Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.1.3/
Date: Wed, 29 Jul 2015 13:20:36
Message-Id: 1438176152.d8f474ed8b41ce8c105ac603af9afbba9f60181d.blueness@gentoo
1 commit: d8f474ed8b41ce8c105ac603af9afbba9f60181d
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jul 29 13:22:32 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Jul 29 13:22:32 2015 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=d8f474ed
7
8 grsecurity-3.1-4.1.3-201507281943
9
10 4.1.3/0000_README | 2 +-
11 ...> 4420_grsecurity-3.1-4.1.3-201507281943.patch} | 770 ++++++++++++++++++---
12 2 files changed, 686 insertions(+), 86 deletions(-)
13
14 diff --git a/4.1.3/0000_README b/4.1.3/0000_README
15 index cbe10c3..68a3992 100644
16 --- a/4.1.3/0000_README
17 +++ b/4.1.3/0000_README
18 @@ -2,7 +2,7 @@ README
19 -----------------------------------------------------------------------------
20 Individual Patch Descriptions:
21 -----------------------------------------------------------------------------
22 -Patch: 4420_grsecurity-3.1-4.1.3-201507261932.patch
23 +Patch: 4420_grsecurity-3.1-4.1.3-201507281943.patch
24 From: http://www.grsecurity.net
25 Desc: hardened-sources base patch from upstream grsecurity
26
27
28 diff --git a/4.1.3/4420_grsecurity-3.1-4.1.3-201507261932.patch b/4.1.3/4420_grsecurity-3.1-4.1.3-201507281943.patch
29 similarity index 99%
30 rename from 4.1.3/4420_grsecurity-3.1-4.1.3-201507261932.patch
31 rename to 4.1.3/4420_grsecurity-3.1-4.1.3-201507281943.patch
32 index c2c4ded..fc096b0 100644
33 --- a/4.1.3/4420_grsecurity-3.1-4.1.3-201507261932.patch
34 +++ b/4.1.3/4420_grsecurity-3.1-4.1.3-201507281943.patch
35 @@ -16525,20 +16525,19 @@ index acdee09..a553db3 100644
36 struct compat_timespec {
37 compat_time_t tv_sec;
38 diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
39 -index 3d6606f..5e22255 100644
40 +index 3d6606f..91703f1 100644
41 --- a/arch/x86/include/asm/cpufeature.h
42 +++ b/arch/x86/include/asm/cpufeature.h
43 -@@ -214,7 +214,8 @@
44 +@@ -214,7 +214,7 @@
45 #define X86_FEATURE_PAUSEFILTER ( 8*32+13) /* AMD filtered pause intercept */
46 #define X86_FEATURE_PFTHRESHOLD ( 8*32+14) /* AMD pause filter threshold */
47 #define X86_FEATURE_VMMCALL ( 8*32+15) /* Prefer vmmcall to vmcall */
48 -
49 -+#define X86_FEATURE_PCIDUDEREF ( 8*32+30) /* PaX PCID based UDEREF */
50 +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */
51
52 /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
53 #define X86_FEATURE_FSGSBASE ( 9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
54 -@@ -222,7 +223,7 @@
55 +@@ -222,7 +222,7 @@
56 #define X86_FEATURE_BMI1 ( 9*32+ 3) /* 1st group bit manipulation extensions */
57 #define X86_FEATURE_HLE ( 9*32+ 4) /* Hardware Lock Elision */
58 #define X86_FEATURE_AVX2 ( 9*32+ 5) /* AVX2 instructions */
59 @@ -16547,7 +16546,7 @@ index 3d6606f..5e22255 100644
60 #define X86_FEATURE_BMI2 ( 9*32+ 8) /* 2nd group bit manipulation extensions */
61 #define X86_FEATURE_ERMS ( 9*32+ 9) /* Enhanced REP MOVSB/STOSB */
62 #define X86_FEATURE_INVPCID ( 9*32+10) /* Invalidate Processor Context ID */
63 -@@ -401,6 +402,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
64 +@@ -401,6 +401,7 @@ extern const char * const x86_bug_flags[NBUGINTS*32];
65 #define cpu_has_eager_fpu boot_cpu_has(X86_FEATURE_EAGER_FPU)
66 #define cpu_has_topoext boot_cpu_has(X86_FEATURE_TOPOEXT)
67 #define cpu_has_bpext boot_cpu_has(X86_FEATURE_BPEXT)
68 @@ -16555,7 +16554,7 @@ index 3d6606f..5e22255 100644
69
70 #if __GNUC__ >= 4
71 extern void warn_pre_alternatives(void);
72 -@@ -454,7 +456,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
73 +@@ -454,7 +455,8 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
74
75 #ifdef CONFIG_X86_DEBUG_STATIC_CPU_HAS
76 t_warn:
77 @@ -16565,7 +16564,7 @@ index 3d6606f..5e22255 100644
78 return false;
79 #endif
80
81 -@@ -475,7 +478,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
82 +@@ -475,7 +477,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
83 ".section .discard,\"aw\",@progbits\n"
84 " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
85 ".previous\n"
86 @@ -16574,7 +16573,7 @@ index 3d6606f..5e22255 100644
87 "3: movb $1,%0\n"
88 "4:\n"
89 ".previous\n"
90 -@@ -510,7 +513,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
91 +@@ -510,7 +512,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
92 " .byte 5f - 4f\n" /* repl len */
93 " .byte 3b - 2b\n" /* pad len */
94 ".previous\n"
95 @@ -16583,7 +16582,7 @@ index 3d6606f..5e22255 100644
96 "4: jmp %l[t_no]\n"
97 "5:\n"
98 ".previous\n"
99 -@@ -545,7 +548,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
100 +@@ -545,7 +547,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
101 ".section .discard,\"aw\",@progbits\n"
102 " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
103 ".previous\n"
104 @@ -16592,7 +16591,7 @@ index 3d6606f..5e22255 100644
105 "3: movb $0,%0\n"
106 "4:\n"
107 ".previous\n"
108 -@@ -560,7 +563,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
109 +@@ -560,7 +562,7 @@ static __always_inline __pure bool _static_cpu_has_safe(u16 bit)
110 ".section .discard,\"aw\",@progbits\n"
111 " .byte 0xff + (6f-5f) - (4b-3b)\n" /* size check */
112 ".previous\n"
113 @@ -17439,7 +17438,7 @@ index 09b9620..923aecd 100644
114 atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */
115 } mm_context_t;
116 diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
117 -index 883f6b93..5184058 100644
118 +index 883f6b93..bb405b5 100644
119 --- a/arch/x86/include/asm/mmu_context.h
120 +++ b/arch/x86/include/asm/mmu_context.h
121 @@ -42,6 +42,20 @@ void destroy_context(struct mm_struct *mm);
122 @@ -17448,7 +17447,7 @@ index 883f6b93..5184058 100644
123 {
124 +
125 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
126 -+ if (!(static_cpu_has(X86_FEATURE_PCIDUDEREF))) {
127 ++ if (!(static_cpu_has(X86_FEATURE_PCID))) {
128 + unsigned int i;
129 + pgd_t *pgd;
130 +
131 @@ -17486,7 +17485,7 @@ index 883f6b93..5184058 100644
132 + pax_open_kernel();
133 +
134 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
135 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF))
136 ++ if (static_cpu_has(X86_FEATURE_PCID))
137 + __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
138 + else
139 +#endif
140 @@ -17497,7 +17496,7 @@ index 883f6b93..5184058 100644
141 + BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
142 +
143 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
144 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
145 ++ if (static_cpu_has(X86_FEATURE_PCID)) {
146 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
147 + u64 descriptor[2];
148 + descriptor[0] = PCID_USER;
149 @@ -17554,7 +17553,7 @@ index 883f6b93..5184058 100644
150 + pax_open_kernel();
151 +
152 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
153 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF))
154 ++ if (static_cpu_has(X86_FEATURE_PCID))
155 + __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
156 + else
157 +#endif
158 @@ -17565,7 +17564,7 @@ index 883f6b93..5184058 100644
159 + BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
160 +
161 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
162 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
163 ++ if (static_cpu_has(X86_FEATURE_PCID)) {
164 + if (static_cpu_has(X86_FEATURE_INVPCID)) {
165 + u64 descriptor[2];
166 + descriptor[0] = PCID_USER;
167 @@ -19402,7 +19401,7 @@ index b4bdec3..e8af9bc 100644
168 #endif
169 #endif /* _ASM_X86_THREAD_INFO_H */
170 diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
171 -index cd79194..6a9956f 100644
172 +index cd79194..e7a9491 100644
173 --- a/arch/x86/include/asm/tlbflush.h
174 +++ b/arch/x86/include/asm/tlbflush.h
175 @@ -86,18 +86,44 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask)
176 @@ -19418,7 +19417,7 @@ index cd79194..6a9956f 100644
177 + }
178 +
179 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
180 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
181 ++ if (static_cpu_has(X86_FEATURE_PCID)) {
182 + unsigned int cpu = raw_get_cpu();
183 +
184 + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
185 @@ -19456,7 +19455,7 @@ index cd79194..6a9956f 100644
186 }
187
188 static inline void __native_flush_tlb_global(void)
189 -@@ -118,6 +144,43 @@ static inline void __native_flush_tlb_global(void)
190 +@@ -118,6 +144,41 @@ static inline void __native_flush_tlb_global(void)
191
192 static inline void __native_flush_tlb_single(unsigned long addr)
193 {
194 @@ -19467,16 +19466,14 @@ index cd79194..6a9956f 100644
195 + descriptor[1] = addr;
196 +
197 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
198 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
199 -+ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
200 -+ if (addr < TASK_SIZE_MAX)
201 -+ descriptor[1] += pax_user_shadow_base;
202 -+ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
203 -+ }
204 -+
205 -+ descriptor[0] = PCID_USER;
206 -+ descriptor[1] = addr;
207 ++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) {
208 ++ if (addr < TASK_SIZE_MAX)
209 ++ descriptor[1] += pax_user_shadow_base;
210 ++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
211 + }
212 ++
213 ++ descriptor[0] = PCID_USER;
214 ++ descriptor[1] = addr;
215 +#endif
216 +
217 + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
218 @@ -19484,7 +19481,7 @@ index cd79194..6a9956f 100644
219 + }
220 +
221 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
222 -+ if (static_cpu_has(X86_FEATURE_PCIDUDEREF)) {
223 ++ if (static_cpu_has(X86_FEATURE_PCID)) {
224 + unsigned int cpu = raw_get_cpu();
225 +
226 + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
227 @@ -21131,7 +21128,7 @@ index e4cf633..941f450 100644
228 if (c->x86_model == 3 && c->x86_mask == 0)
229 size = 64;
230 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
231 -index a62cf04..56afd65 100644
232 +index a62cf04..041e39c 100644
233 --- a/arch/x86/kernel/cpu/common.c
234 +++ b/arch/x86/kernel/cpu/common.c
235 @@ -91,60 +91,6 @@ static const struct cpu_dev default_cpu = {
236 @@ -21195,7 +21192,7 @@ index a62cf04..56afd65 100644
237 static int __init x86_xsave_setup(char *s)
238 {
239 if (strlen(s))
240 -@@ -306,6 +252,62 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
241 +@@ -306,6 +252,59 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
242 }
243 }
244
245 @@ -21216,31 +21213,26 @@ index a62cf04..56afd65 100644
246 +
247 +static void setup_pcid(struct cpuinfo_x86 *c)
248 +{
249 -+ if (cpu_has(c, X86_FEATURE_PCID)) {
250 -+ printk("PAX: PCID detected\n");
251 -+ cr4_set_bits(X86_CR4_PCIDE);
252 -+ } else
253 ++ if (!cpu_has(c, X86_FEATURE_PCID)) {
254 + clear_cpu_cap(c, X86_FEATURE_INVPCID);
255 +
256 -+ if (cpu_has(c, X86_FEATURE_INVPCID))
257 -+ printk("PAX: INVPCID detected\n");
258 -+
259 +#ifdef CONFIG_PAX_MEMORY_UDEREF
260 -+ if (clone_pgd_mask == ~(pgdval_t)0UL) {
261 -+ printk("PAX: UDEREF disabled\n");
262 -+ return;
263 -+ }
264 ++ if (clone_pgd_mask != ~(pgdval_t)0UL) {
265 ++ pax_open_kernel();
266 ++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
267 ++ pax_close_kernel();
268 ++ printk("PAX: slow and weak UDEREF enabled\n");
269 ++ } else
270 ++ printk("PAX: UDEREF disabled\n");
271 ++#endif
272 +
273 -+ if (!cpu_has(c, X86_FEATURE_PCID)) {
274 -+ pax_open_kernel();
275 -+ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
276 -+ pax_close_kernel();
277 -+ printk("PAX: slow and weak UDEREF enabled\n");
278 + return;
279 + }
280 +
281 -+ set_cpu_cap(c, X86_FEATURE_PCIDUDEREF);
282 ++ printk("PAX: PCID detected\n");
283 ++ cr4_set_bits(X86_CR4_PCIDE);
284 +
285 ++#ifdef CONFIG_PAX_MEMORY_UDEREF
286 + pax_open_kernel();
287 + clone_pgd_mask = ~(pgdval_t)0UL;
288 + pax_close_kernel();
289 @@ -21252,13 +21244,15 @@ index a62cf04..56afd65 100644
290 + }
291 +#endif
292 +
293 ++ if (cpu_has(c, X86_FEATURE_INVPCID))
294 ++ printk("PAX: INVPCID detected\n");
295 +}
296 +#endif
297 +
298 /*
299 * Some CPU features depend on higher CPUID levels, which may not always
300 * be available due to CPUID level capping or broken virtualization
301 -@@ -406,7 +408,7 @@ void switch_to_new_gdt(int cpu)
302 +@@ -406,7 +405,7 @@ void switch_to_new_gdt(int cpu)
303 {
304 struct desc_ptr gdt_descr;
305
306 @@ -21267,7 +21261,7 @@ index a62cf04..56afd65 100644
307 gdt_descr.size = GDT_SIZE - 1;
308 load_gdt(&gdt_descr);
309 /* Reload the per-cpu base */
310 -@@ -935,6 +937,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
311 +@@ -935,6 +934,20 @@ static void identify_cpu(struct cpuinfo_x86 *c)
312 setup_smep(c);
313 setup_smap(c);
314
315 @@ -21288,7 +21282,7 @@ index a62cf04..56afd65 100644
316 /*
317 * The vendor-specific functions might have changed features.
318 * Now we do "generic changes."
319 -@@ -1009,7 +1025,7 @@ void enable_sep_cpu(void)
320 +@@ -1009,7 +1022,7 @@ void enable_sep_cpu(void)
321 int cpu;
322
323 cpu = get_cpu();
324 @@ -21297,7 +21291,7 @@ index a62cf04..56afd65 100644
325
326 if (!boot_cpu_has(X86_FEATURE_SEP))
327 goto out;
328 -@@ -1155,14 +1171,16 @@ static __init int setup_disablecpuid(char *arg)
329 +@@ -1155,14 +1168,16 @@ static __init int setup_disablecpuid(char *arg)
330 }
331 __setup("clearcpuid=", setup_disablecpuid);
332
333 @@ -21318,7 +21312,7 @@ index a62cf04..56afd65 100644
334
335 DEFINE_PER_CPU_FIRST(union irq_stack_union,
336 irq_stack_union) __aligned(PAGE_SIZE) __visible;
337 -@@ -1367,7 +1385,7 @@ void cpu_init(void)
338 +@@ -1367,7 +1382,7 @@ void cpu_init(void)
339 */
340 load_ucode_ap();
341
342 @@ -21327,7 +21321,7 @@ index a62cf04..56afd65 100644
343 oist = &per_cpu(orig_ist, cpu);
344
345 #ifdef CONFIG_NUMA
346 -@@ -1399,7 +1417,6 @@ void cpu_init(void)
347 +@@ -1399,7 +1414,6 @@ void cpu_init(void)
348 wrmsrl(MSR_KERNEL_GS_BASE, 0);
349 barrier();
350
351 @@ -21335,7 +21329,7 @@ index a62cf04..56afd65 100644
352 x2apic_setup();
353
354 /*
355 -@@ -1451,7 +1468,7 @@ void cpu_init(void)
356 +@@ -1451,7 +1465,7 @@ void cpu_init(void)
357 {
358 int cpu = smp_processor_id();
359 struct task_struct *curr = current;
360 @@ -21745,10 +21739,25 @@ index 7795f3f..3535b76 100644
361 __bts_event_stop(event);
362
363 diff --git a/arch/x86/kernel/cpu/perf_event_intel_cqm.c b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
364 -index e4d1b8b..2c6ffa0 100644
365 +index e4d1b8b..8867302 100644
366 --- a/arch/x86/kernel/cpu/perf_event_intel_cqm.c
367 +++ b/arch/x86/kernel/cpu/perf_event_intel_cqm.c
368 -@@ -1352,7 +1352,9 @@ static int __init intel_cqm_init(void)
369 +@@ -934,6 +934,14 @@ static u64 intel_cqm_event_count(struct perf_event *event)
370 + return 0;
371 +
372 + /*
373 ++ * Getting up-to-date values requires an SMP IPI which is not
374 ++ * possible if we're being called in interrupt context. Return
375 ++ * the cached values instead.
376 ++ */
377 ++ if (unlikely(in_interrupt()))
378 ++ goto out;
379 ++
380 ++ /*
381 + * Notice that we don't perform the reading of an RMID
382 + * atomically, because we can't hold a spin lock across the
383 + * IPIs.
384 +@@ -1352,7 +1360,9 @@ static int __init intel_cqm_init(void)
385 goto out;
386 }
387
388 @@ -33559,10 +33568,10 @@ index 9ca35fc..4b2b7b7 100644
389
390 return (void *)vaddr;
391 diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
392 -index 70e7444..75b9a13 100644
393 +index 70e7444..e9904fd 100644
394 --- a/arch/x86/mm/ioremap.c
395 +++ b/arch/x86/mm/ioremap.c
396 -@@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
397 +@@ -56,12 +56,10 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages,
398 unsigned long i;
399
400 for (i = 0; i < nr_pages; ++i)
401 @@ -33572,8 +33581,50 @@ index 70e7444..75b9a13 100644
402 + !PageReserved(pfn_to_page(start_pfn + i))))
403 return 1;
404
405 - WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
406 -@@ -288,7 +288,7 @@ EXPORT_SYMBOL(ioremap_prot);
407 +- WARN_ONCE(1, "ioremap on RAM pfn 0x%lx\n", start_pfn);
408 +-
409 + return 0;
410 + }
411 +
412 +@@ -91,7 +89,6 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
413 + pgprot_t prot;
414 + int retval;
415 + void __iomem *ret_addr;
416 +- int ram_region;
417 +
418 + /* Don't allow wraparound or zero size */
419 + last_addr = phys_addr + size - 1;
420 +@@ -114,23 +111,15 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
421 + /*
422 + * Don't allow anybody to remap normal RAM that we're using..
423 + */
424 +- /* First check if whole region can be identified as RAM or not */
425 +- ram_region = region_is_ram(phys_addr, size);
426 +- if (ram_region > 0) {
427 +- WARN_ONCE(1, "ioremap on RAM at 0x%lx - 0x%lx\n",
428 +- (unsigned long int)phys_addr,
429 +- (unsigned long int)last_addr);
430 ++ pfn = phys_addr >> PAGE_SHIFT;
431 ++ last_pfn = last_addr >> PAGE_SHIFT;
432 ++ if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL,
433 ++ __ioremap_check_ram) == 1) {
434 ++ WARN_ONCE(1, "ioremap on RAM at 0x%llx - 0x%llx\n",
435 ++ phys_addr, last_addr);
436 + return NULL;
437 + }
438 +
439 +- /* If could not be identified(-1), check page by page */
440 +- if (ram_region < 0) {
441 +- pfn = phys_addr >> PAGE_SHIFT;
442 +- last_pfn = last_addr >> PAGE_SHIFT;
443 +- if (walk_system_ram_range(pfn, last_pfn - pfn + 1, NULL,
444 +- __ioremap_check_ram) == 1)
445 +- return NULL;
446 +- }
447 + /*
448 + * Mappings have to be page-aligned
449 + */
450 +@@ -288,7 +277,7 @@ EXPORT_SYMBOL(ioremap_prot);
451 *
452 * Caller must ensure there is only one unmapping for the same pointer.
453 */
454 @@ -33582,7 +33633,7 @@ index 70e7444..75b9a13 100644
455 {
456 struct vm_struct *p, *o;
457
458 -@@ -351,32 +351,36 @@ int arch_ioremap_pmd_supported(void)
459 +@@ -351,32 +340,36 @@ int arch_ioremap_pmd_supported(void)
460 */
461 void *xlate_dev_mem_ptr(phys_addr_t phys)
462 {
463 @@ -33635,7 +33686,7 @@ index 70e7444..75b9a13 100644
464
465 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
466 {
467 -@@ -412,8 +416,7 @@ void __init early_ioremap_init(void)
468 +@@ -412,8 +405,7 @@ void __init early_ioremap_init(void)
469 early_ioremap_setup();
470
471 pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
472 @@ -34407,7 +34458,7 @@ index 90555bf..f5f1828 100644
473 }
474
475 diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
476 -index 3250f23..7a97ba2 100644
477 +index 3250f23..4197ac2 100644
478 --- a/arch/x86/mm/tlb.c
479 +++ b/arch/x86/mm/tlb.c
480 @@ -45,7 +45,11 @@ void leave_mm(int cpu)
481 @@ -34422,6 +34473,15 @@ index 3250f23..7a97ba2 100644
482 /*
483 * This gets called in the idle path where RCU
484 * functions differently. Tracing normally
485 +@@ -117,7 +121,7 @@ static void flush_tlb_func(void *info)
486 + } else {
487 + unsigned long addr;
488 + unsigned long nr_pages =
489 +- f->flush_end - f->flush_start / PAGE_SIZE;
490 ++ (f->flush_end - f->flush_start) / PAGE_SIZE;
491 + addr = f->flush_start;
492 + while (addr < f->flush_end) {
493 + __flush_tlb_single(addr);
494 diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c
495 new file mode 100644
496 index 0000000..3fda3f3
497 @@ -47683,6 +47743,19 @@ index c439c82..1f20f57 100644
498 union axis_conversion ac; /* hw -> logical axis */
499 int mapped_btns[3];
500
501 +diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
502 +index 3e29681..e40bcd03 100644
503 +--- a/drivers/misc/mei/main.c
504 ++++ b/drivers/misc/mei/main.c
505 +@@ -685,7 +685,7 @@ int mei_register(struct mei_device *dev, struct device *parent)
506 + /* Fill in the data structures */
507 + devno = MKDEV(MAJOR(mei_devt), dev->minor);
508 + cdev_init(&dev->cdev, &mei_fops);
509 +- dev->cdev.owner = mei_fops.owner;
510 ++ dev->cdev.owner = parent->driver->owner;
511 +
512 + /* Add the device */
513 + ret = cdev_add(&dev->cdev, devno, 1);
514 diff --git a/drivers/misc/sgi-gru/gruhandles.c b/drivers/misc/sgi-gru/gruhandles.c
515 index 2f30bad..c4c13d0 100644
516 --- a/drivers/misc/sgi-gru/gruhandles.c
517 @@ -96084,6 +96157,34 @@ index 7ee1774..72505b8 100644
518 }
519
520 /*
521 +diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h
522 +index 1da6029..6cd8c0e 100644
523 +--- a/include/linux/ftrace.h
524 ++++ b/include/linux/ftrace.h
525 +@@ -116,6 +116,7 @@ ftrace_func_t ftrace_ops_get_func(struct ftrace_ops *ops);
526 + * SAVE_REGS. If another ops with this flag set is already registered
527 + * for any of the functions that this ops will be registered for, then
528 + * this ops will fail to register or set_filter_ip.
529 ++ * PID - Is affected by set_ftrace_pid (allows filtering on those pids)
530 + */
531 + enum {
532 + FTRACE_OPS_FL_ENABLED = 1 << 0,
533 +@@ -132,6 +133,7 @@ enum {
534 + FTRACE_OPS_FL_MODIFYING = 1 << 11,
535 + FTRACE_OPS_FL_ALLOC_TRAMP = 1 << 12,
536 + FTRACE_OPS_FL_IPMODIFY = 1 << 13,
537 ++ FTRACE_OPS_FL_PID = 1 << 14,
538 + };
539 +
540 + #ifdef CONFIG_DYNAMIC_FTRACE
541 +@@ -159,6 +161,7 @@ struct ftrace_ops {
542 + struct ftrace_ops *next;
543 + unsigned long flags;
544 + void *private;
545 ++ ftrace_func_t saved_func;
546 + int __percpu *disabled;
547 + #ifdef CONFIG_DYNAMIC_FTRACE
548 + int nr_trampolines;
549 diff --git a/include/linux/genhd.h b/include/linux/genhd.h
550 index ec274e0..e678159 100644
551 --- a/include/linux/genhd.h
552 @@ -101287,6 +101388,71 @@ index 0320bbb..938789c 100644
553
554 /** inet_connection_sock - INET connection oriented sock
555 *
556 +diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
557 +index 8d17655..2f3246d 100644
558 +--- a/include/net/inet_frag.h
559 ++++ b/include/net/inet_frag.h
560 +@@ -21,13 +21,11 @@ struct netns_frags {
561 + * @INET_FRAG_FIRST_IN: first fragment has arrived
562 + * @INET_FRAG_LAST_IN: final fragment has arrived
563 + * @INET_FRAG_COMPLETE: frag queue has been processed and is due for destruction
564 +- * @INET_FRAG_EVICTED: frag queue is being evicted
565 + */
566 + enum {
567 + INET_FRAG_FIRST_IN = BIT(0),
568 + INET_FRAG_LAST_IN = BIT(1),
569 + INET_FRAG_COMPLETE = BIT(2),
570 +- INET_FRAG_EVICTED = BIT(3)
571 + };
572 +
573 + /**
574 +@@ -45,6 +43,7 @@ enum {
575 + * @flags: fragment queue flags
576 + * @max_size: (ipv4 only) maximum received fragment size with IP_DF set
577 + * @net: namespace that this frag belongs to
578 ++ * @list_evictor: list of queues to forcefully evict (e.g. due to low memory)
579 + */
580 + struct inet_frag_queue {
581 + spinlock_t lock;
582 +@@ -59,6 +58,7 @@ struct inet_frag_queue {
583 + __u8 flags;
584 + u16 max_size;
585 + struct netns_frags *net;
586 ++ struct hlist_node list_evictor;
587 + };
588 +
589 + #define INETFRAGS_HASHSZ 1024
590 +@@ -125,6 +125,11 @@ static inline void inet_frag_put(struct inet_frag_queue *q, struct inet_frags *f
591 + inet_frag_destroy(q, f);
592 + }
593 +
594 ++static inline bool inet_frag_evicting(struct inet_frag_queue *q)
595 ++{
596 ++ return !hlist_unhashed(&q->list_evictor);
597 ++}
598 ++
599 + /* Memory Tracking Functions. */
600 +
601 + /* The default percpu_counter batch size is not big enough to scale to
602 +@@ -139,14 +144,14 @@ static inline int frag_mem_limit(struct netns_frags *nf)
603 + return percpu_counter_read(&nf->mem);
604 + }
605 +
606 +-static inline void sub_frag_mem_limit(struct inet_frag_queue *q, int i)
607 ++static inline void sub_frag_mem_limit(struct netns_frags *nf, int i)
608 + {
609 +- __percpu_counter_add(&q->net->mem, -i, frag_percpu_counter_batch);
610 ++ __percpu_counter_add(&nf->mem, -i, frag_percpu_counter_batch);
611 + }
612 +
613 +-static inline void add_frag_mem_limit(struct inet_frag_queue *q, int i)
614 ++static inline void add_frag_mem_limit(struct netns_frags *nf, int i)
615 + {
616 +- __percpu_counter_add(&q->net->mem, i, frag_percpu_counter_batch);
617 ++ __percpu_counter_add(&nf->mem, i, frag_percpu_counter_batch);
618 + }
619 +
620 + static inline void init_frag_mem_limit(struct netns_frags *nf)
621 diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
622 index d5332dd..10a5c3c 100644
623 --- a/include/net/inetpeer.h
624 @@ -102761,7 +102927,7 @@ index ad1bd77..dca2c1b 100644
625 next_state = Reset;
626 return 0;
627 diff --git a/init/main.c b/init/main.c
628 -index 2a89545..eb9203f 100644
629 +index 2a89545..449eca2 100644
630 --- a/init/main.c
631 +++ b/init/main.c
632 @@ -97,6 +97,8 @@ extern void radix_tree_init(void);
633 @@ -102773,7 +102939,7 @@ index 2a89545..eb9203f 100644
634 /*
635 * Debug helper: via this flag we know that we are in 'early bootup code'
636 * where only the boot processor is running with IRQ disabled. This means
637 -@@ -158,6 +160,84 @@ static int __init set_reset_devices(char *str)
638 +@@ -158,6 +160,85 @@ static int __init set_reset_devices(char *str)
639
640 __setup("reset_devices", set_reset_devices);
641
642 @@ -102826,7 +102992,8 @@ index 2a89545..eb9203f 100644
643 + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
644 + clone_pgd_mask = ~(pgdval_t)0UL;
645 + pax_user_shadow_base = 0UL;
646 -+ setup_clear_cpu_cap(X86_FEATURE_PCIDUDEREF);
647 ++ setup_clear_cpu_cap(X86_FEATURE_PCID);
648 ++ setup_clear_cpu_cap(X86_FEATURE_INVPCID);
649 +#endif
650 +
651 + return 0;
652 @@ -102858,7 +103025,7 @@ index 2a89545..eb9203f 100644
653 static const char *argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
654 const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
655 static const char *panic_later, *panic_param;
656 -@@ -726,7 +806,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn)
657 +@@ -726,7 +807,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn)
658 struct blacklist_entry *entry;
659 char *fn_name;
660
661 @@ -102867,7 +103034,7 @@ index 2a89545..eb9203f 100644
662 if (!fn_name)
663 return false;
664
665 -@@ -778,7 +858,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
666 +@@ -778,7 +859,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
667 {
668 int count = preempt_count();
669 int ret;
670 @@ -102876,7 +103043,7 @@ index 2a89545..eb9203f 100644
671
672 if (initcall_blacklisted(fn))
673 return -EPERM;
674 -@@ -788,18 +868,17 @@ int __init_or_module do_one_initcall(initcall_t fn)
675 +@@ -788,18 +869,17 @@ int __init_or_module do_one_initcall(initcall_t fn)
676 else
677 ret = fn();
678
679 @@ -102899,7 +103066,7 @@ index 2a89545..eb9203f 100644
680 return ret;
681 }
682
683 -@@ -905,8 +984,8 @@ static int run_init_process(const char *init_filename)
684 +@@ -905,8 +985,8 @@ static int run_init_process(const char *init_filename)
685 {
686 argv_init[0] = init_filename;
687 return do_execve(getname_kernel(init_filename),
688 @@ -102910,7 +103077,7 @@ index 2a89545..eb9203f 100644
689 }
690
691 static int try_to_run_init_process(const char *init_filename)
692 -@@ -923,6 +1002,10 @@ static int try_to_run_init_process(const char *init_filename)
693 +@@ -923,6 +1003,10 @@ static int try_to_run_init_process(const char *init_filename)
694 return ret;
695 }
696
697 @@ -102921,7 +103088,7 @@ index 2a89545..eb9203f 100644
698 static noinline void __init kernel_init_freeable(void);
699
700 static int __ref kernel_init(void *unused)
701 -@@ -947,6 +1030,11 @@ static int __ref kernel_init(void *unused)
702 +@@ -947,6 +1031,11 @@ static int __ref kernel_init(void *unused)
703 ramdisk_execute_command, ret);
704 }
705
706 @@ -102933,7 +103100,7 @@ index 2a89545..eb9203f 100644
707 /*
708 * We try each of these until one succeeds.
709 *
710 -@@ -1002,7 +1090,7 @@ static noinline void __init kernel_init_freeable(void)
711 +@@ -1002,7 +1091,7 @@ static noinline void __init kernel_init_freeable(void)
712 do_basic_setup();
713
714 /* Open the /dev/console on the rootfs, this should never fail */
715 @@ -102942,7 +103109,7 @@ index 2a89545..eb9203f 100644
716 pr_err("Warning: unable to open an initial console.\n");
717
718 (void) sys_dup(0);
719 -@@ -1015,11 +1103,13 @@ static noinline void __init kernel_init_freeable(void)
720 +@@ -1015,11 +1104,13 @@ static noinline void __init kernel_init_freeable(void)
721 if (!ramdisk_execute_command)
722 ramdisk_execute_command = "/init";
723
724 @@ -107685,7 +107852,7 @@ index 1f13335..77ebb7f 100644
725 }
726
727 diff --git a/kernel/resource.c b/kernel/resource.c
728 -index 90552aa..8c02098 100644
729 +index 90552aa..ad13346 100644
730 --- a/kernel/resource.c
731 +++ b/kernel/resource.c
732 @@ -162,8 +162,18 @@ static const struct file_operations proc_iomem_operations = {
733 @@ -107707,6 +107874,31 @@ index 90552aa..8c02098 100644
734 return 0;
735 }
736 __initcall(ioresources_init);
737 +@@ -504,13 +514,13 @@ int region_is_ram(resource_size_t start, unsigned long size)
738 + {
739 + struct resource *p;
740 + resource_size_t end = start + size - 1;
741 +- int flags = IORESOURCE_MEM | IORESOURCE_BUSY;
742 ++ unsigned long flags = IORESOURCE_MEM | IORESOURCE_BUSY;
743 + const char *name = "System RAM";
744 + int ret = -1;
745 +
746 + read_lock(&resource_lock);
747 + for (p = iomem_resource.child; p ; p = p->sibling) {
748 +- if (end < p->start)
749 ++ if (p->end < start)
750 + continue;
751 +
752 + if (p->start <= start && end <= p->end) {
753 +@@ -521,7 +531,7 @@ int region_is_ram(resource_size_t start, unsigned long size)
754 + ret = 1;
755 + break;
756 + }
757 +- if (p->end < start)
758 ++ if (end < p->start)
759 + break; /* not found */
760 + }
761 + read_unlock(&resource_lock);
762 diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c
763 index eae160d..c9aa22e 100644
764 --- a/kernel/sched/auto_group.c
765 @@ -109195,10 +109387,108 @@ index 483cecf..ac46091 100644
766
767 ret = -EIO;
768 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
769 -index 02bece4..f9b05af 100644
770 +index 02bece4..43adc29 100644
771 --- a/kernel/trace/ftrace.c
772 +++ b/kernel/trace/ftrace.c
773 -@@ -2395,12 +2395,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
774 +@@ -98,6 +98,13 @@ struct ftrace_pid {
775 + struct pid *pid;
776 + };
777 +
778 ++static bool ftrace_pids_enabled(void)
779 ++{
780 ++ return !list_empty(&ftrace_pids);
781 ++}
782 ++
783 ++static void ftrace_update_trampoline(struct ftrace_ops *ops);
784 ++
785 + /*
786 + * ftrace_disabled is set when an anomaly is discovered.
787 + * ftrace_disabled is much stronger than ftrace_enabled.
788 +@@ -109,7 +116,6 @@ static DEFINE_MUTEX(ftrace_lock);
789 + static struct ftrace_ops *ftrace_control_list __read_mostly = &ftrace_list_end;
790 + static struct ftrace_ops *ftrace_ops_list __read_mostly = &ftrace_list_end;
791 + ftrace_func_t ftrace_trace_function __read_mostly = ftrace_stub;
792 +-ftrace_func_t ftrace_pid_function __read_mostly = ftrace_stub;
793 + static struct ftrace_ops global_ops;
794 + static struct ftrace_ops control_ops;
795 +
796 +@@ -183,14 +189,7 @@ static void ftrace_pid_func(unsigned long ip, unsigned long parent_ip,
797 + if (!test_tsk_trace_trace(current))
798 + return;
799 +
800 +- ftrace_pid_function(ip, parent_ip, op, regs);
801 +-}
802 +-
803 +-static void set_ftrace_pid_function(ftrace_func_t func)
804 +-{
805 +- /* do not set ftrace_pid_function to itself! */
806 +- if (func != ftrace_pid_func)
807 +- ftrace_pid_function = func;
808 ++ op->saved_func(ip, parent_ip, op, regs);
809 + }
810 +
811 + /**
812 +@@ -202,7 +201,6 @@ static void set_ftrace_pid_function(ftrace_func_t func)
813 + void clear_ftrace_function(void)
814 + {
815 + ftrace_trace_function = ftrace_stub;
816 +- ftrace_pid_function = ftrace_stub;
817 + }
818 +
819 + static void control_ops_disable_all(struct ftrace_ops *ops)
820 +@@ -436,6 +434,12 @@ static int __register_ftrace_function(struct ftrace_ops *ops)
821 + } else
822 + add_ftrace_ops(&ftrace_ops_list, ops);
823 +
824 ++ /* Always save the function, and reset at unregistering */
825 ++ ops->saved_func = ops->func;
826 ++
827 ++ if (ops->flags & FTRACE_OPS_FL_PID && ftrace_pids_enabled())
828 ++ ops->func = ftrace_pid_func;
829 ++
830 + ftrace_update_trampoline(ops);
831 +
832 + if (ftrace_enabled)
833 +@@ -463,15 +467,28 @@ static int __unregister_ftrace_function(struct ftrace_ops *ops)
834 + if (ftrace_enabled)
835 + update_ftrace_function();
836 +
837 ++ ops->func = ops->saved_func;
838 ++
839 + return 0;
840 + }
841 +
842 + static void ftrace_update_pid_func(void)
843 + {
844 ++ bool enabled = ftrace_pids_enabled();
845 ++ struct ftrace_ops *op;
846 ++
847 + /* Only do something if we are tracing something */
848 + if (ftrace_trace_function == ftrace_stub)
849 + return;
850 +
851 ++ do_for_each_ftrace_op(op, ftrace_ops_list) {
852 ++ if (op->flags & FTRACE_OPS_FL_PID) {
853 ++ op->func = enabled ? ftrace_pid_func :
854 ++ op->saved_func;
855 ++ ftrace_update_trampoline(op);
856 ++ }
857 ++ } while_for_each_ftrace_op(op);
858 ++
859 + update_ftrace_function();
860 + }
861 +
862 +@@ -1133,7 +1150,8 @@ static struct ftrace_ops global_ops = {
863 + .local_hash.filter_hash = EMPTY_HASH,
864 + INIT_OPS_HASH(global_ops)
865 + .flags = FTRACE_OPS_FL_RECURSION_SAFE |
866 +- FTRACE_OPS_FL_INITIALIZED,
867 ++ FTRACE_OPS_FL_INITIALIZED |
868 ++ FTRACE_OPS_FL_PID,
869 + };
870 +
871 + /*
872 +@@ -2395,12 +2413,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
873 if (unlikely(ftrace_disabled))
874 return 0;
875
876 @@ -109218,7 +109508,7 @@ index 02bece4..f9b05af 100644
877 }
878
879 /*
880 -@@ -4789,8 +4794,10 @@ static int ftrace_process_locs(struct module *mod,
881 +@@ -4789,8 +4812,10 @@ static int ftrace_process_locs(struct module *mod,
882 if (!count)
883 return 0;
884
885 @@ -109229,7 +109519,47 @@ index 02bece4..f9b05af 100644
886
887 start_pg = ftrace_allocate_pages(count);
888 if (!start_pg)
889 -@@ -5659,7 +5666,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list)
890 +@@ -5023,7 +5048,9 @@ static void ftrace_update_trampoline(struct ftrace_ops *ops)
891 +
892 + static struct ftrace_ops global_ops = {
893 + .func = ftrace_stub,
894 +- .flags = FTRACE_OPS_FL_RECURSION_SAFE | FTRACE_OPS_FL_INITIALIZED,
895 ++ .flags = FTRACE_OPS_FL_RECURSION_SAFE |
896 ++ FTRACE_OPS_FL_INITIALIZED |
897 ++ FTRACE_OPS_FL_PID,
898 + };
899 +
900 + static int __init ftrace_nodyn_init(void)
901 +@@ -5080,11 +5107,6 @@ void ftrace_init_array_ops(struct trace_array *tr, ftrace_func_t func)
902 + if (WARN_ON(tr->ops->func != ftrace_stub))
903 + printk("ftrace ops had %pS for function\n",
904 + tr->ops->func);
905 +- /* Only the top level instance does pid tracing */
906 +- if (!list_empty(&ftrace_pids)) {
907 +- set_ftrace_pid_function(func);
908 +- func = ftrace_pid_func;
909 +- }
910 + }
911 + tr->ops->func = func;
912 + tr->ops->private = tr;
913 +@@ -5371,7 +5393,7 @@ static void *fpid_start(struct seq_file *m, loff_t *pos)
914 + {
915 + mutex_lock(&ftrace_lock);
916 +
917 +- if (list_empty(&ftrace_pids) && (!*pos))
918 ++ if (!ftrace_pids_enabled() && (!*pos))
919 + return (void *) 1;
920 +
921 + return seq_list_start(&ftrace_pids, *pos);
922 +@@ -5610,6 +5632,7 @@ static struct ftrace_ops graph_ops = {
923 + .func = ftrace_stub,
924 + .flags = FTRACE_OPS_FL_RECURSION_SAFE |
925 + FTRACE_OPS_FL_INITIALIZED |
926 ++ FTRACE_OPS_FL_PID |
927 + FTRACE_OPS_FL_STUB,
928 + #ifdef FTRACE_GRAPH_TRAMP_ADDR
929 + .trampoline = FTRACE_GRAPH_TRAMP_ADDR,
930 +@@ -5659,7 +5682,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list)
931
932 if (t->ret_stack == NULL) {
933 atomic_set(&t->tracing_graph_pause, 0);
934 @@ -109238,7 +109568,7 @@ index 02bece4..f9b05af 100644
935 t->curr_ret_stack = -1;
936 /* Make sure the tasks see the -1 first: */
937 smp_wmb();
938 -@@ -5882,7 +5889,7 @@ static void
939 +@@ -5882,7 +5905,7 @@ static void
940 graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack)
941 {
942 atomic_set(&t->tracing_graph_pause, 0);
943 @@ -116603,6 +116933,21 @@ index 8e385a0..a5bdd8e 100644
944
945 tty_port_close(&dev->port, tty, filp);
946 }
947 +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
948 +index 1ab3dc9..7b815bc 100644
949 +--- a/net/bluetooth/smp.c
950 ++++ b/net/bluetooth/smp.c
951 +@@ -2295,6 +2295,10 @@ int smp_conn_security(struct hci_conn *hcon, __u8 sec_level)
952 + return 1;
953 +
954 + chan = conn->smp;
955 ++ if (!chan) {
956 ++ BT_ERR("SMP security requested but not available");
957 ++ return 1;
958 ++ }
959 +
960 + if (!hci_dev_test_flag(hcon->hdev, HCI_LE_ENABLED))
961 + return 1;
962 diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c
963 index e29ad70b..cc00066 100644
964 --- a/net/bridge/br_mdb.c
965 @@ -117842,9 +118187,36 @@ index 0ae5822..3fe3627 100644
966 .priv_size = sizeof(struct lowpan_dev_info),
967 .setup = lowpan_setup,
968 diff --git a/net/ieee802154/6lowpan/reassembly.c b/net/ieee802154/6lowpan/reassembly.c
969 -index f46e4d1..30231f1 100644
970 +index f46e4d1..dcb7f86 100644
971 --- a/net/ieee802154/6lowpan/reassembly.c
972 +++ b/net/ieee802154/6lowpan/reassembly.c
973 +@@ -207,7 +207,7 @@ found:
974 + } else {
975 + fq->q.meat += skb->len;
976 + }
977 +- add_frag_mem_limit(&fq->q, skb->truesize);
978 ++ add_frag_mem_limit(fq->q.net, skb->truesize);
979 +
980 + if (fq->q.flags == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) &&
981 + fq->q.meat == fq->q.len) {
982 +@@ -287,7 +287,7 @@ static int lowpan_frag_reasm(struct lowpan_frag_queue *fq, struct sk_buff *prev,
983 + clone->data_len = clone->len;
984 + head->data_len -= clone->len;
985 + head->len -= clone->len;
986 +- add_frag_mem_limit(&fq->q, clone->truesize);
987 ++ add_frag_mem_limit(fq->q.net, clone->truesize);
988 + }
989 +
990 + WARN_ON(head == NULL);
991 +@@ -310,7 +310,7 @@ static int lowpan_frag_reasm(struct lowpan_frag_queue *fq, struct sk_buff *prev,
992 + }
993 + fp = next;
994 + }
995 +- sub_frag_mem_limit(&fq->q, sum_truesize);
996 ++ sub_frag_mem_limit(fq->q.net, sum_truesize);
997 +
998 + head->next = NULL;
999 + head->dev = dev;
1000 @@ -435,14 +435,13 @@ static struct ctl_table lowpan_frags_ctl_table[] = {
1001
1002 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
1003 @@ -118030,6 +118402,117 @@ index 8d695b6..752d427a 100644
1004
1005 return nh->nh_saddr;
1006 }
1007 +diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
1008 +index 5e346a0..d0a7c03 100644
1009 +--- a/net/ipv4/inet_fragment.c
1010 ++++ b/net/ipv4/inet_fragment.c
1011 +@@ -131,34 +131,22 @@ inet_evict_bucket(struct inet_frags *f, struct inet_frag_bucket *hb)
1012 + unsigned int evicted = 0;
1013 + HLIST_HEAD(expired);
1014 +
1015 +-evict_again:
1016 + spin_lock(&hb->chain_lock);
1017 +
1018 + hlist_for_each_entry_safe(fq, n, &hb->chain, list) {
1019 + if (!inet_fragq_should_evict(fq))
1020 + continue;
1021 +
1022 +- if (!del_timer(&fq->timer)) {
1023 +- /* q expiring right now thus increment its refcount so
1024 +- * it won't be freed under us and wait until the timer
1025 +- * has finished executing then destroy it
1026 +- */
1027 +- atomic_inc(&fq->refcnt);
1028 +- spin_unlock(&hb->chain_lock);
1029 +- del_timer_sync(&fq->timer);
1030 +- inet_frag_put(fq, f);
1031 +- goto evict_again;
1032 +- }
1033 ++ if (!del_timer(&fq->timer))
1034 ++ continue;
1035 +
1036 +- fq->flags |= INET_FRAG_EVICTED;
1037 +- hlist_del(&fq->list);
1038 +- hlist_add_head(&fq->list, &expired);
1039 ++ hlist_add_head(&fq->list_evictor, &expired);
1040 + ++evicted;
1041 + }
1042 +
1043 + spin_unlock(&hb->chain_lock);
1044 +
1045 +- hlist_for_each_entry_safe(fq, n, &expired, list)
1046 ++ hlist_for_each_entry_safe(fq, n, &expired, list_evictor)
1047 + f->frag_expire((unsigned long) fq);
1048 +
1049 + return evicted;
1050 +@@ -240,19 +228,21 @@ void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f)
1051 + int i;
1052 +
1053 + nf->low_thresh = 0;
1054 +- local_bh_disable();
1055 +
1056 + evict_again:
1057 ++ local_bh_disable();
1058 + seq = read_seqbegin(&f->rnd_seqlock);
1059 +
1060 + for (i = 0; i < INETFRAGS_HASHSZ ; i++)
1061 + inet_evict_bucket(f, &f->hash[i]);
1062 +
1063 +- if (read_seqretry(&f->rnd_seqlock, seq))
1064 ++ local_bh_enable();
1065 ++ cond_resched();
1066 ++
1067 ++ if (read_seqretry(&f->rnd_seqlock, seq) ||
1068 ++ percpu_counter_sum(&nf->mem))
1069 + goto evict_again;
1070 +
1071 +- local_bh_enable();
1072 +-
1073 + percpu_counter_destroy(&nf->mem);
1074 + }
1075 + EXPORT_SYMBOL(inet_frags_exit_net);
1076 +@@ -284,8 +274,8 @@ static inline void fq_unlink(struct inet_frag_queue *fq, struct inet_frags *f)
1077 + struct inet_frag_bucket *hb;
1078 +
1079 + hb = get_frag_bucket_locked(fq, f);
1080 +- if (!(fq->flags & INET_FRAG_EVICTED))
1081 +- hlist_del(&fq->list);
1082 ++ hlist_del(&fq->list);
1083 ++ fq->flags |= INET_FRAG_COMPLETE;
1084 + spin_unlock(&hb->chain_lock);
1085 + }
1086 +
1087 +@@ -297,7 +287,6 @@ void inet_frag_kill(struct inet_frag_queue *fq, struct inet_frags *f)
1088 + if (!(fq->flags & INET_FRAG_COMPLETE)) {
1089 + fq_unlink(fq, f);
1090 + atomic_dec(&fq->refcnt);
1091 +- fq->flags |= INET_FRAG_COMPLETE;
1092 + }
1093 + }
1094 + EXPORT_SYMBOL(inet_frag_kill);
1095 +@@ -330,11 +319,12 @@ void inet_frag_destroy(struct inet_frag_queue *q, struct inet_frags *f)
1096 + fp = xp;
1097 + }
1098 + sum = sum_truesize + f->qsize;
1099 +- sub_frag_mem_limit(q, sum);
1100 +
1101 + if (f->destructor)
1102 + f->destructor(q);
1103 + kmem_cache_free(f->frags_cachep, q);
1104 ++
1105 ++ sub_frag_mem_limit(nf, sum);
1106 + }
1107 + EXPORT_SYMBOL(inet_frag_destroy);
1108 +
1109 +@@ -390,7 +380,7 @@ static struct inet_frag_queue *inet_frag_alloc(struct netns_frags *nf,
1110 +
1111 + q->net = nf;
1112 + f->constructor(q, arg);
1113 +- add_frag_mem_limit(q, f->qsize);
1114 ++ add_frag_mem_limit(nf, f->qsize);
1115 +
1116 + setup_timer(&q->timer, f->frag_expire, (unsigned long)q);
1117 + spin_lock_init(&q->lock);
1118 diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
1119 index c6fb80b..8705495 100644
1120 --- a/net/ipv4/inet_hashtables.c
1121 @@ -118074,9 +118557,18 @@ index 241afd7..31b95d5 100644
1122 p->rate_tokens = 0;
1123 /* 60*HZ is arbitrary, but chosen enough high so that the first
1124 diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
1125 -index cc1da6d..64b1534 100644
1126 +index cc1da6d..593fc73 100644
1127 --- a/net/ipv4/ip_fragment.c
1128 +++ b/net/ipv4/ip_fragment.c
1129 +@@ -192,7 +192,7 @@ static void ip_expire(unsigned long arg)
1130 + ipq_kill(qp);
1131 + IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
1132 +
1133 +- if (!(qp->q.flags & INET_FRAG_EVICTED)) {
1134 ++ if (!inet_frag_evicting(&qp->q)) {
1135 + struct sk_buff *head = qp->q.fragments;
1136 + const struct iphdr *iph;
1137 + int err;
1138 @@ -268,7 +268,7 @@ static int ip_frag_too_far(struct ipq *qp)
1139 return 0;
1140
1141 @@ -118086,6 +118578,51 @@ index cc1da6d..64b1534 100644
1142 qp->rid = end;
1143
1144 rc = qp->q.fragments && (end - start) > max;
1145 +@@ -301,7 +301,7 @@ static int ip_frag_reinit(struct ipq *qp)
1146 + kfree_skb(fp);
1147 + fp = xp;
1148 + } while (fp);
1149 +- sub_frag_mem_limit(&qp->q, sum_truesize);
1150 ++ sub_frag_mem_limit(qp->q.net, sum_truesize);
1151 +
1152 + qp->q.flags = 0;
1153 + qp->q.len = 0;
1154 +@@ -446,7 +446,7 @@ found:
1155 + qp->q.fragments = next;
1156 +
1157 + qp->q.meat -= free_it->len;
1158 +- sub_frag_mem_limit(&qp->q, free_it->truesize);
1159 ++ sub_frag_mem_limit(qp->q.net, free_it->truesize);
1160 + kfree_skb(free_it);
1161 + }
1162 + }
1163 +@@ -470,7 +470,7 @@ found:
1164 + qp->q.stamp = skb->tstamp;
1165 + qp->q.meat += skb->len;
1166 + qp->ecn |= ecn;
1167 +- add_frag_mem_limit(&qp->q, skb->truesize);
1168 ++ add_frag_mem_limit(qp->q.net, skb->truesize);
1169 + if (offset == 0)
1170 + qp->q.flags |= INET_FRAG_FIRST_IN;
1171 +
1172 +@@ -573,7 +573,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
1173 + head->len -= clone->len;
1174 + clone->csum = 0;
1175 + clone->ip_summed = head->ip_summed;
1176 +- add_frag_mem_limit(&qp->q, clone->truesize);
1177 ++ add_frag_mem_limit(qp->q.net, clone->truesize);
1178 + }
1179 +
1180 + skb_push(head, head->data - skb_network_header(head));
1181 +@@ -601,7 +601,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
1182 + }
1183 + fp = next;
1184 + }
1185 +- sub_frag_mem_limit(&qp->q, sum_truesize);
1186 ++ sub_frag_mem_limit(qp->q.net, sum_truesize);
1187 +
1188 + head->next = NULL;
1189 + head->dev = dev;
1190 @@ -750,12 +750,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
1191
1192 static int __net_init ip4_frags_ns_ctl_register(struct net *net)
1193 @@ -119380,7 +119917,7 @@ index 62f5b0d..331fdb1 100644
1194
1195 case IP6T_SO_GET_ENTRIES:
1196 diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
1197 -index 6f187c8..34b367f 100644
1198 +index 6f187c8..55e564f 100644
1199 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
1200 +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
1201 @@ -96,12 +96,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
1202 @@ -119421,6 +119958,33 @@ index 6f187c8..34b367f 100644
1203 err_alloc:
1204 return -ENOMEM;
1205 }
1206 +@@ -348,7 +346,7 @@ found:
1207 + fq->ecn |= ecn;
1208 + if (payload_len > fq->q.max_size)
1209 + fq->q.max_size = payload_len;
1210 +- add_frag_mem_limit(&fq->q, skb->truesize);
1211 ++ add_frag_mem_limit(fq->q.net, skb->truesize);
1212 +
1213 + /* The first fragment.
1214 + * nhoffset is obtained from the first fragment, of course.
1215 +@@ -430,7 +428,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device *dev)
1216 + clone->ip_summed = head->ip_summed;
1217 +
1218 + NFCT_FRAG6_CB(clone)->orig = NULL;
1219 +- add_frag_mem_limit(&fq->q, clone->truesize);
1220 ++ add_frag_mem_limit(fq->q.net, clone->truesize);
1221 + }
1222 +
1223 + /* We have to remove fragment header from datagram and to relocate
1224 +@@ -454,7 +452,7 @@ nf_ct_frag6_reasm(struct frag_queue *fq, struct net_device *dev)
1225 + head->csum = csum_add(head->csum, fp->csum);
1226 + head->truesize += fp->truesize;
1227 + }
1228 +- sub_frag_mem_limit(&fq->q, head->truesize);
1229 ++ sub_frag_mem_limit(fq->q.net, head->truesize);
1230 +
1231 + head->ignore_df = 1;
1232 + head->next = NULL;
1233 diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
1234 index 263a516..692f738 100644
1235 --- a/net/ipv6/ping.c
1236 @@ -119570,9 +120134,45 @@ index 8072bd4..1629245 100644
1237 return 0;
1238 default:
1239 diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
1240 -index 8ffa2c8..5968612 100644
1241 +index 8ffa2c8..0db5dad 100644
1242 --- a/net/ipv6/reassembly.c
1243 +++ b/net/ipv6/reassembly.c
1244 +@@ -144,7 +144,7 @@ void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq,
1245 +
1246 + IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMFAILS);
1247 +
1248 +- if (fq->q.flags & INET_FRAG_EVICTED)
1249 ++ if (inet_frag_evicting(&fq->q))
1250 + goto out_rcu_unlock;
1251 +
1252 + IP6_INC_STATS_BH(net, __in6_dev_get(dev), IPSTATS_MIB_REASMTIMEOUT);
1253 +@@ -330,7 +330,7 @@ found:
1254 + fq->q.stamp = skb->tstamp;
1255 + fq->q.meat += skb->len;
1256 + fq->ecn |= ecn;
1257 +- add_frag_mem_limit(&fq->q, skb->truesize);
1258 ++ add_frag_mem_limit(fq->q.net, skb->truesize);
1259 +
1260 + /* The first fragment.
1261 + * nhoffset is obtained from the first fragment, of course.
1262 +@@ -443,7 +443,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
1263 + head->len -= clone->len;
1264 + clone->csum = 0;
1265 + clone->ip_summed = head->ip_summed;
1266 +- add_frag_mem_limit(&fq->q, clone->truesize);
1267 ++ add_frag_mem_limit(fq->q.net, clone->truesize);
1268 + }
1269 +
1270 + /* We have to remove fragment header from datagram and to relocate
1271 +@@ -481,7 +481,7 @@ static int ip6_frag_reasm(struct frag_queue *fq, struct sk_buff *prev,
1272 + }
1273 + fp = next;
1274 + }
1275 +- sub_frag_mem_limit(&fq->q, sum_truesize);
1276 ++ sub_frag_mem_limit(fq->q.net, sum_truesize);
1277 +
1278 + head->next = NULL;
1279 + head->dev = dev;
1280 @@ -626,12 +626,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
1281
1282 static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
Report Message
Find on MARC Find on Google Groups