summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2017-02-28 07:36:10 -0500
committerAnthony G. Basile <blueness@gentoo.org>2017-02-28 07:36:10 -0500
commitfef0e13499bf94e5df62bf9b4ba3b396f9a6b813 (patch)
tree47e32e44d72851fe4a5884cabaab9224019730bb
parentgrsecurity-3.1-4.9.12-201702231830 (diff)
downloadhardened-patchset-fef0e13499bf94e5df62bf9b4ba3b396f9a6b813.tar.gz
hardened-patchset-fef0e13499bf94e5df62bf9b4ba3b396f9a6b813.tar.bz2
hardened-patchset-fef0e13499bf94e5df62bf9b4ba3b396f9a6b813.zip
grsecurity-3.1-4.9.13-20170227072920170227
-rw-r--r--4.9.13/0000_README (renamed from 4.9.12/0000_README)6
-rw-r--r--4.9.13/1012_linux-4.9.13.patch1079
-rw-r--r--4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch (renamed from 4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch)161
-rw-r--r--4.9.13/4425_grsec_remove_EI_PAX.patch (renamed from 4.9.12/4425_grsec_remove_EI_PAX.patch)0
-rw-r--r--4.9.13/4426_default_XATTR_PAX_FLAGS.patch (renamed from 4.9.12/4426_default_XATTR_PAX_FLAGS.patch)0
-rw-r--r--4.9.13/4427_force_XATTR_PAX_tmpfs.patch (renamed from 4.9.12/4427_force_XATTR_PAX_tmpfs.patch)0
-rw-r--r--4.9.13/4430_grsec-remove-localversion-grsec.patch (renamed from 4.9.12/4430_grsec-remove-localversion-grsec.patch)0
-rw-r--r--4.9.13/4435_grsec-mute-warnings.patch (renamed from 4.9.12/4435_grsec-mute-warnings.patch)0
-rw-r--r--4.9.13/4440_grsec-remove-protected-paths.patch (renamed from 4.9.12/4440_grsec-remove-protected-paths.patch)0
-rw-r--r--4.9.13/4450_grsec-kconfig-default-gids.patch (renamed from 4.9.12/4450_grsec-kconfig-default-gids.patch)0
-rw-r--r--4.9.13/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 4.9.12/4465_selinux-avc_audit-log-curr_ip.patch)0
-rw-r--r--4.9.13/4470_disable-compat_vdso.patch (renamed from 4.9.12/4470_disable-compat_vdso.patch)0
-rw-r--r--4.9.13/4475_emutramp_default_on.patch (renamed from 4.9.12/4475_emutramp_default_on.patch)0
13 files changed, 1158 insertions, 88 deletions
diff --git a/4.9.12/0000_README b/4.9.13/0000_README
index fde5541..733ff59 100644
--- a/4.9.12/0000_README
+++ b/4.9.13/0000_README
@@ -2,7 +2,11 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.9.12-201702231830.patch
+Patch: 1012_linux-4.9.13.patch
+From: http://www.kernel.org
+Desc: Linux 4.9.13
+
+Patch: 4420_grsecurity-3.1-4.9.13-201702270729.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.9.13/1012_linux-4.9.13.patch b/4.9.13/1012_linux-4.9.13.patch
new file mode 100644
index 0000000..8a48815
--- /dev/null
+++ b/4.9.13/1012_linux-4.9.13.patch
@@ -0,0 +1,1079 @@
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index 922dec8..65b05ba 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -1391,6 +1391,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+ When zero, profiling data is discarded and associated
+ debugfs files are removed at module unload time.
+
++ goldfish [X86] Enable the goldfish android emulator platform.
++ Don't use this when you are not running on the
++ android emulator
++
+ gpt [EFI] Forces disk with valid GPT signature but
+ invalid Protective MBR to be treated as GPT. If the
+ primary GPT is corrupted, it enables the backup/alternate
+diff --git a/Makefile b/Makefile
+index 3cd6f6f..14dc275 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 9
+-SUBLEVEL = 12
++SUBLEVEL = 13
+ EXTRAVERSION =
+ NAME = Roaring Lionus
+
+diff --git a/arch/x86/platform/goldfish/goldfish.c b/arch/x86/platform/goldfish/goldfish.c
+index 1693107..0d17c0a 100644
+--- a/arch/x86/platform/goldfish/goldfish.c
++++ b/arch/x86/platform/goldfish/goldfish.c
+@@ -42,10 +42,22 @@ static struct resource goldfish_pdev_bus_resources[] = {
+ }
+ };
+
++static bool goldfish_enable __initdata;
++
++static int __init goldfish_setup(char *str)
++{
++ goldfish_enable = true;
++ return 0;
++}
++__setup("goldfish", goldfish_setup);
++
+ static int __init goldfish_init(void)
+ {
++ if (!goldfish_enable)
++ return -ENODEV;
++
+ platform_device_register_simple("goldfish_pdev_bus", -1,
+- goldfish_pdev_bus_resources, 2);
++ goldfish_pdev_bus_resources, 2);
+ return 0;
+ }
+ device_initcall(goldfish_init);
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+index 6bb21b3..a543ea6 100644
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+@@ -567,10 +567,14 @@ int mlx5e_stats_flower(struct mlx5e_priv *priv,
+
+ mlx5_fc_query_cached(counter, &bytes, &packets, &lastuse);
+
++ preempt_disable();
++
+ tcf_exts_to_list(f->exts, &actions);
+ list_for_each_entry(a, &actions, list)
+ tcf_action_stats_update(a, bytes, packets, lastuse);
+
++ preempt_enable();
++
+ return 0;
+ }
+
+diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c
+index b9087b8..3f1971d 100644
+--- a/drivers/net/ethernet/ti/cpsw.c
++++ b/drivers/net/ethernet/ti/cpsw.c
+@@ -2925,7 +2925,7 @@ static int cpsw_resume(struct device *dev)
+ {
+ struct platform_device *pdev = to_platform_device(dev);
+ struct net_device *ndev = platform_get_drvdata(pdev);
+- struct cpsw_common *cpsw = netdev_priv(ndev);
++ struct cpsw_common *cpsw = ndev_to_cpsw(ndev);
+
+ /* Select default pin state */
+ pinctrl_pm_select_default_state(dev);
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
+index 0fafaa9..d4f495b 100644
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -2449,7 +2449,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ return -EINVAL;
+ rt = vxlan_get_route(vxlan, skb, 0, info->key.tos,
+ info->key.u.ipv4.dst,
+- &info->key.u.ipv4.src, NULL, info);
++ &info->key.u.ipv4.src,
++ &info->dst_cache, info);
+ if (IS_ERR(rt))
+ return PTR_ERR(rt);
+ ip_rt_put(rt);
+@@ -2459,7 +2460,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+
+ ndst = vxlan6_get_route(vxlan, skb, 0, info->key.tos,
+ info->key.label, &info->key.u.ipv6.dst,
+- &info->key.u.ipv6.src, NULL, info);
++ &info->key.u.ipv6.src,
++ &info->dst_cache, info);
+ if (IS_ERR(ndst))
+ return PTR_ERR(ndst);
+ dst_release(ndst);
+diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
+index 3837bbd..ae0c48f 100644
+--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
+@@ -831,12 +831,30 @@ static void rtl_usb_stop(struct ieee80211_hw *hw)
+ struct rtl_priv *rtlpriv = rtl_priv(hw);
+ struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
+ struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
++ struct urb *urb;
+
+ /* should after adapter start and interrupt enable. */
+ set_hal_stop(rtlhal);
+ cancel_work_sync(&rtlpriv->works.fill_h2c_cmd);
+ /* Enable software */
+ SET_USB_STOP(rtlusb);
++
++ /* free pre-allocated URBs from rtl_usb_start() */
++ usb_kill_anchored_urbs(&rtlusb->rx_submitted);
++
++ tasklet_kill(&rtlusb->rx_work_tasklet);
++ cancel_work_sync(&rtlpriv->works.lps_change_work);
++
++ flush_workqueue(rtlpriv->works.rtl_wq);
++
++ skb_queue_purge(&rtlusb->rx_queue);
++
++ while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
++ usb_free_coherent(urb->dev, urb->transfer_buffer_length,
++ urb->transfer_buffer, urb->transfer_dma);
++ usb_free_urb(urb);
++ }
++
+ rtlpriv->cfg->ops->hw_disable(hw);
+ }
+
+diff --git a/drivers/platform/goldfish/pdev_bus.c b/drivers/platform/goldfish/pdev_bus.c
+index 1f52462..dd9ea46 100644
+--- a/drivers/platform/goldfish/pdev_bus.c
++++ b/drivers/platform/goldfish/pdev_bus.c
+@@ -157,23 +157,26 @@ static int goldfish_new_pdev(void)
+ static irqreturn_t goldfish_pdev_bus_interrupt(int irq, void *dev_id)
+ {
+ irqreturn_t ret = IRQ_NONE;
++
+ while (1) {
+ u32 op = readl(pdev_bus_base + PDEV_BUS_OP);
+- switch (op) {
+- case PDEV_BUS_OP_DONE:
+- return IRQ_NONE;
+
++ switch (op) {
+ case PDEV_BUS_OP_REMOVE_DEV:
+ goldfish_pdev_remove();
++ ret = IRQ_HANDLED;
+ break;
+
+ case PDEV_BUS_OP_ADD_DEV:
+ goldfish_new_pdev();
++ ret = IRQ_HANDLED;
+ break;
++
++ case PDEV_BUS_OP_DONE:
++ default:
++ return ret;
+ }
+- ret = IRQ_HANDLED;
+ }
+- return ret;
+ }
+
+ static int goldfish_pdev_bus_probe(struct platform_device *pdev)
+diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
+index 7312e7e..6788e75 100644
+--- a/drivers/tty/serial/msm_serial.c
++++ b/drivers/tty/serial/msm_serial.c
+@@ -1809,6 +1809,7 @@ static const struct of_device_id msm_match_table[] = {
+ { .compatible = "qcom,msm-uartdm" },
+ {}
+ };
++MODULE_DEVICE_TABLE(of, msm_match_table);
+
+ static struct platform_driver msm_platform_driver = {
+ .remove = msm_serial_remove,
+diff --git a/drivers/usb/serial/ark3116.c b/drivers/usb/serial/ark3116.c
+index 1532cde..7812052 100644
+--- a/drivers/usb/serial/ark3116.c
++++ b/drivers/usb/serial/ark3116.c
+@@ -99,10 +99,17 @@ static int ark3116_read_reg(struct usb_serial *serial,
+ usb_rcvctrlpipe(serial->dev, 0),
+ 0xfe, 0xc0, 0, reg,
+ buf, 1, ARK_TIMEOUT);
+- if (result < 0)
++ if (result < 1) {
++ dev_err(&serial->interface->dev,
++ "failed to read register %u: %d\n",
++ reg, result);
++ if (result >= 0)
++ result = -EIO;
++
+ return result;
+- else
+- return buf[0];
++ }
++
++ return buf[0];
+ }
+
+ static inline int calc_divisor(int bps)
+diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
+index 8967715..b6f1ade 100644
+--- a/drivers/usb/serial/console.c
++++ b/drivers/usb/serial/console.c
+@@ -143,6 +143,7 @@ static int usb_console_setup(struct console *co, char *options)
+ tty->driver = usb_serial_tty_driver;
+ tty->index = co->index;
+ init_ldsem(&tty->ldisc_sem);
++ spin_lock_init(&tty->files_lock);
+ INIT_LIST_HEAD(&tty->tty_files);
+ kref_get(&tty->driver->kref);
+ __module_get(tty->driver->owner);
+diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
+index 243ac5e..8bb4875 100644
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -172,6 +172,8 @@ static const struct usb_device_id id_table[] = {
+ { USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
+ { USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
+ { USB_DEVICE(0x1901, 0x0194) }, /* GE Healthcare Remote Alarm Box */
++ { USB_DEVICE(0x1901, 0x0195) }, /* GE B850/B650/B450 CP2104 DP UART interface */
++ { USB_DEVICE(0x1901, 0x0196) }, /* GE B850 CP2105 DP UART interface */
+ { USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
+ { USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 6e9fc8b..99a0a5f 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1807,8 +1807,6 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
+
+ mutex_init(&priv->cfg_lock);
+
+- priv->flags = ASYNC_LOW_LATENCY;
+-
+ if (quirk && quirk->port_probe)
+ quirk->port_probe(priv);
+
+@@ -2072,6 +2070,20 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ priv->prev_status = status;
+ }
+
++ /* save if the transmitter is empty or not */
++ if (packet[1] & FTDI_RS_TEMT)
++ priv->transmit_empty = 1;
++ else
++ priv->transmit_empty = 0;
++
++ len -= 2;
++ if (!len)
++ return 0; /* status only */
++
++ /*
++ * Break and error status must only be processed for packets with
++ * data payload to avoid over-reporting.
++ */
+ flag = TTY_NORMAL;
+ if (packet[1] & FTDI_RS_ERR_MASK) {
+ /* Break takes precedence over parity, which takes precedence
+@@ -2094,15 +2106,6 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ }
+ }
+
+- /* save if the transmitter is empty or not */
+- if (packet[1] & FTDI_RS_TEMT)
+- priv->transmit_empty = 1;
+- else
+- priv->transmit_empty = 0;
+-
+- len -= 2;
+- if (!len)
+- return 0; /* status only */
+ port->icount.rx += len;
+ ch = packet + 2;
+
+@@ -2433,8 +2436,12 @@ static int ftdi_get_modem_status(struct usb_serial_port *port,
+ FTDI_SIO_GET_MODEM_STATUS_REQUEST_TYPE,
+ 0, priv->interface,
+ buf, len, WDR_TIMEOUT);
+- if (ret < 0) {
++
++ /* NOTE: We allow short responses and handle that below. */
++ if (ret < 1) {
+ dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++ if (ret >= 0)
++ ret = -EIO;
+ ret = usb_translate_errors(ret);
+ goto out;
+ }
+diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
+index 4f9af47..5c4fc3a 100644
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -1024,6 +1024,7 @@ static int mos7840_open(struct tty_struct *tty, struct usb_serial_port *port)
+ * (can't set it up in mos7840_startup as the structures *
+ * were not set up at that time.) */
+ if (port0->open_ports == 1) {
++ /* FIXME: Buffer never NULL, so URB is not submitted. */
+ if (serial->port[0]->interrupt_in_buffer == NULL) {
+ /* set up interrupt urb */
+ usb_fill_int_urb(serial->port[0]->interrupt_in_urb,
+@@ -2119,7 +2120,8 @@ static int mos7840_calc_num_ports(struct usb_serial *serial)
+ static int mos7840_attach(struct usb_serial *serial)
+ {
+ if (serial->num_bulk_in < serial->num_ports ||
+- serial->num_bulk_out < serial->num_ports) {
++ serial->num_bulk_out < serial->num_ports ||
++ serial->num_interrupt_in < 1) {
+ dev_err(&serial->interface->dev, "missing endpoints\n");
+ return -ENODEV;
+ }
+diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c
+index 4b7bfb3..64bf258 100644
+--- a/drivers/usb/serial/opticon.c
++++ b/drivers/usb/serial/opticon.c
+@@ -142,7 +142,7 @@ static int opticon_open(struct tty_struct *tty, struct usb_serial_port *port)
+ usb_clear_halt(port->serial->dev, port->read_urb->pipe);
+
+ res = usb_serial_generic_open(tty, port);
+- if (!res)
++ if (res)
+ return res;
+
+ /* Request CTS line state, sometimes during opening the current
+diff --git a/drivers/usb/serial/spcp8x5.c b/drivers/usb/serial/spcp8x5.c
+index 475e6c3..ddfd787 100644
+--- a/drivers/usb/serial/spcp8x5.c
++++ b/drivers/usb/serial/spcp8x5.c
+@@ -232,11 +232,17 @@ static int spcp8x5_get_msr(struct usb_serial_port *port, u8 *status)
+ ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
+ GET_UART_STATUS, GET_UART_STATUS_TYPE,
+ 0, GET_UART_STATUS_MSR, buf, 1, 100);
+- if (ret < 0)
++ if (ret < 1) {
+ dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++ if (ret >= 0)
++ ret = -EIO;
++ goto out;
++ }
+
+ dev_dbg(&port->dev, "0xc0:0x22:0:6 %d - 0x02%x\n", ret, *buf);
+ *status = *buf;
++ ret = 0;
++out:
+ kfree(buf);
+
+ return ret;
+diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
+index cdc6bdd..e888961 100644
+--- a/fs/xfs/xfs_iomap.c
++++ b/fs/xfs/xfs_iomap.c
+@@ -1068,7 +1068,15 @@ xfs_file_iomap_end_delalloc(
+ xfs_fileoff_t end_fsb;
+ int error = 0;
+
+- start_fsb = XFS_B_TO_FSB(mp, offset + written);
++ /*
++ * start_fsb refers to the first unused block after a short write. If
++ * nothing was written, round offset down to point at the first block in
++ * the range.
++ */
++ if (unlikely(!written))
++ start_fsb = XFS_B_TO_FSBT(mp, offset);
++ else
++ start_fsb = XFS_B_TO_FSB(mp, offset + written);
+ end_fsb = XFS_B_TO_FSB(mp, offset + length);
+
+ /*
+@@ -1080,6 +1088,9 @@ xfs_file_iomap_end_delalloc(
+ * blocks in the range, they are ours.
+ */
+ if (start_fsb < end_fsb) {
++ truncate_pagecache_range(VFS_I(ip), XFS_FSB_TO_B(mp, start_fsb),
++ XFS_FSB_TO_B(mp, end_fsb) - 1);
++
+ xfs_ilock(ip, XFS_ILOCK_EXCL);
+ error = xfs_bmap_punch_delalloc_range(ip, start_fsb,
+ end_fsb - start_fsb);
+diff --git a/include/acpi/platform/acenv.h b/include/acpi/platform/acenv.h
+index 34cce72..fca1539 100644
+--- a/include/acpi/platform/acenv.h
++++ b/include/acpi/platform/acenv.h
+@@ -177,7 +177,7 @@
+ #include "acmsvc.h"
+
+ #elif defined(__INTEL_COMPILER)
+-#include "acintel.h"
++#include <acpi/platform/acintel.h>
+
+ #endif
+
+diff --git a/include/acpi/platform/acintel.h b/include/acpi/platform/acintel.h
+new file mode 100644
+index 0000000..17bd3b7
+--- /dev/null
++++ b/include/acpi/platform/acintel.h
+@@ -0,0 +1,87 @@
++/******************************************************************************
++ *
++ * Name: acintel.h - VC specific defines, etc.
++ *
++ *****************************************************************************/
++
++/*
++ * Copyright (C) 2000 - 2017, Intel Corp.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions, and the following disclaimer,
++ * without modification.
++ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
++ * substantially similar to the "NO WARRANTY" disclaimer below
++ * ("Disclaimer") and any redistribution must be conditioned upon
++ * including a substantially similar Disclaimer requirement for further
++ * binary redistribution.
++ * 3. Neither the names of the above-listed copyright holders nor the names
++ * of any contributors may be used to endorse or promote products derived
++ * from this software without specific prior written permission.
++ *
++ * Alternatively, this software may be distributed under the terms of the
++ * GNU General Public License ("GPL") version 2 as published by the Free
++ * Software Foundation.
++ *
++ * NO WARRANTY
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
++ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGES.
++ */
++
++#ifndef __ACINTEL_H__
++#define __ACINTEL_H__
++
++/*
++ * Use compiler specific <stdarg.h> is a good practice for even when
++ * -nostdinc is specified (i.e., ACPI_USE_STANDARD_HEADERS undefined.
++ */
++#include <stdarg.h>
++
++/* Configuration specific to Intel 64-bit C compiler */
++
++#define COMPILER_DEPENDENT_INT64 __int64
++#define COMPILER_DEPENDENT_UINT64 unsigned __int64
++#define ACPI_INLINE __inline
++
++/*
++ * Calling conventions:
++ *
++ * ACPI_SYSTEM_XFACE - Interfaces to host OS (handlers, threads)
++ * ACPI_EXTERNAL_XFACE - External ACPI interfaces
++ * ACPI_INTERNAL_XFACE - Internal ACPI interfaces
++ * ACPI_INTERNAL_VAR_XFACE - Internal variable-parameter list interfaces
++ */
++#define ACPI_SYSTEM_XFACE
++#define ACPI_EXTERNAL_XFACE
++#define ACPI_INTERNAL_XFACE
++#define ACPI_INTERNAL_VAR_XFACE
++
++/* remark 981 - operands evaluated in no particular order */
++#pragma warning(disable:981)
++
++/* warn C4100: unreferenced formal parameter */
++#pragma warning(disable:4100)
++
++/* warn C4127: conditional expression is constant */
++#pragma warning(disable:4127)
++
++/* warn C4706: assignment within conditional expression */
++#pragma warning(disable:4706)
++
++/* warn C4214: bit field types other than int */
++#pragma warning(disable:4214)
++
++#endif /* __ACINTEL_H__ */
+diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
+index 2052011..6c70444 100644
+--- a/include/linux/ptr_ring.h
++++ b/include/linux/ptr_ring.h
+@@ -111,6 +111,11 @@ static inline int __ptr_ring_produce(struct ptr_ring *r, void *ptr)
+ return 0;
+ }
+
++/*
++ * Note: resize (below) nests producer lock within consumer lock, so if you
++ * consume in interrupt or BH context, you must disable interrupts/BH when
++ * calling this.
++ */
+ static inline int ptr_ring_produce(struct ptr_ring *r, void *ptr)
+ {
+ int ret;
+@@ -242,6 +247,11 @@ static inline void *__ptr_ring_consume(struct ptr_ring *r)
+ return ptr;
+ }
+
++/*
++ * Note: resize (below) nests producer lock within consumer lock, so if you
++ * call this in interrupt or BH context, you must disable interrupts/BH when
++ * producing.
++ */
+ static inline void *ptr_ring_consume(struct ptr_ring *r)
+ {
+ void *ptr;
+@@ -357,7 +367,7 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
+ void **old;
+ void *ptr;
+
+- while ((ptr = ptr_ring_consume(r)))
++ while ((ptr = __ptr_ring_consume(r)))
+ if (producer < size)
+ queue[producer++] = ptr;
+ else if (destroy)
+@@ -372,6 +382,12 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
+ return old;
+ }
+
++/*
++ * Note: producer lock is nested within consumer lock, so if you
++ * resize you must make sure all uses nest correctly.
++ * In particular if you consume ring in interrupt or BH context, you must
++ * disable interrupts/BH when doing so.
++ */
+ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
+ void (*destroy)(void *))
+ {
+@@ -382,17 +398,25 @@ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
+ if (!queue)
+ return -ENOMEM;
+
+- spin_lock_irqsave(&(r)->producer_lock, flags);
++ spin_lock_irqsave(&(r)->consumer_lock, flags);
++ spin_lock(&(r)->producer_lock);
+
+ old = __ptr_ring_swap_queue(r, queue, size, gfp, destroy);
+
+- spin_unlock_irqrestore(&(r)->producer_lock, flags);
++ spin_unlock(&(r)->producer_lock);
++ spin_unlock_irqrestore(&(r)->consumer_lock, flags);
+
+ kfree(old);
+
+ return 0;
+ }
+
++/*
++ * Note: producer lock is nested within consumer lock, so if you
++ * resize you must make sure all uses nest correctly.
++ * In particular if you consume ring in interrupt or BH context, you must
++ * disable interrupts/BH when doing so.
++ */
+ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
+ int size,
+ gfp_t gfp, void (*destroy)(void *))
+@@ -412,10 +436,12 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
+ }
+
+ for (i = 0; i < nrings; ++i) {
+- spin_lock_irqsave(&(rings[i])->producer_lock, flags);
++ spin_lock_irqsave(&(rings[i])->consumer_lock, flags);
++ spin_lock(&(rings[i])->producer_lock);
+ queues[i] = __ptr_ring_swap_queue(rings[i], queues[i],
+ size, gfp, destroy);
+- spin_unlock_irqrestore(&(rings[i])->producer_lock, flags);
++ spin_unlock(&(rings[i])->producer_lock);
++ spin_unlock_irqrestore(&(rings[i])->consumer_lock, flags);
+ }
+
+ for (i = 0; i < nrings; ++i)
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 8fde443..6ff2d77 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -757,15 +757,20 @@ static int cgwb_bdi_init(struct backing_dev_info *bdi)
+ if (!bdi->wb_congested)
+ return -ENOMEM;
+
++ atomic_set(&bdi->wb_congested->refcnt, 1);
++
+ err = wb_init(&bdi->wb, bdi, 1, GFP_KERNEL);
+ if (err) {
+- kfree(bdi->wb_congested);
++ wb_congested_put(bdi->wb_congested);
+ return err;
+ }
+ return 0;
+ }
+
+-static void cgwb_bdi_destroy(struct backing_dev_info *bdi) { }
++static void cgwb_bdi_destroy(struct backing_dev_info *bdi)
++{
++ wb_congested_put(bdi->wb_congested);
++}
+
+ #endif /* CONFIG_CGROUP_WRITEBACK */
+
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index 2ae929f..9901e5b 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2927,7 +2927,8 @@ static void neigh_proc_update(struct ctl_table *ctl, int write)
+ return;
+
+ set_bit(index, p->data_state);
+- call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
++ if (index == NEIGH_VAR_DELAY_PROBE_TIME)
++ call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
+ if (!dev) /* NULL dev means this is default value */
+ neigh_copy_dflt_parms(net, p, index);
+ }
+diff --git a/net/dccp/input.c b/net/dccp/input.c
+index ba34718..8fedc2d 100644
+--- a/net/dccp/input.c
++++ b/net/dccp/input.c
+@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
+ skb) < 0)
+ return 1;
+- goto discard;
++ consume_skb(skb);
++ return 0;
+ }
+ if (dh->dccph_type == DCCP_PKT_RESET)
+ goto discard;
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
+index 65336f3..9826695 100644
+--- a/net/ipv4/ip_sockglue.c
++++ b/net/ipv4/ip_sockglue.c
+@@ -105,10 +105,10 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
+ if (skb->ip_summed != CHECKSUM_COMPLETE)
+ return;
+
+- if (offset != 0)
+- csum = csum_sub(csum,
+- csum_partial(skb_transport_header(skb) + tlen,
+- offset, 0));
++ if (offset != 0) {
++ int tend_off = skb_transport_offset(skb) + tlen;
++ csum = csum_sub(csum, skb_checksum(skb, tend_off, offset, 0));
++ }
+
+ put_cmsg(msg, SOL_IP, IP_CHECKSUM, sizeof(__wsum), &csum);
+ }
+diff --git a/net/irda/irqueue.c b/net/irda/irqueue.c
+index acbe61c..160dc89 100644
+--- a/net/irda/irqueue.c
++++ b/net/irda/irqueue.c
+@@ -383,9 +383,6 @@ EXPORT_SYMBOL(hashbin_new);
+ * for deallocating this structure if it's complex. If not the user can
+ * just supply kfree, which should take care of the job.
+ */
+-#ifdef CONFIG_LOCKDEP
+-static int hashbin_lock_depth = 0;
+-#endif
+ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ {
+ irda_queue_t* queue;
+@@ -396,22 +393,27 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ IRDA_ASSERT(hashbin->magic == HB_MAGIC, return -1;);
+
+ /* Synchronize */
+- if ( hashbin->hb_type & HB_LOCK ) {
+- spin_lock_irqsave_nested(&hashbin->hb_spinlock, flags,
+- hashbin_lock_depth++);
+- }
++ if (hashbin->hb_type & HB_LOCK)
++ spin_lock_irqsave(&hashbin->hb_spinlock, flags);
+
+ /*
+ * Free the entries in the hashbin, TODO: use hashbin_clear when
+ * it has been shown to work
+ */
+ for (i = 0; i < HASHBIN_SIZE; i ++ ) {
+- queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
+- while (queue ) {
+- if (free_func)
+- (*free_func)(queue);
+- queue = dequeue_first(
+- (irda_queue_t**) &hashbin->hb_queue[i]);
++ while (1) {
++ queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
++
++ if (!queue)
++ break;
++
++ if (free_func) {
++ if (hashbin->hb_type & HB_LOCK)
++ spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
++ free_func(queue);
++ if (hashbin->hb_type & HB_LOCK)
++ spin_lock_irqsave(&hashbin->hb_spinlock, flags);
++ }
+ }
+ }
+
+@@ -420,12 +422,8 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ hashbin->magic = ~HB_MAGIC;
+
+ /* Release lock */
+- if ( hashbin->hb_type & HB_LOCK) {
++ if (hashbin->hb_type & HB_LOCK)
+ spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
+-#ifdef CONFIG_LOCKDEP
+- hashbin_lock_depth--;
+-#endif
+- }
+
+ /*
+ * Free the hashbin structure
+diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
+index 7e08a4d..a646f34 100644
+--- a/net/kcm/kcmsock.c
++++ b/net/kcm/kcmsock.c
+@@ -929,23 +929,25 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ goto out_error;
+ }
+
+- /* New message, alloc head skb */
+- head = alloc_skb(0, sk->sk_allocation);
+- while (!head) {
+- kcm_push(kcm);
+- err = sk_stream_wait_memory(sk, &timeo);
+- if (err)
+- goto out_error;
+-
++ if (msg_data_left(msg)) {
++ /* New message, alloc head skb */
+ head = alloc_skb(0, sk->sk_allocation);
+- }
++ while (!head) {
++ kcm_push(kcm);
++ err = sk_stream_wait_memory(sk, &timeo);
++ if (err)
++ goto out_error;
+
+- skb = head;
++ head = alloc_skb(0, sk->sk_allocation);
++ }
+
+- /* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
+- * csum_and_copy_from_iter from skb_do_copy_data_nocache.
+- */
+- skb->ip_summed = CHECKSUM_UNNECESSARY;
++ skb = head;
++
++ /* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
++ * csum_and_copy_from_iter from skb_do_copy_data_nocache.
++ */
++ skb->ip_summed = CHECKSUM_UNNECESSARY;
++ }
+
+ start:
+ while (msg_data_left(msg)) {
+@@ -1018,10 +1020,12 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ if (eor) {
+ bool not_busy = skb_queue_empty(&sk->sk_write_queue);
+
+- /* Message complete, queue it on send buffer */
+- __skb_queue_tail(&sk->sk_write_queue, head);
+- kcm->seq_skb = NULL;
+- KCM_STATS_INCR(kcm->stats.tx_msgs);
++ if (head) {
++ /* Message complete, queue it on send buffer */
++ __skb_queue_tail(&sk->sk_write_queue, head);
++ kcm->seq_skb = NULL;
++ KCM_STATS_INCR(kcm->stats.tx_msgs);
++ }
+
+ if (msg->msg_flags & MSG_BATCH) {
+ kcm->tx_wait_more = true;
+@@ -1040,8 +1044,10 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ } else {
+ /* Message not complete, save state */
+ partial_message:
+- kcm->seq_skb = head;
+- kcm_tx_msg(head)->last_skb = skb;
++ if (head) {
++ kcm->seq_skb = head;
++ kcm_tx_msg(head)->last_skb = skb;
++ }
+ }
+
+ KCM_STATS_ADD(kcm->stats.tx_bytes, copied);
+diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c
+index 3e821da..8bc5a1b 100644
+--- a/net/llc/llc_conn.c
++++ b/net/llc/llc_conn.c
+@@ -821,7 +821,10 @@ void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
+ * another trick required to cope with how the PROCOM state
+ * machine works. -acme
+ */
++ skb_orphan(skb);
++ sock_hold(sk);
+ skb->sk = sk;
++ skb->destructor = sock_efree;
+ }
+ if (!sock_owned_by_user(sk))
+ llc_conn_rcv(sk, skb);
+diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
+index d0e1e80..5404d0d 100644
+--- a/net/llc/llc_sap.c
++++ b/net/llc/llc_sap.c
+@@ -290,7 +290,10 @@ static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
+
+ ev->type = LLC_SAP_EV_TYPE_PDU;
+ ev->reason = 0;
++ skb_orphan(skb);
++ sock_hold(sk);
+ skb->sk = sk;
++ skb->destructor = sock_efree;
+ llc_sap_state_process(sap, skb);
+ }
+
+diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
+index 7341adf..6dc44d9 100644
+--- a/net/netfilter/nf_conntrack_helper.c
++++ b/net/netfilter/nf_conntrack_helper.c
+@@ -188,6 +188,26 @@ nf_ct_helper_ext_add(struct nf_conn *ct,
+ }
+ EXPORT_SYMBOL_GPL(nf_ct_helper_ext_add);
+
++static struct nf_conntrack_helper *
++nf_ct_lookup_helper(struct nf_conn *ct, struct net *net)
++{
++ if (!net->ct.sysctl_auto_assign_helper) {
++ if (net->ct.auto_assign_helper_warned)
++ return NULL;
++ if (!__nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple))
++ return NULL;
++ pr_info("nf_conntrack: default automatic helper assignment "
++ "has been turned off for security reasons and CT-based "
++ " firewall rule not found. Use the iptables CT target "
++ "to attach helpers instead.\n");
++ net->ct.auto_assign_helper_warned = 1;
++ return NULL;
++ }
++
++ return __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
++}
++
++
+ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
+ gfp_t flags)
+ {
+@@ -213,21 +233,14 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
+ }
+
+ help = nfct_help(ct);
+- if (net->ct.sysctl_auto_assign_helper && helper == NULL) {
+- helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+- if (unlikely(!net->ct.auto_assign_helper_warned && helper)) {
+- pr_info("nf_conntrack: automatic helper "
+- "assignment is deprecated and it will "
+- "be removed soon. Use the iptables CT target "
+- "to attach helpers instead.\n");
+- net->ct.auto_assign_helper_warned = true;
+- }
+- }
+
+ if (helper == NULL) {
+- if (help)
+- RCU_INIT_POINTER(help->helper, NULL);
+- return 0;
++ helper = nf_ct_lookup_helper(ct, net);
++ if (helper == NULL) {
++ if (help)
++ RCU_INIT_POINTER(help->helper, NULL);
++ return 0;
++ }
+ }
+
+ if (help == NULL) {
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
+index 458722b..34de326 100644
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -1497,6 +1497,8 @@ static void __fanout_link(struct sock *sk, struct packet_sock *po)
+ f->arr[f->num_members] = sk;
+ smp_wmb();
+ f->num_members++;
++ if (f->num_members == 1)
++ dev_add_pack(&f->prot_hook);
+ spin_unlock(&f->lock);
+ }
+
+@@ -1513,6 +1515,8 @@ static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
+ BUG_ON(i >= f->num_members);
+ f->arr[i] = f->arr[f->num_members - 1];
+ f->num_members--;
++ if (f->num_members == 0)
++ __dev_remove_pack(&f->prot_hook);
+ spin_unlock(&f->lock);
+ }
+
+@@ -1619,6 +1623,7 @@ static void fanout_release_data(struct packet_fanout *f)
+
+ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ {
++ struct packet_rollover *rollover = NULL;
+ struct packet_sock *po = pkt_sk(sk);
+ struct packet_fanout *f, *match;
+ u8 type = type_flags & 0xff;
+@@ -1641,23 +1646,28 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ return -EINVAL;
+ }
+
++ mutex_lock(&fanout_mutex);
++
++ err = -EINVAL;
+ if (!po->running)
+- return -EINVAL;
++ goto out;
+
++ err = -EALREADY;
+ if (po->fanout)
+- return -EALREADY;
++ goto out;
+
+ if (type == PACKET_FANOUT_ROLLOVER ||
+ (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) {
+- po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
+- if (!po->rollover)
+- return -ENOMEM;
+- atomic_long_set(&po->rollover->num, 0);
+- atomic_long_set(&po->rollover->num_huge, 0);
+- atomic_long_set(&po->rollover->num_failed, 0);
++ err = -ENOMEM;
++ rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
++ if (!rollover)
++ goto out;
++ atomic_long_set(&rollover->num, 0);
++ atomic_long_set(&rollover->num_huge, 0);
++ atomic_long_set(&rollover->num_failed, 0);
++ po->rollover = rollover;
+ }
+
+- mutex_lock(&fanout_mutex);
+ match = NULL;
+ list_for_each_entry(f, &fanout_list, list) {
+ if (f->id == id &&
+@@ -1687,7 +1697,6 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ match->prot_hook.func = packet_rcv_fanout;
+ match->prot_hook.af_packet_priv = match;
+ match->prot_hook.id_match = match_fanout_group;
+- dev_add_pack(&match->prot_hook);
+ list_add(&match->list, &fanout_list);
+ }
+ err = -EINVAL;
+@@ -1704,36 +1713,40 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ }
+ }
+ out:
+- mutex_unlock(&fanout_mutex);
+- if (err) {
+- kfree(po->rollover);
++ if (err && rollover) {
++ kfree(rollover);
+ po->rollover = NULL;
+ }
++ mutex_unlock(&fanout_mutex);
+ return err;
+ }
+
+-static void fanout_release(struct sock *sk)
++/* If pkt_sk(sk)->fanout->sk_ref is zero, this function removes
++ * pkt_sk(sk)->fanout from fanout_list and returns pkt_sk(sk)->fanout.
++ * It is the responsibility of the caller to call fanout_release_data() and
++ * free the returned packet_fanout (after synchronize_net())
++ */
++static struct packet_fanout *fanout_release(struct sock *sk)
+ {
+ struct packet_sock *po = pkt_sk(sk);
+ struct packet_fanout *f;
+
++ mutex_lock(&fanout_mutex);
+ f = po->fanout;
+- if (!f)
+- return;
++ if (f) {
++ po->fanout = NULL;
+
+- mutex_lock(&fanout_mutex);
+- po->fanout = NULL;
++ if (atomic_dec_and_test(&f->sk_ref))
++ list_del(&f->list);
++ else
++ f = NULL;
+
+- if (atomic_dec_and_test(&f->sk_ref)) {
+- list_del(&f->list);
+- dev_remove_pack(&f->prot_hook);
+- fanout_release_data(f);
+- kfree(f);
++ if (po->rollover)
++ kfree_rcu(po->rollover, rcu);
+ }
+ mutex_unlock(&fanout_mutex);
+
+- if (po->rollover)
+- kfree_rcu(po->rollover, rcu);
++ return f;
+ }
+
+ static bool packet_extra_vlan_len_allowed(const struct net_device *dev,
+@@ -2965,6 +2978,7 @@ static int packet_release(struct socket *sock)
+ {
+ struct sock *sk = sock->sk;
+ struct packet_sock *po;
++ struct packet_fanout *f;
+ struct net *net;
+ union tpacket_req_u req_u;
+
+@@ -3004,9 +3018,14 @@ static int packet_release(struct socket *sock)
+ packet_set_ring(sk, &req_u, 1, 1);
+ }
+
+- fanout_release(sk);
++ f = fanout_release(sk);
+
+ synchronize_net();
++
++ if (f) {
++ fanout_release_data(f);
++ kfree(f);
++ }
+ /*
+ * Now the socket is dead. No more input will appear.
+ */
+@@ -3958,7 +3977,6 @@ static int packet_notifier(struct notifier_block *this,
+ }
+ if (msg == NETDEV_UNREGISTER) {
+ packet_cached_dev_reset(po);
+- fanout_release(sk);
+ po->ifindex = -1;
+ if (po->prot_hook.dev)
+ dev_put(po->prot_hook.dev);
+diff --git a/net/socket.c b/net/socket.c
+index 73dc69f..6bbccf0 100644
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -2197,8 +2197,10 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
+ return err;
+
+ err = sock_error(sock->sk);
+- if (err)
++ if (err) {
++ datagrams = err;
+ goto out_put;
++ }
+
+ entry = mmsg;
+ compat_entry = (struct compat_mmsghdr __user *)mmsg;
diff --git a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
index ce908bf..c9d116e 100644
--- a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
+++ b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
@@ -310,10 +310,10 @@ index 9b9c479..5a635ff 100644
A typical pattern in a Kbuild file looks like this:
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 922dec8..a45d4a2 100644
+index 65b05ba..725a42a 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -1422,6 +1422,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1426,6 +1426,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
[KNL] Should the hard-lockup detector generate
backtraces on all cpus.
Format: <integer>
@@ -326,7 +326,7 @@ index 922dec8..a45d4a2 100644
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
-@@ -2651,6 +2657,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2655,6 +2661,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
noexec=on: enable non-executable mappings (default)
noexec=off: disable non-executable mappings
@@ -337,7 +337,7 @@ index 922dec8..a45d4a2 100644
nosmap [X86]
Disable SMAP (Supervisor Mode Access Prevention)
even if it is supported by processor.
-@@ -2959,6 +2969,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2963,6 +2973,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644
cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags)
diff --git a/Makefile b/Makefile
-index 3cd6f6f..43e4233 100644
+index 14dc275..3ff2e6b 100644
--- a/Makefile
+++ b/Makefile
@@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -30243,10 +30243,10 @@ index 06eb322..ca545b8 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 36cf1a4..046b56f 100644
+index 36cf1a4..f3362b0 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
-@@ -237,8 +237,42 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -237,8 +237,41 @@ int is_valid_bugaddr(unsigned long ip)
{
unsigned short ud2;
@@ -30274,7 +30274,6 @@ index 36cf1a4..046b56f 100644
+
+ case STACK_TYPE_IRQ:
+ stack_left = sp & (IRQ_STACK_SIZE - 1);
-+ put_cpu();
+ break;
+
+ case STACK_TYPE_EXCEPTION ... STACK_TYPE_EXCEPTION_LAST:
@@ -70084,10 +70083,10 @@ index 95cf1d8..b2a00f6 100644
};
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 0fafaa9..0227536 100644
+index d4f495b..9b39d92 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -3193,7 +3193,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
+@@ -3195,7 +3195,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
return vxlan->net;
}
@@ -70096,7 +70095,7 @@ index 0fafaa9..0227536 100644
.kind = "vxlan",
.maxtype = IFLA_VXLAN_MAX,
.policy = vxlan_policy,
-@@ -3277,7 +3277,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
+@@ -3279,7 +3279,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -85235,7 +85234,7 @@ index a260cde..c395165 100644
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
-index 7312e7e..0a0f8b6 100644
+index 6788e75..16f20c5 100644
--- a/drivers/tty/serial/msm_serial.c
+++ b/drivers/tty/serial/msm_serial.c
@@ -1726,7 +1726,7 @@ static struct uart_driver msm_uart_driver = {
@@ -86804,7 +86803,7 @@ index 460cebf..eb16bb4 100644
int
diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
-index 8967715..4a3791b 100644
+index b6f1ade..fb83f15 100644
--- a/drivers/usb/serial/console.c
+++ b/drivers/usb/serial/console.c
@@ -126,7 +126,7 @@ static int usb_console_setup(struct console *co, char *options)
@@ -86816,7 +86815,7 @@ index 8967715..4a3791b 100644
if (!tty_port_initialized(&port->port)) {
if (serial->type->set_termios) {
/*
-@@ -172,7 +172,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -173,7 +173,7 @@ static int usb_console_setup(struct console *co, char *options)
}
/* Now that any required fake tty operations are completed restore
* the tty port count */
@@ -86825,7 +86824,7 @@ index 8967715..4a3791b 100644
/* The console is special in terms of closing the device so
* indicate this port is now acting as a system console. */
port->port.console = 1;
-@@ -184,7 +184,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -185,7 +185,7 @@ static int usb_console_setup(struct console *co, char *options)
tty_port_tty_set(&port->port, NULL);
tty_kref_put(tty);
reset_open_count:
@@ -86834,7 +86833,7 @@ index 8967715..4a3791b 100644
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);
-@@ -195,7 +195,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -196,7 +196,7 @@ static int usb_console_setup(struct console *co, char *options)
static void usb_console_write(struct console *co,
const char *buf, unsigned count)
{
@@ -156652,7 +156651,7 @@ index afcc550..ed3f097 100644
depends on !KMEMCHECK
select PAGE_EXTENSION
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 8fde443..a8cc381 100644
+index 6ff2d77..0452af3 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
@@ -12,7 +12,7 @@
@@ -156664,7 +156663,7 @@ index 8fde443..a8cc381 100644
struct backing_dev_info noop_backing_dev_info = {
.name = "noop",
-@@ -898,7 +898,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
+@@ -903,7 +903,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
return err;
err = bdi_register(bdi, NULL, "%.28s-%ld", name,
@@ -164068,7 +164067,7 @@ index 18e8893..82936b2 100644
fle->object = flo;
else
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 2ae929f..fc8150d 100644
+index 9901e5b..0b38f5b 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -860,7 +860,7 @@ static void neigh_probe(struct neighbour *neigh)
@@ -164143,7 +164142,7 @@ index 2ae929f..fc8150d 100644
tmp.extra1 = &zero;
tmp.extra2 = &unres_qlen_max;
-@@ -2936,7 +2936,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
+@@ -2937,7 +2937,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
void __user *buffer,
size_t *lenp, loff_t *ppos)
{
@@ -164825,20 +164824,6 @@ index 0df2aa6..7db59f7 100644
.init = sysctl_core_net_init,
.exit = sysctl_core_net_exit,
};
-diff --git a/net/dccp/input.c b/net/dccp/input.c
-index ba34718..8fedc2d 100644
---- a/net/dccp/input.c
-+++ b/net/dccp/input.c
-@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
- skb) < 0)
- return 1;
-- goto discard;
-+ consume_skb(skb);
-+ return 0;
- }
- if (dh->dccph_type == DCCP_PKT_RESET)
- goto discard;
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 13d6b1a..eaa0cee 100644
--- a/net/decnet/af_decnet.c
@@ -165513,7 +165498,7 @@ index d6feabb..9cb3988 100644
ICMP_PROT_UNREACH, 0);
}
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 65336f3..3c7e4b7 100644
+index 9826695..84ffcbb 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -1342,7 +1342,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
@@ -169057,7 +169042,7 @@ index da9df2d..d8f3df4 100644
table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
-index 7341adf..0c5cfd3 100644
+index 6dc44d9..6ccf1a3 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -57,7 +57,7 @@ static struct ctl_table helper_sysctl_table[] = {
@@ -169942,7 +169927,7 @@ index 7eb955e..479c9a6 100644
static int __init ovs_vxlan_tnl_init(void)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 458722b..5852eae 100644
+index 34de326..071ac96 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -278,7 +278,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
@@ -169975,20 +169960,20 @@ index 458722b..5852eae 100644
return idx;
}
-@@ -1652,9 +1652,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
- po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
- if (!po->rollover)
- return -ENOMEM;
-- atomic_long_set(&po->rollover->num, 0);
-- atomic_long_set(&po->rollover->num_huge, 0);
-- atomic_long_set(&po->rollover->num_failed, 0);
-+ atomic_long_set_unchecked(&po->rollover->num, 0);
-+ atomic_long_set_unchecked(&po->rollover->num_huge, 0);
-+ atomic_long_set_unchecked(&po->rollover->num_failed, 0);
+@@ -1662,9 +1662,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
+ if (!rollover)
+ goto out;
+- atomic_long_set(&rollover->num, 0);
+- atomic_long_set(&rollover->num_huge, 0);
+- atomic_long_set(&rollover->num_failed, 0);
++ atomic_long_set_unchecked(&rollover->num, 0);
++ atomic_long_set_unchecked(&rollover->num_huge, 0);
++ atomic_long_set_unchecked(&rollover->num_failed, 0);
+ po->rollover = rollover;
}
- mutex_lock(&fanout_mutex);
-@@ -2106,7 +2106,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -2119,7 +2119,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
is_drop_n_account = true;
spin_lock(&sk->sk_receive_queue.lock);
po->stats.stats1.tp_drops++;
@@ -169997,7 +169982,7 @@ index 458722b..5852eae 100644
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -3848,7 +3848,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3867,7 +3867,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -170006,7 +169991,7 @@ index 458722b..5852eae 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3883,9 +3883,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3902,9 +3902,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_ROLLOVER_STATS:
if (!po->rollover)
return -EINVAL;
@@ -170019,7 +170004,7 @@ index 458722b..5852eae 100644
data = &rstats;
lv = sizeof(rstats);
break;
-@@ -3903,7 +3903,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3922,7 +3922,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -170648,7 +170633,7 @@ index daf8554..4ab495b 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index 73dc69f..ca77f2f 100644
+index 6bbccf0..1991a22 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -89,6 +89,7 @@
@@ -170867,7 +170852,7 @@ index 73dc69f..ca77f2f 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2733,7 +2798,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2735,7 +2800,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
ifr = compat_alloc_user_space(buf_size);
rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
@@ -170876,7 +170861,7 @@ index 73dc69f..ca77f2f 100644
return -EFAULT;
if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2844,7 +2909,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2846,7 +2911,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -170885,7 +170870,7 @@ index 73dc69f..ca77f2f 100644
set_fs(old_fs);
return err;
-@@ -2937,7 +3002,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -2939,7 +3004,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -170894,7 +170879,7 @@ index 73dc69f..ca77f2f 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3021,7 +3086,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3023,7 +3088,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -170903,7 +170888,7 @@ index 73dc69f..ca77f2f 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3248,8 +3313,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3250,8 +3315,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -170914,7 +170899,7 @@ index 73dc69f..ca77f2f 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3269,7 +3334,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3271,7 +3336,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -193078,10 +193063,10 @@ index 0000000..74e91b2
+enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
new file mode 100644
-index 0000000..1181e93
+index 0000000..0928e48
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
-@@ -0,0 +1,16321 @@
+@@ -0,0 +1,16326 @@
+recv_ctrl_pipe_us_data_0_fields recv_ctrl_pipe us_data 0 0 NULL
+__earlyonly_bootmem_alloc_fndecl_3_fields __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
+size_ttm_mem_reg_8_fields size ttm_mem_reg 0 8 NULL
@@ -193956,6 +193941,7 @@ index 0000000..1181e93
+xfer_len_nvme_trans_io_cdb_3486_fields xfer_len nvme_trans_io_cdb 0 3486 NULL
+from_dio_submit_3494_fields from dio_submit 0 3494 NULL
+hs_bkt_bits_cfs_hash_3509_fields hs_bkt_bits cfs_hash 0 3509 NULL
++statesize_hash_alg_common_3517_fields statesize hash_alg_common 0 3517 NULL
+gru_vtop_fndecl_3522_fields gru_vtop fndecl 2 3522 NULL
+cipso_v4_gentag_rng_fndecl_3532_fields cipso_v4_gentag_rng fndecl 0 3532 NULL
+cl_out_max_entry_size_mvumi_hs_page1_3540_fields cl_out_max_entry_size mvumi_hs_page1 0 3540 NULL
@@ -194562,6 +194548,7 @@ index 0000000..1181e93
+dmi_len_vardecl_dmi_scan_c_6054_fields dmi_len vardecl_dmi_scan.c 0 6054 NULL nohasharray
+ext4_inode_table_fndecl_6054_fields ext4_inode_table fndecl 0 6054 &dmi_len_vardecl_dmi_scan_c_6054_fields
+map_base_tpm_inf_dev_6056_fields map_base tpm_inf_dev 0 6056 NULL
++reqsize_kpp_alg_6064_fields reqsize kpp_alg 0 6064 NULL
+length_hci_ev_le_advertising_info_6074_fields length hci_ev_le_advertising_info 0 6074 NULL
+elog_len_extlog_l1_head_6075_fields elog_len extlog_l1_head 0 6075 NULL
+ioctx_alloc_fndecl_6081_fields ioctx_alloc fndecl 1 6081 NULL
@@ -195113,7 +195100,8 @@ index 0000000..1181e93
+datablklen_capi_register_params_8275_fields datablklen capi_register_params 0 8275 NULL
+cdc_ncm_check_tx_max_fndecl_8278_fields cdc_ncm_check_tx_max fndecl 0-2 8278 NULL
+msg_len_rndis_message_8281_fields msg_len rndis_message 0 8281 NULL
-+__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL
++__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL nohasharray
++expectedlen_drbg_testvec_8283_fields expectedlen drbg_testvec 0 8283 &__sg_free_table_fndecl_8283_fields
+rxrpc_kernel_recv_data_fndecl_8286_fields rxrpc_kernel_recv_data fndecl 4 8286 NULL
+tail_len_cfg80211_beacon_data_8293_fields tail_len cfg80211_beacon_data 0 8293 NULL
+ns_blocks_per_segment_the_nilfs_8295_fields ns_blocks_per_segment the_nilfs 0 8295 NULL nohasharray
@@ -204534,6 +204522,7 @@ index 0000000..1181e93
+ecc_strength_ds_nand_chip_45651_fields ecc_strength_ds nand_chip 0 45651 NULL
+inftl_writeblock_fndecl_45653_fields inftl_writeblock fndecl 2 45653 NULL
+size_core_name_45656_fields size core_name 0 45656 NULL
++b_public_size_kpp_testvec_45660_fields b_public_size kpp_testvec 0 45660 NULL
+blockmask_alauda_media_info_45662_fields blockmask alauda_media_info 0 45662 NULL
+dmi_base_vardecl_dmi_scan_c_45673_fields dmi_base vardecl_dmi_scan.c 0 45673 NULL
+_snd_pcm_hw_param_min_fndecl_45677_fields _snd_pcm_hw_param_min fndecl 3 45677 NULL
@@ -207995,6 +207984,7 @@ index 0000000..1181e93
+fq_resize_fndecl_59744_fields fq_resize fndecl 2 59744 &ocfs2_read_dx_leaves_fndecl_59744_fields
+nx_fw_cmd_set_phy_fndecl_59745_fields nx_fw_cmd_set_phy fndecl 3 59745 NULL
+mt_count_mtop_59746_fields mt_count mtop 0 59746 NULL
++seedsize_rng_alg_59748_fields seedsize rng_alg 0 59748 NULL
+xlog_write_calc_vec_length_fndecl_59749_fields xlog_write_calc_vec_length fndecl 0 59749 NULL
+request_size_afs_call_59750_fields request_size afs_call 0 59750 NULL
+addr_phys_netup_dma_59759_fields addr_phys netup_dma 0 59759 NULL
@@ -225700,7 +225690,7 @@ index 0a578fe..b81f62d 100644
})
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 7f9ee29..39268bd 100644
+index 7f9ee29..1dccca1 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -93,12 +93,17 @@ LIST_HEAD(vm_list);
@@ -225723,7 +225713,18 @@ index 7f9ee29..39268bd 100644
struct dentry *kvm_debugfs_dir;
EXPORT_SYMBOL_GPL(kvm_debugfs_dir);
-@@ -911,7 +916,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -572,6 +577,10 @@ static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
+ struct kvm_stat_data *stat_data;
+ struct kvm_stats_debugfs_item *p;
+
++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
++ return 0;
++#endif
++
+ if (!debugfs_initialized())
+ return 0;
+
+@@ -911,7 +920,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
/* We can read the guest memory with __xxx_user() later on. */
if ((id < KVM_USER_MEM_SLOTS) &&
((mem->userspace_addr & (PAGE_SIZE - 1)) ||
@@ -225732,7 +225733,7 @@ index 7f9ee29..39268bd 100644
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -2025,9 +2030,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+@@ -2025,9 +2034,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
{
@@ -225752,7 +225753,7 @@ index 7f9ee29..39268bd 100644
}
EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
-@@ -2379,7 +2392,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -2379,7 +2396,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
@@ -225761,7 +225762,7 @@ index 7f9ee29..39268bd 100644
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_KVM_COMPAT
-@@ -3144,7 +3157,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
+@@ -3144,7 +3161,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
}
#endif
@@ -225770,21 +225771,7 @@ index 7f9ee29..39268bd 100644
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_KVM_COMPAT
-@@ -3181,11 +3194,13 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
- return PTR_ERR(file);
- }
-
-+#ifndef CONFIG_GRKERNSEC_SYSFS_RESTRICT
- if (kvm_create_vm_debugfs(kvm, r) < 0) {
- put_unused_fd(r);
- fput(file);
- return -ENOMEM;
- }
-+#endif
-
- fd_install(r, file);
- return r;
-@@ -3231,7 +3246,7 @@ static long kvm_dev_ioctl(struct file *filp,
+@@ -3231,7 +3248,7 @@ static long kvm_dev_ioctl(struct file *filp,
return r;
}
@@ -225793,7 +225780,7 @@ index 7f9ee29..39268bd 100644
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -3257,7 +3272,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -3257,7 +3274,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -225802,7 +225789,7 @@ index 7f9ee29..39268bd 100644
pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
}
}
-@@ -3314,10 +3329,10 @@ static int hardware_enable_all(void)
+@@ -3314,10 +3331,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -225815,7 +225802,7 @@ index 7f9ee29..39268bd 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -3877,8 +3892,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3877,8 +3894,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
/* A kmem cache lets us meet the alignment requirements of fx_save. */
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
@@ -225827,7 +225814,7 @@ index 7f9ee29..39268bd 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -3888,9 +3904,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3888,9 +3906,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
@@ -225839,7 +225826,7 @@ index 7f9ee29..39268bd 100644
r = misc_register(&kvm_dev);
if (r) {
-@@ -3900,9 +3918,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3900,9 +3920,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);
diff --git a/4.9.12/4425_grsec_remove_EI_PAX.patch b/4.9.13/4425_grsec_remove_EI_PAX.patch
index 594598a..594598a 100644
--- a/4.9.12/4425_grsec_remove_EI_PAX.patch
+++ b/4.9.13/4425_grsec_remove_EI_PAX.patch
diff --git a/4.9.12/4426_default_XATTR_PAX_FLAGS.patch b/4.9.13/4426_default_XATTR_PAX_FLAGS.patch
index f7e97b5..f7e97b5 100644
--- a/4.9.12/4426_default_XATTR_PAX_FLAGS.patch
+++ b/4.9.13/4426_default_XATTR_PAX_FLAGS.patch
diff --git a/4.9.12/4427_force_XATTR_PAX_tmpfs.patch b/4.9.13/4427_force_XATTR_PAX_tmpfs.patch
index 3871139..3871139 100644
--- a/4.9.12/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.9.13/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.9.12/4430_grsec-remove-localversion-grsec.patch b/4.9.13/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.9.12/4430_grsec-remove-localversion-grsec.patch
+++ b/4.9.13/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.9.12/4435_grsec-mute-warnings.patch b/4.9.13/4435_grsec-mute-warnings.patch
index 8929222..8929222 100644
--- a/4.9.12/4435_grsec-mute-warnings.patch
+++ b/4.9.13/4435_grsec-mute-warnings.patch
diff --git a/4.9.12/4440_grsec-remove-protected-paths.patch b/4.9.13/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.9.12/4440_grsec-remove-protected-paths.patch
+++ b/4.9.13/4440_grsec-remove-protected-paths.patch
diff --git a/4.9.12/4450_grsec-kconfig-default-gids.patch b/4.9.13/4450_grsec-kconfig-default-gids.patch
index cee6e27..cee6e27 100644
--- a/4.9.12/4450_grsec-kconfig-default-gids.patch
+++ b/4.9.13/4450_grsec-kconfig-default-gids.patch
diff --git a/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
index 06a5294..06a5294 100644
--- a/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.9.12/4470_disable-compat_vdso.patch b/4.9.13/4470_disable-compat_vdso.patch
index a1401d8..a1401d8 100644
--- a/4.9.12/4470_disable-compat_vdso.patch
+++ b/4.9.13/4470_disable-compat_vdso.patch
diff --git a/4.9.12/4475_emutramp_default_on.patch b/4.9.13/4475_emutramp_default_on.patch
index feb8c7b..feb8c7b 100644
--- a/4.9.12/4475_emutramp_default_on.patch
+++ b/4.9.13/4475_emutramp_default_on.patch