Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.54/, 3.12.8/
Date: Tue, 21 Jan 2014 21:33:22
Message-Id: 1390339974.460567bd4695d06140d31ffc74dbe78ab9e5b519.blueness@gentoo
1 commit: 460567bd4695d06140d31ffc74dbe78ab9e5b519
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Tue Jan 21 21:32:54 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue Jan 21 21:32:54 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=460567bd
7
8 Grsec/PaX: 3.0-{3.2.54,3.12.8}-201401191015
9
10 ---
11 3.12.8/0000_README | 2 +-
12 ... 4420_grsecurity-3.0-3.12.8-201401191015.patch} | 1113 +++++++++++++++++---
13 3.2.54/0000_README | 2 +-
14 ... 4420_grsecurity-3.0-3.2.54-201401191012.patch} | 517 ++++++---
15 4 files changed, 1344 insertions(+), 290 deletions(-)
16
17 diff --git a/3.12.8/0000_README b/3.12.8/0000_README
18 index 9b6bc77..ba454f4 100644
19 --- a/3.12.8/0000_README
20 +++ b/3.12.8/0000_README
21 @@ -2,7 +2,7 @@ README
22 -----------------------------------------------------------------------------
23 Individual Patch Descriptions:
24 -----------------------------------------------------------------------------
25 -Patch: 4420_grsecurity-3.0-3.12.8-201401160931.patch
26 +Patch: 4420_grsecurity-3.0-3.12.8-201401191015.patch
27 From: http://www.grsecurity.net
28 Desc: hardened-sources base patch from upstream grsecurity
29
30
31 diff --git a/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch b/3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch
32 similarity index 99%
33 rename from 3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch
34 rename to 3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch
35 index 7bb3c7f..07d9c25 100644
36 --- a/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch
37 +++ b/3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch
38 @@ -4580,6 +4580,24 @@ index b1d17ee..7a6f4d3 100644
39 create_mapping(&map);
40 }
41 }
42 +diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
43 +index 99b44e0..8c9106f 100644
44 +--- a/arch/arm/net/bpf_jit_32.c
45 ++++ b/arch/arm/net/bpf_jit_32.c
46 +@@ -637,10 +637,10 @@ load_ind:
47 + emit(ARM_MUL(r_A, r_A, r_X), ctx);
48 + break;
49 + case BPF_S_ALU_DIV_K:
50 +- /* current k == reciprocal_value(userspace k) */
51 ++ if (k == 1)
52 ++ break;
53 + emit_mov_i(r_scratch, k, ctx);
54 +- /* A = top 32 bits of the product */
55 +- emit(ARM_UMULL(r_scratch, r_A, r_A, r_scratch), ctx);
56 ++ emit_udiv(r_A, r_A, r_scratch, ctx);
57 + break;
58 + case BPF_S_ALU_DIV_X:
59 + update_on_xread(ctx);
60 diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
61 index a5bc92d..0bb4730 100644
62 --- a/arch/arm/plat-omap/sram.c
63 @@ -8478,6 +8496,25 @@ index 7ce9cf3..a964087 100644
64 /* If hint, make sure it matches our alignment restrictions */
65 if (!fixed && addr) {
66 addr = _ALIGN_UP(addr, 1ul << pshift);
67 +diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c
68 +index 2345bdb..ebbb2f1 100644
69 +--- a/arch/powerpc/net/bpf_jit_comp.c
70 ++++ b/arch/powerpc/net/bpf_jit_comp.c
71 +@@ -209,10 +209,11 @@ static int bpf_jit_build_body(struct sk_filter *fp, u32 *image,
72 + }
73 + PPC_DIVWU(r_A, r_A, r_X);
74 + break;
75 +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
76 ++ case BPF_S_ALU_DIV_K: /* A /= K */
77 ++ if (K == 1)
78 ++ break;
79 + PPC_LI32(r_scratch1, K);
80 +- /* Top 32 bits of 64bit result -> A */
81 +- PPC_MULHWU(r_A, r_A, r_scratch1);
82 ++ PPC_DIVWU(r_A, r_A, r_scratch1);
83 + break;
84 + case BPF_S_ALU_AND_X:
85 + ctx->seen |= SEEN_XREG;
86 diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
87 index 9098692..3d54cd1 100644
88 --- a/arch/powerpc/platforms/cell/spufs/file.c
89 @@ -8783,6 +8820,41 @@ index 4002329..99b67cb 100644
90 mm->get_unmapped_area = s390_get_unmapped_area_topdown;
91 }
92 }
93 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
94 +index a5df511..06f5acc 100644
95 +--- a/arch/s390/net/bpf_jit_comp.c
96 ++++ b/arch/s390/net/bpf_jit_comp.c
97 +@@ -371,11 +371,13 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
98 + /* dr %r4,%r12 */
99 + EMIT2(0x1d4c);
100 + break;
101 +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K) */
102 +- /* m %r4,<d(K)>(%r13) */
103 +- EMIT4_DISP(0x5c40d000, EMIT_CONST(K));
104 +- /* lr %r5,%r4 */
105 +- EMIT2(0x1854);
106 ++ case BPF_S_ALU_DIV_K: /* A /= K */
107 ++ if (K == 1)
108 ++ break;
109 ++ /* lhi %r4,0 */
110 ++ EMIT4(0xa7480000);
111 ++ /* d %r4,<d(K)>(%r13) */
112 ++ EMIT4_DISP(0x5d40d000, EMIT_CONST(K));
113 + break;
114 + case BPF_S_ALU_MOD_X: /* A %= X */
115 + jit->seen |= SEEN_XREG | SEEN_RET0;
116 +@@ -391,6 +393,11 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter,
117 + EMIT2(0x1854);
118 + break;
119 + case BPF_S_ALU_MOD_K: /* A %= K */
120 ++ if (K == 1) {
121 ++ /* lhi %r5,0 */
122 ++ EMIT4(0xa7580000);
123 ++ break;
124 ++ }
125 + /* lhi %r4,0 */
126 + EMIT4(0xa7480000);
127 + /* d %r4,<d(K)>(%r13) */
128 diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h
129 index ae3d59f..f65f075 100644
130 --- a/arch/score/include/asm/cache.h
131 @@ -11406,6 +11478,34 @@ index ed82eda..0d80e77 100644
132 #endif /* CONFIG_SMP */
133 #endif /* CONFIG_DEBUG_DCFLUSH */
134 }
135 +diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c
136 +index 218b6b2..01fe994 100644
137 +--- a/arch/sparc/net/bpf_jit_comp.c
138 ++++ b/arch/sparc/net/bpf_jit_comp.c
139 +@@ -497,9 +497,20 @@ void bpf_jit_compile(struct sk_filter *fp)
140 + case BPF_S_ALU_MUL_K: /* A *= K */
141 + emit_alu_K(MUL, K);
142 + break;
143 +- case BPF_S_ALU_DIV_K: /* A /= K */
144 +- emit_alu_K(MUL, K);
145 +- emit_read_y(r_A);
146 ++ case BPF_S_ALU_DIV_K: /* A /= K with K != 0*/
147 ++ if (K == 1)
148 ++ break;
149 ++ emit_write_y(G0);
150 ++#ifdef CONFIG_SPARC32
151 ++ /* The Sparc v8 architecture requires
152 ++ * three instructions between a %y
153 ++ * register write and the first use.
154 ++ */
155 ++ emit_nop();
156 ++ emit_nop();
157 ++ emit_nop();
158 ++#endif
159 ++ emit_alu_K(DIV, K);
160 + break;
161 + case BPF_S_ALU_DIV_X: /* A /= X; */
162 + emit_cmpi(r_X, 0);
163 diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
164 index d45a2c4..3c05a78 100644
165 --- a/arch/tile/Kconfig
166 @@ -32910,7 +33010,7 @@ index 877b9a1..a8ecf42 100644
167 + pax_force_retaddr
168 ret
169 diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
170 -index 26328e8..5f96c25 100644
171 +index 26328e8..8dfe0d5 100644
172 --- a/arch/x86/net/bpf_jit_comp.c
173 +++ b/arch/x86/net/bpf_jit_comp.c
174 @@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len)
175 @@ -33140,9 +33240,14 @@ index 26328e8..5f96c25 100644
176 break;
177 case BPF_S_ALU_DIV_X: /* A /= X; */
178 seen |= SEEN_XREG;
179 -@@ -360,13 +457,23 @@ void bpf_jit_compile(struct sk_filter *fp)
180 +@@ -359,15 +456,29 @@ void bpf_jit_compile(struct sk_filter *fp)
181 + EMIT2(0x89, 0xd0); /* mov %edx,%eax */
182 break;
183 case BPF_S_ALU_MOD_K: /* A %= K; */
184 ++ if (K == 1) {
185 ++ CLEAR_A();
186 ++ break;
187 ++ }
188 EMIT2(0x31, 0xd2); /* xor %edx,%edx */
189 +#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
190 + DILUTE_CONST_SEQUENCE(K, randkey);
191 @@ -33152,19 +33257,24 @@ index 26328e8..5f96c25 100644
192 EMIT2(0xf7, 0xf1); /* div %ecx */
193 EMIT2(0x89, 0xd0); /* mov %edx,%eax */
194 break;
195 - case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
196 +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */
197 +- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */
198 +- EMIT(K, 4);
199 +- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
200 ++ case BPF_S_ALU_DIV_K: /* A /= K */
201 ++ if (K == 1)
202 ++ break;
203 ++ EMIT2(0x31, 0xd2); /* xor %edx,%edx */
204 +#ifdef CONFIG_GRKERNSEC_JIT_HARDEN
205 + DILUTE_CONST_SEQUENCE(K, randkey);
206 -+ // imul rax, rcx
207 -+ EMIT4(0x48, 0x0f, 0xaf, 0xc1);
208 +#else
209 - EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */
210 - EMIT(K, 4);
211 ++ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */
212 +#endif
213 - EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */
214 ++ EMIT2(0xf7, 0xf1); /* div %ecx */
215 break;
216 case BPF_S_ALU_AND_X:
217 -@@ -637,8 +744,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
218 + seen |= SEEN_XREG;
219 +@@ -637,8 +748,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG;
220 if (is_imm8(K)) {
221 EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */
222 } else {
223 @@ -33174,7 +33284,7 @@ index 26328e8..5f96c25 100644
224 }
225 } else {
226 EMIT2(0x89,0xde); /* mov %ebx,%esi */
227 -@@ -728,10 +834,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
228 +@@ -728,10 +838,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
229 if (unlikely(proglen + ilen > oldproglen)) {
230 pr_err("bpb_jit_compile fatal error\n");
231 kfree(addrs);
232 @@ -33188,7 +33298,7 @@ index 26328e8..5f96c25 100644
233 }
234 proglen += ilen;
235 addrs[i] = proglen;
236 -@@ -764,7 +872,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
237 +@@ -764,7 +876,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
238
239 if (image) {
240 bpf_flush_icache(header, image + proglen);
241 @@ -33196,7 +33306,7 @@ index 26328e8..5f96c25 100644
242 fp->bpf_func = (void *)image;
243 }
244 out:
245 -@@ -776,10 +883,9 @@ static void bpf_jit_free_deferred(struct work_struct *work)
246 +@@ -776,10 +887,9 @@ static void bpf_jit_free_deferred(struct work_struct *work)
247 {
248 struct sk_filter *fp = container_of(work, struct sk_filter, work);
249 unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK;
250 @@ -37564,7 +37674,7 @@ index d39cca6..8c1e269 100644
251
252 if (cmd != SIOCWANDEV)
253 diff --git a/drivers/char/random.c b/drivers/char/random.c
254 -index 7a744d3..35a177ee 100644
255 +index 7a744d3..895af8f 100644
256 --- a/drivers/char/random.c
257 +++ b/drivers/char/random.c
258 @@ -269,8 +269,13 @@
259 @@ -37610,7 +37720,20 @@ index 7a744d3..35a177ee 100644
260 smp_wmb();
261
262 if (out)
263 -@@ -1029,7 +1041,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
264 +@@ -603,8 +615,11 @@ retry:
265 +
266 + if (!r->initialized && nbits > 0) {
267 + r->entropy_total += nbits;
268 +- if (r->entropy_total > 128)
269 ++ if (r->entropy_total > 128) {
270 + r->initialized = 1;
271 ++ if (r == &nonblocking_pool)
272 ++ prandom_reseed_late();
273 ++ }
274 + }
275 +
276 + trace_credit_entropy_bits(r->name, nbits, entropy_count,
277 +@@ -1029,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
278
279 extract_buf(r, tmp);
280 i = min_t(int, nbytes, EXTRACT_SIZE);
281 @@ -37619,7 +37742,7 @@ index 7a744d3..35a177ee 100644
282 ret = -EFAULT;
283 break;
284 }
285 -@@ -1365,7 +1377,7 @@ EXPORT_SYMBOL(generate_random_uuid);
286 +@@ -1365,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid);
287 #include <linux/sysctl.h>
288
289 static int min_read_thresh = 8, min_write_thresh;
290 @@ -37628,7 +37751,7 @@ index 7a744d3..35a177ee 100644
291 static int max_write_thresh = INPUT_POOL_WORDS * 32;
292 static char sysctl_bootid[16];
293
294 -@@ -1381,7 +1393,7 @@ static char sysctl_bootid[16];
295 +@@ -1381,7 +1396,7 @@ static char sysctl_bootid[16];
296 static int proc_do_uuid(struct ctl_table *table, int write,
297 void __user *buffer, size_t *lenp, loff_t *ppos)
298 {
299 @@ -42599,9 +42722,27 @@ index aacf6bf..67d63f2 100644
300 "md/raid1:%s: read error corrected "
301 "(%d sectors at %llu on %s)\n",
302 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
303 -index 73dc8a3..bdd515a 100644
304 +index 73dc8a3..859d581f6 100644
305 --- a/drivers/md/raid10.c
306 +++ b/drivers/md/raid10.c
307 +@@ -1319,7 +1319,7 @@ read_again:
308 + /* Could not read all from this device, so we will
309 + * need another r10_bio.
310 + */
311 +- sectors_handled = (r10_bio->sectors + max_sectors
312 ++ sectors_handled = (r10_bio->sector + max_sectors
313 + - bio->bi_sector);
314 + r10_bio->sectors = max_sectors;
315 + spin_lock_irq(&conf->device_lock);
316 +@@ -1327,7 +1327,7 @@ read_again:
317 + bio->bi_phys_segments = 2;
318 + else
319 + bio->bi_phys_segments++;
320 +- spin_unlock(&conf->device_lock);
321 ++ spin_unlock_irq(&conf->device_lock);
322 + /* Cannot call generic_make_request directly
323 + * as that will be queued in __generic_make_request
324 + * and subsequent mempool_alloc might block
325 @@ -1963,7 +1963,7 @@ static void end_sync_read(struct bio *bio, int error)
326 /* The write handler will notice the lack of
327 * R10BIO_Uptodate and record any errors etc
328 @@ -42661,8 +42802,30 @@ index 73dc8a3..bdd515a 100644
329 }
330
331 rdev_dec_pending(rdev, mddev);
332 +@@ -3220,10 +3220,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
333 + if (j == conf->copies) {
334 + /* Cannot recover, so abort the recovery or
335 + * record a bad block */
336 +- put_buf(r10_bio);
337 +- if (rb2)
338 +- atomic_dec(&rb2->remaining);
339 +- r10_bio = rb2;
340 + if (any_working) {
341 + /* problem is that there are bad blocks
342 + * on other device(s)
343 +@@ -3255,6 +3251,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
344 + mirror->recovery_disabled
345 + = mddev->recovery_disabled;
346 + }
347 ++ put_buf(r10_bio);
348 ++ if (rb2)
349 ++ atomic_dec(&rb2->remaining);
350 ++ r10_bio = rb2;
351 + break;
352 + }
353 + }
354 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
355 -index 8a0665d..984c46d 100644
356 +index 8a0665d..b322118 100644
357 --- a/drivers/md/raid5.c
358 +++ b/drivers/md/raid5.c
359 @@ -1887,21 +1887,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
360 @@ -42700,6 +42863,24 @@ index 8a0665d..984c46d 100644
361 > conf->max_nr_stripes)
362 printk(KERN_WARNING
363 "md/raid:%s: Too many read errors, failing device %s.\n",
364 +@@ -3502,7 +3502,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s)
365 + */
366 + set_bit(R5_Insync, &dev->flags);
367 +
368 +- if (rdev && test_bit(R5_WriteError, &dev->flags)) {
369 ++ if (test_bit(R5_WriteError, &dev->flags)) {
370 + /* This flag does not apply to '.replacement'
371 + * only to .rdev, so make sure to check that*/
372 + struct md_rdev *rdev2 = rcu_dereference(
373 +@@ -3515,7 +3515,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s)
374 + } else
375 + clear_bit(R5_WriteError, &dev->flags);
376 + }
377 +- if (rdev && test_bit(R5_MadeGood, &dev->flags)) {
378 ++ if (test_bit(R5_MadeGood, &dev->flags)) {
379 + /* This flag does not apply to '.replacement'
380 + * only to .rdev, so make sure to check that*/
381 + struct md_rdev *rdev2 = rcu_dereference(
382 diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c
383 index 401ef64..836e563 100644
384 --- a/drivers/media/dvb-core/dvbdev.c
385 @@ -53511,7 +53692,7 @@ index 89dec7f..361b0d75 100644
386 fd_offset + ex.a_text);
387 if (error != N_DATADDR(ex)) {
388 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
389 -index 4c94a79..2610454 100644
390 +index 4c94a79..9d5fb56 100644
391 --- a/fs/binfmt_elf.c
392 +++ b/fs/binfmt_elf.c
393 @@ -34,6 +34,7 @@
394 @@ -53680,7 +53861,7 @@ index 4c94a79..2610454 100644
395 }
396
397 error = load_addr;
398 -@@ -538,6 +569,315 @@ out:
399 +@@ -538,6 +569,336 @@ out:
400 return error;
401 }
402
403 @@ -53821,12 +54002,48 @@ index 4c94a79..2610454 100644
404 +#endif
405 +
406 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
407 -+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
408 ++static unsigned long pax_parse_defaults(void)
409 +{
410 + unsigned long pax_flags = 0UL;
411 +
412 ++#ifdef CONFIG_PAX_SOFTMODE
413 ++ if (pax_softmode)
414 ++ return pax_flags;
415 ++#endif
416 ++
417 ++#ifdef CONFIG_PAX_PAGEEXEC
418 ++ pax_flags |= MF_PAX_PAGEEXEC;
419 ++#endif
420 ++
421 ++#ifdef CONFIG_PAX_SEGMEXEC
422 ++ pax_flags |= MF_PAX_SEGMEXEC;
423 ++#endif
424 ++
425 ++#ifdef CONFIG_PAX_MPROTECT
426 ++ pax_flags |= MF_PAX_MPROTECT;
427 ++#endif
428 ++
429 ++#ifdef CONFIG_PAX_RANDMMAP
430 ++ if (randomize_va_space)
431 ++ pax_flags |= MF_PAX_RANDMMAP;
432 ++#endif
433 ++
434 ++ return pax_flags;
435 ++}
436 ++
437 ++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
438 ++{
439 ++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK;
440 ++
441 +#ifdef CONFIG_PAX_EI_PAX
442 +
443 ++#ifdef CONFIG_PAX_SOFTMODE
444 ++ if (pax_softmode)
445 ++ return pax_flags;
446 ++#endif
447 ++
448 ++ pax_flags = 0UL;
449 ++
450 +#ifdef CONFIG_PAX_PAGEEXEC
451 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
452 + pax_flags |= MF_PAX_PAGEEXEC;
453 @@ -53852,28 +54069,10 @@ index 4c94a79..2610454 100644
454 + pax_flags |= MF_PAX_RANDMMAP;
455 +#endif
456 +
457 -+#else
458 -+
459 -+#ifdef CONFIG_PAX_PAGEEXEC
460 -+ pax_flags |= MF_PAX_PAGEEXEC;
461 -+#endif
462 -+
463 -+#ifdef CONFIG_PAX_SEGMEXEC
464 -+ pax_flags |= MF_PAX_SEGMEXEC;
465 -+#endif
466 -+
467 -+#ifdef CONFIG_PAX_MPROTECT
468 -+ pax_flags |= MF_PAX_MPROTECT;
469 -+#endif
470 -+
471 -+#ifdef CONFIG_PAX_RANDMMAP
472 -+ if (randomize_va_space)
473 -+ pax_flags |= MF_PAX_RANDMMAP;
474 -+#endif
475 -+
476 +#endif
477 +
478 + return pax_flags;
479 ++
480 +}
481 +
482 +static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
483 @@ -53889,7 +54088,7 @@ index 4c94a79..2610454 100644
484 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
485 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
486 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
487 -+ return ~0UL;
488 ++ return PAX_PARSE_FLAGS_FALLBACK;
489 +
490 +#ifdef CONFIG_PAX_SOFTMODE
491 + if (pax_softmode)
492 @@ -53902,7 +54101,7 @@ index 4c94a79..2610454 100644
493 + }
494 +#endif
495 +
496 -+ return ~0UL;
497 ++ return PAX_PARSE_FLAGS_FALLBACK;
498 +}
499 +
500 +static unsigned long pax_parse_xattr_pax(struct file * const file)
501 @@ -53914,23 +54113,23 @@ index 4c94a79..2610454 100644
502 + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
503 +
504 + xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
505 -+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value)
506 -+ return ~0UL;
507 ++ if (xattr_size < 0 || xattr_size > sizeof xattr_value)
508 ++ return PAX_PARSE_FLAGS_FALLBACK;
509 +
510 + for (i = 0; i < xattr_size; i++)
511 + switch (xattr_value[i]) {
512 + default:
513 -+ return ~0UL;
514 ++ return PAX_PARSE_FLAGS_FALLBACK;
515 +
516 +#define parse_flag(option1, option2, flag) \
517 + case option1: \
518 + if (pax_flags_hardmode & MF_PAX_##flag) \
519 -+ return ~0UL; \
520 ++ return PAX_PARSE_FLAGS_FALLBACK;\
521 + pax_flags_hardmode |= MF_PAX_##flag; \
522 + break; \
523 + case option2: \
524 + if (pax_flags_softmode & MF_PAX_##flag) \
525 -+ return ~0UL; \
526 ++ return PAX_PARSE_FLAGS_FALLBACK;\
527 + pax_flags_softmode |= MF_PAX_##flag; \
528 + break;
529 +
530 @@ -53944,7 +54143,7 @@ index 4c94a79..2610454 100644
531 + }
532 +
533 + if (pax_flags_hardmode & pax_flags_softmode)
534 -+ return ~0UL;
535 ++ return PAX_PARSE_FLAGS_FALLBACK;
536 +
537 +#ifdef CONFIG_PAX_SOFTMODE
538 + if (pax_softmode)
539 @@ -53954,27 +54153,30 @@ index 4c94a79..2610454 100644
540 +
541 + return pax_parse_xattr_pax_hardmode(pax_flags_hardmode);
542 +#else
543 -+ return ~0UL;
544 ++ return PAX_PARSE_FLAGS_FALLBACK;
545 +#endif
546 +
547 +}
548 +
549 +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file)
550 +{
551 -+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags;
552 ++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags;
553 +
554 -+ pax_flags = pax_parse_ei_pax(elf_ex);
555 ++ pax_flags = pax_parse_defaults();
556 ++ ei_pax_flags = pax_parse_ei_pax(elf_ex);
557 + pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata);
558 + xattr_pax_flags = pax_parse_xattr_pax(file);
559 +
560 -+ if (pt_pax_flags == ~0UL)
561 -+ pt_pax_flags = xattr_pax_flags;
562 -+ else if (xattr_pax_flags == ~0UL)
563 -+ xattr_pax_flags = pt_pax_flags;
564 -+ if (pt_pax_flags != xattr_pax_flags)
565 ++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
566 ++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
567 ++ pt_pax_flags != xattr_pax_flags)
568 + return -EINVAL;
569 -+ if (pt_pax_flags != ~0UL)
570 ++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
571 ++ pax_flags = xattr_pax_flags;
572 ++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
573 + pax_flags = pt_pax_flags;
574 ++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
575 ++ pax_flags = ei_pax_flags;
576 +
577 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
578 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
579 @@ -53996,7 +54198,7 @@ index 4c94a79..2610454 100644
580 /*
581 * These are the functions used to load ELF style executables and shared
582 * libraries. There is no binary dependent code anywhere else.
583 -@@ -554,6 +894,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
584 +@@ -554,6 +915,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
585 {
586 unsigned int random_variable = 0;
587
588 @@ -54008,7 +54210,7 @@ index 4c94a79..2610454 100644
589 if ((current->flags & PF_RANDOMIZE) &&
590 !(current->personality & ADDR_NO_RANDOMIZE)) {
591 random_variable = get_random_int() & STACK_RND_MASK;
592 -@@ -572,7 +917,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
593 +@@ -572,7 +938,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
594 unsigned long load_addr = 0, load_bias = 0;
595 int load_addr_set = 0;
596 char * elf_interpreter = NULL;
597 @@ -54017,7 +54219,7 @@ index 4c94a79..2610454 100644
598 struct elf_phdr *elf_ppnt, *elf_phdata;
599 unsigned long elf_bss, elf_brk;
600 int retval, i;
601 -@@ -582,12 +927,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
602 +@@ -582,12 +948,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
603 unsigned long start_code, end_code, start_data, end_data;
604 unsigned long reloc_func_desc __maybe_unused = 0;
605 int executable_stack = EXSTACK_DEFAULT;
606 @@ -54031,7 +54233,7 @@ index 4c94a79..2610454 100644
607
608 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
609 if (!loc) {
610 -@@ -723,11 +1068,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
611 +@@ -723,11 +1089,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
612 goto out_free_dentry;
613
614 /* OK, This is the point of no return */
615 @@ -54115,7 +54317,7 @@ index 4c94a79..2610454 100644
616 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
617 current->personality |= READ_IMPLIES_EXEC;
618
619 -@@ -817,6 +1233,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
620 +@@ -817,6 +1254,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
621 #else
622 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
623 #endif
624 @@ -54136,7 +54338,7 @@ index 4c94a79..2610454 100644
625 }
626
627 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
628 -@@ -849,9 +1279,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
629 +@@ -849,9 +1300,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
630 * allowed task size. Note that p_filesz must always be
631 * <= p_memsz so it is only necessary to check p_memsz.
632 */
633 @@ -54149,7 +54351,7 @@ index 4c94a79..2610454 100644
634 /* set_brk can never work. Avoid overflows. */
635 send_sig(SIGKILL, current, 0);
636 retval = -EINVAL;
637 -@@ -890,17 +1320,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
638 +@@ -890,17 +1341,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
639 goto out_free_dentry;
640 }
641 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
642 @@ -54201,7 +54403,7 @@ index 4c94a79..2610454 100644
643 load_bias);
644 if (!IS_ERR((void *)elf_entry)) {
645 /*
646 -@@ -1122,7 +1580,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
647 +@@ -1122,7 +1601,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
648 * Decide what to dump of a segment, part, all or none.
649 */
650 static unsigned long vma_dump_size(struct vm_area_struct *vma,
651 @@ -54210,7 +54412,7 @@ index 4c94a79..2610454 100644
652 {
653 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
654
655 -@@ -1160,7 +1618,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
656 +@@ -1160,7 +1639,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
657 if (vma->vm_file == NULL)
658 return 0;
659
660 @@ -54219,7 +54421,7 @@ index 4c94a79..2610454 100644
661 goto whole;
662
663 /*
664 -@@ -1385,9 +1843,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
665 +@@ -1385,9 +1864,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
666 {
667 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
668 int i = 0;
669 @@ -54231,7 +54433,7 @@ index 4c94a79..2610454 100644
670 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
671 }
672
673 -@@ -1396,7 +1854,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
674 +@@ -1396,7 +1875,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
675 {
676 mm_segment_t old_fs = get_fs();
677 set_fs(KERNEL_DS);
678 @@ -54240,7 +54442,7 @@ index 4c94a79..2610454 100644
679 set_fs(old_fs);
680 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
681 }
682 -@@ -2023,14 +2481,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
683 +@@ -2023,14 +2502,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
684 }
685
686 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
687 @@ -54257,7 +54459,7 @@ index 4c94a79..2610454 100644
688 return size;
689 }
690
691 -@@ -2123,7 +2581,7 @@ static int elf_core_dump(struct coredump_params *cprm)
692 +@@ -2123,7 +2602,7 @@ static int elf_core_dump(struct coredump_params *cprm)
693
694 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
695
696 @@ -54266,7 +54468,7 @@ index 4c94a79..2610454 100644
697 offset += elf_core_extra_data_size();
698 e_shoff = offset;
699
700 -@@ -2137,10 +2595,12 @@ static int elf_core_dump(struct coredump_params *cprm)
701 +@@ -2137,10 +2616,12 @@ static int elf_core_dump(struct coredump_params *cprm)
702 offset = dataoff;
703
704 size += sizeof(*elf);
705 @@ -54279,7 +54481,7 @@ index 4c94a79..2610454 100644
706 if (size > cprm->limit
707 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
708 goto end_coredump;
709 -@@ -2154,7 +2614,7 @@ static int elf_core_dump(struct coredump_params *cprm)
710 +@@ -2154,7 +2635,7 @@ static int elf_core_dump(struct coredump_params *cprm)
711 phdr.p_offset = offset;
712 phdr.p_vaddr = vma->vm_start;
713 phdr.p_paddr = 0;
714 @@ -54288,7 +54490,7 @@ index 4c94a79..2610454 100644
715 phdr.p_memsz = vma->vm_end - vma->vm_start;
716 offset += phdr.p_filesz;
717 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
718 -@@ -2165,6 +2625,7 @@ static int elf_core_dump(struct coredump_params *cprm)
719 +@@ -2165,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm)
720 phdr.p_align = ELF_EXEC_PAGESIZE;
721
722 size += sizeof(phdr);
723 @@ -54296,7 +54498,7 @@ index 4c94a79..2610454 100644
724 if (size > cprm->limit
725 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
726 goto end_coredump;
727 -@@ -2189,7 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm)
728 +@@ -2189,7 +2671,7 @@ static int elf_core_dump(struct coredump_params *cprm)
729 unsigned long addr;
730 unsigned long end;
731
732 @@ -54305,7 +54507,7 @@ index 4c94a79..2610454 100644
733
734 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
735 struct page *page;
736 -@@ -2198,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm)
737 +@@ -2198,6 +2680,7 @@ static int elf_core_dump(struct coredump_params *cprm)
738 page = get_dump_page(addr);
739 if (page) {
740 void *kaddr = kmap(page);
741 @@ -54313,7 +54515,7 @@ index 4c94a79..2610454 100644
742 stop = ((size += PAGE_SIZE) > cprm->limit) ||
743 !dump_write(cprm->file, kaddr,
744 PAGE_SIZE);
745 -@@ -2215,6 +2677,7 @@ static int elf_core_dump(struct coredump_params *cprm)
746 +@@ -2215,6 +2698,7 @@ static int elf_core_dump(struct coredump_params *cprm)
747
748 if (e_phnum == PN_XNUM) {
749 size += sizeof(*shdr4extnum);
750 @@ -54321,7 +54523,7 @@ index 4c94a79..2610454 100644
751 if (size > cprm->limit
752 || !dump_write(cprm->file, shdr4extnum,
753 sizeof(*shdr4extnum)))
754 -@@ -2235,6 +2698,167 @@ out:
755 +@@ -2235,6 +2719,167 @@ out:
756
757 #endif /* CONFIG_ELF_CORE */
758
759 @@ -59530,6 +59732,34 @@ index 72cb28e..5b5f87d 100644
760 set_fs(oldfs);
761
762 if (host_err < 0)
763 +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
764 +index 9f6b486..a1a19163 100644
765 +--- a/fs/nilfs2/segment.c
766 ++++ b/fs/nilfs2/segment.c
767 +@@ -1440,17 +1440,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci,
768 +
769 + nilfs_clear_logs(&sci->sc_segbufs);
770 +
771 +- err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
772 +- if (unlikely(err))
773 +- return err;
774 +-
775 + if (sci->sc_stage.flags & NILFS_CF_SUFREED) {
776 + err = nilfs_sufile_cancel_freev(nilfs->ns_sufile,
777 + sci->sc_freesegs,
778 + sci->sc_nfreesegs,
779 + NULL);
780 + WARN_ON(err); /* do not happen */
781 ++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED;
782 + }
783 ++
784 ++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
785 ++ if (unlikely(err))
786 ++ return err;
787 ++
788 + nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA);
789 + sci->sc_stage = prev_stage;
790 + }
791 diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c
792 index fea6bd5..8ee9d81 100644
793 --- a/fs/nls/nls_base.c
794 @@ -62460,6 +62690,19 @@ index 9fbea87..6b19972 100644
795 int count;
796 struct posix_acl *acl;
797 struct posix_acl_entry *acl_e;
798 +diff --git a/fs/xfs/xfs_attr_remote.c b/fs/xfs/xfs_attr_remote.c
799 +index 712a502..18180a3 100644
800 +--- a/fs/xfs/xfs_attr_remote.c
801 ++++ b/fs/xfs/xfs_attr_remote.c
802 +@@ -110,7 +110,7 @@ xfs_attr3_rmt_verify(
803 + if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt))
804 + return false;
805 + if (be32_to_cpu(rmt->rm_offset) +
806 +- be32_to_cpu(rmt->rm_bytes) >= XATTR_SIZE_MAX)
807 ++ be32_to_cpu(rmt->rm_bytes) > XATTR_SIZE_MAX)
808 + return false;
809 + if (rmt->rm_owner == 0)
810 + return false;
811 diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
812 index f47e65c..e7125d9 100644
813 --- a/fs/xfs/xfs_bmap.c
814 @@ -78073,7 +78316,7 @@ index cc7494a..1e27036 100644
815 extern bool qid_valid(struct kqid qid);
816
817 diff --git a/include/linux/random.h b/include/linux/random.h
818 -index bf9085e..1e8bbcf 100644
819 +index bf9085e..02aca5f 100644
820 --- a/include/linux/random.h
821 +++ b/include/linux/random.h
822 @@ -10,9 +10,19 @@
823 @@ -78098,7 +78341,7 @@ index bf9085e..1e8bbcf 100644
824
825 extern void get_random_bytes(void *buf, int nbytes);
826 extern void get_random_bytes_arch(void *buf, int nbytes);
827 -@@ -23,16 +33,21 @@ extern int random_int_secret_init(void);
828 +@@ -23,16 +33,22 @@ extern int random_int_secret_init(void);
829 extern const struct file_operations random_fops, urandom_fops;
830 #endif
831
832 @@ -78110,8 +78353,10 @@ index bf9085e..1e8bbcf 100644
833 +u32 prandom_u32(void) __intentional_overflow(-1);
834 void prandom_bytes(void *buf, int nbytes);
835 void prandom_seed(u32 seed);
836 ++void prandom_reseed_late(void);
837
838 - u32 prandom_u32_state(struct rnd_state *);
839 +-u32 prandom_u32_state(struct rnd_state *);
840 ++u32 prandom_u32_state(struct rnd_state *state);
841 void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
842
843 +static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void)
844 @@ -78122,6 +78367,20 @@ index bf9085e..1e8bbcf 100644
845 /*
846 * Handle minimum values for seeds
847 */
848 +@@ -50,9 +66,10 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed)
849 + {
850 + u32 i = (seed >> 32) ^ (seed << 10) ^ seed;
851 +
852 +- state->s1 = __seed(i, 2);
853 +- state->s2 = __seed(i, 8);
854 +- state->s3 = __seed(i, 16);
855 ++ state->s1 = __seed(i, 2U);
856 ++ state->s2 = __seed(i, 8U);
857 ++ state->s3 = __seed(i, 16U);
858 ++ state->s4 = __seed(i, 128U);
859 + }
860 +
861 + #ifdef CONFIG_ARCH_RANDOM
862 diff --git a/include/linux/rculist.h b/include/linux/rculist.h
863 index 4106721..132d42c 100644
864 --- a/include/linux/rculist.h
865 @@ -78265,7 +78524,7 @@ index 6dacb93..6174423 100644
866 static inline void anon_vma_merge(struct vm_area_struct *vma,
867 struct vm_area_struct *next)
868 diff --git a/include/linux/sched.h b/include/linux/sched.h
869 -index b1e963e..114b8fd 100644
870 +index b1e963e..4916219 100644
871 --- a/include/linux/sched.h
872 +++ b/include/linux/sched.h
873 @@ -62,6 +62,7 @@ struct bio_list;
874 @@ -78394,7 +78653,7 @@ index b1e963e..114b8fd 100644
875 #ifdef CONFIG_FUTEX
876 struct robust_list_head __user *robust_list;
877 #ifdef CONFIG_COMPAT
878 -@@ -1411,8 +1451,78 @@ struct task_struct {
879 +@@ -1411,8 +1451,79 @@ struct task_struct {
880 unsigned int sequential_io;
881 unsigned int sequential_io_avg;
882 #endif
883 @@ -78436,6 +78695,7 @@ index b1e963e..114b8fd 100644
884 +#endif
885 +
886 +extern int pax_check_flags(unsigned long *);
887 ++#define PAX_PARSE_FLAGS_FALLBACK (~0UL)
888 +
889 +/* if tsk != current then task_lock must be held on it */
890 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
891 @@ -78473,7 +78733,7 @@ index b1e963e..114b8fd 100644
892 /* Future-safe accessor for struct task_struct's cpus_allowed. */
893 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
894
895 -@@ -1471,7 +1581,7 @@ struct pid_namespace;
896 +@@ -1471,7 +1582,7 @@ struct pid_namespace;
897 pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
898 struct pid_namespace *ns);
899
900 @@ -78482,7 +78742,7 @@ index b1e963e..114b8fd 100644
901 {
902 return tsk->pid;
903 }
904 -@@ -1921,7 +2031,9 @@ void yield(void);
905 +@@ -1921,7 +2032,9 @@ void yield(void);
906 extern struct exec_domain default_exec_domain;
907
908 union thread_union {
909 @@ -78492,7 +78752,7 @@ index b1e963e..114b8fd 100644
910 unsigned long stack[THREAD_SIZE/sizeof(long)];
911 };
912
913 -@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns;
914 +@@ -1954,6 +2067,7 @@ extern struct pid_namespace init_pid_ns;
915 */
916
917 extern struct task_struct *find_task_by_vpid(pid_t nr);
918 @@ -78500,7 +78760,7 @@ index b1e963e..114b8fd 100644
919 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
920 struct pid_namespace *ns);
921
922 -@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
923 +@@ -2118,7 +2232,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
924 extern void exit_itimers(struct signal_struct *);
925 extern void flush_itimer_signals(void);
926
927 @@ -78509,7 +78769,7 @@ index b1e963e..114b8fd 100644
928
929 extern int allow_signal(int);
930 extern int disallow_signal(int);
931 -@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
932 +@@ -2309,9 +2423,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
933
934 #endif
935
936 @@ -80633,6 +80893,19 @@ index aa169c4..6a2771d 100644
937 MMAP_PAGE_ZERO)
938
939 /*
940 +diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h
941 +index 7471b5b..f97f514 100644
942 +--- a/include/uapi/linux/random.h
943 ++++ b/include/uapi/linux/random.h
944 +@@ -41,7 +41,7 @@ struct rand_pool_info {
945 + };
946 +
947 + struct rnd_state {
948 +- __u32 s1, s2, s3;
949 ++ __u32 s1, s2, s3, s4;
950 + };
951 +
952 + /* Exported functions */
953 diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h
954 index 7530e74..e714828 100644
955 --- a/include/uapi/linux/screen_info.h
956 @@ -80679,22 +80952,18 @@ index 0e011eb..82681b1 100644
957 #ifdef __HAVE_BUILTIN_BSWAP64__
958 return __builtin_bswap64(val);
959 diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h
960 -index 6d67213..8dab561 100644
961 +index 6d67213..552fdd9 100644
962 --- a/include/uapi/linux/sysctl.h
963 +++ b/include/uapi/linux/sysctl.h
964 -@@ -155,7 +155,11 @@ enum
965 +@@ -155,8 +155,6 @@ enum
966 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
967 };
968
969 -
970 -+#ifdef CONFIG_PAX_SOFTMODE
971 -+enum {
972 -+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
973 -+};
974 -+#endif
975 -
976 +-
977 /* CTL_VM names: */
978 enum
979 + {
980 diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h
981 index e4629b9..6958086 100644
982 --- a/include/uapi/linux/xattr.h
983 @@ -87851,6 +88120,396 @@ index 7811ed3..f80ca19 100644
984
985 static inline void *ptr_to_indirect(void *ptr)
986 {
987 +diff --git a/lib/random32.c b/lib/random32.c
988 +index 01e8890..1e5b2df 100644
989 +--- a/lib/random32.c
990 ++++ b/lib/random32.c
991 +@@ -2,19 +2,19 @@
992 + This is a maximally equidistributed combined Tausworthe generator
993 + based on code from GNU Scientific Library 1.5 (30 Jun 2004)
994 +
995 +- x_n = (s1_n ^ s2_n ^ s3_n)
996 ++ lfsr113 version:
997 +
998 +- s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19))
999 +- s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25))
1000 +- s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11))
1001 ++ x_n = (s1_n ^ s2_n ^ s3_n ^ s4_n)
1002 +
1003 +- The period of this generator is about 2^88.
1004 ++ s1_{n+1} = (((s1_n & 4294967294) << 18) ^ (((s1_n << 6) ^ s1_n) >> 13))
1005 ++ s2_{n+1} = (((s2_n & 4294967288) << 2) ^ (((s2_n << 2) ^ s2_n) >> 27))
1006 ++ s3_{n+1} = (((s3_n & 4294967280) << 7) ^ (((s3_n << 13) ^ s3_n) >> 21))
1007 ++ s4_{n+1} = (((s4_n & 4294967168) << 13) ^ (((s4_n << 3) ^ s4_n) >> 12))
1008 ++
1009 ++ The period of this generator is about 2^113 (see erratum paper).
1010 +
1011 + From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe
1012 +- Generators", Mathematics of Computation, 65, 213 (1996), 203--213.
1013 +-
1014 +- This is available on the net from L'Ecuyer's home page,
1015 +-
1016 ++ Generators", Mathematics of Computation, 65, 213 (1996), 203--213:
1017 + http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
1018 + ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps
1019 +
1020 +@@ -29,7 +29,7 @@
1021 + that paper.)
1022 +
1023 + This affects the seeding procedure by imposing the requirement
1024 +- s1 > 1, s2 > 7, s3 > 15.
1025 ++ s1 > 1, s2 > 7, s3 > 15, s4 > 127.
1026 +
1027 + */
1028 +
1029 +@@ -38,6 +38,11 @@
1030 + #include <linux/export.h>
1031 + #include <linux/jiffies.h>
1032 + #include <linux/random.h>
1033 ++#include <linux/sched.h>
1034 ++
1035 ++#ifdef CONFIG_RANDOM32_SELFTEST
1036 ++static void __init prandom_state_selftest(void);
1037 ++#endif
1038 +
1039 + static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
1040 +
1041 +@@ -52,11 +57,12 @@ u32 prandom_u32_state(struct rnd_state *state)
1042 + {
1043 + #define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b)
1044 +
1045 +- state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12);
1046 +- state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4);
1047 +- state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17);
1048 ++ state->s1 = TAUSWORTHE(state->s1, 6U, 13U, 4294967294U, 18U);
1049 ++ state->s2 = TAUSWORTHE(state->s2, 2U, 27U, 4294967288U, 2U);
1050 ++ state->s3 = TAUSWORTHE(state->s3, 13U, 21U, 4294967280U, 7U);
1051 ++ state->s4 = TAUSWORTHE(state->s4, 3U, 12U, 4294967168U, 13U);
1052 +
1053 +- return (state->s1 ^ state->s2 ^ state->s3);
1054 ++ return (state->s1 ^ state->s2 ^ state->s3 ^ state->s4);
1055 + }
1056 + EXPORT_SYMBOL(prandom_u32_state);
1057 +
1058 +@@ -126,6 +132,38 @@ void prandom_bytes(void *buf, int bytes)
1059 + }
1060 + EXPORT_SYMBOL(prandom_bytes);
1061 +
1062 ++static void prandom_warmup(struct rnd_state *state)
1063 ++{
1064 ++ /* Calling RNG ten times to satify recurrence condition */
1065 ++ prandom_u32_state(state);
1066 ++ prandom_u32_state(state);
1067 ++ prandom_u32_state(state);
1068 ++ prandom_u32_state(state);
1069 ++ prandom_u32_state(state);
1070 ++ prandom_u32_state(state);
1071 ++ prandom_u32_state(state);
1072 ++ prandom_u32_state(state);
1073 ++ prandom_u32_state(state);
1074 ++ prandom_u32_state(state);
1075 ++}
1076 ++
1077 ++static void prandom_seed_very_weak(struct rnd_state *state, u32 seed)
1078 ++{
1079 ++ /* Note: This sort of seeding is ONLY used in test cases and
1080 ++ * during boot at the time from core_initcall until late_initcall
1081 ++ * as we don't have a stronger entropy source available yet.
1082 ++ * After late_initcall, we reseed entire state, we have to (!),
1083 ++ * otherwise an attacker just needs to search 32 bit space to
1084 ++ * probe for our internal 128 bit state if he knows a couple
1085 ++ * of prandom32 outputs!
1086 ++ */
1087 ++#define LCG(x) ((x) * 69069U) /* super-duper LCG */
1088 ++ state->s1 = __seed(LCG(seed), 2U);
1089 ++ state->s2 = __seed(LCG(state->s1), 8U);
1090 ++ state->s3 = __seed(LCG(state->s2), 16U);
1091 ++ state->s4 = __seed(LCG(state->s3), 128U);
1092 ++}
1093 ++
1094 + /**
1095 + * prandom_seed - add entropy to pseudo random number generator
1096 + * @seed: seed value
1097 +@@ -141,7 +179,9 @@ void prandom_seed(u32 entropy)
1098 + */
1099 + for_each_possible_cpu (i) {
1100 + struct rnd_state *state = &per_cpu(net_rand_state, i);
1101 +- state->s1 = __seed(state->s1 ^ entropy, 2);
1102 ++
1103 ++ state->s1 = __seed(state->s1 ^ entropy, 2U);
1104 ++ prandom_warmup(state);
1105 + }
1106 + }
1107 + EXPORT_SYMBOL(prandom_seed);
1108 +@@ -154,46 +194,249 @@ static int __init prandom_init(void)
1109 + {
1110 + int i;
1111 +
1112 ++#ifdef CONFIG_RANDOM32_SELFTEST
1113 ++ prandom_state_selftest();
1114 ++#endif
1115 ++
1116 + for_each_possible_cpu(i) {
1117 + struct rnd_state *state = &per_cpu(net_rand_state,i);
1118 +
1119 +-#define LCG(x) ((x) * 69069) /* super-duper LCG */
1120 +- state->s1 = __seed(LCG(i + jiffies), 2);
1121 +- state->s2 = __seed(LCG(state->s1), 8);
1122 +- state->s3 = __seed(LCG(state->s2), 16);
1123 +-
1124 +- /* "warm it up" */
1125 +- prandom_u32_state(state);
1126 +- prandom_u32_state(state);
1127 +- prandom_u32_state(state);
1128 +- prandom_u32_state(state);
1129 +- prandom_u32_state(state);
1130 +- prandom_u32_state(state);
1131 ++ prandom_seed_very_weak(state, (i + jiffies) ^ random_get_entropy());
1132 ++ prandom_warmup(state);
1133 + }
1134 + return 0;
1135 + }
1136 + core_initcall(prandom_init);
1137 +
1138 ++static void __prandom_timer(unsigned long dontcare);
1139 ++static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0);
1140 ++
1141 ++static void __prandom_timer(unsigned long dontcare)
1142 ++{
1143 ++ u32 entropy;
1144 ++ unsigned long expires;
1145 ++
1146 ++ get_random_bytes(&entropy, sizeof(entropy));
1147 ++ prandom_seed(entropy);
1148 ++
1149 ++ /* reseed every ~60 seconds, in [40 .. 80) interval with slack */
1150 ++ expires = 40 + (prandom_u32() % 40);
1151 ++ seed_timer.expires = jiffies + msecs_to_jiffies(expires * MSEC_PER_SEC);
1152 ++
1153 ++ add_timer(&seed_timer);
1154 ++}
1155 ++
1156 ++static void __init __prandom_start_seed_timer(void)
1157 ++{
1158 ++ set_timer_slack(&seed_timer, HZ);
1159 ++ seed_timer.expires = jiffies + msecs_to_jiffies(40 * MSEC_PER_SEC);
1160 ++ add_timer(&seed_timer);
1161 ++}
1162 ++
1163 + /*
1164 + * Generate better values after random number generator
1165 + * is fully initialized.
1166 + */
1167 +-static int __init prandom_reseed(void)
1168 ++static void __prandom_reseed(bool late)
1169 + {
1170 + int i;
1171 ++ unsigned long flags;
1172 ++ static bool latch = false;
1173 ++ static DEFINE_SPINLOCK(lock);
1174 ++
1175 ++ /* only allow initial seeding (late == false) once */
1176 ++ spin_lock_irqsave(&lock, flags);
1177 ++ if (latch && !late)
1178 ++ goto out;
1179 ++ latch = true;
1180 +
1181 + for_each_possible_cpu(i) {
1182 + struct rnd_state *state = &per_cpu(net_rand_state,i);
1183 +- u32 seeds[3];
1184 ++ u32 seeds[4];
1185 +
1186 + get_random_bytes(&seeds, sizeof(seeds));
1187 +- state->s1 = __seed(seeds[0], 2);
1188 +- state->s2 = __seed(seeds[1], 8);
1189 +- state->s3 = __seed(seeds[2], 16);
1190 ++ state->s1 = __seed(seeds[0], 2U);
1191 ++ state->s2 = __seed(seeds[1], 8U);
1192 ++ state->s3 = __seed(seeds[2], 16U);
1193 ++ state->s4 = __seed(seeds[3], 128U);
1194 +
1195 +- /* mix it in */
1196 +- prandom_u32_state(state);
1197 ++ prandom_warmup(state);
1198 + }
1199 ++out:
1200 ++ spin_unlock_irqrestore(&lock, flags);
1201 ++}
1202 ++
1203 ++void prandom_reseed_late(void)
1204 ++{
1205 ++ __prandom_reseed(true);
1206 ++}
1207 ++
1208 ++static int __init prandom_reseed(void)
1209 ++{
1210 ++ __prandom_reseed(false);
1211 ++ __prandom_start_seed_timer();
1212 + return 0;
1213 + }
1214 + late_initcall(prandom_reseed);
1215 ++
1216 ++#ifdef CONFIG_RANDOM32_SELFTEST
1217 ++static struct prandom_test1 {
1218 ++ u32 seed;
1219 ++ u32 result;
1220 ++} test1[] = {
1221 ++ { 1U, 3484351685U },
1222 ++ { 2U, 2623130059U },
1223 ++ { 3U, 3125133893U },
1224 ++ { 4U, 984847254U },
1225 ++};
1226 ++
1227 ++static struct prandom_test2 {
1228 ++ u32 seed;
1229 ++ u32 iteration;
1230 ++ u32 result;
1231 ++} test2[] = {
1232 ++ /* Test cases against taus113 from GSL library. */
1233 ++ { 931557656U, 959U, 2975593782U },
1234 ++ { 1339693295U, 876U, 3887776532U },
1235 ++ { 1545556285U, 961U, 1615538833U },
1236 ++ { 601730776U, 723U, 1776162651U },
1237 ++ { 1027516047U, 687U, 511983079U },
1238 ++ { 416526298U, 700U, 916156552U },
1239 ++ { 1395522032U, 652U, 2222063676U },
1240 ++ { 366221443U, 617U, 2992857763U },
1241 ++ { 1539836965U, 714U, 3783265725U },
1242 ++ { 556206671U, 994U, 799626459U },
1243 ++ { 684907218U, 799U, 367789491U },
1244 ++ { 2121230701U, 931U, 2115467001U },
1245 ++ { 1668516451U, 644U, 3620590685U },
1246 ++ { 768046066U, 883U, 2034077390U },
1247 ++ { 1989159136U, 833U, 1195767305U },
1248 ++ { 536585145U, 996U, 3577259204U },
1249 ++ { 1008129373U, 642U, 1478080776U },
1250 ++ { 1740775604U, 939U, 1264980372U },
1251 ++ { 1967883163U, 508U, 10734624U },
1252 ++ { 1923019697U, 730U, 3821419629U },
1253 ++ { 442079932U, 560U, 3440032343U },
1254 ++ { 1961302714U, 845U, 841962572U },
1255 ++ { 2030205964U, 962U, 1325144227U },
1256 ++ { 1160407529U, 507U, 240940858U },
1257 ++ { 635482502U, 779U, 4200489746U },
1258 ++ { 1252788931U, 699U, 867195434U },
1259 ++ { 1961817131U, 719U, 668237657U },
1260 ++ { 1071468216U, 983U, 917876630U },
1261 ++ { 1281848367U, 932U, 1003100039U },
1262 ++ { 582537119U, 780U, 1127273778U },
1263 ++ { 1973672777U, 853U, 1071368872U },
1264 ++ { 1896756996U, 762U, 1127851055U },
1265 ++ { 847917054U, 500U, 1717499075U },
1266 ++ { 1240520510U, 951U, 2849576657U },
1267 ++ { 1685071682U, 567U, 1961810396U },
1268 ++ { 1516232129U, 557U, 3173877U },
1269 ++ { 1208118903U, 612U, 1613145022U },
1270 ++ { 1817269927U, 693U, 4279122573U },
1271 ++ { 1510091701U, 717U, 638191229U },
1272 ++ { 365916850U, 807U, 600424314U },
1273 ++ { 399324359U, 702U, 1803598116U },
1274 ++ { 1318480274U, 779U, 2074237022U },
1275 ++ { 697758115U, 840U, 1483639402U },
1276 ++ { 1696507773U, 840U, 577415447U },
1277 ++ { 2081979121U, 981U, 3041486449U },
1278 ++ { 955646687U, 742U, 3846494357U },
1279 ++ { 1250683506U, 749U, 836419859U },
1280 ++ { 595003102U, 534U, 366794109U },
1281 ++ { 47485338U, 558U, 3521120834U },
1282 ++ { 619433479U, 610U, 3991783875U },
1283 ++ { 704096520U, 518U, 4139493852U },
1284 ++ { 1712224984U, 606U, 2393312003U },
1285 ++ { 1318233152U, 922U, 3880361134U },
1286 ++ { 855572992U, 761U, 1472974787U },
1287 ++ { 64721421U, 703U, 683860550U },
1288 ++ { 678931758U, 840U, 380616043U },
1289 ++ { 692711973U, 778U, 1382361947U },
1290 ++ { 677703619U, 530U, 2826914161U },
1291 ++ { 92393223U, 586U, 1522128471U },
1292 ++ { 1222592920U, 743U, 3466726667U },
1293 ++ { 358288986U, 695U, 1091956998U },
1294 ++ { 1935056945U, 958U, 514864477U },
1295 ++ { 735675993U, 990U, 1294239989U },
1296 ++ { 1560089402U, 897U, 2238551287U },
1297 ++ { 70616361U, 829U, 22483098U },
1298 ++ { 368234700U, 731U, 2913875084U },
1299 ++ { 20221190U, 879U, 1564152970U },
1300 ++ { 539444654U, 682U, 1835141259U },
1301 ++ { 1314987297U, 840U, 1801114136U },
1302 ++ { 2019295544U, 645U, 3286438930U },
1303 ++ { 469023838U, 716U, 1637918202U },
1304 ++ { 1843754496U, 653U, 2562092152U },
1305 ++ { 400672036U, 809U, 4264212785U },
1306 ++ { 404722249U, 965U, 2704116999U },
1307 ++ { 600702209U, 758U, 584979986U },
1308 ++ { 519953954U, 667U, 2574436237U },
1309 ++ { 1658071126U, 694U, 2214569490U },
1310 ++ { 420480037U, 749U, 3430010866U },
1311 ++ { 690103647U, 969U, 3700758083U },
1312 ++ { 1029424799U, 937U, 3787746841U },
1313 ++ { 2012608669U, 506U, 3362628973U },
1314 ++ { 1535432887U, 998U, 42610943U },
1315 ++ { 1330635533U, 857U, 3040806504U },
1316 ++ { 1223800550U, 539U, 3954229517U },
1317 ++ { 1322411537U, 680U, 3223250324U },
1318 ++ { 1877847898U, 945U, 2915147143U },
1319 ++ { 1646356099U, 874U, 965988280U },
1320 ++ { 805687536U, 744U, 4032277920U },
1321 ++ { 1948093210U, 633U, 1346597684U },
1322 ++ { 392609744U, 783U, 1636083295U },
1323 ++ { 690241304U, 770U, 1201031298U },
1324 ++ { 1360302965U, 696U, 1665394461U },
1325 ++ { 1220090946U, 780U, 1316922812U },
1326 ++ { 447092251U, 500U, 3438743375U },
1327 ++ { 1613868791U, 592U, 828546883U },
1328 ++ { 523430951U, 548U, 2552392304U },
1329 ++ { 726692899U, 810U, 1656872867U },
1330 ++ { 1364340021U, 836U, 3710513486U },
1331 ++ { 1986257729U, 931U, 935013962U },
1332 ++ { 407983964U, 921U, 728767059U },
1333 ++};
1334 ++
1335 ++static void __init prandom_state_selftest(void)
1336 ++{
1337 ++ int i, j, errors = 0, runs = 0;
1338 ++ bool error = false;
1339 ++
1340 ++ for (i = 0; i < ARRAY_SIZE(test1); i++) {
1341 ++ struct rnd_state state;
1342 ++
1343 ++ prandom_seed_very_weak(&state, test1[i].seed);
1344 ++ prandom_warmup(&state);
1345 ++
1346 ++ if (test1[i].result != prandom_u32_state(&state))
1347 ++ error = true;
1348 ++ }
1349 ++
1350 ++ if (error)
1351 ++ pr_warn("prandom: seed boundary self test failed\n");
1352 ++ else
1353 ++ pr_info("prandom: seed boundary self test passed\n");
1354 ++
1355 ++ for (i = 0; i < ARRAY_SIZE(test2); i++) {
1356 ++ struct rnd_state state;
1357 ++
1358 ++ prandom_seed_very_weak(&state, test2[i].seed);
1359 ++ prandom_warmup(&state);
1360 ++
1361 ++ for (j = 0; j < test2[i].iteration - 1; j++)
1362 ++ prandom_u32_state(&state);
1363 ++
1364 ++ if (test2[i].result != prandom_u32_state(&state))
1365 ++ errors++;
1366 ++
1367 ++ runs++;
1368 ++ cond_resched();
1369 ++ }
1370 ++
1371 ++ if (errors)
1372 ++ pr_warn("prandom: %d/%d self tests failed\n", errors, runs);
1373 ++ else
1374 ++ pr_info("prandom: %d self tests passed\n", runs);
1375 ++}
1376 ++#endif
1377 diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c
1378 index bb2b201..46abaf9 100644
1379 --- a/lib/strncpy_from_user.c
1380 @@ -88179,6 +88838,37 @@ index b32b70c..e512eb0 100644
1381 pkmap_count[last_pkmap_nr] = 1;
1382 set_page_address(page, (void *)vaddr);
1383
1384 +diff --git a/mm/huge_memory.c b/mm/huge_memory.c
1385 +index 4796245..292a266 100644
1386 +--- a/mm/huge_memory.c
1387 ++++ b/mm/huge_memory.c
1388 +@@ -1154,7 +1154,7 @@ alloc:
1389 + new_page = NULL;
1390 +
1391 + if (unlikely(!new_page)) {
1392 +- if (is_huge_zero_pmd(orig_pmd)) {
1393 ++ if (!page) {
1394 + ret = do_huge_pmd_wp_zero_page_fallback(mm, vma,
1395 + address, pmd, orig_pmd, haddr);
1396 + } else {
1397 +@@ -1181,7 +1181,7 @@ alloc:
1398 +
1399 + count_vm_event(THP_FAULT_ALLOC);
1400 +
1401 +- if (is_huge_zero_pmd(orig_pmd))
1402 ++ if (!page)
1403 + clear_huge_page(new_page, haddr, HPAGE_PMD_NR);
1404 + else
1405 + copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR);
1406 +@@ -1207,7 +1207,7 @@ alloc:
1407 + page_add_new_anon_rmap(new_page, vma, haddr);
1408 + set_pmd_at(mm, haddr, pmd, entry);
1409 + update_mmu_cache_pmd(vma, address, pmd);
1410 +- if (is_huge_zero_pmd(orig_pmd)) {
1411 ++ if (!page) {
1412 + add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR);
1413 + put_huge_zero_page();
1414 + } else {
1415 diff --git a/mm/hugetlb.c b/mm/hugetlb.c
1416 index 0b7656e..d21cefc 100644
1417 --- a/mm/hugetlb.c
1418 @@ -92546,7 +93236,7 @@ index de7c904..c84bf11 100644
1419
1420 if (S_ISREG(inode->i_mode))
1421 diff --git a/mm/util.c b/mm/util.c
1422 -index eaf63fc2..32b2629 100644
1423 +index eaf63fc2..c6952b2 100644
1424 --- a/mm/util.c
1425 +++ b/mm/util.c
1426 @@ -294,6 +294,12 @@ done:
1427 @@ -92562,6 +93252,18 @@ index eaf63fc2..32b2629 100644
1428 mm->get_unmapped_area = arch_get_unmapped_area;
1429 }
1430 #endif
1431 +@@ -387,7 +393,10 @@ struct address_space *page_mapping(struct page *page)
1432 + {
1433 + struct address_space *mapping = page->mapping;
1434 +
1435 +- VM_BUG_ON(PageSlab(page));
1436 ++ /* This happens if someone calls flush_dcache_page on slab page */
1437 ++ if (unlikely(PageSlab(page)))
1438 ++ return NULL;
1439 ++
1440 + if (unlikely(PageSwapCache(page))) {
1441 + swp_entry_t entry;
1442 +
1443 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
1444 index 1074543..136dbe0 100644
1445 --- a/mm/vmalloc.c
1446 @@ -93673,6 +94375,68 @@ index 5b7d0e1..cb960fc 100644
1447 }
1448 }
1449 EXPORT_SYMBOL(dev_load);
1450 +diff --git a/net/core/filter.c b/net/core/filter.c
1451 +index 01b7808..ad30d62 100644
1452 +--- a/net/core/filter.c
1453 ++++ b/net/core/filter.c
1454 +@@ -36,7 +36,6 @@
1455 + #include <asm/uaccess.h>
1456 + #include <asm/unaligned.h>
1457 + #include <linux/filter.h>
1458 +-#include <linux/reciprocal_div.h>
1459 + #include <linux/ratelimit.h>
1460 + #include <linux/seccomp.h>
1461 + #include <linux/if_vlan.h>
1462 +@@ -166,7 +165,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb,
1463 + A /= X;
1464 + continue;
1465 + case BPF_S_ALU_DIV_K:
1466 +- A = reciprocal_divide(A, K);
1467 ++ A /= K;
1468 + continue;
1469 + case BPF_S_ALU_MOD_X:
1470 + if (X == 0)
1471 +@@ -553,11 +552,6 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen)
1472 + /* Some instructions need special checks */
1473 + switch (code) {
1474 + case BPF_S_ALU_DIV_K:
1475 +- /* check for division by zero */
1476 +- if (ftest->k == 0)
1477 +- return -EINVAL;
1478 +- ftest->k = reciprocal_value(ftest->k);
1479 +- break;
1480 + case BPF_S_ALU_MOD_K:
1481 + /* check for division by zero */
1482 + if (ftest->k == 0)
1483 +@@ -853,27 +847,7 @@ void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to)
1484 + to->code = decodes[code];
1485 + to->jt = filt->jt;
1486 + to->jf = filt->jf;
1487 +-
1488 +- if (code == BPF_S_ALU_DIV_K) {
1489 +- /*
1490 +- * When loaded this rule user gave us X, which was
1491 +- * translated into R = r(X). Now we calculate the
1492 +- * RR = r(R) and report it back. If next time this
1493 +- * value is loaded and RRR = r(RR) is calculated
1494 +- * then the R == RRR will be true.
1495 +- *
1496 +- * One exception. X == 1 translates into R == 0 and
1497 +- * we can't calculate RR out of it with r().
1498 +- */
1499 +-
1500 +- if (filt->k == 0)
1501 +- to->k = 1;
1502 +- else
1503 +- to->k = reciprocal_value(filt->k);
1504 +-
1505 +- BUG_ON(reciprocal_value(to->k) != filt->k);
1506 +- } else
1507 +- to->k = filt->k;
1508 ++ to->k = filt->k;
1509 + }
1510 +
1511 + int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, unsigned int len)
1512 diff --git a/net/core/flow.c b/net/core/flow.c
1513 index dfa602c..3103d88 100644
1514 --- a/net/core/flow.c
1515 @@ -94235,6 +94999,23 @@ index 008f337..b03b8c9 100644
1516 /* replace the top byte with new ECN | DSCP format */
1517 *hc06_ptr = tmp;
1518 hc06_ptr += 4;
1519 +diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c
1520 +index 22b1a70..4efd237 100644
1521 +--- a/net/ieee802154/nl-phy.c
1522 ++++ b/net/ieee802154/nl-phy.c
1523 +@@ -224,8 +224,10 @@ static int ieee802154_add_iface(struct sk_buff *skb,
1524 +
1525 + if (info->attrs[IEEE802154_ATTR_DEV_TYPE]) {
1526 + type = nla_get_u8(info->attrs[IEEE802154_ATTR_DEV_TYPE]);
1527 +- if (type >= __IEEE802154_DEV_MAX)
1528 +- return -EINVAL;
1529 ++ if (type >= __IEEE802154_DEV_MAX) {
1530 ++ rc = -EINVAL;
1531 ++ goto nla_put_failure;
1532 ++ }
1533 + }
1534 +
1535 + dev = phy->add_iface(phy, devname, type);
1536 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
1537 index cfeb85c..385989a 100644
1538 --- a/net/ipv4/af_inet.c
1539 @@ -94612,6 +95393,25 @@ index 7f80fb4..b0328f6 100644
1540 .kind = "ipip",
1541 .maxtype = IFLA_IPTUN_MAX,
1542 .policy = ipip_policy,
1543 +diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
1544 +index 62212c7..1672409 100644
1545 +--- a/net/ipv4/ipmr.c
1546 ++++ b/net/ipv4/ipmr.c
1547 +@@ -157,9 +157,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id)
1548 + static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
1549 + struct mr_table **mrt)
1550 + {
1551 ++ int err;
1552 + struct ipmr_result res;
1553 +- struct fib_lookup_arg arg = { .result = &res, };
1554 +- int err;
1555 ++ struct fib_lookup_arg arg = {
1556 ++ .result = &res,
1557 ++ .flags = FIB_LOOKUP_NOREF,
1558 ++ };
1559 +
1560 + err = fib_rules_lookup(net->ipv4.mr_rules_ops,
1561 + flowi4_to_flowi(flp4), 0, &arg);
1562 diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
1563 index 85a4f21..1beb1f5 100644
1564 --- a/net/ipv4/netfilter/arp_tables.c
1565 @@ -95559,6 +96359,25 @@ index c1e11b5..568e633 100644
1566 .kind = "ip6tnl",
1567 .maxtype = IFLA_IPTUN_MAX,
1568 .policy = ip6_tnl_policy,
1569 +diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
1570 +index f365310..0eb4038 100644
1571 +--- a/net/ipv6/ip6mr.c
1572 ++++ b/net/ipv6/ip6mr.c
1573 +@@ -141,9 +141,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
1574 + static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
1575 + struct mr6_table **mrt)
1576 + {
1577 ++ int err;
1578 + struct ip6mr_result res;
1579 +- struct fib_lookup_arg arg = { .result = &res, };
1580 +- int err;
1581 ++ struct fib_lookup_arg arg = {
1582 ++ .result = &res,
1583 ++ .flags = FIB_LOOKUP_NOREF,
1584 ++ };
1585 +
1586 + err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
1587 + flowi6_to_flowi(flp6), 0, &arg);
1588 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
1589 index d1e2e8e..51c19ae 100644
1590 --- a/net/ipv6/ipv6_sockglue.c
1591 @@ -97780,7 +98599,7 @@ index 6b36561..4f21064 100644
1592
1593 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
1594 diff --git a/net/socket.c b/net/socket.c
1595 -index e83c416..9169305 100644
1596 +index e83c416..6342a2f 100644
1597 --- a/net/socket.c
1598 +++ b/net/socket.c
1599 @@ -88,6 +88,7 @@
1600 @@ -97955,15 +98774,6 @@ index e83c416..9169305 100644
1601 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1602 unsigned int, flags, struct sockaddr __user *, addr,
1603 int, addr_len)
1604 -@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1605 - struct socket *sock;
1606 - struct iovec iov;
1607 - struct msghdr msg;
1608 -- struct sockaddr_storage address;
1609 -+ struct sockaddr_storage address = { };
1610 - int err, err2;
1611 - int fput_needed;
1612 -
1613 @@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1614 * checking falls down on this.
1615 */
1616 @@ -97973,15 +98783,6 @@ index e83c416..9169305 100644
1617 ctl_len))
1618 goto out_freectl;
1619 msg_sys->msg_control = ctl_buf;
1620 -@@ -2198,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1621 - int err, total_len, len;
1622 -
1623 - /* kernel mode address */
1624 -- struct sockaddr_storage addr;
1625 -+ struct sockaddr_storage addr = { };
1626 -
1627 - /* user mode address pointers */
1628 - struct sockaddr __user *uaddr;
1629 @@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1630 /* Save the user-mode address (verify_iovec will change the
1631 * kernel msghdr to use the kernel address space)
1632 @@ -100517,10 +101318,44 @@ index fc3e662..7844c60 100644
1633 lock = &avc_cache.slots_lock[hvalue];
1634
1635 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
1636 -index 392a044..5e931be 100644
1637 +index 392a044..c3eb2bd 100644
1638 --- a/security/selinux/hooks.c
1639 +++ b/security/selinux/hooks.c
1640 -@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
1641 +@@ -220,6 +220,14 @@ static int inode_alloc_security(struct inode *inode)
1642 + return 0;
1643 + }
1644 +
1645 ++static void inode_free_rcu(struct rcu_head *head)
1646 ++{
1647 ++ struct inode_security_struct *isec;
1648 ++
1649 ++ isec = container_of(head, struct inode_security_struct, rcu);
1650 ++ kmem_cache_free(sel_inode_cache, isec);
1651 ++}
1652 ++
1653 + static void inode_free_security(struct inode *inode)
1654 + {
1655 + struct inode_security_struct *isec = inode->i_security;
1656 +@@ -230,8 +238,16 @@ static void inode_free_security(struct inode *inode)
1657 + list_del_init(&isec->list);
1658 + spin_unlock(&sbsec->isec_lock);
1659 +
1660 +- inode->i_security = NULL;
1661 +- kmem_cache_free(sel_inode_cache, isec);
1662 ++ /*
1663 ++ * The inode may still be referenced in a path walk and
1664 ++ * a call to selinux_inode_permission() can be made
1665 ++ * after inode_free_security() is called. Ideally, the VFS
1666 ++ * wouldn't do this, but fixing that is a much harder
1667 ++ * job. For now, simply free the i_security via RCU, and
1668 ++ * leave the current inode->i_security pointer intact.
1669 ++ * The inode will be freed after the RCU grace period too.
1670 ++ */
1671 ++ call_rcu(&isec->rcu, inode_free_rcu);
1672 + }
1673 +
1674 + static int file_alloc_security(struct file *file)
1675 +@@ -5693,7 +5709,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
1676
1677 #endif
1678
1679 @@ -100529,7 +101364,7 @@ index 392a044..5e931be 100644
1680 .name = "selinux",
1681
1682 .ptrace_access_check = selinux_ptrace_access_check,
1683 -@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void)
1684 +@@ -6045,6 +6061,9 @@ static void selinux_nf_ip_exit(void)
1685 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
1686 static int selinux_disabled;
1687
1688 @@ -100539,7 +101374,7 @@ index 392a044..5e931be 100644
1689 int selinux_disable(void)
1690 {
1691 if (ss_initialized) {
1692 -@@ -6062,7 +6065,9 @@ int selinux_disable(void)
1693 +@@ -6062,7 +6081,9 @@ int selinux_disable(void)
1694 selinux_disabled = 1;
1695 selinux_enabled = 0;
1696
1697 @@ -100550,6 +101385,22 @@ index 392a044..5e931be 100644
1698
1699 /* Try to destroy the avc node cache */
1700 avc_disable();
1701 +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
1702 +index aa47bca..6fd9dd2 100644
1703 +--- a/security/selinux/include/objsec.h
1704 ++++ b/security/selinux/include/objsec.h
1705 +@@ -38,7 +38,10 @@ struct task_security_struct {
1706 +
1707 + struct inode_security_struct {
1708 + struct inode *inode; /* back pointer to inode object */
1709 +- struct list_head list; /* list of inode_security_struct */
1710 ++ union {
1711 ++ struct list_head list; /* list of inode_security_struct */
1712 ++ struct rcu_head rcu; /* for freeing the inode_security_struct */
1713 ++ };
1714 + u32 task_sid; /* SID of creating task */
1715 + u32 sid; /* SID of this object */
1716 + u16 sclass; /* security class of this object */
1717 diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
1718 index c1af4e1..bcb003c 100644
1719 --- a/security/selinux/include/xfrm.h
1720 @@ -101629,10 +102480,10 @@ index 0000000..414fe5e
1721 +}
1722 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
1723 new file mode 100644
1724 -index 0000000..3e46b2f
1725 +index 0000000..59bf839
1726 --- /dev/null
1727 +++ b/tools/gcc/constify_plugin.c
1728 -@@ -0,0 +1,559 @@
1729 +@@ -0,0 +1,557 @@
1730 +/*
1731 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
1732 + * Copyright 2011-2013 by PaX Team <pageexec@××××××××.hu>
1733 @@ -101679,7 +102530,7 @@ index 0000000..3e46b2f
1734 +int plugin_is_GPL_compatible;
1735 +
1736 +static struct plugin_info const_plugin_info = {
1737 -+ .version = "201401121315",
1738 ++ .version = "201401140130",
1739 + .help = "no-constify\tturn off constification\n",
1740 +};
1741 +
1742 @@ -101805,8 +102656,10 @@ index 0000000..3e46b2f
1743 + }
1744 + TYPE_READONLY(type) = 0;
1745 + C_TYPE_FIELDS_READONLY(type) = 0;
1746 -+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
1747 ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
1748 ++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
1749 + TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type));
1750 ++ }
1751 +}
1752 +
1753 +static void deconstify_tree(tree node)
1754 @@ -101899,6 +102752,7 @@ index 0000000..3e46b2f
1755 + TYPE_READONLY(type) = 1;
1756 + C_TYPE_FIELDS_READONLY(type) = 1;
1757 + TYPE_CONSTIFY_VISITED(type) = 1;
1758 ++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
1759 +// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type));
1760 +}
1761 +
1762 @@ -102010,7 +102864,7 @@ index 0000000..3e46b2f
1763 + TYPE_CONSTIFY_VISITED(type) = 1;
1764 +}
1765 +
1766 -+static void check_global_variables(void)
1767 ++static void check_global_variables(void *event_data, void *data)
1768 +{
1769 + struct varpool_node *node;
1770 +
1771 @@ -102083,21 +102937,15 @@ index 0000000..3e46b2f
1772 + return ret;
1773 +}
1774 +
1775 -+static unsigned int check_variables(void)
1776 -+{
1777 -+ check_global_variables();
1778 -+ return check_local_variables();
1779 -+}
1780 -+
1781 +static struct gimple_opt_pass pass_local_variable = {
1782 + {
1783 + .type = GIMPLE_PASS,
1784 -+ .name = "check_variables",
1785 ++ .name = "check_local_variables",
1786 +#if BUILDING_GCC_VERSION >= 4008
1787 + .optinfo_flags = OPTGROUP_NONE,
1788 +#endif
1789 + .gate = NULL,
1790 -+ .execute = check_variables,
1791 ++ .execute = check_local_variables,
1792 + .sub = NULL,
1793 + .next = NULL,
1794 + .static_pass_number = 0,
1795 @@ -102184,6 +103032,7 @@ index 0000000..3e46b2f
1796 +
1797 + register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info);
1798 + if (constify) {
1799 ++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL);
1800 + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
1801 + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info);
1802 + register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL);
1803
1804 diff --git a/3.2.54/0000_README b/3.2.54/0000_README
1805 index 155b184..30d9794 100644
1806 --- a/3.2.54/0000_README
1807 +++ b/3.2.54/0000_README
1808 @@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch
1809 From: http://www.kernel.org
1810 Desc: Linux 3.2.54
1811
1812 -Patch: 4420_grsecurity-3.0-3.2.54-201401160931.patch
1813 +Patch: 4420_grsecurity-3.0-3.2.54-201401191012.patch
1814 From: http://www.grsecurity.net
1815 Desc: hardened-sources base patch from upstream grsecurity
1816
1817
1818 diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch
1819 similarity index 99%
1820 rename from 3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch
1821 rename to 3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch
1822 index 6d2be70..ec718f0 100644
1823 --- a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch
1824 +++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch
1825 @@ -23066,7 +23066,7 @@ index 09ff517..df19fbff 100644
1826 .short 0
1827 .quad 0x00cf9b000000ffff # __KERNEL32_CS
1828 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
1829 -index e6fbb94..75e9d8c 100644
1830 +index e6fbb94..b372995 100644
1831 --- a/arch/x86/kernel/traps.c
1832 +++ b/arch/x86/kernel/traps.c
1833 @@ -70,12 +70,6 @@ asmlinkage int system_call(void);
1834 @@ -23211,7 +23211,7 @@ index e6fbb94..75e9d8c 100644
1835 {
1836 if (!fixup_exception(regs)) {
1837 task->thread.error_code = error_code;
1838 -@@ -576,8 +605,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
1839 +@@ -576,18 +605,19 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void)
1840 void __math_state_restore(struct task_struct *tsk)
1841 {
1842 /* We need a safe address that is cheap to find and that is already
1843 @@ -23222,6 +23222,23 @@ index e6fbb94..75e9d8c 100644
1844
1845 /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception
1846 is pending. Clear the x87 state here by setting it to fixed
1847 + values. safe_address is a random variable that should be in L1 */
1848 +- alternative_input(
1849 +- ASM_NOP8 ASM_NOP2,
1850 +- "emms\n\t" /* clear stack tags */
1851 +- "fildl %P[addr]", /* set F?P to defined value */
1852 +- X86_FEATURE_FXSAVE_LEAK,
1853 +- [addr] "m" (safe_address));
1854 ++ if (unlikely(static_cpu_has(X86_FEATURE_FXSAVE_LEAK))) {
1855 ++ asm volatile(
1856 ++ "fnclex\n\t"
1857 ++ "emms\n\t"
1858 ++ "fildl %P[addr]" /* set F?P to defined value */
1859 ++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0));
1860 ++ }
1861 +
1862 + /*
1863 + * Paranoid restore. send a SIGSEGV if we fail to restore the state.
1864 diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
1865 index b9242ba..50c5edd 100644
1866 --- a/arch/x86/kernel/verify_cpu.S
1867 @@ -33960,7 +33977,7 @@ index da3cfee..a5a6606 100644
1868
1869 *ppos = i;
1870 diff --git a/drivers/char/random.c b/drivers/char/random.c
1871 -index c244f0e..fc574b2 100644
1872 +index c244f0e..3f6ae58 100644
1873 --- a/drivers/char/random.c
1874 +++ b/drivers/char/random.c
1875 @@ -255,10 +255,8 @@
1876 @@ -34695,7 +34712,7 @@ index c244f0e..fc574b2 100644
1877 }
1878 #endif
1879
1880 -@@ -835,97 +916,109 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1881 +@@ -835,104 +916,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
1882 * from the primary pool to the secondary extraction pool. We make
1883 * sure we pull enough for a 'catastrophic reseed'.
1884 */
1885 @@ -34870,24 +34887,25 @@ index c244f0e..fc574b2 100644
1886 } hash;
1887 __u32 workspace[SHA_WORKSPACE_WORDS];
1888 __u8 extract[64];
1889 -@@ -938,6 +1031,17 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
1890 - sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
1891 + unsigned long flags;
1892
1893 - /*
1894 +- /* Generate a hash across the pool, 16 words (512 bits) at a time */
1895 ++ /*
1896 + * If we have an architectural hardware random number
1897 -+ * generator, mix that in, too.
1898 ++ * generator, use it for SHA's initial vector
1899 + */
1900 + sha_init(hash.w);
1901 + for (i = 0; i < LONGS(20); i++) {
1902 + unsigned long v;
1903 + if (!arch_get_random_long(&v))
1904 + break;
1905 -+ hash.l[i] ^= v;
1906 ++ hash.l[i] = v;
1907 + }
1908 +
1909 -+ /*
1910 - * We mix the hash back into the pool to prevent backtracking
1911 - * attacks (where the attacker knows the state of the pool
1912 - * plus the current outputs, and attempts to find previous
1913 ++ /* Generate a hash across the pool, 16 words (512 bits) at a time */
1914 + spin_lock_irqsave(&r->lock, flags);
1915 + for (i = 0; i < r->poolinfo->poolwords; i += 16)
1916 + sha_transform(hash.w, (__u8 *)(r->pool + i), workspace);
1917 @@ -966,27 +1070,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
1918 hash.w[1] ^= hash.w[4];
1919 hash.w[2] ^= rol32(hash.w[2], 16);
1920 @@ -40838,9 +40856,27 @@ index c706a7b..2cc7511 100644
1921 "md/raid1:%s: read error corrected "
1922 "(%d sectors at %llu on %s)\n",
1923 diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
1924 -index 8bba438..f065cc3 100644
1925 +index 8bba438..a579e8c 100644
1926 --- a/drivers/md/raid10.c
1927 +++ b/drivers/md/raid10.c
1928 +@@ -997,7 +997,7 @@ read_again:
1929 + /* Could not read all from this device, so we will
1930 + * need another r10_bio.
1931 + */
1932 +- sectors_handled = (r10_bio->sectors + max_sectors
1933 ++ sectors_handled = (r10_bio->sector + max_sectors
1934 + - bio->bi_sector);
1935 + r10_bio->sectors = max_sectors;
1936 + spin_lock_irq(&conf->device_lock);
1937 +@@ -1005,7 +1005,7 @@ read_again:
1938 + bio->bi_phys_segments = 2;
1939 + else
1940 + bio->bi_phys_segments++;
1941 +- spin_unlock(&conf->device_lock);
1942 ++ spin_unlock_irq(&conf->device_lock);
1943 + /* Cannot call generic_make_request directly
1944 + * as that will be queued in __generic_make_request
1945 + * and subsequent mempool_alloc might block
1946 @@ -1465,7 +1465,7 @@ static void end_sync_read(struct bio *bio, int error)
1947 /* The write handler will notice the lack of
1948 * R10BIO_Uptodate and record any errors etc
1949 @@ -40900,6 +40936,28 @@ index 8bba438..f065cc3 100644
1950 }
1951
1952 rdev_dec_pending(rdev, mddev);
1953 +@@ -2563,10 +2563,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
1954 + if (j == conf->copies) {
1955 + /* Cannot recover, so abort the recovery or
1956 + * record a bad block */
1957 +- put_buf(r10_bio);
1958 +- if (rb2)
1959 +- atomic_dec(&rb2->remaining);
1960 +- r10_bio = rb2;
1961 + if (any_working) {
1962 + /* problem is that there are bad blocks
1963 + * on other device(s)
1964 +@@ -2590,6 +2586,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr,
1965 + conf->mirrors[i].recovery_disabled
1966 + = mddev->recovery_disabled;
1967 + }
1968 ++ put_buf(r10_bio);
1969 ++ if (rb2)
1970 ++ atomic_dec(&rb2->remaining);
1971 ++ r10_bio = rb2;
1972 + break;
1973 + }
1974 + }
1975 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
1976 index 26ef63a..bd587cd 100644
1977 --- a/drivers/md/raid5.c
1978 @@ -42829,6 +42887,18 @@ index a4a3516..3b3a7e0 100644
1979 s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16;
1980 return 0;
1981
1982 +diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c
1983 +index 96a98d2..e4260ab 100644
1984 +--- a/drivers/net/hamradio/yam.c
1985 ++++ b/drivers/net/hamradio/yam.c
1986 +@@ -1060,6 +1060,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
1987 + break;
1988 +
1989 + case SIOCYAMGCFG:
1990 ++ memset(&yi, 0, sizeof(yi));
1991 + yi.cfg.mask = 0xffffffff;
1992 + yi.cfg.iobase = yp->iobase;
1993 + yi.cfg.irq = yp->irq;
1994 diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
1995 index d0893e4..14b0d44 100644
1996 --- a/drivers/net/loopback.c
1997 @@ -51597,7 +51667,7 @@ index a6395bd..f1e376a 100644
1998 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
1999 #ifdef __alpha__
2000 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
2001 -index 8dd615c..cb7cd01 100644
2002 +index 8dd615c..52ad259 100644
2003 --- a/fs/binfmt_elf.c
2004 +++ b/fs/binfmt_elf.c
2005 @@ -32,6 +32,7 @@
2006 @@ -51770,7 +51840,7 @@ index 8dd615c..cb7cd01 100644
2007 }
2008
2009 error = load_addr;
2010 -@@ -528,6 +559,315 @@ out:
2011 +@@ -528,6 +559,336 @@ out:
2012 return error;
2013 }
2014
2015 @@ -51911,12 +51981,48 @@ index 8dd615c..cb7cd01 100644
2016 +#endif
2017 +
2018 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
2019 -+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
2020 ++static unsigned long pax_parse_defaults(void)
2021 +{
2022 + unsigned long pax_flags = 0UL;
2023 +
2024 ++#ifdef CONFIG_PAX_SOFTMODE
2025 ++ if (pax_softmode)
2026 ++ return pax_flags;
2027 ++#endif
2028 ++
2029 ++#ifdef CONFIG_PAX_PAGEEXEC
2030 ++ pax_flags |= MF_PAX_PAGEEXEC;
2031 ++#endif
2032 ++
2033 ++#ifdef CONFIG_PAX_SEGMEXEC
2034 ++ pax_flags |= MF_PAX_SEGMEXEC;
2035 ++#endif
2036 ++
2037 ++#ifdef CONFIG_PAX_MPROTECT
2038 ++ pax_flags |= MF_PAX_MPROTECT;
2039 ++#endif
2040 ++
2041 ++#ifdef CONFIG_PAX_RANDMMAP
2042 ++ if (randomize_va_space)
2043 ++ pax_flags |= MF_PAX_RANDMMAP;
2044 ++#endif
2045 ++
2046 ++ return pax_flags;
2047 ++}
2048 ++
2049 ++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
2050 ++{
2051 ++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK;
2052 ++
2053 +#ifdef CONFIG_PAX_EI_PAX
2054 +
2055 ++#ifdef CONFIG_PAX_SOFTMODE
2056 ++ if (pax_softmode)
2057 ++ return pax_flags;
2058 ++#endif
2059 ++
2060 ++ pax_flags = 0UL;
2061 ++
2062 +#ifdef CONFIG_PAX_PAGEEXEC
2063 + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
2064 + pax_flags |= MF_PAX_PAGEEXEC;
2065 @@ -51942,28 +52048,10 @@ index 8dd615c..cb7cd01 100644
2066 + pax_flags |= MF_PAX_RANDMMAP;
2067 +#endif
2068 +
2069 -+#else
2070 -+
2071 -+#ifdef CONFIG_PAX_PAGEEXEC
2072 -+ pax_flags |= MF_PAX_PAGEEXEC;
2073 -+#endif
2074 -+
2075 -+#ifdef CONFIG_PAX_SEGMEXEC
2076 -+ pax_flags |= MF_PAX_SEGMEXEC;
2077 -+#endif
2078 -+
2079 -+#ifdef CONFIG_PAX_MPROTECT
2080 -+ pax_flags |= MF_PAX_MPROTECT;
2081 -+#endif
2082 -+
2083 -+#ifdef CONFIG_PAX_RANDMMAP
2084 -+ if (randomize_va_space)
2085 -+ pax_flags |= MF_PAX_RANDMMAP;
2086 -+#endif
2087 -+
2088 +#endif
2089 +
2090 + return pax_flags;
2091 ++
2092 +}
2093 +
2094 +static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
2095 @@ -51979,7 +52067,7 @@ index 8dd615c..cb7cd01 100644
2096 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
2097 + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
2098 + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
2099 -+ return ~0UL;
2100 ++ return PAX_PARSE_FLAGS_FALLBACK;
2101 +
2102 +#ifdef CONFIG_PAX_SOFTMODE
2103 + if (pax_softmode)
2104 @@ -51992,7 +52080,7 @@ index 8dd615c..cb7cd01 100644
2105 + }
2106 +#endif
2107 +
2108 -+ return ~0UL;
2109 ++ return PAX_PARSE_FLAGS_FALLBACK;
2110 +}
2111 +
2112 +static unsigned long pax_parse_xattr_pax(struct file * const file)
2113 @@ -52004,23 +52092,23 @@ index 8dd615c..cb7cd01 100644
2114 + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
2115 +
2116 + xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
2117 -+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value)
2118 -+ return ~0UL;
2119 ++ if (xattr_size < 0 || xattr_size > sizeof xattr_value)
2120 ++ return PAX_PARSE_FLAGS_FALLBACK;
2121 +
2122 + for (i = 0; i < xattr_size; i++)
2123 + switch (xattr_value[i]) {
2124 + default:
2125 -+ return ~0UL;
2126 ++ return PAX_PARSE_FLAGS_FALLBACK;
2127 +
2128 +#define parse_flag(option1, option2, flag) \
2129 + case option1: \
2130 + if (pax_flags_hardmode & MF_PAX_##flag) \
2131 -+ return ~0UL; \
2132 ++ return PAX_PARSE_FLAGS_FALLBACK;\
2133 + pax_flags_hardmode |= MF_PAX_##flag; \
2134 + break; \
2135 + case option2: \
2136 + if (pax_flags_softmode & MF_PAX_##flag) \
2137 -+ return ~0UL; \
2138 ++ return PAX_PARSE_FLAGS_FALLBACK;\
2139 + pax_flags_softmode |= MF_PAX_##flag; \
2140 + break;
2141 +
2142 @@ -52034,7 +52122,7 @@ index 8dd615c..cb7cd01 100644
2143 + }
2144 +
2145 + if (pax_flags_hardmode & pax_flags_softmode)
2146 -+ return ~0UL;
2147 ++ return PAX_PARSE_FLAGS_FALLBACK;
2148 +
2149 +#ifdef CONFIG_PAX_SOFTMODE
2150 + if (pax_softmode)
2151 @@ -52044,27 +52132,30 @@ index 8dd615c..cb7cd01 100644
2152 +
2153 + return pax_parse_xattr_pax_hardmode(pax_flags_hardmode);
2154 +#else
2155 -+ return ~0UL;
2156 ++ return PAX_PARSE_FLAGS_FALLBACK;
2157 +#endif
2158 +
2159 +}
2160 +
2161 +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file)
2162 +{
2163 -+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags;
2164 ++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags;
2165 +
2166 -+ pax_flags = pax_parse_ei_pax(elf_ex);
2167 ++ pax_flags = pax_parse_defaults();
2168 ++ ei_pax_flags = pax_parse_ei_pax(elf_ex);
2169 + pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata);
2170 + xattr_pax_flags = pax_parse_xattr_pax(file);
2171 +
2172 -+ if (pt_pax_flags == ~0UL)
2173 -+ pt_pax_flags = xattr_pax_flags;
2174 -+ else if (xattr_pax_flags == ~0UL)
2175 -+ xattr_pax_flags = pt_pax_flags;
2176 -+ if (pt_pax_flags != xattr_pax_flags)
2177 ++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
2178 ++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK &&
2179 ++ pt_pax_flags != xattr_pax_flags)
2180 + return -EINVAL;
2181 -+ if (pt_pax_flags != ~0UL)
2182 ++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
2183 ++ pax_flags = xattr_pax_flags;
2184 ++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
2185 + pax_flags = pt_pax_flags;
2186 ++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK)
2187 ++ pax_flags = ei_pax_flags;
2188 +
2189 +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
2190 + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
2191 @@ -52086,7 +52177,7 @@ index 8dd615c..cb7cd01 100644
2192 /*
2193 * These are the functions used to load ELF style executables and shared
2194 * libraries. There is no binary dependent code anywhere else.
2195 -@@ -544,6 +884,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
2196 +@@ -544,6 +905,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
2197 {
2198 unsigned int random_variable = 0;
2199
2200 @@ -52098,7 +52189,7 @@ index 8dd615c..cb7cd01 100644
2201 if ((current->flags & PF_RANDOMIZE) &&
2202 !(current->personality & ADDR_NO_RANDOMIZE)) {
2203 random_variable = get_random_int() & STACK_RND_MASK;
2204 -@@ -562,7 +907,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2205 +@@ -562,7 +928,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2206 unsigned long load_addr = 0, load_bias = 0;
2207 int load_addr_set = 0;
2208 char * elf_interpreter = NULL;
2209 @@ -52107,7 +52198,7 @@ index 8dd615c..cb7cd01 100644
2210 struct elf_phdr *elf_ppnt, *elf_phdata;
2211 unsigned long elf_bss, elf_brk;
2212 int retval, i;
2213 -@@ -572,11 +917,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2214 +@@ -572,11 +938,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2215 unsigned long start_code, end_code, start_data, end_data;
2216 unsigned long reloc_func_desc __maybe_unused = 0;
2217 int executable_stack = EXSTACK_DEFAULT;
2218 @@ -52120,7 +52211,7 @@ index 8dd615c..cb7cd01 100644
2219
2220 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
2221 if (!loc) {
2222 -@@ -713,11 +1058,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2223 +@@ -713,11 +1079,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2224
2225 /* OK, This is the point of no return */
2226 current->flags &= ~PF_FORKNOEXEC;
2227 @@ -52204,7 +52295,7 @@ index 8dd615c..cb7cd01 100644
2228 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
2229 current->personality |= READ_IMPLIES_EXEC;
2230
2231 -@@ -808,6 +1224,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2232 +@@ -808,6 +1245,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2233 #else
2234 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
2235 #endif
2236 @@ -52225,7 +52316,7 @@ index 8dd615c..cb7cd01 100644
2237 }
2238
2239 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
2240 -@@ -840,9 +1270,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2241 +@@ -840,9 +1291,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2242 * allowed task size. Note that p_filesz must always be
2243 * <= p_memsz so it is only necessary to check p_memsz.
2244 */
2245 @@ -52238,7 +52329,7 @@ index 8dd615c..cb7cd01 100644
2246 /* set_brk can never work. Avoid overflows. */
2247 send_sig(SIGKILL, current, 0);
2248 retval = -EINVAL;
2249 -@@ -881,17 +1311,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2250 +@@ -881,17 +1332,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
2251 goto out_free_dentry;
2252 }
2253 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
2254 @@ -52289,7 +52380,7 @@ index 8dd615c..cb7cd01 100644
2255 load_bias);
2256 if (!IS_ERR((void *)elf_entry)) {
2257 /*
2258 -@@ -1098,7 +1555,7 @@ out:
2259 +@@ -1098,7 +1576,7 @@ out:
2260 * Decide what to dump of a segment, part, all or none.
2261 */
2262 static unsigned long vma_dump_size(struct vm_area_struct *vma,
2263 @@ -52298,7 +52389,7 @@ index 8dd615c..cb7cd01 100644
2264 {
2265 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
2266
2267 -@@ -1132,7 +1589,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
2268 +@@ -1132,7 +1610,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
2269 if (vma->vm_file == NULL)
2270 return 0;
2271
2272 @@ -52307,7 +52398,7 @@ index 8dd615c..cb7cd01 100644
2273 goto whole;
2274
2275 /*
2276 -@@ -1354,9 +1811,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
2277 +@@ -1354,9 +1832,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
2278 {
2279 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
2280 int i = 0;
2281 @@ -52319,7 +52410,7 @@ index 8dd615c..cb7cd01 100644
2282 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
2283 }
2284
2285 -@@ -1851,14 +2308,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2286 +@@ -1851,14 +2329,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2287 }
2288
2289 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
2290 @@ -52336,7 +52427,7 @@ index 8dd615c..cb7cd01 100644
2291 return size;
2292 }
2293
2294 -@@ -1952,7 +2409,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2295 +@@ -1952,7 +2430,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2296
2297 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2298
2299 @@ -52345,7 +52436,7 @@ index 8dd615c..cb7cd01 100644
2300 offset += elf_core_extra_data_size();
2301 e_shoff = offset;
2302
2303 -@@ -1966,10 +2423,12 @@ static int elf_core_dump(struct coredump_params *cprm)
2304 +@@ -1966,10 +2444,12 @@ static int elf_core_dump(struct coredump_params *cprm)
2305 offset = dataoff;
2306
2307 size += sizeof(*elf);
2308 @@ -52358,7 +52449,7 @@ index 8dd615c..cb7cd01 100644
2309 if (size > cprm->limit
2310 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
2311 goto end_coredump;
2312 -@@ -1983,7 +2442,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2313 +@@ -1983,7 +2463,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2314 phdr.p_offset = offset;
2315 phdr.p_vaddr = vma->vm_start;
2316 phdr.p_paddr = 0;
2317 @@ -52367,7 +52458,7 @@ index 8dd615c..cb7cd01 100644
2318 phdr.p_memsz = vma->vm_end - vma->vm_start;
2319 offset += phdr.p_filesz;
2320 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2321 -@@ -1994,6 +2453,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2322 +@@ -1994,6 +2474,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2323 phdr.p_align = ELF_EXEC_PAGESIZE;
2324
2325 size += sizeof(phdr);
2326 @@ -52375,7 +52466,7 @@ index 8dd615c..cb7cd01 100644
2327 if (size > cprm->limit
2328 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
2329 goto end_coredump;
2330 -@@ -2018,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2331 +@@ -2018,7 +2499,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2332 unsigned long addr;
2333 unsigned long end;
2334
2335 @@ -52384,7 +52475,7 @@ index 8dd615c..cb7cd01 100644
2336
2337 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2338 struct page *page;
2339 -@@ -2027,6 +2487,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2340 +@@ -2027,6 +2508,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2341 page = get_dump_page(addr);
2342 if (page) {
2343 void *kaddr = kmap(page);
2344 @@ -52392,7 +52483,7 @@ index 8dd615c..cb7cd01 100644
2345 stop = ((size += PAGE_SIZE) > cprm->limit) ||
2346 !dump_write(cprm->file, kaddr,
2347 PAGE_SIZE);
2348 -@@ -2044,6 +2505,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2349 +@@ -2044,6 +2526,7 @@ static int elf_core_dump(struct coredump_params *cprm)
2350
2351 if (e_phnum == PN_XNUM) {
2352 size += sizeof(*shdr4extnum);
2353 @@ -52400,7 +52491,7 @@ index 8dd615c..cb7cd01 100644
2354 if (size > cprm->limit
2355 || !dump_write(cprm->file, shdr4extnum,
2356 sizeof(*shdr4extnum)))
2357 -@@ -2064,6 +2526,167 @@ out:
2358 +@@ -2064,6 +2547,167 @@ out:
2359
2360 #endif /* CONFIG_ELF_CORE */
2361
2362 @@ -58300,6 +58391,34 @@ index 6a66fc0..cfdadae 100644
2363 set_fs(oldfs);
2364
2365 if (host_err < 0)
2366 +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c
2367 +index 233d3ed..3ceaced 100644
2368 +--- a/fs/nilfs2/segment.c
2369 ++++ b/fs/nilfs2/segment.c
2370 +@@ -1437,17 +1437,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci,
2371 +
2372 + nilfs_clear_logs(&sci->sc_segbufs);
2373 +
2374 +- err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
2375 +- if (unlikely(err))
2376 +- return err;
2377 +-
2378 + if (sci->sc_stage.flags & NILFS_CF_SUFREED) {
2379 + err = nilfs_sufile_cancel_freev(nilfs->ns_sufile,
2380 + sci->sc_freesegs,
2381 + sci->sc_nfreesegs,
2382 + NULL);
2383 + WARN_ON(err); /* do not happen */
2384 ++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED;
2385 + }
2386 ++
2387 ++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd);
2388 ++ if (unlikely(err))
2389 ++ return err;
2390 ++
2391 + nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA);
2392 + sci->sc_stage = prev_stage;
2393 + }
2394 diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c
2395 index 97bfbdd..e7f644a 100644
2396 --- a/fs/nilfs2/super.c
2397 @@ -77627,7 +77746,7 @@ index 2148b12..519b820 100644
2398
2399 static inline void anon_vma_merge(struct vm_area_struct *vma,
2400 diff --git a/include/linux/sched.h b/include/linux/sched.h
2401 -index 312d047..dbf4637 100644
2402 +index 312d047..a4bff08 100644
2403 --- a/include/linux/sched.h
2404 +++ b/include/linux/sched.h
2405 @@ -101,6 +101,7 @@ struct bio_list;
2406 @@ -77828,7 +77947,7 @@ index 312d047..dbf4637 100644
2407 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
2408 /* Index of current stored address in ret_stack */
2409 int curr_ret_stack;
2410 -@@ -1582,6 +1652,52 @@ struct task_struct {
2411 +@@ -1582,6 +1652,53 @@ struct task_struct {
2412 #endif
2413 };
2414
2415 @@ -77844,6 +77963,7 @@ index 312d047..dbf4637 100644
2416 +#endif
2417 +
2418 +extern int pax_check_flags(unsigned long *);
2419 ++#define PAX_PARSE_FLAGS_FALLBACK (~0UL)
2420 +
2421 +/* if tsk != current then task_lock must be held on it */
2422 +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
2423 @@ -77881,7 +78001,7 @@ index 312d047..dbf4637 100644
2424 /* Future-safe accessor for struct task_struct's cpus_allowed. */
2425 #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
2426
2427 -@@ -2097,7 +2213,9 @@ void yield(void);
2428 +@@ -2097,7 +2214,9 @@ void yield(void);
2429 extern struct exec_domain default_exec_domain;
2430
2431 union thread_union {
2432 @@ -77891,7 +78011,7 @@ index 312d047..dbf4637 100644
2433 unsigned long stack[THREAD_SIZE/sizeof(long)];
2434 };
2435
2436 -@@ -2130,6 +2248,7 @@ extern struct pid_namespace init_pid_ns;
2437 +@@ -2130,6 +2249,7 @@ extern struct pid_namespace init_pid_ns;
2438 */
2439
2440 extern struct task_struct *find_task_by_vpid(pid_t nr);
2441 @@ -77899,7 +78019,7 @@ index 312d047..dbf4637 100644
2442 extern struct task_struct *find_task_by_pid_ns(pid_t nr,
2443 struct pid_namespace *ns);
2444
2445 -@@ -2251,6 +2370,12 @@ static inline void mmdrop(struct mm_struct * mm)
2446 +@@ -2251,6 +2371,12 @@ static inline void mmdrop(struct mm_struct * mm)
2447 extern void mmput(struct mm_struct *);
2448 /* Grab a reference to a task's mm, if it is not already going away */
2449 extern struct mm_struct *get_task_mm(struct task_struct *task);
2450 @@ -77912,7 +78032,7 @@ index 312d047..dbf4637 100644
2451 /* Remove the current tasks stale references to the old mm_struct */
2452 extern void mm_release(struct task_struct *, struct mm_struct *);
2453 /* Allocate a new mm structure and copy contents from tsk->mm */
2454 -@@ -2267,9 +2392,8 @@ extern void __cleanup_sighand(struct sighand_struct *);
2455 +@@ -2267,9 +2393,8 @@ extern void __cleanup_sighand(struct sighand_struct *);
2456 extern void exit_itimers(struct signal_struct *);
2457 extern void flush_itimer_signals(void);
2458
2459 @@ -77923,7 +78043,7 @@ index 312d047..dbf4637 100644
2460 extern int allow_signal(int);
2461 extern int disallow_signal(int);
2462
2463 -@@ -2432,9 +2556,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
2464 +@@ -2432,9 +2557,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
2465
2466 #endif
2467
2468 @@ -78680,23 +78800,19 @@ index 27b3b0b..e093dd9 100644
2469 extern void register_syscore_ops(struct syscore_ops *ops);
2470 extern void unregister_syscore_ops(struct syscore_ops *ops);
2471 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
2472 -index 703cfa33..dff53c0 100644
2473 +index 703cfa33..04ef3d7 100644
2474 --- a/include/linux/sysctl.h
2475 +++ b/include/linux/sysctl.h
2476 -@@ -155,7 +155,11 @@ enum
2477 +@@ -155,8 +155,6 @@ enum
2478 KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
2479 };
2480
2481 -
2482 -+#ifdef CONFIG_PAX_SOFTMODE
2483 -+enum {
2484 -+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */
2485 -+};
2486 -+#endif
2487 -
2488 +-
2489 /* CTL_VM names: */
2490 enum
2491 -@@ -961,13 +965,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev);
2492 + {
2493 +@@ -961,13 +959,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev);
2494 extern int sysctl_perm(struct ctl_table_root *root,
2495 struct ctl_table *table, int op);
2496
2497 @@ -78712,7 +78828,7 @@ index 703cfa33..dff53c0 100644
2498 extern int proc_dointvec(struct ctl_table *, int,
2499 void __user *, size_t *, loff_t *);
2500 extern int proc_dointvec_minmax(struct ctl_table *, int,
2501 -@@ -1045,7 +1049,9 @@ struct ctl_table
2502 +@@ -1045,7 +1043,9 @@ struct ctl_table
2503 struct ctl_table_poll *poll;
2504 void *extra1;
2505 void *extra2;
2506 @@ -96334,10 +96450,25 @@ index 99ec116..c5628fe 100644
2507 return res;
2508 }
2509 diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
2510 -index b5e64e4..4a9a5c4 100644
2511 +index b5e64e4..69801fa 100644
2512 --- a/net/ipv4/ipmr.c
2513 +++ b/net/ipv4/ipmr.c
2514 -@@ -1320,6 +1320,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
2515 +@@ -155,9 +155,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id)
2516 + static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4,
2517 + struct mr_table **mrt)
2518 + {
2519 ++ int err;
2520 + struct ipmr_result res;
2521 +- struct fib_lookup_arg arg = { .result = &res, };
2522 +- int err;
2523 ++ struct fib_lookup_arg arg = {
2524 ++ .result = &res,
2525 ++ .flags = FIB_LOOKUP_NOREF,
2526 ++ };
2527 +
2528 + err = fib_rules_lookup(net->ipv4.mr_rules_ops,
2529 + flowi4_to_flowi(flp4), 0, &arg);
2530 +@@ -1320,6 +1323,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi
2531 if (get_user(v, (u32 __user *)optval))
2532 return -EFAULT;
2533
2534 @@ -97327,6 +97458,25 @@ index d3fde7e..f526e49 100644
2535 }
2536
2537 int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
2538 +diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
2539 +index f5af259..f96c96f 100644
2540 +--- a/net/ipv6/ip6mr.c
2541 ++++ b/net/ipv6/ip6mr.c
2542 +@@ -139,9 +139,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id)
2543 + static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6,
2544 + struct mr6_table **mrt)
2545 + {
2546 ++ int err;
2547 + struct ip6mr_result res;
2548 +- struct fib_lookup_arg arg = { .result = &res, };
2549 +- int err;
2550 ++ struct fib_lookup_arg arg = {
2551 ++ .result = &res,
2552 ++ .flags = FIB_LOOKUP_NOREF,
2553 ++ };
2554 +
2555 + err = fib_rules_lookup(net->ipv6.mr6_rules_ops,
2556 + flowi6_to_flowi(flp6), 0, &arg);
2557 diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
2558 index b204df8..8f274f4 100644
2559 --- a/net/ipv6/ipv6_sockglue.c
2560 @@ -99821,7 +99971,7 @@ index 8da4481..d02565e 100644
2561 + (rtt >> sctp_rto_alpha);
2562 } else {
2563 diff --git a/net/socket.c b/net/socket.c
2564 -index d4faade..2492841 100644
2565 +index d4faade..ab65211 100644
2566 --- a/net/socket.c
2567 +++ b/net/socket.c
2568 @@ -88,6 +88,7 @@
2569 @@ -99996,15 +100146,6 @@ index d4faade..2492841 100644
2570 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
2571 unsigned, flags, struct sockaddr __user *, addr,
2572 int, addr_len)
2573 -@@ -1737,7 +1803,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2574 - struct socket *sock;
2575 - struct iovec iov;
2576 - struct msghdr msg;
2577 -- struct sockaddr_storage address;
2578 -+ struct sockaddr_storage address = { };
2579 - int err, err2;
2580 - int fput_needed;
2581 -
2582 @@ -1966,7 +2032,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
2583 * checking falls down on this.
2584 */
2585 @@ -100014,15 +100155,6 @@ index d4faade..2492841 100644
2586 ctl_len))
2587 goto out_freectl;
2588 msg_sys->msg_control = ctl_buf;
2589 -@@ -2117,7 +2183,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2590 - int err, iov_size, total_len, len;
2591 -
2592 - /* kernel mode address */
2593 -- struct sockaddr_storage addr;
2594 -+ struct sockaddr_storage addr = { };
2595 -
2596 - /* user mode address pointers */
2597 - struct sockaddr __user *uaddr;
2598 @@ -2148,7 +2214,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2599 /* Save the user-mode address (verify_iovec will change the
2600 * kernel msghdr to use the kernel address space)
2601 @@ -104196,7 +104328,7 @@ index dca1c22..4fa4591 100644
2602 lock = &avc_cache.slots_lock[hvalue];
2603
2604 diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
2605 -index 5898f34..f44199b 100644
2606 +index 5898f34..04f8b47 100644
2607 --- a/security/selinux/hooks.c
2608 +++ b/security/selinux/hooks.c
2609 @@ -95,8 +95,6 @@
2610 @@ -104208,7 +104340,41 @@ index 5898f34..f44199b 100644
2611 /* SECMARK reference count */
2612 static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
2613
2614 -@@ -2001,6 +1999,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2615 +@@ -217,6 +215,14 @@ static int inode_alloc_security(struct inode *inode)
2616 + return 0;
2617 + }
2618 +
2619 ++static void inode_free_rcu(struct rcu_head *head)
2620 ++{
2621 ++ struct inode_security_struct *isec;
2622 ++
2623 ++ isec = container_of(head, struct inode_security_struct, rcu);
2624 ++ kmem_cache_free(sel_inode_cache, isec);
2625 ++}
2626 ++
2627 + static void inode_free_security(struct inode *inode)
2628 + {
2629 + struct inode_security_struct *isec = inode->i_security;
2630 +@@ -227,8 +233,16 @@ static void inode_free_security(struct inode *inode)
2631 + list_del_init(&isec->list);
2632 + spin_unlock(&sbsec->isec_lock);
2633 +
2634 +- inode->i_security = NULL;
2635 +- kmem_cache_free(sel_inode_cache, isec);
2636 ++ /*
2637 ++ * The inode may still be referenced in a path walk and
2638 ++ * a call to selinux_inode_permission() can be made
2639 ++ * after inode_free_security() is called. Ideally, the VFS
2640 ++ * wouldn't do this, but fixing that is a much harder
2641 ++ * job. For now, simply free the i_security via RCU, and
2642 ++ * leave the current inode->i_security pointer intact.
2643 ++ * The inode will be freed after the RCU grace period too.
2644 ++ */
2645 ++ call_rcu(&isec->rcu, inode_free_rcu);
2646 + }
2647 +
2648 + static int file_alloc_security(struct file *file)
2649 +@@ -2001,6 +2015,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2650 new_tsec->sid = old_tsec->exec_sid;
2651 /* Reset exec SID on execve. */
2652 new_tsec->exec_sid = 0;
2653 @@ -104222,7 +104388,7 @@ index 5898f34..f44199b 100644
2654 } else {
2655 /* Check for a default transition on this program. */
2656 rc = security_transition_sid(old_tsec->sid, isec->sid,
2657 -@@ -2013,7 +2018,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2658 +@@ -2013,7 +2034,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)
2659 COMMON_AUDIT_DATA_INIT(&ad, PATH);
2660 ad.u.path = bprm->file->f_path;
2661
2662 @@ -104232,7 +104398,7 @@ index 5898f34..f44199b 100644
2663 new_tsec->sid = old_tsec->sid;
2664
2665 if (new_tsec->sid == old_tsec->sid) {
2666 -@@ -4181,8 +4187,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2667 +@@ -4181,8 +4203,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2668 }
2669 err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER,
2670 PEER__RECV, &ad);
2671 @@ -104244,7 +104410,7 @@ index 5898f34..f44199b 100644
2672 }
2673
2674 if (secmark_active) {
2675 -@@ -5372,11 +5380,11 @@ static int selinux_setprocattr(struct task_struct *p,
2676 +@@ -5372,11 +5396,11 @@ static int selinux_setprocattr(struct task_struct *p,
2677 /* Check for ptracing, and update the task SID if ok.
2678 Otherwise, leave SID unchanged and fail. */
2679 ptsid = 0;
2680 @@ -104258,7 +104424,7 @@ index 5898f34..f44199b 100644
2681
2682 if (tracer) {
2683 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
2684 -@@ -5508,7 +5516,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
2685 +@@ -5508,7 +5532,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
2686
2687 #endif
2688
2689 @@ -104267,7 +104433,7 @@ index 5898f34..f44199b 100644
2690 .name = "selinux",
2691
2692 .ptrace_access_check = selinux_ptrace_access_check,
2693 -@@ -5854,6 +5862,9 @@ static void selinux_nf_ip_exit(void)
2694 +@@ -5854,6 +5878,9 @@ static void selinux_nf_ip_exit(void)
2695 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
2696 static int selinux_disabled;
2697
2698 @@ -104277,7 +104443,7 @@ index 5898f34..f44199b 100644
2699 int selinux_disable(void)
2700 {
2701 if (ss_initialized) {
2702 -@@ -5871,7 +5882,9 @@ int selinux_disable(void)
2703 +@@ -5871,7 +5898,9 @@ int selinux_disable(void)
2704 selinux_disabled = 1;
2705 selinux_enabled = 0;
2706
2707 @@ -104288,6 +104454,22 @@ index 5898f34..f44199b 100644
2708
2709 /* Try to destroy the avc node cache */
2710 avc_disable();
2711 +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
2712 +index 26c7eee..7b1830b 100644
2713 +--- a/security/selinux/include/objsec.h
2714 ++++ b/security/selinux/include/objsec.h
2715 +@@ -38,7 +38,10 @@ struct task_security_struct {
2716 +
2717 + struct inode_security_struct {
2718 + struct inode *inode; /* back pointer to inode object */
2719 +- struct list_head list; /* list of inode_security_struct */
2720 ++ union {
2721 ++ struct list_head list; /* list of inode_security_struct */
2722 ++ struct rcu_head rcu; /* for freeing the inode_security_struct */
2723 ++ };
2724 + u32 task_sid; /* SID of creating task */
2725 + u32 sid; /* SID of this object */
2726 + u16 sclass; /* security class of this object */
2727 diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h
2728 index b43813c..74be837 100644
2729 --- a/security/selinux/include/xfrm.h
2730 @@ -105288,10 +105470,10 @@ index 0000000..414fe5e
2731 +}
2732 diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c
2733 new file mode 100644
2734 -index 0000000..3e46b2f
2735 +index 0000000..59bf839
2736 --- /dev/null
2737 +++ b/tools/gcc/constify_plugin.c
2738 -@@ -0,0 +1,559 @@
2739 +@@ -0,0 +1,557 @@
2740 +/*
2741 + * Copyright 2011 by Emese Revfy <re.emese@×××××.com>
2742 + * Copyright 2011-2013 by PaX Team <pageexec@××××××××.hu>
2743 @@ -105338,7 +105520,7 @@ index 0000000..3e46b2f
2744 +int plugin_is_GPL_compatible;
2745 +
2746 +static struct plugin_info const_plugin_info = {
2747 -+ .version = "201401121315",
2748 ++ .version = "201401140130",
2749 + .help = "no-constify\tturn off constification\n",
2750 +};
2751 +
2752 @@ -105464,8 +105646,10 @@ index 0000000..3e46b2f
2753 + }
2754 + TYPE_READONLY(type) = 0;
2755 + C_TYPE_FIELDS_READONLY(type) = 0;
2756 -+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type)))
2757 ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) {
2758 ++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
2759 + TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type));
2760 ++ }
2761 +}
2762 +
2763 +static void deconstify_tree(tree node)
2764 @@ -105558,6 +105742,7 @@ index 0000000..3e46b2f
2765 + TYPE_READONLY(type) = 1;
2766 + C_TYPE_FIELDS_READONLY(type) = 1;
2767 + TYPE_CONSTIFY_VISITED(type) = 1;
2768 ++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type));
2769 +// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type));
2770 +}
2771 +
2772 @@ -105669,7 +105854,7 @@ index 0000000..3e46b2f
2773 + TYPE_CONSTIFY_VISITED(type) = 1;
2774 +}
2775 +
2776 -+static void check_global_variables(void)
2777 ++static void check_global_variables(void *event_data, void *data)
2778 +{
2779 + struct varpool_node *node;
2780 +
2781 @@ -105742,21 +105927,15 @@ index 0000000..3e46b2f
2782 + return ret;
2783 +}
2784 +
2785 -+static unsigned int check_variables(void)
2786 -+{
2787 -+ check_global_variables();
2788 -+ return check_local_variables();
2789 -+}
2790 -+
2791 +static struct gimple_opt_pass pass_local_variable = {
2792 + {
2793 + .type = GIMPLE_PASS,
2794 -+ .name = "check_variables",
2795 ++ .name = "check_local_variables",
2796 +#if BUILDING_GCC_VERSION >= 4008
2797 + .optinfo_flags = OPTGROUP_NONE,
2798 +#endif
2799 + .gate = NULL,
2800 -+ .execute = check_variables,
2801 ++ .execute = check_local_variables,
2802 + .sub = NULL,
2803 + .next = NULL,
2804 + .static_pass_number = 0,
2805 @@ -105843,6 +106022,7 @@ index 0000000..3e46b2f
2806 +
2807 + register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info);
2808 + if (constify) {
2809 ++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL);
2810 + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL);
2811 + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info);
2812 + register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL);
2813 @@ -106950,10 +107130,10 @@ index 0000000..679b9ef
2814 +}
2815 diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
2816 new file mode 100644
2817 -index 0000000..2d131cc
2818 +index 0000000..7b67f2b
2819 --- /dev/null
2820 +++ b/tools/gcc/size_overflow_hash.data
2821 -@@ -0,0 +1,5998 @@
2822 +@@ -0,0 +1,6001 @@
2823 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
2824 +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
2825 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
2826 @@ -107612,6 +107792,7 @@ index 0000000..2d131cc
2827 +ext3_try_to_allocate_7590 ext3_try_to_allocate 3-5-0 7590 NULL
2828 +create_dir_7614 create_dir 0 7614 NULL nohasharray
2829 +groups_alloc_7614 groups_alloc 1 7614 &create_dir_7614
2830 ++cpumask_first_7648 cpumask_first 0 7648 NULL
2831 +set_connectable_7649 set_connectable 4 7649 NULL
2832 +skb_copy_expand_7685 skb_copy_expand 3-2 7685 NULL nohasharray
2833 +acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 1-2 7685 &skb_copy_expand_7685
2834 @@ -109798,6 +109979,7 @@ index 0000000..2d131cc
2835 +lbs_failcount_read_31063 lbs_failcount_read 3 31063 NULL
2836 +find_next_bit_le_31064 find_next_bit_le 0-2-3 31064 NULL
2837 +sys_mincore_31079 sys_mincore 2-1 31079 NULL
2838 ++scb_status_31084 scb_status 0 31084 NULL
2839 +sctp_setsockopt_context_31091 sctp_setsockopt_context 3 31091 NULL
2840 +find_mergeable_31093 find_mergeable 2 31093 NULL
2841 +compat_sys_get_mempolicy_31109 compat_sys_get_mempolicy 3 31109 NULL
2842 @@ -111385,6 +111567,7 @@ index 0000000..2d131cc
2843 +hash_setkey_48310 hash_setkey 3 48310 NULL
2844 +bcm_download_config_file_48313 bcm_download_config_file 0 48313 NULL
2845 +skb_add_data_48363 skb_add_data 3 48363 NULL
2846 ++eexp_start_irq_48364 eexp_start_irq 2 48364 NULL
2847 +iscsi_complete_pdu_48372 iscsi_complete_pdu 4 48372 NULL
2848 +lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL
2849 +snd_power_wait_48422 snd_power_wait 0 48422 NULL
2850 @@ -112954,10 +113137,10 @@ index 0000000..2d131cc
2851 +selnl_msglen_65499 selnl_msglen 0 65499 NULL
2852 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
2853 new file mode 100644
2854 -index 0000000..62a1ae8
2855 +index 0000000..50f8464
2856 --- /dev/null
2857 +++ b/tools/gcc/size_overflow_plugin.c
2858 -@@ -0,0 +1,4050 @@
2859 +@@ -0,0 +1,4072 @@
2860 +/*
2861 + * Copyright 2011, 2012, 2013, 2014 by Emese Revfy <re.emese@×××××.com>
2862 + * Licensed under the GPL v2, or (at your option) v3
2863 @@ -113018,9 +113201,9 @@ index 0000000..62a1ae8
2864 +#define MIN_CHECK true
2865 +#define MAX_CHECK false
2866 +
2867 -+#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t"
2868 -+#define YES_ASM_STR "# size_overflow MARK_YES\n\t"
2869 -+#define OK_ASM_STR "# size_overflow\n\t"
2870 ++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF "
2871 ++#define YES_ASM_STR "# size_overflow MARK_YES "
2872 ++#define OK_ASM_STR "# size_overflow "
2873 +
2874 +#if BUILDING_GCC_VERSION == 4005
2875 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
2876 @@ -113087,7 +113270,7 @@ index 0000000..62a1ae8
2877 +static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3);
2878 +
2879 +static struct plugin_info size_overflow_plugin_info = {
2880 -+ .version = "20140102beta",
2881 ++ .version = "20140111beta",
2882 + .help = "no-size-overflow\tturn off size overflow checking\n",
2883 +};
2884 +
2885 @@ -115177,7 +115360,7 @@ index 0000000..62a1ae8
2886 + str = get_asm_string(stmt);
2887 + if (!str)
2888 + return false;
2889 -+ return !strcmp(str, TURN_OFF_ASM_STR);
2890 ++ return !strncmp(str, TURN_OFF_ASM_STR, sizeof(TURN_OFF_ASM_STR) - 1);
2891 +}
2892 +
2893 +static bool is_size_overflow_intentional_asm_yes(const_gimple stmt)
2894 @@ -115187,7 +115370,7 @@ index 0000000..62a1ae8
2895 + str = get_asm_string(stmt);
2896 + if (!str)
2897 + return false;
2898 -+ return !strcmp(str, YES_ASM_STR);
2899 ++ return !strncmp(str, YES_ASM_STR, sizeof(YES_ASM_STR) - 1);
2900 +}
2901 +
2902 +static bool is_size_overflow_asm(const_gimple stmt)
2903 @@ -115197,7 +115380,7 @@ index 0000000..62a1ae8
2904 + str = get_asm_string(stmt);
2905 + if (!str)
2906 + return false;
2907 -+ return !strncmp(str, "# size_overflow", 15);
2908 ++ return !strncmp(str, OK_ASM_STR, sizeof(OK_ASM_STR) - 1);
2909 +}
2910 +
2911 +static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum)
2912 @@ -116295,9 +116478,8 @@ index 0000000..62a1ae8
2913 +
2914 + switch (cur_fndecl_attr) {
2915 + case MARK_NO:
2916 -+ return MARK_NO;
2917 + case MARK_TURN_OFF:
2918 -+ return MARK_TURN_OFF;
2919 ++ return cur_fndecl_attr;
2920 + default:
2921 + print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum);
2922 + return MARK_YES;
2923 @@ -116437,6 +116619,23 @@ index 0000000..62a1ae8
2924 + update_stmt(stmt);
2925 +}
2926 +
2927 ++static char *create_asm_comment(unsigned int argnum, const_gimple stmt , const char *mark_str)
2928 ++{
2929 ++ const char *fn_name;
2930 ++ char *asm_comment;
2931 ++ unsigned int len;
2932 ++
2933 ++ if (argnum == 0)
2934 ++ fn_name = NAME(current_function_decl);
2935 ++ else
2936 ++ fn_name = NAME(gimple_call_fndecl(stmt));
2937 ++
2938 ++ len = asprintf(&asm_comment, "%s %s %u", mark_str, fn_name, argnum);
2939 ++ gcc_assert(len > 0);
2940 ++
2941 ++ return asm_comment;
2942 ++}
2943 ++
2944 +static const char *convert_mark_to_str(enum mark mark)
2945 +{
2946 + switch (mark) {
2947 @@ -116465,8 +116664,6 @@ index 0000000..62a1ae8
2948 + return;
2949 + }
2950 +
2951 -+ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt));
2952 -+
2953 + asm_data->input = create_new_var(TREE_TYPE(asm_data->output));
2954 + asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt);
2955 +
2956 @@ -116480,16 +116677,20 @@ index 0000000..62a1ae8
2957 + break;
2958 + case GIMPLE_NOP: {
2959 + enum mark mark;
2960 -+ const char *str;
2961 ++ const char *mark_str;
2962 ++ char *asm_comment;
2963 +
2964 + mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum);
2965 -+ str = convert_mark_to_str(mark);
2966 +
2967 + asm_data->input = asm_data->output;
2968 + asm_data->output = NULL;
2969 + asm_data->def_stmt = stmt;
2970 +
2971 -+ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data);
2972 ++ mark_str = convert_mark_to_str(mark);
2973 ++ asm_comment = create_asm_comment(argnum, stmt, mark_str);
2974 ++
2975 ++ create_asm_stmt(asm_comment, build_string(2, "rm"), NULL, asm_data);
2976 ++ free(asm_comment);
2977 + asm_data->input = NULL_TREE;
2978 + break;
2979 + }
2980 @@ -116512,7 +116713,8 @@ index 0000000..62a1ae8
2981 +static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum)
2982 +{
2983 + struct asm_data asm_data;
2984 -+ const char *str;
2985 ++ const char *mark_str;
2986 ++ char *asm_comment;
2987 + enum mark mark;
2988 +
2989 + if (is_gimple_constant(output_node))
2990 @@ -116520,18 +116722,21 @@ index 0000000..62a1ae8
2991 +
2992 + asm_data.output = output_node;
2993 + mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum);
2994 -+ if (mark == MARK_TURN_OFF)
2995 -+ return;
2996 -+
2997 -+ search_missing_size_overflow_attribute_gimple(stmt, argnum);
2998 ++ if (mark != MARK_TURN_OFF)
2999 ++ search_missing_size_overflow_attribute_gimple(stmt, argnum);
3000 +
3001 + asm_data.def_stmt = get_def_stmt(asm_data.output);
3002 ++ if (is_size_overflow_intentional_asm_turn_off(asm_data.def_stmt))
3003 ++ return;
3004 ++
3005 + create_asm_input(stmt, argnum, &asm_data);
3006 + if (asm_data.input == NULL_TREE)
3007 + return;
3008 +
3009 -+ str = convert_mark_to_str(mark);
3010 -+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
3011 ++ mark_str = convert_mark_to_str(mark);
3012 ++ asm_comment = create_asm_comment(argnum, stmt, mark_str);
3013 ++ create_asm_stmt(asm_comment, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
3014 ++ free(asm_comment);
3015 +}
3016 +
3017 +// Insert an asm stmt with "MARK_TURN_OFF", "MARK_YES" or "MARK_NOT_INTENTIONAL".
Report Message
Find on MARC Find on Google Groups