diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-07-05 12:33:00 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-07-05 12:33:19 -0400 |
| commit | 20f00980e88516e9663fcebc708948c1824b56b2 (patch) | |
| tree | b7a3d12b3d7d4de967a9720f0269ce64517181c7 | |
| parent | Grsec/PaX: 3.1-{3.2.69,3.14.46,4.0.7}-201506300712 (diff) | |
| download | hardened-patchset-20f00980e88516e9663fcebc708948c1824b56b2.tar.gz hardened-patchset-20f00980e88516e9663fcebc708948c1824b56b2.tar.bz2 hardened-patchset-20f00980e88516e9663fcebc708948c1824b56b2.zip | |
Grsec/PaX: 3.1-{3.2.69,3.14.47,4.0.7}-20150705083320150705
| -rw-r--r-- | 3.14.46/1045_linux-3.14.46.patch | 829 | ||||
| -rw-r--r-- | 3.14.47/0000_README (renamed from 3.14.46/0000_README) | 6 | ||||
| -rw-r--r-- | 3.14.47/1046_linux-3.14.47.patch | 1395 | ||||
| -rw-r--r-- | 3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch (renamed from 3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch) | 154 | ||||
| -rw-r--r-- | 3.14.47/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.46/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.46/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.46/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4435_grsec-mute-warnings.patch (renamed from 3.14.46/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4440_grsec-remove-protected-paths.patch (renamed from 3.14.46/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.46/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.46/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4470_disable-compat_vdso.patch (renamed from 3.14.46/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.14.47/4475_emutramp_default_on.patch (renamed from 3.14.46/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.69/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch (renamed from 3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch) | 37 | ||||
| -rw-r--r-- | 4.0.7/0000_README | 6 | ||||
| -rw-r--r-- | 4.0.7/1006_linux-4.0.7.patch | 707 | ||||
| -rw-r--r-- | 4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch (renamed from 4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch) | 103 |
18 files changed, 1630 insertions, 1609 deletions
diff --git a/3.14.46/1045_linux-3.14.46.patch b/3.14.46/1045_linux-3.14.46.patch deleted file mode 100644 index 12790dc..0000000 --- a/3.14.46/1045_linux-3.14.46.patch +++ /dev/null @@ -1,829 +0,0 @@ -diff --git a/Makefile b/Makefile -index c92186c..def39fd 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 14 --SUBLEVEL = 45 -+SUBLEVEL = 46 - EXTRAVERSION = - NAME = Remembering Coco - -diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h -index 09af149..530f56e 100644 ---- a/arch/arm/include/asm/kvm_host.h -+++ b/arch/arm/include/asm/kvm_host.h -@@ -42,7 +42,7 @@ - - struct kvm_vcpu; - u32 *kvm_vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num, u32 mode); --int kvm_target_cpu(void); -+int __attribute_const__ kvm_target_cpu(void); - int kvm_reset_vcpu(struct kvm_vcpu *vcpu); - void kvm_reset_coprocs(struct kvm_vcpu *vcpu); - -diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h -index 7b362bc..0cbdb8e 100644 ---- a/arch/arm/include/asm/kvm_mmu.h -+++ b/arch/arm/include/asm/kvm_mmu.h -@@ -127,6 +127,18 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd) - (__boundary - 1 < (end) - 1)? __boundary: (end); \ - }) - -+static inline bool kvm_page_empty(void *ptr) -+{ -+ struct page *ptr_page = virt_to_page(ptr); -+ return page_count(ptr_page) == 1; -+} -+ -+ -+#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep) -+#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp) -+#define kvm_pud_table_empty(pudp) (0) -+ -+ - struct kvm; - - #define kvm_flush_dcache_to_poc(a,l) __cpuc_flush_dcache_area((a), (l)) -diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S -index 797b1a6..7e666cf 100644 ---- a/arch/arm/kernel/hyp-stub.S -+++ b/arch/arm/kernel/hyp-stub.S -@@ -134,9 +134,7 @@ ENTRY(__hyp_stub_install_secondary) - mcr p15, 4, r7, c1, c1, 3 @ HSTR - - THUMB( orr r7, #(1 << 30) ) @ HSCTLR.TE --#ifdef CONFIG_CPU_BIG_ENDIAN -- orr r7, #(1 << 9) @ HSCTLR.EE --#endif -+ARM_BE8(orr r7, r7, #(1 << 25)) @ HSCTLR.EE - mcr p15, 4, r7, c1, c0, 0 @ HSCTLR - - mrc p15, 4, r7, c1, c1, 1 @ HDCR -diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c -index bd18bb8..df6e75e 100644 ---- a/arch/arm/kvm/arm.c -+++ b/arch/arm/kvm/arm.c -@@ -82,7 +82,7 @@ struct kvm_vcpu *kvm_arm_get_running_vcpu(void) - /** - * kvm_arm_get_running_vcpus - get the per-CPU array of currently running vcpus. - */ --struct kvm_vcpu __percpu **kvm_get_running_vcpus(void) -+struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void) - { - return &kvm_arm_running_vcpu; - } -@@ -155,16 +155,6 @@ int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf) - return VM_FAULT_SIGBUS; - } - --void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, -- struct kvm_memory_slot *dont) --{ --} -- --int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot, -- unsigned long npages) --{ -- return 0; --} - - /** - * kvm_arch_destroy_vm - destroy the VM data structure -@@ -224,33 +214,6 @@ long kvm_arch_dev_ioctl(struct file *filp, - return -EINVAL; - } - --void kvm_arch_memslots_updated(struct kvm *kvm) --{ --} -- --int kvm_arch_prepare_memory_region(struct kvm *kvm, -- struct kvm_memory_slot *memslot, -- struct kvm_userspace_memory_region *mem, -- enum kvm_mr_change change) --{ -- return 0; --} -- --void kvm_arch_commit_memory_region(struct kvm *kvm, -- struct kvm_userspace_memory_region *mem, -- const struct kvm_memory_slot *old, -- enum kvm_mr_change change) --{ --} -- --void kvm_arch_flush_shadow_all(struct kvm *kvm) --{ --} -- --void kvm_arch_flush_shadow_memslot(struct kvm *kvm, -- struct kvm_memory_slot *slot) --{ --} - - struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) - { -diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c -index c58a351..7c73290 100644 ---- a/arch/arm/kvm/coproc.c -+++ b/arch/arm/kvm/coproc.c -@@ -742,7 +742,7 @@ static bool is_valid_cache(u32 val) - u32 level, ctype; - - if (val >= CSSELR_MAX) -- return -ENOENT; -+ return false; - - /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */ - level = (val >> 1); -diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c -index c93ef38..70ed2c1 100644 ---- a/arch/arm/kvm/mmu.c -+++ b/arch/arm/kvm/mmu.c -@@ -90,103 +90,115 @@ static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc) - return p; - } - --static bool page_empty(void *ptr) -+static void clear_pgd_entry(struct kvm *kvm, pgd_t *pgd, phys_addr_t addr) - { -- struct page *ptr_page = virt_to_page(ptr); -- return page_count(ptr_page) == 1; -+ pud_t *pud_table __maybe_unused = pud_offset(pgd, 0); -+ pgd_clear(pgd); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ pud_free(NULL, pud_table); -+ put_page(virt_to_page(pgd)); - } - - static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr) - { -- if (pud_huge(*pud)) { -- pud_clear(pud); -- kvm_tlb_flush_vmid_ipa(kvm, addr); -- } else { -- pmd_t *pmd_table = pmd_offset(pud, 0); -- pud_clear(pud); -- kvm_tlb_flush_vmid_ipa(kvm, addr); -- pmd_free(NULL, pmd_table); -- } -+ pmd_t *pmd_table = pmd_offset(pud, 0); -+ VM_BUG_ON(pud_huge(*pud)); -+ pud_clear(pud); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ pmd_free(NULL, pmd_table); - put_page(virt_to_page(pud)); - } - - static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr) - { -- if (kvm_pmd_huge(*pmd)) { -- pmd_clear(pmd); -- kvm_tlb_flush_vmid_ipa(kvm, addr); -- } else { -- pte_t *pte_table = pte_offset_kernel(pmd, 0); -- pmd_clear(pmd); -- kvm_tlb_flush_vmid_ipa(kvm, addr); -- pte_free_kernel(NULL, pte_table); -- } -+ pte_t *pte_table = pte_offset_kernel(pmd, 0); -+ VM_BUG_ON(kvm_pmd_huge(*pmd)); -+ pmd_clear(pmd); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ pte_free_kernel(NULL, pte_table); - put_page(virt_to_page(pmd)); - } - --static void clear_pte_entry(struct kvm *kvm, pte_t *pte, phys_addr_t addr) -+static void unmap_ptes(struct kvm *kvm, pmd_t *pmd, -+ phys_addr_t addr, phys_addr_t end) - { -- if (pte_present(*pte)) { -- kvm_set_pte(pte, __pte(0)); -- put_page(virt_to_page(pte)); -- kvm_tlb_flush_vmid_ipa(kvm, addr); -+ phys_addr_t start_addr = addr; -+ pte_t *pte, *start_pte; -+ -+ start_pte = pte = pte_offset_kernel(pmd, addr); -+ do { -+ if (!pte_none(*pte)) { -+ kvm_set_pte(pte, __pte(0)); -+ put_page(virt_to_page(pte)); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ } -+ } while (pte++, addr += PAGE_SIZE, addr != end); -+ -+ if (kvm_pte_table_empty(start_pte)) -+ clear_pmd_entry(kvm, pmd, start_addr); - } --} - --static void unmap_range(struct kvm *kvm, pgd_t *pgdp, -- unsigned long long start, u64 size) -+static void unmap_pmds(struct kvm *kvm, pud_t *pud, -+ phys_addr_t addr, phys_addr_t end) - { -- pgd_t *pgd; -- pud_t *pud; -- pmd_t *pmd; -- pte_t *pte; -- unsigned long long addr = start, end = start + size; -- u64 next; -- -- while (addr < end) { -- pgd = pgdp + pgd_index(addr); -- pud = pud_offset(pgd, addr); -- if (pud_none(*pud)) { -- addr = kvm_pud_addr_end(addr, end); -- continue; -- } -+ phys_addr_t next, start_addr = addr; -+ pmd_t *pmd, *start_pmd; - -- if (pud_huge(*pud)) { -- /* -- * If we are dealing with a huge pud, just clear it and -- * move on. -- */ -- clear_pud_entry(kvm, pud, addr); -- addr = kvm_pud_addr_end(addr, end); -- continue; -+ start_pmd = pmd = pmd_offset(pud, addr); -+ do { -+ next = kvm_pmd_addr_end(addr, end); -+ if (!pmd_none(*pmd)) { -+ if (kvm_pmd_huge(*pmd)) { -+ pmd_clear(pmd); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ put_page(virt_to_page(pmd)); -+ } else { -+ unmap_ptes(kvm, pmd, addr, next); -+ } - } -+ } while (pmd++, addr = next, addr != end); - -- pmd = pmd_offset(pud, addr); -- if (pmd_none(*pmd)) { -- addr = kvm_pmd_addr_end(addr, end); -- continue; -- } -+ if (kvm_pmd_table_empty(start_pmd)) -+ clear_pud_entry(kvm, pud, start_addr); -+} - -- if (!kvm_pmd_huge(*pmd)) { -- pte = pte_offset_kernel(pmd, addr); -- clear_pte_entry(kvm, pte, addr); -- next = addr + PAGE_SIZE; -- } -+static void unmap_puds(struct kvm *kvm, pgd_t *pgd, -+ phys_addr_t addr, phys_addr_t end) -+{ -+ phys_addr_t next, start_addr = addr; -+ pud_t *pud, *start_pud; - -- /* -- * If the pmd entry is to be cleared, walk back up the ladder -- */ -- if (kvm_pmd_huge(*pmd) || page_empty(pte)) { -- clear_pmd_entry(kvm, pmd, addr); -- next = kvm_pmd_addr_end(addr, end); -- if (page_empty(pmd) && !page_empty(pud)) { -- clear_pud_entry(kvm, pud, addr); -- next = kvm_pud_addr_end(addr, end); -+ start_pud = pud = pud_offset(pgd, addr); -+ do { -+ next = kvm_pud_addr_end(addr, end); -+ if (!pud_none(*pud)) { -+ if (pud_huge(*pud)) { -+ pud_clear(pud); -+ kvm_tlb_flush_vmid_ipa(kvm, addr); -+ put_page(virt_to_page(pud)); -+ } else { -+ unmap_pmds(kvm, pud, addr, next); - } - } -+ } while (pud++, addr = next, addr != end); - -- addr = next; -- } -+ if (kvm_pud_table_empty(start_pud)) -+ clear_pgd_entry(kvm, pgd, start_addr); -+} -+ -+ -+static void unmap_range(struct kvm *kvm, pgd_t *pgdp, -+ phys_addr_t start, u64 size) -+{ -+ pgd_t *pgd; -+ phys_addr_t addr = start, end = start + size; -+ phys_addr_t next; -+ -+ pgd = pgdp + pgd_index(addr); -+ do { -+ next = kvm_pgd_addr_end(addr, end); -+ unmap_puds(kvm, pgd, addr, next); -+ } while (pgd++, addr = next, addr != end); - } - - static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd, -@@ -747,6 +759,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, - struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache; - struct vm_area_struct *vma; - pfn_t pfn; -+ pgprot_t mem_type = PAGE_S2; - - write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu)); - if (fault_status == FSC_PERM && !write_fault) { -@@ -797,6 +810,9 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, - if (is_error_pfn(pfn)) - return -EFAULT; - -+ if (kvm_is_mmio_pfn(pfn)) -+ mem_type = PAGE_S2_DEVICE; -+ - spin_lock(&kvm->mmu_lock); - if (mmu_notifier_retry(kvm, mmu_seq)) - goto out_unlock; -@@ -804,7 +820,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, - hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa); - - if (hugetlb) { -- pmd_t new_pmd = pfn_pmd(pfn, PAGE_S2); -+ pmd_t new_pmd = pfn_pmd(pfn, mem_type); - new_pmd = pmd_mkhuge(new_pmd); - if (writable) { - kvm_set_s2pmd_writable(&new_pmd); -@@ -813,13 +829,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, - coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE); - ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd); - } else { -- pte_t new_pte = pfn_pte(pfn, PAGE_S2); -+ pte_t new_pte = pfn_pte(pfn, mem_type); - if (writable) { - kvm_set_s2pte_writable(&new_pte); - kvm_set_pfn_dirty(pfn); - } - coherent_cache_guest_page(vcpu, hva, PAGE_SIZE); -- ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, false); -+ ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, -+ mem_type == PAGE_S2_DEVICE); - } - - -@@ -1099,3 +1116,49 @@ out: - free_hyp_pgds(); - return err; - } -+ -+void kvm_arch_commit_memory_region(struct kvm *kvm, -+ struct kvm_userspace_memory_region *mem, -+ const struct kvm_memory_slot *old, -+ enum kvm_mr_change change) -+{ -+ gpa_t gpa = old->base_gfn << PAGE_SHIFT; -+ phys_addr_t size = old->npages << PAGE_SHIFT; -+ if (change == KVM_MR_DELETE || change == KVM_MR_MOVE) { -+ spin_lock(&kvm->mmu_lock); -+ unmap_stage2_range(kvm, gpa, size); -+ spin_unlock(&kvm->mmu_lock); -+ } -+} -+ -+int kvm_arch_prepare_memory_region(struct kvm *kvm, -+ struct kvm_memory_slot *memslot, -+ struct kvm_userspace_memory_region *mem, -+ enum kvm_mr_change change) -+{ -+ return 0; -+} -+ -+void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, -+ struct kvm_memory_slot *dont) -+{ -+} -+ -+int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot, -+ unsigned long npages) -+{ -+ return 0; -+} -+ -+void kvm_arch_memslots_updated(struct kvm *kvm) -+{ -+} -+ -+void kvm_arch_flush_shadow_all(struct kvm *kvm) -+{ -+} -+ -+void kvm_arch_flush_shadow_memslot(struct kvm *kvm, -+ struct kvm_memory_slot *slot) -+{ -+} -diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h -index 0a1d697..3fb0946 100644 ---- a/arch/arm64/include/asm/kvm_host.h -+++ b/arch/arm64/include/asm/kvm_host.h -@@ -42,7 +42,7 @@ - #define KVM_VCPU_MAX_FEATURES 2 - - struct kvm_vcpu; --int kvm_target_cpu(void); -+int __attribute_const__ kvm_target_cpu(void); - int kvm_reset_vcpu(struct kvm_vcpu *vcpu); - int kvm_arch_dev_ioctl_check_extension(long ext); - -@@ -177,7 +177,7 @@ static inline int kvm_test_age_hva(struct kvm *kvm, unsigned long hva) - } - - struct kvm_vcpu *kvm_arm_get_running_vcpu(void); --struct kvm_vcpu __percpu **kvm_get_running_vcpus(void); -+struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void); - - u64 kvm_call_hyp(void *hypfn, ...); - -diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h -index 7d29847..8e138c7 100644 ---- a/arch/arm64/include/asm/kvm_mmu.h -+++ b/arch/arm64/include/asm/kvm_mmu.h -@@ -125,6 +125,21 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd) - #define kvm_pud_addr_end(addr, end) pud_addr_end(addr, end) - #define kvm_pmd_addr_end(addr, end) pmd_addr_end(addr, end) - -+static inline bool kvm_page_empty(void *ptr) -+{ -+ struct page *ptr_page = virt_to_page(ptr); -+ return page_count(ptr_page) == 1; -+} -+ -+#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep) -+#ifndef CONFIG_ARM64_64K_PAGES -+#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp) -+#else -+#define kvm_pmd_table_empty(pmdp) (0) -+#endif -+#define kvm_pud_table_empty(pudp) (0) -+ -+ - struct kvm; - - #define kvm_flush_dcache_to_poc(a,l) __flush_dcache_area((a), (l)) -diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S -index b0d1512..5dfc8331 100644 ---- a/arch/arm64/kvm/hyp.S -+++ b/arch/arm64/kvm/hyp.S -@@ -830,7 +830,7 @@ el1_trap: - mrs x2, far_el2 - - 2: mrs x0, tpidr_el2 -- str x1, [x0, #VCPU_ESR_EL2] -+ str w1, [x0, #VCPU_ESR_EL2] - str x2, [x0, #VCPU_FAR_EL2] - str x3, [x0, #VCPU_HPFAR_EL2] - -diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c -index 0324458..7691b25 100644 ---- a/arch/arm64/kvm/sys_regs.c -+++ b/arch/arm64/kvm/sys_regs.c -@@ -836,7 +836,7 @@ static bool is_valid_cache(u32 val) - u32 level, ctype; - - if (val >= CSSELR_MAX) -- return -ENOENT; -+ return false; - - /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */ - level = (val >> 1); -@@ -962,7 +962,7 @@ static unsigned int num_demux_regs(void) - - static int write_demux_regids(u64 __user *uindices) - { -- u64 val = KVM_REG_ARM | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX; -+ u64 val = KVM_REG_ARM64 | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX; - unsigned int i; - - val |= KVM_REG_ARM_DEMUX_ID_CCSIDR; -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c -index 26b03e1..8ff2b3c 100644 ---- a/drivers/bluetooth/ath3k.c -+++ b/drivers/bluetooth/ath3k.c -@@ -79,6 +79,7 @@ static const struct usb_device_id ath3k_table[] = { - { USB_DEVICE(0x0489, 0xe057) }, - { USB_DEVICE(0x0489, 0xe056) }, - { USB_DEVICE(0x0489, 0xe05f) }, -+ { USB_DEVICE(0x0489, 0xe076) }, - { USB_DEVICE(0x0489, 0xe078) }, - { USB_DEVICE(0x04c5, 0x1330) }, - { USB_DEVICE(0x04CA, 0x3004) }, -@@ -109,6 +110,7 @@ static const struct usb_device_id ath3k_table[] = { - { USB_DEVICE(0x13d3, 0x3402) }, - { USB_DEVICE(0x13d3, 0x3408) }, - { USB_DEVICE(0x13d3, 0x3432) }, -+ { USB_DEVICE(0x13d3, 0x3474) }, - - /* Atheros AR5BBU12 with sflash firmware */ - { USB_DEVICE(0x0489, 0xE02C) }, -@@ -133,6 +135,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, -@@ -163,6 +166,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { - { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, - - /* Atheros AR5BBU22 with sflash firmware */ - { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 }, -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c -index 9eb1669..c0e7a9aa9 100644 ---- a/drivers/bluetooth/btusb.c -+++ b/drivers/bluetooth/btusb.c -@@ -157,6 +157,7 @@ static const struct usb_device_id blacklist_table[] = { - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, -@@ -187,6 +188,7 @@ static const struct usb_device_id blacklist_table[] = { - { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, - - /* Atheros AR5BBU12 with sflash firmware */ - { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c -index 28486b1..ae6dae8 100644 ---- a/drivers/crypto/caam/caamrng.c -+++ b/drivers/crypto/caam/caamrng.c -@@ -56,7 +56,7 @@ - - /* Buffer, its dma address and lock */ - struct buf_data { -- u8 buf[RN_BUF_SIZE]; -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; - dma_addr_t addr; - struct completion filled; - u32 hw_desc[DESC_JOB_O_LEN]; -diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c -index 9683747..f2511a0 100644 ---- a/drivers/gpu/drm/mgag200/mgag200_mode.c -+++ b/drivers/gpu/drm/mgag200/mgag200_mode.c -@@ -1529,6 +1529,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector, - return MODE_BANDWIDTH; - } - -+ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 || -+ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) { -+ return MODE_H_ILLEGAL; -+ } -+ - if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 || - mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 || - mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 || -diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c -index 8f580fd..ce21132 100644 ---- a/drivers/scsi/lpfc/lpfc_sli.c -+++ b/drivers/scsi/lpfc/lpfc_sli.c -@@ -265,6 +265,16 @@ lpfc_sli4_eq_get(struct lpfc_queue *q) - return NULL; - - q->hba_index = idx; -+ -+ /* -+ * insert barrier for instruction interlock : data from the hardware -+ * must have the valid bit checked before it can be copied and acted -+ * upon. Given what was seen in lpfc_sli4_cq_get() of speculative -+ * instructions allowing action on content before valid bit checked, -+ * add barrier here as well. May not be needed as "content" is a -+ * single 32-bit entity here (vs multi word structure for cq's). -+ */ -+ mb(); - return eqe; - } - -@@ -370,6 +380,17 @@ lpfc_sli4_cq_get(struct lpfc_queue *q) - - cqe = q->qe[q->hba_index].cqe; - q->hba_index = idx; -+ -+ /* -+ * insert barrier for instruction interlock : data from the hardware -+ * must have the valid bit checked before it can be copied and acted -+ * upon. Speculative instructions were allowing a bcopy at the start -+ * of lpfc_sli4_fp_handle_wcqe(), which is called immediately -+ * after our return, to copy data before the valid bit check above -+ * was done. As such, some of the copied data was stale. The barrier -+ * ensures the check is before any data is copied. -+ */ -+ mb(); - return cqe; - } - -diff --git a/fs/pipe.c b/fs/pipe.c -index 78fd0d0..46f1ab2 100644 ---- a/fs/pipe.c -+++ b/fs/pipe.c -@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe) - } - - static int --pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, -- int atomic) -+pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov, -+ size_t *remaining, int atomic) - { - unsigned long copy; - -- while (len > 0) { -+ while (*remaining > 0) { - while (!iov->iov_len) - iov++; -- copy = min_t(unsigned long, len, iov->iov_len); -+ copy = min_t(unsigned long, *remaining, iov->iov_len); - - if (atomic) { -- if (__copy_from_user_inatomic(to, iov->iov_base, copy)) -+ if (__copy_from_user_inatomic(addr + *offset, -+ iov->iov_base, copy)) - return -EFAULT; - } else { -- if (copy_from_user(to, iov->iov_base, copy)) -+ if (copy_from_user(addr + *offset, -+ iov->iov_base, copy)) - return -EFAULT; - } -- to += copy; -- len -= copy; -+ *offset += copy; -+ *remaining -= copy; - iov->iov_base += copy; - iov->iov_len -= copy; - } -@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, - } - - static int --pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, -- int atomic) -+pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset, -+ size_t *remaining, int atomic) - { - unsigned long copy; - -- while (len > 0) { -+ while (*remaining > 0) { - while (!iov->iov_len) - iov++; -- copy = min_t(unsigned long, len, iov->iov_len); -+ copy = min_t(unsigned long, *remaining, iov->iov_len); - - if (atomic) { -- if (__copy_to_user_inatomic(iov->iov_base, from, copy)) -+ if (__copy_to_user_inatomic(iov->iov_base, -+ addr + *offset, copy)) - return -EFAULT; - } else { -- if (copy_to_user(iov->iov_base, from, copy)) -+ if (copy_to_user(iov->iov_base, -+ addr + *offset, copy)) - return -EFAULT; - } -- from += copy; -- len -= copy; -+ *offset += copy; -+ *remaining -= copy; - iov->iov_base += copy; - iov->iov_len -= copy; - } -@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, - struct pipe_buffer *buf = pipe->bufs + curbuf; - const struct pipe_buf_operations *ops = buf->ops; - void *addr; -- size_t chars = buf->len; -+ size_t chars = buf->len, remaining; - int error, atomic; - - if (chars > total_len) -@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, - } - - atomic = !iov_fault_in_pages_write(iov, chars); -+ remaining = chars; - redo: - addr = ops->map(pipe, buf, atomic); -- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); -+ error = pipe_iov_copy_to_user(iov, addr, &buf->offset, -+ &remaining, atomic); - ops->unmap(pipe, buf, addr); - if (unlikely(error)) { - /* -@@ -426,7 +432,6 @@ redo: - break; - } - ret += chars; -- buf->offset += chars; - buf->len -= chars; - - /* Was it a packet buffer? Clean up and exit */ -@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, - if (ops->can_merge && offset + chars <= PAGE_SIZE) { - int error, atomic = 1; - void *addr; -+ size_t remaining = chars; - - error = ops->confirm(pipe, buf); - if (error) -@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, - iov_fault_in_pages_read(iov, chars); - redo1: - addr = ops->map(pipe, buf, atomic); -- error = pipe_iov_copy_from_user(offset + addr, iov, -- chars, atomic); -+ error = pipe_iov_copy_from_user(addr, &offset, iov, -+ &remaining, atomic); - ops->unmap(pipe, buf, addr); - ret = error; - do_wakeup = 1; -@@ -575,6 +581,8 @@ redo1: - struct page *page = pipe->tmp_page; - char *src; - int error, atomic = 1; -+ int offset = 0; -+ size_t remaining; - - if (!page) { - page = alloc_page(GFP_HIGHUSER); -@@ -595,14 +603,15 @@ redo1: - chars = total_len; - - iov_fault_in_pages_read(iov, chars); -+ remaining = chars; - redo2: - if (atomic) - src = kmap_atomic(page); - else - src = kmap(page); - -- error = pipe_iov_copy_from_user(src, iov, chars, -- atomic); -+ error = pipe_iov_copy_from_user(src, &offset, iov, -+ &remaining, atomic); - if (atomic) - kunmap_atomic(src); - else -diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c -index 8a86319..cb347e8 100644 ---- a/kernel/trace/trace_events_filter.c -+++ b/kernel/trace/trace_events_filter.c -@@ -1399,19 +1399,24 @@ static int check_preds(struct filter_parse_state *ps) - { - int n_normal_preds = 0, n_logical_preds = 0; - struct postfix_elt *elt; -+ int cnt = 0; - - list_for_each_entry(elt, &ps->postfix, list) { -- if (elt->op == OP_NONE) -+ if (elt->op == OP_NONE) { -+ cnt++; - continue; -+ } - -+ cnt--; - if (elt->op == OP_AND || elt->op == OP_OR) { - n_logical_preds++; - continue; - } - n_normal_preds++; -+ WARN_ON_ONCE(cnt < 0); - } - -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { - parse_error(ps, FILT_ERR_INVALID_FILTER, 0); - return -EINVAL; - } -diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c -index 4eec2d4..1316e55 100644 ---- a/virt/kvm/arm/vgic.c -+++ b/virt/kvm/arm/vgic.c -@@ -1654,7 +1654,7 @@ out: - return ret; - } - --static bool vgic_ioaddr_overlap(struct kvm *kvm) -+static int vgic_ioaddr_overlap(struct kvm *kvm) - { - phys_addr_t dist = kvm->arch.vgic.vgic_dist_base; - phys_addr_t cpu = kvm->arch.vgic.vgic_cpu_base; diff --git a/3.14.46/0000_README b/3.14.47/0000_README index de59c28..b3b9e28 100644 --- a/3.14.46/0000_README +++ b/3.14.47/0000_README @@ -2,11 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1045_linux-3.14.46.patch +Patch: 1046_linux-3.14.47.patch From: http://www.kernel.org -Desc: Linux 3.14.46 +Desc: Linux 3.14.47 -Patch: 4420_grsecurity-3.1-3.14.46-201506300711.patch +Patch: 4420_grsecurity-3.1-3.14.47-201507050832.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.47/1046_linux-3.14.47.patch b/3.14.47/1046_linux-3.14.47.patch new file mode 100644 index 0000000..4dc0c5a --- /dev/null +++ b/3.14.47/1046_linux-3.14.47.patch @@ -0,0 +1,1395 @@ +diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt +index 6cd63a9..bc6d617 100644 +--- a/Documentation/virtual/kvm/api.txt ++++ b/Documentation/virtual/kvm/api.txt +@@ -2344,7 +2344,8 @@ should be created before this ioctl is invoked. + + Possible features: + - KVM_ARM_VCPU_POWER_OFF: Starts the CPU in a power-off state. +- Depends on KVM_CAP_ARM_PSCI. ++ Depends on KVM_CAP_ARM_PSCI. If not set, the CPU will be powered on ++ and execute guest code when KVM_RUN is called. + - KVM_ARM_VCPU_EL1_32BIT: Starts the CPU in a 32bit mode. + Depends on KVM_CAP_ARM_EL1_32BIT (arm64 only). + +diff --git a/Makefile b/Makefile +index def39fd..f9041e6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 14 +-SUBLEVEL = 46 ++SUBLEVEL = 47 + EXTRAVERSION = + NAME = Remembering Coco + +diff --git a/arch/arm/include/asm/kvm_emulate.h b/arch/arm/include/asm/kvm_emulate.h +index 0fa90c9..853e2be 100644 +--- a/arch/arm/include/asm/kvm_emulate.h ++++ b/arch/arm/include/asm/kvm_emulate.h +@@ -33,6 +33,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu); + void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); + void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); + ++static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) ++{ ++ vcpu->arch.hcr = HCR_GUEST_MASK; ++} ++ + static inline bool vcpu_mode_is_32bit(struct kvm_vcpu *vcpu) + { + return 1; +diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h +index 0cbdb8e..9f79231 100644 +--- a/arch/arm/include/asm/kvm_mmu.h ++++ b/arch/arm/include/asm/kvm_mmu.h +@@ -47,6 +47,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t); + void free_boot_hyp_pgd(void); + void free_hyp_pgds(void); + ++void stage2_unmap_vm(struct kvm *kvm); + int kvm_alloc_stage2_pgd(struct kvm *kvm); + void kvm_free_stage2_pgd(struct kvm *kvm); + int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, +@@ -78,17 +79,6 @@ static inline void kvm_set_pte(pte_t *pte, pte_t new_pte) + flush_pmd_entry(pte); + } + +-static inline bool kvm_is_write_fault(unsigned long hsr) +-{ +- unsigned long hsr_ec = hsr >> HSR_EC_SHIFT; +- if (hsr_ec == HSR_EC_IABT) +- return false; +- else if ((hsr & HSR_ISV) && !(hsr & HSR_WNR)) +- return false; +- else +- return true; +-} +- + static inline void kvm_clean_pgd(pgd_t *pgd) + { + clean_dcache_area(pgd, PTRS_PER_S2_PGD * sizeof(pgd_t)); +diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c +index df6e75e..2e74a61 100644 +--- a/arch/arm/kvm/arm.c ++++ b/arch/arm/kvm/arm.c +@@ -220,6 +220,11 @@ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) + int err; + struct kvm_vcpu *vcpu; + ++ if (irqchip_in_kernel(kvm) && vgic_initialized(kvm)) { ++ err = -EBUSY; ++ goto out; ++ } ++ + vcpu = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL); + if (!vcpu) { + err = -ENOMEM; +@@ -427,9 +432,9 @@ static void update_vttbr(struct kvm *kvm) + + /* update vttbr to be used with the new vmid */ + pgd_phys = virt_to_phys(kvm->arch.pgd); ++ BUG_ON(pgd_phys & ~VTTBR_BADDR_MASK); + vmid = ((u64)(kvm->arch.vmid) << VTTBR_VMID_SHIFT) & VTTBR_VMID_MASK; +- kvm->arch.vttbr = pgd_phys & VTTBR_BADDR_MASK; +- kvm->arch.vttbr |= vmid; ++ kvm->arch.vttbr = pgd_phys | vmid; + + spin_unlock(&kvm_vmid_lock); + } +@@ -676,10 +681,21 @@ static int kvm_arch_vcpu_ioctl_vcpu_init(struct kvm_vcpu *vcpu, + return ret; + + /* ++ * Ensure a rebooted VM will fault in RAM pages and detect if the ++ * guest MMU is turned off and flush the caches as needed. ++ */ ++ if (vcpu->arch.has_run_once) ++ stage2_unmap_vm(vcpu->kvm); ++ ++ vcpu_reset_hcr(vcpu); ++ ++ /* + * Handle the "start in power-off" case by marking the VCPU as paused. + */ +- if (__test_and_clear_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features)) ++ if (test_bit(KVM_ARM_VCPU_POWER_OFF, vcpu->arch.features)) + vcpu->arch.pause = true; ++ else ++ vcpu->arch.pause = false; + + return 0; + } +@@ -825,7 +841,8 @@ static int hyp_init_cpu_notify(struct notifier_block *self, + switch (action) { + case CPU_STARTING: + case CPU_STARTING_FROZEN: +- cpu_init_hyp_mode(NULL); ++ if (__hyp_get_vectors() == hyp_default_vectors) ++ cpu_init_hyp_mode(NULL); + break; + } + +diff --git a/arch/arm/kvm/guest.c b/arch/arm/kvm/guest.c +index b23a59c..2786eae 100644 +--- a/arch/arm/kvm/guest.c ++++ b/arch/arm/kvm/guest.c +@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = { + + int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) + { +- vcpu->arch.hcr = HCR_GUEST_MASK; + return 0; + } + +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c +index 70ed2c1..524b4b5 100644 +--- a/arch/arm/kvm/mmu.c ++++ b/arch/arm/kvm/mmu.c +@@ -197,7 +197,8 @@ static void unmap_range(struct kvm *kvm, pgd_t *pgdp, + pgd = pgdp + pgd_index(addr); + do { + next = kvm_pgd_addr_end(addr, end); +- unmap_puds(kvm, pgd, addr, next); ++ if (!pgd_none(*pgd)) ++ unmap_puds(kvm, pgd, addr, next); + } while (pgd++, addr = next, addr != end); + } + +@@ -555,6 +556,71 @@ static void unmap_stage2_range(struct kvm *kvm, phys_addr_t start, u64 size) + unmap_range(kvm, kvm->arch.pgd, start, size); + } + ++static void stage2_unmap_memslot(struct kvm *kvm, ++ struct kvm_memory_slot *memslot) ++{ ++ hva_t hva = memslot->userspace_addr; ++ phys_addr_t addr = memslot->base_gfn << PAGE_SHIFT; ++ phys_addr_t size = PAGE_SIZE * memslot->npages; ++ hva_t reg_end = hva + size; ++ ++ /* ++ * A memory region could potentially cover multiple VMAs, and any holes ++ * between them, so iterate over all of them to find out if we should ++ * unmap any of them. ++ * ++ * +--------------------------------------------+ ++ * +---------------+----------------+ +----------------+ ++ * | : VMA 1 | VMA 2 | | VMA 3 : | ++ * +---------------+----------------+ +----------------+ ++ * | memory region | ++ * +--------------------------------------------+ ++ */ ++ do { ++ struct vm_area_struct *vma = find_vma(current->mm, hva); ++ hva_t vm_start, vm_end; ++ ++ if (!vma || vma->vm_start >= reg_end) ++ break; ++ ++ /* ++ * Take the intersection of this VMA with the memory region ++ */ ++ vm_start = max(hva, vma->vm_start); ++ vm_end = min(reg_end, vma->vm_end); ++ ++ if (!(vma->vm_flags & VM_PFNMAP)) { ++ gpa_t gpa = addr + (vm_start - memslot->userspace_addr); ++ unmap_stage2_range(kvm, gpa, vm_end - vm_start); ++ } ++ hva = vm_end; ++ } while (hva < reg_end); ++} ++ ++/** ++ * stage2_unmap_vm - Unmap Stage-2 RAM mappings ++ * @kvm: The struct kvm pointer ++ * ++ * Go through the memregions and unmap any reguler RAM ++ * backing memory already mapped to the VM. ++ */ ++void stage2_unmap_vm(struct kvm *kvm) ++{ ++ struct kvm_memslots *slots; ++ struct kvm_memory_slot *memslot; ++ int idx; ++ ++ idx = srcu_read_lock(&kvm->srcu); ++ spin_lock(&kvm->mmu_lock); ++ ++ slots = kvm_memslots(kvm); ++ kvm_for_each_memslot(memslot, slots) ++ stage2_unmap_memslot(kvm, memslot); ++ ++ spin_unlock(&kvm->mmu_lock); ++ srcu_read_unlock(&kvm->srcu, idx); ++} ++ + /** + * kvm_free_stage2_pgd - free all stage-2 tables + * @kvm: The KVM struct pointer for the VM. +@@ -746,6 +812,19 @@ static bool transparent_hugepage_adjust(pfn_t *pfnp, phys_addr_t *ipap) + return false; + } + ++static bool kvm_is_write_fault(struct kvm_vcpu *vcpu) ++{ ++ if (kvm_vcpu_trap_is_iabt(vcpu)) ++ return false; ++ ++ return kvm_vcpu_dabt_iswrite(vcpu); ++} ++ ++static bool kvm_is_device_pfn(unsigned long pfn) ++{ ++ return !pfn_valid(pfn); ++} ++ + static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, + struct kvm_memory_slot *memslot, + unsigned long fault_status) +@@ -761,7 +840,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, + pfn_t pfn; + pgprot_t mem_type = PAGE_S2; + +- write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu)); ++ write_fault = kvm_is_write_fault(vcpu); + if (fault_status == FSC_PERM && !write_fault) { + kvm_err("Unexpected L2 read permission error\n"); + return -EFAULT; +@@ -770,6 +849,12 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, + /* Let's check if we will get back a huge page backed by hugetlbfs */ + down_read(¤t->mm->mmap_sem); + vma = find_vma_intersection(current->mm, hva, hva + 1); ++ if (unlikely(!vma)) { ++ kvm_err("Failed to find VMA for hva 0x%lx\n", hva); ++ up_read(¤t->mm->mmap_sem); ++ return -EFAULT; ++ } ++ + if (is_vm_hugetlb_page(vma)) { + hugetlb = true; + gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; +@@ -810,7 +895,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, + if (is_error_pfn(pfn)) + return -EFAULT; + +- if (kvm_is_mmio_pfn(pfn)) ++ if (kvm_is_device_pfn(pfn)) + mem_type = PAGE_S2_DEVICE; + + spin_lock(&kvm->mmu_lock); +@@ -836,7 +921,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, + } + coherent_cache_guest_page(vcpu, hva, PAGE_SIZE); + ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, +- mem_type == PAGE_S2_DEVICE); ++ pgprot_val(mem_type) == pgprot_val(PAGE_S2_DEVICE)); + } + + +@@ -912,6 +997,9 @@ int kvm_handle_guest_abort(struct kvm_vcpu *vcpu, struct kvm_run *run) + + memslot = gfn_to_memslot(vcpu->kvm, gfn); + ++ /* Userspace should not be able to register out-of-bounds IPAs */ ++ VM_BUG_ON(fault_ipa >= KVM_PHYS_SIZE); ++ + ret = user_mem_abort(vcpu, fault_ipa, memslot, fault_status); + if (ret == 0) + ret = 1; +@@ -1136,6 +1224,14 @@ int kvm_arch_prepare_memory_region(struct kvm *kvm, + struct kvm_userspace_memory_region *mem, + enum kvm_mr_change change) + { ++ /* ++ * Prevent userspace from creating a memory region outside of the IPA ++ * space addressable by the KVM guest IPA space. ++ */ ++ if (memslot->base_gfn + memslot->npages >= ++ (KVM_PHYS_SIZE >> PAGE_SHIFT)) ++ return -EFAULT; ++ + return 0; + } + +diff --git a/arch/arm/mach-dove/board-dt.c b/arch/arm/mach-dove/board-dt.c +index 49fa9ab..7a7a09a5 100644 +--- a/arch/arm/mach-dove/board-dt.c ++++ b/arch/arm/mach-dove/board-dt.c +@@ -26,7 +26,7 @@ static void __init dove_dt_init(void) + #ifdef CONFIG_CACHE_TAUROS2 + tauros2_init(0); + #endif +- BUG_ON(mvebu_mbus_dt_init()); ++ BUG_ON(mvebu_mbus_dt_init(false)); + of_platform_populate(NULL, of_default_bus_match_table, NULL, NULL); + } + +diff --git a/arch/arm/mach-imx/clk-imx6q.c b/arch/arm/mach-imx/clk-imx6q.c +index 01a5765..b509556 100644 +--- a/arch/arm/mach-imx/clk-imx6q.c ++++ b/arch/arm/mach-imx/clk-imx6q.c +@@ -406,7 +406,7 @@ static void __init imx6q_clocks_init(struct device_node *ccm_node) + clk[gpmi_io] = imx_clk_gate2("gpmi_io", "enfc", base + 0x78, 28); + clk[gpmi_apb] = imx_clk_gate2("gpmi_apb", "usdhc3", base + 0x78, 30); + clk[rom] = imx_clk_gate2("rom", "ahb", base + 0x7c, 0); +- clk[sata] = imx_clk_gate2("sata", "ipg", base + 0x7c, 4); ++ clk[sata] = imx_clk_gate2("sata", "ahb", base + 0x7c, 4); + clk[sdma] = imx_clk_gate2("sdma", "ahb", base + 0x7c, 6); + clk[spba] = imx_clk_gate2("spba", "ipg", base + 0x7c, 12); + clk[spdif] = imx_clk_gate2("spdif", "spdif_podf", base + 0x7c, 14); +diff --git a/arch/arm/mach-kirkwood/board-dt.c b/arch/arm/mach-kirkwood/board-dt.c +index 7818815..79e629d 100644 +--- a/arch/arm/mach-kirkwood/board-dt.c ++++ b/arch/arm/mach-kirkwood/board-dt.c +@@ -116,7 +116,7 @@ static void __init kirkwood_dt_init(void) + */ + writel(readl(CPU_CONFIG) & ~CPU_CONFIG_ERROR_PROP, CPU_CONFIG); + +- BUG_ON(mvebu_mbus_dt_init()); ++ BUG_ON(mvebu_mbus_dt_init(false)); + + kirkwood_l2_init(); + +diff --git a/arch/arm/mach-mvebu/armada-370-xp.c b/arch/arm/mach-mvebu/armada-370-xp.c +index f6c9d1d..79c3766a 100644 +--- a/arch/arm/mach-mvebu/armada-370-xp.c ++++ b/arch/arm/mach-mvebu/armada-370-xp.c +@@ -41,7 +41,7 @@ static void __init armada_370_xp_timer_and_clk_init(void) + of_clk_init(NULL); + clocksource_of_init(); + coherency_init(); +- BUG_ON(mvebu_mbus_dt_init()); ++ BUG_ON(mvebu_mbus_dt_init(coherency_available())); + #ifdef CONFIG_CACHE_L2X0 + l2x0_of_init(0, ~0UL); + #endif +diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c +index c295c10..49bad4d 100644 +--- a/arch/arm/mach-mvebu/coherency.c ++++ b/arch/arm/mach-mvebu/coherency.c +@@ -121,6 +121,20 @@ static struct notifier_block mvebu_hwcc_platform_nb = { + .notifier_call = mvebu_hwcc_platform_notifier, + }; + ++/* ++ * Keep track of whether we have IO hardware coherency enabled or not. ++ * On Armada 370's we will not be using it for example. We need to make ++ * that available [through coherency_available()] so the mbus controller ++ * doesn't enable the IO coherency bit in the attribute bits of the ++ * chip selects. ++ */ ++static int coherency_enabled; ++ ++int coherency_available(void) ++{ ++ return coherency_enabled; ++} ++ + int __init coherency_init(void) + { + struct device_node *np; +@@ -164,6 +178,7 @@ int __init coherency_init(void) + coherency_base = of_iomap(np, 0); + coherency_cpu_base = of_iomap(np, 1); + set_cpu_coherent(cpu_logical_map(smp_processor_id()), 0); ++ coherency_enabled = 1; + of_node_put(np); + } + +diff --git a/arch/arm/mach-mvebu/coherency.h b/arch/arm/mach-mvebu/coherency.h +index 760226c..63e18c6 100644 +--- a/arch/arm/mach-mvebu/coherency.h ++++ b/arch/arm/mach-mvebu/coherency.h +@@ -17,6 +17,7 @@ + extern unsigned long coherency_phys_base; + + int set_cpu_coherent(unsigned int cpu_id, int smp_group_id); ++int coherency_available(void); + int coherency_init(void); + + #endif /* __MACH_370_XP_COHERENCY_H */ +diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h +index 00fbaa7..ea68925 100644 +--- a/arch/arm64/include/asm/kvm_arm.h ++++ b/arch/arm64/include/asm/kvm_arm.h +@@ -18,6 +18,7 @@ + #ifndef __ARM64_KVM_ARM_H__ + #define __ARM64_KVM_ARM_H__ + ++#include <asm/memory.h> + #include <asm/types.h> + + /* Hyp Configuration Register (HCR) bits */ +@@ -122,6 +123,17 @@ + #define VTCR_EL2_T0SZ_MASK 0x3f + #define VTCR_EL2_T0SZ_40B 24 + ++/* ++ * We configure the Stage-2 page tables to always restrict the IPA space to be ++ * 40 bits wide (T0SZ = 24). Systems with a PARange smaller than 40 bits are ++ * not known to exist and will break with this configuration. ++ * ++ * Note that when using 4K pages, we concatenate two first level page tables ++ * together. ++ * ++ * The magic numbers used for VTTBR_X in this patch can be found in Tables ++ * D4-23 and D4-25 in ARM DDI 0487A.b. ++ */ + #ifdef CONFIG_ARM64_64K_PAGES + /* + * Stage2 translation configuration: +@@ -151,9 +163,9 @@ + #endif + + #define VTTBR_BADDR_SHIFT (VTTBR_X - 1) +-#define VTTBR_BADDR_MASK (((1LLU << (40 - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT) +-#define VTTBR_VMID_SHIFT (48LLU) +-#define VTTBR_VMID_MASK (0xffLLU << VTTBR_VMID_SHIFT) ++#define VTTBR_BADDR_MASK (((UL(1) << (PHYS_MASK_SHIFT - VTTBR_X)) - 1) << VTTBR_BADDR_SHIFT) ++#define VTTBR_VMID_SHIFT (UL(48)) ++#define VTTBR_VMID_MASK (UL(0xFF) << VTTBR_VMID_SHIFT) + + /* Hyp System Trap Register */ + #define HSTR_EL2_TTEE (1 << 16) +@@ -176,13 +188,13 @@ + + /* Exception Syndrome Register (ESR) bits */ + #define ESR_EL2_EC_SHIFT (26) +-#define ESR_EL2_EC (0x3fU << ESR_EL2_EC_SHIFT) +-#define ESR_EL2_IL (1U << 25) ++#define ESR_EL2_EC (UL(0x3f) << ESR_EL2_EC_SHIFT) ++#define ESR_EL2_IL (UL(1) << 25) + #define ESR_EL2_ISS (ESR_EL2_IL - 1) + #define ESR_EL2_ISV_SHIFT (24) +-#define ESR_EL2_ISV (1U << ESR_EL2_ISV_SHIFT) ++#define ESR_EL2_ISV (UL(1) << ESR_EL2_ISV_SHIFT) + #define ESR_EL2_SAS_SHIFT (22) +-#define ESR_EL2_SAS (3U << ESR_EL2_SAS_SHIFT) ++#define ESR_EL2_SAS (UL(3) << ESR_EL2_SAS_SHIFT) + #define ESR_EL2_SSE (1 << 21) + #define ESR_EL2_SRT_SHIFT (16) + #define ESR_EL2_SRT_MASK (0x1f << ESR_EL2_SRT_SHIFT) +@@ -196,16 +208,16 @@ + #define ESR_EL2_FSC_TYPE (0x3c) + + #define ESR_EL2_CV_SHIFT (24) +-#define ESR_EL2_CV (1U << ESR_EL2_CV_SHIFT) ++#define ESR_EL2_CV (UL(1) << ESR_EL2_CV_SHIFT) + #define ESR_EL2_COND_SHIFT (20) +-#define ESR_EL2_COND (0xfU << ESR_EL2_COND_SHIFT) ++#define ESR_EL2_COND (UL(0xf) << ESR_EL2_COND_SHIFT) + + + #define FSC_FAULT (0x04) + #define FSC_PERM (0x0c) + + /* Hyp Prefetch Fault Address Register (HPFAR/HDFAR) */ +-#define HPFAR_MASK (~0xFUL) ++#define HPFAR_MASK (~UL(0xf)) + + #define ESR_EL2_EC_UNKNOWN (0x00) + #define ESR_EL2_EC_WFI (0x01) +diff --git a/arch/arm64/include/asm/kvm_emulate.h b/arch/arm64/include/asm/kvm_emulate.h +index dd8ecfc3..681cb90 100644 +--- a/arch/arm64/include/asm/kvm_emulate.h ++++ b/arch/arm64/include/asm/kvm_emulate.h +@@ -38,6 +38,11 @@ void kvm_inject_undefined(struct kvm_vcpu *vcpu); + void kvm_inject_dabt(struct kvm_vcpu *vcpu, unsigned long addr); + void kvm_inject_pabt(struct kvm_vcpu *vcpu, unsigned long addr); + ++static inline void vcpu_reset_hcr(struct kvm_vcpu *vcpu) ++{ ++ vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; ++} ++ + static inline unsigned long *vcpu_pc(const struct kvm_vcpu *vcpu) + { + return (unsigned long *)&vcpu_gp_regs(vcpu)->regs.pc; +diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h +index 8e138c7..0d51874 100644 +--- a/arch/arm64/include/asm/kvm_mmu.h ++++ b/arch/arm64/include/asm/kvm_mmu.h +@@ -59,10 +59,9 @@ + #define KERN_TO_HYP(kva) ((unsigned long)kva - PAGE_OFFSET + HYP_PAGE_OFFSET) + + /* +- * Align KVM with the kernel's view of physical memory. Should be +- * 40bit IPA, with PGD being 8kB aligned in the 4KB page configuration. ++ * We currently only support a 40bit IPA. + */ +-#define KVM_PHYS_SHIFT PHYS_MASK_SHIFT ++#define KVM_PHYS_SHIFT (40) + #define KVM_PHYS_SIZE (1UL << KVM_PHYS_SHIFT) + #define KVM_PHYS_MASK (KVM_PHYS_SIZE - 1UL) + +@@ -75,6 +74,7 @@ int create_hyp_io_mappings(void *from, void *to, phys_addr_t); + void free_boot_hyp_pgd(void); + void free_hyp_pgds(void); + ++void stage2_unmap_vm(struct kvm *kvm); + int kvm_alloc_stage2_pgd(struct kvm *kvm); + void kvm_free_stage2_pgd(struct kvm *kvm); + int kvm_phys_addr_ioremap(struct kvm *kvm, phys_addr_t guest_ipa, +@@ -93,19 +93,6 @@ void kvm_clear_hyp_idmap(void); + #define kvm_set_pte(ptep, pte) set_pte(ptep, pte) + #define kvm_set_pmd(pmdp, pmd) set_pmd(pmdp, pmd) + +-static inline bool kvm_is_write_fault(unsigned long esr) +-{ +- unsigned long esr_ec = esr >> ESR_EL2_EC_SHIFT; +- +- if (esr_ec == ESR_EL2_EC_IABT) +- return false; +- +- if ((esr & ESR_EL2_ISV) && !(esr & ESR_EL2_WNR)) +- return false; +- +- return true; +-} +- + static inline void kvm_clean_pgd(pgd_t *pgd) {} + static inline void kvm_clean_pmd_entry(pmd_t *pmd) {} + static inline void kvm_clean_pte(pte_t *pte) {} +diff --git a/arch/arm64/kvm/guest.c b/arch/arm64/kvm/guest.c +index 0874557..a8d81fa 100644 +--- a/arch/arm64/kvm/guest.c ++++ b/arch/arm64/kvm/guest.c +@@ -38,7 +38,6 @@ struct kvm_stats_debugfs_item debugfs_entries[] = { + + int kvm_arch_vcpu_setup(struct kvm_vcpu *vcpu) + { +- vcpu->arch.hcr_el2 = HCR_GUEST_FLAGS; + return 0; + } + +diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c +index 3974881..b76159a 100644 +--- a/arch/arm64/mm/dma-mapping.c ++++ b/arch/arm64/mm/dma-mapping.c +@@ -54,8 +54,7 @@ static void *arm64_swiotlb_alloc_coherent(struct device *dev, size_t size, + + *dma_handle = phys_to_dma(dev, page_to_phys(page)); + addr = page_address(page); +- if (flags & __GFP_ZERO) +- memset(addr, 0, size); ++ memset(addr, 0, size); + return addr; + } else { + return swiotlb_alloc_coherent(dev, size, dma_handle, flags); +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 2f645c9..5dab54a 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -160,7 +160,7 @@ config SBUS + + config NEED_DMA_MAP_STATE + def_bool y +- depends on X86_64 || INTEL_IOMMU || DMA_API_DEBUG ++ depends on X86_64 || INTEL_IOMMU || DMA_API_DEBUG || SWIOTLB + + config NEED_SG_DMA_LENGTH + def_bool y +diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c +index 18f7391..43a07bf 100644 +--- a/arch/x86/kernel/cpu/microcode/intel_early.c ++++ b/arch/x86/kernel/cpu/microcode/intel_early.c +@@ -321,7 +321,7 @@ get_matching_model_microcode(int cpu, unsigned long start, + unsigned int mc_saved_count = mc_saved_data->mc_saved_count; + int i; + +- while (leftover) { ++ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { + mc_header = (struct microcode_header_intel *)ucode_ptr; + + mc_size = get_totalsize(mc_header); +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c +index a1f5b18..490fee1 100644 +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c +@@ -326,13 +326,16 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) + { + struct insn insn; + kprobe_opcode_t buf[MAX_INSN_SIZE]; ++ int length; + + kernel_insn_init(&insn, (void *)recover_probed_instruction(buf, (unsigned long)src)); + insn_get_length(&insn); ++ length = insn.length; ++ + /* Another subsystem puts a breakpoint, failed to recover */ + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) + return 0; +- memcpy(dest, insn.kaddr, insn.length); ++ memcpy(dest, insn.kaddr, length); + + #ifdef CONFIG_X86_64 + if (insn_rip_relative(&insn)) { +@@ -362,7 +365,7 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) + *(s32 *) disp = (s32) newdisp; + } + #endif +- return insn.length; ++ return length; + } + + static int __kprobes arch_copy_kprobe(struct kprobe *p) +diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c +index 9643eda6..0746334 100644 +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -495,8 +495,10 @@ static void skip_emulated_instruction(struct kvm_vcpu *vcpu) + { + struct vcpu_svm *svm = to_svm(vcpu); + +- if (svm->vmcb->control.next_rip != 0) ++ if (svm->vmcb->control.next_rip != 0) { ++ WARN_ON(!static_cpu_has(X86_FEATURE_NRIPS)); + svm->next_rip = svm->vmcb->control.next_rip; ++ } + + if (!svm->next_rip) { + if (emulate_instruction(vcpu, EMULTYPE_SKIP) != +@@ -4246,7 +4248,9 @@ static int svm_check_intercept(struct kvm_vcpu *vcpu, + break; + } + +- vmcb->control.next_rip = info->next_rip; ++ /* TODO: Advertise NRIPS to guest hypervisor unconditionally */ ++ if (static_cpu_has(X86_FEATURE_NRIPS)) ++ vmcb->control.next_rip = info->next_rip; + vmcb->control.exit_code = icpt_info.exit_code; + vmexit = nested_svm_exit_handled(svm); + +diff --git a/drivers/bus/mvebu-mbus.c b/drivers/bus/mvebu-mbus.c +index e990dee..1aa0130 100644 +--- a/drivers/bus/mvebu-mbus.c ++++ b/drivers/bus/mvebu-mbus.c +@@ -701,7 +701,6 @@ static int __init mvebu_mbus_common_init(struct mvebu_mbus_state *mbus, + phys_addr_t sdramwins_phys_base, + size_t sdramwins_size) + { +- struct device_node *np; + int win; + + mbus->mbuswins_base = ioremap(mbuswins_phys_base, mbuswins_size); +@@ -714,12 +713,6 @@ static int __init mvebu_mbus_common_init(struct mvebu_mbus_state *mbus, + return -ENOMEM; + } + +- np = of_find_compatible_node(NULL, NULL, "marvell,coherency-fabric"); +- if (np) { +- mbus->hw_io_coherency = 1; +- of_node_put(np); +- } +- + for (win = 0; win < mbus->soc->num_wins; win++) + mvebu_mbus_disable_window(mbus, win); + +@@ -889,7 +882,7 @@ static void __init mvebu_mbus_get_pcie_resources(struct device_node *np, + } + } + +-int __init mvebu_mbus_dt_init(void) ++int __init mvebu_mbus_dt_init(bool is_coherent) + { + struct resource mbuswins_res, sdramwins_res; + struct device_node *np, *controller; +@@ -928,6 +921,8 @@ int __init mvebu_mbus_dt_init(void) + return -EINVAL; + } + ++ mbus_state.hw_io_coherency = is_coherent; ++ + /* Get optional pcie-{mem,io}-aperture properties */ + mvebu_mbus_get_pcie_resources(np, &mbus_state.pcie_mem_aperture, + &mbus_state.pcie_io_aperture); +diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c +index c611bcc..3e623ab 100644 +--- a/drivers/edac/sb_edac.c ++++ b/drivers/edac/sb_edac.c +@@ -765,7 +765,7 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + u32 reg; + u64 limit, prv = 0; + u64 tmp_mb; +- u32 mb, kb; ++ u32 gb, mb; + u32 rir_way; + + /* +@@ -775,15 +775,17 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + pvt->tolm = pvt->info.get_tolm(pvt); + tmp_mb = (1 + pvt->tolm) >> 20; + +- mb = div_u64_rem(tmp_mb, 1000, &kb); +- edac_dbg(0, "TOLM: %u.%03u GB (0x%016Lx)\n", mb, kb, (u64)pvt->tolm); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); ++ edac_dbg(0, "TOLM: %u.%03u GB (0x%016Lx)\n", ++ gb, (mb*1000)/1024, (u64)pvt->tolm); + + /* Address range is already 45:25 */ + pvt->tohm = pvt->info.get_tohm(pvt); + tmp_mb = (1 + pvt->tohm) >> 20; + +- mb = div_u64_rem(tmp_mb, 1000, &kb); +- edac_dbg(0, "TOHM: %u.%03u GB (0x%016Lx)\n", mb, kb, (u64)pvt->tohm); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); ++ edac_dbg(0, "TOHM: %u.%03u GB (0x%016Lx)\n", ++ gb, (mb*1000)/1024, (u64)pvt->tohm); + + /* + * Step 2) Get SAD range and SAD Interleave list +@@ -805,11 +807,11 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + break; + + tmp_mb = (limit + 1) >> 20; +- mb = div_u64_rem(tmp_mb, 1000, &kb); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); + edac_dbg(0, "SAD#%d %s up to %u.%03u GB (0x%016Lx) Interleave: %s reg=0x%08x\n", + n_sads, + get_dram_attr(reg), +- mb, kb, ++ gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, + INTERLEAVE_MODE(reg) ? "8:6" : "[8:6]XOR[18:16]", + reg); +@@ -840,9 +842,9 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + break; + tmp_mb = (limit + 1) >> 20; + +- mb = div_u64_rem(tmp_mb, 1000, &kb); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); + edac_dbg(0, "TAD#%d: up to %u.%03u GB (0x%016Lx), socket interleave %d, memory interleave %d, TGT: %d, %d, %d, %d, reg=0x%08x\n", +- n_tads, mb, kb, ++ n_tads, gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, + (u32)TAD_SOCK(reg), + (u32)TAD_CH(reg), +@@ -865,10 +867,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + tad_ch_nilv_offset[j], + ®); + tmp_mb = TAD_OFFSET(reg) >> 20; +- mb = div_u64_rem(tmp_mb, 1000, &kb); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); + edac_dbg(0, "TAD CH#%d, offset #%d: %u.%03u GB (0x%016Lx), reg=0x%08x\n", + i, j, +- mb, kb, ++ gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, + reg); + } +@@ -890,10 +892,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + + tmp_mb = RIR_LIMIT(reg) >> 20; + rir_way = 1 << RIR_WAY(reg); +- mb = div_u64_rem(tmp_mb, 1000, &kb); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); + edac_dbg(0, "CH#%d RIR#%d, limit: %u.%03u GB (0x%016Lx), way: %d, reg=0x%08x\n", + i, j, +- mb, kb, ++ gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, + rir_way, + reg); +@@ -904,10 +906,10 @@ static void get_memory_layout(const struct mem_ctl_info *mci) + ®); + tmp_mb = RIR_OFFSET(reg) << 6; + +- mb = div_u64_rem(tmp_mb, 1000, &kb); ++ gb = div_u64_rem(tmp_mb, 1024, &mb); + edac_dbg(0, "CH#%d RIR#%d INTL#%d, offset %u.%03u GB (0x%016Lx), tgt: %d, reg=0x%08x\n", + i, j, k, +- mb, kb, ++ gb, (mb*1000)/1024, + ((u64)tmp_mb) << 20L, + (u32)RIR_RNK_TGT(reg), + reg); +@@ -945,7 +947,7 @@ static int get_memory_error_data(struct mem_ctl_info *mci, + u8 ch_way, sck_way, pkg, sad_ha = 0; + u32 tad_offset; + u32 rir_way; +- u32 mb, kb; ++ u32 mb, gb; + u64 ch_addr, offset, limit = 0, prv = 0; + + +@@ -1183,10 +1185,10 @@ static int get_memory_error_data(struct mem_ctl_info *mci, + continue; + + limit = RIR_LIMIT(reg); +- mb = div_u64_rem(limit >> 20, 1000, &kb); ++ gb = div_u64_rem(limit >> 20, 1024, &mb); + edac_dbg(0, "RIR#%d, limit: %u.%03u GB (0x%016Lx), way: %d\n", + n_rir, +- mb, kb, ++ gb, (mb*1000)/1024, + limit, + 1 << RIR_WAY(reg)); + if (ch_addr <= limit) +diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c +index 019a04a..a467261 100644 +--- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c ++++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c +@@ -810,8 +810,11 @@ netdev_tx_t mlx4_en_xmit(struct sk_buff *skb, struct net_device *dev) + tx_desc->ctrl.fence_size = (real_size / 16) & 0x3f; + tx_desc->ctrl.srcrb_flags = priv->ctrl_flags; + if (likely(skb->ip_summed == CHECKSUM_PARTIAL)) { +- tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM | +- MLX4_WQE_CTRL_TCP_UDP_CSUM); ++ if (!skb->encapsulation) ++ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM | ++ MLX4_WQE_CTRL_TCP_UDP_CSUM); ++ else ++ tx_desc->ctrl.srcrb_flags |= cpu_to_be32(MLX4_WQE_CTRL_IP_CSUM); + ring->tx_csum++; + } + +diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c +index 528bff5..85d370e 100644 +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -3984,10 +3984,6 @@ static int hpsa_kdump_hard_reset_controller(struct pci_dev *pdev) + + /* Save the PCI command register */ + pci_read_config_word(pdev, 4, &command_register); +- /* Turn the board off. This is so that later pci_restore_state() +- * won't turn the board on before the rest of config space is ready. +- */ +- pci_disable_device(pdev); + pci_save_state(pdev); + + /* find the first memory BAR, so we can find the cfg table */ +@@ -4035,11 +4031,6 @@ static int hpsa_kdump_hard_reset_controller(struct pci_dev *pdev) + goto unmap_cfgtable; + + pci_restore_state(pdev); +- rc = pci_enable_device(pdev); +- if (rc) { +- dev_warn(&pdev->dev, "failed to enable device.\n"); +- goto unmap_cfgtable; +- } + pci_write_config_word(pdev, 4, command_register); + + /* Some devices (notably the HP Smart Array 5i Controller) +@@ -4525,6 +4516,23 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev) + if (!reset_devices) + return 0; + ++ /* kdump kernel is loading, we don't know in which state is ++ * the pci interface. The dev->enable_cnt is equal zero ++ * so we call enable+disable, wait a while and switch it on. ++ */ ++ rc = pci_enable_device(pdev); ++ if (rc) { ++ dev_warn(&pdev->dev, "Failed to enable PCI device\n"); ++ return -ENODEV; ++ } ++ pci_disable_device(pdev); ++ msleep(260); /* a randomly chosen number */ ++ rc = pci_enable_device(pdev); ++ if (rc) { ++ dev_warn(&pdev->dev, "failed to enable device.\n"); ++ return -ENODEV; ++ } ++ pci_set_master(pdev); + /* Reset the controller with a PCI power-cycle or via doorbell */ + rc = hpsa_kdump_hard_reset_controller(pdev); + +@@ -4533,10 +4541,11 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev) + * "performant mode". Or, it might be 640x, which can't reset + * due to concerns about shared bbwc between 6402/6404 pair. + */ +- if (rc == -ENOTSUPP) +- return rc; /* just try to do the kdump anyhow. */ +- if (rc) +- return -ENODEV; ++ if (rc) { ++ if (rc != -ENOTSUPP) /* just try to do the kdump anyhow. */ ++ rc = -ENODEV; ++ goto out_disable; ++ } + + /* Now try to get the controller to respond to a no-op */ + dev_warn(&pdev->dev, "Waiting for controller to respond to no-op\n"); +@@ -4547,7 +4556,11 @@ static int hpsa_init_reset_devices(struct pci_dev *pdev) + dev_warn(&pdev->dev, "no-op failed%s\n", + (i < 11 ? "; re-trying" : "")); + } +- return 0; ++ ++out_disable: ++ ++ pci_disable_device(pdev); ++ return rc; + } + + static int hpsa_allocate_cmd_pool(struct ctlr_info *h) +@@ -4690,6 +4703,7 @@ static void hpsa_undo_allocations_after_kdump_soft_reset(struct ctlr_info *h) + iounmap(h->transtable); + if (h->cfgtable) + iounmap(h->cfgtable); ++ pci_disable_device(h->pdev); + pci_release_regions(h->pdev); + kfree(h); + } +diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c +index 93de3ba..f8ffee4 100644 +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -2963,7 +2963,7 @@ done: + */ + if (!p->leave_spinning) + btrfs_set_path_blocking(p); +- if (ret < 0) ++ if (ret < 0 && !p->skip_release_on_error) + btrfs_release_path(p); + return ret; + } +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h +index d3511cc..3b39eb4 100644 +--- a/fs/btrfs/ctree.h ++++ b/fs/btrfs/ctree.h +@@ -608,6 +608,7 @@ struct btrfs_path { + unsigned int skip_locking:1; + unsigned int leave_spinning:1; + unsigned int search_commit_root:1; ++ unsigned int skip_release_on_error:1; + }; + + /* +@@ -3609,6 +3610,10 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, + int verify_dir_item(struct btrfs_root *root, + struct extent_buffer *leaf, + struct btrfs_dir_item *dir_item); ++struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root, ++ struct btrfs_path *path, ++ const char *name, ++ int name_len); + + /* orphan.c */ + int btrfs_insert_orphan_item(struct btrfs_trans_handle *trans, +diff --git a/fs/btrfs/dir-item.c b/fs/btrfs/dir-item.c +index a0691df..9521a93 100644 +--- a/fs/btrfs/dir-item.c ++++ b/fs/btrfs/dir-item.c +@@ -21,10 +21,6 @@ + #include "hash.h" + #include "transaction.h" + +-static struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root, +- struct btrfs_path *path, +- const char *name, int name_len); +- + /* + * insert a name into a directory, doing overflow properly if there is a hash + * collision. data_size indicates how big the item inserted should be. On +@@ -383,9 +379,9 @@ struct btrfs_dir_item *btrfs_lookup_xattr(struct btrfs_trans_handle *trans, + * this walks through all the entries in a dir item and finds one + * for a specific name. + */ +-static struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root, +- struct btrfs_path *path, +- const char *name, int name_len) ++struct btrfs_dir_item *btrfs_match_dir_item_name(struct btrfs_root *root, ++ struct btrfs_path *path, ++ const char *name, int name_len) + { + struct btrfs_dir_item *dir_item; + unsigned long name_ptr; +diff --git a/fs/btrfs/xattr.c b/fs/btrfs/xattr.c +index 488e987..618e86c 100644 +--- a/fs/btrfs/xattr.c ++++ b/fs/btrfs/xattr.c +@@ -29,6 +29,7 @@ + #include "xattr.h" + #include "disk-io.h" + #include "props.h" ++#include "locking.h" + + + ssize_t __btrfs_getxattr(struct inode *inode, const char *name, +@@ -91,7 +92,7 @@ static int do_setxattr(struct btrfs_trans_handle *trans, + struct inode *inode, const char *name, + const void *value, size_t size, int flags) + { +- struct btrfs_dir_item *di; ++ struct btrfs_dir_item *di = NULL; + struct btrfs_root *root = BTRFS_I(inode)->root; + struct btrfs_path *path; + size_t name_len = strlen(name); +@@ -103,84 +104,119 @@ static int do_setxattr(struct btrfs_trans_handle *trans, + path = btrfs_alloc_path(); + if (!path) + return -ENOMEM; ++ path->skip_release_on_error = 1; ++ ++ if (!value) { ++ di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), ++ name, name_len, -1); ++ if (!di && (flags & XATTR_REPLACE)) ++ ret = -ENODATA; ++ else if (di) ++ ret = btrfs_delete_one_dir_name(trans, root, path, di); ++ goto out; ++ } + ++ /* ++ * For a replace we can't just do the insert blindly. ++ * Do a lookup first (read-only btrfs_search_slot), and return if xattr ++ * doesn't exist. If it exists, fall down below to the insert/replace ++ * path - we can't race with a concurrent xattr delete, because the VFS ++ * locks the inode's i_mutex before calling setxattr or removexattr. ++ */ + if (flags & XATTR_REPLACE) { +- di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), name, +- name_len, -1); +- if (IS_ERR(di)) { +- ret = PTR_ERR(di); +- goto out; +- } else if (!di) { ++ ASSERT(mutex_is_locked(&inode->i_mutex)); ++ di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(inode), ++ name, name_len, 0); ++ if (!di) { + ret = -ENODATA; + goto out; + } +- ret = btrfs_delete_one_dir_name(trans, root, path, di); +- if (ret) +- goto out; + btrfs_release_path(path); ++ di = NULL; ++ } + ++ ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(inode), ++ name, name_len, value, size); ++ if (ret == -EOVERFLOW) { + /* +- * remove the attribute ++ * We have an existing item in a leaf, split_leaf couldn't ++ * expand it. That item might have or not a dir_item that ++ * matches our target xattr, so lets check. + */ +- if (!value) +- goto out; +- } else { +- di = btrfs_lookup_xattr(NULL, root, path, btrfs_ino(inode), +- name, name_len, 0); +- if (IS_ERR(di)) { +- ret = PTR_ERR(di); ++ ret = 0; ++ btrfs_assert_tree_locked(path->nodes[0]); ++ di = btrfs_match_dir_item_name(root, path, name, name_len); ++ if (!di && !(flags & XATTR_REPLACE)) { ++ ret = -ENOSPC; + goto out; + } +- if (!di && !value) +- goto out; +- btrfs_release_path(path); ++ } else if (ret == -EEXIST) { ++ ret = 0; ++ di = btrfs_match_dir_item_name(root, path, name, name_len); ++ ASSERT(di); /* logic error */ ++ } else if (ret) { ++ goto out; + } + +-again: +- ret = btrfs_insert_xattr_item(trans, root, path, btrfs_ino(inode), +- name, name_len, value, size); +- /* +- * If we're setting an xattr to a new value but the new value is say +- * exactly BTRFS_MAX_XATTR_SIZE, we could end up with EOVERFLOW getting +- * back from split_leaf. This is because it thinks we'll be extending +- * the existing item size, but we're asking for enough space to add the +- * item itself. So if we get EOVERFLOW just set ret to EEXIST and let +- * the rest of the function figure it out. +- */ +- if (ret == -EOVERFLOW) ++ if (di && (flags & XATTR_CREATE)) { + ret = -EEXIST; ++ goto out; ++ } + +- if (ret == -EEXIST) { +- if (flags & XATTR_CREATE) +- goto out; ++ if (di) { + /* +- * We can't use the path we already have since we won't have the +- * proper locking for a delete, so release the path and +- * re-lookup to delete the thing. ++ * We're doing a replace, and it must be atomic, that is, at ++ * any point in time we have either the old or the new xattr ++ * value in the tree. We don't want readers (getxattr and ++ * listxattrs) to miss a value, this is specially important ++ * for ACLs. + */ +- btrfs_release_path(path); +- di = btrfs_lookup_xattr(trans, root, path, btrfs_ino(inode), +- name, name_len, -1); +- if (IS_ERR(di)) { +- ret = PTR_ERR(di); +- goto out; +- } else if (!di) { +- /* Shouldn't happen but just in case... */ +- btrfs_release_path(path); +- goto again; ++ const int slot = path->slots[0]; ++ struct extent_buffer *leaf = path->nodes[0]; ++ const u16 old_data_len = btrfs_dir_data_len(leaf, di); ++ const u32 item_size = btrfs_item_size_nr(leaf, slot); ++ const u32 data_size = sizeof(*di) + name_len + size; ++ struct btrfs_item *item; ++ unsigned long data_ptr; ++ char *ptr; ++ ++ if (size > old_data_len) { ++ if (btrfs_leaf_free_space(root, leaf) < ++ (size - old_data_len)) { ++ ret = -ENOSPC; ++ goto out; ++ } + } + +- ret = btrfs_delete_one_dir_name(trans, root, path, di); +- if (ret) +- goto out; ++ if (old_data_len + name_len + sizeof(*di) == item_size) { ++ /* No other xattrs packed in the same leaf item. */ ++ if (size > old_data_len) ++ btrfs_extend_item(root, path, ++ size - old_data_len); ++ else if (size < old_data_len) ++ btrfs_truncate_item(root, path, data_size, 1); ++ } else { ++ /* There are other xattrs packed in the same item. */ ++ ret = btrfs_delete_one_dir_name(trans, root, path, di); ++ if (ret) ++ goto out; ++ btrfs_extend_item(root, path, data_size); ++ } + ++ item = btrfs_item_nr(slot); ++ ptr = btrfs_item_ptr(leaf, slot, char); ++ ptr += btrfs_item_size(leaf, item) - data_size; ++ di = (struct btrfs_dir_item *)ptr; ++ btrfs_set_dir_data_len(leaf, di, size); ++ data_ptr = ((unsigned long)(di + 1)) + name_len; ++ write_extent_buffer(leaf, value, data_ptr, size); ++ btrfs_mark_buffer_dirty(leaf); ++ } else { + /* +- * We have a value to set, so go back and try to insert it now. ++ * Insert, and we had space for the xattr, so path->slots[0] is ++ * where our xattr dir_item is and btrfs_insert_xattr_item() ++ * filled it. + */ +- if (value) { +- btrfs_release_path(path); +- goto again; +- } + } + out: + btrfs_free_path(path); +diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c +index 7fe30f6..35f54bc 100644 +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -2478,9 +2478,7 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, + struct address_space *mapping = out->f_mapping; + struct inode *inode = mapping->host; + struct splice_desc sd = { +- .total_len = len, + .flags = flags, +- .pos = *ppos, + .u.file = out, + }; + +@@ -2490,6 +2488,12 @@ static ssize_t ocfs2_file_splice_write(struct pipe_inode_info *pipe, + out->f_path.dentry->d_name.len, + out->f_path.dentry->d_name.name, len); + ++ ret = generic_write_checks(out, ppos, &len, 0); ++ if (ret) ++ return ret; ++ sd.total_len = len; ++ sd.pos = *ppos; ++ + pipe_lock(pipe); + + splice_from_pipe_begin(&sd); +diff --git a/fs/splice.c b/fs/splice.c +index 12028fa..f345d53 100644 +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -1012,13 +1012,17 @@ generic_file_splice_write(struct pipe_inode_info *pipe, struct file *out, + struct address_space *mapping = out->f_mapping; + struct inode *inode = mapping->host; + struct splice_desc sd = { +- .total_len = len, + .flags = flags, +- .pos = *ppos, + .u.file = out, + }; + ssize_t ret; + ++ ret = generic_write_checks(out, ppos, &len, S_ISBLK(inode->i_mode)); ++ if (ret) ++ return ret; ++ sd.total_len = len; ++ sd.pos = *ppos; ++ + pipe_lock(pipe); + + splice_from_pipe_begin(&sd); +diff --git a/include/linux/mbus.h b/include/linux/mbus.h +index 345b8c5..550c88f 100644 +--- a/include/linux/mbus.h ++++ b/include/linux/mbus.h +@@ -73,6 +73,6 @@ int mvebu_mbus_del_window(phys_addr_t base, size_t size); + int mvebu_mbus_init(const char *soc, phys_addr_t mbus_phys_base, + size_t mbus_size, phys_addr_t sdram_phys_base, + size_t sdram_size); +-int mvebu_mbus_dt_init(void); ++int mvebu_mbus_dt_init(bool is_coherent); + + #endif /* __LINUX_MBUS_H */ +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index c68e5e0..99de240 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -855,7 +855,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, + + if (nla[NFTA_CHAIN_POLICY]) { + if ((chain != NULL && +- !(chain->flags & NFT_BASE_CHAIN)) || ++ !(chain->flags & NFT_BASE_CHAIN))) ++ return -EOPNOTSUPP; ++ ++ if (chain == NULL && + nla[NFTA_CHAIN_HOOK] == NULL) + return -EOPNOTSUPP; + +diff --git a/net/netfilter/nfnetlink_cthelper.c b/net/netfilter/nfnetlink_cthelper.c +index 9e287cb..54330fb 100644 +--- a/net/netfilter/nfnetlink_cthelper.c ++++ b/net/netfilter/nfnetlink_cthelper.c +@@ -77,6 +77,9 @@ nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple, + if (!tb[NFCTH_TUPLE_L3PROTONUM] || !tb[NFCTH_TUPLE_L4PROTONUM]) + return -EINVAL; + ++ /* Not all fields are initialized so first zero the tuple */ ++ memset(tuple, 0, sizeof(struct nf_conntrack_tuple)); ++ + tuple->src.l3num = ntohs(nla_get_be16(tb[NFCTH_TUPLE_L3PROTONUM])); + tuple->dst.protonum = nla_get_u8(tb[NFCTH_TUPLE_L4PROTONUM]); + +@@ -86,7 +89,7 @@ nfnl_cthelper_parse_tuple(struct nf_conntrack_tuple *tuple, + static int + nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct) + { +- const struct nf_conn_help *help = nfct_help(ct); ++ struct nf_conn_help *help = nfct_help(ct); + + if (attr == NULL) + return -EINVAL; +@@ -94,7 +97,7 @@ nfnl_cthelper_from_nlattr(struct nlattr *attr, struct nf_conn *ct) + if (help->helper->data_len == 0) + return -EINVAL; + +- memcpy(&help->data, nla_data(attr), help->helper->data_len); ++ memcpy(help->data, nla_data(attr), help->helper->data_len); + return 0; + } + +diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c +index 7350723..9695895 100644 +--- a/net/netfilter/nft_compat.c ++++ b/net/netfilter/nft_compat.c +@@ -82,6 +82,9 @@ nft_target_set_tgchk_param(struct xt_tgchk_param *par, + entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; + break; + case AF_INET6: ++ if (proto) ++ entry->e6.ipv6.flags |= IP6T_F_PROTO; ++ + entry->e6.ipv6.proto = proto; + entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0; + break; +@@ -313,6 +316,9 @@ nft_match_set_mtchk_param(struct xt_mtchk_param *par, const struct nft_ctx *ctx, + entry->e4.ip.invflags = inv ? IPT_INV_PROTO : 0; + break; + case AF_INET6: ++ if (proto) ++ entry->e6.ipv6.flags |= IP6T_F_PROTO; ++ + entry->e6.ipv6.proto = proto; + entry->e6.ipv6.invflags = inv ? IP6T_INV_PROTO : 0; + break; +diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c +index 1316e55..c324a52 100644 +--- a/virt/kvm/arm/vgic.c ++++ b/virt/kvm/arm/vgic.c +@@ -674,7 +674,7 @@ static bool read_set_clear_sgi_pend_reg(struct kvm_vcpu *vcpu, + { + struct vgic_dist *dist = &vcpu->kvm->arch.vgic; + int sgi; +- int min_sgi = (offset & ~0x3) * 4; ++ int min_sgi = (offset & ~0x3); + int max_sgi = min_sgi + 3; + int vcpu_id = vcpu->vcpu_id; + u32 reg = 0; +@@ -695,7 +695,7 @@ static bool write_set_clear_sgi_pend_reg(struct kvm_vcpu *vcpu, + { + struct vgic_dist *dist = &vcpu->kvm->arch.vgic; + int sgi; +- int min_sgi = (offset & ~0x3) * 4; ++ int min_sgi = (offset & ~0x3); + int max_sgi = min_sgi + 3; + int vcpu_id = vcpu->vcpu_id; + u32 reg; +@@ -1387,7 +1387,8 @@ out: + int kvm_vgic_inject_irq(struct kvm *kvm, int cpuid, unsigned int irq_num, + bool level) + { +- if (vgic_update_irq_state(kvm, cpuid, irq_num, level)) ++ if (likely(vgic_initialized(kvm)) && ++ vgic_update_irq_state(kvm, cpuid, irq_num, level)) + vgic_kick_vcpus(kvm); + + return 0; +@@ -1610,7 +1611,7 @@ out: + + int kvm_vgic_create(struct kvm *kvm) + { +- int i, vcpu_lock_idx = -1, ret = 0; ++ int i, vcpu_lock_idx = -1, ret; + struct kvm_vcpu *vcpu; + + mutex_lock(&kvm->lock); +@@ -1625,6 +1626,7 @@ int kvm_vgic_create(struct kvm *kvm) + * vcpu->mutex. By grabbing the vcpu->mutex of all VCPUs we ensure + * that no other VCPUs are run while we create the vgic. + */ ++ ret = -EBUSY; + kvm_for_each_vcpu(i, vcpu, kvm) { + if (!mutex_trylock(&vcpu->mutex)) + goto out_unlock; +@@ -1632,11 +1634,10 @@ int kvm_vgic_create(struct kvm *kvm) + } + + kvm_for_each_vcpu(i, vcpu, kvm) { +- if (vcpu->arch.has_run_once) { +- ret = -EBUSY; ++ if (vcpu->arch.has_run_once) + goto out_unlock; +- } + } ++ ret = 0; + + spin_lock_init(&kvm->arch.vgic.lock); + kvm->arch.vgic.vctrl_base = vgic_vctrl_base; diff --git a/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch b/3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch index 008971f..f646996 100644 --- a/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch +++ b/3.14.47/4420_grsecurity-3.1-3.14.47-201507050832.patch @@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index def39fd..4636aea 100644 +index f9041e6..46bcf1d 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3307,7 +3307,7 @@ index 7bcee5c..e2f3249 100644 __data_loc = .; #endif diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c -index df6e75e..1858aa0 100644 +index 2e74a61..14d0a66 100644 --- a/arch/arm/kvm/arm.c +++ b/arch/arm/kvm/arm.c @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors; @@ -3319,7 +3319,7 @@ index df6e75e..1858aa0 100644 static u8 kvm_next_vmid; static DEFINE_SPINLOCK(kvm_vmid_lock); -@@ -371,7 +371,7 @@ void force_vm_exit(const cpumask_t *mask) +@@ -376,7 +376,7 @@ void force_vm_exit(const cpumask_t *mask) */ static bool need_new_vmid_gen(struct kvm *kvm) { @@ -3328,7 +3328,7 @@ index df6e75e..1858aa0 100644 } /** -@@ -404,7 +404,7 @@ static void update_vttbr(struct kvm *kvm) +@@ -409,7 +409,7 @@ static void update_vttbr(struct kvm *kvm) /* First user of a new VMID generation? */ if (unlikely(kvm_next_vmid == 0)) { @@ -3337,7 +3337,7 @@ index df6e75e..1858aa0 100644 kvm_next_vmid = 1; /* -@@ -421,7 +421,7 @@ static void update_vttbr(struct kvm *kvm) +@@ -426,7 +426,7 @@ static void update_vttbr(struct kvm *kvm) kvm_call_hyp(__kvm_flush_vm_context); } @@ -3346,7 +3346,7 @@ index df6e75e..1858aa0 100644 kvm->arch.vmid = kvm_next_vmid; kvm_next_vmid++; -@@ -996,7 +996,7 @@ static void check_kvm_target_cpu(void *ret) +@@ -1013,7 +1013,7 @@ static void check_kvm_target_cpu(void *ret) /** * Initialize Hyp-mode and memory mappings on all CPUs. */ @@ -12396,7 +12396,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 2f645c9..7e2933c 100644 +index 5dab54a..a20467d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -22,6 +22,7 @@ config X86_64 @@ -21769,15 +21769,13 @@ index a276fa7..3ef18f0 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/cpu/microcode/intel_early.c b/arch/x86/kernel/cpu/microcode/intel_early.c -index 18f7391..8c5225d 100644 +index 43a07bf..8c5225d 100644 --- a/arch/x86/kernel/cpu/microcode/intel_early.c +++ b/arch/x86/kernel/cpu/microcode/intel_early.c -@@ -321,7 +321,11 @@ get_matching_model_microcode(int cpu, unsigned long start, - unsigned int mc_saved_count = mc_saved_data->mc_saved_count; +@@ -322,6 +322,10 @@ get_matching_model_microcode(int cpu, unsigned long start, int i; -- while (leftover) { -+ while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { + while (leftover && mc_saved_count < ARRAY_SIZE(mc_saved_tmp)) { + + if (leftover < sizeof(mc_header)) + break; @@ -25816,7 +25814,7 @@ index 7ec1d5f..5a7d130 100644 } diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c -index a1f5b18..9d9e077 100644 +index 490fee1..d7eb482 100644 --- a/arch/x86/kernel/kprobes/core.c +++ b/arch/x86/kernel/kprobes/core.c @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -25854,17 +25852,17 @@ index a1f5b18..9d9e077 100644 } /* -@@ -332,7 +335,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) +@@ -335,7 +338,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) /* Another subsystem puts a breakpoint, failed to recover */ if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) return 0; + pax_open_kernel(); - memcpy(dest, insn.kaddr, insn.length); + memcpy(dest, insn.kaddr, length); + pax_close_kernel(); #ifdef CONFIG_X86_64 if (insn_rip_relative(&insn)) { -@@ -359,7 +364,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) +@@ -362,7 +367,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src) return 0; } disp = (u8 *) dest + insn_offset_displacement(&insn); @@ -25873,8 +25871,8 @@ index a1f5b18..9d9e077 100644 + pax_close_kernel(); } #endif - return insn.length; -@@ -498,7 +505,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k + return length; +@@ -501,7 +508,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k * nor set current_kprobe, because it doesn't use single * stepping. */ @@ -25883,7 +25881,7 @@ index a1f5b18..9d9e077 100644 preempt_enable_no_resched(); return; } -@@ -515,9 +522,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k +@@ -518,9 +525,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k regs->flags &= ~X86_EFLAGS_IF; /* single step inline if the instruction is an int3 */ if (p->opcode == BREAKPOINT_INSTRUCTION) @@ -25895,7 +25893,7 @@ index a1f5b18..9d9e077 100644 } /* -@@ -596,7 +603,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -599,7 +606,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -25904,7 +25902,7 @@ index a1f5b18..9d9e077 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -642,6 +649,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -645,6 +652,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -25914,7 +25912,7 @@ index a1f5b18..9d9e077 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -779,7 +789,7 @@ static void __kprobes +@@ -782,7 +792,7 @@ static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); @@ -25923,7 +25921,7 @@ index a1f5b18..9d9e077 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -961,7 +971,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d +@@ -964,7 +974,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d struct die_args *args = data; int ret = NOTIFY_DONE; @@ -28893,10 +28891,10 @@ index cba218a..1cc1bed 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 9643eda6..c9cb765 100644 +index 0746334..f6c04e8 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3508,7 +3508,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3510,7 +3510,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -28908,7 +28906,7 @@ index 9643eda6..c9cb765 100644 load_TR_desc(); } -@@ -3911,6 +3915,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3913,6 +3917,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -51585,7 +51583,7 @@ index f28ea07..34b16d3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 528bff5..84963854 100644 +index 85d370e..7374c8c 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -51636,7 +51634,7 @@ index 528bff5..84963854 100644 (h->interrupts_enabled == 0); } -@@ -4442,7 +4442,7 @@ static int hpsa_pci_init(struct ctlr_info *h) +@@ -4433,7 +4433,7 @@ static int hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -51645,7 +51643,7 @@ index 528bff5..84963854 100644 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); -@@ -4712,7 +4712,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4726,7 +4726,7 @@ static void controller_lockup_detected(struct ctlr_info *h) { unsigned long flags; @@ -51654,7 +51652,7 @@ index 528bff5..84963854 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4843,7 +4843,7 @@ reinit_after_soft_reset: +@@ -4857,7 +4857,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -51663,7 +51661,7 @@ index 528bff5..84963854 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4877,7 +4877,7 @@ reinit_after_soft_reset: +@@ -4891,7 +4891,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -51672,7 +51670,7 @@ index 528bff5..84963854 100644 spin_unlock_irqrestore(&h->lock, flags); free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4896,9 +4896,9 @@ reinit_after_soft_reset: +@@ -4910,9 +4910,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -51684,7 +51682,7 @@ index 528bff5..84963854 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4919,7 +4919,7 @@ reinit_after_soft_reset: +@@ -4933,7 +4933,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -51693,7 +51691,7 @@ index 528bff5..84963854 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4988,7 +4988,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -5002,7 +5002,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -51702,7 +51700,7 @@ index 528bff5..84963854 100644 hpsa_free_irqs_and_disable_msix(h); } -@@ -5162,7 +5162,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) +@@ -5176,7 +5176,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) return; } /* Change the access methods to the performant access methods */ @@ -55240,6 +55238,19 @@ index 8cfc319..4868255 100644 return 0; } +diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c +index 3740a3f..466ec15 100644 +--- a/drivers/usb/gadget/configfs.c ++++ b/drivers/usb/gadget/configfs.c +@@ -560,7 +560,7 @@ static struct config_group *function_make( + if (IS_ERR(fi)) + return ERR_CAST(fi); + +- ret = config_item_set_name(&fi->group.cg_item, name); ++ ret = config_item_set_name(&fi->group.cg_item, "%s", name); + if (ret) { + usb_put_function_instance(fi); + return ERR_PTR(ret); diff --git a/drivers/usb/gadget/f_uac1.c b/drivers/usb/gadget/f_uac1.c index 2b4c82d..06a8ee6 100644 --- a/drivers/usb/gadget/f_uac1.c @@ -66906,7 +66917,7 @@ index 1e86823..8e34695 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 93de3ba..0e1cf23 100644 +index f8ffee4..b82e697 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1216,9 +1216,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -67968,6 +67979,28 @@ index e081acb..911df21 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/configfs/item.c b/fs/configfs/item.c +index 50cee7f..8238ebd 100644 +--- a/fs/configfs/item.c ++++ b/fs/configfs/item.c +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item, + const char *name, + struct config_item_type *type) + { +- config_item_set_name(item, name); ++ config_item_set_name(item, "%s", name); + item->ci_type = type; + config_item_init(item); + } +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name); + void config_group_init_type_name(struct config_group *group, const char *name, + struct config_item_type *type) + { +- config_item_set_name(&group->cg_item, name); ++ config_item_set_name(&group->cg_item, "%s", name); + group->cg_item.ci_type = type; + config_group_init(group); + } diff --git a/fs/coredump.c b/fs/coredump.c index a93f7e6..d58bcbe 100644 --- a/fs/coredump.c @@ -75409,7 +75442,7 @@ index 1d641bb..9ca7f61 100644 { const struct seq_operations *op = ((struct seq_file *)file->private_data)->op; diff --git a/fs/splice.c b/fs/splice.c -index 12028fa..2cde9b2 100644 +index f345d53..f6e7484 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -196,7 +196,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -75491,7 +75524,7 @@ index 12028fa..2cde9b2 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1171,7 +1171,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1175,7 +1175,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, long ret, bytes; umode_t i_mode; size_t len; @@ -75500,7 +75533,7 @@ index 12028fa..2cde9b2 100644 /* * We require the input being a regular file, as we don't want to -@@ -1197,7 +1197,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1201,7 +1201,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -75509,7 +75542,7 @@ index 12028fa..2cde9b2 100644 current->splice_pipe = pipe; } -@@ -1214,6 +1214,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1218,6 +1218,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * Don't block on output, we have to drain the direct pipe. */ sd->flags &= ~SPLICE_F_NONBLOCK; @@ -75517,7 +75550,7 @@ index 12028fa..2cde9b2 100644 while (len) { size_t read_len; -@@ -1227,6 +1228,15 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1231,6 +1232,15 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, sd->total_len = read_len; /* @@ -75533,7 +75566,7 @@ index 12028fa..2cde9b2 100644 * NOTE: nonblocking mode only applies to the input. We * must not do the output in nonblocking mode as then we * could get stuck data in the internal pipe: -@@ -1493,6 +1503,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, +@@ -1497,6 +1507,7 @@ static int get_iovec_page_array(const struct iovec __user *iov, partial[buffers].offset = off; partial[buffers].len = plen; @@ -75541,7 +75574,7 @@ index 12028fa..2cde9b2 100644 off = 0; len -= plen; -@@ -1795,9 +1806,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1799,9 +1810,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -75553,7 +75586,7 @@ index 12028fa..2cde9b2 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1829,7 +1840,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1833,7 +1844,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -75562,7 +75595,7 @@ index 12028fa..2cde9b2 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1842,9 +1853,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1846,9 +1857,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -75574,7 +75607,7 @@ index 12028fa..2cde9b2 100644 } pipe_unlock(pipe); -@@ -1880,14 +1891,14 @@ retry: +@@ -1884,14 +1895,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -75591,7 +75624,7 @@ index 12028fa..2cde9b2 100644 break; /* -@@ -1984,7 +1995,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1988,7 +1999,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -75600,7 +75633,7 @@ index 12028fa..2cde9b2 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -2029,7 +2040,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -2033,7 +2044,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -81750,7 +81783,7 @@ index 0000000..4c7e00a +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..f056b81 +index 0000000..ed6ee43 --- /dev/null +++ b/grsecurity/gracl_ip.c @@ -0,0 +1,386 @@ @@ -81824,7 +81857,7 @@ index 0000000..f056b81 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc", "vsock" + }; + +const char * @@ -89322,9 +89355,18 @@ index 5d5aaae..0ea9b84 100644 extern bool completion_done(struct completion *x); diff --git a/include/linux/configfs.h b/include/linux/configfs.h -index 34025df..d94bbbc 100644 +index 34025df..2a6ee32 100644 --- a/include/linux/configfs.h +++ b/include/linux/configfs.h +@@ -64,7 +64,7 @@ struct config_item { + struct dentry *ci_dentry; + }; + +-extern int config_item_set_name(struct config_item *, const char *, ...); ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...); + + static inline char *config_item_name(struct config_item * item) + { @@ -125,7 +125,7 @@ struct configfs_attribute { const char *ca_name; struct module *ca_owner; @@ -114514,7 +114556,7 @@ index f042ae5..30ea486 100644 } EXPORT_SYMBOL(nf_unregister_sockopt); diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c -index c68e5e0..3bed3f0 100644 +index 99de240..539632e 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -152,8 +152,8 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi, @@ -114576,10 +114618,10 @@ index 108120f..5b169db 100644 queued = 0; err = 0; diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c -index 7350723..af7fa0d 100644 +index 9695895..f0a05e6 100644 --- a/net/netfilter/nft_compat.c +++ b/net/netfilter/nft_compat.c -@@ -216,7 +216,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in) +@@ -219,7 +219,7 @@ target_dump_info(struct sk_buff *skb, const struct xt_target *t, const void *in) /* We want to reuse existing compat_to_user */ old_fs = get_fs(); set_fs(KERNEL_DS); @@ -114588,7 +114630,7 @@ index 7350723..af7fa0d 100644 set_fs(old_fs); ret = nla_put(skb, NFTA_TARGET_INFO, XT_ALIGN(t->targetsize), out); kfree(out); -@@ -283,14 +283,7 @@ static void nft_match_eval(const struct nft_expr *expr, +@@ -286,14 +286,7 @@ static void nft_match_eval(const struct nft_expr *expr, return; } @@ -114604,7 +114646,7 @@ index 7350723..af7fa0d 100644 } static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { -@@ -403,7 +396,7 @@ match_dump_info(struct sk_buff *skb, const struct xt_match *m, const void *in) +@@ -409,7 +402,7 @@ match_dump_info(struct sk_buff *skb, const struct xt_match *m, const void *in) /* We want to reuse existing compat_to_user */ old_fs = get_fs(); set_fs(KERNEL_DS); diff --git a/3.14.46/4425_grsec_remove_EI_PAX.patch b/3.14.47/4425_grsec_remove_EI_PAX.patch index a80a5d7..a80a5d7 100644 --- a/3.14.46/4425_grsec_remove_EI_PAX.patch +++ b/3.14.47/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.46/4427_force_XATTR_PAX_tmpfs.patch b/3.14.47/4427_force_XATTR_PAX_tmpfs.patch index 4c236cc..4c236cc 100644 --- a/3.14.46/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.47/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.46/4430_grsec-remove-localversion-grsec.patch b/3.14.47/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.46/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.47/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.46/4435_grsec-mute-warnings.patch b/3.14.47/4435_grsec-mute-warnings.patch index 2c2d463..2c2d463 100644 --- a/3.14.46/4435_grsec-mute-warnings.patch +++ b/3.14.47/4435_grsec-mute-warnings.patch diff --git a/3.14.46/4440_grsec-remove-protected-paths.patch b/3.14.47/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.46/4440_grsec-remove-protected-paths.patch +++ b/3.14.47/4440_grsec-remove-protected-paths.patch diff --git a/3.14.46/4450_grsec-kconfig-default-gids.patch b/3.14.47/4450_grsec-kconfig-default-gids.patch index b96defc..b96defc 100644 --- a/3.14.46/4450_grsec-kconfig-default-gids.patch +++ b/3.14.47/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.46/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.47/4465_selinux-avc_audit-log-curr_ip.patch index bba906e..bba906e 100644 --- a/3.14.46/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.47/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.46/4470_disable-compat_vdso.patch b/3.14.47/4470_disable-compat_vdso.patch index 3b3953b..3b3953b 100644 --- a/3.14.46/4470_disable-compat_vdso.patch +++ b/3.14.47/4470_disable-compat_vdso.patch diff --git a/3.14.46/4475_emutramp_default_on.patch b/3.14.47/4475_emutramp_default_on.patch index a128205..a128205 100644 --- a/3.14.46/4475_emutramp_default_on.patch +++ b/3.14.47/4475_emutramp_default_on.patch diff --git a/3.2.69/0000_README b/3.2.69/0000_README index d006716..6773701 100644 --- a/3.2.69/0000_README +++ b/3.2.69/0000_README @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch From: http://www.kernel.org Desc: Linux 3.2.69 -Patch: 4420_grsecurity-3.1-3.2.69-201506300708.patch +Patch: 4420_grsecurity-3.1-3.2.69-201507050830.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch index e8aabfa..57ddd0b 100644 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201507050830.patch @@ -59119,6 +59119,28 @@ index 5ef72c8..0c72810 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/configfs/item.c b/fs/configfs/item.c +index 50cee7f..8238ebd 100644 +--- a/fs/configfs/item.c ++++ b/fs/configfs/item.c +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item, + const char *name, + struct config_item_type *type) + { +- config_item_set_name(item, name); ++ config_item_set_name(item, "%s", name); + item->ci_type = type; + config_item_init(item); + } +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name); + void config_group_init_type_name(struct config_group *group, const char *name, + struct config_item_type *type) + { +- config_item_set_name(&group->cg_item, name); ++ config_item_set_name(&group->cg_item, "%s", name); + group->cg_item.ci_type = type; + config_group_init(group); + } diff --git a/fs/configfs/mount.c b/fs/configfs/mount.c index 276e15c..aeac324 100644 --- a/fs/configfs/mount.c @@ -73326,7 +73348,7 @@ index 0000000..b916759 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..35f8064 +index 0000000..e0bbcf4 --- /dev/null +++ b/grsecurity/gracl_ip.c @@ -0,0 +1,386 @@ @@ -73400,7 +73422,7 @@ index 0000000..35f8064 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc" + }; + +const char * @@ -81044,9 +81066,18 @@ index 51494e6..340575ab 100644 extern bool completion_done(struct completion *x); diff --git a/include/linux/configfs.h b/include/linux/configfs.h -index 3081c58..7714c00 100644 +index 3081c58..5a0b545 100644 --- a/include/linux/configfs.h +++ b/include/linux/configfs.h +@@ -64,7 +64,7 @@ struct config_item { + struct dentry *ci_dentry; + }; + +-extern int config_item_set_name(struct config_item *, const char *, ...); ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...); + + static inline char *config_item_name(struct config_item * item) + { @@ -125,7 +125,7 @@ struct configfs_attribute { const char *ca_name; struct module *ca_owner; diff --git a/4.0.7/0000_README b/4.0.7/0000_README index 1c85007..fc634e5 100644 --- a/4.0.7/0000_README +++ b/4.0.7/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1006_linux-4.0.7.patch -From: http://www.kernel.org -Desc: Linux 4.0.7 - -Patch: 4420_grsecurity-3.1-4.0.7-201506300712.patch +Patch: 4420_grsecurity-3.1-4.0.7-201507050833.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.0.7/1006_linux-4.0.7.patch b/4.0.7/1006_linux-4.0.7.patch deleted file mode 100644 index 0b9b646..0000000 --- a/4.0.7/1006_linux-4.0.7.patch +++ /dev/null @@ -1,707 +0,0 @@ -diff --git a/Makefile b/Makefile -index af6da04..bd76a8e 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 4 - PATCHLEVEL = 0 --SUBLEVEL = 6 -+SUBLEVEL = 7 - EXTRAVERSION = - NAME = Hurr durr I'ma sheep - -diff --git a/arch/arm/mach-exynos/common.h b/arch/arm/mach-exynos/common.h -index f70eca7..0ef8d4b 100644 ---- a/arch/arm/mach-exynos/common.h -+++ b/arch/arm/mach-exynos/common.h -@@ -153,6 +153,8 @@ extern void exynos_enter_aftr(void); - - extern struct cpuidle_exynos_data cpuidle_coupled_exynos_data; - -+extern void exynos_set_delayed_reset_assertion(bool enable); -+ - extern void s5p_init_cpu(void __iomem *cpuid_addr); - extern unsigned int samsung_rev(void); - extern void __iomem *cpu_boot_reg_base(void); -diff --git a/arch/arm/mach-exynos/exynos.c b/arch/arm/mach-exynos/exynos.c -index 9e9dfdf..1081ff1 100644 ---- a/arch/arm/mach-exynos/exynos.c -+++ b/arch/arm/mach-exynos/exynos.c -@@ -166,6 +166,33 @@ static void __init exynos_init_io(void) - exynos_map_io(); - } - -+/* -+ * Set or clear the USE_DELAYED_RESET_ASSERTION option. Used by smp code -+ * and suspend. -+ * -+ * This is necessary only on Exynos4 SoCs. When system is running -+ * USE_DELAYED_RESET_ASSERTION should be set so the ARM CLK clock down -+ * feature could properly detect global idle state when secondary CPU is -+ * powered down. -+ * -+ * However this should not be set when such system is going into suspend. -+ */ -+void exynos_set_delayed_reset_assertion(bool enable) -+{ -+ if (soc_is_exynos4()) { -+ unsigned int tmp, core_id; -+ -+ for (core_id = 0; core_id < num_possible_cpus(); core_id++) { -+ tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id)); -+ if (enable) -+ tmp |= S5P_USE_DELAYED_RESET_ASSERTION; -+ else -+ tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION); -+ pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id)); -+ } -+ } -+} -+ - static const struct of_device_id exynos_dt_pmu_match[] = { - { .compatible = "samsung,exynos3250-pmu" }, - { .compatible = "samsung,exynos4210-pmu" }, -diff --git a/arch/arm/mach-exynos/platsmp.c b/arch/arm/mach-exynos/platsmp.c -index d2e9f12..d45e8cd 100644 ---- a/arch/arm/mach-exynos/platsmp.c -+++ b/arch/arm/mach-exynos/platsmp.c -@@ -34,30 +34,6 @@ - - extern void exynos4_secondary_startup(void); - --/* -- * Set or clear the USE_DELAYED_RESET_ASSERTION option, set on Exynos4 SoCs -- * during hot-(un)plugging CPUx. -- * -- * The feature can be cleared safely during first boot of secondary CPU. -- * -- * Exynos4 SoCs require setting USE_DELAYED_RESET_ASSERTION during powering -- * down a CPU so the CPU idle clock down feature could properly detect global -- * idle state when CPUx is off. -- */ --static void exynos_set_delayed_reset_assertion(u32 core_id, bool enable) --{ -- if (soc_is_exynos4()) { -- unsigned int tmp; -- -- tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id)); -- if (enable) -- tmp |= S5P_USE_DELAYED_RESET_ASSERTION; -- else -- tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION); -- pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id)); -- } --} -- - #ifdef CONFIG_HOTPLUG_CPU - static inline void cpu_leave_lowpower(u32 core_id) - { -@@ -73,8 +49,6 @@ static inline void cpu_leave_lowpower(u32 core_id) - : "=&r" (v) - : "Ir" (CR_C), "Ir" (0x40) - : "cc"); -- -- exynos_set_delayed_reset_assertion(core_id, false); - } - - static inline void platform_do_lowpower(unsigned int cpu, int *spurious) -@@ -87,14 +61,6 @@ static inline void platform_do_lowpower(unsigned int cpu, int *spurious) - /* Turn the CPU off on next WFI instruction. */ - exynos_cpu_power_down(core_id); - -- /* -- * Exynos4 SoCs require setting -- * USE_DELAYED_RESET_ASSERTION so the CPU idle -- * clock down feature could properly detect -- * global idle state when CPUx is off. -- */ -- exynos_set_delayed_reset_assertion(core_id, true); -- - wfi(); - - if (pen_release == core_id) { -@@ -354,9 +320,6 @@ static int exynos_boot_secondary(unsigned int cpu, struct task_struct *idle) - udelay(10); - } - -- /* No harm if this is called during first boot of secondary CPU */ -- exynos_set_delayed_reset_assertion(core_id, false); -- - /* - * now the secondary core is starting up let it run its - * calibrations, then wait for it to finish -@@ -403,6 +366,8 @@ static void __init exynos_smp_prepare_cpus(unsigned int max_cpus) - - exynos_sysram_init(); - -+ exynos_set_delayed_reset_assertion(true); -+ - if (read_cpuid_part() == ARM_CPU_PART_CORTEX_A9) - scu_enable(scu_base_addr()); - -diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c -index 318d127..582ef2d 100644 ---- a/arch/arm/mach-exynos/suspend.c -+++ b/arch/arm/mach-exynos/suspend.c -@@ -235,6 +235,8 @@ static void exynos_pm_enter_sleep_mode(void) - - static void exynos_pm_prepare(void) - { -+ exynos_set_delayed_reset_assertion(false); -+ - /* Set wake-up mask registers */ - exynos_pm_set_wakeup_mask(); - -@@ -383,6 +385,7 @@ early_wakeup: - - /* Clear SLEEP mode set in INFORM1 */ - pmu_raw_writel(0x0, S5P_INFORM1); -+ exynos_set_delayed_reset_assertion(true); - } - - static void exynos3250_pm_resume(void) -diff --git a/arch/powerpc/kernel/idle_power7.S b/arch/powerpc/kernel/idle_power7.S -index 05adc8b..401d8d0 100644 ---- a/arch/powerpc/kernel/idle_power7.S -+++ b/arch/powerpc/kernel/idle_power7.S -@@ -500,9 +500,11 @@ BEGIN_FTR_SECTION - CHECK_HMI_INTERRUPT - END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) - ld r1,PACAR1(r13) -+ ld r6,_CCR(r1) - ld r4,_MSR(r1) - ld r5,_NIP(r1) - addi r1,r1,INT_FRAME_SIZE -+ mtcr r6 - mtspr SPRN_SRR1,r4 - mtspr SPRN_SRR0,r5 - rfid -diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c -index 4e3d5a9..03189d8 100644 ---- a/arch/x86/kernel/kprobes/core.c -+++ b/arch/x86/kernel/kprobes/core.c -@@ -354,6 +354,7 @@ int __copy_instruction(u8 *dest, u8 *src) - { - struct insn insn; - kprobe_opcode_t buf[MAX_INSN_SIZE]; -+ int length; - unsigned long recovered_insn = - recover_probed_instruction(buf, (unsigned long)src); - -@@ -361,16 +362,18 @@ int __copy_instruction(u8 *dest, u8 *src) - return 0; - kernel_insn_init(&insn, (void *)recovered_insn, MAX_INSN_SIZE); - insn_get_length(&insn); -+ length = insn.length; -+ - /* Another subsystem puts a breakpoint, failed to recover */ - if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) - return 0; -- memcpy(dest, insn.kaddr, insn.length); -+ memcpy(dest, insn.kaddr, length); - - #ifdef CONFIG_X86_64 - if (insn_rip_relative(&insn)) { - s64 newdisp; - u8 *disp; -- kernel_insn_init(&insn, dest, insn.length); -+ kernel_insn_init(&insn, dest, length); - insn_get_displacement(&insn); - /* - * The copied instruction uses the %rip-relative addressing -@@ -394,7 +397,7 @@ int __copy_instruction(u8 *dest, u8 *src) - *(s32 *) disp = (s32) newdisp; - } - #endif -- return insn.length; -+ return length; - } - - static int arch_copy_kprobe(struct kprobe *p) -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 4ee827d..3cb2b58 100644 ---- a/arch/x86/kvm/lapic.c -+++ b/arch/x86/kvm/lapic.c -@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic) - apic->divide_count); - } - -+static void apic_update_lvtt(struct kvm_lapic *apic) -+{ -+ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) & -+ apic->lapic_timer.timer_mode_mask; -+ -+ if (apic->lapic_timer.timer_mode != timer_mode) { -+ apic->lapic_timer.timer_mode = timer_mode; -+ hrtimer_cancel(&apic->lapic_timer.timer); -+ } -+} -+ - static void apic_timer_expired(struct kvm_lapic *apic) - { - struct kvm_vcpu *vcpu = apic->vcpu; -@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) - apic_set_reg(apic, APIC_LVTT + 0x10 * i, - lvt_val | APIC_LVT_MASKED); - } -+ apic_update_lvtt(apic); - atomic_set(&apic->lapic_timer.pending, 0); - - } -@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) - - break; - -- case APIC_LVTT: { -- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask; -- -- if (apic->lapic_timer.timer_mode != timer_mode) { -- apic->lapic_timer.timer_mode = timer_mode; -- hrtimer_cancel(&apic->lapic_timer.timer); -- } -- -+ case APIC_LVTT: - if (!kvm_apic_sw_enabled(apic)) - val |= APIC_LVT_MASKED; - val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask); - apic_set_reg(apic, APIC_LVTT, val); -+ apic_update_lvtt(apic); - break; -- } - - case APIC_TMICT: - if (apic_lvtt_tscdeadline(apic)) -@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu) - - for (i = 0; i < APIC_LVT_NUM; i++) - apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED); -- apic->lapic_timer.timer_mode = 0; -+ apic_update_lvtt(apic); - apic_set_reg(apic, APIC_LVT0, - SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT)); - -@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu, - - apic_update_ppr(apic); - hrtimer_cancel(&apic->lapic_timer.timer); -+ apic_update_lvtt(apic); - update_divide_count(apic); - start_apic_timer(apic); - apic->irr_pending = true; -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c -index 288547a..f26ebc5 100644 ---- a/drivers/bluetooth/ath3k.c -+++ b/drivers/bluetooth/ath3k.c -@@ -80,6 +80,7 @@ static const struct usb_device_id ath3k_table[] = { - { USB_DEVICE(0x0489, 0xe057) }, - { USB_DEVICE(0x0489, 0xe056) }, - { USB_DEVICE(0x0489, 0xe05f) }, -+ { USB_DEVICE(0x0489, 0xe076) }, - { USB_DEVICE(0x0489, 0xe078) }, - { USB_DEVICE(0x04c5, 0x1330) }, - { USB_DEVICE(0x04CA, 0x3004) }, -@@ -111,6 +112,7 @@ static const struct usb_device_id ath3k_table[] = { - { USB_DEVICE(0x13d3, 0x3408) }, - { USB_DEVICE(0x13d3, 0x3423) }, - { USB_DEVICE(0x13d3, 0x3432) }, -+ { USB_DEVICE(0x13d3, 0x3474) }, - - /* Atheros AR5BBU12 with sflash firmware */ - { USB_DEVICE(0x0489, 0xE02C) }, -@@ -135,6 +137,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, -@@ -166,6 +169,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, - - /* Atheros AR5BBU22 with sflash firmware */ - { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 }, -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c -index 2c527da..4fc4157 100644 ---- a/drivers/bluetooth/btusb.c -+++ b/drivers/bluetooth/btusb.c -@@ -174,6 +174,7 @@ static const struct usb_device_id blacklist_table[] = { - { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, -@@ -205,6 +206,7 @@ static const struct usb_device_id blacklist_table[] = { - { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, - { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, -+ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, - - /* Atheros AR5BBU12 with sflash firmware */ - { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, -diff --git a/drivers/clk/at91/clk-pll.c b/drivers/clk/at91/clk-pll.c -index 6ec79db..cbbe403 100644 ---- a/drivers/clk/at91/clk-pll.c -+++ b/drivers/clk/at91/clk-pll.c -@@ -173,8 +173,7 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate, - int i = 0; - - /* Check if parent_rate is a valid input rate */ -- if (parent_rate < characteristics->input.min || -- parent_rate > characteristics->input.max) -+ if (parent_rate < characteristics->input.min) - return -ERANGE; - - /* -@@ -187,6 +186,15 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate, - if (!mindiv) - mindiv = 1; - -+ if (parent_rate > characteristics->input.max) { -+ tmpdiv = DIV_ROUND_UP(parent_rate, characteristics->input.max); -+ if (tmpdiv > PLL_DIV_MAX) -+ return -ERANGE; -+ -+ if (tmpdiv > mindiv) -+ mindiv = tmpdiv; -+ } -+ - /* - * Calculate the maximum divider which is limited by PLL register - * layout (limited by the MUL or DIV field size). -diff --git a/drivers/clk/at91/pmc.h b/drivers/clk/at91/pmc.h -index 69abb08..eb8e5dc 100644 ---- a/drivers/clk/at91/pmc.h -+++ b/drivers/clk/at91/pmc.h -@@ -121,7 +121,7 @@ extern void __init of_at91sam9x5_clk_smd_setup(struct device_node *np, - struct at91_pmc *pmc); - #endif - --#if defined(CONFIG_HAVE_AT91_SMD) -+#if defined(CONFIG_HAVE_AT91_H32MX) - extern void __init of_sama5d4_clk_h32mx_setup(struct device_node *np, - struct at91_pmc *pmc); - #endif -diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c -index f347ab7..08b0da2 100644 ---- a/drivers/crypto/caam/caamhash.c -+++ b/drivers/crypto/caam/caamhash.c -@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req) - - state->current_buf = 0; - state->buf_dma = 0; -+ state->buflen_0 = 0; -+ state->buflen_1 = 0; - - return 0; - } -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c -index ae31e55..a48dc25 100644 ---- a/drivers/crypto/caam/caamrng.c -+++ b/drivers/crypto/caam/caamrng.c -@@ -56,7 +56,7 @@ - - /* Buffer, its dma address and lock */ - struct buf_data { -- u8 buf[RN_BUF_SIZE]; -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; - dma_addr_t addr; - struct completion filled; - u32 hw_desc[DESC_JOB_O_LEN]; -diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c -index ec4d932..169123a 100644 ---- a/drivers/gpu/drm/i915/i915_drv.c -+++ b/drivers/gpu/drm/i915/i915_drv.c -@@ -693,6 +693,16 @@ static int i915_drm_resume(struct drm_device *dev) - intel_init_pch_refclk(dev); - drm_mode_config_reset(dev); - -+ /* -+ * Interrupts have to be enabled before any batches are run. -+ * If not the GPU will hang. i915_gem_init_hw() will initiate -+ * batches to update/restore the context. -+ * -+ * Modeset enabling in intel_modeset_init_hw() also needs -+ * working interrupts. -+ */ -+ intel_runtime_pm_enable_interrupts(dev_priv); -+ - mutex_lock(&dev->struct_mutex); - if (i915_gem_init_hw(dev)) { - DRM_ERROR("failed to re-initialize GPU, declaring wedged!\n"); -@@ -700,9 +710,6 @@ static int i915_drm_resume(struct drm_device *dev) - } - mutex_unlock(&dev->struct_mutex); - -- /* We need working interrupts for modeset enabling ... */ -- intel_runtime_pm_enable_interrupts(dev_priv); -- - intel_modeset_init_hw(dev); - - spin_lock_irq(&dev_priv->irq_lock); -diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c -index 7a628e4..9536ec3 100644 ---- a/drivers/gpu/drm/i915/i915_gem.c -+++ b/drivers/gpu/drm/i915/i915_gem.c -@@ -2732,6 +2732,9 @@ void i915_gem_reset(struct drm_device *dev) - void - i915_gem_retire_requests_ring(struct intel_engine_cs *ring) - { -+ if (list_empty(&ring->request_list)) -+ return; -+ - WARN_ON(i915_verify_lists(ring->dev)); - - /* Retire requests first as we use it above for the early return. -@@ -3088,8 +3091,8 @@ int i915_vma_unbind(struct i915_vma *vma) - } else if (vma->ggtt_view.pages) { - sg_free_table(vma->ggtt_view.pages); - kfree(vma->ggtt_view.pages); -- vma->ggtt_view.pages = NULL; - } -+ vma->ggtt_view.pages = NULL; - } - - drm_mm_remove_node(&vma->node); -diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c -index 9872ba9..2ffeda3 100644 ---- a/drivers/gpu/drm/mgag200/mgag200_mode.c -+++ b/drivers/gpu/drm/mgag200/mgag200_mode.c -@@ -1526,6 +1526,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector, - return MODE_BANDWIDTH; - } - -+ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 || -+ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) { -+ return MODE_H_ILLEGAL; -+ } -+ - if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 || - mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 || - mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 || -diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c -index 686411e..b82f2dd 100644 ---- a/drivers/gpu/drm/radeon/radeon_kms.c -+++ b/drivers/gpu/drm/radeon/radeon_kms.c -@@ -547,6 +547,9 @@ static int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file - else - *value = 1; - break; -+ case RADEON_INFO_VA_UNMAP_WORKING: -+ *value = true; -+ break; - default: - DRM_DEBUG_KMS("Invalid request %d\n", info->request); - return -EINVAL; -diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c -index 147029a..ac72ece 100644 ---- a/drivers/infiniband/ulp/isert/ib_isert.c -+++ b/drivers/infiniband/ulp/isert/ib_isert.c -@@ -2316,7 +2316,6 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd, - page_off = offset % PAGE_SIZE; - - send_wr->sg_list = ib_sge; -- send_wr->num_sge = sg_nents; - send_wr->wr_id = (uintptr_t)&isert_cmd->tx_desc; - /* - * Perform mapping of TCM scatterlist memory ib_sge dma_addr. -@@ -2336,14 +2335,17 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd, - ib_sge->addr, ib_sge->length, ib_sge->lkey); - page_off = 0; - data_left -= ib_sge->length; -+ if (!data_left) -+ break; - ib_sge++; - isert_dbg("Incrementing ib_sge pointer to %p\n", ib_sge); - } - -+ send_wr->num_sge = ++i; - isert_dbg("Set outgoing sg_list: %p num_sg: %u from TCM SGLs\n", - send_wr->sg_list, send_wr->num_sge); - -- return sg_nents; -+ return send_wr->num_sge; - } - - static int -@@ -3311,6 +3313,7 @@ static void isert_free_conn(struct iscsi_conn *conn) - { - struct isert_conn *isert_conn = conn->context; - -+ isert_wait4flush(isert_conn); - isert_put_conn(isert_conn); - } - -diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 9b4e30a..beda011 100644 ---- a/drivers/md/dm.c -+++ b/drivers/md/dm.c -@@ -1889,8 +1889,8 @@ static int map_request(struct dm_target *ti, struct request *rq, - dm_kill_unmapped_request(rq, r); - return r; - } -- if (IS_ERR(clone)) -- return DM_MAPIO_REQUEUE; -+ if (r != DM_MAPIO_REMAPPED) -+ return r; - if (setup_clone(clone, rq, tio, GFP_KERNEL)) { - /* -ENOMEM */ - ti->type->release_clone_rq(clone); -diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c -index 75345c1..5c91df5 100644 ---- a/drivers/net/wireless/b43/main.c -+++ b/drivers/net/wireless/b43/main.c -@@ -5365,6 +5365,10 @@ static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy, - *have_5ghz_phy = true; - return; - case 0x4321: /* BCM4306 */ -+ /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */ -+ if (dev->phy.type != B43_PHYTYPE_G) -+ break; -+ /* fall through */ - case 0x4313: /* BCM4311 */ - case 0x431a: /* BCM4318 */ - case 0x432a: /* BCM4321 */ -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 220c0fd..50faef4 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -1468,6 +1468,11 @@ skip_countries: - goto alloc_fail8; - } - -+ if (quirks & CLEAR_HALT_CONDITIONS) { -+ usb_clear_halt(usb_dev, usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress)); -+ usb_clear_halt(usb_dev, usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress)); -+ } -+ - return 0; - alloc_fail8: - if (acm->country_codes) { -@@ -1747,6 +1752,10 @@ static const struct usb_device_id acm_ids[] = { - .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */ - }, - -+ { USB_DEVICE(0x2912, 0x0001), /* ATOL FPrint */ -+ .driver_info = CLEAR_HALT_CONDITIONS, -+ }, -+ - /* Nokia S60 phones expose two ACM channels. The first is - * a modem and is picked up by the standard AT-command - * information below. The second is 'vendor-specific' but -diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h -index ffeb3c8..b3b6c9d 100644 ---- a/drivers/usb/class/cdc-acm.h -+++ b/drivers/usb/class/cdc-acm.h -@@ -133,3 +133,4 @@ struct acm { - #define NO_DATA_INTERFACE BIT(4) - #define IGNORE_DEVICE BIT(5) - #define QUIRK_CONTROL_LINE_STATE BIT(6) -+#define CLEAR_HALT_CONDITIONS BIT(7) -diff --git a/include/uapi/drm/radeon_drm.h b/include/uapi/drm/radeon_drm.h -index 50d0fb4..76d2ede 100644 ---- a/include/uapi/drm/radeon_drm.h -+++ b/include/uapi/drm/radeon_drm.h -@@ -1034,6 +1034,7 @@ struct drm_radeon_cs { - #define RADEON_INFO_VRAM_USAGE 0x1e - #define RADEON_INFO_GTT_USAGE 0x1f - #define RADEON_INFO_ACTIVE_CU_COUNT 0x20 -+#define RADEON_INFO_VA_UNMAP_WORKING 0x25 - - struct drm_radeon_info { - uint32_t request; -diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c -index ced69da..7f2e97c 100644 ---- a/kernel/trace/trace_events_filter.c -+++ b/kernel/trace/trace_events_filter.c -@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps) - { - int n_normal_preds = 0, n_logical_preds = 0; - struct postfix_elt *elt; -+ int cnt = 0; - - list_for_each_entry(elt, &ps->postfix, list) { -- if (elt->op == OP_NONE) -+ if (elt->op == OP_NONE) { -+ cnt++; - continue; -+ } - - if (elt->op == OP_AND || elt->op == OP_OR) { - n_logical_preds++; -+ cnt--; - continue; - } -+ if (elt->op != OP_NOT) -+ cnt--; - n_normal_preds++; -+ WARN_ON_ONCE(cnt < 0); - } - -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { - parse_error(ps, FILT_ERR_INVALID_FILTER, 0); - return -EINVAL; - } -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c -index 87eff31..60b3100 100644 ---- a/sound/pci/hda/patch_sigmatel.c -+++ b/sound/pci/hda/patch_sigmatel.c -@@ -100,6 +100,7 @@ enum { - STAC_HP_ENVY_BASS, - STAC_HP_BNB13_EQ, - STAC_HP_ENVY_TS_BASS, -+ STAC_HP_ENVY_TS_DAC_BIND, - STAC_92HD83XXX_GPIO10_EAPD, - STAC_92HD83XXX_MODELS - }; -@@ -2170,6 +2171,22 @@ static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec, - spec->eapd_switch = 0; - } - -+static void hp_envy_ts_fixup_dac_bind(struct hda_codec *codec, -+ const struct hda_fixup *fix, -+ int action) -+{ -+ struct sigmatel_spec *spec = codec->spec; -+ static hda_nid_t preferred_pairs[] = { -+ 0xd, 0x13, -+ 0 -+ }; -+ -+ if (action != HDA_FIXUP_ACT_PRE_PROBE) -+ return; -+ -+ spec->gen.preferred_dacs = preferred_pairs; -+} -+ - static const struct hda_verb hp_bnb13_eq_verbs[] = { - /* 44.1KHz base */ - { 0x22, 0x7A6, 0x3E }, -@@ -2685,6 +2702,12 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = { - {} - }, - }, -+ [STAC_HP_ENVY_TS_DAC_BIND] = { -+ .type = HDA_FIXUP_FUNC, -+ .v.func = hp_envy_ts_fixup_dac_bind, -+ .chained = true, -+ .chain_id = STAC_HP_ENVY_TS_BASS, -+ }, - [STAC_92HD83XXX_GPIO10_EAPD] = { - .type = HDA_FIXUP_FUNC, - .v.func = stac92hd83xxx_fixup_gpio10_eapd, -@@ -2763,6 +2786,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = { - "HP bNB13", STAC_HP_BNB13_EQ), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x190e, - "HP ENVY TS", STAC_HP_ENVY_TS_BASS), -+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1967, -+ "HP ENVY TS", STAC_HP_ENVY_TS_DAC_BIND), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1940, - "HP bNB13", STAC_HP_BNB13_EQ), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1941, diff --git a/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch b/4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch index 37bee2c..c471dac 100644 --- a/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch +++ b/4.0.7/4420_grsecurity-3.1-4.0.7-201507050833.patch @@ -50607,10 +50607,59 @@ index ce2e2cf..f81e500 100644 __u32 protocols; diff --git a/drivers/nfc/st21nfca/st21nfca.c b/drivers/nfc/st21nfca/st21nfca.c -index 24d3d24..ff70d28 100644 +index 24d3d24..b662ba0 100644 --- a/drivers/nfc/st21nfca/st21nfca.c +++ b/drivers/nfc/st21nfca/st21nfca.c -@@ -588,7 +588,7 @@ static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *gate, +@@ -148,14 +148,14 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) + ST21NFCA_DEVICE_MGNT_GATE, + ST21NFCA_DEVICE_MGNT_PIPE); + if (r < 0) +- goto free_info; ++ return r; + + /* Get pipe list */ + r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE, + ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list), + &skb_pipe_list); + if (r < 0) +- goto free_info; ++ return r; + + /* Complete the existing gate_pipe table */ + for (i = 0; i < skb_pipe_list->len; i++) { +@@ -181,6 +181,7 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) + info->src_host_id != ST21NFCA_ESE_HOST_ID) { + pr_err("Unexpected apdu_reader pipe on host %x\n", + info->src_host_id); ++ kfree_skb(skb_pipe_info); + continue; + } + +@@ -200,6 +201,7 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) + hdev->pipes[st21nfca_gates[j].pipe].dest_host = + info->src_host_id; + } ++ kfree_skb(skb_pipe_info); + } + + /* +@@ -214,13 +216,12 @@ static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev) + st21nfca_gates[i].gate, + st21nfca_gates[i].pipe); + if (r < 0) +- goto free_info; ++ goto free_list; + } + } + + memcpy(hdev->init_data.gates, st21nfca_gates, sizeof(st21nfca_gates)); +-free_info: +- kfree_skb(skb_pipe_info); ++free_list: + kfree_skb(skb_pipe_list); + return r; + } +@@ -588,7 +589,7 @@ static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *gate, goto exit; } @@ -55636,6 +55685,19 @@ index 8cfc319..4868255 100644 return 0; } +diff --git a/drivers/usb/gadget/configfs.c b/drivers/usb/gadget/configfs.c +index 0495c94..289e201 100644 +--- a/drivers/usb/gadget/configfs.c ++++ b/drivers/usb/gadget/configfs.c +@@ -571,7 +571,7 @@ static struct config_group *function_make( + if (IS_ERR(fi)) + return ERR_CAST(fi); + +- ret = config_item_set_name(&fi->group.cg_item, name); ++ ret = config_item_set_name(&fi->group.cg_item, "%s", name); + if (ret) { + usb_put_function_instance(fi); + return ERR_PTR(ret); diff --git a/drivers/usb/gadget/function/f_uac1.c b/drivers/usb/gadget/function/f_uac1.c index 9719abf..789d5d9 100644 --- a/drivers/usb/gadget/function/f_uac1.c @@ -68286,6 +68348,28 @@ index cf0db00..c7f70e8 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/configfs/item.c b/fs/configfs/item.c +index e65f9ff..3ed264d 100644 +--- a/fs/configfs/item.c ++++ b/fs/configfs/item.c +@@ -116,7 +116,7 @@ void config_item_init_type_name(struct config_item *item, + const char *name, + struct config_item_type *type) + { +- config_item_set_name(item, name); ++ config_item_set_name(item, "%s", name); + item->ci_type = type; + config_item_init(item); + } +@@ -125,7 +125,7 @@ EXPORT_SYMBOL(config_item_init_type_name); + void config_group_init_type_name(struct config_group *group, const char *name, + struct config_item_type *type) + { +- config_item_set_name(&group->cg_item, name); ++ config_item_set_name(&group->cg_item, "%s", name); + group->cg_item.ci_type = type; + config_group_init(group); + } diff --git a/fs/coredump.c b/fs/coredump.c index bbbe139..b76fae5 100644 --- a/fs/coredump.c @@ -81317,7 +81401,7 @@ index 0000000..8ee8e4f +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..f056b81 +index 0000000..ed6ee43 --- /dev/null +++ b/grsecurity/gracl_ip.c @@ -0,0 +1,386 @@ @@ -81391,7 +81475,7 @@ index 0000000..f056b81 + "unspec", "unix", "inet", "ax25", "ipx", "appletalk", "netrom", "bridge", "atmpvc", "x25", + "inet6", "rose", "decnet", "netbeui", "security", "key", "netlink", "packet", "ash", + "econet", "atmsvc", "rds", "sna", "irda", "ppox", "wanpipe", "llc", "fam_27", "fam_28", -+ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf" ++ "tipc", "bluetooth", "iucv", "rxrpc", "isdn", "phonet", "ieee802154", "ciaf", "alg", "nfc", "vsock" + }; + +const char * @@ -89034,9 +89118,18 @@ index 5d5aaae..0ea9b84 100644 extern bool completion_done(struct completion *x); diff --git a/include/linux/configfs.h b/include/linux/configfs.h -index 34025df..d94bbbc 100644 +index 34025df..2a6ee32 100644 --- a/include/linux/configfs.h +++ b/include/linux/configfs.h +@@ -64,7 +64,7 @@ struct config_item { + struct dentry *ci_dentry; + }; + +-extern int config_item_set_name(struct config_item *, const char *, ...); ++extern __printf(2, 3) int config_item_set_name(struct config_item *, const char *, ...); + + static inline char *config_item_name(struct config_item * item) + { @@ -125,7 +125,7 @@ struct configfs_attribute { const char *ca_name; struct module *ca_owner; |