commit: 667ea5760ac409dee4a40d992131bc42a7cd6c60
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 29 11:56:06 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Sep 29 11:56:33 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=667ea576
Grsec/PaX: 3.0-{3.2.63,3.14.19,3.16.3}-201409282025
---
3.14.19/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.19-201409282024.patch} | 765 +++++++++++--
3.16.3/0000_README | 2 +-
... 4420_grsecurity-3.0-3.16.3-201409282025.patch} | 1174 ++++++++++++++++++--
3.2.63/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.63-201409282020.patch} | 263 ++++-
6 files changed, 1987 insertions(+), 221 deletions(-)
diff --git a/3.14.19/0000_README b/3.14.19/0000_README
index d825e9a..56f5a2f 100644
--- a/3.14.19/0000_README
+++ b/3.14.19/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.19-201409180900.patch
+Patch: 4420_grsecurity-3.0-3.14.19-201409282024.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch
b/3.14.19/4420_grsecurity-3.0-3.14.19-201409282024.patch
similarity index 99%
rename from 3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch
rename to 3.14.19/4420_grsecurity-3.0-3.14.19-201409282024.patch
index 3cb0c39..6d97454 100644
--- a/3.14.19/4420_grsecurity-3.0-3.14.19-201409180900.patch
+++ b/3.14.19/4420_grsecurity-3.0-3.14.19-201409282024.patch
@@ -2166,6 +2166,95 @@ index 71a06b2..8bb9ae1 100644
/*
* Change these and you break ASM code in entry-common.S
+diff --git a/arch/arm/include/asm/tls.h b/arch/arm/include/asm/tls.h
+index 83259b8..8c7e01d 100644
+--- a/arch/arm/include/asm/tls.h
++++ b/arch/arm/include/asm/tls.h
+@@ -1,6 +1,9 @@
+ #ifndef __ASMARM_TLS_H
+ #define __ASMARM_TLS_H
+
++#include <linux/compiler.h>
++#include <asm/thread_info.h>
++
+ #ifdef __ASSEMBLY__
+ #include <asm/asm-offsets.h>
+ .macro switch_tls_none, base, tp, tpuser, tmp1, tmp2
+@@ -50,6 +53,50 @@
+ #endif
+
+ #ifndef __ASSEMBLY__
++#include <asm/pgtable.h>
++
++static inline void set_tls(unsigned long val)
++{
++ struct thread_info *thread;
++
++ thread = current_thread_info();
++
++ thread->tp_value[0] = val;
++
++ /*
++ * This code runs with preemption enabled and therefore must
++ * be reentrant with respect to switch_tls.
++ *
++ * We need to ensure ordering between the shadow state and the
++ * hardware state, so that we don't corrupt the hardware state
++ * with a stale shadow state during context switch.
++ *
++ * If we're preempted here, switch_tls will load TPIDRURO from
++ * thread_info upon resuming execution and the following mcr
++ * is merely redundant.
++ */
++ barrier();
++
++ if (!tls_emu) {
++ if (has_tls_reg) {
++ asm("mcr p15, 0, %0, c13, c0, 3"
++ : : "r" (val));
++ } else {
++ /*
++ * User space must never try to access this
++ * directly. Expect your app to break
++ * eventually if you do so. The user helper
++ * at 0xffff0fe0 must be used instead. (see
++ * entry-armv.S for details)
++ */
++ pax_open_kernel();
++ *((unsigned int *)0xffff0ff0) = val;
++ pax_close_kernel();
++ }
++
++ }
++}
++
+ static inline unsigned long get_tpuser(void)
+ {
+ unsigned long reg = 0;
+@@ -59,5 +106,23 @@ static inline unsigned long get_tpuser(void)
+
+ return reg;
+ }
++
++static inline void set_tpuser(unsigned long val)
++{
++ /* Since TPIDRURW is fully context-switched (unlike TPIDRURO),
++ * we need not update thread_info.
++ */
++ if (has_tls_reg && !tls_emu) {
++ asm("mcr p15, 0, %0, c13, c0, 2"
++ : : "r" (val));
++ }
++}
++
++static inline void flush_tls(void)
++{
++ set_tls(0);
++ set_tpuser(0);
++}
++
+ #endif
+ #endif /* __ASMARM_TLS_H */
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 7f3f3cc..bdf0665 100644
--- a/arch/arm/include/asm/uaccess.h
@@ -2841,7 +2930,7 @@ index 07314af..c46655c 100644
flush_icache_range((uintptr_t)(addr),
(uintptr_t)(addr) + size);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 92f7b15..7048500 100644
+index 92f7b15..b5e6630 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -217,6 +217,7 @@ void machine_power_off(void)
@@ -2872,7 +2961,16 @@ index 92f7b15..7048500 100644
printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
"sp : %08lx ip : %08lx fp : %08lx\n",
regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -425,12 +426,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -334,6 +335,8 @@ void flush_thread(void)
+ memset(&tsk->thread.debug, 0, sizeof(struct debug_info));
+ memset(&thread->fpstate, 0, sizeof(union fp_state));
+
++ flush_tls();
++
+ thread_notify(THREAD_NOTIFY_FLUSH, thread);
+ }
+
+@@ -425,12 +428,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -2885,7 +2983,7 @@ index 92f7b15..7048500 100644
#ifdef CONFIG_MMU
#ifdef CONFIG_KUSER_HELPERS
/*
-@@ -446,7 +441,7 @@ static struct vm_area_struct gate_vma = {
+@@ -446,7 +443,7 @@ static struct vm_area_struct gate_vma = {
static int __init gate_vma_init(void)
{
@@ -2894,7 +2992,7 @@ index 92f7b15..7048500 100644
return 0;
}
arch_initcall(gate_vma_init);
-@@ -472,41 +467,16 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -472,41 +469,16 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -3139,8 +3237,21 @@ index 7a3be1d..b00c7de 100644
pr_debug("CPU ITCM: copied code from %p - %p\n",
start, end);
itcm_present = true;
+diff --git a/arch/arm/kernel/thumbee.c b/arch/arm/kernel/thumbee.c
+index 7b8403b..80f0d69 100644
+--- a/arch/arm/kernel/thumbee.c
++++ b/arch/arm/kernel/thumbee.c
+@@ -45,7 +45,7 @@ static int thumbee_notifier(struct notifier_block *self,
unsigned long cmd, void
+
+ switch (cmd) {
+ case THREAD_NOTIFY_FLUSH:
+- thread->thumbee_state = 0;
++ teehbr_write(0);
+ break;
+ case THREAD_NOTIFY_SWITCH:
+ current_thread_info()->thumbee_state = teehbr_read();
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 172ee18..ce4ec3d 100644
+index 172ee18..381ce44 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -62,7 +62,7 @@ static void dump_mem(const char *, const char *, unsigned
long, unsigned long);
@@ -3171,17 +3282,38 @@ index 172ee18..ce4ec3d 100644
if (signr)
do_exit(signr);
}
-@@ -642,7 +647,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
- * The user helper at 0xffff0fe0 must be used instead.
- * (see entry-armv.S for details)
- */
-+ pax_open_kernel();
- *((unsigned int *)0xffff0ff0) = regs->ARM_r0;
-+ pax_close_kernel();
- }
+@@ -578,7 +583,6 @@ do_cache_op(unsigned long start, unsigned long end, int
flags)
+ #define NR(x) ((__ARM_NR_##x) - __ARM_NR_BASE)
+ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+ {
+- struct thread_info *thread = current_thread_info();
+ siginfo_t info;
+
+ if ((no >> 16) != (__ARM_NR_BASE>> 16))
+@@ -629,21 +633,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+ return regs->ARM_r0;
+
+ case NR(set_tls):
+- thread->tp_value[0] = regs->ARM_r0;
+- if (tls_emu)
+- return 0;
+- if (has_tls_reg) {
+- asm ("mcr p15, 0, %0, c13, c0, 3"
+- : : "r" (regs->ARM_r0));
+- } else {
+- /*
+- * User space must never try to access this directly.
+- * Expect your app to break eventually if you do so.
+- * The user helper at 0xffff0fe0 must be used instead.
+- * (see entry-armv.S for details)
+- */
+- *((unsigned int *)0xffff0ff0) = regs->ARM_r0;
+- }
++ set_tls(regs->ARM_r0);
return 0;
-@@ -899,7 +906,11 @@ void __init early_trap_init(void *vectors_base)
+ #ifdef CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG
+@@ -899,7 +889,11 @@ void __init early_trap_init(void *vectors_base)
kuser_init(vectors_base);
flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
@@ -18010,10 +18142,10 @@ index ed5903b..c7fe163 100644
#define MODULES_END VMALLOC_END
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff --git a/arch/x86/include/asm/pgtable_64.h
b/arch/x86/include/asm/pgtable_64.h
-index e22c1db..23a625a 100644
+index e22c1db..82f2923 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -16,10 +16,14 @@
+@@ -16,10 +16,15 @@
extern pud_t level3_kernel_pgt[512];
extern pud_t level3_ident_pgt[512];
@@ -18026,11 +18158,12 @@ index e22c1db..23a625a 100644
-extern pmd_t level2_ident_pgt[512];
-extern pgd_t init_level4_pgt[];
+extern pmd_t level2_ident_pgt[512*2];
++extern pte_t level1_fixmap_pgt[512];
+extern pgd_t init_level4_pgt[512];
#define swapper_pg_dir init_level4_pgt
-@@ -61,7 +65,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t
pte)
+@@ -61,7 +66,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t
pte)
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
{
@@ -18040,7 +18173,7 @@ index e22c1db..23a625a 100644
}
static inline void native_pmd_clear(pmd_t *pmd)
-@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
+@@ -97,7 +104,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
static inline void native_set_pud(pud_t *pudp, pud_t pud)
{
@@ -18050,7 +18183,7 @@ index e22c1db..23a625a 100644
}
static inline void native_pud_clear(pud_t *pud)
-@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud)
+@@ -107,6 +116,13 @@ static inline void native_pud_clear(pud_t *pud)
static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
{
@@ -21775,7 +21908,7 @@ index f6dfd93..892ade4 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index d9c12d3..7858b62 100644
+index d9c12d3..3e70198 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -21788,7 +21921,15 @@ index d9c12d3..7858b62 100644
#include <linux/kallsyms.h>
#include <linux/kprobes.h>
#include <linux/uaccess.h>
-@@ -40,16 +43,14 @@ void printk_address(unsigned long address)
+@@ -33,23 +36,21 @@ static void printk_stack_address(unsigned long address,
int reliable)
+
+ void printk_address(unsigned long address)
+ {
+- pr_cont(" [<%p>] %pS\n", (void *)address, (void *)address);
++ pr_cont(" [<%p>] %pA\n", (void *)address, (void *)address);
+ }
+
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER
static void
print_ftrace_graph_addr(unsigned long addr, void *data,
const struct stacktrace_ops *ops,
@@ -35857,7 +35998,7 @@ index 201d09a..e4723e5 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index 2423ef0..4f6fb5b 100644
+index 2423ef0..a5f0379 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
@@ -35869,17 +36010,63 @@ index 2423ef0..4f6fb5b 100644
{
if (val & _PAGE_PRESENT) {
unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
-@@ -1904,6 +1904,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+@@ -1866,12 +1866,11 @@ static void __init check_pt_base(unsigned long
*pt_base, unsigned long *pt_end,
+ *
+ * We can construct this by grafting the Xen provided pagetable into
+ * head_64.S's preconstructed pagetables. We copy the Xen L2's into
+- * level2_ident_pgt, level2_kernel_pgt and level2_fixmap_pgt. This
+- * means that only the kernel has a physical mapping to start with -
+- * but that's enough to get __va working. We need to fill in the rest
+- * of the physical mapping once some sort of allocator has been set
+- * up.
+- * NOTE: for PVH, the page tables are native.
++ * level2_ident_pgt, and level2_kernel_pgt. This means that only the
++ * kernel has a physical mapping to start with - but that's enough to
++ * get __va working. We need to fill in the rest of the physical
++ * mapping once some sort of allocator has been set up. NOTE: for
++ * PVH, the page tables are native.
+ */
+ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+ {
+@@ -1902,8 +1901,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+ /* L3_i[0] -> level2_ident_pgt */
+ convert_pfn_mfn(level3_ident_pgt);
/* L3_k[510] -> level2_kernel_pgt
- * L3_i[511] -> level2_fixmap_pgt */
+- * L3_i[511] -> level2_fixmap_pgt */
++ * L3_k[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
+ convert_pfn_mfn(level3_vmalloc_start_pgt);
+ convert_pfn_mfn(level3_vmalloc_end_pgt);
+ convert_pfn_mfn(level3_vmemmap_pgt);
++
++ /* L3_k[511][506] -> level1_fixmap_pgt */
++ convert_pfn_mfn(level2_fixmap_pgt);
}
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
-@@ -1933,8 +1936,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+@@ -1913,30 +1918,29 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+ addr[1] = (unsigned long)l3;
+ addr[2] = (unsigned long)l2;
+ /* Graft it onto L4[272][0]. Note that we creating an aliasing problem:
+- * Both L4[272][0] and L4[511][511] have entries that point to the same
++ * Both L4[272][0] and L4[511][510] have entries that point to the same
+ * L2 (PMD) tables. Meaning that if you modify it in __va space
+ * it will be also modified in the __ka space! (But if you just
+ * modify the PMD table to point to other PTE's or none, then you
+ * are OK - which is what cleanup_highmap does) */
+ copy_page(level2_ident_pgt, l2);
+- /* Graft it onto L4[511][511] */
++ /* Graft it onto L4[511][510] */
+ copy_page(level2_kernel_pgt, l2);
+
+- /* Get [511][510] and graft that in level2_fixmap_pgt */
+- l3 = m2v(pgd[pgd_index(__START_KERNEL_map + PMD_SIZE)].pgd);
+- l2 = m2v(l3[pud_index(__START_KERNEL_map + PMD_SIZE)].pud);
+- copy_page(level2_fixmap_pgt, l2);
+- /* Note that we don't do anything with level1_fixmap_pgt which
+- * we don't need. */
+ if (!xen_feature(XENFEAT_auto_translated_physmap)) {
+ /* Make pagetable pieces RO */
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -35891,8 +36078,11 @@ index 2423ef0..4f6fb5b 100644
+ set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
++ set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -2123,6 +2130,7 @@ static void __init xen_post_allocator_init(void)
+ /* Pin down new L4 */
+ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
+@@ -2123,6 +2127,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -35900,7 +36090,7 @@ index 2423ef0..4f6fb5b 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2201,6 +2209,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst =
{
+@@ -2201,6 +2206,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst =
{
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -36120,6 +36310,18 @@ index d8f80e7..5f41702 100644
done:
spin_lock_init(&blkcg->lock);
INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC);
+diff --git a/block/blk-exec.c b/block/blk-exec.c
+index dbf4502..3394b6e 100644
+--- a/block/blk-exec.c
++++ b/block/blk-exec.c
+@@ -56,6 +56,7 @@ void blk_execute_rq_nowait(struct request_queue *q, struct
gendisk *bd_disk,
+ bool is_pm_resume;
+
+ WARN_ON(irqs_disabled());
++ WARN_ON(rq->cmd_type == REQ_TYPE_FS);
+
+ rq->rq_disk = bd_disk;
+ rq->end_io = done;
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
index 1855bf5..af12b06 100644
--- a/block/blk-iopoll.c
@@ -36146,6 +36348,28 @@ index ae4ae10..c470b8d 100644
if (do_copy)
bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
else
+diff --git a/block/blk-mq.c b/block/blk-mq.c
+index 883f720..37322f0 100644
+--- a/block/blk-mq.c
++++ b/block/blk-mq.c
+@@ -710,14 +710,9 @@ void blk_mq_insert_request(struct request *rq, bool
at_head, bool run_queue,
+
+ hctx = q->mq_ops->map_queue(q, ctx->cpu);
+
+- if (rq->cmd_flags & (REQ_FLUSH | REQ_FUA) &&
+- !(rq->cmd_flags & (REQ_FLUSH_SEQ))) {
+- blk_insert_flush(rq);
+- } else {
+- spin_lock(&ctx->lock);
+- __blk_mq_insert_request(hctx, rq, at_head);
+- spin_unlock(&ctx->lock);
+- }
++ spin_lock(&ctx->lock);
++ __blk_mq_insert_request(hctx, rq, at_head);
++ spin_unlock(&ctx->lock);
+
+ blk_mq_put_ctx(current_ctx);
+
diff --git a/block/blk-softirq.c b/block/blk-softirq.c
index 57790c1..5e988dd 100644
--- a/block/blk-softirq.c
@@ -38097,8 +38321,21 @@ index be73e9d..7fbf140 100644
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
+diff --git a/drivers/block/drbd/drbd_bitmap.c
b/drivers/block/drbd/drbd_bitmap.c
+index 597f111..c700970 100644
+--- a/drivers/block/drbd/drbd_bitmap.c
++++ b/drivers/block/drbd/drbd_bitmap.c
+@@ -1042,7 +1042,7 @@ static void bm_page_io_async(struct bm_aio_ctx *ctx, int
page_nr, int rw) __must
+ submit_bio(rw, bio);
+ /* this should not count as user activity and cause the
+ * resync to throttle -- see drbd_rs_should_slow_down(). */
+- atomic_add(len >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(len >> 9, &mdev->rs_sect_ev);
+ }
+ }
+
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 0e06f0c..c47b81d 100644
+index 0e06f0c..d98cde3 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -582,7 +582,7 @@ struct drbd_epoch {
@@ -38119,6 +38356,17 @@ index 0e06f0c..c47b81d 100644
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
+@@ -1032,8 +1032,8 @@ struct drbd_conf {
+ struct mutex own_state_mutex;
+ struct mutex *state_mutex; /* either own_state_mutex or
mdev->tconn->cstate_mutex */
+ char congestion_reason; /* Why we where congested... */
+- atomic_t rs_sect_in; /* for incoming resync data rate, SyncTarget */
+- atomic_t rs_sect_ev; /* for submitted resync data rate, both */
++ atomic_unchecked_t rs_sect_in; /* for incoming resync data rate,
SyncTarget */
++ atomic_unchecked_t rs_sect_ev; /* for submitted resync data rate, both
*/
+ int rs_last_sect_ev; /* counter to compare with */
+ int rs_last_events; /* counter of read or write "events" (unit sectors)
+ * on the lower level device when we last looked.
*/
@@ -1573,7 +1573,7 @@ static inline int drbd_setsockopt(struct socket *sock,
int level, int optname,
char __user *uoptval;
int err;
@@ -38146,7 +38394,7 @@ index 89c497c..9c736ae 100644
/**
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 929468e..7d934eb 100644
+index 929468e..efb12f0 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum
drbd_packet cmd,
@@ -38167,6 +38415,17 @@ index 929468e..7d934eb 100644
dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw);
if (mdev->state.conn >= C_SYNC_SOURCE &&
mdev->state.conn <= C_PAUSED_SYNC_T)
+@@ -1886,8 +1886,8 @@ void drbd_init_set_defaults(struct drbd_conf *mdev)
+ atomic_set(&mdev->unacked_cnt, 0);
+ atomic_set(&mdev->local_cnt, 0);
+ atomic_set(&mdev->pp_in_use_by_net, 0);
+- atomic_set(&mdev->rs_sect_in, 0);
+- atomic_set(&mdev->rs_sect_ev, 0);
++ atomic_set_unchecked(&mdev->rs_sect_in, 0);
++ atomic_set_unchecked(&mdev->rs_sect_ev, 0);
+ atomic_set(&mdev->ap_in_flight, 0);
+ atomic_set(&mdev->md_io_in_use, 0);
+
@@ -2577,8 +2577,8 @@ void conn_destroy(struct kref *kref)
{
struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref);
@@ -38201,7 +38460,7 @@ index c706d50..5e1b472 100644
if (!msg)
goto failed;
diff --git a/drivers/block/drbd/drbd_receiver.c
b/drivers/block/drbd/drbd_receiver.c
-index d073305..4998fea 100644
+index d073305..958be8f 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -834,7 +834,7 @@ int drbd_connected(struct drbd_conf *mdev)
@@ -38254,6 +38513,24 @@ index d073305..4998fea 100644
list_add(&epoch->list, &tconn->current_epoch->list);
tconn->current_epoch = epoch;
tconn->epochs++;
+@@ -1688,7 +1688,7 @@ static int recv_resync_read(struct drbd_conf *mdev,
sector_t sector, int data_si
+ list_add(&peer_req->w.list, &mdev->sync_ee);
+ spin_unlock_irq(&mdev->tconn->req_lock);
+
+- atomic_add(data_size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(data_size >> 9, &mdev->rs_sect_ev);
+ if (drbd_submit_peer_request(mdev, peer_req, WRITE, DRBD_FAULT_RS_WR)
== 0)
+ return 0;
+
+@@ -1782,7 +1782,7 @@ static int receive_RSDataReply(struct drbd_tconn *tconn,
struct packet_info *pi)
+ drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size);
+ }
+
+- atomic_add(pi->size >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(pi->size >> 9, &mdev->rs_sect_in);
+
+ return err;
+ }
@@ -2164,7 +2164,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct
packet_info *pi)
err = wait_for_and_update_peer_seq(mdev, peer_seq);
@@ -38272,6 +38549,33 @@ index d073305..4998fea 100644
atomic_inc(&peer_req->epoch->active);
spin_unlock(&tconn->epoch_lock);
+@@ -2326,7 +2326,7 @@ int drbd_rs_should_slow_down(struct drbd_conf *mdev,
sector_t sector)
+
+ curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
+ (int)part_stat_read(&disk->part0, sectors[1]) -
+- atomic_read(&mdev->rs_sect_ev);
++ atomic_read_unchecked(&mdev->rs_sect_ev);
+
+ if (!mdev->rs_last_events || curr_events - mdev->rs_last_events > 64) {
+ unsigned long rs_left;
+@@ -2459,7 +2459,7 @@ static int receive_DataRequest(struct drbd_tconn *tconn,
struct packet_info *pi)
+ mdev->bm_resync_fo = BM_SECT_TO_BIT(sector);
+ } else if (pi->cmd == P_OV_REPLY) {
+ /* track progress, we may need to throttle */
+- atomic_add(size >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_in);
+ peer_req->w.cb = w_e_end_ov_reply;
+ dec_rs_pending(mdev);
+ /* drbd_rs_begin_io done when we sent this request,
+@@ -2520,7 +2520,7 @@ static int receive_DataRequest(struct drbd_tconn *tconn,
struct packet_info *pi)
+ goto out_free_e;
+
+ submit_for_resync:
+- atomic_add(size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev);
+
+ submit:
+ inc_unacked(mdev);
@@ -4345,7 +4345,7 @@ struct data_cmd {
int expect_payload;
size_t pkt_size;
@@ -38290,6 +38594,15 @@ index d073305..4998fea 100644
tconn->send.seen_any_write_yet = false;
conn_info(tconn, "Connection closed\n");
+@@ -4947,7 +4947,7 @@ static int got_IsInSync(struct drbd_tconn *tconn, struct
packet_info *pi)
+ put_ldev(mdev);
+ }
+ dec_rs_pending(mdev);
+- atomic_add(blksize >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(blksize >> 9, &mdev->rs_sect_in);
+
+ return 0;
+ }
@@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn
*tconn)
struct asender_cmd {
size_t pkt_size;
@@ -38299,6 +38612,39 @@ index d073305..4998fea 100644
static struct asender_cmd asender_tbl[] = {
[P_PING] = { 0, got_Ping },
+diff --git a/drivers/block/drbd/drbd_worker.c
b/drivers/block/drbd/drbd_worker.c
+index 84d3175..ccea188 100644
+--- a/drivers/block/drbd/drbd_worker.c
++++ b/drivers/block/drbd/drbd_worker.c
+@@ -400,7 +400,7 @@ static int read_for_csum(struct drbd_conf *mdev, sector_t
sector, int size)
+ list_add(&peer_req->w.list, &mdev->read_ee);
+ spin_unlock_irq(&mdev->tconn->req_lock);
+
+- atomic_add(size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev);
+ if (drbd_submit_peer_request(mdev, peer_req, READ, DRBD_FAULT_RS_RD) ==
0)
+ return 0;
+
+@@ -498,7 +498,7 @@ static int drbd_rs_controller(struct drbd_conf *mdev)
+ int max_sect;
+ struct fifo_buffer *plan;
+
+- sect_in = atomic_xchg(&mdev->rs_sect_in, 0); /* Number of sectors that
came in */
++ sect_in = atomic_xchg_unchecked(&mdev->rs_sect_in, 0); /* Number of
sectors that came in */
+ mdev->rs_in_flight -= sect_in;
+
+ dc = rcu_dereference(mdev->ldev->disk_conf);
+@@ -1561,8 +1561,8 @@ void drbd_rs_controller_reset(struct drbd_conf *mdev)
+ {
+ struct fifo_buffer *plan;
+
+- atomic_set(&mdev->rs_sect_in, 0);
+- atomic_set(&mdev->rs_sect_ev, 0);
++ atomic_set_unchecked(&mdev->rs_sect_in, 0);
++ atomic_set_unchecked(&mdev->rs_sect_ev, 0);
+ mdev->rs_in_flight = 0;
+
+ /* Updating the RCU protected object in place is necessary since
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 66e8c3b..9b68dd9 100644
--- a/drivers/block/loop.c
@@ -50165,6 +50511,32 @@ index 1b3a094..068e683 100644
}
}
EXPORT_SYMBOL(fc_exch_update_stats);
+diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
+index 4046241..4549986 100644
+--- a/drivers/scsi/libiscsi.c
++++ b/drivers/scsi/libiscsi.c
+@@ -717,11 +717,21 @@ __iscsi_conn_send_pdu(struct iscsi_conn *conn, struct
iscsi_hdr *hdr,
+ return NULL;
+ }
+
++ if (data_size > ISCSI_DEF_MAX_RECV_SEG_LEN) {
++ iscsi_conn_printk(KERN_ERR, conn, "Invalid buffer len
of %u for login task. Max len is %u\n", data_size, ISCSI_DEF_MAX_RECV_SEG_LEN);
++ return NULL;
++ }
++
+ task = conn->login_task;
+ } else {
+ if (session->state != ISCSI_STATE_LOGGED_IN)
+ return NULL;
+
++ if (data_size != 0) {
++ iscsi_conn_printk(KERN_ERR, conn, "Can not send data
buffer of len %u for op 0x%x\n", data_size, opcode);
++ return NULL;
++ }
++
+ BUG_ON(conn->c_stage == ISCSI_CONN_INITIAL_STAGE);
+ BUG_ON(conn->c_stage == ISCSI_CONN_STOPPED);
+
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index d289583..b745eec 100644
--- a/drivers/scsi/libsas/sas_ata.c
@@ -51070,6 +51442,19 @@ index 52b7731..d604da0 100644
op_data = ll_prep_md_op_data(NULL, dir, NULL, filename,
strlen(filename), mode, LUSTRE_OPC_MKDIR,
lump);
+diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c
b/drivers/staging/lustre/lustre/llite/llite_lib.c
+index 6cfdb9e..1ddab59 100644
+--- a/drivers/staging/lustre/lustre/llite/llite_lib.c
++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
+@@ -576,7 +576,7 @@ static int client_common_fill_super(struct super_block
*sb, char *md, char *dt,
+ if (sb->s_root == NULL) {
+ CERROR("%s: can't make root dentry\n",
+ ll_get_fsname(sb, NULL, 0));
+- GOTO(out_root, err = -ENOMEM);
++ GOTO(out_lock_cn_cb, err = -ENOMEM);
+ }
+
+ /* kernel >= 2.6.38 store dentry operations in sb->s_d_op. */
diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c
b/drivers/staging/media/solo6x10/solo6x10-core.c
index 480b7c4..6846324 100644
--- a/drivers/staging/media/solo6x10/solo6x10-core.c
@@ -51284,7 +51669,7 @@ index d07fcb5..358e1e1 100644
return;
}
diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
-index 6eecd53..29317c6 100644
+index 6eecd53..1025c8b 100644
--- a/drivers/staging/vt6655/hostap.c
+++ b/drivers/staging/vt6655/hostap.c
@@ -69,14 +69,13 @@ static int msglevel = MSG_LEVEL_INFO;
@@ -51313,6 +51698,16 @@ index 6eecd53..29317c6 100644
pDevice->apdev->netdev_ops = &apdev_netdev_ops;
pDevice->apdev->type = ARPHRD_IEEE80211;
+@@ -385,6 +386,9 @@ static int hostap_set_generic_element(PSDevice pDevice,
+ {
+ PSMgmtObject pMgmt = pDevice->pMgmt;
+
++ if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE))
++ return -EINVAL;
++
+ memcpy(pMgmt->abyWPAIE,
+ param->u.generic_elem.data,
+ param->u.generic_elem.len
diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
index 67ba48b..24e602f 100644
--- a/drivers/staging/vt6656/hostap.c
@@ -58387,10 +58782,30 @@ index ff286f3..8153a14 100644
.attrs = attrs,
};
diff --git a/fs/buffer.c b/fs/buffer.c
-index 27265a8..289f488 100644
+index 27265a8..8673b7b 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
-@@ -3428,7 +3428,7 @@ void __init buffer_init(void)
+@@ -1029,7 +1029,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ bh = page_buffers(page);
+ if (bh->b_size == size) {
+ end_block = init_page_buffers(page, bdev,
+- index << sizebits, size);
++ (sector_t)index << sizebits,
++ size);
+ goto done;
+ }
+ if (!try_to_free_buffers(page))
+@@ -1050,7 +1051,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ */
+ spin_lock(&inode->i_mapping->private_lock);
+ link_dev_buffers(page, bh);
+- end_block = init_page_buffers(page, bdev, index << sizebits, size);
++ end_block = init_page_buffers(page, bdev, (sector_t)index << sizebits,
++ size);
+ spin_unlock(&inode->i_mapping->private_lock);
+ done:
+ ret = (block < end_block) ? 1 : -ENXIO;
+@@ -3428,7 +3430,7 @@ void __init buffer_init(void)
bh_cachep = kmem_cache_create("buffer_head",
sizeof(struct buffer_head), 0,
(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
@@ -62726,7 +63141,7 @@ index b29e42f..5ea7fdf 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index d5a4fae..d221b37 100644
+index d5a4fae..27e6c48 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -331,17 +331,34 @@ int generic_permission(struct inode *inode, int mask)
@@ -62782,7 +63197,42 @@ index d5a4fae..d221b37 100644
return -EACCES;
}
-@@ -823,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+@@ -642,24 +651,22 @@ static int complete_walk(struct nameidata *nd)
+
+ static __always_inline void set_root(struct nameidata *nd)
+ {
+- if (!nd->root.mnt)
+- get_fs_root(current->fs, &nd->root);
++ get_fs_root(current->fs, &nd->root);
+ }
+
+ static int link_path_walk(const char *, struct nameidata *);
+
+-static __always_inline void set_root_rcu(struct nameidata *nd)
++static __always_inline unsigned set_root_rcu(struct nameidata *nd)
+ {
+- if (!nd->root.mnt) {
+- struct fs_struct *fs = current->fs;
+- unsigned seq;
++ struct fs_struct *fs = current->fs;
++ unsigned seq, res;
+
+- do {
+- seq = read_seqcount_begin(&fs->seq);
+- nd->root = fs->root;
+- nd->seq =
__read_seqcount_begin(&nd->root.dentry->d_seq);
+- } while (read_seqcount_retry(&fs->seq, seq));
+- }
++ do {
++ seq = read_seqcount_begin(&fs->seq);
++ nd->root = fs->root;
++ res = __read_seqcount_begin(&nd->root.dentry->d_seq);
++ } while (read_seqcount_retry(&fs->seq, seq));
++ return res;
+ }
+
+ static void path_put_conditional(struct path *path, struct nameidata *nd)
+@@ -823,7 +830,7 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
{
struct dentry *dentry = link->dentry;
int error;
@@ -62791,7 +63241,7 @@ index d5a4fae..d221b37 100644
BUG_ON(nd->flags & LOOKUP_RCU);
-@@ -844,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+@@ -844,6 +851,12 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
if (error)
goto out_put_nd_path;
@@ -62804,7 +63254,68 @@ index d5a4fae..d221b37 100644
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1592,6 +1607,8 @@ static inline int nested_symlink(struct path *path,
struct nameidata *nd)
+@@ -859,7 +872,8 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+ return PTR_ERR(s);
+ }
+ if (*s == '/') {
+- set_root(nd);
++ if (!nd->root.mnt)
++ set_root(nd);
+ path_put(&nd->path);
+ nd->path = nd->root;
+ path_get(&nd->root);
+@@ -1132,7 +1146,9 @@ static bool __follow_mount_rcu(struct nameidata *nd,
struct path *path,
+
+ static int follow_dotdot_rcu(struct nameidata *nd)
+ {
+- set_root_rcu(nd);
++ struct inode *inode = nd->inode;
++ if (!nd->root.mnt)
++ set_root_rcu(nd);
+
+ while (1) {
+ if (nd->path.dentry == nd->root.dentry &&
+@@ -1144,6 +1160,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ struct dentry *parent = old->d_parent;
+ unsigned seq;
+
++ inode = parent->d_inode;
+ seq = read_seqcount_begin(&parent->d_seq);
+ if (read_seqcount_retry(&old->d_seq, nd->seq))
+ goto failed;
+@@ -1153,6 +1170,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ }
+ if (!follow_up_rcu(&nd->path))
+ break;
++ inode = nd->path.dentry->d_inode;
+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+ }
+ while (d_mountpoint(nd->path.dentry)) {
+@@ -1162,11 +1180,12 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ break;
+ nd->path.mnt = &mounted->mnt;
+ nd->path.dentry = mounted->mnt.mnt_root;
++ inode = nd->path.dentry->d_inode;
+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+ if (!read_seqretry(&mount_lock, nd->m_seq))
+ goto failed;
+ }
+- nd->inode = nd->path.dentry->d_inode;
++ nd->inode = inode;
+ return 0;
+
+ failed:
+@@ -1244,7 +1263,8 @@ static void follow_mount(struct path *path)
+
+ static void follow_dotdot(struct nameidata *nd)
+ {
+- set_root(nd);
++ if (!nd->root.mnt)
++ set_root(nd);
+
+ while(1) {
+ struct dentry *old = nd->path.dentry;
+@@ -1592,6 +1612,8 @@ static inline int nested_symlink(struct path *path,
struct nameidata *nd)
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -62813,7 +63324,7 @@ index d5a4fae..d221b37 100644
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1664,7 +1681,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1664,7 +1686,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
@@ -62822,7 +63333,32 @@ index d5a4fae..d221b37 100644
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1948,6 +1965,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1842,7 +1864,7 @@ static int path_init(int dfd, const char *name, unsigned
int flags,
+ if (*name=='/') {
+ if (flags & LOOKUP_RCU) {
+ rcu_read_lock();
+- set_root_rcu(nd);
++ nd->seq = set_root_rcu(nd);
+ } else {
+ set_root(nd);
+ path_get(&nd->root);
+@@ -1893,7 +1915,14 @@ static int path_init(int dfd, const char *name,
unsigned int flags,
+ }
+
+ nd->inode = nd->path.dentry->d_inode;
+- return 0;
++ if (!(flags & LOOKUP_RCU))
++ return 0;
++ if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq)))
++ return 0;
++ if (!(nd->flags & LOOKUP_ROOT))
++ nd->root.mnt = NULL;
++ rcu_read_unlock();
++ return -ECHILD;
+ }
+
+ static inline int lookup_last(struct nameidata *nd, struct path *path)
+@@ -1948,6 +1977,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
@@ -62831,7 +63367,7 @@ index d5a4fae..d221b37 100644
put_link(nd, &link, cookie);
}
}
-@@ -1955,6 +1974,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1955,6 +1986,13 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -62845,7 +63381,7 @@ index d5a4fae..d221b37 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!d_can_lookup(nd->path.dentry)) {
path_put(&nd->path);
-@@ -1982,8 +2008,15 @@ static int filename_lookup(int dfd, struct filename
*name,
+@@ -1982,8 +2020,15 @@ static int filename_lookup(int dfd, struct filename
*name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
@@ -62862,7 +63398,7 @@ index d5a4fae..d221b37 100644
return retval;
}
-@@ -2558,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode,
int flag)
+@@ -2558,6 +2603,13 @@ static int may_open(struct path *path, int acc_mode,
int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -62876,7 +63412,7 @@ index d5a4fae..d221b37 100644
return 0;
}
-@@ -2789,7 +2829,7 @@ looked_up:
+@@ -2789,7 +2841,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
@@ -62885,7 +63421,7 @@ index d5a4fae..d221b37 100644
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2824,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct
path *path,
+@@ -2824,6 +2876,17 @@ static int lookup_open(struct nameidata *nd, struct
path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
@@ -62903,7 +63439,7 @@ index d5a4fae..d221b37 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2845,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path
*path,
+@@ -2845,6 +2908,8 @@ static int lookup_open(struct nameidata *nd, struct path
*path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
@@ -62912,7 +63448,7 @@ index d5a4fae..d221b37 100644
}
out_no_open:
path->dentry = dentry;
-@@ -2859,7 +2912,7 @@ out_dput:
+@@ -2859,7 +2924,7 @@ out_dput:
/*
* Handle the last step of open()
*/
@@ -62921,7 +63457,7 @@ index d5a4fae..d221b37 100644
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2909,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path
*path,
+@@ -2909,6 +2974,15 @@ static int do_last(struct nameidata *nd, struct path
*path,
if (error)
return error;
@@ -62937,7 +63473,7 @@ index d5a4fae..d221b37 100644
audit_inode(name, dir, LOOKUP_PARENT);
error = -EISDIR;
/* trailing slashes? */
-@@ -2928,7 +2990,7 @@ retry_lookup:
+@@ -2928,7 +3002,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
@@ -62946,7 +63482,7 @@ index d5a4fae..d221b37 100644
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2952,11 +3014,28 @@ retry_lookup:
+@@ -2952,11 +3026,28 @@ retry_lookup:
goto finish_open_created;
}
@@ -62976,7 +63512,7 @@ index d5a4fae..d221b37 100644
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -2997,6 +3076,11 @@ finish_lookup:
+@@ -2997,6 +3088,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -62988,7 +63524,7 @@ index d5a4fae..d221b37 100644
return 1;
}
-@@ -3006,7 +3090,6 @@ finish_lookup:
+@@ -3006,7 +3102,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -62996,7 +63532,7 @@ index d5a4fae..d221b37 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -3016,7 +3099,18 @@ finish_open:
+@@ -3016,7 +3111,18 @@ finish_open:
path_put(&save_parent);
return error;
}
@@ -63015,7 +63551,7 @@ index d5a4fae..d221b37 100644
error = -EISDIR;
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
goto out;
-@@ -3179,7 +3273,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
+@@ -3179,7 +3285,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
if (unlikely(error))
goto out;
@@ -63024,7 +63560,7 @@ index d5a4fae..d221b37 100644
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3197,7 +3291,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
+@@ -3197,7 +3303,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
@@ -63033,7 +63569,7 @@ index d5a4fae..d221b37 100644
put_link(nd, &link, cookie);
}
out:
-@@ -3297,9 +3391,11 @@ struct dentry *kern_path_create(int dfd, const char
*pathname,
+@@ -3297,9 +3403,11 @@ struct dentry *kern_path_create(int dfd, const char
*pathname,
goto unlock;
error = -EEXIST;
@@ -63047,7 +63583,7 @@ index d5a4fae..d221b37 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3351,6 +3447,20 @@ struct dentry *user_path_create(int dfd, const char
__user *pathname,
+@@ -3351,6 +3459,20 @@ struct dentry *user_path_create(int dfd, const char
__user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -63068,7 +63604,7 @@ index d5a4fae..d221b37 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t
dev)
{
int error = may_create(dir, dentry);
-@@ -3413,6 +3523,17 @@ retry:
+@@ -3413,6 +3535,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -63086,7 +63622,7 @@ index d5a4fae..d221b37 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3429,6 +3550,8 @@ retry:
+@@ -3429,6 +3562,8 @@ retry:
break;
}
out:
@@ -63095,7 +63631,7 @@ index d5a4fae..d221b37 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3481,9 +3604,16 @@ retry:
+@@ -3481,9 +3616,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -63112,7 +63648,7 @@ index d5a4fae..d221b37 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3564,6 +3694,8 @@ static long do_rmdir(int dfd, const char __user
*pathname)
+@@ -3564,6 +3706,8 @@ static long do_rmdir(int dfd, const char __user
*pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
@@ -63121,7 +63657,7 @@ index d5a4fae..d221b37 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3596,10 +3728,21 @@ retry:
+@@ -3596,10 +3740,21 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -63143,7 +63679,7 @@ index d5a4fae..d221b37 100644
exit3:
dput(dentry);
exit2:
-@@ -3689,6 +3832,8 @@ static long do_unlinkat(int dfd, const char __user
*pathname)
+@@ -3689,6 +3844,8 @@ static long do_unlinkat(int dfd, const char __user
*pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -63152,7 +63688,7 @@ index d5a4fae..d221b37 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3715,10 +3860,22 @@ retry_deleg:
+@@ -3715,10 +3872,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -63175,7 +63711,7 @@ index d5a4fae..d221b37 100644
exit2:
dput(dentry);
}
-@@ -3806,9 +3963,17 @@ retry:
+@@ -3806,9 +3975,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -63193,7 +63729,7 @@ index d5a4fae..d221b37 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3911,6 +4076,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user
*, oldname,
+@@ -3911,6 +4088,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user
*, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -63201,7 +63737,7 @@ index d5a4fae..d221b37 100644
int how = 0;
int error;
-@@ -3934,7 +4100,7 @@ retry:
+@@ -3934,7 +4112,7 @@ retry:
if (error)
return error;
@@ -63210,7 +63746,7 @@ index d5a4fae..d221b37 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3946,11 +4112,28 @@ retry:
+@@ -3946,11 +4124,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -63239,7 +63775,7 @@ index d5a4fae..d221b37 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4237,6 +4420,12 @@ retry_deleg:
+@@ -4237,6 +4432,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -63252,7 +63788,7 @@ index d5a4fae..d221b37 100644
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry);
if (error)
-@@ -4244,6 +4433,9 @@ retry_deleg:
+@@ -4244,6 +4445,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode);
@@ -63262,7 +63798,7 @@ index d5a4fae..d221b37 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4280,6 +4472,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname,
const char __user *, newna
+@@ -4280,6 +4484,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname,
const char __user *, newna
int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen,
const char *link)
{
@@ -63271,7 +63807,7 @@ index d5a4fae..d221b37 100644
int len;
len = PTR_ERR(link);
-@@ -4289,7 +4483,14 @@ int vfs_readlink(struct dentry *dentry, char __user
*buffer, int buflen, const c
+@@ -4289,7 +4495,14 @@ int vfs_readlink(struct dentry *dentry, char __user
*buffer, int buflen, const c
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
@@ -97308,7 +97844,7 @@ index cdbd312..2e1e0b9 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index ff85863..6aa94ab 100644
+index ff85863..7037c25 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -33,7 +33,7 @@
@@ -97329,7 +97865,19 @@ index ff85863..6aa94ab 100644
/*
* shmem_fallocate communicates with shmem_fault or shmem_writepage via
-@@ -2298,6 +2298,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
+@@ -2143,8 +2143,10 @@ static int shmem_rename(struct inode *old_dir, struct
dentry *old_dentry, struct
+
+ if (new_dentry->d_inode) {
+ (void) shmem_unlink(new_dir, new_dentry);
+- if (they_are_dirs)
++ if (they_are_dirs) {
++ drop_nlink(new_dentry->d_inode);
+ drop_nlink(old_dir);
++ }
+ } else if (they_are_dirs) {
+ drop_nlink(old_dir);
+ inc_nlink(new_dir);
+@@ -2298,6 +2300,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -97341,7 +97889,7 @@ index ff85863..6aa94ab 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2353,6 +2358,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
+@@ -2353,6 +2360,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
if (err)
return err;
@@ -97357,7 +97905,7 @@ index ff85863..6aa94ab 100644
return simple_xattr_set(&info->xattrs, name, value, size, flags);
}
-@@ -2665,8 +2679,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
+@@ -2665,8 +2681,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -97368,7 +97916,7 @@ index ff85863..6aa94ab 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 6dd8d5f..2482a6d 100644
+index 6dd8d5f..673c763 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node
*parent)
@@ -97421,7 +97969,32 @@ index 6dd8d5f..2482a6d 100644
slab_early_init = 0;
-@@ -3484,6 +3488,21 @@ static inline void __cache_free(struct kmem_cache
*cachep, void *objp,
+@@ -2189,7 +2193,8 @@ static int __init_refok setup_cpu_cache(struct
kmem_cache *cachep, gfp_t gfp)
+ int
+ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
+ {
+- size_t left_over, freelist_size, ralign;
++ size_t left_over, freelist_size;
++ size_t ralign = BYTES_PER_WORD;
+ gfp_t gfp;
+ int err;
+ size_t size = cachep->size;
+@@ -2222,14 +2227,6 @@ __kmem_cache_create (struct kmem_cache *cachep,
unsigned long flags)
+ size &= ~(BYTES_PER_WORD - 1);
+ }
+
+- /*
+- * Redzoning and user store require word alignment or possibly larger.
+- * Note this will be overridden by architecture or caller mandated
+- * alignment if either is greater than BYTES_PER_WORD.
+- */
+- if (flags & SLAB_STORE_USER)
+- ralign = BYTES_PER_WORD;
+-
+ if (flags & SLAB_RED_ZONE) {
+ ralign = REDZONE_ALIGN;
+ /* If redzoning, ensure that the second redzone is suitably
+@@ -3484,6 +3481,21 @@ static inline void __cache_free(struct kmem_cache
*cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
@@ -97443,7 +98016,7 @@ index 6dd8d5f..2482a6d 100644
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
-@@ -3712,6 +3731,7 @@ void kfree(const void *objp)
+@@ -3712,6 +3724,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
@@ -97451,7 +98024,7 @@ index 6dd8d5f..2482a6d 100644
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4153,14 +4173,22 @@ void slabinfo_show_stats(struct seq_file *m, struct
kmem_cache *cachep)
+@@ -4153,14 +4166,22 @@ void slabinfo_show_stats(struct seq_file *m, struct
kmem_cache *cachep)
}
/* cpu stats */
{
@@ -97478,7 +98051,7 @@ index 6dd8d5f..2482a6d 100644
#endif
}
-@@ -4381,13 +4409,69 @@ static const struct file_operations
proc_slabstats_operations = {
+@@ -4381,13 +4402,69 @@ static const struct file_operations
proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -105460,11 +106033,11 @@ index 078fe1d..fbdb363 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness?
%#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..3fd3699
+index 0000000..42018ed
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,43 @@
-+#!/bin/bash
+@@ -0,0 +1,51 @@
++#!/bin/sh
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
@@ -105482,15 +106055,23 @@ index 0000000..3fd3699
+ exit 1
+fi
+
-+if [[ "$plugincc" =~ "$1 CC" ]]
-+then
-+ echo "$1"
-+ exit 0
-+fi
++case "$plugincc" in
++ *"$1 CC"*)
++ echo "$1"
++ exit 0
++ ;;
+
-+if [[ "$plugincc" =~ "$2 CXX" ]]
-+then
-+plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
++ *"$2 CXX"*)
++ # the c++ compiler needs another test, see below
++ ;;
++
++ *)
++ exit 1
++ ;;
++esac
++
++# we need a c++ compiler that supports the designated initializer GNU
extension
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only
-I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+class test {
+public:
@@ -105500,12 +106081,12 @@ index 0000000..3fd3699
+};
+EOF
+)
++
+if [ $? -eq 0 ]
+then
+ echo "$2"
+ exit 0
+fi
-+fi
+exit 1
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
diff --git a/3.16.3/0000_README b/3.16.3/0000_README
index 05a4f78..47d2ef9 100644
--- a/3.16.3/0000_README
+++ b/3.16.3/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.16.3-201409180901.patch
+Patch: 4420_grsecurity-3.0-3.16.3-201409282025.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch
b/3.16.3/4420_grsecurity-3.0-3.16.3-201409282025.patch
similarity index 99%
rename from 3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch
rename to 3.16.3/4420_grsecurity-3.0-3.16.3-201409282025.patch
index a8197ee..9207cde 100644
--- a/3.16.3/4420_grsecurity-3.0-3.16.3-201409180901.patch
+++ b/3.16.3/4420_grsecurity-3.0-3.16.3-201409282025.patch
@@ -234,6 +234,20 @@ index 9de9813..1462492 100644
zconf.hash.c
+zconf.lex.c
zoffset.h
+diff --git a/Documentation/filesystems/vfs.txt
b/Documentation/filesystems/vfs.txt
+index a1d0d7a..61d65cc 100644
+--- a/Documentation/filesystems/vfs.txt
++++ b/Documentation/filesystems/vfs.txt
+@@ -1053,7 +1053,8 @@ struct dentry_operations {
+ If the 'rcu_walk' parameter is true, then the caller is doing a
+ pathwalk in RCU-walk mode. Sleeping is not permitted in this mode,
+ and the caller can be asked to leave it and call again by returning
+- -ECHILD.
++ -ECHILD. -EISDIR may also be returned to tell pathwalk to
++ ignore d_automount or any mounts.
+
+ This function is only used if DCACHE_MANAGE_TRANSIT is set on the
+ dentry being transited from.
diff --git a/Documentation/kernel-parameters.txt
b/Documentation/kernel-parameters.txt
index b7fa2f5..90cd9f8 100644
--- a/Documentation/kernel-parameters.txt
@@ -2700,6 +2714,95 @@ index e4e4208..086684a 100644
/*
* Change these and you break ASM code in entry-common.S
+diff --git a/arch/arm/include/asm/tls.h b/arch/arm/include/asm/tls.h
+index 83259b8..8c7e01d 100644
+--- a/arch/arm/include/asm/tls.h
++++ b/arch/arm/include/asm/tls.h
+@@ -1,6 +1,9 @@
+ #ifndef __ASMARM_TLS_H
+ #define __ASMARM_TLS_H
+
++#include <linux/compiler.h>
++#include <asm/thread_info.h>
++
+ #ifdef __ASSEMBLY__
+ #include <asm/asm-offsets.h>
+ .macro switch_tls_none, base, tp, tpuser, tmp1, tmp2
+@@ -50,6 +53,50 @@
+ #endif
+
+ #ifndef __ASSEMBLY__
++#include <asm/pgtable.h>
++
++static inline void set_tls(unsigned long val)
++{
++ struct thread_info *thread;
++
++ thread = current_thread_info();
++
++ thread->tp_value[0] = val;
++
++ /*
++ * This code runs with preemption enabled and therefore must
++ * be reentrant with respect to switch_tls.
++ *
++ * We need to ensure ordering between the shadow state and the
++ * hardware state, so that we don't corrupt the hardware state
++ * with a stale shadow state during context switch.
++ *
++ * If we're preempted here, switch_tls will load TPIDRURO from
++ * thread_info upon resuming execution and the following mcr
++ * is merely redundant.
++ */
++ barrier();
++
++ if (!tls_emu) {
++ if (has_tls_reg) {
++ asm("mcr p15, 0, %0, c13, c0, 3"
++ : : "r" (val));
++ } else {
++ /*
++ * User space must never try to access this
++ * directly. Expect your app to break
++ * eventually if you do so. The user helper
++ * at 0xffff0fe0 must be used instead. (see
++ * entry-armv.S for details)
++ */
++ pax_open_kernel();
++ *((unsigned int *)0xffff0ff0) = val;
++ pax_close_kernel();
++ }
++
++ }
++}
++
+ static inline unsigned long get_tpuser(void)
+ {
+ unsigned long reg = 0;
+@@ -59,5 +106,23 @@ static inline unsigned long get_tpuser(void)
+
+ return reg;
+ }
++
++static inline void set_tpuser(unsigned long val)
++{
++ /* Since TPIDRURW is fully context-switched (unlike TPIDRURO),
++ * we need not update thread_info.
++ */
++ if (has_tls_reg && !tls_emu) {
++ asm("mcr p15, 0, %0, c13, c0, 2"
++ : : "r" (val));
++ }
++}
++
++static inline void flush_tls(void)
++{
++ set_tls(0);
++ set_tpuser(0);
++}
++
+ #endif
+ #endif /* __ASMARM_TLS_H */
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
index 75d9579..b5b40e4 100644
--- a/arch/arm/include/asm/uaccess.h
@@ -3375,7 +3478,7 @@ index 07314af..c46655c 100644
flush_icache_range((uintptr_t)(addr),
(uintptr_t)(addr) + size);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 81ef686..f4130b8 100644
+index 81ef686..7af43a0 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -212,6 +212,7 @@ void machine_power_off(void)
@@ -3406,7 +3509,16 @@ index 81ef686..f4130b8 100644
printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
"sp : %08lx ip : %08lx fp : %08lx\n",
regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -425,12 +426,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -334,6 +335,8 @@ void flush_thread(void)
+ memset(&tsk->thread.debug, 0, sizeof(struct debug_info));
+ memset(&thread->fpstate, 0, sizeof(union fp_state));
+
++ flush_tls();
++
+ thread_notify(THREAD_NOTIFY_FLUSH, thread);
+ }
+
+@@ -425,12 +428,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -3419,7 +3531,7 @@ index 81ef686..f4130b8 100644
#ifdef CONFIG_MMU
#ifdef CONFIG_KUSER_HELPERS
/*
-@@ -446,7 +441,7 @@ static struct vm_area_struct gate_vma = {
+@@ -446,7 +443,7 @@ static struct vm_area_struct gate_vma = {
static int __init gate_vma_init(void)
{
@@ -3428,7 +3540,7 @@ index 81ef686..f4130b8 100644
return 0;
}
arch_initcall(gate_vma_init);
-@@ -472,41 +467,16 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -472,41 +469,16 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -3652,8 +3764,21 @@ index 7a3be1d..b00c7de 100644
pr_debug("CPU ITCM: copied code from %p - %p\n",
start, end);
itcm_present = true;
+diff --git a/arch/arm/kernel/thumbee.c b/arch/arm/kernel/thumbee.c
+index 7b8403b..80f0d69 100644
+--- a/arch/arm/kernel/thumbee.c
++++ b/arch/arm/kernel/thumbee.c
+@@ -45,7 +45,7 @@ static int thumbee_notifier(struct notifier_block *self,
unsigned long cmd, void
+
+ switch (cmd) {
+ case THREAD_NOTIFY_FLUSH:
+- thread->thumbee_state = 0;
++ teehbr_write(0);
+ break;
+ case THREAD_NOTIFY_SWITCH:
+ current_thread_info()->thumbee_state = teehbr_read();
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index abd2fc0..895dbb6 100644
+index abd2fc0..1e2696e 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -62,7 +62,7 @@ static void dump_mem(const char *, const char *, unsigned
long, unsigned long);
@@ -3684,17 +3809,38 @@ index abd2fc0..895dbb6 100644
if (signr)
do_exit(signr);
}
-@@ -643,7 +648,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
- * The user helper at 0xffff0fe0 must be used instead.
- * (see entry-armv.S for details)
- */
-+ pax_open_kernel();
- *((unsigned int *)0xffff0ff0) = regs->ARM_r0;
-+ pax_close_kernel();
- }
+@@ -579,7 +584,6 @@ do_cache_op(unsigned long start, unsigned long end, int
flags)
+ #define NR(x) ((__ARM_NR_##x) - __ARM_NR_BASE)
+ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+ {
+- struct thread_info *thread = current_thread_info();
+ siginfo_t info;
+
+ if ((no >> 16) != (__ARM_NR_BASE>> 16))
+@@ -630,21 +634,7 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+ return regs->ARM_r0;
+
+ case NR(set_tls):
+- thread->tp_value[0] = regs->ARM_r0;
+- if (tls_emu)
+- return 0;
+- if (has_tls_reg) {
+- asm ("mcr p15, 0, %0, c13, c0, 3"
+- : : "r" (regs->ARM_r0));
+- } else {
+- /*
+- * User space must never try to access this directly.
+- * Expect your app to break eventually if you do so.
+- * The user helper at 0xffff0fe0 must be used instead.
+- * (see entry-armv.S for details)
+- */
+- *((unsigned int *)0xffff0ff0) = regs->ARM_r0;
+- }
++ set_tls(regs->ARM_r0);
return 0;
-@@ -900,7 +907,11 @@ void __init early_trap_init(void *vectors_base)
+ #ifdef CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG
+@@ -900,7 +890,11 @@ void __init early_trap_init(void *vectors_base)
kuser_init(vectors_base);
flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
@@ -18499,10 +18645,10 @@ index ed5903b..c7fe163 100644
#define MODULES_END VMALLOC_END
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff --git a/arch/x86/include/asm/pgtable_64.h
b/arch/x86/include/asm/pgtable_64.h
-index 5be9063..d62185b 100644
+index 5be9063..0c42843 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
-@@ -16,10 +16,14 @@
+@@ -16,10 +16,15 @@
extern pud_t level3_kernel_pgt[512];
extern pud_t level3_ident_pgt[512];
@@ -18515,11 +18661,12 @@ index 5be9063..d62185b 100644
-extern pmd_t level2_ident_pgt[512];
-extern pgd_t init_level4_pgt[];
+extern pmd_t level2_ident_pgt[512*2];
++extern pte_t level1_fixmap_pgt[512];
+extern pgd_t init_level4_pgt[512];
#define swapper_pg_dir init_level4_pgt
-@@ -61,7 +65,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t
pte)
+@@ -61,7 +66,9 @@ static inline void native_set_pte_atomic(pte_t *ptep, pte_t
pte)
static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
{
@@ -18529,7 +18676,7 @@ index 5be9063..d62185b 100644
}
static inline void native_pmd_clear(pmd_t *pmd)
-@@ -97,7 +103,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
+@@ -97,7 +104,9 @@ static inline pmd_t native_pmdp_get_and_clear(pmd_t *xp)
static inline void native_set_pud(pud_t *pudp, pud_t pud)
{
@@ -18539,7 +18686,7 @@ index 5be9063..d62185b 100644
}
static inline void native_pud_clear(pud_t *pud)
-@@ -107,6 +115,13 @@ static inline void native_pud_clear(pud_t *pud)
+@@ -107,6 +116,13 @@ static inline void native_pud_clear(pud_t *pud)
static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd)
{
@@ -22155,7 +22302,7 @@ index f6dfd93..892ade4 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index b74ebc7..6dbb0c5 100644
+index b74ebc7..2c95874 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -22168,7 +22315,15 @@ index b74ebc7..6dbb0c5 100644
#include <linux/kallsyms.h>
#include <linux/kprobes.h>
#include <linux/uaccess.h>
-@@ -40,16 +43,14 @@ void printk_address(unsigned long address)
+@@ -33,23 +36,21 @@ static void printk_stack_address(unsigned long address,
int reliable)
+
+ void printk_address(unsigned long address)
+ {
+- pr_cont(" [<%p>] %pS\n", (void *)address, (void *)address);
++ pr_cont(" [<%p>] %pA\n", (void *)address, (void *)address);
+ }
+
+ #ifdef CONFIG_FUNCTION_GRAPH_TRACER
static void
print_ftrace_graph_addr(unsigned long addr, void *data,
const struct stacktrace_ops *ops,
@@ -37608,7 +37763,7 @@ index ffb101e..98c0ecf 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index e8a1201..046c66c 100644
+index e8a1201..e1fb520 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val)
@@ -37620,17 +37775,63 @@ index e8a1201..046c66c 100644
{
if (val & _PAGE_PRESENT) {
unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT;
-@@ -1904,6 +1904,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+@@ -1866,12 +1866,11 @@ static void __init check_pt_base(unsigned long
*pt_base, unsigned long *pt_end,
+ *
+ * We can construct this by grafting the Xen provided pagetable into
+ * head_64.S's preconstructed pagetables. We copy the Xen L2's into
+- * level2_ident_pgt, level2_kernel_pgt and level2_fixmap_pgt. This
+- * means that only the kernel has a physical mapping to start with -
+- * but that's enough to get __va working. We need to fill in the rest
+- * of the physical mapping once some sort of allocator has been set
+- * up.
+- * NOTE: for PVH, the page tables are native.
++ * level2_ident_pgt, and level2_kernel_pgt. This means that only the
++ * kernel has a physical mapping to start with - but that's enough to
++ * get __va working. We need to fill in the rest of the physical
++ * mapping once some sort of allocator has been set up. NOTE: for
++ * PVH, the page tables are native.
+ */
+ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+ {
+@@ -1902,8 +1901,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+ /* L3_i[0] -> level2_ident_pgt */
+ convert_pfn_mfn(level3_ident_pgt);
/* L3_k[510] -> level2_kernel_pgt
- * L3_i[511] -> level2_fixmap_pgt */
+- * L3_i[511] -> level2_fixmap_pgt */
++ * L3_k[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
+ convert_pfn_mfn(level3_vmalloc_start_pgt);
+ convert_pfn_mfn(level3_vmalloc_end_pgt);
+ convert_pfn_mfn(level3_vmemmap_pgt);
++
++ /* L3_k[511][506] -> level1_fixmap_pgt */
++ convert_pfn_mfn(level2_fixmap_pgt);
}
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
-@@ -1933,8 +1936,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+@@ -1913,30 +1918,29 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd,
unsigned long max_pfn)
+ addr[1] = (unsigned long)l3;
+ addr[2] = (unsigned long)l2;
+ /* Graft it onto L4[272][0]. Note that we creating an aliasing problem:
+- * Both L4[272][0] and L4[511][511] have entries that point to the same
++ * Both L4[272][0] and L4[511][510] have entries that point to the same
+ * L2 (PMD) tables. Meaning that if you modify it in __va space
+ * it will be also modified in the __ka space! (But if you just
+ * modify the PMD table to point to other PTE's or none, then you
+ * are OK - which is what cleanup_highmap does) */
+ copy_page(level2_ident_pgt, l2);
+- /* Graft it onto L4[511][511] */
++ /* Graft it onto L4[511][510] */
+ copy_page(level2_kernel_pgt, l2);
+
+- /* Get [511][510] and graft that in level2_fixmap_pgt */
+- l3 = m2v(pgd[pgd_index(__START_KERNEL_map + PMD_SIZE)].pgd);
+- l2 = m2v(l3[pud_index(__START_KERNEL_map + PMD_SIZE)].pud);
+- copy_page(level2_fixmap_pgt, l2);
+- /* Note that we don't do anything with level1_fixmap_pgt which
+- * we don't need. */
+ if (!xen_feature(XENFEAT_auto_translated_physmap)) {
+ /* Make pagetable pieces RO */
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
@@ -37642,8 +37843,11 @@ index e8a1201..046c66c 100644
+ set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
++ set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -2120,6 +2127,7 @@ static void __init xen_post_allocator_init(void)
+ /* Pin down new L4 */
+ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
+@@ -2120,6 +2124,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -37651,7 +37855,7 @@ index e8a1201..046c66c 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2198,6 +2206,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst =
{
+@@ -2198,6 +2203,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst =
{
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -37891,6 +38095,18 @@ index 28d227c..d4c0bad 100644
done:
spin_lock_init(&blkcg->lock);
INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC);
+diff --git a/block/blk-exec.c b/block/blk-exec.c
+index f4d27b1..9924725 100644
+--- a/block/blk-exec.c
++++ b/block/blk-exec.c
+@@ -56,6 +56,7 @@ void blk_execute_rq_nowait(struct request_queue *q, struct
gendisk *bd_disk,
+ bool is_pm_resume;
+
+ WARN_ON(irqs_disabled());
++ WARN_ON(rq->cmd_type == REQ_TYPE_FS);
+
+ rq->rq_disk = bd_disk;
+ rq->end_io = done;
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
index 0736729..2ec3b48 100644
--- a/block/blk-iopoll.c
@@ -37917,6 +38133,53 @@ index f890d43..97b0482 100644
if (do_copy)
bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading);
else
+diff --git a/block/blk-mq.c b/block/blk-mq.c
+index ad69ef6..034c0ff 100644
+--- a/block/blk-mq.c
++++ b/block/blk-mq.c
+@@ -219,7 +219,6 @@ __blk_mq_alloc_request(struct blk_mq_alloc_data *data, int
rw)
+ if (tag != BLK_MQ_TAG_FAIL) {
+ rq = data->hctx->tags->rqs[tag];
+
+- rq->cmd_flags = 0;
+ if (blk_mq_tag_busy(data->hctx)) {
+ rq->cmd_flags = REQ_MQ_INFLIGHT;
+ atomic_inc(&data->hctx->nr_active);
+@@ -274,6 +273,7 @@ static void __blk_mq_free_request(struct blk_mq_hw_ctx
*hctx,
+
+ if (rq->cmd_flags & REQ_MQ_INFLIGHT)
+ atomic_dec(&hctx->nr_active);
++ rq->cmd_flags = 0;
+
+ clear_bit(REQ_ATOM_STARTED, &rq->atomic_flags);
+ blk_mq_put_tag(hctx, tag, &ctx->last_tag);
+@@ -973,14 +973,9 @@ void blk_mq_insert_request(struct request *rq, bool
at_head, bool run_queue,
+
+ hctx = q->mq_ops->map_queue(q, ctx->cpu);
+
+- if (rq->cmd_flags & (REQ_FLUSH | REQ_FUA) &&
+- !(rq->cmd_flags & (REQ_FLUSH_SEQ))) {
+- blk_insert_flush(rq);
+- } else {
+- spin_lock(&ctx->lock);
+- __blk_mq_insert_request(hctx, rq, at_head);
+- spin_unlock(&ctx->lock);
+- }
++ spin_lock(&ctx->lock);
++ __blk_mq_insert_request(hctx, rq, at_head);
++ spin_unlock(&ctx->lock);
+
+ if (run_queue)
+ blk_mq_run_hw_queue(hctx, async);
+@@ -1411,6 +1406,8 @@ static struct blk_mq_tags *blk_mq_init_rq_map(struct
blk_mq_tag_set *set,
+ left -= to_do * rq_size;
+ for (j = 0; j < to_do; j++) {
+ tags->rqs[i] = p;
++ tags->rqs[i]->atomic_flags = 0;
++ tags->rqs[i]->cmd_flags = 0;
+ if (set->ops->init_request) {
+ if (set->ops->init_request(set->driver_data,
+ tags->rqs[i], hctx_idx, i,
diff --git a/block/blk-softirq.c b/block/blk-softirq.c
index 53b1737..08177d2e 100644
--- a/block/blk-softirq.c
@@ -39868,8 +40131,21 @@ index be73e9d..7fbf140 100644
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
+diff --git a/drivers/block/drbd/drbd_bitmap.c
b/drivers/block/drbd/drbd_bitmap.c
+index 1aa29f8..080c42f 100644
+--- a/drivers/block/drbd/drbd_bitmap.c
++++ b/drivers/block/drbd/drbd_bitmap.c
+@@ -1042,7 +1042,7 @@ static void bm_page_io_async(struct bm_aio_ctx *ctx, int
page_nr, int rw) __must
+ submit_bio(rw, bio);
+ /* this should not count as user activity and cause the
+ * resync to throttle -- see drbd_rs_should_slow_down(). */
+- atomic_add(len >> 9, &device->rs_sect_ev);
++ atomic_add_unchecked(len >> 9, &device->rs_sect_ev);
+ }
+ }
+
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index a76ceb3..3c1a9fd 100644
+index a76ceb3..a4c80cf 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -331,7 +331,7 @@ struct drbd_epoch {
@@ -39890,6 +40166,17 @@ index a76ceb3..3c1a9fd 100644
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
+@@ -807,8 +807,8 @@ struct drbd_device {
+ struct mutex own_state_mutex;
+ struct mutex *state_mutex; /* either own_state_mutex or
first_peer_device(device)->connection->cstate_mutex */
+ char congestion_reason; /* Why we where congested... */
+- atomic_t rs_sect_in; /* for incoming resync data rate, SyncTarget */
+- atomic_t rs_sect_ev; /* for submitted resync data rate, both */
++ atomic_unchecked_t rs_sect_in; /* for incoming resync data rate,
SyncTarget */
++ atomic_unchecked_t rs_sect_ev; /* for submitted resync data rate, both
*/
+ int rs_last_sect_ev; /* counter to compare with */
+ int rs_last_events; /* counter of read or write "events" (unit sectors)
+ * on the lower level device when we last looked.
*/
@@ -1407,7 +1407,7 @@ static inline int drbd_setsockopt(struct socket *sock,
int level, int optname,
char __user *uoptval;
int err;
@@ -39917,7 +40204,7 @@ index 89c497c..9c736ae 100644
/**
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 960645c..6c2724a 100644
+index 960645c..61ede05 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1322,7 +1322,7 @@ static int _drbd_send_ack(struct drbd_peer_device
*peer_device, enum drbd_packet
@@ -39938,6 +40225,17 @@ index 960645c..6c2724a 100644
dp_flags = bio_flags_to_wire(peer_device->connection,
req->master_bio->bi_rw);
if (device->state.conn >= C_SYNC_SOURCE &&
device->state.conn <= C_PAUSED_SYNC_T)
+@@ -1905,8 +1905,8 @@ void drbd_init_set_defaults(struct drbd_device *device)
+ atomic_set(&device->unacked_cnt, 0);
+ atomic_set(&device->local_cnt, 0);
+ atomic_set(&device->pp_in_use_by_net, 0);
+- atomic_set(&device->rs_sect_in, 0);
+- atomic_set(&device->rs_sect_ev, 0);
++ atomic_set_unchecked(&device->rs_sect_in, 0);
++ atomic_set_unchecked(&device->rs_sect_ev, 0);
+ atomic_set(&device->ap_in_flight, 0);
+ atomic_set(&device->md_io_in_use, 0);
+
@@ -2670,8 +2670,8 @@ void drbd_destroy_connection(struct kref *kref)
struct drbd_connection *connection = container_of(kref, struct
drbd_connection, kref);
struct drbd_resource *resource = connection->resource;
@@ -39972,7 +40270,7 @@ index 3f2e167..d3170e4 100644
if (!msg)
goto failed;
diff --git a/drivers/block/drbd/drbd_receiver.c
b/drivers/block/drbd/drbd_receiver.c
-index 5b17ec8..6c21e6b 100644
+index 5b17ec8..deaec7d 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -834,7 +834,7 @@ int drbd_connected(struct drbd_peer_device *peer_device)
@@ -40025,6 +40323,24 @@ index 5b17ec8..6c21e6b 100644
list_add(&epoch->list, &connection->current_epoch->list);
connection->current_epoch = epoch;
connection->epochs++;
+@@ -1739,7 +1739,7 @@ static int recv_resync_read(struct drbd_peer_device
*peer_device, sector_t secto
+ list_add(&peer_req->w.list, &device->sync_ee);
+ spin_unlock_irq(&device->resource->req_lock);
+
+- atomic_add(pi->size >> 9, &device->rs_sect_ev);
++ atomic_add_unchecked(pi->size >> 9, &device->rs_sect_ev);
+ if (drbd_submit_peer_request(device, peer_req, WRITE, DRBD_FAULT_RS_WR)
== 0)
+ return 0;
+
+@@ -1837,7 +1837,7 @@ static int receive_RSDataReply(struct drbd_connection
*connection, struct packet
+ drbd_send_ack_dp(peer_device, P_NEG_ACK, p, pi->size);
+ }
+
+- atomic_add(pi->size >> 9, &device->rs_sect_in);
++ atomic_add_unchecked(pi->size >> 9, &device->rs_sect_in);
+
+ return err;
+ }
@@ -2224,7 +2224,7 @@ static int receive_Data(struct drbd_connection
*connection, struct packet_info *
err = wait_for_and_update_peer_seq(peer_device, peer_seq);
@@ -40043,6 +40359,33 @@ index 5b17ec8..6c21e6b 100644
atomic_inc(&peer_req->epoch->active);
spin_unlock(&connection->epoch_lock);
+@@ -2406,7 +2406,7 @@ bool drbd_rs_c_min_rate_throttle(struct drbd_device
*device)
+
+ curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
+ (int)part_stat_read(&disk->part0, sectors[1]) -
+- atomic_read(&device->rs_sect_ev);
++ atomic_read_unchecked(&device->rs_sect_ev);
+ if (!device->rs_last_events || curr_events - device->rs_last_events >
64) {
+ unsigned long rs_left;
+ int i;
+@@ -2540,7 +2540,7 @@ static int receive_DataRequest(struct drbd_connection
*connection, struct packet
+ device->bm_resync_fo = BM_SECT_TO_BIT(sector);
+ } else if (pi->cmd == P_OV_REPLY) {
+ /* track progress, we may need to throttle */
+- atomic_add(size >> 9, &device->rs_sect_in);
++ atomic_add_unchecked(size >> 9, &device->rs_sect_in);
+ peer_req->w.cb = w_e_end_ov_reply;
+ dec_rs_pending(device);
+ /* drbd_rs_begin_io done when we sent this request,
+@@ -2601,7 +2601,7 @@ static int receive_DataRequest(struct drbd_connection
*connection, struct packet
+ goto out_free_e;
+
+ submit_for_resync:
+- atomic_add(size >> 9, &device->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &device->rs_sect_ev);
+
+ submit:
+ inc_unacked(device);
@@ -4461,7 +4461,7 @@ struct data_cmd {
int expect_payload;
size_t pkt_size;
@@ -40061,6 +40404,15 @@ index 5b17ec8..6c21e6b 100644
connection->send.seen_any_write_yet = false;
drbd_info(connection, "Connection closed\n");
+@@ -5076,7 +5076,7 @@ static int got_IsInSync(struct drbd_connection
*connection, struct packet_info *
+ put_ldev(device);
+ }
+ dec_rs_pending(device);
+- atomic_add(blksize >> 9, &device->rs_sect_in);
++ atomic_add_unchecked(blksize >> 9, &device->rs_sect_in);
+
+ return 0;
+ }
@@ -5364,7 +5364,7 @@ static int connection_finish_peer_reqs(struct
drbd_connection *connection)
struct asender_cmd {
size_t pkt_size;
@@ -40070,6 +40422,39 @@ index 5b17ec8..6c21e6b 100644
static struct asender_cmd asender_tbl[] = {
[P_PING] = { 0, got_Ping },
+diff --git a/drivers/block/drbd/drbd_worker.c
b/drivers/block/drbd/drbd_worker.c
+index d8f57b6..8dbf4b4 100644
+--- a/drivers/block/drbd/drbd_worker.c
++++ b/drivers/block/drbd/drbd_worker.c
+@@ -413,7 +413,7 @@ static int read_for_csum(struct drbd_peer_device
*peer_device, sector_t sector,
+ list_add(&peer_req->w.list, &device->read_ee);
+ spin_unlock_irq(&device->resource->req_lock);
+
+- atomic_add(size >> 9, &device->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &device->rs_sect_ev);
+ if (drbd_submit_peer_request(device, peer_req, READ, DRBD_FAULT_RS_RD)
== 0)
+ return 0;
+
+@@ -558,7 +558,7 @@ static int drbd_rs_number_requests(struct drbd_device
*device)
+ unsigned int sect_in; /* Number of sectors that came in since the last
turn */
+ int number, mxb;
+
+- sect_in = atomic_xchg(&device->rs_sect_in, 0);
++ sect_in = atomic_xchg_unchecked(&device->rs_sect_in, 0);
+ device->rs_in_flight -= sect_in;
+
+ rcu_read_lock();
+@@ -1583,8 +1583,8 @@ void drbd_rs_controller_reset(struct drbd_device *device)
+ {
+ struct fifo_buffer *plan;
+
+- atomic_set(&device->rs_sect_in, 0);
+- atomic_set(&device->rs_sect_ev, 0);
++ atomic_set_unchecked(&device->rs_sect_in, 0);
++ atomic_set_unchecked(&device->rs_sect_ev, 0);
+ device->rs_in_flight = 0;
+
+ /* Updating the RCU protected object in place is necessary since
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 6cb1beb..bf490f7 100644
--- a/drivers/block/loop.c
@@ -52835,6 +53220,32 @@ index 1b3a094..068e683 100644
}
}
EXPORT_SYMBOL(fc_exch_update_stats);
+diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
+index 3d1bc67..874bc95 100644
+--- a/drivers/scsi/libiscsi.c
++++ b/drivers/scsi/libiscsi.c
+@@ -717,11 +717,21 @@ __iscsi_conn_send_pdu(struct iscsi_conn *conn, struct
iscsi_hdr *hdr,
+ return NULL;
+ }
+
++ if (data_size > ISCSI_DEF_MAX_RECV_SEG_LEN) {
++ iscsi_conn_printk(KERN_ERR, conn, "Invalid buffer len
of %u for login task. Max len is %u\n", data_size, ISCSI_DEF_MAX_RECV_SEG_LEN);
++ return NULL;
++ }
++
+ task = conn->login_task;
+ } else {
+ if (session->state != ISCSI_STATE_LOGGED_IN)
+ return NULL;
+
++ if (data_size != 0) {
++ iscsi_conn_printk(KERN_ERR, conn, "Can not send data
buffer of len %u for op 0x%x\n", data_size, opcode);
++ return NULL;
++ }
++
+ BUG_ON(conn->c_stage == ISCSI_CONN_INITIAL_STAGE);
+ BUG_ON(conn->c_stage == ISCSI_CONN_STOPPED);
+
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index 766098a..1c6c971 100644
--- a/drivers/scsi/libsas/sas_ata.c
@@ -53702,6 +54113,19 @@ index ae6f61a..03c3d5d 100644
op_data = ll_prep_md_op_data(NULL, dir, NULL, filename,
strlen(filename), mode, LUSTRE_OPC_MKDIR,
lump);
+diff --git a/drivers/staging/lustre/lustre/llite/llite_lib.c
b/drivers/staging/lustre/lustre/llite/llite_lib.c
+index deca27e..22fb433 100644
+--- a/drivers/staging/lustre/lustre/llite/llite_lib.c
++++ b/drivers/staging/lustre/lustre/llite/llite_lib.c
+@@ -568,7 +568,7 @@ static int client_common_fill_super(struct super_block
*sb, char *md, char *dt,
+ if (sb->s_root == NULL) {
+ CERROR("%s: can't make root dentry\n",
+ ll_get_fsname(sb, NULL, 0));
+- GOTO(out_root, err = -ENOMEM);
++ GOTO(out_lock_cn_cb, err = -ENOMEM);
+ }
+
+ sbi->ll_sdev_orig = sb->s_dev;
diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c
b/drivers/staging/media/solo6x10/solo6x10-core.c
index f670469..03b7438 100644
--- a/drivers/staging/media/solo6x10/solo6x10-core.c
@@ -53903,7 +54327,7 @@ index d07fcb5..358e1e1 100644
return;
}
diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
-index 317c2a8..ffeb4ef 100644
+index 317c2a8..7876515 100644
--- a/drivers/staging/vt6655/hostap.c
+++ b/drivers/staging/vt6655/hostap.c
@@ -68,14 +68,13 @@ static int msglevel = MSG_LEVEL_INFO;
@@ -53932,6 +54356,16 @@ index 317c2a8..ffeb4ef 100644
pDevice->apdev->netdev_ops = &apdev_netdev_ops;
pDevice->apdev->type = ARPHRD_IEEE80211;
+@@ -350,6 +351,9 @@ static int hostap_set_generic_element(PSDevice pDevice,
+ {
+ PSMgmtObject pMgmt = pDevice->pMgmt;
+
++ if (param->u.generic_elem.len > sizeof(pMgmt->abyWPAIE))
++ return -EINVAL;
++
+ memcpy(pMgmt->abyWPAIE,
+ param->u.generic_elem.data,
+ param->u.generic_elem.len
diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c
index e7e9372..161f530 100644
--- a/drivers/target/sbp/sbp_target.c
@@ -61057,10 +61491,30 @@ index 7f5b41b..e589c13 100644
static inline int btrfs_need_log_full_commit(struct btrfs_fs_info *fs_info,
diff --git a/fs/buffer.c b/fs/buffer.c
-index eba6e4f..af1182c 100644
+index eba6e4f..8d8230c 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
-@@ -3429,7 +3429,7 @@ void __init buffer_init(void)
+@@ -1029,7 +1029,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ bh = page_buffers(page);
+ if (bh->b_size == size) {
+ end_block = init_page_buffers(page, bdev,
+- index << sizebits, size);
++ (sector_t)index << sizebits,
++ size);
+ goto done;
+ }
+ if (!try_to_free_buffers(page))
+@@ -1050,7 +1051,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ */
+ spin_lock(&inode->i_mapping->private_lock);
+ link_dev_buffers(page, bh);
+- end_block = init_page_buffers(page, bdev, index << sizebits, size);
++ end_block = init_page_buffers(page, bdev, (sector_t)index << sizebits,
++ size);
+ spin_unlock(&inode->i_mapping->private_lock);
+ done:
+ ret = (block < end_block) ? 1 : -ENXIO;
+@@ -3429,7 +3431,7 @@ void __init buffer_init(void)
bh_cachep = kmem_cache_create("buffer_head",
sizeof(struct buffer_head), 0,
(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
@@ -61070,10 +61524,10 @@ index eba6e4f..af1182c 100644
/*
diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c
-index d749731..dd333a6 100644
+index d749731..0fda764 100644
--- a/fs/cachefiles/bind.c
+++ b/fs/cachefiles/bind.c
-@@ -39,13 +39,11 @@ int cachefiles_daemon_bind(struct cachefiles_cache *cache,
char *args)
+@@ -39,29 +39,27 @@ int cachefiles_daemon_bind(struct cachefiles_cache *cache,
char *args)
args);
/* start by checking things over */
@@ -61089,8 +61543,36 @@ index d749731..dd333a6 100644
cache->bcull_percent < cache->brun_percent &&
cache->brun_percent < 100);
+ if (*args) {
+- pr_err("'bind' command doesn't take an argument");
++ pr_err("'bind' command doesn't take an argument\n");
+ return -EINVAL;
+ }
+
+ if (!cache->rootdirname) {
+- pr_err("No cache directory specified");
++ pr_err("No cache directory specified\n");
+ return -EINVAL;
+ }
+
+ /* don't permit already bound caches to be re-bound */
+ if (test_bit(CACHEFILES_READY, &cache->flags)) {
+- pr_err("Cache already bound");
++ pr_err("Cache already bound\n");
+ return -EBUSY;
+ }
+
+@@ -248,7 +246,7 @@ error_open_root:
+ kmem_cache_free(cachefiles_object_jar, fsdef);
+ error_root_object:
+ cachefiles_end_secure(cache, saved_cred);
+- pr_err("Failed to register: %d", ret);
++ pr_err("Failed to register: %d\n", ret);
+ return ret;
+ }
+
diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c
-index b078d30..db23012 100644
+index b078d30..4a6852c 100644
--- a/fs/cachefiles/daemon.c
+++ b/fs/cachefiles/daemon.c
@@ -196,7 +196,7 @@ static ssize_t cachefiles_daemon_read(struct file *file,
char __user *_buffer,
@@ -61111,6 +61593,15 @@ index b078d30..db23012 100644
return -EOPNOTSUPP;
/* drag the command string into the kernel so we can parse it */
+@@ -315,7 +315,7 @@ static unsigned int cachefiles_daemon_poll(struct file
*file,
+ static int cachefiles_daemon_range_error(struct cachefiles_cache *cache,
+ char *args)
+ {
+- pr_err("Free space limits must be in range 0%%<=stop<cull<run<100%%");
++ pr_err("Free space limits must be in range 0%%<=stop<cull<run<100%%\n");
+
+ return -EINVAL;
+ }
@@ -385,7 +385,7 @@ static int cachefiles_daemon_fstop(struct cachefiles_cache
*cache, char *args)
if (args[0] != '%' || args[1] != '\0')
return -EINVAL;
@@ -61129,8 +61620,114 @@ index b078d30..db23012 100644
return cachefiles_daemon_range_error(cache, args);
cache->bstop_percent = bstop;
+@@ -475,12 +475,12 @@ static int cachefiles_daemon_dir(struct cachefiles_cache
*cache, char *args)
+ _enter(",%s", args);
+
+ if (!*args) {
+- pr_err("Empty directory specified");
++ pr_err("Empty directory specified\n");
+ return -EINVAL;
+ }
+
+ if (cache->rootdirname) {
+- pr_err("Second cache directory specified");
++ pr_err("Second cache directory specified\n");
+ return -EEXIST;
+ }
+
+@@ -503,12 +503,12 @@ static int cachefiles_daemon_secctx(struct
cachefiles_cache *cache, char *args)
+ _enter(",%s", args);
+
+ if (!*args) {
+- pr_err("Empty security context specified");
++ pr_err("Empty security context specified\n");
+ return -EINVAL;
+ }
+
+ if (cache->secctx) {
+- pr_err("Second security context specified");
++ pr_err("Second security context specified\n");
+ return -EINVAL;
+ }
+
+@@ -531,7 +531,7 @@ static int cachefiles_daemon_tag(struct cachefiles_cache
*cache, char *args)
+ _enter(",%s", args);
+
+ if (!*args) {
+- pr_err("Empty tag specified");
++ pr_err("Empty tag specified\n");
+ return -EINVAL;
+ }
+
+@@ -562,12 +562,12 @@ static int cachefiles_daemon_cull(struct
cachefiles_cache *cache, char *args)
+ goto inval;
+
+ if (!test_bit(CACHEFILES_READY, &cache->flags)) {
+- pr_err("cull applied to unready cache");
++ pr_err("cull applied to unready cache\n");
+ return -EIO;
+ }
+
+ if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
+- pr_err("cull applied to dead cache");
++ pr_err("cull applied to dead cache\n");
+ return -EIO;
+ }
+
+@@ -587,11 +587,11 @@ static int cachefiles_daemon_cull(struct
cachefiles_cache *cache, char *args)
+
+ notdir:
+ path_put(&path);
+- pr_err("cull command requires dirfd to be a directory");
++ pr_err("cull command requires dirfd to be a directory\n");
+ return -ENOTDIR;
+
+ inval:
+- pr_err("cull command requires dirfd and filename");
++ pr_err("cull command requires dirfd and filename\n");
+ return -EINVAL;
+ }
+
+@@ -614,7 +614,7 @@ static int cachefiles_daemon_debug(struct cachefiles_cache
*cache, char *args)
+ return 0;
+
+ inval:
+- pr_err("debug command requires mask");
++ pr_err("debug command requires mask\n");
+ return -EINVAL;
+ }
+
+@@ -634,12 +634,12 @@ static int cachefiles_daemon_inuse(struct
cachefiles_cache *cache, char *args)
+ goto inval;
+
+ if (!test_bit(CACHEFILES_READY, &cache->flags)) {
+- pr_err("inuse applied to unready cache");
++ pr_err("inuse applied to unready cache\n");
+ return -EIO;
+ }
+
+ if (test_bit(CACHEFILES_DEAD, &cache->flags)) {
+- pr_err("inuse applied to dead cache");
++ pr_err("inuse applied to dead cache\n");
+ return -EIO;
+ }
+
+@@ -659,11 +659,11 @@ static int cachefiles_daemon_inuse(struct
cachefiles_cache *cache, char *args)
+
+ notdir:
+ path_put(&path);
+- pr_err("inuse command requires dirfd to be a directory");
++ pr_err("inuse command requires dirfd to be a directory\n");
+ return -ENOTDIR;
+
+ inval:
+- pr_err("inuse command requires dirfd and filename");
++ pr_err("inuse command requires dirfd and filename\n");
+ return -EINVAL;
+ }
+
diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h
-index 3d50998..0550d67 100644
+index 3d50998..c4e3a69 100644
--- a/fs/cachefiles/internal.h
+++ b/fs/cachefiles/internal.h
@@ -66,7 +66,7 @@ struct cachefiles_cache {
@@ -61167,8 +61764,30 @@ index 3d50998..0550d67 100644
}
#else
+@@ -255,7 +255,7 @@ extern int cachefiles_remove_object_xattr(struct
cachefiles_cache *cache,
+
+ #define cachefiles_io_error(___cache, FMT, ...) \
+ do { \
+- pr_err("I/O Error: " FMT, ##__VA_ARGS__); \
++ pr_err("I/O Error: " FMT"\n", ##__VA_ARGS__); \
+ fscache_io_error(&(___cache)->cache); \
+ set_bit(CACHEFILES_DEAD, &(___cache)->flags); \
+ } while (0)
+diff --git a/fs/cachefiles/main.c b/fs/cachefiles/main.c
+index 180edfb..711f13d 100644
+--- a/fs/cachefiles/main.c
++++ b/fs/cachefiles/main.c
+@@ -84,7 +84,7 @@ error_proc:
+ error_object_jar:
+ misc_deregister(&cachefiles_dev);
+ error_dev:
+- pr_err("failed to register: %d", ret);
++ pr_err("failed to register: %d\n", ret);
+ return ret;
+ }
+
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c
-index 5bf2b41..85b93f9 100644
+index 5bf2b41..81051b4 100644
--- a/fs/cachefiles/namei.c
+++ b/fs/cachefiles/namei.c
@@ -312,7 +312,7 @@ try_again:
@@ -61180,6 +61799,67 @@ index 5bf2b41..85b93f9 100644
/* do the multiway lock magic */
trap = lock_rename(cache->graveyard, dir);
+@@ -543,7 +543,7 @@ lookup_again:
+ next, next->d_inode, next->d_inode->i_ino);
+
+ } else if (!S_ISDIR(next->d_inode->i_mode)) {
+- pr_err("inode %lu is not a directory",
++ pr_err("inode %lu is not a directory\n",
+ next->d_inode->i_ino);
+ ret = -ENOBUFS;
+ goto error;
+@@ -574,7 +574,7 @@ lookup_again:
+ } else if (!S_ISDIR(next->d_inode->i_mode) &&
+ !S_ISREG(next->d_inode->i_mode)
+ ) {
+- pr_err("inode %lu is not a file or directory",
++ pr_err("inode %lu is not a file or directory\n",
+ next->d_inode->i_ino);
+ ret = -ENOBUFS;
+ goto error;
+@@ -768,7 +768,7 @@ struct dentry *cachefiles_get_directory(struct
cachefiles_cache *cache,
+ ASSERT(subdir->d_inode);
+
+ if (!S_ISDIR(subdir->d_inode->i_mode)) {
+- pr_err("%s is not a directory", dirname);
++ pr_err("%s is not a directory\n", dirname);
+ ret = -EIO;
+ goto check_error;
+ }
+@@ -795,13 +795,13 @@ check_error:
+ mkdir_error:
+ mutex_unlock(&dir->d_inode->i_mutex);
+ dput(subdir);
+- pr_err("mkdir %s failed with error %d", dirname, ret);
++ pr_err("mkdir %s failed with error %d\n", dirname, ret);
+ return ERR_PTR(ret);
+
+ lookup_error:
+ mutex_unlock(&dir->d_inode->i_mutex);
+ ret = PTR_ERR(subdir);
+- pr_err("Lookup %s failed with error %d", dirname, ret);
++ pr_err("Lookup %s failed with error %d\n", dirname, ret);
+ return ERR_PTR(ret);
+
+ nomem_d_alloc:
+@@ -891,7 +891,7 @@ lookup_error:
+ if (ret == -EIO) {
+ cachefiles_io_error(cache, "Lookup failed");
+ } else if (ret != -ENOMEM) {
+- pr_err("Internal error: %d", ret);
++ pr_err("Internal error: %d\n", ret);
+ ret = -EIO;
+ }
+
+@@ -950,7 +950,7 @@ error:
+ }
+
+ if (ret != -ENOMEM) {
+- pr_err("Internal error: %d", ret);
++ pr_err("Internal error: %d\n", ret);
+ ret = -EIO;
+ }
+
diff --git a/fs/cachefiles/proc.c b/fs/cachefiles/proc.c
index eccd339..4c1d995 100644
--- a/fs/cachefiles/proc.c
@@ -61223,6 +61903,54 @@ index 4b1fb5c..0d2a699 100644
set_fs(old_fs);
kunmap(page);
file_end_write(file);
+diff --git a/fs/cachefiles/xattr.c b/fs/cachefiles/xattr.c
+index 1ad51ffb..acbc1f0 100644
+--- a/fs/cachefiles/xattr.c
++++ b/fs/cachefiles/xattr.c
+@@ -51,7 +51,7 @@ int cachefiles_check_object_type(struct cachefiles_object
*object)
+ }
+
+ if (ret != -EEXIST) {
+- pr_err("Can't set xattr on %*.*s [%lu] (err %d)",
++ pr_err("Can't set xattr on %*.*s [%lu] (err %d)\n",
+ dentry->d_name.len, dentry->d_name.len,
+ dentry->d_name.name, dentry->d_inode->i_ino,
+ -ret);
+@@ -64,7 +64,7 @@ int cachefiles_check_object_type(struct cachefiles_object
*object)
+ if (ret == -ERANGE)
+ goto bad_type_length;
+
+- pr_err("Can't read xattr on %*.*s [%lu] (err %d)",
++ pr_err("Can't read xattr on %*.*s [%lu] (err %d)\n",
+ dentry->d_name.len, dentry->d_name.len,
+ dentry->d_name.name, dentry->d_inode->i_ino,
+ -ret);
+@@ -85,14 +85,14 @@ error:
+ return ret;
+
+ bad_type_length:
+- pr_err("Cache object %lu type xattr length incorrect",
++ pr_err("Cache object %lu type xattr length incorrect\n",
+ dentry->d_inode->i_ino);
+ ret = -EIO;
+ goto error;
+
+ bad_type:
+ xtype[2] = 0;
+- pr_err("Cache object %*.*s [%lu] type %s not %s",
++ pr_err("Cache object %*.*s [%lu] type %s not %s\n",
+ dentry->d_name.len, dentry->d_name.len,
+ dentry->d_name.name, dentry->d_inode->i_ino,
+ xtype, type);
+@@ -293,7 +293,7 @@ error:
+ return ret;
+
+ bad_type_length:
+- pr_err("Cache object %lu xattr length incorrect",
++ pr_err("Cache object %lu xattr length incorrect\n",
+ dentry->d_inode->i_ino);
+ ret = -EIO;
+ goto error;
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
index c29d6ae..719b9bb 100644
--- a/fs/ceph/dir.c
@@ -65602,7 +66330,7 @@ index d55297f..f5b28c5 100644
#define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */
diff --git a/fs/namei.c b/fs/namei.c
-index 17ca8b8..2de9500 100644
+index 17ca8b8..d023ae5 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -65657,7 +66385,42 @@ index 17ca8b8..2de9500 100644
return -EACCES;
}
EXPORT_SYMBOL(generic_permission);
-@@ -825,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+@@ -644,24 +651,22 @@ static int complete_walk(struct nameidata *nd)
+
+ static __always_inline void set_root(struct nameidata *nd)
+ {
+- if (!nd->root.mnt)
+- get_fs_root(current->fs, &nd->root);
++ get_fs_root(current->fs, &nd->root);
+ }
+
+ static int link_path_walk(const char *, struct nameidata *);
+
+-static __always_inline void set_root_rcu(struct nameidata *nd)
++static __always_inline unsigned set_root_rcu(struct nameidata *nd)
+ {
+- if (!nd->root.mnt) {
+- struct fs_struct *fs = current->fs;
+- unsigned seq;
++ struct fs_struct *fs = current->fs;
++ unsigned seq, res;
+
+- do {
+- seq = read_seqcount_begin(&fs->seq);
+- nd->root = fs->root;
+- nd->seq =
__read_seqcount_begin(&nd->root.dentry->d_seq);
+- } while (read_seqcount_retry(&fs->seq, seq));
+- }
++ do {
++ seq = read_seqcount_begin(&fs->seq);
++ nd->root = fs->root;
++ res = __read_seqcount_begin(&nd->root.dentry->d_seq);
++ } while (read_seqcount_retry(&fs->seq, seq));
++ return res;
+ }
+
+ static void path_put_conditional(struct path *path, struct nameidata *nd)
+@@ -825,7 +830,7 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
{
struct dentry *dentry = link->dentry;
int error;
@@ -65666,7 +66429,7 @@ index 17ca8b8..2de9500 100644
BUG_ON(nd->flags & LOOKUP_RCU);
-@@ -846,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+@@ -846,6 +851,12 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
if (error)
goto out_put_nd_path;
@@ -65679,7 +66442,126 @@ index 17ca8b8..2de9500 100644
nd->last_type = LAST_BIND;
*p = dentry->d_inode->i_op->follow_link(dentry, nd);
error = PTR_ERR(*p);
-@@ -1597,6 +1610,8 @@ static inline int nested_symlink(struct path *path,
struct nameidata *nd)
+@@ -861,7 +872,8 @@ follow_link(struct path *link, struct nameidata *nd, void
**p)
+ return PTR_ERR(s);
+ }
+ if (*s == '/') {
+- set_root(nd);
++ if (!nd->root.mnt)
++ set_root(nd);
+ path_put(&nd->path);
+ nd->path = nd->root;
+ path_get(&nd->root);
+@@ -1092,10 +1104,10 @@ int follow_down_one(struct path *path)
+ }
+ EXPORT_SYMBOL(follow_down_one);
+
+-static inline bool managed_dentry_might_block(struct dentry *dentry)
++static inline int managed_dentry_rcu(struct dentry *dentry)
+ {
+- return (dentry->d_flags & DCACHE_MANAGE_TRANSIT &&
+- dentry->d_op->d_manage(dentry, true) < 0);
++ return (dentry->d_flags & DCACHE_MANAGE_TRANSIT) ?
++ dentry->d_op->d_manage(dentry, true) : 0;
+ }
+
+ /*
+@@ -1111,11 +1123,18 @@ static bool __follow_mount_rcu(struct nameidata *nd,
struct path *path,
+ * Don't forget we might have a non-mountpoint managed dentry
+ * that wants to block transit.
+ */
+- if (unlikely(managed_dentry_might_block(path->dentry)))
++ switch (managed_dentry_rcu(path->dentry)) {
++ case -ECHILD:
++ default:
+ return false;
+-
+- if (!d_mountpoint(path->dentry))
++ case -EISDIR:
+ return true;
++ case 0:
++ break;
++ }
++
++ if (!d_mountpoint(path->dentry))
++ return !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
+
+ mounted = __lookup_mnt(path->mnt, path->dentry);
+ if (!mounted)
+@@ -1131,12 +1150,15 @@ static bool __follow_mount_rcu(struct nameidata *nd,
struct path *path,
+ */
+ *inode = path->dentry->d_inode;
+ }
+- return read_seqretry(&mount_lock, nd->m_seq);
++ return !read_seqretry(&mount_lock, nd->m_seq) &&
++ !(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT);
+ }
+
+ static int follow_dotdot_rcu(struct nameidata *nd)
+ {
+- set_root_rcu(nd);
++ struct inode *inode = nd->inode;
++ if (!nd->root.mnt)
++ set_root_rcu(nd);
+
+ while (1) {
+ if (nd->path.dentry == nd->root.dentry &&
+@@ -1148,6 +1170,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ struct dentry *parent = old->d_parent;
+ unsigned seq;
+
++ inode = parent->d_inode;
+ seq = read_seqcount_begin(&parent->d_seq);
+ if (read_seqcount_retry(&old->d_seq, nd->seq))
+ goto failed;
+@@ -1157,6 +1180,7 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ }
+ if (!follow_up_rcu(&nd->path))
+ break;
++ inode = nd->path.dentry->d_inode;
+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+ }
+ while (d_mountpoint(nd->path.dentry)) {
+@@ -1166,11 +1190,12 @@ static int follow_dotdot_rcu(struct nameidata *nd)
+ break;
+ nd->path.mnt = &mounted->mnt;
+ nd->path.dentry = mounted->mnt.mnt_root;
++ inode = nd->path.dentry->d_inode;
+ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq);
+- if (!read_seqretry(&mount_lock, nd->m_seq))
++ if (read_seqretry(&mount_lock, nd->m_seq))
+ goto failed;
+ }
+- nd->inode = nd->path.dentry->d_inode;
++ nd->inode = inode;
+ return 0;
+
+ failed:
+@@ -1249,7 +1274,8 @@ static void follow_mount(struct path *path)
+
+ static void follow_dotdot(struct nameidata *nd)
+ {
+- set_root(nd);
++ if (!nd->root.mnt)
++ set_root(nd);
+
+ while(1) {
+ struct dentry *old = nd->path.dentry;
+@@ -1403,11 +1429,8 @@ static int lookup_fast(struct nameidata *nd,
+ }
+ path->mnt = mnt;
+ path->dentry = dentry;
+- if (unlikely(!__follow_mount_rcu(nd, path, inode)))
+- goto unlazy;
+- if (unlikely(path->dentry->d_flags & DCACHE_NEED_AUTOMOUNT))
+- goto unlazy;
+- return 0;
++ if (likely(__follow_mount_rcu(nd, path, inode)))
++ return 0;
+ unlazy:
+ if (unlazy_walk(nd, dentry))
+ return -ECHILD;
+@@ -1597,6 +1620,8 @@ static inline int nested_symlink(struct path *path,
struct nameidata *nd)
if (res)
break;
res = walk_component(nd, path, LOOKUP_FOLLOW);
@@ -65688,7 +66570,7 @@ index 17ca8b8..2de9500 100644
put_link(nd, &link, cookie);
} while (res > 0);
-@@ -1669,7 +1684,7 @@ EXPORT_SYMBOL(full_name_hash);
+@@ -1669,7 +1694,7 @@ EXPORT_SYMBOL(full_name_hash);
static inline unsigned long hash_name(const char *name, unsigned int *hashp)
{
unsigned long a, b, adata, bdata, mask, hash, len;
@@ -65697,7 +66579,32 @@ index 17ca8b8..2de9500 100644
hash = a = 0;
len = -sizeof(unsigned long);
-@@ -1953,6 +1968,8 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1847,7 +1872,7 @@ static int path_init(int dfd, const char *name, unsigned
int flags,
+ if (*name=='/') {
+ if (flags & LOOKUP_RCU) {
+ rcu_read_lock();
+- set_root_rcu(nd);
++ nd->seq = set_root_rcu(nd);
+ } else {
+ set_root(nd);
+ path_get(&nd->root);
+@@ -1898,7 +1923,14 @@ static int path_init(int dfd, const char *name,
unsigned int flags,
+ }
+
+ nd->inode = nd->path.dentry->d_inode;
+- return 0;
++ if (!(flags & LOOKUP_RCU))
++ return 0;
++ if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq)))
++ return 0;
++ if (!(nd->flags & LOOKUP_ROOT))
++ nd->root.mnt = NULL;
++ rcu_read_unlock();
++ return -ECHILD;
+ }
+
+ static inline int lookup_last(struct nameidata *nd, struct path *path)
+@@ -1953,6 +1985,8 @@ static int path_lookupat(int dfd, const char *name,
if (err)
break;
err = lookup_last(nd, &path);
@@ -65706,7 +66613,7 @@ index 17ca8b8..2de9500 100644
put_link(nd, &link, cookie);
}
}
-@@ -1960,6 +1977,13 @@ static int path_lookupat(int dfd, const char *name,
+@@ -1960,6 +1994,13 @@ static int path_lookupat(int dfd, const char *name,
if (!err)
err = complete_walk(nd);
@@ -65720,7 +66627,7 @@ index 17ca8b8..2de9500 100644
if (!err && nd->flags & LOOKUP_DIRECTORY) {
if (!d_can_lookup(nd->path.dentry)) {
path_put(&nd->path);
-@@ -1987,8 +2011,15 @@ static int filename_lookup(int dfd, struct filename
*name,
+@@ -1987,8 +2028,15 @@ static int filename_lookup(int dfd, struct filename
*name,
retval = path_lookupat(dfd, name->name,
flags | LOOKUP_REVAL, nd);
@@ -65737,7 +66644,7 @@ index 17ca8b8..2de9500 100644
return retval;
}
-@@ -2570,6 +2601,13 @@ static int may_open(struct path *path, int acc_mode,
int flag)
+@@ -2570,6 +2618,13 @@ static int may_open(struct path *path, int acc_mode,
int flag)
if (flag & O_NOATIME && !inode_owner_or_capable(inode))
return -EPERM;
@@ -65751,7 +66658,7 @@ index 17ca8b8..2de9500 100644
return 0;
}
-@@ -2801,7 +2839,7 @@ looked_up:
+@@ -2801,7 +2856,7 @@ looked_up:
* cleared otherwise prior to returning.
*/
static int lookup_open(struct nameidata *nd, struct path *path,
@@ -65760,7 +66667,7 @@ index 17ca8b8..2de9500 100644
const struct open_flags *op,
bool got_write, int *opened)
{
-@@ -2836,6 +2874,17 @@ static int lookup_open(struct nameidata *nd, struct
path *path,
+@@ -2836,6 +2891,17 @@ static int lookup_open(struct nameidata *nd, struct
path *path,
/* Negative dentry, just create the file */
if (!dentry->d_inode && (op->open_flag & O_CREAT)) {
umode_t mode = op->mode;
@@ -65778,7 +66685,7 @@ index 17ca8b8..2de9500 100644
if (!IS_POSIXACL(dir->d_inode))
mode &= ~current_umask();
/*
-@@ -2857,6 +2906,8 @@ static int lookup_open(struct nameidata *nd, struct path
*path,
+@@ -2857,6 +2923,8 @@ static int lookup_open(struct nameidata *nd, struct path
*path,
nd->flags & LOOKUP_EXCL);
if (error)
goto out_dput;
@@ -65787,7 +66694,7 @@ index 17ca8b8..2de9500 100644
}
out_no_open:
path->dentry = dentry;
-@@ -2871,7 +2922,7 @@ out_dput:
+@@ -2871,7 +2939,7 @@ out_dput:
/*
* Handle the last step of open()
*/
@@ -65796,7 +66703,7 @@ index 17ca8b8..2de9500 100644
struct file *file, const struct open_flags *op,
int *opened, struct filename *name)
{
-@@ -2921,6 +2972,15 @@ static int do_last(struct nameidata *nd, struct path
*path,
+@@ -2921,6 +2989,15 @@ static int do_last(struct nameidata *nd, struct path
*path,
if (error)
return error;
@@ -65812,7 +66719,7 @@ index 17ca8b8..2de9500 100644
audit_inode(name, dir, LOOKUP_PARENT);
error = -EISDIR;
/* trailing slashes? */
-@@ -2940,7 +3000,7 @@ retry_lookup:
+@@ -2940,7 +3017,7 @@ retry_lookup:
*/
}
mutex_lock(&dir->d_inode->i_mutex);
@@ -65821,7 +66728,7 @@ index 17ca8b8..2de9500 100644
mutex_unlock(&dir->d_inode->i_mutex);
if (error <= 0) {
-@@ -2964,11 +3024,28 @@ retry_lookup:
+@@ -2964,11 +3041,28 @@ retry_lookup:
goto finish_open_created;
}
@@ -65851,7 +66758,7 @@ index 17ca8b8..2de9500 100644
/*
* If atomic_open() acquired write access it is dropped now due to
-@@ -3009,6 +3086,11 @@ finish_lookup:
+@@ -3009,6 +3103,11 @@ finish_lookup:
}
}
BUG_ON(inode != path->dentry->d_inode);
@@ -65863,7 +66770,7 @@ index 17ca8b8..2de9500 100644
return 1;
}
-@@ -3018,7 +3100,6 @@ finish_lookup:
+@@ -3018,7 +3117,6 @@ finish_lookup:
save_parent.dentry = nd->path.dentry;
save_parent.mnt = mntget(path->mnt);
nd->path.dentry = path->dentry;
@@ -65871,7 +66778,7 @@ index 17ca8b8..2de9500 100644
}
nd->inode = inode;
/* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */
-@@ -3028,7 +3109,18 @@ finish_open:
+@@ -3028,7 +3126,18 @@ finish_open:
path_put(&save_parent);
return error;
}
@@ -65890,7 +66797,7 @@ index 17ca8b8..2de9500 100644
error = -EISDIR;
if ((open_flag & O_CREAT) && d_is_dir(nd->path.dentry))
goto out;
-@@ -3191,7 +3283,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
+@@ -3191,7 +3300,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
if (unlikely(error))
goto out;
@@ -65899,7 +66806,7 @@ index 17ca8b8..2de9500 100644
while (unlikely(error > 0)) { /* trailing symlink */
struct path link = path;
void *cookie;
-@@ -3209,7 +3301,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
+@@ -3209,7 +3318,7 @@ static struct file *path_openat(int dfd, struct filename
*pathname,
error = follow_link(&link, nd, &cookie);
if (unlikely(error))
break;
@@ -65908,7 +66815,7 @@ index 17ca8b8..2de9500 100644
put_link(nd, &link, cookie);
}
out:
-@@ -3309,9 +3401,11 @@ struct dentry *kern_path_create(int dfd, const char
*pathname,
+@@ -3309,9 +3418,11 @@ struct dentry *kern_path_create(int dfd, const char
*pathname,
goto unlock;
error = -EEXIST;
@@ -65922,7 +66829,7 @@ index 17ca8b8..2de9500 100644
/*
* Special case - lookup gave negative, but... we had foo/bar/
* From the vfs_mknod() POV we just have a negative dentry -
-@@ -3363,6 +3457,20 @@ struct dentry *user_path_create(int dfd, const char
__user *pathname,
+@@ -3363,6 +3474,20 @@ struct dentry *user_path_create(int dfd, const char
__user *pathname,
}
EXPORT_SYMBOL(user_path_create);
@@ -65943,7 +66850,7 @@ index 17ca8b8..2de9500 100644
int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t
dev)
{
int error = may_create(dir, dentry);
-@@ -3426,6 +3534,17 @@ retry:
+@@ -3426,6 +3551,17 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -65961,16 +66868,16 @@ index 17ca8b8..2de9500 100644
error = security_path_mknod(&path, dentry, mode, dev);
if (error)
goto out;
-@@ -3442,6 +3561,8 @@ retry:
+@@ -3441,6 +3577,8 @@ retry:
+ error = vfs_mknod(path.dentry->d_inode,dentry,mode,0);
break;
}
- out:
+ if (!error)
+ gr_handle_create(dentry, path.mnt);
+ out:
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
- lookup_flags |= LOOKUP_REVAL;
-@@ -3495,9 +3616,16 @@ retry:
+@@ -3495,9 +3633,16 @@ retry:
if (!IS_POSIXACL(path.dentry->d_inode))
mode &= ~current_umask();
@@ -65987,7 +66894,7 @@ index 17ca8b8..2de9500 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3580,6 +3708,8 @@ static long do_rmdir(int dfd, const char __user
*pathname)
+@@ -3580,6 +3725,8 @@ static long do_rmdir(int dfd, const char __user
*pathname)
struct filename *name;
struct dentry *dentry;
struct nameidata nd;
@@ -65996,7 +66903,7 @@ index 17ca8b8..2de9500 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3612,10 +3742,21 @@ retry:
+@@ -3612,10 +3759,21 @@ retry:
error = -ENOENT;
goto exit3;
}
@@ -66018,7 +66925,7 @@ index 17ca8b8..2de9500 100644
exit3:
dput(dentry);
exit2:
-@@ -3706,6 +3847,8 @@ static long do_unlinkat(int dfd, const char __user
*pathname)
+@@ -3706,6 +3864,8 @@ static long do_unlinkat(int dfd, const char __user
*pathname)
struct nameidata nd;
struct inode *inode = NULL;
struct inode *delegated_inode = NULL;
@@ -66027,7 +66934,7 @@ index 17ca8b8..2de9500 100644
unsigned int lookup_flags = 0;
retry:
name = user_path_parent(dfd, pathname, &nd, lookup_flags);
-@@ -3732,10 +3875,22 @@ retry_deleg:
+@@ -3732,10 +3892,22 @@ retry_deleg:
if (d_is_negative(dentry))
goto slashes;
ihold(inode);
@@ -66050,7 +66957,7 @@ index 17ca8b8..2de9500 100644
exit2:
dput(dentry);
}
-@@ -3824,9 +3979,17 @@ retry:
+@@ -3824,9 +3996,17 @@ retry:
if (IS_ERR(dentry))
goto out_putname;
@@ -66068,7 +66975,7 @@ index 17ca8b8..2de9500 100644
done_path_create(&path, dentry);
if (retry_estale(error, lookup_flags)) {
lookup_flags |= LOOKUP_REVAL;
-@@ -3930,6 +4093,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user
*, oldname,
+@@ -3930,6 +4110,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user
*, oldname,
struct dentry *new_dentry;
struct path old_path, new_path;
struct inode *delegated_inode = NULL;
@@ -66076,7 +66983,7 @@ index 17ca8b8..2de9500 100644
int how = 0;
int error;
-@@ -3953,7 +4117,7 @@ retry:
+@@ -3953,7 +4134,7 @@ retry:
if (error)
return error;
@@ -66085,7 +66992,7 @@ index 17ca8b8..2de9500 100644
(how & LOOKUP_REVAL));
error = PTR_ERR(new_dentry);
if (IS_ERR(new_dentry))
-@@ -3965,11 +4129,28 @@ retry:
+@@ -3965,11 +4146,28 @@ retry:
error = may_linkat(&old_path);
if (unlikely(error))
goto out_dput;
@@ -66114,7 +67021,7 @@ index 17ca8b8..2de9500 100644
done_path_create(&new_path, new_dentry);
if (delegated_inode) {
error = break_deleg_wait(&delegated_inode);
-@@ -4279,6 +4460,12 @@ retry_deleg:
+@@ -4279,6 +4477,12 @@ retry_deleg:
if (new_dentry == trap)
goto exit5;
@@ -66127,7 +67034,7 @@ index 17ca8b8..2de9500 100644
error = security_path_rename(&oldnd.path, old_dentry,
&newnd.path, new_dentry, flags);
if (error)
-@@ -4286,6 +4473,9 @@ retry_deleg:
+@@ -4286,6 +4490,9 @@ retry_deleg:
error = vfs_rename(old_dir->d_inode, old_dentry,
new_dir->d_inode, new_dentry,
&delegated_inode, flags);
@@ -66137,7 +67044,7 @@ index 17ca8b8..2de9500 100644
exit5:
dput(new_dentry);
exit4:
-@@ -4328,14 +4518,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname,
const char __user *, newna
+@@ -4328,14 +4535,24 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname,
const char __user *, newna
int readlink_copy(char __user *buffer, int buflen, const char *link)
{
@@ -99947,6 +100854,19 @@ index 1706cbb..f89dbca 100644
if (err) {
bdi_destroy(bdi);
return err;
+diff --git a/mm/dmapool.c b/mm/dmapool.c
+index 306baa5..ba8019b 100644
+--- a/mm/dmapool.c
++++ b/mm/dmapool.c
+@@ -176,7 +176,7 @@ struct dma_pool *dma_pool_create(const char *name, struct
device *dev,
+ if (list_empty(&dev->dma_pools) &&
+ device_create_file(dev, &dev_attr_pools)) {
+ kfree(retval);
+- return NULL;
++ retval = NULL;
+ } else
+ list_add(&retval->pools, &dev->dma_pools);
+ mutex_unlock(&pools_lock);
diff --git a/mm/filemap.c b/mm/filemap.c
index 8163e04..191cb97 100644
--- a/mm/filemap.c
@@ -103283,7 +104203,7 @@ index 22a4a76..9551288 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index af68b15..1227320 100644
+index af68b15..f7f853d 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -33,7 +33,7 @@
@@ -103304,7 +104224,19 @@ index af68b15..1227320 100644
/*
* shmem_fallocate communicates with shmem_fault or shmem_writepage via
-@@ -2219,6 +2219,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
+@@ -2064,8 +2064,10 @@ static int shmem_rename(struct inode *old_dir, struct
dentry *old_dentry, struct
+
+ if (new_dentry->d_inode) {
+ (void) shmem_unlink(new_dir, new_dentry);
+- if (they_are_dirs)
++ if (they_are_dirs) {
++ drop_nlink(new_dentry->d_inode);
+ drop_nlink(old_dir);
++ }
+ } else if (they_are_dirs) {
+ drop_nlink(old_dir);
+ inc_nlink(new_dir);
+@@ -2219,6 +2221,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -103316,7 +104248,7 @@ index af68b15..1227320 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2274,6 +2279,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
+@@ -2274,6 +2281,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
if (err)
return err;
@@ -103332,7 +104264,7 @@ index af68b15..1227320 100644
return simple_xattr_set(&info->xattrs, name, value, size, flags);
}
-@@ -2586,8 +2600,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
+@@ -2586,8 +2602,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -103343,7 +104275,7 @@ index af68b15..1227320 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 3070b92..bcfff83 100644
+index 3070b92..6596d86 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -311,10 +311,12 @@ static void kmem_cache_node_init(struct kmem_cache_node
*parent)
@@ -103396,7 +104328,32 @@ index 3070b92..bcfff83 100644
slab_early_init = 0;
-@@ -3512,6 +3516,21 @@ static inline void __cache_free(struct kmem_cache
*cachep, void *objp,
+@@ -2224,7 +2228,8 @@ static int __init_refok setup_cpu_cache(struct
kmem_cache *cachep, gfp_t gfp)
+ int
+ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
+ {
+- size_t left_over, freelist_size, ralign;
++ size_t left_over, freelist_size;
++ size_t ralign = BYTES_PER_WORD;
+ gfp_t gfp;
+ int err;
+ size_t size = cachep->size;
+@@ -2257,14 +2262,6 @@ __kmem_cache_create (struct kmem_cache *cachep,
unsigned long flags)
+ size &= ~(BYTES_PER_WORD - 1);
+ }
+
+- /*
+- * Redzoning and user store require word alignment or possibly larger.
+- * Note this will be overridden by architecture or caller mandated
+- * alignment if either is greater than BYTES_PER_WORD.
+- */
+- if (flags & SLAB_STORE_USER)
+- ralign = BYTES_PER_WORD;
+-
+ if (flags & SLAB_RED_ZONE) {
+ ralign = REDZONE_ALIGN;
+ /* If redzoning, ensure that the second redzone is suitably
+@@ -3512,6 +3509,21 @@ static inline void __cache_free(struct kmem_cache
*cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
@@ -103418,7 +104375,7 @@ index 3070b92..bcfff83 100644
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
-@@ -3735,6 +3754,7 @@ void kfree(const void *objp)
+@@ -3735,6 +3747,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
@@ -103426,7 +104383,7 @@ index 3070b92..bcfff83 100644
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4176,14 +4196,22 @@ void slabinfo_show_stats(struct seq_file *m, struct
kmem_cache *cachep)
+@@ -4176,14 +4189,22 @@ void slabinfo_show_stats(struct seq_file *m, struct
kmem_cache *cachep)
}
/* cpu stats */
{
@@ -103453,7 +104410,7 @@ index 3070b92..bcfff83 100644
#endif
}
-@@ -4404,13 +4432,69 @@ static const struct file_operations
proc_slabstats_operations = {
+@@ -4404,13 +4425,69 @@ static const struct file_operations
proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -113900,11 +114857,11 @@ index b304068..462d24e 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness?
%#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..3fd3699
+index 0000000..42018ed
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,43 @@
-+#!/bin/bash
+@@ -0,0 +1,51 @@
++#!/bin/sh
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
@@ -113922,15 +114879,23 @@ index 0000000..3fd3699
+ exit 1
+fi
+
-+if [[ "$plugincc" =~ "$1 CC" ]]
-+then
-+ echo "$1"
-+ exit 0
-+fi
++case "$plugincc" in
++ *"$1 CC"*)
++ echo "$1"
++ exit 0
++ ;;
+
-+if [[ "$plugincc" =~ "$2 CXX" ]]
-+then
-+plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
++ *"$2 CXX"*)
++ # the c++ compiler needs another test, see below
++ ;;
++
++ *)
++ exit 1
++ ;;
++esac
++
++# we need a c++ compiler that supports the designated initializer GNU
extension
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only
-I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+class test {
+public:
@@ -113940,12 +114905,12 @@ index 0000000..3fd3699
+};
+EOF
+)
++
+if [ $? -eq 0 ]
+then
+ echo "$2"
+ exit 0
+fi
-+fi
+exit 1
diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
index 5de5660..d3deb89 100644
@@ -114229,6 +115194,19 @@ index 8fac3fd..32ff38d 100644
unsigned int num_sections;
unsigned int secindex_strings;
+diff --git a/scripts/tags.sh b/scripts/tags.sh
+index e6b011f..2d5f70f 100755
+--- a/scripts/tags.sh
++++ b/scripts/tags.sh
+@@ -26,7 +26,7 @@ else
+ fi
+
+ # ignore userspace tools
+-ignore="$ignore ( -path ${tree}tools ) -prune -o"
++ignore="$ignore ( -path \"${tree}tools/[^g]*\" ) -prune -o"
+
+ # Find all available archs
+ find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
index beb86b5..9becb4a 100644
--- a/security/Kconfig
diff --git a/3.2.63/0000_README b/3.2.63/0000_README
index 251218e..90399c4 100644
--- a/3.2.63/0000_README
+++ b/3.2.63/0000_README
@@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch
From: http://www.kernel.org
Desc: Linux 3.2.63
-Patch: 4420_grsecurity-3.0-3.2.63-201409180857.patch
+Patch: 4420_grsecurity-3.0-3.2.63-201409282020.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch
b/3.2.63/4420_grsecurity-3.0-3.2.63-201409282020.patch
similarity index 99%
rename from 3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch
rename to 3.2.63/4420_grsecurity-3.0-3.2.63-201409282020.patch
index 3cee459..e277955 100644
--- a/3.2.63/4420_grsecurity-3.0-3.2.63-201409180857.patch
+++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201409282020.patch
@@ -6205,20 +6205,43 @@ index 5efe8c9..db9ceef 100644
return 0;
}
diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c
-index 5a783d8..fbe4c8b 100644
+index 5a783d8..522eb00 100644
--- a/arch/powerpc/mm/mmap_64.c
+++ b/arch/powerpc/mm/mmap_64.c
-@@ -65,6 +65,10 @@ static unsigned long mmap_rnd(void)
+@@ -61,10 +61,14 @@ static inline int mmap_is_legacy(void)
+ *
+ * To avoid this we can shift the randomness by 1 bit.
+ */
+-static unsigned long mmap_rnd(void)
++static unsigned long mmap_rnd(struct mm_struct *mm)
{
unsigned long rnd = 0;
+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP))
+#endif
+
if (current->flags & PF_RANDOMIZE) {
/* 8MB for 32bit, 1GB for 64bit */
if (is_32bit_task())
+@@ -75,7 +79,7 @@ static unsigned long mmap_rnd(void)
+ return (rnd << PAGE_SHIFT) * 2;
+ }
+
+-static inline unsigned long mmap_base(void)
++static inline unsigned long mmap_base(struct mm_struct *mm)
+ {
+ unsigned long gap = rlimit(RLIMIT_STACK);
+
+@@ -84,7 +88,7 @@ static inline unsigned long mmap_base(void)
+ else if (gap > MAX_GAP)
+ gap = MAX_GAP;
+
+- return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
++ return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd(mm));
+ }
+
+ /*
@@ -99,10 +103,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
*/
if (mmap_is_legacy()) {
@@ -6232,7 +6255,8 @@ index 5a783d8..fbe4c8b 100644
mm->get_unmapped_area = arch_get_unmapped_area;
mm->unmap_area = arch_unmap_area;
} else {
- mm->mmap_base = mmap_base();
+- mm->mmap_base = mmap_base();
++ mm->mmap_base = mmap_base(mm);
+
+#ifdef CONFIG_PAX_RANDMMAP
+ if (mm->pax_flags & MF_PAX_RANDMMAP)
@@ -16877,7 +16901,7 @@ index 103b6ab..2004d0a 100644
#endif
initial_code = (unsigned long)wakeup_long64;
diff --git a/arch/x86/kernel/acpi/wakeup_32.S
b/arch/x86/kernel/acpi/wakeup_32.S
-index 13ab720..95d5442 100644
+index 13ab7205..95d5442 100644
--- a/arch/x86/kernel/acpi/wakeup_32.S
+++ b/arch/x86/kernel/acpi/wakeup_32.S
@@ -30,13 +30,11 @@ wakeup_pmode_return:
@@ -34144,8 +34168,21 @@ index be73e9d..7fbf140 100644
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
+diff --git a/drivers/block/drbd/drbd_bitmap.c
b/drivers/block/drbd/drbd_bitmap.c
+index 912f585..610551e 100644
+--- a/drivers/block/drbd/drbd_bitmap.c
++++ b/drivers/block/drbd/drbd_bitmap.c
+@@ -992,7 +992,7 @@ static void bm_page_io_async(struct bm_aio_ctx *ctx, int
page_nr, int rw) __must
+ submit_bio(rw, bio);
+ /* this should not count as user activity and cause the
+ * resync to throttle -- see drbd_rs_should_slow_down(). */
+- atomic_add(len >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(len >> 9, &mdev->rs_sect_ev);
+ }
+ }
+
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 9cf2035..bffca95 100644
+index 9cf2035..c8cbfe1 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -736,7 +736,7 @@ struct drbd_request;
@@ -34166,6 +34203,17 @@ index 9cf2035..bffca95 100644
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
+@@ -1118,8 +1118,8 @@ struct drbd_conf {
+ u64 ed_uuid; /* UUID of the exposed data */
+ struct mutex state_mutex;
+ char congestion_reason; /* Why we where congested... */
+- atomic_t rs_sect_in; /* for incoming resync data rate, SyncTarget */
+- atomic_t rs_sect_ev; /* for submitted resync data rate, both */
++ atomic_unchecked_t rs_sect_in; /* for incoming resync data rate,
SyncTarget */
++ atomic_unchecked_t rs_sect_ev; /* for submitted resync data rate, both
*/
+ int rs_last_sect_ev; /* counter to compare with */
+ int rs_last_events; /* counter of read or write "events" (unit sectors)
+ * on the lower level device when we last looked.
*/
@@ -1617,30 +1617,30 @@ static inline int drbd_setsockopt(struct socket *sock,
int level, int optname,
static inline void drbd_tcp_cork(struct socket *sock)
@@ -34206,7 +34254,7 @@ index 9cf2035..bffca95 100644
void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e
wo);
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 0358e55..bc33689 100644
+index 0358e55..4e25ed1 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum
drbd_packets cmd,
@@ -34227,7 +34275,7 @@ index 0358e55..bc33689 100644
dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw);
-@@ -2981,7 +2981,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev)
+@@ -2981,11 +2981,11 @@ void drbd_init_set_defaults(struct drbd_conf *mdev)
atomic_set(&mdev->unacked_cnt, 0);
atomic_set(&mdev->local_cnt, 0);
atomic_set(&mdev->net_cnt, 0);
@@ -34235,7 +34283,13 @@ index 0358e55..bc33689 100644
+ atomic_set_unchecked(&mdev->packet_seq, 0);
atomic_set(&mdev->pp_in_use, 0);
atomic_set(&mdev->pp_in_use_by_net, 0);
- atomic_set(&mdev->rs_sect_in, 0);
+- atomic_set(&mdev->rs_sect_in, 0);
+- atomic_set(&mdev->rs_sect_ev, 0);
++ atomic_set_unchecked(&mdev->rs_sect_in, 0);
++ atomic_set_unchecked(&mdev->rs_sect_ev, 0);
+ atomic_set(&mdev->ap_in_flight, 0);
+
+ mutex_init(&mdev->md_io_mutex);
@@ -3063,8 +3063,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev)
mdev->receiver.t_state);
@@ -34306,7 +34360,7 @@ index af2a250..0fdeb75 100644
cn_reply->len = sizeof(struct drbd_nl_cfg_reply) +
(int)((char *)tl - (char *)reply->tag_list);
diff --git a/drivers/block/drbd/drbd_receiver.c
b/drivers/block/drbd/drbd_receiver.c
-index 13cbdd3..d374957 100644
+index 13cbdd3..9c663ab 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
@@ -894,7 +894,7 @@ retry:
@@ -34367,6 +34421,24 @@ index 13cbdd3..d374957 100644
list_add(&epoch->list, &mdev->current_epoch->list);
mdev->current_epoch = epoch;
mdev->epochs++;
+@@ -1449,7 +1449,7 @@ static int recv_resync_read(struct drbd_conf *mdev,
sector_t sector, int data_si
+ list_add(&e->w.list, &mdev->sync_ee);
+ spin_unlock_irq(&mdev->req_lock);
+
+- atomic_add(data_size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(data_size >> 9, &mdev->rs_sect_ev);
+ if (drbd_submit_ee(mdev, e, WRITE, DRBD_FAULT_RS_WR) == 0)
+ return true;
+
+@@ -1519,7 +1519,7 @@ static int receive_RSDataReply(struct drbd_conf *mdev,
enum drbd_packets cmd, un
+ drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size);
+ }
+
+- atomic_add(data_size >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(data_size >> 9, &mdev->rs_sect_in);
+
+ return ok;
+ }
@@ -1663,7 +1663,7 @@ static int receive_Data(struct drbd_conf *mdev, enum
drbd_packets cmd, unsigned
spin_unlock(&mdev->peer_seq_lock);
@@ -34385,6 +34457,33 @@ index 13cbdd3..d374957 100644
atomic_inc(&e->epoch->active);
spin_unlock(&mdev->epoch_lock);
+@@ -1906,7 +1906,7 @@ int drbd_rs_should_slow_down(struct drbd_conf *mdev,
sector_t sector)
+
+ curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
+ (int)part_stat_read(&disk->part0, sectors[1]) -
+- atomic_read(&mdev->rs_sect_ev);
++ atomic_read_unchecked(&mdev->rs_sect_ev);
+
+ if (!mdev->rs_last_events || curr_events - mdev->rs_last_events > 64) {
+ unsigned long rs_left;
+@@ -2034,7 +2034,7 @@ static int receive_DataRequest(struct drbd_conf *mdev,
enum drbd_packets cmd, un
+ mdev->bm_resync_fo = BM_SECT_TO_BIT(sector);
+ } else if (cmd == P_OV_REPLY) {
+ /* track progress, we may need to throttle */
+- atomic_add(size >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_in);
+ e->w.cb = w_e_end_ov_reply;
+ dec_rs_pending(mdev);
+ /* drbd_rs_begin_io done when we sent this request,
+@@ -2098,7 +2098,7 @@ static int receive_DataRequest(struct drbd_conf *mdev,
enum drbd_packets cmd, un
+ goto out_free_e;
+
+ submit_for_resync:
+- atomic_add(size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev);
+
+ submit:
+ inc_unacked(mdev);
@@ -3637,7 +3637,7 @@ struct data_cmd {
int expect_payload;
size_t pkt_size;
@@ -34403,6 +34502,15 @@ index 13cbdd3..d374957 100644
D_ASSERT(list_empty(&mdev->current_epoch->list));
}
+@@ -4240,7 +4240,7 @@ static int got_IsInSync(struct drbd_conf *mdev, struct
p_header80 *h)
+ put_ldev(mdev);
+ }
+ dec_rs_pending(mdev);
+- atomic_add(blksize >> 9, &mdev->rs_sect_in);
++ atomic_add_unchecked(blksize >> 9, &mdev->rs_sect_in);
+
+ return true;
+ }
@@ -4492,7 +4492,7 @@ static int got_skip(struct drbd_conf *mdev, struct
p_header80 *h)
struct asender_cmd {
size_t pkt_size;
@@ -34412,6 +34520,39 @@ index 13cbdd3..d374957 100644
static struct asender_cmd *get_asender_cmd(int cmd)
{
+diff --git a/drivers/block/drbd/drbd_worker.c
b/drivers/block/drbd/drbd_worker.c
+index 4d3e6f6..5555fc4 100644
+--- a/drivers/block/drbd/drbd_worker.c
++++ b/drivers/block/drbd/drbd_worker.c
+@@ -368,7 +368,7 @@ static int read_for_csum(struct drbd_conf *mdev, sector_t
sector, int size)
+ list_add(&e->w.list, &mdev->read_ee);
+ spin_unlock_irq(&mdev->req_lock);
+
+- atomic_add(size >> 9, &mdev->rs_sect_ev);
++ atomic_add_unchecked(size >> 9, &mdev->rs_sect_ev);
+ if (drbd_submit_ee(mdev, e, READ, DRBD_FAULT_RS_RD) == 0)
+ return 0;
+
+@@ -448,7 +448,7 @@ static int drbd_rs_controller(struct drbd_conf *mdev)
+ int curr_corr;
+ int max_sect;
+
+- sect_in = atomic_xchg(&mdev->rs_sect_in, 0); /* Number of sectors that
came in */
++ sect_in = atomic_xchg_unchecked(&mdev->rs_sect_in, 0); /* Number of
sectors that came in */
+ mdev->rs_in_flight -= sect_in;
+
+ spin_lock(&mdev->peer_seq_lock); /* get an atomic view on
mdev->rs_plan_s */
+@@ -1455,8 +1455,8 @@ int drbd_alter_sa(struct drbd_conf *mdev, int na)
+
+ void drbd_rs_controller_reset(struct drbd_conf *mdev)
+ {
+- atomic_set(&mdev->rs_sect_in, 0);
+- atomic_set(&mdev->rs_sect_ev, 0);
++ atomic_set_unchecked(&mdev->rs_sect_in, 0);
++ atomic_set_unchecked(&mdev->rs_sect_ev, 0);
+ mdev->rs_in_flight = 0;
+ mdev->rs_planed = 0;
+ spin_lock(&mdev->peer_seq_lock);
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index d659135..45fe633 100644
--- a/drivers/block/loop.c
@@ -47584,6 +47725,32 @@ index 9de9db2..1e09660 100644
fc_frame_free(fp);
}
+diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c
+index 143bbe4..2794a30 100644
+--- a/drivers/scsi/libiscsi.c
++++ b/drivers/scsi/libiscsi.c
+@@ -718,11 +718,21 @@ __iscsi_conn_send_pdu(struct iscsi_conn *conn, struct
iscsi_hdr *hdr,
+ return NULL;
+ }
+
++ if (data_size > ISCSI_DEF_MAX_RECV_SEG_LEN) {
++ iscsi_conn_printk(KERN_ERR, conn, "Invalid buffer len
of %u for login task. Max len is %u\n", data_size, ISCSI_DEF_MAX_RECV_SEG_LEN);
++ return NULL;
++ }
++
+ task = conn->login_task;
+ } else {
+ if (session->state != ISCSI_STATE_LOGGED_IN)
+ return NULL;
+
++ if (data_size != 0) {
++ iscsi_conn_printk(KERN_ERR, conn, "Can not send data
buffer of len %u for op 0x%x\n", data_size, opcode);
++ return NULL;
++ }
++
+ BUG_ON(conn->c_stage == ISCSI_CONN_INITIAL_STAGE);
+ BUG_ON(conn->c_stage == ISCSI_CONN_STOPPED);
+
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
index 5e170e3..1e87efc 100644
--- a/drivers/scsi/libsas/sas_ata.c
@@ -56287,10 +56454,30 @@ index 200f63b..490b833 100644
/*
* used by btrfsctl to scan devices when no FS is mounted
diff --git a/fs/buffer.c b/fs/buffer.c
-index 5f4bde2..9dffef0 100644
+index 5f4bde2..b4d23b3 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
-@@ -3316,7 +3316,7 @@ void __init buffer_init(void)
+@@ -1021,7 +1021,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ bh = page_buffers(page);
+ if (bh->b_size == size) {
+ end_block = init_page_buffers(page, bdev,
+- index << sizebits, size);
++ (sector_t)index << sizebits,
++ size);
+ goto done;
+ }
+ if (!try_to_free_buffers(page))
+@@ -1042,7 +1043,8 @@ grow_dev_page(struct block_device *bdev, sector_t block,
+ */
+ spin_lock(&inode->i_mapping->private_lock);
+ link_dev_buffers(page, bh);
+- end_block = init_page_buffers(page, bdev, index << sizebits, size);
++ end_block = init_page_buffers(page, bdev, (sector_t)index << sizebits,
++ size);
+ spin_unlock(&inode->i_mapping->private_lock);
+ done:
+ ret = (block < end_block) ? 1 : -ENXIO;
+@@ -3316,7 +3318,7 @@ void __init buffer_init(void)
bh_cachep = kmem_cache_create("buffer_head",
sizeof(struct buffer_head), 0,
(SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
@@ -98170,7 +98357,7 @@ index f3f6fd3..0d91a63 100644
/*
diff --git a/mm/shmem.c b/mm/shmem.c
-index 1371021..c2094c7 100644
+index 1371021..7104960 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -31,7 +31,7 @@
@@ -98191,7 +98378,19 @@ index 1371021..c2094c7 100644
/*
* vmtruncate_range() communicates with shmem_fault via
-@@ -1924,6 +1924,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
+@@ -1719,8 +1719,10 @@ static int shmem_rename(struct inode *old_dir, struct
dentry *old_dentry, struct
+
+ if (new_dentry->d_inode) {
+ (void) shmem_unlink(new_dir, new_dentry);
+- if (they_are_dirs)
++ if (they_are_dirs) {
++ drop_nlink(new_dentry->d_inode);
+ drop_nlink(old_dir);
++ }
+ } else if (they_are_dirs) {
+ drop_nlink(old_dir);
+ inc_nlink(new_dir);
+@@ -1924,6 +1926,11 @@ static const struct xattr_handler
*shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -98203,7 +98402,7 @@ index 1371021..c2094c7 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -1977,6 +1982,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
+@@ -1977,6 +1984,15 @@ static int shmem_setxattr(struct dentry *dentry, const
char *name,
if (err)
return err;
@@ -98219,7 +98418,7 @@ index 1371021..c2094c7 100644
if (size == 0)
value = ""; /* empty EA, do not remove */
-@@ -2310,8 +2324,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
+@@ -2310,8 +2326,7 @@ int shmem_fill_super(struct super_block *sb, void *data,
int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -108226,11 +108425,11 @@ index cb1f50c..cef2a7c 100644
fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess?
%#x\n",
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..3fd3699
+index 0000000..42018ed
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,43 @@
-+#!/bin/bash
+@@ -0,0 +1,51 @@
++#!/bin/sh
+srctree=$(dirname "$0")
+gccplugins_dir=$($3 -print-file-name=plugin)
+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
@@ -108248,15 +108447,23 @@ index 0000000..3fd3699
+ exit 1
+fi
+
-+if [[ "$plugincc" =~ "$1 CC" ]]
-+then
-+ echo "$1"
-+ exit 0
-+fi
++case "$plugincc" in
++ *"$1 CC"*)
++ echo "$1"
++ exit 0
++ ;;
+
-+if [[ "$plugincc" =~ "$2 CXX" ]]
-+then
-+plugincc=$($1 -c -x c++ -std=gnu++98 - -o /dev/null -I${srctree}/../tools/gcc
-I${gccplugins_dir}/include 2>&1 <<EOF
++ *"$2 CXX"*)
++ # the c++ compiler needs another test, see below
++ ;;
++
++ *)
++ exit 1
++ ;;
++esac
++
++# we need a c++ compiler that supports the designated initializer GNU
extension
++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only
-I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF
+#include "gcc-common.h"
+class test {
+public:
@@ -108266,12 +108473,12 @@ index 0000000..3fd3699
+};
+EOF
+)
++
+if [ $? -eq 0 ]
+then
+ echo "$2"
+ exit 0
+fi
-+fi
+exit 1
diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl
index 48462be..3e08f94 100644
