diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2016-10-23 08:41:53 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2016-10-23 08:41:53 -0400 |
commit | 577ecfc11feb8d3835b6cc69bb57dac65d5957e6 (patch) | |
tree | 5198191ec5024bfd1b924c7edd0130afed5ec761 | |
parent | grsecurity-3.1-4.7.9-201610200819 (diff) | |
download | hardened-patchset-20161022.tar.gz hardened-patchset-20161022.tar.bz2 hardened-patchset-20161022.zip |
grsecurity-3.1-4.7.10-20161022203720161022
-rw-r--r-- | 4.7.10/0000_README (renamed from 4.7.9/0000_README) | 6 | ||||
-rw-r--r-- | 4.7.10/1007_linux-4.7.8.patch (renamed from 4.7.9/1007_linux-4.7.8.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/1008_linux-4.7.9.patch (renamed from 4.7.9/1008_linux-4.7.9.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/1009_linux-4.7.10.patch | 1630 | ||||
-rw-r--r-- | 4.7.10/4420_grsecurity-3.1-4.7.10-201610222037.patch (renamed from 4.7.9/4420_grsecurity-3.1-4.7.9-201610200819.patch) | 270 | ||||
-rw-r--r-- | 4.7.10/4425_grsec_remove_EI_PAX.patch (renamed from 4.7.9/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.7.9/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4430_grsec-remove-localversion-grsec.patch (renamed from 4.7.9/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4435_grsec-mute-warnings.patch (renamed from 4.7.9/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4440_grsec-remove-protected-paths.patch (renamed from 4.7.9/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4450_grsec-kconfig-default-gids.patch (renamed from 4.7.9/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.7.9/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4470_disable-compat_vdso.patch (renamed from 4.7.9/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 4.7.10/4475_emutramp_default_on.patch (renamed from 4.7.9/4475_emutramp_default_on.patch) | 0 |
14 files changed, 1784 insertions, 122 deletions
diff --git a/4.7.9/0000_README b/4.7.10/0000_README index be33a95..f0806b3 100644 --- a/4.7.9/0000_README +++ b/4.7.10/0000_README @@ -10,7 +10,11 @@ Patch: 1008_linux-4.7.9.patch From: http://www.kernel.org Desc: Linux 4.7.9 -Patch: 4420_grsecurity-3.1-4.7.9-201610200819.patch +Patch: 1009_linux-4.7.10.patch +From: http://www.kernel.org +Desc: Linux 4.7.10 + +Patch: 4420_grsecurity-3.1-4.7.10-201610222037.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.7.9/1007_linux-4.7.8.patch b/4.7.10/1007_linux-4.7.8.patch index dd5c7d8..dd5c7d8 100644 --- a/4.7.9/1007_linux-4.7.8.patch +++ b/4.7.10/1007_linux-4.7.8.patch diff --git a/4.7.9/1008_linux-4.7.9.patch b/4.7.10/1008_linux-4.7.9.patch index 5fd99d3..5fd99d3 100644 --- a/4.7.9/1008_linux-4.7.9.patch +++ b/4.7.10/1008_linux-4.7.9.patch diff --git a/4.7.10/1009_linux-4.7.10.patch b/4.7.10/1009_linux-4.7.10.patch new file mode 100644 index 0000000..2e76abd --- /dev/null +++ b/4.7.10/1009_linux-4.7.10.patch @@ -0,0 +1,1630 @@ +diff --git a/MAINTAINERS b/MAINTAINERS +index 8c20323..67c42db 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -12620,11 +12620,10 @@ F: arch/x86/xen/*swiotlb* + F: drivers/xen/*swiotlb* + + XFS FILESYSTEM +-P: Silicon Graphics Inc + M: Dave Chinner <david@fromorbit.com> +-M: xfs@oss.sgi.com +-L: xfs@oss.sgi.com +-W: http://oss.sgi.com/projects/xfs ++M: linux-xfs@vger.kernel.org ++L: linux-xfs@vger.kernel.org ++W: http://xfs.org/ + T: git git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs.git + S: Supported + F: Documentation/filesystems/xfs.txt +diff --git a/Makefile b/Makefile +index cb3f64e..219ab6d 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 4 + PATCHLEVEL = 7 +-SUBLEVEL = 9 ++SUBLEVEL = 10 + EXTRAVERSION = + NAME = Psychotic Stoned Sheep + +diff --git a/arch/arc/include/asm/irqflags-arcv2.h b/arch/arc/include/asm/irqflags-arcv2.h +index d1ec7f6..e880dfa 100644 +--- a/arch/arc/include/asm/irqflags-arcv2.h ++++ b/arch/arc/include/asm/irqflags-arcv2.h +@@ -112,7 +112,7 @@ static inline long arch_local_save_flags(void) + */ + temp = (1 << 5) | + ((!!(temp & STATUS_IE_MASK)) << CLRI_STATUS_IE_BIT) | +- (temp & CLRI_STATUS_E_MASK); ++ ((temp >> 1) & CLRI_STATUS_E_MASK); + return temp; + } + +diff --git a/arch/arc/kernel/intc-arcv2.c b/arch/arc/kernel/intc-arcv2.c +index 6c24faf..62b59409 100644 +--- a/arch/arc/kernel/intc-arcv2.c ++++ b/arch/arc/kernel/intc-arcv2.c +@@ -74,7 +74,7 @@ void arc_init_IRQ(void) + tmp = read_aux_reg(0xa); + tmp |= STATUS_AD_MASK | (irq_prio << 1); + tmp &= ~STATUS_IE_MASK; +- asm volatile("flag %0 \n"::"r"(tmp)); ++ asm volatile("kflag %0 \n"::"r"(tmp)); + } + + static void arcv2_irq_mask(struct irq_data *data) +diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c +index 4a34978..73a277d 100644 +--- a/block/cfq-iosched.c ++++ b/block/cfq-iosched.c +@@ -3021,7 +3021,6 @@ static struct request *cfq_check_fifo(struct cfq_queue *cfqq) + if (time_before(jiffies, rq->fifo_time)) + rq = NULL; + +- cfq_log_cfqq(cfqq->cfqd, cfqq, "fifo=%p", rq); + return rq; + } + +@@ -3395,6 +3394,9 @@ static bool cfq_may_dispatch(struct cfq_data *cfqd, struct cfq_queue *cfqq) + { + unsigned int max_dispatch; + ++ if (cfq_cfqq_must_dispatch(cfqq)) ++ return true; ++ + /* + * Drain async requests before we start sync IO + */ +@@ -3486,15 +3488,20 @@ static bool cfq_dispatch_request(struct cfq_data *cfqd, struct cfq_queue *cfqq) + + BUG_ON(RB_EMPTY_ROOT(&cfqq->sort_list)); + ++ rq = cfq_check_fifo(cfqq); ++ if (rq) ++ cfq_mark_cfqq_must_dispatch(cfqq); ++ + if (!cfq_may_dispatch(cfqd, cfqq)) + return false; + + /* + * follow expired path, else get first next available + */ +- rq = cfq_check_fifo(cfqq); + if (!rq) + rq = cfqq->next_rq; ++ else ++ cfq_log_cfqq(cfqq->cfqd, cfqq, "fifo=%p", rq); + + /* + * insert request into driver dispatch list +@@ -3962,7 +3969,7 @@ cfq_should_preempt(struct cfq_data *cfqd, struct cfq_queue *new_cfqq, + * if the new request is sync, but the currently running queue is + * not, let the sync request have priority. + */ +- if (rq_is_sync(rq) && !cfq_cfqq_sync(cfqq)) ++ if (rq_is_sync(rq) && !cfq_cfqq_sync(cfqq) && !cfq_cfqq_must_dispatch(cfqq)) + return true; + + /* +diff --git a/crypto/async_tx/async_pq.c b/crypto/async_tx/async_pq.c +index 08b3ac6..f83de99 100644 +--- a/crypto/async_tx/async_pq.c ++++ b/crypto/async_tx/async_pq.c +@@ -368,8 +368,6 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks, + + dma_set_unmap(tx, unmap); + async_tx_submit(chan, tx, submit); +- +- return tx; + } else { + struct page *p_src = P(blocks, disks); + struct page *q_src = Q(blocks, disks); +@@ -424,9 +422,11 @@ async_syndrome_val(struct page **blocks, unsigned int offset, int disks, + submit->cb_param = cb_param_orig; + submit->flags = flags_orig; + async_tx_sync_epilog(submit); +- +- return NULL; ++ tx = NULL; + } ++ dmaengine_unmap_put(unmap); ++ ++ return tx; + } + EXPORT_SYMBOL_GPL(async_syndrome_val); + +diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c +index bac7099..12ad3e3 100644 +--- a/crypto/ghash-generic.c ++++ b/crypto/ghash-generic.c +@@ -14,24 +14,13 @@ + + #include <crypto/algapi.h> + #include <crypto/gf128mul.h> ++#include <crypto/ghash.h> + #include <crypto/internal/hash.h> + #include <linux/crypto.h> + #include <linux/init.h> + #include <linux/kernel.h> + #include <linux/module.h> + +-#define GHASH_BLOCK_SIZE 16 +-#define GHASH_DIGEST_SIZE 16 +- +-struct ghash_ctx { +- struct gf128mul_4k *gf128; +-}; +- +-struct ghash_desc_ctx { +- u8 buffer[GHASH_BLOCK_SIZE]; +- u32 bytes; +-}; +- + static int ghash_init(struct shash_desc *desc) + { + struct ghash_desc_ctx *dctx = shash_desc_ctx(desc); +diff --git a/drivers/base/dma-mapping.c b/drivers/base/dma-mapping.c +index d799662..261420d 100644 +--- a/drivers/base/dma-mapping.c ++++ b/drivers/base/dma-mapping.c +@@ -334,7 +334,7 @@ void dma_common_free_remap(void *cpu_addr, size_t size, unsigned long vm_flags) + return; + } + +- unmap_kernel_range((unsigned long)cpu_addr, size); ++ unmap_kernel_range((unsigned long)cpu_addr, PAGE_ALIGN(size)); + vunmap(cpu_addr); + } + #endif +diff --git a/drivers/clk/mvebu/cp110-system-controller.c b/drivers/clk/mvebu/cp110-system-controller.c +index 7fa42d6..f2303da 100644 +--- a/drivers/clk/mvebu/cp110-system-controller.c ++++ b/drivers/clk/mvebu/cp110-system-controller.c +@@ -81,13 +81,6 @@ enum { + #define CP110_GATE_EIP150 25 + #define CP110_GATE_EIP197 26 + +-static struct clk *cp110_clks[CP110_CLK_NUM]; +- +-static struct clk_onecell_data cp110_clk_data = { +- .clks = cp110_clks, +- .clk_num = CP110_CLK_NUM, +-}; +- + struct cp110_gate_clk { + struct clk_hw hw; + struct regmap *regmap; +@@ -142,6 +135,8 @@ static struct clk *cp110_register_gate(const char *name, + if (!gate) + return ERR_PTR(-ENOMEM); + ++ memset(&init, 0, sizeof(init)); ++ + init.name = name; + init.ops = &cp110_gate_ops; + init.parent_names = &parent_name; +@@ -194,7 +189,8 @@ static int cp110_syscon_clk_probe(struct platform_device *pdev) + struct regmap *regmap; + struct device_node *np = pdev->dev.of_node; + const char *ppv2_name, *apll_name, *core_name, *eip_name, *nand_name; +- struct clk *clk; ++ struct clk_onecell_data *cp110_clk_data; ++ struct clk *clk, **cp110_clks; + u32 nand_clk_ctrl; + int i, ret; + +@@ -207,6 +203,20 @@ static int cp110_syscon_clk_probe(struct platform_device *pdev) + if (ret) + return ret; + ++ cp110_clks = devm_kcalloc(&pdev->dev, sizeof(struct clk *), ++ CP110_CLK_NUM, GFP_KERNEL); ++ if (!cp110_clks) ++ return -ENOMEM; ++ ++ cp110_clk_data = devm_kzalloc(&pdev->dev, ++ sizeof(*cp110_clk_data), ++ GFP_KERNEL); ++ if (!cp110_clk_data) ++ return -ENOMEM; ++ ++ cp110_clk_data->clks = cp110_clks; ++ cp110_clk_data->clk_num = CP110_CLK_NUM; ++ + /* Register the APLL which is the root of the clk tree */ + of_property_read_string_index(np, "core-clock-output-names", + CP110_CORE_APLL, &apll_name); +@@ -334,10 +344,12 @@ static int cp110_syscon_clk_probe(struct platform_device *pdev) + cp110_clks[CP110_MAX_CORE_CLOCKS + i] = clk; + } + +- ret = of_clk_add_provider(np, cp110_of_clk_get, &cp110_clk_data); ++ ret = of_clk_add_provider(np, cp110_of_clk_get, cp110_clk_data); + if (ret) + goto fail_clk_add; + ++ platform_set_drvdata(pdev, cp110_clks); ++ + return 0; + + fail_clk_add: +@@ -364,6 +376,7 @@ static int cp110_syscon_clk_probe(struct platform_device *pdev) + + static int cp110_syscon_clk_remove(struct platform_device *pdev) + { ++ struct clk **cp110_clks = platform_get_drvdata(pdev); + int i; + + of_clk_del_provider(pdev->dev.of_node); +diff --git a/drivers/crypto/vmx/ghash.c b/drivers/crypto/vmx/ghash.c +index 6c999cb0..27a94a1 100644 +--- a/drivers/crypto/vmx/ghash.c ++++ b/drivers/crypto/vmx/ghash.c +@@ -26,16 +26,13 @@ + #include <linux/hardirq.h> + #include <asm/switch_to.h> + #include <crypto/aes.h> ++#include <crypto/ghash.h> + #include <crypto/scatterwalk.h> + #include <crypto/internal/hash.h> + #include <crypto/b128ops.h> + + #define IN_INTERRUPT in_interrupt() + +-#define GHASH_BLOCK_SIZE (16) +-#define GHASH_DIGEST_SIZE (16) +-#define GHASH_KEY_LEN (16) +- + void gcm_init_p8(u128 htable[16], const u64 Xi[2]); + void gcm_gmult_p8(u64 Xi[2], const u128 htable[16]); + void gcm_ghash_p8(u64 Xi[2], const u128 htable[16], +@@ -55,16 +52,11 @@ struct p8_ghash_desc_ctx { + + static int p8_ghash_init_tfm(struct crypto_tfm *tfm) + { +- const char *alg; ++ const char *alg = "ghash-generic"; + struct crypto_shash *fallback; + struct crypto_shash *shash_tfm = __crypto_shash_cast(tfm); + struct p8_ghash_ctx *ctx = crypto_tfm_ctx(tfm); + +- if (!(alg = crypto_tfm_alg_name(tfm))) { +- printk(KERN_ERR "Failed to get algorithm name.\n"); +- return -ENOENT; +- } +- + fallback = crypto_alloc_shash(alg, 0, CRYPTO_ALG_NEED_FALLBACK); + if (IS_ERR(fallback)) { + printk(KERN_ERR +@@ -78,10 +70,18 @@ static int p8_ghash_init_tfm(struct crypto_tfm *tfm) + crypto_shash_set_flags(fallback, + crypto_shash_get_flags((struct crypto_shash + *) tfm)); +- ctx->fallback = fallback; + +- shash_tfm->descsize = sizeof(struct p8_ghash_desc_ctx) +- + crypto_shash_descsize(fallback); ++ /* Check if the descsize defined in the algorithm is still enough. */ ++ if (shash_tfm->descsize < sizeof(struct p8_ghash_desc_ctx) ++ + crypto_shash_descsize(fallback)) { ++ printk(KERN_ERR ++ "Desc size of the fallback implementation (%s) does not match the expected value: %lu vs %u\n", ++ alg, ++ shash_tfm->descsize - sizeof(struct p8_ghash_desc_ctx), ++ crypto_shash_descsize(fallback)); ++ return -EINVAL; ++ } ++ ctx->fallback = fallback; + + return 0; + } +@@ -113,7 +113,7 @@ static int p8_ghash_setkey(struct crypto_shash *tfm, const u8 *key, + { + struct p8_ghash_ctx *ctx = crypto_tfm_ctx(crypto_shash_tfm(tfm)); + +- if (keylen != GHASH_KEY_LEN) ++ if (keylen != GHASH_BLOCK_SIZE) + return -EINVAL; + + preempt_disable(); +@@ -211,7 +211,8 @@ struct shash_alg p8_ghash_alg = { + .update = p8_ghash_update, + .final = p8_ghash_final, + .setkey = p8_ghash_setkey, +- .descsize = sizeof(struct p8_ghash_desc_ctx), ++ .descsize = sizeof(struct p8_ghash_desc_ctx) ++ + sizeof(struct ghash_desc_ctx), + .base = { + .cra_name = "ghash", + .cra_driver_name = "p8_ghash", +diff --git a/drivers/infiniband/hw/hfi1/rc.c b/drivers/infiniband/hw/hfi1/rc.c +index 792f15e..29e3ce2 100644 +--- a/drivers/infiniband/hw/hfi1/rc.c ++++ b/drivers/infiniband/hw/hfi1/rc.c +@@ -889,8 +889,10 @@ void hfi1_send_rc_ack(struct hfi1_ctxtdata *rcd, struct rvt_qp *qp, + return; + + queue_ack: +- this_cpu_inc(*ibp->rvp.rc_qacks); + spin_lock_irqsave(&qp->s_lock, flags); ++ if (!(ib_rvt_state_ops[qp->state] & RVT_PROCESS_RECV_OK)) ++ goto unlock; ++ this_cpu_inc(*ibp->rvp.rc_qacks); + qp->s_flags |= RVT_S_ACK_PENDING | RVT_S_RESP_PENDING; + qp->s_nak_state = qp->r_nak_state; + qp->s_ack_psn = qp->r_ack_psn; +@@ -899,6 +901,7 @@ void hfi1_send_rc_ack(struct hfi1_ctxtdata *rcd, struct rvt_qp *qp, + + /* Schedule the send tasklet. */ + hfi1_schedule_send(qp); ++unlock: + spin_unlock_irqrestore(&qp->s_lock, flags); + } + +diff --git a/drivers/misc/mei/amthif.c b/drivers/misc/mei/amthif.c +index a039a5d..fd9271b 100644 +--- a/drivers/misc/mei/amthif.c ++++ b/drivers/misc/mei/amthif.c +@@ -67,8 +67,12 @@ int mei_amthif_host_init(struct mei_device *dev, struct mei_me_client *me_cl) + struct mei_cl *cl = &dev->iamthif_cl; + int ret; + +- if (mei_cl_is_connected(cl)) +- return 0; ++ mutex_lock(&dev->device_lock); ++ ++ if (mei_cl_is_connected(cl)) { ++ ret = 0; ++ goto out; ++ } + + dev->iamthif_state = MEI_IAMTHIF_IDLE; + +@@ -77,11 +81,13 @@ int mei_amthif_host_init(struct mei_device *dev, struct mei_me_client *me_cl) + ret = mei_cl_link(cl); + if (ret < 0) { + dev_err(dev->dev, "amthif: failed cl_link %d\n", ret); +- return ret; ++ goto out; + } + + ret = mei_cl_connect(cl, me_cl, NULL); + ++out: ++ mutex_unlock(&dev->device_lock); + return ret; + } + +diff --git a/drivers/misc/mei/bus.c b/drivers/misc/mei/bus.c +index 1f33fea..e094df3 100644 +--- a/drivers/misc/mei/bus.c ++++ b/drivers/misc/mei/bus.c +@@ -983,12 +983,10 @@ void mei_cl_bus_rescan_work(struct work_struct *work) + container_of(work, struct mei_device, bus_rescan_work); + struct mei_me_client *me_cl; + +- mutex_lock(&bus->device_lock); + me_cl = mei_me_cl_by_uuid(bus, &mei_amthif_guid); + if (me_cl) + mei_amthif_host_init(bus, me_cl); + mei_me_cl_put(me_cl); +- mutex_unlock(&bus->device_lock); + + mei_cl_bus_rescan(bus); + } +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 501f15d..e7ba731 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -11415,6 +11415,12 @@ static pci_ers_result_t i40e_pci_error_detected(struct pci_dev *pdev, + + dev_info(&pdev->dev, "%s: error %d\n", __func__, error); + ++ if (!pf) { ++ dev_info(&pdev->dev, ++ "Cannot recover - error happened during device probe\n"); ++ return PCI_ERS_RESULT_DISCONNECT; ++ } ++ + /* shutdown all operations */ + if (!test_bit(__I40E_SUSPENDED, &pf->state)) { + rtnl_lock(); +diff --git a/drivers/net/wireless/ath/carl9170/debug.c b/drivers/net/wireless/ath/carl9170/debug.c +index 6808db4..ec3a64e 100644 +--- a/drivers/net/wireless/ath/carl9170/debug.c ++++ b/drivers/net/wireless/ath/carl9170/debug.c +@@ -75,7 +75,8 @@ static ssize_t carl9170_debugfs_read(struct file *file, char __user *userbuf, + + if (!ar) + return -ENODEV; +- dfops = container_of(file->f_op, struct carl9170_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct carl9170_debugfs_fops, fops); + + if (!dfops->read) + return -ENOSYS; +@@ -127,7 +128,8 @@ static ssize_t carl9170_debugfs_write(struct file *file, + + if (!ar) + return -ENODEV; +- dfops = container_of(file->f_op, struct carl9170_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct carl9170_debugfs_fops, fops); + + if (!dfops->write) + return -ENOSYS; +diff --git a/drivers/net/wireless/broadcom/b43/debugfs.c b/drivers/net/wireless/broadcom/b43/debugfs.c +index b4bcd94..7704638 100644 +--- a/drivers/net/wireless/broadcom/b43/debugfs.c ++++ b/drivers/net/wireless/broadcom/b43/debugfs.c +@@ -524,7 +524,8 @@ static ssize_t b43_debugfs_read(struct file *file, char __user *userbuf, + goto out_unlock; + } + +- dfops = container_of(file->f_op, struct b43_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct b43_debugfs_fops, fops); + if (!dfops->read) { + err = -ENOSYS; + goto out_unlock; +@@ -585,7 +586,8 @@ static ssize_t b43_debugfs_write(struct file *file, + goto out_unlock; + } + +- dfops = container_of(file->f_op, struct b43_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct b43_debugfs_fops, fops); + if (!dfops->write) { + err = -ENOSYS; + goto out_unlock; +diff --git a/drivers/net/wireless/broadcom/b43legacy/debugfs.c b/drivers/net/wireless/broadcom/b43legacy/debugfs.c +index 090910e..82ef56e 100644 +--- a/drivers/net/wireless/broadcom/b43legacy/debugfs.c ++++ b/drivers/net/wireless/broadcom/b43legacy/debugfs.c +@@ -221,7 +221,8 @@ static ssize_t b43legacy_debugfs_read(struct file *file, char __user *userbuf, + goto out_unlock; + } + +- dfops = container_of(file->f_op, struct b43legacy_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct b43legacy_debugfs_fops, fops); + if (!dfops->read) { + err = -ENOSYS; + goto out_unlock; +@@ -287,7 +288,8 @@ static ssize_t b43legacy_debugfs_write(struct file *file, + goto out_unlock; + } + +- dfops = container_of(file->f_op, struct b43legacy_debugfs_fops, fops); ++ dfops = container_of(debugfs_real_fops(file), ++ struct b43legacy_debugfs_fops, fops); + if (!dfops->write) { + err = -ENOSYS; + goto out_unlock; +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +index 121baba..9014bf4 100644 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +@@ -2473,7 +2473,7 @@ static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si) + WL_BSS_INFO_MAX); + if (err) { + brcmf_err("Failed to get bss info (%d)\n", err); +- return; ++ goto out_kfree; + } + si->filled |= BIT(NL80211_STA_INFO_BSS_PARAM); + si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period); +@@ -2485,6 +2485,9 @@ static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si) + si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE; + if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) + si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME; ++ ++out_kfree: ++ kfree(buf); + } + + static s32 +@@ -3824,11 +3827,11 @@ brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev, + if (!check_vif_up(ifp->vif)) + return -EIO; + +- brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", &pmksa->bssid); ++ brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid); + + npmk = le32_to_cpu(cfg->pmk_list.npmk); + for (i = 0; i < npmk; i++) +- if (!memcmp(&pmksa->bssid, &pmk[i].bssid, ETH_ALEN)) ++ if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN)) + break; + + if ((npmk > 0) && (i < npmk)) { +diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c +index 7e269f9..6366444 100644 +--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c ++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c +@@ -234,13 +234,20 @@ static void brcmf_flowring_block(struct brcmf_flowring *flow, u16 flowid, + + void brcmf_flowring_delete(struct brcmf_flowring *flow, u16 flowid) + { ++ struct brcmf_bus *bus_if = dev_get_drvdata(flow->dev); + struct brcmf_flowring_ring *ring; ++ struct brcmf_if *ifp; + u16 hash_idx; ++ u8 ifidx; + struct sk_buff *skb; + + ring = flow->rings[flowid]; + if (!ring) + return; ++ ++ ifidx = brcmf_flowring_ifidx_get(flow, flowid); ++ ifp = brcmf_get_ifp(bus_if->drvr, ifidx); ++ + brcmf_flowring_block(flow, flowid, false); + hash_idx = ring->hash_id; + flow->hash[hash_idx].ifidx = BRCMF_FLOWRING_INVALID_IFIDX; +@@ -249,7 +256,7 @@ void brcmf_flowring_delete(struct brcmf_flowring *flow, u16 flowid) + + skb = skb_dequeue(&ring->skblist); + while (skb) { +- brcmu_pkt_buf_free_skb(skb); ++ brcmf_txfinalize(ifp, skb, false); + skb = skb_dequeue(&ring->skblist); + } + +diff --git a/drivers/scsi/arcmsr/arcmsr_hba.c b/drivers/scsi/arcmsr/arcmsr_hba.c +index 7640498..3d53d63 100644 +--- a/drivers/scsi/arcmsr/arcmsr_hba.c ++++ b/drivers/scsi/arcmsr/arcmsr_hba.c +@@ -2388,15 +2388,23 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, + } + case ARCMSR_MESSAGE_WRITE_WQBUFFER: { + unsigned char *ver_addr; +- int32_t user_len, cnt2end; ++ uint32_t user_len; ++ int32_t cnt2end; + uint8_t *pQbuffer, *ptmpuserbuffer; ++ ++ user_len = pcmdmessagefld->cmdmessage.Length; ++ if (user_len > ARCMSR_API_DATA_BUFLEN) { ++ retvalue = ARCMSR_MESSAGE_FAIL; ++ goto message_out; ++ } ++ + ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC); + if (!ver_addr) { + retvalue = ARCMSR_MESSAGE_FAIL; + goto message_out; + } + ptmpuserbuffer = ver_addr; +- user_len = pcmdmessagefld->cmdmessage.Length; ++ + memcpy(ptmpuserbuffer, + pcmdmessagefld->messagedatabuffer, user_len); + spin_lock_irqsave(&acb->wqbuffer_lock, flags); +diff --git a/drivers/scsi/ibmvscsi/ibmvfc.c b/drivers/scsi/ibmvscsi/ibmvfc.c +index fc523c3..6398f3d 100644 +--- a/drivers/scsi/ibmvscsi/ibmvfc.c ++++ b/drivers/scsi/ibmvscsi/ibmvfc.c +@@ -717,7 +717,6 @@ static int ibmvfc_reset_crq(struct ibmvfc_host *vhost) + spin_lock_irqsave(vhost->host->host_lock, flags); + vhost->state = IBMVFC_NO_CRQ; + vhost->logged_in = 0; +- ibmvfc_set_host_action(vhost, IBMVFC_HOST_ACTION_NONE); + + /* Clean out the queue */ + memset(crq->msgs, 0, PAGE_SIZE); +diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c +index e199696..b022f5a 100644 +--- a/drivers/tty/serial/8250/8250_dw.c ++++ b/drivers/tty/serial/8250/8250_dw.c +@@ -462,7 +462,7 @@ static int dw8250_probe(struct platform_device *pdev) + } + + data->pclk = devm_clk_get(&pdev->dev, "apb_pclk"); +- if (IS_ERR(data->clk) && PTR_ERR(data->clk) == -EPROBE_DEFER) { ++ if (IS_ERR(data->pclk) && PTR_ERR(data->pclk) == -EPROBE_DEFER) { + err = -EPROBE_DEFER; + goto err_clk; + } +diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c +index d403603..427dd78 100644 +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -1415,12 +1415,8 @@ static void __do_stop_tx_rs485(struct uart_8250_port *p) + if (!(p->port.rs485.flags & SER_RS485_RX_DURING_TX)) { + serial8250_clear_fifos(p); + +- serial8250_rpm_get(p); +- + p->ier |= UART_IER_RLSI | UART_IER_RDI; + serial_port_out(&p->port, UART_IER, p->ier); +- +- serial8250_rpm_put(p); + } + } + +@@ -1430,6 +1426,7 @@ static void serial8250_em485_handle_stop_tx(unsigned long arg) + struct uart_8250_em485 *em485 = p->em485; + unsigned long flags; + ++ serial8250_rpm_get(p); + spin_lock_irqsave(&p->port.lock, flags); + if (em485 && + em485->active_timer == &em485->stop_tx_timer) { +@@ -1437,6 +1434,7 @@ static void serial8250_em485_handle_stop_tx(unsigned long arg) + em485->active_timer = NULL; + } + spin_unlock_irqrestore(&p->port.lock, flags); ++ serial8250_rpm_put(p); + } + + static void __stop_tx_rs485(struct uart_8250_port *p) +@@ -1476,7 +1474,7 @@ static inline void __stop_tx(struct uart_8250_port *p) + unsigned char lsr = serial_in(p, UART_LSR); + /* + * To provide required timeing and allow FIFO transfer, +- * __stop_tx_rs485 must be called only when both FIFO and ++ * __stop_tx_rs485() must be called only when both FIFO and + * shift register are empty. It is for device driver to enable + * interrupt on TEMT. + */ +@@ -1485,9 +1483,10 @@ static inline void __stop_tx(struct uart_8250_port *p) + + del_timer(&em485->start_tx_timer); + em485->active_timer = NULL; ++ ++ __stop_tx_rs485(p); + } + __do_stop_tx(p); +- __stop_tx_rs485(p); + } + + static void serial8250_stop_tx(struct uart_port *port) +diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c +index 0df2b1c..615c027 100644 +--- a/drivers/tty/serial/imx.c ++++ b/drivers/tty/serial/imx.c +@@ -740,12 +740,13 @@ static unsigned int imx_get_hwmctrl(struct imx_port *sport) + { + unsigned int tmp = TIOCM_DSR; + unsigned usr1 = readl(sport->port.membase + USR1); ++ unsigned usr2 = readl(sport->port.membase + USR2); + + if (usr1 & USR1_RTSS) + tmp |= TIOCM_CTS; + + /* in DCE mode DCDIN is always 0 */ +- if (!(usr1 & USR2_DCDIN)) ++ if (!(usr2 & USR2_DCDIN)) + tmp |= TIOCM_CAR; + + if (sport->dte_mode) +diff --git a/fs/attr.c b/fs/attr.c +index 25b24d0..ccde270 100644 +--- a/fs/attr.c ++++ b/fs/attr.c +@@ -202,6 +202,21 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de + return -EPERM; + } + ++ /* ++ * If utimes(2) and friends are called with times == NULL (or both ++ * times are UTIME_NOW), then we need to check for write permission ++ */ ++ if (ia_valid & ATTR_TOUCH) { ++ if (IS_IMMUTABLE(inode)) ++ return -EPERM; ++ ++ if (!inode_owner_or_capable(inode)) { ++ error = inode_permission(inode, MAY_WRITE); ++ if (error) ++ return error; ++ } ++ } ++ + if ((ia_valid & ATTR_MODE)) { + umode_t amode = attr->ia_mode; + /* Flag setting protected by i_mutex */ +diff --git a/fs/btrfs/compression.c b/fs/btrfs/compression.c +index 658c39b..702e583 100644 +--- a/fs/btrfs/compression.c ++++ b/fs/btrfs/compression.c +@@ -690,7 +690,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, + ret = btrfs_map_bio(root, READ, comp_bio, + mirror_num, 0); + if (ret) { +- bio->bi_error = ret; ++ comp_bio->bi_error = ret; + bio_endio(comp_bio); + } + +@@ -719,7 +719,7 @@ int btrfs_submit_compressed_read(struct inode *inode, struct bio *bio, + + ret = btrfs_map_bio(root, READ, comp_bio, mirror_num, 0); + if (ret) { +- bio->bi_error = ret; ++ comp_bio->bi_error = ret; + bio_endio(comp_bio); + } + +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h +index 72f5048..699ee7c 100644 +--- a/fs/btrfs/ctree.h ++++ b/fs/btrfs/ctree.h +@@ -265,7 +265,8 @@ struct btrfs_super_block { + #define BTRFS_FEATURE_COMPAT_SAFE_CLEAR 0ULL + + #define BTRFS_FEATURE_COMPAT_RO_SUPP \ +- (BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE) ++ (BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE | \ ++ BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE_VALID) + + #define BTRFS_FEATURE_COMPAT_RO_SAFE_SET 0ULL + #define BTRFS_FEATURE_COMPAT_RO_SAFE_CLEAR 0ULL +diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c +index 864cf3b..c14e8c7 100644 +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -2528,6 +2528,7 @@ int open_ctree(struct super_block *sb, + int num_backups_tried = 0; + int backup_index = 0; + int max_active; ++ int clear_free_space_tree = 0; + + tree_root = fs_info->tree_root = btrfs_alloc_root(fs_info, GFP_KERNEL); + chunk_root = fs_info->chunk_root = btrfs_alloc_root(fs_info, GFP_KERNEL); +@@ -3129,6 +3130,14 @@ int open_ctree(struct super_block *sb, + + if (btrfs_test_opt(tree_root, CLEAR_CACHE) && + btrfs_fs_compat_ro(fs_info, FREE_SPACE_TREE)) { ++ clear_free_space_tree = 1; ++ } else if (btrfs_fs_compat_ro(fs_info, FREE_SPACE_TREE) && ++ !btrfs_fs_compat_ro(fs_info, FREE_SPACE_TREE_VALID)) { ++ btrfs_warn(fs_info, "free space tree is invalid"); ++ clear_free_space_tree = 1; ++ } ++ ++ if (clear_free_space_tree) { + btrfs_info(fs_info, "clearing free space tree"); + ret = btrfs_clear_free_space_tree(fs_info); + if (ret) { +diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c +index 92fe3f8..28f60fc 100644 +--- a/fs/btrfs/extent_io.c ++++ b/fs/btrfs/extent_io.c +@@ -5508,17 +5508,45 @@ void copy_extent_buffer(struct extent_buffer *dst, struct extent_buffer *src, + } + } + +-/* +- * The extent buffer bitmap operations are done with byte granularity because +- * bitmap items are not guaranteed to be aligned to a word and therefore a +- * single word in a bitmap may straddle two pages in the extent buffer. +- */ +-#define BIT_BYTE(nr) ((nr) / BITS_PER_BYTE) +-#define BYTE_MASK ((1 << BITS_PER_BYTE) - 1) +-#define BITMAP_FIRST_BYTE_MASK(start) \ +- ((BYTE_MASK << ((start) & (BITS_PER_BYTE - 1))) & BYTE_MASK) +-#define BITMAP_LAST_BYTE_MASK(nbits) \ +- (BYTE_MASK >> (-(nbits) & (BITS_PER_BYTE - 1))) ++void le_bitmap_set(u8 *map, unsigned int start, int len) ++{ ++ u8 *p = map + BIT_BYTE(start); ++ const unsigned int size = start + len; ++ int bits_to_set = BITS_PER_BYTE - (start % BITS_PER_BYTE); ++ u8 mask_to_set = BITMAP_FIRST_BYTE_MASK(start); ++ ++ while (len - bits_to_set >= 0) { ++ *p |= mask_to_set; ++ len -= bits_to_set; ++ bits_to_set = BITS_PER_BYTE; ++ mask_to_set = ~(u8)0; ++ p++; ++ } ++ if (len) { ++ mask_to_set &= BITMAP_LAST_BYTE_MASK(size); ++ *p |= mask_to_set; ++ } ++} ++ ++void le_bitmap_clear(u8 *map, unsigned int start, int len) ++{ ++ u8 *p = map + BIT_BYTE(start); ++ const unsigned int size = start + len; ++ int bits_to_clear = BITS_PER_BYTE - (start % BITS_PER_BYTE); ++ u8 mask_to_clear = BITMAP_FIRST_BYTE_MASK(start); ++ ++ while (len - bits_to_clear >= 0) { ++ *p &= ~mask_to_clear; ++ len -= bits_to_clear; ++ bits_to_clear = BITS_PER_BYTE; ++ mask_to_clear = ~(u8)0; ++ p++; ++ } ++ if (len) { ++ mask_to_clear &= BITMAP_LAST_BYTE_MASK(size); ++ *p &= ~mask_to_clear; ++ } ++} + + /* + * eb_bitmap_offset() - calculate the page and offset of the byte containing the +@@ -5562,7 +5590,7 @@ static inline void eb_bitmap_offset(struct extent_buffer *eb, + int extent_buffer_test_bit(struct extent_buffer *eb, unsigned long start, + unsigned long nr) + { +- char *kaddr; ++ u8 *kaddr; + struct page *page; + unsigned long i; + size_t offset; +@@ -5584,13 +5612,13 @@ int extent_buffer_test_bit(struct extent_buffer *eb, unsigned long start, + void extent_buffer_bitmap_set(struct extent_buffer *eb, unsigned long start, + unsigned long pos, unsigned long len) + { +- char *kaddr; ++ u8 *kaddr; + struct page *page; + unsigned long i; + size_t offset; + const unsigned int size = pos + len; + int bits_to_set = BITS_PER_BYTE - (pos % BITS_PER_BYTE); +- unsigned int mask_to_set = BITMAP_FIRST_BYTE_MASK(pos); ++ u8 mask_to_set = BITMAP_FIRST_BYTE_MASK(pos); + + eb_bitmap_offset(eb, start, pos, &i, &offset); + page = eb->pages[i]; +@@ -5601,7 +5629,7 @@ void extent_buffer_bitmap_set(struct extent_buffer *eb, unsigned long start, + kaddr[offset] |= mask_to_set; + len -= bits_to_set; + bits_to_set = BITS_PER_BYTE; +- mask_to_set = ~0U; ++ mask_to_set = ~(u8)0; + if (++offset >= PAGE_SIZE && len > 0) { + offset = 0; + page = eb->pages[++i]; +@@ -5626,13 +5654,13 @@ void extent_buffer_bitmap_set(struct extent_buffer *eb, unsigned long start, + void extent_buffer_bitmap_clear(struct extent_buffer *eb, unsigned long start, + unsigned long pos, unsigned long len) + { +- char *kaddr; ++ u8 *kaddr; + struct page *page; + unsigned long i; + size_t offset; + const unsigned int size = pos + len; + int bits_to_clear = BITS_PER_BYTE - (pos % BITS_PER_BYTE); +- unsigned int mask_to_clear = BITMAP_FIRST_BYTE_MASK(pos); ++ u8 mask_to_clear = BITMAP_FIRST_BYTE_MASK(pos); + + eb_bitmap_offset(eb, start, pos, &i, &offset); + page = eb->pages[i]; +@@ -5643,7 +5671,7 @@ void extent_buffer_bitmap_clear(struct extent_buffer *eb, unsigned long start, + kaddr[offset] &= ~mask_to_clear; + len -= bits_to_clear; + bits_to_clear = BITS_PER_BYTE; +- mask_to_clear = ~0U; ++ mask_to_clear = ~(u8)0; + if (++offset >= PAGE_SIZE && len > 0) { + offset = 0; + page = eb->pages[++i]; +diff --git a/fs/btrfs/extent_io.h b/fs/btrfs/extent_io.h +index c0c1c4f..d190107 100644 +--- a/fs/btrfs/extent_io.h ++++ b/fs/btrfs/extent_io.h +@@ -58,6 +58,28 @@ + */ + #define EXTENT_PAGE_PRIVATE 1 + ++/* ++ * The extent buffer bitmap operations are done with byte granularity instead of ++ * word granularity for two reasons: ++ * 1. The bitmaps must be little-endian on disk. ++ * 2. Bitmap items are not guaranteed to be aligned to a word and therefore a ++ * single word in a bitmap may straddle two pages in the extent buffer. ++ */ ++#define BIT_BYTE(nr) ((nr) / BITS_PER_BYTE) ++#define BYTE_MASK ((1 << BITS_PER_BYTE) - 1) ++#define BITMAP_FIRST_BYTE_MASK(start) \ ++ ((BYTE_MASK << ((start) & (BITS_PER_BYTE - 1))) & BYTE_MASK) ++#define BITMAP_LAST_BYTE_MASK(nbits) \ ++ (BYTE_MASK >> (-(nbits) & (BITS_PER_BYTE - 1))) ++ ++static inline int le_test_bit(int nr, const u8 *addr) ++{ ++ return 1U & (addr[BIT_BYTE(nr)] >> (nr & (BITS_PER_BYTE-1))); ++} ++ ++extern void le_bitmap_set(u8 *map, unsigned int start, int len); ++extern void le_bitmap_clear(u8 *map, unsigned int start, int len); ++ + struct extent_state; + struct btrfs_root; + struct btrfs_io_bio; +diff --git a/fs/btrfs/free-space-tree.c b/fs/btrfs/free-space-tree.c +index 53dbeaf..0e041bf 100644 +--- a/fs/btrfs/free-space-tree.c ++++ b/fs/btrfs/free-space-tree.c +@@ -151,7 +151,7 @@ static inline u32 free_space_bitmap_size(u64 size, u32 sectorsize) + return DIV_ROUND_UP((u32)div_u64(size, sectorsize), BITS_PER_BYTE); + } + +-static unsigned long *alloc_bitmap(u32 bitmap_size) ++static u8 *alloc_bitmap(u32 bitmap_size) + { + void *mem; + +@@ -180,8 +180,7 @@ int convert_free_space_to_bitmaps(struct btrfs_trans_handle *trans, + struct btrfs_free_space_info *info; + struct btrfs_key key, found_key; + struct extent_buffer *leaf; +- unsigned long *bitmap; +- char *bitmap_cursor; ++ u8 *bitmap, *bitmap_cursor; + u64 start, end; + u64 bitmap_range, i; + u32 bitmap_size, flags, expected_extent_count; +@@ -231,7 +230,7 @@ int convert_free_space_to_bitmaps(struct btrfs_trans_handle *trans, + block_group->sectorsize); + last = div_u64(found_key.objectid + found_key.offset - start, + block_group->sectorsize); +- bitmap_set(bitmap, first, last - first); ++ le_bitmap_set(bitmap, first, last - first); + + extent_count++; + nr++; +@@ -269,7 +268,7 @@ int convert_free_space_to_bitmaps(struct btrfs_trans_handle *trans, + goto out; + } + +- bitmap_cursor = (char *)bitmap; ++ bitmap_cursor = bitmap; + bitmap_range = block_group->sectorsize * BTRFS_FREE_SPACE_BITMAP_BITS; + i = start; + while (i < end) { +@@ -318,7 +317,7 @@ int convert_free_space_to_extents(struct btrfs_trans_handle *trans, + struct btrfs_free_space_info *info; + struct btrfs_key key, found_key; + struct extent_buffer *leaf; +- unsigned long *bitmap; ++ u8 *bitmap; + u64 start, end; + /* Initialize to silence GCC. */ + u64 extent_start = 0; +@@ -362,7 +361,7 @@ int convert_free_space_to_extents(struct btrfs_trans_handle *trans, + break; + } else if (found_key.type == BTRFS_FREE_SPACE_BITMAP_KEY) { + unsigned long ptr; +- char *bitmap_cursor; ++ u8 *bitmap_cursor; + u32 bitmap_pos, data_size; + + ASSERT(found_key.objectid >= start); +@@ -372,7 +371,7 @@ int convert_free_space_to_extents(struct btrfs_trans_handle *trans, + bitmap_pos = div_u64(found_key.objectid - start, + block_group->sectorsize * + BITS_PER_BYTE); +- bitmap_cursor = ((char *)bitmap) + bitmap_pos; ++ bitmap_cursor = bitmap + bitmap_pos; + data_size = free_space_bitmap_size(found_key.offset, + block_group->sectorsize); + +@@ -409,7 +408,7 @@ int convert_free_space_to_extents(struct btrfs_trans_handle *trans, + offset = start; + bitnr = 0; + while (offset < end) { +- bit = !!test_bit(bitnr, bitmap); ++ bit = !!le_test_bit(bitnr, bitmap); + if (prev_bit == 0 && bit == 1) { + extent_start = offset; + } else if (prev_bit == 1 && bit == 0) { +@@ -1183,6 +1182,7 @@ int btrfs_create_free_space_tree(struct btrfs_fs_info *fs_info) + } + + btrfs_set_fs_compat_ro(fs_info, FREE_SPACE_TREE); ++ btrfs_set_fs_compat_ro(fs_info, FREE_SPACE_TREE_VALID); + fs_info->creating_free_space_tree = 0; + + ret = btrfs_commit_transaction(trans, tree_root); +@@ -1251,6 +1251,7 @@ int btrfs_clear_free_space_tree(struct btrfs_fs_info *fs_info) + return PTR_ERR(trans); + + btrfs_clear_fs_compat_ro(fs_info, FREE_SPACE_TREE); ++ btrfs_clear_fs_compat_ro(fs_info, FREE_SPACE_TREE_VALID); + fs_info->free_space_root = NULL; + + ret = clear_free_space_tree(trans, free_space_root); +diff --git a/fs/cachefiles/interface.c b/fs/cachefiles/interface.c +index ce5f345..e7f16a7 100644 +--- a/fs/cachefiles/interface.c ++++ b/fs/cachefiles/interface.c +@@ -253,6 +253,8 @@ static void cachefiles_drop_object(struct fscache_object *_object) + struct cachefiles_object *object; + struct cachefiles_cache *cache; + const struct cred *saved_cred; ++ struct inode *inode; ++ blkcnt_t i_blocks = 0; + + ASSERT(_object); + +@@ -279,6 +281,10 @@ static void cachefiles_drop_object(struct fscache_object *_object) + _object != cache->cache.fsdef + ) { + _debug("- retire object OBJ%x", object->fscache.debug_id); ++ inode = d_backing_inode(object->dentry); ++ if (inode) ++ i_blocks = inode->i_blocks; ++ + cachefiles_begin_secure(cache, &saved_cred); + cachefiles_delete_object(cache, object); + cachefiles_end_secure(cache, saved_cred); +@@ -292,7 +298,7 @@ static void cachefiles_drop_object(struct fscache_object *_object) + + /* note that the object is now inactive */ + if (test_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags)) +- cachefiles_mark_object_inactive(cache, object); ++ cachefiles_mark_object_inactive(cache, object, i_blocks); + + dput(object->dentry); + object->dentry = NULL; +diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h +index 2fcde1a..cd1effe 100644 +--- a/fs/cachefiles/internal.h ++++ b/fs/cachefiles/internal.h +@@ -160,7 +160,8 @@ extern char *cachefiles_cook_key(const u8 *raw, int keylen, uint8_t type); + * namei.c + */ + extern void cachefiles_mark_object_inactive(struct cachefiles_cache *cache, +- struct cachefiles_object *object); ++ struct cachefiles_object *object, ++ blkcnt_t i_blocks); + extern int cachefiles_delete_object(struct cachefiles_cache *cache, + struct cachefiles_object *object); + extern int cachefiles_walk_to_object(struct cachefiles_object *parent, +diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c +index 3f7c2cd..c6ee4b5 100644 +--- a/fs/cachefiles/namei.c ++++ b/fs/cachefiles/namei.c +@@ -261,10 +261,9 @@ static int cachefiles_mark_object_active(struct cachefiles_cache *cache, + * Mark an object as being inactive. + */ + void cachefiles_mark_object_inactive(struct cachefiles_cache *cache, +- struct cachefiles_object *object) ++ struct cachefiles_object *object, ++ blkcnt_t i_blocks) + { +- blkcnt_t i_blocks = d_backing_inode(object->dentry)->i_blocks; +- + write_lock(&cache->active_lock); + rb_erase(&object->active_node, &cache->active_nodes); + clear_bit(CACHEFILES_OBJECT_ACTIVE, &object->flags); +@@ -707,7 +706,8 @@ int cachefiles_walk_to_object(struct cachefiles_object *parent, + + check_error: + _debug("check error %d", ret); +- cachefiles_mark_object_inactive(cache, object); ++ cachefiles_mark_object_inactive( ++ cache, object, d_backing_inode(object->dentry)->i_blocks); + release_dentry: + dput(object->dentry); + object->dentry = NULL; +diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c +index 592059f..309f4e9 100644 +--- a/fs/debugfs/file.c ++++ b/fs/debugfs/file.c +@@ -97,9 +97,6 @@ EXPORT_SYMBOL_GPL(debugfs_use_file_finish); + + #define F_DENTRY(filp) ((filp)->f_path.dentry) + +-#define REAL_FOPS_DEREF(dentry) \ +- ((const struct file_operations *)(dentry)->d_fsdata) +- + static int open_proxy_open(struct inode *inode, struct file *filp) + { + const struct dentry *dentry = F_DENTRY(filp); +@@ -112,7 +109,7 @@ static int open_proxy_open(struct inode *inode, struct file *filp) + goto out; + } + +- real_fops = REAL_FOPS_DEREF(dentry); ++ real_fops = debugfs_real_fops(filp); + real_fops = fops_get(real_fops); + if (!real_fops) { + /* Huh? Module did not clean up after itself at exit? */ +@@ -143,7 +140,7 @@ static ret_type full_proxy_ ## name(proto) \ + { \ + const struct dentry *dentry = F_DENTRY(filp); \ + const struct file_operations *real_fops = \ +- REAL_FOPS_DEREF(dentry); \ ++ debugfs_real_fops(filp); \ + int srcu_idx; \ + ret_type r; \ + \ +@@ -176,7 +173,7 @@ static unsigned int full_proxy_poll(struct file *filp, + struct poll_table_struct *wait) + { + const struct dentry *dentry = F_DENTRY(filp); +- const struct file_operations *real_fops = REAL_FOPS_DEREF(dentry); ++ const struct file_operations *real_fops = debugfs_real_fops(filp); + int srcu_idx; + unsigned int r = 0; + +@@ -193,7 +190,7 @@ static unsigned int full_proxy_poll(struct file *filp, + static int full_proxy_release(struct inode *inode, struct file *filp) + { + const struct dentry *dentry = F_DENTRY(filp); +- const struct file_operations *real_fops = REAL_FOPS_DEREF(dentry); ++ const struct file_operations *real_fops = debugfs_real_fops(filp); + const struct file_operations *proxy_fops = filp->f_op; + int r = 0; + +@@ -241,7 +238,7 @@ static int full_proxy_open(struct inode *inode, struct file *filp) + goto out; + } + +- real_fops = REAL_FOPS_DEREF(dentry); ++ real_fops = debugfs_real_fops(filp); + real_fops = fops_get(real_fops); + if (!real_fops) { + /* Huh? Module did not cleanup after itself at exit? */ +diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c +index 1ab012a..be14bea 100644 +--- a/fs/dlm/lowcomms.c ++++ b/fs/dlm/lowcomms.c +@@ -1657,16 +1657,12 @@ void dlm_lowcomms_stop(void) + mutex_lock(&connections_lock); + dlm_allow_conn = 0; + foreach_conn(stop_conn); ++ clean_writequeues(); ++ foreach_conn(free_conn); + mutex_unlock(&connections_lock); + + work_stop(); + +- mutex_lock(&connections_lock); +- clean_writequeues(); +- +- foreach_conn(free_conn); +- +- mutex_unlock(&connections_lock); + kmem_cache_destroy(con_cache); + } + +diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c +index d7ccb7f..7f69347 100644 +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -5734,6 +5734,9 @@ int ext4_insert_range(struct inode *inode, loff_t offset, loff_t len) + up_write(&EXT4_I(inode)->i_data_sem); + goto out_stop; + } ++ } else { ++ ext4_ext_drop_refs(path); ++ kfree(path); + } + + ret = ext4_es_remove_extent(inode, offset_lblk, +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index ea628af..8fa01cb 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -647,11 +647,19 @@ int ext4_map_blocks(handle_t *handle, struct inode *inode, + /* + * We have to zeroout blocks before inserting them into extent + * status tree. Otherwise someone could look them up there and +- * use them before they are really zeroed. ++ * use them before they are really zeroed. We also have to ++ * unmap metadata before zeroing as otherwise writeback can ++ * overwrite zeros with stale data from block device. + */ + if (flags & EXT4_GET_BLOCKS_ZERO && + map->m_flags & EXT4_MAP_MAPPED && + map->m_flags & EXT4_MAP_NEW) { ++ ext4_lblk_t i; ++ ++ for (i = 0; i < map->m_len; i++) { ++ unmap_underlying_metadata(inode->i_sb->s_bdev, ++ map->m_pblk + i); ++ } + ret = ext4_issue_zeroout(inode, map->m_lblk, + map->m_pblk, map->m_len); + if (ret) { +@@ -1649,6 +1657,8 @@ static void mpage_release_unused_pages(struct mpage_da_data *mpd, + BUG_ON(!PageLocked(page)); + BUG_ON(PageWriteback(page)); + if (invalidate) { ++ if (page_mapped(page)) ++ clear_page_dirty_for_io(page); + block_invalidatepage(page, 0, PAGE_SIZE); + ClearPageUptodate(page); + } +@@ -3890,7 +3900,7 @@ int ext4_update_disksize_before_punch(struct inode *inode, loff_t offset, + } + + /* +- * ext4_punch_hole: punches a hole in a file by releaseing the blocks ++ * ext4_punch_hole: punches a hole in a file by releasing the blocks + * associated with the given offset and length + * + * @inode: File inode +@@ -3919,7 +3929,7 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) + * Write out all dirty pages to avoid race conditions + * Then release them. + */ +- if (mapping->nrpages && mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) { ++ if (mapping_tagged(mapping, PAGECACHE_TAG_DIRTY)) { + ret = filemap_write_and_wait_range(mapping, offset, + offset + length - 1); + if (ret) +@@ -4814,14 +4824,14 @@ static int ext4_do_update_inode(handle_t *handle, + * Fix up interoperability with old kernels. Otherwise, old inodes get + * re-used with the upper 16 bits of the uid/gid intact + */ +- if (!ei->i_dtime) { ++ if (ei->i_dtime && list_empty(&ei->i_orphan)) { ++ raw_inode->i_uid_high = 0; ++ raw_inode->i_gid_high = 0; ++ } else { + raw_inode->i_uid_high = + cpu_to_le16(high_16_bits(i_uid)); + raw_inode->i_gid_high = + cpu_to_le16(high_16_bits(i_gid)); +- } else { +- raw_inode->i_uid_high = 0; +- raw_inode->i_gid_high = 0; + } + } else { + raw_inode->i_uid_low = cpu_to_le16(fs_high2lowuid(i_uid)); +diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c +index a920c5d..6fc14de 100644 +--- a/fs/ext4/move_extent.c ++++ b/fs/ext4/move_extent.c +@@ -598,6 +598,13 @@ ext4_move_extents(struct file *o_filp, struct file *d_filp, __u64 orig_blk, + return -EOPNOTSUPP; + } + ++ if (ext4_encrypted_inode(orig_inode) || ++ ext4_encrypted_inode(donor_inode)) { ++ ext4_msg(orig_inode->i_sb, KERN_ERR, ++ "Online defrag not supported for encrypted files"); ++ return -EOPNOTSUPP; ++ } ++ + /* Protect orig and donor inodes against a truncate */ + lock_two_nondirectories(orig_inode, donor_inode); + +diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c +index 5bb46b6..593f32b 100644 +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -2043,33 +2043,31 @@ static int make_indexed_dir(handle_t *handle, struct ext4_filename *fname, + frame->entries = entries; + frame->at = entries; + frame->bh = bh; +- bh = bh2; + + retval = ext4_handle_dirty_dx_node(handle, dir, frame->bh); + if (retval) + goto out_frames; +- retval = ext4_handle_dirty_dirent_node(handle, dir, bh); ++ retval = ext4_handle_dirty_dirent_node(handle, dir, bh2); + if (retval) + goto out_frames; + +- de = do_split(handle,dir, &bh, frame, &fname->hinfo); ++ de = do_split(handle,dir, &bh2, frame, &fname->hinfo); + if (IS_ERR(de)) { + retval = PTR_ERR(de); + goto out_frames; + } +- dx_release(frames); + +- retval = add_dirent_to_buf(handle, fname, dir, inode, de, bh); +- brelse(bh); +- return retval; ++ retval = add_dirent_to_buf(handle, fname, dir, inode, de, bh2); + out_frames: + /* + * Even if the block split failed, we have to properly write + * out all the changes we did so far. Otherwise we can end up + * with corrupted filesystem. + */ +- ext4_mark_inode_dirty(handle, dir); ++ if (retval) ++ ext4_mark_inode_dirty(handle, dir); + dx_release(frames); ++ brelse(bh2); + return retval; + } + +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index cca7b04..31145d6 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -1701,14 +1701,46 @@ int fuse_do_setattr(struct inode *inode, struct iattr *attr, + static int fuse_setattr(struct dentry *entry, struct iattr *attr) + { + struct inode *inode = d_inode(entry); ++ struct file *file = (attr->ia_valid & ATTR_FILE) ? attr->ia_file : NULL; ++ int ret; + + if (!fuse_allow_current_process(get_fuse_conn(inode))) + return -EACCES; + +- if (attr->ia_valid & ATTR_FILE) +- return fuse_do_setattr(inode, attr, attr->ia_file); +- else +- return fuse_do_setattr(inode, attr, NULL); ++ if (attr->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) { ++ int kill; ++ ++ attr->ia_valid &= ~(ATTR_KILL_SUID | ATTR_KILL_SGID | ++ ATTR_MODE); ++ /* ++ * ia_mode calculation may have used stale i_mode. Refresh and ++ * recalculate. ++ */ ++ ret = fuse_do_getattr(inode, NULL, file); ++ if (ret) ++ return ret; ++ ++ attr->ia_mode = inode->i_mode; ++ kill = should_remove_suid(entry); ++ if (kill & ATTR_KILL_SUID) { ++ attr->ia_valid |= ATTR_MODE; ++ attr->ia_mode &= ~S_ISUID; ++ } ++ if (kill & ATTR_KILL_SGID) { ++ attr->ia_valid |= ATTR_MODE; ++ attr->ia_mode &= ~S_ISGID; ++ } ++ } ++ if (!attr->ia_valid) ++ return 0; ++ ++ ret = fuse_do_setattr(inode, attr, file); ++ if (!ret) { ++ /* Directory mode changed, may need to revalidate access */ ++ if (d_is_dir(entry) && (attr->ia_valid & ATTR_MODE)) ++ fuse_invalidate_entry_cache(entry); ++ } ++ return ret; + } + + static int fuse_getattr(struct vfsmount *mnt, struct dentry *entry, +@@ -1800,6 +1832,23 @@ static ssize_t fuse_getxattr(struct dentry *entry, struct inode *inode, + return ret; + } + ++static int fuse_verify_xattr_list(char *list, size_t size) ++{ ++ size_t origsize = size; ++ ++ while (size) { ++ size_t thislen = strnlen(list, size); ++ ++ if (!thislen || thislen == size) ++ return -EIO; ++ ++ size -= thislen + 1; ++ list += thislen + 1; ++ } ++ ++ return origsize; ++} ++ + static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) + { + struct inode *inode = d_inode(entry); +@@ -1835,6 +1884,8 @@ static ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) + ret = fuse_simple_request(fc, &args); + if (!ret && !size) + ret = outarg.size; ++ if (ret > 0 && size) ++ ret = fuse_verify_xattr_list(list, ret); + if (ret == -ENOSYS) { + fc->no_listxattr = 1; + ret = -EOPNOTSUPP; +diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c +index c72c16c..b810826 100644 +--- a/fs/reiserfs/super.c ++++ b/fs/reiserfs/super.c +@@ -190,7 +190,15 @@ static int remove_save_link_only(struct super_block *s, + static int reiserfs_quota_on_mount(struct super_block *, int); + #endif + +-/* look for uncompleted unlinks and truncates and complete them */ ++/* ++ * Look for uncompleted unlinks and truncates and complete them ++ * ++ * Called with superblock write locked. If quotas are enabled, we have to ++ * release/retake lest we call dquot_quota_on_mount(), proceed to ++ * schedule_on_each_cpu() in invalidate_bdev() and deadlock waiting for the per ++ * cpu worklets to complete flush_async_commits() that in turn wait for the ++ * superblock write lock. ++ */ + static int finish_unfinished(struct super_block *s) + { + INITIALIZE_PATH(path); +@@ -237,7 +245,9 @@ static int finish_unfinished(struct super_block *s) + quota_enabled[i] = 0; + continue; + } ++ reiserfs_write_unlock(s); + ret = reiserfs_quota_on_mount(s, i); ++ reiserfs_write_lock(s); + if (ret < 0) + reiserfs_warning(s, "reiserfs-2500", + "cannot turn on journaled " +diff --git a/fs/utimes.c b/fs/utimes.c +index 85c40f4..ba54b9e 100644 +--- a/fs/utimes.c ++++ b/fs/utimes.c +@@ -87,20 +87,7 @@ static int utimes_common(struct path *path, struct timespec *times) + */ + newattrs.ia_valid |= ATTR_TIMES_SET; + } else { +- /* +- * If times is NULL (or both times are UTIME_NOW), +- * then we need to check permissions, because +- * inode_change_ok() won't do it. +- */ +- error = -EACCES; +- if (IS_IMMUTABLE(inode)) +- goto mnt_drop_write_and_out; +- +- if (!inode_owner_or_capable(inode)) { +- error = inode_permission(inode, MAY_WRITE); +- if (error) +- goto mnt_drop_write_and_out; +- } ++ newattrs.ia_valid |= ATTR_TOUCH; + } + retry_deleg: + inode_lock(inode); +@@ -112,7 +99,6 @@ static int utimes_common(struct path *path, struct timespec *times) + goto retry_deleg; + } + +-mnt_drop_write_and_out: + mnt_drop_write(path->mnt); + out: + return error; +diff --git a/include/crypto/ghash.h b/include/crypto/ghash.h +new file mode 100644 +index 0000000..2a61c9b +--- /dev/null ++++ b/include/crypto/ghash.h +@@ -0,0 +1,23 @@ ++/* ++ * Common values for GHASH algorithms ++ */ ++ ++#ifndef __CRYPTO_GHASH_H__ ++#define __CRYPTO_GHASH_H__ ++ ++#include <linux/types.h> ++#include <crypto/gf128mul.h> ++ ++#define GHASH_BLOCK_SIZE 16 ++#define GHASH_DIGEST_SIZE 16 ++ ++struct ghash_ctx { ++ struct gf128mul_4k *gf128; ++}; ++ ++struct ghash_desc_ctx { ++ u8 buffer[GHASH_BLOCK_SIZE]; ++ u32 bytes; ++}; ++ ++#endif +diff --git a/include/linux/debugfs.h b/include/linux/debugfs.h +index 1438e23..4d3f0d1 100644 +--- a/include/linux/debugfs.h ++++ b/include/linux/debugfs.h +@@ -45,6 +45,23 @@ extern struct dentry *arch_debugfs_dir; + + extern struct srcu_struct debugfs_srcu; + ++/** ++ * debugfs_real_fops - getter for the real file operation ++ * @filp: a pointer to a struct file ++ * ++ * Must only be called under the protection established by ++ * debugfs_use_file_start(). ++ */ ++static inline const struct file_operations *debugfs_real_fops(struct file *filp) ++ __must_hold(&debugfs_srcu) ++{ ++ /* ++ * Neither the pointer to the struct file_operations, nor its ++ * contents ever change -- srcu_dereference() is not needed here. ++ */ ++ return filp->f_path.dentry->d_fsdata; ++} ++ + #if defined(CONFIG_DEBUG_FS) + + struct dentry *debugfs_create_file(const char *name, umode_t mode, +diff --git a/include/linux/fs.h b/include/linux/fs.h +index dd28814..cf27c88 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -228,6 +228,7 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset, + #define ATTR_KILL_PRIV (1 << 14) + #define ATTR_OPEN (1 << 15) /* Truncating from open(O_TRUNC) */ + #define ATTR_TIMES_SET (1 << 16) ++#define ATTR_TOUCH (1 << 17) + + /* + * Whiteout is represented by a char device. The following constants define the +diff --git a/include/uapi/linux/btrfs.h b/include/uapi/linux/btrfs.h +index 2bdd1e3..409be35 100644 +--- a/include/uapi/linux/btrfs.h ++++ b/include/uapi/linux/btrfs.h +@@ -239,7 +239,17 @@ struct btrfs_ioctl_fs_info_args { + * Used by: + * struct btrfs_ioctl_feature_flags + */ +-#define BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE (1ULL << 0) ++#define BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE (1ULL << 0) ++/* ++ * Older kernels (< 4.9) on big-endian systems produced broken free space tree ++ * bitmaps, and btrfs-progs also used to corrupt the free space tree (versions ++ * < 4.7.3). If this bit is clear, then the free space tree cannot be trusted. ++ * btrfs-progs can also intentionally clear this bit to ask the kernel to ++ * rebuild the free space tree, however this might not work on older kernels ++ * that do not know about this bit. If not sure, clear the cache manually on ++ * first mount when booting older kernel versions. ++ */ ++#define BTRFS_FEATURE_COMPAT_RO_FREE_SPACE_TREE_VALID (1ULL << 1) + + #define BTRFS_FEATURE_INCOMPAT_MIXED_BACKREF (1ULL << 0) + #define BTRFS_FEATURE_INCOMPAT_DEFAULT_SUBVOL (1ULL << 1) +diff --git a/mm/filemap.c b/mm/filemap.c +index 20f3b1f..b510542 100644 +--- a/mm/filemap.c ++++ b/mm/filemap.c +@@ -1609,6 +1609,10 @@ static ssize_t do_generic_file_read(struct file *filp, loff_t *ppos, + unsigned int prev_offset; + int error = 0; + ++ if (unlikely(*ppos >= inode->i_sb->s_maxbytes)) ++ return -EINVAL; ++ iov_iter_truncate(iter, inode->i_sb->s_maxbytes); ++ + index = *ppos >> PAGE_SHIFT; + prev_index = ra->prev_pos >> PAGE_SHIFT; + prev_offset = ra->prev_pos & (PAGE_SIZE-1); +diff --git a/sound/soc/intel/atom/sst/sst_pvt.c b/sound/soc/intel/atom/sst/sst_pvt.c +index adb32fe..b1e6b8f 100644 +--- a/sound/soc/intel/atom/sst/sst_pvt.c ++++ b/sound/soc/intel/atom/sst/sst_pvt.c +@@ -279,17 +279,15 @@ int sst_prepare_and_post_msg(struct intel_sst_drv *sst, + + if (response) { + ret = sst_wait_timeout(sst, block); +- if (ret < 0) { ++ if (ret < 0) + goto out; +- } else if(block->data) { +- if (!data) +- goto out; +- *data = kzalloc(block->size, GFP_KERNEL); +- if (!(*data)) { ++ ++ if (data && block->data) { ++ *data = kmemdup(block->data, block->size, GFP_KERNEL); ++ if (!*data) { + ret = -ENOMEM; + goto out; +- } else +- memcpy(data, (void *) block->data, block->size); ++ } + } + } + out: diff --git a/4.7.9/4420_grsecurity-3.1-4.7.9-201610200819.patch b/4.7.10/4420_grsecurity-3.1-4.7.10-201610222037.patch index dd0fc99..04a81c6 100644 --- a/4.7.9/4420_grsecurity-3.1-4.7.9-201610200819.patch +++ b/4.7.10/4420_grsecurity-3.1-4.7.10-201610222037.patch @@ -425,7 +425,7 @@ index a3683ce..5ec8bf4 100644 A toggle value indicating if modules are allowed to be loaded diff --git a/Makefile b/Makefile -index cb3f64e..203a122 100644 +index 219ab6d..79d7414 100644 --- a/Makefile +++ b/Makefile @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -39938,7 +39938,7 @@ index d214e92..9649863 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/cfq-iosched.c b/block/cfq-iosched.c -index 4a34978..d102252 100644 +index 73a277d..63b2685 100644 --- a/block/cfq-iosched.c +++ b/block/cfq-iosched.c @@ -1953,8 +1953,8 @@ static u64 cfqg_prfill_sectors_recursive(struct seq_file *sf, @@ -40667,9 +40667,65 @@ index ab23479..9aa32bf 100644 enum acpi_battery_files { info_tag = 0, diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c -index 75f128e..72b03af 100644 +index 75f128e..0fbae68 100644 --- a/drivers/acpi/bgrt.c +++ b/drivers/acpi/bgrt.c +@@ -17,40 +17,40 @@ + + static struct kobject *bgrt_kobj; + +-static ssize_t show_version(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t show_version(struct kobject *kobj, ++ struct kobj_attribute *attr, char *buf) + { + return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->version); + } +-static DEVICE_ATTR(version, S_IRUGO, show_version, NULL); ++static KOBJECT_ATTR(version, S_IRUGO, show_version, NULL); + +-static ssize_t show_status(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t show_status(struct kobject *kobj, ++ struct kobj_attribute *attr, char *buf) + { + return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->status); + } +-static DEVICE_ATTR(status, S_IRUGO, show_status, NULL); ++static KOBJECT_ATTR(status, S_IRUGO, show_status, NULL); + +-static ssize_t show_type(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t show_type(struct kobject *kobj, ++ struct kobj_attribute *attr, char *buf) + { + return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_type); + } +-static DEVICE_ATTR(type, S_IRUGO, show_type, NULL); ++static KOBJECT_ATTR(type, S_IRUGO, show_type, NULL); + +-static ssize_t show_xoffset(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t show_xoffset(struct kobject *kobj, ++ struct kobj_attribute *attr, char *buf) + { + return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_offset_x); + } +-static DEVICE_ATTR(xoffset, S_IRUGO, show_xoffset, NULL); ++static KOBJECT_ATTR(xoffset, S_IRUGO, show_xoffset, NULL); + +-static ssize_t show_yoffset(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t show_yoffset(struct kobject *kobj, ++ struct kobj_attribute *attr, char *buf) + { + return snprintf(buf, PAGE_SIZE, "%d\n", bgrt_tab->image_offset_y); + } +-static DEVICE_ATTR(yoffset, S_IRUGO, show_yoffset, NULL); ++static KOBJECT_ATTR(yoffset, S_IRUGO, show_yoffset, NULL); + + static ssize_t image_read(struct file *file, struct kobject *kobj, + struct bin_attribute *attr, char *buf, loff_t off, size_t count) @@ -87,8 +87,10 @@ static int __init bgrt_init(void) if (!bgrt_image) return -ENODEV; @@ -65257,10 +65313,10 @@ index 237d0cd..6c094fd 100644 /* rxstream mpdu merge */ struct ar9170_rx_head rx_plcp; diff --git a/drivers/net/wireless/ath/carl9170/debug.c b/drivers/net/wireless/ath/carl9170/debug.c -index 6808db4..3a5df05 100644 +index ec3a64e..4d4a4e2 100644 --- a/drivers/net/wireless/ath/carl9170/debug.c +++ b/drivers/net/wireless/ath/carl9170/debug.c -@@ -221,7 +221,7 @@ static char *carl9170_debugfs_mem_usage_read(struct ar9170 *ar, char *buf, +@@ -223,7 +223,7 @@ static char *carl9170_debugfs_mem_usage_read(struct ar9170 *ar, char *buf, ADD(buf, *len, bufsize, "cookies: used:%3d / total:%3d, allocs:%d\n", bitmap_weight(ar->mem_bitmap, ar->fw.mem_blocks), @@ -65269,7 +65325,7 @@ index 6808db4..3a5df05 100644 ADD(buf, *len, bufsize, "memory: free:%3d (%3d KiB) / total:%3d KiB)\n", atomic_read(&ar->mem_free_blocks), -@@ -672,7 +672,7 @@ static char *carl9170_debugfs_bug_read(struct ar9170 *ar, char *buf, +@@ -674,7 +674,7 @@ static char *carl9170_debugfs_bug_read(struct ar9170 *ar, char *buf, ADD(buf, *ret, bufsize, "reported firmware BUGs:%d\n", ar->fw.bug_counter); ADD(buf, *ret, bufsize, "pending restart requests:%d\n", @@ -65278,7 +65334,7 @@ index 6808db4..3a5df05 100644 return buf; } __DEBUGFS_DECLARE_RW_FILE(bug, 400, CARL9170_STOPPED); -@@ -779,7 +779,7 @@ DEBUGFS_READONLY_FILE(usb_rx_pool_urbs, 20, "%d", +@@ -781,7 +781,7 @@ DEBUGFS_READONLY_FILE(usb_rx_pool_urbs, 20, "%d", DEBUGFS_READONLY_FILE(tx_total_queued, 20, "%d", atomic_read(&ar->tx_total_queued)); DEBUGFS_READONLY_FILE(tx_ampdu_scheduler, 20, "%d", @@ -65849,10 +65905,10 @@ index 83770d2..3ec8a40 100644 if (modparam_pio) wldev->__using_pio = true; diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c -index 121baba..80f9d55 100644 +index 9014bf4..da14293 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c -@@ -5077,6 +5077,50 @@ static struct cfg80211_ops brcmf_cfg80211_ops = { +@@ -5080,6 +5080,50 @@ static struct cfg80211_ops brcmf_cfg80211_ops = { .tdls_oper = brcmf_cfg80211_tdls_oper, }; @@ -65903,7 +65959,7 @@ index 121baba..80f9d55 100644 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg, enum nl80211_iftype type, bool pm_block) -@@ -6703,7 +6747,7 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr, +@@ -6706,7 +6750,7 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr, struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev; struct brcmf_cfg80211_info *cfg; struct wiphy *wiphy; @@ -65912,7 +65968,7 @@ index 121baba..80f9d55 100644 struct brcmf_cfg80211_vif *vif; struct brcmf_if *ifp; s32 err = 0; -@@ -6715,15 +6759,10 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr, +@@ -6718,15 +6762,10 @@ struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr, return NULL; } @@ -65929,7 +65985,7 @@ index 121baba..80f9d55 100644 #endif wiphy = wiphy_new(ops, sizeof(struct brcmf_cfg80211_info)); if (!wiphy) { -@@ -6862,7 +6901,6 @@ priv_out: +@@ -6865,7 +6904,6 @@ priv_out: ifp->vif = NULL; wiphy_out: brcmf_free_wiphy(wiphy); @@ -65937,7 +65993,7 @@ index 121baba..80f9d55 100644 return NULL; } -@@ -6873,7 +6911,6 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg) +@@ -6876,7 +6914,6 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg) brcmf_btcoex_detach(cfg); wiphy_unregister(cfg->wiphy); @@ -71254,32 +71310,6 @@ index 109e2c9..7d3c9b5 100644 u_long s; int enint_coal; -diff --git a/drivers/scsi/arcmsr/arcmsr_hba.c b/drivers/scsi/arcmsr/arcmsr_hba.c -index 7640498..110eca9 100644 ---- a/drivers/scsi/arcmsr/arcmsr_hba.c -+++ b/drivers/scsi/arcmsr/arcmsr_hba.c -@@ -2388,7 +2388,8 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, - } - case ARCMSR_MESSAGE_WRITE_WQBUFFER: { - unsigned char *ver_addr; -- int32_t user_len, cnt2end; -+ uint32_t user_len; -+ int32_t cnt2end; - uint8_t *pQbuffer, *ptmpuserbuffer; - ver_addr = kmalloc(ARCMSR_API_DATA_BUFLEN, GFP_ATOMIC); - if (!ver_addr) { -@@ -2397,6 +2398,11 @@ static int arcmsr_iop_message_xfer(struct AdapterControlBlock *acb, - } - ptmpuserbuffer = ver_addr; - user_len = pcmdmessagefld->cmdmessage.Length; -+ if (user_len > ARCMSR_API_DATA_BUFLEN) { -+ retvalue = ARCMSR_MESSAGE_FAIL; -+ kfree(ver_addr); -+ goto message_out; -+ } - memcpy(ptmpuserbuffer, - pcmdmessagefld->messagedatabuffer, user_len); - spin_lock_irqsave(&acb->wqbuffer_lock, flags); diff --git a/drivers/scsi/be2iscsi/be_main.c b/drivers/scsi/be2iscsi/be_main.c index f05e773..b48c418 100644 --- a/drivers/scsi/be2iscsi/be_main.c @@ -96484,7 +96514,7 @@ index 4fe81d1..85f39a0 100644 file = aio_private_file(ctx, nr_pages); diff --git a/fs/attr.c b/fs/attr.c -index 25b24d0..85550fc 100644 +index ccde270..659020c 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -102,6 +102,10 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -97667,10 +97697,10 @@ index a85cf7d..bf8fc07 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h -index 72f5048..80a0451 100644 +index 699ee7c..2ba3c2f 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h -@@ -358,8 +358,8 @@ struct btrfs_dev_replace { +@@ -359,8 +359,8 @@ struct btrfs_dev_replace { u64 replace_state; /* see #define above */ u64 time_started; /* seconds since 1-Jan-1970 */ u64 time_stopped; /* seconds since 1-Jan-1970 */ @@ -97681,7 +97711,7 @@ index 72f5048..80a0451 100644 u64 cursor_left; u64 committed_cursor_left; -@@ -846,7 +846,7 @@ struct btrfs_fs_info { +@@ -847,7 +847,7 @@ struct btrfs_fs_info { /* this protects tree_mod_seq_list */ spinlock_t tree_mod_seq_lock; @@ -97690,7 +97720,7 @@ index 72f5048..80a0451 100644 struct list_head tree_mod_seq_list; /* this protects tree_mod_log */ -@@ -1157,7 +1157,7 @@ struct btrfs_root { +@@ -1158,7 +1158,7 @@ struct btrfs_root { struct list_head log_ctxs[2]; atomic_t log_writers; atomic_t log_commit[2]; @@ -97852,7 +97882,7 @@ index e922b42..2a5a145 100644 } #endif diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c -index 864cf3b..0dde743 100644 +index c14e8c7..3463a87 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c @@ -1279,7 +1279,7 @@ static void __setup_root(u32 nodesize, u32 sectorsize, u32 stripesize, @@ -97864,7 +97894,7 @@ index 864cf3b..0dde743 100644 atomic_set(&root->orphan_inodes, 0); atomic_set(&root->refs, 1); atomic_set(&root->will_be_snapshoted, 0); -@@ -2623,7 +2623,7 @@ int open_ctree(struct super_block *sb, +@@ -2624,7 +2624,7 @@ int open_ctree(struct super_block *sb, atomic_set(&fs_info->defrag_running, 0); atomic_set(&fs_info->qgroup_op_seq, 0); atomic_set(&fs_info->reada_works_cnt, 0); @@ -98419,7 +98449,7 @@ index 1ee54ff..ba89748 100644 cache->bstop_percent = bstop; diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h -index 2fcde1a..5986a27 100644 +index cd1effe..73f8767 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h @@ -65,9 +65,9 @@ struct cachefiles_cache { @@ -98435,7 +98465,7 @@ index 2fcde1a..5986a27 100644 unsigned frun_percent; /* when to stop culling (% files) */ unsigned fcull_percent; /* when to start culling (% files) */ unsigned fstop_percent; /* when to stop allocating (% files) */ -@@ -181,19 +181,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, +@@ -182,19 +182,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, * proc.c */ #ifdef CONFIG_CACHEFILES_HISTOGRAM @@ -98461,10 +98491,10 @@ index 2fcde1a..5986a27 100644 #else diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c -index 3f7c2cd..6014026 100644 +index c6ee4b5..de05717 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c -@@ -275,8 +275,8 @@ void cachefiles_mark_object_inactive(struct cachefiles_cache *cache, +@@ -274,8 +274,8 @@ void cachefiles_mark_object_inactive(struct cachefiles_cache *cache, /* This object can now be culled, so we need to let the daemon know * that there is something it can remove if it needs to. */ @@ -98475,7 +98505,7 @@ index 3f7c2cd..6014026 100644 cachefiles_state_changed(cache); } -@@ -335,7 +335,7 @@ try_again: +@@ -334,7 +334,7 @@ try_again: /* first step is to make up a grave dentry in the graveyard */ sprintf(nbuffer, "%08x%08x", (uint32_t) get_seconds(), @@ -99705,10 +99735,10 @@ index 1ed81bb..3d8fde8 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c -index 592059f..8faaef38 100644 +index 309f4e9..de9bafa 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c -@@ -212,7 +212,7 @@ static int full_proxy_release(struct inode *inode, struct file *filp) +@@ -209,7 +209,7 @@ static int full_proxy_release(struct inode *inode, struct file *filp) return 0; } @@ -99717,7 +99747,7 @@ index 592059f..8faaef38 100644 const struct file_operations *real_fops) { proxy_fops->release = full_proxy_release; -@@ -232,7 +232,7 @@ static int full_proxy_open(struct inode *inode, struct file *filp) +@@ -229,7 +229,7 @@ static int full_proxy_open(struct inode *inode, struct file *filp) { const struct dentry *dentry = F_DENTRY(filp); const struct file_operations *real_fops = NULL; @@ -100789,7 +100819,7 @@ index b84aa1c..36fd3b0 100644 /* locality groups */ diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c -index d7ccb7f..1b9329a 100644 +index 7f69347..7fb5e14 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -876,7 +876,7 @@ ext4_find_extent(struct inode *inode, ext4_lblk_t block, @@ -116685,10 +116715,10 @@ index 2adcde1..7d27bc8 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/fs/reiserfs/super.c b/fs/reiserfs/super.c -index c72c16c..9b21de1 100644 +index b810826..75f0e6d 100644 --- a/fs/reiserfs/super.c +++ b/fs/reiserfs/super.c -@@ -1877,6 +1877,10 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) +@@ -1887,6 +1887,10 @@ static int reiserfs_fill_super(struct super_block *s, void *data, int silent) sbi->s_mount_opt |= (1 << REISERFS_SMALLTAIL); sbi->s_mount_opt |= (1 << REISERFS_ERROR_RO); sbi->s_mount_opt |= (1 << REISERFS_BARRIER_FLUSH); @@ -117387,7 +117417,7 @@ index 2d97952..115b9d9 100644 if (!mmget_not_zero(mm)) goto wakeup; diff --git a/fs/utimes.c b/fs/utimes.c -index 85c40f4..52fcd23 100644 +index ba54b9e..49fc4d8 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -1,6 +1,7 @@ @@ -117398,8 +117428,8 @@ index 85c40f4..52fcd23 100644 #include <linux/linkage.h> #include <linux/mount.h> #include <linux/namei.h> -@@ -103,6 +104,12 @@ static int utimes_common(struct path *path, struct timespec *times) - } +@@ -90,6 +91,12 @@ static int utimes_common(struct path *path, struct timespec *times) + newattrs.ia_valid |= ATTR_TOUCH; } retry_deleg: + @@ -117411,6 +117441,14 @@ index 85c40f4..52fcd23 100644 inode_lock(inode); error = notify_change(path->dentry, &newattrs, &delegated_inode); inode_unlock(inode); +@@ -99,6 +106,7 @@ retry_deleg: + goto retry_deleg; + } + ++mnt_drop_write_and_out: + mnt_drop_write(path->mnt); + out: + return error; diff --git a/fs/xattr.c b/fs/xattr.c index 4beafc4..02b5e0d 100644 --- a/fs/xattr.c @@ -131353,10 +131391,10 @@ index d4b7683..9feb066 100644 int fw_iso_context_queue(struct fw_iso_context *ctx, struct fw_iso_packet *packet, diff --git a/include/linux/fs.h b/include/linux/fs.h -index dd28814..1bf4623 100644 +index cf27c88..029fc3e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -331,7 +331,7 @@ struct kiocb { +@@ -332,7 +332,7 @@ struct kiocb { void (*ki_complete)(struct kiocb *iocb, long ret, long ret2); void *private; int ki_flags; @@ -131365,7 +131403,7 @@ index dd28814..1bf4623 100644 static inline bool is_sync_kiocb(struct kiocb *kiocb) { -@@ -445,7 +445,7 @@ struct address_space { +@@ -446,7 +446,7 @@ struct address_space { spinlock_t private_lock; /* for use by the address_space */ struct list_head private_list; /* ditto */ void *private_data; /* ditto */ @@ -131374,7 +131412,7 @@ index dd28814..1bf4623 100644 /* * On most architectures that alignment is already the case; but * must be enforced here for CRIS, to let the least significant bit -@@ -488,7 +488,7 @@ struct block_device { +@@ -489,7 +489,7 @@ struct block_device { int bd_fsfreeze_count; /* Mutex for freeze */ struct mutex bd_fsfreeze_mutex; @@ -131383,7 +131421,7 @@ index dd28814..1bf4623 100644 /* * Radix-tree tags, for tagging dirty and writeback pages within the pagecache -@@ -700,7 +700,7 @@ struct inode { +@@ -701,7 +701,7 @@ struct inode { #endif void *i_private; /* fs or device private pointer */ @@ -131392,7 +131430,7 @@ index dd28814..1bf4623 100644 static inline int inode_unhashed(struct inode *inode) { -@@ -935,7 +935,7 @@ struct file { +@@ -936,7 +936,7 @@ struct file { struct list_head f_tfile_llink; #endif /* #ifdef CONFIG_EPOLL */ struct address_space *f_mapping; @@ -131401,7 +131439,7 @@ index dd28814..1bf4623 100644 struct file_handle { __u32 handle_bytes; -@@ -1070,7 +1070,7 @@ struct file_lock { +@@ -1071,7 +1071,7 @@ struct file_lock { int state; /* state of grant or error if -ve */ } afs; } fl_u; @@ -131410,7 +131448,7 @@ index dd28814..1bf4623 100644 struct file_lock_context { spinlock_t flc_lock; -@@ -1448,7 +1448,7 @@ struct super_block { +@@ -1449,7 +1449,7 @@ struct super_block { /* s_inode_list_lock protects s_inodes */ spinlock_t s_inode_list_lock ____cacheline_aligned_in_smp; struct list_head s_inodes; /* all inodes */ @@ -131419,7 +131457,7 @@ index dd28814..1bf4623 100644 extern struct timespec current_fs_time(struct super_block *sb); -@@ -1706,7 +1706,8 @@ struct file_operations { +@@ -1707,7 +1707,8 @@ struct file_operations { u64); ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *, u64); @@ -131429,7 +131467,7 @@ index dd28814..1bf4623 100644 struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); -@@ -2421,12 +2422,12 @@ static inline void bd_unlink_disk_holder(struct block_device *bdev, +@@ -2422,12 +2423,12 @@ static inline void bd_unlink_disk_holder(struct block_device *bdev, #define CHRDEV_MAJOR_HASH_SIZE 255 /* Marks the bottom of the first segment of free char majors */ #define CHRDEV_MAJOR_DYN_END 234 @@ -131444,7 +131482,7 @@ index dd28814..1bf4623 100644 unsigned int count, const char *name); extern void unregister_chrdev_region(dev_t, unsigned); extern void chrdev_show(struct seq_file *,off_t); -@@ -3174,4 +3175,14 @@ static inline bool dir_relax_shared(struct inode *inode) +@@ -3175,4 +3176,14 @@ static inline bool dir_relax_shared(struct inode *inode) extern bool path_noexec(const struct path *path); extern void inode_nohighmem(struct inode *inode); @@ -133527,7 +133565,7 @@ index fcfd2bf..e4f5edb 100644 extern int call_usermodehelper(char *path, char **argv, char **envp, int wait); diff --git a/include/linux/kobject.h b/include/linux/kobject.h -index e628459..5985b6e 100644 +index e628459..9d45d56 100644 --- a/include/linux/kobject.h +++ b/include/linux/kobject.h @@ -119,7 +119,7 @@ struct kobj_type { @@ -133539,15 +133577,22 @@ index e628459..5985b6e 100644 struct kobj_uevent_env { char *argv[3]; -@@ -143,6 +143,7 @@ struct kobj_attribute { +@@ -143,6 +143,14 @@ struct kobj_attribute { ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count); }; +typedef struct kobj_attribute __no_const kobj_attribute_no_const; ++ ++#define KOBJECT_ATTR(_name, _mode, _show, _store) \ ++ struct kobj_attribute dev_attr_##_name = __ATTR(_name, _mode, _show, _store) ++#define KOBJECT_ATTR_RW(_name) \ ++ struct kobj_attribute dev_attr_##_name = __ATTR_RW(_name) ++#define KOBJECT_ATTR_RO(_name) \ ++ struct kobj_attribute dev_attr_##_name = __ATTR_RO(_name) extern const struct sysfs_ops kobj_sysfs_ops; -@@ -170,7 +171,7 @@ struct kset { +@@ -170,7 +178,7 @@ struct kset { spinlock_t list_lock; struct kobject kobj; const struct kset_uevent_ops *uevent_ops; @@ -148752,10 +148797,10 @@ index 6c707bf..c8d0529 100644 return sys_fadvise64_64(fd, offset, len, advice); } diff --git a/mm/filemap.c b/mm/filemap.c -index 20f3b1f..10fc7ab 100644 +index b510542..a6399eb 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -2241,7 +2241,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -2245,7 +2245,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -148764,7 +148809,7 @@ index 20f3b1f..10fc7ab 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2284,7 +2284,7 @@ static struct page *wait_on_page_read(struct page *page) +@@ -2288,7 +2288,7 @@ static struct page *wait_on_page_read(struct page *page) static struct page *do_read_cache_page(struct address_space *mapping, pgoff_t index, @@ -148773,7 +148818,7 @@ index 20f3b1f..10fc7ab 100644 void *data, gfp_t gfp) { -@@ -2391,7 +2391,7 @@ out: +@@ -2395,7 +2395,7 @@ out: */ struct page *read_cache_page(struct address_space *mapping, pgoff_t index, @@ -148782,7 +148827,7 @@ index 20f3b1f..10fc7ab 100644 void *data) { return do_read_cache_page(mapping, index, filler, data, mapping_gfp_mask(mapping)); -@@ -2413,7 +2413,7 @@ struct page *read_cache_page_gfp(struct address_space *mapping, +@@ -2417,7 +2417,7 @@ struct page *read_cache_page_gfp(struct address_space *mapping, pgoff_t index, gfp_t gfp) { @@ -148791,7 +148836,7 @@ index 20f3b1f..10fc7ab 100644 return do_read_cache_page(mapping, index, filler, NULL, gfp); } -@@ -2443,6 +2443,7 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) +@@ -2447,6 +2447,7 @@ inline ssize_t generic_write_checks(struct kiocb *iocb, struct iov_iter *from) pos = iocb->ki_pos; if (limit != RLIM_INFINITY) { @@ -173094,55 +173139,38 @@ index 0000000..36211fb +e_*.h diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile new file mode 100644 -index 0000000..4363d14 +index 0000000..62c26c9 --- /dev/null +++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile -@@ -0,0 +1,39 @@ +@@ -0,0 +1,22 @@ +HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf) + +$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so +always := $($(HOSTLIBS)-y) + -+targets += $(objtree)/$(obj)/e_fns.h \ -+ $(objtree)/$(obj)/e_fields.h \ -+ $(objtree)/$(obj)/e_fptrs.h \ -+ $(objtree)/$(obj)/e_vars.h \ -+ $(objtree)/$(obj)/e_aux.h \ -+ $(objtree)/$(obj)/disable.h -+ -+$(srctree)/$(src)/size_overflow_plugin_hash.c: $(objtree)/$(obj)/e_fns.h \ -+ $(objtree)/$(obj)/e_fields.h \ -+ $(objtree)/$(obj)/e_fptrs.h \ -+ $(objtree)/$(obj)/e_vars.h \ -+ $(objtree)/$(obj)/e_aux.h \ -+ $(objtree)/$(obj)/disable.h -+ +size_overflow_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c)) + +quiet_cmd_build_size_overflow_hash = GENHASH $@ + cmd_build_size_overflow_hash = \ + $(CONFIG_SHELL) $(srctree)/$(src)/generate_size_overflow_hash.sh -s $(patsubst e_%,%,$(patsubst $(obj)/%.h,%,$@))_hash -d $< -o $@ + -+$(objtree)/$(obj)/e_fns.h: $(srctree)/$(src)/e_fns.data -+ $(call if_changed,build_size_overflow_hash) -+$(objtree)/$(obj)/e_fields.h: $(srctree)/$(src)/e_fields.data -+ $(call if_changed,build_size_overflow_hash) -+$(objtree)/$(obj)/e_fptrs.h: $(srctree)/$(src)/e_fptrs.data -+ $(call if_changed,build_size_overflow_hash) -+$(objtree)/$(obj)/e_vars.h: $(srctree)/$(src)/e_vars.data -+ $(call if_changed,build_size_overflow_hash) -+$(objtree)/$(obj)/e_aux.h: $(srctree)/$(src)/e_aux.data -+ $(call if_changed,build_size_overflow_hash) -+$(objtree)/$(obj)/disable.h: $(srctree)/$(src)/disable.data -+ $(call if_changed,build_size_overflow_hash) ++define build_size_overflow_hash ++targets += $(addsuffix .h,$(1)) ++$(srctree)/$(src)/size_overflow_plugin_hash.c: $(addprefix $(objtree)/$(obj)/,$(addsuffix .h,$(1))) ++$(addprefix $(objtree)/$(obj)/,$(addsuffix .h,$(1))): $(addprefix $(src)/,$(addsuffix .data,$(1))) ++ $$(call if_changed,build_size_overflow_hash) ++endef ++ ++size_overflow_hash_tables := e_fns e_fields e_fptrs e_vars e_aux disable ++$(foreach h,$(size_overflow_hash_tables),$(eval $(call build_size_overflow_hash,$(h)))) + +clean-files += *.so diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable.data b/scripts/gcc-plugins/size_overflow_plugin/disable.data new file mode 100644 -index 0000000..2554418 +index 0000000..9ef004f --- /dev/null +++ b/scripts/gcc-plugins/size_overflow_plugin/disable.data -@@ -0,0 +1,12463 @@ +@@ -0,0 +1,12469 @@ +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray @@ -176722,7 +176750,8 @@ index 0000000..2554418 +disable_so_timestamp_batadv_nc_packet_19027 timestamp batadv_nc_packet 0 19027 NULL +disable_so_addr_high_ssp_ini_io_start_req_19029 addr_high ssp_ini_io_start_req 0 19029 NULL +disable_so_n_addresses_rxk5_key_19030 n_addresses rxk5_key 0 19030 NULL -+disable_so_ccp_crypto_enqueue_request_fndecl_19035 ccp_crypto_enqueue_request fndecl 0 19035 NULL ++e_old_decode_dev_fndecl_19035 old_decode_dev fndecl 0-1 19035 NULL nohasharray ++disable_so_ccp_crypto_enqueue_request_fndecl_19035 ccp_crypto_enqueue_request fndecl 0 19035 &e_old_decode_dev_fndecl_19035 +disable_so_timeout_mxser_port_19037 timeout mxser_port 0 19037 NULL +disable_so_xfs_btree_rec_addr_fndecl_19048 xfs_btree_rec_addr fndecl 2 19048 NULL +disable_so_sz_qat_crypto_request_buffs_19050 sz qat_crypto_request_buffs 0 19050 NULL @@ -185606,6 +185635,11 @@ index 0000000..2554418 +e_rtt0_vardecl_tcp_hybla_c_51134 rtt0 vardecl_tcp_hybla.c 0 51134 NULL +e_rtt_win_sx_westwood_41723 rtt_win_sx westwood 0 41723 NULL +e_baseRTT_vegas_18174 baseRTT vegas 0 18174 NULL ++e_init_special_inode_fndecl_7054 init_special_inode fndecl 3 7054 NULL ++e_new_decode_dev_fndecl_38477 new_decode_dev fndecl 0-1 38477 NULL ++e_new_encode_dev_fndecl_48964 new_encode_dev fndecl 0-1 48964 NULL ++e_jffs2_encode_dev_fndecl_39156 jffs2_encode_dev fndecl 2-0 39156 NULL ++e_seq_rxrpc_host_header_57996 seq rxrpc_host_header 0 57996 NULL diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_aux.data b/scripts/gcc-plugins/size_overflow_plugin/e_aux.data new file mode 100644 index 0000000..74e91b2 @@ -185711,10 +185745,10 @@ index 0000000..74e91b2 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data new file mode 100644 -index 0000000..6006250 +index 0000000..ac86364 --- /dev/null +++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data -@@ -0,0 +1,18888 @@ +@@ -0,0 +1,18882 @@ +e_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL +e_size_ttm_mem_reg_8 size ttm_mem_reg 0 8 NULL +e_char2uni_nls_table_12 char2uni nls_table 0 12 NULL @@ -187731,7 +187765,6 @@ index 0000000..6006250 +e_fp_msix_cnt_qed_int_params_7045 fp_msix_cnt qed_int_params 0 7045 NULL +e_kvm_read_guest_page_fndecl_7049 kvm_read_guest_page fndecl 2 7049 NULL +e_iforce_send_packet_fndecl_7050 iforce_send_packet fndecl 2 7050 NULL -+e_init_special_inode_fndecl_7054 init_special_inode fndecl 3 7054 NULL +e_SYSC_pselect6_fndecl_7055 SYSC_pselect6 fndecl 1 7055 NULL +e_packet_size_usbatm_channel_7056 packet_size usbatm_channel 0 7056 NULL +e___btrfs_drop_extents_fndecl_7058 __btrfs_drop_extents fndecl 6-5 7058 NULL nohasharray @@ -191218,7 +191251,6 @@ index 0000000..6006250 +e_rsxx_queue_discard_fndecl_19027 rsxx_queue_discard fndecl 0 19027 NULL +e_tcp_recvmsg_fndecl_19029 tcp_recvmsg fndecl 3 19029 NULL +e_sge_size_MPT3SAS_ADAPTER_19030 sge_size MPT3SAS_ADAPTER 0 19030 NULL -+e_old_decode_dev_fndecl_19035 old_decode_dev fndecl 0-1 19035 NULL +e_next_scan_nid_f2fs_nm_info_19036 next_scan_nid f2fs_nm_info 0 19036 NULL +e_scrollback_max_vardecl_fbcon_c_19040 scrollback_max vardecl_fbcon.c 0 19040 NULL +e_tsize_nfs2_fsstat_19041 tsize nfs2_fsstat 0 19041 NULL @@ -196886,8 +196918,7 @@ index 0000000..6006250 +e_test_ofsh_cyttsp4_sysinfo_data_38444 test_ofsh cyttsp4_sysinfo_data 0 38444 &e___ieee80211_tx_skb_tid_band_fndecl_38444 +e_lcd_hdisp_atyfb_par_38462 lcd_hdisp atyfb_par 0 38462 NULL +e_dvb_ringbuffer_avail_fndecl_38474 dvb_ringbuffer_avail fndecl 0 38474 NULL -+e_new_decode_dev_fndecl_38477 new_decode_dev fndecl 0-1 38477 NULL nohasharray -+e_blocksize_gss_krb5_enctype_38477 blocksize gss_krb5_enctype 0 38477 &e_new_decode_dev_fndecl_38477 ++e_blocksize_gss_krb5_enctype_38477 blocksize gss_krb5_enctype 0 38477 NULL +e___fuse_request_alloc_fndecl_38479 __fuse_request_alloc fndecl 1 38479 NULL +e_min_pfn_mapped_vardecl_init_c_38481 min_pfn_mapped vardecl_init.c 0 38481 NULL +e_pnfs_update_layout_fndecl_38495 pnfs_update_layout fndecl 3-4 38495 NULL @@ -197101,7 +197132,6 @@ index 0000000..6006250 +e_drvr_sglimit_blogic_adapter_39142 drvr_sglimit blogic_adapter 0 39142 NULL +e_mmc_test_buffer_transfer_fndecl_39150 mmc_test_buffer_transfer fndecl 4 39150 NULL +e_size_intel_initial_plane_config_39155 size intel_initial_plane_config 0 39155 NULL -+e_jffs2_encode_dev_fndecl_39156 jffs2_encode_dev fndecl 2-0 39156 NULL +e_log_root_btrfs_super_block_39157 log_root btrfs_super_block 0 39157 NULL +e_fcoe_start_cid_cnic_local_39162 fcoe_start_cid cnic_local 0 39162 NULL +e_sys_readv_fndecl_39163 sys_readv fndecl 3 39163 NULL nohasharray @@ -199888,7 +199918,6 @@ index 0000000..6006250 +e_xt_alloc_table_info_fndecl_48956 xt_alloc_table_info fndecl 1 48956 NULL +e_user_dlm_lock_fndecl_48959 user_dlm_lock fndecl 6 48959 NULL nohasharray +e_wptr_radeon_ring_48959 wptr radeon_ring 0 48959 &e_user_dlm_lock_fndecl_48959 -+e_new_encode_dev_fndecl_48964 new_encode_dev fndecl 0-1 48964 NULL +e_block_size_sm_ftl_48967 block_size sm_ftl 0 48967 NULL +e_rx_fndecl_48971 rx fndecl 4 48971 NULL +e_twl_i2c_write_fndecl_48976 twl_i2c_write fndecl 0 48976 NULL @@ -202463,8 +202492,7 @@ index 0000000..6006250 +e_hpfs_map_anode_fndecl_57993 hpfs_map_anode fndecl 2 57993 NULL +e_faultin_page_fndecl_57994 faultin_page fndecl 3 57994 NULL +e_perf_sample_ustack_size_fndecl_57995 perf_sample_ustack_size fndecl 0-2-1 57995 NULL -+e_codes_size_input_mask_57996 codes_size input_mask 0 57996 NULL nohasharray -+e_seq_rxrpc_host_header_57996 seq rxrpc_host_header 0 57996 &e_codes_size_input_mask_57996 ++e_codes_size_input_mask_57996 codes_size input_mask 0 57996 NULL +e_max_idx_node_sz_ubifs_info_57997 max_idx_node_sz ubifs_info 0 57997 NULL +e_status_orangefs_downcall_s_57998 status orangefs_downcall_s 0 57998 NULL +e_SSIDlen_StatusRid_58002 SSIDlen StatusRid 0 58002 NULL nohasharray diff --git a/4.7.9/4425_grsec_remove_EI_PAX.patch b/4.7.10/4425_grsec_remove_EI_PAX.patch index ba92792..ba92792 100644 --- a/4.7.9/4425_grsec_remove_EI_PAX.patch +++ b/4.7.10/4425_grsec_remove_EI_PAX.patch diff --git a/4.7.9/4427_force_XATTR_PAX_tmpfs.patch b/4.7.10/4427_force_XATTR_PAX_tmpfs.patch index b4714fc..b4714fc 100644 --- a/4.7.9/4427_force_XATTR_PAX_tmpfs.patch +++ b/4.7.10/4427_force_XATTR_PAX_tmpfs.patch diff --git a/4.7.9/4430_grsec-remove-localversion-grsec.patch b/4.7.10/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/4.7.9/4430_grsec-remove-localversion-grsec.patch +++ b/4.7.10/4430_grsec-remove-localversion-grsec.patch diff --git a/4.7.9/4435_grsec-mute-warnings.patch b/4.7.10/4435_grsec-mute-warnings.patch index 8929222..8929222 100644 --- a/4.7.9/4435_grsec-mute-warnings.patch +++ b/4.7.10/4435_grsec-mute-warnings.patch diff --git a/4.7.9/4440_grsec-remove-protected-paths.patch b/4.7.10/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/4.7.9/4440_grsec-remove-protected-paths.patch +++ b/4.7.10/4440_grsec-remove-protected-paths.patch diff --git a/4.7.9/4450_grsec-kconfig-default-gids.patch b/4.7.10/4450_grsec-kconfig-default-gids.patch index e892c8a..e892c8a 100644 --- a/4.7.9/4450_grsec-kconfig-default-gids.patch +++ b/4.7.10/4450_grsec-kconfig-default-gids.patch diff --git a/4.7.9/4465_selinux-avc_audit-log-curr_ip.patch b/4.7.10/4465_selinux-avc_audit-log-curr_ip.patch index 7248385..7248385 100644 --- a/4.7.9/4465_selinux-avc_audit-log-curr_ip.patch +++ b/4.7.10/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/4.7.9/4470_disable-compat_vdso.patch b/4.7.10/4470_disable-compat_vdso.patch index 0f82d7e..0f82d7e 100644 --- a/4.7.9/4470_disable-compat_vdso.patch +++ b/4.7.10/4470_disable-compat_vdso.patch diff --git a/4.7.9/4475_emutramp_default_on.patch b/4.7.10/4475_emutramp_default_on.patch index 2db58ab..2db58ab 100644 --- a/4.7.9/4475_emutramp_default_on.patch +++ b/4.7.10/4475_emutramp_default_on.patch |