summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2015-06-25 10:49:00 -0400
committerAnthony G. Basile <blueness@gentoo.org>2015-06-25 10:49:00 -0400
commitf48ab9b7eb98c814a6a82fb5203ee7660f67a5dd (patch)
treeb397baab3533ed4b17b15c97ca58ebe0b31b49ae
parentGrsec/PaX: 3.1-4.0.5-201506171322 (diff)
downloadhardened-patchset-f48ab9b7eb98c814a6a82fb5203ee7660f67a5dd.tar.gz
hardened-patchset-f48ab9b7eb98c814a6a82fb5203ee7660f67a5dd.tar.bz2
hardened-patchset-f48ab9b7eb98c814a6a82fb5203ee7660f67a5dd.zip
Grsec/PaX: 3.1-{3.2.69,3.14.45,4.0.6}-20150623210420150623
-rw-r--r--3.14.45/0000_README (renamed from 3.14.44/0000_README)2
-rw-r--r--3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch (renamed from 3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch)364
-rw-r--r--3.14.45/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.44/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--3.14.45/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.44/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--3.14.45/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.44/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--3.14.45/4435_grsec-mute-warnings.patch (renamed from 3.14.44/4435_grsec-mute-warnings.patch)0
-rw-r--r--3.14.45/4440_grsec-remove-protected-paths.patch (renamed from 3.14.44/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--3.14.45/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.44/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--3.14.45/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.44/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--3.14.45/4470_disable-compat_vdso.patch (renamed from 3.14.44/4470_disable-compat_vdso.patch)0
-rw-r--r--3.14.45/4475_emutramp_default_on.patch (renamed from 3.14.44/4475_emutramp_default_on.patch)0
-rw-r--r--3.2.69/0000_README2
-rw-r--r--3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch (renamed from 3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch)56
-rw-r--r--4.0.6/0000_README (renamed from 4.0.5/0000_README)2
-rw-r--r--4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch (renamed from 4.0.5/4420_grsecurity-3.1-4.0.5-201506171322.patch)491
-rw-r--r--4.0.6/4425_grsec_remove_EI_PAX.patch (renamed from 4.0.5/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.0.6/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.0.5/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--4.0.6/4430_grsec-remove-localversion-grsec.patch (renamed from 4.0.5/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.0.6/4435_grsec-mute-warnings.patch (renamed from 4.0.5/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.0.6/4440_grsec-remove-protected-paths.patch (renamed from 4.0.5/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.0.6/4450_grsec-kconfig-default-gids.patch (renamed from 4.0.5/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--4.0.6/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.0.5/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.0.6/4470_disable-compat_vdso.patch (renamed from 4.0.5/4470_disable-compat_vdso.patch)0
-rw-r--r--4.0.6/4475_emutramp_default_on.patch (renamed from 4.0.5/4475_emutramp_default_on.patch)0
24 files changed, 639 insertions, 278 deletions
diff --git a/3.14.44/0000_README b/3.14.45/0000_README
index 2105f07..53a1411 100644
--- a/3.14.44/0000_README
+++ b/3.14.45/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-3.14.44-201506082249.patch
+Patch: 4420_grsecurity-3.1-3.14.45-201506232103.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch b/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch
index 3556faf..fe15fa1 100644
--- a/3.14.44/4420_grsecurity-3.1-3.14.44-201506082249.patch
+++ b/3.14.45/4420_grsecurity-3.1-3.14.45-201506232103.patch
@@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 9f2471c..0adedd5 100644
+index c92186c..a387fb0 100644
--- a/Makefile
+++ b/Makefile
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -6940,7 +6940,7 @@ index 44a1f79..2bd6aa3 100644
void __init gt641xx_irq_init(void)
diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
-index d1fea7a..2e591b0 100644
+index 7479d8d..5c37e62 100644
--- a/arch/mips/kernel/irq.c
+++ b/arch/mips/kernel/irq.c
@@ -77,17 +77,17 @@ void ack_bad_irq(unsigned int irq)
@@ -6964,18 +6964,16 @@ index d1fea7a..2e591b0 100644
}
void __init init_IRQ(void)
-@@ -110,7 +110,10 @@ void __init init_IRQ(void)
- #endif
+@@ -111,6 +111,8 @@ void __init init_IRQ(void)
}
+ #ifdef CONFIG_DEBUG_STACKOVERFLOW
+
- #ifdef DEBUG_STACKOVERFLOW
+extern void gr_handle_kernel_exploit(void);
-+
static inline void check_stack_overflow(void)
{
unsigned long sp;
-@@ -126,6 +129,7 @@ static inline void check_stack_overflow(void)
+@@ -126,6 +128,7 @@ static inline void check_stack_overflow(void)
printk("do_IRQ: stack overflow: %ld\n",
sp - sizeof(struct thread_info));
dump_stack();
@@ -18901,7 +18899,7 @@ index cad82c9..2e5c5c1 100644
#endif /* __KERNEL__ */
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
-index 6f1c3a8..7744f19 100644
+index bcc9a2f..2d6e37b 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -64,10 +64,15 @@
@@ -18987,7 +18985,7 @@ index 6f1c3a8..7744f19 100644
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
#ifndef CONFIG_PARAVIRT
-@@ -268,7 +287,7 @@ static inline unsigned long get_limit(unsigned long segment)
+@@ -279,7 +298,7 @@ static inline unsigned long get_limit(unsigned long segment)
{
unsigned long __limit;
asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
@@ -24558,7 +24556,7 @@ index 1ffc32d..e52c745 100644
}
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
-index 85126cc..1bbce17 100644
+index 5fc4ac7..90be4e1 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -67,12 +67,12 @@ again:
@@ -24611,7 +24609,7 @@ index 85126cc..1bbce17 100644
init_level4_pgt[511] = early_level4_pgt[511];
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index f36bd42..0ab4474 100644
+index 30a2aa3..d62e1dd 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
@@ -24821,7 +24819,7 @@ index f36bd42..0ab4474 100644
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -512,8 +594,11 @@ setup_once:
+@@ -513,8 +595,11 @@ setup_once:
* relocation. Manually set base address in stack canary
* segment descriptor.
*/
@@ -24834,7 +24832,7 @@ index f36bd42..0ab4474 100644
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -548,7 +633,7 @@ ENTRY(early_idt_handler)
+@@ -551,7 +636,7 @@ early_idt_handler_common:
cmpl $2,(%esp) # X86_TRAP_NMI
je is_nmi # Ignore NMI
@@ -24843,7 +24841,7 @@ index f36bd42..0ab4474 100644
je hlt_loop
incl %ss:early_recursion_flag
-@@ -586,8 +671,8 @@ ENTRY(early_idt_handler)
+@@ -589,8 +674,8 @@ early_idt_handler_common:
pushl (20+6*4)(%esp) /* trapno */
pushl $fault_msg
call printk
@@ -24853,7 +24851,7 @@ index f36bd42..0ab4474 100644
hlt_loop:
hlt
jmp hlt_loop
-@@ -607,8 +692,11 @@ ENDPROC(early_idt_handler)
+@@ -610,8 +695,11 @@ ENDPROC(early_idt_handler_common)
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -24866,7 +24864,7 @@ index f36bd42..0ab4474 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -617,9 +705,6 @@ ignore_int:
+@@ -620,9 +708,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -24876,7 +24874,7 @@ index f36bd42..0ab4474 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -653,29 +738,34 @@ ENTRY(setup_once_ref)
+@@ -656,29 +741,34 @@ ENTRY(setup_once_ref)
/*
* BSS section
*/
@@ -24916,7 +24914,7 @@ index f36bd42..0ab4474 100644
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -694,12 +784,20 @@ ENTRY(initial_page_table)
+@@ -697,12 +787,20 @@ ENTRY(initial_page_table)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE /* needs to be page-sized too */
@@ -24938,7 +24936,7 @@ index f36bd42..0ab4474 100644
__INITRODATA
int_msg:
-@@ -727,7 +825,7 @@ fault_msg:
+@@ -730,7 +828,7 @@ fault_msg:
* segment size, and 32-bit linear address value:
*/
@@ -24947,7 +24945,7 @@ index f36bd42..0ab4474 100644
.globl boot_gdt_descr
.globl idt_descr
-@@ -736,7 +834,7 @@ fault_msg:
+@@ -739,7 +837,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -24956,7 +24954,7 @@ index f36bd42..0ab4474 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -747,7 +845,7 @@ idt_descr:
+@@ -750,7 +848,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -24965,7 +24963,7 @@ index f36bd42..0ab4474 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -756,5 +854,65 @@ ENTRY(early_gdt_descr)
+@@ -759,5 +857,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -25034,7 +25032,7 @@ index f36bd42..0ab4474 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index a468c0a..05f3865 100644
+index a2dc0ad..f3f397d 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -25143,7 +25141,7 @@ index a468c0a..05f3865 100644
.word 0
__FINITDATA
-@@ -391,7 +427,7 @@ ENTRY(early_idt_handler)
+@@ -393,7 +429,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -25152,7 +25150,7 @@ index a468c0a..05f3865 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -420,6 +456,7 @@ ENDPROC(early_idt_handler)
+@@ -422,6 +458,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
@@ -25160,7 +25158,7 @@ index a468c0a..05f3865 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -447,29 +484,52 @@ NEXT_PAGE(early_level4_pgt)
+@@ -449,29 +486,52 @@ NEXT_PAGE(early_level4_pgt)
NEXT_PAGE(early_dynamic_pgts)
.fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
@@ -25222,7 +25220,7 @@ index a468c0a..05f3865 100644
NEXT_PAGE(level3_kernel_pgt)
.fill L3_START_KERNEL,8,0
-@@ -477,6 +537,9 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -479,6 +539,9 @@ NEXT_PAGE(level3_kernel_pgt)
.quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
.quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
@@ -25232,7 +25230,7 @@ index a468c0a..05f3865 100644
NEXT_PAGE(level2_kernel_pgt)
/*
* 512 MB kernel mapping. We spend a full page on this pagetable
-@@ -492,30 +555,68 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -494,30 +557,68 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -28855,6 +28853,19 @@ index 453e5fb..214168f 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
+diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
+index 6a11845..7205173 100644
+--- a/arch/x86/kvm/lapic.h
++++ b/arch/x86/kvm/lapic.h
+@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct kvm_apic_map *map, u32 ldr)
+
+ static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
+ {
+- return vcpu->arch.apic->pending_events;
++ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
+ }
+
+ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index cba218a..1cc1bed 100644
--- a/arch/x86/kvm/paging_tmpl.h
@@ -34427,7 +34438,7 @@ index 0149575..f746de8 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index af2d431..c405730 100644
+index 1fed139..842a14e 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -50,13 +50,102 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
@@ -34661,7 +34672,7 @@ index af2d431..c405730 100644
addrs[i] = proglen;
}
cleanup_addr = proglen; /* epilogue address */
-@@ -285,6 +394,10 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -290,6 +399,10 @@ void bpf_jit_compile(struct sk_filter *fp)
for (i = 0; i < flen; i++) {
unsigned int K = filter[i].k;
@@ -34672,7 +34683,7 @@ index af2d431..c405730 100644
switch (filter[i].code) {
case BPF_S_ALU_ADD_X: /* A += X; */
seen |= SEEN_XREG;
-@@ -317,10 +430,8 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -322,10 +435,8 @@ void bpf_jit_compile(struct sk_filter *fp)
case BPF_S_ALU_MUL_K: /* A *= K */
if (is_imm8(K))
EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */
@@ -34685,7 +34696,7 @@ index af2d431..c405730 100644
break;
case BPF_S_ALU_DIV_X: /* A /= X; */
seen |= SEEN_XREG;
-@@ -333,7 +444,7 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -338,7 +449,7 @@ void bpf_jit_compile(struct sk_filter *fp)
EMIT_COND_JMP(X86_JE, addrs[pc_ret0 - 1] -
(addrs[i] - 4));
} else {
@@ -34694,7 +34705,7 @@ index af2d431..c405730 100644
CLEAR_A();
EMIT1_off32(0xe9, cleanup_addr - (addrs[i] - 4)); /* jmp .+off32 */
}
-@@ -364,7 +475,11 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -369,7 +480,11 @@ void bpf_jit_compile(struct sk_filter *fp)
break;
}
EMIT2(0x31, 0xd2); /* xor %edx,%edx */
@@ -34706,7 +34717,7 @@ index af2d431..c405730 100644
EMIT2(0xf7, 0xf1); /* div %ecx */
EMIT2(0x89, 0xd0); /* mov %edx,%eax */
break;
-@@ -372,7 +487,11 @@ void bpf_jit_compile(struct sk_filter *fp)
+@@ -377,7 +492,11 @@ void bpf_jit_compile(struct sk_filter *fp)
if (K == 1)
break;
EMIT2(0x31, 0xd2); /* xor %edx,%edx */
@@ -34718,7 +34729,7 @@ index af2d431..c405730 100644
EMIT2(0xf7, 0xf1); /* div %ecx */
break;
case BPF_S_ALU_AND_X:
-@@ -643,8 +762,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
+@@ -648,8 +767,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
if (is_imm8(K)) {
EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */
} else {
@@ -34728,7 +34739,7 @@ index af2d431..c405730 100644
}
} else {
EMIT2(0x89,0xde); /* mov %ebx,%esi */
-@@ -717,7 +835,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -722,7 +840,7 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
}
if (filter[i].jt != 0) {
if (filter[i].jf && f_offset)
@@ -34737,7 +34748,7 @@ index af2d431..c405730 100644
EMIT_COND_JMP(t_op, t_offset);
if (filter[i].jf)
EMIT_JMP(f_offset);
-@@ -734,10 +852,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -739,10 +857,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
if (unlikely(proglen + ilen > oldproglen)) {
pr_err("bpb_jit_compile fatal error\n");
kfree(addrs);
@@ -34751,7 +34762,7 @@ index af2d431..c405730 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -770,7 +890,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -775,7 +895,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
if (image) {
bpf_flush_icache(header, image + proglen);
@@ -34759,7 +34770,7 @@ index af2d431..c405730 100644
fp->bpf_func = (void *)image;
}
out:
-@@ -782,10 +901,8 @@ static void bpf_jit_free_deferred(struct work_struct *work)
+@@ -787,10 +906,8 @@ static void bpf_jit_free_deferred(struct work_struct *work)
{
struct sk_filter *fp = container_of(work, struct sk_filter, work);
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
@@ -36762,7 +36773,7 @@ index a0926a6..b2b14b2 100644
err = -EFAULT;
goto out;
diff --git a/block/genhd.c b/block/genhd.c
-index a8d586a..d9910b1 100644
+index 9316f5f..16b4af2 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -469,21 +469,24 @@ static char *bdevt_str(dev_t devt, char *buf)
@@ -40615,6 +40626,33 @@ index dcaae4c..80cd4dd 100644
.attrs = cpuidle_default_attrs,
.name = "cpuidle",
};
+diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
+index d97a03d..acf64bb 100644
+--- a/drivers/crypto/caam/caamhash.c
++++ b/drivers/crypto/caam/caamhash.c
+@@ -1469,6 +1469,9 @@ static int ahash_init(struct ahash_request *req)
+ state->final = ahash_final_no_ctx;
+
+ state->current_buf = 0;
++ state->buf_dma = 0;
++ state->buflen_0 = 0;
++ state->buflen_1 = 0;
+
+ return 0;
+ }
+diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
+index 28486b1..ae6dae8 100644
+--- a/drivers/crypto/caam/caamrng.c
++++ b/drivers/crypto/caam/caamrng.c
+@@ -56,7 +56,7 @@
+
+ /* Buffer, its dma address and lock */
+ struct buf_data {
+- u8 buf[RN_BUF_SIZE];
++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
+ dma_addr_t addr;
+ struct completion filled;
+ u32 hw_desc[DESC_JOB_O_LEN];
diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
index 12fea3e2..1e28f47 100644
--- a/drivers/crypto/hifn_795x.c
@@ -42285,7 +42323,7 @@ index 4a85bb6..aaea819 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index e39026c..b32e98e 100644
+index 129915e..af52907 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1128,7 +1128,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -53865,7 +53903,7 @@ index 5bfd807..337352af 100644
dlci->modem_rx = 0;
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 8ab46ad..b8db1e2 100644
+index 8195190..46537ed 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -115,7 +115,7 @@ struct n_tty_data {
@@ -53877,7 +53915,7 @@ index 8ab46ad..b8db1e2 100644
size_t line_start;
/* protected by output lock */
-@@ -2578,6 +2578,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2589,6 +2589,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -66883,7 +66921,7 @@ index f70119f..ab5894d 100644
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index d04db81..96e54f1 100644
+index 92cbfbf..0ca1d83 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -268,7 +268,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
@@ -103186,6 +103224,40 @@ index c6646a5..574b47c 100644
static void __add_event_to_tracers(struct ftrace_event_call *call);
/* Add an additional event_call dynamically */
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
+index 8a86319..32ef21b 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -1399,19 +1399,27 @@ static int check_preds(struct filter_parse_state *ps)
+ {
+ int n_normal_preds = 0, n_logical_preds = 0;
+ struct postfix_elt *elt;
++ int cnt = 0;
+
+ list_for_each_entry(elt, &ps->postfix, list) {
+- if (elt->op == OP_NONE)
++ if (elt->op == OP_NONE) {
++ cnt++;
+ continue;
++ }
+
+ if (elt->op == OP_AND || elt->op == OP_OR) {
+ n_logical_preds++;
++ cnt--;
+ continue;
+ }
++ // OP_NOT is not supported in this kernel, will get
++ // a reject here when it's backported
++ cnt--;
+ n_normal_preds++;
++ WARN_ON_ONCE(cnt < 0);
+ }
+
+- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
+ parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
+ return -EINVAL;
+ }
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index 0b99120..881174f 100644
--- a/kernel/trace/trace_functions_graph.c
@@ -104074,6 +104146,28 @@ index f07a40d..0a445a7 100644
retval = 1;
}
spin_unlock(&lockref->lock);
+diff --git a/lib/mpi/longlong.h b/lib/mpi/longlong.h
+index aac5114..a89d041 100644
+--- a/lib/mpi/longlong.h
++++ b/lib/mpi/longlong.h
+@@ -639,7 +639,7 @@ do { \
+ ************** MIPS *****************
+ ***************************************/
+ #if defined(__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ >= 4 && __GNUC_MINOR__ >= 4
++#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4)
+ #define umul_ppmm(w1, w0, u, v) \
+ do { \
+ UDItype __ll = (UDItype)(u) * (v); \
+@@ -671,7 +671,7 @@ do { \
+ ************** MIPS/64 **************
+ ***************************************/
+ #if (defined(__mips) && __mips >= 3) && W_TYPE_SIZE == 64
+-#if __GNUC__ >= 4 && __GNUC_MINOR__ >= 4
++#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4)
+ #define umul_ppmm(w1, w0, u, v) \
+ do { \
+ typedef unsigned int __ll_UTItype __attribute__((mode(TI))); \
diff --git a/lib/nlattr.c b/lib/nlattr.c
index 10ad042d..25b47b5 100644
--- a/lib/nlattr.c
@@ -110398,7 +110492,7 @@ index a16ed7b..eb44d17 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 73abbd7..1bae4ad 100644
+index 1b9e700..047273c 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -110649,10 +110743,51 @@ index 26dc006..89e838e 100644
m->msg_iov = iov;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 7d95f69..a6065de 100644
+index 7d95f69..1d316b1 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
-@@ -2824,7 +2824,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
+@@ -976,6 +976,8 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
+ rc = 0;
+ if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
+ goto out_unlock_bh;
++ if (neigh->dead)
++ goto out_dead;
+
+ if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
+ if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
+@@ -1032,6 +1034,13 @@ out_unlock_bh:
+ write_unlock(&neigh->lock);
+ local_bh_enable();
+ return rc;
++
++out_dead:
++ if (neigh->nud_state & NUD_STALE)
++ goto out_unlock_bh;
++ write_unlock_bh(&neigh->lock);
++ kfree_skb(skb);
++ return 1;
+ }
+ EXPORT_SYMBOL(__neigh_event_send);
+
+@@ -1095,6 +1104,8 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
+ if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
+ (old & (NUD_NOARP | NUD_PERMANENT)))
+ goto out;
++ if (neigh->dead)
++ goto out;
+
+ if (!(new & NUD_VALID)) {
+ neigh_del_timer(neigh);
+@@ -1244,6 +1255,8 @@ EXPORT_SYMBOL(neigh_update);
+ */
+ void __neigh_set_probe_once(struct neighbour *neigh)
+ {
++ if (neigh->dead)
++ return;
+ neigh->updated = jiffies;
+ if (!(neigh->nud_state & NUD_FAILED))
+ return;
+@@ -2824,7 +2837,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
int size, ret;
@@ -110661,7 +110796,7 @@ index 7d95f69..a6065de 100644
tmp.extra1 = &zero;
tmp.extra2 = &unres_qlen_max;
-@@ -2886,7 +2886,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
+@@ -2886,7 +2899,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
void __user *buffer,
size_t *lenp, loff_t *ppos)
{
@@ -110670,7 +110805,7 @@ index 7d95f69..a6065de 100644
int ret;
tmp.extra1 = &zero;
-@@ -3058,11 +3058,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
+@@ -3058,11 +3071,12 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
memset(&t->neigh_vars[NEIGH_VAR_GC_INTERVAL], 0,
sizeof(t->neigh_vars[NEIGH_VAR_GC_INTERVAL]));
} else {
@@ -112042,7 +112177,7 @@ index 11c8d81..d67116b 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index b64330f..31268ca 100644
+index 625615c..b88eefd 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -234,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -112095,7 +112230,7 @@ index b64330f..31268ca 100644
}
EXPORT_SYMBOL(ip_idents_reserve);
-@@ -2632,34 +2632,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -2636,34 +2636,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
.maxlen = sizeof(int),
.mode = 0200,
.proc_handler = ipv4_sysctl_rtcache_flush,
@@ -112138,7 +112273,7 @@ index b64330f..31268ca 100644
err_dup:
return -ENOMEM;
}
-@@ -2682,8 +2682,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2686,8 +2686,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
@@ -112149,7 +112284,7 @@ index b64330f..31268ca 100644
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-@@ -2726,11 +2726,7 @@ int __init ip_rt_init(void)
+@@ -2730,11 +2730,7 @@ int __init ip_rt_init(void)
{
int rc = 0;
@@ -112390,7 +112525,7 @@ index e2f8bd0..6c664ad 100644
}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index 7a436c5..84279ef 100644
+index 9128d0a..5ea9226 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
@@ -112407,7 +112542,7 @@ index 7a436c5..84279ef 100644
@@ -298,7 +302,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
tw->tw_v6_rcv_saddr = sk->sk_v6_rcv_saddr;
tw->tw_tclass = np->tclass;
- tw->tw_flowlabel = np->flow_label >> 12;
+ tw->tw_flowlabel = be32_to_cpu(np->flow_label & IPV6_FLOWLABEL_MASK);
- tw->tw_ipv6only = np->ipv6only;
+ tw->tw_ipv6only = sk->sk_ipv6only;
}
@@ -112468,7 +112603,7 @@ index 64f0354..a81b39d 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index b25e852..f578c52 100644
+index 21a3a9e..4a9ef62 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -112479,7 +112614,7 @@ index b25e852..f578c52 100644
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/igmp.h>
-@@ -113,6 +114,10 @@
+@@ -114,6 +115,10 @@
#include <net/busy_poll.h>
#include "udp_impl.h"
@@ -112490,7 +112625,7 @@ index b25e852..f578c52 100644
struct udp_table udp_table __read_mostly;
EXPORT_SYMBOL(udp_table);
-@@ -615,6 +620,9 @@ found:
+@@ -616,6 +621,9 @@ found:
return s;
}
@@ -112500,7 +112635,7 @@ index b25e852..f578c52 100644
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -914,9 +922,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -915,9 +923,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
@@ -112519,7 +112654,7 @@ index b25e852..f578c52 100644
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1163,7 +1180,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1164,7 +1181,7 @@ static unsigned int first_packet_length(struct sock *sk)
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
@@ -112528,7 +112663,7 @@ index b25e852..f578c52 100644
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1243,6 +1260,10 @@ try_again:
+@@ -1244,6 +1261,10 @@ try_again:
if (!skb)
goto out;
@@ -112539,7 +112674,7 @@ index b25e852..f578c52 100644
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1276,7 +1297,7 @@ try_again:
+@@ -1277,7 +1298,7 @@ try_again:
if (unlikely(err)) {
trace_kfree_skb(skb, udp_recvmsg);
if (!peeked) {
@@ -112548,20 +112683,7 @@ index b25e852..f578c52 100644
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS, is_udplite);
}
-@@ -1317,10 +1338,8 @@ csum_copy_err:
- }
- unlock_sock_fast(sk, slow);
-
-- if (noblock)
-- return -EAGAIN;
--
-- /* starting over for a new packet */
-+ /* starting over for a new packet, but check if we need to yield */
-+ cond_resched();
- msg->msg_flags &= ~MSG_TRUNC;
- goto try_again;
- }
-@@ -1566,7 +1585,7 @@ csum_error:
+@@ -1565,7 +1586,7 @@ csum_error:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -112570,7 +112692,7 @@ index b25e852..f578c52 100644
kfree_skb(skb);
return -1;
}
-@@ -1585,7 +1604,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1584,7 +1605,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -112579,7 +112701,7 @@ index b25e852..f578c52 100644
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1786,6 +1805,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1785,6 +1806,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -112589,7 +112711,7 @@ index b25e852..f578c52 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2354,7 +2376,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2364,7 +2388,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -113386,7 +113508,7 @@ index 7f405a1..eabef92 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 9d4332d..4292595 100644
+index b50ae29..568a06f 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -113445,7 +113567,7 @@ index 9d4332d..4292595 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 20b63d2..9f371ac 100644
+index 38625a9..9f371ac 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -76,10 +76,13 @@ static unsigned int udp6_ehashfn(struct net *net,
@@ -113481,20 +113603,7 @@ index 20b63d2..9f371ac 100644
if (is_udp4)
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS,
-@@ -515,10 +518,8 @@ csum_copy_err:
- }
- unlock_sock_fast(sk, slow);
-
-- if (noblock)
-- return -EAGAIN;
--
-- /* starting over for a new packet */
-+ /* starting over for a new packet, but check if we need to yield */
-+ cond_resched();
- msg->msg_flags &= ~MSG_TRUNC;
- goto try_again;
- }
-@@ -690,7 +691,7 @@ csum_error:
+@@ -688,7 +691,7 @@ csum_error:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -113503,7 +113612,7 @@ index 20b63d2..9f371ac 100644
kfree_skb(skb);
return -1;
}
-@@ -747,7 +748,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -745,7 +748,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
if (likely(skb1 == NULL))
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -113512,7 +113621,7 @@ index 20b63d2..9f371ac 100644
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -886,6 +887,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -884,6 +887,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -114778,10 +114887,43 @@ index 270b77d..0a9d0981 100644
/* Queue all of the segments. */
skb = segs;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 48b1817..d2c096b 100644
+index 48b1817..3b2192f 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1846,7 +1846,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1264,16 +1264,6 @@ static void packet_sock_destruct(struct sock *sk)
+ sk_refcnt_debug_dec(sk);
+ }
+
+-static int fanout_rr_next(struct packet_fanout *f, unsigned int num)
+-{
+- int x = atomic_read(&f->rr_cur) + 1;
+-
+- if (x >= num)
+- x = 0;
+-
+- return x;
+-}
+-
+ static unsigned int fanout_demux_hash(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+@@ -1285,13 +1275,9 @@ static unsigned int fanout_demux_lb(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+ {
+- int cur, old;
++ unsigned int val = atomic_inc_return(&f->rr_cur);
+
+- cur = atomic_read(&f->rr_cur);
+- while ((old = atomic_cmpxchg(&f->rr_cur, cur,
+- fanout_rr_next(f, num))) != cur)
+- cur = old;
+- return cur;
++ return val % num;
+ }
+
+ static unsigned int fanout_demux_cpu(struct packet_fanout *f,
+@@ -1846,7 +1832,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_packets++;
@@ -114790,7 +114932,7 @@ index 48b1817..d2c096b 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1855,7 +1855,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1855,7 +1841,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -114799,7 +114941,7 @@ index 48b1817..d2c096b 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3462,7 +3462,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3462,7 +3448,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -114808,7 +114950,7 @@ index 48b1817..d2c096b 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3508,7 +3508,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3508,7 +3494,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -116416,7 +116558,7 @@ index 6424372..afd36e9 100644
sub->evt.event = htohl(event, sub->swap);
sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 94404f1..ac544a1 100644
+index 4757f1c..11b32ee 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -791,6 +791,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -116465,7 +116607,7 @@ index 94404f1..ac544a1 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2243,11 +2262,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
+@@ -2251,11 +2270,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
writable = unix_writable(sk);
other = unix_peer_get(sk);
if (other) {
@@ -116482,7 +116624,7 @@ index 94404f1..ac544a1 100644
sock_put(other);
}
-@@ -2344,9 +2366,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2352,9 +2374,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -116497,7 +116639,7 @@ index 94404f1..ac544a1 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2371,10 +2397,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2379,10 +2405,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_putc(seq, '@');
i++;
}
@@ -128115,10 +128257,10 @@ index 0000000..4378111
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..038e79d
+index 0000000..51560ee
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,6059 @@
+@@ -0,0 +1,6061 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -131510,7 +131652,8 @@ index 0000000..038e79d
+vxge_config_vpaths_36636 vxge_config_vpaths 0 36636 NULL
+convert_extent_item_v0_36645 convert_extent_item_v0 4 36645 NULL
+ced_ioctl_36647 ced_ioctl 2 36647 NULL
-+lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL
++lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL nohasharray
++tty_copy_to_user_36648 tty_copy_to_user 4 36648 &lpfc_idiag_extacc_alloc_get_36648
+osd_req_list_collection_objects_36664 osd_req_list_collection_objects 5 36664 NULL
+iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL
+xillybus_read_36678 xillybus_read 3 36678 NULL
@@ -131577,7 +131720,8 @@ index 0000000..038e79d
+xfs_iomap_write_allocate_37336 xfs_iomap_write_allocate 0 37336 NULL
+security_inode_getsecurity_37354 security_inode_getsecurity 0 37354 NULL
+hci_sock_sendmsg_37420 hci_sock_sendmsg 4 37420 NULL
-+acpi_os_allocate_zeroed_37422 acpi_os_allocate_zeroed 1 37422 NULL
++acpi_os_allocate_zeroed_37422 acpi_os_allocate_zeroed 1 37422 NULL nohasharray
++find_next_bit_37422 find_next_bit 0 37422 &acpi_os_allocate_zeroed_37422
+tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4-0 37428 NULL
+iwl_print_last_event_logs_37433 iwl_print_last_event_logs 0-7-9 37433 NULL
+fru_alloc_37442 fru_alloc 1 37442 NULL
diff --git a/3.14.44/4425_grsec_remove_EI_PAX.patch b/3.14.45/4425_grsec_remove_EI_PAX.patch
index a80a5d7..a80a5d7 100644
--- a/3.14.44/4425_grsec_remove_EI_PAX.patch
+++ b/3.14.45/4425_grsec_remove_EI_PAX.patch
diff --git a/3.14.44/4427_force_XATTR_PAX_tmpfs.patch b/3.14.45/4427_force_XATTR_PAX_tmpfs.patch
index 4c236cc..4c236cc 100644
--- a/3.14.44/4427_force_XATTR_PAX_tmpfs.patch
+++ b/3.14.45/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/3.14.44/4430_grsec-remove-localversion-grsec.patch b/3.14.45/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/3.14.44/4430_grsec-remove-localversion-grsec.patch
+++ b/3.14.45/4430_grsec-remove-localversion-grsec.patch
diff --git a/3.14.44/4435_grsec-mute-warnings.patch b/3.14.45/4435_grsec-mute-warnings.patch
index 558c435..558c435 100644
--- a/3.14.44/4435_grsec-mute-warnings.patch
+++ b/3.14.45/4435_grsec-mute-warnings.patch
diff --git a/3.14.44/4440_grsec-remove-protected-paths.patch b/3.14.45/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/3.14.44/4440_grsec-remove-protected-paths.patch
+++ b/3.14.45/4440_grsec-remove-protected-paths.patch
diff --git a/3.14.44/4450_grsec-kconfig-default-gids.patch b/3.14.45/4450_grsec-kconfig-default-gids.patch
index b96defc..b96defc 100644
--- a/3.14.44/4450_grsec-kconfig-default-gids.patch
+++ b/3.14.45/4450_grsec-kconfig-default-gids.patch
diff --git a/3.14.44/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.45/4465_selinux-avc_audit-log-curr_ip.patch
index bba906e..bba906e 100644
--- a/3.14.44/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/3.14.45/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/3.14.44/4470_disable-compat_vdso.patch b/3.14.45/4470_disable-compat_vdso.patch
index 3b3953b..3b3953b 100644
--- a/3.14.44/4470_disable-compat_vdso.patch
+++ b/3.14.45/4470_disable-compat_vdso.patch
diff --git a/3.14.44/4475_emutramp_default_on.patch b/3.14.45/4475_emutramp_default_on.patch
index a128205..a128205 100644
--- a/3.14.44/4475_emutramp_default_on.patch
+++ b/3.14.45/4475_emutramp_default_on.patch
diff --git a/3.2.69/0000_README b/3.2.69/0000_README
index c5e335b..1521b73 100644
--- a/3.2.69/0000_README
+++ b/3.2.69/0000_README
@@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch
From: http://www.kernel.org
Desc: Linux 3.2.69
-Patch: 4420_grsecurity-3.1-3.2.69-201506082246.patch
+Patch: 4420_grsecurity-3.1-3.2.69-201506232100.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch
index 35a63ac..873b401 100644
--- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506082246.patch
+++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506232100.patch
@@ -37854,7 +37854,7 @@ index e47e73b..348e0bd 100644
PCI_VEND_DEV(AMD, FE_GATE_700C), PCI_ANY_ID, PCI_ANY_ID, 0, 0,
AMD762},
diff --git a/drivers/edac/e752x_edac.c b/drivers/edac/e752x_edac.c
-index 1af531a..3a8ff27 100644
+index 1af531a1..3a8ff27 100644
--- a/drivers/edac/e752x_edac.c
+++ b/drivers/edac/e752x_edac.c
@@ -1380,7 +1380,7 @@ static void __devexit e752x_remove_one(struct pci_dev *pdev)
@@ -96019,6 +96019,40 @@ index 875fed4..7a76cbb 100644
}
}
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
+index b0996c1..7e5c12f 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -1343,19 +1343,27 @@ static int check_preds(struct filter_parse_state *ps)
+ {
+ int n_normal_preds = 0, n_logical_preds = 0;
+ struct postfix_elt *elt;
++ int cnt = 0;
+
+ list_for_each_entry(elt, &ps->postfix, list) {
+- if (elt->op == OP_NONE)
++ if (elt->op == OP_NONE) {
++ cnt++;
+ continue;
++ }
+
+ if (elt->op == OP_AND || elt->op == OP_OR) {
+ n_logical_preds++;
++ cnt--;
+ continue;
+ }
++ // OP_NOT is not supported in this kernel, will get
++ // a reject here when it's backported
++ cnt--;
+ n_normal_preds++;
++ WARN_ON_ONCE(cnt < 0);
+ }
+
+- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
+ parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
+ return -EINVAL;
+ }
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index a7d2a4c..b034c76 100644
--- a/kernel/trace/trace_functions_graph.c
@@ -104143,7 +104177,7 @@ index 68bbf9f..5ef0d12 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 1c0d862..6117f53 100644
+index 1c0d862..d4946e6 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name)
@@ -104179,6 +104213,24 @@ index 1c0d862..6117f53 100644
kfree_skb(skb);
return NET_RX_DROP;
}
+@@ -1961,13 +1965,13 @@ struct sk_buff *skb_gso_segment(struct sk_buff *skb, u32 features)
+
+ if (unlikely(skb->ip_summed != CHECKSUM_PARTIAL)) {
+ struct net_device *dev = skb->dev;
+- struct ethtool_drvinfo info = {};
++ const char *driver = "";
+
+- if (dev && dev->ethtool_ops && dev->ethtool_ops->get_drvinfo)
+- dev->ethtool_ops->get_drvinfo(dev, &info);
++ if (dev && dev->dev.parent)
++ driver = dev_driver_string(dev->dev.parent);
+
+ WARN(1, "%s: caps=(0x%lx, 0x%lx) len=%d data_len=%d ip_summed=%d\n",
+- info.driver, dev ? dev->features : 0L,
++ driver, dev ? dev->features : 0L,
+ skb->sk ? skb->sk->sk_route_caps : 0L,
+ skb->len, skb->data_len, skb->ip_summed);
+
@@ -2048,7 +2052,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
diff --git a/4.0.5/0000_README b/4.0.6/0000_README
index 0e406e4..62fb720 100644
--- a/4.0.5/0000_README
+++ b/4.0.6/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.0.5-201506171322.patch
+Patch: 4420_grsecurity-3.1-4.0.6-201506232104.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.0.5/4420_grsecurity-3.1-4.0.5-201506171322.patch b/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch
index 97c48de..91512cb 100644
--- a/4.0.5/4420_grsecurity-3.1-4.0.5-201506171322.patch
+++ b/4.0.6/4420_grsecurity-3.1-4.0.6-201506232104.patch
@@ -373,7 +373,7 @@ index 4d68ec8..9546b75 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 1880cf7..a141b1e 100644
+index af6da04..22820aa 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -6660,7 +6660,7 @@ index 44a1f79..2bd6aa3 100644
void __init gt641xx_irq_init(void)
diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c
-index d2bfbc2..a8eacd2 100644
+index be15e52..a089cc4 100644
--- a/arch/mips/kernel/irq.c
+++ b/arch/mips/kernel/irq.c
@@ -76,17 +76,17 @@ void ack_bad_irq(unsigned int irq)
@@ -6684,18 +6684,16 @@ index d2bfbc2..a8eacd2 100644
}
void __init init_IRQ(void)
-@@ -109,7 +109,10 @@ void __init init_IRQ(void)
- #endif
+@@ -110,6 +110,8 @@ void __init init_IRQ(void)
}
+ #ifdef CONFIG_DEBUG_STACKOVERFLOW
+
- #ifdef DEBUG_STACKOVERFLOW
+extern void gr_handle_kernel_exploit(void);
-+
static inline void check_stack_overflow(void)
{
unsigned long sp;
-@@ -125,6 +128,7 @@ static inline void check_stack_overflow(void)
+@@ -125,6 +127,7 @@ static inline void check_stack_overflow(void)
printk("do_IRQ: stack overflow: %ld\n",
sp - sizeof(struct thread_info));
dump_stack();
@@ -7186,7 +7184,7 @@ index 4ce7a01..449202a 100644
#endif /* __ASM_OPENRISC_CACHE_H */
diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h
-index 226f8ca..9d9b87d 100644
+index 226f8ca9..9d9b87d 100644
--- a/arch/parisc/include/asm/atomic.h
+++ b/arch/parisc/include/asm/atomic.h
@@ -273,6 +273,16 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
@@ -18987,7 +18985,7 @@ index cad82c9..2e5c5c1 100644
#endif /* __KERNEL__ */
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
-index db257a5..b91bc77 100644
+index e657b7b..81fefb444 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -73,10 +73,15 @@
@@ -19073,7 +19071,7 @@ index db257a5..b91bc77 100644
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
#ifndef CONFIG_PARAVIRT
-@@ -256,7 +275,7 @@ static inline unsigned long get_limit(unsigned long segment)
+@@ -267,7 +286,7 @@ static inline unsigned long get_limit(unsigned long segment)
{
unsigned long __limit;
asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
@@ -24301,7 +24299,7 @@ index 8b7b0a5..2395f29 100644
/* Make sure it is what we expect it to be */
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
-index c4f8d46..2d63ae2 100644
+index b111ab5..3d419ea 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -68,12 +68,12 @@ again:
@@ -24354,7 +24352,7 @@ index c4f8d46..2d63ae2 100644
init_level4_pgt[511] = early_level4_pgt[511];
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index f36bd42..0ab4474 100644
+index 30a2aa3..d62e1dd 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
@@ -24564,7 +24562,7 @@ index f36bd42..0ab4474 100644
movl %eax,%gs
xorl %eax,%eax # Clear LDT
-@@ -512,8 +594,11 @@ setup_once:
+@@ -513,8 +595,11 @@ setup_once:
* relocation. Manually set base address in stack canary
* segment descriptor.
*/
@@ -24577,7 +24575,7 @@ index f36bd42..0ab4474 100644
movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
shrl $16, %ecx
movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
-@@ -548,7 +633,7 @@ ENTRY(early_idt_handler)
+@@ -551,7 +636,7 @@ early_idt_handler_common:
cmpl $2,(%esp) # X86_TRAP_NMI
je is_nmi # Ignore NMI
@@ -24586,7 +24584,7 @@ index f36bd42..0ab4474 100644
je hlt_loop
incl %ss:early_recursion_flag
-@@ -586,8 +671,8 @@ ENTRY(early_idt_handler)
+@@ -589,8 +674,8 @@ early_idt_handler_common:
pushl (20+6*4)(%esp) /* trapno */
pushl $fault_msg
call printk
@@ -24596,7 +24594,7 @@ index f36bd42..0ab4474 100644
hlt_loop:
hlt
jmp hlt_loop
-@@ -607,8 +692,11 @@ ENDPROC(early_idt_handler)
+@@ -610,8 +695,11 @@ ENDPROC(early_idt_handler_common)
/* This is the default interrupt "handler" :-) */
ALIGN
ignore_int:
@@ -24609,7 +24607,7 @@ index f36bd42..0ab4474 100644
pushl %eax
pushl %ecx
pushl %edx
-@@ -617,9 +705,6 @@ ignore_int:
+@@ -620,9 +708,6 @@ ignore_int:
movl $(__KERNEL_DS),%eax
movl %eax,%ds
movl %eax,%es
@@ -24619,7 +24617,7 @@ index f36bd42..0ab4474 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -653,29 +738,34 @@ ENTRY(setup_once_ref)
+@@ -656,29 +741,34 @@ ENTRY(setup_once_ref)
/*
* BSS section
*/
@@ -24659,7 +24657,7 @@ index f36bd42..0ab4474 100644
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -694,12 +784,20 @@ ENTRY(initial_page_table)
+@@ -697,12 +787,20 @@ ENTRY(initial_page_table)
# error "Kernel PMDs should be 1, 2 or 3"
# endif
.align PAGE_SIZE /* needs to be page-sized too */
@@ -24681,7 +24679,7 @@ index f36bd42..0ab4474 100644
__INITRODATA
int_msg:
-@@ -727,7 +825,7 @@ fault_msg:
+@@ -730,7 +828,7 @@ fault_msg:
* segment size, and 32-bit linear address value:
*/
@@ -24690,7 +24688,7 @@ index f36bd42..0ab4474 100644
.globl boot_gdt_descr
.globl idt_descr
-@@ -736,7 +834,7 @@ fault_msg:
+@@ -739,7 +837,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -24699,7 +24697,7 @@ index f36bd42..0ab4474 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -747,7 +845,7 @@ idt_descr:
+@@ -750,7 +848,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -24708,7 +24706,7 @@ index f36bd42..0ab4474 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -756,5 +854,65 @@ ENTRY(early_gdt_descr)
+@@ -759,5 +857,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -24777,7 +24775,7 @@ index f36bd42..0ab4474 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 6fd514d9..320367e 100644
+index f8a8406..ad6d014 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -24886,7 +24884,7 @@ index 6fd514d9..320367e 100644
.word 0
__FINITDATA
-@@ -391,7 +427,7 @@ ENTRY(early_idt_handler)
+@@ -393,7 +429,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -24895,7 +24893,7 @@ index 6fd514d9..320367e 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -420,6 +456,7 @@ ENDPROC(early_idt_handler)
+@@ -422,6 +458,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
@@ -24903,7 +24901,7 @@ index 6fd514d9..320367e 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -447,29 +484,52 @@ NEXT_PAGE(early_level4_pgt)
+@@ -449,29 +486,52 @@ NEXT_PAGE(early_level4_pgt)
NEXT_PAGE(early_dynamic_pgts)
.fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
@@ -24965,7 +24963,7 @@ index 6fd514d9..320367e 100644
NEXT_PAGE(level3_kernel_pgt)
.fill L3_START_KERNEL,8,0
-@@ -477,6 +537,9 @@ NEXT_PAGE(level3_kernel_pgt)
+@@ -479,6 +539,9 @@ NEXT_PAGE(level3_kernel_pgt)
.quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
.quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
@@ -24975,7 +24973,7 @@ index 6fd514d9..320367e 100644
NEXT_PAGE(level2_kernel_pgt)
/*
* 512 MB kernel mapping. We spend a full page on this pagetable
-@@ -492,23 +555,61 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -494,23 +557,61 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -25043,7 +25041,7 @@ index 6fd514d9..320367e 100644
ENTRY(phys_base)
/* This must match the first entry in level2_kernel_pgt */
-@@ -532,8 +633,8 @@ NEXT_PAGE(kasan_zero_pud)
+@@ -534,8 +635,8 @@ NEXT_PAGE(kasan_zero_pud)
#include "../../x86/xen/xen-head.S"
@@ -28723,7 +28721,7 @@ index 106c015..2db7161 100644
0, 0, 0, /* CR3 checked later */
CR4_RESERVED_BITS,
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 4ee827d..a14eff9 100644
+index 4ee827d..83c8e31 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -56,7 +56,7 @@
@@ -28735,6 +28733,85 @@ index 4ee827d..a14eff9 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
+@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic)
+ apic->divide_count);
+ }
+
++static void apic_update_lvtt(struct kvm_lapic *apic)
++{
++ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) &
++ apic->lapic_timer.timer_mode_mask;
++
++ if (apic->lapic_timer.timer_mode != timer_mode) {
++ apic->lapic_timer.timer_mode = timer_mode;
++ hrtimer_cancel(&apic->lapic_timer.timer);
++ }
++}
++
+ static void apic_timer_expired(struct kvm_lapic *apic)
+ {
+ struct kvm_vcpu *vcpu = apic->vcpu;
+@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
+ apic_set_reg(apic, APIC_LVTT + 0x10 * i,
+ lvt_val | APIC_LVT_MASKED);
+ }
++ apic_update_lvtt(apic);
+ atomic_set(&apic->lapic_timer.pending, 0);
+
+ }
+@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
+
+ break;
+
+- case APIC_LVTT: {
+- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask;
+-
+- if (apic->lapic_timer.timer_mode != timer_mode) {
+- apic->lapic_timer.timer_mode = timer_mode;
+- hrtimer_cancel(&apic->lapic_timer.timer);
+- }
+-
++ case APIC_LVTT:
+ if (!kvm_apic_sw_enabled(apic))
+ val |= APIC_LVT_MASKED;
+ val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask);
+ apic_set_reg(apic, APIC_LVTT, val);
++ apic_update_lvtt(apic);
+ break;
+- }
+
+ case APIC_TMICT:
+ if (apic_lvtt_tscdeadline(apic))
+@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
+
+ for (i = 0; i < APIC_LVT_NUM; i++)
+ apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED);
+- apic->lapic_timer.timer_mode = 0;
++ apic_update_lvtt(apic);
+ apic_set_reg(apic, APIC_LVT0,
+ SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT));
+
+@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
+
+ apic_update_ppr(apic);
+ hrtimer_cancel(&apic->lapic_timer.timer);
++ apic_update_lvtt(apic);
+ update_divide_count(apic);
+ start_apic_timer(apic);
+ apic->irr_pending = true;
+diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
+index 0bc6c65..ca4f92d 100644
+--- a/arch/x86/kvm/lapic.h
++++ b/arch/x86/kvm/lapic.h
+@@ -165,7 +165,7 @@ static inline u16 apic_logical_id(struct kvm_apic_map *map, u32 ldr)
+
+ static inline bool kvm_apic_has_events(struct kvm_vcpu *vcpu)
+ {
+- return vcpu->arch.apic->pending_events;
++ return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;
+ }
+
+ bool kvm_apic_pending_eoi(struct kvm_vcpu *vcpu, int vector);
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
index 6e6d115..43fecbf 100644
--- a/arch/x86/kvm/paging_tmpl.h
@@ -34270,7 +34347,7 @@ index 6440221..f84b5c7 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 9875143..36776ae 100644
+index ddeff48..877ead6 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -13,7 +13,11 @@
@@ -34295,49 +34372,7 @@ index 9875143..36776ae 100644
}
struct jit_context {
-@@ -559,6 +565,13 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
- if (is_ereg(dst_reg))
- EMIT1(0x41);
- EMIT3(0xC1, add_1reg(0xC8, dst_reg), 8);
-+
-+ /* emit 'movzwl eax, ax' */
-+ if (is_ereg(dst_reg))
-+ EMIT3(0x45, 0x0F, 0xB7);
-+ else
-+ EMIT2(0x0F, 0xB7);
-+ EMIT1(add_2reg(0xC0, dst_reg, dst_reg));
- break;
- case 32:
- /* emit 'bswap eax' to swap lower 4 bytes */
-@@ -577,6 +590,27 @@ static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image,
- break;
-
- case BPF_ALU | BPF_END | BPF_FROM_LE:
-+ switch (imm32) {
-+ case 16:
-+ /* emit 'movzwl eax, ax' to zero extend 16-bit
-+ * into 64 bit
-+ */
-+ if (is_ereg(dst_reg))
-+ EMIT3(0x45, 0x0F, 0xB7);
-+ else
-+ EMIT2(0x0F, 0xB7);
-+ EMIT1(add_2reg(0xC0, dst_reg, dst_reg));
-+ break;
-+ case 32:
-+ /* emit 'mov eax, eax' to clear upper 32-bits */
-+ if (is_ereg(dst_reg))
-+ EMIT1(0x45);
-+ EMIT2(0x89, add_2reg(0xC0, dst_reg, dst_reg));
-+ break;
-+ case 64:
-+ /* nop */
-+ break;
-+ }
- break;
-
- /* ST: *(u8*)(dst_reg + off) = imm */
-@@ -896,7 +930,9 @@ common_load:
+@@ -924,7 +930,9 @@ common_load:
pr_err("bpf_jit_compile fatal error\n");
return -EFAULT;
}
@@ -34347,7 +34382,7 @@ index 9875143..36776ae 100644
}
proglen += ilen;
addrs[i] = proglen;
-@@ -968,7 +1004,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
+@@ -1001,7 +1009,6 @@ void bpf_int_jit_compile(struct bpf_prog *prog)
if (image) {
bpf_flush_icache(header, image + proglen);
@@ -34355,7 +34390,7 @@ index 9875143..36776ae 100644
prog->bpf_func = (void *)image;
prog->jited = true;
}
-@@ -981,12 +1016,8 @@ void bpf_jit_free(struct bpf_prog *fp)
+@@ -1014,12 +1021,8 @@ void bpf_jit_free(struct bpf_prog *fp)
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
struct bpf_binary_header *header = (void *)addr;
@@ -35633,7 +35668,7 @@ index 80ffa5b..a33bd15 100644
return 0;
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
-index 7b9be98..39bb57f 100644
+index 8533c96..ff98c52 100644
--- a/arch/x86/vdso/Makefile
+++ b/arch/x86/vdso/Makefile
@@ -175,7 +175,7 @@ quiet_cmd_vdso = VDSO $@
@@ -36263,7 +36298,7 @@ index f678c73..f35aa18 100644
err = -EFAULT;
goto out;
diff --git a/block/genhd.c b/block/genhd.c
-index 0a536dc..b8f7aca 100644
+index ea982ea..86e0f9e 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -469,21 +469,24 @@ static char *bdevt_str(dev_t devt, char *buf)
@@ -40163,6 +40198,32 @@ index 832a2c3..1794080 100644
.attrs = cpuidle_default_attrs,
.name = "cpuidle",
};
+diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
+index f347ab7..08b0da2 100644
+--- a/drivers/crypto/caam/caamhash.c
++++ b/drivers/crypto/caam/caamhash.c
+@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req)
+
+ state->current_buf = 0;
+ state->buf_dma = 0;
++ state->buflen_0 = 0;
++ state->buflen_1 = 0;
+
+ return 0;
+ }
+diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
+index ae31e55..a48dc25 100644
+--- a/drivers/crypto/caam/caamrng.c
++++ b/drivers/crypto/caam/caamrng.c
+@@ -56,7 +56,7 @@
+
+ /* Buffer, its dma address and lock */
+ struct buf_data {
+- u8 buf[RN_BUF_SIZE];
++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
+ dma_addr_t addr;
+ struct completion filled;
+ u32 hw_desc[DESC_JOB_O_LEN];
diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
index 8d2a772..33826c9 100644
--- a/drivers/crypto/hifn_795x.c
@@ -41973,7 +42034,7 @@ index b928c17..e5d9400 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index bd7519f..e1c2cd95 100644
+index aa232fd..7e5f6e1 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
@@ -1247,7 +1247,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
@@ -45671,7 +45732,7 @@ index 9b4e30a..83c927d 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index 907534b..8b3554e 100644
+index b7bf8ee..ee17152 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -191,10 +191,10 @@ EXPORT_SYMBOL_GPL(bio_clone_mddev);
@@ -45743,7 +45804,7 @@ index 907534b..8b3554e 100644
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -7085,7 +7085,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -7086,7 +7086,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
@@ -45752,7 +45813,7 @@ index 907534b..8b3554e 100644
return 0;
}
if (v == (void*)2) {
-@@ -7188,7 +7188,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7189,7 +7189,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
@@ -45761,7 +45822,7 @@ index 907534b..8b3554e 100644
return error;
}
-@@ -7205,7 +7205,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7206,7 +7206,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
@@ -45770,7 +45831,7 @@ index 907534b..8b3554e 100644
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -7252,7 +7252,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7253,7 +7253,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
@@ -49007,7 +49068,7 @@ index badff18..e15c4ec 100644
break;
}
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index e6b790f..051ba2d 100644
+index 893753f..3b5d790 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
@@ -536,7 +536,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
@@ -54305,7 +54366,7 @@ index bce16e4..1120a85 100644
dlci->modem_rx = 0;
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index cc57a3a..b39622b 100644
+index eee40b5..796fb03 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -116,7 +116,7 @@ struct n_tty_data {
@@ -54317,7 +54378,7 @@ index cc57a3a..b39622b 100644
size_t line_start;
/* protected by output lock */
-@@ -2561,6 +2561,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2572,6 +2572,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -66081,10 +66142,10 @@ index 8a1d38e..300a14e 100644
&data);
if (!inode) {
diff --git a/fs/aio.c b/fs/aio.c
-index a793f70..46f45af 100644
+index a1736e9..c80a8ac 100644
--- a/fs/aio.c
+++ b/fs/aio.c
-@@ -404,7 +404,7 @@ static int aio_setup_ring(struct kioctx *ctx)
+@@ -409,7 +409,7 @@ static int aio_setup_ring(struct kioctx *ctx)
size += sizeof(struct io_event) * nr_events;
nr_pages = PFN_UP(size);
@@ -67264,7 +67325,7 @@ index f70119f..ab5894d 100644
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index 05fef19..f3774b8 100644
+index e477ed6..480c0db 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
@@ -271,7 +271,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
@@ -94712,7 +94773,7 @@ index 0f712c0..cd762c4 100644
return;
}
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
-index 5976bde..3a81660 100644
+index 9fe865c..43735aa 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -63,7 +63,7 @@ struct inet_connection_sock_af_ops {
@@ -101387,7 +101448,7 @@ index f4da2cb..e44587b 100644
#else
static void register_sched_domain_sysctl(void)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 241213b..6a64c91 100644
+index 486d00c..62f3f6e 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -2092,7 +2092,7 @@ void task_numa_fault(int last_cpupid, int mem_node, int pages, int flags)
@@ -102956,6 +103017,39 @@ index a9c10a3..1864f6b 100644
static void __add_event_to_tracers(struct ftrace_event_call *call);
/* Add an additional event_call dynamically */
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
+index ced69da..7f2e97c 100644
+--- a/kernel/trace/trace_events_filter.c
++++ b/kernel/trace/trace_events_filter.c
+@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
+ {
+ int n_normal_preds = 0, n_logical_preds = 0;
+ struct postfix_elt *elt;
++ int cnt = 0;
+
+ list_for_each_entry(elt, &ps->postfix, list) {
+- if (elt->op == OP_NONE)
++ if (elt->op == OP_NONE) {
++ cnt++;
+ continue;
++ }
+
+ if (elt->op == OP_AND || elt->op == OP_OR) {
+ n_logical_preds++;
++ cnt--;
+ continue;
+ }
++ if (elt->op != OP_NOT)
++ cnt--;
+ n_normal_preds++;
++ WARN_ON_ONCE(cnt < 0);
+ }
+
+- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
+ parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
+ return -EINVAL;
+ }
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
index b6fce36..d9f11a3 100644
--- a/kernel/trace/trace_functions_graph.c
@@ -103826,6 +103920,28 @@ index ecb9a66..a044fc5 100644
retval = 1;
}
spin_unlock(&lockref->lock);
+diff --git a/lib/mpi/longlong.h b/lib/mpi/longlong.h
+index aac5114..a89d041 100644
+--- a/lib/mpi/longlong.h
++++ b/lib/mpi/longlong.h
+@@ -639,7 +639,7 @@ do { \
+ ************** MIPS *****************
+ ***************************************/
+ #if defined(__mips__) && W_TYPE_SIZE == 32
+-#if __GNUC__ >= 4 && __GNUC_MINOR__ >= 4
++#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4)
+ #define umul_ppmm(w1, w0, u, v) \
+ do { \
+ UDItype __ll = (UDItype)(u) * (v); \
+@@ -671,7 +671,7 @@ do { \
+ ************** MIPS/64 **************
+ ***************************************/
+ #if (defined(__mips) && __mips >= 3) && W_TYPE_SIZE == 64
+-#if __GNUC__ >= 4 && __GNUC_MINOR__ >= 4
++#if (__GNUC__ >= 5) || (__GNUC__ >= 4 && __GNUC_MINOR__ >= 4)
+ #define umul_ppmm(w1, w0, u, v) \
+ do { \
+ typedef unsigned int __ll_UTItype __attribute__((mode(TI))); \
diff --git a/lib/nlattr.c b/lib/nlattr.c
index f5907d2..36072be 100644
--- a/lib/nlattr.c
@@ -104173,7 +104289,7 @@ index 957d3da..1d34e20 100644
depends on !KMEMCHECK
select PAGE_EXTENSION
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 6dc4580..e031ec1 100644
+index 000e7b3..aad2605 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
@@ -12,7 +12,7 @@
@@ -104185,7 +104301,7 @@ index 6dc4580..e031ec1 100644
struct backing_dev_info noop_backing_dev_info = {
.name = "noop",
-@@ -474,7 +474,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
+@@ -458,7 +458,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
return err;
err = bdi_register(bdi, NULL, "%.28s-%ld", name,
@@ -107141,7 +107257,7 @@ index 2dc44b1..caa1819 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index 3fba2dc..fdad748 100644
+index 3fba2dc9..fdad748 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -72,7 +72,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
@@ -110160,7 +110276,7 @@ index df493d6..1145766 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 22a53ac..1d19af7 100644
+index e977e15..74b19b0 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1681,14 +1681,14 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -110322,10 +110438,51 @@ index 1033725..340f65d 100644
fle->object = flo;
else
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 70fe9e1..926784c 100644
+index 70fe9e1..c55e69d 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
-@@ -2806,7 +2806,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
+@@ -971,6 +971,8 @@ int __neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
+ rc = 0;
+ if (neigh->nud_state & (NUD_CONNECTED | NUD_DELAY | NUD_PROBE))
+ goto out_unlock_bh;
++ if (neigh->dead)
++ goto out_dead;
+
+ if (!(neigh->nud_state & (NUD_STALE | NUD_INCOMPLETE))) {
+ if (NEIGH_VAR(neigh->parms, MCAST_PROBES) +
+@@ -1027,6 +1029,13 @@ out_unlock_bh:
+ write_unlock(&neigh->lock);
+ local_bh_enable();
+ return rc;
++
++out_dead:
++ if (neigh->nud_state & NUD_STALE)
++ goto out_unlock_bh;
++ write_unlock_bh(&neigh->lock);
++ kfree_skb(skb);
++ return 1;
+ }
+ EXPORT_SYMBOL(__neigh_event_send);
+
+@@ -1090,6 +1099,8 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
+ if (!(flags & NEIGH_UPDATE_F_ADMIN) &&
+ (old & (NUD_NOARP | NUD_PERMANENT)))
+ goto out;
++ if (neigh->dead)
++ goto out;
+
+ if (!(new & NUD_VALID)) {
+ neigh_del_timer(neigh);
+@@ -1239,6 +1250,8 @@ EXPORT_SYMBOL(neigh_update);
+ */
+ void __neigh_set_probe_once(struct neighbour *neigh)
+ {
++ if (neigh->dead)
++ return;
+ neigh->updated = jiffies;
+ if (!(neigh->nud_state & NUD_FAILED))
+ return;
+@@ -2806,7 +2819,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
int size, ret;
@@ -110334,7 +110491,7 @@ index 70fe9e1..926784c 100644
tmp.extra1 = &zero;
tmp.extra2 = &unres_qlen_max;
-@@ -2868,7 +2868,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
+@@ -2868,7 +2881,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
void __user *buffer,
size_t *lenp, loff_t *ppos)
{
@@ -110483,7 +110640,7 @@ index 508155b..fad080f 100644
pr_warn("cannot create /proc/net/%s\n", PG_PROC_DIR);
return -ENODEV;
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 7ebed55..378bf34 100644
+index a2b90e1..7882f75 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -61,7 +61,7 @@ struct rtnl_link {
@@ -111639,7 +111796,7 @@ index f027a70..2e64edc 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 20fc020..3ba426f 100644
+index e262a08..d1fc3be 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -228,7 +228,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -111692,7 +111849,7 @@ index 20fc020..3ba426f 100644
}
EXPORT_SYMBOL(ip_idents_reserve);
-@@ -2639,34 +2639,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
+@@ -2643,34 +2643,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
.maxlen = sizeof(int),
.mode = 0200,
.proc_handler = ipv4_sysctl_rtcache_flush,
@@ -111735,7 +111892,7 @@ index 20fc020..3ba426f 100644
err_dup:
return -ENOMEM;
}
-@@ -2689,8 +2689,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2693,8 +2693,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
@@ -111746,7 +111903,7 @@ index 20fc020..3ba426f 100644
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
-@@ -2734,11 +2734,7 @@ int __init ip_rt_init(void)
+@@ -2738,11 +2738,7 @@ int __init ip_rt_init(void)
int rc = 0;
int cpu;
@@ -111977,7 +112134,7 @@ index f1756ee..8908cb0 100644
}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index dd11ac7..c0872da 100644
+index 50277af..defe393 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
@@ -111991,7 +112148,7 @@ index dd11ac7..c0872da 100644
int sysctl_tcp_syncookies __read_mostly = 1;
EXPORT_SYMBOL(sysctl_tcp_syncookies);
-@@ -785,7 +789,10 @@ embryonic_reset:
+@@ -788,7 +792,10 @@ embryonic_reset:
* avoid becoming vulnerable to outside attack aiming at
* resetting legit local connections.
*/
@@ -112046,7 +112203,7 @@ index 0732b78..a82bdc6 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 97ef1f8b..abeb965 100644
+index 51f1745..4bc0427 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -112057,7 +112214,7 @@ index 97ef1f8b..abeb965 100644
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/igmp.h>
-@@ -114,6 +115,10 @@
+@@ -115,6 +116,10 @@
#include <net/busy_poll.h>
#include "udp_impl.h"
@@ -112068,7 +112225,7 @@ index 97ef1f8b..abeb965 100644
struct udp_table udp_table __read_mostly;
EXPORT_SYMBOL(udp_table);
-@@ -608,6 +613,9 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk,
+@@ -609,6 +614,9 @@ static inline bool __udp_is_mcast_sock(struct net *net, struct sock *sk,
return true;
}
@@ -112078,7 +112235,7 @@ index 97ef1f8b..abeb965 100644
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -945,9 +953,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -946,9 +954,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
@@ -112097,7 +112254,7 @@ index 97ef1f8b..abeb965 100644
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1195,7 +1212,7 @@ static unsigned int first_packet_length(struct sock *sk)
+@@ -1196,7 +1213,7 @@ static unsigned int first_packet_length(struct sock *sk)
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
@@ -112106,7 +112263,7 @@ index 97ef1f8b..abeb965 100644
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1275,6 +1292,10 @@ try_again:
+@@ -1276,6 +1293,10 @@ try_again:
if (!skb)
goto out;
@@ -112117,7 +112274,7 @@ index 97ef1f8b..abeb965 100644
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1307,7 +1328,7 @@ try_again:
+@@ -1308,7 +1329,7 @@ try_again:
if (unlikely(err)) {
trace_kfree_skb(skb, udp_recvmsg);
if (!peeked) {
@@ -112126,20 +112283,7 @@ index 97ef1f8b..abeb965 100644
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS, is_udplite);
}
-@@ -1348,10 +1369,8 @@ csum_copy_err:
- }
- unlock_sock_fast(sk, slow);
-
-- if (noblock)
-- return -EAGAIN;
--
-- /* starting over for a new packet */
-+ /* starting over for a new packet, but check if we need to yield */
-+ cond_resched();
- msg->msg_flags &= ~MSG_TRUNC;
- goto try_again;
- }
-@@ -1605,7 +1624,7 @@ csum_error:
+@@ -1604,7 +1625,7 @@ csum_error:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -112148,7 +112292,7 @@ index 97ef1f8b..abeb965 100644
kfree_skb(skb);
return -1;
}
-@@ -1624,7 +1643,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1623,7 +1644,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -112157,7 +112301,7 @@ index 97ef1f8b..abeb965 100644
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1830,6 +1849,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1829,6 +1850,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -112167,7 +112311,7 @@ index 97ef1f8b..abeb965 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2416,7 +2438,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2426,7 +2450,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -112849,7 +112993,7 @@ index c5c10fa..2577d51 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 1f5e622..8387d90 100644
+index 5ca3bc8..8c53c81 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -104,6 +104,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -112908,7 +113052,7 @@ index 1f5e622..8387d90 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index d048d46..cacb4d2 100644
+index 1c9512a..786b8d6 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -76,6 +76,10 @@ static unsigned int udp6_ehashfn(struct net *net,
@@ -112931,20 +113075,7 @@ index d048d46..cacb4d2 100644
if (is_udp4)
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS,
-@@ -528,10 +532,8 @@ csum_copy_err:
- }
- unlock_sock_fast(sk, slow);
-
-- if (noblock)
-- return -EAGAIN;
--
-- /* starting over for a new packet */
-+ /* starting over for a new packet, but check if we need to yield */
-+ cond_resched();
- msg->msg_flags &= ~MSG_TRUNC;
- goto try_again;
- }
-@@ -714,7 +716,7 @@ csum_error:
+@@ -712,7 +716,7 @@ csum_error:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
@@ -112953,7 +113084,7 @@ index d048d46..cacb4d2 100644
kfree_skb(skb);
return -1;
}
-@@ -753,7 +755,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -753,7 +757,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
if (likely(skb1 == NULL))
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -112962,7 +113093,7 @@ index d048d46..cacb4d2 100644
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -937,6 +939,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -937,6 +941,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -114083,7 +114214,7 @@ index 11de55e..f25e448 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index d1d7a81..b45b03d 100644
+index 0e9c28d..d99773f 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -260,7 +260,7 @@ static void netlink_overrun(struct sock *sk)
@@ -114095,7 +114226,7 @@ index d1d7a81..b45b03d 100644
}
static void netlink_rcv_wake(struct sock *sk)
-@@ -3002,7 +3002,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+@@ -3005,7 +3005,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb_running,
atomic_read(&s->sk_refcnt),
@@ -114180,7 +114311,7 @@ index bc85331..0d3dce0 100644
/**
* struct vport_portids - array of netlink portids of a vport.
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index f8db706..2b4631e 100644
+index f8db706..0e29f8f 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -269,7 +269,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
@@ -114192,7 +114323,40 @@ index f8db706..2b4631e 100644
kfree_skb(skb);
return NET_XMIT_DROP;
}
-@@ -1847,7 +1847,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1266,16 +1266,6 @@ static void packet_sock_destruct(struct sock *sk)
+ sk_refcnt_debug_dec(sk);
+ }
+
+-static int fanout_rr_next(struct packet_fanout *f, unsigned int num)
+-{
+- int x = atomic_read(&f->rr_cur) + 1;
+-
+- if (x >= num)
+- x = 0;
+-
+- return x;
+-}
+-
+ static unsigned int fanout_demux_hash(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+@@ -1287,13 +1277,9 @@ static unsigned int fanout_demux_lb(struct packet_fanout *f,
+ struct sk_buff *skb,
+ unsigned int num)
+ {
+- int cur, old;
++ unsigned int val = atomic_inc_return(&f->rr_cur);
+
+- cur = atomic_read(&f->rr_cur);
+- while ((old = atomic_cmpxchg(&f->rr_cur, cur,
+- fanout_rr_next(f, num))) != cur)
+- cur = old;
+- return cur;
++ return val % num;
+ }
+
+ static unsigned int fanout_demux_cpu(struct packet_fanout *f,
+@@ -1847,7 +1833,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_packets++;
@@ -114201,7 +114365,7 @@ index f8db706..2b4631e 100644
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk);
-@@ -1856,7 +1856,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1856,7 +1842,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -114210,7 +114374,7 @@ index f8db706..2b4631e 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3499,7 +3499,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3499,7 +3485,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -114219,7 +114383,7 @@ index f8db706..2b4631e 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3545,7 +3545,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3545,7 +3531,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -115710,7 +115874,7 @@ index 72c339e..a93593a 100644
sub->evt.event = htohl(event, sub->swap);
sub->evt.found_lower = htohl(found_lower, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 526b6ed..ec20275 100644
+index 146881f..9441ed2 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -791,6 +791,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -115759,7 +115923,7 @@ index 526b6ed..ec20275 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2233,11 +2252,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
+@@ -2241,11 +2260,14 @@ static unsigned int unix_dgram_poll(struct file *file, struct socket *sock,
writable = unix_writable(sk);
other = unix_peer_get(sk);
if (other) {
@@ -115776,7 +115940,7 @@ index 526b6ed..ec20275 100644
sock_put(other);
}
-@@ -2334,9 +2356,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2342,9 +2364,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -115791,7 +115955,7 @@ index 526b6ed..ec20275 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2361,10 +2387,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2369,10 +2395,29 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_putc(seq, '@');
i++;
}
@@ -126174,10 +126338,10 @@ index 0000000..b8e7188
+}
diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..19e2901
+index 0000000..89e8e68
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,27981 @@
+@@ -0,0 +1,27982 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL nohasharray
+iwl_set_tx_power_1 iwl_set_tx_power 0 1 &intel_fake_agp_alloc_by_type_1
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
@@ -141936,7 +142100,8 @@ index 0000000..19e2901
+cyapa_gen5_bl_exit_36644 cyapa_gen5_bl_exit 0 36644 &ov2640_write_array_36644
+m66592_udc_start_36646 m66592_udc_start 0 36646 NULL
+mem_cgroup_do_precharge_36647 mem_cgroup_do_precharge 0 36647 NULL
-+lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL
++lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL nohasharray
++tty_copy_to_user_36648 tty_copy_to_user 4 36648 &lpfc_idiag_extacc_alloc_get_36648
+add_dev_support_show_36650 add_dev_support_show 0 36650 NULL
+hfsplus_osx_listxattr_36654 hfsplus_osx_listxattr 0-5 36654 NULL nohasharray
+interface_show_36654 interface_show 0 36654 &hfsplus_osx_listxattr_36654
diff --git a/4.0.5/4425_grsec_remove_EI_PAX.patch b/4.0.6/4425_grsec_remove_EI_PAX.patch
index a80a5d7..a80a5d7 100644
--- a/4.0.5/4425_grsec_remove_EI_PAX.patch
+++ b/4.0.6/4425_grsec_remove_EI_PAX.patch
diff --git a/4.0.5/4427_force_XATTR_PAX_tmpfs.patch b/4.0.6/4427_force_XATTR_PAX_tmpfs.patch
index a789f0b..a789f0b 100644
--- a/4.0.5/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.0.6/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.0.5/4430_grsec-remove-localversion-grsec.patch b/4.0.6/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.0.5/4430_grsec-remove-localversion-grsec.patch
+++ b/4.0.6/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.0.5/4435_grsec-mute-warnings.patch b/4.0.6/4435_grsec-mute-warnings.patch
index b7564e4..b7564e4 100644
--- a/4.0.5/4435_grsec-mute-warnings.patch
+++ b/4.0.6/4435_grsec-mute-warnings.patch
diff --git a/4.0.5/4440_grsec-remove-protected-paths.patch b/4.0.6/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.0.5/4440_grsec-remove-protected-paths.patch
+++ b/4.0.6/4440_grsec-remove-protected-paths.patch
diff --git a/4.0.5/4450_grsec-kconfig-default-gids.patch b/4.0.6/4450_grsec-kconfig-default-gids.patch
index 61d903e..61d903e 100644
--- a/4.0.5/4450_grsec-kconfig-default-gids.patch
+++ b/4.0.6/4450_grsec-kconfig-default-gids.patch
diff --git a/4.0.5/4465_selinux-avc_audit-log-curr_ip.patch b/4.0.6/4465_selinux-avc_audit-log-curr_ip.patch
index ba89596..ba89596 100644
--- a/4.0.5/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.0.6/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.0.5/4470_disable-compat_vdso.patch b/4.0.6/4470_disable-compat_vdso.patch
index 7aefa02..7aefa02 100644
--- a/4.0.5/4470_disable-compat_vdso.patch
+++ b/4.0.6/4470_disable-compat_vdso.patch
diff --git a/4.0.5/4475_emutramp_default_on.patch b/4.0.6/4475_emutramp_default_on.patch
index a128205..a128205 100644
--- a/4.0.5/4475_emutramp_default_on.patch
+++ b/4.0.6/4475_emutramp_default_on.patch