diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-12-08 19:34:06 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-12-08 19:34:06 -0500 |
commit | 2aab2b63e3fcde6868b2aa853a3e78d8bb645f14 (patch) | |
tree | a6ee63b05074df98f87dabe3703ee4395a089633 | |
parent | Grsec/PaX: 3.0-{3.2.64,3.14.25,3.17.4}-201411260107 (diff) | |
download | hardened-patchset-2aab2b63e3fcde6868b2aa853a3e78d8bb645f14.tar.gz hardened-patchset-2aab2b63e3fcde6868b2aa853a3e78d8bb645f14.tar.bz2 hardened-patchset-2aab2b63e3fcde6868b2aa853a3e78d8bb645f14.zip |
Grsec/PaX: 3.0-{3.2.64,3.14.26,3.17.6}-20141207100520141207
-rw-r--r-- | 3.14.26/0000_README (renamed from 3.17.4/0000_README) | 10 | ||||
-rw-r--r-- | 3.14.26/1024_linux-3.14.25.patch (renamed from 3.14.25/1024_linux-3.14.25.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/1025_linux-3.14.26.patch | 2603 | ||||
-rw-r--r-- | 3.14.26/4420_grsecurity-3.0-3.14.26-201412071005.patch (renamed from 3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch) | 810 | ||||
-rw-r--r-- | 3.14.26/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.25/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.25/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.25/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4435_grsec-mute-warnings.patch (renamed from 3.14.25/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4440_grsec-remove-protected-paths.patch (renamed from 3.14.25/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.25/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.25/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4470_disable-compat_vdso.patch (renamed from 3.14.25/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.14.26/4475_emutramp_default_on.patch (renamed from 3.14.25/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/0000_README (renamed from 3.14.25/0000_README) | 6 | ||||
-rw-r--r-- | 3.17.6/1005_linux-3.17.6.patch | 46 | ||||
-rw-r--r-- | 3.17.6/4420_grsecurity-3.0-3.17.6-201412071639.patch (renamed from 3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch) | 730 | ||||
-rw-r--r-- | 3.17.6/4425_grsec_remove_EI_PAX.patch (renamed from 3.17.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.17.4/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4430_grsec-remove-localversion-grsec.patch (renamed from 3.17.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4435_grsec-mute-warnings.patch (renamed from 3.17.4/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4440_grsec-remove-protected-paths.patch (renamed from 3.17.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4450_grsec-kconfig-default-gids.patch (renamed from 3.17.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.17.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4470_disable-compat_vdso.patch (renamed from 3.17.4/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.17.6/4475_emutramp_default_on.patch (renamed from 3.17.4/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.2.64/0000_README | 2 | ||||
-rw-r--r-- | 3.2.64/4420_grsecurity-3.0-3.2.64-201412040015.patch (renamed from 3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch) | 11 |
27 files changed, 3723 insertions, 495 deletions
diff --git a/3.17.4/0000_README b/3.14.26/0000_README index 3e123ea..f652b8f 100644 --- a/3.17.4/0000_README +++ b/3.14.26/0000_README @@ -2,7 +2,15 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.17.4-201411260107.patch +Patch: 1024_linux-3.14.25.patch +From: http://www.kernel.org +Desc: Linux 3.14.25 + +Patch: 1025_linux-3.14.26.patch +From: http://www.kernel.org +Desc: Linux 3.14.26 + +Patch: 4420_grsecurity-3.0-3.14.26-201412071005.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.25/1024_linux-3.14.25.patch b/3.14.26/1024_linux-3.14.25.patch index 5ae0660..5ae0660 100644 --- a/3.14.25/1024_linux-3.14.25.patch +++ b/3.14.26/1024_linux-3.14.25.patch diff --git a/3.14.26/1025_linux-3.14.26.patch b/3.14.26/1025_linux-3.14.26.patch new file mode 100644 index 0000000..275454e --- /dev/null +++ b/3.14.26/1025_linux-3.14.26.patch @@ -0,0 +1,2603 @@ +diff --git a/Documentation/devicetree/bindings/interrupt-controller/interrupts.txt b/Documentation/devicetree/bindings/interrupt-controller/interrupts.txt +index ce6a1a0..8a3c408 100644 +--- a/Documentation/devicetree/bindings/interrupt-controller/interrupts.txt ++++ b/Documentation/devicetree/bindings/interrupt-controller/interrupts.txt +@@ -30,10 +30,6 @@ should only be used when a device has multiple interrupt parents. + Example: + interrupts-extended = <&intc1 5 1>, <&intc2 1 0>; + +-A device node may contain either "interrupts" or "interrupts-extended", but not +-both. If both properties are present, then the operating system should log an +-error and use only the data in "interrupts". +- + 2) Interrupt controller nodes + ----------------------------- + +diff --git a/Makefile b/Makefile +index eb96e40..63a5ee8 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 14 +-SUBLEVEL = 25 ++SUBLEVEL = 26 + EXTRAVERSION = + NAME = Remembering Coco + +diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h +index 71a06b2..3e635ee 100644 +--- a/arch/arm/include/asm/thread_info.h ++++ b/arch/arm/include/asm/thread_info.h +@@ -43,16 +43,6 @@ struct cpu_context_save { + __u32 extra[2]; /* Xscale 'acc' register, etc */ + }; + +-struct arm_restart_block { +- union { +- /* For user cache flushing */ +- struct { +- unsigned long start; +- unsigned long end; +- } cache; +- }; +-}; +- + /* + * low level task data that entry.S needs immediate access to. + * __switch_to() assumes cpu_context follows immediately after cpu_domain. +@@ -78,7 +68,6 @@ struct thread_info { + unsigned long thumbee_state; /* ThumbEE Handler Base register */ + #endif + struct restart_block restart_block; +- struct arm_restart_block arm_restart_block; + }; + + #define INIT_THREAD_INFO(tsk) \ +diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c +index 9265b8b..3f31443 100644 +--- a/arch/arm/kernel/traps.c ++++ b/arch/arm/kernel/traps.c +@@ -510,8 +510,6 @@ static int bad_syscall(int n, struct pt_regs *regs) + return regs->ARM_r0; + } + +-static long do_cache_op_restart(struct restart_block *); +- + static inline int + __do_cache_op(unsigned long start, unsigned long end) + { +@@ -520,24 +518,8 @@ __do_cache_op(unsigned long start, unsigned long end) + do { + unsigned long chunk = min(PAGE_SIZE, end - start); + +- if (signal_pending(current)) { +- struct thread_info *ti = current_thread_info(); +- +- ti->restart_block = (struct restart_block) { +- .fn = do_cache_op_restart, +- }; +- +- ti->arm_restart_block = (struct arm_restart_block) { +- { +- .cache = { +- .start = start, +- .end = end, +- }, +- }, +- }; +- +- return -ERESTART_RESTARTBLOCK; +- } ++ if (fatal_signal_pending(current)) ++ return 0; + + ret = flush_cache_user_range(start, start + chunk); + if (ret) +@@ -550,15 +532,6 @@ __do_cache_op(unsigned long start, unsigned long end) + return 0; + } + +-static long do_cache_op_restart(struct restart_block *unused) +-{ +- struct arm_restart_block *restart_block; +- +- restart_block = ¤t_thread_info()->arm_restart_block; +- return __do_cache_op(restart_block->cache.start, +- restart_block->cache.end); +-} +- + static inline int + do_cache_op(unsigned long start, unsigned long end, int flags) + { +diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S +index 74f6033..fdedc31 100644 +--- a/arch/arm/mm/proc-v7.S ++++ b/arch/arm/mm/proc-v7.S +@@ -211,7 +211,6 @@ __v7_pj4b_setup: + /* Auxiliary Debug Modes Control 1 Register */ + #define PJ4B_STATIC_BP (1 << 2) /* Enable Static BP */ + #define PJ4B_INTER_PARITY (1 << 8) /* Disable Internal Parity Handling */ +-#define PJ4B_BCK_OFF_STREX (1 << 5) /* Enable the back off of STREX instr */ + #define PJ4B_CLEAN_LINE (1 << 16) /* Disable data transfer for clean line */ + + /* Auxiliary Debug Modes Control 2 Register */ +@@ -234,7 +233,6 @@ __v7_pj4b_setup: + /* Auxiliary Debug Modes Control 1 Register */ + mrc p15, 1, r0, c15, c1, 1 + orr r0, r0, #PJ4B_CLEAN_LINE +- orr r0, r0, #PJ4B_BCK_OFF_STREX + orr r0, r0, #PJ4B_INTER_PARITY + bic r0, r0, #PJ4B_STATIC_BP + mcr p15, 1, r0, c15, c1, 1 +diff --git a/arch/arm/mm/proc-xscale.S b/arch/arm/mm/proc-xscale.S +index d19b1cf..b34b95f 100644 +--- a/arch/arm/mm/proc-xscale.S ++++ b/arch/arm/mm/proc-xscale.S +@@ -535,7 +535,7 @@ ENTRY(cpu_xscale_do_suspend) + mrc p15, 0, r5, c15, c1, 0 @ CP access reg + mrc p15, 0, r6, c13, c0, 0 @ PID + mrc p15, 0, r7, c3, c0, 0 @ domain ID +- mrc p15, 0, r8, c1, c1, 0 @ auxiliary control reg ++ mrc p15, 0, r8, c1, c0, 1 @ auxiliary control reg + mrc p15, 0, r9, c1, c0, 0 @ control reg + bic r4, r4, #2 @ clear frequency change bit + stmia r0, {r4 - r9} @ store cp regs +@@ -552,7 +552,7 @@ ENTRY(cpu_xscale_do_resume) + mcr p15, 0, r6, c13, c0, 0 @ PID + mcr p15, 0, r7, c3, c0, 0 @ domain ID + mcr p15, 0, r1, c2, c0, 0 @ translation table base addr +- mcr p15, 0, r8, c1, c1, 0 @ auxiliary control reg ++ mcr p15, 0, r8, c1, c0, 1 @ auxiliary control reg + mov r0, r9 @ control register + b cpu_resume_mmu + ENDPROC(cpu_xscale_do_resume) +diff --git a/arch/mips/loongson/common/Makefile b/arch/mips/loongson/common/Makefile +index 9e4484c..9005a8d6 100644 +--- a/arch/mips/loongson/common/Makefile ++++ b/arch/mips/loongson/common/Makefile +@@ -11,7 +11,8 @@ obj-$(CONFIG_PCI) += pci.o + # Serial port support + # + obj-$(CONFIG_EARLY_PRINTK) += early_printk.o +-obj-$(CONFIG_SERIAL_8250) += serial.o ++loongson-serial-$(CONFIG_SERIAL_8250) := serial.o ++obj-y += $(loongson-serial-m) $(loongson-serial-y) + obj-$(CONFIG_LOONGSON_UART_BASE) += uart_base.o + obj-$(CONFIG_LOONGSON_MC146818) += rtc.o + +diff --git a/arch/mips/oprofile/backtrace.c b/arch/mips/oprofile/backtrace.c +index 6854ed5..83a1dfd 100644 +--- a/arch/mips/oprofile/backtrace.c ++++ b/arch/mips/oprofile/backtrace.c +@@ -92,7 +92,7 @@ static inline int unwind_user_frame(struct stackframe *old_frame, + /* This marks the end of the previous function, + which means we overran. */ + break; +- stack_size = (unsigned) stack_adjustment; ++ stack_size = (unsigned long) stack_adjustment; + } else if (is_ra_save_ins(&ip)) { + int ra_slot = ip.i_format.simmediate; + if (ra_slot < 0) +diff --git a/arch/powerpc/platforms/powernv/pci-ioda.c b/arch/powerpc/platforms/powernv/pci-ioda.c +index beedaf0..d558b85 100644 +--- a/arch/powerpc/platforms/powernv/pci-ioda.c ++++ b/arch/powerpc/platforms/powernv/pci-ioda.c +@@ -902,7 +902,6 @@ static int pnv_pci_ioda_msi_setup(struct pnv_phb *phb, struct pci_dev *dev, + unsigned int is_64, struct msi_msg *msg) + { + struct pnv_ioda_pe *pe = pnv_ioda_get_pe(dev); +- struct pci_dn *pdn = pci_get_pdn(dev); + struct irq_data *idata; + struct irq_chip *ichip; + unsigned int xive_num = hwirq - phb->msi_base; +@@ -918,7 +917,7 @@ static int pnv_pci_ioda_msi_setup(struct pnv_phb *phb, struct pci_dev *dev, + return -ENXIO; + + /* Force 32-bit MSI on some broken devices */ +- if (pdn && pdn->force_32bit_msi) ++ if (dev->no_64bit_msi) + is_64 = 0; + + /* Assign XIVE to PE */ +diff --git a/arch/powerpc/platforms/powernv/pci.c b/arch/powerpc/platforms/powernv/pci.c +index 8518817..52c1162 100644 +--- a/arch/powerpc/platforms/powernv/pci.c ++++ b/arch/powerpc/platforms/powernv/pci.c +@@ -1,3 +1,4 @@ ++ + /* + * Support PCI/PCIe on PowerNV platforms + * +@@ -50,9 +51,8 @@ static int pnv_msi_check_device(struct pci_dev* pdev, int nvec, int type) + { + struct pci_controller *hose = pci_bus_to_host(pdev->bus); + struct pnv_phb *phb = hose->private_data; +- struct pci_dn *pdn = pci_get_pdn(pdev); + +- if (pdn && pdn->force_32bit_msi && !phb->msi32_support) ++ if (pdev->no_64bit_msi && !phb->msi32_support) + return -ENODEV; + + return (phb && phb->msi_bmp.bitmap) ? 0 : -ENODEV; +diff --git a/arch/powerpc/platforms/pseries/msi.c b/arch/powerpc/platforms/pseries/msi.c +index 0c882e8..6849d85 100644 +--- a/arch/powerpc/platforms/pseries/msi.c ++++ b/arch/powerpc/platforms/pseries/msi.c +@@ -428,7 +428,7 @@ static int rtas_setup_msi_irqs(struct pci_dev *pdev, int nvec_in, int type) + */ + again: + if (type == PCI_CAP_ID_MSI) { +- if (pdn->force_32bit_msi) { ++ if (pdev->no_64bit_msi) { + rc = rtas_change_msi(pdn, RTAS_CHANGE_32MSI_FN, nvec); + if (rc < 0) { + /* +diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c +index b079098..bc5fbc2 100644 +--- a/arch/powerpc/xmon/xmon.c ++++ b/arch/powerpc/xmon/xmon.c +@@ -288,10 +288,10 @@ static inline void disable_surveillance(void) + args.token = rtas_token("set-indicator"); + if (args.token == RTAS_UNKNOWN_SERVICE) + return; +- args.nargs = 3; +- args.nret = 1; ++ args.nargs = cpu_to_be32(3); ++ args.nret = cpu_to_be32(1); + args.rets = &args.args[3]; +- args.args[0] = SURVEILLANCE_TOKEN; ++ args.args[0] = cpu_to_be32(SURVEILLANCE_TOKEN); + args.args[1] = 0; + args.args[2] = 0; + enter_rtas(__pa(&args)); +diff --git a/arch/sparc/include/uapi/asm/swab.h b/arch/sparc/include/uapi/asm/swab.h +index a34ad07..4c7c12d 100644 +--- a/arch/sparc/include/uapi/asm/swab.h ++++ b/arch/sparc/include/uapi/asm/swab.h +@@ -9,9 +9,9 @@ static inline __u16 __arch_swab16p(const __u16 *addr) + { + __u16 ret; + +- __asm__ __volatile__ ("lduha [%1] %2, %0" ++ __asm__ __volatile__ ("lduha [%2] %3, %0" + : "=r" (ret) +- : "r" (addr), "i" (ASI_PL)); ++ : "m" (*addr), "r" (addr), "i" (ASI_PL)); + return ret; + } + #define __arch_swab16p __arch_swab16p +@@ -20,9 +20,9 @@ static inline __u32 __arch_swab32p(const __u32 *addr) + { + __u32 ret; + +- __asm__ __volatile__ ("lduwa [%1] %2, %0" ++ __asm__ __volatile__ ("lduwa [%2] %3, %0" + : "=r" (ret) +- : "r" (addr), "i" (ASI_PL)); ++ : "m" (*addr), "r" (addr), "i" (ASI_PL)); + return ret; + } + #define __arch_swab32p __arch_swab32p +@@ -31,9 +31,9 @@ static inline __u64 __arch_swab64p(const __u64 *addr) + { + __u64 ret; + +- __asm__ __volatile__ ("ldxa [%1] %2, %0" ++ __asm__ __volatile__ ("ldxa [%2] %3, %0" + : "=r" (ret) +- : "r" (addr), "i" (ASI_PL)); ++ : "m" (*addr), "r" (addr), "i" (ASI_PL)); + return ret; + } + #define __arch_swab64p __arch_swab64p +diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h +index 5f12968..1717156 100644 +--- a/arch/x86/include/asm/cpufeature.h ++++ b/arch/x86/include/asm/cpufeature.h +@@ -203,6 +203,7 @@ + #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ + #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ + #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ ++#define X86_FEATURE_VMMCALL (8*32+15) /* Prefer vmmcall to vmcall */ + + + /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ +diff --git a/arch/x86/include/asm/kvm_para.h b/arch/x86/include/asm/kvm_para.h +index c7678e4..e62cf89 100644 +--- a/arch/x86/include/asm/kvm_para.h ++++ b/arch/x86/include/asm/kvm_para.h +@@ -2,6 +2,7 @@ + #define _ASM_X86_KVM_PARA_H + + #include <asm/processor.h> ++#include <asm/alternative.h> + #include <uapi/asm/kvm_para.h> + + extern void kvmclock_init(void); +@@ -16,10 +17,15 @@ static inline bool kvm_check_and_clear_guest_paused(void) + } + #endif /* CONFIG_KVM_GUEST */ + +-/* This instruction is vmcall. On non-VT architectures, it will generate a +- * trap that we will then rewrite to the appropriate instruction. ++#ifdef CONFIG_DEBUG_RODATA ++#define KVM_HYPERCALL \ ++ ALTERNATIVE(".byte 0x0f,0x01,0xc1", ".byte 0x0f,0x01,0xd9", X86_FEATURE_VMMCALL) ++#else ++/* On AMD processors, vmcall will generate a trap that we will ++ * then rewrite to the appropriate instruction. + */ + #define KVM_HYPERCALL ".byte 0x0f,0x01,0xc1" ++#endif + + /* For KVM hypercalls, a three-byte sequence of either the vmcall or the vmmcall + * instruction. The hypervisor may replace it with something else but only the +diff --git a/arch/x86/include/asm/page_32_types.h b/arch/x86/include/asm/page_32_types.h +index f48b17d..3a52ee0 100644 +--- a/arch/x86/include/asm/page_32_types.h ++++ b/arch/x86/include/asm/page_32_types.h +@@ -20,7 +20,6 @@ + #define THREAD_SIZE_ORDER 1 + #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) + +-#define STACKFAULT_STACK 0 + #define DOUBLEFAULT_STACK 1 + #define NMI_STACK 0 + #define DEBUG_STACK 0 +diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h +index 8de6d9c..d54d1ee 100644 +--- a/arch/x86/include/asm/page_64_types.h ++++ b/arch/x86/include/asm/page_64_types.h +@@ -14,12 +14,11 @@ + #define IRQ_STACK_ORDER 2 + #define IRQ_STACK_SIZE (PAGE_SIZE << IRQ_STACK_ORDER) + +-#define STACKFAULT_STACK 1 +-#define DOUBLEFAULT_STACK 2 +-#define NMI_STACK 3 +-#define DEBUG_STACK 4 +-#define MCE_STACK 5 +-#define N_EXCEPTION_STACKS 5 /* hw limit: 7 */ ++#define DOUBLEFAULT_STACK 1 ++#define NMI_STACK 2 ++#define DEBUG_STACK 3 ++#define MCE_STACK 4 ++#define N_EXCEPTION_STACKS 4 /* hw limit: 7 */ + + #define PUD_PAGE_SIZE (_AC(1, UL) << PUD_SHIFT) + #define PUD_PAGE_MASK (~(PUD_PAGE_SIZE-1)) +diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h +index e1940c0..e870ea9 100644 +--- a/arch/x86/include/asm/thread_info.h ++++ b/arch/x86/include/asm/thread_info.h +@@ -144,7 +144,7 @@ struct thread_info { + /* Only used for 64 bit */ + #define _TIF_DO_NOTIFY_MASK \ + (_TIF_SIGPENDING | _TIF_MCE_NOTIFY | _TIF_NOTIFY_RESUME | \ +- _TIF_USER_RETURN_NOTIFY) ++ _TIF_USER_RETURN_NOTIFY | _TIF_UPROBE) + + /* flags to check in __switch_to() */ + #define _TIF_WORK_CTXSW \ +diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h +index 58d66fe..b409b17 100644 +--- a/arch/x86/include/asm/traps.h ++++ b/arch/x86/include/asm/traps.h +@@ -39,6 +39,7 @@ asmlinkage void simd_coprocessor_error(void); + + #ifdef CONFIG_TRACING + asmlinkage void trace_page_fault(void); ++#define trace_stack_segment stack_segment + #define trace_divide_error divide_error + #define trace_bounds bounds + #define trace_invalid_op invalid_op +diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c +index c67ffa6..c005fdd 100644 +--- a/arch/x86/kernel/cpu/amd.c ++++ b/arch/x86/kernel/cpu/amd.c +@@ -508,6 +508,13 @@ static void early_init_amd(struct cpuinfo_x86 *c) + } + #endif + ++ /* ++ * This is only needed to tell the kernel whether to use VMCALL ++ * and VMMCALL. VMMCALL is never executed except under virt, so ++ * we can set it unconditionally. ++ */ ++ set_cpu_cap(c, X86_FEATURE_VMMCALL); ++ + /* F16h erratum 793, CVE-2013-6885 */ + if (c->x86 == 0x16 && c->x86_model <= 0xf) { + u64 val; +diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c +index 3f27f5f..e6bddd5 100644 +--- a/arch/x86/kernel/cpu/common.c ++++ b/arch/x86/kernel/cpu/common.c +@@ -144,6 +144,8 @@ EXPORT_PER_CPU_SYMBOL_GPL(gdt_page); + + static int __init x86_xsave_setup(char *s) + { ++ if (strlen(s)) ++ return 0; + setup_clear_cpu_cap(X86_FEATURE_XSAVE); + setup_clear_cpu_cap(X86_FEATURE_XSAVEOPT); + setup_clear_cpu_cap(X86_FEATURE_AVX); +diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c +index addb207..66e274a 100644 +--- a/arch/x86/kernel/dumpstack_64.c ++++ b/arch/x86/kernel/dumpstack_64.c +@@ -24,7 +24,6 @@ static char x86_stack_ids[][8] = { + [ DEBUG_STACK-1 ] = "#DB", + [ NMI_STACK-1 ] = "NMI", + [ DOUBLEFAULT_STACK-1 ] = "#DF", +- [ STACKFAULT_STACK-1 ] = "#SS", + [ MCE_STACK-1 ] = "#MC", + #if DEBUG_STKSZ > EXCEPTION_STKSZ + [ N_EXCEPTION_STACKS ... +diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S +index 03cd2a8..02553d6 100644 +--- a/arch/x86/kernel/entry_64.S ++++ b/arch/x86/kernel/entry_64.S +@@ -1053,9 +1053,15 @@ ENTRY(native_iret) + jnz native_irq_return_ldt + #endif + ++.global native_irq_return_iret + native_irq_return_iret: ++ /* ++ * This may fault. Non-paranoid faults on return to userspace are ++ * handled by fixup_bad_iret. These include #SS, #GP, and #NP. ++ * Double-faults due to espfix64 are handled in do_double_fault. ++ * Other faults here are fatal. ++ */ + iretq +- _ASM_EXTABLE(native_irq_return_iret, bad_iret) + + #ifdef CONFIG_X86_ESPFIX64 + native_irq_return_ldt: +@@ -1083,25 +1089,6 @@ native_irq_return_ldt: + jmp native_irq_return_iret + #endif + +- .section .fixup,"ax" +-bad_iret: +- /* +- * The iret traps when the %cs or %ss being restored is bogus. +- * We've lost the original trap vector and error code. +- * #GPF is the most likely one to get for an invalid selector. +- * So pretend we completed the iret and took the #GPF in user mode. +- * +- * We are now running with the kernel GS after exception recovery. +- * But error_entry expects us to have user GS to match the user %cs, +- * so swap back. +- */ +- pushq $0 +- +- SWAPGS +- jmp general_protection +- +- .previous +- + /* edi: workmask, edx: work */ + retint_careful: + CFI_RESTORE_STATE +@@ -1147,37 +1134,6 @@ ENTRY(retint_kernel) + CFI_ENDPROC + END(common_interrupt) + +- /* +- * If IRET takes a fault on the espfix stack, then we +- * end up promoting it to a doublefault. In that case, +- * modify the stack to make it look like we just entered +- * the #GP handler from user space, similar to bad_iret. +- */ +-#ifdef CONFIG_X86_ESPFIX64 +- ALIGN +-__do_double_fault: +- XCPT_FRAME 1 RDI+8 +- movq RSP(%rdi),%rax /* Trap on the espfix stack? */ +- sarq $PGDIR_SHIFT,%rax +- cmpl $ESPFIX_PGD_ENTRY,%eax +- jne do_double_fault /* No, just deliver the fault */ +- cmpl $__KERNEL_CS,CS(%rdi) +- jne do_double_fault +- movq RIP(%rdi),%rax +- cmpq $native_irq_return_iret,%rax +- jne do_double_fault /* This shouldn't happen... */ +- movq PER_CPU_VAR(kernel_stack),%rax +- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ +- movq %rax,RSP(%rdi) +- movq $0,(%rax) /* Missing (lost) #GP error code */ +- movq $general_protection,RIP(%rdi) +- retq +- CFI_ENDPROC +-END(__do_double_fault) +-#else +-# define __do_double_fault do_double_fault +-#endif +- + /* + * End of kprobes section + */ +@@ -1379,7 +1335,7 @@ zeroentry overflow do_overflow + zeroentry bounds do_bounds + zeroentry invalid_op do_invalid_op + zeroentry device_not_available do_device_not_available +-paranoiderrorentry double_fault __do_double_fault ++paranoiderrorentry double_fault do_double_fault + zeroentry coprocessor_segment_overrun do_coprocessor_segment_overrun + errorentry invalid_TSS do_invalid_TSS + errorentry segment_not_present do_segment_not_present +@@ -1549,7 +1505,7 @@ apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ + + paranoidzeroentry_ist debug do_debug DEBUG_STACK + paranoidzeroentry_ist int3 do_int3 DEBUG_STACK +-paranoiderrorentry stack_segment do_stack_segment ++errorentry stack_segment do_stack_segment + #ifdef CONFIG_XEN + zeroentry xen_debug do_debug + zeroentry xen_int3 do_int3 +@@ -1659,16 +1615,15 @@ error_sti: + + /* + * There are two places in the kernel that can potentially fault with +- * usergs. Handle them here. The exception handlers after iret run with +- * kernel gs again, so don't set the user space flag. B stepping K8s +- * sometimes report an truncated RIP for IRET exceptions returning to +- * compat mode. Check for these here too. ++ * usergs. Handle them here. B stepping K8s sometimes report a ++ * truncated RIP for IRET exceptions returning to compat mode. Check ++ * for these here too. + */ + error_kernelspace: + incl %ebx + leaq native_irq_return_iret(%rip),%rcx + cmpq %rcx,RIP+8(%rsp) +- je error_swapgs ++ je error_bad_iret + movl %ecx,%eax /* zero extend */ + cmpq %rax,RIP+8(%rsp) + je bstep_iret +@@ -1679,7 +1634,15 @@ error_kernelspace: + bstep_iret: + /* Fix truncated RIP */ + movq %rcx,RIP+8(%rsp) +- jmp error_swapgs ++ /* fall through */ ++ ++error_bad_iret: ++ SWAPGS ++ mov %rsp,%rdi ++ call fixup_bad_iret ++ mov %rax,%rsp ++ decl %ebx /* Return to usergs */ ++ jmp error_sti + CFI_ENDPROC + END(error_entry) + +diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c +index 57409f6..f9d976e 100644 +--- a/arch/x86/kernel/traps.c ++++ b/arch/x86/kernel/traps.c +@@ -218,32 +218,40 @@ DO_ERROR_INFO(X86_TRAP_UD, SIGILL, "invalid opcode", invalid_op, ILL + DO_ERROR (X86_TRAP_OLD_MF, SIGFPE, "coprocessor segment overrun", coprocessor_segment_overrun ) + DO_ERROR (X86_TRAP_TS, SIGSEGV, "invalid TSS", invalid_TSS ) + DO_ERROR (X86_TRAP_NP, SIGBUS, "segment not present", segment_not_present ) +-#ifdef CONFIG_X86_32 + DO_ERROR (X86_TRAP_SS, SIGBUS, "stack segment", stack_segment ) +-#endif + DO_ERROR_INFO(X86_TRAP_AC, SIGBUS, "alignment check", alignment_check, BUS_ADRALN, 0 ) + + #ifdef CONFIG_X86_64 + /* Runs on IST stack */ +-dotraplinkage void do_stack_segment(struct pt_regs *regs, long error_code) +-{ +- enum ctx_state prev_state; +- +- prev_state = exception_enter(); +- if (notify_die(DIE_TRAP, "stack segment", regs, error_code, +- X86_TRAP_SS, SIGBUS) != NOTIFY_STOP) { +- preempt_conditional_sti(regs); +- do_trap(X86_TRAP_SS, SIGBUS, "stack segment", regs, error_code, NULL); +- preempt_conditional_cli(regs); +- } +- exception_exit(prev_state); +-} +- + dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) + { + static const char str[] = "double fault"; + struct task_struct *tsk = current; + ++#ifdef CONFIG_X86_ESPFIX64 ++ extern unsigned char native_irq_return_iret[]; ++ ++ /* ++ * If IRET takes a non-IST fault on the espfix64 stack, then we ++ * end up promoting it to a doublefault. In that case, modify ++ * the stack to make it look like we just entered the #GP ++ * handler from user space, similar to bad_iret. ++ */ ++ if (((long)regs->sp >> PGDIR_SHIFT) == ESPFIX_PGD_ENTRY && ++ regs->cs == __KERNEL_CS && ++ regs->ip == (unsigned long)native_irq_return_iret) ++ { ++ struct pt_regs *normal_regs = task_pt_regs(current); ++ ++ /* Fake a #GP(0) from userspace. */ ++ memmove(&normal_regs->ip, (void *)regs->sp, 5*8); ++ normal_regs->orig_ax = 0; /* Missing (lost) #GP error code */ ++ regs->ip = (unsigned long)general_protection; ++ regs->sp = (unsigned long)&normal_regs->orig_ax; ++ return; ++ } ++#endif ++ + exception_enter(); + /* Return not checked because double check cannot be ignored */ + notify_die(DIE_TRAP, str, regs, error_code, X86_TRAP_DF, SIGSEGV); +@@ -376,6 +384,35 @@ asmlinkage __kprobes struct pt_regs *sync_regs(struct pt_regs *eregs) + *regs = *eregs; + return regs; + } ++ ++struct bad_iret_stack { ++ void *error_entry_ret; ++ struct pt_regs regs; ++}; ++ ++asmlinkage __visible ++struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) ++{ ++ /* ++ * This is called from entry_64.S early in handling a fault ++ * caused by a bad iret to user mode. To handle the fault ++ * correctly, we want move our stack frame to task_pt_regs ++ * and we want to pretend that the exception came from the ++ * iret target. ++ */ ++ struct bad_iret_stack *new_stack = ++ container_of(task_pt_regs(current), ++ struct bad_iret_stack, regs); ++ ++ /* Copy the IRET target to the new stack. */ ++ memmove(&new_stack->regs.ip, (void *)s->regs.sp, 5*8); ++ ++ /* Copy the remainder of the stack from the current stack. */ ++ memmove(new_stack, s, offsetof(struct bad_iret_stack, regs.ip)); ++ ++ BUG_ON(!user_mode_vm(&new_stack->regs)); ++ return new_stack; ++} + #endif + + /* +@@ -748,7 +785,7 @@ void __init trap_init(void) + set_intr_gate(X86_TRAP_OLD_MF, coprocessor_segment_overrun); + set_intr_gate(X86_TRAP_TS, invalid_TSS); + set_intr_gate(X86_TRAP_NP, segment_not_present); +- set_intr_gate_ist(X86_TRAP_SS, &stack_segment, STACKFAULT_STACK); ++ set_intr_gate(X86_TRAP_SS, stack_segment); + set_intr_gate(X86_TRAP_GP, general_protection); + set_intr_gate(X86_TRAP_SPURIOUS, spurious_interrupt_bug); + set_intr_gate(X86_TRAP_MF, coprocessor_error); +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c +index f35c66c..2308a40 100644 +--- a/arch/x86/mm/init_64.c ++++ b/arch/x86/mm/init_64.c +@@ -1110,7 +1110,7 @@ void mark_rodata_ro(void) + unsigned long end = (unsigned long) &__end_rodata_hpage_align; + unsigned long text_end = PFN_ALIGN(&__stop___ex_table); + unsigned long rodata_end = PFN_ALIGN(&__end_rodata); +- unsigned long all_end = PFN_ALIGN(&_end); ++ unsigned long all_end; + + printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", + (end - start) >> 10); +@@ -1121,7 +1121,16 @@ void mark_rodata_ro(void) + /* + * The rodata/data/bss/brk section (but not the kernel text!) + * should also be not-executable. ++ * ++ * We align all_end to PMD_SIZE because the existing mapping ++ * is a full PMD. If we would align _brk_end to PAGE_SIZE we ++ * split the PMD and the reminder between _brk_end and the end ++ * of the PMD will remain mapped executable. ++ * ++ * Any PMD which was setup after the one which covers _brk_end ++ * has been zapped already via cleanup_highmem(). + */ ++ all_end = roundup((unsigned long)_brk_end, PMD_SIZE); + set_memory_nx(rodata_start, (all_end - rodata_start) >> PAGE_SHIFT); + + rodata_test(); +diff --git a/arch/x86/tools/calc_run_size.pl b/arch/x86/tools/calc_run_size.pl +index 0b0b124..23210ba 100644 +--- a/arch/x86/tools/calc_run_size.pl ++++ b/arch/x86/tools/calc_run_size.pl +@@ -19,7 +19,16 @@ while (<>) { + if ($file_offset == 0) { + $file_offset = $offset; + } elsif ($file_offset != $offset) { +- die ".bss and .brk lack common file offset\n"; ++ # BFD linker shows the same file offset in ELF. ++ # Gold linker shows them as consecutive. ++ next if ($file_offset + $mem_size == $offset + $size); ++ ++ printf STDERR "file_offset: 0x%lx\n", $file_offset; ++ printf STDERR "mem_size: 0x%lx\n", $mem_size; ++ printf STDERR "offset: 0x%lx\n", $offset; ++ printf STDERR "size: 0x%lx\n", $size; ++ ++ die ".bss and .brk are non-contiguous\n"; + } + } + } +diff --git a/drivers/clocksource/sun4i_timer.c b/drivers/clocksource/sun4i_timer.c +index bf497af..7d19f86 100644 +--- a/drivers/clocksource/sun4i_timer.c ++++ b/drivers/clocksource/sun4i_timer.c +@@ -182,6 +182,12 @@ static void __init sun4i_timer_init(struct device_node *node) + /* Make sure timer is stopped before playing with interrupts */ + sun4i_clkevt_time_stop(0); + ++ sun4i_clockevent.cpumask = cpu_possible_mask; ++ sun4i_clockevent.irq = irq; ++ ++ clockevents_config_and_register(&sun4i_clockevent, rate, ++ TIMER_SYNC_TICKS, 0xffffffff); ++ + ret = setup_irq(irq, &sun4i_timer_irq); + if (ret) + pr_warn("failed to setup irq %d\n", irq); +@@ -189,12 +195,6 @@ static void __init sun4i_timer_init(struct device_node *node) + /* Enable timer0 interrupt */ + val = readl(timer_base + TIMER_IRQ_EN_REG); + writel(val | TIMER_IRQ_EN(0), timer_base + TIMER_IRQ_EN_REG); +- +- sun4i_clockevent.cpumask = cpu_possible_mask; +- sun4i_clockevent.irq = irq; +- +- clockevents_config_and_register(&sun4i_clockevent, rate, +- TIMER_SYNC_TICKS, 0xffffffff); + } + CLOCKSOURCE_OF_DECLARE(sun4i, "allwinner,sun4i-timer", + sun4i_timer_init); +diff --git a/drivers/gpu/drm/radeon/r600_dpm.c b/drivers/gpu/drm/radeon/r600_dpm.c +index 813db8d..3334f91 100644 +--- a/drivers/gpu/drm/radeon/r600_dpm.c ++++ b/drivers/gpu/drm/radeon/r600_dpm.c +@@ -1209,7 +1209,7 @@ int r600_parse_extended_power_table(struct radeon_device *rdev) + (mode_info->atom_context->bios + data_offset + + le16_to_cpu(ext_hdr->usPowerTuneTableOffset)); + rdev->pm.dpm.dyn_state.cac_tdp_table->maximum_power_delivery_limit = +- ppt->usMaximumPowerDeliveryLimit; ++ le16_to_cpu(ppt->usMaximumPowerDeliveryLimit); + pt = &ppt->power_tune_table; + } else { + ATOM_PPLIB_POWERTUNE_Table *ppt = (ATOM_PPLIB_POWERTUNE_Table *) +diff --git a/drivers/gpu/drm/radeon/radeon_irq_kms.c b/drivers/gpu/drm/radeon/radeon_irq_kms.c +index 089c9ff..b3f0293 100644 +--- a/drivers/gpu/drm/radeon/radeon_irq_kms.c ++++ b/drivers/gpu/drm/radeon/radeon_irq_kms.c +@@ -202,6 +202,16 @@ static bool radeon_msi_ok(struct radeon_device *rdev) + if (rdev->flags & RADEON_IS_AGP) + return false; + ++ /* ++ * Older chips have a HW limitation, they can only generate 40 bits ++ * of address for "64-bit" MSIs which breaks on some platforms, notably ++ * IBM POWER servers, so we limit them ++ */ ++ if (rdev->family < CHIP_BONAIRE) { ++ dev_info(rdev->dev, "radeon: MSI limited to 32-bit\n"); ++ rdev->pdev->no_64bit_msi = 1; ++ } ++ + /* force MSI on */ + if (radeon_msi == 1) + return true; +diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c +index c5c194c..a96cfc3 100644 +--- a/drivers/infiniband/ulp/isert/ib_isert.c ++++ b/drivers/infiniband/ulp/isert/ib_isert.c +@@ -112,9 +112,12 @@ isert_conn_setup_qp(struct isert_conn *isert_conn, struct rdma_cm_id *cma_id) + attr.cap.max_recv_wr = ISERT_QP_MAX_RECV_DTOS; + /* + * FIXME: Use devattr.max_sge - 2 for max_send_sge as +- * work-around for RDMA_READ.. ++ * work-around for RDMA_READs with ConnectX-2. ++ * ++ * Also, still make sure to have at least two SGEs for ++ * outgoing control PDU responses. + */ +- attr.cap.max_send_sge = device->dev_attr.max_sge - 2; ++ attr.cap.max_send_sge = max(2, device->dev_attr.max_sge - 2); + isert_conn->max_sge = attr.cap.max_send_sge; + + attr.cap.max_recv_sge = 1; +@@ -220,12 +223,16 @@ isert_create_device_ib_res(struct isert_device *device) + struct isert_cq_desc *cq_desc; + struct ib_device_attr *dev_attr; + int ret = 0, i, j; ++ int max_rx_cqe, max_tx_cqe; + + dev_attr = &device->dev_attr; + ret = isert_query_device(ib_dev, dev_attr); + if (ret) + return ret; + ++ max_rx_cqe = min(ISER_MAX_RX_CQ_LEN, dev_attr->max_cqe); ++ max_tx_cqe = min(ISER_MAX_TX_CQ_LEN, dev_attr->max_cqe); ++ + /* asign function handlers */ + if (dev_attr->device_cap_flags & IB_DEVICE_MEM_MGT_EXTENSIONS) { + device->use_fastreg = 1; +@@ -261,7 +268,7 @@ isert_create_device_ib_res(struct isert_device *device) + isert_cq_rx_callback, + isert_cq_event_callback, + (void *)&cq_desc[i], +- ISER_MAX_RX_CQ_LEN, i); ++ max_rx_cqe, i); + if (IS_ERR(device->dev_rx_cq[i])) { + ret = PTR_ERR(device->dev_rx_cq[i]); + device->dev_rx_cq[i] = NULL; +@@ -273,7 +280,7 @@ isert_create_device_ib_res(struct isert_device *device) + isert_cq_tx_callback, + isert_cq_event_callback, + (void *)&cq_desc[i], +- ISER_MAX_TX_CQ_LEN, i); ++ max_tx_cqe, i); + if (IS_ERR(device->dev_tx_cq[i])) { + ret = PTR_ERR(device->dev_tx_cq[i]); + device->dev_tx_cq[i] = NULL; +@@ -718,14 +725,25 @@ wake_up: + complete(&isert_conn->conn_wait); + } + +-static void ++static int + isert_disconnected_handler(struct rdma_cm_id *cma_id, bool disconnect) + { +- struct isert_conn *isert_conn = (struct isert_conn *)cma_id->context; ++ struct isert_conn *isert_conn; ++ ++ if (!cma_id->qp) { ++ struct isert_np *isert_np = cma_id->context; ++ ++ isert_np->np_cm_id = NULL; ++ return -1; ++ } ++ ++ isert_conn = (struct isert_conn *)cma_id->context; + + isert_conn->disconnect = disconnect; + INIT_WORK(&isert_conn->conn_logout_work, isert_disconnect_work); + schedule_work(&isert_conn->conn_logout_work); ++ ++ return 0; + } + + static int +@@ -740,6 +758,9 @@ isert_cma_handler(struct rdma_cm_id *cma_id, struct rdma_cm_event *event) + switch (event->event) { + case RDMA_CM_EVENT_CONNECT_REQUEST: + ret = isert_connect_request(cma_id, event); ++ if (ret) ++ pr_err("isert_cma_handler failed RDMA_CM_EVENT: 0x%08x %d\n", ++ event->event, ret); + break; + case RDMA_CM_EVENT_ESTABLISHED: + isert_connected_handler(cma_id); +@@ -749,7 +770,7 @@ isert_cma_handler(struct rdma_cm_id *cma_id, struct rdma_cm_event *event) + case RDMA_CM_EVENT_DEVICE_REMOVAL: /* FALLTHRU */ + disconnect = true; + case RDMA_CM_EVENT_TIMEWAIT_EXIT: /* FALLTHRU */ +- isert_disconnected_handler(cma_id, disconnect); ++ ret = isert_disconnected_handler(cma_id, disconnect); + break; + case RDMA_CM_EVENT_CONNECT_ERROR: + default: +@@ -757,12 +778,6 @@ isert_cma_handler(struct rdma_cm_id *cma_id, struct rdma_cm_event *event) + break; + } + +- if (ret != 0) { +- pr_err("isert_cma_handler failed RDMA_CM_EVENT: 0x%08x %d\n", +- event->event, ret); +- dump_stack(); +- } +- + return ret; + } + +@@ -970,7 +985,8 @@ isert_put_login_tx(struct iscsi_conn *conn, struct iscsi_login *login, + } + if (!login->login_failed) { + if (login->login_complete) { +- if (isert_conn->conn_device->use_fastreg) { ++ if (!conn->sess->sess_ops->SessionType && ++ isert_conn->conn_device->use_fastreg) { + ret = isert_conn_create_fastreg_pool(isert_conn); + if (ret) { + pr_err("Conn: %p failed to create" +@@ -1937,7 +1953,7 @@ isert_put_response(struct iscsi_conn *conn, struct iscsi_cmd *cmd) + isert_cmd->tx_desc.num_sge = 2; + } + +- isert_init_send_wr(isert_conn, isert_cmd, send_wr, true); ++ isert_init_send_wr(isert_conn, isert_cmd, send_wr, false); + + pr_debug("Posting SCSI Response IB_WR_SEND >>>>>>>>>>>>>>>>>>>>>>\n"); + +@@ -2456,7 +2472,7 @@ isert_put_datain(struct iscsi_conn *conn, struct iscsi_cmd *cmd) + &isert_cmd->tx_desc.iscsi_header); + isert_init_tx_hdrs(isert_conn, &isert_cmd->tx_desc); + isert_init_send_wr(isert_conn, isert_cmd, +- &isert_cmd->tx_desc.send_wr, true); ++ &isert_cmd->tx_desc.send_wr, false); + + atomic_add(wr->send_wr_num + 1, &isert_conn->post_send_buf_count); + +@@ -2768,7 +2784,8 @@ isert_free_np(struct iscsi_np *np) + { + struct isert_np *isert_np = (struct isert_np *)np->np_context; + +- rdma_destroy_id(isert_np->np_cm_id); ++ if (isert_np->np_cm_id) ++ rdma_destroy_id(isert_np->np_cm_id); + + np->np_context = NULL; + kfree(isert_np); +diff --git a/drivers/infiniband/ulp/srpt/ib_srpt.c b/drivers/infiniband/ulp/srpt/ib_srpt.c +index d1078ce..0097b8d 100644 +--- a/drivers/infiniband/ulp/srpt/ib_srpt.c ++++ b/drivers/infiniband/ulp/srpt/ib_srpt.c +@@ -2091,6 +2091,7 @@ static int srpt_create_ch_ib(struct srpt_rdma_ch *ch) + if (!qp_init) + goto out; + ++retry: + ch->cq = ib_create_cq(sdev->device, srpt_completion, NULL, ch, + ch->rq_size + srp_sq_size, 0); + if (IS_ERR(ch->cq)) { +@@ -2114,6 +2115,13 @@ static int srpt_create_ch_ib(struct srpt_rdma_ch *ch) + ch->qp = ib_create_qp(sdev->pd, qp_init); + if (IS_ERR(ch->qp)) { + ret = PTR_ERR(ch->qp); ++ if (ret == -ENOMEM) { ++ srp_sq_size /= 2; ++ if (srp_sq_size >= MIN_SRPT_SQ_SIZE) { ++ ib_destroy_cq(ch->cq); ++ goto retry; ++ } ++ } + printk(KERN_ERR "failed to create_qp ret= %d\n", ret); + goto err_destroy_cq; + } +diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c +index 603fe0d..517829f 100644 +--- a/drivers/input/joystick/xpad.c ++++ b/drivers/input/joystick/xpad.c +@@ -1003,9 +1003,19 @@ static int xpad_probe(struct usb_interface *intf, const struct usb_device_id *id + } + + ep_irq_in = &intf->cur_altsetting->endpoint[1].desc; +- usb_fill_bulk_urb(xpad->bulk_out, udev, +- usb_sndbulkpipe(udev, ep_irq_in->bEndpointAddress), +- xpad->bdata, XPAD_PKT_LEN, xpad_bulk_out, xpad); ++ if (usb_endpoint_is_bulk_out(ep_irq_in)) { ++ usb_fill_bulk_urb(xpad->bulk_out, udev, ++ usb_sndbulkpipe(udev, ++ ep_irq_in->bEndpointAddress), ++ xpad->bdata, XPAD_PKT_LEN, ++ xpad_bulk_out, xpad); ++ } else { ++ usb_fill_int_urb(xpad->bulk_out, udev, ++ usb_sndintpipe(udev, ++ ep_irq_in->bEndpointAddress), ++ xpad->bdata, XPAD_PKT_LEN, ++ xpad_bulk_out, xpad, 0); ++ } + + /* + * Submit the int URB immediately rather than waiting for open +diff --git a/drivers/input/mouse/synaptics.c b/drivers/input/mouse/synaptics.c +index 1e76eb8..a3769cf 100644 +--- a/drivers/input/mouse/synaptics.c ++++ b/drivers/input/mouse/synaptics.c +@@ -140,6 +140,10 @@ static const struct min_max_quirk min_max_pnpid_table[] = { + (const char * const []){"LEN2001", NULL}, + 1024, 5022, 2508, 4832 + }, ++ { ++ (const char * const []){"LEN2006", NULL}, ++ 1264, 5675, 1171, 4688 ++ }, + { } + }; + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index cc38948..1537982 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -2450,9 +2450,9 @@ static void bond_loadbalance_arp_mon(struct work_struct *work) + if (!rtnl_trylock()) + goto re_arm; + +- if (slave_state_changed) { ++ if (slave_state_changed) + bond_slave_state_change(bond); +- } else if (do_failover) { ++ if (do_failover) { + /* the bond_select_active_slave must hold RTNL + * and curr_slave_lock for write. + */ +diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c +index fc59bc6..cc11f7f 100644 +--- a/drivers/net/can/dev.c ++++ b/drivers/net/can/dev.c +@@ -384,7 +384,7 @@ void can_free_echo_skb(struct net_device *dev, unsigned int idx) + BUG_ON(idx >= priv->echo_skb_max); + + if (priv->echo_skb[idx]) { +- kfree_skb(priv->echo_skb[idx]); ++ dev_kfree_skb_any(priv->echo_skb[idx]); + priv->echo_skb[idx] = NULL; + } + } +diff --git a/drivers/net/can/usb/esd_usb2.c b/drivers/net/can/usb/esd_usb2.c +index 7fbe859..f34f7fa 100644 +--- a/drivers/net/can/usb/esd_usb2.c ++++ b/drivers/net/can/usb/esd_usb2.c +@@ -1141,6 +1141,7 @@ static void esd_usb2_disconnect(struct usb_interface *intf) + } + } + unlink_all_urbs(dev); ++ kfree(dev); + } + } + +diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c +index bf0d55e..6adbef8 100644 +--- a/drivers/net/ieee802154/fakehard.c ++++ b/drivers/net/ieee802154/fakehard.c +@@ -376,17 +376,20 @@ static int ieee802154fake_probe(struct platform_device *pdev) + + err = wpan_phy_register(phy); + if (err) +- goto out; ++ goto err_phy_reg; + + err = register_netdev(dev); +- if (err < 0) +- goto out; ++ if (err) ++ goto err_netdev_reg; + + dev_info(&pdev->dev, "Added ieee802154 HardMAC hardware\n"); + return 0; + +-out: +- unregister_netdev(dev); ++err_netdev_reg: ++ wpan_phy_unregister(phy); ++err_phy_reg: ++ free_netdev(dev); ++ wpan_phy_free(phy); + return err; + } + +diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c +index 1aff970..1dc628f 100644 +--- a/drivers/net/ppp/pptp.c ++++ b/drivers/net/ppp/pptp.c +@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr, + int len = sizeof(struct sockaddr_pppox); + struct sockaddr_pppox sp; + +- sp.sa_family = AF_PPPOX; ++ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr)); ++ ++ sp.sa_family = AF_PPPOX; + sp.sa_protocol = PX_PROTO_PPTP; + sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr; + +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c +index d510f1d..db21af8 100644 +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -769,6 +769,7 @@ static const struct usb_device_id products[] = { + {QMI_FIXED_INTF(0x413c, 0x81a4, 8)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */ + {QMI_FIXED_INTF(0x413c, 0x81a8, 8)}, /* Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card */ + {QMI_FIXED_INTF(0x413c, 0x81a9, 8)}, /* Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card */ ++ {QMI_FIXED_INTF(0x03f0, 0x581d, 4)}, /* HP lt4112 LTE/HSPA+ Gobi 4G Module (Huawei me906e) */ + + /* 4. Gobi 1000 devices */ + {QMI_GOBI1K_DEVICE(0x05c6, 0x9212)}, /* Acer Gobi Modem Device */ +diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +index 09facba..390c2de 100644 +--- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c ++++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c +@@ -647,6 +647,19 @@ static void ar9003_hw_override_ini(struct ath_hw *ah) + ah->enabled_cals |= TX_CL_CAL; + else + ah->enabled_cals &= ~TX_CL_CAL; ++ ++ if (AR_SREV_9340(ah) || AR_SREV_9531(ah) || AR_SREV_9550(ah)) { ++ if (ah->is_clk_25mhz) { ++ REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1); ++ REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7); ++ REG_WRITE(ah, AR_SLP32_INC, 0x0001e7ae); ++ } else { ++ REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1); ++ REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400); ++ REG_WRITE(ah, AR_SLP32_INC, 0x0001e800); ++ } ++ udelay(100); ++ } + } + + static void ar9003_hw_prog_ini(struct ath_hw *ah, +diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c +index 9078a6c..dcc1494 100644 +--- a/drivers/net/wireless/ath/ath9k/hw.c ++++ b/drivers/net/wireless/ath/ath9k/hw.c +@@ -858,19 +858,6 @@ static void ath9k_hw_init_pll(struct ath_hw *ah, + udelay(RTC_PLL_SETTLE_DELAY); + + REG_WRITE(ah, AR_RTC_SLEEP_CLK, AR_RTC_FORCE_DERIVED_CLK); +- +- if (AR_SREV_9340(ah) || AR_SREV_9550(ah)) { +- if (ah->is_clk_25mhz) { +- REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x17c << 1); +- REG_WRITE(ah, AR_SLP32_MODE, 0x0010f3d7); +- REG_WRITE(ah, AR_SLP32_INC, 0x0001e7ae); +- } else { +- REG_WRITE(ah, AR_RTC_DERIVED_CLK, 0x261 << 1); +- REG_WRITE(ah, AR_SLP32_MODE, 0x0010f400); +- REG_WRITE(ah, AR_SLP32_INC, 0x0001e800); +- } +- udelay(100); +- } + } + + static void ath9k_hw_init_interrupt_masks(struct ath_hw *ah, +diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c +index 5642ccc..22d49d5 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00queue.c ++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c +@@ -158,55 +158,29 @@ void rt2x00queue_align_frame(struct sk_buff *skb) + skb_trim(skb, frame_length); + } + +-void rt2x00queue_insert_l2pad(struct sk_buff *skb, unsigned int header_length) ++/* ++ * H/W needs L2 padding between the header and the paylod if header size ++ * is not 4 bytes aligned. ++ */ ++void rt2x00queue_insert_l2pad(struct sk_buff *skb, unsigned int hdr_len) + { +- unsigned int payload_length = skb->len - header_length; +- unsigned int header_align = ALIGN_SIZE(skb, 0); +- unsigned int payload_align = ALIGN_SIZE(skb, header_length); +- unsigned int l2pad = payload_length ? L2PAD_SIZE(header_length) : 0; ++ unsigned int l2pad = (skb->len > hdr_len) ? L2PAD_SIZE(hdr_len) : 0; + +- /* +- * Adjust the header alignment if the payload needs to be moved more +- * than the header. +- */ +- if (payload_align > header_align) +- header_align += 4; +- +- /* There is nothing to do if no alignment is needed */ +- if (!header_align) ++ if (!l2pad) + return; + +- /* Reserve the amount of space needed in front of the frame */ +- skb_push(skb, header_align); +- +- /* +- * Move the header. +- */ +- memmove(skb->data, skb->data + header_align, header_length); +- +- /* Move the payload, if present and if required */ +- if (payload_length && payload_align) +- memmove(skb->data + header_length + l2pad, +- skb->data + header_length + l2pad + payload_align, +- payload_length); +- +- /* Trim the skb to the correct size */ +- skb_trim(skb, header_length + l2pad + payload_length); ++ skb_push(skb, l2pad); ++ memmove(skb->data, skb->data + l2pad, hdr_len); + } + +-void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int header_length) ++void rt2x00queue_remove_l2pad(struct sk_buff *skb, unsigned int hdr_len) + { +- /* +- * L2 padding is only present if the skb contains more than just the +- * IEEE 802.11 header. +- */ +- unsigned int l2pad = (skb->len > header_length) ? +- L2PAD_SIZE(header_length) : 0; ++ unsigned int l2pad = (skb->len > hdr_len) ? L2PAD_SIZE(hdr_len) : 0; + + if (!l2pad) + return; + +- memmove(skb->data + l2pad, skb->data, header_length); ++ memmove(skb->data + l2pad, skb->data, hdr_len); + skb_pull(skb, l2pad); + } + +diff --git a/drivers/of/address.c b/drivers/of/address.c +index 1a54f1f..005c657 100644 +--- a/drivers/of/address.c ++++ b/drivers/of/address.c +@@ -401,6 +401,21 @@ static struct of_bus *of_match_bus(struct device_node *np) + return NULL; + } + ++static int of_empty_ranges_quirk(void) ++{ ++ if (IS_ENABLED(CONFIG_PPC)) { ++ /* To save cycles, we cache the result */ ++ static int quirk_state = -1; ++ ++ if (quirk_state < 0) ++ quirk_state = ++ of_machine_is_compatible("Power Macintosh") || ++ of_machine_is_compatible("MacRISC"); ++ return quirk_state; ++ } ++ return false; ++} ++ + static int of_translate_one(struct device_node *parent, struct of_bus *bus, + struct of_bus *pbus, __be32 *addr, + int na, int ns, int pna, const char *rprop) +@@ -426,12 +441,10 @@ static int of_translate_one(struct device_node *parent, struct of_bus *bus, + * This code is only enabled on powerpc. --gcl + */ + ranges = of_get_property(parent, rprop, &rlen); +-#if !defined(CONFIG_PPC) +- if (ranges == NULL) { ++ if (ranges == NULL && !of_empty_ranges_quirk()) { + pr_err("OF: no ranges; cannot translate\n"); + return 1; + } +-#endif /* !defined(CONFIG_PPC) */ + if (ranges == NULL || rlen == 0) { + offset = of_read_number(addr, na); + memset(addr, 0, pna * 4); +diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c +index fb02fc2..ced17f2 100644 +--- a/drivers/pci/msi.c ++++ b/drivers/pci/msi.c +@@ -599,6 +599,20 @@ error_attrs: + return ret; + } + ++static int msi_verify_entries(struct pci_dev *dev) ++{ ++ struct msi_desc *entry; ++ ++ list_for_each_entry(entry, &dev->msi_list, list) { ++ if (!dev->no_64bit_msi || !entry->msg.address_hi) ++ continue; ++ dev_err(&dev->dev, "Device has broken 64-bit MSI but arch" ++ " tried to assign one above 4G\n"); ++ return -EIO; ++ } ++ return 0; ++} ++ + /** + * msi_capability_init - configure device's MSI capability structure + * @dev: pointer to the pci_dev data structure of MSI device function +@@ -652,6 +666,13 @@ static int msi_capability_init(struct pci_dev *dev, int nvec) + return ret; + } + ++ ret = msi_verify_entries(dev); ++ if (ret) { ++ msi_mask_irq(entry, mask, ~mask); ++ free_msi_irqs(dev); ++ return ret; ++ } ++ + ret = populate_msi_sysfs(dev); + if (ret) { + msi_mask_irq(entry, mask, ~mask); +@@ -767,6 +788,11 @@ static int msix_capability_init(struct pci_dev *dev, + if (ret) + goto out_avail; + ++ /* Check if all MSI entries honor device restrictions */ ++ ret = msi_verify_entries(dev); ++ if (ret) ++ goto out_free; ++ + /* + * Some devices require MSI-X to be enabled before we can touch the + * MSI-X registers. We need to mask all the vectors to prevent +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c +index 6e34498..34dff3a 100644 +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -395,15 +395,16 @@ static void pci_read_bridge_mmio_pref(struct pci_bus *child) + { + struct pci_dev *dev = child->self; + u16 mem_base_lo, mem_limit_lo; +- unsigned long base, limit; ++ u64 base64, limit64; ++ dma_addr_t base, limit; + struct pci_bus_region region; + struct resource *res; + + res = child->resource[2]; + pci_read_config_word(dev, PCI_PREF_MEMORY_BASE, &mem_base_lo); + pci_read_config_word(dev, PCI_PREF_MEMORY_LIMIT, &mem_limit_lo); +- base = ((unsigned long) mem_base_lo & PCI_PREF_RANGE_MASK) << 16; +- limit = ((unsigned long) mem_limit_lo & PCI_PREF_RANGE_MASK) << 16; ++ base64 = (mem_base_lo & PCI_PREF_RANGE_MASK) << 16; ++ limit64 = (mem_limit_lo & PCI_PREF_RANGE_MASK) << 16; + + if ((mem_base_lo & PCI_PREF_RANGE_TYPE_MASK) == PCI_PREF_RANGE_TYPE_64) { + u32 mem_base_hi, mem_limit_hi; +@@ -417,18 +418,20 @@ static void pci_read_bridge_mmio_pref(struct pci_bus *child) + * this, just assume they are not being used. + */ + if (mem_base_hi <= mem_limit_hi) { +-#if BITS_PER_LONG == 64 +- base |= ((unsigned long) mem_base_hi) << 32; +- limit |= ((unsigned long) mem_limit_hi) << 32; +-#else +- if (mem_base_hi || mem_limit_hi) { +- dev_err(&dev->dev, "can't handle 64-bit " +- "address space for bridge\n"); +- return; +- } +-#endif ++ base64 |= (u64) mem_base_hi << 32; ++ limit64 |= (u64) mem_limit_hi << 32; + } + } ++ ++ base = (dma_addr_t) base64; ++ limit = (dma_addr_t) limit64; ++ ++ if (base != base64) { ++ dev_err(&dev->dev, "can't handle bridge window above 4GB (bus address %#010llx)\n", ++ (unsigned long long) base64); ++ return; ++ } ++ + if (base <= limit) { + res->flags = (mem_base_lo & PCI_PREF_RANGE_TYPE_MASK) | + IORESOURCE_MEM | IORESOURCE_PREFETCH; +diff --git a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +index 9b94850..cc6b13b 100644 +--- a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +@@ -411,6 +411,7 @@ static int bnx2fc_rcv(struct sk_buff *skb, struct net_device *dev, + struct fc_frame_header *fh; + struct fcoe_rcv_info *fr; + struct fcoe_percpu_s *bg; ++ struct sk_buff *tmp_skb; + unsigned short oxid; + + interface = container_of(ptype, struct bnx2fc_interface, +@@ -423,6 +424,12 @@ static int bnx2fc_rcv(struct sk_buff *skb, struct net_device *dev, + goto err; + } + ++ tmp_skb = skb_share_check(skb, GFP_ATOMIC); ++ if (!tmp_skb) ++ goto err; ++ ++ skb = tmp_skb; ++ + if (unlikely(eth_hdr(skb)->h_proto != htons(ETH_P_FCOE))) { + printk(KERN_ERR PFX "bnx2fc_rcv: Wrong FC type frame\n"); + goto err; +diff --git a/drivers/scsi/scsi_devinfo.c b/drivers/scsi/scsi_devinfo.c +index 49014a1..c1d04d4 100644 +--- a/drivers/scsi/scsi_devinfo.c ++++ b/drivers/scsi/scsi_devinfo.c +@@ -202,6 +202,7 @@ static struct { + {"IOMEGA", "Io20S *F", NULL, BLIST_KEY}, + {"INSITE", "Floptical F*8I", NULL, BLIST_KEY}, + {"INSITE", "I325VM", NULL, BLIST_KEY}, ++ {"Intel", "Multi-Flex", NULL, BLIST_NO_RSOC}, + {"iRiver", "iFP Mass Driver", NULL, BLIST_NOT_LOCKABLE | BLIST_INQUIRY_36}, + {"LASOUND", "CDX7405", "3.10", BLIST_MAX5LUN | BLIST_SINGLELUN}, + {"MATSHITA", "PD-1", NULL, BLIST_FORCELUN | BLIST_SINGLELUN}, +diff --git a/drivers/spi/spi-dw.c b/drivers/spi/spi-dw.c +index e63d270..e543b80 100644 +--- a/drivers/spi/spi-dw.c ++++ b/drivers/spi/spi-dw.c +@@ -394,9 +394,6 @@ static void pump_transfers(unsigned long data) + chip = dws->cur_chip; + spi = message->spi; + +- if (unlikely(!chip->clk_div)) +- chip->clk_div = dws->max_freq / chip->speed_hz; +- + if (message->state == ERROR_STATE) { + message->status = -EIO; + goto early_exit; +@@ -437,7 +434,7 @@ static void pump_transfers(unsigned long data) + if (transfer->speed_hz) { + speed = chip->speed_hz; + +- if (transfer->speed_hz != speed) { ++ if ((transfer->speed_hz != speed) || (!chip->clk_div)) { + speed = transfer->speed_hz; + if (speed > dws->max_freq) { + printk(KERN_ERR "MRST SPI0: unsupported" +@@ -659,7 +656,6 @@ static int dw_spi_setup(struct spi_device *spi) + dev_err(&spi->dev, "No max speed HZ parameter\n"); + return -EINVAL; + } +- chip->speed_hz = spi->max_speed_hz; + + chip->tmode = 0; /* Tx & Rx */ + /* Default SPI mode is SCPOL = 0, SCPH = 0 */ +diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +index fed699f..2185a71 100644 +--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c ++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +@@ -57,6 +57,7 @@ static struct usb_device_id rtw_usb_id_tbl[] = { + {USB_DEVICE(0x07b8, 0x8179)}, /* Abocom - Abocom */ + {USB_DEVICE(0x2001, 0x330F)}, /* DLink DWA-125 REV D1 */ + {USB_DEVICE(0x2001, 0x3310)}, /* Dlink DWA-123 REV D1 */ ++ {USB_DEVICE(0x2001, 0x3311)}, /* DLink GO-USB-N150 REV B1 */ + {USB_DEVICE(0x0df6, 0x0076)}, /* Sitecom N150 v2 */ + {} /* Terminating entry */ + }; +diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c +index 9232c773..e6463ef 100644 +--- a/drivers/target/target_core_transport.c ++++ b/drivers/target/target_core_transport.c +@@ -2230,7 +2230,7 @@ transport_generic_new_cmd(struct se_cmd *cmd) + * and let it call back once the write buffers are ready. + */ + target_add_to_state_list(cmd); +- if (cmd->data_direction != DMA_TO_DEVICE) { ++ if (cmd->data_direction != DMA_TO_DEVICE || cmd->data_length == 0) { + target_execute_cmd(cmd); + return 0; + } +diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c +index c854593..b195fdb 100644 +--- a/drivers/usb/core/quirks.c ++++ b/drivers/usb/core/quirks.c +@@ -44,6 +44,9 @@ static const struct usb_device_id usb_quirk_list[] = { + /* Creative SB Audigy 2 NX */ + { USB_DEVICE(0x041e, 0x3020), .driver_info = USB_QUIRK_RESET_RESUME }, + ++ /* Microsoft Wireless Laser Mouse 6000 Receiver */ ++ { USB_DEVICE(0x045e, 0x00e1), .driver_info = USB_QUIRK_RESET_RESUME }, ++ + /* Microsoft LifeCam-VX700 v2.0 */ + { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME }, + +diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c +index 75cb1ff..73c43e5 100644 +--- a/drivers/usb/host/xhci-pci.c ++++ b/drivers/usb/host/xhci-pci.c +@@ -281,7 +281,7 @@ static int xhci_pci_suspend(struct usb_hcd *hcd, bool do_wakeup) + if (xhci_compliance_mode_recovery_timer_quirk_check()) + pdev->no_d3cold = true; + +- return xhci_suspend(xhci); ++ return xhci_suspend(xhci, do_wakeup); + } + + static int xhci_pci_resume(struct usb_hcd *hcd, bool hibernated) +diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c +index 8abda5c..1d5ba3c 100644 +--- a/drivers/usb/host/xhci-plat.c ++++ b/drivers/usb/host/xhci-plat.c +@@ -205,7 +205,15 @@ static int xhci_plat_suspend(struct device *dev) + struct usb_hcd *hcd = dev_get_drvdata(dev); + struct xhci_hcd *xhci = hcd_to_xhci(hcd); + +- return xhci_suspend(xhci); ++ /* ++ * xhci_suspend() needs `do_wakeup` to know whether host is allowed ++ * to do wakeup during suspend. Since xhci_plat_suspend is currently ++ * only designed for system suspend, device_may_wakeup() is enough ++ * to dertermine whether host is allowed to do wakeup. Need to ++ * reconsider this when xhci_plat_suspend enlarges its scope, e.g., ++ * also applies to runtime suspend. ++ */ ++ return xhci_suspend(xhci, device_may_wakeup(dev)); + } + + static int xhci_plat_resume(struct device *dev) +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 0e6665a..1710a86 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -1180,9 +1180,8 @@ static void xhci_handle_cmd_reset_ep(struct xhci_hcd *xhci, int slot_id, + false); + xhci_ring_cmd_db(xhci); + } else { +- /* Clear our internal halted state and restart the ring(s) */ ++ /* Clear our internal halted state */ + xhci->devs[slot_id]->eps[ep_index].ep_state &= ~EP_HALTED; +- ring_doorbell_for_active_rings(xhci, slot_id, ep_index); + } + } + +diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c +index 82b563f..17e3987 100644 +--- a/drivers/usb/host/xhci.c ++++ b/drivers/usb/host/xhci.c +@@ -35,6 +35,8 @@ + #define DRIVER_AUTHOR "Sarah Sharp" + #define DRIVER_DESC "'eXtensible' Host Controller (xHC) Driver" + ++#define PORT_WAKE_BITS (PORT_WKOC_E | PORT_WKDISC_E | PORT_WKCONN_E) ++ + /* Some 0.95 hardware can't handle the chain bit on a Link TRB being cleared */ + static int link_quirk; + module_param(link_quirk, int, S_IRUGO | S_IWUSR); +@@ -842,13 +844,47 @@ static void xhci_clear_command_ring(struct xhci_hcd *xhci) + xhci_set_cmd_ring_deq(xhci); + } + ++static void xhci_disable_port_wake_on_bits(struct xhci_hcd *xhci) ++{ ++ int port_index; ++ __le32 __iomem **port_array; ++ unsigned long flags; ++ u32 t1, t2; ++ ++ spin_lock_irqsave(&xhci->lock, flags); ++ ++ /* disble usb3 ports Wake bits*/ ++ port_index = xhci->num_usb3_ports; ++ port_array = xhci->usb3_ports; ++ while (port_index--) { ++ t1 = readl(port_array[port_index]); ++ t1 = xhci_port_state_to_neutral(t1); ++ t2 = t1 & ~PORT_WAKE_BITS; ++ if (t1 != t2) ++ writel(t2, port_array[port_index]); ++ } ++ ++ /* disble usb2 ports Wake bits*/ ++ port_index = xhci->num_usb2_ports; ++ port_array = xhci->usb2_ports; ++ while (port_index--) { ++ t1 = readl(port_array[port_index]); ++ t1 = xhci_port_state_to_neutral(t1); ++ t2 = t1 & ~PORT_WAKE_BITS; ++ if (t1 != t2) ++ writel(t2, port_array[port_index]); ++ } ++ ++ spin_unlock_irqrestore(&xhci->lock, flags); ++} ++ + /* + * Stop HC (not bus-specific) + * + * This is called when the machine transition into S3/S4 mode. + * + */ +-int xhci_suspend(struct xhci_hcd *xhci) ++int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup) + { + int rc = 0; + unsigned int delay = XHCI_MAX_HALT_USEC; +@@ -859,6 +895,10 @@ int xhci_suspend(struct xhci_hcd *xhci) + xhci->shared_hcd->state != HC_STATE_SUSPENDED) + return -EINVAL; + ++ /* Clear root port wake on bits if wakeup not allowed. */ ++ if (!do_wakeup) ++ xhci_disable_port_wake_on_bits(xhci); ++ + /* Don't poll the roothubs on bus suspend. */ + xhci_dbg(xhci, "%s: stopping port polling.\n", __func__); + clear_bit(HCD_FLAG_POLL_RH, &hcd->flags); +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 8faef64..96e9e78 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -1760,7 +1760,7 @@ void xhci_shutdown(struct usb_hcd *hcd); + int xhci_gen_setup(struct usb_hcd *hcd, xhci_get_quirks_t get_quirks); + + #ifdef CONFIG_PM +-int xhci_suspend(struct xhci_hcd *xhci); ++int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup); + int xhci_resume(struct xhci_hcd *xhci, bool hibernated); + #else + #define xhci_suspend NULL +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c +index 3beae72..5741e94 100644 +--- a/drivers/usb/serial/cp210x.c ++++ b/drivers/usb/serial/cp210x.c +@@ -120,6 +120,7 @@ static const struct usb_device_id id_table[] = { + { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */ + { USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */ + { USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */ ++ { USB_DEVICE(0x10C4, 0x8875) }, /* CEL MeshConnect USB Stick */ + { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */ + { USB_DEVICE(0x10C4, 0x8946) }, /* Ketra N1 Wireless Interface */ +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index a523ada..debcdef 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -483,6 +483,39 @@ static const struct usb_device_id id_table_combined[] = { + { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FD_PID) }, + { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FE_PID) }, + { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_01FF_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_4701_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9300_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9301_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9302_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9303_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9304_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9305_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9306_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9307_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9308_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9309_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930A_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930B_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930C_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930D_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930E_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_930F_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9310_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9311_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9312_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9313_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9314_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9315_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9316_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9317_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9318_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_9319_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931A_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931B_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931C_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931D_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931E_PID) }, ++ { USB_DEVICE(MTXORB_VID, MTXORB_FTDI_RANGE_931F_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_PERLE_ULTRAPORT_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_PIEGROUP_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_TNC_X_PID) }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index 6786b70..e52409c9 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -926,8 +926,8 @@ + #define BAYER_CONTOUR_CABLE_PID 0x6001 + + /* +- * The following are the values for the Matrix Orbital FTDI Range +- * Anything in this range will use an FT232RL. ++ * Matrix Orbital Intelligent USB displays. ++ * http://www.matrixorbital.com + */ + #define MTXORB_VID 0x1B3D + #define MTXORB_FTDI_RANGE_0100_PID 0x0100 +@@ -1186,8 +1186,39 @@ + #define MTXORB_FTDI_RANGE_01FD_PID 0x01FD + #define MTXORB_FTDI_RANGE_01FE_PID 0x01FE + #define MTXORB_FTDI_RANGE_01FF_PID 0x01FF +- +- ++#define MTXORB_FTDI_RANGE_4701_PID 0x4701 ++#define MTXORB_FTDI_RANGE_9300_PID 0x9300 ++#define MTXORB_FTDI_RANGE_9301_PID 0x9301 ++#define MTXORB_FTDI_RANGE_9302_PID 0x9302 ++#define MTXORB_FTDI_RANGE_9303_PID 0x9303 ++#define MTXORB_FTDI_RANGE_9304_PID 0x9304 ++#define MTXORB_FTDI_RANGE_9305_PID 0x9305 ++#define MTXORB_FTDI_RANGE_9306_PID 0x9306 ++#define MTXORB_FTDI_RANGE_9307_PID 0x9307 ++#define MTXORB_FTDI_RANGE_9308_PID 0x9308 ++#define MTXORB_FTDI_RANGE_9309_PID 0x9309 ++#define MTXORB_FTDI_RANGE_930A_PID 0x930A ++#define MTXORB_FTDI_RANGE_930B_PID 0x930B ++#define MTXORB_FTDI_RANGE_930C_PID 0x930C ++#define MTXORB_FTDI_RANGE_930D_PID 0x930D ++#define MTXORB_FTDI_RANGE_930E_PID 0x930E ++#define MTXORB_FTDI_RANGE_930F_PID 0x930F ++#define MTXORB_FTDI_RANGE_9310_PID 0x9310 ++#define MTXORB_FTDI_RANGE_9311_PID 0x9311 ++#define MTXORB_FTDI_RANGE_9312_PID 0x9312 ++#define MTXORB_FTDI_RANGE_9313_PID 0x9313 ++#define MTXORB_FTDI_RANGE_9314_PID 0x9314 ++#define MTXORB_FTDI_RANGE_9315_PID 0x9315 ++#define MTXORB_FTDI_RANGE_9316_PID 0x9316 ++#define MTXORB_FTDI_RANGE_9317_PID 0x9317 ++#define MTXORB_FTDI_RANGE_9318_PID 0x9318 ++#define MTXORB_FTDI_RANGE_9319_PID 0x9319 ++#define MTXORB_FTDI_RANGE_931A_PID 0x931A ++#define MTXORB_FTDI_RANGE_931B_PID 0x931B ++#define MTXORB_FTDI_RANGE_931C_PID 0x931C ++#define MTXORB_FTDI_RANGE_931D_PID 0x931D ++#define MTXORB_FTDI_RANGE_931E_PID 0x931E ++#define MTXORB_FTDI_RANGE_931F_PID 0x931F + + /* + * The Mobility Lab (TML) +diff --git a/drivers/usb/serial/keyspan.c b/drivers/usb/serial/keyspan.c +index 265c677..49101fe 100644 +--- a/drivers/usb/serial/keyspan.c ++++ b/drivers/usb/serial/keyspan.c +@@ -311,24 +311,30 @@ static void usa26_indat_callback(struct urb *urb) + if ((data[0] & 0x80) == 0) { + /* no errors on individual bytes, only + possible overrun err */ +- if (data[0] & RXERROR_OVERRUN) +- err = TTY_OVERRUN; +- else +- err = 0; ++ if (data[0] & RXERROR_OVERRUN) { ++ tty_insert_flip_char(&port->port, 0, ++ TTY_OVERRUN); ++ } + for (i = 1; i < urb->actual_length ; ++i) +- tty_insert_flip_char(&port->port, data[i], err); ++ tty_insert_flip_char(&port->port, data[i], ++ TTY_NORMAL); + } else { + /* some bytes had errors, every byte has status */ + dev_dbg(&port->dev, "%s - RX error!!!!\n", __func__); + for (i = 0; i + 1 < urb->actual_length; i += 2) { +- int stat = data[i], flag = 0; +- if (stat & RXERROR_OVERRUN) +- flag |= TTY_OVERRUN; +- if (stat & RXERROR_FRAMING) +- flag |= TTY_FRAME; +- if (stat & RXERROR_PARITY) +- flag |= TTY_PARITY; ++ int stat = data[i]; ++ int flag = TTY_NORMAL; ++ ++ if (stat & RXERROR_OVERRUN) { ++ tty_insert_flip_char(&port->port, 0, ++ TTY_OVERRUN); ++ } + /* XXX should handle break (0x10) */ ++ if (stat & RXERROR_PARITY) ++ flag = TTY_PARITY; ++ else if (stat & RXERROR_FRAMING) ++ flag = TTY_FRAME; ++ + tty_insert_flip_char(&port->port, data[i+1], + flag); + } +@@ -666,14 +672,19 @@ static void usa49_indat_callback(struct urb *urb) + } else { + /* some bytes had errors, every byte has status */ + for (i = 0; i + 1 < urb->actual_length; i += 2) { +- int stat = data[i], flag = 0; +- if (stat & RXERROR_OVERRUN) +- flag |= TTY_OVERRUN; +- if (stat & RXERROR_FRAMING) +- flag |= TTY_FRAME; +- if (stat & RXERROR_PARITY) +- flag |= TTY_PARITY; ++ int stat = data[i]; ++ int flag = TTY_NORMAL; ++ ++ if (stat & RXERROR_OVERRUN) { ++ tty_insert_flip_char(&port->port, 0, ++ TTY_OVERRUN); ++ } + /* XXX should handle break (0x10) */ ++ if (stat & RXERROR_PARITY) ++ flag = TTY_PARITY; ++ else if (stat & RXERROR_FRAMING) ++ flag = TTY_FRAME; ++ + tty_insert_flip_char(&port->port, data[i+1], + flag); + } +@@ -730,15 +741,19 @@ static void usa49wg_indat_callback(struct urb *urb) + */ + for (x = 0; x + 1 < len && + i + 1 < urb->actual_length; x += 2) { +- int stat = data[i], flag = 0; ++ int stat = data[i]; ++ int flag = TTY_NORMAL; + +- if (stat & RXERROR_OVERRUN) +- flag |= TTY_OVERRUN; +- if (stat & RXERROR_FRAMING) +- flag |= TTY_FRAME; +- if (stat & RXERROR_PARITY) +- flag |= TTY_PARITY; ++ if (stat & RXERROR_OVERRUN) { ++ tty_insert_flip_char(&port->port, 0, ++ TTY_OVERRUN); ++ } + /* XXX should handle break (0x10) */ ++ if (stat & RXERROR_PARITY) ++ flag = TTY_PARITY; ++ else if (stat & RXERROR_FRAMING) ++ flag = TTY_FRAME; ++ + tty_insert_flip_char(&port->port, data[i+1], + flag); + i += 2; +@@ -790,25 +805,31 @@ static void usa90_indat_callback(struct urb *urb) + if ((data[0] & 0x80) == 0) { + /* no errors on individual bytes, only + possible overrun err*/ +- if (data[0] & RXERROR_OVERRUN) +- err = TTY_OVERRUN; +- else +- err = 0; ++ if (data[0] & RXERROR_OVERRUN) { ++ tty_insert_flip_char(&port->port, 0, ++ TTY_OVERRUN); ++ } + for (i = 1; i < urb->actual_length ; ++i) + tty_insert_flip_char(&port->port, +- data[i], err); ++ data[i], TTY_NORMAL); + } else { + /* some bytes had errors, every byte has status */ + dev_dbg(&port->dev, "%s - RX error!!!!\n", __func__); + for (i = 0; i + 1 < urb->actual_length; i += 2) { +- int stat = data[i], flag = 0; +- if (stat & RXERROR_OVERRUN) +- flag |= TTY_OVERRUN; +- if (stat & RXERROR_FRAMING) +- flag |= TTY_FRAME; +- if (stat & RXERROR_PARITY) +- flag |= TTY_PARITY; ++ int stat = data[i]; ++ int flag = TTY_NORMAL; ++ ++ if (stat & RXERROR_OVERRUN) { ++ tty_insert_flip_char( ++ &port->port, 0, ++ TTY_OVERRUN); ++ } + /* XXX should handle break (0x10) */ ++ if (stat & RXERROR_PARITY) ++ flag = TTY_PARITY; ++ else if (stat & RXERROR_FRAMING) ++ flag = TTY_FRAME; ++ + tty_insert_flip_char(&port->port, + data[i+1], flag); + } +diff --git a/drivers/usb/serial/ssu100.c b/drivers/usb/serial/ssu100.c +index a7fe664..70a098d 100644 +--- a/drivers/usb/serial/ssu100.c ++++ b/drivers/usb/serial/ssu100.c +@@ -490,10 +490,9 @@ static void ssu100_update_lsr(struct usb_serial_port *port, u8 lsr, + if (*tty_flag == TTY_NORMAL) + *tty_flag = TTY_FRAME; + } +- if (lsr & UART_LSR_OE){ ++ if (lsr & UART_LSR_OE) { + port->icount.overrun++; +- if (*tty_flag == TTY_NORMAL) +- *tty_flag = TTY_OVERRUN; ++ tty_insert_flip_char(&port->port, 0, TTY_OVERRUN); + } + } + +@@ -511,12 +510,8 @@ static void ssu100_process_read_urb(struct urb *urb) + if ((len >= 4) && + (packet[0] == 0x1b) && (packet[1] == 0x1b) && + ((packet[2] == 0x00) || (packet[2] == 0x01))) { +- if (packet[2] == 0x00) { ++ if (packet[2] == 0x00) + ssu100_update_lsr(port, packet[3], &flag); +- if (flag == TTY_OVERRUN) +- tty_insert_flip_char(&port->port, 0, +- TTY_OVERRUN); +- } + if (packet[2] == 0x01) + ssu100_update_msr(port, packet[3]); + +diff --git a/drivers/vhost/scsi.c b/drivers/vhost/scsi.c +index e48d4a6..5d0b7b8 100644 +--- a/drivers/vhost/scsi.c ++++ b/drivers/vhost/scsi.c +@@ -1200,6 +1200,7 @@ static int + vhost_scsi_set_endpoint(struct vhost_scsi *vs, + struct vhost_scsi_target *t) + { ++ struct se_portal_group *se_tpg; + struct tcm_vhost_tport *tv_tport; + struct tcm_vhost_tpg *tpg; + struct tcm_vhost_tpg **vs_tpg; +@@ -1247,6 +1248,21 @@ vhost_scsi_set_endpoint(struct vhost_scsi *vs, + ret = -EEXIST; + goto out; + } ++ /* ++ * In order to ensure individual vhost-scsi configfs ++ * groups cannot be removed while in use by vhost ioctl, ++ * go ahead and take an explicit se_tpg->tpg_group.cg_item ++ * dependency now. ++ */ ++ se_tpg = &tpg->se_tpg; ++ ret = configfs_depend_item(se_tpg->se_tpg_tfo->tf_subsys, ++ &se_tpg->tpg_group.cg_item); ++ if (ret) { ++ pr_warn("configfs_depend_item() failed: %d\n", ret); ++ kfree(vs_tpg); ++ mutex_unlock(&tpg->tv_tpg_mutex); ++ goto out; ++ } + tpg->tv_tpg_vhost_count++; + tpg->vhost_scsi = vs; + vs_tpg[tpg->tport_tpgt] = tpg; +@@ -1289,6 +1305,7 @@ static int + vhost_scsi_clear_endpoint(struct vhost_scsi *vs, + struct vhost_scsi_target *t) + { ++ struct se_portal_group *se_tpg; + struct tcm_vhost_tport *tv_tport; + struct tcm_vhost_tpg *tpg; + struct vhost_virtqueue *vq; +@@ -1337,6 +1354,13 @@ vhost_scsi_clear_endpoint(struct vhost_scsi *vs, + vs->vs_tpg[target] = NULL; + match = true; + mutex_unlock(&tpg->tv_tpg_mutex); ++ /* ++ * Release se_tpg->tpg_group.cg_item configfs dependency now ++ * to allow vhost-scsi WWPN se_tpg->tpg_group shutdown to occur. ++ */ ++ se_tpg = &tpg->se_tpg; ++ configfs_undepend_item(se_tpg->se_tpg_tfo->tf_subsys, ++ &se_tpg->tpg_group.cg_item); + } + if (match) { + for (i = 0; i < VHOST_SCSI_MAX_VQ; i++) { +diff --git a/fs/aio.c b/fs/aio.c +index f45ddaa..2f7e8c2 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -165,6 +165,15 @@ static struct vfsmount *aio_mnt; + static const struct file_operations aio_ring_fops; + static const struct address_space_operations aio_ctx_aops; + ++/* Backing dev info for aio fs. ++ * -no dirty page accounting or writeback happens ++ */ ++static struct backing_dev_info aio_fs_backing_dev_info = { ++ .name = "aiofs", ++ .state = 0, ++ .capabilities = BDI_CAP_NO_ACCT_AND_WRITEBACK | BDI_CAP_MAP_COPY, ++}; ++ + static struct file *aio_private_file(struct kioctx *ctx, loff_t nr_pages) + { + struct qstr this = QSTR_INIT("[aio]", 5); +@@ -176,6 +185,7 @@ static struct file *aio_private_file(struct kioctx *ctx, loff_t nr_pages) + + inode->i_mapping->a_ops = &aio_ctx_aops; + inode->i_mapping->private_data = ctx; ++ inode->i_mapping->backing_dev_info = &aio_fs_backing_dev_info; + inode->i_size = PAGE_SIZE * nr_pages; + + path.dentry = d_alloc_pseudo(aio_mnt->mnt_sb, &this); +@@ -221,6 +231,9 @@ static int __init aio_setup(void) + if (IS_ERR(aio_mnt)) + panic("Failed to create aio fs mount."); + ++ if (bdi_init(&aio_fs_backing_dev_info)) ++ panic("Failed to init aio fs backing dev info."); ++ + kiocb_cachep = KMEM_CACHE(kiocb, SLAB_HWCACHE_ALIGN|SLAB_PANIC); + kioctx_cachep = KMEM_CACHE(kioctx,SLAB_HWCACHE_ALIGN|SLAB_PANIC); + +@@ -282,11 +295,6 @@ static const struct file_operations aio_ring_fops = { + .mmap = aio_ring_mmap, + }; + +-static int aio_set_page_dirty(struct page *page) +-{ +- return 0; +-} +- + #if IS_ENABLED(CONFIG_MIGRATION) + static int aio_migratepage(struct address_space *mapping, struct page *new, + struct page *old, enum migrate_mode mode) +@@ -358,7 +366,7 @@ out: + #endif + + static const struct address_space_operations aio_ctx_aops = { +- .set_page_dirty = aio_set_page_dirty, ++ .set_page_dirty = __set_page_dirty_no_writeback, + #if IS_ENABLED(CONFIG_MIGRATION) + .migratepage = aio_migratepage, + #endif +@@ -413,7 +421,6 @@ static int aio_setup_ring(struct kioctx *ctx) + pr_debug("pid(%d) page[%d]->count=%d\n", + current->pid, i, page_count(page)); + SetPageUptodate(page); +- SetPageDirty(page); + unlock_page(page); + + ctx->ring_pages[i] = page; +diff --git a/fs/locks.c b/fs/locks.c +index 4dd39b9..2c61c4e 100644 +--- a/fs/locks.c ++++ b/fs/locks.c +@@ -2235,16 +2235,28 @@ void locks_remove_flock(struct file *filp) + + while ((fl = *before) != NULL) { + if (fl->fl_file == filp) { +- if (IS_FLOCK(fl)) { +- locks_delete_lock(before); +- continue; +- } + if (IS_LEASE(fl)) { + lease_modify(before, F_UNLCK); + continue; + } +- /* What? */ +- BUG(); ++ ++ /* ++ * There's a leftover lock on the list of a type that ++ * we didn't expect to see. Most likely a classic ++ * POSIX lock that ended up not getting released ++ * properly, or that raced onto the list somehow. Log ++ * some info about it and then just remove it from ++ * the list. ++ */ ++ WARN(!IS_FLOCK(fl), ++ "leftover lock: dev=%u:%u ino=%lu type=%hhd flags=0x%x start=%lld end=%lld\n", ++ MAJOR(inode->i_sb->s_dev), ++ MINOR(inode->i_sb->s_dev), inode->i_ino, ++ fl->fl_type, fl->fl_flags, ++ fl->fl_start, fl->fl_end); ++ ++ locks_delete_lock(before); ++ continue; + } + before = &fl->fl_next; + } +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c +index 2ffebf2..27d7f27 100644 +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -113,7 +113,7 @@ __nfs_iocounter_wait(struct nfs_io_counter *c) + if (atomic_read(&c->io_count) == 0) + break; + ret = nfs_wait_bit_killable(&c->flags); +- } while (atomic_read(&c->io_count) != 0); ++ } while (atomic_read(&c->io_count) != 0 && !ret); + finish_wait(wq, &q.wait); + return ret; + } +diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c +index cc8c5b3..f42bbe5 100644 +--- a/fs/nfsd/nfs4callback.c ++++ b/fs/nfsd/nfs4callback.c +@@ -784,8 +784,12 @@ static bool nfsd41_cb_get_slot(struct nfs4_client *clp, struct rpc_task *task) + { + if (test_and_set_bit(0, &clp->cl_cb_slot_busy) != 0) { + rpc_sleep_on(&clp->cl_cb_waitq, task, NULL); +- dprintk("%s slot is busy\n", __func__); +- return false; ++ /* Race breaker */ ++ if (test_and_set_bit(0, &clp->cl_cb_slot_busy) != 0) { ++ dprintk("%s slot is busy\n", __func__); ++ return false; ++ } ++ rpc_wake_up_queued_task(&clp->cl_cb_waitq, task); + } + return true; + } +diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c +index f8f060f..6040da8 100644 +--- a/fs/nfsd/nfscache.c ++++ b/fs/nfsd/nfscache.c +@@ -224,13 +224,6 @@ hash_refile(struct svc_cacherep *rp) + hlist_add_head(&rp->c_hash, cache_hash + hash_32(rp->c_xid, maskbits)); + } + +-static inline bool +-nfsd_cache_entry_expired(struct svc_cacherep *rp) +-{ +- return rp->c_state != RC_INPROG && +- time_after(jiffies, rp->c_timestamp + RC_EXPIRE); +-} +- + /* + * Walk the LRU list and prune off entries that are older than RC_EXPIRE. + * Also prune the oldest ones when the total exceeds the max number of entries. +@@ -242,8 +235,14 @@ prune_cache_entries(void) + long freed = 0; + + list_for_each_entry_safe(rp, tmp, &lru_head, c_lru) { +- if (!nfsd_cache_entry_expired(rp) && +- num_drc_entries <= max_drc_entries) ++ /* ++ * Don't free entries attached to calls that are still ++ * in-progress, but do keep scanning the list. ++ */ ++ if (rp->c_state == RC_INPROG) ++ continue; ++ if (num_drc_entries <= max_drc_entries && ++ time_before(jiffies, rp->c_timestamp + RC_EXPIRE)) + break; + nfsd_reply_cache_free_locked(rp); + freed++; +diff --git a/fs/nfsd/nfsd.h b/fs/nfsd/nfsd.h +index 479eb68..f417fef 100644 +--- a/fs/nfsd/nfsd.h ++++ b/fs/nfsd/nfsd.h +@@ -328,12 +328,15 @@ void nfsd_lockd_shutdown(void); + (NFSD4_SUPPORTED_ATTRS_WORD2 | FATTR4_WORD2_SUPPATTR_EXCLCREAT) + + #ifdef CONFIG_NFSD_V4_SECURITY_LABEL +-#define NFSD4_2_SUPPORTED_ATTRS_WORD2 \ +- (NFSD4_1_SUPPORTED_ATTRS_WORD2 | FATTR4_WORD2_SECURITY_LABEL) ++#define NFSD4_2_SECURITY_ATTRS FATTR4_WORD2_SECURITY_LABEL + #else +-#define NFSD4_2_SUPPORTED_ATTRS_WORD2 0 ++#define NFSD4_2_SECURITY_ATTRS 0 + #endif + ++#define NFSD4_2_SUPPORTED_ATTRS_WORD2 \ ++ (NFSD4_1_SUPPORTED_ATTRS_WORD2 | \ ++ NFSD4_2_SECURITY_ATTRS) ++ + static inline u32 nfsd_suppattrs0(u32 minorversion) + { + return minorversion ? NFSD4_1_SUPPORTED_ATTRS_WORD0 +diff --git a/include/linux/bitops.h b/include/linux/bitops.h +index be5fd38..5d858e0 100644 +--- a/include/linux/bitops.h ++++ b/include/linux/bitops.h +@@ -18,8 +18,11 @@ + * position @h. For example + * GENMASK_ULL(39, 21) gives us the 64bit vector 0x000000ffffe00000. + */ +-#define GENMASK(h, l) (((U32_C(1) << ((h) - (l) + 1)) - 1) << (l)) +-#define GENMASK_ULL(h, l) (((U64_C(1) << ((h) - (l) + 1)) - 1) << (l)) ++#define GENMASK(h, l) \ ++ (((~0UL) << (l)) & (~0UL >> (BITS_PER_LONG - 1 - (h)))) ++ ++#define GENMASK_ULL(h, l) \ ++ (((~0ULL) << (l)) & (~0ULL >> (BITS_PER_LONG_LONG - 1 - (h)))) + + extern unsigned int __sw_hweight8(unsigned int w); + extern unsigned int __sw_hweight16(unsigned int w); +diff --git a/include/linux/iio/events.h b/include/linux/iio/events.h +index 8bbd7bc..03fa332 100644 +--- a/include/linux/iio/events.h ++++ b/include/linux/iio/events.h +@@ -72,7 +72,7 @@ struct iio_event_data { + + #define IIO_EVENT_CODE_EXTRACT_TYPE(mask) ((mask >> 56) & 0xFF) + +-#define IIO_EVENT_CODE_EXTRACT_DIR(mask) ((mask >> 48) & 0xCF) ++#define IIO_EVENT_CODE_EXTRACT_DIR(mask) ((mask >> 48) & 0x7F) + + #define IIO_EVENT_CODE_EXTRACT_CHAN_TYPE(mask) ((mask >> 32) & 0xFF) + +diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h +index 0068708..0a21fbe 100644 +--- a/include/linux/inetdevice.h ++++ b/include/linux/inetdevice.h +@@ -242,7 +242,7 @@ static inline void in_dev_put(struct in_device *idev) + static __inline__ __be32 inet_make_mask(int logmask) + { + if (logmask) +- return htonl(~((1<<(32-logmask))-1)); ++ return htonl(~((1U<<(32-logmask))-1)); + return 0; + } + +diff --git a/include/linux/pci.h b/include/linux/pci.h +index 33aa2ca..0e5e16c 100644 +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -324,6 +324,7 @@ struct pci_dev { + unsigned int is_added:1; + unsigned int is_busmaster:1; /* device is busmaster */ + unsigned int no_msi:1; /* device may not use msi */ ++ unsigned int no_64bit_msi:1; /* device may only use 32-bit MSIs */ + unsigned int block_cfg_access:1; /* config space access is blocked */ + unsigned int broken_parity_status:1; /* Device generates false positive parity */ + unsigned int irq_reroute_variant:2; /* device needs IRQ rerouting variant */ +diff --git a/include/sound/soc-dpcm.h b/include/sound/soc-dpcm.h +index 2883a7a..98f2ade 100644 +--- a/include/sound/soc-dpcm.h ++++ b/include/sound/soc-dpcm.h +@@ -102,6 +102,8 @@ struct snd_soc_dpcm_runtime { + /* state and update */ + enum snd_soc_dpcm_update runtime_update; + enum snd_soc_dpcm_state state; ++ ++ int trigger_pending; /* trigger cmd + 1 if pending, 0 if not */ + }; + + /* can this BE stop and free */ +diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c +index 307d87c..1139b22 100644 +--- a/kernel/events/uprobes.c ++++ b/kernel/events/uprobes.c +@@ -1621,7 +1621,6 @@ bool uprobe_deny_signal(void) + if (__fatal_signal_pending(t) || arch_uprobe_xol_was_trapped(t)) { + utask->state = UTASK_SSTEP_TRAPPED; + set_tsk_thread_flag(t, TIF_UPROBE); +- set_tsk_thread_flag(t, TIF_NOTIFY_RESUME); + } + } + +diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c +index b851cc5..fbda6b5 100644 +--- a/net/batman-adv/hard-interface.c ++++ b/net/batman-adv/hard-interface.c +@@ -83,7 +83,7 @@ static bool batadv_is_on_batman_iface(const struct net_device *net_dev) + return true; + + /* no more parents..stop recursion */ +- if (net_dev->iflink == net_dev->ifindex) ++ if (net_dev->iflink == 0 || net_dev->iflink == net_dev->ifindex) + return false; + + /* recurse over the parent device */ +diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c +index f2e1573..8f7bd56 100644 +--- a/net/ipv4/fib_rules.c ++++ b/net/ipv4/fib_rules.c +@@ -62,6 +62,10 @@ int __fib_lookup(struct net *net, struct flowi4 *flp, struct fib_result *res) + else + res->tclassid = 0; + #endif ++ ++ if (err == -ESRCH) ++ err = -ENETUNREACH; ++ + return err; + } + EXPORT_SYMBOL_GPL(__fib_lookup); +diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c +index e21934b..0d33f94 100644 +--- a/net/ipv4/ping.c ++++ b/net/ipv4/ping.c +@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) + &ipv6_hdr(skb)->daddr)) + continue; + #endif ++ } else { ++ continue; + } + + if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) +diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c +index 00b2a6d..d65aea2 100644 +--- a/net/ipx/af_ipx.c ++++ b/net/ipx/af_ipx.c +@@ -1763,6 +1763,7 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, + struct ipxhdr *ipx = NULL; + struct sk_buff *skb; + int copied, rc; ++ bool locked = true; + + lock_sock(sk); + /* put the autobinding in */ +@@ -1789,6 +1790,8 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, + if (sock_flag(sk, SOCK_ZAPPED)) + goto out; + ++ release_sock(sk); ++ locked = false; + skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, + flags & MSG_DONTWAIT, &rc); + if (!skb) +@@ -1822,7 +1825,8 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock, + out_free: + skb_free_datagram(sk, skb); + out: +- release_sock(sk); ++ if (locked) ++ release_sock(sk); + return rc; + } + +diff --git a/sound/soc/codecs/sgtl5000.c b/sound/soc/codecs/sgtl5000.c +index 0fcbe90..12528e9 100644 +--- a/sound/soc/codecs/sgtl5000.c ++++ b/sound/soc/codecs/sgtl5000.c +@@ -1369,8 +1369,7 @@ static int sgtl5000_probe(struct snd_soc_codec *codec) + + /* enable small pop, introduce 400ms delay in turning off */ + snd_soc_update_bits(codec, SGTL5000_CHIP_REF_CTRL, +- SGTL5000_SMALL_POP, +- SGTL5000_SMALL_POP); ++ SGTL5000_SMALL_POP, 1); + + /* disable short cut detector */ + snd_soc_write(codec, SGTL5000_CHIP_SHORT_CTRL, 0); +diff --git a/sound/soc/codecs/sgtl5000.h b/sound/soc/codecs/sgtl5000.h +index 2f8c889..bd7a344 100644 +--- a/sound/soc/codecs/sgtl5000.h ++++ b/sound/soc/codecs/sgtl5000.h +@@ -275,7 +275,7 @@ + #define SGTL5000_BIAS_CTRL_MASK 0x000e + #define SGTL5000_BIAS_CTRL_SHIFT 1 + #define SGTL5000_BIAS_CTRL_WIDTH 3 +-#define SGTL5000_SMALL_POP 0x0001 ++#define SGTL5000_SMALL_POP 0 + + /* + * SGTL5000_CHIP_MIC_CTRL +diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c +index 53c03af..0502e3f 100644 +--- a/sound/soc/codecs/wm_adsp.c ++++ b/sound/soc/codecs/wm_adsp.c +@@ -1341,6 +1341,7 @@ static int wm_adsp_load_coeff(struct wm_adsp *dsp) + file, blocks, pos - firmware->size); + + out_fw: ++ regmap_async_complete(regmap); + release_firmware(firmware); + wm_adsp_buf_free(&buf_list); + out: +diff --git a/sound/soc/sh/fsi.c b/sound/soc/sh/fsi.c +index 1967f44..9d0c59c 100644 +--- a/sound/soc/sh/fsi.c ++++ b/sound/soc/sh/fsi.c +@@ -1785,8 +1785,7 @@ static const struct snd_soc_dai_ops fsi_dai_ops = { + static struct snd_pcm_hardware fsi_pcm_hardware = { + .info = SNDRV_PCM_INFO_INTERLEAVED | + SNDRV_PCM_INFO_MMAP | +- SNDRV_PCM_INFO_MMAP_VALID | +- SNDRV_PCM_INFO_PAUSE, ++ SNDRV_PCM_INFO_MMAP_VALID, + .buffer_bytes_max = 64 * 1024, + .period_bytes_min = 32, + .period_bytes_max = 8192, +diff --git a/sound/soc/sh/rcar/core.c b/sound/soc/sh/rcar/core.c +index 743de5e..37fcd93 100644 +--- a/sound/soc/sh/rcar/core.c ++++ b/sound/soc/sh/rcar/core.c +@@ -626,8 +626,7 @@ static void rsnd_dai_remove(struct platform_device *pdev, + static struct snd_pcm_hardware rsnd_pcm_hardware = { + .info = SNDRV_PCM_INFO_INTERLEAVED | + SNDRV_PCM_INFO_MMAP | +- SNDRV_PCM_INFO_MMAP_VALID | +- SNDRV_PCM_INFO_PAUSE, ++ SNDRV_PCM_INFO_MMAP_VALID, + .buffer_bytes_max = 64 * 1024, + .period_bytes_min = 32, + .period_bytes_max = 8192, +diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c +index 02733de..e28704e 100644 +--- a/sound/soc/soc-pcm.c ++++ b/sound/soc/soc-pcm.c +@@ -1258,13 +1258,36 @@ static void dpcm_set_fe_runtime(struct snd_pcm_substream *substream) + dpcm_init_runtime_hw(runtime, &cpu_dai_drv->capture); + } + ++static int dpcm_fe_dai_do_trigger(struct snd_pcm_substream *substream, int cmd); ++ ++/* Set FE's runtime_update state; the state is protected via PCM stream lock ++ * for avoiding the race with trigger callback. ++ * If the state is unset and a trigger is pending while the previous operation, ++ * process the pending trigger action here. ++ */ ++static void dpcm_set_fe_update_state(struct snd_soc_pcm_runtime *fe, ++ int stream, enum snd_soc_dpcm_update state) ++{ ++ struct snd_pcm_substream *substream = ++ snd_soc_dpcm_get_substream(fe, stream); ++ ++ snd_pcm_stream_lock_irq(substream); ++ if (state == SND_SOC_DPCM_UPDATE_NO && fe->dpcm[stream].trigger_pending) { ++ dpcm_fe_dai_do_trigger(substream, ++ fe->dpcm[stream].trigger_pending - 1); ++ fe->dpcm[stream].trigger_pending = 0; ++ } ++ fe->dpcm[stream].runtime_update = state; ++ snd_pcm_stream_unlock_irq(substream); ++} ++ + static int dpcm_fe_dai_startup(struct snd_pcm_substream *fe_substream) + { + struct snd_soc_pcm_runtime *fe = fe_substream->private_data; + struct snd_pcm_runtime *runtime = fe_substream->runtime; + int stream = fe_substream->stream, ret = 0; + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE); + + ret = dpcm_be_dai_startup(fe, fe_substream->stream); + if (ret < 0) { +@@ -1286,13 +1309,13 @@ static int dpcm_fe_dai_startup(struct snd_pcm_substream *fe_substream) + dpcm_set_fe_runtime(fe_substream); + snd_pcm_limit_hw_rates(runtime); + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + return 0; + + unwind: + dpcm_be_dai_startup_unwind(fe, fe_substream->stream); + be_err: +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + return ret; + } + +@@ -1339,7 +1362,7 @@ static int dpcm_fe_dai_shutdown(struct snd_pcm_substream *substream) + struct snd_soc_pcm_runtime *fe = substream->private_data; + int stream = substream->stream; + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE); + + /* shutdown the BEs */ + dpcm_be_dai_shutdown(fe, substream->stream); +@@ -1353,7 +1376,7 @@ static int dpcm_fe_dai_shutdown(struct snd_pcm_substream *substream) + dpcm_dapm_stream_event(fe, stream, SND_SOC_DAPM_STREAM_STOP); + + fe->dpcm[stream].state = SND_SOC_DPCM_STATE_CLOSE; +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + return 0; + } + +@@ -1401,7 +1424,7 @@ static int dpcm_fe_dai_hw_free(struct snd_pcm_substream *substream) + int err, stream = substream->stream; + + mutex_lock_nested(&fe->card->mutex, SND_SOC_CARD_CLASS_RUNTIME); +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE); + + dev_dbg(fe->dev, "ASoC: hw_free FE %s\n", fe->dai_link->name); + +@@ -1416,7 +1439,7 @@ static int dpcm_fe_dai_hw_free(struct snd_pcm_substream *substream) + err = dpcm_be_dai_hw_free(fe, stream); + + fe->dpcm[stream].state = SND_SOC_DPCM_STATE_HW_FREE; +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + + mutex_unlock(&fe->card->mutex); + return 0; +@@ -1509,7 +1532,7 @@ static int dpcm_fe_dai_hw_params(struct snd_pcm_substream *substream, + int ret, stream = substream->stream; + + mutex_lock_nested(&fe->card->mutex, SND_SOC_CARD_CLASS_RUNTIME); +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE); + + memcpy(&fe->dpcm[substream->stream].hw_params, params, + sizeof(struct snd_pcm_hw_params)); +@@ -1532,7 +1555,7 @@ static int dpcm_fe_dai_hw_params(struct snd_pcm_substream *substream, + fe->dpcm[stream].state = SND_SOC_DPCM_STATE_HW_PARAMS; + + out: +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + mutex_unlock(&fe->card->mutex); + return ret; + } +@@ -1646,7 +1669,7 @@ int dpcm_be_dai_trigger(struct snd_soc_pcm_runtime *fe, int stream, + } + EXPORT_SYMBOL_GPL(dpcm_be_dai_trigger); + +-static int dpcm_fe_dai_trigger(struct snd_pcm_substream *substream, int cmd) ++static int dpcm_fe_dai_do_trigger(struct snd_pcm_substream *substream, int cmd) + { + struct snd_soc_pcm_runtime *fe = substream->private_data; + int stream = substream->stream, ret; +@@ -1720,6 +1743,23 @@ out: + return ret; + } + ++static int dpcm_fe_dai_trigger(struct snd_pcm_substream *substream, int cmd) ++{ ++ struct snd_soc_pcm_runtime *fe = substream->private_data; ++ int stream = substream->stream; ++ ++ /* if FE's runtime_update is already set, we're in race; ++ * process this trigger later at exit ++ */ ++ if (fe->dpcm[stream].runtime_update != SND_SOC_DPCM_UPDATE_NO) { ++ fe->dpcm[stream].trigger_pending = cmd + 1; ++ return 0; /* delayed, assuming it's successful */ ++ } ++ ++ /* we're alone, let's trigger */ ++ return dpcm_fe_dai_do_trigger(substream, cmd); ++} ++ + int dpcm_be_dai_prepare(struct snd_soc_pcm_runtime *fe, int stream) + { + struct snd_soc_dpcm *dpcm; +@@ -1763,7 +1803,7 @@ static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream) + + dev_dbg(fe->dev, "ASoC: prepare FE %s\n", fe->dai_link->name); + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_FE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_FE); + + /* there is no point preparing this FE if there are no BEs */ + if (list_empty(&fe->dpcm[stream].be_clients)) { +@@ -1790,7 +1830,7 @@ static int dpcm_fe_dai_prepare(struct snd_pcm_substream *substream) + fe->dpcm[stream].state = SND_SOC_DPCM_STATE_PREPARE; + + out: +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + mutex_unlock(&fe->card->mutex); + + return ret; +@@ -1937,11 +1977,11 @@ static int dpcm_run_new_update(struct snd_soc_pcm_runtime *fe, int stream) + { + int ret; + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_BE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_BE); + ret = dpcm_run_update_startup(fe, stream); + if (ret < 0) + dev_err(fe->dev, "ASoC: failed to startup some BEs\n"); +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + + return ret; + } +@@ -1950,11 +1990,11 @@ static int dpcm_run_old_update(struct snd_soc_pcm_runtime *fe, int stream) + { + int ret; + +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_BE; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_BE); + ret = dpcm_run_update_shutdown(fe, stream); + if (ret < 0) + dev_err(fe->dev, "ASoC: failed to shutdown some BEs\n"); +- fe->dpcm[stream].runtime_update = SND_SOC_DPCM_UPDATE_NO; ++ dpcm_set_fe_update_state(fe, stream, SND_SOC_DPCM_UPDATE_NO); + + return ret; + } +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c +index c64a3d9..827d404 100644 +--- a/sound/usb/quirks.c ++++ b/sound/usb/quirks.c +@@ -1142,6 +1142,20 @@ void snd_usb_ctl_msg_quirk(struct usb_device *dev, unsigned int pipe, + if ((le16_to_cpu(dev->descriptor.idVendor) == 0x23ba) && + (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) + mdelay(20); ++ ++ /* Marantz/Denon devices with USB DAC functionality need a delay ++ * after each class compliant request ++ */ ++ if ((le16_to_cpu(dev->descriptor.idVendor) == 0x154e) && ++ (requesttype & USB_TYPE_MASK) == USB_TYPE_CLASS) { ++ ++ switch (le16_to_cpu(dev->descriptor.idProduct)) { ++ case 0x3005: /* Marantz HD-DAC1 */ ++ case 0x3006: /* Marantz SA-14S1 */ ++ mdelay(20); ++ break; ++ } ++ } + } + + /* diff --git a/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch b/3.14.26/4420_grsecurity-3.0-3.14.26-201412071005.patch index 31289a1..0803058 100644 --- a/3.14.25/4420_grsecurity-3.0-3.14.25-201411260106.patch +++ b/3.14.26/4420_grsecurity-3.0-3.14.26-201412071005.patch @@ -292,7 +292,7 @@ index 7116fda..2f71588 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index eb96e40..b2742ca 100644 +index 63a5ee8..d99d2d9 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2151,10 +2151,10 @@ index 22a3b9b..7f214ee 100644 /* * set platform specific SMP operations diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index 71a06b2..8bb9ae1 100644 +index 3e635ee..c39f5b4 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -88,9 +88,9 @@ struct thread_info { +@@ -77,9 +77,9 @@ struct thread_info { .flags = 0, \ .preempt_count = INIT_PREEMPT_COUNT, \ .addr_limit = KERNEL_DS, \ @@ -2167,7 +2167,7 @@ index 71a06b2..8bb9ae1 100644 .restart_block = { \ .fn = do_no_restart_syscall, \ }, \ -@@ -157,7 +157,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -146,7 +146,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ @@ -2180,7 +2180,7 @@ index 71a06b2..8bb9ae1 100644 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -170,10 +174,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -159,10 +163,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) @@ -3189,7 +3189,7 @@ index 7a3be1d..b00c7de 100644 start, end); itcm_present = true; diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 9265b8b..381ce44 100644 +index 3f31443..ae30fc0 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -62,7 +62,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -3220,7 +3220,7 @@ index 9265b8b..381ce44 100644 if (signr) do_exit(signr); } -@@ -884,7 +889,11 @@ void __init early_trap_init(void *vectors_base) +@@ -857,7 +862,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -14988,7 +14988,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index b17f4f4..9620151 100644 +index b17f4f4..7a16182 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -23,7 +23,18 @@ @@ -15199,10 +15199,13 @@ index b17f4f4..9620151 100644 } /** -@@ -153,6 +273,18 @@ static inline int atomic_add_negative(int i, atomic_t *v) +@@ -151,7 +271,19 @@ static inline int atomic_add_negative(int i, atomic_t *v) + * + * Atomically adds @i to @v and returns @i + @v */ - static inline int atomic_add_return(int i, atomic_t *v) - { +-static inline int atomic_add_return(int i, atomic_t *v) ++static inline int __intentional_overflow(-1) atomic_add_return(int i, atomic_t *v) ++{ + return i + xadd_check_overflow(&v->counter, i); +} + @@ -15214,11 +15217,17 @@ index b17f4f4..9620151 100644 + * Atomically adds @i to @v and returns @i + @v + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) -+{ + { return i + xadd(&v->counter, i); } - -@@ -169,9 +301,18 @@ static inline int atomic_sub_return(int i, atomic_t *v) +@@ -163,15 +295,24 @@ static inline int atomic_add_return(int i, atomic_t *v) + * + * Atomically subtracts @i from @v and returns @v - @i + */ +-static inline int atomic_sub_return(int i, atomic_t *v) ++static inline int __intentional_overflow(-1) atomic_sub_return(int i, atomic_t *v) + { + return atomic_add_return(-i, v); } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -16286,19 +16295,19 @@ index 59c6c40..5e0b22c 100644 struct compat_timespec { compat_time_t tv_sec; diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 5f12968..a383517 100644 +index 1717156..14e260a 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -203,7 +203,7 @@ - #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ +@@ -204,7 +204,7 @@ #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ + #define X86_FEATURE_VMMCALL (8*32+15) /* Prefer vmmcall to vmcall */ - +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */ /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ #define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ -@@ -211,7 +211,7 @@ +@@ -212,7 +212,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -16307,7 +16316,7 @@ index 5f12968..a383517 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -358,6 +358,7 @@ extern const char * const x86_power_flags[32]; +@@ -359,6 +359,7 @@ extern const char * const x86_power_flags[32]; #undef cpu_has_centaur_mcr #define cpu_has_centaur_mcr 0 @@ -16315,7 +16324,7 @@ index 5f12968..a383517 100644 #endif /* CONFIG_X86_64 */ #if __GNUC__ >= 4 -@@ -410,7 +411,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -411,7 +412,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) #ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS t_warn: @@ -16325,7 +16334,7 @@ index 5f12968..a383517 100644 return false; #endif -@@ -430,7 +432,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -431,7 +433,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -16334,7 +16343,7 @@ index 5f12968..a383517 100644 "3: movb $1,%0\n" "4:\n" ".previous\n" -@@ -467,7 +469,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -468,7 +470,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) " .byte 2b - 1b\n" /* src len */ " .byte 4f - 3f\n" /* repl len */ ".previous\n" @@ -16343,7 +16352,7 @@ index 5f12968..a383517 100644 "3: .byte 0xe9\n .long %l[t_no] - 2b\n" "4:\n" ".previous\n" -@@ -500,7 +502,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -501,7 +503,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -16352,7 +16361,7 @@ index 5f12968..a383517 100644 "3: movb $0,%0\n" "4:\n" ".previous\n" -@@ -514,7 +516,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -515,7 +517,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */ ".previous\n" @@ -17477,7 +17486,7 @@ index 0f1ddee..e2fc3d1 100644 unsigned long y = x - __START_KERNEL_map; diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h -index 8de6d9c..6782051 100644 +index d54d1ee..75450b2 100644 --- a/arch/x86/include/asm/page_64_types.h +++ b/arch/x86/include/asm/page_64_types.h @@ -1,7 +1,7 @@ @@ -19208,7 +19217,7 @@ index d7f3b3b..3cc39f1 100644 __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index e1940c0..ac50dd8 100644 +index e870ea9..0f4c275 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -21088,10 +21097,10 @@ index 7fd54f0..0691410 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += rdrand.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index c67ffa6..f41fbbf 100644 +index c005fdd..e33da29 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -752,7 +752,7 @@ static void init_amd(struct cpuinfo_x86 *c) +@@ -759,7 +759,7 @@ static void init_amd(struct cpuinfo_x86 *c) static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -21101,7 +21110,7 @@ index c67ffa6..f41fbbf 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 3f27f5f..6c575e3 100644 +index e6bddd5..517213d 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -88,60 +88,6 @@ static const struct cpu_dev default_cpu = { @@ -21164,8 +21173,8 @@ index 3f27f5f..6c575e3 100644 - static int __init x86_xsave_setup(char *s) { - setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -293,6 +239,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) + if (strlen(s)) +@@ -295,6 +241,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) } } @@ -21225,7 +21234,7 @@ index 3f27f5f..6c575e3 100644 /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization -@@ -393,7 +392,7 @@ void switch_to_new_gdt(int cpu) +@@ -395,7 +394,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -21234,7 +21243,7 @@ index 3f27f5f..6c575e3 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -883,6 +882,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -885,6 +884,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); @@ -21245,7 +21254,7 @@ index 3f27f5f..6c575e3 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -891,6 +894,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -893,6 +896,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -21256,7 +21265,7 @@ index 3f27f5f..6c575e3 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1078,10 +1085,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1080,10 +1087,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -21272,7 +21281,7 @@ index 3f27f5f..6c575e3 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1095,7 +1104,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1097,7 +1106,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -21281,7 +21290,7 @@ index 3f27f5f..6c575e3 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1245,7 +1254,7 @@ void cpu_init(void) +@@ -1247,7 +1256,7 @@ void cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -21290,7 +21299,7 @@ index 3f27f5f..6c575e3 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1280,7 +1289,6 @@ void cpu_init(void) +@@ -1282,7 +1291,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -21298,7 +21307,7 @@ index 3f27f5f..6c575e3 100644 enable_x2apic(); /* -@@ -1332,7 +1340,7 @@ void cpu_init(void) +@@ -1334,7 +1342,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -22084,10 +22093,10 @@ index f2a1770..10fa52d 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index addb207..921706b 100644 +index 66e274a..99080e6 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c -@@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -118,9 +118,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, unsigned long *irq_stack_end = (unsigned long *)per_cpu(irq_stack_ptr, cpu); unsigned used = 0; @@ -22098,7 +22107,7 @@ index addb207..921706b 100644 if (!task) task = current; -@@ -142,10 +142,10 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -141,10 +141,10 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, * current stack address. If the stacks consist of nested * exceptions */ @@ -22110,7 +22119,7 @@ index addb207..921706b 100644 estack_end = in_exception_stack(cpu, (unsigned long)stack, &used, &id); -@@ -153,7 +153,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -152,7 +152,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, if (ops->stack(data, id) < 0) break; @@ -22119,7 +22128,7 @@ index addb207..921706b 100644 data, estack_end, &graph); ops->stack(data, "<EOE>"); /* -@@ -161,6 +161,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -160,6 +160,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, * second-to-last pointer (index -2 to end) in the * exception stack: */ @@ -22128,7 +22137,7 @@ index addb207..921706b 100644 stack = (unsigned long *) estack_end[-2]; continue; } -@@ -172,7 +174,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -171,7 +173,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, if (in_irq_stack(stack, irq_stack, irq_stack_end)) { if (ops->stack(data, "IRQ") < 0) break; @@ -22137,7 +22146,7 @@ index addb207..921706b 100644 ops, data, irq_stack_end, &graph); /* * We link to the next stack (which would be -@@ -191,7 +193,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -190,7 +192,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, /* * This handles the process stack: */ @@ -22148,7 +22157,7 @@ index addb207..921706b 100644 put_cpu(); } EXPORT_SYMBOL(dump_trace); -@@ -300,3 +304,50 @@ int is_valid_bugaddr(unsigned long ip) +@@ -299,3 +303,50 @@ int is_valid_bugaddr(unsigned long ip) return ud2 == 0x0b0f; } @@ -23003,7 +23012,7 @@ index c5a9cb9..228d280 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 03cd2a8..d236ccb 100644 +index 02553d6..54e9bd5 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -60,6 +60,8 @@ @@ -23960,32 +23969,16 @@ index 03cd2a8..d236ccb 100644 /* * The iretq could re-enable interrupts: */ -@@ -1145,7 +1641,7 @@ ENTRY(retint_kernel) +@@ -1132,7 +1628,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * If IRET takes a fault on the espfix stack, then we -@@ -1167,13 +1663,13 @@ __do_double_fault: - cmpq $native_irq_return_iret,%rax - jne do_double_fault /* This shouldn't happen... */ - movq PER_CPU_VAR(kernel_stack),%rax -- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ -+ subq $(6*8),%rax /* Reset to original stack */ - movq %rax,RSP(%rdi) - movq $0,(%rax) /* Missing (lost) #GP error code */ - movq $general_protection,RIP(%rdi) - retq - CFI_ENDPROC --END(__do_double_fault) -+ENDPROC(__do_double_fault) - #else - # define __do_double_fault do_double_fault - #endif -@@ -1195,7 +1691,7 @@ ENTRY(\sym) + /* + * End of kprobes section +@@ -1151,7 +1647,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -23994,7 +23987,7 @@ index 03cd2a8..d236ccb 100644 .endm #ifdef CONFIG_TRACING -@@ -1283,7 +1779,7 @@ ENTRY(\sym) +@@ -1239,7 +1735,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24003,7 +23996,7 @@ index 03cd2a8..d236ccb 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1301,10 +1797,10 @@ ENTRY(\sym) +@@ -1257,10 +1753,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24016,7 +24009,7 @@ index 03cd2a8..d236ccb 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1317,12 +1813,18 @@ ENTRY(\sym) +@@ -1273,12 +1769,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24036,7 +24029,7 @@ index 03cd2a8..d236ccb 100644 .endm .macro errorentry sym do_sym -@@ -1340,7 +1842,7 @@ ENTRY(\sym) +@@ -1296,7 +1798,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24045,7 +24038,7 @@ index 03cd2a8..d236ccb 100644 .endm #ifdef CONFIG_TRACING -@@ -1371,7 +1873,7 @@ ENTRY(\sym) +@@ -1327,7 +1829,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24054,7 +24047,7 @@ index 03cd2a8..d236ccb 100644 .endm zeroentry divide_error do_divide_error -@@ -1401,9 +1903,10 @@ gs_change: +@@ -1357,9 +1859,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24066,7 +24059,7 @@ index 03cd2a8..d236ccb 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1431,9 +1934,10 @@ ENTRY(do_softirq_own_stack) +@@ -1387,9 +1890,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24078,7 +24071,7 @@ index 03cd2a8..d236ccb 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1471,7 +1975,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1427,7 +1931,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24087,7 +24080,7 @@ index 03cd2a8..d236ccb 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1530,7 +2034,7 @@ ENTRY(xen_failsafe_callback) +@@ -1486,7 +1990,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24096,7 +24089,7 @@ index 03cd2a8..d236ccb 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1582,18 +2086,33 @@ ENTRY(paranoid_exit) +@@ -1538,18 +2042,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24132,7 +24125,7 @@ index 03cd2a8..d236ccb 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1622,7 +2141,7 @@ paranoid_schedule: +@@ -1578,7 +2097,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24141,7 +24134,7 @@ index 03cd2a8..d236ccb 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1649,12 +2168,23 @@ ENTRY(error_entry) +@@ -1605,12 +2124,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24166,16 +24159,16 @@ index 03cd2a8..d236ccb 100644 ret /* -@@ -1681,7 +2211,7 @@ bstep_iret: - movq %rcx,RIP+8(%rsp) - jmp error_swapgs +@@ -1644,7 +2174,7 @@ error_bad_iret: + decl %ebx /* Return to usergs */ + jmp error_sti CFI_ENDPROC -END(error_entry) +ENDPROC(error_entry) /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1692,7 +2222,7 @@ ENTRY(error_exit) +@@ -1655,7 +2185,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24184,7 +24177,7 @@ index 03cd2a8..d236ccb 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1701,7 +2231,7 @@ ENTRY(error_exit) +@@ -1664,7 +2194,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24193,7 +24186,7 @@ index 03cd2a8..d236ccb 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1759,9 +2289,11 @@ ENTRY(nmi) +@@ -1722,9 +2252,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24206,7 +24199,7 @@ index 03cd2a8..d236ccb 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1795,8 +2327,7 @@ nested_nmi: +@@ -1758,8 +2290,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24216,7 +24209,7 @@ index 03cd2a8..d236ccb 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1814,6 +2345,7 @@ nested_nmi_out: +@@ -1777,6 +2308,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24224,7 +24217,7 @@ index 03cd2a8..d236ccb 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1910,13 +2442,13 @@ end_repeat_nmi: +@@ -1873,13 +2405,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24240,7 +24233,7 @@ index 03cd2a8..d236ccb 100644 DEFAULT_FRAME 0 /* -@@ -1926,9 +2458,9 @@ end_repeat_nmi: +@@ -1889,9 +2421,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24252,7 +24245,7 @@ index 03cd2a8..d236ccb 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1937,31 +2469,36 @@ end_repeat_nmi: +@@ -1900,31 +2432,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -27775,7 +27768,7 @@ index 1c113db..287b42e 100644 static int trace_irq_vector_refcount; static DEFINE_MUTEX(irq_vector_mutex); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 57409f6..b505597 100644 +index f9d976e..3b48355 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -66,7 +66,7 @@ @@ -27854,7 +27847,7 @@ index 57409f6..b505597 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -251,6 +263,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) +@@ -259,6 +271,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_DF; @@ -27866,7 +27859,7 @@ index 57409f6..b505597 100644 #ifdef CONFIG_DOUBLEFAULT df_debug(regs, error_code); #endif -@@ -273,7 +290,7 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -281,7 +298,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -27875,7 +27868,7 @@ index 57409f6..b505597 100644 local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); goto exit; -@@ -281,18 +298,42 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -289,18 +306,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; @@ -27920,7 +27913,16 @@ index 57409f6..b505597 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -453,7 +494,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -410,7 +451,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) + /* Copy the remainder of the stack from the current stack. */ + memmove(new_stack, s, offsetof(struct bad_iret_stack, regs.ip)); + +- BUG_ON(!user_mode_vm(&new_stack->regs)); ++ BUG_ON(!user_mode(&new_stack->regs)); + return new_stack; + } + #endif +@@ -490,7 +531,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -27929,7 +27931,7 @@ index 57409f6..b505597 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -468,7 +509,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -505,7 +546,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -27938,7 +27940,7 @@ index 57409f6..b505597 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -500,7 +541,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -537,7 +578,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -33020,7 +33022,7 @@ index e395048..cd38278 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index f35c66c..84b95ef 100644 +index 2308a40..b17a80d 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -33144,7 +33146,7 @@ index f35c66c..84b95ef 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -1188,8 +1209,8 @@ int kern_addr_valid(unsigned long addr) +@@ -1197,8 +1218,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -33155,7 +33157,7 @@ index f35c66c..84b95ef 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -1223,7 +1244,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -1232,7 +1253,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -43627,6 +43629,19 @@ index 1946101..09766d2 100644 #include "qib_common.h" #include "qib_verbs.h" +diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c +index ce953d8..da10215 100644 +--- a/drivers/input/evdev.c ++++ b/drivers/input/evdev.c +@@ -422,7 +422,7 @@ static int evdev_open(struct inode *inode, struct file *file) + + err_free_client: + evdev_detach_client(evdev, client); +- kfree(client); ++ kvfree(client); + return error; + } + diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index 24c41ba..102d71f 100644 --- a/drivers/input/gameport/gameport.c @@ -43683,7 +43698,7 @@ index 4a95b22..874c182 100644 #include <linux/gameport.h> #include <linux/jiffies.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 603fe0d..f63decc 100644 +index 517829f..5e075c3 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -737,7 +737,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, @@ -47418,7 +47433,7 @@ index c05b66d..ed69872 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 80bfa03..45114e6 100644 +index 80bfa03..1114364 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -534,7 +534,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -47430,6 +47445,16 @@ index 80bfa03..45114e6 100644 } static void populate_erx_stats(struct be_adapter *adapter, +@@ -4002,6 +4002,9 @@ static int be_ndo_bridge_setlink(struct net_device *dev, + if (nla_type(attr) != IFLA_BRIDGE_MODE) + continue; + ++ if (nla_len(attr) < sizeof(mode)) ++ return -EINVAL; ++ + mode = nla_get_u16(attr); + if (mode != BRIDGE_MODE_VEPA && mode != BRIDGE_MODE_VEB) + return -EINVAL; diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c index c11ecbc..13bb299 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c @@ -47469,6 +47494,20 @@ index e33ec6c..f54cfe7 100644 smp_mb(); /* Force the above update. */ } +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index 18076c4..c2cb27f 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -7571,6 +7571,9 @@ static int ixgbe_ndo_bridge_setlink(struct net_device *dev, + if (nla_type(attr) != IFLA_BRIDGE_MODE) + continue; + ++ if (nla_len(attr) < sizeof(mode)) ++ return -EINVAL; ++ + mode = nla_get_u16(attr); + if (mode == BRIDGE_MODE_VEPA) { + reg = 0; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c index 5184e2a..acb28c3 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c @@ -47675,7 +47714,7 @@ index b54fd25..9bd2bae 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index bf0d55e..82bcfbd1 100644 +index 6adbef8..cd6a5f1 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c @@ -364,7 +364,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) @@ -47776,21 +47815,6 @@ index 5a1897d..e860630 100644 break; err = 0; break; -diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c -index 1aff970..cc2ee29 100644 ---- a/drivers/net/ppp/pptp.c -+++ b/drivers/net/ppp/pptp.c -@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr, - int len = sizeof(struct sockaddr_pppox); - struct sockaddr_pppox sp; - -- sp.sa_family = AF_PPPOX; -+ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr)); -+ -+ sp.sa_family = AF_PPPOX; - sp.sa_protocol = PX_PROTO_PPTP; - sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr; - diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c index 1252d9c..80e660b 100644 --- a/drivers/net/slip/slhc.c @@ -48771,10 +48795,10 @@ index 5d45a1a..6f5f041 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 5642ccc..01f03eb 100644 +index 22d49d5..dd5e4d7 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -250,9 +250,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, +@@ -224,9 +224,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) @@ -48868,6 +48892,29 @@ index a912dc0..a8225ba 100644 u16 int_num; ZD_ASSERT(in_interrupt()); +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index e30d800..19db057 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -469,9 +469,6 @@ static void xennet_make_frags(struct sk_buff *skb, struct net_device *dev, + len = skb_frag_size(frag); + offset = frag->page_offset; + +- /* Data must not cross a page boundary. */ +- BUG_ON(len + offset > PAGE_SIZE<<compound_order(page)); +- + /* Skip unused frames from start of page */ + page += offset >> PAGE_SHIFT; + offset &= ~PAGE_MASK; +@@ -479,8 +476,6 @@ static void xennet_make_frags(struct sk_buff *skb, struct net_device *dev, + while (len > 0) { + unsigned long bytes; + +- BUG_ON(offset >= PAGE_SIZE); +- + bytes = PAGE_SIZE - offset; + if (bytes > len) + bytes = len; diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c index 683671a..4519fc2 100644 --- a/drivers/nfc/nfcwilink.c @@ -49200,7 +49247,7 @@ index 53b58de..4479896 100644 int retval = -ENOMEM; diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c -index fb02fc2..83dc2c3 100644 +index ced17f2..185c792 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c @@ -524,8 +524,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) @@ -49285,7 +49332,7 @@ index e1e7026..d28dd33 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 6e34498..9911975 100644 +index 34dff3a..70a5646 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -175,7 +175,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -51895,7 +51942,7 @@ index 38b4be2..c68af1c 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 9232c773..e42a77a 100644 +index e6463ef..357ef0a 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1154,7 +1154,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -57561,10 +57608,10 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index f45ddaa..0160abc 100644 +index 2f7e8c2..6c0f6ec 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -381,7 +381,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -389,7 +389,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -61264,6 +61311,72 @@ index 8825154..af51586 100644 } static int +diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c +index 6df8d3d..b8b92c2 100644 +--- a/fs/fat/namei_vfat.c ++++ b/fs/fat/namei_vfat.c +@@ -736,7 +736,12 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry, + } + + alias = d_find_alias(inode); +- if (alias && !vfat_d_anon_disconn(alias)) { ++ /* ++ * Checking "alias->d_parent == dentry->d_parent" to make sure ++ * FS is not corrupted (especially double linked dir). ++ */ ++ if (alias && alias->d_parent == dentry->d_parent && ++ !vfat_d_anon_disconn(alias)) { + /* + * This inode has non anonymous-DCACHE_DISCONNECTED + * dentry. This means, the user did ->lookup() by an +@@ -755,12 +760,9 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry, + + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); +- dentry->d_time = dentry->d_parent->d_inode->i_version; +- dentry = d_splice_alias(inode, dentry); +- if (dentry) +- dentry->d_time = dentry->d_parent->d_inode->i_version; +- return dentry; +- ++ if (!inode) ++ dentry->d_time = dir->i_version; ++ return d_splice_alias(inode, dentry); + error: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + return ERR_PTR(err); +@@ -793,7 +795,6 @@ static int vfat_create(struct inode *dir, struct dentry *dentry, umode_t mode, + inode->i_mtime = inode->i_atime = inode->i_ctime = ts; + /* timestamp is already written, so mark_inode_dirty() is unneeded. */ + +- dentry->d_time = dentry->d_parent->d_inode->i_version; + d_instantiate(dentry, inode); + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); +@@ -824,6 +825,7 @@ static int vfat_rmdir(struct inode *dir, struct dentry *dentry) + clear_nlink(inode); + inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; + fat_detach(inode); ++ dentry->d_time = dir->i_version; + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + +@@ -849,6 +851,7 @@ static int vfat_unlink(struct inode *dir, struct dentry *dentry) + clear_nlink(inode); + inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; + fat_detach(inode); ++ dentry->d_time = dir->i_version; + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + +@@ -889,7 +892,6 @@ static int vfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) + inode->i_mtime = inode->i_atime = inode->i_ctime = ts; + /* timestamp is already written, so mark_inode_dirty() is unneeded. */ + +- dentry->d_time = dentry->d_parent->d_inode->i_version; + d_instantiate(dentry, inode); + + mutex_unlock(&MSDOS_SB(sb)->s_lock); diff --git a/fs/fcntl.c b/fs/fcntl.c index ef68665..5deacdc 100644 --- a/fs/fcntl.c @@ -63190,7 +63303,7 @@ index acd3947..1f896e2 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 4dd39b9..12d6aaf 100644 +index 2c61c4e..ee5c867 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2218,16 +2218,16 @@ void locks_remove_flock(struct file *filp) @@ -64044,10 +64157,10 @@ index 8657335..cd3e37f 100644 [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index f8f060f..d9a7258 100644 +index 6040da8..e8607ce 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -519,14 +519,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -518,14 +518,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) { struct svc_cacherep *rp = rqstp->rq_cacherep; struct kvec *resv = &rqstp->rq_res.head[0], *cachv; @@ -64068,7 +64181,7 @@ index f8f060f..d9a7258 100644 /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { -@@ -537,7 +540,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -536,7 +539,7 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) switch (cachetype) { case RC_REPLSTAT: if (len != 1) @@ -78573,7 +78686,7 @@ index 77ff547..181834f 100644 #define pud_none(pud) 0 #define pud_bad(pud) 0 diff --git a/include/asm-generic/atomic-long.h b/include/asm-generic/atomic-long.h -index b7babf0..97f4c4f 100644 +index b7babf0..1e4b4f1 100644 --- a/include/asm-generic/atomic-long.h +++ b/include/asm-generic/atomic-long.h @@ -22,6 +22,12 @@ @@ -78834,7 +78947,15 @@ index b7babf0..97f4c4f 100644 static inline int atomic_long_sub_and_test(long i, atomic_long_t *l) { atomic_t *v = (atomic_t *)l; -@@ -218,6 +356,16 @@ static inline long atomic_long_add_return(long i, atomic_long_t *l) +@@ -211,13 +349,23 @@ static inline int atomic_long_add_negative(long i, atomic_long_t *l) + return atomic_add_negative(i, v); + } + +-static inline long atomic_long_add_return(long i, atomic_long_t *l) ++static inline long __intentional_overflow(-1) atomic_long_add_return(long i, atomic_long_t *l) + { + atomic_t *v = (atomic_t *)l; + return (long)atomic_add_return(i, v); } @@ -79478,10 +79599,10 @@ index b4a745d..e3c0942 100644 extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/bitops.h b/include/linux/bitops.h -index be5fd38..d71192a 100644 +index 5d858e0..336c1d9 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h -@@ -102,7 +102,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) +@@ -105,7 +105,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) * @word: value to rotate * @shift: bits to roll */ @@ -79490,7 +79611,7 @@ index be5fd38..d71192a 100644 { return (word << shift) | (word >> (32 - shift)); } -@@ -112,7 +112,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift) +@@ -115,7 +115,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift) * @word: value to rotate * @shift: bits to roll */ @@ -79499,7 +79620,7 @@ index be5fd38..d71192a 100644 { return (word >> shift) | (word << (32 - shift)); } -@@ -168,7 +168,7 @@ static inline __s32 sign_extend32(__u32 value, int index) +@@ -171,7 +171,7 @@ static inline __s32 sign_extend32(__u32 value, int index) return (__s32)(value << shift) >> shift; } @@ -82447,7 +82568,7 @@ index 5bba088..7ad4ae7 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index d5039da..71096b6 100644 +index d5039da..152c9ea 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -127,6 +127,11 @@ extern unsigned int kobjsize(const void *objp); @@ -82481,7 +82602,16 @@ index d5039da..71096b6 100644 struct mmu_gather; struct inode; -@@ -1120,8 +1126,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -362,6 +368,8 @@ static inline int is_vmalloc_or_module_addr(const void *x) + } + #endif + ++extern void kvfree(const void *addr); ++ + static inline void compound_lock(struct page *page) + { + #ifdef CONFIG_TRANSPARENT_HUGEPAGE +@@ -1120,8 +1128,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -82492,7 +82622,7 @@ index d5039da..71096b6 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1161,9 +1167,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1161,9 +1169,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif @@ -82505,7 +82635,7 @@ index d5039da..71096b6 100644 long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, unsigned long start, unsigned long nr_pages, -@@ -1195,34 +1201,6 @@ int set_page_dirty(struct page *page); +@@ -1195,34 +1203,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -82540,7 +82670,7 @@ index d5039da..71096b6 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1322,6 +1300,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1322,6 +1302,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -82556,7 +82686,7 @@ index d5039da..71096b6 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1340,8 +1327,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1340,8 +1329,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -82572,7 +82702,7 @@ index d5039da..71096b6 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1350,8 +1344,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1350,8 +1346,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -82588,7 +82718,7 @@ index d5039da..71096b6 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1369,11 +1370,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1369,11 +1372,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -82612,7 +82742,7 @@ index d5039da..71096b6 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTE_PTLOCKS -@@ -1763,7 +1776,7 @@ extern int install_special_mapping(struct mm_struct *mm, +@@ -1763,7 +1778,7 @@ extern int install_special_mapping(struct mm_struct *mm, unsigned long addr, unsigned long len, unsigned long flags, struct page **pages); @@ -82621,7 +82751,7 @@ index d5039da..71096b6 100644 extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff); -@@ -1771,6 +1784,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1771,6 +1786,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -82629,7 +82759,7 @@ index d5039da..71096b6 100644 #ifdef CONFIG_MMU extern int __mm_populate(unsigned long addr, unsigned long len, -@@ -1799,10 +1813,11 @@ struct vm_unmapped_area_info { +@@ -1799,10 +1815,11 @@ struct vm_unmapped_area_info { unsigned long high_limit; unsigned long align_mask; unsigned long align_offset; @@ -82643,7 +82773,7 @@ index d5039da..71096b6 100644 /* * Search for an unmapped address range. -@@ -1814,7 +1829,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); +@@ -1814,7 +1831,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) */ static inline unsigned long @@ -82652,7 +82782,7 @@ index d5039da..71096b6 100644 { if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) return unmapped_area(info); -@@ -1874,6 +1889,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1874,6 +1891,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -82663,7 +82793,7 @@ index d5039da..71096b6 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1902,15 +1921,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1902,15 +1923,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -82679,7 +82809,7 @@ index d5039da..71096b6 100644 #ifdef CONFIG_NUMA_BALANCING unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1962,6 +1972,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1962,6 +1974,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -82691,7 +82821,7 @@ index d5039da..71096b6 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -2043,7 +2058,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -2043,7 +2060,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -82700,7 +82830,7 @@ index d5039da..71096b6 100644 extern int soft_offline_page(struct page *page, int flags); #if defined(CONFIG_TRANSPARENT_HUGEPAGE) || defined(CONFIG_HUGETLBFS) -@@ -2078,5 +2093,11 @@ void __init setup_nr_node_ids(void); +@@ -2078,5 +2095,11 @@ void __init setup_nr_node_ids(void); static inline void setup_nr_node_ids(void) {} #endif @@ -85317,7 +85447,7 @@ index 9a36d92..0aafe2a 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); diff --git a/include/net/af_unix.h b/include/net/af_unix.h -index a175ba4..196eb82 100644 +index a175ba4..196eb8242 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h @@ -36,7 +36,7 @@ struct unix_skb_parms { @@ -88172,10 +88302,10 @@ index 569b2187..19940d9 100644 /* Callchain handling */ extern struct perf_callchain_entry * diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c -index 307d87c..6466cbe 100644 +index 1139b22..5aac2f9 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c -@@ -1666,7 +1666,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) +@@ -1665,7 +1665,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) { struct page *page; uprobe_opcode_t opcode; @@ -94943,7 +95073,7 @@ index a98c7fc..393f8f1 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 492e36f..b153792 100644 +index 492e36f..732f880 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -94993,6 +95123,39 @@ index 492e36f..b153792 100644 vma->vm_file->f_op->mmap); dump_stack(); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); +@@ -808,20 +814,20 @@ copy_one_pte(struct mm_struct *dst_mm, struct mm_struct *src_mm, + if (!pte_file(pte)) { + swp_entry_t entry = pte_to_swp_entry(pte); + +- if (swap_duplicate(entry) < 0) +- return entry.val; ++ if (likely(!non_swap_entry(entry))) { ++ if (swap_duplicate(entry) < 0) ++ return entry.val; + +- /* make sure dst_mm is on swapoff's mmlist. */ +- if (unlikely(list_empty(&dst_mm->mmlist))) { +- spin_lock(&mmlist_lock); +- if (list_empty(&dst_mm->mmlist)) +- list_add(&dst_mm->mmlist, +- &src_mm->mmlist); +- spin_unlock(&mmlist_lock); +- } +- if (likely(!non_swap_entry(entry))) ++ /* make sure dst_mm is on swapoff's mmlist. */ ++ if (unlikely(list_empty(&dst_mm->mmlist))) { ++ spin_lock(&mmlist_lock); ++ if (list_empty(&dst_mm->mmlist)) ++ list_add(&dst_mm->mmlist, ++ &src_mm->mmlist); ++ spin_unlock(&mmlist_lock); ++ } + rss[MM_SWAPENTS]++; +- else if (is_migration_entry(entry)) { ++ } else if (is_migration_entry(entry)) { + page = migration_entry_to_page(entry); + + if (PageAnon(page)) @@ -1137,8 +1143,10 @@ again: if (unlikely(page_mapcount(page) < 0)) print_bad_pte(vma, addr, ptent, page); @@ -95828,7 +95991,7 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index dfe90657..3892436 100644 +index dfe90657..390920e 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -37,6 +37,7 @@ @@ -95914,7 +96077,21 @@ index dfe90657..3892436 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -942,6 +970,12 @@ static int +@@ -745,8 +773,11 @@ again: remove_next = 1 + (end > next->vm_end); + * shrinking vma had, to cover any anon pages imported. + */ + if (exporter && exporter->anon_vma && !importer->anon_vma) { +- if (anon_vma_clone(importer, exporter)) +- return -ENOMEM; ++ int error; ++ ++ error = anon_vma_clone(importer, exporter); ++ if (error) ++ return error; + importer->anon_vma = exporter->anon_vma; + } + } +@@ -942,6 +973,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95927,7 +96104,7 @@ index dfe90657..3892436 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -961,6 +995,12 @@ static int +@@ -961,6 +998,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95940,7 +96117,7 @@ index dfe90657..3892436 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1003,13 +1043,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -1003,13 +1046,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -95962,7 +96139,7 @@ index dfe90657..3892436 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1025,6 +1072,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1025,6 +1075,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -95978,7 +96155,7 @@ index dfe90657..3892436 100644 /* * Can it merge with the predecessor? */ -@@ -1044,9 +1100,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1044,9 +1103,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -96004,7 +96181,7 @@ index dfe90657..3892436 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1060,12 +1131,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1060,12 +1134,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -96034,7 +96211,7 @@ index dfe90657..3892436 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1174,8 +1260,10 @@ none: +@@ -1174,8 +1263,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -96047,7 +96224,7 @@ index dfe90657..3892436 100644 mm->total_vm += pages; -@@ -1183,7 +1271,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1183,7 +1274,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -96056,7 +96233,7 @@ index dfe90657..3892436 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1213,6 +1301,7 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1213,6 +1304,7 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -96064,7 +96241,7 @@ index dfe90657..3892436 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1239,7 +1328,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1239,7 +1331,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -96073,7 +96250,7 @@ index dfe90657..3892436 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1265,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1265,7 +1357,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -96082,7 +96259,7 @@ index dfe90657..3892436 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1276,6 +1365,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1276,6 +1368,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -96126,7 +96303,7 @@ index dfe90657..3892436 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1363,6 +1489,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1363,6 +1492,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -96136,7 +96313,7 @@ index dfe90657..3892436 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1456,7 +1585,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1456,7 +1588,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -96145,7 +96322,7 @@ index dfe90657..3892436 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1502,7 +1631,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1502,7 +1634,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -96168,7 +96345,7 @@ index dfe90657..3892436 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1521,11 +1665,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1521,11 +1668,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, /* Clear old maps */ error = -ENOMEM; @@ -96181,7 +96358,7 @@ index dfe90657..3892436 100644 } /* -@@ -1556,6 +1699,16 @@ munmap_back: +@@ -1556,6 +1702,16 @@ munmap_back: goto unacct_error; } @@ -96198,7 +96375,7 @@ index dfe90657..3892436 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1575,6 +1728,13 @@ munmap_back: +@@ -1575,6 +1731,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -96212,7 +96389,7 @@ index dfe90657..3892436 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1608,6 +1768,12 @@ munmap_back: +@@ -1608,6 +1771,12 @@ munmap_back: } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -96225,7 +96402,7 @@ index dfe90657..3892436 100644 /* Once vma denies write, undo our temporary denial count */ if (vm_flags & VM_DENYWRITE) allow_write_access(file); -@@ -1616,6 +1782,7 @@ out: +@@ -1616,6 +1785,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -96233,7 +96410,7 @@ index dfe90657..3892436 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1648,6 +1815,12 @@ unmap_and_free_vma: +@@ -1648,6 +1818,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -96246,7 +96423,7 @@ index dfe90657..3892436 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1655,7 +1828,63 @@ unacct_error: +@@ -1655,7 +1831,63 @@ unacct_error: return error; } @@ -96311,7 +96488,7 @@ index dfe90657..3892436 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1703,11 +1932,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1703,11 +1935,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -96342,7 +96519,7 @@ index dfe90657..3892436 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1757,7 +2004,7 @@ found: +@@ -1757,7 +2007,7 @@ found: return gap_start; } @@ -96351,7 +96528,7 @@ index dfe90657..3892436 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1811,6 +2058,24 @@ check_current: +@@ -1811,6 +2061,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -96376,7 +96553,7 @@ index dfe90657..3892436 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1874,6 +2139,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1874,6 +2142,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -96384,7 +96561,7 @@ index dfe90657..3892436 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1881,11 +2147,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1881,11 +2150,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -96401,7 +96578,7 @@ index dfe90657..3892436 100644 return addr; } -@@ -1894,6 +2164,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1894,6 +2167,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -96409,7 +96586,7 @@ index dfe90657..3892436 100644 return vm_unmapped_area(&info); } #endif -@@ -1912,6 +2183,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1912,6 +2186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -96417,7 +96594,7 @@ index dfe90657..3892436 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1920,12 +2192,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1920,12 +2195,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -96435,7 +96612,7 @@ index dfe90657..3892436 100644 return addr; } -@@ -1934,6 +2210,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1934,6 +2213,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -96443,7 +96620,7 @@ index dfe90657..3892436 100644 addr = vm_unmapped_area(&info); /* -@@ -1946,6 +2223,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1946,6 +2226,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -96456,7 +96633,7 @@ index dfe90657..3892436 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2046,6 +2329,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2046,6 +2332,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -96485,7 +96662,7 @@ index dfe90657..3892436 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2062,6 +2367,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2062,6 +2370,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -96493,7 +96670,7 @@ index dfe90657..3892436 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2072,6 +2378,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2072,6 +2381,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -96501,7 +96678,7 @@ index dfe90657..3892436 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2101,37 +2408,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2101,37 +2411,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -96559,7 +96736,7 @@ index dfe90657..3892436 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2166,6 +2484,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2166,6 +2487,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -96568,7 +96745,7 @@ index dfe90657..3892436 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2180,6 +2500,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2180,6 +2503,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -96577,7 +96754,7 @@ index dfe90657..3892436 100644 /* * We must make sure the anon_vma is allocated -@@ -2193,6 +2515,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2193,6 +2518,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -96593,7 +96770,7 @@ index dfe90657..3892436 100644 vma_lock_anon_vma(vma); /* -@@ -2202,9 +2533,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2202,9 +2536,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -96612,7 +96789,7 @@ index dfe90657..3892436 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2229,13 +2568,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2229,13 +2571,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -96640,7 +96817,7 @@ index dfe90657..3892436 100644 khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); return error; -@@ -2333,6 +2686,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2333,6 +2689,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -96654,7 +96831,7 @@ index dfe90657..3892436 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2377,6 +2737,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2377,6 +2740,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -96671,7 +96848,7 @@ index dfe90657..3892436 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2404,14 +2774,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2404,14 +2777,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -96705,7 +96882,7 @@ index dfe90657..3892436 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2424,6 +2813,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2424,11 +2816,28 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -96728,7 +96905,14 @@ index dfe90657..3892436 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2443,6 +2848,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, + +- if (anon_vma_clone(new, vma)) ++ err = anon_vma_clone(new, vma); ++ if (err) + goto out_free_mpol; + + if (new->vm_file) +@@ -2443,6 +2852,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -96767,7 +96951,7 @@ index dfe90657..3892436 100644 /* Success. */ if (!err) return 0; -@@ -2452,10 +2889,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2452,10 +2893,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -96787,7 +96971,7 @@ index dfe90657..3892436 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2468,6 +2913,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2468,6 +2917,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -96803,7 +96987,7 @@ index dfe90657..3892436 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2479,11 +2933,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2479,11 +2937,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -96834,7 +97018,7 @@ index dfe90657..3892436 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2558,6 +3031,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2558,6 +3035,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -96843,7 +97027,7 @@ index dfe90657..3892436 100644 return 0; } -@@ -2566,6 +3041,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2566,6 +3045,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -96857,7 +97041,7 @@ index dfe90657..3892436 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2579,16 +3061,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2579,16 +3065,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -96874,7 +97058,7 @@ index dfe90657..3892436 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2602,6 +3074,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2602,6 +3078,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -96882,7 +97066,7 @@ index dfe90657..3892436 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2609,10 +3082,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2609,10 +3086,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -96907,7 +97091,7 @@ index dfe90657..3892436 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2626,21 +3113,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2626,21 +3117,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -96932,7 +97116,7 @@ index dfe90657..3892436 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2654,7 +3140,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2654,7 +3144,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -96941,7 +97125,7 @@ index dfe90657..3892436 100644 return -ENOMEM; } -@@ -2668,10 +3154,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2668,10 +3158,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -96955,7 +97139,7 @@ index dfe90657..3892436 100644 return addr; } -@@ -2733,6 +3220,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2733,6 +3224,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -96963,7 +97147,7 @@ index dfe90657..3892436 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2750,6 +3238,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2750,6 +3242,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -96977,7 +97161,7 @@ index dfe90657..3892436 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2773,7 +3268,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2773,7 +3272,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -96999,7 +97183,7 @@ index dfe90657..3892436 100644 return 0; } -@@ -2792,6 +3301,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2792,6 +3305,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -97008,7 +97192,7 @@ index dfe90657..3892436 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2856,6 +3367,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2856,6 +3371,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -97048,7 +97232,7 @@ index dfe90657..3892436 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2867,6 +3411,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2867,6 +3415,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -97056,7 +97240,7 @@ index dfe90657..3892436 100644 if (cur + npages > lim) return 0; return 1; -@@ -2937,6 +3482,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2937,6 +3486,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -97719,7 +97903,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index cdbd312..2e1e0b9 100644 +index cdbd312..cb05259 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -97799,7 +97983,7 @@ index cdbd312..2e1e0b9 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -270,7 +304,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +@@ -270,10 +304,11 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -97808,7 +97992,23 @@ index cdbd312..2e1e0b9 100644 { struct anon_vma_chain *avc; struct anon_vma *anon_vma; -@@ -374,8 +408,10 @@ static void anon_vma_ctor(void *data) ++ int error; + + /* Don't bother if the parent process has no anon_vma here. */ + if (!pvma->anon_vma) +@@ -283,8 +318,9 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + * First, attach the new VMA to the parent VMA's anon_vmas, + * so rmap can find non-COWed pages in child processes. + */ +- if (anon_vma_clone(vma, pvma)) +- return -ENOMEM; ++ error = anon_vma_clone(vma, pvma); ++ if (error) ++ return error; + + /* Then add our own anon_vma. */ + anon_vma = anon_vma_alloc(); +@@ -374,8 +410,10 @@ static void anon_vma_ctor(void *data) void __init anon_vma_init(void) { anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), @@ -99053,10 +99253,18 @@ index beeeef8..1cb288b 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index c1010cb..91e1a36 100644 +index c1010cb..210c536 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -294,6 +294,12 @@ done: +@@ -9,6 +9,7 @@ + #include <linux/swapops.h> + #include <linux/mman.h> + #include <linux/hugetlb.h> ++#include <linux/vmalloc.h> + + #include <asm/uaccess.h> + +@@ -294,6 +295,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -99069,6 +99277,22 @@ index c1010cb..91e1a36 100644 mm->get_unmapped_area = arch_get_unmapped_area; } #endif +@@ -383,6 +390,15 @@ unsigned long vm_mmap(struct file *file, unsigned long addr, + } + EXPORT_SYMBOL(vm_mmap); + ++void kvfree(const void *addr) ++{ ++ if (is_vmalloc_addr(addr)) ++ vfree(addr); ++ else ++ kfree(addr); ++} ++EXPORT_SYMBOL(kvfree); ++ + struct address_space *page_mapping(struct page *page) + { + struct address_space *mapping = page->mapping; diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 0fdf968..991ff6a 100644 --- a/mm/vmalloc.c @@ -99352,6 +99576,34 @@ index 0fdf968..991ff6a 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); +diff --git a/mm/vmpressure.c b/mm/vmpressure.c +index d4042e7..c5afd57 100644 +--- a/mm/vmpressure.c ++++ b/mm/vmpressure.c +@@ -165,6 +165,7 @@ static void vmpressure_work_fn(struct work_struct *work) + unsigned long scanned; + unsigned long reclaimed; + ++ spin_lock(&vmpr->sr_lock); + /* + * Several contexts might be calling vmpressure(), so it is + * possible that the work was rescheduled again before the old +@@ -173,11 +174,12 @@ static void vmpressure_work_fn(struct work_struct *work) + * here. No need for any locks here since we don't care if + * vmpr->reclaimed is in sync. + */ +- if (!vmpr->scanned) ++ scanned = vmpr->scanned; ++ if (!scanned) { ++ spin_unlock(&vmpr->sr_lock); + return; ++ } + +- spin_lock(&vmpr->sr_lock); +- scanned = vmpr->scanned; + reclaimed = vmpr->reclaimed; + vmpr->scanned = 0; + vmpr->reclaimed = 0; diff --git a/mm/vmstat.c b/mm/vmstat.c index def5dd2..4ce55cec 100644 --- a/mm/vmstat.c @@ -100679,7 +100931,7 @@ index fdac61c..e5e5b46 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index b0db904..70b5ea2 100644 +index b0db904..dc1f9f2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -100717,6 +100969,26 @@ index b0db904..70b5ea2 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); +@@ -2684,6 +2687,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) + if (br_spec) { + nla_for_each_nested(attr, br_spec, rem) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { ++ if (nla_len(attr) < sizeof(flags)) ++ return -EINVAL; ++ + have_flags = true; + flags = nla_get_u16(attr); + break; +@@ -2754,6 +2760,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) + if (br_spec) { + nla_for_each_nested(attr, br_spec, rem) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { ++ if (nla_len(attr) < sizeof(flags)) ++ return -EINVAL; ++ + have_flags = true; + flags = nla_get_u16(attr); + break; diff --git a/net/core/scm.c b/net/core/scm.c index b442e7e..6f5b5a2 100644 --- a/net/core/scm.c @@ -101681,7 +101953,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index e21934b..fcd69aa 100644 +index 0d33f94..fcd69aa 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -101693,16 +101965,7 @@ index e21934b..fcd69aa 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) - &ipv6_hdr(skb)->daddr)) - continue; - #endif -+ } else { -+ continue; - } - - if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) -@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -101711,7 +101974,7 @@ index e21934b..fcd69aa 100644 scoped); rcu_read_unlock(); -@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -101720,7 +101983,7 @@ index e21934b..fcd69aa 100644 #endif } -@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -101729,7 +101992,7 @@ index e21934b..fcd69aa 100644 info, (u8 *)icmph); #endif } -@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -860,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, return ip_recv_error(sk, msg, len, addr_len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -101738,7 +102001,7 @@ index e21934b..fcd69aa 100644 addr_len); #endif } -@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -918,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -101751,7 +102014,7 @@ index e21934b..fcd69aa 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1113,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -103128,9 +103391,19 @@ index 20b63d2..31a777d 100644 kfree_skb(skb); diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 5f8e128..d32ac8c 100644 +index 5f8e128..9e02f78 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c +@@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + { + struct flowi6 *fl6 = &fl->u.ip6; + int onlyproto = 0; +- u16 offset = skb_network_header_len(skb); + const struct ipv6hdr *hdr = ipv6_hdr(skb); ++ u16 offset = sizeof(*hdr); + struct ipv6_opt_hdr *exthdr; + const unsigned char *nh = skb_network_header(skb); + u8 nexthdr = nh[IP6CB(skb)->nhoff]; @@ -170,8 +170,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) case IPPROTO_DCCP: if (!onlyproto && (nh + offset + 4 < skb->data || @@ -106518,7 +106791,7 @@ index 51207e4..f7d603d 100644 struct module { struct module *next; diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c -index deb2994..af4f63e 100644 +index deb2994..af4f63e8 100644 --- a/scripts/mod/sumversion.c +++ b/scripts/mod/sumversion.c @@ -470,7 +470,7 @@ static void write_version(const char *filename, const char *sum, @@ -106678,10 +106951,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..addbccd 100644 +index beb86b5..4c193cc 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,969 @@ +@@ -4,6 +4,974 @@ menu "Security options" @@ -106845,6 +107118,11 @@ index beb86b5..addbccd 100644 + help + Choose this option if this kernel is running as a VirtualBox guest or host. + ++config GRKERNSEC_CONFIG_VIRT_HYPERV ++ bool "Hyper-V" ++ help ++ Choose this option if this kernel is running as a Hyper-V guest. ++ +endchoice + +choice @@ -107651,7 +107929,7 @@ index beb86b5..addbccd 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1066,7 @@ config INTEL_TXT +@@ -103,7 +1071,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -107675,6 +107953,40 @@ index fdaa50c..2761dcb 100644 struct path_cond cond = { old_dentry->d_inode->i_uid, old_dentry->d_inode->i_mode +diff --git a/security/apparmor/include/apparmor.h b/security/apparmor/include/apparmor.h +index 8fb1488..97130f8 100644 +--- a/security/apparmor/include/apparmor.h ++++ b/security/apparmor/include/apparmor.h +@@ -66,7 +66,6 @@ extern int apparmor_initialized __initdata; + char *aa_split_fqname(char *args, char **ns_name); + void aa_info_message(const char *str); + void *__aa_kvmalloc(size_t size, gfp_t flags); +-void kvfree(void *buffer); + + static inline void *kvmalloc(size_t size) + { +diff --git a/security/apparmor/lib.c b/security/apparmor/lib.c +index 6968992..c1827e0 100644 +--- a/security/apparmor/lib.c ++++ b/security/apparmor/lib.c +@@ -104,17 +104,3 @@ void *__aa_kvmalloc(size_t size, gfp_t flags) + } + return buffer; + } +- +-/** +- * kvfree - free an allocation do by kvmalloc +- * @buffer: buffer to free (MAYBE_NULL) +- * +- * Free a buffer allocated by kvmalloc +- */ +-void kvfree(void *buffer) +-{ +- if (is_vmalloc_addr(buffer)) +- vfree(buffer); +- else +- kfree(buffer); +-} diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4257b7e..2d0732d 100644 --- a/security/apparmor/lsm.c diff --git a/3.14.25/4425_grsec_remove_EI_PAX.patch b/3.14.26/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.25/4425_grsec_remove_EI_PAX.patch +++ b/3.14.26/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.25/4427_force_XATTR_PAX_tmpfs.patch b/3.14.26/4427_force_XATTR_PAX_tmpfs.patch index f78ac39..f78ac39 100644 --- a/3.14.25/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.26/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.25/4430_grsec-remove-localversion-grsec.patch b/3.14.26/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.25/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.26/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.25/4435_grsec-mute-warnings.patch b/3.14.26/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.25/4435_grsec-mute-warnings.patch +++ b/3.14.26/4435_grsec-mute-warnings.patch diff --git a/3.14.25/4440_grsec-remove-protected-paths.patch b/3.14.26/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.25/4440_grsec-remove-protected-paths.patch +++ b/3.14.26/4440_grsec-remove-protected-paths.patch diff --git a/3.14.25/4450_grsec-kconfig-default-gids.patch b/3.14.26/4450_grsec-kconfig-default-gids.patch index ff7afeb..ff7afeb 100644 --- a/3.14.25/4450_grsec-kconfig-default-gids.patch +++ b/3.14.26/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.25/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.26/4465_selinux-avc_audit-log-curr_ip.patch index f92c155..f92c155 100644 --- a/3.14.25/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.26/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.25/4470_disable-compat_vdso.patch b/3.14.26/4470_disable-compat_vdso.patch index d5eed75..d5eed75 100644 --- a/3.14.25/4470_disable-compat_vdso.patch +++ b/3.14.26/4470_disable-compat_vdso.patch diff --git a/3.14.25/4475_emutramp_default_on.patch b/3.14.26/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.25/4475_emutramp_default_on.patch +++ b/3.14.26/4475_emutramp_default_on.patch diff --git a/3.14.25/0000_README b/3.17.6/0000_README index ad24f16..1073e62 100644 --- a/3.14.25/0000_README +++ b/3.17.6/0000_README @@ -2,11 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1024_linux-3.14.25.patch +Patch: 1005_linux-3.17.6.patch From: http://www.kernel.org -Desc: Linux 3.14.25 +Desc: Linux 3.17.6 -Patch: 4420_grsecurity-3.0-3.14.25-201411260106.patch +Patch: 4420_grsecurity-3.0-3.17.6-201412071639.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.17.6/1005_linux-3.17.6.patch b/3.17.6/1005_linux-3.17.6.patch new file mode 100644 index 0000000..8056fe0 --- /dev/null +++ b/3.17.6/1005_linux-3.17.6.patch @@ -0,0 +1,46 @@ +diff --git a/Makefile b/Makefile +index 42585f6..bb43e9e 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 17 +-SUBLEVEL = 5 ++SUBLEVEL = 6 + EXTRAVERSION = + NAME = Shuffling Zombie Juror + +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index ec94ba9..de88c4a 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -611,16 +611,12 @@ __nf_conntrack_confirm(struct sk_buff *skb) + */ + NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); + pr_debug("Confirming conntrack %p\n", ct); +- +- /* We have to check the DYING flag after unlink to prevent +- * a race against nf_ct_get_next_corpse() possibly called from +- * user context, else we insert an already 'dead' hash, blocking +- * further use of that particular connection -JM. +- */ +- nf_ct_del_from_dying_or_unconfirmed_list(ct); ++ /* We have to check the DYING flag inside the lock to prevent ++ a race against nf_ct_get_next_corpse() possibly called from ++ user context, else we insert an already 'dead' hash, blocking ++ further use of that particular connection -JM */ + + if (unlikely(nf_ct_is_dying(ct))) { +- nf_ct_add_to_dying_list(ct); + nf_conntrack_double_unlock(hash, reply_hash); + local_bh_enable(); + return NF_ACCEPT; +@@ -640,6 +636,8 @@ __nf_conntrack_confirm(struct sk_buff *skb) + zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h))) + goto out; + ++ nf_ct_del_from_dying_or_unconfirmed_list(ct); ++ + /* Timer relative to confirmation time, not original + setting time, otherwise we'd get timer wrap in + weird delay cases. */ diff --git a/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch b/3.17.6/4420_grsecurity-3.0-3.17.6-201412071639.patch index 3dfb83f..6e7c28d 100644 --- a/3.17.4/4420_grsecurity-3.0-3.17.4-201411260107.patch +++ b/3.17.6/4420_grsecurity-3.0-3.17.6-201412071639.patch @@ -370,7 +370,7 @@ index 1edd5fd..107ff46 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index b60b64d..33b7ec8 100644 +index bb43e9e..9dfc034 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2267,10 +2267,10 @@ index 2ec765c..beb1fe16 100644 struct of_cpu_method { const char *method; diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index fc44d37..acc63c4 100644 +index ce73ab6..7310f8a 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -89,9 +89,9 @@ struct thread_info { +@@ -78,9 +78,9 @@ struct thread_info { .flags = 0, \ .preempt_count = INIT_PREEMPT_COUNT, \ .addr_limit = KERNEL_DS, \ @@ -2283,7 +2283,7 @@ index fc44d37..acc63c4 100644 .restart_block = { \ .fn = do_no_restart_syscall, \ }, \ -@@ -165,7 +165,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -154,7 +154,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ @@ -2296,7 +2296,7 @@ index fc44d37..acc63c4 100644 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -179,10 +183,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -168,10 +172,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) @@ -3284,7 +3284,7 @@ index 7a3be1d..b00c7de 100644 start, end); itcm_present = true; diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index a964c9f..cf2a5b1 100644 +index bea63f5..bc660a7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -64,7 +64,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -3315,7 +3315,7 @@ index a964c9f..cf2a5b1 100644 if (signr) do_exit(signr); } -@@ -887,7 +892,11 @@ void __init early_trap_init(void *vectors_base) +@@ -860,7 +865,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -3620,7 +3620,7 @@ index 7f352de..6dc0929 100644 static int keystone_platform_notifier(struct notifier_block *nb, diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c -index 2bdc323..cf1c607 100644 +index 044b511..afd1da8 100644 --- a/arch/arm/mach-mvebu/coherency.c +++ b/arch/arm/mach-mvebu/coherency.c @@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np) @@ -6977,7 +6977,7 @@ index 7de8658..c109224 100644 /* * We stash processor id into a COP0 register to retrieve it fast diff --git a/arch/mips/include/asm/uaccess.h b/arch/mips/include/asm/uaccess.h -index a109510..0a764f7 100644 +index b9ab717..3a15c28 100644 --- a/arch/mips/include/asm/uaccess.h +++ b/arch/mips/include/asm/uaccess.h @@ -130,6 +130,7 @@ extern u64 __ua_limit; @@ -10772,10 +10772,18 @@ index a3890da..f6a408e 100644 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h -index 5e31871..b71c9d7 100644 +index 5e31871..13469c6 100644 --- a/arch/sparc/include/asm/pgalloc_64.h +++ b/arch/sparc/include/asm/pgalloc_64.h -@@ -38,6 +38,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd) +@@ -21,6 +21,7 @@ static inline void __pgd_populate(pgd_t *pgd, pud_t *pud) + } + + #define pgd_populate(MM, PGD, PUD) __pgd_populate(PGD, PUD) ++#define pgd_populate_kernel(MM, PGD, PMD) pgd_populate((MM), (PGD), (PMD)) + + static inline pgd_t *pgd_alloc(struct mm_struct *mm) + { +@@ -38,6 +39,7 @@ static inline void __pud_populate(pud_t *pud, pmd_t *pmd) } #define pud_populate(MM, PUD, PMD) __pud_populate(PUD, PMD) @@ -15298,7 +15306,7 @@ index d21ff89..6da8e6e 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index f9e181a..db313b5 100644 +index f9e181a..300544c 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c @@ -218,7 +218,7 @@ asmlinkage long sys32_sigreturn(void) @@ -15355,12 +15363,13 @@ index f9e181a..db313b5 100644 if (ksig->ka.sa.sa_flags & SA_RESTORER) restorer = ksig->ka.sa.sa_restorer; -- else + else if (current->mm->context.vdso) + /* Return stub is in 32bit vsyscall page */ - restorer = current->mm->context.vdso + - selected_vdso32->sym___kernel_rt_sigreturn; -+ else ++ restorer = (void __force_user *)(current->mm->context.vdso + ++ selected_vdso32->sym___kernel_rt_sigreturn); + else +- restorer = current->mm->context.vdso + +- selected_vdso32->sym___kernel_rt_sigreturn; + restorer = frame->retcode; put_user_ex(ptr_to_compat(restorer), &frame->pretcode); @@ -15861,7 +15870,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index 6dd1c7dd..2edd216 100644 +index 6dd1c7dd..5a85bf2 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -24,7 +24,18 @@ @@ -16072,10 +16081,13 @@ index 6dd1c7dd..2edd216 100644 } /** -@@ -154,6 +274,18 @@ static inline int atomic_add_negative(int i, atomic_t *v) +@@ -152,7 +272,19 @@ static inline int atomic_add_negative(int i, atomic_t *v) + * + * Atomically adds @i to @v and returns @i + @v */ - static inline int atomic_add_return(int i, atomic_t *v) - { +-static inline int atomic_add_return(int i, atomic_t *v) ++static inline int __intentional_overflow(-1) atomic_add_return(int i, atomic_t *v) ++{ + return i + xadd_check_overflow(&v->counter, i); +} + @@ -16087,11 +16099,17 @@ index 6dd1c7dd..2edd216 100644 + * Atomically adds @i to @v and returns @i + @v + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) -+{ + { return i + xadd(&v->counter, i); } - -@@ -170,9 +302,18 @@ static inline int atomic_sub_return(int i, atomic_t *v) +@@ -164,15 +296,24 @@ static inline int atomic_add_return(int i, atomic_t *v) + * + * Atomically subtracts @i from @v and returns @v - @i + */ +-static inline int atomic_sub_return(int i, atomic_t *v) ++static inline int __intentional_overflow(-1) atomic_sub_return(int i, atomic_t *v) + { + return atomic_add_return(-i, v); } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -17150,12 +17168,12 @@ index 59c6c40..5e0b22c 100644 struct compat_timespec { compat_time_t tv_sec; diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index bb9b258..5fad1bf 100644 +index 2075e6c..d65aa96 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -203,14 +203,14 @@ - #define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */ +@@ -204,14 +204,14 @@ #define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */ + #define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */ - +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */ @@ -17170,7 +17188,7 @@ index bb9b258..5fad1bf 100644 #define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */ -@@ -370,6 +370,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; +@@ -371,6 +371,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32]; #undef cpu_has_centaur_mcr #define cpu_has_centaur_mcr 0 @@ -17178,7 +17196,7 @@ index bb9b258..5fad1bf 100644 #endif /* CONFIG_X86_64 */ #if __GNUC__ >= 4 -@@ -422,7 +423,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -423,7 +424,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) #ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS t_warn: @@ -17188,7 +17206,7 @@ index bb9b258..5fad1bf 100644 return false; #endif -@@ -442,7 +444,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -443,7 +445,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -17197,7 +17215,7 @@ index bb9b258..5fad1bf 100644 "3: movb $1,%0\n" "4:\n" ".previous\n" -@@ -479,7 +481,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -480,7 +482,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) " .byte 2b - 1b\n" /* src len */ " .byte 4f - 3f\n" /* repl len */ ".previous\n" @@ -17206,7 +17224,7 @@ index bb9b258..5fad1bf 100644 "3: .byte 0xe9\n .long %l[t_no] - 2b\n" "4:\n" ".previous\n" -@@ -512,7 +514,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -513,7 +515,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -17215,7 +17233,7 @@ index bb9b258..5fad1bf 100644 "3: movb $0,%0\n" "4:\n" ".previous\n" -@@ -526,7 +528,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) +@@ -527,7 +529,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */ ".previous\n" @@ -20089,7 +20107,7 @@ index d7f3b3b..3cc39f1 100644 __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index 8540538..4b0b5e9 100644 +index 547e344..6be1175 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -24,7 +24,6 @@ struct exec_domain; @@ -21865,10 +21883,10 @@ index 7fd54f0..0691410 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += rdrand.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 60e5497..8efbd2f 100644 +index 813d29d..6e542d4 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -711,7 +711,7 @@ static void init_amd(struct cpuinfo_x86 *c) +@@ -718,7 +718,7 @@ static void init_amd(struct cpuinfo_x86 *c) static unsigned int amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -21878,7 +21896,7 @@ index 60e5497..8efbd2f 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 3126558..a1028f6 100644 +index 35db56b..256e87c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = { @@ -21941,8 +21959,8 @@ index 3126558..a1028f6 100644 - static int __init x86_xsave_setup(char *s) { - setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -303,6 +249,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) + if (strlen(s)) +@@ -305,6 +251,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) } } @@ -22002,7 +22020,7 @@ index 3126558..a1028f6 100644 /* * Some CPU features depend on higher CPUID levels, which may not always * be available due to CPUID level capping or broken virtualization -@@ -403,7 +402,7 @@ void switch_to_new_gdt(int cpu) +@@ -405,7 +404,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -22011,7 +22029,7 @@ index 3126558..a1028f6 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -893,6 +892,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -895,6 +894,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); @@ -22022,7 +22040,7 @@ index 3126558..a1028f6 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -901,6 +904,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -903,6 +906,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -22033,7 +22051,7 @@ index 3126558..a1028f6 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -981,7 +988,7 @@ static void syscall32_cpu_init(void) +@@ -983,7 +990,7 @@ static void syscall32_cpu_init(void) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -22042,7 +22060,7 @@ index 3126558..a1028f6 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -1121,14 +1128,16 @@ static __init int setup_disablecpuid(char *arg) +@@ -1123,14 +1130,16 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -22063,7 +22081,7 @@ index 3126558..a1028f6 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1291,7 +1300,7 @@ void cpu_init(void) +@@ -1293,7 +1302,7 @@ void cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -22072,7 +22090,7 @@ index 3126558..a1028f6 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1326,7 +1335,6 @@ void cpu_init(void) +@@ -1328,7 +1337,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -22080,7 +22098,7 @@ index 3126558..a1028f6 100644 enable_x2apic(); /* -@@ -1378,7 +1386,7 @@ void cpu_init(void) +@@ -1380,7 +1388,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -22861,10 +22879,10 @@ index 5abd4cd..c65733b 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 1abcb50..6c8d702 100644 +index ff86f19..a20c62c 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c -@@ -154,12 +154,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, const struct stacktrace_ops *ops, void *data) { const unsigned cpu = get_cpu(); @@ -22878,7 +22896,7 @@ index 1abcb50..6c8d702 100644 if (!task) task = current; -@@ -180,7 +180,6 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -179,7 +179,6 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, * current stack address. If the stacks consist of nested * exceptions */ @@ -22886,7 +22904,7 @@ index 1abcb50..6c8d702 100644 while (!done) { unsigned long *stack_end; enum stack_type stype; -@@ -203,7 +202,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -202,7 +201,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, if (ops->stack(data, id) < 0) break; @@ -22895,7 +22913,7 @@ index 1abcb50..6c8d702 100644 data, stack_end, &graph); ops->stack(data, "<EOE>"); /* -@@ -211,6 +210,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -210,6 +209,8 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, * second-to-last pointer (index -2 to end) in the * exception stack: */ @@ -22904,7 +22922,7 @@ index 1abcb50..6c8d702 100644 stack = (unsigned long *) stack_end[-2]; done = 0; break; -@@ -219,7 +220,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -218,7 +219,7 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, if (ops->stack(data, "IRQ") < 0) break; @@ -22913,7 +22931,7 @@ index 1abcb50..6c8d702 100644 ops, data, stack_end, &graph); /* * We link to the next stack (which would be -@@ -241,7 +242,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, +@@ -240,7 +241,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, /* * This handles the process stack: */ @@ -22924,7 +22942,7 @@ index 1abcb50..6c8d702 100644 put_cpu(); } EXPORT_SYMBOL(dump_trace); -@@ -350,3 +353,50 @@ int is_valid_bugaddr(unsigned long ip) +@@ -349,3 +352,50 @@ int is_valid_bugaddr(unsigned long ip) return ud2 == 0x0b0f; } @@ -23778,7 +23796,7 @@ index 4b0e1df..884b67e 100644 #endif diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 2fac134..b020fca 100644 +index b9dde27..6e9dc4e 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -24660,32 +24678,16 @@ index 2fac134..b020fca 100644 /* * The iretq could re-enable interrupts: */ -@@ -933,7 +1422,7 @@ ENTRY(retint_kernel) +@@ -920,7 +1409,7 @@ ENTRY(retint_kernel) jmp exit_intr #endif CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * If IRET takes a fault on the espfix stack, then we -@@ -955,13 +1444,13 @@ __do_double_fault: - cmpq $native_irq_return_iret,%rax - jne do_double_fault /* This shouldn't happen... */ - movq PER_CPU_VAR(kernel_stack),%rax -- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ -+ subq $(6*8),%rax /* Reset to original stack */ - movq %rax,RSP(%rdi) - movq $0,(%rax) /* Missing (lost) #GP error code */ - movq $general_protection,RIP(%rdi) - retq - CFI_ENDPROC --END(__do_double_fault) -+ENDPROC(__do_double_fault) - #else - # define __do_double_fault do_double_fault - #endif -@@ -978,7 +1467,7 @@ ENTRY(\sym) + /* + * APIC interrupts. +@@ -934,7 +1423,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24694,7 +24696,7 @@ index 2fac134..b020fca 100644 .endm #ifdef CONFIG_TRACING -@@ -1051,7 +1540,7 @@ apicinterrupt IRQ_WORK_VECTOR \ +@@ -1007,7 +1496,7 @@ apicinterrupt IRQ_WORK_VECTOR \ /* * Exception entry points. */ @@ -24703,7 +24705,7 @@ index 2fac134..b020fca 100644 .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1 ENTRY(\sym) -@@ -1102,6 +1591,12 @@ ENTRY(\sym) +@@ -1058,6 +1547,12 @@ ENTRY(\sym) .endif .if \shift_ist != -1 @@ -24716,7 +24718,7 @@ index 2fac134..b020fca 100644 subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist) .endif -@@ -1118,7 +1613,7 @@ ENTRY(\sym) +@@ -1074,7 +1569,7 @@ ENTRY(\sym) .endif CFI_ENDPROC @@ -24725,7 +24727,7 @@ index 2fac134..b020fca 100644 .endm #ifdef CONFIG_TRACING -@@ -1159,9 +1654,10 @@ gs_change: +@@ -1115,9 +1610,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24737,7 +24739,7 @@ index 2fac134..b020fca 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1189,9 +1685,10 @@ ENTRY(do_softirq_own_stack) +@@ -1145,9 +1641,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24749,7 +24751,7 @@ index 2fac134..b020fca 100644 #ifdef CONFIG_XEN idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0 -@@ -1229,7 +1726,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1185,7 +1682,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24758,7 +24760,7 @@ index 2fac134..b020fca 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1288,7 +1785,7 @@ ENTRY(xen_failsafe_callback) +@@ -1244,7 +1741,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24767,7 +24769,7 @@ index 2fac134..b020fca 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1335,18 +1832,33 @@ ENTRY(paranoid_exit) +@@ -1291,18 +1788,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24803,7 +24805,7 @@ index 2fac134..b020fca 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1375,7 +1887,7 @@ paranoid_schedule: +@@ -1331,7 +1843,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24812,7 +24814,7 @@ index 2fac134..b020fca 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1402,12 +1914,23 @@ ENTRY(error_entry) +@@ -1358,12 +1870,23 @@ ENTRY(error_entry) movq %r14, R14+8(%rsp) movq %r15, R15+8(%rsp) xorl %ebx,%ebx @@ -24837,16 +24839,16 @@ index 2fac134..b020fca 100644 ret /* -@@ -1435,7 +1958,7 @@ bstep_iret: - movq %rcx,RIP+8(%rsp) - jmp error_swapgs +@@ -1398,7 +1921,7 @@ error_bad_iret: + decl %ebx /* Return to usergs */ + jmp error_sti CFI_ENDPROC -END(error_entry) +ENDPROC(error_entry) /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1446,7 +1969,7 @@ ENTRY(error_exit) +@@ -1409,7 +1932,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24855,7 +24857,7 @@ index 2fac134..b020fca 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1455,7 +1978,7 @@ ENTRY(error_exit) +@@ -1418,7 +1941,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24864,7 +24866,7 @@ index 2fac134..b020fca 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1513,9 +2036,11 @@ ENTRY(nmi) +@@ -1476,9 +1999,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24877,7 +24879,7 @@ index 2fac134..b020fca 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1549,8 +2074,7 @@ nested_nmi: +@@ -1512,8 +2037,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24887,7 +24889,7 @@ index 2fac134..b020fca 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1568,6 +2092,7 @@ nested_nmi_out: +@@ -1531,6 +2055,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24895,7 +24897,7 @@ index 2fac134..b020fca 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1664,13 +2189,13 @@ end_repeat_nmi: +@@ -1627,13 +2152,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24911,7 +24913,7 @@ index 2fac134..b020fca 100644 DEFAULT_FRAME 0 /* -@@ -1680,9 +2205,9 @@ end_repeat_nmi: +@@ -1643,9 +2168,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24923,7 +24925,7 @@ index 2fac134..b020fca 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1691,29 +2216,34 @@ end_repeat_nmi: +@@ -1654,29 +2179,34 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -28554,7 +28556,7 @@ index 1c113db..287b42e 100644 static int trace_irq_vector_refcount; static DEFINE_MUTEX(irq_vector_mutex); diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 0d0e922..0886373 100644 +index de801f2..f189dcf 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -67,7 +67,7 @@ @@ -28633,7 +28635,7 @@ index 0d0e922..0886373 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -266,6 +278,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) +@@ -274,6 +286,11 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_DF; @@ -28645,7 +28647,7 @@ index 0d0e922..0886373 100644 #ifdef CONFIG_DOUBLEFAULT df_debug(regs, error_code); #endif -@@ -288,7 +305,7 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -296,7 +313,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -28654,7 +28656,7 @@ index 0d0e922..0886373 100644 local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); goto exit; -@@ -296,18 +313,42 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -304,18 +321,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; @@ -28699,7 +28701,16 @@ index 0d0e922..0886373 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -481,7 +522,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) +@@ -433,7 +474,7 @@ struct bad_iret_stack *fixup_bad_iret(struct bad_iret_stack *s) + /* Copy the remainder of the stack from the current stack. */ + memmove(new_stack, s, offsetof(struct bad_iret_stack, regs.ip)); + +- BUG_ON(!user_mode_vm(&new_stack->regs)); ++ BUG_ON(!user_mode(&new_stack->regs)); + return new_stack; + } + #endif +@@ -518,7 +559,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -28708,7 +28719,7 @@ index 0d0e922..0886373 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -496,7 +537,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) +@@ -533,7 +574,7 @@ dotraplinkage void do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -28717,7 +28728,7 @@ index 0d0e922..0886373 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -529,7 +570,7 @@ static void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -566,7 +607,7 @@ static void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -33764,7 +33775,7 @@ index 7d05565..bfc5338 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 5621c47..5e17b7390 100644 +index ac7de5f..ceb56df 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -33888,7 +33899,7 @@ index 5621c47..5e17b7390 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -1196,8 +1217,8 @@ static struct vm_operations_struct gate_vma_ops = { +@@ -1205,8 +1226,8 @@ static struct vm_operations_struct gate_vma_ops = { static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_ADDR, .vm_end = VSYSCALL_ADDR + PAGE_SIZE, @@ -41320,7 +41331,7 @@ index d4d16ed..8fb0b51 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 9933c26..32cc097 100644 +index 2d23e57..1c61d41 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c @@ -1292,7 +1292,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) @@ -41384,10 +41395,10 @@ index 2e0613e..a8b94d9 100644 return ret; diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index b71a026..8b6cc10 100644 +index 7bd17b3..ffa0a11 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -12437,13 +12437,13 @@ struct intel_quirk { +@@ -12441,13 +12441,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -41403,7 +41414,7 @@ index b71a026..8b6cc10 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -12451,18 +12451,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -12455,18 +12455,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -43903,6 +43914,19 @@ index c00ae09..04e91be 100644 #include "qib_common.h" #include "qib_verbs.h" +diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c +index de05545..b535322 100644 +--- a/drivers/input/evdev.c ++++ b/drivers/input/evdev.c +@@ -421,7 +421,7 @@ static int evdev_open(struct inode *inode, struct file *file) + + err_free_client: + evdev_detach_client(evdev, client); +- kfree(client); ++ kvfree(client); + return error; + } + diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index 24c41ba..102d71f 100644 --- a/drivers/input/gameport/gameport.c @@ -43959,7 +43983,7 @@ index 4a95b22..874c182 100644 #include <linux/gameport.h> #include <linux/jiffies.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 177602c..ec78499 100644 +index e65d9c0..ad3942e 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -850,7 +850,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, @@ -48390,7 +48414,7 @@ index cf8b6ff..274271e 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 93ff8ef..01e0537 100644 +index 93ff8ef..39c64dd 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -533,7 +533,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -48402,6 +48426,16 @@ index 93ff8ef..01e0537 100644 } static void populate_erx_stats(struct be_adapter *adapter, +@@ -4286,6 +4286,9 @@ static int be_ndo_bridge_setlink(struct net_device *dev, struct nlmsghdr *nlh) + if (nla_type(attr) != IFLA_BRIDGE_MODE) + continue; + ++ if (nla_len(attr) < sizeof(mode)) ++ return -EINVAL; ++ + mode = nla_get_u16(attr); + if (mode != BRIDGE_MODE_VEPA && mode != BRIDGE_MODE_VEB) + return -EINVAL; diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c index c77fa4a..7fd42fc 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c @@ -48441,6 +48475,20 @@ index 537b621..07f87ce 100644 smp_mb(); /* Force the above update. */ } +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index e82821f..c7dd0af 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -7789,6 +7789,9 @@ static int ixgbe_ndo_bridge_setlink(struct net_device *dev, + if (nla_type(attr) != IFLA_BRIDGE_MODE) + continue; + ++ if (nla_len(attr) < sizeof(mode)) ++ return -EINVAL; ++ + mode = nla_get_u16(attr); + if (mode == BRIDGE_MODE_VEPA) { + reg = 0; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c index 5fd4b52..87aa34b 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c @@ -48647,7 +48695,7 @@ index 2b86f0b..ecc996f 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 9ce854f..e43fa17 100644 +index 6cbc56a..5f7e6c8 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c @@ -365,7 +365,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) @@ -48748,21 +48796,6 @@ index 17ecdd6..79ad848 100644 break; err = 0; break; -diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c -index 1aff970..cc2ee29 100644 ---- a/drivers/net/ppp/pptp.c -+++ b/drivers/net/ppp/pptp.c -@@ -506,7 +506,9 @@ static int pptp_getname(struct socket *sock, struct sockaddr *uaddr, - int len = sizeof(struct sockaddr_pppox); - struct sockaddr_pppox sp; - -- sp.sa_family = AF_PPPOX; -+ memset(&sp.sa_addr, 0, sizeof(sp.sa_addr)); -+ -+ sp.sa_family = AF_PPPOX; - sp.sa_protocol = PX_PROTO_PPTP; - sp.sa_addr.pptp = pppox_sk(sock->sk)->proto.pptp.src_addr; - diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c index 079f7ad..b2a2bfa7 100644 --- a/drivers/net/slip/slhc.c @@ -49668,7 +49701,7 @@ index 0ffb6ff..c0b7f0e 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 6c02467..771bb8a 100644 +index bb36d67..a43451e 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c @@ -1686,7 +1686,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, @@ -49755,10 +49788,10 @@ index d13f25c..2573994 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index 8e68f87..c35ba29 100644 +index 66ff364..3ce34f7 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -250,9 +250,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, +@@ -224,9 +224,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) @@ -49852,6 +49885,29 @@ index a912dc0..a8225ba 100644 u16 int_num; ZD_ASSERT(in_interrupt()); +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index ca82f54..3767771 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -496,9 +496,6 @@ static void xennet_make_frags(struct sk_buff *skb, struct netfront_queue *queue, + len = skb_frag_size(frag); + offset = frag->page_offset; + +- /* Data must not cross a page boundary. */ +- BUG_ON(len + offset > PAGE_SIZE<<compound_order(page)); +- + /* Skip unused frames from start of page */ + page += offset >> PAGE_SHIFT; + offset &= ~PAGE_MASK; +@@ -506,8 +503,6 @@ static void xennet_make_frags(struct sk_buff *skb, struct netfront_queue *queue, + while (len > 0) { + unsigned long bytes; + +- BUG_ON(offset >= PAGE_SIZE); +- + bytes = PAGE_SIZE - offset; + if (bytes > len) + bytes = len; diff --git a/drivers/nfc/nfcwilink.c b/drivers/nfc/nfcwilink.c index 683671a..4519fc2 100644 --- a/drivers/nfc/nfcwilink.c @@ -50184,7 +50240,7 @@ index 07aa722..84514b4 100644 int retval = -ENOMEM; diff --git a/drivers/pci/msi.c b/drivers/pci/msi.c -index 5a40516..136d5a7 100644 +index 6807edd..086a7dc 100644 --- a/drivers/pci/msi.c +++ b/drivers/pci/msi.c @@ -507,8 +507,8 @@ static int populate_msi_sysfs(struct pci_dev *pdev) @@ -50269,7 +50325,7 @@ index e1e7026..d28dd33 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 4170113..7cc5339 100644 +index 9cce960..7c530f4 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -176,7 +176,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -52196,7 +52252,7 @@ index 11a5043..e36f04c 100644 .read = fuse_read, }; diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index ca935df..ae8a3dc 100644 +index 2bf2dfa..b4d9008 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -2210,7 +2210,7 @@ int spi_bus_unlock(struct spi_master *master) @@ -52665,7 +52721,7 @@ index 15a1c13..6c9b96b 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index ab61014..8f1116e 100644 +index a9c77b5..024a07d 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1165,7 +1165,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) @@ -58371,10 +58427,10 @@ index 2946712..f737435 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 7337500..2058af6 100644 +index 0ff7c46..7f5d132 100644 --- a/fs/aio.c +++ b/fs/aio.c -@@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) +@@ -388,7 +388,7 @@ static int aio_setup_ring(struct kioctx *ctx) size += sizeof(struct io_event) * nr_events; nr_pages = PFN_UP(size); @@ -59517,10 +59573,10 @@ index 6d72746..536d1db 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 44ee5d2..8b23e53 100644 +index 8bbcc24..6f10d78 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1184,9 +1184,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1174,9 +1174,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -62044,6 +62100,72 @@ index 2d1e5803..1b082d415 100644 } static int +diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c +index 6df8d3d..b8b92c2 100644 +--- a/fs/fat/namei_vfat.c ++++ b/fs/fat/namei_vfat.c +@@ -736,7 +736,12 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry, + } + + alias = d_find_alias(inode); +- if (alias && !vfat_d_anon_disconn(alias)) { ++ /* ++ * Checking "alias->d_parent == dentry->d_parent" to make sure ++ * FS is not corrupted (especially double linked dir). ++ */ ++ if (alias && alias->d_parent == dentry->d_parent && ++ !vfat_d_anon_disconn(alias)) { + /* + * This inode has non anonymous-DCACHE_DISCONNECTED + * dentry. This means, the user did ->lookup() by an +@@ -755,12 +760,9 @@ static struct dentry *vfat_lookup(struct inode *dir, struct dentry *dentry, + + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); +- dentry->d_time = dentry->d_parent->d_inode->i_version; +- dentry = d_splice_alias(inode, dentry); +- if (dentry) +- dentry->d_time = dentry->d_parent->d_inode->i_version; +- return dentry; +- ++ if (!inode) ++ dentry->d_time = dir->i_version; ++ return d_splice_alias(inode, dentry); + error: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + return ERR_PTR(err); +@@ -793,7 +795,6 @@ static int vfat_create(struct inode *dir, struct dentry *dentry, umode_t mode, + inode->i_mtime = inode->i_atime = inode->i_ctime = ts; + /* timestamp is already written, so mark_inode_dirty() is unneeded. */ + +- dentry->d_time = dentry->d_parent->d_inode->i_version; + d_instantiate(dentry, inode); + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); +@@ -824,6 +825,7 @@ static int vfat_rmdir(struct inode *dir, struct dentry *dentry) + clear_nlink(inode); + inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; + fat_detach(inode); ++ dentry->d_time = dir->i_version; + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + +@@ -849,6 +851,7 @@ static int vfat_unlink(struct inode *dir, struct dentry *dentry) + clear_nlink(inode); + inode->i_mtime = inode->i_atime = CURRENT_TIME_SEC; + fat_detach(inode); ++ dentry->d_time = dir->i_version; + out: + mutex_unlock(&MSDOS_SB(sb)->s_lock); + +@@ -889,7 +892,6 @@ static int vfat_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) + inode->i_mtime = inode->i_atime = inode->i_ctime = ts; + /* timestamp is already written, so mark_inode_dirty() is unneeded. */ + +- dentry->d_time = dentry->d_parent->d_inode->i_version; + d_instantiate(dentry, inode); + + mutex_unlock(&MSDOS_SB(sb)->s_lock); diff --git a/fs/fcntl.c b/fs/fcntl.c index 22d1c3d..600cf7e 100644 --- a/fs/fcntl.c @@ -79219,7 +79341,7 @@ index 77ff547..181834f 100644 #define pud_none(pud) 0 #define pud_bad(pud) 0 diff --git a/include/asm-generic/atomic-long.h b/include/asm-generic/atomic-long.h -index b7babf0..97f4c4f 100644 +index b7babf0..1e4b4f1 100644 --- a/include/asm-generic/atomic-long.h +++ b/include/asm-generic/atomic-long.h @@ -22,6 +22,12 @@ @@ -79480,7 +79602,15 @@ index b7babf0..97f4c4f 100644 static inline int atomic_long_sub_and_test(long i, atomic_long_t *l) { atomic_t *v = (atomic_t *)l; -@@ -218,6 +356,16 @@ static inline long atomic_long_add_return(long i, atomic_long_t *l) +@@ -211,13 +349,23 @@ static inline int atomic_long_add_negative(long i, atomic_long_t *l) + return atomic_add_negative(i, v); + } + +-static inline long atomic_long_add_return(long i, atomic_long_t *l) ++static inline long __intentional_overflow(-1) atomic_long_add_return(long i, atomic_long_t *l) + { + atomic_t *v = (atomic_t *)l; + return (long)atomic_add_return(i, v); } @@ -80146,10 +80276,10 @@ index 61f29e5..e67c658 100644 extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/bitops.h b/include/linux/bitops.h -index cbc5833..8123ebc 100644 +index 38b5f5c..645018c 100644 --- a/include/linux/bitops.h +++ b/include/linux/bitops.h -@@ -122,7 +122,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) +@@ -125,7 +125,7 @@ static inline __u64 ror64(__u64 word, unsigned int shift) * @word: value to rotate * @shift: bits to roll */ @@ -80158,7 +80288,7 @@ index cbc5833..8123ebc 100644 { return (word << shift) | (word >> (32 - shift)); } -@@ -132,7 +132,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift) +@@ -135,7 +135,7 @@ static inline __u32 rol32(__u32 word, unsigned int shift) * @word: value to rotate * @shift: bits to roll */ @@ -80167,7 +80297,7 @@ index cbc5833..8123ebc 100644 { return (word >> shift) | (word << (32 - shift)); } -@@ -188,7 +188,7 @@ static inline __s32 sign_extend32(__u32 value, int index) +@@ -191,7 +191,7 @@ static inline __s32 sign_extend32(__u32 value, int index) return (__s32)(value << shift) >> shift; } @@ -80266,7 +80396,7 @@ index 4ce9056..86caac6 100644 extern struct cleancache_ops * cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h -index 411dd7e..ee38878 100644 +index da6996e..9d13d5f 100644 --- a/include/linux/clk-provider.h +++ b/include/linux/clk-provider.h @@ -180,6 +180,7 @@ struct clk_ops { @@ -86111,7 +86241,7 @@ index d9fa68f..45c88d1 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); diff --git a/include/net/af_unix.h b/include/net/af_unix.h -index a175ba4..196eb82 100644 +index a175ba4..196eb8242 100644 --- a/include/net/af_unix.h +++ b/include/net/af_unix.h @@ -36,7 +36,7 @@ struct unix_skb_parms { @@ -88957,10 +89087,10 @@ index 569b2187..19940d9 100644 /* Callchain handling */ extern struct perf_callchain_entry * diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c -index 1d0af8a..9913530 100644 +index ed8f2cd..fe8030c 100644 --- a/kernel/events/uprobes.c +++ b/kernel/events/uprobes.c -@@ -1671,7 +1671,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) +@@ -1670,7 +1670,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) { struct page *page; uprobe_opcode_t opcode; @@ -95884,7 +96014,7 @@ index 44c6bd2..60369dc3 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 37b80fc..68218aa 100644 +index 37b80fc..9cdef79 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -415,6 +415,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -95934,6 +96064,39 @@ index 37b80fc..68218aa 100644 vma->vm_file->f_op->mmap); dump_stack(); add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); +@@ -815,20 +821,20 @@ copy_one_pte(struct mm_struct *dst_mm, struct mm_struct *src_mm, + if (!pte_file(pte)) { + swp_entry_t entry = pte_to_swp_entry(pte); + +- if (swap_duplicate(entry) < 0) +- return entry.val; ++ if (likely(!non_swap_entry(entry))) { ++ if (swap_duplicate(entry) < 0) ++ return entry.val; + +- /* make sure dst_mm is on swapoff's mmlist. */ +- if (unlikely(list_empty(&dst_mm->mmlist))) { +- spin_lock(&mmlist_lock); +- if (list_empty(&dst_mm->mmlist)) +- list_add(&dst_mm->mmlist, +- &src_mm->mmlist); +- spin_unlock(&mmlist_lock); +- } +- if (likely(!non_swap_entry(entry))) ++ /* make sure dst_mm is on swapoff's mmlist. */ ++ if (unlikely(list_empty(&dst_mm->mmlist))) { ++ spin_lock(&mmlist_lock); ++ if (list_empty(&dst_mm->mmlist)) ++ list_add(&dst_mm->mmlist, ++ &src_mm->mmlist); ++ spin_unlock(&mmlist_lock); ++ } + rss[MM_SWAPENTS]++; +- else if (is_migration_entry(entry)) { ++ } else if (is_migration_entry(entry)) { + page = migration_entry_to_page(entry); + + if (PageAnon(page)) @@ -1501,6 +1507,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -96707,7 +96870,7 @@ index ce84cb0..6d5a9aa 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index ebc25fa..0ef0db0 100644 +index ebc25fa..9135e65 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -41,6 +41,7 @@ @@ -96793,7 +96956,21 @@ index ebc25fa..0ef0db0 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -949,6 +977,12 @@ static int +@@ -752,8 +780,11 @@ again: remove_next = 1 + (end > next->vm_end); + * shrinking vma had, to cover any anon pages imported. + */ + if (exporter && exporter->anon_vma && !importer->anon_vma) { +- if (anon_vma_clone(importer, exporter)) +- return -ENOMEM; ++ int error; ++ ++ error = anon_vma_clone(importer, exporter); ++ if (error) ++ return error; + importer->anon_vma = exporter->anon_vma; + } + } +@@ -949,6 +980,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -96806,7 +96983,7 @@ index ebc25fa..0ef0db0 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -968,6 +1002,12 @@ static int +@@ -968,6 +1005,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -96819,7 +96996,7 @@ index ebc25fa..0ef0db0 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1010,13 +1050,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -1010,13 +1053,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -96841,7 +97018,7 @@ index ebc25fa..0ef0db0 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1032,6 +1079,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1032,6 +1082,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -96857,7 +97034,7 @@ index ebc25fa..0ef0db0 100644 /* * Can it merge with the predecessor? */ -@@ -1051,9 +1107,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1051,9 +1110,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -96883,7 +97060,7 @@ index ebc25fa..0ef0db0 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev, vm_flags); -@@ -1067,12 +1138,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1067,12 +1141,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -96913,7 +97090,7 @@ index ebc25fa..0ef0db0 100644 if (err) return NULL; khugepaged_enter_vma_merge(area, vm_flags); -@@ -1181,8 +1267,10 @@ none: +@@ -1181,8 +1270,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -96926,7 +97103,7 @@ index ebc25fa..0ef0db0 100644 mm->total_vm += pages; -@@ -1190,7 +1278,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1190,7 +1281,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -96935,7 +97112,7 @@ index ebc25fa..0ef0db0 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1220,6 +1308,7 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1220,6 +1311,7 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -96943,7 +97120,7 @@ index ebc25fa..0ef0db0 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1246,7 +1335,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1246,7 +1338,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -96952,7 +97129,7 @@ index ebc25fa..0ef0db0 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1272,7 +1361,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1272,7 +1364,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -96961,7 +97138,7 @@ index ebc25fa..0ef0db0 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1283,6 +1372,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1283,6 +1375,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -97005,7 +97182,7 @@ index ebc25fa..0ef0db0 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1370,6 +1496,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1370,6 +1499,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -97015,7 +97192,7 @@ index ebc25fa..0ef0db0 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1463,7 +1592,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1463,7 +1595,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -97024,7 +97201,7 @@ index ebc25fa..0ef0db0 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1509,7 +1638,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1509,7 +1641,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -97047,7 +97224,7 @@ index ebc25fa..0ef0db0 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1528,11 +1672,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1528,11 +1675,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, /* Clear old maps */ error = -ENOMEM; @@ -97060,7 +97237,7 @@ index ebc25fa..0ef0db0 100644 } /* -@@ -1563,6 +1706,16 @@ munmap_back: +@@ -1563,6 +1709,16 @@ munmap_back: goto unacct_error; } @@ -97077,7 +97254,7 @@ index ebc25fa..0ef0db0 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1593,6 +1746,13 @@ munmap_back: +@@ -1593,6 +1749,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -97091,7 +97268,7 @@ index ebc25fa..0ef0db0 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1626,6 +1786,12 @@ munmap_back: +@@ -1626,6 +1789,12 @@ munmap_back: } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -97104,7 +97281,7 @@ index ebc25fa..0ef0db0 100644 /* Once vma denies write, undo our temporary denial count */ if (file) { if (vm_flags & VM_SHARED) -@@ -1638,6 +1804,7 @@ out: +@@ -1638,6 +1807,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -97112,7 +97289,7 @@ index ebc25fa..0ef0db0 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1673,6 +1840,12 @@ allow_write_and_free_vma: +@@ -1673,6 +1843,12 @@ allow_write_and_free_vma: if (vm_flags & VM_DENYWRITE) allow_write_access(file); free_vma: @@ -97125,7 +97302,7 @@ index ebc25fa..0ef0db0 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1680,7 +1853,63 @@ unacct_error: +@@ -1680,7 +1856,63 @@ unacct_error: return error; } @@ -97190,7 +97367,7 @@ index ebc25fa..0ef0db0 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1728,11 +1957,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1728,11 +1960,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -97221,7 +97398,7 @@ index ebc25fa..0ef0db0 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1782,7 +2029,7 @@ found: +@@ -1782,7 +2032,7 @@ found: return gap_start; } @@ -97230,7 +97407,7 @@ index ebc25fa..0ef0db0 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1836,6 +2083,24 @@ check_current: +@@ -1836,6 +2086,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -97255,7 +97432,7 @@ index ebc25fa..0ef0db0 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1899,6 +2164,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1899,6 +2167,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -97263,7 +97440,7 @@ index ebc25fa..0ef0db0 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1906,11 +2172,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1906,11 +2175,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -97280,7 +97457,7 @@ index ebc25fa..0ef0db0 100644 return addr; } -@@ -1919,6 +2189,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1919,6 +2192,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -97288,7 +97465,7 @@ index ebc25fa..0ef0db0 100644 return vm_unmapped_area(&info); } #endif -@@ -1937,6 +2208,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1937,6 +2211,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -97296,7 +97473,7 @@ index ebc25fa..0ef0db0 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1945,12 +2217,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1945,12 +2220,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -97314,7 +97491,7 @@ index ebc25fa..0ef0db0 100644 return addr; } -@@ -1959,6 +2235,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1959,6 +2238,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -97322,7 +97499,7 @@ index ebc25fa..0ef0db0 100644 addr = vm_unmapped_area(&info); /* -@@ -1971,6 +2248,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1971,6 +2251,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -97335,7 +97512,7 @@ index ebc25fa..0ef0db0 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2071,6 +2354,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2071,6 +2357,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -97364,7 +97541,7 @@ index ebc25fa..0ef0db0 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2087,6 +2392,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2087,6 +2395,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -97372,7 +97549,7 @@ index ebc25fa..0ef0db0 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2097,6 +2403,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2097,6 +2406,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -97380,7 +97557,7 @@ index ebc25fa..0ef0db0 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2126,37 +2433,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2126,37 +2436,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -97438,7 +97615,7 @@ index ebc25fa..0ef0db0 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2191,6 +2509,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2191,6 +2512,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -97447,7 +97624,7 @@ index ebc25fa..0ef0db0 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); -@@ -2205,6 +2525,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2205,6 +2528,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -97456,7 +97633,7 @@ index ebc25fa..0ef0db0 100644 /* * We must make sure the anon_vma is allocated -@@ -2218,6 +2540,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2218,6 +2543,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -97472,7 +97649,7 @@ index ebc25fa..0ef0db0 100644 vma_lock_anon_vma(vma); /* -@@ -2227,9 +2558,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2227,9 +2561,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -97491,7 +97668,7 @@ index ebc25fa..0ef0db0 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2254,13 +2593,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2254,13 +2596,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -97519,7 +97696,7 @@ index ebc25fa..0ef0db0 100644 khugepaged_enter_vma_merge(vma, vma->vm_flags); validate_mm(vma->vm_mm); return error; -@@ -2358,6 +2711,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2358,6 +2714,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -97533,7 +97710,7 @@ index ebc25fa..0ef0db0 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2402,6 +2762,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2402,6 +2765,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -97550,7 +97727,7 @@ index ebc25fa..0ef0db0 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2429,14 +2799,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2429,14 +2802,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -97584,7 +97761,7 @@ index ebc25fa..0ef0db0 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2449,6 +2838,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2449,11 +2841,28 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -97607,7 +97784,14 @@ index ebc25fa..0ef0db0 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2468,6 +2873,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, + +- if (anon_vma_clone(new, vma)) ++ err = anon_vma_clone(new, vma); ++ if (err) + goto out_free_mpol; + + if (new->vm_file) +@@ -2468,6 +2877,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -97646,7 +97830,7 @@ index ebc25fa..0ef0db0 100644 /* Success. */ if (!err) return 0; -@@ -2477,10 +2914,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2477,10 +2918,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -97666,7 +97850,7 @@ index ebc25fa..0ef0db0 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2493,6 +2938,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2493,6 +2942,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -97682,7 +97866,7 @@ index ebc25fa..0ef0db0 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2504,11 +2958,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2504,11 +2962,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -97713,7 +97897,7 @@ index ebc25fa..0ef0db0 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2583,6 +3056,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2583,6 +3060,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -97722,7 +97906,7 @@ index ebc25fa..0ef0db0 100644 return 0; } -@@ -2591,6 +3066,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2591,6 +3070,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -97736,7 +97920,7 @@ index ebc25fa..0ef0db0 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2604,16 +3086,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2604,16 +3090,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -97753,7 +97937,7 @@ index ebc25fa..0ef0db0 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2627,6 +3099,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2627,6 +3103,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -97761,7 +97945,7 @@ index ebc25fa..0ef0db0 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2634,10 +3107,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2634,10 +3111,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -97786,7 +97970,7 @@ index ebc25fa..0ef0db0 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2651,21 +3138,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2651,21 +3142,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -97811,7 +97995,7 @@ index ebc25fa..0ef0db0 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2679,7 +3165,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2679,7 +3169,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -97820,7 +98004,7 @@ index ebc25fa..0ef0db0 100644 return -ENOMEM; } -@@ -2693,10 +3179,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2693,10 +3183,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -97834,7 +98018,7 @@ index ebc25fa..0ef0db0 100644 return addr; } -@@ -2758,6 +3245,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2758,6 +3249,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -97842,7 +98026,7 @@ index ebc25fa..0ef0db0 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2775,6 +3263,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2775,6 +3267,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -97856,7 +98040,7 @@ index ebc25fa..0ef0db0 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2798,7 +3293,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2798,7 +3297,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -97878,7 +98062,7 @@ index ebc25fa..0ef0db0 100644 return 0; } -@@ -2817,6 +3326,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2817,6 +3330,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -97887,7 +98071,7 @@ index ebc25fa..0ef0db0 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2881,6 +3392,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2881,6 +3396,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -97927,7 +98111,7 @@ index ebc25fa..0ef0db0 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2892,6 +3436,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2892,6 +3440,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -97935,7 +98119,7 @@ index ebc25fa..0ef0db0 100644 if (cur + npages > lim) return 0; return 1; -@@ -2974,6 +3519,22 @@ static struct vm_area_struct *__install_special_mapping( +@@ -2974,6 +3523,22 @@ static struct vm_area_struct *__install_special_mapping( vma->vm_start = addr; vma->vm_end = addr + len; @@ -98566,7 +98750,7 @@ index 5077afc..846c9ef 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index e01318d..25117ca 100644 +index e01318d..7a532bd 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -164,6 +164,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -98646,7 +98830,7 @@ index e01318d..25117ca 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -270,7 +304,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +@@ -270,10 +304,11 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -98655,7 +98839,23 @@ index e01318d..25117ca 100644 { struct anon_vma_chain *avc; struct anon_vma *anon_vma; -@@ -374,8 +408,10 @@ static void anon_vma_ctor(void *data) ++ int error; + + /* Don't bother if the parent process has no anon_vma here. */ + if (!pvma->anon_vma) +@@ -283,8 +318,9 @@ int anon_vma_fork(struct vm_area_struct *vma, struct vm_area_struct *pvma) + * First, attach the new VMA to the parent VMA's anon_vmas, + * so rmap can find non-COWed pages in child processes. + */ +- if (anon_vma_clone(vma, pvma)) +- return -ENOMEM; ++ error = anon_vma_clone(vma, pvma); ++ if (error) ++ return error; + + /* Then add our own anon_vma. */ + anon_vma = anon_vma_alloc(); +@@ -374,8 +410,10 @@ static void anon_vma_ctor(void *data) void __init anon_vma_init(void) { anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma), @@ -100218,6 +100418,34 @@ index 2b0aa54..b451f74 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); +diff --git a/mm/vmpressure.c b/mm/vmpressure.c +index d4042e7..c5afd57 100644 +--- a/mm/vmpressure.c ++++ b/mm/vmpressure.c +@@ -165,6 +165,7 @@ static void vmpressure_work_fn(struct work_struct *work) + unsigned long scanned; + unsigned long reclaimed; + ++ spin_lock(&vmpr->sr_lock); + /* + * Several contexts might be calling vmpressure(), so it is + * possible that the work was rescheduled again before the old +@@ -173,11 +174,12 @@ static void vmpressure_work_fn(struct work_struct *work) + * here. No need for any locks here since we don't care if + * vmpr->reclaimed is in sync. + */ +- if (!vmpr->scanned) ++ scanned = vmpr->scanned; ++ if (!scanned) { ++ spin_unlock(&vmpr->sr_lock); + return; ++ } + +- spin_lock(&vmpr->sr_lock); +- scanned = vmpr->scanned; + reclaimed = vmpr->reclaimed; + vmpr->scanned = 0; + vmpr->reclaimed = 0; diff --git a/mm/vmstat.c b/mm/vmstat.c index e9ab104..de275bd 100644 --- a/mm/vmstat.c @@ -101547,7 +101775,7 @@ index 8b849dd..cd88bfc 100644 pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR); return -ENODEV; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index f0493e3..0f43f7a 100644 +index f0493e3..c3ffd7f 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -101594,6 +101822,26 @@ index f0493e3..0f43f7a 100644 goto nla_put_failure; if (1) { +@@ -2780,6 +2783,9 @@ static int rtnl_bridge_setlink(struct sk_buff *skb, struct nlmsghdr *nlh) + if (br_spec) { + nla_for_each_nested(attr, br_spec, rem) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { ++ if (nla_len(attr) < sizeof(flags)) ++ return -EINVAL; ++ + have_flags = true; + flags = nla_get_u16(attr); + break; +@@ -2850,6 +2856,9 @@ static int rtnl_bridge_dellink(struct sk_buff *skb, struct nlmsghdr *nlh) + if (br_spec) { + nla_for_each_nested(attr, br_spec, rem) { + if (nla_type(attr) == IFLA_BRIDGE_FLAGS) { ++ if (nla_len(attr) < sizeof(flags)) ++ return -EINVAL; ++ + have_flags = true; + flags = nla_get_u16(attr); + break; diff --git a/net/core/scm.c b/net/core/scm.c index b442e7e..6f5b5a2 100644 --- a/net/core/scm.c @@ -102583,7 +102831,7 @@ index 2510c02..cfb34fa 100644 pr_err("Unable to proc dir entry\n"); return -ENOMEM; diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index a3c59a0..2e88bfd 100644 +index 3524762..2e88bfd 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -59,7 +59,7 @@ struct ping_table { @@ -102595,16 +102843,7 @@ index a3c59a0..2e88bfd 100644 EXPORT_SYMBOL_GPL(pingv6_ops); static u16 ping_port_rover; -@@ -217,6 +217,8 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident) - &ipv6_hdr(skb)->daddr)) - continue; - #endif -+ } else { -+ continue; - } - - if (sk->sk_bound_dev_if && sk->sk_bound_dev_if != dif) -@@ -348,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, +@@ -350,7 +350,7 @@ static int ping_check_bind_addr(struct sock *sk, struct inet_sock *isk, return -ENODEV; } } @@ -102613,7 +102852,7 @@ index a3c59a0..2e88bfd 100644 scoped); rcu_read_unlock(); -@@ -556,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -558,7 +558,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) } #if IS_ENABLED(CONFIG_IPV6) } else if (skb->protocol == htons(ETH_P_IPV6)) { @@ -102622,7 +102861,7 @@ index a3c59a0..2e88bfd 100644 #endif } -@@ -574,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) +@@ -576,7 +576,7 @@ void ping_err(struct sk_buff *skb, int offset, u32 info) info, (u8 *)icmph); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -102631,7 +102870,7 @@ index a3c59a0..2e88bfd 100644 info, (u8 *)icmph); #endif } -@@ -858,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -860,7 +860,7 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, return ip_recv_error(sk, msg, len, addr_len); #if IS_ENABLED(CONFIG_IPV6) } else if (family == AF_INET6) { @@ -102640,7 +102879,7 @@ index a3c59a0..2e88bfd 100644 addr_len); #endif } -@@ -916,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -918,10 +918,10 @@ int ping_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, } if (inet6_sk(sk)->rxopt.all) @@ -102653,7 +102892,7 @@ index a3c59a0..2e88bfd 100644 else if (skb->protocol == htons(ETH_P_IP) && isk->cmsg_flags) ip_cmsg_recv(msg, skb); #endif -@@ -1111,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, +@@ -1113,7 +1113,7 @@ static void ping_v4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -103983,9 +104222,19 @@ index 4836af8..0e52bbd 100644 kfree_skb(skb); diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 2a0bbda..442240d 100644 +index 2a0bbda..fcd5396 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c +@@ -130,8 +130,8 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + { + struct flowi6 *fl6 = &fl->u.ip6; + int onlyproto = 0; +- u16 offset = skb_network_header_len(skb); + const struct ipv6hdr *hdr = ipv6_hdr(skb); ++ u16 offset = sizeof(*hdr); + struct ipv6_opt_hdr *exthdr; + const unsigned char *nh = skb_network_header(skb); + u8 nexthdr = nh[IP6CB(skb)->nhoff]; @@ -170,8 +170,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) case IPPROTO_DCCP: if (!onlyproto && (nh + offset + 4 < skb->data || @@ -107664,10 +107913,10 @@ index 293828b..9fbe696 100755 # Find all available archs find_all_archs() diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..00daaca 100644 +index beb86b5..1a953b1 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,969 @@ +@@ -4,6 +4,974 @@ menu "Security options" @@ -107831,6 +108080,11 @@ index beb86b5..00daaca 100644 + help + Choose this option if this kernel is running as a VirtualBox guest or host. + ++config GRKERNSEC_CONFIG_VIRT_HYPERV ++ bool "Hyper-V" ++ help ++ Choose this option if this kernel is running as a Hyper-V guest. ++ +endchoice + +choice @@ -108637,7 +108891,7 @@ index beb86b5..00daaca 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1066,7 @@ config INTEL_TXT +@@ -103,7 +1071,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX diff --git a/3.17.4/4425_grsec_remove_EI_PAX.patch b/3.17.6/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.17.4/4425_grsec_remove_EI_PAX.patch +++ b/3.17.6/4425_grsec_remove_EI_PAX.patch diff --git a/3.17.4/4427_force_XATTR_PAX_tmpfs.patch b/3.17.6/4427_force_XATTR_PAX_tmpfs.patch index 21c0171..21c0171 100644 --- a/3.17.4/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.17.6/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.17.4/4430_grsec-remove-localversion-grsec.patch b/3.17.6/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.17.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.17.6/4430_grsec-remove-localversion-grsec.patch diff --git a/3.17.4/4435_grsec-mute-warnings.patch b/3.17.6/4435_grsec-mute-warnings.patch index 4a959cc..4a959cc 100644 --- a/3.17.4/4435_grsec-mute-warnings.patch +++ b/3.17.6/4435_grsec-mute-warnings.patch diff --git a/3.17.4/4440_grsec-remove-protected-paths.patch b/3.17.6/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.17.4/4440_grsec-remove-protected-paths.patch +++ b/3.17.6/4440_grsec-remove-protected-paths.patch diff --git a/3.17.4/4450_grsec-kconfig-default-gids.patch b/3.17.6/4450_grsec-kconfig-default-gids.patch index 8a63d7f..8a63d7f 100644 --- a/3.17.4/4450_grsec-kconfig-default-gids.patch +++ b/3.17.6/4450_grsec-kconfig-default-gids.patch diff --git a/3.17.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.17.6/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.17.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.17.6/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.17.4/4470_disable-compat_vdso.patch b/3.17.6/4470_disable-compat_vdso.patch index dec59f7..dec59f7 100644 --- a/3.17.4/4470_disable-compat_vdso.patch +++ b/3.17.6/4470_disable-compat_vdso.patch diff --git a/3.17.4/4475_emutramp_default_on.patch b/3.17.6/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.17.4/4475_emutramp_default_on.patch +++ b/3.17.6/4475_emutramp_default_on.patch diff --git a/3.2.64/0000_README b/3.2.64/0000_README index d632471..a5c330a 100644 --- a/3.2.64/0000_README +++ b/3.2.64/0000_README @@ -174,7 +174,7 @@ Patch: 1063_linux-3.2.64.patch From: http://www.kernel.org Desc: Linux 3.2.64 -Patch: 4420_grsecurity-3.0-3.2.64-201411260105.patch +Patch: 4420_grsecurity-3.0-3.2.64-201412040015.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch b/3.2.64/4420_grsecurity-3.0-3.2.64-201412040015.patch index 206ef20..0db3165 100644 --- a/3.2.64/4420_grsecurity-3.0-3.2.64-201411260105.patch +++ b/3.2.64/4420_grsecurity-3.0-3.2.64-201412040015.patch @@ -109900,10 +109900,10 @@ index 38f6617..e70b72b 100755 exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..1671979 100644 +index 51bd5a0..60c36a1 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,967 @@ +@@ -4,6 +4,972 @@ menu "Security options" @@ -110066,6 +110066,11 @@ index 51bd5a0..1671979 100644 + help + Choose this option if this kernel is running as a VirtualBox guest or host. + ++config GRKERNSEC_CONFIG_VIRT_HYPERV ++ bool "Hyper-V" ++ help ++ Choose this option if this kernel is running as a Hyper-V guest. ++ +endchoice + +choice @@ -110871,7 +110876,7 @@ index 51bd5a0..1671979 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +1130,7 @@ config INTEL_TXT +@@ -169,7 +1135,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX |