diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-05-04 16:06:48 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-05-04 16:06:48 -0400 |
| commit | 0a1edb909716e16373c79d2ac96decf47790482f (patch) | |
| tree | e6b6769210b15f78ba2a3c17545467cfc2cf26f3 | |
| parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.10}-201304271916 (diff) | |
| download | hardened-patchset-0a1edb909716e16373c79d2ac96decf47790482f.tar.gz hardened-patchset-0a1edb909716e16373c79d2ac96decf47790482f.tar.bz2 hardened-patchset-0a1edb909716e16373c79d2ac96decf47790482f.zip | |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.11}-20130501191720130501
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch) | 22 | ||||
| -rw-r--r-- | 3.2.44/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch (renamed from 3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch) | 233 | ||||
| -rw-r--r-- | 3.8.10/1008_linux-3.8.9.patch | 1649 | ||||
| -rw-r--r-- | 3.8.10/1009_linux-3.8.10.patch | 67 | ||||
| -rw-r--r-- | 3.8.11/0000_README (renamed from 3.8.10/0000_README) | 10 | ||||
| -rw-r--r-- | 3.8.11/1010_linux-3.8.11.patch | 1556 | ||||
| -rw-r--r-- | 3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch (renamed from 3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch) | 1131 | ||||
| -rw-r--r-- | 3.8.11/4425_grsec_remove_EI_PAX.patch (renamed from 3.8.10/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4430_grsec-remove-localversion-grsec.patch (renamed from 3.8.10/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4435_grsec-mute-warnings.patch (renamed from 3.8.10/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4440_grsec-remove-protected-paths.patch (renamed from 3.8.10/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4450_grsec-kconfig-default-gids.patch (renamed from 3.8.10/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.8.10/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.8.11/4470_disable-compat_vdso.patch (renamed from 3.8.10/4470_disable-compat_vdso.patch) | 0 |
16 files changed, 1997 insertions, 2675 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 2b44ed9..3b25af8 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch index 2f14145..31c0020 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304262205.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201304292054.patch @@ -76580,10 +76580,18 @@ index cb2849f..3718fb4 100644 if (entry->bitmap && entry->bytes > bytes + empty_size) { ret = btrfs_bitmap_cluster(block_group, entry, cluster, diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index e03a836..323837e 100644 +index e03a836..d4e4e69 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations; +@@ -17,6 +17,7 @@ + */ + + #include <linux/kernel.h> ++#include <linux/module.h> + #include <linux/bio.h> + #include <linux/buffer_head.h> + #include <linux/file.h> +@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations; static const struct address_space_operations btrfs_aops; static const struct address_space_operations btrfs_symlink_aops; static const struct file_operations btrfs_dir_file_operations; @@ -76592,7 +76600,7 @@ index e03a836..323837e 100644 static struct kmem_cache *btrfs_inode_cachep; struct kmem_cache *btrfs_trans_handle_cachep; -@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, +@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, 1, 0, NULL, GFP_NOFS); while (start < end) { async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS); @@ -76600,7 +76608,7 @@ index e03a836..323837e 100644 async_cow->inode = inode; async_cow->root = root; async_cow->locked_page = locked_page; -@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, +@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, inline_size = btrfs_file_extent_inline_item_len(leaf, btrfs_item_nr(leaf, path->slots[0])); tmp = kmalloc(inline_size, GFP_NOFS); @@ -76609,7 +76617,7 @@ index e03a836..323837e 100644 ptr = btrfs_file_extent_inline_start(item); read_extent_buffer(leaf, tmp, ptr, inline_size); -@@ -5410,7 +5413,7 @@ fail: +@@ -5410,7 +5414,7 @@ fail: return -ENOMEM; } @@ -76618,7 +76626,7 @@ index e03a836..323837e 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -5422,6 +5425,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -76633,7 +76641,7 @@ index e03a836..323837e 100644 static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry) { -@@ -5972,7 +5983,7 @@ static const struct file_operations btrfs_dir_file_operations = { +@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = { .fsync = btrfs_sync_file, }; diff --git a/3.2.44/0000_README b/3.2.44/0000_README index 91b9efe..1b7cbd6 100644 --- a/3.2.44/0000_README +++ b/3.2.44/0000_README @@ -94,7 +94,7 @@ Patch: 1043_linux-3.2.44.patch From: http://www.kernel.org Desc: Linux 3.2.44 -Patch: 4420_grsecurity-2.9.1-3.2.44-201304271916.patch +Patch: 4420_grsecurity-2.9.1-3.2.44-201304292055.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch b/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch index 062dff7..258f868 100644 --- a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304271916.patch +++ b/3.2.44/4420_grsecurity-2.9.1-3.2.44-201304292055.patch @@ -17034,7 +17034,7 @@ index d2d488b8..a4f589f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 6274f5f..3d36291 100644 +index 6274f5f..7342ebb 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -55,6 +55,8 @@ @@ -17110,7 +17110,7 @@ index 6274f5f..3d36291 100644 jmp *%rdi #endif -@@ -178,6 +186,273 @@ ENTRY(native_usergs_sysret64) +@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -17165,7 +17165,7 @@ index 6274f5f..3d36291 100644 + pax_force_retaddr + retq + -+2: ljmpq __KERNEL_CS,1f ++2: ljmpq __KERNEL_CS,1b +3: ljmpq __KERNEXEC_KERNEL_CS,4f +4: SET_RDI_INTO_CR0 + jmp 1b @@ -17181,6 +17181,9 @@ index 6274f5f..3d36291 100644 + mov %cs,%rdi + cmp $__KERNEXEC_KERNEL_CS,%edi + jz 2f ++ GET_CR0_INTO_RDI ++ bts $16,%rdi ++ jnc 4f +1: + +#ifdef CONFIG_PARAVIRT @@ -17193,9 +17196,12 @@ index 6274f5f..3d36291 100644 + +2: GET_CR0_INTO_RDI + btr $16,%rdi ++ jnc 4f + ljmpq __KERNEL_CS,3f +3: SET_RDI_INTO_CR0 + jmp 1b ++4: ud2 ++ jmp 4b +ENDPROC(pax_exit_kernel) +#endif + @@ -17285,6 +17291,7 @@ index 6274f5f..3d36291 100644 +#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI + btr $16,%rdi ++ jnc 3f + SET_RDI_INTO_CR0 +#endif + @@ -17322,6 +17329,8 @@ index 6274f5f..3d36291 100644 + popq %rdi + pax_force_retaddr + retq ++3: ud2 ++ jmp 3b +ENDPROC(pax_exit_kernel_user) +#endif + @@ -17384,7 +17393,7 @@ index 6274f5f..3d36291 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -231,8 +506,8 @@ ENDPROC(native_usergs_sysret64) +@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -17395,7 +17404,7 @@ index 6274f5f..3d36291 100644 .endm /* -@@ -319,7 +594,7 @@ ENDPROC(native_usergs_sysret64) +@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -17404,7 +17413,7 @@ index 6274f5f..3d36291 100644 je 1f SWAPGS /* -@@ -355,9 +630,10 @@ ENTRY(save_rest) +@@ -355,9 +639,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -17416,7 +17425,7 @@ index 6274f5f..3d36291 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +662,10 @@ ENTRY(save_paranoid) +@@ -386,9 +671,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -17429,7 +17438,7 @@ index 6274f5f..3d36291 100644 .popsection /* -@@ -410,7 +687,7 @@ ENTRY(ret_from_fork) +@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -17438,7 +17447,7 @@ index 6274f5f..3d36291 100644 je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +697,7 @@ ENTRY(ret_from_fork) +@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -17447,7 +17456,7 @@ index 6274f5f..3d36291 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +733,7 @@ END(ret_from_fork) +@@ -456,7 +742,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -17456,7 +17465,7 @@ index 6274f5f..3d36291 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,12 +746,18 @@ ENTRY(system_call_after_swapgs) +@@ -469,12 +755,18 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -17476,7 +17485,7 @@ index 6274f5f..3d36291 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -484,7 +767,7 @@ ENTRY(system_call_after_swapgs) +@@ -484,7 +776,7 @@ ENTRY(system_call_after_swapgs) system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -17485,7 +17494,7 @@ index 6274f5f..3d36291 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -503,6 +786,8 @@ sysret_check: +@@ -503,6 +795,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -17494,7 +17503,7 @@ index 6274f5f..3d36291 100644 /* * sysretq will re-enable interrupts: */ -@@ -554,14 +839,18 @@ badsys: +@@ -554,14 +848,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -17514,7 +17523,7 @@ index 6274f5f..3d36291 100644 jmp system_call_fastpath /* -@@ -591,16 +880,20 @@ tracesys: +@@ -591,16 +889,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -17536,7 +17545,7 @@ index 6274f5f..3d36291 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -612,7 +905,7 @@ tracesys: +@@ -612,7 +914,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -17545,7 +17554,7 @@ index 6274f5f..3d36291 100644 je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -623,7 +916,9 @@ GLOBAL(int_with_check) +@@ -623,7 +925,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -17556,7 +17565,7 @@ index 6274f5f..3d36291 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -669,7 +964,7 @@ int_restore_rest: +@@ -669,7 +973,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -17565,7 +17574,7 @@ index 6274f5f..3d36291 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -685,7 +980,7 @@ ENTRY(\label) +@@ -685,7 +989,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -17574,7 +17583,7 @@ index 6274f5f..3d36291 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -703,9 +998,10 @@ ENTRY(ptregscall_common) +@@ -703,9 +1007,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -17586,7 +17595,7 @@ index 6274f5f..3d36291 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -720,7 +1016,7 @@ ENTRY(stub_execve) +@@ -720,7 +1025,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17595,7 +17604,7 @@ index 6274f5f..3d36291 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -738,7 +1034,7 @@ ENTRY(stub_rt_sigreturn) +@@ -738,7 +1043,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17604,7 +17613,7 @@ index 6274f5f..3d36291 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -773,7 +1069,7 @@ vector=vector+1 +@@ -773,7 +1078,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -17613,7 +17622,7 @@ index 6274f5f..3d36291 100644 .previous END(interrupt) -@@ -793,6 +1089,16 @@ END(interrupt) +@@ -793,6 +1098,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -17630,7 +17639,7 @@ index 6274f5f..3d36291 100644 call \func .endm -@@ -824,7 +1130,7 @@ ret_from_intr: +@@ -824,7 +1139,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -17639,7 +17648,7 @@ index 6274f5f..3d36291 100644 je retint_kernel /* Interrupt came from user space */ -@@ -846,12 +1152,16 @@ retint_swapgs: /* return to user-space */ +@@ -846,12 +1161,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -17656,7 +17665,7 @@ index 6274f5f..3d36291 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1250,7 @@ ENTRY(retint_kernel) +@@ -940,7 +1259,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -17665,7 +17674,7 @@ index 6274f5f..3d36291 100644 /* * End of kprobes section */ -@@ -956,7 +1266,7 @@ ENTRY(\sym) +@@ -956,7 +1275,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -17674,7 +17683,7 @@ index 6274f5f..3d36291 100644 .endm #ifdef CONFIG_SMP -@@ -1021,12 +1331,22 @@ ENTRY(\sym) +@@ -1021,12 +1340,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17698,7 +17707,7 @@ index 6274f5f..3d36291 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1038,15 +1358,25 @@ ENTRY(\sym) +@@ -1038,15 +1367,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17726,7 +17735,7 @@ index 6274f5f..3d36291 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1056,14 +1386,30 @@ ENTRY(\sym) +@@ -1056,14 +1395,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17758,7 +17767,7 @@ index 6274f5f..3d36291 100644 .endm .macro errorentry sym do_sym -@@ -1074,13 +1420,23 @@ ENTRY(\sym) +@@ -1074,13 +1429,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17783,7 +17792,7 @@ index 6274f5f..3d36291 100644 .endm /* error code is on the stack already */ -@@ -1093,13 +1449,23 @@ ENTRY(\sym) +@@ -1093,13 +1458,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -17808,7 +17817,7 @@ index 6274f5f..3d36291 100644 .endm zeroentry divide_error do_divide_error -@@ -1129,9 +1495,10 @@ gs_change: +@@ -1129,9 +1504,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -17820,7 +17829,7 @@ index 6274f5f..3d36291 100644 .section __ex_table,"a" .align 8 -@@ -1153,13 +1520,14 @@ ENTRY(kernel_thread_helper) +@@ -1153,13 +1529,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -17836,7 +17845,7 @@ index 6274f5f..3d36291 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1186,11 +1554,11 @@ ENTRY(kernel_execve) +@@ -1186,11 +1563,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -17850,7 +17859,7 @@ index 6274f5f..3d36291 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1208,9 +1576,10 @@ ENTRY(call_softirq) +@@ -1208,9 +1585,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -17862,7 +17871,7 @@ index 6274f5f..3d36291 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1248,7 +1617,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1248,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -17871,7 +17880,7 @@ index 6274f5f..3d36291 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1307,7 +1676,7 @@ ENTRY(xen_failsafe_callback) +@@ -1307,7 +1685,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -17880,7 +17889,7 @@ index 6274f5f..3d36291 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1356,16 +1725,31 @@ ENTRY(paranoid_exit) +@@ -1356,16 +1734,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -17913,7 +17922,7 @@ index 6274f5f..3d36291 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1394,7 +1778,7 @@ paranoid_schedule: +@@ -1394,7 +1787,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -17922,7 +17931,7 @@ index 6274f5f..3d36291 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1421,12 +1805,13 @@ ENTRY(error_entry) +@@ -1421,12 +1814,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -17937,7 +17946,7 @@ index 6274f5f..3d36291 100644 ret /* -@@ -1453,7 +1838,7 @@ bstep_iret: +@@ -1453,7 +1847,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -17946,7 +17955,7 @@ index 6274f5f..3d36291 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1473,7 +1858,7 @@ ENTRY(error_exit) +@@ -1473,7 +1867,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -17955,7 +17964,7 @@ index 6274f5f..3d36291 100644 /* runs on exception stack */ -@@ -1485,6 +1870,16 @@ ENTRY(nmi) +@@ -1485,6 +1879,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 @@ -17972,7 +17981,7 @@ index 6274f5f..3d36291 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,12 +1890,28 @@ ENTRY(nmi) +@@ -1495,12 +1899,28 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -18002,7 +18011,7 @@ index 6274f5f..3d36291 100644 jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1529,14 +1940,14 @@ nmi_schedule: +@@ -1529,14 +1949,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -18878,9 +18887,18 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c -index 6104852..567e2fb 100644 +index 6104852..47826ae 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c +@@ -111,7 +111,7 @@ static int i8259A_irq_pending(unsigned int irq) + static void make_8259A_irq(unsigned int irq) + { + disable_irq_nosync(irq); +- io_apic_irqs &= ~(1<<irq); ++ io_apic_irqs &= ~(1UL<<irq); + irq_set_chip_and_handler_name(irq, &i8259A_chip, handle_level_irq, + i8259A_chip.name); + enable_irq(irq); @@ -210,7 +210,7 @@ spurious_8259A_irq: "spurious 8259A interrupt: IRQ%d.\n", irq); spurious_irq_mask |= irqmask; @@ -19987,6 +20005,19 @@ index 84c938f..09fb3e0 100644 }; EXPORT_SYMBOL_GPL(pv_time_ops); +diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c +index 726494b..5d942a3 100644 +--- a/arch/x86/kernel/pci-calgary_64.c ++++ b/arch/x86/kernel/pci-calgary_64.c +@@ -1341,7 +1341,7 @@ static void __init get_tce_space_from_tar(void) + tce_space = be64_to_cpu(readq(target)); + tce_space = tce_space & TAR_SW_BITS; + +- tce_space = tce_space & (~specified_table_size); ++ tce_space = tce_space & (~(unsigned long)specified_table_size); + info->tce_space = (u64 *)__va(tce_space); + } + } diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c index 35ccf75..7a15747 100644 --- a/arch/x86/kernel/pci-iommu_table.c @@ -22243,9 +22274,24 @@ index 94a4672..5c6b853 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 407789b..5570a86 100644 +index 407789b..8bde3e2 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c +@@ -1099,12 +1099,12 @@ static void vmcs_write64(unsigned long field, u64 value) + #endif + } + +-static void vmcs_clear_bits(unsigned long field, u32 mask) ++static void vmcs_clear_bits(unsigned long field, unsigned long mask) + { + vmcs_writel(field, vmcs_readl(field) & ~mask); + } + +-static void vmcs_set_bits(unsigned long field, u32 mask) ++static void vmcs_set_bits(unsigned long field, unsigned long mask) + { + vmcs_writel(field, vmcs_readl(field) | mask); + } @@ -1305,7 +1305,11 @@ static void reload_tss(void) struct desc_struct *descs; @@ -31868,6 +31914,19 @@ index a365562..933bbbd 100644 set_fs(old_fs); if (likely(bw == len)) return 0; +diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c +index a63b0a2..30228d1 100644 +--- a/drivers/block/pktcdvd.c ++++ b/drivers/block/pktcdvd.c +@@ -83,7 +83,7 @@ + + #define MAX_SPEED 0xffff + +-#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1)) ++#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL)) + + static DEFINE_MUTEX(pktcdvd_mutex); + static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index 2678b6f..374ae19 100644 --- a/drivers/cdrom/cdrom.c @@ -48309,11 +48368,32 @@ index dede441..f2a2507 100644 parent_start = 0; WARN_ON(trans->transid != btrfs_header_generation(parent)); +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c +index 8d4d53d..d0dec4c 100644 +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -5642,7 +5642,7 @@ again: + + if (ret == -ENOSPC && num_bytes > min_alloc_size) { + num_bytes = num_bytes >> 1; +- num_bytes = num_bytes & ~(root->sectorsize - 1); ++ num_bytes = num_bytes & ~((u64)root->sectorsize - 1); + num_bytes = max(num_bytes, min_alloc_size); + do_chunk_alloc(trans, root->fs_info->extent_root, + num_bytes, data, CHUNK_ALLOC_FORCE); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 1372634..f1db831 100644 +index 1372634..3960bb0 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -6909,7 +6909,7 @@ fail: +@@ -17,6 +17,7 @@ + */ + + #include <linux/kernel.h> ++#include <linux/module.h> + #include <linux/bio.h> + #include <linux/buffer_head.h> + #include <linux/file.h> +@@ -6909,7 +6910,7 @@ fail: return -ENOMEM; } @@ -48322,7 +48402,7 @@ index 1372634..f1db831 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -6923,6 +6923,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -6923,6 +6924,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -53509,6 +53589,23 @@ index 24afa96..a92d930 100644 int nops; }; +diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c +index 2cbac34..6dc3889 100644 +--- a/fs/nfsd/nfscache.c ++++ b/fs/nfsd/nfscache.c +@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + if (!(rp = rqstp->rq_cacherep) || cache_disabled) + return; + +- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); +- len >>= 2; ++ if (statp) { ++ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); ++ len >>= 2; ++ } + + /* Don't cache excessive amounts of data and XDR failures */ + if (!statp || len > (256 >> 2)) { diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c index c45a2ea..1a6bd66 100644 --- a/fs/nfsd/nfsctl.c @@ -79225,9 +79322,18 @@ index 6fdc629..55739fe 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 17edb14..a73e6fc 100644 +index 17edb14..8cc9713 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c +@@ -2645,7 +2645,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) + return 0; + } + +-int set_tracer_flag(unsigned int mask, int enabled) ++int set_tracer_flag(unsigned long mask, int enabled) + { + /* do nothing if flag is already set */ + if (!!(trace_flags & mask) == !!enabled) @@ -4236,10 +4236,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -79252,6 +79358,19 @@ index 17edb14..a73e6fc 100644 static int once; struct dentry *d_tracer; +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h +index c3c3f6b..7d8dbdc 100644 +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -820,7 +820,7 @@ extern const char *__start___trace_bprintk_fmt[]; + extern const char *__stop___trace_bprintk_fmt[]; + + int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); +-int set_tracer_flag(unsigned int mask, int enabled); ++int set_tracer_flag(unsigned long mask, int enabled); + + #undef FTRACE_ENTRY + #define FTRACE_ENTRY(call, struct_name, id, tstruct, print) \ diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index c212a7f..a2560bc 100644 --- a/kernel/trace/trace_events.c @@ -102872,10 +102991,10 @@ index 0000000..ac2901e +} diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c new file mode 100644 -index 0000000..41770fc +index 0000000..b07fe22 --- /dev/null +++ b/tools/gcc/structleak_plugin.c -@@ -0,0 +1,272 @@ +@@ -0,0 +1,276 @@ +/* + * Copyright 2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -103010,6 +103129,7 @@ index 0000000..41770fc + gimple init_stmt; + + // this is the original entry bb before the forced split ++ // TODO: check further BBs in case more splits occured before us + bb = ENTRY_BLOCK_PTR->next_bb->next_bb; + + // first check if the variable is already initialized, warn otherwise @@ -103033,6 +103153,9 @@ index 0000000..41770fc + return; + } + ++ // these aren't the 0days you're looking for ++// inform(DECL_SOURCE_LOCATION(var), "userspace variable will be forcibly initialized"); ++ + // build the initializer expression + initializer = build_constructor(TREE_TYPE(var), NULL); + diff --git a/3.8.10/1008_linux-3.8.9.patch b/3.8.10/1008_linux-3.8.9.patch deleted file mode 100644 index 6162889..0000000 --- a/3.8.10/1008_linux-3.8.9.patch +++ /dev/null @@ -1,1649 +0,0 @@ -diff --git a/Makefile b/Makefile -index 7684f95..3ae4796 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 8 --SUBLEVEL = 8 -+SUBLEVEL = 9 - EXTRAVERSION = - NAME = Displaced Humerus Anterior - -diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c -index f9e8657..23fa6a2 100644 ---- a/arch/arm/kernel/perf_event.c -+++ b/arch/arm/kernel/perf_event.c -@@ -261,7 +261,10 @@ validate_event(struct pmu_hw_events *hw_events, - struct arm_pmu *armpmu = to_arm_pmu(event->pmu); - struct pmu *leader_pmu = event->group_leader->pmu; - -- if (event->pmu != leader_pmu || event->state <= PERF_EVENT_STATE_OFF) -+ if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF) -+ return 1; -+ -+ if (event->state == PERF_EVENT_STATE_OFF && !event->attr.enable_on_exec) - return 1; - - return armpmu->get_event_idx(hw_events, event) >= 0; -diff --git a/arch/arm/mach-imx/clk-imx35.c b/arch/arm/mach-imx/clk-imx35.c -index 0edce4b..5e3ca7a 100644 ---- a/arch/arm/mach-imx/clk-imx35.c -+++ b/arch/arm/mach-imx/clk-imx35.c -@@ -265,6 +265,8 @@ int __init mx35_clocks_init() - clk_prepare_enable(clk[gpio3_gate]); - clk_prepare_enable(clk[iim_gate]); - clk_prepare_enable(clk[emi_gate]); -+ clk_prepare_enable(clk[max_gate]); -+ clk_prepare_enable(clk[iomuxc_gate]); - - /* - * SCC is needed to boot via mmc after a watchdog reset. The clock code -diff --git a/arch/arm/mm/cache-feroceon-l2.c b/arch/arm/mm/cache-feroceon-l2.c -index dd3d591..48bc3c0 100644 ---- a/arch/arm/mm/cache-feroceon-l2.c -+++ b/arch/arm/mm/cache-feroceon-l2.c -@@ -343,6 +343,7 @@ void __init feroceon_l2_init(int __l2_wt_override) - outer_cache.inv_range = feroceon_l2_inv_range; - outer_cache.clean_range = feroceon_l2_clean_range; - outer_cache.flush_range = feroceon_l2_flush_range; -+ outer_cache.inv_all = l2_inv_all; - - enable_l2(); - -diff --git a/arch/arm/mm/proc-arm920.S b/arch/arm/mm/proc-arm920.S -index 2c3b942..2556cf1 100644 ---- a/arch/arm/mm/proc-arm920.S -+++ b/arch/arm/mm/proc-arm920.S -@@ -387,7 +387,7 @@ ENTRY(cpu_arm920_set_pte_ext) - /* Suspend/resume support: taken from arch/arm/plat-s3c24xx/sleep.S */ - .globl cpu_arm920_suspend_size - .equ cpu_arm920_suspend_size, 4 * 3 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_arm920_do_suspend) - stmfd sp!, {r4 - r6, lr} - mrc p15, 0, r4, c13, c0, 0 @ PID -diff --git a/arch/arm/mm/proc-arm926.S b/arch/arm/mm/proc-arm926.S -index f1803f7e..344c8a5 100644 ---- a/arch/arm/mm/proc-arm926.S -+++ b/arch/arm/mm/proc-arm926.S -@@ -402,7 +402,7 @@ ENTRY(cpu_arm926_set_pte_ext) - /* Suspend/resume support: taken from arch/arm/plat-s3c24xx/sleep.S */ - .globl cpu_arm926_suspend_size - .equ cpu_arm926_suspend_size, 4 * 3 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_arm926_do_suspend) - stmfd sp!, {r4 - r6, lr} - mrc p15, 0, r4, c13, c0, 0 @ PID -diff --git a/arch/arm/mm/proc-mohawk.S b/arch/arm/mm/proc-mohawk.S -index 82f9cdc..0b60dd3 100644 ---- a/arch/arm/mm/proc-mohawk.S -+++ b/arch/arm/mm/proc-mohawk.S -@@ -350,7 +350,7 @@ ENTRY(cpu_mohawk_set_pte_ext) - - .globl cpu_mohawk_suspend_size - .equ cpu_mohawk_suspend_size, 4 * 6 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_mohawk_do_suspend) - stmfd sp!, {r4 - r9, lr} - mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode -diff --git a/arch/arm/mm/proc-sa1100.S b/arch/arm/mm/proc-sa1100.S -index 3aa0da1..d92dfd0 100644 ---- a/arch/arm/mm/proc-sa1100.S -+++ b/arch/arm/mm/proc-sa1100.S -@@ -172,7 +172,7 @@ ENTRY(cpu_sa1100_set_pte_ext) - - .globl cpu_sa1100_suspend_size - .equ cpu_sa1100_suspend_size, 4 * 3 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_sa1100_do_suspend) - stmfd sp!, {r4 - r6, lr} - mrc p15, 0, r4, c3, c0, 0 @ domain ID -diff --git a/arch/arm/mm/proc-v6.S b/arch/arm/mm/proc-v6.S -index 09c5233..d222215 100644 ---- a/arch/arm/mm/proc-v6.S -+++ b/arch/arm/mm/proc-v6.S -@@ -138,7 +138,7 @@ ENTRY(cpu_v6_set_pte_ext) - /* Suspend/resume support: taken from arch/arm/mach-s3c64xx/sleep.S */ - .globl cpu_v6_suspend_size - .equ cpu_v6_suspend_size, 4 * 6 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_v6_do_suspend) - stmfd sp!, {r4 - r9, lr} - mrc p15, 0, r4, c13, c0, 0 @ FCSE/PID -diff --git a/arch/arm/mm/proc-xsc3.S b/arch/arm/mm/proc-xsc3.S -index eb93d64..e8efd83 100644 ---- a/arch/arm/mm/proc-xsc3.S -+++ b/arch/arm/mm/proc-xsc3.S -@@ -413,7 +413,7 @@ ENTRY(cpu_xsc3_set_pte_ext) - - .globl cpu_xsc3_suspend_size - .equ cpu_xsc3_suspend_size, 4 * 6 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_xsc3_do_suspend) - stmfd sp!, {r4 - r9, lr} - mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode -diff --git a/arch/arm/mm/proc-xscale.S b/arch/arm/mm/proc-xscale.S -index 2551036..e766f88 100644 ---- a/arch/arm/mm/proc-xscale.S -+++ b/arch/arm/mm/proc-xscale.S -@@ -528,7 +528,7 @@ ENTRY(cpu_xscale_set_pte_ext) - - .globl cpu_xscale_suspend_size - .equ cpu_xscale_suspend_size, 4 * 6 --#ifdef CONFIG_PM_SLEEP -+#ifdef CONFIG_ARM_CPU_SUSPEND - ENTRY(cpu_xscale_do_suspend) - stmfd sp!, {r4 - r9, lr} - mrc p14, 0, r4, c6, c0, 0 @ clock configuration, for turbo mode -diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index dbaec94..21bff32 100644 ---- a/arch/mips/include/asm/page.h -+++ b/arch/mips/include/asm/page.h -@@ -31,7 +31,7 @@ - #define PAGE_SHIFT 16 - #endif - #define PAGE_SIZE (_AC(1,UL) << PAGE_SHIFT) --#define PAGE_MASK (~(PAGE_SIZE - 1)) -+#define PAGE_MASK (~((1 << PAGE_SHIFT) - 1)) - - #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT - #define HPAGE_SHIFT (PAGE_SHIFT + PAGE_SHIFT - 3) -diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S -index 3d990d3..e0822a3 100644 ---- a/arch/powerpc/kernel/entry_64.S -+++ b/arch/powerpc/kernel/entry_64.S -@@ -634,7 +634,7 @@ resume_kernel: - /* Clear _TIF_EMULATE_STACK_STORE flag */ - lis r11,_TIF_EMULATE_STACK_STORE@h - addi r5,r9,TI_FLAGS -- ldarx r4,0,r5 -+0: ldarx r4,0,r5 - andc r4,r4,r11 - stdcx. r4,0,r5 - bne- 0b -diff --git a/arch/powerpc/kvm/e500mc.c b/arch/powerpc/kvm/e500mc.c -index 1f89d26..2f4baa0 100644 ---- a/arch/powerpc/kvm/e500mc.c -+++ b/arch/powerpc/kvm/e500mc.c -@@ -108,6 +108,8 @@ void kvmppc_mmu_msr_notify(struct kvm_vcpu *vcpu, u32 old_msr) - { - } - -+static DEFINE_PER_CPU(struct kvm_vcpu *, last_vcpu_on_cpu); -+ - void kvmppc_core_vcpu_load(struct kvm_vcpu *vcpu, int cpu) - { - struct kvmppc_vcpu_e500 *vcpu_e500 = to_e500(vcpu); -@@ -136,8 +138,11 @@ void kvmppc_core_vcpu_load(struct kvm_vcpu *vcpu, int cpu) - mtspr(SPRN_GDEAR, vcpu->arch.shared->dar); - mtspr(SPRN_GESR, vcpu->arch.shared->esr); - -- if (vcpu->arch.oldpir != mfspr(SPRN_PIR)) -+ if (vcpu->arch.oldpir != mfspr(SPRN_PIR) || -+ __get_cpu_var(last_vcpu_on_cpu) != vcpu) { - kvmppc_e500_tlbil_all(vcpu_e500); -+ __get_cpu_var(last_vcpu_on_cpu) = vcpu; -+ } - - kvmppc_load_guest_fp(vcpu); - } -diff --git a/arch/s390/include/asm/io.h b/arch/s390/include/asm/io.h -index 27cb321..379d96e 100644 ---- a/arch/s390/include/asm/io.h -+++ b/arch/s390/include/asm/io.h -@@ -50,10 +50,6 @@ void unxlate_dev_mem_ptr(unsigned long phys, void *addr); - #define ioremap_nocache(addr, size) ioremap(addr, size) - #define ioremap_wc ioremap_nocache - --/* TODO: s390 cannot support io_remap_pfn_range... */ --#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) \ -- remap_pfn_range(vma, vaddr, pfn, size, prot) -- - static inline void __iomem *ioremap(unsigned long offset, unsigned long size) - { - return (void __iomem *) offset; -diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h -index 098adbb..1532d7f 100644 ---- a/arch/s390/include/asm/pgtable.h -+++ b/arch/s390/include/asm/pgtable.h -@@ -56,6 +56,10 @@ extern unsigned long zero_page_mask; - (((unsigned long)(vaddr)) &zero_page_mask)))) - #define __HAVE_COLOR_ZERO_PAGE - -+/* TODO: s390 cannot support io_remap_pfn_range... */ -+#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) \ -+ remap_pfn_range(vma, vaddr, pfn, size, prot) -+ - #endif /* !__ASSEMBLY__ */ - - /* -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index dc87b65..85039f9 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -419,8 +419,8 @@ struct kvm_vcpu_arch { - gpa_t time; - struct pvclock_vcpu_time_info hv_clock; - unsigned int hw_tsc_khz; -- unsigned int time_offset; -- struct page *time_page; -+ struct gfn_to_hva_cache pv_time; -+ bool pv_time_enabled; - /* set guest stopped flag in pvclock flags field */ - bool pvclock_set_guest_stopped_request; - -diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 4914e94..70602f8 100644 ---- a/arch/x86/kernel/cpu/perf_event_intel.c -+++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -128,8 +128,14 @@ static struct event_constraint intel_gen_event_constraints[] __read_mostly = - }; - - static struct extra_reg intel_snb_extra_regs[] __read_mostly = { -- INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffffffffull, RSP_0), -- INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffffffffull, RSP_1), -+ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3f807f8fffull, RSP_0), -+ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3f807f8fffull, RSP_1), -+ EVENT_EXTRA_END -+}; -+ -+static struct extra_reg intel_snbep_extra_regs[] __read_mostly = { -+ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffff8fffull, RSP_0), -+ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffff8fffull, RSP_1), - EVENT_EXTRA_END - }; - -@@ -2072,7 +2078,10 @@ __init int intel_pmu_init(void) - x86_pmu.event_constraints = intel_snb_event_constraints; - x86_pmu.pebs_constraints = intel_snb_pebs_event_constraints; - x86_pmu.pebs_aliases = intel_pebs_aliases_snb; -- x86_pmu.extra_regs = intel_snb_extra_regs; -+ if (boot_cpu_data.x86_model == 45) -+ x86_pmu.extra_regs = intel_snbep_extra_regs; -+ else -+ x86_pmu.extra_regs = intel_snb_extra_regs; - /* all extra regs are per-cpu when HT is on */ - x86_pmu.er_flags |= ERF_HAS_RSP_1; - x86_pmu.er_flags |= ERF_NO_HT_SHARING; -@@ -2098,7 +2107,10 @@ __init int intel_pmu_init(void) - x86_pmu.event_constraints = intel_snb_event_constraints; - x86_pmu.pebs_constraints = intel_ivb_pebs_event_constraints; - x86_pmu.pebs_aliases = intel_pebs_aliases_snb; -- x86_pmu.extra_regs = intel_snb_extra_regs; -+ if (boot_cpu_data.x86_model == 62) -+ x86_pmu.extra_regs = intel_snbep_extra_regs; -+ else -+ x86_pmu.extra_regs = intel_snb_extra_regs; - /* all extra regs are per-cpu when HT is on */ - x86_pmu.er_flags |= ERF_HAS_RSP_1; - x86_pmu.er_flags |= ERF_NO_HT_SHARING; -diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 9392f52..a2f492c 100644 ---- a/arch/x86/kvm/lapic.c -+++ b/arch/x86/kvm/lapic.c -@@ -1781,7 +1781,7 @@ int kvm_lapic_enable_pv_eoi(struct kvm_vcpu *vcpu, u64 data) - if (!pv_eoi_enabled(vcpu)) - return 0; - return kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.pv_eoi.data, -- addr); -+ addr, sizeof(u8)); - } - - void kvm_lapic_init(void) -diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index c243b81..9a51121 100644 ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -1408,10 +1408,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v) - unsigned long flags, this_tsc_khz; - struct kvm_vcpu_arch *vcpu = &v->arch; - struct kvm_arch *ka = &v->kvm->arch; -- void *shared_kaddr; - s64 kernel_ns, max_kernel_ns; - u64 tsc_timestamp, host_tsc; -- struct pvclock_vcpu_time_info *guest_hv_clock; -+ struct pvclock_vcpu_time_info guest_hv_clock; - u8 pvclock_flags; - bool use_master_clock; - -@@ -1465,7 +1464,7 @@ static int kvm_guest_time_update(struct kvm_vcpu *v) - - local_irq_restore(flags); - -- if (!vcpu->time_page) -+ if (!vcpu->pv_time_enabled) - return 0; - - /* -@@ -1527,12 +1526,12 @@ static int kvm_guest_time_update(struct kvm_vcpu *v) - */ - vcpu->hv_clock.version += 2; - -- shared_kaddr = kmap_atomic(vcpu->time_page); -- -- guest_hv_clock = shared_kaddr + vcpu->time_offset; -+ if (unlikely(kvm_read_guest_cached(v->kvm, &vcpu->pv_time, -+ &guest_hv_clock, sizeof(guest_hv_clock)))) -+ return 0; - - /* retain PVCLOCK_GUEST_STOPPED if set in guest copy */ -- pvclock_flags = (guest_hv_clock->flags & PVCLOCK_GUEST_STOPPED); -+ pvclock_flags = (guest_hv_clock.flags & PVCLOCK_GUEST_STOPPED); - - if (vcpu->pvclock_set_guest_stopped_request) { - pvclock_flags |= PVCLOCK_GUEST_STOPPED; -@@ -1545,12 +1544,9 @@ static int kvm_guest_time_update(struct kvm_vcpu *v) - - vcpu->hv_clock.flags = pvclock_flags; - -- memcpy(shared_kaddr + vcpu->time_offset, &vcpu->hv_clock, -- sizeof(vcpu->hv_clock)); -- -- kunmap_atomic(shared_kaddr); -- -- mark_page_dirty(v->kvm, vcpu->time >> PAGE_SHIFT); -+ kvm_write_guest_cached(v->kvm, &vcpu->pv_time, -+ &vcpu->hv_clock, -+ sizeof(vcpu->hv_clock)); - return 0; - } - -@@ -1829,7 +1825,8 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data) - return 0; - } - -- if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa)) -+ if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.apf.data, gpa, -+ sizeof(u32))) - return 1; - - vcpu->arch.apf.send_user_only = !(data & KVM_ASYNC_PF_SEND_ALWAYS); -@@ -1839,10 +1836,7 @@ static int kvm_pv_enable_async_pf(struct kvm_vcpu *vcpu, u64 data) - - static void kvmclock_reset(struct kvm_vcpu *vcpu) - { -- if (vcpu->arch.time_page) { -- kvm_release_page_dirty(vcpu->arch.time_page); -- vcpu->arch.time_page = NULL; -- } -+ vcpu->arch.pv_time_enabled = false; - } - - static void accumulate_steal_time(struct kvm_vcpu *vcpu) -@@ -1948,6 +1942,7 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) - break; - case MSR_KVM_SYSTEM_TIME_NEW: - case MSR_KVM_SYSTEM_TIME: { -+ u64 gpa_offset; - kvmclock_reset(vcpu); - - vcpu->arch.time = data; -@@ -1957,14 +1952,14 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) - if (!(data & 1)) - break; - -- /* ...but clean it before doing the actual write */ -- vcpu->arch.time_offset = data & ~(PAGE_MASK | 1); -- -- vcpu->arch.time_page = -- gfn_to_page(vcpu->kvm, data >> PAGE_SHIFT); -+ gpa_offset = data & ~(PAGE_MASK | 1); - -- if (is_error_page(vcpu->arch.time_page)) -- vcpu->arch.time_page = NULL; -+ if (kvm_gfn_to_hva_cache_init(vcpu->kvm, -+ &vcpu->arch.pv_time, data & ~1ULL, -+ sizeof(struct pvclock_vcpu_time_info))) -+ vcpu->arch.pv_time_enabled = false; -+ else -+ vcpu->arch.pv_time_enabled = true; - - break; - } -@@ -1981,7 +1976,8 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) - return 1; - - if (kvm_gfn_to_hva_cache_init(vcpu->kvm, &vcpu->arch.st.stime, -- data & KVM_STEAL_VALID_BITS)) -+ data & KVM_STEAL_VALID_BITS, -+ sizeof(struct kvm_steal_time))) - return 1; - - vcpu->arch.st.msr_val = data; -@@ -2967,7 +2963,7 @@ static int kvm_vcpu_ioctl_x86_set_xcrs(struct kvm_vcpu *vcpu, - */ - static int kvm_set_guest_paused(struct kvm_vcpu *vcpu) - { -- if (!vcpu->arch.time_page) -+ if (!vcpu->arch.pv_time_enabled) - return -EINVAL; - vcpu->arch.pvclock_set_guest_stopped_request = true; - kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu); -@@ -6661,6 +6657,7 @@ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu) - goto fail_free_wbinvd_dirty_mask; - - vcpu->arch.ia32_tsc_adjust_msr = 0x0; -+ vcpu->arch.pv_time_enabled = false; - kvm_async_pf_hash_reset(vcpu); - kvm_pmu_init(vcpu); - -diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c -index ef5356c..0262210 100644 ---- a/crypto/algif_hash.c -+++ b/crypto/algif_hash.c -@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock, - else if (len < ds) - msg->msg_flags |= MSG_TRUNC; - -+ msg->msg_namelen = 0; -+ - lock_sock(sk); - if (ctx->more) { - ctx->more = 0; -diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c -index 6a6dfc0..a1c4f0a 100644 ---- a/crypto/algif_skcipher.c -+++ b/crypto/algif_skcipher.c -@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, - long copied = 0; - - lock_sock(sk); -+ msg->msg_namelen = 0; - for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; - iovlen--, iov++) { - unsigned long seglen = iov->iov_len; -diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index fe6d4be..615d262 100644 ---- a/drivers/char/hpet.c -+++ b/drivers/char/hpet.c -@@ -373,26 +373,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma) - struct hpet_dev *devp; - unsigned long addr; - -- if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff) -- return -EINVAL; -- - devp = file->private_data; - addr = devp->hd_hpets->hp_hpet_phys; - - if (addr & (PAGE_SIZE - 1)) - return -ENOSYS; - -- vma->vm_flags |= VM_IO; - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); -- -- if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT, -- PAGE_SIZE, vma->vm_page_prot)) { -- printk(KERN_ERR "%s: io_remap_pfn_range failed\n", -- __func__); -- return -EAGAIN; -- } -- -- return 0; -+ return vm_iomap_memory(vma, addr, PAGE_SIZE); - #else - return -ENOSYS; - #endif -diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 75b1f89..fd86b37 100644 ---- a/drivers/md/raid1.c -+++ b/drivers/md/raid1.c -@@ -1001,6 +1001,7 @@ static void make_request(struct mddev *mddev, struct bio * bio) - const unsigned long do_flush_fua = (bio->bi_rw & (REQ_FLUSH | REQ_FUA)); - const unsigned long do_discard = (bio->bi_rw - & (REQ_DISCARD | REQ_SECURE)); -+ const unsigned long do_same = (bio->bi_rw & REQ_WRITE_SAME); - struct md_rdev *blocked_rdev; - struct blk_plug_cb *cb; - struct raid1_plug_cb *plug = NULL; -@@ -1302,7 +1303,8 @@ read_again: - conf->mirrors[i].rdev->data_offset); - mbio->bi_bdev = conf->mirrors[i].rdev->bdev; - mbio->bi_end_io = raid1_end_write_request; -- mbio->bi_rw = WRITE | do_flush_fua | do_sync | do_discard; -+ mbio->bi_rw = -+ WRITE | do_flush_fua | do_sync | do_discard | do_same; - mbio->bi_private = r1_bio; - - atomic_inc(&r1_bio->remaining); -@@ -2819,6 +2821,9 @@ static int run(struct mddev *mddev) - if (IS_ERR(conf)) - return PTR_ERR(conf); - -+ if (mddev->queue) -+ blk_queue_max_write_same_sectors(mddev->queue, -+ mddev->chunk_sectors); - rdev_for_each(rdev, mddev) { - if (!mddev->gendisk) - continue; -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 8d925dc..b3898d4 100644 ---- a/drivers/md/raid10.c -+++ b/drivers/md/raid10.c -@@ -1106,6 +1106,7 @@ static void make_request(struct mddev *mddev, struct bio * bio) - const unsigned long do_fua = (bio->bi_rw & REQ_FUA); - const unsigned long do_discard = (bio->bi_rw - & (REQ_DISCARD | REQ_SECURE)); -+ const unsigned long do_same = (bio->bi_rw & REQ_WRITE_SAME); - unsigned long flags; - struct md_rdev *blocked_rdev; - struct blk_plug_cb *cb; -@@ -1461,7 +1462,8 @@ retry_write: - rdev)); - mbio->bi_bdev = rdev->bdev; - mbio->bi_end_io = raid10_end_write_request; -- mbio->bi_rw = WRITE | do_sync | do_fua | do_discard; -+ mbio->bi_rw = -+ WRITE | do_sync | do_fua | do_discard | do_same; - mbio->bi_private = r10_bio; - - atomic_inc(&r10_bio->remaining); -@@ -1503,7 +1505,8 @@ retry_write: - r10_bio, rdev)); - mbio->bi_bdev = rdev->bdev; - mbio->bi_end_io = raid10_end_write_request; -- mbio->bi_rw = WRITE | do_sync | do_fua | do_discard; -+ mbio->bi_rw = -+ WRITE | do_sync | do_fua | do_discard | do_same; - mbio->bi_private = r10_bio; - - atomic_inc(&r10_bio->remaining); -@@ -3570,6 +3573,8 @@ static int run(struct mddev *mddev) - if (mddev->queue) { - blk_queue_max_discard_sectors(mddev->queue, - mddev->chunk_sectors); -+ blk_queue_max_write_same_sectors(mddev->queue, -+ mddev->chunk_sectors); - blk_queue_io_min(mddev->queue, chunk_size); - if (conf->geo.raid_disks % conf->geo.near_copies) - blk_queue_io_opt(mddev->queue, chunk_size * conf->geo.raid_disks); -diff --git a/drivers/mtd/mtdchar.c b/drivers/mtd/mtdchar.c -index 82c0616..6e3d6dc 100644 ---- a/drivers/mtd/mtdchar.c -+++ b/drivers/mtd/mtdchar.c -@@ -1159,45 +1159,17 @@ static int mtdchar_mmap(struct file *file, struct vm_area_struct *vma) - struct mtd_file_info *mfi = file->private_data; - struct mtd_info *mtd = mfi->mtd; - struct map_info *map = mtd->priv; -- resource_size_t start, off; -- unsigned long len, vma_len; - - /* This is broken because it assumes the MTD device is map-based - and that mtd->priv is a valid struct map_info. It should be - replaced with something that uses the mtd_get_unmapped_area() - operation properly. */ - if (0 /*mtd->type == MTD_RAM || mtd->type == MTD_ROM*/) { -- off = get_vm_offset(vma); -- start = map->phys; -- len = PAGE_ALIGN((start & ~PAGE_MASK) + map->size); -- start &= PAGE_MASK; -- vma_len = get_vm_size(vma); -- -- /* Overflow in off+len? */ -- if (vma_len + off < off) -- return -EINVAL; -- /* Does it fit in the mapping? */ -- if (vma_len + off > len) -- return -EINVAL; -- -- off += start; -- /* Did that overflow? */ -- if (off < start) -- return -EINVAL; -- if (set_vm_offset(vma, off) < 0) -- return -EINVAL; -- vma->vm_flags |= VM_IO | VM_DONTEXPAND | VM_DONTDUMP; -- - #ifdef pgprot_noncached -- if (file->f_flags & O_DSYNC || off >= __pa(high_memory)) -+ if (file->f_flags & O_DSYNC || map->phys >= __pa(high_memory)) - vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); - #endif -- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, -- vma->vm_end - vma->vm_start, -- vma->vm_page_prot)) -- return -EAGAIN; -- -- return 0; -+ return vm_iomap_memory(vma, map->phys, map->size); - } - return -ENOSYS; - #else -diff --git a/drivers/net/can/mcp251x.c b/drivers/net/can/mcp251x.c -index 5eaf47b..42b6d69 100644 ---- a/drivers/net/can/mcp251x.c -+++ b/drivers/net/can/mcp251x.c -@@ -922,6 +922,7 @@ static int mcp251x_open(struct net_device *net) - struct mcp251x_priv *priv = netdev_priv(net); - struct spi_device *spi = priv->spi; - struct mcp251x_platform_data *pdata = spi->dev.platform_data; -+ unsigned long flags; - int ret; - - ret = open_candev(net); -@@ -938,9 +939,14 @@ static int mcp251x_open(struct net_device *net) - priv->tx_skb = NULL; - priv->tx_len = 0; - -+ flags = IRQF_ONESHOT; -+ if (pdata->irq_flags) -+ flags |= pdata->irq_flags; -+ else -+ flags |= IRQF_TRIGGER_FALLING; -+ - ret = request_threaded_irq(spi->irq, NULL, mcp251x_can_ist, -- pdata->irq_flags ? pdata->irq_flags : IRQF_TRIGGER_FALLING, -- DEVICE_NAME, priv); -+ flags, DEVICE_NAME, priv); - if (ret) { - dev_err(&spi->dev, "failed to acquire irq %d\n", spi->irq); - if (pdata->transceiver_enable) -diff --git a/drivers/net/can/sja1000/sja1000_of_platform.c b/drivers/net/can/sja1000/sja1000_of_platform.c -index 6433b81..8e0c4a0 100644 ---- a/drivers/net/can/sja1000/sja1000_of_platform.c -+++ b/drivers/net/can/sja1000/sja1000_of_platform.c -@@ -96,8 +96,8 @@ static int sja1000_ofp_probe(struct platform_device *ofdev) - struct net_device *dev; - struct sja1000_priv *priv; - struct resource res; -- const u32 *prop; -- int err, irq, res_size, prop_size; -+ u32 prop; -+ int err, irq, res_size; - void __iomem *base; - - err = of_address_to_resource(np, 0, &res); -@@ -138,27 +138,27 @@ static int sja1000_ofp_probe(struct platform_device *ofdev) - priv->read_reg = sja1000_ofp_read_reg; - priv->write_reg = sja1000_ofp_write_reg; - -- prop = of_get_property(np, "nxp,external-clock-frequency", &prop_size); -- if (prop && (prop_size == sizeof(u32))) -- priv->can.clock.freq = *prop / 2; -+ err = of_property_read_u32(np, "nxp,external-clock-frequency", &prop); -+ if (!err) -+ priv->can.clock.freq = prop / 2; - else - priv->can.clock.freq = SJA1000_OFP_CAN_CLOCK; /* default */ - -- prop = of_get_property(np, "nxp,tx-output-mode", &prop_size); -- if (prop && (prop_size == sizeof(u32))) -- priv->ocr |= *prop & OCR_MODE_MASK; -+ err = of_property_read_u32(np, "nxp,tx-output-mode", &prop); -+ if (!err) -+ priv->ocr |= prop & OCR_MODE_MASK; - else - priv->ocr |= OCR_MODE_NORMAL; /* default */ - -- prop = of_get_property(np, "nxp,tx-output-config", &prop_size); -- if (prop && (prop_size == sizeof(u32))) -- priv->ocr |= (*prop << OCR_TX_SHIFT) & OCR_TX_MASK; -+ err = of_property_read_u32(np, "nxp,tx-output-config", &prop); -+ if (!err) -+ priv->ocr |= (prop << OCR_TX_SHIFT) & OCR_TX_MASK; - else - priv->ocr |= OCR_TX0_PULLDOWN; /* default */ - -- prop = of_get_property(np, "nxp,clock-out-frequency", &prop_size); -- if (prop && (prop_size == sizeof(u32)) && *prop) { -- u32 divider = priv->can.clock.freq * 2 / *prop; -+ err = of_property_read_u32(np, "nxp,clock-out-frequency", &prop); -+ if (!err && prop) { -+ u32 divider = priv->can.clock.freq * 2 / prop; - - if (divider > 1) - priv->cdr |= divider / 2 - 1; -@@ -168,8 +168,7 @@ static int sja1000_ofp_probe(struct platform_device *ofdev) - priv->cdr |= CDR_CLK_OFF; /* default */ - } - -- prop = of_get_property(np, "nxp,no-comparator-bypass", NULL); -- if (!prop) -+ if (!of_property_read_bool(np, "nxp,no-comparator-bypass")) - priv->cdr |= CDR_CBP; /* default */ - - priv->irq_flags = IRQF_SHARED; -diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c -index 8a5253c..6917998 100644 ---- a/drivers/net/ethernet/broadcom/tg3.c -+++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -330,6 +330,7 @@ static DEFINE_PCI_DEVICE_TABLE(tg3_pci_tbl) = { - {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_5719)}, - {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_5720)}, - {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_57762)}, -+ {PCI_DEVICE(PCI_VENDOR_ID_BROADCOM, TG3PCI_DEVICE_TIGON3_57766)}, - {PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9DXX)}, - {PCI_DEVICE(PCI_VENDOR_ID_SYSKONNECT, PCI_DEVICE_ID_SYSKONNECT_9MXX)}, - {PCI_DEVICE(PCI_VENDOR_ID_ALTIMA, PCI_DEVICE_ID_ALTIMA_AC1000)}, -@@ -9103,7 +9104,14 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy) - } - - if (GET_CHIP_REV(tp->pci_chip_rev_id) != CHIPREV_57765_AX) { -- u32 grc_mode = tr32(GRC_MODE); -+ u32 grc_mode; -+ -+ /* Fix transmit hangs */ -+ val = tr32(TG3_CPMU_PADRNG_CTL); -+ val |= TG3_CPMU_PADRNG_CTL_RDIV2; -+ tw32(TG3_CPMU_PADRNG_CTL, val); -+ -+ grc_mode = tr32(GRC_MODE); - - /* Access the lower 1K of DL PCIE block registers. */ - val = grc_mode & ~GRC_MODE_PCIE_PORT_MASK; -@@ -9413,6 +9421,14 @@ static int tg3_reset_hw(struct tg3 *tp, int reset_phy) - if (tg3_flag(tp, PCI_EXPRESS)) - rdmac_mode |= RDMAC_MODE_FIFO_LONG_BURST; - -+ if (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_57766) { -+ tp->dma_limit = 0; -+ if (tp->dev->mtu <= ETH_DATA_LEN) { -+ rdmac_mode |= RDMAC_MODE_JMB_2K_MMRR; -+ tp->dma_limit = TG3_TX_BD_DMA_MAX_2K; -+ } -+ } -+ - if (tg3_flag(tp, HW_TSO_1) || - tg3_flag(tp, HW_TSO_2) || - tg3_flag(tp, HW_TSO_3)) -diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index d330e81..6f9b74c 100644 ---- a/drivers/net/ethernet/broadcom/tg3.h -+++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -1159,6 +1159,8 @@ - #define CPMU_MUTEX_GNT_DRIVER 0x00001000 - #define TG3_CPMU_PHY_STRAP 0x00003664 - #define TG3_CPMU_PHY_STRAP_IS_SERDES 0x00000020 -+#define TG3_CPMU_PADRNG_CTL 0x00003668 -+#define TG3_CPMU_PADRNG_CTL_RDIV2 0x00040000 - /* 0x3664 --> 0x36b0 unused */ - - #define TG3_CPMU_EEE_MODE 0x000036b0 -diff --git a/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h b/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h -index 6e1915a..c00c13a 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h -+++ b/drivers/net/wireless/ath/ath9k/ar9580_1p0_initvals.h -@@ -519,7 +519,7 @@ static const u32 ar9580_1p0_mac_core[][2] = { - {0x00008258, 0x00000000}, - {0x0000825c, 0x40000000}, - {0x00008260, 0x00080922}, -- {0x00008264, 0x9bc00010}, -+ {0x00008264, 0x9d400010}, - {0x00008268, 0xffffffff}, - {0x0000826c, 0x0000ffff}, - {0x00008270, 0x00000000}, -diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_init.c b/drivers/net/wireless/ath/ath9k/htc_drv_init.c -index 05d5ba6..0663653 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_drv_init.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_init.c -@@ -796,7 +796,7 @@ static int ath9k_init_firmware_version(struct ath9k_htc_priv *priv) - * required version. - */ - if (priv->fw_version_major != MAJOR_VERSION_REQ || -- priv->fw_version_minor != MINOR_VERSION_REQ) { -+ priv->fw_version_minor < MINOR_VERSION_REQ) { - dev_err(priv->dev, "ath9k_htc: Please upgrade to FW version %d.%d\n", - MAJOR_VERSION_REQ, MINOR_VERSION_REQ); - return -EINVAL; -diff --git a/drivers/net/wireless/b43/phy_n.c b/drivers/net/wireless/b43/phy_n.c -index e8486c1..b70f220 100644 ---- a/drivers/net/wireless/b43/phy_n.c -+++ b/drivers/net/wireless/b43/phy_n.c -@@ -5165,7 +5165,8 @@ static void b43_nphy_pmu_spur_avoid(struct b43_wldev *dev, bool avoid) - #endif - #ifdef CONFIG_B43_SSB - case B43_BUS_SSB: -- /* FIXME */ -+ ssb_pmu_spuravoid_pllupdate(&dev->dev->sdev->bus->chipco, -+ avoid); - break; - #endif - } -diff --git a/drivers/ssb/driver_chipcommon_pmu.c b/drivers/ssb/driver_chipcommon_pmu.c -index a43415a..bc75528 100644 ---- a/drivers/ssb/driver_chipcommon_pmu.c -+++ b/drivers/ssb/driver_chipcommon_pmu.c -@@ -675,3 +675,32 @@ u32 ssb_pmu_get_controlclock(struct ssb_chipcommon *cc) - return 0; - } - } -+ -+void ssb_pmu_spuravoid_pllupdate(struct ssb_chipcommon *cc, int spuravoid) -+{ -+ u32 pmu_ctl = 0; -+ -+ switch (cc->dev->bus->chip_id) { -+ case 0x4322: -+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL0, 0x11100070); -+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL1, 0x1014140a); -+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL5, 0x88888854); -+ if (spuravoid == 1) -+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL2, 0x05201828); -+ else -+ ssb_chipco_pll_write(cc, SSB_PMU1_PLLCTL2, 0x05001828); -+ pmu_ctl = SSB_CHIPCO_PMU_CTL_PLL_UPD; -+ break; -+ case 43222: -+ /* TODO: BCM43222 requires updating PLLs too */ -+ return; -+ default: -+ ssb_printk(KERN_ERR PFX -+ "Unknown spuravoidance settings for chip 0x%04X, not changing PLL\n", -+ cc->dev->bus->chip_id); -+ return; -+ } -+ -+ chipco_set32(cc, SSB_CHIPCO_PMU_CTL, pmu_ctl); -+} -+EXPORT_SYMBOL_GPL(ssb_pmu_spuravoid_pllupdate); -diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index dc61c12..0a49456 100644 ---- a/drivers/video/fbmem.c -+++ b/drivers/video/fbmem.c -@@ -1373,15 +1373,12 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) - { - struct fb_info *info = file_fb_info(file); - struct fb_ops *fb; -- unsigned long off; -+ unsigned long mmio_pgoff; - unsigned long start; - u32 len; - - if (!info) - return -ENODEV; -- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) -- return -EINVAL; -- off = vma->vm_pgoff << PAGE_SHIFT; - fb = info->fbops; - if (!fb) - return -ENODEV; -@@ -1393,32 +1390,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) - return res; - } - -- /* frame buffer memory */ -+ /* -+ * Ugh. This can be either the frame buffer mapping, or -+ * if pgoff points past it, the mmio mapping. -+ */ - start = info->fix.smem_start; -- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len); -- if (off >= len) { -- /* memory mapped io */ -- off -= len; -- if (info->var.accel_flags) { -- mutex_unlock(&info->mm_lock); -- return -EINVAL; -- } -+ len = info->fix.smem_len; -+ mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT; -+ if (vma->vm_pgoff >= mmio_pgoff) { -+ vma->vm_pgoff -= mmio_pgoff; - start = info->fix.mmio_start; -- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len); -+ len = info->fix.mmio_len; - } - mutex_unlock(&info->mm_lock); -- start &= PAGE_MASK; -- if ((vma->vm_end - vma->vm_start + off) > len) -- return -EINVAL; -- off += start; -- vma->vm_pgoff = off >> PAGE_SHIFT; -- /* VM_IO | VM_DONTEXPAND | VM_DONTDUMP are set by io_remap_pfn_range()*/ -+ - vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); -- fb_pgprotect(file, vma, off); -- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, -- vma->vm_end - vma->vm_start, vma->vm_page_prot)) -- return -EAGAIN; -- return 0; -+ fb_pgprotect(file, vma, start); -+ -+ return vm_iomap_memory(vma, start, len); - } - - static int -diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 0c42cdb..5843a47 100644 ---- a/fs/binfmt_elf.c -+++ b/fs/binfmt_elf.c -@@ -1132,6 +1132,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, - goto whole; - if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE)) - goto whole; -+ return 0; - } - - /* Do not dump I/O mapped devices or special mappings */ -diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c -index 744a69b..8a00e2f 100644 ---- a/fs/btrfs/tree-log.c -+++ b/fs/btrfs/tree-log.c -@@ -318,6 +318,7 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans, - unsigned long src_ptr; - unsigned long dst_ptr; - int overwrite_root = 0; -+ bool inode_item = key->type == BTRFS_INODE_ITEM_KEY; - - if (root->root_key.objectid != BTRFS_TREE_LOG_OBJECTID) - overwrite_root = 1; -@@ -327,6 +328,9 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans, - - /* look for the key in the destination tree */ - ret = btrfs_search_slot(NULL, root, key, path, 0, 0); -+ if (ret < 0) -+ return ret; -+ - if (ret == 0) { - char *src_copy; - char *dst_copy; -@@ -368,6 +372,30 @@ static noinline int overwrite_item(struct btrfs_trans_handle *trans, - return 0; - } - -+ /* -+ * We need to load the old nbytes into the inode so when we -+ * replay the extents we've logged we get the right nbytes. -+ */ -+ if (inode_item) { -+ struct btrfs_inode_item *item; -+ u64 nbytes; -+ -+ item = btrfs_item_ptr(path->nodes[0], path->slots[0], -+ struct btrfs_inode_item); -+ nbytes = btrfs_inode_nbytes(path->nodes[0], item); -+ item = btrfs_item_ptr(eb, slot, -+ struct btrfs_inode_item); -+ btrfs_set_inode_nbytes(eb, item, nbytes); -+ } -+ } else if (inode_item) { -+ struct btrfs_inode_item *item; -+ -+ /* -+ * New inode, set nbytes to 0 so that the nbytes comes out -+ * properly when we replay the extents. -+ */ -+ item = btrfs_item_ptr(eb, slot, struct btrfs_inode_item); -+ btrfs_set_inode_nbytes(eb, item, 0); - } - insert: - btrfs_release_path(path); -@@ -488,7 +516,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, - u64 mask = root->sectorsize - 1; - u64 extent_end; - u64 start = key->offset; -- u64 saved_nbytes; -+ u64 nbytes = 0; - struct btrfs_file_extent_item *item; - struct inode *inode = NULL; - unsigned long size; -@@ -498,10 +526,19 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, - found_type = btrfs_file_extent_type(eb, item); - - if (found_type == BTRFS_FILE_EXTENT_REG || -- found_type == BTRFS_FILE_EXTENT_PREALLOC) -- extent_end = start + btrfs_file_extent_num_bytes(eb, item); -- else if (found_type == BTRFS_FILE_EXTENT_INLINE) { -+ found_type == BTRFS_FILE_EXTENT_PREALLOC) { -+ nbytes = btrfs_file_extent_num_bytes(eb, item); -+ extent_end = start + nbytes; -+ -+ /* -+ * We don't add to the inodes nbytes if we are prealloc or a -+ * hole. -+ */ -+ if (btrfs_file_extent_disk_bytenr(eb, item) == 0) -+ nbytes = 0; -+ } else if (found_type == BTRFS_FILE_EXTENT_INLINE) { - size = btrfs_file_extent_inline_len(eb, item); -+ nbytes = btrfs_file_extent_ram_bytes(eb, item); - extent_end = (start + size + mask) & ~mask; - } else { - ret = 0; -@@ -550,7 +587,6 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, - } - btrfs_release_path(path); - -- saved_nbytes = inode_get_bytes(inode); - /* drop any overlapping extents */ - ret = btrfs_drop_extents(trans, root, inode, start, extent_end, 1); - BUG_ON(ret); -@@ -637,7 +673,7 @@ static noinline int replay_one_extent(struct btrfs_trans_handle *trans, - BUG_ON(ret); - } - -- inode_set_bytes(inode, saved_nbytes); -+ inode_add_bytes(inode, nbytes); - ret = btrfs_update_inode(trans, root, inode); - out: - if (inode) -diff --git a/fs/hfsplus/extents.c b/fs/hfsplus/extents.c -index eba76ea..fc8ddc1 100644 ---- a/fs/hfsplus/extents.c -+++ b/fs/hfsplus/extents.c -@@ -533,7 +533,7 @@ void hfsplus_file_truncate(struct inode *inode) - struct address_space *mapping = inode->i_mapping; - struct page *page; - void *fsdata; -- u32 size = inode->i_size; -+ loff_t size = inode->i_size; - - res = pagecache_write_begin(NULL, mapping, size, 0, - AOP_FLAG_UNINTERRUPTIBLE, -diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 78bde32..ccee8cc 100644 ---- a/fs/hugetlbfs/inode.c -+++ b/fs/hugetlbfs/inode.c -@@ -110,7 +110,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma) - * way when do_mmap_pgoff unwinds (may be important on powerpc - * and ia64). - */ -- vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND | VM_DONTDUMP; -+ vma->vm_flags |= VM_HUGETLB | VM_DONTEXPAND; - vma->vm_ops = &hugetlb_vm_ops; - - if (vma->vm_pgoff & (~huge_page_mask(h) >> PAGE_SHIFT)) -diff --git a/fs/proc/array.c b/fs/proc/array.c -index 6a91e6f..be3c22f 100644 ---- a/fs/proc/array.c -+++ b/fs/proc/array.c -@@ -143,6 +143,7 @@ static const char * const task_state_array[] = { - "x (dead)", /* 64 */ - "K (wakekill)", /* 128 */ - "W (waking)", /* 256 */ -+ "P (parked)", /* 512 */ - }; - - static inline const char *get_task_state(struct task_struct *tsk) -diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index 2c497ab..ffdf8b7 100644 ---- a/include/linux/kvm_host.h -+++ b/include/linux/kvm_host.h -@@ -511,7 +511,7 @@ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, - int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, - void *data, unsigned long len); - int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- gpa_t gpa); -+ gpa_t gpa, unsigned long len); - int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len); - int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); - struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); -diff --git a/include/linux/kvm_types.h b/include/linux/kvm_types.h -index fa7cc72..b0bcce0 100644 ---- a/include/linux/kvm_types.h -+++ b/include/linux/kvm_types.h -@@ -71,6 +71,7 @@ struct gfn_to_hva_cache { - u64 generation; - gpa_t gpa; - unsigned long hva; -+ unsigned long len; - struct kvm_memory_slot *memslot; - }; - -diff --git a/include/linux/mm.h b/include/linux/mm.h -index 66e2f7c..9568b90 100644 ---- a/include/linux/mm.h -+++ b/include/linux/mm.h -@@ -1623,6 +1623,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr, - unsigned long pfn); - int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, - unsigned long pfn); -+int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len); -+ - - struct page *follow_page(struct vm_area_struct *, unsigned long address, - unsigned int foll_flags); -diff --git a/include/linux/sched.h b/include/linux/sched.h -index d211247..7e49270 100644 ---- a/include/linux/sched.h -+++ b/include/linux/sched.h -@@ -163,9 +163,10 @@ print_cfs_rq(struct seq_file *m, int cpu, struct cfs_rq *cfs_rq) - #define TASK_DEAD 64 - #define TASK_WAKEKILL 128 - #define TASK_WAKING 256 --#define TASK_STATE_MAX 512 -+#define TASK_PARKED 512 -+#define TASK_STATE_MAX 1024 - --#define TASK_STATE_TO_CHAR_STR "RSDTtZXxKW" -+#define TASK_STATE_TO_CHAR_STR "RSDTtZXxKWP" - - extern char ___assert_task_state[1 - 2*!!( - sizeof(TASK_STATE_TO_CHAR_STR)-1 != ilog2(TASK_STATE_MAX)+1)]; -diff --git a/include/linux/ssb/ssb_driver_chipcommon.h b/include/linux/ssb/ssb_driver_chipcommon.h -index 9e492be..6fcfe99 100644 ---- a/include/linux/ssb/ssb_driver_chipcommon.h -+++ b/include/linux/ssb/ssb_driver_chipcommon.h -@@ -219,6 +219,7 @@ - #define SSB_CHIPCO_PMU_CTL 0x0600 /* PMU control */ - #define SSB_CHIPCO_PMU_CTL_ILP_DIV 0xFFFF0000 /* ILP div mask */ - #define SSB_CHIPCO_PMU_CTL_ILP_DIV_SHIFT 16 -+#define SSB_CHIPCO_PMU_CTL_PLL_UPD 0x00000400 - #define SSB_CHIPCO_PMU_CTL_NOILPONW 0x00000200 /* No ILP on wait */ - #define SSB_CHIPCO_PMU_CTL_HTREQEN 0x00000100 /* HT req enable */ - #define SSB_CHIPCO_PMU_CTL_ALPREQEN 0x00000080 /* ALP req enable */ -@@ -667,5 +668,6 @@ enum ssb_pmu_ldo_volt_id { - void ssb_pmu_set_ldo_voltage(struct ssb_chipcommon *cc, - enum ssb_pmu_ldo_volt_id id, u32 voltage); - void ssb_pmu_set_ldo_paref(struct ssb_chipcommon *cc, bool on); -+void ssb_pmu_spuravoid_pllupdate(struct ssb_chipcommon *cc, int spuravoid); - - #endif /* LINUX_SSB_CHIPCO_H_ */ -diff --git a/include/trace/events/sched.h b/include/trace/events/sched.h -index 5a8671e..e5586ca 100644 ---- a/include/trace/events/sched.h -+++ b/include/trace/events/sched.h -@@ -147,7 +147,7 @@ TRACE_EVENT(sched_switch, - __print_flags(__entry->prev_state & (TASK_STATE_MAX-1), "|", - { 1, "S"} , { 2, "D" }, { 4, "T" }, { 8, "t" }, - { 16, "Z" }, { 32, "X" }, { 64, "x" }, -- { 128, "W" }) : "R", -+ { 128, "K" }, { 256, "W" }, { 512, "P" }) : "R", - __entry->prev_state & TASK_STATE_MAX ? "+" : "", - __entry->next_comm, __entry->next_pid, __entry->next_prio) - ); -diff --git a/kernel/events/core.c b/kernel/events/core.c -index 7b6646a..0600d3b 100644 ---- a/kernel/events/core.c -+++ b/kernel/events/core.c -@@ -5328,7 +5328,7 @@ static void sw_perf_event_destroy(struct perf_event *event) - - static int perf_swevent_init(struct perf_event *event) - { -- int event_id = event->attr.config; -+ u64 event_id = event->attr.config; - - if (event->attr.type != PERF_TYPE_SOFTWARE) - return -ENOENT; -diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index cdd5607..e4cee8d 100644 ---- a/kernel/hrtimer.c -+++ b/kernel/hrtimer.c -@@ -61,6 +61,7 @@ - DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = - { - -+ .lock = __RAW_SPIN_LOCK_UNLOCKED(hrtimer_bases.lock), - .clock_base = - { - { -@@ -1640,8 +1641,6 @@ static void __cpuinit init_hrtimers_cpu(int cpu) - struct hrtimer_cpu_base *cpu_base = &per_cpu(hrtimer_bases, cpu); - int i; - -- raw_spin_lock_init(&cpu_base->lock); -- - for (i = 0; i < HRTIMER_MAX_CLOCK_BASES; i++) { - cpu_base->clock_base[i].cpu_base = cpu_base; - timerqueue_init_head(&cpu_base->clock_base[i].active); -diff --git a/kernel/kthread.c b/kernel/kthread.c -index 691dc2e..9eb7fed 100644 ---- a/kernel/kthread.c -+++ b/kernel/kthread.c -@@ -124,12 +124,12 @@ void *kthread_data(struct task_struct *task) - - static void __kthread_parkme(struct kthread *self) - { -- __set_current_state(TASK_INTERRUPTIBLE); -+ __set_current_state(TASK_PARKED); - while (test_bit(KTHREAD_SHOULD_PARK, &self->flags)) { - if (!test_and_set_bit(KTHREAD_IS_PARKED, &self->flags)) - complete(&self->parked); - schedule(); -- __set_current_state(TASK_INTERRUPTIBLE); -+ __set_current_state(TASK_PARKED); - } - clear_bit(KTHREAD_IS_PARKED, &self->flags); - __set_current_state(TASK_RUNNING); -@@ -256,8 +256,13 @@ struct task_struct *kthread_create_on_node(int (*threadfn)(void *data), - } - EXPORT_SYMBOL(kthread_create_on_node); - --static void __kthread_bind(struct task_struct *p, unsigned int cpu) -+static void __kthread_bind(struct task_struct *p, unsigned int cpu, long state) - { -+ /* Must have done schedule() in kthread() before we set_task_cpu */ -+ if (!wait_task_inactive(p, state)) { -+ WARN_ON(1); -+ return; -+ } - /* It's safe because the task is inactive. */ - do_set_cpus_allowed(p, cpumask_of(cpu)); - p->flags |= PF_THREAD_BOUND; -@@ -274,12 +279,7 @@ static void __kthread_bind(struct task_struct *p, unsigned int cpu) - */ - void kthread_bind(struct task_struct *p, unsigned int cpu) - { -- /* Must have done schedule() in kthread() before we set_task_cpu */ -- if (!wait_task_inactive(p, TASK_UNINTERRUPTIBLE)) { -- WARN_ON(1); -- return; -- } -- __kthread_bind(p, cpu); -+ __kthread_bind(p, cpu, TASK_UNINTERRUPTIBLE); - } - EXPORT_SYMBOL(kthread_bind); - -@@ -324,6 +324,22 @@ static struct kthread *task_get_live_kthread(struct task_struct *k) - return NULL; - } - -+static void __kthread_unpark(struct task_struct *k, struct kthread *kthread) -+{ -+ clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags); -+ /* -+ * We clear the IS_PARKED bit here as we don't wait -+ * until the task has left the park code. So if we'd -+ * park before that happens we'd see the IS_PARKED bit -+ * which might be about to be cleared. -+ */ -+ if (test_and_clear_bit(KTHREAD_IS_PARKED, &kthread->flags)) { -+ if (test_bit(KTHREAD_IS_PER_CPU, &kthread->flags)) -+ __kthread_bind(k, kthread->cpu, TASK_PARKED); -+ wake_up_state(k, TASK_PARKED); -+ } -+} -+ - /** - * kthread_unpark - unpark a thread created by kthread_create(). - * @k: thread created by kthread_create(). -@@ -336,20 +352,8 @@ void kthread_unpark(struct task_struct *k) - { - struct kthread *kthread = task_get_live_kthread(k); - -- if (kthread) { -- clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags); -- /* -- * We clear the IS_PARKED bit here as we don't wait -- * until the task has left the park code. So if we'd -- * park before that happens we'd see the IS_PARKED bit -- * which might be about to be cleared. -- */ -- if (test_and_clear_bit(KTHREAD_IS_PARKED, &kthread->flags)) { -- if (test_bit(KTHREAD_IS_PER_CPU, &kthread->flags)) -- __kthread_bind(k, kthread->cpu); -- wake_up_process(k); -- } -- } -+ if (kthread) -+ __kthread_unpark(k, kthread); - put_task_struct(k); - } - -@@ -407,7 +411,7 @@ int kthread_stop(struct task_struct *k) - trace_sched_kthread_stop(k); - if (kthread) { - set_bit(KTHREAD_SHOULD_STOP, &kthread->flags); -- clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags); -+ __kthread_unpark(k, kthread); - wake_up_process(k); - wait_for_completion(&kthread->exited); - } -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 26058d0..5e2f7c3 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -1488,8 +1488,10 @@ static void try_to_wake_up_local(struct task_struct *p) - { - struct rq *rq = task_rq(p); - -- BUG_ON(rq != this_rq()); -- BUG_ON(p == current); -+ if (WARN_ON_ONCE(rq != this_rq()) || -+ WARN_ON_ONCE(p == current)) -+ return; -+ - lockdep_assert_held(&rq->lock); - - if (!raw_spin_trylock(&p->pi_lock)) { -@@ -4948,7 +4950,7 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) - } - - static int min_load_idx = 0; --static int max_load_idx = CPU_LOAD_IDX_MAX; -+static int max_load_idx = CPU_LOAD_IDX_MAX-1; - - static void - set_table_entry(struct ctl_table *entry, -diff --git a/kernel/signal.c b/kernel/signal.c -index dec9c30..50e425c 100644 ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -2880,7 +2880,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) - - static int do_tkill(pid_t tgid, pid_t pid, int sig) - { -- struct siginfo info; -+ struct siginfo info = {}; - - info.si_signo = sig; - info.si_errno = 0; -diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index f45e128..f359dc7 100644 ---- a/kernel/user_namespace.c -+++ b/kernel/user_namespace.c -@@ -25,7 +25,8 @@ - - static struct kmem_cache *user_ns_cachep __read_mostly; - --static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, -+static bool new_idmap_permitted(const struct file *file, -+ struct user_namespace *ns, int cap_setid, - struct uid_gid_map *map); - - static void set_cred_user_ns(struct cred *cred, struct user_namespace *user_ns) -@@ -575,10 +576,10 @@ static ssize_t map_write(struct file *file, const char __user *buf, - if (map->nr_extents != 0) - goto out; - -- /* Require the appropriate privilege CAP_SETUID or CAP_SETGID -- * over the user namespace in order to set the id mapping. -+ /* -+ * Adjusting namespace settings requires capabilities on the target. - */ -- if (cap_valid(cap_setid) && !ns_capable(ns, cap_setid)) -+ if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) - goto out; - - /* Get a buffer */ -@@ -666,7 +667,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, - - ret = -EPERM; - /* Validate the user is allowed to use user id's mapped to. */ -- if (!new_idmap_permitted(ns, cap_setid, &new_map)) -+ if (!new_idmap_permitted(file, ns, cap_setid, &new_map)) - goto out; - - /* Map the lower ids from the parent user namespace to the -@@ -753,7 +754,8 @@ ssize_t proc_projid_map_write(struct file *file, const char __user *buf, size_t - &ns->projid_map, &ns->parent->projid_map); - } - --static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, -+static bool new_idmap_permitted(const struct file *file, -+ struct user_namespace *ns, int cap_setid, - struct uid_gid_map *new_map) - { - /* Allow mapping to your own filesystem ids */ -@@ -761,12 +763,12 @@ static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, - u32 id = new_map->extent[0].lower_first; - if (cap_setid == CAP_SETUID) { - kuid_t uid = make_kuid(ns->parent, id); -- if (uid_eq(uid, current_fsuid())) -+ if (uid_eq(uid, file->f_cred->fsuid)) - return true; - } - else if (cap_setid == CAP_SETGID) { - kgid_t gid = make_kgid(ns->parent, id); -- if (gid_eq(gid, current_fsgid())) -+ if (gid_eq(gid, file->f_cred->fsgid)) - return true; - } - } -@@ -777,8 +779,10 @@ static bool new_idmap_permitted(struct user_namespace *ns, int cap_setid, - - /* Allow the specified ids if we have the appropriate capability - * (CAP_SETUID or CAP_SETGID) over the parent user namespace. -+ * And the opener of the id file also had the approprpiate capability. - */ -- if (ns_capable(ns->parent, cap_setid)) -+ if (ns_capable(ns->parent, cap_setid) && -+ file_ns_capable(file, ns->parent, cap_setid)) - return true; - - return false; -diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index d7cec92..88eb939 100644 ---- a/mm/hugetlb.c -+++ b/mm/hugetlb.c -@@ -2965,7 +2965,17 @@ int follow_hugetlb_page(struct mm_struct *mm, struct vm_area_struct *vma, - break; - } - -- if (absent || -+ /* -+ * We need call hugetlb_fault for both hugepages under migration -+ * (in which case hugetlb_fault waits for the migration,) and -+ * hwpoisoned hugepages (in which case we need to prevent the -+ * caller from accessing to them.) In order to do this, we use -+ * here is_swap_pte instead of is_hugetlb_entry_migration and -+ * is_hugetlb_entry_hwpoisoned. This is because it simply covers -+ * both cases, and because we can't follow correct pages -+ * directly from any kind of swap entries. -+ */ -+ if (absent || is_swap_pte(huge_ptep_get(pte)) || - ((flags & FOLL_WRITE) && !pte_write(huge_ptep_get(pte)))) { - int ret; - -diff --git a/mm/memory.c b/mm/memory.c -index f8b734a..32a495a 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -2358,6 +2358,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr, - } - EXPORT_SYMBOL(remap_pfn_range); - -+/** -+ * vm_iomap_memory - remap memory to userspace -+ * @vma: user vma to map to -+ * @start: start of area -+ * @len: size of area -+ * -+ * This is a simplified io_remap_pfn_range() for common driver use. The -+ * driver just needs to give us the physical memory range to be mapped, -+ * we'll figure out the rest from the vma information. -+ * -+ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get -+ * whatever write-combining details or similar. -+ */ -+int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len) -+{ -+ unsigned long vm_len, pfn, pages; -+ -+ /* Check that the physical memory area passed in looks valid */ -+ if (start + len < start) -+ return -EINVAL; -+ /* -+ * You *really* shouldn't map things that aren't page-aligned, -+ * but we've historically allowed it because IO memory might -+ * just have smaller alignment. -+ */ -+ len += start & ~PAGE_MASK; -+ pfn = start >> PAGE_SHIFT; -+ pages = (len + ~PAGE_MASK) >> PAGE_SHIFT; -+ if (pfn + pages < pfn) -+ return -EINVAL; -+ -+ /* We start the mapping 'vm_pgoff' pages into the area */ -+ if (vma->vm_pgoff > pages) -+ return -EINVAL; -+ pfn += vma->vm_pgoff; -+ pages -= vma->vm_pgoff; -+ -+ /* Can we fit all of the mapping? */ -+ vm_len = vma->vm_end - vma->vm_start; -+ if (vm_len >> PAGE_SHIFT > pages) -+ return -EINVAL; -+ -+ /* Ok, let it rip */ -+ return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot); -+} -+EXPORT_SYMBOL(vm_iomap_memory); -+ - static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd, - unsigned long addr, unsigned long end, - pte_fn_t fn, void *data) -diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c -index e14e676..a1a7997 100644 ---- a/net/mac80211/mlme.c -+++ b/net/mac80211/mlme.c -@@ -3723,8 +3723,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, - /* prep auth_data so we don't go into idle on disassoc */ - ifmgd->auth_data = auth_data; - -- if (ifmgd->associated) -- ieee80211_set_disassoc(sdata, 0, 0, false, NULL); -+ if (ifmgd->associated) { -+ u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; -+ -+ ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, -+ WLAN_REASON_UNSPECIFIED, -+ false, frame_buf); -+ -+ __cfg80211_send_deauth(sdata->dev, frame_buf, -+ sizeof(frame_buf)); -+ } - - sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid); - -@@ -3783,8 +3791,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, - - mutex_lock(&ifmgd->mtx); - -- if (ifmgd->associated) -- ieee80211_set_disassoc(sdata, 0, 0, false, NULL); -+ if (ifmgd->associated) { -+ u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; -+ -+ ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, -+ WLAN_REASON_UNSPECIFIED, -+ false, frame_buf); -+ -+ __cfg80211_send_deauth(sdata->dev, frame_buf, -+ sizeof(frame_buf)); -+ } - - if (ifmgd->auth_data && !ifmgd->auth_data->done) { - err = -EBUSY; -diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 09b4286..f4aaf5a 100644 ---- a/sound/core/pcm_native.c -+++ b/sound/core/pcm_native.c -@@ -3222,18 +3222,10 @@ EXPORT_SYMBOL_GPL(snd_pcm_lib_default_mmap); - int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream, - struct vm_area_struct *area) - { -- long size; -- unsigned long offset; -+ struct snd_pcm_runtime *runtime = substream->runtime;; - - area->vm_page_prot = pgprot_noncached(area->vm_page_prot); -- area->vm_flags |= VM_IO; -- size = area->vm_end - area->vm_start; -- offset = area->vm_pgoff << PAGE_SHIFT; -- if (io_remap_pfn_range(area, area->vm_start, -- (substream->runtime->dma_addr + offset) >> PAGE_SHIFT, -- size, area->vm_page_prot)) -- return -EAGAIN; -- return 0; -+ return vm_iomap_memory(area, runtime->dma_addr, runtime->dma_bytes); - } - - EXPORT_SYMBOL(snd_pcm_lib_mmap_iomem); -diff --git a/virt/kvm/ioapic.c b/virt/kvm/ioapic.c -index cfb7e4d..52058f0 100644 ---- a/virt/kvm/ioapic.c -+++ b/virt/kvm/ioapic.c -@@ -73,9 +73,12 @@ static unsigned long ioapic_read_indirect(struct kvm_ioapic *ioapic, - u32 redir_index = (ioapic->ioregsel - 0x10) >> 1; - u64 redir_content; - -- ASSERT(redir_index < IOAPIC_NUM_PINS); -+ if (redir_index < IOAPIC_NUM_PINS) -+ redir_content = -+ ioapic->redirtbl[redir_index].bits; -+ else -+ redir_content = ~0ULL; - -- redir_content = ioapic->redirtbl[redir_index].bits; - result = (ioapic->ioregsel & 0x1) ? - (redir_content >> 32) & 0xffffffff : - redir_content & 0xffffffff; -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 1cd693a..10afa34 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -1476,21 +1476,38 @@ int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, - } - - int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- gpa_t gpa) -+ gpa_t gpa, unsigned long len) - { - struct kvm_memslots *slots = kvm_memslots(kvm); - int offset = offset_in_page(gpa); -- gfn_t gfn = gpa >> PAGE_SHIFT; -+ gfn_t start_gfn = gpa >> PAGE_SHIFT; -+ gfn_t end_gfn = (gpa + len - 1) >> PAGE_SHIFT; -+ gfn_t nr_pages_needed = end_gfn - start_gfn + 1; -+ gfn_t nr_pages_avail; - - ghc->gpa = gpa; - ghc->generation = slots->generation; -- ghc->memslot = gfn_to_memslot(kvm, gfn); -- ghc->hva = gfn_to_hva_many(ghc->memslot, gfn, NULL); -- if (!kvm_is_error_hva(ghc->hva)) -+ ghc->len = len; -+ ghc->memslot = gfn_to_memslot(kvm, start_gfn); -+ ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn, &nr_pages_avail); -+ if (!kvm_is_error_hva(ghc->hva) && nr_pages_avail >= nr_pages_needed) { - ghc->hva += offset; -- else -- return -EFAULT; -- -+ } else { -+ /* -+ * If the requested region crosses two memslots, we still -+ * verify that the entire region is valid here. -+ */ -+ while (start_gfn <= end_gfn) { -+ ghc->memslot = gfn_to_memslot(kvm, start_gfn); -+ ghc->hva = gfn_to_hva_many(ghc->memslot, start_gfn, -+ &nr_pages_avail); -+ if (kvm_is_error_hva(ghc->hva)) -+ return -EFAULT; -+ start_gfn += nr_pages_avail; -+ } -+ /* Use the slow path for cross page reads and writes. */ -+ ghc->memslot = NULL; -+ } - return 0; - } - EXPORT_SYMBOL_GPL(kvm_gfn_to_hva_cache_init); -@@ -1501,8 +1518,13 @@ int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, - struct kvm_memslots *slots = kvm_memslots(kvm); - int r; - -+ BUG_ON(len > ghc->len); -+ - if (slots->generation != ghc->generation) -- kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa); -+ kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len); -+ -+ if (unlikely(!ghc->memslot)) -+ return kvm_write_guest(kvm, ghc->gpa, data, len); - - if (kvm_is_error_hva(ghc->hva)) - return -EFAULT; -@@ -1522,8 +1544,13 @@ int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, - struct kvm_memslots *slots = kvm_memslots(kvm); - int r; - -+ BUG_ON(len > ghc->len); -+ - if (slots->generation != ghc->generation) -- kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa); -+ kvm_gfn_to_hva_cache_init(kvm, ghc, ghc->gpa, ghc->len); -+ -+ if (unlikely(!ghc->memslot)) -+ return kvm_read_guest(kvm, ghc->gpa, data, len); - - if (kvm_is_error_hva(ghc->hva)) - return -EFAULT; diff --git a/3.8.10/1009_linux-3.8.10.patch b/3.8.10/1009_linux-3.8.10.patch deleted file mode 100644 index 330becd..0000000 --- a/3.8.10/1009_linux-3.8.10.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff --git a/Makefile b/Makefile -index 3ae4796..e2b10b9 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 8 --SUBLEVEL = 9 -+SUBLEVEL = 10 - EXTRAVERSION = - NAME = Displaced Humerus Anterior - -diff --git a/include/linux/capability.h b/include/linux/capability.h -index 98503b7..d9a4f7f4 100644 ---- a/include/linux/capability.h -+++ b/include/linux/capability.h -@@ -35,6 +35,7 @@ struct cpu_vfs_cap_data { - #define _KERNEL_CAP_T_SIZE (sizeof(kernel_cap_t)) - - -+struct file; - struct inode; - struct dentry; - struct user_namespace; -@@ -211,6 +212,7 @@ extern bool capable(int cap); - extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool nsown_capable(int cap); - extern bool inode_capable(const struct inode *inode, int cap); -+extern bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap); - - /* audit system wants to get cap info from files as well */ - extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); -diff --git a/kernel/capability.c b/kernel/capability.c -index 493d972..f6c2ce5 100644 ---- a/kernel/capability.c -+++ b/kernel/capability.c -@@ -393,6 +393,30 @@ bool ns_capable(struct user_namespace *ns, int cap) - EXPORT_SYMBOL(ns_capable); - - /** -+ * file_ns_capable - Determine if the file's opener had a capability in effect -+ * @file: The file we want to check -+ * @ns: The usernamespace we want the capability in -+ * @cap: The capability to be tested for -+ * -+ * Return true if task that opened the file had a capability in effect -+ * when the file was opened. -+ * -+ * This does not set PF_SUPERPRIV because the caller may not -+ * actually be privileged. -+ */ -+bool file_ns_capable(const struct file *file, struct user_namespace *ns, int cap) -+{ -+ if (WARN_ON_ONCE(!cap_valid(cap))) -+ return false; -+ -+ if (security_capable(file->f_cred, ns, cap) == 0) -+ return true; -+ -+ return false; -+} -+EXPORT_SYMBOL(file_ns_capable); -+ -+/** - * capable - Determine if the current task has a superior capability in effect - * @cap: The capability to be tested for - * diff --git a/3.8.10/0000_README b/3.8.11/0000_README index 0fb80bd..40dc014 100644 --- a/3.8.10/0000_README +++ b/3.8.11/0000_README @@ -2,15 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1008_linux-3.8.9.patch +Patch: 1010_linux-3.8.11.patch From: http://www.kernel.org -Desc: Linux 3.8.9 +Desc: Linux 3.8.11 -Patch: 1009_linux-3.8.10.patch -From: http://www.kernel.org -Desc: Linux 3.8.10 - -Patch: 4420_grsecurity-2.9.1-3.8.10-201304262208.patch +Patch: 4420_grsecurity-2.9.1-3.8.11-201305011917.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.8.11/1010_linux-3.8.11.patch b/3.8.11/1010_linux-3.8.11.patch new file mode 100644 index 0000000..244c734 --- /dev/null +++ b/3.8.11/1010_linux-3.8.11.patch @@ -0,0 +1,1556 @@ +diff --git a/Makefile b/Makefile +index e2b10b9..7e4eee5 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 8 +-SUBLEVEL = 10 ++SUBLEVEL = 11 + EXTRAVERSION = + NAME = Displaced Humerus Anterior + +diff --git a/arch/arm/include/asm/hardware/iop3xx.h b/arch/arm/include/asm/hardware/iop3xx.h +index 02fe2fb..ed94b1a 100644 +--- a/arch/arm/include/asm/hardware/iop3xx.h ++++ b/arch/arm/include/asm/hardware/iop3xx.h +@@ -37,7 +37,7 @@ extern int iop3xx_get_init_atu(void); + * IOP3XX processor registers + */ + #define IOP3XX_PERIPHERAL_PHYS_BASE 0xffffe000 +-#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfeffe000 ++#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfedfe000 + #define IOP3XX_PERIPHERAL_SIZE 0x00002000 + #define IOP3XX_PERIPHERAL_UPPER_PA (IOP3XX_PERIPHERAL_PHYS_BASE +\ + IOP3XX_PERIPHERAL_SIZE - 1) +diff --git a/arch/arm/kernel/sched_clock.c b/arch/arm/kernel/sched_clock.c +index bd6f56b..59d2adb 100644 +--- a/arch/arm/kernel/sched_clock.c ++++ b/arch/arm/kernel/sched_clock.c +@@ -45,12 +45,12 @@ static u32 notrace jiffy_sched_clock_read(void) + + static u32 __read_mostly (*read_sched_clock)(void) = jiffy_sched_clock_read; + +-static inline u64 cyc_to_ns(u64 cyc, u32 mult, u32 shift) ++static inline u64 notrace cyc_to_ns(u64 cyc, u32 mult, u32 shift) + { + return (cyc * mult) >> shift; + } + +-static unsigned long long cyc_to_sched_clock(u32 cyc, u32 mask) ++static unsigned long long notrace cyc_to_sched_clock(u32 cyc, u32 mask) + { + u64 epoch_ns; + u32 epoch_cyc; +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h +index 08fcce9..7619f2f 100644 +--- a/arch/sparc/include/asm/pgtable_64.h ++++ b/arch/sparc/include/asm/pgtable_64.h +@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma, + return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); + } + ++#include <asm/tlbflush.h> + #include <asm-generic/pgtable.h> + + /* We provide our own get_unmapped_area to cope with VA holes and +diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h +index cad36f5..c7de332 100644 +--- a/arch/sparc/include/asm/switch_to_64.h ++++ b/arch/sparc/include/asm/switch_to_64.h +@@ -18,8 +18,7 @@ do { \ + * and 2 stores in this critical code path. -DaveM + */ + #define switch_to(prev, next, last) \ +-do { flush_tlb_pending(); \ +- save_and_clear_fpu(); \ ++do { save_and_clear_fpu(); \ + /* If you are tempted to conditionalize the following */ \ + /* so that ASI is only written if it changes, think again. */ \ + __asm__ __volatile__("wr %%g0, %0, %%asi" \ +diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h +index 2ef4634..f0d6a97 100644 +--- a/arch/sparc/include/asm/tlbflush_64.h ++++ b/arch/sparc/include/asm/tlbflush_64.h +@@ -11,24 +11,40 @@ + struct tlb_batch { + struct mm_struct *mm; + unsigned long tlb_nr; ++ unsigned long active; + unsigned long vaddrs[TLB_BATCH_NR]; + }; + + extern void flush_tsb_kernel_range(unsigned long start, unsigned long end); + extern void flush_tsb_user(struct tlb_batch *tb); ++extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr); + + /* TLB flush operations. */ + +-extern void flush_tlb_pending(void); ++static inline void flush_tlb_mm(struct mm_struct *mm) ++{ ++} ++ ++static inline void flush_tlb_page(struct vm_area_struct *vma, ++ unsigned long vmaddr) ++{ ++} ++ ++static inline void flush_tlb_range(struct vm_area_struct *vma, ++ unsigned long start, unsigned long end) ++{ ++} ++ ++#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE + +-#define flush_tlb_range(vma,start,end) \ +- do { (void)(start); flush_tlb_pending(); } while (0) +-#define flush_tlb_page(vma,addr) flush_tlb_pending() +-#define flush_tlb_mm(mm) flush_tlb_pending() ++extern void flush_tlb_pending(void); ++extern void arch_enter_lazy_mmu_mode(void); ++extern void arch_leave_lazy_mmu_mode(void); ++#define arch_flush_lazy_mmu_mode() do {} while (0) + + /* Local cpu only. */ + extern void __flush_tlb_all(void); +- ++extern void __flush_tlb_page(unsigned long context, unsigned long vaddr); + extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end); + + #ifndef CONFIG_SMP +@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \ + __flush_tlb_kernel_range(start,end); \ + } while (0) + ++static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr); ++} ++ + #else /* CONFIG_SMP */ + + extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end); ++extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr); + + #define flush_tlb_kernel_range(start, end) \ + do { flush_tsb_kernel_range(start,end); \ + smp_flush_tlb_kernel_range(start, end); \ + } while (0) + ++#define global_flush_tlb_page(mm, vaddr) \ ++ smp_flush_tlb_page(mm, vaddr) ++ + #endif /* ! CONFIG_SMP */ + + #endif /* _SPARC64_TLBFLUSH_H */ +diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c +index 537eb66..ca64d2a 100644 +--- a/arch/sparc/kernel/smp_64.c ++++ b/arch/sparc/kernel/smp_64.c +@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm) + } + + extern unsigned long xcall_flush_tlb_mm; +-extern unsigned long xcall_flush_tlb_pending; ++extern unsigned long xcall_flush_tlb_page; + extern unsigned long xcall_flush_tlb_kernel_range; + extern unsigned long xcall_fetch_glob_regs; + extern unsigned long xcall_fetch_glob_pmu; +@@ -1074,23 +1074,56 @@ local_flush_and_out: + put_cpu(); + } + ++struct tlb_pending_info { ++ unsigned long ctx; ++ unsigned long nr; ++ unsigned long *vaddrs; ++}; ++ ++static void tlb_pending_func(void *info) ++{ ++ struct tlb_pending_info *t = info; ++ ++ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs); ++} ++ + void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs) + { + u32 ctx = CTX_HWBITS(mm->context); ++ struct tlb_pending_info info; + int cpu = get_cpu(); + ++ info.ctx = ctx; ++ info.nr = nr; ++ info.vaddrs = vaddrs; ++ + if (mm == current->mm && atomic_read(&mm->mm_users) == 1) + cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); + else +- smp_cross_call_masked(&xcall_flush_tlb_pending, +- ctx, nr, (unsigned long) vaddrs, +- mm_cpumask(mm)); ++ smp_call_function_many(mm_cpumask(mm), tlb_pending_func, ++ &info, 1); + + __flush_tlb_pending(ctx, nr, vaddrs); + + put_cpu(); + } + ++void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long context = CTX_HWBITS(mm->context); ++ int cpu = get_cpu(); ++ ++ if (mm == current->mm && atomic_read(&mm->mm_users) == 1) ++ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); ++ else ++ smp_cross_call_masked(&xcall_flush_tlb_page, ++ context, vaddr, 0, ++ mm_cpumask(mm)); ++ __flush_tlb_page(context, vaddr); ++ ++ put_cpu(); ++} ++ + void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end) + { + start &= PAGE_MASK; +diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c +index ba6ae7f..83d89bc 100644 +--- a/arch/sparc/mm/tlb.c ++++ b/arch/sparc/mm/tlb.c +@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch); + void flush_tlb_pending(void) + { + struct tlb_batch *tb = &get_cpu_var(tlb_batch); ++ struct mm_struct *mm = tb->mm; + +- if (tb->tlb_nr) { +- flush_tsb_user(tb); ++ if (!tb->tlb_nr) ++ goto out; + +- if (CTX_VALID(tb->mm->context)) { ++ flush_tsb_user(tb); ++ ++ if (CTX_VALID(mm->context)) { ++ if (tb->tlb_nr == 1) { ++ global_flush_tlb_page(mm, tb->vaddrs[0]); ++ } else { + #ifdef CONFIG_SMP + smp_flush_tlb_pending(tb->mm, tb->tlb_nr, + &tb->vaddrs[0]); +@@ -37,12 +43,30 @@ void flush_tlb_pending(void) + tb->tlb_nr, &tb->vaddrs[0]); + #endif + } +- tb->tlb_nr = 0; + } + ++ tb->tlb_nr = 0; ++ ++out: + put_cpu_var(tlb_batch); + } + ++void arch_enter_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ tb->active = 1; ++} ++ ++void arch_leave_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ if (tb->tlb_nr) ++ flush_tlb_pending(); ++ tb->active = 0; ++} ++ + static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + bool exec) + { +@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + nr = 0; + } + ++ if (!tb->active) { ++ global_flush_tlb_page(mm, vaddr); ++ flush_tsb_user_page(mm, vaddr); ++ goto out; ++ } ++ + if (nr == 0) + tb->mm = mm; + +@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + if (nr >= TLB_BATCH_NR) + flush_tlb_pending(); + ++out: + put_cpu_var(tlb_batch); + } + +diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c +index 428982b..2cc3bce 100644 +--- a/arch/sparc/mm/tsb.c ++++ b/arch/sparc/mm/tsb.c +@@ -7,11 +7,10 @@ + #include <linux/preempt.h> + #include <linux/slab.h> + #include <asm/page.h> +-#include <asm/tlbflush.h> +-#include <asm/tlb.h> +-#include <asm/mmu_context.h> + #include <asm/pgtable.h> ++#include <asm/mmu_context.h> + #include <asm/tsb.h> ++#include <asm/tlb.h> + #include <asm/oplib.h> + + extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES]; +@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end) + } + } + +-static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, +- unsigned long tsb, unsigned long nentries) ++static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v, ++ unsigned long hash_shift, ++ unsigned long nentries) + { +- unsigned long i; ++ unsigned long tag, ent, hash; + +- for (i = 0; i < tb->tlb_nr; i++) { +- unsigned long v = tb->vaddrs[i]; +- unsigned long tag, ent, hash; ++ v &= ~0x1UL; ++ hash = tsb_hash(v, hash_shift, nentries); ++ ent = tsb + (hash * sizeof(struct tsb)); ++ tag = (v >> 22UL); + +- v &= ~0x1UL; ++ tsb_flush(ent, tag); ++} + +- hash = tsb_hash(v, hash_shift, nentries); +- ent = tsb + (hash * sizeof(struct tsb)); +- tag = (v >> 22UL); ++static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, ++ unsigned long tsb, unsigned long nentries) ++{ ++ unsigned long i; + +- tsb_flush(ent, tag); +- } ++ for (i = 0; i < tb->tlb_nr; i++) ++ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries); + } + + void flush_tsb_user(struct tlb_batch *tb) +@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb) + spin_unlock_irqrestore(&mm->context.lock, flags); + } + ++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long nentries, base, flags; ++ ++ spin_lock_irqsave(&mm->context.lock, flags); ++ ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries); ++ ++#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE) ++ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) { ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries); ++ } ++#endif ++ spin_unlock_irqrestore(&mm->context.lock, flags); ++} ++ + #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K + #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K + +diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S +index f8e13d4..29b9608 100644 +--- a/arch/sparc/mm/ultra.S ++++ b/arch/sparc/mm/ultra.S +@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */ + nop + + .align 32 ++ .globl __flush_tlb_page ++__flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, %pstate ++ mov SECONDARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ andn %o1, 1, %o3 ++ be,pn %icc, 1f ++ or %o3, 0x10, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ retl ++ wrpr %g7, 0x0, %pstate ++ nop ++ nop ++ nop ++ nop ++ ++ .align 32 + .globl __flush_tlb_pending + __flush_tlb_pending: /* 26 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ +@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */ + retl + wrpr %g7, 0x0, %pstate + ++__cheetah_flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, 0x0, %pstate ++ wrpr %g0, 1, %tl ++ mov PRIMARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3 ++ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3 ++ or %o0, %o3, %o0 /* Preserve nucleus page size fields */ ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ be,pn %icc, 1f ++ andn %o1, 1, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ wrpr %g0, 0, %tl ++ retl ++ wrpr %g7, 0x0, %pstate ++ + __cheetah_flush_tlb_pending: /* 27 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + rdpr %pstate, %g7 +@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */ + retl + nop + ++__hypervisor_flush_tlb_page: /* 11 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ mov %o0, %g2 ++ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */ ++ mov %g2, %o1 /* ARG1: mmu context */ ++ mov HV_MMU_ALL, %o2 /* ARG2: flags */ ++ srlx %o0, PAGE_SHIFT, %o0 ++ sllx %o0, PAGE_SHIFT, %o0 ++ ta HV_MMU_UNMAP_ADDR_TRAP ++ brnz,pn %o0, __hypervisor_tlb_tl0_error ++ mov HV_MMU_UNMAP_ADDR_TRAP, %o1 ++ retl ++ nop ++ + __hypervisor_flush_tlb_pending: /* 16 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + sllx %o1, 3, %g1 +@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops: + call tlb_patch_one + mov 19, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__cheetah_flush_tlb_page), %o1 ++ or %o1, %lo(__cheetah_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 22, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__cheetah_flush_tlb_pending), %o1 +@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */ + nop + nop + +- .globl xcall_flush_tlb_pending +-xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=context, %g1=nr, %g7=vaddrs[] */ +- sllx %g1, 3, %g1 ++ .globl xcall_flush_tlb_page ++xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=context, %g1=vaddr */ + mov PRIMARY_CONTEXT, %g4 + ldxa [%g4] ASI_DMMU, %g2 + srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4 +@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */ + or %g5, %g4, %g5 + mov PRIMARY_CONTEXT, %g4 + stxa %g5, [%g4] ASI_DMMU +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %g5 +- andcc %g5, 0x1, %g0 ++ andcc %g1, 0x1, %g0 + be,pn %icc, 2f +- +- andn %g5, 0x1, %g5 ++ andn %g1, 0x1, %g5 + stxa %g0, [%g5] ASI_IMMU_DEMAP + 2: stxa %g0, [%g5] ASI_DMMU_DEMAP + membar #Sync +- brnz,pt %g1, 1b +- nop + stxa %g2, [%g4] ASI_DMMU + retry + nop ++ nop + + .globl xcall_flush_tlb_kernel_range + xcall_flush_tlb_kernel_range: /* 25 insns */ +@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */ + membar #Sync + retry + +- .globl __hypervisor_xcall_flush_tlb_pending +-__hypervisor_xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */ +- sllx %g1, 3, %g1 ++ .globl __hypervisor_xcall_flush_tlb_page ++__hypervisor_xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=ctx, %g1=vaddr */ + mov %o0, %g2 + mov %o1, %g3 + mov %o2, %g4 +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */ ++ mov %g1, %o0 /* ARG0: virtual address */ + mov %g5, %o1 /* ARG1: mmu context */ + mov HV_MMU_ALL, %o2 /* ARG2: flags */ + srlx %o0, PAGE_SHIFT, %o0 +@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */ + mov HV_MMU_UNMAP_ADDR_TRAP, %g6 + brnz,a,pn %o0, __hypervisor_tlb_xcall_error + mov %o0, %g5 +- brnz,pt %g1, 1b +- nop + mov %g2, %o0 + mov %g3, %o1 + mov %g4, %o2 +@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 10, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 11, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__hypervisor_flush_tlb_pending), %o1 +@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 21, %o2 + +- sethi %hi(xcall_flush_tlb_pending), %o0 +- or %o0, %lo(xcall_flush_tlb_pending), %o0 +- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1 +- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1 ++ sethi %hi(xcall_flush_tlb_page), %o0 ++ or %o0, %lo(xcall_flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1 + call tlb_patch_one +- mov 21, %o2 ++ mov 17, %o2 + + sethi %hi(xcall_flush_tlb_kernel_range), %o0 + or %o0, %lo(xcall_flush_tlb_kernel_range), %o0 +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index 27cdf1f..045dc53 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1888,6 +1888,7 @@ err_detach: + write_unlock_bh(&bond->lock); + + err_close: ++ slave_dev->priv_flags &= ~IFF_BONDING; + dev_close(slave_dev); + + err_unset_master: +@@ -3379,20 +3380,22 @@ static int bond_xmit_hash_policy_l2(struct sk_buff *skb, int count) + */ + static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count) + { +- struct ethhdr *data = (struct ethhdr *)skb->data; +- struct iphdr *iph; +- struct ipv6hdr *ipv6h; ++ const struct ethhdr *data; ++ const struct iphdr *iph; ++ const struct ipv6hdr *ipv6h; + u32 v6hash; +- __be32 *s, *d; ++ const __be32 *s, *d; + + if (skb->protocol == htons(ETH_P_IP) && +- skb_network_header_len(skb) >= sizeof(*iph)) { ++ pskb_network_may_pull(skb, sizeof(*iph))) { + iph = ip_hdr(skb); ++ data = (struct ethhdr *)skb->data; + return ((ntohl(iph->saddr ^ iph->daddr) & 0xffff) ^ + (data->h_dest[5] ^ data->h_source[5])) % count; + } else if (skb->protocol == htons(ETH_P_IPV6) && +- skb_network_header_len(skb) >= sizeof(*ipv6h)) { ++ pskb_network_may_pull(skb, sizeof(*ipv6h))) { + ipv6h = ipv6_hdr(skb); ++ data = (struct ethhdr *)skb->data; + s = &ipv6h->saddr.s6_addr32[0]; + d = &ipv6h->daddr.s6_addr32[0]; + v6hash = (s[1] ^ d[1]) ^ (s[2] ^ d[2]) ^ (s[3] ^ d[3]); +@@ -3411,33 +3414,36 @@ static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count) + static int bond_xmit_hash_policy_l34(struct sk_buff *skb, int count) + { + u32 layer4_xor = 0; +- struct iphdr *iph; +- struct ipv6hdr *ipv6h; +- __be32 *s, *d; +- __be16 *layer4hdr; ++ const struct iphdr *iph; ++ const struct ipv6hdr *ipv6h; ++ const __be32 *s, *d; ++ const __be16 *l4 = NULL; ++ __be16 _l4[2]; ++ int noff = skb_network_offset(skb); ++ int poff; + + if (skb->protocol == htons(ETH_P_IP) && +- skb_network_header_len(skb) >= sizeof(*iph)) { ++ pskb_may_pull(skb, noff + sizeof(*iph))) { + iph = ip_hdr(skb); +- if (!ip_is_fragment(iph) && +- (iph->protocol == IPPROTO_TCP || +- iph->protocol == IPPROTO_UDP) && +- (skb_headlen(skb) - skb_network_offset(skb) >= +- iph->ihl * sizeof(u32) + sizeof(*layer4hdr) * 2)) { +- layer4hdr = (__be16 *)((u32 *)iph + iph->ihl); +- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1)); ++ poff = proto_ports_offset(iph->protocol); ++ ++ if (!ip_is_fragment(iph) && poff >= 0) { ++ l4 = skb_header_pointer(skb, noff + (iph->ihl << 2) + poff, ++ sizeof(_l4), &_l4); ++ if (l4) ++ layer4_xor = ntohs(l4[0] ^ l4[1]); + } + return (layer4_xor ^ + ((ntohl(iph->saddr ^ iph->daddr)) & 0xffff)) % count; + } else if (skb->protocol == htons(ETH_P_IPV6) && +- skb_network_header_len(skb) >= sizeof(*ipv6h)) { ++ pskb_may_pull(skb, noff + sizeof(*ipv6h))) { + ipv6h = ipv6_hdr(skb); +- if ((ipv6h->nexthdr == IPPROTO_TCP || +- ipv6h->nexthdr == IPPROTO_UDP) && +- (skb_headlen(skb) - skb_network_offset(skb) >= +- sizeof(*ipv6h) + sizeof(*layer4hdr) * 2)) { +- layer4hdr = (__be16 *)(ipv6h + 1); +- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1)); ++ poff = proto_ports_offset(ipv6h->nexthdr); ++ if (poff >= 0) { ++ l4 = skb_header_pointer(skb, noff + sizeof(*ipv6h) + poff, ++ sizeof(_l4), &_l4); ++ if (l4) ++ layer4_xor = ntohs(l4[0] ^ l4[1]); + } + s = &ipv6h->saddr.s6_addr32[0]; + d = &ipv6h->daddr.s6_addr32[0]; +@@ -4919,9 +4925,18 @@ static int __net_init bond_net_init(struct net *net) + static void __net_exit bond_net_exit(struct net *net) + { + struct bond_net *bn = net_generic(net, bond_net_id); ++ struct bonding *bond, *tmp_bond; ++ LIST_HEAD(list); + + bond_destroy_sysfs(bn); + bond_destroy_proc_dir(bn); ++ ++ /* Kill off any bonds created after unregistering bond rtnl ops */ ++ rtnl_lock(); ++ list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list) ++ unregister_netdevice_queue(bond->dev, &list); ++ unregister_netdevice_many(&list); ++ rtnl_unlock(); + } + + static struct pernet_operations bond_net_ops = { +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h +index edfdf6b..b5fd934 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e.h ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h +@@ -186,7 +186,7 @@ struct atl1e_tpd_desc { + /* how about 0x2000 */ + #define MAX_TX_BUF_LEN 0x2000 + #define MAX_TX_BUF_SHIFT 13 +-/*#define MAX_TX_BUF_LEN 0x3000 */ ++#define MAX_TSO_SEG_SIZE 0x3c00 + + /* rrs word 1 bit 0:31 */ + #define RRS_RX_CSUM_MASK 0xFFFF +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +index 35faab7..ca33b28 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +@@ -2332,6 +2332,7 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + + INIT_WORK(&adapter->reset_task, atl1e_reset_task); + INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task); ++ netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE); + err = register_netdev(netdev); + if (err) { + netdev_err(netdev, "register netdevice failed\n"); +diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig +index edfba93..434e33c 100644 +--- a/drivers/net/ethernet/marvell/Kconfig ++++ b/drivers/net/ethernet/marvell/Kconfig +@@ -33,6 +33,7 @@ config MV643XX_ETH + + config MVMDIO + tristate "Marvell MDIO interface support" ++ select PHYLIB + ---help--- + This driver supports the MDIO interface found in the network + interface units of the Marvell EBU SoCs (Kirkwood, Orion5x, +@@ -45,7 +46,6 @@ config MVMDIO + config MVNETA + tristate "Marvell Armada 370/XP network interface support" + depends on MACH_ARMADA_370_XP +- select PHYLIB + select MVMDIO + ---help--- + This driver supports the network interface units in the +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c +index b6025c3..84b312ea 100644 +--- a/drivers/net/ethernet/marvell/mvneta.c ++++ b/drivers/net/ethernet/marvell/mvneta.c +@@ -375,7 +375,6 @@ static int rxq_number = 8; + static int txq_number = 8; + + static int rxq_def; +-static int txq_def; + + #define MVNETA_DRIVER_NAME "mvneta" + #define MVNETA_DRIVER_VERSION "1.0" +@@ -1476,7 +1475,8 @@ error: + static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) + { + struct mvneta_port *pp = netdev_priv(dev); +- struct mvneta_tx_queue *txq = &pp->txqs[txq_def]; ++ u16 txq_id = skb_get_queue_mapping(skb); ++ struct mvneta_tx_queue *txq = &pp->txqs[txq_id]; + struct mvneta_tx_desc *tx_desc; + struct netdev_queue *nq; + int frags = 0; +@@ -1486,7 +1486,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) + goto out; + + frags = skb_shinfo(skb)->nr_frags + 1; +- nq = netdev_get_tx_queue(dev, txq_def); ++ nq = netdev_get_tx_queue(dev, txq_id); + + /* Get a descriptor for the first part of the packet */ + tx_desc = mvneta_txq_next_desc_get(txq); +@@ -2690,7 +2690,7 @@ static int mvneta_probe(struct platform_device *pdev) + return -EINVAL; + } + +- dev = alloc_etherdev_mq(sizeof(struct mvneta_port), 8); ++ dev = alloc_etherdev_mqs(sizeof(struct mvneta_port), txq_number, rxq_number); + if (!dev) + return -ENOMEM; + +@@ -2844,4 +2844,3 @@ module_param(rxq_number, int, S_IRUGO); + module_param(txq_number, int, S_IRUGO); + + module_param(rxq_def, int, S_IRUGO); +-module_param(txq_def, int, S_IRUGO); +diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c +index 16c8429..6bd9167 100644 +--- a/drivers/net/usb/cdc_mbim.c ++++ b/drivers/net/usb/cdc_mbim.c +@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb + goto error; + + if (skb) { +- if (skb->len <= sizeof(ETH_HLEN)) ++ if (skb->len <= ETH_HLEN) + goto error; + + /* mapping VLANs to MBIM sessions: +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index da9fde8..892ecda 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty) + + EXPORT_SYMBOL(start_tty); + ++static void tty_update_time(struct timespec *time) ++{ ++ unsigned long sec = get_seconds(); ++ sec -= sec % 60; ++ if ((long)(sec - time->tv_sec) > 0) ++ time->tv_sec = sec; ++} ++ + /** + * tty_read - read method for tty device files + * @file: pointer to tty file +@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, + else + i = -EIO; + tty_ldisc_deref(ld); ++ + if (i > 0) +- inode->i_atime = current_fs_time(inode->i_sb); ++ tty_update_time(&inode->i_atime); ++ + return i; + } + +@@ -1081,7 +1091,7 @@ static inline ssize_t do_tty_write( + } + if (written) { + struct inode *inode = file->f_path.dentry->d_inode; +- inode->i_mtime = current_fs_time(inode->i_sb); ++ tty_update_time(&inode->i_mtime); + ret = written; + } + out: +diff --git a/fs/aio.c b/fs/aio.c +index 71f613c..ed762ae 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent) + spin_unlock(&info->ring_lock); + + out: +- kunmap_atomic(ring); + dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret, + (unsigned long)ring->head, (unsigned long)ring->tail); ++ kunmap_atomic(ring); + return ret; + } + +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h +index 9ef07d0..0e182f9 100644 +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -208,9 +208,9 @@ struct netdev_hw_addr { + #define NETDEV_HW_ADDR_T_SLAVE 3 + #define NETDEV_HW_ADDR_T_UNICAST 4 + #define NETDEV_HW_ADDR_T_MULTICAST 5 +- bool synced; + bool global_use; + int refcount; ++ int synced; + struct rcu_head rcu_head; + }; + +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index 98399e2..9fe54b6 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -2597,6 +2597,13 @@ static inline void nf_reset(struct sk_buff *skb) + #endif + } + ++static inline void nf_reset_trace(struct sk_buff *skb) ++{ ++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) ++ skb->nf_trace = 0; ++#endif ++} ++ + /* Note: This doesn't put any conntrack and bridge info in dst. */ + static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) + { +diff --git a/include/net/scm.h b/include/net/scm.h +index 975cca0..b117081 100644 +--- a/include/net/scm.h ++++ b/include/net/scm.h +@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm, + scm->pid = get_pid(pid); + scm->cred = cred ? get_cred(cred) : NULL; + scm->creds.pid = pid_vnr(pid); +- scm->creds.uid = cred ? cred->euid : INVALID_UID; +- scm->creds.gid = cred ? cred->egid : INVALID_GID; ++ scm->creds.uid = cred ? cred->uid : INVALID_UID; ++ scm->creds.gid = cred ? cred->gid : INVALID_GID; + } + + static __inline__ void scm_destroy_cred(struct scm_cookie *scm) +diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c +index 4762316..5fc7aa5 100644 +--- a/kernel/trace/trace_selftest.c ++++ b/kernel/trace/trace_selftest.c +@@ -452,7 +452,6 @@ trace_selftest_function_recursion(void) + char *func_name; + int len; + int ret; +- int cnt; + + /* The previous test PASSED */ + pr_cont("PASSED\n"); +@@ -510,19 +509,10 @@ trace_selftest_function_recursion(void) + + unregister_ftrace_function(&test_recsafe_probe); + +- /* +- * If arch supports all ftrace features, and no other task +- * was on the list, we should be fine. +- */ +- if (!ftrace_nr_registered_ops() && !FTRACE_FORCE_LIST_FUNC) +- cnt = 2; /* Should have recursed */ +- else +- cnt = 1; +- + ret = -1; +- if (trace_selftest_recursion_cnt != cnt) { +- pr_cont("*callback not called expected %d times (%d)* ", +- cnt, trace_selftest_recursion_cnt); ++ if (trace_selftest_recursion_cnt != 2) { ++ pr_cont("*callback not called expected 2 times (%d)* ", ++ trace_selftest_recursion_cnt); + goto out; + } + +diff --git a/net/atm/common.c b/net/atm/common.c +index 806fc0a..cf4b7e6 100644 +--- a/net/atm/common.c ++++ b/net/atm/common.c +@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, + struct sk_buff *skb; + int copied, error = -EINVAL; + ++ msg->msg_namelen = 0; ++ + if (sock->state != SS_CONNECTED) + return -ENOTCONN; + +diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c +index 779095d..d53a123 100644 +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, + ax25_address src; + const unsigned char *mac = skb_mac_header(skb); + ++ memset(sax, 0, sizeof(struct full_sockaddr_ax25)); + ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, + &digi, NULL, NULL); + sax->sax25_family = AF_AX25; +diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c +index 5355df6..b04795e 100644 +--- a/net/bluetooth/af_bluetooth.c ++++ b/net/bluetooth/af_bluetooth.c +@@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + if (flags & (MSG_OOB)) + return -EOPNOTSUPP; + ++ msg->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags, noblock, &err); + if (!skb) { + if (sk->sk_shutdown & RCV_SHUTDOWN) +@@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + return err; + } + +- msg->msg_namelen = 0; +- + copied = skb->len; + if (len < copied) { + msg->msg_flags |= MSG_TRUNC; +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c +index ce3f665..970fc13 100644 +--- a/net/bluetooth/rfcomm/sock.c ++++ b/net/bluetooth/rfcomm/sock.c +@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + + if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { + rfcomm_dlc_accept(d); ++ msg->msg_namelen = 0; + return 0; + } + +diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c +index aaf1957..cc16d1b 100644 +--- a/net/bluetooth/sco.c ++++ b/net/bluetooth/sco.c +@@ -667,6 +667,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { + hci_conn_accept(pi->conn->hcon, 0); + sk->sk_state = BT_CONFIG; ++ msg->msg_namelen = 0; + + release_sock(sk); + return 0; +diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c +index 095259f..ff2ff3c 100644 +--- a/net/caif/caif_socket.c ++++ b/net/caif/caif_socket.c +@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, + if (m->msg_flags&MSG_OOB) + goto read_error; + ++ m->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags, 0 , &ret); + if (!skb) + goto read_error; +diff --git a/net/core/dev.c b/net/core/dev.c +index 5d9c43d..d592214 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) + skb->mark = 0; + secpath_reset(skb); + nf_reset(skb); ++ nf_reset_trace(skb); + return netif_rx(skb); + } + EXPORT_SYMBOL_GPL(dev_forward_skb); +@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb) + struct net_device *dev = skb->dev; + const char *driver = ""; + ++ if (!net_ratelimit()) ++ return; ++ + if (dev && dev->dev.parent) + driver = dev_driver_string(dev->dev.parent); + +diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c +index b079c7b..7841d87 100644 +--- a/net/core/dev_addr_lists.c ++++ b/net/core/dev_addr_lists.c +@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list, + ha->type = addr_type; + ha->refcount = 1; + ha->global_use = global; +- ha->synced = false; ++ ha->synced = 0; + list_add_tail_rcu(&ha->list, &list->list); + list->count++; + +@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list, + addr_len, ha->type); + if (err) + break; +- ha->synced = true; ++ ha->synced++; + ha->refcount++; + } else if (ha->refcount == 1) { + __hw_addr_del(to_list, ha->addr, addr_len, ha->type); +@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list, + if (ha->synced) { + __hw_addr_del(to_list, ha->addr, + addr_len, ha->type); +- ha->synced = false; ++ ha->synced--; + __hw_addr_del(from_list, ha->addr, + addr_len, ha->type); + } +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c +index 6212ec9..055fb13 100644 +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) + rcu_read_lock(); + cb->seq = net->dev_base_seq; + +- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + + if (tb[IFLA_EXT_MASK]) +@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) + u32 ext_filter_mask = 0; + u16 min_ifinfo_dump_size = 0; + +- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + if (tb[IFLA_EXT_MASK]) + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 3b4f0cd..4cfe34d 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + + /* skb is pure payload to encrypt */ + +- err = -ENOMEM; +- + esp = x->data; + aead = esp->aead; + alen = crypto_aead_authsize(aead); +@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + } + + tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); +- if (!tmp) ++ if (!tmp) { ++ err = -ENOMEM; + goto error; ++ } + + seqhi = esp_tmp_seqhi(tmp); + iv = esp_tmp_iv(aead, tmp, seqhilen); +diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c +index a8fc332..0fcfee3 100644 +--- a/net/ipv4/ip_fragment.c ++++ b/net/ipv4/ip_fragment.c +@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg) + if (!head->dev) + goto out_rcu_unlock; + +- /* skb dst is stale, drop it, and perform route lookup again */ +- skb_dst_drop(head); ++ /* skb has no dst, perform route lookup again */ + iph = ip_hdr(head); + err = ip_route_input_noref(head, iph->daddr, iph->saddr, + iph->tos, head->dev); +@@ -525,8 +524,16 @@ found: + qp->q.max_size = skb->len + ihl; + + if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && +- qp->q.meat == qp->q.len) +- return ip_frag_reasm(qp, prev, dev); ++ qp->q.meat == qp->q.len) { ++ unsigned long orefdst = skb->_skb_refdst; ++ ++ skb->_skb_refdst = 0UL; ++ err = ip_frag_reasm(qp, prev, dev); ++ skb->_skb_refdst = orefdst; ++ return err; ++ } ++ ++ skb_dst_drop(skb); + + write_lock(&ip4_frags.lock); + list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index b236ef0..f962f19 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + * hasn't changed since we received the original syn, but I see + * no easy way to do this. + */ +- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), +- RT_SCOPE_UNIVERSE, IPPROTO_TCP, ++ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, ++ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, + inet_sk_flowi_flags(sk), + (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, + ireq->loc_addr, th->source, th->dest); +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index 9841a71..b4e8b79 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2; + #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ + #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ + #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ ++#define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */ + + #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) + #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) +@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk) + } + } + ++static void tcp_store_ts_recent(struct tcp_sock *tp) ++{ ++ tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; ++ tp->rx_opt.ts_recent_stamp = get_seconds(); ++} ++ ++static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) ++{ ++ if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { ++ /* PAWS bug workaround wrt. ACK frames, the PAWS discard ++ * extra check below makes sure this can only happen ++ * for pure ACK frames. -DaveM ++ * ++ * Not only, also it occurs for expired timestamps. ++ */ ++ ++ if (tcp_paws_check(&tp->rx_opt, 0)) ++ tcp_store_ts_recent(tp); ++ } ++} ++ + /* This routine deals with incoming acks, but not outgoing ones. */ + static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) + { +@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) + prior_fackets = tp->fackets_out; + prior_in_flight = tcp_packets_in_flight(tp); + ++ /* ts_recent update must be made after we are sure that the packet ++ * is in window. ++ */ ++ if (flag & FLAG_UPDATE_TS_RECENT) ++ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); ++ + if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { + /* Window is constant, pure forward advance. + * No more checks are required. +@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th) + EXPORT_SYMBOL(tcp_parse_md5sig_option); + #endif + +-static inline void tcp_store_ts_recent(struct tcp_sock *tp) +-{ +- tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; +- tp->rx_opt.ts_recent_stamp = get_seconds(); +-} +- +-static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) +-{ +- if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { +- /* PAWS bug workaround wrt. ACK frames, the PAWS discard +- * extra check below makes sure this can only happen +- * for pure ACK frames. -DaveM +- * +- * Not only, also it occurs for expired timestamps. +- */ +- +- if (tcp_paws_check(&tp->rx_opt, 0)) +- tcp_store_ts_recent(tp); +- } +-} +- + /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM + * + * It is not fatal. If this ACK does _not_ change critical state (seqs, window) +@@ -5556,14 +5563,9 @@ slow_path: + return 0; + + step5: +- if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) ++ if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) + goto discard; + +- /* ts_recent update must be made after we are sure that the packet +- * is in window. +- */ +- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); +- + tcp_rcv_rtt_measure_ts(sk, skb); + + /* Process urgent data. */ +@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + + /* step 5: check the ACK field */ + if (true) { +- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; ++ int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | ++ FLAG_UPDATE_TS_RECENT) > 0; + + switch (sk->sk_state) { + case TCP_SYN_RECV: +@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + } + } + +- /* ts_recent update must be made after we are sure that the packet +- * is in window. +- */ +- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); +- + /* step 6: check the URG bit */ + tcp_urg(sk, skb, th); + +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index 17d659e..a9f50ee 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) + */ + TCP_SKB_CB(skb)->when = tcp_time_stamp; + +- /* make sure skb->data is aligned on arches that require it */ +- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { ++ /* make sure skb->data is aligned on arches that require it ++ * and check if ack-trimming & collapsing extended the headroom ++ * beyond what csum_start can cover. ++ */ ++ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || ++ skb_headroom(skb) >= 0xFFFF)) { + struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, + GFP_ATOMIC); + return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c +index a36d17e..e8676c2 100644 +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev) + static void init_loopback(struct net_device *dev) + { + struct inet6_dev *idev; ++ struct net_device *sp_dev; ++ struct inet6_ifaddr *sp_ifa; ++ struct rt6_info *sp_rt; + + /* ::1 */ + +@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev) + } + + add_addr(idev, &in6addr_loopback, 128, IFA_HOST); ++ ++ /* Add routes to other interface's IPv6 addresses */ ++ for_each_netdev(dev_net(dev), sp_dev) { ++ if (!strcmp(sp_dev->name, dev->name)) ++ continue; ++ ++ idev = __in6_dev_get(sp_dev); ++ if (!idev) ++ continue; ++ ++ read_lock_bh(&idev->lock); ++ list_for_each_entry(sp_ifa, &idev->addr_list, if_list) { ++ ++ if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE)) ++ continue; ++ ++ sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); ++ ++ /* Failure cases are ignored */ ++ if (!IS_ERR(sp_rt)) ++ ip6_ins_rt(sp_rt); ++ } ++ read_unlock_bh(&idev->lock); ++ } + } + + static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) +diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c +index d9ba8a2..7a610a6 100644 +--- a/net/ipv6/reassembly.c ++++ b/net/ipv6/reassembly.c +@@ -342,8 +342,17 @@ found: + } + + if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && +- fq->q.meat == fq->q.len) +- return ip6_frag_reasm(fq, prev, dev); ++ fq->q.meat == fq->q.len) { ++ int res; ++ unsigned long orefdst = skb->_skb_refdst; ++ ++ skb->_skb_refdst = 0UL; ++ res = ip6_frag_reasm(fq, prev, dev); ++ skb->_skb_refdst = orefdst; ++ return res; ++ } ++ ++ skb_dst_drop(skb); + + write_lock(&ip6_frags.lock); + list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); +diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c +index 8d19346..89dfedd 100644 +--- a/net/ipv6/tcp_ipv6.c ++++ b/net/ipv6/tcp_ipv6.c +@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + + if (dst) + dst->ops->redirect(dst, sk, skb); ++ goto out; + } + + if (type == ICMPV6_PKT_TOOBIG) { +diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c +index 4d04105..3c9bd59 100644 +--- a/net/irda/af_irda.c ++++ b/net/irda/af_irda.c +@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, + + IRDA_DEBUG(4, "%s()\n", __func__); + ++ msg->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, + flags & MSG_DONTWAIT, &err); + if (!skb) +diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c +index cd6f7a9..625bc50 100644 +--- a/net/iucv/af_iucv.c ++++ b/net/iucv/af_iucv.c +@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + struct sk_buff *skb, *rskb, *cskb; + int err = 0; + ++ msg->msg_namelen = 0; ++ + if ((sk->sk_state == IUCV_DISCONN) && + skb_queue_empty(&iucv->backlog_skb_q) && + skb_queue_empty(&sk->sk_receive_queue) && +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c +index 8ee4a86..9e1822e 100644 +--- a/net/l2tp/l2tp_ip6.c ++++ b/net/l2tp/l2tp_ip6.c +@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk, + lsa->l2tp_addr = ipv6_hdr(skb)->saddr; + lsa->l2tp_flowinfo = 0; + lsa->l2tp_scope_id = 0; ++ lsa->l2tp_conn_id = 0; + if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) + lsa->l2tp_scope_id = IP6CB(skb)->iif; + } +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c +index 8870988..48aaa89 100644 +--- a/net/llc/af_llc.c ++++ b/net/llc/af_llc.c +@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, + int target; /* Read at least this many bytes */ + long timeo; + ++ msg->msg_namelen = 0; ++ + lock_sock(sk); + copied = -ENOTCONN; + if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) +diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c +index 7261eb8..14c106b 100644 +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, + } + + if (sax != NULL) { ++ memset(sax, 0, sizeof(sax)); + sax->sax25_family = AF_NETROM; + skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, + AX25_ADDR_LEN); +diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c +index fea22eb..48fb1de 100644 +--- a/net/nfc/llcp/sock.c ++++ b/net/nfc/llcp/sock.c +@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + + pr_debug("%p %zu\n", sk, len); + ++ msg->msg_namelen = 0; ++ + lock_sock(sk); + + if (sk->sk_state == LLCP_CLOSED && +@@ -684,6 +686,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + + pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap); + ++ memset(&sockaddr, 0, sizeof(sockaddr)); + sockaddr.sa_family = AF_NFC; + sockaddr.nfc_protocol = NFC_PROTO_NFC_DEP; + sockaddr.dsap = ui_cb->dsap; +diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c +index c4719ce..7f645d1 100644 +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, + skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); + + if (srose != NULL) { ++ memset(srose, 0, msg->msg_namelen); + srose->srose_family = AF_ROSE; + srose->srose_addr = rose->dest_addr; + srose->srose_call = rose->dest_call; +diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c +index 0e19948..ced81a1 100644 +--- a/net/sched/sch_cbq.c ++++ b/net/sched/sch_cbq.c +@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch) + cbq_update(q); + if ((incr -= incr2) < 0) + incr = 0; ++ q->now += incr; ++ } else { ++ if (now > q->now) ++ q->now = now; + } +- q->now += incr; + q->now_rt = now; + + for (;;) { +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index 9b4e483..fc906d9 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg) + if (addr) { + addr->family = AF_TIPC; + addr->addrtype = TIPC_ADDR_ID; ++ memset(&addr->addr, 0, sizeof(addr->addr)); + addr->addr.id.ref = msg_origport(msg); + addr->addr.id.node = msg_orignode(msg); + addr->addr.name.domain = 0; /* could leave uninitialized */ +@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock, + goto exit; + } + ++ /* will be updated in set_orig_addr() if needed */ ++ m->msg_namelen = 0; ++ + timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + restart: + +@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, + goto exit; + } + ++ /* will be updated in set_orig_addr() if needed */ ++ m->msg_namelen = 0; ++ + target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); + timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index b45eb65..f347754 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1995,7 +1995,7 @@ again: + if ((UNIXCB(skb).pid != siocb->scm->pid) || + (UNIXCB(skb).cred != siocb->scm->cred)) + break; +- } else { ++ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { + /* Copy credentials */ + scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); + check_creds = 1; diff --git a/3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch b/3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch index d87332f..3b5ee11 100644 --- a/3.8.10/4420_grsecurity-2.9.1-3.8.10-201304262208.patch +++ b/3.8.11/4420_grsecurity-2.9.1-3.8.11-201305011917.patch @@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index e2b10b9..f916aa5 100644 +index 7e4eee5..271e75e 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1559,33 +1559,6 @@ index 7eb18c1..e38b6d2 100644 #include <asm-generic/cmpxchg-local.h> -diff --git a/arch/arm/include/asm/delay.h b/arch/arm/include/asm/delay.h -index 720799f..2f67631 100644 ---- a/arch/arm/include/asm/delay.h -+++ b/arch/arm/include/asm/delay.h -@@ -25,9 +25,9 @@ extern struct arm_delay_ops { - void (*const_udelay)(unsigned long); - void (*udelay)(unsigned long); - bool const_clock; --} arm_delay_ops; -+} *arm_delay_ops; - --#define __delay(n) arm_delay_ops.delay(n) -+#define __delay(n) arm_delay_ops->delay(n) - - /* - * This function intentionally does not exist; if you see references to -@@ -48,8 +48,8 @@ extern void __bad_udelay(void); - * first constant multiplications gets optimized away if the delay is - * a constant) - */ --#define __udelay(n) arm_delay_ops.udelay(n) --#define __const_udelay(n) arm_delay_ops.const_udelay(n) -+#define __udelay(n) arm_delay_ops->udelay(n) -+#define __const_udelay(n) arm_delay_ops->const_udelay(n) - - #define udelay(n) \ - (__builtin_constant_p(n) ? \ diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h index 6ddbe44..b5e38b1 100644 --- a/arch/arm/include/asm/domain.h @@ -3478,52 +3451,18 @@ index 7d08b43..f7ca7ea 100644 #include "csumpartialcopygeneric.S" diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c -index 6b93f6a..1aa92d0 100644 +index 6b93f6a..4aa5e85 100644 --- a/arch/arm/lib/delay.c +++ b/arch/arm/lib/delay.c -@@ -28,12 +28,15 @@ +@@ -28,7 +28,7 @@ /* * Default to the loop-based delay implementation. */ -struct arm_delay_ops arm_delay_ops = { -+static struct arm_delay_ops arm_loop_delay_ops = { ++struct arm_delay_ops arm_delay_ops __read_only = { .delay = __loop_delay, .const_udelay = __loop_const_udelay, .udelay = __loop_udelay, -+ .const_clock = false, - }; - -+struct arm_delay_ops *arm_delay_ops __read_only = &arm_loop_delay_ops; -+ - static const struct delay_timer *delay_timer; - static bool delay_calibrated; - -@@ -67,6 +70,13 @@ static void __timer_udelay(unsigned long usecs) - __timer_const_udelay(usecs * UDELAY_MULT); - } - -+static struct arm_delay_ops arm_timer_delay_ops = { -+ .delay = __timer_delay, -+ .const_udelay = __timer_const_udelay, -+ .udelay = __timer_udelay, -+ .const_clock = true, -+}; -+ - void __init register_current_timer_delay(const struct delay_timer *timer) - { - if (!delay_calibrated) { -@@ -74,10 +84,7 @@ void __init register_current_timer_delay(const struct delay_timer *timer) - delay_timer = timer; - lpj_fine = timer->freq / HZ; - loops_per_jiffy = lpj_fine; -- arm_delay_ops.delay = __timer_delay; -- arm_delay_ops.const_udelay = __timer_const_udelay; -- arm_delay_ops.udelay = __timer_udelay; -- arm_delay_ops.const_clock = true; -+ arm_delay_ops = &arm_timer_delay_ops; - delay_calibrated = true; - } else { - pr_info("Ignoring duplicate/late registration of read_current_timer delay\n"); diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c index 025f742..8432b08 100644 --- a/arch/arm/lib/uaccess_with_memcpy.c @@ -8356,18 +8295,6 @@ index 6fc1348..390c50a 100644 #define __S100 PAGE_READONLY #define __S101 PAGE_READONLY #define __S110 PAGE_SHARED -diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h -index 08fcce9..7619f2f 100644 ---- a/arch/sparc/include/asm/pgtable_64.h -+++ b/arch/sparc/include/asm/pgtable_64.h -@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma, - return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); - } - -+#include <asm/tlbflush.h> - #include <asm-generic/pgtable.h> - - /* We provide our own get_unmapped_area to cope with VA holes and diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h index 79da178..c2eede8 100644 --- a/arch/sparc/include/asm/pgtsrmmu.h @@ -8485,20 +8412,6 @@ index 9689176..63c18ea 100644 { unsigned long mask, tmp1, tmp2, result; -diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h -index cad36f5..c7de332 100644 ---- a/arch/sparc/include/asm/switch_to_64.h -+++ b/arch/sparc/include/asm/switch_to_64.h -@@ -18,8 +18,7 @@ do { \ - * and 2 stores in this critical code path. -DaveM - */ - #define switch_to(prev, next, last) \ --do { flush_tlb_pending(); \ -- save_and_clear_fpu(); \ -+do { save_and_clear_fpu(); \ - /* If you are tempted to conditionalize the following */ \ - /* so that ASI is only written if it changes, think again. */ \ - __asm__ __volatile__("wr %%g0, %0, %%asi" \ diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h index 25849ae..924c54b 100644 --- a/arch/sparc/include/asm/thread_info_32.h @@ -8557,82 +8470,6 @@ index 269bd92..e46a9b8 100644 /* * Thread-synchronous status. * -diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h -index 2ef4634..f0d6a97 100644 ---- a/arch/sparc/include/asm/tlbflush_64.h -+++ b/arch/sparc/include/asm/tlbflush_64.h -@@ -11,24 +11,40 @@ - struct tlb_batch { - struct mm_struct *mm; - unsigned long tlb_nr; -+ unsigned long active; - unsigned long vaddrs[TLB_BATCH_NR]; - }; - - extern void flush_tsb_kernel_range(unsigned long start, unsigned long end); - extern void flush_tsb_user(struct tlb_batch *tb); -+extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr); - - /* TLB flush operations. */ - -+static inline void flush_tlb_mm(struct mm_struct *mm) -+{ -+} -+ -+static inline void flush_tlb_page(struct vm_area_struct *vma, -+ unsigned long vmaddr) -+{ -+} -+ -+static inline void flush_tlb_range(struct vm_area_struct *vma, -+ unsigned long start, unsigned long end) -+{ -+} -+ -+#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE -+ - extern void flush_tlb_pending(void); -- --#define flush_tlb_range(vma,start,end) \ -- do { (void)(start); flush_tlb_pending(); } while (0) --#define flush_tlb_page(vma,addr) flush_tlb_pending() --#define flush_tlb_mm(mm) flush_tlb_pending() -+extern void arch_enter_lazy_mmu_mode(void); -+extern void arch_leave_lazy_mmu_mode(void); -+#define arch_flush_lazy_mmu_mode() do {} while (0) - - /* Local cpu only. */ - extern void __flush_tlb_all(void); -- -+extern void __flush_tlb_page(unsigned long context, unsigned long vaddr); - extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end); - - #ifndef CONFIG_SMP -@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \ - __flush_tlb_kernel_range(start,end); \ - } while (0) - -+static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr); -+} -+ - #else /* CONFIG_SMP */ - - extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end); -+extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr); - - #define flush_tlb_kernel_range(start, end) \ - do { flush_tsb_kernel_range(start,end); \ - smp_flush_tlb_kernel_range(start, end); \ - } while (0) - -+#define global_flush_tlb_page(mm, vaddr) \ -+ smp_flush_tlb_page(mm, vaddr) -+ - #endif /* ! CONFIG_SMP */ - - #endif /* _SPARC64_TLBFLUSH_H */ diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h index 0167d26..767bb0c 100644 --- a/arch/sparc/include/asm/uaccess.h @@ -8879,79 +8716,6 @@ index 7ff45e4..a58f271 100644 audit_syscall_exit(regs); if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) -diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c -index 537eb66..ca64d2a 100644 ---- a/arch/sparc/kernel/smp_64.c -+++ b/arch/sparc/kernel/smp_64.c -@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm) - } - - extern unsigned long xcall_flush_tlb_mm; --extern unsigned long xcall_flush_tlb_pending; -+extern unsigned long xcall_flush_tlb_page; - extern unsigned long xcall_flush_tlb_kernel_range; - extern unsigned long xcall_fetch_glob_regs; - extern unsigned long xcall_fetch_glob_pmu; -@@ -1074,23 +1074,56 @@ local_flush_and_out: - put_cpu(); - } - -+struct tlb_pending_info { -+ unsigned long ctx; -+ unsigned long nr; -+ unsigned long *vaddrs; -+}; -+ -+static void tlb_pending_func(void *info) -+{ -+ struct tlb_pending_info *t = info; -+ -+ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs); -+} -+ - void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs) - { - u32 ctx = CTX_HWBITS(mm->context); -+ struct tlb_pending_info info; - int cpu = get_cpu(); - -+ info.ctx = ctx; -+ info.nr = nr; -+ info.vaddrs = vaddrs; -+ - if (mm == current->mm && atomic_read(&mm->mm_users) == 1) - cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); - else -- smp_cross_call_masked(&xcall_flush_tlb_pending, -- ctx, nr, (unsigned long) vaddrs, -- mm_cpumask(mm)); -+ smp_call_function_many(mm_cpumask(mm), tlb_pending_func, -+ &info, 1); - - __flush_tlb_pending(ctx, nr, vaddrs); - - put_cpu(); - } - -+void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ unsigned long context = CTX_HWBITS(mm->context); -+ int cpu = get_cpu(); -+ -+ if (mm == current->mm && atomic_read(&mm->mm_users) == 1) -+ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); -+ else -+ smp_cross_call_masked(&xcall_flush_tlb_page, -+ context, vaddr, 0, -+ mm_cpumask(mm)); -+ __flush_tlb_page(context, vaddr); -+ -+ put_cpu(); -+} -+ - void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end) - { - start &= PAGE_MASK; diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c index 2da0bdc..79128d2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c @@ -10627,377 +10391,6 @@ index d2b5944..bd813f2 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) -diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c -index ba6ae7f..83d89bc 100644 ---- a/arch/sparc/mm/tlb.c -+++ b/arch/sparc/mm/tlb.c -@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch); - void flush_tlb_pending(void) - { - struct tlb_batch *tb = &get_cpu_var(tlb_batch); -+ struct mm_struct *mm = tb->mm; - -- if (tb->tlb_nr) { -- flush_tsb_user(tb); -+ if (!tb->tlb_nr) -+ goto out; - -- if (CTX_VALID(tb->mm->context)) { -+ flush_tsb_user(tb); -+ -+ if (CTX_VALID(mm->context)) { -+ if (tb->tlb_nr == 1) { -+ global_flush_tlb_page(mm, tb->vaddrs[0]); -+ } else { - #ifdef CONFIG_SMP - smp_flush_tlb_pending(tb->mm, tb->tlb_nr, - &tb->vaddrs[0]); -@@ -37,12 +43,30 @@ void flush_tlb_pending(void) - tb->tlb_nr, &tb->vaddrs[0]); - #endif - } -- tb->tlb_nr = 0; - } - -+ tb->tlb_nr = 0; -+ -+out: - put_cpu_var(tlb_batch); - } - -+void arch_enter_lazy_mmu_mode(void) -+{ -+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); -+ -+ tb->active = 1; -+} -+ -+void arch_leave_lazy_mmu_mode(void) -+{ -+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); -+ -+ if (tb->tlb_nr) -+ flush_tlb_pending(); -+ tb->active = 0; -+} -+ - static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - bool exec) - { -@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - nr = 0; - } - -+ if (!tb->active) { -+ global_flush_tlb_page(mm, vaddr); -+ flush_tsb_user_page(mm, vaddr); -+ goto out; -+ } -+ - if (nr == 0) - tb->mm = mm; - -@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - if (nr >= TLB_BATCH_NR) - flush_tlb_pending(); - -+out: - put_cpu_var(tlb_batch); - } - -diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c -index 428982b..2cc3bce 100644 ---- a/arch/sparc/mm/tsb.c -+++ b/arch/sparc/mm/tsb.c -@@ -7,11 +7,10 @@ - #include <linux/preempt.h> - #include <linux/slab.h> - #include <asm/page.h> --#include <asm/tlbflush.h> --#include <asm/tlb.h> --#include <asm/mmu_context.h> - #include <asm/pgtable.h> -+#include <asm/mmu_context.h> - #include <asm/tsb.h> -+#include <asm/tlb.h> - #include <asm/oplib.h> - - extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES]; -@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end) - } - } - -+static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v, -+ unsigned long hash_shift, -+ unsigned long nentries) -+{ -+ unsigned long tag, ent, hash; -+ -+ v &= ~0x1UL; -+ hash = tsb_hash(v, hash_shift, nentries); -+ ent = tsb + (hash * sizeof(struct tsb)); -+ tag = (v >> 22UL); -+ -+ tsb_flush(ent, tag); -+} -+ - static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, - unsigned long tsb, unsigned long nentries) - { - unsigned long i; - -- for (i = 0; i < tb->tlb_nr; i++) { -- unsigned long v = tb->vaddrs[i]; -- unsigned long tag, ent, hash; -- -- v &= ~0x1UL; -- -- hash = tsb_hash(v, hash_shift, nentries); -- ent = tsb + (hash * sizeof(struct tsb)); -- tag = (v >> 22UL); -- -- tsb_flush(ent, tag); -- } -+ for (i = 0; i < tb->tlb_nr; i++) -+ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries); - } - - void flush_tsb_user(struct tlb_batch *tb) -@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb) - spin_unlock_irqrestore(&mm->context.lock, flags); - } - -+void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ unsigned long nentries, base, flags; -+ -+ spin_lock_irqsave(&mm->context.lock, flags); -+ -+ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; -+ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; -+ if (tlb_type == cheetah_plus || tlb_type == hypervisor) -+ base = __pa(base); -+ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries); -+ -+#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE) -+ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) { -+ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb; -+ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries; -+ if (tlb_type == cheetah_plus || tlb_type == hypervisor) -+ base = __pa(base); -+ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries); -+ } -+#endif -+ spin_unlock_irqrestore(&mm->context.lock, flags); -+} -+ - #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K - #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K - -diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S -index f8e13d4..432aa0c 100644 ---- a/arch/sparc/mm/ultra.S -+++ b/arch/sparc/mm/ultra.S -@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */ - nop - - .align 32 -+ .globl __flush_tlb_page -+__flush_tlb_page: /* 22 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ rdpr %pstate, %g7 -+ andn %g7, PSTATE_IE, %g2 -+ wrpr %g2, %pstate -+ mov SECONDARY_CONTEXT, %o4 -+ ldxa [%o4] ASI_DMMU, %g2 -+ stxa %o0, [%o4] ASI_DMMU -+ andcc %o1, 1, %g0 -+ andn %o1, 1, %o3 -+ be,pn %icc, 1f -+ or %o3, 0x10, %o3 -+ stxa %g0, [%o3] ASI_IMMU_DEMAP -+1: stxa %g0, [%o3] ASI_DMMU_DEMAP -+ membar #Sync -+ stxa %g2, [%o4] ASI_DMMU -+ sethi %hi(KERNBASE), %o4 -+ flush %o4 -+ retl -+ wrpr %g7, 0x0, %pstate -+ nop -+ nop -+ nop -+ nop -+ -+ .align 32 - .globl __flush_tlb_pending - __flush_tlb_pending: /* 26 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ -@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */ - retl - wrpr %g7, 0x0, %pstate - -+__cheetah_flush_tlb_page: /* 22 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ rdpr %pstate, %g7 -+ andn %g7, PSTATE_IE, %g2 -+ wrpr %g2, 0x0, %pstate -+ wrpr %g0, 1, %tl -+ mov PRIMARY_CONTEXT, %o4 -+ ldxa [%o4] ASI_DMMU, %g2 -+ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3 -+ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3 -+ or %o0, %o3, %o0 /* Preserve nucleus page size fields */ -+ stxa %o0, [%o4] ASI_DMMU -+ andcc %o1, 1, %g0 -+ be,pn %icc, 1f -+ andn %o1, 1, %o3 -+ stxa %g0, [%o3] ASI_IMMU_DEMAP -+1: stxa %g0, [%o3] ASI_DMMU_DEMAP -+ membar #Sync -+ stxa %g2, [%o4] ASI_DMMU -+ sethi %hi(KERNBASE), %o4 -+ flush %o4 -+ wrpr %g0, 0, %tl -+ retl -+ wrpr %g7, 0x0, %pstate -+ - __cheetah_flush_tlb_pending: /* 27 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ - rdpr %pstate, %g7 -@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */ - retl - nop - -+__hypervisor_flush_tlb_page: /* 11 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ mov %o0, %g2 -+ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */ -+ mov %g2, %o1 /* ARG1: mmu context */ -+ mov HV_MMU_ALL, %o2 /* ARG2: flags */ -+ srlx %o0, PAGE_SHIFT, %o0 -+ sllx %o0, PAGE_SHIFT, %o0 -+ ta HV_MMU_UNMAP_ADDR_TRAP -+ brnz,pn %o0, __hypervisor_tlb_tl0_error -+ mov HV_MMU_UNMAP_ADDR_TRAP, %o1 -+ retl -+ nop -+ - __hypervisor_flush_tlb_pending: /* 16 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ - sllx %o1, 3, %g1 -@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops: - call tlb_patch_one - mov 19, %o2 - -+ sethi %hi(__flush_tlb_page), %o0 -+ or %o0, %lo(__flush_tlb_page), %o0 -+ sethi %hi(__cheetah_flush_tlb_page), %o1 -+ or %o1, %lo(__cheetah_flush_tlb_page), %o1 -+ call tlb_patch_one -+ mov 22, %o2 -+ - sethi %hi(__flush_tlb_pending), %o0 - or %o0, %lo(__flush_tlb_pending), %o0 - sethi %hi(__cheetah_flush_tlb_pending), %o1 -@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */ - nop - nop - -- .globl xcall_flush_tlb_pending --xcall_flush_tlb_pending: /* 21 insns */ -- /* %g5=context, %g1=nr, %g7=vaddrs[] */ -- sllx %g1, 3, %g1 -+ .globl xcall_flush_tlb_page -+xcall_flush_tlb_page: /* 17 insns */ -+ /* %g5=context, %g1=vaddr */ - mov PRIMARY_CONTEXT, %g4 - ldxa [%g4] ASI_DMMU, %g2 - srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4 -@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */ - or %g5, %g4, %g5 - mov PRIMARY_CONTEXT, %g4 - stxa %g5, [%g4] ASI_DMMU --1: sub %g1, (1 << 3), %g1 -- ldx [%g7 + %g1], %g5 -- andcc %g5, 0x1, %g0 -+ andcc %g1, 0x1, %g0 - be,pn %icc, 2f -- -- andn %g5, 0x1, %g5 -+ andn %g1, 0x1, %g5 - stxa %g0, [%g5] ASI_IMMU_DEMAP - 2: stxa %g0, [%g5] ASI_DMMU_DEMAP - membar #Sync -- brnz,pt %g1, 1b -- nop - stxa %g2, [%g4] ASI_DMMU - retry - nop -+ nop - - .globl xcall_flush_tlb_kernel_range - xcall_flush_tlb_kernel_range: /* 25 insns */ -@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */ - membar #Sync - retry - -- .globl __hypervisor_xcall_flush_tlb_pending --__hypervisor_xcall_flush_tlb_pending: /* 21 insns */ -- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */ -- sllx %g1, 3, %g1 -+ .globl __hypervisor_xcall_flush_tlb_page -+__hypervisor_xcall_flush_tlb_page: /* 17 insns */ -+ /* %g5=ctx, %g1=vaddr */ - mov %o0, %g2 - mov %o1, %g3 - mov %o2, %g4 --1: sub %g1, (1 << 3), %g1 -- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */ -+ mov %g1, %o0 /* ARG0: virtual address */ - mov %g5, %o1 /* ARG1: mmu context */ - mov HV_MMU_ALL, %o2 /* ARG2: flags */ - srlx %o0, PAGE_SHIFT, %o0 -@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */ - mov HV_MMU_UNMAP_ADDR_TRAP, %g6 - brnz,a,pn %o0, __hypervisor_tlb_xcall_error - mov %o0, %g5 -- brnz,pt %g1, 1b -- nop - mov %g2, %o0 - mov %g3, %o1 - mov %g4, %o2 -@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops: - call tlb_patch_one - mov 10, %o2 - -+ sethi %hi(__flush_tlb_page), %o0 -+ or %o0, %lo(__flush_tlb_page), %o0 -+ sethi %hi(__hypervisor_flush_tlb_page), %o1 -+ or %o1, %lo(__hypervisor_flush_tlb_page), %o1 -+ call tlb_patch_one -+ mov 11, %o2 -+ - sethi %hi(__flush_tlb_pending), %o0 - or %o0, %lo(__flush_tlb_pending), %o0 - sethi %hi(__hypervisor_flush_tlb_pending), %o1 -@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops: - call tlb_patch_one - mov 21, %o2 - -- sethi %hi(xcall_flush_tlb_pending), %o0 -- or %o0, %lo(xcall_flush_tlb_pending), %o0 -- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1 -- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1 -+ sethi %hi(xcall_flush_tlb_page), %o0 -+ or %o0, %lo(xcall_flush_tlb_page), %o0 -+ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1 -+ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1 - call tlb_patch_one -- mov 21, %o2 -+ mov 17, %o2 - - sethi %hi(xcall_flush_tlb_kernel_range), %o0 - or %o0, %lo(xcall_flush_tlb_kernel_range), %o0 diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -11068,6 +10461,18 @@ index 133f7de..1d6f2f1 100644 #This will adjust *FLAGS accordingly to the platform. include $(srctree)/$(ARCH_DIR)/Makefile-os-$(OS) +diff --git a/arch/um/defconfig b/arch/um/defconfig +index 08107a7..ab22afe 100644 +--- a/arch/um/defconfig ++++ b/arch/um/defconfig +@@ -51,7 +51,6 @@ CONFIG_X86_CMPXCHG=y + CONFIG_X86_L1_CACHE_SHIFT=5 + CONFIG_X86_XADD=y + CONFIG_X86_PPRO_FENCE=y +-CONFIG_X86_WP_WORKS_OK=y + CONFIG_X86_INVLPG=y + CONFIG_X86_BSWAP=y + CONFIG_X86_POPAD_OK=y diff --git a/arch/um/include/asm/cache.h b/arch/um/include/asm/cache.h index 19e1bdd..3665b77 100644 --- a/arch/um/include/asm/cache.h @@ -19893,7 +19298,7 @@ index 6ed91d9..6cc365b 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index cb3c591..7ba137c 100644 +index cb3c591..0617fa7 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -19980,7 +19385,7 @@ index cb3c591..7ba137c 100644 #endif -@@ -284,6 +293,273 @@ ENTRY(native_usergs_sysret64) +@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -20051,6 +19456,9 @@ index cb3c591..7ba137c 100644 + mov %cs,%rdi + cmp $__KERNEXEC_KERNEL_CS,%edi + jz 2f ++ GET_CR0_INTO_RDI ++ bts $16,%rdi ++ jnc 4f +1: + +#ifdef CONFIG_PARAVIRT @@ -20063,9 +19471,12 @@ index cb3c591..7ba137c 100644 + +2: GET_CR0_INTO_RDI + btr $16,%rdi ++ jnc 4f + ljmpq __KERNEL_CS,3f +3: SET_RDI_INTO_CR0 + jmp 1b ++4: ud2 ++ jmp 4b +ENDPROC(pax_exit_kernel) +#endif + @@ -20155,6 +19566,7 @@ index cb3c591..7ba137c 100644 +#ifdef CONFIG_PAX_KERNEXEC + GET_CR0_INTO_RDI + btr $16,%rdi ++ jnc 3f + SET_RDI_INTO_CR0 +#endif + @@ -20192,6 +19604,8 @@ index cb3c591..7ba137c 100644 + popq %rdi + pax_force_retaddr + retq ++3: ud2 ++ jmp 3b +ENDPROC(pax_exit_kernel_user) +#endif + @@ -20254,7 +19668,7 @@ index cb3c591..7ba137c 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -375,8 +651,8 @@ ENDPROC(native_usergs_sysret64) +@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -20265,7 +19679,7 @@ index cb3c591..7ba137c 100644 .endm /* -@@ -463,7 +739,7 @@ ENDPROC(native_usergs_sysret64) +@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -20274,7 +19688,7 @@ index cb3c591..7ba137c 100644 je 1f SWAPGS /* -@@ -498,9 +774,10 @@ ENTRY(save_rest) +@@ -498,9 +783,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -20286,7 +19700,7 @@ index cb3c591..7ba137c 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -529,9 +806,10 @@ ENTRY(save_paranoid) +@@ -529,9 +815,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -20299,7 +19713,7 @@ index cb3c591..7ba137c 100644 .popsection /* -@@ -553,7 +831,7 @@ ENTRY(ret_from_fork) +@@ -553,7 +840,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -20308,7 +19722,7 @@ index cb3c591..7ba137c 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -571,7 +849,7 @@ ENTRY(ret_from_fork) +@@ -571,7 +858,7 @@ ENTRY(ret_from_fork) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -20317,7 +19731,7 @@ index cb3c591..7ba137c 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -608,7 +886,7 @@ END(ret_from_fork) +@@ -608,7 +895,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -20326,7 +19740,7 @@ index cb3c591..7ba137c 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -621,16 +899,23 @@ GLOBAL(system_call_after_swapgs) +@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -20352,7 +19766,7 @@ index cb3c591..7ba137c 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,7 +925,7 @@ system_call_fastpath: +@@ -640,7 +934,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -20361,7 +19775,7 @@ index cb3c591..7ba137c 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -654,10 +939,13 @@ sysret_check: +@@ -654,10 +948,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -20376,7 +19790,7 @@ index cb3c591..7ba137c 100644 /* * sysretq will re-enable interrupts: */ -@@ -709,14 +997,18 @@ badsys: +@@ -709,14 +1006,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -20396,7 +19810,7 @@ index cb3c591..7ba137c 100644 jmp system_call_fastpath /* -@@ -737,7 +1029,7 @@ sysret_audit: +@@ -737,7 +1038,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -20405,7 +19819,7 @@ index cb3c591..7ba137c 100644 jz auditsys #endif SAVE_REST -@@ -745,12 +1037,16 @@ tracesys: +@@ -745,12 +1046,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -20422,7 +19836,7 @@ index cb3c591..7ba137c 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -759,7 +1055,7 @@ tracesys: +@@ -759,7 +1064,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -20431,7 +19845,7 @@ index cb3c591..7ba137c 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -780,7 +1076,9 @@ GLOBAL(int_with_check) +@@ -780,7 +1085,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -20442,7 +19856,7 @@ index cb3c591..7ba137c 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -826,7 +1124,7 @@ int_restore_rest: +@@ -826,7 +1133,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -20451,7 +19865,7 @@ index cb3c591..7ba137c 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -842,7 +1140,7 @@ ENTRY(\label) +@@ -842,7 +1149,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -20460,7 +19874,7 @@ index cb3c591..7ba137c 100644 .endm .macro FORK_LIKE func -@@ -856,9 +1154,10 @@ ENTRY(stub_\func) +@@ -856,9 +1163,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -20472,7 +19886,7 @@ index cb3c591..7ba137c 100644 .endm FORK_LIKE clone -@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common) +@@ -875,9 +1183,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -20484,7 +19898,7 @@ index cb3c591..7ba137c 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -891,7 +1191,7 @@ ENTRY(stub_execve) +@@ -891,7 +1200,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -20493,7 +19907,7 @@ index cb3c591..7ba137c 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn) +@@ -909,7 +1218,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -20502,7 +19916,7 @@ index cb3c591..7ba137c 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -975,7 +1275,7 @@ vector=vector+1 +@@ -975,7 +1284,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -20511,7 +19925,7 @@ index cb3c591..7ba137c 100644 .previous END(interrupt) -@@ -995,6 +1295,16 @@ END(interrupt) +@@ -995,6 +1304,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -20528,7 +19942,7 @@ index cb3c591..7ba137c 100644 call \func .endm -@@ -1027,7 +1337,7 @@ ret_from_intr: +@@ -1027,7 +1346,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -20537,7 +19951,7 @@ index cb3c591..7ba137c 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */ +@@ -1049,12 +1368,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -20554,7 +19968,7 @@ index cb3c591..7ba137c 100644 /* * The iretq could re-enable interrupts: */ -@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel) +@@ -1137,7 +1460,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -20563,7 +19977,7 @@ index cb3c591..7ba137c 100644 /* * End of kprobes section */ -@@ -1155,7 +1469,7 @@ ENTRY(\sym) +@@ -1155,7 +1478,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -20572,7 +19986,7 @@ index cb3c591..7ba137c 100644 .endm #ifdef CONFIG_SMP -@@ -1211,12 +1525,22 @@ ENTRY(\sym) +@@ -1211,12 +1534,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -20596,7 +20010,7 @@ index cb3c591..7ba137c 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1229,15 +1553,25 @@ ENTRY(\sym) +@@ -1229,15 +1562,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -20624,7 +20038,7 @@ index cb3c591..7ba137c 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1248,14 +1582,30 @@ ENTRY(\sym) +@@ -1248,14 +1591,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -20656,7 +20070,7 @@ index cb3c591..7ba137c 100644 .endm .macro errorentry sym do_sym -@@ -1267,13 +1617,23 @@ ENTRY(\sym) +@@ -1267,13 +1626,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -20681,7 +20095,7 @@ index cb3c591..7ba137c 100644 .endm /* error code is on the stack already */ -@@ -1287,13 +1647,23 @@ ENTRY(\sym) +@@ -1287,13 +1656,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -20706,7 +20120,7 @@ index cb3c591..7ba137c 100644 .endm zeroentry divide_error do_divide_error -@@ -1323,9 +1693,10 @@ gs_change: +@@ -1323,9 +1702,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -20718,7 +20132,7 @@ index cb3c591..7ba137c 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1353,9 +1724,10 @@ ENTRY(call_softirq) +@@ -1353,9 +1733,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -20730,7 +20144,7 @@ index cb3c591..7ba137c 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1393,7 +1774,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -20739,7 +20153,7 @@ index cb3c591..7ba137c 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback) +@@ -1452,7 +1833,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -20748,7 +20162,7 @@ index cb3c591..7ba137c 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit) +@@ -1501,16 +1882,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -20781,7 +20195,7 @@ index cb3c591..7ba137c 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1539,7 +1926,7 @@ paranoid_schedule: +@@ -1539,7 +1935,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -20790,7 +20204,7 @@ index cb3c591..7ba137c 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1566,12 +1953,13 @@ ENTRY(error_entry) +@@ -1566,12 +1962,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -20805,7 +20219,7 @@ index cb3c591..7ba137c 100644 ret /* -@@ -1598,7 +1986,7 @@ bstep_iret: +@@ -1598,7 +1995,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -20814,7 +20228,7 @@ index cb3c591..7ba137c 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1618,7 +2006,7 @@ ENTRY(error_exit) +@@ -1618,7 +2015,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -20823,7 +20237,7 @@ index cb3c591..7ba137c 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1676,9 +2064,11 @@ ENTRY(nmi) +@@ -1676,9 +2073,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -20836,7 +20250,7 @@ index cb3c591..7ba137c 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1712,14 +2102,13 @@ nested_nmi: +@@ -1712,8 +2111,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -20846,14 +20260,7 @@ index cb3c591..7ba137c 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS - pushq_cfi %rdx - pushfq_cfi -- pushq_cfi $__KERNEL_CS -+ pushq_cfi 6*8(%rsp) - pushq_cfi $repeat_nmi - - /* Put stack back */ -@@ -1731,6 +2120,7 @@ nested_nmi_out: +@@ -1731,6 +2129,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -20861,7 +20268,7 @@ index cb3c591..7ba137c 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1847,6 +2237,17 @@ end_repeat_nmi: +@@ -1847,6 +2246,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -20879,7 +20286,7 @@ index cb3c591..7ba137c 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1862,23 +2263,34 @@ end_repeat_nmi: +@@ -1862,23 +2272,34 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -21782,9 +21189,18 @@ index 245a71d..89d9ce4 100644 /* diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c -index 9a5c460..b332a4b 100644 +index 9a5c460..84868423 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c +@@ -110,7 +110,7 @@ static int i8259A_irq_pending(unsigned int irq) + static void make_8259A_irq(unsigned int irq) + { + disable_irq_nosync(irq); +- io_apic_irqs &= ~(1<<irq); ++ io_apic_irqs &= ~(1UL<<irq); + irq_set_chip_and_handler_name(irq, &i8259A_chip, handle_level_irq, + i8259A_chip.name); + enable_irq(irq); @@ -209,7 +209,7 @@ spurious_8259A_irq: "spurious 8259A interrupt: IRQ%d.\n", irq); spurious_irq_mask |= irqmask; @@ -22865,6 +22281,19 @@ index 8bfb335..c1463c6 100644 }; EXPORT_SYMBOL_GPL(pv_time_ops); +diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c +index 299d493..2ccb0ee 100644 +--- a/arch/x86/kernel/pci-calgary_64.c ++++ b/arch/x86/kernel/pci-calgary_64.c +@@ -1339,7 +1339,7 @@ static void __init get_tce_space_from_tar(void) + tce_space = be64_to_cpu(readq(target)); + tce_space = tce_space & TAR_SW_BITS; + +- tce_space = tce_space & (~specified_table_size); ++ tce_space = tce_space & (~(unsigned long)specified_table_size); + info->tce_space = (u64 *)__va(tce_space); + } + } diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c index 35ccf75..7a15747 100644 --- a/arch/x86/kernel/pci-iommu_table.c @@ -24938,9 +24367,24 @@ index d29d3cd..ec9d522 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 9120ae1..238abc0 100644 +index 9120ae1..aca46d0 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c +@@ -1164,12 +1164,12 @@ static void vmcs_write64(unsigned long field, u64 value) + #endif + } + +-static void vmcs_clear_bits(unsigned long field, u32 mask) ++static void vmcs_clear_bits(unsigned long field, unsigned long mask) + { + vmcs_writel(field, vmcs_readl(field) & ~mask); + } + +-static void vmcs_set_bits(unsigned long field, u32 mask) ++static void vmcs_set_bits(unsigned long field, unsigned long mask) + { + vmcs_writel(field, vmcs_readl(field) | mask); + } @@ -1370,7 +1370,11 @@ static void reload_tss(void) struct desc_struct *descs; @@ -34457,6 +33901,19 @@ index f74f2c0..bb668af 100644 set_fs(old_fs); if (likely(bw == len)) return 0; +diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c +index 2e7de7a..ed86dc0 100644 +--- a/drivers/block/pktcdvd.c ++++ b/drivers/block/pktcdvd.c +@@ -83,7 +83,7 @@ + + #define MAX_SPEED 0xffff + +-#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1)) ++#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL)) + + static DEFINE_MUTEX(pktcdvd_mutex); + static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index d620b44..587561e 100644 --- a/drivers/cdrom/cdrom.c @@ -40194,10 +39651,10 @@ index 8dd6ba5..419cc1d 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 27cdf1f..8c37357 100644 +index 045dc53..b1e5473 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4859,7 +4859,7 @@ static unsigned int bond_get_num_tx_queues(void) +@@ -4865,7 +4865,7 @@ static unsigned int bond_get_num_tx_queues(void) return tx_queues; } @@ -40206,7 +39663,7 @@ index 27cdf1f..8c37357 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, -@@ -4975,8 +4975,8 @@ static void __exit bonding_exit(void) +@@ -4990,8 +4990,8 @@ static void __exit bonding_exit(void) bond_destroy_debugfs(); @@ -40899,19 +40356,6 @@ index cb95fe5..16909e2 100644 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; -diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c -index 16c8429..6bd9167 100644 ---- a/drivers/net/usb/cdc_mbim.c -+++ b/drivers/net/usb/cdc_mbim.c -@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb - goto error; - - if (skb) { -- if (skb->len <= sizeof(ETH_HLEN)) -+ if (skb->len <= ETH_HLEN) - goto error; - - /* mapping VLANs to MBIM sessions: diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index cd8ccb2..cff5144 100644 --- a/drivers/net/usb/hso.c @@ -44868,47 +44312,10 @@ index b3c4a25..723916f 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index da9fde8..621d6dc 100644 +index 892ecda..90cbf36 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty) - - EXPORT_SYMBOL(start_tty); - -+static void tty_update_time(struct timespec *time) -+{ -+ unsigned long sec = get_seconds(); -+ sec -= sec % 60; -+ if ((long)(sec - time->tv_sec) > 0) -+ time->tv_sec = sec; -+} -+ - /** - * tty_read - read method for tty device files - * @file: pointer to tty file -@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, - else - i = -EIO; - tty_ldisc_deref(ld); -+ - if (i > 0) -- inode->i_atime = current_fs_time(inode->i_sb); -+ tty_update_time(&inode->i_atime); -+ - return i; - } - -@@ -1080,8 +1090,7 @@ static inline ssize_t do_tty_write( - cond_resched(); - } - if (written) { -- struct inode *inode = file->f_path.dentry->d_inode; -- inode->i_mtime = current_fs_time(inode->i_sb); -+ tty_update_time(&file->f_path.dentry->d_inode->i_mtime); - ret = written; - } - out: -@@ -3391,7 +3400,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3401,7 +3401,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -48976,7 +48383,7 @@ index 0efd152..b5802ad 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index 71f613c..ee07789 100644 +index ed762ae..ee07789 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -48988,17 +48395,6 @@ index 71f613c..ee07789 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent) - spin_unlock(&info->ring_lock); - - out: -- kunmap_atomic(ring); - dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret, - (unsigned long)ring->head, (unsigned long)ring->tail); -+ kunmap_atomic(ring); - return ret; - } - @@ -1373,18 +1373,19 @@ static ssize_t aio_fsync(struct kiocb *iocb) static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) { @@ -50171,11 +49567,32 @@ index ce1c169..1ef484f 100644 parent_start = 0; WARN_ON(trans->transid != btrfs_header_generation(parent)); +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c +index d170412..a575d77 100644 +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -6019,7 +6019,7 @@ again: + if (ret == -ENOSPC) { + if (!final_tried) { + num_bytes = num_bytes >> 1; +- num_bytes = num_bytes & ~(root->sectorsize - 1); ++ num_bytes = num_bytes & ~((u64)root->sectorsize - 1); + num_bytes = max(num_bytes, min_alloc_size); + if (num_bytes == min_alloc_size) + final_tried = true; diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 7c4e6cc..27bd5c2 100644 +index 7c4e6cc..8ad78b2 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7314,7 +7314,7 @@ fail: +@@ -17,6 +17,7 @@ + */ + + #include <linux/kernel.h> ++#include <linux/module.h> + #include <linux/bio.h> + #include <linux/buffer_head.h> + #include <linux/file.h> +@@ -7314,7 +7315,7 @@ fail: return -ENOMEM; } @@ -50184,7 +49601,7 @@ index 7c4e6cc..27bd5c2 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7328,6 +7328,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7328,6 +7329,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -54975,6 +54392,23 @@ index d1dd710..32ac0e8 100644 int nops; }; +diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c +index 2cbac34..6dc3889 100644 +--- a/fs/nfsd/nfscache.c ++++ b/fs/nfsd/nfscache.c +@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + if (!(rp = rqstp->rq_cacherep) || cache_disabled) + return; + +- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); +- len >>= 2; ++ if (statp) { ++ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); ++ len >>= 2; ++ } + + /* Don't cache excessive amounts of data and XDR failures */ + if (!statp || len > (256 >> 2)) { diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 69c6413..c0408d2 100644 --- a/fs/nfsd/vfs.c @@ -71340,7 +70774,7 @@ index aa16731..514b875 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 9ef07d0..130a5d9 100644 +index 0e182f9..bd5d452 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1012,6 +1012,7 @@ struct net_device_ops { @@ -72153,7 +71587,7 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 98399e2..7c74c41 100644 +index 9fe54b6..a9de68d 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -72219,7 +71653,7 @@ index 98399e2..7c74c41 100644 +#endif } - /* Note: This doesn't put any conntrack and bridge info in dst. */ + static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h index 5d168d7..720bff3 100644 --- a/include/linux/slab.h @@ -73639,21 +73073,6 @@ index 5a15fab..d799ea7 100644 extern int __rtnl_link_register(struct rtnl_link_ops *ops); extern void __rtnl_link_unregister(struct rtnl_link_ops *ops); -diff --git a/include/net/scm.h b/include/net/scm.h -index 975cca0..b117081 100644 ---- a/include/net/scm.h -+++ b/include/net/scm.h -@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm, - scm->pid = get_pid(pid); - scm->cred = cred ? get_cred(cred) : NULL; - scm->creds.pid = pid_vnr(pid); -- scm->creds.uid = cred ? cred->euid : INVALID_UID; -- scm->creds.gid = cred ? cred->egid : INVALID_GID; -+ scm->creds.uid = cred ? cred->uid : INVALID_UID; -+ scm->creds.gid = cred ? cred->gid : INVALID_GID; - } - - static __inline__ void scm_destroy_cred(struct scm_cookie *scm) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index 7fdf298..197e9f7 100644 --- a/include/net/sctp/sctp.h @@ -80419,9 +79838,18 @@ index ce8514f..8233573 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index fe1d581..43a0f38 100644 +index fe1d581..ea543f1b 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c +@@ -2845,7 +2845,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) + return 0; + } + +-int set_tracer_flag(unsigned int mask, int enabled) ++int set_tracer_flag(unsigned long mask, int enabled) + { + /* do nothing if flag is already set */ + if (!!(trace_flags & mask) == !!enabled) @@ -4494,10 +4494,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -80446,6 +79874,19 @@ index fe1d581..43a0f38 100644 static int once; struct dentry *d_tracer; +diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h +index 23f1d2c..6ca7a9b 100644 +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -840,7 +840,7 @@ extern const char *__stop___trace_bprintk_fmt[]; + void trace_printk_init_buffers(void); + void trace_printk_start_comm(void); + int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); +-int set_tracer_flag(unsigned int mask, int enabled); ++int set_tracer_flag(unsigned long mask, int enabled); + + #undef FTRACE_ENTRY + #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \ diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 880073d..42db7c3 100644 --- a/kernel/trace/trace_events.c @@ -86276,10 +85717,10 @@ index 1bcfb84..dad9f98 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index ce3f665..2c7d08f 100644 +index 970fc13..cf0161d 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c -@@ -667,7 +667,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -668,7 +668,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c struct sock *sk = sock->sk; struct bt_security sec; int err = 0; @@ -86288,7 +85729,7 @@ index ce3f665..2c7d08f 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -689,7 +689,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -690,7 +690,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c sec.level = BT_SECURITY_LOW; @@ -86621,7 +86062,7 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 5d9c43d..b471558 100644 +index d592214..2764363 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name) @@ -86656,7 +86097,7 @@ index 5d9c43d..b471558 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2179,7 +2183,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2183,7 +2187,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -86665,7 +86106,7 @@ index 5d9c43d..b471558 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -3052,7 +3056,7 @@ enqueue: +@@ -3056,7 +3060,7 @@ enqueue: local_irq_restore(flags); @@ -86674,7 +86115,7 @@ index 5d9c43d..b471558 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3124,7 +3128,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3128,7 +3132,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -86683,7 +86124,7 @@ index 5d9c43d..b471558 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3462,7 +3466,7 @@ ncls: +@@ -3466,7 +3470,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -86692,7 +86133,7 @@ index 5d9c43d..b471558 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4045,7 +4049,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4049,7 +4053,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -86701,7 +86142,7 @@ index 5d9c43d..b471558 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4529,8 +4533,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4533,8 +4537,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -86715,7 +86156,7 @@ index 5d9c43d..b471558 100644 } return 0; -@@ -6102,7 +6111,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6106,7 +6115,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -86853,7 +86294,7 @@ index 8acce01..2e306bb 100644 return error; } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 6212ec9..5ee16b2 100644 +index 055fb13..5ee16b2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -86891,24 +86332,6 @@ index 6212ec9..5ee16b2 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -1068,7 +1071,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) - rcu_read_lock(); - cb->seq = net->dev_base_seq; - -- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - - if (tb[IFLA_EXT_MASK]) -@@ -1924,7 +1927,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) - u32 ext_filter_mask = 0; - u16 min_ifinfo_dump_size = 0; - -- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - if (tb[IFLA_EXT_MASK]) - ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); diff --git a/net/core/scm.c b/net/core/scm.c index 2dc6cda..2159524 100644 --- a/net/core/scm.c @@ -87336,30 +86759,9 @@ index a8e4f26..25e5f40 100644 #endif if (dflt != &ipv4_devconf_dflt) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index 3b4f0cd..a6ba66e 100644 +index 4cfe34d..a6ba66e 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c -@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - - /* skb is pure payload to encrypt */ - -- err = -ENOMEM; -- - esp = x->data; - aead = esp->aead; - alen = crypto_aead_authsize(aead); -@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - } - - tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); -- if (!tmp) -+ if (!tmp) { -+ err = -ENOMEM; - goto error; -+ } - - seqhi = esp_tmp_seqhi(tmp); - iv = esp_tmp_iv(aead, tmp, seqhilen); @@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) return; @@ -87468,10 +86870,10 @@ index 000e3d2..5472da3 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index a8fc332..4ca4ca65 100644 +index 0fcfee3..66e86c9 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c -@@ -319,7 +319,7 @@ static inline int ip_frag_too_far(struct ipq *qp) +@@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp) return 0; start = qp->rid; @@ -87480,7 +86882,7 @@ index a8fc332..4ca4ca65 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -786,12 +786,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -793,12 +793,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -87495,7 +86897,7 @@ index a8fc332..4ca4ca65 100644 if (table == NULL) goto err_alloc; -@@ -802,9 +801,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -809,9 +808,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -87508,7 +86910,7 @@ index a8fc332..4ca4ca65 100644 if (hdr == NULL) goto err_reg; -@@ -812,8 +812,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -819,8 +819,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -87882,21 +87284,6 @@ index a0fcc47..32e2c89 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index b236ef04..f962f19 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, -+ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, - inet_sk_flowi_flags(sk), - (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, - ireq->loc_addr, th->source, th->dest); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index d84400b..62e066e 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -88038,10 +87425,10 @@ index d84400b..62e066e 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 9841a71..ef60409 100644 +index b4e8b79..617d6aa 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4730,7 +4730,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4737,7 +4737,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -88050,7 +87437,7 @@ index 9841a71..ef60409 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5847,6 +5847,7 @@ discard: +@@ -5849,6 +5849,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -88058,7 +87445,7 @@ index 9841a71..ef60409 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5897,6 +5898,7 @@ discard: +@@ -5899,6 +5900,7 @@ discard: goto discard; #endif } @@ -88066,7 +87453,7 @@ index 9841a71..ef60409 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5941,7 +5943,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5943,7 +5945,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -88161,25 +87548,6 @@ index f35f2df..ccb5ca6 100644 } else if (fastopen) { /* received a valid RST pkt */ reqsk_fastopen_remove(sk, req, true); tcp_reset(sk); -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c -index 17d659e..a9f50ee 100644 ---- a/net/ipv4/tcp_output.c -+++ b/net/ipv4/tcp_output.c -@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) - */ - TCP_SKB_CB(skb)->when = tcp_time_stamp; - -- /* make sure skb->data is aligned on arches that require it */ -- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { -+ /* make sure skb->data is aligned on arches that require it -+ * and check if ack-trimming & collapsing extended the headroom -+ * beyond what csum_start can cover. -+ */ -+ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || -+ skb_headroom(skb) >= 0xFFFF)) { - struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, - GFP_ATOMIC); - return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index 4526fe6..1a34e43 100644 --- a/net/ipv4/tcp_probe.c @@ -88341,7 +87709,7 @@ index 1f4d405..3524677 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index a36d17e..96d099f 100644 +index e8676c2..0a164f6 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -88353,7 +87721,7 @@ index a36d17e..96d099f 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4388,7 +4388,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, +@@ -4415,7 +4415,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -88362,7 +87730,7 @@ index a36d17e..96d099f 100644 int ret; /* -@@ -4470,7 +4470,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, +@@ -4497,7 +4497,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -88648,10 +88016,10 @@ index 70fa814..d70c28c 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index d9ba8a2..f3f9e14 100644 +index 7a610a6..202dff9 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c -@@ -608,12 +608,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { +@@ -617,12 +617,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { static int __net_init ip6_frags_ns_sysctl_register(struct net *net) { @@ -88666,7 +88034,7 @@ index d9ba8a2..f3f9e14 100644 if (table == NULL) goto err_alloc; -@@ -624,9 +623,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -633,9 +632,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -88679,7 +88047,7 @@ index d9ba8a2..f3f9e14 100644 if (hdr == NULL) goto err_reg; -@@ -634,8 +634,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -643,8 +643,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -88738,7 +88106,7 @@ index e85c48b..b8268d3 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 8d19346..f122ba5 100644 +index 89dfedd..f122ba5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -88752,15 +88120,7 @@ index 8d19346..f122ba5 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -386,6 +390,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, - - if (dst) - dst->ops->redirect(dst, sk, skb); -+ goto out; - } - - if (type == ICMPV6_PKT_TOOBIG) { -@@ -1440,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1441,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -88770,7 +88130,7 @@ index 8d19346..f122ba5 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1521,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1522,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -88793,7 +88153,7 @@ index 8d19346..f122ba5 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1575,6 +1591,10 @@ no_tcp_socket: +@@ -1576,6 +1591,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -88961,7 +88321,7 @@ index e71e85b..29340a9 100644 /* Aborting, close connection! */ iriap_disconnect_request(self); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index cd6f7a9..e63fe89 100644 +index 625bc50..ac6eef9 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -782,10 +782,10 @@ static int iucv_sock_autobind(struct sock *sk) @@ -89812,7 +89172,7 @@ index 5a55be3..7630745 100644 } } diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 7261eb8..44e8ac6 100644 +index 14c106b..2d58b38 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -838,6 +838,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, @@ -91274,7 +90634,7 @@ index 6b42d47..2ac24d5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index b45eb65..bb4b223 100644 +index f347754..bb4b223 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -785,6 +785,12 @@ static struct sock *unix_find_other(struct net *net, @@ -91323,15 +90683,6 @@ index b45eb65..bb4b223 100644 done_path_create(&path, dentry); return err; } -@@ -1995,7 +2014,7 @@ again: - if ((UNIXCB(skb).pid != siocb->scm->pid) || - (UNIXCB(skb).cred != siocb->scm->cred)) - break; -- } else { -+ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { - /* Copy credentials */ - scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); - check_creds = 1; @@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); @@ -92066,7 +91417,7 @@ index e4fd45b..2eeb5c4 100644 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..4cb4ecc 100644 +index e9c6ac7..eef8ada 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,943 @@ @@ -92649,7 +92000,7 @@ index e9c6ac7..4cb4ecc 100644 +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on ((X86 && (!X86_32 || X86_WP_WORKS_OK)) || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + select PAX_KERNEXEC_PLUGIN if X86_64 + help @@ -104316,10 +103667,10 @@ index 0000000..ac2901e +} diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c new file mode 100644 -index 0000000..41770fc +index 0000000..b07fe22 --- /dev/null +++ b/tools/gcc/structleak_plugin.c -@@ -0,0 +1,272 @@ +@@ -0,0 +1,276 @@ +/* + * Copyright 2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -104454,6 +103805,7 @@ index 0000000..41770fc + gimple init_stmt; + + // this is the original entry bb before the forced split ++ // TODO: check further BBs in case more splits occured before us + bb = ENTRY_BLOCK_PTR->next_bb->next_bb; + + // first check if the variable is already initialized, warn otherwise @@ -104477,6 +103829,9 @@ index 0000000..41770fc + return; + } + ++ // these aren't the 0days you're looking for ++// inform(DECL_SOURCE_LOCATION(var), "userspace variable will be forcibly initialized"); ++ + // build the initializer expression + initializer = build_constructor(TREE_TYPE(var), NULL); + diff --git a/3.8.10/4425_grsec_remove_EI_PAX.patch b/3.8.11/4425_grsec_remove_EI_PAX.patch index 7d06ac2..7d06ac2 100644 --- a/3.8.10/4425_grsec_remove_EI_PAX.patch +++ b/3.8.11/4425_grsec_remove_EI_PAX.patch diff --git a/3.8.10/4430_grsec-remove-localversion-grsec.patch b/3.8.11/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.8.10/4430_grsec-remove-localversion-grsec.patch +++ b/3.8.11/4430_grsec-remove-localversion-grsec.patch diff --git a/3.8.10/4435_grsec-mute-warnings.patch b/3.8.11/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.8.10/4435_grsec-mute-warnings.patch +++ b/3.8.11/4435_grsec-mute-warnings.patch diff --git a/3.8.10/4440_grsec-remove-protected-paths.patch b/3.8.11/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.8.10/4440_grsec-remove-protected-paths.patch +++ b/3.8.11/4440_grsec-remove-protected-paths.patch diff --git a/3.8.10/4450_grsec-kconfig-default-gids.patch b/3.8.11/4450_grsec-kconfig-default-gids.patch index 7c20c40..7c20c40 100644 --- a/3.8.10/4450_grsec-kconfig-default-gids.patch +++ b/3.8.11/4450_grsec-kconfig-default-gids.patch diff --git a/3.8.10/4465_selinux-avc_audit-log-curr_ip.patch b/3.8.11/4465_selinux-avc_audit-log-curr_ip.patch index 0a309c8..0a309c8 100644 --- a/3.8.10/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.8.11/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.8.10/4470_disable-compat_vdso.patch b/3.8.11/4470_disable-compat_vdso.patch index 3ef36aa..3ef36aa 100644 --- a/3.8.10/4470_disable-compat_vdso.patch +++ b/3.8.11/4470_disable-compat_vdso.patch |