/3.1.4/4440_selinux-avc_audit-log-curr_ip.patch +++ b/3.1.5/4440_selinux-avc_audit-log-curr_ip.patch diff --git a/3.1.4/4445_disable-compat_vdso.patch b/3.1.5/4445_disable-compat_vdso.patch index 3b76b6c..3b76b6c 100644 --- a/3.1.4/4445_disable-compat_vdso.patch +++ b/3.1.5/4445_disable-compat_vdso.patch |