1 |
commit: 64a02f06fb83ec19cb979fabac2117596143adf8 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Jul 25 14:35:13 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Jul 25 14:35:13 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=64a02f06 |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.60,3.14.13,3.15.6}-201407232200 |
9 |
|
10 |
--- |
11 |
{3.14.12 => 3.14.13}/0000_README | 2 +- |
12 |
.../4420_grsecurity-3.0-3.14.13-201407232159.patch | 432 +++++++++---- |
13 |
.../4425_grsec_remove_EI_PAX.patch | 0 |
14 |
.../4427_force_XATTR_PAX_tmpfs.patch | 0 |
15 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
16 |
.../4435_grsec-mute-warnings.patch | 0 |
17 |
.../4440_grsec-remove-protected-paths.patch | 0 |
18 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
19 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
20 |
.../4470_disable-compat_vdso.patch | 0 |
21 |
.../4475_emutramp_default_on.patch | 0 |
22 |
{3.15.5 => 3.15.6}/0000_README | 2 +- |
23 |
.../4420_grsecurity-3.0-3.15.6-201407232200.patch | 699 ++++++++++++--------- |
24 |
{3.15.5 => 3.15.6}/4425_grsec_remove_EI_PAX.patch | 0 |
25 |
.../4427_force_XATTR_PAX_tmpfs.patch | 0 |
26 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
27 |
{3.15.5 => 3.15.6}/4435_grsec-mute-warnings.patch | 0 |
28 |
.../4440_grsec-remove-protected-paths.patch | 0 |
29 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
30 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
31 |
{3.15.5 => 3.15.6}/4470_disable-compat_vdso.patch | 0 |
32 |
{3.15.5 => 3.15.6}/4475_emutramp_default_on.patch | 0 |
33 |
3.2.61/0000_README | 2 +- |
34 |
... 4420_grsecurity-3.0-3.2.61-201407232156.patch} | 144 ++++- |
35 |
24 files changed, 802 insertions(+), 479 deletions(-) |
36 |
|
37 |
diff --git a/3.14.12/0000_README b/3.14.13/0000_README |
38 |
similarity index 96% |
39 |
rename from 3.14.12/0000_README |
40 |
rename to 3.14.13/0000_README |
41 |
index 857c6a1..ed0d890 100644 |
42 |
--- a/3.14.12/0000_README |
43 |
+++ b/3.14.13/0000_README |
44 |
@@ -2,7 +2,7 @@ README |
45 |
----------------------------------------------------------------------------- |
46 |
Individual Patch Descriptions: |
47 |
----------------------------------------------------------------------------- |
48 |
-Patch: 4420_grsecurity-3.0-3.14.12-201407170638.patch |
49 |
+Patch: 4420_grsecurity-3.0-3.14.13-201407232159.patch |
50 |
From: http://www.grsecurity.net |
51 |
Desc: hardened-sources base patch from upstream grsecurity |
52 |
|
53 |
|
54 |
diff --git a/3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch b/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch |
55 |
similarity index 99% |
56 |
rename from 3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch |
57 |
rename to 3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch |
58 |
index 02636ed..81dff0f 100644 |
59 |
--- a/3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch |
60 |
+++ b/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch |
61 |
@@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 |
62 |
|
63 |
pcd. [PARIDE] |
64 |
diff --git a/Makefile b/Makefile |
65 |
-index 13d8f32..a7a7b9b 100644 |
66 |
+index 7a2981c..9fadd78 100644 |
67 |
--- a/Makefile |
68 |
+++ b/Makefile |
69 |
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
70 |
@@ -7700,7 +7700,7 @@ index 50dfafc..b9fc230 100644 |
71 |
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", |
72 |
me->arch.unwind_section, table, end, gp); |
73 |
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c |
74 |
-index 31ffa9b..588a798 100644 |
75 |
+index e1ffea2..46ed66e 100644 |
76 |
--- a/arch/parisc/kernel/sys_parisc.c |
77 |
+++ b/arch/parisc/kernel/sys_parisc.c |
78 |
@@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, |
79 |
@@ -7960,7 +7960,7 @@ index d72197f..c017c84 100644 |
80 |
/* |
81 |
* If for any reason at all we couldn't handle the fault, make |
82 |
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig |
83 |
-index 957bf34..3430cc8 100644 |
84 |
+index 2156fa2..cc28613 100644 |
85 |
--- a/arch/powerpc/Kconfig |
86 |
+++ b/arch/powerpc/Kconfig |
87 |
@@ -393,6 +393,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE |
88 |
@@ -33352,19 +33352,21 @@ index 7b179b4..6bd17777 100644 |
89 |
|
90 |
return (void *)vaddr; |
91 |
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c |
92 |
-index 799580c..72f9fe0 100644 |
93 |
+index 94bd247..7e48391 100644 |
94 |
--- a/arch/x86/mm/ioremap.c |
95 |
+++ b/arch/x86/mm/ioremap.c |
96 |
-@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, |
97 |
- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) { |
98 |
- int is_ram = page_is_ram(pfn); |
99 |
+@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, |
100 |
+ unsigned long i; |
101 |
+ |
102 |
+ for (i = 0; i < nr_pages; ++i) |
103 |
+- if (pfn_valid(start_pfn + i) && |
104 |
+- !PageReserved(pfn_to_page(start_pfn + i))) |
105 |
++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 || |
106 |
++ !PageReserved(pfn_to_page(start_pfn + i)))) |
107 |
+ return 1; |
108 |
|
109 |
-- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) |
110 |
-+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn)))) |
111 |
- return NULL; |
112 |
- WARN_ON_ONCE(is_ram); |
113 |
- } |
114 |
-@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot); |
115 |
+ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn); |
116 |
+@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot); |
117 |
* |
118 |
* Caller must ensure there is only one unmapping for the same pointer. |
119 |
*/ |
120 |
@@ -33373,7 +33375,7 @@ index 799580c..72f9fe0 100644 |
121 |
{ |
122 |
struct vm_struct *p, *o; |
123 |
|
124 |
-@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
125 |
+@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
126 |
|
127 |
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ |
128 |
if (page_is_ram(start >> PAGE_SHIFT)) |
129 |
@@ -33383,7 +33385,7 @@ index 799580c..72f9fe0 100644 |
130 |
return __va(phys); |
131 |
|
132 |
addr = (void __force *)ioremap_cache(start, PAGE_SIZE); |
133 |
-@@ -322,6 +325,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
134 |
+@@ -334,6 +337,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
135 |
void unxlate_dev_mem_ptr(unsigned long phys, void *addr) |
136 |
{ |
137 |
if (page_is_ram(phys >> PAGE_SHIFT)) |
138 |
@@ -33393,7 +33395,7 @@ index 799580c..72f9fe0 100644 |
139 |
return; |
140 |
|
141 |
iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK)); |
142 |
-@@ -339,7 +345,7 @@ static int __init early_ioremap_debug_setup(char *str) |
143 |
+@@ -351,7 +357,7 @@ static int __init early_ioremap_debug_setup(char *str) |
144 |
early_param("early_ioremap_debug", early_ioremap_debug_setup); |
145 |
|
146 |
static __initdata int after_paging_init; |
147 |
@@ -33402,7 +33404,7 @@ index 799580c..72f9fe0 100644 |
148 |
|
149 |
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) |
150 |
{ |
151 |
-@@ -376,8 +382,7 @@ void __init early_ioremap_init(void) |
152 |
+@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) |
153 |
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i); |
154 |
|
155 |
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); |
156 |
@@ -39664,7 +39666,7 @@ index 18d4091..434be15 100644 |
157 |
} |
158 |
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); |
159 |
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c |
160 |
-index 6d98c37..a592321 100644 |
161 |
+index ae52c77..3d8f69b 100644 |
162 |
--- a/drivers/cpufreq/intel_pstate.c |
163 |
+++ b/drivers/cpufreq/intel_pstate.c |
164 |
@@ -125,10 +125,10 @@ struct pstate_funcs { |
165 |
@@ -39680,7 +39682,7 @@ index 6d98c37..a592321 100644 |
166 |
|
167 |
struct perf_limits { |
168 |
int no_turbo; |
169 |
-@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) |
170 |
+@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) |
171 |
|
172 |
cpu->pstate.current_pstate = pstate; |
173 |
|
174 |
@@ -39689,7 +39691,7 @@ index 6d98c37..a592321 100644 |
175 |
} |
176 |
|
177 |
static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) |
178 |
-@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) |
179 |
+@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) |
180 |
{ |
181 |
sprintf(cpu->name, "Intel 2nd generation core"); |
182 |
|
183 |
@@ -39707,7 +39709,7 @@ index 6d98c37..a592321 100644 |
184 |
intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); |
185 |
} |
186 |
|
187 |
-@@ -835,9 +835,9 @@ static int intel_pstate_msrs_not_valid(void) |
188 |
+@@ -844,9 +844,9 @@ static int intel_pstate_msrs_not_valid(void) |
189 |
rdmsrl(MSR_IA32_APERF, aperf); |
190 |
rdmsrl(MSR_IA32_MPERF, mperf); |
191 |
|
192 |
@@ -39720,7 +39722,7 @@ index 6d98c37..a592321 100644 |
193 |
return -ENODEV; |
194 |
|
195 |
rdmsrl(MSR_IA32_APERF, tmp); |
196 |
-@@ -851,7 +851,7 @@ static int intel_pstate_msrs_not_valid(void) |
197 |
+@@ -860,7 +860,7 @@ static int intel_pstate_msrs_not_valid(void) |
198 |
return 0; |
199 |
} |
200 |
|
201 |
@@ -39729,7 +39731,7 @@ index 6d98c37..a592321 100644 |
202 |
{ |
203 |
pid_params.sample_rate_ms = policy->sample_rate_ms; |
204 |
pid_params.p_gain_pct = policy->p_gain_pct; |
205 |
-@@ -863,11 +863,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) |
206 |
+@@ -872,11 +872,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) |
207 |
|
208 |
static void copy_cpu_funcs(struct pstate_funcs *funcs) |
209 |
{ |
210 |
@@ -44543,10 +44545,10 @@ index b086a94..74cb67e 100644 |
211 |
pmd->bl_info.value_type.inc = data_block_inc; |
212 |
pmd->bl_info.value_type.dec = data_block_dec; |
213 |
diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
214 |
-index 8c53b09..f1fb2b0 100644 |
215 |
+index 65ee3a0..1852af9 100644 |
216 |
--- a/drivers/md/dm.c |
217 |
+++ b/drivers/md/dm.c |
218 |
-@@ -185,9 +185,9 @@ struct mapped_device { |
219 |
+@@ -187,9 +187,9 @@ struct mapped_device { |
220 |
/* |
221 |
* Event handling. |
222 |
*/ |
223 |
@@ -44558,7 +44560,7 @@ index 8c53b09..f1fb2b0 100644 |
224 |
struct list_head uevent_list; |
225 |
spinlock_t uevent_lock; /* Protect access to uevent_list */ |
226 |
|
227 |
-@@ -1888,8 +1888,8 @@ static struct mapped_device *alloc_dev(int minor) |
228 |
+@@ -1899,8 +1899,8 @@ static struct mapped_device *alloc_dev(int minor) |
229 |
spin_lock_init(&md->deferred_lock); |
230 |
atomic_set(&md->holders, 1); |
231 |
atomic_set(&md->open_count, 0); |
232 |
@@ -44569,7 +44571,7 @@ index 8c53b09..f1fb2b0 100644 |
233 |
INIT_LIST_HEAD(&md->uevent_list); |
234 |
spin_lock_init(&md->uevent_lock); |
235 |
|
236 |
-@@ -2043,7 +2043,7 @@ static void event_callback(void *context) |
237 |
+@@ -2054,7 +2054,7 @@ static void event_callback(void *context) |
238 |
|
239 |
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); |
240 |
|
241 |
@@ -44578,7 +44580,7 @@ index 8c53b09..f1fb2b0 100644 |
242 |
wake_up(&md->eventq); |
243 |
} |
244 |
|
245 |
-@@ -2736,18 +2736,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
246 |
+@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
247 |
|
248 |
uint32_t dm_next_uevent_seq(struct mapped_device *md) |
249 |
{ |
250 |
@@ -47503,6 +47505,24 @@ index 5920c99..ff2e4a5 100644 |
251 |
}; |
252 |
|
253 |
static void |
254 |
+diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c |
255 |
+index 5895f19..fa9fdfa 100644 |
256 |
+--- a/drivers/net/wan/x25_asy.c |
257 |
++++ b/drivers/net/wan/x25_asy.c |
258 |
+@@ -122,8 +122,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu) |
259 |
+ { |
260 |
+ struct x25_asy *sl = netdev_priv(dev); |
261 |
+ unsigned char *xbuff, *rbuff; |
262 |
+- int len = 2 * newmtu; |
263 |
++ int len; |
264 |
+ |
265 |
++ if (newmtu > 65534) |
266 |
++ return -EINVAL; |
267 |
++ |
268 |
++ len = 2 * newmtu; |
269 |
+ xbuff = kmalloc(len + 4, GFP_ATOMIC); |
270 |
+ rbuff = kmalloc(len + 4, GFP_ATOMIC); |
271 |
+ |
272 |
diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c |
273 |
index feacc3b..5bac0de 100644 |
274 |
--- a/drivers/net/wan/z85230.c |
275 |
@@ -51951,7 +51971,7 @@ index 9cd706d..6ff2de7 100644 |
276 |
|
277 |
if (cfg->uart_flags & UPF_CONS_FLOW) { |
278 |
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c |
279 |
-index ece2049..fba2524 100644 |
280 |
+index ece2049b..fba2524 100644 |
281 |
--- a/drivers/tty/serial/serial_core.c |
282 |
+++ b/drivers/tty/serial/serial_core.c |
283 |
@@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty) |
284 |
@@ -60208,7 +60228,7 @@ index e6574d7..c30cbe2 100644 |
285 |
brelse(bh); |
286 |
bh = NULL; |
287 |
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
288 |
-index 08ddfda..a48f3f6 100644 |
289 |
+index 502f0fd..bf3b3c1 100644 |
290 |
--- a/fs/ext4/mballoc.c |
291 |
+++ b/fs/ext4/mballoc.c |
292 |
@@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, |
293 |
@@ -60338,7 +60358,7 @@ index 04434ad..6404663 100644 |
294 |
"MMP failure info: last update time: %llu, last update " |
295 |
"node: %s, last update device: %s\n", |
296 |
diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
297 |
-index 710fed2..a82e4e8 100644 |
298 |
+index 25b327e..56f169d 100644 |
299 |
--- a/fs/ext4/super.c |
300 |
+++ b/fs/ext4/super.c |
301 |
@@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) |
302 |
@@ -60350,7 +60370,7 @@ index 710fed2..a82e4e8 100644 |
303 |
"Contact linux-ext4@×××××××××××.org if you think we should keep it.\n"; |
304 |
|
305 |
#ifdef CONFIG_QUOTA |
306 |
-@@ -2450,7 +2450,7 @@ struct ext4_attr { |
307 |
+@@ -2448,7 +2448,7 @@ struct ext4_attr { |
308 |
int offset; |
309 |
int deprecated_val; |
310 |
} u; |
311 |
@@ -62357,7 +62377,7 @@ index b29e42f..5ea7fdf 100644 |
312 |
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ |
313 |
|
314 |
diff --git a/fs/namei.c b/fs/namei.c |
315 |
-index 8274c8d..922e189 100644 |
316 |
+index 8274c8d..e242796 100644 |
317 |
--- a/fs/namei.c |
318 |
+++ b/fs/namei.c |
319 |
@@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask) |
320 |
@@ -62493,7 +62513,19 @@ index 8274c8d..922e189 100644 |
321 |
return retval; |
322 |
} |
323 |
|
324 |
-@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
325 |
+@@ -2247,9 +2280,10 @@ done: |
326 |
+ goto out; |
327 |
+ } |
328 |
+ path->dentry = dentry; |
329 |
+- path->mnt = mntget(nd->path.mnt); |
330 |
++ path->mnt = nd->path.mnt; |
331 |
+ if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW)) |
332 |
+ return 1; |
333 |
++ mntget(path->mnt); |
334 |
+ follow_mount(path); |
335 |
+ error = 0; |
336 |
+ out: |
337 |
+@@ -2557,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
338 |
if (flag & O_NOATIME && !inode_owner_or_capable(inode)) |
339 |
return -EPERM; |
340 |
|
341 |
@@ -62507,7 +62539,7 @@ index 8274c8d..922e189 100644 |
342 |
return 0; |
343 |
} |
344 |
|
345 |
-@@ -2788,7 +2828,7 @@ looked_up: |
346 |
+@@ -2788,7 +2829,7 @@ looked_up: |
347 |
* cleared otherwise prior to returning. |
348 |
*/ |
349 |
static int lookup_open(struct nameidata *nd, struct path *path, |
350 |
@@ -62516,7 +62548,7 @@ index 8274c8d..922e189 100644 |
351 |
const struct open_flags *op, |
352 |
bool got_write, int *opened) |
353 |
{ |
354 |
-@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
355 |
+@@ -2823,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
356 |
/* Negative dentry, just create the file */ |
357 |
if (!dentry->d_inode && (op->open_flag & O_CREAT)) { |
358 |
umode_t mode = op->mode; |
359 |
@@ -62534,7 +62566,7 @@ index 8274c8d..922e189 100644 |
360 |
if (!IS_POSIXACL(dir->d_inode)) |
361 |
mode &= ~current_umask(); |
362 |
/* |
363 |
-@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
364 |
+@@ -2844,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
365 |
nd->flags & LOOKUP_EXCL); |
366 |
if (error) |
367 |
goto out_dput; |
368 |
@@ -62543,7 +62575,7 @@ index 8274c8d..922e189 100644 |
369 |
} |
370 |
out_no_open: |
371 |
path->dentry = dentry; |
372 |
-@@ -2858,7 +2911,7 @@ out_dput: |
373 |
+@@ -2858,7 +2912,7 @@ out_dput: |
374 |
/* |
375 |
* Handle the last step of open() |
376 |
*/ |
377 |
@@ -62552,7 +62584,7 @@ index 8274c8d..922e189 100644 |
378 |
struct file *file, const struct open_flags *op, |
379 |
int *opened, struct filename *name) |
380 |
{ |
381 |
-@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path, |
382 |
+@@ -2908,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path, |
383 |
if (error) |
384 |
return error; |
385 |
|
386 |
@@ -62568,7 +62600,7 @@ index 8274c8d..922e189 100644 |
387 |
audit_inode(name, dir, LOOKUP_PARENT); |
388 |
error = -EISDIR; |
389 |
/* trailing slashes? */ |
390 |
-@@ -2927,7 +2989,7 @@ retry_lookup: |
391 |
+@@ -2927,7 +2990,7 @@ retry_lookup: |
392 |
*/ |
393 |
} |
394 |
mutex_lock(&dir->d_inode->i_mutex); |
395 |
@@ -62577,7 +62609,7 @@ index 8274c8d..922e189 100644 |
396 |
mutex_unlock(&dir->d_inode->i_mutex); |
397 |
|
398 |
if (error <= 0) { |
399 |
-@@ -2951,11 +3013,28 @@ retry_lookup: |
400 |
+@@ -2951,11 +3014,28 @@ retry_lookup: |
401 |
goto finish_open_created; |
402 |
} |
403 |
|
404 |
@@ -62607,7 +62639,7 @@ index 8274c8d..922e189 100644 |
405 |
|
406 |
/* |
407 |
* If atomic_open() acquired write access it is dropped now due to |
408 |
-@@ -2996,6 +3075,11 @@ finish_lookup: |
409 |
+@@ -2996,6 +3076,11 @@ finish_lookup: |
410 |
} |
411 |
} |
412 |
BUG_ON(inode != path->dentry->d_inode); |
413 |
@@ -62619,7 +62651,7 @@ index 8274c8d..922e189 100644 |
414 |
return 1; |
415 |
} |
416 |
|
417 |
-@@ -3005,7 +3089,6 @@ finish_lookup: |
418 |
+@@ -3005,7 +3090,6 @@ finish_lookup: |
419 |
save_parent.dentry = nd->path.dentry; |
420 |
save_parent.mnt = mntget(path->mnt); |
421 |
nd->path.dentry = path->dentry; |
422 |
@@ -62627,7 +62659,7 @@ index 8274c8d..922e189 100644 |
423 |
} |
424 |
nd->inode = inode; |
425 |
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ |
426 |
-@@ -3015,7 +3098,18 @@ finish_open: |
427 |
+@@ -3015,7 +3099,18 @@ finish_open: |
428 |
path_put(&save_parent); |
429 |
return error; |
430 |
} |
431 |
@@ -62646,7 +62678,7 @@ index 8274c8d..922e189 100644 |
432 |
error = -EISDIR; |
433 |
if ((open_flag & O_CREAT) && |
434 |
(d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) |
435 |
-@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
436 |
+@@ -3179,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
437 |
if (unlikely(error)) |
438 |
goto out; |
439 |
|
440 |
@@ -62655,7 +62687,7 @@ index 8274c8d..922e189 100644 |
441 |
while (unlikely(error > 0)) { /* trailing symlink */ |
442 |
struct path link = path; |
443 |
void *cookie; |
444 |
-@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
445 |
+@@ -3197,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
446 |
error = follow_link(&link, nd, &cookie); |
447 |
if (unlikely(error)) |
448 |
break; |
449 |
@@ -62664,7 +62696,7 @@ index 8274c8d..922e189 100644 |
450 |
put_link(nd, &link, cookie); |
451 |
} |
452 |
out: |
453 |
-@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, |
454 |
+@@ -3297,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, |
455 |
goto unlock; |
456 |
|
457 |
error = -EEXIST; |
458 |
@@ -62678,7 +62710,7 @@ index 8274c8d..922e189 100644 |
459 |
/* |
460 |
* Special case - lookup gave negative, but... we had foo/bar/ |
461 |
* From the vfs_mknod() POV we just have a negative dentry - |
462 |
-@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, |
463 |
+@@ -3351,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, |
464 |
} |
465 |
EXPORT_SYMBOL(user_path_create); |
466 |
|
467 |
@@ -62699,7 +62731,7 @@ index 8274c8d..922e189 100644 |
468 |
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) |
469 |
{ |
470 |
int error = may_create(dir, dentry); |
471 |
-@@ -3413,6 +3523,17 @@ retry: |
472 |
+@@ -3413,6 +3524,17 @@ retry: |
473 |
|
474 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
475 |
mode &= ~current_umask(); |
476 |
@@ -62717,7 +62749,7 @@ index 8274c8d..922e189 100644 |
477 |
error = security_path_mknod(&path, dentry, mode, dev); |
478 |
if (error) |
479 |
goto out; |
480 |
-@@ -3429,6 +3550,8 @@ retry: |
481 |
+@@ -3429,6 +3551,8 @@ retry: |
482 |
break; |
483 |
} |
484 |
out: |
485 |
@@ -62726,7 +62758,7 @@ index 8274c8d..922e189 100644 |
486 |
done_path_create(&path, dentry); |
487 |
if (retry_estale(error, lookup_flags)) { |
488 |
lookup_flags |= LOOKUP_REVAL; |
489 |
-@@ -3481,9 +3604,16 @@ retry: |
490 |
+@@ -3481,9 +3605,16 @@ retry: |
491 |
|
492 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
493 |
mode &= ~current_umask(); |
494 |
@@ -62743,7 +62775,7 @@ index 8274c8d..922e189 100644 |
495 |
done_path_create(&path, dentry); |
496 |
if (retry_estale(error, lookup_flags)) { |
497 |
lookup_flags |= LOOKUP_REVAL; |
498 |
-@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
499 |
+@@ -3564,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
500 |
struct filename *name; |
501 |
struct dentry *dentry; |
502 |
struct nameidata nd; |
503 |
@@ -62752,7 +62784,7 @@ index 8274c8d..922e189 100644 |
504 |
unsigned int lookup_flags = 0; |
505 |
retry: |
506 |
name = user_path_parent(dfd, pathname, &nd, lookup_flags); |
507 |
-@@ -3596,10 +3728,21 @@ retry: |
508 |
+@@ -3596,10 +3729,21 @@ retry: |
509 |
error = -ENOENT; |
510 |
goto exit3; |
511 |
} |
512 |
@@ -62774,7 +62806,7 @@ index 8274c8d..922e189 100644 |
513 |
exit3: |
514 |
dput(dentry); |
515 |
exit2: |
516 |
-@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
517 |
+@@ -3689,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
518 |
struct nameidata nd; |
519 |
struct inode *inode = NULL; |
520 |
struct inode *delegated_inode = NULL; |
521 |
@@ -62783,7 +62815,7 @@ index 8274c8d..922e189 100644 |
522 |
unsigned int lookup_flags = 0; |
523 |
retry: |
524 |
name = user_path_parent(dfd, pathname, &nd, lookup_flags); |
525 |
-@@ -3715,10 +3860,22 @@ retry_deleg: |
526 |
+@@ -3715,10 +3861,22 @@ retry_deleg: |
527 |
if (d_is_negative(dentry)) |
528 |
goto slashes; |
529 |
ihold(inode); |
530 |
@@ -62806,7 +62838,7 @@ index 8274c8d..922e189 100644 |
531 |
exit2: |
532 |
dput(dentry); |
533 |
} |
534 |
-@@ -3806,9 +3963,17 @@ retry: |
535 |
+@@ -3806,9 +3964,17 @@ retry: |
536 |
if (IS_ERR(dentry)) |
537 |
goto out_putname; |
538 |
|
539 |
@@ -62824,7 +62856,7 @@ index 8274c8d..922e189 100644 |
540 |
done_path_create(&path, dentry); |
541 |
if (retry_estale(error, lookup_flags)) { |
542 |
lookup_flags |= LOOKUP_REVAL; |
543 |
-@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
544 |
+@@ -3911,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
545 |
struct dentry *new_dentry; |
546 |
struct path old_path, new_path; |
547 |
struct inode *delegated_inode = NULL; |
548 |
@@ -62832,7 +62864,7 @@ index 8274c8d..922e189 100644 |
549 |
int how = 0; |
550 |
int error; |
551 |
|
552 |
-@@ -3934,7 +4100,7 @@ retry: |
553 |
+@@ -3934,7 +4101,7 @@ retry: |
554 |
if (error) |
555 |
return error; |
556 |
|
557 |
@@ -62841,7 +62873,7 @@ index 8274c8d..922e189 100644 |
558 |
(how & LOOKUP_REVAL)); |
559 |
error = PTR_ERR(new_dentry); |
560 |
if (IS_ERR(new_dentry)) |
561 |
-@@ -3946,11 +4112,28 @@ retry: |
562 |
+@@ -3946,11 +4113,28 @@ retry: |
563 |
error = may_linkat(&old_path); |
564 |
if (unlikely(error)) |
565 |
goto out_dput; |
566 |
@@ -62870,7 +62902,7 @@ index 8274c8d..922e189 100644 |
567 |
done_path_create(&new_path, new_dentry); |
568 |
if (delegated_inode) { |
569 |
error = break_deleg_wait(&delegated_inode); |
570 |
-@@ -4237,6 +4420,12 @@ retry_deleg: |
571 |
+@@ -4237,6 +4421,12 @@ retry_deleg: |
572 |
if (new_dentry == trap) |
573 |
goto exit5; |
574 |
|
575 |
@@ -62883,7 +62915,7 @@ index 8274c8d..922e189 100644 |
576 |
error = security_path_rename(&oldnd.path, old_dentry, |
577 |
&newnd.path, new_dentry); |
578 |
if (error) |
579 |
-@@ -4244,6 +4433,9 @@ retry_deleg: |
580 |
+@@ -4244,6 +4434,9 @@ retry_deleg: |
581 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
582 |
new_dir->d_inode, new_dentry, |
583 |
&delegated_inode); |
584 |
@@ -62893,7 +62925,7 @@ index 8274c8d..922e189 100644 |
585 |
exit5: |
586 |
dput(new_dentry); |
587 |
exit4: |
588 |
-@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
589 |
+@@ -4280,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
590 |
|
591 |
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) |
592 |
{ |
593 |
@@ -62902,7 +62934,7 @@ index 8274c8d..922e189 100644 |
594 |
int len; |
595 |
|
596 |
len = PTR_ERR(link); |
597 |
-@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
598 |
+@@ -4289,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c |
599 |
len = strlen(link); |
600 |
if (len > (unsigned) buflen) |
601 |
len = buflen; |
602 |
@@ -91687,7 +91719,7 @@ index 868633e..921dc41 100644 |
603 |
|
604 |
ftrace_graph_active++; |
605 |
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
606 |
-index fc4da2d..f3e800b 100644 |
607 |
+index 04202d9..e3e4242 100644 |
608 |
--- a/kernel/trace/ring_buffer.c |
609 |
+++ b/kernel/trace/ring_buffer.c |
610 |
@@ -352,9 +352,9 @@ struct buffer_data_page { |
611 |
@@ -91713,7 +91745,7 @@ index fc4da2d..f3e800b 100644 |
612 |
local_t dropped_events; |
613 |
local_t committing; |
614 |
local_t commits; |
615 |
-@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
616 |
+@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
617 |
* |
618 |
* We add a counter to the write field to denote this. |
619 |
*/ |
620 |
@@ -91724,7 +91756,7 @@ index fc4da2d..f3e800b 100644 |
621 |
|
622 |
/* |
623 |
* Just make sure we have seen our old_write and synchronize |
624 |
-@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
625 |
+@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
626 |
* cmpxchg to only update if an interrupt did not already |
627 |
* do it for us. If the cmpxchg fails, we don't care. |
628 |
*/ |
629 |
@@ -91735,7 +91767,7 @@ index fc4da2d..f3e800b 100644 |
630 |
|
631 |
/* |
632 |
* No need to worry about races with clearing out the commit. |
633 |
-@@ -1386,12 +1386,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); |
634 |
+@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); |
635 |
|
636 |
static inline unsigned long rb_page_entries(struct buffer_page *bpage) |
637 |
{ |
638 |
@@ -91750,7 +91782,7 @@ index fc4da2d..f3e800b 100644 |
639 |
} |
640 |
|
641 |
static int |
642 |
-@@ -1486,7 +1486,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) |
643 |
+@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) |
644 |
* bytes consumed in ring buffer from here. |
645 |
* Increment overrun to account for the lost events. |
646 |
*/ |
647 |
@@ -91759,7 +91791,7 @@ index fc4da2d..f3e800b 100644 |
648 |
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); |
649 |
} |
650 |
|
651 |
-@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, |
652 |
+@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, |
653 |
* it is our responsibility to update |
654 |
* the counters. |
655 |
*/ |
656 |
@@ -91768,7 +91800,7 @@ index fc4da2d..f3e800b 100644 |
657 |
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); |
658 |
|
659 |
/* |
660 |
-@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
661 |
+@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
662 |
if (tail == BUF_PAGE_SIZE) |
663 |
tail_page->real_end = 0; |
664 |
|
665 |
@@ -91777,7 +91809,7 @@ index fc4da2d..f3e800b 100644 |
666 |
return; |
667 |
} |
668 |
|
669 |
-@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
670 |
+@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
671 |
rb_event_set_padding(event); |
672 |
|
673 |
/* Set the write back to the previous setting */ |
674 |
@@ -91786,7 +91818,7 @@ index fc4da2d..f3e800b 100644 |
675 |
return; |
676 |
} |
677 |
|
678 |
-@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
679 |
+@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
680 |
|
681 |
/* Set write to end of buffer */ |
682 |
length = (tail + length) - BUF_PAGE_SIZE; |
683 |
@@ -91795,7 +91827,7 @@ index fc4da2d..f3e800b 100644 |
684 |
} |
685 |
|
686 |
/* |
687 |
-@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
688 |
+@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
689 |
* about it. |
690 |
*/ |
691 |
if (unlikely(next_page == commit_page)) { |
692 |
@@ -91804,7 +91836,7 @@ index fc4da2d..f3e800b 100644 |
693 |
goto out_reset; |
694 |
} |
695 |
|
696 |
-@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
697 |
+@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
698 |
cpu_buffer->tail_page) && |
699 |
(cpu_buffer->commit_page == |
700 |
cpu_buffer->reader_page))) { |
701 |
@@ -91813,7 +91845,7 @@ index fc4da2d..f3e800b 100644 |
702 |
goto out_reset; |
703 |
} |
704 |
} |
705 |
-@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
706 |
+@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
707 |
length += RB_LEN_TIME_EXTEND; |
708 |
|
709 |
tail_page = cpu_buffer->tail_page; |
710 |
@@ -91822,7 +91854,7 @@ index fc4da2d..f3e800b 100644 |
711 |
|
712 |
/* set write to only the index of the write */ |
713 |
write &= RB_WRITE_MASK; |
714 |
-@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
715 |
+@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
716 |
kmemcheck_annotate_bitfield(event, bitfield); |
717 |
rb_update_event(cpu_buffer, event, length, add_timestamp, delta); |
718 |
|
719 |
@@ -91831,7 +91863,7 @@ index fc4da2d..f3e800b 100644 |
720 |
|
721 |
/* |
722 |
* If this is the first commit on the page, then update |
723 |
-@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
724 |
+@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
725 |
|
726 |
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { |
727 |
unsigned long write_mask = |
728 |
@@ -91840,7 +91872,7 @@ index fc4da2d..f3e800b 100644 |
729 |
unsigned long event_length = rb_event_length(event); |
730 |
/* |
731 |
* This is on the tail page. It is possible that |
732 |
-@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
733 |
+@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
734 |
*/ |
735 |
old_index += write_mask; |
736 |
new_index += write_mask; |
737 |
@@ -91849,7 +91881,7 @@ index fc4da2d..f3e800b 100644 |
738 |
if (index == old_index) { |
739 |
/* update counters */ |
740 |
local_sub(event_length, &cpu_buffer->entries_bytes); |
741 |
-@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
742 |
+@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
743 |
|
744 |
/* Do the likely case first */ |
745 |
if (likely(bpage->page == (void *)addr)) { |
746 |
@@ -91858,7 +91890,7 @@ index fc4da2d..f3e800b 100644 |
747 |
return; |
748 |
} |
749 |
|
750 |
-@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
751 |
+@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
752 |
start = bpage; |
753 |
do { |
754 |
if (bpage->page == (void *)addr) { |
755 |
@@ -91867,7 +91899,7 @@ index fc4da2d..f3e800b 100644 |
756 |
return; |
757 |
} |
758 |
rb_inc_page(cpu_buffer, &bpage); |
759 |
-@@ -3146,7 +3146,7 @@ static inline unsigned long |
760 |
+@@ -3149,7 +3149,7 @@ static inline unsigned long |
761 |
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) |
762 |
{ |
763 |
return local_read(&cpu_buffer->entries) - |
764 |
@@ -91876,7 +91908,7 @@ index fc4da2d..f3e800b 100644 |
765 |
} |
766 |
|
767 |
/** |
768 |
-@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) |
769 |
+@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) |
770 |
return 0; |
771 |
|
772 |
cpu_buffer = buffer->buffers[cpu]; |
773 |
@@ -91885,7 +91917,7 @@ index fc4da2d..f3e800b 100644 |
774 |
|
775 |
return ret; |
776 |
} |
777 |
-@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) |
778 |
+@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) |
779 |
return 0; |
780 |
|
781 |
cpu_buffer = buffer->buffers[cpu]; |
782 |
@@ -91894,7 +91926,7 @@ index fc4da2d..f3e800b 100644 |
783 |
|
784 |
return ret; |
785 |
} |
786 |
-@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) |
787 |
+@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) |
788 |
/* if you care about this being correct, lock the buffer */ |
789 |
for_each_buffer_cpu(buffer, cpu) { |
790 |
cpu_buffer = buffer->buffers[cpu]; |
791 |
@@ -91903,7 +91935,7 @@ index fc4da2d..f3e800b 100644 |
792 |
} |
793 |
|
794 |
return overruns; |
795 |
-@@ -3519,8 +3519,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
796 |
+@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
797 |
/* |
798 |
* Reset the reader page to size zero. |
799 |
*/ |
800 |
@@ -91914,7 +91946,7 @@ index fc4da2d..f3e800b 100644 |
801 |
local_set(&cpu_buffer->reader_page->page->commit, 0); |
802 |
cpu_buffer->reader_page->real_end = 0; |
803 |
|
804 |
-@@ -3554,7 +3554,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
805 |
+@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
806 |
* want to compare with the last_overrun. |
807 |
*/ |
808 |
smp_mb(); |
809 |
@@ -91923,7 +91955,7 @@ index fc4da2d..f3e800b 100644 |
810 |
|
811 |
/* |
812 |
* Here's the tricky part. |
813 |
-@@ -4124,8 +4124,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
814 |
+@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
815 |
|
816 |
cpu_buffer->head_page |
817 |
= list_entry(cpu_buffer->pages, struct buffer_page, list); |
818 |
@@ -91934,7 +91966,7 @@ index fc4da2d..f3e800b 100644 |
819 |
local_set(&cpu_buffer->head_page->page->commit, 0); |
820 |
|
821 |
cpu_buffer->head_page->read = 0; |
822 |
-@@ -4135,14 +4135,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
823 |
+@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
824 |
|
825 |
INIT_LIST_HEAD(&cpu_buffer->reader_page->list); |
826 |
INIT_LIST_HEAD(&cpu_buffer->new_pages); |
827 |
@@ -91953,7 +91985,7 @@ index fc4da2d..f3e800b 100644 |
828 |
local_set(&cpu_buffer->dropped_events, 0); |
829 |
local_set(&cpu_buffer->entries, 0); |
830 |
local_set(&cpu_buffer->committing, 0); |
831 |
-@@ -4547,8 +4547,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, |
832 |
+@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, |
833 |
rb_init_page(bpage); |
834 |
bpage = reader->page; |
835 |
reader->page = *data_page; |
836 |
@@ -91965,7 +91997,7 @@ index fc4da2d..f3e800b 100644 |
837 |
*data_page = bpage; |
838 |
|
839 |
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
840 |
-index fd21e60..eb47c25 100644 |
841 |
+index 922657f..3d229d9 100644 |
842 |
--- a/kernel/trace/trace.c |
843 |
+++ b/kernel/trace/trace.c |
844 |
@@ -3398,7 +3398,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) |
845 |
@@ -91978,7 +92010,7 @@ index fd21e60..eb47c25 100644 |
846 |
/* do nothing if flag is already set */ |
847 |
if (!!(trace_flags & mask) == !!enabled) |
848 |
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h |
849 |
-index 02b592f..f971546 100644 |
850 |
+index c8bd809..33d7539 100644 |
851 |
--- a/kernel/trace/trace.h |
852 |
+++ b/kernel/trace/trace.h |
853 |
@@ -1233,7 +1233,7 @@ extern const char *__stop___tracepoint_str[]; |
854 |
@@ -92171,10 +92203,10 @@ index c9b6f01..37781d9 100644 |
855 |
.thread_should_run = watchdog_should_run, |
856 |
.thread_fn = watchdog, |
857 |
diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
858 |
-index b6a3941..b68f191 100644 |
859 |
+index b4defde..f092808 100644 |
860 |
--- a/kernel/workqueue.c |
861 |
+++ b/kernel/workqueue.c |
862 |
-@@ -4702,7 +4702,7 @@ static void rebind_workers(struct worker_pool *pool) |
863 |
+@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool) |
864 |
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); |
865 |
worker_flags |= WORKER_REBOUND; |
866 |
worker_flags &= ~WORKER_UNBOUND; |
867 |
@@ -92950,7 +92982,7 @@ index 0000000..7cd6065 |
868 |
@@ -0,0 +1 @@ |
869 |
+-grsec |
870 |
diff --git a/mm/Kconfig b/mm/Kconfig |
871 |
-index 9b63c15..2ab509e 100644 |
872 |
+index 0862816..2e3a043 100644 |
873 |
--- a/mm/Kconfig |
874 |
+++ b/mm/Kconfig |
875 |
@@ -329,10 +329,11 @@ config KSM |
876 |
@@ -94220,7 +94252,7 @@ index 2121d8b8..fa1095a 100644 |
877 |
mm = get_task_mm(tsk); |
878 |
if (!mm) |
879 |
diff --git a/mm/mempolicy.c b/mm/mempolicy.c |
880 |
-index 9c6288a..b0ea97e 100644 |
881 |
+index 15a8ea0..cb50389 100644 |
882 |
--- a/mm/mempolicy.c |
883 |
+++ b/mm/mempolicy.c |
884 |
@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, |
885 |
@@ -96343,7 +96375,7 @@ index cdbd312..2e1e0b9 100644 |
886 |
|
887 |
/* |
888 |
diff --git a/mm/shmem.c b/mm/shmem.c |
889 |
-index 1f18c9d..b550bab 100644 |
890 |
+index 1f18c9d..6aa94ab 100644 |
891 |
--- a/mm/shmem.c |
892 |
+++ b/mm/shmem.c |
893 |
@@ -33,7 +33,7 @@ |
894 |
@@ -96371,19 +96403,73 @@ index 1f18c9d..b550bab 100644 |
895 |
+ * a time): we would prefer not to enlarge the shmem inode just for that. |
896 |
*/ |
897 |
struct shmem_falloc { |
898 |
-+ int mode; /* FALLOC_FL mode currently operating */ |
899 |
++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */ |
900 |
pgoff_t start; /* start of range currently being fallocated */ |
901 |
pgoff_t next; /* the next page offset to be fallocated */ |
902 |
pgoff_t nr_falloced; /* how many new pages have been fallocated */ |
903 |
-@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) |
904 |
+@@ -533,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
905 |
+ return; |
906 |
+ |
907 |
+ index = start; |
908 |
+- for ( ; ; ) { |
909 |
++ while (index < end) { |
910 |
+ cond_resched(); |
911 |
+ pvec.nr = shmem_find_get_pages_and_swap(mapping, index, |
912 |
+ min(end - index, (pgoff_t)PAGEVEC_SIZE), |
913 |
+ pvec.pages, indices); |
914 |
+ if (!pvec.nr) { |
915 |
+- if (index == start || unfalloc) |
916 |
++ /* If all gone or hole-punch or unfalloc, we're done */ |
917 |
++ if (index == start || end != -1) |
918 |
+ break; |
919 |
++ /* But if truncating, restart to make sure all gone */ |
920 |
+ index = start; |
921 |
+ continue; |
922 |
+ } |
923 |
+- if ((index == start || unfalloc) && indices[0] >= end) { |
924 |
+- shmem_deswap_pagevec(&pvec); |
925 |
+- pagevec_release(&pvec); |
926 |
+- break; |
927 |
+- } |
928 |
+ mem_cgroup_uncharge_start(); |
929 |
+ for (i = 0; i < pagevec_count(&pvec); i++) { |
930 |
+ struct page *page = pvec.pages[i]; |
931 |
+@@ -560,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
932 |
+ if (radix_tree_exceptional_entry(page)) { |
933 |
+ if (unfalloc) |
934 |
+ continue; |
935 |
+- nr_swaps_freed += !shmem_free_swap(mapping, |
936 |
+- index, page); |
937 |
++ if (shmem_free_swap(mapping, index, page)) { |
938 |
++ /* Swap was replaced by page: retry */ |
939 |
++ index--; |
940 |
++ break; |
941 |
++ } |
942 |
++ nr_swaps_freed++; |
943 |
+ continue; |
944 |
+ } |
945 |
+ |
946 |
+@@ -570,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
947 |
+ if (page->mapping == mapping) { |
948 |
+ VM_BUG_ON_PAGE(PageWriteback(page), page); |
949 |
+ truncate_inode_page(mapping, page); |
950 |
++ } else { |
951 |
++ /* Page was replaced by swap: retry */ |
952 |
++ unlock_page(page); |
953 |
++ index--; |
954 |
++ break; |
955 |
+ } |
956 |
+ } |
957 |
+ unlock_page(page); |
958 |
+@@ -824,6 +831,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) |
959 |
spin_lock(&inode->i_lock); |
960 |
shmem_falloc = inode->i_private; |
961 |
if (shmem_falloc && |
962 |
-+ !shmem_falloc->mode && |
963 |
++ !shmem_falloc->waitq && |
964 |
index >= shmem_falloc->start && |
965 |
index < shmem_falloc->next) |
966 |
shmem_falloc->nr_unswapped++; |
967 |
-@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
968 |
+@@ -1298,6 +1306,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
969 |
int error; |
970 |
int ret = VM_FAULT_LOCKED; |
971 |
|
972 |
@@ -96391,71 +96477,98 @@ index 1f18c9d..b550bab 100644 |
973 |
+ * Trinity finds that probing a hole which tmpfs is punching can |
974 |
+ * prevent the hole-punch from ever completing: which in turn |
975 |
+ * locks writers out with its hold on i_mutex. So refrain from |
976 |
-+ * faulting pages into the hole while it's being punched, and |
977 |
-+ * wait on i_mutex to be released if vmf->flags permits, |
978 |
++ * faulting pages into the hole while it's being punched. Although |
979 |
++ * shmem_undo_range() does remove the additions, it may be unable to |
980 |
++ * keep up, as each new page needs its own unmap_mapping_range() call, |
981 |
++ * and the i_mmap tree grows ever slower to scan if new vmas are added. |
982 |
++ * |
983 |
++ * It does not matter if we sometimes reach this check just before the |
984 |
++ * hole-punch begins, so that one fault then races with the punch: |
985 |
++ * we just need to make racing faults a rare case. |
986 |
++ * |
987 |
++ * The implementation below would be much simpler if we just used a |
988 |
++ * standard mutex or completion: but we cannot take i_mutex in fault, |
989 |
++ * and bloating every shmem inode for this unlikely case would be sad. |
990 |
+ */ |
991 |
+ if (unlikely(inode->i_private)) { |
992 |
+ struct shmem_falloc *shmem_falloc; |
993 |
++ |
994 |
+ spin_lock(&inode->i_lock); |
995 |
+ shmem_falloc = inode->i_private; |
996 |
-+ if (!shmem_falloc || |
997 |
-+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || |
998 |
-+ vmf->pgoff < shmem_falloc->start || |
999 |
-+ vmf->pgoff >= shmem_falloc->next) |
1000 |
-+ shmem_falloc = NULL; |
1001 |
-+ spin_unlock(&inode->i_lock); |
1002 |
-+ /* |
1003 |
-+ * i_lock has protected us from taking shmem_falloc seriously |
1004 |
-+ * once return from shmem_fallocate() went back up that stack. |
1005 |
-+ * i_lock does not serialize with i_mutex at all, but it does |
1006 |
-+ * not matter if sometimes we wait unnecessarily, or sometimes |
1007 |
-+ * miss out on waiting: we just need to make those cases rare. |
1008 |
-+ */ |
1009 |
-+ if (shmem_falloc) { |
1010 |
++ if (shmem_falloc && |
1011 |
++ shmem_falloc->waitq && |
1012 |
++ vmf->pgoff >= shmem_falloc->start && |
1013 |
++ vmf->pgoff < shmem_falloc->next) { |
1014 |
++ wait_queue_head_t *shmem_falloc_waitq; |
1015 |
++ DEFINE_WAIT(shmem_fault_wait); |
1016 |
++ |
1017 |
++ ret = VM_FAULT_NOPAGE; |
1018 |
+ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && |
1019 |
+ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { |
1020 |
++ /* It's polite to up mmap_sem if we can */ |
1021 |
+ up_read(&vma->vm_mm->mmap_sem); |
1022 |
-+ mutex_lock(&inode->i_mutex); |
1023 |
-+ mutex_unlock(&inode->i_mutex); |
1024 |
-+ return VM_FAULT_RETRY; |
1025 |
++ ret = VM_FAULT_RETRY; |
1026 |
+ } |
1027 |
-+ /* cond_resched? Leave that to GUP or return to user */ |
1028 |
-+ return VM_FAULT_NOPAGE; |
1029 |
++ |
1030 |
++ shmem_falloc_waitq = shmem_falloc->waitq; |
1031 |
++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait, |
1032 |
++ TASK_UNINTERRUPTIBLE); |
1033 |
++ spin_unlock(&inode->i_lock); |
1034 |
++ schedule(); |
1035 |
++ |
1036 |
++ /* |
1037 |
++ * shmem_falloc_waitq points into the shmem_fallocate() |
1038 |
++ * stack of the hole-punching task: shmem_falloc_waitq |
1039 |
++ * is usually invalid by the time we reach here, but |
1040 |
++ * finish_wait() does not dereference it in that case; |
1041 |
++ * though i_lock needed lest racing with wake_up_all(). |
1042 |
++ */ |
1043 |
++ spin_lock(&inode->i_lock); |
1044 |
++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait); |
1045 |
++ spin_unlock(&inode->i_lock); |
1046 |
++ return ret; |
1047 |
+ } |
1048 |
++ spin_unlock(&inode->i_lock); |
1049 |
+ } |
1050 |
+ |
1051 |
error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); |
1052 |
if (error) |
1053 |
return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); |
1054 |
-@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
1055 |
- |
1056 |
- mutex_lock(&inode->i_mutex); |
1057 |
- |
1058 |
-+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; |
1059 |
-+ |
1060 |
- if (mode & FALLOC_FL_PUNCH_HOLE) { |
1061 |
+@@ -1817,12 +1883,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
1062 |
struct address_space *mapping = file->f_mapping; |
1063 |
loff_t unmap_start = round_up(offset, PAGE_SIZE); |
1064 |
loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; |
1065 |
- |
1066 |
++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq); |
1067 |
++ |
1068 |
++ shmem_falloc.waitq = &shmem_falloc_waitq; |
1069 |
+ shmem_falloc.start = unmap_start >> PAGE_SHIFT; |
1070 |
+ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; |
1071 |
+ spin_lock(&inode->i_lock); |
1072 |
+ inode->i_private = &shmem_falloc; |
1073 |
+ spin_unlock(&inode->i_lock); |
1074 |
-+ |
1075 |
+ |
1076 |
if ((u64)unmap_end > (u64)unmap_start) |
1077 |
unmap_mapping_range(mapping, unmap_start, |
1078 |
1 + unmap_end - unmap_start, 0); |
1079 |
shmem_truncate_range(inode, offset, offset + len - 1); |
1080 |
/* No need to unmap again: hole-punching leaves COWed pages */ |
1081 |
++ |
1082 |
++ spin_lock(&inode->i_lock); |
1083 |
++ inode->i_private = NULL; |
1084 |
++ wake_up_all(&shmem_falloc_waitq); |
1085 |
++ spin_unlock(&inode->i_lock); |
1086 |
error = 0; |
1087 |
-- goto out; |
1088 |
-+ goto undone; |
1089 |
+ goto out; |
1090 |
+ } |
1091 |
+@@ -1840,6 +1919,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
1092 |
+ goto out; |
1093 |
} |
1094 |
|
1095 |
- /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ |
1096 |
-@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { |
1097 |
++ shmem_falloc.waitq = NULL; |
1098 |
+ shmem_falloc.start = start; |
1099 |
+ shmem_falloc.next = start; |
1100 |
+ shmem_falloc.nr_falloced = 0; |
1101 |
+@@ -2218,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { |
1102 |
static int shmem_xattr_validate(const char *name) |
1103 |
{ |
1104 |
struct { const char *prefix; size_t len; } arr[] = { |
1105 |
@@ -96467,7 +96580,7 @@ index 1f18c9d..b550bab 100644 |
1106 |
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, |
1107 |
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } |
1108 |
}; |
1109 |
-@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, |
1110 |
+@@ -2273,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, |
1111 |
if (err) |
1112 |
return err; |
1113 |
|
1114 |
@@ -96483,7 +96596,7 @@ index 1f18c9d..b550bab 100644 |
1115 |
return simple_xattr_set(&info->xattrs, name, value, size, flags); |
1116 |
} |
1117 |
|
1118 |
-@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) |
1119 |
+@@ -2585,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) |
1120 |
int err = -ENOMEM; |
1121 |
|
1122 |
/* Round up to L1_CACHE_BYTES to resist false sharing */ |
1123 |
@@ -99666,6 +99779,21 @@ index 5325b54..a0d4d69 100644 |
1124 |
return -EFAULT; |
1125 |
|
1126 |
*lenp = len; |
1127 |
+diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c |
1128 |
+index e7b6d53..f005cc7 100644 |
1129 |
+--- a/net/dns_resolver/dns_query.c |
1130 |
++++ b/net/dns_resolver/dns_query.c |
1131 |
+@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen, |
1132 |
+ if (!*_result) |
1133 |
+ goto put; |
1134 |
+ |
1135 |
+- memcpy(*_result, upayload->data, len + 1); |
1136 |
++ memcpy(*_result, upayload->data, len); |
1137 |
++ (*_result)[len] = '\0'; |
1138 |
++ |
1139 |
+ if (_expiry) |
1140 |
+ *_expiry = rkey->expiry; |
1141 |
+ |
1142 |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
1143 |
index 19ab78a..bf575c9 100644 |
1144 |
--- a/net/ipv4/af_inet.c |
1145 |
@@ -103158,6 +103286,18 @@ index f226709..0e735a8 100644 |
1146 |
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); |
1147 |
|
1148 |
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); |
1149 |
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c |
1150 |
+index a4d5701..5d97d8f 100644 |
1151 |
+--- a/net/sctp/associola.c |
1152 |
++++ b/net/sctp/associola.c |
1153 |
+@@ -1151,6 +1151,7 @@ void sctp_assoc_update(struct sctp_association *asoc, |
1154 |
+ asoc->c = new->c; |
1155 |
+ asoc->peer.rwnd = new->peer.rwnd; |
1156 |
+ asoc->peer.sack_needed = new->peer.sack_needed; |
1157 |
++ asoc->peer.auth_capable = new->peer.auth_capable; |
1158 |
+ asoc->peer.i = new->peer.i; |
1159 |
+ sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, |
1160 |
+ asoc->peer.i.initial_tsn, GFP_ATOMIC); |
1161 |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
1162 |
index 2b1738e..a9d0fc9 100644 |
1163 |
--- a/net/sctp/ipv6.c |
1164 |
@@ -103388,6 +103528,26 @@ index c82fdc1..4ca1f95 100644 |
1165 |
return 0; |
1166 |
} |
1167 |
|
1168 |
+diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c |
1169 |
+index 85c6465..879f3cd 100644 |
1170 |
+--- a/net/sctp/ulpevent.c |
1171 |
++++ b/net/sctp/ulpevent.c |
1172 |
+@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( |
1173 |
+ * sre_type: |
1174 |
+ * It should be SCTP_REMOTE_ERROR. |
1175 |
+ */ |
1176 |
++ memset(sre, 0, sizeof(*sre)); |
1177 |
+ sre->sre_type = SCTP_REMOTE_ERROR; |
1178 |
+ |
1179 |
+ /* |
1180 |
+@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, |
1181 |
+ * For recvmsg() the SCTP stack places the message's stream number in |
1182 |
+ * this value. |
1183 |
+ */ |
1184 |
++ memset(&sinfo, 0, sizeof(sinfo)); |
1185 |
+ sinfo.sinfo_stream = event->stream; |
1186 |
+ /* sinfo_ssn: 16 bits (unsigned integer) |
1187 |
+ * |
1188 |
diff --git a/net/socket.c b/net/socket.c |
1189 |
index a19ae19..89554dc 100644 |
1190 |
--- a/net/socket.c |
1191 |
|
1192 |
diff --git a/3.14.12/4425_grsec_remove_EI_PAX.patch b/3.14.13/4425_grsec_remove_EI_PAX.patch |
1193 |
similarity index 100% |
1194 |
rename from 3.14.12/4425_grsec_remove_EI_PAX.patch |
1195 |
rename to 3.14.13/4425_grsec_remove_EI_PAX.patch |
1196 |
|
1197 |
diff --git a/3.14.12/4427_force_XATTR_PAX_tmpfs.patch b/3.14.13/4427_force_XATTR_PAX_tmpfs.patch |
1198 |
similarity index 100% |
1199 |
rename from 3.14.12/4427_force_XATTR_PAX_tmpfs.patch |
1200 |
rename to 3.14.13/4427_force_XATTR_PAX_tmpfs.patch |
1201 |
|
1202 |
diff --git a/3.14.12/4430_grsec-remove-localversion-grsec.patch b/3.14.13/4430_grsec-remove-localversion-grsec.patch |
1203 |
similarity index 100% |
1204 |
rename from 3.14.12/4430_grsec-remove-localversion-grsec.patch |
1205 |
rename to 3.14.13/4430_grsec-remove-localversion-grsec.patch |
1206 |
|
1207 |
diff --git a/3.14.12/4435_grsec-mute-warnings.patch b/3.14.13/4435_grsec-mute-warnings.patch |
1208 |
similarity index 100% |
1209 |
rename from 3.14.12/4435_grsec-mute-warnings.patch |
1210 |
rename to 3.14.13/4435_grsec-mute-warnings.patch |
1211 |
|
1212 |
diff --git a/3.14.12/4440_grsec-remove-protected-paths.patch b/3.14.13/4440_grsec-remove-protected-paths.patch |
1213 |
similarity index 100% |
1214 |
rename from 3.14.12/4440_grsec-remove-protected-paths.patch |
1215 |
rename to 3.14.13/4440_grsec-remove-protected-paths.patch |
1216 |
|
1217 |
diff --git a/3.14.12/4450_grsec-kconfig-default-gids.patch b/3.14.13/4450_grsec-kconfig-default-gids.patch |
1218 |
similarity index 100% |
1219 |
rename from 3.14.12/4450_grsec-kconfig-default-gids.patch |
1220 |
rename to 3.14.13/4450_grsec-kconfig-default-gids.patch |
1221 |
|
1222 |
diff --git a/3.14.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.13/4465_selinux-avc_audit-log-curr_ip.patch |
1223 |
similarity index 100% |
1224 |
rename from 3.14.12/4465_selinux-avc_audit-log-curr_ip.patch |
1225 |
rename to 3.14.13/4465_selinux-avc_audit-log-curr_ip.patch |
1226 |
|
1227 |
diff --git a/3.14.12/4470_disable-compat_vdso.patch b/3.14.13/4470_disable-compat_vdso.patch |
1228 |
similarity index 100% |
1229 |
rename from 3.14.12/4470_disable-compat_vdso.patch |
1230 |
rename to 3.14.13/4470_disable-compat_vdso.patch |
1231 |
|
1232 |
diff --git a/3.14.12/4475_emutramp_default_on.patch b/3.14.13/4475_emutramp_default_on.patch |
1233 |
similarity index 100% |
1234 |
rename from 3.14.12/4475_emutramp_default_on.patch |
1235 |
rename to 3.14.13/4475_emutramp_default_on.patch |
1236 |
|
1237 |
diff --git a/3.15.5/0000_README b/3.15.6/0000_README |
1238 |
similarity index 96% |
1239 |
rename from 3.15.5/0000_README |
1240 |
rename to 3.15.6/0000_README |
1241 |
index 6000532..3a519cd 100644 |
1242 |
--- a/3.15.5/0000_README |
1243 |
+++ b/3.15.6/0000_README |
1244 |
@@ -2,7 +2,7 @@ README |
1245 |
----------------------------------------------------------------------------- |
1246 |
Individual Patch Descriptions: |
1247 |
----------------------------------------------------------------------------- |
1248 |
-Patch: 4420_grsecurity-3.0-3.15.5-201407170639.patch |
1249 |
+Patch: 4420_grsecurity-3.0-3.15.6-201407232200.patch |
1250 |
From: http://www.grsecurity.net |
1251 |
Desc: hardened-sources base patch from upstream grsecurity |
1252 |
|
1253 |
|
1254 |
diff --git a/3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch b/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch |
1255 |
similarity index 99% |
1256 |
rename from 3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch |
1257 |
rename to 3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch |
1258 |
index 7a5e81c..f992e88 100644 |
1259 |
--- a/3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch |
1260 |
+++ b/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch |
1261 |
@@ -287,13 +287,14 @@ index 30a8ad0d..2ed9efd 100644 |
1262 |
|
1263 |
pcd. [PARIDE] |
1264 |
diff --git a/Makefile b/Makefile |
1265 |
-index e6b01ed..74dbc85 100644 |
1266 |
+index fefa023..06f4bb4 100644 |
1267 |
--- a/Makefile |
1268 |
+++ b/Makefile |
1269 |
-@@ -246,7 +246,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
1270 |
+@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
1271 |
+ |
1272 |
HOSTCC = gcc |
1273 |
HOSTCXX = g++ |
1274 |
- HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer |
1275 |
+-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer |
1276 |
-HOSTCXXFLAGS = -O2 |
1277 |
+HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks |
1278 |
+HOSTCFLAGS += $(call cc-option, -Wno-empty-body) |
1279 |
@@ -301,7 +302,7 @@ index e6b01ed..74dbc85 100644 |
1280 |
|
1281 |
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1) |
1282 |
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \ |
1283 |
-@@ -438,8 +440,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ |
1284 |
+@@ -438,8 +439,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ |
1285 |
# Rules shared between *config targets and build targets |
1286 |
|
1287 |
# Basic helpers built in scripts/ |
1288 |
@@ -312,7 +313,7 @@ index e6b01ed..74dbc85 100644 |
1289 |
$(Q)$(MAKE) $(build)=scripts/basic |
1290 |
$(Q)rm -f .tmp_quiet_recordmcount |
1291 |
|
1292 |
-@@ -600,6 +602,72 @@ else |
1293 |
+@@ -600,6 +601,72 @@ else |
1294 |
KBUILD_CFLAGS += -O2 |
1295 |
endif |
1296 |
|
1297 |
@@ -385,7 +386,7 @@ index e6b01ed..74dbc85 100644 |
1298 |
include $(srctree)/arch/$(SRCARCH)/Makefile |
1299 |
|
1300 |
ifdef CONFIG_READABLE_ASM |
1301 |
-@@ -816,7 +884,7 @@ export mod_sign_cmd |
1302 |
+@@ -816,7 +883,7 @@ export mod_sign_cmd |
1303 |
|
1304 |
|
1305 |
ifeq ($(KBUILD_EXTMOD),) |
1306 |
@@ -394,7 +395,7 @@ index e6b01ed..74dbc85 100644 |
1307 |
|
1308 |
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ |
1309 |
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |
1310 |
-@@ -865,6 +933,8 @@ endif |
1311 |
+@@ -865,6 +932,8 @@ endif |
1312 |
|
1313 |
# The actual objects are generated when descending, |
1314 |
# make sure no implicit rule kicks in |
1315 |
@@ -403,7 +404,7 @@ index e6b01ed..74dbc85 100644 |
1316 |
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
1317 |
|
1318 |
# Handle descending into subdirectories listed in $(vmlinux-dirs) |
1319 |
-@@ -874,7 +944,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
1320 |
+@@ -874,7 +943,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; |
1321 |
# Error messages still appears in the original language |
1322 |
|
1323 |
PHONY += $(vmlinux-dirs) |
1324 |
@@ -412,7 +413,7 @@ index e6b01ed..74dbc85 100644 |
1325 |
$(Q)$(MAKE) $(build)=$@ |
1326 |
|
1327 |
define filechk_kernel.release |
1328 |
-@@ -917,10 +987,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
1329 |
+@@ -917,10 +986,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
1330 |
|
1331 |
archprepare: archheaders archscripts prepare1 scripts_basic |
1332 |
|
1333 |
@@ -426,7 +427,7 @@ index e6b01ed..74dbc85 100644 |
1334 |
prepare: prepare0 |
1335 |
|
1336 |
# Generate some files |
1337 |
-@@ -1028,6 +1101,8 @@ all: modules |
1338 |
+@@ -1028,6 +1100,8 @@ all: modules |
1339 |
# using awk while concatenating to the final file. |
1340 |
|
1341 |
PHONY += modules |
1342 |
@@ -435,7 +436,7 @@ index e6b01ed..74dbc85 100644 |
1343 |
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin |
1344 |
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order |
1345 |
@$(kecho) ' Building modules, stage 2.'; |
1346 |
-@@ -1043,7 +1118,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
1347 |
+@@ -1043,7 +1117,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) |
1348 |
|
1349 |
# Target to prepare building external modules |
1350 |
PHONY += modules_prepare |
1351 |
@@ -444,7 +445,7 @@ index e6b01ed..74dbc85 100644 |
1352 |
|
1353 |
# Target to install modules |
1354 |
PHONY += modules_install |
1355 |
-@@ -1109,7 +1184,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ |
1356 |
+@@ -1109,7 +1183,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ |
1357 |
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ |
1358 |
signing_key.priv signing_key.x509 x509.genkey \ |
1359 |
extra_certificates signing_key.x509.keyid \ |
1360 |
@@ -456,7 +457,7 @@ index e6b01ed..74dbc85 100644 |
1361 |
|
1362 |
# clean - Delete most, but leave enough to build external modules |
1363 |
# |
1364 |
-@@ -1148,7 +1226,7 @@ distclean: mrproper |
1365 |
+@@ -1148,7 +1225,7 @@ distclean: mrproper |
1366 |
@find $(srctree) $(RCS_FIND_IGNORE) \ |
1367 |
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \ |
1368 |
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ |
1369 |
@@ -465,7 +466,7 @@ index e6b01ed..74dbc85 100644 |
1370 |
-type f -print | xargs rm -f |
1371 |
|
1372 |
|
1373 |
-@@ -1309,6 +1387,8 @@ PHONY += $(module-dirs) modules |
1374 |
+@@ -1309,6 +1386,8 @@ PHONY += $(module-dirs) modules |
1375 |
$(module-dirs): crmodverdir $(objtree)/Module.symvers |
1376 |
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) |
1377 |
|
1378 |
@@ -474,7 +475,7 @@ index e6b01ed..74dbc85 100644 |
1379 |
modules: $(module-dirs) |
1380 |
@$(kecho) ' Building modules, stage 2.'; |
1381 |
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost |
1382 |
-@@ -1448,17 +1528,21 @@ else |
1383 |
+@@ -1448,17 +1527,21 @@ else |
1384 |
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) |
1385 |
endif |
1386 |
|
1387 |
@@ -500,7 +501,7 @@ index e6b01ed..74dbc85 100644 |
1388 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
1389 |
%.symtypes: %.c prepare scripts FORCE |
1390 |
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) |
1391 |
-@@ -1468,11 +1552,15 @@ endif |
1392 |
+@@ -1468,11 +1551,15 @@ endif |
1393 |
$(cmd_crmodverdir) |
1394 |
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ |
1395 |
$(build)=$(build-dir) |
1396 |
@@ -2429,7 +2430,7 @@ index f7b450f..f5364c5 100644 |
1397 |
EXPORT_SYMBOL(__get_user_1); |
1398 |
EXPORT_SYMBOL(__get_user_2); |
1399 |
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S |
1400 |
-index 1879e8d..b2207fc 100644 |
1401 |
+index 1879e8d..5602dd4 100644 |
1402 |
--- a/arch/arm/kernel/entry-armv.S |
1403 |
+++ b/arch/arm/kernel/entry-armv.S |
1404 |
@@ -47,6 +47,87 @@ |
1405 |
@@ -2448,7 +2449,7 @@ index 1879e8d..b2207fc 100644 |
1406 |
+ bic r2, r2, #(0x1fc0) |
1407 |
+ bic r2, r2, #(0x3f) |
1408 |
+ ldr r1, [r2, #TI_CPU_DOMAIN] |
1409 |
-+ @ store old DACR on stack |
1410 |
++ @ store old DACR on stack |
1411 |
+ str r1, [sp, #8] |
1412 |
+#ifdef CONFIG_PAX_KERNEXEC |
1413 |
+ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT |
1414 |
@@ -7990,7 +7991,7 @@ index 3ca9c11..d163ef7 100644 |
1415 |
/* |
1416 |
* If for any reason at all we couldn't handle the fault, make |
1417 |
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig |
1418 |
-index e099899..457d6a8 100644 |
1419 |
+index c95c4b8..d831f81 100644 |
1420 |
--- a/arch/powerpc/Kconfig |
1421 |
+++ b/arch/powerpc/Kconfig |
1422 |
@@ -397,6 +397,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE |
1423 |
@@ -14413,7 +14414,7 @@ index 2206757..85cbcfa 100644 |
1424 |
|
1425 |
err |= copy_siginfo_to_user32(&frame->info, &ksig->info); |
1426 |
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
1427 |
-index 4299eb0..c0687a7 100644 |
1428 |
+index 4299eb0..fefe70e 100644 |
1429 |
--- a/arch/x86/ia32/ia32entry.S |
1430 |
+++ b/arch/x86/ia32/ia32entry.S |
1431 |
@@ -15,8 +15,10 @@ |
1432 |
@@ -14564,7 +14565,7 @@ index 4299eb0..c0687a7 100644 |
1433 |
/* clear IF, that popfq doesn't enable interrupts early */ |
1434 |
- andl $~0x200,EFLAGS-R11(%rsp) |
1435 |
- movl RIP-R11(%rsp),%edx /* User %eip */ |
1436 |
-+ andl $~X86_EFLAGS_IF,EFLAGS(%rsp) |
1437 |
++ andl $~X86_EFLAGS_IF,EFLAGS(%rsp) |
1438 |
+ movl RIP(%rsp),%edx /* User %eip */ |
1439 |
CFI_REGISTER rip,rdx |
1440 |
RESTORE_ARGS 0,24,0,0,0,0 |
1441 |
@@ -18365,7 +18366,7 @@ index a4ea023..33aa874 100644 |
1442 |
void df_debug(struct pt_regs *regs, long error_code); |
1443 |
#endif /* _ASM_X86_PROCESSOR_H */ |
1444 |
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h |
1445 |
-index 6205f0c..b31a4a4 100644 |
1446 |
+index 6205f0c..688a3a9 100644 |
1447 |
--- a/arch/x86/include/asm/ptrace.h |
1448 |
+++ b/arch/x86/include/asm/ptrace.h |
1449 |
@@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) |
1450 |
@@ -18432,7 +18433,7 @@ index 6205f0c..b31a4a4 100644 |
1451 |
- return kernel_stack_pointer(regs); |
1452 |
+ if (offset == offsetof(struct pt_regs, sp)) { |
1453 |
+ unsigned long cs = regs->cs & 0xffff; |
1454 |
-+ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) |
1455 |
++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) |
1456 |
+ return kernel_stack_pointer(regs); |
1457 |
+ } |
1458 |
#endif |
1459 |
@@ -32880,19 +32881,21 @@ index 7b179b4..6bd17777 100644 |
1460 |
|
1461 |
return (void *)vaddr; |
1462 |
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c |
1463 |
-index 597ac15..49841be 100644 |
1464 |
+index bc7527e..5e2c495 100644 |
1465 |
--- a/arch/x86/mm/ioremap.c |
1466 |
+++ b/arch/x86/mm/ioremap.c |
1467 |
-@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, |
1468 |
- for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) { |
1469 |
- int is_ram = page_is_ram(pfn); |
1470 |
+@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, |
1471 |
+ unsigned long i; |
1472 |
+ |
1473 |
+ for (i = 0; i < nr_pages; ++i) |
1474 |
+- if (pfn_valid(start_pfn + i) && |
1475 |
+- !PageReserved(pfn_to_page(start_pfn + i))) |
1476 |
++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 || |
1477 |
++ !PageReserved(pfn_to_page(start_pfn + i)))) |
1478 |
+ return 1; |
1479 |
|
1480 |
-- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn))) |
1481 |
-+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn)))) |
1482 |
- return NULL; |
1483 |
- WARN_ON_ONCE(is_ram); |
1484 |
- } |
1485 |
-@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot); |
1486 |
+ WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn); |
1487 |
+@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot); |
1488 |
* |
1489 |
* Caller must ensure there is only one unmapping for the same pointer. |
1490 |
*/ |
1491 |
@@ -32901,7 +32904,7 @@ index 597ac15..49841be 100644 |
1492 |
{ |
1493 |
struct vm_struct *p, *o; |
1494 |
|
1495 |
-@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
1496 |
+@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
1497 |
|
1498 |
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ |
1499 |
if (page_is_ram(start >> PAGE_SHIFT)) |
1500 |
@@ -32911,7 +32914,7 @@ index 597ac15..49841be 100644 |
1501 |
return __va(phys); |
1502 |
|
1503 |
addr = (void __force *)ioremap_cache(start, PAGE_SIZE); |
1504 |
-@@ -322,13 +325,16 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
1505 |
+@@ -334,13 +337,16 @@ void *xlate_dev_mem_ptr(unsigned long phys) |
1506 |
void unxlate_dev_mem_ptr(unsigned long phys, void *addr) |
1507 |
{ |
1508 |
if (page_is_ram(phys >> PAGE_SHIFT)) |
1509 |
@@ -32929,7 +32932,7 @@ index 597ac15..49841be 100644 |
1510 |
|
1511 |
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) |
1512 |
{ |
1513 |
-@@ -358,8 +364,7 @@ void __init early_ioremap_init(void) |
1514 |
+@@ -370,8 +376,7 @@ void __init early_ioremap_init(void) |
1515 |
early_ioremap_setup(); |
1516 |
|
1517 |
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); |
1518 |
@@ -38688,7 +38691,7 @@ index 8320abd..ec48108 100644 |
1519 |
|
1520 |
if (cmd != SIOCWANDEV) |
1521 |
diff --git a/drivers/char/random.c b/drivers/char/random.c |
1522 |
-index 2b6e4cd..43d7ae1 100644 |
1523 |
+index 2b6e4cd..32033f3 100644 |
1524 |
--- a/drivers/char/random.c |
1525 |
+++ b/drivers/char/random.c |
1526 |
@@ -270,10 +270,17 @@ |
1527 |
@@ -38772,7 +38775,44 @@ index 2b6e4cd..43d7ae1 100644 |
1528 |
unsigned int add = |
1529 |
((pool_size - entropy_count)*anfrac*3) >> s; |
1530 |
|
1531 |
-@@ -1166,7 +1177,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
1532 |
+@@ -641,7 +652,7 @@ retry: |
1533 |
+ } while (unlikely(entropy_count < pool_size-2 && pnfrac)); |
1534 |
+ } |
1535 |
+ |
1536 |
+- if (entropy_count < 0) { |
1537 |
++ if (unlikely(entropy_count < 0)) { |
1538 |
+ pr_warn("random: negative entropy/overflow: pool %s count %d\n", |
1539 |
+ r->name, entropy_count); |
1540 |
+ WARN_ON(1); |
1541 |
+@@ -980,7 +991,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, |
1542 |
+ int reserved) |
1543 |
+ { |
1544 |
+ int entropy_count, orig; |
1545 |
+- size_t ibytes; |
1546 |
++ size_t ibytes, nfrac; |
1547 |
+ |
1548 |
+ BUG_ON(r->entropy_count > r->poolinfo->poolfracbits); |
1549 |
+ |
1550 |
+@@ -998,7 +1009,17 @@ retry: |
1551 |
+ } |
1552 |
+ if (ibytes < min) |
1553 |
+ ibytes = 0; |
1554 |
+- if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0) |
1555 |
++ |
1556 |
++ if (unlikely(entropy_count < 0)) { |
1557 |
++ pr_warn("random: negative entropy count: pool %s count %d\n", |
1558 |
++ r->name, entropy_count); |
1559 |
++ WARN_ON(1); |
1560 |
++ entropy_count = 0; |
1561 |
++ } |
1562 |
++ nfrac = ibytes << (ENTROPY_SHIFT + 3); |
1563 |
++ if ((size_t) entropy_count > nfrac) |
1564 |
++ entropy_count -= nfrac; |
1565 |
++ else |
1566 |
+ entropy_count = 0; |
1567 |
+ |
1568 |
+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) |
1569 |
+@@ -1166,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
1570 |
|
1571 |
extract_buf(r, tmp); |
1572 |
i = min_t(int, nbytes, EXTRACT_SIZE); |
1573 |
@@ -38781,7 +38821,15 @@ index 2b6e4cd..43d7ae1 100644 |
1574 |
ret = -EFAULT; |
1575 |
break; |
1576 |
} |
1577 |
-@@ -1555,7 +1566,7 @@ static char sysctl_bootid[16]; |
1578 |
+@@ -1375,6 +1396,7 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) |
1579 |
+ "with %d bits of entropy available\n", |
1580 |
+ current->comm, nonblocking_pool.entropy_total); |
1581 |
+ |
1582 |
++ nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3)); |
1583 |
+ ret = extract_entropy_user(&nonblocking_pool, buf, nbytes); |
1584 |
+ |
1585 |
+ trace_urandom_read(8 * nbytes, ENTROPY_BITS(&nonblocking_pool), |
1586 |
+@@ -1555,7 +1577,7 @@ static char sysctl_bootid[16]; |
1587 |
static int proc_do_uuid(struct ctl_table *table, int write, |
1588 |
void __user *buffer, size_t *lenp, loff_t *ppos) |
1589 |
{ |
1590 |
@@ -38790,7 +38838,7 @@ index 2b6e4cd..43d7ae1 100644 |
1591 |
unsigned char buf[64], tmp_uuid[16], *uuid; |
1592 |
|
1593 |
uuid = table->data; |
1594 |
-@@ -1585,7 +1596,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, |
1595 |
+@@ -1585,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, |
1596 |
static int proc_do_entropy(ctl_table *table, int write, |
1597 |
void __user *buffer, size_t *lenp, loff_t *ppos) |
1598 |
{ |
1599 |
@@ -39194,7 +39242,7 @@ index 18d4091..434be15 100644 |
1600 |
} |
1601 |
EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler); |
1602 |
diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c |
1603 |
-index fcd0c92..7b736c2 100644 |
1604 |
+index 870eecc..787bbca 100644 |
1605 |
--- a/drivers/cpufreq/intel_pstate.c |
1606 |
+++ b/drivers/cpufreq/intel_pstate.c |
1607 |
@@ -125,10 +125,10 @@ struct pstate_funcs { |
1608 |
@@ -39210,7 +39258,7 @@ index fcd0c92..7b736c2 100644 |
1609 |
|
1610 |
struct perf_limits { |
1611 |
int no_turbo; |
1612 |
-@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) |
1613 |
+@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) |
1614 |
|
1615 |
cpu->pstate.current_pstate = pstate; |
1616 |
|
1617 |
@@ -39219,7 +39267,7 @@ index fcd0c92..7b736c2 100644 |
1618 |
} |
1619 |
|
1620 |
static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) |
1621 |
-@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) |
1622 |
+@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) |
1623 |
{ |
1624 |
sprintf(cpu->name, "Intel 2nd generation core"); |
1625 |
|
1626 |
@@ -39237,7 +39285,7 @@ index fcd0c92..7b736c2 100644 |
1627 |
intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate); |
1628 |
} |
1629 |
|
1630 |
-@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void) |
1631 |
+@@ -847,9 +847,9 @@ static int intel_pstate_msrs_not_valid(void) |
1632 |
rdmsrl(MSR_IA32_APERF, aperf); |
1633 |
rdmsrl(MSR_IA32_MPERF, mperf); |
1634 |
|
1635 |
@@ -39250,7 +39298,7 @@ index fcd0c92..7b736c2 100644 |
1636 |
return -ENODEV; |
1637 |
|
1638 |
rdmsrl(MSR_IA32_APERF, tmp); |
1639 |
-@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void) |
1640 |
+@@ -863,7 +863,7 @@ static int intel_pstate_msrs_not_valid(void) |
1641 |
return 0; |
1642 |
} |
1643 |
|
1644 |
@@ -39259,7 +39307,7 @@ index fcd0c92..7b736c2 100644 |
1645 |
{ |
1646 |
pid_params.sample_rate_ms = policy->sample_rate_ms; |
1647 |
pid_params.p_gain_pct = policy->p_gain_pct; |
1648 |
-@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) |
1649 |
+@@ -875,11 +875,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) |
1650 |
|
1651 |
static void copy_cpu_funcs(struct pstate_funcs *funcs) |
1652 |
{ |
1653 |
@@ -40320,10 +40368,10 @@ index 3c59584..500f2e9 100644 |
1654 |
|
1655 |
return ret; |
1656 |
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
1657 |
-index 5b60e25..eac1625 100644 |
1658 |
+index b91dfbe..b7fb16d 100644 |
1659 |
--- a/drivers/gpu/drm/i915/intel_display.c |
1660 |
+++ b/drivers/gpu/drm/i915/intel_display.c |
1661 |
-@@ -11171,13 +11171,13 @@ struct intel_quirk { |
1662 |
+@@ -11179,13 +11179,13 @@ struct intel_quirk { |
1663 |
int subsystem_vendor; |
1664 |
int subsystem_device; |
1665 |
void (*hook)(struct drm_device *dev); |
1666 |
@@ -40339,7 +40387,7 @@ index 5b60e25..eac1625 100644 |
1667 |
|
1668 |
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
1669 |
{ |
1670 |
-@@ -11185,18 +11185,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
1671 |
+@@ -11193,18 +11193,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
1672 |
return 1; |
1673 |
} |
1674 |
|
1675 |
@@ -41056,28 +41104,6 @@ index c8a8a51..219dacc 100644 |
1676 |
} |
1677 |
vma->vm_ops = &radeon_ttm_vm_ops; |
1678 |
return 0; |
1679 |
-diff --git a/drivers/gpu/drm/radeon/radeon_vm.c b/drivers/gpu/drm/radeon/radeon_vm.c |
1680 |
-index c11b71d..c8c48aa 100644 |
1681 |
---- a/drivers/gpu/drm/radeon/radeon_vm.c |
1682 |
-+++ b/drivers/gpu/drm/radeon/radeon_vm.c |
1683 |
-@@ -493,7 +493,7 @@ int radeon_vm_bo_set_addr(struct radeon_device *rdev, |
1684 |
- mutex_unlock(&vm->mutex); |
1685 |
- |
1686 |
- r = radeon_bo_create(rdev, RADEON_VM_PTE_COUNT * 8, |
1687 |
-- RADEON_GPU_PAGE_SIZE, false, |
1688 |
-+ RADEON_GPU_PAGE_SIZE, true, |
1689 |
- RADEON_GEM_DOMAIN_VRAM, NULL, &pt); |
1690 |
- if (r) |
1691 |
- return r; |
1692 |
-@@ -913,7 +913,7 @@ int radeon_vm_init(struct radeon_device *rdev, struct radeon_vm *vm) |
1693 |
- return -ENOMEM; |
1694 |
- } |
1695 |
- |
1696 |
-- r = radeon_bo_create(rdev, pd_size, RADEON_VM_PTB_ALIGN_SIZE, false, |
1697 |
-+ r = radeon_bo_create(rdev, pd_size, RADEON_VM_PTB_ALIGN_SIZE, true, |
1698 |
- RADEON_GEM_DOMAIN_VRAM, NULL, |
1699 |
- &vm->page_directory); |
1700 |
- if (r) |
1701 |
diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c |
1702 |
index edb871d..a275c6ed 100644 |
1703 |
--- a/drivers/gpu/drm/tegra/dc.c |
1704 |
@@ -43868,10 +43894,10 @@ index b086a94..74cb67e 100644 |
1705 |
pmd->bl_info.value_type.inc = data_block_inc; |
1706 |
pmd->bl_info.value_type.dec = data_block_dec; |
1707 |
diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
1708 |
-index 455e649..1f214be 100644 |
1709 |
+index 490ac23..b9790cd 100644 |
1710 |
--- a/drivers/md/dm.c |
1711 |
+++ b/drivers/md/dm.c |
1712 |
-@@ -178,9 +178,9 @@ struct mapped_device { |
1713 |
+@@ -180,9 +180,9 @@ struct mapped_device { |
1714 |
/* |
1715 |
* Event handling. |
1716 |
*/ |
1717 |
@@ -43883,7 +43909,7 @@ index 455e649..1f214be 100644 |
1718 |
struct list_head uevent_list; |
1719 |
spinlock_t uevent_lock; /* Protect access to uevent_list */ |
1720 |
|
1721 |
-@@ -1884,8 +1884,8 @@ static struct mapped_device *alloc_dev(int minor) |
1722 |
+@@ -1895,8 +1895,8 @@ static struct mapped_device *alloc_dev(int minor) |
1723 |
spin_lock_init(&md->deferred_lock); |
1724 |
atomic_set(&md->holders, 1); |
1725 |
atomic_set(&md->open_count, 0); |
1726 |
@@ -43894,7 +43920,7 @@ index 455e649..1f214be 100644 |
1727 |
INIT_LIST_HEAD(&md->uevent_list); |
1728 |
spin_lock_init(&md->uevent_lock); |
1729 |
|
1730 |
-@@ -2039,7 +2039,7 @@ static void event_callback(void *context) |
1731 |
+@@ -2050,7 +2050,7 @@ static void event_callback(void *context) |
1732 |
|
1733 |
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); |
1734 |
|
1735 |
@@ -43903,7 +43929,7 @@ index 455e649..1f214be 100644 |
1736 |
wake_up(&md->eventq); |
1737 |
} |
1738 |
|
1739 |
-@@ -2732,18 +2732,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
1740 |
+@@ -2743,18 +2743,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, |
1741 |
|
1742 |
uint32_t dm_next_uevent_seq(struct mapped_device *md) |
1743 |
{ |
1744 |
@@ -46857,6 +46883,24 @@ index 5920c99..ff2e4a5 100644 |
1745 |
}; |
1746 |
|
1747 |
static void |
1748 |
+diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c |
1749 |
+index 5895f19..fa9fdfa 100644 |
1750 |
+--- a/drivers/net/wan/x25_asy.c |
1751 |
++++ b/drivers/net/wan/x25_asy.c |
1752 |
+@@ -122,8 +122,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu) |
1753 |
+ { |
1754 |
+ struct x25_asy *sl = netdev_priv(dev); |
1755 |
+ unsigned char *xbuff, *rbuff; |
1756 |
+- int len = 2 * newmtu; |
1757 |
++ int len; |
1758 |
+ |
1759 |
++ if (newmtu > 65534) |
1760 |
++ return -EINVAL; |
1761 |
++ |
1762 |
++ len = 2 * newmtu; |
1763 |
+ xbuff = kmalloc(len + 4, GFP_ATOMIC); |
1764 |
+ rbuff = kmalloc(len + 4, GFP_ATOMIC); |
1765 |
+ |
1766 |
diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c |
1767 |
index feacc3b..5bac0de 100644 |
1768 |
--- a/drivers/net/wan/z85230.c |
1769 |
@@ -59617,7 +59661,7 @@ index e6574d7..c30cbe2 100644 |
1770 |
brelse(bh); |
1771 |
bh = NULL; |
1772 |
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c |
1773 |
-index fe4e668..f983538 100644 |
1774 |
+index 2735a72..d083044 100644 |
1775 |
--- a/fs/ext4/mballoc.c |
1776 |
+++ b/fs/ext4/mballoc.c |
1777 |
@@ -1889,7 +1889,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, |
1778 |
@@ -59747,7 +59791,7 @@ index 04434ad..6404663 100644 |
1779 |
"MMP failure info: last update time: %llu, last update " |
1780 |
"node: %s, last update device: %s\n", |
1781 |
diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
1782 |
-index 6f9e6fa..d0ebdb7 100644 |
1783 |
+index 29a403c..f58dbdb 100644 |
1784 |
--- a/fs/ext4/super.c |
1785 |
+++ b/fs/ext4/super.c |
1786 |
@@ -1275,7 +1275,7 @@ static ext4_fsblk_t get_sb_block(void **data) |
1787 |
@@ -59759,7 +59803,7 @@ index 6f9e6fa..d0ebdb7 100644 |
1788 |
"Contact linux-ext4@×××××××××××.org if you think we should keep it.\n"; |
1789 |
|
1790 |
#ifdef CONFIG_QUOTA |
1791 |
-@@ -2455,7 +2455,7 @@ struct ext4_attr { |
1792 |
+@@ -2453,7 +2453,7 @@ struct ext4_attr { |
1793 |
int offset; |
1794 |
int deprecated_val; |
1795 |
} u; |
1796 |
@@ -59768,114 +59812,6 @@ index 6f9e6fa..d0ebdb7 100644 |
1797 |
|
1798 |
static int parse_strtoull(const char *buf, |
1799 |
unsigned long long max, unsigned long long *value) |
1800 |
-@@ -3869,38 +3869,19 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1801 |
- goto failed_mount2; |
1802 |
- } |
1803 |
- } |
1804 |
-- |
1805 |
-- /* |
1806 |
-- * set up enough so that it can read an inode, |
1807 |
-- * and create new inode for buddy allocator |
1808 |
-- */ |
1809 |
-- sbi->s_gdb_count = db_count; |
1810 |
-- if (!test_opt(sb, NOLOAD) && |
1811 |
-- EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) |
1812 |
-- sb->s_op = &ext4_sops; |
1813 |
-- else |
1814 |
-- sb->s_op = &ext4_nojournal_sops; |
1815 |
-- |
1816 |
-- ext4_ext_init(sb); |
1817 |
-- err = ext4_mb_init(sb); |
1818 |
-- if (err) { |
1819 |
-- ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)", |
1820 |
-- err); |
1821 |
-- goto failed_mount2; |
1822 |
-- } |
1823 |
-- |
1824 |
- if (!ext4_check_descriptors(sb, &first_not_zeroed)) { |
1825 |
- ext4_msg(sb, KERN_ERR, "group descriptors corrupted!"); |
1826 |
-- goto failed_mount2a; |
1827 |
-+ goto failed_mount2; |
1828 |
- } |
1829 |
- if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG)) |
1830 |
- if (!ext4_fill_flex_info(sb)) { |
1831 |
- ext4_msg(sb, KERN_ERR, |
1832 |
- "unable to initialize " |
1833 |
- "flex_bg meta info!"); |
1834 |
-- goto failed_mount2a; |
1835 |
-+ goto failed_mount2; |
1836 |
- } |
1837 |
- |
1838 |
-+ sbi->s_gdb_count = db_count; |
1839 |
- get_random_bytes(&sbi->s_next_generation, sizeof(u32)); |
1840 |
- spin_lock_init(&sbi->s_next_gen_lock); |
1841 |
- |
1842 |
-@@ -3935,6 +3916,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) |
1843 |
- sbi->s_stripe = ext4_get_stripe_size(sbi); |
1844 |
- sbi->s_extent_max_zeroout_kb = 32; |
1845 |
- |
1846 |
-+ /* |
1847 |
-+ * set up enough so that it can read an inode |
1848 |
-+ */ |
1849 |
-+ if (!test_opt(sb, NOLOAD) && |
1850 |
-+ EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL)) |
1851 |
-+ sb->s_op = &ext4_sops; |
1852 |
-+ else |
1853 |
-+ sb->s_op = &ext4_nojournal_sops; |
1854 |
- sb->s_export_op = &ext4_export_ops; |
1855 |
- sb->s_xattr = ext4_xattr_handlers; |
1856 |
- #ifdef CONFIG_QUOTA |
1857 |
-@@ -4124,13 +4113,21 @@ no_journal: |
1858 |
- if (err) { |
1859 |
- ext4_msg(sb, KERN_ERR, "failed to reserve %llu clusters for " |
1860 |
- "reserved pool", ext4_calculate_resv_clusters(sb)); |
1861 |
-- goto failed_mount5; |
1862 |
-+ goto failed_mount4a; |
1863 |
- } |
1864 |
- |
1865 |
- err = ext4_setup_system_zone(sb); |
1866 |
- if (err) { |
1867 |
- ext4_msg(sb, KERN_ERR, "failed to initialize system " |
1868 |
- "zone (%d)", err); |
1869 |
-+ goto failed_mount4a; |
1870 |
-+ } |
1871 |
-+ |
1872 |
-+ ext4_ext_init(sb); |
1873 |
-+ err = ext4_mb_init(sb); |
1874 |
-+ if (err) { |
1875 |
-+ ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)", |
1876 |
-+ err); |
1877 |
- goto failed_mount5; |
1878 |
- } |
1879 |
- |
1880 |
-@@ -4207,8 +4204,11 @@ failed_mount8: |
1881 |
- failed_mount7: |
1882 |
- ext4_unregister_li_request(sb); |
1883 |
- failed_mount6: |
1884 |
-- ext4_release_system_zone(sb); |
1885 |
-+ ext4_mb_release(sb); |
1886 |
- failed_mount5: |
1887 |
-+ ext4_ext_release(sb); |
1888 |
-+ ext4_release_system_zone(sb); |
1889 |
-+failed_mount4a: |
1890 |
- dput(sb->s_root); |
1891 |
- sb->s_root = NULL; |
1892 |
- failed_mount4: |
1893 |
-@@ -4232,14 +4232,11 @@ failed_mount3: |
1894 |
- percpu_counter_destroy(&sbi->s_extent_cache_cnt); |
1895 |
- if (sbi->s_mmp_tsk) |
1896 |
- kthread_stop(sbi->s_mmp_tsk); |
1897 |
--failed_mount2a: |
1898 |
-- ext4_mb_release(sb); |
1899 |
- failed_mount2: |
1900 |
- for (i = 0; i < db_count; i++) |
1901 |
- brelse(sbi->s_group_desc[i]); |
1902 |
- ext4_kvfree(sbi->s_group_desc); |
1903 |
- failed_mount: |
1904 |
-- ext4_ext_release(sb); |
1905 |
- if (sbi->s_chksum_driver) |
1906 |
- crypto_free_shash(sbi->s_chksum_driver); |
1907 |
- if (sbi->s_proc) { |
1908 |
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
1909 |
index 4eec399..1d9444c 100644 |
1910 |
--- a/fs/ext4/xattr.c |
1911 |
@@ -61681,7 +61617,7 @@ index 97f7fda..09bd33d 100644 |
1912 |
if (jfs_inode_cachep == NULL) |
1913 |
return -ENOMEM; |
1914 |
diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c |
1915 |
-index ac127cd..d8079db 100644 |
1916 |
+index a693f5b..82276a1 100644 |
1917 |
--- a/fs/kernfs/dir.c |
1918 |
+++ b/fs/kernfs/dir.c |
1919 |
@@ -182,7 +182,7 @@ struct kernfs_node *kernfs_get_parent(struct kernfs_node *kn) |
1920 |
@@ -61874,7 +61810,7 @@ index d55297f..f5b28c5 100644 |
1921 |
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ |
1922 |
|
1923 |
diff --git a/fs/namei.c b/fs/namei.c |
1924 |
-index 985c6f3..f67a0f8 100644 |
1925 |
+index 985c6f3..5f520b67 100644 |
1926 |
--- a/fs/namei.c |
1927 |
+++ b/fs/namei.c |
1928 |
@@ -330,17 +330,32 @@ int generic_permission(struct inode *inode, int mask) |
1929 |
@@ -62009,7 +61945,19 @@ index 985c6f3..f67a0f8 100644 |
1930 |
return retval; |
1931 |
} |
1932 |
|
1933 |
-@@ -2569,6 +2600,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
1934 |
+@@ -2256,9 +2287,10 @@ done: |
1935 |
+ goto out; |
1936 |
+ } |
1937 |
+ path->dentry = dentry; |
1938 |
+- path->mnt = mntget(nd->path.mnt); |
1939 |
++ path->mnt = nd->path.mnt; |
1940 |
+ if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW)) |
1941 |
+ return 1; |
1942 |
++ mntget(path->mnt); |
1943 |
+ follow_mount(path); |
1944 |
+ error = 0; |
1945 |
+ out: |
1946 |
+@@ -2569,6 +2601,13 @@ static int may_open(struct path *path, int acc_mode, int flag) |
1947 |
if (flag & O_NOATIME && !inode_owner_or_capable(inode)) |
1948 |
return -EPERM; |
1949 |
|
1950 |
@@ -62023,7 +61971,7 @@ index 985c6f3..f67a0f8 100644 |
1951 |
return 0; |
1952 |
} |
1953 |
|
1954 |
-@@ -2800,7 +2838,7 @@ looked_up: |
1955 |
+@@ -2800,7 +2839,7 @@ looked_up: |
1956 |
* cleared otherwise prior to returning. |
1957 |
*/ |
1958 |
static int lookup_open(struct nameidata *nd, struct path *path, |
1959 |
@@ -62032,7 +61980,7 @@ index 985c6f3..f67a0f8 100644 |
1960 |
const struct open_flags *op, |
1961 |
bool got_write, int *opened) |
1962 |
{ |
1963 |
-@@ -2835,6 +2873,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
1964 |
+@@ -2835,6 +2874,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
1965 |
/* Negative dentry, just create the file */ |
1966 |
if (!dentry->d_inode && (op->open_flag & O_CREAT)) { |
1967 |
umode_t mode = op->mode; |
1968 |
@@ -62050,7 +61998,7 @@ index 985c6f3..f67a0f8 100644 |
1969 |
if (!IS_POSIXACL(dir->d_inode)) |
1970 |
mode &= ~current_umask(); |
1971 |
/* |
1972 |
-@@ -2856,6 +2905,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
1973 |
+@@ -2856,6 +2906,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, |
1974 |
nd->flags & LOOKUP_EXCL); |
1975 |
if (error) |
1976 |
goto out_dput; |
1977 |
@@ -62059,7 +62007,7 @@ index 985c6f3..f67a0f8 100644 |
1978 |
} |
1979 |
out_no_open: |
1980 |
path->dentry = dentry; |
1981 |
-@@ -2870,7 +2921,7 @@ out_dput: |
1982 |
+@@ -2870,7 +2922,7 @@ out_dput: |
1983 |
/* |
1984 |
* Handle the last step of open() |
1985 |
*/ |
1986 |
@@ -62068,7 +62016,7 @@ index 985c6f3..f67a0f8 100644 |
1987 |
struct file *file, const struct open_flags *op, |
1988 |
int *opened, struct filename *name) |
1989 |
{ |
1990 |
-@@ -2920,6 +2971,15 @@ static int do_last(struct nameidata *nd, struct path *path, |
1991 |
+@@ -2920,6 +2972,15 @@ static int do_last(struct nameidata *nd, struct path *path, |
1992 |
if (error) |
1993 |
return error; |
1994 |
|
1995 |
@@ -62084,7 +62032,7 @@ index 985c6f3..f67a0f8 100644 |
1996 |
audit_inode(name, dir, LOOKUP_PARENT); |
1997 |
error = -EISDIR; |
1998 |
/* trailing slashes? */ |
1999 |
-@@ -2939,7 +2999,7 @@ retry_lookup: |
2000 |
+@@ -2939,7 +3000,7 @@ retry_lookup: |
2001 |
*/ |
2002 |
} |
2003 |
mutex_lock(&dir->d_inode->i_mutex); |
2004 |
@@ -62093,7 +62041,7 @@ index 985c6f3..f67a0f8 100644 |
2005 |
mutex_unlock(&dir->d_inode->i_mutex); |
2006 |
|
2007 |
if (error <= 0) { |
2008 |
-@@ -2963,11 +3023,28 @@ retry_lookup: |
2009 |
+@@ -2963,11 +3024,28 @@ retry_lookup: |
2010 |
goto finish_open_created; |
2011 |
} |
2012 |
|
2013 |
@@ -62123,7 +62071,7 @@ index 985c6f3..f67a0f8 100644 |
2014 |
|
2015 |
/* |
2016 |
* If atomic_open() acquired write access it is dropped now due to |
2017 |
-@@ -3008,6 +3085,11 @@ finish_lookup: |
2018 |
+@@ -3008,6 +3086,11 @@ finish_lookup: |
2019 |
} |
2020 |
} |
2021 |
BUG_ON(inode != path->dentry->d_inode); |
2022 |
@@ -62135,7 +62083,7 @@ index 985c6f3..f67a0f8 100644 |
2023 |
return 1; |
2024 |
} |
2025 |
|
2026 |
-@@ -3017,7 +3099,6 @@ finish_lookup: |
2027 |
+@@ -3017,7 +3100,6 @@ finish_lookup: |
2028 |
save_parent.dentry = nd->path.dentry; |
2029 |
save_parent.mnt = mntget(path->mnt); |
2030 |
nd->path.dentry = path->dentry; |
2031 |
@@ -62143,7 +62091,7 @@ index 985c6f3..f67a0f8 100644 |
2032 |
} |
2033 |
nd->inode = inode; |
2034 |
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ |
2035 |
-@@ -3027,7 +3108,18 @@ finish_open: |
2036 |
+@@ -3027,7 +3109,18 @@ finish_open: |
2037 |
path_put(&save_parent); |
2038 |
return error; |
2039 |
} |
2040 |
@@ -62162,7 +62110,7 @@ index 985c6f3..f67a0f8 100644 |
2041 |
error = -EISDIR; |
2042 |
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry)) |
2043 |
goto out; |
2044 |
-@@ -3190,7 +3282,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
2045 |
+@@ -3190,7 +3283,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
2046 |
if (unlikely(error)) |
2047 |
goto out; |
2048 |
|
2049 |
@@ -62171,7 +62119,7 @@ index 985c6f3..f67a0f8 100644 |
2050 |
while (unlikely(error > 0)) { /* trailing symlink */ |
2051 |
struct path link = path; |
2052 |
void *cookie; |
2053 |
-@@ -3208,7 +3300,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
2054 |
+@@ -3208,7 +3301,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, |
2055 |
error = follow_link(&link, nd, &cookie); |
2056 |
if (unlikely(error)) |
2057 |
break; |
2058 |
@@ -62180,7 +62128,7 @@ index 985c6f3..f67a0f8 100644 |
2059 |
put_link(nd, &link, cookie); |
2060 |
} |
2061 |
out: |
2062 |
-@@ -3308,9 +3400,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, |
2063 |
+@@ -3308,9 +3401,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, |
2064 |
goto unlock; |
2065 |
|
2066 |
error = -EEXIST; |
2067 |
@@ -62194,7 +62142,7 @@ index 985c6f3..f67a0f8 100644 |
2068 |
/* |
2069 |
* Special case - lookup gave negative, but... we had foo/bar/ |
2070 |
* From the vfs_mknod() POV we just have a negative dentry - |
2071 |
-@@ -3362,6 +3456,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, |
2072 |
+@@ -3362,6 +3457,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, |
2073 |
} |
2074 |
EXPORT_SYMBOL(user_path_create); |
2075 |
|
2076 |
@@ -62215,7 +62163,7 @@ index 985c6f3..f67a0f8 100644 |
2077 |
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) |
2078 |
{ |
2079 |
int error = may_create(dir, dentry); |
2080 |
-@@ -3425,6 +3533,17 @@ retry: |
2081 |
+@@ -3425,6 +3534,17 @@ retry: |
2082 |
|
2083 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
2084 |
mode &= ~current_umask(); |
2085 |
@@ -62233,7 +62181,7 @@ index 985c6f3..f67a0f8 100644 |
2086 |
error = security_path_mknod(&path, dentry, mode, dev); |
2087 |
if (error) |
2088 |
goto out; |
2089 |
-@@ -3441,6 +3560,8 @@ retry: |
2090 |
+@@ -3441,6 +3561,8 @@ retry: |
2091 |
break; |
2092 |
} |
2093 |
out: |
2094 |
@@ -62242,7 +62190,7 @@ index 985c6f3..f67a0f8 100644 |
2095 |
done_path_create(&path, dentry); |
2096 |
if (retry_estale(error, lookup_flags)) { |
2097 |
lookup_flags |= LOOKUP_REVAL; |
2098 |
-@@ -3494,9 +3615,16 @@ retry: |
2099 |
+@@ -3494,9 +3616,16 @@ retry: |
2100 |
|
2101 |
if (!IS_POSIXACL(path.dentry->d_inode)) |
2102 |
mode &= ~current_umask(); |
2103 |
@@ -62259,7 +62207,7 @@ index 985c6f3..f67a0f8 100644 |
2104 |
done_path_create(&path, dentry); |
2105 |
if (retry_estale(error, lookup_flags)) { |
2106 |
lookup_flags |= LOOKUP_REVAL; |
2107 |
-@@ -3579,6 +3707,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
2108 |
+@@ -3579,6 +3708,8 @@ static long do_rmdir(int dfd, const char __user *pathname) |
2109 |
struct filename *name; |
2110 |
struct dentry *dentry; |
2111 |
struct nameidata nd; |
2112 |
@@ -62268,7 +62216,7 @@ index 985c6f3..f67a0f8 100644 |
2113 |
unsigned int lookup_flags = 0; |
2114 |
retry: |
2115 |
name = user_path_parent(dfd, pathname, &nd, lookup_flags); |
2116 |
-@@ -3611,10 +3741,21 @@ retry: |
2117 |
+@@ -3611,10 +3742,21 @@ retry: |
2118 |
error = -ENOENT; |
2119 |
goto exit3; |
2120 |
} |
2121 |
@@ -62290,7 +62238,7 @@ index 985c6f3..f67a0f8 100644 |
2122 |
exit3: |
2123 |
dput(dentry); |
2124 |
exit2: |
2125 |
-@@ -3705,6 +3846,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
2126 |
+@@ -3705,6 +3847,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) |
2127 |
struct nameidata nd; |
2128 |
struct inode *inode = NULL; |
2129 |
struct inode *delegated_inode = NULL; |
2130 |
@@ -62299,7 +62247,7 @@ index 985c6f3..f67a0f8 100644 |
2131 |
unsigned int lookup_flags = 0; |
2132 |
retry: |
2133 |
name = user_path_parent(dfd, pathname, &nd, lookup_flags); |
2134 |
-@@ -3731,10 +3874,22 @@ retry_deleg: |
2135 |
+@@ -3731,10 +3875,22 @@ retry_deleg: |
2136 |
if (d_is_negative(dentry)) |
2137 |
goto slashes; |
2138 |
ihold(inode); |
2139 |
@@ -62322,7 +62270,7 @@ index 985c6f3..f67a0f8 100644 |
2140 |
exit2: |
2141 |
dput(dentry); |
2142 |
} |
2143 |
-@@ -3823,9 +3978,17 @@ retry: |
2144 |
+@@ -3823,9 +3979,17 @@ retry: |
2145 |
if (IS_ERR(dentry)) |
2146 |
goto out_putname; |
2147 |
|
2148 |
@@ -62340,7 +62288,7 @@ index 985c6f3..f67a0f8 100644 |
2149 |
done_path_create(&path, dentry); |
2150 |
if (retry_estale(error, lookup_flags)) { |
2151 |
lookup_flags |= LOOKUP_REVAL; |
2152 |
-@@ -3929,6 +4092,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
2153 |
+@@ -3929,6 +4093,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, |
2154 |
struct dentry *new_dentry; |
2155 |
struct path old_path, new_path; |
2156 |
struct inode *delegated_inode = NULL; |
2157 |
@@ -62348,7 +62296,7 @@ index 985c6f3..f67a0f8 100644 |
2158 |
int how = 0; |
2159 |
int error; |
2160 |
|
2161 |
-@@ -3952,7 +4116,7 @@ retry: |
2162 |
+@@ -3952,7 +4117,7 @@ retry: |
2163 |
if (error) |
2164 |
return error; |
2165 |
|
2166 |
@@ -62357,7 +62305,7 @@ index 985c6f3..f67a0f8 100644 |
2167 |
(how & LOOKUP_REVAL)); |
2168 |
error = PTR_ERR(new_dentry); |
2169 |
if (IS_ERR(new_dentry)) |
2170 |
-@@ -3964,11 +4128,28 @@ retry: |
2171 |
+@@ -3964,11 +4129,28 @@ retry: |
2172 |
error = may_linkat(&old_path); |
2173 |
if (unlikely(error)) |
2174 |
goto out_dput; |
2175 |
@@ -62386,7 +62334,7 @@ index 985c6f3..f67a0f8 100644 |
2176 |
done_path_create(&new_path, new_dentry); |
2177 |
if (delegated_inode) { |
2178 |
error = break_deleg_wait(&delegated_inode); |
2179 |
-@@ -4278,6 +4459,12 @@ retry_deleg: |
2180 |
+@@ -4278,6 +4460,12 @@ retry_deleg: |
2181 |
if (new_dentry == trap) |
2182 |
goto exit5; |
2183 |
|
2184 |
@@ -62399,7 +62347,7 @@ index 985c6f3..f67a0f8 100644 |
2185 |
error = security_path_rename(&oldnd.path, old_dentry, |
2186 |
&newnd.path, new_dentry, flags); |
2187 |
if (error) |
2188 |
-@@ -4285,6 +4472,9 @@ retry_deleg: |
2189 |
+@@ -4285,6 +4473,9 @@ retry_deleg: |
2190 |
error = vfs_rename(old_dir->d_inode, old_dentry, |
2191 |
new_dir->d_inode, new_dentry, |
2192 |
&delegated_inode, flags); |
2193 |
@@ -62409,7 +62357,7 @@ index 985c6f3..f67a0f8 100644 |
2194 |
exit5: |
2195 |
dput(new_dentry); |
2196 |
exit4: |
2197 |
-@@ -4327,14 +4517,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
2198 |
+@@ -4327,14 +4518,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna |
2199 |
|
2200 |
int readlink_copy(char __user *buffer, int buflen, const char *link) |
2201 |
{ |
2202 |
@@ -85909,10 +85857,10 @@ index 24663b3..b926ae1 100644 |
2203 |
+} |
2204 |
+EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog); |
2205 |
diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
2206 |
-index ceee0c5..d6f81dd 100644 |
2207 |
+index 073226b..969c746 100644 |
2208 |
--- a/kernel/cgroup.c |
2209 |
+++ b/kernel/cgroup.c |
2210 |
-@@ -4757,7 +4757,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) |
2211 |
+@@ -4808,7 +4808,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v) |
2212 |
struct task_struct *task; |
2213 |
int count = 0; |
2214 |
|
2215 |
@@ -91335,7 +91283,7 @@ index 4a54a25..7ca9c89 100644 |
2216 |
|
2217 |
ftrace_graph_active++; |
2218 |
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
2219 |
-index c634868..00d0d19 100644 |
2220 |
+index 7c56c3d..9980576 100644 |
2221 |
--- a/kernel/trace/ring_buffer.c |
2222 |
+++ b/kernel/trace/ring_buffer.c |
2223 |
@@ -352,9 +352,9 @@ struct buffer_data_page { |
2224 |
@@ -91361,7 +91309,7 @@ index c634868..00d0d19 100644 |
2225 |
local_t dropped_events; |
2226 |
local_t committing; |
2227 |
local_t commits; |
2228 |
-@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
2229 |
+@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
2230 |
* |
2231 |
* We add a counter to the write field to denote this. |
2232 |
*/ |
2233 |
@@ -91372,7 +91320,7 @@ index c634868..00d0d19 100644 |
2234 |
|
2235 |
/* |
2236 |
* Just make sure we have seen our old_write and synchronize |
2237 |
-@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
2238 |
+@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, |
2239 |
* cmpxchg to only update if an interrupt did not already |
2240 |
* do it for us. If the cmpxchg fails, we don't care. |
2241 |
*/ |
2242 |
@@ -91383,7 +91331,7 @@ index c634868..00d0d19 100644 |
2243 |
|
2244 |
/* |
2245 |
* No need to worry about races with clearing out the commit. |
2246 |
-@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); |
2247 |
+@@ -1392,12 +1392,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); |
2248 |
|
2249 |
static inline unsigned long rb_page_entries(struct buffer_page *bpage) |
2250 |
{ |
2251 |
@@ -91398,7 +91346,7 @@ index c634868..00d0d19 100644 |
2252 |
} |
2253 |
|
2254 |
static int |
2255 |
-@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) |
2256 |
+@@ -1492,7 +1492,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) |
2257 |
* bytes consumed in ring buffer from here. |
2258 |
* Increment overrun to account for the lost events. |
2259 |
*/ |
2260 |
@@ -91407,7 +91355,7 @@ index c634868..00d0d19 100644 |
2261 |
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); |
2262 |
} |
2263 |
|
2264 |
-@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, |
2265 |
+@@ -2070,7 +2070,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, |
2266 |
* it is our responsibility to update |
2267 |
* the counters. |
2268 |
*/ |
2269 |
@@ -91416,7 +91364,7 @@ index c634868..00d0d19 100644 |
2270 |
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); |
2271 |
|
2272 |
/* |
2273 |
-@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2274 |
+@@ -2220,7 +2220,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2275 |
if (tail == BUF_PAGE_SIZE) |
2276 |
tail_page->real_end = 0; |
2277 |
|
2278 |
@@ -91425,7 +91373,7 @@ index c634868..00d0d19 100644 |
2279 |
return; |
2280 |
} |
2281 |
|
2282 |
-@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2283 |
+@@ -2255,7 +2255,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2284 |
rb_event_set_padding(event); |
2285 |
|
2286 |
/* Set the write back to the previous setting */ |
2287 |
@@ -91434,7 +91382,7 @@ index c634868..00d0d19 100644 |
2288 |
return; |
2289 |
} |
2290 |
|
2291 |
-@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2292 |
+@@ -2267,7 +2267,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2293 |
|
2294 |
/* Set write to end of buffer */ |
2295 |
length = (tail + length) - BUF_PAGE_SIZE; |
2296 |
@@ -91443,7 +91391,7 @@ index c634868..00d0d19 100644 |
2297 |
} |
2298 |
|
2299 |
/* |
2300 |
-@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2301 |
+@@ -2293,7 +2293,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2302 |
* about it. |
2303 |
*/ |
2304 |
if (unlikely(next_page == commit_page)) { |
2305 |
@@ -91452,7 +91400,7 @@ index c634868..00d0d19 100644 |
2306 |
goto out_reset; |
2307 |
} |
2308 |
|
2309 |
-@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2310 |
+@@ -2349,7 +2349,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, |
2311 |
cpu_buffer->tail_page) && |
2312 |
(cpu_buffer->commit_page == |
2313 |
cpu_buffer->reader_page))) { |
2314 |
@@ -91461,7 +91409,7 @@ index c634868..00d0d19 100644 |
2315 |
goto out_reset; |
2316 |
} |
2317 |
} |
2318 |
-@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
2319 |
+@@ -2397,7 +2397,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
2320 |
length += RB_LEN_TIME_EXTEND; |
2321 |
|
2322 |
tail_page = cpu_buffer->tail_page; |
2323 |
@@ -91470,7 +91418,7 @@ index c634868..00d0d19 100644 |
2324 |
|
2325 |
/* set write to only the index of the write */ |
2326 |
write &= RB_WRITE_MASK; |
2327 |
-@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
2328 |
+@@ -2421,7 +2421,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, |
2329 |
kmemcheck_annotate_bitfield(event, bitfield); |
2330 |
rb_update_event(cpu_buffer, event, length, add_timestamp, delta); |
2331 |
|
2332 |
@@ -91479,7 +91427,7 @@ index c634868..00d0d19 100644 |
2333 |
|
2334 |
/* |
2335 |
* If this is the first commit on the page, then update |
2336 |
-@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
2337 |
+@@ -2454,7 +2454,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
2338 |
|
2339 |
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { |
2340 |
unsigned long write_mask = |
2341 |
@@ -91488,7 +91436,7 @@ index c634868..00d0d19 100644 |
2342 |
unsigned long event_length = rb_event_length(event); |
2343 |
/* |
2344 |
* This is on the tail page. It is possible that |
2345 |
-@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
2346 |
+@@ -2464,7 +2464,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, |
2347 |
*/ |
2348 |
old_index += write_mask; |
2349 |
new_index += write_mask; |
2350 |
@@ -91497,7 +91445,7 @@ index c634868..00d0d19 100644 |
2351 |
if (index == old_index) { |
2352 |
/* update counters */ |
2353 |
local_sub(event_length, &cpu_buffer->entries_bytes); |
2354 |
-@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
2355 |
+@@ -2856,7 +2856,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
2356 |
|
2357 |
/* Do the likely case first */ |
2358 |
if (likely(bpage->page == (void *)addr)) { |
2359 |
@@ -91506,7 +91454,7 @@ index c634868..00d0d19 100644 |
2360 |
return; |
2361 |
} |
2362 |
|
2363 |
-@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
2364 |
+@@ -2868,7 +2868,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, |
2365 |
start = bpage; |
2366 |
do { |
2367 |
if (bpage->page == (void *)addr) { |
2368 |
@@ -91515,7 +91463,7 @@ index c634868..00d0d19 100644 |
2369 |
return; |
2370 |
} |
2371 |
rb_inc_page(cpu_buffer, &bpage); |
2372 |
-@@ -3149,7 +3149,7 @@ static inline unsigned long |
2373 |
+@@ -3152,7 +3152,7 @@ static inline unsigned long |
2374 |
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) |
2375 |
{ |
2376 |
return local_read(&cpu_buffer->entries) - |
2377 |
@@ -91524,7 +91472,7 @@ index c634868..00d0d19 100644 |
2378 |
} |
2379 |
|
2380 |
/** |
2381 |
-@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) |
2382 |
+@@ -3241,7 +3241,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) |
2383 |
return 0; |
2384 |
|
2385 |
cpu_buffer = buffer->buffers[cpu]; |
2386 |
@@ -91533,7 +91481,7 @@ index c634868..00d0d19 100644 |
2387 |
|
2388 |
return ret; |
2389 |
} |
2390 |
-@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) |
2391 |
+@@ -3264,7 +3264,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) |
2392 |
return 0; |
2393 |
|
2394 |
cpu_buffer = buffer->buffers[cpu]; |
2395 |
@@ -91542,7 +91490,7 @@ index c634868..00d0d19 100644 |
2396 |
|
2397 |
return ret; |
2398 |
} |
2399 |
-@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) |
2400 |
+@@ -3349,7 +3349,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) |
2401 |
/* if you care about this being correct, lock the buffer */ |
2402 |
for_each_buffer_cpu(buffer, cpu) { |
2403 |
cpu_buffer = buffer->buffers[cpu]; |
2404 |
@@ -91551,7 +91499,7 @@ index c634868..00d0d19 100644 |
2405 |
} |
2406 |
|
2407 |
return overruns; |
2408 |
-@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
2409 |
+@@ -3525,8 +3525,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
2410 |
/* |
2411 |
* Reset the reader page to size zero. |
2412 |
*/ |
2413 |
@@ -91562,7 +91510,7 @@ index c634868..00d0d19 100644 |
2414 |
local_set(&cpu_buffer->reader_page->page->commit, 0); |
2415 |
cpu_buffer->reader_page->real_end = 0; |
2416 |
|
2417 |
-@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
2418 |
+@@ -3560,7 +3560,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) |
2419 |
* want to compare with the last_overrun. |
2420 |
*/ |
2421 |
smp_mb(); |
2422 |
@@ -91571,7 +91519,7 @@ index c634868..00d0d19 100644 |
2423 |
|
2424 |
/* |
2425 |
* Here's the tricky part. |
2426 |
-@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
2427 |
+@@ -4130,8 +4130,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
2428 |
|
2429 |
cpu_buffer->head_page |
2430 |
= list_entry(cpu_buffer->pages, struct buffer_page, list); |
2431 |
@@ -91582,7 +91530,7 @@ index c634868..00d0d19 100644 |
2432 |
local_set(&cpu_buffer->head_page->page->commit, 0); |
2433 |
|
2434 |
cpu_buffer->head_page->read = 0; |
2435 |
-@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
2436 |
+@@ -4141,14 +4141,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) |
2437 |
|
2438 |
INIT_LIST_HEAD(&cpu_buffer->reader_page->list); |
2439 |
INIT_LIST_HEAD(&cpu_buffer->new_pages); |
2440 |
@@ -91601,7 +91549,7 @@ index c634868..00d0d19 100644 |
2441 |
local_set(&cpu_buffer->dropped_events, 0); |
2442 |
local_set(&cpu_buffer->entries, 0); |
2443 |
local_set(&cpu_buffer->committing, 0); |
2444 |
-@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, |
2445 |
+@@ -4553,8 +4553,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, |
2446 |
rb_init_page(bpage); |
2447 |
bpage = reader->page; |
2448 |
reader->page = *data_page; |
2449 |
@@ -91613,7 +91561,7 @@ index c634868..00d0d19 100644 |
2450 |
*data_page = bpage; |
2451 |
|
2452 |
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
2453 |
-index 1848dc6..5fc244c 100644 |
2454 |
+index 39a1226..2dc2b43 100644 |
2455 |
--- a/kernel/trace/trace.c |
2456 |
+++ b/kernel/trace/trace.c |
2457 |
@@ -3447,7 +3447,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) |
2458 |
@@ -91626,7 +91574,7 @@ index 1848dc6..5fc244c 100644 |
2459 |
/* do nothing if flag is already set */ |
2460 |
if (!!(trace_flags & mask) == !!enabled) |
2461 |
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h |
2462 |
-index 2e29d7b..61367d7 100644 |
2463 |
+index 99676cd..670b9e8 100644 |
2464 |
--- a/kernel/trace/trace.h |
2465 |
+++ b/kernel/trace/trace.h |
2466 |
@@ -1264,7 +1264,7 @@ extern const char *__stop___tracepoint_str[]; |
2467 |
@@ -91819,10 +91767,10 @@ index 30e4822..dd2b854 100644 |
2468 |
.thread_should_run = watchdog_should_run, |
2469 |
.thread_fn = watchdog, |
2470 |
diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
2471 |
-index 8edc8718..b6a70b9 100644 |
2472 |
+index 7ba5897..c8ed1f2 100644 |
2473 |
--- a/kernel/workqueue.c |
2474 |
+++ b/kernel/workqueue.c |
2475 |
-@@ -4709,7 +4709,7 @@ static void rebind_workers(struct worker_pool *pool) |
2476 |
+@@ -4710,7 +4710,7 @@ static void rebind_workers(struct worker_pool *pool) |
2477 |
WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); |
2478 |
worker_flags |= WORKER_REBOUND; |
2479 |
worker_flags &= ~WORKER_UNBOUND; |
2480 |
@@ -93143,7 +93091,7 @@ index eb8fb72..ae36cf3 100644 |
2481 |
} |
2482 |
unset_migratetype_isolate(page, MIGRATE_MOVABLE); |
2483 |
diff --git a/mm/memory.c b/mm/memory.c |
2484 |
-index e302ae1..c0ef712 100644 |
2485 |
+index e302ae1..779c7ce 100644 |
2486 |
--- a/mm/memory.c |
2487 |
+++ b/mm/memory.c |
2488 |
@@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, |
2489 |
@@ -93633,7 +93581,17 @@ index e302ae1..c0ef712 100644 |
2490 |
unlock: |
2491 |
pte_unmap_unlock(page_table, ptl); |
2492 |
return 0; |
2493 |
-@@ -3535,6 +3724,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2494 |
+@@ -3515,7 +3704,8 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2495 |
+ * if page by the offset is not ready to be mapped (cold cache or |
2496 |
+ * something). |
2497 |
+ */ |
2498 |
+- if (vma->vm_ops->map_pages) { |
2499 |
++ if (vma->vm_ops->map_pages && !(flags & FAULT_FLAG_NONLINEAR) && |
2500 |
++ fault_around_pages() > 1) { |
2501 |
+ pte = pte_offset_map_lock(mm, pmd, address, &ptl); |
2502 |
+ do_fault_around(vma, address, pte, pgoff, flags); |
2503 |
+ if (!pte_same(*pte, orig_pte)) |
2504 |
+@@ -3535,6 +3725,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2505 |
return ret; |
2506 |
} |
2507 |
do_set_pte(vma, address, fault_page, pte, false, false); |
2508 |
@@ -93645,7 +93603,7 @@ index e302ae1..c0ef712 100644 |
2509 |
unlock_page(fault_page); |
2510 |
unlock_out: |
2511 |
pte_unmap_unlock(pte, ptl); |
2512 |
-@@ -3576,7 +3770,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2513 |
+@@ -3576,7 +3771,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2514 |
page_cache_release(fault_page); |
2515 |
goto uncharge_out; |
2516 |
} |
2517 |
@@ -93664,7 +93622,7 @@ index e302ae1..c0ef712 100644 |
2518 |
pte_unmap_unlock(pte, ptl); |
2519 |
unlock_page(fault_page); |
2520 |
page_cache_release(fault_page); |
2521 |
-@@ -3624,6 +3829,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2522 |
+@@ -3624,6 +3830,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2523 |
return ret; |
2524 |
} |
2525 |
do_set_pte(vma, address, fault_page, pte, true, false); |
2526 |
@@ -93676,7 +93634,7 @@ index e302ae1..c0ef712 100644 |
2527 |
pte_unmap_unlock(pte, ptl); |
2528 |
|
2529 |
if (set_page_dirty(fault_page)) |
2530 |
-@@ -3854,6 +4064,12 @@ static int handle_pte_fault(struct mm_struct *mm, |
2531 |
+@@ -3854,6 +4065,12 @@ static int handle_pte_fault(struct mm_struct *mm, |
2532 |
if (flags & FAULT_FLAG_WRITE) |
2533 |
flush_tlb_fix_spurious_fault(vma, address); |
2534 |
} |
2535 |
@@ -93689,7 +93647,7 @@ index e302ae1..c0ef712 100644 |
2536 |
unlock: |
2537 |
pte_unmap_unlock(pte, ptl); |
2538 |
return 0; |
2539 |
-@@ -3870,9 +4086,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2540 |
+@@ -3870,9 +4087,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
2541 |
pmd_t *pmd; |
2542 |
pte_t *pte; |
2543 |
|
2544 |
@@ -93731,7 +93689,7 @@ index e302ae1..c0ef712 100644 |
2545 |
pgd = pgd_offset(mm, address); |
2546 |
pud = pud_alloc(mm, pgd, address); |
2547 |
if (!pud) |
2548 |
-@@ -4000,6 +4248,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) |
2549 |
+@@ -4000,6 +4249,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) |
2550 |
spin_unlock(&mm->page_table_lock); |
2551 |
return 0; |
2552 |
} |
2553 |
@@ -93755,7 +93713,7 @@ index e302ae1..c0ef712 100644 |
2554 |
#endif /* __PAGETABLE_PUD_FOLDED */ |
2555 |
|
2556 |
#ifndef __PAGETABLE_PMD_FOLDED |
2557 |
-@@ -4030,6 +4295,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) |
2558 |
+@@ -4030,6 +4296,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) |
2559 |
spin_unlock(&mm->page_table_lock); |
2560 |
return 0; |
2561 |
} |
2562 |
@@ -93786,7 +93744,7 @@ index e302ae1..c0ef712 100644 |
2563 |
#endif /* __PAGETABLE_PMD_FOLDED */ |
2564 |
|
2565 |
#if !defined(__HAVE_ARCH_GATE_AREA) |
2566 |
-@@ -4043,7 +4332,7 @@ static int __init gate_vma_init(void) |
2567 |
+@@ -4043,7 +4333,7 @@ static int __init gate_vma_init(void) |
2568 |
gate_vma.vm_start = FIXADDR_USER_START; |
2569 |
gate_vma.vm_end = FIXADDR_USER_END; |
2570 |
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; |
2571 |
@@ -93795,7 +93753,7 @@ index e302ae1..c0ef712 100644 |
2572 |
|
2573 |
return 0; |
2574 |
} |
2575 |
-@@ -4177,8 +4466,8 @@ out: |
2576 |
+@@ -4177,8 +4467,8 @@ out: |
2577 |
return ret; |
2578 |
} |
2579 |
|
2580 |
@@ -93806,7 +93764,7 @@ index e302ae1..c0ef712 100644 |
2581 |
{ |
2582 |
resource_size_t phys_addr; |
2583 |
unsigned long prot = 0; |
2584 |
-@@ -4204,8 +4493,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); |
2585 |
+@@ -4204,8 +4494,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); |
2586 |
* Access another process' address space as given in mm. If non-NULL, use the |
2587 |
* given task for page fault accounting. |
2588 |
*/ |
2589 |
@@ -93817,7 +93775,7 @@ index e302ae1..c0ef712 100644 |
2590 |
{ |
2591 |
struct vm_area_struct *vma; |
2592 |
void *old_buf = buf; |
2593 |
-@@ -4213,7 +4502,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
2594 |
+@@ -4213,7 +4503,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
2595 |
down_read(&mm->mmap_sem); |
2596 |
/* ignore errors, just check how much was successfully transferred */ |
2597 |
while (len) { |
2598 |
@@ -93826,7 +93784,7 @@ index e302ae1..c0ef712 100644 |
2599 |
void *maddr; |
2600 |
struct page *page = NULL; |
2601 |
|
2602 |
-@@ -4272,8 +4561,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
2603 |
+@@ -4272,8 +4562,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
2604 |
* |
2605 |
* The caller must hold a reference on @mm. |
2606 |
*/ |
2607 |
@@ -93837,7 +93795,7 @@ index e302ae1..c0ef712 100644 |
2608 |
{ |
2609 |
return __access_remote_vm(NULL, mm, addr, buf, len, write); |
2610 |
} |
2611 |
-@@ -4283,11 +4572,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, |
2612 |
+@@ -4283,11 +4573,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, |
2613 |
* Source/target buffer must be kernel space, |
2614 |
* Do not walk the page table directly, use get_user_pages |
2615 |
*/ |
2616 |
@@ -93853,7 +93811,7 @@ index e302ae1..c0ef712 100644 |
2617 |
mm = get_task_mm(tsk); |
2618 |
if (!mm) |
2619 |
diff --git a/mm/mempolicy.c b/mm/mempolicy.c |
2620 |
-index 35f9f91..bed4575 100644 |
2621 |
+index 6b65d10..e6f415a 100644 |
2622 |
--- a/mm/mempolicy.c |
2623 |
+++ b/mm/mempolicy.c |
2624 |
@@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, |
2625 |
@@ -95970,7 +95928,7 @@ index 14d1e28..3777962 100644 |
2626 |
|
2627 |
/* |
2628 |
diff --git a/mm/shmem.c b/mm/shmem.c |
2629 |
-index a2801ba..b8651e6 100644 |
2630 |
+index a2801ba..1e82984 100644 |
2631 |
--- a/mm/shmem.c |
2632 |
+++ b/mm/shmem.c |
2633 |
@@ -33,7 +33,7 @@ |
2634 |
@@ -95998,19 +95956,74 @@ index a2801ba..b8651e6 100644 |
2635 |
+ * a time): we would prefer not to enlarge the shmem inode just for that. |
2636 |
*/ |
2637 |
struct shmem_falloc { |
2638 |
-+ int mode; /* FALLOC_FL mode currently operating */ |
2639 |
++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */ |
2640 |
pgoff_t start; /* start of range currently being fallocated */ |
2641 |
pgoff_t next; /* the next page offset to be fallocated */ |
2642 |
pgoff_t nr_falloced; /* how many new pages have been fallocated */ |
2643 |
-@@ -759,6 +760,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) |
2644 |
+@@ -467,23 +468,20 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
2645 |
+ return; |
2646 |
+ |
2647 |
+ index = start; |
2648 |
+- for ( ; ; ) { |
2649 |
++ while (index < end) { |
2650 |
+ cond_resched(); |
2651 |
+ |
2652 |
+ pvec.nr = find_get_entries(mapping, index, |
2653 |
+ min(end - index, (pgoff_t)PAGEVEC_SIZE), |
2654 |
+ pvec.pages, indices); |
2655 |
+ if (!pvec.nr) { |
2656 |
+- if (index == start || unfalloc) |
2657 |
++ /* If all gone or hole-punch or unfalloc, we're done */ |
2658 |
++ if (index == start || end != -1) |
2659 |
+ break; |
2660 |
++ /* But if truncating, restart to make sure all gone */ |
2661 |
+ index = start; |
2662 |
+ continue; |
2663 |
+ } |
2664 |
+- if ((index == start || unfalloc) && indices[0] >= end) { |
2665 |
+- pagevec_remove_exceptionals(&pvec); |
2666 |
+- pagevec_release(&pvec); |
2667 |
+- break; |
2668 |
+- } |
2669 |
+ mem_cgroup_uncharge_start(); |
2670 |
+ for (i = 0; i < pagevec_count(&pvec); i++) { |
2671 |
+ struct page *page = pvec.pages[i]; |
2672 |
+@@ -495,8 +493,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
2673 |
+ if (radix_tree_exceptional_entry(page)) { |
2674 |
+ if (unfalloc) |
2675 |
+ continue; |
2676 |
+- nr_swaps_freed += !shmem_free_swap(mapping, |
2677 |
+- index, page); |
2678 |
++ if (shmem_free_swap(mapping, index, page)) { |
2679 |
++ /* Swap was replaced by page: retry */ |
2680 |
++ index--; |
2681 |
++ break; |
2682 |
++ } |
2683 |
++ nr_swaps_freed++; |
2684 |
+ continue; |
2685 |
+ } |
2686 |
+ |
2687 |
+@@ -505,6 +507,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend, |
2688 |
+ if (page->mapping == mapping) { |
2689 |
+ VM_BUG_ON_PAGE(PageWriteback(page), page); |
2690 |
+ truncate_inode_page(mapping, page); |
2691 |
++ } else { |
2692 |
++ /* Page was replaced by swap: retry */ |
2693 |
++ unlock_page(page); |
2694 |
++ index--; |
2695 |
++ break; |
2696 |
+ } |
2697 |
+ } |
2698 |
+ unlock_page(page); |
2699 |
+@@ -759,6 +766,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc) |
2700 |
spin_lock(&inode->i_lock); |
2701 |
shmem_falloc = inode->i_private; |
2702 |
if (shmem_falloc && |
2703 |
-+ !shmem_falloc->mode && |
2704 |
++ !shmem_falloc->waitq && |
2705 |
index >= shmem_falloc->start && |
2706 |
index < shmem_falloc->next) |
2707 |
shmem_falloc->nr_unswapped++; |
2708 |
-@@ -1233,6 +1235,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
2709 |
+@@ -1233,6 +1241,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
2710 |
int error; |
2711 |
int ret = VM_FAULT_LOCKED; |
2712 |
|
2713 |
@@ -96018,71 +96031,98 @@ index a2801ba..b8651e6 100644 |
2714 |
+ * Trinity finds that probing a hole which tmpfs is punching can |
2715 |
+ * prevent the hole-punch from ever completing: which in turn |
2716 |
+ * locks writers out with its hold on i_mutex. So refrain from |
2717 |
-+ * faulting pages into the hole while it's being punched, and |
2718 |
-+ * wait on i_mutex to be released if vmf->flags permits, |
2719 |
++ * faulting pages into the hole while it's being punched. Although |
2720 |
++ * shmem_undo_range() does remove the additions, it may be unable to |
2721 |
++ * keep up, as each new page needs its own unmap_mapping_range() call, |
2722 |
++ * and the i_mmap tree grows ever slower to scan if new vmas are added. |
2723 |
++ * |
2724 |
++ * It does not matter if we sometimes reach this check just before the |
2725 |
++ * hole-punch begins, so that one fault then races with the punch: |
2726 |
++ * we just need to make racing faults a rare case. |
2727 |
++ * |
2728 |
++ * The implementation below would be much simpler if we just used a |
2729 |
++ * standard mutex or completion: but we cannot take i_mutex in fault, |
2730 |
++ * and bloating every shmem inode for this unlikely case would be sad. |
2731 |
+ */ |
2732 |
+ if (unlikely(inode->i_private)) { |
2733 |
+ struct shmem_falloc *shmem_falloc; |
2734 |
++ |
2735 |
+ spin_lock(&inode->i_lock); |
2736 |
+ shmem_falloc = inode->i_private; |
2737 |
-+ if (!shmem_falloc || |
2738 |
-+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE || |
2739 |
-+ vmf->pgoff < shmem_falloc->start || |
2740 |
-+ vmf->pgoff >= shmem_falloc->next) |
2741 |
-+ shmem_falloc = NULL; |
2742 |
-+ spin_unlock(&inode->i_lock); |
2743 |
-+ /* |
2744 |
-+ * i_lock has protected us from taking shmem_falloc seriously |
2745 |
-+ * once return from shmem_fallocate() went back up that stack. |
2746 |
-+ * i_lock does not serialize with i_mutex at all, but it does |
2747 |
-+ * not matter if sometimes we wait unnecessarily, or sometimes |
2748 |
-+ * miss out on waiting: we just need to make those cases rare. |
2749 |
-+ */ |
2750 |
-+ if (shmem_falloc) { |
2751 |
++ if (shmem_falloc && |
2752 |
++ shmem_falloc->waitq && |
2753 |
++ vmf->pgoff >= shmem_falloc->start && |
2754 |
++ vmf->pgoff < shmem_falloc->next) { |
2755 |
++ wait_queue_head_t *shmem_falloc_waitq; |
2756 |
++ DEFINE_WAIT(shmem_fault_wait); |
2757 |
++ |
2758 |
++ ret = VM_FAULT_NOPAGE; |
2759 |
+ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) && |
2760 |
+ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) { |
2761 |
++ /* It's polite to up mmap_sem if we can */ |
2762 |
+ up_read(&vma->vm_mm->mmap_sem); |
2763 |
-+ mutex_lock(&inode->i_mutex); |
2764 |
-+ mutex_unlock(&inode->i_mutex); |
2765 |
-+ return VM_FAULT_RETRY; |
2766 |
++ ret = VM_FAULT_RETRY; |
2767 |
+ } |
2768 |
-+ /* cond_resched? Leave that to GUP or return to user */ |
2769 |
-+ return VM_FAULT_NOPAGE; |
2770 |
++ |
2771 |
++ shmem_falloc_waitq = shmem_falloc->waitq; |
2772 |
++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait, |
2773 |
++ TASK_UNINTERRUPTIBLE); |
2774 |
++ spin_unlock(&inode->i_lock); |
2775 |
++ schedule(); |
2776 |
++ |
2777 |
++ /* |
2778 |
++ * shmem_falloc_waitq points into the shmem_fallocate() |
2779 |
++ * stack of the hole-punching task: shmem_falloc_waitq |
2780 |
++ * is usually invalid by the time we reach here, but |
2781 |
++ * finish_wait() does not dereference it in that case; |
2782 |
++ * though i_lock needed lest racing with wake_up_all(). |
2783 |
++ */ |
2784 |
++ spin_lock(&inode->i_lock); |
2785 |
++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait); |
2786 |
++ spin_unlock(&inode->i_lock); |
2787 |
++ return ret; |
2788 |
+ } |
2789 |
++ spin_unlock(&inode->i_lock); |
2790 |
+ } |
2791 |
+ |
2792 |
error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret); |
2793 |
if (error) |
2794 |
return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS); |
2795 |
-@@ -1733,18 +1772,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
2796 |
- |
2797 |
- mutex_lock(&inode->i_mutex); |
2798 |
- |
2799 |
-+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE; |
2800 |
-+ |
2801 |
- if (mode & FALLOC_FL_PUNCH_HOLE) { |
2802 |
+@@ -1737,12 +1803,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
2803 |
struct address_space *mapping = file->f_mapping; |
2804 |
loff_t unmap_start = round_up(offset, PAGE_SIZE); |
2805 |
loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1; |
2806 |
- |
2807 |
++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq); |
2808 |
++ |
2809 |
++ shmem_falloc.waitq = &shmem_falloc_waitq; |
2810 |
+ shmem_falloc.start = unmap_start >> PAGE_SHIFT; |
2811 |
+ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT; |
2812 |
+ spin_lock(&inode->i_lock); |
2813 |
+ inode->i_private = &shmem_falloc; |
2814 |
+ spin_unlock(&inode->i_lock); |
2815 |
-+ |
2816 |
+ |
2817 |
if ((u64)unmap_end > (u64)unmap_start) |
2818 |
unmap_mapping_range(mapping, unmap_start, |
2819 |
1 + unmap_end - unmap_start, 0); |
2820 |
shmem_truncate_range(inode, offset, offset + len - 1); |
2821 |
/* No need to unmap again: hole-punching leaves COWed pages */ |
2822 |
++ |
2823 |
++ spin_lock(&inode->i_lock); |
2824 |
++ inode->i_private = NULL; |
2825 |
++ wake_up_all(&shmem_falloc_waitq); |
2826 |
++ spin_unlock(&inode->i_lock); |
2827 |
error = 0; |
2828 |
-- goto out; |
2829 |
-+ goto undone; |
2830 |
+ goto out; |
2831 |
+ } |
2832 |
+@@ -1760,6 +1839,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, |
2833 |
+ goto out; |
2834 |
} |
2835 |
|
2836 |
- /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */ |
2837 |
-@@ -2138,6 +2185,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { |
2838 |
++ shmem_falloc.waitq = NULL; |
2839 |
+ shmem_falloc.start = start; |
2840 |
+ shmem_falloc.next = start; |
2841 |
+ shmem_falloc.nr_falloced = 0; |
2842 |
+@@ -2138,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { |
2843 |
static int shmem_xattr_validate(const char *name) |
2844 |
{ |
2845 |
struct { const char *prefix; size_t len; } arr[] = { |
2846 |
@@ -96094,7 +96134,7 @@ index a2801ba..b8651e6 100644 |
2847 |
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, |
2848 |
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } |
2849 |
}; |
2850 |
-@@ -2193,6 +2245,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, |
2851 |
+@@ -2193,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, |
2852 |
if (err) |
2853 |
return err; |
2854 |
|
2855 |
@@ -96110,7 +96150,7 @@ index a2801ba..b8651e6 100644 |
2856 |
return simple_xattr_set(&info->xattrs, name, value, size, flags); |
2857 |
} |
2858 |
|
2859 |
-@@ -2505,8 +2566,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) |
2860 |
+@@ -2505,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) |
2861 |
int err = -ENOMEM; |
2862 |
|
2863 |
/* Round up to L1_CACHE_BYTES to resist false sharing */ |
2864 |
@@ -99302,6 +99342,21 @@ index 5325b54..a0d4d69 100644 |
2865 |
return -EFAULT; |
2866 |
|
2867 |
*lenp = len; |
2868 |
+diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c |
2869 |
+index e7b6d53..f005cc7 100644 |
2870 |
+--- a/net/dns_resolver/dns_query.c |
2871 |
++++ b/net/dns_resolver/dns_query.c |
2872 |
+@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen, |
2873 |
+ if (!*_result) |
2874 |
+ goto put; |
2875 |
+ |
2876 |
+- memcpy(*_result, upayload->data, len + 1); |
2877 |
++ memcpy(*_result, upayload->data, len); |
2878 |
++ (*_result)[len] = '\0'; |
2879 |
++ |
2880 |
+ if (_expiry) |
2881 |
+ *_expiry = rkey->expiry; |
2882 |
+ |
2883 |
diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c |
2884 |
index ef2d543..5b9b73f 100644 |
2885 |
--- a/net/ieee802154/reassembly.c |
2886 |
@@ -103055,6 +103110,18 @@ index e1543b0..7ce8bd0 100644 |
2887 |
linkwatch_fire_event(dev); |
2888 |
} |
2889 |
} |
2890 |
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c |
2891 |
+index 0b99998..a6953b0 100644 |
2892 |
+--- a/net/sctp/associola.c |
2893 |
++++ b/net/sctp/associola.c |
2894 |
+@@ -1151,6 +1151,7 @@ void sctp_assoc_update(struct sctp_association *asoc, |
2895 |
+ asoc->c = new->c; |
2896 |
+ asoc->peer.rwnd = new->peer.rwnd; |
2897 |
+ asoc->peer.sack_needed = new->peer.sack_needed; |
2898 |
++ asoc->peer.auth_capable = new->peer.auth_capable; |
2899 |
+ asoc->peer.i = new->peer.i; |
2900 |
+ sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, |
2901 |
+ asoc->peer.i.initial_tsn, GFP_ATOMIC); |
2902 |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
2903 |
index 2b1738e..a9d0fc9 100644 |
2904 |
--- a/net/sctp/ipv6.c |
2905 |
@@ -103285,6 +103352,26 @@ index c82fdc1..4ca1f95 100644 |
2906 |
return 0; |
2907 |
} |
2908 |
|
2909 |
+diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c |
2910 |
+index 85c6465..879f3cd 100644 |
2911 |
+--- a/net/sctp/ulpevent.c |
2912 |
++++ b/net/sctp/ulpevent.c |
2913 |
+@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( |
2914 |
+ * sre_type: |
2915 |
+ * It should be SCTP_REMOTE_ERROR. |
2916 |
+ */ |
2917 |
++ memset(sre, 0, sizeof(*sre)); |
2918 |
+ sre->sre_type = SCTP_REMOTE_ERROR; |
2919 |
+ |
2920 |
+ /* |
2921 |
+@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, |
2922 |
+ * For recvmsg() the SCTP stack places the message's stream number in |
2923 |
+ * this value. |
2924 |
+ */ |
2925 |
++ memset(&sinfo, 0, sizeof(sinfo)); |
2926 |
+ sinfo.sinfo_stream = event->stream; |
2927 |
+ /* sinfo_ssn: 16 bits (unsigned integer) |
2928 |
+ * |
2929 |
diff --git a/net/socket.c b/net/socket.c |
2930 |
index abf56b2..b8998bc 100644 |
2931 |
--- a/net/socket.c |
2932 |
|
2933 |
diff --git a/3.15.5/4425_grsec_remove_EI_PAX.patch b/3.15.6/4425_grsec_remove_EI_PAX.patch |
2934 |
similarity index 100% |
2935 |
rename from 3.15.5/4425_grsec_remove_EI_PAX.patch |
2936 |
rename to 3.15.6/4425_grsec_remove_EI_PAX.patch |
2937 |
|
2938 |
diff --git a/3.15.5/4427_force_XATTR_PAX_tmpfs.patch b/3.15.6/4427_force_XATTR_PAX_tmpfs.patch |
2939 |
similarity index 100% |
2940 |
rename from 3.15.5/4427_force_XATTR_PAX_tmpfs.patch |
2941 |
rename to 3.15.6/4427_force_XATTR_PAX_tmpfs.patch |
2942 |
|
2943 |
diff --git a/3.15.5/4430_grsec-remove-localversion-grsec.patch b/3.15.6/4430_grsec-remove-localversion-grsec.patch |
2944 |
similarity index 100% |
2945 |
rename from 3.15.5/4430_grsec-remove-localversion-grsec.patch |
2946 |
rename to 3.15.6/4430_grsec-remove-localversion-grsec.patch |
2947 |
|
2948 |
diff --git a/3.15.5/4435_grsec-mute-warnings.patch b/3.15.6/4435_grsec-mute-warnings.patch |
2949 |
similarity index 100% |
2950 |
rename from 3.15.5/4435_grsec-mute-warnings.patch |
2951 |
rename to 3.15.6/4435_grsec-mute-warnings.patch |
2952 |
|
2953 |
diff --git a/3.15.5/4440_grsec-remove-protected-paths.patch b/3.15.6/4440_grsec-remove-protected-paths.patch |
2954 |
similarity index 100% |
2955 |
rename from 3.15.5/4440_grsec-remove-protected-paths.patch |
2956 |
rename to 3.15.6/4440_grsec-remove-protected-paths.patch |
2957 |
|
2958 |
diff --git a/3.15.5/4450_grsec-kconfig-default-gids.patch b/3.15.6/4450_grsec-kconfig-default-gids.patch |
2959 |
similarity index 100% |
2960 |
rename from 3.15.5/4450_grsec-kconfig-default-gids.patch |
2961 |
rename to 3.15.6/4450_grsec-kconfig-default-gids.patch |
2962 |
|
2963 |
diff --git a/3.15.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.6/4465_selinux-avc_audit-log-curr_ip.patch |
2964 |
similarity index 100% |
2965 |
rename from 3.15.5/4465_selinux-avc_audit-log-curr_ip.patch |
2966 |
rename to 3.15.6/4465_selinux-avc_audit-log-curr_ip.patch |
2967 |
|
2968 |
diff --git a/3.15.5/4470_disable-compat_vdso.patch b/3.15.6/4470_disable-compat_vdso.patch |
2969 |
similarity index 100% |
2970 |
rename from 3.15.5/4470_disable-compat_vdso.patch |
2971 |
rename to 3.15.6/4470_disable-compat_vdso.patch |
2972 |
|
2973 |
diff --git a/3.15.5/4475_emutramp_default_on.patch b/3.15.6/4475_emutramp_default_on.patch |
2974 |
similarity index 100% |
2975 |
rename from 3.15.5/4475_emutramp_default_on.patch |
2976 |
rename to 3.15.6/4475_emutramp_default_on.patch |
2977 |
|
2978 |
diff --git a/3.2.61/0000_README b/3.2.61/0000_README |
2979 |
index c0718d5..be52f3a 100644 |
2980 |
--- a/3.2.61/0000_README |
2981 |
+++ b/3.2.61/0000_README |
2982 |
@@ -162,7 +162,7 @@ Patch: 1060_linux-3.2.61.patch |
2983 |
From: http://www.kernel.org |
2984 |
Desc: Linux 3.2.61 |
2985 |
|
2986 |
-Patch: 4420_grsecurity-3.0-3.2.61-201407170636.patch |
2987 |
+Patch: 4420_grsecurity-3.0-3.2.61-201407232156.patch |
2988 |
From: http://www.grsecurity.net |
2989 |
Desc: hardened-sources base patch from upstream grsecurity |
2990 |
|
2991 |
|
2992 |
diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch b/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch |
2993 |
similarity index 99% |
2994 |
rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch |
2995 |
rename to 3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch |
2996 |
index d53a91b..c484237 100644 |
2997 |
--- a/3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch |
2998 |
+++ b/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch |
2999 |
@@ -11106,7 +11106,7 @@ index 7bcf3fc..560ff4c 100644 |
3000 |
+ pax_force_retaddr |
3001 |
ret |
3002 |
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c |
3003 |
-index fd84387..887aa7e 100644 |
3004 |
+index fd84387..887aa7ef 100644 |
3005 |
--- a/arch/x86/ia32/ia32_aout.c |
3006 |
+++ b/arch/x86/ia32/ia32_aout.c |
3007 |
@@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, |
3008 |
@@ -28843,7 +28843,7 @@ index a4cca06..9e00106 100644 |
3009 |
(unsigned long)(&__init_begin), |
3010 |
(unsigned long)(&__init_end)); |
3011 |
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c |
3012 |
-index 29f7c6d..5122941 100644 |
3013 |
+index 29f7c6d9..5122941 100644 |
3014 |
--- a/arch/x86/mm/init_32.c |
3015 |
+++ b/arch/x86/mm/init_32.c |
3016 |
@@ -74,36 +74,6 @@ static __init void *alloc_low_page(void) |
3017 |
@@ -34913,7 +34913,7 @@ index da3cfee..a5a6606 100644 |
3018 |
|
3019 |
*ppos = i; |
3020 |
diff --git a/drivers/char/random.c b/drivers/char/random.c |
3021 |
-index c244f0e..8b3452f 100644 |
3022 |
+index c244f0e..59b5e6c 100644 |
3023 |
--- a/drivers/char/random.c |
3024 |
+++ b/drivers/char/random.c |
3025 |
@@ -255,10 +255,8 @@ |
3026 |
@@ -35363,6 +35363,8 @@ index c244f0e..8b3452f 100644 |
3027 |
retry: |
3028 |
entropy_count = orig = ACCESS_ONCE(r->entropy_count); |
3029 |
- entropy_count += nbits; |
3030 |
+- if (entropy_count < 0) { |
3031 |
+- DEBUG_ENT("negative entropy/overflow\n"); |
3032 |
+ if (nfrac < 0) { |
3033 |
+ /* Debit */ |
3034 |
+ entropy_count += nfrac; |
3035 |
@@ -35402,8 +35404,7 @@ index c244f0e..8b3452f 100644 |
3036 |
+ } while (unlikely(entropy_count < pool_size-2 && pnfrac)); |
3037 |
+ } |
3038 |
+ |
3039 |
- if (entropy_count < 0) { |
3040 |
-- DEBUG_ENT("negative entropy/overflow\n"); |
3041 |
++ if (unlikely(entropy_count < 0)) { |
3042 |
+ pr_warn("random: negative entropy/overflow: pool %s count %d\n", |
3043 |
+ r->name, entropy_count); |
3044 |
+ WARN_ON(1); |
3045 |
@@ -35651,7 +35652,7 @@ index c244f0e..8b3452f 100644 |
3046 |
} |
3047 |
#endif |
3048 |
|
3049 |
-@@ -835,104 +915,131 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3050 |
+@@ -835,104 +915,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3051 |
* from the primary pool to the secondary extraction pool. We make |
3052 |
* sure we pull enough for a 'catastrophic reseed'. |
3053 |
*/ |
3054 |
@@ -35746,7 +35747,7 @@ index c244f0e..8b3452f 100644 |
3055 |
{ |
3056 |
- unsigned long flags; |
3057 |
+ int entropy_count, orig; |
3058 |
-+ size_t ibytes; |
3059 |
++ size_t ibytes, nfrac; |
3060 |
|
3061 |
- /* Hold lock while accounting */ |
3062 |
- spin_lock_irqsave(&r->lock, flags); |
3063 |
@@ -35781,18 +35782,27 @@ index c244f0e..8b3452f 100644 |
3064 |
- if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) |
3065 |
- goto retry; |
3066 |
- } |
3067 |
-- |
3068 |
-- if (entropy_count < random_write_wakeup_thresh) { |
3069 |
-- wake_up_interruptible(&random_write_wait); |
3070 |
-- kill_fasync(&fasync, SIGIO, POLL_OUT); |
3071 |
-- } |
3072 |
+ if ((have_bytes -= reserved) < 0) |
3073 |
+ have_bytes = 0; |
3074 |
+ ibytes = min_t(size_t, ibytes, have_bytes); |
3075 |
- } |
3076 |
++ } |
3077 |
+ if (ibytes < min) |
3078 |
+ ibytes = 0; |
3079 |
-+ if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0) |
3080 |
+ |
3081 |
+- if (entropy_count < random_write_wakeup_thresh) { |
3082 |
+- wake_up_interruptible(&random_write_wait); |
3083 |
+- kill_fasync(&fasync, SIGIO, POLL_OUT); |
3084 |
+- } |
3085 |
++ if (unlikely(entropy_count < 0)) { |
3086 |
++ pr_warn("random: negative entropy count: pool %s count %d\n", |
3087 |
++ r->name, entropy_count); |
3088 |
++ WARN_ON(1); |
3089 |
++ entropy_count = 0; |
3090 |
+ } |
3091 |
++ nfrac = ibytes << (ENTROPY_SHIFT + 3); |
3092 |
++ if ((size_t) entropy_count > nfrac) |
3093 |
++ entropy_count -= nfrac; |
3094 |
++ else |
3095 |
+ entropy_count = 0; |
3096 |
|
3097 |
- DEBUG_ENT("debiting %d entropy credits from %s%s\n", |
3098 |
@@ -35847,7 +35857,7 @@ index c244f0e..8b3452f 100644 |
3099 |
spin_lock_irqsave(&r->lock, flags); |
3100 |
for (i = 0; i < r->poolinfo->poolwords; i += 16) |
3101 |
sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); |
3102 |
-@@ -966,27 +1073,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
3103 |
+@@ -966,27 +1083,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
3104 |
hash.w[1] ^= hash.w[4]; |
3105 |
hash.w[2] ^= rol32(hash.w[2], 16); |
3106 |
|
3107 |
@@ -35902,7 +35912,7 @@ index c244f0e..8b3452f 100644 |
3108 |
xfer_secondary_pool(r, nbytes); |
3109 |
nbytes = account(r, nbytes, min, reserved); |
3110 |
|
3111 |
-@@ -994,8 +1117,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3112 |
+@@ -994,8 +1127,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3113 |
extract_buf(r, tmp); |
3114 |
|
3115 |
if (fips_enabled) { |
3116 |
@@ -35911,7 +35921,7 @@ index c244f0e..8b3452f 100644 |
3117 |
spin_lock_irqsave(&r->lock, flags); |
3118 |
if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) |
3119 |
panic("Hardware RNG duplicated output!\n"); |
3120 |
-@@ -1015,12 +1136,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3121 |
+@@ -1015,12 +1146,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
3122 |
return ret; |
3123 |
} |
3124 |
|
3125 |
@@ -35929,7 +35939,7 @@ index c244f0e..8b3452f 100644 |
3126 |
xfer_secondary_pool(r, nbytes); |
3127 |
nbytes = account(r, nbytes, 0, 0); |
3128 |
|
3129 |
-@@ -1036,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
3130 |
+@@ -1036,7 +1172,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
3131 |
|
3132 |
extract_buf(r, tmp); |
3133 |
i = min_t(int, nbytes, EXTRACT_SIZE); |
3134 |
@@ -35938,7 +35948,7 @@ index c244f0e..8b3452f 100644 |
3135 |
ret = -EFAULT; |
3136 |
break; |
3137 |
} |
3138 |
-@@ -1055,11 +1181,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
3139 |
+@@ -1055,11 +1191,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
3140 |
/* |
3141 |
* This function is the exported kernel interface. It returns some |
3142 |
* number of good random numbers, suitable for key generation, seeding |
3143 |
@@ -35961,7 +35971,7 @@ index c244f0e..8b3452f 100644 |
3144 |
extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0); |
3145 |
} |
3146 |
EXPORT_SYMBOL(get_random_bytes); |
3147 |
-@@ -1078,6 +1213,7 @@ void get_random_bytes_arch(void *buf, int nbytes) |
3148 |
+@@ -1078,6 +1223,7 @@ void get_random_bytes_arch(void *buf, int nbytes) |
3149 |
{ |
3150 |
char *p = buf; |
3151 |
|
3152 |
@@ -35969,7 +35979,7 @@ index c244f0e..8b3452f 100644 |
3153 |
while (nbytes) { |
3154 |
unsigned long v; |
3155 |
int chunk = min(nbytes, (int)sizeof(unsigned long)); |
3156 |
-@@ -1111,12 +1247,11 @@ static void init_std_data(struct entropy_store *r) |
3157 |
+@@ -1111,12 +1257,11 @@ static void init_std_data(struct entropy_store *r) |
3158 |
ktime_t now = ktime_get_real(); |
3159 |
unsigned long rv; |
3160 |
|
3161 |
@@ -35985,7 +35995,7 @@ index c244f0e..8b3452f 100644 |
3162 |
mix_pool_bytes(r, &rv, sizeof(rv), NULL); |
3163 |
} |
3164 |
mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL); |
3165 |
-@@ -1139,25 +1274,7 @@ static int rand_initialize(void) |
3166 |
+@@ -1139,25 +1284,7 @@ static int rand_initialize(void) |
3167 |
init_std_data(&nonblocking_pool); |
3168 |
return 0; |
3169 |
} |
3170 |
@@ -36012,7 +36022,7 @@ index c244f0e..8b3452f 100644 |
3171 |
|
3172 |
#ifdef CONFIG_BLOCK |
3173 |
void rand_initialize_disk(struct gendisk *disk) |
3174 |
-@@ -1169,71 +1286,59 @@ void rand_initialize_disk(struct gendisk *disk) |
3175 |
+@@ -1169,71 +1296,60 @@ void rand_initialize_disk(struct gendisk *disk) |
3176 |
* source. |
3177 |
*/ |
3178 |
state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL); |
3179 |
@@ -36112,6 +36122,7 @@ index c244f0e..8b3452f 100644 |
3180 |
+ "with %d bits of entropy available\n", |
3181 |
+ current->comm, nonblocking_pool.entropy_total); |
3182 |
+ |
3183 |
++ nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3)); |
3184 |
+ ret = extract_entropy_user(&nonblocking_pool, buf, nbytes); |
3185 |
+ |
3186 |
+ trace_urandom_read(8 * nbytes, ENTROPY_BITS(&nonblocking_pool), |
3187 |
@@ -36120,7 +36131,7 @@ index c244f0e..8b3452f 100644 |
3188 |
} |
3189 |
|
3190 |
static unsigned int |
3191 |
-@@ -1244,9 +1349,9 @@ random_poll(struct file *file, poll_table * wait) |
3192 |
+@@ -1244,9 +1360,9 @@ random_poll(struct file *file, poll_table * wait) |
3193 |
poll_wait(file, &random_read_wait, wait); |
3194 |
poll_wait(file, &random_write_wait, wait); |
3195 |
mask = 0; |
3196 |
@@ -36132,7 +36143,7 @@ index c244f0e..8b3452f 100644 |
3197 |
mask |= POLLOUT | POLLWRNORM; |
3198 |
return mask; |
3199 |
} |
3200 |
-@@ -1297,7 +1402,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3201 |
+@@ -1297,7 +1413,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3202 |
switch (cmd) { |
3203 |
case RNDGETENTCNT: |
3204 |
/* inherently racy, no point locking */ |
3205 |
@@ -36142,7 +36153,7 @@ index c244f0e..8b3452f 100644 |
3206 |
return -EFAULT; |
3207 |
return 0; |
3208 |
case RNDADDTOENTCNT: |
3209 |
-@@ -1305,7 +1411,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3210 |
+@@ -1305,7 +1422,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3211 |
return -EPERM; |
3212 |
if (get_user(ent_count, p)) |
3213 |
return -EFAULT; |
3214 |
@@ -36151,7 +36162,7 @@ index c244f0e..8b3452f 100644 |
3215 |
return 0; |
3216 |
case RNDADDENTROPY: |
3217 |
if (!capable(CAP_SYS_ADMIN)) |
3218 |
-@@ -1320,14 +1426,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3219 |
+@@ -1320,14 +1437,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg) |
3220 |
size); |
3221 |
if (retval < 0) |
3222 |
return retval; |
3223 |
@@ -36174,7 +36185,7 @@ index c244f0e..8b3452f 100644 |
3224 |
return 0; |
3225 |
default: |
3226 |
return -EINVAL; |
3227 |
-@@ -1387,23 +1498,23 @@ EXPORT_SYMBOL(generate_random_uuid); |
3228 |
+@@ -1387,23 +1509,23 @@ EXPORT_SYMBOL(generate_random_uuid); |
3229 |
#include <linux/sysctl.h> |
3230 |
|
3231 |
static int min_read_thresh = 8, min_write_thresh; |
3232 |
@@ -36205,7 +36216,7 @@ index c244f0e..8b3452f 100644 |
3233 |
unsigned char buf[64], tmp_uuid[16], *uuid; |
3234 |
|
3235 |
uuid = table->data; |
3236 |
-@@ -1427,8 +1538,26 @@ static int proc_do_uuid(ctl_table *table, int write, |
3237 |
+@@ -1427,8 +1549,26 @@ static int proc_do_uuid(ctl_table *table, int write, |
3238 |
return proc_dostring(&fake_table, write, buffer, lenp, ppos); |
3239 |
} |
3240 |
|
3241 |
@@ -36233,7 +36244,7 @@ index c244f0e..8b3452f 100644 |
3242 |
{ |
3243 |
.procname = "poolsize", |
3244 |
.data = &sysctl_poolsize, |
3245 |
-@@ -1440,12 +1569,12 @@ ctl_table random_table[] = { |
3246 |
+@@ -1440,12 +1580,12 @@ ctl_table random_table[] = { |
3247 |
.procname = "entropy_avail", |
3248 |
.maxlen = sizeof(int), |
3249 |
.mode = 0444, |
3250 |
@@ -36248,7 +36259,7 @@ index c244f0e..8b3452f 100644 |
3251 |
.maxlen = sizeof(int), |
3252 |
.mode = 0644, |
3253 |
.proc_handler = proc_dointvec_minmax, |
3254 |
-@@ -1454,7 +1583,7 @@ ctl_table random_table[] = { |
3255 |
+@@ -1454,7 +1594,7 @@ ctl_table random_table[] = { |
3256 |
}, |
3257 |
{ |
3258 |
.procname = "write_wakeup_threshold", |
3259 |
@@ -36257,7 +36268,7 @@ index c244f0e..8b3452f 100644 |
3260 |
.maxlen = sizeof(int), |
3261 |
.mode = 0644, |
3262 |
.proc_handler = proc_dointvec_minmax, |
3263 |
-@@ -1462,6 +1591,13 @@ ctl_table random_table[] = { |
3264 |
+@@ -1462,6 +1602,13 @@ ctl_table random_table[] = { |
3265 |
.extra2 = &max_write_thresh, |
3266 |
}, |
3267 |
{ |
3268 |
@@ -36271,7 +36282,7 @@ index c244f0e..8b3452f 100644 |
3269 |
.procname = "boot_id", |
3270 |
.data = &sysctl_bootid, |
3271 |
.maxlen = 16, |
3272 |
-@@ -1492,7 +1628,7 @@ int random_int_secret_init(void) |
3273 |
+@@ -1492,7 +1639,7 @@ int random_int_secret_init(void) |
3274 |
* value is not cryptographically secure but for several uses the cost of |
3275 |
* depleting entropy is too high |
3276 |
*/ |
3277 |
@@ -36280,7 +36291,7 @@ index c244f0e..8b3452f 100644 |
3278 |
unsigned int get_random_int(void) |
3279 |
{ |
3280 |
__u32 *hash; |
3281 |
-@@ -1510,6 +1646,7 @@ unsigned int get_random_int(void) |
3282 |
+@@ -1510,6 +1657,7 @@ unsigned int get_random_int(void) |
3283 |
|
3284 |
return ret; |
3285 |
} |
3286 |
@@ -44899,6 +44910,24 @@ index 5920c99..ff2e4a5 100644 |
3287 |
}; |
3288 |
|
3289 |
static void |
3290 |
+diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c |
3291 |
+index 8a10bb7..7560422 100644 |
3292 |
+--- a/drivers/net/wan/x25_asy.c |
3293 |
++++ b/drivers/net/wan/x25_asy.c |
3294 |
+@@ -123,8 +123,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu) |
3295 |
+ { |
3296 |
+ struct x25_asy *sl = netdev_priv(dev); |
3297 |
+ unsigned char *xbuff, *rbuff; |
3298 |
+- int len = 2 * newmtu; |
3299 |
++ int len; |
3300 |
+ |
3301 |
++ if (newmtu > 65534) |
3302 |
++ return -EINVAL; |
3303 |
++ |
3304 |
++ len = 2 * newmtu; |
3305 |
+ xbuff = kmalloc(len + 4, GFP_ATOMIC); |
3306 |
+ rbuff = kmalloc(len + 4, GFP_ATOMIC); |
3307 |
+ |
3308 |
diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c |
3309 |
index 0e57690..ad698bb 100644 |
3310 |
--- a/drivers/net/wan/z85230.c |
3311 |
@@ -100930,6 +100959,21 @@ index d50a13c..1f612ff 100644 |
3312 |
return -EFAULT; |
3313 |
|
3314 |
*lenp = len; |
3315 |
+diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c |
3316 |
+index c32be29..2022b46 100644 |
3317 |
+--- a/net/dns_resolver/dns_query.c |
3318 |
++++ b/net/dns_resolver/dns_query.c |
3319 |
+@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen, |
3320 |
+ if (!*_result) |
3321 |
+ goto put; |
3322 |
+ |
3323 |
+- memcpy(*_result, upayload->data, len + 1); |
3324 |
++ memcpy(*_result, upayload->data, len); |
3325 |
++ (*_result)[len] = '\0'; |
3326 |
++ |
3327 |
+ if (_expiry) |
3328 |
+ *_expiry = rkey->expiry; |
3329 |
+ |
3330 |
diff --git a/net/econet/Kconfig b/net/econet/Kconfig |
3331 |
index 39a2d29..f39c0fe 100644 |
3332 |
--- a/net/econet/Kconfig |
3333 |
@@ -105043,6 +105087,18 @@ index 7635107..4670276 100644 |
3334 |
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); |
3335 |
|
3336 |
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); |
3337 |
+diff --git a/net/sctp/associola.c b/net/sctp/associola.c |
3338 |
+index 25b207b..da54d29 100644 |
3339 |
+--- a/net/sctp/associola.c |
3340 |
++++ b/net/sctp/associola.c |
3341 |
+@@ -1188,6 +1188,7 @@ void sctp_assoc_update(struct sctp_association *asoc, |
3342 |
+ asoc->c = new->c; |
3343 |
+ asoc->peer.rwnd = new->peer.rwnd; |
3344 |
+ asoc->peer.sack_needed = new->peer.sack_needed; |
3345 |
++ asoc->peer.auth_capable = new->peer.auth_capable; |
3346 |
+ asoc->peer.i = new->peer.i; |
3347 |
+ sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL, |
3348 |
+ asoc->peer.i.initial_tsn, GFP_ATOMIC); |
3349 |
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
3350 |
index 0b6a391..febcef2 100644 |
3351 |
--- a/net/sctp/ipv6.c |
3352 |
@@ -105301,6 +105357,26 @@ index 8da4481..d02565e 100644 |
3353 |
tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha) |
3354 |
+ (rtt >> sctp_rto_alpha); |
3355 |
} else { |
3356 |
+diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c |
3357 |
+index 8a84017..d4faa70 100644 |
3358 |
+--- a/net/sctp/ulpevent.c |
3359 |
++++ b/net/sctp/ulpevent.c |
3360 |
+@@ -418,6 +418,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error( |
3361 |
+ * sre_type: |
3362 |
+ * It should be SCTP_REMOTE_ERROR. |
3363 |
+ */ |
3364 |
++ memset(sre, 0, sizeof(*sre)); |
3365 |
+ sre->sre_type = SCTP_REMOTE_ERROR; |
3366 |
+ |
3367 |
+ /* |
3368 |
+@@ -921,6 +922,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event, |
3369 |
+ * For recvmsg() the SCTP stack places the message's stream number in |
3370 |
+ * this value. |
3371 |
+ */ |
3372 |
++ memset(&sinfo, 0, sizeof(sinfo)); |
3373 |
+ sinfo.sinfo_stream = event->stream; |
3374 |
+ /* sinfo_ssn: 16 bits (unsigned integer) |
3375 |
+ * |
3376 |
diff --git a/net/socket.c b/net/socket.c |
3377 |
index 3faa358..3d43f20 100644 |
3378 |
--- a/net/socket.c |