diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-07-21 23:03:57 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-07-21 23:03:57 -0400 |
| commit | 790633702fbf1f2af85557a5c054f98aefc36fd7 (patch) | |
| tree | 26bab9c354f5321ca3b89dc17b1ef57a4af81697 | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.59,3.2.23,3.4.5}-201207171624 (diff) | |
| download | hardened-patchset-790633702fbf1f2af85557a5c054f98aefc36fd7.tar.gz hardened-patchset-790633702fbf1f2af85557a5c054f98aefc36fd7.tar.bz2 hardened-patchset-790633702fbf1f2af85557a5c054f98aefc36fd7.zip | |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.23,3.4.6}-20120721144420120721
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207211427.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207161806.patch) | 138 | ||||
| -rw-r--r-- | 3.2.23/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.23/4420_grsecurity-2.9.1-3.2.23-201207211428.patch (renamed from 3.2.23/4420_grsecurity-2.9.1-3.2.23-201207171624.patch) | 419 | ||||
| -rw-r--r-- | 3.4.6/0000_README (renamed from 3.4.5/0000_README) | 11 | ||||
| -rw-r--r-- | 3.4.6/1005_linux-3.4.6.patch | 1459 | ||||
| -rw-r--r-- | 3.4.6/4420_grsecurity-2.9.1-3.4.6-201207211444.patch (renamed from 3.4.5/4420_grsecurity-2.9.1-3.4.5-201207171624.patch) | 1709 | ||||
| -rw-r--r-- | 3.4.6/4430_grsec-remove-localversion-grsec.patch (renamed from 3.4.5/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4435_grsec-mute-warnings.patch (renamed from 3.4.5/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4440_grsec-remove-protected-paths.patch (renamed from 3.4.5/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4450_grsec-kconfig-default-gids.patch (renamed from 3.4.5/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.4.5/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4470_disable-compat_vdso.patch (renamed from 3.4.5/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.4.6/4480_fix-scsi-lpfc-Werror.patch | 23 |
14 files changed, 3415 insertions, 348 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 314261e..82b9176 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207161806.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201207211427.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207161806.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207211427.patch index ffb303b..85f3da1 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207161806.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201207211427.patch @@ -67206,7 +67206,7 @@ index ca88c46..f155a60 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index e696713..4b5969d 100644 +index e696713..5a85bf9 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -78,7 +78,7 @@ static struct kmem_cache *bio_find_or_create_slab(unsigned int extra_size) @@ -67227,6 +67227,15 @@ index e696713..4b5969d 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; +@@ -974,7 +974,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); + + nr_pages += end - start; @@ -1236,7 +1236,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; @@ -67477,7 +67486,7 @@ index ab7ab53..94e0781 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); diff --git a/fs/btrfs/sysfs.c b/fs/btrfs/sysfs.c -index a240b6f..4ce16ef 100644 +index a240b6f..4ce16ef7 100644 --- a/fs/btrfs/sysfs.c +++ b/fs/btrfs/sysfs.c @@ -164,12 +164,12 @@ static void btrfs_root_release(struct kobject *kobj) @@ -69904,10 +69913,27 @@ index 97e01dc..e9aab2d 100644 break; err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); diff --git a/fs/fifo.c b/fs/fifo.c -index f8f97b8..b1f2259 100644 +index f8f97b8..401db37 100644 --- a/fs/fifo.c +++ b/fs/fifo.c -@@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -15,7 +15,7 @@ + #include <linux/sched.h> + #include <linux/pipe_fs_i.h> + +-static void wait_for_partner(struct inode* inode, unsigned int *cnt) ++static int wait_for_partner(struct inode* inode, unsigned int *cnt) + { + int cur = *cnt; + +@@ -24,6 +24,7 @@ static void wait_for_partner(struct inode* inode, unsigned int *cnt) + if (signal_pending(current)) + break; + } ++ return cur == *cnt ? -ERESTARTSYS : 0; + } + + static void wake_up_partner(struct inode* inode) +@@ -59,18 +60,16 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &read_pipefifo_fops; pipe->r_counter++; @@ -69920,7 +69946,17 @@ index f8f97b8..b1f2259 100644 if ((filp->f_flags & O_NONBLOCK)) { /* suppress POLLHUP until we have * seen a writer */ -@@ -83,15 +83,15 @@ static int fifo_open(struct inode *inode, struct file *filp) + filp->f_version = pipe->w_counter; +- } else +- { +- wait_for_partner(inode, &pipe->w_counter); +- if(signal_pending(current)) ++ } else { ++ if (wait_for_partner(inode, &pipe->w_counter)) + goto err_rd; + } + } +@@ -83,17 +82,16 @@ static int fifo_open(struct inode *inode, struct file *filp) * errno=ENXIO when there is no process reading the FIFO. */ ret = -ENXIO; @@ -69935,11 +69971,14 @@ index f8f97b8..b1f2259 100644 wake_up_partner(inode); - if (!pipe->readers) { +- wait_for_partner(inode, &pipe->r_counter); +- if (signal_pending(current)) + if (!atomic_read(&pipe->readers)) { - wait_for_partner(inode, &pipe->r_counter); - if (signal_pending(current)) ++ if (wait_for_partner(inode, &pipe->r_counter)) goto err_wr; -@@ -107,11 +107,11 @@ static int fifo_open(struct inode *inode, struct file *filp) + } + break; +@@ -107,11 +105,11 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &rdwr_pipefifo_fops; @@ -69954,7 +69993,7 @@ index f8f97b8..b1f2259 100644 wake_up_partner(inode); break; -@@ -125,19 +125,19 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -125,19 +123,19 @@ static int fifo_open(struct inode *inode, struct file *filp) return 0; err_rd: @@ -71432,7 +71471,7 @@ index de792dc..448b532 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 1facb39..7f48557 100644 +index 1facb395..7f48557 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -885,7 +885,7 @@ static int fuse_notify_inval_entry(struct fuse_conn *fc, unsigned int size, @@ -102715,6 +102754,23 @@ index 30e74ee..bfc6ee0 100644 kfree_skb(skb); return NET_RX_DROP; } +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c +index 039cc1f..10f8f8d 100644 +--- a/net/ipv4/cipso_ipv4.c ++++ b/net/ipv4/cipso_ipv4.c +@@ -1726,8 +1726,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) + case CIPSO_V4_TAG_LOCAL: + /* This is a non-standard tag that we only allow for + * local connections, so if the incoming interface is +- * not the loopback device drop the packet. */ +- if (!(skb->dev->flags & IFF_LOOPBACK)) { ++ * not the loopback device drop the packet. Further, ++ * there is no legitimate reason for setting this from ++ * userspace so reject it if skb is NULL. */ ++ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { + err_offset = opt_iter; + goto validate_return_locked; + } diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index dba56d2..acee5d6 100644 --- a/net/ipv4/inet_diag.c @@ -105115,6 +105171,36 @@ index 914c419..7a16d2c 100644 return NULL; /* Allocate the shared key */ +diff --git a/net/sctp/input.c b/net/sctp/input.c +index 254afea..e8e73f1 100644 +--- a/net/sctp/input.c ++++ b/net/sctp/input.c +@@ -739,15 +739,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) + + epb = &ep->base; + +- if (hlist_unhashed(&epb->node)) +- return; +- + epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); + + head = &sctp_ep_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + +@@ -828,7 +825,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) + head = &sctp_assoc_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + diff --git a/net/sctp/proc.c b/net/sctp/proc.c index d093cbf..9fc36fc 100644 --- a/net/sctp/proc.c @@ -105148,10 +105234,38 @@ index d093cbf..9fc36fc 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 3a95fcb..c40fc1d 100644 +index 3a95fcb..9cd0edd 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -5802,7 +5802,6 @@ pp_found: +@@ -1142,8 +1142,14 @@ out_free: + SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" + " kaddrs: %p err: %d\n", + asoc, kaddrs, err); +- if (asoc) ++ if (asoc) { ++ /* sctp_primitive_ASSOCIATE may have added this association ++ * To the hash table, try to unhash it, just in case, its a noop ++ * if it wasn't hashed so we're safe ++ */ ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + return err; + } + +@@ -1851,8 +1857,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + goto out_unlock; + + out_free: +- if (new_asoc) ++ if (new_asoc) { ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + out_unlock: + sctp_release_sock(sk); + +@@ -5802,7 +5810,6 @@ pp_found: */ int reuse = sk->sk_reuse; struct sock *sk2; diff --git a/3.2.23/0000_README b/3.2.23/0000_README index 31ce6b5..59fda4b 100644 --- a/3.2.23/0000_README +++ b/3.2.23/0000_README @@ -10,7 +10,7 @@ Patch: 1022_linux-3.2.23.patch From: http://www.kernel.org Desc: Linux 3.2.23 -Patch: 4420_grsecurity-2.9.1-3.2.23-201207171624.patch +Patch: 4420_grsecurity-2.9.1-3.2.23-201207211428.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207171624.patch b/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207211428.patch index 7aba0a9..8356a9f 100644 --- a/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207171624.patch +++ b/3.2.23/4420_grsecurity-2.9.1-3.2.23-201207211428.patch @@ -33823,7 +33823,7 @@ index 4720f68..78d1df7 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 700ecae..2e5a31a 100644 +index 700ecae..8122a9c 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -33895,7 +33895,125 @@ index 700ecae..2e5a31a 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6686,7 +6686,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -3700,8 +3700,8 @@ array_state_show(struct mddev *mddev, char *page) + return sprintf(page, "%s\n", array_states[st]); + } + +-static int do_md_stop(struct mddev * mddev, int ro, int is_open); +-static int md_set_readonly(struct mddev * mddev, int is_open); ++static int do_md_stop(struct mddev * mddev, int ro, struct block_device *bdev); ++static int md_set_readonly(struct mddev * mddev, struct block_device *bdev); + static int do_md_run(struct mddev * mddev); + static int restart_array(struct mddev *mddev); + +@@ -3717,14 +3717,14 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + /* stopping an active array */ + if (atomic_read(&mddev->openers) > 0) + return -EBUSY; +- err = do_md_stop(mddev, 0, 0); ++ err = do_md_stop(mddev, 0, NULL); + break; + case inactive: + /* stopping an active array */ + if (mddev->pers) { + if (atomic_read(&mddev->openers) > 0) + return -EBUSY; +- err = do_md_stop(mddev, 2, 0); ++ err = do_md_stop(mddev, 2, NULL); + } else + err = 0; /* already inactive */ + break; +@@ -3732,7 +3732,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + break; /* not supported yet */ + case readonly: + if (mddev->pers) +- err = md_set_readonly(mddev, 0); ++ err = md_set_readonly(mddev, NULL); + else { + mddev->ro = 1; + set_disk_ro(mddev->gendisk, 1); +@@ -3742,7 +3742,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + case read_auto: + if (mddev->pers) { + if (mddev->ro == 0) +- err = md_set_readonly(mddev, 0); ++ err = md_set_readonly(mddev, NULL); + else if (mddev->ro == 1) + err = restart_array(mddev); + if (err == 0) { +@@ -5078,15 +5078,17 @@ void md_stop(struct mddev *mddev) + } + EXPORT_SYMBOL_GPL(md_stop); + +-static int md_set_readonly(struct mddev *mddev, int is_open) ++static int md_set_readonly(struct mddev *mddev, struct block_device *bdev) + { + int err = 0; + mutex_lock(&mddev->open_mutex); +- if (atomic_read(&mddev->openers) > is_open) { ++ if (atomic_read(&mddev->openers) > !!bdev) { + printk("md: %s still in use.\n",mdname(mddev)); + err = -EBUSY; + goto out; + } ++ if (bdev) ++ sync_blockdev(bdev); + if (mddev->pers) { + __md_stop_writes(mddev); + +@@ -5108,18 +5110,26 @@ out: + * 0 - completely stop and dis-assemble array + * 2 - stop but do not disassemble array + */ +-static int do_md_stop(struct mddev * mddev, int mode, int is_open) ++static int do_md_stop(struct mddev * mddev, int mode, ++ struct block_device *bdev) + { + struct gendisk *disk = mddev->gendisk; + struct md_rdev *rdev; + + mutex_lock(&mddev->open_mutex); +- if (atomic_read(&mddev->openers) > is_open || ++ if (atomic_read(&mddev->openers) > !!bdev || + mddev->sysfs_active) { + printk("md: %s still in use.\n",mdname(mddev)); + mutex_unlock(&mddev->open_mutex); + return -EBUSY; + } ++ if (bdev) ++ /* It is possible IO was issued on some other ++ * open file which was closed before we took ->open_mutex. ++ * As that was not the last close __blkdev_put will not ++ * have called sync_blockdev, so we must. ++ */ ++ sync_blockdev(bdev); + + if (mddev->pers) { + if (mddev->ro) +@@ -5193,7 +5203,7 @@ static void autorun_array(struct mddev *mddev) + err = do_md_run(mddev); + if (err) { + printk(KERN_WARNING "md: do_md_run() returned %d\n", err); +- do_md_stop(mddev, 0, 0); ++ do_md_stop(mddev, 0, NULL); + } + } + +@@ -6184,11 +6194,11 @@ static int md_ioctl(struct block_device *bdev, fmode_t mode, + goto done_unlock; + + case STOP_ARRAY: +- err = do_md_stop(mddev, 0, 1); ++ err = do_md_stop(mddev, 0, bdev); + goto done_unlock; + + case STOP_ARRAY_RO: +- err = md_set_readonly(mddev, 1); ++ err = md_set_readonly(mddev, bdev); + goto done_unlock; + + case BLKROSET: +@@ -6686,7 +6696,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33904,7 +34022,7 @@ index 700ecae..2e5a31a 100644 return 0; } if (v == (void*)2) { -@@ -6775,7 +6775,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6775,7 +6785,7 @@ static int md_seq_show(struct seq_file *seq, void *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -33913,7 +34031,7 @@ index 700ecae..2e5a31a 100644 } seq_printf(seq, "\n"); -@@ -6806,7 +6806,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6806,7 +6816,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -33922,7 +34040,7 @@ index 700ecae..2e5a31a 100644 return error; } -@@ -6820,7 +6820,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6820,7 +6830,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -33931,7 +34049,7 @@ index 700ecae..2e5a31a 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6864,7 +6864,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6864,7 +6874,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -34294,6 +34412,33 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; +diff --git a/drivers/media/video/cx25821/cx25821-core.c b/drivers/media/video/cx25821/cx25821-core.c +index a7fa38f..e572ce5 100644 +--- a/drivers/media/video/cx25821/cx25821-core.c ++++ b/drivers/media/video/cx25821/cx25821-core.c +@@ -914,9 +914,6 @@ static int cx25821_dev_setup(struct cx25821_dev *dev) + list_add_tail(&dev->devlist, &cx25821_devlist); + mutex_unlock(&cx25821_devlist_mutex); + +- strcpy(cx25821_boards[UNKNOWN_BOARD].name, "unknown"); +- strcpy(cx25821_boards[CX25821_BOARD].name, "cx25821"); +- + if (dev->pci->device != 0x8210) { + pr_info("%s(): Exiting. Incorrect Hardware device = 0x%02x\n", + __func__, dev->pci->device); +diff --git a/drivers/media/video/cx25821/cx25821.h b/drivers/media/video/cx25821/cx25821.h +index 2d2d009..bf54360 100644 +--- a/drivers/media/video/cx25821/cx25821.h ++++ b/drivers/media/video/cx25821/cx25821.h +@@ -187,7 +187,7 @@ enum port { + }; + + struct cx25821_board { +- char *name; ++ const char *name; + enum port porta; + enum port portb; + enum port portc; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 68d1240..46b32eb 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -35456,6 +35601,36 @@ index 6c5cca8..de8ef63 100644 struct ixgbe_mbx_stats stats; u32 timeout; u32 usec_delay; +diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +index 4c8e199..f7f5587 100644 +--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c ++++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +@@ -956,8 +956,6 @@ static irqreturn_t ixgbevf_msix_clean_tx(int irq, void *data) + r_idx = find_first_bit(q_vector->txr_idx, adapter->num_tx_queues); + for (i = 0; i < q_vector->txr_count; i++) { + tx_ring = &(adapter->tx_ring[r_idx]); +- tx_ring->total_bytes = 0; +- tx_ring->total_packets = 0; + ixgbevf_clean_tx_irq(adapter, tx_ring); + r_idx = find_next_bit(q_vector->txr_idx, adapter->num_tx_queues, + r_idx + 1); +@@ -981,16 +979,6 @@ static irqreturn_t ixgbevf_msix_clean_rx(int irq, void *data) + struct ixgbe_hw *hw = &adapter->hw; + struct ixgbevf_ring *rx_ring; + int r_idx; +- int i; +- +- r_idx = find_first_bit(q_vector->rxr_idx, adapter->num_rx_queues); +- for (i = 0; i < q_vector->rxr_count; i++) { +- rx_ring = &(adapter->rx_ring[r_idx]); +- rx_ring->total_bytes = 0; +- rx_ring->total_packets = 0; +- r_idx = find_next_bit(q_vector->rxr_idx, adapter->num_rx_queues, +- r_idx + 1); +- } + + if (!q_vector->rxr_count) + return IRQ_HANDLED; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 10306b4..28df758 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -38148,6 +38323,51 @@ index 0842cc7..61d886d 100644 if (hdr->flags & ISCSI_FLAG_CMD_FINAL) if (--cmd->outstanding_r2ts < 1) { iscsit_stop_dataout_timer(cmd); +diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c +index 65ea65a..93b9406 100644 +--- a/drivers/target/target_core_cdb.c ++++ b/drivers/target/target_core_cdb.c +@@ -1199,7 +1199,7 @@ int target_emulate_write_same(struct se_task *task) + if (num_blocks != 0) + range = num_blocks; + else +- range = (dev->transport->get_blocks(dev) - lba); ++ range = (dev->transport->get_blocks(dev) - lba) + 1; + + pr_debug("WRITE_SAME UNMAP: LBA: %llu Range: %llu\n", + (unsigned long long)lba, (unsigned long long)range); +diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c +index b75bc92..9145141 100644 +--- a/drivers/target/target_core_pr.c ++++ b/drivers/target/target_core_pr.c +@@ -2042,7 +2042,7 @@ static int __core_scsi3_write_aptpl_to_file( + if (IS_ERR(file) || !file || !file->f_dentry) { + pr_err("filp_open(%s) for APTPL metadata" + " failed\n", path); +- return (PTR_ERR(file) < 0 ? PTR_ERR(file) : -ENOENT); ++ return IS_ERR(file) ? PTR_ERR(file) : -ENOENT; + } + + iov[0].iov_base = &buf[0]; +@@ -3853,7 +3853,7 @@ int target_scsi3_emulate_pr_out(struct se_task *task) + " SPC-2 reservation is held, returning" + " RESERVATION_CONFLICT\n"); + cmd->scsi_sense_reason = TCM_RESERVATION_CONFLICT; +- ret = EINVAL; ++ ret = -EINVAL; + goto out; + } + +@@ -3863,7 +3863,8 @@ int target_scsi3_emulate_pr_out(struct se_task *task) + */ + if (!cmd->se_sess) { + cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; +- return -EINVAL; ++ ret = -EINVAL; ++ goto out; + } + + if (cmd->data_length < 24) { diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c index 6845228..df77141 100644 --- a/drivers/target/target_core_tmr.c @@ -38249,6 +38469,19 @@ index 5660916..f6dab21 100644 smp_mb__after_atomic_inc(); } } +diff --git a/drivers/target/tcm_fc/tfc_cmd.c b/drivers/target/tcm_fc/tfc_cmd.c +index d95cfe2..278819c 100644 +--- a/drivers/target/tcm_fc/tfc_cmd.c ++++ b/drivers/target/tcm_fc/tfc_cmd.c +@@ -249,6 +249,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd) + { + struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd); + ++ if (cmd->aborted) ++ return ~0; + return fc_seq_exch(cmd->seq)->rxid; + } + diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c index b9040be..e3f5aab 100644 --- a/drivers/tty/hvc/hvcs.c @@ -43420,7 +43653,7 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index 4fc4dbb..d3a5b93 100644 +index 4fc4dbb..bae9dce 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -838,7 +838,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, @@ -43432,6 +43665,15 @@ index 4fc4dbb..d3a5b93 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; +@@ -972,7 +972,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); + + nr_pages += end - start; @@ -1234,7 +1234,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; @@ -45498,10 +45740,27 @@ index 22764c7..86372c9 100644 break; err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); diff --git a/fs/fifo.c b/fs/fifo.c -index b1a524d..4ee270e 100644 +index b1a524d..3d7942c 100644 --- a/fs/fifo.c +++ b/fs/fifo.c -@@ -58,10 +58,10 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -14,7 +14,7 @@ + #include <linux/sched.h> + #include <linux/pipe_fs_i.h> + +-static void wait_for_partner(struct inode* inode, unsigned int *cnt) ++static int wait_for_partner(struct inode* inode, unsigned int *cnt) + { + int cur = *cnt; + +@@ -23,6 +23,7 @@ static void wait_for_partner(struct inode* inode, unsigned int *cnt) + if (signal_pending(current)) + break; + } ++ return cur == *cnt ? -ERESTARTSYS : 0; + } + + static void wake_up_partner(struct inode* inode) +@@ -58,17 +59,16 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &read_pipefifo_fops; pipe->r_counter++; @@ -45514,7 +45773,15 @@ index b1a524d..4ee270e 100644 if ((filp->f_flags & O_NONBLOCK)) { /* suppress POLLHUP until we have * seen a writer */ -@@ -81,15 +81,15 @@ static int fifo_open(struct inode *inode, struct file *filp) + filp->f_version = pipe->w_counter; + } else { +- wait_for_partner(inode, &pipe->w_counter); +- if(signal_pending(current)) ++ if (wait_for_partner(inode, &pipe->w_counter)) + goto err_rd; + } + } +@@ -81,17 +81,16 @@ static int fifo_open(struct inode *inode, struct file *filp) * errno=ENXIO when there is no process reading the FIFO. */ ret = -ENXIO; @@ -45529,11 +45796,14 @@ index b1a524d..4ee270e 100644 wake_up_partner(inode); - if (!pipe->readers) { +- wait_for_partner(inode, &pipe->r_counter); +- if (signal_pending(current)) + if (!atomic_read(&pipe->readers)) { - wait_for_partner(inode, &pipe->r_counter); - if (signal_pending(current)) ++ if (wait_for_partner(inode, &pipe->r_counter)) goto err_wr; -@@ -105,11 +105,11 @@ static int fifo_open(struct inode *inode, struct file *filp) + } + break; +@@ -105,11 +104,11 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &rdwr_pipefifo_fops; @@ -45548,7 +45818,7 @@ index b1a524d..4ee270e 100644 wake_up_partner(inode); break; -@@ -123,19 +123,19 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -123,19 +122,19 @@ static int fifo_open(struct inode *inode, struct file *filp) return 0; err_rd: @@ -64898,7 +65168,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index e5a7b9a..f4fc44b 100644 +index e5a7b9a..dc75cc1 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -509,7 +509,7 @@ struct ip_vs_conn { @@ -64919,6 +65189,15 @@ index e5a7b9a..f4fc44b 100644 atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ +@@ -1353,7 +1353,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb) + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); + + if (!ct || !nf_ct_is_untracked(ct)) { +- nf_reset(skb); ++ nf_conntrack_put(skb->nfct); + skb->nfct = &nf_ct_untracked_get()->ct_general; + skb->nfctinfo = IP_CT_NEW; + nf_conntrack_get(skb->nfct); diff --git a/include/net/irda/ircomm_core.h b/include/net/irda/ircomm_core.h index 69b610a..fe3962c 100644 --- a/include/net/irda/ircomm_core.h @@ -75321,10 +75600,22 @@ index eeba3bb..820e22e 100644 goto err_free; diff --git a/mm/vmscan.c b/mm/vmscan.c -index fbe2d2c..72cf498 100644 +index fbe2d2c..8342119 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c -@@ -3090,14 +3090,17 @@ int kswapd_run(int nid) +@@ -2824,7 +2824,10 @@ static void kswapd_try_to_sleep(pg_data_t *pgdat, int order, int classzone_idx) + * them before going back to sleep. + */ + set_pgdat_percpu_threshold(pgdat, calculate_normal_threshold); +- schedule(); ++ ++ if (!kthread_should_stop()) ++ schedule(); ++ + set_pgdat_percpu_threshold(pgdat, calculate_pressure_threshold); + } else { + if (remaining) +@@ -3090,14 +3093,17 @@ int kswapd_run(int nid) } /* @@ -75706,6 +75997,21 @@ index 5864cc4..121f3a30 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; +diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c +index 68223e4..4e9115d 100644 +--- a/net/caif/caif_dev.c ++++ b/net/caif/caif_dev.c +@@ -428,9 +428,9 @@ static int __init caif_device_init(void) + + static void __exit caif_device_exit(void) + { +- unregister_pernet_subsys(&caif_net_ops); + unregister_netdevice_notifier(&caif_device_notifier); + dev_remove_pack(&caif_packet_type); ++ unregister_pernet_subsys(&caif_net_ops); + } + + module_init(caif_device_init); diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c index a986280..13444a1 100644 --- a/net/caif/caif_socket.c @@ -76365,6 +76671,23 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c +index 86f3b88..afaa735 100644 +--- a/net/ipv4/cipso_ipv4.c ++++ b/net/ipv4/cipso_ipv4.c +@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) + case CIPSO_V4_TAG_LOCAL: + /* This is a non-standard tag that we only allow for + * local connections, so if the incoming interface is +- * not the loopback device drop the packet. */ +- if (!(skb->dev->flags & IFF_LOOPBACK)) { ++ * not the loopback device drop the packet. Further, ++ * there is no legitimate reason for setting this from ++ * userspace so reject it if skb is NULL. */ ++ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { + err_offset = opt_iter; + goto validate_return_locked; + } diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 92fc5f6..b790d91 100644 --- a/net/ipv4/fib_frontend.c @@ -78478,6 +78801,36 @@ index 7635107..4670276 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/input.c b/net/sctp/input.c +index b7692aa..0fc18c7 100644 +--- a/net/sctp/input.c ++++ b/net/sctp/input.c +@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) + + epb = &ep->base; + +- if (hlist_unhashed(&epb->node)) +- return; +- + epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); + + head = &sctp_ep_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + +@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) + head = &sctp_assoc_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + diff --git a/net/sctp/proc.c b/net/sctp/proc.c index 1e2eee8..ce3967e 100644 --- a/net/sctp/proc.c @@ -78493,10 +78846,38 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 0075554..42d36a1 100644 +index 0075554..ba19fd7 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4575,7 +4575,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -1231,8 +1231,14 @@ out_free: + SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" + " kaddrs: %p err: %d\n", + asoc, kaddrs, err); +- if (asoc) ++ if (asoc) { ++ /* sctp_primitive_ASSOCIATE may have added this association ++ * To the hash table, try to unhash it, just in case, its a noop ++ * if it wasn't hashed so we're safe ++ */ ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + return err; + } + +@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + goto out_unlock; + + out_free: +- if (new_asoc) ++ if (new_asoc) { ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + out_unlock: + sctp_release_sock(sk); + +@@ -4575,7 +4583,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; diff --git a/3.4.5/0000_README b/3.4.6/0000_README index 41e086b..0aca91c 100644 --- a/3.4.5/0000_README +++ b/3.4.6/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.4.5-201207171624.patch +Patch: 1005_linux-3.4.6.patch +From: http://www.kernel.org +Desc: Linux 3.4.6 + +Patch: 4420_grsecurity-2.9.1-3.4.6-201207211444.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity @@ -34,3 +38,8 @@ Patch: 4470_disable-compat_vdso.patch From: Gordon Malm <gengor@gentoo.org> Kerin Millar <kerframil@gmail.com> Desc: Disables VDSO_COMPAT operation completely + +Patch: 4480_fix-scsi-lpfc-Werror.patch +From: gokturk@binghamton.edu + https://bugs.gentoo.org/show_bug.cgi?id=425816 +Desc: Fix compile time error in drivers/scsi/lpfc/lpfc_scsi.c diff --git a/3.4.6/1005_linux-3.4.6.patch b/3.4.6/1005_linux-3.4.6.patch new file mode 100644 index 0000000..e5c2aa1 --- /dev/null +++ b/3.4.6/1005_linux-3.4.6.patch @@ -0,0 +1,1459 @@ +diff --git a/Makefile b/Makefile +index a2e69a0..5d0edcb 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 4 +-SUBLEVEL = 5 ++SUBLEVEL = 6 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/arm/plat-samsung/adc.c b/arch/arm/plat-samsung/adc.c +index 33ecd0c..b1e05cc 100644 +--- a/arch/arm/plat-samsung/adc.c ++++ b/arch/arm/plat-samsung/adc.c +@@ -157,11 +157,13 @@ int s3c_adc_start(struct s3c_adc_client *client, + return -EINVAL; + } + +- if (client->is_ts && adc->ts_pend) +- return -EAGAIN; +- + spin_lock_irqsave(&adc->lock, flags); + ++ if (client->is_ts && adc->ts_pend) { ++ spin_unlock_irqrestore(&adc->lock, flags); ++ return -EAGAIN; ++ } ++ + client->channel = channel; + client->nr_samples = nr_samples; + +diff --git a/drivers/acpi/acpica/nspredef.c b/drivers/acpi/acpica/nspredef.c +index 23ce096..fe66260 100644 +--- a/drivers/acpi/acpica/nspredef.c ++++ b/drivers/acpi/acpica/nspredef.c +@@ -638,7 +638,7 @@ acpi_ns_check_package(struct acpi_predefined_data *data, + /* Create the new outer package and populate it */ + + status = +- acpi_ns_wrap_with_package(data, *elements, ++ acpi_ns_wrap_with_package(data, return_object, + return_object_ptr); + if (ACPI_FAILURE(status)) { + return (status); +diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c +index c850de4..eff7222 100644 +--- a/drivers/acpi/processor_core.c ++++ b/drivers/acpi/processor_core.c +@@ -189,10 +189,12 @@ int acpi_get_cpuid(acpi_handle handle, int type, u32 acpi_id) + * Processor (CPU3, 0x03, 0x00000410, 0x06) {} + * } + * +- * Ignores apic_id and always return 0 for CPU0's handle. ++ * Ignores apic_id and always returns 0 for the processor ++ * handle with acpi id 0 if nr_cpu_ids is 1. ++ * This should be the case if SMP tables are not found. + * Return -1 for other CPU's handle. + */ +- if (acpi_id == 0) ++ if (nr_cpu_ids <= 1 && acpi_id == 0) + return acpi_id; + else + return apic_id; +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 2da025e..7f1ea56 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -834,18 +834,21 @@ static void clk_change_rate(struct clk *clk) + { + struct clk *child; + unsigned long old_rate; ++ unsigned long best_parent_rate = 0; + struct hlist_node *tmp; + + old_rate = clk->rate; + ++ if (clk->parent) ++ best_parent_rate = clk->parent->rate; ++ + if (clk->ops->set_rate) + clk->ops->set_rate(clk->hw, clk->new_rate); + + if (clk->ops->recalc_rate) +- clk->rate = clk->ops->recalc_rate(clk->hw, +- clk->parent->rate); ++ clk->rate = clk->ops->recalc_rate(clk->hw, best_parent_rate); + else +- clk->rate = clk->parent->rate; ++ clk->rate = best_parent_rate; + + if (clk->notifier_count && old_rate != clk->rate) + __clk_notify(clk, POST_RATE_CHANGE, old_rate, clk->rate); +diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c +index 299d238..899c712 100644 +--- a/drivers/hid/hid-apple.c ++++ b/drivers/hid/hid-apple.c +@@ -514,6 +514,12 @@ static const struct hid_device_id apple_devices[] = { + .driver_data = APPLE_HAS_FN | APPLE_ISO_KEYBOARD }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING5A_JIS), + .driver_data = APPLE_HAS_FN | APPLE_RDESC_JIS }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI), ++ .driver_data = APPLE_HAS_FN }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ISO), ++ .driver_data = APPLE_HAS_FN | APPLE_ISO_KEYBOARD }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_JIS), ++ .driver_data = APPLE_HAS_FN | APPLE_RDESC_JIS }, + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ANSI), + .driver_data = APPLE_NUMLOCK_EMULATION | APPLE_HAS_FN }, + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ISO), +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c +index 4da66b4..054677b 100644 +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1379,6 +1379,9 @@ static const struct hid_device_id hid_have_special_driver[] = { + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_ANSI) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_ISO) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_JIS) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ISO) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_JIS) }, + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ANSI) }, + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ISO) }, + { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_JIS) }, +@@ -1914,6 +1917,7 @@ static const struct hid_device_id hid_ignore_list[] = { + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_MCT) }, + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HYBRID) }, + { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HEATCONTROL) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_MADCATZ, USB_DEVICE_ID_MADCATZ_BEATPAD) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1024LS) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1208LS) }, + { HID_USB_DEVICE(USB_VENDOR_ID_MICROCHIP, USB_DEVICE_ID_PICKIT1) }, +@@ -2008,6 +2012,9 @@ static const struct hid_device_id hid_mouse_ignore_list[] = { + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_ANSI) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_ISO) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING6A_JIS) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_ISO) }, ++ { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_WELLSPRING7_JIS) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY) }, + { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY) }, + { } +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index e39aecb..dfd4098 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -125,6 +125,9 @@ + #define USB_DEVICE_ID_APPLE_WELLSPRING6_ANSI 0x024c + #define USB_DEVICE_ID_APPLE_WELLSPRING6_ISO 0x024d + #define USB_DEVICE_ID_APPLE_WELLSPRING6_JIS 0x024e ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI 0x0262 ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_ISO 0x0263 ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_JIS 0x0264 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ANSI 0x0239 + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ISO 0x023a + #define USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_JIS 0x023b +@@ -509,6 +512,9 @@ + #define USB_DEVICE_ID_CRYSTALTOUCH 0x0006 + #define USB_DEVICE_ID_CRYSTALTOUCH_DUAL 0x0007 + ++#define USB_VENDOR_ID_MADCATZ 0x0738 ++#define USB_DEVICE_ID_MADCATZ_BEATPAD 0x4540 ++ + #define USB_VENDOR_ID_MCC 0x09db + #define USB_DEVICE_ID_MCC_PMD1024LS 0x0076 + #define USB_DEVICE_ID_MCC_PMD1208LS 0x007a +diff --git a/drivers/hwmon/it87.c b/drivers/hwmon/it87.c +index 0b204e4..f524882 100644 +--- a/drivers/hwmon/it87.c ++++ b/drivers/hwmon/it87.c +@@ -2157,7 +2157,7 @@ static void __devinit it87_init_device(struct platform_device *pdev) + + /* Start monitoring */ + it87_write_value(data, IT87_REG_CONFIG, +- (it87_read_value(data, IT87_REG_CONFIG) & 0x36) ++ (it87_read_value(data, IT87_REG_CONFIG) & 0x3e) + | (update_vbat ? 0x41 : 0x01)); + } + +diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c +index fd7a0d5..42f7b25 100644 +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -142,6 +142,7 @@ static const struct xpad_device { + { 0x0c12, 0x880a, "Pelican Eclipse PL-2023", 0, XTYPE_XBOX }, + { 0x0c12, 0x8810, "Zeroplus Xbox Controller", 0, XTYPE_XBOX }, + { 0x0c12, 0x9902, "HAMA VibraX - *FAULTY HARDWARE*", 0, XTYPE_XBOX }, ++ { 0x0d2f, 0x0002, "Andamiro Pump It Up pad", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX }, + { 0x0e4c, 0x1097, "Radica Gamester Controller", 0, XTYPE_XBOX }, + { 0x0e4c, 0x2390, "Radica Games Jtech Controller", 0, XTYPE_XBOX }, + { 0x0e6f, 0x0003, "Logic3 Freebird wireless Controller", 0, XTYPE_XBOX }, +@@ -164,6 +165,7 @@ static const struct xpad_device { + { 0x1bad, 0x0003, "Harmonix Rock Band Drumkit", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360 }, + { 0x0f0d, 0x0016, "Hori Real Arcade Pro.EX", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, + { 0x0f0d, 0x000d, "Hori Fighting Stick EX2", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, ++ { 0x1689, 0xfd00, "Razer Onza Tournament Edition", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360 }, + { 0xffff, 0xffff, "Chinese-made Xbox Controller", 0, XTYPE_XBOX }, + { 0x0000, 0x0000, "Generic X-Box pad", 0, XTYPE_UNKNOWN } + }; +@@ -238,12 +240,14 @@ static struct usb_device_id xpad_table [] = { + XPAD_XBOX360_VENDOR(0x045e), /* Microsoft X-Box 360 controllers */ + XPAD_XBOX360_VENDOR(0x046d), /* Logitech X-Box 360 style controllers */ + XPAD_XBOX360_VENDOR(0x0738), /* Mad Catz X-Box 360 controllers */ ++ { USB_DEVICE(0x0738, 0x4540) }, /* Mad Catz Beat Pad */ + XPAD_XBOX360_VENDOR(0x0e6f), /* 0x0e6f X-Box 360 controllers */ + XPAD_XBOX360_VENDOR(0x12ab), /* X-Box 360 dance pads */ + XPAD_XBOX360_VENDOR(0x1430), /* RedOctane X-Box 360 controllers */ + XPAD_XBOX360_VENDOR(0x146b), /* BigBen Interactive Controllers */ + XPAD_XBOX360_VENDOR(0x1bad), /* Harminix Rock Band Guitar and Drums */ +- XPAD_XBOX360_VENDOR(0x0f0d), /* Hori Controllers */ ++ XPAD_XBOX360_VENDOR(0x0f0d), /* Hori Controllers */ ++ XPAD_XBOX360_VENDOR(0x1689), /* Razer Onza */ + { } + }; + +diff --git a/drivers/input/mouse/bcm5974.c b/drivers/input/mouse/bcm5974.c +index f9e2758..e410b98 100644 +--- a/drivers/input/mouse/bcm5974.c ++++ b/drivers/input/mouse/bcm5974.c +@@ -79,6 +79,10 @@ + #define USB_DEVICE_ID_APPLE_WELLSPRING5A_ANSI 0x0252 + #define USB_DEVICE_ID_APPLE_WELLSPRING5A_ISO 0x0253 + #define USB_DEVICE_ID_APPLE_WELLSPRING5A_JIS 0x0254 ++/* MacbookPro10,1 (unibody, June 2012) */ ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI 0x0262 ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_ISO 0x0263 ++#define USB_DEVICE_ID_APPLE_WELLSPRING7_JIS 0x0264 + + #define BCM5974_DEVICE(prod) { \ + .match_flags = (USB_DEVICE_ID_MATCH_DEVICE | \ +@@ -128,6 +132,10 @@ static const struct usb_device_id bcm5974_table[] = { + BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING5A_ANSI), + BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING5A_ISO), + BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING5A_JIS), ++ /* MacbookPro10,1 */ ++ BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI), ++ BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING7_ISO), ++ BCM5974_DEVICE(USB_DEVICE_ID_APPLE_WELLSPRING7_JIS), + /* Terminating entry */ + {} + }; +@@ -354,6 +362,18 @@ static const struct bcm5974_config bcm5974_config_table[] = { + { DIM_X, DIM_X / SN_COORD, -4620, 5140 }, + { DIM_Y, DIM_Y / SN_COORD, -150, 6600 } + }, ++ { ++ USB_DEVICE_ID_APPLE_WELLSPRING7_ANSI, ++ USB_DEVICE_ID_APPLE_WELLSPRING7_ISO, ++ USB_DEVICE_ID_APPLE_WELLSPRING7_JIS, ++ HAS_INTEGRATED_BUTTON, ++ 0x84, sizeof(struct bt_data), ++ 0x81, TYPE2, FINGER_TYPE2, FINGER_TYPE2 + SIZEOF_ALL_FINGERS, ++ { DIM_PRESSURE, DIM_PRESSURE / SN_PRESSURE, 0, 300 }, ++ { DIM_WIDTH, DIM_WIDTH / SN_WIDTH, 0, 2048 }, ++ { DIM_X, DIM_X / SN_COORD, -4750, 5280 }, ++ { DIM_Y, DIM_Y / SN_COORD, -150, 6730 } ++ }, + {} + }; + +diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c +index d7e9577..d1f74ab 100644 +--- a/drivers/md/raid1.c ++++ b/drivers/md/raid1.c +@@ -2486,9 +2486,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, int *skipp + */ + if (test_bit(MD_RECOVERY_REQUESTED, &mddev->recovery)) { + atomic_set(&r1_bio->remaining, read_targets); +- for (i = 0; i < conf->raid_disks * 2; i++) { ++ for (i = 0; i < conf->raid_disks * 2 && read_targets; i++) { + bio = r1_bio->bios[i]; + if (bio->bi_end_io == end_sync_read) { ++ read_targets--; + md_sync_acct(bio->bi_bdev, nr_sectors); + generic_make_request(bio); + } +diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c +index 00a6732..39eab73 100644 +--- a/drivers/media/dvb/dvb-core/dvbdev.c ++++ b/drivers/media/dvb/dvb-core/dvbdev.c +@@ -243,6 +243,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, + if (minor == MAX_DVB_MINORS) { + kfree(dvbdevfops); + kfree(dvbdev); ++ up_write(&minor_rwsem); + mutex_unlock(&dvbdev_register_lock); + return -EINVAL; + } +diff --git a/drivers/media/video/cx231xx/cx231xx-audio.c b/drivers/media/video/cx231xx/cx231xx-audio.c +index a2c2b7d..e5742a0 100644 +--- a/drivers/media/video/cx231xx/cx231xx-audio.c ++++ b/drivers/media/video/cx231xx/cx231xx-audio.c +@@ -307,7 +307,7 @@ static int cx231xx_init_audio_isoc(struct cx231xx *dev) + urb->context = dev; + urb->pipe = usb_rcvisocpipe(dev->udev, + dev->adev.end_point_addr); +- urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP; ++ urb->transfer_flags = URB_ISO_ASAP; + urb->transfer_buffer = dev->adev.transfer_buffer[i]; + urb->interval = 1; + urb->complete = cx231xx_audio_isocirq; +@@ -368,7 +368,7 @@ static int cx231xx_init_audio_bulk(struct cx231xx *dev) + urb->context = dev; + urb->pipe = usb_rcvbulkpipe(dev->udev, + dev->adev.end_point_addr); +- urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP; ++ urb->transfer_flags = 0; + urb->transfer_buffer = dev->adev.transfer_buffer[i]; + urb->complete = cx231xx_audio_bulkirq; + urb->transfer_buffer_length = sb_size; +diff --git a/drivers/media/video/cx231xx/cx231xx-vbi.c b/drivers/media/video/cx231xx/cx231xx-vbi.c +index 8cdee5f..9c5967e 100644 +--- a/drivers/media/video/cx231xx/cx231xx-vbi.c ++++ b/drivers/media/video/cx231xx/cx231xx-vbi.c +@@ -452,7 +452,7 @@ int cx231xx_init_vbi_isoc(struct cx231xx *dev, int max_packets, + return -ENOMEM; + } + dev->vbi_mode.bulk_ctl.urb[i] = urb; +- urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP; ++ urb->transfer_flags = 0; + + dev->vbi_mode.bulk_ctl.transfer_buffer[i] = + kzalloc(sb_size, GFP_KERNEL); +diff --git a/drivers/mtd/nand/nandsim.c b/drivers/mtd/nand/nandsim.c +index 261f478..c606b6a 100644 +--- a/drivers/mtd/nand/nandsim.c ++++ b/drivers/mtd/nand/nandsim.c +@@ -28,7 +28,7 @@ + #include <linux/module.h> + #include <linux/moduleparam.h> + #include <linux/vmalloc.h> +-#include <asm/div64.h> ++#include <linux/math64.h> + #include <linux/slab.h> + #include <linux/errno.h> + #include <linux/string.h> +@@ -547,12 +547,6 @@ static char *get_partition_name(int i) + return kstrdup(buf, GFP_KERNEL); + } + +-static uint64_t divide(uint64_t n, uint32_t d) +-{ +- do_div(n, d); +- return n; +-} +- + /* + * Initialize the nandsim structure. + * +@@ -581,7 +575,7 @@ static int init_nandsim(struct mtd_info *mtd) + ns->geom.oobsz = mtd->oobsize; + ns->geom.secsz = mtd->erasesize; + ns->geom.pgszoob = ns->geom.pgsz + ns->geom.oobsz; +- ns->geom.pgnum = divide(ns->geom.totsz, ns->geom.pgsz); ++ ns->geom.pgnum = div_u64(ns->geom.totsz, ns->geom.pgsz); + ns->geom.totszoob = ns->geom.totsz + (uint64_t)ns->geom.pgnum * ns->geom.oobsz; + ns->geom.secshift = ffs(ns->geom.secsz) - 1; + ns->geom.pgshift = chip->page_shift; +@@ -924,7 +918,7 @@ static int setup_wear_reporting(struct mtd_info *mtd) + + if (!rptwear) + return 0; +- wear_eb_count = divide(mtd->size, mtd->erasesize); ++ wear_eb_count = div_u64(mtd->size, mtd->erasesize); + mem = wear_eb_count * sizeof(unsigned long); + if (mem / sizeof(unsigned long) != wear_eb_count) { + NS_ERR("Too many erase blocks for wear reporting\n"); +diff --git a/drivers/net/bonding/bond_debugfs.c b/drivers/net/bonding/bond_debugfs.c +index 3680aa2..2cf084e 100644 +--- a/drivers/net/bonding/bond_debugfs.c ++++ b/drivers/net/bonding/bond_debugfs.c +@@ -6,7 +6,7 @@ + #include "bonding.h" + #include "bond_alb.h" + +-#ifdef CONFIG_DEBUG_FS ++#if defined(CONFIG_DEBUG_FS) && !defined(CONFIG_NET_NS) + + #include <linux/debugfs.h> + #include <linux/seq_file.h> +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index a579a2f..318a62a 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -3218,6 +3218,12 @@ static int bond_master_netdev_event(unsigned long event, + switch (event) { + case NETDEV_CHANGENAME: + return bond_event_changename(event_bond); ++ case NETDEV_UNREGISTER: ++ bond_remove_proc_entry(event_bond); ++ break; ++ case NETDEV_REGISTER: ++ bond_create_proc_entry(event_bond); ++ break; + default: + break; + } +@@ -4402,8 +4408,6 @@ static void bond_uninit(struct net_device *bond_dev) + + bond_work_cancel_all(bond); + +- bond_remove_proc_entry(bond); +- + bond_debug_unregister(bond); + + __hw_addr_flush(&bond->mc_list); +@@ -4805,7 +4809,6 @@ static int bond_init(struct net_device *bond_dev) + + bond_set_lockdep_class(bond_dev); + +- bond_create_proc_entry(bond); + list_add_tail(&bond->bond_list, &bn->dev_list); + + bond_prepare_sysfs_group(bond); +diff --git a/drivers/net/ethernet/intel/e1000e/82571.c b/drivers/net/ethernet/intel/e1000e/82571.c +index c6d95f2..a9dd6a9 100644 +--- a/drivers/net/ethernet/intel/e1000e/82571.c ++++ b/drivers/net/ethernet/intel/e1000e/82571.c +@@ -1553,6 +1553,9 @@ static s32 e1000_check_for_serdes_link_82571(struct e1000_hw *hw) + ctrl = er32(CTRL); + status = er32(STATUS); + rxcw = er32(RXCW); ++ /* SYNCH bit and IV bit are sticky */ ++ udelay(10); ++ rxcw = er32(RXCW); + + if ((rxcw & E1000_RXCW_SYNCH) && !(rxcw & E1000_RXCW_IV)) { + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index 48d56da..9bdfaba 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -1158,6 +1158,7 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) + priv->hw->desc->prepare_tx_desc(desc, 0, len, csum_insertion); + wmb(); + priv->hw->desc->set_tx_owner(desc); ++ wmb(); + } + + /* Interrupt on completition only for the latest segment */ +@@ -1173,6 +1174,7 @@ static netdev_tx_t stmmac_xmit(struct sk_buff *skb, struct net_device *dev) + + /* To avoid raise condition */ + priv->hw->desc->set_tx_owner(first); ++ wmb(); + + priv->cur_tx++; + +@@ -1236,6 +1238,7 @@ static inline void stmmac_rx_refill(struct stmmac_priv *priv) + } + wmb(); + priv->hw->desc->set_rx_owner(p + entry); ++ wmb(); + } + } + +diff --git a/drivers/net/wireless/iwlegacy/4965-mac.c b/drivers/net/wireless/iwlegacy/4965-mac.c +index c46275a..9aa4807 100644 +--- a/drivers/net/wireless/iwlegacy/4965-mac.c ++++ b/drivers/net/wireless/iwlegacy/4965-mac.c +@@ -3405,7 +3405,7 @@ il4965_remove_dynamic_key(struct il_priv *il, + return 0; + } + +- if (il->stations[sta_id].sta.key.key_offset == WEP_INVALID_OFFSET) { ++ if (il->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_INVALID) { + IL_WARN("Removing wrong key %d 0x%x\n", keyconf->keyidx, + key_flags); + spin_unlock_irqrestore(&il->sta_lock, flags); +@@ -3420,7 +3420,7 @@ il4965_remove_dynamic_key(struct il_priv *il, + memset(&il->stations[sta_id].sta.key, 0, sizeof(struct il4965_keyinfo)); + il->stations[sta_id].sta.key.key_flags = + STA_KEY_FLG_NO_ENC | STA_KEY_FLG_INVALID; +- il->stations[sta_id].sta.key.key_offset = WEP_INVALID_OFFSET; ++ il->stations[sta_id].sta.key.key_offset = keyconf->hw_key_idx; + il->stations[sta_id].sta.sta.modify_mask = STA_MODIFY_KEY_MASK; + il->stations[sta_id].sta.mode = STA_CONTROL_MODIFY_MSK; + +diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c +index eaf24945..4bc2711 100644 +--- a/drivers/net/wireless/iwlegacy/common.c ++++ b/drivers/net/wireless/iwlegacy/common.c +@@ -4767,14 +4767,12 @@ il_bg_watchdog(unsigned long data) + return; + + /* monitor and check for other stuck queues */ +- if (il_is_any_associated(il)) { +- for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) { +- /* skip as we already checked the command queue */ +- if (cnt == il->cmd_queue) +- continue; +- if (il_check_stuck_queue(il, cnt)) +- return; +- } ++ for (cnt = 0; cnt < il->hw_params.max_txq_num; cnt++) { ++ /* skip as we already checked the command queue */ ++ if (cnt == il->cmd_queue) ++ continue; ++ if (il_check_stuck_queue(il, cnt)) ++ return; + } + + mod_timer(&il->watchdog, +diff --git a/drivers/net/wireless/rt2x00/rt2x00usb.c b/drivers/net/wireless/rt2x00/rt2x00usb.c +index 66094eb..507085f 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00usb.c ++++ b/drivers/net/wireless/rt2x00/rt2x00usb.c +@@ -436,8 +436,8 @@ void rt2x00usb_kick_queue(struct data_queue *queue) + case QID_RX: + if (!rt2x00queue_full(queue)) + rt2x00queue_for_each_entry(queue, +- Q_INDEX_DONE, + Q_INDEX, ++ Q_INDEX_DONE, + NULL, + rt2x00usb_kick_rx_entry); + break; +diff --git a/drivers/platform/x86/intel_ips.c b/drivers/platform/x86/intel_ips.c +index 0ffdb3c..9af4257 100644 +--- a/drivers/platform/x86/intel_ips.c ++++ b/drivers/platform/x86/intel_ips.c +@@ -72,6 +72,7 @@ + #include <linux/string.h> + #include <linux/tick.h> + #include <linux/timer.h> ++#include <linux/dmi.h> + #include <drm/i915_drm.h> + #include <asm/msr.h> + #include <asm/processor.h> +@@ -1485,6 +1486,24 @@ static DEFINE_PCI_DEVICE_TABLE(ips_id_table) = { + + MODULE_DEVICE_TABLE(pci, ips_id_table); + ++static int ips_blacklist_callback(const struct dmi_system_id *id) ++{ ++ pr_info("Blacklisted intel_ips for %s\n", id->ident); ++ return 1; ++} ++ ++static const struct dmi_system_id ips_blacklist[] = { ++ { ++ .callback = ips_blacklist_callback, ++ .ident = "HP ProBook", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "HP ProBook"), ++ }, ++ }, ++ { } /* terminating entry */ ++}; ++ + static int ips_probe(struct pci_dev *dev, const struct pci_device_id *id) + { + u64 platform_info; +@@ -1494,6 +1513,9 @@ static int ips_probe(struct pci_dev *dev, const struct pci_device_id *id) + u16 htshi, trc, trc_required_mask; + u8 tse; + ++ if (dmi_check_system(ips_blacklist)) ++ return -ENODEV; ++ + ips = kzalloc(sizeof(struct ips_driver), GFP_KERNEL); + if (!ips) + return -ENOMEM; +diff --git a/drivers/rpmsg/virtio_rpmsg_bus.c b/drivers/rpmsg/virtio_rpmsg_bus.c +index 39d3aa4..f56c8ba 100644 +--- a/drivers/rpmsg/virtio_rpmsg_bus.c ++++ b/drivers/rpmsg/virtio_rpmsg_bus.c +@@ -1085,7 +1085,7 @@ static int __init rpmsg_init(void) + + return ret; + } +-module_init(rpmsg_init); ++subsys_initcall(rpmsg_init); + + static void __exit rpmsg_fini(void) + { +diff --git a/fs/buffer.c b/fs/buffer.c +index ad5938c..0bc1bed 100644 +--- a/fs/buffer.c ++++ b/fs/buffer.c +@@ -1036,6 +1036,9 @@ grow_buffers(struct block_device *bdev, sector_t block, int size) + static struct buffer_head * + __getblk_slow(struct block_device *bdev, sector_t block, int size) + { ++ int ret; ++ struct buffer_head *bh; ++ + /* Size must be multiple of hard sectorsize */ + if (unlikely(size & (bdev_logical_block_size(bdev)-1) || + (size < 512 || size > PAGE_SIZE))) { +@@ -1048,20 +1051,21 @@ __getblk_slow(struct block_device *bdev, sector_t block, int size) + return NULL; + } + +- for (;;) { +- struct buffer_head * bh; +- int ret; ++retry: ++ bh = __find_get_block(bdev, block, size); ++ if (bh) ++ return bh; + ++ ret = grow_buffers(bdev, block, size); ++ if (ret == 0) { ++ free_more_memory(); ++ goto retry; ++ } else if (ret > 0) { + bh = __find_get_block(bdev, block, size); + if (bh) + return bh; +- +- ret = grow_buffers(bdev, block, size); +- if (ret < 0) +- return NULL; +- if (ret == 0) +- free_more_memory(); + } ++ return NULL; + } + + /* +diff --git a/fs/fifo.c b/fs/fifo.c +index b1a524d..cf6f434 100644 +--- a/fs/fifo.c ++++ b/fs/fifo.c +@@ -14,7 +14,7 @@ + #include <linux/sched.h> + #include <linux/pipe_fs_i.h> + +-static void wait_for_partner(struct inode* inode, unsigned int *cnt) ++static int wait_for_partner(struct inode* inode, unsigned int *cnt) + { + int cur = *cnt; + +@@ -23,6 +23,7 @@ static void wait_for_partner(struct inode* inode, unsigned int *cnt) + if (signal_pending(current)) + break; + } ++ return cur == *cnt ? -ERESTARTSYS : 0; + } + + static void wake_up_partner(struct inode* inode) +@@ -67,8 +68,7 @@ static int fifo_open(struct inode *inode, struct file *filp) + * seen a writer */ + filp->f_version = pipe->w_counter; + } else { +- wait_for_partner(inode, &pipe->w_counter); +- if(signal_pending(current)) ++ if (wait_for_partner(inode, &pipe->w_counter)) + goto err_rd; + } + } +@@ -90,8 +90,7 @@ static int fifo_open(struct inode *inode, struct file *filp) + wake_up_partner(inode); + + if (!pipe->readers) { +- wait_for_partner(inode, &pipe->r_counter); +- if (signal_pending(current)) ++ if (wait_for_partner(inode, &pipe->r_counter)) + goto err_wr; + } + break; +diff --git a/fs/locks.c b/fs/locks.c +index 0d68f1f..6a64f15 100644 +--- a/fs/locks.c ++++ b/fs/locks.c +@@ -1465,7 +1465,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) + case F_WRLCK: + return generic_add_lease(filp, arg, flp); + default: +- BUG(); ++ return -EINVAL; + } + } + EXPORT_SYMBOL(generic_setlease); +diff --git a/include/linux/Kbuild b/include/linux/Kbuild +index 50f55c7..f2f73f9 100644 +--- a/include/linux/Kbuild ++++ b/include/linux/Kbuild +@@ -272,6 +272,7 @@ header-y += netfilter_ipv4.h + header-y += netfilter_ipv6.h + header-y += netlink.h + header-y += netrom.h ++header-y += nfc.h + header-y += nfs.h + header-y += nfs2.h + header-y += nfs3.h +diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h +index fd0dc30..cc07d27 100644 +--- a/include/linux/hrtimer.h ++++ b/include/linux/hrtimer.h +@@ -165,6 +165,7 @@ enum hrtimer_base_type { + * @lock: lock protecting the base and associated clock bases + * and timers + * @active_bases: Bitfield to mark bases with active timers ++ * @clock_was_set: Indicates that clock was set from irq context. + * @expires_next: absolute time of the next event which was scheduled + * via clock_set_next_event() + * @hres_active: State of high resolution mode +@@ -177,7 +178,8 @@ enum hrtimer_base_type { + */ + struct hrtimer_cpu_base { + raw_spinlock_t lock; +- unsigned long active_bases; ++ unsigned int active_bases; ++ unsigned int clock_was_set; + #ifdef CONFIG_HIGH_RES_TIMERS + ktime_t expires_next; + int hres_active; +@@ -286,6 +288,8 @@ extern void hrtimer_peek_ahead_timers(void); + # define MONOTONIC_RES_NSEC HIGH_RES_NSEC + # define KTIME_MONOTONIC_RES KTIME_HIGH_RES + ++extern void clock_was_set_delayed(void); ++ + #else + + # define MONOTONIC_RES_NSEC LOW_RES_NSEC +@@ -306,6 +310,9 @@ static inline int hrtimer_is_hres_active(struct hrtimer *timer) + { + return 0; + } ++ ++static inline void clock_was_set_delayed(void) { } ++ + #endif + + extern void clock_was_set(void); +@@ -320,6 +327,7 @@ extern ktime_t ktime_get(void); + extern ktime_t ktime_get_real(void); + extern ktime_t ktime_get_boottime(void); + extern ktime_t ktime_get_monotonic_offset(void); ++extern ktime_t ktime_get_update_offsets(ktime_t *offs_real, ktime_t *offs_boot); + + DECLARE_PER_CPU(struct tick_device, tick_cpu_device); + +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 81a173c..7b06169 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -1933,6 +1933,14 @@ static inline int set_cpus_allowed_ptr(struct task_struct *p, + } + #endif + ++#ifdef CONFIG_NO_HZ ++void calc_load_enter_idle(void); ++void calc_load_exit_idle(void); ++#else ++static inline void calc_load_enter_idle(void) { } ++static inline void calc_load_exit_idle(void) { } ++#endif /* CONFIG_NO_HZ */ ++ + #ifndef CONFIG_CPUMASK_OFFSTACK + static inline int set_cpus_allowed(struct task_struct *p, cpumask_t new_mask) + { +diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c +index ae34bf5..6db7a5e 100644 +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -657,6 +657,14 @@ static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, + return 0; + } + ++static inline ktime_t hrtimer_update_base(struct hrtimer_cpu_base *base) ++{ ++ ktime_t *offs_real = &base->clock_base[HRTIMER_BASE_REALTIME].offset; ++ ktime_t *offs_boot = &base->clock_base[HRTIMER_BASE_BOOTTIME].offset; ++ ++ return ktime_get_update_offsets(offs_real, offs_boot); ++} ++ + /* + * Retrigger next event is called after clock was set + * +@@ -665,22 +673,12 @@ static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, + static void retrigger_next_event(void *arg) + { + struct hrtimer_cpu_base *base = &__get_cpu_var(hrtimer_bases); +- struct timespec realtime_offset, xtim, wtm, sleep; + + if (!hrtimer_hres_active()) + return; + +- /* Optimized out for !HIGH_RES */ +- get_xtime_and_monotonic_and_sleep_offset(&xtim, &wtm, &sleep); +- set_normalized_timespec(&realtime_offset, -wtm.tv_sec, -wtm.tv_nsec); +- +- /* Adjust CLOCK_REALTIME offset */ + raw_spin_lock(&base->lock); +- base->clock_base[HRTIMER_BASE_REALTIME].offset = +- timespec_to_ktime(realtime_offset); +- base->clock_base[HRTIMER_BASE_BOOTTIME].offset = +- timespec_to_ktime(sleep); +- ++ hrtimer_update_base(base); + hrtimer_force_reprogram(base, 0); + raw_spin_unlock(&base->lock); + } +@@ -710,13 +708,25 @@ static int hrtimer_switch_to_hres(void) + base->clock_base[i].resolution = KTIME_HIGH_RES; + + tick_setup_sched_timer(); +- + /* "Retrigger" the interrupt to get things going */ + retrigger_next_event(NULL); + local_irq_restore(flags); + return 1; + } + ++/* ++ * Called from timekeeping code to reprogramm the hrtimer interrupt ++ * device. If called from the timer interrupt context we defer it to ++ * softirq context. ++ */ ++void clock_was_set_delayed(void) ++{ ++ struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); ++ ++ cpu_base->clock_was_set = 1; ++ __raise_softirq_irqoff(HRTIMER_SOFTIRQ); ++} ++ + #else + + static inline int hrtimer_hres_active(void) { return 0; } +@@ -1250,11 +1260,10 @@ void hrtimer_interrupt(struct clock_event_device *dev) + cpu_base->nr_events++; + dev->next_event.tv64 = KTIME_MAX; + +- entry_time = now = ktime_get(); ++ raw_spin_lock(&cpu_base->lock); ++ entry_time = now = hrtimer_update_base(cpu_base); + retry: + expires_next.tv64 = KTIME_MAX; +- +- raw_spin_lock(&cpu_base->lock); + /* + * We set expires_next to KTIME_MAX here with cpu_base->lock + * held to prevent that a timer is enqueued in our queue via +@@ -1330,8 +1339,12 @@ retry: + * We need to prevent that we loop forever in the hrtimer + * interrupt routine. We give it 3 attempts to avoid + * overreacting on some spurious event. ++ * ++ * Acquire base lock for updating the offsets and retrieving ++ * the current time. + */ +- now = ktime_get(); ++ raw_spin_lock(&cpu_base->lock); ++ now = hrtimer_update_base(cpu_base); + cpu_base->nr_retries++; + if (++retries < 3) + goto retry; +@@ -1343,6 +1356,7 @@ retry: + */ + cpu_base->nr_hangs++; + cpu_base->hang_detected = 1; ++ raw_spin_unlock(&cpu_base->lock); + delta = ktime_sub(now, entry_time); + if (delta.tv64 > cpu_base->max_hang_time.tv64) + cpu_base->max_hang_time = delta; +@@ -1395,6 +1409,13 @@ void hrtimer_peek_ahead_timers(void) + + static void run_hrtimer_softirq(struct softirq_action *h) + { ++ struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); ++ ++ if (cpu_base->clock_was_set) { ++ cpu_base->clock_was_set = 0; ++ clock_was_set(); ++ } ++ + hrtimer_peek_ahead_timers(); + } + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index 2000e06..817bf70 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -2162,11 +2162,73 @@ unsigned long this_cpu_load(void) + } + + ++/* ++ * Global load-average calculations ++ * ++ * We take a distributed and async approach to calculating the global load-avg ++ * in order to minimize overhead. ++ * ++ * The global load average is an exponentially decaying average of nr_running + ++ * nr_uninterruptible. ++ * ++ * Once every LOAD_FREQ: ++ * ++ * nr_active = 0; ++ * for_each_possible_cpu(cpu) ++ * nr_active += cpu_of(cpu)->nr_running + cpu_of(cpu)->nr_uninterruptible; ++ * ++ * avenrun[n] = avenrun[0] * exp_n + nr_active * (1 - exp_n) ++ * ++ * Due to a number of reasons the above turns in the mess below: ++ * ++ * - for_each_possible_cpu() is prohibitively expensive on machines with ++ * serious number of cpus, therefore we need to take a distributed approach ++ * to calculating nr_active. ++ * ++ * \Sum_i x_i(t) = \Sum_i x_i(t) - x_i(t_0) | x_i(t_0) := 0 ++ * = \Sum_i { \Sum_j=1 x_i(t_j) - x_i(t_j-1) } ++ * ++ * So assuming nr_active := 0 when we start out -- true per definition, we ++ * can simply take per-cpu deltas and fold those into a global accumulate ++ * to obtain the same result. See calc_load_fold_active(). ++ * ++ * Furthermore, in order to avoid synchronizing all per-cpu delta folding ++ * across the machine, we assume 10 ticks is sufficient time for every ++ * cpu to have completed this task. ++ * ++ * This places an upper-bound on the IRQ-off latency of the machine. Then ++ * again, being late doesn't loose the delta, just wrecks the sample. ++ * ++ * - cpu_rq()->nr_uninterruptible isn't accurately tracked per-cpu because ++ * this would add another cross-cpu cacheline miss and atomic operation ++ * to the wakeup path. Instead we increment on whatever cpu the task ran ++ * when it went into uninterruptible state and decrement on whatever cpu ++ * did the wakeup. This means that only the sum of nr_uninterruptible over ++ * all cpus yields the correct result. ++ * ++ * This covers the NO_HZ=n code, for extra head-aches, see the comment below. ++ */ ++ + /* Variables and functions for calc_load */ + static atomic_long_t calc_load_tasks; + static unsigned long calc_load_update; + unsigned long avenrun[3]; +-EXPORT_SYMBOL(avenrun); ++EXPORT_SYMBOL(avenrun); /* should be removed */ ++ ++/** ++ * get_avenrun - get the load average array ++ * @loads: pointer to dest load array ++ * @offset: offset to add ++ * @shift: shift count to shift the result left ++ * ++ * These values are estimates at best, so no need for locking. ++ */ ++void get_avenrun(unsigned long *loads, unsigned long offset, int shift) ++{ ++ loads[0] = (avenrun[0] + offset) << shift; ++ loads[1] = (avenrun[1] + offset) << shift; ++ loads[2] = (avenrun[2] + offset) << shift; ++} + + static long calc_load_fold_active(struct rq *this_rq) + { +@@ -2183,6 +2245,9 @@ static long calc_load_fold_active(struct rq *this_rq) + return delta; + } + ++/* ++ * a1 = a0 * e + a * (1 - e) ++ */ + static unsigned long + calc_load(unsigned long load, unsigned long exp, unsigned long active) + { +@@ -2194,30 +2259,118 @@ calc_load(unsigned long load, unsigned long exp, unsigned long active) + + #ifdef CONFIG_NO_HZ + /* +- * For NO_HZ we delay the active fold to the next LOAD_FREQ update. ++ * Handle NO_HZ for the global load-average. ++ * ++ * Since the above described distributed algorithm to compute the global ++ * load-average relies on per-cpu sampling from the tick, it is affected by ++ * NO_HZ. ++ * ++ * The basic idea is to fold the nr_active delta into a global idle-delta upon ++ * entering NO_HZ state such that we can include this as an 'extra' cpu delta ++ * when we read the global state. ++ * ++ * Obviously reality has to ruin such a delightfully simple scheme: ++ * ++ * - When we go NO_HZ idle during the window, we can negate our sample ++ * contribution, causing under-accounting. ++ * ++ * We avoid this by keeping two idle-delta counters and flipping them ++ * when the window starts, thus separating old and new NO_HZ load. ++ * ++ * The only trick is the slight shift in index flip for read vs write. ++ * ++ * 0s 5s 10s 15s ++ * +10 +10 +10 +10 ++ * |-|-----------|-|-----------|-|-----------|-| ++ * r:0 0 1 1 0 0 1 1 0 ++ * w:0 1 1 0 0 1 1 0 0 ++ * ++ * This ensures we'll fold the old idle contribution in this window while ++ * accumlating the new one. ++ * ++ * - When we wake up from NO_HZ idle during the window, we push up our ++ * contribution, since we effectively move our sample point to a known ++ * busy state. ++ * ++ * This is solved by pushing the window forward, and thus skipping the ++ * sample, for this cpu (effectively using the idle-delta for this cpu which ++ * was in effect at the time the window opened). This also solves the issue ++ * of having to deal with a cpu having been in NOHZ idle for multiple ++ * LOAD_FREQ intervals. + * + * When making the ILB scale, we should try to pull this in as well. + */ +-static atomic_long_t calc_load_tasks_idle; ++static atomic_long_t calc_load_idle[2]; ++static int calc_load_idx; + +-void calc_load_account_idle(struct rq *this_rq) ++static inline int calc_load_write_idx(void) + { ++ int idx = calc_load_idx; ++ ++ /* ++ * See calc_global_nohz(), if we observe the new index, we also ++ * need to observe the new update time. ++ */ ++ smp_rmb(); ++ ++ /* ++ * If the folding window started, make sure we start writing in the ++ * next idle-delta. ++ */ ++ if (!time_before(jiffies, calc_load_update)) ++ idx++; ++ ++ return idx & 1; ++} ++ ++static inline int calc_load_read_idx(void) ++{ ++ return calc_load_idx & 1; ++} ++ ++void calc_load_enter_idle(void) ++{ ++ struct rq *this_rq = this_rq(); + long delta; + ++ /* ++ * We're going into NOHZ mode, if there's any pending delta, fold it ++ * into the pending idle delta. ++ */ + delta = calc_load_fold_active(this_rq); +- if (delta) +- atomic_long_add(delta, &calc_load_tasks_idle); ++ if (delta) { ++ int idx = calc_load_write_idx(); ++ atomic_long_add(delta, &calc_load_idle[idx]); ++ } + } + +-static long calc_load_fold_idle(void) ++void calc_load_exit_idle(void) + { +- long delta = 0; ++ struct rq *this_rq = this_rq(); ++ ++ /* ++ * If we're still before the sample window, we're done. ++ */ ++ if (time_before(jiffies, this_rq->calc_load_update)) ++ return; + + /* +- * Its got a race, we don't care... ++ * We woke inside or after the sample window, this means we're already ++ * accounted through the nohz accounting, so skip the entire deal and ++ * sync up for the next window. + */ +- if (atomic_long_read(&calc_load_tasks_idle)) +- delta = atomic_long_xchg(&calc_load_tasks_idle, 0); ++ this_rq->calc_load_update = calc_load_update; ++ if (time_before(jiffies, this_rq->calc_load_update + 10)) ++ this_rq->calc_load_update += LOAD_FREQ; ++} ++ ++static long calc_load_fold_idle(void) ++{ ++ int idx = calc_load_read_idx(); ++ long delta = 0; ++ ++ if (atomic_long_read(&calc_load_idle[idx])) ++ delta = atomic_long_xchg(&calc_load_idle[idx], 0); + + return delta; + } +@@ -2303,66 +2456,39 @@ static void calc_global_nohz(void) + { + long delta, active, n; + +- /* +- * If we crossed a calc_load_update boundary, make sure to fold +- * any pending idle changes, the respective CPUs might have +- * missed the tick driven calc_load_account_active() update +- * due to NO_HZ. +- */ +- delta = calc_load_fold_idle(); +- if (delta) +- atomic_long_add(delta, &calc_load_tasks); +- +- /* +- * It could be the one fold was all it took, we done! +- */ +- if (time_before(jiffies, calc_load_update + 10)) +- return; +- +- /* +- * Catch-up, fold however many we are behind still +- */ +- delta = jiffies - calc_load_update - 10; +- n = 1 + (delta / LOAD_FREQ); ++ if (!time_before(jiffies, calc_load_update + 10)) { ++ /* ++ * Catch-up, fold however many we are behind still ++ */ ++ delta = jiffies - calc_load_update - 10; ++ n = 1 + (delta / LOAD_FREQ); + +- active = atomic_long_read(&calc_load_tasks); +- active = active > 0 ? active * FIXED_1 : 0; ++ active = atomic_long_read(&calc_load_tasks); ++ active = active > 0 ? active * FIXED_1 : 0; + +- avenrun[0] = calc_load_n(avenrun[0], EXP_1, active, n); +- avenrun[1] = calc_load_n(avenrun[1], EXP_5, active, n); +- avenrun[2] = calc_load_n(avenrun[2], EXP_15, active, n); ++ avenrun[0] = calc_load_n(avenrun[0], EXP_1, active, n); ++ avenrun[1] = calc_load_n(avenrun[1], EXP_5, active, n); ++ avenrun[2] = calc_load_n(avenrun[2], EXP_15, active, n); + +- calc_load_update += n * LOAD_FREQ; +-} +-#else +-void calc_load_account_idle(struct rq *this_rq) +-{ +-} ++ calc_load_update += n * LOAD_FREQ; ++ } + +-static inline long calc_load_fold_idle(void) +-{ +- return 0; ++ /* ++ * Flip the idle index... ++ * ++ * Make sure we first write the new time then flip the index, so that ++ * calc_load_write_idx() will see the new time when it reads the new ++ * index, this avoids a double flip messing things up. ++ */ ++ smp_wmb(); ++ calc_load_idx++; + } ++#else /* !CONFIG_NO_HZ */ + +-static void calc_global_nohz(void) +-{ +-} +-#endif ++static inline long calc_load_fold_idle(void) { return 0; } ++static inline void calc_global_nohz(void) { } + +-/** +- * get_avenrun - get the load average array +- * @loads: pointer to dest load array +- * @offset: offset to add +- * @shift: shift count to shift the result left +- * +- * These values are estimates at best, so no need for locking. +- */ +-void get_avenrun(unsigned long *loads, unsigned long offset, int shift) +-{ +- loads[0] = (avenrun[0] + offset) << shift; +- loads[1] = (avenrun[1] + offset) << shift; +- loads[2] = (avenrun[2] + offset) << shift; +-} ++#endif /* CONFIG_NO_HZ */ + + /* + * calc_load - update the avenrun load estimates 10 ticks after the +@@ -2370,11 +2496,18 @@ void get_avenrun(unsigned long *loads, unsigned long offset, int shift) + */ + void calc_global_load(unsigned long ticks) + { +- long active; ++ long active, delta; + + if (time_before(jiffies, calc_load_update + 10)) + return; + ++ /* ++ * Fold the 'old' idle-delta to include all NO_HZ cpus. ++ */ ++ delta = calc_load_fold_idle(); ++ if (delta) ++ atomic_long_add(delta, &calc_load_tasks); ++ + active = atomic_long_read(&calc_load_tasks); + active = active > 0 ? active * FIXED_1 : 0; + +@@ -2385,12 +2518,7 @@ void calc_global_load(unsigned long ticks) + calc_load_update += LOAD_FREQ; + + /* +- * Account one period with whatever state we found before +- * folding in the nohz state and ageing the entire idle period. +- * +- * This avoids loosing a sample when we go idle between +- * calc_load_account_active() (10 ticks ago) and now and thus +- * under-accounting. ++ * In case we idled for multiple LOAD_FREQ intervals, catch up in bulk. + */ + calc_global_nohz(); + } +@@ -2407,7 +2535,6 @@ static void calc_load_account_active(struct rq *this_rq) + return; + + delta = calc_load_fold_active(this_rq); +- delta += calc_load_fold_idle(); + if (delta) + atomic_long_add(delta, &calc_load_tasks); + +@@ -2415,6 +2542,10 @@ static void calc_load_account_active(struct rq *this_rq) + } + + /* ++ * End of global load-average stuff ++ */ ++ ++/* + * The exact cpuload at various idx values, calculated at every tick would be + * load = (2^idx - 1) / 2^idx * load + 1 / 2^idx * cur_load + * +diff --git a/kernel/sched/idle_task.c b/kernel/sched/idle_task.c +index 91b4c95..fdf7522 100644 +--- a/kernel/sched/idle_task.c ++++ b/kernel/sched/idle_task.c +@@ -25,7 +25,6 @@ static void check_preempt_curr_idle(struct rq *rq, struct task_struct *p, int fl + static struct task_struct *pick_next_task_idle(struct rq *rq) + { + schedstat_inc(rq, sched_goidle); +- calc_load_account_idle(rq); + return rq->idle; + } + +diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h +index fb3acba..116ced0 100644 +--- a/kernel/sched/sched.h ++++ b/kernel/sched/sched.h +@@ -940,8 +940,6 @@ static inline u64 sched_avg_period(void) + return (u64)sysctl_sched_time_avg * NSEC_PER_MSEC / 2; + } + +-void calc_load_account_idle(struct rq *this_rq); +- + #ifdef CONFIG_SCHED_HRTICK + + /* +diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c +index 6a3a5b9..fd4e160 100644 +--- a/kernel/time/tick-sched.c ++++ b/kernel/time/tick-sched.c +@@ -401,6 +401,7 @@ static void tick_nohz_stop_sched_tick(struct tick_sched *ts) + */ + if (!ts->tick_stopped) { + select_nohz_load_balancer(1); ++ calc_load_enter_idle(); + + ts->idle_tick = hrtimer_get_expires(&ts->sched_timer); + ts->tick_stopped = 1; +@@ -591,6 +592,7 @@ void tick_nohz_idle_exit(void) + account_idle_ticks(ticks); + #endif + ++ calc_load_exit_idle(); + touch_softlockup_watchdog(); + /* + * Cancel the scheduled timer and restore the tick +diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c +index d42574df..7c50de8 100644 +--- a/kernel/time/timekeeping.c ++++ b/kernel/time/timekeeping.c +@@ -70,6 +70,12 @@ struct timekeeper { + /* The raw monotonic time for the CLOCK_MONOTONIC_RAW posix clock. */ + struct timespec raw_time; + ++ /* Offset clock monotonic -> clock realtime */ ++ ktime_t offs_real; ++ ++ /* Offset clock monotonic -> clock boottime */ ++ ktime_t offs_boot; ++ + /* Seqlock for all timekeeper values */ + seqlock_t lock; + }; +@@ -172,6 +178,14 @@ static inline s64 timekeeping_get_ns_raw(void) + return clocksource_cyc2ns(cycle_delta, clock->mult, clock->shift); + } + ++static void update_rt_offset(void) ++{ ++ struct timespec tmp, *wtm = &timekeeper.wall_to_monotonic; ++ ++ set_normalized_timespec(&tmp, -wtm->tv_sec, -wtm->tv_nsec); ++ timekeeper.offs_real = timespec_to_ktime(tmp); ++} ++ + /* must hold write on timekeeper.lock */ + static void timekeeping_update(bool clearntp) + { +@@ -179,6 +193,7 @@ static void timekeeping_update(bool clearntp) + timekeeper.ntp_error = 0; + ntp_clear(); + } ++ update_rt_offset(); + update_vsyscall(&timekeeper.xtime, &timekeeper.wall_to_monotonic, + timekeeper.clock, timekeeper.mult); + } +@@ -606,6 +621,7 @@ void __init timekeeping_init(void) + } + set_normalized_timespec(&timekeeper.wall_to_monotonic, + -boot.tv_sec, -boot.tv_nsec); ++ update_rt_offset(); + timekeeper.total_sleep_time.tv_sec = 0; + timekeeper.total_sleep_time.tv_nsec = 0; + write_sequnlock_irqrestore(&timekeeper.lock, flags); +@@ -614,6 +630,12 @@ void __init timekeeping_init(void) + /* time in seconds when suspend began */ + static struct timespec timekeeping_suspend_time; + ++static void update_sleep_time(struct timespec t) ++{ ++ timekeeper.total_sleep_time = t; ++ timekeeper.offs_boot = timespec_to_ktime(t); ++} ++ + /** + * __timekeeping_inject_sleeptime - Internal function to add sleep interval + * @delta: pointer to a timespec delta value +@@ -632,8 +654,7 @@ static void __timekeeping_inject_sleeptime(struct timespec *delta) + timekeeper.xtime = timespec_add(timekeeper.xtime, *delta); + timekeeper.wall_to_monotonic = + timespec_sub(timekeeper.wall_to_monotonic, *delta); +- timekeeper.total_sleep_time = timespec_add( +- timekeeper.total_sleep_time, *delta); ++ update_sleep_time(timespec_add(timekeeper.total_sleep_time, *delta)); + } + + +@@ -698,6 +719,7 @@ static void timekeeping_resume(void) + timekeeper.clock->cycle_last = timekeeper.clock->read(timekeeper.clock); + timekeeper.ntp_error = 0; + timekeeping_suspended = 0; ++ timekeeping_update(false); + write_sequnlock_irqrestore(&timekeeper.lock, flags); + + touch_softlockup_watchdog(); +@@ -965,6 +987,8 @@ static cycle_t logarithmic_accumulation(cycle_t offset, int shift) + leap = second_overflow(timekeeper.xtime.tv_sec); + timekeeper.xtime.tv_sec += leap; + timekeeper.wall_to_monotonic.tv_sec -= leap; ++ if (leap) ++ clock_was_set_delayed(); + } + + /* Accumulate raw time */ +@@ -1081,6 +1105,8 @@ static void update_wall_time(void) + leap = second_overflow(timekeeper.xtime.tv_sec); + timekeeper.xtime.tv_sec += leap; + timekeeper.wall_to_monotonic.tv_sec -= leap; ++ if (leap) ++ clock_was_set_delayed(); + } + + timekeeping_update(false); +@@ -1248,6 +1274,40 @@ void get_xtime_and_monotonic_and_sleep_offset(struct timespec *xtim, + } while (read_seqretry(&timekeeper.lock, seq)); + } + ++#ifdef CONFIG_HIGH_RES_TIMERS ++/** ++ * ktime_get_update_offsets - hrtimer helper ++ * @offs_real: pointer to storage for monotonic -> realtime offset ++ * @offs_boot: pointer to storage for monotonic -> boottime offset ++ * ++ * Returns current monotonic time and updates the offsets ++ * Called from hrtimer_interupt() or retrigger_next_event() ++ */ ++ktime_t ktime_get_update_offsets(ktime_t *offs_real, ktime_t *offs_boot) ++{ ++ ktime_t now; ++ unsigned int seq; ++ u64 secs, nsecs; ++ ++ do { ++ seq = read_seqbegin(&timekeeper.lock); ++ ++ secs = timekeeper.xtime.tv_sec; ++ nsecs = timekeeper.xtime.tv_nsec; ++ nsecs += timekeeping_get_ns(); ++ /* If arch requires, add in gettimeoffset() */ ++ nsecs += arch_gettimeoffset(); ++ ++ *offs_real = timekeeper.offs_real; ++ *offs_boot = timekeeper.offs_boot; ++ } while (read_seqretry(&timekeeper.lock, seq)); ++ ++ now = ktime_add_ns(ktime_set(secs, 0), nsecs); ++ now = ktime_sub(now, *offs_real); ++ return now; ++} ++#endif ++ + /** + * ktime_get_monotonic_offset() - get wall_to_monotonic in ktime_t format + */ +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index 1197e8d..d132b98 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -2183,15 +2183,13 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata, + sdata->name, mgmt->sa, status_code); + ieee80211_destroy_assoc_data(sdata, false); + } else { +- printk(KERN_DEBUG "%s: associated\n", sdata->name); +- + if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) { + /* oops -- internal error -- send timeout for now */ +- ieee80211_destroy_assoc_data(sdata, true); +- sta_info_destroy_addr(sdata, mgmt->bssid); ++ ieee80211_destroy_assoc_data(sdata, false); + cfg80211_put_bss(*bss); + return RX_MGMT_CFG80211_ASSOC_TIMEOUT; + } ++ printk(KERN_DEBUG "%s: associated\n", sdata->name); + + /* + * destroy assoc_data afterwards, as otherwise an idle +diff --git a/net/wireless/util.c b/net/wireless/util.c +index b5b6890..0eb6cc0 100644 +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -805,7 +805,7 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev, + ntype == NL80211_IFTYPE_P2P_CLIENT)) + return -EBUSY; + +- if (ntype != otype) { ++ if (ntype != otype && netif_running(dev)) { + err = cfg80211_can_change_interface(rdev, dev->ieee80211_ptr, + ntype); + if (err) diff --git a/3.4.5/4420_grsecurity-2.9.1-3.4.5-201207171624.patch b/3.4.6/4420_grsecurity-2.9.1-3.4.6-201207211444.patch index a842b50..55e5619 100644 --- a/3.4.5/4420_grsecurity-2.9.1-3.4.5-201207171624.patch +++ b/3.4.6/4420_grsecurity-2.9.1-3.4.6-201207211444.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b4a898f..a0e01d0 100644 +index b4a898f..781c7ad 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -22,7 +22,7 @@ index b4a898f..a0e01d0 100644 *.grep *.grp *.gz -@@ -48,9 +51,11 @@ +@@ -48,14 +51,17 @@ *.tab.h *.tex *.ver @@ -34,7 +34,14 @@ index b4a898f..a0e01d0 100644 *_vga16.c *~ \#*# -@@ -69,6 +74,7 @@ Image + *.9 +-.* ++.[^g]* ++.gen* + .*.d + .mm + 53c700_d.h +@@ -69,6 +75,7 @@ Image Module.markers Module.symvers PENDING @@ -42,7 +49,7 @@ index b4a898f..a0e01d0 100644 SCCS System.map* TAGS -@@ -80,6 +86,7 @@ aic7*seq.h* +@@ -80,6 +87,7 @@ aic7*seq.h* aicasm aicdb.h* altivec*.c @@ -50,7 +57,7 @@ index b4a898f..a0e01d0 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -92,19 +99,24 @@ bounds.h +@@ -92,19 +100,24 @@ bounds.h bsetup btfixupprep build @@ -75,7 +82,7 @@ index b4a898f..a0e01d0 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +127,11 @@ devlist.h* +@@ -115,9 +128,11 @@ devlist.h* dnotify_test docproc dslm @@ -87,7 +94,7 @@ index b4a898f..a0e01d0 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +139,15 @@ fore200e_pca_fw.c* +@@ -125,12 +140,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -103,7 +110,7 @@ index b4a898f..a0e01d0 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,7 +162,7 @@ int32.c +@@ -145,7 +163,7 @@ int32.c int4.c int8.c kallsyms @@ -112,7 +119,7 @@ index b4a898f..a0e01d0 100644 keywords.c ksym.c* ksym.h* -@@ -153,7 +170,7 @@ kxgettext +@@ -153,7 +171,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -121,7 +128,7 @@ index b4a898f..a0e01d0 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -164,14 +181,15 @@ machtypes.h +@@ -164,14 +182,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -138,7 +145,7 @@ index b4a898f..a0e01d0 100644 mkprep mkregtable mktables -@@ -188,6 +206,7 @@ oui.c* +@@ -188,6 +207,7 @@ oui.c* page-types parse.c parse.h @@ -146,7 +153,7 @@ index b4a898f..a0e01d0 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -197,6 +216,7 @@ perf-archive +@@ -197,6 +217,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -154,7 +161,7 @@ index b4a898f..a0e01d0 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -207,6 +227,7 @@ r300_reg_safe.h +@@ -207,6 +228,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -162,7 +169,7 @@ index b4a898f..a0e01d0 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -216,7 +237,9 @@ series +@@ -216,7 +238,9 @@ series setup setup.bin setup.elf @@ -172,7 +179,7 @@ index b4a898f..a0e01d0 100644 sm_tbl* split-include syscalltab.h -@@ -227,6 +250,7 @@ tftpboot.img +@@ -227,6 +251,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -180,7 +187,7 @@ index b4a898f..a0e01d0 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -238,13 +262,17 @@ vdso32.lds +@@ -238,13 +263,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -198,7 +205,7 @@ index b4a898f..a0e01d0 100644 vmlinuz voffset.h vsyscall.lds -@@ -252,9 +280,11 @@ vsyscall_32.lds +@@ -252,9 +281,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -229,7 +236,7 @@ index c1601e5..08557ce 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index a2e69a0..cc487da 100644 +index 5d0edcb..121c424 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -255,7 +262,7 @@ index a2e69a0..cc487da 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,56 @@ else +@@ -564,6 +565,60 @@ else KBUILD_CFLAGS += -O2 endif @@ -286,12 +293,16 @@ index a2e69a0..cc487da 100644 +endif +COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so +ifdef CONFIG_PAX_SIZE_OVERFLOW -+SIZE_OVERFLOW_PLUGIN := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN ++SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN ++endif ++ifdef CONFIG_PAX_LATENT_ENTROPY ++LATENT_ENTROPY := -fplugin=$(objtree)/tools/gcc/latent_entropy_plugin.so +endif +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN) ++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS += $(SIZE_OVERFLOW_PLUGIN_CFLAGS) $(LATENT_ENTROPY) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export PLUGINCC CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN ++export PLUGINCC CONSTIFY_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -312,7 +323,7 @@ index a2e69a0..cc487da 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +759,7 @@ export mod_strip_cmd +@@ -708,7 +763,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -321,7 +332,7 @@ index a2e69a0..cc487da 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +983,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +987,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -330,7 +341,7 @@ index a2e69a0..cc487da 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +994,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +998,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -339,7 +350,7 @@ index a2e69a0..cc487da 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1038,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1042,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -347,7 +358,7 @@ index a2e69a0..cc487da 100644 prepare: prepare0 # Generate some files -@@ -1092,6 +1146,8 @@ all: modules +@@ -1092,6 +1150,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -356,7 +367,7 @@ index a2e69a0..cc487da 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1107,7 +1163,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1107,7 +1167,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -365,7 +376,7 @@ index a2e69a0..cc487da 100644 # Target to install modules PHONY += modules_install -@@ -1166,7 +1222,7 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1166,7 +1226,7 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated MRPROPER_FILES += .config .config.old .version .old_version \ @@ -374,7 +385,7 @@ index a2e69a0..cc487da 100644 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS # clean - Delete most, but leave enough to build external modules -@@ -1204,6 +1260,7 @@ distclean: mrproper +@@ -1204,6 +1264,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -382,7 +393,7 @@ index a2e69a0..cc487da 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1364,6 +1421,8 @@ PHONY += $(module-dirs) modules +@@ -1364,6 +1425,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -391,7 +402,7 @@ index a2e69a0..cc487da 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1490,17 +1549,21 @@ else +@@ -1490,17 +1553,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -417,7 +428,7 @@ index a2e69a0..cc487da 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1510,11 +1573,15 @@ endif +@@ -1510,11 +1577,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -9130,7 +9141,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index 58cb6d4..ca9010d 100644 +index 58cb6d4..a4b806c 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -22,7 +22,18 @@ @@ -9538,6 +9549,51 @@ index 58cb6d4..ca9010d 100644 /* * atomic_dec_if_positive - decrement by 1 if old value positive +@@ -293,14 +552,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) + #endif + + /* These are x86-specific, used by some header files */ +-#define atomic_clear_mask(mask, addr) \ +- asm volatile(LOCK_PREFIX "andl %0,%1" \ +- : : "r" (~(mask)), "m" (*(addr)) : "memory") ++static inline void atomic_clear_mask(unsigned int mask, atomic_t *v) ++{ ++ asm volatile(LOCK_PREFIX "andl %1,%0" ++ : "+m" (v->counter) ++ : "r" (~(mask)) ++ : "memory"); ++} + +-#define atomic_set_mask(mask, addr) \ +- asm volatile(LOCK_PREFIX "orl %0,%1" \ +- : : "r" ((unsigned)(mask)), "m" (*(addr)) \ +- : "memory") ++static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v) ++{ ++ asm volatile(LOCK_PREFIX "andl %1,%0" ++ : "+m" (v->counter) ++ : "r" (~(mask)) ++ : "memory"); ++} ++ ++static inline void atomic_set_mask(unsigned int mask, atomic_t *v) ++{ ++ asm volatile(LOCK_PREFIX "orl %1,%0" ++ : "+m" (v->counter) ++ : "r" (mask) ++ : "memory"); ++} ++ ++static inline void atomic_set_mask_unchecked(unsigned int mask, atomic_unchecked_t *v) ++{ ++ asm volatile(LOCK_PREFIX "orl %1,%0" ++ : "+m" (v->counter) ++ : "r" (mask) ++ : "memory"); ++} + + /* Atomic operations are already serializing on x86 */ + #define smp_mb__before_atomic_dec() barrier() diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h index 1981199..36b9dfb 100644 --- a/arch/x86/include/asm/atomic64_32.h @@ -29617,7 +29673,7 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index 4ec04a7..4a092ed 100644 +index 4ec04a7..9918387 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -29652,7 +29708,25 @@ index 4ec04a7..4a092ed 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -726,6 +738,17 @@ void add_disk_randomness(struct gendisk *disk) + } + #endif + ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++u64 latent_entropy; ++ ++__init void transfer_latent_entropy(void) ++{ ++ mix_pool_bytes(&input_pool, &latent_entropy, sizeof(latent_entropy)); ++ mix_pool_bytes(&nonblocking_pool, &latent_entropy, sizeof(latent_entropy)); ++// printk(KERN_INFO "PAX: transferring latent entropy: %16llx\n", latent_entropy); ++} ++#endif ++ + /********************************************************************* + * + * Entropy extraction routines +@@ -913,7 +936,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -29661,7 +29735,7 @@ index 4ec04a7..4a092ed 100644 ret = -EFAULT; break; } -@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1238,7 +1261,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -30441,7 +30515,7 @@ index 26c67a7..8d4cbcb 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index d4d162f..e80037c 100644 +index d4d162f..b49a04e 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2254,7 +2254,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -30462,16 +30536,19 @@ index d4d162f..e80037c 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -7286,7 +7286,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7284,9 +7284,8 @@ static void do_intel_finish_page_flip(struct drm_device *dev, - atomic_clear_mask(1 << intel_crtc->plane, - &obj->pending_flip.counter); + obj = work->old_fb_obj; + +- atomic_clear_mask(1 << intel_crtc->plane, +- &obj->pending_flip.counter); - if (atomic_read(&obj->pending_flip) == 0) ++ atomic_clear_mask_unchecked(1 << intel_crtc->plane, &obj->pending_flip); + if (atomic_read_unchecked(&obj->pending_flip) == 0) wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7582,7 +7582,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7582,7 +7581,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30480,7 +30557,7 @@ index d4d162f..e80037c 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7596,7 +7596,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7596,7 +7595,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -31177,10 +31254,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 4da66b4..e948655 100644 +index 054677b..741672a 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2063,7 +2063,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2070,7 +2070,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31189,7 +31266,7 @@ index 4da66b4..e948655 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2078,7 +2078,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2085,7 +2085,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -32698,10 +32775,10 @@ index b8d8611..7a4a04b 100644 #include <linux/input.h> #include <linux/gameport.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index fd7a0d5..a4af10c 100644 +index 42f7b25..09fcf46 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -714,7 +714,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -32710,7 +32787,7 @@ index fd7a0d5..a4af10c 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -723,7 +723,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -727,7 +727,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -32901,7 +32978,7 @@ index b5fdcb7..5b6c59f 100644 printk(KERN_INFO "lguest: mapped switcher at %p\n", diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 3980903..ce25c5e 100644 +index 39809035..ce25c5e 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { @@ -33258,7 +33335,7 @@ index e24143c..ce2f21a1 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 2b30ffd..bf789ce 100644 +index 2b30ffd..362b519 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -33330,7 +33407,125 @@ index 2b30ffd..bf789ce 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6738,7 +6738,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -3744,8 +3744,8 @@ array_state_show(struct mddev *mddev, char *page) + return sprintf(page, "%s\n", array_states[st]); + } + +-static int do_md_stop(struct mddev * mddev, int ro, int is_open); +-static int md_set_readonly(struct mddev * mddev, int is_open); ++static int do_md_stop(struct mddev * mddev, int ro, struct block_device *bdev); ++static int md_set_readonly(struct mddev * mddev, struct block_device *bdev); + static int do_md_run(struct mddev * mddev); + static int restart_array(struct mddev *mddev); + +@@ -3761,14 +3761,14 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + /* stopping an active array */ + if (atomic_read(&mddev->openers) > 0) + return -EBUSY; +- err = do_md_stop(mddev, 0, 0); ++ err = do_md_stop(mddev, 0, NULL); + break; + case inactive: + /* stopping an active array */ + if (mddev->pers) { + if (atomic_read(&mddev->openers) > 0) + return -EBUSY; +- err = do_md_stop(mddev, 2, 0); ++ err = do_md_stop(mddev, 2, NULL); + } else + err = 0; /* already inactive */ + break; +@@ -3776,7 +3776,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + break; /* not supported yet */ + case readonly: + if (mddev->pers) +- err = md_set_readonly(mddev, 0); ++ err = md_set_readonly(mddev, NULL); + else { + mddev->ro = 1; + set_disk_ro(mddev->gendisk, 1); +@@ -3786,7 +3786,7 @@ array_state_store(struct mddev *mddev, const char *buf, size_t len) + case read_auto: + if (mddev->pers) { + if (mddev->ro == 0) +- err = md_set_readonly(mddev, 0); ++ err = md_set_readonly(mddev, NULL); + else if (mddev->ro == 1) + err = restart_array(mddev); + if (err == 0) { +@@ -5124,15 +5124,17 @@ void md_stop(struct mddev *mddev) + } + EXPORT_SYMBOL_GPL(md_stop); + +-static int md_set_readonly(struct mddev *mddev, int is_open) ++static int md_set_readonly(struct mddev *mddev, struct block_device *bdev) + { + int err = 0; + mutex_lock(&mddev->open_mutex); +- if (atomic_read(&mddev->openers) > is_open) { ++ if (atomic_read(&mddev->openers) > !!bdev) { + printk("md: %s still in use.\n",mdname(mddev)); + err = -EBUSY; + goto out; + } ++ if (bdev) ++ sync_blockdev(bdev); + if (mddev->pers) { + __md_stop_writes(mddev); + +@@ -5154,18 +5156,26 @@ out: + * 0 - completely stop and dis-assemble array + * 2 - stop but do not disassemble array + */ +-static int do_md_stop(struct mddev * mddev, int mode, int is_open) ++static int do_md_stop(struct mddev * mddev, int mode, ++ struct block_device *bdev) + { + struct gendisk *disk = mddev->gendisk; + struct md_rdev *rdev; + + mutex_lock(&mddev->open_mutex); +- if (atomic_read(&mddev->openers) > is_open || ++ if (atomic_read(&mddev->openers) > !!bdev || + mddev->sysfs_active) { + printk("md: %s still in use.\n",mdname(mddev)); + mutex_unlock(&mddev->open_mutex); + return -EBUSY; + } ++ if (bdev) ++ /* It is possible IO was issued on some other ++ * open file which was closed before we took ->open_mutex. ++ * As that was not the last close __blkdev_put will not ++ * have called sync_blockdev, so we must. ++ */ ++ sync_blockdev(bdev); + + if (mddev->pers) { + if (mddev->ro) +@@ -5239,7 +5249,7 @@ static void autorun_array(struct mddev *mddev) + err = do_md_run(mddev); + if (err) { + printk(KERN_WARNING "md: do_md_run() returned %d\n", err); +- do_md_stop(mddev, 0, 0); ++ do_md_stop(mddev, 0, NULL); + } + } + +@@ -6237,11 +6247,11 @@ static int md_ioctl(struct block_device *bdev, fmode_t mode, + goto done_unlock; + + case STOP_ARRAY: +- err = do_md_stop(mddev, 0, 1); ++ err = do_md_stop(mddev, 0, bdev); + goto done_unlock; + + case STOP_ARRAY_RO: +- err = md_set_readonly(mddev, 1); ++ err = md_set_readonly(mddev, bdev); + goto done_unlock; + + case BLKROSET: +@@ -6738,7 +6748,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33339,7 +33534,7 @@ index 2b30ffd..bf789ce 100644 return 0; } if (v == (void*)2) { -@@ -6841,7 +6841,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6841,7 +6851,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -33348,7 +33543,7 @@ index 2b30ffd..bf789ce 100644 return error; } -@@ -6855,7 +6855,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6855,7 +6865,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -33357,7 +33552,7 @@ index 2b30ffd..bf789ce 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6899,7 +6899,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6899,7 +6909,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -33447,7 +33642,7 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index d7e9577..faa512f2 100644 +index d1f74ab..d1b24fd 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1688,7 +1688,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -33594,7 +33789,7 @@ index a7d876f..8c21b61 100644 struct dvb_demux *demux; void *priv; diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c -index 00a6732..70a682e 100644 +index 39eab73..60033e7 100644 --- a/drivers/media/dvb/dvb-core/dvbdev.c +++ b/drivers/media/dvb/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, @@ -33693,6 +33888,33 @@ index 9cde353..8c6a1c3 100644 struct i2c_client i2c_client; u32 i2c_rc; +diff --git a/drivers/media/video/cx25821/cx25821-core.c b/drivers/media/video/cx25821/cx25821-core.c +index 7930ca5..235bf7d 100644 +--- a/drivers/media/video/cx25821/cx25821-core.c ++++ b/drivers/media/video/cx25821/cx25821-core.c +@@ -912,9 +912,6 @@ static int cx25821_dev_setup(struct cx25821_dev *dev) + list_add_tail(&dev->devlist, &cx25821_devlist); + mutex_unlock(&cx25821_devlist_mutex); + +- strcpy(cx25821_boards[UNKNOWN_BOARD].name, "unknown"); +- strcpy(cx25821_boards[CX25821_BOARD].name, "cx25821"); +- + if (dev->pci->device != 0x8210) { + pr_info("%s(): Exiting. Incorrect Hardware device = 0x%02x\n", + __func__, dev->pci->device); +diff --git a/drivers/media/video/cx25821/cx25821.h b/drivers/media/video/cx25821/cx25821.h +index b9aa801..029f293 100644 +--- a/drivers/media/video/cx25821/cx25821.h ++++ b/drivers/media/video/cx25821/cx25821.h +@@ -187,7 +187,7 @@ enum port { + }; + + struct cx25821_board { +- char *name; ++ const char *name; + enum port porta; + enum port portb; + enum port portc; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c @@ -34790,6 +35012,36 @@ index 8636e83..ab9bbc3 100644 struct ixgbe_mbx_stats stats; u32 timeout; u32 usec_delay; +diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +index 307611a..d8e4562 100644 +--- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c ++++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +@@ -969,8 +969,6 @@ static irqreturn_t ixgbevf_msix_clean_tx(int irq, void *data) + r_idx = find_first_bit(q_vector->txr_idx, adapter->num_tx_queues); + for (i = 0; i < q_vector->txr_count; i++) { + tx_ring = &(adapter->tx_ring[r_idx]); +- tx_ring->total_bytes = 0; +- tx_ring->total_packets = 0; + ixgbevf_clean_tx_irq(adapter, tx_ring); + r_idx = find_next_bit(q_vector->txr_idx, adapter->num_tx_queues, + r_idx + 1); +@@ -994,16 +992,6 @@ static irqreturn_t ixgbevf_msix_clean_rx(int irq, void *data) + struct ixgbe_hw *hw = &adapter->hw; + struct ixgbevf_ring *rx_ring; + int r_idx; +- int i; +- +- r_idx = find_first_bit(q_vector->rxr_idx, adapter->num_rx_queues); +- for (i = 0; i < q_vector->rxr_count; i++) { +- rx_ring = &(adapter->rx_ring[r_idx]); +- rx_ring->total_bytes = 0; +- rx_ring->total_packets = 0; +- r_idx = find_next_bit(q_vector->rxr_idx, adapter->num_rx_queues, +- r_idx + 1); +- } + + if (!q_vector->rxr_count) + return IRQ_HANDLED; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 25c951d..cc7cf33 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -34920,10 +35172,10 @@ index c07cfe9..81cbf7e 100644 /* To mask all all interrupts.*/ diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -index 48d56da..a27e46c 100644 +index 9bdfaba..3d8f8d4 100644 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c -@@ -1584,7 +1584,7 @@ static const struct file_operations stmmac_rings_status_fops = { +@@ -1587,7 +1587,7 @@ static const struct file_operations stmmac_rings_status_fops = { .open = stmmac_sysfs_ring_open, .read = seq_read, .llseek = seq_lseek, @@ -34932,7 +35184,7 @@ index 48d56da..a27e46c 100644 }; static int stmmac_sysfs_dma_cap_read(struct seq_file *seq, void *v) -@@ -1656,7 +1656,7 @@ static const struct file_operations stmmac_dma_cap_fops = { +@@ -1659,7 +1659,7 @@ static const struct file_operations stmmac_dma_cap_fops = { .open = stmmac_sysfs_dma_cap_open, .read = seq_read, .llseek = seq_lseek, @@ -37315,6 +37567,51 @@ index 0d4aa82..f7832d4 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ +diff --git a/drivers/target/target_core_cdb.c b/drivers/target/target_core_cdb.c +index 30a6770..fa323f8 100644 +--- a/drivers/target/target_core_cdb.c ++++ b/drivers/target/target_core_cdb.c +@@ -1107,7 +1107,7 @@ int target_emulate_write_same(struct se_task *task) + if (num_blocks != 0) + range = num_blocks; + else +- range = (dev->transport->get_blocks(dev) - lba); ++ range = (dev->transport->get_blocks(dev) - lba) + 1; + + pr_debug("WRITE_SAME UNMAP: LBA: %llu Range: %llu\n", + (unsigned long long)lba, (unsigned long long)range); +diff --git a/drivers/target/target_core_pr.c b/drivers/target/target_core_pr.c +index c3148b1..89d10e6 100644 +--- a/drivers/target/target_core_pr.c ++++ b/drivers/target/target_core_pr.c +@@ -2038,7 +2038,7 @@ static int __core_scsi3_write_aptpl_to_file( + if (IS_ERR(file) || !file || !file->f_dentry) { + pr_err("filp_open(%s) for APTPL metadata" + " failed\n", path); +- return (PTR_ERR(file) < 0 ? PTR_ERR(file) : -ENOENT); ++ return IS_ERR(file) ? PTR_ERR(file) : -ENOENT; + } + + iov[0].iov_base = &buf[0]; +@@ -3826,7 +3826,7 @@ int target_scsi3_emulate_pr_out(struct se_task *task) + " SPC-2 reservation is held, returning" + " RESERVATION_CONFLICT\n"); + cmd->scsi_sense_reason = TCM_RESERVATION_CONFLICT; +- ret = EINVAL; ++ ret = -EINVAL; + goto out; + } + +@@ -3836,7 +3836,8 @@ int target_scsi3_emulate_pr_out(struct se_task *task) + */ + if (!cmd->se_sess) { + cmd->scsi_sense_reason = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; +- return -EINVAL; ++ ret = -EINVAL; ++ goto out; + } + + if (cmd->data_length < 24) { diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c index f015839..b15dfc4 100644 --- a/drivers/target/target_core_tmr.c @@ -37371,6 +37668,19 @@ index 443704f..92d3517 100644 cmd->t_task_list_num) cmd->transport_state |= CMD_T_SENT; +diff --git a/drivers/target/tcm_fc/tfc_cmd.c b/drivers/target/tcm_fc/tfc_cmd.c +index a375f25..da90f64 100644 +--- a/drivers/target/tcm_fc/tfc_cmd.c ++++ b/drivers/target/tcm_fc/tfc_cmd.c +@@ -240,6 +240,8 @@ u32 ft_get_task_tag(struct se_cmd *se_cmd) + { + struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd); + ++ if (cmd->aborted) ++ return ~0; + return fc_seq_exch(cmd->seq)->rxid; + } + diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c index 3436436..772237b 100644 --- a/drivers/tty/hvc/hvcs.c @@ -41561,7 +41871,7 @@ index d146e18..12d1bd1 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 16f7354..666524e 100644 +index 16f7354..7cc1e24 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -41692,7 +42002,7 @@ index 16f7354..666524e 100644 error = -ENOMEM; goto out_close; } -@@ -525,6 +549,349 @@ out: +@@ -525,6 +549,311 @@ out: return error; } @@ -41712,15 +42022,6 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_SEGMEXEC; +#endif + -+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) -+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { -+ if ((__supported_pte_mask & _PAGE_NX)) -+ pax_flags &= ~MF_PAX_SEGMEXEC; -+ else -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ } -+#endif -+ +#ifdef CONFIG_PAX_EMUTRAMP + if (elf_phdata->p_flags & PF_EMUTRAMP) + pax_flags |= MF_PAX_EMUTRAMP; @@ -41754,15 +42055,6 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_SEGMEXEC; +#endif + -+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) -+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { -+ if ((__supported_pte_mask & _PAGE_NX)) -+ pax_flags &= ~MF_PAX_SEGMEXEC; -+ else -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ } -+#endif -+ +#ifdef CONFIG_PAX_EMUTRAMP + if (!(elf_phdata->p_flags & PF_NOEMUTRAMP)) + pax_flags |= MF_PAX_EMUTRAMP; @@ -41798,15 +42090,6 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_SEGMEXEC; +#endif + -+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) -+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { -+ if ((__supported_pte_mask & _PAGE_NX)) -+ pax_flags &= ~MF_PAX_SEGMEXEC; -+ else -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ } -+#endif -+ +#ifdef CONFIG_PAX_EMUTRAMP + if (pax_flags_softmode & MF_PAX_EMUTRAMP) + pax_flags |= MF_PAX_EMUTRAMP; @@ -41840,15 +42123,6 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_SEGMEXEC; +#endif + -+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) -+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { -+ if ((__supported_pte_mask & _PAGE_NX)) -+ pax_flags &= ~MF_PAX_SEGMEXEC; -+ else -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ } -+#endif -+ +#ifdef CONFIG_PAX_EMUTRAMP + if (!(pax_flags_hardmode & MF_PAX_EMUTRAMP)) + pax_flags |= MF_PAX_EMUTRAMP; @@ -41868,7 +42142,7 @@ index 16f7354..666524e 100644 +} +#endif + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) ++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) +static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) +{ + unsigned long pax_flags = 0UL; @@ -41885,15 +42159,6 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_SEGMEXEC; +#endif + -+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) -+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { -+ if ((__supported_pte_mask & _PAGE_NX)) -+ pax_flags &= ~MF_PAX_SEGMEXEC; -+ else -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ } -+#endif -+ +#ifdef CONFIG_PAX_EMUTRAMP + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP)) + pax_flags |= MF_PAX_EMUTRAMP; @@ -41915,19 +42180,17 @@ index 16f7354..666524e 100644 + pax_flags |= MF_PAX_PAGEEXEC; +#endif + ++#ifdef CONFIG_PAX_SEGMEXEC ++ pax_flags |= MF_PAX_SEGMEXEC; ++#endif ++ +#ifdef CONFIG_PAX_MPROTECT + pax_flags |= MF_PAX_MPROTECT; +#endif + +#ifdef CONFIG_PAX_RANDMMAP -+ pax_flags |= MF_PAX_RANDMMAP; -+#endif -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (!(pax_flags & MF_PAX_PAGEEXEC) || !(__supported_pte_mask & _PAGE_NX)) { -+ pax_flags &= ~MF_PAX_PAGEEXEC; -+ pax_flags |= MF_PAX_SEGMEXEC; -+ } ++ if (randomize_va_space) ++ pax_flags |= MF_PAX_RANDMMAP; +#endif + +#endif @@ -42031,6 +42294,15 @@ index 16f7354..666524e 100644 + if (pt_pax_flags != ~0UL) + pax_flags = pt_pax_flags; + ++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) ++ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { ++ if ((__supported_pte_mask & _PAGE_NX)) ++ pax_flags &= ~MF_PAX_SEGMEXEC; ++ else ++ pax_flags &= ~MF_PAX_PAGEEXEC; ++ } ++#endif ++ + if (0 > pax_check_flags(&pax_flags)) + return -EINVAL; + @@ -42042,7 +42314,7 @@ index 16f7354..666524e 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -541,6 +908,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -541,6 +870,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -42054,7 +42326,7 @@ index 16f7354..666524e 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -559,7 +931,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -559,7 +893,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -42063,7 +42335,7 @@ index 16f7354..666524e 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -569,11 +941,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -569,11 +903,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -42076,7 +42348,7 @@ index 16f7354..666524e 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -709,11 +1081,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -709,11 +1043,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; /* OK, This is the point of no return */ @@ -42101,7 +42373,7 @@ index 16f7354..666524e 100644 + + current->mm->def_flags = 0; + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) ++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) + if (0 > pax_parse_pax_flags(&loc->elf_ex, elf_phdata, bprm->file)) { + send_sig(SIGKILL, current, 0); + goto out_free_dentry; @@ -42159,7 +42431,7 @@ index 16f7354..666524e 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -804,6 +1246,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -804,6 +1208,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -42180,7 +42452,7 @@ index 16f7354..666524e 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -836,9 +1292,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -836,9 +1254,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -42193,7 +42465,7 @@ index 16f7354..666524e 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -877,11 +1333,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -877,11 +1295,40 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42237,7 +42509,7 @@ index 16f7354..666524e 100644 if (elf_interpreter) { unsigned long uninitialized_var(interp_map_addr); -@@ -1109,7 +1594,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1109,7 +1556,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42246,7 +42518,7 @@ index 16f7354..666524e 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1146,7 +1631,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1146,7 +1593,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42255,7 +42527,7 @@ index 16f7354..666524e 100644 goto whole; /* -@@ -1368,9 +1853,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1368,9 +1815,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42267,7 +42539,7 @@ index 16f7354..666524e 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1892,14 +2377,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1892,14 +2339,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42284,7 +42556,7 @@ index 16f7354..666524e 100644 return size; } -@@ -1993,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1993,7 +2440,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42293,7 +42565,7 @@ index 16f7354..666524e 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2007,10 +2492,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2007,10 +2454,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42306,7 +42578,7 @@ index 16f7354..666524e 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2024,7 +2511,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2024,7 +2473,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42315,7 +42587,7 @@ index 16f7354..666524e 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2035,6 +2522,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2035,6 +2484,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42323,7 +42595,7 @@ index 16f7354..666524e 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2059,7 +2547,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2059,7 +2509,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42332,7 +42604,7 @@ index 16f7354..666524e 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2068,6 +2556,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2068,6 +2518,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42340,7 +42612,7 @@ index 16f7354..666524e 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2085,6 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2085,6 +2536,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42348,7 +42620,7 @@ index 16f7354..666524e 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2105,6 +2595,97 @@ out: +@@ -2105,6 +2557,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -42483,7 +42755,7 @@ index 6b2daf9..a70dccb 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index 84da885..2149cd9 100644 +index 84da885..bac1d48 100644 --- a/fs/bio.c +++ b/fs/bio.c @@ -838,7 +838,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, @@ -42495,6 +42767,15 @@ index 84da885..2149cd9 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; +@@ -972,7 +972,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); + + nr_pages += end - start; @@ -1234,7 +1234,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; @@ -42625,51 +42906,6 @@ index 646ee21..f020f87 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); -diff --git a/fs/buffer.c b/fs/buffer.c -index ad5938c..0bc1bed 100644 ---- a/fs/buffer.c -+++ b/fs/buffer.c -@@ -1036,6 +1036,9 @@ grow_buffers(struct block_device *bdev, sector_t block, int size) - static struct buffer_head * - __getblk_slow(struct block_device *bdev, sector_t block, int size) - { -+ int ret; -+ struct buffer_head *bh; -+ - /* Size must be multiple of hard sectorsize */ - if (unlikely(size & (bdev_logical_block_size(bdev)-1) || - (size < 512 || size > PAGE_SIZE))) { -@@ -1048,20 +1051,21 @@ __getblk_slow(struct block_device *bdev, sector_t block, int size) - return NULL; - } - -- for (;;) { -- struct buffer_head * bh; -- int ret; -+retry: -+ bh = __find_get_block(bdev, block, size); -+ if (bh) -+ return bh; - -+ ret = grow_buffers(bdev, block, size); -+ if (ret == 0) { -+ free_more_memory(); -+ goto retry; -+ } else if (ret > 0) { - bh = __find_get_block(bdev, block, size); - if (bh) - return bh; -- -- ret = grow_buffers(bdev, block, size); -- if (ret < 0) -- return NULL; -- if (ret == 0) -- free_more_memory(); - } -+ return NULL; - } - - /* diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -44311,6 +44547,18 @@ index 0e01e90..ae2bd5e 100644 atomic_t s_lock_busy; /* locality groups */ +diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c +index 1365903..9727522 100644 +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -261,7 +261,6 @@ group_extend_out: + err = ext4_move_extents(filp, donor_filp, me.orig_start, + me.donor_start, me.len, &me.moved_len); + mnt_drop_write_file(filp); +- mnt_drop_write(filp->f_path.mnt); + + if (copy_to_user((struct move_extent __user *)arg, + &me, sizeof(me))) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 6b0a57e..1955a44 100644 --- a/fs/ext4/mballoc.c @@ -44471,10 +44719,10 @@ index 75e7c1f..1eb3e4d 100644 break; err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); diff --git a/fs/fifo.c b/fs/fifo.c -index b1a524d..4ee270e 100644 +index cf6f434..3d7942c 100644 --- a/fs/fifo.c +++ b/fs/fifo.c -@@ -58,10 +58,10 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &read_pipefifo_fops; pipe->r_counter++; @@ -44503,10 +44751,10 @@ index b1a524d..4ee270e 100644 - if (!pipe->readers) { + if (!atomic_read(&pipe->readers)) { - wait_for_partner(inode, &pipe->r_counter); - if (signal_pending(current)) + if (wait_for_partner(inode, &pipe->r_counter)) goto err_wr; -@@ -105,11 +105,11 @@ static int fifo_open(struct inode *inode, struct file *filp) + } +@@ -104,11 +104,11 @@ static int fifo_open(struct inode *inode, struct file *filp) */ filp->f_op = &rdwr_pipefifo_fops; @@ -44521,7 +44769,7 @@ index b1a524d..4ee270e 100644 wake_up_partner(inode); break; -@@ -123,19 +123,19 @@ static int fifo_open(struct inode *inode, struct file *filp) +@@ -122,19 +122,19 @@ static int fifo_open(struct inode *inode, struct file *filp) return 0; err_rd: @@ -46181,18 +46429,9 @@ index 8392cb8..80d6193 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 0d68f1f..3114738 100644 +index 6a64f15..3114738 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -1465,7 +1465,7 @@ int generic_setlease(struct file *filp, long arg, struct file_lock **flp) - case F_WRLCK: - return generic_add_lease(filp, arg, flp); - default: -- BUG(); -+ return -EINVAL; - } - } - EXPORT_SYMBOL(generic_setlease); @@ -2075,16 +2075,16 @@ void locks_remove_flock(struct file *filp) return; @@ -48690,7 +48929,7 @@ index 17d33d0..da0bf5c 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 0cbd049..cab1127 100644 +index 0cbd049..e2773e2 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -9,6 +9,7 @@ @@ -48711,7 +48950,55 @@ index 0cbd049..cab1127 100644 /* * Wrappers around seq_open(e.g. swaps_open) need to be -@@ -567,7 +571,7 @@ static void single_stop(struct seq_file *p, void *v) +@@ -92,7 +96,11 @@ static int traverse(struct seq_file *m, loff_t offset) + return 0; + } + if (!m->buf) { ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL | GFP_USERCOPY); ++#else + m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); ++#endif + if (!m->buf) + return -ENOMEM; + } +@@ -132,7 +140,11 @@ static int traverse(struct seq_file *m, loff_t offset) + Eoverflow: + m->op->stop(m, p); + kfree(m->buf); ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ m->buf = kmalloc(m->size <<= 1, GFP_KERNEL | GFP_USERCOPY); ++#else + m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); ++#endif + return !m->buf ? -ENOMEM : -EAGAIN; + } + +@@ -187,7 +199,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) + + /* grab buffer if we didn't have one */ + if (!m->buf) { ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL | GFP_USERCOPY); ++#else + m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); ++#endif + if (!m->buf) + goto Enomem; + } +@@ -228,7 +244,11 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) + goto Fill; + m->op->stop(m, p); + kfree(m->buf); ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ m->buf = kmalloc(m->size <<= 1, GFP_KERNEL | GFP_USERCOPY); ++#else + m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); ++#endif + if (!m->buf) + goto Enomem; + m->count = 0; +@@ -567,7 +587,7 @@ static void single_stop(struct seq_file *p, void *v) int single_open(struct file *file, int (*show)(struct seq_file *, void *), void *data) { @@ -58908,7 +59195,7 @@ index f1c8ca6..b5c1cc7 100644 #define ACPI_DRIVER_ALL_NOTIFY_EVENTS 0x1 /* system AND device events */ diff --git a/include/asm-generic/atomic-long.h b/include/asm-generic/atomic-long.h -index b7babf0..71e4e74 100644 +index b7babf0..c1e2d45 100644 --- a/include/asm-generic/atomic-long.h +++ b/include/asm-generic/atomic-long.h @@ -22,6 +22,12 @@ @@ -59161,7 +59448,7 @@ index b7babf0..71e4e74 100644 static inline long atomic_long_dec_return(atomic_long_t *l) { atomic_t *v = (atomic_t *)l; -@@ -255,4 +393,49 @@ static inline long atomic_long_add_unless(atomic_long_t *l, long a, long u) +@@ -255,4 +393,53 @@ static inline long atomic_long_add_unless(atomic_long_t *l, long a, long u) #endif /* BITS_PER_LONG == 64 */ @@ -59179,6 +59466,8 @@ index b7babf0..71e4e74 100644 + atomic_dec_unchecked((atomic_unchecked_t *)NULL); + atomic_cmpxchg_unchecked((atomic_unchecked_t *)NULL, 0, 0); + (void)atomic_xchg_unchecked((atomic_unchecked_t *)NULL, 0); ++ atomic_clear_mask_unchecked(0, NULL); ++ atomic_set_mask_unchecked(0, NULL); + + atomic_long_read_unchecked((atomic_long_unchecked_t *)NULL); + atomic_long_set_unchecked((atomic_long_unchecked_t *)NULL, 0); @@ -59200,6 +59489,8 @@ index b7babf0..71e4e74 100644 +#define atomic_dec_unchecked(v) atomic_dec(v) +#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg((v), (o), (n)) +#define atomic_xchg_unchecked(v, i) atomic_xchg((v), (i)) ++#define atomic_clear_mask_unchecked(mask, v) atomic_clear_mask((mask), (v)) ++#define atomic_set_mask_unchecked(mask, v) atomic_set_mask((mask), (v)) + +#define atomic_long_read_unchecked(v) atomic_long_read(v) +#define atomic_long_set_unchecked(v, i) atomic_long_set((v), (i)) @@ -59211,6 +59502,19 @@ index b7babf0..71e4e74 100644 +#endif + #endif /* _ASM_GENERIC_ATOMIC_LONG_H */ +diff --git a/include/asm-generic/atomic.h b/include/asm-generic/atomic.h +index 1ced641..c896ee8 100644 +--- a/include/asm-generic/atomic.h ++++ b/include/asm-generic/atomic.h +@@ -159,7 +159,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) + * Atomically clears the bits set in @mask from @v + */ + #ifndef atomic_clear_mask +-static inline void atomic_clear_mask(unsigned long mask, atomic_t *v) ++static inline void atomic_clear_mask(unsigned int mask, atomic_t *v) + { + unsigned long flags; + diff --git a/include/asm-generic/atomic64.h b/include/asm-generic/atomic64.h index b18ce4f..2ee2843 100644 --- a/include/asm-generic/atomic64.h @@ -60138,6 +60442,49 @@ index 017a7fb..33a8507 100644 struct disk_events *ev; #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; +diff --git a/include/linux/gfp.h b/include/linux/gfp.h +index 581e74b..1dbda57 100644 +--- a/include/linux/gfp.h ++++ b/include/linux/gfp.h +@@ -38,6 +38,12 @@ struct vm_area_struct; + #define ___GFP_OTHER_NODE 0x800000u + #define ___GFP_WRITE 0x1000000u + ++#ifdef CONFIG_PAX_USERCOPY ++#define ___GFP_USERCOPY 0x2000000u ++#else ++#define ___GFP_USERCOPY 0 ++#endif ++ + /* + * GFP bitmasks.. + * +@@ -87,6 +93,7 @@ struct vm_area_struct; + #define __GFP_NO_KSWAPD ((__force gfp_t)___GFP_NO_KSWAPD) + #define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE) /* On behalf of other node */ + #define __GFP_WRITE ((__force gfp_t)___GFP_WRITE) /* Allocator intends to dirty page */ ++#define __GFP_USERCOPY ((__force gfp_t)___GFP_USERCOPY)/* Allocator intends to copy page to/from userland */ + + /* + * This may seem redundant, but it's a way of annotating false positives vs. +@@ -94,7 +101,7 @@ struct vm_area_struct; + */ + #define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK) + +-#define __GFP_BITS_SHIFT 25 /* Room for N __GFP_FOO bits */ ++#define __GFP_BITS_SHIFT 26 /* Room for N __GFP_FOO bits */ + #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1)) + + /* This equals 0, but use constants in case they ever change */ +@@ -148,6 +155,8 @@ struct vm_area_struct; + /* 4GB DMA on some platforms */ + #define GFP_DMA32 __GFP_DMA32 + ++#define GFP_USERCOPY __GFP_USERCOPY ++ + /* Convert GFP flags to their corresponding migrate type */ + static inline int allocflags_to_migratetype(gfp_t gfp_flags) + { diff --git a/include/linux/gracl.h b/include/linux/gracl.h new file mode 100644 index 0000000..c938b1f @@ -62251,10 +62598,21 @@ index 85c5073..51fac8b 100644 struct ctl_table_header; struct ctl_table; diff --git a/include/linux/random.h b/include/linux/random.h -index 8f74538..02a1012 100644 +index 8f74538..de61694 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -69,12 +69,17 @@ void srandom32(u32 seed); +@@ -54,6 +54,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code, + unsigned int value); + extern void add_interrupt_randomness(int irq); + ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++extern void transfer_latent_entropy(void); ++#endif ++ + extern void get_random_bytes(void *buf, int nbytes); + void generate_random_uuid(unsigned char uuid_out[16]); + +@@ -69,12 +73,17 @@ void srandom32(u32 seed); u32 prandom32(struct rnd_state *); @@ -62367,7 +62725,7 @@ index fd07c45..4676b8e 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index 81a173c..85ccd8f 100644 +index 7b06169..da44f01 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -100,6 +100,7 @@ struct bio_list; @@ -62556,7 +62914,7 @@ index 81a173c..85ccd8f 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2138,7 +2230,9 @@ void yield(void); +@@ -2146,7 +2238,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -62566,7 +62924,7 @@ index 81a173c..85ccd8f 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2171,6 +2265,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2179,6 +2273,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -62574,7 +62932,7 @@ index 81a173c..85ccd8f 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2314,7 +2409,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2322,7 +2417,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -62583,7 +62941,7 @@ index 81a173c..85ccd8f 100644 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2515,13 +2610,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2523,13 +2618,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -62707,7 +63065,7 @@ index c1bae8d..2dbcd31 100644 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); diff --git a/include/linux/slab.h b/include/linux/slab.h -index a595dce..c403597 100644 +index a595dce..a0116fb 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -62748,15 +63106,16 @@ index a595dce..c403597 100644 /* * struct kmem_cache related prototypes -@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, gfp_t); +@@ -161,6 +172,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); +void check_object_size(const void *ptr, unsigned long n, bool to); ++bool is_usercopy_alloc(const void *ptr); /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -240,6 +252,7 @@ size_t ksize(const void *); +@@ -240,6 +253,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ @@ -62764,7 +63123,7 @@ index a595dce..c403597 100644 static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) { if (size != 0 && n > ULONG_MAX / size) -@@ -298,7 +311,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -298,7 +312,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -62773,7 +63132,7 @@ index a595dce..c403597 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -317,7 +330,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -317,7 +331,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -62783,7 +63142,7 @@ index a595dce..c403597 100644 __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index fbd1117..d4d8ef8 100644 +index fbd1117..5affe9e 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h @@ -66,10 +66,10 @@ struct kmem_cache { @@ -62801,7 +63160,16 @@ index fbd1117..d4d8ef8 100644 /* * If debugging is enabled, then the allocator can add additional -@@ -107,7 +107,7 @@ struct cache_sizes { +@@ -103,11 +103,16 @@ struct cache_sizes { + #ifdef CONFIG_ZONE_DMA + struct kmem_cache *cs_dmacachep; + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ struct kmem_cache *cs_usercopycachep; ++#endif ++ + }; extern struct cache_sizes malloc_sizes[]; void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -62810,7 +63178,21 @@ index fbd1117..d4d8ef8 100644 #ifdef CONFIG_TRACING extern void *kmem_cache_alloc_trace(size_t size, -@@ -160,7 +160,7 @@ found: +@@ -150,6 +155,13 @@ found: + cachep = malloc_sizes[i].cs_dmacachep; + else + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ if (flags & GFP_USERCOPY) ++ cachep = malloc_sizes[i].cs_usercopycachep; ++ else ++#endif ++ + cachep = malloc_sizes[i].cs_cachep; + + ret = kmem_cache_alloc_trace(size, cachep, flags); +@@ -160,7 +172,7 @@ found: } #ifdef CONFIG_NUMA @@ -62819,6 +63201,20 @@ index fbd1117..d4d8ef8 100644 extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING +@@ -203,6 +215,13 @@ found: + cachep = malloc_sizes[i].cs_dmacachep; + else + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ if (flags & GFP_USERCOPY) ++ cachep = malloc_sizes[i].cs_usercopycachep; ++ else ++#endif ++ + cachep = malloc_sizes[i].cs_cachep; + + return kmem_cache_alloc_node_trace(size, cachep, flags, node); diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h index 0ec00b3..39cb7fc 100644 --- a/include/linux/slob_def.h @@ -63428,7 +63824,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index 72522f0..6f03a2b 100644 +index 72522f0..2965e05 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -510,7 +510,7 @@ struct ip_vs_conn { @@ -63449,6 +63845,15 @@ index 72522f0..6f03a2b 100644 atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ +@@ -1356,7 +1356,7 @@ static inline void ip_vs_notrack(struct sk_buff *skb) + struct nf_conn *ct = nf_ct_get(skb, &ctinfo); + + if (!ct || !nf_ct_is_untracked(ct)) { +- nf_reset(skb); ++ nf_conntrack_put(skb->nfct); + skb->nfct = &nf_ct_untracked_get()->ct_general; + skb->nfctinfo = IP_CT_NEW; + nf_conntrack_get(skb->nfct); diff --git a/include/net/irda/ircomm_core.h b/include/net/irda/ircomm_core.h index 69b610a..fe3962c 100644 --- a/include/net/irda/ircomm_core.h @@ -64256,7 +64661,7 @@ index 8216c30..25e8e32 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index b08c5f7..09f865e 100644 +index b08c5f7..bf65a52 100644 --- a/init/main.c +++ b/init/main.c @@ -95,6 +95,8 @@ static inline void mark_rodata_ro(void) { } @@ -64346,7 +64751,39 @@ index b08c5f7..09f865e 100644 } return ret; -@@ -865,7 +911,7 @@ static int __init kernel_init(void * unused) +@@ -747,8 +793,14 @@ static void __init do_initcall_level(int level) + level, level, + repair_env_string); + +- for (fn = initcall_levels[level]; fn < initcall_levels[level+1]; fn++) ++ for (fn = initcall_levels[level]; fn < initcall_levels[level+1]; fn++) { + do_one_initcall(*fn); ++ ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++ transfer_latent_entropy(); ++#endif ++ ++ } + } + + static void __init do_initcalls(void) +@@ -782,8 +834,14 @@ static void __init do_pre_smp_initcalls(void) + { + initcall_t *fn; + +- for (fn = __initcall_start; fn < __initcall0_start; fn++) ++ for (fn = __initcall_start; fn < __initcall0_start; fn++) { + do_one_initcall(*fn); ++ ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++ transfer_latent_entropy(); ++#endif ++ ++ } + } + + static void run_init_process(const char *init_filename) +@@ -865,7 +923,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -64355,7 +64792,7 @@ index b08c5f7..09f865e 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -878,11 +924,13 @@ static int __init kernel_init(void * unused) +@@ -878,11 +936,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -65687,18 +66124,18 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index ae34bf5..4e2f3d0 100644 +index 6db7a5e..25b6648 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1393,7 +1393,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } -static void run_hrtimer_softirq(struct softirq_action *h) +static void run_hrtimer_softirq(void) { - hrtimer_peek_ahead_timers(); - } + struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); + diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 4304919..408c4c0 100644 --- a/kernel/jump_label.c @@ -65735,7 +66172,7 @@ index 4304919..408c4c0 100644 static int diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c -index 079f1d3..a407562 100644 +index 079f1d3..4e80e69 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -11,6 +11,9 @@ @@ -65831,7 +66268,30 @@ index 079f1d3..a407562 100644 /* Some debugging symbols have no name. Ignore them. */ if (!iter->name[0]) return 0; -@@ -540,7 +583,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) +@@ -515,11 +558,22 @@ static int s_show(struct seq_file *m, void *p) + */ + type = iter->exported ? toupper(iter->type) : + tolower(iter->type); ++ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ seq_printf(m, "%pP %c %s\t[%s]\n", (void *)iter->value, ++ type, iter->name, iter->module_name); ++#else + seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value, + type, iter->name, iter->module_name); ++#endif + } else ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ seq_printf(m, "%pP %c %s\n", (void *)iter->value, ++ iter->type, iter->name); ++#else + seq_printf(m, "%pK %c %s\n", (void *)iter->value, + iter->type, iter->name); ++#endif + return 0; + } + +@@ -540,7 +594,7 @@ static int kallsyms_open(struct inode *inode, struct file *file) struct kallsym_iter *iter; int ret; @@ -67932,10 +68392,10 @@ index 0984a21..939f183 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 2000e06..79cf3d8 100644 +index 817bf70..9099fb4 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3907,6 +3907,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -4038,6 +4038,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -67944,7 +68404,7 @@ index 2000e06..79cf3d8 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3940,7 +3942,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -4071,7 +4073,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -67954,7 +68414,7 @@ index 2000e06..79cf3d8 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -4097,6 +4100,7 @@ recheck: +@@ -4228,6 +4231,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -68691,7 +69151,7 @@ index f113755..ec24223 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index d42574df..247414c 100644 +index 7c50de8..e29a94d 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -68702,7 +69162,7 @@ index d42574df..247414c 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -373,6 +374,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -388,6 +389,8 @@ int do_settimeofday(const struct timespec *tv) if ((unsigned long)tv->tv_nsec >= NSEC_PER_SEC) return -EINVAL; @@ -69319,7 +69779,7 @@ index 3ac50dc..240bb7e 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index abbabec..362988d 100644 +index abbabec..b69d6dd 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -69362,8 +69822,21 @@ index abbabec..362988d 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -868,12 +877,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -866,14 +875,25 @@ static noinline_for_stack + char *pointer(const char *fmt, char *buf, char *end, void *ptr, + struct printf_spec spec) { ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ /* 'P' = approved pointers to copy to userland, ++ as in the /proc/kallsyms case, as we make it display nothing ++ for non-root users, and the real contents for root users ++ */ ++ if (ptr > TASK_SIZE && *fmt != 'P' && is_usercopy_alloc(buf)) { ++ ptr = NULL; ++ goto simple; ++ } ++#endif ++ if (!ptr && *fmt != 'K') { /* - * Print (null) with the same width as a pointer so it makes @@ -69377,7 +69850,7 @@ index abbabec..362988d 100644 } switch (*fmt) { -@@ -883,6 +892,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -883,6 +903,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -69391,7 +69864,26 @@ index abbabec..362988d 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1653,11 +1669,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -920,6 +947,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + va_end(va); + return buf; + } ++ case 'P': ++ break; + case 'K': + /* + * %pK cannot be used in IRQ context because its test +@@ -942,6 +971,9 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + } + break; + } ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++simple: ++#endif + spec.flags |= SMALL; + if (spec.field_width == -1) { + spec.field_width = 2 * sizeof(void *); +@@ -1653,11 +1685,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -69406,7 +69898,7 @@ index abbabec..362988d 100644 } \ args += sizeof(type); \ value; \ -@@ -1720,7 +1736,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1720,7 +1752,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -72514,7 +73006,7 @@ index 9d65a02..7c877e7 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index e901a36..ee8fe97 100644 +index e901a36..4923e4d 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -153,7 +153,7 @@ @@ -72568,16 +73060,36 @@ index e901a36..ee8fe97 100644 { u32 offset = (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -568,7 +568,7 @@ struct cache_names { +@@ -563,12 +563,13 @@ EXPORT_SYMBOL(malloc_sizes); + struct cache_names { + char *name; + char *name_dma; ++ char *name_usercopy; + }; + static struct cache_names __initdata cache_names[] = { - #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" }, +-#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" }, ++#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)", .name_usercopy = "size-" #x "(USERCOPY)" }, #include <linux/kmalloc_sizes.h> - {NULL,} + {NULL} #undef CACHE }; -@@ -1588,7 +1588,7 @@ void __init kmem_cache_init(void) +@@ -756,6 +757,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, + if (unlikely(gfpflags & GFP_DMA)) + return csizep->cs_dmacachep; + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ if (unlikely(gfpflags & GFP_USERCOPY)) ++ return csizep->cs_usercopycachep; ++#endif ++ + return csizep->cs_cachep; + } + +@@ -1588,7 +1595,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, ARCH_KMALLOC_MINALIGN, @@ -72586,7 +73098,7 @@ index e901a36..ee8fe97 100644 NULL); if (INDEX_AC != INDEX_L3) { -@@ -1596,7 +1596,7 @@ void __init kmem_cache_init(void) +@@ -1596,7 +1603,7 @@ void __init kmem_cache_init(void) kmem_cache_create(names[INDEX_L3].name, sizes[INDEX_L3].cs_size, ARCH_KMALLOC_MINALIGN, @@ -72595,7 +73107,7 @@ index e901a36..ee8fe97 100644 NULL); } -@@ -1614,7 +1614,7 @@ void __init kmem_cache_init(void) +@@ -1614,7 +1621,7 @@ void __init kmem_cache_init(void) sizes->cs_cachep = kmem_cache_create(names->name, sizes->cs_size, ARCH_KMALLOC_MINALIGN, @@ -72604,7 +73116,24 @@ index e901a36..ee8fe97 100644 NULL); } #ifdef CONFIG_ZONE_DMA -@@ -4390,10 +4390,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -1626,6 +1633,16 @@ void __init kmem_cache_init(void) + SLAB_PANIC, + NULL); + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ sizes->cs_usercopycachep = kmem_cache_create( ++ names->name_usercopy, ++ sizes->cs_size, ++ ARCH_KMALLOC_MINALIGN, ++ ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY, ++ NULL); ++#endif ++ + sizes++; + names++; + } +@@ -4390,10 +4407,10 @@ static int s_show(struct seq_file *m, void *p) } /* cpu stats */ { @@ -72619,7 +73148,7 @@ index e901a36..ee8fe97 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4652,13 +4652,62 @@ static int __init slab_proc_init(void) +@@ -4652,13 +4669,90 @@ static int __init slab_proc_init(void) { proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -72631,6 +73160,34 @@ index e901a36..ee8fe97 100644 module_init(slab_proc_init); #endif ++bool is_usercopy_alloc(const void *ptr) ++{ ++#ifdef CONFIG_PAX_USERCOPY ++ struct page *page; ++ struct kmem_cache *cachep; ++ struct slab *slabp; ++ ++ if (ZERO_OR_NULL_PTR(ptr)) ++ return false; ++ ++ if (!virt_addr_valid(ptr)) ++ return false; ++ ++ page = virt_to_head_page(ptr); ++ ++ if (!PageSlab(page)) ++ return false; ++ ++ cachep = page_get_cache(page); ++ if (!(cachep->flags & SLAB_USERCOPY)) ++ return false; ++ ++ return true; ++#endif ++ ++ return false; ++} ++ +void check_object_size(const void *ptr, unsigned long n, bool to) +{ + @@ -72684,7 +73241,7 @@ index e901a36..ee8fe97 100644 * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object diff --git a/mm/slob.c b/mm/slob.c -index 8105be4..e045f96 100644 +index 8105be4..76a8cac 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -29,7 +29,7 @@ @@ -72835,7 +73392,7 @@ index 8105be4..e045f96 100644 return ret; } EXPORT_SYMBOL(__kmalloc_node); -@@ -533,13 +547,92 @@ void kfree(const void *block) +@@ -533,13 +547,97 @@ void kfree(const void *block) sp = slob_page(block); if (is_slob_page(sp)) { int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); @@ -72853,6 +73410,11 @@ index 8105be4..e045f96 100644 } EXPORT_SYMBOL(kfree); ++bool is_usercopy_alloc(const void *ptr) ++{ ++ return false; ++} ++ +void check_object_size(const void *ptr, unsigned long n, bool to) +{ + @@ -72931,7 +73493,7 @@ index 8105be4..e045f96 100644 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ size_t ksize(const void *block) { -@@ -552,10 +645,10 @@ size_t ksize(const void *block) +@@ -552,10 +650,10 @@ size_t ksize(const void *block) sp = slob_page(block); if (is_slob_page(sp)) { int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); @@ -72945,7 +73507,7 @@ index 8105be4..e045f96 100644 } EXPORT_SYMBOL(ksize); -@@ -571,8 +664,13 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -571,8 +669,13 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, { struct kmem_cache *c; @@ -72959,7 +73521,7 @@ index 8105be4..e045f96 100644 if (c) { c->name = name; -@@ -614,17 +712,25 @@ void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node) +@@ -614,17 +717,25 @@ void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node) lockdep_trace_alloc(flags); @@ -72985,7 +73547,7 @@ index 8105be4..e045f96 100644 if (c->ctor) c->ctor(b); -@@ -636,10 +742,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -636,10 +747,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); static void __kmem_cache_free(void *b, int size) { @@ -73004,7 +73566,7 @@ index 8105be4..e045f96 100644 } static void kmem_rcu_free(struct rcu_head *head) -@@ -652,17 +764,31 @@ static void kmem_rcu_free(struct rcu_head *head) +@@ -652,17 +769,31 @@ static void kmem_rcu_free(struct rcu_head *head) void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -73040,7 +73602,7 @@ index 8105be4..e045f96 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 71de9b5..dd263c5 100644 +index 71de9b5..8248521 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -209,7 +209,7 @@ struct track { @@ -73098,10 +73660,62 @@ index 71de9b5..dd263c5 100644 list_del(&s->list); up_write(&slub_lock); if (kmem_cache_close(s)) { -@@ -3405,6 +3406,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3223,6 +3224,10 @@ static struct kmem_cache *kmem_cache; + static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT]; + #endif + ++#ifdef CONFIG_PAX_USERCOPY ++static struct kmem_cache *kmalloc_usercopy_caches[SLUB_PAGE_SHIFT]; ++#endif ++ + static int __init setup_slub_min_order(char *str) + { + get_option(&str, &slub_min_order); +@@ -3337,6 +3342,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) + return kmalloc_dma_caches[index]; + + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ if (flags & SLAB_USERCOPY) ++ return kmalloc_usercopy_caches[index]; ++ ++#endif ++ + return kmalloc_caches[index]; + } + +@@ -3405,6 +3417,77 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif ++bool is_usercopy_alloc(const void *ptr) ++{ ++#ifdef CONFIG_PAX_USERCOPY ++ struct page *page; ++ struct kmem_cache *s; ++ ++ if (ZERO_OR_NULL_PTR(ptr)) ++ return false; ++ ++ if (!virt_addr_valid(ptr)) ++ return false; ++ ++ page = virt_to_head_page(ptr); ++ ++ if (!PageSlab(page)) ++ return false; ++ ++ s = page->slab; ++ if (!(s->flags & SLAB_USERCOPY)) ++ return false; ++ ++ return true; ++#endif ++ ++ return false; ++} ++ +void check_object_size(const void *ptr, unsigned long n, bool to) +{ + @@ -73149,7 +73763,7 @@ index 71de9b5..dd263c5 100644 size_t ksize(const void *object) { struct page *page; -@@ -3679,7 +3724,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3679,7 +3762,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -73158,7 +73772,7 @@ index 71de9b5..dd263c5 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3799,17 +3844,17 @@ void __init kmem_cache_init(void) +@@ -3799,17 +3882,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -73179,7 +73793,30 @@ index 71de9b5..dd263c5 100644 caches++; } -@@ -3877,7 +3922,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3851,6 +3934,22 @@ void __init kmem_cache_init(void) + } + } + #endif ++ ++#ifdef CONFIG_PAX_USERCOPY ++ for (i = 0; i < SLUB_PAGE_SHIFT; i++) { ++ struct kmem_cache *s = kmalloc_caches[i]; ++ ++ if (s && s->size) { ++ char *name = kasprintf(GFP_NOWAIT, ++ "usercopy-kmalloc-%d", s->objsize); ++ ++ BUG_ON(!name); ++ kmalloc_usercopy_caches[i] = create_kmalloc_cache(name, ++ s->objsize, SLAB_USERCOPY); ++ } ++ } ++#endif ++ + printk(KERN_INFO + "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d," + " CPUs=%d, Nodes=%d\n", +@@ -3877,7 +3976,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -73188,7 +73825,7 @@ index 71de9b5..dd263c5 100644 return 1; return 0; -@@ -3936,7 +3981,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3936,7 +4035,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -73197,7 +73834,7 @@ index 71de9b5..dd263c5 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3945,7 +3990,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3945,7 +4044,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -73206,7 +73843,7 @@ index 71de9b5..dd263c5 100644 goto err; } up_write(&slub_lock); -@@ -4074,7 +4119,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -4074,7 +4173,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -73215,7 +73852,7 @@ index 71de9b5..dd263c5 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4461,12 +4506,12 @@ static void resiliency_test(void) +@@ -4461,12 +4560,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -73230,7 +73867,7 @@ index 71de9b5..dd263c5 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4709,7 +4754,7 @@ SLAB_ATTR_RO(ctor); +@@ -4709,7 +4808,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -73239,7 +73876,7 @@ index 71de9b5..dd263c5 100644 } SLAB_ATTR_RO(aliases); -@@ -5280,6 +5325,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5280,6 +5379,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -73247,7 +73884,7 @@ index 71de9b5..dd263c5 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5342,6 +5388,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5342,6 +5442,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -73255,7 +73892,7 @@ index 71de9b5..dd263c5 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5355,6 +5402,7 @@ struct saved_alias { +@@ -5355,6 +5456,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -73263,7 +73900,7 @@ index 71de9b5..dd263c5 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5377,6 +5425,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5377,6 +5479,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -73593,6 +74230,22 @@ index 1196c77..2e608e8 100644 if (!vas || !vms) goto err_free2; +diff --git a/mm/vmscan.c b/mm/vmscan.c +index 4607cc6..be5bc0a 100644 +--- a/mm/vmscan.c ++++ b/mm/vmscan.c +@@ -3013,7 +3013,10 @@ static void kswapd_try_to_sleep(pg_data_t *pgdat, int order, int classzone_idx) + * them before going back to sleep. + */ + set_pgdat_percpu_threshold(pgdat, calculate_normal_threshold); +- schedule(); ++ ++ if (!kthread_should_stop()) ++ schedule(); ++ + set_pgdat_percpu_threshold(pgdat, calculate_pressure_threshold); + } else { + if (remaining) diff --git a/mm/vmstat.c b/mm/vmstat.c index 7db1b9b..e9f6b07 100644 --- a/mm/vmstat.c @@ -73942,6 +74595,21 @@ index 5fe2ff3..10968b5 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; +diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c +index aa6f716..7bf4c21 100644 +--- a/net/caif/caif_dev.c ++++ b/net/caif/caif_dev.c +@@ -562,9 +562,9 @@ static int __init caif_device_init(void) + + static void __exit caif_device_exit(void) + { +- unregister_pernet_subsys(&caif_net_ops); + unregister_netdevice_notifier(&caif_device_notifier); + dev_remove_pack(&caif_packet_type); ++ unregister_pernet_subsys(&caif_net_ops); + } + + module_init(caif_device_init); diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c index 5cf5222..6f704ad 100644 --- a/net/caif/cfctrl.c @@ -74513,6 +75181,23 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native +diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c +index c48adc5..667c1d4 100644 +--- a/net/ipv4/cipso_ipv4.c ++++ b/net/ipv4/cipso_ipv4.c +@@ -1725,8 +1725,10 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) + case CIPSO_V4_TAG_LOCAL: + /* This is a non-standard tag that we only allow for + * local connections, so if the incoming interface is +- * not the loopback device drop the packet. */ +- if (!(skb->dev->flags & IFF_LOOPBACK)) { ++ * not the loopback device drop the packet. Further, ++ * there is no legitimate reason for setting this from ++ * userspace so reject it if skb is NULL. */ ++ if (skb == NULL || !(skb->dev->flags & IFF_LOOPBACK)) { + err_offset = opt_iter; + goto validate_return_locked; + } diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index cbe3a68..a879b75 100644 --- a/net/ipv4/fib_frontend.c @@ -75772,7 +76457,7 @@ index 00bdb1d..6725a48 100644 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol == IPPROTO_SCTP) { diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index f558998..9cdff60 100644 +index f558998..7dfb054 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -75784,7 +76469,30 @@ index f558998..9cdff60 100644 /* bind the service */ if (!dest->svc) { -@@ -2028,7 +2028,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -1521,11 +1521,12 @@ static int ip_vs_dst_event(struct notifier_block *this, unsigned long event, + { + struct net_device *dev = ptr; + struct net *net = dev_net(dev); ++ struct netns_ipvs *ipvs = net_ipvs(net); + struct ip_vs_service *svc; + struct ip_vs_dest *dest; + unsigned int idx; + +- if (event != NETDEV_UNREGISTER) ++ if (event != NETDEV_UNREGISTER || !ipvs) + return NOTIFY_DONE; + IP_VS_DBG(3, "%s() dev=%s\n", __func__, dev->name); + EnterFunction(2); +@@ -1551,7 +1552,7 @@ static int ip_vs_dst_event(struct notifier_block *this, unsigned long event, + } + } + +- list_for_each_entry(dest, &net_ipvs(net)->dest_trash, n_list) { ++ list_for_each_entry(dest, &ipvs->dest_trash, n_list) { + __ip_vs_dev_reset(dest, dev); + } + mutex_unlock(&__ip_vs_mutex); +@@ -2028,7 +2029,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -75793,7 +76501,7 @@ index f558998..9cdff60 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2039,7 +2039,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2039,7 +2040,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -75802,7 +76510,7 @@ index f558998..9cdff60 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2509,7 +2509,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2509,7 +2510,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -75811,7 +76519,7 @@ index f558998..9cdff60 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3042,7 +3042,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3042,7 +3043,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) NLA_PUT_U16(skb, IPVS_DEST_ATTR_PORT, dest->port); NLA_PUT_U32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -76545,6 +77253,36 @@ index 7635107..4670276 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/input.c b/net/sctp/input.c +index 80f71af..be772c0 100644 +--- a/net/sctp/input.c ++++ b/net/sctp/input.c +@@ -736,15 +736,12 @@ static void __sctp_unhash_endpoint(struct sctp_endpoint *ep) + + epb = &ep->base; + +- if (hlist_unhashed(&epb->node)) +- return; +- + epb->hashent = sctp_ep_hashfn(epb->bind_addr.port); + + head = &sctp_ep_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + +@@ -825,7 +822,7 @@ static void __sctp_unhash_established(struct sctp_association *asoc) + head = &sctp_assoc_hashtable[epb->hashent]; + + sctp_write_lock(&head->lock); +- __hlist_del(&epb->node); ++ hlist_del_init(&epb->node); + sctp_write_unlock(&head->lock); + } + diff --git a/net/sctp/proc.c b/net/sctp/proc.c index 1e2eee8..ce3967e 100644 --- a/net/sctp/proc.c @@ -76560,10 +77298,38 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 92ba71d..9a97902 100644 +index 92ba71d..9352c05 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4569,7 +4569,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -1231,8 +1231,14 @@ out_free: + SCTP_DEBUG_PRINTK("About to exit __sctp_connect() free asoc: %p" + " kaddrs: %p err: %d\n", + asoc, kaddrs, err); +- if (asoc) ++ if (asoc) { ++ /* sctp_primitive_ASSOCIATE may have added this association ++ * To the hash table, try to unhash it, just in case, its a noop ++ * if it wasn't hashed so we're safe ++ */ ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + return err; + } + +@@ -1942,8 +1948,10 @@ SCTP_STATIC int sctp_sendmsg(struct kiocb *iocb, struct sock *sk, + goto out_unlock; + + out_free: +- if (new_asoc) ++ if (new_asoc) { ++ sctp_unhash_established(asoc); + sctp_association_free(asoc); ++ } + out_unlock: + sctp_release_sock(sk); + +@@ -4569,7 +4577,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -77536,7 +78302,7 @@ index 44ddaa5..a3119bd 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index c4e7d15..4241aef 100644 +index c4e7d15..dad16c1 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -922,6 +922,7 @@ enum mismatch { @@ -77578,12 +78344,12 @@ index c4e7d15..4241aef 100644 free(prl_to); break; + case DATA_TO_TEXT: -+/* ++#if 0 + fprintf(stderr, -+ "The variable %s references\n" -+ "the %s %s%s%s\n", -+ fromsym, to, sec2annotation(tosec), tosym, to_p); -+*/ ++ "The %s %s:%s references\n" ++ "the %s %s:%s%s\n", ++ from, fromsec, fromsym, to, tosec, tosym, to_p); ++#endif + break; } fprintf(stderr, "\n"); @@ -77682,10 +78448,10 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index ccc61f8..7244cf1 100644 +index ccc61f8..00dd2a2 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,861 @@ +@@ -4,6 +4,870 @@ menu "Security options" @@ -77944,13 +78710,12 @@ index ccc61f8..7244cf1 100644 + has been deprecated in favour of PT_PAX_FLAGS and XATTR_PAX_FLAGS + support. + -+ If you have applications not marked by the PT_PAX_FLAGS ELF program -+ header and you cannot use XATTR_PAX_FLAGS then you MUST enable this -+ option otherwise they will not get any protection. -+ + Note that if you enable PT_PAX_FLAGS or XATTR_PAX_FLAGS marking + support as well, they will override the legacy EI_PAX marks. + ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. ++ +config PAX_PT_PAX_FLAGS + bool 'Use ELF program header marking' + default y if GRKERNSEC_CONFIG_AUTO @@ -77963,15 +78728,14 @@ index ccc61f8..7244cf1 100644 + integrated into the toolchain (the binutils patch is available + from http://pax.grsecurity.net). + -+ If you have applications not marked by the PT_PAX_FLAGS ELF program -+ header then you MUST enable either XATTR_PAX_FLAGS or EI_PAX marking -+ support otherwise they will not get any protection. ++ Note that if you enable the legacy EI_PAX marking support as well, ++ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. + + If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you + must make sure that the marks are the same if a binary has both marks. + -+ Note that if you enable the legacy EI_PAX marking support as well, -+ the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks. ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. + +config PAX_XATTR_PAX_FLAGS + bool 'Use filesystem extended attributes marking' @@ -77996,15 +78760,14 @@ index ccc61f8..7244cf1 100644 + isofs, udf, vfat) so copying files through such filesystems will + lose the extended attributes and these PaX markings. + -+ If you have applications not marked by the PT_PAX_FLAGS ELF program -+ header then you MUST enable either XATTR_PAX_FLAGS or EI_PAX marking -+ support otherwise they will not get any protection. ++ Note that if you enable the legacy EI_PAX marking support as well, ++ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks. + + If you enable both PT_PAX_FLAGS and XATTR_PAX_FLAGS support then you + must make sure that the marks are the same if a binary has both marks. + -+ Note that if you enable the legacy EI_PAX marking support as well, -+ the EI_PAX marks will be overridden by the XATTR_PAX_FLAGS marks. ++ If you enable none of the marking options then all applications ++ will run with PaX enabled on them by default. + +choice + prompt 'MAC system integration' @@ -78534,6 +79297,18 @@ index ccc61f8..7244cf1 100644 + Homepage: + http://www.grsecurity.net/~ephox/overflow_plugin/ + ++config PAX_LATENT_ENTROPY ++ bool "Generate some entropy during boot" ++ help ++ By saying Y here the kernel will instrument early boot code to ++ extract some entropy from both original and artificially created ++ program state. This will help especially embedded systems where ++ there is little 'natural' source of entropy normally. The cost ++ is some slowdown of the boot process. ++ ++ Note that entropy extracted this way is not cryptographically ++ secure! ++ +endmenu + +endmenu @@ -78547,7 +79322,7 @@ index ccc61f8..7244cf1 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +1024,7 @@ config INTEL_TXT +@@ -169,7 +1033,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -79411,12 +80186,19 @@ index da5fa1a..113cd02 100644 int last_frame_number; /* stored frame number */ int last_delay; /* stored delay */ }; +diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore +new file mode 100644 +index 0000000..50f2f2f +--- /dev/null ++++ b/tools/gcc/.gitignore +@@ -0,0 +1 @@ ++size_overflow_hash.h diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..f4f9986 +index 0000000..e9d4079 --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,41 @@ +@@ -0,0 +1,43 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -79425,10 +80207,10 @@ index 0000000..f4f9986 + +ifeq ($(PLUGINCC),$(HOSTCC)) +HOSTLIBS := hostlibs -+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb ++HOST_EXTRACFLAGS += -Iinclude -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb +else +HOSTLIBS := hostcxxlibs -+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter ++HOST_EXTRACXXFLAGS += -Iinclude -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter +endif + +$(HOSTLIBS)-y := constify_plugin.so @@ -79438,6 +80220,7 @@ index 0000000..f4f9986 +$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so +$(HOSTLIBS)-y += colorize_plugin.so +$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so + +always := $($(HOSTLIBS)-y) + @@ -79448,6 +80231,7 @@ index 0000000..f4f9986 +checker_plugin-objs := checker_plugin.o +colorize_plugin-objs := colorize_plugin.o +size_overflow_plugin-objs := size_overflow_plugin.o ++latent_entropy_plugin-objs := latent_entropy_plugin.o + +$(obj)/size_overflow_plugin.o: $(objtree)/$(obj)/size_overflow_hash.h + @@ -79637,7 +80421,7 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c new file mode 100644 -index 0000000..7a5e311 +index 0000000..846aeb0 --- /dev/null +++ b/tools/gcc/colorize_plugin.c @@ -0,0 +1,148 @@ @@ -79775,7 +80559,7 @@ index 0000000..7a5e311 + struct register_pass_info colorize_rearm_pass_info = { + .pass = &pass_ipa_colorize_rearm.pass, + .reference_pass_name = "*free_lang_data", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + @@ -79791,7 +80575,7 @@ index 0000000..7a5e311 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..89b7f56 +index 0000000..048d4ff --- /dev/null +++ b/tools/gcc/constify_plugin.c @@ -0,0 +1,328 @@ @@ -80097,7 +80881,7 @@ index 0000000..89b7f56 + struct register_pass_info local_variable_pass_info = { + .pass = &pass_local_variable.pass, + .reference_pass_name = "*referenced_vars", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + @@ -80225,7 +81009,7 @@ index 0000000..a0fe8b2 +exit 0 diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c new file mode 100644 -index 0000000..a5eabce +index 0000000..a86e422 --- /dev/null +++ b/tools/gcc/kallocstat_plugin.c @@ -0,0 +1,167 @@ @@ -80382,7 +81166,7 @@ index 0000000..a5eabce + struct register_pass_info kallocstat_pass_info = { + .pass = &kallocstat_pass.pass, + .reference_pass_name = "ssa", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + @@ -80398,7 +81182,7 @@ index 0000000..a5eabce +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..d8a8da2 +index 0000000..98011fa --- /dev/null +++ b/tools/gcc/kernexec_plugin.c @@ -0,0 +1,427 @@ @@ -80774,19 +81558,19 @@ index 0000000..d8a8da2 + struct register_pass_info kernexec_reload_pass_info = { + .pass = &kernexec_reload_pass.pass, + .reference_pass_name = "ssa", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + struct register_pass_info kernexec_fptr_pass_info = { + .pass = &kernexec_fptr_pass.pass, + .reference_pass_name = "ssa", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + struct register_pass_info kernexec_retaddr_pass_info = { + .pass = &kernexec_retaddr_pass.pass, + .reference_pass_name = "pro_and_epilogue", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_AFTER + }; + @@ -80829,6 +81613,303 @@ index 0000000..d8a8da2 + + return 0; +} +diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c +new file mode 100644 +index 0000000..9788bfe +--- /dev/null ++++ b/tools/gcc/latent_entropy_plugin.c +@@ -0,0 +1,291 @@ ++/* ++ * Copyright 2012 by the PaX Team <pageexec@freemail.hu> ++ * Licensed under the GPL v2 ++ * ++ * Note: the choice of the license means that the compilation process is ++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3, ++ * but for the kernel it doesn't matter since it doesn't link against ++ * any of the gcc libraries ++ * ++ * gcc plugin to help generate a little bit of entropy from program state, ++ * used during boot in the kernel ++ * ++ * TODO: ++ * - quite a few, see the comments :) ++ * ++ * BUGS: ++ * - none known ++ */ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "flags.h" ++#include "intl.h" ++#include "toplev.h" ++#include "plugin.h" ++//#include "expr.h" where are you... ++#include "diagnostic.h" ++#include "plugin-version.h" ++#include "tm.h" ++#include "function.h" ++#include "basic-block.h" ++#include "gimple.h" ++#include "rtl.h" ++#include "emit-rtl.h" ++#include "tree-flow.h" ++#include "cpplib.h" ++#include "c-pragma.h" ++ ++#include "linux/kconfig.h" ++ ++int plugin_is_GPL_compatible; ++ ++static tree latent_entropy_decl; ++ ++static struct plugin_info latent_entropy_plugin_info = { ++ .version = "201207202140", ++ .help = NULL ++}; ++ ++static unsigned int execute_latent_entropy(void); ++static bool gate_latent_entropy(void); ++ ++static struct gimple_opt_pass latent_entropy_pass = { ++ .pass = { ++ .type = GIMPLE_PASS, ++ .name = "latent_entropy", ++ .gate = gate_latent_entropy, ++ .execute = execute_latent_entropy, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = PROP_gimple_leh | PROP_cfg, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, //TODO_verify_ssa | TODO_verify_flow | TODO_verify_stmts, ++ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_update_ssa ++ } ++}; ++ ++// for kernel use we just want to instrument some of the boot code ++// for userland use this would need changes ++static bool gate_latent_entropy(void) ++{ ++ tree section_attr; ++ const char *section_name; ++ ++ // don't instrument modules ++ if (cpp_defined(parse_in, (const unsigned char *)"MODULE", 6)) ++ return false; ++ ++ // don't instrument normal code ++ section_attr = lookup_attribute("section", DECL_ATTRIBUTES(current_function_decl)); ++ if (!section_attr || !TREE_VALUE(section_attr)) ++ return false; ++ ++ section_name = TREE_STRING_POINTER(TREE_VALUE(TREE_VALUE(section_attr))); ++ ++ // instrument code in boot related sections ++ if (!strncmp(section_name, ".init.text", 10)) ++ return true; ++ ++ if (!strncmp(section_name, ".initcall", 9)) ++ return true; ++ ++ if (!strncmp(section_name, ".con_initcall", 13)) ++ return true; ++ ++ if (!strncmp(section_name, ".security_initcall", 18)) ++ return true; ++ ++#ifndef CONFIG_HOTPLUG ++ if (!strncmp(section_name, ".devinit.text", 13)) ++ return true; ++#endif ++ ++#ifndef CONFIG_HOTPLUG_CPU ++ if (!strncmp(section_name, ".cpuinit.text", 13)) ++ return true; ++#endif ++ ++#ifndef CONFIG_HOTPLUG_MEMORY ++ if (!strncmp(section_name, ".meminit.text", 13)) ++ return true; ++#endif ++ ++ // TODO check whether cfun is static and all its callers meet the above criteria ++ return false; ++} ++ ++static unsigned HOST_WIDE_INT seed; ++static unsigned HOST_WIDE_INT get_random_const(void) ++{ ++ seed = (seed >> 1U) ^ (-(seed & 1ULL) & 0xD800000000000000ULL); ++ return seed; ++} ++ ++static enum tree_code get_op(tree *rhs) ++{ ++ static enum tree_code op; ++ unsigned HOST_WIDE_INT random_const; ++ ++ random_const = get_random_const(); ++ ++ switch (op) { ++ case BIT_XOR_EXPR: ++ op = PLUS_EXPR; ++ break; ++ ++ case PLUS_EXPR: ++ if (rhs) { ++ op = LROTATE_EXPR; ++ random_const &= HOST_BITS_PER_WIDE_INT - 1; ++ break; ++ } ++ ++ case LROTATE_EXPR: ++ default: ++ op = BIT_XOR_EXPR; ++ break; ++ } ++ if (rhs) ++ *rhs = build_int_cstu(unsigned_intDI_type_node, random_const); ++ return op; ++} ++ ++static void perturb_local_entropy(basic_block bb, tree local_entropy) ++{ ++ gimple_stmt_iterator gsi; ++ gimple assign; ++ tree addxorrol, rhs; ++ enum tree_code op; ++ ++ op = get_op(&rhs); ++ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); ++ assign = gimple_build_assign(local_entropy, addxorrol); ++ find_referenced_vars_in(assign); ++//debug_bb(bb); ++ gsi = gsi_after_labels(bb); ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++} ++ ++static void perturb_latent_entropy(basic_block bb, tree rhs) ++{ ++ gimple_stmt_iterator gsi; ++ gimple assign; ++ tree addxorrol, temp; ++ ++ // 1. create temporary copy of latent_entropy ++ temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); ++ add_referenced_var(temp); ++ mark_sym_for_renaming(temp); ++ ++ // 2. read... ++ assign = gimple_build_assign(temp, latent_entropy_decl); ++ find_referenced_vars_in(assign); ++ gsi = gsi_after_labels(bb); ++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ ++ // 3. ...modify... ++ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); ++ assign = gimple_build_assign(temp, addxorrol); ++ find_referenced_vars_in(assign); ++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ ++ // 4. ...write latent_entropy ++ assign = gimple_build_assign(latent_entropy_decl, temp); ++ find_referenced_vars_in(assign); ++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ ++ // TODO we could mix in more local state such as function return values, etc ++} ++ ++static unsigned int execute_latent_entropy(void) ++{ ++ basic_block bb; ++ gimple assign; ++ gimple_stmt_iterator gsi; ++ tree local_entropy; ++ ++//fprintf(stderr, "latent_entropy: %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl))); ++ ++ // 1. create local entropy variable ++ local_entropy = create_tmp_var(unsigned_intDI_type_node, "local_entropy"); ++ add_referenced_var(local_entropy); ++ mark_sym_for_renaming(local_entropy); ++ ++ // 2. initialize local entropy variable ++ bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; ++ if (dom_info_available_p(CDI_DOMINATORS)) ++ set_immediate_dominator(CDI_DOMINATORS, bb, ENTRY_BLOCK_PTR); ++ gsi = gsi_start_bb(bb); ++ ++ assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); ++// gimple_set_location(assign, loc); ++ find_referenced_vars_in(assign); ++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ bb = bb->next_bb; ++ ++ // 3. instrument each BB with an operation on the local entropy variable ++ while (bb != EXIT_BLOCK_PTR) { ++ perturb_local_entropy(bb, local_entropy); ++ bb = bb->next_bb; ++ }; ++ ++ // 4. mix local entropy into the global entropy variable ++ perturb_latent_entropy(EXIT_BLOCK_PTR->prev_bb, local_entropy); ++ return 0; ++} ++ ++static void start_unit_callback(void *gcc_data, void *user_data) ++{ ++ // extern u64 latent_entropy ++ latent_entropy_decl = build_decl(UNKNOWN_LOCATION, VAR_DECL, get_identifier("latent_entropy"), unsigned_intDI_type_node); ++ ++ TREE_STATIC(latent_entropy_decl) = 1; ++ TREE_PUBLIC(latent_entropy_decl) = 1; ++ DECL_EXTERNAL(latent_entropy_decl) = 1; ++ DECL_ARTIFICIAL(latent_entropy_decl) = 1; ++ DECL_INITIAL(latent_entropy_decl) = NULL; ++// DECL_ASSEMBLER_NAME(latent_entropy_decl); ++// varpool_finalize_decl(latent_entropy_decl); ++// varpool_mark_needed_node(latent_entropy_decl); ++ ++#if BUILDING_GCC_VERSION >= 4007 ++ seed = get_random_seed(false); ++#else ++ sscanf(get_random_seed(false), "%" HOST_WIDE_INT_PRINT "x", &seed); ++ seed *= seed; ++#endif ++} ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ const char * const plugin_name = plugin_info->base_name; ++ struct register_pass_info latent_entropy_pass_info = { ++ .pass = &latent_entropy_pass.pass, ++ .reference_pass_name = "optimized", ++ .ref_pass_instance_number = 1, ++ .pos_op = PASS_POS_INSERT_BEFORE ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &latent_entropy_plugin_info); ++ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &latent_entropy_pass_info); ++ ++ return 0; ++} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 index 0000000..daaa86c @@ -84533,7 +85614,7 @@ index 0000000..cc96254 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..b87ec9d +index 0000000..38d2014 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c @@ -0,0 +1,313 @@ @@ -84806,13 +85887,13 @@ index 0000000..b87ec9d + .pass = &stackleak_tree_instrument_pass.pass, +// .reference_pass_name = "tree_profile", + .reference_pass_name = "optimized", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_BEFORE + }; + struct register_pass_info stackleak_final_pass_info = { + .pass = &stackleak_final_rtl_opt_pass.pass, + .reference_pass_name = "final", -+ .ref_pass_instance_number = 0, ++ .ref_pass_instance_number = 1, + .pos_op = PASS_POS_INSERT_BEFORE + }; + diff --git a/3.4.5/4430_grsec-remove-localversion-grsec.patch b/3.4.6/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.4.5/4430_grsec-remove-localversion-grsec.patch +++ b/3.4.6/4430_grsec-remove-localversion-grsec.patch diff --git a/3.4.5/4435_grsec-mute-warnings.patch b/3.4.6/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.4.5/4435_grsec-mute-warnings.patch +++ b/3.4.6/4435_grsec-mute-warnings.patch diff --git a/3.4.5/4440_grsec-remove-protected-paths.patch b/3.4.6/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.4.5/4440_grsec-remove-protected-paths.patch +++ b/3.4.6/4440_grsec-remove-protected-paths.patch diff --git a/3.4.5/4450_grsec-kconfig-default-gids.patch b/3.4.6/4450_grsec-kconfig-default-gids.patch index 50ba671..50ba671 100644 --- a/3.4.5/4450_grsec-kconfig-default-gids.patch +++ b/3.4.6/4450_grsec-kconfig-default-gids.patch diff --git a/3.4.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.4.6/4465_selinux-avc_audit-log-curr_ip.patch index 48acad7..48acad7 100644 --- a/3.4.5/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.4.6/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.4.5/4470_disable-compat_vdso.patch b/3.4.6/4470_disable-compat_vdso.patch index 2a637c1..2a637c1 100644 --- a/3.4.5/4470_disable-compat_vdso.patch +++ b/3.4.6/4470_disable-compat_vdso.patch diff --git a/3.4.6/4480_fix-scsi-lpfc-Werror.patch b/3.4.6/4480_fix-scsi-lpfc-Werror.patch new file mode 100644 index 0000000..e5bbb1c --- /dev/null +++ b/3.4.6/4480_fix-scsi-lpfc-Werror.patch @@ -0,0 +1,23 @@ +Fix compile time error in drivers/scsi/lpfc/lpfc_scsi.c + +When compiling with hardened gcc-4.5.3 on x86, warnings of unused variable +‘rc’ are treated as errors causing failure. This patch supresses the warnings +and fixes the compile time failure. + +X-Gentoo-Bug: 425816 +X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=425816 +Author: gokturk@binghamton.edu +Reported-by: Dennis Schridde <devurandom@gmx.net> +Signed-off-by: Anthony G. Basile <basile@opensource.dyc.edu> + +--- a/drivers/scsi/lpfc/Makefile 2012-07-20 17:12:36.767906363 -0400 ++++ b/drivers/scsi/lpfc/Makefile 2012-07-20 17:13:06.217791507 -0400 +@@ -22,7 +22,7 @@ + ccflags-$(GCOV) := -fprofile-arcs -ftest-coverage + ccflags-$(GCOV) += -O0 + +-ccflags-y += -Werror ++ccflags-y += -Wno-unused -Werror + + obj-$(CONFIG_SCSI_LPFC) := lpfc.o + |