Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.7/, 3.13.6/
Date: Sat, 29 Mar 2014 17:55:08
Message-Id: 1396115705.c19c10924711f4e252bf33481835766230f57d8e.blueness@gentoo
1 commit: c19c10924711f4e252bf33481835766230f57d8e
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Mar 29 17:55:05 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Mar 29 17:55:05 2014 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=c19c1092
7
8 Grsec/PaX: 3.0-{3.2.55,3.13.7}-201403281858
9
10 ---
11 {3.13.6 => 3.13.7}/0000_README | 2 +-
12 .../4420_grsecurity-3.0-3.13.7-201403281902.patch | 820 +++++++++++++--------
13 {3.13.6 => 3.13.7}/4425_grsec_remove_EI_PAX.patch | 0
14 .../4427_force_XATTR_PAX_tmpfs.patch | 0
15 .../4430_grsec-remove-localversion-grsec.patch | 0
16 {3.13.6 => 3.13.7}/4435_grsec-mute-warnings.patch | 0
17 .../4440_grsec-remove-protected-paths.patch | 0
18 .../4450_grsec-kconfig-default-gids.patch | 0
19 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
20 {3.13.6 => 3.13.7}/4470_disable-compat_vdso.patch | 0
21 {3.13.6 => 3.13.7}/4475_emutramp_default_on.patch | 0
22 3.2.55/0000_README | 2 +-
23 ... 4420_grsecurity-3.0-3.2.55-201403281858.patch} | 221 ++++--
24 13 files changed, 664 insertions(+), 381 deletions(-)
25
26 diff --git a/3.13.6/0000_README b/3.13.7/0000_README
27 similarity index 96%
28 rename from 3.13.6/0000_README
29 rename to 3.13.7/0000_README
30 index 1864b5a..f9125d0 100644
31 --- a/3.13.6/0000_README
32 +++ b/3.13.7/0000_README
33 @@ -2,7 +2,7 @@ README
34 -----------------------------------------------------------------------------
35 Individual Patch Descriptions:
36 -----------------------------------------------------------------------------
37 -Patch: 4420_grsecurity-3.0-3.13.6-201403202349.patch
38 +Patch: 4420_grsecurity-3.0-3.13.7-201403281902.patch
39 From: http://www.grsecurity.net
40 Desc: hardened-sources base patch from upstream grsecurity
41
42
43 diff --git a/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch b/3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch
44 similarity index 99%
45 rename from 3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch
46 rename to 3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch
47 index 521e844..8e4e492 100644
48 --- a/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch
49 +++ b/3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch
50 @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644
51
52 pcd. [PARIDE]
53 diff --git a/Makefile b/Makefile
54 -index dfe5fec..079642c 100644
55 +index 9f214b4..8c9c622 100644
56 --- a/Makefile
57 +++ b/Makefile
58 @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
59 @@ -874,10 +874,10 @@ index 98838a0..b304fb4 100644
60 /* Allow reads even for write-only mappings */
61 if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
62 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
63 -index c1f1a7e..554b0cd 100644
64 +index 47085a0..f975a53 100644
65 --- a/arch/arm/Kconfig
66 +++ b/arch/arm/Kconfig
67 -@@ -1828,7 +1828,7 @@ config ALIGNMENT_TRAP
68 +@@ -1830,7 +1830,7 @@ config ALIGNMENT_TRAP
69
70 config UACCESS_WITH_MEMCPY
71 bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
72 @@ -886,7 +886,7 @@ index c1f1a7e..554b0cd 100644
73 default y if CPU_FEROCEON
74 help
75 Implement faster copy_to_user and clear_user methods for CPU
76 -@@ -2100,6 +2100,7 @@ config XIP_PHYS_ADDR
77 +@@ -2102,6 +2102,7 @@ config XIP_PHYS_ADDR
78 config KEXEC
79 bool "Kexec system call (EXPERIMENTAL)"
80 depends on (!SMP || PM_SLEEP_SMP)
81 @@ -8524,7 +8524,7 @@ index 6cff040..74ac5d1 100644
82 sechdrs, module);
83 #endif
84 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
85 -index 4a96556..dd95f6c 100644
86 +index ea2f6a3..dbb2be3 100644
87 --- a/arch/powerpc/kernel/process.c
88 +++ b/arch/powerpc/kernel/process.c
89 @@ -888,8 +888,8 @@ void show_regs(struct pt_regs * regs)
90 @@ -8538,7 +8538,7 @@ index 4a96556..dd95f6c 100644
91 #endif
92 show_stack(current, (unsigned long *) regs->gpr[1]);
93 if (!user_mode(regs))
94 -@@ -1376,10 +1376,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
95 +@@ -1385,10 +1385,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
96 newsp = stack[0];
97 ip = stack[STACK_FRAME_LR_SAVE];
98 if (!firstframe || ip != lr) {
99 @@ -8551,7 +8551,7 @@ index 4a96556..dd95f6c 100644
100 (void *)current->ret_stack[curr_frame].ret);
101 curr_frame--;
102 }
103 -@@ -1399,7 +1399,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
104 +@@ -1408,7 +1408,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
105 struct pt_regs *regs = (struct pt_regs *)
106 (sp + STACK_FRAME_OVERHEAD);
107 lr = regs->link;
108 @@ -8560,7 +8560,7 @@ index 4a96556..dd95f6c 100644
109 regs->trap, (void *)regs->nip, (void *)lr);
110 firstframe = 1;
111 }
112 -@@ -1435,58 +1435,3 @@ void notrace __ppc64_runlatch_off(void)
113 +@@ -1444,58 +1444,3 @@ void notrace __ppc64_runlatch_off(void)
114 mtspr(SPRN_CTRLT, ctrl);
115 }
116 #endif /* CONFIG_PPC64 */
117 @@ -10433,7 +10433,7 @@ index beb0b5a..5a153f7 100644
118 }
119 }
120 diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
121 -index 87729ff..192f9d8 100644
122 +index 87729ff..d87fb1f 100644
123 --- a/arch/sparc/kernel/syscalls.S
124 +++ b/arch/sparc/kernel/syscalls.S
125 @@ -52,7 +52,7 @@ sys32_rt_sigreturn:
126 @@ -10445,7 +10445,7 @@ index 87729ff..192f9d8 100644
127 be,pt %icc, rtrap
128 nop
129 call syscall_trace_leave
130 -@@ -184,7 +184,7 @@ linux_sparc_syscall32:
131 +@@ -184,12 +184,13 @@ linux_sparc_syscall32:
132
133 srl %i3, 0, %o3 ! IEU0
134 srl %i2, 0, %o2 ! IEU0 Group
135 @@ -10454,7 +10454,14 @@ index 87729ff..192f9d8 100644
136 bne,pn %icc, linux_syscall_trace32 ! CTI
137 mov %i0, %l5 ! IEU1
138 5: call %l7 ! CTI Group brk forced
139 -@@ -207,7 +207,7 @@ linux_sparc_syscall:
140 + srl %i5, 0, %o5 ! IEU1
141 +- ba,a,pt %xcc, 3f
142 ++ ba,pt %xcc, 3f
143 ++ sra %o0, 0, %o0
144 +
145 + /* Linux native system calls enter here... */
146 + .align 32
147 +@@ -207,7 +208,7 @@ linux_sparc_syscall:
148
149 mov %i3, %o3 ! IEU1
150 mov %i4, %o4 ! IEU0 Group
151 @@ -10463,7 +10470,13 @@ index 87729ff..192f9d8 100644
152 bne,pn %icc, linux_syscall_trace ! CTI Group
153 mov %i0, %l5 ! IEU0
154 2: call %l7 ! CTI Group brk forced
155 -@@ -223,7 +223,7 @@ ret_sys_call:
156 +@@ -217,13 +218,12 @@ linux_sparc_syscall:
157 + 3: stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
158 + ret_sys_call:
159 + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %g3
160 +- sra %o0, 0, %o0
161 + mov %ulo(TSTATE_XCARRY | TSTATE_ICARRY), %g2
162 + sllx %g2, 32, %g2
163
164 cmp %o0, -ERESTART_RESTARTBLOCK
165 bgeu,pn %xcc, 1f
166 @@ -17545,7 +17558,7 @@ index 81bb91b..9392125 100644
167
168 /*
169 diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
170 -index 5ad38ad..71db3f2 100644
171 +index 5ad38ad..f228861 100644
172 --- a/arch/x86/include/asm/pgtable.h
173 +++ b/arch/x86/include/asm/pgtable.h
174 @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
175 @@ -17668,7 +17681,30 @@ index 5ad38ad..71db3f2 100644
176 #include <linux/mm_types.h>
177 #include <linux/mmdebug.h>
178 #include <linux/log2.h>
179 -@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
180 +@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b)
181 + return a.pte == b.pte;
182 + }
183 +
184 +-static inline int pteval_present(pteval_t pteval)
185 +-{
186 +- /*
187 +- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this
188 +- * way clearly states that the intent is that protnone and numa
189 +- * hinting ptes are considered present for the purposes of
190 +- * pagetable operations like zapping, protection changes, gup etc.
191 +- */
192 +- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA);
193 +-}
194 +-
195 + static inline int pte_present(pte_t a)
196 + {
197 +- return pteval_present(pte_flags(a));
198 ++ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE |
199 ++ _PAGE_NUMA);
200 + }
201 +
202 + #define pte_accessible pte_accessible
203 +@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
204 * Currently stuck as a macro due to indirect forward reference to
205 * linux/mmzone.h's __section_mem_map_addr() definition:
206 */
207 @@ -17677,7 +17713,7 @@ index 5ad38ad..71db3f2 100644
208
209 /* Find an entry in the second-level page table.. */
210 static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
211 -@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
212 +@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
213 * Currently stuck as a macro due to indirect forward reference to
214 * linux/mmzone.h's __section_mem_map_addr() definition:
215 */
216 @@ -17686,7 +17722,7 @@ index 5ad38ad..71db3f2 100644
217
218 /* to find an entry in a page-table-directory. */
219 static inline unsigned long pud_index(unsigned long address)
220 -@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
221 +@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
222
223 static inline int pgd_bad(pgd_t pgd)
224 {
225 @@ -17695,7 +17731,7 @@ index 5ad38ad..71db3f2 100644
226 }
227
228 static inline int pgd_none(pgd_t pgd)
229 -@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd)
230 +@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd)
231 * pgd_offset() returns a (pgd_t *)
232 * pgd_index() is used get the offset into the pgd page's array of pgd_t's;
233 */
234 @@ -17709,7 +17745,7 @@ index 5ad38ad..71db3f2 100644
235 /*
236 * a shortcut which implies the use of the kernel's pgd, instead
237 * of a process's
238 -@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd)
239 +@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd)
240 #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
241 #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
242
243 @@ -17733,7 +17769,7 @@ index 5ad38ad..71db3f2 100644
244 #ifndef __ASSEMBLY__
245
246 extern int direct_gbpages;
247 -@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
248 +@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
249 * dst and src can be on the same page, but the range must not overlap,
250 * and must not cross a page boundary.
251 */
252 @@ -24004,7 +24040,7 @@ index 85126cc..1bbce17 100644
253 init_level4_pgt[511] = early_level4_pgt[511];
254
255 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
256 -index 81ba276..30c5411 100644
257 +index f36bd42..56ee1534 100644
258 --- a/arch/x86/kernel/head_32.S
259 +++ b/arch/x86/kernel/head_32.S
260 @@ -26,6 +26,12 @@
261 @@ -24227,16 +24263,16 @@ index 81ba276..30c5411 100644
262 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax)
263 shrl $16, %ecx
264 movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax)
265 -@@ -544,7 +629,7 @@ ENDPROC(early_idt_handlers)
266 - /* This is global to keep gas from relaxing the jumps */
267 - ENTRY(early_idt_handler)
268 - cld
269 +@@ -548,7 +633,7 @@ ENTRY(early_idt_handler)
270 + cmpl $2,(%esp) # X86_TRAP_NMI
271 + je is_nmi # Ignore NMI
272 +
273 - cmpl $2,%ss:early_recursion_flag
274 + cmpl $1,%ss:early_recursion_flag
275 je hlt_loop
276 incl %ss:early_recursion_flag
277
278 -@@ -582,8 +667,8 @@ ENTRY(early_idt_handler)
279 +@@ -586,8 +671,8 @@ ENTRY(early_idt_handler)
280 pushl (20+6*4)(%esp) /* trapno */
281 pushl $fault_msg
282 call printk
283 @@ -24246,7 +24282,7 @@ index 81ba276..30c5411 100644
284 hlt_loop:
285 hlt
286 jmp hlt_loop
287 -@@ -602,8 +687,11 @@ ENDPROC(early_idt_handler)
288 +@@ -607,8 +692,11 @@ ENDPROC(early_idt_handler)
289 /* This is the default interrupt "handler" :-) */
290 ALIGN
291 ignore_int:
292 @@ -24259,7 +24295,7 @@ index 81ba276..30c5411 100644
293 pushl %eax
294 pushl %ecx
295 pushl %edx
296 -@@ -612,9 +700,6 @@ ignore_int:
297 +@@ -617,9 +705,6 @@ ignore_int:
298 movl $(__KERNEL_DS),%eax
299 movl %eax,%ds
300 movl %eax,%es
301 @@ -24269,7 +24305,7 @@ index 81ba276..30c5411 100644
302 pushl 16(%esp)
303 pushl 24(%esp)
304 pushl 32(%esp)
305 -@@ -648,29 +733,34 @@ ENTRY(setup_once_ref)
306 +@@ -653,29 +738,34 @@ ENTRY(setup_once_ref)
307 /*
308 * BSS section
309 */
310 @@ -24309,7 +24345,7 @@ index 81ba276..30c5411 100644
311 ENTRY(initial_page_table)
312 .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
313 # if KPMDS == 3
314 -@@ -689,12 +779,20 @@ ENTRY(initial_page_table)
315 +@@ -694,12 +784,20 @@ ENTRY(initial_page_table)
316 # error "Kernel PMDs should be 1, 2 or 3"
317 # endif
318 .align PAGE_SIZE /* needs to be page-sized too */
319 @@ -24331,7 +24367,7 @@ index 81ba276..30c5411 100644
320
321 __INITRODATA
322 int_msg:
323 -@@ -722,7 +820,7 @@ fault_msg:
324 +@@ -727,7 +825,7 @@ fault_msg:
325 * segment size, and 32-bit linear address value:
326 */
327
328 @@ -24340,7 +24376,7 @@ index 81ba276..30c5411 100644
329 .globl boot_gdt_descr
330 .globl idt_descr
331
332 -@@ -731,7 +829,7 @@ fault_msg:
333 +@@ -736,7 +834,7 @@ fault_msg:
334 .word 0 # 32 bit align gdt_desc.address
335 boot_gdt_descr:
336 .word __BOOT_DS+7
337 @@ -24349,7 +24385,7 @@ index 81ba276..30c5411 100644
338
339 .word 0 # 32-bit align idt_desc.address
340 idt_descr:
341 -@@ -742,7 +840,7 @@ idt_descr:
342 +@@ -747,7 +845,7 @@ idt_descr:
343 .word 0 # 32 bit align gdt_desc.address
344 ENTRY(early_gdt_descr)
345 .word GDT_ENTRIES*8-1
346 @@ -24358,7 +24394,7 @@ index 81ba276..30c5411 100644
347
348 /*
349 * The boot_gdt must mirror the equivalent in setup.S and is
350 -@@ -751,5 +849,65 @@ ENTRY(early_gdt_descr)
351 +@@ -756,5 +854,65 @@ ENTRY(early_gdt_descr)
352 .align L1_CACHE_BYTES
353 ENTRY(boot_gdt)
354 .fill GDT_ENTRY_BOOT_CS,8,0
355 @@ -24427,7 +24463,7 @@ index 81ba276..30c5411 100644
356 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
357 + .endr
358 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
359 -index e1aabdb..fee4fee 100644
360 +index a468c0a..c7dec74 100644
361 --- a/arch/x86/kernel/head_64.S
362 +++ b/arch/x86/kernel/head_64.S
363 @@ -20,6 +20,8 @@
364 @@ -24519,7 +24555,16 @@ index e1aabdb..fee4fee 100644
365 movq initial_code(%rip),%rax
366 pushq $0 # fake return address to stop unwinder
367 pushq $__KERNEL_CS # set correct cs
368 -@@ -388,7 +419,7 @@ ENTRY(early_idt_handler)
369 +@@ -313,7 +344,7 @@ ENDPROC(start_cpu0)
370 + .quad INIT_PER_CPU_VAR(irq_stack_union)
371 +
372 + GLOBAL(stack_start)
373 +- .quad init_thread_union+THREAD_SIZE-8
374 ++ .quad init_thread_union+THREAD_SIZE-16
375 + .word 0
376 + __FINITDATA
377 +
378 +@@ -391,7 +422,7 @@ ENTRY(early_idt_handler)
379 call dump_stack
380 #ifdef CONFIG_KALLSYMS
381 leaq early_idt_ripmsg(%rip),%rdi
382 @@ -24528,7 +24573,7 @@ index e1aabdb..fee4fee 100644
383 call __print_symbol
384 #endif
385 #endif /* EARLY_PRINTK */
386 -@@ -416,6 +447,7 @@ ENDPROC(early_idt_handler)
387 +@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler)
388 early_recursion_flag:
389 .long 0
390
391 @@ -24536,7 +24581,7 @@ index e1aabdb..fee4fee 100644
392 #ifdef CONFIG_EARLY_PRINTK
393 early_idt_msg:
394 .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
395 -@@ -443,29 +475,52 @@ NEXT_PAGE(early_level4_pgt)
396 +@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt)
397 NEXT_PAGE(early_dynamic_pgts)
398 .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
399
400 @@ -24598,7 +24643,7 @@ index e1aabdb..fee4fee 100644
401
402 NEXT_PAGE(level3_kernel_pgt)
403 .fill L3_START_KERNEL,8,0
404 -@@ -473,6 +528,9 @@ NEXT_PAGE(level3_kernel_pgt)
405 +@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt)
406 .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
407 .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
408
409 @@ -24608,7 +24653,7 @@ index e1aabdb..fee4fee 100644
410 NEXT_PAGE(level2_kernel_pgt)
411 /*
412 * 512 MB kernel mapping. We spend a full page on this pagetable
413 -@@ -490,28 +548,64 @@ NEXT_PAGE(level2_kernel_pgt)
414 +@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt)
415 NEXT_PAGE(level2_fixmap_pgt)
416 .fill 506,8,0
417 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
418 @@ -24709,7 +24754,7 @@ index 05fd74f..c3548b1 100644
419 +EXPORT_SYMBOL(cpu_pgd);
420 +#endif
421 diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
422 -index e8368c6..9c1a712 100644
423 +index d5dd808..b6432cf 100644
424 --- a/arch/x86/kernel/i387.c
425 +++ b/arch/x86/kernel/i387.c
426 @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
427 @@ -26496,18 +26541,10 @@ index c8e41e9..64049ef 100644
428 /*
429 * PCI ids solely used for fixups_table go here
430 diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
431 -index 3fd2c69..16ef367 100644
432 +index 3fd2c69..a444264 100644
433 --- a/arch/x86/kernel/relocate_kernel_64.S
434 +++ b/arch/x86/kernel/relocate_kernel_64.S
435 -@@ -11,6 +11,7 @@
436 - #include <asm/kexec.h>
437 - #include <asm/processor-flags.h>
438 - #include <asm/pgtable_types.h>
439 -+#include <asm/alternative-asm.h>
440 -
441 - /*
442 - * Must be relocatable PIC code callable as a C function
443 -@@ -96,8 +97,7 @@ relocate_kernel:
444 +@@ -96,8 +96,7 @@ relocate_kernel:
445
446 /* jump to identity mapped page */
447 addq $(identity_mapped - relocate_kernel), %r8
448 @@ -26517,14 +26554,6 @@ index 3fd2c69..16ef367 100644
449
450 identity_mapped:
451 /* set return address to 0 if not preserving context */
452 -@@ -167,6 +167,7 @@ identity_mapped:
453 - xorl %r14d, %r14d
454 - xorl %r15d, %r15d
455 -
456 -+ pax_force_retaddr 0, 1
457 - ret
458 -
459 - 1:
460 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
461 index cb233bc..23b4879 100644
462 --- a/arch/x86/kernel/setup.c
463 @@ -26810,7 +26839,7 @@ index 7c3a5a6..f0a8961 100644
464 .smp_prepare_cpus = native_smp_prepare_cpus,
465 .smp_cpus_done = native_smp_cpus_done,
466 diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
467 -index 85dc05a..1241266 100644
468 +index 85dc05a..f8c96f6 100644
469 --- a/arch/x86/kernel/smpboot.c
470 +++ b/arch/x86/kernel/smpboot.c
471 @@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused)
472 @@ -26838,9 +26867,12 @@ index 85dc05a..1241266 100644
473 /*
474 * Check TSC synchronization with the BP:
475 */
476 -@@ -751,6 +755,7 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
477 +@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
478 + alternatives_enable_smp();
479 +
480 idle->thread.sp = (unsigned long) (((struct pt_regs *)
481 - (THREAD_SIZE + task_stack_page(idle))) - 1);
482 +- (THREAD_SIZE + task_stack_page(idle))) - 1);
483 ++ (THREAD_SIZE - 16 + task_stack_page(idle))) - 1);
484 per_cpu(current_task, cpu) = idle;
485 + per_cpu(current_tinfo, cpu) = &idle->tinfo;
486
487 @@ -28085,10 +28117,10 @@ index ad75d77..a679d32 100644
488 goto error;
489 walker->ptep_user[walker->level - 1] = ptep_user;
490 diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
491 -index c7168a5..09070fc 100644
492 +index 532add1..59eb241 100644
493 --- a/arch/x86/kvm/svm.c
494 +++ b/arch/x86/kvm/svm.c
495 -@@ -3497,7 +3497,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
496 +@@ -3495,7 +3495,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
497 int cpu = raw_smp_processor_id();
498
499 struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
500 @@ -35418,18 +35450,30 @@ index fa6ade7..73da73a5 100644
501
502 #ifdef CONFIG_ACPI_NUMA
503 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
504 -index 3c76c3d..7871755 100644
505 +index 3c76c3d..7327d91 100644
506 --- a/arch/x86/xen/mmu.c
507 +++ b/arch/x86/xen/mmu.c
508 -@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
509 +@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr,
510 + /* Assume pteval_t is equivalent to all the other *val_t types. */
511 + static pteval_t pte_mfn_to_pfn(pteval_t val)
512 + {
513 +- if (pteval_present(val)) {
514 ++ if (val & _PAGE_PRESENT) {
515 + unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
516 + unsigned long pfn = mfn_to_pfn(mfn);
517 +
518 +@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
519 return val;
520 }
521
522 -static pteval_t pte_pfn_to_mfn(pteval_t val)
523 +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val)
524 {
525 - if (pteval_present(val)) {
526 +- if (pteval_present(val)) {
527 ++ if (val & _PAGE_PRESENT) {
528 unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
529 + pteval_t flags = val & PTE_FLAGS_MASK;
530 + unsigned long mfn;
531 @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
532 /* L3_k[510] -> level2_kernel_pgt
533 * L3_i[511] -> level2_fixmap_pgt */
534 @@ -36085,7 +36129,7 @@ index c482f8c..c832240 100644
535 unsigned long timeout_msec)
536 {
537 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
538 -index 1a3dbd1..dfc6e5c 100644
539 +index 8cb2522..a815e54 100644
540 --- a/drivers/ata/libata-core.c
541 +++ b/drivers/ata/libata-core.c
542 @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev);
543 @@ -36097,7 +36141,7 @@ index 1a3dbd1..dfc6e5c 100644
544
545 struct ata_force_param {
546 const char *name;
547 -@@ -4850,7 +4850,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
548 +@@ -4851,7 +4851,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
549 struct ata_port *ap;
550 unsigned int tag;
551
552 @@ -36106,7 +36150,7 @@ index 1a3dbd1..dfc6e5c 100644
553 ap = qc->ap;
554
555 qc->flags = 0;
556 -@@ -4866,7 +4866,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
557 +@@ -4867,7 +4867,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
558 struct ata_port *ap;
559 struct ata_link *link;
560
561 @@ -36115,7 +36159,7 @@ index 1a3dbd1..dfc6e5c 100644
562 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
563 ap = qc->ap;
564 link = qc->dev->link;
565 -@@ -5985,6 +5985,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
566 +@@ -5986,6 +5986,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
567 return;
568
569 spin_lock(&lock);
570 @@ -36123,7 +36167,7 @@ index 1a3dbd1..dfc6e5c 100644
571
572 for (cur = ops->inherits; cur; cur = cur->inherits) {
573 void **inherit = (void **)cur;
574 -@@ -5998,8 +5999,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
575 +@@ -5999,8 +6000,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
576 if (IS_ERR(*pp))
577 *pp = NULL;
578
579 @@ -36134,7 +36178,7 @@ index 1a3dbd1..dfc6e5c 100644
580 spin_unlock(&lock);
581 }
582
583 -@@ -6192,7 +6194,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
584 +@@ -6193,7 +6195,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht)
585
586 /* give ports names and add SCSI hosts */
587 for (i = 0; i < host->n_ports; i++) {
588 @@ -38821,10 +38865,10 @@ index caf41eb..223d27a 100644
589 default:
590 break;
591 diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
592 -index 8d19f7c..6bc2daa 100644
593 +index 99a443e..8cb6f02 100644
594 --- a/drivers/cpufreq/cpufreq.c
595 +++ b/drivers/cpufreq/cpufreq.c
596 -@@ -1885,7 +1885,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
597 +@@ -1878,7 +1878,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor)
598 #endif
599
600 mutex_lock(&cpufreq_governor_mutex);
601 @@ -38833,7 +38877,7 @@ index 8d19f7c..6bc2daa 100644
602 mutex_unlock(&cpufreq_governor_mutex);
603 return;
604 }
605 -@@ -2115,7 +2115,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
606 +@@ -2108,7 +2108,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb,
607 return NOTIFY_OK;
608 }
609
610 @@ -38842,7 +38886,7 @@ index 8d19f7c..6bc2daa 100644
611 .notifier_call = cpufreq_cpu_callback,
612 };
613
614 -@@ -2148,8 +2148,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
615 +@@ -2141,8 +2141,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
616
617 pr_debug("trying to register driver %s\n", driver_data->name);
618
619 @@ -38957,10 +39001,10 @@ index 4cf0d28..5830372 100644
620 .priority = 1,
621 };
622 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
623 -index aa366ec..f34f555 100644
624 +index b687df8..ae733fc 100644
625 --- a/drivers/cpufreq/intel_pstate.c
626 +++ b/drivers/cpufreq/intel_pstate.c
627 -@@ -112,10 +112,10 @@ struct pstate_funcs {
628 +@@ -123,10 +123,10 @@ struct pstate_funcs {
629 struct cpu_defaults {
630 struct pstate_adjust_policy pid_policy;
631 struct pstate_funcs funcs;
632 @@ -38973,16 +39017,16 @@ index aa366ec..f34f555 100644
633
634 struct perf_limits {
635 int no_turbo;
636 -@@ -462,7 +462,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
637 +@@ -517,7 +517,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate)
638
639 cpu->pstate.current_pstate = pstate;
640
641 -- pstate_funcs.set(pstate);
642 -+ pstate_funcs->set(pstate);
643 +- pstate_funcs.set(cpu, pstate);
644 ++ pstate_funcs->set(cpu, pstate);
645 }
646
647 static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps)
648 -@@ -484,9 +484,9 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
649 +@@ -539,12 +539,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu)
650 {
651 sprintf(cpu->name, "Intel 2nd generation core");
652
653 @@ -38993,9 +39037,14 @@ index aa366ec..f34f555 100644
654 + cpu->pstate.max_pstate = pstate_funcs->get_max();
655 + cpu->pstate.turbo_pstate = pstate_funcs->get_turbo();
656
657 +- if (pstate_funcs.get_vid)
658 +- pstate_funcs.get_vid(cpu);
659 ++ if (pstate_funcs->get_vid)
660 ++ pstate_funcs->get_vid(cpu);
661 +
662 /*
663 * goto max pstate so we don't slow up boot if we are built-in if we are
664 -@@ -750,9 +750,9 @@ static int intel_pstate_msrs_not_valid(void)
665 +@@ -808,9 +808,9 @@ static int intel_pstate_msrs_not_valid(void)
666 rdmsrl(MSR_IA32_APERF, aperf);
667 rdmsrl(MSR_IA32_MPERF, mperf);
668
669 @@ -39008,7 +39057,7 @@ index aa366ec..f34f555 100644
670 return -ENODEV;
671
672 rdmsrl(MSR_IA32_APERF, tmp);
673 -@@ -766,7 +766,7 @@ static int intel_pstate_msrs_not_valid(void)
674 +@@ -824,7 +824,7 @@ static int intel_pstate_msrs_not_valid(void)
675 return 0;
676 }
677
678 @@ -39017,7 +39066,7 @@ index aa366ec..f34f555 100644
679 {
680 pid_params.sample_rate_ms = policy->sample_rate_ms;
681 pid_params.p_gain_pct = policy->p_gain_pct;
682 -@@ -778,10 +778,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
683 +@@ -836,11 +836,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy)
684
685 static void copy_cpu_funcs(struct pstate_funcs *funcs)
686 {
687 @@ -39025,6 +39074,7 @@ index aa366ec..f34f555 100644
688 - pstate_funcs.get_min = funcs->get_min;
689 - pstate_funcs.get_turbo = funcs->get_turbo;
690 - pstate_funcs.set = funcs->set;
691 +- pstate_funcs.get_vid = funcs->get_vid;
692 + pstate_funcs = funcs;
693 }
694
695 @@ -39492,7 +39542,7 @@ index 57ea7f4..af06b76 100644
696 card->driver->update_phy_reg(card, 4,
697 PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
698 diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
699 -index de4aa40..49ab1f2 100644
700 +index 2c6d5e1..a2cca6b 100644
701 --- a/drivers/firewire/core-device.c
702 +++ b/drivers/firewire/core-device.c
703 @@ -253,7 +253,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma);
704 @@ -39681,27 +39731,6 @@ index 9902732..64b62dd 100644
705
706 return -EINVAL;
707 }
708 -diff --git a/drivers/gpu/drm/armada/armada_drv.c b/drivers/gpu/drm/armada/armada_drv.c
709 -index 62d0ff3..073dbf3 100644
710 ---- a/drivers/gpu/drm/armada/armada_drv.c
711 -+++ b/drivers/gpu/drm/armada/armada_drv.c
712 -@@ -68,15 +68,7 @@ void __armada_drm_queue_unref_work(struct drm_device *dev,
713 - {
714 - struct armada_private *priv = dev->dev_private;
715 -
716 -- /*
717 -- * Yes, we really must jump through these hoops just to store a
718 -- * _pointer_ to something into the kfifo. This is utterly insane
719 -- * and idiotic, because it kfifo requires the _data_ pointed to by
720 -- * the pointer const, not the pointer itself. Not only that, but
721 -- * you have to pass a pointer _to_ the pointer you want stored.
722 -- */
723 -- const struct drm_framebuffer *silly_api_alert = fb;
724 -- WARN_ON(!kfifo_put(&priv->fb_unref, &silly_api_alert));
725 -+ WARN_ON(!kfifo_put(&priv->fb_unref, fb));
726 - schedule_work(&priv->fb_unref_work);
727 - }
728 -
729 diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
730 index d6cf77c..2842146 100644
731 --- a/drivers/gpu/drm/drm_crtc.c
732 @@ -40056,6 +40085,19 @@ index a3ba9a8..ee52ddd 100644
733 unsigned relocs_total = 0;
734 unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
735
736 +diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c
737 +index d3c3b5b..e79720d 100644
738 +--- a/drivers/gpu/drm/i915/i915_gem_gtt.c
739 ++++ b/drivers/gpu/drm/i915/i915_gem_gtt.c
740 +@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev)
741 + dev_priv->gtt.base.clear_range(&dev_priv->gtt.base,
742 + dev_priv->gtt.base.start / PAGE_SIZE,
743 + dev_priv->gtt.base.total / PAGE_SIZE,
744 +- false);
745 ++ true);
746 + }
747 +
748 + void i915_gem_restore_gtt_mappings(struct drm_device *dev)
749 diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
750 index 3c59584..500f2e9 100644
751 --- a/drivers/gpu/drm/i915/i915_ioc32.c
752 @@ -40921,10 +40963,10 @@ index 4d20910..6726b6d 100644
753 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
754
755 diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
756 -index 71245d6..94c556d 100644
757 +index 84323c9..cf07baf 100644
758 --- a/drivers/gpu/drm/radeon/radeon_ttm.c
759 +++ b/drivers/gpu/drm/radeon/radeon_ttm.c
760 -@@ -784,7 +784,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
761 +@@ -787,7 +787,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
762 man->size = size >> PAGE_SHIFT;
763 }
764
765 @@ -40933,7 +40975,7 @@ index 71245d6..94c556d 100644
766 static const struct vm_operations_struct *ttm_vm_ops = NULL;
767
768 static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
769 -@@ -825,8 +825,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
770 +@@ -828,8 +828,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma)
771 }
772 if (unlikely(ttm_vm_ops == NULL)) {
773 ttm_vm_ops = vma->vm_ops;
774 @@ -40944,7 +40986,7 @@ index 71245d6..94c556d 100644
775 }
776 vma->vm_ops = &radeon_ttm_vm_ops;
777 return 0;
778 -@@ -855,38 +857,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data)
779 +@@ -858,38 +860,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data)
780 static int radeon_ttm_debugfs_init(struct radeon_device *rdev)
781 {
782 #if defined(CONFIG_DEBUG_FS)
783 @@ -45726,7 +45768,7 @@ index 6a53c15..6e7d1e7 100644
784 /**
785 * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
786 diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
787 -index 5c3835a..d18b952 100644
788 +index cf9917b..c658558 100644
789 --- a/drivers/net/ethernet/broadcom/tg3.h
790 +++ b/drivers/net/ethernet/broadcom/tg3.h
791 @@ -150,6 +150,7 @@
792 @@ -45972,7 +46014,7 @@ index c737f0e..32b8682 100644
793 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
794 int (*get_settings)(struct net_device *, struct ethtool_cmd *);
795 diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
796 -index 3dd39dc..85efa46 100644
797 +index a124103..59c74f8 100644
798 --- a/drivers/net/ethernet/sfc/ptp.c
799 +++ b/drivers/net/ethernet/sfc/ptp.c
800 @@ -541,7 +541,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
801 @@ -46048,10 +46090,10 @@ index bf0d55e..82bcfbd1 100644
802 priv = netdev_priv(dev);
803 priv->phy = phy;
804 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
805 -index bc8faae..e51e25d 100644
806 +index d7e2907..1f8bfee 100644
807 --- a/drivers/net/macvlan.c
808 +++ b/drivers/net/macvlan.c
809 -@@ -990,13 +990,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
810 +@@ -993,13 +993,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
811 int macvlan_link_register(struct rtnl_link_ops *ops)
812 {
813 /* common fields */
814 @@ -46074,7 +46116,7 @@ index bc8faae..e51e25d 100644
815
816 return rtnl_link_register(ops);
817 };
818 -@@ -1051,7 +1053,7 @@ static int macvlan_device_event(struct notifier_block *unused,
819 +@@ -1054,7 +1056,7 @@ static int macvlan_device_event(struct notifier_block *unused,
820 return NOTIFY_DONE;
821 }
822
823 @@ -46166,10 +46208,10 @@ index b75ae5b..953c157 100644
824 };
825
826 diff --git a/drivers/net/tun.c b/drivers/net/tun.c
827 -index ecec802..614f08f 100644
828 +index 55c9238..ebb6ee5 100644
829 --- a/drivers/net/tun.c
830 +++ b/drivers/net/tun.c
831 -@@ -1839,7 +1839,7 @@ unlock:
832 +@@ -1841,7 +1841,7 @@ unlock:
833 }
834
835 static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
836 @@ -46178,7 +46220,7 @@ index ecec802..614f08f 100644
837 {
838 struct tun_file *tfile = file->private_data;
839 struct tun_struct *tun;
840 -@@ -1852,6 +1852,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
841 +@@ -1854,6 +1854,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
842 unsigned int ifindex;
843 int ret;
844
845 @@ -48191,10 +48233,10 @@ index 84419af..268ede8 100644
846 &dev_attr_energy_uj.attr;
847 }
848 diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c
849 -index 0186c1b..6491409 100644
850 +index 75dffb79..df850cd 100644
851 --- a/drivers/regulator/core.c
852 +++ b/drivers/regulator/core.c
853 -@@ -3369,7 +3369,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
854 +@@ -3370,7 +3370,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
855 {
856 const struct regulation_constraints *constraints = NULL;
857 const struct regulator_init_data *init_data;
858 @@ -48203,7 +48245,7 @@ index 0186c1b..6491409 100644
859 struct regulator_dev *rdev;
860 struct device *dev;
861 int ret, i;
862 -@@ -3439,7 +3439,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
863 +@@ -3440,7 +3440,7 @@ regulator_register(const struct regulator_desc *regulator_desc,
864 rdev->dev.of_node = config->of_node;
865 rdev->dev.parent = dev;
866 dev_set_name(&rdev->dev, "regulator.%d",
867 @@ -55595,6 +55637,54 @@ index 88714ae..16c2e11 100644
868
869
870 static inline u32 get_pll_internal_frequency(u32 ref_freq,
871 +diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
872 +index 4c02e2b..2c85267 100644
873 +--- a/drivers/xen/balloon.c
874 ++++ b/drivers/xen/balloon.c
875 +@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
876 + state = BP_EAGAIN;
877 + break;
878 + }
879 +-
880 +- pfn = page_to_pfn(page);
881 +- frame_list[i] = pfn_to_mfn(pfn);
882 +-
883 + scrub_page(page);
884 +
885 ++ frame_list[i] = page_to_pfn(page);
886 ++ }
887 ++
888 ++ /*
889 ++ * Ensure that ballooned highmem pages don't have kmaps.
890 ++ *
891 ++ * Do this before changing the p2m as kmap_flush_unused()
892 ++ * reads PTEs to obtain pages (and hence needs the original
893 ++ * p2m entry).
894 ++ */
895 ++ kmap_flush_unused();
896 ++
897 ++ /* Update direct mapping, invalidate P2M, and add to balloon. */
898 ++ for (i = 0; i < nr_pages; i++) {
899 ++ pfn = frame_list[i];
900 ++ frame_list[i] = pfn_to_mfn(pfn);
901 ++ page = pfn_to_page(pfn);
902 ++
903 + #ifdef CONFIG_XEN_HAVE_PVMMU
904 + /*
905 + * Ballooned out frames are effectively replaced with
906 +@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
907 + }
908 + #endif
909 +
910 +- balloon_append(pfn_to_page(pfn));
911 ++ balloon_append(page);
912 + }
913 +
914 +- /* Ensure that ballooned highmem pages don't have kmaps. */
915 +- kmap_flush_unused();
916 + flush_tlb_all();
917 +
918 + set_xen_guest_handle(reservation.extent_start, frame_list);
919 diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c
920 index fef20db..d28b1ab 100644
921 --- a/drivers/xen/xenfs/xenstored.c
922 @@ -55686,6 +55776,61 @@ index 062a5f6..e5618e0 100644
923 return -EINVAL;
924
925 file = aio_private_file(ctx, nr_pages);
926 +diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
927 +index 2408473..80ef38c 100644
928 +--- a/fs/anon_inodes.c
929 ++++ b/fs/anon_inodes.c
930 +@@ -41,19 +41,8 @@ static const struct dentry_operations anon_inodefs_dentry_operations = {
931 + static struct dentry *anon_inodefs_mount(struct file_system_type *fs_type,
932 + int flags, const char *dev_name, void *data)
933 + {
934 +- struct dentry *root;
935 +- root = mount_pseudo(fs_type, "anon_inode:", NULL,
936 ++ return mount_pseudo(fs_type, "anon_inode:", NULL,
937 + &anon_inodefs_dentry_operations, ANON_INODE_FS_MAGIC);
938 +- if (!IS_ERR(root)) {
939 +- struct super_block *s = root->d_sb;
940 +- anon_inode_inode = alloc_anon_inode(s);
941 +- if (IS_ERR(anon_inode_inode)) {
942 +- dput(root);
943 +- deactivate_locked_super(s);
944 +- root = ERR_CAST(anon_inode_inode);
945 +- }
946 +- }
947 +- return root;
948 + }
949 +
950 + static struct file_system_type anon_inode_fs_type = {
951 +@@ -175,22 +164,15 @@ EXPORT_SYMBOL_GPL(anon_inode_getfd);
952 +
953 + static int __init anon_inode_init(void)
954 + {
955 +- int error;
956 +-
957 +- error = register_filesystem(&anon_inode_fs_type);
958 +- if (error)
959 +- goto err_exit;
960 + anon_inode_mnt = kern_mount(&anon_inode_fs_type);
961 +- if (IS_ERR(anon_inode_mnt)) {
962 +- error = PTR_ERR(anon_inode_mnt);
963 +- goto err_unregister_filesystem;
964 +- }
965 ++ if (IS_ERR(anon_inode_mnt))
966 ++ panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt));
967 ++
968 ++ anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb);
969 ++ if (IS_ERR(anon_inode_inode))
970 ++ panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode));
971 ++
972 + return 0;
973 +-
974 +-err_unregister_filesystem:
975 +- unregister_filesystem(&anon_inode_fs_type);
976 +-err_exit:
977 +- panic(KERN_ERR "anon_inode_init() failed (%d)\n", error);
978 + }
979 +
980 + fs_initcall(anon_inode_init);
981 diff --git a/fs/attr.c b/fs/attr.c
982 index 5d4e59d..fd02418 100644
983 --- a/fs/attr.c
984 @@ -56899,10 +57044,10 @@ index 1e86823..8e34695 100644
985 else if (whole->bd_holder != NULL)
986 return false; /* is a partition of a held device */
987 diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
988 -index 316136b..e7a3a50 100644
989 +index 3de01b4..6547c39 100644
990 --- a/fs/btrfs/ctree.c
991 +++ b/fs/btrfs/ctree.c
992 -@@ -1028,9 +1028,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
993 +@@ -1217,9 +1217,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
994 free_extent_buffer(buf);
995 add_root_to_dirty_list(root);
996 } else {
997 @@ -58020,7 +58165,7 @@ index bc3fbcd..6031650 100644
998 return 0;
999 while (nr) {
1000 diff --git a/fs/dcache.c b/fs/dcache.c
1001 -index fdbe230..ba17c1f 100644
1002 +index fdbe230..d852932 100644
1003 --- a/fs/dcache.c
1004 +++ b/fs/dcache.c
1005 @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
1006 @@ -58032,6 +58177,18 @@ index fdbe230..ba17c1f 100644
1007 if (!dname) {
1008 kmem_cache_free(dentry_cache, dentry);
1009 return NULL;
1010 +@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name)
1011 + u32 dlen = ACCESS_ONCE(name->len);
1012 + char *p;
1013 +
1014 +- if (*buflen < dlen + 1)
1015 +- return -ENAMETOOLONG;
1016 + *buflen -= dlen + 1;
1017 ++ if (*buflen < 0)
1018 ++ return -ENAMETOOLONG;
1019 + p = *buffer -= dlen + 1;
1020 + *p++ = '/';
1021 + while (dlen--) {
1022 @@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages)
1023 mempages -= reserve;
1024
1025 @@ -61026,7 +61183,7 @@ index a17458c..e69fb5b 100644
1026 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
1027
1028 diff --git a/fs/namei.c b/fs/namei.c
1029 -index 3531dee..3177227 100644
1030 +index cfe6608..a24748c 100644
1031 --- a/fs/namei.c
1032 +++ b/fs/namei.c
1033 @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
1034 @@ -61102,7 +61259,57 @@ index 3531dee..3177227 100644
1035 nd->last_type = LAST_BIND;
1036 *p = dentry->d_inode->i_op->follow_link(dentry, nd);
1037 error = PTR_ERR(*p);
1038 -@@ -1582,6 +1596,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
1039 +@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1040 + return false;
1041 +
1042 + if (!d_mountpoint(path->dentry))
1043 +- break;
1044 ++ return true;
1045 +
1046 + mounted = __lookup_mnt(path->mnt, path->dentry);
1047 + if (!mounted)
1048 +@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path,
1049 + */
1050 + *inode = path->dentry->d_inode;
1051 + }
1052 +- return true;
1053 +-}
1054 +-
1055 +-static void follow_mount_rcu(struct nameidata *nd)
1056 +-{
1057 +- while (d_mountpoint(nd->path.dentry)) {
1058 +- struct mount *mounted;
1059 +- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1060 +- if (!mounted)
1061 +- break;
1062 +- nd->path.mnt = &mounted->mnt;
1063 +- nd->path.dentry = mounted->mnt.mnt_root;
1064 +- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1065 +- }
1066 ++ return read_seqretry(&mount_lock, nd->m_seq);
1067 + }
1068 +
1069 + static int follow_dotdot_rcu(struct nameidata *nd)
1070 +@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd)
1071 + break;
1072 + nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1073 + }
1074 +- follow_mount_rcu(nd);
1075 ++ while (d_mountpoint(nd->path.dentry)) {
1076 ++ struct mount *mounted;
1077 ++ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry);
1078 ++ if (!mounted)
1079 ++ break;
1080 ++ nd->path.mnt = &mounted->mnt;
1081 ++ nd->path.dentry = mounted->mnt.mnt_root;
1082 ++ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
1083 ++ if (!read_seqretry(&mount_lock, nd->m_seq))
1084 ++ goto failed;
1085 ++ }
1086 + nd->inode = nd->path.dentry->d_inode;
1087 + return 0;
1088 +
1089 +@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
1090 if (res)
1091 break;
1092 res = walk_component(nd, path, LOOKUP_FOLLOW);
1093 @@ -61111,7 +61318,7 @@ index 3531dee..3177227 100644
1094 put_link(nd, &link, cookie);
1095 } while (res > 0);
1096
1097 -@@ -1655,7 +1671,7 @@ EXPORT_SYMBOL(full_name_hash);
1098 +@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash);
1099 static inline unsigned long hash_name(const char *name, unsigned int *hashp)
1100 {
1101 unsigned long a, b, adata, bdata, mask, hash, len;
1102 @@ -61120,7 +61327,7 @@ index 3531dee..3177227 100644
1103
1104 hash = a = 0;
1105 len = -sizeof(unsigned long);
1106 -@@ -1939,6 +1955,8 @@ static int path_lookupat(int dfd, const char *name,
1107 +@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name,
1108 if (err)
1109 break;
1110 err = lookup_last(nd, &path);
1111 @@ -61129,7 +61336,7 @@ index 3531dee..3177227 100644
1112 put_link(nd, &link, cookie);
1113 }
1114 }
1115 -@@ -1946,6 +1964,13 @@ static int path_lookupat(int dfd, const char *name,
1116 +@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name,
1117 if (!err)
1118 err = complete_walk(nd);
1119
1120 @@ -61143,7 +61350,7 @@ index 3531dee..3177227 100644
1121 if (!err && nd->flags & LOOKUP_DIRECTORY) {
1122 if (!d_is_directory(nd->path.dentry)) {
1123 path_put(&nd->path);
1124 -@@ -1973,8 +1998,15 @@ static int filename_lookup(int dfd, struct filename *name,
1125 +@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name,
1126 retval = path_lookupat(dfd, name->name,
1127 flags | LOOKUP_REVAL, nd);
1128
1129 @@ -61160,7 +61367,7 @@ index 3531dee..3177227 100644
1130 return retval;
1131 }
1132
1133 -@@ -2548,6 +2580,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
1134 +@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag)
1135 if (flag & O_NOATIME && !inode_owner_or_capable(inode))
1136 return -EPERM;
1137
1138 @@ -61174,7 +61381,7 @@ index 3531dee..3177227 100644
1139 return 0;
1140 }
1141
1142 -@@ -2779,7 +2818,7 @@ looked_up:
1143 +@@ -2779,7 +2815,7 @@ looked_up:
1144 * cleared otherwise prior to returning.
1145 */
1146 static int lookup_open(struct nameidata *nd, struct path *path,
1147 @@ -61183,7 +61390,7 @@ index 3531dee..3177227 100644
1148 const struct open_flags *op,
1149 bool got_write, int *opened)
1150 {
1151 -@@ -2814,6 +2853,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1152 +@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1153 /* Negative dentry, just create the file */
1154 if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
1155 umode_t mode = op->mode;
1156 @@ -61201,7 +61408,7 @@ index 3531dee..3177227 100644
1157 if (!IS_POSIXACL(dir->d_inode))
1158 mode &= ~current_umask();
1159 /*
1160 -@@ -2835,6 +2885,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1161 +@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path,
1162 nd->flags & LOOKUP_EXCL);
1163 if (error)
1164 goto out_dput;
1165 @@ -61210,7 +61417,7 @@ index 3531dee..3177227 100644
1166 }
1167 out_no_open:
1168 path->dentry = dentry;
1169 -@@ -2849,7 +2901,7 @@ out_dput:
1170 +@@ -2849,7 +2898,7 @@ out_dput:
1171 /*
1172 * Handle the last step of open()
1173 */
1174 @@ -61219,7 +61426,7 @@ index 3531dee..3177227 100644
1175 struct file *file, const struct open_flags *op,
1176 int *opened, struct filename *name)
1177 {
1178 -@@ -2899,6 +2951,15 @@ static int do_last(struct nameidata *nd, struct path *path,
1179 +@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path,
1180 if (error)
1181 return error;
1182
1183 @@ -61235,7 +61442,7 @@ index 3531dee..3177227 100644
1184 audit_inode(name, dir, LOOKUP_PARENT);
1185 error = -EISDIR;
1186 /* trailing slashes? */
1187 -@@ -2918,7 +2979,7 @@ retry_lookup:
1188 +@@ -2918,7 +2976,7 @@ retry_lookup:
1189 */
1190 }
1191 mutex_lock(&dir->d_inode->i_mutex);
1192 @@ -61244,7 +61451,7 @@ index 3531dee..3177227 100644
1193 mutex_unlock(&dir->d_inode->i_mutex);
1194
1195 if (error <= 0) {
1196 -@@ -2942,11 +3003,28 @@ retry_lookup:
1197 +@@ -2942,11 +3000,28 @@ retry_lookup:
1198 goto finish_open_created;
1199 }
1200
1201 @@ -61274,7 +61481,7 @@ index 3531dee..3177227 100644
1202
1203 /*
1204 * If atomic_open() acquired write access it is dropped now due to
1205 -@@ -2987,6 +3065,11 @@ finish_lookup:
1206 +@@ -2987,6 +3062,11 @@ finish_lookup:
1207 }
1208 }
1209 BUG_ON(inode != path->dentry->d_inode);
1210 @@ -61286,7 +61493,7 @@ index 3531dee..3177227 100644
1211 return 1;
1212 }
1213
1214 -@@ -2996,7 +3079,6 @@ finish_lookup:
1215 +@@ -2996,7 +3076,6 @@ finish_lookup:
1216 save_parent.dentry = nd->path.dentry;
1217 save_parent.mnt = mntget(path->mnt);
1218 nd->path.dentry = path->dentry;
1219 @@ -61294,7 +61501,7 @@ index 3531dee..3177227 100644
1220 }
1221 nd->inode = inode;
1222 /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
1223 -@@ -3006,7 +3088,18 @@ finish_open:
1224 +@@ -3006,7 +3085,18 @@ finish_open:
1225 path_put(&save_parent);
1226 return error;
1227 }
1228 @@ -61313,7 +61520,7 @@ index 3531dee..3177227 100644
1229 error = -EISDIR;
1230 if ((open_flag & O_CREAT) &&
1231 (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry)))
1232 -@@ -3170,7 +3263,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
1233 +@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
1234 if (unlikely(error))
1235 goto out;
1236
1237 @@ -61322,7 +61529,7 @@ index 3531dee..3177227 100644
1238 while (unlikely(error > 0)) { /* trailing symlink */
1239 struct path link = path;
1240 void *cookie;
1241 -@@ -3188,7 +3281,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
1242 +@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
1243 error = follow_link(&link, nd, &cookie);
1244 if (unlikely(error))
1245 break;
1246 @@ -61331,7 +61538,7 @@ index 3531dee..3177227 100644
1247 put_link(nd, &link, cookie);
1248 }
1249 out:
1250 -@@ -3288,9 +3381,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
1251 +@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname,
1252 goto unlock;
1253
1254 error = -EEXIST;
1255 @@ -61345,7 +61552,7 @@ index 3531dee..3177227 100644
1256 /*
1257 * Special case - lookup gave negative, but... we had foo/bar/
1258 * From the vfs_mknod() POV we just have a negative dentry -
1259 -@@ -3342,6 +3437,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
1260 +@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname,
1261 }
1262 EXPORT_SYMBOL(user_path_create);
1263
1264 @@ -61366,7 +61573,7 @@ index 3531dee..3177227 100644
1265 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
1266 {
1267 int error = may_create(dir, dentry);
1268 -@@ -3404,6 +3513,17 @@ retry:
1269 +@@ -3404,6 +3510,17 @@ retry:
1270
1271 if (!IS_POSIXACL(path.dentry->d_inode))
1272 mode &= ~current_umask();
1273 @@ -61384,7 +61591,7 @@ index 3531dee..3177227 100644
1274 error = security_path_mknod(&path, dentry, mode, dev);
1275 if (error)
1276 goto out;
1277 -@@ -3420,6 +3540,8 @@ retry:
1278 +@@ -3420,6 +3537,8 @@ retry:
1279 break;
1280 }
1281 out:
1282 @@ -61393,7 +61600,7 @@ index 3531dee..3177227 100644
1283 done_path_create(&path, dentry);
1284 if (retry_estale(error, lookup_flags)) {
1285 lookup_flags |= LOOKUP_REVAL;
1286 -@@ -3472,9 +3594,16 @@ retry:
1287 +@@ -3472,9 +3591,16 @@ retry:
1288
1289 if (!IS_POSIXACL(path.dentry->d_inode))
1290 mode &= ~current_umask();
1291 @@ -61410,7 +61617,7 @@ index 3531dee..3177227 100644
1292 done_path_create(&path, dentry);
1293 if (retry_estale(error, lookup_flags)) {
1294 lookup_flags |= LOOKUP_REVAL;
1295 -@@ -3555,6 +3684,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1296 +@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname)
1297 struct filename *name;
1298 struct dentry *dentry;
1299 struct nameidata nd;
1300 @@ -61419,7 +61626,7 @@ index 3531dee..3177227 100644
1301 unsigned int lookup_flags = 0;
1302 retry:
1303 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
1304 -@@ -3587,10 +3718,21 @@ retry:
1305 +@@ -3587,10 +3715,21 @@ retry:
1306 error = -ENOENT;
1307 goto exit3;
1308 }
1309 @@ -61441,7 +61648,7 @@ index 3531dee..3177227 100644
1310 exit3:
1311 dput(dentry);
1312 exit2:
1313 -@@ -3680,6 +3822,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1314 +@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname)
1315 struct nameidata nd;
1316 struct inode *inode = NULL;
1317 struct inode *delegated_inode = NULL;
1318 @@ -61450,7 +61657,7 @@ index 3531dee..3177227 100644
1319 unsigned int lookup_flags = 0;
1320 retry:
1321 name = user_path_parent(dfd, pathname, &nd, lookup_flags);
1322 -@@ -3706,10 +3850,22 @@ retry_deleg:
1323 +@@ -3706,10 +3847,22 @@ retry_deleg:
1324 if (d_is_negative(dentry))
1325 goto slashes;
1326 ihold(inode);
1327 @@ -61473,7 +61680,7 @@ index 3531dee..3177227 100644
1328 exit2:
1329 dput(dentry);
1330 }
1331 -@@ -3797,9 +3953,17 @@ retry:
1332 +@@ -3797,9 +3950,17 @@ retry:
1333 if (IS_ERR(dentry))
1334 goto out_putname;
1335
1336 @@ -61491,7 +61698,7 @@ index 3531dee..3177227 100644
1337 done_path_create(&path, dentry);
1338 if (retry_estale(error, lookup_flags)) {
1339 lookup_flags |= LOOKUP_REVAL;
1340 -@@ -3902,6 +4066,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1341 +@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname,
1342 struct dentry *new_dentry;
1343 struct path old_path, new_path;
1344 struct inode *delegated_inode = NULL;
1345 @@ -61499,7 +61706,7 @@ index 3531dee..3177227 100644
1346 int how = 0;
1347 int error;
1348
1349 -@@ -3925,7 +4090,7 @@ retry:
1350 +@@ -3925,7 +4087,7 @@ retry:
1351 if (error)
1352 return error;
1353
1354 @@ -61508,7 +61715,7 @@ index 3531dee..3177227 100644
1355 (how & LOOKUP_REVAL));
1356 error = PTR_ERR(new_dentry);
1357 if (IS_ERR(new_dentry))
1358 -@@ -3937,11 +4102,28 @@ retry:
1359 +@@ -3937,11 +4099,28 @@ retry:
1360 error = may_linkat(&old_path);
1361 if (unlikely(error))
1362 goto out_dput;
1363 @@ -61537,7 +61744,7 @@ index 3531dee..3177227 100644
1364 done_path_create(&new_path, new_dentry);
1365 if (delegated_inode) {
1366 error = break_deleg_wait(&delegated_inode);
1367 -@@ -4225,6 +4407,12 @@ retry_deleg:
1368 +@@ -4228,6 +4407,12 @@ retry_deleg:
1369 if (new_dentry == trap)
1370 goto exit5;
1371
1372 @@ -61550,7 +61757,7 @@ index 3531dee..3177227 100644
1373 error = security_path_rename(&oldnd.path, old_dentry,
1374 &newnd.path, new_dentry);
1375 if (error)
1376 -@@ -4232,6 +4420,9 @@ retry_deleg:
1377 +@@ -4235,6 +4420,9 @@ retry_deleg:
1378 error = vfs_rename(old_dir->d_inode, old_dentry,
1379 new_dir->d_inode, new_dentry,
1380 &delegated_inode);
1381 @@ -61560,7 +61767,7 @@ index 3531dee..3177227 100644
1382 exit5:
1383 dput(new_dentry);
1384 exit4:
1385 -@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
1386 +@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna
1387
1388 int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link)
1389 {
1390 @@ -61569,7 +61776,7 @@ index 3531dee..3177227 100644
1391 int len;
1392
1393 len = PTR_ERR(link);
1394 -@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
1395 +@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c
1396 len = strlen(link);
1397 if (len > (unsigned) buflen)
1398 len = buflen;
1399 @@ -62690,7 +62897,7 @@ index 1bd2077..2f7cfd5 100644
1400 static struct pid *
1401 get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
1402 diff --git a/fs/proc/base.c b/fs/proc/base.c
1403 -index 03c8d74..68a79e8 100644
1404 +index b59a34b..68a79e8 100644
1405 --- a/fs/proc/base.c
1406 +++ b/fs/proc/base.c
1407 @@ -113,6 +113,14 @@ struct pid_entry {
1408 @@ -62999,15 +63206,7 @@ index 03c8d74..68a79e8 100644
1409 rcu_read_unlock();
1410 } else {
1411 inode->i_uid = GLOBAL_ROOT_UID;
1412 -@@ -1819,6 +1937,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path)
1413 - if (rc)
1414 - goto out_mmput;
1415 -
1416 -+ rc = -ENOENT;
1417 - down_read(&mm->mmap_sem);
1418 - vma = find_exact_vma(mm, vm_start, vm_end);
1419 - if (vma && vma->vm_file) {
1420 -@@ -2172,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
1421 +@@ -2173,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
1422 if (!task)
1423 goto out_no_task;
1424
1425 @@ -63017,7 +63216,7 @@ index 03c8d74..68a79e8 100644
1426 /*
1427 * Yes, it does not scale. And it should not. Don't add
1428 * new entries into /proc/<tgid>/ without very good reasons.
1429 -@@ -2202,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
1430 +@@ -2203,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
1431 if (!task)
1432 return -ENOENT;
1433
1434 @@ -63027,7 +63226,7 @@ index 03c8d74..68a79e8 100644
1435 if (!dir_emit_dots(file, ctx))
1436 goto out;
1437
1438 -@@ -2591,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = {
1439 +@@ -2592,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = {
1440 REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
1441 #endif
1442 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
1443 @@ -63036,7 +63235,7 @@ index 03c8d74..68a79e8 100644
1444 INF("syscall", S_IRUGO, proc_pid_syscall),
1445 #endif
1446 INF("cmdline", S_IRUGO, proc_pid_cmdline),
1447 -@@ -2616,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = {
1448 +@@ -2617,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = {
1449 #ifdef CONFIG_SECURITY
1450 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
1451 #endif
1452 @@ -63049,7 +63248,7 @@ index 03c8d74..68a79e8 100644
1453 ONE("stack", S_IRUGO, proc_pid_stack),
1454 #endif
1455 #ifdef CONFIG_SCHEDSTATS
1456 -@@ -2653,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = {
1457 +@@ -2654,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = {
1458 #ifdef CONFIG_HARDWALL
1459 INF("hardwall", S_IRUGO, proc_pid_hardwall),
1460 #endif
1461 @@ -63059,7 +63258,7 @@ index 03c8d74..68a79e8 100644
1462 #ifdef CONFIG_USER_NS
1463 REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
1464 REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
1465 -@@ -2783,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir,
1466 +@@ -2784,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir,
1467 if (!inode)
1468 goto out;
1469
1470 @@ -63074,7 +63273,7 @@ index 03c8d74..68a79e8 100644
1471 inode->i_op = &proc_tgid_base_inode_operations;
1472 inode->i_fop = &proc_tgid_base_operations;
1473 inode->i_flags|=S_IMMUTABLE;
1474 -@@ -2821,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
1475 +@@ -2822,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
1476 if (!task)
1477 goto out;
1478
1479 @@ -63086,7 +63285,7 @@ index 03c8d74..68a79e8 100644
1480 put_task_struct(task);
1481 out:
1482 return ERR_PTR(result);
1483 -@@ -2927,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = {
1484 +@@ -2928,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = {
1485 REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
1486 #endif
1487 REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
1488 @@ -63095,7 +63294,7 @@ index 03c8d74..68a79e8 100644
1489 INF("syscall", S_IRUGO, proc_pid_syscall),
1490 #endif
1491 INF("cmdline", S_IRUGO, proc_pid_cmdline),
1492 -@@ -2954,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = {
1493 +@@ -2955,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = {
1494 #ifdef CONFIG_SECURITY
1495 DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
1496 #endif
1497 @@ -64963,10 +65162,10 @@ index 104455b..764c512 100644
1498 kfree(s);
1499 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
1500 new file mode 100644
1501 -index 0000000..031e895
1502 +index 0000000..13b7885
1503 --- /dev/null
1504 +++ b/grsecurity/Kconfig
1505 -@@ -0,0 +1,1157 @@
1506 +@@ -0,0 +1,1155 @@
1507 +#
1508 +# grecurity configuration
1509 +#
1510 @@ -64980,18 +65179,16 @@ index 0000000..031e895
1511 + help
1512 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
1513 + be written to or read from to modify or leak the contents of the running
1514 -+ kernel. /dev/port will also not be allowed to be opened, and support
1515 -+ for /dev/cpu/*/msr and kexec will be removed. If you have module
1516 -+ support disabled, enabling this will close up six ways that are
1517 -+ currently used to insert malicious code into the running kernel.
1518 ++ kernel. /dev/port will also not be allowed to be opened, writing to
1519 ++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed.
1520 ++ If you have module support disabled, enabling this will close up several
1521 ++ ways that are currently used to insert malicious code into the running
1522 ++ kernel.
1523 +
1524 + Even with this feature enabled, we still highly recommend that
1525 + you use the RBAC system, as it is still possible for an attacker to
1526 + modify the running kernel through other more obscure methods.
1527 +
1528 -+ Enabling this feature will prevent the "cpupower" and "powertop" tools
1529 -+ from working.
1530 -+
1531 + It is highly recommended that you say Y here if you meet all the
1532 + conditions above.
1533 +
1534 @@ -79641,7 +79838,7 @@ index 9fe426b..8148be6 100644
1535 static inline int
1536 vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst)
1537 diff --git a/include/linux/mm.h b/include/linux/mm.h
1538 -index 9fac6dd..158ca43 100644
1539 +index 0ab5439..2859c61 100644
1540 --- a/include/linux/mm.h
1541 +++ b/include/linux/mm.h
1542 @@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp);
1543 @@ -82990,10 +83187,37 @@ index 2ef3c3e..e02013e 100644
1544 /**
1545 * sk_page_frag - return an appropriate page_frag
1546 diff --git a/include/net/tcp.h b/include/net/tcp.h
1547 -index 70e55d2..c5d8d53 100644
1548 +index 9250d62..10a7f03 100644
1549 --- a/include/net/tcp.h
1550 +++ b/include/net/tcp.h
1551 -@@ -540,7 +540,7 @@ void tcp_retransmit_timer(struct sock *sk);
1552 +@@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
1553 + #ifdef CONFIG_SYN_COOKIES
1554 + #include <linux/ktime.h>
1555 +
1556 +-/* Syncookies use a monotonic timer which increments every 64 seconds.
1557 ++/* Syncookies use a monotonic timer which increments every 60 seconds.
1558 + * This counter is used both as a hash input and partially encoded into
1559 + * the cookie value. A cookie is only validated further if the delta
1560 + * between the current counter value and the encoded one is less than this,
1561 +- * i.e. a sent cookie is valid only at most for 128 seconds (or less if
1562 ++ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if
1563 + * the counter advances immediately after a cookie is generated).
1564 + */
1565 + #define MAX_SYNCOOKIE_AGE 2
1566 +
1567 + static inline u32 tcp_cookie_time(void)
1568 + {
1569 +- struct timespec now;
1570 +- getnstimeofday(&now);
1571 +- return now.tv_sec >> 6; /* 64 seconds granularity */
1572 ++ u64 val = get_jiffies_64();
1573 ++
1574 ++ do_div(val, 60 * HZ);
1575 ++ return val;
1576 + }
1577 +
1578 + u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th,
1579 +@@ -540,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk);
1580 void tcp_xmit_retransmit_queue(struct sock *);
1581 void tcp_simple_retransmit(struct sock *);
1582 int tcp_trim_head(struct sock *, struct sk_buff *, u32);
1583 @@ -83002,7 +83226,7 @@ index 70e55d2..c5d8d53 100644
1584
1585 void tcp_send_probe0(struct sock *);
1586 void tcp_send_partial(struct sock *);
1587 -@@ -711,8 +711,8 @@ struct tcp_skb_cb {
1588 +@@ -711,8 +712,8 @@ struct tcp_skb_cb {
1589 struct inet6_skb_parm h6;
1590 #endif
1591 } header; /* For incoming frames */
1592 @@ -83013,7 +83237,7 @@ index 70e55d2..c5d8d53 100644
1593 __u32 when; /* used to compute rtt's */
1594 __u8 tcp_flags; /* TCP header flags. (tcp[13]) */
1595
1596 -@@ -726,7 +726,7 @@ struct tcp_skb_cb {
1597 +@@ -726,7 +727,7 @@ struct tcp_skb_cb {
1598
1599 __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
1600 /* 1 byte hole */
1601 @@ -84213,7 +84437,7 @@ index b8d4aed..96a4fe8 100644
1602 if (u->mq_bytes + mq_bytes < u->mq_bytes ||
1603 u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
1604 diff --git a/ipc/msg.c b/ipc/msg.c
1605 -index 558aa91..359e718 100644
1606 +index 52770bf..1c60a6f 100644
1607 --- a/ipc/msg.c
1608 +++ b/ipc/msg.c
1609 @@ -297,18 +297,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
1610 @@ -84458,7 +84682,7 @@ index 15ec13a..986322e 100644
1611 if (!ab)
1612 return;
1613 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
1614 -index 90594c9..abbeed7 100644
1615 +index ff32843..27fc708 100644
1616 --- a/kernel/auditsc.c
1617 +++ b/kernel/auditsc.c
1618 @@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
1619 @@ -84470,7 +84694,7 @@ index 90594c9..abbeed7 100644
1620
1621 static int audit_set_loginuid_perm(kuid_t loginuid)
1622 {
1623 -@@ -2008,7 +2008,7 @@ int audit_set_loginuid(kuid_t loginuid)
1624 +@@ -2011,7 +2011,7 @@ int audit_set_loginuid(kuid_t loginuid)
1625
1626 /* are we setting or clearing? */
1627 if (uid_valid(loginuid))
1628 @@ -88792,7 +89016,7 @@ index c677510..132bb14 100644
1629 #else
1630 static void register_sched_domain_sysctl(void)
1631 diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
1632 -index e64b079..a46bd34 100644
1633 +index ce501de..1805320 100644
1634 --- a/kernel/sched/fair.c
1635 +++ b/kernel/sched/fair.c
1636 @@ -1652,7 +1652,7 @@ void task_numa_fault(int last_cpupid, int node, int pages, int flags)
1637 @@ -90087,7 +90311,7 @@ index 26dc348..8708ca7 100644
1638 + return atomic64_inc_return_unchecked(&trace_counter);
1639 }
1640 diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
1641 -index a11800a..3dafde5 100644
1642 +index 2e58196..fdd3d61 100644
1643 --- a/kernel/trace/trace_events.c
1644 +++ b/kernel/trace/trace_events.c
1645 @@ -1681,7 +1681,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call,
1646 @@ -91046,72 +91270,6 @@ index ce682f7..1fb54f9 100644
1647 if (err) {
1648 bdi_destroy(bdi);
1649 return err;
1650 -diff --git a/mm/compaction.c b/mm/compaction.c
1651 -index f58bcd0..b74dc61 100644
1652 ---- a/mm/compaction.c
1653 -+++ b/mm/compaction.c
1654 -@@ -251,7 +251,6 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
1655 - {
1656 - int nr_scanned = 0, total_isolated = 0;
1657 - struct page *cursor, *valid_page = NULL;
1658 -- unsigned long nr_strict_required = end_pfn - blockpfn;
1659 - unsigned long flags;
1660 - bool locked = false;
1661 -
1662 -@@ -264,11 +263,12 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
1663 -
1664 - nr_scanned++;
1665 - if (!pfn_valid_within(blockpfn))
1666 -- continue;
1667 -+ goto isolate_fail;
1668 -+
1669 - if (!valid_page)
1670 - valid_page = page;
1671 - if (!PageBuddy(page))
1672 -- continue;
1673 -+ goto isolate_fail;
1674 -
1675 - /*
1676 - * The zone lock must be held to isolate freepages.
1677 -@@ -289,12 +289,10 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
1678 -
1679 - /* Recheck this is a buddy page under lock */
1680 - if (!PageBuddy(page))
1681 -- continue;
1682 -+ goto isolate_fail;
1683 -
1684 - /* Found a free page, break it into order-0 pages */
1685 - isolated = split_free_page(page);
1686 -- if (!isolated && strict)
1687 -- break;
1688 - total_isolated += isolated;
1689 - for (i = 0; i < isolated; i++) {
1690 - list_add(&page->lru, freelist);
1691 -@@ -305,7 +303,15 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
1692 - if (isolated) {
1693 - blockpfn += isolated - 1;
1694 - cursor += isolated - 1;
1695 -+ continue;
1696 - }
1697 -+
1698 -+isolate_fail:
1699 -+ if (strict)
1700 -+ break;
1701 -+ else
1702 -+ continue;
1703 -+
1704 - }
1705 -
1706 - trace_mm_compaction_isolate_freepages(nr_scanned, total_isolated);
1707 -@@ -315,7 +321,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc,
1708 - * pages requested were isolated. If there were any failures, 0 is
1709 - * returned and CMA will fail.
1710 - */
1711 -- if (strict && nr_strict_required > total_isolated)
1712 -+ if (strict && blockpfn < end_pfn)
1713 - total_isolated = 0;
1714 -
1715 - if (locked)
1716 diff --git a/mm/filemap.c b/mm/filemap.c
1717 index b7749a9..50d1123 100644
1718 --- a/mm/filemap.c
1719 @@ -94145,7 +94303,7 @@ index 7106cb1..0805f48 100644
1720 unsigned long bg_thresh,
1721 unsigned long dirty,
1722 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
1723 -index 5248fe0..0f693aa 100644
1724 +index 56f268d..4d35ec4 100644
1725 --- a/mm/page_alloc.c
1726 +++ b/mm/page_alloc.c
1727 @@ -61,6 +61,7 @@
1728 @@ -96834,7 +96992,7 @@ index b618694..192bbba 100644
1729
1730 m->msg_iov = iov;
1731 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
1732 -index 932c6d7..71fd94a 100644
1733 +index 43128dd..e4d4311 100644
1734 --- a/net/core/neighbour.c
1735 +++ b/net/core/neighbour.c
1736 @@ -2775,7 +2775,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write,
1737 @@ -97375,10 +97533,10 @@ index 1865fdf..581a595 100644
1738 if (flags & MSG_TRUNC)
1739 copied = skb->len;
1740 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
1741 -index 70011e0..454ca6a 100644
1742 +index e4d96d4..e1651da 100644
1743 --- a/net/ipv4/af_inet.c
1744 +++ b/net/ipv4/af_inet.c
1745 -@@ -1683,13 +1683,9 @@ static int __init inet_init(void)
1746 +@@ -1686,13 +1686,9 @@ static int __init inet_init(void)
1747
1748 BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
1749
1750 @@ -97393,7 +97551,7 @@ index 70011e0..454ca6a 100644
1751
1752 rc = proto_register(&udp_prot, 1);
1753 if (rc)
1754 -@@ -1796,8 +1792,6 @@ out_unregister_udp_proto:
1755 +@@ -1799,8 +1795,6 @@ out_unregister_udp_proto:
1756 proto_unregister(&udp_prot);
1757 out_unregister_tcp_proto:
1758 proto_unregister(&tcp_prot);
1759 @@ -100976,24 +101134,6 @@ index 1a6eef3..17e898f 100644
1760 NULL,
1761 sctp_generate_t1_cookie_event,
1762 sctp_generate_t1_init_event,
1763 -diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
1764 -index a26065b..af7be05 100644
1765 ---- a/net/sctp/sm_statefuns.c
1766 -+++ b/net/sctp/sm_statefuns.c
1767 -@@ -759,6 +759,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net,
1768 - struct sctp_chunk auth;
1769 - sctp_ierror_t ret;
1770 -
1771 -+ /* Make sure that we and the peer are AUTH capable */
1772 -+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) {
1773 -+ kfree_skb(chunk->auth_chunk);
1774 -+ sctp_association_free(new_asoc);
1775 -+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands);
1776 -+ }
1777 -+
1778 - /* set-up our fake chunk so that we can process it */
1779 - auth.skb = chunk->auth_chunk;
1780 - auth.asoc = chunk->asoc;
1781 diff --git a/net/sctp/socket.c b/net/sctp/socket.c
1782 index 146b35d..1021a34 100644
1783 --- a/net/sctp/socket.c
1784 @@ -101756,10 +101896,10 @@ index d38bb45..38d5df5 100644
1785
1786 sub->evt.event = htohl(event, sub->swap);
1787 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
1788 -index a427623..387c80b 100644
1789 +index d7c1ac6..b0fc322 100644
1790 --- a/net/unix/af_unix.c
1791 +++ b/net/unix/af_unix.c
1792 -@@ -790,6 +790,12 @@ static struct sock *unix_find_other(struct net *net,
1793 +@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net,
1794 err = -ECONNREFUSED;
1795 if (!S_ISSOCK(inode->i_mode))
1796 goto put_fail;
1797 @@ -101772,7 +101912,7 @@ index a427623..387c80b 100644
1798 u = unix_find_socket_byinode(inode);
1799 if (!u)
1800 goto put_fail;
1801 -@@ -810,6 +816,13 @@ static struct sock *unix_find_other(struct net *net,
1802 +@@ -809,6 +815,13 @@ static struct sock *unix_find_other(struct net *net,
1803 if (u) {
1804 struct dentry *dentry;
1805 dentry = unix_sk(u)->path.dentry;
1806 @@ -101786,7 +101926,7 @@ index a427623..387c80b 100644
1807 if (dentry)
1808 touch_atime(&unix_sk(u)->path);
1809 } else
1810 -@@ -843,12 +856,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
1811 +@@ -842,12 +855,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res)
1812 */
1813 err = security_path_mknod(&path, dentry, mode, 0);
1814 if (!err) {
1815 @@ -101805,7 +101945,52 @@ index a427623..387c80b 100644
1816 done_path_create(&path, dentry);
1817 return err;
1818 }
1819 -@@ -2336,9 +2355,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
1820 +@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1821 + goto out;
1822 +
1823 + err = mutex_lock_interruptible(&u->readlock);
1824 +- if (err) {
1825 +- err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
1826 ++ if (unlikely(err)) {
1827 ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1828 ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1829 ++ */
1830 ++ err = noblock ? -EAGAIN : -ERESTARTSYS;
1831 + goto out;
1832 + }
1833 +
1834 +@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1835 + struct unix_sock *u = unix_sk(sk);
1836 + struct sockaddr_un *sunaddr = msg->msg_name;
1837 + int copied = 0;
1838 ++ int noblock = flags & MSG_DONTWAIT;
1839 + int check_creds = 0;
1840 + int target;
1841 + int err = 0;
1842 +@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1843 + goto out;
1844 +
1845 + target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1846 +- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1847 ++ timeo = sock_rcvtimeo(sk, noblock);
1848 +
1849 + /* Lock the socket to prevent queue disordering
1850 + * while sleeps in memcpy_tomsg
1851 +@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1852 + }
1853 +
1854 + err = mutex_lock_interruptible(&u->readlock);
1855 +- if (err) {
1856 +- err = sock_intr_errno(timeo);
1857 ++ if (unlikely(err)) {
1858 ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
1859 ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
1860 ++ */
1861 ++ err = noblock ? -EAGAIN : -ERESTARTSYS;
1862 + goto out;
1863 + }
1864 +
1865 +@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
1866 seq_puts(seq, "Num RefCount Protocol Flags Type St "
1867 "Inode Path\n");
1868 else {
1869 @@ -101820,7 +102005,7 @@ index a427623..387c80b 100644
1870
1871 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
1872 s,
1873 -@@ -2365,8 +2388,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
1874 +@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
1875 }
1876 for ( ; i < len; i++)
1877 seq_putc(seq, u->addr->name->sun_path[i]);
1878 @@ -102359,26 +102544,25 @@ index 078fe1d..fbdb363 100644
1879 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n",
1880 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
1881 new file mode 100644
1882 -index 0000000..5e0222d
1883 +index 0000000..ed4c19a
1884 --- /dev/null
1885 +++ b/scripts/gcc-plugin.sh
1886 -@@ -0,0 +1,17 @@
1887 +@@ -0,0 +1,16 @@
1888 +#!/bin/bash
1889 -+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
1890 -+#include "gcc-plugin.h"
1891 -+#include "tree.h"
1892 -+#include "tm.h"
1893 -+#include "rtl.h"
1894 -+#ifdef ENABLE_BUILD_WITH_CXX
1895 ++srctree=$(dirname "$0")
1896 ++gccplugins_dir=$("$1" -print-file-name=plugin)
1897 ++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
1898 ++#include "gcc-common.h"
1899 ++#if __GNUC__ > 4 || __GNUC_MINOR__ >= 8 || defined(ENABLE_BUILD_WITH_CXX)
1900 +#warning $2
1901 +#else
1902 +#warning $1
1903 +#endif
1904 -+EOF`
1905 ++EOF
1906 ++)
1907 +if [ $? -eq 0 ]
1908 +then
1909 -+ [[ "$plugincc" =~ "$1" ]] && echo "$1"
1910 -+ [[ "$plugincc" =~ "$2" ]] && echo "$2"
1911 ++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
1912 +fi
1913 diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
1914 index 5de5660..d3deb89 100644
1915 @@ -106903,10 +107087,10 @@ index 0000000..dd73713
1916 +}
1917 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
1918 new file mode 100644
1919 -index 0000000..1a98bed
1920 +index 0000000..c96f80f
1921 --- /dev/null
1922 +++ b/tools/gcc/latent_entropy_plugin.c
1923 -@@ -0,0 +1,451 @@
1924 +@@ -0,0 +1,457 @@
1925 +/*
1926 + * Copyright 2012-2014 by the PaX Team <pageexec@××××××××.hu>
1927 + * Licensed under the GPL v2
1928 @@ -106935,7 +107119,7 @@ index 0000000..1a98bed
1929 +static tree latent_entropy_decl;
1930 +
1931 +static struct plugin_info latent_entropy_plugin_info = {
1932 -+ .version = "201402240545",
1933 ++ .version = "201403042150",
1934 + .help = NULL
1935 +};
1936 +
1937 @@ -107107,6 +107291,10 @@ index 0000000..1a98bed
1938 +
1939 +static bool gate_latent_entropy(void)
1940 +{
1941 ++ // don't bother with noreturn functions for now
1942 ++ if (TREE_THIS_VOLATILE(current_function_decl))
1943 ++ return false;
1944 ++
1945 + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
1946 +}
1947 +
1948 @@ -107231,7 +107419,8 @@ index 0000000..1a98bed
1949 + gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
1950 + update_stmt(assign);
1951 +//debug_bb(bb);
1952 -+ bb = bb->next_bb;
1953 ++ gcc_assert(single_succ_p(bb));
1954 ++ bb = single_succ(bb);
1955 +
1956 + // 3. instrument each BB with an operation on the local entropy variable
1957 + while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) {
1958 @@ -107241,8 +107430,9 @@ index 0000000..1a98bed
1959 + };
1960 +
1961 + // 4. mix local entropy into the global entropy variable
1962 -+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy);
1963 -+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb);
1964 ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
1965 ++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy);
1966 ++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
1967 + return 0;
1968 +}
1969 +
1970 @@ -108276,10 +108466,10 @@ index 0000000..8dafb22
1971 +}
1972 diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
1973 new file mode 100644
1974 -index 0000000..102f0d6
1975 +index 0000000..9529806
1976 --- /dev/null
1977 +++ b/tools/gcc/size_overflow_hash.data
1978 -@@ -0,0 +1,5703 @@
1979 +@@ -0,0 +1,5709 @@
1980 +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
1981 +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
1982 +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
1983 @@ -110005,6 +110195,7 @@ index 0000000..102f0d6
1984 +lustre_pack_request_19992 lustre_pack_request 0 19992 NULL
1985 +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL
1986 +lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 NULL
1987 ++tree_mod_log_eb_move_20011 tree_mod_log_eb_move 5 20011 NULL
1988 +SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL
1989 +split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL
1990 +alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL
1991 @@ -110025,6 +110216,7 @@ index 0000000..102f0d6
1992 +pvr2_ctrl_value_to_sym_20229 pvr2_ctrl_value_to_sym 5 20229 NULL
1993 +rose_sendmsg_20249 rose_sendmsg 4 20249 NULL
1994 +tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL
1995 ++btrfs_header_nritems_20296 btrfs_header_nritems 0 20296 NULL
1996 +r10_sync_page_io_20307 r10_sync_page_io 3 20307 NULL
1997 +dm_get_reserved_bio_based_ios_20315 dm_get_reserved_bio_based_ios 0 20315 NULL
1998 +tx_tx_burst_programmed_read_20320 tx_tx_burst_programmed_read 3 20320 NULL
1999 @@ -110134,6 +110326,7 @@ index 0000000..102f0d6
2000 +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL
2001 +SYSC_rt_sigpending_21379 SYSC_rt_sigpending 2 21379 NULL
2002 +video_ioctl2_21380 video_ioctl2 2 21380 NULL
2003 ++insert_ptr_21386 insert_ptr 6 21386 NULL
2004 +diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL
2005 +snd_m3_inw_21406 snd_m3_inw 0 21406 NULL
2006 +snapshot_read_next_21426 snapshot_read_next 0 21426 NULL
2007 @@ -111051,6 +111244,7 @@ index 0000000..102f0d6
2008 +kobject_add_internal_32133 kobject_add_internal 0 32133 NULL
2009 +venus_link_32165 venus_link 5 32165 NULL
2010 +do_writepages_32173 do_writepages 0 32173 NULL
2011 ++del_ptr_32197 del_ptr 4 32197 NULL
2012 +wusb_ccm_mac_32199 wusb_ccm_mac 7 32199 NULL
2013 +riva_get_cmap_len_32218 riva_get_cmap_len 0 32218 NULL
2014 +caif_seqpkt_recvmsg_32241 caif_seqpkt_recvmsg 4 32241 NULL
2015 @@ -112416,6 +112610,7 @@ index 0000000..102f0d6
2016 +posix_acl_fix_xattr_from_user_47793 posix_acl_fix_xattr_from_user 2 47793 NULL
2017 +W6692_empty_Bfifo_47804 W6692_empty_Bfifo 2 47804 NULL
2018 +lov_packmd_47810 lov_packmd 0 47810 NULL
2019 ++tree_mod_log_insert_move_47823 tree_mod_log_insert_move 5 47823 NULL
2020 +pinconf_dbg_config_write_47835 pinconf_dbg_config_write 3 47835 NULL
2021 +KEY_SIZE_47855 KEY_SIZE 0 47855 NULL
2022 +vhci_read_47878 vhci_read 3 47878 NULL
2023 @@ -113983,6 +114178,7 @@ index 0000000..102f0d6
2024 +dpcm_state_read_file_65489 dpcm_state_read_file 3 65489 NULL
2025 +lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL
2026 +nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL
2027 ++tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL
2028 diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
2029 new file mode 100644
2030 index 0000000..fa0524c
2031
2032 diff --git a/3.13.6/4425_grsec_remove_EI_PAX.patch b/3.13.7/4425_grsec_remove_EI_PAX.patch
2033 similarity index 100%
2034 rename from 3.13.6/4425_grsec_remove_EI_PAX.patch
2035 rename to 3.13.7/4425_grsec_remove_EI_PAX.patch
2036
2037 diff --git a/3.13.6/4427_force_XATTR_PAX_tmpfs.patch b/3.13.7/4427_force_XATTR_PAX_tmpfs.patch
2038 similarity index 100%
2039 rename from 3.13.6/4427_force_XATTR_PAX_tmpfs.patch
2040 rename to 3.13.7/4427_force_XATTR_PAX_tmpfs.patch
2041
2042 diff --git a/3.13.6/4430_grsec-remove-localversion-grsec.patch b/3.13.7/4430_grsec-remove-localversion-grsec.patch
2043 similarity index 100%
2044 rename from 3.13.6/4430_grsec-remove-localversion-grsec.patch
2045 rename to 3.13.7/4430_grsec-remove-localversion-grsec.patch
2046
2047 diff --git a/3.13.6/4435_grsec-mute-warnings.patch b/3.13.7/4435_grsec-mute-warnings.patch
2048 similarity index 100%
2049 rename from 3.13.6/4435_grsec-mute-warnings.patch
2050 rename to 3.13.7/4435_grsec-mute-warnings.patch
2051
2052 diff --git a/3.13.6/4440_grsec-remove-protected-paths.patch b/3.13.7/4440_grsec-remove-protected-paths.patch
2053 similarity index 100%
2054 rename from 3.13.6/4440_grsec-remove-protected-paths.patch
2055 rename to 3.13.7/4440_grsec-remove-protected-paths.patch
2056
2057 diff --git a/3.13.6/4450_grsec-kconfig-default-gids.patch b/3.13.7/4450_grsec-kconfig-default-gids.patch
2058 similarity index 100%
2059 rename from 3.13.6/4450_grsec-kconfig-default-gids.patch
2060 rename to 3.13.7/4450_grsec-kconfig-default-gids.patch
2061
2062 diff --git a/3.13.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.7/4465_selinux-avc_audit-log-curr_ip.patch
2063 similarity index 100%
2064 rename from 3.13.6/4465_selinux-avc_audit-log-curr_ip.patch
2065 rename to 3.13.7/4465_selinux-avc_audit-log-curr_ip.patch
2066
2067 diff --git a/3.13.6/4470_disable-compat_vdso.patch b/3.13.7/4470_disable-compat_vdso.patch
2068 similarity index 100%
2069 rename from 3.13.6/4470_disable-compat_vdso.patch
2070 rename to 3.13.7/4470_disable-compat_vdso.patch
2071
2072 diff --git a/3.13.6/4475_emutramp_default_on.patch b/3.13.7/4475_emutramp_default_on.patch
2073 similarity index 100%
2074 rename from 3.13.6/4475_emutramp_default_on.patch
2075 rename to 3.13.7/4475_emutramp_default_on.patch
2076
2077 diff --git a/3.2.55/0000_README b/3.2.55/0000_README
2078 index a3b6dc5..89a0c5a 100644
2079 --- a/3.2.55/0000_README
2080 +++ b/3.2.55/0000_README
2081 @@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch
2082 From: http://www.kernel.org
2083 Desc: Linux 3.2.55
2084
2085 -Patch: 4420_grsecurity-3.0-3.2.55-201403202347.patch
2086 +Patch: 4420_grsecurity-3.0-3.2.55-201403281858.patch
2087 From: http://www.grsecurity.net
2088 Desc: hardened-sources base patch from upstream grsecurity
2089
2090
2091 diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch
2092 similarity index 99%
2093 rename from 3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch
2094 rename to 3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch
2095 index c1f6b08..aabac92 100644
2096 --- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch
2097 +++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch
2098 @@ -8035,7 +8035,7 @@ index 5e4252b..379f84f 100644
2099 mm->unmap_area = arch_unmap_area_topdown;
2100 }
2101 diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S
2102 -index 817187d..1d4541e 100644
2103 +index 817187d..2cc50b0 100644
2104 --- a/arch/sparc/kernel/syscalls.S
2105 +++ b/arch/sparc/kernel/syscalls.S
2106 @@ -62,7 +62,7 @@ sys32_rt_sigreturn:
2107 @@ -8047,7 +8047,7 @@ index 817187d..1d4541e 100644
2108 be,pt %icc, rtrap
2109 nop
2110 call syscall_trace_leave
2111 -@@ -179,7 +179,7 @@ linux_sparc_syscall32:
2112 +@@ -179,12 +179,13 @@ linux_sparc_syscall32:
2113
2114 srl %i3, 0, %o3 ! IEU0
2115 srl %i2, 0, %o2 ! IEU0 Group
2116 @@ -8056,7 +8056,14 @@ index 817187d..1d4541e 100644
2117 bne,pn %icc, linux_syscall_trace32 ! CTI
2118 mov %i0, %l5 ! IEU1
2119 5: call %l7 ! CTI Group brk forced
2120 -@@ -202,7 +202,7 @@ linux_sparc_syscall:
2121 + srl %i5, 0, %o5 ! IEU1
2122 +- ba,a,pt %xcc, 3f
2123 ++ ba,pt %xcc, 3f
2124 ++ sra %o0, 0, %o0
2125 +
2126 + /* Linux native system calls enter here... */
2127 + .align 32
2128 +@@ -202,7 +203,7 @@ linux_sparc_syscall:
2129
2130 mov %i3, %o3 ! IEU1
2131 mov %i4, %o4 ! IEU0 Group
2132 @@ -8065,7 +8072,13 @@ index 817187d..1d4541e 100644
2133 bne,pn %icc, linux_syscall_trace ! CTI Group
2134 mov %i0, %l5 ! IEU0
2135 2: call %l7 ! CTI Group brk forced
2136 -@@ -218,7 +218,7 @@ ret_sys_call:
2137 +@@ -212,13 +213,12 @@ linux_sparc_syscall:
2138 + 3: stx %o0, [%sp + PTREGS_OFF + PT_V9_I0]
2139 + ret_sys_call:
2140 + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %g3
2141 +- sra %o0, 0, %o0
2142 + mov %ulo(TSTATE_XCARRY | TSTATE_ICARRY), %g2
2143 + sllx %g2, 32, %g2
2144
2145 cmp %o0, -ERESTART_RESTARTBLOCK
2146 bgeu,pn %xcc, 1f
2147 @@ -20624,7 +20637,7 @@ index ce0be7c..1252d68 100644
2148 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0
2149 + .endr
2150 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
2151 -index e11e394..0a8c254 100644
2152 +index e11e394..b4611a6 100644
2153 --- a/arch/x86/kernel/head_64.S
2154 +++ b/arch/x86/kernel/head_64.S
2155 @@ -19,6 +19,8 @@
2156 @@ -20735,7 +20748,15 @@ index e11e394..0a8c254 100644
2157 movq initial_code(%rip),%rax
2158 pushq $0 # fake return address to stop unwinder
2159 pushq $__KERNEL_CS # set correct cs
2160 -@@ -269,7 +275,7 @@ ENTRY(secondary_startup_64)
2161 +@@ -262,14 +268,14 @@ ENTRY(secondary_startup_64)
2162 + .quad INIT_PER_CPU_VAR(irq_stack_union)
2163 +
2164 + ENTRY(stack_start)
2165 +- .quad init_thread_union+THREAD_SIZE-8
2166 ++ .quad init_thread_union+THREAD_SIZE-16
2167 + .word 0
2168 + __FINITDATA
2169 +
2170 bad_address:
2171 jmp bad_address
2172
2173 @@ -22763,26 +22784,6 @@ index c8e41e9..64049ef 100644
2174
2175 /*
2176 * PCI ids solely used for fixups_table go here
2177 -diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
2178 -index f2bb9c9..bed145d7 100644
2179 ---- a/arch/x86/kernel/relocate_kernel_64.S
2180 -+++ b/arch/x86/kernel/relocate_kernel_64.S
2181 -@@ -11,6 +11,7 @@
2182 - #include <asm/kexec.h>
2183 - #include <asm/processor-flags.h>
2184 - #include <asm/pgtable_types.h>
2185 -+#include <asm/alternative-asm.h>
2186 -
2187 - /*
2188 - * Must be relocatable PIC code callable as a C function
2189 -@@ -167,6 +168,7 @@ identity_mapped:
2190 - xorq %r14, %r14
2191 - xorq %r15, %r15
2192 -
2193 -+ pax_force_retaddr 0, 1
2194 - ret
2195 -
2196 - 1:
2197 diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
2198 index b506f41..c954434 100644
2199 --- a/arch/x86/kernel/setup.c
2200 @@ -23039,9 +23040,18 @@ index 16204dc..0e7d4b7 100644
2201 .smp_prepare_cpus = native_smp_prepare_cpus,
2202 .smp_cpus_done = native_smp_cpus_done,
2203 diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
2204 -index 9f548cb..caf76f7 100644
2205 +index 9f548cb..053b7e5 100644
2206 --- a/arch/x86/kernel/smpboot.c
2207 +++ b/arch/x86/kernel/smpboot.c
2208 +@@ -692,7 +692,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
2209 + */
2210 + if (c_idle.idle) {
2211 + c_idle.idle->thread.sp = (unsigned long) (((struct pt_regs *)
2212 +- (THREAD_SIZE + task_stack_page(c_idle.idle))) - 1);
2213 ++ (THREAD_SIZE - 16 + task_stack_page(c_idle.idle))) - 1);
2214 + init_idle(c_idle.idle, cpu);
2215 + goto do_rest;
2216 + }
2217 @@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu)
2218 set_idle_for_cpu(cpu, c_idle.idle);
2219 do_rest:
2220 @@ -53047,6 +53057,34 @@ index 8cdd8ea..64197b4 100644
2221 kiocb->ki_nr_segs = kiocb->ki_nbytes;
2222 kiocb->ki_cur_seg = 0;
2223 /* ki_nbytes/left now reflect bytes instead of segs */
2224 +diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c
2225 +index f11e43e..544bdd2 100644
2226 +--- a/fs/anon_inodes.c
2227 ++++ b/fs/anon_inodes.c
2228 +@@ -216,13 +216,10 @@ static int __init anon_inode_init(void)
2229 + {
2230 + int error;
2231 +
2232 +- error = register_filesystem(&anon_inode_fs_type);
2233 +- if (error)
2234 +- goto err_exit;
2235 + anon_inode_mnt = kern_mount(&anon_inode_fs_type);
2236 + if (IS_ERR(anon_inode_mnt)) {
2237 + error = PTR_ERR(anon_inode_mnt);
2238 +- goto err_unregister_filesystem;
2239 ++ goto err_exit;
2240 + }
2241 + anon_inode_inode = anon_inode_mkinode();
2242 + if (IS_ERR(anon_inode_inode)) {
2243 +@@ -234,8 +231,6 @@ static int __init anon_inode_init(void)
2244 +
2245 + err_mntput:
2246 + kern_unmount(anon_inode_mnt);
2247 +-err_unregister_filesystem:
2248 +- unregister_filesystem(&anon_inode_fs_type);
2249 + err_exit:
2250 + panic(KERN_ERR "anon_inode_init() failed (%d)\n", error);
2251 + }
2252 diff --git a/fs/attr.c b/fs/attr.c
2253 index b8f55c4..4c2b80c 100644
2254 --- a/fs/attr.c
2255 @@ -63383,10 +63421,10 @@ index 8a89949..6776861 100644
2256 xfs_init_zones(void)
2257 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
2258 new file mode 100644
2259 -index 0000000..9ad8151
2260 +index 0000000..3dd4ae7
2261 --- /dev/null
2262 +++ b/grsecurity/Kconfig
2263 -@@ -0,0 +1,1143 @@
2264 +@@ -0,0 +1,1141 @@
2265 +#
2266 +# grecurity configuration
2267 +#
2268 @@ -63400,18 +63438,16 @@ index 0000000..9ad8151
2269 + help
2270 + If you say Y here, /dev/kmem and /dev/mem won't be allowed to
2271 + be written to or read from to modify or leak the contents of the running
2272 -+ kernel. /dev/port will also not be allowed to be opened, and support
2273 -+ for /dev/cpu/*/msr and kexec will be removed. If you have module
2274 -+ support disabled, enabling this will close up six ways that are
2275 -+ currently used to insert malicious code into the running kernel.
2276 ++ kernel. /dev/port will also not be allowed to be opened, writing to
2277 ++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed.
2278 ++ If you have module support disabled, enabling this will close up several
2279 ++ ways that are currently used to insert malicious code into the running
2280 ++ kernel.
2281 +
2282 + Even with this feature enabled, we still highly recommend that
2283 + you use the RBAC system, as it is still possible for an attacker to
2284 + modify the running kernel through other more obscure methods.
2285 +
2286 -+ Enabling this feature will prevent the "cpupower" and "powertop" tools
2287 -+ from working.
2288 -+
2289 + It is highly recommended that you say Y here if you meet all the
2290 + conditions above.
2291 +
2292 @@ -82128,35 +82164,36 @@ index e6454b6..cda5eaf 100644
2293 static inline struct page *sk_stream_alloc_page(struct sock *sk)
2294 {
2295 diff --git a/include/net/tcp.h b/include/net/tcp.h
2296 -index fe46019..b2e8119 100644
2297 +index fe46019..ce07abd 100644
2298 --- a/include/net/tcp.h
2299 +++ b/include/net/tcp.h
2300 -@@ -433,6 +433,24 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
2301 +@@ -433,6 +433,25 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
2302 extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
2303 struct ip_options *opt);
2304 #ifdef CONFIG_SYN_COOKIES
2305 +#include <linux/ktime.h>
2306 +
2307 -+/* Syncookies use a monotonic timer which increments every 64 seconds.
2308 ++/* Syncookies use a monotonic timer which increments every 60 seconds.
2309 + * This counter is used both as a hash input and partially encoded into
2310 + * the cookie value. A cookie is only validated further if the delta
2311 + * between the current counter value and the encoded one is less than this,
2312 -+ * i.e. a sent cookie is valid only at most for 128 seconds (or less if
2313 ++ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if
2314 + * the counter advances immediately after a cookie is generated).
2315 + */
2316 +#define MAX_SYNCOOKIE_AGE 2
2317 +
2318 +static inline u32 tcp_cookie_time(void)
2319 +{
2320 -+ struct timespec now;
2321 -+ getnstimeofday(&now);
2322 -+ return now.tv_sec >> 6; /* 64 seconds granularity */
2323 ++ u64 val = get_jiffies_64();
2324 ++
2325 ++ do_div(val, 60 * HZ);
2326 ++ return val;
2327 +}
2328 +
2329 extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb,
2330 __u16 *mss);
2331 #else
2332 -@@ -470,7 +488,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
2333 +@@ -470,7 +489,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
2334 extern void tcp_xmit_retransmit_queue(struct sock *);
2335 extern void tcp_simple_retransmit(struct sock *);
2336 extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
2337 @@ -82165,7 +82202,7 @@ index fe46019..b2e8119 100644
2338
2339 extern void tcp_send_probe0(struct sock *);
2340 extern void tcp_send_partial(struct sock *);
2341 -@@ -633,8 +651,8 @@ struct tcp_skb_cb {
2342 +@@ -633,8 +652,8 @@ struct tcp_skb_cb {
2343 struct inet6_skb_parm h6;
2344 #endif
2345 } header; /* For incoming frames */
2346 @@ -82176,7 +82213,7 @@ index fe46019..b2e8119 100644
2347 __u32 when; /* used to compute rtt's */
2348 __u8 tcp_flags; /* TCP header flags. (tcp[13]) */
2349 __u8 sacked; /* State flags for SACK/FACK. */
2350 -@@ -647,7 +665,7 @@ struct tcp_skb_cb {
2351 +@@ -647,7 +666,7 @@ struct tcp_skb_cb {
2352 #define TCPCB_EVER_RETRANS 0x80 /* Ever retransmitted frame */
2353 #define TCPCB_RETRANS (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS)
2354
2355 @@ -102183,7 +102220,7 @@ index e7ed43a..6afa140 100644
2356
2357 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len);
2358 diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c
2359 -index 1a2b0633..e8d1382 100644
2360 +index 1a2b0633..e8d1382e 100644
2361 --- a/net/rxrpc/ar-input.c
2362 +++ b/net/rxrpc/ar-input.c
2363 @@ -340,9 +340,9 @@ void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb)
2364 @@ -103741,7 +103778,7 @@ index 1983717..4d6102c 100644
2365
2366 sub->evt.event = htohl(event, sub->swap);
2367 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
2368 -index eddfdec..e20439d 100644
2369 +index eddfdec..9eb64a4 100644
2370 --- a/net/unix/af_unix.c
2371 +++ b/net/unix/af_unix.c
2372 @@ -768,6 +768,12 @@ static struct sock *unix_find_other(struct net *net,
2373 @@ -103790,7 +103827,52 @@ index eddfdec..e20439d 100644
2374 mutex_unlock(&path.dentry->d_inode->i_mutex);
2375 dput(path.dentry);
2376 path.dentry = dentry;
2377 -@@ -2269,9 +2289,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2378 +@@ -1771,8 +1791,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
2379 + goto out;
2380 +
2381 + err = mutex_lock_interruptible(&u->readlock);
2382 +- if (err) {
2383 +- err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
2384 ++ if (unlikely(err)) {
2385 ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
2386 ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
2387 ++ */
2388 ++ err = noblock ? -EAGAIN : -ERESTARTSYS;
2389 + goto out;
2390 + }
2391 +
2392 +@@ -1887,6 +1910,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
2393 + struct unix_sock *u = unix_sk(sk);
2394 + struct sockaddr_un *sunaddr = msg->msg_name;
2395 + int copied = 0;
2396 ++ int noblock = flags & MSG_DONTWAIT;
2397 + int check_creds = 0;
2398 + int target;
2399 + int err = 0;
2400 +@@ -1901,7 +1925,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
2401 + goto out;
2402 +
2403 + target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
2404 +- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
2405 ++ timeo = sock_rcvtimeo(sk, noblock);
2406 +
2407 + /* Lock the socket to prevent queue disordering
2408 + * while sleeps in memcpy_tomsg
2409 +@@ -1913,8 +1937,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
2410 + }
2411 +
2412 + err = mutex_lock_interruptible(&u->readlock);
2413 +- if (err) {
2414 +- err = sock_intr_errno(timeo);
2415 ++ if (unlikely(err)) {
2416 ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN
2417 ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible()
2418 ++ */
2419 ++ err = noblock ? -EAGAIN : -ERESTARTSYS;
2420 + goto out;
2421 + }
2422 +
2423 +@@ -2269,9 +2296,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2424 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2425 "Inode Path\n");
2426 else {
2427 @@ -103805,7 +103887,7 @@ index eddfdec..e20439d 100644
2428
2429 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2430 s,
2431 -@@ -2298,8 +2322,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2432 +@@ -2298,8 +2329,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2433 }
2434 for ( ; i < len; i++)
2435 seq_putc(seq, u->addr->name->sun_path[i]);
2436 @@ -104363,26 +104445,25 @@ index cb1f50c..cef2a7c 100644
2437 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n",
2438 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
2439 new file mode 100644
2440 -index 0000000..5e0222d
2441 +index 0000000..ed4c19a
2442 --- /dev/null
2443 +++ b/scripts/gcc-plugin.sh
2444 -@@ -0,0 +1,17 @@
2445 +@@ -0,0 +1,16 @@
2446 +#!/bin/bash
2447 -+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF
2448 -+#include "gcc-plugin.h"
2449 -+#include "tree.h"
2450 -+#include "tm.h"
2451 -+#include "rtl.h"
2452 -+#ifdef ENABLE_BUILD_WITH_CXX
2453 ++srctree=$(dirname "$0")
2454 ++gccplugins_dir=$("$1" -print-file-name=plugin)
2455 ++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
2456 ++#include "gcc-common.h"
2457 ++#if __GNUC__ > 4 || __GNUC_MINOR__ >= 8 || defined(ENABLE_BUILD_WITH_CXX)
2458 +#warning $2
2459 +#else
2460 +#warning $1
2461 +#endif
2462 -+EOF`
2463 ++EOF
2464 ++)
2465 +if [ $? -eq 0 ]
2466 +then
2467 -+ [[ "$plugincc" =~ "$1" ]] && echo "$1"
2468 -+ [[ "$plugincc" =~ "$2" ]] && echo "$2"
2469 ++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" )
2470 +fi
2471 diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl
2472 index 48462be..3e08f94 100644
2473 @@ -109931,10 +110012,10 @@ index 0000000..dd73713
2474 +}
2475 diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c
2476 new file mode 100644
2477 -index 0000000..1a98bed
2478 +index 0000000..c96f80f
2479 --- /dev/null
2480 +++ b/tools/gcc/latent_entropy_plugin.c
2481 -@@ -0,0 +1,451 @@
2482 +@@ -0,0 +1,457 @@
2483 +/*
2484 + * Copyright 2012-2014 by the PaX Team <pageexec@××××××××.hu>
2485 + * Licensed under the GPL v2
2486 @@ -109963,7 +110044,7 @@ index 0000000..1a98bed
2487 +static tree latent_entropy_decl;
2488 +
2489 +static struct plugin_info latent_entropy_plugin_info = {
2490 -+ .version = "201402240545",
2491 ++ .version = "201403042150",
2492 + .help = NULL
2493 +};
2494 +
2495 @@ -110135,6 +110216,10 @@ index 0000000..1a98bed
2496 +
2497 +static bool gate_latent_entropy(void)
2498 +{
2499 ++ // don't bother with noreturn functions for now
2500 ++ if (TREE_THIS_VOLATILE(current_function_decl))
2501 ++ return false;
2502 ++
2503 + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
2504 +}
2505 +
2506 @@ -110259,7 +110344,8 @@ index 0000000..1a98bed
2507 + gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
2508 + update_stmt(assign);
2509 +//debug_bb(bb);
2510 -+ bb = bb->next_bb;
2511 ++ gcc_assert(single_succ_p(bb));
2512 ++ bb = single_succ(bb);
2513 +
2514 + // 3. instrument each BB with an operation on the local entropy variable
2515 + while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) {
2516 @@ -110269,8 +110355,9 @@ index 0000000..1a98bed
2517 + };
2518 +
2519 + // 4. mix local entropy into the global entropy variable
2520 -+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy);
2521 -+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb);
2522 ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
2523 ++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy);
2524 ++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
2525 + return 0;
2526 +}
2527 +
Report Message
Find on MARC Find on Google Groups