Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.13/, 3.15.7/, 3.14.14/, 3.15.6/, 3.2.61/
Date: Wed, 30 Jul 2014 10:58:39
Message-Id: 1406717948.2513a477f3ea4829fc4aa323d6a0cc4e170978e3.blueness@gentoo
1 commit: 2513a477f3ea4829fc4aa323d6a0cc4e170978e3
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jul 30 10:59:08 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Jul 30 10:59:08 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=2513a477
7
8 Grsec/PaX: 3.0-{3.2.60,3.14.14,3.15.7}-201407282112
9
10 ---
11 {3.14.13 => 3.14.14}/0000_README | 2 +-
12 .../4420_grsecurity-3.0-3.14.14-201407282111.patch | 667 ++++++-------------
13 .../4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 .../4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 .../4470_disable-compat_vdso.patch | 0
21 .../4475_emutramp_default_on.patch | 0
22 {3.15.6 => 3.15.7}/0000_README | 2 +-
23 .../4420_grsecurity-3.0-3.15.7-201407282112.patch | 741 ++++++---------------
24 {3.15.6 => 3.15.7}/4425_grsec_remove_EI_PAX.patch | 0
25 .../4427_force_XATTR_PAX_tmpfs.patch | 0
26 .../4430_grsec-remove-localversion-grsec.patch | 0
27 {3.15.6 => 3.15.7}/4435_grsec-mute-warnings.patch | 0
28 .../4440_grsec-remove-protected-paths.patch | 0
29 .../4450_grsec-kconfig-default-gids.patch | 0
30 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
31 {3.15.6 => 3.15.7}/4470_disable-compat_vdso.patch | 0
32 {3.15.6 => 3.15.7}/4475_emutramp_default_on.patch | 0
33 3.2.61/0000_README | 2 +-
34 ... 4420_grsecurity-3.0-3.2.61-201407280723.patch} | 140 ++--
35 24 files changed, 473 insertions(+), 1081 deletions(-)
36
37 diff --git a/3.14.13/0000_README b/3.14.14/0000_README
38 similarity index 96%
39 rename from 3.14.13/0000_README
40 rename to 3.14.14/0000_README
41 index ed0d890..2765c33 100644
42 --- a/3.14.13/0000_README
43 +++ b/3.14.14/0000_README
44 @@ -2,7 +2,7 @@ README
45 -----------------------------------------------------------------------------
46 Individual Patch Descriptions:
47 -----------------------------------------------------------------------------
48 -Patch: 4420_grsecurity-3.0-3.14.13-201407232159.patch
49 +Patch: 4420_grsecurity-3.0-3.14.14-201407282111.patch
50 From: http://www.grsecurity.net
51 Desc: hardened-sources base patch from upstream grsecurity
52
53
54 diff --git a/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch b/3.14.14/4420_grsecurity-3.0-3.14.14-201407282111.patch
55 similarity index 99%
56 rename from 3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch
57 rename to 3.14.14/4420_grsecurity-3.0-3.14.14-201407282111.patch
58 index 81dff0f..f2197e0 100644
59 --- a/3.14.13/4420_grsecurity-3.0-3.14.13-201407232159.patch
60 +++ b/3.14.14/4420_grsecurity-3.0-3.14.14-201407282111.patch
61 @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644
62
63 pcd. [PARIDE]
64 diff --git a/Makefile b/Makefile
65 -index 7a2981c..9fadd78 100644
66 +index 230c7f6..64a1278 100644
67 --- a/Makefile
68 +++ b/Makefile
69 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
70 @@ -386,7 +386,16 @@ index 7a2981c..9fadd78 100644
71 include $(srctree)/arch/$(SRCARCH)/Makefile
72
73 ifdef CONFIG_READABLE_ASM
74 -@@ -779,7 +846,7 @@ export mod_sign_cmd
75 +@@ -639,6 +706,8 @@ KBUILD_CFLAGS += -fomit-frame-pointer
76 + endif
77 + endif
78 +
79 ++KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments)
80 ++
81 + ifdef CONFIG_DEBUG_INFO
82 + KBUILD_CFLAGS += -g
83 + KBUILD_AFLAGS += -Wa,--gdwarf-2
84 +@@ -779,7 +848,7 @@ export mod_sign_cmd
85
86
87 ifeq ($(KBUILD_EXTMOD),)
88 @@ -395,7 +404,7 @@ index 7a2981c..9fadd78 100644
89
90 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
91 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
92 -@@ -828,6 +895,8 @@ endif
93 +@@ -828,6 +897,8 @@ endif
94
95 # The actual objects are generated when descending,
96 # make sure no implicit rule kicks in
97 @@ -404,7 +413,7 @@ index 7a2981c..9fadd78 100644
98 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
99
100 # Handle descending into subdirectories listed in $(vmlinux-dirs)
101 -@@ -837,7 +906,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
102 +@@ -837,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
103 # Error messages still appears in the original language
104
105 PHONY += $(vmlinux-dirs)
106 @@ -413,7 +422,7 @@ index 7a2981c..9fadd78 100644
107 $(Q)$(MAKE) $(build)=$@
108
109 define filechk_kernel.release
110 -@@ -880,10 +949,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
111 +@@ -880,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
112
113 archprepare: archheaders archscripts prepare1 scripts_basic
114
115 @@ -427,7 +436,7 @@ index 7a2981c..9fadd78 100644
116 prepare: prepare0
117
118 # Generate some files
119 -@@ -991,6 +1063,8 @@ all: modules
120 +@@ -991,6 +1065,8 @@ all: modules
121 # using awk while concatenating to the final file.
122
123 PHONY += modules
124 @@ -436,7 +445,7 @@ index 7a2981c..9fadd78 100644
125 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
126 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
127 @$(kecho) ' Building modules, stage 2.';
128 -@@ -1006,7 +1080,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
129 +@@ -1006,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
130
131 # Target to prepare building external modules
132 PHONY += modules_prepare
133 @@ -445,7 +454,7 @@ index 7a2981c..9fadd78 100644
134
135 # Target to install modules
136 PHONY += modules_install
137 -@@ -1072,7 +1146,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
138 +@@ -1072,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
139 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
140 signing_key.priv signing_key.x509 x509.genkey \
141 extra_certificates signing_key.x509.keyid \
142 @@ -457,7 +466,7 @@ index 7a2981c..9fadd78 100644
143
144 # clean - Delete most, but leave enough to build external modules
145 #
146 -@@ -1111,7 +1188,7 @@ distclean: mrproper
147 +@@ -1111,7 +1190,7 @@ distclean: mrproper
148 @find $(srctree) $(RCS_FIND_IGNORE) \
149 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
150 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
151 @@ -466,7 +475,7 @@ index 7a2981c..9fadd78 100644
152 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
153 -type f -print | xargs rm -f
154
155 -@@ -1273,6 +1350,8 @@ PHONY += $(module-dirs) modules
156 +@@ -1273,6 +1352,8 @@ PHONY += $(module-dirs) modules
157 $(module-dirs): crmodverdir $(objtree)/Module.symvers
158 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
159
160 @@ -475,7 +484,7 @@ index 7a2981c..9fadd78 100644
161 modules: $(module-dirs)
162 @$(kecho) ' Building modules, stage 2.';
163 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
164 -@@ -1412,17 +1491,21 @@ else
165 +@@ -1412,17 +1493,21 @@ else
166 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
167 endif
168
169 @@ -501,7 +510,7 @@ index 7a2981c..9fadd78 100644
170 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
171 %.symtypes: %.c prepare scripts FORCE
172 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
173 -@@ -1432,11 +1515,15 @@ endif
174 +@@ -1432,11 +1517,15 @@ endif
175 $(cmd_crmodverdir)
176 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
177 $(build)=$(build-dir)
178 @@ -852,10 +861,10 @@ index 98838a0..b304fb4 100644
179 /* Allow reads even for write-only mappings */
180 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
181 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
182 -index 44298ad..29a20c0 100644
183 +index 4733d32..b142a40 100644
184 --- a/arch/arm/Kconfig
185 +++ b/arch/arm/Kconfig
186 -@@ -1862,7 +1862,7 @@ config ALIGNMENT_TRAP
187 +@@ -1863,7 +1863,7 @@ config ALIGNMENT_TRAP
188
189 config UACCESS_WITH_MEMCPY
190 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
191 @@ -864,7 +873,7 @@ index 44298ad..29a20c0 100644
192 default y if CPU_FEROCEON
193 help
194 Implement faster copy_to_user and clear_user methods for CPU
195 -@@ -2125,6 +2125,7 @@ config XIP_PHYS_ADDR
196 +@@ -2126,6 +2126,7 @@ config XIP_PHYS_ADDR
197 config KEXEC
198 bool "Kexec system call (EXPERIMENTAL)"
199 depends on (!SMP || PM_SLEEP_SMP)
200 @@ -7960,10 +7969,10 @@ index d72197f..c017c84 100644
201 /*
202 * If for any reason at all we couldn't handle the fault, make
203 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
204 -index 2156fa2..cc28613 100644
205 +index ee3c660..afa4212 100644
206 --- a/arch/powerpc/Kconfig
207 +++ b/arch/powerpc/Kconfig
208 -@@ -393,6 +393,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
209 +@@ -394,6 +394,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
210 config KEXEC
211 bool "kexec system call"
212 depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP))
213 @@ -12643,7 +12652,7 @@ index ad8f795..2c7eec6 100644
214 /*
215 * Memory returned by kmalloc() may be used for DMA, so we must make
216 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
217 -index 1981dd9..8f3ff4d 100644
218 +index 7324107..a63fd9f 100644
219 --- a/arch/x86/Kconfig
220 +++ b/arch/x86/Kconfig
221 @@ -126,7 +126,7 @@ config X86
222 @@ -12652,10 +12661,10 @@ index 1981dd9..8f3ff4d 100644
223 select HAVE_IRQ_EXIT_ON_IRQ_STACK if X86_64
224 - select HAVE_CC_STACKPROTECTOR
225 + select HAVE_CC_STACKPROTECTOR if X86_64 || !PAX_MEMORY_UDEREF
226 + select ARCH_SUPPORTS_ATOMIC_RMW
227
228 config INSTRUCTION_DECODER
229 - def_bool y
230 -@@ -251,7 +251,7 @@ config X86_HT
231 +@@ -252,7 +252,7 @@ config X86_HT
232
233 config X86_32_LAZY_GS
234 def_bool y
235 @@ -12664,7 +12673,7 @@ index 1981dd9..8f3ff4d 100644
236
237 config ARCH_HWEIGHT_CFLAGS
238 string
239 -@@ -589,6 +589,7 @@ config SCHED_OMIT_FRAME_POINTER
240 +@@ -590,6 +590,7 @@ config SCHED_OMIT_FRAME_POINTER
241
242 menuconfig HYPERVISOR_GUEST
243 bool "Linux guest support"
244 @@ -12672,7 +12681,7 @@ index 1981dd9..8f3ff4d 100644
245 ---help---
246 Say Y here to enable options for running Linux under various hyper-
247 visors. This option enables basic hypervisor detection and platform
248 -@@ -1111,7 +1112,7 @@ choice
249 +@@ -1112,7 +1113,7 @@ choice
250
251 config NOHIGHMEM
252 bool "off"
253 @@ -12681,7 +12690,7 @@ index 1981dd9..8f3ff4d 100644
254 ---help---
255 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
256 However, the address space of 32-bit x86 processors is only 4
257 -@@ -1148,7 +1149,7 @@ config NOHIGHMEM
258 +@@ -1149,7 +1150,7 @@ config NOHIGHMEM
259
260 config HIGHMEM4G
261 bool "4GB"
262 @@ -12690,7 +12699,7 @@ index 1981dd9..8f3ff4d 100644
263 ---help---
264 Select this if you have a 32-bit processor and between 1 and 4
265 gigabytes of physical RAM.
266 -@@ -1201,7 +1202,7 @@ config PAGE_OFFSET
267 +@@ -1202,7 +1203,7 @@ config PAGE_OFFSET
268 hex
269 default 0xB0000000 if VMSPLIT_3G_OPT
270 default 0x80000000 if VMSPLIT_2G
271 @@ -12699,7 +12708,7 @@ index 1981dd9..8f3ff4d 100644
272 default 0x40000000 if VMSPLIT_1G
273 default 0xC0000000
274 depends on X86_32
275 -@@ -1605,6 +1606,7 @@ source kernel/Kconfig.hz
276 +@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz
277
278 config KEXEC
279 bool "kexec system call"
280 @@ -12707,7 +12716,7 @@ index 1981dd9..8f3ff4d 100644
281 ---help---
282 kexec is a system call that implements the ability to shutdown your
283 current kernel, and to start another kernel. It is like a reboot
284 -@@ -1756,7 +1758,9 @@ config X86_NEED_RELOCS
285 +@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS
286
287 config PHYSICAL_ALIGN
288 hex "Alignment value to which kernel should be aligned"
289 @@ -12718,7 +12727,7 @@ index 1981dd9..8f3ff4d 100644
290 range 0x2000 0x1000000 if X86_32
291 range 0x200000 0x1000000 if X86_64
292 ---help---
293 -@@ -1836,9 +1840,10 @@ config DEBUG_HOTPLUG_CPU0
294 +@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0
295 If unsure, say N.
296
297 config COMPAT_VDSO
298 @@ -21968,10 +21977,10 @@ index 639d128..e92d7e5 100644
299
300 while (amd_iommu_v2_event_descs[i].attr.attr.name)
301 diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
302 -index aa333d9..f9db700 100644
303 +index 1340ebf..fc6d5c9 100644
304 --- a/arch/x86/kernel/cpu/perf_event_intel.c
305 +++ b/arch/x86/kernel/cpu/perf_event_intel.c
306 -@@ -2309,10 +2309,10 @@ __init int intel_pmu_init(void)
307 +@@ -2318,10 +2318,10 @@ __init int intel_pmu_init(void)
308 x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
309
310 if (boot_cpu_has(X86_FEATURE_PDCM)) {
311 @@ -28157,7 +28166,7 @@ index 57409f6..b505597 100644
312 if (!fixup_exception(regs)) {
313 task->thread.error_code = error_code;
314 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
315 -index cfbe99f..a6e8fa7 100644
316 +index e0d1d7a..db035d4 100644
317 --- a/arch/x86/kernel/tsc.c
318 +++ b/arch/x86/kernel/tsc.c
319 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
320 @@ -41312,12 +41321,12 @@ index 0bb86e6..d41416d 100644
321 return -EFAULT;
322
323 diff --git a/drivers/gpu/drm/qxl/qxl_irq.c b/drivers/gpu/drm/qxl/qxl_irq.c
324 -index 28f84b4..fb3e224 100644
325 +index 3485bdc..20d26e3 100644
326 --- a/drivers/gpu/drm/qxl/qxl_irq.c
327 +++ b/drivers/gpu/drm/qxl/qxl_irq.c
328 -@@ -33,19 +33,19 @@ irqreturn_t qxl_irq_handler(int irq, void *arg)
329 -
330 - pending = xchg(&qdev->ram_header->int_pending, 0);
331 +@@ -36,19 +36,19 @@ irqreturn_t qxl_irq_handler(int irq, void *arg)
332 + if (!pending)
333 + return IRQ_NONE;
334
335 - atomic_inc(&qdev->irq_received);
336 + atomic_inc_unchecked(&qdev->irq_received);
337 @@ -41339,7 +41348,7 @@ index 28f84b4..fb3e224 100644
338 wake_up_all(&qdev->io_cmd_event);
339 }
340 if (pending & QXL_INTERRUPT_ERROR) {
341 -@@ -82,10 +82,10 @@ int qxl_irq_init(struct qxl_device *qdev)
342 +@@ -85,10 +85,10 @@ int qxl_irq_init(struct qxl_device *qdev)
343 init_waitqueue_head(&qdev->io_cmd_event);
344 INIT_WORK(&qdev->client_monitors_config_work,
345 qxl_client_monitors_config_work_func);
346 @@ -43699,10 +43708,10 @@ index 228632c9..edfe331 100644
347
348 bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip)
349 diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
350 -index ac2d41b..c657aa4 100644
351 +index 12698ee..a58a958 100644
352 --- a/drivers/irqchip/irq-gic.c
353 +++ b/drivers/irqchip/irq-gic.c
354 -@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
355 +@@ -85,7 +85,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
356 * Supported arch specific GIC irq extension.
357 * Default make them NULL.
358 */
359 @@ -43711,7 +43720,7 @@ index ac2d41b..c657aa4 100644
360 .irq_eoi = NULL,
361 .irq_mask = NULL,
362 .irq_unmask = NULL,
363 -@@ -336,7 +336,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
364 +@@ -337,7 +337,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
365 chained_irq_exit(chip, desc);
366 }
367
368 @@ -44523,7 +44532,7 @@ index 6a7f2b8..fea0bde 100644
369 "start=%llu, len=%llu, dev_size=%llu",
370 dm_device_name(ti->table->md), bdevname(bdev, b),
371 diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
372 -index b086a94..74cb67e 100644
373 +index e9d33ad..dae9880d 100644
374 --- a/drivers/md/dm-thin-metadata.c
375 +++ b/drivers/md/dm-thin-metadata.c
376 @@ -404,7 +404,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
377 @@ -46698,20 +46707,6 @@ index 455d4c3..3353ee7 100644
378 }
379
380 if (!request_mem_region(mem->start, mem_size, pdev->name)) {
381 -diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
382 -index dbcff50..5ed5124 100644
383 ---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
384 -+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c
385 -@@ -793,7 +793,8 @@ static void bnx2x_tpa_stop(struct bnx2x *bp, struct bnx2x_fastpath *fp,
386 -
387 - return;
388 - }
389 -- bnx2x_frag_free(fp, new_data);
390 -+ if (new_data)
391 -+ bnx2x_frag_free(fp, new_data);
392 - drop:
393 - /* drop the packet and keep the buffer in the bin */
394 - DP(NETIF_MSG_RX_STATUS,
395 diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
396 index a89a40f..5a8a2ac 100644
397 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
398 @@ -46844,7 +46839,7 @@ index c05b66d..ed69872 100644
399 break;
400 }
401 diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
402 -index 36c8061..ca5e1e0 100644
403 +index 80bfa03..45114e6 100644
404 --- a/drivers/net/ethernet/emulex/benet/be_main.c
405 +++ b/drivers/net/ethernet/emulex/benet/be_main.c
406 @@ -534,7 +534,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
407 @@ -52873,7 +52868,7 @@ index 2518c32..1c201bb 100644
408 wake_up(&usb_kill_urb_queue);
409 usb_put_urb(urb);
410 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
411 -index 3baa51b..92907cf 100644
412 +index 36b1e85..18fb0a4 100644
413 --- a/drivers/usb/core/hub.c
414 +++ b/drivers/usb/core/hub.c
415 @@ -27,6 +27,7 @@
416 @@ -52884,7 +52879,7 @@ index 3baa51b..92907cf 100644
417
418 #include <asm/uaccess.h>
419 #include <asm/byteorder.h>
420 -@@ -4483,6 +4484,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
421 +@@ -4502,6 +4503,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
422 goto done;
423 return;
424 }
425 @@ -56887,7 +56882,7 @@ index ce25d75..dc09eeb 100644
426 &data);
427 if (!inode) {
428 diff --git a/fs/aio.c b/fs/aio.c
429 -index e609e15..c9fcd97 100644
430 +index 6d68e01..573d8dc 100644
431 --- a/fs/aio.c
432 +++ b/fs/aio.c
433 @@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx)
434 @@ -59032,7 +59027,7 @@ index a81147e..20bf2b5 100644
435
436 /*
437 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
438 -index 3881610..ab3df0b 100644
439 +index 3881610..d4599d0 100644
440 --- a/fs/compat_ioctl.c
441 +++ b/fs/compat_ioctl.c
442 @@ -621,7 +621,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
443 @@ -59050,7 +59045,7 @@ index 3881610..ab3df0b 100644
444 return -EFAULT;
445 - if (get_user(datap, &umsgs[i].buf) ||
446 - put_user(compat_ptr(datap), &tmsgs[i].buf))
447 -+ if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) ||
448 ++ if (get_user(datap, (compat_caddr_t __user *)&umsgs[i].buf) ||
449 + put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
450 return -EFAULT;
451 }
452 @@ -62039,10 +62034,10 @@ index 0a648bb..8d463f1 100644
453 }
454
455 diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
456 -index 1d1292c..bba17ea 100644
457 +index 342f0239..d67794c 100644
458 --- a/fs/fuse/dir.c
459 +++ b/fs/fuse/dir.c
460 -@@ -1418,7 +1418,7 @@ static char *read_link(struct dentry *dentry)
461 +@@ -1419,7 +1419,7 @@ static char *read_link(struct dentry *dentry)
462 return link;
463 }
464
465 @@ -84712,7 +84707,7 @@ index 0dfcc92..7967849 100644
466
467 /* Structure to track chunk fragments that have been acked, but peer
468 diff --git a/include/net/sock.h b/include/net/sock.h
469 -index 57c31dd..f5e5196 100644
470 +index 2f7bc43..530dadc 100644
471 --- a/include/net/sock.h
472 +++ b/include/net/sock.h
473 @@ -348,7 +348,7 @@ struct sock {
474 @@ -84751,17 +84746,6 @@ index 57c31dd..f5e5196 100644
475
476 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
477 {
478 -@@ -1755,8 +1755,8 @@ sk_dst_get(struct sock *sk)
479 -
480 - rcu_read_lock();
481 - dst = rcu_dereference(sk->sk_dst_cache);
482 -- if (dst)
483 -- dst_hold(dst);
484 -+ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
485 -+ dst = NULL;
486 - rcu_read_unlock();
487 - return dst;
488 - }
489 @@ -1830,7 +1830,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
490 }
491
492 @@ -86803,7 +86787,7 @@ index 0b097c8..11dd5c5 100644
493 #ifdef CONFIG_MODULE_UNLOAD
494 {
495 diff --git a/kernel/events/core.c b/kernel/events/core.c
496 -index 0e7fea7..f869fde 100644
497 +index f774e93..c602612 100644
498 --- a/kernel/events/core.c
499 +++ b/kernel/events/core.c
500 @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu;
501 @@ -89525,7 +89509,7 @@ index 2fac9cc..56fef29 100644
502 select LZO_COMPRESS
503 select LZO_DECOMPRESS
504 diff --git a/kernel/power/process.c b/kernel/power/process.c
505 -index 06ec886..9dba35e 100644
506 +index 14f9a8d..98ee610 100644
507 --- a/kernel/power/process.c
508 +++ b/kernel/power/process.c
509 @@ -34,6 +34,7 @@ static int try_to_freeze_tasks(bool user_only)
510 @@ -91452,10 +91436,10 @@ index 7c7964c..2a0d412 100644
511 update_vsyscall_tz();
512 if (firsttime) {
513 diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
514 -index 88c9c65..7497ebc 100644
515 +index fe75444..190c528 100644
516 --- a/kernel/time/alarmtimer.c
517 +++ b/kernel/time/alarmtimer.c
518 -@@ -795,7 +795,7 @@ static int __init alarmtimer_init(void)
519 +@@ -811,7 +811,7 @@ static int __init alarmtimer_init(void)
520 struct platform_device *pdev;
521 int error = 0;
522 int i;
523 @@ -91656,7 +91640,7 @@ index 4f3a3c03..04b7886 100644
524
525 ret = -EIO;
526 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
527 -index 868633e..921dc41 100644
528 +index e3be87e..7480b36 100644
529 --- a/kernel/trace/ftrace.c
530 +++ b/kernel/trace/ftrace.c
531 @@ -1965,12 +1965,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
532 @@ -91719,7 +91703,7 @@ index 868633e..921dc41 100644
533
534 ftrace_graph_active++;
535 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
536 -index 04202d9..e3e4242 100644
537 +index 0954450..0ed035c 100644
538 --- a/kernel/trace/ring_buffer.c
539 +++ b/kernel/trace/ring_buffer.c
540 @@ -352,9 +352,9 @@ struct buffer_data_page {
541 @@ -91745,7 +91729,7 @@ index 04202d9..e3e4242 100644
542 local_t dropped_events;
543 local_t committing;
544 local_t commits;
545 -@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
546 +@@ -991,8 +991,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
547 *
548 * We add a counter to the write field to denote this.
549 */
550 @@ -91756,7 +91740,7 @@ index 04202d9..e3e4242 100644
551
552 /*
553 * Just make sure we have seen our old_write and synchronize
554 -@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
555 +@@ -1020,8 +1020,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
556 * cmpxchg to only update if an interrupt did not already
557 * do it for us. If the cmpxchg fails, we don't care.
558 */
559 @@ -91767,7 +91751,7 @@ index 04202d9..e3e4242 100644
560
561 /*
562 * No need to worry about races with clearing out the commit.
563 -@@ -1389,12 +1389,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
564 +@@ -1385,12 +1385,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
565
566 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
567 {
568 @@ -91782,7 +91766,7 @@ index 04202d9..e3e4242 100644
569 }
570
571 static int
572 -@@ -1489,7 +1489,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
573 +@@ -1485,7 +1485,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
574 * bytes consumed in ring buffer from here.
575 * Increment overrun to account for the lost events.
576 */
577 @@ -91791,7 +91775,7 @@ index 04202d9..e3e4242 100644
578 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
579 }
580
581 -@@ -2067,7 +2067,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
582 +@@ -2063,7 +2063,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
583 * it is our responsibility to update
584 * the counters.
585 */
586 @@ -91800,7 +91784,7 @@ index 04202d9..e3e4242 100644
587 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
588
589 /*
590 -@@ -2217,7 +2217,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
591 +@@ -2213,7 +2213,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
592 if (tail == BUF_PAGE_SIZE)
593 tail_page->real_end = 0;
594
595 @@ -91809,7 +91793,7 @@ index 04202d9..e3e4242 100644
596 return;
597 }
598
599 -@@ -2252,7 +2252,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
600 +@@ -2248,7 +2248,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
601 rb_event_set_padding(event);
602
603 /* Set the write back to the previous setting */
604 @@ -91818,7 +91802,7 @@ index 04202d9..e3e4242 100644
605 return;
606 }
607
608 -@@ -2264,7 +2264,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
609 +@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
610
611 /* Set write to end of buffer */
612 length = (tail + length) - BUF_PAGE_SIZE;
613 @@ -91827,7 +91811,7 @@ index 04202d9..e3e4242 100644
614 }
615
616 /*
617 -@@ -2290,7 +2290,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
618 +@@ -2286,7 +2286,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
619 * about it.
620 */
621 if (unlikely(next_page == commit_page)) {
622 @@ -91836,7 +91820,7 @@ index 04202d9..e3e4242 100644
623 goto out_reset;
624 }
625
626 -@@ -2346,7 +2346,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
627 +@@ -2342,7 +2342,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
628 cpu_buffer->tail_page) &&
629 (cpu_buffer->commit_page ==
630 cpu_buffer->reader_page))) {
631 @@ -91845,7 +91829,7 @@ index 04202d9..e3e4242 100644
632 goto out_reset;
633 }
634 }
635 -@@ -2394,7 +2394,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
636 +@@ -2390,7 +2390,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
637 length += RB_LEN_TIME_EXTEND;
638
639 tail_page = cpu_buffer->tail_page;
640 @@ -91854,7 +91838,7 @@ index 04202d9..e3e4242 100644
641
642 /* set write to only the index of the write */
643 write &= RB_WRITE_MASK;
644 -@@ -2418,7 +2418,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
645 +@@ -2414,7 +2414,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
646 kmemcheck_annotate_bitfield(event, bitfield);
647 rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
648
649 @@ -91863,7 +91847,7 @@ index 04202d9..e3e4242 100644
650
651 /*
652 * If this is the first commit on the page, then update
653 -@@ -2451,7 +2451,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
654 +@@ -2447,7 +2447,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
655
656 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
657 unsigned long write_mask =
658 @@ -91872,7 +91856,7 @@ index 04202d9..e3e4242 100644
659 unsigned long event_length = rb_event_length(event);
660 /*
661 * This is on the tail page. It is possible that
662 -@@ -2461,7 +2461,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
663 +@@ -2457,7 +2457,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
664 */
665 old_index += write_mask;
666 new_index += write_mask;
667 @@ -91881,7 +91865,7 @@ index 04202d9..e3e4242 100644
668 if (index == old_index) {
669 /* update counters */
670 local_sub(event_length, &cpu_buffer->entries_bytes);
671 -@@ -2853,7 +2853,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
672 +@@ -2849,7 +2849,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
673
674 /* Do the likely case first */
675 if (likely(bpage->page == (void *)addr)) {
676 @@ -91890,7 +91874,7 @@ index 04202d9..e3e4242 100644
677 return;
678 }
679
680 -@@ -2865,7 +2865,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
681 +@@ -2861,7 +2861,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
682 start = bpage;
683 do {
684 if (bpage->page == (void *)addr) {
685 @@ -91899,7 +91883,7 @@ index 04202d9..e3e4242 100644
686 return;
687 }
688 rb_inc_page(cpu_buffer, &bpage);
689 -@@ -3149,7 +3149,7 @@ static inline unsigned long
690 +@@ -3145,7 +3145,7 @@ static inline unsigned long
691 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
692 {
693 return local_read(&cpu_buffer->entries) -
694 @@ -91908,7 +91892,7 @@ index 04202d9..e3e4242 100644
695 }
696
697 /**
698 -@@ -3238,7 +3238,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
699 +@@ -3234,7 +3234,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
700 return 0;
701
702 cpu_buffer = buffer->buffers[cpu];
703 @@ -91917,7 +91901,7 @@ index 04202d9..e3e4242 100644
704
705 return ret;
706 }
707 -@@ -3261,7 +3261,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
708 +@@ -3257,7 +3257,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
709 return 0;
710
711 cpu_buffer = buffer->buffers[cpu];
712 @@ -91926,7 +91910,7 @@ index 04202d9..e3e4242 100644
713
714 return ret;
715 }
716 -@@ -3346,7 +3346,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
717 +@@ -3342,7 +3342,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
718 /* if you care about this being correct, lock the buffer */
719 for_each_buffer_cpu(buffer, cpu) {
720 cpu_buffer = buffer->buffers[cpu];
721 @@ -91935,7 +91919,7 @@ index 04202d9..e3e4242 100644
722 }
723
724 return overruns;
725 -@@ -3522,8 +3522,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
726 +@@ -3518,8 +3518,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
727 /*
728 * Reset the reader page to size zero.
729 */
730 @@ -91946,7 +91930,7 @@ index 04202d9..e3e4242 100644
731 local_set(&cpu_buffer->reader_page->page->commit, 0);
732 cpu_buffer->reader_page->real_end = 0;
733
734 -@@ -3557,7 +3557,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
735 +@@ -3553,7 +3553,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
736 * want to compare with the last_overrun.
737 */
738 smp_mb();
739 @@ -91955,7 +91939,7 @@ index 04202d9..e3e4242 100644
740
741 /*
742 * Here's the tricky part.
743 -@@ -4127,8 +4127,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
744 +@@ -4123,8 +4123,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
745
746 cpu_buffer->head_page
747 = list_entry(cpu_buffer->pages, struct buffer_page, list);
748 @@ -91966,7 +91950,7 @@ index 04202d9..e3e4242 100644
749 local_set(&cpu_buffer->head_page->page->commit, 0);
750
751 cpu_buffer->head_page->read = 0;
752 -@@ -4138,14 +4138,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
753 +@@ -4134,14 +4134,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
754
755 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
756 INIT_LIST_HEAD(&cpu_buffer->new_pages);
757 @@ -91985,7 +91969,7 @@ index 04202d9..e3e4242 100644
758 local_set(&cpu_buffer->dropped_events, 0);
759 local_set(&cpu_buffer->entries, 0);
760 local_set(&cpu_buffer->committing, 0);
761 -@@ -4550,8 +4550,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
762 +@@ -4546,8 +4546,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
763 rb_init_page(bpage);
764 bpage = reader->page;
765 reader->page = *data_page;
766 @@ -91997,10 +91981,10 @@ index 04202d9..e3e4242 100644
767 *data_page = bpage;
768
769 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
770 -index 922657f..3d229d9 100644
771 +index 7e259b2..e9d9452 100644
772 --- a/kernel/trace/trace.c
773 +++ b/kernel/trace/trace.c
774 -@@ -3398,7 +3398,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
775 +@@ -3412,7 +3412,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
776 return 0;
777 }
778
779 @@ -92043,10 +92027,10 @@ index 26dc348..8708ca7 100644
780 + return atomic64_inc_return_unchecked(&trace_counter);
781 }
782 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
783 -index 7b16d40..1b2875d 100644
784 +index e4c4efc..ef4e975 100644
785 --- a/kernel/trace/trace_events.c
786 +++ b/kernel/trace/trace_events.c
787 -@@ -1681,7 +1681,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
788 +@@ -1682,7 +1682,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
789 return 0;
790 }
791
792 @@ -96375,7 +96359,7 @@ index cdbd312..2e1e0b9 100644
793
794 /*
795 diff --git a/mm/shmem.c b/mm/shmem.c
796 -index 1f18c9d..6aa94ab 100644
797 +index ff85863..6aa94ab 100644
798 --- a/mm/shmem.c
799 +++ b/mm/shmem.c
800 @@ -33,7 +33,7 @@
801 @@ -96387,7 +96371,7 @@ index 1f18c9d..6aa94ab 100644
802
803 #ifdef CONFIG_SHMEM
804 /*
805 -@@ -77,14 +77,15 @@ static struct vfsmount *shm_mnt;
806 +@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt;
807 #define BOGO_DIRENT_SIZE 20
808
809 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
810 @@ -96395,180 +96379,8 @@ index 1f18c9d..6aa94ab 100644
811 +#define SHORT_SYMLINK_LEN 64
812
813 /*
814 -- * shmem_fallocate and shmem_writepage communicate via inode->i_private
815 -- * (with i_mutex making sure that it has only one user at a time):
816 -- * we would prefer not to enlarge the shmem inode just for that.
817 -+ * shmem_fallocate communicates with shmem_fault or shmem_writepage via
818 -+ * inode->i_private (with i_mutex making sure that it has only one user at
819 -+ * a time): we would prefer not to enlarge the shmem inode just for that.
820 - */
821 - struct shmem_falloc {
822 -+ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
823 - pgoff_t start; /* start of range currently being fallocated */
824 - pgoff_t next; /* the next page offset to be fallocated */
825 - pgoff_t nr_falloced; /* how many new pages have been fallocated */
826 -@@ -533,22 +534,19 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
827 - return;
828 -
829 - index = start;
830 -- for ( ; ; ) {
831 -+ while (index < end) {
832 - cond_resched();
833 - pvec.nr = shmem_find_get_pages_and_swap(mapping, index,
834 - min(end - index, (pgoff_t)PAGEVEC_SIZE),
835 - pvec.pages, indices);
836 - if (!pvec.nr) {
837 -- if (index == start || unfalloc)
838 -+ /* If all gone or hole-punch or unfalloc, we're done */
839 -+ if (index == start || end != -1)
840 - break;
841 -+ /* But if truncating, restart to make sure all gone */
842 - index = start;
843 - continue;
844 - }
845 -- if ((index == start || unfalloc) && indices[0] >= end) {
846 -- shmem_deswap_pagevec(&pvec);
847 -- pagevec_release(&pvec);
848 -- break;
849 -- }
850 - mem_cgroup_uncharge_start();
851 - for (i = 0; i < pagevec_count(&pvec); i++) {
852 - struct page *page = pvec.pages[i];
853 -@@ -560,8 +558,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
854 - if (radix_tree_exceptional_entry(page)) {
855 - if (unfalloc)
856 - continue;
857 -- nr_swaps_freed += !shmem_free_swap(mapping,
858 -- index, page);
859 -+ if (shmem_free_swap(mapping, index, page)) {
860 -+ /* Swap was replaced by page: retry */
861 -+ index--;
862 -+ break;
863 -+ }
864 -+ nr_swaps_freed++;
865 - continue;
866 - }
867 -
868 -@@ -570,6 +572,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
869 - if (page->mapping == mapping) {
870 - VM_BUG_ON_PAGE(PageWriteback(page), page);
871 - truncate_inode_page(mapping, page);
872 -+ } else {
873 -+ /* Page was replaced by swap: retry */
874 -+ unlock_page(page);
875 -+ index--;
876 -+ break;
877 - }
878 - }
879 - unlock_page(page);
880 -@@ -824,6 +831,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
881 - spin_lock(&inode->i_lock);
882 - shmem_falloc = inode->i_private;
883 - if (shmem_falloc &&
884 -+ !shmem_falloc->waitq &&
885 - index >= shmem_falloc->start &&
886 - index < shmem_falloc->next)
887 - shmem_falloc->nr_unswapped++;
888 -@@ -1298,6 +1306,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
889 - int error;
890 - int ret = VM_FAULT_LOCKED;
891 -
892 -+ /*
893 -+ * Trinity finds that probing a hole which tmpfs is punching can
894 -+ * prevent the hole-punch from ever completing: which in turn
895 -+ * locks writers out with its hold on i_mutex. So refrain from
896 -+ * faulting pages into the hole while it's being punched. Although
897 -+ * shmem_undo_range() does remove the additions, it may be unable to
898 -+ * keep up, as each new page needs its own unmap_mapping_range() call,
899 -+ * and the i_mmap tree grows ever slower to scan if new vmas are added.
900 -+ *
901 -+ * It does not matter if we sometimes reach this check just before the
902 -+ * hole-punch begins, so that one fault then races with the punch:
903 -+ * we just need to make racing faults a rare case.
904 -+ *
905 -+ * The implementation below would be much simpler if we just used a
906 -+ * standard mutex or completion: but we cannot take i_mutex in fault,
907 -+ * and bloating every shmem inode for this unlikely case would be sad.
908 -+ */
909 -+ if (unlikely(inode->i_private)) {
910 -+ struct shmem_falloc *shmem_falloc;
911 -+
912 -+ spin_lock(&inode->i_lock);
913 -+ shmem_falloc = inode->i_private;
914 -+ if (shmem_falloc &&
915 -+ shmem_falloc->waitq &&
916 -+ vmf->pgoff >= shmem_falloc->start &&
917 -+ vmf->pgoff < shmem_falloc->next) {
918 -+ wait_queue_head_t *shmem_falloc_waitq;
919 -+ DEFINE_WAIT(shmem_fault_wait);
920 -+
921 -+ ret = VM_FAULT_NOPAGE;
922 -+ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
923 -+ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
924 -+ /* It's polite to up mmap_sem if we can */
925 -+ up_read(&vma->vm_mm->mmap_sem);
926 -+ ret = VM_FAULT_RETRY;
927 -+ }
928 -+
929 -+ shmem_falloc_waitq = shmem_falloc->waitq;
930 -+ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
931 -+ TASK_UNINTERRUPTIBLE);
932 -+ spin_unlock(&inode->i_lock);
933 -+ schedule();
934 -+
935 -+ /*
936 -+ * shmem_falloc_waitq points into the shmem_fallocate()
937 -+ * stack of the hole-punching task: shmem_falloc_waitq
938 -+ * is usually invalid by the time we reach here, but
939 -+ * finish_wait() does not dereference it in that case;
940 -+ * though i_lock needed lest racing with wake_up_all().
941 -+ */
942 -+ spin_lock(&inode->i_lock);
943 -+ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
944 -+ spin_unlock(&inode->i_lock);
945 -+ return ret;
946 -+ }
947 -+ spin_unlock(&inode->i_lock);
948 -+ }
949 -+
950 - error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
951 - if (error)
952 - return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
953 -@@ -1817,12 +1883,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
954 - struct address_space *mapping = file->f_mapping;
955 - loff_t unmap_start = round_up(offset, PAGE_SIZE);
956 - loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
957 -+ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
958 -+
959 -+ shmem_falloc.waitq = &shmem_falloc_waitq;
960 -+ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
961 -+ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
962 -+ spin_lock(&inode->i_lock);
963 -+ inode->i_private = &shmem_falloc;
964 -+ spin_unlock(&inode->i_lock);
965 -
966 - if ((u64)unmap_end > (u64)unmap_start)
967 - unmap_mapping_range(mapping, unmap_start,
968 - 1 + unmap_end - unmap_start, 0);
969 - shmem_truncate_range(inode, offset, offset + len - 1);
970 - /* No need to unmap again: hole-punching leaves COWed pages */
971 -+
972 -+ spin_lock(&inode->i_lock);
973 -+ inode->i_private = NULL;
974 -+ wake_up_all(&shmem_falloc_waitq);
975 -+ spin_unlock(&inode->i_lock);
976 - error = 0;
977 - goto out;
978 - }
979 -@@ -1840,6 +1919,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
980 - goto out;
981 - }
982 -
983 -+ shmem_falloc.waitq = NULL;
984 - shmem_falloc.start = start;
985 - shmem_falloc.next = start;
986 - shmem_falloc.nr_falloced = 0;
987 -@@ -2218,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
988 + * shmem_fallocate communicates with shmem_fault or shmem_writepage via
989 +@@ -2298,6 +2298,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
990 static int shmem_xattr_validate(const char *name)
991 {
992 struct { const char *prefix; size_t len; } arr[] = {
993 @@ -96580,7 +96392,7 @@ index 1f18c9d..6aa94ab 100644
994 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
995 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
996 };
997 -@@ -2273,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
998 +@@ -2353,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
999 if (err)
1000 return err;
1001
1002 @@ -96596,7 +96408,7 @@ index 1f18c9d..6aa94ab 100644
1003 return simple_xattr_set(&info->xattrs, name, value, size, flags);
1004 }
1005
1006 -@@ -2585,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1007 +@@ -2665,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
1008 int err = -ENOMEM;
1009
1010 /* Round up to L1_CACHE_BYTES to resist false sharing */
1011 @@ -98954,10 +98766,10 @@ index a16ed7b..eb44d17 100644
1012
1013 return err;
1014 diff --git a/net/core/dev.c b/net/core/dev.c
1015 -index 4c1b483..3d45b13 100644
1016 +index 37bddf7..c78c480 100644
1017 --- a/net/core/dev.c
1018 +++ b/net/core/dev.c
1019 -@@ -1688,14 +1688,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1020 +@@ -1695,14 +1695,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
1021 {
1022 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
1023 if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
1024 @@ -98974,7 +98786,7 @@ index 4c1b483..3d45b13 100644
1025 kfree_skb(skb);
1026 return NET_RX_DROP;
1027 }
1028 -@@ -2453,7 +2453,7 @@ static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb)
1029 +@@ -2460,7 +2460,7 @@ static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb)
1030
1031 struct dev_gso_cb {
1032 void (*destructor)(struct sk_buff *skb);
1033 @@ -98983,7 +98795,7 @@ index 4c1b483..3d45b13 100644
1034
1035 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
1036
1037 -@@ -3227,7 +3227,7 @@ enqueue:
1038 +@@ -3234,7 +3234,7 @@ enqueue:
1039
1040 local_irq_restore(flags);
1041
1042 @@ -98992,7 +98804,7 @@ index 4c1b483..3d45b13 100644
1043 kfree_skb(skb);
1044 return NET_RX_DROP;
1045 }
1046 -@@ -3308,7 +3308,7 @@ int netif_rx_ni(struct sk_buff *skb)
1047 +@@ -3315,7 +3315,7 @@ int netif_rx_ni(struct sk_buff *skb)
1048 }
1049 EXPORT_SYMBOL(netif_rx_ni);
1050
1051 @@ -99001,7 +98813,7 @@ index 4c1b483..3d45b13 100644
1052 {
1053 struct softnet_data *sd = &__get_cpu_var(softnet_data);
1054
1055 -@@ -3645,7 +3645,7 @@ ncls:
1056 +@@ -3652,7 +3652,7 @@ ncls:
1057 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
1058 } else {
1059 drop:
1060 @@ -99010,7 +98822,7 @@ index 4c1b483..3d45b13 100644
1061 kfree_skb(skb);
1062 /* Jamal, now you will not able to escape explaining
1063 * me how you were going to use this. :-)
1064 -@@ -4333,7 +4333,7 @@ void netif_napi_del(struct napi_struct *napi)
1065 +@@ -4342,7 +4342,7 @@ void netif_napi_del(struct napi_struct *napi)
1066 }
1067 EXPORT_SYMBOL(netif_napi_del);
1068
1069 @@ -99019,7 +98831,7 @@ index 4c1b483..3d45b13 100644
1070 {
1071 struct softnet_data *sd = &__get_cpu_var(softnet_data);
1072 unsigned long time_limit = jiffies + 2;
1073 -@@ -6302,7 +6302,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
1074 +@@ -6311,7 +6311,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
1075 } else {
1076 netdev_stats_to_stats64(storage, &dev->stats);
1077 }
1078 @@ -99046,40 +98858,6 @@ index cf999e0..c59a975 100644
1079 }
1080 }
1081 EXPORT_SYMBOL(dev_load);
1082 -diff --git a/net/core/dst.c b/net/core/dst.c
1083 -index ca4231e..15b6792 100644
1084 ---- a/net/core/dst.c
1085 -+++ b/net/core/dst.c
1086 -@@ -267,6 +267,15 @@ again:
1087 - }
1088 - EXPORT_SYMBOL(dst_destroy);
1089 -
1090 -+static void dst_destroy_rcu(struct rcu_head *head)
1091 -+{
1092 -+ struct dst_entry *dst = container_of(head, struct dst_entry, rcu_head);
1093 -+
1094 -+ dst = dst_destroy(dst);
1095 -+ if (dst)
1096 -+ __dst_free(dst);
1097 -+}
1098 -+
1099 - void dst_release(struct dst_entry *dst)
1100 - {
1101 - if (dst) {
1102 -@@ -274,11 +283,8 @@ void dst_release(struct dst_entry *dst)
1103 -
1104 - newrefcnt = atomic_dec_return(&dst->__refcnt);
1105 - WARN_ON(newrefcnt < 0);
1106 -- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) {
1107 -- dst = dst_destroy(dst);
1108 -- if (dst)
1109 -- __dst_free(dst);
1110 -- }
1111 -+ if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt)
1112 -+ call_rcu(&dst->rcu_head, dst_destroy_rcu);
1113 - }
1114 - }
1115 - EXPORT_SYMBOL(dst_release);
1116 diff --git a/net/core/filter.c b/net/core/filter.c
1117 index ebce437..9fed9d0 100644
1118 --- a/net/core/filter.c
1119 @@ -99456,7 +99234,7 @@ index b442e7e..6f5b5a2 100644
1120 {
1121 struct socket *sock;
1122 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
1123 -index e5ae776e..15c90cb 100644
1124 +index 7f2e1fc..6206b10 100644
1125 --- a/net/core/skbuff.c
1126 +++ b/net/core/skbuff.c
1127 @@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum);
1128 @@ -99468,7 +99246,7 @@ index e5ae776e..15c90cb 100644
1129 .update = csum_partial_ext,
1130 .combine = csum_block_add_ext,
1131 };
1132 -@@ -3220,13 +3220,15 @@ void __init skb_init(void)
1133 +@@ -3221,13 +3221,15 @@ void __init skb_init(void)
1134 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
1135 sizeof(struct sk_buff),
1136 0,
1137 @@ -99779,26 +99557,11 @@ index 5325b54..a0d4d69 100644
1138 return -EFAULT;
1139
1140 *lenp = len;
1141 -diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
1142 -index e7b6d53..f005cc7 100644
1143 ---- a/net/dns_resolver/dns_query.c
1144 -+++ b/net/dns_resolver/dns_query.c
1145 -@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
1146 - if (!*_result)
1147 - goto put;
1148 -
1149 -- memcpy(*_result, upayload->data, len + 1);
1150 -+ memcpy(*_result, upayload->data, len);
1151 -+ (*_result)[len] = '\0';
1152 -+
1153 - if (_expiry)
1154 - *_expiry = rkey->expiry;
1155 -
1156 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
1157 -index 19ab78a..bf575c9 100644
1158 +index 07bd8ed..c574801 100644
1159 --- a/net/ipv4/af_inet.c
1160 +++ b/net/ipv4/af_inet.c
1161 -@@ -1703,13 +1703,9 @@ static int __init inet_init(void)
1162 +@@ -1706,13 +1706,9 @@ static int __init inet_init(void)
1163
1164 BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
1165
1166 @@ -99813,7 +99576,7 @@ index 19ab78a..bf575c9 100644
1167
1168 rc = proto_register(&udp_prot, 1);
1169 if (rc)
1170 -@@ -1816,8 +1812,6 @@ out_unregister_udp_proto:
1171 +@@ -1819,8 +1815,6 @@ out_unregister_udp_proto:
1172 proto_unregister(&udp_prot);
1173 out_unregister_tcp_proto:
1174 proto_unregister(&tcp_prot);
1175 @@ -100097,42 +99860,6 @@ index 580dd96..9fcef7e 100644
1176 msg.msg_controllen = len;
1177 msg.msg_flags = flags;
1178
1179 -diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
1180 -index 0c3a5d1..c05c07d 100644
1181 ---- a/net/ipv4/ip_tunnel.c
1182 -+++ b/net/ipv4/ip_tunnel.c
1183 -@@ -73,12 +73,7 @@ static void __tunnel_dst_set(struct ip_tunnel_dst *idst,
1184 - {
1185 - struct dst_entry *old_dst;
1186 -
1187 -- if (dst) {
1188 -- if (dst->flags & DST_NOCACHE)
1189 -- dst = NULL;
1190 -- else
1191 -- dst_clone(dst);
1192 -- }
1193 -+ dst_clone(dst);
1194 - old_dst = xchg((__force struct dst_entry **)&idst->dst, dst);
1195 - dst_release(old_dst);
1196 - }
1197 -@@ -108,13 +103,14 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
1198 -
1199 - rcu_read_lock();
1200 - dst = rcu_dereference(this_cpu_ptr(t->dst_cache)->dst);
1201 -+ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
1202 -+ dst = NULL;
1203 - if (dst) {
1204 - if (dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
1205 -- rcu_read_unlock();
1206 - tunnel_dst_reset(t);
1207 -- return NULL;
1208 -+ dst_release(dst);
1209 -+ dst = NULL;
1210 - }
1211 -- dst_hold(dst);
1212 - }
1213 - rcu_read_unlock();
1214 - return (struct rtable *)dst;
1215 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
1216 index e4a8f76..dd8ad72 100644
1217 --- a/net/ipv4/ip_vti.c
1218 @@ -100446,7 +100173,7 @@ index c04518f..c402063 100644
1219
1220 static int raw_seq_show(struct seq_file *seq, void *v)
1221 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
1222 -index 1344373..02f339e 100644
1223 +index 031553f..e482974 100644
1224 --- a/net/ipv4/route.c
1225 +++ b/net/ipv4/route.c
1226 @@ -233,7 +233,7 @@ static const struct seq_operations rt_cache_seq_ops = {
1227 @@ -100476,7 +100203,7 @@ index 1344373..02f339e 100644
1228 }
1229
1230 static const struct file_operations rt_acct_proc_fops = {
1231 -@@ -2623,34 +2623,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
1232 +@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
1233 .maxlen = sizeof(int),
1234 .mode = 0200,
1235 .proc_handler = ipv4_sysctl_rtcache_flush,
1236 @@ -100519,7 +100246,7 @@ index 1344373..02f339e 100644
1237 err_dup:
1238 return -ENOMEM;
1239 }
1240 -@@ -2673,8 +2673,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
1241 +@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
1242
1243 static __net_init int rt_genid_init(struct net *net)
1244 {
1245 @@ -100652,7 +100379,7 @@ index 44eba05..b36864b 100644
1246 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1247 if (hdr == NULL)
1248 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1249 -index e364746..598e76e 100644
1250 +index 3898694..9bd1a03 100644
1251 --- a/net/ipv4/tcp_input.c
1252 +++ b/net/ipv4/tcp_input.c
1253 @@ -761,7 +761,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
1254 @@ -102730,7 +102457,7 @@ index 11de55e..f25e448 100644
1255 return 0;
1256 }
1257 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
1258 -index 7f40fd2..c72ef1f 100644
1259 +index 0dfe894..7702a84 100644
1260 --- a/net/netlink/af_netlink.c
1261 +++ b/net/netlink/af_netlink.c
1262 @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk)
1263 @@ -103468,37 +103195,37 @@ index 604a6ac..f87f0a3 100644
1264 return -EFAULT;
1265 to += addrlen;
1266 diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
1267 -index c82fdc1..4ca1f95 100644
1268 +index dfa532f..1dcfb44 100644
1269 --- a/net/sctp/sysctl.c
1270 +++ b/net/sctp/sysctl.c
1271 -@@ -308,7 +308,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
1272 +@@ -307,7 +307,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
1273 + loff_t *ppos)
1274 {
1275 struct net *net = current->nsproxy->net_ns;
1276 - char tmp[8];
1277 - struct ctl_table tbl;
1278 + ctl_table_no_const tbl;
1279 - int ret;
1280 - int changed = 0;
1281 + bool changed = false;
1282 char *none = "none";
1283 + char tmp[8];
1284 @@ -355,7 +355,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
1285 - {
1286 struct net *net = current->nsproxy->net_ns;
1287 - int new_value;
1288 -- struct ctl_table tbl;
1289 -+ ctl_table_no_const tbl;
1290 unsigned int min = *(unsigned int *) ctl->extra1;
1291 unsigned int max = *(unsigned int *) ctl->extra2;
1292 - int ret;
1293 -@@ -382,7 +382,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
1294 - {
1295 - struct net *net = current->nsproxy->net_ns;
1296 - int new_value;
1297 - struct ctl_table tbl;
1298 + ctl_table_no_const tbl;
1299 + int ret, new_value;
1300 +
1301 + memset(&tbl, 0, sizeof(struct ctl_table));
1302 +@@ -384,7 +384,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
1303 + struct net *net = current->nsproxy->net_ns;
1304 unsigned int min = *(unsigned int *) ctl->extra1;
1305 unsigned int max = *(unsigned int *) ctl->extra2;
1306 - int ret;
1307 -@@ -408,7 +408,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
1308 +- struct ctl_table tbl;
1309 ++ ctl_table_no_const tbl;
1310 + int ret, new_value;
1311 +
1312 + memset(&tbl, 0, sizeof(struct ctl_table));
1313 +@@ -411,7 +411,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
1314 loff_t *ppos)
1315 {
1316 struct net *net = current->nsproxy->net_ns;
1317 @@ -103507,7 +103234,7 @@ index c82fdc1..4ca1f95 100644
1318 int new_value, ret;
1319
1320 memset(&tbl, 0, sizeof(struct ctl_table));
1321 -@@ -436,7 +436,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
1322 +@@ -438,7 +438,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
1323
1324 int sctp_sysctl_net_register(struct net *net)
1325 {
1326 @@ -103516,7 +103243,7 @@ index c82fdc1..4ca1f95 100644
1327
1328 if (!net_eq(net, &init_net)) {
1329 int i;
1330 -@@ -449,7 +449,10 @@ int sctp_sysctl_net_register(struct net *net)
1331 +@@ -451,7 +451,10 @@ int sctp_sysctl_net_register(struct net *net)
1332 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;
1333 }
1334
1335 @@ -103528,26 +103255,6 @@ index c82fdc1..4ca1f95 100644
1336 return 0;
1337 }
1338
1339 -diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
1340 -index 85c6465..879f3cd 100644
1341 ---- a/net/sctp/ulpevent.c
1342 -+++ b/net/sctp/ulpevent.c
1343 -@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
1344 - * sre_type:
1345 - * It should be SCTP_REMOTE_ERROR.
1346 - */
1347 -+ memset(sre, 0, sizeof(*sre));
1348 - sre->sre_type = SCTP_REMOTE_ERROR;
1349 -
1350 - /*
1351 -@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
1352 - * For recvmsg() the SCTP stack places the message's stream number in
1353 - * this value.
1354 - */
1355 -+ memset(&sinfo, 0, sizeof(sinfo));
1356 - sinfo.sinfo_stream = event->stream;
1357 - /* sinfo_ssn: 16 bits (unsigned integer)
1358 - *
1359 diff --git a/net/socket.c b/net/socket.c
1360 index a19ae19..89554dc 100644
1361 --- a/net/socket.c
1362 @@ -110983,10 +110690,10 @@ index 0000000..12b1e3b
1363 +exit 0
1364 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
1365 new file mode 100644
1366 -index 0000000..3e8148c
1367 +index 0000000..c43901f
1368 --- /dev/null
1369 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
1370 -@@ -0,0 +1,790 @@
1371 +@@ -0,0 +1,748 @@
1372 +/*
1373 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
1374 + * Licensed under the GPL v2, or (at your option) v3
1375 @@ -111466,45 +111173,6 @@ index 0000000..3e8148c
1376 + return true;
1377 +}
1378 +
1379 -+static bool is_from_cast(const_tree node)
1380 -+{
1381 -+ gimple def_stmt = get_def_stmt(node);
1382 -+
1383 -+ if (!def_stmt)
1384 -+ return false;
1385 -+
1386 -+ if (gimple_assign_cast_p(def_stmt))
1387 -+ return true;
1388 -+
1389 -+ return false;
1390 -+}
1391 -+
1392 -+// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
1393 -+static bool skip_ptr_minus(gimple stmt)
1394 -+{
1395 -+ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
1396 -+
1397 -+ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
1398 -+ return false;
1399 -+
1400 -+ rhs1 = gimple_assign_rhs1(stmt);
1401 -+ if (!is_from_cast(rhs1))
1402 -+ return false;
1403 -+
1404 -+ rhs2 = gimple_assign_rhs2(stmt);
1405 -+ if (!is_from_cast(rhs2))
1406 -+ return false;
1407 -+
1408 -+ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
1409 -+ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
1410 -+
1411 -+ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
1412 -+ return false;
1413 -+
1414 -+ create_mark_asm(stmt, MARK_YES);
1415 -+ return true;
1416 -+}
1417 -+
1418 +static void walk_use_def_ptr(struct pointer_set_t *visited, const_tree lhs)
1419 +{
1420 + gimple def_stmt;
1421 @@ -111538,9 +111206,6 @@ index 0000000..3e8148c
1422 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
1423 + return;
1424 + case 3:
1425 -+ if (skip_ptr_minus(def_stmt))
1426 -+ return;
1427 -+
1428 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
1429 + walk_use_def_ptr(visited, gimple_assign_rhs2(def_stmt));
1430 + return;
1431 @@ -111779,10 +111444,10 @@ index 0000000..3e8148c
1432 +}
1433 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
1434 new file mode 100644
1435 -index 0000000..88469e9
1436 +index 0000000..73f0a12
1437 --- /dev/null
1438 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
1439 -@@ -0,0 +1,902 @@
1440 +@@ -0,0 +1,943 @@
1441 +/*
1442 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
1443 + * Licensed under the GPL v2, or (at your option) v3
1444 @@ -112506,6 +112171,44 @@ index 0000000..88469e9
1445 + inform(loc, "Integer size_overflow check applied here.");
1446 +}
1447 +
1448 ++static bool is_from_cast(const_tree node)
1449 ++{
1450 ++ gimple def_stmt = get_def_stmt(node);
1451 ++
1452 ++ if (!def_stmt)
1453 ++ return false;
1454 ++
1455 ++ if (gimple_assign_cast_p(def_stmt))
1456 ++ return true;
1457 ++
1458 ++ return false;
1459 ++}
1460 ++
1461 ++// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
1462 ++static bool is_a_ptr_minus(gimple stmt)
1463 ++{
1464 ++ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
1465 ++
1466 ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
1467 ++ return false;
1468 ++
1469 ++ rhs1 = gimple_assign_rhs1(stmt);
1470 ++ if (!is_from_cast(rhs1))
1471 ++ return false;
1472 ++
1473 ++ rhs2 = gimple_assign_rhs2(stmt);
1474 ++ if (!is_from_cast(rhs2))
1475 ++ return false;
1476 ++
1477 ++ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
1478 ++ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
1479 ++
1480 ++ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
1481 ++ return false;
1482 ++
1483 ++ return true;
1484 ++}
1485 ++
1486 +static tree handle_binary_ops(struct visited *visited, struct cgraph_node *caller_node, tree lhs)
1487 +{
1488 + enum intentional_overflow_type res;
1489 @@ -112514,6 +112217,9 @@ index 0000000..88469e9
1490 + tree new_rhs1 = NULL_TREE;
1491 + tree new_rhs2 = NULL_TREE;
1492 +
1493 ++ if (is_a_ptr_minus(def_stmt))
1494 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
1495 ++
1496 + rhs1 = gimple_assign_rhs1(def_stmt);
1497 + rhs2 = gimple_assign_rhs2(def_stmt);
1498 +
1499 @@ -112687,7 +112393,7 @@ index 0000000..88469e9
1500 +
1501 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
1502 new file mode 100644
1503 -index 0000000..715a590
1504 +index 0000000..df50164
1505 --- /dev/null
1506 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
1507 @@ -0,0 +1,1141 @@
1508 @@ -112926,7 +112632,7 @@ index 0000000..715a590
1509 +
1510 + switch (gimple_code(def_stmt)) {
1511 + case GIMPLE_CALL:
1512 -+ if (lhs == gimple_return_retval(def_stmt))
1513 ++ if (lhs == gimple_call_lhs(def_stmt))
1514 + interesting_conditions[RET] = true;
1515 + return;
1516 + case GIMPLE_NOP:
1517 @@ -113834,10 +113540,10 @@ index 0000000..715a590
1518 +
1519 diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
1520 new file mode 100644
1521 -index 0000000..38904bc
1522 +index 0000000..d71d72a
1523 --- /dev/null
1524 +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
1525 -@@ -0,0 +1,733 @@
1526 +@@ -0,0 +1,736 @@
1527 +/*
1528 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
1529 + * Licensed under the GPL v2, or (at your option) v3
1530 @@ -114442,6 +114148,9 @@ index 0000000..38904bc
1531 + } else
1532 + return false;
1533 +
1534 ++ if (!is_gimple_assign(def_stmt))
1535 ++ return false;
1536 ++
1537 + if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR && gimple_assign_rhs_code(def_stmt) != MINUS_EXPR)
1538 + return false;
1539 +
1540 @@ -121273,7 +120982,7 @@ index 0000000..560cd7b
1541 +zpios_read_64734 zpios_read 3 64734 NULL
1542 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
1543 new file mode 100644
1544 -index 0000000..a15328d
1545 +index 0000000..95f7abd
1546 --- /dev/null
1547 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
1548 @@ -0,0 +1,259 @@
1549 @@ -121309,7 +121018,7 @@ index 0000000..a15328d
1550 +tree size_overflow_type_TI;
1551 +
1552 +static struct plugin_info size_overflow_plugin_info = {
1553 -+ .version = "20140713",
1554 ++ .version = "20140725",
1555 + .help = "no-size-overflow\tturn off size overflow checking\n",
1556 +};
1557 +
1558
1559 diff --git a/3.14.13/4425_grsec_remove_EI_PAX.patch b/3.14.14/4425_grsec_remove_EI_PAX.patch
1560 similarity index 100%
1561 rename from 3.14.13/4425_grsec_remove_EI_PAX.patch
1562 rename to 3.14.14/4425_grsec_remove_EI_PAX.patch
1563
1564 diff --git a/3.14.13/4427_force_XATTR_PAX_tmpfs.patch b/3.14.14/4427_force_XATTR_PAX_tmpfs.patch
1565 similarity index 100%
1566 rename from 3.14.13/4427_force_XATTR_PAX_tmpfs.patch
1567 rename to 3.14.14/4427_force_XATTR_PAX_tmpfs.patch
1568
1569 diff --git a/3.14.13/4430_grsec-remove-localversion-grsec.patch b/3.14.14/4430_grsec-remove-localversion-grsec.patch
1570 similarity index 100%
1571 rename from 3.14.13/4430_grsec-remove-localversion-grsec.patch
1572 rename to 3.14.14/4430_grsec-remove-localversion-grsec.patch
1573
1574 diff --git a/3.14.13/4435_grsec-mute-warnings.patch b/3.14.14/4435_grsec-mute-warnings.patch
1575 similarity index 100%
1576 rename from 3.14.13/4435_grsec-mute-warnings.patch
1577 rename to 3.14.14/4435_grsec-mute-warnings.patch
1578
1579 diff --git a/3.14.13/4440_grsec-remove-protected-paths.patch b/3.14.14/4440_grsec-remove-protected-paths.patch
1580 similarity index 100%
1581 rename from 3.14.13/4440_grsec-remove-protected-paths.patch
1582 rename to 3.14.14/4440_grsec-remove-protected-paths.patch
1583
1584 diff --git a/3.14.13/4450_grsec-kconfig-default-gids.patch b/3.14.14/4450_grsec-kconfig-default-gids.patch
1585 similarity index 100%
1586 rename from 3.14.13/4450_grsec-kconfig-default-gids.patch
1587 rename to 3.14.14/4450_grsec-kconfig-default-gids.patch
1588
1589 diff --git a/3.14.13/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.14/4465_selinux-avc_audit-log-curr_ip.patch
1590 similarity index 100%
1591 rename from 3.14.13/4465_selinux-avc_audit-log-curr_ip.patch
1592 rename to 3.14.14/4465_selinux-avc_audit-log-curr_ip.patch
1593
1594 diff --git a/3.14.13/4470_disable-compat_vdso.patch b/3.14.14/4470_disable-compat_vdso.patch
1595 similarity index 100%
1596 rename from 3.14.13/4470_disable-compat_vdso.patch
1597 rename to 3.14.14/4470_disable-compat_vdso.patch
1598
1599 diff --git a/3.14.13/4475_emutramp_default_on.patch b/3.14.14/4475_emutramp_default_on.patch
1600 similarity index 100%
1601 rename from 3.14.13/4475_emutramp_default_on.patch
1602 rename to 3.14.14/4475_emutramp_default_on.patch
1603
1604 diff --git a/3.15.6/0000_README b/3.15.7/0000_README
1605 similarity index 96%
1606 rename from 3.15.6/0000_README
1607 rename to 3.15.7/0000_README
1608 index 3a519cd..2a1a393 100644
1609 --- a/3.15.6/0000_README
1610 +++ b/3.15.7/0000_README
1611 @@ -2,7 +2,7 @@ README
1612 -----------------------------------------------------------------------------
1613 Individual Patch Descriptions:
1614 -----------------------------------------------------------------------------
1615 -Patch: 4420_grsecurity-3.0-3.15.6-201407232200.patch
1616 +Patch: 4420_grsecurity-3.0-3.15.7-201407282112.patch
1617 From: http://www.grsecurity.net
1618 Desc: hardened-sources base patch from upstream grsecurity
1619
1620
1621 diff --git a/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch b/3.15.7/4420_grsecurity-3.0-3.15.7-201407282112.patch
1622 similarity index 99%
1623 rename from 3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch
1624 rename to 3.15.7/4420_grsecurity-3.0-3.15.7-201407282112.patch
1625 index f992e88..6902f76 100644
1626 --- a/3.15.6/4420_grsecurity-3.0-3.15.6-201407232200.patch
1627 +++ b/3.15.7/4420_grsecurity-3.0-3.15.7-201407282112.patch
1628 @@ -287,7 +287,7 @@ index 30a8ad0d..2ed9efd 100644
1629
1630 pcd. [PARIDE]
1631 diff --git a/Makefile b/Makefile
1632 -index fefa023..06f4bb4 100644
1633 +index 833f67f..3689bcf 100644
1634 --- a/Makefile
1635 +++ b/Makefile
1636 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1637 @@ -386,7 +386,16 @@ index fefa023..06f4bb4 100644
1638 include $(srctree)/arch/$(SRCARCH)/Makefile
1639
1640 ifdef CONFIG_READABLE_ASM
1641 -@@ -816,7 +883,7 @@ export mod_sign_cmd
1642 +@@ -669,6 +736,8 @@ KBUILD_CFLAGS += -fomit-frame-pointer
1643 + endif
1644 + endif
1645 +
1646 ++KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments)
1647 ++
1648 + ifdef CONFIG_DEBUG_INFO
1649 + KBUILD_CFLAGS += -g
1650 + KBUILD_AFLAGS += -Wa,--gdwarf-2
1651 +@@ -816,7 +885,7 @@ export mod_sign_cmd
1652
1653
1654 ifeq ($(KBUILD_EXTMOD),)
1655 @@ -395,7 +404,7 @@ index fefa023..06f4bb4 100644
1656
1657 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
1658 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
1659 -@@ -865,6 +932,8 @@ endif
1660 +@@ -865,6 +934,8 @@ endif
1661
1662 # The actual objects are generated when descending,
1663 # make sure no implicit rule kicks in
1664 @@ -404,7 +413,7 @@ index fefa023..06f4bb4 100644
1665 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1666
1667 # Handle descending into subdirectories listed in $(vmlinux-dirs)
1668 -@@ -874,7 +943,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1669 +@@ -874,7 +945,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
1670 # Error messages still appears in the original language
1671
1672 PHONY += $(vmlinux-dirs)
1673 @@ -413,7 +422,7 @@ index fefa023..06f4bb4 100644
1674 $(Q)$(MAKE) $(build)=$@
1675
1676 define filechk_kernel.release
1677 -@@ -917,10 +986,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
1678 +@@ -917,10 +988,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
1679
1680 archprepare: archheaders archscripts prepare1 scripts_basic
1681
1682 @@ -427,7 +436,7 @@ index fefa023..06f4bb4 100644
1683 prepare: prepare0
1684
1685 # Generate some files
1686 -@@ -1028,6 +1100,8 @@ all: modules
1687 +@@ -1028,6 +1102,8 @@ all: modules
1688 # using awk while concatenating to the final file.
1689
1690 PHONY += modules
1691 @@ -436,7 +445,7 @@ index fefa023..06f4bb4 100644
1692 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
1693 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
1694 @$(kecho) ' Building modules, stage 2.';
1695 -@@ -1043,7 +1117,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1696 +@@ -1043,7 +1119,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
1697
1698 # Target to prepare building external modules
1699 PHONY += modules_prepare
1700 @@ -445,7 +454,7 @@ index fefa023..06f4bb4 100644
1701
1702 # Target to install modules
1703 PHONY += modules_install
1704 -@@ -1109,7 +1183,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
1705 +@@ -1109,7 +1185,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
1706 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
1707 signing_key.priv signing_key.x509 x509.genkey \
1708 extra_certificates signing_key.x509.keyid \
1709 @@ -457,7 +466,7 @@ index fefa023..06f4bb4 100644
1710
1711 # clean - Delete most, but leave enough to build external modules
1712 #
1713 -@@ -1148,7 +1225,7 @@ distclean: mrproper
1714 +@@ -1148,7 +1227,7 @@ distclean: mrproper
1715 @find $(srctree) $(RCS_FIND_IGNORE) \
1716 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
1717 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
1718 @@ -466,7 +475,7 @@ index fefa023..06f4bb4 100644
1719 -type f -print | xargs rm -f
1720
1721
1722 -@@ -1309,6 +1386,8 @@ PHONY += $(module-dirs) modules
1723 +@@ -1309,6 +1388,8 @@ PHONY += $(module-dirs) modules
1724 $(module-dirs): crmodverdir $(objtree)/Module.symvers
1725 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
1726
1727 @@ -475,7 +484,7 @@ index fefa023..06f4bb4 100644
1728 modules: $(module-dirs)
1729 @$(kecho) ' Building modules, stage 2.';
1730 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
1731 -@@ -1448,17 +1527,21 @@ else
1732 +@@ -1448,17 +1529,21 @@ else
1733 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
1734 endif
1735
1736 @@ -501,7 +510,7 @@ index fefa023..06f4bb4 100644
1737 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1738 %.symtypes: %.c prepare scripts FORCE
1739 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
1740 -@@ -1468,11 +1551,15 @@ endif
1741 +@@ -1468,11 +1553,15 @@ endif
1742 $(cmd_crmodverdir)
1743 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
1744 $(build)=$(build-dir)
1745 @@ -852,10 +861,10 @@ index 98838a0..b304fb4 100644
1746 /* Allow reads even for write-only mappings */
1747 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
1748 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
1749 -index db3c541..a1acc89 100644
1750 +index 34c7a24..592fca9 100644
1751 --- a/arch/arm/Kconfig
1752 +++ b/arch/arm/Kconfig
1753 -@@ -1877,7 +1877,7 @@ config ALIGNMENT_TRAP
1754 +@@ -1878,7 +1878,7 @@ config ALIGNMENT_TRAP
1755
1756 config UACCESS_WITH_MEMCPY
1757 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
1758 @@ -864,7 +873,7 @@ index db3c541..a1acc89 100644
1759 default y if CPU_FEROCEON
1760 help
1761 Implement faster copy_to_user and clear_user methods for CPU
1762 -@@ -2141,6 +2141,7 @@ config XIP_PHYS_ADDR
1763 +@@ -2142,6 +2142,7 @@ config XIP_PHYS_ADDR
1764 config KEXEC
1765 bool "Kexec system call (EXPERIMENTAL)"
1766 depends on (!SMP || PM_SLEEP_SMP)
1767 @@ -7991,10 +8000,10 @@ index 3ca9c11..d163ef7 100644
1768 /*
1769 * If for any reason at all we couldn't handle the fault, make
1770 diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
1771 -index c95c4b8..d831f81 100644
1772 +index 004851f..c15e65a 100644
1773 --- a/arch/powerpc/Kconfig
1774 +++ b/arch/powerpc/Kconfig
1775 -@@ -397,6 +397,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
1776 +@@ -398,6 +398,7 @@ config PPC64_SUPPORTS_MEMORY_FAILURE
1777 config KEXEC
1778 bool "kexec system call"
1779 depends on (PPC_BOOK3S || FSL_BOOKE || (44x && !SMP))
1780 @@ -12287,7 +12296,7 @@ index ad8f795..2c7eec6 100644
1781 /*
1782 * Memory returned by kmalloc() may be used for DMA, so we must make
1783 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
1784 -index 6b8b429..7b21fe4 100644
1785 +index 512e45f..2d49d9d 100644
1786 --- a/arch/x86/Kconfig
1787 +++ b/arch/x86/Kconfig
1788 @@ -127,7 +127,7 @@ config X86
1789 @@ -12298,8 +12307,8 @@ index 6b8b429..7b21fe4 100644
1790 + select HAVE_CC_STACKPROTECTOR if X86_64 || !PAX_MEMORY_UDEREF
1791 select GENERIC_CPU_AUTOPROBE
1792 select HAVE_ARCH_AUDITSYSCALL
1793 -
1794 -@@ -251,7 +251,7 @@ config X86_HT
1795 + select ARCH_SUPPORTS_ATOMIC_RMW
1796 +@@ -252,7 +252,7 @@ config X86_HT
1797
1798 config X86_32_LAZY_GS
1799 def_bool y
1800 @@ -12308,7 +12317,7 @@ index 6b8b429..7b21fe4 100644
1801
1802 config ARCH_HWEIGHT_CFLAGS
1803 string
1804 -@@ -545,6 +545,7 @@ config SCHED_OMIT_FRAME_POINTER
1805 +@@ -546,6 +546,7 @@ config SCHED_OMIT_FRAME_POINTER
1806
1807 menuconfig HYPERVISOR_GUEST
1808 bool "Linux guest support"
1809 @@ -12316,7 +12325,7 @@ index 6b8b429..7b21fe4 100644
1810 ---help---
1811 Say Y here to enable options for running Linux under various hyper-
1812 visors. This option enables basic hypervisor detection and platform
1813 -@@ -1054,6 +1055,7 @@ choice
1814 +@@ -1055,6 +1056,7 @@ choice
1815
1816 config NOHIGHMEM
1817 bool "off"
1818 @@ -12324,7 +12333,7 @@ index 6b8b429..7b21fe4 100644
1819 ---help---
1820 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1821 However, the address space of 32-bit x86 processors is only 4
1822 -@@ -1090,6 +1092,7 @@ config NOHIGHMEM
1823 +@@ -1091,6 +1093,7 @@ config NOHIGHMEM
1824
1825 config HIGHMEM4G
1826 bool "4GB"
1827 @@ -12332,7 +12341,7 @@ index 6b8b429..7b21fe4 100644
1828 ---help---
1829 Select this if you have a 32-bit processor and between 1 and 4
1830 gigabytes of physical RAM.
1831 -@@ -1142,7 +1145,7 @@ config PAGE_OFFSET
1832 +@@ -1143,7 +1146,7 @@ config PAGE_OFFSET
1833 hex
1834 default 0xB0000000 if VMSPLIT_3G_OPT
1835 default 0x80000000 if VMSPLIT_2G
1836 @@ -12341,7 +12350,7 @@ index 6b8b429..7b21fe4 100644
1837 default 0x40000000 if VMSPLIT_1G
1838 default 0xC0000000
1839 depends on X86_32
1840 -@@ -1555,6 +1558,7 @@ source kernel/Kconfig.hz
1841 +@@ -1556,6 +1559,7 @@ source kernel/Kconfig.hz
1842
1843 config KEXEC
1844 bool "kexec system call"
1845 @@ -12349,7 +12358,7 @@ index 6b8b429..7b21fe4 100644
1846 ---help---
1847 kexec is a system call that implements the ability to shutdown your
1848 current kernel, and to start another kernel. It is like a reboot
1849 -@@ -1706,7 +1710,9 @@ config X86_NEED_RELOCS
1850 +@@ -1707,7 +1711,9 @@ config X86_NEED_RELOCS
1851
1852 config PHYSICAL_ALIGN
1853 hex "Alignment value to which kernel should be aligned"
1854 @@ -12360,7 +12369,7 @@ index 6b8b429..7b21fe4 100644
1855 range 0x2000 0x1000000 if X86_32
1856 range 0x200000 0x1000000 if X86_64
1857 ---help---
1858 -@@ -1789,6 +1795,7 @@ config COMPAT_VDSO
1859 +@@ -1790,6 +1796,7 @@ config COMPAT_VDSO
1860 def_bool n
1861 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
1862 depends on X86_32 || IA32_EMULATION
1863 @@ -12716,10 +12725,10 @@ index 1fd7d57..0f7d096 100644
1864 err = check_cpuflags();
1865 } else if (err == 0x01 &&
1866 diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S
1867 -index 84c2234..3ef6360 100644
1868 +index 7a6d43a..edf6e40 100644
1869 --- a/arch/x86/boot/header.S
1870 +++ b/arch/x86/boot/header.S
1871 -@@ -420,10 +420,14 @@ setup_data: .quad 0 # 64-bit physical pointer to
1872 +@@ -438,10 +438,14 @@ setup_data: .quad 0 # 64-bit physical pointer to
1873 # single linked list of
1874 # struct setup_data
1875
1876 @@ -21497,10 +21506,10 @@ index 639d128..e92d7e5 100644
1877
1878 while (amd_iommu_v2_event_descs[i].attr.attr.name)
1879 diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
1880 -index adb02aa..9688c02 100644
1881 +index 07846d7..a40ec4a 100644
1882 --- a/arch/x86/kernel/cpu/perf_event_intel.c
1883 +++ b/arch/x86/kernel/cpu/perf_event_intel.c
1884 -@@ -2308,10 +2308,10 @@ __init int intel_pmu_init(void)
1885 +@@ -2317,10 +2317,10 @@ __init int intel_pmu_init(void)
1886 x86_pmu.num_counters_fixed = max((int)edx.split.num_counters_fixed, 3);
1887
1888 if (boot_cpu_has(X86_FEATURE_PDCM)) {
1889 @@ -27693,7 +27702,7 @@ index f73b5d4..0adcc9a 100644
1890 if (!fixup_exception(regs)) {
1891 task->thread.error_code = error_code;
1892 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
1893 -index 57e5ce1..20b0040 100644
1894 +index ea03031..34a5cdda 100644
1895 --- a/arch/x86/kernel/tsc.c
1896 +++ b/arch/x86/kernel/tsc.c
1897 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
1898 @@ -38691,7 +38700,7 @@ index 8320abd..ec48108 100644
1899
1900 if (cmd != SIOCWANDEV)
1901 diff --git a/drivers/char/random.c b/drivers/char/random.c
1902 -index 2b6e4cd..32033f3 100644
1903 +index 18ec404..32033f3 100644
1904 --- a/drivers/char/random.c
1905 +++ b/drivers/char/random.c
1906 @@ -270,10 +270,17 @@
1907 @@ -38775,44 +38784,7 @@ index 2b6e4cd..32033f3 100644
1908 unsigned int add =
1909 ((pool_size - entropy_count)*anfrac*3) >> s;
1910
1911 -@@ -641,7 +652,7 @@ retry:
1912 - } while (unlikely(entropy_count < pool_size-2 && pnfrac));
1913 - }
1914 -
1915 -- if (entropy_count < 0) {
1916 -+ if (unlikely(entropy_count < 0)) {
1917 - pr_warn("random: negative entropy/overflow: pool %s count %d\n",
1918 - r->name, entropy_count);
1919 - WARN_ON(1);
1920 -@@ -980,7 +991,7 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min,
1921 - int reserved)
1922 - {
1923 - int entropy_count, orig;
1924 -- size_t ibytes;
1925 -+ size_t ibytes, nfrac;
1926 -
1927 - BUG_ON(r->entropy_count > r->poolinfo->poolfracbits);
1928 -
1929 -@@ -998,7 +1009,17 @@ retry:
1930 - }
1931 - if (ibytes < min)
1932 - ibytes = 0;
1933 -- if ((entropy_count -= ibytes << (ENTROPY_SHIFT + 3)) < 0)
1934 -+
1935 -+ if (unlikely(entropy_count < 0)) {
1936 -+ pr_warn("random: negative entropy count: pool %s count %d\n",
1937 -+ r->name, entropy_count);
1938 -+ WARN_ON(1);
1939 -+ entropy_count = 0;
1940 -+ }
1941 -+ nfrac = ibytes << (ENTROPY_SHIFT + 3);
1942 -+ if ((size_t) entropy_count > nfrac)
1943 -+ entropy_count -= nfrac;
1944 -+ else
1945 - entropy_count = 0;
1946 -
1947 - if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig)
1948 -@@ -1166,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1949 +@@ -1176,7 +1187,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
1950
1951 extract_buf(r, tmp);
1952 i = min_t(int, nbytes, EXTRACT_SIZE);
1953 @@ -38821,15 +38793,7 @@ index 2b6e4cd..32033f3 100644
1954 ret = -EFAULT;
1955 break;
1956 }
1957 -@@ -1375,6 +1396,7 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos)
1958 - "with %d bits of entropy available\n",
1959 - current->comm, nonblocking_pool.entropy_total);
1960 -
1961 -+ nbytes = min_t(size_t, nbytes, INT_MAX >> (ENTROPY_SHIFT + 3));
1962 - ret = extract_entropy_user(&nonblocking_pool, buf, nbytes);
1963 -
1964 - trace_urandom_read(8 * nbytes, ENTROPY_BITS(&nonblocking_pool),
1965 -@@ -1555,7 +1577,7 @@ static char sysctl_bootid[16];
1966 +@@ -1566,7 +1577,7 @@ static char sysctl_bootid[16];
1967 static int proc_do_uuid(struct ctl_table *table, int write,
1968 void __user *buffer, size_t *lenp, loff_t *ppos)
1969 {
1970 @@ -38838,7 +38802,7 @@ index 2b6e4cd..32033f3 100644
1971 unsigned char buf[64], tmp_uuid[16], *uuid;
1972
1973 uuid = table->data;
1974 -@@ -1585,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
1975 +@@ -1596,7 +1607,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
1976 static int proc_do_entropy(ctl_table *table, int write,
1977 void __user *buffer, size_t *lenp, loff_t *ppos)
1978 {
1979 @@ -39085,10 +39049,10 @@ index 000e4e0..4770351 100644
1980 cpu_notifier_register_begin();
1981
1982 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
1983 -index 558224c..55e3b57 100644
1984 +index dcac12d..f12df60 100644
1985 --- a/drivers/cpufreq/cpufreq.c
1986 +++ b/drivers/cpufreq/cpufreq.c
1987 -@@ -2022,7 +2022,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
1988 +@@ -2024,7 +2024,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
1989 }
1990
1991 mutex_lock(&cpufreq_governor_mutex);
1992 @@ -39097,7 +39061,7 @@ index 558224c..55e3b57 100644
1993 mutex_unlock(&cpufreq_governor_mutex);
1994 return;
1995 }
1996 -@@ -2238,7 +2238,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
1997 +@@ -2240,7 +2240,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
1998 return NOTIFY_OK;
1999 }
2000
2001 @@ -39106,7 +39070,7 @@ index 558224c..55e3b57 100644
2002 .notifier_call = cpufreq_cpu_callback,
2003 };
2004
2005 -@@ -2278,13 +2278,17 @@ int cpufreq_boost_trigger_state(int state)
2006 +@@ -2280,13 +2280,17 @@ int cpufreq_boost_trigger_state(int state)
2007 return 0;
2008
2009 write_lock_irqsave(&cpufreq_driver_lock, flags);
2010 @@ -39126,7 +39090,7 @@ index 558224c..55e3b57 100644
2011 write_unlock_irqrestore(&cpufreq_driver_lock, flags);
2012
2013 pr_err("%s: Cannot %s BOOST\n",
2014 -@@ -2340,8 +2344,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
2015 +@@ -2342,8 +2346,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
2016
2017 pr_debug("trying to register driver %s\n", driver_data->name);
2018
2019 @@ -39140,7 +39104,7 @@ index 558224c..55e3b57 100644
2020
2021 write_lock_irqsave(&cpufreq_driver_lock, flags);
2022 if (cpufreq_driver) {
2023 -@@ -2356,8 +2363,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
2024 +@@ -2358,8 +2365,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
2025 * Check if driver provides function to enable boost -
2026 * if not, use cpufreq_boost_set_sw as default
2027 */
2028 @@ -40728,12 +40692,12 @@ index 0bb86e6..d41416d 100644
2029 return -EFAULT;
2030
2031 diff --git a/drivers/gpu/drm/qxl/qxl_irq.c b/drivers/gpu/drm/qxl/qxl_irq.c
2032 -index 28f84b4..fb3e224 100644
2033 +index 3485bdc..20d26e3 100644
2034 --- a/drivers/gpu/drm/qxl/qxl_irq.c
2035 +++ b/drivers/gpu/drm/qxl/qxl_irq.c
2036 -@@ -33,19 +33,19 @@ irqreturn_t qxl_irq_handler(int irq, void *arg)
2037 -
2038 - pending = xchg(&qdev->ram_header->int_pending, 0);
2039 +@@ -36,19 +36,19 @@ irqreturn_t qxl_irq_handler(int irq, void *arg)
2040 + if (!pending)
2041 + return IRQ_NONE;
2042
2043 - atomic_inc(&qdev->irq_received);
2044 + atomic_inc_unchecked(&qdev->irq_received);
2045 @@ -40755,7 +40719,7 @@ index 28f84b4..fb3e224 100644
2046 wake_up_all(&qdev->io_cmd_event);
2047 }
2048 if (pending & QXL_INTERRUPT_ERROR) {
2049 -@@ -82,10 +82,10 @@ int qxl_irq_init(struct qxl_device *qdev)
2050 +@@ -85,10 +85,10 @@ int qxl_irq_init(struct qxl_device *qdev)
2051 init_waitqueue_head(&qdev->io_cmd_event);
2052 INIT_WORK(&qdev->client_monitors_config_work,
2053 qxl_client_monitors_config_work_func);
2054 @@ -43080,10 +43044,10 @@ index 228632c9..edfe331 100644
2055
2056 bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip)
2057 diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
2058 -index 57d165e..611997e 100644
2059 +index 739ca67..42ee3f1 100644
2060 --- a/drivers/irqchip/irq-gic.c
2061 +++ b/drivers/irqchip/irq-gic.c
2062 -@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
2063 +@@ -85,7 +85,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
2064 * Supported arch specific GIC irq extension.
2065 * Default make them NULL.
2066 */
2067 @@ -43092,7 +43056,7 @@ index 57d165e..611997e 100644
2068 .irq_eoi = NULL,
2069 .irq_mask = NULL,
2070 .irq_unmask = NULL,
2071 -@@ -336,7 +336,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
2072 +@@ -337,7 +337,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
2073 chained_irq_exit(chip, desc);
2074 }
2075
2076 @@ -43872,7 +43836,7 @@ index 50601ec..6d3b9dc 100644
2077 "start=%llu, len=%llu, dev_size=%llu",
2078 dm_device_name(ti->table->md), bdevname(bdev, b),
2079 diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
2080 -index b086a94..74cb67e 100644
2081 +index e9d33ad..dae9880d 100644
2082 --- a/drivers/md/dm-thin-metadata.c
2083 +++ b/drivers/md/dm-thin-metadata.c
2084 @@ -404,7 +404,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
2085 @@ -46222,7 +46186,7 @@ index c05b66d..ed69872 100644
2086 break;
2087 }
2088 diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
2089 -index dc19bc5..f2d4548 100644
2090 +index 2b5ab7c..20e2e7f 100644
2091 --- a/drivers/net/ethernet/emulex/benet/be_main.c
2092 +++ b/drivers/net/ethernet/emulex/benet/be_main.c
2093 @@ -535,7 +535,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
2094 @@ -46536,10 +46500,10 @@ index 3381c4f..dea5fd5 100644
2095 };
2096
2097 diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
2098 -index e3923eb..2a0373b 100644
2099 +index 3c41a83..5fe2d7f 100644
2100 --- a/drivers/net/ppp/ppp_generic.c
2101 +++ b/drivers/net/ppp/ppp_generic.c
2102 -@@ -1012,7 +1012,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
2103 +@@ -1016,7 +1016,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
2104 void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data;
2105 struct ppp_stats stats;
2106 struct ppp_comp_stats cstats;
2107 @@ -46547,7 +46511,7 @@ index e3923eb..2a0373b 100644
2108
2109 switch (cmd) {
2110 case SIOCGPPPSTATS:
2111 -@@ -1034,8 +1033,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
2112 +@@ -1038,8 +1037,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
2113 break;
2114
2115 case SIOCGPPPVER:
2116 @@ -46698,7 +46662,7 @@ index 660bd5e..ac59452 100644
2117 hso_start_serial_device(serial_table[i], GFP_NOIO);
2118 hso_kick_transmit(dev2ser(serial_table[i]));
2119 diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c
2120 -index 3fbfb08..2c16265 100644
2121 +index d2c0070..3c3da43 100644
2122 --- a/drivers/net/usb/r8152.c
2123 +++ b/drivers/net/usb/r8152.c
2124 @@ -567,7 +567,7 @@ struct r8152 {
2125 @@ -52270,7 +52234,7 @@ index 9c4e292..b89877f 100644
2126 wake_up(&usb_kill_urb_queue);
2127 usb_put_urb(urb);
2128 diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
2129 -index 229a73f..ef86f98 100644
2130 +index 00c4b96..b4498c8 100644
2131 --- a/drivers/usb/core/hub.c
2132 +++ b/drivers/usb/core/hub.c
2133 @@ -27,6 +27,7 @@
2134 @@ -52281,7 +52245,7 @@ index 229a73f..ef86f98 100644
2135
2136 #include <asm/uaccess.h>
2137 #include <asm/byteorder.h>
2138 -@@ -4512,6 +4513,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
2139 +@@ -4531,6 +4532,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1,
2140 goto done;
2141 return;
2142 }
2143 @@ -56283,7 +56247,7 @@ index 2946712..f737435 100644
2144 &data);
2145 if (!inode) {
2146 diff --git a/fs/aio.c b/fs/aio.c
2147 -index e609e15..c9fcd97 100644
2148 +index 6d68e01..573d8dc 100644
2149 --- a/fs/aio.c
2150 +++ b/fs/aio.c
2151 @@ -380,7 +380,7 @@ static int aio_setup_ring(struct kioctx *ctx)
2152 @@ -58465,7 +58429,7 @@ index 4d24d17..4f8c09e 100644
2153
2154 /*
2155 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
2156 -index e822890..59374d5 100644
2157 +index e822890..fed89d9 100644
2158 --- a/fs/compat_ioctl.c
2159 +++ b/fs/compat_ioctl.c
2160 @@ -621,7 +621,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
2161 @@ -58483,7 +58447,7 @@ index e822890..59374d5 100644
2162 return -EFAULT;
2163 - if (get_user(datap, &umsgs[i].buf) ||
2164 - put_user(compat_ptr(datap), &tmsgs[i].buf))
2165 -+ if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) ||
2166 ++ if (get_user(datap, (compat_caddr_t __user *)&umsgs[i].buf) ||
2167 + put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
2168 return -EFAULT;
2169 }
2170 @@ -61450,10 +61414,10 @@ index 13b691a..1ffca5ae 100644
2171 cuse_class = class_create(THIS_MODULE, "cuse");
2172 if (IS_ERR(cuse_class))
2173 diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
2174 -index aac71ce..fcd6a1b 100644
2175 +index 75fa055..73b76d8 100644
2176 --- a/fs/fuse/dev.c
2177 +++ b/fs/fuse/dev.c
2178 -@@ -1323,7 +1323,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
2179 +@@ -1318,7 +1318,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
2180 ret = 0;
2181 pipe_lock(pipe);
2182
2183 @@ -61462,7 +61426,7 @@ index aac71ce..fcd6a1b 100644
2184 send_sig(SIGPIPE, current, 0);
2185 if (!ret)
2186 ret = -EPIPE;
2187 -@@ -1352,7 +1352,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
2188 +@@ -1347,7 +1347,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
2189 page_nr++;
2190 ret += buf->len;
2191
2192 @@ -61472,10 +61436,10 @@ index aac71ce..fcd6a1b 100644
2193 }
2194
2195 diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
2196 -index 4219835..3473b7e 100644
2197 +index 202a972..c4836eb 100644
2198 --- a/fs/fuse/dir.c
2199 +++ b/fs/fuse/dir.c
2200 -@@ -1478,7 +1478,7 @@ static char *read_link(struct dentry *dentry)
2201 +@@ -1479,7 +1479,7 @@ static char *read_link(struct dentry *dentry)
2202 return link;
2203 }
2204
2205 @@ -84195,7 +84159,7 @@ index 0dfcc92..7967849 100644
2206
2207 /* Structure to track chunk fragments that have been acked, but peer
2208 diff --git a/include/net/sock.h b/include/net/sock.h
2209 -index 21569cf..dd60300 100644
2210 +index f5a7e22..043b85f 100644
2211 --- a/include/net/sock.h
2212 +++ b/include/net/sock.h
2213 @@ -348,7 +348,7 @@ struct sock {
2214 @@ -84234,17 +84198,6 @@ index 21569cf..dd60300 100644
2215
2216 static inline struct sock_iocb *kiocb_to_siocb(struct kiocb *iocb)
2217 {
2218 -@@ -1728,8 +1728,8 @@ sk_dst_get(struct sock *sk)
2219 -
2220 - rcu_read_lock();
2221 - dst = rcu_dereference(sk->sk_dst_cache);
2222 -- if (dst)
2223 -- dst_hold(dst);
2224 -+ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
2225 -+ dst = NULL;
2226 - rcu_read_unlock();
2227 - return dst;
2228 - }
2229 @@ -1803,7 +1803,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
2230 }
2231
2232 @@ -86280,7 +86233,7 @@ index 0b097c8..11dd5c5 100644
2233 #ifdef CONFIG_MODULE_UNLOAD
2234 {
2235 diff --git a/kernel/events/core.c b/kernel/events/core.c
2236 -index 440eefc..0909f02 100644
2237 +index 935271c..8888f93 100644
2238 --- a/kernel/events/core.c
2239 +++ b/kernel/events/core.c
2240 @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu;
2241 @@ -89029,7 +88982,7 @@ index 2fac9cc..56fef29 100644
2242 select LZO_COMPRESS
2243 select LZO_DECOMPRESS
2244 diff --git a/kernel/power/process.c b/kernel/power/process.c
2245 -index 06ec886..9dba35e 100644
2246 +index 14f9a8d..98ee610 100644
2247 --- a/kernel/power/process.c
2248 +++ b/kernel/power/process.c
2249 @@ -34,6 +34,7 @@ static int try_to_freeze_tasks(bool user_only)
2250 @@ -90980,10 +90933,10 @@ index 7c7964c..2a0d412 100644
2251 update_vsyscall_tz();
2252 if (firsttime) {
2253 diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
2254 -index 88c9c65..7497ebc 100644
2255 +index fe75444..190c528 100644
2256 --- a/kernel/time/alarmtimer.c
2257 +++ b/kernel/time/alarmtimer.c
2258 -@@ -795,7 +795,7 @@ static int __init alarmtimer_init(void)
2259 +@@ -811,7 +811,7 @@ static int __init alarmtimer_init(void)
2260 struct platform_device *pdev;
2261 int error = 0;
2262 int i;
2263 @@ -91220,7 +91173,7 @@ index c1bd4ad..4b861dc 100644
2264
2265 ret = -EIO;
2266 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
2267 -index 4a54a25..7ca9c89 100644
2268 +index 5aeac53..863ed29 100644
2269 --- a/kernel/trace/ftrace.c
2270 +++ b/kernel/trace/ftrace.c
2271 @@ -1960,12 +1960,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
2272 @@ -91283,7 +91236,7 @@ index 4a54a25..7ca9c89 100644
2273
2274 ftrace_graph_active++;
2275 diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
2276 -index 7c56c3d..9980576 100644
2277 +index ff70271..e1e8cf1 100644
2278 --- a/kernel/trace/ring_buffer.c
2279 +++ b/kernel/trace/ring_buffer.c
2280 @@ -352,9 +352,9 @@ struct buffer_data_page {
2281 @@ -91309,7 +91262,7 @@ index 7c56c3d..9980576 100644
2282 local_t dropped_events;
2283 local_t committing;
2284 local_t commits;
2285 -@@ -995,8 +995,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2286 +@@ -991,8 +991,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2287 *
2288 * We add a counter to the write field to denote this.
2289 */
2290 @@ -91320,7 +91273,7 @@ index 7c56c3d..9980576 100644
2291
2292 /*
2293 * Just make sure we have seen our old_write and synchronize
2294 -@@ -1024,8 +1024,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2295 +@@ -1020,8 +1020,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
2296 * cmpxchg to only update if an interrupt did not already
2297 * do it for us. If the cmpxchg fails, we don't care.
2298 */
2299 @@ -91331,7 +91284,7 @@ index 7c56c3d..9980576 100644
2300
2301 /*
2302 * No need to worry about races with clearing out the commit.
2303 -@@ -1392,12 +1392,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
2304 +@@ -1388,12 +1388,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
2305
2306 static inline unsigned long rb_page_entries(struct buffer_page *bpage)
2307 {
2308 @@ -91346,7 +91299,7 @@ index 7c56c3d..9980576 100644
2309 }
2310
2311 static int
2312 -@@ -1492,7 +1492,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
2313 +@@ -1488,7 +1488,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
2314 * bytes consumed in ring buffer from here.
2315 * Increment overrun to account for the lost events.
2316 */
2317 @@ -91355,7 +91308,7 @@ index 7c56c3d..9980576 100644
2318 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
2319 }
2320
2321 -@@ -2070,7 +2070,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
2322 +@@ -2066,7 +2066,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
2323 * it is our responsibility to update
2324 * the counters.
2325 */
2326 @@ -91364,7 +91317,7 @@ index 7c56c3d..9980576 100644
2327 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
2328
2329 /*
2330 -@@ -2220,7 +2220,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2331 +@@ -2216,7 +2216,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2332 if (tail == BUF_PAGE_SIZE)
2333 tail_page->real_end = 0;
2334
2335 @@ -91373,7 +91326,7 @@ index 7c56c3d..9980576 100644
2336 return;
2337 }
2338
2339 -@@ -2255,7 +2255,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2340 +@@ -2251,7 +2251,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2341 rb_event_set_padding(event);
2342
2343 /* Set the write back to the previous setting */
2344 @@ -91382,7 +91335,7 @@ index 7c56c3d..9980576 100644
2345 return;
2346 }
2347
2348 -@@ -2267,7 +2267,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2349 +@@ -2263,7 +2263,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
2350
2351 /* Set write to end of buffer */
2352 length = (tail + length) - BUF_PAGE_SIZE;
2353 @@ -91391,7 +91344,7 @@ index 7c56c3d..9980576 100644
2354 }
2355
2356 /*
2357 -@@ -2293,7 +2293,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2358 +@@ -2289,7 +2289,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2359 * about it.
2360 */
2361 if (unlikely(next_page == commit_page)) {
2362 @@ -91400,7 +91353,7 @@ index 7c56c3d..9980576 100644
2363 goto out_reset;
2364 }
2365
2366 -@@ -2349,7 +2349,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2367 +@@ -2345,7 +2345,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
2368 cpu_buffer->tail_page) &&
2369 (cpu_buffer->commit_page ==
2370 cpu_buffer->reader_page))) {
2371 @@ -91409,7 +91362,7 @@ index 7c56c3d..9980576 100644
2372 goto out_reset;
2373 }
2374 }
2375 -@@ -2397,7 +2397,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2376 +@@ -2393,7 +2393,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2377 length += RB_LEN_TIME_EXTEND;
2378
2379 tail_page = cpu_buffer->tail_page;
2380 @@ -91418,7 +91371,7 @@ index 7c56c3d..9980576 100644
2381
2382 /* set write to only the index of the write */
2383 write &= RB_WRITE_MASK;
2384 -@@ -2421,7 +2421,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2385 +@@ -2417,7 +2417,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
2386 kmemcheck_annotate_bitfield(event, bitfield);
2387 rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
2388
2389 @@ -91427,7 +91380,7 @@ index 7c56c3d..9980576 100644
2390
2391 /*
2392 * If this is the first commit on the page, then update
2393 -@@ -2454,7 +2454,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2394 +@@ -2450,7 +2450,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2395
2396 if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
2397 unsigned long write_mask =
2398 @@ -91436,7 +91389,7 @@ index 7c56c3d..9980576 100644
2399 unsigned long event_length = rb_event_length(event);
2400 /*
2401 * This is on the tail page. It is possible that
2402 -@@ -2464,7 +2464,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2403 +@@ -2460,7 +2460,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
2404 */
2405 old_index += write_mask;
2406 new_index += write_mask;
2407 @@ -91445,7 +91398,7 @@ index 7c56c3d..9980576 100644
2408 if (index == old_index) {
2409 /* update counters */
2410 local_sub(event_length, &cpu_buffer->entries_bytes);
2411 -@@ -2856,7 +2856,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2412 +@@ -2852,7 +2852,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2413
2414 /* Do the likely case first */
2415 if (likely(bpage->page == (void *)addr)) {
2416 @@ -91454,7 +91407,7 @@ index 7c56c3d..9980576 100644
2417 return;
2418 }
2419
2420 -@@ -2868,7 +2868,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2421 +@@ -2864,7 +2864,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
2422 start = bpage;
2423 do {
2424 if (bpage->page == (void *)addr) {
2425 @@ -91463,7 +91416,7 @@ index 7c56c3d..9980576 100644
2426 return;
2427 }
2428 rb_inc_page(cpu_buffer, &bpage);
2429 -@@ -3152,7 +3152,7 @@ static inline unsigned long
2430 +@@ -3148,7 +3148,7 @@ static inline unsigned long
2431 rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
2432 {
2433 return local_read(&cpu_buffer->entries) -
2434 @@ -91472,7 +91425,7 @@ index 7c56c3d..9980576 100644
2435 }
2436
2437 /**
2438 -@@ -3241,7 +3241,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
2439 +@@ -3237,7 +3237,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
2440 return 0;
2441
2442 cpu_buffer = buffer->buffers[cpu];
2443 @@ -91481,7 +91434,7 @@ index 7c56c3d..9980576 100644
2444
2445 return ret;
2446 }
2447 -@@ -3264,7 +3264,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
2448 +@@ -3260,7 +3260,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
2449 return 0;
2450
2451 cpu_buffer = buffer->buffers[cpu];
2452 @@ -91490,7 +91443,7 @@ index 7c56c3d..9980576 100644
2453
2454 return ret;
2455 }
2456 -@@ -3349,7 +3349,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
2457 +@@ -3345,7 +3345,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
2458 /* if you care about this being correct, lock the buffer */
2459 for_each_buffer_cpu(buffer, cpu) {
2460 cpu_buffer = buffer->buffers[cpu];
2461 @@ -91499,7 +91452,7 @@ index 7c56c3d..9980576 100644
2462 }
2463
2464 return overruns;
2465 -@@ -3525,8 +3525,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2466 +@@ -3521,8 +3521,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2467 /*
2468 * Reset the reader page to size zero.
2469 */
2470 @@ -91510,7 +91463,7 @@ index 7c56c3d..9980576 100644
2471 local_set(&cpu_buffer->reader_page->page->commit, 0);
2472 cpu_buffer->reader_page->real_end = 0;
2473
2474 -@@ -3560,7 +3560,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2475 +@@ -3556,7 +3556,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
2476 * want to compare with the last_overrun.
2477 */
2478 smp_mb();
2479 @@ -91519,7 +91472,7 @@ index 7c56c3d..9980576 100644
2480
2481 /*
2482 * Here's the tricky part.
2483 -@@ -4130,8 +4130,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2484 +@@ -4126,8 +4126,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2485
2486 cpu_buffer->head_page
2487 = list_entry(cpu_buffer->pages, struct buffer_page, list);
2488 @@ -91530,7 +91483,7 @@ index 7c56c3d..9980576 100644
2489 local_set(&cpu_buffer->head_page->page->commit, 0);
2490
2491 cpu_buffer->head_page->read = 0;
2492 -@@ -4141,14 +4141,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2493 +@@ -4137,14 +4137,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
2494
2495 INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
2496 INIT_LIST_HEAD(&cpu_buffer->new_pages);
2497 @@ -91549,7 +91502,7 @@ index 7c56c3d..9980576 100644
2498 local_set(&cpu_buffer->dropped_events, 0);
2499 local_set(&cpu_buffer->entries, 0);
2500 local_set(&cpu_buffer->committing, 0);
2501 -@@ -4553,8 +4553,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
2502 +@@ -4549,8 +4549,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
2503 rb_init_page(bpage);
2504 bpage = reader->page;
2505 reader->page = *data_page;
2506 @@ -91561,10 +91514,10 @@ index 7c56c3d..9980576 100644
2507 *data_page = bpage;
2508
2509 diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
2510 -index 39a1226..2dc2b43 100644
2511 +index 4dcbf7d..dc24fdc 100644
2512 --- a/kernel/trace/trace.c
2513 +++ b/kernel/trace/trace.c
2514 -@@ -3447,7 +3447,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
2515 +@@ -3461,7 +3461,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
2516 return 0;
2517 }
2518
2519 @@ -91607,10 +91560,10 @@ index 26dc348..8708ca7 100644
2520 + return atomic64_inc_return_unchecked(&trace_counter);
2521 }
2522 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
2523 -index 3ddfd8f..41a10fe 100644
2524 +index aec1dac..6ca72ee 100644
2525 --- a/kernel/trace/trace_events.c
2526 +++ b/kernel/trace/trace_events.c
2527 -@@ -1718,7 +1718,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
2528 +@@ -1719,7 +1719,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
2529 return 0;
2530 }
2531
2532 @@ -95928,7 +95881,7 @@ index 14d1e28..3777962 100644
2533
2534 /*
2535 diff --git a/mm/shmem.c b/mm/shmem.c
2536 -index a2801ba..1e82984 100644
2537 +index a731cef..1e82984 100644
2538 --- a/mm/shmem.c
2539 +++ b/mm/shmem.c
2540 @@ -33,7 +33,7 @@
2541 @@ -95940,7 +95893,7 @@ index a2801ba..1e82984 100644
2542
2543 #ifdef CONFIG_SHMEM
2544 /*
2545 -@@ -77,14 +77,15 @@ static struct vfsmount *shm_mnt;
2546 +@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt;
2547 #define BOGO_DIRENT_SIZE 20
2548
2549 /* Symlink up to this size is kmalloc'ed instead of using a swappable page */
2550 @@ -95948,181 +95901,8 @@ index a2801ba..1e82984 100644
2551 +#define SHORT_SYMLINK_LEN 64
2552
2553 /*
2554 -- * shmem_fallocate and shmem_writepage communicate via inode->i_private
2555 -- * (with i_mutex making sure that it has only one user at a time):
2556 -- * we would prefer not to enlarge the shmem inode just for that.
2557 -+ * shmem_fallocate communicates with shmem_fault or shmem_writepage via
2558 -+ * inode->i_private (with i_mutex making sure that it has only one user at
2559 -+ * a time): we would prefer not to enlarge the shmem inode just for that.
2560 - */
2561 - struct shmem_falloc {
2562 -+ wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
2563 - pgoff_t start; /* start of range currently being fallocated */
2564 - pgoff_t next; /* the next page offset to be fallocated */
2565 - pgoff_t nr_falloced; /* how many new pages have been fallocated */
2566 -@@ -467,23 +468,20 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2567 - return;
2568 -
2569 - index = start;
2570 -- for ( ; ; ) {
2571 -+ while (index < end) {
2572 - cond_resched();
2573 -
2574 - pvec.nr = find_get_entries(mapping, index,
2575 - min(end - index, (pgoff_t)PAGEVEC_SIZE),
2576 - pvec.pages, indices);
2577 - if (!pvec.nr) {
2578 -- if (index == start || unfalloc)
2579 -+ /* If all gone or hole-punch or unfalloc, we're done */
2580 -+ if (index == start || end != -1)
2581 - break;
2582 -+ /* But if truncating, restart to make sure all gone */
2583 - index = start;
2584 - continue;
2585 - }
2586 -- if ((index == start || unfalloc) && indices[0] >= end) {
2587 -- pagevec_remove_exceptionals(&pvec);
2588 -- pagevec_release(&pvec);
2589 -- break;
2590 -- }
2591 - mem_cgroup_uncharge_start();
2592 - for (i = 0; i < pagevec_count(&pvec); i++) {
2593 - struct page *page = pvec.pages[i];
2594 -@@ -495,8 +493,12 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2595 - if (radix_tree_exceptional_entry(page)) {
2596 - if (unfalloc)
2597 - continue;
2598 -- nr_swaps_freed += !shmem_free_swap(mapping,
2599 -- index, page);
2600 -+ if (shmem_free_swap(mapping, index, page)) {
2601 -+ /* Swap was replaced by page: retry */
2602 -+ index--;
2603 -+ break;
2604 -+ }
2605 -+ nr_swaps_freed++;
2606 - continue;
2607 - }
2608 -
2609 -@@ -505,6 +507,11 @@ static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
2610 - if (page->mapping == mapping) {
2611 - VM_BUG_ON_PAGE(PageWriteback(page), page);
2612 - truncate_inode_page(mapping, page);
2613 -+ } else {
2614 -+ /* Page was replaced by swap: retry */
2615 -+ unlock_page(page);
2616 -+ index--;
2617 -+ break;
2618 - }
2619 - }
2620 - unlock_page(page);
2621 -@@ -759,6 +766,7 @@ static int shmem_writepage(struct page *page, struct writeback_control *wbc)
2622 - spin_lock(&inode->i_lock);
2623 - shmem_falloc = inode->i_private;
2624 - if (shmem_falloc &&
2625 -+ !shmem_falloc->waitq &&
2626 - index >= shmem_falloc->start &&
2627 - index < shmem_falloc->next)
2628 - shmem_falloc->nr_unswapped++;
2629 -@@ -1233,6 +1241,64 @@ static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
2630 - int error;
2631 - int ret = VM_FAULT_LOCKED;
2632 -
2633 -+ /*
2634 -+ * Trinity finds that probing a hole which tmpfs is punching can
2635 -+ * prevent the hole-punch from ever completing: which in turn
2636 -+ * locks writers out with its hold on i_mutex. So refrain from
2637 -+ * faulting pages into the hole while it's being punched. Although
2638 -+ * shmem_undo_range() does remove the additions, it may be unable to
2639 -+ * keep up, as each new page needs its own unmap_mapping_range() call,
2640 -+ * and the i_mmap tree grows ever slower to scan if new vmas are added.
2641 -+ *
2642 -+ * It does not matter if we sometimes reach this check just before the
2643 -+ * hole-punch begins, so that one fault then races with the punch:
2644 -+ * we just need to make racing faults a rare case.
2645 -+ *
2646 -+ * The implementation below would be much simpler if we just used a
2647 -+ * standard mutex or completion: but we cannot take i_mutex in fault,
2648 -+ * and bloating every shmem inode for this unlikely case would be sad.
2649 -+ */
2650 -+ if (unlikely(inode->i_private)) {
2651 -+ struct shmem_falloc *shmem_falloc;
2652 -+
2653 -+ spin_lock(&inode->i_lock);
2654 -+ shmem_falloc = inode->i_private;
2655 -+ if (shmem_falloc &&
2656 -+ shmem_falloc->waitq &&
2657 -+ vmf->pgoff >= shmem_falloc->start &&
2658 -+ vmf->pgoff < shmem_falloc->next) {
2659 -+ wait_queue_head_t *shmem_falloc_waitq;
2660 -+ DEFINE_WAIT(shmem_fault_wait);
2661 -+
2662 -+ ret = VM_FAULT_NOPAGE;
2663 -+ if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
2664 -+ !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
2665 -+ /* It's polite to up mmap_sem if we can */
2666 -+ up_read(&vma->vm_mm->mmap_sem);
2667 -+ ret = VM_FAULT_RETRY;
2668 -+ }
2669 -+
2670 -+ shmem_falloc_waitq = shmem_falloc->waitq;
2671 -+ prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
2672 -+ TASK_UNINTERRUPTIBLE);
2673 -+ spin_unlock(&inode->i_lock);
2674 -+ schedule();
2675 -+
2676 -+ /*
2677 -+ * shmem_falloc_waitq points into the shmem_fallocate()
2678 -+ * stack of the hole-punching task: shmem_falloc_waitq
2679 -+ * is usually invalid by the time we reach here, but
2680 -+ * finish_wait() does not dereference it in that case;
2681 -+ * though i_lock needed lest racing with wake_up_all().
2682 -+ */
2683 -+ spin_lock(&inode->i_lock);
2684 -+ finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
2685 -+ spin_unlock(&inode->i_lock);
2686 -+ return ret;
2687 -+ }
2688 -+ spin_unlock(&inode->i_lock);
2689 -+ }
2690 -+
2691 - error = shmem_getpage(inode, vmf->pgoff, &vmf->page, SGP_CACHE, &ret);
2692 - if (error)
2693 - return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
2694 -@@ -1737,12 +1803,25 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2695 - struct address_space *mapping = file->f_mapping;
2696 - loff_t unmap_start = round_up(offset, PAGE_SIZE);
2697 - loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
2698 -+ DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
2699 -+
2700 -+ shmem_falloc.waitq = &shmem_falloc_waitq;
2701 -+ shmem_falloc.start = unmap_start >> PAGE_SHIFT;
2702 -+ shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
2703 -+ spin_lock(&inode->i_lock);
2704 -+ inode->i_private = &shmem_falloc;
2705 -+ spin_unlock(&inode->i_lock);
2706 -
2707 - if ((u64)unmap_end > (u64)unmap_start)
2708 - unmap_mapping_range(mapping, unmap_start,
2709 - 1 + unmap_end - unmap_start, 0);
2710 - shmem_truncate_range(inode, offset, offset + len - 1);
2711 - /* No need to unmap again: hole-punching leaves COWed pages */
2712 -+
2713 -+ spin_lock(&inode->i_lock);
2714 -+ inode->i_private = NULL;
2715 -+ wake_up_all(&shmem_falloc_waitq);
2716 -+ spin_unlock(&inode->i_lock);
2717 - error = 0;
2718 - goto out;
2719 - }
2720 -@@ -1760,6 +1839,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2721 - goto out;
2722 - }
2723 -
2724 -+ shmem_falloc.waitq = NULL;
2725 - shmem_falloc.start = start;
2726 - shmem_falloc.next = start;
2727 - shmem_falloc.nr_falloced = 0;
2728 -@@ -2138,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
2729 + * shmem_fallocate communicates with shmem_fault or shmem_writepage via
2730 +@@ -2218,6 +2218,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
2731 static int shmem_xattr_validate(const char *name)
2732 {
2733 struct { const char *prefix; size_t len; } arr[] = {
2734 @@ -96134,7 +95914,7 @@ index a2801ba..1e82984 100644
2735 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
2736 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
2737 };
2738 -@@ -2193,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
2739 +@@ -2273,6 +2278,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
2740 if (err)
2741 return err;
2742
2743 @@ -96150,7 +95930,7 @@ index a2801ba..1e82984 100644
2744 return simple_xattr_set(&info->xattrs, name, value, size, flags);
2745 }
2746
2747 -@@ -2505,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
2748 +@@ -2585,8 +2599,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
2749 int err = -ENOMEM;
2750
2751 /* Round up to L1_CACHE_BYTES to resist false sharing */
2752 @@ -98527,10 +98307,10 @@ index a16ed7b..eb44d17 100644
2753
2754 return err;
2755 diff --git a/net/core/dev.c b/net/core/dev.c
2756 -index a30bef1..51d3e33 100644
2757 +index a7621f3..ca7dac3 100644
2758 --- a/net/core/dev.c
2759 +++ b/net/core/dev.c
2760 -@@ -1683,14 +1683,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
2761 +@@ -1690,14 +1690,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
2762 {
2763 if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
2764 if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
2765 @@ -98547,7 +98327,7 @@ index a30bef1..51d3e33 100644
2766 kfree_skb(skb);
2767 return NET_RX_DROP;
2768 }
2769 -@@ -2463,7 +2463,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
2770 +@@ -2470,7 +2470,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
2771
2772 struct dev_gso_cb {
2773 void (*destructor)(struct sk_buff *skb);
2774 @@ -98556,7 +98336,7 @@ index a30bef1..51d3e33 100644
2775
2776 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
2777
2778 -@@ -2893,7 +2893,7 @@ recursion_alert:
2779 +@@ -2900,7 +2900,7 @@ recursion_alert:
2780 rc = -ENETDOWN;
2781 rcu_read_unlock_bh();
2782
2783 @@ -98565,7 +98345,7 @@ index a30bef1..51d3e33 100644
2784 kfree_skb(skb);
2785 return rc;
2786 out:
2787 -@@ -3237,7 +3237,7 @@ enqueue:
2788 +@@ -3244,7 +3244,7 @@ enqueue:
2789
2790 local_irq_restore(flags);
2791
2792 @@ -98574,7 +98354,7 @@ index a30bef1..51d3e33 100644
2793 kfree_skb(skb);
2794 return NET_RX_DROP;
2795 }
2796 -@@ -3314,7 +3314,7 @@ int netif_rx_ni(struct sk_buff *skb)
2797 +@@ -3321,7 +3321,7 @@ int netif_rx_ni(struct sk_buff *skb)
2798 }
2799 EXPORT_SYMBOL(netif_rx_ni);
2800
2801 @@ -98583,7 +98363,7 @@ index a30bef1..51d3e33 100644
2802 {
2803 struct softnet_data *sd = &__get_cpu_var(softnet_data);
2804
2805 -@@ -3647,7 +3647,7 @@ ncls:
2806 +@@ -3654,7 +3654,7 @@ ncls:
2807 ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
2808 } else {
2809 drop:
2810 @@ -98592,7 +98372,7 @@ index a30bef1..51d3e33 100644
2811 kfree_skb(skb);
2812 /* Jamal, now you will not able to escape explaining
2813 * me how you were going to use this. :-)
2814 -@@ -4366,7 +4366,7 @@ void netif_napi_del(struct napi_struct *napi)
2815 +@@ -4375,7 +4375,7 @@ void netif_napi_del(struct napi_struct *napi)
2816 }
2817 EXPORT_SYMBOL(netif_napi_del);
2818
2819 @@ -98601,7 +98381,7 @@ index a30bef1..51d3e33 100644
2820 {
2821 struct softnet_data *sd = &__get_cpu_var(softnet_data);
2822 unsigned long time_limit = jiffies + 2;
2823 -@@ -6366,8 +6366,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
2824 +@@ -6375,8 +6375,8 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
2825 } else {
2826 netdev_stats_to_stats64(storage, &dev->stats);
2827 }
2828 @@ -98630,42 +98410,8 @@ index cf999e0..c59a975 100644
2829 }
2830 }
2831 EXPORT_SYMBOL(dev_load);
2832 -diff --git a/net/core/dst.c b/net/core/dst.c
2833 -index 80d6286..a028409 100644
2834 ---- a/net/core/dst.c
2835 -+++ b/net/core/dst.c
2836 -@@ -269,6 +269,15 @@ again:
2837 - }
2838 - EXPORT_SYMBOL(dst_destroy);
2839 -
2840 -+static void dst_destroy_rcu(struct rcu_head *head)
2841 -+{
2842 -+ struct dst_entry *dst = container_of(head, struct dst_entry, rcu_head);
2843 -+
2844 -+ dst = dst_destroy(dst);
2845 -+ if (dst)
2846 -+ __dst_free(dst);
2847 -+}
2848 -+
2849 - void dst_release(struct dst_entry *dst)
2850 - {
2851 - if (dst) {
2852 -@@ -276,11 +285,8 @@ void dst_release(struct dst_entry *dst)
2853 -
2854 - newrefcnt = atomic_dec_return(&dst->__refcnt);
2855 - WARN_ON(newrefcnt < 0);
2856 -- if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt) {
2857 -- dst = dst_destroy(dst);
2858 -- if (dst)
2859 -- __dst_free(dst);
2860 -- }
2861 -+ if (unlikely(dst->flags & DST_NOCACHE) && !newrefcnt)
2862 -+ call_rcu(&dst->rcu_head, dst_destroy_rcu);
2863 - }
2864 - }
2865 - EXPORT_SYMBOL(dst_release);
2866 diff --git a/net/core/filter.c b/net/core/filter.c
2867 -index 4aec7b9..5cf605c 100644
2868 +index 5310d5e..01f885e 100644
2869 --- a/net/core/filter.c
2870 +++ b/net/core/filter.c
2871 @@ -1121,7 +1121,11 @@ do_pass:
2872 @@ -99019,7 +98765,7 @@ index b442e7e..6f5b5a2 100644
2873 {
2874 struct socket *sock;
2875 diff --git a/net/core/skbuff.c b/net/core/skbuff.c
2876 -index 8383b2b..6397efb 100644
2877 +index 9433047..8763e83 100644
2878 --- a/net/core/skbuff.c
2879 +++ b/net/core/skbuff.c
2880 @@ -2003,7 +2003,7 @@ EXPORT_SYMBOL(__skb_checksum);
2881 @@ -99031,7 +98777,7 @@ index 8383b2b..6397efb 100644
2882 .update = csum_partial_ext,
2883 .combine = csum_block_add_ext,
2884 };
2885 -@@ -3220,13 +3220,15 @@ void __init skb_init(void)
2886 +@@ -3221,13 +3221,15 @@ void __init skb_init(void)
2887 skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
2888 sizeof(struct sk_buff),
2889 0,
2890 @@ -99342,21 +99088,6 @@ index 5325b54..a0d4d69 100644
2891 return -EFAULT;
2892
2893 *lenp = len;
2894 -diff --git a/net/dns_resolver/dns_query.c b/net/dns_resolver/dns_query.c
2895 -index e7b6d53..f005cc7 100644
2896 ---- a/net/dns_resolver/dns_query.c
2897 -+++ b/net/dns_resolver/dns_query.c
2898 -@@ -149,7 +149,9 @@ int dns_query(const char *type, const char *name, size_t namelen,
2899 - if (!*_result)
2900 - goto put;
2901 -
2902 -- memcpy(*_result, upayload->data, len + 1);
2903 -+ memcpy(*_result, upayload->data, len);
2904 -+ (*_result)[len] = '\0';
2905 -+
2906 - if (_expiry)
2907 - *_expiry = rkey->expiry;
2908 -
2909 diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c
2910 index ef2d543..5b9b73f 100644
2911 --- a/net/ieee802154/reassembly.c
2912 @@ -99400,10 +99131,10 @@ index ef2d543..5b9b73f 100644
2913 return -ENOMEM;
2914 }
2915 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
2916 -index 6d6dd34..e5c9bec 100644
2917 +index 6af8ab6..3831cb8 100644
2918 --- a/net/ipv4/af_inet.c
2919 +++ b/net/ipv4/af_inet.c
2920 -@@ -1736,13 +1736,9 @@ static int __init inet_init(void)
2921 +@@ -1739,13 +1739,9 @@ static int __init inet_init(void)
2922
2923 BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
2924
2925 @@ -99418,7 +99149,7 @@ index 6d6dd34..e5c9bec 100644
2926
2927 rc = proto_register(&udp_prot, 1);
2928 if (rc)
2929 -@@ -1852,8 +1848,6 @@ out_unregister_udp_proto:
2930 +@@ -1855,8 +1851,6 @@ out_unregister_udp_proto:
2931 proto_unregister(&udp_prot);
2932 out_unregister_tcp_proto:
2933 proto_unregister(&tcp_prot);
2934 @@ -99702,42 +99433,6 @@ index 64741b9..6f334a2 100644
2935 msg.msg_controllen = len;
2936 msg.msg_flags = flags;
2937
2938 -diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
2939 -index 2acc233..b93143f 100644
2940 ---- a/net/ipv4/ip_tunnel.c
2941 -+++ b/net/ipv4/ip_tunnel.c
2942 -@@ -73,12 +73,7 @@ static void __tunnel_dst_set(struct ip_tunnel_dst *idst,
2943 - {
2944 - struct dst_entry *old_dst;
2945 -
2946 -- if (dst) {
2947 -- if (dst->flags & DST_NOCACHE)
2948 -- dst = NULL;
2949 -- else
2950 -- dst_clone(dst);
2951 -- }
2952 -+ dst_clone(dst);
2953 - old_dst = xchg((__force struct dst_entry **)&idst->dst, dst);
2954 - dst_release(old_dst);
2955 - }
2956 -@@ -108,13 +103,14 @@ static struct rtable *tunnel_rtable_get(struct ip_tunnel *t, u32 cookie)
2957 -
2958 - rcu_read_lock();
2959 - dst = rcu_dereference(this_cpu_ptr(t->dst_cache)->dst);
2960 -+ if (dst && !atomic_inc_not_zero(&dst->__refcnt))
2961 -+ dst = NULL;
2962 - if (dst) {
2963 - if (dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
2964 -- rcu_read_unlock();
2965 - tunnel_dst_reset(t);
2966 -- return NULL;
2967 -+ dst_release(dst);
2968 -+ dst = NULL;
2969 - }
2970 -- dst_hold(dst);
2971 - }
2972 - rcu_read_unlock();
2973 - return (struct rtable *)dst;
2974 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
2975 index 13ef00f..8ffca25 100644
2976 --- a/net/ipv4/ip_vti.c
2977 @@ -100102,7 +99797,7 @@ index a9dbe58..46f577f 100644
2978
2979 static int raw_seq_show(struct seq_file *seq, void *v)
2980 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
2981 -index 5e676be..f6c62f1 100644
2982 +index be9f2b1..29f966d 100644
2983 --- a/net/ipv4/route.c
2984 +++ b/net/ipv4/route.c
2985 @@ -227,7 +227,7 @@ static const struct seq_operations rt_cache_seq_ops = {
2986 @@ -100132,7 +99827,7 @@ index 5e676be..f6c62f1 100644
2987 }
2988
2989 static const struct file_operations rt_acct_proc_fops = {
2990 -@@ -2610,34 +2610,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
2991 +@@ -2611,34 +2611,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
2992 .maxlen = sizeof(int),
2993 .mode = 0200,
2994 .proc_handler = ipv4_sysctl_rtcache_flush,
2995 @@ -100175,7 +99870,7 @@ index 5e676be..f6c62f1 100644
2996 err_dup:
2997 return -ENOMEM;
2998 }
2999 -@@ -2660,8 +2660,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
3000 +@@ -2661,8 +2661,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
3001
3002 static __net_init int rt_genid_init(struct net *net)
3003 {
3004 @@ -100308,7 +100003,7 @@ index 5cde8f2..5f5684e 100644
3005 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
3006 if (hdr == NULL)
3007 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
3008 -index 3a26b3b..8bbe4ae 100644
3009 +index 09b85cd..df9c266 100644
3010 --- a/net/ipv4/tcp_input.c
3011 +++ b/net/ipv4/tcp_input.c
3012 @@ -754,7 +754,7 @@ static void tcp_update_pacing_rate(struct sock *sk)
3013 @@ -102518,7 +102213,7 @@ index 11de55e..f25e448 100644
3014 return 0;
3015 }
3016 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
3017 -index f22757a..daf62a2 100644
3018 +index 6c0fe97..1d852df 100644
3019 --- a/net/netlink/af_netlink.c
3020 +++ b/net/netlink/af_netlink.c
3021 @@ -257,7 +257,7 @@ static void netlink_overrun(struct sock *sk)
3022 @@ -103292,37 +102987,37 @@ index fee06b9..eabc613 100644
3023 return -EFAULT;
3024 to += addrlen;
3025 diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
3026 -index c82fdc1..4ca1f95 100644
3027 +index dfa532f..1dcfb44 100644
3028 --- a/net/sctp/sysctl.c
3029 +++ b/net/sctp/sysctl.c
3030 -@@ -308,7 +308,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
3031 +@@ -307,7 +307,7 @@ static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write,
3032 + loff_t *ppos)
3033 {
3034 struct net *net = current->nsproxy->net_ns;
3035 - char tmp[8];
3036 - struct ctl_table tbl;
3037 + ctl_table_no_const tbl;
3038 - int ret;
3039 - int changed = 0;
3040 + bool changed = false;
3041 char *none = "none";
3042 + char tmp[8];
3043 @@ -355,7 +355,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
3044 - {
3045 struct net *net = current->nsproxy->net_ns;
3046 - int new_value;
3047 -- struct ctl_table tbl;
3048 -+ ctl_table_no_const tbl;
3049 unsigned int min = *(unsigned int *) ctl->extra1;
3050 unsigned int max = *(unsigned int *) ctl->extra2;
3051 - int ret;
3052 -@@ -382,7 +382,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
3053 - {
3054 - struct net *net = current->nsproxy->net_ns;
3055 - int new_value;
3056 - struct ctl_table tbl;
3057 + ctl_table_no_const tbl;
3058 + int ret, new_value;
3059 +
3060 + memset(&tbl, 0, sizeof(struct ctl_table));
3061 +@@ -384,7 +384,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
3062 + struct net *net = current->nsproxy->net_ns;
3063 unsigned int min = *(unsigned int *) ctl->extra1;
3064 unsigned int max = *(unsigned int *) ctl->extra2;
3065 - int ret;
3066 -@@ -408,7 +408,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
3067 +- struct ctl_table tbl;
3068 ++ ctl_table_no_const tbl;
3069 + int ret, new_value;
3070 +
3071 + memset(&tbl, 0, sizeof(struct ctl_table));
3072 +@@ -411,7 +411,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
3073 loff_t *ppos)
3074 {
3075 struct net *net = current->nsproxy->net_ns;
3076 @@ -103331,7 +103026,7 @@ index c82fdc1..4ca1f95 100644
3077 int new_value, ret;
3078
3079 memset(&tbl, 0, sizeof(struct ctl_table));
3080 -@@ -436,7 +436,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
3081 +@@ -438,7 +438,7 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write,
3082
3083 int sctp_sysctl_net_register(struct net *net)
3084 {
3085 @@ -103340,7 +103035,7 @@ index c82fdc1..4ca1f95 100644
3086
3087 if (!net_eq(net, &init_net)) {
3088 int i;
3089 -@@ -449,7 +449,10 @@ int sctp_sysctl_net_register(struct net *net)
3090 +@@ -451,7 +451,10 @@ int sctp_sysctl_net_register(struct net *net)
3091 table[i].data += (char *)(&net->sctp) - (char *)&init_net.sctp;
3092 }
3093
3094 @@ -103352,26 +103047,6 @@ index c82fdc1..4ca1f95 100644
3095 return 0;
3096 }
3097
3098 -diff --git a/net/sctp/ulpevent.c b/net/sctp/ulpevent.c
3099 -index 85c6465..879f3cd 100644
3100 ---- a/net/sctp/ulpevent.c
3101 -+++ b/net/sctp/ulpevent.c
3102 -@@ -411,6 +411,7 @@ struct sctp_ulpevent *sctp_ulpevent_make_remote_error(
3103 - * sre_type:
3104 - * It should be SCTP_REMOTE_ERROR.
3105 - */
3106 -+ memset(sre, 0, sizeof(*sre));
3107 - sre->sre_type = SCTP_REMOTE_ERROR;
3108 -
3109 - /*
3110 -@@ -916,6 +917,7 @@ void sctp_ulpevent_read_sndrcvinfo(const struct sctp_ulpevent *event,
3111 - * For recvmsg() the SCTP stack places the message's stream number in
3112 - * this value.
3113 - */
3114 -+ memset(&sinfo, 0, sizeof(sinfo));
3115 - sinfo.sinfo_stream = event->stream;
3116 - /* sinfo_ssn: 16 bits (unsigned integer)
3117 - *
3118 diff --git a/net/socket.c b/net/socket.c
3119 index abf56b2..b8998bc 100644
3120 --- a/net/socket.c
3121 @@ -110806,10 +110481,10 @@ index 0000000..12b1e3b
3122 +exit 0
3123 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
3124 new file mode 100644
3125 -index 0000000..3e8148c
3126 +index 0000000..c43901f
3127 --- /dev/null
3128 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
3129 -@@ -0,0 +1,790 @@
3130 +@@ -0,0 +1,748 @@
3131 +/*
3132 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3133 + * Licensed under the GPL v2, or (at your option) v3
3134 @@ -111289,45 +110964,6 @@ index 0000000..3e8148c
3135 + return true;
3136 +}
3137 +
3138 -+static bool is_from_cast(const_tree node)
3139 -+{
3140 -+ gimple def_stmt = get_def_stmt(node);
3141 -+
3142 -+ if (!def_stmt)
3143 -+ return false;
3144 -+
3145 -+ if (gimple_assign_cast_p(def_stmt))
3146 -+ return true;
3147 -+
3148 -+ return false;
3149 -+}
3150 -+
3151 -+// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
3152 -+static bool skip_ptr_minus(gimple stmt)
3153 -+{
3154 -+ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
3155 -+
3156 -+ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
3157 -+ return false;
3158 -+
3159 -+ rhs1 = gimple_assign_rhs1(stmt);
3160 -+ if (!is_from_cast(rhs1))
3161 -+ return false;
3162 -+
3163 -+ rhs2 = gimple_assign_rhs2(stmt);
3164 -+ if (!is_from_cast(rhs2))
3165 -+ return false;
3166 -+
3167 -+ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
3168 -+ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
3169 -+
3170 -+ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
3171 -+ return false;
3172 -+
3173 -+ create_mark_asm(stmt, MARK_YES);
3174 -+ return true;
3175 -+}
3176 -+
3177 +static void walk_use_def_ptr(struct pointer_set_t *visited, const_tree lhs)
3178 +{
3179 + gimple def_stmt;
3180 @@ -111361,9 +110997,6 @@ index 0000000..3e8148c
3181 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
3182 + return;
3183 + case 3:
3184 -+ if (skip_ptr_minus(def_stmt))
3185 -+ return;
3186 -+
3187 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
3188 + walk_use_def_ptr(visited, gimple_assign_rhs2(def_stmt));
3189 + return;
3190 @@ -111602,10 +111235,10 @@ index 0000000..3e8148c
3191 +}
3192 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
3193 new file mode 100644
3194 -index 0000000..88469e9
3195 +index 0000000..73f0a12
3196 --- /dev/null
3197 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
3198 -@@ -0,0 +1,902 @@
3199 +@@ -0,0 +1,943 @@
3200 +/*
3201 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3202 + * Licensed under the GPL v2, or (at your option) v3
3203 @@ -112329,6 +111962,44 @@ index 0000000..88469e9
3204 + inform(loc, "Integer size_overflow check applied here.");
3205 +}
3206 +
3207 ++static bool is_from_cast(const_tree node)
3208 ++{
3209 ++ gimple def_stmt = get_def_stmt(node);
3210 ++
3211 ++ if (!def_stmt)
3212 ++ return false;
3213 ++
3214 ++ if (gimple_assign_cast_p(def_stmt))
3215 ++ return true;
3216 ++
3217 ++ return false;
3218 ++}
3219 ++
3220 ++// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
3221 ++static bool is_a_ptr_minus(gimple stmt)
3222 ++{
3223 ++ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
3224 ++
3225 ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
3226 ++ return false;
3227 ++
3228 ++ rhs1 = gimple_assign_rhs1(stmt);
3229 ++ if (!is_from_cast(rhs1))
3230 ++ return false;
3231 ++
3232 ++ rhs2 = gimple_assign_rhs2(stmt);
3233 ++ if (!is_from_cast(rhs2))
3234 ++ return false;
3235 ++
3236 ++ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
3237 ++ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
3238 ++
3239 ++ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
3240 ++ return false;
3241 ++
3242 ++ return true;
3243 ++}
3244 ++
3245 +static tree handle_binary_ops(struct visited *visited, struct cgraph_node *caller_node, tree lhs)
3246 +{
3247 + enum intentional_overflow_type res;
3248 @@ -112337,6 +112008,9 @@ index 0000000..88469e9
3249 + tree new_rhs1 = NULL_TREE;
3250 + tree new_rhs2 = NULL_TREE;
3251 +
3252 ++ if (is_a_ptr_minus(def_stmt))
3253 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
3254 ++
3255 + rhs1 = gimple_assign_rhs1(def_stmt);
3256 + rhs2 = gimple_assign_rhs2(def_stmt);
3257 +
3258 @@ -112510,7 +112184,7 @@ index 0000000..88469e9
3259 +
3260 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
3261 new file mode 100644
3262 -index 0000000..715a590
3263 +index 0000000..df50164
3264 --- /dev/null
3265 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
3266 @@ -0,0 +1,1141 @@
3267 @@ -112749,7 +112423,7 @@ index 0000000..715a590
3268 +
3269 + switch (gimple_code(def_stmt)) {
3270 + case GIMPLE_CALL:
3271 -+ if (lhs == gimple_return_retval(def_stmt))
3272 ++ if (lhs == gimple_call_lhs(def_stmt))
3273 + interesting_conditions[RET] = true;
3274 + return;
3275 + case GIMPLE_NOP:
3276 @@ -113657,10 +113331,10 @@ index 0000000..715a590
3277 +
3278 diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
3279 new file mode 100644
3280 -index 0000000..38904bc
3281 +index 0000000..d71d72a
3282 --- /dev/null
3283 +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
3284 -@@ -0,0 +1,733 @@
3285 +@@ -0,0 +1,736 @@
3286 +/*
3287 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3288 + * Licensed under the GPL v2, or (at your option) v3
3289 @@ -114265,6 +113939,9 @@ index 0000000..38904bc
3290 + } else
3291 + return false;
3292 +
3293 ++ if (!is_gimple_assign(def_stmt))
3294 ++ return false;
3295 ++
3296 + if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR && gimple_assign_rhs_code(def_stmt) != MINUS_EXPR)
3297 + return false;
3298 +
3299 @@ -120916,7 +120593,7 @@ index 0000000..560cd7b
3300 +zpios_read_64734 zpios_read 3 64734 NULL
3301 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
3302 new file mode 100644
3303 -index 0000000..a15328d
3304 +index 0000000..95f7abd
3305 --- /dev/null
3306 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
3307 @@ -0,0 +1,259 @@
3308 @@ -120952,7 +120629,7 @@ index 0000000..a15328d
3309 +tree size_overflow_type_TI;
3310 +
3311 +static struct plugin_info size_overflow_plugin_info = {
3312 -+ .version = "20140713",
3313 ++ .version = "20140725",
3314 + .help = "no-size-overflow\tturn off size overflow checking\n",
3315 +};
3316 +
3317
3318 diff --git a/3.15.6/4425_grsec_remove_EI_PAX.patch b/3.15.7/4425_grsec_remove_EI_PAX.patch
3319 similarity index 100%
3320 rename from 3.15.6/4425_grsec_remove_EI_PAX.patch
3321 rename to 3.15.7/4425_grsec_remove_EI_PAX.patch
3322
3323 diff --git a/3.15.6/4427_force_XATTR_PAX_tmpfs.patch b/3.15.7/4427_force_XATTR_PAX_tmpfs.patch
3324 similarity index 100%
3325 rename from 3.15.6/4427_force_XATTR_PAX_tmpfs.patch
3326 rename to 3.15.7/4427_force_XATTR_PAX_tmpfs.patch
3327
3328 diff --git a/3.15.6/4430_grsec-remove-localversion-grsec.patch b/3.15.7/4430_grsec-remove-localversion-grsec.patch
3329 similarity index 100%
3330 rename from 3.15.6/4430_grsec-remove-localversion-grsec.patch
3331 rename to 3.15.7/4430_grsec-remove-localversion-grsec.patch
3332
3333 diff --git a/3.15.6/4435_grsec-mute-warnings.patch b/3.15.7/4435_grsec-mute-warnings.patch
3334 similarity index 100%
3335 rename from 3.15.6/4435_grsec-mute-warnings.patch
3336 rename to 3.15.7/4435_grsec-mute-warnings.patch
3337
3338 diff --git a/3.15.6/4440_grsec-remove-protected-paths.patch b/3.15.7/4440_grsec-remove-protected-paths.patch
3339 similarity index 100%
3340 rename from 3.15.6/4440_grsec-remove-protected-paths.patch
3341 rename to 3.15.7/4440_grsec-remove-protected-paths.patch
3342
3343 diff --git a/3.15.6/4450_grsec-kconfig-default-gids.patch b/3.15.7/4450_grsec-kconfig-default-gids.patch
3344 similarity index 100%
3345 rename from 3.15.6/4450_grsec-kconfig-default-gids.patch
3346 rename to 3.15.7/4450_grsec-kconfig-default-gids.patch
3347
3348 diff --git a/3.15.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.15.7/4465_selinux-avc_audit-log-curr_ip.patch
3349 similarity index 100%
3350 rename from 3.15.6/4465_selinux-avc_audit-log-curr_ip.patch
3351 rename to 3.15.7/4465_selinux-avc_audit-log-curr_ip.patch
3352
3353 diff --git a/3.15.6/4470_disable-compat_vdso.patch b/3.15.7/4470_disable-compat_vdso.patch
3354 similarity index 100%
3355 rename from 3.15.6/4470_disable-compat_vdso.patch
3356 rename to 3.15.7/4470_disable-compat_vdso.patch
3357
3358 diff --git a/3.15.6/4475_emutramp_default_on.patch b/3.15.7/4475_emutramp_default_on.patch
3359 similarity index 100%
3360 rename from 3.15.6/4475_emutramp_default_on.patch
3361 rename to 3.15.7/4475_emutramp_default_on.patch
3362
3363 diff --git a/3.2.61/0000_README b/3.2.61/0000_README
3364 index be52f3a..d8b2bdd 100644
3365 --- a/3.2.61/0000_README
3366 +++ b/3.2.61/0000_README
3367 @@ -162,7 +162,7 @@ Patch: 1060_linux-3.2.61.patch
3368 From: http://www.kernel.org
3369 Desc: Linux 3.2.61
3370
3371 -Patch: 4420_grsecurity-3.0-3.2.61-201407232156.patch
3372 +Patch: 4420_grsecurity-3.0-3.2.61-201407280723.patch
3373 From: http://www.grsecurity.net
3374 Desc: hardened-sources base patch from upstream grsecurity
3375
3376
3377 diff --git a/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch b/3.2.61/4420_grsecurity-3.0-3.2.61-201407280723.patch
3378 similarity index 99%
3379 rename from 3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch
3380 rename to 3.2.61/4420_grsecurity-3.0-3.2.61-201407280723.patch
3381 index c484237..d3add23 100644
3382 --- a/3.2.61/4420_grsecurity-3.0-3.2.61-201407232156.patch
3383 +++ b/3.2.61/4420_grsecurity-3.0-3.2.61-201407280723.patch
3384 @@ -273,7 +273,7 @@ index 88fd7f5..b318a78 100644
3385 ==============================================================
3386
3387 diff --git a/Makefile b/Makefile
3388 -index f8b642d..e7f48fd 100644
3389 +index f8b642d..8741e65 100644
3390 --- a/Makefile
3391 +++ b/Makefile
3392 @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
3393 @@ -388,8 +388,12 @@ index f8b642d..e7f48fd 100644
3394 include $(srctree)/arch/$(SRCARCH)/Makefile
3395
3396 ifneq ($(CONFIG_FRAME_WARN),0)
3397 -@@ -594,7 +667,7 @@ endif
3398 +@@ -592,9 +665,11 @@ KBUILD_CFLAGS += -fomit-frame-pointer
3399 + endif
3400 + endif
3401
3402 ++KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments)
3403 ++
3404 ifdef CONFIG_DEBUG_INFO
3405 KBUILD_CFLAGS += -g
3406 -KBUILD_AFLAGS += -gdwarf-2
3407 @@ -397,7 +401,7 @@ index f8b642d..e7f48fd 100644
3408 endif
3409
3410 ifdef CONFIG_DEBUG_INFO_REDUCED
3411 -@@ -708,7 +781,7 @@ export mod_strip_cmd
3412 +@@ -708,7 +783,7 @@ export mod_strip_cmd
3413
3414
3415 ifeq ($(KBUILD_EXTMOD),)
3416 @@ -406,7 +410,7 @@ index f8b642d..e7f48fd 100644
3417
3418 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
3419 $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
3420 -@@ -932,6 +1005,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
3421 +@@ -932,6 +1007,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE
3422
3423 # The actual objects are generated when descending,
3424 # make sure no implicit rule kicks in
3425 @@ -415,7 +419,7 @@ index f8b642d..e7f48fd 100644
3426 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
3427
3428 # Handle descending into subdirectories listed in $(vmlinux-dirs)
3429 -@@ -941,7 +1016,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
3430 +@@ -941,7 +1018,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ;
3431 # Error messages still appears in the original language
3432
3433 PHONY += $(vmlinux-dirs)
3434 @@ -424,7 +428,7 @@ index f8b642d..e7f48fd 100644
3435 $(Q)$(MAKE) $(build)=$@
3436
3437 # Store (new) KERNELRELASE string in include/config/kernel.release
3438 -@@ -981,10 +1056,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
3439 +@@ -981,10 +1058,13 @@ prepare1: prepare2 include/linux/version.h include/generated/utsrelease.h \
3440
3441 archprepare: archscripts prepare1 scripts_basic
3442
3443 @@ -438,7 +442,7 @@ index f8b642d..e7f48fd 100644
3444 prepare: prepare0
3445
3446 # Generate some files
3447 -@@ -1089,6 +1167,8 @@ all: modules
3448 +@@ -1089,6 +1169,8 @@ all: modules
3449 # using awk while concatenating to the final file.
3450
3451 PHONY += modules
3452 @@ -447,7 +451,7 @@ index f8b642d..e7f48fd 100644
3453 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
3454 $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
3455 @$(kecho) ' Building modules, stage 2.';
3456 -@@ -1104,7 +1184,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
3457 +@@ -1104,7 +1186,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
3458
3459 # Target to prepare building external modules
3460 PHONY += modules_prepare
3461 @@ -456,7 +460,7 @@ index f8b642d..e7f48fd 100644
3462
3463 # Target to install modules
3464 PHONY += modules_install
3465 -@@ -1164,6 +1244,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
3466 +@@ -1164,6 +1246,9 @@ MRPROPER_DIRS += include/config usr/include include/generated \
3467 arch/*/include/generated
3468 MRPROPER_FILES += .config .config.old .version .old_version \
3469 include/linux/version.h \
3470 @@ -466,7 +470,7 @@ index f8b642d..e7f48fd 100644
3471 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS
3472
3473 # clean - Delete most, but leave enough to build external modules
3474 -@@ -1200,7 +1283,7 @@ distclean: mrproper
3475 +@@ -1200,7 +1285,7 @@ distclean: mrproper
3476 @find $(srctree) $(RCS_FIND_IGNORE) \
3477 \( -name '*.orig' -o -name '*.rej' -o -name '*~' \
3478 -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
3479 @@ -475,7 +479,7 @@ index f8b642d..e7f48fd 100644
3480 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
3481 -type f -print | xargs rm -f
3482
3483 -@@ -1361,6 +1444,8 @@ PHONY += $(module-dirs) modules
3484 +@@ -1361,6 +1446,8 @@ PHONY += $(module-dirs) modules
3485 $(module-dirs): crmodverdir $(objtree)/Module.symvers
3486 $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
3487
3488 @@ -484,7 +488,7 @@ index f8b642d..e7f48fd 100644
3489 modules: $(module-dirs)
3490 @$(kecho) ' Building modules, stage 2.';
3491 $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
3492 -@@ -1487,17 +1572,21 @@ else
3493 +@@ -1487,17 +1574,21 @@ else
3494 target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
3495 endif
3496
3497 @@ -510,7 +514,7 @@ index f8b642d..e7f48fd 100644
3498 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
3499 %.symtypes: %.c prepare scripts FORCE
3500 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
3501 -@@ -1507,11 +1596,15 @@ endif
3502 +@@ -1507,11 +1598,15 @@ endif
3503 $(cmd_crmodverdir)
3504 $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
3505 $(build)=$(build-dir)
3506 @@ -56541,7 +56545,7 @@ index 112e45a..b59845b 100644
3507
3508 /*
3509 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
3510 -index f854cf9..5132aab 100644
3511 +index f854cf9..7ff0465 100644
3512 --- a/fs/compat_ioctl.c
3513 +++ b/fs/compat_ioctl.c
3514 @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
3515 @@ -56559,7 +56563,7 @@ index f854cf9..5132aab 100644
3516 return -EFAULT;
3517 - if (get_user(datap, &umsgs[i].buf) ||
3518 - put_user(compat_ptr(datap), &tmsgs[i].buf))
3519 -+ if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) ||
3520 ++ if (get_user(datap, (compat_caddr_t __user *)&umsgs[i].buf) ||
3521 + put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
3522 return -EFAULT;
3523 }
3524 @@ -114399,10 +114403,10 @@ index 0000000..12b1e3b
3525 +exit 0
3526 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
3527 new file mode 100644
3528 -index 0000000..3e8148c
3529 +index 0000000..c43901f
3530 --- /dev/null
3531 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_asm.c
3532 -@@ -0,0 +1,790 @@
3533 +@@ -0,0 +1,748 @@
3534 +/*
3535 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3536 + * Licensed under the GPL v2, or (at your option) v3
3537 @@ -114882,45 +114886,6 @@ index 0000000..3e8148c
3538 + return true;
3539 +}
3540 +
3541 -+static bool is_from_cast(const_tree node)
3542 -+{
3543 -+ gimple def_stmt = get_def_stmt(node);
3544 -+
3545 -+ if (!def_stmt)
3546 -+ return false;
3547 -+
3548 -+ if (gimple_assign_cast_p(def_stmt))
3549 -+ return true;
3550 -+
3551 -+ return false;
3552 -+}
3553 -+
3554 -+// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
3555 -+static bool skip_ptr_minus(gimple stmt)
3556 -+{
3557 -+ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
3558 -+
3559 -+ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
3560 -+ return false;
3561 -+
3562 -+ rhs1 = gimple_assign_rhs1(stmt);
3563 -+ if (!is_from_cast(rhs1))
3564 -+ return false;
3565 -+
3566 -+ rhs2 = gimple_assign_rhs2(stmt);
3567 -+ if (!is_from_cast(rhs2))
3568 -+ return false;
3569 -+
3570 -+ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
3571 -+ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
3572 -+
3573 -+ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
3574 -+ return false;
3575 -+
3576 -+ create_mark_asm(stmt, MARK_YES);
3577 -+ return true;
3578 -+}
3579 -+
3580 +static void walk_use_def_ptr(struct pointer_set_t *visited, const_tree lhs)
3581 +{
3582 + gimple def_stmt;
3583 @@ -114954,9 +114919,6 @@ index 0000000..3e8148c
3584 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
3585 + return;
3586 + case 3:
3587 -+ if (skip_ptr_minus(def_stmt))
3588 -+ return;
3589 -+
3590 + walk_use_def_ptr(visited, gimple_assign_rhs1(def_stmt));
3591 + walk_use_def_ptr(visited, gimple_assign_rhs2(def_stmt));
3592 + return;
3593 @@ -115195,10 +115157,10 @@ index 0000000..3e8148c
3594 +}
3595 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
3596 new file mode 100644
3597 -index 0000000..88469e9
3598 +index 0000000..73f0a12
3599 --- /dev/null
3600 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_core.c
3601 -@@ -0,0 +1,902 @@
3602 +@@ -0,0 +1,943 @@
3603 +/*
3604 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3605 + * Licensed under the GPL v2, or (at your option) v3
3606 @@ -115922,6 +115884,44 @@ index 0000000..88469e9
3607 + inform(loc, "Integer size_overflow check applied here.");
3608 +}
3609 +
3610 ++static bool is_from_cast(const_tree node)
3611 ++{
3612 ++ gimple def_stmt = get_def_stmt(node);
3613 ++
3614 ++ if (!def_stmt)
3615 ++ return false;
3616 ++
3617 ++ if (gimple_assign_cast_p(def_stmt))
3618 ++ return true;
3619 ++
3620 ++ return false;
3621 ++}
3622 ++
3623 ++// Skip duplication when there is a minus expr and the type of rhs1 or rhs2 is a pointer_type.
3624 ++static bool is_a_ptr_minus(gimple stmt)
3625 ++{
3626 ++ const_tree rhs1, rhs2, ptr1_rhs, ptr2_rhs;
3627 ++
3628 ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR)
3629 ++ return false;
3630 ++
3631 ++ rhs1 = gimple_assign_rhs1(stmt);
3632 ++ if (!is_from_cast(rhs1))
3633 ++ return false;
3634 ++
3635 ++ rhs2 = gimple_assign_rhs2(stmt);
3636 ++ if (!is_from_cast(rhs2))
3637 ++ return false;
3638 ++
3639 ++ ptr1_rhs = gimple_assign_rhs1(get_def_stmt(rhs1));
3640 ++ ptr2_rhs = gimple_assign_rhs1(get_def_stmt(rhs2));
3641 ++
3642 ++ if (TREE_CODE(TREE_TYPE(ptr1_rhs)) != POINTER_TYPE && TREE_CODE(TREE_TYPE(ptr2_rhs)) != POINTER_TYPE)
3643 ++ return false;
3644 ++
3645 ++ return true;
3646 ++}
3647 ++
3648 +static tree handle_binary_ops(struct visited *visited, struct cgraph_node *caller_node, tree lhs)
3649 +{
3650 + enum intentional_overflow_type res;
3651 @@ -115930,6 +115930,9 @@ index 0000000..88469e9
3652 + tree new_rhs1 = NULL_TREE;
3653 + tree new_rhs2 = NULL_TREE;
3654 +
3655 ++ if (is_a_ptr_minus(def_stmt))
3656 ++ return create_assign(visited, def_stmt, lhs, AFTER_STMT);
3657 ++
3658 + rhs1 = gimple_assign_rhs1(def_stmt);
3659 + rhs2 = gimple_assign_rhs2(def_stmt);
3660 +
3661 @@ -116103,7 +116106,7 @@ index 0000000..88469e9
3662 +
3663 diff --git a/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
3664 new file mode 100644
3665 -index 0000000..715a590
3666 +index 0000000..df50164
3667 --- /dev/null
3668 +++ b/tools/gcc/size_overflow_plugin/insert_size_overflow_check_ipa.c
3669 @@ -0,0 +1,1141 @@
3670 @@ -116342,7 +116345,7 @@ index 0000000..715a590
3671 +
3672 + switch (gimple_code(def_stmt)) {
3673 + case GIMPLE_CALL:
3674 -+ if (lhs == gimple_return_retval(def_stmt))
3675 ++ if (lhs == gimple_call_lhs(def_stmt))
3676 + interesting_conditions[RET] = true;
3677 + return;
3678 + case GIMPLE_NOP:
3679 @@ -117250,10 +117253,10 @@ index 0000000..715a590
3680 +
3681 diff --git a/tools/gcc/size_overflow_plugin/intentional_overflow.c b/tools/gcc/size_overflow_plugin/intentional_overflow.c
3682 new file mode 100644
3683 -index 0000000..38904bc
3684 +index 0000000..d71d72a
3685 --- /dev/null
3686 +++ b/tools/gcc/size_overflow_plugin/intentional_overflow.c
3687 -@@ -0,0 +1,733 @@
3688 +@@ -0,0 +1,736 @@
3689 +/*
3690 + * Copyright 2011-2014 by Emese Revfy <re.emese@×××××.com>
3691 + * Licensed under the GPL v2, or (at your option) v3
3692 @@ -117858,6 +117861,9 @@ index 0000000..38904bc
3693 + } else
3694 + return false;
3695 +
3696 ++ if (!is_gimple_assign(def_stmt))
3697 ++ return false;
3698 ++
3699 + if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR && gimple_assign_rhs_code(def_stmt) != MINUS_EXPR)
3700 + return false;
3701 +
3702 @@ -123808,7 +123814,7 @@ index 0000000..4ad4525
3703 +zpios_read_64734 zpios_read 3 64734 NULL
3704 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
3705 new file mode 100644
3706 -index 0000000..a15328d
3707 +index 0000000..95f7abd
3708 --- /dev/null
3709 +++ b/tools/gcc/size_overflow_plugin/size_overflow_plugin.c
3710 @@ -0,0 +1,259 @@
3711 @@ -123844,7 +123850,7 @@ index 0000000..a15328d
3712 +tree size_overflow_type_TI;
3713 +
3714 +static struct plugin_info size_overflow_plugin_info = {
3715 -+ .version = "20140713",
3716 ++ .version = "20140725",
3717 + .help = "no-size-overflow\tturn off size overflow checking\n",
3718 +};
3719 +
Report Message
Find on MARC Find on Google Groups