diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2014-09-09 05:34:28 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2014-09-09 05:34:28 -0400 |
commit | c696e6fdf2e316c40e44284f13054817327a8be4 (patch) | |
tree | 3e9e2ef8b4011019042baef2d8c6fe5bc2541983 | |
parent | Grsec/PaX: 3.0-{3.14.17,3.16.1}-201409021826 (diff) | |
download | hardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.tar.gz hardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.tar.bz2 hardened-patchset-c696e6fdf2e316c40e44284f13054817327a8be4.zip |
Grsec/PaX: 3.0-{3.14.18,3.16.2}-201409060014
-rw-r--r-- | 3.14.18/0000_README (renamed from 3.14.17/0000_README) | 2 | ||||
-rw-r--r-- | 3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch (renamed from 3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch) | 451 | ||||
-rw-r--r-- | 3.14.18/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.17/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.17/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.17/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4435_grsec-mute-warnings.patch (renamed from 3.14.17/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4440_grsec-remove-protected-paths.patch (renamed from 3.14.17/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.17/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.17/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4470_disable-compat_vdso.patch (renamed from 3.14.17/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.14.18/4475_emutramp_default_on.patch (renamed from 3.14.17/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/0000_README (renamed from 3.16.1/0000_README) | 2 | ||||
-rw-r--r-- | 3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch (renamed from 3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch) | 630 | ||||
-rw-r--r-- | 3.16.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.16.1/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.16.1/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.16.1/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4435_grsec-mute-warnings.patch (renamed from 3.16.1/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4440_grsec-remove-protected-paths.patch (renamed from 3.16.1/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.16.1/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.16.1/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4470_disable-compat_vdso.patch (renamed from 3.16.1/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.16.2/4475_emutramp_default_on.patch (renamed from 3.16.1/4475_emutramp_default_on.patch) | 0 |
22 files changed, 266 insertions, 819 deletions
diff --git a/3.14.17/0000_README b/3.14.18/0000_README index 19f254f..e496f22 100644 --- a/3.14.17/0000_README +++ b/3.14.18/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.17-201409021816.patch +Patch: 4420_grsecurity-3.0-3.14.18-201409060013.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch b/3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch index 7887ba7..2207958 100644 --- a/3.14.17/4420_grsecurity-3.0-3.14.17-201409021816.patch +++ b/3.14.18/4420_grsecurity-3.0-3.14.18-201409060013.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 12aac03..33d9e9f 100644 +index 05279d4..c24e149 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3643,7 +3643,7 @@ index 78c02b3..c94109a 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 66c60fe..c78950d 100644 +index c914b00..8a653a7 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -12269,7 +12269,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index c718d9f..511e6fa 100644 +index e409891..d64a8f7 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -12325,7 +12325,7 @@ index c718d9f..511e6fa 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz +@@ -1624,6 +1625,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12333,7 +12333,7 @@ index c718d9f..511e6fa 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS +@@ -1775,7 +1777,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12344,7 +12344,7 @@ index c718d9f..511e6fa 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1855,9 +1859,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -28195,7 +28195,7 @@ index da6b35a..977e9cf 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 1f96f93..6f29be7 100644 +index 09ce23a..9293938 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -28401,7 +28401,7 @@ index c697625..a032162 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 0069118..c28ec0a 100644 +index 453e5fb..214168f 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -41665,19 +41665,6 @@ index 6866448..2ad2b34 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c -index 1bdcccc..f745d2c 100644 ---- a/drivers/hid/hid-cherry.c -+++ b/drivers/hid/hid-cherry.c -@@ -28,7 +28,7 @@ - static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { -+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { - hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n"); - rdesc[11] = rdesc[16] = 0xff; - rdesc[12] = rdesc[17] = 0x03; diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 7cd42ea..a367c48 100644 --- a/drivers/hid/hid-core.c @@ -41700,71 +41687,6 @@ index 7cd42ea..a367c48 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); -diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c -index e776963..b92bf01 100644 ---- a/drivers/hid/hid-kye.c -+++ b/drivers/hid/hid-kye.c -@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, - * - change the button usage range to 4-7 for the extra - * buttons - */ -- if (*rsize >= 74 && -+ if (*rsize >= 75 && - rdesc[61] == 0x05 && rdesc[62] == 0x08 && - rdesc[63] == 0x19 && rdesc[64] == 0x08 && - rdesc[65] == 0x29 && rdesc[66] == 0x0f && -diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c -index 9fe9d4a..b8207e0 100644 ---- a/drivers/hid/hid-lg.c -+++ b/drivers/hid/hid-lg.c -@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, - struct usb_device_descriptor *udesc; - __u16 bcdDevice, rev_maj, rev_min; - -- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && -+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 && - rdesc[84] == 0x8c && rdesc[85] == 0x02) { - hid_info(hdev, - "fixing up Logitech keyboard report descriptor\n"); - rdesc[84] = rdesc[89] = 0x4d; - rdesc[85] = rdesc[90] = 0x10; - } -- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && -+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 && - rdesc[32] == 0x81 && rdesc[33] == 0x06 && - rdesc[49] == 0x81 && rdesc[50] == 0x06) { - hid_info(hdev, -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index f45279c..0b14d32 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -237,13 +237,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, - return; - } - -- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n", -- __func__, dj_report->device_index); -- return; -- } -- - if (djrcv_dev->paired_dj_devices[dj_report->device_index]) { - /* The device is already known. No need to reallocate it. */ - dbg_hid("%s: device is already known\n", __func__); -@@ -721,6 +714,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, - * device (via hid_input_report() ) and return 1 so hid-core does not do - * anything else with it. - */ -+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -+ dev_err(&hdev->dev, "%s: invalid device index:%d\n", -+ __func__, dj_report->device_index); -+ return false; -+ } - - spin_lock_irqsave(&djrcv_dev->lock, flags); - if (dj_report->report_id == REPORT_ID_DJ_SHORT) { diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c index 3b43d1c..991ba79 100644 --- a/drivers/hid/hid-magicmouse.c @@ -41793,32 +41715,6 @@ index 3b43d1c..991ba79 100644 msc->ntouches = 0; for (ii = 0; ii < npoints; ii++) magicmouse_emit_touch(msc, ii, data + ii * 8 + 6); -diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c -index 9e14c00..25daf28 100644 ---- a/drivers/hid/hid-monterey.c -+++ b/drivers/hid/hid-monterey.c -@@ -24,7 +24,7 @@ - static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { -+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { - hid_info(hdev, "fixing up button/consumer in HID report descriptor\n"); - rdesc[30] = 0x0c; - } -diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c -index 736b250..6aca4f2 100644 ---- a/drivers/hid/hid-petalynx.c -+++ b/drivers/hid/hid-petalynx.c -@@ -25,7 +25,7 @@ - static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && -+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && - rdesc[41] == 0x00 && rdesc[59] == 0x26 && - rdesc[60] == 0xf9 && rdesc[61] == 0x00) { - hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n"); diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c index acbb0210..020df3c 100644 --- a/drivers/hid/hid-picolcd_core.c @@ -41836,19 +41732,6 @@ index acbb0210..020df3c 100644 if (report->id == REPORT_KEY_STATE) { if (data->input_keys) ret = picolcd_raw_keypad(data, report, raw_data+1, size-1); -diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c -index 87fc91e..91072fa 100644 ---- a/drivers/hid/hid-sunplus.c -+++ b/drivers/hid/hid-sunplus.c -@@ -24,7 +24,7 @@ - static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && -+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && - rdesc[106] == 0x03) { - hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n"); - rdesc[105] = rdesc[110] = 0x03; diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -49475,7 +49358,7 @@ index f28ea07..34b16d3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 868318a..e07ef3b 100644 +index 528bff5..84963854 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -571,7 +571,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -51766,10 +51649,10 @@ index 9cd706d..6ff2de7 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index ece2049b..fba2524 100644 +index 25b8f68..3e23c14 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1451,7 +1451,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -51778,7 +51661,7 @@ index ece2049b..fba2524 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1544,7 +1544,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1547,7 +1547,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -51787,7 +51670,7 @@ index ece2049b..fba2524 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1572,7 +1572,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1575,7 +1575,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) /* * Make sure the device is in D0 state. */ @@ -51796,7 +51679,7 @@ index ece2049b..fba2524 100644 uart_change_pm(state, UART_PM_STATE_ON); /* -@@ -1590,7 +1590,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1593,7 +1593,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -52606,7 +52489,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 90e18f6..5eeda46 100644 +index 9ca7716..a2ccc2e 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -52668,7 +52551,7 @@ index 2518c32..1c201bb 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 36b1e85..18fb0a4 100644 +index 6650df7..3a94427 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -52679,7 +52562,7 @@ index 36b1e85..18fb0a4 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4502,6 +4503,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, +@@ -4549,6 +4550,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, goto done; return; } @@ -52911,7 +52794,7 @@ index 7a55fea..cc0ed4f 100644 #include "u_uac1.h" diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index 7ae0c4d..35521b7 100644 +index 7d6f64c..37a1efc 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c @@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb( @@ -56682,7 +56565,7 @@ index ce25d75..dc09eeb 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 6d68e01..573d8dc 100644 +index 6d68e01..6bc8e9a 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -56694,6 +56577,19 @@ index 6d68e01..573d8dc 100644 return -EINVAL; file = aio_private_file(ctx, nr_pages); +@@ -1065,6 +1065,12 @@ static long aio_read_events_ring(struct kioctx *ctx, + tail = ring->tail; + kunmap_atomic(ring); + ++ /* ++ * Ensure that once we've read the current tail pointer, that ++ * we also see the events that were stored up to the tail. ++ */ ++ smp_rmb(); ++ + pr_debug("h%u t%u m%u\n", head, tail, ctx->nr_events); + + if (head == tail) diff --git a/fs/attr.c b/fs/attr.c index 6530ced..4a827e2 100644 --- a/fs/attr.c @@ -59051,7 +58947,7 @@ index 7f3b400..9c911f2 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 9c0444c..628490c 100644 +index 1576195..49a19ae 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -60046,10 +59942,10 @@ index e6574d7..c30cbe2 100644 brelse(bh); bh = NULL; diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 502f0fd..bf3b3c1 100644 +index 242226a..f3eb6c1 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -60058,7 +59954,7 @@ index 502f0fd..bf3b3c1 100644 break; } -@@ -2189,7 +2189,7 @@ repeat: +@@ -2191,7 +2191,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -60067,7 +59963,7 @@ index 502f0fd..bf3b3c1 100644 goto repeat; } } -@@ -2697,25 +2697,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -60103,7 +59999,7 @@ index 502f0fd..bf3b3c1 100644 } free_percpu(sbi->s_locality_groups); -@@ -3169,16 +3169,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -60126,7 +60022,7 @@ index 502f0fd..bf3b3c1 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3583,7 +3583,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -60135,7 +60031,7 @@ index 502f0fd..bf3b3c1 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3643,7 +3643,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -60144,7 +60040,7 @@ index 502f0fd..bf3b3c1 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3732,7 +3732,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -60153,7 +60049,7 @@ index 502f0fd..bf3b3c1 100644 return err; } -@@ -3750,7 +3750,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -60176,7 +60072,7 @@ index 04434ad..6404663 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 25b327e..56f169d 100644 +index a46030d..1477295 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -61960,185 +61856,6 @@ index e846a32..bb06bd0 100644 put_cpu_var(last_ino); return res; } -diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c -index 4a9e10e..a9daccb 100644 ---- a/fs/isofs/inode.c -+++ b/fs/isofs/inode.c -@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb) - return; - } - --static int isofs_read_inode(struct inode *); -+static int isofs_read_inode(struct inode *, int relocated); - static int isofs_statfs (struct dentry *, struct kstatfs *); - - static struct kmem_cache *isofs_inode_cachep; -@@ -1258,7 +1258,7 @@ out_toomany: - goto out; - } - --static int isofs_read_inode(struct inode *inode) -+static int isofs_read_inode(struct inode *inode, int relocated) - { - struct super_block *sb = inode->i_sb; - struct isofs_sb_info *sbi = ISOFS_SB(sb); -@@ -1403,7 +1403,7 @@ static int isofs_read_inode(struct inode *inode) - */ - - if (!high_sierra) { -- parse_rock_ridge_inode(de, inode); -+ parse_rock_ridge_inode(de, inode, relocated); - /* if we want uid/gid set, override the rock ridge setting */ - if (sbi->s_uid_set) - inode->i_uid = sbi->s_uid; -@@ -1482,9 +1482,10 @@ static int isofs_iget5_set(struct inode *ino, void *data) - * offset that point to the underlying meta-data for the inode. The - * code below is otherwise similar to the iget() code in - * include/linux/fs.h */ --struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset) -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated) - { - unsigned long hashval; - struct inode *inode; -@@ -1506,7 +1507,7 @@ struct inode *isofs_iget(struct super_block *sb, - return ERR_PTR(-ENOMEM); - - if (inode->i_state & I_NEW) { -- ret = isofs_read_inode(inode); -+ ret = isofs_read_inode(inode, relocated); - if (ret < 0) { - iget_failed(inode); - inode = ERR_PTR(ret); -diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h -index 9916723..0ac4c1f 100644 ---- a/fs/isofs/isofs.h -+++ b/fs/isofs/isofs.h -@@ -107,7 +107,7 @@ extern int iso_date(char *, int); - - struct inode; /* To make gcc happy */ - --extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *); -+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated); - extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *); - extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *); - -@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int - extern struct buffer_head *isofs_bread(struct inode *, sector_t); - extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long); - --extern struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset); -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated); -+ -+static inline struct inode *isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 0); -+} -+ -+static inline struct inode *isofs_iget_reloc(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 1); -+} - - /* Because the inode number is no longer relevant to finding the - * underlying meta-data for an inode, we are free to choose a more -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index c0bf424..f488bba 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -288,12 +288,16 @@ eio: - goto out; - } - -+#define RR_REGARD_XA 1 -+#define RR_RELOC_DE 2 -+ - static int - parse_rock_ridge_inode_internal(struct iso_directory_record *de, -- struct inode *inode, int regard_xa) -+ struct inode *inode, int flags) - { - int symlink_len = 0; - int cnt, sig; -+ unsigned int reloc_block; - struct inode *reloc; - struct rock_ridge *rr; - int rootflag; -@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de, - - init_rock_state(&rs, inode); - setup_rock_ridge(de, inode, &rs); -- if (regard_xa) { -+ if (flags & RR_REGARD_XA) { - rs.chr += 14; - rs.len -= 14; - if (rs.len < 0) -@@ -485,12 +489,22 @@ repeat: - "relocated directory\n"); - goto out; - case SIG('C', 'L'): -- ISOFS_I(inode)->i_first_extent = -- isonum_733(rr->u.CL.location); -- reloc = -- isofs_iget(inode->i_sb, -- ISOFS_I(inode)->i_first_extent, -- 0); -+ if (flags & RR_RELOC_DE) { -+ printk(KERN_ERR -+ "ISOFS: Recursive directory relocation " -+ "is not supported\n"); -+ goto eio; -+ } -+ reloc_block = isonum_733(rr->u.CL.location); -+ if (reloc_block == ISOFS_I(inode)->i_iget5_block && -+ ISOFS_I(inode)->i_iget5_offset == 0) { -+ printk(KERN_ERR -+ "ISOFS: Directory relocation points to " -+ "itself\n"); -+ goto eio; -+ } -+ ISOFS_I(inode)->i_first_extent = reloc_block; -+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0); - if (IS_ERR(reloc)) { - ret = PTR_ERR(reloc); - goto out; -@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - return rpnt; - } - --int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) -+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode, -+ int relocated) - { -- int result = parse_rock_ridge_inode_internal(de, inode, 0); -+ int flags = relocated ? RR_RELOC_DE : 0; -+ int result = parse_rock_ridge_inode_internal(de, inode, flags); - - /* - * if rockridge flag was reset and we didn't look for attributes -@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) - */ - if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) - && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { -- result = parse_rock_ridge_inode_internal(de, inode, 14); -+ result = parse_rock_ridge_inode_internal(de, inode, -+ flags | RR_REGARD_XA); - } - return result; - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -63100,19 +62817,6 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c -index 8f854dd..d0fec26 100644 ---- a/fs/nfs/nfs3acl.c -+++ b/fs/nfs/nfs3acl.c -@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, - char *p = data + *result; - - acl = get_acl(inode, type); -- if (!acl) -+ if (IS_ERR_OR_NULL(acl)) - return 0; - - posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -90668,7 +90372,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 515e212..268a828 100644 +index 677ebad..e39b352 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -90719,7 +90423,7 @@ index 515e212..268a828 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4726,8 +4732,10 @@ void idle_task_exit(void) +@@ -4727,8 +4733,10 @@ void idle_task_exit(void) BUG_ON(cpu_online(smp_processor_id())); @@ -90731,7 +90435,7 @@ index 515e212..268a828 100644 mmdrop(mm); } -@@ -4805,7 +4813,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4806,7 +4814,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -90740,7 +90444,7 @@ index 515e212..268a828 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4822,17 +4830,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4823,17 +4831,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -90762,7 +90466,7 @@ index 515e212..268a828 100644 /* * In the intermediate directories, both the child directory and -@@ -4840,22 +4848,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4841,22 +4849,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -90794,7 +90498,7 @@ index 515e212..268a828 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4875,7 +4886,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4876,7 +4887,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -90803,7 +90507,7 @@ index 515e212..268a828 100644 if (table == NULL) return NULL; -@@ -4910,9 +4921,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4911,9 +4922,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -90815,7 +90519,7 @@ index 515e212..268a828 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -4939,11 +4950,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -4940,11 +4951,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -90830,7 +90534,7 @@ index 515e212..268a828 100644 if (entry == NULL) return; -@@ -4966,8 +4979,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -4967,8 +4980,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -92433,6 +92137,19 @@ index 48140e3..de854e5 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) +diff --git a/lib/assoc_array.c b/lib/assoc_array.c +index c0b1007..ae146f0 100644 +--- a/lib/assoc_array.c ++++ b/lib/assoc_array.c +@@ -1735,7 +1735,7 @@ ascend_old_tree: + gc_complete: + edit->set[0].to = new_root; + assoc_array_apply_edit(edit); +- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; ++ array->nr_leaves_on_tree = nr_leaves_on_tree; + return 0; + + enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -97702,10 +97419,10 @@ index 4a7f7e6..22cddf5 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index a24aa22..a0d41ae 100644 +index c1010cb..91e1a36 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -297,6 +297,12 @@ done: +@@ -294,6 +294,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -100932,7 +100649,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 6c7fa08..8a31430 100644 +index 6c7fa08..7c5abd70 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -598,7 +598,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -100987,7 +100704,21 @@ index 6c7fa08..8a31430 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4758,7 +4765,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4746,11 +4753,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + + rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, + dev->ifindex, 1); +- if (rt) { +- dst_hold(&rt->dst); +- if (ip6_del_rt(rt)) +- dst_free(&rt->dst); +- } ++ if (rt && ip6_del_rt(rt)) ++ dst_free(&rt->dst); + } + dst_hold(&ifp->rt->dst); + +@@ -4758,7 +4762,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -100996,7 +100727,7 @@ index 6c7fa08..8a31430 100644 rt_genid_bump_ipv6(net); } -@@ -4779,7 +4786,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4779,7 +4783,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -101005,7 +100736,7 @@ index 6c7fa08..8a31430 100644 int ret; /* -@@ -4864,7 +4871,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4864,7 +4868,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -103996,10 +103727,10 @@ index c1d124d..acfc59e 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index 62e4f9b..dd3f2d7 100644 +index ed36cb5..c55d17f 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c -@@ -292,7 +292,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -293,7 +293,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP); @@ -104008,7 +103739,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) { ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; -@@ -314,7 +314,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -315,7 +315,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -104017,7 +103748,7 @@ index 62e4f9b..dd3f2d7 100644 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); /* -@@ -386,7 +386,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -387,7 +387,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP); @@ -104026,7 +103757,7 @@ index 62e4f9b..dd3f2d7 100644 while ((ret = ib_poll_cq(cq, 1, &wc)) > 0) { if (wc.status != IB_WC_SUCCESS) /* Close the transport */ -@@ -404,7 +404,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -405,7 +405,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -104035,7 +103766,7 @@ index 62e4f9b..dd3f2d7 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1262,7 +1262,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1263,7 +1263,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); diff --git a/3.14.17/4425_grsec_remove_EI_PAX.patch b/3.14.18/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.17/4425_grsec_remove_EI_PAX.patch +++ b/3.14.18/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.17/4427_force_XATTR_PAX_tmpfs.patch b/3.14.18/4427_force_XATTR_PAX_tmpfs.patch index 11a7d2c..11a7d2c 100644 --- a/3.14.17/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.18/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.17/4430_grsec-remove-localversion-grsec.patch b/3.14.18/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.17/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.18/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.17/4435_grsec-mute-warnings.patch b/3.14.18/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.17/4435_grsec-mute-warnings.patch +++ b/3.14.18/4435_grsec-mute-warnings.patch diff --git a/3.14.17/4440_grsec-remove-protected-paths.patch b/3.14.18/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.17/4440_grsec-remove-protected-paths.patch +++ b/3.14.18/4440_grsec-remove-protected-paths.patch diff --git a/3.14.17/4450_grsec-kconfig-default-gids.patch b/3.14.18/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.14.17/4450_grsec-kconfig-default-gids.patch +++ b/3.14.18/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.18/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.17/4470_disable-compat_vdso.patch b/3.14.18/4470_disable-compat_vdso.patch index 35a4840..35a4840 100644 --- a/3.14.17/4470_disable-compat_vdso.patch +++ b/3.14.18/4470_disable-compat_vdso.patch diff --git a/3.14.17/4475_emutramp_default_on.patch b/3.14.18/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.17/4475_emutramp_default_on.patch +++ b/3.14.18/4475_emutramp_default_on.patch diff --git a/3.16.1/0000_README b/3.16.2/0000_README index 7a2bc49..7c596e8 100644 --- a/3.16.1/0000_README +++ b/3.16.2/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.16.1-201409021826.patch +Patch: 4420_grsecurity-3.0-3.16.2-201409060014.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch b/3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch index 624c5fb..83965d3 100644 --- a/3.16.1/4420_grsecurity-3.0-3.16.1-201409021826.patch +++ b/3.16.2/4420_grsecurity-3.0-3.16.2-201409060014.patch @@ -785,7 +785,7 @@ index ee78eba..a06b48d 100644 Daniel Borkmann <dborkman@redhat.com> -Alexei Starovoitov <ast@plumgrid.com> diff --git a/Makefile b/Makefile -index 87663a2..906dc62 100644 +index c261752..7b9958b 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4019,6 +4019,28 @@ index 255f33a..507b157 100644 clk = clk_register(dev, &gate_fn->gate.hw); if (IS_ERR(clk)) +diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c +index 2bdc323..cf1c607 100644 +--- a/arch/arm/mach-mvebu/coherency.c ++++ b/arch/arm/mach-mvebu/coherency.c +@@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np) + + /* + * This ioremap hook is used on Armada 375/38x to ensure that PCIe +- * memory areas are mapped as MT_UNCACHED instead of MT_DEVICE. This ++ * memory areas are mapped as MT_UNCACHED_RW instead of MT_DEVICE. This + * is needed as a workaround for a deadlock issue between the PCIe + * interface and the cache controller. + */ +@@ -329,7 +329,7 @@ armada_pcie_wa_ioremap_caller(phys_addr_t phys_addr, size_t size, + mvebu_mbus_get_pcie_mem_aperture(&pcie_mem); + + if (pcie_mem.start <= phys_addr && (phys_addr + size) <= pcie_mem.end) +- mtype = MT_UNCACHED; ++ mtype = MT_UNCACHED_RW; + + return __arm_ioremap_caller(phys_addr, size, mtype, caller); + } diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c index aead77a..a2253fa 100644 --- a/arch/arm/mach-omap2/board-n8x0.c @@ -4156,7 +4178,7 @@ index 78c02b3..c94109a 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 6c074f3..cd58cb7 100644 +index da1b256..ab2a327 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops { @@ -12744,7 +12766,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index d24887b..267d526 100644 +index 27adfd9..bc3551d 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -128,7 +128,7 @@ config X86 @@ -12798,7 +12820,7 @@ index d24887b..267d526 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1577,6 +1580,7 @@ source kernel/Kconfig.hz +@@ -1578,6 +1581,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12806,7 +12828,7 @@ index d24887b..267d526 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1727,7 +1731,9 @@ config X86_NEED_RELOCS +@@ -1728,7 +1732,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12817,7 +12839,7 @@ index d24887b..267d526 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1810,6 +1816,7 @@ config COMPAT_VDSO +@@ -1811,6 +1817,7 @@ config COMPAT_VDSO def_bool n prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)" depends on X86_32 || IA32_EMULATION @@ -18152,7 +18174,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 0ec0560..f169e5b 100644 +index aa97a07..f169e5b 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -46,6 +46,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -18215,23 +18237,7 @@ index 0ec0560..f169e5b 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -131,8 +171,13 @@ static inline int pte_exec(pte_t pte) - - static inline int pte_special(pte_t pte) - { -- return (pte_flags(pte) & (_PAGE_PRESENT|_PAGE_SPECIAL)) == -- (_PAGE_PRESENT|_PAGE_SPECIAL); -+ /* -+ * See CONFIG_NUMA_BALANCING pte_numa in include/asm-generic/pgtable.h. -+ * On x86 we have _PAGE_BIT_NUMA == _PAGE_BIT_GLOBAL+1 == -+ * __PAGE_BIT_SOFTW1 == _PAGE_BIT_SPECIAL. -+ */ -+ return (pte_flags(pte) & _PAGE_SPECIAL) && -+ (pte_flags(pte) & (_PAGE_PRESENT|_PAGE_PROTNONE)); - } - - static inline unsigned long pte_pfn(pte_t pte) -@@ -150,6 +195,11 @@ static inline unsigned long pud_pfn(pud_t pud) +@@ -155,6 +195,11 @@ static inline unsigned long pud_pfn(pud_t pud) return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT; } @@ -18243,7 +18249,7 @@ index 0ec0560..f169e5b 100644 #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) -@@ -203,9 +253,29 @@ static inline pte_t pte_wrprotect(pte_t pte) +@@ -208,9 +253,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -18274,7 +18280,7 @@ index 0ec0560..f169e5b 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -435,6 +505,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -440,6 +505,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -18291,7 +18297,7 @@ index 0ec0560..f169e5b 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -581,7 +661,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -586,7 +661,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -18300,7 +18306,7 @@ index 0ec0560..f169e5b 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -621,7 +701,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -626,7 +701,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -18309,7 +18315,7 @@ index 0ec0560..f169e5b 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -636,7 +716,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -641,7 +716,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -18318,7 +18324,7 @@ index 0ec0560..f169e5b 100644 } static inline int pgd_none(pgd_t pgd) -@@ -659,7 +739,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -664,7 +739,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -18332,7 +18338,7 @@ index 0ec0560..f169e5b 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -670,6 +755,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -675,6 +755,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -18356,7 +18362,7 @@ index 0ec0560..f169e5b 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -836,11 +938,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -841,11 +938,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -28582,7 +28588,7 @@ index 49edf2d..c0d1362 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index ea5b570..960e4da 100644 +index e1e1e80..1400089 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -54,15 +54,13 @@ @@ -28779,7 +28785,7 @@ index 38a0afe..94421a9 100644 out: diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 0069118..c28ec0a 100644 +index 453e5fb..214168f 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -43299,19 +43305,6 @@ index 6866448..2ad2b34 100644 { /* copy over all the bus versions */ if (dev->bus && dev->bus->pm) { -diff --git a/drivers/hid/hid-cherry.c b/drivers/hid/hid-cherry.c -index 1bdcccc..f745d2c 100644 ---- a/drivers/hid/hid-cherry.c -+++ b/drivers/hid/hid-cherry.c -@@ -28,7 +28,7 @@ - static __u8 *ch_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 17 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { -+ if (*rsize >= 18 && rdesc[11] == 0x3c && rdesc[12] == 0x02) { - hid_info(hdev, "fixing up Cherry Cymotion report descriptor\n"); - rdesc[11] = rdesc[16] = 0xff; - rdesc[12] = rdesc[17] = 0x03; diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c index 8ed66fd..38ff772 100644 --- a/drivers/hid/hid-core.c @@ -43334,80 +43327,6 @@ index 8ed66fd..38ff772 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); -diff --git a/drivers/hid/hid-kye.c b/drivers/hid/hid-kye.c -index e776963..b92bf01 100644 ---- a/drivers/hid/hid-kye.c -+++ b/drivers/hid/hid-kye.c -@@ -300,7 +300,7 @@ static __u8 *kye_report_fixup(struct hid_device *hdev, __u8 *rdesc, - * - change the button usage range to 4-7 for the extra - * buttons - */ -- if (*rsize >= 74 && -+ if (*rsize >= 75 && - rdesc[61] == 0x05 && rdesc[62] == 0x08 && - rdesc[63] == 0x19 && rdesc[64] == 0x08 && - rdesc[65] == 0x29 && rdesc[66] == 0x0f && -diff --git a/drivers/hid/hid-lg.c b/drivers/hid/hid-lg.c -index a976f48..f91ff14 100644 ---- a/drivers/hid/hid-lg.c -+++ b/drivers/hid/hid-lg.c -@@ -345,14 +345,14 @@ static __u8 *lg_report_fixup(struct hid_device *hdev, __u8 *rdesc, - struct usb_device_descriptor *udesc; - __u16 bcdDevice, rev_maj, rev_min; - -- if ((drv_data->quirks & LG_RDESC) && *rsize >= 90 && rdesc[83] == 0x26 && -+ if ((drv_data->quirks & LG_RDESC) && *rsize >= 91 && rdesc[83] == 0x26 && - rdesc[84] == 0x8c && rdesc[85] == 0x02) { - hid_info(hdev, - "fixing up Logitech keyboard report descriptor\n"); - rdesc[84] = rdesc[89] = 0x4d; - rdesc[85] = rdesc[90] = 0x10; - } -- if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 50 && -+ if ((drv_data->quirks & LG_RDESC_REL_ABS) && *rsize >= 51 && - rdesc[32] == 0x81 && rdesc[33] == 0x06 && - rdesc[49] == 0x81 && rdesc[50] == 0x06) { - hid_info(hdev, -diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c -index 486dbde..b7ba829 100644 ---- a/drivers/hid/hid-logitech-dj.c -+++ b/drivers/hid/hid-logitech-dj.c -@@ -238,13 +238,6 @@ static void logi_dj_recv_add_djhid_device(struct dj_receiver_dev *djrcv_dev, - return; - } - -- if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -- (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -- dev_err(&djrcv_hdev->dev, "%s: invalid device index:%d\n", -- __func__, dj_report->device_index); -- return; -- } -- - if (djrcv_dev->paired_dj_devices[dj_report->device_index]) { - /* The device is already known. No need to reallocate it. */ - dbg_hid("%s: device is already known\n", __func__); -@@ -557,7 +550,7 @@ static int logi_dj_ll_raw_request(struct hid_device *hid, - if (!out_buf) - return -ENOMEM; - -- if (count < DJREPORT_SHORT_LENGTH - 2) -+ if (count > DJREPORT_SHORT_LENGTH - 2) - count = DJREPORT_SHORT_LENGTH - 2; - - out_buf[0] = REPORT_ID_DJ_SHORT; -@@ -690,6 +683,12 @@ static int logi_dj_raw_event(struct hid_device *hdev, - * device (via hid_input_report() ) and return 1 so hid-core does not do - * anything else with it. - */ -+ if ((dj_report->device_index < DJ_DEVICE_INDEX_MIN) || -+ (dj_report->device_index > DJ_DEVICE_INDEX_MAX)) { -+ dev_err(&hdev->dev, "%s: invalid device index:%d\n", -+ __func__, dj_report->device_index); -+ return false; -+ } - - spin_lock_irqsave(&djrcv_dev->lock, flags); - if (dj_report->report_id == REPORT_ID_DJ_SHORT) { diff --git a/drivers/hid/hid-magicmouse.c b/drivers/hid/hid-magicmouse.c index ecc2cbf..29a74c1 100644 --- a/drivers/hid/hid-magicmouse.c @@ -43436,32 +43355,6 @@ index ecc2cbf..29a74c1 100644 msc->ntouches = 0; for (ii = 0; ii < npoints; ii++) magicmouse_emit_touch(msc, ii, data + ii * 8 + 6); -diff --git a/drivers/hid/hid-monterey.c b/drivers/hid/hid-monterey.c -index 9e14c00..25daf28 100644 ---- a/drivers/hid/hid-monterey.c -+++ b/drivers/hid/hid-monterey.c -@@ -24,7 +24,7 @@ - static __u8 *mr_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 30 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { -+ if (*rsize >= 31 && rdesc[29] == 0x05 && rdesc[30] == 0x09) { - hid_info(hdev, "fixing up button/consumer in HID report descriptor\n"); - rdesc[30] = 0x0c; - } -diff --git a/drivers/hid/hid-petalynx.c b/drivers/hid/hid-petalynx.c -index 736b250..6aca4f2 100644 ---- a/drivers/hid/hid-petalynx.c -+++ b/drivers/hid/hid-petalynx.c -@@ -25,7 +25,7 @@ - static __u8 *pl_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 60 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && -+ if (*rsize >= 62 && rdesc[39] == 0x2a && rdesc[40] == 0xf5 && - rdesc[41] == 0x00 && rdesc[59] == 0x26 && - rdesc[60] == 0xf9 && rdesc[61] == 0x00) { - hid_info(hdev, "fixing up Petalynx Maxter Remote report descriptor\n"); diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c index acbb0210..020df3c 100644 --- a/drivers/hid/hid-picolcd_core.c @@ -43479,19 +43372,6 @@ index acbb0210..020df3c 100644 if (report->id == REPORT_KEY_STATE) { if (data->input_keys) ret = picolcd_raw_keypad(data, report, raw_data+1, size-1); -diff --git a/drivers/hid/hid-sunplus.c b/drivers/hid/hid-sunplus.c -index 87fc91e..91072fa 100644 ---- a/drivers/hid/hid-sunplus.c -+++ b/drivers/hid/hid-sunplus.c -@@ -24,7 +24,7 @@ - static __u8 *sp_report_fixup(struct hid_device *hdev, __u8 *rdesc, - unsigned int *rsize) - { -- if (*rsize >= 107 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && -+ if (*rsize >= 112 && rdesc[104] == 0x26 && rdesc[105] == 0x80 && - rdesc[106] == 0x03) { - hid_info(hdev, "fixing up Sunplus Wireless Desktop report descriptor\n"); - rdesc[105] = rdesc[110] = 0x03; diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c index c13fb5b..55a3802 100644 --- a/drivers/hid/hid-wiimote-debug.c @@ -48116,10 +47996,10 @@ index 738fa24..1568451 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/mmci.c b/drivers/mmc/host/mmci.c -index 7ad463e..2aa0079 100644 +index 249ab80..9314ce1 100644 --- a/drivers/mmc/host/mmci.c +++ b/drivers/mmc/host/mmci.c -@@ -1506,7 +1506,9 @@ static int mmci_probe(struct amba_device *dev, +@@ -1507,7 +1507,9 @@ static int mmci_probe(struct amba_device *dev, mmc->caps |= MMC_CAP_CMD23; if (variant->busy_detect) { @@ -52083,7 +51963,7 @@ index 3cbb57a..95e47a3 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 31184b3..cc44bbf 100644 +index 489e83b..193815b 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -701,10 +701,10 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -54375,10 +54255,10 @@ index c1d3ebd..f618a93 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index fbf6c5a..3939d92 100644 +index ef2fb36..238d80c 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1333,7 +1333,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) +@@ -1336,7 +1336,7 @@ static void uart_close(struct tty_struct *tty, struct file *filp) pr_debug("uart_close(%d) called\n", uport ? uport->line : -1); @@ -54387,7 +54267,7 @@ index fbf6c5a..3939d92 100644 return; /* -@@ -1460,7 +1460,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1463,7 +1463,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -54396,7 +54276,7 @@ index fbf6c5a..3939d92 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1558,7 +1558,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1561,7 +1561,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -54405,7 +54285,7 @@ index fbf6c5a..3939d92 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1598,7 +1598,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1601,7 +1601,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -55215,7 +55095,7 @@ index 2a3bbdf..91d72cf 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index 257876e..4304364 100644 +index 0b59731..46ee7d1 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, @@ -55277,7 +55157,7 @@ index bec31e2..b8091cd 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 0e950ad..a2be5b0 100644 +index 27f2171..e3dfc22 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -27,6 +27,7 @@ @@ -55288,7 +55168,7 @@ index 0e950ad..a2be5b0 100644 #include <asm/uaccess.h> #include <asm/byteorder.h> -@@ -4594,6 +4595,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, +@@ -4644,6 +4645,10 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, goto done; return; } @@ -55520,7 +55400,7 @@ index 7a55fea..cc0ed4f 100644 #include "u_uac1.h" diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index cc305c7..cf6da4a 100644 +index 6130b75..3b60008 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c @@ -771,7 +771,7 @@ static struct urb *request_single_step_set_feature_urb( @@ -59263,7 +59143,7 @@ index 2946712..f737435 100644 &data); if (!inode) { diff --git a/fs/aio.c b/fs/aio.c -index 1c9c5f0..94455bc 100644 +index 1c9c5f0..c935d6e 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -141,6 +141,7 @@ struct kioctx { @@ -59399,6 +59279,19 @@ index 1c9c5f0..94455bc 100644 /* * We have to order our ring_info tail store above and test +@@ -1065,6 +1134,12 @@ static long aio_read_events_ring(struct kioctx *ctx, + tail = ring->tail; + kunmap_atomic(ring); + ++ /* ++ * Ensure that once we've read the current tail pointer, that ++ * we also see the events that were stored up to the tail. ++ */ ++ smp_rmb(); ++ + pr_debug("h%u t%u m%u\n", head, tail, ctx->nr_events); + + if (head == tail) diff --git a/fs/attr.c b/fs/attr.c index 6530ced..4a827e2 100644 --- a/fs/attr.c @@ -60553,7 +60446,7 @@ index aeab453..48dbafc 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c -index da775bf..882da68 100644 +index a2e90f8..5135e5f 100644 --- a/fs/btrfs/delayed-inode.c +++ b/fs/btrfs/delayed-inode.c @@ -462,7 +462,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node, @@ -61726,7 +61619,7 @@ index 06f6585..f95a6d1 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 8c41b52..145b1b9 100644 +index 16a46b6..41696fd 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -416,7 +416,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -62672,7 +62565,7 @@ index fca3820..e1ea241 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 7cc5a0e..851f176 100644 +index 1bbe7c3..c7442e2 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -1276,19 +1276,19 @@ struct ext4_sb_info { @@ -62706,10 +62599,10 @@ index 7cc5a0e..851f176 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 2dcb936..f5625a0 100644 +index c3e7418..f62cab3 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1899,7 +1899,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1901,7 +1901,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -62718,7 +62611,7 @@ index 2dcb936..f5625a0 100644 break; } -@@ -2209,7 +2209,7 @@ repeat: +@@ -2211,7 +2211,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -62727,7 +62620,7 @@ index 2dcb936..f5625a0 100644 goto repeat; } } -@@ -2715,25 +2715,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2717,25 +2717,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -62763,7 +62656,7 @@ index 2dcb936..f5625a0 100644 } free_percpu(sbi->s_locality_groups); -@@ -3189,16 +3189,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3191,16 +3191,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -62786,7 +62679,7 @@ index 2dcb936..f5625a0 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3603,7 +3603,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3627,7 +3627,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -62795,7 +62688,7 @@ index 2dcb936..f5625a0 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3663,7 +3663,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3687,7 +3687,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -62804,7 +62697,7 @@ index 2dcb936..f5625a0 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3752,7 +3752,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3776,7 +3776,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -62813,7 +62706,7 @@ index 2dcb936..f5625a0 100644 return err; } -@@ -3770,7 +3770,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3794,7 +3794,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -62836,7 +62729,7 @@ index 32bce84..112d969 100644 "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 6df7bc6..410a655 100644 +index beeb5c4..998c28d 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1276,7 +1276,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -64620,185 +64513,6 @@ index 6eecb7f..abec305 100644 put_cpu_var(last_ino); return res; } -diff --git a/fs/isofs/inode.c b/fs/isofs/inode.c -index 4556ce1..5ddaf86 100644 ---- a/fs/isofs/inode.c -+++ b/fs/isofs/inode.c -@@ -61,7 +61,7 @@ static void isofs_put_super(struct super_block *sb) - return; - } - --static int isofs_read_inode(struct inode *); -+static int isofs_read_inode(struct inode *, int relocated); - static int isofs_statfs (struct dentry *, struct kstatfs *); - - static struct kmem_cache *isofs_inode_cachep; -@@ -1259,7 +1259,7 @@ out_toomany: - goto out; - } - --static int isofs_read_inode(struct inode *inode) -+static int isofs_read_inode(struct inode *inode, int relocated) - { - struct super_block *sb = inode->i_sb; - struct isofs_sb_info *sbi = ISOFS_SB(sb); -@@ -1404,7 +1404,7 @@ static int isofs_read_inode(struct inode *inode) - */ - - if (!high_sierra) { -- parse_rock_ridge_inode(de, inode); -+ parse_rock_ridge_inode(de, inode, relocated); - /* if we want uid/gid set, override the rock ridge setting */ - if (sbi->s_uid_set) - inode->i_uid = sbi->s_uid; -@@ -1483,9 +1483,10 @@ static int isofs_iget5_set(struct inode *ino, void *data) - * offset that point to the underlying meta-data for the inode. The - * code below is otherwise similar to the iget() code in - * include/linux/fs.h */ --struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset) -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated) - { - unsigned long hashval; - struct inode *inode; -@@ -1507,7 +1508,7 @@ struct inode *isofs_iget(struct super_block *sb, - return ERR_PTR(-ENOMEM); - - if (inode->i_state & I_NEW) { -- ret = isofs_read_inode(inode); -+ ret = isofs_read_inode(inode, relocated); - if (ret < 0) { - iget_failed(inode); - inode = ERR_PTR(ret); -diff --git a/fs/isofs/isofs.h b/fs/isofs/isofs.h -index 9916723..0ac4c1f 100644 ---- a/fs/isofs/isofs.h -+++ b/fs/isofs/isofs.h -@@ -107,7 +107,7 @@ extern int iso_date(char *, int); - - struct inode; /* To make gcc happy */ - --extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *); -+extern int parse_rock_ridge_inode(struct iso_directory_record *, struct inode *, int relocated); - extern int get_rock_ridge_filename(struct iso_directory_record *, char *, struct inode *); - extern int isofs_name_translate(struct iso_directory_record *, char *, struct inode *); - -@@ -118,9 +118,24 @@ extern struct dentry *isofs_lookup(struct inode *, struct dentry *, unsigned int - extern struct buffer_head *isofs_bread(struct inode *, sector_t); - extern int isofs_get_blocks(struct inode *, sector_t, struct buffer_head **, unsigned long); - --extern struct inode *isofs_iget(struct super_block *sb, -- unsigned long block, -- unsigned long offset); -+struct inode *__isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset, -+ int relocated); -+ -+static inline struct inode *isofs_iget(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 0); -+} -+ -+static inline struct inode *isofs_iget_reloc(struct super_block *sb, -+ unsigned long block, -+ unsigned long offset) -+{ -+ return __isofs_iget(sb, block, offset, 1); -+} - - /* Because the inode number is no longer relevant to finding the - * underlying meta-data for an inode, we are free to choose a more -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index c0bf424..f488bba 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -288,12 +288,16 @@ eio: - goto out; - } - -+#define RR_REGARD_XA 1 -+#define RR_RELOC_DE 2 -+ - static int - parse_rock_ridge_inode_internal(struct iso_directory_record *de, -- struct inode *inode, int regard_xa) -+ struct inode *inode, int flags) - { - int symlink_len = 0; - int cnt, sig; -+ unsigned int reloc_block; - struct inode *reloc; - struct rock_ridge *rr; - int rootflag; -@@ -305,7 +309,7 @@ parse_rock_ridge_inode_internal(struct iso_directory_record *de, - - init_rock_state(&rs, inode); - setup_rock_ridge(de, inode, &rs); -- if (regard_xa) { -+ if (flags & RR_REGARD_XA) { - rs.chr += 14; - rs.len -= 14; - if (rs.len < 0) -@@ -485,12 +489,22 @@ repeat: - "relocated directory\n"); - goto out; - case SIG('C', 'L'): -- ISOFS_I(inode)->i_first_extent = -- isonum_733(rr->u.CL.location); -- reloc = -- isofs_iget(inode->i_sb, -- ISOFS_I(inode)->i_first_extent, -- 0); -+ if (flags & RR_RELOC_DE) { -+ printk(KERN_ERR -+ "ISOFS: Recursive directory relocation " -+ "is not supported\n"); -+ goto eio; -+ } -+ reloc_block = isonum_733(rr->u.CL.location); -+ if (reloc_block == ISOFS_I(inode)->i_iget5_block && -+ ISOFS_I(inode)->i_iget5_offset == 0) { -+ printk(KERN_ERR -+ "ISOFS: Directory relocation points to " -+ "itself\n"); -+ goto eio; -+ } -+ ISOFS_I(inode)->i_first_extent = reloc_block; -+ reloc = isofs_iget_reloc(inode->i_sb, reloc_block, 0); - if (IS_ERR(reloc)) { - ret = PTR_ERR(reloc); - goto out; -@@ -637,9 +651,11 @@ static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - return rpnt; - } - --int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) -+int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode, -+ int relocated) - { -- int result = parse_rock_ridge_inode_internal(de, inode, 0); -+ int flags = relocated ? RR_RELOC_DE : 0; -+ int result = parse_rock_ridge_inode_internal(de, inode, flags); - - /* - * if rockridge flag was reset and we didn't look for attributes -@@ -647,7 +663,8 @@ int parse_rock_ridge_inode(struct iso_directory_record *de, struct inode *inode) - */ - if ((ISOFS_SB(inode->i_sb)->s_rock_offset == -1) - && (ISOFS_SB(inode->i_sb)->s_rock == 2)) { -- result = parse_rock_ridge_inode_internal(de, inode, 14); -+ result = parse_rock_ridge_inode_internal(de, inode, -+ flags | RR_REGARD_XA); - } - return result; - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -65761,19 +65475,6 @@ index 9927913..faffc5c 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) -diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c -index 8f854dd..d0fec26 100644 ---- a/fs/nfs/nfs3acl.c -+++ b/fs/nfs/nfs3acl.c -@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, - char *p = data + *result; - - acl = get_acl(inode, type); -- if (!acl) -+ if (IS_ERR_OR_NULL(acl)) - return 0; - - posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 8f029db..3688b84 100644 --- a/fs/nfsd/nfs4proc.c @@ -94166,7 +93867,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index bc1638b..a7638fc 100644 +index 0acf96b..80ba955 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1849,7 +1849,7 @@ void set_numabalancing_state(bool enabled) @@ -94217,7 +93918,7 @@ index bc1638b..a7638fc 100644 /* can't increase priority */ if (attr->sched_priority > p->rt_priority && attr->sched_priority > rlim_rtprio) -@@ -4771,6 +4777,7 @@ void idle_task_exit(void) +@@ -4772,6 +4778,7 @@ void idle_task_exit(void) if (mm != &init_mm) { switch_mm(mm, &init_mm, current); @@ -94225,7 +93926,7 @@ index bc1638b..a7638fc 100644 finish_arch_post_lock_switch(); } mmdrop(mm); -@@ -4866,7 +4873,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4867,7 +4874,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -94234,7 +93935,7 @@ index bc1638b..a7638fc 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4883,17 +4890,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4884,17 +4891,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -94256,7 +93957,7 @@ index bc1638b..a7638fc 100644 /* * In the intermediate directories, both the child directory and -@@ -4901,22 +4908,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4902,22 +4909,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -94288,7 +93989,7 @@ index bc1638b..a7638fc 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4936,7 +4946,7 @@ set_table_entry(struct ctl_table *entry, +@@ -4937,7 +4947,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -94297,7 +93998,7 @@ index bc1638b..a7638fc 100644 if (table == NULL) return NULL; -@@ -4974,9 +4984,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -4975,9 +4985,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -94309,7 +94010,7 @@ index bc1638b..a7638fc 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5003,11 +5013,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5004,11 +5014,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -94324,7 +94025,7 @@ index bc1638b..a7638fc 100644 if (entry == NULL) return; -@@ -5030,8 +5042,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5031,8 +5043,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -96291,6 +95992,19 @@ index ba967a1..2cc869a 100644 obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o ifneq ($(CONFIG_HAVE_DEC_LOCK),y) +diff --git a/lib/assoc_array.c b/lib/assoc_array.c +index c0b1007..ae146f0 100644 +--- a/lib/assoc_array.c ++++ b/lib/assoc_array.c +@@ -1735,7 +1735,7 @@ ascend_old_tree: + gc_complete: + edit->set[0].to = new_root; + assoc_array_apply_edit(edit); +- edit->array->nr_leaves_on_tree = nr_leaves_on_tree; ++ array->nr_leaves_on_tree = nr_leaves_on_tree; + return 0; + + enomem: diff --git a/lib/average.c b/lib/average.c index 114d1be..ab0350c 100644 --- a/lib/average.c @@ -99516,7 +99230,7 @@ index a013bc9..a897a14 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 8b44f76..babeaec 100644 +index 0a21f3d..babeaec 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -99553,34 +99267,7 @@ index 8b44f76..babeaec 100644 } /* -@@ -751,7 +757,7 @@ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, - unsigned long pfn = pte_pfn(pte); - - if (HAVE_PTE_SPECIAL) { -- if (likely(!pte_special(pte) || pte_numa(pte))) -+ if (likely(!pte_special(pte))) - goto check_pfn; - if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) - return NULL; -@@ -777,15 +783,14 @@ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, - } - } - -+ if (is_zero_pfn(pfn)) -+ return NULL; - check_pfn: - if (unlikely(pfn > highest_memmap_pfn)) { - print_bad_pte(vma, addr, pte, NULL); - return NULL; - } - -- if (is_zero_pfn(pfn)) -- return NULL; -- - /* - * NOTE! We still have PageReserved() pages in the page tables. - * eg. VDSO mappings can cause them to exist. -@@ -1501,6 +1506,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -1500,6 +1506,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -99591,7 +99278,7 @@ index 8b44f76..babeaec 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -1545,9 +1554,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -1544,9 +1554,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -99613,7 +99300,7 @@ index 8b44f76..babeaec 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -1630,6 +1651,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -1629,6 +1651,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -99621,7 +99308,7 @@ index 8b44f76..babeaec 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -1877,7 +1899,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -1876,7 +1899,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -99632,7 +99319,7 @@ index 8b44f76..babeaec 100644 if (!pmd) return -ENOMEM; do { -@@ -1897,7 +1921,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -1896,7 +1921,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -99643,7 +99330,7 @@ index 8b44f76..babeaec 100644 if (!pud) return -ENOMEM; do { -@@ -2019,6 +2045,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page, +@@ -2018,6 +2045,186 @@ static int do_page_mkwrite(struct vm_area_struct *vma, struct page *page, return ret; } @@ -99830,7 +99517,7 @@ index 8b44f76..babeaec 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2216,6 +2422,12 @@ gotten: +@@ -2215,6 +2422,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -99843,7 +99530,7 @@ index 8b44f76..babeaec 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2267,6 +2479,10 @@ gotten: +@@ -2266,6 +2479,10 @@ gotten: page_remove_rmap(old_page); } @@ -99854,7 +99541,7 @@ index 8b44f76..babeaec 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2540,6 +2756,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2539,6 +2756,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -99866,7 +99553,7 @@ index 8b44f76..babeaec 100644 unlock_page(page); if (page != swapcache) { /* -@@ -2563,6 +2784,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2562,6 +2784,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -99878,7 +99565,7 @@ index 8b44f76..babeaec 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -2582,40 +2808,6 @@ out_release: +@@ -2581,40 +2808,6 @@ out_release: } /* @@ -99919,7 +99606,7 @@ index 8b44f76..babeaec 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -2624,27 +2816,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2623,27 +2816,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -99952,7 +99639,7 @@ index 8b44f76..babeaec 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -2668,6 +2856,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2667,6 +2856,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -99964,7 +99651,7 @@ index 8b44f76..babeaec 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -2675,6 +2868,12 @@ setpte: +@@ -2674,6 +2868,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -99977,7 +99664,7 @@ index 8b44f76..babeaec 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -2906,6 +3105,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2905,6 +3105,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, false, false); @@ -99989,7 +99676,7 @@ index 8b44f76..babeaec 100644 unlock_page(fault_page); unlock_out: pte_unmap_unlock(pte, ptl); -@@ -2947,7 +3151,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2946,7 +3151,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, page_cache_release(fault_page); goto uncharge_out; } @@ -100008,7 +99695,7 @@ index 8b44f76..babeaec 100644 pte_unmap_unlock(pte, ptl); unlock_page(fault_page); page_cache_release(fault_page); -@@ -2995,6 +3210,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2994,6 +3210,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, return ret; } do_set_pte(vma, address, fault_page, pte, true, false); @@ -100020,7 +99707,7 @@ index 8b44f76..babeaec 100644 pte_unmap_unlock(pte, ptl); if (set_page_dirty(fault_page)) -@@ -3225,6 +3445,12 @@ static int handle_pte_fault(struct mm_struct *mm, +@@ -3224,6 +3445,12 @@ static int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -100033,7 +99720,7 @@ index 8b44f76..babeaec 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3241,9 +3467,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3240,9 +3467,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -100075,7 +99762,7 @@ index 8b44f76..babeaec 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3371,6 +3629,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3370,6 +3629,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -100099,7 +99786,7 @@ index 8b44f76..babeaec 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3401,6 +3676,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3400,6 +3676,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -100130,7 +99817,7 @@ index 8b44f76..babeaec 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3414,7 +3713,7 @@ static int __init gate_vma_init(void) +@@ -3413,7 +3713,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -100139,7 +99826,7 @@ index 8b44f76..babeaec 100644 return 0; } -@@ -3548,8 +3847,8 @@ out: +@@ -3547,8 +3847,8 @@ out: return ret; } @@ -100150,7 +99837,7 @@ index 8b44f76..babeaec 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3575,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -3574,8 +3874,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -100161,7 +99848,7 @@ index 8b44f76..babeaec 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3584,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3583,7 +3883,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -100170,7 +99857,7 @@ index 8b44f76..babeaec 100644 void *maddr; struct page *page = NULL; -@@ -3643,8 +3942,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3642,8 +3942,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -100181,7 +99868,7 @@ index 8b44f76..babeaec 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3654,11 +3953,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3653,11 +3953,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -103498,10 +103185,10 @@ index 4c524f7..f7601f17 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index d5ea733..e8953f9 100644 +index 33e9f44..be026b2 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -299,6 +299,12 @@ done: +@@ -296,6 +296,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -103514,7 +103201,7 @@ index d5ea733..e8953f9 100644 mm->get_unmapped_area = arch_get_unmapped_area; } #endif -@@ -475,6 +481,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen) +@@ -472,6 +478,9 @@ int get_cmdline(struct task_struct *task, char *buffer, int buflen) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -109048,7 +108735,7 @@ index 6156f68..d6ab46d 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 5667b30..9b1b876 100644 +index 5667b30..2044f61 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -593,7 +593,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -109103,7 +108790,21 @@ index 5667b30..9b1b876 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4753,7 +4760,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4741,11 +4748,8 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) + + rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL, + dev->ifindex, 1); +- if (rt) { +- dst_hold(&rt->dst); +- if (ip6_del_rt(rt)) +- dst_free(&rt->dst); +- } ++ if (rt && ip6_del_rt(rt)) ++ dst_free(&rt->dst); + } + dst_hold(&ifp->rt->dst); + +@@ -4753,7 +4757,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -109112,7 +108813,7 @@ index 5667b30..9b1b876 100644 rt_genid_bump_ipv6(net); } -@@ -4774,7 +4781,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4774,7 +4778,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -109121,7 +108822,7 @@ index 5667b30..9b1b876 100644 int ret; /* -@@ -4859,7 +4866,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4859,7 +4863,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -109983,6 +109684,20 @@ index 76125c5..e474828 100644 kfree_skb(skb); } +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index 13752d9..b704a93 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -755,7 +755,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr, + /* If PMTU discovery was enabled, use the MTU that was discovered */ + dst = sk_dst_get(tunnel->sock); + if (dst != NULL) { +- u32 pmtu = dst_mtu(__sk_dst_get(tunnel->sock)); ++ u32 pmtu = dst_mtu(dst); ++ + if (pmtu != 0) + session->mtu = session->mru = pmtu - + PPPOL2TP_HEADER_OVERHEAD; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c @@ -112246,10 +111961,10 @@ index 49fd21a..4bc455b 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index e7323fb..5e892b3 100644 +index 06a5d92..c2fa21a 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c -@@ -294,7 +294,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -295,7 +295,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_rq_cq, IB_CQ_NEXT_COMP); @@ -112258,7 +111973,7 @@ index e7323fb..5e892b3 100644 while ((ret = ib_poll_cq(xprt->sc_rq_cq, 1, &wc)) > 0) { ctxt = (struct svc_rdma_op_ctxt *)(unsigned long)wc.wr_id; -@@ -316,7 +316,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) +@@ -317,7 +317,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -112267,7 +111982,7 @@ index e7323fb..5e892b3 100644 set_bit(XPT_DATA, &xprt->sc_xprt.xpt_flags); /* -@@ -391,7 +391,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -392,7 +392,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) return; ib_req_notify_cq(xprt->sc_sq_cq, IB_CQ_NEXT_COMP); @@ -112276,7 +111991,7 @@ index e7323fb..5e892b3 100644 while ((ret = ib_poll_cq(cq, ARRAY_SIZE(wc_a), wc_a)) > 0) { int i; -@@ -419,7 +419,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) +@@ -420,7 +420,7 @@ static void sq_cq_reap(struct svcxprt_rdma *xprt) } if (ctxt) @@ -112285,7 +112000,7 @@ index e7323fb..5e892b3 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1278,7 +1278,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1279,7 +1279,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); @@ -123312,10 +123027,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..b565921 +index 0000000..37dbdb1 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5510 @@ +@@ -0,0 +1,5511 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -128017,6 +127732,7 @@ index 0000000..b565921 +il_dbgfs_tx_queue_read_55668 il_dbgfs_tx_queue_read 3 55668 NULL +get_info_55681 get_info 3 55681 NULL +iwl_dbgfs_plcp_delta_write_55682 iwl_dbgfs_plcp_delta_write 3 55682 NULL ++ext4_alloc_file_blocks_55689 ext4_alloc_file_blocks 3 55689 NULL +genl_allocate_reserve_groups_55705 genl_allocate_reserve_groups 1 55705 NULL +pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL +tap_pwup_write_55723 tap_pwup_write 3 55723 NULL diff --git a/3.16.1/4425_grsec_remove_EI_PAX.patch b/3.16.2/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.16.1/4425_grsec_remove_EI_PAX.patch +++ b/3.16.2/4425_grsec_remove_EI_PAX.patch diff --git a/3.16.1/4427_force_XATTR_PAX_tmpfs.patch b/3.16.2/4427_force_XATTR_PAX_tmpfs.patch index bbcef41..bbcef41 100644 --- a/3.16.1/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.16.2/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.16.1/4430_grsec-remove-localversion-grsec.patch b/3.16.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.16.1/4430_grsec-remove-localversion-grsec.patch +++ b/3.16.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.16.1/4435_grsec-mute-warnings.patch b/3.16.2/4435_grsec-mute-warnings.patch index 41d43d5..41d43d5 100644 --- a/3.16.1/4435_grsec-mute-warnings.patch +++ b/3.16.2/4435_grsec-mute-warnings.patch diff --git a/3.16.1/4440_grsec-remove-protected-paths.patch b/3.16.2/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.16.1/4440_grsec-remove-protected-paths.patch +++ b/3.16.2/4440_grsec-remove-protected-paths.patch diff --git a/3.16.1/4450_grsec-kconfig-default-gids.patch b/3.16.2/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.16.1/4450_grsec-kconfig-default-gids.patch +++ b/3.16.2/4450_grsec-kconfig-default-gids.patch diff --git a/3.16.1/4465_selinux-avc_audit-log-curr_ip.patch b/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch index fb528d0..fb528d0 100644 --- a/3.16.1/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.16.2/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.16.1/4470_disable-compat_vdso.patch b/3.16.2/4470_disable-compat_vdso.patch index 0215f1e..0215f1e 100644 --- a/3.16.1/4470_disable-compat_vdso.patch +++ b/3.16.2/4470_disable-compat_vdso.patch diff --git a/3.16.1/4475_emutramp_default_on.patch b/3.16.2/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.16.1/4475_emutramp_default_on.patch +++ b/3.16.2/4475_emutramp_default_on.patch |