summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2016-06-27 06:28:23 -0400
committerAnthony G. Basile <blueness@gentoo.org>2016-06-27 06:28:23 -0400
commit8bf1f839085fc6cb7cde16cc44895e8203618936 (patch)
treec695fb826ee9b07d14fd55719b9f4f8e8e0c6694
parentgrsecurity-3.1-4.5.7-201606202152 (diff)
downloadhardened-patchset-8bf1f839085fc6cb7cde16cc44895e8203618936.tar.gz
hardened-patchset-8bf1f839085fc6cb7cde16cc44895e8203618936.tar.bz2
hardened-patchset-8bf1f839085fc6cb7cde16cc44895e8203618936.zip
grsecurity-3.1-4.5.7-20160626201920160626
-rw-r--r--4.5.7/0000_README2
-rw-r--r--4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch (renamed from 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch)1079
2 files changed, 848 insertions, 233 deletions
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 068b4c9..b74a9dd 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
index 5ac1e8a..3d3b9d3 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
@@ -1,3 +1,15 @@
+diff --git a/.gitignore b/.gitignore
+index fd3a355..c47e86a 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -37,6 +37,7 @@ modules.builtin
+ Module.symvers
+ *.dwo
+ *.su
++*.c.[012]*.*
+
+ #
+ # Top-level generic files
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
index 8ea834f..1462492 100644
--- a/Documentation/dontdiff
@@ -408,7 +420,7 @@ index a93b414..f50a50b 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 90e4bd9..44d0d41 100644
+index 90e4bd9..66ce952 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -422,16 +434,7 @@ index 90e4bd9..44d0d41 100644
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
-@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE
- export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL
- export KBUILD_ARFLAGS
-
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
-+
- # When compiling out-of-tree modules, put MODVERDIR in the module
- # tree rather than in the kernel tree. The kernel tree might
- # even be read-only.
-@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),)
+@@ -547,7 +549,7 @@ ifeq ($(KBUILD_EXTMOD),)
# in parallel
PHONY += scripts
scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
@@ -440,23 +443,16 @@ index 90e4bd9..44d0d41 100644
$(Q)$(MAKE) $(build)=$(@)
# Objects we will link into vmlinux / subdirs we need to visit
-@@ -622,6 +626,15 @@ endif
+@@ -622,6 +624,8 @@ endif
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
-+PHONY += gcc-plugins
-+gcc-plugins: scripts_basic
-+ifdef CONFIG_GCC_PLUGINS
-+ $(Q)$(MAKE) $(build)=scripts/gcc-plugins
-+endif
-+ @:
-+
+include scripts/Makefile.gcc-plugins
+
ifdef CONFIG_READABLE_ASM
# Disable optimizations that make assembler listings hard to read.
# reorder blocks reorders the control in the function
-@@ -715,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
+@@ -715,7 +719,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
else
KBUILD_CFLAGS += -g
endif
@@ -465,7 +461,7 @@ index 90e4bd9..44d0d41 100644
endif
ifdef CONFIG_DEBUG_INFO_DWARF4
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
-@@ -887,7 +900,7 @@ export mod_sign_cmd
+@@ -887,7 +891,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -474,7 +470,7 @@ index 90e4bd9..44d0d41 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -990,7 +994,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -483,7 +479,7 @@ index 90e4bd9..44d0d41 100644
$(Q)$(MAKE) $(build)=.
# All the preparing..
-@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1185,7 +1189,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.pem signing_key.priv signing_key.x509 \
x509.genkey extra_certificates signing_key.x509.keyid \
@@ -496,7 +492,7 @@ index 90e4bd9..44d0d41 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1224,7 +1241,7 @@ distclean: mrproper
+@@ -1224,7 +1232,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -505,6 +501,14 @@ index 90e4bd9..44d0d41 100644
-type f -print | xargs rm -f
+@@ -1443,6 +1451,7 @@ clean: $(clean-dirs)
+ -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
+ -o -name '*.symtypes' -o -name 'modules.order' \
+ -o -name modules.builtin -o -name '.tmp_*.o.*' \
++ -o -name '*.c.[012]*.*' \
+ -o -name '*.gcno' \) -type f -print | xargs rm -f
+
+ # Generate tags for editors
diff --git a/arch/Kconfig b/arch/Kconfig
index f6b649d..5ba628b 100644
--- a/arch/Kconfig
@@ -8882,7 +8886,7 @@ index 2c01665..85a54a8 100644
sechdrs, module);
#endif
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 54ed9c7..681162e 100644
+index 54ed9c7..681162e5 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -1185,8 +1185,8 @@ void show_regs(struct pt_regs * regs)
@@ -17956,7 +17960,7 @@ index 0224987..0359810 100644
fprintf(outfile, "const struct vdso_image %s = {\n", name);
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index b8f69e2..2489643 100644
+index b8f69e2..b142158 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -20,10 +20,7 @@
@@ -18012,7 +18016,7 @@ index b8f69e2..2489643 100644
up_fail:
if (ret)
- current->mm->context.vdso = NULL;
-+ current->mm->context.vdso = 0;
++ mm->context.vdso = 0;
up_write(&mm->mmap_sem);
return ret;
@@ -21815,14 +21819,14 @@ index 9fb2f2b..8e18c70 100644
#define MODULES_END VMALLOC_END
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
-index 2ee7811..afd76c0 100644
+index 2ee7811..1779bde 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
@@ -16,11 +16,17 @@
extern pud_t level3_kernel_pgt[512];
extern pud_t level3_ident_pgt[512];
-+extern pud_t level3_vmalloc_start_pgt[512];
++extern pud_t level3_vmalloc_start_pgt[4][512];
+extern pud_t level3_vmalloc_end_pgt[512];
+extern pud_t level3_vmemmap_pgt[512];
+extern pud_t level2_vmemmap_pgt[512];
@@ -25822,6 +25826,28 @@ index a316ca9..07e219e 100644
ret = intel_cqm_setup_rmid_cache();
if (ret)
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_cstate.c b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+index 75a38b5..36cb0a9 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_cstate.c
++++ b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+@@ -92,14 +92,14 @@
+ #include "perf_event.h"
+
+ #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
+-static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
+- struct kobj_attribute *attr, \
++static ssize_t __cstate_##_var##_show(struct device *dev, \
++ struct device_attribute *attr, \
+ char *page) \
+ { \
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
+ return sprintf(page, _format "\n"); \
+ } \
+-static struct kobj_attribute format_attr_##_var = \
++static struct device_attribute format_attr_##_var = \
+ __ATTR(_name, 0444, __cstate_##_var##_show, NULL)
+
+ static ssize_t cstate_get_attr_cpumask(struct device *dev,
diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
index 9551401..649b91c 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
@@ -27568,7 +27594,7 @@ index 6bc9ae2..33997fe 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..f429d4f 100644
+index ffdc0e8..60b5d16 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -27593,12 +27619,15 @@ index ffdc0e8..f429d4f 100644
.text
__HEAD
-@@ -92,11 +100,33 @@ startup_64:
+@@ -92,11 +100,36 @@ startup_64:
* Fixup the physical addresses in the page table
*/
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 8(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 16(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 24(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
@@ -27629,7 +27658,7 @@ index ffdc0e8..f429d4f 100644
/*
* Set up the identity mapping for the switchover. These
-@@ -180,11 +210,12 @@ ENTRY(secondary_startup_64)
+@@ -180,11 +213,12 @@ ENTRY(secondary_startup_64)
/* Sanitize CPU configuration */
call verify_cpu
@@ -27644,7 +27673,7 @@ index ffdc0e8..f429d4f 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +236,21 @@ ENTRY(secondary_startup_64)
+@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -27667,7 +27696,7 @@ index ffdc0e8..f429d4f 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -288,6 +330,7 @@ ENTRY(secondary_startup_64)
+@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -27675,7 +27704,7 @@ index ffdc0e8..f429d4f 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -321,7 +364,7 @@ ENDPROC(start_cpu0)
+@@ -321,7 +367,7 @@ ENDPROC(start_cpu0)
.quad INIT_PER_CPU_VAR(irq_stack_union)
GLOBAL(stack_start)
@@ -27684,7 +27713,7 @@ index ffdc0e8..f429d4f 100644
.word 0
__FINITDATA
-@@ -401,7 +444,7 @@ early_idt_handler_common:
+@@ -401,7 +447,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -27693,7 +27722,7 @@ index ffdc0e8..f429d4f 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -430,6 +473,7 @@ ENDPROC(early_idt_handler_common)
+@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
@@ -27701,7 +27730,7 @@ index ffdc0e8..f429d4f 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +496,67 @@ GLOBAL(name)
+@@ -452,40 +499,70 @@ GLOBAL(name)
__INITDATA
NEXT_PAGE(early_level4_pgt)
.fill 511,8,0
@@ -27723,7 +27752,10 @@ index ffdc0e8..f429d4f 100644
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMALLOC_START*8, 0
-+ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*0 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*1 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*2 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*3 + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMALLOC_END*8, 0
+ .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMEMMAP_START*8, 0
@@ -27750,7 +27782,7 @@ index ffdc0e8..f429d4f 100644
+#endif
+
+NEXT_PAGE(level3_vmalloc_start_pgt)
-+ .fill 512,8,0
++ .fill 4*512,8,0
+
+NEXT_PAGE(level3_vmalloc_end_pgt)
+ .fill 512,8,0
@@ -27781,7 +27813,7 @@ index ffdc0e8..f429d4f 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -502,31 +573,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -28964,7 +28996,7 @@ index 005c03e..7000fe4 100644
if ((s64)val != *(s32 *)loc)
goto overflow;
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 64f9616..c94695d 100644
+index 64f9616..4036384 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -39,6 +39,7 @@
@@ -28975,19 +29007,21 @@ index 64f9616..c94695d 100644
#include <asm/processor.h>
#include <asm/msr.h>
-@@ -83,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+@@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+#ifdef CONFIG_GRKERNSEC_KMEM
-+ gr_handle_msr_write();
-+ return -EPERM;
++ if (reg != MSR_IA32_ENERGY_PERF_BIAS) {
++ gr_handle_msr_write();
++ return -EPERM;
++ }
+#endif
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
-@@ -130,6 +136,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+@@ -130,6 +138,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
@@ -28998,7 +29032,7 @@ index 64f9616..c94695d 100644
if (copy_from_user(&regs, uregs, sizeof regs)) {
err = -EFAULT;
break;
-@@ -213,7 +223,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
+@@ -213,7 +225,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
return notifier_from_errno(err);
}
@@ -35741,7 +35775,7 @@ index 740d7ac..4091827 100644
#endif /* CONFIG_HUGETLB_PAGE */
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..eeba8bb 100644
+index 493f541..d8e6b22 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -35780,7 +35814,7 @@ index 493f541..eeba8bb 100644
__flush_tlb_all();
early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +648,40 @@ void __init init_mem_mapping(void)
+@@ -634,10 +648,34 @@ void __init init_mem_mapping(void)
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
*/
@@ -35792,37 +35826,30 @@ index 493f541..eeba8bb 100644
+
int devmem_is_allowed(unsigned long pagenr)
{
-- if (pagenr < 256)
+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* allow BDA */
+ if (!pagenr)
- return 1;
++ return 1;
+ /* allow EBDA */
+ if (pagenr >= ebda_start && pagenr < ebda_end)
+ return 1;
+ /* if tboot is in use, allow access to its hardcoded serial log range */
+ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
+ return 1;
-+#else
-+ if (!pagenr)
-+ return 1;
-+#ifdef CONFIG_VM86
-+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
-+ return 1;
-+#endif
-+#endif
-+
+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ return 1;
-+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* throw out everything else below 1MB */
+ if (pagenr <= 256)
+ return 0;
++#else
+ if (pagenr < 256)
+ return 1;
+#endif
++
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -683,8 +727,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -38861,14 +38888,17 @@ index e3679db..16b93d1 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index c913ca4..a314c65 100644
+index c913ca4..55f8877 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -1950,7 +1950,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
* L3_k[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
-+ convert_pfn_mfn(level3_vmalloc_start_pgt);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[0]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[1]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[2]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[3]);
+ convert_pfn_mfn(level3_vmalloc_end_pgt);
+ convert_pfn_mfn(level3_vmemmap_pgt);
/* L3_k[511][506] -> level1_fixmap_pgt */
@@ -38876,11 +38906,14 @@ index c913ca4..a314c65 100644
convert_pfn_mfn(level2_fixmap_pgt);
}
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
-@@ -1980,11 +1984,22 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1980,11 +1987,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
-+ set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[0], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[1], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[2], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[3], PAGE_KERNEL_RO);
+ set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO);
+ set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
@@ -38900,7 +38933,7 @@ index c913ca4..a314c65 100644
/* Pin down new L4 */
pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
-@@ -2395,6 +2410,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2395,6 +2416,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if CONFIG_PGTABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -38908,7 +38941,7 @@ index c913ca4..a314c65 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2423,6 +2439,10 @@ static void xen_leave_lazy_mmu(void)
+@@ -2423,6 +2445,10 @@ static void xen_leave_lazy_mmu(void)
preempt_enable();
}
@@ -38919,7 +38952,7 @@ index c913ca4..a314c65 100644
static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.read_cr2 = xen_read_cr2,
.write_cr2 = xen_write_cr2,
-@@ -2435,7 +2455,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2435,7 +2461,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.flush_tlb_single = xen_flush_tlb_single,
.flush_tlb_others = xen_flush_tlb_others,
@@ -38928,7 +38961,7 @@ index c913ca4..a314c65 100644
.pgd_alloc = xen_pgd_alloc,
.pgd_free = xen_pgd_free,
-@@ -2472,6 +2492,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2472,6 +2498,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -44269,6 +44302,23 @@ index 984c5e9..c873659 100644
err_out:
mutex_unlock(&devfreq_list_lock);
+diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
+index 155c146..0a697f4 100644
+--- a/drivers/dma-buf/dma-buf.c
++++ b/drivers/dma-buf/dma-buf.c
+@@ -835,10 +835,9 @@ static int dma_buf_describe(struct seq_file *s)
+
+ static int dma_buf_show(struct seq_file *s, void *unused)
+ {
+- void (*func)(struct seq_file *) = s->private;
++ int (*func)(struct seq_file *) = s->private;
+
+- func(s);
+- return 0;
++ return func(s);
+ }
+
+ static int dma_buf_debug_open(struct inode *inode, struct file *file)
diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c
index 10fcaba..326f709 100644
--- a/drivers/dma/sh/shdma-base.c
@@ -45707,6 +45757,212 @@ index 7b69070..d7bd78b 100644
pqn->q);
if (retval != 0)
return retval;
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+index ff08ce4..5b8758f 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+@@ -239,10 +239,16 @@ int cz_dpm_powergate_vce(struct pp_hwmgr *hwmgr, bool bgate)
+
+ static struct phm_master_table_item cz_enable_clock_power_gatings_list[] = {
+ /*we don't need an exit table here, because there is only D3 cold on Kv*/
+- { phm_cf_want_uvd_power_gating, cz_tf_uvd_power_gating_initialize },
+- { phm_cf_want_vce_power_gating, cz_tf_vce_power_gating_initialize },
++ {
++ .isFunctionNeededInRuntimeTable = phm_cf_want_uvd_power_gating,
++ .tableFunction = cz_tf_uvd_power_gating_initialize
++ },
++ {
++ .isFunctionNeededInRuntimeTable = phm_cf_want_vce_power_gating,
++ .tableFunction = cz_tf_vce_power_gating_initialize
++ },
+ /* to do { NULL, cz_tf_xdma_power_gating_enable }, */
+- { NULL, NULL }
++ { }
+ };
+
+ struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+index 2ea012e..b4256b4 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+@@ -915,13 +915,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_set_power_state_list[] = {
+- {NULL, cz_tf_update_sclk_limit},
+- {NULL, cz_tf_set_deep_sleep_sclk_threshold},
+- {NULL, cz_tf_set_watermark_threshold},
+- {NULL, cz_tf_set_enabled_levels},
+- {NULL, cz_tf_enable_nb_dpm},
+- {NULL, cz_tf_update_low_mem_pstate},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_update_sclk_limit },
++ { .tableFunction = cz_tf_set_deep_sleep_sclk_threshold },
++ { .tableFunction = cz_tf_set_watermark_threshold },
++ { .tableFunction = cz_tf_set_enabled_levels },
++ { .tableFunction = cz_tf_enable_nb_dpm },
++ { .tableFunction = cz_tf_update_low_mem_pstate },
++ { }
+ };
+
+ static struct phm_master_table_header cz_set_power_state_master = {
+@@ -931,15 +931,15 @@ static struct phm_master_table_header cz_set_power_state_master = {
+ };
+
+ static struct phm_master_table_item cz_setup_asic_list[] = {
+- {NULL, cz_tf_reset_active_process_mask},
+- {NULL, cz_tf_upload_pptable_to_smu},
+- {NULL, cz_tf_init_sclk_limit},
+- {NULL, cz_tf_init_uvd_limit},
+- {NULL, cz_tf_init_vce_limit},
+- {NULL, cz_tf_init_acp_limit},
+- {NULL, cz_tf_init_power_gate_state},
+- {NULL, cz_tf_init_sclk_threshold},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_reset_active_process_mask },
++ { .tableFunction = cz_tf_upload_pptable_to_smu },
++ { .tableFunction = cz_tf_init_sclk_limit },
++ { .tableFunction = cz_tf_init_uvd_limit },
++ { .tableFunction = cz_tf_init_vce_limit },
++ { .tableFunction = cz_tf_init_acp_limit },
++ { .tableFunction = cz_tf_init_power_gate_state },
++ { .tableFunction = cz_tf_init_sclk_threshold },
++ { }
+ };
+
+ static struct phm_master_table_header cz_setup_asic_master = {
+@@ -984,10 +984,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_power_down_asic_list[] = {
+- {NULL, cz_tf_power_up_display_clock_sys_pll},
+- {NULL, cz_tf_clear_nb_dpm_flag},
+- {NULL, cz_tf_reset_cc6_data},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_power_up_display_clock_sys_pll },
++ { .tableFunction = cz_tf_clear_nb_dpm_flag },
++ { .tableFunction = cz_tf_reset_cc6_data },
++ { }
+ };
+
+ static struct phm_master_table_header cz_power_down_asic_master = {
+@@ -1095,8 +1095,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_disable_dpm_list[] = {
+- { NULL, cz_tf_check_for_dpm_enabled},
+- {NULL, NULL},
++ { .tableFunction = cz_tf_check_for_dpm_enabled },
++ { },
+ };
+
+
+@@ -1107,13 +1107,13 @@ static struct phm_master_table_header cz_disable_dpm_master = {
+ };
+
+ static struct phm_master_table_item cz_enable_dpm_list[] = {
+- { NULL, cz_tf_check_for_dpm_disabled },
+- { NULL, cz_tf_program_voting_clients },
+- { NULL, cz_tf_start_dpm},
+- { NULL, cz_tf_program_bootup_state},
+- { NULL, cz_tf_enable_didt },
+- { NULL, cz_tf_reset_acp_boot_level },
+- {NULL, NULL},
++ { .tableFunction = cz_tf_check_for_dpm_disabled },
++ { .tableFunction = cz_tf_program_voting_clients },
++ { .tableFunction = cz_tf_start_dpm },
++ { .tableFunction = cz_tf_program_bootup_state },
++ { .tableFunction = cz_tf_enable_didt },
++ { .tableFunction = cz_tf_reset_acp_boot_level },
++ { },
+ };
+
+ static struct phm_master_table_header cz_enable_dpm_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+index e76a7de..ae5fb7e 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+@@ -617,17 +617,17 @@ static int tf_fiji_thermal_disable_alert(struct pp_hwmgr *hwmgr,
+
+ static struct phm_master_table_item
+ fiji_thermal_start_thermal_controller_master_list[] = {
+- {NULL, tf_fiji_thermal_initialize},
+- {NULL, tf_fiji_thermal_set_temperature_range},
+- {NULL, tf_fiji_thermal_enable_alert},
++ { .tableFunction = tf_fiji_thermal_initialize},
++ { .tableFunction = tf_fiji_thermal_set_temperature_range},
++ { .tableFunction = tf_fiji_thermal_enable_alert},
+ /* We should restrict performance levels to low before we halt the SMC.
+ * On the other hand we are still in boot state when we do this
+ * so it would be pointless.
+ * If this assumption changes we have to revisit this table.
+ */
+- {NULL, tf_fiji_thermal_setup_fan_table},
+- {NULL, tf_fiji_thermal_start_smc_fan_control},
+- {NULL, NULL}
++ { .tableFunction = tf_fiji_thermal_setup_fan_table},
++ { .tableFunction = tf_fiji_thermal_start_smc_fan_control},
++ { }
+ };
+
+ static struct phm_master_table_header
+@@ -639,10 +639,10 @@ fiji_thermal_start_thermal_controller_master = {
+
+ static struct phm_master_table_item
+ fiji_thermal_set_temperature_range_master_list[] = {
+- {NULL, tf_fiji_thermal_disable_alert},
+- {NULL, tf_fiji_thermal_set_temperature_range},
+- {NULL, tf_fiji_thermal_enable_alert},
+- {NULL, NULL}
++ { .tableFunction = tf_fiji_thermal_disable_alert},
++ { .tableFunction = tf_fiji_thermal_set_temperature_range},
++ { .tableFunction = tf_fiji_thermal_enable_alert},
++ { }
+ };
+
+ struct phm_master_table_header
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+index a188174..74acdc0 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+@@ -526,16 +526,16 @@ static int tf_tonga_thermal_disable_alert(struct pp_hwmgr *hwmgr, void *input, v
+ }
+
+ static struct phm_master_table_item tonga_thermal_start_thermal_controller_master_list[] = {
+- { NULL, tf_tonga_thermal_initialize },
+- { NULL, tf_tonga_thermal_set_temperature_range },
+- { NULL, tf_tonga_thermal_enable_alert },
++ { .tableFunction = tf_tonga_thermal_initialize },
++ { .tableFunction = tf_tonga_thermal_set_temperature_range },
++ { .tableFunction = tf_tonga_thermal_enable_alert },
+ /* We should restrict performance levels to low before we halt the SMC.
+ * On the other hand we are still in boot state when we do this so it would be pointless.
+ * If this assumption changes we have to revisit this table.
+ */
+- { NULL, tf_tonga_thermal_setup_fan_table},
+- { NULL, tf_tonga_thermal_start_smc_fan_control},
+- { NULL, NULL }
++ { .tableFunction = tf_tonga_thermal_setup_fan_table},
++ { .tableFunction = tf_tonga_thermal_start_smc_fan_control},
++ { }
+ };
+
+ static struct phm_master_table_header tonga_thermal_start_thermal_controller_master = {
+@@ -545,10 +545,10 @@ static struct phm_master_table_header tonga_thermal_start_thermal_controller_mas
+ };
+
+ static struct phm_master_table_item tonga_thermal_set_temperature_range_master_list[] = {
+- { NULL, tf_tonga_thermal_disable_alert},
+- { NULL, tf_tonga_thermal_set_temperature_range},
+- { NULL, tf_tonga_thermal_enable_alert},
+- { NULL, NULL }
++ { .tableFunction = tf_tonga_thermal_disable_alert},
++ { .tableFunction = tf_tonga_thermal_set_temperature_range},
++ { .tableFunction = tf_tonga_thermal_enable_alert},
++ { }
+ };
+
+ struct phm_master_table_header tonga_thermal_set_temperature_range_master = {
diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
index 8b2becd..2d8f572 100644
--- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
@@ -48656,6 +48912,29 @@ index c13fb5b..55a3802 100644
return -EFAULT;
*off += size;
+diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
+index 2f1ddca..700145b 100644
+--- a/drivers/hid/usbhid/hiddev.c
++++ b/drivers/hid/usbhid/hiddev.c
+@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
+ goto inval;
+ } else if (uref->usage_index >= field->report_count)
+ goto inval;
+-
+- else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
+- (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
+- uref->usage_index + uref_multi->num_values > field->report_count))
+- goto inval;
+ }
+
++ if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
++ (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
++ uref->usage_index + uref_multi->num_values > field->report_count))
++ goto inval;
++
+ switch (cmd) {
+ case HIDIOCGUSAGE:
+ uref->value = field->value[uref->usage_index];
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 1161d68..7a42e2c 100644
--- a/drivers/hv/channel.c
@@ -48681,27 +48960,76 @@ index 1161d68..7a42e2c 100644
packetlen_aligned = ALIGN(packetlen, sizeof(u64));
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 11bca51..17bdc9b 100644
+index 11bca51..360c83e 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
-@@ -95,7 +95,7 @@ u64 hv_do_hypercall(u64 control, void *input, void *output)
+@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = {
+ };
+ #endif
+
++extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE);
++asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;");
+
+ /*
+ * hv_init - Main initialization routine.
+@@ -193,7 +195,6 @@ int hv_init(void)
{
- u64 input_address = (input) ? virt_to_phys(input) : 0;
- u64 output_address = (output) ? virt_to_phys(output) : 0;
-- void *hypercall_page = hv_context.hypercall_page;
-+ void *hypercall_page = (void *)ktva_ktla((unsigned long)hv_context.hypercall_page);
- #ifdef CONFIG_X86_64
- u64 hv_status = 0;
+ int max_leaf;
+ union hv_x64_msr_hypercall_contents hypercall_msr;
+- void *virtaddr = NULL;
-@@ -218,7 +218,7 @@ int hv_init(void)
+ memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
+ memset(hv_context.synic_message_page, 0,
+@@ -218,14 +219,9 @@ int hv_init(void)
/* See if the hypercall page is already set */
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
-+ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
+-
+- if (!virtaddr)
+- goto cleanup;
+-
+ hypercall_msr.enable = 1;
- if (!virtaddr)
+- hypercall_msr.guest_physical_address = vmalloc_to_pfn(virtaddr);
++ hypercall_msr.guest_physical_address = __phys_to_pfn(__pa(ktla_ktva((unsigned long)hv_hypercall_page)));
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+
+ /* Confirm that hypercall page did get setup. */
+@@ -235,7 +231,7 @@ int hv_init(void)
+ if (!hypercall_msr.enable)
goto cleanup;
+
+- hv_context.hypercall_page = virtaddr;
++ hv_context.hypercall_page = hv_hypercall_page;
+
+ #ifdef CONFIG_X86_64
+ if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
+@@ -259,13 +255,9 @@ int hv_init(void)
+ return 0;
+
+ cleanup:
+- if (virtaddr) {
+- if (hypercall_msr.enable) {
+- hypercall_msr.as_uint64 = 0;
+- wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+- }
+-
+- vfree(virtaddr);
++ if (hypercall_msr.enable) {
++ hypercall_msr.as_uint64 = 0;
++ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+ }
+
+ return -ENOTSUPP;
+@@ -286,7 +278,6 @@ void hv_cleanup(void)
+ if (hv_context.hypercall_page) {
+ hypercall_msr.as_uint64 = 0;
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+- vfree(hv_context.hypercall_page);
+ hv_context.hypercall_page = NULL;
+ }
+
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
index b853b4b..3647b37 100644
--- a/drivers/hv/hv_balloon.c
@@ -67848,10 +68176,25 @@ index 3f155e7..0f4b1f0 100644
&proc_bus_pci_dev_operations);
proc_initialized = 1;
diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
-index 7796d0a..c83b0ae 100644
+index 7796d0a..2f9d2f6 100644
--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
-@@ -1115,7 +1115,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
+@@ -406,8 +406,12 @@ static void __assign_resources_sorted(struct list_head *head,
+
+ /* Update res in head list with add_size in realloc_head list */
+ list_for_each_entry_safe(dev_res, tmp_res, head, list) {
+- dev_res->res->end += get_res_add_size(realloc_head,
+- dev_res->res);
++ resource_size_t add_size = get_res_add_size(realloc_head, dev_res->res);
++
++ if (dev_res->res->start == 0 && dev_res->res->end == RESOURCE_SIZE_MAX)
++ dev_res->res->end = add_size - 1;
++ else
++ dev_res->res->end += get_res_add_size(realloc_head, dev_res->res);
+
+ /*
+ * There are two kinds of additional resources in the list:
+@@ -1115,7 +1119,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
return 0;
}
@@ -97715,7 +98058,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..50eef0a 100644
+index dcd4ac7..f651515 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -97924,7 +98267,14 @@ index dcd4ac7..50eef0a 100644
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -681,10 +727,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -675,20 +721,16 @@ int setup_arg_pages(struct linux_binprm *bprm,
+ stack_base = PAGE_ALIGN(stack_top - stack_base);
+
+ stack_shift = vma->vm_start - stack_base;
+- mm->arg_start = bprm->p - stack_shift;
++ mm->arg_end = mm->arg_start = bprm->p - stack_shift;
+ bprm->p = vma->vm_end - stack_shift;
+ #else
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
@@ -97935,6 +98285,11 @@ index dcd4ac7..50eef0a 100644
stack_shift = vma->vm_end - stack_top;
bprm->p -= stack_shift;
+- mm->arg_start = bprm->p;
++ mm->arg_end = mm->arg_start = bprm->p;
+ #endif
+
+ if (bprm->loader)
@@ -696,8 +738,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
bprm->exec -= stack_shift;
@@ -103205,7 +103560,7 @@ index 7824bfb..bddd8a4 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 4fb1691..a518f2e0 100644
+index 4fb1691..3077a5c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1516,6 +1516,9 @@ static int do_umount(struct mount *mnt, int flags)
@@ -103292,16 +103647,15 @@ index 4fb1691..a518f2e0 100644
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
INIT_LIST_HEAD(&new_ns->list);
-@@ -2778,7 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2778,6 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
return new_ns;
}
--struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
-+__latent_entropy struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
++__latent_entropy
+ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
struct user_namespace *user_ns, struct fs_struct *new_fs)
{
- struct mnt_namespace *new_ns;
-@@ -2899,8 +2918,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2899,8 +2919,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
@@ -103312,7 +103666,7 @@ index 4fb1691..a518f2e0 100644
{
int ret;
char *kernel_type;
-@@ -3006,6 +3025,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -3006,6 +3026,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -103324,7 +103678,7 @@ index 4fb1691..a518f2e0 100644
get_fs_root(current->fs, &root);
old_mp = lock_mount(&old);
error = PTR_ERR(old_mp);
-@@ -3324,7 +3348,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
+@@ -3324,7 +3349,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
@@ -106266,7 +106620,7 @@ index 4123551..813b403 100644
#endif /* _NFSD4_CURRENT_STATE_H */
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
-index 1580ea6..9c7f44f 100644
+index 1580ea6..5d74e50 100644
--- a/fs/nfsd/nfs2acl.c
+++ b/fs/nfsd/nfs2acl.c
@@ -27,9 +27,10 @@ nfsacld_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106296,6 +106650,47 @@ index 1580ea6..9c7f44f 100644
struct inode *inode;
svc_fh *fh;
__be32 nfserr = 0;
+@@ -104,22 +105,21 @@ static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp,
+ goto out;
+
+ inode = d_inode(fh->fh_dentry);
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+- error = -EOPNOTSUPP;
+- goto out_errno;
+- }
+
+ error = fh_want_write(fh);
+ if (error)
+ goto out_errno;
+
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++ fh_lock(fh);
++
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ if (error)
+- goto out_drop_write;
+- error = inode->i_op->set_acl(inode, argp->acl_default,
+- ACL_TYPE_DEFAULT);
++ goto out_drop_lock;
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+ if (error)
+- goto out_drop_write;
++ goto out_drop_lock;
++
++ fh_unlock(fh);
+
+ fh_drop_write(fh);
+
+@@ -131,7 +131,8 @@ out:
+ posix_acl_release(argp->acl_access);
+ posix_acl_release(argp->acl_default);
+ return nfserr;
+-out_drop_write:
++out_drop_lock:
++ fh_unlock(fh);
+ fh_drop_write(fh);
+ out_errno:
+ nfserr = nfserrno(error);
@@ -141,9 +142,10 @@ out_errno:
/*
* Check file attributes
@@ -106472,7 +106867,7 @@ index 1580ea6..9c7f44f 100644
sizeof(struct nfsd3_##rest##res), \
0, \
diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
-index 01df4cd..f11e111 100644
+index 01df4cd..36a8d76 100644
--- a/fs/nfsd/nfs3acl.c
+++ b/fs/nfsd/nfs3acl.c
@@ -26,9 +26,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106502,7 +106897,37 @@ index 01df4cd..f11e111 100644
struct inode *inode;
svc_fh *fh;
__be32 nfserr = 0;
-@@ -125,9 +126,10 @@ out:
+@@ -95,22 +96,20 @@ static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp,
+ goto out;
+
+ inode = d_inode(fh->fh_dentry);
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+- error = -EOPNOTSUPP;
+- goto out_errno;
+- }
+
+ error = fh_want_write(fh);
+ if (error)
+ goto out_errno;
+
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++ fh_lock(fh);
++
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ if (error)
+- goto out_drop_write;
+- error = inode->i_op->set_acl(inode, argp->acl_default,
+- ACL_TYPE_DEFAULT);
++ goto out_drop_lock;
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+
+-out_drop_write:
++out_drop_lock:
++ fh_unlock(fh);
+ fh_drop_write(fh);
+ out_errno:
+ nfserr = nfserrno(error);
+@@ -125,9 +124,10 @@ out:
/*
* XDR decode functions
*/
@@ -106515,7 +106940,7 @@ index 01df4cd..f11e111 100644
p = nfs3svc_decode_fh(p, &args->fh);
if (!p)
return 0;
-@@ -137,9 +139,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -137,9 +137,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
}
@@ -106528,7 +106953,7 @@ index 01df4cd..f11e111 100644
struct kvec *head = rqstp->rq_arg.head;
unsigned int base;
int n;
-@@ -168,9 +171,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -168,9 +169,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
*/
/* GETACL */
@@ -106541,7 +106966,7 @@ index 01df4cd..f11e111 100644
struct dentry *dentry = resp->fh.fh_dentry;
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
-@@ -213,9 +217,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -213,9 +215,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
}
/* SETACL */
@@ -106554,7 +106979,7 @@ index 01df4cd..f11e111 100644
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
return xdr_ressize_check(rqstp, p);
-@@ -224,9 +229,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -224,9 +227,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
/*
* XDR release functions
*/
@@ -106567,7 +106992,7 @@ index 01df4cd..f11e111 100644
fh_put(&resp->fh);
posix_acl_release(resp->acl_access);
posix_acl_release(resp->acl_default);
-@@ -240,10 +246,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
+@@ -240,10 +244,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
struct nfsd3_voidargs { int dummy; };
#define PROC(name, argt, rest, relt, cache, respsize) \
@@ -107598,6 +108023,45 @@ index 2246454..b866de8 100644
fh_put(&resp->fh1);
fh_put(&resp->fh2);
return 1;
+diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
+index 6adabd6..71292a0 100644
+--- a/fs/nfsd/nfs4acl.c
++++ b/fs/nfsd/nfs4acl.c
+@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ dentry = fhp->fh_dentry;
+ inode = d_inode(dentry);
+
+- if (!inode->i_op->set_acl || !IS_POSIXACL(inode))
+- return nfserr_attrnotsupp;
+-
+ if (S_ISDIR(inode->i_mode))
+ flags = NFS4_ACL_DIR;
+
+@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ if (host_error < 0)
+ goto out_nfserr;
+
+- host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS);
++ fh_lock(fhp);
++
++ host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl);
+ if (host_error < 0)
+- goto out_release;
++ goto out_drop_lock;
+
+ if (S_ISDIR(inode->i_mode)) {
+- host_error = inode->i_op->set_acl(inode, dpacl,
+- ACL_TYPE_DEFAULT);
++ host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl);
+ }
+
+-out_release:
++out_drop_lock:
++ fh_unlock(fhp);
++
+ posix_acl_release(pacl);
+ posix_acl_release(dpacl);
+ out_nfserr:
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 7389cb1..e031e30d 100644
--- a/fs/nfsd/nfs4callback.c
@@ -112182,7 +112646,7 @@ index ab8dad3..932cb27 100644
if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
-index 711dd51..e55fd79 100644
+index 711dd51..afa7a82 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -20,6 +20,7 @@
@@ -112262,6 +112726,74 @@ index 711dd51..e55fd79 100644
acl_e->e_gid =
make_kgid(user_ns,
le32_to_cpu(entry->e_id));
+@@ -786,39 +797,47 @@ posix_acl_xattr_get(const struct xattr_handler *handler,
+ return error;
+ }
+
++int
++set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
++{
++ if (!IS_POSIXACL(inode))
++ return -EOPNOTSUPP;
++ if (!inode->i_op->set_acl)
++ return -EOPNOTSUPP;
++
++ if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
++ return acl ? -EACCES : 0;
++ if (!inode_owner_or_capable(inode))
++ return -EPERM;
++
++ if (acl) {
++ int ret = posix_acl_valid(acl);
++ if (ret)
++ return ret;
++ }
++ return inode->i_op->set_acl(inode, acl, type);
++}
++EXPORT_SYMBOL(set_posix_acl);
++
+ static int
+ posix_acl_xattr_set(const struct xattr_handler *handler,
+- struct dentry *dentry, const char *name,
+- const void *value, size_t size, int flags)
++ struct dentry *dentry,
++ const char *name, const void *value,
++ size_t size, int flags)
+ {
+ struct inode *inode = d_backing_inode(dentry);
+ struct posix_acl *acl = NULL;
+ int ret;
+
+- if (!IS_POSIXACL(inode))
+- return -EOPNOTSUPP;
+- if (!inode->i_op->set_acl)
+- return -EOPNOTSUPP;
+-
+- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
+- return value ? -EACCES : 0;
+- if (!inode_owner_or_capable(inode))
+- return -EPERM;
++ if (strcmp(name, "") != 0)
++ return -EINVAL;
+
+ if (value) {
+ acl = posix_acl_from_xattr(&init_user_ns, value, size);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+-
+- if (acl) {
+- ret = posix_acl_valid(acl);
+- if (ret)
+- goto out;
+- }
+ }
+-
+- ret = inode->i_op->set_acl(inode, acl, handler->flags);
+-out:
++ ret = set_posix_acl(inode, handler->flags, acl);
+ posix_acl_release(acl);
+ return ret;
+ }
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
index 1ade120..a86f1a2 100644
--- a/fs/proc/Kconfig
@@ -128108,7 +128640,7 @@ index a76c917..75d6aeb 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
/*
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
-index eeae401..c108d27 100644
+index eeae401..985c04d 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -116,9 +116,9 @@
@@ -128124,7 +128656,7 @@ index eeae401..c108d27 100644
#define __maybe_unused __attribute__((unused))
#define __always_unused __attribute__((unused))
-@@ -184,9 +184,39 @@
+@@ -184,9 +184,41 @@
# define __compiletime_warning(message) __attribute__((warning(message)))
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -128153,9 +128685,11 @@ index eeae401..c108d27 100644
+#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
+#endif
+
++#ifndef __CHECKER__
+#ifdef LATENT_ENTROPY_PLUGIN
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
++#endif
+
+#ifdef INITIFY_PLUGIN
+#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
@@ -130605,34 +131139,24 @@ index ba7a9b0..33a0237 100644
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
extern void unregister_pppox_proto(int proto_num);
diff --git a/include/linux/init.h b/include/linux/init.h
-index b449f37..61005b3 100644
+index b449f37..3416791 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
-@@ -37,9 +37,17 @@
- * section.
- */
+@@ -39,7 +39,7 @@
-+#define add_init_latent_entropy __latent_entropy
-+
-+#ifdef CONFIG_MEMORY_HOTPLUG
-+#define add_meminit_latent_entropy
-+#else
-+#define add_meminit_latent_entropy __latent_entropy
-+#endif
-+
/* These are for everybody (although not all archs will actually
discard it in modules) */
-#define __init __section(.init.text) __cold notrace
-+#define __init __section(.init.text) __cold notrace add_init_latent_entropy
++#define __init __section(.init.text) __cold notrace __latent_entropy
#define __initdata __section(.init.data)
#define __initconst __constsection(.init.rodata)
#define __exitdata __section(.exit.data)
-@@ -92,7 +100,7 @@
+@@ -92,7 +92,7 @@
#define __exit __section(.exit.text) __exitused __cold notrace
/* Used for MEMORY_HOTPLUG */
-#define __meminit __section(.meminit.text) __cold notrace
-+#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy
++#define __meminit __section(.meminit.text) __cold notrace __latent_entropy
#define __meminitdata __section(.meminit.data)
#define __meminitconst __constsection(.meminit.rodata)
#define __memexit __section(.memexit.text) __exitused __cold notrace
@@ -132727,7 +133251,7 @@ index b2505ac..5f7ab55 100644
extern bool qid_valid(struct kqid qid);
diff --git a/include/linux/random.h b/include/linux/random.h
-index 9c29122..9112a5b9 100644
+index 9c29122..f94151b 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -18,9 +18,19 @@ struct random_ready_callback {
@@ -132735,14 +133259,14 @@ index 9c29122..9112a5b9 100644
extern void add_device_randomness(const void *, unsigned int);
+
++#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
+static inline void add_latent_entropy(void)
+{
-+
-+#ifdef LATENT_ENTROPY_PLUGIN
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+#endif
-+
+}
++#else
++static inline void add_latent_entropy(void) {}
++#endif
+
extern void add_input_randomness(unsigned int type, unsigned int code,
- unsigned int value);
@@ -134629,10 +135153,21 @@ index 00c9d68..bc0188b 100644
struct tty_ldisc {
diff --git a/include/linux/types.h b/include/linux/types.h
-index 70dd3df..c61727f 100644
+index 70dd3df..7950943 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
-@@ -176,10 +176,26 @@ typedef struct {
+@@ -160,8 +160,10 @@ typedef unsigned __bitwise__ oom_flags_t;
+
+ #ifdef CONFIG_PHYS_ADDR_T_64BIT
+ typedef u64 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULLONG_MAX
+ #else
+ typedef u32 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULONG_MAX
+ #endif
+
+ typedef phys_addr_t resource_size_t;
+@@ -176,10 +178,26 @@ typedef struct {
int counter;
} atomic_t;
@@ -136759,20 +137294,6 @@ index 2232080..ae4d217 100644
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-diff --git a/init/Makefile b/init/Makefile
-index 7bc47ee..6da2dc7 100644
---- a/init/Makefile
-+++ b/init/Makefile
-@@ -2,6 +2,9 @@
- # Makefile for the linux kernel.
- #
-
-+ccflags-y := $(GCC_PLUGINS_CFLAGS)
-+asflags-y := $(GCC_PLUGINS_AFLAGS)
-+
- obj-y := main.o version.o mounts.o
- ifneq ($(CONFIG_BLK_DEV_INITRD),y)
- obj-y += noinitramfs.o
diff --git a/init/do_mounts.c b/init/do_mounts.c
index dea5de9..497f996 100644
--- a/init/do_mounts.c
@@ -148942,7 +149463,7 @@ index 62bbf35..04d12eb 100644
struct bdi_writeback *wb = dtc->wb;
unsigned long write_bw = wb->avg_write_bandwidth;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 1d11790..1cc6074 100644
+index 1d11790..6d640cb 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -63,6 +63,7 @@
@@ -148990,7 +149511,6 @@ index 1d11790..1cc6074 100644
local_irq_restore(flags);
}
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
+bool __meminitdata extra_latent_entropy;
+
+static int __init setup_pax_extra_latent_entropy(char *str)
@@ -149000,6 +149520,7 @@ index 1d11790..1cc6074 100644
+}
+early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy);
+
++#ifdef LATENT_ENTROPY_PLUGIN
+volatile u64 latent_entropy __latent_entropy;
+EXPORT_SYMBOL(latent_entropy);
+#endif
@@ -149007,11 +149528,10 @@ index 1d11790..1cc6074 100644
static void __init __free_pages_boot_core(struct page *page,
unsigned long pfn, unsigned int order)
{
-@@ -1059,6 +1084,19 @@ static void __init __free_pages_boot_core(struct page *page,
+@@ -1059,6 +1084,21 @@ static void __init __free_pages_boot_core(struct page *page,
__ClearPageReserved(p);
set_page_count(p, 0);
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
+ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
+ u64 hash = 0;
+ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
@@ -149019,15 +149539,18 @@ index 1d11790..1cc6074 100644
+
+ for (index = 0; index < end; index++)
+ hash ^= hash + data[index];
++#ifdef LATENT_ENTROPY_PLUGIN
+ latent_entropy ^= hash;
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+ }
++#else
++ add_device_randomness((const void *)&hash, sizeof(hash));
+#endif
++ }
+
page_zone(page)->managed_pages += nr_pages;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -1115,7 +1153,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
+@@ -1115,7 +1155,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
}
#endif
@@ -149035,7 +149558,7 @@ index 1d11790..1cc6074 100644
void __init __free_pages_bootmem(struct page *page, unsigned long pfn,
unsigned int order)
{
-@@ -1419,9 +1456,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
+@@ -1419,9 +1458,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
kernel_map_pages(page, 1 << order, 1);
kasan_alloc_pages(page, order);
@@ -149047,7 +149570,7 @@ index 1d11790..1cc6074 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1955,8 +1994,9 @@ static void drain_pages(unsigned int cpu)
+@@ -1955,8 +1996,9 @@ static void drain_pages(unsigned int cpu)
* The CPU has to be pinned. When zone parameter is non-NULL, spill just
* the single zone's pages.
*/
@@ -149058,7 +149581,7 @@ index 1d11790..1cc6074 100644
int cpu = smp_processor_id();
if (zone)
-@@ -2016,8 +2056,7 @@ void drain_all_pages(struct zone *zone)
+@@ -2016,8 +2058,7 @@ void drain_all_pages(struct zone *zone)
else
cpumask_clear_cpu(cpu, &cpus_with_pcps);
}
@@ -149068,7 +149591,7 @@ index 1d11790..1cc6074 100644
}
#ifdef CONFIG_HIBERNATION
-@@ -2289,7 +2328,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -2289,7 +2330,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
}
__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
@@ -149077,7 +149600,7 @@ index 1d11790..1cc6074 100644
!test_bit(ZONE_FAIR_DEPLETED, &zone->flags))
set_bit(ZONE_FAIR_DEPLETED, &zone->flags);
-@@ -2506,7 +2545,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -2506,7 +2547,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -149086,7 +149609,7 @@ index 1d11790..1cc6074 100644
clear_bit(ZONE_FAIR_DEPLETED, &zone->flags);
} while (zone++ != preferred_zone);
}
-@@ -6100,7 +6139,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -6100,7 +6141,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -153559,6 +154082,33 @@ index 30d875d..760f4f1 100644
err_alloc:
return -ENOMEM;
}
+diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
+index c35fdfa..063ef67 100644
+--- a/net/ieee802154/core.c
++++ b/net/ieee802154/core.c
+@@ -110,7 +110,7 @@ struct wpan_phy *wpan_phy_idx_to_wpan_phy(int wpan_phy_idx)
+ struct wpan_phy *
+ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+ {
+- static atomic_t wpan_phy_counter = ATOMIC_INIT(0);
++ static atomic_unchecked_t wpan_phy_counter = ATOMIC_INIT(0);
+ struct cfg802154_registered_device *rdev;
+ size_t alloc_size;
+
+@@ -121,11 +121,11 @@ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+
+ rdev->ops = ops;
+
+- rdev->wpan_phy_idx = atomic_inc_return(&wpan_phy_counter);
++ rdev->wpan_phy_idx = atomic_inc_return_unchecked(&wpan_phy_counter);
+
+ if (unlikely(rdev->wpan_phy_idx < 0)) {
+ /* ugh, wrapped! */
+- atomic_dec(&wpan_phy_counter);
++ atomic_dec_unchecked(&wpan_phy_counter);
+ kfree(rdev);
+ return NULL;
+ }
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5c5db66..c10a4a2 100644
--- a/net/ipv4/af_inet.c
@@ -157793,7 +158343,7 @@ index 45da11a..ef3e5dc 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 6b94f0b..bb0cc8b 100644
+index 6b94f0b..03e9b12 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1581,7 +1581,7 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
@@ -157805,6 +158355,15 @@ index 6b94f0b..bb0cc8b 100644
{
int i, bucket, rc;
unsigned int hashsize, old_size;
+@@ -1780,7 +1780,7 @@ void nf_conntrack_init_end(void)
+
+ int nf_conntrack_init_net(struct net *net)
+ {
+- static atomic64_t unique_id;
++ static atomic64_unchecked_t unique_id;
+ int ret = -ENOMEM;
+ int cpu;
+
@@ -1804,7 +1804,7 @@ int nf_conntrack_init_net(struct net *net)
goto err_pcpu_lists;
@@ -161469,10 +162028,42 @@ index 805681a..17a7088 100644
.done = link->done,
};
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
-index 1db6d73..0819042 100644
+index 1db6d73..6e020e4 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
-@@ -146,7 +146,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
+@@ -107,16 +107,20 @@ as-option = $(call try-run,\
+ as-instr = $(call try-run,\
+ printf "%b\n" "$(1)" | $(CC) $(KBUILD_AFLAGS) -c -x assembler -o "$$TMP" -,$(2),$(3))
+
++# Do not attempt to build with gcc plugins during cc-option tests.
++# (And this uses delayed resolution so the flags will be up to date.)
++CC_OPTION_CFLAGS = $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
++
+ # cc-option
+ # Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
+
+ cc-option = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+
+ # cc-option-yn
+ # Usage: flag := $(call cc-option-yn,-march=winchip-c6)
+ cc-option-yn = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
+
+ # cc-option-align
+ # Prefix align with either -falign or -malign
+@@ -126,7 +130,7 @@ cc-option-align = $(subst -functions=0,,\
+ # cc-disable-warning
+ # Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable)
+ cc-disable-warning = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
+
+ # cc-name
+ # Expands to either gcc or clang
+@@ -146,7 +150,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
# cc-ldoption
# Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both)
cc-ldoption = $(call try-run,\
@@ -161482,17 +162073,15 @@ index 1db6d73..0819042 100644
# ld-option
# Usage: LDFLAGS += $(call ld-option, -X)
diff --git a/scripts/Makefile b/scripts/Makefile
-index fd0d53d..1471190 100644
+index fd0d53d..9364092 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
-@@ -44,6 +44,7 @@ subdir-y += mod
- subdir-$(CONFIG_SECURITY_SELINUX) += selinux
- subdir-$(CONFIG_DTC) += dtc
+@@ -46,4 +46,4 @@ subdir-$(CONFIG_DTC) += dtc
subdir-$(CONFIG_GDB_SCRIPTS) += gdb
-+subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
# Let clean descend into subdirs
- subdir- += basic kconfig package
+-subdir- += basic kconfig package
++subdir- += basic kconfig package gcc-plugins
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 2c47f9c..9d46008 100644
--- a/scripts/Makefile.build
@@ -161507,16 +162096,17 @@ index 2c47f9c..9d46008 100644
endif
diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean
-index 55c96cb..e4e88ab 100644
+index 55c96cb..50616ea 100644
--- a/scripts/Makefile.clean
+++ b/scripts/Makefile.clean
-@@ -38,7 +38,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn))
+@@ -38,7 +38,9 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn))
__clean-files := $(extra-y) $(extra-m) $(extra-) \
$(always) $(targets) $(clean-files) \
$(host-progs) \
- $(hostprogs-y) $(hostprogs-m) $(hostprogs-)
+ $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \
-+ $(hostlibs-y) $(hostlibs-m) $(hostlibs-)
++ $(hostlibs-y) $(hostlibs-m) $(hostlibs-) \
++ $(hostcxxlibs-y) $(hostcxxlibs-m)
__clean-files := $(filter-out $(no-clean-files), $(__clean-files))
@@ -161537,10 +162127,10 @@ index 53449a6..c1fd180 100644
warning-2 += -Wdisabled-optimization
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
new file mode 100644
-index 0000000..08d4e22
+index 0000000..97e7a48
--- /dev/null
+++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,96 @@
+ifdef CONFIG_GCC_PLUGINS
+ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
+ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
@@ -161568,13 +162158,19 @@ index 0000000..08d4e22
+
+ gcc-plugin-y += colorize_plugin.so
+
++ gcc-plugin-subdir-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin
+ gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin/size_overflow_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW) += -DSIZE_OVERFLOW_PLUGIN
+
++ gcc-plugin-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode
++
++
+ gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN
+ ifdef CONFIG_PAX_LATENT_ENTROPY
-+ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
++ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
+ endif
+
+ gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
@@ -161583,6 +162179,7 @@ index 0000000..08d4e22
+ gcc-plugin-y += initify_plugin.so
+ gcc-plugin-cflags-y += -DINITIFY_PLUGIN
+
++ gcc-plugin-subdir-$(CONFIG_PAX_RAP) += rap_plugin
+ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call
+# gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -fplugin-arg-rap_plugin-report=func,fptr,abs
@@ -161595,25 +162192,43 @@ index 0000000..08d4e22
+ GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
+ GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y)
+
++ export PLUGINCC GCC_PLUGIN GCC_PLUGIN_SUBDIR GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
+ export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS
+
++ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
++ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++ GCC_PLUGIN := $(gcc-plugin-y)
++ GCC_PLUGIN_SUBDIR := $(gcc-plugin-subdir-y)
++endif
++
++# If plugins aren't supported, abort the build before hard-to-read compiler
++# errors start getting spewed by the main build.
++PHONY += gcc-plugins-check
++gcc-plugins-check: FORCE
++ifdef CONFIG_GCC_PLUGINS
+ ifeq ($(PLUGINCC),)
+ ifneq ($(GCC_PLUGINS_CFLAGS),)
+ ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-+ PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
-+ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?)
++ $(Q)$(srctree)/scripts/gcc-plugin.sh --show-error "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" || true
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc installation does not support plugins, perhaps the necessary headers are missing?" >&2
+ else
-+ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc version does not support plugins, you should upgrade it to at least gcc 4.5" >&2
+ endif
-+ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure)
++ @echo "PAX_MEMORY_STACKLEAK and other features will be less secure" >&2 && exit 1
+ endif
+ endif
++endif
++ @:
+
-+ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++# Actually do the build, if requested.
++PHONY += gcc-plugins
++gcc-plugins: scripts_basic gcc-plugins-check
++ifdef CONFIG_GCC_PLUGINS
++ $(Q)$(MAKE) $(build)=scripts/gcc-plugins
+endif
++ @:
diff --git a/scripts/Makefile.host b/scripts/Makefile.host
-index 133edfa..3439bd8 100644
+index 133edfa..ac03751 100644
--- a/scripts/Makefile.host
+++ b/scripts/Makefile.host
@@ -20,7 +20,25 @@
@@ -161672,7 +162287,7 @@ index 133edfa..3439bd8 100644
host-objdirs := $(addprefix $(obj)/,$(host-objdirs))
obj-dirs += $(host-objdirs)
-@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
+@@ -124,5 +158,42 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE
$(call if_changed_dep,host-cxxobjs)
@@ -161684,6 +162299,9 @@ index 133edfa..3439bd8 100644
+ $(call if_changed_dep,host-cshobjs)
+
+# Compile .c file, create position independent .o file
++# Note that plugin capable gcc versions can be either C or C++ based
++# therefore plugin source files have to be compilable in both C and C++ mode.
++# This is why a C++ compiler is invoked on a .c file.
+# host-cxxshobjs -> .o
+quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@
+ cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $<
@@ -161698,7 +162316,7 @@ index 133edfa..3439bd8 100644
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
+$(host-cshlib): FORCE
+ $(call if_changed,host-cshlib)
-+$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs)
++$(call multi_depend, $(host-cshlib), .so, -objs)
+
+# Link a shared library, based on position independent .o files
+# *.o -> .so shared library (host-cxxshlib)
@@ -161708,7 +162326,7 @@ index 133edfa..3439bd8 100644
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
+$(host-cxxshlib): FORCE
+ $(call if_changed,host-cxxshlib)
-+$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs)
++$(call multi_depend, $(host-cxxshlib), .so, -objs)
+
targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\
- $(host-cxxmulti) $(host-cxxobjs)
@@ -161917,12 +162535,19 @@ index e229b84..7141e8e 100644
while (get_node_by_phandle(root, phandle))
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..fb92075
+index 0000000..b65224b
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,51 @@
+@@ -0,0 +1,65 @@
+#!/bin/sh
+srctree=$(dirname "$0")
++
++SHOW_ERROR=
++if [ "$1" = "--show-error" ] ; then
++ SHOW_ERROR=1
++ shift || true
++fi
++
+gccplugins_dir=$($3 -print-file-name=plugin)
+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
@@ -161936,6 +162561,9 @@ index 0000000..fb92075
+
+if [ $? -ne 0 ]
+then
++ if [ -n "$SHOW_ERROR" ] ; then
++ echo "${plugincc}" >&2
++ fi
+ exit 1
+fi
+
@@ -161971,6 +162599,10 @@ index 0000000..fb92075
+ echo "$2"
+ exit 0
+fi
++
++if [ -n "$SHOW_ERROR" ] ; then
++ echo "${plugincc}" >&2
++fi
+exit 1
diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore
new file mode 100644
@@ -161981,67 +162613,45 @@ index 0000000..de92ed9
+randomize_layout_seed.h
diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
new file mode 100644
-index 0000000..ad7ca02
+index 0000000..ec5bc00
--- /dev/null
+++ b/scripts/gcc-plugins/Makefile
-@@ -0,0 +1,57 @@
-+#CC := gcc
-+#PLUGIN_SOURCE_FILES := pax_plugin.c
-+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
-+GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
-+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99
+@@ -0,0 +1,35 @@
++GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
+
+ifeq ($(PLUGINCC),$(HOSTCC))
-+HOSTLIBS := hostlibs
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
-+export HOST_EXTRACFLAGS
++ HOSTLIBS := hostlibs
++ HOST_EXTRACFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
++ export HOST_EXTRACFLAGS
+else
-+HOSTLIBS := hostcxxlibs
-+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -fno-exceptions -fasynchronous-unwind-tables -ggdb -Wall -W -Wno-unused-parameter -Wno-narrowing -Wno-unused-variable
-+export HOST_EXTRACXXFLAGS
++ HOSTLIBS := hostcxxlibs
++ HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti
++ HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
++ HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable
++ HOST_EXTRACXXFLAGS += -Wall -W -Wno-unused-parameter
++ export HOST_EXTRACXXFLAGS
+endif
+
-+export GCCPLUGINS_DIR HOSTLIBS
-+
-+$(HOSTLIBS)-$(CONFIG_PAX_CONSTIFY_PLUGIN) := constify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
-+$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
-+$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
-+$(HOSTLIBS)-y += colorize_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
-+$(HOSTLIBS)-y += initify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so
-+
-+subdir-$(CONFIG_PAX_SIZE_OVERFLOW) := size_overflow_plugin
-+subdir- += size_overflow_plugin
-+
-+subdir-$(CONFIG_PAX_RAP) += rap_plugin
-+subdir- += rap_plugin
++export HOSTLIBS
+
++$(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p)))
+always := $($(HOSTLIBS)-y)
-+
-+constify_plugin-objs := constify_plugin.o
-+stackleak_plugin-objs := stackleak_plugin.o
-+kallocstat_plugin-objs := kallocstat_plugin.o
-+kernexec_plugin-objs := kernexec_plugin.o
-+checker_plugin-objs := checker_plugin.o
-+colorize_plugin-objs := colorize_plugin.o
-+latent_entropy_plugin-objs := latent_entropy_plugin.o
-+structleak_plugin-objs := structleak_plugin.o
-+initify_plugin-objs := initify_plugin.o
-+randomize_layout_plugin-objs := randomize_layout_plugin.o
++$(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o))
+
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
+
+quiet_cmd_create_randomize_layout_seed = GENSEED $@
-+ cmd_create_randomize_layout_seed = \
++ cmd_create_randomize_layout_seed = \
+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
+ $(call if_changed,create_randomize_layout_seed)
-+
++
+targets += randomize_layout_seed.h randomize_layout_hash.h
++
++subdir-y := $(GCC_PLUGIN_SUBDIR)
++subdir- += $(GCC_PLUGIN_SUBDIR)
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c
new file mode 100644
index 0000000..efaf576
@@ -167639,14 +168249,16 @@ index 0000000..a716d7a
+}
diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile
new file mode 100644
-index 0000000..8171be8
+index 0000000..f2a0a03
--- /dev/null
+++ b/scripts/gcc-plugins/rap_plugin/Makefile
-@@ -0,0 +1,4 @@
+@@ -0,0 +1,6 @@
+$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so
+always := $($(HOSTLIBS)-y)
+
+rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c))
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h
new file mode 100644
index 0000000..f6a284d
@@ -168933,10 +169545,10 @@ index 0000000..c4b24b9
+size_overflow_hash_aux.h
diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile
new file mode 100644
-index 0000000..f74d85a
+index 0000000..a6418b4
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,30 @@
+HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf)
+
+$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so
@@ -168965,6 +169577,8 @@ index 0000000..f74d85a
+ $(call if_changed,build_disable_size_overflow_hash)
+
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
index 0000000..e0a04a1
@@ -210718,10 +211332,10 @@ index 23ba1c6..cad2484 100755
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index e452378..8059bd2 100644
+index e452378..e634654 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,993 @@
+@@ -4,6 +4,994 @@
menu "Security options"
@@ -211673,7 +212287,8 @@ index e452378..8059bd2 100644
+ extract some entropy from both original and artificially created
+ program state. This will help especially embedded systems where
+ there is little 'natural' source of entropy normally. The cost
-+ is some slowdown of the boot process and fork and irq processing.
++ is some slowdown of the boot process (about 0.5%) and fork and
++ irq processing.
+
+ When pax_extra_latent_entropy is passed on the kernel command line,
+ entropy will be extracted from up to the first 4GB of RAM while the
@@ -211715,7 +212330,7 @@ index e452378..8059bd2 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1091,7 @@ config INTEL_TXT
+@@ -104,7 +1092,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX