Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.30/, 3.18.5/, 3.18.4/, 3.14.31/
Date: Sun, 01 Feb 2015 22:39:43
Message-Id: 1422830496.e3db4230cb75e44f913f0d9ece762b3de5501375.blueness@gentoo
1 commit: e3db4230cb75e44f913f0d9ece762b3de5501375
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sun Feb 1 22:41:36 2015 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sun Feb 1 22:41:36 2015 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=e3db4230
7
8 Grsec/PaX: 3.0-{3.14.31,3.18.5-201501310706
9
10 ---
11 {3.14.30 => 3.14.31}/0000_README | 2 +-
12 .../4420_grsecurity-3.0-3.14.31-201501310705.patch | 312 +++++++--------------
13 {3.18.4 => 3.14.31}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 .../4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 .../4470_disable-compat_vdso.patch | 0
21 {3.18.4 => 3.14.31}/4475_emutramp_default_on.patch | 0
22 {3.18.4 => 3.18.5}/0000_README | 2 +-
23 .../4420_grsecurity-3.0-3.18.5-201501310706.patch | 302 ++++++--------------
24 {3.14.30 => 3.18.5}/4425_grsec_remove_EI_PAX.patch | 0
25 .../4427_force_XATTR_PAX_tmpfs.patch | 0
26 .../4430_grsec-remove-localversion-grsec.patch | 0
27 {3.18.4 => 3.18.5}/4435_grsec-mute-warnings.patch | 0
28 .../4440_grsec-remove-protected-paths.patch | 0
29 .../4450_grsec-kconfig-default-gids.patch | 0
30 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
31 {3.18.4 => 3.18.5}/4470_disable-compat_vdso.patch | 0
32 {3.14.30 => 3.18.5}/4475_emutramp_default_on.patch | 0
33 22 files changed, 188 insertions(+), 430 deletions(-)
34
35 diff --git a/3.14.30/0000_README b/3.14.31/0000_README
36 similarity index 96%
37 rename from 3.14.30/0000_README
38 rename to 3.14.31/0000_README
39 index e7390a1..c3d5e32 100644
40 --- a/3.14.30/0000_README
41 +++ b/3.14.31/0000_README
42 @@ -2,7 +2,7 @@ README
43 -----------------------------------------------------------------------------
44 Individual Patch Descriptions:
45 -----------------------------------------------------------------------------
46 -Patch: 4420_grsecurity-3.0-3.14.30-201501272307.patch
47 +Patch: 4420_grsecurity-3.0-3.14.31-201501310705.patch
48 From: http://www.grsecurity.net
49 Desc: hardened-sources base patch from upstream grsecurity
50
51
52 diff --git a/3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch b/3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch
53 similarity index 99%
54 rename from 3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch
55 rename to 3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch
56 index fa3669a..a9df68f 100644
57 --- a/3.14.30/4420_grsecurity-3.0-3.14.30-201501272307.patch
58 +++ b/3.14.31/4420_grsecurity-3.0-3.14.31-201501310705.patch
59 @@ -292,7 +292,7 @@ index 5d91ba1..935a4e7 100644
60
61 pcd. [PARIDE]
62 diff --git a/Makefile b/Makefile
63 -index 5b94752..8acf114 100644
64 +index 5abf670..9b24a3b 100644
65 --- a/Makefile
66 +++ b/Makefile
67 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
68 @@ -12350,7 +12350,7 @@ index ad8f795..2c7eec6 100644
69 /*
70 * Memory returned by kmalloc() may be used for DMA, so we must make
71 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
72 -index 98aa930..9cfc3c7 100644
73 +index 2f645c9..7e2933c 100644
74 --- a/arch/x86/Kconfig
75 +++ b/arch/x86/Kconfig
76 @@ -22,6 +22,7 @@ config X86_64
77 @@ -12387,7 +12387,7 @@ index 98aa930..9cfc3c7 100644
78 ---help---
79 Say Y here to enable options for running Linux under various hyper-
80 visors. This option enables basic hypervisor detection and platform
81 -@@ -973,6 +975,7 @@ config VM86
82 +@@ -977,6 +979,7 @@ config VM86
83
84 config X86_16BIT
85 bool "Enable support for 16-bit segments" if EXPERT
86 @@ -12395,7 +12395,7 @@ index 98aa930..9cfc3c7 100644
87 default y
88 ---help---
89 This option is required by programs like Wine to run 16-bit
90 -@@ -1129,7 +1132,7 @@ choice
91 +@@ -1133,7 +1136,7 @@ choice
92
93 config NOHIGHMEM
94 bool "off"
95 @@ -12404,7 +12404,7 @@ index 98aa930..9cfc3c7 100644
96 ---help---
97 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
98 However, the address space of 32-bit x86 processors is only 4
99 -@@ -1166,7 +1169,7 @@ config NOHIGHMEM
100 +@@ -1170,7 +1173,7 @@ config NOHIGHMEM
101
102 config HIGHMEM4G
103 bool "4GB"
104 @@ -12413,7 +12413,7 @@ index 98aa930..9cfc3c7 100644
105 ---help---
106 Select this if you have a 32-bit processor and between 1 and 4
107 gigabytes of physical RAM.
108 -@@ -1219,7 +1222,7 @@ config PAGE_OFFSET
109 +@@ -1223,7 +1226,7 @@ config PAGE_OFFSET
110 hex
111 default 0xB0000000 if VMSPLIT_3G_OPT
112 default 0x80000000 if VMSPLIT_2G
113 @@ -12422,7 +12422,7 @@ index 98aa930..9cfc3c7 100644
114 default 0x40000000 if VMSPLIT_1G
115 default 0xC0000000
116 depends on X86_32
117 -@@ -1624,6 +1627,7 @@ source kernel/Kconfig.hz
118 +@@ -1628,6 +1631,7 @@ source kernel/Kconfig.hz
119
120 config KEXEC
121 bool "kexec system call"
122 @@ -12430,7 +12430,7 @@ index 98aa930..9cfc3c7 100644
123 ---help---
124 kexec is a system call that implements the ability to shutdown your
125 current kernel, and to start another kernel. It is like a reboot
126 -@@ -1775,7 +1779,9 @@ config X86_NEED_RELOCS
127 +@@ -1779,7 +1783,9 @@ config X86_NEED_RELOCS
128
129 config PHYSICAL_ALIGN
130 hex "Alignment value to which kernel should be aligned"
131 @@ -12441,7 +12441,7 @@ index 98aa930..9cfc3c7 100644
132 range 0x2000 0x1000000 if X86_32
133 range 0x200000 0x1000000 if X86_64
134 ---help---
135 -@@ -1855,9 +1861,10 @@ config DEBUG_HOTPLUG_CPU0
136 +@@ -1859,9 +1865,10 @@ config DEBUG_HOTPLUG_CPU0
137 If unsure, say N.
138
139 config COMPAT_VDSO
140 @@ -12716,7 +12716,7 @@ index 34bbc09..c126b87 100644
141 .quad 0x0000000000000000 /* TS continued */
142 gdt_end:
143 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
144 -index eb25ca1..3de0f7c 100644
145 +index 8f45c85..fc8346a 100644
146 --- a/arch/x86/boot/compressed/misc.c
147 +++ b/arch/x86/boot/compressed/misc.c
148 @@ -218,7 +218,7 @@ void __putstr(const char *s)
149 @@ -12764,7 +12764,7 @@ index eb25ca1..3de0f7c 100644
150 break;
151 default: /* Ignore other PT_* */ break;
152 }
153 -@@ -437,7 +440,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap,
154 +@@ -439,7 +442,7 @@ asmlinkage void *decompress_kernel(void *rmode, memptr heap,
155 error("Destination address too large");
156 #endif
157 #ifndef CONFIG_RELOCATABLE
158 @@ -16387,7 +16387,7 @@ index 1717156..14e260a 100644
159 "6:\n"
160 ".previous\n"
161 diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
162 -index 50d033a..59ecefa 100644
163 +index a94b82e..59ecefa 100644
164 --- a/arch/x86/include/asm/desc.h
165 +++ b/arch/x86/include/asm/desc.h
166 @@ -4,6 +4,7 @@
167 @@ -16485,7 +16485,7 @@ index 50d033a..59ecefa 100644
168 }
169
170 static inline void native_load_gdt(const struct desc_ptr *dtr)
171 -@@ -247,11 +258,14 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
172 +@@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
173 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
174 unsigned int i;
175
176 @@ -16495,37 +16495,8 @@ index 50d033a..59ecefa 100644
177 + pax_close_kernel();
178 }
179
180 --#define _LDT_empty(info) \
181 -+/* This intentionally ignores lm, since 32-bit apps don't have that field. */
182 -+#define LDT_empty(info) \
183 - ((info)->base_addr == 0 && \
184 - (info)->limit == 0 && \
185 - (info)->contents == 0 && \
186 -@@ -261,11 +275,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
187 - (info)->seg_not_present == 1 && \
188 - (info)->useable == 0)
189 -
190 --#ifdef CONFIG_X86_64
191 --#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0))
192 --#else
193 --#define LDT_empty(info) (_LDT_empty(info))
194 --#endif
195 -+/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */
196 -+static inline bool LDT_zero(const struct user_desc *info)
197 -+{
198 -+ return (info->base_addr == 0 &&
199 -+ info->limit == 0 &&
200 -+ info->contents == 0 &&
201 -+ info->read_exec_only == 0 &&
202 -+ info->seg_32bit == 0 &&
203 -+ info->limit_in_pages == 0 &&
204 -+ info->seg_not_present == 0 &&
205 -+ info->useable == 0);
206 -+}
207 -
208 - static inline void clear_LDT(void)
209 - {
210 -@@ -287,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc)
211 + /* This intentionally ignores lm, since 32-bit apps don't have that field. */
212 +@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc)
213 preempt_enable();
214 }
215
216 @@ -16534,7 +16505,7 @@ index 50d033a..59ecefa 100644
217 {
218 return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
219 }
220 -@@ -311,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
221 +@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
222 }
223
224 #ifdef CONFIG_X86_64
225 @@ -16543,7 +16514,7 @@ index 50d033a..59ecefa 100644
226 {
227 gate_desc s;
228
229 -@@ -321,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr)
230 +@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr)
231 #endif
232
233 #ifdef CONFIG_TRACING
234 @@ -16561,7 +16532,7 @@ index 50d033a..59ecefa 100644
235 unsigned dpl, unsigned ist, unsigned seg)
236 {
237 gate_desc s;
238 -@@ -348,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
239 +@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
240 #define _trace_set_gate(gate, type, addr, dpl, ist, seg)
241 #endif
242
243 @@ -16570,7 +16541,7 @@ index 50d033a..59ecefa 100644
244 unsigned dpl, unsigned ist, unsigned seg)
245 {
246 gate_desc s;
247 -@@ -371,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
248 +@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
249 #define set_intr_gate(n, addr) \
250 do { \
251 BUG_ON((unsigned)n > 0xFF); \
252 @@ -16582,7 +16553,7 @@ index 50d033a..59ecefa 100644
253 0, 0, __KERNEL_CS); \
254 } while (0)
255
256 -@@ -401,19 +422,19 @@ static inline void alloc_system_vector(int vector)
257 +@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector)
258 /*
259 * This routine sets up an interrupt gate at directory privilege level 3.
260 */
261 @@ -16605,7 +16576,7 @@ index 50d033a..59ecefa 100644
262 {
263 BUG_ON((unsigned)n > 0xFF);
264 _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
265 -@@ -422,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
266 +@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
267 static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
268 {
269 BUG_ON((unsigned)n > 0xFF);
270 @@ -16625,7 +16596,7 @@ index 50d033a..59ecefa 100644
271 {
272 BUG_ON((unsigned)n > 0xFF);
273 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
274 -@@ -503,4 +524,17 @@ static inline void load_current_idt(void)
275 +@@ -511,4 +524,17 @@ static inline void load_current_idt(void)
276 else
277 load_idt((const struct desc_ptr *)&idt_descr);
278 }
279 @@ -27866,49 +27837,10 @@ index 24d3c91..d06b473 100644
280 return pc;
281 }
282 diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
283 -index 4e942f3..c6e445a 100644
284 +index 7fc5e84..c6e445a 100644
285 --- a/arch/x86/kernel/tls.c
286 +++ b/arch/x86/kernel/tls.c
287 -@@ -29,7 +29,28 @@ static int get_free_idx(void)
288 -
289 - static bool tls_desc_okay(const struct user_desc *info)
290 - {
291 -- if (LDT_empty(info))
292 -+ /*
293 -+ * For historical reasons (i.e. no one ever documented how any
294 -+ * of the segmentation APIs work), user programs can and do
295 -+ * assume that a struct user_desc that's all zeros except for
296 -+ * entry_number means "no segment at all". This never actually
297 -+ * worked. In fact, up to Linux 3.19, a struct user_desc like
298 -+ * this would create a 16-bit read-write segment with base and
299 -+ * limit both equal to zero.
300 -+ *
301 -+ * That was close enough to "no segment at all" until we
302 -+ * hardened this function to disallow 16-bit TLS segments. Fix
303 -+ * it up by interpreting these zeroed segments the way that they
304 -+ * were almost certainly intended to be interpreted.
305 -+ *
306 -+ * The correct way to ask for "no segment at all" is to specify
307 -+ * a user_desc that satisfies LDT_empty. To keep everything
308 -+ * working, we accept both.
309 -+ *
310 -+ * Note that there's a similar kludge in modify_ldt -- look at
311 -+ * the distinction between modes 1 and 0x11.
312 -+ */
313 -+ if (LDT_empty(info) || LDT_zero(info))
314 - return true;
315 -
316 - /*
317 -@@ -71,7 +92,7 @@ static void set_tls_desc(struct task_struct *p, int idx,
318 - cpu = get_cpu();
319 -
320 - while (n-- > 0) {
321 -- if (LDT_empty(info))
322 -+ if (LDT_empty(info) || LDT_zero(info))
323 - desc->a = desc->b = 0;
324 - else
325 - fill_ldt(desc, info);
326 -@@ -118,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
327 +@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
328 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
329 return -EINVAL;
330
331 @@ -27920,7 +27852,7 @@ index 4e942f3..c6e445a 100644
332 set_tls_desc(p, idx, &info, 1);
333
334 return 0;
335 -@@ -235,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
336 +@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
337
338 if (kbuf)
339 info = kbuf;
340 @@ -27948,7 +27880,7 @@ index 1c113db..287b42e 100644
341 static int trace_irq_vector_refcount;
342 static DEFINE_MUTEX(irq_vector_mutex);
343 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
344 -index f9d976e..488b635 100644
345 +index b1d9002..04013df 100644
346 --- a/arch/x86/kernel/traps.c
347 +++ b/arch/x86/kernel/traps.c
348 @@ -66,7 +66,7 @@
349 @@ -28139,7 +28071,7 @@ index f9d976e..488b635 100644
350 if (!fixup_exception(regs)) {
351 task->thread.error_code = error_code;
352 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
353 -index de02906..7353850 100644
354 +index b20bced..17532ba 100644
355 --- a/arch/x86/kernel/tsc.c
356 +++ b/arch/x86/kernel/tsc.c
357 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
358 @@ -36836,7 +36768,7 @@ index 4044cf7..555ae4e 100644
359 goto error;
360
361 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
362 -index 7bdd61b..afec999 100644
363 +index 75c415d..0b21cd8 100644
364 --- a/crypto/cryptd.c
365 +++ b/crypto/cryptd.c
366 @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx {
367 @@ -36858,7 +36790,7 @@ index 7bdd61b..afec999 100644
368 static void cryptd_queue_worker(struct work_struct *work);
369
370 diff --git a/crypto/cts.c b/crypto/cts.c
371 -index 042223f..133f087 100644
372 +index 60b9da3..bd94058 100644
373 --- a/crypto/cts.c
374 +++ b/crypto/cts.c
375 @@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
376 @@ -36872,7 +36804,7 @@ index 042223f..133f087 100644
377 sg_set_buf(&sgdst[0], d, bsize);
378 err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
379 diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
380 -index 309d345..1632720 100644
381 +index c305d41..a96de79 100644
382 --- a/crypto/pcrypt.c
383 +++ b/crypto/pcrypt.c
384 @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
385 @@ -36885,7 +36817,7 @@ index 309d345..1632720 100644
386 kobject_uevent(&pinst->kobj, KOBJ_ADD);
387
388 diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
389 -index 4279480..7bb0474 100644
390 +index fdf7c00..a3e50c3 100644
391 --- a/crypto/sha1_generic.c
392 +++ b/crypto/sha1_generic.c
393 @@ -64,7 +64,7 @@ int crypto_sha1_update(struct shash_desc *desc, const u8 *data,
394 @@ -36898,7 +36830,7 @@ index 4279480..7bb0474 100644
395 }
396 memcpy(sctx->buffer + partial, src, len - done);
397 diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
398 -index 5433667..32c5e5e 100644
399 +index 136381b..cde0361 100644
400 --- a/crypto/sha256_generic.c
401 +++ b/crypto/sha256_generic.c
402 @@ -210,10 +210,9 @@ static void sha256_transform(u32 *state, const u8 *input)
403 @@ -36923,7 +36855,7 @@ index 5433667..32c5e5e 100644
404 return 0;
405 }
406 diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
407 -index 6ed124f..04d295a 100644
408 +index 6c6d901..d350854 100644
409 --- a/crypto/sha512_generic.c
410 +++ b/crypto/sha512_generic.c
411 @@ -238,7 +238,7 @@ static int sha384_final(struct shash_desc *desc, u8 *hash)
412 @@ -36936,7 +36868,7 @@ index 6ed124f..04d295a 100644
413 return 0;
414 }
415 diff --git a/crypto/tgr192.c b/crypto/tgr192.c
416 -index 8740355..3c7af0d 100644
417 +index f7ed2fb..321bc6f 100644
418 --- a/crypto/tgr192.c
419 +++ b/crypto/tgr192.c
420 @@ -612,7 +612,7 @@ static int tgr160_final(struct shash_desc *desc, u8 * out)
421 @@ -36958,7 +36890,7 @@ index 8740355..3c7af0d 100644
422 return 0;
423 }
424 diff --git a/crypto/vmac.c b/crypto/vmac.c
425 -index 2eb11a3..d84c24b 100644
426 +index bf2d3a8..df76a81 100644
427 --- a/crypto/vmac.c
428 +++ b/crypto/vmac.c
429 @@ -613,7 +613,7 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out)
430 @@ -36971,7 +36903,7 @@ index 2eb11a3..d84c24b 100644
431 ctx->partial_size = 0;
432 return 0;
433 diff --git a/crypto/wp512.c b/crypto/wp512.c
434 -index 180f1d6..ec64e77 100644
435 +index 253db94..7ee5a04 100644
436 --- a/crypto/wp512.c
437 +++ b/crypto/wp512.c
438 @@ -1102,8 +1102,8 @@ static int wp384_final(struct shash_desc *desc, u8 *out)
439 @@ -44092,7 +44024,7 @@ index 1946101..09766d2 100644
440 #include "qib_common.h"
441 #include "qib_verbs.h"
442 diff --git a/drivers/input/evdev.c b/drivers/input/evdev.c
443 -index ce953d8..1469995 100644
444 +index fb787c3..1469995 100644
445 --- a/drivers/input/evdev.c
446 +++ b/drivers/input/evdev.c
447 @@ -422,7 +422,7 @@ static int evdev_open(struct inode *inode, struct file *file)
448 @@ -44104,43 +44036,6 @@ index ce953d8..1469995 100644
449 return error;
450 }
451
452 -@@ -757,20 +757,23 @@ static int evdev_handle_set_keycode_v2(struct input_dev *dev, void __user *p)
453 - */
454 - static int evdev_handle_get_val(struct evdev_client *client,
455 - struct input_dev *dev, unsigned int type,
456 -- unsigned long *bits, unsigned int max,
457 -- unsigned int size, void __user *p, int compat)
458 -+ unsigned long *bits, unsigned int maxbit,
459 -+ unsigned int maxlen, void __user *p,
460 -+ int compat)
461 - {
462 - int ret;
463 - unsigned long *mem;
464 -+ size_t len;
465 -
466 -- mem = kmalloc(sizeof(unsigned long) * max, GFP_KERNEL);
467 -+ len = BITS_TO_LONGS(maxbit) * sizeof(unsigned long);
468 -+ mem = kmalloc(len, GFP_KERNEL);
469 - if (!mem)
470 - return -ENOMEM;
471 -
472 - spin_lock_irq(&dev->event_lock);
473 - spin_lock(&client->buffer_lock);
474 -
475 -- memcpy(mem, bits, sizeof(unsigned long) * max);
476 -+ memcpy(mem, bits, len);
477 -
478 - spin_unlock(&dev->event_lock);
479 -
480 -@@ -778,7 +781,7 @@ static int evdev_handle_get_val(struct evdev_client *client,
481 -
482 - spin_unlock_irq(&client->buffer_lock);
483 -
484 -- ret = bits_to_user(mem, max, size, p, compat);
485 -+ ret = bits_to_user(mem, maxbit, maxlen, p, compat);
486 - if (ret < 0)
487 - evdev_queue_syn_dropped(client);
488 -
489 diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c
490 index 24c41ba..102d71f 100644
491 --- a/drivers/input/gameport/gameport.c
492 @@ -45543,7 +45438,7 @@ index a46124e..caf0bd55 100644
493
494 rdev_dec_pending(rdev, mddev);
495 diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
496 -index 4913c06..663bb94 100644
497 +index 175584a..1561092 100644
498 --- a/drivers/md/raid5.c
499 +++ b/drivers/md/raid5.c
500 @@ -1711,6 +1711,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash)
501 @@ -47805,10 +47700,10 @@ index 9e7d95d..d447b88 100644
502 Say Y here if you want to support for Freescale FlexCAN.
503
504 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
505 -index cc11f7f..bf7de8b 100644
506 +index 1468c46..1f8e748 100644
507 --- a/drivers/net/can/dev.c
508 +++ b/drivers/net/can/dev.c
509 -@@ -756,7 +756,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
510 +@@ -760,7 +760,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
511 return -EOPNOTSUPP;
512 }
513
514 @@ -53164,7 +53059,7 @@ index 2ebe47b..3205833 100644
515
516 dlci->modem_rx = 0;
517 diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
518 -index d46b4cc..c470f00 100644
519 +index 850e232..59a0ccd 100644
520 --- a/drivers/tty/n_tty.c
521 +++ b/drivers/tty/n_tty.c
522 @@ -115,7 +115,7 @@ struct n_tty_data {
523 @@ -53176,7 +53071,7 @@ index d46b4cc..c470f00 100644
524 size_t line_start;
525
526 /* protected by output lock */
527 -@@ -2521,6 +2521,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
528 +@@ -2526,6 +2526,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
529 {
530 *ops = tty_ldisc_N_TTY;
531 ops->owner = NULL;
532 @@ -59643,10 +59538,10 @@ index ff286f3..8153a14 100644
533 .attrs = attrs,
534 };
535 diff --git a/fs/buffer.c b/fs/buffer.c
536 -index 4d06a57..5977df8 100644
537 +index eef21c6..10a8304 100644
538 --- a/fs/buffer.c
539 +++ b/fs/buffer.c
540 -@@ -3438,7 +3438,7 @@ void __init buffer_init(void)
541 +@@ -3450,7 +3450,7 @@ void __init buffer_init(void)
542 bh_cachep = kmem_cache_create("buffer_head",
543 sizeof(struct buffer_head), 0,
544 (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
545 @@ -61908,10 +61803,10 @@ index e6574d7..c30cbe2 100644
546 brelse(bh);
547 bh = NULL;
548 diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
549 -index 242226a..f3eb6c1 100644
550 +index 7620133..212880d 100644
551 --- a/fs/ext4/mballoc.c
552 +++ b/fs/ext4/mballoc.c
553 -@@ -1882,7 +1882,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
554 +@@ -1884,7 +1884,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
555 BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
556
557 if (EXT4_SB(sb)->s_mb_stats)
558 @@ -61920,7 +61815,7 @@ index 242226a..f3eb6c1 100644
559
560 break;
561 }
562 -@@ -2191,7 +2191,7 @@ repeat:
563 +@@ -2193,7 +2193,7 @@ repeat:
564 ac->ac_status = AC_STATUS_CONTINUE;
565 ac->ac_flags |= EXT4_MB_HINT_FIRST;
566 cr = 3;
567 @@ -61929,7 +61824,7 @@ index 242226a..f3eb6c1 100644
568 goto repeat;
569 }
570 }
571 -@@ -2699,25 +2699,25 @@ int ext4_mb_release(struct super_block *sb)
572 +@@ -2701,25 +2701,25 @@ int ext4_mb_release(struct super_block *sb)
573 if (sbi->s_mb_stats) {
574 ext4_msg(sb, KERN_INFO,
575 "mballoc: %u blocks %u reqs (%u success)",
576 @@ -61965,7 +61860,7 @@ index 242226a..f3eb6c1 100644
577 }
578
579 free_percpu(sbi->s_locality_groups);
580 -@@ -3171,16 +3171,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
581 +@@ -3173,16 +3173,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
582 struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
583
584 if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
585 @@ -61988,7 +61883,7 @@ index 242226a..f3eb6c1 100644
586 }
587
588 if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
589 -@@ -3607,7 +3607,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
590 +@@ -3609,7 +3609,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
591 trace_ext4_mb_new_inode_pa(ac, pa);
592
593 ext4_mb_use_inode_pa(ac, pa);
594 @@ -61997,7 +61892,7 @@ index 242226a..f3eb6c1 100644
595
596 ei = EXT4_I(ac->ac_inode);
597 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
598 -@@ -3667,7 +3667,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
599 +@@ -3669,7 +3669,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
600 trace_ext4_mb_new_group_pa(ac, pa);
601
602 ext4_mb_use_group_pa(ac, pa);
603 @@ -62006,7 +61901,7 @@ index 242226a..f3eb6c1 100644
604
605 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
606 lg = ac->ac_lg;
607 -@@ -3756,7 +3756,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
608 +@@ -3758,7 +3758,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
609 * from the bitmap and continue.
610 */
611 }
612 @@ -62015,7 +61910,7 @@ index 242226a..f3eb6c1 100644
613
614 return err;
615 }
616 -@@ -3774,7 +3774,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
617 +@@ -3776,7 +3776,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
618 ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
619 BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
620 mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
621 @@ -63763,7 +63658,7 @@ index b96a49b..9bfdc47 100644
622 cuse_class = class_create(THIS_MODULE, "cuse");
623 if (IS_ERR(cuse_class))
624 diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
625 -index 0a648bb..8d463f1 100644
626 +index 6eb13c6..4389620 100644
627 --- a/fs/fuse/dev.c
628 +++ b/fs/fuse/dev.c
629 @@ -1323,7 +1323,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
630 @@ -65197,7 +65092,7 @@ index 9e38daf..5727cae 100644
631 "inode 0x%lx or driver bug.", vdir->i_ino);
632 goto err_out;
633 diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
634 -index db9bd8a..8338fb6 100644
635 +index 86ddab9..cedba51 100644
636 --- a/fs/ntfs/file.c
637 +++ b/fs/ntfs/file.c
638 @@ -1282,7 +1282,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages,
639 @@ -81592,10 +81487,10 @@ index 6c58dd7..80d1d95 100644
640 #define current_cred_xxx(xxx) \
641 ({ \
642 diff --git a/include/linux/crypto.h b/include/linux/crypto.h
643 -index b92eadf..b4ecdc1 100644
644 +index 2b00d92..ab50c5e 100644
645 --- a/include/linux/crypto.h
646 +++ b/include/linux/crypto.h
647 -@@ -373,7 +373,7 @@ struct cipher_tfm {
648 +@@ -386,7 +386,7 @@ struct cipher_tfm {
649 const u8 *key, unsigned int keylen);
650 void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
651 void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
652 @@ -81604,7 +81499,7 @@ index b92eadf..b4ecdc1 100644
653
654 struct hash_tfm {
655 int (*init)(struct hash_desc *desc);
656 -@@ -394,13 +394,13 @@ struct compress_tfm {
657 +@@ -407,13 +407,13 @@ struct compress_tfm {
658 int (*cot_decompress)(struct crypto_tfm *tfm,
659 const u8 *src, unsigned int slen,
660 u8 *dst, unsigned int *dlen);
661 @@ -82047,7 +81942,7 @@ index c0894dd..2fbf10c 100644
662 };
663
664 diff --git a/include/linux/gfp.h b/include/linux/gfp.h
665 -index 39b81dc..819dc51 100644
666 +index 3824ac6..f3932a3 100644
667 --- a/include/linux/gfp.h
668 +++ b/include/linux/gfp.h
669 @@ -36,6 +36,13 @@ struct vm_area_struct;
670 @@ -83751,7 +83646,7 @@ index a74c3a8..28d3f21 100644
671 extern struct key_type key_type_keyring;
672
673 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
674 -index e465bb1..19f605f 100644
675 +index e465bb1..19f605fd 100644
676 --- a/include/linux/kgdb.h
677 +++ b/include/linux/kgdb.h
678 @@ -52,7 +52,7 @@ extern int kgdb_connected;
679 @@ -84395,18 +84290,18 @@ index c5d5278..f0b68c8 100644
680 }
681
682 diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
683 -index 1884353..626ca6b 100644
684 +index ac819bf..838afec 100644
685 --- a/include/linux/mmzone.h
686 +++ b/include/linux/mmzone.h
687 -@@ -401,7 +401,7 @@ struct zone {
688 - unsigned long flags; /* zone flags, see below */
689 +@@ -513,7 +513,7 @@ struct zone {
690
691 + ZONE_PADDING(_pad3_)
692 /* Zone statistics */
693 - atomic_long_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
694 -+ atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
695 ++ atomic_long_unchecked_t vm_stat[NR_VM_ZONE_STAT_ITEMS];
696 + } ____cacheline_internodealigned_in_smp;
697
698 - /*
699 - * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
700 + typedef enum {
701 diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
702 index 45e9214..4a547ac 100644
703 --- a/include/linux/mod_devicetable.h
704 @@ -94299,7 +94194,7 @@ index 13d2f7c..c93d0b0 100644
705 return cmd_attr_register_cpumask(info);
706 else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
707 diff --git a/kernel/time.c b/kernel/time.c
708 -index 3c49ab4..00a3aea 100644
709 +index 3eb322e..1ba53cf 100644
710 --- a/kernel/time.c
711 +++ b/kernel/time.c
712 @@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
713 @@ -96119,10 +96014,10 @@ index 09d9591..165bb75 100644
714 bdi_destroy(bdi);
715 return err;
716 diff --git a/mm/filemap.c b/mm/filemap.c
717 -index bdaa215..2949940 100644
718 +index 217cfd3..6257351 100644
719 --- a/mm/filemap.c
720 +++ b/mm/filemap.c
721 -@@ -1998,7 +1998,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
722 +@@ -1972,7 +1972,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
723 struct address_space *mapping = file->f_mapping;
724
725 if (!mapping->a_ops->readpage)
726 @@ -96131,7 +96026,7 @@ index bdaa215..2949940 100644
727 file_accessed(file);
728 vma->vm_ops = &generic_file_vm_ops;
729 return 0;
730 -@@ -2162,7 +2162,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
731 +@@ -2136,7 +2136,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr,
732
733 while (bytes) {
734 char __user *buf = iov->iov_base + base;
735 @@ -96140,7 +96035,7 @@ index bdaa215..2949940 100644
736
737 base = 0;
738 left = __copy_from_user_inatomic(vaddr, buf, copy);
739 -@@ -2190,7 +2190,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
740 +@@ -2164,7 +2164,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
741
742 kaddr = kmap_atomic(page);
743 if (likely(i->nr_segs == 1)) {
744 @@ -96149,7 +96044,7 @@ index bdaa215..2949940 100644
745 char __user *buf = i->iov->iov_base + i->iov_offset;
746 left = __copy_from_user_inatomic(kaddr + offset, buf, bytes);
747 copied = bytes - left;
748 -@@ -2218,7 +2218,7 @@ size_t iov_iter_copy_from_user(struct page *page,
749 +@@ -2192,7 +2192,7 @@ size_t iov_iter_copy_from_user(struct page *page,
750
751 kaddr = kmap(page);
752 if (likely(i->nr_segs == 1)) {
753 @@ -96158,7 +96053,7 @@ index bdaa215..2949940 100644
754 char __user *buf = i->iov->iov_base + i->iov_offset;
755 left = __copy_from_user(kaddr + offset, buf, bytes);
756 copied = bytes - left;
757 -@@ -2248,7 +2248,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes)
758 +@@ -2222,7 +2222,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes)
759 * zero-length segments (without overruning the iovec).
760 */
761 while (bytes || unlikely(i->count && !iov->iov_len)) {
762 @@ -96167,7 +96062,7 @@ index bdaa215..2949940 100644
763
764 copy = min(bytes, iov->iov_len - base);
765 BUG_ON(!i->count || i->count < copy);
766 -@@ -2319,6 +2319,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
767 +@@ -2293,6 +2293,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
768 *pos = i_size_read(inode);
769
770 if (limit != RLIM_INFINITY) {
771 @@ -96632,7 +96527,7 @@ index a98c7fc..393f8f1 100644
772 }
773 unset_migratetype_isolate(page, MIGRATE_MOVABLE);
774 diff --git a/mm/memory.c b/mm/memory.c
775 -index 924429e..732f880 100644
776 +index 7f30bea..67cb92b 100644
777 --- a/mm/memory.c
778 +++ b/mm/memory.c
779 @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
780 @@ -99190,7 +99085,7 @@ index 9f45f87..749bfd8 100644
781 unsigned long bg_thresh,
782 unsigned long dirty,
783 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
784 -index 4b25829..382c9bd 100644
785 +index ea41913..d1a474f 100644
786 --- a/mm/page_alloc.c
787 +++ b/mm/page_alloc.c
788 @@ -61,6 +61,7 @@
789 @@ -99210,7 +99105,7 @@ index 4b25829..382c9bd 100644
790 {
791 __free_pages_ok(page, compound_order(page));
792 }
793 -@@ -729,6 +730,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
794 +@@ -749,6 +750,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
795 int i;
796 int bad = 0;
797
798 @@ -99221,7 +99116,7 @@ index 4b25829..382c9bd 100644
799 trace_mm_page_free(page, order);
800 kmemcheck_free_shadow(page, order);
801
802 -@@ -745,6 +750,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
803 +@@ -765,6 +770,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
804 debug_check_no_obj_freed(page_address(page),
805 PAGE_SIZE << order);
806 }
807 @@ -99234,7 +99129,7 @@ index 4b25829..382c9bd 100644
808 arch_free_page(page, order);
809 kernel_map_pages(page, 1 << order, 0);
810
811 -@@ -767,6 +778,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
812 +@@ -788,6 +799,20 @@ static void __free_pages_ok(struct page *page, unsigned int order)
813 local_irq_restore(flags);
814 }
815
816 @@ -99255,7 +99150,7 @@ index 4b25829..382c9bd 100644
817 void __init __free_pages_bootmem(struct page *page, unsigned int order)
818 {
819 unsigned int nr_pages = 1 << order;
820 -@@ -782,6 +807,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
821 +@@ -803,6 +828,19 @@ void __init __free_pages_bootmem(struct page *page, unsigned int order)
822 __ClearPageReserved(p);
823 set_page_count(p, 0);
824
825 @@ -99275,7 +99170,7 @@ index 4b25829..382c9bd 100644
826 page_zone(page)->managed_pages += nr_pages;
827 set_page_refcounted(page);
828 __free_pages(page, order);
829 -@@ -910,8 +948,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
830 +@@ -931,8 +969,10 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags)
831 arch_alloc_page(page, order);
832 kernel_map_pages(page, 1 << order, 1);
833
834 @@ -99286,25 +99181,16 @@ index 4b25829..382c9bd 100644
835
836 if (order && (gfp_flags & __GFP_COMP))
837 prep_compound_page(page, order);
838 -@@ -1960,7 +2000,7 @@ zonelist_scan:
839 - if (alloc_flags & ALLOC_FAIR) {
840 - if (!zone_local(preferred_zone, zone))
841 - continue;
842 -- if (atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0)
843 -+ if (atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH]) <= 0)
844 - continue;
845 - }
846 - /*
847 -@@ -2424,7 +2464,7 @@ static void reset_alloc_batches(struct zonelist *zonelist,
848 - continue;
849 +@@ -1948,7 +1988,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
850 + do {
851 mod_zone_page_state(zone, NR_ALLOC_BATCH,
852 high_wmark_pages(zone) - low_wmark_pages(zone) -
853 - atomic_long_read(&zone->vm_stat[NR_ALLOC_BATCH]));
854 + atomic_long_read_unchecked(&zone->vm_stat[NR_ALLOC_BATCH]));
855 - }
856 + zone_clear_flag(zone, ZONE_FAIR_DEPLETED);
857 + } while (zone++ != preferred_zone);
858 }
859 -
860 -@@ -5669,7 +5709,7 @@ static void __setup_per_zone_wmarks(void)
861 +@@ -5711,7 +5751,7 @@ static void __setup_per_zone_wmarks(void)
862
863 __mod_zone_page_state(zone, NR_ALLOC_BATCH,
864 high_wmark_pages(zone) - low_wmark_pages(zone) -
865 @@ -99313,7 +99199,7 @@ index 4b25829..382c9bd 100644
866
867 setup_zone_migrate_reserve(zone);
868 spin_unlock_irqrestore(&zone->lock, flags);
869 -@@ -6611,4 +6651,4 @@ void dump_page(struct page *page, char *reason)
870 +@@ -6652,4 +6692,4 @@ void dump_page(struct page *page, char *reason)
871 {
872 dump_page_badflags(page, reason, 0);
873 }
874 @@ -99513,7 +99399,7 @@ index cab9820..cb05259 100644
875
876 /*
877 diff --git a/mm/shmem.c b/mm/shmem.c
878 -index 0f14475..c469130d 100644
879 +index 85d8a1a..da4e20f 100644
880 --- a/mm/shmem.c
881 +++ b/mm/shmem.c
882 @@ -33,7 +33,7 @@
883 @@ -99534,7 +99420,7 @@ index 0f14475..c469130d 100644
884
885 /*
886 * shmem_fallocate communicates with shmem_fault or shmem_writepage via
887 -@@ -2240,6 +2240,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
888 +@@ -2249,6 +2249,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
889 static int shmem_xattr_validate(const char *name)
890 {
891 struct { const char *prefix; size_t len; } arr[] = {
892 @@ -99546,7 +99432,7 @@ index 0f14475..c469130d 100644
893 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
894 { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
895 };
896 -@@ -2295,6 +2300,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
897 +@@ -2304,6 +2309,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
898 if (err)
899 return err;
900
901 @@ -99562,7 +99448,7 @@ index 0f14475..c469130d 100644
902 return simple_xattr_set(&info->xattrs, name, value, size, flags);
903 }
904
905 -@@ -2607,8 +2621,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
906 +@@ -2616,8 +2630,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
907 int err = -ENOMEM;
908
909 /* Round up to L1_CACHE_BYTES to resist false sharing */
910 @@ -100672,7 +100558,7 @@ index 63c3ea5..95c0858 100644
911 }
912 }
913 diff --git a/mm/swap.c b/mm/swap.c
914 -index c8048d7..099d1a3 100644
915 +index d2ceddf..d585efa 100644
916 --- a/mm/swap.c
917 +++ b/mm/swap.c
918 @@ -31,6 +31,7 @@
919 @@ -100785,7 +100671,7 @@ index c1010cb..210c536 100644
920 {
921 struct address_space *mapping = page->mapping;
922 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
923 -index 0fdf968..991ff6a 100644
924 +index aa3891e..97555dd 100644
925 --- a/mm/vmalloc.c
926 +++ b/mm/vmalloc.c
927 @@ -38,6 +38,21 @@ struct vfree_deferred {
928 @@ -101068,7 +100954,7 @@ index 0fdf968..991ff6a 100644
929 if (v->nr_pages)
930 seq_printf(m, " pages=%d", v->nr_pages);
931 diff --git a/mm/vmstat.c b/mm/vmstat.c
932 -index def5dd2..4ce55cec 100644
933 +index eded190..e4203d1 100644
934 --- a/mm/vmstat.c
935 +++ b/mm/vmstat.c
936 @@ -20,6 +20,7 @@
937 @@ -101126,7 +101012,7 @@ index def5dd2..4ce55cec 100644
938 }
939 }
940 #endif
941 -@@ -1150,10 +1151,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos)
942 +@@ -1151,10 +1152,22 @@ static void *vmstat_start(struct seq_file *m, loff_t *pos)
943 stat_items_size += sizeof(struct vm_event_state);
944 #endif
945
946 @@ -101150,7 +101036,7 @@ index def5dd2..4ce55cec 100644
947 for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
948 v[i] = global_page_state(i);
949 v += NR_VM_ZONE_STAT_ITEMS;
950 -@@ -1302,10 +1315,16 @@ static int __init setup_vmstat(void)
951 +@@ -1303,10 +1316,16 @@ static int __init setup_vmstat(void)
952 put_online_cpus();
953 #endif
954 #ifdef CONFIG_PROC_FS
955 @@ -118842,10 +118728,10 @@ index 0000000..4378111
956 +}
957 diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
958 new file mode 100644
959 -index 0000000..7ab73a3
960 +index 0000000..3d3508d
961 --- /dev/null
962 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data
963 -@@ -0,0 +1,6040 @@
964 +@@ -0,0 +1,6042 @@
965 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
966 +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
967 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
968 @@ -120927,6 +120813,7 @@ index 0000000..7ab73a3
969 +l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL
970 +bch_dump_read_22685 bch_dump_read 3 22685 NULL
971 +reg_umr_22686 reg_umr 5 22686 NULL
972 ++nr_cpusets_22705 nr_cpusets 0 22705 NULL
973 +alloc_libipw_22708 alloc_libipw 1 22708 NULL
974 +cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4-0 22735 NULL
975 +ceph_decode_32_22738 ceph_decode_32 0 22738 NULL nohasharray
976 @@ -121580,6 +121467,7 @@ index 0000000..7ab73a3
977 +read_cis_cache_29735 read_cis_cache 4 29735 NULL
978 +xfs_new_eof_29737 xfs_new_eof 2 29737 NULL
979 +std_nic_write_29752 std_nic_write 3 29752 NULL
980 ++static_key_count_29771 static_key_count 0 29771 NULL
981 +dbAlloc_29794 dbAlloc 0 29794 NULL
982 +tcp_sendpage_29829 tcp_sendpage 4 29829 NULL
983 +__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL
984
985 diff --git a/3.18.4/4425_grsec_remove_EI_PAX.patch b/3.14.31/4425_grsec_remove_EI_PAX.patch
986 similarity index 100%
987 rename from 3.18.4/4425_grsec_remove_EI_PAX.patch
988 rename to 3.14.31/4425_grsec_remove_EI_PAX.patch
989
990 diff --git a/3.14.30/4427_force_XATTR_PAX_tmpfs.patch b/3.14.31/4427_force_XATTR_PAX_tmpfs.patch
991 similarity index 100%
992 rename from 3.14.30/4427_force_XATTR_PAX_tmpfs.patch
993 rename to 3.14.31/4427_force_XATTR_PAX_tmpfs.patch
994
995 diff --git a/3.18.4/4430_grsec-remove-localversion-grsec.patch b/3.14.31/4430_grsec-remove-localversion-grsec.patch
996 similarity index 100%
997 rename from 3.18.4/4430_grsec-remove-localversion-grsec.patch
998 rename to 3.14.31/4430_grsec-remove-localversion-grsec.patch
999
1000 diff --git a/3.14.30/4435_grsec-mute-warnings.patch b/3.14.31/4435_grsec-mute-warnings.patch
1001 similarity index 100%
1002 rename from 3.14.30/4435_grsec-mute-warnings.patch
1003 rename to 3.14.31/4435_grsec-mute-warnings.patch
1004
1005 diff --git a/3.18.4/4440_grsec-remove-protected-paths.patch b/3.14.31/4440_grsec-remove-protected-paths.patch
1006 similarity index 100%
1007 rename from 3.18.4/4440_grsec-remove-protected-paths.patch
1008 rename to 3.14.31/4440_grsec-remove-protected-paths.patch
1009
1010 diff --git a/3.14.30/4450_grsec-kconfig-default-gids.patch b/3.14.31/4450_grsec-kconfig-default-gids.patch
1011 similarity index 100%
1012 rename from 3.14.30/4450_grsec-kconfig-default-gids.patch
1013 rename to 3.14.31/4450_grsec-kconfig-default-gids.patch
1014
1015 diff --git a/3.14.30/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.31/4465_selinux-avc_audit-log-curr_ip.patch
1016 similarity index 100%
1017 rename from 3.14.30/4465_selinux-avc_audit-log-curr_ip.patch
1018 rename to 3.14.31/4465_selinux-avc_audit-log-curr_ip.patch
1019
1020 diff --git a/3.14.30/4470_disable-compat_vdso.patch b/3.14.31/4470_disable-compat_vdso.patch
1021 similarity index 100%
1022 rename from 3.14.30/4470_disable-compat_vdso.patch
1023 rename to 3.14.31/4470_disable-compat_vdso.patch
1024
1025 diff --git a/3.18.4/4475_emutramp_default_on.patch b/3.14.31/4475_emutramp_default_on.patch
1026 similarity index 100%
1027 rename from 3.18.4/4475_emutramp_default_on.patch
1028 rename to 3.14.31/4475_emutramp_default_on.patch
1029
1030 diff --git a/3.18.4/0000_README b/3.18.5/0000_README
1031 similarity index 96%
1032 rename from 3.18.4/0000_README
1033 rename to 3.18.5/0000_README
1034 index d079d57..634a195 100644
1035 --- a/3.18.4/0000_README
1036 +++ b/3.18.5/0000_README
1037 @@ -2,7 +2,7 @@ README
1038 -----------------------------------------------------------------------------
1039 Individual Patch Descriptions:
1040 -----------------------------------------------------------------------------
1041 -Patch: 4420_grsecurity-3.0-3.18.4-201501272307.patch
1042 +Patch: 4420_grsecurity-3.0-3.18.5-201501310706.patch
1043 From: http://www.grsecurity.net
1044 Desc: hardened-sources base patch from upstream grsecurity
1045
1046
1047 diff --git a/3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch b/3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch
1048 similarity index 99%
1049 rename from 3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch
1050 rename to 3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch
1051 index 4163835..06b5a6e 100644
1052 --- a/3.18.4/4420_grsecurity-3.0-3.18.4-201501272307.patch
1053 +++ b/3.18.5/4420_grsecurity-3.0-3.18.5-201501310706.patch
1054 @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644
1055
1056 pcd. [PARIDE]
1057 diff --git a/Makefile b/Makefile
1058 -index 4e93284..ba06195 100644
1059 +index 6276fca..e21ed81 100644
1060 --- a/Makefile
1061 +++ b/Makefile
1062 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1063 @@ -3525,7 +3525,7 @@ index 7f352de..6dc0929 100644
1064
1065 static int keystone_platform_notifier(struct notifier_block *nb,
1066 diff --git a/arch/arm/mach-mvebu/coherency.c b/arch/arm/mach-mvebu/coherency.c
1067 -index c31f4c0..c86224d 100644
1068 +index 1163a3e..424adbf 100644
1069 --- a/arch/arm/mach-mvebu/coherency.c
1070 +++ b/arch/arm/mach-mvebu/coherency.c
1071 @@ -316,7 +316,7 @@ static void __init armada_370_coherency_init(struct device_node *np)
1072 @@ -12536,7 +12536,7 @@ index ad8f795..2c7eec6 100644
1073 /*
1074 * Memory returned by kmalloc() may be used for DMA, so we must make
1075 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
1076 -index 41a503c..cf98b04 100644
1077 +index 3635fff..c1f9fab 100644
1078 --- a/arch/x86/Kconfig
1079 +++ b/arch/x86/Kconfig
1080 @@ -129,7 +129,7 @@ config X86
1081 @@ -12565,7 +12565,7 @@ index 41a503c..cf98b04 100644
1082 ---help---
1083 Say Y here to enable options for running Linux under various hyper-
1084 visors. This option enables basic hypervisor detection and platform
1085 -@@ -973,6 +974,7 @@ config VM86
1086 +@@ -977,6 +978,7 @@ config VM86
1087
1088 config X86_16BIT
1089 bool "Enable support for 16-bit segments" if EXPERT
1090 @@ -12573,7 +12573,7 @@ index 41a503c..cf98b04 100644
1091 default y
1092 ---help---
1093 This option is required by programs like Wine to run 16-bit
1094 -@@ -1128,6 +1130,7 @@ choice
1095 +@@ -1132,6 +1134,7 @@ choice
1096
1097 config NOHIGHMEM
1098 bool "off"
1099 @@ -12581,7 +12581,7 @@ index 41a503c..cf98b04 100644
1100 ---help---
1101 Linux can use up to 64 Gigabytes of physical memory on x86 systems.
1102 However, the address space of 32-bit x86 processors is only 4
1103 -@@ -1164,6 +1167,7 @@ config NOHIGHMEM
1104 +@@ -1168,6 +1171,7 @@ config NOHIGHMEM
1105
1106 config HIGHMEM4G
1107 bool "4GB"
1108 @@ -12589,7 +12589,7 @@ index 41a503c..cf98b04 100644
1109 ---help---
1110 Select this if you have a 32-bit processor and between 1 and 4
1111 gigabytes of physical RAM.
1112 -@@ -1216,7 +1220,7 @@ config PAGE_OFFSET
1113 +@@ -1220,7 +1224,7 @@ config PAGE_OFFSET
1114 hex
1115 default 0xB0000000 if VMSPLIT_3G_OPT
1116 default 0x80000000 if VMSPLIT_2G
1117 @@ -12598,7 +12598,7 @@ index 41a503c..cf98b04 100644
1118 default 0x40000000 if VMSPLIT_1G
1119 default 0xC0000000
1120 depends on X86_32
1121 -@@ -1631,6 +1635,7 @@ source kernel/Kconfig.hz
1122 +@@ -1635,6 +1639,7 @@ source kernel/Kconfig.hz
1123
1124 config KEXEC
1125 bool "kexec system call"
1126 @@ -12606,7 +12606,7 @@ index 41a503c..cf98b04 100644
1127 ---help---
1128 kexec is a system call that implements the ability to shutdown your
1129 current kernel, and to start another kernel. It is like a reboot
1130 -@@ -1816,7 +1821,9 @@ config X86_NEED_RELOCS
1131 +@@ -1820,7 +1825,9 @@ config X86_NEED_RELOCS
1132
1133 config PHYSICAL_ALIGN
1134 hex "Alignment value to which kernel should be aligned"
1135 @@ -12617,7 +12617,7 @@ index 41a503c..cf98b04 100644
1136 range 0x2000 0x1000000 if X86_32
1137 range 0x200000 0x1000000 if X86_64
1138 ---help---
1139 -@@ -1899,6 +1906,7 @@ config COMPAT_VDSO
1140 +@@ -1903,6 +1910,7 @@ config COMPAT_VDSO
1141 def_bool n
1142 prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
1143 depends on X86_32 || IA32_EMULATION
1144 @@ -12884,7 +12884,7 @@ index 6b1766c..ad465c9 100644
1145 .quad 0x0000000000000000 /* TS continued */
1146 gdt_end:
1147 diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c
1148 -index 30dd59a..cd9edc3 100644
1149 +index 0c33a7c..be226ed 100644
1150 --- a/arch/x86/boot/compressed/misc.c
1151 +++ b/arch/x86/boot/compressed/misc.c
1152 @@ -242,7 +242,7 @@ static void handle_relocations(void *output, unsigned long output_len)
1153 @@ -12923,7 +12923,7 @@ index 30dd59a..cd9edc3 100644
1154 break;
1155 default: /* Ignore other PT_* */ break;
1156 }
1157 -@@ -402,7 +405,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
1158 +@@ -404,7 +407,7 @@ asmlinkage __visible void *decompress_kernel(void *rmode, memptr heap,
1159 error("Destination address too large");
1160 #endif
1161 #ifndef CONFIG_RELOCATABLE
1162 @@ -16544,7 +16544,7 @@ index 0bb1335..8f1aec7 100644
1163 "6:\n"
1164 ".previous\n"
1165 diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h
1166 -index 50d033a..59ecefa 100644
1167 +index a94b82e..59ecefa 100644
1168 --- a/arch/x86/include/asm/desc.h
1169 +++ b/arch/x86/include/asm/desc.h
1170 @@ -4,6 +4,7 @@
1171 @@ -16642,7 +16642,7 @@ index 50d033a..59ecefa 100644
1172 }
1173
1174 static inline void native_load_gdt(const struct desc_ptr *dtr)
1175 -@@ -247,11 +258,14 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
1176 +@@ -247,8 +258,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
1177 struct desc_struct *gdt = get_cpu_gdt_table(cpu);
1178 unsigned int i;
1179
1180 @@ -16652,37 +16652,8 @@ index 50d033a..59ecefa 100644
1181 + pax_close_kernel();
1182 }
1183
1184 --#define _LDT_empty(info) \
1185 -+/* This intentionally ignores lm, since 32-bit apps don't have that field. */
1186 -+#define LDT_empty(info) \
1187 - ((info)->base_addr == 0 && \
1188 - (info)->limit == 0 && \
1189 - (info)->contents == 0 && \
1190 -@@ -261,11 +275,18 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu)
1191 - (info)->seg_not_present == 1 && \
1192 - (info)->useable == 0)
1193 -
1194 --#ifdef CONFIG_X86_64
1195 --#define LDT_empty(info) (_LDT_empty(info) && ((info)->lm == 0))
1196 --#else
1197 --#define LDT_empty(info) (_LDT_empty(info))
1198 --#endif
1199 -+/* Lots of programs expect an all-zero user_desc to mean "no segment at all". */
1200 -+static inline bool LDT_zero(const struct user_desc *info)
1201 -+{
1202 -+ return (info->base_addr == 0 &&
1203 -+ info->limit == 0 &&
1204 -+ info->contents == 0 &&
1205 -+ info->read_exec_only == 0 &&
1206 -+ info->seg_32bit == 0 &&
1207 -+ info->limit_in_pages == 0 &&
1208 -+ info->seg_not_present == 0 &&
1209 -+ info->useable == 0);
1210 -+}
1211 -
1212 - static inline void clear_LDT(void)
1213 - {
1214 -@@ -287,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc)
1215 + /* This intentionally ignores lm, since 32-bit apps don't have that field. */
1216 +@@ -295,7 +308,7 @@ static inline void load_LDT(mm_context_t *pc)
1217 preempt_enable();
1218 }
1219
1220 @@ -16691,7 +16662,7 @@ index 50d033a..59ecefa 100644
1221 {
1222 return (unsigned)(desc->base0 | ((desc->base1) << 16) | ((desc->base2) << 24));
1223 }
1224 -@@ -311,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
1225 +@@ -319,7 +332,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit)
1226 }
1227
1228 #ifdef CONFIG_X86_64
1229 @@ -16700,7 +16671,7 @@ index 50d033a..59ecefa 100644
1230 {
1231 gate_desc s;
1232
1233 -@@ -321,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr)
1234 +@@ -329,14 +342,14 @@ static inline void set_nmi_gate(int gate, void *addr)
1235 #endif
1236
1237 #ifdef CONFIG_TRACING
1238 @@ -16718,7 +16689,7 @@ index 50d033a..59ecefa 100644
1239 unsigned dpl, unsigned ist, unsigned seg)
1240 {
1241 gate_desc s;
1242 -@@ -348,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
1243 +@@ -356,7 +369,7 @@ static inline void write_trace_idt_entry(int entry, const gate_desc *gate)
1244 #define _trace_set_gate(gate, type, addr, dpl, ist, seg)
1245 #endif
1246
1247 @@ -16727,7 +16698,7 @@ index 50d033a..59ecefa 100644
1248 unsigned dpl, unsigned ist, unsigned seg)
1249 {
1250 gate_desc s;
1251 -@@ -371,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
1252 +@@ -379,9 +392,9 @@ static inline void _set_gate(int gate, unsigned type, void *addr,
1253 #define set_intr_gate(n, addr) \
1254 do { \
1255 BUG_ON((unsigned)n > 0xFF); \
1256 @@ -16739,7 +16710,7 @@ index 50d033a..59ecefa 100644
1257 0, 0, __KERNEL_CS); \
1258 } while (0)
1259
1260 -@@ -401,19 +422,19 @@ static inline void alloc_system_vector(int vector)
1261 +@@ -409,19 +422,19 @@ static inline void alloc_system_vector(int vector)
1262 /*
1263 * This routine sets up an interrupt gate at directory privilege level 3.
1264 */
1265 @@ -16762,7 +16733,7 @@ index 50d033a..59ecefa 100644
1266 {
1267 BUG_ON((unsigned)n > 0xFF);
1268 _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS);
1269 -@@ -422,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
1270 +@@ -430,16 +443,16 @@ static inline void set_trap_gate(unsigned int n, void *addr)
1271 static inline void set_task_gate(unsigned int n, unsigned int gdt_entry)
1272 {
1273 BUG_ON((unsigned)n > 0xFF);
1274 @@ -16782,7 +16753,7 @@ index 50d033a..59ecefa 100644
1275 {
1276 BUG_ON((unsigned)n > 0xFF);
1277 _set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
1278 -@@ -503,4 +524,17 @@ static inline void load_current_idt(void)
1279 +@@ -511,4 +524,17 @@ static inline void load_current_idt(void)
1280 else
1281 load_idt((const struct desc_ptr *)&idt_descr);
1282 }
1283 @@ -25233,7 +25204,7 @@ index 4ddaf66..49d5c18 100644
1284 regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
1285 t->iopl = level << 12;
1286 diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
1287 -index 922d285..6d20692 100644
1288 +index 3790775..53717dc 100644
1289 --- a/arch/x86/kernel/irq.c
1290 +++ b/arch/x86/kernel/irq.c
1291 @@ -22,7 +22,7 @@
1292 @@ -27845,49 +27816,10 @@ index 0fa2960..91eabbe 100644
1293 return pc;
1294 }
1295 diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
1296 -index 4e942f3..c6e445a 100644
1297 +index 7fc5e84..c6e445a 100644
1298 --- a/arch/x86/kernel/tls.c
1299 +++ b/arch/x86/kernel/tls.c
1300 -@@ -29,7 +29,28 @@ static int get_free_idx(void)
1301 -
1302 - static bool tls_desc_okay(const struct user_desc *info)
1303 - {
1304 -- if (LDT_empty(info))
1305 -+ /*
1306 -+ * For historical reasons (i.e. no one ever documented how any
1307 -+ * of the segmentation APIs work), user programs can and do
1308 -+ * assume that a struct user_desc that's all zeros except for
1309 -+ * entry_number means "no segment at all". This never actually
1310 -+ * worked. In fact, up to Linux 3.19, a struct user_desc like
1311 -+ * this would create a 16-bit read-write segment with base and
1312 -+ * limit both equal to zero.
1313 -+ *
1314 -+ * That was close enough to "no segment at all" until we
1315 -+ * hardened this function to disallow 16-bit TLS segments. Fix
1316 -+ * it up by interpreting these zeroed segments the way that they
1317 -+ * were almost certainly intended to be interpreted.
1318 -+ *
1319 -+ * The correct way to ask for "no segment at all" is to specify
1320 -+ * a user_desc that satisfies LDT_empty. To keep everything
1321 -+ * working, we accept both.
1322 -+ *
1323 -+ * Note that there's a similar kludge in modify_ldt -- look at
1324 -+ * the distinction between modes 1 and 0x11.
1325 -+ */
1326 -+ if (LDT_empty(info) || LDT_zero(info))
1327 - return true;
1328 -
1329 - /*
1330 -@@ -71,7 +92,7 @@ static void set_tls_desc(struct task_struct *p, int idx,
1331 - cpu = get_cpu();
1332 -
1333 - while (n-- > 0) {
1334 -- if (LDT_empty(info))
1335 -+ if (LDT_empty(info) || LDT_zero(info))
1336 - desc->a = desc->b = 0;
1337 - else
1338 - fill_ldt(desc, info);
1339 -@@ -118,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
1340 +@@ -139,6 +139,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
1341 if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
1342 return -EINVAL;
1343
1344 @@ -27899,7 +27831,7 @@ index 4e942f3..c6e445a 100644
1345 set_tls_desc(p, idx, &info, 1);
1346
1347 return 0;
1348 -@@ -235,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
1349 +@@ -256,7 +261,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
1350
1351 if (kbuf)
1352 info = kbuf;
1353 @@ -28118,7 +28050,7 @@ index 07ab8e9..99c8456 100644
1354 if (!fixup_exception(regs)) {
1355 task->thread.error_code = error_code;
1356 diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
1357 -index b7e50bb..f4a93ae 100644
1358 +index 5054497..139f8f8 100644
1359 --- a/arch/x86/kernel/tsc.c
1360 +++ b/arch/x86/kernel/tsc.c
1361 @@ -150,7 +150,7 @@ static void cyc2ns_write_end(int cpu, struct cyc2ns_data *data)
1362 @@ -28694,63 +28626,10 @@ index 88f9201..0e7f1a3 100644
1363
1364 out:
1365 diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
1366 -index 22e7ed9..c3e2419 100644
1367 +index c7327a7..c3e2419 100644
1368 --- a/arch/x86/kvm/emulate.c
1369 +++ b/arch/x86/kvm/emulate.c
1370 -@@ -2345,7 +2345,7 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
1371 - * Not recognized on AMD in compat mode (but is recognized in legacy
1372 - * mode).
1373 - */
1374 -- if ((ctxt->mode == X86EMUL_MODE_PROT32) && (efer & EFER_LMA)
1375 -+ if ((ctxt->mode != X86EMUL_MODE_PROT64) && (efer & EFER_LMA)
1376 - && !vendor_intel(ctxt))
1377 - return emulate_ud(ctxt);
1378 -
1379 -@@ -2358,25 +2358,13 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
1380 - setup_syscalls_segments(ctxt, &cs, &ss);
1381 -
1382 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_CS, &msr_data);
1383 -- switch (ctxt->mode) {
1384 -- case X86EMUL_MODE_PROT32:
1385 -- if ((msr_data & 0xfffc) == 0x0)
1386 -- return emulate_gp(ctxt, 0);
1387 -- break;
1388 -- case X86EMUL_MODE_PROT64:
1389 -- if (msr_data == 0x0)
1390 -- return emulate_gp(ctxt, 0);
1391 -- break;
1392 -- default:
1393 -- break;
1394 -- }
1395 -+ if ((msr_data & 0xfffc) == 0x0)
1396 -+ return emulate_gp(ctxt, 0);
1397 -
1398 - ctxt->eflags &= ~(EFLG_VM | EFLG_IF);
1399 -- cs_sel = (u16)msr_data;
1400 -- cs_sel &= ~SELECTOR_RPL_MASK;
1401 -+ cs_sel = (u16)msr_data & ~SELECTOR_RPL_MASK;
1402 - ss_sel = cs_sel + 8;
1403 -- ss_sel &= ~SELECTOR_RPL_MASK;
1404 -- if (ctxt->mode == X86EMUL_MODE_PROT64 || (efer & EFER_LMA)) {
1405 -+ if (efer & EFER_LMA) {
1406 - cs.d = 0;
1407 - cs.l = 1;
1408 - }
1409 -@@ -2385,10 +2373,11 @@ static int em_sysenter(struct x86_emulate_ctxt *ctxt)
1410 - ops->set_segment(ctxt, ss_sel, &ss, 0, VCPU_SREG_SS);
1411 -
1412 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_EIP, &msr_data);
1413 -- ctxt->_eip = msr_data;
1414 -+ ctxt->_eip = (efer & EFER_LMA) ? msr_data : (u32)msr_data;
1415 -
1416 - ops->get_msr(ctxt, MSR_IA32_SYSENTER_ESP, &msr_data);
1417 -- *reg_write(ctxt, VCPU_REGS_RSP) = msr_data;
1418 -+ *reg_write(ctxt, VCPU_REGS_RSP) = (efer & EFER_LMA) ? msr_data :
1419 -+ (u32)msr_data;
1420 -
1421 - return X86EMUL_CONTINUE;
1422 - }
1423 -@@ -3519,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
1424 +@@ -3508,7 +3508,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
1425 int cr = ctxt->modrm_reg;
1426 u64 efer = 0;
1427
1428 @@ -28759,7 +28638,7 @@ index 22e7ed9..c3e2419 100644
1429 0xffffffff00000000ULL,
1430 0, 0, 0, /* CR3 checked later */
1431 CR4_RESERVED_BITS,
1432 -@@ -3554,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
1433 +@@ -3543,7 +3543,7 @@ static int check_cr_write(struct x86_emulate_ctxt *ctxt)
1434
1435 ctxt->ops->get_msr(ctxt, MSR_EFER, &efer);
1436 if (efer & EFER_LMA)
1437 @@ -28768,17 +28647,6 @@ index 22e7ed9..c3e2419 100644
1438
1439 if (new_val & rsvd)
1440 return emulate_gp(ctxt, 0);
1441 -@@ -3788,8 +3777,8 @@ static const struct opcode group5[] = {
1442 - };
1443 -
1444 - static const struct opcode group6[] = {
1445 -- DI(Prot, sldt),
1446 -- DI(Prot, str),
1447 -+ DI(Prot | DstMem, sldt),
1448 -+ DI(Prot | DstMem, str),
1449 - II(Prot | Priv | SrcMem16, em_lldt, lldt),
1450 - II(Prot | Priv | SrcMem16, em_ltr, ltr),
1451 - N, N, N, N,
1452 diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
1453 index b8345dd..f225d71 100644
1454 --- a/arch/x86/kvm/lapic.c
1455 @@ -36337,7 +36205,7 @@ index b0c2a61..10bb6ec 100644
1456 goto error;
1457
1458 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
1459 -index e592c90..c566114 100644
1460 +index 650afac1..f3307de 100644
1461 --- a/crypto/cryptd.c
1462 +++ b/crypto/cryptd.c
1463 @@ -63,7 +63,7 @@ struct cryptd_blkcipher_ctx {
1464 @@ -36359,7 +36227,7 @@ index e592c90..c566114 100644
1465 static void cryptd_queue_worker(struct work_struct *work);
1466
1467 diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
1468 -index 309d345..1632720 100644
1469 +index c305d41..a96de79 100644
1470 --- a/crypto/pcrypt.c
1471 +++ b/crypto/pcrypt.c
1472 @@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
1473 @@ -36483,10 +36351,10 @@ index c68e724..e863008 100644
1474 /* parse the table header to get the table length */
1475 if (count <= sizeof(struct acpi_table_header))
1476 diff --git a/drivers/acpi/device_pm.c b/drivers/acpi/device_pm.c
1477 -index 93b7142..5676c75 100644
1478 +index 6341e66..ebcf59c 100644
1479 --- a/drivers/acpi/device_pm.c
1480 +++ b/drivers/acpi/device_pm.c
1481 -@@ -1021,6 +1021,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
1482 +@@ -1029,6 +1029,8 @@ EXPORT_SYMBOL_GPL(acpi_subsys_freeze);
1483
1484 #endif /* CONFIG_PM_SLEEP */
1485
1486 @@ -36495,7 +36363,7 @@ index 93b7142..5676c75 100644
1487 static struct dev_pm_domain acpi_general_pm_domain = {
1488 .ops = {
1489 #ifdef CONFIG_PM_RUNTIME
1490 -@@ -1039,6 +1041,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
1491 +@@ -1047,6 +1049,7 @@ static struct dev_pm_domain acpi_general_pm_domain = {
1492 .restore_early = acpi_subsys_resume_early,
1493 #endif
1494 },
1495 @@ -36503,7 +36371,7 @@ index 93b7142..5676c75 100644
1496 };
1497
1498 /**
1499 -@@ -1108,7 +1111,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
1500 +@@ -1116,7 +1119,6 @@ int acpi_dev_pm_attach(struct device *dev, bool power_on)
1501 acpi_device_wakeup(adev, ACPI_STATE_S0, false);
1502 }
1503
1504 @@ -36556,7 +36424,7 @@ index 97683e4..655f6ba 100644
1505 unsigned long timeout_msec)
1506 {
1507 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
1508 -index c5ba15a..75ec7a8 100644
1509 +index 485f7ea..9a8df4a 100644
1510 --- a/drivers/ata/libata-core.c
1511 +++ b/drivers/ata/libata-core.c
1512 @@ -99,7 +99,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
1513 @@ -36568,7 +36436,7 @@ index c5ba15a..75ec7a8 100644
1514
1515 struct ata_force_param {
1516 const char *name;
1517 -@@ -4797,7 +4797,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
1518 +@@ -4800,7 +4800,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
1519 struct ata_port *ap;
1520 unsigned int tag;
1521
1522 @@ -36577,7 +36445,7 @@ index c5ba15a..75ec7a8 100644
1523 ap = qc->ap;
1524
1525 qc->flags = 0;
1526 -@@ -4813,7 +4813,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
1527 +@@ -4816,7 +4816,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
1528 struct ata_port *ap;
1529 struct ata_link *link;
1530
1531 @@ -36586,7 +36454,7 @@ index c5ba15a..75ec7a8 100644
1532 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
1533 ap = qc->ap;
1534 link = qc->dev->link;
1535 -@@ -5917,6 +5917,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1536 +@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1537 return;
1538
1539 spin_lock(&lock);
1540 @@ -36594,7 +36462,7 @@ index c5ba15a..75ec7a8 100644
1541
1542 for (cur = ops->inherits; cur; cur = cur->inherits) {
1543 void **inherit = (void **)cur;
1544 -@@ -5930,8 +5931,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1545 +@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1546 if (IS_ERR(*pp))
1547 *pp = NULL;
1548
1549 @@ -36605,7 +36473,7 @@ index c5ba15a..75ec7a8 100644
1550 spin_unlock(&lock);
1551 }
1552
1553 -@@ -6127,7 +6129,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
1554 +@@ -6130,7 +6132,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
1555
1556 /* give ports names and add SCSI hosts */
1557 for (i = 0; i < host->n_ports; i++) {
1558 @@ -40662,7 +40530,7 @@ index 2e0613e..a8b94d9 100644
1559
1560 return ret;
1561 diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
1562 -index cadc3bc..1bfccfe 100644
1563 +index 31b9664..5d478d3 100644
1564 --- a/drivers/gpu/drm/i915/intel_display.c
1565 +++ b/drivers/gpu/drm/i915/intel_display.c
1566 @@ -12811,13 +12811,13 @@ struct intel_quirk {
1567 @@ -47309,10 +47177,10 @@ index 98d73aa..63ef9da 100644
1568 Say Y here if you want to support for Freescale FlexCAN.
1569
1570 diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c
1571 -index 2cfe501..477d4b5 100644
1572 +index 4b008c9..2b1151f 100644
1573 --- a/drivers/net/can/dev.c
1574 +++ b/drivers/net/can/dev.c
1575 -@@ -868,7 +868,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
1576 +@@ -872,7 +872,7 @@ static int can_newlink(struct net *src_net, struct net_device *dev,
1577 return -EOPNOTSUPP;
1578 }
1579
1580 @@ -50108,7 +49976,7 @@ index 2c6643f..3a6d8e0 100644
1581 if (!sysfs_initialized)
1582 return -EACCES;
1583 diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
1584 -index 4a3902d..7f1fc42 100644
1585 +index b5defca..e3664cc 100644
1586 --- a/drivers/pci/pci.h
1587 +++ b/drivers/pci/pci.h
1588 @@ -93,7 +93,7 @@ struct pci_vpd_ops {
1589 @@ -65809,7 +65677,7 @@ index cd3653e..9b9b79a 100644
1590 static struct pid *
1591 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
1592 diff --git a/fs/proc/base.c b/fs/proc/base.c
1593 -index 7dc3ea8..4cfe92f 100644
1594 +index 7dc3ea8..a08077e 100644
1595 --- a/fs/proc/base.c
1596 +++ b/fs/proc/base.c
1597 @@ -113,6 +113,14 @@ struct pid_entry {
1598 @@ -65952,16 +65820,18 @@ index 7dc3ea8..4cfe92f 100644
1599 /*
1600 * Let's make getdents(), stat(), and open()
1601 * consistent with each other. If a process
1602 -@@ -609,6 +665,8 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
1603 +@@ -609,6 +665,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
1604
1605 if (task) {
1606 mm = mm_access(task, mode);
1607 -+ if (gr_acl_handle_procpidmem(task))
1608 ++ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
1609 ++ mmput(mm);
1610 + mm = ERR_PTR(-EPERM);
1611 ++ }
1612 put_task_struct(task);
1613
1614 if (!IS_ERR_OR_NULL(mm)) {
1615 -@@ -630,6 +688,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
1616 +@@ -630,6 +690,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
1617 return PTR_ERR(mm);
1618
1619 file->private_data = mm;
1620 @@ -65973,7 +65843,7 @@ index 7dc3ea8..4cfe92f 100644
1621 return 0;
1622 }
1623
1624 -@@ -651,6 +714,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
1625 +@@ -651,6 +716,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
1626 ssize_t copied;
1627 char *page;
1628
1629 @@ -65991,7 +65861,7 @@ index 7dc3ea8..4cfe92f 100644
1630 if (!mm)
1631 return 0;
1632
1633 -@@ -663,7 +737,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
1634 +@@ -663,7 +739,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
1635 goto free;
1636
1637 while (count > 0) {
1638 @@ -66000,7 +65870,7 @@ index 7dc3ea8..4cfe92f 100644
1639
1640 if (write && copy_from_user(page, buf, this_len)) {
1641 copied = -EFAULT;
1642 -@@ -755,6 +829,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
1643 +@@ -755,6 +831,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
1644 if (!mm)
1645 return 0;
1646
1647 @@ -66014,7 +65884,7 @@ index 7dc3ea8..4cfe92f 100644
1648 page = (char *)__get_free_page(GFP_TEMPORARY);
1649 if (!page)
1650 return -ENOMEM;
1651 -@@ -764,7 +845,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
1652 +@@ -764,7 +847,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
1653 goto free;
1654 while (count > 0) {
1655 size_t this_len, max_len;
1656 @@ -66023,7 +65893,7 @@ index 7dc3ea8..4cfe92f 100644
1657
1658 if (src >= (mm->env_end - mm->env_start))
1659 break;
1660 -@@ -1378,7 +1459,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
1661 +@@ -1378,7 +1461,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
1662 int error = -EACCES;
1663
1664 /* Are we allowed to snoop on the tasks file descriptors? */
1665 @@ -66032,7 +65902,7 @@ index 7dc3ea8..4cfe92f 100644
1666 goto out;
1667
1668 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
1669 -@@ -1422,8 +1503,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
1670 +@@ -1422,8 +1505,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
1671 struct path path;
1672
1673 /* Are we allowed to snoop on the tasks file descriptors? */
1674 @@ -66053,7 +65923,7 @@ index 7dc3ea8..4cfe92f 100644
1675
1676 error = PROC_I(inode)->op.proc_get_link(dentry, &path);
1677 if (error)
1678 -@@ -1473,7 +1564,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
1679 +@@ -1473,7 +1566,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
1680 rcu_read_lock();
1681 cred = __task_cred(task);
1682 inode->i_uid = cred->euid;
1683 @@ -66065,7 +65935,7 @@ index 7dc3ea8..4cfe92f 100644
1684 rcu_read_unlock();
1685 }
1686 security_task_to_inode(task, inode);
1687 -@@ -1509,10 +1604,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
1688 +@@ -1509,10 +1606,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
1689 return -ENOENT;
1690 }
1691 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1692 @@ -66085,7 +65955,7 @@ index 7dc3ea8..4cfe92f 100644
1693 }
1694 }
1695 rcu_read_unlock();
1696 -@@ -1550,11 +1654,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
1697 +@@ -1550,11 +1656,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
1698
1699 if (task) {
1700 if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
1701 @@ -66106,7 +65976,7 @@ index 7dc3ea8..4cfe92f 100644
1702 rcu_read_unlock();
1703 } else {
1704 inode->i_uid = GLOBAL_ROOT_UID;
1705 -@@ -2085,6 +2198,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
1706 +@@ -2085,6 +2200,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
1707 if (!task)
1708 goto out_no_task;
1709
1710 @@ -66116,7 +65986,7 @@ index 7dc3ea8..4cfe92f 100644
1711 /*
1712 * Yes, it does not scale. And it should not. Don't add
1713 * new entries into /proc/<tgid>/ without very good reasons.
1714 -@@ -2115,6 +2231,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
1715 +@@ -2115,6 +2233,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
1716 if (!task)
1717 return -ENOENT;
1718
1719 @@ -66126,7 +65996,7 @@ index 7dc3ea8..4cfe92f 100644
1720 if (!dir_emit_dots(file, ctx))
1721 goto out;
1722
1723 -@@ -2557,7 +2676,7 @@ static const struct pid_entry tgid_base_stuff[] = {
1724 +@@ -2557,7 +2678,7 @@ static const struct pid_entry tgid_base_stuff[] = {
1725 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
1726 #endif
1727 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
1728 @@ -66135,7 +66005,7 @@ index 7dc3ea8..4cfe92f 100644
1729 ONE("syscall", S_IRUSR, proc_pid_syscall),
1730 #endif
1731 ONE("cmdline", S_IRUGO, proc_pid_cmdline),
1732 -@@ -2582,10 +2701,10 @@ static const struct pid_entry tgid_base_stuff[] = {
1733 +@@ -2582,10 +2703,10 @@ static const struct pid_entry tgid_base_stuff[] = {
1734 #ifdef CONFIG_SECURITY
1735 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
1736 #endif
1737 @@ -66148,7 +66018,7 @@ index 7dc3ea8..4cfe92f 100644
1738 ONE("stack", S_IRUSR, proc_pid_stack),
1739 #endif
1740 #ifdef CONFIG_SCHEDSTATS
1741 -@@ -2619,6 +2738,9 @@ static const struct pid_entry tgid_base_stuff[] = {
1742 +@@ -2619,6 +2740,9 @@ static const struct pid_entry tgid_base_stuff[] = {
1743 #ifdef CONFIG_HARDWALL
1744 ONE("hardwall", S_IRUGO, proc_pid_hardwall),
1745 #endif
1746 @@ -66158,7 +66028,7 @@ index 7dc3ea8..4cfe92f 100644
1747 #ifdef CONFIG_USER_NS
1748 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
1749 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
1750 -@@ -2748,7 +2870,14 @@ static int proc_pid_instantiate(struct inode *dir,
1751 +@@ -2748,7 +2872,14 @@ static int proc_pid_instantiate(struct inode *dir,
1752 if (!inode)
1753 goto out;
1754
1755 @@ -66173,7 +66043,7 @@ index 7dc3ea8..4cfe92f 100644
1756 inode->i_op = &proc_tgid_base_inode_operations;
1757 inode->i_fop = &proc_tgid_base_operations;
1758 inode->i_flags|=S_IMMUTABLE;
1759 -@@ -2786,7 +2915,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
1760 +@@ -2786,7 +2917,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
1761 if (!task)
1762 goto out;
1763
1764 @@ -66185,7 +66055,7 @@ index 7dc3ea8..4cfe92f 100644
1765 put_task_struct(task);
1766 out:
1767 return ERR_PTR(result);
1768 -@@ -2900,7 +3033,7 @@ static const struct pid_entry tid_base_stuff[] = {
1769 +@@ -2900,7 +3035,7 @@ static const struct pid_entry tid_base_stuff[] = {
1770 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
1771 #endif
1772 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
1773 @@ -66194,7 +66064,7 @@ index 7dc3ea8..4cfe92f 100644
1774 ONE("syscall", S_IRUSR, proc_pid_syscall),
1775 #endif
1776 ONE("cmdline", S_IRUGO, proc_pid_cmdline),
1777 -@@ -2927,10 +3060,10 @@ static const struct pid_entry tid_base_stuff[] = {
1778 +@@ -2927,10 +3062,10 @@ static const struct pid_entry tid_base_stuff[] = {
1779 #ifdef CONFIG_SECURITY
1780 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
1781 #endif
1782 @@ -80775,10 +80645,10 @@ index 2fb2ca2..d6a3340 100644
1783 #define current_cred_xxx(xxx) \
1784 ({ \
1785 diff --git a/include/linux/crypto.h b/include/linux/crypto.h
1786 -index d45e949..51cf5ea 100644
1787 +index dc34dfc..bdf9b5d 100644
1788 --- a/include/linux/crypto.h
1789 +++ b/include/linux/crypto.h
1790 -@@ -373,7 +373,7 @@ struct cipher_tfm {
1791 +@@ -386,7 +386,7 @@ struct cipher_tfm {
1792 const u8 *key, unsigned int keylen);
1793 void (*cit_encrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
1794 void (*cit_decrypt_one)(struct crypto_tfm *tfm, u8 *dst, const u8 *src);
1795 @@ -80787,7 +80657,7 @@ index d45e949..51cf5ea 100644
1796
1797 struct hash_tfm {
1798 int (*init)(struct hash_desc *desc);
1799 -@@ -394,13 +394,13 @@ struct compress_tfm {
1800 +@@ -407,13 +407,13 @@ struct compress_tfm {
1801 int (*cot_decompress)(struct crypto_tfm *tfm,
1802 const u8 *src, unsigned int slen,
1803 u8 *dst, unsigned int *dlen);
1804 @@ -82923,7 +82793,7 @@ index ff9f1d3..6712be5 100644
1805 extern struct key_type key_type_keyring;
1806
1807 diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
1808 -index e465bb1..19f605f 100644
1809 +index e465bb1..19f605fd 100644
1810 --- a/include/linux/kgdb.h
1811 +++ b/include/linux/kgdb.h
1812 @@ -52,7 +52,7 @@ extern int kgdb_connected;
1813 @@ -83055,10 +82925,10 @@ index a6059bd..8126d5c 100644
1814
1815 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
1816 diff --git a/include/linux/libata.h b/include/linux/libata.h
1817 -index bd5fefe..2a8a8d2 100644
1818 +index fe0bf8d..c511ca6 100644
1819 --- a/include/linux/libata.h
1820 +++ b/include/linux/libata.h
1821 -@@ -976,7 +976,7 @@ struct ata_port_operations {
1822 +@@ -977,7 +977,7 @@ struct ata_port_operations {
1823 * fields must be pointers.
1824 */
1825 const struct ata_port_operations *inherits;
1826 @@ -93583,7 +93453,7 @@ index 31ea01f..7fc61ef 100644
1827 }
1828
1829 diff --git a/kernel/time/time.c b/kernel/time/time.c
1830 -index a9ae20f..d3fbde7 100644
1831 +index 22d5d3b..70caeb2 100644
1832 --- a/kernel/time/time.c
1833 +++ b/kernel/time/time.c
1834 @@ -173,6 +173,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
1835 @@ -94433,10 +94303,10 @@ index 70bf118..4be3c37 100644
1836 .thread_should_run = watchdog_should_run,
1837 .thread_fn = watchdog,
1838 diff --git a/kernel/workqueue.c b/kernel/workqueue.c
1839 -index 09b685d..d3565e3 100644
1840 +index 66940a5..a44fed0 100644
1841 --- a/kernel/workqueue.c
1842 +++ b/kernel/workqueue.c
1843 -@@ -4508,7 +4508,7 @@ static void rebind_workers(struct worker_pool *pool)
1844 +@@ -4499,7 +4499,7 @@ static void rebind_workers(struct worker_pool *pool)
1845 WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
1846 worker_flags |= WORKER_REBOUND;
1847 worker_flags &= ~WORKER_UNBOUND;
1848 @@ -95347,10 +95217,10 @@ index 0ae0df5..82ac56b 100644
1849 bdi_destroy(bdi);
1850 return err;
1851 diff --git a/mm/filemap.c b/mm/filemap.c
1852 -index 14b4642..d71ba82 100644
1853 +index 37beab9..2c55a85 100644
1854 --- a/mm/filemap.c
1855 +++ b/mm/filemap.c
1856 -@@ -2101,7 +2101,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1857 +@@ -2097,7 +2097,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
1858 struct address_space *mapping = file->f_mapping;
1859
1860 if (!mapping->a_ops->readpage)
1861 @@ -95359,7 +95229,7 @@ index 14b4642..d71ba82 100644
1862 file_accessed(file);
1863 vma->vm_ops = &generic_file_vm_ops;
1864 return 0;
1865 -@@ -2279,6 +2279,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
1866 +@@ -2275,6 +2275,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
1867 *pos = i_size_read(inode);
1868
1869 if (limit != RLIM_INFINITY) {
1870 @@ -104871,10 +104741,10 @@ index a4b5e2a..13b1de3 100644
1871 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
1872 GFP_KERNEL);
1873 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
1874 -index 5016a69..594f8e9 100644
1875 +index c588012..b0d4ef8 100644
1876 --- a/net/netfilter/nf_conntrack_core.c
1877 +++ b/net/netfilter/nf_conntrack_core.c
1878 -@@ -1739,6 +1739,10 @@ void nf_conntrack_init_end(void)
1879 +@@ -1737,6 +1737,10 @@ void nf_conntrack_init_end(void)
1880 #define DYING_NULLS_VAL ((1<<30)+1)
1881 #define TEMPLATE_NULLS_VAL ((1<<30)+2)
1882
1883 @@ -104885,7 +104755,7 @@ index 5016a69..594f8e9 100644
1884 int nf_conntrack_init_net(struct net *net)
1885 {
1886 int ret = -ENOMEM;
1887 -@@ -1764,7 +1768,11 @@ int nf_conntrack_init_net(struct net *net)
1888 +@@ -1762,7 +1766,11 @@ int nf_conntrack_init_net(struct net *net)
1889 if (!net->ct.stat)
1890 goto err_pcpu_lists;
1891
1892
1893 diff --git a/3.14.30/4425_grsec_remove_EI_PAX.patch b/3.18.5/4425_grsec_remove_EI_PAX.patch
1894 similarity index 100%
1895 rename from 3.14.30/4425_grsec_remove_EI_PAX.patch
1896 rename to 3.18.5/4425_grsec_remove_EI_PAX.patch
1897
1898 diff --git a/3.18.4/4427_force_XATTR_PAX_tmpfs.patch b/3.18.5/4427_force_XATTR_PAX_tmpfs.patch
1899 similarity index 100%
1900 rename from 3.18.4/4427_force_XATTR_PAX_tmpfs.patch
1901 rename to 3.18.5/4427_force_XATTR_PAX_tmpfs.patch
1902
1903 diff --git a/3.14.30/4430_grsec-remove-localversion-grsec.patch b/3.18.5/4430_grsec-remove-localversion-grsec.patch
1904 similarity index 100%
1905 rename from 3.14.30/4430_grsec-remove-localversion-grsec.patch
1906 rename to 3.18.5/4430_grsec-remove-localversion-grsec.patch
1907
1908 diff --git a/3.18.4/4435_grsec-mute-warnings.patch b/3.18.5/4435_grsec-mute-warnings.patch
1909 similarity index 100%
1910 rename from 3.18.4/4435_grsec-mute-warnings.patch
1911 rename to 3.18.5/4435_grsec-mute-warnings.patch
1912
1913 diff --git a/3.14.30/4440_grsec-remove-protected-paths.patch b/3.18.5/4440_grsec-remove-protected-paths.patch
1914 similarity index 100%
1915 rename from 3.14.30/4440_grsec-remove-protected-paths.patch
1916 rename to 3.18.5/4440_grsec-remove-protected-paths.patch
1917
1918 diff --git a/3.18.4/4450_grsec-kconfig-default-gids.patch b/3.18.5/4450_grsec-kconfig-default-gids.patch
1919 similarity index 100%
1920 rename from 3.18.4/4450_grsec-kconfig-default-gids.patch
1921 rename to 3.18.5/4450_grsec-kconfig-default-gids.patch
1922
1923 diff --git a/3.18.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.18.5/4465_selinux-avc_audit-log-curr_ip.patch
1924 similarity index 100%
1925 rename from 3.18.4/4465_selinux-avc_audit-log-curr_ip.patch
1926 rename to 3.18.5/4465_selinux-avc_audit-log-curr_ip.patch
1927
1928 diff --git a/3.18.4/4470_disable-compat_vdso.patch b/3.18.5/4470_disable-compat_vdso.patch
1929 similarity index 100%
1930 rename from 3.18.4/4470_disable-compat_vdso.patch
1931 rename to 3.18.5/4470_disable-compat_vdso.patch
1932
1933 diff --git a/3.14.30/4475_emutramp_default_on.patch b/3.18.5/4475_emutramp_default_on.patch
1934 similarity index 100%
1935 rename from 3.14.30/4475_emutramp_default_on.patch
1936 rename to 3.18.5/4475_emutramp_default_on.patch