Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 4.9.13/, 4.9.12/
Date: Tue, 28 Feb 2017 12:36:45
Message-Id: 1488285370.fef0e13499bf94e5df62bf9b4ba3b396f9a6b813.blueness@gentoo
1 commit: fef0e13499bf94e5df62bf9b4ba3b396f9a6b813
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Tue Feb 28 12:36:10 2017 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Tue Feb 28 12:36:10 2017 +0000
6 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fef0e134
7
8 grsecurity-3.1-4.9.13-201702270729
9
10 {4.9.12 => 4.9.13}/0000_README | 6 +-
11 4.9.13/1012_linux-4.9.13.patch | 1079 ++++++++++++++++++++
12 .../4420_grsecurity-3.1-4.9.13-201702270729.patch | 161 ++-
13 {4.9.12 => 4.9.13}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4426_default_XATTR_PAX_FLAGS.patch | 0
15 .../4427_force_XATTR_PAX_tmpfs.patch | 0
16 .../4430_grsec-remove-localversion-grsec.patch | 0
17 {4.9.12 => 4.9.13}/4435_grsec-mute-warnings.patch | 0
18 .../4440_grsec-remove-protected-paths.patch | 0
19 .../4450_grsec-kconfig-default-gids.patch | 0
20 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
21 {4.9.12 => 4.9.13}/4470_disable-compat_vdso.patch | 0
22 {4.9.12 => 4.9.13}/4475_emutramp_default_on.patch | 0
23 13 files changed, 1158 insertions(+), 88 deletions(-)
24
25 diff --git a/4.9.12/0000_README b/4.9.13/0000_README
26 similarity index 93%
27 rename from 4.9.12/0000_README
28 rename to 4.9.13/0000_README
29 index fde5541..733ff59 100644
30 --- a/4.9.12/0000_README
31 +++ b/4.9.13/0000_README
32 @@ -2,7 +2,11 @@ README
33 -----------------------------------------------------------------------------
34 Individual Patch Descriptions:
35 -----------------------------------------------------------------------------
36 -Patch: 4420_grsecurity-3.1-4.9.12-201702231830.patch
37 +Patch: 1012_linux-4.9.13.patch
38 +From: http://www.kernel.org
39 +Desc: Linux 4.9.13
40 +
41 +Patch: 4420_grsecurity-3.1-4.9.13-201702270729.patch
42 From: http://www.grsecurity.net
43 Desc: hardened-sources base patch from upstream grsecurity
44
45
46 diff --git a/4.9.13/1012_linux-4.9.13.patch b/4.9.13/1012_linux-4.9.13.patch
47 new file mode 100644
48 index 0000000..8a48815
49 --- /dev/null
50 +++ b/4.9.13/1012_linux-4.9.13.patch
51 @@ -0,0 +1,1079 @@
52 +diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
53 +index 922dec8..65b05ba 100644
54 +--- a/Documentation/kernel-parameters.txt
55 ++++ b/Documentation/kernel-parameters.txt
56 +@@ -1391,6 +1391,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
57 + When zero, profiling data is discarded and associated
58 + debugfs files are removed at module unload time.
59 +
60 ++ goldfish [X86] Enable the goldfish android emulator platform.
61 ++ Don't use this when you are not running on the
62 ++ android emulator
63 ++
64 + gpt [EFI] Forces disk with valid GPT signature but
65 + invalid Protective MBR to be treated as GPT. If the
66 + primary GPT is corrupted, it enables the backup/alternate
67 +diff --git a/Makefile b/Makefile
68 +index 3cd6f6f..14dc275 100644
69 +--- a/Makefile
70 ++++ b/Makefile
71 +@@ -1,6 +1,6 @@
72 + VERSION = 4
73 + PATCHLEVEL = 9
74 +-SUBLEVEL = 12
75 ++SUBLEVEL = 13
76 + EXTRAVERSION =
77 + NAME = Roaring Lionus
78 +
79 +diff --git a/arch/x86/platform/goldfish/goldfish.c b/arch/x86/platform/goldfish/goldfish.c
80 +index 1693107..0d17c0a 100644
81 +--- a/arch/x86/platform/goldfish/goldfish.c
82 ++++ b/arch/x86/platform/goldfish/goldfish.c
83 +@@ -42,10 +42,22 @@ static struct resource goldfish_pdev_bus_resources[] = {
84 + }
85 + };
86 +
87 ++static bool goldfish_enable __initdata;
88 ++
89 ++static int __init goldfish_setup(char *str)
90 ++{
91 ++ goldfish_enable = true;
92 ++ return 0;
93 ++}
94 ++__setup("goldfish", goldfish_setup);
95 ++
96 + static int __init goldfish_init(void)
97 + {
98 ++ if (!goldfish_enable)
99 ++ return -ENODEV;
100 ++
101 + platform_device_register_simple("goldfish_pdev_bus", -1,
102 +- goldfish_pdev_bus_resources, 2);
103 ++ goldfish_pdev_bus_resources, 2);
104 + return 0;
105 + }
106 + device_initcall(goldfish_init);
107 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
108 +index 6bb21b3..a543ea6 100644
109 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
110 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
111 +@@ -567,10 +567,14 @@ int mlx5e_stats_flower(struct mlx5e_priv *priv,
112 +
113 + mlx5_fc_query_cached(counter, &bytes, &packets, &lastuse);
114 +
115 ++ preempt_disable();
116 ++
117 + tcf_exts_to_list(f->exts, &actions);
118 + list_for_each_entry(a, &actions, list)
119 + tcf_action_stats_update(a, bytes, packets, lastuse);
120 +
121 ++ preempt_enable();
122 ++
123 + return 0;
124 + }
125 +
126 +diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c
127 +index b9087b8..3f1971d 100644
128 +--- a/drivers/net/ethernet/ti/cpsw.c
129 ++++ b/drivers/net/ethernet/ti/cpsw.c
130 +@@ -2925,7 +2925,7 @@ static int cpsw_resume(struct device *dev)
131 + {
132 + struct platform_device *pdev = to_platform_device(dev);
133 + struct net_device *ndev = platform_get_drvdata(pdev);
134 +- struct cpsw_common *cpsw = netdev_priv(ndev);
135 ++ struct cpsw_common *cpsw = ndev_to_cpsw(ndev);
136 +
137 + /* Select default pin state */
138 + pinctrl_pm_select_default_state(dev);
139 +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
140 +index 0fafaa9..d4f495b 100644
141 +--- a/drivers/net/vxlan.c
142 ++++ b/drivers/net/vxlan.c
143 +@@ -2449,7 +2449,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
144 + return -EINVAL;
145 + rt = vxlan_get_route(vxlan, skb, 0, info->key.tos,
146 + info->key.u.ipv4.dst,
147 +- &info->key.u.ipv4.src, NULL, info);
148 ++ &info->key.u.ipv4.src,
149 ++ &info->dst_cache, info);
150 + if (IS_ERR(rt))
151 + return PTR_ERR(rt);
152 + ip_rt_put(rt);
153 +@@ -2459,7 +2460,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
154 +
155 + ndst = vxlan6_get_route(vxlan, skb, 0, info->key.tos,
156 + info->key.label, &info->key.u.ipv6.dst,
157 +- &info->key.u.ipv6.src, NULL, info);
158 ++ &info->key.u.ipv6.src,
159 ++ &info->dst_cache, info);
160 + if (IS_ERR(ndst))
161 + return PTR_ERR(ndst);
162 + dst_release(ndst);
163 +diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
164 +index 3837bbd..ae0c48f 100644
165 +--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
166 ++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
167 +@@ -831,12 +831,30 @@ static void rtl_usb_stop(struct ieee80211_hw *hw)
168 + struct rtl_priv *rtlpriv = rtl_priv(hw);
169 + struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
170 + struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
171 ++ struct urb *urb;
172 +
173 + /* should after adapter start and interrupt enable. */
174 + set_hal_stop(rtlhal);
175 + cancel_work_sync(&rtlpriv->works.fill_h2c_cmd);
176 + /* Enable software */
177 + SET_USB_STOP(rtlusb);
178 ++
179 ++ /* free pre-allocated URBs from rtl_usb_start() */
180 ++ usb_kill_anchored_urbs(&rtlusb->rx_submitted);
181 ++
182 ++ tasklet_kill(&rtlusb->rx_work_tasklet);
183 ++ cancel_work_sync(&rtlpriv->works.lps_change_work);
184 ++
185 ++ flush_workqueue(rtlpriv->works.rtl_wq);
186 ++
187 ++ skb_queue_purge(&rtlusb->rx_queue);
188 ++
189 ++ while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
190 ++ usb_free_coherent(urb->dev, urb->transfer_buffer_length,
191 ++ urb->transfer_buffer, urb->transfer_dma);
192 ++ usb_free_urb(urb);
193 ++ }
194 ++
195 + rtlpriv->cfg->ops->hw_disable(hw);
196 + }
197 +
198 +diff --git a/drivers/platform/goldfish/pdev_bus.c b/drivers/platform/goldfish/pdev_bus.c
199 +index 1f52462..dd9ea46 100644
200 +--- a/drivers/platform/goldfish/pdev_bus.c
201 ++++ b/drivers/platform/goldfish/pdev_bus.c
202 +@@ -157,23 +157,26 @@ static int goldfish_new_pdev(void)
203 + static irqreturn_t goldfish_pdev_bus_interrupt(int irq, void *dev_id)
204 + {
205 + irqreturn_t ret = IRQ_NONE;
206 ++
207 + while (1) {
208 + u32 op = readl(pdev_bus_base + PDEV_BUS_OP);
209 +- switch (op) {
210 +- case PDEV_BUS_OP_DONE:
211 +- return IRQ_NONE;
212 +
213 ++ switch (op) {
214 + case PDEV_BUS_OP_REMOVE_DEV:
215 + goldfish_pdev_remove();
216 ++ ret = IRQ_HANDLED;
217 + break;
218 +
219 + case PDEV_BUS_OP_ADD_DEV:
220 + goldfish_new_pdev();
221 ++ ret = IRQ_HANDLED;
222 + break;
223 ++
224 ++ case PDEV_BUS_OP_DONE:
225 ++ default:
226 ++ return ret;
227 + }
228 +- ret = IRQ_HANDLED;
229 + }
230 +- return ret;
231 + }
232 +
233 + static int goldfish_pdev_bus_probe(struct platform_device *pdev)
234 +diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
235 +index 7312e7e..6788e75 100644
236 +--- a/drivers/tty/serial/msm_serial.c
237 ++++ b/drivers/tty/serial/msm_serial.c
238 +@@ -1809,6 +1809,7 @@ static const struct of_device_id msm_match_table[] = {
239 + { .compatible = "qcom,msm-uartdm" },
240 + {}
241 + };
242 ++MODULE_DEVICE_TABLE(of, msm_match_table);
243 +
244 + static struct platform_driver msm_platform_driver = {
245 + .remove = msm_serial_remove,
246 +diff --git a/drivers/usb/serial/ark3116.c b/drivers/usb/serial/ark3116.c
247 +index 1532cde..7812052 100644
248 +--- a/drivers/usb/serial/ark3116.c
249 ++++ b/drivers/usb/serial/ark3116.c
250 +@@ -99,10 +99,17 @@ static int ark3116_read_reg(struct usb_serial *serial,
251 + usb_rcvctrlpipe(serial->dev, 0),
252 + 0xfe, 0xc0, 0, reg,
253 + buf, 1, ARK_TIMEOUT);
254 +- if (result < 0)
255 ++ if (result < 1) {
256 ++ dev_err(&serial->interface->dev,
257 ++ "failed to read register %u: %d\n",
258 ++ reg, result);
259 ++ if (result >= 0)
260 ++ result = -EIO;
261 ++
262 + return result;
263 +- else
264 +- return buf[0];
265 ++ }
266 ++
267 ++ return buf[0];
268 + }
269 +
270 + static inline int calc_divisor(int bps)
271 +diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
272 +index 8967715..b6f1ade 100644
273 +--- a/drivers/usb/serial/console.c
274 ++++ b/drivers/usb/serial/console.c
275 +@@ -143,6 +143,7 @@ static int usb_console_setup(struct console *co, char *options)
276 + tty->driver = usb_serial_tty_driver;
277 + tty->index = co->index;
278 + init_ldsem(&tty->ldisc_sem);
279 ++ spin_lock_init(&tty->files_lock);
280 + INIT_LIST_HEAD(&tty->tty_files);
281 + kref_get(&tty->driver->kref);
282 + __module_get(tty->driver->owner);
283 +diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
284 +index 243ac5e..8bb4875 100644
285 +--- a/drivers/usb/serial/cp210x.c
286 ++++ b/drivers/usb/serial/cp210x.c
287 +@@ -172,6 +172,8 @@ static const struct usb_device_id id_table[] = {
288 + { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
289 + { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
290 + { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */
291 ++ { USB_DEVICE(0x1901, 0x0195) }, /* GE B850/B650/B450 CP2104 DP UART interface */
292 ++ { USB_DEVICE(0x1901, 0x0196) }, /* GE B850 CP2105 DP UART interface */
293 + { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
294 + { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
295 + { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
296 +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
297 +index 6e9fc8b..99a0a5f 100644
298 +--- a/drivers/usb/serial/ftdi_sio.c
299 ++++ b/drivers/usb/serial/ftdi_sio.c
300 +@@ -1807,8 +1807,6 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
301 +
302 + mutex_init(&priv->cfg_lock);
303 +
304 +- priv->flags = ASYNC_LOW_LATENCY;
305 +-
306 + if (quirk && quirk->port_probe)
307 + quirk->port_probe(priv);
308 +
309 +@@ -2072,6 +2070,20 @@ static int ftdi_process_packet(struct usb_serial_port *port,
310 + priv->prev_status = status;
311 + }
312 +
313 ++ /* save if the transmitter is empty or not */
314 ++ if (packet[1] & FTDI_RS_TEMT)
315 ++ priv->transmit_empty = 1;
316 ++ else
317 ++ priv->transmit_empty = 0;
318 ++
319 ++ len -= 2;
320 ++ if (!len)
321 ++ return 0; /* status only */
322 ++
323 ++ /*
324 ++ * Break and error status must only be processed for packets with
325 ++ * data payload to avoid over-reporting.
326 ++ */
327 + flag = TTY_NORMAL;
328 + if (packet[1] & FTDI_RS_ERR_MASK) {
329 + /* Break takes precedence over parity, which takes precedence
330 +@@ -2094,15 +2106,6 @@ static int ftdi_process_packet(struct usb_serial_port *port,
331 + }
332 + }
333 +
334 +- /* save if the transmitter is empty or not */
335 +- if (packet[1] & FTDI_RS_TEMT)
336 +- priv->transmit_empty = 1;
337 +- else
338 +- priv->transmit_empty = 0;
339 +-
340 +- len -= 2;
341 +- if (!len)
342 +- return 0; /* status only */
343 + port->icount.rx += len;
344 + ch = packet + 2;
345 +
346 +@@ -2433,8 +2436,12 @@ static int ftdi_get_modem_status(struct usb_serial_port *port,
347 + FTDI_SIO_GET_MODEM_STATUS_REQUEST_TYPE,
348 + 0, priv->interface,
349 + buf, len, WDR_TIMEOUT);
350 +- if (ret < 0) {
351 ++
352 ++ /* NOTE: We allow short responses and handle that below. */
353 ++ if (ret < 1) {
354 + dev_err(&port->dev, "failed to get modem status: %d\n", ret);
355 ++ if (ret >= 0)
356 ++ ret = -EIO;
357 + ret = usb_translate_errors(ret);
358 + goto out;
359 + }
360 +diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
361 +index 4f9af47..5c4fc3a 100644
362 +--- a/drivers/usb/serial/mos7840.c
363 ++++ b/drivers/usb/serial/mos7840.c
364 +@@ -1024,6 +1024,7 @@ static int mos7840_open(struct tty_struct *tty, struct usb_serial_port *port)
365 + * (can't set it up in mos7840_startup as the structures *
366 + * were not set up at that time.) */
367 + if (port0->open_ports == 1) {
368 ++ /* FIXME: Buffer never NULL, so URB is not submitted. */
369 + if (serial->port[0]->interrupt_in_buffer == NULL) {
370 + /* set up interrupt urb */
371 + usb_fill_int_urb(serial->port[0]->interrupt_in_urb,
372 +@@ -2119,7 +2120,8 @@ static int mos7840_calc_num_ports(struct usb_serial *serial)
373 + static int mos7840_attach(struct usb_serial *serial)
374 + {
375 + if (serial->num_bulk_in < serial->num_ports ||
376 +- serial->num_bulk_out < serial->num_ports) {
377 ++ serial->num_bulk_out < serial->num_ports ||
378 ++ serial->num_interrupt_in < 1) {
379 + dev_err(&serial->interface->dev, "missing endpoints\n");
380 + return -ENODEV;
381 + }
382 +diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c
383 +index 4b7bfb3..64bf258 100644
384 +--- a/drivers/usb/serial/opticon.c
385 ++++ b/drivers/usb/serial/opticon.c
386 +@@ -142,7 +142,7 @@ static int opticon_open(struct tty_struct *tty, struct usb_serial_port *port)
387 + usb_clear_halt(port->serial->dev, port->read_urb->pipe);
388 +
389 + res = usb_serial_generic_open(tty, port);
390 +- if (!res)
391 ++ if (res)
392 + return res;
393 +
394 + /* Request CTS line state, sometimes during opening the current
395 +diff --git a/drivers/usb/serial/spcp8x5.c b/drivers/usb/serial/spcp8x5.c
396 +index 475e6c3..ddfd787 100644
397 +--- a/drivers/usb/serial/spcp8x5.c
398 ++++ b/drivers/usb/serial/spcp8x5.c
399 +@@ -232,11 +232,17 @@ static int spcp8x5_get_msr(struct usb_serial_port *port, u8 *status)
400 + ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
401 + GET_UART_STATUS, GET_UART_STATUS_TYPE,
402 + 0, GET_UART_STATUS_MSR, buf, 1, 100);
403 +- if (ret < 0)
404 ++ if (ret < 1) {
405 + dev_err(&port->dev, "failed to get modem status: %d\n", ret);
406 ++ if (ret >= 0)
407 ++ ret = -EIO;
408 ++ goto out;
409 ++ }
410 +
411 + dev_dbg(&port->dev, "0xc0:0x22:0:6 %d - 0x02%x\n", ret, *buf);
412 + *status = *buf;
413 ++ ret = 0;
414 ++out:
415 + kfree(buf);
416 +
417 + return ret;
418 +diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
419 +index cdc6bdd..e888961 100644
420 +--- a/fs/xfs/xfs_iomap.c
421 ++++ b/fs/xfs/xfs_iomap.c
422 +@@ -1068,7 +1068,15 @@ xfs_file_iomap_end_delalloc(
423 + xfs_fileoff_t end_fsb;
424 + int error = 0;
425 +
426 +- start_fsb = XFS_B_TO_FSB(mp, offset + written);
427 ++ /*
428 ++ * start_fsb refers to the first unused block after a short write. If
429 ++ * nothing was written, round offset down to point at the first block in
430 ++ * the range.
431 ++ */
432 ++ if (unlikely(!written))
433 ++ start_fsb = XFS_B_TO_FSBT(mp, offset);
434 ++ else
435 ++ start_fsb = XFS_B_TO_FSB(mp, offset + written);
436 + end_fsb = XFS_B_TO_FSB(mp, offset + length);
437 +
438 + /*
439 +@@ -1080,6 +1088,9 @@ xfs_file_iomap_end_delalloc(
440 + * blocks in the range, they are ours.
441 + */
442 + if (start_fsb < end_fsb) {
443 ++ truncate_pagecache_range(VFS_I(ip), XFS_FSB_TO_B(mp, start_fsb),
444 ++ XFS_FSB_TO_B(mp, end_fsb) - 1);
445 ++
446 + xfs_ilock(ip, XFS_ILOCK_EXCL);
447 + error = xfs_bmap_punch_delalloc_range(ip, start_fsb,
448 + end_fsb - start_fsb);
449 +diff --git a/include/acpi/platform/acenv.h b/include/acpi/platform/acenv.h
450 +index 34cce72..fca1539 100644
451 +--- a/include/acpi/platform/acenv.h
452 ++++ b/include/acpi/platform/acenv.h
453 +@@ -177,7 +177,7 @@
454 + #include "acmsvc.h"
455 +
456 + #elif defined(__INTEL_COMPILER)
457 +-#include "acintel.h"
458 ++#include <acpi/platform/acintel.h>
459 +
460 + #endif
461 +
462 +diff --git a/include/acpi/platform/acintel.h b/include/acpi/platform/acintel.h
463 +new file mode 100644
464 +index 0000000..17bd3b7
465 +--- /dev/null
466 ++++ b/include/acpi/platform/acintel.h
467 +@@ -0,0 +1,87 @@
468 ++/******************************************************************************
469 ++ *
470 ++ * Name: acintel.h - VC specific defines, etc.
471 ++ *
472 ++ *****************************************************************************/
473 ++
474 ++/*
475 ++ * Copyright (C) 2000 - 2017, Intel Corp.
476 ++ * All rights reserved.
477 ++ *
478 ++ * Redistribution and use in source and binary forms, with or without
479 ++ * modification, are permitted provided that the following conditions
480 ++ * are met:
481 ++ * 1. Redistributions of source code must retain the above copyright
482 ++ * notice, this list of conditions, and the following disclaimer,
483 ++ * without modification.
484 ++ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
485 ++ * substantially similar to the "NO WARRANTY" disclaimer below
486 ++ * ("Disclaimer") and any redistribution must be conditioned upon
487 ++ * including a substantially similar Disclaimer requirement for further
488 ++ * binary redistribution.
489 ++ * 3. Neither the names of the above-listed copyright holders nor the names
490 ++ * of any contributors may be used to endorse or promote products derived
491 ++ * from this software without specific prior written permission.
492 ++ *
493 ++ * Alternatively, this software may be distributed under the terms of the
494 ++ * GNU General Public License ("GPL") version 2 as published by the Free
495 ++ * Software Foundation.
496 ++ *
497 ++ * NO WARRANTY
498 ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
499 ++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
500 ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
501 ++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
502 ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
503 ++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
504 ++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
505 ++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
506 ++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
507 ++ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
508 ++ * POSSIBILITY OF SUCH DAMAGES.
509 ++ */
510 ++
511 ++#ifndef __ACINTEL_H__
512 ++#define __ACINTEL_H__
513 ++
514 ++/*
515 ++ * Use compiler specific <stdarg.h> is a good practice for even when
516 ++ * -nostdinc is specified (i.e., ACPI_USE_STANDARD_HEADERS undefined.
517 ++ */
518 ++#include <stdarg.h>
519 ++
520 ++/* Configuration specific to Intel 64-bit C compiler */
521 ++
522 ++#define COMPILER_DEPENDENT_INT64 __int64
523 ++#define COMPILER_DEPENDENT_UINT64 unsigned __int64
524 ++#define ACPI_INLINE __inline
525 ++
526 ++/*
527 ++ * Calling conventions:
528 ++ *
529 ++ * ACPI_SYSTEM_XFACE - Interfaces to host OS (handlers, threads)
530 ++ * ACPI_EXTERNAL_XFACE - External ACPI interfaces
531 ++ * ACPI_INTERNAL_XFACE - Internal ACPI interfaces
532 ++ * ACPI_INTERNAL_VAR_XFACE - Internal variable-parameter list interfaces
533 ++ */
534 ++#define ACPI_SYSTEM_XFACE
535 ++#define ACPI_EXTERNAL_XFACE
536 ++#define ACPI_INTERNAL_XFACE
537 ++#define ACPI_INTERNAL_VAR_XFACE
538 ++
539 ++/* remark 981 - operands evaluated in no particular order */
540 ++#pragma warning(disable:981)
541 ++
542 ++/* warn C4100: unreferenced formal parameter */
543 ++#pragma warning(disable:4100)
544 ++
545 ++/* warn C4127: conditional expression is constant */
546 ++#pragma warning(disable:4127)
547 ++
548 ++/* warn C4706: assignment within conditional expression */
549 ++#pragma warning(disable:4706)
550 ++
551 ++/* warn C4214: bit field types other than int */
552 ++#pragma warning(disable:4214)
553 ++
554 ++#endif /* __ACINTEL_H__ */
555 +diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
556 +index 2052011..6c70444 100644
557 +--- a/include/linux/ptr_ring.h
558 ++++ b/include/linux/ptr_ring.h
559 +@@ -111,6 +111,11 @@ static inline int __ptr_ring_produce(struct ptr_ring *r, void *ptr)
560 + return 0;
561 + }
562 +
563 ++/*
564 ++ * Note: resize (below) nests producer lock within consumer lock, so if you
565 ++ * consume in interrupt or BH context, you must disable interrupts/BH when
566 ++ * calling this.
567 ++ */
568 + static inline int ptr_ring_produce(struct ptr_ring *r, void *ptr)
569 + {
570 + int ret;
571 +@@ -242,6 +247,11 @@ static inline void *__ptr_ring_consume(struct ptr_ring *r)
572 + return ptr;
573 + }
574 +
575 ++/*
576 ++ * Note: resize (below) nests producer lock within consumer lock, so if you
577 ++ * call this in interrupt or BH context, you must disable interrupts/BH when
578 ++ * producing.
579 ++ */
580 + static inline void *ptr_ring_consume(struct ptr_ring *r)
581 + {
582 + void *ptr;
583 +@@ -357,7 +367,7 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
584 + void **old;
585 + void *ptr;
586 +
587 +- while ((ptr = ptr_ring_consume(r)))
588 ++ while ((ptr = __ptr_ring_consume(r)))
589 + if (producer < size)
590 + queue[producer++] = ptr;
591 + else if (destroy)
592 +@@ -372,6 +382,12 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
593 + return old;
594 + }
595 +
596 ++/*
597 ++ * Note: producer lock is nested within consumer lock, so if you
598 ++ * resize you must make sure all uses nest correctly.
599 ++ * In particular if you consume ring in interrupt or BH context, you must
600 ++ * disable interrupts/BH when doing so.
601 ++ */
602 + static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
603 + void (*destroy)(void *))
604 + {
605 +@@ -382,17 +398,25 @@ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
606 + if (!queue)
607 + return -ENOMEM;
608 +
609 +- spin_lock_irqsave(&(r)->producer_lock, flags);
610 ++ spin_lock_irqsave(&(r)->consumer_lock, flags);
611 ++ spin_lock(&(r)->producer_lock);
612 +
613 + old = __ptr_ring_swap_queue(r, queue, size, gfp, destroy);
614 +
615 +- spin_unlock_irqrestore(&(r)->producer_lock, flags);
616 ++ spin_unlock(&(r)->producer_lock);
617 ++ spin_unlock_irqrestore(&(r)->consumer_lock, flags);
618 +
619 + kfree(old);
620 +
621 + return 0;
622 + }
623 +
624 ++/*
625 ++ * Note: producer lock is nested within consumer lock, so if you
626 ++ * resize you must make sure all uses nest correctly.
627 ++ * In particular if you consume ring in interrupt or BH context, you must
628 ++ * disable interrupts/BH when doing so.
629 ++ */
630 + static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
631 + int size,
632 + gfp_t gfp, void (*destroy)(void *))
633 +@@ -412,10 +436,12 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
634 + }
635 +
636 + for (i = 0; i < nrings; ++i) {
637 +- spin_lock_irqsave(&(rings[i])->producer_lock, flags);
638 ++ spin_lock_irqsave(&(rings[i])->consumer_lock, flags);
639 ++ spin_lock(&(rings[i])->producer_lock);
640 + queues[i] = __ptr_ring_swap_queue(rings[i], queues[i],
641 + size, gfp, destroy);
642 +- spin_unlock_irqrestore(&(rings[i])->producer_lock, flags);
643 ++ spin_unlock(&(rings[i])->producer_lock);
644 ++ spin_unlock_irqrestore(&(rings[i])->consumer_lock, flags);
645 + }
646 +
647 + for (i = 0; i < nrings; ++i)
648 +diff --git a/mm/backing-dev.c b/mm/backing-dev.c
649 +index 8fde443..6ff2d77 100644
650 +--- a/mm/backing-dev.c
651 ++++ b/mm/backing-dev.c
652 +@@ -757,15 +757,20 @@ static int cgwb_bdi_init(struct backing_dev_info *bdi)
653 + if (!bdi->wb_congested)
654 + return -ENOMEM;
655 +
656 ++ atomic_set(&bdi->wb_congested->refcnt, 1);
657 ++
658 + err = wb_init(&bdi->wb, bdi, 1, GFP_KERNEL);
659 + if (err) {
660 +- kfree(bdi->wb_congested);
661 ++ wb_congested_put(bdi->wb_congested);
662 + return err;
663 + }
664 + return 0;
665 + }
666 +
667 +-static void cgwb_bdi_destroy(struct backing_dev_info *bdi) { }
668 ++static void cgwb_bdi_destroy(struct backing_dev_info *bdi)
669 ++{
670 ++ wb_congested_put(bdi->wb_congested);
671 ++}
672 +
673 + #endif /* CONFIG_CGROUP_WRITEBACK */
674 +
675 +diff --git a/net/core/neighbour.c b/net/core/neighbour.c
676 +index 2ae929f..9901e5b 100644
677 +--- a/net/core/neighbour.c
678 ++++ b/net/core/neighbour.c
679 +@@ -2927,7 +2927,8 @@ static void neigh_proc_update(struct ctl_table *ctl, int write)
680 + return;
681 +
682 + set_bit(index, p->data_state);
683 +- call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
684 ++ if (index == NEIGH_VAR_DELAY_PROBE_TIME)
685 ++ call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
686 + if (!dev) /* NULL dev means this is default value */
687 + neigh_copy_dflt_parms(net, p, index);
688 + }
689 +diff --git a/net/dccp/input.c b/net/dccp/input.c
690 +index ba34718..8fedc2d 100644
691 +--- a/net/dccp/input.c
692 ++++ b/net/dccp/input.c
693 +@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
694 + if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
695 + skb) < 0)
696 + return 1;
697 +- goto discard;
698 ++ consume_skb(skb);
699 ++ return 0;
700 + }
701 + if (dh->dccph_type == DCCP_PKT_RESET)
702 + goto discard;
703 +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
704 +index 65336f3..9826695 100644
705 +--- a/net/ipv4/ip_sockglue.c
706 ++++ b/net/ipv4/ip_sockglue.c
707 +@@ -105,10 +105,10 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
708 + if (skb->ip_summed != CHECKSUM_COMPLETE)
709 + return;
710 +
711 +- if (offset != 0)
712 +- csum = csum_sub(csum,
713 +- csum_partial(skb_transport_header(skb) + tlen,
714 +- offset, 0));
715 ++ if (offset != 0) {
716 ++ int tend_off = skb_transport_offset(skb) + tlen;
717 ++ csum = csum_sub(csum, skb_checksum(skb, tend_off, offset, 0));
718 ++ }
719 +
720 + put_cmsg(msg, SOL_IP, IP_CHECKSUM, sizeof(__wsum), &csum);
721 + }
722 +diff --git a/net/irda/irqueue.c b/net/irda/irqueue.c
723 +index acbe61c..160dc89 100644
724 +--- a/net/irda/irqueue.c
725 ++++ b/net/irda/irqueue.c
726 +@@ -383,9 +383,6 @@ EXPORT_SYMBOL(hashbin_new);
727 + * for deallocating this structure if it's complex. If not the user can
728 + * just supply kfree, which should take care of the job.
729 + */
730 +-#ifdef CONFIG_LOCKDEP
731 +-static int hashbin_lock_depth = 0;
732 +-#endif
733 + int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
734 + {
735 + irda_queue_t* queue;
736 +@@ -396,22 +393,27 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
737 + IRDA_ASSERT(hashbin->magic == HB_MAGIC, return -1;);
738 +
739 + /* Synchronize */
740 +- if ( hashbin->hb_type & HB_LOCK ) {
741 +- spin_lock_irqsave_nested(&hashbin->hb_spinlock, flags,
742 +- hashbin_lock_depth++);
743 +- }
744 ++ if (hashbin->hb_type & HB_LOCK)
745 ++ spin_lock_irqsave(&hashbin->hb_spinlock, flags);
746 +
747 + /*
748 + * Free the entries in the hashbin, TODO: use hashbin_clear when
749 + * it has been shown to work
750 + */
751 + for (i = 0; i < HASHBIN_SIZE; i ++ ) {
752 +- queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
753 +- while (queue ) {
754 +- if (free_func)
755 +- (*free_func)(queue);
756 +- queue = dequeue_first(
757 +- (irda_queue_t**) &hashbin->hb_queue[i]);
758 ++ while (1) {
759 ++ queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
760 ++
761 ++ if (!queue)
762 ++ break;
763 ++
764 ++ if (free_func) {
765 ++ if (hashbin->hb_type & HB_LOCK)
766 ++ spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
767 ++ free_func(queue);
768 ++ if (hashbin->hb_type & HB_LOCK)
769 ++ spin_lock_irqsave(&hashbin->hb_spinlock, flags);
770 ++ }
771 + }
772 + }
773 +
774 +@@ -420,12 +422,8 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
775 + hashbin->magic = ~HB_MAGIC;
776 +
777 + /* Release lock */
778 +- if ( hashbin->hb_type & HB_LOCK) {
779 ++ if (hashbin->hb_type & HB_LOCK)
780 + spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
781 +-#ifdef CONFIG_LOCKDEP
782 +- hashbin_lock_depth--;
783 +-#endif
784 +- }
785 +
786 + /*
787 + * Free the hashbin structure
788 +diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
789 +index 7e08a4d..a646f34 100644
790 +--- a/net/kcm/kcmsock.c
791 ++++ b/net/kcm/kcmsock.c
792 +@@ -929,23 +929,25 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
793 + goto out_error;
794 + }
795 +
796 +- /* New message, alloc head skb */
797 +- head = alloc_skb(0, sk->sk_allocation);
798 +- while (!head) {
799 +- kcm_push(kcm);
800 +- err = sk_stream_wait_memory(sk, &timeo);
801 +- if (err)
802 +- goto out_error;
803 +-
804 ++ if (msg_data_left(msg)) {
805 ++ /* New message, alloc head skb */
806 + head = alloc_skb(0, sk->sk_allocation);
807 +- }
808 ++ while (!head) {
809 ++ kcm_push(kcm);
810 ++ err = sk_stream_wait_memory(sk, &timeo);
811 ++ if (err)
812 ++ goto out_error;
813 +
814 +- skb = head;
815 ++ head = alloc_skb(0, sk->sk_allocation);
816 ++ }
817 +
818 +- /* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
819 +- * csum_and_copy_from_iter from skb_do_copy_data_nocache.
820 +- */
821 +- skb->ip_summed = CHECKSUM_UNNECESSARY;
822 ++ skb = head;
823 ++
824 ++ /* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
825 ++ * csum_and_copy_from_iter from skb_do_copy_data_nocache.
826 ++ */
827 ++ skb->ip_summed = CHECKSUM_UNNECESSARY;
828 ++ }
829 +
830 + start:
831 + while (msg_data_left(msg)) {
832 +@@ -1018,10 +1020,12 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
833 + if (eor) {
834 + bool not_busy = skb_queue_empty(&sk->sk_write_queue);
835 +
836 +- /* Message complete, queue it on send buffer */
837 +- __skb_queue_tail(&sk->sk_write_queue, head);
838 +- kcm->seq_skb = NULL;
839 +- KCM_STATS_INCR(kcm->stats.tx_msgs);
840 ++ if (head) {
841 ++ /* Message complete, queue it on send buffer */
842 ++ __skb_queue_tail(&sk->sk_write_queue, head);
843 ++ kcm->seq_skb = NULL;
844 ++ KCM_STATS_INCR(kcm->stats.tx_msgs);
845 ++ }
846 +
847 + if (msg->msg_flags & MSG_BATCH) {
848 + kcm->tx_wait_more = true;
849 +@@ -1040,8 +1044,10 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
850 + } else {
851 + /* Message not complete, save state */
852 + partial_message:
853 +- kcm->seq_skb = head;
854 +- kcm_tx_msg(head)->last_skb = skb;
855 ++ if (head) {
856 ++ kcm->seq_skb = head;
857 ++ kcm_tx_msg(head)->last_skb = skb;
858 ++ }
859 + }
860 +
861 + KCM_STATS_ADD(kcm->stats.tx_bytes, copied);
862 +diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c
863 +index 3e821da..8bc5a1b 100644
864 +--- a/net/llc/llc_conn.c
865 ++++ b/net/llc/llc_conn.c
866 +@@ -821,7 +821,10 @@ void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
867 + * another trick required to cope with how the PROCOM state
868 + * machine works. -acme
869 + */
870 ++ skb_orphan(skb);
871 ++ sock_hold(sk);
872 + skb->sk = sk;
873 ++ skb->destructor = sock_efree;
874 + }
875 + if (!sock_owned_by_user(sk))
876 + llc_conn_rcv(sk, skb);
877 +diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
878 +index d0e1e80..5404d0d 100644
879 +--- a/net/llc/llc_sap.c
880 ++++ b/net/llc/llc_sap.c
881 +@@ -290,7 +290,10 @@ static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
882 +
883 + ev->type = LLC_SAP_EV_TYPE_PDU;
884 + ev->reason = 0;
885 ++ skb_orphan(skb);
886 ++ sock_hold(sk);
887 + skb->sk = sk;
888 ++ skb->destructor = sock_efree;
889 + llc_sap_state_process(sap, skb);
890 + }
891 +
892 +diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
893 +index 7341adf..6dc44d9 100644
894 +--- a/net/netfilter/nf_conntrack_helper.c
895 ++++ b/net/netfilter/nf_conntrack_helper.c
896 +@@ -188,6 +188,26 @@ nf_ct_helper_ext_add(struct nf_conn *ct,
897 + }
898 + EXPORT_SYMBOL_GPL(nf_ct_helper_ext_add);
899 +
900 ++static struct nf_conntrack_helper *
901 ++nf_ct_lookup_helper(struct nf_conn *ct, struct net *net)
902 ++{
903 ++ if (!net->ct.sysctl_auto_assign_helper) {
904 ++ if (net->ct.auto_assign_helper_warned)
905 ++ return NULL;
906 ++ if (!__nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple))
907 ++ return NULL;
908 ++ pr_info("nf_conntrack: default automatic helper assignment "
909 ++ "has been turned off for security reasons and CT-based "
910 ++ " firewall rule not found. Use the iptables CT target "
911 ++ "to attach helpers instead.\n");
912 ++ net->ct.auto_assign_helper_warned = 1;
913 ++ return NULL;
914 ++ }
915 ++
916 ++ return __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
917 ++}
918 ++
919 ++
920 + int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
921 + gfp_t flags)
922 + {
923 +@@ -213,21 +233,14 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
924 + }
925 +
926 + help = nfct_help(ct);
927 +- if (net->ct.sysctl_auto_assign_helper && helper == NULL) {
928 +- helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
929 +- if (unlikely(!net->ct.auto_assign_helper_warned && helper)) {
930 +- pr_info("nf_conntrack: automatic helper "
931 +- "assignment is deprecated and it will "
932 +- "be removed soon. Use the iptables CT target "
933 +- "to attach helpers instead.\n");
934 +- net->ct.auto_assign_helper_warned = true;
935 +- }
936 +- }
937 +
938 + if (helper == NULL) {
939 +- if (help)
940 +- RCU_INIT_POINTER(help->helper, NULL);
941 +- return 0;
942 ++ helper = nf_ct_lookup_helper(ct, net);
943 ++ if (helper == NULL) {
944 ++ if (help)
945 ++ RCU_INIT_POINTER(help->helper, NULL);
946 ++ return 0;
947 ++ }
948 + }
949 +
950 + if (help == NULL) {
951 +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
952 +index 458722b..34de326 100644
953 +--- a/net/packet/af_packet.c
954 ++++ b/net/packet/af_packet.c
955 +@@ -1497,6 +1497,8 @@ static void __fanout_link(struct sock *sk, struct packet_sock *po)
956 + f->arr[f->num_members] = sk;
957 + smp_wmb();
958 + f->num_members++;
959 ++ if (f->num_members == 1)
960 ++ dev_add_pack(&f->prot_hook);
961 + spin_unlock(&f->lock);
962 + }
963 +
964 +@@ -1513,6 +1515,8 @@ static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
965 + BUG_ON(i >= f->num_members);
966 + f->arr[i] = f->arr[f->num_members - 1];
967 + f->num_members--;
968 ++ if (f->num_members == 0)
969 ++ __dev_remove_pack(&f->prot_hook);
970 + spin_unlock(&f->lock);
971 + }
972 +
973 +@@ -1619,6 +1623,7 @@ static void fanout_release_data(struct packet_fanout *f)
974 +
975 + static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
976 + {
977 ++ struct packet_rollover *rollover = NULL;
978 + struct packet_sock *po = pkt_sk(sk);
979 + struct packet_fanout *f, *match;
980 + u8 type = type_flags & 0xff;
981 +@@ -1641,23 +1646,28 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
982 + return -EINVAL;
983 + }
984 +
985 ++ mutex_lock(&fanout_mutex);
986 ++
987 ++ err = -EINVAL;
988 + if (!po->running)
989 +- return -EINVAL;
990 ++ goto out;
991 +
992 ++ err = -EALREADY;
993 + if (po->fanout)
994 +- return -EALREADY;
995 ++ goto out;
996 +
997 + if (type == PACKET_FANOUT_ROLLOVER ||
998 + (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) {
999 +- po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
1000 +- if (!po->rollover)
1001 +- return -ENOMEM;
1002 +- atomic_long_set(&po->rollover->num, 0);
1003 +- atomic_long_set(&po->rollover->num_huge, 0);
1004 +- atomic_long_set(&po->rollover->num_failed, 0);
1005 ++ err = -ENOMEM;
1006 ++ rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
1007 ++ if (!rollover)
1008 ++ goto out;
1009 ++ atomic_long_set(&rollover->num, 0);
1010 ++ atomic_long_set(&rollover->num_huge, 0);
1011 ++ atomic_long_set(&rollover->num_failed, 0);
1012 ++ po->rollover = rollover;
1013 + }
1014 +
1015 +- mutex_lock(&fanout_mutex);
1016 + match = NULL;
1017 + list_for_each_entry(f, &fanout_list, list) {
1018 + if (f->id == id &&
1019 +@@ -1687,7 +1697,6 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1020 + match->prot_hook.func = packet_rcv_fanout;
1021 + match->prot_hook.af_packet_priv = match;
1022 + match->prot_hook.id_match = match_fanout_group;
1023 +- dev_add_pack(&match->prot_hook);
1024 + list_add(&match->list, &fanout_list);
1025 + }
1026 + err = -EINVAL;
1027 +@@ -1704,36 +1713,40 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1028 + }
1029 + }
1030 + out:
1031 +- mutex_unlock(&fanout_mutex);
1032 +- if (err) {
1033 +- kfree(po->rollover);
1034 ++ if (err && rollover) {
1035 ++ kfree(rollover);
1036 + po->rollover = NULL;
1037 + }
1038 ++ mutex_unlock(&fanout_mutex);
1039 + return err;
1040 + }
1041 +
1042 +-static void fanout_release(struct sock *sk)
1043 ++/* If pkt_sk(sk)->fanout->sk_ref is zero, this function removes
1044 ++ * pkt_sk(sk)->fanout from fanout_list and returns pkt_sk(sk)->fanout.
1045 ++ * It is the responsibility of the caller to call fanout_release_data() and
1046 ++ * free the returned packet_fanout (after synchronize_net())
1047 ++ */
1048 ++static struct packet_fanout *fanout_release(struct sock *sk)
1049 + {
1050 + struct packet_sock *po = pkt_sk(sk);
1051 + struct packet_fanout *f;
1052 +
1053 ++ mutex_lock(&fanout_mutex);
1054 + f = po->fanout;
1055 +- if (!f)
1056 +- return;
1057 ++ if (f) {
1058 ++ po->fanout = NULL;
1059 +
1060 +- mutex_lock(&fanout_mutex);
1061 +- po->fanout = NULL;
1062 ++ if (atomic_dec_and_test(&f->sk_ref))
1063 ++ list_del(&f->list);
1064 ++ else
1065 ++ f = NULL;
1066 +
1067 +- if (atomic_dec_and_test(&f->sk_ref)) {
1068 +- list_del(&f->list);
1069 +- dev_remove_pack(&f->prot_hook);
1070 +- fanout_release_data(f);
1071 +- kfree(f);
1072 ++ if (po->rollover)
1073 ++ kfree_rcu(po->rollover, rcu);
1074 + }
1075 + mutex_unlock(&fanout_mutex);
1076 +
1077 +- if (po->rollover)
1078 +- kfree_rcu(po->rollover, rcu);
1079 ++ return f;
1080 + }
1081 +
1082 + static bool packet_extra_vlan_len_allowed(const struct net_device *dev,
1083 +@@ -2965,6 +2978,7 @@ static int packet_release(struct socket *sock)
1084 + {
1085 + struct sock *sk = sock->sk;
1086 + struct packet_sock *po;
1087 ++ struct packet_fanout *f;
1088 + struct net *net;
1089 + union tpacket_req_u req_u;
1090 +
1091 +@@ -3004,9 +3018,14 @@ static int packet_release(struct socket *sock)
1092 + packet_set_ring(sk, &req_u, 1, 1);
1093 + }
1094 +
1095 +- fanout_release(sk);
1096 ++ f = fanout_release(sk);
1097 +
1098 + synchronize_net();
1099 ++
1100 ++ if (f) {
1101 ++ fanout_release_data(f);
1102 ++ kfree(f);
1103 ++ }
1104 + /*
1105 + * Now the socket is dead. No more input will appear.
1106 + */
1107 +@@ -3958,7 +3977,6 @@ static int packet_notifier(struct notifier_block *this,
1108 + }
1109 + if (msg == NETDEV_UNREGISTER) {
1110 + packet_cached_dev_reset(po);
1111 +- fanout_release(sk);
1112 + po->ifindex = -1;
1113 + if (po->prot_hook.dev)
1114 + dev_put(po->prot_hook.dev);
1115 +diff --git a/net/socket.c b/net/socket.c
1116 +index 73dc69f..6bbccf0 100644
1117 +--- a/net/socket.c
1118 ++++ b/net/socket.c
1119 +@@ -2197,8 +2197,10 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
1120 + return err;
1121 +
1122 + err = sock_error(sock->sk);
1123 +- if (err)
1124 ++ if (err) {
1125 ++ datagrams = err;
1126 + goto out_put;
1127 ++ }
1128 +
1129 + entry = mmsg;
1130 + compat_entry = (struct compat_mmsghdr __user *)mmsg;
1131
1132 diff --git a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
1133 similarity index 99%
1134 rename from 4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
1135 rename to 4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
1136 index ce908bf..c9d116e 100644
1137 --- a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
1138 +++ b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
1139 @@ -310,10 +310,10 @@ index 9b9c479..5a635ff 100644
1140 A typical pattern in a Kbuild file looks like this:
1141
1142 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
1143 -index 922dec8..a45d4a2 100644
1144 +index 65b05ba..725a42a 100644
1145 --- a/Documentation/kernel-parameters.txt
1146 +++ b/Documentation/kernel-parameters.txt
1147 -@@ -1422,6 +1422,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1148 +@@ -1426,6 +1426,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1149 [KNL] Should the hard-lockup detector generate
1150 backtraces on all cpus.
1151 Format: <integer>
1152 @@ -326,7 +326,7 @@ index 922dec8..a45d4a2 100644
1153
1154 hashdist= [KNL,NUMA] Large hashes allocated during boot
1155 are distributed across NUMA nodes. Defaults on
1156 -@@ -2651,6 +2657,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1157 +@@ -2655,6 +2661,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1158 noexec=on: enable non-executable mappings (default)
1159 noexec=off: disable non-executable mappings
1160
1161 @@ -337,7 +337,7 @@ index 922dec8..a45d4a2 100644
1162 nosmap [X86]
1163 Disable SMAP (Supervisor Mode Access Prevention)
1164 even if it is supported by processor.
1165 -@@ -2959,6 +2969,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1166 +@@ -2963,6 +2973,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
1167 the specified number of seconds. This is to be used if
1168 your oopses keep scrolling off the screen.
1169
1170 @@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644
1171 cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags)
1172
1173 diff --git a/Makefile b/Makefile
1174 -index 3cd6f6f..43e4233 100644
1175 +index 14dc275..3ff2e6b 100644
1176 --- a/Makefile
1177 +++ b/Makefile
1178 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1179 @@ -30243,10 +30243,10 @@ index 06eb322..ca545b8 100644
1180 +EXPORT_SYMBOL(pax_check_alloca);
1181 +#endif
1182 diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
1183 -index 36cf1a4..046b56f 100644
1184 +index 36cf1a4..f3362b0 100644
1185 --- a/arch/x86/kernel/dumpstack_64.c
1186 +++ b/arch/x86/kernel/dumpstack_64.c
1187 -@@ -237,8 +237,42 @@ int is_valid_bugaddr(unsigned long ip)
1188 +@@ -237,8 +237,41 @@ int is_valid_bugaddr(unsigned long ip)
1189 {
1190 unsigned short ud2;
1191
1192 @@ -30274,7 +30274,6 @@ index 36cf1a4..046b56f 100644
1193 +
1194 + case STACK_TYPE_IRQ:
1195 + stack_left = sp & (IRQ_STACK_SIZE - 1);
1196 -+ put_cpu();
1197 + break;
1198 +
1199 + case STACK_TYPE_EXCEPTION ... STACK_TYPE_EXCEPTION_LAST:
1200 @@ -70084,10 +70083,10 @@ index 95cf1d8..b2a00f6 100644
1201 };
1202
1203 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
1204 -index 0fafaa9..0227536 100644
1205 +index d4f495b..9b39d92 100644
1206 --- a/drivers/net/vxlan.c
1207 +++ b/drivers/net/vxlan.c
1208 -@@ -3193,7 +3193,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
1209 +@@ -3195,7 +3195,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
1210 return vxlan->net;
1211 }
1212
1213 @@ -70096,7 +70095,7 @@ index 0fafaa9..0227536 100644
1214 .kind = "vxlan",
1215 .maxtype = IFLA_VXLAN_MAX,
1216 .policy = vxlan_policy,
1217 -@@ -3277,7 +3277,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
1218 +@@ -3279,7 +3279,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
1219 return NOTIFY_DONE;
1220 }
1221
1222 @@ -85235,7 +85234,7 @@ index a260cde..c395165 100644
1223 /* This is only available if kgdboc is a built in for early debugging */
1224 static int __init kgdboc_early_init(char *opt)
1225 diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
1226 -index 7312e7e..0a0f8b6 100644
1227 +index 6788e75..16f20c5 100644
1228 --- a/drivers/tty/serial/msm_serial.c
1229 +++ b/drivers/tty/serial/msm_serial.c
1230 @@ -1726,7 +1726,7 @@ static struct uart_driver msm_uart_driver = {
1231 @@ -86804,7 +86803,7 @@ index 460cebf..eb16bb4 100644
1232
1233 int
1234 diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
1235 -index 8967715..4a3791b 100644
1236 +index b6f1ade..fb83f15 100644
1237 --- a/drivers/usb/serial/console.c
1238 +++ b/drivers/usb/serial/console.c
1239 @@ -126,7 +126,7 @@ static int usb_console_setup(struct console *co, char *options)
1240 @@ -86816,7 +86815,7 @@ index 8967715..4a3791b 100644
1241 if (!tty_port_initialized(&port->port)) {
1242 if (serial->type->set_termios) {
1243 /*
1244 -@@ -172,7 +172,7 @@ static int usb_console_setup(struct console *co, char *options)
1245 +@@ -173,7 +173,7 @@ static int usb_console_setup(struct console *co, char *options)
1246 }
1247 /* Now that any required fake tty operations are completed restore
1248 * the tty port count */
1249 @@ -86825,7 +86824,7 @@ index 8967715..4a3791b 100644
1250 /* The console is special in terms of closing the device so
1251 * indicate this port is now acting as a system console. */
1252 port->port.console = 1;
1253 -@@ -184,7 +184,7 @@ static int usb_console_setup(struct console *co, char *options)
1254 +@@ -185,7 +185,7 @@ static int usb_console_setup(struct console *co, char *options)
1255 tty_port_tty_set(&port->port, NULL);
1256 tty_kref_put(tty);
1257 reset_open_count:
1258 @@ -86834,7 +86833,7 @@ index 8967715..4a3791b 100644
1259 usb_autopm_put_interface(serial->interface);
1260 error_get_interface:
1261 usb_serial_put(serial);
1262 -@@ -195,7 +195,7 @@ static int usb_console_setup(struct console *co, char *options)
1263 +@@ -196,7 +196,7 @@ static int usb_console_setup(struct console *co, char *options)
1264 static void usb_console_write(struct console *co,
1265 const char *buf, unsigned count)
1266 {
1267 @@ -156652,7 +156651,7 @@ index afcc550..ed3f097 100644
1268 depends on !KMEMCHECK
1269 select PAGE_EXTENSION
1270 diff --git a/mm/backing-dev.c b/mm/backing-dev.c
1271 -index 8fde443..a8cc381 100644
1272 +index 6ff2d77..0452af3 100644
1273 --- a/mm/backing-dev.c
1274 +++ b/mm/backing-dev.c
1275 @@ -12,7 +12,7 @@
1276 @@ -156664,7 +156663,7 @@ index 8fde443..a8cc381 100644
1277
1278 struct backing_dev_info noop_backing_dev_info = {
1279 .name = "noop",
1280 -@@ -898,7 +898,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
1281 +@@ -903,7 +903,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
1282 return err;
1283
1284 err = bdi_register(bdi, NULL, "%.28s-%ld", name,
1285 @@ -164068,7 +164067,7 @@ index 18e8893..82936b2 100644
1286 fle->object = flo;
1287 else
1288 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
1289 -index 2ae929f..fc8150d 100644
1290 +index 9901e5b..0b38f5b 100644
1291 --- a/net/core/neighbour.c
1292 +++ b/net/core/neighbour.c
1293 @@ -860,7 +860,7 @@ static void neigh_probe(struct neighbour *neigh)
1294 @@ -164143,7 +164142,7 @@ index 2ae929f..fc8150d 100644
1295
1296 tmp.extra1 = &zero;
1297 tmp.extra2 = &unres_qlen_max;
1298 -@@ -2936,7 +2936,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
1299 +@@ -2937,7 +2937,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
1300 void __user *buffer,
1301 size_t *lenp, loff_t *ppos)
1302 {
1303 @@ -164825,20 +164824,6 @@ index 0df2aa6..7db59f7 100644
1304 .init = sysctl_core_net_init,
1305 .exit = sysctl_core_net_exit,
1306 };
1307 -diff --git a/net/dccp/input.c b/net/dccp/input.c
1308 -index ba34718..8fedc2d 100644
1309 ---- a/net/dccp/input.c
1310 -+++ b/net/dccp/input.c
1311 -@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1312 - if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
1313 - skb) < 0)
1314 - return 1;
1315 -- goto discard;
1316 -+ consume_skb(skb);
1317 -+ return 0;
1318 - }
1319 - if (dh->dccph_type == DCCP_PKT_RESET)
1320 - goto discard;
1321 diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
1322 index 13d6b1a..eaa0cee 100644
1323 --- a/net/decnet/af_decnet.c
1324 @@ -165513,7 +165498,7 @@ index d6feabb..9cb3988 100644
1325 ICMP_PROT_UNREACH, 0);
1326 }
1327 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
1328 -index 65336f3..3c7e4b7 100644
1329 +index 9826695..84ffcbb 100644
1330 --- a/net/ipv4/ip_sockglue.c
1331 +++ b/net/ipv4/ip_sockglue.c
1332 @@ -1342,7 +1342,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
1333 @@ -169057,7 +169042,7 @@ index da9df2d..d8f3df4 100644
1334 table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
1335 GFP_KERNEL);
1336 diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
1337 -index 7341adf..0c5cfd3 100644
1338 +index 6dc44d9..6ccf1a3 100644
1339 --- a/net/netfilter/nf_conntrack_helper.c
1340 +++ b/net/netfilter/nf_conntrack_helper.c
1341 @@ -57,7 +57,7 @@ static struct ctl_table helper_sysctl_table[] = {
1342 @@ -169942,7 +169927,7 @@ index 7eb955e..479c9a6 100644
1343
1344 static int __init ovs_vxlan_tnl_init(void)
1345 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
1346 -index 458722b..5852eae 100644
1347 +index 34de326..071ac96 100644
1348 --- a/net/packet/af_packet.c
1349 +++ b/net/packet/af_packet.c
1350 @@ -278,7 +278,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
1351 @@ -169975,20 +169960,20 @@ index 458722b..5852eae 100644
1352 return idx;
1353 }
1354
1355 -@@ -1652,9 +1652,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1356 - po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
1357 - if (!po->rollover)
1358 - return -ENOMEM;
1359 -- atomic_long_set(&po->rollover->num, 0);
1360 -- atomic_long_set(&po->rollover->num_huge, 0);
1361 -- atomic_long_set(&po->rollover->num_failed, 0);
1362 -+ atomic_long_set_unchecked(&po->rollover->num, 0);
1363 -+ atomic_long_set_unchecked(&po->rollover->num_huge, 0);
1364 -+ atomic_long_set_unchecked(&po->rollover->num_failed, 0);
1365 +@@ -1662,9 +1662,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
1366 + rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
1367 + if (!rollover)
1368 + goto out;
1369 +- atomic_long_set(&rollover->num, 0);
1370 +- atomic_long_set(&rollover->num_huge, 0);
1371 +- atomic_long_set(&rollover->num_failed, 0);
1372 ++ atomic_long_set_unchecked(&rollover->num, 0);
1373 ++ atomic_long_set_unchecked(&rollover->num_huge, 0);
1374 ++ atomic_long_set_unchecked(&rollover->num_failed, 0);
1375 + po->rollover = rollover;
1376 }
1377
1378 - mutex_lock(&fanout_mutex);
1379 -@@ -2106,7 +2106,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1380 +@@ -2119,7 +2119,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
1381 is_drop_n_account = true;
1382 spin_lock(&sk->sk_receive_queue.lock);
1383 po->stats.stats1.tp_drops++;
1384 @@ -169997,7 +169982,7 @@ index 458722b..5852eae 100644
1385 spin_unlock(&sk->sk_receive_queue.lock);
1386
1387 drop_n_restore:
1388 -@@ -3848,7 +3848,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1389 +@@ -3867,7 +3867,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1390 case PACKET_HDRLEN:
1391 if (len > sizeof(int))
1392 len = sizeof(int);
1393 @@ -170006,7 +169991,7 @@ index 458722b..5852eae 100644
1394 return -EFAULT;
1395 switch (val) {
1396 case TPACKET_V1:
1397 -@@ -3883,9 +3883,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1398 +@@ -3902,9 +3902,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1399 case PACKET_ROLLOVER_STATS:
1400 if (!po->rollover)
1401 return -EINVAL;
1402 @@ -170019,7 +170004,7 @@ index 458722b..5852eae 100644
1403 data = &rstats;
1404 lv = sizeof(rstats);
1405 break;
1406 -@@ -3903,7 +3903,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1407 +@@ -3922,7 +3922,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
1408 len = lv;
1409 if (put_user(len, optlen))
1410 return -EFAULT;
1411 @@ -170648,7 +170633,7 @@ index daf8554..4ab495b 100644
1412
1413 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
1414 diff --git a/net/socket.c b/net/socket.c
1415 -index 73dc69f..ca77f2f 100644
1416 +index 6bbccf0..1991a22 100644
1417 --- a/net/socket.c
1418 +++ b/net/socket.c
1419 @@ -89,6 +89,7 @@
1420 @@ -170867,7 +170852,7 @@ index 73dc69f..ca77f2f 100644
1421
1422 /* user mode address pointers */
1423 struct sockaddr __user *uaddr;
1424 -@@ -2733,7 +2798,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
1425 +@@ -2735,7 +2800,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
1426 ifr = compat_alloc_user_space(buf_size);
1427 rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
1428
1429 @@ -170876,7 +170861,7 @@ index 73dc69f..ca77f2f 100644
1430 return -EFAULT;
1431
1432 if (put_user(convert_in ? rxnfc : compat_ptr(data),
1433 -@@ -2844,7 +2909,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
1434 +@@ -2846,7 +2911,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
1435 old_fs = get_fs();
1436 set_fs(KERNEL_DS);
1437 err = dev_ioctl(net, cmd,
1438 @@ -170885,7 +170870,7 @@ index 73dc69f..ca77f2f 100644
1439 set_fs(old_fs);
1440
1441 return err;
1442 -@@ -2937,7 +3002,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
1443 +@@ -2939,7 +3004,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
1444
1445 old_fs = get_fs();
1446 set_fs(KERNEL_DS);
1447 @@ -170894,7 +170879,7 @@ index 73dc69f..ca77f2f 100644
1448 set_fs(old_fs);
1449
1450 if (cmd == SIOCGIFMAP && !err) {
1451 -@@ -3021,7 +3086,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
1452 +@@ -3023,7 +3088,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
1453 ret |= get_user(rtdev, &(ur4->rt_dev));
1454 if (rtdev) {
1455 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
1456 @@ -170903,7 +170888,7 @@ index 73dc69f..ca77f2f 100644
1457 devname[15] = 0;
1458 } else
1459 r4.rt_dev = NULL;
1460 -@@ -3248,8 +3313,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
1461 +@@ -3250,8 +3315,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
1462 int __user *uoptlen;
1463 int err;
1464
1465 @@ -170914,7 +170899,7 @@ index 73dc69f..ca77f2f 100644
1466
1467 set_fs(KERNEL_DS);
1468 if (level == SOL_SOCKET)
1469 -@@ -3269,7 +3334,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
1470 +@@ -3271,7 +3336,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
1471 char __user *uoptval;
1472 int err;
1473
1474 @@ -193078,10 +193063,10 @@ index 0000000..74e91b2
1475 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
1476 diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
1477 new file mode 100644
1478 -index 0000000..1181e93
1479 +index 0000000..0928e48
1480 --- /dev/null
1481 +++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
1482 -@@ -0,0 +1,16321 @@
1483 +@@ -0,0 +1,16326 @@
1484 +recv_ctrl_pipe_us_data_0_fields recv_ctrl_pipe us_data 0 0 NULL
1485 +__earlyonly_bootmem_alloc_fndecl_3_fields __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
1486 +size_ttm_mem_reg_8_fields size ttm_mem_reg 0 8 NULL
1487 @@ -193956,6 +193941,7 @@ index 0000000..1181e93
1488 +xfer_len_nvme_trans_io_cdb_3486_fields xfer_len nvme_trans_io_cdb 0 3486 NULL
1489 +from_dio_submit_3494_fields from dio_submit 0 3494 NULL
1490 +hs_bkt_bits_cfs_hash_3509_fields hs_bkt_bits cfs_hash 0 3509 NULL
1491 ++statesize_hash_alg_common_3517_fields statesize hash_alg_common 0 3517 NULL
1492 +gru_vtop_fndecl_3522_fields gru_vtop fndecl 2 3522 NULL
1493 +cipso_v4_gentag_rng_fndecl_3532_fields cipso_v4_gentag_rng fndecl 0 3532 NULL
1494 +cl_out_max_entry_size_mvumi_hs_page1_3540_fields cl_out_max_entry_size mvumi_hs_page1 0 3540 NULL
1495 @@ -194562,6 +194548,7 @@ index 0000000..1181e93
1496 +dmi_len_vardecl_dmi_scan_c_6054_fields dmi_len vardecl_dmi_scan.c 0 6054 NULL nohasharray
1497 +ext4_inode_table_fndecl_6054_fields ext4_inode_table fndecl 0 6054 &dmi_len_vardecl_dmi_scan_c_6054_fields
1498 +map_base_tpm_inf_dev_6056_fields map_base tpm_inf_dev 0 6056 NULL
1499 ++reqsize_kpp_alg_6064_fields reqsize kpp_alg 0 6064 NULL
1500 +length_hci_ev_le_advertising_info_6074_fields length hci_ev_le_advertising_info 0 6074 NULL
1501 +elog_len_extlog_l1_head_6075_fields elog_len extlog_l1_head 0 6075 NULL
1502 +ioctx_alloc_fndecl_6081_fields ioctx_alloc fndecl 1 6081 NULL
1503 @@ -195113,7 +195100,8 @@ index 0000000..1181e93
1504 +datablklen_capi_register_params_8275_fields datablklen capi_register_params 0 8275 NULL
1505 +cdc_ncm_check_tx_max_fndecl_8278_fields cdc_ncm_check_tx_max fndecl 0-2 8278 NULL
1506 +msg_len_rndis_message_8281_fields msg_len rndis_message 0 8281 NULL
1507 -+__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL
1508 ++__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL nohasharray
1509 ++expectedlen_drbg_testvec_8283_fields expectedlen drbg_testvec 0 8283 &__sg_free_table_fndecl_8283_fields
1510 +rxrpc_kernel_recv_data_fndecl_8286_fields rxrpc_kernel_recv_data fndecl 4 8286 NULL
1511 +tail_len_cfg80211_beacon_data_8293_fields tail_len cfg80211_beacon_data 0 8293 NULL
1512 +ns_blocks_per_segment_the_nilfs_8295_fields ns_blocks_per_segment the_nilfs 0 8295 NULL nohasharray
1513 @@ -204534,6 +204522,7 @@ index 0000000..1181e93
1514 +ecc_strength_ds_nand_chip_45651_fields ecc_strength_ds nand_chip 0 45651 NULL
1515 +inftl_writeblock_fndecl_45653_fields inftl_writeblock fndecl 2 45653 NULL
1516 +size_core_name_45656_fields size core_name 0 45656 NULL
1517 ++b_public_size_kpp_testvec_45660_fields b_public_size kpp_testvec 0 45660 NULL
1518 +blockmask_alauda_media_info_45662_fields blockmask alauda_media_info 0 45662 NULL
1519 +dmi_base_vardecl_dmi_scan_c_45673_fields dmi_base vardecl_dmi_scan.c 0 45673 NULL
1520 +_snd_pcm_hw_param_min_fndecl_45677_fields _snd_pcm_hw_param_min fndecl 3 45677 NULL
1521 @@ -207995,6 +207984,7 @@ index 0000000..1181e93
1522 +fq_resize_fndecl_59744_fields fq_resize fndecl 2 59744 &ocfs2_read_dx_leaves_fndecl_59744_fields
1523 +nx_fw_cmd_set_phy_fndecl_59745_fields nx_fw_cmd_set_phy fndecl 3 59745 NULL
1524 +mt_count_mtop_59746_fields mt_count mtop 0 59746 NULL
1525 ++seedsize_rng_alg_59748_fields seedsize rng_alg 0 59748 NULL
1526 +xlog_write_calc_vec_length_fndecl_59749_fields xlog_write_calc_vec_length fndecl 0 59749 NULL
1527 +request_size_afs_call_59750_fields request_size afs_call 0 59750 NULL
1528 +addr_phys_netup_dma_59759_fields addr_phys netup_dma 0 59759 NULL
1529 @@ -225700,7 +225690,7 @@ index 0a578fe..b81f62d 100644
1530 })
1531
1532 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
1533 -index 7f9ee29..39268bd 100644
1534 +index 7f9ee29..1dccca1 100644
1535 --- a/virt/kvm/kvm_main.c
1536 +++ b/virt/kvm/kvm_main.c
1537 @@ -93,12 +93,17 @@ LIST_HEAD(vm_list);
1538 @@ -225723,7 +225713,18 @@ index 7f9ee29..39268bd 100644
1539
1540 struct dentry *kvm_debugfs_dir;
1541 EXPORT_SYMBOL_GPL(kvm_debugfs_dir);
1542 -@@ -911,7 +916,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
1543 +@@ -572,6 +577,10 @@ static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
1544 + struct kvm_stat_data *stat_data;
1545 + struct kvm_stats_debugfs_item *p;
1546 +
1547 ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
1548 ++ return 0;
1549 ++#endif
1550 ++
1551 + if (!debugfs_initialized())
1552 + return 0;
1553 +
1554 +@@ -911,7 +920,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
1555 /* We can read the guest memory with __xxx_user() later on. */
1556 if ((id < KVM_USER_MEM_SLOTS) &&
1557 ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
1558 @@ -225732,7 +225733,7 @@ index 7f9ee29..39268bd 100644
1559 (void __user *)(unsigned long)mem->userspace_addr,
1560 mem->memory_size)))
1561 goto out;
1562 -@@ -2025,9 +2030,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
1563 +@@ -2025,9 +2034,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
1564
1565 int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
1566 {
1567 @@ -225752,7 +225753,7 @@ index 7f9ee29..39268bd 100644
1568 }
1569 EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
1570
1571 -@@ -2379,7 +2392,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
1572 +@@ -2379,7 +2396,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
1573 return 0;
1574 }
1575
1576 @@ -225761,7 +225762,7 @@ index 7f9ee29..39268bd 100644
1577 .release = kvm_vcpu_release,
1578 .unlocked_ioctl = kvm_vcpu_ioctl,
1579 #ifdef CONFIG_KVM_COMPAT
1580 -@@ -3144,7 +3157,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
1581 +@@ -3144,7 +3161,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
1582 }
1583 #endif
1584
1585 @@ -225770,21 +225771,7 @@ index 7f9ee29..39268bd 100644
1586 .release = kvm_vm_release,
1587 .unlocked_ioctl = kvm_vm_ioctl,
1588 #ifdef CONFIG_KVM_COMPAT
1589 -@@ -3181,11 +3194,13 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
1590 - return PTR_ERR(file);
1591 - }
1592 -
1593 -+#ifndef CONFIG_GRKERNSEC_SYSFS_RESTRICT
1594 - if (kvm_create_vm_debugfs(kvm, r) < 0) {
1595 - put_unused_fd(r);
1596 - fput(file);
1597 - return -ENOMEM;
1598 - }
1599 -+#endif
1600 -
1601 - fd_install(r, file);
1602 - return r;
1603 -@@ -3231,7 +3246,7 @@ static long kvm_dev_ioctl(struct file *filp,
1604 +@@ -3231,7 +3248,7 @@ static long kvm_dev_ioctl(struct file *filp,
1605 return r;
1606 }
1607
1608 @@ -225793,7 +225780,7 @@ index 7f9ee29..39268bd 100644
1609 .unlocked_ioctl = kvm_dev_ioctl,
1610 .compat_ioctl = kvm_dev_ioctl,
1611 .llseek = noop_llseek,
1612 -@@ -3257,7 +3272,7 @@ static void hardware_enable_nolock(void *junk)
1613 +@@ -3257,7 +3274,7 @@ static void hardware_enable_nolock(void *junk)
1614
1615 if (r) {
1616 cpumask_clear_cpu(cpu, cpus_hardware_enabled);
1617 @@ -225802,7 +225789,7 @@ index 7f9ee29..39268bd 100644
1618 pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
1619 }
1620 }
1621 -@@ -3314,10 +3329,10 @@ static int hardware_enable_all(void)
1622 +@@ -3314,10 +3331,10 @@ static int hardware_enable_all(void)
1623
1624 kvm_usage_count++;
1625 if (kvm_usage_count == 1) {
1626 @@ -225815,7 +225802,7 @@ index 7f9ee29..39268bd 100644
1627 hardware_disable_all_nolock();
1628 r = -EBUSY;
1629 }
1630 -@@ -3877,8 +3892,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1631 +@@ -3877,8 +3894,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1632 /* A kmem cache lets us meet the alignment requirements of fx_save. */
1633 if (!vcpu_align)
1634 vcpu_align = __alignof__(struct kvm_vcpu);
1635 @@ -225827,7 +225814,7 @@ index 7f9ee29..39268bd 100644
1636 if (!kvm_vcpu_cache) {
1637 r = -ENOMEM;
1638 goto out_free_3;
1639 -@@ -3888,9 +3904,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1640 +@@ -3888,9 +3906,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1641 if (r)
1642 goto out_free;
1643
1644 @@ -225839,7 +225826,7 @@ index 7f9ee29..39268bd 100644
1645
1646 r = misc_register(&kvm_dev);
1647 if (r) {
1648 -@@ -3900,9 +3918,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1649 +@@ -3900,9 +3920,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
1650
1651 register_syscore_ops(&kvm_syscore_ops);
1652
1653
1654 diff --git a/4.9.12/4425_grsec_remove_EI_PAX.patch b/4.9.13/4425_grsec_remove_EI_PAX.patch
1655 similarity index 100%
1656 rename from 4.9.12/4425_grsec_remove_EI_PAX.patch
1657 rename to 4.9.13/4425_grsec_remove_EI_PAX.patch
1658
1659 diff --git a/4.9.12/4426_default_XATTR_PAX_FLAGS.patch b/4.9.13/4426_default_XATTR_PAX_FLAGS.patch
1660 similarity index 100%
1661 rename from 4.9.12/4426_default_XATTR_PAX_FLAGS.patch
1662 rename to 4.9.13/4426_default_XATTR_PAX_FLAGS.patch
1663
1664 diff --git a/4.9.12/4427_force_XATTR_PAX_tmpfs.patch b/4.9.13/4427_force_XATTR_PAX_tmpfs.patch
1665 similarity index 100%
1666 rename from 4.9.12/4427_force_XATTR_PAX_tmpfs.patch
1667 rename to 4.9.13/4427_force_XATTR_PAX_tmpfs.patch
1668
1669 diff --git a/4.9.12/4430_grsec-remove-localversion-grsec.patch b/4.9.13/4430_grsec-remove-localversion-grsec.patch
1670 similarity index 100%
1671 rename from 4.9.12/4430_grsec-remove-localversion-grsec.patch
1672 rename to 4.9.13/4430_grsec-remove-localversion-grsec.patch
1673
1674 diff --git a/4.9.12/4435_grsec-mute-warnings.patch b/4.9.13/4435_grsec-mute-warnings.patch
1675 similarity index 100%
1676 rename from 4.9.12/4435_grsec-mute-warnings.patch
1677 rename to 4.9.13/4435_grsec-mute-warnings.patch
1678
1679 diff --git a/4.9.12/4440_grsec-remove-protected-paths.patch b/4.9.13/4440_grsec-remove-protected-paths.patch
1680 similarity index 100%
1681 rename from 4.9.12/4440_grsec-remove-protected-paths.patch
1682 rename to 4.9.13/4440_grsec-remove-protected-paths.patch
1683
1684 diff --git a/4.9.12/4450_grsec-kconfig-default-gids.patch b/4.9.13/4450_grsec-kconfig-default-gids.patch
1685 similarity index 100%
1686 rename from 4.9.12/4450_grsec-kconfig-default-gids.patch
1687 rename to 4.9.13/4450_grsec-kconfig-default-gids.patch
1688
1689 diff --git a/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
1690 similarity index 100%
1691 rename from 4.9.12/4465_selinux-avc_audit-log-curr_ip.patch
1692 rename to 4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
1693
1694 diff --git a/4.9.12/4470_disable-compat_vdso.patch b/4.9.13/4470_disable-compat_vdso.patch
1695 similarity index 100%
1696 rename from 4.9.12/4470_disable-compat_vdso.patch
1697 rename to 4.9.13/4470_disable-compat_vdso.patch
1698
1699 diff --git a/4.9.12/4475_emutramp_default_on.patch b/4.9.13/4475_emutramp_default_on.patch
1700 similarity index 100%
1701 rename from 4.9.12/4475_emutramp_default_on.patch
1702 rename to 4.9.13/4475_emutramp_default_on.patch