Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.46/, 3.14.45/, 4.0.7/, 4.0.6/, 3.2.69/
Date: Wed, 01 Jul 2015 22:14:37
Message-Id: 1435788979.a6229b99579efd5285746356612b4c3e70b6c407.blueness@gentoo
1 commit: a6229b99579efd5285746356612b4c3e70b6c407
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jul 1 22:16:19 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Jul 1 22:16:19 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=a6229b99
7
8 Grsec/PaX: 3.1-{3.2.69,3.14.46,4.0.7}-201506300712
9
10 {4.0.6 => 3.14.46}/0000_README | 6 +-
11 3.14.46/1045_linux-3.14.46.patch | 829 +++++++++++++++++++++
12 .../4420_grsecurity-3.1-3.14.46-201506300711.patch | 270 ++-----
13 {4.0.6 => 3.14.46}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 .../4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 .../4470_disable-compat_vdso.patch | 0
21 {4.0.6 => 3.14.46}/4475_emutramp_default_on.patch | 0
22 3.2.69/0000_README | 2 +-
23 ... 4420_grsecurity-3.1-3.2.69-201506300708.patch} | 69 +-
24 {3.14.45 => 4.0.7}/0000_README | 6 +-
25 4.0.7/1006_linux-4.0.7.patch | 707 ++++++++++++++++++
26 .../4420_grsecurity-3.1-4.0.7-201506300712.patch | 235 ++----
27 {3.14.45 => 4.0.7}/4425_grsec_remove_EI_PAX.patch | 0
28 {4.0.6 => 4.0.7}/4427_force_XATTR_PAX_tmpfs.patch | 0
29 .../4430_grsec-remove-localversion-grsec.patch | 0
30 {4.0.6 => 4.0.7}/4435_grsec-mute-warnings.patch | 0
31 .../4440_grsec-remove-protected-paths.patch | 0
32 .../4450_grsec-kconfig-default-gids.patch | 0
33 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
34 {4.0.6 => 4.0.7}/4470_disable-compat_vdso.patch | 0
35 {3.14.45 => 4.0.7}/4475_emutramp_default_on.patch | 0
36 26 files changed, 1725 insertions(+), 399 deletions(-)
37
38 diff --git a/4.0.6/0000_README b/3.14.46/0000_README
39 similarity index 92%
40 rename from 4.0.6/0000_README
41 rename to 3.14.46/0000_README
42 index 67f188e..de59c28 100644
43 --- a/4.0.6/0000_README
44 +++ b/3.14.46/0000_README
45 @@ -2,7 +2,11 @@ README
46 -----------------------------------------------------------------------------
47 Individual Patch Descriptions:
48 -----------------------------------------------------------------------------
49 -Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch
50 +Patch: 1045_linux-3.14.46.patch
51 +From: http://www.kernel.org
52 +Desc: Linux 3.14.46
53 +
54 +Patch: 4420_grsecurity-3.1-3.14.46-201506300711.patch
55 From: http://www.grsecurity.net
56 Desc: hardened-sources base patch from upstream grsecurity
57
58
59 diff --git a/3.14.46/1045_linux-3.14.46.patch b/3.14.46/1045_linux-3.14.46.patch
60 new file mode 100644
61 index 0000000..12790dc
62 --- /dev/null
63 +++ b/3.14.46/1045_linux-3.14.46.patch
64 @@ -0,0 +1,829 @@
65 +diff --git a/Makefile b/Makefile
66 +index c92186c..def39fd 100644
67 +--- a/Makefile
68 ++++ b/Makefile
69 +@@ -1,6 +1,6 @@
70 + VERSION = 3
71 + PATCHLEVEL = 14
72 +-SUBLEVEL = 45
73 ++SUBLEVEL = 46
74 + EXTRAVERSION =
75 + NAME = Remembering Coco
76 +
77 +diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h
78 +index 09af149..530f56e 100644
79 +--- a/arch/arm/include/asm/kvm_host.h
80 ++++ b/arch/arm/include/asm/kvm_host.h
81 +@@ -42,7 +42,7 @@
82 +
83 + struct kvm_vcpu;
84 + u32 *kvm_vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num, u32 mode);
85 +-int kvm_target_cpu(void);
86 ++int __attribute_const__ kvm_target_cpu(void);
87 + int kvm_reset_vcpu(struct kvm_vcpu *vcpu);
88 + void kvm_reset_coprocs(struct kvm_vcpu *vcpu);
89 +
90 +diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h
91 +index 7b362bc..0cbdb8e 100644
92 +--- a/arch/arm/include/asm/kvm_mmu.h
93 ++++ b/arch/arm/include/asm/kvm_mmu.h
94 +@@ -127,6 +127,18 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
95 + (__boundary - 1 < (end) - 1)? __boundary: (end); \
96 + })
97 +
98 ++static inline bool kvm_page_empty(void *ptr)
99 ++{
100 ++ struct page *ptr_page = virt_to_page(ptr);
101 ++ return page_count(ptr_page) == 1;
102 ++}
103 ++
104 ++
105 ++#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep)
106 ++#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp)
107 ++#define kvm_pud_table_empty(pudp) (0)
108 ++
109 ++
110 + struct kvm;
111 +
112 + #define kvm_flush_dcache_to_poc(a,l) __cpuc_flush_dcache_area((a), (l))
113 +diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S
114 +index 797b1a6..7e666cf 100644
115 +--- a/arch/arm/kernel/hyp-stub.S
116 ++++ b/arch/arm/kernel/hyp-stub.S
117 +@@ -134,9 +134,7 @@ ENTRY(__hyp_stub_install_secondary)
118 + mcr p15, 4, r7, c1, c1, 3 @ HSTR
119 +
120 + THUMB( orr r7, #(1 << 30) ) @ HSCTLR.TE
121 +-#ifdef CONFIG_CPU_BIG_ENDIAN
122 +- orr r7, #(1 << 9) @ HSCTLR.EE
123 +-#endif
124 ++ARM_BE8(orr r7, r7, #(1 << 25)) @ HSCTLR.EE
125 + mcr p15, 4, r7, c1, c0, 0 @ HSCTLR
126 +
127 + mrc p15, 4, r7, c1, c1, 1 @ HDCR
128 +diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
129 +index bd18bb8..df6e75e 100644
130 +--- a/arch/arm/kvm/arm.c
131 ++++ b/arch/arm/kvm/arm.c
132 +@@ -82,7 +82,7 @@ struct kvm_vcpu *kvm_arm_get_running_vcpu(void)
133 + /**
134 + * kvm_arm_get_running_vcpus - get the per-CPU array of currently running vcpus.
135 + */
136 +-struct kvm_vcpu __percpu **kvm_get_running_vcpus(void)
137 ++struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void)
138 + {
139 + return &kvm_arm_running_vcpu;
140 + }
141 +@@ -155,16 +155,6 @@ int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf)
142 + return VM_FAULT_SIGBUS;
143 + }
144 +
145 +-void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
146 +- struct kvm_memory_slot *dont)
147 +-{
148 +-}
149 +-
150 +-int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
151 +- unsigned long npages)
152 +-{
153 +- return 0;
154 +-}
155 +
156 + /**
157 + * kvm_arch_destroy_vm - destroy the VM data structure
158 +@@ -224,33 +214,6 @@ long kvm_arch_dev_ioctl(struct file *filp,
159 + return -EINVAL;
160 + }
161 +
162 +-void kvm_arch_memslots_updated(struct kvm *kvm)
163 +-{
164 +-}
165 +-
166 +-int kvm_arch_prepare_memory_region(struct kvm *kvm,
167 +- struct kvm_memory_slot *memslot,
168 +- struct kvm_userspace_memory_region *mem,
169 +- enum kvm_mr_change change)
170 +-{
171 +- return 0;
172 +-}
173 +-
174 +-void kvm_arch_commit_memory_region(struct kvm *kvm,
175 +- struct kvm_userspace_memory_region *mem,
176 +- const struct kvm_memory_slot *old,
177 +- enum kvm_mr_change change)
178 +-{
179 +-}
180 +-
181 +-void kvm_arch_flush_shadow_all(struct kvm *kvm)
182 +-{
183 +-}
184 +-
185 +-void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
186 +- struct kvm_memory_slot *slot)
187 +-{
188 +-}
189 +
190 + struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id)
191 + {
192 +diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c
193 +index c58a351..7c73290 100644
194 +--- a/arch/arm/kvm/coproc.c
195 ++++ b/arch/arm/kvm/coproc.c
196 +@@ -742,7 +742,7 @@ static bool is_valid_cache(u32 val)
197 + u32 level, ctype;
198 +
199 + if (val >= CSSELR_MAX)
200 +- return -ENOENT;
201 ++ return false;
202 +
203 + /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */
204 + level = (val >> 1);
205 +diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c
206 +index c93ef38..70ed2c1 100644
207 +--- a/arch/arm/kvm/mmu.c
208 ++++ b/arch/arm/kvm/mmu.c
209 +@@ -90,103 +90,115 @@ static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc)
210 + return p;
211 + }
212 +
213 +-static bool page_empty(void *ptr)
214 ++static void clear_pgd_entry(struct kvm *kvm, pgd_t *pgd, phys_addr_t addr)
215 + {
216 +- struct page *ptr_page = virt_to_page(ptr);
217 +- return page_count(ptr_page) == 1;
218 ++ pud_t *pud_table __maybe_unused = pud_offset(pgd, 0);
219 ++ pgd_clear(pgd);
220 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
221 ++ pud_free(NULL, pud_table);
222 ++ put_page(virt_to_page(pgd));
223 + }
224 +
225 + static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr)
226 + {
227 +- if (pud_huge(*pud)) {
228 +- pud_clear(pud);
229 +- kvm_tlb_flush_vmid_ipa(kvm, addr);
230 +- } else {
231 +- pmd_t *pmd_table = pmd_offset(pud, 0);
232 +- pud_clear(pud);
233 +- kvm_tlb_flush_vmid_ipa(kvm, addr);
234 +- pmd_free(NULL, pmd_table);
235 +- }
236 ++ pmd_t *pmd_table = pmd_offset(pud, 0);
237 ++ VM_BUG_ON(pud_huge(*pud));
238 ++ pud_clear(pud);
239 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
240 ++ pmd_free(NULL, pmd_table);
241 + put_page(virt_to_page(pud));
242 + }
243 +
244 + static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr)
245 + {
246 +- if (kvm_pmd_huge(*pmd)) {
247 +- pmd_clear(pmd);
248 +- kvm_tlb_flush_vmid_ipa(kvm, addr);
249 +- } else {
250 +- pte_t *pte_table = pte_offset_kernel(pmd, 0);
251 +- pmd_clear(pmd);
252 +- kvm_tlb_flush_vmid_ipa(kvm, addr);
253 +- pte_free_kernel(NULL, pte_table);
254 +- }
255 ++ pte_t *pte_table = pte_offset_kernel(pmd, 0);
256 ++ VM_BUG_ON(kvm_pmd_huge(*pmd));
257 ++ pmd_clear(pmd);
258 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
259 ++ pte_free_kernel(NULL, pte_table);
260 + put_page(virt_to_page(pmd));
261 + }
262 +
263 +-static void clear_pte_entry(struct kvm *kvm, pte_t *pte, phys_addr_t addr)
264 ++static void unmap_ptes(struct kvm *kvm, pmd_t *pmd,
265 ++ phys_addr_t addr, phys_addr_t end)
266 + {
267 +- if (pte_present(*pte)) {
268 +- kvm_set_pte(pte, __pte(0));
269 +- put_page(virt_to_page(pte));
270 +- kvm_tlb_flush_vmid_ipa(kvm, addr);
271 ++ phys_addr_t start_addr = addr;
272 ++ pte_t *pte, *start_pte;
273 ++
274 ++ start_pte = pte = pte_offset_kernel(pmd, addr);
275 ++ do {
276 ++ if (!pte_none(*pte)) {
277 ++ kvm_set_pte(pte, __pte(0));
278 ++ put_page(virt_to_page(pte));
279 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
280 ++ }
281 ++ } while (pte++, addr += PAGE_SIZE, addr != end);
282 ++
283 ++ if (kvm_pte_table_empty(start_pte))
284 ++ clear_pmd_entry(kvm, pmd, start_addr);
285 + }
286 +-}
287 +
288 +-static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
289 +- unsigned long long start, u64 size)
290 ++static void unmap_pmds(struct kvm *kvm, pud_t *pud,
291 ++ phys_addr_t addr, phys_addr_t end)
292 + {
293 +- pgd_t *pgd;
294 +- pud_t *pud;
295 +- pmd_t *pmd;
296 +- pte_t *pte;
297 +- unsigned long long addr = start, end = start + size;
298 +- u64 next;
299 +-
300 +- while (addr < end) {
301 +- pgd = pgdp + pgd_index(addr);
302 +- pud = pud_offset(pgd, addr);
303 +- if (pud_none(*pud)) {
304 +- addr = kvm_pud_addr_end(addr, end);
305 +- continue;
306 +- }
307 ++ phys_addr_t next, start_addr = addr;
308 ++ pmd_t *pmd, *start_pmd;
309 +
310 +- if (pud_huge(*pud)) {
311 +- /*
312 +- * If we are dealing with a huge pud, just clear it and
313 +- * move on.
314 +- */
315 +- clear_pud_entry(kvm, pud, addr);
316 +- addr = kvm_pud_addr_end(addr, end);
317 +- continue;
318 ++ start_pmd = pmd = pmd_offset(pud, addr);
319 ++ do {
320 ++ next = kvm_pmd_addr_end(addr, end);
321 ++ if (!pmd_none(*pmd)) {
322 ++ if (kvm_pmd_huge(*pmd)) {
323 ++ pmd_clear(pmd);
324 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
325 ++ put_page(virt_to_page(pmd));
326 ++ } else {
327 ++ unmap_ptes(kvm, pmd, addr, next);
328 ++ }
329 + }
330 ++ } while (pmd++, addr = next, addr != end);
331 +
332 +- pmd = pmd_offset(pud, addr);
333 +- if (pmd_none(*pmd)) {
334 +- addr = kvm_pmd_addr_end(addr, end);
335 +- continue;
336 +- }
337 ++ if (kvm_pmd_table_empty(start_pmd))
338 ++ clear_pud_entry(kvm, pud, start_addr);
339 ++}
340 +
341 +- if (!kvm_pmd_huge(*pmd)) {
342 +- pte = pte_offset_kernel(pmd, addr);
343 +- clear_pte_entry(kvm, pte, addr);
344 +- next = addr + PAGE_SIZE;
345 +- }
346 ++static void unmap_puds(struct kvm *kvm, pgd_t *pgd,
347 ++ phys_addr_t addr, phys_addr_t end)
348 ++{
349 ++ phys_addr_t next, start_addr = addr;
350 ++ pud_t *pud, *start_pud;
351 +
352 +- /*
353 +- * If the pmd entry is to be cleared, walk back up the ladder
354 +- */
355 +- if (kvm_pmd_huge(*pmd) || page_empty(pte)) {
356 +- clear_pmd_entry(kvm, pmd, addr);
357 +- next = kvm_pmd_addr_end(addr, end);
358 +- if (page_empty(pmd) && !page_empty(pud)) {
359 +- clear_pud_entry(kvm, pud, addr);
360 +- next = kvm_pud_addr_end(addr, end);
361 ++ start_pud = pud = pud_offset(pgd, addr);
362 ++ do {
363 ++ next = kvm_pud_addr_end(addr, end);
364 ++ if (!pud_none(*pud)) {
365 ++ if (pud_huge(*pud)) {
366 ++ pud_clear(pud);
367 ++ kvm_tlb_flush_vmid_ipa(kvm, addr);
368 ++ put_page(virt_to_page(pud));
369 ++ } else {
370 ++ unmap_pmds(kvm, pud, addr, next);
371 + }
372 + }
373 ++ } while (pud++, addr = next, addr != end);
374 +
375 +- addr = next;
376 +- }
377 ++ if (kvm_pud_table_empty(start_pud))
378 ++ clear_pgd_entry(kvm, pgd, start_addr);
379 ++}
380 ++
381 ++
382 ++static void unmap_range(struct kvm *kvm, pgd_t *pgdp,
383 ++ phys_addr_t start, u64 size)
384 ++{
385 ++ pgd_t *pgd;
386 ++ phys_addr_t addr = start, end = start + size;
387 ++ phys_addr_t next;
388 ++
389 ++ pgd = pgdp + pgd_index(addr);
390 ++ do {
391 ++ next = kvm_pgd_addr_end(addr, end);
392 ++ unmap_puds(kvm, pgd, addr, next);
393 ++ } while (pgd++, addr = next, addr != end);
394 + }
395 +
396 + static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd,
397 +@@ -747,6 +759,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
398 + struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache;
399 + struct vm_area_struct *vma;
400 + pfn_t pfn;
401 ++ pgprot_t mem_type = PAGE_S2;
402 +
403 + write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu));
404 + if (fault_status == FSC_PERM && !write_fault) {
405 +@@ -797,6 +810,9 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
406 + if (is_error_pfn(pfn))
407 + return -EFAULT;
408 +
409 ++ if (kvm_is_mmio_pfn(pfn))
410 ++ mem_type = PAGE_S2_DEVICE;
411 ++
412 + spin_lock(&kvm->mmu_lock);
413 + if (mmu_notifier_retry(kvm, mmu_seq))
414 + goto out_unlock;
415 +@@ -804,7 +820,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
416 + hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa);
417 +
418 + if (hugetlb) {
419 +- pmd_t new_pmd = pfn_pmd(pfn, PAGE_S2);
420 ++ pmd_t new_pmd = pfn_pmd(pfn, mem_type);
421 + new_pmd = pmd_mkhuge(new_pmd);
422 + if (writable) {
423 + kvm_set_s2pmd_writable(&new_pmd);
424 +@@ -813,13 +829,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa,
425 + coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE);
426 + ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd);
427 + } else {
428 +- pte_t new_pte = pfn_pte(pfn, PAGE_S2);
429 ++ pte_t new_pte = pfn_pte(pfn, mem_type);
430 + if (writable) {
431 + kvm_set_s2pte_writable(&new_pte);
432 + kvm_set_pfn_dirty(pfn);
433 + }
434 + coherent_cache_guest_page(vcpu, hva, PAGE_SIZE);
435 +- ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, false);
436 ++ ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte,
437 ++ mem_type == PAGE_S2_DEVICE);
438 + }
439 +
440 +
441 +@@ -1099,3 +1116,49 @@ out:
442 + free_hyp_pgds();
443 + return err;
444 + }
445 ++
446 ++void kvm_arch_commit_memory_region(struct kvm *kvm,
447 ++ struct kvm_userspace_memory_region *mem,
448 ++ const struct kvm_memory_slot *old,
449 ++ enum kvm_mr_change change)
450 ++{
451 ++ gpa_t gpa = old->base_gfn << PAGE_SHIFT;
452 ++ phys_addr_t size = old->npages << PAGE_SHIFT;
453 ++ if (change == KVM_MR_DELETE || change == KVM_MR_MOVE) {
454 ++ spin_lock(&kvm->mmu_lock);
455 ++ unmap_stage2_range(kvm, gpa, size);
456 ++ spin_unlock(&kvm->mmu_lock);
457 ++ }
458 ++}
459 ++
460 ++int kvm_arch_prepare_memory_region(struct kvm *kvm,
461 ++ struct kvm_memory_slot *memslot,
462 ++ struct kvm_userspace_memory_region *mem,
463 ++ enum kvm_mr_change change)
464 ++{
465 ++ return 0;
466 ++}
467 ++
468 ++void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free,
469 ++ struct kvm_memory_slot *dont)
470 ++{
471 ++}
472 ++
473 ++int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot,
474 ++ unsigned long npages)
475 ++{
476 ++ return 0;
477 ++}
478 ++
479 ++void kvm_arch_memslots_updated(struct kvm *kvm)
480 ++{
481 ++}
482 ++
483 ++void kvm_arch_flush_shadow_all(struct kvm *kvm)
484 ++{
485 ++}
486 ++
487 ++void kvm_arch_flush_shadow_memslot(struct kvm *kvm,
488 ++ struct kvm_memory_slot *slot)
489 ++{
490 ++}
491 +diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h
492 +index 0a1d697..3fb0946 100644
493 +--- a/arch/arm64/include/asm/kvm_host.h
494 ++++ b/arch/arm64/include/asm/kvm_host.h
495 +@@ -42,7 +42,7 @@
496 + #define KVM_VCPU_MAX_FEATURES 2
497 +
498 + struct kvm_vcpu;
499 +-int kvm_target_cpu(void);
500 ++int __attribute_const__ kvm_target_cpu(void);
501 + int kvm_reset_vcpu(struct kvm_vcpu *vcpu);
502 + int kvm_arch_dev_ioctl_check_extension(long ext);
503 +
504 +@@ -177,7 +177,7 @@ static inline int kvm_test_age_hva(struct kvm *kvm, unsigned long hva)
505 + }
506 +
507 + struct kvm_vcpu *kvm_arm_get_running_vcpu(void);
508 +-struct kvm_vcpu __percpu **kvm_get_running_vcpus(void);
509 ++struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void);
510 +
511 + u64 kvm_call_hyp(void *hypfn, ...);
512 +
513 +diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h
514 +index 7d29847..8e138c7 100644
515 +--- a/arch/arm64/include/asm/kvm_mmu.h
516 ++++ b/arch/arm64/include/asm/kvm_mmu.h
517 +@@ -125,6 +125,21 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd)
518 + #define kvm_pud_addr_end(addr, end) pud_addr_end(addr, end)
519 + #define kvm_pmd_addr_end(addr, end) pmd_addr_end(addr, end)
520 +
521 ++static inline bool kvm_page_empty(void *ptr)
522 ++{
523 ++ struct page *ptr_page = virt_to_page(ptr);
524 ++ return page_count(ptr_page) == 1;
525 ++}
526 ++
527 ++#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep)
528 ++#ifndef CONFIG_ARM64_64K_PAGES
529 ++#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp)
530 ++#else
531 ++#define kvm_pmd_table_empty(pmdp) (0)
532 ++#endif
533 ++#define kvm_pud_table_empty(pudp) (0)
534 ++
535 ++
536 + struct kvm;
537 +
538 + #define kvm_flush_dcache_to_poc(a,l) __flush_dcache_area((a), (l))
539 +diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S
540 +index b0d1512..5dfc8331 100644
541 +--- a/arch/arm64/kvm/hyp.S
542 ++++ b/arch/arm64/kvm/hyp.S
543 +@@ -830,7 +830,7 @@ el1_trap:
544 + mrs x2, far_el2
545 +
546 + 2: mrs x0, tpidr_el2
547 +- str x1, [x0, #VCPU_ESR_EL2]
548 ++ str w1, [x0, #VCPU_ESR_EL2]
549 + str x2, [x0, #VCPU_FAR_EL2]
550 + str x3, [x0, #VCPU_HPFAR_EL2]
551 +
552 +diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c
553 +index 0324458..7691b25 100644
554 +--- a/arch/arm64/kvm/sys_regs.c
555 ++++ b/arch/arm64/kvm/sys_regs.c
556 +@@ -836,7 +836,7 @@ static bool is_valid_cache(u32 val)
557 + u32 level, ctype;
558 +
559 + if (val >= CSSELR_MAX)
560 +- return -ENOENT;
561 ++ return false;
562 +
563 + /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */
564 + level = (val >> 1);
565 +@@ -962,7 +962,7 @@ static unsigned int num_demux_regs(void)
566 +
567 + static int write_demux_regids(u64 __user *uindices)
568 + {
569 +- u64 val = KVM_REG_ARM | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX;
570 ++ u64 val = KVM_REG_ARM64 | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX;
571 + unsigned int i;
572 +
573 + val |= KVM_REG_ARM_DEMUX_ID_CCSIDR;
574 +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
575 +index 26b03e1..8ff2b3c 100644
576 +--- a/drivers/bluetooth/ath3k.c
577 ++++ b/drivers/bluetooth/ath3k.c
578 +@@ -79,6 +79,7 @@ static const struct usb_device_id ath3k_table[] = {
579 + { USB_DEVICE(0x0489, 0xe057) },
580 + { USB_DEVICE(0x0489, 0xe056) },
581 + { USB_DEVICE(0x0489, 0xe05f) },
582 ++ { USB_DEVICE(0x0489, 0xe076) },
583 + { USB_DEVICE(0x0489, 0xe078) },
584 + { USB_DEVICE(0x04c5, 0x1330) },
585 + { USB_DEVICE(0x04CA, 0x3004) },
586 +@@ -109,6 +110,7 @@ static const struct usb_device_id ath3k_table[] = {
587 + { USB_DEVICE(0x13d3, 0x3402) },
588 + { USB_DEVICE(0x13d3, 0x3408) },
589 + { USB_DEVICE(0x13d3, 0x3432) },
590 ++ { USB_DEVICE(0x13d3, 0x3474) },
591 +
592 + /* Atheros AR5BBU12 with sflash firmware */
593 + { USB_DEVICE(0x0489, 0xE02C) },
594 +@@ -133,6 +135,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
595 + { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
596 + { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
597 + { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
598 ++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
599 + { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
600 + { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
601 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
602 +@@ -163,6 +166,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
603 + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
604 + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
605 + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
606 ++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
607 +
608 + /* Atheros AR5BBU22 with sflash firmware */
609 + { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
610 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
611 +index 9eb1669..c0e7a9aa9 100644
612 +--- a/drivers/bluetooth/btusb.c
613 ++++ b/drivers/bluetooth/btusb.c
614 +@@ -157,6 +157,7 @@ static const struct usb_device_id blacklist_table[] = {
615 + { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
616 + { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
617 + { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
618 ++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
619 + { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
620 + { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
621 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
622 +@@ -187,6 +188,7 @@ static const struct usb_device_id blacklist_table[] = {
623 + { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 },
624 + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
625 + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
626 ++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
627 +
628 + /* Atheros AR5BBU12 with sflash firmware */
629 + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
630 +diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
631 +index 28486b1..ae6dae8 100644
632 +--- a/drivers/crypto/caam/caamrng.c
633 ++++ b/drivers/crypto/caam/caamrng.c
634 +@@ -56,7 +56,7 @@
635 +
636 + /* Buffer, its dma address and lock */
637 + struct buf_data {
638 +- u8 buf[RN_BUF_SIZE];
639 ++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
640 + dma_addr_t addr;
641 + struct completion filled;
642 + u32 hw_desc[DESC_JOB_O_LEN];
643 +diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
644 +index 9683747..f2511a0 100644
645 +--- a/drivers/gpu/drm/mgag200/mgag200_mode.c
646 ++++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
647 +@@ -1529,6 +1529,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector,
648 + return MODE_BANDWIDTH;
649 + }
650 +
651 ++ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 ||
652 ++ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) {
653 ++ return MODE_H_ILLEGAL;
654 ++ }
655 ++
656 + if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 ||
657 + mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 ||
658 + mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 ||
659 +diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c
660 +index 8f580fd..ce21132 100644
661 +--- a/drivers/scsi/lpfc/lpfc_sli.c
662 ++++ b/drivers/scsi/lpfc/lpfc_sli.c
663 +@@ -265,6 +265,16 @@ lpfc_sli4_eq_get(struct lpfc_queue *q)
664 + return NULL;
665 +
666 + q->hba_index = idx;
667 ++
668 ++ /*
669 ++ * insert barrier for instruction interlock : data from the hardware
670 ++ * must have the valid bit checked before it can be copied and acted
671 ++ * upon. Given what was seen in lpfc_sli4_cq_get() of speculative
672 ++ * instructions allowing action on content before valid bit checked,
673 ++ * add barrier here as well. May not be needed as "content" is a
674 ++ * single 32-bit entity here (vs multi word structure for cq's).
675 ++ */
676 ++ mb();
677 + return eqe;
678 + }
679 +
680 +@@ -370,6 +380,17 @@ lpfc_sli4_cq_get(struct lpfc_queue *q)
681 +
682 + cqe = q->qe[q->hba_index].cqe;
683 + q->hba_index = idx;
684 ++
685 ++ /*
686 ++ * insert barrier for instruction interlock : data from the hardware
687 ++ * must have the valid bit checked before it can be copied and acted
688 ++ * upon. Speculative instructions were allowing a bcopy at the start
689 ++ * of lpfc_sli4_fp_handle_wcqe(), which is called immediately
690 ++ * after our return, to copy data before the valid bit check above
691 ++ * was done. As such, some of the copied data was stale. The barrier
692 ++ * ensures the check is before any data is copied.
693 ++ */
694 ++ mb();
695 + return cqe;
696 + }
697 +
698 +diff --git a/fs/pipe.c b/fs/pipe.c
699 +index 78fd0d0..46f1ab2 100644
700 +--- a/fs/pipe.c
701 ++++ b/fs/pipe.c
702 +@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe)
703 + }
704 +
705 + static int
706 +-pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
707 +- int atomic)
708 ++pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov,
709 ++ size_t *remaining, int atomic)
710 + {
711 + unsigned long copy;
712 +
713 +- while (len > 0) {
714 ++ while (*remaining > 0) {
715 + while (!iov->iov_len)
716 + iov++;
717 +- copy = min_t(unsigned long, len, iov->iov_len);
718 ++ copy = min_t(unsigned long, *remaining, iov->iov_len);
719 +
720 + if (atomic) {
721 +- if (__copy_from_user_inatomic(to, iov->iov_base, copy))
722 ++ if (__copy_from_user_inatomic(addr + *offset,
723 ++ iov->iov_base, copy))
724 + return -EFAULT;
725 + } else {
726 +- if (copy_from_user(to, iov->iov_base, copy))
727 ++ if (copy_from_user(addr + *offset,
728 ++ iov->iov_base, copy))
729 + return -EFAULT;
730 + }
731 +- to += copy;
732 +- len -= copy;
733 ++ *offset += copy;
734 ++ *remaining -= copy;
735 + iov->iov_base += copy;
736 + iov->iov_len -= copy;
737 + }
738 +@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
739 + }
740 +
741 + static int
742 +-pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
743 +- int atomic)
744 ++pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset,
745 ++ size_t *remaining, int atomic)
746 + {
747 + unsigned long copy;
748 +
749 +- while (len > 0) {
750 ++ while (*remaining > 0) {
751 + while (!iov->iov_len)
752 + iov++;
753 +- copy = min_t(unsigned long, len, iov->iov_len);
754 ++ copy = min_t(unsigned long, *remaining, iov->iov_len);
755 +
756 + if (atomic) {
757 +- if (__copy_to_user_inatomic(iov->iov_base, from, copy))
758 ++ if (__copy_to_user_inatomic(iov->iov_base,
759 ++ addr + *offset, copy))
760 + return -EFAULT;
761 + } else {
762 +- if (copy_to_user(iov->iov_base, from, copy))
763 ++ if (copy_to_user(iov->iov_base,
764 ++ addr + *offset, copy))
765 + return -EFAULT;
766 + }
767 +- from += copy;
768 +- len -= copy;
769 ++ *offset += copy;
770 ++ *remaining -= copy;
771 + iov->iov_base += copy;
772 + iov->iov_len -= copy;
773 + }
774 +@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
775 + struct pipe_buffer *buf = pipe->bufs + curbuf;
776 + const struct pipe_buf_operations *ops = buf->ops;
777 + void *addr;
778 +- size_t chars = buf->len;
779 ++ size_t chars = buf->len, remaining;
780 + int error, atomic;
781 +
782 + if (chars > total_len)
783 +@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
784 + }
785 +
786 + atomic = !iov_fault_in_pages_write(iov, chars);
787 ++ remaining = chars;
788 + redo:
789 + addr = ops->map(pipe, buf, atomic);
790 +- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
791 ++ error = pipe_iov_copy_to_user(iov, addr, &buf->offset,
792 ++ &remaining, atomic);
793 + ops->unmap(pipe, buf, addr);
794 + if (unlikely(error)) {
795 + /*
796 +@@ -426,7 +432,6 @@ redo:
797 + break;
798 + }
799 + ret += chars;
800 +- buf->offset += chars;
801 + buf->len -= chars;
802 +
803 + /* Was it a packet buffer? Clean up and exit */
804 +@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
805 + if (ops->can_merge && offset + chars <= PAGE_SIZE) {
806 + int error, atomic = 1;
807 + void *addr;
808 ++ size_t remaining = chars;
809 +
810 + error = ops->confirm(pipe, buf);
811 + if (error)
812 +@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
813 + iov_fault_in_pages_read(iov, chars);
814 + redo1:
815 + addr = ops->map(pipe, buf, atomic);
816 +- error = pipe_iov_copy_from_user(offset + addr, iov,
817 +- chars, atomic);
818 ++ error = pipe_iov_copy_from_user(addr, &offset, iov,
819 ++ &remaining, atomic);
820 + ops->unmap(pipe, buf, addr);
821 + ret = error;
822 + do_wakeup = 1;
823 +@@ -575,6 +581,8 @@ redo1:
824 + struct page *page = pipe->tmp_page;
825 + char *src;
826 + int error, atomic = 1;
827 ++ int offset = 0;
828 ++ size_t remaining;
829 +
830 + if (!page) {
831 + page = alloc_page(GFP_HIGHUSER);
832 +@@ -595,14 +603,15 @@ redo1:
833 + chars = total_len;
834 +
835 + iov_fault_in_pages_read(iov, chars);
836 ++ remaining = chars;
837 + redo2:
838 + if (atomic)
839 + src = kmap_atomic(page);
840 + else
841 + src = kmap(page);
842 +
843 +- error = pipe_iov_copy_from_user(src, iov, chars,
844 +- atomic);
845 ++ error = pipe_iov_copy_from_user(src, &offset, iov,
846 ++ &remaining, atomic);
847 + if (atomic)
848 + kunmap_atomic(src);
849 + else
850 +diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
851 +index 8a86319..cb347e8 100644
852 +--- a/kernel/trace/trace_events_filter.c
853 ++++ b/kernel/trace/trace_events_filter.c
854 +@@ -1399,19 +1399,24 @@ static int check_preds(struct filter_parse_state *ps)
855 + {
856 + int n_normal_preds = 0, n_logical_preds = 0;
857 + struct postfix_elt *elt;
858 ++ int cnt = 0;
859 +
860 + list_for_each_entry(elt, &ps->postfix, list) {
861 +- if (elt->op == OP_NONE)
862 ++ if (elt->op == OP_NONE) {
863 ++ cnt++;
864 + continue;
865 ++ }
866 +
867 ++ cnt--;
868 + if (elt->op == OP_AND || elt->op == OP_OR) {
869 + n_logical_preds++;
870 + continue;
871 + }
872 + n_normal_preds++;
873 ++ WARN_ON_ONCE(cnt < 0);
874 + }
875 +
876 +- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
877 ++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
878 + parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
879 + return -EINVAL;
880 + }
881 +diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c
882 +index 4eec2d4..1316e55 100644
883 +--- a/virt/kvm/arm/vgic.c
884 ++++ b/virt/kvm/arm/vgic.c
885 +@@ -1654,7 +1654,7 @@ out:
886 + return ret;
887 + }
888 +
889 +-static bool vgic_ioaddr_overlap(struct kvm *kvm)
890 ++static int vgic_ioaddr_overlap(struct kvm *kvm)
891 + {
892 + phys_addr_t dist = kvm->arch.vgic.vgic_dist_base;
893 + phys_addr_t cpu = kvm->arch.vgic.vgic_cpu_base;
894
895 diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch b/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch
896 similarity index 99%
897 rename from 3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
898 rename to 3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch
899 index 47c91dd..008971f 100644
900 --- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch
901 +++ b/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch
902 @@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644
903
904 pcd. [PARIDE]
905 diff --git a/Makefile b/Makefile
906 -index c92186c..34822ca 100644
907 +index def39fd..4636aea 100644
908 --- a/Makefile
909 +++ b/Makefile
910 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
911 @@ -3307,7 +3307,7 @@ index 7bcee5c..e2f3249 100644
912 __data_loc = .;
913 #endif
914 diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c
915 -index bd18bb8..2bf342f 100644
916 +index df6e75e..1858aa0 100644
917 --- a/arch/arm/kvm/arm.c
918 +++ b/arch/arm/kvm/arm.c
919 @@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors;
920 @@ -3319,7 +3319,7 @@ index bd18bb8..2bf342f 100644
921 static u8 kvm_next_vmid;
922 static DEFINE_SPINLOCK(kvm_vmid_lock);
923
924 -@@ -408,7 +408,7 @@ void force_vm_exit(const cpumask_t *mask)
925 +@@ -371,7 +371,7 @@ void force_vm_exit(const cpumask_t *mask)
926 */
927 static bool need_new_vmid_gen(struct kvm *kvm)
928 {
929 @@ -3328,7 +3328,7 @@ index bd18bb8..2bf342f 100644
930 }
931
932 /**
933 -@@ -441,7 +441,7 @@ static void update_vttbr(struct kvm *kvm)
934 +@@ -404,7 +404,7 @@ static void update_vttbr(struct kvm *kvm)
935
936 /* First user of a new VMID generation? */
937 if (unlikely(kvm_next_vmid == 0)) {
938 @@ -3337,7 +3337,7 @@ index bd18bb8..2bf342f 100644
939 kvm_next_vmid = 1;
940
941 /*
942 -@@ -458,7 +458,7 @@ static void update_vttbr(struct kvm *kvm)
943 +@@ -421,7 +421,7 @@ static void update_vttbr(struct kvm *kvm)
944 kvm_call_hyp(__kvm_flush_vm_context);
945 }
946
947 @@ -3346,7 +3346,7 @@ index bd18bb8..2bf342f 100644
948 kvm->arch.vmid = kvm_next_vmid;
949 kvm_next_vmid++;
950
951 -@@ -1033,7 +1033,7 @@ static void check_kvm_target_cpu(void *ret)
952 +@@ -996,7 +996,7 @@ static void check_kvm_target_cpu(void *ret)
953 /**
954 * Initialize Hyp-mode and memory mappings on all CPUs.
955 */
956 @@ -17263,7 +17263,7 @@ index 5f55e69..e20bfb1 100644
957
958 #ifdef CONFIG_SMP
959 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
960 -index be12c53..4d24039 100644
961 +index be12c53..e1f11c6 100644
962 --- a/arch/x86/include/asm/mmu_context.h
963 +++ b/arch/x86/include/asm/mmu_context.h
964 @@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm);
965 @@ -17355,9 +17355,9 @@ index be12c53..4d24039 100644
966 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
967 + if (!(__supported_pte_mask & _PAGE_NX)) {
968 + smp_mb__before_clear_bit();
969 -+ cpu_clear(cpu, prev->context.cpu_user_cs_mask);
970 ++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
971 + smp_mb__after_clear_bit();
972 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
973 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
974 + }
975 +#endif
976 +
977 @@ -17429,7 +17429,7 @@ index be12c53..4d24039 100644
978 +
979 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
980 + if (!(__supported_pte_mask & _PAGE_NX))
981 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
982 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
983 +#endif
984 +
985 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
986 @@ -26015,7 +26015,7 @@ index c2bedae..25e7ab60 100644
987 .name = "data",
988 .mode = S_IRUGO,
989 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
990 -index c37886d..d851d32 100644
991 +index c37886d..3f425e3 100644
992 --- a/arch/x86/kernel/ldt.c
993 +++ b/arch/x86/kernel/ldt.c
994 @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
995 @@ -26057,7 +26057,7 @@ index c37886d..d851d32 100644
996 + mm->context.user_cs_limit = ~0UL;
997 +
998 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
999 -+ cpus_clear(mm->context.cpu_user_cs_mask);
1000 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
1001 +#endif
1002 +
1003 +#endif
1004 @@ -31983,7 +31983,7 @@ index 903ec1e..c4166b2 100644
1005 }
1006
1007 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
1008 -index ebc551c..40d1269 100644
1009 +index ebc551c..bb37882 100644
1010 --- a/arch/x86/mm/fault.c
1011 +++ b/arch/x86/mm/fault.c
1012 @@ -14,11 +14,18 @@
1013 @@ -32288,7 +32288,7 @@ index ebc551c..40d1269 100644
1014 + }
1015 +
1016 +#ifdef CONFIG_SMP
1017 -+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
1018 ++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask)))
1019 +#else
1020 + if (likely(address > get_limit(regs->cs)))
1021 +#endif
1022 @@ -40653,19 +40653,6 @@ index d97a03d..acf64bb 100644
1023
1024 return 0;
1025 }
1026 -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
1027 -index 28486b1..ae6dae8 100644
1028 ---- a/drivers/crypto/caam/caamrng.c
1029 -+++ b/drivers/crypto/caam/caamrng.c
1030 -@@ -56,7 +56,7 @@
1031 -
1032 - /* Buffer, its dma address and lock */
1033 - struct buf_data {
1034 -- u8 buf[RN_BUF_SIZE];
1035 -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
1036 - dma_addr_t addr;
1037 - struct completion filled;
1038 - u32 hw_desc[DESC_JOB_O_LEN];
1039 diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
1040 index 12fea3e2..1e28f47 100644
1041 --- a/drivers/crypto/hifn_795x.c
1042 @@ -73032,7 +73019,7 @@ index 17679f2..85f4981 100644
1043 }
1044 putname(tmp);
1045 diff --git a/fs/pipe.c b/fs/pipe.c
1046 -index 78fd0d0..e829d3e 100644
1047 +index 46f1ab2..e829d3e 100644
1048 --- a/fs/pipe.c
1049 +++ b/fs/pipe.c
1050 @@ -37,7 +37,7 @@ unsigned int pipe_max_size = 1048576;
1051 @@ -73062,109 +73049,7 @@ index 78fd0d0..e829d3e 100644
1052 mutex_unlock(&pipe->mutex);
1053 }
1054 EXPORT_SYMBOL(pipe_unlock);
1055 -@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe)
1056 - }
1057 -
1058 - static int
1059 --pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
1060 -- int atomic)
1061 -+pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov,
1062 -+ size_t *remaining, int atomic)
1063 - {
1064 - unsigned long copy;
1065 -
1066 -- while (len > 0) {
1067 -+ while (*remaining > 0) {
1068 - while (!iov->iov_len)
1069 - iov++;
1070 -- copy = min_t(unsigned long, len, iov->iov_len);
1071 -+ copy = min_t(unsigned long, *remaining, iov->iov_len);
1072 -
1073 - if (atomic) {
1074 -- if (__copy_from_user_inatomic(to, iov->iov_base, copy))
1075 -+ if (__copy_from_user_inatomic(addr + *offset,
1076 -+ iov->iov_base, copy))
1077 - return -EFAULT;
1078 - } else {
1079 -- if (copy_from_user(to, iov->iov_base, copy))
1080 -+ if (copy_from_user(addr + *offset,
1081 -+ iov->iov_base, copy))
1082 - return -EFAULT;
1083 - }
1084 -- to += copy;
1085 -- len -= copy;
1086 -+ *offset += copy;
1087 -+ *remaining -= copy;
1088 - iov->iov_base += copy;
1089 - iov->iov_len -= copy;
1090 - }
1091 -@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len,
1092 - }
1093 -
1094 - static int
1095 --pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len,
1096 -- int atomic)
1097 -+pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset,
1098 -+ size_t *remaining, int atomic)
1099 - {
1100 - unsigned long copy;
1101 -
1102 -- while (len > 0) {
1103 -+ while (*remaining > 0) {
1104 - while (!iov->iov_len)
1105 - iov++;
1106 -- copy = min_t(unsigned long, len, iov->iov_len);
1107 -+ copy = min_t(unsigned long, *remaining, iov->iov_len);
1108 -
1109 - if (atomic) {
1110 -- if (__copy_to_user_inatomic(iov->iov_base, from, copy))
1111 -+ if (__copy_to_user_inatomic(iov->iov_base,
1112 -+ addr + *offset, copy))
1113 - return -EFAULT;
1114 - } else {
1115 -- if (copy_to_user(iov->iov_base, from, copy))
1116 -+ if (copy_to_user(iov->iov_base,
1117 -+ addr + *offset, copy))
1118 - return -EFAULT;
1119 - }
1120 -- from += copy;
1121 -- len -= copy;
1122 -+ *offset += copy;
1123 -+ *remaining -= copy;
1124 - iov->iov_base += copy;
1125 - iov->iov_len -= copy;
1126 - }
1127 -@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
1128 - struct pipe_buffer *buf = pipe->bufs + curbuf;
1129 - const struct pipe_buf_operations *ops = buf->ops;
1130 - void *addr;
1131 -- size_t chars = buf->len;
1132 -+ size_t chars = buf->len, remaining;
1133 - int error, atomic;
1134 -
1135 - if (chars > total_len)
1136 -@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov,
1137 - }
1138 -
1139 - atomic = !iov_fault_in_pages_write(iov, chars);
1140 -+ remaining = chars;
1141 - redo:
1142 - addr = ops->map(pipe, buf, atomic);
1143 -- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic);
1144 -+ error = pipe_iov_copy_to_user(iov, addr, &buf->offset,
1145 -+ &remaining, atomic);
1146 - ops->unmap(pipe, buf, addr);
1147 - if (unlikely(error)) {
1148 - /*
1149 -@@ -426,7 +432,6 @@ redo:
1150 - break;
1151 - }
1152 - ret += chars;
1153 -- buf->offset += chars;
1154 - buf->len -= chars;
1155 -
1156 - /* Was it a packet buffer? Clean up and exit */
1157 -@@ -449,9 +454,9 @@ redo:
1158 +@@ -454,9 +454,9 @@ redo:
1159 }
1160 if (bufs) /* More to do? */
1161 continue;
1162 @@ -73176,7 +73061,7 @@ index 78fd0d0..e829d3e 100644
1163 /* syscall merging: Usually we must not sleep
1164 * if O_NONBLOCK is set, or if we got some data.
1165 * But if a writer sleeps in kernel space, then
1166 -@@ -513,7 +518,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
1167 +@@ -518,7 +518,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
1168 ret = 0;
1169 __pipe_lock(pipe);
1170
1171 @@ -73185,26 +73070,7 @@ index 78fd0d0..e829d3e 100644
1172 send_sig(SIGPIPE, current, 0);
1173 ret = -EPIPE;
1174 goto out;
1175 -@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
1176 - if (ops->can_merge && offset + chars <= PAGE_SIZE) {
1177 - int error, atomic = 1;
1178 - void *addr;
1179 -+ size_t remaining = chars;
1180 -
1181 - error = ops->confirm(pipe, buf);
1182 - if (error)
1183 -@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
1184 - iov_fault_in_pages_read(iov, chars);
1185 - redo1:
1186 - addr = ops->map(pipe, buf, atomic);
1187 -- error = pipe_iov_copy_from_user(offset + addr, iov,
1188 -- chars, atomic);
1189 -+ error = pipe_iov_copy_from_user(addr, &offset, iov,
1190 -+ &remaining, atomic);
1191 - ops->unmap(pipe, buf, addr);
1192 - ret = error;
1193 - do_wakeup = 1;
1194 -@@ -562,7 +568,7 @@ redo1:
1195 +@@ -568,7 +568,7 @@ redo1:
1196 for (;;) {
1197 int bufs;
1198
1199 @@ -73213,34 +73079,7 @@ index 78fd0d0..e829d3e 100644
1200 send_sig(SIGPIPE, current, 0);
1201 if (!ret)
1202 ret = -EPIPE;
1203 -@@ -575,6 +581,8 @@ redo1:
1204 - struct page *page = pipe->tmp_page;
1205 - char *src;
1206 - int error, atomic = 1;
1207 -+ int offset = 0;
1208 -+ size_t remaining;
1209 -
1210 - if (!page) {
1211 - page = alloc_page(GFP_HIGHUSER);
1212 -@@ -595,14 +603,15 @@ redo1:
1213 - chars = total_len;
1214 -
1215 - iov_fault_in_pages_read(iov, chars);
1216 -+ remaining = chars;
1217 - redo2:
1218 - if (atomic)
1219 - src = kmap_atomic(page);
1220 - else
1221 - src = kmap(page);
1222 -
1223 -- error = pipe_iov_copy_from_user(src, iov, chars,
1224 -- atomic);
1225 -+ error = pipe_iov_copy_from_user(src, &offset, iov,
1226 -+ &remaining, atomic);
1227 - if (atomic)
1228 - kunmap_atomic(src);
1229 - else
1230 -@@ -653,9 +662,9 @@ redo2:
1231 +@@ -662,9 +662,9 @@ redo2:
1232 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
1233 do_wakeup = 0;
1234 }
1235 @@ -73252,7 +73091,7 @@ index 78fd0d0..e829d3e 100644
1236 }
1237 out:
1238 __pipe_unlock(pipe);
1239 -@@ -710,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait)
1240 +@@ -719,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait)
1241 mask = 0;
1242 if (filp->f_mode & FMODE_READ) {
1243 mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
1244 @@ -73261,7 +73100,7 @@ index 78fd0d0..e829d3e 100644
1245 mask |= POLLHUP;
1246 }
1247
1248 -@@ -720,7 +729,7 @@ pipe_poll(struct file *filp, poll_table *wait)
1249 +@@ -729,7 +729,7 @@ pipe_poll(struct file *filp, poll_table *wait)
1250 * Most Unices do not set POLLERR for FIFOs but on Linux they
1251 * behave exactly like pipes for poll().
1252 */
1253 @@ -73270,7 +73109,7 @@ index 78fd0d0..e829d3e 100644
1254 mask |= POLLERR;
1255 }
1256
1257 -@@ -732,7 +741,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe)
1258 +@@ -741,7 +741,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe)
1259 int kill = 0;
1260
1261 spin_lock(&inode->i_lock);
1262 @@ -73279,7 +73118,7 @@ index 78fd0d0..e829d3e 100644
1263 inode->i_pipe = NULL;
1264 kill = 1;
1265 }
1266 -@@ -749,11 +758,11 @@ pipe_release(struct inode *inode, struct file *file)
1267 +@@ -758,11 +758,11 @@ pipe_release(struct inode *inode, struct file *file)
1268
1269 __pipe_lock(pipe);
1270 if (file->f_mode & FMODE_READ)
1271 @@ -73294,7 +73133,7 @@ index 78fd0d0..e829d3e 100644
1272 wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
1273 kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
1274 kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
1275 -@@ -818,7 +827,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
1276 +@@ -827,7 +827,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
1277 kfree(pipe);
1278 }
1279
1280 @@ -73303,7 +73142,7 @@ index 78fd0d0..e829d3e 100644
1281
1282 /*
1283 * pipefs_dname() is called from d_path().
1284 -@@ -848,8 +857,9 @@ static struct inode * get_pipe_inode(void)
1285 +@@ -857,8 +857,9 @@ static struct inode * get_pipe_inode(void)
1286 goto fail_iput;
1287
1288 inode->i_pipe = pipe;
1289 @@ -73315,7 +73154,7 @@ index 78fd0d0..e829d3e 100644
1290 inode->i_fop = &pipefifo_fops;
1291
1292 /*
1293 -@@ -1028,17 +1038,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
1294 +@@ -1037,17 +1038,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
1295 spin_lock(&inode->i_lock);
1296 if (inode->i_pipe) {
1297 pipe = inode->i_pipe;
1298 @@ -73336,7 +73175,7 @@ index 78fd0d0..e829d3e 100644
1299 spin_unlock(&inode->i_lock);
1300 free_pipe_info(pipe);
1301 pipe = inode->i_pipe;
1302 -@@ -1063,10 +1073,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
1303 +@@ -1072,10 +1073,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
1304 * opened, even when there is no process writing the FIFO.
1305 */
1306 pipe->r_counter++;
1307 @@ -73349,7 +73188,7 @@ index 78fd0d0..e829d3e 100644
1308 if ((filp->f_flags & O_NONBLOCK)) {
1309 /* suppress POLLHUP until we have
1310 * seen a writer */
1311 -@@ -1085,14 +1095,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
1312 +@@ -1094,14 +1095,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
1313 * errno=ENXIO when there is no process reading the FIFO.
1314 */
1315 ret = -ENXIO;
1316 @@ -73367,7 +73206,7 @@ index 78fd0d0..e829d3e 100644
1317 if (wait_for_partner(pipe, &pipe->r_counter))
1318 goto err_wr;
1319 }
1320 -@@ -1106,11 +1116,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
1321 +@@ -1115,11 +1116,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
1322 * the process can at least talk to itself.
1323 */
1324
1325 @@ -73382,7 +73221,7 @@ index 78fd0d0..e829d3e 100644
1326 wake_up_partner(pipe);
1327 break;
1328
1329 -@@ -1124,13 +1134,13 @@ static int fifo_open(struct inode *inode, struct file *filp)
1330 +@@ -1133,13 +1134,13 @@ static int fifo_open(struct inode *inode, struct file *filp)
1331 return 0;
1332
1333 err_rd:
1334 @@ -73398,7 +73237,7 @@ index 78fd0d0..e829d3e 100644
1335 wake_up_interruptible(&pipe->wait);
1336 ret = -ERESTARTSYS;
1337 goto err;
1338 -@@ -1208,7 +1218,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages)
1339 +@@ -1217,7 +1218,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages)
1340 * Currently we rely on the pipe array holding a power-of-2 number
1341 * of pages.
1342 */
1343 @@ -73407,7 +73246,7 @@ index 78fd0d0..e829d3e 100644
1344 {
1345 unsigned long nr_pages;
1346
1347 -@@ -1256,13 +1266,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
1348 +@@ -1265,13 +1266,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
1349
1350 switch (cmd) {
1351 case F_SETPIPE_SZ: {
1352 @@ -103316,22 +103155,31 @@ index c6646a5..574b47c 100644
1353
1354 /* Add an additional event_call dynamically */
1355 diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
1356 -index 8a86319..32ef21b 100644
1357 +index cb347e8..0adf74e 100644
1358 --- a/kernel/trace/trace_events_filter.c
1359 +++ b/kernel/trace/trace_events_filter.c
1360 -@@ -1399,19 +1399,27 @@ static int check_preds(struct filter_parse_state *ps)
1361 +@@ -1086,6 +1086,9 @@ static void parse_init(struct filter_parse_state *ps,
1362 +
1363 + static char infix_next(struct filter_parse_state *ps)
1364 {
1365 - int n_normal_preds = 0, n_logical_preds = 0;
1366 - struct postfix_elt *elt;
1367 -+ int cnt = 0;
1368 ++ if (!ps->infix.cnt)
1369 ++ return 0;
1370 ++
1371 + ps->infix.cnt--;
1372
1373 - list_for_each_entry(elt, &ps->postfix, list) {
1374 -- if (elt->op == OP_NONE)
1375 -+ if (elt->op == OP_NONE) {
1376 -+ cnt++;
1377 - continue;
1378 -+ }
1379 + return ps->infix.string[ps->infix.tail++];
1380 +@@ -1101,6 +1104,9 @@ static char infix_peek(struct filter_parse_state *ps)
1381
1382 + static void infix_advance(struct filter_parse_state *ps)
1383 + {
1384 ++ if (!ps->infix.cnt)
1385 ++ return;
1386 ++
1387 + ps->infix.cnt--;
1388 + ps->infix.tail++;
1389 + }
1390 +@@ -1410,8 +1416,12 @@ static int check_preds(struct filter_parse_state *ps)
1391 + cnt--;
1392 if (elt->op == OP_AND || elt->op == OP_OR) {
1393 n_logical_preds++;
1394 + cnt--;
1395 @@ -103341,13 +103189,7 @@ index 8a86319..32ef21b 100644
1396 + // a reject here when it's backported
1397 + cnt--;
1398 n_normal_preds++;
1399 -+ WARN_ON_ONCE(cnt < 0);
1400 - }
1401 -
1402 -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
1403 -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
1404 - parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
1405 - return -EINVAL;
1406 + WARN_ON_ONCE(cnt < 0);
1407 }
1408 diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
1409 index 0b99120..881174f 100644
1410 @@ -107266,7 +107108,7 @@ index d4c97ba..916b1d4 100644
1411 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1412
1413 diff --git a/mm/mprotect.c b/mm/mprotect.c
1414 -index 769a67a..414d24f 100644
1415 +index 769a67a..c99f865 100644
1416 --- a/mm/mprotect.c
1417 +++ b/mm/mprotect.c
1418 @@ -24,10 +24,18 @@
1419 @@ -107315,8 +107157,8 @@ index 769a67a..414d24f 100644
1420 +
1421 +#ifdef CONFIG_SMP
1422 + wmb();
1423 -+ cpus_clear(mm->context.cpu_user_cs_mask);
1424 -+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
1425 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
1426 ++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask);
1427 +#endif
1428 +
1429 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
1430
1431 diff --git a/4.0.6/4425_grsec_remove_EI_PAX.patch b/3.14.46/4425_grsec_remove_EI_PAX.patch
1432 similarity index 100%
1433 rename from 4.0.6/4425_grsec_remove_EI_PAX.patch
1434 rename to 3.14.46/4425_grsec_remove_EI_PAX.patch
1435
1436 diff --git a/3.14.45/4427_force_XATTR_PAX_tmpfs.patch b/3.14.46/4427_force_XATTR_PAX_tmpfs.patch
1437 similarity index 100%
1438 rename from 3.14.45/4427_force_XATTR_PAX_tmpfs.patch
1439 rename to 3.14.46/4427_force_XATTR_PAX_tmpfs.patch
1440
1441 diff --git a/4.0.6/4430_grsec-remove-localversion-grsec.patch b/3.14.46/4430_grsec-remove-localversion-grsec.patch
1442 similarity index 100%
1443 rename from 4.0.6/4430_grsec-remove-localversion-grsec.patch
1444 rename to 3.14.46/4430_grsec-remove-localversion-grsec.patch
1445
1446 diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.46/4435_grsec-mute-warnings.patch
1447 similarity index 100%
1448 rename from 3.14.45/4435_grsec-mute-warnings.patch
1449 rename to 3.14.46/4435_grsec-mute-warnings.patch
1450
1451 diff --git a/4.0.6/4440_grsec-remove-protected-paths.patch b/3.14.46/4440_grsec-remove-protected-paths.patch
1452 similarity index 100%
1453 rename from 4.0.6/4440_grsec-remove-protected-paths.patch
1454 rename to 3.14.46/4440_grsec-remove-protected-paths.patch
1455
1456 diff --git a/3.14.45/4450_grsec-kconfig-default-gids.patch b/3.14.46/4450_grsec-kconfig-default-gids.patch
1457 similarity index 100%
1458 rename from 3.14.45/4450_grsec-kconfig-default-gids.patch
1459 rename to 3.14.46/4450_grsec-kconfig-default-gids.patch
1460
1461 diff --git a/3.14.45/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.46/4465_selinux-avc_audit-log-curr_ip.patch
1462 similarity index 100%
1463 rename from 3.14.45/4465_selinux-avc_audit-log-curr_ip.patch
1464 rename to 3.14.46/4465_selinux-avc_audit-log-curr_ip.patch
1465
1466 diff --git a/3.14.45/4470_disable-compat_vdso.patch b/3.14.46/4470_disable-compat_vdso.patch
1467 similarity index 100%
1468 rename from 3.14.45/4470_disable-compat_vdso.patch
1469 rename to 3.14.46/4470_disable-compat_vdso.patch
1470
1471 diff --git a/4.0.6/4475_emutramp_default_on.patch b/3.14.46/4475_emutramp_default_on.patch
1472 similarity index 100%
1473 rename from 4.0.6/4475_emutramp_default_on.patch
1474 rename to 3.14.46/4475_emutramp_default_on.patch
1475
1476 diff --git a/3.2.69/0000_README b/3.2.69/0000_README
1477 index 05b7791..d006716 100644
1478 --- a/3.2.69/0000_README
1479 +++ b/3.2.69/0000_README
1480 @@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch
1481 From: http://www.kernel.org
1482 Desc: Linux 3.2.69
1483
1484 -Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch
1485 +Patch: 4420_grsecurity-3.1-3.2.69-201506300708.patch
1486 From: http://www.grsecurity.net
1487 Desc: hardened-sources base patch from upstream grsecurity
1488
1489
1490 diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch
1491 similarity index 99%
1492 rename from 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
1493 rename to 3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch
1494 index ce279a5..e8aabfa 100644
1495 --- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch
1496 +++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch
1497 @@ -14572,7 +14572,7 @@ index 5f55e69..e20bfb1 100644
1498
1499 #ifdef CONFIG_SMP
1500 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
1501 -index 6902152..da4283a 100644
1502 +index 6902152..737f889 100644
1503 --- a/arch/x86/include/asm/mmu_context.h
1504 +++ b/arch/x86/include/asm/mmu_context.h
1505 @@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm);
1506 @@ -14634,9 +14634,9 @@ index 6902152..da4283a 100644
1507 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
1508 + if (!(__supported_pte_mask & _PAGE_NX)) {
1509 + smp_mb__before_clear_bit();
1510 -+ cpu_clear(cpu, prev->context.cpu_user_cs_mask);
1511 ++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
1512 + smp_mb__after_clear_bit();
1513 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
1514 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
1515 + }
1516 +#endif
1517 +
1518 @@ -14678,7 +14678,7 @@ index 6902152..da4283a 100644
1519 +
1520 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
1521 + if (!(__supported_pte_mask & _PAGE_NX))
1522 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
1523 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
1524 +#endif
1525 +
1526 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
1527 @@ -22436,7 +22436,7 @@ index 4b6701e..1a3dcdb 100644
1528 };
1529 #endif
1530 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
1531 -index 0a8e65e..288a4b0 100644
1532 +index 0a8e65e..6e8de34 100644
1533 --- a/arch/x86/kernel/ldt.c
1534 +++ b/arch/x86/kernel/ldt.c
1535 @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
1536 @@ -22478,7 +22478,7 @@ index 0a8e65e..288a4b0 100644
1537 + mm->context.user_cs_limit = ~0UL;
1538 +
1539 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
1540 -+ cpus_clear(mm->context.cpu_user_cs_mask);
1541 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
1542 +#endif
1543 +
1544 +#endif
1545 @@ -28430,7 +28430,7 @@ index d0474ad..36e9257 100644
1546 extern u32 pnp_bios_is_utter_crap;
1547 pnp_bios_is_utter_crap = 1;
1548 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
1549 -index 351590e..825bba9 100644
1550 +index 351590e..ad0d399 100644
1551 --- a/arch/x86/mm/fault.c
1552 +++ b/arch/x86/mm/fault.c
1553 @@ -13,11 +13,18 @@
1554 @@ -28716,7 +28716,7 @@ index 351590e..825bba9 100644
1555 + }
1556 +
1557 +#ifdef CONFIG_SMP
1558 -+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
1559 ++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask)))
1560 +#else
1561 + if (likely(address > get_limit(regs->cs)))
1562 +#endif
1563 @@ -29896,7 +29896,7 @@ index 29f7c6d9..5122941 100644
1564 printk(KERN_INFO "Write protecting the kernel text: %luk\n",
1565 size >> 10);
1566 diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
1567 -index 44b93da..5a0b3ee 100644
1568 +index 44b93da..79d59f5 100644
1569 --- a/arch/x86/mm/init_64.c
1570 +++ b/arch/x86/mm/init_64.c
1571 @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on);
1572 @@ -30013,6 +30013,15 @@ index 44b93da..5a0b3ee 100644
1573 adr = (void *)(((unsigned long)adr) | left);
1574
1575 return adr;
1576 +@@ -413,7 +427,7 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end,
1577 +
1578 + int i = pmd_index(address);
1579 +
1580 +- for (; i < PTRS_PER_PMD; i++, address += PMD_SIZE) {
1581 ++ for (; i < PTRS_PER_PMD; i++, address = (address & PMD_MASK) + PMD_SIZE) {
1582 + unsigned long pte_phys;
1583 + pmd_t *pmd = pmd_page + pmd_index(address);
1584 + pte_t *pte;
1585 @@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
1586 unmap_low_page(pmd);
1587
1588 @@ -96101,10 +96110,30 @@ index 875fed4..7a76cbb 100644
1589 }
1590
1591 diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
1592 -index b0996c1..7e5c12f 100644
1593 +index b0996c1..9c39703 100644
1594 --- a/kernel/trace/trace_events_filter.c
1595 +++ b/kernel/trace/trace_events_filter.c
1596 -@@ -1343,19 +1343,27 @@ static int check_preds(struct filter_parse_state *ps)
1597 +@@ -1027,6 +1027,9 @@ static void parse_init(struct filter_parse_state *ps,
1598 +
1599 + static char infix_next(struct filter_parse_state *ps)
1600 + {
1601 ++ if (!ps->infix.cnt)
1602 ++ return 0;
1603 ++
1604 + ps->infix.cnt--;
1605 +
1606 + return ps->infix.string[ps->infix.tail++];
1607 +@@ -1042,6 +1045,9 @@ static char infix_peek(struct filter_parse_state *ps)
1608 +
1609 + static void infix_advance(struct filter_parse_state *ps)
1610 + {
1611 ++ if (!ps->infix.cnt)
1612 ++ return;
1613 ++
1614 + ps->infix.cnt--;
1615 + ps->infix.tail++;
1616 + }
1617 +@@ -1343,19 +1349,27 @@ static int check_preds(struct filter_parse_state *ps)
1618 {
1619 int n_normal_preds = 0, n_logical_preds = 0;
1620 struct postfix_elt *elt;
1621 @@ -97671,6 +97700,18 @@ index 011b110..05d1b6f 100644
1622 select PROC_PAGE_MONITOR
1623
1624 config NOMMU_INITIAL_TRIM_EXCESS
1625 +diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug
1626 +index 8b1a477..f3a339f 100644
1627 +--- a/mm/Kconfig.debug
1628 ++++ b/mm/Kconfig.debug
1629 +@@ -1,6 +1,7 @@
1630 + config DEBUG_PAGEALLOC
1631 + bool "Debug page memory allocations"
1632 + depends on DEBUG_KERNEL
1633 ++ depends on !PAX_MEMORY_SANITIZE
1634 + depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC
1635 + depends on !KMEMCHECK
1636 + select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC
1637 diff --git a/mm/backing-dev.c b/mm/backing-dev.c
1638 index 2b49dd2..0527d62 100644
1639 --- a/mm/backing-dev.c
1640 @@ -100638,7 +100679,7 @@ index cf332bc..add7e3a 100644
1641
1642 if (active_mm != mm)
1643 diff --git a/mm/mprotect.c b/mm/mprotect.c
1644 -index 5a688a2..fffb9f6 100644
1645 +index 5a688a2..fa006d9 100644
1646 --- a/mm/mprotect.c
1647 +++ b/mm/mprotect.c
1648 @@ -23,10 +23,16 @@
1649 @@ -100685,8 +100726,8 @@ index 5a688a2..fffb9f6 100644
1650 +
1651 +#ifdef CONFIG_SMP
1652 + wmb();
1653 -+ cpus_clear(mm->context.cpu_user_cs_mask);
1654 -+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
1655 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
1656 ++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask);
1657 +#endif
1658 +
1659 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
1660
1661 diff --git a/3.14.45/0000_README b/4.0.7/0000_README
1662 similarity index 92%
1663 rename from 3.14.45/0000_README
1664 rename to 4.0.7/0000_README
1665 index b4be2cb..1c85007 100644
1666 --- a/3.14.45/0000_README
1667 +++ b/4.0.7/0000_README
1668 @@ -2,7 +2,11 @@ README
1669 -----------------------------------------------------------------------------
1670 Individual Patch Descriptions:
1671 -----------------------------------------------------------------------------
1672 -Patch: 4420_grsecurity-3.1-3.14.45-201506262046.patch
1673 +Patch: 1006_linux-4.0.7.patch
1674 +From: http://www.kernel.org
1675 +Desc: Linux 4.0.7
1676 +
1677 +Patch: 4420_grsecurity-3.1-4.0.7-201506300712.patch
1678 From: http://www.grsecurity.net
1679 Desc: hardened-sources base patch from upstream grsecurity
1680
1681
1682 diff --git a/4.0.7/1006_linux-4.0.7.patch b/4.0.7/1006_linux-4.0.7.patch
1683 new file mode 100644
1684 index 0000000..0b9b646
1685 --- /dev/null
1686 +++ b/4.0.7/1006_linux-4.0.7.patch
1687 @@ -0,0 +1,707 @@
1688 +diff --git a/Makefile b/Makefile
1689 +index af6da04..bd76a8e 100644
1690 +--- a/Makefile
1691 ++++ b/Makefile
1692 +@@ -1,6 +1,6 @@
1693 + VERSION = 4
1694 + PATCHLEVEL = 0
1695 +-SUBLEVEL = 6
1696 ++SUBLEVEL = 7
1697 + EXTRAVERSION =
1698 + NAME = Hurr durr I'ma sheep
1699 +
1700 +diff --git a/arch/arm/mach-exynos/common.h b/arch/arm/mach-exynos/common.h
1701 +index f70eca7..0ef8d4b 100644
1702 +--- a/arch/arm/mach-exynos/common.h
1703 ++++ b/arch/arm/mach-exynos/common.h
1704 +@@ -153,6 +153,8 @@ extern void exynos_enter_aftr(void);
1705 +
1706 + extern struct cpuidle_exynos_data cpuidle_coupled_exynos_data;
1707 +
1708 ++extern void exynos_set_delayed_reset_assertion(bool enable);
1709 ++
1710 + extern void s5p_init_cpu(void __iomem *cpuid_addr);
1711 + extern unsigned int samsung_rev(void);
1712 + extern void __iomem *cpu_boot_reg_base(void);
1713 +diff --git a/arch/arm/mach-exynos/exynos.c b/arch/arm/mach-exynos/exynos.c
1714 +index 9e9dfdf..1081ff1 100644
1715 +--- a/arch/arm/mach-exynos/exynos.c
1716 ++++ b/arch/arm/mach-exynos/exynos.c
1717 +@@ -166,6 +166,33 @@ static void __init exynos_init_io(void)
1718 + exynos_map_io();
1719 + }
1720 +
1721 ++/*
1722 ++ * Set or clear the USE_DELAYED_RESET_ASSERTION option. Used by smp code
1723 ++ * and suspend.
1724 ++ *
1725 ++ * This is necessary only on Exynos4 SoCs. When system is running
1726 ++ * USE_DELAYED_RESET_ASSERTION should be set so the ARM CLK clock down
1727 ++ * feature could properly detect global idle state when secondary CPU is
1728 ++ * powered down.
1729 ++ *
1730 ++ * However this should not be set when such system is going into suspend.
1731 ++ */
1732 ++void exynos_set_delayed_reset_assertion(bool enable)
1733 ++{
1734 ++ if (soc_is_exynos4()) {
1735 ++ unsigned int tmp, core_id;
1736 ++
1737 ++ for (core_id = 0; core_id < num_possible_cpus(); core_id++) {
1738 ++ tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id));
1739 ++ if (enable)
1740 ++ tmp |= S5P_USE_DELAYED_RESET_ASSERTION;
1741 ++ else
1742 ++ tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION);
1743 ++ pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id));
1744 ++ }
1745 ++ }
1746 ++}
1747 ++
1748 + static const struct of_device_id exynos_dt_pmu_match[] = {
1749 + { .compatible = "samsung,exynos3250-pmu" },
1750 + { .compatible = "samsung,exynos4210-pmu" },
1751 +diff --git a/arch/arm/mach-exynos/platsmp.c b/arch/arm/mach-exynos/platsmp.c
1752 +index d2e9f12..d45e8cd 100644
1753 +--- a/arch/arm/mach-exynos/platsmp.c
1754 ++++ b/arch/arm/mach-exynos/platsmp.c
1755 +@@ -34,30 +34,6 @@
1756 +
1757 + extern void exynos4_secondary_startup(void);
1758 +
1759 +-/*
1760 +- * Set or clear the USE_DELAYED_RESET_ASSERTION option, set on Exynos4 SoCs
1761 +- * during hot-(un)plugging CPUx.
1762 +- *
1763 +- * The feature can be cleared safely during first boot of secondary CPU.
1764 +- *
1765 +- * Exynos4 SoCs require setting USE_DELAYED_RESET_ASSERTION during powering
1766 +- * down a CPU so the CPU idle clock down feature could properly detect global
1767 +- * idle state when CPUx is off.
1768 +- */
1769 +-static void exynos_set_delayed_reset_assertion(u32 core_id, bool enable)
1770 +-{
1771 +- if (soc_is_exynos4()) {
1772 +- unsigned int tmp;
1773 +-
1774 +- tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id));
1775 +- if (enable)
1776 +- tmp |= S5P_USE_DELAYED_RESET_ASSERTION;
1777 +- else
1778 +- tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION);
1779 +- pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id));
1780 +- }
1781 +-}
1782 +-
1783 + #ifdef CONFIG_HOTPLUG_CPU
1784 + static inline void cpu_leave_lowpower(u32 core_id)
1785 + {
1786 +@@ -73,8 +49,6 @@ static inline void cpu_leave_lowpower(u32 core_id)
1787 + : "=&r" (v)
1788 + : "Ir" (CR_C), "Ir" (0x40)
1789 + : "cc");
1790 +-
1791 +- exynos_set_delayed_reset_assertion(core_id, false);
1792 + }
1793 +
1794 + static inline void platform_do_lowpower(unsigned int cpu, int *spurious)
1795 +@@ -87,14 +61,6 @@ static inline void platform_do_lowpower(unsigned int cpu, int *spurious)
1796 + /* Turn the CPU off on next WFI instruction. */
1797 + exynos_cpu_power_down(core_id);
1798 +
1799 +- /*
1800 +- * Exynos4 SoCs require setting
1801 +- * USE_DELAYED_RESET_ASSERTION so the CPU idle
1802 +- * clock down feature could properly detect
1803 +- * global idle state when CPUx is off.
1804 +- */
1805 +- exynos_set_delayed_reset_assertion(core_id, true);
1806 +-
1807 + wfi();
1808 +
1809 + if (pen_release == core_id) {
1810 +@@ -354,9 +320,6 @@ static int exynos_boot_secondary(unsigned int cpu, struct task_struct *idle)
1811 + udelay(10);
1812 + }
1813 +
1814 +- /* No harm if this is called during first boot of secondary CPU */
1815 +- exynos_set_delayed_reset_assertion(core_id, false);
1816 +-
1817 + /*
1818 + * now the secondary core is starting up let it run its
1819 + * calibrations, then wait for it to finish
1820 +@@ -403,6 +366,8 @@ static void __init exynos_smp_prepare_cpus(unsigned int max_cpus)
1821 +
1822 + exynos_sysram_init();
1823 +
1824 ++ exynos_set_delayed_reset_assertion(true);
1825 ++
1826 + if (read_cpuid_part() == ARM_CPU_PART_CORTEX_A9)
1827 + scu_enable(scu_base_addr());
1828 +
1829 +diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
1830 +index 318d127..582ef2d 100644
1831 +--- a/arch/arm/mach-exynos/suspend.c
1832 ++++ b/arch/arm/mach-exynos/suspend.c
1833 +@@ -235,6 +235,8 @@ static void exynos_pm_enter_sleep_mode(void)
1834 +
1835 + static void exynos_pm_prepare(void)
1836 + {
1837 ++ exynos_set_delayed_reset_assertion(false);
1838 ++
1839 + /* Set wake-up mask registers */
1840 + exynos_pm_set_wakeup_mask();
1841 +
1842 +@@ -383,6 +385,7 @@ early_wakeup:
1843 +
1844 + /* Clear SLEEP mode set in INFORM1 */
1845 + pmu_raw_writel(0x0, S5P_INFORM1);
1846 ++ exynos_set_delayed_reset_assertion(true);
1847 + }
1848 +
1849 + static void exynos3250_pm_resume(void)
1850 +diff --git a/arch/powerpc/kernel/idle_power7.S b/arch/powerpc/kernel/idle_power7.S
1851 +index 05adc8b..401d8d0 100644
1852 +--- a/arch/powerpc/kernel/idle_power7.S
1853 ++++ b/arch/powerpc/kernel/idle_power7.S
1854 +@@ -500,9 +500,11 @@ BEGIN_FTR_SECTION
1855 + CHECK_HMI_INTERRUPT
1856 + END_FTR_SECTION_IFSET(CPU_FTR_HVMODE)
1857 + ld r1,PACAR1(r13)
1858 ++ ld r6,_CCR(r1)
1859 + ld r4,_MSR(r1)
1860 + ld r5,_NIP(r1)
1861 + addi r1,r1,INT_FRAME_SIZE
1862 ++ mtcr r6
1863 + mtspr SPRN_SRR1,r4
1864 + mtspr SPRN_SRR0,r5
1865 + rfid
1866 +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
1867 +index 4e3d5a9..03189d8 100644
1868 +--- a/arch/x86/kernel/kprobes/core.c
1869 ++++ b/arch/x86/kernel/kprobes/core.c
1870 +@@ -354,6 +354,7 @@ int __copy_instruction(u8 *dest, u8 *src)
1871 + {
1872 + struct insn insn;
1873 + kprobe_opcode_t buf[MAX_INSN_SIZE];
1874 ++ int length;
1875 + unsigned long recovered_insn =
1876 + recover_probed_instruction(buf, (unsigned long)src);
1877 +
1878 +@@ -361,16 +362,18 @@ int __copy_instruction(u8 *dest, u8 *src)
1879 + return 0;
1880 + kernel_insn_init(&insn, (void *)recovered_insn, MAX_INSN_SIZE);
1881 + insn_get_length(&insn);
1882 ++ length = insn.length;
1883 ++
1884 + /* Another subsystem puts a breakpoint, failed to recover */
1885 + if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
1886 + return 0;
1887 +- memcpy(dest, insn.kaddr, insn.length);
1888 ++ memcpy(dest, insn.kaddr, length);
1889 +
1890 + #ifdef CONFIG_X86_64
1891 + if (insn_rip_relative(&insn)) {
1892 + s64 newdisp;
1893 + u8 *disp;
1894 +- kernel_insn_init(&insn, dest, insn.length);
1895 ++ kernel_insn_init(&insn, dest, length);
1896 + insn_get_displacement(&insn);
1897 + /*
1898 + * The copied instruction uses the %rip-relative addressing
1899 +@@ -394,7 +397,7 @@ int __copy_instruction(u8 *dest, u8 *src)
1900 + *(s32 *) disp = (s32) newdisp;
1901 + }
1902 + #endif
1903 +- return insn.length;
1904 ++ return length;
1905 + }
1906 +
1907 + static int arch_copy_kprobe(struct kprobe *p)
1908 +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
1909 +index 4ee827d..3cb2b58 100644
1910 +--- a/arch/x86/kvm/lapic.c
1911 ++++ b/arch/x86/kvm/lapic.c
1912 +@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic)
1913 + apic->divide_count);
1914 + }
1915 +
1916 ++static void apic_update_lvtt(struct kvm_lapic *apic)
1917 ++{
1918 ++ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) &
1919 ++ apic->lapic_timer.timer_mode_mask;
1920 ++
1921 ++ if (apic->lapic_timer.timer_mode != timer_mode) {
1922 ++ apic->lapic_timer.timer_mode = timer_mode;
1923 ++ hrtimer_cancel(&apic->lapic_timer.timer);
1924 ++ }
1925 ++}
1926 ++
1927 + static void apic_timer_expired(struct kvm_lapic *apic)
1928 + {
1929 + struct kvm_vcpu *vcpu = apic->vcpu;
1930 +@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
1931 + apic_set_reg(apic, APIC_LVTT + 0x10 * i,
1932 + lvt_val | APIC_LVT_MASKED);
1933 + }
1934 ++ apic_update_lvtt(apic);
1935 + atomic_set(&apic->lapic_timer.pending, 0);
1936 +
1937 + }
1938 +@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
1939 +
1940 + break;
1941 +
1942 +- case APIC_LVTT: {
1943 +- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask;
1944 +-
1945 +- if (apic->lapic_timer.timer_mode != timer_mode) {
1946 +- apic->lapic_timer.timer_mode = timer_mode;
1947 +- hrtimer_cancel(&apic->lapic_timer.timer);
1948 +- }
1949 +-
1950 ++ case APIC_LVTT:
1951 + if (!kvm_apic_sw_enabled(apic))
1952 + val |= APIC_LVT_MASKED;
1953 + val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask);
1954 + apic_set_reg(apic, APIC_LVTT, val);
1955 ++ apic_update_lvtt(apic);
1956 + break;
1957 +- }
1958 +
1959 + case APIC_TMICT:
1960 + if (apic_lvtt_tscdeadline(apic))
1961 +@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
1962 +
1963 + for (i = 0; i < APIC_LVT_NUM; i++)
1964 + apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED);
1965 +- apic->lapic_timer.timer_mode = 0;
1966 ++ apic_update_lvtt(apic);
1967 + apic_set_reg(apic, APIC_LVT0,
1968 + SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT));
1969 +
1970 +@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
1971 +
1972 + apic_update_ppr(apic);
1973 + hrtimer_cancel(&apic->lapic_timer.timer);
1974 ++ apic_update_lvtt(apic);
1975 + update_divide_count(apic);
1976 + start_apic_timer(apic);
1977 + apic->irr_pending = true;
1978 +diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c
1979 +index 288547a..f26ebc5 100644
1980 +--- a/drivers/bluetooth/ath3k.c
1981 ++++ b/drivers/bluetooth/ath3k.c
1982 +@@ -80,6 +80,7 @@ static const struct usb_device_id ath3k_table[] = {
1983 + { USB_DEVICE(0x0489, 0xe057) },
1984 + { USB_DEVICE(0x0489, 0xe056) },
1985 + { USB_DEVICE(0x0489, 0xe05f) },
1986 ++ { USB_DEVICE(0x0489, 0xe076) },
1987 + { USB_DEVICE(0x0489, 0xe078) },
1988 + { USB_DEVICE(0x04c5, 0x1330) },
1989 + { USB_DEVICE(0x04CA, 0x3004) },
1990 +@@ -111,6 +112,7 @@ static const struct usb_device_id ath3k_table[] = {
1991 + { USB_DEVICE(0x13d3, 0x3408) },
1992 + { USB_DEVICE(0x13d3, 0x3423) },
1993 + { USB_DEVICE(0x13d3, 0x3432) },
1994 ++ { USB_DEVICE(0x13d3, 0x3474) },
1995 +
1996 + /* Atheros AR5BBU12 with sflash firmware */
1997 + { USB_DEVICE(0x0489, 0xE02C) },
1998 +@@ -135,6 +137,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
1999 + { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
2000 + { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
2001 + { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
2002 ++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
2003 + { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
2004 + { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
2005 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
2006 +@@ -166,6 +169,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = {
2007 + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
2008 + { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
2009 + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
2010 ++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
2011 +
2012 + /* Atheros AR5BBU22 with sflash firmware */
2013 + { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 },
2014 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
2015 +index 2c527da..4fc4157 100644
2016 +--- a/drivers/bluetooth/btusb.c
2017 ++++ b/drivers/bluetooth/btusb.c
2018 +@@ -174,6 +174,7 @@ static const struct usb_device_id blacklist_table[] = {
2019 + { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 },
2020 + { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 },
2021 + { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 },
2022 ++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 },
2023 + { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 },
2024 + { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 },
2025 + { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 },
2026 +@@ -205,6 +206,7 @@ static const struct usb_device_id blacklist_table[] = {
2027 + { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 },
2028 + { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 },
2029 + { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 },
2030 ++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 },
2031 +
2032 + /* Atheros AR5BBU12 with sflash firmware */
2033 + { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE },
2034 +diff --git a/drivers/clk/at91/clk-pll.c b/drivers/clk/at91/clk-pll.c
2035 +index 6ec79db..cbbe403 100644
2036 +--- a/drivers/clk/at91/clk-pll.c
2037 ++++ b/drivers/clk/at91/clk-pll.c
2038 +@@ -173,8 +173,7 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate,
2039 + int i = 0;
2040 +
2041 + /* Check if parent_rate is a valid input rate */
2042 +- if (parent_rate < characteristics->input.min ||
2043 +- parent_rate > characteristics->input.max)
2044 ++ if (parent_rate < characteristics->input.min)
2045 + return -ERANGE;
2046 +
2047 + /*
2048 +@@ -187,6 +186,15 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate,
2049 + if (!mindiv)
2050 + mindiv = 1;
2051 +
2052 ++ if (parent_rate > characteristics->input.max) {
2053 ++ tmpdiv = DIV_ROUND_UP(parent_rate, characteristics->input.max);
2054 ++ if (tmpdiv > PLL_DIV_MAX)
2055 ++ return -ERANGE;
2056 ++
2057 ++ if (tmpdiv > mindiv)
2058 ++ mindiv = tmpdiv;
2059 ++ }
2060 ++
2061 + /*
2062 + * Calculate the maximum divider which is limited by PLL register
2063 + * layout (limited by the MUL or DIV field size).
2064 +diff --git a/drivers/clk/at91/pmc.h b/drivers/clk/at91/pmc.h
2065 +index 69abb08..eb8e5dc 100644
2066 +--- a/drivers/clk/at91/pmc.h
2067 ++++ b/drivers/clk/at91/pmc.h
2068 +@@ -121,7 +121,7 @@ extern void __init of_at91sam9x5_clk_smd_setup(struct device_node *np,
2069 + struct at91_pmc *pmc);
2070 + #endif
2071 +
2072 +-#if defined(CONFIG_HAVE_AT91_SMD)
2073 ++#if defined(CONFIG_HAVE_AT91_H32MX)
2074 + extern void __init of_sama5d4_clk_h32mx_setup(struct device_node *np,
2075 + struct at91_pmc *pmc);
2076 + #endif
2077 +diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
2078 +index f347ab7..08b0da2 100644
2079 +--- a/drivers/crypto/caam/caamhash.c
2080 ++++ b/drivers/crypto/caam/caamhash.c
2081 +@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req)
2082 +
2083 + state->current_buf = 0;
2084 + state->buf_dma = 0;
2085 ++ state->buflen_0 = 0;
2086 ++ state->buflen_1 = 0;
2087 +
2088 + return 0;
2089 + }
2090 +diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
2091 +index ae31e55..a48dc25 100644
2092 +--- a/drivers/crypto/caam/caamrng.c
2093 ++++ b/drivers/crypto/caam/caamrng.c
2094 +@@ -56,7 +56,7 @@
2095 +
2096 + /* Buffer, its dma address and lock */
2097 + struct buf_data {
2098 +- u8 buf[RN_BUF_SIZE];
2099 ++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
2100 + dma_addr_t addr;
2101 + struct completion filled;
2102 + u32 hw_desc[DESC_JOB_O_LEN];
2103 +diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c
2104 +index ec4d932..169123a 100644
2105 +--- a/drivers/gpu/drm/i915/i915_drv.c
2106 ++++ b/drivers/gpu/drm/i915/i915_drv.c
2107 +@@ -693,6 +693,16 @@ static int i915_drm_resume(struct drm_device *dev)
2108 + intel_init_pch_refclk(dev);
2109 + drm_mode_config_reset(dev);
2110 +
2111 ++ /*
2112 ++ * Interrupts have to be enabled before any batches are run.
2113 ++ * If not the GPU will hang. i915_gem_init_hw() will initiate
2114 ++ * batches to update/restore the context.
2115 ++ *
2116 ++ * Modeset enabling in intel_modeset_init_hw() also needs
2117 ++ * working interrupts.
2118 ++ */
2119 ++ intel_runtime_pm_enable_interrupts(dev_priv);
2120 ++
2121 + mutex_lock(&dev->struct_mutex);
2122 + if (i915_gem_init_hw(dev)) {
2123 + DRM_ERROR("failed to re-initialize GPU, declaring wedged!\n");
2124 +@@ -700,9 +710,6 @@ static int i915_drm_resume(struct drm_device *dev)
2125 + }
2126 + mutex_unlock(&dev->struct_mutex);
2127 +
2128 +- /* We need working interrupts for modeset enabling ... */
2129 +- intel_runtime_pm_enable_interrupts(dev_priv);
2130 +-
2131 + intel_modeset_init_hw(dev);
2132 +
2133 + spin_lock_irq(&dev_priv->irq_lock);
2134 +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c
2135 +index 7a628e4..9536ec3 100644
2136 +--- a/drivers/gpu/drm/i915/i915_gem.c
2137 ++++ b/drivers/gpu/drm/i915/i915_gem.c
2138 +@@ -2732,6 +2732,9 @@ void i915_gem_reset(struct drm_device *dev)
2139 + void
2140 + i915_gem_retire_requests_ring(struct intel_engine_cs *ring)
2141 + {
2142 ++ if (list_empty(&ring->request_list))
2143 ++ return;
2144 ++
2145 + WARN_ON(i915_verify_lists(ring->dev));
2146 +
2147 + /* Retire requests first as we use it above for the early return.
2148 +@@ -3088,8 +3091,8 @@ int i915_vma_unbind(struct i915_vma *vma)
2149 + } else if (vma->ggtt_view.pages) {
2150 + sg_free_table(vma->ggtt_view.pages);
2151 + kfree(vma->ggtt_view.pages);
2152 +- vma->ggtt_view.pages = NULL;
2153 + }
2154 ++ vma->ggtt_view.pages = NULL;
2155 + }
2156 +
2157 + drm_mm_remove_node(&vma->node);
2158 +diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c
2159 +index 9872ba9..2ffeda3 100644
2160 +--- a/drivers/gpu/drm/mgag200/mgag200_mode.c
2161 ++++ b/drivers/gpu/drm/mgag200/mgag200_mode.c
2162 +@@ -1526,6 +1526,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector,
2163 + return MODE_BANDWIDTH;
2164 + }
2165 +
2166 ++ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 ||
2167 ++ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) {
2168 ++ return MODE_H_ILLEGAL;
2169 ++ }
2170 ++
2171 + if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 ||
2172 + mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 ||
2173 + mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 ||
2174 +diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c
2175 +index 686411e..b82f2dd 100644
2176 +--- a/drivers/gpu/drm/radeon/radeon_kms.c
2177 ++++ b/drivers/gpu/drm/radeon/radeon_kms.c
2178 +@@ -547,6 +547,9 @@ static int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file
2179 + else
2180 + *value = 1;
2181 + break;
2182 ++ case RADEON_INFO_VA_UNMAP_WORKING:
2183 ++ *value = true;
2184 ++ break;
2185 + default:
2186 + DRM_DEBUG_KMS("Invalid request %d\n", info->request);
2187 + return -EINVAL;
2188 +diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c
2189 +index 147029a..ac72ece 100644
2190 +--- a/drivers/infiniband/ulp/isert/ib_isert.c
2191 ++++ b/drivers/infiniband/ulp/isert/ib_isert.c
2192 +@@ -2316,7 +2316,6 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd,
2193 + page_off = offset % PAGE_SIZE;
2194 +
2195 + send_wr->sg_list = ib_sge;
2196 +- send_wr->num_sge = sg_nents;
2197 + send_wr->wr_id = (uintptr_t)&isert_cmd->tx_desc;
2198 + /*
2199 + * Perform mapping of TCM scatterlist memory ib_sge dma_addr.
2200 +@@ -2336,14 +2335,17 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd,
2201 + ib_sge->addr, ib_sge->length, ib_sge->lkey);
2202 + page_off = 0;
2203 + data_left -= ib_sge->length;
2204 ++ if (!data_left)
2205 ++ break;
2206 + ib_sge++;
2207 + isert_dbg("Incrementing ib_sge pointer to %p\n", ib_sge);
2208 + }
2209 +
2210 ++ send_wr->num_sge = ++i;
2211 + isert_dbg("Set outgoing sg_list: %p num_sg: %u from TCM SGLs\n",
2212 + send_wr->sg_list, send_wr->num_sge);
2213 +
2214 +- return sg_nents;
2215 ++ return send_wr->num_sge;
2216 + }
2217 +
2218 + static int
2219 +@@ -3311,6 +3313,7 @@ static void isert_free_conn(struct iscsi_conn *conn)
2220 + {
2221 + struct isert_conn *isert_conn = conn->context;
2222 +
2223 ++ isert_wait4flush(isert_conn);
2224 + isert_put_conn(isert_conn);
2225 + }
2226 +
2227 +diff --git a/drivers/md/dm.c b/drivers/md/dm.c
2228 +index 9b4e30a..beda011 100644
2229 +--- a/drivers/md/dm.c
2230 ++++ b/drivers/md/dm.c
2231 +@@ -1889,8 +1889,8 @@ static int map_request(struct dm_target *ti, struct request *rq,
2232 + dm_kill_unmapped_request(rq, r);
2233 + return r;
2234 + }
2235 +- if (IS_ERR(clone))
2236 +- return DM_MAPIO_REQUEUE;
2237 ++ if (r != DM_MAPIO_REMAPPED)
2238 ++ return r;
2239 + if (setup_clone(clone, rq, tio, GFP_KERNEL)) {
2240 + /* -ENOMEM */
2241 + ti->type->release_clone_rq(clone);
2242 +diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
2243 +index 75345c1..5c91df5 100644
2244 +--- a/drivers/net/wireless/b43/main.c
2245 ++++ b/drivers/net/wireless/b43/main.c
2246 +@@ -5365,6 +5365,10 @@ static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy,
2247 + *have_5ghz_phy = true;
2248 + return;
2249 + case 0x4321: /* BCM4306 */
2250 ++ /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */
2251 ++ if (dev->phy.type != B43_PHYTYPE_G)
2252 ++ break;
2253 ++ /* fall through */
2254 + case 0x4313: /* BCM4311 */
2255 + case 0x431a: /* BCM4318 */
2256 + case 0x432a: /* BCM4321 */
2257 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2258 +index 220c0fd..50faef4 100644
2259 +--- a/drivers/usb/class/cdc-acm.c
2260 ++++ b/drivers/usb/class/cdc-acm.c
2261 +@@ -1468,6 +1468,11 @@ skip_countries:
2262 + goto alloc_fail8;
2263 + }
2264 +
2265 ++ if (quirks & CLEAR_HALT_CONDITIONS) {
2266 ++ usb_clear_halt(usb_dev, usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress));
2267 ++ usb_clear_halt(usb_dev, usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress));
2268 ++ }
2269 ++
2270 + return 0;
2271 + alloc_fail8:
2272 + if (acm->country_codes) {
2273 +@@ -1747,6 +1752,10 @@ static const struct usb_device_id acm_ids[] = {
2274 + .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */
2275 + },
2276 +
2277 ++ { USB_DEVICE(0x2912, 0x0001), /* ATOL FPrint */
2278 ++ .driver_info = CLEAR_HALT_CONDITIONS,
2279 ++ },
2280 ++
2281 + /* Nokia S60 phones expose two ACM channels. The first is
2282 + * a modem and is picked up by the standard AT-command
2283 + * information below. The second is 'vendor-specific' but
2284 +diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h
2285 +index ffeb3c8..b3b6c9d 100644
2286 +--- a/drivers/usb/class/cdc-acm.h
2287 ++++ b/drivers/usb/class/cdc-acm.h
2288 +@@ -133,3 +133,4 @@ struct acm {
2289 + #define NO_DATA_INTERFACE BIT(4)
2290 + #define IGNORE_DEVICE BIT(5)
2291 + #define QUIRK_CONTROL_LINE_STATE BIT(6)
2292 ++#define CLEAR_HALT_CONDITIONS BIT(7)
2293 +diff --git a/include/uapi/drm/radeon_drm.h b/include/uapi/drm/radeon_drm.h
2294 +index 50d0fb4..76d2ede 100644
2295 +--- a/include/uapi/drm/radeon_drm.h
2296 ++++ b/include/uapi/drm/radeon_drm.h
2297 +@@ -1034,6 +1034,7 @@ struct drm_radeon_cs {
2298 + #define RADEON_INFO_VRAM_USAGE 0x1e
2299 + #define RADEON_INFO_GTT_USAGE 0x1f
2300 + #define RADEON_INFO_ACTIVE_CU_COUNT 0x20
2301 ++#define RADEON_INFO_VA_UNMAP_WORKING 0x25
2302 +
2303 + struct drm_radeon_info {
2304 + uint32_t request;
2305 +diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
2306 +index ced69da..7f2e97c 100644
2307 +--- a/kernel/trace/trace_events_filter.c
2308 ++++ b/kernel/trace/trace_events_filter.c
2309 +@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
2310 + {
2311 + int n_normal_preds = 0, n_logical_preds = 0;
2312 + struct postfix_elt *elt;
2313 ++ int cnt = 0;
2314 +
2315 + list_for_each_entry(elt, &ps->postfix, list) {
2316 +- if (elt->op == OP_NONE)
2317 ++ if (elt->op == OP_NONE) {
2318 ++ cnt++;
2319 + continue;
2320 ++ }
2321 +
2322 + if (elt->op == OP_AND || elt->op == OP_OR) {
2323 + n_logical_preds++;
2324 ++ cnt--;
2325 + continue;
2326 + }
2327 ++ if (elt->op != OP_NOT)
2328 ++ cnt--;
2329 + n_normal_preds++;
2330 ++ WARN_ON_ONCE(cnt < 0);
2331 + }
2332 +
2333 +- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
2334 ++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
2335 + parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
2336 + return -EINVAL;
2337 + }
2338 +diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
2339 +index 87eff31..60b3100 100644
2340 +--- a/sound/pci/hda/patch_sigmatel.c
2341 ++++ b/sound/pci/hda/patch_sigmatel.c
2342 +@@ -100,6 +100,7 @@ enum {
2343 + STAC_HP_ENVY_BASS,
2344 + STAC_HP_BNB13_EQ,
2345 + STAC_HP_ENVY_TS_BASS,
2346 ++ STAC_HP_ENVY_TS_DAC_BIND,
2347 + STAC_92HD83XXX_GPIO10_EAPD,
2348 + STAC_92HD83XXX_MODELS
2349 + };
2350 +@@ -2170,6 +2171,22 @@ static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec,
2351 + spec->eapd_switch = 0;
2352 + }
2353 +
2354 ++static void hp_envy_ts_fixup_dac_bind(struct hda_codec *codec,
2355 ++ const struct hda_fixup *fix,
2356 ++ int action)
2357 ++{
2358 ++ struct sigmatel_spec *spec = codec->spec;
2359 ++ static hda_nid_t preferred_pairs[] = {
2360 ++ 0xd, 0x13,
2361 ++ 0
2362 ++ };
2363 ++
2364 ++ if (action != HDA_FIXUP_ACT_PRE_PROBE)
2365 ++ return;
2366 ++
2367 ++ spec->gen.preferred_dacs = preferred_pairs;
2368 ++}
2369 ++
2370 + static const struct hda_verb hp_bnb13_eq_verbs[] = {
2371 + /* 44.1KHz base */
2372 + { 0x22, 0x7A6, 0x3E },
2373 +@@ -2685,6 +2702,12 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = {
2374 + {}
2375 + },
2376 + },
2377 ++ [STAC_HP_ENVY_TS_DAC_BIND] = {
2378 ++ .type = HDA_FIXUP_FUNC,
2379 ++ .v.func = hp_envy_ts_fixup_dac_bind,
2380 ++ .chained = true,
2381 ++ .chain_id = STAC_HP_ENVY_TS_BASS,
2382 ++ },
2383 + [STAC_92HD83XXX_GPIO10_EAPD] = {
2384 + .type = HDA_FIXUP_FUNC,
2385 + .v.func = stac92hd83xxx_fixup_gpio10_eapd,
2386 +@@ -2763,6 +2786,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = {
2387 + "HP bNB13", STAC_HP_BNB13_EQ),
2388 + SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x190e,
2389 + "HP ENVY TS", STAC_HP_ENVY_TS_BASS),
2390 ++ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1967,
2391 ++ "HP ENVY TS", STAC_HP_ENVY_TS_DAC_BIND),
2392 + SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1940,
2393 + "HP bNB13", STAC_HP_BNB13_EQ),
2394 + SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1941,
2395
2396 diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch b/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch
2397 similarity index 99%
2398 rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
2399 rename to 4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch
2400 index 01515b8..37bee2c 100644
2401 --- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch
2402 +++ b/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch
2403 @@ -373,7 +373,7 @@ index 4d68ec8..9546b75 100644
2404
2405 pcd. [PARIDE]
2406 diff --git a/Makefile b/Makefile
2407 -index af6da04..22820aa 100644
2408 +index bd76a8e..ed02758 100644
2409 --- a/Makefile
2410 +++ b/Makefile
2411 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
2412 @@ -3437,7 +3437,7 @@ index 3e58d71..029817c 100644
2413 /* See rational for this in __copy_to_user() above. */
2414 if (n < 64)
2415 diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c
2416 -index 318d127..9aab0d1 100644
2417 +index 582ef2d..d314e82 100644
2418 --- a/arch/arm/mach-exynos/suspend.c
2419 +++ b/arch/arm/mach-exynos/suspend.c
2420 @@ -18,6 +18,7 @@
2421 @@ -3448,7 +3448,7 @@ index 318d127..9aab0d1 100644
2422 #include <linux/irqchip/arm-gic.h>
2423 #include <linux/err.h>
2424 #include <linux/regulator/machine.h>
2425 -@@ -632,8 +633,10 @@ void __init exynos_pm_init(void)
2426 +@@ -635,8 +636,10 @@ void __init exynos_pm_init(void)
2427 tmp |= pm_data->wake_disable_mask;
2428 pmu_raw_writel(tmp, S5P_WAKEUP_MASK);
2429
2430 @@ -17369,7 +17369,7 @@ index 09b9620..923aecd 100644
2431 atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
2432 } mm_context_t;
2433 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
2434 -index 883f6b93..6869d96 100644
2435 +index 883f6b93..bb405b5 100644
2436 --- a/arch/x86/include/asm/mmu_context.h
2437 +++ b/arch/x86/include/asm/mmu_context.h
2438 @@ -42,6 +42,20 @@ void destroy_context(struct mm_struct *mm);
2439 @@ -17461,9 +17461,9 @@ index 883f6b93..6869d96 100644
2440 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
2441 + if (!(__supported_pte_mask & _PAGE_NX)) {
2442 + smp_mb__before_atomic();
2443 -+ cpu_clear(cpu, prev->context.cpu_user_cs_mask);
2444 ++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask);
2445 + smp_mb__after_atomic();
2446 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
2447 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
2448 + }
2449 +#endif
2450 +
2451 @@ -17537,7 +17537,7 @@ index 883f6b93..6869d96 100644
2452 +
2453 +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
2454 + if (!(__supported_pte_mask & _PAGE_NX))
2455 -+ cpu_set(cpu, next->context.cpu_user_cs_mask);
2456 ++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask);
2457 +#endif
2458 +
2459 +#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC))
2460 @@ -22048,7 +22048,7 @@ index cf3df1d..b637d9a 100644
2461
2462 if (__die(str, regs, err))
2463 diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
2464 -index 5abd4cd..c65733b 100644
2465 +index 5abd4cd..ca97162 100644
2466 --- a/arch/x86/kernel/dumpstack_32.c
2467 +++ b/arch/x86/kernel/dumpstack_32.c
2468 @@ -61,15 +61,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
2469 @@ -22125,7 +22125,7 @@ index 5abd4cd..c65733b 100644
2470 }
2471 +
2472 +#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY)
2473 -+void pax_check_alloca(unsigned long size)
2474 ++void __used pax_check_alloca(unsigned long size)
2475 +{
2476 + unsigned long sp = (unsigned long)&sp, stack_left;
2477 +
2478 @@ -22136,7 +22136,7 @@ index 5abd4cd..c65733b 100644
2479 +EXPORT_SYMBOL(pax_check_alloca);
2480 +#endif
2481 diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
2482 -index ff86f19..73eabf4 100644
2483 +index ff86f19..a2efee8 100644
2484 --- a/arch/x86/kernel/dumpstack_64.c
2485 +++ b/arch/x86/kernel/dumpstack_64.c
2486 @@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
2487 @@ -22211,7 +22211,7 @@ index ff86f19..73eabf4 100644
2488 }
2489 +
2490 +#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY)
2491 -+void pax_check_alloca(unsigned long size)
2492 ++void __used pax_check_alloca(unsigned long size)
2493 +{
2494 + unsigned long sp = (unsigned long)&sp, stack_start, stack_end;
2495 + unsigned cpu, used;
2496 @@ -23060,7 +23060,7 @@ index 31e2d5b..b31c76d 100644
2497 #endif
2498
2499 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
2500 -index f0095a7..ec77893 100644
2501 +index f0095a7..7ece039 100644
2502 --- a/arch/x86/kernel/entry_64.S
2503 +++ b/arch/x86/kernel/entry_64.S
2504 @@ -59,6 +59,8 @@
2505 @@ -23114,7 +23114,7 @@ index f0095a7..ec77893 100644
2506 +
2507 +#ifdef CONFIG_PAX_KERNEXEC
2508 + GET_CR0_INTO_RDI
2509 -+ bts $16,%rdi
2510 ++ bts $X86_CR0_WP_BIT,%rdi
2511 + jnc 3f
2512 + mov %cs,%edi
2513 + cmp $__KERNEL_CS,%edi
2514 @@ -23175,7 +23175,7 @@ index f0095a7..ec77893 100644
2515 + cmp $__KERNEXEC_KERNEL_CS,%edi
2516 + jz 2f
2517 + GET_CR0_INTO_RDI
2518 -+ bts $16,%rdi
2519 ++ bts $X86_CR0_WP_BIT,%rdi
2520 + jnc 4f
2521 +1:
2522 +#endif
2523 @@ -23213,7 +23213,7 @@ index f0095a7..ec77893 100644
2524 +
2525 +#ifdef CONFIG_PAX_KERNEXEC
2526 +2: GET_CR0_INTO_RDI
2527 -+ btr $16,%rdi
2528 ++ btr $X86_CR0_WP_BIT,%rdi
2529 + jnc 4f
2530 + ljmpq __KERNEL_CS,3f
2531 +3: SET_RDI_INTO_CR0
2532 @@ -23301,7 +23301,7 @@ index f0095a7..ec77893 100644
2533 +
2534 +#ifdef CONFIG_PAX_KERNEXEC
2535 + GET_CR0_INTO_RDI
2536 -+ bts $16,%rdi
2537 ++ bts $X86_CR0_WP_BIT,%rdi
2538 + SET_RDI_INTO_CR0
2539 +#endif
2540 +
2541 @@ -23346,7 +23346,7 @@ index f0095a7..ec77893 100644
2542 +
2543 +#ifdef CONFIG_PAX_KERNEXEC
2544 + GET_CR0_INTO_RDI
2545 -+ btr $16,%rdi
2546 ++ btr $X86_CR0_WP_BIT,%rdi
2547 + jnc 3f
2548 + SET_RDI_INTO_CR0
2549 +#endif
2550 @@ -23393,7 +23393,7 @@ index f0095a7..ec77893 100644
2551 +
2552 +#ifdef CONFIG_PAX_KERNEXEC
2553 + GET_CR0_INTO_RDI
2554 -+ bts $16,%rdi
2555 ++ bts $X86_CR0_WP_BIT,%rdi
2556 + jc 110f
2557 + SET_RDI_INTO_CR0
2558 + or $2,%ebx
2559 @@ -23426,7 +23426,7 @@ index f0095a7..ec77893 100644
2560 + btr $1,%ebx
2561 + jnc 110f
2562 + GET_CR0_INTO_RDI
2563 -+ btr $16,%rdi
2564 ++ btr $X86_CR0_WP_BIT,%rdi
2565 + SET_RDI_INTO_CR0
2566 +110:
2567 +#endif
2568 @@ -25578,7 +25578,7 @@ index 25ecd56..e12482f 100644
2569 }
2570
2571 diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
2572 -index 4e3d5a9..03fffd8 100644
2573 +index 03189d8..4705700 100644
2574 --- a/arch/x86/kernel/kprobes/core.c
2575 +++ b/arch/x86/kernel/kprobes/core.c
2576 @@ -120,9 +120,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op)
2577 @@ -25619,17 +25619,17 @@ index 4e3d5a9..03fffd8 100644
2578 }
2579
2580 /*
2581 -@@ -364,7 +367,9 @@ int __copy_instruction(u8 *dest, u8 *src)
2582 +@@ -367,7 +370,9 @@ int __copy_instruction(u8 *dest, u8 *src)
2583 /* Another subsystem puts a breakpoint, failed to recover */
2584 if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION)
2585 return 0;
2586 + pax_open_kernel();
2587 - memcpy(dest, insn.kaddr, insn.length);
2588 + memcpy(dest, insn.kaddr, length);
2589 + pax_close_kernel();
2590
2591 #ifdef CONFIG_X86_64
2592 if (insn_rip_relative(&insn)) {
2593 -@@ -391,7 +396,9 @@ int __copy_instruction(u8 *dest, u8 *src)
2594 +@@ -394,7 +399,9 @@ int __copy_instruction(u8 *dest, u8 *src)
2595 return 0;
2596 }
2597 disp = (u8 *) dest + insn_offset_displacement(&insn);
2598 @@ -25638,8 +25638,8 @@ index 4e3d5a9..03fffd8 100644
2599 + pax_close_kernel();
2600 }
2601 #endif
2602 - return insn.length;
2603 -@@ -533,7 +540,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
2604 + return length;
2605 +@@ -536,7 +543,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
2606 * nor set current_kprobe, because it doesn't use single
2607 * stepping.
2608 */
2609 @@ -25648,7 +25648,7 @@ index 4e3d5a9..03fffd8 100644
2610 preempt_enable_no_resched();
2611 return;
2612 }
2613 -@@ -550,9 +557,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
2614 +@@ -553,9 +560,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs,
2615 regs->flags &= ~X86_EFLAGS_IF;
2616 /* single step inline if the instruction is an int3 */
2617 if (p->opcode == BREAKPOINT_INSTRUCTION)
2618 @@ -25660,7 +25660,7 @@ index 4e3d5a9..03fffd8 100644
2619 }
2620 NOKPROBE_SYMBOL(setup_singlestep);
2621
2622 -@@ -602,7 +609,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
2623 +@@ -605,7 +612,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
2624 struct kprobe *p;
2625 struct kprobe_ctlblk *kcb;
2626
2627 @@ -25669,7 +25669,7 @@ index 4e3d5a9..03fffd8 100644
2628 return 0;
2629
2630 addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t));
2631 -@@ -637,7 +644,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
2632 +@@ -640,7 +647,7 @@ int kprobe_int3_handler(struct pt_regs *regs)
2633 setup_singlestep(p, regs, kcb, 0);
2634 return 1;
2635 }
2636 @@ -25678,7 +25678,7 @@ index 4e3d5a9..03fffd8 100644
2637 /*
2638 * The breakpoint instruction was removed right
2639 * after we hit it. Another cpu has removed
2640 -@@ -684,6 +691,9 @@ static void __used kretprobe_trampoline_holder(void)
2641 +@@ -687,6 +694,9 @@ static void __used kretprobe_trampoline_holder(void)
2642 " movq %rax, 152(%rsp)\n"
2643 RESTORE_REGS_STRING
2644 " popfq\n"
2645 @@ -25688,7 +25688,7 @@ index 4e3d5a9..03fffd8 100644
2646 #else
2647 " pushf\n"
2648 SAVE_REGS_STRING
2649 -@@ -824,7 +834,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
2650 +@@ -827,7 +837,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs,
2651 struct kprobe_ctlblk *kcb)
2652 {
2653 unsigned long *tos = stack_addr(regs);
2654 @@ -25697,7 +25697,7 @@ index 4e3d5a9..03fffd8 100644
2655 unsigned long orig_ip = (unsigned long)p->addr;
2656 kprobe_opcode_t *insn = p->ainsn.insn;
2657
2658 -@@ -1007,7 +1017,7 @@ int kprobe_exceptions_notify(struct notifier_block *self, unsigned long val,
2659 +@@ -1010,7 +1020,7 @@ int kprobe_exceptions_notify(struct notifier_block *self, unsigned long val,
2660 struct die_args *args = data;
2661 int ret = NOTIFY_DONE;
2662
2663 @@ -25789,7 +25789,7 @@ index c2bedae..25e7ab60 100644
2664 .name = "data",
2665 .mode = S_IRUGO,
2666 diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c
2667 -index c37886d..d851d32 100644
2668 +index c37886d..3f425e3 100644
2669 --- a/arch/x86/kernel/ldt.c
2670 +++ b/arch/x86/kernel/ldt.c
2671 @@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload)
2672 @@ -25831,7 +25831,7 @@ index c37886d..d851d32 100644
2673 + mm->context.user_cs_limit = ~0UL;
2674 +
2675 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
2676 -+ cpus_clear(mm->context.cpu_user_cs_mask);
2677 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
2678 +#endif
2679 +
2680 +#endif
2681 @@ -28771,7 +28771,7 @@ index 106c015..2db7161 100644
2682 0, 0, 0, /* CR3 checked later */
2683 CR4_RESERVED_BITS,
2684 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
2685 -index 4ee827d..83c8e31 100644
2686 +index 3cb2b58..83c8e31 100644
2687 --- a/arch/x86/kvm/lapic.c
2688 +++ b/arch/x86/kvm/lapic.c
2689 @@ -56,7 +56,7 @@
2690 @@ -28783,72 +28783,6 @@ index 4ee827d..83c8e31 100644
2691
2692 #define APIC_LVT_NUM 6
2693 /* 14 is the version for Xeon and Pentium 8.4.8*/
2694 -@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic)
2695 - apic->divide_count);
2696 - }
2697 -
2698 -+static void apic_update_lvtt(struct kvm_lapic *apic)
2699 -+{
2700 -+ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) &
2701 -+ apic->lapic_timer.timer_mode_mask;
2702 -+
2703 -+ if (apic->lapic_timer.timer_mode != timer_mode) {
2704 -+ apic->lapic_timer.timer_mode = timer_mode;
2705 -+ hrtimer_cancel(&apic->lapic_timer.timer);
2706 -+ }
2707 -+}
2708 -+
2709 - static void apic_timer_expired(struct kvm_lapic *apic)
2710 - {
2711 - struct kvm_vcpu *vcpu = apic->vcpu;
2712 -@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
2713 - apic_set_reg(apic, APIC_LVTT + 0x10 * i,
2714 - lvt_val | APIC_LVT_MASKED);
2715 - }
2716 -+ apic_update_lvtt(apic);
2717 - atomic_set(&apic->lapic_timer.pending, 0);
2718 -
2719 - }
2720 -@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val)
2721 -
2722 - break;
2723 -
2724 -- case APIC_LVTT: {
2725 -- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask;
2726 --
2727 -- if (apic->lapic_timer.timer_mode != timer_mode) {
2728 -- apic->lapic_timer.timer_mode = timer_mode;
2729 -- hrtimer_cancel(&apic->lapic_timer.timer);
2730 -- }
2731 --
2732 -+ case APIC_LVTT:
2733 - if (!kvm_apic_sw_enabled(apic))
2734 - val |= APIC_LVT_MASKED;
2735 - val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask);
2736 - apic_set_reg(apic, APIC_LVTT, val);
2737 -+ apic_update_lvtt(apic);
2738 - break;
2739 -- }
2740 -
2741 - case APIC_TMICT:
2742 - if (apic_lvtt_tscdeadline(apic))
2743 -@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu)
2744 -
2745 - for (i = 0; i < APIC_LVT_NUM; i++)
2746 - apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED);
2747 -- apic->lapic_timer.timer_mode = 0;
2748 -+ apic_update_lvtt(apic);
2749 - apic_set_reg(apic, APIC_LVT0,
2750 - SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT));
2751 -
2752 -@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu,
2753 -
2754 - apic_update_ppr(apic);
2755 - hrtimer_cancel(&apic->lapic_timer.timer);
2756 -+ apic_update_lvtt(apic);
2757 - update_divide_count(apic);
2758 - start_apic_timer(apic);
2759 - apic->irr_pending = true;
2760 diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h
2761 index 0bc6c65..ca4f92d 100644
2762 --- a/arch/x86/kvm/lapic.h
2763 @@ -31924,7 +31858,7 @@ index 903ec1e..c4166b2 100644
2764 }
2765
2766 diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
2767 -index ede025f..1ef909b 100644
2768 +index ede025f..ecc2d96 100644
2769 --- a/arch/x86/mm/fault.c
2770 +++ b/arch/x86/mm/fault.c
2771 @@ -13,12 +13,19 @@
2772 @@ -32240,7 +32174,7 @@ index ede025f..1ef909b 100644
2773 + }
2774 +
2775 +#ifdef CONFIG_SMP
2776 -+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
2777 ++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask)))
2778 +#else
2779 + if (likely(address > get_limit(regs->cs)))
2780 +#endif
2781 @@ -34266,7 +34200,7 @@ index 3250f23..7a97ba2 100644
2782 * functions differently. Tracing normally
2783 diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c
2784 new file mode 100644
2785 -index 0000000..dace51c
2786 +index 0000000..3fda3f3
2787 --- /dev/null
2788 +++ b/arch/x86/mm/uderef_64.c
2789 @@ -0,0 +1,37 @@
2790 @@ -34279,7 +34213,7 @@ index 0000000..dace51c
2791 + * - remain leaf functions under all configurations,
2792 + * - never be called directly, only dereferenced from the wrappers.
2793 + */
2794 -+void __pax_open_userland(void)
2795 ++void __used __pax_open_userland(void)
2796 +{
2797 + unsigned int cpu;
2798 +
2799 @@ -34288,12 +34222,12 @@ index 0000000..dace51c
2800 +
2801 + cpu = raw_get_cpu();
2802 + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL);
2803 -+ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
2804 ++ write_cr3(__pa_nodebug(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
2805 + raw_put_cpu_no_resched();
2806 +}
2807 +EXPORT_SYMBOL(__pax_open_userland);
2808 +
2809 -+void __pax_close_userland(void)
2810 ++void __used __pax_close_userland(void)
2811 +{
2812 + unsigned int cpu;
2813 +
2814 @@ -34302,7 +34236,7 @@ index 0000000..dace51c
2815 +
2816 + cpu = raw_get_cpu();
2817 + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER);
2818 -+ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
2819 ++ write_cr3(__pa_nodebug(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
2820 + raw_put_cpu_no_resched();
2821 +}
2822 +EXPORT_SYMBOL(__pax_close_userland);
2823 @@ -40248,32 +40182,6 @@ index 832a2c3..1794080 100644
2824 .attrs = cpuidle_default_attrs,
2825 .name = "cpuidle",
2826 };
2827 -diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c
2828 -index f347ab7..08b0da2 100644
2829 ---- a/drivers/crypto/caam/caamhash.c
2830 -+++ b/drivers/crypto/caam/caamhash.c
2831 -@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req)
2832 -
2833 - state->current_buf = 0;
2834 - state->buf_dma = 0;
2835 -+ state->buflen_0 = 0;
2836 -+ state->buflen_1 = 0;
2837 -
2838 - return 0;
2839 - }
2840 -diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c
2841 -index ae31e55..a48dc25 100644
2842 ---- a/drivers/crypto/caam/caamrng.c
2843 -+++ b/drivers/crypto/caam/caamrng.c
2844 -@@ -56,7 +56,7 @@
2845 -
2846 - /* Buffer, its dma address and lock */
2847 - struct buf_data {
2848 -- u8 buf[RN_BUF_SIZE];
2849 -+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned;
2850 - dma_addr_t addr;
2851 - struct completion filled;
2852 - u32 hw_desc[DESC_JOB_O_LEN];
2853 diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
2854 index 8d2a772..33826c9 100644
2855 --- a/drivers/crypto/hifn_795x.c
2856 @@ -45724,7 +45632,7 @@ index 79f6941..b33b4e0 100644
2857 pmd->bl_info.value_type.inc = data_block_inc;
2858 pmd->bl_info.value_type.dec = data_block_dec;
2859 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
2860 -index 9b4e30a..83c927d 100644
2861 +index beda011..de57372 100644
2862 --- a/drivers/md/dm.c
2863 +++ b/drivers/md/dm.c
2864 @@ -188,9 +188,9 @@ struct mapped_device {
2865 @@ -67579,7 +67487,7 @@ index 8c52472..c4e3a69 100644
2866
2867 #else
2868 diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
2869 -index 1e51714..411eded 100644
2870 +index 1e51714e..411eded 100644
2871 --- a/fs/cachefiles/namei.c
2872 +++ b/fs/cachefiles/namei.c
2873 @@ -309,7 +309,7 @@ try_again:
2874 @@ -68764,7 +68672,7 @@ index e4141f2..d8263e8 100644
2875 i += packet_length_size;
2876 if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
2877 diff --git a/fs/exec.c b/fs/exec.c
2878 -index 1202445..7a6fde9 100644
2879 +index 1202445..620c98e 100644
2880 --- a/fs/exec.c
2881 +++ b/fs/exec.c
2882 @@ -56,8 +56,20 @@
2883 @@ -69568,7 +69476,7 @@ index 1202445..7a6fde9 100644
2884 +EXPORT_SYMBOL(__check_object_size);
2885 +
2886 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
2887 -+void pax_track_stack(void)
2888 ++void __used pax_track_stack(void)
2889 +{
2890 + unsigned long sp = (unsigned long)&sp;
2891 + if (sp < current_thread_info()->lowest_stack &&
2892 @@ -69581,7 +69489,7 @@ index 1202445..7a6fde9 100644
2893 +#endif
2894 +
2895 +#ifdef CONFIG_PAX_SIZE_OVERFLOW
2896 -+void __nocapture(1, 3, 4) report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
2897 ++void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name)
2898 +{
2899 + printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name);
2900 + dump_stack();
2901 @@ -103116,38 +103024,29 @@ index a9c10a3..1864f6b 100644
2902
2903 /* Add an additional event_call dynamically */
2904 diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c
2905 -index ced69da..7f2e97c 100644
2906 +index 7f2e97c..085a257 100644
2907 --- a/kernel/trace/trace_events_filter.c
2908 +++ b/kernel/trace/trace_events_filter.c
2909 -@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps)
2910 - {
2911 - int n_normal_preds = 0, n_logical_preds = 0;
2912 - struct postfix_elt *elt;
2913 -+ int cnt = 0;
2914 +@@ -1056,6 +1056,9 @@ static void parse_init(struct filter_parse_state *ps,
2915
2916 - list_for_each_entry(elt, &ps->postfix, list) {
2917 -- if (elt->op == OP_NONE)
2918 -+ if (elt->op == OP_NONE) {
2919 -+ cnt++;
2920 - continue;
2921 -+ }
2922 + static char infix_next(struct filter_parse_state *ps)
2923 + {
2924 ++ if (!ps->infix.cnt)
2925 ++ return 0;
2926 ++
2927 + ps->infix.cnt--;
2928
2929 - if (elt->op == OP_AND || elt->op == OP_OR) {
2930 - n_logical_preds++;
2931 -+ cnt--;
2932 - continue;
2933 - }
2934 -+ if (elt->op != OP_NOT)
2935 -+ cnt--;
2936 - n_normal_preds++;
2937 -+ WARN_ON_ONCE(cnt < 0);
2938 - }
2939 + return ps->infix.string[ps->infix.tail++];
2940 +@@ -1071,6 +1074,9 @@ static char infix_peek(struct filter_parse_state *ps)
2941
2942 -- if (!n_normal_preds || n_logical_preds >= n_normal_preds) {
2943 -+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) {
2944 - parse_error(ps, FILT_ERR_INVALID_FILTER, 0);
2945 - return -EINVAL;
2946 - }
2947 + static void infix_advance(struct filter_parse_state *ps)
2948 + {
2949 ++ if (!ps->infix.cnt)
2950 ++ return;
2951 ++
2952 + ps->infix.cnt--;
2953 + ps->infix.tail++;
2954 + }
2955 diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c
2956 index b6fce36..d9f11a3 100644
2957 --- a/kernel/trace/trace_functions_graph.c
2958 @@ -107036,7 +106935,7 @@ index 9ec50a3..0476e2d 100644
2959 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
2960
2961 diff --git a/mm/mprotect.c b/mm/mprotect.c
2962 -index 8858483..8145fa5 100644
2963 +index 8858483..72f2464 100644
2964 --- a/mm/mprotect.c
2965 +++ b/mm/mprotect.c
2966 @@ -24,10 +24,18 @@
2967 @@ -107085,8 +106984,8 @@ index 8858483..8145fa5 100644
2968 +
2969 +#ifdef CONFIG_SMP
2970 + wmb();
2971 -+ cpus_clear(mm->context.cpu_user_cs_mask);
2972 -+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
2973 ++ cpumask_clear(&mm->context.cpu_user_cs_mask);
2974 ++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask);
2975 +#endif
2976 +
2977 + set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
2978
2979 diff --git a/3.14.45/4425_grsec_remove_EI_PAX.patch b/4.0.7/4425_grsec_remove_EI_PAX.patch
2980 similarity index 100%
2981 rename from 3.14.45/4425_grsec_remove_EI_PAX.patch
2982 rename to 4.0.7/4425_grsec_remove_EI_PAX.patch
2983
2984 diff --git a/4.0.6/4427_force_XATTR_PAX_tmpfs.patch b/4.0.7/4427_force_XATTR_PAX_tmpfs.patch
2985 similarity index 100%
2986 rename from 4.0.6/4427_force_XATTR_PAX_tmpfs.patch
2987 rename to 4.0.7/4427_force_XATTR_PAX_tmpfs.patch
2988
2989 diff --git a/3.14.45/4430_grsec-remove-localversion-grsec.patch b/4.0.7/4430_grsec-remove-localversion-grsec.patch
2990 similarity index 100%
2991 rename from 3.14.45/4430_grsec-remove-localversion-grsec.patch
2992 rename to 4.0.7/4430_grsec-remove-localversion-grsec.patch
2993
2994 diff --git a/4.0.6/4435_grsec-mute-warnings.patch b/4.0.7/4435_grsec-mute-warnings.patch
2995 similarity index 100%
2996 rename from 4.0.6/4435_grsec-mute-warnings.patch
2997 rename to 4.0.7/4435_grsec-mute-warnings.patch
2998
2999 diff --git a/3.14.45/4440_grsec-remove-protected-paths.patch b/4.0.7/4440_grsec-remove-protected-paths.patch
3000 similarity index 100%
3001 rename from 3.14.45/4440_grsec-remove-protected-paths.patch
3002 rename to 4.0.7/4440_grsec-remove-protected-paths.patch
3003
3004 diff --git a/4.0.6/4450_grsec-kconfig-default-gids.patch b/4.0.7/4450_grsec-kconfig-default-gids.patch
3005 similarity index 100%
3006 rename from 4.0.6/4450_grsec-kconfig-default-gids.patch
3007 rename to 4.0.7/4450_grsec-kconfig-default-gids.patch
3008
3009 diff --git a/4.0.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.0.7/4465_selinux-avc_audit-log-curr_ip.patch
3010 similarity index 100%
3011 rename from 4.0.6/4465_selinux-avc_audit-log-curr_ip.patch
3012 rename to 4.0.7/4465_selinux-avc_audit-log-curr_ip.patch
3013
3014 diff --git a/4.0.6/4470_disable-compat_vdso.patch b/4.0.7/4470_disable-compat_vdso.patch
3015 similarity index 100%
3016 rename from 4.0.6/4470_disable-compat_vdso.patch
3017 rename to 4.0.7/4470_disable-compat_vdso.patch
3018
3019 diff --git a/3.14.45/4475_emutramp_default_on.patch b/4.0.7/4475_emutramp_default_on.patch
3020 similarity index 100%
3021 rename from 3.14.45/4475_emutramp_default_on.patch
3022 rename to 4.0.7/4475_emutramp_default_on.patch
Report Message
Find on MARC Find on Google Groups