diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-09-19 07:04:56 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-09-19 07:04:56 -0400 |
| commit | e5d448c48808783a06b5fd30df4a7ebcda3a1285 (patch) | |
| tree | 88fcf22ea02459cee6356f6268828db4563322ea | |
| parent | Grsec/PaX: 3.0-{3.2.63,3.14.18,3.16.2}-201409150854 (diff) | |
| download | hardened-patchset-e5d448c48808783a06b5fd30df4a7ebcda3a1285.tar.gz hardened-patchset-e5d448c48808783a06b5fd30df4a7ebcda3a1285.tar.bz2 hardened-patchset-e5d448c48808783a06b5fd30df4a7ebcda3a1285.zip | |
Grsec/PaX: 3.0-{3.2.63,3.14.19,3.16.3}-20140918090120140918
| -rw-r--r-- | 3.14.19/0000_README (renamed from 3.14.18/0000_README) | 2 | ||||
| -rw-r--r-- | 3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch (renamed from 3.14.18/4420_grsecurity-3.0-3.14.18-201409141906.patch) | 764 | ||||
| -rw-r--r-- | 3.14.19/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.18/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.18/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.18/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4435_grsec-mute-warnings.patch (renamed from 3.14.18/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4440_grsec-remove-protected-paths.patch (renamed from 3.14.18/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.18/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.18/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.19/4470_disable-compat_vdso.patch (renamed from 3.14.18/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.14.19/4475_emutramp_default_on.patch (renamed from 3.14.18/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/0000_README (renamed from 3.16.2/0000_README) | 2 | ||||
| -rw-r--r-- | 3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch (renamed from 3.16.2/4420_grsecurity-3.0-3.16.2-201409141907.patch) | 826 | ||||
| -rw-r--r-- | 3.16.3/4425_grsec_remove_EI_PAX.patch (renamed from 3.16.2/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.16.2/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4430_grsec-remove-localversion-grsec.patch (renamed from 3.16.2/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4435_grsec-mute-warnings.patch (renamed from 3.16.2/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4440_grsec-remove-protected-paths.patch (renamed from 3.16.2/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4450_grsec-kconfig-default-gids.patch (renamed from 3.16.2/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.16.2/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.16.3/4470_disable-compat_vdso.patch (renamed from 3.16.2/4470_disable-compat_vdso.patch) | 2 | ||||
| -rw-r--r-- | 3.16.3/4475_emutramp_default_on.patch (renamed from 3.16.2/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.63/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch (renamed from 3.2.63/4420_grsecurity-3.0-3.2.63-201409150854.patch) | 101 | ||||
| -rw-r--r-- | 3.2.63/4470_disable-compat_vdso.patch | 2 |
25 files changed, 508 insertions, 1195 deletions
diff --git a/3.14.18/0000_README b/3.14.19/0000_README index 09338f7..d825e9a 100644 --- a/3.14.18/0000_README +++ b/3.14.19/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.18-201409141906.patch +Patch: 4420_grsecurity-3.0-3.14.19-201409180900.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.18/4420_grsecurity-3.0-3.14.18-201409141906.patch b/3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch index 54a332a..3cb0c39 100644 --- a/3.14.18/4420_grsecurity-3.0-3.14.18-201409141906.patch +++ b/3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 05279d4..c24e149 100644 +index b1746b4..35b5438 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -6847,7 +6847,7 @@ index 1188e00..41cf144 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 7faf5f2..f3d3cf4 100644 +index 71df942..199dd19 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; @@ -6863,7 +6863,7 @@ index 7faf5f2..f3d3cf4 100644 + #include <asm/processor.h> - /* + /* These MUST be defined before elf.h gets included */ diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c index 2b91fe8..fe4f6b4 100644 --- a/arch/mips/kernel/i8259.c @@ -6955,10 +6955,10 @@ index 6ae540e..b7396dc 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index 7da9b76..21578be 100644 +index 60f48fe..a2df508 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -658,6 +658,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -790,6 +790,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -6969,7 +6969,7 @@ index 7da9b76..21578be 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -674,6 +678,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) +@@ -806,6 +810,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) tracehook_report_syscall_entry(regs)) ret = -1; @@ -24768,7 +24768,7 @@ index f36bd42..0ab4474 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index a468c0a..c7dec74 100644 +index a468c0a..8b5a879 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -24820,7 +24820,11 @@ index a468c0a..c7dec74 100644 /* * Set up the identity mapping for the switchover. These -@@ -177,8 +198,8 @@ ENTRY(secondary_startup_64) +@@ -174,11 +195,12 @@ ENTRY(secondary_startup_64) + * after the boot processor executes this code. + */ + ++ orq $-1, %rbp movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -24831,7 +24835,7 @@ index a468c0a..c7dec74 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -199,10 +220,19 @@ ENTRY(secondary_startup_64) +@@ -199,10 +221,19 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -24839,10 +24843,10 @@ index a468c0a..c7dec74 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax ++ cmpq $-1, %rbp ++ je 1f btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) -+#ifndef CONFIG_EFI + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip) -+#endif + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip) @@ -24852,7 +24856,7 @@ index a468c0a..c7dec74 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -282,6 +312,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +313,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -24860,7 +24864,7 @@ index a468c0a..c7dec74 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) +@@ -313,7 +345,7 @@ ENDPROC(start_cpu0) .quad INIT_PER_CPU_VAR(irq_stack_union) GLOBAL(stack_start) @@ -24869,7 +24873,7 @@ index a468c0a..c7dec74 100644 .word 0 __FINITDATA -@@ -391,7 +422,7 @@ ENTRY(early_idt_handler) +@@ -391,7 +423,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -24878,7 +24882,7 @@ index a468c0a..c7dec74 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler) +@@ -420,6 +452,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -24886,7 +24890,7 @@ index a468c0a..c7dec74 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt) +@@ -447,29 +480,52 @@ NEXT_PAGE(early_level4_pgt) NEXT_PAGE(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 @@ -24948,7 +24952,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -477,6 +533,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -24958,7 +24962,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -494,28 +553,64 @@ NEXT_PAGE(level2_kernel_pgt) NEXT_PAGE(level2_fixmap_pgt) .fill 506,8,0 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -34859,7 +34863,7 @@ index 9ee3491..872192f 100644 local_irq_restore(efi_rt_eflags); diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index 666b74a..673d88f 100644 +index 666b74a..7c90b04 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -97,6 +97,11 @@ void __init efi_call_phys_prelog(void) @@ -34886,6 +34890,31 @@ index 666b74a..673d88f 100644 __flush_tlb_all(); local_irq_restore(efi_flags); early_code_mapping_set_exec(0); +@@ -141,8 +151,23 @@ int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + { + pgd_t *pgd; + +- if (efi_enabled(EFI_OLD_MEMMAP)) ++ if (efi_enabled(EFI_OLD_MEMMAP)) { ++ /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be ++ * able to execute the EFI services. ++ */ ++ if (__supported_pte_mask & _PAGE_NX) { ++ unsigned long addr = (unsigned long) __va(0); ++ pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX); ++ ++ pr_alert("PAX: Disabling NX protection for low memory map. Try booting without \"efi=old_map\"\n"); ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ set_pgd(pgd_offset_cpu(0, kernel, addr), pe); ++#endif ++ set_pgd(pgd_offset_k(addr), pe); ++ } ++ + return 0; ++ } + + efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd; + pgd = __va(efi_scratch.efi_pgt); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -36451,7 +36480,7 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index 3dca36d..abaf070 100644 +index 17f9ec5..d9a455e 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -952,7 +952,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) @@ -40791,10 +40820,10 @@ index 4c3feaa..26391ce 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index 23ca7a5..b6c955d 100644 +index 74ed08a..e81b8c5 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -97,7 +97,6 @@ struct nouveau_drm { +@@ -99,7 +99,6 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -44504,7 +44533,7 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 56e24c0..e1c8e1f 100644 +index d7690f8..3db9ef1 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -44526,10 +44555,10 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..cb8aeca 100644 +index a46124e..caf0bd55 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -44538,7 +44567,7 @@ index cb882aa..cb8aeca 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -44547,7 +44576,7 @@ index cb882aa..cb8aeca 100644 ktime_get_ts(&cur_time_mon); -@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -44559,7 +44588,7 @@ index cb882aa..cb8aeca 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -44570,7 +44599,7 @@ index cb882aa..cb8aeca 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -44579,7 +44608,7 @@ index cb882aa..cb8aeca 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -44588,25 +44617,8 @@ index cb882aa..cb8aeca 100644 } rdev_dec_pending(rdev, mddev); -@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, - */ - if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { - end_reshape(conf); -+ close_sync(conf); - return 0; - } - -@@ -4411,7 +4412,7 @@ read_more: - read_bio->bi_private = r10_bio; - read_bio->bi_end_io = end_sync_read; - read_bio->bi_rw = READ; -- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); -+ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); - read_bio->bi_flags |= 1 << BIO_UPTODATE; - read_bio->bi_vcnt = 0; - read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 16f5c21..c5d72c7 100644 +index 18cda77..c5d72c7 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -44667,15 +44679,6 @@ index 16f5c21..c5d72c7 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -@@ -3779,6 +3787,8 @@ static void handle_stripe(struct stripe_head *sh) - set_bit(R5_Wantwrite, &dev->flags); - if (prexor) - continue; -+ if (s.failed > 1) -+ continue; - if (!test_bit(R5_Insync, &dev->flags) || - ((i == sh->pd_idx || i == sh->qd_idx) && - s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -49737,7 +49740,7 @@ index ff75ef8..2dfe00a 100644 /* * fcs_port_sm FCS logical port state machine diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 2e28392..9d865b6 100644 +index a38aafa0..fe8f03b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -50741,7 +50744,7 @@ index fd8ffe6..fd0bebf 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index d47ffc8..30f46a9 100644 +index e3e794e..f72f20c 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -36,7 +36,7 @@ @@ -50762,7 +50765,7 @@ index d47ffc8..30f46a9 100644 return 0; } -@@ -734,7 +734,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -735,7 +735,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, rport_fast_io_fail_timedout); INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout); @@ -50772,10 +50775,10 @@ index d47ffc8..30f46a9 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 36d1a23..3f33303 100644 +index e8abb73..faa6fbe 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2962,7 +2962,7 @@ static int sd_probe(struct device *dev) +@@ -2967,7 +2967,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -58686,10 +58689,10 @@ index 7c6b73c..a8f0db2 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 30f6e92..e915ba5 100644 +index f15d435..0f61ef5 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -806,35 +806,35 @@ struct cifs_tcon { +@@ -801,35 +801,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -58749,7 +58752,7 @@ index 30f6e92..e915ba5 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1170,7 +1170,7 @@ convert_delimiter(char *path, char delim) +@@ -1165,7 +1165,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -58758,7 +58761,7 @@ index 30f6e92..e915ba5 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1536,8 +1536,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1531,8 +1531,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -58770,7 +58773,7 @@ index 30f6e92..e915ba5 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 87c4dd0..a90f115 100644 +index 8175b18..9525542 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -58923,7 +58926,7 @@ index d1fdfa8..94558f8 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 35ddc3e..563e809 100644 +index f8977b2..bb38079 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -59044,10 +59047,10 @@ index 35ddc3e..563e809 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 049a3f2..0f41305 100644 +index 9aab8fe..2bd5f3b 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2099,8 +2099,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2100,8 +2100,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -59414,20 +59417,10 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 7f3b400..f91b141 100644 +index 58d57da..f91b141 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -106,8 +106,7 @@ static inline struct hlist_bl_head *d_hash(const struct dentry *parent, - unsigned int hash) - { - hash += (unsigned long) parent / L1_CACHE_BYTES; -- hash = hash + (hash >> d_hash_shift); -- return dentry_hashtable + (hash & d_hash_mask); -+ return dentry_hashtable + hash_32(hash, d_hash_shift); - } - - /* Statistics gathering. */ -@@ -251,7 +250,7 @@ static void __d_free(struct rcu_head *head) +@@ -250,7 +250,7 @@ static void __d_free(struct rcu_head *head) */ static void d_free(struct dentry *dentry) { @@ -59436,7 +59429,7 @@ index 7f3b400..f91b141 100644 this_cpu_dec(nr_dentry); if (dentry->d_op && dentry->d_op->d_release) dentry->d_op->d_release(dentry); -@@ -597,7 +596,7 @@ repeat: +@@ -596,7 +596,7 @@ repeat: dentry->d_flags |= DCACHE_REFERENCED; dentry_lru_add(dentry); @@ -59445,7 +59438,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&dentry->d_lock); return; -@@ -652,7 +651,7 @@ int d_invalidate(struct dentry * dentry) +@@ -651,7 +651,7 @@ int d_invalidate(struct dentry * dentry) * We also need to leave mountpoints alone, * directory or not. */ @@ -59454,7 +59447,7 @@ index 7f3b400..f91b141 100644 if (S_ISDIR(dentry->d_inode->i_mode) || d_mountpoint(dentry)) { spin_unlock(&dentry->d_lock); return -EBUSY; -@@ -668,7 +667,7 @@ EXPORT_SYMBOL(d_invalidate); +@@ -667,7 +667,7 @@ EXPORT_SYMBOL(d_invalidate); /* This must be called with d_lock held */ static inline void __dget_dlock(struct dentry *dentry) { @@ -59463,7 +59456,7 @@ index 7f3b400..f91b141 100644 } static inline void __dget(struct dentry *dentry) -@@ -709,8 +708,8 @@ repeat: +@@ -708,8 +708,8 @@ repeat: goto repeat; } rcu_read_unlock(); @@ -59474,7 +59467,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&ret->d_lock); return ret; } -@@ -793,7 +792,7 @@ restart: +@@ -792,7 +792,7 @@ restart: spin_lock(&inode->i_lock); hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { spin_lock(&dentry->d_lock); @@ -59483,7 +59476,7 @@ index 7f3b400..f91b141 100644 /* * inform the fs via d_prune that this dentry * is about to be unhashed and destroyed. -@@ -885,7 +884,7 @@ static void shrink_dentry_list(struct list_head *list) +@@ -884,7 +884,7 @@ static void shrink_dentry_list(struct list_head *list) * We found an inuse dentry which was not removed from * the LRU because of laziness during lookup. Do not free it. */ @@ -59492,7 +59485,7 @@ index 7f3b400..f91b141 100644 spin_unlock(&dentry->d_lock); continue; } -@@ -931,7 +930,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) +@@ -930,7 +930,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) * counts, just remove them from the LRU. Otherwise give them * another pass through the LRU. */ @@ -59501,7 +59494,7 @@ index 7f3b400..f91b141 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1269,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1268,7 +1268,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) * loop in shrink_dcache_parent() might not make any progress * and loop forever. */ @@ -59510,7 +59503,7 @@ index 7f3b400..f91b141 100644 dentry_lru_del(dentry); } else if (!(dentry->d_flags & DCACHE_SHRINK_LIST)) { /* -@@ -1323,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) +@@ -1322,11 +1322,11 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) struct select_data *data = _data; enum d_walk_ret ret = D_WALK_CONTINUE; @@ -59524,7 +59517,7 @@ index 7f3b400..f91b141 100644 goto out; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%s}" -@@ -1337,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) +@@ -1336,7 +1336,7 @@ static enum d_walk_ret umount_collect(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry->d_name.name, @@ -59533,7 +59526,7 @@ index 7f3b400..f91b141 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); BUG(); -@@ -1495,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1494,7 +1494,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -59542,7 +59535,7 @@ index 7f3b400..f91b141 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -1513,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1512,7 +1512,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -59551,7 +59544,7 @@ index 7f3b400..f91b141 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2276,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2275,7 +2275,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -59560,7 +59553,7 @@ index 7f3b400..f91b141 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2375,7 +2374,7 @@ again: +@@ -2374,7 +2374,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -59569,7 +59562,7 @@ index 7f3b400..f91b141 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -3314,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3313,7 +3313,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -59578,7 +59571,7 @@ index 7f3b400..f91b141 100644 } } return D_WALK_CONTINUE; -@@ -3430,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3429,7 +3429,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -62733,18 +62726,10 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index bdea109..6e919ab 100644 +index d5a4fae..d221b37 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -34,6 +34,7 @@ - #include <linux/device_cgroup.h> - #include <linux/fs_struct.h> - #include <linux/posix_acl.h> -+#include <linux/hash.h> - #include <asm/uaccess.h> - - #include "internal.h" -@@ -330,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) +@@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -62782,7 +62767,7 @@ index bdea109..6e919ab 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -349,14 +367,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -350,14 +367,6 @@ int generic_permission(struct inode *inode, int mask) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; @@ -62797,7 +62782,7 @@ index bdea109..6e919ab 100644 return -EACCES; } -@@ -822,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -823,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -62806,7 +62791,7 @@ index bdea109..6e919ab 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -843,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -844,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -62819,7 +62804,7 @@ index bdea109..6e919ab 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1591,6 +1607,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1592,6 +1607,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -62828,16 +62813,6 @@ index bdea109..6e919ab 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1624,8 +1642,7 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) - - static inline unsigned int fold_hash(unsigned long hash) - { -- hash += hash >> (8*sizeof(int)); -- return hash; -+ return hash_64(hash, 32); - } - - #else /* 32-bit case */ @@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { @@ -62868,7 +62843,7 @@ index bdea109..6e919ab 100644 + } + if (!err && nd->flags & LOOKUP_DIRECTORY) { - if (!d_is_directory(nd->path.dentry)) { + if (!d_can_lookup(nd->path.dentry)) { path_put(&nd->path); @@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, @@ -63038,9 +63013,9 @@ index bdea109..6e919ab 100644 audit_inode(name, nd->path.dentry, 0); + error = -EISDIR; - if ((open_flag & O_CREAT) && - (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3180,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, + if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) + goto out; +@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -63049,7 +63024,7 @@ index bdea109..6e919ab 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3198,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -63058,7 +63033,7 @@ index bdea109..6e919ab 100644 put_link(nd, &link, cookie); } out: -@@ -3298,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -63072,7 +63047,7 @@ index bdea109..6e919ab 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3352,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -63093,7 +63068,7 @@ index bdea109..6e919ab 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3414,6 +3524,17 @@ retry: +@@ -3413,6 +3523,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63111,7 +63086,7 @@ index bdea109..6e919ab 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3430,6 +3551,8 @@ retry: +@@ -3429,6 +3550,8 @@ retry: break; } out: @@ -63120,7 +63095,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3482,9 +3605,16 @@ retry: +@@ -3481,9 +3604,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -63137,7 +63112,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3565,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -63146,7 +63121,7 @@ index bdea109..6e919ab 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3597,10 +3729,21 @@ retry: +@@ -3596,10 +3728,21 @@ retry: error = -ENOENT; goto exit3; } @@ -63168,7 +63143,7 @@ index bdea109..6e919ab 100644 exit3: dput(dentry); exit2: -@@ -3690,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -63177,7 +63152,7 @@ index bdea109..6e919ab 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3716,10 +3861,22 @@ retry_deleg: +@@ -3715,10 +3860,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -63200,7 +63175,7 @@ index bdea109..6e919ab 100644 exit2: dput(dentry); } -@@ -3807,9 +3964,17 @@ retry: +@@ -3806,9 +3963,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -63218,7 +63193,7 @@ index bdea109..6e919ab 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3912,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -63226,7 +63201,7 @@ index bdea109..6e919ab 100644 int how = 0; int error; -@@ -3935,7 +4101,7 @@ retry: +@@ -3934,7 +4100,7 @@ retry: if (error) return error; @@ -63235,7 +63210,7 @@ index bdea109..6e919ab 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3947,11 +4113,28 @@ retry: +@@ -3946,11 +4112,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -63264,7 +63239,7 @@ index bdea109..6e919ab 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4238,6 +4421,12 @@ retry_deleg: +@@ -4237,6 +4420,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -63277,7 +63252,7 @@ index bdea109..6e919ab 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4245,6 +4434,9 @@ retry_deleg: +@@ -4244,6 +4433,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -63287,7 +63262,7 @@ index bdea109..6e919ab 100644 exit5: dput(new_dentry); exit4: -@@ -4281,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -63296,7 +63271,7 @@ index bdea109..6e919ab 100644 int len; len = PTR_ERR(link); -@@ -4290,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -63313,10 +63288,10 @@ index bdea109..6e919ab 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 65233a5..82ac953 100644 +index 75536db..5cda729 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1339,6 +1339,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1369,6 +1369,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -63326,7 +63301,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1361,6 +1364,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1391,6 +1394,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -63336,7 +63311,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -1380,7 +1386,7 @@ static inline bool may_mount(void) +@@ -1410,7 +1416,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -63345,7 +63320,7 @@ index 65233a5..82ac953 100644 { struct path path; struct mount *mnt; -@@ -1422,7 +1428,7 @@ out: +@@ -1452,7 +1458,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -63354,7 +63329,7 @@ index 65233a5..82ac953 100644 { return sys_umount(name, 0); } -@@ -2431,6 +2437,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2501,6 +2507,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -63371,7 +63346,7 @@ index 65233a5..82ac953 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2445,6 +2461,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2515,6 +2531,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -63381,7 +63356,7 @@ index 65233a5..82ac953 100644 return retval; } -@@ -2462,7 +2481,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2532,7 +2551,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -63390,7 +63365,7 @@ index 65233a5..82ac953 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2477,7 +2496,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2547,7 +2566,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -63399,7 +63374,7 @@ index 65233a5..82ac953 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2487,7 +2506,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2557,7 +2576,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -63408,7 +63383,7 @@ index 65233a5..82ac953 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2608,8 +2627,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2678,8 +2697,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -63419,7 +63394,7 @@ index 65233a5..82ac953 100644 { int ret; char *kernel_type; -@@ -2722,6 +2741,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2792,6 +2811,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -63431,7 +63406,7 @@ index 65233a5..82ac953 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2990,7 +3014,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3060,7 +3084,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -64368,7 +64343,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 656e401..b5b86b9 100644 +index baf3464..6873520 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -64379,7 +64354,7 @@ index 656e401..b5b86b9 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -356,6 +357,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -347,6 +348,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -64401,7 +64376,7 @@ index 656e401..b5b86b9 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -374,9 +390,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -365,9 +381,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -64426,7 +64401,7 @@ index 656e401..b5b86b9 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -398,6 +429,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -389,6 +420,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -64440,7 +64415,7 @@ index 656e401..b5b86b9 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -468,6 +506,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -459,6 +497,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task_gtime(task); } @@ -64460,7 +64435,7 @@ index 656e401..b5b86b9 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -504,9 +555,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -495,9 +546,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -64476,7 +64451,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -528,7 +585,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -519,7 +576,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -64489,7 +64464,7 @@ index 656e401..b5b86b9 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -566,8 +627,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -557,8 +618,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -64506,7 +64481,7 @@ index 656e401..b5b86b9 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -590,6 +658,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -79029,10 +79004,10 @@ index 17e7e82..1d7da26 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index 84b13ad..d7b6550 100644 +index aa93e5e..18bb953 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -212,8 +212,13 @@ extern bool capable(int cap); +@@ -215,8 +215,13 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); @@ -79500,7 +79475,7 @@ index 653589e..4ef254a 100644 return c | 0x20; } diff --git a/include/linux/dcache.h b/include/linux/dcache.h -index bf72e9a..4ca7927 100644 +index 3b50cac..71a4cec 100644 --- a/include/linux/dcache.h +++ b/include/linux/dcache.h @@ -133,7 +133,7 @@ struct dentry { @@ -82499,10 +82474,10 @@ index c3eb102..073c4a6 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/mount.h b/include/linux/mount.h -index 839bac2..a96b37c 100644 +index b0c1e65..fd6baf1 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h -@@ -59,7 +59,7 @@ struct vfsmount { +@@ -66,7 +66,7 @@ struct vfsmount { struct dentry *mnt_root; /* root of the mounted tree */ struct super_block *mnt_sb; /* pointer to superblock */ int mnt_flags; @@ -85566,10 +85541,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index b4f1eff..7fdbd46 100644 +index 409fafb..efc53b0 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -180,9 +180,9 @@ struct scsi_device { +@@ -181,9 +181,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -86866,7 +86841,7 @@ index 8d6e145..33e0b1e 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 0c9dc86..a891393 100644 +index 2c0ecd1..80d068a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -86928,7 +86903,7 @@ index 619b58d..e58d957 100644 task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/kernel/capability.c b/kernel/capability.c -index 1191a44..7c81292 100644 +index 00adb21..d5954a8 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -86941,7 +86916,7 @@ index 1191a44..7c81292 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t, +@@ -307,10 +310,11 @@ bool has_ns_capability(struct task_struct *t, int ret; rcu_read_lock(); @@ -86955,7 +86930,7 @@ index 1191a44..7c81292 100644 } /** -@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, +@@ -347,10 +351,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, int ret; rcu_read_lock(); @@ -86968,7 +86943,7 @@ index 1191a44..7c81292 100644 } /** -@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -388,7 +392,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } @@ -86977,7 +86952,7 @@ index 1191a44..7c81292 100644 current->flags |= PF_SUPERPRIV; return true; } -@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -396,6 +400,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); @@ -86999,7 +86974,7 @@ index 1191a44..7c81292 100644 /** * file_ns_capable - Determine if the file's opener had a capability in effect * @file: The file we want to check -@@ -432,6 +451,12 @@ bool capable(int cap) +@@ -436,6 +455,12 @@ bool capable(int cap) } EXPORT_SYMBOL(capable); @@ -87012,7 +86987,7 @@ index 1191a44..7c81292 100644 /** * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped * @inode: The inode in question -@@ -449,3 +474,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) +@@ -453,3 +478,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) kgid_has_mapping(ns, inode->i_gid); } EXPORT_SYMBOL(capable_wrt_inode_uidgid); @@ -92491,7 +92466,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 0954450..1e3e687 100644 +index a53f1bb..0e70660 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -92731,7 +92706,7 @@ index 0954450..1e3e687 100644 } return overruns; -@@ -3518,8 +3532,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3513,8 +3527,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -92742,7 +92717,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3553,7 +3567,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3548,7 +3562,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -92751,7 +92726,7 @@ index 0954450..1e3e687 100644 /* * Here's the tricky part. -@@ -4123,8 +4137,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4120,8 +4134,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -92762,7 +92737,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4134,14 +4148,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4131,14 +4145,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -92781,7 +92756,7 @@ index 0954450..1e3e687 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4546,8 +4560,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4543,8 +4557,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -93104,34 +93079,6 @@ index 48140e3..de854e5 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) -diff --git a/lib/assoc_array.c b/lib/assoc_array.c -index c0b1007..2404d03 100644 ---- a/lib/assoc_array.c -+++ b/lib/assoc_array.c -@@ -1723,11 +1723,13 @@ ascend_old_tree: - shortcut = assoc_array_ptr_to_shortcut(ptr); - slot = shortcut->parent_slot; - cursor = shortcut->back_pointer; -+ if (!cursor) -+ goto gc_complete; - } else { - slot = node->parent_slot; - cursor = ptr; - } -- BUG_ON(!ptr); -+ BUG_ON(!cursor); - node = assoc_array_ptr_to_node(cursor); - slot++; - goto continue_node; -@@ -1735,7 +1737,7 @@ ascend_old_tree: - gc_complete: - edit->set[0].to = new_root; - assoc_array_apply_edit(edit); -- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; -+ array->nr_leaves_on_tree = nr_leaves_on_tree; - return 0; - - enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -99354,7 +99301,7 @@ index 6afa3b4..7a14180 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 27ae841..e5a8343 100644 +index 06a7a76..86dd829 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -625,7 +625,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -99405,7 +99352,7 @@ index 27ae841..e5a8343 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 3c2d3e4..884855a 100644 +index a0050de..59c6178 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -672,7 +672,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -99592,342 +99539,8 @@ index b543470..d2ddae2 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " -diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c -index 96238ba..de6662b 100644 ---- a/net/ceph/auth_x.c -+++ b/net/ceph/auth_x.c -@@ -13,8 +13,6 @@ - #include "auth_x.h" - #include "auth_x_protocol.h" - --#define TEMP_TICKET_BUF_LEN 256 -- - static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed); - - static int ceph_x_is_authenticated(struct ceph_auth_client *ac) -@@ -64,7 +62,7 @@ static int ceph_x_encrypt(struct ceph_crypto_key *secret, - } - - static int ceph_x_decrypt(struct ceph_crypto_key *secret, -- void **p, void *end, void *obuf, size_t olen) -+ void **p, void *end, void **obuf, size_t olen) - { - struct ceph_x_encrypt_header head; - size_t head_len = sizeof(head); -@@ -75,8 +73,14 @@ static int ceph_x_decrypt(struct ceph_crypto_key *secret, - return -EINVAL; - - dout("ceph_x_decrypt len %d\n", len); -- ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, -- *p, len); -+ if (*obuf == NULL) { -+ *obuf = kmalloc(len, GFP_NOFS); -+ if (!*obuf) -+ return -ENOMEM; -+ olen = len; -+ } -+ -+ ret = ceph_decrypt2(secret, &head, &head_len, *obuf, &olen, *p, len); - if (ret) - return ret; - if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) -@@ -129,145 +133,154 @@ static void remove_ticket_handler(struct ceph_auth_client *ac, - kfree(th); - } - -+static int process_one_ticket(struct ceph_auth_client *ac, -+ struct ceph_crypto_key *secret, -+ void **p, void *end) -+{ -+ struct ceph_x_info *xi = ac->private; -+ int type; -+ u8 tkt_struct_v, blob_struct_v; -+ struct ceph_x_ticket_handler *th; -+ void *dbuf = NULL; -+ void *dp, *dend; -+ int dlen; -+ char is_enc; -+ struct timespec validity; -+ struct ceph_crypto_key old_key; -+ void *ticket_buf = NULL; -+ void *tp, *tpend; -+ struct ceph_timespec new_validity; -+ struct ceph_crypto_key new_session_key; -+ struct ceph_buffer *new_ticket_blob; -+ unsigned long new_expires, new_renew_after; -+ u64 new_secret_id; -+ int ret; -+ -+ ceph_decode_need(p, end, sizeof(u32) + 1, bad); -+ -+ type = ceph_decode_32(p); -+ dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -+ -+ tkt_struct_v = ceph_decode_8(p); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ th = get_ticket_handler(ac, type); -+ if (IS_ERR(th)) { -+ ret = PTR_ERR(th); -+ goto out; -+ } -+ -+ /* blob for me */ -+ dlen = ceph_x_decrypt(secret, p, end, &dbuf, 0); -+ if (dlen <= 0) { -+ ret = dlen; -+ goto out; -+ } -+ dout(" decrypted %d bytes\n", dlen); -+ dp = dbuf; -+ dend = dp + dlen; -+ -+ tkt_struct_v = ceph_decode_8(&dp); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ memcpy(&old_key, &th->session_key, sizeof(old_key)); -+ ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ if (ret) -+ goto out; -+ -+ ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -+ ceph_decode_timespec(&validity, &new_validity); -+ new_expires = get_seconds() + validity.tv_sec; -+ new_renew_after = new_expires - (validity.tv_sec / 4); -+ dout(" expires=%lu renew_after=%lu\n", new_expires, -+ new_renew_after); -+ -+ /* ticket blob for service */ -+ ceph_decode_8_safe(p, end, is_enc, bad); -+ if (is_enc) { -+ /* encrypted */ -+ dout(" encrypted ticket\n"); -+ dlen = ceph_x_decrypt(&old_key, p, end, &ticket_buf, 0); -+ if (dlen < 0) { -+ ret = dlen; -+ goto out; -+ } -+ tp = ticket_buf; -+ dlen = ceph_decode_32(&tp); -+ } else { -+ /* unencrypted */ -+ ceph_decode_32_safe(p, end, dlen, bad); -+ ticket_buf = kmalloc(dlen, GFP_NOFS); -+ if (!ticket_buf) { -+ ret = -ENOMEM; -+ goto out; -+ } -+ tp = ticket_buf; -+ ceph_decode_need(p, end, dlen, bad); -+ ceph_decode_copy(p, ticket_buf, dlen); -+ } -+ tpend = tp + dlen; -+ dout(" ticket blob is %d bytes\n", dlen); -+ ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -+ blob_struct_v = ceph_decode_8(&tp); -+ new_secret_id = ceph_decode_64(&tp); -+ ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -+ if (ret) -+ goto out; -+ -+ /* all is well, update our ticket */ -+ ceph_crypto_key_destroy(&th->session_key); -+ if (th->ticket_blob) -+ ceph_buffer_put(th->ticket_blob); -+ th->session_key = new_session_key; -+ th->ticket_blob = new_ticket_blob; -+ th->validity = new_validity; -+ th->secret_id = new_secret_id; -+ th->expires = new_expires; -+ th->renew_after = new_renew_after; -+ dout(" got ticket service %d (%s) secret_id %lld len %d\n", -+ type, ceph_entity_type_name(type), th->secret_id, -+ (int)th->ticket_blob->vec.iov_len); -+ xi->have_keys |= th->service; -+ -+out: -+ kfree(ticket_buf); -+ kfree(dbuf); -+ return ret; -+ -+bad: -+ ret = -EINVAL; -+ goto out; -+} -+ - static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, - struct ceph_crypto_key *secret, - void *buf, void *end) - { -- struct ceph_x_info *xi = ac->private; -- int num; - void *p = buf; -- int ret; -- char *dbuf; -- char *ticket_buf; - u8 reply_struct_v; -+ u32 num; -+ int ret; - -- dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!dbuf) -- return -ENOMEM; -- -- ret = -ENOMEM; -- ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!ticket_buf) -- goto out_dbuf; -- -- ceph_decode_need(&p, end, 1 + sizeof(u32), bad); -- reply_struct_v = ceph_decode_8(&p); -+ ceph_decode_8_safe(&p, end, reply_struct_v, bad); - if (reply_struct_v != 1) -- goto bad; -- num = ceph_decode_32(&p); -+ return -EINVAL; -+ -+ ceph_decode_32_safe(&p, end, num, bad); - dout("%d tickets\n", num); -+ - while (num--) { -- int type; -- u8 tkt_struct_v, blob_struct_v; -- struct ceph_x_ticket_handler *th; -- void *dp, *dend; -- int dlen; -- char is_enc; -- struct timespec validity; -- struct ceph_crypto_key old_key; -- void *tp, *tpend; -- struct ceph_timespec new_validity; -- struct ceph_crypto_key new_session_key; -- struct ceph_buffer *new_ticket_blob; -- unsigned long new_expires, new_renew_after; -- u64 new_secret_id; -- -- ceph_decode_need(&p, end, sizeof(u32) + 1, bad); -- -- type = ceph_decode_32(&p); -- dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -- -- tkt_struct_v = ceph_decode_8(&p); -- if (tkt_struct_v != 1) -- goto bad; -- -- th = get_ticket_handler(ac, type); -- if (IS_ERR(th)) { -- ret = PTR_ERR(th); -- goto out; -- } -- -- /* blob for me */ -- dlen = ceph_x_decrypt(secret, &p, end, dbuf, -- TEMP_TICKET_BUF_LEN); -- if (dlen <= 0) { -- ret = dlen; -- goto out; -- } -- dout(" decrypted %d bytes\n", dlen); -- dend = dbuf + dlen; -- dp = dbuf; -- -- tkt_struct_v = ceph_decode_8(&dp); -- if (tkt_struct_v != 1) -- goto bad; -- -- memcpy(&old_key, &th->session_key, sizeof(old_key)); -- ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ ret = process_one_ticket(ac, secret, &p, end); - if (ret) -- goto out; -- -- ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -- ceph_decode_timespec(&validity, &new_validity); -- new_expires = get_seconds() + validity.tv_sec; -- new_renew_after = new_expires - (validity.tv_sec / 4); -- dout(" expires=%lu renew_after=%lu\n", new_expires, -- new_renew_after); -- -- /* ticket blob for service */ -- ceph_decode_8_safe(&p, end, is_enc, bad); -- tp = ticket_buf; -- if (is_enc) { -- /* encrypted */ -- dout(" encrypted ticket\n"); -- dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf, -- TEMP_TICKET_BUF_LEN); -- if (dlen < 0) { -- ret = dlen; -- goto out; -- } -- dlen = ceph_decode_32(&tp); -- } else { -- /* unencrypted */ -- ceph_decode_32_safe(&p, end, dlen, bad); -- ceph_decode_need(&p, end, dlen, bad); -- ceph_decode_copy(&p, ticket_buf, dlen); -- } -- tpend = tp + dlen; -- dout(" ticket blob is %d bytes\n", dlen); -- ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -- blob_struct_v = ceph_decode_8(&tp); -- new_secret_id = ceph_decode_64(&tp); -- ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -- if (ret) -- goto out; -- -- /* all is well, update our ticket */ -- ceph_crypto_key_destroy(&th->session_key); -- if (th->ticket_blob) -- ceph_buffer_put(th->ticket_blob); -- th->session_key = new_session_key; -- th->ticket_blob = new_ticket_blob; -- th->validity = new_validity; -- th->secret_id = new_secret_id; -- th->expires = new_expires; -- th->renew_after = new_renew_after; -- dout(" got ticket service %d (%s) secret_id %lld len %d\n", -- type, ceph_entity_type_name(type), th->secret_id, -- (int)th->ticket_blob->vec.iov_len); -- xi->have_keys |= th->service; -+ return ret; - } - -- ret = 0; --out: -- kfree(ticket_buf); --out_dbuf: -- kfree(dbuf); -- return ret; -+ return 0; - - bad: -- ret = -EINVAL; -- goto out; -+ return -EINVAL; - } - - static int ceph_x_build_authorizer(struct ceph_auth_client *ac, -@@ -583,13 +596,14 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, - struct ceph_x_ticket_handler *th; - int ret = 0; - struct ceph_x_authorize_reply reply; -+ void *preply = &reply; - void *p = au->reply_buf; - void *end = p + sizeof(au->reply_buf); - - th = get_ticket_handler(ac, au->service); - if (IS_ERR(th)) - return PTR_ERR(th); -- ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); -+ ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply)); - if (ret < 0) - return ret; - if (ret != sizeof(reply)) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 988721a..947846d 100644 +index 0a31298..241da43 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -99948,26 +99561,6 @@ index 988721a..947846d 100644 s = addr_str[i]; switch (ss->ss_family) { -diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c -index 2ac9ef3..dbcbf5a 100644 ---- a/net/ceph/mon_client.c -+++ b/net/ceph/mon_client.c -@@ -1041,7 +1041,15 @@ static struct ceph_msg *mon_alloc_msg(struct ceph_connection *con, - if (!m) { - pr_info("alloc_msg unknown type %d\n", type); - *skip = 1; -+ } else if (front_len > m->front_alloc_len) { -+ pr_warning("mon_alloc_msg front %d > prealloc %d (%u#%llu)\n", -+ front_len, m->front_alloc_len, -+ (unsigned int)con->peer_name.type, -+ le64_to_cpu(con->peer_name.num)); -+ ceph_msg_put(m); -+ m = ceph_msg_new(type, front_len, GFP_NOFS, false); - } -+ - return m; - } - diff --git a/net/compat.c b/net/compat.c index cbc1a2a..ab7644e 100644 --- a/net/compat.c @@ -106197,10 +105790,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..40b1edb 100644 +index beb86b5..9becb4a 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,957 @@ +@@ -4,6 +4,965 @@ menu "Security options" @@ -106789,6 +106382,14 @@ index beb86b5..40b1edb 100644 + that is, enabling this option will make it harder to inject + and execute 'foreign' code in kernel memory itself. + ++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on ++ the kernel command-line will result in an RWX physical map. ++ ++ Likewise, the EFI runtime services are necessarily mapped as ++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it ++ is recommended that you boot with "noefi" on the kernel ++ command-line if possible to eliminate the mapping. ++ +choice + prompt "Return Address Instrumentation Method" + default PAX_KERNEXEC_PLUGIN_METHOD_BTS @@ -107158,7 +106759,7 @@ index beb86b5..40b1edb 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1054,7 @@ config INTEL_TXT +@@ -103,7 +1062,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -107225,10 +106826,10 @@ index 4257b7e..2d0732d 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index b9d613e..f68305c 100644 +index 963dc59..12ebd0c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -427,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -107261,7 +106862,7 @@ index b9d613e..f68305c 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -595,6 +621,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -111998,7 +111599,7 @@ index 0000000..1ae2ed5 + +targets += size_overflow_hash.h size_overflow_hash_aux.h diff --git a/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh -new file mode 100644 +new file mode 100755 index 0000000..12b1e3b --- /dev/null +++ b/tools/gcc/size_overflow_plugin/generate_size_overflow_hash.sh @@ -116307,10 +115908,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..4077712 +index 0000000..38b3d62 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5988 @@ +@@ -0,0 +1,5989 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -121066,6 +120667,7 @@ index 0000000..4077712 +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +ulist_add_merge_52096 ulist_add_merge 0 52096 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL ++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL +split_scan_timeout_write_52128 split_scan_timeout_write 3 52128 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL +xfs_btree_change_owner_52137 xfs_btree_change_owner 0 52137 NULL diff --git a/3.14.18/4425_grsec_remove_EI_PAX.patch b/3.14.19/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.18/4425_grsec_remove_EI_PAX.patch +++ b/3.14.19/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.18/4427_force_XATTR_PAX_tmpfs.patch b/3.14.19/4427_force_XATTR_PAX_tmpfs.patch index 11a7d2c..11a7d2c 100644 --- a/3.14.18/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.19/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.18/4430_grsec-remove-localversion-grsec.patch b/3.14.19/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.18/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.19/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.18/4435_grsec-mute-warnings.patch b/3.14.19/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.18/4435_grsec-mute-warnings.patch +++ b/3.14.19/4435_grsec-mute-warnings.patch diff --git a/3.14.18/4440_grsec-remove-protected-paths.patch b/3.14.19/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.18/4440_grsec-remove-protected-paths.patch +++ b/3.14.19/4440_grsec-remove-protected-paths.patch diff --git a/3.14.18/4450_grsec-kconfig-default-gids.patch b/3.14.19/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.14.18/4450_grsec-kconfig-default-gids.patch +++ b/3.14.19/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.19/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.19/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.18/4470_disable-compat_vdso.patch b/3.14.19/4470_disable-compat_vdso.patch index 35a4840..d5eed75 100644 --- a/3.14.18/4470_disable-compat_vdso.patch +++ b/3.14.19/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1859,17 +1859,8 @@ +@@ -1861,17 +1861,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.14.18/4475_emutramp_default_on.patch b/3.14.19/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.18/4475_emutramp_default_on.patch +++ b/3.14.19/4475_emutramp_default_on.patch diff --git a/3.16.2/0000_README b/3.16.3/0000_README index f31f3fb..05a4f78 100644 --- a/3.16.2/0000_README +++ b/3.16.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.16.2-201409141907.patch +Patch: 4420_grsecurity-3.0-3.16.3-201409180901.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.16.2/4420_grsecurity-3.0-3.16.2-201409141907.patch b/3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch index b3502f0..a8197ee 100644 --- a/3.16.2/4420_grsecurity-3.0-3.16.2-201409141907.patch +++ b/3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch @@ -785,7 +785,7 @@ index ee78eba..a06b48d 100644 Daniel Borkmann <dborkman@redhat.com> -Alexei Starovoitov <ast@plumgrid.com> diff --git a/Makefile b/Makefile -index c261752..e1d82656 100644 +index 9b25a83..e77c38a 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -7370,7 +7370,7 @@ index 1188e00..41cf144 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index 7faf5f2..f3d3cf4 100644 +index 71df942..199dd19 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -70,6 +70,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; @@ -7386,7 +7386,7 @@ index 7faf5f2..f3d3cf4 100644 + #include <asm/processor.h> - /* + /* These MUST be defined before elf.h gets included */ diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c index 50b3648..c2f3cec 100644 --- a/arch/mips/kernel/i8259.c @@ -7491,10 +7491,10 @@ index 0a1ec0f..d9e93b6 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index f639ccd..e4b110d 100644 +index aae7119..8b16434 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c -@@ -630,6 +630,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -762,6 +762,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -7505,7 +7505,7 @@ index f639ccd..e4b110d 100644 /* * Notification of system call entry/exit * - triggered by current->work.syscall_trace -@@ -646,6 +650,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) +@@ -778,6 +782,11 @@ asmlinkage long syscall_trace_enter(struct pt_regs *regs, long syscall) tracehook_report_syscall_entry(regs)) ret = -1; @@ -25029,7 +25029,7 @@ index f36bd42..0ab4474 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index a468c0a..c7dec74 100644 +index a468c0a..8b5a879 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -25081,7 +25081,11 @@ index a468c0a..c7dec74 100644 /* * Set up the identity mapping for the switchover. These -@@ -177,8 +198,8 @@ ENTRY(secondary_startup_64) +@@ -174,11 +195,12 @@ ENTRY(secondary_startup_64) + * after the boot processor executes this code. + */ + ++ orq $-1, %rbp movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -25092,7 +25096,7 @@ index a468c0a..c7dec74 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -199,10 +220,19 @@ ENTRY(secondary_startup_64) +@@ -199,10 +221,19 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -25100,10 +25104,10 @@ index a468c0a..c7dec74 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax ++ cmpq $-1, %rbp ++ je 1f btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) -+#ifndef CONFIG_EFI + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip) -+#endif + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip) @@ -25113,7 +25117,7 @@ index a468c0a..c7dec74 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -282,6 +312,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +313,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -25121,7 +25125,7 @@ index a468c0a..c7dec74 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) +@@ -313,7 +345,7 @@ ENDPROC(start_cpu0) .quad INIT_PER_CPU_VAR(irq_stack_union) GLOBAL(stack_start) @@ -25130,7 +25134,7 @@ index a468c0a..c7dec74 100644 .word 0 __FINITDATA -@@ -391,7 +422,7 @@ ENTRY(early_idt_handler) +@@ -391,7 +423,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -25139,7 +25143,7 @@ index a468c0a..c7dec74 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler) +@@ -420,6 +452,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -25147,7 +25151,7 @@ index a468c0a..c7dec74 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt) +@@ -447,29 +480,52 @@ NEXT_PAGE(early_level4_pgt) NEXT_PAGE(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 @@ -25209,7 +25213,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -477,6 +533,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -25219,7 +25223,7 @@ index a468c0a..c7dec74 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -494,28 +553,64 @@ NEXT_PAGE(level2_kernel_pgt) NEXT_PAGE(level2_fixmap_pgt) .fill 506,8,0 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -36672,7 +36676,7 @@ index 9ee3491..872192f 100644 local_irq_restore(efi_rt_eflags); diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index 290d397..3906bcd 100644 +index 290d397..e09d270 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -99,6 +99,11 @@ void __init efi_call_phys_prelog(void) @@ -36699,6 +36703,31 @@ index 290d397..3906bcd 100644 __flush_tlb_all(); local_irq_restore(efi_flags); early_code_mapping_set_exec(0); +@@ -146,8 +156,23 @@ int efi_setup_page_tables(unsigned long pa_memmap, unsigned num_pages) + unsigned npages; + pgd_t *pgd; + +- if (efi_enabled(EFI_OLD_MEMMAP)) ++ if (efi_enabled(EFI_OLD_MEMMAP)) { ++ /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be ++ * able to execute the EFI services. ++ */ ++ if (__supported_pte_mask & _PAGE_NX) { ++ unsigned long addr = (unsigned long) __va(0); ++ pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX); ++ ++ pr_alert("PAX: Disabling NX protection for low memory map. Try booting without \"efi=old_map\"\n"); ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ set_pgd(pgd_offset_cpu(0, kernel, addr), pe); ++#endif ++ set_pgd(pgd_offset_k(addr), pe); ++ } ++ + return 0; ++ } + + efi_scratch.efi_pgt = (pgd_t *)(unsigned long)real_mode_header->trampoline_pgd; + pgd = __va(efi_scratch.efi_pgt); diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -38012,7 +38041,7 @@ index dc51f46..d5446a8 100644 (u8 *) pte, count) < count) { kfree(pte); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 14695c6..27a4636 100644 +index 84ab119..a217f27 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -67,7 +67,7 @@ static int scsi_get_bus(struct request_queue *q, int __user *p) @@ -38055,7 +38084,7 @@ index 14695c6..27a4636 100644 if (!sic) return -EINVAL; -@@ -446,9 +460,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, +@@ -451,9 +465,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, */ err = -EFAULT; rq->cmd_len = cmdlen; @@ -38222,7 +38251,7 @@ index c68e724..e863008 100644 /* parse the table header to get the table length */ if (count <= sizeof(struct acpi_table_header)) diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index 3dca36d..abaf070 100644 +index 17f9ec5..d9a455e 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -952,7 +952,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) @@ -42429,10 +42458,10 @@ index 8268a4c..5105708 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index 7efbafa..19f8087 100644 +index b628add..57cd489 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -97,7 +97,6 @@ struct nouveau_drm { +@@ -99,7 +99,6 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -45976,7 +46005,7 @@ index d1600d2..4c3af3a 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 5f59f1e..01bd02e 100644 +index 9227910..f51ca38 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -274,7 +274,7 @@ static struct dm_dev_internal *find_device(struct list_head *l, dev_t dev) @@ -46250,7 +46279,7 @@ index 3e6d115..ffecdeb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 56e24c0..e1c8e1f 100644 +index d7690f8..3db9ef1 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1931,7 +1931,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) @@ -46272,10 +46301,10 @@ index 56e24c0..e1c8e1f 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index cb882aa..cb8aeca 100644 +index a46124e..caf0bd55 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1949,7 +1949,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1948,7 +1948,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -46284,7 +46313,7 @@ index cb882aa..cb8aeca 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2307,7 +2307,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2306,7 +2306,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -46293,7 +46322,7 @@ index cb882aa..cb8aeca 100644 ktime_get_ts(&cur_time_mon); -@@ -2329,9 +2329,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2328,9 +2328,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -46305,7 +46334,7 @@ index cb882aa..cb8aeca 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2385,8 +2385,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2384,8 +2384,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -46316,7 +46345,7 @@ index cb882aa..cb8aeca 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2394,7 +2394,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2393,7 +2393,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -46325,7 +46354,7 @@ index cb882aa..cb8aeca 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2549,7 +2549,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2548,7 +2548,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -46334,25 +46363,8 @@ index cb882aa..cb8aeca 100644 } rdev_dec_pending(rdev, mddev); -@@ -2954,6 +2954,7 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, - */ - if (test_bit(MD_RECOVERY_RESHAPE, &mddev->recovery)) { - end_reshape(conf); -+ close_sync(conf); - return 0; - } - -@@ -4411,7 +4412,7 @@ read_more: - read_bio->bi_private = r10_bio; - read_bio->bi_end_io = end_sync_read; - read_bio->bi_rw = READ; -- read_bio->bi_flags &= ~(BIO_POOL_MASK - 1); -+ read_bio->bi_flags &= (~0UL << BIO_RESET_BITS); - read_bio->bi_flags |= 1 << BIO_UPTODATE; - read_bio->bi_vcnt = 0; - read_bio->bi_iter.bi_size = 0; diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 6234b2e..4990801 100644 +index 183588b..0eedcfa 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1731,6 +1731,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -46413,15 +46425,6 @@ index 6234b2e..4990801 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -@@ -3817,6 +3825,8 @@ static void handle_stripe(struct stripe_head *sh) - set_bit(R5_Wantwrite, &dev->flags); - if (prexor) - continue; -+ if (s.failed > 1) -+ continue; - if (!test_bit(R5_Insync, &dev->flags) || - ((i == sh->pd_idx || i == sh->qd_idx) && - s.failed == 0)) diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 983db75..ef9248c 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -52340,7 +52343,7 @@ index ff75ef8..2dfe00a 100644 /* * fcs_port_sm FCS logical port state machine diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 2e28392..9d865b6 100644 +index a38aafa0..fe8f03b 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -53256,10 +53259,10 @@ index 3202063..f9f0ff6 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 88d46fe..7351be5 100644 +index 769be4d..371fc61 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c -@@ -640,7 +640,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) +@@ -648,7 +648,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) struct Scsi_Host *host = cmd->device->host; int rtn = 0; @@ -53391,7 +53394,7 @@ index 0102a2d..cc3f8e9 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index 13e8983..d306a68 100644 +index a0c5bfd..b94db1e 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -36,7 +36,7 @@ @@ -53412,7 +53415,7 @@ index 13e8983..d306a68 100644 return 0; } -@@ -734,7 +734,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -735,7 +735,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, rport_fast_io_fail_timedout); INIT_DELAYED_WORK(&rport->dev_loss_work, rport_dev_loss_timedout); @@ -53422,10 +53425,10 @@ index 13e8983..d306a68 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 6825eda..be470c4 100644 +index ed2e99e..28cf52b 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2954,7 +2954,7 @@ static int sd_probe(struct device *dev) +@@ -2959,7 +2959,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -61356,10 +61359,10 @@ index 8883980..c8ade72 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index de6aed8..a0a76fd 100644 +index c97fd86..e4a8274 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -807,35 +807,35 @@ struct cifs_tcon { +@@ -804,35 +804,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -61419,7 +61422,7 @@ index de6aed8..a0a76fd 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1172,7 +1172,7 @@ convert_delimiter(char *path, char delim) +@@ -1169,7 +1169,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -61428,7 +61431,7 @@ index de6aed8..a0a76fd 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1538,8 +1538,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1535,8 +1535,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -61440,7 +61443,7 @@ index de6aed8..a0a76fd 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index e90a1e9..908699d 100644 +index 9de08c9..b396124 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -61484,7 +61487,7 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index d1fdfa8..94558f8 100644 +index 84ca0a4..add8cba 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c @@ -626,27 +626,27 @@ static void @@ -61593,7 +61596,7 @@ index d1fdfa8..94558f8 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 787844b..8e7bc7d 100644 +index f325c59..6bba517 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -61714,10 +61717,10 @@ index 787844b..8e7bc7d 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index b0b260d..c8927e1 100644 +index 8707755..8f38739 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2105,8 +2105,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2106,8 +2106,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -62084,20 +62087,10 @@ index a93f7e6..d58bcbe 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index 06f6585..c9c5b6c 100644 +index e1308c5..c9c5b6c 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -106,8 +106,7 @@ static inline struct hlist_bl_head *d_hash(const struct dentry *parent, - unsigned int hash) - { - hash += (unsigned long) parent / L1_CACHE_BYTES; -- hash = hash + (hash >> d_hash_shift); -- return dentry_hashtable + (hash & d_hash_mask); -+ return dentry_hashtable + hash_32(hash, d_hash_shift); - } - - /* Statistics gathering. */ -@@ -479,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry) +@@ -478,7 +478,7 @@ static void __dentry_kill(struct dentry *dentry) * dentry_iput drops the locks, at which point nobody (except * transient RCU lookups) can reach this dentry. */ @@ -62106,7 +62099,7 @@ index 06f6585..c9c5b6c 100644 this_cpu_dec(nr_dentry); if (dentry->d_op && dentry->d_op->d_release) dentry->d_op->d_release(dentry); -@@ -532,7 +531,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry) +@@ -531,7 +531,7 @@ static inline struct dentry *lock_parent(struct dentry *dentry) struct dentry *parent = dentry->d_parent; if (IS_ROOT(dentry)) return NULL; @@ -62115,7 +62108,7 @@ index 06f6585..c9c5b6c 100644 return NULL; if (likely(spin_trylock(&parent->d_lock))) return parent; -@@ -609,7 +608,7 @@ repeat: +@@ -608,7 +608,7 @@ repeat: dentry->d_flags |= DCACHE_REFERENCED; dentry_lru_add(dentry); @@ -62124,7 +62117,7 @@ index 06f6585..c9c5b6c 100644 spin_unlock(&dentry->d_lock); return; -@@ -664,7 +663,7 @@ int d_invalidate(struct dentry * dentry) +@@ -663,7 +663,7 @@ int d_invalidate(struct dentry * dentry) * We also need to leave mountpoints alone, * directory or not. */ @@ -62133,7 +62126,7 @@ index 06f6585..c9c5b6c 100644 if (S_ISDIR(dentry->d_inode->i_mode) || d_mountpoint(dentry)) { spin_unlock(&dentry->d_lock); return -EBUSY; -@@ -680,7 +679,7 @@ EXPORT_SYMBOL(d_invalidate); +@@ -679,7 +679,7 @@ EXPORT_SYMBOL(d_invalidate); /* This must be called with d_lock held */ static inline void __dget_dlock(struct dentry *dentry) { @@ -62142,7 +62135,7 @@ index 06f6585..c9c5b6c 100644 } static inline void __dget(struct dentry *dentry) -@@ -721,8 +720,8 @@ repeat: +@@ -720,8 +720,8 @@ repeat: goto repeat; } rcu_read_unlock(); @@ -62153,7 +62146,7 @@ index 06f6585..c9c5b6c 100644 spin_unlock(&ret->d_lock); return ret; } -@@ -805,7 +804,7 @@ restart: +@@ -804,7 +804,7 @@ restart: spin_lock(&inode->i_lock); hlist_for_each_entry(dentry, &inode->i_dentry, d_alias) { spin_lock(&dentry->d_lock); @@ -62162,7 +62155,7 @@ index 06f6585..c9c5b6c 100644 /* * inform the fs via d_prune that this dentry * is about to be unhashed and destroyed. -@@ -848,7 +847,7 @@ static void shrink_dentry_list(struct list_head *list) +@@ -847,7 +847,7 @@ static void shrink_dentry_list(struct list_head *list) * We found an inuse dentry which was not removed from * the LRU because of laziness during lookup. Do not free it. */ @@ -62171,7 +62164,7 @@ index 06f6585..c9c5b6c 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -886,8 +885,8 @@ static void shrink_dentry_list(struct list_head *list) +@@ -885,8 +885,8 @@ static void shrink_dentry_list(struct list_head *list) dentry = parent; while (dentry && !lockref_put_or_lock(&dentry->d_lockref)) { parent = lock_parent(dentry); @@ -62182,7 +62175,7 @@ index 06f6585..c9c5b6c 100644 spin_unlock(&dentry->d_lock); if (parent) spin_unlock(&parent->d_lock); -@@ -927,7 +926,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) +@@ -926,7 +926,7 @@ dentry_lru_isolate(struct list_head *item, spinlock_t *lru_lock, void *arg) * counts, just remove them from the LRU. Otherwise give them * another pass through the LRU. */ @@ -62191,7 +62184,7 @@ index 06f6585..c9c5b6c 100644 d_lru_isolate(dentry); spin_unlock(&dentry->d_lock); return LRU_REMOVED; -@@ -1262,7 +1261,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) +@@ -1261,7 +1261,7 @@ static enum d_walk_ret select_collect(void *_data, struct dentry *dentry) } else { if (dentry->d_flags & DCACHE_LRU_LIST) d_lru_del(dentry); @@ -62200,7 +62193,7 @@ index 06f6585..c9c5b6c 100644 d_shrink_add(dentry, &data->dispose); data->found++; } -@@ -1310,7 +1309,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1309,7 +1309,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) return D_WALK_CONTINUE; /* root with refcount 1 is fine */ @@ -62209,7 +62202,7 @@ index 06f6585..c9c5b6c 100644 return D_WALK_CONTINUE; printk(KERN_ERR "BUG: Dentry %p{i=%lx,n=%pd} " -@@ -1319,7 +1318,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) +@@ -1318,7 +1318,7 @@ static enum d_walk_ret umount_check(void *_data, struct dentry *dentry) dentry->d_inode ? dentry->d_inode->i_ino : 0UL, dentry, @@ -62218,7 +62211,7 @@ index 06f6585..c9c5b6c 100644 dentry->d_sb->s_type->name, dentry->d_sb->s_id); WARN_ON(1); -@@ -1445,7 +1444,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1444,7 +1444,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) */ dentry->d_iname[DNAME_INLINE_LEN-1] = 0; if (name->len > DNAME_INLINE_LEN-1) { @@ -62227,7 +62220,7 @@ index 06f6585..c9c5b6c 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; -@@ -1463,7 +1462,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) +@@ -1462,7 +1462,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) smp_wmb(); dentry->d_name.name = dname; @@ -62236,7 +62229,7 @@ index 06f6585..c9c5b6c 100644 dentry->d_flags = 0; spin_lock_init(&dentry->d_lock); seqcount_init(&dentry->d_seq); -@@ -2226,7 +2225,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) +@@ -2225,7 +2225,7 @@ struct dentry *__d_lookup(const struct dentry *parent, const struct qstr *name) goto next; } @@ -62245,7 +62238,7 @@ index 06f6585..c9c5b6c 100644 found = dentry; spin_unlock(&dentry->d_lock); break; -@@ -2325,7 +2324,7 @@ again: +@@ -2324,7 +2324,7 @@ again: spin_lock(&dentry->d_lock); inode = dentry->d_inode; isdir = S_ISDIR(inode->i_mode); @@ -62254,7 +62247,7 @@ index 06f6585..c9c5b6c 100644 if (!spin_trylock(&inode->i_lock)) { spin_unlock(&dentry->d_lock); cpu_relax(); -@@ -2402,7 +2401,7 @@ void dentry_update_name_case(struct dentry *dentry, struct qstr *name) +@@ -2401,7 +2401,7 @@ void dentry_update_name_case(struct dentry *dentry, struct qstr *name) } EXPORT_SYMBOL(dentry_update_name_case); @@ -62263,7 +62256,7 @@ index 06f6585..c9c5b6c 100644 { if (dname_external(target)) { if (dname_external(dentry)) { -@@ -2430,7 +2429,7 @@ static void switch_names(struct dentry *dentry, struct dentry *target) +@@ -2429,7 +2429,7 @@ static void switch_names(struct dentry *dentry, struct dentry *target) target->d_name.len + 1); target->d_name.name = dentry->d_name.name; dentry->d_name.name = dentry->d_iname; @@ -62272,7 +62265,7 @@ index 06f6585..c9c5b6c 100644 /* * Both are internal. */ -@@ -2440,6 +2439,14 @@ static void switch_names(struct dentry *dentry, struct dentry *target) +@@ -2439,6 +2439,14 @@ static void switch_names(struct dentry *dentry, struct dentry *target) swap(((long *) &dentry->d_iname)[i], ((long *) &target->d_iname)[i]); } @@ -62287,7 +62280,7 @@ index 06f6585..c9c5b6c 100644 } } swap(dentry->d_name.len, target->d_name.len); -@@ -2540,7 +2547,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target, +@@ -2539,7 +2547,7 @@ static void __d_move(struct dentry *dentry, struct dentry *target, list_del(&target->d_u.d_child); /* Switch the names.. */ @@ -62296,7 +62289,7 @@ index 06f6585..c9c5b6c 100644 swap(dentry->d_name.hash, target->d_name.hash); /* ... and switch the parents */ -@@ -2679,7 +2686,7 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) +@@ -2678,7 +2686,7 @@ static void __d_materialise_dentry(struct dentry *dentry, struct dentry *anon) dparent = dentry->d_parent; @@ -62305,7 +62298,7 @@ index 06f6585..c9c5b6c 100644 swap(dentry->d_name.hash, anon->d_name.hash); dentry->d_parent = dentry; -@@ -3297,7 +3304,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) +@@ -3296,7 +3304,7 @@ static enum d_walk_ret d_genocide_kill(void *data, struct dentry *dentry) if (!(dentry->d_flags & DCACHE_GENOCIDE)) { dentry->d_flags |= DCACHE_GENOCIDE; @@ -62314,7 +62307,7 @@ index 06f6585..c9c5b6c 100644 } } return D_WALK_CONTINUE; -@@ -3413,7 +3420,8 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3412,7 +3420,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -65609,18 +65602,10 @@ index d55297f..f5b28c5 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 9eb787e..2de9500 100644 +index 17ca8b8..2de9500 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -34,6 +34,7 @@ - #include <linux/device_cgroup.h> - #include <linux/fs_struct.h> - #include <linux/posix_acl.h> -+#include <linux/hash.h> - #include <asm/uaccess.h> - - #include "internal.h" -@@ -330,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -65657,7 +65642,7 @@ index 9eb787e..2de9500 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -349,14 +365,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -350,14 +365,6 @@ int generic_permission(struct inode *inode, int mask) if (capable_wrt_inode_uidgid(inode, CAP_DAC_OVERRIDE)) return 0; @@ -65672,7 +65657,7 @@ index 9eb787e..2de9500 100644 return -EACCES; } EXPORT_SYMBOL(generic_permission); -@@ -824,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -825,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -65681,7 +65666,7 @@ index 9eb787e..2de9500 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -845,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -846,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -65694,7 +65679,7 @@ index 9eb787e..2de9500 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1596,6 +1610,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1597,6 +1610,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -65703,16 +65688,6 @@ index 9eb787e..2de9500 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1629,8 +1645,7 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) - - static inline unsigned int fold_hash(unsigned long hash) - { -- hash += hash >> (8*sizeof(int)); -- return hash; -+ return hash_64(hash, 32); - } - - #else /* 32-bit case */ @@ -1669,7 +1684,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { @@ -66189,10 +66164,10 @@ index 9eb787e..2de9500 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 182bc41..72e3cf1 100644 +index 140d177..cef9c30 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1348,6 +1348,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1378,6 +1378,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -66202,7 +66177,7 @@ index 182bc41..72e3cf1 100644 return retval; } -@@ -1370,6 +1373,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1400,6 +1403,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -66212,7 +66187,7 @@ index 182bc41..72e3cf1 100644 return retval; } -@@ -1389,7 +1395,7 @@ static inline bool may_mount(void) +@@ -1419,7 +1425,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -66221,7 +66196,7 @@ index 182bc41..72e3cf1 100644 { struct path path; struct mount *mnt; -@@ -1431,7 +1437,7 @@ out: +@@ -1461,7 +1467,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -66230,7 +66205,7 @@ index 182bc41..72e3cf1 100644 { return sys_umount(name, 0); } -@@ -2440,6 +2446,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2510,6 +2516,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -66247,7 +66222,7 @@ index 182bc41..72e3cf1 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2454,6 +2470,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2524,6 +2540,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -66257,7 +66232,7 @@ index 182bc41..72e3cf1 100644 return retval; } -@@ -2471,7 +2490,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2541,7 +2560,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -66266,7 +66241,7 @@ index 182bc41..72e3cf1 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2486,7 +2505,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2556,7 +2575,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -66275,7 +66250,7 @@ index 182bc41..72e3cf1 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2496,7 +2515,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2566,7 +2585,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -66284,7 +66259,7 @@ index 182bc41..72e3cf1 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2617,8 +2636,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2687,8 +2706,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -66295,7 +66270,7 @@ index 182bc41..72e3cf1 100644 { int ret; char *kernel_type; -@@ -2731,6 +2750,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2801,6 +2820,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -66307,7 +66282,7 @@ index 182bc41..72e3cf1 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -2999,7 +3023,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3069,7 +3093,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -66554,7 +66529,7 @@ index a80a741..7b96e1b 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 3fdc8a3..5888623 100644 +index 2685bc9..f3462c7 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -216,8 +216,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, @@ -66591,7 +66566,7 @@ index 238a593..9d7e2b9 100644 return 0; } diff --git a/fs/notify/notification.c b/fs/notify/notification.c -index 1e58402..bb2d6f4 100644 +index 25a07c7..4f1163c 100644 --- a/fs/notify/notification.c +++ b/fs/notify/notification.c @@ -48,7 +48,7 @@ @@ -67239,7 +67214,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 64db2bc..a8185d6 100644 +index 3e1290b..7ebe5b5 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -67250,7 +67225,7 @@ index 64db2bc..a8185d6 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -356,6 +357,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -347,6 +348,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -67272,7 +67247,7 @@ index 64db2bc..a8185d6 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -374,9 +390,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -365,9 +381,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -67297,7 +67272,7 @@ index 64db2bc..a8185d6 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -398,6 +429,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -389,6 +420,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -67311,7 +67286,7 @@ index 64db2bc..a8185d6 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -468,6 +506,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -459,6 +497,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task_gtime(task); } @@ -67331,7 +67306,7 @@ index 64db2bc..a8185d6 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -504,9 +555,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -495,9 +546,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -67347,7 +67322,7 @@ index 64db2bc..a8185d6 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -528,7 +585,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -519,7 +576,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -67360,7 +67335,7 @@ index 64db2bc..a8185d6 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -566,8 +627,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -557,8 +618,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -67377,7 +67352,7 @@ index 64db2bc..a8185d6 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -590,6 +658,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -69011,10 +68986,10 @@ index 33fd922..e0d6094 100644 if (error >= 0) error = buf.error; diff --git a/fs/reiserfs/do_balan.c b/fs/reiserfs/do_balan.c -index 54fdf19..987862b 100644 +index 4d5e529..ccdbc84 100644 --- a/fs/reiserfs/do_balan.c +++ b/fs/reiserfs/do_balan.c -@@ -1872,7 +1872,7 @@ void do_balance(struct tree_balance *tb, struct item_head *ih, +@@ -1887,7 +1887,7 @@ void do_balance(struct tree_balance *tb, struct item_head *ih, return; } @@ -69071,7 +69046,7 @@ index 02b0b7d..c85018b 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h -index bf53888..227f5ae 100644 +index 735c2c2..81b91af 100644 --- a/fs/reiserfs/reiserfs.h +++ b/fs/reiserfs/reiserfs.h @@ -573,7 +573,7 @@ struct reiserfs_sb_info { @@ -81913,10 +81888,10 @@ index 17e7e82..1d7da26 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index 84b13ad..172cdee 100644 +index aa93e5e..985a1b0 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -211,9 +211,14 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, +@@ -214,9 +214,14 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool capable_wrt_inode_uidgid(const struct inode *inode, int cap); @@ -85928,10 +85903,10 @@ index b1990c5..2a6e611 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/mount.h b/include/linux/mount.h -index 839bac2..a96b37c 100644 +index b0c1e65..fd6baf1 100644 --- a/include/linux/mount.h +++ b/include/linux/mount.h -@@ -59,7 +59,7 @@ struct vfsmount { +@@ -66,7 +66,7 @@ struct vfsmount { struct dentry *mnt_root; /* root of the mounted tree */ struct super_block *mnt_sb; /* pointer to superblock */ int mnt_flags; @@ -89202,10 +89177,10 @@ index 52beadf..598734c 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 27ab310..60dc245 100644 +index 758bc9f..9b14934 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -187,9 +187,9 @@ struct scsi_device { +@@ -188,9 +188,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -90426,7 +90401,7 @@ index 808a86f..da69695 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 3ef2e0e..8873765 100644 +index ba2ff5a..c6c0deb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -122,7 +122,7 @@ u32 audit_sig_sid = 0; @@ -90488,7 +90463,7 @@ index 21eae3c..66db239 100644 task->sessionid = sessionid; task->loginuid = loginuid; diff --git a/kernel/capability.c b/kernel/capability.c -index a5cf13c..07a2647 100644 +index 989f5bf..d317ca0 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -192,6 +192,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -90501,7 +90476,7 @@ index a5cf13c..07a2647 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -293,10 +296,11 @@ bool has_ns_capability(struct task_struct *t, +@@ -297,10 +300,11 @@ bool has_ns_capability(struct task_struct *t, int ret; rcu_read_lock(); @@ -90515,7 +90490,7 @@ index a5cf13c..07a2647 100644 } /** -@@ -333,10 +337,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, +@@ -337,10 +341,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, int ret; rcu_read_lock(); @@ -90528,7 +90503,7 @@ index a5cf13c..07a2647 100644 } /** -@@ -374,7 +378,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -378,7 +382,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } @@ -90537,7 +90512,7 @@ index a5cf13c..07a2647 100644 current->flags |= PF_SUPERPRIV; return true; } -@@ -382,6 +386,21 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -386,6 +390,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); @@ -90559,7 +90534,7 @@ index a5cf13c..07a2647 100644 /** * file_ns_capable - Determine if the file's opener had a capability in effect * @file: The file we want to check -@@ -423,6 +442,12 @@ bool capable(int cap) +@@ -427,6 +446,12 @@ bool capable(int cap) } EXPORT_SYMBOL(capable); @@ -90572,7 +90547,7 @@ index a5cf13c..07a2647 100644 /** * capable_wrt_inode_uidgid - Check nsown_capable and uid and gid mapped * @inode: The inode in question -@@ -440,3 +465,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) +@@ -444,3 +469,12 @@ bool capable_wrt_inode_uidgid(const struct inode *inode, int cap) kgid_has_mapping(ns, inode->i_gid); } EXPORT_SYMBOL(capable_wrt_inode_uidgid); @@ -96556,7 +96531,7 @@ index ac9d1da..ce98b35 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index ff70271..4242e69 100644 +index b95381e..af2fddd 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -96796,7 +96771,7 @@ index ff70271..4242e69 100644 } return overruns; -@@ -3521,8 +3535,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3516,8 +3530,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -96807,7 +96782,7 @@ index ff70271..4242e69 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3556,7 +3570,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3551,7 +3565,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -96816,7 +96791,7 @@ index ff70271..4242e69 100644 /* * Here's the tricky part. -@@ -4126,8 +4140,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4123,8 +4137,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -96827,7 +96802,7 @@ index ff70271..4242e69 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4137,14 +4151,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4134,14 +4148,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -96846,7 +96821,7 @@ index ff70271..4242e69 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4549,8 +4563,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4546,8 +4560,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -97177,34 +97152,6 @@ index ba967a1..2cc869a 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) -diff --git a/lib/assoc_array.c b/lib/assoc_array.c -index c0b1007..2404d03 100644 ---- a/lib/assoc_array.c -+++ b/lib/assoc_array.c -@@ -1723,11 +1723,13 @@ ascend_old_tree: - shortcut = assoc_array_ptr_to_shortcut(ptr); - slot = shortcut->parent_slot; - cursor = shortcut->back_pointer; -+ if (!cursor) -+ goto gc_complete; - } else { - slot = node->parent_slot; - cursor = ptr; - } -- BUG_ON(!ptr); -+ BUG_ON(!cursor); - node = assoc_array_ptr_to_node(cursor); - slot++; - goto continue_node; -@@ -1735,7 +1737,7 @@ ascend_old_tree: - gc_complete: - edit->set[0].to = new_root; - assoc_array_apply_edit(edit); -- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; -+ array->nr_leaves_on_tree = nr_leaves_on_tree; - return 0; - - enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -100001,7 +99948,7 @@ index 1706cbb..f89dbca 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 900edfa..ff056b1 100644 +index 8163e04..191cb97 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2074,7 +2074,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) @@ -100117,10 +100064,10 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 7a0a73d..d583cca 100644 +index 7ae5444..aea22b2 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2250,6 +2250,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2253,6 +2253,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -100128,7 +100075,7 @@ index 7a0a73d..d583cca 100644 if (!hugepages_supported()) return -ENOTSUPP; -@@ -2259,9 +2260,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2262,9 +2263,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, if (write && hstate_is_gigantic(h) && !gigantic_page_supported()) return -EINVAL; @@ -100142,7 +100089,7 @@ index 7a0a73d..d583cca 100644 if (ret) goto out; -@@ -2306,6 +2308,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2309,6 +2311,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -100150,7 +100097,7 @@ index 7a0a73d..d583cca 100644 if (!hugepages_supported()) return -ENOTSUPP; -@@ -2315,9 +2318,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2318,9 +2321,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, if (write && hstate_is_gigantic(h)) return -EINVAL; @@ -100164,7 +100111,7 @@ index 7a0a73d..d583cca 100644 if (ret) goto out; -@@ -2798,6 +2802,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2801,6 +2805,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -100192,7 +100139,7 @@ index 7a0a73d..d583cca 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2915,6 +2940,11 @@ retry_avoidcopy: +@@ -2918,6 +2943,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -100204,7 +100151,7 @@ index 7a0a73d..d583cca 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -3074,6 +3104,10 @@ retry: +@@ -3077,6 +3107,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -100215,7 +100162,7 @@ index 7a0a73d..d583cca 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -3140,6 +3174,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3143,6 +3177,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, struct hstate *h = hstate_vma(vma); struct address_space *mapping; @@ -100226,7 +100173,7 @@ index 7a0a73d..d583cca 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -3153,6 +3191,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3156,6 +3194,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -105374,7 +105321,7 @@ index 323f23c..5e27529 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index e137869..33f3ebd 100644 +index d0fd8b0..e33d2f9 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c @@ -628,7 +628,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, @@ -105425,7 +105372,7 @@ index e137869..33f3ebd 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index c603a5e..7f08991 100644 +index 8bbbb5e..6fc0950 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -687,7 +687,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -105612,342 +105559,8 @@ index 1a19b98..df2b4ec 100644 if (!can_dir) { printk(KERN_INFO "can: failed to create /proc/net/can . " -diff --git a/net/ceph/auth_x.c b/net/ceph/auth_x.c -index 96238ba..de6662b 100644 ---- a/net/ceph/auth_x.c -+++ b/net/ceph/auth_x.c -@@ -13,8 +13,6 @@ - #include "auth_x.h" - #include "auth_x_protocol.h" - --#define TEMP_TICKET_BUF_LEN 256 -- - static void ceph_x_validate_tickets(struct ceph_auth_client *ac, int *pneed); - - static int ceph_x_is_authenticated(struct ceph_auth_client *ac) -@@ -64,7 +62,7 @@ static int ceph_x_encrypt(struct ceph_crypto_key *secret, - } - - static int ceph_x_decrypt(struct ceph_crypto_key *secret, -- void **p, void *end, void *obuf, size_t olen) -+ void **p, void *end, void **obuf, size_t olen) - { - struct ceph_x_encrypt_header head; - size_t head_len = sizeof(head); -@@ -75,8 +73,14 @@ static int ceph_x_decrypt(struct ceph_crypto_key *secret, - return -EINVAL; - - dout("ceph_x_decrypt len %d\n", len); -- ret = ceph_decrypt2(secret, &head, &head_len, obuf, &olen, -- *p, len); -+ if (*obuf == NULL) { -+ *obuf = kmalloc(len, GFP_NOFS); -+ if (!*obuf) -+ return -ENOMEM; -+ olen = len; -+ } -+ -+ ret = ceph_decrypt2(secret, &head, &head_len, *obuf, &olen, *p, len); - if (ret) - return ret; - if (head.struct_v != 1 || le64_to_cpu(head.magic) != CEPHX_ENC_MAGIC) -@@ -129,145 +133,154 @@ static void remove_ticket_handler(struct ceph_auth_client *ac, - kfree(th); - } - -+static int process_one_ticket(struct ceph_auth_client *ac, -+ struct ceph_crypto_key *secret, -+ void **p, void *end) -+{ -+ struct ceph_x_info *xi = ac->private; -+ int type; -+ u8 tkt_struct_v, blob_struct_v; -+ struct ceph_x_ticket_handler *th; -+ void *dbuf = NULL; -+ void *dp, *dend; -+ int dlen; -+ char is_enc; -+ struct timespec validity; -+ struct ceph_crypto_key old_key; -+ void *ticket_buf = NULL; -+ void *tp, *tpend; -+ struct ceph_timespec new_validity; -+ struct ceph_crypto_key new_session_key; -+ struct ceph_buffer *new_ticket_blob; -+ unsigned long new_expires, new_renew_after; -+ u64 new_secret_id; -+ int ret; -+ -+ ceph_decode_need(p, end, sizeof(u32) + 1, bad); -+ -+ type = ceph_decode_32(p); -+ dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -+ -+ tkt_struct_v = ceph_decode_8(p); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ th = get_ticket_handler(ac, type); -+ if (IS_ERR(th)) { -+ ret = PTR_ERR(th); -+ goto out; -+ } -+ -+ /* blob for me */ -+ dlen = ceph_x_decrypt(secret, p, end, &dbuf, 0); -+ if (dlen <= 0) { -+ ret = dlen; -+ goto out; -+ } -+ dout(" decrypted %d bytes\n", dlen); -+ dp = dbuf; -+ dend = dp + dlen; -+ -+ tkt_struct_v = ceph_decode_8(&dp); -+ if (tkt_struct_v != 1) -+ goto bad; -+ -+ memcpy(&old_key, &th->session_key, sizeof(old_key)); -+ ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ if (ret) -+ goto out; -+ -+ ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -+ ceph_decode_timespec(&validity, &new_validity); -+ new_expires = get_seconds() + validity.tv_sec; -+ new_renew_after = new_expires - (validity.tv_sec / 4); -+ dout(" expires=%lu renew_after=%lu\n", new_expires, -+ new_renew_after); -+ -+ /* ticket blob for service */ -+ ceph_decode_8_safe(p, end, is_enc, bad); -+ if (is_enc) { -+ /* encrypted */ -+ dout(" encrypted ticket\n"); -+ dlen = ceph_x_decrypt(&old_key, p, end, &ticket_buf, 0); -+ if (dlen < 0) { -+ ret = dlen; -+ goto out; -+ } -+ tp = ticket_buf; -+ dlen = ceph_decode_32(&tp); -+ } else { -+ /* unencrypted */ -+ ceph_decode_32_safe(p, end, dlen, bad); -+ ticket_buf = kmalloc(dlen, GFP_NOFS); -+ if (!ticket_buf) { -+ ret = -ENOMEM; -+ goto out; -+ } -+ tp = ticket_buf; -+ ceph_decode_need(p, end, dlen, bad); -+ ceph_decode_copy(p, ticket_buf, dlen); -+ } -+ tpend = tp + dlen; -+ dout(" ticket blob is %d bytes\n", dlen); -+ ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -+ blob_struct_v = ceph_decode_8(&tp); -+ new_secret_id = ceph_decode_64(&tp); -+ ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -+ if (ret) -+ goto out; -+ -+ /* all is well, update our ticket */ -+ ceph_crypto_key_destroy(&th->session_key); -+ if (th->ticket_blob) -+ ceph_buffer_put(th->ticket_blob); -+ th->session_key = new_session_key; -+ th->ticket_blob = new_ticket_blob; -+ th->validity = new_validity; -+ th->secret_id = new_secret_id; -+ th->expires = new_expires; -+ th->renew_after = new_renew_after; -+ dout(" got ticket service %d (%s) secret_id %lld len %d\n", -+ type, ceph_entity_type_name(type), th->secret_id, -+ (int)th->ticket_blob->vec.iov_len); -+ xi->have_keys |= th->service; -+ -+out: -+ kfree(ticket_buf); -+ kfree(dbuf); -+ return ret; -+ -+bad: -+ ret = -EINVAL; -+ goto out; -+} -+ - static int ceph_x_proc_ticket_reply(struct ceph_auth_client *ac, - struct ceph_crypto_key *secret, - void *buf, void *end) - { -- struct ceph_x_info *xi = ac->private; -- int num; - void *p = buf; -- int ret; -- char *dbuf; -- char *ticket_buf; - u8 reply_struct_v; -+ u32 num; -+ int ret; - -- dbuf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!dbuf) -- return -ENOMEM; -- -- ret = -ENOMEM; -- ticket_buf = kmalloc(TEMP_TICKET_BUF_LEN, GFP_NOFS); -- if (!ticket_buf) -- goto out_dbuf; -- -- ceph_decode_need(&p, end, 1 + sizeof(u32), bad); -- reply_struct_v = ceph_decode_8(&p); -+ ceph_decode_8_safe(&p, end, reply_struct_v, bad); - if (reply_struct_v != 1) -- goto bad; -- num = ceph_decode_32(&p); -+ return -EINVAL; -+ -+ ceph_decode_32_safe(&p, end, num, bad); - dout("%d tickets\n", num); -+ - while (num--) { -- int type; -- u8 tkt_struct_v, blob_struct_v; -- struct ceph_x_ticket_handler *th; -- void *dp, *dend; -- int dlen; -- char is_enc; -- struct timespec validity; -- struct ceph_crypto_key old_key; -- void *tp, *tpend; -- struct ceph_timespec new_validity; -- struct ceph_crypto_key new_session_key; -- struct ceph_buffer *new_ticket_blob; -- unsigned long new_expires, new_renew_after; -- u64 new_secret_id; -- -- ceph_decode_need(&p, end, sizeof(u32) + 1, bad); -- -- type = ceph_decode_32(&p); -- dout(" ticket type %d %s\n", type, ceph_entity_type_name(type)); -- -- tkt_struct_v = ceph_decode_8(&p); -- if (tkt_struct_v != 1) -- goto bad; -- -- th = get_ticket_handler(ac, type); -- if (IS_ERR(th)) { -- ret = PTR_ERR(th); -- goto out; -- } -- -- /* blob for me */ -- dlen = ceph_x_decrypt(secret, &p, end, dbuf, -- TEMP_TICKET_BUF_LEN); -- if (dlen <= 0) { -- ret = dlen; -- goto out; -- } -- dout(" decrypted %d bytes\n", dlen); -- dend = dbuf + dlen; -- dp = dbuf; -- -- tkt_struct_v = ceph_decode_8(&dp); -- if (tkt_struct_v != 1) -- goto bad; -- -- memcpy(&old_key, &th->session_key, sizeof(old_key)); -- ret = ceph_crypto_key_decode(&new_session_key, &dp, dend); -+ ret = process_one_ticket(ac, secret, &p, end); - if (ret) -- goto out; -- -- ceph_decode_copy(&dp, &new_validity, sizeof(new_validity)); -- ceph_decode_timespec(&validity, &new_validity); -- new_expires = get_seconds() + validity.tv_sec; -- new_renew_after = new_expires - (validity.tv_sec / 4); -- dout(" expires=%lu renew_after=%lu\n", new_expires, -- new_renew_after); -- -- /* ticket blob for service */ -- ceph_decode_8_safe(&p, end, is_enc, bad); -- tp = ticket_buf; -- if (is_enc) { -- /* encrypted */ -- dout(" encrypted ticket\n"); -- dlen = ceph_x_decrypt(&old_key, &p, end, ticket_buf, -- TEMP_TICKET_BUF_LEN); -- if (dlen < 0) { -- ret = dlen; -- goto out; -- } -- dlen = ceph_decode_32(&tp); -- } else { -- /* unencrypted */ -- ceph_decode_32_safe(&p, end, dlen, bad); -- ceph_decode_need(&p, end, dlen, bad); -- ceph_decode_copy(&p, ticket_buf, dlen); -- } -- tpend = tp + dlen; -- dout(" ticket blob is %d bytes\n", dlen); -- ceph_decode_need(&tp, tpend, 1 + sizeof(u64), bad); -- blob_struct_v = ceph_decode_8(&tp); -- new_secret_id = ceph_decode_64(&tp); -- ret = ceph_decode_buffer(&new_ticket_blob, &tp, tpend); -- if (ret) -- goto out; -- -- /* all is well, update our ticket */ -- ceph_crypto_key_destroy(&th->session_key); -- if (th->ticket_blob) -- ceph_buffer_put(th->ticket_blob); -- th->session_key = new_session_key; -- th->ticket_blob = new_ticket_blob; -- th->validity = new_validity; -- th->secret_id = new_secret_id; -- th->expires = new_expires; -- th->renew_after = new_renew_after; -- dout(" got ticket service %d (%s) secret_id %lld len %d\n", -- type, ceph_entity_type_name(type), th->secret_id, -- (int)th->ticket_blob->vec.iov_len); -- xi->have_keys |= th->service; -+ return ret; - } - -- ret = 0; --out: -- kfree(ticket_buf); --out_dbuf: -- kfree(dbuf); -- return ret; -+ return 0; - - bad: -- ret = -EINVAL; -- goto out; -+ return -EINVAL; - } - - static int ceph_x_build_authorizer(struct ceph_auth_client *ac, -@@ -583,13 +596,14 @@ static int ceph_x_verify_authorizer_reply(struct ceph_auth_client *ac, - struct ceph_x_ticket_handler *th; - int ret = 0; - struct ceph_x_authorize_reply reply; -+ void *preply = &reply; - void *p = au->reply_buf; - void *end = p + sizeof(au->reply_buf); - - th = get_ticket_handler(ac, au->service); - if (IS_ERR(th)) - return PTR_ERR(th); -- ret = ceph_x_decrypt(&th->session_key, &p, end, &reply, sizeof(reply)); -+ ret = ceph_x_decrypt(&th->session_key, &p, end, &preply, sizeof(reply)); - if (ret < 0) - return ret; - if (ret != sizeof(reply)) diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 1948d59..9e854d5 100644 +index 3d9ddc2..ca5d5b6 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -187,7 +187,7 @@ static void con_fault(struct ceph_connection *con); @@ -105968,26 +105581,6 @@ index 1948d59..9e854d5 100644 s = addr_str[i]; switch (ss->ss_family) { -diff --git a/net/ceph/mon_client.c b/net/ceph/mon_client.c -index 067d3af..61fcfc3 100644 ---- a/net/ceph/mon_client.c -+++ b/net/ceph/mon_client.c -@@ -1181,7 +1181,15 @@ static struct ceph_msg *mon_alloc_msg(struct ceph_connection *con, - if (!m) { - pr_info("alloc_msg unknown type %d\n", type); - *skip = 1; -+ } else if (front_len > m->front_alloc_len) { -+ pr_warning("mon_alloc_msg front %d > prealloc %d (%u#%llu)\n", -+ front_len, m->front_alloc_len, -+ (unsigned int)con->peer_name.type, -+ le64_to_cpu(con->peer_name.num)); -+ ceph_msg_put(m); -+ m = ceph_msg_new(type, front_len, GFP_NOFS, false); - } -+ - return m; - } - diff --git a/net/compat.c b/net/compat.c index bc8aeef..f9c070c 100644 --- a/net/compat.c @@ -114637,10 +114230,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index beb86b5..40b1edb 100644 +index beb86b5..9becb4a 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,957 @@ +@@ -4,6 +4,965 @@ menu "Security options" @@ -115229,6 +114822,14 @@ index beb86b5..40b1edb 100644 + that is, enabling this option will make it harder to inject + and execute 'foreign' code in kernel memory itself. + ++ Note that on amd64, CONFIG_EFI enabled with "efi=old_map" on ++ the kernel command-line will result in an RWX physical map. ++ ++ Likewise, the EFI runtime services are necessarily mapped as ++ RWX. If CONFIG_EFI is enabled on an EFI-capable system, it ++ is recommended that you boot with "noefi" on the kernel ++ command-line if possible to eliminate the mapping. ++ +choice + prompt "Return Address Instrumentation Method" + default PAX_KERNEXEC_PLUGIN_METHOD_BTS @@ -115598,7 +115199,7 @@ index beb86b5..40b1edb 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1054,7 @@ config INTEL_TXT +@@ -103,7 +1062,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -115665,10 +115266,10 @@ index 9981000..eb21356 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index b9d613e..f68305c 100644 +index 963dc59..12ebd0c 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -427,6 +427,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -115701,7 +115302,7 @@ index b9d613e..f68305c 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -595,6 +621,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -124725,10 +124326,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..bf200e0 +index 0000000..84ee907 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5671 @@ +@@ -0,0 +1,5716 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -124767,6 +124368,7 @@ index 0000000..bf200e0 +zlib_deflate_workspacesize_537 zlib_deflate_workspacesize 0-1-2 537 NULL +iwl_dbgfs_wowlan_sram_read_540 iwl_dbgfs_wowlan_sram_read 3 540 NULL +sco_sock_setsockopt_552 sco_sock_setsockopt 5 552 NULL ++lpfc_nlp_state_name_556 lpfc_nlp_state_name 2 556 NULL +snd_aw2_saa7146_get_hw_ptr_playback_558 snd_aw2_saa7146_get_hw_ptr_playback 0 558 NULL +start_isoc_chain_565 start_isoc_chain 2 565 NULL nohasharray +dev_hard_header_565 dev_hard_header 0 565 &start_isoc_chain_565 @@ -124795,6 +124397,7 @@ index 0000000..bf200e0 +snd_pcm_action_single_905 snd_pcm_action_single 0 905 NULL +carl9170_cmd_buf_950 carl9170_cmd_buf 3 950 NULL +__nodes_weight_956 __nodes_weight 2-0 956 NULL ++bnx2x_fill_fw_str_968 bnx2x_fill_fw_str 3 968 NULL +usnic_ib_qp_grp_dump_hdr_989 usnic_ib_qp_grp_dump_hdr 2 989 NULL +readreg_1017 readreg 0-1 1017 NULL +smk_write_cipso2_1021 smk_write_cipso2 3 1021 NULL @@ -124847,6 +124450,7 @@ index 0000000..bf200e0 +ath6kl_init_get_fwcaps_1557 ath6kl_init_get_fwcaps 3 1557 NULL +ffs_mutex_lock_1564 ffs_mutex_lock 0 1564 NULL +ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime_1589 ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime 3 1589 NULL ++ipath_ht_handle_hwerrors_1592 ipath_ht_handle_hwerrors 3 1592 NULL +packet_buffer_init_1607 packet_buffer_init 2 1607 NULL +btmrvl_hscmd_read_1614 btmrvl_hscmd_read 3 1614 NULL +v9fs_fid_xattr_get_1618 v9fs_fid_xattr_get 0 1618 NULL @@ -124864,7 +124468,7 @@ index 0000000..bf200e0 +tx_frag_called_read_1748 tx_frag_called_read 3 1748 NULL +cosa_write_1774 cosa_write 3 1774 NULL +fcoe_ctlr_device_add_1793 fcoe_ctlr_device_add 3 1793 NULL -+__nodelist_scnprintf_1815 __nodelist_scnprintf 2 1815 NULL ++__nodelist_scnprintf_1815 __nodelist_scnprintf 2-0 1815 NULL +sb_issue_zeroout_1884 sb_issue_zeroout 3 1884 NULL +rx_defrag_called_read_1897 rx_defrag_called_read 3 1897 NULL +nfs_parse_server_name_1899 nfs_parse_server_name 2 1899 NULL @@ -125014,6 +124618,7 @@ index 0000000..bf200e0 +key_key_read_3241 key_key_read 3 3241 NULL +__ilog2_u64_3284 __ilog2_u64 0 3284 NULL +ieee80211_if_write_beacon_loss_3296 ieee80211_if_write_beacon_loss 3 3296 NULL ++cgroup_name_3300 cgroup_name 3 3300 NULL +__iovec_copy_from_user_inatomic_3314 __iovec_copy_from_user_inatomic 0-4-3 3314 NULL +_iwl_dbgfs_d3_sram_write_3315 _iwl_dbgfs_d3_sram_write 3 3315 NULL +dbDiscardAG_3322 dbDiscardAG 3 3322 NULL @@ -125158,6 +124763,7 @@ index 0000000..bf200e0 +blk_rq_sectors_5091 blk_rq_sectors 0 5091 &kfifo_copy_from_user_5091 +sound_write_5102 sound_write 3 5102 NULL +i40e_dbg_netdev_ops_write_5117 i40e_dbg_netdev_ops_write 3 5117 NULL ++qib_7220_handle_hwerrors_5142 qib_7220_handle_hwerrors 3 5142 NULL +__uwb_addr_print_5161 __uwb_addr_print 2 5161 NULL +iwl_dbgfs_status_read_5171 iwl_dbgfs_status_read 3 5171 NULL +acpi_pcc_get_sqty_5176 acpi_pcc_get_sqty 0 5176 NULL @@ -125321,6 +124927,7 @@ index 0000000..bf200e0 +tipc_send_packet_7091 tipc_send_packet 4 7091 &beacon_interval_read_7091 +pipeline_enc_rx_stat_fifo_int_read_7107 pipeline_enc_rx_stat_fifo_int_read 3 7107 NULL +osc_resend_count_seq_write_7120 osc_resend_count_seq_write 3 7120 NULL ++qib_format_hwerrors_7133 qib_format_hwerrors 5 7133 NULL +kvm_mmu_notifier_test_young_7139 kvm_mmu_notifier_test_young 3 7139 NULL +__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL +hdlc_loop_7255 hdlc_loop 0 7255 NULL @@ -125577,6 +125184,7 @@ index 0000000..bf200e0 +snd_gf1_pcm_playback_copy_9895 snd_gf1_pcm_playback_copy 3-5 9895 NULL +nonpaging_page_fault_9908 nonpaging_page_fault 2 9908 NULL +iwl_dbgfs_prph_reg_read_9928 iwl_dbgfs_prph_reg_read 3 9928 NULL ++root_nfs_parse_options_9937 root_nfs_parse_options 3 9937 NULL +pstore_ftrace_knob_read_9947 pstore_ftrace_knob_read 3 9947 NULL +read_file_misc_9948 read_file_misc 3 9948 NULL +csum_partial_copy_fromiovecend_9957 csum_partial_copy_fromiovecend 3-4 9957 NULL @@ -126443,6 +126051,7 @@ index 0000000..bf200e0 +iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL +cfg80211_rx_assoc_resp_19944 cfg80211_rx_assoc_resp 4 19944 NULL +ll_xattr_cache_list_19954 ll_xattr_cache_list 0 19954 NULL ++get_jack_mode_name_19976 get_jack_mode_name 4 19976 NULL +attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL +rtw_set_wps_probe_resp_19989 rtw_set_wps_probe_resp 3 19989 NULL +lustre_pack_request_19992 lustre_pack_request 3 19992 NULL @@ -126459,6 +126068,7 @@ index 0000000..bf200e0 +aat2870_reg_write_file_20086 aat2870_reg_write_file 3 20086 NULL +team_options_register_20091 team_options_register 3 20091 NULL +qla2x00_adjust_sdev_qdepth_up_20097 qla2x00_adjust_sdev_qdepth_up 2 20097 NULL ++root_nfs_copy_20111 root_nfs_copy 3 20111 NULL +hptiop_adjust_disk_queue_depth_20122 hptiop_adjust_disk_queue_depth 2 20122 NULL +ext4_ext_direct_IO_20165 ext4_ext_direct_IO 4 20165 NULL +tomoyo_commit_ok_20167 tomoyo_commit_ok 2 20167 NULL @@ -126527,6 +126137,7 @@ index 0000000..bf200e0 +uvc_alloc_entity_20836 uvc_alloc_entity 4-3 20836 NULL +p9_tag_alloc_20845 p9_tag_alloc 3 20845 NULL +nvme_trans_supported_vpd_pages_20847 nvme_trans_supported_vpd_pages 4 20847 NULL ++get_name_20855 get_name 4 20855 NULL +iwl_dbgfs_pm_params_read_20866 iwl_dbgfs_pm_params_read 3 20866 NULL +snd_pcm_capture_avail_20867 snd_pcm_capture_avail 0 20867 NULL +srq_free_res_20868 srq_free_res 5 20868 NULL @@ -126551,6 +126162,7 @@ index 0000000..bf200e0 +fsl_edma_prep_dma_cyclic_21042 fsl_edma_prep_dma_cyclic 4-3 21042 NULL +lbs_threshold_read_21046 lbs_threshold_read 5 21046 NULL +proc_fault_inject_write_21058 proc_fault_inject_write 3 21058 NULL ++qdisc_get_default_21072 qdisc_get_default 2 21072 NULL +event_calibration_read_21083 event_calibration_read 3 21083 NULL +bl_add_page_to_bio_21094 bl_add_page_to_bio 2 21094 NULL nohasharray +multipath_status_21094 multipath_status 5 21094 &bl_add_page_to_bio_21094 @@ -126924,6 +126536,7 @@ index 0000000..bf200e0 +vsp1_entity_init_25407 vsp1_entity_init 3 25407 NULL +mcp795_rtcc_read_25415 mcp795_rtcc_read 4 25415 NULL +dai_list_read_file_25421 dai_list_read_file 3 25421 NULL ++ipath_decode_err_25468 ipath_decode_err 3 25468 NULL +crypto_hash_digestsize_25469 crypto_hash_digestsize 0 25469 NULL +ivtv_buf_copy_from_user_25502 ivtv_buf_copy_from_user 4-0 25502 NULL +snd_pcm_plugin_build_25505 snd_pcm_plugin_build 5 25505 NULL @@ -126978,6 +126591,7 @@ index 0000000..bf200e0 +keyctl_update_key_26061 keyctl_update_key 3 26061 NULL +pri_wm_latency_write_26063 pri_wm_latency_write 3 26063 NULL +rx_rx_wa_density_dropped_frame_read_26095 rx_rx_wa_density_dropped_frame_read 3 26095 NULL ++i8042_pnp_id_to_string_26108 i8042_pnp_id_to_string 3 26108 NULL +read_sb_page_26119 read_sb_page 5 26119 NULL +ath9k_hw_name_26146 ath9k_hw_name 3 26146 NULL +copy_oldmem_page_26164 copy_oldmem_page 3 26164 NULL @@ -127017,6 +126631,7 @@ index 0000000..bf200e0 +__vhost_add_used_n_26554 __vhost_add_used_n 3 26554 NULL +dio_new_bio_26562 dio_new_bio 0 26562 NULL +rts51x_read_mem_26577 rts51x_read_mem 4 26577 NULL ++kernfs_name_locked_26617 kernfs_name_locked 3 26617 NULL +pwr_fix_tsf_ps_read_26627 pwr_fix_tsf_ps_read 3 26627 NULL +amdtp_stream_get_max_payload_26645 amdtp_stream_get_max_payload 0 26645 NULL +irq_alloc_generic_chip_26650 irq_alloc_generic_chip 2 26650 NULL @@ -127120,6 +126735,7 @@ index 0000000..bf200e0 +ieee80211_if_read_dot11MeshHWMProotInterval_27873 ieee80211_if_read_dot11MeshHWMProotInterval 3 27873 NULL +unix_seqpacket_sendmsg_27893 unix_seqpacket_sendmsg 4 27893 NULL +i915_error_object_create_sized_27919 i915_error_object_create_sized 4 27919 NULL ++check_mapped_name_27943 check_mapped_name 3 27943 NULL +bio_next_split_27961 bio_next_split 2 27961 NULL nohasharray +tracing_clock_write_27961 tracing_clock_write 3 27961 &bio_next_split_27961 +tipc_media_addr_printf_27971 tipc_media_addr_printf 2 27971 NULL @@ -127187,11 +126803,13 @@ index 0000000..bf200e0 +b43legacy_debugfs_write_28556 b43legacy_debugfs_write 3 28556 NULL +asymmetric_verify_28567 asymmetric_verify 3 28567 NULL +oxygen_read32_28582 oxygen_read32 0 28582 NULL ++task_cgroup_path_28599 task_cgroup_path 3 28599 NULL +extract_entropy_28604 extract_entropy 5-3 28604 NULL +xgbe_common_write_28609 xgbe_common_write 2 28609 NULL +kfifo_unused_28612 kfifo_unused 0 28612 NULL +snd_nm256_capture_copy_28622 snd_nm256_capture_copy 5-3 28622 NULL +setup_usemap_28636 setup_usemap 3-4 28636 NULL ++qib_handle_6120_hwerrors_28642 qib_handle_6120_hwerrors 3 28642 NULL +p9_fcall_alloc_28652 p9_fcall_alloc 1 28652 NULL +blk_queue_resize_tags_28670 blk_queue_resize_tags 2 28670 NULL +SyS_setgroups16_28686 SyS_setgroups16 1 28686 NULL @@ -127410,6 +127028,7 @@ index 0000000..bf200e0 +uvc_simplify_fraction_31303 uvc_simplify_fraction 3 31303 NULL +sisusbcon_scroll_31315 sisusbcon_scroll 5-2-3 31315 NULL +command_file_write_31318 command_file_write 3 31318 NULL ++hwerr_crcbits_31334 hwerr_crcbits 4 31334 NULL +_regmap_raw_multi_reg_write_31336 _regmap_raw_multi_reg_write 3 31336 NULL +em28xx_init_usb_xfer_31337 em28xx_init_usb_xfer 4-6 31337 NULL +outlen_write_31358 outlen_write 3 31358 NULL @@ -127740,6 +127359,7 @@ index 0000000..bf200e0 +si476x_radio_read_rsq_primary_blob_34916 si476x_radio_read_rsq_primary_blob 3 34916 NULL +btrfs_super_chunk_root_34925 btrfs_super_chunk_root 0 34925 NULL nohasharray +__inode_permission_34925 __inode_permission 0 34925 &btrfs_super_chunk_root_34925 ++sec_flags2str_34933 sec_flags2str 3 34933 NULL +snd_info_entry_read_34938 snd_info_entry_read 3 34938 NULL +do_add_page_to_bio_34974 do_add_page_to_bio 2-10 34974 NULL +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL @@ -127948,7 +127568,8 @@ index 0000000..bf200e0 +ieee80211_if_read_power_mode_37305 ieee80211_if_read_power_mode 3 37305 NULL +jffs2_write_dirent_37311 jffs2_write_dirent 5 37311 NULL +tipc_send_37315 tipc_send 3 37315 NULL -+l2cap_create_connless_pdu_37327 l2cap_create_connless_pdu 3 37327 NULL ++l2cap_create_connless_pdu_37327 l2cap_create_connless_pdu 3 37327 NULL nohasharray ++bnx2x_vf_fill_fw_str_37327 bnx2x_vf_fill_fw_str 3 37327 &l2cap_create_connless_pdu_37327 +scsi_mode_select_37330 scsi_mode_select 6 37330 NULL +rxrpc_server_sendmsg_37331 rxrpc_server_sendmsg 4 37331 NULL +security_inode_getsecurity_37354 security_inode_getsecurity 0 37354 NULL @@ -128174,6 +127795,7 @@ index 0000000..bf200e0 +lustre_pack_reply_v2_39978 lustre_pack_reply_v2 2 39978 NULL +mthca_array_init_39987 mthca_array_init 2 39987 NULL +fw_device_op_read_39990 fw_device_op_read 3 39990 NULL ++server_name2svname_39998 server_name2svname 4 39998 NULL +xen_hvm_config_40018 xen_hvm_config 2 40018 NULL +ivtvfb_write_40023 ivtvfb_write 3 40023 NULL +disc_pwup_write_40027 disc_pwup_write 3 40027 NULL @@ -128328,6 +127950,7 @@ index 0000000..bf200e0 +rx_rx_pre_complt_read_41653 rx_rx_pre_complt_read 3 41653 NULL +get_std_timing_41654 get_std_timing 0 41654 NULL +ieee80211_if_fmt_bssid_41677 ieee80211_if_fmt_bssid 3 41677 NULL ++fill_pcm_stream_name_41685 fill_pcm_stream_name 2 41685 NULL +lov_unpackmd_41701 lov_unpackmd 4 41701 NULL +fillonedir_41746 fillonedir 3 41746 NULL +iwl_dbgfs_bt_notif_read_41794 iwl_dbgfs_bt_notif_read 3 41794 NULL @@ -128488,6 +128111,7 @@ index 0000000..bf200e0 +tx_frag_failed_read_43540 tx_frag_failed_read 3 43540 NULL +request_resource_43548 request_resource 0 43548 NULL +rpc_malloc_43573 rpc_malloc 2 43573 NULL ++handle_frequent_errors_43599 handle_frequent_errors 4 43599 NULL +lpfc_idiag_drbacc_read_reg_43606 lpfc_idiag_drbacc_read_reg 0-3 43606 NULL +proc_read_43614 proc_read 3 43614 NULL +alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL @@ -128552,6 +128176,7 @@ index 0000000..bf200e0 +rts_threshold_read_44384 rts_threshold_read 3 44384 NULL +mtip_hw_read_flags_44396 mtip_hw_read_flags 3 44396 NULL +aoedev_flush_44398 aoedev_flush 2 44398 NULL ++strlcpy_44400 strlcpy 3 44400 NULL +drm_buffer_alloc_44405 drm_buffer_alloc 2 44405 NULL +osst_do_scsi_44410 osst_do_scsi 4 44410 NULL +ieee80211_if_read_rc_rateidx_mcs_mask_5ghz_44423 ieee80211_if_read_rc_rateidx_mcs_mask_5ghz 3 44423 NULL @@ -128774,6 +128399,7 @@ index 0000000..bf200e0 +SYSC_poll_46965 SYSC_poll 2 46965 NULL +crypto_tfm_alg_alignmask_46971 crypto_tfm_alg_alignmask 0 46971 NULL +mgmt_pending_add_46976 mgmt_pending_add 5 46976 NULL ++strlcat_46985 strlcat 3 46985 NULL +bitmap_file_clear_bit_46990 bitmap_file_clear_bit 2 46990 NULL +sel_write_bool_46996 sel_write_bool 3 46996 NULL +blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL @@ -128836,7 +128462,8 @@ index 0000000..bf200e0 +ccp_sha_setkey_47633 ccp_sha_setkey 3 47633 NULL +get_size_47644 get_size 1-2 47644 NULL +osc_brw_prep_request_47680 osc_brw_prep_request 5 47680 NULL -+packet_recvmsg_47700 packet_recvmsg 4 47700 NULL ++packet_recvmsg_47700 packet_recvmsg 4 47700 NULL nohasharray ++ipath_format_hwmsg_47700 ipath_format_hwmsg 2 47700 &packet_recvmsg_47700 +save_microcode_47717 save_microcode 3 47717 NULL +bits_to_user_47733 bits_to_user 2-3 47733 NULL +carl9170_debugfs_read_47738 carl9170_debugfs_read 3 47738 NULL @@ -128858,6 +128485,7 @@ index 0000000..bf200e0 +cfs_percpt_alloc_47918 cfs_percpt_alloc 2 47918 NULL +comedi_write_47926 comedi_write 3 47926 NULL +nvme_trans_get_blk_desc_len_47946 nvme_trans_get_blk_desc_len 0-2 47946 NULL ++gether_get_ifname_47972 gether_get_ifname 3 47972 NULL +mempool_resize_47983 mempool_resize 2 47983 NULL nohasharray +iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 &mempool_resize_47983 +dbg_port_buf_47990 dbg_port_buf 2 47990 NULL @@ -128913,6 +128541,7 @@ index 0000000..bf200e0 +copy_page_from_iter_iovec_48466 copy_page_from_iter_iovec 3-0 48466 NULL +compat_SyS_preadv64_48469 compat_SyS_preadv64 3 48469 NULL +_iwl_dbgfs_bt_tx_prio_write_48473 _iwl_dbgfs_bt_tx_prio_write 3 48473 NULL ++ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL +r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL +count_masked_bytes_48507 count_masked_bytes 0-1 48507 NULL @@ -128973,6 +128602,7 @@ index 0000000..bf200e0 +ath6kl_bgscan_int_write_49178 ath6kl_bgscan_int_write 3 49178 NULL +dvb_dvr_ioctl_49182 dvb_dvr_ioctl 2 49182 NULL +print_queue_49191 print_queue 0-4 49191 NULL ++root_nfs_cat_49192 root_nfs_cat 3 49192 NULL +iwl_dbgfs_ucode_general_stats_read_49199 iwl_dbgfs_ucode_general_stats_read 3 49199 NULL +il4965_rs_sta_dbgfs_stats_table_read_49206 il4965_rs_sta_dbgfs_stats_table_read 3 49206 NULL +do_jffs2_getxattr_49210 do_jffs2_getxattr 0 49210 NULL @@ -129049,6 +128679,7 @@ index 0000000..bf200e0 +ioread8_50049 ioread8 0 50049 NULL +fuse_conn_max_background_write_50061 fuse_conn_max_background_write 3 50061 NULL +__kfifo_dma_in_prepare_50081 __kfifo_dma_in_prepare 4 50081 NULL ++dev_set_alias_50084 dev_set_alias 3 50084 NULL +libcfs_ioctl_popdata_50087 libcfs_ioctl_popdata 3 50087 NULL +sock_setsockopt_50088 sock_setsockopt 5 50088 NULL +altera_swap_dr_50090 altera_swap_dr 2 50090 NULL @@ -129133,6 +128764,7 @@ index 0000000..bf200e0 +virtio_cread16_50951 virtio_cread16 0 50951 NULL +sdio_uart_write_50954 sdio_uart_write 3 50954 NULL +SyS_setxattr_50957 SyS_setxattr 4 50957 NULL ++of_modalias_node_50975 of_modalias_node 3 50975 NULL +iwl_statistics_flag_50981 iwl_statistics_flag 0-3 50981 NULL +timeout_write_50991 timeout_write 3 50991 NULL +proc_write_51003 proc_write 3 51003 NULL @@ -129236,6 +128868,7 @@ index 0000000..bf200e0 +mxuport_process_read_urb_data_52072 mxuport_process_read_urb_data 3 52072 NULL +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL ++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL +split_scan_timeout_write_52128 split_scan_timeout_write 3 52128 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL +gdm_usb_hci_send_52138 gdm_usb_hci_send 3 52138 NULL @@ -129255,6 +128888,7 @@ index 0000000..bf200e0 +shrink_slab_52261 shrink_slab 2 52261 NULL +ext2_direct_IO_52270 ext2_direct_IO 4 52270 NULL +sisusbcon_do_font_op_52271 sisusbcon_do_font_op 9 52271 NULL ++handle_supp_msgs_52284 handle_supp_msgs 4 52284 NULL +kobject_set_name_vargs_52309 kobject_set_name_vargs 0 52309 NULL +read_file_reset_52310 read_file_reset 3 52310 NULL +ssd1307fb_write_52315 ssd1307fb_write 3 52315 NULL @@ -129311,6 +128945,7 @@ index 0000000..bf200e0 +lb_alloc_ep_req_52837 lb_alloc_ep_req 2 52837 NULL +mon_bin_get_event_52863 mon_bin_get_event 4-6 52863 NULL +twl6030_gpadc_write_52867 twl6030_gpadc_write 1 52867 NULL ++qib_decode_6120_err_52876 qib_decode_6120_err 3 52876 NULL +twlreg_write_52880 twlreg_write 3 52880 NULL +pvr2_ctrl_value_to_sym_internal_52881 pvr2_ctrl_value_to_sym_internal 5 52881 NULL +cache_read_procfs_52882 cache_read_procfs 3 52882 NULL @@ -129681,10 +129316,12 @@ index 0000000..bf200e0 +le_auto_conn_write_56895 le_auto_conn_write 3 56895 NULL nohasharray +batadv_tt_update_changes_56895 batadv_tt_update_changes 3 56895 &le_auto_conn_write_56895 +hfsplus_find_cat_56899 hfsplus_find_cat 0 56899 NULL ++strcspn_56913 strcspn 0 56913 NULL +__kfifo_out_56927 __kfifo_out 0-3 56927 NULL +journal_init_revoke_56933 journal_init_revoke 2 56933 NULL +nouveau_xtensa_create__56952 nouveau_xtensa_create_ 8 56952 NULL +diva_get_driver_info_56967 diva_get_driver_info 0 56967 NULL ++sptlrpc_secflags2str_56995 sptlrpc_secflags2str 3 56995 NULL +vlsi_alloc_ring_57003 vlsi_alloc_ring 3-4 57003 NULL +btrfs_super_csum_size_57004 btrfs_super_csum_size 0 57004 NULL +aircable_process_packet_57027 aircable_process_packet 4 57027 NULL @@ -129696,6 +129333,7 @@ index 0000000..bf200e0 +sca3000_read_data_57064 sca3000_read_data 4 57064 NULL +pcmcia_replace_cis_57066 pcmcia_replace_cis 3 57066 NULL +tracing_set_trace_write_57096 tracing_set_trace_write 3 57096 NULL ++altera_get_note_57099 altera_get_note 6 57099 NULL +hpfs_readpages_57106 hpfs_readpages 4 57106 NULL +crypto_compress_ctxsize_57109 crypto_compress_ctxsize 0 57109 NULL +cipso_v4_gentag_loc_57119 cipso_v4_gentag_loc 0 57119 NULL @@ -129829,6 +129467,7 @@ index 0000000..bf200e0 +wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL +scnprint_mac_oui_58578 scnprint_mac_oui 3-0 58578 NULL +cur_wm_latency_write_58581 cur_wm_latency_write 3 58581 NULL ++get_rhf_errstring_58582 get_rhf_errstring 3 58582 NULL +ea_read_inline_58589 ea_read_inline 0 58589 NULL +isku_sysfs_read_keys_thumbster_58590 isku_sysfs_read_keys_thumbster 6 58590 NULL +xip_file_read_58592 xip_file_read 3 58592 NULL @@ -129880,6 +129519,7 @@ index 0000000..bf200e0 +setup_window_59178 setup_window 4-2-5-7 59178 NULL +ocfs2_move_extent_59187 ocfs2_move_extent 2-5 59187 NULL +xfs_iext_realloc_indirect_59211 xfs_iext_realloc_indirect 2 59211 NULL ++check_mapped_selector_name_59216 check_mapped_selector_name 5 59216 NULL +dt3155_read_59226 dt3155_read 3 59226 NULL +paging64_gpte_to_gfn_lvl_59229 paging64_gpte_to_gfn_lvl 0-1-2 59229 NULL +nla_len_59258 nla_len 0 59258 NULL @@ -130046,10 +129686,12 @@ index 0000000..bf200e0 +dio_bio_add_page_61178 dio_bio_add_page 0 61178 NULL +SyS_prctl_61202 SyS_prctl 4 61202 NULL +srp_create_fr_pool_61207 srp_create_fr_pool 3 61207 NULL ++arch_hibernation_header_save_61212 arch_hibernation_header_save 0 61212 NULL +smk_read_ambient_61220 smk_read_ambient 3 61220 NULL +v9fs_mmap_file_read_61262 v9fs_mmap_file_read 3 61262 NULL +find_get_pages_tag_61270 find_get_pages_tag 0 61270 NULL nohasharray -+btrfs_bio_alloc_61270 btrfs_bio_alloc 3 61270 &find_get_pages_tag_61270 ++btrfs_bio_alloc_61270 btrfs_bio_alloc 3 61270 &find_get_pages_tag_61270 nohasharray ++ifalias_store_61270 ifalias_store 4 61270 &btrfs_bio_alloc_61270 +hfsplus_getxattr_finder_info_61283 hfsplus_getxattr_finder_info 0 61283 NULL nohasharray +vortex_adbdma_getlinearpos_61283 vortex_adbdma_getlinearpos 0 61283 &hfsplus_getxattr_finder_info_61283 +nvme_trans_copy_to_user_61288 nvme_trans_copy_to_user 3 61288 NULL @@ -130086,6 +129728,7 @@ index 0000000..bf200e0 +resize_stripes_61650 resize_stripes 2 61650 NULL +ttm_page_pool_free_61661 ttm_page_pool_free 2-0 61661 NULL +insert_one_name_61668 insert_one_name 7 61668 NULL ++qib_format_hwmsg_61679 qib_format_hwmsg 2 61679 NULL +lock_loop_61681 lock_loop 1 61681 NULL +filter_read_61692 filter_read 3 61692 NULL +iov_length_61716 iov_length 0 61716 NULL @@ -130104,9 +129747,11 @@ index 0000000..bf200e0 +btrfs_ioctl_clone_61886 btrfs_ioctl_clone 3-4-5 61886 NULL +lprocfs_write_frac_u64_helper_61897 lprocfs_write_frac_u64_helper 2 61897 NULL +clear_refs_write_61904 clear_refs_write 3 61904 NULL ++kernfs_name_61910 kernfs_name 3 61910 NULL +rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL +au0828_init_isoc_61917 au0828_init_isoc 3-2-4 61917 NULL +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL ++SyS_kexec_load_61946 SyS_kexec_load 2 61946 NULL +il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL +fix_read_error_61965 fix_read_error 4 61965 NULL @@ -130365,6 +130010,7 @@ index 0000000..bf200e0 +suspend_dtim_interval_read_64971 suspend_dtim_interval_read 3 64971 NULL +crypto_ahash_digestsize_65014 crypto_ahash_digestsize 0 65014 NULL +insert_dent_65034 insert_dent 7 65034 NULL ++snd_hda_get_pin_label_65035 snd_hda_get_pin_label 5 65035 NULL +ext4_ind_trans_blocks_65053 ext4_ind_trans_blocks 0-2 65053 NULL +pcibios_enable_device_65059 pcibios_enable_device 0 65059 NULL +__alloc_bootmem_node_high_65076 __alloc_bootmem_node_high 2 65076 NULL diff --git a/3.16.2/4425_grsec_remove_EI_PAX.patch b/3.16.3/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.16.2/4425_grsec_remove_EI_PAX.patch +++ b/3.16.3/4425_grsec_remove_EI_PAX.patch diff --git a/3.16.2/4427_force_XATTR_PAX_tmpfs.patch b/3.16.3/4427_force_XATTR_PAX_tmpfs.patch index 2f1d3b4..2f1d3b4 100644 --- a/3.16.2/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.16.3/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.16.2/4430_grsec-remove-localversion-grsec.patch b/3.16.3/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.16.2/4430_grsec-remove-localversion-grsec.patch +++ b/3.16.3/4430_grsec-remove-localversion-grsec.patch diff --git a/3.16.2/4435_grsec-mute-warnings.patch b/3.16.3/4435_grsec-mute-warnings.patch index 4a959cc..4a959cc 100644 --- a/3.16.2/4435_grsec-mute-warnings.patch +++ b/3.16.3/4435_grsec-mute-warnings.patch diff --git a/3.16.2/4440_grsec-remove-protected-paths.patch b/3.16.3/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.16.2/4440_grsec-remove-protected-paths.patch +++ b/3.16.3/4440_grsec-remove-protected-paths.patch diff --git a/3.16.2/4450_grsec-kconfig-default-gids.patch b/3.16.3/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.16.2/4450_grsec-kconfig-default-gids.patch +++ b/3.16.3/4450_grsec-kconfig-default-gids.patch diff --git a/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch b/3.16.3/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.16.3/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.16.2/4470_disable-compat_vdso.patch b/3.16.3/4470_disable-compat_vdso.patch index fd9ab60..431c5bb 100644 --- a/3.16.2/4470_disable-compat_vdso.patch +++ b/3.16.3/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1814,29 +1814,8 @@ +@@ -1816,29 +1816,8 @@ config COMPAT_VDSO def_bool n diff --git a/3.16.2/4475_emutramp_default_on.patch b/3.16.3/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.16.2/4475_emutramp_default_on.patch +++ b/3.16.3/4475_emutramp_default_on.patch diff --git a/3.2.63/0000_README b/3.2.63/0000_README index dfb7000..251218e 100644 --- a/3.2.63/0000_README +++ b/3.2.63/0000_README @@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch From: http://www.kernel.org Desc: Linux 3.2.63 -Patch: 4420_grsecurity-3.0-3.2.63-201409150854.patch +Patch: 4420_grsecurity-3.0-3.2.63-201409180857.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201409150854.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch index 0e57ae5..3cee459 100644 --- a/3.2.63/4420_grsecurity-3.0-3.2.63-201409150854.patch +++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch @@ -13354,6 +13354,18 @@ index 908b969..a1f4eb4 100644 #define BIOS_END 0x00100000 #define BIOS_ROM_BASE 0xffe00000 +diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h +index 035cd81..db1e26d 100644 +--- a/arch/x86/include/asm/efi.h ++++ b/arch/x86/include/asm/efi.h +@@ -95,6 +95,7 @@ extern void efi_set_executable(efi_memory_desc_t *md, bool executable); + extern void efi_memblock_x86_reserve_range(void); + extern void efi_call_phys_prelog(void); + extern void efi_call_phys_epilog(void); ++extern void efi_setup_pgd(void); + + #ifndef CONFIG_EFI + /* diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h index 5f962df..7289f09 100644 --- a/arch/x86/include/asm/elf.h @@ -20756,7 +20768,7 @@ index ce0be7c..a61dc21 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e11e394..b4611a6 100644 +index e11e394..8f229b6 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -20839,7 +20851,7 @@ index e11e394..b4611a6 100644 movq %rax, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -183,9 +179,18 @@ ENTRY(secondary_startup_64) +@@ -183,9 +179,19 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -20847,19 +20859,20 @@ index e11e394..b4611a6 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax -+#ifndef CONFIG_EFI ++ cmpb $0, init_level4_pgt_initialized(%rip) ++ jne 1f + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip) -+#endif + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip) + btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip) + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*506(%rip) + btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*507(%rip) + btsq $_PAGE_BIT_NX, __supported_pte_mask(%rip) ++ movb $1, init_level4_pgt_initialized(%rip) 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -247,6 +252,7 @@ ENTRY(secondary_startup_64) +@@ -247,6 +253,7 @@ ENTRY(secondary_startup_64) * jump. In addition we need to ensure %cs is set so we make this * a far return. */ @@ -20867,7 +20880,7 @@ index e11e394..b4611a6 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -262,14 +268,14 @@ ENTRY(secondary_startup_64) +@@ -262,14 +269,14 @@ ENTRY(secondary_startup_64) .quad INIT_PER_CPU_VAR(irq_stack_union) ENTRY(stack_start) @@ -20884,7 +20897,7 @@ index e11e394..b4611a6 100644 #ifdef CONFIG_EARLY_PRINTK .globl early_idt_handlers early_idt_handlers: -@@ -314,18 +320,23 @@ ENTRY(early_idt_handler) +@@ -314,18 +321,23 @@ ENTRY(early_idt_handler) #endif /* EARLY_PRINTK */ 1: hlt jmp 1b @@ -20909,7 +20922,7 @@ index e11e394..b4611a6 100644 #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -338,7 +349,6 @@ ENTRY(name) +@@ -338,7 +350,6 @@ ENTRY(name) i = i + 1 ; \ .endr @@ -20917,7 +20930,7 @@ index e11e394..b4611a6 100644 /* * This default setting generates an ident mapping at address 0x100000 * and a mapping for the kernel that precisely maps virtual address -@@ -349,13 +359,41 @@ NEXT_PAGE(init_level4_pgt) +@@ -349,13 +360,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -20959,7 +20972,7 @@ index e11e394..b4611a6 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -363,20 +401,27 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -363,20 +402,27 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -20992,7 +21005,7 @@ index e11e394..b4611a6 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -389,35 +434,56 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -389,35 +435,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -21046,6 +21059,9 @@ index e11e394..b4611a6 100644 /* This must match the first entry in level2_kernel_pgt */ .quad 0x0000000000000000 ++init_level4_pgt_initialized: ++ .byte 0x00 ++ #include "../../x86/xen/xen-head.S" - - .section .bss, "aw", @nobits @@ -30978,8 +30994,21 @@ index db0e9a5..0372c14 100644 return !(ret & 0xff00); } EXPORT_SYMBOL(pcibios_set_irq_routing); +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index e56da77..cba13dc 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -747,6 +747,8 @@ void __init efi_enter_virtual_mode(void) + + BUG_ON(!efi.systab); + ++ efi_setup_pgd(); ++ + status = phys_efi_set_virtual_address_map( + memmap.desc_size * count, + memmap.desc_size, diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c -index 40e4469..0592924d 100644 +index 40e4469..94d16d7 100644 --- a/arch/x86/platform/efi/efi_32.c +++ b/arch/x86/platform/efi/efi_32.c @@ -44,11 +44,22 @@ void efi_call_phys_prelog(void) @@ -31005,7 +31034,7 @@ index 40e4469..0592924d 100644 gdt_descr.address = __pa(get_cpu_gdt_table(0)); gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); -@@ -58,11 +69,24 @@ void efi_call_phys_epilog(void) +@@ -58,12 +69,29 @@ void efi_call_phys_epilog(void) { struct desc_ptr gdt_descr; @@ -31030,8 +31059,13 @@ index 40e4469..0592924d 100644 __flush_tlb_all(); local_irq_restore(efi_rt_eflags); + } ++ ++void __init efi_setup_pgd(void) ++{ ++} diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index 0fba86d..3642981 100644 +index 0fba86d..2363f0b 100644 --- a/arch/x86/platform/efi/efi_64.c +++ b/arch/x86/platform/efi/efi_64.c @@ -75,6 +75,11 @@ void __init efi_call_phys_prelog(void) @@ -31058,6 +31092,26 @@ index 0fba86d..3642981 100644 __flush_tlb_all(); local_irq_restore(efi_flags); early_code_mapping_set_exec(0); +@@ -109,3 +119,19 @@ void __iomem *__init efi_ioremap(unsigned long phys_addr, unsigned long size, + + return (void __iomem *)__va(phys_addr); + } ++ ++void __init efi_setup_pgd(void) ++{ ++ /* PaX: We need to disable the NX bit in the PGD, otherwise we won't be ++ * able to execute the EFI services. ++ */ ++ if (__supported_pte_mask & _PAGE_NX) { ++ unsigned long addr = (unsigned long) __va(0); ++ pgd_t pe = __pgd(pgd_val(*pgd_offset_k(addr)) & ~_PAGE_NX); ++ pr_info("PAX: Disabling NX protection for low memory map.\n"); ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ set_pgd(pgd_offset_cpu(0, addr), pe); ++#endif ++ set_pgd(pgd_offset_k(addr), pe); ++ } ++} diff --git a/arch/x86/platform/efi/efi_stub_32.S b/arch/x86/platform/efi/efi_stub_32.S index fbe66e6..eae5e38 100644 --- a/arch/x86/platform/efi/efi_stub_32.S @@ -84297,7 +84351,7 @@ index 9e5425b..8136ffc 100644 /* Protects from simultaneous access to first_req list */ spinlock_t info_list_lock; diff --git a/include/net/flow.h b/include/net/flow.h -index 2a7eefd..3250f3b 100644 +index 2a7eefdd..3250f3b 100644 --- a/include/net/flow.h +++ b/include/net/flow.h @@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup( @@ -108485,10 +108539,10 @@ index 38f6617..e70b72b 100755 exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..dfb6314 100644 +index 51bd5a0..c9f7da3 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,952 @@ +@@ -4,6 +4,963 @@ menu "Security options" @@ -109076,6 +109130,17 @@ index 51bd5a0..dfb6314 100644 + that is, enabling this option will make it harder to inject + and execute 'foreign' code in kernel memory itself. + ++ Note that on amd64 with CONFIG_EFI enabled, the physical map ++ is required to be RWX if EFI runtime services are active. ++ Newer kernels do not have this limitation. ++ ++ Likewise, if EFI runtime services are active, the memory for ++ the services is mapped RWX. ++ ++ If your system is EFI-enabled, it is thus strongly recommended ++ that you boot with "noefi" on the kernel command-line if ++ possible. ++ +choice + prompt "Return Address Instrumentation Method" + default PAX_KERNEXEC_PLUGIN_METHOD_BTS @@ -109441,7 +109506,7 @@ index 51bd5a0..dfb6314 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +1115,7 @@ config INTEL_TXT +@@ -169,7 +1126,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX diff --git a/3.2.63/4470_disable-compat_vdso.patch b/3.2.63/4470_disable-compat_vdso.patch index 0aedd26..42bc94d 100644 --- a/3.2.63/4470_disable-compat_vdso.patch +++ b/3.2.63/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1655,17 +1655,8 @@ +@@ -1672,17 +1672,8 @@ config COMPAT_VDSO def_bool n |