Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.13/, 3.15.6/, 3.15.5/, 3.14.12/, 3.2.61/
Date: Fri, 25 Jul 2014 14:34:24
Message-Id: 1406298913.64a02f06fb83ec19cb979fabac2117596143adf8.blueness@gentoo
1 commit: 64a02f06fb83ec19cb979fabac2117596143adf8
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Fri Jul 25 14:35:13 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Fri Jul 25 14:35:13 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=64a02f06
7
8 Grsec/PaX: 3.0-{3.2.60,3.14.13,3.15.6}-201407232200
9
10 ---
11 {3.14.12 => 3.14.13}/0000_README | 2 +-
12 .../4420_grsecurity-3.0-3.14.13-201407232159.patch | 432 +++++++++----
13 .../4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 .../4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 .../4470_disable-compat_vdso.patch | 0
21 .../4475_emutramp_default_on.patch | 0
22 {3.15.5 => 3.15.6}/0000_README | 2 +-
23 .../4420_grsecurity-3.0-3.15.6-201407232200.patch | 699 ++++++++++++---------
24 {3.15.5 => 3.15.6}/4425_grsec_remove_EI_PAX.patch | 0
25 .../4427_force_XATTR_PAX_tmpfs.patch | 0
26 .../4430_grsec-remove-localversion-grsec.patch | 0
27 {3.15.5 => 3.15.6}/4435_grsec-mute-warnings.patch | 0
28 .../4440_grsec-remove-protected-paths.patch | 0
29 .../4450_grsec-kconfig-default-gids.patch | 0
30 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
31 {3.15.5 => 3.15.6}/4470_disable-compat_vdso.patch | 0
32 {3.15.5 => 3.15.6}/4475_emutramp_default_on.patch | 0
33 3.2.61/0000_README | 2 +-
34 ... 4420_grsecurity-3.0-3.2.61-201407232156.patch} | 144 ++++-
35 24 files changed, 802 insertions(+), 479 deletions(-)
36
37 diff --git a/3.14.12/0000_README b/3.14.13/0000_README
38 similarity index 96%
39 rename from 3.14.12/0000_README
40 rename to 3.14.13/0000_README
41 index 857c6a1..ed0d890 100644
42 --- a/3.14.12/0000_README
43 +++ b/3.14.13/0000_README
44 @@ -2,7 +2,7 @@ README
45 -----------------------------------------------------------------------------
46 Individual Patch Descriptions:
47 -----------------------------------------------------------------------------
48 -Patch: 4420_grsecurity-3.0-3.14.12-201407170638.patch
49 +Patch: 4420_grsecurity-3.0-3.14.13-201407232159.patch
50 From: http://www.grsecurity.net
51 Desc: hardened-sources base patch from upstream grsecurity
52
53
54 diff --git a/3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch b/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch
55 similarity index 99%
56 rename from 3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch
57 rename to 3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch
58 index 02636ed..81dff0f 100644
59 --- a/3.14.12/4420_grsecurity-3.0-3.14.12-201407170638.patch
60 +++ b/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch
61 @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
62
63 pcd. [PARIDE]
64 diff --git a/Makefile b/Makefile
65 -index 13d8f32..a7a7b9b 100644
66 +index 7a2981c..9fadd78 100644
67 --- a/Makefile
68 +++ b/Makefile
69 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
70 @@ -7700,7 +7700,7 @@ index 50dfafc..b9fc230 100644
71 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
72 me->arch.unwind_section, table, end, gp);
73 diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
74 -index 31ffa9b..588a798 100644
75 +index e1ffea2..46ed66e 100644
76 --- a/arch/parisc/kernel/sys_parisc.c
77 +++ b/arch/parisc/kernel/sys_parisc.c
78 @@ -89,6 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
79 @@ -7960,7 +7960,7 @@ index d72197f..c017c84 100644
80 /*
81 * If for any reason at all we couldn't handle the fault, make
82 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
83 -index 957bf34..3430cc8 100644
84 +index 2156fa2..cc28613 100644
85 --- a/arch/powerpc/Kconfig
86 +++ b/arch/powerpc/Kconfig
87 @@ -393,6 +393,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
88 @@ -33352,19 +33352,21 @@ index 7b179b4..6bd17777 100644
89
90 return (void *)vaddr;
91 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
92 -index 799580c..72f9fe0 100644
93 +index 94bd247..7e48391 100644
94 --- a/arch/x86/mm/ioremap.c
95 +++ b/arch/x86/mm/ioremap.c
96 -@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
97 - for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
98 - int is_ram = page_is_ram(pfn);
99 +@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
100 + unsigned long i;
101 +
102 + for (i = 0; i < nr_pages; ++i)
103 +- if (pfn_valid(start_pfn + i) &&
104 +- !PageReserved(pfn_to_page(start_pfn + i)))
105 ++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 ||
106 ++ !PageReserved(pfn_to_page(start_pfn + i))))
107 + return 1;
108
109 -- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
110 -+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn))))
111 - return NULL;
112 - WARN_ON_ONCE(is_ram);
113 - }
114 -@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot);
115 + WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
116 +@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot);
117 *
118 * Caller must ensure there is only one unmapping for the same pointer.
119 */
120 @@ -33373,7 +33375,7 @@ index 799580c..72f9fe0 100644
121 {
122 struct vm_struct *p, *o;
123
124 -@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
125 +@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
126
127 /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
128 if (page_is_ram(start >> PAGE_SHIFT))
129 @@ -33383,7 +33385,7 @@ index 799580c..72f9fe0 100644
130 return __va(phys);
131
132 addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
133 -@@ -322,6 +325,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
134 +@@ -334,6 +337,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
135 void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
136 {
137 if (page_is_ram(phys >> PAGE_SHIFT))
138 @@ -33393,7 +33395,7 @@ index 799580c..72f9fe0 100644
139 return;
140
141 iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK));
142 -@@ -339,7 +345,7 @@ static int __init early_ioremap_debug_setup(char *str)
143 +@@ -351,7 +357,7 @@ static int __init early_ioremap_debug_setup(char *str)
144 early_param("early_ioremap_debug", early_ioremap_debug_setup);
145
146 static __initdata int after_paging_init;
147 @@ -33402,7 +33404,7 @@ index 799580c..72f9fe0 100644
148
149 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
150 {
151 -@@ -376,8 +382,7 @@ void __init early_ioremap_init(void)
152 +@@ -388,8 +394,7 @@ void __init early_ioremap_init(void)
153 slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
154
155 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
156 @@ -39664,7 +39666,7 @@ index 18d4091..434be15 100644
157 }
158 EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
159 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
160 -index 6d98c37..a592321 100644
161 +index ae52c77..3d8f69b 100644
162 --- a/drivers/cpufreq/intel_pstate.c
163 +++ b/drivers/cpufreq/intel_pstate.c
164 @@ -125,10 +125,10 @@ struct pstate_funcs {
165 @@ -39680,7 +39682,7 @@ index 6d98c37..a592321 100644
166
167 struct perf_limits {
168 int no_turbo;
169 -@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
170 +@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
171
172 cpu->pstate.current_pstate = pstate;
173
174 @@ -39689,7 +39691,7 @@ index 6d98c37..a592321 100644
175 }
176
177 static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
178 -@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
179 +@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
180 {
181 sprintf(cpu->name, "Intel 2nd generation core");
182
183 @@ -39707,7 +39709,7 @@ index 6d98c37..a592321 100644
184 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
185 }
186
187 -@@ -835,9 +835,9 @@ static int intel_pstate_msrs_not_valid(void)
188 +@@ -844,9 +844,9 @@ static int intel_pstate_msrs_not_valid(void)
189 rdmsrl(MSR_IA32_APERF, aperf);
190 rdmsrl(MSR_IA32_MPERF, mperf);
191
192 @@ -39720,7 +39722,7 @@ index 6d98c37..a592321 100644
193 return -ENODEV;
194
195 rdmsrl(MSR_IA32_APERF, tmp);
196 -@@ -851,7 +851,7 @@ static int intel_pstate_msrs_not_valid(void)
197 +@@ -860,7 +860,7 @@ static int intel_pstate_msrs_not_valid(void)
198 return 0;
199 }
200
201 @@ -39729,7 +39731,7 @@ index 6d98c37..a592321 100644
202 {
203 pid_params.sample_rate_ms = policy->sample_rate_ms;
204 pid_params.p_gain_pct = policy->p_gain_pct;
205 -@@ -863,11 +863,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
206 +@@ -872,11 +872,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
207
208 static void copy_cpu_funcs(struct pstate_funcs *funcs)
209 {
210 @@ -44543,10 +44545,10 @@ index b086a94..74cb67e 100644
211 pmd->bl_info.value_type.inc = data_block_inc;
212 pmd->bl_info.value_type.dec = data_block_dec;
213 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
214 -index 8c53b09..f1fb2b0 100644
215 +index 65ee3a0..1852af9 100644
216 --- a/drivers/md/dm.c
217 +++ b/drivers/md/dm.c
218 -@@ -185,9 +185,9 @@ struct mapped_device {
219 +@@ -187,9 +187,9 @@ struct mapped_device {
220 /*
221 * Event handling.
222 */
223 @@ -44558,7 +44560,7 @@ index 8c53b09..f1fb2b0 100644
224 struct list_head uevent_list;
225 spinlock_t uevent_lock; /* Protect access to uevent_list */
226
227 -@@ -1888,8 +1888,8 @@ static struct mapped_device *alloc_dev(int minor)
228 +@@ -1899,8 +1899,8 @@ static struct mapped_device *alloc_dev(int minor)
229 spin_lock_init(&md->deferred_lock);
230 atomic_set(&md->holders, 1);
231 atomic_set(&md->open_count, 0);
232 @@ -44569,7 +44571,7 @@ index 8c53b09..f1fb2b0 100644
233 INIT_LIST_HEAD(&md->uevent_list);
234 spin_lock_init(&md->uevent_lock);
235
236 -@@ -2043,7 +2043,7 @@ static void event_callback(void *context)
237 +@@ -2054,7 +2054,7 @@ static void event_callback(void *context)
238
239 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
240
241 @@ -44578,7 +44580,7 @@ index 8c53b09..f1fb2b0 100644
242 wake_up(&md->eventq);
243 }
244
245 -@@ -2736,18 +2736,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
246 +@@ -2747,18 +2747,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
247
248 uint32_t dm_next_uevent_seq(struct mapped_device *md)
249 {
250 @@ -47503,6 +47505,24 @@ index 5920c99..ff2e4a5 100644
251 };
252
253 static void
254 +diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c
255 +index 5895f19..fa9fdfa 100644
256 +--- a/drivers/net/wan/x25_asy.c
257 ++++ b/drivers/net/wan/x25_asy.c
258 +@@ -122,8 +122,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu)
259 + {
260 + struct x25_asy *sl = netdev_priv(dev);
261 + unsigned char *xbuff, *rbuff;
262 +- int len = 2 * newmtu;
263 ++ int len;
264 +
265 ++ if (newmtu > 65534)
266 ++ return -EINVAL;
267 ++
268 ++ len = 2 * newmtu;
269 + xbuff = kmalloc(len + 4, GFP_ATOMIC);
270 + rbuff = kmalloc(len + 4, GFP_ATOMIC);
271 +
272 diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c
273 index feacc3b..5bac0de 100644
274 --- a/drivers/net/wan/z85230.c
275 @@ -51951,7 +51971,7 @@ index 9cd706d..6ff2de7 100644
276
277 if (cfg->uart_flags & UPF_CONS_FLOW) {
278 diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
279 -index ece2049..fba2524 100644
280 +index ece2049b..fba2524 100644
281 --- a/drivers/tty/serial/serial_core.c
282 +++ b/drivers/tty/serial/serial_core.c
283 @@ -1448,7 +1448,7 @@ static void uart_hangup(struct tty_struct *tty)
284 @@ -60208,7 +60228,7 @@ index e6574d7..c30cbe2 100644
285 brelse(bh);
286 bh = NULL;
287 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
288 -index 08ddfda..a48f3f6 100644
289 +index 502f0fd..bf3b3c1 100644
290 --- a/fs/ext4/mballoc.c
291 +++ b/fs/ext4/mballoc.c
292 @@ -1880,7 +1880,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
293 @@ -60338,7 +60358,7 @@ index 04434ad..6404663 100644
294 "MMP failure info: last update time: %llu, last update "
295 "node: %s, last update device: %s\n",
296 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
297 -index 710fed2..a82e4e8 100644
298 +index 25b327e..56f169d 100644
299 --- a/fs/ext4/super.c
300 +++ b/fs/ext4/super.c
301 @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data)
302 @@ -60350,7 +60370,7 @@ index 710fed2..a82e4e8 100644
303 "Contact linux-ext4@×××××××××××.org if you think we should keep it.\n";
304
305 #ifdef CONFIG_QUOTA
306 -@@ -2450,7 +2450,7 @@ struct ext4_attr {
307 +@@ -2448,7 +2448,7 @@ struct ext4_attr {
308 int offset;
309 int deprecated_val;
310 } u;
311 @@ -62357,7 +62377,7 @@ index b29e42f..5ea7fdf 100644
312 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
313
314 diff --git a/fs/namei.c b/fs/namei.c
315 -index 8274c8d..922e189 100644
316 +index 8274c8d..e242796 100644
317 --- a/fs/namei.c
318 +++ b/fs/namei.c
319 @@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask)
320 @@ -62493,7 +62513,19 @@ index 8274c8d..922e189 100644
321 return retval;
322 }
323
324 -@@ -2557,6 +2590,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
325 +@@ -2247,9 +2280,10 @@ done:
326 + goto out;
327 + }
328 + path->dentry = dentry;
329 +- path->mnt = mntget(nd->path.mnt);
330 ++ path->mnt = nd->path.mnt;
331 + if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
332 + return 1;
333 ++ mntget(path->mnt);
334 + follow_mount(path);
335 + error = 0;
336 + out:
337 +@@ -2557,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
338 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
339 return -EPERM;
340
341 @@ -62507,7 +62539,7 @@ index 8274c8d..922e189 100644
342 return 0;
343 }
344
345 -@@ -2788,7 +2828,7 @@ looked_up:
346 +@@ -2788,7 +2829,7 @@ looked_up:
347 * cleared otherwise prior to returning.
348 */
349 static int lookup_open(struct nameidata *nd, struct path *path,
350 @@ -62516,7 +62548,7 @@ index 8274c8d..922e189 100644
351 const struct open_flags *op,
352 bool got_write, int *opened)
353 {
354 -@@ -2823,6 +2863,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
355 +@@ -2823,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
356 /* Negative dentry, just create the file */
357 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
358 umode_t mode = op->mode;
359 @@ -62534,7 +62566,7 @@ index 8274c8d..922e189 100644
360 if (!IS_POSIXACL(dir->d_inode))
361 mode &= ~current_umask();
362 /*
363 -@@ -2844,6 +2895,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
364 +@@ -2844,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
365 nd->flags & LOOKUP_EXCL);
366 if (error)
367 goto out_dput;
368 @@ -62543,7 +62575,7 @@ index 8274c8d..922e189 100644
369 }
370 out_no_open:
371 path->dentry = dentry;
372 -@@ -2858,7 +2911,7 @@ out_dput:
373 +@@ -2858,7 +2912,7 @@ out_dput:
374 /*
375 * Handle the last step of open()
376 */
377 @@ -62552,7 +62584,7 @@ index 8274c8d..922e189 100644
378 struct file *file, const struct open_flags *op,
379 int *opened, struct filename *name)
380 {
381 -@@ -2908,6 +2961,15 @@ static int do_last(struct nameidata *nd, struct path *path,
382 +@@ -2908,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path,
383 if (error)
384 return error;
385
386 @@ -62568,7 +62600,7 @@ index 8274c8d..922e189 100644
387 audit_inode(name, dir, LOOKUP_PARENT);
388 error = -EISDIR;
389 /* trailing slashes? */
390 -@@ -2927,7 +2989,7 @@ retry_lookup:
391 +@@ -2927,7 +2990,7 @@ retry_lookup:
392 */
393 }
394 mutex_lock(&dir->d_inode->i_mutex);
395 @@ -62577,7 +62609,7 @@ index 8274c8d..922e189 100644
396 mutex_unlock(&dir->d_inode->i_mutex);
397
398 if (error <= 0) {
399 -@@ -2951,11 +3013,28 @@ retry_lookup:
400 +@@ -2951,11 +3014,28 @@ retry_lookup:
401 goto finish_open_created;
402 }
403
404 @@ -62607,7 +62639,7 @@ index 8274c8d..922e189 100644
405
406 /*
407 * If atomic_open() acquired write access it is dropped now due to
408 -@@ -2996,6 +3075,11 @@ finish_lookup:
409 +@@ -2996,6 +3076,11 @@ finish_lookup:
410 }
411 }
412 BUG_ON(inode != path->dentry->d_inode);
413 @@ -62619,7 +62651,7 @@ index 8274c8d..922e189 100644
414 return 1;
415 }
416
417 -@@ -3005,7 +3089,6 @@ finish_lookup:
418 +@@ -3005,7 +3090,6 @@ finish_lookup:
419 save_parent.dentry = nd->path.dentry;
420 save_parent.mnt = mntget(path->mnt);
421 nd->path.dentry = path->dentry;
422 @@ -62627,7 +62659,7 @@ index 8274c8d..922e189 100644
423 }
424 nd->inode = inode;
425 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
426 -@@ -3015,7 +3098,18 @@ finish_open:
427 +@@ -3015,7 +3099,18 @@ finish_open:
428 path_put(&save_parent);
429 return error;
430 }
431 @@ -62646,7 +62678,7 @@ index 8274c8d..922e189 100644
432 error = -EISDIR;
433 if ((open_flag & O_CREAT) &&
434 (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
435 -@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
436 +@@ -3179,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
437 if (unlikely(error))
438 goto out;
439
440 @@ -62655,7 +62687,7 @@ index 8274c8d..922e189 100644
441 while (unlikely(error > 0)) { /* trailing symlink */
442 struct path link = path;
443 void *cookie;
444 -@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
445 +@@ -3197,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
446 error = follow_link(&link, nd, &cookie);
447 if (unlikely(error))
448 break;
449 @@ -62664,7 +62696,7 @@ index 8274c8d..922e189 100644
450 put_link(nd, &link, cookie);
451 }
452 out:
453 -@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
454 +@@ -3297,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
455 goto unlock;
456
457 error = -EEXIST;
458 @@ -62678,7 +62710,7 @@ index 8274c8d..922e189 100644
459 /*
460 * Special case - lookup gave negative, but... we had foo/bar/
461 * From the vfs_mknod() POV we just have a negative dentry -
462 -@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
463 +@@ -3351,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
464 }
465 EXPORT_SYMBOL(user_path_create);
466
467 @@ -62699,7 +62731,7 @@ index 8274c8d..922e189 100644
468 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
469 {
470 int error = may_create(dir, dentry);
471 -@@ -3413,6 +3523,17 @@ retry:
472 +@@ -3413,6 +3524,17 @@ retry:
473
474 if (!IS_POSIXACL(path.dentry->d_inode))
475 mode &= ~current_umask();
476 @@ -62717,7 +62749,7 @@ index 8274c8d..922e189 100644
477 error = security_path_mknod(&path, dentry, mode, dev);
478 if (error)
479 goto out;
480 -@@ -3429,6 +3550,8 @@ retry:
481 +@@ -3429,6 +3551,8 @@ retry:
482 break;
483 }
484 out:
485 @@ -62726,7 +62758,7 @@ index 8274c8d..922e189 100644
486 done_path_create(&path, dentry);
487 if (retry_estale(error, lookup_flags)) {
488 lookup_flags |= LOOKUP_REVAL;
489 -@@ -3481,9 +3604,16 @@ retry:
490 +@@ -3481,9 +3605,16 @@ retry:
491
492 if (!IS_POSIXACL(path.dentry->d_inode))
493 mode &= ~current_umask();
494 @@ -62743,7 +62775,7 @@ index 8274c8d..922e189 100644
495 done_path_create(&path, dentry);
496 if (retry_estale(error, lookup_flags)) {
497 lookup_flags |= LOOKUP_REVAL;
498 -@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
499 +@@ -3564,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
500 struct filename *name;
501 struct dentry *dentry;
502 struct nameidata nd;
503 @@ -62752,7 +62784,7 @@ index 8274c8d..922e189 100644
504 unsigned int lookup_flags = 0;
505 retry:
506 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
507 -@@ -3596,10 +3728,21 @@ retry:
508 +@@ -3596,10 +3729,21 @@ retry:
509 error = -ENOENT;
510 goto exit3;
511 }
512 @@ -62774,7 +62806,7 @@ index 8274c8d..922e189 100644
513 exit3:
514 dput(dentry);
515 exit2:
516 -@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
517 +@@ -3689,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
518 struct nameidata nd;
519 struct inode *inode = NULL;
520 struct inode *delegated_inode = NULL;
521 @@ -62783,7 +62815,7 @@ index 8274c8d..922e189 100644
522 unsigned int lookup_flags = 0;
523 retry:
524 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
525 -@@ -3715,10 +3860,22 @@ retry_deleg:
526 +@@ -3715,10 +3861,22 @@ retry_deleg:
527 if (d_is_negative(dentry))
528 goto slashes;
529 ihold(inode);
530 @@ -62806,7 +62838,7 @@ index 8274c8d..922e189 100644
531 exit2:
532 dput(dentry);
533 }
534 -@@ -3806,9 +3963,17 @@ retry:
535 +@@ -3806,9 +3964,17 @@ retry:
536 if (IS_ERR(dentry))
537 goto out_putname;
538
539 @@ -62824,7 +62856,7 @@ index 8274c8d..922e189 100644
540 done_path_create(&path, dentry);
541 if (retry_estale(error, lookup_flags)) {
542 lookup_flags |= LOOKUP_REVAL;
543 -@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
544 +@@ -3911,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
545 struct dentry *new_dentry;
546 struct path old_path, new_path;
547 struct inode *delegated_inode = NULL;
548 @@ -62832,7 +62864,7 @@ index 8274c8d..922e189 100644
549 int how = 0;
550 int error;
551
552 -@@ -3934,7 +4100,7 @@ retry:
553 +@@ -3934,7 +4101,7 @@ retry:
554 if (error)
555 return error;
556
557 @@ -62841,7 +62873,7 @@ index 8274c8d..922e189 100644
558 (how & LOOKUP_REVAL));
559 error = PTR_ERR(new_dentry);
560 if (IS_ERR(new_dentry))
561 -@@ -3946,11 +4112,28 @@ retry:
562 +@@ -3946,11 +4113,28 @@ retry:
563 error = may_linkat(&old_path);
564 if (unlikely(error))
565 goto out_dput;
566 @@ -62870,7 +62902,7 @@ index 8274c8d..922e189 100644
567 done_path_create(&new_path, new_dentry);
568 if (delegated_inode) {
569 error = break_deleg_wait(&delegated_inode);
570 -@@ -4237,6 +4420,12 @@ retry_deleg:
571 +@@ -4237,6 +4421,12 @@ retry_deleg:
572 if (new_dentry == trap)
573 goto exit5;
574
575 @@ -62883,7 +62915,7 @@ index 8274c8d..922e189 100644
576 error = security_path_rename(&oldnd.path, old_dentry,
577 &newnd.path, new_dentry);
578 if (error)
579 -@@ -4244,6 +4433,9 @@ retry_deleg:
580 +@@ -4244,6 +4434,9 @@ retry_deleg:
581 error = vfs_rename(old_dir->d_inode, old_dentry,
582 new_dir->d_inode, new_dentry,
583 &delegated_inode);
584 @@ -62893,7 +62925,7 @@ index 8274c8d..922e189 100644
585 exit5:
586 dput(new_dentry);
587 exit4:
588 -@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
589 +@@ -4280,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
590
591 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
592 {
593 @@ -62902,7 +62934,7 @@ index 8274c8d..922e189 100644
594 int len;
595
596 len = PTR_ERR(link);
597 -@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
598 +@@ -4289,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
599 len = strlen(link);
600 if (len > (unsigned) buflen)
601 len = buflen;
602 @@ -91687,7 +91719,7 @@ index 868633e..921dc41 100644
603
604 ftrace_graph_active++;
605 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
606 -index fc4da2d..f3e800b 100644
607 +index 04202d9..e3e4242 100644
608 --- a/kernel/trace/ring_buffer.c
609 +++ b/kernel/trace/ring_buffer.c
610 @@ -352,9 +352,9 @@ struct buffer_data_page {
611 @@ -91713,7 +91745,7 @@ index fc4da2d..f3e800b 100644
612 local_t dropped_events;
613 local_t committing;
614 local_t commits;
615 -@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
616 +@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
617 *
618 * We add a counter to the write field to denote this.
619 */
620 @@ -91724,7 +91756,7 @@ index fc4da2d..f3e800b 100644
621
622 /*
623 * Just make sure we have seen our old_write and synchronize
624 -@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
625 +@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
626 * cmpxchg to only update if an interrupt did not already
627 * do it for us. If the cmpxchg fails, we don't care.
628 */
629 @@ -91735,7 +91767,7 @@ index fc4da2d..f3e800b 100644
630
631 /*
632 * No need to worry about races with clearing out the commit.
633 -@@ -1386,12 +1386,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
634 +@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
635
636 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
637 {
638 @@ -91750,7 +91782,7 @@ index fc4da2d..f3e800b 100644
639 }
640
641 static int
642 -@@ -1486,7 +1486,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
643 +@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
644 * bytes consumed in ring buffer from here.
645 * Increment overrun to account for the lost events.
646 */
647 @@ -91759,7 +91791,7 @@ index fc4da2d..f3e800b 100644
648 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
649 }
650
651 -@@ -2064,7 +2064,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
652 +@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
653 * it is our responsibility to update
654 * the counters.
655 */
656 @@ -91768,7 +91800,7 @@ index fc4da2d..f3e800b 100644
657 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
658
659 /*
660 -@@ -2214,7 +2214,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
661 +@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
662 if (tail == BUF_PAGE_SIZE)
663 tail_page->real_end = 0;
664
665 @@ -91777,7 +91809,7 @@ index fc4da2d..f3e800b 100644
666 return;
667 }
668
669 -@@ -2249,7 +2249,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
670 +@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
671 rb_event_set_padding(event);
672
673 /* Set the write back to the previous setting */
674 @@ -91786,7 +91818,7 @@ index fc4da2d..f3e800b 100644
675 return;
676 }
677
678 -@@ -2261,7 +2261,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
679 +@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
680
681 /* Set write to end of buffer */
682 length = (tail + length) - BUF_PAGE_SIZE;
683 @@ -91795,7 +91827,7 @@ index fc4da2d..f3e800b 100644
684 }
685
686 /*
687 -@@ -2287,7 +2287,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
688 +@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
689 * about it.
690 */
691 if (unlikely(next_page == commit_page)) {
692 @@ -91804,7 +91836,7 @@ index fc4da2d..f3e800b 100644
693 goto out_reset;
694 }
695
696 -@@ -2343,7 +2343,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
697 +@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
698 cpu_buffer->tail_page) &&
699 (cpu_buffer->commit_page ==
700 cpu_buffer->reader_page))) {
701 @@ -91813,7 +91845,7 @@ index fc4da2d..f3e800b 100644
702 goto out_reset;
703 }
704 }
705 -@@ -2391,7 +2391,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
706 +@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
707 length += RB_LEN_TIME_EXTEND;
708
709 tail_page = cpu_buffer->tail_page;
710 @@ -91822,7 +91854,7 @@ index fc4da2d..f3e800b 100644
711
712 /* set write to only the index of the write */
713 write &= RB_WRITE_MASK;
714 -@@ -2415,7 +2415,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
715 +@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
716 kmemcheck_annotate_bitfield(event, bitfield);
717 rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
718
719 @@ -91831,7 +91863,7 @@ index fc4da2d..f3e800b 100644
720
721 /*
722 * If this is the first commit on the page, then update
723 -@@ -2448,7 +2448,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
724 +@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
725
726 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
727 unsigned long write_mask =
728 @@ -91840,7 +91872,7 @@ index fc4da2d..f3e800b 100644
729 unsigned long event_length = rb_event_length(event);
730 /*
731 * This is on the tail page. It is possible that
732 -@@ -2458,7 +2458,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
733 +@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
734 */
735 old_index += write_mask;
736 new_index += write_mask;
737 @@ -91849,7 +91881,7 @@ index fc4da2d..f3e800b 100644
738 if (index == old_index) {
739 /* update counters */
740 local_sub(event_length, &cpu_buffer->entries_bytes);
741 -@@ -2850,7 +2850,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
742 +@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
743
744 /* Do the likely case first */
745 if (likely(bpage->page == (void *)addr)) {
746 @@ -91858,7 +91890,7 @@ index fc4da2d..f3e800b 100644
747 return;
748 }
749
750 -@@ -2862,7 +2862,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
751 +@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
752 start = bpage;
753 do {
754 if (bpage->page == (void *)addr) {
755 @@ -91867,7 +91899,7 @@ index fc4da2d..f3e800b 100644
756 return;
757 }
758 rb_inc_page(cpu_buffer, &bpage);
759 -@@ -3146,7 +3146,7 @@ static inline unsigned long
760 +@@ -3149,7 +3149,7 @@ static inline unsigned long
761 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
762 {
763 return local_read(&cpu_buffer->entries) -
764 @@ -91876,7 +91908,7 @@ index fc4da2d..f3e800b 100644
765 }
766
767 /**
768 -@@ -3235,7 +3235,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
769 +@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
770 return 0;
771
772 cpu_buffer = buffer->buffers[cpu];
773 @@ -91885,7 +91917,7 @@ index fc4da2d..f3e800b 100644
774
775 return ret;
776 }
777 -@@ -3258,7 +3258,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
778 +@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
779 return 0;
780
781 cpu_buffer = buffer->buffers[cpu];
782 @@ -91894,7 +91926,7 @@ index fc4da2d..f3e800b 100644
783
784 return ret;
785 }
786 -@@ -3343,7 +3343,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
787 +@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
788 /* if you care about this being correct, lock the buffer */
789 for_each_buffer_cpu(buffer, cpu) {
790 cpu_buffer = buffer->buffers[cpu];
791 @@ -91903,7 +91935,7 @@ index fc4da2d..f3e800b 100644
792 }
793
794 return overruns;
795 -@@ -3519,8 +3519,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
796 +@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
797 /*
798 * Reset the reader page to size zero.
799 */
800 @@ -91914,7 +91946,7 @@ index fc4da2d..f3e800b 100644
801 local_set(&cpu_buffer->reader_page->page->commit, 0);
802 cpu_buffer->reader_page->real_end = 0;
803
804 -@@ -3554,7 +3554,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
805 +@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
806 * want to compare with the last_overrun.
807 */
808 smp_mb();
809 @@ -91923,7 +91955,7 @@ index fc4da2d..f3e800b 100644
810
811 /*
812 * Here's the tricky part.
813 -@@ -4124,8 +4124,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
814 +@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
815
816 cpu_buffer->head_page
817 = list_entry(cpu_buffer->pages, struct buffer_page, list);
818 @@ -91934,7 +91966,7 @@ index fc4da2d..f3e800b 100644
819 local_set(&cpu_buffer->head_page->page->commit, 0);
820
821 cpu_buffer->head_page->read = 0;
822 -@@ -4135,14 +4135,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
823 +@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
824
825 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
826 INIT_LIST_HEAD(&cpu_buffer->new_pages);
827 @@ -91953,7 +91985,7 @@ index fc4da2d..f3e800b 100644
828 local_set(&cpu_buffer->dropped_events, 0);
829 local_set(&cpu_buffer->entries, 0);
830 local_set(&cpu_buffer->committing, 0);
831 -@@ -4547,8 +4547,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
832 +@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
833 rb_init_page(bpage);
834 bpage = reader->page;
835 reader->page = *data_page;
836 @@ -91965,7 +91997,7 @@ index fc4da2d..f3e800b 100644
837 *data_page = bpage;
838
839 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
840 -index fd21e60..eb47c25 100644
841 +index 922657f..3d229d9 100644
842 --- a/kernel/trace/trace.c
843 +++ b/kernel/trace/trace.c
844 @@ -3398,7 +3398,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
845 @@ -91978,7 +92010,7 @@ index fd21e60..eb47c25 100644
846 /* do nothing if flag is already set */
847 if (!!(trace_flags & mask) == !!enabled)
848 diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
849 -index 02b592f..f971546 100644
850 +index c8bd809..33d7539 100644
851 --- a/kernel/trace/trace.h
852 +++ b/kernel/trace/trace.h
853 @@ -1233,7 +1233,7 @@ extern const char *__stop___tracepoint_str[];
854 @@ -92171,10 +92203,10 @@ index c9b6f01..37781d9 100644
855 .thread_should_run = watchdog_should_run,
856 .thread_fn = watchdog,
857 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
858 -index b6a3941..b68f191 100644
859 +index b4defde..f092808 100644
860 --- a/kernel/workqueue.c
861 +++ b/kernel/workqueue.c
862 -@@ -4702,7 +4702,7 @@ static void rebind_workers(struct worker_pool *pool)
863 +@@ -4703,7 +4703,7 @@ static void rebind_workers(struct worker_pool *pool)
864 WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
865 worker_flags |= WORKER_REBOUND;
866 worker_flags &= ~WORKER_UNBOUND;
867 @@ -92950,7 +92982,7 @@ index 0000000..7cd6065
868 @@ -0,0 +1 @@
869 +-grsec
870 diff --git a/mm/Kconfig b/mm/Kconfig
871 -index 9b63c15..2ab509e 100644
872 +index 0862816..2e3a043 100644
873 --- a/mm/Kconfig
874 +++ b/mm/Kconfig
875 @@ -329,10 +329,11 @@ config KSM
876 @@ -94220,7 +94252,7 @@ index 2121d8b8..fa1095a 100644
877 mm = get_task_mm(tsk);
878 if (!mm)
879 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
880 -index 9c6288a..b0ea97e 100644
881 +index 15a8ea0..cb50389 100644
882 --- a/mm/mempolicy.c
883 +++ b/mm/mempolicy.c
884 @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
885 @@ -96343,7 +96375,7 @@ index cdbd312..2e1e0b9 100644
886
887 /*
888 diff --git a/mm/shmem.c b/mm/shmem.c
889 -index 1f18c9d..b550bab 100644
890 +index 1f18c9d..6aa94ab 100644
891 --- a/mm/shmem.c
892 +++ b/mm/shmem.c
893 @@ -33,7 +33,7 @@
894 @@ -96371,19 +96403,73 @@ index 1f18c9d..b550bab 100644
895 + * a time): we would prefer not to enlarge the shmem inode just for that.
896 */
897 struct shmem_falloc {
898 -+ int mode; /* FALLOC_FL mode currently operating */
899 ++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
900 pgoff_t start; /* start of range currently being fallocated */
901 pgoff_t next; /* the next page offset to be fallocated */
902 pgoff_t nr_falloced; /* how many new pages have been fallocated */
903 -@@ -824,6 +825,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
904 +@@ -533,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
905 + return;
906 +
907 + index = start;
908 +- for ( ; ; ) {
909 ++ while (index < end) {
910 + cond_resched();
911 + pvec.nr = shmem_find_get_pages_and_swap(mapping, index,
912 + min(end - index, (pgoff_t)PAGEVEC_SIZE),
913 + pvec.pages, indices);
914 + if (!pvec.nr) {
915 +- if (index == start || unfalloc)
916 ++ /* If all gone or hole-punch or unfalloc, we're done */
917 ++ if (index == start || end != -1)
918 + break;
919 ++ /* But if truncating, restart to make sure all gone */
920 + index = start;
921 + continue;
922 + }
923 +- if ((index == start || unfalloc) && indices[0] >= end) {
924 +- shmem_deswap_pagevec(&pvec);
925 +- pagevec_release(&pvec);
926 +- break;
927 +- }
928 + mem_cgroup_uncharge_start();
929 + for (i = 0; i < pagevec_count(&pvec); i++) {
930 + struct page *page = pvec.pages[i];
931 +@@ -560,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
932 + if (radix_tree_exceptional_entry(page)) {
933 + if (unfalloc)
934 + continue;
935 +- nr_swaps_freed += !shmem_free_swap(mapping,
936 +- index, page);
937 ++ if (shmem_free_swap(mapping, index, page)) {
938 ++ /* Swap was replaced by page: retry */
939 ++ index--;
940 ++ break;
941 ++ }
942 ++ nr_swaps_freed++;
943 + continue;
944 + }
945 +
946 +@@ -570,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
947 + if (page->mapping == mapping) {
948 + VM_BUG_ON_PAGE(PageWriteback(page), page);
949 + truncate_inode_page(mapping, page);
950 ++ } else {
951 ++ /* Page was replaced by swap: retry */
952 ++ unlock_page(page);
953 ++ index--;
954 ++ break;
955 + }
956 + }
957 + unlock_page(page);
958 +@@ -824,6 +831,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
959 spin_lock(&inode->i_lock);
960 shmem_falloc = inode->i_private;
961 if (shmem_falloc &&
962 -+ !shmem_falloc->mode &&
963 ++ !shmem_falloc->waitq &&
964 index >= shmem_falloc->start &&
965 index < shmem_falloc->next)
966 shmem_falloc->nr_unswapped++;
967 -@@ -1298,6 +1300,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
968 +@@ -1298,6 +1306,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
969 int error;
970 int ret = VM_FAULT_LOCKED;
971
972 @@ -96391,71 +96477,98 @@ index 1f18c9d..b550bab 100644
973 + * Trinity finds that probing a hole which tmpfs is punching can
974 + * prevent the hole-punch from ever completing: which in turn
975 + * locks writers out with its hold on i_mutex. So refrain from
976 -+ * faulting pages into the hole while it's being punched, and
977 -+ * wait on i_mutex to be released if vmf->flags permits,
978 ++ * faulting pages into the hole while it's being punched. Although
979 ++ * shmem_undo_range() does remove the additions, it may be unable to
980 ++ * keep up, as each new page needs its own unmap_mapping_range() call,
981 ++ * and the i_mmap tree grows ever slower to scan if new vmas are added.
982 ++ *
983 ++ * It does not matter if we sometimes reach this check just before the
984 ++ * hole-punch begins, so that one fault then races with the punch:
985 ++ * we just need to make racing faults a rare case.
986 ++ *
987 ++ * The implementation below would be much simpler if we just used a
988 ++ * standard mutex or completion: but we cannot take i_mutex in fault,
989 ++ * and bloating every shmem inode for this unlikely case would be sad.
990 + */
991 + if (unlikely(inode->i_private)) {
992 + struct shmem_falloc *shmem_falloc;
993 ++
994 + spin_lock(&inode->i_lock);
995 + shmem_falloc = inode->i_private;
996 -+ if (!shmem_falloc ||
997 -+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
998 -+ vmf->pgoff < shmem_falloc->start ||
999 -+ vmf->pgoff >= shmem_falloc->next)
1000 -+ shmem_falloc = NULL;
1001 -+ spin_unlock(&inode->i_lock);
1002 -+ /*
1003 -+ * i_lock has protected us from taking shmem_falloc seriously
1004 -+ * once return from shmem_fallocate() went back up that stack.
1005 -+ * i_lock does not serialize with i_mutex at all, but it does
1006 -+ * not matter if sometimes we wait unnecessarily, or sometimes
1007 -+ * miss out on waiting: we just need to make those cases rare.
1008 -+ */
1009 -+ if (shmem_falloc) {
1010 ++ if (shmem_falloc &&
1011 ++ shmem_falloc->waitq &&
1012 ++ vmf->pgoff >= shmem_falloc->start &&
1013 ++ vmf->pgoff < shmem_falloc->next) {
1014 ++ wait_queue_head_t *shmem_falloc_waitq;
1015 ++ DEFINE_WAIT(shmem_fault_wait);
1016 ++
1017 ++ ret = VM_FAULT_NOPAGE;
1018 + if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
1019 + !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
1020 ++ /* It's polite to up mmap_sem if we can */
1021 + up_read(&vma->vm_mm->mmap_sem);
1022 -+ mutex_lock(&inode->i_mutex);
1023 -+ mutex_unlock(&inode->i_mutex);
1024 -+ return VM_FAULT_RETRY;
1025 ++ ret = VM_FAULT_RETRY;
1026 + }
1027 -+ /* cond_resched? Leave that to GUP or return to user */
1028 -+ return VM_FAULT_NOPAGE;
1029 ++
1030 ++ shmem_falloc_waitq = shmem_falloc->waitq;
1031 ++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
1032 ++ TASK_UNINTERRUPTIBLE);
1033 ++ spin_unlock(&inode->i_lock);
1034 ++ schedule();
1035 ++
1036 ++ /*
1037 ++ * shmem_falloc_waitq points into the shmem_fallocate()
1038 ++ * stack of the hole-punching task: shmem_falloc_waitq
1039 ++ * is usually invalid by the time we reach here, but
1040 ++ * finish_wait() does not dereference it in that case;
1041 ++ * though i_lock needed lest racing with wake_up_all().
1042 ++ */
1043 ++ spin_lock(&inode->i_lock);
1044 ++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
1045 ++ spin_unlock(&inode->i_lock);
1046 ++ return ret;
1047 + }
1048 ++ spin_unlock(&inode->i_lock);
1049 + }
1050 +
1051 error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
1052 if (error)
1053 return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
1054 -@@ -1813,18 +1852,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
1055 -
1056 - mutex_lock(&inode->i_mutex);
1057 -
1058 -+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
1059 -+
1060 - if (mode & FALLOC_FL_PUNCH_HOLE) {
1061 +@@ -1817,12 +1883,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
1062 struct address_space *mapping = file->f_mapping;
1063 loff_t unmap_start = round_up(offset, PAGE_SIZE);
1064 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
1065 -
1066 ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
1067 ++
1068 ++ shmem_falloc.waitq = &shmem_falloc_waitq;
1069 + shmem_falloc.start = unmap_start >> PAGE_SHIFT;
1070 + shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
1071 + spin_lock(&inode->i_lock);
1072 + inode->i_private = &shmem_falloc;
1073 + spin_unlock(&inode->i_lock);
1074 -+
1075 +
1076 if ((u64)unmap_end > (u64)unmap_start)
1077 unmap_mapping_range(mapping, unmap_start,
1078 1 + unmap_end - unmap_start, 0);
1079 shmem_truncate_range(inode, offset, offset + len - 1);
1080 /* No need to unmap again: hole-punching leaves COWed pages */
1081 ++
1082 ++ spin_lock(&inode->i_lock);
1083 ++ inode->i_private = NULL;
1084 ++ wake_up_all(&shmem_falloc_waitq);
1085 ++ spin_unlock(&inode->i_lock);
1086 error = 0;
1087 -- goto out;
1088 -+ goto undone;
1089 + goto out;
1090 + }
1091 +@@ -1840,6 +1919,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
1092 + goto out;
1093 }
1094
1095 - /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
1096 -@@ -2218,6 +2265,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
1097 ++ shmem_falloc.waitq = NULL;
1098 + shmem_falloc.start = start;
1099 + shmem_falloc.next = start;
1100 + shmem_falloc.nr_falloced = 0;
1101 +@@ -2218,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
1102 static int shmem_xattr_validate(const char *name)
1103 {
1104 struct { const char *prefix; size_t len; } arr[] = {
1105 @@ -96467,7 +96580,7 @@ index 1f18c9d..b550bab 100644
1106 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
1107 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
1108 };
1109 -@@ -2273,6 +2325,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
1110 +@@ -2273,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
1111 if (err)
1112 return err;
1113
1114 @@ -96483,7 +96596,7 @@ index 1f18c9d..b550bab 100644
1115 return simple_xattr_set(&info->xattrs, name, value, size, flags);
1116 }
1117
1118 -@@ -2585,8 +2646,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1119 +@@ -2585,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1120 int err = -ENOMEM;
1121
1122 /* Round up to L1_CACHE_BYTES to resist false sharing */
1123 @@ -99666,6 +99779,21 @@ index 5325b54..a0d4d69 100644
1124 return -EFAULT;
1125
1126 *lenp = len;
1127 +diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
1128 +index e7b6d53..f005cc7 100644
1129 +--- a/net/dns_resolver/dns_query.c
1130 ++++ b/net/dns_resolver/dns_query.c
1131 +@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
1132 + if (!*_result)
1133 + goto put;
1134 +
1135 +- memcpy(*_result, upayload->data, len + 1);
1136 ++ memcpy(*_result, upayload->data, len);
1137 ++ (*_result)[len] = '\0';
1138 ++
1139 + if (_expiry)
1140 + *_expiry = rkey->expiry;
1141 +
1142 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
1143 index 19ab78a..bf575c9 100644
1144 --- a/net/ipv4/af_inet.c
1145 @@ -103158,6 +103286,18 @@ index f226709..0e735a8 100644
1146 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
1147
1148 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
1149 +diff --git a/net/sctp/associola.c b/net/sctp/associola.c
1150 +index a4d5701..5d97d8f 100644
1151 +--- a/net/sctp/associola.c
1152 ++++ b/net/sctp/associola.c
1153 +@@ -1151,6 +1151,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
1154 + asoc->c = new->c;
1155 + asoc->peer.rwnd = new->peer.rwnd;
1156 + asoc->peer.sack_needed = new->peer.sack_needed;
1157 ++ asoc->peer.auth_capable = new->peer.auth_capable;
1158 + asoc->peer.i = new->peer.i;
1159 + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
1160 + asoc->peer.i.initial_tsn, GFP_ATOMIC);
1161 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
1162 index 2b1738e..a9d0fc9 100644
1163 --- a/net/sctp/ipv6.c
1164 @@ -103388,6 +103528,26 @@ index c82fdc1..4ca1f95 100644
1165 return 0;
1166 }
1167
1168 +diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
1169 +index 85c6465..879f3cd 100644
1170 +--- a/net/sctp/ulpevent.c
1171 ++++ b/net/sctp/ulpevent.c
1172 +@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
1173 + * sre_type:
1174 + * It should be SCTP_REMOTE_ERROR.
1175 + */
1176 ++ memset(sre, 0, sizeof(*sre));
1177 + sre->sre_type = SCTP_REMOTE_ERROR;
1178 +
1179 + /*
1180 +@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
1181 + * For recvmsg() the SCTP stack places the message's stream number in
1182 + * this value.
1183 + */
1184 ++ memset(&sinfo, 0, sizeof(sinfo));
1185 + sinfo.sinfo_stream = event->stream;
1186 + /* sinfo_ssn: 16 bits (unsigned integer)
1187 + *
1188 diff --git a/net/socket.c b/net/socket.c
1189 index a19ae19..89554dc 100644
1190 --- a/net/socket.c
1191
1192 diff --git a/3.14.12/4425_grsec_remove_EI_PAX.patch b/3.14.13/4425_grsec_remove_EI_PAX.patch
1193 similarity index 100%
1194 rename from 3.14.12/4425_grsec_remove_EI_PAX.patch
1195 rename to 3.14.13/4425_grsec_remove_EI_PAX.patch
1196
1197 diff --git a/3.14.12/4427_force_XATTR_PAX_tmpfs.patch b/3.14.13/4427_force_XATTR_PAX_tmpfs.patch
1198 similarity index 100%
1199 rename from 3.14.12/4427_force_XATTR_PAX_tmpfs.patch
1200 rename to 3.14.13/4427_force_XATTR_PAX_tmpfs.patch
1201
1202 diff --git a/3.14.12/4430_grsec-remove-localversion-grsec.patch b/3.14.13/4430_grsec-remove-localversion-grsec.patch
1203 similarity index 100%
1204 rename from 3.14.12/4430_grsec-remove-localversion-grsec.patch
1205 rename to 3.14.13/4430_grsec-remove-localversion-grsec.patch
1206
1207 diff --git a/3.14.12/4435_grsec-mute-warnings.patch b/3.14.13/4435_grsec-mute-warnings.patch
1208 similarity index 100%
1209 rename from 3.14.12/4435_grsec-mute-warnings.patch
1210 rename to 3.14.13/4435_grsec-mute-warnings.patch
1211
1212 diff --git a/3.14.12/4440_grsec-remove-protected-paths.patch b/3.14.13/4440_grsec-remove-protected-paths.patch
1213 similarity index 100%
1214 rename from 3.14.12/4440_grsec-remove-protected-paths.patch
1215 rename to 3.14.13/4440_grsec-remove-protected-paths.patch
1216
1217 diff --git a/3.14.12/4450_grsec-kconfig-default-gids.patch b/3.14.13/4450_grsec-kconfig-default-gids.patch
1218 similarity index 100%
1219 rename from 3.14.12/4450_grsec-kconfig-default-gids.patch
1220 rename to 3.14.13/4450_grsec-kconfig-default-gids.patch
1221
1222 diff --git a/3.14.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.13/4465_selinux-avc_audit-log-curr_ip.patch
1223 similarity index 100%
1224 rename from 3.14.12/4465_selinux-avc_audit-log-curr_ip.patch
1225 rename to 3.14.13/4465_selinux-avc_audit-log-curr_ip.patch
1226
1227 diff --git a/3.14.12/4470_disable-compat_vdso.patch b/3.14.13/4470_disable-compat_vdso.patch
1228 similarity index 100%
1229 rename from 3.14.12/4470_disable-compat_vdso.patch
1230 rename to 3.14.13/4470_disable-compat_vdso.patch
1231
1232 diff --git a/3.14.12/4475_emutramp_default_on.patch b/3.14.13/4475_emutramp_default_on.patch
1233 similarity index 100%
1234 rename from 3.14.12/4475_emutramp_default_on.patch
1235 rename to 3.14.13/4475_emutramp_default_on.patch
1236
1237 diff --git a/3.15.5/0000_README b/3.15.6/0000_README
1238 similarity index 96%
1239 rename from 3.15.5/0000_README
1240 rename to 3.15.6/0000_README
1241 index 6000532..3a519cd 100644
1242 --- a/3.15.5/0000_README
1243 +++ b/3.15.6/0000_README
1244 @@ -2,7 +2,7 @@ README
1245 -----------------------------------------------------------------------------
1246 Individual Patch Descriptions:
1247 -----------------------------------------------------------------------------
1248 -Patch: 4420_grsecurity-3.0-3.15.5-201407170639.patch
1249 +Patch: 4420_grsecurity-3.0-3.15.6-201407232200.patch
1250 From: http://www.grsecurity.net
1251 Desc: hardened-sources base patch from upstream grsecurity
1252
1253
1254 diff --git a/3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch b/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch
1255 similarity index 99%
1256 rename from 3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch
1257 rename to 3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch
1258 index 7a5e81c..f992e88 100644
1259 --- a/3.15.5/4420_grsecurity-3.0-3.15.5-201407170639.patch
1260 +++ b/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch
1261 @@ -287,13 +287,14 @@ index 30a8ad0d..2ed9efd 100644
1262
1263 pcd. [PARIDE]
1264 diff --git a/Makefile b/Makefile
1265 -index e6b01ed..74dbc85 100644
1266 +index fefa023..06f4bb4 100644
1267 --- a/Makefile
1268 +++ b/Makefile
1269 -@@ -246,7 +246,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1270 +@@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1271 +
1272 HOSTCC = gcc
1273 HOSTCXX = g++
1274 - HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
1275 +-HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer
1276 -HOSTCXXFLAGS = -O2
1277 +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
1278 +HOSTCFLAGS += $(call cc-option, -Wno-empty-body)
1279 @@ -301,7 +302,7 @@ index e6b01ed..74dbc85 100644
1280
1281 ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
1282 HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
1283 -@@ -438,8 +440,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \
1284 +@@ -438,8 +439,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \
1285 # Rules shared between *config targets and build targets
1286
1287 # Basic helpers built in scripts/
1288 @@ -312,7 +313,7 @@ index e6b01ed..74dbc85 100644
1289 $(Q)$(MAKE) $(build)=scripts/basic
1290 $(Q)rm -f .tmp_quiet_recordmcount
1291
1292 -@@ -600,6 +602,72 @@ else
1293 +@@ -600,6 +601,72 @@ else
1294 KBUILD_CFLAGS += -O2
1295 endif
1296
1297 @@ -385,7 +386,7 @@ index e6b01ed..74dbc85 100644
1298 include $(srctree)/arch/$(SRCARCH)/Makefile
1299
1300 ifdef CONFIG_READABLE_ASM
1301 -@@ -816,7 +884,7 @@ export mod_sign_cmd
1302 +@@ -816,7 +883,7 @@ export mod_sign_cmd
1303
1304
1305 ifeq ($(KBUILD_EXTMOD),)
1306 @@ -394,7 +395,7 @@ index e6b01ed..74dbc85 100644
1307
1308 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
1309 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
1310 -@@ -865,6 +933,8 @@ endif
1311 +@@ -865,6 +932,8 @@ endif
1312
1313 # The actual objects are generated when descending,
1314 # make sure no implicit rule kicks in
1315 @@ -403,7 +404,7 @@ index e6b01ed..74dbc85 100644
1316 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1317
1318 # Handle descending into subdirectories listed in $(vmlinux-dirs)
1319 -@@ -874,7 +944,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1320 +@@ -874,7 +943,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1321 # Error messages still appears in the original language
1322
1323 PHONY += $(vmlinux-dirs)
1324 @@ -412,7 +413,7 @@ index e6b01ed..74dbc85 100644
1325 $(Q)$(MAKE) $(build)=$@
1326
1327 define filechk_kernel.release
1328 -@@ -917,10 +987,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
1329 +@@ -917,10 +986,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
1330
1331 archprepare: archheaders archscripts prepare1 scripts_basic
1332
1333 @@ -426,7 +427,7 @@ index e6b01ed..74dbc85 100644
1334 prepare: prepare0
1335
1336 # Generate some files
1337 -@@ -1028,6 +1101,8 @@ all: modules
1338 +@@ -1028,6 +1100,8 @@ all: modules
1339 # using awk while concatenating to the final file.
1340
1341 PHONY += modules
1342 @@ -435,7 +436,7 @@ index e6b01ed..74dbc85 100644
1343 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
1344 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
1345 @$(kecho) ' Building modules, stage 2.';
1346 -@@ -1043,7 +1118,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1347 +@@ -1043,7 +1117,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1348
1349 # Target to prepare building external modules
1350 PHONY += modules_prepare
1351 @@ -444,7 +445,7 @@ index e6b01ed..74dbc85 100644
1352
1353 # Target to install modules
1354 PHONY += modules_install
1355 -@@ -1109,7 +1184,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
1356 +@@ -1109,7 +1183,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
1357 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
1358 signing_key.priv signing_key.x509 x509.genkey \
1359 extra_certificates signing_key.x509.keyid \
1360 @@ -456,7 +457,7 @@ index e6b01ed..74dbc85 100644
1361
1362 # clean - Delete most, but leave enough to build external modules
1363 #
1364 -@@ -1148,7 +1226,7 @@ distclean: mrproper
1365 +@@ -1148,7 +1225,7 @@ distclean: mrproper
1366 @find $(srctree) $(RCS_FIND_IGNORE) \
1367 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
1368 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
1369 @@ -465,7 +466,7 @@ index e6b01ed..74dbc85 100644
1370 -type f -print | xargs rm -f
1371
1372
1373 -@@ -1309,6 +1387,8 @@ PHONY += $(module-dirs) modules
1374 +@@ -1309,6 +1386,8 @@ PHONY += $(module-dirs) modules
1375 $(module-dirs): crmodverdir $(objtree)/Module.symvers
1376 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
1377
1378 @@ -474,7 +475,7 @@ index e6b01ed..74dbc85 100644
1379 modules: $(module-dirs)
1380 @$(kecho) ' Building modules, stage 2.';
1381 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
1382 -@@ -1448,17 +1528,21 @@ else
1383 +@@ -1448,17 +1527,21 @@ else
1384 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
1385 endif
1386
1387 @@ -500,7 +501,7 @@ index e6b01ed..74dbc85 100644
1388 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1389 %.symtypes: %.c prepare scripts FORCE
1390 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1391 -@@ -1468,11 +1552,15 @@ endif
1392 +@@ -1468,11 +1551,15 @@ endif
1393 $(cmd_crmodverdir)
1394 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
1395 $(build)=$(build-dir)
1396 @@ -2429,7 +2430,7 @@ index f7b450f..f5364c5 100644
1397 EXPORT_SYMBOL(__get_user_1);
1398 EXPORT_SYMBOL(__get_user_2);
1399 diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
1400 -index 1879e8d..b2207fc 100644
1401 +index 1879e8d..5602dd4 100644
1402 --- a/arch/arm/kernel/entry-armv.S
1403 +++ b/arch/arm/kernel/entry-armv.S
1404 @@ -47,6 +47,87 @@
1405 @@ -2448,7 +2449,7 @@ index 1879e8d..b2207fc 100644
1406 + bic r2, r2, #(0x1fc0)
1407 + bic r2, r2, #(0x3f)
1408 + ldr r1, [r2, #TI_CPU_DOMAIN]
1409 -+ @ store old DACR on stack
1410 ++ @ store old DACR on stack
1411 + str r1, [sp, #8]
1412 +#ifdef CONFIG_PAX_KERNEXEC
1413 + @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT
1414 @@ -7990,7 +7991,7 @@ index 3ca9c11..d163ef7 100644
1415 /*
1416 * If for any reason at all we couldn't handle the fault, make
1417 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
1418 -index e099899..457d6a8 100644
1419 +index c95c4b8..d831f81 100644
1420 --- a/arch/powerpc/Kconfig
1421 +++ b/arch/powerpc/Kconfig
1422 @@ -397,6 +397,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
1423 @@ -14413,7 +14414,7 @@ index 2206757..85cbcfa 100644
1424
1425 err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
1426 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
1427 -index 4299eb0..c0687a7 100644
1428 +index 4299eb0..fefe70e 100644
1429 --- a/arch/x86/ia32/ia32entry.S
1430 +++ b/arch/x86/ia32/ia32entry.S
1431 @@ -15,8 +15,10 @@
1432 @@ -14564,7 +14565,7 @@ index 4299eb0..c0687a7 100644
1433 /* clear IF, that popfq doesn't enable interrupts early */
1434 - andl $~0x200,EFLAGS-R11(%rsp)
1435 - movl RIP-R11(%rsp),%edx /* User %eip */
1436 -+ andl $~X86_EFLAGS_IF,EFLAGS(%rsp)
1437 ++ andl $~X86_EFLAGS_IF,EFLAGS(%rsp)
1438 + movl RIP(%rsp),%edx /* User %eip */
1439 CFI_REGISTER rip,rdx
1440 RESTORE_ARGS 0,24,0,0,0,0
1441 @@ -18365,7 +18366,7 @@ index a4ea023..33aa874 100644
1442 void df_debug(struct pt_regs *regs, long error_code);
1443 #endif /* _ASM_X86_PROCESSOR_H */
1444 diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
1445 -index 6205f0c..b31a4a4 100644
1446 +index 6205f0c..688a3a9 100644
1447 --- a/arch/x86/include/asm/ptrace.h
1448 +++ b/arch/x86/include/asm/ptrace.h
1449 @@ -84,28 +84,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs)
1450 @@ -18432,7 +18433,7 @@ index 6205f0c..b31a4a4 100644
1451 - return kernel_stack_pointer(regs);
1452 + if (offset == offsetof(struct pt_regs, sp)) {
1453 + unsigned long cs = regs->cs & 0xffff;
1454 -+ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS)
1455 ++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS)
1456 + return kernel_stack_pointer(regs);
1457 + }
1458 #endif
1459 @@ -32880,19 +32881,21 @@ index 7b179b4..6bd17777 100644
1460
1461 return (void *)vaddr;
1462 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
1463 -index 597ac15..49841be 100644
1464 +index bc7527e..5e2c495 100644
1465 --- a/arch/x86/mm/ioremap.c
1466 +++ b/arch/x86/mm/ioremap.c
1467 -@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
1468 - for (pfn = phys_addr >> PAGE_SHIFT; pfn <= last_pfn; pfn++) {
1469 - int is_ram = page_is_ram(pfn);
1470 +@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
1471 + unsigned long i;
1472 +
1473 + for (i = 0; i < nr_pages; ++i)
1474 +- if (pfn_valid(start_pfn + i) &&
1475 +- !PageReserved(pfn_to_page(start_pfn + i)))
1476 ++ if (pfn_valid(start_pfn + i) && (start_pfn + i >= 0x100 ||
1477 ++ !PageReserved(pfn_to_page(start_pfn + i))))
1478 + return 1;
1479
1480 -- if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
1481 -+ if (is_ram && pfn_valid(pfn) && (pfn >= 0x100 || !PageReserved(pfn_to_page(pfn))))
1482 - return NULL;
1483 - WARN_ON_ONCE(is_ram);
1484 - }
1485 -@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot);
1486 + WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
1487 +@@ -268,7 +268,7 @@ EXPORT_SYMBOL(ioremap_prot);
1488 *
1489 * Caller must ensure there is only one unmapping for the same pointer.
1490 */
1491 @@ -32901,7 +32904,7 @@ index 597ac15..49841be 100644
1492 {
1493 struct vm_struct *p, *o;
1494
1495 -@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
1496 +@@ -322,6 +322,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
1497
1498 /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
1499 if (page_is_ram(start >> PAGE_SHIFT))
1500 @@ -32911,7 +32914,7 @@ index 597ac15..49841be 100644
1501 return __va(phys);
1502
1503 addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
1504 -@@ -322,13 +325,16 @@ void *xlate_dev_mem_ptr(unsigned long phys)
1505 +@@ -334,13 +337,16 @@ void *xlate_dev_mem_ptr(unsigned long phys)
1506 void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
1507 {
1508 if (page_is_ram(phys >> PAGE_SHIFT))
1509 @@ -32929,7 +32932,7 @@ index 597ac15..49841be 100644
1510
1511 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
1512 {
1513 -@@ -358,8 +364,7 @@ void __init early_ioremap_init(void)
1514 +@@ -370,8 +376,7 @@ void __init early_ioremap_init(void)
1515 early_ioremap_setup();
1516
1517 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
1518 @@ -38688,7 +38691,7 @@ index 8320abd..ec48108 100644
1519
1520 if (cmd != SIOCWANDEV)
1521 diff --git a/drivers/char/random.c b/drivers/char/random.c
1522 -index 2b6e4cd..43d7ae1 100644
1523 +index 2b6e4cd..32033f3 100644
1524 --- a/drivers/char/random.c
1525 +++ b/drivers/char/random.c
1526 @@ -270,10 +270,17 @@
1527 @@ -38772,7 +38775,44 @@ index 2b6e4cd..43d7ae1 100644
1528 unsigned int add =
1529 ((pool_size - entropy_count)*anfrac*3) >> s;
1530
1531 -@@ -1166,7 +1177,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1532 +@@ -641,7 +652,7 @@ retry:
1533 + } while (unlikely(entropy_count < pool_size-2 && pnfrac));
1534 + }
1535 +
1536 +- if (entropy_count < 0) {
1537 ++ if (unlikely(entropy_count < 0)) {
1538 + pr_warn("random: negative entropy/overflow: pool %s count %d\n",
1539 + r->name, entropy_count);
1540 + WARN_ON(1);
1541 +@@ -980,7 +991,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
1542 + int reserved)
1543 + {
1544 + int entropy_count, orig;
1545 +- size_t ibytes;
1546 ++ size_t ibytes, nfrac;
1547 +
1548 + BUG_ON(r->entropy_count > r->poolinfo->poolfracbits);
1549 +
1550 +@@ -998,7 +1009,17 @@ retry:
1551 + }
1552 + if (ibytes < min)
1553 + ibytes = 0;
1554 +- if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0)
1555 ++
1556 ++ if (unlikely(entropy_count < 0)) {
1557 ++ pr_warn("random: negative entropy count: pool %s count %d\n",
1558 ++ r->name, entropy_count);
1559 ++ WARN_ON(1);
1560 ++ entropy_count = 0;
1561 ++ }
1562 ++ nfrac = ibytes << (ENTROPY_SHIFT + 3);
1563 ++ if ((size_t) entropy_count > nfrac)
1564 ++ entropy_count -= nfrac;
1565 ++ else
1566 + entropy_count = 0;
1567 +
1568 + if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
1569 +@@ -1166,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1570
1571 extract_buf(r, tmp);
1572 i = min_t(int, nbytes, EXTRACT_SIZE);
1573 @@ -38781,7 +38821,15 @@ index 2b6e4cd..43d7ae1 100644
1574 ret = -EFAULT;
1575 break;
1576 }
1577 -@@ -1555,7 +1566,7 @@ static char sysctl_bootid[16];
1578 +@@ -1375,6 +1396,7 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
1579 + "with %d bits of entropy available\n",
1580 + current->comm, nonblocking_pool.entropy_total);
1581 +
1582 ++ nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3));
1583 + ret = extract_entropy_user(&nonblocking_pool, buf, nbytes);
1584 +
1585 + trace_urandom_read(8 * nbytes, ENTROPY_BITS(&nonblocking_pool),
1586 +@@ -1555,7 +1577,7 @@ static char sysctl_bootid[16];
1587 static int proc_do_uuid(struct ctl_table *table, int write,
1588 void __user *buffer, size_t *lenp, loff_t *ppos)
1589 {
1590 @@ -38790,7 +38838,7 @@ index 2b6e4cd..43d7ae1 100644
1591 unsigned char buf[64], tmp_uuid[16], *uuid;
1592
1593 uuid = table->data;
1594 -@@ -1585,7 +1596,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
1595 +@@ -1585,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
1596 static int proc_do_entropy(ctl_table *table, int write,
1597 void __user *buffer, size_t *lenp, loff_t *ppos)
1598 {
1599 @@ -39194,7 +39242,7 @@ index 18d4091..434be15 100644
1600 }
1601 EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
1602 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
1603 -index fcd0c92..7b736c2 100644
1604 +index 870eecc..787bbca 100644
1605 --- a/drivers/cpufreq/intel_pstate.c
1606 +++ b/drivers/cpufreq/intel_pstate.c
1607 @@ -125,10 +125,10 @@ struct pstate_funcs {
1608 @@ -39210,7 +39258,7 @@ index fcd0c92..7b736c2 100644
1609
1610 struct perf_limits {
1611 int no_turbo;
1612 -@@ -526,7 +526,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
1613 +@@ -530,7 +530,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
1614
1615 cpu->pstate.current_pstate = pstate;
1616
1617 @@ -39219,7 +39267,7 @@ index fcd0c92..7b736c2 100644
1618 }
1619
1620 static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
1621 -@@ -548,12 +548,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
1622 +@@ -552,12 +552,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
1623 {
1624 sprintf(cpu->name, "Intel 2nd generation core");
1625
1626 @@ -39237,7 +39285,7 @@ index fcd0c92..7b736c2 100644
1627 intel_pstate_set_pstate(cpu, cpu->pstate.min_pstate);
1628 }
1629
1630 -@@ -838,9 +838,9 @@ static int intel_pstate_msrs_not_valid(void)
1631 +@@ -847,9 +847,9 @@ static int intel_pstate_msrs_not_valid(void)
1632 rdmsrl(MSR_IA32_APERF, aperf);
1633 rdmsrl(MSR_IA32_MPERF, mperf);
1634
1635 @@ -39250,7 +39298,7 @@ index fcd0c92..7b736c2 100644
1636 return -ENODEV;
1637
1638 rdmsrl(MSR_IA32_APERF, tmp);
1639 -@@ -854,7 +854,7 @@ static int intel_pstate_msrs_not_valid(void)
1640 +@@ -863,7 +863,7 @@ static int intel_pstate_msrs_not_valid(void)
1641 return 0;
1642 }
1643
1644 @@ -39259,7 +39307,7 @@ index fcd0c92..7b736c2 100644
1645 {
1646 pid_params.sample_rate_ms = policy->sample_rate_ms;
1647 pid_params.p_gain_pct = policy->p_gain_pct;
1648 -@@ -866,11 +866,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
1649 +@@ -875,11 +875,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
1650
1651 static void copy_cpu_funcs(struct pstate_funcs *funcs)
1652 {
1653 @@ -40320,10 +40368,10 @@ index 3c59584..500f2e9 100644
1654
1655 return ret;
1656 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
1657 -index 5b60e25..eac1625 100644
1658 +index b91dfbe..b7fb16d 100644
1659 --- a/drivers/gpu/drm/i915/intel_display.c
1660 +++ b/drivers/gpu/drm/i915/intel_display.c
1661 -@@ -11171,13 +11171,13 @@ struct intel_quirk {
1662 +@@ -11179,13 +11179,13 @@ struct intel_quirk {
1663 int subsystem_vendor;
1664 int subsystem_device;
1665 void (*hook)(struct drm_device *dev);
1666 @@ -40339,7 +40387,7 @@ index 5b60e25..eac1625 100644
1667
1668 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
1669 {
1670 -@@ -11185,18 +11185,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
1671 +@@ -11193,18 +11193,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
1672 return 1;
1673 }
1674
1675 @@ -41056,28 +41104,6 @@ index c8a8a51..219dacc 100644
1676 }
1677 vma->vm_ops = &radeon_ttm_vm_ops;
1678 return 0;
1679 -diff --git a/drivers/gpu/drm/radeon/radeon_vm.c b/drivers/gpu/drm/radeon/radeon_vm.c
1680 -index c11b71d..c8c48aa 100644
1681 ---- a/drivers/gpu/drm/radeon/radeon_vm.c
1682 -+++ b/drivers/gpu/drm/radeon/radeon_vm.c
1683 -@@ -493,7 +493,7 @@ int radeon_vm_bo_set_addr(struct radeon_device *rdev,
1684 - mutex_unlock(&vm->mutex);
1685 -
1686 - r = radeon_bo_create(rdev, RADEON_VM_PTE_COUNT * 8,
1687 -- RADEON_GPU_PAGE_SIZE, false,
1688 -+ RADEON_GPU_PAGE_SIZE, true,
1689 - RADEON_GEM_DOMAIN_VRAM, NULL, &pt);
1690 - if (r)
1691 - return r;
1692 -@@ -913,7 +913,7 @@ int radeon_vm_init(struct radeon_device *rdev, struct radeon_vm *vm)
1693 - return -ENOMEM;
1694 - }
1695 -
1696 -- r = radeon_bo_create(rdev, pd_size, RADEON_VM_PTB_ALIGN_SIZE, false,
1697 -+ r = radeon_bo_create(rdev, pd_size, RADEON_VM_PTB_ALIGN_SIZE, true,
1698 - RADEON_GEM_DOMAIN_VRAM, NULL,
1699 - &vm->page_directory);
1700 - if (r)
1701 diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c
1702 index edb871d..a275c6ed 100644
1703 --- a/drivers/gpu/drm/tegra/dc.c
1704 @@ -43868,10 +43894,10 @@ index b086a94..74cb67e 100644
1705 pmd->bl_info.value_type.inc = data_block_inc;
1706 pmd->bl_info.value_type.dec = data_block_dec;
1707 diff --git a/drivers/md/dm.c b/drivers/md/dm.c
1708 -index 455e649..1f214be 100644
1709 +index 490ac23..b9790cd 100644
1710 --- a/drivers/md/dm.c
1711 +++ b/drivers/md/dm.c
1712 -@@ -178,9 +178,9 @@ struct mapped_device {
1713 +@@ -180,9 +180,9 @@ struct mapped_device {
1714 /*
1715 * Event handling.
1716 */
1717 @@ -43883,7 +43909,7 @@ index 455e649..1f214be 100644
1718 struct list_head uevent_list;
1719 spinlock_t uevent_lock; /* Protect access to uevent_list */
1720
1721 -@@ -1884,8 +1884,8 @@ static struct mapped_device *alloc_dev(int minor)
1722 +@@ -1895,8 +1895,8 @@ static struct mapped_device *alloc_dev(int minor)
1723 spin_lock_init(&md->deferred_lock);
1724 atomic_set(&md->holders, 1);
1725 atomic_set(&md->open_count, 0);
1726 @@ -43894,7 +43920,7 @@ index 455e649..1f214be 100644
1727 INIT_LIST_HEAD(&md->uevent_list);
1728 spin_lock_init(&md->uevent_lock);
1729
1730 -@@ -2039,7 +2039,7 @@ static void event_callback(void *context)
1731 +@@ -2050,7 +2050,7 @@ static void event_callback(void *context)
1732
1733 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
1734
1735 @@ -43903,7 +43929,7 @@ index 455e649..1f214be 100644
1736 wake_up(&md->eventq);
1737 }
1738
1739 -@@ -2732,18 +2732,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
1740 +@@ -2743,18 +2743,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
1741
1742 uint32_t dm_next_uevent_seq(struct mapped_device *md)
1743 {
1744 @@ -46857,6 +46883,24 @@ index 5920c99..ff2e4a5 100644
1745 };
1746
1747 static void
1748 +diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c
1749 +index 5895f19..fa9fdfa 100644
1750 +--- a/drivers/net/wan/x25_asy.c
1751 ++++ b/drivers/net/wan/x25_asy.c
1752 +@@ -122,8 +122,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu)
1753 + {
1754 + struct x25_asy *sl = netdev_priv(dev);
1755 + unsigned char *xbuff, *rbuff;
1756 +- int len = 2 * newmtu;
1757 ++ int len;
1758 +
1759 ++ if (newmtu > 65534)
1760 ++ return -EINVAL;
1761 ++
1762 ++ len = 2 * newmtu;
1763 + xbuff = kmalloc(len + 4, GFP_ATOMIC);
1764 + rbuff = kmalloc(len + 4, GFP_ATOMIC);
1765 +
1766 diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c
1767 index feacc3b..5bac0de 100644
1768 --- a/drivers/net/wan/z85230.c
1769 @@ -59617,7 +59661,7 @@ index e6574d7..c30cbe2 100644
1770 brelse(bh);
1771 bh = NULL;
1772 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
1773 -index fe4e668..f983538 100644
1774 +index 2735a72..d083044 100644
1775 --- a/fs/ext4/mballoc.c
1776 +++ b/fs/ext4/mballoc.c
1777 @@ -1889,7 +1889,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
1778 @@ -59747,7 +59791,7 @@ index 04434ad..6404663 100644
1779 "MMP failure info: last update time: %llu, last update "
1780 "node: %s, last update device: %s\n",
1781 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
1782 -index 6f9e6fa..d0ebdb7 100644
1783 +index 29a403c..f58dbdb 100644
1784 --- a/fs/ext4/super.c
1785 +++ b/fs/ext4/super.c
1786 @@ -1275,7 +1275,7 @@ static ext4_fsblk_t get_sb_block(void **data)
1787 @@ -59759,7 +59803,7 @@ index 6f9e6fa..d0ebdb7 100644
1788 "Contact linux-ext4@×××××××××××.org if you think we should keep it.\n";
1789
1790 #ifdef CONFIG_QUOTA
1791 -@@ -2455,7 +2455,7 @@ struct ext4_attr {
1792 +@@ -2453,7 +2453,7 @@ struct ext4_attr {
1793 int offset;
1794 int deprecated_val;
1795 } u;
1796 @@ -59768,114 +59812,6 @@ index 6f9e6fa..d0ebdb7 100644
1797
1798 static int parse_strtoull(const char *buf,
1799 unsigned long long max, unsigned long long *value)
1800 -@@ -3869,38 +3869,19 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
1801 - goto failed_mount2;
1802 - }
1803 - }
1804 --
1805 -- /*
1806 -- * set up enough so that it can read an inode,
1807 -- * and create new inode for buddy allocator
1808 -- */
1809 -- sbi->s_gdb_count = db_count;
1810 -- if (!test_opt(sb, NOLOAD) &&
1811 -- EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
1812 -- sb->s_op = &ext4_sops;
1813 -- else
1814 -- sb->s_op = &ext4_nojournal_sops;
1815 --
1816 -- ext4_ext_init(sb);
1817 -- err = ext4_mb_init(sb);
1818 -- if (err) {
1819 -- ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
1820 -- err);
1821 -- goto failed_mount2;
1822 -- }
1823 --
1824 - if (!ext4_check_descriptors(sb, &first_not_zeroed)) {
1825 - ext4_msg(sb, KERN_ERR, "group descriptors corrupted!");
1826 -- goto failed_mount2a;
1827 -+ goto failed_mount2;
1828 - }
1829 - if (EXT4_HAS_INCOMPAT_FEATURE(sb, EXT4_FEATURE_INCOMPAT_FLEX_BG))
1830 - if (!ext4_fill_flex_info(sb)) {
1831 - ext4_msg(sb, KERN_ERR,
1832 - "unable to initialize "
1833 - "flex_bg meta info!");
1834 -- goto failed_mount2a;
1835 -+ goto failed_mount2;
1836 - }
1837 -
1838 -+ sbi->s_gdb_count = db_count;
1839 - get_random_bytes(&sbi->s_next_generation, sizeof(u32));
1840 - spin_lock_init(&sbi->s_next_gen_lock);
1841 -
1842 -@@ -3935,6 +3916,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
1843 - sbi->s_stripe = ext4_get_stripe_size(sbi);
1844 - sbi->s_extent_max_zeroout_kb = 32;
1845 -
1846 -+ /*
1847 -+ * set up enough so that it can read an inode
1848 -+ */
1849 -+ if (!test_opt(sb, NOLOAD) &&
1850 -+ EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_HAS_JOURNAL))
1851 -+ sb->s_op = &ext4_sops;
1852 -+ else
1853 -+ sb->s_op = &ext4_nojournal_sops;
1854 - sb->s_export_op = &ext4_export_ops;
1855 - sb->s_xattr = ext4_xattr_handlers;
1856 - #ifdef CONFIG_QUOTA
1857 -@@ -4124,13 +4113,21 @@ no_journal:
1858 - if (err) {
1859 - ext4_msg(sb, KERN_ERR, "failed to reserve %llu clusters for "
1860 - "reserved pool", ext4_calculate_resv_clusters(sb));
1861 -- goto failed_mount5;
1862 -+ goto failed_mount4a;
1863 - }
1864 -
1865 - err = ext4_setup_system_zone(sb);
1866 - if (err) {
1867 - ext4_msg(sb, KERN_ERR, "failed to initialize system "
1868 - "zone (%d)", err);
1869 -+ goto failed_mount4a;
1870 -+ }
1871 -+
1872 -+ ext4_ext_init(sb);
1873 -+ err = ext4_mb_init(sb);
1874 -+ if (err) {
1875 -+ ext4_msg(sb, KERN_ERR, "failed to initialize mballoc (%d)",
1876 -+ err);
1877 - goto failed_mount5;
1878 - }
1879 -
1880 -@@ -4207,8 +4204,11 @@ failed_mount8:
1881 - failed_mount7:
1882 - ext4_unregister_li_request(sb);
1883 - failed_mount6:
1884 -- ext4_release_system_zone(sb);
1885 -+ ext4_mb_release(sb);
1886 - failed_mount5:
1887 -+ ext4_ext_release(sb);
1888 -+ ext4_release_system_zone(sb);
1889 -+failed_mount4a:
1890 - dput(sb->s_root);
1891 - sb->s_root = NULL;
1892 - failed_mount4:
1893 -@@ -4232,14 +4232,11 @@ failed_mount3:
1894 - percpu_counter_destroy(&sbi->s_extent_cache_cnt);
1895 - if (sbi->s_mmp_tsk)
1896 - kthread_stop(sbi->s_mmp_tsk);
1897 --failed_mount2a:
1898 -- ext4_mb_release(sb);
1899 - failed_mount2:
1900 - for (i = 0; i < db_count; i++)
1901 - brelse(sbi->s_group_desc[i]);
1902 - ext4_kvfree(sbi->s_group_desc);
1903 - failed_mount:
1904 -- ext4_ext_release(sb);
1905 - if (sbi->s_chksum_driver)
1906 - crypto_free_shash(sbi->s_chksum_driver);
1907 - if (sbi->s_proc) {
1908 diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c
1909 index 4eec399..1d9444c 100644
1910 --- a/fs/ext4/xattr.c
1911 @@ -61681,7 +61617,7 @@ index 97f7fda..09bd33d 100644
1912 if (jfs_inode_cachep == NULL)
1913 return -ENOMEM;
1914 diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c
1915 -index ac127cd..d8079db 100644
1916 +index a693f5b..82276a1 100644
1917 --- a/fs/kernfs/dir.c
1918 +++ b/fs/kernfs/dir.c
1919 @@ -182,7 +182,7 @@ struct kernfs_node *kernfs_get_parent(struct kernfs_node *kn)
1920 @@ -61874,7 +61810,7 @@ index d55297f..f5b28c5 100644
1921 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
1922
1923 diff --git a/fs/namei.c b/fs/namei.c
1924 -index 985c6f3..f67a0f8 100644
1925 +index 985c6f3..5f520b67 100644
1926 --- a/fs/namei.c
1927 +++ b/fs/namei.c
1928 @@ -330,17 +330,32 @@ int generic_permission(struct inode *inode, int mask)
1929 @@ -62009,7 +61945,19 @@ index 985c6f3..f67a0f8 100644
1930 return retval;
1931 }
1932
1933 -@@ -2569,6 +2600,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
1934 +@@ -2256,9 +2287,10 @@ done:
1935 + goto out;
1936 + }
1937 + path->dentry = dentry;
1938 +- path->mnt = mntget(nd->path.mnt);
1939 ++ path->mnt = nd->path.mnt;
1940 + if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW))
1941 + return 1;
1942 ++ mntget(path->mnt);
1943 + follow_mount(path);
1944 + error = 0;
1945 + out:
1946 +@@ -2569,6 +2601,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
1947 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
1948 return -EPERM;
1949
1950 @@ -62023,7 +61971,7 @@ index 985c6f3..f67a0f8 100644
1951 return 0;
1952 }
1953
1954 -@@ -2800,7 +2838,7 @@ looked_up:
1955 +@@ -2800,7 +2839,7 @@ looked_up:
1956 * cleared otherwise prior to returning.
1957 */
1958 static int lookup_open(struct nameidata *nd, struct path *path,
1959 @@ -62032,7 +61980,7 @@ index 985c6f3..f67a0f8 100644
1960 const struct open_flags *op,
1961 bool got_write, int *opened)
1962 {
1963 -@@ -2835,6 +2873,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1964 +@@ -2835,6 +2874,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1965 /* Negative dentry, just create the file */
1966 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
1967 umode_t mode = op->mode;
1968 @@ -62050,7 +61998,7 @@ index 985c6f3..f67a0f8 100644
1969 if (!IS_POSIXACL(dir->d_inode))
1970 mode &= ~current_umask();
1971 /*
1972 -@@ -2856,6 +2905,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1973 +@@ -2856,6 +2906,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1974 nd->flags & LOOKUP_EXCL);
1975 if (error)
1976 goto out_dput;
1977 @@ -62059,7 +62007,7 @@ index 985c6f3..f67a0f8 100644
1978 }
1979 out_no_open:
1980 path->dentry = dentry;
1981 -@@ -2870,7 +2921,7 @@ out_dput:
1982 +@@ -2870,7 +2922,7 @@ out_dput:
1983 /*
1984 * Handle the last step of open()
1985 */
1986 @@ -62068,7 +62016,7 @@ index 985c6f3..f67a0f8 100644
1987 struct file *file, const struct open_flags *op,
1988 int *opened, struct filename *name)
1989 {
1990 -@@ -2920,6 +2971,15 @@ static int do_last(struct nameidata *nd, struct path *path,
1991 +@@ -2920,6 +2972,15 @@ static int do_last(struct nameidata *nd, struct path *path,
1992 if (error)
1993 return error;
1994
1995 @@ -62084,7 +62032,7 @@ index 985c6f3..f67a0f8 100644
1996 audit_inode(name, dir, LOOKUP_PARENT);
1997 error = -EISDIR;
1998 /* trailing slashes? */
1999 -@@ -2939,7 +2999,7 @@ retry_lookup:
2000 +@@ -2939,7 +3000,7 @@ retry_lookup:
2001 */
2002 }
2003 mutex_lock(&dir->d_inode->i_mutex);
2004 @@ -62093,7 +62041,7 @@ index 985c6f3..f67a0f8 100644
2005 mutex_unlock(&dir->d_inode->i_mutex);
2006
2007 if (error <= 0) {
2008 -@@ -2963,11 +3023,28 @@ retry_lookup:
2009 +@@ -2963,11 +3024,28 @@ retry_lookup:
2010 goto finish_open_created;
2011 }
2012
2013 @@ -62123,7 +62071,7 @@ index 985c6f3..f67a0f8 100644
2014
2015 /*
2016 * If atomic_open() acquired write access it is dropped now due to
2017 -@@ -3008,6 +3085,11 @@ finish_lookup:
2018 +@@ -3008,6 +3086,11 @@ finish_lookup:
2019 }
2020 }
2021 BUG_ON(inode != path->dentry->d_inode);
2022 @@ -62135,7 +62083,7 @@ index 985c6f3..f67a0f8 100644
2023 return 1;
2024 }
2025
2026 -@@ -3017,7 +3099,6 @@ finish_lookup:
2027 +@@ -3017,7 +3100,6 @@ finish_lookup:
2028 save_parent.dentry = nd->path.dentry;
2029 save_parent.mnt = mntget(path->mnt);
2030 nd->path.dentry = path->dentry;
2031 @@ -62143,7 +62091,7 @@ index 985c6f3..f67a0f8 100644
2032 }
2033 nd->inode = inode;
2034 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
2035 -@@ -3027,7 +3108,18 @@ finish_open:
2036 +@@ -3027,7 +3109,18 @@ finish_open:
2037 path_put(&save_parent);
2038 return error;
2039 }
2040 @@ -62162,7 +62110,7 @@ index 985c6f3..f67a0f8 100644
2041 error = -EISDIR;
2042 if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
2043 goto out;
2044 -@@ -3190,7 +3282,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
2045 +@@ -3190,7 +3283,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
2046 if (unlikely(error))
2047 goto out;
2048
2049 @@ -62171,7 +62119,7 @@ index 985c6f3..f67a0f8 100644
2050 while (unlikely(error > 0)) { /* trailing symlink */
2051 struct path link = path;
2052 void *cookie;
2053 -@@ -3208,7 +3300,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
2054 +@@ -3208,7 +3301,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
2055 error = follow_link(&link, nd, &cookie);
2056 if (unlikely(error))
2057 break;
2058 @@ -62180,7 +62128,7 @@ index 985c6f3..f67a0f8 100644
2059 put_link(nd, &link, cookie);
2060 }
2061 out:
2062 -@@ -3308,9 +3400,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
2063 +@@ -3308,9 +3401,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
2064 goto unlock;
2065
2066 error = -EEXIST;
2067 @@ -62194,7 +62142,7 @@ index 985c6f3..f67a0f8 100644
2068 /*
2069 * Special case - lookup gave negative, but... we had foo/bar/
2070 * From the vfs_mknod() POV we just have a negative dentry -
2071 -@@ -3362,6 +3456,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
2072 +@@ -3362,6 +3457,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
2073 }
2074 EXPORT_SYMBOL(user_path_create);
2075
2076 @@ -62215,7 +62163,7 @@ index 985c6f3..f67a0f8 100644
2077 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2078 {
2079 int error = may_create(dir, dentry);
2080 -@@ -3425,6 +3533,17 @@ retry:
2081 +@@ -3425,6 +3534,17 @@ retry:
2082
2083 if (!IS_POSIXACL(path.dentry->d_inode))
2084 mode &= ~current_umask();
2085 @@ -62233,7 +62181,7 @@ index 985c6f3..f67a0f8 100644
2086 error = security_path_mknod(&path, dentry, mode, dev);
2087 if (error)
2088 goto out;
2089 -@@ -3441,6 +3560,8 @@ retry:
2090 +@@ -3441,6 +3561,8 @@ retry:
2091 break;
2092 }
2093 out:
2094 @@ -62242,7 +62190,7 @@ index 985c6f3..f67a0f8 100644
2095 done_path_create(&path, dentry);
2096 if (retry_estale(error, lookup_flags)) {
2097 lookup_flags |= LOOKUP_REVAL;
2098 -@@ -3494,9 +3615,16 @@ retry:
2099 +@@ -3494,9 +3616,16 @@ retry:
2100
2101 if (!IS_POSIXACL(path.dentry->d_inode))
2102 mode &= ~current_umask();
2103 @@ -62259,7 +62207,7 @@ index 985c6f3..f67a0f8 100644
2104 done_path_create(&path, dentry);
2105 if (retry_estale(error, lookup_flags)) {
2106 lookup_flags |= LOOKUP_REVAL;
2107 -@@ -3579,6 +3707,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
2108 +@@ -3579,6 +3708,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
2109 struct filename *name;
2110 struct dentry *dentry;
2111 struct nameidata nd;
2112 @@ -62268,7 +62216,7 @@ index 985c6f3..f67a0f8 100644
2113 unsigned int lookup_flags = 0;
2114 retry:
2115 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
2116 -@@ -3611,10 +3741,21 @@ retry:
2117 +@@ -3611,10 +3742,21 @@ retry:
2118 error = -ENOENT;
2119 goto exit3;
2120 }
2121 @@ -62290,7 +62238,7 @@ index 985c6f3..f67a0f8 100644
2122 exit3:
2123 dput(dentry);
2124 exit2:
2125 -@@ -3705,6 +3846,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
2126 +@@ -3705,6 +3847,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
2127 struct nameidata nd;
2128 struct inode *inode = NULL;
2129 struct inode *delegated_inode = NULL;
2130 @@ -62299,7 +62247,7 @@ index 985c6f3..f67a0f8 100644
2131 unsigned int lookup_flags = 0;
2132 retry:
2133 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
2134 -@@ -3731,10 +3874,22 @@ retry_deleg:
2135 +@@ -3731,10 +3875,22 @@ retry_deleg:
2136 if (d_is_negative(dentry))
2137 goto slashes;
2138 ihold(inode);
2139 @@ -62322,7 +62270,7 @@ index 985c6f3..f67a0f8 100644
2140 exit2:
2141 dput(dentry);
2142 }
2143 -@@ -3823,9 +3978,17 @@ retry:
2144 +@@ -3823,9 +3979,17 @@ retry:
2145 if (IS_ERR(dentry))
2146 goto out_putname;
2147
2148 @@ -62340,7 +62288,7 @@ index 985c6f3..f67a0f8 100644
2149 done_path_create(&path, dentry);
2150 if (retry_estale(error, lookup_flags)) {
2151 lookup_flags |= LOOKUP_REVAL;
2152 -@@ -3929,6 +4092,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2153 +@@ -3929,6 +4093,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
2154 struct dentry *new_dentry;
2155 struct path old_path, new_path;
2156 struct inode *delegated_inode = NULL;
2157 @@ -62348,7 +62296,7 @@ index 985c6f3..f67a0f8 100644
2158 int how = 0;
2159 int error;
2160
2161 -@@ -3952,7 +4116,7 @@ retry:
2162 +@@ -3952,7 +4117,7 @@ retry:
2163 if (error)
2164 return error;
2165
2166 @@ -62357,7 +62305,7 @@ index 985c6f3..f67a0f8 100644
2167 (how & LOOKUP_REVAL));
2168 error = PTR_ERR(new_dentry);
2169 if (IS_ERR(new_dentry))
2170 -@@ -3964,11 +4128,28 @@ retry:
2171 +@@ -3964,11 +4129,28 @@ retry:
2172 error = may_linkat(&old_path);
2173 if (unlikely(error))
2174 goto out_dput;
2175 @@ -62386,7 +62334,7 @@ index 985c6f3..f67a0f8 100644
2176 done_path_create(&new_path, new_dentry);
2177 if (delegated_inode) {
2178 error = break_deleg_wait(&delegated_inode);
2179 -@@ -4278,6 +4459,12 @@ retry_deleg:
2180 +@@ -4278,6 +4460,12 @@ retry_deleg:
2181 if (new_dentry == trap)
2182 goto exit5;
2183
2184 @@ -62399,7 +62347,7 @@ index 985c6f3..f67a0f8 100644
2185 error = security_path_rename(&oldnd.path, old_dentry,
2186 &newnd.path, new_dentry, flags);
2187 if (error)
2188 -@@ -4285,6 +4472,9 @@ retry_deleg:
2189 +@@ -4285,6 +4473,9 @@ retry_deleg:
2190 error = vfs_rename(old_dir->d_inode, old_dentry,
2191 new_dir->d_inode, new_dentry,
2192 &delegated_inode, flags);
2193 @@ -62409,7 +62357,7 @@ index 985c6f3..f67a0f8 100644
2194 exit5:
2195 dput(new_dentry);
2196 exit4:
2197 -@@ -4327,14 +4517,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
2198 +@@ -4327,14 +4518,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
2199
2200 int readlink_copy(char __user *buffer, int buflen, const char *link)
2201 {
2202 @@ -85909,10 +85857,10 @@ index 24663b3..b926ae1 100644
2203 +}
2204 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
2205 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
2206 -index ceee0c5..d6f81dd 100644
2207 +index 073226b..969c746 100644
2208 --- a/kernel/cgroup.c
2209 +++ b/kernel/cgroup.c
2210 -@@ -4757,7 +4757,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
2211 +@@ -4808,7 +4808,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
2212 struct task_struct *task;
2213 int count = 0;
2214
2215 @@ -91335,7 +91283,7 @@ index 4a54a25..7ca9c89 100644
2216
2217 ftrace_graph_active++;
2218 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
2219 -index c634868..00d0d19 100644
2220 +index 7c56c3d..9980576 100644
2221 --- a/kernel/trace/ring_buffer.c
2222 +++ b/kernel/trace/ring_buffer.c
2223 @@ -352,9 +352,9 @@ struct buffer_data_page {
2224 @@ -91361,7 +91309,7 @@ index c634868..00d0d19 100644
2225 local_t dropped_events;
2226 local_t committing;
2227 local_t commits;
2228 -@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2229 +@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2230 *
2231 * We add a counter to the write field to denote this.
2232 */
2233 @@ -91372,7 +91320,7 @@ index c634868..00d0d19 100644
2234
2235 /*
2236 * Just make sure we have seen our old_write and synchronize
2237 -@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2238 +@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2239 * cmpxchg to only update if an interrupt did not already
2240 * do it for us. If the cmpxchg fails, we don't care.
2241 */
2242 @@ -91383,7 +91331,7 @@ index c634868..00d0d19 100644
2243
2244 /*
2245 * No need to worry about races with clearing out the commit.
2246 -@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
2247 +@@ -1392,12 +1392,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
2248
2249 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
2250 {
2251 @@ -91398,7 +91346,7 @@ index c634868..00d0d19 100644
2252 }
2253
2254 static int
2255 -@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
2256 +@@ -1492,7 +1492,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
2257 * bytes consumed in ring buffer from here.
2258 * Increment overrun to account for the lost events.
2259 */
2260 @@ -91407,7 +91355,7 @@ index c634868..00d0d19 100644
2261 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
2262 }
2263
2264 -@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
2265 +@@ -2070,7 +2070,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
2266 * it is our responsibility to update
2267 * the counters.
2268 */
2269 @@ -91416,7 +91364,7 @@ index c634868..00d0d19 100644
2270 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
2271
2272 /*
2273 -@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2274 +@@ -2220,7 +2220,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2275 if (tail == BUF_PAGE_SIZE)
2276 tail_page->real_end = 0;
2277
2278 @@ -91425,7 +91373,7 @@ index c634868..00d0d19 100644
2279 return;
2280 }
2281
2282 -@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2283 +@@ -2255,7 +2255,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2284 rb_event_set_padding(event);
2285
2286 /* Set the write back to the previous setting */
2287 @@ -91434,7 +91382,7 @@ index c634868..00d0d19 100644
2288 return;
2289 }
2290
2291 -@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2292 +@@ -2267,7 +2267,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2293
2294 /* Set write to end of buffer */
2295 length = (tail + length) - BUF_PAGE_SIZE;
2296 @@ -91443,7 +91391,7 @@ index c634868..00d0d19 100644
2297 }
2298
2299 /*
2300 -@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2301 +@@ -2293,7 +2293,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2302 * about it.
2303 */
2304 if (unlikely(next_page == commit_page)) {
2305 @@ -91452,7 +91400,7 @@ index c634868..00d0d19 100644
2306 goto out_reset;
2307 }
2308
2309 -@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2310 +@@ -2349,7 +2349,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2311 cpu_buffer->tail_page) &&
2312 (cpu_buffer->commit_page ==
2313 cpu_buffer->reader_page))) {
2314 @@ -91461,7 +91409,7 @@ index c634868..00d0d19 100644
2315 goto out_reset;
2316 }
2317 }
2318 -@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2319 +@@ -2397,7 +2397,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2320 length += RB_LEN_TIME_EXTEND;
2321
2322 tail_page = cpu_buffer->tail_page;
2323 @@ -91470,7 +91418,7 @@ index c634868..00d0d19 100644
2324
2325 /* set write to only the index of the write */
2326 write &= RB_WRITE_MASK;
2327 -@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2328 +@@ -2421,7 +2421,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2329 kmemcheck_annotate_bitfield(event, bitfield);
2330 rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
2331
2332 @@ -91479,7 +91427,7 @@ index c634868..00d0d19 100644
2333
2334 /*
2335 * If this is the first commit on the page, then update
2336 -@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2337 +@@ -2454,7 +2454,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2338
2339 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
2340 unsigned long write_mask =
2341 @@ -91488,7 +91436,7 @@ index c634868..00d0d19 100644
2342 unsigned long event_length = rb_event_length(event);
2343 /*
2344 * This is on the tail page. It is possible that
2345 -@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2346 +@@ -2464,7 +2464,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2347 */
2348 old_index += write_mask;
2349 new_index += write_mask;
2350 @@ -91497,7 +91445,7 @@ index c634868..00d0d19 100644
2351 if (index == old_index) {
2352 /* update counters */
2353 local_sub(event_length, &cpu_buffer->entries_bytes);
2354 -@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2355 +@@ -2856,7 +2856,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2356
2357 /* Do the likely case first */
2358 if (likely(bpage->page == (void *)addr)) {
2359 @@ -91506,7 +91454,7 @@ index c634868..00d0d19 100644
2360 return;
2361 }
2362
2363 -@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2364 +@@ -2868,7 +2868,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2365 start = bpage;
2366 do {
2367 if (bpage->page == (void *)addr) {
2368 @@ -91515,7 +91463,7 @@ index c634868..00d0d19 100644
2369 return;
2370 }
2371 rb_inc_page(cpu_buffer, &bpage);
2372 -@@ -3149,7 +3149,7 @@ static inline unsigned long
2373 +@@ -3152,7 +3152,7 @@ static inline unsigned long
2374 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
2375 {
2376 return local_read(&cpu_buffer->entries) -
2377 @@ -91524,7 +91472,7 @@ index c634868..00d0d19 100644
2378 }
2379
2380 /**
2381 -@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
2382 +@@ -3241,7 +3241,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
2383 return 0;
2384
2385 cpu_buffer = buffer->buffers[cpu];
2386 @@ -91533,7 +91481,7 @@ index c634868..00d0d19 100644
2387
2388 return ret;
2389 }
2390 -@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
2391 +@@ -3264,7 +3264,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
2392 return 0;
2393
2394 cpu_buffer = buffer->buffers[cpu];
2395 @@ -91542,7 +91490,7 @@ index c634868..00d0d19 100644
2396
2397 return ret;
2398 }
2399 -@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
2400 +@@ -3349,7 +3349,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
2401 /* if you care about this being correct, lock the buffer */
2402 for_each_buffer_cpu(buffer, cpu) {
2403 cpu_buffer = buffer->buffers[cpu];
2404 @@ -91551,7 +91499,7 @@ index c634868..00d0d19 100644
2405 }
2406
2407 return overruns;
2408 -@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2409 +@@ -3525,8 +3525,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2410 /*
2411 * Reset the reader page to size zero.
2412 */
2413 @@ -91562,7 +91510,7 @@ index c634868..00d0d19 100644
2414 local_set(&cpu_buffer->reader_page->page->commit, 0);
2415 cpu_buffer->reader_page->real_end = 0;
2416
2417 -@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2418 +@@ -3560,7 +3560,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2419 * want to compare with the last_overrun.
2420 */
2421 smp_mb();
2422 @@ -91571,7 +91519,7 @@ index c634868..00d0d19 100644
2423
2424 /*
2425 * Here's the tricky part.
2426 -@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2427 +@@ -4130,8 +4130,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2428
2429 cpu_buffer->head_page
2430 = list_entry(cpu_buffer->pages, struct buffer_page, list);
2431 @@ -91582,7 +91530,7 @@ index c634868..00d0d19 100644
2432 local_set(&cpu_buffer->head_page->page->commit, 0);
2433
2434 cpu_buffer->head_page->read = 0;
2435 -@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2436 +@@ -4141,14 +4141,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2437
2438 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
2439 INIT_LIST_HEAD(&cpu_buffer->new_pages);
2440 @@ -91601,7 +91549,7 @@ index c634868..00d0d19 100644
2441 local_set(&cpu_buffer->dropped_events, 0);
2442 local_set(&cpu_buffer->entries, 0);
2443 local_set(&cpu_buffer->committing, 0);
2444 -@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
2445 +@@ -4553,8 +4553,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
2446 rb_init_page(bpage);
2447 bpage = reader->page;
2448 reader->page = *data_page;
2449 @@ -91613,7 +91561,7 @@ index c634868..00d0d19 100644
2450 *data_page = bpage;
2451
2452 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2453 -index 1848dc6..5fc244c 100644
2454 +index 39a1226..2dc2b43 100644
2455 --- a/kernel/trace/trace.c
2456 +++ b/kernel/trace/trace.c
2457 @@ -3447,7 +3447,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
2458 @@ -91626,7 +91574,7 @@ index 1848dc6..5fc244c 100644
2459 /* do nothing if flag is already set */
2460 if (!!(trace_flags & mask) == !!enabled)
2461 diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
2462 -index 2e29d7b..61367d7 100644
2463 +index 99676cd..670b9e8 100644
2464 --- a/kernel/trace/trace.h
2465 +++ b/kernel/trace/trace.h
2466 @@ -1264,7 +1264,7 @@ extern const char *__stop___tracepoint_str[];
2467 @@ -91819,10 +91767,10 @@ index 30e4822..dd2b854 100644
2468 .thread_should_run = watchdog_should_run,
2469 .thread_fn = watchdog,
2470 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
2471 -index 8edc8718..b6a70b9 100644
2472 +index 7ba5897..c8ed1f2 100644
2473 --- a/kernel/workqueue.c
2474 +++ b/kernel/workqueue.c
2475 -@@ -4709,7 +4709,7 @@ static void rebind_workers(struct worker_pool *pool)
2476 +@@ -4710,7 +4710,7 @@ static void rebind_workers(struct worker_pool *pool)
2477 WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
2478 worker_flags |= WORKER_REBOUND;
2479 worker_flags &= ~WORKER_UNBOUND;
2480 @@ -93143,7 +93091,7 @@ index eb8fb72..ae36cf3 100644
2481 }
2482 unset_migratetype_isolate(page, MIGRATE_MOVABLE);
2483 diff --git a/mm/memory.c b/mm/memory.c
2484 -index e302ae1..c0ef712 100644
2485 +index e302ae1..779c7ce 100644
2486 --- a/mm/memory.c
2487 +++ b/mm/memory.c
2488 @@ -413,6 +413,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
2489 @@ -93633,7 +93581,17 @@ index e302ae1..c0ef712 100644
2490 unlock:
2491 pte_unmap_unlock(page_table, ptl);
2492 return 0;
2493 -@@ -3535,6 +3724,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2494 +@@ -3515,7 +3704,8 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2495 + * if page by the offset is not ready to be mapped (cold cache or
2496 + * something).
2497 + */
2498 +- if (vma->vm_ops->map_pages) {
2499 ++ if (vma->vm_ops->map_pages && !(flags & FAULT_FLAG_NONLINEAR) &&
2500 ++ fault_around_pages() > 1) {
2501 + pte = pte_offset_map_lock(mm, pmd, address, &ptl);
2502 + do_fault_around(vma, address, pte, pgoff, flags);
2503 + if (!pte_same(*pte, orig_pte))
2504 +@@ -3535,6 +3725,11 @@ static int do_read_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2505 return ret;
2506 }
2507 do_set_pte(vma, address, fault_page, pte, false, false);
2508 @@ -93645,7 +93603,7 @@ index e302ae1..c0ef712 100644
2509 unlock_page(fault_page);
2510 unlock_out:
2511 pte_unmap_unlock(pte, ptl);
2512 -@@ -3576,7 +3770,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2513 +@@ -3576,7 +3771,18 @@ static int do_cow_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2514 page_cache_release(fault_page);
2515 goto uncharge_out;
2516 }
2517 @@ -93664,7 +93622,7 @@ index e302ae1..c0ef712 100644
2518 pte_unmap_unlock(pte, ptl);
2519 unlock_page(fault_page);
2520 page_cache_release(fault_page);
2521 -@@ -3624,6 +3829,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2522 +@@ -3624,6 +3830,11 @@ static int do_shared_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2523 return ret;
2524 }
2525 do_set_pte(vma, address, fault_page, pte, true, false);
2526 @@ -93676,7 +93634,7 @@ index e302ae1..c0ef712 100644
2527 pte_unmap_unlock(pte, ptl);
2528
2529 if (set_page_dirty(fault_page))
2530 -@@ -3854,6 +4064,12 @@ static int handle_pte_fault(struct mm_struct *mm,
2531 +@@ -3854,6 +4065,12 @@ static int handle_pte_fault(struct mm_struct *mm,
2532 if (flags & FAULT_FLAG_WRITE)
2533 flush_tlb_fix_spurious_fault(vma, address);
2534 }
2535 @@ -93689,7 +93647,7 @@ index e302ae1..c0ef712 100644
2536 unlock:
2537 pte_unmap_unlock(pte, ptl);
2538 return 0;
2539 -@@ -3870,9 +4086,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2540 +@@ -3870,9 +4087,41 @@ static int __handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
2541 pmd_t *pmd;
2542 pte_t *pte;
2543
2544 @@ -93731,7 +93689,7 @@ index e302ae1..c0ef712 100644
2545 pgd = pgd_offset(mm, address);
2546 pud = pud_alloc(mm, pgd, address);
2547 if (!pud)
2548 -@@ -4000,6 +4248,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
2549 +@@ -4000,6 +4249,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
2550 spin_unlock(&mm->page_table_lock);
2551 return 0;
2552 }
2553 @@ -93755,7 +93713,7 @@ index e302ae1..c0ef712 100644
2554 #endif /* __PAGETABLE_PUD_FOLDED */
2555
2556 #ifndef __PAGETABLE_PMD_FOLDED
2557 -@@ -4030,6 +4295,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
2558 +@@ -4030,6 +4296,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
2559 spin_unlock(&mm->page_table_lock);
2560 return 0;
2561 }
2562 @@ -93786,7 +93744,7 @@ index e302ae1..c0ef712 100644
2563 #endif /* __PAGETABLE_PMD_FOLDED */
2564
2565 #if !defined(__HAVE_ARCH_GATE_AREA)
2566 -@@ -4043,7 +4332,7 @@ static int __init gate_vma_init(void)
2567 +@@ -4043,7 +4333,7 @@ static int __init gate_vma_init(void)
2568 gate_vma.vm_start = FIXADDR_USER_START;
2569 gate_vma.vm_end = FIXADDR_USER_END;
2570 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
2571 @@ -93795,7 +93753,7 @@ index e302ae1..c0ef712 100644
2572
2573 return 0;
2574 }
2575 -@@ -4177,8 +4466,8 @@ out:
2576 +@@ -4177,8 +4467,8 @@ out:
2577 return ret;
2578 }
2579
2580 @@ -93806,7 +93764,7 @@ index e302ae1..c0ef712 100644
2581 {
2582 resource_size_t phys_addr;
2583 unsigned long prot = 0;
2584 -@@ -4204,8 +4493,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
2585 +@@ -4204,8 +4494,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys);
2586 * Access another process' address space as given in mm. If non-NULL, use the
2587 * given task for page fault accounting.
2588 */
2589 @@ -93817,7 +93775,7 @@ index e302ae1..c0ef712 100644
2590 {
2591 struct vm_area_struct *vma;
2592 void *old_buf = buf;
2593 -@@ -4213,7 +4502,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
2594 +@@ -4213,7 +4503,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
2595 down_read(&mm->mmap_sem);
2596 /* ignore errors, just check how much was successfully transferred */
2597 while (len) {
2598 @@ -93826,7 +93784,7 @@ index e302ae1..c0ef712 100644
2599 void *maddr;
2600 struct page *page = NULL;
2601
2602 -@@ -4272,8 +4561,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
2603 +@@ -4272,8 +4562,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
2604 *
2605 * The caller must hold a reference on @mm.
2606 */
2607 @@ -93837,7 +93795,7 @@ index e302ae1..c0ef712 100644
2608 {
2609 return __access_remote_vm(NULL, mm, addr, buf, len, write);
2610 }
2611 -@@ -4283,11 +4572,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
2612 +@@ -4283,11 +4573,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
2613 * Source/target buffer must be kernel space,
2614 * Do not walk the page table directly, use get_user_pages
2615 */
2616 @@ -93853,7 +93811,7 @@ index e302ae1..c0ef712 100644
2617 mm = get_task_mm(tsk);
2618 if (!mm)
2619 diff --git a/mm/mempolicy.c b/mm/mempolicy.c
2620 -index 35f9f91..bed4575 100644
2621 +index 6b65d10..e6f415a 100644
2622 --- a/mm/mempolicy.c
2623 +++ b/mm/mempolicy.c
2624 @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
2625 @@ -95970,7 +95928,7 @@ index 14d1e28..3777962 100644
2626
2627 /*
2628 diff --git a/mm/shmem.c b/mm/shmem.c
2629 -index a2801ba..b8651e6 100644
2630 +index a2801ba..1e82984 100644
2631 --- a/mm/shmem.c
2632 +++ b/mm/shmem.c
2633 @@ -33,7 +33,7 @@
2634 @@ -95998,19 +95956,74 @@ index a2801ba..b8651e6 100644
2635 + * a time): we would prefer not to enlarge the shmem inode just for that.
2636 */
2637 struct shmem_falloc {
2638 -+ int mode; /* FALLOC_FL mode currently operating */
2639 ++ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
2640 pgoff_t start; /* start of range currently being fallocated */
2641 pgoff_t next; /* the next page offset to be fallocated */
2642 pgoff_t nr_falloced; /* how many new pages have been fallocated */
2643 -@@ -759,6 +760,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
2644 +@@ -467,23 +468,20 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2645 + return;
2646 +
2647 + index = start;
2648 +- for ( ; ; ) {
2649 ++ while (index < end) {
2650 + cond_resched();
2651 +
2652 + pvec.nr = find_get_entries(mapping, index,
2653 + min(end - index, (pgoff_t)PAGEVEC_SIZE),
2654 + pvec.pages, indices);
2655 + if (!pvec.nr) {
2656 +- if (index == start || unfalloc)
2657 ++ /* If all gone or hole-punch or unfalloc, we're done */
2658 ++ if (index == start || end != -1)
2659 + break;
2660 ++ /* But if truncating, restart to make sure all gone */
2661 + index = start;
2662 + continue;
2663 + }
2664 +- if ((index == start || unfalloc) && indices[0] >= end) {
2665 +- pagevec_remove_exceptionals(&pvec);
2666 +- pagevec_release(&pvec);
2667 +- break;
2668 +- }
2669 + mem_cgroup_uncharge_start();
2670 + for (i = 0; i < pagevec_count(&pvec); i++) {
2671 + struct page *page = pvec.pages[i];
2672 +@@ -495,8 +493,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2673 + if (radix_tree_exceptional_entry(page)) {
2674 + if (unfalloc)
2675 + continue;
2676 +- nr_swaps_freed += !shmem_free_swap(mapping,
2677 +- index, page);
2678 ++ if (shmem_free_swap(mapping, index, page)) {
2679 ++ /* Swap was replaced by page: retry */
2680 ++ index--;
2681 ++ break;
2682 ++ }
2683 ++ nr_swaps_freed++;
2684 + continue;
2685 + }
2686 +
2687 +@@ -505,6 +507,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2688 + if (page->mapping == mapping) {
2689 + VM_BUG_ON_PAGE(PageWriteback(page), page);
2690 + truncate_inode_page(mapping, page);
2691 ++ } else {
2692 ++ /* Page was replaced by swap: retry */
2693 ++ unlock_page(page);
2694 ++ index--;
2695 ++ break;
2696 + }
2697 + }
2698 + unlock_page(page);
2699 +@@ -759,6 +766,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
2700 spin_lock(&inode->i_lock);
2701 shmem_falloc = inode->i_private;
2702 if (shmem_falloc &&
2703 -+ !shmem_falloc->mode &&
2704 ++ !shmem_falloc->waitq &&
2705 index >= shmem_falloc->start &&
2706 index < shmem_falloc->next)
2707 shmem_falloc->nr_unswapped++;
2708 -@@ -1233,6 +1235,43 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
2709 +@@ -1233,6 +1241,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
2710 int error;
2711 int ret = VM_FAULT_LOCKED;
2712
2713 @@ -96018,71 +96031,98 @@ index a2801ba..b8651e6 100644
2714 + * Trinity finds that probing a hole which tmpfs is punching can
2715 + * prevent the hole-punch from ever completing: which in turn
2716 + * locks writers out with its hold on i_mutex. So refrain from
2717 -+ * faulting pages into the hole while it's being punched, and
2718 -+ * wait on i_mutex to be released if vmf->flags permits,
2719 ++ * faulting pages into the hole while it's being punched. Although
2720 ++ * shmem_undo_range() does remove the additions, it may be unable to
2721 ++ * keep up, as each new page needs its own unmap_mapping_range() call,
2722 ++ * and the i_mmap tree grows ever slower to scan if new vmas are added.
2723 ++ *
2724 ++ * It does not matter if we sometimes reach this check just before the
2725 ++ * hole-punch begins, so that one fault then races with the punch:
2726 ++ * we just need to make racing faults a rare case.
2727 ++ *
2728 ++ * The implementation below would be much simpler if we just used a
2729 ++ * standard mutex or completion: but we cannot take i_mutex in fault,
2730 ++ * and bloating every shmem inode for this unlikely case would be sad.
2731 + */
2732 + if (unlikely(inode->i_private)) {
2733 + struct shmem_falloc *shmem_falloc;
2734 ++
2735 + spin_lock(&inode->i_lock);
2736 + shmem_falloc = inode->i_private;
2737 -+ if (!shmem_falloc ||
2738 -+ shmem_falloc->mode != FALLOC_FL_PUNCH_HOLE ||
2739 -+ vmf->pgoff < shmem_falloc->start ||
2740 -+ vmf->pgoff >= shmem_falloc->next)
2741 -+ shmem_falloc = NULL;
2742 -+ spin_unlock(&inode->i_lock);
2743 -+ /*
2744 -+ * i_lock has protected us from taking shmem_falloc seriously
2745 -+ * once return from shmem_fallocate() went back up that stack.
2746 -+ * i_lock does not serialize with i_mutex at all, but it does
2747 -+ * not matter if sometimes we wait unnecessarily, or sometimes
2748 -+ * miss out on waiting: we just need to make those cases rare.
2749 -+ */
2750 -+ if (shmem_falloc) {
2751 ++ if (shmem_falloc &&
2752 ++ shmem_falloc->waitq &&
2753 ++ vmf->pgoff >= shmem_falloc->start &&
2754 ++ vmf->pgoff < shmem_falloc->next) {
2755 ++ wait_queue_head_t *shmem_falloc_waitq;
2756 ++ DEFINE_WAIT(shmem_fault_wait);
2757 ++
2758 ++ ret = VM_FAULT_NOPAGE;
2759 + if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
2760 + !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
2761 ++ /* It's polite to up mmap_sem if we can */
2762 + up_read(&vma->vm_mm->mmap_sem);
2763 -+ mutex_lock(&inode->i_mutex);
2764 -+ mutex_unlock(&inode->i_mutex);
2765 -+ return VM_FAULT_RETRY;
2766 ++ ret = VM_FAULT_RETRY;
2767 + }
2768 -+ /* cond_resched? Leave that to GUP or return to user */
2769 -+ return VM_FAULT_NOPAGE;
2770 ++
2771 ++ shmem_falloc_waitq = shmem_falloc->waitq;
2772 ++ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
2773 ++ TASK_UNINTERRUPTIBLE);
2774 ++ spin_unlock(&inode->i_lock);
2775 ++ schedule();
2776 ++
2777 ++ /*
2778 ++ * shmem_falloc_waitq points into the shmem_fallocate()
2779 ++ * stack of the hole-punching task: shmem_falloc_waitq
2780 ++ * is usually invalid by the time we reach here, but
2781 ++ * finish_wait() does not dereference it in that case;
2782 ++ * though i_lock needed lest racing with wake_up_all().
2783 ++ */
2784 ++ spin_lock(&inode->i_lock);
2785 ++ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
2786 ++ spin_unlock(&inode->i_lock);
2787 ++ return ret;
2788 + }
2789 ++ spin_unlock(&inode->i_lock);
2790 + }
2791 +
2792 error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
2793 if (error)
2794 return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
2795 -@@ -1733,18 +1772,26 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2796 -
2797 - mutex_lock(&inode->i_mutex);
2798 -
2799 -+ shmem_falloc.mode = mode & ~FALLOC_FL_KEEP_SIZE;
2800 -+
2801 - if (mode & FALLOC_FL_PUNCH_HOLE) {
2802 +@@ -1737,12 +1803,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2803 struct address_space *mapping = file->f_mapping;
2804 loff_t unmap_start = round_up(offset, PAGE_SIZE);
2805 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
2806 -
2807 ++ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
2808 ++
2809 ++ shmem_falloc.waitq = &shmem_falloc_waitq;
2810 + shmem_falloc.start = unmap_start >> PAGE_SHIFT;
2811 + shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
2812 + spin_lock(&inode->i_lock);
2813 + inode->i_private = &shmem_falloc;
2814 + spin_unlock(&inode->i_lock);
2815 -+
2816 +
2817 if ((u64)unmap_end > (u64)unmap_start)
2818 unmap_mapping_range(mapping, unmap_start,
2819 1 + unmap_end - unmap_start, 0);
2820 shmem_truncate_range(inode, offset, offset + len - 1);
2821 /* No need to unmap again: hole-punching leaves COWed pages */
2822 ++
2823 ++ spin_lock(&inode->i_lock);
2824 ++ inode->i_private = NULL;
2825 ++ wake_up_all(&shmem_falloc_waitq);
2826 ++ spin_unlock(&inode->i_lock);
2827 error = 0;
2828 -- goto out;
2829 -+ goto undone;
2830 + goto out;
2831 + }
2832 +@@ -1760,6 +1839,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2833 + goto out;
2834 }
2835
2836 - /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
2837 -@@ -2138,6 +2185,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
2838 ++ shmem_falloc.waitq = NULL;
2839 + shmem_falloc.start = start;
2840 + shmem_falloc.next = start;
2841 + shmem_falloc.nr_falloced = 0;
2842 +@@ -2138,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
2843 static int shmem_xattr_validate(const char *name)
2844 {
2845 struct { const char *prefix; size_t len; } arr[] = {
2846 @@ -96094,7 +96134,7 @@ index a2801ba..b8651e6 100644
2847 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
2848 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
2849 };
2850 -@@ -2193,6 +2245,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
2851 +@@ -2193,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
2852 if (err)
2853 return err;
2854
2855 @@ -96110,7 +96150,7 @@ index a2801ba..b8651e6 100644
2856 return simple_xattr_set(&info->xattrs, name, value, size, flags);
2857 }
2858
2859 -@@ -2505,8 +2566,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
2860 +@@ -2505,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
2861 int err = -ENOMEM;
2862
2863 /* Round up to L1_CACHE_BYTES to resist false sharing */
2864 @@ -99302,6 +99342,21 @@ index 5325b54..a0d4d69 100644
2865 return -EFAULT;
2866
2867 *lenp = len;
2868 +diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
2869 +index e7b6d53..f005cc7 100644
2870 +--- a/net/dns_resolver/dns_query.c
2871 ++++ b/net/dns_resolver/dns_query.c
2872 +@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
2873 + if (!*_result)
2874 + goto put;
2875 +
2876 +- memcpy(*_result, upayload->data, len + 1);
2877 ++ memcpy(*_result, upayload->data, len);
2878 ++ (*_result)[len] = '\0';
2879 ++
2880 + if (_expiry)
2881 + *_expiry = rkey->expiry;
2882 +
2883 diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c
2884 index ef2d543..5b9b73f 100644
2885 --- a/net/ieee802154/reassembly.c
2886 @@ -103055,6 +103110,18 @@ index e1543b0..7ce8bd0 100644
2887 linkwatch_fire_event(dev);
2888 }
2889 }
2890 +diff --git a/net/sctp/associola.c b/net/sctp/associola.c
2891 +index 0b99998..a6953b0 100644
2892 +--- a/net/sctp/associola.c
2893 ++++ b/net/sctp/associola.c
2894 +@@ -1151,6 +1151,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
2895 + asoc->c = new->c;
2896 + asoc->peer.rwnd = new->peer.rwnd;
2897 + asoc->peer.sack_needed = new->peer.sack_needed;
2898 ++ asoc->peer.auth_capable = new->peer.auth_capable;
2899 + asoc->peer.i = new->peer.i;
2900 + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
2901 + asoc->peer.i.initial_tsn, GFP_ATOMIC);
2902 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
2903 index 2b1738e..a9d0fc9 100644
2904 --- a/net/sctp/ipv6.c
2905 @@ -103285,6 +103352,26 @@ index c82fdc1..4ca1f95 100644
2906 return 0;
2907 }
2908
2909 +diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
2910 +index 85c6465..879f3cd 100644
2911 +--- a/net/sctp/ulpevent.c
2912 ++++ b/net/sctp/ulpevent.c
2913 +@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
2914 + * sre_type:
2915 + * It should be SCTP_REMOTE_ERROR.
2916 + */
2917 ++ memset(sre, 0, sizeof(*sre));
2918 + sre->sre_type = SCTP_REMOTE_ERROR;
2919 +
2920 + /*
2921 +@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
2922 + * For recvmsg() the SCTP stack places the message's stream number in
2923 + * this value.
2924 + */
2925 ++ memset(&sinfo, 0, sizeof(sinfo));
2926 + sinfo.sinfo_stream = event->stream;
2927 + /* sinfo_ssn: 16 bits (unsigned integer)
2928 + *
2929 diff --git a/net/socket.c b/net/socket.c
2930 index abf56b2..b8998bc 100644
2931 --- a/net/socket.c
2932
2933 diff --git a/3.15.5/4425_grsec_remove_EI_PAX.patch b/3.15.6/4425_grsec_remove_EI_PAX.patch
2934 similarity index 100%
2935 rename from 3.15.5/4425_grsec_remove_EI_PAX.patch
2936 rename to 3.15.6/4425_grsec_remove_EI_PAX.patch
2937
2938 diff --git a/3.15.5/4427_force_XATTR_PAX_tmpfs.patch b/3.15.6/4427_force_XATTR_PAX_tmpfs.patch
2939 similarity index 100%
2940 rename from 3.15.5/4427_force_XATTR_PAX_tmpfs.patch
2941 rename to 3.15.6/4427_force_XATTR_PAX_tmpfs.patch
2942
2943 diff --git a/3.15.5/4430_grsec-remove-localversion-grsec.patch b/3.15.6/4430_grsec-remove-localversion-grsec.patch
2944 similarity index 100%
2945 rename from 3.15.5/4430_grsec-remove-localversion-grsec.patch
2946 rename to 3.15.6/4430_grsec-remove-localversion-grsec.patch
2947
2948 diff --git a/3.15.5/4435_grsec-mute-warnings.patch b/3.15.6/4435_grsec-mute-warnings.patch
2949 similarity index 100%
2950 rename from 3.15.5/4435_grsec-mute-warnings.patch
2951 rename to 3.15.6/4435_grsec-mute-warnings.patch
2952
2953 diff --git a/3.15.5/4440_grsec-remove-protected-paths.patch b/3.15.6/4440_grsec-remove-protected-paths.patch
2954 similarity index 100%
2955 rename from 3.15.5/4440_grsec-remove-protected-paths.patch
2956 rename to 3.15.6/4440_grsec-remove-protected-paths.patch
2957
2958 diff --git a/3.15.5/4450_grsec-kconfig-default-gids.patch b/3.15.6/4450_grsec-kconfig-default-gids.patch
2959 similarity index 100%
2960 rename from 3.15.5/4450_grsec-kconfig-default-gids.patch
2961 rename to 3.15.6/4450_grsec-kconfig-default-gids.patch
2962
2963 diff --git a/3.15.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.6/4465_selinux-avc_audit-log-curr_ip.patch
2964 similarity index 100%
2965 rename from 3.15.5/4465_selinux-avc_audit-log-curr_ip.patch
2966 rename to 3.15.6/4465_selinux-avc_audit-log-curr_ip.patch
2967
2968 diff --git a/3.15.5/4470_disable-compat_vdso.patch b/3.15.6/4470_disable-compat_vdso.patch
2969 similarity index 100%
2970 rename from 3.15.5/4470_disable-compat_vdso.patch
2971 rename to 3.15.6/4470_disable-compat_vdso.patch
2972
2973 diff --git a/3.15.5/4475_emutramp_default_on.patch b/3.15.6/4475_emutramp_default_on.patch
2974 similarity index 100%
2975 rename from 3.15.5/4475_emutramp_default_on.patch
2976 rename to 3.15.6/4475_emutramp_default_on.patch
2977
2978 diff --git a/3.2.61/0000_README b/3.2.61/0000_README
2979 index c0718d5..be52f3a 100644
2980 --- a/3.2.61/0000_README
2981 +++ b/3.2.61/0000_README
2982 @@ -162,7 +162,7 @@ Patch: 1060_linux-3.2.61.patch
2983 From: http://www.kernel.org
2984 Desc: Linux 3.2.61
2985
2986 -Patch: 4420_grsecurity-3.0-3.2.61-201407170636.patch
2987 +Patch: 4420_grsecurity-3.0-3.2.61-201407232156.patch
2988 From: http://www.grsecurity.net
2989 Desc: hardened-sources base patch from upstream grsecurity
2990
2991
2992 diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch b/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch
2993 similarity index 99%
2994 rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch
2995 rename to 3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch
2996 index d53a91b..c484237 100644
2997 --- a/3.2.61/4420_grsecurity-3.0-3.2.61-201407170636.patch
2998 +++ b/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch
2999 @@ -11106,7 +11106,7 @@ index 7bcf3fc..560ff4c 100644
3000 + pax_force_retaddr
3001 ret
3002 diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
3003 -index fd84387..887aa7e 100644
3004 +index fd84387..887aa7ef 100644
3005 --- a/arch/x86/ia32/ia32_aout.c
3006 +++ b/arch/x86/ia32/ia32_aout.c
3007 @@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
3008 @@ -28843,7 +28843,7 @@ index a4cca06..9e00106 100644
3009 (unsigned long)(&__init_begin),
3010 (unsigned long)(&__init_end));
3011 diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
3012 -index 29f7c6d..5122941 100644
3013 +index 29f7c6d9..5122941 100644
3014 --- a/arch/x86/mm/init_32.c
3015 +++ b/arch/x86/mm/init_32.c
3016 @@ -74,36 +74,6 @@ static __init void *alloc_low_page(void)
3017 @@ -34913,7 +34913,7 @@ index da3cfee..a5a6606 100644
3018
3019 *ppos = i;
3020 diff --git a/drivers/char/random.c b/drivers/char/random.c
3021 -index c244f0e..8b3452f 100644
3022 +index c244f0e..59b5e6c 100644
3023 --- a/drivers/char/random.c
3024 +++ b/drivers/char/random.c
3025 @@ -255,10 +255,8 @@
3026 @@ -35363,6 +35363,8 @@ index c244f0e..8b3452f 100644
3027 retry:
3028 entropy_count = orig = ACCESS_ONCE(r->entropy_count);
3029 - entropy_count += nbits;
3030 +- if (entropy_count < 0) {
3031 +- DEBUG_ENT("negative entropy/overflow\n");
3032 + if (nfrac < 0) {
3033 + /* Debit */
3034 + entropy_count += nfrac;
3035 @@ -35402,8 +35404,7 @@ index c244f0e..8b3452f 100644
3036 + } while (unlikely(entropy_count < pool_size-2 && pnfrac));
3037 + }
3038 +
3039 - if (entropy_count < 0) {
3040 -- DEBUG_ENT("negative entropy/overflow\n");
3041 ++ if (unlikely(entropy_count < 0)) {
3042 + pr_warn("random: negative entropy/overflow: pool %s count %d\n",
3043 + r->name, entropy_count);
3044 + WARN_ON(1);
3045 @@ -35651,7 +35652,7 @@ index c244f0e..8b3452f 100644
3046 }
3047 #endif
3048
3049 -@@ -835,104 +915,131 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3050 +@@ -835,104 +915,141 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3051 * from the primary pool to the secondary extraction pool. We make
3052 * sure we pull enough for a 'catastrophic reseed'.
3053 */
3054 @@ -35746,7 +35747,7 @@ index c244f0e..8b3452f 100644
3055 {
3056 - unsigned long flags;
3057 + int entropy_count, orig;
3058 -+ size_t ibytes;
3059 ++ size_t ibytes, nfrac;
3060
3061 - /* Hold lock while accounting */
3062 - spin_lock_irqsave(&r->lock, flags);
3063 @@ -35781,18 +35782,27 @@ index c244f0e..8b3452f 100644
3064 - if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
3065 - goto retry;
3066 - }
3067 --
3068 -- if (entropy_count < random_write_wakeup_thresh) {
3069 -- wake_up_interruptible(&random_write_wait);
3070 -- kill_fasync(&fasync, SIGIO, POLL_OUT);
3071 -- }
3072 + if ((have_bytes -= reserved) < 0)
3073 + have_bytes = 0;
3074 + ibytes = min_t(size_t, ibytes, have_bytes);
3075 - }
3076 ++ }
3077 + if (ibytes < min)
3078 + ibytes = 0;
3079 -+ if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0)
3080 +
3081 +- if (entropy_count < random_write_wakeup_thresh) {
3082 +- wake_up_interruptible(&random_write_wait);
3083 +- kill_fasync(&fasync, SIGIO, POLL_OUT);
3084 +- }
3085 ++ if (unlikely(entropy_count < 0)) {
3086 ++ pr_warn("random: negative entropy count: pool %s count %d\n",
3087 ++ r->name, entropy_count);
3088 ++ WARN_ON(1);
3089 ++ entropy_count = 0;
3090 + }
3091 ++ nfrac = ibytes << (ENTROPY_SHIFT + 3);
3092 ++ if ((size_t) entropy_count > nfrac)
3093 ++ entropy_count -= nfrac;
3094 ++ else
3095 + entropy_count = 0;
3096
3097 - DEBUG_ENT("debiting %d entropy credits from %s%s\n",
3098 @@ -35847,7 +35857,7 @@ index c244f0e..8b3452f 100644
3099 spin_lock_irqsave(&r->lock, flags);
3100 for (i = 0; i < r->poolinfo->poolwords; i += 16)
3101 sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
3102 -@@ -966,27 +1073,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
3103 +@@ -966,27 +1083,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
3104 hash.w[1] ^= hash.w[4];
3105 hash.w[2] ^= rol32(hash.w[2], 16);
3106
3107 @@ -35902,7 +35912,7 @@ index c244f0e..8b3452f 100644
3108 xfer_secondary_pool(r, nbytes);
3109 nbytes = account(r, nbytes, min, reserved);
3110
3111 -@@ -994,8 +1117,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3112 +@@ -994,8 +1127,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3113 extract_buf(r, tmp);
3114
3115 if (fips_enabled) {
3116 @@ -35911,7 +35921,7 @@ index c244f0e..8b3452f 100644
3117 spin_lock_irqsave(&r->lock, flags);
3118 if (!memcmp(tmp, r->last_data, EXTRACT_SIZE))
3119 panic("Hardware RNG duplicated output!\n");
3120 -@@ -1015,12 +1136,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3121 +@@ -1015,12 +1146,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
3122 return ret;
3123 }
3124
3125 @@ -35929,7 +35939,7 @@ index c244f0e..8b3452f 100644
3126 xfer_secondary_pool(r, nbytes);
3127 nbytes = account(r, nbytes, 0, 0);
3128
3129 -@@ -1036,7 +1162,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
3130 +@@ -1036,7 +1172,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
3131
3132 extract_buf(r, tmp);
3133 i = min_t(int, nbytes, EXTRACT_SIZE);
3134 @@ -35938,7 +35948,7 @@ index c244f0e..8b3452f 100644
3135 ret = -EFAULT;
3136 break;
3137 }
3138 -@@ -1055,11 +1181,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
3139 +@@ -1055,11 +1191,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
3140 /*
3141 * This function is the exported kernel interface. It returns some
3142 * number of good random numbers, suitable for key generation, seeding
3143 @@ -35961,7 +35971,7 @@ index c244f0e..8b3452f 100644
3144 extract_entropy(&nonblocking_pool, buf, nbytes, 0, 0);
3145 }
3146 EXPORT_SYMBOL(get_random_bytes);
3147 -@@ -1078,6 +1213,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
3148 +@@ -1078,6 +1223,7 @@ void get_random_bytes_arch(void *buf, int nbytes)
3149 {
3150 char *p = buf;
3151
3152 @@ -35969,7 +35979,7 @@ index c244f0e..8b3452f 100644
3153 while (nbytes) {
3154 unsigned long v;
3155 int chunk = min(nbytes, (int)sizeof(unsigned long));
3156 -@@ -1111,12 +1247,11 @@ static void init_std_data(struct entropy_store *r)
3157 +@@ -1111,12 +1257,11 @@ static void init_std_data(struct entropy_store *r)
3158 ktime_t now = ktime_get_real();
3159 unsigned long rv;
3160
3161 @@ -35985,7 +35995,7 @@ index c244f0e..8b3452f 100644
3162 mix_pool_bytes(r, &rv, sizeof(rv), NULL);
3163 }
3164 mix_pool_bytes(r, utsname(), sizeof(*(utsname())), NULL);
3165 -@@ -1139,25 +1274,7 @@ static int rand_initialize(void)
3166 +@@ -1139,25 +1284,7 @@ static int rand_initialize(void)
3167 init_std_data(&nonblocking_pool);
3168 return 0;
3169 }
3170 @@ -36012,7 +36022,7 @@ index c244f0e..8b3452f 100644
3171
3172 #ifdef CONFIG_BLOCK
3173 void rand_initialize_disk(struct gendisk *disk)
3174 -@@ -1169,71 +1286,59 @@ void rand_initialize_disk(struct gendisk *disk)
3175 +@@ -1169,71 +1296,60 @@ void rand_initialize_disk(struct gendisk *disk)
3176 * source.
3177 */
3178 state = kzalloc(sizeof(struct timer_rand_state), GFP_KERNEL);
3179 @@ -36112,6 +36122,7 @@ index c244f0e..8b3452f 100644
3180 + "with %d bits of entropy available\n",
3181 + current->comm, nonblocking_pool.entropy_total);
3182 +
3183 ++ nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3));
3184 + ret = extract_entropy_user(&nonblocking_pool, buf, nbytes);
3185 +
3186 + trace_urandom_read(8 * nbytes, ENTROPY_BITS(&nonblocking_pool),
3187 @@ -36120,7 +36131,7 @@ index c244f0e..8b3452f 100644
3188 }
3189
3190 static unsigned int
3191 -@@ -1244,9 +1349,9 @@ random_poll(struct file *file, poll_table * wait)
3192 +@@ -1244,9 +1360,9 @@ random_poll(struct file *file, poll_table * wait)
3193 poll_wait(file, &random_read_wait, wait);
3194 poll_wait(file, &random_write_wait, wait);
3195 mask = 0;
3196 @@ -36132,7 +36143,7 @@ index c244f0e..8b3452f 100644
3197 mask |= POLLOUT | POLLWRNORM;
3198 return mask;
3199 }
3200 -@@ -1297,7 +1402,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3201 +@@ -1297,7 +1413,8 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3202 switch (cmd) {
3203 case RNDGETENTCNT:
3204 /* inherently racy, no point locking */
3205 @@ -36142,7 +36153,7 @@ index c244f0e..8b3452f 100644
3206 return -EFAULT;
3207 return 0;
3208 case RNDADDTOENTCNT:
3209 -@@ -1305,7 +1411,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3210 +@@ -1305,7 +1422,7 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3211 return -EPERM;
3212 if (get_user(ent_count, p))
3213 return -EFAULT;
3214 @@ -36151,7 +36162,7 @@ index c244f0e..8b3452f 100644
3215 return 0;
3216 case RNDADDENTROPY:
3217 if (!capable(CAP_SYS_ADMIN))
3218 -@@ -1320,14 +1426,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3219 +@@ -1320,14 +1437,19 @@ static long random_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
3220 size);
3221 if (retval < 0)
3222 return retval;
3223 @@ -36174,7 +36185,7 @@ index c244f0e..8b3452f 100644
3224 return 0;
3225 default:
3226 return -EINVAL;
3227 -@@ -1387,23 +1498,23 @@ EXPORT_SYMBOL(generate_random_uuid);
3228 +@@ -1387,23 +1509,23 @@ EXPORT_SYMBOL(generate_random_uuid);
3229 #include <linux/sysctl.h>
3230
3231 static int min_read_thresh = 8, min_write_thresh;
3232 @@ -36205,7 +36216,7 @@ index c244f0e..8b3452f 100644
3233 unsigned char buf[64], tmp_uuid[16], *uuid;
3234
3235 uuid = table->data;
3236 -@@ -1427,8 +1538,26 @@ static int proc_do_uuid(ctl_table *table, int write,
3237 +@@ -1427,8 +1549,26 @@ static int proc_do_uuid(ctl_table *table, int write,
3238 return proc_dostring(&fake_table, write, buffer, lenp, ppos);
3239 }
3240
3241 @@ -36233,7 +36244,7 @@ index c244f0e..8b3452f 100644
3242 {
3243 .procname = "poolsize",
3244 .data = &sysctl_poolsize,
3245 -@@ -1440,12 +1569,12 @@ ctl_table random_table[] = {
3246 +@@ -1440,12 +1580,12 @@ ctl_table random_table[] = {
3247 .procname = "entropy_avail",
3248 .maxlen = sizeof(int),
3249 .mode = 0444,
3250 @@ -36248,7 +36259,7 @@ index c244f0e..8b3452f 100644
3251 .maxlen = sizeof(int),
3252 .mode = 0644,
3253 .proc_handler = proc_dointvec_minmax,
3254 -@@ -1454,7 +1583,7 @@ ctl_table random_table[] = {
3255 +@@ -1454,7 +1594,7 @@ ctl_table random_table[] = {
3256 },
3257 {
3258 .procname = "write_wakeup_threshold",
3259 @@ -36257,7 +36268,7 @@ index c244f0e..8b3452f 100644
3260 .maxlen = sizeof(int),
3261 .mode = 0644,
3262 .proc_handler = proc_dointvec_minmax,
3263 -@@ -1462,6 +1591,13 @@ ctl_table random_table[] = {
3264 +@@ -1462,6 +1602,13 @@ ctl_table random_table[] = {
3265 .extra2 = &max_write_thresh,
3266 },
3267 {
3268 @@ -36271,7 +36282,7 @@ index c244f0e..8b3452f 100644
3269 .procname = "boot_id",
3270 .data = &sysctl_bootid,
3271 .maxlen = 16,
3272 -@@ -1492,7 +1628,7 @@ int random_int_secret_init(void)
3273 +@@ -1492,7 +1639,7 @@ int random_int_secret_init(void)
3274 * value is not cryptographically secure but for several uses the cost of
3275 * depleting entropy is too high
3276 */
3277 @@ -36280,7 +36291,7 @@ index c244f0e..8b3452f 100644
3278 unsigned int get_random_int(void)
3279 {
3280 __u32 *hash;
3281 -@@ -1510,6 +1646,7 @@ unsigned int get_random_int(void)
3282 +@@ -1510,6 +1657,7 @@ unsigned int get_random_int(void)
3283
3284 return ret;
3285 }
3286 @@ -44899,6 +44910,24 @@ index 5920c99..ff2e4a5 100644
3287 };
3288
3289 static void
3290 +diff --git a/drivers/net/wan/x25_asy.c b/drivers/net/wan/x25_asy.c
3291 +index 8a10bb7..7560422 100644
3292 +--- a/drivers/net/wan/x25_asy.c
3293 ++++ b/drivers/net/wan/x25_asy.c
3294 +@@ -123,8 +123,12 @@ static int x25_asy_change_mtu(struct net_device *dev, int newmtu)
3295 + {
3296 + struct x25_asy *sl = netdev_priv(dev);
3297 + unsigned char *xbuff, *rbuff;
3298 +- int len = 2 * newmtu;
3299 ++ int len;
3300 +
3301 ++ if (newmtu > 65534)
3302 ++ return -EINVAL;
3303 ++
3304 ++ len = 2 * newmtu;
3305 + xbuff = kmalloc(len + 4, GFP_ATOMIC);
3306 + rbuff = kmalloc(len + 4, GFP_ATOMIC);
3307 +
3308 diff --git a/drivers/net/wan/z85230.c b/drivers/net/wan/z85230.c
3309 index 0e57690..ad698bb 100644
3310 --- a/drivers/net/wan/z85230.c
3311 @@ -100930,6 +100959,21 @@ index d50a13c..1f612ff 100644
3312 return -EFAULT;
3313
3314 *lenp = len;
3315 +diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
3316 +index c32be29..2022b46 100644
3317 +--- a/net/dns_resolver/dns_query.c
3318 ++++ b/net/dns_resolver/dns_query.c
3319 +@@ -150,7 +150,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
3320 + if (!*_result)
3321 + goto put;
3322 +
3323 +- memcpy(*_result, upayload->data, len + 1);
3324 ++ memcpy(*_result, upayload->data, len);
3325 ++ (*_result)[len] = '\0';
3326 ++
3327 + if (_expiry)
3328 + *_expiry = rkey->expiry;
3329 +
3330 diff --git a/net/econet/Kconfig b/net/econet/Kconfig
3331 index 39a2d29..f39c0fe 100644
3332 --- a/net/econet/Kconfig
3333 @@ -105043,6 +105087,18 @@ index 7635107..4670276 100644
3334 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
3335
3336 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
3337 +diff --git a/net/sctp/associola.c b/net/sctp/associola.c
3338 +index 25b207b..da54d29 100644
3339 +--- a/net/sctp/associola.c
3340 ++++ b/net/sctp/associola.c
3341 +@@ -1188,6 +1188,7 @@ void sctp_assoc_update(struct sctp_association *asoc,
3342 + asoc->c = new->c;
3343 + asoc->peer.rwnd = new->peer.rwnd;
3344 + asoc->peer.sack_needed = new->peer.sack_needed;
3345 ++ asoc->peer.auth_capable = new->peer.auth_capable;
3346 + asoc->peer.i = new->peer.i;
3347 + sctp_tsnmap_init(&asoc->peer.tsn_map, SCTP_TSN_MAP_INITIAL,
3348 + asoc->peer.i.initial_tsn, GFP_ATOMIC);
3349 diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
3350 index 0b6a391..febcef2 100644
3351 --- a/net/sctp/ipv6.c
3352 @@ -105301,6 +105357,26 @@ index 8da4481..d02565e 100644
3353 tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha)
3354 + (rtt >> sctp_rto_alpha);
3355 } else {
3356 +diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
3357 +index 8a84017..d4faa70 100644
3358 +--- a/net/sctp/ulpevent.c
3359 ++++ b/net/sctp/ulpevent.c
3360 +@@ -418,6 +418,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
3361 + * sre_type:
3362 + * It should be SCTP_REMOTE_ERROR.
3363 + */
3364 ++ memset(sre, 0, sizeof(*sre));
3365 + sre->sre_type = SCTP_REMOTE_ERROR;
3366 +
3367 + /*
3368 +@@ -921,6 +922,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
3369 + * For recvmsg() the SCTP stack places the message's stream number in
3370 + * this value.
3371 + */
3372 ++ memset(&sinfo, 0, sizeof(sinfo));
3373 + sinfo.sinfo_stream = event->stream;
3374 + /* sinfo_ssn: 16 bits (unsigned integer)
3375 + *
3376 diff --git a/net/socket.c b/net/socket.c
3377 index 3faa358..3d43f20 100644
3378 --- a/net/socket.c
Report Message
Find on MARC Find on Google Groups