Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.2.52/, 3.11.6/, 3.11.7/
Date: Sat, 09 Nov 2013 15:14:07
Message-Id: 1384010019.d0f5a1fd5156db1a80a90399125b39498f4b6660.blueness@gentoo
1 commit: d0f5a1fd5156db1a80a90399125b39498f4b6660
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Nov 9 15:13:39 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Nov 9 15:13:39 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=d0f5a1fd
7
8 Grsec/PaX: 2.9.1-{2.6.32.61,3.2.52,3.11.7}-201311071634
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.61-201311071632.patch} | 98 ++-
13 2.6.32/4450_grsec-kconfig-default-gids.patch | 8 +-
14 2.6.32/4475_emutramp_default_on.patch | 2 +-
15 {3.11.6 => 3.11.7}/0000_README | 2 +-
16 ...4420_grsecurity-2.9.1-3.11.7-201311071634.patch | 885 ++++++---------------
17 {3.11.6 => 3.11.7}/4425_grsec_remove_EI_PAX.patch | 2 +-
18 .../4427_force_XATTR_PAX_tmpfs.patch | 0
19 .../4430_grsec-remove-localversion-grsec.patch | 0
20 {3.11.6 => 3.11.7}/4435_grsec-mute-warnings.patch | 0
21 .../4440_grsec-remove-protected-paths.patch | 0
22 .../4450_grsec-kconfig-default-gids.patch | 8 +-
23 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
24 {3.11.6 => 3.11.7}/4470_disable-compat_vdso.patch | 0
25 {3.11.6 => 3.11.7}/4475_emutramp_default_on.patch | 2 +-
26 3.2.52/0000_README | 2 +-
27 ...420_grsecurity-2.9.1-3.2.52-201311071633.patch} | 127 ++-
28 3.2.52/4425_grsec_remove_EI_PAX.patch | 2 +-
29 3.2.52/4450_grsec-kconfig-default-gids.patch | 8 +-
30 3.2.52/4470_disable-compat_vdso.patch | 2 +-
31 3.2.52/4475_emutramp_default_on.patch | 2 +-
32 21 files changed, 398 insertions(+), 754 deletions(-)
33
34 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
35 index 2e904e0..b5c69e3 100644
36 --- a/2.6.32/0000_README
37 +++ b/2.6.32/0000_README
38 @@ -38,7 +38,7 @@ Patch: 1060_linux-2.6.32.61.patch
39 From: http://www.kernel.org
40 Desc: Linux 2.6.32.61
41
42 -Patch: 4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
43 +Patch: 4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
44 From: http://www.grsecurity.net
45 Desc: hardened-sources base patch from upstream grsecurity
46
47
48 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
49 similarity index 99%
50 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
51 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
52 index 4220829..acf589b 100644
53 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201310292048.patch
54 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.61-201311071632.patch
55 @@ -110329,7 +110329,7 @@ index 9ecd6e8..12c94c1 100644
56
57 if (atomic_dec_and_test(&kref->refcount)) {
58 diff --git a/lib/list_debug.c b/lib/list_debug.c
59 -index 1a39f4e..bdc3153 100644
60 +index 1a39f4e..f5349ec 100644
61 --- a/lib/list_debug.c
62 +++ b/lib/list_debug.c
63 @@ -8,7 +8,9 @@
64 @@ -110342,68 +110342,85 @@ index 1a39f4e..bdc3153 100644
65 /*
66 * Insert a new entry between two known consecutive entries.
67 *
68 -@@ -16,18 +18,31 @@
69 +@@ -16,18 +18,39 @@
70 * the prev/next entries already!
71 */
72
73 --void __list_add(struct list_head *new,
74 -- struct list_head *prev,
75 -- struct list_head *next)
76 +static bool __list_add_debug(struct list_head *new,
77 + struct list_head *prev,
78 + struct list_head *next)
79 - {
80 -- WARN(next->prev != prev,
81 -+ if (WARN(next->prev != prev,
82 - "list_add corruption. next->prev should be "
83 - "prev (%p), but was %p. (next=%p).\n",
84 -- prev, next->prev, next);
85 -- WARN(prev->next != next,
86 -+ prev, next->prev, next) ||
87 -+ WARN(prev->next != next,
88 - "list_add corruption. prev->next should be "
89 - "next (%p), but was %p. (prev=%p).\n",
90 -- next, prev->next, prev);
91 -+ next, prev->next, prev) ||
92 -+ WARN(new == prev || new == next,
93 -+ "list_add double add: new=%p, prev=%p, next=%p.\n",
94 -+ new, prev, next))
95 ++{
96 ++ if (unlikely(next->prev != prev)) {
97 ++ printk(KERN_ERR "list_add corruption. next->prev should be "
98 ++ "prev (%p), but was %p. (next=%p).\n",
99 ++ prev, next->prev, next);
100 ++ BUG();
101 ++ return false;
102 ++ }
103 ++ if (unlikely(prev->next != next)) {
104 ++ printk(KERN_ERR "list_add corruption. prev->next should be "
105 ++ "next (%p), but was %p. (prev=%p).\n",
106 ++ next, prev->next, prev);
107 ++ BUG();
108 ++ return false;
109 ++ }
110 ++ if (unlikely(new == prev || new == next)) {
111 ++ printk(KERN_ERR "list_add double add: new=%p, prev=%p, next=%p.\n",
112 ++ new, prev, next);
113 ++ BUG();
114 + return false;
115 ++ }
116 + return true;
117 +}
118 +
119 -+void __list_add(struct list_head *new,
120 + void __list_add(struct list_head *new,
121 +- struct list_head *prev,
122 +- struct list_head *next)
123 + struct list_head *prev,
124 + struct list_head *next)
125 -+{
126 + {
127 +- WARN(next->prev != prev,
128 +- "list_add corruption. next->prev should be "
129 +- "prev (%p), but was %p. (next=%p).\n",
130 +- prev, next->prev, next);
131 +- WARN(prev->next != next,
132 +- "list_add corruption. prev->next should be "
133 +- "next (%p), but was %p. (prev=%p).\n",
134 +- next, prev->next, prev);
135 + if (!__list_add_debug(new, prev, next))
136 + return;
137 next->prev = new;
138 new->next = next;
139 new->prev = prev;
140 -@@ -41,16 +56,61 @@ EXPORT_SYMBOL(__list_add);
141 +@@ -41,16 +64,66 @@ EXPORT_SYMBOL(__list_add);
142 * Note: list_empty on entry does not return true after this, the entry is
143 * in an undefined state.
144 */
145 --void list_del(struct list_head *entry)
146 +static bool list_del_debug(struct list_head *entry)
147 ++{
148 ++ if (unlikely(entry->prev->next != entry)) {
149 ++ printk(KERN_ERR "list_del corruption. prev->next should be %p, "
150 ++ "but was %p\n", entry, entry->prev->next);
151 ++ BUG();
152 ++ return false;
153 ++ }
154 ++ if (unlikely(entry->next->prev != entry)) {
155 ++ printk(KERN_ERR "list_del corruption. next->prev should be %p, "
156 ++ "but was %p\n", entry, entry->next->prev);
157 ++ BUG();
158 ++ return false;
159 ++ }
160 ++ return true;
161 ++}
162 ++
163 + void list_del(struct list_head *entry)
164 {
165 - WARN(entry->prev->next != entry,
166 -+ if (WARN(entry->prev->next != entry,
167 - "list_del corruption. prev->next should be %p, "
168 +- "list_del corruption. prev->next should be %p, "
169 - "but was %p\n", entry, entry->prev->next);
170 - WARN(entry->next->prev != entry,
171 -+ "but was %p\n", entry, entry->prev->next) ||
172 -+ WARN(entry->next->prev != entry,
173 - "list_del corruption. next->prev should be %p, "
174 +- "list_del corruption. next->prev should be %p, "
175 - "but was %p\n", entry, entry->next->prev);
176 -+ "but was %p\n", entry, entry->next->prev))
177 -+ return false;
178 -+ return true;
179 -+}
180 -+
181 -+void list_del(struct list_head *entry)
182 -+{
183 + if (!list_del_debug(entry))
184 + return;
185 __list_del(entry->prev, entry->next);
186 @@ -120586,10 +120603,10 @@ index d52f7a0..b66cdd9 100755
187 rm -f tags
188 xtags ctags
189 diff --git a/security/Kconfig b/security/Kconfig
190 -index fb363cd..a869a1d 100644
191 +index fb363cd..1d2c23f 100644
192 --- a/security/Kconfig
193 +++ b/security/Kconfig
194 -@@ -4,6 +4,896 @@
195 +@@ -4,6 +4,897 @@
196
197 menu "Security options"
198
199 @@ -120623,6 +120640,7 @@ index fb363cd..a869a1d 100644
200 + select CRYPTO_SHA256
201 + select PROC_FS
202 + select STOP_MACHINE
203 ++ select DEBUG_LIST
204 + help
205 + If you say Y here, you will be able to configure many features
206 + that will enhance the security of your system. It is highly
207 @@ -121486,7 +121504,7 @@ index fb363cd..a869a1d 100644
208 config KEYS
209 bool "Enable access key retention support"
210 help
211 -@@ -146,7 +1036,7 @@ config INTEL_TXT
212 +@@ -146,7 +1037,7 @@ config INTEL_TXT
213 config LSM_MMAP_MIN_ADDR
214 int "Low address space for LSM to protect from user allocation"
215 depends on SECURITY && SECURITY_SELINUX
216
217 diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch
218 index 3dfdc8f..2de7db1 100644
219 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch
220 +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch
221 @@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
222 diff -Nuar a/security/Kconfig b/security/Kconfig
223 --- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
224 +++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
225 -@@ -191,7 +191,7 @@
226 +@@ -192,7 +192,7 @@
227
228 config GRKERNSEC_PROC_GID
229 int "GID exempted from /proc restrictions"
230 @@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
231 help
232 Setting this GID determines which group will be exempted from
233 grsecurity's /proc restrictions, allowing users of the specified
234 -@@ -202,7 +202,7 @@
235 +@@ -203,7 +203,7 @@
236 config GRKERNSEC_TPE_UNTRUSTED_GID
237 int "GID for TPE-untrusted users"
238 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
239 @@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
240 help
241 Setting this GID determines which group untrusted users should
242 be added to. These users will be placed under grsecurity's Trusted Path
243 -@@ -214,7 +214,7 @@
244 +@@ -215,7 +215,7 @@
245 config GRKERNSEC_TPE_TRUSTED_GID
246 int "GID for TPE-trusted users"
247 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
248 @@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
249 help
250 Setting this GID determines what group TPE restrictions will be
251 *disabled* for. If the sysctl option is enabled, a sysctl option
252 -@@ -223,7 +223,7 @@
253 +@@ -224,7 +224,7 @@
254 config GRKERNSEC_SYMLINKOWN_GID
255 int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
256 depends on GRKERNSEC_CONFIG_SERVER
257
258 diff --git a/2.6.32/4475_emutramp_default_on.patch b/2.6.32/4475_emutramp_default_on.patch
259 index 2d7124b..c7647c0 100644
260 --- a/2.6.32/4475_emutramp_default_on.patch
261 +++ b/2.6.32/4475_emutramp_default_on.patch
262 @@ -10,7 +10,7 @@ See bug:
263 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
264 --- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
265 +++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
266 -@@ -424,7 +424,7 @@
267 +@@ -425,7 +425,7 @@
268
269 config PAX_EMUTRAMP
270 bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
271
272 diff --git a/3.11.6/0000_README b/3.11.7/0000_README
273 similarity index 96%
274 rename from 3.11.6/0000_README
275 rename to 3.11.7/0000_README
276 index 358a97d..ff6ef32 100644
277 --- a/3.11.6/0000_README
278 +++ b/3.11.7/0000_README
279 @@ -2,7 +2,7 @@ README
280 -----------------------------------------------------------------------------
281 Individual Patch Descriptions:
282 -----------------------------------------------------------------------------
283 -Patch: 4420_grsecurity-2.9.1-3.11.6-201311021635.patch
284 +Patch: 4420_grsecurity-2.9.1-3.11.7-201311071634.patch
285 From: http://www.grsecurity.net
286 Desc: hardened-sources base patch from upstream grsecurity
287
288
289 diff --git a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201311021635.patch b/3.11.7/4420_grsecurity-2.9.1-3.11.7-201311071634.patch
290 similarity index 99%
291 rename from 3.11.6/4420_grsecurity-2.9.1-3.11.6-201311021635.patch
292 rename to 3.11.7/4420_grsecurity-2.9.1-3.11.7-201311071634.patch
293 index 306363f..6499bdd 100644
294 --- a/3.11.6/4420_grsecurity-2.9.1-3.11.6-201311021635.patch
295 +++ b/3.11.7/4420_grsecurity-2.9.1-3.11.7-201311071634.patch
296 @@ -281,7 +281,7 @@ index 7f9d4f5..6d1afd6 100644
297
298 pcd. [PARIDE]
299 diff --git a/Makefile b/Makefile
300 -index e87ba83..ee3c7b7 100644
301 +index 686adf7..f2e53a7 100644
302 --- a/Makefile
303 +++ b/Makefile
304 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
305 @@ -2091,30 +2091,6 @@ index a8cae71c..65dd797 100644
306
307 /*
308 * set platform specific SMP operations
309 -diff --git a/arch/arm/include/asm/syscall.h b/arch/arm/include/asm/syscall.h
310 -index f1d96d4..73ddd72 100644
311 ---- a/arch/arm/include/asm/syscall.h
312 -+++ b/arch/arm/include/asm/syscall.h
313 -@@ -57,6 +57,9 @@ static inline void syscall_get_arguments(struct task_struct *task,
314 - unsigned int i, unsigned int n,
315 - unsigned long *args)
316 - {
317 -+ if (n == 0)
318 -+ return;
319 -+
320 - if (i + n > SYSCALL_MAX_ARGS) {
321 - unsigned long *args_bad = args + SYSCALL_MAX_ARGS - i;
322 - unsigned int n_bad = n + i - SYSCALL_MAX_ARGS;
323 -@@ -81,6 +84,9 @@ static inline void syscall_set_arguments(struct task_struct *task,
324 - unsigned int i, unsigned int n,
325 - const unsigned long *args)
326 - {
327 -+ if (n == 0)
328 -+ return;
329 -+
330 - if (i + n > SYSCALL_MAX_ARGS) {
331 - pr_warning("%s called with max args %d, handling only %d\n",
332 - __func__, i + n, SYSCALL_MAX_ARGS);
333 diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
334 index 2b8114f..8fe9bcf 100644
335 --- a/arch/arm/include/asm/thread_info.h
336 @@ -11503,6 +11479,23 @@ index 0032f92..cd151e0 100644
337
338 #ifdef CONFIG_64BIT
339 #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
340 +diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c
341 +index 829df49..41ebbfe 100644
342 +--- a/arch/um/kernel/exitcode.c
343 ++++ b/arch/um/kernel/exitcode.c
344 +@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file,
345 + const char __user *buffer, size_t count, loff_t *pos)
346 + {
347 + char *end, buf[sizeof("nnnnn\0")];
348 ++ size_t size;
349 + int tmp;
350 +
351 +- if (copy_from_user(buf, buffer, count))
352 ++ size = min(count, sizeof(buf));
353 ++ if (copy_from_user(buf, buffer, size))
354 + return -EFAULT;
355 +
356 + tmp = simple_strtol(buf, &end, 0);
357 diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
358 index bbcef52..6a2a483 100644
359 --- a/arch/um/kernel/process.c
360 @@ -37138,180 +37131,6 @@ index 5bb848c..f1d4fc9 100644
361 .recalc_rate = socfpga_clk_recalc_rate,
362 .get_parent = socfpga_clk_get_parent,
363 .set_parent = socfpga_clk_set_parent,
364 -diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c
365 -index 08ae128..c73fc2b 100644
366 ---- a/drivers/connector/cn_proc.c
367 -+++ b/drivers/connector/cn_proc.c
368 -@@ -65,6 +65,7 @@ void proc_fork_connector(struct task_struct *task)
369 -
370 - msg = (struct cn_msg *)buffer;
371 - ev = (struct proc_event *)msg->data;
372 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
373 - get_seq(&msg->seq, &ev->cpu);
374 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
375 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
376 -@@ -80,6 +81,7 @@ void proc_fork_connector(struct task_struct *task)
377 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
378 - msg->ack = 0; /* not used */
379 - msg->len = sizeof(*ev);
380 -+ msg->flags = 0; /* not used */
381 - /* If cn_netlink_send() failed, the data is not sent */
382 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
383 - }
384 -@@ -96,6 +98,7 @@ void proc_exec_connector(struct task_struct *task)
385 -
386 - msg = (struct cn_msg *)buffer;
387 - ev = (struct proc_event *)msg->data;
388 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
389 - get_seq(&msg->seq, &ev->cpu);
390 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
391 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
392 -@@ -106,6 +109,7 @@ void proc_exec_connector(struct task_struct *task)
393 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
394 - msg->ack = 0; /* not used */
395 - msg->len = sizeof(*ev);
396 -+ msg->flags = 0; /* not used */
397 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
398 - }
399 -
400 -@@ -122,6 +126,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
401 -
402 - msg = (struct cn_msg *)buffer;
403 - ev = (struct proc_event *)msg->data;
404 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
405 - ev->what = which_id;
406 - ev->event_data.id.process_pid = task->pid;
407 - ev->event_data.id.process_tgid = task->tgid;
408 -@@ -145,6 +150,7 @@ void proc_id_connector(struct task_struct *task, int which_id)
409 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
410 - msg->ack = 0; /* not used */
411 - msg->len = sizeof(*ev);
412 -+ msg->flags = 0; /* not used */
413 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
414 - }
415 -
416 -@@ -160,6 +166,7 @@ void proc_sid_connector(struct task_struct *task)
417 -
418 - msg = (struct cn_msg *)buffer;
419 - ev = (struct proc_event *)msg->data;
420 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
421 - get_seq(&msg->seq, &ev->cpu);
422 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
423 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
424 -@@ -170,6 +177,7 @@ void proc_sid_connector(struct task_struct *task)
425 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
426 - msg->ack = 0; /* not used */
427 - msg->len = sizeof(*ev);
428 -+ msg->flags = 0; /* not used */
429 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
430 - }
431 -
432 -@@ -185,6 +193,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
433 -
434 - msg = (struct cn_msg *)buffer;
435 - ev = (struct proc_event *)msg->data;
436 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
437 - get_seq(&msg->seq, &ev->cpu);
438 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
439 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
440 -@@ -203,6 +212,7 @@ void proc_ptrace_connector(struct task_struct *task, int ptrace_id)
441 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
442 - msg->ack = 0; /* not used */
443 - msg->len = sizeof(*ev);
444 -+ msg->flags = 0; /* not used */
445 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
446 - }
447 -
448 -@@ -218,6 +228,7 @@ void proc_comm_connector(struct task_struct *task)
449 -
450 - msg = (struct cn_msg *)buffer;
451 - ev = (struct proc_event *)msg->data;
452 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
453 - get_seq(&msg->seq, &ev->cpu);
454 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
455 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
456 -@@ -229,6 +240,7 @@ void proc_comm_connector(struct task_struct *task)
457 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
458 - msg->ack = 0; /* not used */
459 - msg->len = sizeof(*ev);
460 -+ msg->flags = 0; /* not used */
461 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
462 - }
463 -
464 -@@ -244,6 +256,7 @@ void proc_coredump_connector(struct task_struct *task)
465 -
466 - msg = (struct cn_msg *)buffer;
467 - ev = (struct proc_event *)msg->data;
468 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
469 - get_seq(&msg->seq, &ev->cpu);
470 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
471 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
472 -@@ -254,6 +267,7 @@ void proc_coredump_connector(struct task_struct *task)
473 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
474 - msg->ack = 0; /* not used */
475 - msg->len = sizeof(*ev);
476 -+ msg->flags = 0; /* not used */
477 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
478 - }
479 -
480 -@@ -269,6 +283,7 @@ void proc_exit_connector(struct task_struct *task)
481 -
482 - msg = (struct cn_msg *)buffer;
483 - ev = (struct proc_event *)msg->data;
484 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
485 - get_seq(&msg->seq, &ev->cpu);
486 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
487 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
488 -@@ -281,6 +296,7 @@ void proc_exit_connector(struct task_struct *task)
489 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
490 - msg->ack = 0; /* not used */
491 - msg->len = sizeof(*ev);
492 -+ msg->flags = 0; /* not used */
493 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
494 - }
495 -
496 -@@ -304,6 +320,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
497 -
498 - msg = (struct cn_msg *)buffer;
499 - ev = (struct proc_event *)msg->data;
500 -+ memset(&ev->event_data, 0, sizeof(ev->event_data));
501 - msg->seq = rcvd_seq;
502 - ktime_get_ts(&ts); /* get high res monotonic timestamp */
503 - put_unaligned(timespec_to_ns(&ts), (__u64 *)&ev->timestamp_ns);
504 -@@ -313,6 +330,7 @@ static void cn_proc_ack(int err, int rcvd_seq, int rcvd_ack)
505 - memcpy(&msg->id, &cn_proc_event_id, sizeof(msg->id));
506 - msg->ack = rcvd_ack + 1;
507 - msg->len = sizeof(*ev);
508 -+ msg->flags = 0; /* not used */
509 - cn_netlink_send(msg, CN_IDX_PROC, GFP_KERNEL);
510 - }
511 -
512 -diff --git a/drivers/connector/connector.c b/drivers/connector/connector.c
513 -index 6ecfa75..0daa11e 100644
514 ---- a/drivers/connector/connector.c
515 -+++ b/drivers/connector/connector.c
516 -@@ -157,17 +157,18 @@ static int cn_call_callback(struct sk_buff *skb)
517 - static void cn_rx_skb(struct sk_buff *__skb)
518 - {
519 - struct nlmsghdr *nlh;
520 -- int err;
521 - struct sk_buff *skb;
522 -+ int len, err;
523 -
524 - skb = skb_get(__skb);
525 -
526 - if (skb->len >= NLMSG_HDRLEN) {
527 - nlh = nlmsg_hdr(skb);
528 -+ len = nlmsg_len(nlh);
529 -
530 -- if (nlh->nlmsg_len < sizeof(struct cn_msg) ||
531 -+ if (len < (int)sizeof(struct cn_msg) ||
532 - skb->len < nlh->nlmsg_len ||
533 -- nlh->nlmsg_len > CONNECTOR_MAX_MSG_SIZE) {
534 -+ len > CONNECTOR_MAX_MSG_SIZE) {
535 - kfree_skb(skb);
536 - return;
537 - }
538 diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
539 index 3926402..37b580d 100644
540 --- a/drivers/cpufreq/acpi-cpufreq.c
541 @@ -44499,30 +44318,6 @@ index 8a05d77..ba8b9c5 100644
542 .kind = "vxlan",
543 .maxtype = IFLA_VXLAN_MAX,
544 .policy = vxlan_policy,
545 -diff --git a/drivers/net/wan/farsync.c b/drivers/net/wan/farsync.c
546 -index 3f0c4f2..bcfff0d 100644
547 ---- a/drivers/net/wan/farsync.c
548 -+++ b/drivers/net/wan/farsync.c
549 -@@ -1972,6 +1972,7 @@ fst_get_iface(struct fst_card_info *card, struct fst_port_info *port,
550 - }
551 -
552 - i = port->index;
553 -+ memset(&sync, 0, sizeof(sync));
554 - sync.clock_rate = FST_RDL(card, portConfig[i].lineSpeed);
555 - /* Lucky card and linux use same encoding here */
556 - sync.clock_type = FST_RDB(card, portConfig[i].internalClock) ==
557 -diff --git a/drivers/net/wan/wanxl.c b/drivers/net/wan/wanxl.c
558 -index 6a24a5a..4c0a697 100644
559 ---- a/drivers/net/wan/wanxl.c
560 -+++ b/drivers/net/wan/wanxl.c
561 -@@ -355,6 +355,7 @@ static int wanxl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
562 - ifr->ifr_settings.size = size; /* data size wanted */
563 - return -ENOBUFS;
564 - }
565 -+ memset(&line, 0, sizeof(line));
566 - line.clock_type = get_status(port)->clocking;
567 - line.clock_rate = 0;
568 - line.loopback = 0;
569 diff --git a/drivers/net/wimax/i2400m/rx.c b/drivers/net/wimax/i2400m/rx.c
570 index 0b60295..b8bfa5b 100644
571 --- a/drivers/net/wimax/i2400m/rx.c
572 @@ -47255,6 +47050,19 @@ index dc23395..cf7e9b1 100644
573
574 struct io_req {
575 struct list_head list;
576 +diff --git a/drivers/staging/sb105x/sb_pci_mp.c b/drivers/staging/sb105x/sb_pci_mp.c
577 +index 23db32f..a10cdb1 100644
578 +--- a/drivers/staging/sb105x/sb_pci_mp.c
579 ++++ b/drivers/staging/sb105x/sb_pci_mp.c
580 +@@ -1063,7 +1063,7 @@ static int mp_wait_modem_status(struct sb_uart_state *state, unsigned long arg)
581 +
582 + static int mp_get_count(struct sb_uart_state *state, struct serial_icounter_struct *icnt)
583 + {
584 +- struct serial_icounter_struct icount;
585 ++ struct serial_icounter_struct icount = {};
586 + struct sb_uart_icount cnow;
587 + struct sb_uart_port *port = state->port;
588 +
589 diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c
590 index 1f5088b..0e59820 100644
591 --- a/drivers/staging/sbe-2t3e3/netdev.c
592 @@ -55552,31 +55360,6 @@ index 22548f5..41521d8 100644
593 return 0;
594 }
595 return 1;
596 -diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
597 -index 1194b1f..f8cde46 100644
598 ---- a/fs/ext3/namei.c
599 -+++ b/fs/ext3/namei.c
600 -@@ -1783,7 +1783,7 @@ retry:
601 - d_tmpfile(dentry, inode);
602 - err = ext3_orphan_add(handle, inode);
603 - if (err)
604 -- goto err_drop_inode;
605 -+ goto err_unlock_inode;
606 - mark_inode_dirty(inode);
607 - unlock_new_inode(inode);
608 - }
609 -@@ -1791,10 +1791,9 @@ retry:
610 - if (err == -ENOSPC && ext3_should_retry_alloc(dir->i_sb, &retries))
611 - goto retry;
612 - return err;
613 --err_drop_inode:
614 -+err_unlock_inode:
615 - ext3_journal_stop(handle);
616 - unlock_new_inode(inode);
617 -- iput(inode);
618 - return err;
619 - }
620 -
621 diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
622 index ddd715e..c772f88 100644
623 --- a/fs/ext4/balloc.c
624 @@ -55756,31 +55539,6 @@ index 214461e..3614c89 100644
625 __ext4_warning(sb, function, line,
626 "MMP failure info: last update time: %llu, last update "
627 "node: %s, last update device: %s\n",
628 -diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
629 -index 35f55a0..b53cbc6 100644
630 ---- a/fs/ext4/namei.c
631 -+++ b/fs/ext4/namei.c
632 -@@ -2319,7 +2319,7 @@ retry:
633 - d_tmpfile(dentry, inode);
634 - err = ext4_orphan_add(handle, inode);
635 - if (err)
636 -- goto err_drop_inode;
637 -+ goto err_unlock_inode;
638 - mark_inode_dirty(inode);
639 - unlock_new_inode(inode);
640 - }
641 -@@ -2328,10 +2328,9 @@ retry:
642 - if (err == -ENOSPC && ext4_should_retry_alloc(dir->i_sb, &retries))
643 - goto retry;
644 - return err;
645 --err_drop_inode:
646 -+err_unlock_inode:
647 - ext4_journal_stop(handle);
648 - unlock_new_inode(inode);
649 -- iput(inode);
650 - return err;
651 - }
652 -
653 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
654 index b59373b..f41c2b5 100644
655 --- a/fs/ext4/super.c
656 @@ -76666,7 +76424,7 @@ index 429c199..4d42e38 100644
657
658 /* shm_mode upper byte flags */
659 diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
660 -index 3b71a4e..4823435 100644
661 +index 6bd165b..4823435 100644
662 --- a/include/linux/skbuff.h
663 +++ b/include/linux/skbuff.h
664 @@ -648,7 +648,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
665 @@ -76705,19 +76463,7 @@ index 3b71a4e..4823435 100644
666 }
667
668 /**
669 -@@ -1316,6 +1316,11 @@ static inline int skb_pagelen(const struct sk_buff *skb)
670 - return len + skb_headlen(skb);
671 - }
672 -
673 -+static inline bool skb_has_frags(const struct sk_buff *skb)
674 -+{
675 -+ return skb_shinfo(skb)->nr_frags;
676 -+}
677 -+
678 - /**
679 - * __skb_fill_page_desc - initialise a paged fragment in an skb
680 - * @skb: buffer containing fragment to be initialised
681 -@@ -1750,7 +1755,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
682 +@@ -1755,7 +1755,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
683 * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
684 */
685 #ifndef NET_SKB_PAD
686 @@ -76726,7 +76472,7 @@ index 3b71a4e..4823435 100644
687 #endif
688
689 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
690 -@@ -2345,7 +2350,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
691 +@@ -2350,7 +2350,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
692 int noblock, int *err);
693 extern unsigned int datagram_poll(struct file *file, struct socket *sock,
694 struct poll_table_struct *wait);
695 @@ -76735,7 +76481,7 @@ index 3b71a4e..4823435 100644
696 int offset, struct iovec *to,
697 int size);
698 extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
699 -@@ -2636,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb)
700 +@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb)
701 nf_bridge_put(skb->nf_bridge);
702 skb->nf_bridge = NULL;
703 #endif
704 @@ -78280,10 +78026,10 @@ index e745c92..3641448 100644
705
706 /* Structure to track chunk fragments that have been acked, but peer
707 diff --git a/include/net/sock.h b/include/net/sock.h
708 -index 31d5cfb..9ee0602 100644
709 +index 04e148f..3b1c7e0 100644
710 --- a/include/net/sock.h
711 +++ b/include/net/sock.h
712 -@@ -331,7 +331,7 @@ struct sock {
713 +@@ -332,7 +332,7 @@ struct sock {
714 unsigned int sk_napi_id;
715 unsigned int sk_ll_usec;
716 #endif
717 @@ -78292,7 +78038,7 @@ index 31d5cfb..9ee0602 100644
718 int sk_rcvbuf;
719
720 struct sk_filter __rcu *sk_filter;
721 -@@ -1803,7 +1803,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
722 +@@ -1805,7 +1805,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
723 }
724
725 static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
726 @@ -78301,7 +78047,7 @@ index 31d5cfb..9ee0602 100644
727 int copy, int offset)
728 {
729 if (skb->ip_summed == CHECKSUM_NONE) {
730 -@@ -2065,7 +2065,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
731 +@@ -2067,7 +2067,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
732 }
733 }
734
735 @@ -78311,10 +78057,10 @@ index 31d5cfb..9ee0602 100644
736 /**
737 * sk_page_frag - return an appropriate page_frag
738 diff --git a/include/net/tcp.h b/include/net/tcp.h
739 -index d198005..c974a393 100644
740 +index 46cb8a4..32b7b4a 100644
741 --- a/include/net/tcp.h
742 +++ b/include/net/tcp.h
743 -@@ -521,7 +521,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
744 +@@ -522,7 +522,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
745 extern void tcp_xmit_retransmit_queue(struct sock *);
746 extern void tcp_simple_retransmit(struct sock *);
747 extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
748 @@ -78323,7 +78069,7 @@ index d198005..c974a393 100644
749
750 extern void tcp_send_probe0(struct sock *);
751 extern void tcp_send_partial(struct sock *);
752 -@@ -694,8 +694,8 @@ struct tcp_skb_cb {
753 +@@ -695,8 +695,8 @@ struct tcp_skb_cb {
754 struct inet6_skb_parm h6;
755 #endif
756 } header; /* For incoming frames */
757 @@ -78334,7 +78080,7 @@ index d198005..c974a393 100644
758 __u32 when; /* used to compute rtt's */
759 __u8 tcp_flags; /* TCP header flags. (tcp[13]) */
760
761 -@@ -709,7 +709,7 @@ struct tcp_skb_cb {
762 +@@ -710,7 +710,7 @@ struct tcp_skb_cb {
763
764 __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
765 /* 1 byte hole */
766 @@ -85612,7 +85358,7 @@ index 4a1f33d..2f3ca75 100644
767 enum kobj_ns_type type = ops->type;
768 int error;
769 diff --git a/lib/list_debug.c b/lib/list_debug.c
770 -index c24c2f7..06e070b 100644
771 +index c24c2f7..f0296f4 100644
772 --- a/lib/list_debug.c
773 +++ b/lib/list_debug.c
774 @@ -11,7 +11,9 @@
775 @@ -85625,50 +85371,61 @@ index c24c2f7..06e070b 100644
776 /*
777 * Insert a new entry between two known consecutive entries.
778 *
779 -@@ -19,21 +21,32 @@
780 +@@ -19,21 +21,40 @@
781 * the prev/next entries already!
782 */
783
784 --void __list_add(struct list_head *new,
785 -- struct list_head *prev,
786 -- struct list_head *next)
787 +static bool __list_add_debug(struct list_head *new,
788 + struct list_head *prev,
789 + struct list_head *next)
790 ++{
791 ++ if (unlikely(next->prev != prev)) {
792 ++ printk(KERN_ERR "list_add corruption. next->prev should be "
793 ++ "prev (%p), but was %p. (next=%p).\n",
794 ++ prev, next->prev, next);
795 ++ BUG();
796 ++ return false;
797 ++ }
798 ++ if (unlikely(prev->next != next)) {
799 ++ printk(KERN_ERR "list_add corruption. prev->next should be "
800 ++ "next (%p), but was %p. (prev=%p).\n",
801 ++ next, prev->next, prev);
802 ++ BUG();
803 ++ return false;
804 ++ }
805 ++ if (unlikely(new == prev || new == next)) {
806 ++ printk(KERN_ERR "list_add double add: new=%p, prev=%p, next=%p.\n",
807 ++ new, prev, next);
808 ++ BUG();
809 ++ return false;
810 ++ }
811 ++ return true;
812 ++}
813 ++
814 + void __list_add(struct list_head *new,
815 +- struct list_head *prev,
816 +- struct list_head *next)
817 ++ struct list_head *prev,
818 ++ struct list_head *next)
819 {
820 - WARN(next->prev != prev,
821 -+ if (WARN(next->prev != prev,
822 - "list_add corruption. next->prev should be "
823 - "prev (%p), but was %p. (next=%p).\n",
824 +- "list_add corruption. next->prev should be "
825 +- "prev (%p), but was %p. (next=%p).\n",
826 - prev, next->prev, next);
827 - WARN(prev->next != next,
828 -+ prev, next->prev, next) ||
829 -+ WARN(prev->next != next,
830 - "list_add corruption. prev->next should be "
831 - "next (%p), but was %p. (prev=%p).\n",
832 +- "list_add corruption. prev->next should be "
833 +- "next (%p), but was %p. (prev=%p).\n",
834 - next, prev->next, prev);
835 - WARN(new == prev || new == next,
836 - "list_add double add: new=%p, prev=%p, next=%p.\n",
837 - new, prev, next);
838 -+ next, prev->next, prev) ||
839 -+ WARN(new == prev || new == next,
840 -+ "list_add double add: new=%p, prev=%p, next=%p.\n",
841 -+ new, prev, next))
842 -+ return false;
843 -+ return true;
844 -+}
845 -+
846 -+void __list_add(struct list_head *new,
847 -+ struct list_head *prev,
848 -+ struct list_head *next)
849 -+{
850 + if (!__list_add_debug(new, prev, next))
851 + return;
852 +
853 next->prev = new;
854 new->next = next;
855 new->prev = prev;
856 -@@ -41,7 +54,7 @@ void __list_add(struct list_head *new,
857 +@@ -41,28 +62,46 @@ void __list_add(struct list_head *new,
858 }
859 EXPORT_SYMBOL(__list_add);
860
861 @@ -85677,11 +85434,45 @@ index c24c2f7..06e070b 100644
862 {
863 struct list_head *prev, *next;
864
865 -@@ -60,9 +73,16 @@ void __list_del_entry(struct list_head *entry)
866 - WARN(next->prev != entry,
867 - "list_del corruption. next->prev should be %p, "
868 - "but was %p\n", entry, next->prev))
869 + prev = entry->prev;
870 + next = entry->next;
871 +
872 +- if (WARN(next == LIST_POISON1,
873 +- "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
874 +- entry, LIST_POISON1) ||
875 +- WARN(prev == LIST_POISON2,
876 +- "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
877 +- entry, LIST_POISON2) ||
878 +- WARN(prev->next != entry,
879 +- "list_del corruption. prev->next should be %p, "
880 +- "but was %p\n", entry, prev->next) ||
881 +- WARN(next->prev != entry,
882 +- "list_del corruption. next->prev should be %p, "
883 +- "but was %p\n", entry, next->prev))
884 ++ if (unlikely(next == LIST_POISON1)) {
885 ++ printk(KERN_ERR "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
886 ++ entry, LIST_POISON1);
887 ++ BUG();
888 ++ return false;
889 ++ }
890 ++ if (unlikely(prev == LIST_POISON2)) {
891 ++ printk(KERN_ERR "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
892 ++ entry, LIST_POISON2);
893 ++ BUG();
894 + return false;
895 ++ }
896 ++ if (unlikely(entry->prev->next != entry)) {
897 ++ printk(KERN_ERR "list_del corruption. prev->next should be %p, "
898 ++ "but was %p\n", entry, prev->next);
899 ++ BUG();
900 ++ return false;
901 ++ }
902 ++ if (unlikely(entry->next->prev != entry)) {
903 ++ printk(KERN_ERR "list_del corruption. next->prev should be %p, "
904 ++ "but was %p\n", entry, next->prev);
905 ++ BUG();
906 ++ return false;
907 ++ }
908 + return true;
909 +}
910 +
911 @@ -85695,7 +85486,7 @@ index c24c2f7..06e070b 100644
912 }
913 EXPORT_SYMBOL(__list_del_entry);
914
915 -@@ -86,15 +106,85 @@ EXPORT_SYMBOL(list_del);
916 +@@ -86,15 +125,85 @@ EXPORT_SYMBOL(list_del);
917 void __list_add_rcu(struct list_head *new,
918 struct list_head *prev, struct list_head *next)
919 {
920 @@ -86565,7 +86356,7 @@ index 2c13aa7..64cbc3f 100644
921 } else {
922 pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
923 diff --git a/mm/memory.c b/mm/memory.c
924 -index af84bc0..2ed0816 100644
925 +index 440986e..94b45d5 100644
926 --- a/mm/memory.c
927 +++ b/mm/memory.c
928 @@ -426,6 +426,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
929 @@ -86602,7 +86393,7 @@ index af84bc0..2ed0816 100644
930 }
931
932 /*
933 -@@ -1645,12 +1651,6 @@ no_page_table:
934 +@@ -1647,12 +1653,6 @@ no_page_table:
935 return page;
936 }
937
938 @@ -86615,7 +86406,7 @@ index af84bc0..2ed0816 100644
939 /**
940 * __get_user_pages() - pin user pages in memory
941 * @tsk: task_struct of target task
942 -@@ -1737,10 +1737,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
943 +@@ -1739,10 +1739,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
944
945 i = 0;
946
947 @@ -86628,7 +86419,7 @@ index af84bc0..2ed0816 100644
948 if (!vma && in_gate_area(mm, start)) {
949 unsigned long pg = start & PAGE_MASK;
950 pgd_t *pgd;
951 -@@ -1789,7 +1789,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
952 +@@ -1791,7 +1791,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
953 goto next_page;
954 }
955
956 @@ -86637,7 +86428,7 @@ index af84bc0..2ed0816 100644
957 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
958 !(vm_flags & vma->vm_flags))
959 return i ? : -EFAULT;
960 -@@ -1818,11 +1818,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
961 +@@ -1820,11 +1820,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
962 int ret;
963 unsigned int fault_flags = 0;
964
965 @@ -86649,7 +86440,7 @@ index af84bc0..2ed0816 100644
966 if (foll_flags & FOLL_WRITE)
967 fault_flags |= FAULT_FLAG_WRITE;
968 if (nonblocking)
969 -@@ -1902,7 +1897,7 @@ next_page:
970 +@@ -1904,7 +1899,7 @@ next_page:
971 start += page_increm * PAGE_SIZE;
972 nr_pages -= page_increm;
973 } while (nr_pages && start < vma->vm_end);
974 @@ -86658,7 +86449,7 @@ index af84bc0..2ed0816 100644
975 return i;
976 }
977 EXPORT_SYMBOL(__get_user_pages);
978 -@@ -2109,6 +2104,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
979 +@@ -2111,6 +2106,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
980 page_add_file_rmap(page);
981 set_pte_at(mm, addr, pte, mk_pte(page, prot));
982
983 @@ -86669,7 +86460,7 @@ index af84bc0..2ed0816 100644
984 retval = 0;
985 pte_unmap_unlock(pte, ptl);
986 return retval;
987 -@@ -2153,9 +2152,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
988 +@@ -2155,9 +2154,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
989 if (!page_count(page))
990 return -EINVAL;
991 if (!(vma->vm_flags & VM_MIXEDMAP)) {
992 @@ -86691,7 +86482,7 @@ index af84bc0..2ed0816 100644
993 }
994 return insert_page(vma, addr, page, vma->vm_page_prot);
995 }
996 -@@ -2238,6 +2249,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
997 +@@ -2240,6 +2251,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
998 unsigned long pfn)
999 {
1000 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
1001 @@ -86699,7 +86490,7 @@ index af84bc0..2ed0816 100644
1002
1003 if (addr < vma->vm_start || addr >= vma->vm_end)
1004 return -EFAULT;
1005 -@@ -2485,7 +2497,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
1006 +@@ -2487,7 +2499,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
1007
1008 BUG_ON(pud_huge(*pud));
1009
1010 @@ -86710,7 +86501,7 @@ index af84bc0..2ed0816 100644
1011 if (!pmd)
1012 return -ENOMEM;
1013 do {
1014 -@@ -2505,7 +2519,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
1015 +@@ -2507,7 +2521,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
1016 unsigned long next;
1017 int err;
1018
1019 @@ -86721,7 +86512,7 @@ index af84bc0..2ed0816 100644
1020 if (!pud)
1021 return -ENOMEM;
1022 do {
1023 -@@ -2593,6 +2609,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
1024 +@@ -2595,6 +2611,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
1025 copy_user_highpage(dst, src, va, vma);
1026 }
1027
1028 @@ -86908,7 +86699,7 @@ index af84bc0..2ed0816 100644
1029 /*
1030 * This routine handles present pages, when users try to write
1031 * to a shared page. It is done by copying the page to a new address
1032 -@@ -2809,6 +3005,12 @@ gotten:
1033 +@@ -2811,6 +3007,12 @@ gotten:
1034 */
1035 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
1036 if (likely(pte_same(*page_table, orig_pte))) {
1037 @@ -86921,7 +86712,7 @@ index af84bc0..2ed0816 100644
1038 if (old_page) {
1039 if (!PageAnon(old_page)) {
1040 dec_mm_counter_fast(mm, MM_FILEPAGES);
1041 -@@ -2860,6 +3062,10 @@ gotten:
1042 +@@ -2862,6 +3064,10 @@ gotten:
1043 page_remove_rmap(old_page);
1044 }
1045
1046 @@ -86932,7 +86723,7 @@ index af84bc0..2ed0816 100644
1047 /* Free the old page.. */
1048 new_page = old_page;
1049 ret |= VM_FAULT_WRITE;
1050 -@@ -3137,6 +3343,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
1051 +@@ -3139,6 +3345,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
1052 swap_free(entry);
1053 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
1054 try_to_free_swap(page);
1055 @@ -86944,7 +86735,7 @@ index af84bc0..2ed0816 100644
1056 unlock_page(page);
1057 if (page != swapcache) {
1058 /*
1059 -@@ -3160,6 +3371,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
1060 +@@ -3162,6 +3373,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
1061
1062 /* No need to invalidate - it was non-present before */
1063 update_mmu_cache(vma, address, page_table);
1064 @@ -86956,7 +86747,7 @@ index af84bc0..2ed0816 100644
1065 unlock:
1066 pte_unmap_unlock(page_table, ptl);
1067 out:
1068 -@@ -3179,40 +3395,6 @@ out_release:
1069 +@@ -3181,40 +3397,6 @@ out_release:
1070 }
1071
1072 /*
1073 @@ -86997,7 +86788,7 @@ index af84bc0..2ed0816 100644
1074 * We enter with non-exclusive mmap_sem (to exclude vma changes,
1075 * but allow concurrent faults), and pte mapped but not yet locked.
1076 * We return with mmap_sem still held, but pte unmapped and unlocked.
1077 -@@ -3221,27 +3403,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
1078 +@@ -3223,27 +3405,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
1079 unsigned long address, pte_t *page_table, pmd_t *pmd,
1080 unsigned int flags)
1081 {
1082 @@ -87030,7 +86821,7 @@ index af84bc0..2ed0816 100644
1083 if (unlikely(anon_vma_prepare(vma)))
1084 goto oom;
1085 page = alloc_zeroed_user_highpage_movable(vma, address);
1086 -@@ -3265,6 +3443,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
1087 +@@ -3267,6 +3445,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
1088 if (!pte_none(*page_table))
1089 goto release;
1090
1091 @@ -87042,7 +86833,7 @@ index af84bc0..2ed0816 100644
1092 inc_mm_counter_fast(mm, MM_ANONPAGES);
1093 page_add_new_anon_rmap(page, vma, address);
1094 setpte:
1095 -@@ -3272,6 +3455,12 @@ setpte:
1096 +@@ -3274,6 +3457,12 @@ setpte:
1097
1098 /* No need to invalidate - it was non-present before */
1099 update_mmu_cache(vma, address, page_table);
1100 @@ -87055,7 +86846,7 @@ index af84bc0..2ed0816 100644
1101 unlock:
1102 pte_unmap_unlock(page_table, ptl);
1103 return 0;
1104 -@@ -3415,6 +3604,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1105 +@@ -3417,6 +3606,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1106 */
1107 /* Only go through if we didn't race with anybody else... */
1108 if (likely(pte_same(*page_table, orig_pte))) {
1109 @@ -87068,7 +86859,7 @@ index af84bc0..2ed0816 100644
1110 flush_icache_page(vma, page);
1111 entry = mk_pte(page, vma->vm_page_prot);
1112 if (flags & FAULT_FLAG_WRITE)
1113 -@@ -3436,6 +3631,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1114 +@@ -3438,6 +3633,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1115
1116 /* no need to invalidate: a not-present page won't be cached */
1117 update_mmu_cache(vma, address, page_table);
1118 @@ -87083,7 +86874,7 @@ index af84bc0..2ed0816 100644
1119 } else {
1120 if (cow_page)
1121 mem_cgroup_uncharge_page(cow_page);
1122 -@@ -3757,6 +3960,12 @@ int handle_pte_fault(struct mm_struct *mm,
1123 +@@ -3759,6 +3962,12 @@ int handle_pte_fault(struct mm_struct *mm,
1124 if (flags & FAULT_FLAG_WRITE)
1125 flush_tlb_fix_spurious_fault(vma, address);
1126 }
1127 @@ -87096,7 +86887,7 @@ index af84bc0..2ed0816 100644
1128 unlock:
1129 pte_unmap_unlock(pte, ptl);
1130 return 0;
1131 -@@ -3773,6 +3982,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1132 +@@ -3775,6 +3984,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1133 pmd_t *pmd;
1134 pte_t *pte;
1135
1136 @@ -87107,7 +86898,7 @@ index af84bc0..2ed0816 100644
1137 __set_current_state(TASK_RUNNING);
1138
1139 count_vm_event(PGFAULT);
1140 -@@ -3784,6 +3997,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1141 +@@ -3786,6 +3999,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
1142 if (unlikely(is_vm_hugetlb_page(vma)))
1143 return hugetlb_fault(mm, vma, address, flags);
1144
1145 @@ -87142,7 +86933,7 @@ index af84bc0..2ed0816 100644
1146 retry:
1147 pgd = pgd_offset(mm, address);
1148 pud = pud_alloc(mm, pgd, address);
1149 -@@ -3882,6 +4123,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
1150 +@@ -3884,6 +4125,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
1151 spin_unlock(&mm->page_table_lock);
1152 return 0;
1153 }
1154 @@ -87166,7 +86957,7 @@ index af84bc0..2ed0816 100644
1155 #endif /* __PAGETABLE_PUD_FOLDED */
1156
1157 #ifndef __PAGETABLE_PMD_FOLDED
1158 -@@ -3912,6 +4170,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
1159 +@@ -3914,6 +4172,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
1160 spin_unlock(&mm->page_table_lock);
1161 return 0;
1162 }
1163 @@ -87197,7 +86988,7 @@ index af84bc0..2ed0816 100644
1164 #endif /* __PAGETABLE_PMD_FOLDED */
1165
1166 #if !defined(__HAVE_ARCH_GATE_AREA)
1167 -@@ -3925,7 +4207,7 @@ static int __init gate_vma_init(void)
1168 +@@ -3927,7 +4209,7 @@ static int __init gate_vma_init(void)
1169 gate_vma.vm_start = FIXADDR_USER_START;
1170 gate_vma.vm_end = FIXADDR_USER_END;
1171 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
1172 @@ -87206,7 +86997,7 @@ index af84bc0..2ed0816 100644
1173
1174 return 0;
1175 }
1176 -@@ -4059,8 +4341,8 @@ out:
1177 +@@ -4061,8 +4343,8 @@ out:
1178 return ret;
1179 }
1180
1181 @@ -87217,7 +87008,7 @@ index af84bc0..2ed0816 100644
1182 {
1183 resource_size_t phys_addr;
1184 unsigned long prot = 0;
1185 -@@ -4085,8 +4367,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
1186 +@@ -4087,8 +4369,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
1187 * Access another process' address space as given in mm. If non-NULL, use the
1188 * given task for page fault accounting.
1189 */
1190 @@ -87228,7 +87019,7 @@ index af84bc0..2ed0816 100644
1191 {
1192 struct vm_area_struct *vma;
1193 void *old_buf = buf;
1194 -@@ -4094,7 +4376,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
1195 +@@ -4096,7 +4378,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
1196 down_read(&mm->mmap_sem);
1197 /* ignore errors, just check how much was successfully transferred */
1198 while (len) {
1199 @@ -87237,7 +87028,7 @@ index af84bc0..2ed0816 100644
1200 void *maddr;
1201 struct page *page = NULL;
1202
1203 -@@ -4153,8 +4435,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
1204 +@@ -4155,8 +4437,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
1205 *
1206 * The caller must hold a reference on @mm.
1207 */
1208 @@ -87248,7 +87039,7 @@ index af84bc0..2ed0816 100644
1209 {
1210 return __access_remote_vm(NULL, mm, addr, buf, len, write);
1211 }
1212 -@@ -4164,11 +4446,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
1213 +@@ -4166,11 +4448,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
1214 * Source/target buffer must be kernel space,
1215 * Do not walk the page table directly, use get_user_pages
1216 */
1217 @@ -87340,10 +87131,10 @@ index 4baf12e..5497066 100644
1218 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
1219
1220 diff --git a/mm/migrate.c b/mm/migrate.c
1221 -index 25ca7ca..abe1836 100644
1222 +index 81af4e6..2285307 100644
1223 --- a/mm/migrate.c
1224 +++ b/mm/migrate.c
1225 -@@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
1226 +@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
1227 */
1228 tcred = __task_cred(task);
1229 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
1230 @@ -88689,7 +88480,7 @@ index f9c97d1..3468d3b 100644
1231 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
1232
1233 diff --git a/mm/mprotect.c b/mm/mprotect.c
1234 -index 94722a4..e661e29 100644
1235 +index a3af058..bc2cb14 100644
1236 --- a/mm/mprotect.c
1237 +++ b/mm/mprotect.c
1238 @@ -23,10 +23,18 @@
1239 @@ -88711,7 +88502,7 @@ index 94722a4..e661e29 100644
1240
1241 #ifndef pgprot_modify
1242 static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
1243 -@@ -233,6 +241,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
1244 +@@ -236,6 +244,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start,
1245 return pages;
1246 }
1247
1248 @@ -88760,7 +88551,7 @@ index 94722a4..e661e29 100644
1249 int
1250 mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1251 unsigned long start, unsigned long end, unsigned long newflags)
1252 -@@ -245,11 +295,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1253 +@@ -248,11 +298,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1254 int error;
1255 int dirty_accountable = 0;
1256
1257 @@ -88790,7 +88581,7 @@ index 94722a4..e661e29 100644
1258 /*
1259 * If we make a private mapping writable we increase our commit;
1260 * but (without finer accounting) cannot reduce our commit if we
1261 -@@ -266,6 +334,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1262 +@@ -269,6 +337,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
1263 }
1264 }
1265
1266 @@ -88833,7 +88624,7 @@ index 94722a4..e661e29 100644
1267 /*
1268 * First try to merge with previous and/or next vma.
1269 */
1270 -@@ -296,9 +400,21 @@ success:
1271 +@@ -299,9 +403,21 @@ success:
1272 * vm_flags and vm_page_prot are protected by the mmap_sem
1273 * held in write mode.
1274 */
1275 @@ -88856,7 +88647,7 @@ index 94722a4..e661e29 100644
1276
1277 if (vma_wants_writenotify(vma)) {
1278 vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
1279 -@@ -337,6 +453,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1280 +@@ -340,6 +456,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1281 end = start + len;
1282 if (end <= start)
1283 return -ENOMEM;
1284 @@ -88874,7 +88665,7 @@ index 94722a4..e661e29 100644
1285 if (!arch_validate_prot(prot))
1286 return -EINVAL;
1287
1288 -@@ -344,7 +471,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1289 +@@ -347,7 +474,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1290 /*
1291 * Does the application expect PROT_READ to imply PROT_EXEC:
1292 */
1293 @@ -88883,7 +88674,7 @@ index 94722a4..e661e29 100644
1294 prot |= PROT_EXEC;
1295
1296 vm_flags = calc_vm_prot_bits(prot);
1297 -@@ -376,6 +503,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1298 +@@ -379,6 +506,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1299 if (start > vma->vm_start)
1300 prev = vma;
1301
1302 @@ -88895,7 +88686,7 @@ index 94722a4..e661e29 100644
1303 for (nstart = start ; ; ) {
1304 unsigned long newflags;
1305
1306 -@@ -386,6 +518,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1307 +@@ -389,6 +521,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1308
1309 /* newflags >> 4 shift VM_MAY% in place of VM_% */
1310 if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
1311 @@ -88910,7 +88701,7 @@ index 94722a4..e661e29 100644
1312 error = -EACCES;
1313 goto out;
1314 }
1315 -@@ -400,6 +540,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1316 +@@ -403,6 +543,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
1317 error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
1318 if (error)
1319 goto out;
1320 @@ -89095,7 +88886,7 @@ index ecd1f15..77039bd 100644
1321 struct mm_struct *mm;
1322
1323 diff --git a/mm/page-writeback.c b/mm/page-writeback.c
1324 -index 3f0c895..60cd104 100644
1325 +index 241a746..41cd05d 100644
1326 --- a/mm/page-writeback.c
1327 +++ b/mm/page-writeback.c
1328 @@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
1329 @@ -90831,19 +90622,6 @@ index 2fb2d88..8c06e40 100644
1330 struct vlan_net *vn;
1331
1332 vn = net_generic(net, vlan_net_id);
1333 -diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
1334 -index 3091297..c7e634a 100644
1335 ---- a/net/8021q/vlan_netlink.c
1336 -+++ b/net/8021q/vlan_netlink.c
1337 -@@ -171,7 +171,7 @@ static size_t vlan_get_size(const struct net_device *dev)
1338 -
1339 - return nla_total_size(2) + /* IFLA_VLAN_PROTOCOL */
1340 - nla_total_size(2) + /* IFLA_VLAN_ID */
1341 -- sizeof(struct ifla_vlan_flags) + /* IFLA_VLAN_FLAGS */
1342 -+ nla_total_size(sizeof(struct ifla_vlan_flags)) + /* IFLA_VLAN_FLAGS */
1343 - vlan_qos_map_size(vlan->nr_ingress_mappings) +
1344 - vlan_qos_map_size(vlan->nr_egress_mappings);
1345 - }
1346 diff --git a/net/9p/mod.c b/net/9p/mod.c
1347 index 6ab36ae..6f1841b 100644
1348 --- a/net/9p/mod.c
1349 @@ -91420,25 +91198,23 @@ index eb0a46a..5f3bae8 100644
1350
1351 switch (ss->ss_family) {
1352 diff --git a/net/compat.c b/net/compat.c
1353 -index f0a1ba6..24e30e5 100644
1354 +index 8903258..24e30e5 100644
1355 --- a/net/compat.c
1356 +++ b/net/compat.c
1357 -@@ -71,9 +71,11 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
1358 - __get_user(kmsg->msg_controllen, &umsg->msg_controllen) ||
1359 - __get_user(kmsg->msg_flags, &umsg->msg_flags))
1360 +@@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg)
1361 return -EFAULT;
1362 + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
1363 + return -EINVAL;
1364 - kmsg->msg_name = compat_ptr(tmp1);
1365 - kmsg->msg_iov = compat_ptr(tmp2);
1366 - kmsg->msg_control = compat_ptr(tmp3);
1367 -+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
1368 -+ return -EINVAL;
1369 + kmsg->msg_name = (void __force_kernel *)compat_ptr(tmp1);
1370 + kmsg->msg_iov = (void __force_kernel *)compat_ptr(tmp2);
1371 + kmsg->msg_control = (void __force_kernel *)compat_ptr(tmp3);
1372 return 0;
1373 }
1374
1375 -@@ -85,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1376 +@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1377
1378 if (kern_msg->msg_namelen) {
1379 if (mode == VERIFY_READ) {
1380 @@ -91447,7 +91223,7 @@ index f0a1ba6..24e30e5 100644
1381 kern_msg->msg_namelen,
1382 kern_address);
1383 if (err < 0)
1384 -@@ -96,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1385 +@@ -98,7 +98,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1386 kern_msg->msg_name = NULL;
1387
1388 tot_len = iov_from_user_compat_to_kern(kern_iov,
1389 @@ -91456,7 +91232,7 @@ index f0a1ba6..24e30e5 100644
1390 kern_msg->msg_iovlen);
1391 if (tot_len >= 0)
1392 kern_msg->msg_iov = kern_iov;
1393 -@@ -116,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1394 +@@ -118,20 +118,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
1395
1396 #define CMSG_COMPAT_FIRSTHDR(msg) \
1397 (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
1398 @@ -91480,7 +91256,7 @@ index f0a1ba6..24e30e5 100644
1399 msg->msg_controllen)
1400 return NULL;
1401 return (struct compat_cmsghdr __user *)ptr;
1402 -@@ -219,7 +221,7 @@ Efault:
1403 +@@ -221,7 +221,7 @@ Efault:
1404
1405 int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
1406 {
1407 @@ -91489,7 +91265,7 @@ index f0a1ba6..24e30e5 100644
1408 struct compat_cmsghdr cmhdr;
1409 struct compat_timeval ctv;
1410 struct compat_timespec cts[3];
1411 -@@ -275,7 +277,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
1412 +@@ -277,7 +277,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat
1413
1414 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
1415 {
1416 @@ -91498,7 +91274,7 @@ index f0a1ba6..24e30e5 100644
1417 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
1418 int fdnum = scm->fp->count;
1419 struct file **fp = scm->fp->fp;
1420 -@@ -363,7 +365,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
1421 +@@ -365,7 +365,7 @@ static int do_set_sock_timeout(struct socket *sock, int level,
1422 return -EFAULT;
1423 old_fs = get_fs();
1424 set_fs(KERNEL_DS);
1425 @@ -91507,7 +91283,7 @@ index f0a1ba6..24e30e5 100644
1426 set_fs(old_fs);
1427
1428 return err;
1429 -@@ -424,7 +426,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
1430 +@@ -426,7 +426,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname,
1431 len = sizeof(ktime);
1432 old_fs = get_fs();
1433 set_fs(KERNEL_DS);
1434 @@ -91516,7 +91292,7 @@ index f0a1ba6..24e30e5 100644
1435 set_fs(old_fs);
1436
1437 if (!err) {
1438 -@@ -567,7 +569,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1439 +@@ -569,7 +569,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1440 case MCAST_JOIN_GROUP:
1441 case MCAST_LEAVE_GROUP:
1442 {
1443 @@ -91525,7 +91301,7 @@ index f0a1ba6..24e30e5 100644
1444 struct group_req __user *kgr =
1445 compat_alloc_user_space(sizeof(struct group_req));
1446 u32 interface;
1447 -@@ -588,7 +590,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1448 +@@ -590,7 +590,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1449 case MCAST_BLOCK_SOURCE:
1450 case MCAST_UNBLOCK_SOURCE:
1451 {
1452 @@ -91534,7 +91310,7 @@ index f0a1ba6..24e30e5 100644
1453 struct group_source_req __user *kgsr = compat_alloc_user_space(
1454 sizeof(struct group_source_req));
1455 u32 interface;
1456 -@@ -609,7 +611,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1457 +@@ -611,7 +611,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname,
1458 }
1459 case MCAST_MSFILTER:
1460 {
1461 @@ -91543,7 +91319,7 @@ index f0a1ba6..24e30e5 100644
1462 struct group_filter __user *kgf;
1463 u32 interface, fmode, numsrc;
1464
1465 -@@ -647,7 +649,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
1466 +@@ -649,7 +649,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname,
1467 char __user *optval, int __user *optlen,
1468 int (*getsockopt)(struct sock *, int, int, char __user *, int __user *))
1469 {
1470 @@ -91552,7 +91328,7 @@ index f0a1ba6..24e30e5 100644
1471 struct group_filter __user *kgf;
1472 int __user *koptlen;
1473 u32 interface, fmode, numsrc;
1474 -@@ -805,7 +807,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
1475 +@@ -807,7 +807,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args)
1476
1477 if (call < SYS_SOCKET || call > SYS_SENDMMSG)
1478 return -EINVAL;
1479 @@ -91950,7 +91726,7 @@ index 2c3d0f5..f5a326f 100644
1480 }
1481
1482 diff --git a/net/core/sock.c b/net/core/sock.c
1483 -index 2c097c5..bf72858 100644
1484 +index 8729d91..4a20427 100644
1485 --- a/net/core/sock.c
1486 +++ b/net/core/sock.c
1487 @@ -392,7 +392,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
1488 @@ -92037,7 +91813,7 @@ index 2c097c5..bf72858 100644
1489 return -EFAULT;
1490 lenout:
1491 if (put_user(len, optlen))
1492 -@@ -2303,7 +2303,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1493 +@@ -2304,7 +2304,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
1494 */
1495 smp_wmb();
1496 atomic_set(&sk->sk_refcnt, 1);
1497 @@ -92369,7 +92145,7 @@ index 6acb541..9ea617d 100644
1498
1499 void inet_get_local_port_range(int *low, int *high)
1500 diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
1501 -index 7bd8983..b956690 100644
1502 +index 96da9c7..b956690 100644
1503 --- a/net/ipv4/inet_hashtables.c
1504 +++ b/net/ipv4/inet_hashtables.c
1505 @@ -18,12 +18,15 @@
1506 @@ -92388,15 +92164,6 @@ index 7bd8983..b956690 100644
1507 /*
1508 * Allocate and initialize a new local port bind bucket.
1509 * The bindhash mutex for snum's hash chain must be held here.
1510 -@@ -287,7 +290,7 @@ begintw:
1511 - if (unlikely(!INET_TW_MATCH(sk, net, acookie,
1512 - saddr, daddr, ports,
1513 - dif))) {
1514 -- sock_put(sk);
1515 -+ inet_twsk_put(inet_twsk(sk));
1516 - goto begintw;
1517 - }
1518 - goto out;
1519 @@ -554,6 +557,8 @@ ok:
1520 twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
1521 spin_unlock(&head->lock);
1522 @@ -92503,19 +92270,6 @@ index 8d6939e..19d0a95 100644
1523 .kind = "gretap",
1524 .maxtype = IFLA_GRE_MAX,
1525 .policy = ipgre_policy,
1526 -diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
1527 -index a04d872..7f4ab5d 100644
1528 ---- a/net/ipv4/ip_output.c
1529 -+++ b/net/ipv4/ip_output.c
1530 -@@ -836,7 +836,7 @@ static int __ip_append_data(struct sock *sk,
1531 - csummode = CHECKSUM_PARTIAL;
1532 -
1533 - cork->length += length;
1534 -- if (((length > mtu) || (skb && skb_is_gso(skb))) &&
1535 -+ if (((length > mtu) || (skb && skb_has_frags(skb))) &&
1536 - (sk->sk_protocol == IPPROTO_UDP) &&
1537 - (rt->dst.dev->features & NETIF_F_UFO) && !rt->dst.header_len) {
1538 - err = ip_ufo_append_data(sk, queue, getfrag, from, length,
1539 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
1540 index d9c4f11..02b82dbc 100644
1541 --- a/net/ipv4/ip_sockglue.c
1542 @@ -92540,7 +92294,7 @@ index d9c4f11..02b82dbc 100644
1543 msg.msg_flags = flags;
1544
1545 diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
1546 -index 17cc0ff..63856c4 100644
1547 +index 0656041..d6ecb60 100644
1548 --- a/net/ipv4/ip_vti.c
1549 +++ b/net/ipv4/ip_vti.c
1550 @@ -47,7 +47,7 @@
1551 @@ -92552,7 +92306,7 @@ index 17cc0ff..63856c4 100644
1552
1553 static int vti_net_id __read_mostly;
1554 struct vti_net {
1555 -@@ -840,7 +840,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
1556 +@@ -848,7 +848,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
1557 [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
1558 };
1559
1560 @@ -92870,7 +92624,7 @@ index 6fb2337..9cd6b20 100644
1561
1562 static int raw_seq_show(struct seq_file *seq, void *v)
1563 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
1564 -index a9a54a2..647316e 100644
1565 +index 2de16d9..da558c7 100644
1566 --- a/net/ipv4/route.c
1567 +++ b/net/ipv4/route.c
1568 @@ -2615,34 +2615,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
1569 @@ -92928,10 +92682,10 @@ index a9a54a2..647316e 100644
1570 sizeof(net->ipv4.dev_addr_genid));
1571 return 0;
1572 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
1573 -index 610e324..fd42e75 100644
1574 +index 6900b8b..7832c6b 100644
1575 --- a/net/ipv4/sysctl_net_ipv4.c
1576 +++ b/net/ipv4/sysctl_net_ipv4.c
1577 -@@ -57,7 +57,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
1578 +@@ -58,7 +58,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
1579 {
1580 int ret;
1581 int range[2];
1582 @@ -92940,7 +92694,7 @@ index 610e324..fd42e75 100644
1583 .data = &range,
1584 .maxlen = sizeof(range),
1585 .mode = table->mode,
1586 -@@ -110,7 +110,7 @@ static int ipv4_ping_group_range(struct ctl_table *table, int write,
1587 +@@ -111,7 +111,7 @@ static int ipv4_ping_group_range(struct ctl_table *table, int write,
1588 int ret;
1589 gid_t urange[2];
1590 kgid_t low, high;
1591 @@ -92949,7 +92703,7 @@ index 610e324..fd42e75 100644
1592 .data = &urange,
1593 .maxlen = sizeof(urange),
1594 .mode = table->mode,
1595 -@@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
1596 +@@ -142,7 +142,7 @@ static int proc_tcp_congestion_control(struct ctl_table *ctl, int write,
1597 void __user *buffer, size_t *lenp, loff_t *ppos)
1598 {
1599 char val[TCP_CA_NAME_MAX];
1600 @@ -92958,7 +92712,7 @@ index 610e324..fd42e75 100644
1601 .data = val,
1602 .maxlen = TCP_CA_NAME_MAX,
1603 };
1604 -@@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
1605 +@@ -161,7 +161,7 @@ static int proc_tcp_available_congestion_control(struct ctl_table *ctl,
1606 void __user *buffer, size_t *lenp,
1607 loff_t *ppos)
1608 {
1609 @@ -92967,7 +92721,7 @@ index 610e324..fd42e75 100644
1610 int ret;
1611
1612 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
1613 -@@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(struct ctl_table *ctl,
1614 +@@ -178,7 +178,7 @@ static int proc_allowed_congestion_control(struct ctl_table *ctl,
1615 void __user *buffer, size_t *lenp,
1616 loff_t *ppos)
1617 {
1618 @@ -92976,7 +92730,7 @@ index 610e324..fd42e75 100644
1619 int ret;
1620
1621 tbl.data = kmalloc(tbl.maxlen, GFP_USER);
1622 -@@ -203,15 +203,17 @@ static int ipv4_tcp_mem(struct ctl_table *ctl, int write,
1623 +@@ -204,15 +204,17 @@ static int ipv4_tcp_mem(struct ctl_table *ctl, int write,
1624 struct mem_cgroup *memcg;
1625 #endif
1626
1627 @@ -92997,7 +92751,7 @@ index 610e324..fd42e75 100644
1628 }
1629
1630 ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
1631 -@@ -239,7 +241,7 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write,
1632 +@@ -240,7 +242,7 @@ static int proc_tcp_fastopen_key(struct ctl_table *ctl, int write,
1633 void __user *buffer, size_t *lenp,
1634 loff_t *ppos)
1635 {
1636 @@ -93006,7 +92760,7 @@ index 610e324..fd42e75 100644
1637 struct tcp_fastopen_context *ctxt;
1638 int ret;
1639 u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
1640 -@@ -482,7 +484,7 @@ static struct ctl_table ipv4_table[] = {
1641 +@@ -483,7 +485,7 @@ static struct ctl_table ipv4_table[] = {
1642 },
1643 {
1644 .procname = "ip_local_reserved_ports",
1645 @@ -93015,7 +92769,7 @@ index 610e324..fd42e75 100644
1646 .maxlen = 65536,
1647 .mode = 0644,
1648 .proc_handler = proc_do_large_bitmap,
1649 -@@ -847,11 +849,10 @@ static struct ctl_table ipv4_net_table[] = {
1650 +@@ -857,11 +859,10 @@ static struct ctl_table ipv4_net_table[] = {
1651
1652 static __net_init int ipv4_sysctl_init_net(struct net *net)
1653 {
1654 @@ -93029,7 +92783,7 @@ index 610e324..fd42e75 100644
1655 if (table == NULL)
1656 goto err_alloc;
1657
1658 -@@ -886,15 +887,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
1659 +@@ -896,15 +897,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
1660
1661 tcp_init_mem(net);
1662
1663 @@ -93050,7 +92804,7 @@ index 610e324..fd42e75 100644
1664 err_alloc:
1665 return -ENOMEM;
1666 }
1667 -@@ -916,16 +919,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1668 +@@ -926,16 +929,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
1669 static __init int sysctl_ipv4_init(void)
1670 {
1671 struct ctl_table_header *hdr;
1672 @@ -93068,10 +92822,10 @@ index 610e324..fd42e75 100644
1673 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
1674 if (hdr == NULL)
1675 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
1676 -index 3ca2139..c4cc060 100644
1677 +index 723951a..61cf1cc 100644
1678 --- a/net/ipv4/tcp_input.c
1679 +++ b/net/ipv4/tcp_input.c
1680 -@@ -4379,7 +4379,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
1681 +@@ -4412,7 +4412,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
1682 * simplifies code)
1683 */
1684 static void
1685 @@ -93080,7 +92834,7 @@ index 3ca2139..c4cc060 100644
1686 struct sk_buff *head, struct sk_buff *tail,
1687 u32 start, u32 end)
1688 {
1689 -@@ -5465,6 +5465,7 @@ discard:
1690 +@@ -5498,6 +5498,7 @@ discard:
1691 tcp_paws_reject(&tp->rx_opt, 0))
1692 goto discard_and_undo;
1693
1694 @@ -93088,7 +92842,7 @@ index 3ca2139..c4cc060 100644
1695 if (th->syn) {
1696 /* We see SYN without ACK. It is attempt of
1697 * simultaneous connect with crossed SYNs.
1698 -@@ -5515,6 +5516,7 @@ discard:
1699 +@@ -5548,6 +5549,7 @@ discard:
1700 goto discard;
1701 #endif
1702 }
1703 @@ -93096,7 +92850,7 @@ index 3ca2139..c4cc060 100644
1704 /* "fifth, if neither of the SYN or RST bits is set then
1705 * drop the segment and return."
1706 */
1707 -@@ -5560,7 +5562,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1708 +@@ -5593,7 +5595,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
1709 goto discard;
1710
1711 if (th->syn) {
1712 @@ -93191,40 +92945,6 @@ index ab1c086..2a8d76b 100644
1713 } else if (fastopen) { /* received a valid RST pkt */
1714 reqsk_fastopen_remove(sk, req, true);
1715 tcp_reset(sk);
1716 -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
1717 -index 170737a..75cbd26 100644
1718 ---- a/net/ipv4/tcp_output.c
1719 -+++ b/net/ipv4/tcp_output.c
1720 -@@ -982,6 +982,9 @@ static void tcp_queue_skb(struct sock *sk, struct sk_buff *skb)
1721 - static void tcp_set_skb_tso_segs(const struct sock *sk, struct sk_buff *skb,
1722 - unsigned int mss_now)
1723 - {
1724 -+ /* Make sure we own this skb before messing gso_size/gso_segs */
1725 -+ WARN_ON_ONCE(skb_cloned(skb));
1726 -+
1727 - if (skb->len <= mss_now || !sk_can_gso(sk) ||
1728 - skb->ip_summed == CHECKSUM_NONE) {
1729 - /* Avoid the costly divide in the normal
1730 -@@ -1063,9 +1066,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len,
1731 - if (nsize < 0)
1732 - nsize = 0;
1733 -
1734 -- if (skb_cloned(skb) &&
1735 -- skb_is_nonlinear(skb) &&
1736 -- pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
1737 -+ if (skb_unclone(skb, GFP_ATOMIC))
1738 - return -ENOMEM;
1739 -
1740 - /* Get a new skb... force flag on. */
1741 -@@ -2334,6 +2335,8 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
1742 - int oldpcount = tcp_skb_pcount(skb);
1743 -
1744 - if (unlikely(oldpcount > 1)) {
1745 -+ if (skb_unclone(skb, GFP_ATOMIC))
1746 -+ return -ENOMEM;
1747 - tcp_init_tso_segs(sk, skb, cur_mss);
1748 - tcp_adjust_pcount(sk, skb, oldpcount - tcp_skb_pcount(skb));
1749 - }
1750 diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
1751 index d4943f6..e7a74a5 100644
1752 --- a/net/ipv4/tcp_probe.c
1753 @@ -93520,19 +93240,6 @@ index 7cfc8d2..c5394b6 100644
1754
1755 table = kmemdup(ipv6_icmp_table_template,
1756 sizeof(ipv6_icmp_table_template),
1757 -diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
1758 -index 32b4a16..066640e 100644
1759 ---- a/net/ipv6/inet6_hashtables.c
1760 -+++ b/net/ipv6/inet6_hashtables.c
1761 -@@ -116,7 +116,7 @@ begintw:
1762 - }
1763 - if (unlikely(!INET6_TW_MATCH(sk, net, saddr, daddr,
1764 - ports, dif))) {
1765 -- sock_put(sk);
1766 -+ inet_twsk_put(inet_twsk(sk));
1767 - goto begintw;
1768 - }
1769 - goto out;
1770 diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
1771 index 8bc717b..76fbb5d 100644
1772 --- a/net/ipv6/ip6_gre.c
1773 @@ -93573,19 +93280,6 @@ index 8bc717b..76fbb5d 100644
1774 .kind = "ip6gretap",
1775 .maxtype = IFLA_GRE_MAX,
1776 .policy = ip6gre_policy,
1777 -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
1778 -index 44df1c9..2e542d0 100644
1779 ---- a/net/ipv6/ip6_output.c
1780 -+++ b/net/ipv6/ip6_output.c
1781 -@@ -1252,7 +1252,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
1782 - skb = skb_peek_tail(&sk->sk_write_queue);
1783 - cork->length += length;
1784 - if (((length > mtu) ||
1785 -- (skb && skb_is_gso(skb))) &&
1786 -+ (skb && skb_has_frags(skb))) &&
1787 - (sk->sk_protocol == IPPROTO_UDP) &&
1788 - (rt->dst.dev->features & NETIF_F_UFO)) {
1789 - err = ip6_ufo_append_data(sk, getfrag, from, length,
1790 diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
1791 index cf5d490..30946f0 100644
1792 --- a/net/ipv6/ip6_tunnel.c
1793 @@ -93925,10 +93619,10 @@ index 1aeb473..bea761c 100644
1794 return -ENOMEM;
1795 }
1796 diff --git a/net/ipv6/route.c b/net/ipv6/route.c
1797 -index 8d9a93ed..cd89616 100644
1798 +index 1e32d5c..cbe3b46 100644
1799 --- a/net/ipv6/route.c
1800 +++ b/net/ipv6/route.c
1801 -@@ -2926,7 +2926,7 @@ struct ctl_table ipv6_route_table_template[] = {
1802 +@@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = {
1803
1804 struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
1805 {
1806 @@ -93938,7 +93632,7 @@ index 8d9a93ed..cd89616 100644
1807 table = kmemdup(ipv6_route_table_template,
1808 sizeof(ipv6_route_table_template),
1809 diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
1810 -index 86f639b..71e355e 100644
1811 +index a51ad07..a90bc19 100644
1812 --- a/net/ipv6/sit.c
1813 +++ b/net/ipv6/sit.c
1814 @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
1815 @@ -94278,10 +93972,10 @@ index ab8bd2c..3a3eb81 100644
1816 return res;
1817 }
1818 diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c
1819 -index feae495..aedaa2c 100644
1820 +index b076e83..793e6ff 100644
1821 --- a/net/l2tp/l2tp_core.c
1822 +++ b/net/l2tp/l2tp_core.c
1823 -@@ -496,6 +496,7 @@ out:
1824 +@@ -501,6 +501,7 @@ out:
1825 static inline int l2tp_verify_udp_checksum(struct sock *sk,
1826 struct sk_buff *skb)
1827 {
1828 @@ -94289,81 +93983,6 @@ index feae495..aedaa2c 100644
1829 struct udphdr *uh = udp_hdr(skb);
1830 u16 ulen = ntohs(uh->len);
1831 __wsum psum;
1832 -@@ -504,7 +505,7 @@ static inline int l2tp_verify_udp_checksum(struct sock *sk,
1833 - return 0;
1834 -
1835 - #if IS_ENABLED(CONFIG_IPV6)
1836 -- if (sk->sk_family == PF_INET6) {
1837 -+ if (sk->sk_family == PF_INET6 && !tunnel->v4mapped) {
1838 - if (!uh->check) {
1839 - LIMIT_NETDEBUG(KERN_INFO "L2TP: IPv6: checksum is 0\n");
1840 - return 1;
1841 -@@ -1128,7 +1129,7 @@ static int l2tp_xmit_core(struct l2tp_session *session, struct sk_buff *skb,
1842 - /* Queue the packet to IP for output */
1843 - skb->local_df = 1;
1844 - #if IS_ENABLED(CONFIG_IPV6)
1845 -- if (skb->sk->sk_family == PF_INET6)
1846 -+ if (skb->sk->sk_family == PF_INET6 && !tunnel->v4mapped)
1847 - error = inet6_csk_xmit(skb, NULL);
1848 - else
1849 - #endif
1850 -@@ -1255,7 +1256,7 @@ int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb, int hdr_len
1851 -
1852 - /* Calculate UDP checksum if configured to do so */
1853 - #if IS_ENABLED(CONFIG_IPV6)
1854 -- if (sk->sk_family == PF_INET6)
1855 -+ if (sk->sk_family == PF_INET6 && !tunnel->v4mapped)
1856 - l2tp_xmit_ipv6_csum(sk, skb, udp_len);
1857 - else
1858 - #endif
1859 -@@ -1704,6 +1705,24 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1860 - if (cfg != NULL)
1861 - tunnel->debug = cfg->debug;
1862 -
1863 -+#if IS_ENABLED(CONFIG_IPV6)
1864 -+ if (sk->sk_family == PF_INET6) {
1865 -+ struct ipv6_pinfo *np = inet6_sk(sk);
1866 -+
1867 -+ if (ipv6_addr_v4mapped(&np->saddr) &&
1868 -+ ipv6_addr_v4mapped(&np->daddr)) {
1869 -+ struct inet_sock *inet = inet_sk(sk);
1870 -+
1871 -+ tunnel->v4mapped = true;
1872 -+ inet->inet_saddr = np->saddr.s6_addr32[3];
1873 -+ inet->inet_rcv_saddr = np->rcv_saddr.s6_addr32[3];
1874 -+ inet->inet_daddr = np->daddr.s6_addr32[3];
1875 -+ } else {
1876 -+ tunnel->v4mapped = false;
1877 -+ }
1878 -+ }
1879 -+#endif
1880 -+
1881 - /* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
1882 - tunnel->encap = encap;
1883 - if (encap == L2TP_ENCAPTYPE_UDP) {
1884 -@@ -1712,7 +1731,7 @@ int l2tp_tunnel_create(struct net *net, int fd, int version, u32 tunnel_id, u32
1885 - udp_sk(sk)->encap_rcv = l2tp_udp_encap_recv;
1886 - udp_sk(sk)->encap_destroy = l2tp_udp_encap_destroy;
1887 - #if IS_ENABLED(CONFIG_IPV6)
1888 -- if (sk->sk_family == PF_INET6)
1889 -+ if (sk->sk_family == PF_INET6 && !tunnel->v4mapped)
1890 - udpv6_encap_enable();
1891 - else
1892 - #endif
1893 -diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h
1894 -index 66a559b..6f251cb 100644
1895 ---- a/net/l2tp/l2tp_core.h
1896 -+++ b/net/l2tp/l2tp_core.h
1897 -@@ -194,6 +194,9 @@ struct l2tp_tunnel {
1898 - struct sock *sock; /* Parent socket */
1899 - int fd; /* Parent fd, if tunnel socket
1900 - * was created by userspace */
1901 -+#if IS_ENABLED(CONFIG_IPV6)
1902 -+ bool v4mapped;
1903 -+#endif
1904 -
1905 - struct work_struct del_work;
1906 -
1907 diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
1908 index 43dd752..63a23bc 100644
1909 --- a/net/mac80211/cfg.c
1910 @@ -95977,7 +95596,7 @@ index 9a5c4c9..46e4b29 100644
1911
1912 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
1913 diff --git a/net/socket.c b/net/socket.c
1914 -index b2d7c62..f703b02 100644
1915 +index 4b94643..f703b02 100644
1916 --- a/net/socket.c
1917 +++ b/net/socket.c
1918 @@ -88,6 +88,7 @@
1919 @@ -96161,38 +95780,7 @@ index b2d7c62..f703b02 100644
1920 int err, err2;
1921 int fput_needed;
1922
1923 -@@ -1973,6 +2039,16 @@ struct used_address {
1924 - unsigned int name_len;
1925 - };
1926 -
1927 -+static int copy_msghdr_from_user(struct msghdr *kmsg,
1928 -+ struct msghdr __user *umsg)
1929 -+{
1930 -+ if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
1931 -+ return -EFAULT;
1932 -+ if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
1933 -+ return -EINVAL;
1934 -+ return 0;
1935 -+}
1936 -+
1937 - static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1938 - struct msghdr *msg_sys, unsigned int flags,
1939 - struct used_address *used_address)
1940 -@@ -1991,8 +2067,11 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1941 - if (MSG_CMSG_COMPAT & flags) {
1942 - if (get_compat_msghdr(msg_sys, msg_compat))
1943 - return -EFAULT;
1944 -- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
1945 -- return -EFAULT;
1946 -+ } else {
1947 -+ err = copy_msghdr_from_user(msg_sys, msg);
1948 -+ if (err)
1949 -+ return err;
1950 -+ }
1951 -
1952 - if (msg_sys->msg_iovlen > UIO_FASTIOV) {
1953 - err = -EMSGSIZE;
1954 -@@ -2040,7 +2119,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1955 +@@ -2053,7 +2119,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1956 * checking falls down on this.
1957 */
1958 if (copy_from_user(ctl_buf,
1959 @@ -96201,7 +95789,7 @@ index b2d7c62..f703b02 100644
1960 ctl_len))
1961 goto out_freectl;
1962 msg_sys->msg_control = ctl_buf;
1963 -@@ -2191,7 +2270,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1964 +@@ -2204,7 +2270,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1965 int err, total_len, len;
1966
1967 /* kernel mode address */
1968 @@ -96210,21 +95798,7 @@ index b2d7c62..f703b02 100644
1969
1970 /* user mode address pointers */
1971 struct sockaddr __user *uaddr;
1972 -@@ -2200,8 +2279,11 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1973 - if (MSG_CMSG_COMPAT & flags) {
1974 - if (get_compat_msghdr(msg_sys, msg_compat))
1975 - return -EFAULT;
1976 -- } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
1977 -- return -EFAULT;
1978 -+ } else {
1979 -+ err = copy_msghdr_from_user(msg_sys, msg);
1980 -+ if (err)
1981 -+ return err;
1982 -+ }
1983 -
1984 - if (msg_sys->msg_iovlen > UIO_FASTIOV) {
1985 - err = -EMSGSIZE;
1986 -@@ -2219,7 +2301,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1987 +@@ -2235,7 +2301,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
1988 * kernel msghdr to use the kernel address space)
1989 */
1990
1991 @@ -96233,7 +95807,7 @@ index b2d7c62..f703b02 100644
1992 uaddr_len = COMPAT_NAMELEN(msg);
1993 if (MSG_CMSG_COMPAT & flags) {
1994 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
1995 -@@ -2974,7 +3056,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
1996 +@@ -2990,7 +3056,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
1997 old_fs = get_fs();
1998 set_fs(KERNEL_DS);
1999 err = dev_ioctl(net, cmd,
2000 @@ -96242,7 +95816,7 @@ index b2d7c62..f703b02 100644
2001 set_fs(old_fs);
2002
2003 return err;
2004 -@@ -3083,7 +3165,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2005 +@@ -3099,7 +3165,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2006
2007 old_fs = get_fs();
2008 set_fs(KERNEL_DS);
2009 @@ -96251,7 +95825,7 @@ index b2d7c62..f703b02 100644
2010 set_fs(old_fs);
2011
2012 if (cmd == SIOCGIFMAP && !err) {
2013 -@@ -3188,7 +3270,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2014 +@@ -3204,7 +3270,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
2015 ret |= __get_user(rtdev, &(ur4->rt_dev));
2016 if (rtdev) {
2017 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
2018 @@ -96260,7 +95834,7 @@ index b2d7c62..f703b02 100644
2019 devname[15] = 0;
2020 } else
2021 r4.rt_dev = NULL;
2022 -@@ -3414,8 +3496,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2023 +@@ -3430,8 +3496,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
2024 int __user *uoptlen;
2025 int err;
2026
2027 @@ -96271,7 +95845,7 @@ index b2d7c62..f703b02 100644
2028
2029 set_fs(KERNEL_DS);
2030 if (level == SOL_SOCKET)
2031 -@@ -3435,7 +3517,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2032 +@@ -3451,7 +3517,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
2033 char __user *uoptval;
2034 int err;
2035
2036 @@ -96614,7 +96188,7 @@ index d38bb45..4fd6ac6 100644
2037
2038 sub->evt.event = htohl(event, sub->swap);
2039 diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
2040 -index c4ce243..2be7c59 100644
2041 +index e64bbcf..9c3ba79 100644
2042 --- a/net/unix/af_unix.c
2043 +++ b/net/unix/af_unix.c
2044 @@ -784,6 +784,12 @@ static struct sock *unix_find_other(struct net *net,
2045 @@ -96663,7 +96237,7 @@ index c4ce243..2be7c59 100644
2046 done_path_create(&path, dentry);
2047 return err;
2048 }
2049 -@@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2050 +@@ -2335,9 +2354,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2051 seq_puts(seq, "Num RefCount Protocol Flags Type St "
2052 "Inode Path\n");
2053 else {
2054 @@ -96678,7 +96252,7 @@ index c4ce243..2be7c59 100644
2055
2056 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
2057 s,
2058 -@@ -2354,8 +2377,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2059 +@@ -2364,8 +2387,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
2060 }
2061 for ( ; i < len; i++)
2062 seq_putc(seq, u->addr->name->sun_path[i]);
2063 @@ -96691,18 +96265,6 @@ index c4ce243..2be7c59 100644
2064 seq_putc(seq, '\n');
2065 }
2066
2067 -diff --git a/net/unix/diag.c b/net/unix/diag.c
2068 -index d591091..86fa0f3 100644
2069 ---- a/net/unix/diag.c
2070 -+++ b/net/unix/diag.c
2071 -@@ -124,6 +124,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, struct unix_diag_r
2072 - rep->udiag_family = AF_UNIX;
2073 - rep->udiag_type = sk->sk_type;
2074 - rep->udiag_state = sk->sk_state;
2075 -+ rep->pad = 0;
2076 - rep->udiag_ino = sk_ino;
2077 - sock_diag_save_cookie(sk, rep->udiag_cookie);
2078 -
2079 diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c
2080 index b3d5150..ff3a837 100644
2081 --- a/net/unix/sysctl_net_unix.c
2082 @@ -97631,10 +97193,10 @@ index f5eb43d..1814de8 100644
2083 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
2084 shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
2085 diff --git a/security/Kconfig b/security/Kconfig
2086 -index e9c6ac7..5b9d82e 100644
2087 +index e9c6ac7..031a726 100644
2088 --- a/security/Kconfig
2089 +++ b/security/Kconfig
2090 -@@ -4,6 +4,959 @@
2091 +@@ -4,6 +4,960 @@
2092
2093 menu "Security options"
2094
2095 @@ -97669,6 +97231,7 @@ index e9c6ac7..5b9d82e 100644
2096 + select PROC_FS
2097 + select STOP_MACHINE
2098 + select TTY
2099 ++ select DEBUG_LIST
2100 + help
2101 + If you say Y here, you will be able to configure many features
2102 + that will enhance the security of your system. It is highly
2103 @@ -98594,7 +98157,7 @@ index e9c6ac7..5b9d82e 100644
2104 source security/keys/Kconfig
2105
2106 config SECURITY_DMESG_RESTRICT
2107 -@@ -103,7 +1056,7 @@ config INTEL_TXT
2108 +@@ -103,7 +1057,7 @@ config INTEL_TXT
2109 config LSM_MMAP_MIN_ADDR
2110 int "Low address space for LSM to protect from user allocation"
2111 depends on SECURITY && SECURITY_SELINUX
2112
2113 diff --git a/3.11.6/4425_grsec_remove_EI_PAX.patch b/3.11.7/4425_grsec_remove_EI_PAX.patch
2114 similarity index 96%
2115 rename from 3.11.6/4425_grsec_remove_EI_PAX.patch
2116 rename to 3.11.7/4425_grsec_remove_EI_PAX.patch
2117 index 415fda5..cf65d90 100644
2118 --- a/3.11.6/4425_grsec_remove_EI_PAX.patch
2119 +++ b/3.11.7/4425_grsec_remove_EI_PAX.patch
2120 @@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
2121 diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
2122 --- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
2123 +++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
2124 -@@ -266,7 +266,7 @@
2125 +@@ -267,7 +267,7 @@
2126
2127 config PAX_EI_PAX
2128 bool 'Use legacy ELF header marking'
2129
2130 diff --git a/3.11.6/4427_force_XATTR_PAX_tmpfs.patch b/3.11.7/4427_force_XATTR_PAX_tmpfs.patch
2131 similarity index 100%
2132 rename from 3.11.6/4427_force_XATTR_PAX_tmpfs.patch
2133 rename to 3.11.7/4427_force_XATTR_PAX_tmpfs.patch
2134
2135 diff --git a/3.11.6/4430_grsec-remove-localversion-grsec.patch b/3.11.7/4430_grsec-remove-localversion-grsec.patch
2136 similarity index 100%
2137 rename from 3.11.6/4430_grsec-remove-localversion-grsec.patch
2138 rename to 3.11.7/4430_grsec-remove-localversion-grsec.patch
2139
2140 diff --git a/3.11.6/4435_grsec-mute-warnings.patch b/3.11.7/4435_grsec-mute-warnings.patch
2141 similarity index 100%
2142 rename from 3.11.6/4435_grsec-mute-warnings.patch
2143 rename to 3.11.7/4435_grsec-mute-warnings.patch
2144
2145 diff --git a/3.11.6/4440_grsec-remove-protected-paths.patch b/3.11.7/4440_grsec-remove-protected-paths.patch
2146 similarity index 100%
2147 rename from 3.11.6/4440_grsec-remove-protected-paths.patch
2148 rename to 3.11.7/4440_grsec-remove-protected-paths.patch
2149
2150 diff --git a/3.11.6/4450_grsec-kconfig-default-gids.patch b/3.11.7/4450_grsec-kconfig-default-gids.patch
2151 similarity index 98%
2152 rename from 3.11.6/4450_grsec-kconfig-default-gids.patch
2153 rename to 3.11.7/4450_grsec-kconfig-default-gids.patch
2154 index 8c7b0b2..c928378 100644
2155 --- a/3.11.6/4450_grsec-kconfig-default-gids.patch
2156 +++ b/3.11.7/4450_grsec-kconfig-default-gids.patch
2157 @@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2158 diff -Nuar a/security/Kconfig b/security/Kconfig
2159 --- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
2160 +++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
2161 -@@ -194,7 +194,7 @@
2162 +@@ -195,7 +195,7 @@
2163
2164 config GRKERNSEC_PROC_GID
2165 int "GID exempted from /proc restrictions"
2166 @@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2167 help
2168 Setting this GID determines which group will be exempted from
2169 grsecurity's /proc restrictions, allowing users of the specified
2170 -@@ -205,7 +205,7 @@
2171 +@@ -206,7 +206,7 @@
2172 config GRKERNSEC_TPE_UNTRUSTED_GID
2173 int "GID for TPE-untrusted users"
2174 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
2175 @@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2176 help
2177 Setting this GID determines which group untrusted users should
2178 be added to. These users will be placed under grsecurity's Trusted Path
2179 -@@ -217,7 +217,7 @@
2180 +@@ -218,7 +218,7 @@
2181 config GRKERNSEC_TPE_TRUSTED_GID
2182 int "GID for TPE-trusted users"
2183 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
2184 @@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2185 help
2186 Setting this GID determines what group TPE restrictions will be
2187 *disabled* for. If the sysctl option is enabled, a sysctl option
2188 -@@ -226,7 +226,7 @@
2189 +@@ -227,7 +227,7 @@
2190 config GRKERNSEC_SYMLINKOWN_GID
2191 int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
2192 depends on GRKERNSEC_CONFIG_SERVER
2193
2194 diff --git a/3.11.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.11.7/4465_selinux-avc_audit-log-curr_ip.patch
2195 similarity index 100%
2196 rename from 3.11.6/4465_selinux-avc_audit-log-curr_ip.patch
2197 rename to 3.11.7/4465_selinux-avc_audit-log-curr_ip.patch
2198
2199 diff --git a/3.11.6/4470_disable-compat_vdso.patch b/3.11.7/4470_disable-compat_vdso.patch
2200 similarity index 100%
2201 rename from 3.11.6/4470_disable-compat_vdso.patch
2202 rename to 3.11.7/4470_disable-compat_vdso.patch
2203
2204 diff --git a/3.11.6/4475_emutramp_default_on.patch b/3.11.7/4475_emutramp_default_on.patch
2205 similarity index 97%
2206 rename from 3.11.6/4475_emutramp_default_on.patch
2207 rename to 3.11.7/4475_emutramp_default_on.patch
2208 index cfde6f8..30f6978 100644
2209 --- a/3.11.6/4475_emutramp_default_on.patch
2210 +++ b/3.11.7/4475_emutramp_default_on.patch
2211 @@ -10,7 +10,7 @@ See bug:
2212 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
2213 --- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
2214 +++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
2215 -@@ -427,7 +427,7 @@
2216 +@@ -428,7 +428,7 @@
2217
2218 config PAX_EMUTRAMP
2219 bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
2220
2221 diff --git a/3.2.52/0000_README b/3.2.52/0000_README
2222 index 7ddab2f..a5b9436 100644
2223 --- a/3.2.52/0000_README
2224 +++ b/3.2.52/0000_README
2225 @@ -126,7 +126,7 @@ Patch: 1051_linux-3.2.52.patch
2226 From: http://www.kernel.org
2227 Desc: Linux 3.2.52
2228
2229 -Patch: 4420_grsecurity-2.9.1-3.2.52-201311021628.patch
2230 +Patch: 4420_grsecurity-2.9.1-3.2.52-201311071633.patch
2231 From: http://www.grsecurity.net
2232 Desc: hardened-sources base patch from upstream grsecurity
2233
2234
2235 diff --git a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311021628.patch b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311071633.patch
2236 similarity index 99%
2237 rename from 3.2.52/4420_grsecurity-2.9.1-3.2.52-201311021628.patch
2238 rename to 3.2.52/4420_grsecurity-2.9.1-3.2.52-201311071633.patch
2239 index 398b6be..c2c26e8 100644
2240 --- a/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311021628.patch
2241 +++ b/3.2.52/4420_grsecurity-2.9.1-3.2.52-201311071633.patch
2242 @@ -8861,6 +8861,23 @@ index 0032f92..cd151e0 100644
2243
2244 #ifdef CONFIG_64BIT
2245 #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
2246 +diff --git a/arch/um/kernel/exitcode.c b/arch/um/kernel/exitcode.c
2247 +index 829df49..41ebbfe 100644
2248 +--- a/arch/um/kernel/exitcode.c
2249 ++++ b/arch/um/kernel/exitcode.c
2250 +@@ -40,9 +40,11 @@ static ssize_t exitcode_proc_write(struct file *file,
2251 + const char __user *buffer, size_t count, loff_t *pos)
2252 + {
2253 + char *end, buf[sizeof("nnnnn\0")];
2254 ++ size_t size;
2255 + int tmp;
2256 +
2257 +- if (copy_from_user(buf, buffer, count))
2258 ++ size = min(count, sizeof(buf));
2259 ++ if (copy_from_user(buf, buffer, size))
2260 + return -EFAULT;
2261 +
2262 + tmp = simple_strtol(buf, &end, 0);
2263 diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
2264 index c533835..84db18e 100644
2265 --- a/arch/um/kernel/process.c
2266 @@ -84864,7 +84881,7 @@ index 3efb882..8492f4c 100644
2267
2268 if (atomic_dec_and_test(&kref->refcount)) {
2269 diff --git a/lib/list_debug.c b/lib/list_debug.c
2270 -index b8029a5..a72c207 100644
2271 +index b8029a5..2b120e1 100644
2272 --- a/lib/list_debug.c
2273 +++ b/lib/list_debug.c
2274 @@ -8,7 +8,9 @@
2275 @@ -84877,47 +84894,58 @@ index b8029a5..a72c207 100644
2276 /*
2277 * Insert a new entry between two known consecutive entries.
2278 *
2279 -@@ -16,18 +18,32 @@
2280 +@@ -16,18 +18,40 @@
2281 * the prev/next entries already!
2282 */
2283
2284 --void __list_add(struct list_head *new,
2285 -- struct list_head *prev,
2286 -- struct list_head *next)
2287 +static bool __list_add_debug(struct list_head *new,
2288 + struct list_head *prev,
2289 + struct list_head *next)
2290 - {
2291 -- WARN(next->prev != prev,
2292 -+ if (WARN(next->prev != prev,
2293 - "list_add corruption. next->prev should be "
2294 - "prev (%p), but was %p. (next=%p).\n",
2295 -- prev, next->prev, next);
2296 -- WARN(prev->next != next,
2297 -+ prev, next->prev, next) ||
2298 -+ WARN(prev->next != next,
2299 - "list_add corruption. prev->next should be "
2300 - "next (%p), but was %p. (prev=%p).\n",
2301 -- next, prev->next, prev);
2302 -+ next, prev->next, prev) ||
2303 -+ WARN(new == prev || new == next,
2304 -+ "list_add double add: new=%p, prev=%p, next=%p.\n",
2305 -+ new, prev, next))
2306 ++{
2307 ++ if (unlikely(next->prev != prev)) {
2308 ++ printk(KERN_ERR "list_add corruption. next->prev should be "
2309 ++ "prev (%p), but was %p. (next=%p).\n",
2310 ++ prev, next->prev, next);
2311 ++ BUG();
2312 + return false;
2313 ++ }
2314 ++ if (unlikely(prev->next != next)) {
2315 ++ printk(KERN_ERR "list_add corruption. prev->next should be "
2316 ++ "next (%p), but was %p. (prev=%p).\n",
2317 ++ next, prev->next, prev);
2318 ++ BUG();
2319 ++ return false;
2320 ++ }
2321 ++ if (unlikely(new == prev || new == next)) {
2322 ++ printk(KERN_ERR "list_add double add: new=%p, prev=%p, next=%p.\n",
2323 ++ new, prev, next);
2324 ++ BUG();
2325 ++ return false;
2326 ++ }
2327 + return true;
2328 +}
2329 +
2330 -+void __list_add(struct list_head *new,
2331 + void __list_add(struct list_head *new,
2332 +- struct list_head *prev,
2333 +- struct list_head *next)
2334 + struct list_head *prev,
2335 + struct list_head *next)
2336 -+{
2337 + {
2338 +- WARN(next->prev != prev,
2339 +- "list_add corruption. next->prev should be "
2340 +- "prev (%p), but was %p. (next=%p).\n",
2341 +- prev, next->prev, next);
2342 +- WARN(prev->next != next,
2343 +- "list_add corruption. prev->next should be "
2344 +- "next (%p), but was %p. (prev=%p).\n",
2345 +- next, prev->next, prev);
2346 + if (!__list_add_debug(new, prev, next))
2347 + return;
2348 +
2349 next->prev = new;
2350 new->next = next;
2351 new->prev = prev;
2352 -@@ -35,7 +51,7 @@ void __list_add(struct list_head *new,
2353 +@@ -35,28 +59,46 @@ void __list_add(struct list_head *new,
2354 }
2355 EXPORT_SYMBOL(__list_add);
2356
2357 @@ -84926,11 +84954,45 @@ index b8029a5..a72c207 100644
2358 {
2359 struct list_head *prev, *next;
2360
2361 -@@ -54,9 +70,16 @@ void __list_del_entry(struct list_head *entry)
2362 - WARN(next->prev != entry,
2363 - "list_del corruption. next->prev should be %p, "
2364 - "but was %p\n", entry, next->prev))
2365 + prev = entry->prev;
2366 + next = entry->next;
2367 +
2368 +- if (WARN(next == LIST_POISON1,
2369 +- "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
2370 +- entry, LIST_POISON1) ||
2371 +- WARN(prev == LIST_POISON2,
2372 +- "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
2373 +- entry, LIST_POISON2) ||
2374 +- WARN(prev->next != entry,
2375 +- "list_del corruption. prev->next should be %p, "
2376 +- "but was %p\n", entry, prev->next) ||
2377 +- WARN(next->prev != entry,
2378 +- "list_del corruption. next->prev should be %p, "
2379 +- "but was %p\n", entry, next->prev))
2380 ++ if (unlikely(next == LIST_POISON1)) {
2381 ++ printk(KERN_ERR "list_del corruption, %p->next is LIST_POISON1 (%p)\n",
2382 ++ entry, LIST_POISON1);
2383 ++ BUG();
2384 ++ return false;
2385 ++ }
2386 ++ if (unlikely(prev == LIST_POISON2)) {
2387 ++ printk(KERN_ERR "list_del corruption, %p->prev is LIST_POISON2 (%p)\n",
2388 ++ entry, LIST_POISON2);
2389 ++ BUG();
2390 ++ return false;
2391 ++ }
2392 ++ if (unlikely(entry->prev->next != entry)) {
2393 ++ printk(KERN_ERR "list_del corruption. prev->next should be %p, "
2394 ++ "but was %p\n", entry, prev->next);
2395 ++ BUG();
2396 + return false;
2397 ++ }
2398 ++ if (unlikely(entry->next->prev != entry)) {
2399 ++ printk(KERN_ERR "list_del corruption. next->prev should be %p, "
2400 ++ "but was %p\n", entry, next->prev);
2401 ++ BUG();
2402 ++ return false;
2403 ++ }
2404 + return true;
2405 +}
2406 +
2407 @@ -84944,7 +85006,7 @@ index b8029a5..a72c207 100644
2408 }
2409 EXPORT_SYMBOL(__list_del_entry);
2410
2411 -@@ -73,3 +96,76 @@ void list_del(struct list_head *entry)
2412 +@@ -73,3 +115,76 @@ void list_del(struct list_head *entry)
2413 entry->prev = LIST_POISON2;
2414 }
2415 EXPORT_SYMBOL(list_del);
2416 @@ -98049,10 +98111,10 @@ index 38f6617..e70b72b 100755
2417
2418 exuberant()
2419 diff --git a/security/Kconfig b/security/Kconfig
2420 -index 51bd5a0..e4faa00 100644
2421 +index 51bd5a0..d0de7b0 100644
2422 --- a/security/Kconfig
2423 +++ b/security/Kconfig
2424 -@@ -4,6 +4,954 @@
2425 +@@ -4,6 +4,955 @@
2426
2427 menu "Security options"
2428
2429 @@ -98086,6 +98148,7 @@ index 51bd5a0..e4faa00 100644
2430 + select CRYPTO_SHA256
2431 + select PROC_FS
2432 + select STOP_MACHINE
2433 ++ select DEBUG_LIST
2434 + help
2435 + If you say Y here, you will be able to configure many features
2436 + that will enhance the security of your system. It is highly
2437 @@ -99007,7 +99070,7 @@ index 51bd5a0..e4faa00 100644
2438 config KEYS
2439 bool "Enable access key retention support"
2440 help
2441 -@@ -169,7 +1117,7 @@ config INTEL_TXT
2442 +@@ -169,7 +1118,7 @@ config INTEL_TXT
2443 config LSM_MMAP_MIN_ADDR
2444 int "Low address space for LSM to protect from user allocation"
2445 depends on SECURITY && SECURITY_SELINUX
2446
2447 diff --git a/3.2.52/4425_grsec_remove_EI_PAX.patch b/3.2.52/4425_grsec_remove_EI_PAX.patch
2448 index 7d06ac2..415fda5 100644
2449 --- a/3.2.52/4425_grsec_remove_EI_PAX.patch
2450 +++ b/3.2.52/4425_grsec_remove_EI_PAX.patch
2451 @@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
2452 diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
2453 --- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
2454 +++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
2455 -@@ -265,7 +265,7 @@
2456 +@@ -266,7 +266,7 @@
2457
2458 config PAX_EI_PAX
2459 bool 'Use legacy ELF header marking'
2460
2461 diff --git a/3.2.52/4450_grsec-kconfig-default-gids.patch b/3.2.52/4450_grsec-kconfig-default-gids.patch
2462 index 4de4ac0..8c7b0b2 100644
2463 --- a/3.2.52/4450_grsec-kconfig-default-gids.patch
2464 +++ b/3.2.52/4450_grsec-kconfig-default-gids.patch
2465 @@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
2466 diff -Nuar a/security/Kconfig b/security/Kconfig
2467 --- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
2468 +++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
2469 -@@ -193,7 +193,7 @@
2470 +@@ -194,7 +194,7 @@
2471
2472 config GRKERNSEC_PROC_GID
2473 int "GID exempted from /proc restrictions"
2474 @@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2475 help
2476 Setting this GID determines which group will be exempted from
2477 grsecurity's /proc restrictions, allowing users of the specified
2478 -@@ -204,7 +204,7 @@
2479 +@@ -205,7 +205,7 @@
2480 config GRKERNSEC_TPE_UNTRUSTED_GID
2481 int "GID for TPE-untrusted users"
2482 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
2483 @@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2484 help
2485 Setting this GID determines which group untrusted users should
2486 be added to. These users will be placed under grsecurity's Trusted Path
2487 -@@ -216,7 +216,7 @@
2488 +@@ -217,7 +217,7 @@
2489 config GRKERNSEC_TPE_TRUSTED_GID
2490 int "GID for TPE-trusted users"
2491 depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
2492 @@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
2493 help
2494 Setting this GID determines what group TPE restrictions will be
2495 *disabled* for. If the sysctl option is enabled, a sysctl option
2496 -@@ -225,7 +225,7 @@
2497 +@@ -226,7 +226,7 @@
2498 config GRKERNSEC_SYMLINKOWN_GID
2499 int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
2500 depends on GRKERNSEC_CONFIG_SERVER
2501
2502 diff --git a/3.2.52/4470_disable-compat_vdso.patch b/3.2.52/4470_disable-compat_vdso.patch
2503 index 99c691b..6905571 100644
2504 --- a/3.2.52/4470_disable-compat_vdso.patch
2505 +++ b/3.2.52/4470_disable-compat_vdso.patch
2506 @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
2507 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
2508 --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
2509 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
2510 -@@ -1652,17 +1652,8 @@
2511 +@@ -1653,17 +1653,8 @@
2512
2513 config COMPAT_VDSO
2514 def_bool n
2515
2516 diff --git a/3.2.52/4475_emutramp_default_on.patch b/3.2.52/4475_emutramp_default_on.patch
2517 index df700e6..cfde6f8 100644
2518 --- a/3.2.52/4475_emutramp_default_on.patch
2519 +++ b/3.2.52/4475_emutramp_default_on.patch
2520 @@ -10,7 +10,7 @@ See bug:
2521 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
2522 --- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
2523 +++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
2524 -@@ -426,7 +426,7 @@
2525 +@@ -427,7 +427,7 @@
2526
2527 config PAX_EMUTRAMP
2528 bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
Report Message
Find on MARC Find on Google Groups