summaryrefslogtreecommitdiff
path: root/sys-kernel/linux-image-redcore-lts/files
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2018-08-18 18:55:23 +0100
committerV3n3RiX <venerix@redcorelinux.org>2018-08-18 18:55:23 +0100
commit5154e927509d88d466860450b691a3eb97eea8fc (patch)
treef8be265d486f61c13e9637ab22a9d5d053f66783 /sys-kernel/linux-image-redcore-lts/files
parentb5bc6951ebbcc7c483642059290054ce0e7b7084 (diff)
sys-kernel/linux-image-redcore-lts : version bump, enable more hardening options
Diffstat (limited to 'sys-kernel/linux-image-redcore-lts/files')
-rw-r--r--sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch38
-rw-r--r--sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch478
-rw-r--r--sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch1447
-rw-r--r--sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config168
4 files changed, 866 insertions, 1265 deletions
diff --git a/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch b/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch
new file mode 100644
index 00000000..d12753be
--- /dev/null
+++ b/sys-kernel/linux-image-redcore-lts/files/0015-Enable-BFQ-io-scheduler-by-default.patch
@@ -0,0 +1,38 @@
+From 0e7ab31fb218e2a18fbecd19c24dfaae14c88afd Mon Sep 17 00:00:00 2001
+From: Con Kolivas <kernel@kolivas.org>
+Date: Mon, 20 Nov 2017 18:02:03 +1100
+Subject: [PATCH 15/18] Enable BFQ io scheduler by default.
+
+---
+ block/Kconfig.iosched | 2 +-
+ drivers/scsi/Kconfig | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/block/Kconfig.iosched b/block/Kconfig.iosched
+index a4a8914bf7a4..2d9be91e8e87 100644
+--- a/block/Kconfig.iosched
++++ b/block/Kconfig.iosched
+@@ -82,7 +82,7 @@ config MQ_IOSCHED_KYBER
+
+ config IOSCHED_BFQ
+ tristate "BFQ I/O scheduler"
+- default n
++ default y
+ ---help---
+ BFQ I/O scheduler for BLK-MQ. BFQ distributes the bandwidth of
+ of the device among all processes according to their weights,
+diff --git a/drivers/scsi/Kconfig b/drivers/scsi/Kconfig
+index 8a739b74cfb7..9e939ee76e72 100644
+--- a/drivers/scsi/Kconfig
++++ b/drivers/scsi/Kconfig
+@@ -50,6 +50,7 @@ config SCSI_NETLINK
+ config SCSI_MQ_DEFAULT
+ bool "SCSI: use blk-mq I/O path by default"
+ depends on SCSI
++ default y
+ ---help---
+ This option enables the new blk-mq based I/O path for SCSI
+ devices by default. With the option the scsi_mod.use_blk_mq
+--
+2.14.1
+
diff --git a/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch b/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch
deleted file mode 100644
index 38f460fb..00000000
--- a/sys-kernel/linux-image-redcore-lts/files/enable_alx_wol.patch
+++ /dev/null
@@ -1,478 +0,0 @@
-diff --git a/drivers/net/ethernet/atheros/alx/ethtool.c b/drivers/net/ethernet/atheros/alx/ethtool.c
-index 2f4eabf65..859e27236 100644
---- a/drivers/net/ethernet/atheros/alx/ethtool.c
-+++ b/drivers/net/ethernet/atheros/alx/ethtool.c
-@@ -310,11 +310,47 @@ static int alx_get_sset_count(struct net_device *netdev, int sset)
- }
- }
-
-+static void alx_get_wol(struct net_device *netdev, struct ethtool_wolinfo *wol)
-+{
-+ struct alx_priv *alx = netdev_priv(netdev);
-+ struct alx_hw *hw = &alx->hw;
-+
-+ wol->supported = WAKE_MAGIC | WAKE_PHY;
-+ wol->wolopts = 0;
-+
-+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC)
-+ wol->wolopts |= WAKE_MAGIC;
-+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY)
-+ wol->wolopts |= WAKE_PHY;
-+}
-+
-+static int alx_set_wol(struct net_device *netdev, struct ethtool_wolinfo *wol)
-+{
-+ struct alx_priv *alx = netdev_priv(netdev);
-+ struct alx_hw *hw = &alx->hw;
-+
-+ if (wol->wolopts & ~(WAKE_MAGIC | WAKE_PHY))
-+ return -EOPNOTSUPP;
-+
-+ hw->sleep_ctrl = 0;
-+
-+ if (wol->wolopts & WAKE_MAGIC)
-+ hw->sleep_ctrl |= ALX_SLEEP_WOL_MAGIC;
-+ if (wol->wolopts & WAKE_PHY)
-+ hw->sleep_ctrl |= ALX_SLEEP_WOL_PHY;
-+
-+ device_set_wakeup_enable(&alx->hw.pdev->dev, hw->sleep_ctrl);
-+
-+ return 0;
-+}
-+
- const struct ethtool_ops alx_ethtool_ops = {
- .get_pauseparam = alx_get_pauseparam,
- .set_pauseparam = alx_set_pauseparam,
- .get_msglevel = alx_get_msglevel,
- .set_msglevel = alx_set_msglevel,
-+ .get_wol = alx_get_wol,
-+ .set_wol = alx_set_wol,
- .get_link = ethtool_op_get_link,
- .get_strings = alx_get_strings,
- .get_sset_count = alx_get_sset_count,
-diff --git a/drivers/net/ethernet/atheros/alx/hw.c b/drivers/net/ethernet/atheros/alx/hw.c
-index 6ac40b000..4791b9dbb 100644
---- a/drivers/net/ethernet/atheros/alx/hw.c
-+++ b/drivers/net/ethernet/atheros/alx/hw.c
-@@ -332,6 +332,16 @@ void alx_set_macaddr(struct alx_hw *hw, const u8 *addr)
- alx_write_mem32(hw, ALX_STAD1, val);
- }
-
-+static void alx_enable_osc(struct alx_hw *hw)
-+{
-+ u32 val;
-+
-+ /* rising edge */
-+ val = alx_read_mem32(hw, ALX_MISC);
-+ alx_write_mem32(hw, ALX_MISC, val & ~ALX_MISC_INTNLOSC_OPEN);
-+ alx_write_mem32(hw, ALX_MISC, val | ALX_MISC_INTNLOSC_OPEN);
-+}
-+
- static void alx_reset_osc(struct alx_hw *hw, u8 rev)
- {
- u32 val, val2;
-@@ -848,6 +858,66 @@ void alx_post_phy_link(struct alx_hw *hw)
- }
- }
-
-+
-+/* NOTE:
-+ * 1. phy link must be established before calling this function
-+ * 2. wol option (pattern,magic,link,etc.) is configed before call it.
-+ */
-+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex)
-+{
-+ u32 master, mac, phy, val;
-+ int err = 0;
-+
-+ master = alx_read_mem32(hw, ALX_MASTER);
-+ master &= ~ALX_MASTER_PCLKSEL_SRDS;
-+ mac = hw->rx_ctrl;
-+ /* 10/100 half */
-+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED, ALX_MAC_CTRL_SPEED_10_100);
-+ mac &= ~(ALX_MAC_CTRL_FULLD | ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_TX_EN);
-+
-+ phy = alx_read_mem32(hw, ALX_PHY_CTRL);
-+ phy &= ~(ALX_PHY_CTRL_DSPRST_OUT | ALX_PHY_CTRL_CLS);
-+ phy |= ALX_PHY_CTRL_RST_ANALOG | ALX_PHY_CTRL_HIB_PULSE |
-+ ALX_PHY_CTRL_HIB_EN;
-+
-+ /* without any activity */
-+ if (!(hw->sleep_ctrl & ALX_SLEEP_ACTIVE)) {
-+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0);
-+ if (err)
-+ return err;
-+ phy |= ALX_PHY_CTRL_IDDQ | ALX_PHY_CTRL_POWER_DOWN;
-+ } else {
-+ if (hw->sleep_ctrl & (ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_CIFS))
-+ mac |= ALX_MAC_CTRL_RX_EN | ALX_MAC_CTRL_BRD_EN;
-+ if (hw->sleep_ctrl & ALX_SLEEP_CIFS)
-+ mac |= ALX_MAC_CTRL_TX_EN;
-+ if (duplex == DUPLEX_FULL)
-+ mac |= ALX_MAC_CTRL_FULLD;
-+ if (speed == SPEED_1000)
-+ ALX_SET_FIELD(mac, ALX_MAC_CTRL_SPEED,
-+ ALX_MAC_CTRL_SPEED_1000);
-+ phy |= ALX_PHY_CTRL_DSPRST_OUT;
-+ err = alx_write_phy_ext(hw, ALX_MIIEXT_ANEG,
-+ ALX_MIIEXT_S3DIG10,
-+ ALX_MIIEXT_S3DIG10_SL);
-+ if (err)
-+ return err;
-+ }
-+
-+ alx_enable_osc(hw);
-+ hw->rx_ctrl = mac;
-+ alx_write_mem32(hw, ALX_MASTER, master);
-+ alx_write_mem32(hw, ALX_MAC_CTRL, mac);
-+ alx_write_mem32(hw, ALX_PHY_CTRL, phy);
-+
-+ /* set val of PDLL D3PLLOFF */
-+ val = alx_read_mem32(hw, ALX_PDLL_TRNS1);
-+ val |= ALX_PDLL_TRNS1_D3PLLOFF_EN;
-+ alx_write_mem32(hw, ALX_PDLL_TRNS1, val);
-+
-+ return 0;
-+}
-+
- bool alx_phy_configured(struct alx_hw *hw)
- {
- u32 cfg, hw_cfg;
-@@ -920,6 +990,26 @@ int alx_clear_phy_intr(struct alx_hw *hw)
- return alx_read_phy_reg(hw, ALX_MII_ISR, &isr);
- }
-
-+int alx_config_wol(struct alx_hw *hw)
-+{
-+ u32 wol = 0;
-+ int err = 0;
-+
-+ /* turn on magic packet event */
-+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_MAGIC)
-+ wol |= ALX_WOL0_MAGIC_EN | ALX_WOL0_PME_MAGIC_EN;
-+
-+ /* turn on link up event */
-+ if (hw->sleep_ctrl & ALX_SLEEP_WOL_PHY) {
-+ wol |= ALX_WOL0_LINK_EN | ALX_WOL0_PME_LINK;
-+ /* only link up can wake up */
-+ err = alx_write_phy_reg(hw, ALX_MII_IER, ALX_IER_LINK_UP);
-+ }
-+ alx_write_mem32(hw, ALX_WOL0, wol);
-+
-+ return err;
-+}
-+
- void alx_disable_rss(struct alx_hw *hw)
- {
- u32 ctrl = alx_read_mem32(hw, ALX_RXQ0);
-@@ -1045,6 +1135,71 @@ void alx_mask_msix(struct alx_hw *hw, int index, bool mask)
- }
-
-
-+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex)
-+{
-+ int i, err;
-+ u16 lpa;
-+
-+ err = alx_read_phy_link(hw);
-+ if (err)
-+ return err;
-+
-+ if (hw->link_speed == SPEED_UNKNOWN) {
-+ *speed = SPEED_UNKNOWN;
-+ *duplex = DUPLEX_UNKNOWN;
-+ return 0;
-+ }
-+
-+ err = alx_read_phy_reg(hw, MII_LPA, &lpa);
-+ if (err)
-+ return err;
-+
-+ if (!(lpa & LPA_LPACK)) {
-+ *speed = hw->link_speed;
-+ return 0;
-+ }
-+
-+ if (lpa & LPA_10FULL) {
-+ *speed = SPEED_10;
-+ *duplex = DUPLEX_FULL;
-+ } else if (lpa & LPA_10HALF) {
-+ *speed = SPEED_10;
-+ *duplex = DUPLEX_HALF;
-+ } else if (lpa & LPA_100FULL) {
-+ *speed = SPEED_100;
-+ *duplex = DUPLEX_FULL;
-+ } else {
-+ *speed = SPEED_100;
-+ *duplex = DUPLEX_HALF;
-+ }
-+
-+ if (*speed == hw->link_speed && *duplex == hw->duplex)
-+ return 0;
-+ err = alx_write_phy_reg(hw, ALX_MII_IER, 0);
-+ if (err)
-+ return err;
-+ err = alx_setup_speed_duplex(hw, alx_speed_to_ethadv(*speed, *duplex) |
-+ ADVERTISED_Autoneg, ALX_FC_ANEG |
-+ ALX_FC_RX | ALX_FC_TX);
-+ if (err)
-+ return err;
-+
-+ /* wait for linkup */
-+ for (i = 0; i < ALX_MAX_SETUP_LNK_CYCLE; i++) {
-+ msleep(100);
-+
-+ err = alx_read_phy_link(hw);
-+ if (err < 0)
-+ return err;
-+ if (hw->link_speed != SPEED_UNKNOWN)
-+ break;
-+ }
-+ if (i == ALX_MAX_SETUP_LNK_CYCLE)
-+ return -ETIMEDOUT;
-+
-+ return 0;
-+}
-+
- bool alx_get_phy_info(struct alx_hw *hw)
- {
- u16 devs1, devs2;
-diff --git a/drivers/net/ethernet/atheros/alx/hw.h b/drivers/net/ethernet/atheros/alx/hw.h
-index e42d7e094..a7fb6c8d8 100644
---- a/drivers/net/ethernet/atheros/alx/hw.h
-+++ b/drivers/net/ethernet/atheros/alx/hw.h
-@@ -487,6 +487,8 @@ struct alx_hw {
- u8 flowctrl;
- u32 adv_cfg;
-
-+ u32 sleep_ctrl;
-+
- spinlock_t mdio_lock;
- struct mdio_if_info mdio;
- u16 phy_id[2];
-@@ -549,12 +551,14 @@ void alx_reset_pcie(struct alx_hw *hw);
- void alx_enable_aspm(struct alx_hw *hw, bool l0s_en, bool l1_en);
- int alx_setup_speed_duplex(struct alx_hw *hw, u32 ethadv, u8 flowctrl);
- void alx_post_phy_link(struct alx_hw *hw);
-+int alx_pre_suspend(struct alx_hw *hw, int speed, u8 duplex);
- int alx_read_phy_reg(struct alx_hw *hw, u16 reg, u16 *phy_data);
- int alx_write_phy_reg(struct alx_hw *hw, u16 reg, u16 phy_data);
- int alx_read_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 *pdata);
- int alx_write_phy_ext(struct alx_hw *hw, u8 dev, u16 reg, u16 data);
- int alx_read_phy_link(struct alx_hw *hw);
- int alx_clear_phy_intr(struct alx_hw *hw);
-+int alx_config_wol(struct alx_hw *hw);
- void alx_cfg_mac_flowcontrol(struct alx_hw *hw, u8 fc);
- void alx_start_mac(struct alx_hw *hw);
- int alx_reset_mac(struct alx_hw *hw);
-@@ -563,6 +567,7 @@ bool alx_phy_configured(struct alx_hw *hw);
- void alx_configure_basic(struct alx_hw *hw);
- void alx_mask_msix(struct alx_hw *hw, int index, bool mask);
- void alx_disable_rss(struct alx_hw *hw);
-+int alx_select_powersaving_speed(struct alx_hw *hw, int *speed, u8 *duplex);
- bool alx_get_phy_info(struct alx_hw *hw);
- void alx_update_hw_stats(struct alx_hw *hw);
-
-diff --git a/drivers/net/ethernet/atheros/alx/main.c b/drivers/net/ethernet/atheros/alx/main.c
-index 567ee5450..94fd0118d 100644
---- a/drivers/net/ethernet/atheros/alx/main.c
-+++ b/drivers/net/ethernet/atheros/alx/main.c
-@@ -1070,6 +1070,7 @@ static int alx_init_sw(struct alx_priv *alx)
- alx->dev->max_mtu = ALX_MAX_FRAME_LEN(ALX_MAX_FRAME_SIZE);
- alx->tx_ringsz = 256;
- alx->rx_ringsz = 512;
-+ hw->sleep_ctrl = ALX_SLEEP_WOL_MAGIC | ALX_SLEEP_WOL_PHY;
- hw->imt = 200;
- alx->int_mask = ALX_ISR_MISC;
- hw->dma_chnl = hw->max_dma_chnl;
-@@ -1345,6 +1346,65 @@ static int alx_stop(struct net_device *netdev)
- __alx_stop(netdev_priv(netdev));
- return 0;
- }
-+static int __alx_shutdown(struct pci_dev *pdev, bool *wol_en)
-+{
-+ struct alx_priv *alx = pci_get_drvdata(pdev);
-+ struct net_device *netdev = alx->dev;
-+ struct alx_hw *hw = &alx->hw;
-+ int err, speed;
-+ u8 duplex;
-+
-+ netif_device_detach(netdev);
-+
-+ if (netif_running(netdev))
-+ __alx_stop(alx);
-+
-+#ifdef CONFIG_PM_SLEEP
-+ err = pci_save_state(pdev);
-+ if (err)
-+ return err;
-+#endif
-+
-+ err = alx_select_powersaving_speed(hw, &speed, &duplex);
-+ if (err)
-+ return err;
-+ err = alx_clear_phy_intr(hw);
-+ if (err)
-+ return err;
-+ err = alx_pre_suspend(hw, speed, duplex);
-+ if (err)
-+ return err;
-+ err = alx_config_wol(hw);
-+ if (err)
-+ return err;
-+
-+ *wol_en = false;
-+ if (hw->sleep_ctrl & ALX_SLEEP_ACTIVE) {
-+ netif_info(alx, wol, netdev,
-+ "wol: ctrl=%X, speed=%X\n",
-+ hw->sleep_ctrl, speed);
-+ device_set_wakeup_enable(&pdev->dev, true);
-+ *wol_en = true;
-+ }
-+
-+ pci_disable_device(pdev);
-+
-+ return 0;
-+}
-+
-+static void alx_shutdown(struct pci_dev *pdev)
-+{
-+ int err;
-+ bool wol_en;
-+
-+ err = __alx_shutdown(pdev, &wol_en);
-+ if (!err) {
-+ pci_wake_from_d3(pdev, wol_en);
-+ pci_set_power_state(pdev, PCI_D3hot);
-+ } else {
-+ dev_err(&pdev->dev, "shutdown fail %d\n", err);
-+ }
-+}
-
- static void alx_link_check(struct work_struct *work)
- {
-@@ -1841,6 +1901,8 @@ static int alx_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
- goto out_unmap;
- }
-
-+ device_set_wakeup_enable(&pdev->dev, hw->sleep_ctrl);
-+
- netdev_info(netdev,
- "Qualcomm Atheros AR816x/AR817x Ethernet [%pM]\n",
- netdev->dev_addr);
-@@ -1883,12 +1945,21 @@ static void alx_remove(struct pci_dev *pdev)
- static int alx_suspend(struct device *dev)
- {
- struct pci_dev *pdev = to_pci_dev(dev);
-- struct alx_priv *alx = pci_get_drvdata(pdev);
-+ int err;
-+ bool wol_en;
-
-- if (!netif_running(alx->dev))
-- return 0;
-- netif_device_detach(alx->dev);
-- __alx_stop(alx);
-+ err = __alx_shutdown(pdev, &wol_en);
-+ if (err) {
-+ dev_err(&pdev->dev, "shutdown fail in suspend %d\n", err);
-+ return err;
-+ }
-+
-+ if (wol_en) {
-+ pci_prepare_to_sleep(pdev);
-+ } else {
-+ pci_wake_from_d3(pdev, false);
-+ pci_set_power_state(pdev, PCI_D3hot);
-+ }
- return 0;
- }
-
-@@ -1896,20 +1967,47 @@ static int alx_resume(struct device *dev)
- {
- struct pci_dev *pdev = to_pci_dev(dev);
- struct alx_priv *alx = pci_get_drvdata(pdev);
-- struct alx_hw *hw = &alx->hw;
--
-- alx_reset_phy(hw);
--
-- if (!netif_running(alx->dev))
-- return 0;
-- netif_device_attach(alx->dev);
-- return __alx_open(alx, true);
-+ struct net_device *netdev = alx->dev;
-+ struct alx_hw *hw = &alx->hw;
-+ int err;
-+
-+ pci_set_power_state(pdev, PCI_D0);
-+ pci_restore_state(pdev);
-+ pci_save_state(pdev);
-+
-+ pci_enable_wake(pdev, PCI_D3hot, 0);
-+ pci_enable_wake(pdev, PCI_D3cold, 0);
-+
-+ hw->link_speed = SPEED_UNKNOWN;
-+ alx->int_mask = ALX_ISR_MISC;
-+
-+ alx_reset_pcie(hw);
-+ alx_reset_phy(hw);
-+
-+ err = alx_reset_mac(hw);
-+ if (err) {
-+ netif_err(alx, hw, alx->dev,
-+ "resume:reset_mac fail %d\n", err);
-+ return -EIO;
-+ }
-+
-+ err = alx_setup_speed_duplex(hw, hw->adv_cfg, hw->flowctrl);
-+ if (err) {
-+ netif_err(alx, hw, alx->dev,
-+ "resume:setup_speed_duplex fail %d\n", err);
-+ return -EIO;
-+ }
-+
-+ if (netif_running(netdev)) {
-+ err = __alx_open(alx, true);
-+ if (err)
-+ return err;
-+ }
-+
-+ netif_device_attach(netdev);
-+ return err;
- }
-
--static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume);
--#define ALX_PM_OPS (&alx_pm_ops)
--#else
--#define ALX_PM_OPS NULL
- #endif
-
-
-@@ -1955,6 +2053,8 @@ static pci_ers_result_t alx_pci_error_slot_reset(struct pci_dev *pdev)
- }
-
- pci_set_master(pdev);
-+ pci_enable_wake(pdev, PCI_D3hot, 0);
-+ pci_enable_wake(pdev, PCI_D3cold, 0);
-
- alx_reset_pcie(hw);
- if (!alx_reset_mac(hw))
-@@ -2006,11 +2106,19 @@ static const struct pci_device_id alx_pci_tbl[] = {
- {}
- };
-
-+#ifdef CONFIG_PM_SLEEP
-+static SIMPLE_DEV_PM_OPS(alx_pm_ops, alx_suspend, alx_resume);
-+#define ALX_PM_OPS (&alx_pm_ops)
-+#else
-+#define ALX_PM_OPS NULL
-+#endif
-+
- static struct pci_driver alx_driver = {
- .name = alx_drv_name,
- .id_table = alx_pci_tbl,
- .probe = alx_probe,
- .remove = alx_remove,
-+ .shutdown = alx_shutdown,
- .err_handler = &alx_err_handlers,
- .driver.pm = ALX_PM_OPS,
- };
diff --git a/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch b/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch
index 0085a4f2..b5bfc225 100644
--- a/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch
+++ b/sys-kernel/linux-image-redcore-lts/files/linux-hardened.patch
@@ -1,90 +1,94 @@
-diff -Nur a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
---- a/arch/arm64/configs/defconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/arm64/configs/defconfig 2018-05-26 19:24:34.821782579 +0100
-@@ -1,4 +1,3 @@
--CONFIG_SYSVIPC=y
- CONFIG_POSIX_MQUEUE=y
- CONFIG_AUDIT=y
- CONFIG_NO_HZ_IDLE=y
-diff -Nur a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
---- a/arch/arm64/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/arm64/include/asm/elf.h 2018-05-26 19:24:34.821782579 +0100
-@@ -114,10 +114,10 @@
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 9841bad6f271..99aab439ba8e 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -490,16 +490,6 @@
+ nosocket -- Disable socket memory accounting.
+ nokmem -- Disable kernel memory accounting.
- /*
- * This is the base location for PIE (ET_DYN with INTERP) loads. On
-- * 64-bit, this is above 4GB to leave the entire 32-bit address
-+ * 64-bit, this is raised to 4GB to leave the entire 32-bit address
- * space open for things that want to use the area for 32-bit pointers.
- */
--#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3)
-+#define ELF_ET_DYN_BASE 0x100000000UL
+- checkreqprot [SELINUX] Set initial checkreqprot flag value.
+- Format: { "0" | "1" }
+- See security/selinux/Kconfig help text.
+- 0 -- check protection applied by kernel (includes
+- any implied execute protection).
+- 1 -- check protection requested by application.
+- Default value is set via a kernel config option.
+- Value can be changed at runtime via
+- /selinux/checkreqprot.
+-
+ cio_ignore= [S390]
+ See Documentation/s390/CommonIO for details.
+ clk_ignore_unused
+@@ -2977,6 +2967,11 @@
+ the specified number of seconds. This is to be used if
+ your oopses keep scrolling off the screen.
- #ifndef __ASSEMBLY__
++ extra_latent_entropy
++ Enable a very simple form of latent entropy extraction
++ from the first 4GB of memory as the bootmem allocator
++ passes the memory pages to the buddy allocator.
++
+ pcbit= [HW,ISDN]
-@@ -158,10 +158,10 @@
- /* 1GB of VA */
- #ifdef CONFIG_COMPAT
- #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \
-- 0x7ff >> (PAGE_SHIFT - 12) : \
-- 0x3ffff >> (PAGE_SHIFT - 12))
-+ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \
-+ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
- #else
--#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12))
-+#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
- #endif
+ pcd. [PARIDE]
+diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
+index 694968c7523c..002d86416ef8 100644
+--- a/Documentation/sysctl/kernel.txt
++++ b/Documentation/sysctl/kernel.txt
+@@ -91,6 +91,7 @@ show up in /proc/sys/kernel:
+ - sysctl_writes_strict
+ - tainted
+ - threads-max
++- tiocsti_restrict
+ - unknown_nmi_panic
+ - watchdog
+ - watchdog_thresh
+@@ -999,6 +1000,26 @@ available RAM pages threads-max is reduced accordingly.
- #ifdef __AARCH64EB__
-diff -Nur a/arch/arm64/Kconfig b/arch/arm64/Kconfig
---- a/arch/arm64/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/arm64/Kconfig 2018-05-26 19:24:34.821782579 +0100
-@@ -918,6 +918,7 @@
+ ==============================================================
- config ARM64_SW_TTBR0_PAN
- bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
-+ default y
- help
- Enabling this option prevents the kernel from accessing
- user-space memory directly by pointing TTBR0_EL1 to a reserved
-@@ -1044,6 +1045,7 @@
- bool "Randomize the address of the kernel image"
- select ARM64_MODULE_PLTS if MODULES
- select RELOCATABLE
-+ default y
- help
- Randomizes the virtual address at which the kernel image is
- loaded, as a security feature that deters exploit attempts
-diff -Nur a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
---- a/arch/arm64/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/arm64/Kconfig.debug 2018-05-26 19:24:34.821782579 +0100
-@@ -45,6 +45,7 @@
- config DEBUG_WX
- bool "Warn on W+X mappings at boot"
- select ARM64_PTDUMP_CORE
-+ default y
- ---help---
- Generate a warning if any W+X mappings are found at boot.
++tiocsti_restrict:
++
++This toggle indicates whether unprivileged users are prevented
++from using the TIOCSTI ioctl to inject commands into other processes
++which share a tty session.
++
++When tiocsti_restrict is set to (0) there are no restrictions(accept
++the default restriction of only being able to injection commands into
++one's own tty). When tiocsti_restrict is set to (1), users must
++have CAP_SYS_ADMIN to use the TIOCSTI ioctl.
++
++When user namespaces are in use, the check for the capability
++CAP_SYS_ADMIN is done against the user namespace that originally
++opened the tty.
++
++The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the
++default value of tiocsti_restrict.
++
++==============================================================
++
+ unknown_nmi_panic:
-diff -Nur a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
---- a/arch/arm64/kernel/process.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/arm64/kernel/process.c 2018-05-26 19:24:34.821782579 +0100
-@@ -419,9 +419,9 @@
- unsigned long arch_randomize_brk(struct mm_struct *mm)
- {
- if (is_compat_task())
-- return randomize_page(mm->brk, SZ_32M);
-+ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE;
- else
-- return randomize_page(mm->brk, SZ_1G);
-+ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE;
- }
+ The value in this file affects behavior of handling NMI. When the
+diff --git a/Makefile b/Makefile
+index 025156791e90..c45debf0a8e2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -706,6 +706,9 @@ endif
+ KBUILD_CFLAGS += $(stackp-flag)
- /*
-diff -Nur a/arch/Kconfig b/arch/Kconfig
---- a/arch/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/Kconfig 2018-05-26 19:24:34.820782546 +0100
-@@ -440,6 +440,11 @@
+ ifeq ($(cc-name),clang)
++ifdef CONFIG_LOCAL_INIT
++KBUILD_CFLAGS += -fsanitize=local-init
++endif
+ KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
+ KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier)
+ KBUILD_CFLAGS += $(call cc-disable-warning, gnu)
+diff --git a/arch/Kconfig b/arch/Kconfig
+index 4e01862f58e4..111da81b4277 100644
+--- a/arch/Kconfig
++++ b/arch/Kconfig
+@@ -443,6 +443,11 @@ config GCC_PLUGIN_LATENT_ENTROPY
is some slowdown of the boot process (about 0.5%) and fork and
irq processing.
@@ -96,7 +100,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig
Note that entropy extracted this way is not cryptographically
secure!
-@@ -533,7 +538,7 @@
+@@ -536,7 +541,7 @@ config CC_STACKPROTECTOR
choice
prompt "Stack Protector buffer overflow detection"
depends on HAVE_CC_STACKPROTECTOR
@@ -105,7 +109,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig
help
This option turns on the "stack-protector" GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -735,7 +740,7 @@
+@@ -738,7 +743,7 @@ config ARCH_MMAP_RND_BITS
int "Number of bits to use for ASLR of mmap base address" if EXPERT
range ARCH_MMAP_RND_BITS_MIN ARCH_MMAP_RND_BITS_MAX
default ARCH_MMAP_RND_BITS_DEFAULT if ARCH_MMAP_RND_BITS_DEFAULT
@@ -114,7 +118,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig
depends on HAVE_ARCH_MMAP_RND_BITS
help
This value can be used to select the number of bits to use to
-@@ -769,7 +774,7 @@
+@@ -772,7 +777,7 @@ config ARCH_MMAP_RND_COMPAT_BITS
int "Number of bits to use for ASLR of mmap base address for compatible applications" if EXPERT
range ARCH_MMAP_RND_COMPAT_BITS_MIN ARCH_MMAP_RND_COMPAT_BITS_MAX
default ARCH_MMAP_RND_COMPAT_BITS_DEFAULT if ARCH_MMAP_RND_COMPAT_BITS_DEFAULT
@@ -123,7 +127,7 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig
depends on HAVE_ARCH_MMAP_RND_COMPAT_BITS
help
This value can be used to select the number of bits to use to
-@@ -952,6 +957,7 @@
+@@ -955,6 +960,7 @@ config ARCH_HAS_REFCOUNT
config REFCOUNT_FULL
bool "Perform full reference count validation at the expense of speed"
@@ -131,19 +135,154 @@ diff -Nur a/arch/Kconfig b/arch/Kconfig
help
Enabling this switches the refcounting infrastructure from a fast
unchecked atomic_t implementation to a fully state checked
-diff -Nur a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
---- a/arch/x86/configs/x86_64_defconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/configs/x86_64_defconfig 2018-05-26 19:24:34.822782611 +0100
+diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
+index 1bbb89d37f57..e3776376cafa 100644
+--- a/arch/arm64/Kconfig
++++ b/arch/arm64/Kconfig
+@@ -927,6 +927,7 @@ endif
+
+ config ARM64_SW_TTBR0_PAN
+ bool "Emulate Privileged Access Never using TTBR0_EL1 switching"
++ default y
+ help
+ Enabling this option prevents the kernel from accessing
+ user-space memory directly by pointing TTBR0_EL1 to a reserved
+@@ -1053,6 +1054,7 @@ config RANDOMIZE_BASE
+ bool "Randomize the address of the kernel image"
+ select ARM64_MODULE_PLTS if MODULES
+ select RELOCATABLE
++ default y
+ help
+ Randomizes the virtual address at which the kernel image is
+ loaded, as a security feature that deters exploit attempts
+diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug
+index cc6bd559af85..01d5442d4722 100644
+--- a/arch/arm64/Kconfig.debug
++++ b/arch/arm64/Kconfig.debug
+@@ -45,6 +45,7 @@ config ARM64_RANDOMIZE_TEXT_OFFSET
+ config DEBUG_WX
+ bool "Warn on W+X mappings at boot"
+ select ARM64_PTDUMP_CORE
++ default y
+ ---help---
+ Generate a warning if any W+X mappings are found at boot.
+
+diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
+index b05796578e7a..8f6e2099717d 100644
+--- a/arch/arm64/configs/defconfig
++++ b/arch/arm64/configs/defconfig
+@@ -1,4 +1,3 @@
+-CONFIG_SYSVIPC=y
+ CONFIG_POSIX_MQUEUE=y
+ CONFIG_AUDIT=y
+ CONFIG_NO_HZ_IDLE=y
+diff --git a/arch/arm64/include/asm/elf.h b/arch/arm64/include/asm/elf.h
+index 33be513ef24c..6f0c0e3ef0dd 100644
+--- a/arch/arm64/include/asm/elf.h
++++ b/arch/arm64/include/asm/elf.h
+@@ -114,10 +114,10 @@
+
+ /*
+ * This is the base location for PIE (ET_DYN with INTERP) loads. On
+- * 64-bit, this is above 4GB to leave the entire 32-bit address
++ * 64-bit, this is raised to 4GB to leave the entire 32-bit address
+ * space open for things that want to use the area for 32-bit pointers.
+ */
+-#define ELF_ET_DYN_BASE (2 * TASK_SIZE_64 / 3)
++#define ELF_ET_DYN_BASE 0x100000000UL
+
+ #ifndef __ASSEMBLY__
+
+@@ -158,10 +158,10 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+ /* 1GB of VA */
+ #ifdef CONFIG_COMPAT
+ #define STACK_RND_MASK (test_thread_flag(TIF_32BIT) ? \
+- 0x7ff >> (PAGE_SHIFT - 12) : \
+- 0x3ffff >> (PAGE_SHIFT - 12))
++ ((1UL << mmap_rnd_compat_bits) - 1) >> (PAGE_SHIFT - 12) : \
++ ((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
+ #else
+-#define STACK_RND_MASK (0x3ffff >> (PAGE_SHIFT - 12))
++#define STACK_RND_MASK (((1UL << mmap_rnd_bits) - 1) >> (PAGE_SHIFT - 12))
+ #endif
+
+ #ifdef __AARCH64EB__
+diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
+index 9e773732520c..91359f45b5fc 100644
+--- a/arch/arm64/kernel/process.c
++++ b/arch/arm64/kernel/process.c
+@@ -419,9 +419,9 @@ unsigned long arch_align_stack(unsigned long sp)
+ unsigned long arch_randomize_brk(struct mm_struct *mm)
+ {
+ if (is_compat_task())
+- return randomize_page(mm->brk, SZ_32M);
++ return mm->brk + get_random_long() % SZ_32M + PAGE_SIZE;
+ else
+- return randomize_page(mm->brk, SZ_1G);
++ return mm->brk + get_random_long() % SZ_1G + PAGE_SIZE;
+ }
+
+ /*
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
+index 1c63a4b5320d..54f70e88db20 100644
+--- a/arch/x86/Kconfig
++++ b/arch/x86/Kconfig
+@@ -1154,8 +1154,7 @@ config VM86
+ default X86_LEGACY_VM86
+
+ config X86_16BIT
+- bool "Enable support for 16-bit segments" if EXPERT
+- default y
++ bool "Enable support for 16-bit segments"
+ depends on MODIFY_LDT_SYSCALL
+ ---help---
+ This option is required by programs like Wine to run 16-bit
+@@ -2229,7 +2228,7 @@ config COMPAT_VDSO
+ choice
+ prompt "vsyscall table for legacy applications"
+ depends on X86_64
+- default LEGACY_VSYSCALL_EMULATE
++ default LEGACY_VSYSCALL_NONE
+ help
+ Legacy user code that does not know how to find the vDSO expects
+ to be able to issue three syscalls by calling fixed addresses in
+@@ -2319,8 +2318,7 @@ config CMDLINE_OVERRIDE
+ be set to 'N' under normal conditions.
+
+ config MODIFY_LDT_SYSCALL
+- bool "Enable the LDT (local descriptor table)" if EXPERT
+- default y
++ bool "Enable the LDT (local descriptor table)"
+ ---help---
+ Linux can allow user programs to install a per-process x86
+ Local Descriptor Table (LDT) using the modify_ldt(2) system
+diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
+index 6293a8768a91..add82e0f1df3 100644
+--- a/arch/x86/Kconfig.debug
++++ b/arch/x86/Kconfig.debug
+@@ -101,6 +101,7 @@ config EFI_PGT_DUMP
+ config DEBUG_WX
+ bool "Warn on W+X mappings at boot"
+ select X86_PTDUMP_CORE
++ default y
+ ---help---
+ Generate a warning if any W+X mappings are found at boot.
+
+diff --git a/arch/x86/configs/x86_64_defconfig b/arch/x86/configs/x86_64_defconfig
+index e32fc1f274d8..d08acc76502a 100644
+--- a/arch/x86/configs/x86_64_defconfig
++++ b/arch/x86/configs/x86_64_defconfig
@@ -1,5 +1,4 @@
# CONFIG_LOCALVERSION_AUTO is not set
-CONFIG_SYSVIPC=y
CONFIG_POSIX_MQUEUE=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_TASKSTATS=y
-diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
---- a/arch/x86/entry/vdso/vma.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/entry/vdso/vma.c 2018-05-26 19:24:34.822782611 +0100
-@@ -203,55 +203,9 @@
+diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
+index 1911310959f8..bba8dbbc07a8 100644
+--- a/arch/x86/entry/vdso/vma.c
++++ b/arch/x86/entry/vdso/vma.c
+@@ -203,55 +203,9 @@ static int map_vdso(const struct vdso_image *image, unsigned long addr)
}
#ifdef CONFIG_X86_64
@@ -200,10 +339,11 @@ diff -Nur a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
}
#endif
-diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
---- a/arch/x86/include/asm/elf.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/include/asm/elf.h 2018-05-26 19:24:34.822782611 +0100
-@@ -249,11 +249,11 @@
+diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
+index 3a091cea36c5..0931c05a3348 100644
+--- a/arch/x86/include/asm/elf.h
++++ b/arch/x86/include/asm/elf.h
+@@ -249,11 +249,11 @@ extern int force_personality32;
/*
* This is the base location for PIE (ET_DYN with INTERP) loads. On
@@ -217,7 +357,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
/* This yields a mask that user programs can use to figure out what
instruction set this CPU supports. This could be done in user space,
-@@ -312,8 +312,8 @@
+@@ -312,8 +312,8 @@ extern unsigned long get_mmap_base(int is_legacy);
#ifdef CONFIG_X86_32
@@ -228,7 +368,7 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
#define ARCH_DLINFO ARCH_DLINFO_IA32
-@@ -322,7 +322,11 @@
+@@ -322,7 +322,11 @@ extern unsigned long get_mmap_base(int is_legacy);
#else /* CONFIG_X86_32 */
/* 1GB for 64bit, 8MB for 32bit */
@@ -241,16 +381,17 @@ diff -Nur a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
#define STACK_RND_MASK __STACK_RND_MASK(mmap_is_ia32())
#define ARCH_DLINFO \
-@@ -380,5 +384,4 @@
+@@ -380,5 +384,4 @@ struct va_alignment {
} ____cacheline_aligned;
extern struct va_alignment va_align;
-extern unsigned long align_vdso_addr(unsigned long);
#endif /* _ASM_X86_ELF_H */
-diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
---- a/arch/x86/include/asm/tlbflush.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/include/asm/tlbflush.h 2018-05-26 19:24:34.823782643 +0100
-@@ -253,6 +253,7 @@
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
+index 875ca99b82ee..77edc169f7a2 100644
+--- a/arch/x86/include/asm/tlbflush.h
++++ b/arch/x86/include/asm/tlbflush.h
+@@ -258,6 +258,7 @@ static inline void cr4_set_bits(unsigned long mask)
unsigned long cr4;
cr4 = this_cpu_read(cpu_tlbstate.cr4);
@@ -258,7 +399,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
if ((cr4 | mask) != cr4) {
cr4 |= mask;
this_cpu_write(cpu_tlbstate.cr4, cr4);
-@@ -266,6 +267,7 @@
+@@ -271,6 +272,7 @@ static inline void cr4_clear_bits(unsigned long mask)
unsigned long cr4;
cr4 = this_cpu_read(cpu_tlbstate.cr4);
@@ -266,7 +407,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
if ((cr4 & ~mask) != cr4) {
cr4 &= ~mask;
this_cpu_write(cpu_tlbstate.cr4, cr4);
-@@ -278,6 +280,7 @@
+@@ -283,6 +285,7 @@ static inline void cr4_toggle_bits(unsigned long mask)
unsigned long cr4;
cr4 = this_cpu_read(cpu_tlbstate.cr4);
@@ -274,7 +415,7 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
cr4 ^= mask;
this_cpu_write(cpu_tlbstate.cr4, cr4);
__write_cr4(cr4);
-@@ -386,6 +389,7 @@
+@@ -391,6 +394,7 @@ static inline void __native_flush_tlb_global(void)
raw_local_irq_save(flags);
cr4 = this_cpu_read(cpu_tlbstate.cr4);
@@ -282,53 +423,11 @@ diff -Nur a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
/* toggle PGE */
native_write_cr4(cr4 ^ X86_CR4_PGE);
/* write old PGE again and flush TLBs */
-diff -Nur a/arch/x86/Kconfig b/arch/x86/Kconfig
---- a/arch/x86/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/Kconfig 2018-05-26 19:24:34.822782611 +0100
-@@ -1153,8 +1153,7 @@
- default X86_LEGACY_VM86
-
- config X86_16BIT
-- bool "Enable support for 16-bit segments" if EXPERT
-- default y
-+ bool "Enable support for 16-bit segments"
- depends on MODIFY_LDT_SYSCALL
- ---help---
- This option is required by programs like Wine to run 16-bit
-@@ -2228,7 +2227,7 @@
- choice
- prompt "vsyscall table for legacy applications"
- depends on X86_64
-- default LEGACY_VSYSCALL_EMULATE
-+ default LEGACY_VSYSCALL_NONE
- help
- Legacy user code that does not know how to find the vDSO expects
- to be able to issue three syscalls by calling fixed addresses in
-@@ -2318,8 +2317,7 @@
- be set to 'N' under normal conditions.
-
- config MODIFY_LDT_SYSCALL
-- bool "Enable the LDT (local descriptor table)" if EXPERT
-- default y
-+ bool "Enable the LDT (local descriptor table)"
- ---help---
- Linux can allow user programs to install a per-process x86
- Local Descriptor Table (LDT) using the modify_ldt(2) system
-diff -Nur a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
---- a/arch/x86/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/Kconfig.debug 2018-05-26 19:24:34.822782611 +0100
-@@ -101,6 +101,7 @@
- config DEBUG_WX
- bool "Warn on W+X mappings at boot"
- select X86_PTDUMP_CORE
-+ default y
- ---help---
- Generate a warning if any W+X mappings are found at boot.
-
-diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
---- a/arch/x86/kernel/cpu/common.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/kernel/cpu/common.c 2018-05-26 19:24:34.823782643 +0100
-@@ -1637,7 +1637,6 @@
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
+index dd02ee4fa8cd..f991b4f69f21 100644
+--- a/arch/x86/kernel/cpu/common.c
++++ b/arch/x86/kernel/cpu/common.c
+@@ -1658,7 +1658,6 @@ void cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -336,20 +435,20 @@ diff -Nur a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
x2apic_setup();
/*
-diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
---- a/arch/x86/kernel/process.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/kernel/process.c 2018-05-26 19:26:32.692611050 +0100
-@@ -40,6 +40,9 @@
+diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
+index 988a98f34c66..dc36d2d9078a 100644
+--- a/arch/x86/kernel/process.c
++++ b/arch/x86/kernel/process.c
+@@ -40,6 +40,8 @@
#include <asm/desc.h>
#include <asm/prctl.h>
#include <asm/spec-ctrl.h>
+#include <asm/elf.h>
+#include <linux/sizes.h>
-+
/*
* per-CPU TSS segments. Threads are completely 'soft' on Linux,
-@@ -719,7 +722,10 @@
+@@ -719,7 +721,10 @@ unsigned long arch_align_stack(unsigned long sp)
unsigned long arch_randomize_brk(struct mm_struct *mm)
{
@@ -361,10 +460,11 @@ diff -Nur a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
}
/*
-diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
---- a/arch/x86/kernel/sys_x86_64.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/kernel/sys_x86_64.c 2018-05-26 19:24:34.823782643 +0100
-@@ -54,13 +54,6 @@
+diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
+index a63fe77b3217..e1085e76043e 100644
+--- a/arch/x86/kernel/sys_x86_64.c
++++ b/arch/x86/kernel/sys_x86_64.c
+@@ -54,13 +54,6 @@ static unsigned long get_align_bits(void)
return va_align.bits & get_align_mask();
}
@@ -378,7 +478,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
static int __init control_va_addr_alignment(char *str)
{
/* guard against enabling this on other CPU families */
-@@ -122,10 +115,7 @@
+@@ -122,10 +115,7 @@ static void find_start_end(unsigned long addr, unsigned long flags,
}
*begin = get_mmap_base(1);
@@ -390,7 +490,7 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
}
unsigned long
-@@ -206,7 +196,7 @@
+@@ -206,7 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
info.flags = VM_UNMAPPED_AREA_TOPDOWN;
info.length = len;
@@ -399,10 +499,11 @@ diff -Nur a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c
info.high_limit = get_mmap_base(0);
/*
-diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
---- a/arch/x86/mm/init_32.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/mm/init_32.c 2018-05-26 19:24:34.824782676 +0100
-@@ -558,7 +558,7 @@
+diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
+index 3141e67ec24c..e93173193f60 100644
+--- a/arch/x86/mm/init_32.c
++++ b/arch/x86/mm/init_32.c
+@@ -558,7 +558,7 @@ static void __init pagetable_init(void)
permanent_kmaps_init(pgd_base);
}
@@ -411,7 +512,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -865,7 +865,7 @@
+@@ -865,7 +865,7 @@ int arch_remove_memory(u64 start, u64 size)
#endif
#endif
@@ -420,7 +521,7 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
void set_kernel_text_rw(void)
{
-@@ -917,12 +917,11 @@
+@@ -917,12 +917,11 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
@@ -434,9 +535,10 @@ diff -Nur a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
#ifdef CONFIG_CPA_DEBUG
printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n",
start, start+size);
-diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
---- a/arch/x86/mm/init_64.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/arch/x86/mm/init_64.c 2018-05-26 19:24:34.824782676 +0100
+diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
+index 642357aff216..8bbf93ce3cd2 100644
+--- a/arch/x86/mm/init_64.c
++++ b/arch/x86/mm/init_64.c
@@ -65,7 +65,7 @@
* around without checking the pgd every time.
*/
@@ -446,7 +548,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
EXPORT_SYMBOL_GPL(__supported_pte_mask);
int force_personality32;
-@@ -1185,7 +1185,7 @@
+@@ -1185,7 +1185,7 @@ void __init mem_init(void)
mem_init_print_info(NULL);
}
@@ -455,7 +557,7 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
void set_kernel_text_rw(void)
{
-@@ -1234,9 +1234,8 @@
+@@ -1234,9 +1234,8 @@ void mark_rodata_ro(void)
printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
(end - start) >> 10);
@@ -466,10 +568,11 @@ diff -Nur a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
/*
* The rodata/data/bss/brk section (but not the kernel text!)
-diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c
---- a/block/blk-softirq.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/block/blk-softirq.c 2018-05-26 19:24:34.824782676 +0100
-@@ -20,7 +20,7 @@
+diff --git a/block/blk-softirq.c b/block/blk-softirq.c
+index 01e2b353a2b9..9aeddca4a29f 100644
+--- a/block/blk-softirq.c
++++ b/block/blk-softirq.c
+@@ -20,7 +20,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done);
* Softirq action handler - move entries to local list and loop over them
* while passing them to the queue registered handler.
*/
@@ -478,80 +581,11 @@ diff -Nur a/block/blk-softirq.c b/block/blk-softirq.c
{
struct list_head *cpu_list, local_list;
-diff -Nur a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
---- a/Documentation/admin-guide/kernel-parameters.txt 2018-05-25 15:18:02.000000000 +0100
-+++ b/Documentation/admin-guide/kernel-parameters.txt 2018-05-26 19:24:34.819782514 +0100
-@@ -490,16 +490,6 @@
- nosocket -- Disable socket memory accounting.
- nokmem -- Disable kernel memory accounting.
-
-- checkreqprot [SELINUX] Set initial checkreqprot flag value.
-- Format: { "0" | "1" }
-- See security/selinux/Kconfig help text.
-- 0 -- check protection applied by kernel (includes
-- any implied execute protection).
-- 1 -- check protection requested by application.
-- Default value is set via a kernel config option.
-- Value can be changed at runtime via
-- /selinux/checkreqprot.
--
- cio_ignore= [S390]
- See Documentation/s390/CommonIO for details.
- clk_ignore_unused
-@@ -2899,6 +2889,11 @@
- the specified number of seconds. This is to be used if
- your oopses keep scrolling off the screen.
-
-+ extra_latent_entropy
-+ Enable a very simple form of latent entropy extraction
-+ from the first 4GB of memory as the bootmem allocator
-+ passes the memory pages to the buddy allocator.
-+
- pcbit= [HW,ISDN]
-
- pcd. [PARIDE]
-diff -Nur a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt
---- a/Documentation/sysctl/kernel.txt 2018-05-25 15:18:02.000000000 +0100
-+++ b/Documentation/sysctl/kernel.txt 2018-05-26 19:24:34.820782546 +0100
-@@ -91,6 +91,7 @@
- - sysctl_writes_strict
- - tainted
- - threads-max
-+- tiocsti_restrict
- - unknown_nmi_panic
- - watchdog
- - watchdog_thresh
-@@ -999,6 +1000,26 @@
-
- ==============================================================
-
-+tiocsti_restrict:
-+
-+This toggle indicates whether unprivileged users are prevented
-+from using the TIOCSTI ioctl to inject commands into other processes
-+which share a tty session.
-+
-+When tiocsti_restrict is set to (0) there are no restrictions(accept
-+the default restriction of only being able to injection commands into
-+one's own tty). When tiocsti_restrict is set to (1), users must
-+have CAP_SYS_ADMIN to use the TIOCSTI ioctl.
-+
-+When user namespaces are in use, the check for the capability
-+CAP_SYS_ADMIN is done against the user namespace that originally
-+opened the tty.
-+
-+The kernel config option CONFIG_SECURITY_TIOCSTI_RESTRICT sets the
-+default value of tiocsti_restrict.
-+
-+==============================================================
-+
- unknown_nmi_panic:
-
- The value in this file affects behavior of handling NMI. When the
-diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
---- a/drivers/ata/libata-core.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/ata/libata-core.c 2018-05-26 19:24:34.825782708 +0100
-@@ -5141,7 +5141,7 @@
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
+index 6938bd86ff1c..89e202988379 100644
+--- a/drivers/ata/libata-core.c
++++ b/drivers/ata/libata-core.c
+@@ -5147,7 +5147,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
struct ata_port *ap;
unsigned int tag;
@@ -560,7 +594,7 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
ap = qc->ap;
qc->flags = 0;
-@@ -5158,7 +5158,7 @@
+@@ -5164,7 +5164,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
struct ata_port *ap;
struct ata_link *link;
@@ -569,10 +603,11 @@ diff -Nur a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
ap = qc->ap;
link = qc->dev->link;
-diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig
---- a/drivers/char/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/char/Kconfig 2018-05-26 19:24:34.826782741 +0100
-@@ -9,7 +9,6 @@
+diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
+index c28dca0c613d..d4813f0d25ca 100644
+--- a/drivers/char/Kconfig
++++ b/drivers/char/Kconfig
+@@ -9,7 +9,6 @@ source "drivers/tty/Kconfig"
config DEVMEM
bool "/dev/mem virtual device support"
@@ -580,7 +615,7 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig
help
Say Y here if you want to support the /dev/mem device.
The /dev/mem device is used to access areas of physical
-@@ -568,7 +567,6 @@
+@@ -568,7 +567,6 @@ config TELCLOCK
config DEVPORT
bool "/dev/port character device"
depends on ISA || PCI
@@ -588,10 +623,11 @@ diff -Nur a/drivers/char/Kconfig b/drivers/char/Kconfig
help
Say Y here if you want to support the /dev/port device. The /dev/port
device is similar to /dev/mem, but for I/O ports.
-diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c
---- a/drivers/media/dvb-frontends/cx24116.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/cx24116.c 2018-05-26 19:24:34.826782741 +0100
-@@ -1462,7 +1462,7 @@
+diff --git a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/cx24116.c
+index e105532bfba8..e07d52bb9b62 100644
+--- a/drivers/media/dvb-frontends/cx24116.c
++++ b/drivers/media/dvb-frontends/cx24116.c
+@@ -1462,7 +1462,7 @@ static int cx24116_tune(struct dvb_frontend *fe, bool re_tune,
return cx24116_read_status(fe, status);
}
@@ -600,10 +636,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24116.c b/drivers/media/dvb-frontends/
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c
---- a/drivers/media/dvb-frontends/cx24117.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/cx24117.c 2018-05-26 19:24:34.826782741 +0100
-@@ -1555,7 +1555,7 @@
+diff --git a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/cx24117.c
+index d37cb7762bd6..97e0feff0ede 100644
+--- a/drivers/media/dvb-frontends/cx24117.c
++++ b/drivers/media/dvb-frontends/cx24117.c
+@@ -1555,7 +1555,7 @@ static int cx24117_tune(struct dvb_frontend *fe, bool re_tune,
return cx24117_read_status(fe, status);
}
@@ -612,10 +649,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24117.c b/drivers/media/dvb-frontends/
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c
---- a/drivers/media/dvb-frontends/cx24120.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/cx24120.c 2018-05-26 19:24:34.827782773 +0100
-@@ -1491,7 +1491,7 @@
+diff --git a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/cx24120.c
+index 7f11dcc94d85..01da670760ba 100644
+--- a/drivers/media/dvb-frontends/cx24120.c
++++ b/drivers/media/dvb-frontends/cx24120.c
+@@ -1491,7 +1491,7 @@ static int cx24120_tune(struct dvb_frontend *fe, bool re_tune,
return cx24120_read_status(fe, status);
}
@@ -624,10 +662,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24120.c b/drivers/media/dvb-frontends/
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c
---- a/drivers/media/dvb-frontends/cx24123.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/cx24123.c 2018-05-26 19:24:34.827782773 +0100
-@@ -1005,7 +1005,7 @@
+diff --git a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/cx24123.c
+index 1d59d1d3bd82..41cd0e9ea199 100644
+--- a/drivers/media/dvb-frontends/cx24123.c
++++ b/drivers/media/dvb-frontends/cx24123.c
+@@ -1005,7 +1005,7 @@ static int cx24123_tune(struct dvb_frontend *fe,
return retval;
}
@@ -636,10 +675,11 @@ diff -Nur a/drivers/media/dvb-frontends/cx24123.c b/drivers/media/dvb-frontends/
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c
---- a/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/cxd2820r_core.c 2018-05-26 19:24:34.827782773 +0100
-@@ -403,7 +403,7 @@
+diff --git a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-frontends/cxd2820r_core.c
+index f6ebbb47b9b2..3e0d8cbd76da 100644
+--- a/drivers/media/dvb-frontends/cxd2820r_core.c
++++ b/drivers/media/dvb-frontends/cxd2820r_core.c
+@@ -403,7 +403,7 @@ static enum dvbfe_search cxd2820r_search(struct dvb_frontend *fe)
return DVBFE_ALGO_SEARCH_ERROR;
}
@@ -648,10 +688,11 @@ diff -Nur a/drivers/media/dvb-frontends/cxd2820r_core.c b/drivers/media/dvb-fron
{
return DVBFE_ALGO_CUSTOM;
}
-diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
---- a/drivers/media/dvb-frontends/mb86a20s.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/mb86a20s.c 2018-05-26 19:24:34.827782773 +0100
-@@ -2055,7 +2055,7 @@
+diff --git a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends/mb86a20s.c
+index e8ac8c3e2ec0..e0f4ba8302d1 100644
+--- a/drivers/media/dvb-frontends/mb86a20s.c
++++ b/drivers/media/dvb-frontends/mb86a20s.c
+@@ -2055,7 +2055,7 @@ static void mb86a20s_release(struct dvb_frontend *fe)
kfree(state);
}
@@ -660,10 +701,11 @@ diff -Nur a/drivers/media/dvb-frontends/mb86a20s.c b/drivers/media/dvb-frontends
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c
---- a/drivers/media/dvb-frontends/s921.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/dvb-frontends/s921.c 2018-05-26 19:24:34.828782806 +0100
-@@ -464,7 +464,7 @@
+diff --git a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s921.c
+index 274544a3ae0e..9ef9b9bc1bd2 100644
+--- a/drivers/media/dvb-frontends/s921.c
++++ b/drivers/media/dvb-frontends/s921.c
+@@ -464,7 +464,7 @@ static int s921_tune(struct dvb_frontend *fe,
return rc;
}
@@ -672,10 +714,11 @@ diff -Nur a/drivers/media/dvb-frontends/s921.c b/drivers/media/dvb-frontends/s92
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c
---- a/drivers/media/pci/bt8xx/dst.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/pci/bt8xx/dst.c 2018-05-26 19:24:34.828782806 +0100
-@@ -1657,7 +1657,7 @@
+diff --git a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c
+index 7166d2279465..fa682f9fdc4b 100644
+--- a/drivers/media/pci/bt8xx/dst.c
++++ b/drivers/media/pci/bt8xx/dst.c
+@@ -1657,7 +1657,7 @@ static int dst_tune_frontend(struct dvb_frontend* fe,
return 0;
}
@@ -684,10 +727,11 @@ diff -Nur a/drivers/media/pci/bt8xx/dst.c b/drivers/media/pci/bt8xx/dst.c
{
return dst_algo ? DVBFE_ALGO_HW : DVBFE_ALGO_SW;
}
-diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c
---- a/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/pci/pt1/va1j5jf8007s.c 2018-05-26 19:24:34.828782806 +0100
-@@ -98,7 +98,7 @@
+diff --git a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf8007s.c
+index f75f69556be7..d913a6050e8c 100644
+--- a/drivers/media/pci/pt1/va1j5jf8007s.c
++++ b/drivers/media/pci/pt1/va1j5jf8007s.c
+@@ -98,7 +98,7 @@ static int va1j5jf8007s_read_snr(struct dvb_frontend *fe, u16 *snr)
return 0;
}
@@ -696,10 +740,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007s.c b/drivers/media/pci/pt1/va1j5jf
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c
---- a/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/media/pci/pt1/va1j5jf8007t.c 2018-05-26 19:24:34.828782806 +0100
-@@ -88,7 +88,7 @@
+diff --git a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf8007t.c
+index 63fda79a75c0..4115c3ccd4a8 100644
+--- a/drivers/media/pci/pt1/va1j5jf8007t.c
++++ b/drivers/media/pci/pt1/va1j5jf8007t.c
+@@ -88,7 +88,7 @@ static int va1j5jf8007t_read_snr(struct dvb_frontend *fe, u16 *snr)
return 0;
}
@@ -708,10 +753,11 @@ diff -Nur a/drivers/media/pci/pt1/va1j5jf8007t.c b/drivers/media/pci/pt1/va1j5jf
{
return DVBFE_ALGO_HW;
}
-diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
---- a/drivers/misc/lkdtm_core.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/misc/lkdtm_core.c 2018-05-26 19:24:34.828782806 +0100
-@@ -78,7 +78,7 @@
+diff --git a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
+index 981b3ef71e47..9883da1da383 100644
+--- a/drivers/misc/lkdtm_core.c
++++ b/drivers/misc/lkdtm_core.c
+@@ -78,7 +78,7 @@ static irqreturn_t jp_handle_irq_event(unsigned int irq,
return 0;
}
@@ -720,10 +766,11 @@ diff -Nur a/drivers/misc/lkdtm_core.c b/drivers/misc/lkdtm_core.c
{
lkdtm_handler();
jprobe_return();
-diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig
---- a/drivers/tty/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/tty/Kconfig 2018-05-26 19:24:34.829782838 +0100
-@@ -122,7 +122,6 @@
+diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig
+index b811442c5ce6..4f62a63cbcb1 100644
+--- a/drivers/tty/Kconfig
++++ b/drivers/tty/Kconfig
+@@ -122,7 +122,6 @@ config UNIX98_PTYS
config LEGACY_PTYS
bool "Legacy (BSD) PTY support"
@@ -731,10 +778,11 @@ diff -Nur a/drivers/tty/Kconfig b/drivers/tty/Kconfig
---help---
A pseudo terminal (PTY) is a software device consisting of two
halves: a master and a slave. The slave device behaves identical to
-diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
---- a/drivers/tty/tty_io.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/tty/tty_io.c 2018-05-26 19:24:34.829782838 +0100
-@@ -171,6 +171,7 @@
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
+index 562d31073f9a..2184b9b5485f 100644
+--- a/drivers/tty/tty_io.c
++++ b/drivers/tty/tty_io.c
+@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty)
put_device(tty->dev);
kfree(tty->write_buf);
tty->magic = 0xDEADDEAD;
@@ -742,7 +790,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
kfree(tty);
}
-@@ -2154,11 +2155,19 @@
+@@ -2154,11 +2155,19 @@ static int tty_fasync(int fd, struct file *filp, int on)
* FIXME: may race normal receive processing
*/
@@ -762,7 +810,7 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
return -EPERM;
if (get_user(ch, p))
-@@ -2841,6 +2850,7 @@
+@@ -2841,6 +2850,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
tty->index = idx;
tty_line_name(driver, idx, tty->name);
tty->dev = tty_get_device(tty);
@@ -770,9 +818,10 @@ diff -Nur a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
return tty;
}
-diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
---- a/drivers/usb/core/hub.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/drivers/usb/core/hub.c 2018-05-26 19:24:34.830782871 +0100
+diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
+index a9db0887edca..95464d2471c2 100644
+--- a/drivers/usb/core/hub.c
++++ b/drivers/usb/core/hub.c
@@ -38,6 +38,8 @@
#define USB_VENDOR_GENESYS_LOGIC 0x05e3
#define HUB_QUIRK_CHECK_PORT_AUTOSUSPEND 0x01
@@ -782,7 +831,7 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
/* Protect struct usb_device->state and ->children members
* Note: Both are also protected by ->dev.sem, except that ->state can
* change to USB_STATE_NOTATTACHED even when the semaphore isn't held. */
-@@ -4806,6 +4808,12 @@
+@@ -4816,6 +4818,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus,
goto done;
return;
}
@@ -795,9 +844,10 @@ diff -Nur a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
if (hub_is_superspeed(hub->hdev))
unit_load = 150;
else
-diff -Nur a/fs/exec.c b/fs/exec.c
---- a/fs/exec.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/exec.c 2018-05-26 19:24:34.831782903 +0100
+diff --git a/fs/exec.c b/fs/exec.c
+index 0da4d748b4e6..69fcee853363 100644
+--- a/fs/exec.c
++++ b/fs/exec.c
@@ -62,6 +62,7 @@
#include <linux/oom.h>
#include <linux/compat.h>
@@ -806,7 +856,7 @@ diff -Nur a/fs/exec.c b/fs/exec.c
#include <linux/uaccess.h>
#include <asm/mmu_context.h>
-@@ -321,6 +322,8 @@
+@@ -321,6 +322,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
arch_bprm_mm_init(mm, vma);
up_write(&mm->mmap_sem);
bprm->p = vma->vm_end - sizeof(void *);
@@ -815,10 +865,11 @@ diff -Nur a/fs/exec.c b/fs/exec.c
return 0;
err:
up_write(&mm->mmap_sem);
-diff -Nur a/fs/namei.c b/fs/namei.c
---- a/fs/namei.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/namei.c 2018-05-26 19:24:34.832782936 +0100
-@@ -902,8 +902,8 @@
+diff --git a/fs/namei.c b/fs/namei.c
+index 0b46b858cd42..3ae8e72341da 100644
+--- a/fs/namei.c
++++ b/fs/namei.c
+@@ -902,8 +902,8 @@ static inline void put_link(struct nameidata *nd)
path_put(&last->link);
}
@@ -829,18 +880,20 @@ diff -Nur a/fs/namei.c b/fs/namei.c
/**
* may_follow_link - Check symlink following for unsafe situations
-diff -Nur a/fs/nfs/Kconfig b/fs/nfs/Kconfig
---- a/fs/nfs/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/nfs/Kconfig 2018-05-26 19:24:34.832782936 +0100
-@@ -195,4 +195,3 @@
+diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
+index 5f93cfacb3d1..cea0d7d3b23e 100644
+--- a/fs/nfs/Kconfig
++++ b/fs/nfs/Kconfig
+@@ -195,4 +195,3 @@ config NFS_DEBUG
bool
depends on NFS_FS && SUNRPC_DEBUG
select CRC32
- default y
-diff -Nur a/fs/pipe.c b/fs/pipe.c
---- a/fs/pipe.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/pipe.c 2018-05-26 19:24:34.832782936 +0100
-@@ -38,7 +38,7 @@
+diff --git a/fs/pipe.c b/fs/pipe.c
+index 8ef7d7bef775..b82f305ec13d 100644
+--- a/fs/pipe.c
++++ b/fs/pipe.c
+@@ -38,7 +38,7 @@ unsigned int pipe_max_size = 1048576;
/*
* Minimum pipe size, as required by POSIX
*/
@@ -849,10 +902,11 @@ diff -Nur a/fs/pipe.c b/fs/pipe.c
/* Maximum allocatable pages per user. Hard limit is unset by default, soft
* matches default values.
-diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig
---- a/fs/proc/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/proc/Kconfig 2018-05-26 19:24:34.832782936 +0100
-@@ -39,7 +39,6 @@
+diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
+index 1ade1206bb89..60b0f76dec47 100644
+--- a/fs/proc/Kconfig
++++ b/fs/proc/Kconfig
+@@ -39,7 +39,6 @@ config PROC_KCORE
config PROC_VMCORE
bool "/proc/vmcore support"
depends on PROC_FS && CRASH_DUMP
@@ -860,10 +914,11 @@ diff -Nur a/fs/proc/Kconfig b/fs/proc/Kconfig
help
Exports the dump image of crashed kernel in ELF format.
-diff -Nur a/fs/stat.c b/fs/stat.c
---- a/fs/stat.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/fs/stat.c 2018-05-26 19:24:34.832782936 +0100
-@@ -40,8 +40,13 @@
+diff --git a/fs/stat.c b/fs/stat.c
+index 873785dae022..d3c2ada8b9c7 100644
+--- a/fs/stat.c
++++ b/fs/stat.c
+@@ -40,8 +40,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat)
stat->gid = inode->i_gid;
stat->rdev = inode->i_rdev;
stat->size = i_size_read(inode);
@@ -879,7 +934,7 @@ diff -Nur a/fs/stat.c b/fs/stat.c
stat->ctime = inode->i_ctime;
stat->blksize = i_blocksize(inode);
stat->blocks = inode->i_blocks;
-@@ -75,9 +80,14 @@
+@@ -75,9 +80,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat,
stat->result_mask |= STATX_BASIC_STATS;
request_mask &= STATX_ALL;
query_flags &= KSTAT_QUERY_FLAGS;
@@ -897,9 +952,10 @@ diff -Nur a/fs/stat.c b/fs/stat.c
generic_fillattr(inode, stat);
return 0;
-diff -Nur a/include/linux/cache.h b/include/linux/cache.h
---- a/include/linux/cache.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/cache.h 2018-05-26 19:24:34.832782936 +0100
+diff --git a/include/linux/cache.h b/include/linux/cache.h
+index 750621e41d1c..e7157c18c62c 100644
+--- a/include/linux/cache.h
++++ b/include/linux/cache.h
@@ -31,6 +31,8 @@
#define __ro_after_init __attribute__((__section__(".data..ro_after_init")))
#endif
@@ -909,10 +965,11 @@ diff -Nur a/include/linux/cache.h b/include/linux/cache.h
#ifndef ____cacheline_aligned
#define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
#endif
-diff -Nur a/include/linux/capability.h b/include/linux/capability.h
---- a/include/linux/capability.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/capability.h 2018-05-26 19:24:34.832782936 +0100
-@@ -207,6 +207,7 @@
+diff --git a/include/linux/capability.h b/include/linux/capability.h
+index f640dcbc880c..2b4f5d651f19 100644
+--- a/include/linux/capability.h
++++ b/include/linux/capability.h
+@@ -207,6 +207,7 @@ extern bool has_capability_noaudit(struct task_struct *t, int cap);
extern bool has_ns_capability_noaudit(struct task_struct *t,
struct user_namespace *ns, int cap);
extern bool capable(int cap);
@@ -920,7 +977,7 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h
extern bool ns_capable(struct user_namespace *ns, int cap);
extern bool ns_capable_noaudit(struct user_namespace *ns, int cap);
#else
-@@ -232,6 +233,10 @@
+@@ -232,6 +233,10 @@ static inline bool capable(int cap)
{
return true;
}
@@ -931,10 +988,11 @@ diff -Nur a/include/linux/capability.h b/include/linux/capability.h
static inline bool ns_capable(struct user_namespace *ns, int cap)
{
return true;
-diff -Nur a/include/linux/fs.h b/include/linux/fs.h
---- a/include/linux/fs.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/fs.h 2018-05-26 19:24:34.833782968 +0100
-@@ -3392,4 +3392,15 @@
+diff --git a/include/linux/fs.h b/include/linux/fs.h
+index cc613f20e5a6..7606596d6c2e 100644
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -3392,4 +3392,15 @@ static inline bool dir_relax_shared(struct inode *inode)
extern bool path_noexec(const struct path *path);
extern void inode_nohighmem(struct inode *inode);
@@ -950,10 +1008,11 @@ diff -Nur a/include/linux/fs.h b/include/linux/fs.h
+}
+
#endif /* _LINUX_FS_H */
-diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h
---- a/include/linux/fsnotify.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/fsnotify.h 2018-05-26 19:24:34.833782968 +0100
-@@ -181,6 +181,9 @@
+diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
+index bdaf22582f6e..326ff15d4637 100644
+--- a/include/linux/fsnotify.h
++++ b/include/linux/fsnotify.h
+@@ -181,6 +181,9 @@ static inline void fsnotify_access(struct file *file)
struct inode *inode = path->dentry->d_inode;
__u32 mask = FS_ACCESS;
@@ -963,7 +1022,7 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h
if (S_ISDIR(inode->i_mode))
mask |= FS_ISDIR;
-@@ -199,6 +202,9 @@
+@@ -199,6 +202,9 @@ static inline void fsnotify_modify(struct file *file)
struct inode *inode = path->dentry->d_inode;
__u32 mask = FS_MODIFY;
@@ -973,10 +1032,11 @@ diff -Nur a/include/linux/fsnotify.h b/include/linux/fsnotify.h
if (S_ISDIR(inode->i_mode))
mask |= FS_ISDIR;
-diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h
---- a/include/linux/gfp.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/gfp.h 2018-05-26 19:24:34.833782968 +0100
-@@ -518,9 +518,9 @@
+diff --git a/include/linux/gfp.h b/include/linux/gfp.h
+index b041f94678de..fd8bb5a78b75 100644
+--- a/include/linux/gfp.h
++++ b/include/linux/gfp.h
+@@ -518,9 +518,9 @@ extern struct page *alloc_pages_vma(gfp_t gfp_mask, int order,
extern unsigned long __get_free_pages(gfp_t gfp_mask, unsigned int order);
extern unsigned long get_zeroed_page(gfp_t gfp_mask);
@@ -984,14 +1044,15 @@ diff -Nur a/include/linux/gfp.h b/include/linux/gfp.h
+void *alloc_pages_exact(size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1)));
void free_pages_exact(void *virt, size_t size);
-void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask);
-+void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(1)));
++void * __meminit alloc_pages_exact_nid(int nid, size_t size, gfp_t gfp_mask) __attribute__((alloc_size(2)));
#define __get_free_page(gfp_mask) \
__get_free_pages((gfp_mask), 0)
-diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h
---- a/include/linux/highmem.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/highmem.h 2018-05-26 19:24:34.834783001 +0100
-@@ -191,6 +191,13 @@
+diff --git a/include/linux/highmem.h b/include/linux/highmem.h
+index 776f90f3a1cd..3f5c47000059 100644
+--- a/include/linux/highmem.h
++++ b/include/linux/highmem.h
+@@ -191,6 +191,13 @@ static inline void clear_highpage(struct page *page)
kunmap_atomic(kaddr);
}
@@ -1005,10 +1066,11 @@ diff -Nur a/include/linux/highmem.h b/include/linux/highmem.h
static inline void zero_user_segments(struct page *page,
unsigned start1, unsigned end1,
unsigned start2, unsigned end2)
-diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h
---- a/include/linux/interrupt.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/interrupt.h 2018-05-26 19:24:34.834783001 +0100
-@@ -485,7 +485,7 @@
+diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h
+index 69c238210325..ee487ea4f48f 100644
+--- a/include/linux/interrupt.h
++++ b/include/linux/interrupt.h
+@@ -485,7 +485,7 @@ extern const char * const softirq_to_name[NR_SOFTIRQS];
struct softirq_action
{
@@ -1017,7 +1079,7 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h
};
asmlinkage void do_softirq(void);
-@@ -500,7 +500,7 @@
+@@ -500,7 +500,7 @@ static inline void do_softirq_own_stack(void)
}
#endif
@@ -1026,10 +1088,11 @@ diff -Nur a/include/linux/interrupt.h b/include/linux/interrupt.h
extern void softirq_init(void);
extern void __raise_softirq_irqoff(unsigned int nr);
-diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h
---- a/include/linux/kobject_ns.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/kobject_ns.h 2018-05-26 19:24:34.834783001 +0100
-@@ -46,7 +46,7 @@
+diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h
+index df32d2508290..c992d130b94d 100644
+--- a/include/linux/kobject_ns.h
++++ b/include/linux/kobject_ns.h
+@@ -46,7 +46,7 @@ struct kobj_ns_type_operations {
void (*drop_ns)(void *);
};
@@ -1038,10 +1101,11 @@ diff -Nur a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h
int kobj_ns_type_registered(enum kobj_ns_type type);
const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent);
const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj);
-diff -Nur a/include/linux/mm.h b/include/linux/mm.h
---- a/include/linux/mm.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/mm.h 2018-05-26 19:24:34.834783001 +0100
-@@ -525,7 +525,7 @@
+diff --git a/include/linux/mm.h b/include/linux/mm.h
+index a26cf767407e..e0a700be00e3 100644
+--- a/include/linux/mm.h
++++ b/include/linux/mm.h
+@@ -525,7 +525,7 @@ static inline int is_vmalloc_or_module_addr(const void *x)
}
#endif
@@ -1050,10 +1114,11 @@ diff -Nur a/include/linux/mm.h b/include/linux/mm.h
static inline void *kvmalloc(size_t size, gfp_t flags)
{
return kvmalloc_node(size, flags, NUMA_NO_NODE);
-diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h
---- a/include/linux/percpu.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/percpu.h 2018-05-26 19:24:34.835783033 +0100
-@@ -129,7 +129,7 @@
+diff --git a/include/linux/percpu.h b/include/linux/percpu.h
+index 296bbe49d5d1..b26652c9a98d 100644
+--- a/include/linux/percpu.h
++++ b/include/linux/percpu.h
+@@ -129,7 +129,7 @@ extern int __init pcpu_page_first_chunk(size_t reserved_size,
pcpu_fc_populate_pte_fn_t populate_pte_fn);
#endif
@@ -1062,7 +1127,7 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h
extern bool __is_kernel_percpu_address(unsigned long addr, unsigned long *can_addr);
extern bool is_kernel_percpu_address(unsigned long addr);
-@@ -137,8 +137,8 @@
+@@ -137,8 +137,8 @@ extern bool is_kernel_percpu_address(unsigned long addr);
extern void __init setup_per_cpu_areas(void);
#endif
@@ -1073,10 +1138,11 @@ diff -Nur a/include/linux/percpu.h b/include/linux/percpu.h
extern void free_percpu(void __percpu *__pdata);
extern phys_addr_t per_cpu_ptr_to_phys(void *addr);
-diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h
---- a/include/linux/perf_event.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/perf_event.h 2018-05-26 19:24:34.835783033 +0100
-@@ -1165,6 +1165,11 @@
+diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
+index 8e22f24ded6a..b7fecdfa6de5 100644
+--- a/include/linux/perf_event.h
++++ b/include/linux/perf_event.h
+@@ -1165,6 +1165,11 @@ extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write,
int perf_event_max_stack_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
@@ -1088,10 +1154,11 @@ diff -Nur a/include/linux/perf_event.h b/include/linux/perf_event.h
static inline bool perf_paranoid_tracepoint_raw(void)
{
return sysctl_perf_event_paranoid > -1;
-diff -Nur a/include/linux/slab.h b/include/linux/slab.h
---- a/include/linux/slab.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/slab.h 2018-05-26 19:24:34.835783033 +0100
-@@ -146,8 +146,8 @@
+diff --git a/include/linux/slab.h b/include/linux/slab.h
+index ae5ed6492d54..fd0786124504 100644
+--- a/include/linux/slab.h
++++ b/include/linux/slab.h
+@@ -146,8 +146,8 @@ void memcg_destroy_kmem_caches(struct mem_cgroup *);
/*
* Common kmalloc functions provided by all allocators
*/
@@ -1102,7 +1169,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h
void kfree(const void *);
void kzfree(const void *);
size_t ksize(const void *);
-@@ -324,7 +324,7 @@
+@@ -324,7 +324,7 @@ static __always_inline int kmalloc_index(size_t size)
}
#endif /* !CONFIG_SLOB */
@@ -1111,7 +1178,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h
void *kmem_cache_alloc(struct kmem_cache *, gfp_t flags) __assume_slab_alignment __malloc;
void kmem_cache_free(struct kmem_cache *, void *);
-@@ -348,7 +348,7 @@
+@@ -348,7 +348,7 @@ static __always_inline void kfree_bulk(size_t size, void **p)
}
#ifdef CONFIG_NUMA
@@ -1120,7 +1187,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h
void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node) __assume_slab_alignment __malloc;
#else
static __always_inline void *__kmalloc_node(size_t size, gfp_t flags, int node)
-@@ -473,7 +473,7 @@
+@@ -473,7 +473,7 @@ static __always_inline void *kmalloc_large(size_t size, gfp_t flags)
* for general use, and so are not documented here. For a full list of
* potential flags, always refer to linux/gfp.h.
*/
@@ -1129,7 +1196,7 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h
{
if (__builtin_constant_p(size)) {
if (size > KMALLOC_MAX_CACHE_SIZE)
-@@ -513,7 +513,7 @@
+@@ -513,7 +513,7 @@ static __always_inline int kmalloc_size(int n)
return 0;
}
@@ -1138,10 +1205,11 @@ diff -Nur a/include/linux/slab.h b/include/linux/slab.h
{
#ifndef CONFIG_SLOB
if (__builtin_constant_p(size) &&
-diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h
---- a/include/linux/slub_def.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/slub_def.h 2018-05-26 19:24:34.835783033 +0100
-@@ -120,6 +120,11 @@
+diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
+index 2038ab531616..a88f322c8c8b 100644
+--- a/include/linux/slub_def.h
++++ b/include/linux/slub_def.h
+@@ -120,6 +120,11 @@ struct kmem_cache {
unsigned long random;
#endif
@@ -1153,10 +1221,11 @@ diff -Nur a/include/linux/slub_def.h b/include/linux/slub_def.h
#ifdef CONFIG_NUMA
/*
* Defragmentation by allocating from a remote node.
-diff -Nur a/include/linux/string.h b/include/linux/string.h
---- a/include/linux/string.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/string.h 2018-05-26 19:24:34.835783033 +0100
-@@ -234,10 +234,16 @@
+diff --git a/include/linux/string.h b/include/linux/string.h
+index 96115bf561b4..f93d908c5bbc 100644
+--- a/include/linux/string.h
++++ b/include/linux/string.h
+@@ -234,10 +234,16 @@ void __read_overflow2(void) __compiletime_error("detected read beyond size of ob
void __read_overflow3(void) __compiletime_error("detected read beyond size of object passed as 3rd parameter");
void __write_overflow(void) __compiletime_error("detected write beyond size of object passed as 1st parameter");
@@ -1174,7 +1243,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
if (__builtin_constant_p(size) && p_size < size)
__write_overflow();
if (p_size < size)
-@@ -247,7 +253,7 @@
+@@ -247,7 +253,7 @@ __FORTIFY_INLINE char *strncpy(char *p, const char *q, __kernel_size_t size)
__FORTIFY_INLINE char *strcat(char *p, const char *q)
{
@@ -1183,7 +1252,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
if (p_size == (size_t)-1)
return __builtin_strcat(p, q);
if (strlcat(p, q, p_size) >= p_size)
-@@ -258,7 +264,7 @@
+@@ -258,7 +264,7 @@ __FORTIFY_INLINE char *strcat(char *p, const char *q)
__FORTIFY_INLINE __kernel_size_t strlen(const char *p)
{
__kernel_size_t ret;
@@ -1192,7 +1261,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
/* Work around gcc excess stack consumption issue */
if (p_size == (size_t)-1 ||
-@@ -273,7 +279,7 @@
+@@ -273,7 +279,7 @@ __FORTIFY_INLINE __kernel_size_t strlen(const char *p)
extern __kernel_size_t __real_strnlen(const char *, __kernel_size_t) __RENAME(strnlen);
__FORTIFY_INLINE __kernel_size_t strnlen(const char *p, __kernel_size_t maxlen)
{
@@ -1201,7 +1270,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
__kernel_size_t ret = __real_strnlen(p, maxlen < p_size ? maxlen : p_size);
if (p_size <= ret && maxlen != ret)
fortify_panic(__func__);
-@@ -285,8 +291,8 @@
+@@ -285,8 +291,8 @@ extern size_t __real_strlcpy(char *, const char *, size_t) __RENAME(strlcpy);
__FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
{
size_t ret;
@@ -1212,7 +1281,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
if (p_size == (size_t)-1 && q_size == (size_t)-1)
return __real_strlcpy(p, q, size);
ret = strlen(q);
-@@ -306,8 +312,8 @@
+@@ -306,8 +312,8 @@ __FORTIFY_INLINE size_t strlcpy(char *p, const char *q, size_t size)
__FORTIFY_INLINE char *strncat(char *p, const char *q, __kernel_size_t count)
{
size_t p_len, copy_len;
@@ -1223,7 +1292,7 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
if (p_size == (size_t)-1 && q_size == (size_t)-1)
return __builtin_strncat(p, q, count);
p_len = strlen(p);
-@@ -420,8 +426,8 @@
+@@ -420,8 +426,8 @@ __FORTIFY_INLINE void *kmemdup(const void *p, size_t size, gfp_t gfp)
/* defined after fortified strlen and memcpy to reuse them */
__FORTIFY_INLINE char *strcpy(char *p, const char *q)
{
@@ -1234,9 +1303,10 @@ diff -Nur a/include/linux/string.h b/include/linux/string.h
if (p_size == (size_t)-1 && q_size == (size_t)-1)
return __builtin_strcpy(p, q);
memcpy(p, q, strlen(q) + 1);
-diff -Nur a/include/linux/tty.h b/include/linux/tty.h
---- a/include/linux/tty.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/tty.h 2018-05-26 19:24:34.836783066 +0100
+diff --git a/include/linux/tty.h b/include/linux/tty.h
+index 1dd587ba6d88..9a9a04fb641d 100644
+--- a/include/linux/tty.h
++++ b/include/linux/tty.h
@@ -13,6 +13,7 @@
#include <uapi/linux/tty.h>
#include <linux/rwsem.h>
@@ -1245,7 +1315,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h
/*
-@@ -335,6 +336,7 @@
+@@ -335,6 +336,7 @@ struct tty_struct {
/* If the tty has a pending do_SAK, queue it here - akpm */
struct work_struct SAK_work;
struct tty_port *port;
@@ -1253,7 +1323,7 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h
} __randomize_layout;
/* Each of a tty's open files has private_data pointing to tty_file_private */
-@@ -344,6 +346,8 @@
+@@ -344,6 +346,8 @@ struct tty_file_private {
struct list_head list;
};
@@ -1262,10 +1332,11 @@ diff -Nur a/include/linux/tty.h b/include/linux/tty.h
/* tty magic number */
#define TTY_MAGIC 0x5401
-diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h
---- a/include/linux/vmalloc.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/include/linux/vmalloc.h 2018-05-26 19:24:34.836783066 +0100
-@@ -68,19 +68,19 @@
+diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
+index 1e5d8c392f15..66d0e49c9987 100644
+--- a/include/linux/vmalloc.h
++++ b/include/linux/vmalloc.h
+@@ -68,19 +68,19 @@ static inline void vmalloc_init(void)
}
#endif
@@ -1295,10 +1366,11 @@ diff -Nur a/include/linux/vmalloc.h b/include/linux/vmalloc.h
#ifndef CONFIG_MMU
extern void *__vmalloc_node_flags(unsigned long size, int node, gfp_t flags);
static inline void *__vmalloc_node_flags_caller(unsigned long size, int node,
-diff -Nur a/init/Kconfig b/init/Kconfig
---- a/init/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/init/Kconfig 2018-05-26 19:24:34.836783066 +0100
-@@ -309,6 +309,7 @@
+diff --git a/init/Kconfig b/init/Kconfig
+index 46075327c165..0c78750bc76d 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -309,6 +309,7 @@ config USELIB
config AUDIT
bool "Auditing support"
depends on NET
@@ -1306,7 +1378,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
help
Enable auditing infrastructure that can be used with another
kernel subsystem, such as SELinux (which requires this for
-@@ -1052,6 +1053,12 @@
+@@ -1052,6 +1053,12 @@ config CC_OPTIMIZE_FOR_SIZE
endchoice
@@ -1319,7 +1391,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
config SYSCTL
bool
-@@ -1361,8 +1368,7 @@
+@@ -1361,8 +1368,7 @@ config SHMEM
which may be appropriate on small systems without swap.
config AIO
@@ -1329,7 +1401,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
help
This option enables POSIX asynchronous I/O which may by used
by some high performance threaded applications. Disabling
-@@ -1491,7 +1497,7 @@
+@@ -1491,7 +1497,7 @@ config VM_EVENT_COUNTERS
config SLUB_DEBUG
default y
@@ -1338,7 +1410,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
depends on SLUB && SYSFS
help
SLUB has extensive debug support features. Disabling these can
-@@ -1515,7 +1521,6 @@
+@@ -1515,7 +1521,6 @@ config SLUB_MEMCG_SYSFS_ON
config COMPAT_BRK
bool "Disable heap randomization"
@@ -1346,7 +1418,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-@@ -1562,7 +1567,6 @@
+@@ -1562,7 +1567,6 @@ endchoice
config SLAB_MERGE_DEFAULT
bool "Allow slab caches to be merged"
@@ -1354,7 +1426,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
help
For reduced kernel memory fragmentation, slab caches can be
merged when they share the same size and other characteristics.
-@@ -1575,9 +1579,9 @@
+@@ -1575,9 +1579,9 @@ config SLAB_MERGE_DEFAULT
command line.
config SLAB_FREELIST_RANDOM
@@ -1365,7 +1437,7 @@ diff -Nur a/init/Kconfig b/init/Kconfig
help
Randomizes the freelist order used on creating new pages. This
security feature reduces the predictability of the kernel slab
-@@ -1586,12 +1590,56 @@
+@@ -1586,12 +1590,56 @@ config SLAB_FREELIST_RANDOM
config SLAB_FREELIST_HARDENED
bool "Harden slab freelist metadata"
depends on SLUB
@@ -1422,10 +1494,11 @@ diff -Nur a/init/Kconfig b/init/Kconfig
config SLUB_CPU_PARTIAL
default y
depends on SLUB && SMP
-diff -Nur a/kernel/audit.c b/kernel/audit.c
---- a/kernel/audit.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/audit.c 2018-05-26 19:24:34.837783098 +0100
-@@ -1573,6 +1573,9 @@
+diff --git a/kernel/audit.c b/kernel/audit.c
+index d301276bca58..d55a1e290cea 100644
+--- a/kernel/audit.c
++++ b/kernel/audit.c
+@@ -1575,6 +1575,9 @@ static int __init audit_enable(char *str)
audit_default = !!simple_strtol(str, NULL, 0);
if (!audit_default)
audit_initialized = AUDIT_DISABLED;
@@ -1435,10 +1508,11 @@ diff -Nur a/kernel/audit.c b/kernel/audit.c
audit_enabled = audit_default;
audit_ever_enabled = !!audit_enabled;
-diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c
---- a/kernel/bpf/core.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/bpf/core.c 2018-05-26 19:24:34.837783098 +0100
-@@ -539,7 +539,7 @@
+diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
+index d203a5d6b726..2a6c3e2c57a6 100644
+--- a/kernel/bpf/core.c
++++ b/kernel/bpf/core.c
+@@ -539,7 +539,7 @@ void __weak bpf_jit_free(struct bpf_prog *fp)
bpf_prog_unlock_free(fp);
}
@@ -1447,10 +1521,11 @@ diff -Nur a/kernel/bpf/core.c b/kernel/bpf/core.c
static int bpf_jit_blind_insn(const struct bpf_insn *from,
const struct bpf_insn *aux,
-diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
---- a/kernel/bpf/syscall.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/bpf/syscall.c 2018-05-26 19:24:34.837783098 +0100
-@@ -37,7 +37,7 @@
+diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
+index 4e933219fec6..0f37db32a2b1 100644
+--- a/kernel/bpf/syscall.c
++++ b/kernel/bpf/syscall.c
+@@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(prog_idr_lock);
static DEFINE_IDR(map_idr);
static DEFINE_SPINLOCK(map_idr_lock);
@@ -1459,10 +1534,11 @@ diff -Nur a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c
static const struct bpf_map_ops * const bpf_map_types[] = {
#define BPF_PROG_TYPE(_id, _ops)
-diff -Nur a/kernel/capability.c b/kernel/capability.c
---- a/kernel/capability.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/capability.c 2018-05-26 19:24:34.838783131 +0100
-@@ -431,6 +431,12 @@
+diff --git a/kernel/capability.c b/kernel/capability.c
+index 1e1c0236f55b..452062fe45ce 100644
+--- a/kernel/capability.c
++++ b/kernel/capability.c
+@@ -431,6 +431,12 @@ bool capable(int cap)
return ns_capable(&init_user_ns, cap);
}
EXPORT_SYMBOL(capable);
@@ -1475,10 +1551,11 @@ diff -Nur a/kernel/capability.c b/kernel/capability.c
#endif /* CONFIG_MULTIUSER */
/**
-diff -Nur a/kernel/events/core.c b/kernel/events/core.c
---- a/kernel/events/core.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/events/core.c 2018-05-26 19:24:34.840783196 +0100
-@@ -397,8 +397,13 @@
+diff --git a/kernel/events/core.c b/kernel/events/core.c
+index 7c394ddf1ce6..9069886d38da 100644
+--- a/kernel/events/core.c
++++ b/kernel/events/core.c
+@@ -397,8 +397,13 @@ static cpumask_var_t perf_online_mask;
* 0 - disallow raw tracepoint access for unpriv
* 1 - disallow cpu events for unpriv
* 2 - disallow kernel profiling for unpriv
@@ -1492,7 +1569,7 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -9941,6 +9946,9 @@
+@@ -9977,6 +9982,9 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
@@ -1502,9 +1579,10 @@ diff -Nur a/kernel/events/core.c b/kernel/events/core.c
err = perf_copy_attr(attr_uptr, &attr);
if (err)
return err;
-diff -Nur a/kernel/fork.c b/kernel/fork.c
---- a/kernel/fork.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/fork.c 2018-05-26 19:24:34.840783196 +0100
+diff --git a/kernel/fork.c b/kernel/fork.c
+index 91907a3701ce..8021b98c69e1 100644
+--- a/kernel/fork.c
++++ b/kernel/fork.c
@@ -102,6 +102,11 @@
#define CREATE_TRACE_POINTS
@@ -1517,7 +1595,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c
/*
* Minimum number of threads to boot the kernel
-@@ -1554,6 +1559,10 @@
+@@ -1553,6 +1558,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@@ -1528,7 +1606,7 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
-@@ -2347,6 +2356,12 @@
+@@ -2346,6 +2355,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@@ -1541,10 +1619,11 @@ diff -Nur a/kernel/fork.c b/kernel/fork.c
err = check_unshare_flags(unshare_flags);
if (err)
goto bad_unshare_out;
-diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c
---- a/kernel/power/snapshot.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/power/snapshot.c 2018-05-26 19:24:34.840783196 +0100
-@@ -1136,7 +1136,7 @@
+diff --git a/kernel/power/snapshot.c b/kernel/power/snapshot.c
+index 0972a8e09d08..00dde7aad47a 100644
+--- a/kernel/power/snapshot.c
++++ b/kernel/power/snapshot.c
+@@ -1136,7 +1136,7 @@ void free_basic_memory_bitmaps(void)
void clear_free_pages(void)
{
@@ -1553,7 +1632,7 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c
struct memory_bitmap *bm = free_pages_map;
unsigned long pfn;
-@@ -1153,7 +1153,7 @@
+@@ -1153,7 +1153,7 @@ void clear_free_pages(void)
}
memory_bm_position_reset(bm);
pr_info("PM: free pages cleared after restore\n");
@@ -1562,10 +1641,11 @@ diff -Nur a/kernel/power/snapshot.c b/kernel/power/snapshot.c
}
/**
-diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c
---- a/kernel/rcu/tiny.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/rcu/tiny.c 2018-05-26 19:24:34.841783228 +0100
-@@ -164,7 +164,7 @@
+diff --git a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c
+index a64eee0db39e..4d7de378fe4c 100644
+--- a/kernel/rcu/tiny.c
++++ b/kernel/rcu/tiny.c
+@@ -164,7 +164,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp)
}
}
@@ -1574,10 +1654,11 @@ diff -Nur a/kernel/rcu/tiny.c b/kernel/rcu/tiny.c
{
__rcu_process_callbacks(&rcu_sched_ctrlblk);
__rcu_process_callbacks(&rcu_bh_ctrlblk);
-diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c
---- a/kernel/rcu/tree.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/rcu/tree.c 2018-05-26 19:24:34.841783228 +0100
-@@ -2918,7 +2918,7 @@
+diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
+index 3e3650e94ae6..7ecd7a5d04b3 100644
+--- a/kernel/rcu/tree.c
++++ b/kernel/rcu/tree.c
+@@ -2918,7 +2918,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
/*
* Do RCU core processing for the current CPU.
*/
@@ -1586,10 +1667,11 @@ diff -Nur a/kernel/rcu/tree.c b/kernel/rcu/tree.c
{
struct rcu_state *rsp;
-diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c
---- a/kernel/sched/fair.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/sched/fair.c 2018-05-26 19:24:34.843783293 +0100
-@@ -8986,7 +8986,7 @@
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
+index 0cc7098c6dfd..3e69eaf4ddee 100644
+--- a/kernel/sched/fair.c
++++ b/kernel/sched/fair.c
+@@ -8987,7 +8987,7 @@ static void nohz_idle_balance(struct rq *this_rq, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -1598,10 +1680,11 @@ diff -Nur a/kernel/sched/fair.c b/kernel/sched/fair.c
{
struct rq *this_rq = this_rq();
enum cpu_idle_type idle = this_rq->idle_balance ?
-diff -Nur a/kernel/softirq.c b/kernel/softirq.c
---- a/kernel/softirq.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/softirq.c 2018-05-26 19:24:34.843783293 +0100
-@@ -53,7 +53,7 @@
+diff --git a/kernel/softirq.c b/kernel/softirq.c
+index a4c87cf27f9d..efb97a8dc568 100644
+--- a/kernel/softirq.c
++++ b/kernel/softirq.c
+@@ -53,7 +53,7 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
EXPORT_SYMBOL(irq_stat);
#endif
@@ -1610,7 +1693,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c
DEFINE_PER_CPU(struct task_struct *, ksoftirqd);
-@@ -281,7 +281,7 @@
+@@ -285,7 +285,7 @@ asmlinkage __visible void __softirq_entry __do_softirq(void)
kstat_incr_softirqs_this_cpu(vec_nr);
trace_softirq_entry(vec_nr);
@@ -1619,7 +1702,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c
trace_softirq_exit(vec_nr);
if (unlikely(prev_count != preempt_count())) {
pr_err("huh, entered softirq %u %s %p with preempt_count %08x, exited with %08x?\n",
-@@ -444,7 +444,7 @@
+@@ -448,7 +448,7 @@ void __raise_softirq_irqoff(unsigned int nr)
or_softirq_pending(1UL << nr);
}
@@ -1628,7 +1711,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c
{
softirq_vec[nr].action = action;
}
-@@ -486,7 +486,7 @@
+@@ -490,7 +490,7 @@ void __tasklet_hi_schedule(struct tasklet_struct *t)
}
EXPORT_SYMBOL(__tasklet_hi_schedule);
@@ -1637,7 +1720,7 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c
{
struct tasklet_struct *list;
-@@ -522,7 +522,7 @@
+@@ -526,7 +526,7 @@ static __latent_entropy void tasklet_action(struct softirq_action *a)
}
}
@@ -1646,9 +1729,10 @@ diff -Nur a/kernel/softirq.c b/kernel/softirq.c
{
struct tasklet_struct *list;
-diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
---- a/kernel/sysctl.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/sysctl.c 2018-05-26 19:24:34.844783326 +0100
+diff --git a/kernel/sysctl.c b/kernel/sysctl.c
+index 069550540a39..822783a174aa 100644
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
@@ -66,6 +66,7 @@
#include <linux/kexec.h>
#include <linux/bpf.h>
@@ -1677,7 +1761,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
extern int pid_max;
extern int pid_max_min, pid_max_max;
extern int percpu_pagelist_fraction;
-@@ -115,40 +123,43 @@
+@@ -115,40 +123,43 @@ extern int sysctl_nr_trim_pages;
/* Constants used for minimum and maximum */
#ifdef CONFIG_LOCKUP_DETECTOR
@@ -1736,7 +1820,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
#ifdef CONFIG_INOTIFY_USER
#include <linux/inotify.h>
#endif
-@@ -286,19 +297,19 @@
+@@ -286,19 +297,19 @@ static struct ctl_table sysctl_base_table[] = {
};
#ifdef CONFIG_SCHED_DEBUG
@@ -1764,7 +1848,7 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
#endif
static struct ctl_table kern_table[] = {
-@@ -512,6 +523,15 @@
+@@ -512,6 +523,15 @@ static struct ctl_table kern_table[] = {
.proc_handler = proc_dointvec,
},
#endif
@@ -1780,10 +1864,11 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
#ifdef CONFIG_PROC_SYSCTL
{
.procname = "tainted",
-@@ -854,6 +874,37 @@
+@@ -853,6 +873,37 @@ static struct ctl_table kern_table[] = {
+ .extra1 = &zero,
.extra2 = &two,
},
- #endif
++#endif
+#if defined CONFIG_TTY
+ {
+ .procname = "tiocsti_restrict",
@@ -1814,14 +1899,14 @@ diff -Nur a/kernel/sysctl.c b/kernel/sysctl.c
+ .extra1 = &zero,
+ .extra2 = &one,
+ },
-+#endif
+ #endif
{
.procname = "ngroups_max",
- .data = &ngroups_max,
-diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c
---- a/kernel/time/timer.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/time/timer.c 2018-05-26 19:24:34.844783326 +0100
-@@ -1624,7 +1624,7 @@
+diff --git a/kernel/time/timer.c b/kernel/time/timer.c
+index 9fe525f410bf..6a85b0e1292e 100644
+--- a/kernel/time/timer.c
++++ b/kernel/time/timer.c
+@@ -1624,7 +1624,7 @@ static inline void __run_timers(struct timer_base *base)
/*
* This function runs timers and the timer-tq in bottom half context.
*/
@@ -1830,9 +1915,10 @@ diff -Nur a/kernel/time/timer.c b/kernel/time/timer.c
{
struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
-diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c
---- a/kernel/user_namespace.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/kernel/user_namespace.c 2018-05-26 19:24:34.844783326 +0100
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index c490f1e4313b..dd03bd39d7bf 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
@@ -24,6 +24,9 @@
#include <linux/projid.h>
#include <linux/fs_struct.h>
@@ -1843,22 +1929,11 @@ diff -Nur a/kernel/user_namespace.c b/kernel/user_namespace.c
static struct kmem_cache *user_ns_cachep __read_mostly;
static DEFINE_MUTEX(userns_state_mutex);
-diff -Nur a/lib/irq_poll.c b/lib/irq_poll.c
---- a/lib/irq_poll.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/lib/irq_poll.c 2018-05-26 19:24:34.845783358 +0100
-@@ -75,7 +75,7 @@
- }
- EXPORT_SYMBOL(irq_poll_complete);
-
--static void __latent_entropy irq_poll_softirq(struct softirq_action *h)
-+static void __latent_entropy irq_poll_softirq(void)
- {
- struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll);
- int rearm = 0, budget = irq_poll_budget;
-diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
---- a/lib/Kconfig.debug 2018-05-25 15:18:02.000000000 +0100
-+++ b/lib/Kconfig.debug 2018-05-26 19:24:34.845783358 +0100
-@@ -937,6 +937,7 @@
+diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
+index 62d0e25c054c..3953072277eb 100644
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -937,6 +937,7 @@ endmenu # "Debug lockups and hangs"
config PANIC_ON_OOPS
bool "Panic on Oops"
@@ -1866,7 +1941,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
help
Say Y here to enable the kernel to panic when it oopses. This
has the same effect as setting oops=panic on the kernel command
-@@ -946,7 +947,7 @@
+@@ -946,7 +947,7 @@ config PANIC_ON_OOPS
anything erroneous after an oops which could result in data
corruption or other issues.
@@ -1875,7 +1950,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
config PANIC_ON_OOPS_VALUE
int
-@@ -1319,6 +1320,7 @@
+@@ -1319,6 +1320,7 @@ config DEBUG_BUGVERBOSE
config DEBUG_LIST
bool "Debug linked list manipulation"
depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION
@@ -1883,7 +1958,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
help
Enable this to turn on extended checks in the linked-list
walking routines.
-@@ -1932,6 +1934,7 @@
+@@ -1932,6 +1934,7 @@ config MEMTEST
config BUG_ON_DATA_CORRUPTION
bool "Trigger a BUG when data corruption is detected"
select DEBUG_LIST
@@ -1891,7 +1966,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
help
Select this option if the kernel should BUG when it encounters
data corruption in kernel memory structures when they get checked
-@@ -1952,7 +1955,7 @@
+@@ -1952,7 +1955,7 @@ config STRICT_DEVMEM
bool "Filter access to /dev/mem"
depends on MMU && DEVMEM
depends on ARCH_HAS_DEVMEM_IS_ALLOWED
@@ -1900,7 +1975,7 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
---help---
If this option is disabled, you allow userspace (root) access to all
of memory, including kernel and userspace memory. Accidental
-@@ -1971,6 +1974,7 @@
+@@ -1971,6 +1974,7 @@ config STRICT_DEVMEM
config IO_STRICT_DEVMEM
bool "Filter I/O access to /dev/mem"
depends on STRICT_DEVMEM
@@ -1908,10 +1983,24 @@ diff -Nur a/lib/Kconfig.debug b/lib/Kconfig.debug
---help---
If this option is disabled, you allow userspace (root) access to all
io-memory regardless of whether a driver is actively using that
-diff -Nur a/lib/kobject.c b/lib/kobject.c
---- a/lib/kobject.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/lib/kobject.c 2018-05-26 19:24:34.845783358 +0100
-@@ -956,9 +956,9 @@
+diff --git a/lib/irq_poll.c b/lib/irq_poll.c
+index 86a709954f5a..6f15787fcb1b 100644
+--- a/lib/irq_poll.c
++++ b/lib/irq_poll.c
+@@ -75,7 +75,7 @@ void irq_poll_complete(struct irq_poll *iop)
+ }
+ EXPORT_SYMBOL(irq_poll_complete);
+
+-static void __latent_entropy irq_poll_softirq(struct softirq_action *h)
++static void __latent_entropy irq_poll_softirq(void)
+ {
+ struct list_head *list = this_cpu_ptr(&blk_cpu_iopoll);
+ int rearm = 0, budget = irq_poll_budget;
+diff --git a/lib/kobject.c b/lib/kobject.c
+index 34f847252c02..4fda329de614 100644
+--- a/lib/kobject.c
++++ b/lib/kobject.c
+@@ -956,9 +956,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
static DEFINE_SPINLOCK(kobj_ns_type_lock);
@@ -1923,10 +2012,11 @@ diff -Nur a/lib/kobject.c b/lib/kobject.c
{
enum kobj_ns_type type = ops->type;
int error;
-diff -Nur a/lib/nlattr.c b/lib/nlattr.c
---- a/lib/nlattr.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/lib/nlattr.c 2018-05-26 19:24:34.845783358 +0100
-@@ -341,6 +341,8 @@
+diff --git a/lib/nlattr.c b/lib/nlattr.c
+index 3d8295c85505..3fa3b3409d69 100644
+--- a/lib/nlattr.c
++++ b/lib/nlattr.c
+@@ -341,6 +341,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count)
{
int minlen = min_t(int, count, nla_len(src));
@@ -1935,10 +2025,11 @@ diff -Nur a/lib/nlattr.c b/lib/nlattr.c
memcpy(dest, nla_data(src), minlen);
if (count > minlen)
memset(dest + minlen, 0, count - minlen);
-diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c
---- a/lib/vsprintf.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/lib/vsprintf.c 2018-05-26 19:24:34.846783391 +0100
-@@ -1591,7 +1591,7 @@
+diff --git a/lib/vsprintf.c b/lib/vsprintf.c
+index 4a990f3fd345..3df8db5af0ba 100644
+--- a/lib/vsprintf.c
++++ b/lib/vsprintf.c
+@@ -1588,7 +1588,7 @@ char *device_node_string(char *buf, char *end, struct device_node *dn,
return widen_string(buf, buf - buf_start, end, spec);
}
@@ -1947,23 +2038,11 @@ diff -Nur a/lib/vsprintf.c b/lib/vsprintf.c
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
-diff -Nur a/Makefile b/Makefile
---- a/Makefile 2018-05-25 15:18:02.000000000 +0100
-+++ b/Makefile 2018-05-26 19:24:34.820782546 +0100
-@@ -710,6 +710,9 @@
- KBUILD_CFLAGS += $(stackp-flag)
-
- ifeq ($(cc-name),clang)
-+ifdef CONFIG_LOCAL_INIT
-+KBUILD_CFLAGS += -fsanitize=local-init
-+endif
- KBUILD_CPPFLAGS += $(call cc-option,-Qunused-arguments,)
- KBUILD_CFLAGS += $(call cc-disable-warning, unused-variable)
- KBUILD_CFLAGS += $(call cc-disable-warning, format-invalid-specifier)
-diff -Nur a/mm/Kconfig b/mm/Kconfig
---- a/mm/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/Kconfig 2018-05-26 19:24:34.846783391 +0100
-@@ -319,7 +319,8 @@
+diff --git a/mm/Kconfig b/mm/Kconfig
+index 59efbd3337e0..c070e14ec83d 100644
+--- a/mm/Kconfig
++++ b/mm/Kconfig
+@@ -319,7 +319,8 @@ config KSM
config DEFAULT_MMAP_MIN_ADDR
int "Low address space to protect from user allocation"
depends on MMU
@@ -1973,10 +2052,11 @@ diff -Nur a/mm/Kconfig b/mm/Kconfig
help
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
-diff -Nur a/mm/mmap.c b/mm/mmap.c
---- a/mm/mmap.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/mmap.c 2018-05-26 19:24:34.847783423 +0100
-@@ -220,6 +220,13 @@
+diff --git a/mm/mmap.c b/mm/mmap.c
+index 2398776195d2..a8ffa2223ad1 100644
+--- a/mm/mmap.c
++++ b/mm/mmap.c
+@@ -220,6 +220,13 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
newbrk = PAGE_ALIGN(brk);
oldbrk = PAGE_ALIGN(mm->brk);
@@ -1990,9 +2070,10 @@ diff -Nur a/mm/mmap.c b/mm/mmap.c
if (oldbrk == newbrk)
goto set_brk;
-diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
---- a/mm/page_alloc.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/page_alloc.c 2018-05-26 19:24:34.848783456 +0100
+diff --git a/mm/page_alloc.c b/mm/page_alloc.c
+index 59ccf455fcbd..929c2dae4954 100644
+--- a/mm/page_alloc.c
++++ b/mm/page_alloc.c
@@ -67,6 +67,7 @@
#include <linux/ftrace.h>
#include <linux/lockdep.h>
@@ -2001,7 +2082,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
#include <asm/sections.h>
#include <asm/tlbflush.h>
-@@ -98,6 +99,15 @@
+@@ -98,6 +99,15 @@ int _node_numa_mem_[MAX_NUMNODES];
DEFINE_MUTEX(pcpu_drain_mutex);
DEFINE_PER_CPU(struct work_struct, pcpu_drain);
@@ -2017,7 +2098,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
#ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY
volatile unsigned long latent_entropy __latent_entropy;
EXPORT_SYMBOL(latent_entropy);
-@@ -1063,6 +1073,13 @@
+@@ -1063,6 +1073,13 @@ static __always_inline bool free_pages_prepare(struct page *page,
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
@@ -2031,7 +2112,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
arch_free_page(page, order);
kernel_poison_pages(page, 1 << order, 0);
kernel_map_pages(page, 1 << order, 0);
-@@ -1278,6 +1295,21 @@
+@@ -1278,6 +1295,21 @@ static void __init __free_pages_boot_core(struct page *page, unsigned int order)
__ClearPageReserved(p);
set_page_count(p, 0);
@@ -2053,7 +2134,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
page_zone(page)->managed_pages += nr_pages;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -1718,8 +1750,8 @@
+@@ -1718,8 +1750,8 @@ static inline int check_new_page(struct page *page)
static inline bool free_pages_prezeroed(void)
{
@@ -2064,7 +2145,7 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
}
#ifdef CONFIG_DEBUG_VM
-@@ -1776,6 +1808,11 @@
+@@ -1776,6 +1808,11 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags
post_alloc_hook(page, order, gfp_flags);
@@ -2076,44 +2157,11 @@ diff -Nur a/mm/page_alloc.c b/mm/page_alloc.c
if (!free_pages_prezeroed() && (gfp_flags & __GFP_ZERO))
for (i = 0; i < (1 << order); i++)
clear_highpage(page + i);
-diff -Nur a/mm/slab_common.c b/mm/slab_common.c
---- a/mm/slab_common.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/slab_common.c 2018-05-26 19:24:34.849783488 +0100
-@@ -26,10 +26,10 @@
-
- #include "slab.h"
-
--enum slab_state slab_state;
-+enum slab_state slab_state __ro_after_init;
- LIST_HEAD(slab_caches);
- DEFINE_MUTEX(slab_mutex);
--struct kmem_cache *kmem_cache;
-+struct kmem_cache *kmem_cache __ro_after_init;
-
- static LIST_HEAD(slab_caches_to_rcu_destroy);
- static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work);
-@@ -49,7 +49,7 @@
- /*
- * Merge control. If this is set then no merging of slab caches will occur.
- */
--static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
-+static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
-
- static int __init setup_slab_nomerge(char *str)
- {
-@@ -927,7 +927,7 @@
- * of two cache sizes there. The size of larger slabs can be determined using
- * fls.
- */
--static s8 size_index[24] = {
-+static s8 size_index[24] __ro_after_init = {
- 3, /* 8 */
- 4, /* 16 */
- 5, /* 24 */
-diff -Nur a/mm/slab.h b/mm/slab.h
---- a/mm/slab.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/slab.h 2018-05-26 19:24:34.848783456 +0100
-@@ -311,7 +311,11 @@
+diff --git a/mm/slab.h b/mm/slab.h
+index 485d9fbb8802..436461588804 100644
+--- a/mm/slab.h
++++ b/mm/slab.h
+@@ -311,7 +311,11 @@ static inline bool is_root_cache(struct kmem_cache *s)
static inline bool slab_equal_or_root(struct kmem_cache *s,
struct kmem_cache *p)
{
@@ -2125,7 +2173,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h
}
static inline const char *cache_name(struct kmem_cache *s)
-@@ -363,18 +367,26 @@
+@@ -363,18 +367,26 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
* to not do even the assignment. In that case, slab_equal_or_root
* will also be a constant.
*/
@@ -2153,7 +2201,7 @@ diff -Nur a/mm/slab.h b/mm/slab.h
return s;
}
-@@ -399,7 +411,7 @@
+@@ -399,7 +411,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s)
* back there or track user information then we can
* only use the space before that information.
*/
@@ -2162,10 +2210,46 @@ diff -Nur a/mm/slab.h b/mm/slab.h
return s->inuse;
/*
* Else we can use all the padding etc for the allocation
-diff -Nur a/mm/slub.c b/mm/slub.c
---- a/mm/slub.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/slub.c 2018-05-26 19:24:34.850783521 +0100
-@@ -125,6 +125,16 @@
+diff --git a/mm/slab_common.c b/mm/slab_common.c
+index 91d271b90600..f4af25f18af2 100644
+--- a/mm/slab_common.c
++++ b/mm/slab_common.c
+@@ -26,10 +26,10 @@
+
+ #include "slab.h"
+
+-enum slab_state slab_state;
++enum slab_state slab_state __ro_after_init;
+ LIST_HEAD(slab_caches);
+ DEFINE_MUTEX(slab_mutex);
+-struct kmem_cache *kmem_cache;
++struct kmem_cache *kmem_cache __ro_after_init;
+
+ static LIST_HEAD(slab_caches_to_rcu_destroy);
+ static void slab_caches_to_rcu_destroy_workfn(struct work_struct *work);
+@@ -49,7 +49,7 @@ static DECLARE_WORK(slab_caches_to_rcu_destroy_work,
+ /*
+ * Merge control. If this is set then no merging of slab caches will occur.
+ */
+-static bool slab_nomerge = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
++static bool slab_nomerge __ro_after_init = !IS_ENABLED(CONFIG_SLAB_MERGE_DEFAULT);
+
+ static int __init setup_slab_nomerge(char *str)
+ {
+@@ -931,7 +931,7 @@ EXPORT_SYMBOL(kmalloc_dma_caches);
+ * of two cache sizes there. The size of larger slabs can be determined using
+ * fls.
+ */
+-static s8 size_index[24] = {
++static s8 size_index[24] __ro_after_init = {
+ 3, /* 8 */
+ 4, /* 16 */
+ 5, /* 24 */
+diff --git a/mm/slub.c b/mm/slub.c
+index 10e54c4acd19..23fa3d3be997 100644
+--- a/mm/slub.c
++++ b/mm/slub.c
+@@ -125,6 +125,16 @@ static inline int kmem_cache_debug(struct kmem_cache *s)
#endif
}
@@ -2182,7 +2266,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
void *fixup_red_left(struct kmem_cache *s, void *p)
{
if (kmem_cache_debug(s) && s->flags & SLAB_RED_ZONE)
-@@ -297,6 +307,35 @@
+@@ -297,6 +307,35 @@ static inline void set_freepointer(struct kmem_cache *s, void *object, void *fp)
*(void **)freeptr_addr = freelist_ptr(s, fp, freeptr_addr);
}
@@ -2218,7 +2302,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/* Loop over all objects in a slab */
#define for_each_object(__p, __s, __addr, __objects) \
for (__p = fixup_red_left(__s, __addr); \
-@@ -484,13 +523,13 @@
+@@ -484,13 +523,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p)
* Debug settings:
*/
#if defined(CONFIG_SLUB_DEBUG_ON)
@@ -2236,7 +2320,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/*
* slub is about to manipulate internal object metadata. This memory lies
-@@ -550,6 +589,9 @@
+@@ -550,6 +589,9 @@ static struct track *get_track(struct kmem_cache *s, void *object,
else
p = object + s->inuse;
@@ -2246,7 +2330,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
return p + alloc;
}
-@@ -688,6 +730,9 @@
+@@ -688,6 +730,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p)
else
off = s->inuse;
@@ -2256,7 +2340,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
if (s->flags & SLAB_STORE_USER)
off += 2 * sizeof(struct track);
-@@ -817,6 +862,9 @@
+@@ -817,6 +862,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p)
/* Freepointer is placed after the object. */
off += sizeof(void *);
@@ -2266,7 +2350,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
if (s->flags & SLAB_STORE_USER)
/* We also have user information there */
off += 2 * sizeof(struct track);
-@@ -1416,8 +1464,9 @@
+@@ -1416,8 +1464,9 @@ static void setup_object(struct kmem_cache *s, struct page *page,
void *object)
{
setup_object_debug(s, page, object);
@@ -2277,7 +2361,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
kasan_unpoison_object_data(s, object);
s->ctor(object);
kasan_poison_object_data(s, object);
-@@ -2717,9 +2766,21 @@
+@@ -2717,9 +2766,21 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s,
stat(s, ALLOC_FASTPATH);
}
@@ -2300,7 +2384,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
slab_post_alloc_hook(s, gfpflags, 1, &object);
return object;
-@@ -2926,6 +2987,27 @@
+@@ -2926,6 +2987,27 @@ static __always_inline void do_slab_free(struct kmem_cache *s,
void *tail_obj = tail ? : head;
struct kmem_cache_cpu *c;
unsigned long tid;
@@ -2328,7 +2412,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
redo:
/*
* Determine the currently cpus per cpu slab.
-@@ -3104,7 +3186,7 @@
+@@ -3104,7 +3186,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
void **p)
{
struct kmem_cache_cpu *c;
@@ -2337,7 +2421,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/* memcg and kmem_cache debug support */
s = slab_pre_alloc_hook(s, flags);
-@@ -3141,13 +3223,29 @@
+@@ -3141,13 +3223,29 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size,
local_irq_enable();
/* Clear memory outside IRQ disabled fastpath loop */
@@ -2368,7 +2452,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/* memcg and kmem_cache debug support */
slab_post_alloc_hook(s, flags, size, p);
return i;
-@@ -3179,9 +3277,9 @@
+@@ -3179,9 +3277,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk);
* and increases the number of allocations possible without having to
* take the list_lock.
*/
@@ -2381,7 +2465,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/*
* Calculate the order of allocation given an slab object size.
-@@ -3351,6 +3449,7 @@
+@@ -3351,6 +3449,7 @@ static void early_kmem_cache_node_alloc(int node)
init_object(kmem_cache_node, n, SLUB_RED_ACTIVE);
init_tracking(kmem_cache_node, n);
#endif
@@ -2389,7 +2473,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node),
GFP_KERNEL);
init_kmem_cache_node(n);
-@@ -3507,6 +3606,9 @@
+@@ -3507,6 +3606,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
size += sizeof(void *);
}
@@ -2399,7 +2483,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
#ifdef CONFIG_SLUB_DEBUG
if (flags & SLAB_STORE_USER)
/*
-@@ -3577,6 +3679,10 @@
+@@ -3577,6 +3679,10 @@ static int kmem_cache_open(struct kmem_cache *s, unsigned long flags)
#ifdef CONFIG_SLAB_FREELIST_HARDENED
s->random = get_random_long();
#endif
@@ -2410,7 +2494,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
if (need_reserve_slab_rcu && (s->flags & SLAB_TYPESAFE_BY_RCU))
s->reserved = sizeof(struct rcu_head);
-@@ -3841,6 +3947,8 @@
+@@ -3841,6 +3947,8 @@ const char *__check_heap_object(const void *ptr, unsigned long n,
offset -= s->red_left_pad;
}
@@ -2419,7 +2503,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
/* Allow address range falling entirely within object size. */
if (offset <= object_size && n <= object_size - offset)
return NULL;
-@@ -3859,7 +3967,11 @@
+@@ -3859,7 +3967,11 @@ static size_t __ksize(const void *object)
page = virt_to_head_page(object);
if (unlikely(!PageSlab(page))) {
@@ -2431,7 +2515,7 @@ diff -Nur a/mm/slub.c b/mm/slub.c
return PAGE_SIZE << compound_order(page);
}
-@@ -4724,7 +4836,7 @@
+@@ -4724,7 +4836,7 @@ enum slab_stat_type {
#define SO_TOTAL (1 << SL_TOTAL)
#ifdef CONFIG_MEMCG
@@ -2440,10 +2524,11 @@ diff -Nur a/mm/slub.c b/mm/slub.c
static int __init setup_slub_memcg_sysfs(char *str)
{
-diff -Nur a/mm/swap.c b/mm/swap.c
---- a/mm/swap.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/mm/swap.c 2018-05-26 19:24:34.850783521 +0100
-@@ -92,6 +92,13 @@
+diff --git a/mm/swap.c b/mm/swap.c
+index a77d68f2c1b6..d1f1d75f4d1f 100644
+--- a/mm/swap.c
++++ b/mm/swap.c
+@@ -92,6 +92,13 @@ static void __put_compound_page(struct page *page)
if (!PageHuge(page))
__page_cache_release(page);
dtor = get_compound_page_dtor(page);
@@ -2457,10 +2542,11 @@ diff -Nur a/mm/swap.c b/mm/swap.c
(*dtor)(page);
}
-diff -Nur a/net/core/dev.c b/net/core/dev.c
---- a/net/core/dev.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/net/core/dev.c 2018-05-26 19:24:34.852783586 +0100
-@@ -4095,7 +4095,7 @@
+diff --git a/net/core/dev.c b/net/core/dev.c
+index 6ca771f2f25b..6da2c9c3e6a5 100644
+--- a/net/core/dev.c
++++ b/net/core/dev.c
+@@ -4095,7 +4095,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -2469,7 +2555,7 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c
{
struct softnet_data *sd = this_cpu_ptr(&softnet_data);
-@@ -5609,7 +5609,7 @@
+@@ -5609,7 +5609,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll)
return work;
}
@@ -2478,10 +2564,11 @@ diff -Nur a/net/core/dev.c b/net/core/dev.c
{
struct softnet_data *sd = this_cpu_ptr(&softnet_data);
unsigned long time_limit = jiffies +
-diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig
---- a/net/ipv4/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/net/ipv4/Kconfig 2018-05-26 19:24:34.852783586 +0100
-@@ -261,6 +261,7 @@
+diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
+index f48fe6fc7e8c..d78c52835c08 100644
+--- a/net/ipv4/Kconfig
++++ b/net/ipv4/Kconfig
+@@ -261,6 +261,7 @@ config IP_PIMSM_V2
config SYN_COOKIES
bool "IP: TCP syncookie support"
@@ -2489,10 +2576,11 @@ diff -Nur a/net/ipv4/Kconfig b/net/ipv4/Kconfig
---help---
Normal TCP/IP networking is open to an attack known as "SYN
flooding". This denial-of-service attack prevents legitimate remote
-diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
---- a/scripts/mod/modpost.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/scripts/mod/modpost.c 2018-05-26 19:24:34.852783586 +0100
-@@ -37,6 +37,7 @@
+diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
+index 54deaa1066cf..211f97bd5ee3 100644
+--- a/scripts/mod/modpost.c
++++ b/scripts/mod/modpost.c
+@@ -37,6 +37,7 @@ static int vmlinux_section_warnings = 1;
static int warn_unresolved = 0;
/* How a symbol is exported */
static int sec_mismatch_count = 0;
@@ -2500,7 +2588,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
static int sec_mismatch_verbose = 1;
static int sec_mismatch_fatal = 0;
/* ignore missing files */
-@@ -965,6 +966,7 @@
+@@ -965,6 +966,7 @@ enum mismatch {
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
EXTABLE_TO_NON_TEXT,
@@ -2508,7 +2596,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
};
/**
-@@ -1091,6 +1093,12 @@
+@@ -1091,6 +1093,12 @@ static const struct sectioncheck sectioncheck[] = {
.good_tosec = {ALL_TEXT_SECTIONS , NULL},
.mismatch = EXTABLE_TO_NON_TEXT,
.handler = extable_mismatch_handler,
@@ -2521,7 +2609,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
}
};
-@@ -1240,10 +1248,10 @@
+@@ -1240,10 +1248,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
continue;
if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
continue;
@@ -2534,7 +2622,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
if (d < 0)
d = addr - sym->st_value;
if (d < distance) {
-@@ -1402,7 +1410,11 @@
+@@ -1402,7 +1410,11 @@ static void report_sec_mismatch(const char *modname,
char *prl_from;
char *prl_to;
@@ -2547,7 +2635,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
if (!sec_mismatch_verbose)
return;
-@@ -1526,6 +1538,14 @@
+@@ -1526,6 +1538,14 @@ static void report_sec_mismatch(const char *modname,
fatal("There's a special handler for this mismatch type, "
"we should never get here.");
break;
@@ -2562,7 +2650,7 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
}
fprintf(stderr, "\n");
}
-@@ -2539,6 +2559,14 @@
+@@ -2539,6 +2559,14 @@ int main(int argc, char **argv)
}
}
free(buf.p);
@@ -2577,10 +2665,11 @@ diff -Nur a/scripts/mod/modpost.c b/scripts/mod/modpost.c
return err;
}
-diff -Nur a/security/Kconfig b/security/Kconfig
---- a/security/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/security/Kconfig 2018-05-26 19:24:34.853783618 +0100
-@@ -8,7 +8,7 @@
+diff --git a/security/Kconfig b/security/Kconfig
+index 87f2a6f842fd..7bdbb7edf5bf 100644
+--- a/security/Kconfig
++++ b/security/Kconfig
+@@ -8,7 +8,7 @@ source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
bool "Restrict unprivileged access to the kernel syslog"
@@ -2589,7 +2678,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig
help
This enforces restrictions on unprivileged users reading the kernel
syslog via dmesg(8).
-@@ -18,10 +18,34 @@
+@@ -18,10 +18,34 @@ config SECURITY_DMESG_RESTRICT
If you are unsure how to answer this question, answer N.
@@ -2624,7 +2713,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig
help
This allows you to choose different security modules to be
configured into your kernel.
-@@ -48,6 +72,7 @@
+@@ -48,6 +72,7 @@ config SECURITYFS
config SECURITY_NETWORK
bool "Socket and Networking Security Hooks"
depends on SECURITY
@@ -2632,7 +2721,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig
help
This enables the socket and networking security hooks.
If enabled, a security module can use these hooks to
-@@ -155,6 +180,7 @@
+@@ -155,6 +180,7 @@ config HARDENED_USERCOPY
depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
select BUG
imply STRICT_DEVMEM
@@ -2640,7 +2729,7 @@ diff -Nur a/security/Kconfig b/security/Kconfig
help
This option checks for obviously wrong memory regions when
copying memory to/from the kernel (via copy_to_user() and
-@@ -178,10 +204,36 @@
+@@ -178,10 +204,36 @@ config HARDENED_USERCOPY_PAGESPAN
config FORTIFY_SOURCE
bool "Harden common str/mem functions against buffer overflows"
depends on ARCH_HAS_FORTIFY_SOURCE
@@ -2677,21 +2766,11 @@ diff -Nur a/security/Kconfig b/security/Kconfig
config STATIC_USERMODEHELPER
bool "Force all usermode helper calls through a single binary"
help
-diff -Nur a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
---- a/security/selinux/include/objsec.h 2018-05-25 15:18:02.000000000 +0100
-+++ b/security/selinux/include/objsec.h 2018-05-26 19:24:34.853783618 +0100
-@@ -150,6 +150,6 @@
- u32 sid; /* SID of pkey */
- };
-
--extern unsigned int selinux_checkreqprot;
-+extern const unsigned int selinux_checkreqprot;
-
- #endif /* _SELINUX_OBJSEC_H_ */
-diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig
---- a/security/selinux/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/security/selinux/Kconfig 2018-05-26 19:24:34.853783618 +0100
-@@ -2,7 +2,7 @@
+diff --git a/security/selinux/Kconfig b/security/selinux/Kconfig
+index 8af7a690eb40..6539694b0fd3 100644
+--- a/security/selinux/Kconfig
++++ b/security/selinux/Kconfig
+@@ -2,7 +2,7 @@ config SECURITY_SELINUX
bool "NSA SELinux Support"
depends on SECURITY_NETWORK && AUDIT && NET && INET
select NETWORK_SECMARK
@@ -2700,7 +2779,7 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig
help
This selects NSA Security-Enhanced Linux (SELinux).
You will also need a policy configuration and a labeled filesystem.
-@@ -79,23 +79,3 @@
+@@ -79,23 +79,3 @@ config SECURITY_SELINUX_AVC_STATS
This option collects access vector cache statistics to
/selinux/avc/cache_stats, which may be monitored via
tools such as avcstat.
@@ -2724,9 +2803,22 @@ diff -Nur a/security/selinux/Kconfig b/security/selinux/Kconfig
- via /selinux/checkreqprot if authorized by policy.
-
- If you are unsure how to answer this question, answer 0.
-diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
---- a/security/selinux/selinuxfs.c 2018-05-25 15:18:02.000000000 +0100
-+++ b/security/selinux/selinuxfs.c 2018-05-26 19:24:34.853783618 +0100
+diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
+index 1649cd18eb0b..067f35559aa7 100644
+--- a/security/selinux/include/objsec.h
++++ b/security/selinux/include/objsec.h
+@@ -150,6 +150,6 @@ struct pkey_security_struct {
+ u32 sid; /* SID of pkey */
+ };
+
+-extern unsigned int selinux_checkreqprot;
++extern const unsigned int selinux_checkreqprot;
+
+ #endif /* _SELINUX_OBJSEC_H_ */
+diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
+index 00eed842c491..8f7b8d7e6f91 100644
+--- a/security/selinux/selinuxfs.c
++++ b/security/selinux/selinuxfs.c
@@ -41,16 +41,7 @@
#include "objsec.h"
#include "conditional.h"
@@ -2745,7 +2837,7 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
static DEFINE_MUTEX(sel_mutex);
-@@ -610,10 +601,9 @@
+@@ -610,10 +601,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
return PTR_ERR(page);
length = -EINVAL;
@@ -2757,9 +2849,10 @@ diff -Nur a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
length = count;
out:
kfree(page);
-diff -Nur a/security/yama/Kconfig b/security/yama/Kconfig
---- a/security/yama/Kconfig 2018-05-25 15:18:02.000000000 +0100
-+++ b/security/yama/Kconfig 2018-05-26 19:24:34.853783618 +0100
+diff --git a/security/yama/Kconfig b/security/yama/Kconfig
+index 96b27405558a..485c1b85c325 100644
+--- a/security/yama/Kconfig
++++ b/security/yama/Kconfig
@@ -1,7 +1,7 @@
config SECURITY_YAMA
bool "Yama support"
diff --git a/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config b/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config
index b19d02da..89478fba 100644
--- a/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config
+++ b/sys-kernel/linux-image-redcore-lts/files/redcore-lts-amd64.config
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.44-redcore-lts Kernel Configuration
+# Linux/x86 4.14.65-redcore-lts Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -206,12 +206,10 @@ CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y
# CONFIG_LOCAL_INIT is not set
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
-CONFIG_HAVE_UID16=y
CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BPF=y
# CONFIG_EXPERT is not set
-CONFIG_UID16=y
CONFIG_MULTIUSER=y
CONFIG_SGETMASK_SYSCALL=y
CONFIG_SYSFS_SYSCALL=y
@@ -234,7 +232,6 @@ CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_BPF_SYSCALL=y
-CONFIG_BPF_JIT_ALWAYS_ON=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_ADVISE_SYSCALLS=y
@@ -263,10 +260,9 @@ CONFIG_SLAB_HARDENED=y
CONFIG_SLAB_SANITIZE=y
CONFIG_SLAB_SANITIZE_VERIFY=y
CONFIG_SLUB_CPU_PARTIAL=y
-# CONFIG_SYSTEM_DATA_VERIFICATION is not set
+CONFIG_SYSTEM_DATA_VERIFICATION=y
# CONFIG_PROFILING is not set
-CONFIG_CRASH_CORE=y
-CONFIG_KEXEC_CORE=y
+CONFIG_HOTPLUG_SMT=y
CONFIG_HAVE_OPROFILE=y
CONFIG_OPROFILE_NMI_TIMER=y
# CONFIG_KPROBES is not set
@@ -305,8 +301,6 @@ CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y
CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y
CONFIG_HAVE_CMPXCHG_LOCAL=y
CONFIG_HAVE_CMPXCHG_DOUBLE=y
-CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y
-CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y
CONFIG_HAVE_ARCH_SECCOMP_FILTER=y
CONFIG_SECCOMP_FILTER=y
CONFIG_HAVE_GCC_PLUGINS=y
@@ -332,15 +326,10 @@ CONFIG_ARCH_HAS_ELF_RANDOMIZE=y
CONFIG_HAVE_ARCH_MMAP_RND_BITS=y
CONFIG_HAVE_EXIT_THREAD=y
CONFIG_ARCH_MMAP_RND_BITS=32
-CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y
-CONFIG_ARCH_MMAP_RND_COMPAT_BITS=16
-CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y
CONFIG_HAVE_COPY_THREAD_TLS=y
CONFIG_HAVE_STACK_VALIDATION=y
# CONFIG_HAVE_ARCH_HASH is not set
# CONFIG_ISA_BUS_API is not set
-CONFIG_OLD_SIGSUSPEND3=y
-CONFIG_COMPAT_OLD_SIGACTION=y
# CONFIG_CPU_NO_EFFICIENT_FFS is not set
CONFIG_HAVE_ARCH_VMAP_STACK=y
CONFIG_VMAP_STACK=y
@@ -351,7 +340,7 @@ CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
CONFIG_ARCH_HAS_REFCOUNT=y
-# CONFIG_REFCOUNT_FULL is not set
+CONFIG_REFCOUNT_FULL=y
#
# GCOV-based kernel profiling
@@ -368,7 +357,15 @@ CONFIG_MODULE_UNLOAD=y
CONFIG_MODULE_FORCE_UNLOAD=y
CONFIG_MODVERSIONS=y
CONFIG_MODULE_SRCVERSION_ALL=y
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+# CONFIG_MODULE_SIG_FORCE is not set
+CONFIG_MODULE_SIG_ALL=y
+# CONFIG_MODULE_SIG_SHA1 is not set
+# CONFIG_MODULE_SIG_SHA224 is not set
+# CONFIG_MODULE_SIG_SHA256 is not set
+# CONFIG_MODULE_SIG_SHA384 is not set
+CONFIG_MODULE_SIG_SHA512=y
+CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_COMPRESS=y
CONFIG_MODULE_COMPRESS_GZIP=y
# CONFIG_MODULE_COMPRESS_XZ is not set
@@ -413,7 +410,6 @@ CONFIG_LDM_DEBUG=y
CONFIG_EFI_PARTITION=y
# CONFIG_SYSV68_PARTITION is not set
CONFIG_CMDLINE_PARTITION=y
-CONFIG_BLOCK_COMPAT=y
CONFIG_BLK_MQ_PCI=y
CONFIG_BLK_MQ_VIRTIO=y
CONFIG_BLK_MQ_RDMA=y
@@ -435,7 +431,7 @@ CONFIG_IOSCHED_BFQ=y
CONFIG_BFQ_GROUP_IOSCHED=y
CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
-CONFIG_ASN1=m
+CONFIG_ASN1=y
CONFIG_UNINLINE_SPIN_UNLOCK=y
CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y
CONFIG_MUTEX_SPIN_ON_OWNER=y
@@ -527,8 +523,6 @@ CONFIG_PERF_EVENTS_INTEL_RAPL=y
CONFIG_PERF_EVENTS_INTEL_CSTATE=y
CONFIG_PERF_EVENTS_AMD_POWER=m
# CONFIG_VM86 is not set
-CONFIG_X86_16BIT=y
-CONFIG_X86_ESPFIX64=y
CONFIG_X86_VSYSCALL_EMULATION=y
CONFIG_I8K=m
CONFIG_MICROCODE=y
@@ -649,9 +643,8 @@ CONFIG_SECCOMP=y
CONFIG_HZ_1000=y
CONFIG_HZ=1000
CONFIG_SCHED_HRTICK=y
-CONFIG_KEXEC=y
+# CONFIG_KEXEC is not set
# CONFIG_CRASH_DUMP is not set
-CONFIG_KEXEC_JUMP=y
CONFIG_PHYSICAL_START=0x1000000
CONFIG_RELOCATABLE=y
CONFIG_RANDOMIZE_BASE=y
@@ -662,12 +655,11 @@ CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa
CONFIG_HOTPLUG_CPU=y
CONFIG_BOOTPARAM_HOTPLUG_CPU0=y
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
-# CONFIG_COMPAT_VDSO is not set
# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
-CONFIG_LEGACY_VSYSCALL_EMULATE=y
-# CONFIG_LEGACY_VSYSCALL_NONE is not set
+# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
+CONFIG_LEGACY_VSYSCALL_NONE=y
# CONFIG_CMDLINE_BOOL is not set
-CONFIG_MODIFY_LDT_SYSCALL=y
+# CONFIG_MODIFY_LDT_SYSCALL is not set
CONFIG_HAVE_LIVEPATCH=y
CONFIG_ARCH_HAS_ADD_PAGES=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
@@ -904,23 +896,16 @@ CONFIG_X86_SYSFB=y
# Executable file formats / Emulations
#
CONFIG_BINFMT_ELF=y
-CONFIG_COMPAT_BINFMT_ELF=y
CONFIG_ELFCORE=y
CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y
CONFIG_BINFMT_SCRIPT=y
# CONFIG_HAVE_AOUT is not set
CONFIG_BINFMT_MISC=y
CONFIG_COREDUMP=y
-CONFIG_IA32_EMULATION=y
-CONFIG_IA32_AOUT=y
+# CONFIG_IA32_EMULATION is not set
# CONFIG_X86_X32 is not set
-CONFIG_COMPAT_32=y
-CONFIG_COMPAT=y
-CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
-CONFIG_SYSVIPC_COMPAT=y
CONFIG_X86_DEV_DMA_OPS=y
CONFIG_NET=y
-CONFIG_COMPAT_NETLINK_MESSAGES=y
CONFIG_NET_INGRESS=y
CONFIG_NET_EGRESS=y
@@ -979,11 +964,7 @@ CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
-CONFIG_INET_DIAG=m
-CONFIG_INET_TCP_DIAG=m
-CONFIG_INET_UDP_DIAG=m
-CONFIG_INET_RAW_DIAG=m
-CONFIG_INET_DIAG_DESTROY=y
+# CONFIG_INET_DIAG is not set
CONFIG_TCP_CONG_ADVANCED=y
CONFIG_TCP_CONG_BIC=m
CONFIG_TCP_CONG_CUBIC=m
@@ -1325,6 +1306,9 @@ CONFIG_NF_CONNTRACK_IPV6=m
CONFIG_NF_SOCKET_IPV6=m
CONFIG_NF_TABLES_IPV6=m
CONFIG_NFT_CHAIN_ROUTE_IPV6=m
+CONFIG_NFT_CHAIN_NAT_IPV6=m
+CONFIG_NFT_MASQ_IPV6=m
+CONFIG_NFT_REDIR_IPV6=m
CONFIG_NFT_REJECT_IPV6=m
CONFIG_NFT_DUP_IPV6=m
CONFIG_NFT_FIB_IPV6=m
@@ -1332,10 +1316,7 @@ CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_NF_NAT_IPV6=m
-CONFIG_NFT_CHAIN_NAT_IPV6=m
CONFIG_NF_NAT_MASQUERADE_IPV6=m
-CONFIG_NFT_MASQ_IPV6=m
-CONFIG_NFT_REDIR_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
@@ -1385,21 +1366,7 @@ CONFIG_BRIDGE_EBT_REDIRECT=m
CONFIG_BRIDGE_EBT_SNAT=m
CONFIG_BRIDGE_EBT_LOG=m
CONFIG_BRIDGE_EBT_NFLOG=m
-CONFIG_IP_DCCP=m
-CONFIG_INET_DCCP_DIAG=m
-
-#
-# DCCP CCIDs Configuration
-#
-# CONFIG_IP_DCCP_CCID2_DEBUG is not set
-CONFIG_IP_DCCP_CCID3=y
-# CONFIG_IP_DCCP_CCID3_DEBUG is not set
-CONFIG_IP_DCCP_TFRC_LIB=y
-
-#
-# DCCP Kernel Hacking
-#
-# CONFIG_IP_DCCP_DEBUG is not set
+# CONFIG_IP_DCCP is not set
CONFIG_IP_SCTP=m
# CONFIG_SCTP_DBG_OBJCNT is not set
CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
@@ -1407,7 +1374,6 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set
CONFIG_SCTP_COOKIE_HMAC_MD5=y
CONFIG_SCTP_COOKIE_HMAC_SHA1=y
-CONFIG_INET_SCTP_DIAG=m
CONFIG_RDS=m
CONFIG_RDS_RDMA=m
CONFIG_RDS_TCP=m
@@ -1597,8 +1563,8 @@ CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
-CONFIG_BPF_JIT=y
-CONFIG_BPF_STREAM_PARSER=y
+# CONFIG_BPF_JIT is not set
+# CONFIG_BPF_STREAM_PARSER is not set
CONFIG_NET_FLOW_LIMIT=y
#
@@ -1737,7 +1703,7 @@ CONFIG_AF_RXRPC_IPV6=y
# CONFIG_AF_RXRPC_DEBUG is not set
# CONFIG_RXKAD is not set
CONFIG_AF_KCM=m
-CONFIG_STREAM_PARSER=y
+CONFIG_STREAM_PARSER=m
CONFIG_FIB_RULES=y
CONFIG_WIRELESS=y
CONFIG_WIRELESS_EXT=y
@@ -3779,8 +3745,7 @@ CONFIG_VT_CONSOLE_SLEEP=y
CONFIG_HW_CONSOLE=y
CONFIG_VT_HW_CONSOLE_BINDING=y
CONFIG_UNIX98_PTYS=y
-CONFIG_LEGACY_PTYS=y
-CONFIG_LEGACY_PTY_COUNT=256
+# CONFIG_LEGACY_PTYS is not set
CONFIG_SERIAL_NONSTANDARD=y
CONFIG_ROCKETPORT=m
CONFIG_CYCLADES=m
@@ -6880,7 +6845,6 @@ CONFIG_SYNC_FILE=y
# CONFIG_SW_SYNC is not set
CONFIG_DCA=m
CONFIG_AUXDISPLAY=y
-CONFIG_CHARLCD=m
CONFIG_HD44780=m
CONFIG_KS0108=m
CONFIG_KS0108_PORT=0x378
@@ -6892,6 +6856,7 @@ CONFIG_PANEL=m
CONFIG_PANEL_PARPORT=0
CONFIG_PANEL_PROFILE=5
# CONFIG_PANEL_CHANGE_MESSAGE is not set
+CONFIG_CHARLCD=m
CONFIG_UIO=m
CONFIG_UIO_CIF=m
CONFIG_UIO_PDRV_GENIRQ=m
@@ -8097,7 +8062,6 @@ CONFIG_EFI_VARS=m
CONFIG_EFI_ESRT=y
CONFIG_EFI_VARS_PSTORE=m
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
-CONFIG_EFI_RUNTIME_MAP=y
# CONFIG_EFI_FAKE_MEMMAP is not set
CONFIG_EFI_RUNTIME_WRAPPERS=y
CONFIG_EFI_BOOTLOADER_CONTROL=m
@@ -8177,7 +8141,6 @@ CONFIG_QUOTA_TREE=m
CONFIG_QFMT_V1=m
CONFIG_QFMT_V2=m
CONFIG_QUOTACTL=y
-CONFIG_QUOTACTL_COMPAT=y
CONFIG_AUTOFS4_FS=m
CONFIG_FUSE_FS=m
CONFIG_CUSE=m
@@ -8484,10 +8447,12 @@ CONFIG_DEBUG_KERNEL=y
#
# CONFIG_PAGE_EXTENSION is not set
# CONFIG_DEBUG_PAGEALLOC is not set
-# CONFIG_PAGE_POISONING is not set
+CONFIG_PAGE_POISONING=y
+CONFIG_PAGE_POISONING_NO_SANITY=y
+CONFIG_PAGE_POISONING_ZERO=y
# CONFIG_DEBUG_RODATA_TEST is not set
# CONFIG_DEBUG_OBJECTS is not set
-# CONFIG_SLUB_DEBUG_ON is not set
+CONFIG_SLUB_DEBUG_ON=y
# CONFIG_SLUB_STATS is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
# CONFIG_DEBUG_KMEMLEAK is not set
@@ -8519,7 +8484,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
# CONFIG_DEBUG_PREEMPT is not set
@@ -8541,11 +8506,11 @@ CONFIG_SCHEDSTATS=y
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
-# CONFIG_DEBUG_LIST is not set
-# CONFIG_DEBUG_PI_LIST is not set
-# CONFIG_DEBUG_SG is not set
-# CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_DEBUG_CREDENTIALS is not set
+CONFIG_DEBUG_LIST=y
+CONFIG_DEBUG_PI_LIST=y
+CONFIG_DEBUG_SG=y
+CONFIG_DEBUG_NOTIFIERS=y
+CONFIG_DEBUG_CREDENTIALS=y
#
# RCU Debugging
@@ -8573,32 +8538,14 @@ CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_HAVE_FENTRY=y
CONFIG_HAVE_C_RECORDMCOUNT=y
CONFIG_TRACING_SUPPORT=y
-CONFIG_FTRACE=y
-# CONFIG_FUNCTION_TRACER is not set
-# CONFIG_IRQSOFF_TRACER is not set
-# CONFIG_PREEMPT_TRACER is not set
-# CONFIG_SCHED_TRACER is not set
-# CONFIG_HWLAT_TRACER is not set
-# CONFIG_ENABLE_DEFAULT_TRACERS is not set
-# CONFIG_FTRACE_SYSCALLS is not set
-# CONFIG_TRACER_SNAPSHOT is not set
-CONFIG_BRANCH_PROFILE_NONE=y
-# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
-# CONFIG_STACK_TRACER is not set
-# CONFIG_BLK_DEV_IO_TRACE is not set
-# CONFIG_UPROBE_EVENTS is not set
-# CONFIG_PROBE_EVENTS is not set
-# CONFIG_MMIOTRACE is not set
-# CONFIG_HIST_TRIGGERS is not set
-# CONFIG_TRACEPOINT_BENCHMARK is not set
-CONFIG_TRACING_EVENTS_GPIO=y
+# CONFIG_FTRACE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DMA_API_DEBUG is not set
#
# Runtime Testing
#
-# CONFIG_LKDTM is not set
+CONFIG_LKDTM=m
# CONFIG_TEST_LIST_SORT is not set
# CONFIG_TEST_SORT is not set
# CONFIG_BACKTRACE_SELF_TEST is not set
@@ -8625,7 +8572,7 @@ CONFIG_TEST_SYSCTL=m
CONFIG_TEST_STATIC_KEYS=m
CONFIG_TEST_KMOD=m
CONFIG_MEMTEST=y
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
@@ -8634,17 +8581,17 @@ CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
CONFIG_STRICT_DEVMEM=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
CONFIG_EARLY_PRINTK_USB=y
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_EARLY_PRINTK_EFI is not set
CONFIG_EARLY_PRINTK_USB_XDBC=y
-# CONFIG_X86_PTDUMP_CORE is not set
+CONFIG_X86_PTDUMP_CORE=y
# CONFIG_X86_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
-# CONFIG_DEBUG_WX is not set
+CONFIG_DEBUG_WX=y
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_DEBUG is not set
@@ -8673,7 +8620,6 @@ CONFIG_UNWINDER_ORC=y
# Security options
#
CONFIG_KEYS=y
-CONFIG_KEYS_COMPAT=y
CONFIG_PERSISTENT_KEYRINGS=y
# CONFIG_BIG_KEYS is not set
CONFIG_TRUSTED_KEYS=m
@@ -8691,7 +8637,8 @@ CONFIG_HARDENED_USERCOPY=y
CONFIG_FORTIFY_SOURCE=y
CONFIG_PAGE_SANITIZE=y
CONFIG_PAGE_SANITIZE_VERIFY=y
-# CONFIG_STATIC_USERMODEHELPER is not set
+CONFIG_STATIC_USERMODEHELPER=y
+CONFIG_STATIC_USERMODEHELPER_PATH=""
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
@@ -8717,11 +8664,11 @@ CONFIG_CRYPTO_RNG=m
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_RNG_DEFAULT=m
CONFIG_CRYPTO_AKCIPHER2=y
-CONFIG_CRYPTO_AKCIPHER=m
+CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
-CONFIG_CRYPTO_RSA=m
+CONFIG_CRYPTO_RSA=y
CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
@@ -8798,7 +8745,7 @@ CONFIG_CRYPTO_SHA1_MB=m
CONFIG_CRYPTO_SHA256_MB=m
CONFIG_CRYPTO_SHA512_MB=m
CONFIG_CRYPTO_SHA256=m
-CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_SHA512=y
CONFIG_CRYPTO_SHA3=m
CONFIG_CRYPTO_TGR192=m
CONFIG_CRYPTO_WP512=m
@@ -8830,7 +8777,6 @@ CONFIG_CRYPTO_DES3_EDE_X86_64=m
CONFIG_CRYPTO_FCRYPT=m
CONFIG_CRYPTO_KHAZAD=m
CONFIG_CRYPTO_SALSA20=m
-CONFIG_CRYPTO_SALSA20_X86_64=m
CONFIG_CRYPTO_CHACHA20=m
CONFIG_CRYPTO_CHACHA20_X86_64=m
CONFIG_CRYPTO_SEED=m
@@ -8891,13 +8837,16 @@ CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m
CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
CONFIG_ASYMMETRIC_KEY_TYPE=y
-CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
-CONFIG_X509_CERTIFICATE_PARSER=m
-CONFIG_PKCS7_MESSAGE_PARSER=m
+CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
+CONFIG_X509_CERTIFICATE_PARSER=y
+CONFIG_PKCS7_MESSAGE_PARSER=y
+# CONFIG_PKCS7_TEST_KEY is not set
+# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set
#
# Certificates for signature checking
#
+CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_SYSTEM_TRUSTED_KEYRING=y
CONFIG_SYSTEM_TRUSTED_KEYS=""
# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set
@@ -8915,7 +8864,6 @@ CONFIG_HAVE_KVM_MSI=y
CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
CONFIG_KVM_VFIO=y
CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y
-CONFIG_KVM_COMPAT=y
CONFIG_HAVE_KVM_IRQ_BYPASS=y
CONFIG_VIRTUALIZATION=y
CONFIG_KVM=m
@@ -9019,8 +8967,8 @@ CONFIG_CLZ_TAB=y
CONFIG_CORDIC=m
CONFIG_DDR=y
CONFIG_IRQ_POLL=y
-CONFIG_MPILIB=m
-CONFIG_OID_REGISTRY=m
+CONFIG_MPILIB=y
+CONFIG_OID_REGISTRY=y
CONFIG_UCS2_STRING=y
CONFIG_FONT_SUPPORT=y
CONFIG_FONTS=y