Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2014-09-09 05:34:28 -0400
committerAnthony G. Basile <blueness@gentoo.org>2014-09-09 05:34:28 -0400
commitc696e6fdf2e316c40e44284f13054817327a8be4 (patch)
tree3e9e2ef8b4011019042baef2d8c6fe5bc2541983
parentGrsec/PaX: 3.0-{3.14.17,3.16.1}-201409021826 (diff)
downloadhardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.tar.gz
hardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.tar.bz2
hardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.zip
Grsec/PaX: 3.0-{3.14.18,3.16.2}-201409060014
Diffstat
-rw-r--r--3.14.18/0000_README (renamed from 3.14.17/0000_README)2
-rw-r--r--3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch (renamed from 3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch)451
-rw-r--r--3.14.18/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.17/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.14.18/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.17/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.14.18/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.17/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.14.18/4435_grsec-mute-warnings.patch (renamed from 3.14.17/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.14.18/4440_grsec-remove-protected-paths.patch (renamed from 3.14.17/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.14.18/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.17/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.14.18/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.17/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.14.18/4470_disable-compat_vdso.patch (renamed from 3.14.17/4470_disable-compat_vdso.patch)0
-rw-r--r--3.14.18/4475_emutramp_default_on.patch (renamed from 3.14.17/4475_emutramp_default_on.patch)0
-rw-r--r--3.16.2/0000_README (renamed from 3.16.1/0000_README)2
-rw-r--r--3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch (renamed from 3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch)630
-rw-r--r--3.16.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.16.1/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.16.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.16.1/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.16.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.16.1/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.16.2/4435_grsec-mute-warnings.patch (renamed from 3.16.1/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.16.2/4440_grsec-remove-protected-paths.patch (renamed from 3.16.1/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.16.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.16.1/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.16.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.16.1/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.16.2/4470_disable-compat_vdso.patch (renamed from 3.16.1/4470_disable-compat_vdso.patch)0
-rw-r--r--3.16.2/4475_emutramp_default_on.patch (renamed from 3.16.1/4475_emutramp_default_on.patch)0
22 files changed, 266 insertions, 819 deletions
diff --git a/3.14.17/0000_README b/3.14.18/0000_README
index 19f254f..e496f22 100644
--- a/3.14.17/0000_README
+++ b/3.14.18/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.17-201409021816.patch
+Patch: 4420_grsecurity-3.0-3.14.18-201409060013.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch b/3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch
index 7887ba7..2207958 100644
--- a/3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch
+++ b/3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 12aac03..33d9e9f 100644
+index 05279d4..c24e149 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -3643,7 +3643,7 @@ index 78c02b3..c94109a 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 66c60fe..c78950d 100644
+index c914b00..8a653a7 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops {
@@ -12269,7 +12269,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index c718d9f..511e6fa 100644
+index e409891..d64a8f7 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -126,7 +126,7 @@ config X86
@@ -12325,7 +12325,7 @@ index c718d9f..511e6fa 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz
+@@ -1624,6 +1625,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12333,7 +12333,7 @@ index c718d9f..511e6fa 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS
+@@ -1775,7 +1777,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12344,7 +12344,7 @@ index c718d9f..511e6fa 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1855,9 +1859,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -28195,7 +28195,7 @@ index da6b35a..977e9cf 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index 1f96f93..6f29be7 100644
+index 09ce23a..9293938 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -56,15 +56,13 @@
@@ -28401,7 +28401,7 @@ index c697625..a032162 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 0069118..c28ec0a 100644
+index 453e5fb..214168f 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -41665,19 +41665,6 @@ index 6866448..2ad2b34 100644
{
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
-diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
-index 1bdcccc..f745d2c 100644
---- a/drivers/hid/hid-cherry.c
-+++ b/drivers/hid/hid-cherry.c
-@@ -28,7 +28,7 @@
- static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
-+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
- hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
- rdesc[11] = rdesc[16] = 0xff;
- rdesc[12] = rdesc[17] = 0x03;
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 7cd42ea..a367c48 100644
--- a/drivers/hid/hid-core.c
@@ -41700,71 +41687,6 @@ index 7cd42ea..a367c48 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
-index e776963..b92bf01 100644
---- a/drivers/hid/hid-kye.c
-+++ b/drivers/hid/hid-kye.c
-@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- * - change the button usage range to 4-7 for the extra
- * buttons
- */
-- if (*rsize >= 74 &&
-+ if (*rsize >= 75 &&
- rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
- rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
- rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
-diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
-index 9fe9d4a..b8207e0 100644
---- a/drivers/hid/hid-lg.c
-+++ b/drivers/hid/hid-lg.c
-@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- struct usb_device_descriptor *udesc;
- __u16 bcdDevice, rev_maj, rev_min;
-
-- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
-+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
- rdesc[84] == 0x8c && rdesc[85] == 0x02) {
- hid_info(hdev,
- "fixing up Logitech keyboard report descriptor\n");
- rdesc[84] = rdesc[89] = 0x4d;
- rdesc[85] = rdesc[90] = 0x10;
- }
-- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
-+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
- rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
- rdesc[49] == 0x81 && rdesc[50] == 0x06) {
- hid_info(hdev,
-diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
-index f45279c..0b14d32 100644
---- a/drivers/hid/hid-logitech-dj.c
-+++ b/drivers/hid/hid-logitech-dj.c
-@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
- return;
- }
-
-- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
-- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
-- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
-- __func__, dj_report->device_index);
-- return;
-- }
--
- if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
- /* The device is already known. No need to reallocate it. */
- dbg_hid("%s: device is already known\n", __func__);
-@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
- * device (via hid_input_report() ) and return 1 so hid-core does not do
- * anything else with it.
- */
-+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
-+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
-+ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
-+ __func__, dj_report->device_index);
-+ return false;
-+ }
-
- spin_lock_irqsave(&djrcv_dev->lock, flags);
- if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
index 3b43d1c..991ba79 100644
--- a/drivers/hid/hid-magicmouse.c
@@ -41793,32 +41715,6 @@ index 3b43d1c..991ba79 100644
msc->ntouches = 0;
for (ii = 0; ii < npoints; ii++)
magicmouse_emit_touch(msc, ii, data + ii * 8 + 6);
-diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
-index 9e14c00..25daf28 100644
---- a/drivers/hid/hid-monterey.c
-+++ b/drivers/hid/hid-monterey.c
-@@ -24,7 +24,7 @@
- static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
-+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
- hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
- rdesc[30] = 0x0c;
- }
-diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
-index 736b250..6aca4f2 100644
---- a/drivers/hid/hid-petalynx.c
-+++ b/drivers/hid/hid-petalynx.c
-@@ -25,7 +25,7 @@
- static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
-+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
- rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
- rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
- hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
index acbb0210..020df3c 100644
--- a/drivers/hid/hid-picolcd_core.c
@@ -41836,19 +41732,6 @@ index acbb0210..020df3c 100644
if (report->id == REPORT_KEY_STATE) {
if (data->input_keys)
ret = picolcd_raw_keypad(data, report, raw_data+1, size-1);
-diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
-index 87fc91e..91072fa 100644
---- a/drivers/hid/hid-sunplus.c
-+++ b/drivers/hid/hid-sunplus.c
-@@ -24,7 +24,7 @@
- static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
-+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
- rdesc[106] == 0x03) {
- hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
- rdesc[105] = rdesc[110] = 0x03;
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5b..55a3802 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -49475,7 +49358,7 @@ index f28ea07..34b16d3 100644
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 868318a..e07ef3b 100644
+index 528bff5..84963854 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
@@ -51766,10 +51649,10 @@ index 9cd706d..6ff2de7 100644
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index ece2049b..fba2524 100644
+index 25b8f68..3e23c14 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
-@@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty)
+@@ -1451,7 +1451,7 @@ static void uart_hangup(struct tty_struct *tty)
uart_flush_buffer(tty);
uart_shutdown(tty, state);
spin_lock_irqsave(&port->lock, flags);
@@ -51778,7 +51661,7 @@ index ece2049b..fba2524 100644
clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags);
spin_unlock_irqrestore(&port->lock, flags);
tty_port_tty_set(port, NULL);
-@@ -1544,7 +1544,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1547,7 +1547,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
goto end;
}
@@ -51787,7 +51670,7 @@ index ece2049b..fba2524 100644
if (!state->uart_port || state->uart_port->flags & UPF_DEAD) {
retval = -ENXIO;
goto err_dec_count;
-@@ -1572,7 +1572,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1575,7 +1575,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
/*
* Make sure the device is in D0 state.
*/
@@ -51796,7 +51679,7 @@ index ece2049b..fba2524 100644
uart_change_pm(state, UART_PM_STATE_ON);
/*
-@@ -1590,7 +1590,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1593,7 +1593,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
end:
return retval;
err_dec_count:
@@ -52606,7 +52489,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 90e18f6..5eeda46 100644
+index 9ca7716..a2ccc2e 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -52668,7 +52551,7 @@ index 2518c32..1c201bb 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 36b1e85..18fb0a4 100644
+index 6650df7..3a94427 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -52679,7 +52562,7 @@ index 36b1e85..18fb0a4 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4502,6 +4503,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
+@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
goto done;
return;
}
@@ -52911,7 +52794,7 @@ index 7a55fea..cc0ed4f 100644
#include "u_uac1.h"
diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
-index 7ae0c4d..35521b7 100644
+index 7d6f64c..37a1efc 100644
--- a/drivers/usb/host/ehci-hub.c
+++ b/drivers/usb/host/ehci-hub.c
@@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb(
@@ -56682,7 +56565,7 @@ index ce25d75..dc09eeb 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index 6d68e01..573d8dc 100644
+index 6d68e01..6bc8e9a 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx)
@@ -56694,6 +56577,19 @@ index 6d68e01..573d8dc 100644
return -EINVAL;
file = aio_private_file(ctx, nr_pages);
+@@ -1065,6 +1065,12 @@ static long aio_read_events_ring(struct kioctx *ctx,
+ tail = ring->tail;
+ kunmap_atomic(ring);
+
++ /*
++ * Ensure that once we've read the current tail pointer, that
++ * we also see the events that were stored up to the tail.
++ */
++ smp_rmb();
++
+ pr_debug("h%u t%u m%u\n", head, tail, ctx->nr_events);
+
+ if (head == tail)
diff --git a/fs/attr.c b/fs/attr.c
index 6530ced..4a827e2 100644
--- a/fs/attr.c
@@ -59051,7 +58947,7 @@ index 7f3b400..9c911f2 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 9c0444c..628490c 100644
+index 1576195..49a19ae 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
@@ -60046,10 +59942,10 @@ index e6574d7..c30cbe2 100644
brelse(bh);
bh = NULL;
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 502f0fd..bf3b3c1 100644
+index 242226a..f3eb6c1 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
-@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
+@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
if (EXT4_SB(sb)->s_mb_stats)
@@ -60058,7 +59954,7 @@ index 502f0fd..bf3b3c1 100644
break;
}
-@@ -2189,7 +2189,7 @@ repeat:
+@@ -2191,7 +2191,7 @@ repeat:
ac->ac_status = AC_STATUS_CONTINUE;
ac->ac_flags |= EXT4_MB_HINT_FIRST;
cr = 3;
@@ -60067,7 +59963,7 @@ index 502f0fd..bf3b3c1 100644
goto repeat;
}
}
-@@ -2697,25 +2697,25 @@ int ext4_mb_release(struct super_block *sb)
+@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb)
if (sbi->s_mb_stats) {
ext4_msg(sb, KERN_INFO,
"mballoc: %u blocks %u reqs (%u success)",
@@ -60103,7 +59999,7 @@ index 502f0fd..bf3b3c1 100644
}
free_percpu(sbi->s_locality_groups);
-@@ -3169,16 +3169,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -60126,7 +60022,7 @@ index 502f0fd..bf3b3c1 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -60135,7 +60031,7 @@ index 502f0fd..bf3b3c1 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -60144,7 +60040,7 @@ index 502f0fd..bf3b3c1 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -60153,7 +60049,7 @@ index 502f0fd..bf3b3c1 100644
return err;
}
-@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -60176,7 +60072,7 @@ index 04434ad..6404663 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 25b327e..56f169d 100644
+index a46030d..1477295 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -61960,185 +61856,6 @@ index e846a32..bb06bd0 100644
put_cpu_var(last_ino);
return res;
}
-diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
-index 4a9e10e..a9daccb 100644
---- a/fs/isofs/inode.c
-+++ b/fs/isofs/inode.c
-@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
- return;
- }
-
--static int isofs_read_inode(struct inode *);
-+static int isofs_read_inode(struct inode *, int relocated);
- static int isofs_statfs (struct dentry *, struct kstatfs *);
-
- static struct kmem_cache *isofs_inode_cachep;
-@@ -1258,7 +1258,7 @@ out_toomany:
- goto out;
- }
-
--static int isofs_read_inode(struct inode *inode)
-+static int isofs_read_inode(struct inode *inode, int relocated)
- {
- struct super_block *sb = inode->i_sb;
- struct isofs_sb_info *sbi = ISOFS_SB(sb);
-@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode)
- */
-
- if (!high_sierra) {
-- parse_rock_ridge_inode(de, inode);
-+ parse_rock_ridge_inode(de, inode, relocated);
- /* if we want uid/gid set, override the rock ridge setting */
- if (sbi->s_uid_set)
- inode->i_uid = sbi->s_uid;
-@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
- * offset that point to the underlying meta-data for the inode. The
- * code below is otherwise similar to the iget() code in
- * include/linux/fs.h */
--struct inode *isofs_iget(struct super_block *sb,
-- unsigned long block,
-- unsigned long offset)
-+struct inode *__isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset,
-+ int relocated)
- {
- unsigned long hashval;
- struct inode *inode;
-@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb,
- return ERR_PTR(-ENOMEM);
-
- if (inode->i_state & I_NEW) {
-- ret = isofs_read_inode(inode);
-+ ret = isofs_read_inode(inode, relocated);
- if (ret < 0) {
- iget_failed(inode);
- inode = ERR_PTR(ret);
-diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
-index 9916723..0ac4c1f 100644
---- a/fs/isofs/isofs.h
-+++ b/fs/isofs/isofs.h
-@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
-
- struct inode; /* To make gcc happy */
-
--extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
-+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
- extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
- extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
-
-@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
- extern struct buffer_head *isofs_bread(struct inode *, sector_t);
- extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
-
--extern struct inode *isofs_iget(struct super_block *sb,
-- unsigned long block,
-- unsigned long offset);
-+struct inode *__isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset,
-+ int relocated);
-+
-+static inline struct inode *isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset)
-+{
-+ return __isofs_iget(sb, block, offset, 0);
-+}
-+
-+static inline struct inode *isofs_iget_reloc(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset)
-+{
-+ return __isofs_iget(sb, block, offset, 1);
-+}
-
- /* Because the inode number is no longer relevant to finding the
- * underlying meta-data for an inode, we are free to choose a more
-diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
-index c0bf424..f488bba 100644
---- a/fs/isofs/rock.c
-+++ b/fs/isofs/rock.c
-@@ -288,12 +288,16 @@ eio:
- goto out;
- }
-
-+#define RR_REGARD_XA 1
-+#define RR_RELOC_DE 2
-+
- static int
- parse_rock_ridge_inode_internal(struct iso_directory_record *de,
-- struct inode *inode, int regard_xa)
-+ struct inode *inode, int flags)
- {
- int symlink_len = 0;
- int cnt, sig;
-+ unsigned int reloc_block;
- struct inode *reloc;
- struct rock_ridge *rr;
- int rootflag;
-@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
-
- init_rock_state(&rs, inode);
- setup_rock_ridge(de, inode, &rs);
-- if (regard_xa) {
-+ if (flags & RR_REGARD_XA) {
- rs.chr += 14;
- rs.len -= 14;
- if (rs.len < 0)
-@@ -485,12 +489,22 @@ repeat:
- "relocated directory\n");
- goto out;
- case SIG('C', 'L'):
-- ISOFS_I(inode)->i_first_extent =
-- isonum_733(rr->u.CL.location);
-- reloc =
-- isofs_iget(inode->i_sb,
-- ISOFS_I(inode)->i_first_extent,
-- 0);
-+ if (flags & RR_RELOC_DE) {
-+ printk(KERN_ERR
-+ "ISOFS: Recursive directory relocation "
-+ "is not supported\n");
-+ goto eio;
-+ }
-+ reloc_block = isonum_733(rr->u.CL.location);
-+ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
-+ ISOFS_I(inode)->i_iget5_offset == 0) {
-+ printk(KERN_ERR
-+ "ISOFS: Directory relocation points to "
-+ "itself\n");
-+ goto eio;
-+ }
-+ ISOFS_I(inode)->i_first_extent = reloc_block;
-+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
- if (IS_ERR(reloc)) {
- ret = PTR_ERR(reloc);
- goto out;
-@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
- return rpnt;
- }
-
--int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
-+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
-+ int relocated)
- {
-- int result = parse_rock_ridge_inode_internal(de, inode, 0);
-+ int flags = relocated ? RR_RELOC_DE : 0;
-+ int result = parse_rock_ridge_inode_internal(de, inode, flags);
-
- /*
- * if rockridge flag was reset and we didn't look for attributes
-@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
- */
- if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
- && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
-- result = parse_rock_ridge_inode_internal(de, inode, 14);
-+ result = parse_rock_ridge_inode_internal(de, inode,
-+ flags | RR_REGARD_XA);
- }
- return result;
- }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index 4a6cf28..d3a29d3 100644
--- a/fs/jffs2/erase.c
@@ -63100,19 +62817,6 @@ index 15f9d98..082c625 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
-diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
-index 8f854dd..d0fec26 100644
---- a/fs/nfs/nfs3acl.c
-+++ b/fs/nfs/nfs3acl.c
-@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
- char *p = data + *result;
-
- acl = get_acl(inode, type);
-- if (!acl)
-+ if (IS_ERR_OR_NULL(acl))
- return 0;
-
- posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f23a6ca..730ddcc 100644
--- a/fs/nfsd/nfs4proc.c
@@ -90668,7 +90372,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 515e212..268a828 100644
+index 677ebad..e39b352 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled)
@@ -90719,7 +90423,7 @@ index 515e212..268a828 100644
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4726,8 +4732,10 @@ void idle_task_exit(void)
+@@ -4727,8 +4733,10 @@ void idle_task_exit(void)
BUG_ON(cpu_online(smp_processor_id()));
@@ -90731,7 +90435,7 @@ index 515e212..268a828 100644
mmdrop(mm);
}
-@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4806,7 +4814,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -90740,7 +90444,7 @@ index 515e212..268a828 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4823,17 +4831,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -90762,7 +90466,7 @@ index 515e212..268a828 100644
/*
* In the intermediate directories, both the child directory and
-@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4841,22 +4849,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -90794,7 +90498,7 @@ index 515e212..268a828 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -4876,7 +4887,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -90803,7 +90507,7 @@ index 515e212..268a828 100644
if (table == NULL)
return NULL;
-@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -4911,9 +4922,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -90815,7 +90519,7 @@ index 515e212..268a828 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -4940,11 +4951,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -90830,7 +90534,7 @@ index 515e212..268a828 100644
if (entry == NULL)
return;
-@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -4967,8 +4980,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -92433,6 +92137,19 @@ index 48140e3..de854e5 100644
obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o
ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
+diff --git a/lib/assoc_array.c b/lib/assoc_array.c
+index c0b1007..ae146f0 100644
+--- a/lib/assoc_array.c
++++ b/lib/assoc_array.c
+@@ -1735,7 +1735,7 @@ ascend_old_tree:
+ gc_complete:
+ edit->set[0].to = new_root;
+ assoc_array_apply_edit(edit);
+- edit->array->nr_leaves_on_tree = nr_leaves_on_tree;
++ array->nr_leaves_on_tree = nr_leaves_on_tree;
+ return 0;
+
+ enomem:
diff --git a/lib/average.c b/lib/average.c
index 114d1be..ab0350c 100644
--- a/lib/average.c
@@ -97702,10 +97419,10 @@ index 4a7f7e6..22cddf5 100644
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index a24aa22..a0d41ae 100644
+index c1010cb..91e1a36 100644
--- a/mm/util.c
+++ b/mm/util.c
-@@ -297,6 +297,12 @@ done:
+@@ -294,6 +294,12 @@ done:
void arch_pick_mmap_layout(struct mm_struct *mm)
{
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -100932,7 +100649,7 @@ index e1a6393..f634ce5 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 6c7fa08..8a31430 100644
+index 6c7fa08..7c5abd70 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -100987,7 +100704,21 @@ index 6c7fa08..8a31430 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+
+ rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+ dev->ifindex, 1);
+- if (rt) {
+- dst_hold(&rt->dst);
+- if (ip6_del_rt(rt))
+- dst_free(&rt->dst);
+- }
++ if (rt && ip6_del_rt(rt))
++ dst_free(&rt->dst);
+ }
+ dst_hold(&ifp->rt->dst);
+
+@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -100996,7 +100727,7 @@ index 6c7fa08..8a31430 100644
rt_genid_bump_ipv6(net);
}
-@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -101005,7 +100736,7 @@ index 6c7fa08..8a31430 100644
int ret;
/*
-@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -103996,10 +103727,10 @@ index c1d124d..acfc59e 100644
goto err;
return 0;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-index 62e4f9b..dd3f2d7 100644
+index ed36cb5..c55d17f 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-@@ -292,7 +292,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -293,7 +293,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
return;
ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP);
@@ -104008,7 +103739,7 @@ index 62e4f9b..dd3f2d7 100644
while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) {
ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id;
-@@ -314,7 +314,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -315,7 +315,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
}
if (ctxt)
@@ -104017,7 +103748,7 @@ index 62e4f9b..dd3f2d7 100644
set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags);
/*
-@@ -386,7 +386,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -387,7 +387,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
return;
ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP);
@@ -104026,7 +103757,7 @@ index 62e4f9b..dd3f2d7 100644
while ((ret = ib_poll_cq(cq, 1, &wc)) > 0) {
if (wc.status != IB_WC_SUCCESS)
/* Close the transport */
-@@ -404,7 +404,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -405,7 +405,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
}
if (ctxt)
@@ -104035,7 +103766,7 @@ index 62e4f9b..dd3f2d7 100644
}
static void sq_comp_handler(struct ib_cq *cq, void *cq_context)
-@@ -1262,7 +1262,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr)
+@@ -1263,7 +1263,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr)
spin_lock_bh(&xprt->sc_lock);
if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) {
spin_unlock_bh(&xprt->sc_lock);
diff --git a/3.14.17/4425_grsec_remove_EI_PAX.patch b/3.14.18/4425_grsec_remove_EI_PAX.patch
index fc51f79..fc51f79 100644
--- a/3.14.17/4425_grsec_remove_EI_PAX.patch
+++ b/3.14.18/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.17/4427_force_XATTR_PAX_tmpfs.patch b/3.14.18/4427_force_XATTR_PAX_tmpfs.patch
index 11a7d2c..11a7d2c 100644
--- a/3.14.17/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.14.18/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.17/4430_grsec-remove-localversion-grsec.patch b/3.14.18/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.14.17/4430_grsec-remove-localversion-grsec.patch
+++ b/3.14.18/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.17/4435_grsec-mute-warnings.patch b/3.14.18/4435_grsec-mute-warnings.patch
index 392cefb..392cefb 100644
--- a/3.14.17/4435_grsec-mute-warnings.patch
+++ b/3.14.18/4435_grsec-mute-warnings.patch
diff --git a/3.14.17/4440_grsec-remove-protected-paths.patch b/3.14.18/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.14.17/4440_grsec-remove-protected-paths.patch
+++ b/3.14.18/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.17/4450_grsec-kconfig-default-gids.patch b/3.14.18/4450_grsec-kconfig-default-gids.patch
index 0451e5a..0451e5a 100644
--- a/3.14.17/4450_grsec-kconfig-default-gids.patch
+++ b/3.14.18/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch
index 747ac53..747ac53 100644
--- a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.17/4470_disable-compat_vdso.patch b/3.14.18/4470_disable-compat_vdso.patch
index 35a4840..35a4840 100644
--- a/3.14.17/4470_disable-compat_vdso.patch
+++ b/3.14.18/4470_disable-compat_vdso.patch
diff --git a/3.14.17/4475_emutramp_default_on.patch b/3.14.18/4475_emutramp_default_on.patch
index cf88fd9..cf88fd9 100644
--- a/3.14.17/4475_emutramp_default_on.patch
+++ b/3.14.18/4475_emutramp_default_on.patch
diff --git a/3.16.1/0000_README b/3.16.2/0000_README
index 7a2bc49..7c596e8 100644
--- a/3.16.1/0000_README
+++ b/3.16.2/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.16.1-201409021826.patch
+Patch: 4420_grsecurity-3.0-3.16.2-201409060014.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch b/3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch
index 624c5fb..83965d3 100644
--- a/3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch
+++ b/3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch
@@ -785,7 +785,7 @@ index ee78eba..a06b48d 100644
Daniel Borkmann <dborkman@redhat.com>
-Alexei Starovoitov <ast@plumgrid.com>
diff --git a/Makefile b/Makefile
-index 87663a2..906dc62 100644
+index c261752..7b9958b 100644
--- a/Makefile
+++ b/Makefile
@@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -4019,6 +4019,28 @@ index 255f33a..507b157 100644
clk = clk_register(dev, &gate_fn->gate.hw);
if (IS_ERR(clk))
+diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
+index 2bdc323..cf1c607 100644
+--- a/arch/arm/mach-mvebu/coherency.c
++++ b/arch/arm/mach-mvebu/coherency.c
+@@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np)
+
+ /*
+ * This ioremap hook is used on Armada 375/38x to ensure that PCIe
+- * memory areas are mapped as MT_UNCACHED instead of MT_DEVICE. This
++ * memory areas are mapped as MT_UNCACHED_RW instead of MT_DEVICE. This
+ * is needed as a workaround for a deadlock issue between the PCIe
+ * interface and the cache controller.
+ */
+@@ -329,7 +329,7 @@ armada_pcie_wa_ioremap_caller(phys_addr_t phys_addr, size_t size,
+ mvebu_mbus_get_pcie_mem_aperture(&pcie_mem);
+
+ if (pcie_mem.start <= phys_addr && (phys_addr + size) <= pcie_mem.end)
+- mtype = MT_UNCACHED;
++ mtype = MT_UNCACHED_RW;
+
+ return __arm_ioremap_caller(phys_addr, size, mtype, caller);
+ }
diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c
index aead77a..a2253fa 100644
--- a/arch/arm/mach-omap2/board-n8x0.c
@@ -4156,7 +4178,7 @@ index 78c02b3..c94109a 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 6c074f3..cd58cb7 100644
+index da1b256..ab2a327 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops {
@@ -12744,7 +12766,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index d24887b..267d526 100644
+index 27adfd9..bc3551d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -128,7 +128,7 @@ config X86
@@ -12798,7 +12820,7 @@ index d24887b..267d526 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1577,6 +1580,7 @@ source kernel/Kconfig.hz
+@@ -1578,6 +1581,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
@@ -12806,7 +12828,7 @@ index d24887b..267d526 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1727,7 +1731,9 @@ config X86_NEED_RELOCS
+@@ -1728,7 +1732,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12817,7 +12839,7 @@ index d24887b..267d526 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -1810,6 +1816,7 @@ config COMPAT_VDSO
+@@ -1811,6 +1817,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -18152,7 +18174,7 @@ index 81bb91b..9392125 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 0ec0560..f169e5b 100644
+index aa97a07..f169e5b 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -46,6 +46,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -18215,23 +18237,7 @@ index 0ec0560..f169e5b 100644
static inline int pte_dirty(pte_t pte)
{
return pte_flags(pte) & _PAGE_DIRTY;
-@@ -131,8 +171,13 @@ static inline int pte_exec(pte_t pte)
-
- static inline int pte_special(pte_t pte)
- {
-- return (pte_flags(pte) & (_PAGE_PRESENT|_PAGE_SPECIAL)) ==
-- (_PAGE_PRESENT|_PAGE_SPECIAL);
-+ /*
-+ * See CONFIG_NUMA_BALANCING pte_numa in include/asm-generic/pgtable.h.
-+ * On x86 we have _PAGE_BIT_NUMA == _PAGE_BIT_GLOBAL+1 ==
-+ * __PAGE_BIT_SOFTW1 == _PAGE_BIT_SPECIAL.
-+ */
-+ return (pte_flags(pte) & _PAGE_SPECIAL) &&
-+ (pte_flags(pte) & (_PAGE_PRESENT|_PAGE_PROTNONE));
- }
-
- static inline unsigned long pte_pfn(pte_t pte)
-@@ -150,6 +195,11 @@ static inline unsigned long pud_pfn(pud_t pud)
+@@ -155,6 +195,11 @@ static inline unsigned long pud_pfn(pud_t pud)
return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT;
}
@@ -18243,7 +18249,7 @@ index 0ec0560..f169e5b 100644
#define pte_page(pte) pfn_to_page(pte_pfn(pte))
static inline int pmd_large(pmd_t pte)
-@@ -203,9 +253,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
+@@ -208,9 +253,29 @@ static inline pte_t pte_wrprotect(pte_t pte)
return pte_clear_flags(pte, _PAGE_RW);
}
@@ -18274,7 +18280,7 @@ index 0ec0560..f169e5b 100644
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -435,6 +505,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -440,6 +505,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
@@ -18291,7 +18297,7 @@ index 0ec0560..f169e5b 100644
#include <linux/mm_types.h>
#include <linux/mmdebug.h>
#include <linux/log2.h>
-@@ -581,7 +661,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -586,7 +661,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -18300,7 +18306,7 @@ index 0ec0560..f169e5b 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -621,7 +701,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -626,7 +701,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -18309,7 +18315,7 @@ index 0ec0560..f169e5b 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -636,7 +716,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -641,7 +716,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -18318,7 +18324,7 @@ index 0ec0560..f169e5b 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -659,7 +739,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -664,7 +739,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -18332,7 +18338,7 @@ index 0ec0560..f169e5b 100644
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -670,6 +755,23 @@ static inline int pgd_none(pgd_t pgd)
+@@ -675,6 +755,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -18356,7 +18362,7 @@ index 0ec0560..f169e5b 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -836,11 +938,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -841,11 +938,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -28582,7 +28588,7 @@ index 49edf2d..c0d1362 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index ea5b570..960e4da 100644
+index e1e1e80..1400089 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -54,15 +54,13 @@
@@ -28779,7 +28785,7 @@ index 38a0afe..94421a9 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 0069118..c28ec0a 100644
+index 453e5fb..214168f 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -43299,19 +43305,6 @@ index 6866448..2ad2b34 100644
{
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
-diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c
-index 1bdcccc..f745d2c 100644
---- a/drivers/hid/hid-cherry.c
-+++ b/drivers/hid/hid-cherry.c
-@@ -28,7 +28,7 @@
- static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
-+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) {
- hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n");
- rdesc[11] = rdesc[16] = 0xff;
- rdesc[12] = rdesc[17] = 0x03;
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
index 8ed66fd..38ff772 100644
--- a/drivers/hid/hid-core.c
@@ -43334,80 +43327,6 @@ index 8ed66fd..38ff772 100644
hid_debug_register(hdev, dev_name(&hdev->dev));
ret = device_add(&hdev->dev);
-diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c
-index e776963..b92bf01 100644
---- a/drivers/hid/hid-kye.c
-+++ b/drivers/hid/hid-kye.c
-@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- * - change the button usage range to 4-7 for the extra
- * buttons
- */
-- if (*rsize >= 74 &&
-+ if (*rsize >= 75 &&
- rdesc[61] == 0x05 && rdesc[62] == 0x08 &&
- rdesc[63] == 0x19 && rdesc[64] == 0x08 &&
- rdesc[65] == 0x29 && rdesc[66] == 0x0f &&
-diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c
-index a976f48..f91ff14 100644
---- a/drivers/hid/hid-lg.c
-+++ b/drivers/hid/hid-lg.c
-@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- struct usb_device_descriptor *udesc;
- __u16 bcdDevice, rev_maj, rev_min;
-
-- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 &&
-+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 &&
- rdesc[84] == 0x8c && rdesc[85] == 0x02) {
- hid_info(hdev,
- "fixing up Logitech keyboard report descriptor\n");
- rdesc[84] = rdesc[89] = 0x4d;
- rdesc[85] = rdesc[90] = 0x10;
- }
-- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 &&
-+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 &&
- rdesc[32] == 0x81 && rdesc[33] == 0x06 &&
- rdesc[49] == 0x81 && rdesc[50] == 0x06) {
- hid_info(hdev,
-diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c
-index 486dbde..b7ba829 100644
---- a/drivers/hid/hid-logitech-dj.c
-+++ b/drivers/hid/hid-logitech-dj.c
-@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev,
- return;
- }
-
-- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
-- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
-- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n",
-- __func__, dj_report->device_index);
-- return;
-- }
--
- if (djrcv_dev->paired_dj_devices[dj_report->device_index]) {
- /* The device is already known. No need to reallocate it. */
- dbg_hid("%s: device is already known\n", __func__);
-@@ -557,7 +550,7 @@ static int logi_dj_ll_raw_request(struct hid_device *hid,
- if (!out_buf)
- return -ENOMEM;
-
-- if (count < DJREPORT_SHORT_LENGTH - 2)
-+ if (count > DJREPORT_SHORT_LENGTH - 2)
- count = DJREPORT_SHORT_LENGTH - 2;
-
- out_buf[0] = REPORT_ID_DJ_SHORT;
-@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev,
- * device (via hid_input_report() ) and return 1 so hid-core does not do
- * anything else with it.
- */
-+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) ||
-+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) {
-+ dev_err(&hdev->dev, "%s: invalid device index:%d\n",
-+ __func__, dj_report->device_index);
-+ return false;
-+ }
-
- spin_lock_irqsave(&djrcv_dev->lock, flags);
- if (dj_report->report_id == REPORT_ID_DJ_SHORT) {
diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c
index ecc2cbf..29a74c1 100644
--- a/drivers/hid/hid-magicmouse.c
@@ -43436,32 +43355,6 @@ index ecc2cbf..29a74c1 100644
msc->ntouches = 0;
for (ii = 0; ii < npoints; ii++)
magicmouse_emit_touch(msc, ii, data + ii * 8 + 6);
-diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c
-index 9e14c00..25daf28 100644
---- a/drivers/hid/hid-monterey.c
-+++ b/drivers/hid/hid-monterey.c
-@@ -24,7 +24,7 @@
- static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
-+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) {
- hid_info(hdev, "fixing up button/consumer in HID report descriptor\n");
- rdesc[30] = 0x0c;
- }
-diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c
-index 736b250..6aca4f2 100644
---- a/drivers/hid/hid-petalynx.c
-+++ b/drivers/hid/hid-petalynx.c
-@@ -25,7 +25,7 @@
- static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
-+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 &&
- rdesc[41] == 0x00 && rdesc[59] == 0x26 &&
- rdesc[60] == 0xf9 && rdesc[61] == 0x00) {
- hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n");
diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c
index acbb0210..020df3c 100644
--- a/drivers/hid/hid-picolcd_core.c
@@ -43479,19 +43372,6 @@ index acbb0210..020df3c 100644
if (report->id == REPORT_KEY_STATE) {
if (data->input_keys)
ret = picolcd_raw_keypad(data, report, raw_data+1, size-1);
-diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c
-index 87fc91e..91072fa 100644
---- a/drivers/hid/hid-sunplus.c
-+++ b/drivers/hid/hid-sunplus.c
-@@ -24,7 +24,7 @@
- static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc,
- unsigned int *rsize)
- {
-- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
-+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 &&
- rdesc[106] == 0x03) {
- hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n");
- rdesc[105] = rdesc[110] = 0x03;
diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c
index c13fb5b..55a3802 100644
--- a/drivers/hid/hid-wiimote-debug.c
@@ -48116,10 +47996,10 @@ index 738fa24..1568451 100644
+} __do_const;
#endif /* _DW_MMC_H_ */
diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c
-index 7ad463e..2aa0079 100644
+index 249ab80..9314ce1 100644
--- a/drivers/mmc/host/mmci.c
+++ b/drivers/mmc/host/mmci.c
-@@ -1506,7 +1506,9 @@ static int mmci_probe(struct amba_device *dev,
+@@ -1507,7 +1507,9 @@ static int mmci_probe(struct amba_device *dev,
mmc->caps |= MMC_CAP_CMD23;
if (variant->busy_detect) {
@@ -52083,7 +51963,7 @@ index 3cbb57a..95e47a3 100644
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 31184b3..cc44bbf 100644
+index 489e83b..193815b 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -701,10 +701,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
@@ -54375,10 +54255,10 @@ index c1d3ebd..f618a93 100644
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index fbf6c5a..3939d92 100644
+index ef2fb36..238d80c 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
-@@ -1333,7 +1333,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
+@@ -1336,7 +1336,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp)
pr_debug("uart_close(%d) called\n", uport ? uport->line : -1);
@@ -54387,7 +54267,7 @@ index fbf6c5a..3939d92 100644
return;
/*
-@@ -1460,7 +1460,7 @@ static void uart_hangup(struct tty_struct *tty)
+@@ -1463,7 +1463,7 @@ static void uart_hangup(struct tty_struct *tty)
uart_flush_buffer(tty);
uart_shutdown(tty, state);
spin_lock_irqsave(&port->lock, flags);
@@ -54396,7 +54276,7 @@ index fbf6c5a..3939d92 100644
clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags);
spin_unlock_irqrestore(&port->lock, flags);
tty_port_tty_set(port, NULL);
-@@ -1558,7 +1558,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1561,7 +1561,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
goto end;
}
@@ -54405,7 +54285,7 @@ index fbf6c5a..3939d92 100644
if (!state->uart_port || state->uart_port->flags & UPF_DEAD) {
retval = -ENXIO;
goto err_dec_count;
-@@ -1598,7 +1598,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
+@@ -1601,7 +1601,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp)
end:
return retval;
err_dec_count:
@@ -55215,7 +55095,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 257876e..4304364 100644
+index 0b59731..46ee7d1 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -55277,7 +55157,7 @@ index bec31e2..b8091cd 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 0e950ad..a2be5b0 100644
+index 27f2171..e3dfc22 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -55288,7 +55168,7 @@ index 0e950ad..a2be5b0 100644
#include <asm/uaccess.h>
#include <asm/byteorder.h>
-@@ -4594,6 +4595,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
+@@ -4644,6 +4645,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
goto done;
return;
}
@@ -55520,7 +55400,7 @@ index 7a55fea..cc0ed4f 100644
#include "u_uac1.h"
diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c
-index cc305c7..cf6da4a 100644
+index 6130b75..3b60008 100644
--- a/drivers/usb/host/ehci-hub.c
+++ b/drivers/usb/host/ehci-hub.c
@@ -771,7 +771,7 @@ static struct urb *request_single_step_set_feature_urb(
@@ -59263,7 +59143,7 @@ index 2946712..f737435 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index 1c9c5f0..94455bc 100644
+index 1c9c5f0..c935d6e 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -141,6 +141,7 @@ struct kioctx {
@@ -59399,6 +59279,19 @@ index 1c9c5f0..94455bc 100644
/*
* We have to order our ring_info tail store above and test
+@@ -1065,6 +1134,12 @@ static long aio_read_events_ring(struct kioctx *ctx,
+ tail = ring->tail;
+ kunmap_atomic(ring);
+
++ /*
++ * Ensure that once we've read the current tail pointer, that
++ * we also see the events that were stored up to the tail.
++ */
++ smp_rmb();
++
+ pr_debug("h%u t%u m%u\n", head, tail, ctx->nr_events);
+
+ if (head == tail)
diff --git a/fs/attr.c b/fs/attr.c
index 6530ced..4a827e2 100644
--- a/fs/attr.c
@@ -60553,7 +60446,7 @@ index aeab453..48dbafc 100644
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c
-index da775bf..882da68 100644
+index a2e90f8..5135e5f 100644
--- a/fs/btrfs/delayed-inode.c
+++ b/fs/btrfs/delayed-inode.c
@@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node,
@@ -61726,7 +61619,7 @@ index 06f6585..f95a6d1 100644
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 8c41b52..145b1b9 100644
+index 16a46b6..41696fd 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
@@ -62672,7 +62565,7 @@ index fca3820..e1ea241 100644
if (free_clusters >= (nclusters + dirty_clusters +
resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 7cc5a0e..851f176 100644
+index 1bbe7c3..c7442e2 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -1276,19 +1276,19 @@ struct ext4_sb_info {
@@ -62706,10 +62599,10 @@ index 7cc5a0e..851f176 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 2dcb936..f5625a0 100644
+index c3e7418..f62cab3 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
-@@ -1899,7 +1899,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
+@@ -1901,7 +1901,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
if (EXT4_SB(sb)->s_mb_stats)
@@ -62718,7 +62611,7 @@ index 2dcb936..f5625a0 100644
break;
}
-@@ -2209,7 +2209,7 @@ repeat:
+@@ -2211,7 +2211,7 @@ repeat:
ac->ac_status = AC_STATUS_CONTINUE;
ac->ac_flags |= EXT4_MB_HINT_FIRST;
cr = 3;
@@ -62727,7 +62620,7 @@ index 2dcb936..f5625a0 100644
goto repeat;
}
}
-@@ -2715,25 +2715,25 @@ int ext4_mb_release(struct super_block *sb)
+@@ -2717,25 +2717,25 @@ int ext4_mb_release(struct super_block *sb)
if (sbi->s_mb_stats) {
ext4_msg(sb, KERN_INFO,
"mballoc: %u blocks %u reqs (%u success)",
@@ -62763,7 +62656,7 @@ index 2dcb936..f5625a0 100644
}
free_percpu(sbi->s_locality_groups);
-@@ -3189,16 +3189,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3191,16 +3191,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -62786,7 +62679,7 @@ index 2dcb936..f5625a0 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3603,7 +3603,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3627,7 +3627,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -62795,7 +62688,7 @@ index 2dcb936..f5625a0 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3663,7 +3663,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3687,7 +3687,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -62804,7 +62697,7 @@ index 2dcb936..f5625a0 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3752,7 +3752,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3776,7 +3776,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -62813,7 +62706,7 @@ index 2dcb936..f5625a0 100644
return err;
}
-@@ -3770,7 +3770,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3794,7 +3794,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -62836,7 +62729,7 @@ index 32bce84..112d969 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 6df7bc6..410a655 100644
+index beeb5c4..998c28d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data)
@@ -64620,185 +64513,6 @@ index 6eecb7f..abec305 100644
put_cpu_var(last_ino);
return res;
}
-diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c
-index 4556ce1..5ddaf86 100644
---- a/fs/isofs/inode.c
-+++ b/fs/isofs/inode.c
-@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb)
- return;
- }
-
--static int isofs_read_inode(struct inode *);
-+static int isofs_read_inode(struct inode *, int relocated);
- static int isofs_statfs (struct dentry *, struct kstatfs *);
-
- static struct kmem_cache *isofs_inode_cachep;
-@@ -1259,7 +1259,7 @@ out_toomany:
- goto out;
- }
-
--static int isofs_read_inode(struct inode *inode)
-+static int isofs_read_inode(struct inode *inode, int relocated)
- {
- struct super_block *sb = inode->i_sb;
- struct isofs_sb_info *sbi = ISOFS_SB(sb);
-@@ -1404,7 +1404,7 @@ static int isofs_read_inode(struct inode *inode)
- */
-
- if (!high_sierra) {
-- parse_rock_ridge_inode(de, inode);
-+ parse_rock_ridge_inode(de, inode, relocated);
- /* if we want uid/gid set, override the rock ridge setting */
- if (sbi->s_uid_set)
- inode->i_uid = sbi->s_uid;
-@@ -1483,9 +1483,10 @@ static int isofs_iget5_set(struct inode *ino, void *data)
- * offset that point to the underlying meta-data for the inode. The
- * code below is otherwise similar to the iget() code in
- * include/linux/fs.h */
--struct inode *isofs_iget(struct super_block *sb,
-- unsigned long block,
-- unsigned long offset)
-+struct inode *__isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset,
-+ int relocated)
- {
- unsigned long hashval;
- struct inode *inode;
-@@ -1507,7 +1508,7 @@ struct inode *isofs_iget(struct super_block *sb,
- return ERR_PTR(-ENOMEM);
-
- if (inode->i_state & I_NEW) {
-- ret = isofs_read_inode(inode);
-+ ret = isofs_read_inode(inode, relocated);
- if (ret < 0) {
- iget_failed(inode);
- inode = ERR_PTR(ret);
-diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h
-index 9916723..0ac4c1f 100644
---- a/fs/isofs/isofs.h
-+++ b/fs/isofs/isofs.h
-@@ -107,7 +107,7 @@ extern int iso_date(char *, int);
-
- struct inode; /* To make gcc happy */
-
--extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *);
-+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated);
- extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *);
- extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *);
-
-@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int
- extern struct buffer_head *isofs_bread(struct inode *, sector_t);
- extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long);
-
--extern struct inode *isofs_iget(struct super_block *sb,
-- unsigned long block,
-- unsigned long offset);
-+struct inode *__isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset,
-+ int relocated);
-+
-+static inline struct inode *isofs_iget(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset)
-+{
-+ return __isofs_iget(sb, block, offset, 0);
-+}
-+
-+static inline struct inode *isofs_iget_reloc(struct super_block *sb,
-+ unsigned long block,
-+ unsigned long offset)
-+{
-+ return __isofs_iget(sb, block, offset, 1);
-+}
-
- /* Because the inode number is no longer relevant to finding the
- * underlying meta-data for an inode, we are free to choose a more
-diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c
-index c0bf424..f488bba 100644
---- a/fs/isofs/rock.c
-+++ b/fs/isofs/rock.c
-@@ -288,12 +288,16 @@ eio:
- goto out;
- }
-
-+#define RR_REGARD_XA 1
-+#define RR_RELOC_DE 2
-+
- static int
- parse_rock_ridge_inode_internal(struct iso_directory_record *de,
-- struct inode *inode, int regard_xa)
-+ struct inode *inode, int flags)
- {
- int symlink_len = 0;
- int cnt, sig;
-+ unsigned int reloc_block;
- struct inode *reloc;
- struct rock_ridge *rr;
- int rootflag;
-@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de,
-
- init_rock_state(&rs, inode);
- setup_rock_ridge(de, inode, &rs);
-- if (regard_xa) {
-+ if (flags & RR_REGARD_XA) {
- rs.chr += 14;
- rs.len -= 14;
- if (rs.len < 0)
-@@ -485,12 +489,22 @@ repeat:
- "relocated directory\n");
- goto out;
- case SIG('C', 'L'):
-- ISOFS_I(inode)->i_first_extent =
-- isonum_733(rr->u.CL.location);
-- reloc =
-- isofs_iget(inode->i_sb,
-- ISOFS_I(inode)->i_first_extent,
-- 0);
-+ if (flags & RR_RELOC_DE) {
-+ printk(KERN_ERR
-+ "ISOFS: Recursive directory relocation "
-+ "is not supported\n");
-+ goto eio;
-+ }
-+ reloc_block = isonum_733(rr->u.CL.location);
-+ if (reloc_block == ISOFS_I(inode)->i_iget5_block &&
-+ ISOFS_I(inode)->i_iget5_offset == 0) {
-+ printk(KERN_ERR
-+ "ISOFS: Directory relocation points to "
-+ "itself\n");
-+ goto eio;
-+ }
-+ ISOFS_I(inode)->i_first_extent = reloc_block;
-+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0);
- if (IS_ERR(reloc)) {
- ret = PTR_ERR(reloc);
- goto out;
-@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
- return rpnt;
- }
-
--int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
-+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode,
-+ int relocated)
- {
-- int result = parse_rock_ridge_inode_internal(de, inode, 0);
-+ int flags = relocated ? RR_RELOC_DE : 0;
-+ int result = parse_rock_ridge_inode_internal(de, inode, flags);
-
- /*
- * if rockridge flag was reset and we didn't look for attributes
-@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode)
- */
- if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1)
- && (ISOFS_SB(inode->i_sb)->s_rock == 2)) {
-- result = parse_rock_ridge_inode_internal(de, inode, 14);
-+ result = parse_rock_ridge_inode_internal(de, inode,
-+ flags | RR_REGARD_XA);
- }
- return result;
- }
diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c
index 4a6cf28..d3a29d3 100644
--- a/fs/jffs2/erase.c
@@ -65761,19 +65475,6 @@ index 9927913..faffc5c 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
-diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c
-index 8f854dd..d0fec26 100644
---- a/fs/nfs/nfs3acl.c
-+++ b/fs/nfs/nfs3acl.c
-@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data,
- char *p = data + *result;
-
- acl = get_acl(inode, type);
-- if (!acl)
-+ if (IS_ERR_OR_NULL(acl))
- return 0;
-
- posix_acl_release(acl);
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 8f029db..3688b84 100644
--- a/fs/nfsd/nfs4proc.c
@@ -94166,7 +93867,7 @@ index a63f4dc..349bbb0 100644
unsigned long timeout)
{
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index bc1638b..a7638fc 100644
+index 0acf96b..80ba955 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -1849,7 +1849,7 @@ void set_numabalancing_state(bool enabled)
@@ -94217,7 +93918,7 @@ index bc1638b..a7638fc 100644
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -4771,6 +4777,7 @@ void idle_task_exit(void)
+@@ -4772,6 +4778,7 @@ void idle_task_exit(void)
if (mm != &init_mm) {
switch_mm(mm, &init_mm, current);
@@ -94225,7 +93926,7 @@ index bc1638b..a7638fc 100644
finish_arch_post_lock_switch();
}
mmdrop(mm);
-@@ -4866,7 +4873,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4867,7 +4874,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -94234,7 +93935,7 @@ index bc1638b..a7638fc 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4883,17 +4890,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -4884,17 +4891,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -94256,7 +93957,7 @@ index bc1638b..a7638fc 100644
/*
* In the intermediate directories, both the child directory and
-@@ -4901,22 +4908,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -4902,22 +4909,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -94288,7 +93989,7 @@ index bc1638b..a7638fc 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -4936,7 +4946,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -4937,7 +4947,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -94297,7 +93998,7 @@ index bc1638b..a7638fc 100644
if (table == NULL)
return NULL;
-@@ -4974,9 +4984,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -4975,9 +4985,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -94309,7 +94010,7 @@ index bc1638b..a7638fc 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5003,11 +5013,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5004,11 +5014,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -94324,7 +94025,7 @@ index bc1638b..a7638fc 100644
if (entry == NULL)
return;
-@@ -5030,8 +5042,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5031,8 +5043,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -96291,6 +95992,19 @@ index ba967a1..2cc869a 100644
obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o
ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
+diff --git a/lib/assoc_array.c b/lib/assoc_array.c
+index c0b1007..ae146f0 100644
+--- a/lib/assoc_array.c
++++ b/lib/assoc_array.c
+@@ -1735,7 +1735,7 @@ ascend_old_tree:
+ gc_complete:
+ edit->set[0].to = new_root;
+ assoc_array_apply_edit(edit);
+- edit->array->nr_leaves_on_tree = nr_leaves_on_tree;
++ array->nr_leaves_on_tree = nr_leaves_on_tree;
+ return 0;
+
+ enomem:
diff --git a/lib/average.c b/lib/average.c
index 114d1be..ab0350c 100644
--- a/lib/average.c
@@ -99516,7 +99230,7 @@ index a013bc9..a897a14 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 8b44f76..babeaec 100644
+index 0a21f3d..babeaec 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -99553,34 +99267,7 @@ index 8b44f76..babeaec 100644
}
/*
-@@ -751,7 +757,7 @@ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr,
- unsigned long pfn = pte_pfn(pte);
-
- if (HAVE_PTE_SPECIAL) {
-- if (likely(!pte_special(pte) || pte_numa(pte)))
-+ if (likely(!pte_special(pte)))
- goto check_pfn;
- if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP))
- return NULL;
-@@ -777,15 +783,14 @@ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr,
- }
- }
-
-+ if (is_zero_pfn(pfn))
-+ return NULL;
- check_pfn:
- if (unlikely(pfn > highest_memmap_pfn)) {
- print_bad_pte(vma, addr, pte, NULL);
- return NULL;
- }
-
-- if (is_zero_pfn(pfn))
-- return NULL;
--
- /*
- * NOTE! We still have PageReserved() pages in the page tables.
- * eg. VDSO mappings can cause them to exist.
-@@ -1501,6 +1506,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1500,6 +1506,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -99591,7 +99278,7 @@ index 8b44f76..babeaec 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -1545,9 +1554,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -1544,9 +1554,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -99613,7 +99300,7 @@ index 8b44f76..babeaec 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -1630,6 +1651,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -1629,6 +1651,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -99621,7 +99308,7 @@ index 8b44f76..babeaec 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -1877,7 +1899,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -1876,7 +1899,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -99632,7 +99319,7 @@ index 8b44f76..babeaec 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -1897,7 +1921,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -1896,7 +1921,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -99643,7 +99330,7 @@ index 8b44f76..babeaec 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2019,6 +2045,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,
+@@ -2018,6 +2045,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page,
return ret;
}
@@ -99830,7 +99517,7 @@ index 8b44f76..babeaec 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2216,6 +2422,12 @@ gotten:
+@@ -2215,6 +2422,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -99843,7 +99530,7 @@ index 8b44f76..babeaec 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2267,6 +2479,10 @@ gotten:
+@@ -2266,6 +2479,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -99854,7 +99541,7 @@ index 8b44f76..babeaec 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -2540,6 +2756,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2539,6 +2756,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -99866,7 +99553,7 @@ index 8b44f76..babeaec 100644
unlock_page(page);
if (page != swapcache) {
/*
-@@ -2563,6 +2784,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2562,6 +2784,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -99878,7 +99565,7 @@ index 8b44f76..babeaec 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -2582,40 +2808,6 @@ out_release:
+@@ -2581,40 +2808,6 @@ out_release:
}
/*
@@ -99919,7 +99606,7 @@ index 8b44f76..babeaec 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -2624,27 +2816,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2623,27 +2816,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -99952,7 +99639,7 @@ index 8b44f76..babeaec 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -2668,6 +2856,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2667,6 +2856,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -99964,7 +99651,7 @@ index 8b44f76..babeaec 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -2675,6 +2868,12 @@ setpte:
+@@ -2674,6 +2868,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -99977,7 +99664,7 @@ index 8b44f76..babeaec 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -2906,6 +3105,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2905,6 +3105,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, false, false);
@@ -99989,7 +99676,7 @@ index 8b44f76..babeaec 100644
unlock_page(fault_page);
unlock_out:
pte_unmap_unlock(pte, ptl);
-@@ -2947,7 +3151,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2946,7 +3151,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
page_cache_release(fault_page);
goto uncharge_out;
}
@@ -100008,7 +99695,7 @@ index 8b44f76..babeaec 100644
pte_unmap_unlock(pte, ptl);
unlock_page(fault_page);
page_cache_release(fault_page);
-@@ -2995,6 +3210,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2994,6 +3210,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
return ret;
}
do_set_pte(vma, address, fault_page, pte, true, false);
@@ -100020,7 +99707,7 @@ index 8b44f76..babeaec 100644
pte_unmap_unlock(pte, ptl);
if (set_page_dirty(fault_page))
-@@ -3225,6 +3445,12 @@ static int handle_pte_fault(struct mm_struct *mm,
+@@ -3224,6 +3445,12 @@ static int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -100033,7 +99720,7 @@ index 8b44f76..babeaec 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3241,9 +3467,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3240,9 +3467,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -100075,7 +99762,7 @@ index 8b44f76..babeaec 100644
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
if (!pud)
-@@ -3371,6 +3629,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3370,6 +3629,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -100099,7 +99786,7 @@ index 8b44f76..babeaec 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3401,6 +3676,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3400,6 +3676,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -100130,7 +99817,7 @@ index 8b44f76..babeaec 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3414,7 +3713,7 @@ static int __init gate_vma_init(void)
+@@ -3413,7 +3713,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -100139,7 +99826,7 @@ index 8b44f76..babeaec 100644
return 0;
}
-@@ -3548,8 +3847,8 @@ out:
+@@ -3547,8 +3847,8 @@ out:
return ret;
}
@@ -100150,7 +99837,7 @@ index 8b44f76..babeaec 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -3575,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
+@@ -3574,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -100161,7 +99848,7 @@ index 8b44f76..babeaec 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -3584,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3583,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -100170,7 +99857,7 @@ index 8b44f76..babeaec 100644
void *maddr;
struct page *page = NULL;
-@@ -3643,8 +3942,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -3642,8 +3942,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -100181,7 +99868,7 @@ index 8b44f76..babeaec 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -3654,11 +3953,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -3653,11 +3953,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -103498,10 +103185,10 @@ index 4c524f7..f7601f17 100644
if (S_ISREG(inode->i_mode))
diff --git a/mm/util.c b/mm/util.c
-index d5ea733..e8953f9 100644
+index 33e9f44..be026b2 100644
--- a/mm/util.c
+++ b/mm/util.c
-@@ -299,6 +299,12 @@ done:
+@@ -296,6 +296,12 @@ done:
void arch_pick_mmap_layout(struct mm_struct *mm)
{
mm->mmap_base = TASK_UNMAPPED_BASE;
@@ -103514,7 +103201,7 @@ index d5ea733..e8953f9 100644
mm->get_unmapped_area = arch_get_unmapped_area;
}
#endif
-@@ -475,6 +481,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen)
+@@ -472,6 +478,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen)
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
@@ -109048,7 +108735,7 @@ index 6156f68..d6ab46d 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 5667b30..9b1b876 100644
+index 5667b30..2044f61 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -593,7 +593,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
@@ -109103,7 +108790,21 @@ index 5667b30..9b1b876 100644
for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
idx = 0;
head = &net->dev_index_head[h];
-@@ -4753,7 +4760,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+
+ rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+ dev->ifindex, 1);
+- if (rt) {
+- dst_hold(&rt->dst);
+- if (ip6_del_rt(rt))
+- dst_free(&rt->dst);
+- }
++ if (rt && ip6_del_rt(rt))
++ dst_free(&rt->dst);
+ }
+ dst_hold(&ifp->rt->dst);
+
+@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
dst_free(&ifp->rt->dst);
break;
}
@@ -109112,7 +108813,7 @@ index 5667b30..9b1b876 100644
rt_genid_bump_ipv6(net);
}
-@@ -4774,7 +4781,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
+@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -109121,7 +108822,7 @@ index 5667b30..9b1b876 100644
int ret;
/*
-@@ -4859,7 +4866,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
+@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -109983,6 +109684,20 @@ index 76125c5..e474828 100644
kfree_skb(skb);
}
+diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
+index 13752d9..b704a93 100644
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -755,7 +755,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
+ /* If PMTU discovery was enabled, use the MTU that was discovered */
+ dst = sk_dst_get(tunnel->sock);
+ if (dst != NULL) {
+- u32 pmtu = dst_mtu(__sk_dst_get(tunnel->sock));
++ u32 pmtu = dst_mtu(dst);
++
+ if (pmtu != 0)
+ session->mtu = session->mru = pmtu -
+ PPPOL2TP_HEADER_OVERHEAD;
diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c
index 1a3c7e0..80f8b0c 100644
--- a/net/llc/llc_proc.c
@@ -112246,10 +111961,10 @@ index 49fd21a..4bc455b 100644
goto err;
return 0;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-index e7323fb..5e892b3 100644
+index 06a5d92..c2fa21a 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_transport.c
+++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c
-@@ -294,7 +294,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -295,7 +295,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
return;
ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP);
@@ -112258,7 +111973,7 @@ index e7323fb..5e892b3 100644
while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) {
ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id;
-@@ -316,7 +316,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -317,7 +317,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt)
}
if (ctxt)
@@ -112267,7 +111982,7 @@ index e7323fb..5e892b3 100644
set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags);
/*
-@@ -391,7 +391,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -392,7 +392,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
return;
ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP);
@@ -112276,7 +111991,7 @@ index e7323fb..5e892b3 100644
while ((ret = ib_poll_cq(cq, ARRAY_SIZE(wc_a), wc_a)) > 0) {
int i;
-@@ -419,7 +419,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
+@@ -420,7 +420,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt)
}
if (ctxt)
@@ -112285,7 +112000,7 @@ index e7323fb..5e892b3 100644
}
static void sq_comp_handler(struct ib_cq *cq, void *cq_context)
-@@ -1278,7 +1278,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr)
+@@ -1279,7 +1279,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr)
spin_lock_bh(&xprt->sc_lock);
if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) {
spin_unlock_bh(&xprt->sc_lock);
@@ -123312,10 +123027,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..b565921
+index 0000000..37dbdb1
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,5510 @@
+@@ -0,0 +1,5511 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
+compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL
@@ -128017,6 +127732,7 @@ index 0000000..b565921
+il_dbgfs_tx_queue_read_55668 il_dbgfs_tx_queue_read 3 55668 NULL
+get_info_55681 get_info 3 55681 NULL
+iwl_dbgfs_plcp_delta_write_55682 iwl_dbgfs_plcp_delta_write 3 55682 NULL
++ext4_alloc_file_blocks_55689 ext4_alloc_file_blocks 3 55689 NULL
+genl_allocate_reserve_groups_55705 genl_allocate_reserve_groups 1 55705 NULL
+pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL
+tap_pwup_write_55723 tap_pwup_write 3 55723 NULL
diff --git a/3.16.1/4425_grsec_remove_EI_PAX.patch b/3.16.2/4425_grsec_remove_EI_PAX.patch
index fc51f79..fc51f79 100644
--- a/3.16.1/4425_grsec_remove_EI_PAX.patch
+++ b/3.16.2/4425_grsec_remove_EI_PAX.patch
diff --git a/3.16.1/4427_force_XATTR_PAX_tmpfs.patch b/3.16.2/4427_force_XATTR_PAX_tmpfs.patch
index bbcef41..bbcef41 100644
--- a/3.16.1/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.16.2/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.16.1/4430_grsec-remove-localversion-grsec.patch b/3.16.2/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.16.1/4430_grsec-remove-localversion-grsec.patch
+++ b/3.16.2/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.16.1/4435_grsec-mute-warnings.patch b/3.16.2/4435_grsec-mute-warnings.patch
index 41d43d5..41d43d5 100644
--- a/3.16.1/4435_grsec-mute-warnings.patch
+++ b/3.16.2/4435_grsec-mute-warnings.patch
diff --git a/3.16.1/4440_grsec-remove-protected-paths.patch b/3.16.2/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.16.1/4440_grsec-remove-protected-paths.patch
+++ b/3.16.2/4440_grsec-remove-protected-paths.patch
diff --git a/3.16.1/4450_grsec-kconfig-default-gids.patch b/3.16.2/4450_grsec-kconfig-default-gids.patch
index 0451e5a..0451e5a 100644
--- a/3.16.1/4450_grsec-kconfig-default-gids.patch
+++ b/3.16.2/4450_grsec-kconfig-default-gids.patch
diff --git a/3.16.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch
index fb528d0..fb528d0 100644
--- a/3.16.1/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.16.1/4470_disable-compat_vdso.patch b/3.16.2/4470_disable-compat_vdso.patch
index 0215f1e..0215f1e 100644
--- a/3.16.1/4470_disable-compat_vdso.patch
+++ b/3.16.2/4470_disable-compat_vdso.patch
diff --git a/3.16.1/4475_emutramp_default_on.patch b/3.16.2/4475_emutramp_default_on.patch
index cf88fd9..cf88fd9 100644
--- a/3.16.1/4475_emutramp_default_on.patch
+++ b/3.16.2/4475_emutramp_default_on.patch