grsecurity-3.1-4.9.13-20170227072920170227

13 files changed, 1158 insertions, 88 deletions

diff --git a/4.9.12/0000_README b/4.9.13/0000_README
index fde5541..733ff59 100644
--- a/4.9.12/0000_README
+++ b/4.9.13/0000_README
@@ -2,7 +2,11 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.9.12-201702231830.patch
+Patch:	1012_linux-4.9.13.patch
+From:	http://www.kernel.org
+Desc:	Linux 4.9.13
+
+Patch:	4420_grsecurity-3.1-4.9.13-201702270729.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.9.13/1012_linux-4.9.13.patch b/4.9.13/1012_linux-4.9.13.patch
new file mode 100644
index 0000000..8a48815
--- /dev/null
+++ b/4.9.13/1012_linux-4.9.13.patch
@@ -0,0 +1,1079 @@
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index 922dec8..65b05ba 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -1391,6 +1391,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+ 			When zero, profiling data is discarded and associated
+ 			debugfs files are removed at module unload time.
+ 
++	goldfish	[X86] Enable the goldfish android emulator platform.
++			Don't use this when you are not running on the
++			android emulator
++
+ 	gpt		[EFI] Forces disk with valid GPT signature but
+ 			invalid Protective MBR to be treated as GPT. If the
+ 			primary GPT is corrupted, it enables the backup/alternate
+diff --git a/Makefile b/Makefile
+index 3cd6f6f..14dc275 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,6 +1,6 @@
+ VERSION = 4
+ PATCHLEVEL = 9
+-SUBLEVEL = 12
++SUBLEVEL = 13
+ EXTRAVERSION =
+ NAME = Roaring Lionus
+ 
+diff --git a/arch/x86/platform/goldfish/goldfish.c b/arch/x86/platform/goldfish/goldfish.c
+index 1693107..0d17c0a 100644
+--- a/arch/x86/platform/goldfish/goldfish.c
++++ b/arch/x86/platform/goldfish/goldfish.c
+@@ -42,10 +42,22 @@ static struct resource goldfish_pdev_bus_resources[] = {
+ 	}
+ };
+ 
++static bool goldfish_enable __initdata;
++
++static int __init goldfish_setup(char *str)
++{
++	goldfish_enable = true;
++	return 0;
++}
++__setup("goldfish", goldfish_setup);
++
+ static int __init goldfish_init(void)
+ {
++	if (!goldfish_enable)
++		return -ENODEV;
++
+ 	platform_device_register_simple("goldfish_pdev_bus", -1,
+-						goldfish_pdev_bus_resources, 2);
++					goldfish_pdev_bus_resources, 2);
+ 	return 0;
+ }
+ device_initcall(goldfish_init);
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+index 6bb21b3..a543ea6 100644
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+@@ -567,10 +567,14 @@ int mlx5e_stats_flower(struct mlx5e_priv *priv,
+ 
+ 	mlx5_fc_query_cached(counter, &bytes, &packets, &lastuse);
+ 
++	preempt_disable();
++
+ 	tcf_exts_to_list(f->exts, &actions);
+ 	list_for_each_entry(a, &actions, list)
+ 		tcf_action_stats_update(a, bytes, packets, lastuse);
+ 
++	preempt_enable();
++
+ 	return 0;
+ }
+ 
+diff --git a/drivers/net/ethernet/ti/cpsw.c b/drivers/net/ethernet/ti/cpsw.c
+index b9087b8..3f1971d 100644
+--- a/drivers/net/ethernet/ti/cpsw.c
++++ b/drivers/net/ethernet/ti/cpsw.c
+@@ -2925,7 +2925,7 @@ static int cpsw_resume(struct device *dev)
+ {
+ 	struct platform_device	*pdev = to_platform_device(dev);
+ 	struct net_device	*ndev = platform_get_drvdata(pdev);
+-	struct cpsw_common	*cpsw = netdev_priv(ndev);
++	struct cpsw_common	*cpsw = ndev_to_cpsw(ndev);
+ 
+ 	/* Select default pin state */
+ 	pinctrl_pm_select_default_state(dev);
+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
+index 0fafaa9..d4f495b 100644
+--- a/drivers/net/vxlan.c
++++ b/drivers/net/vxlan.c
+@@ -2449,7 +2449,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ 			return -EINVAL;
+ 		rt = vxlan_get_route(vxlan, skb, 0, info->key.tos,
+ 				     info->key.u.ipv4.dst,
+-				     &info->key.u.ipv4.src, NULL, info);
++				     &info->key.u.ipv4.src,
++				     &info->dst_cache, info);
+ 		if (IS_ERR(rt))
+ 			return PTR_ERR(rt);
+ 		ip_rt_put(rt);
+@@ -2459,7 +2460,8 @@ static int vxlan_fill_metadata_dst(struct net_device *dev, struct sk_buff *skb)
+ 
+ 		ndst = vxlan6_get_route(vxlan, skb, 0, info->key.tos,
+ 					info->key.label, &info->key.u.ipv6.dst,
+-					&info->key.u.ipv6.src, NULL, info);
++					&info->key.u.ipv6.src,
++					&info->dst_cache, info);
+ 		if (IS_ERR(ndst))
+ 			return PTR_ERR(ndst);
+ 		dst_release(ndst);
+diff --git a/drivers/net/wireless/realtek/rtlwifi/usb.c b/drivers/net/wireless/realtek/rtlwifi/usb.c
+index 3837bbd..ae0c48f 100644
+--- a/drivers/net/wireless/realtek/rtlwifi/usb.c
++++ b/drivers/net/wireless/realtek/rtlwifi/usb.c
+@@ -831,12 +831,30 @@ static void rtl_usb_stop(struct ieee80211_hw *hw)
+ 	struct rtl_priv *rtlpriv = rtl_priv(hw);
+ 	struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw));
+ 	struct rtl_usb *rtlusb = rtl_usbdev(rtl_usbpriv(hw));
++	struct urb *urb;
+ 
+ 	/* should after adapter start and interrupt enable. */
+ 	set_hal_stop(rtlhal);
+ 	cancel_work_sync(&rtlpriv->works.fill_h2c_cmd);
+ 	/* Enable software */
+ 	SET_USB_STOP(rtlusb);
++
++	/* free pre-allocated URBs from rtl_usb_start() */
++	usb_kill_anchored_urbs(&rtlusb->rx_submitted);
++
++	tasklet_kill(&rtlusb->rx_work_tasklet);
++	cancel_work_sync(&rtlpriv->works.lps_change_work);
++
++	flush_workqueue(rtlpriv->works.rtl_wq);
++
++	skb_queue_purge(&rtlusb->rx_queue);
++
++	while ((urb = usb_get_from_anchor(&rtlusb->rx_cleanup_urbs))) {
++		usb_free_coherent(urb->dev, urb->transfer_buffer_length,
++				urb->transfer_buffer, urb->transfer_dma);
++		usb_free_urb(urb);
++	}
++
+ 	rtlpriv->cfg->ops->hw_disable(hw);
+ }
+ 
+diff --git a/drivers/platform/goldfish/pdev_bus.c b/drivers/platform/goldfish/pdev_bus.c
+index 1f52462..dd9ea46 100644
+--- a/drivers/platform/goldfish/pdev_bus.c
++++ b/drivers/platform/goldfish/pdev_bus.c
+@@ -157,23 +157,26 @@ static int goldfish_new_pdev(void)
+ static irqreturn_t goldfish_pdev_bus_interrupt(int irq, void *dev_id)
+ {
+ 	irqreturn_t ret = IRQ_NONE;
++
+ 	while (1) {
+ 		u32 op = readl(pdev_bus_base + PDEV_BUS_OP);
+-		switch (op) {
+-		case PDEV_BUS_OP_DONE:
+-			return IRQ_NONE;
+ 
++		switch (op) {
+ 		case PDEV_BUS_OP_REMOVE_DEV:
+ 			goldfish_pdev_remove();
++			ret = IRQ_HANDLED;
+ 			break;
+ 
+ 		case PDEV_BUS_OP_ADD_DEV:
+ 			goldfish_new_pdev();
++			ret = IRQ_HANDLED;
+ 			break;
++
++		case PDEV_BUS_OP_DONE:
++		default:
++			return ret;
+ 		}
+-		ret = IRQ_HANDLED;
+ 	}
+-	return ret;
+ }
+ 
+ static int goldfish_pdev_bus_probe(struct platform_device *pdev)
+diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
+index 7312e7e..6788e75 100644
+--- a/drivers/tty/serial/msm_serial.c
++++ b/drivers/tty/serial/msm_serial.c
+@@ -1809,6 +1809,7 @@ static const struct of_device_id msm_match_table[] = {
+ 	{ .compatible = "qcom,msm-uartdm" },
+ 	{}
+ };
++MODULE_DEVICE_TABLE(of, msm_match_table);
+ 
+ static struct platform_driver msm_platform_driver = {
+ 	.remove = msm_serial_remove,
+diff --git a/drivers/usb/serial/ark3116.c b/drivers/usb/serial/ark3116.c
+index 1532cde..7812052 100644
+--- a/drivers/usb/serial/ark3116.c
++++ b/drivers/usb/serial/ark3116.c
+@@ -99,10 +99,17 @@ static int ark3116_read_reg(struct usb_serial *serial,
+ 				 usb_rcvctrlpipe(serial->dev, 0),
+ 				 0xfe, 0xc0, 0, reg,
+ 				 buf, 1, ARK_TIMEOUT);
+-	if (result < 0)
++	if (result < 1) {
++		dev_err(&serial->interface->dev,
++				"failed to read register %u: %d\n",
++				reg, result);
++		if (result >= 0)
++			result = -EIO;
++
+ 		return result;
+-	else
+-		return buf[0];
++	}
++
++	return buf[0];
+ }
+ 
+ static inline int calc_divisor(int bps)
+diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
+index 8967715..b6f1ade 100644
+--- a/drivers/usb/serial/console.c
++++ b/drivers/usb/serial/console.c
+@@ -143,6 +143,7 @@ static int usb_console_setup(struct console *co, char *options)
+ 			tty->driver = usb_serial_tty_driver;
+ 			tty->index = co->index;
+ 			init_ldsem(&tty->ldisc_sem);
++			spin_lock_init(&tty->files_lock);
+ 			INIT_LIST_HEAD(&tty->tty_files);
+ 			kref_get(&tty->driver->kref);
+ 			__module_get(tty->driver->owner);
+diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
+index 243ac5e..8bb4875 100644
+--- a/drivers/usb/serial/cp210x.c
++++ b/drivers/usb/serial/cp210x.c
+@@ -172,6 +172,8 @@ static const struct usb_device_id id_table[] = {
+ 	{ USB_DEVICE(0x1901, 0x0190) }, /* GE B850 CP2105 Recorder interface */
+ 	{ USB_DEVICE(0x1901, 0x0193) }, /* GE B650 CP2104 PMC interface */
+ 	{ USB_DEVICE(0x1901, 0x0194) },	/* GE Healthcare Remote Alarm Box */
++	{ USB_DEVICE(0x1901, 0x0195) },	/* GE B850/B650/B450 CP2104 DP UART interface */
++	{ USB_DEVICE(0x1901, 0x0196) },	/* GE B850 CP2105 DP UART interface */
+ 	{ USB_DEVICE(0x19CF, 0x3000) }, /* Parrot NMEA GPS Flight Recorder */
+ 	{ USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
+ 	{ USB_DEVICE(0x1B1C, 0x1C00) }, /* Corsair USB Dongle */
+diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
+index 6e9fc8b..99a0a5f 100644
+--- a/drivers/usb/serial/ftdi_sio.c
++++ b/drivers/usb/serial/ftdi_sio.c
+@@ -1807,8 +1807,6 @@ static int ftdi_sio_port_probe(struct usb_serial_port *port)
+ 
+ 	mutex_init(&priv->cfg_lock);
+ 
+-	priv->flags = ASYNC_LOW_LATENCY;
+-
+ 	if (quirk && quirk->port_probe)
+ 		quirk->port_probe(priv);
+ 
+@@ -2072,6 +2070,20 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ 		priv->prev_status = status;
+ 	}
+ 
++	/* save if the transmitter is empty or not */
++	if (packet[1] & FTDI_RS_TEMT)
++		priv->transmit_empty = 1;
++	else
++		priv->transmit_empty = 0;
++
++	len -= 2;
++	if (!len)
++		return 0;	/* status only */
++
++	/*
++	 * Break and error status must only be processed for packets with
++	 * data payload to avoid over-reporting.
++	 */
+ 	flag = TTY_NORMAL;
+ 	if (packet[1] & FTDI_RS_ERR_MASK) {
+ 		/* Break takes precedence over parity, which takes precedence
+@@ -2094,15 +2106,6 @@ static int ftdi_process_packet(struct usb_serial_port *port,
+ 		}
+ 	}
+ 
+-	/* save if the transmitter is empty or not */
+-	if (packet[1] & FTDI_RS_TEMT)
+-		priv->transmit_empty = 1;
+-	else
+-		priv->transmit_empty = 0;
+-
+-	len -= 2;
+-	if (!len)
+-		return 0;	/* status only */
+ 	port->icount.rx += len;
+ 	ch = packet + 2;
+ 
+@@ -2433,8 +2436,12 @@ static int ftdi_get_modem_status(struct usb_serial_port *port,
+ 			FTDI_SIO_GET_MODEM_STATUS_REQUEST_TYPE,
+ 			0, priv->interface,
+ 			buf, len, WDR_TIMEOUT);
+-	if (ret < 0) {
++
++	/* NOTE: We allow short responses and handle that below. */
++	if (ret < 1) {
+ 		dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++		if (ret >= 0)
++			ret = -EIO;
+ 		ret = usb_translate_errors(ret);
+ 		goto out;
+ 	}
+diff --git a/drivers/usb/serial/mos7840.c b/drivers/usb/serial/mos7840.c
+index 4f9af47..5c4fc3a 100644
+--- a/drivers/usb/serial/mos7840.c
++++ b/drivers/usb/serial/mos7840.c
+@@ -1024,6 +1024,7 @@ static int mos7840_open(struct tty_struct *tty, struct usb_serial_port *port)
+ 	 * (can't set it up in mos7840_startup as the structures *
+ 	 * were not set up at that time.)                        */
+ 	if (port0->open_ports == 1) {
++		/* FIXME: Buffer never NULL, so URB is not submitted. */
+ 		if (serial->port[0]->interrupt_in_buffer == NULL) {
+ 			/* set up interrupt urb */
+ 			usb_fill_int_urb(serial->port[0]->interrupt_in_urb,
+@@ -2119,7 +2120,8 @@ static int mos7840_calc_num_ports(struct usb_serial *serial)
+ static int mos7840_attach(struct usb_serial *serial)
+ {
+ 	if (serial->num_bulk_in < serial->num_ports ||
+-			serial->num_bulk_out < serial->num_ports) {
++			serial->num_bulk_out < serial->num_ports ||
++			serial->num_interrupt_in < 1) {
+ 		dev_err(&serial->interface->dev, "missing endpoints\n");
+ 		return -ENODEV;
+ 	}
+diff --git a/drivers/usb/serial/opticon.c b/drivers/usb/serial/opticon.c
+index 4b7bfb3..64bf258 100644
+--- a/drivers/usb/serial/opticon.c
++++ b/drivers/usb/serial/opticon.c
+@@ -142,7 +142,7 @@ static int opticon_open(struct tty_struct *tty, struct usb_serial_port *port)
+ 	usb_clear_halt(port->serial->dev, port->read_urb->pipe);
+ 
+ 	res = usb_serial_generic_open(tty, port);
+-	if (!res)
++	if (res)
+ 		return res;
+ 
+ 	/* Request CTS line state, sometimes during opening the current
+diff --git a/drivers/usb/serial/spcp8x5.c b/drivers/usb/serial/spcp8x5.c
+index 475e6c3..ddfd787 100644
+--- a/drivers/usb/serial/spcp8x5.c
++++ b/drivers/usb/serial/spcp8x5.c
+@@ -232,11 +232,17 @@ static int spcp8x5_get_msr(struct usb_serial_port *port, u8 *status)
+ 	ret = usb_control_msg(dev, usb_rcvctrlpipe(dev, 0),
+ 			      GET_UART_STATUS, GET_UART_STATUS_TYPE,
+ 			      0, GET_UART_STATUS_MSR, buf, 1, 100);
+-	if (ret < 0)
++	if (ret < 1) {
+ 		dev_err(&port->dev, "failed to get modem status: %d\n", ret);
++		if (ret >= 0)
++			ret = -EIO;
++		goto out;
++	}
+ 
+ 	dev_dbg(&port->dev, "0xc0:0x22:0:6  %d - 0x02%x\n", ret, *buf);
+ 	*status = *buf;
++	ret = 0;
++out:
+ 	kfree(buf);
+ 
+ 	return ret;
+diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
+index cdc6bdd..e888961 100644
+--- a/fs/xfs/xfs_iomap.c
++++ b/fs/xfs/xfs_iomap.c
+@@ -1068,7 +1068,15 @@ xfs_file_iomap_end_delalloc(
+ 	xfs_fileoff_t		end_fsb;
+ 	int			error = 0;
+ 
+-	start_fsb = XFS_B_TO_FSB(mp, offset + written);
++	/*
++	 * start_fsb refers to the first unused block after a short write. If
++	 * nothing was written, round offset down to point at the first block in
++	 * the range.
++	 */
++	if (unlikely(!written))
++		start_fsb = XFS_B_TO_FSBT(mp, offset);
++	else
++		start_fsb = XFS_B_TO_FSB(mp, offset + written);
+ 	end_fsb = XFS_B_TO_FSB(mp, offset + length);
+ 
+ 	/*
+@@ -1080,6 +1088,9 @@ xfs_file_iomap_end_delalloc(
+ 	 * blocks in the range, they are ours.
+ 	 */
+ 	if (start_fsb < end_fsb) {
++		truncate_pagecache_range(VFS_I(ip), XFS_FSB_TO_B(mp, start_fsb),
++					 XFS_FSB_TO_B(mp, end_fsb) - 1);
++
+ 		xfs_ilock(ip, XFS_ILOCK_EXCL);
+ 		error = xfs_bmap_punch_delalloc_range(ip, start_fsb,
+ 					       end_fsb - start_fsb);
+diff --git a/include/acpi/platform/acenv.h b/include/acpi/platform/acenv.h
+index 34cce72..fca1539 100644
+--- a/include/acpi/platform/acenv.h
++++ b/include/acpi/platform/acenv.h
+@@ -177,7 +177,7 @@
+ #include "acmsvc.h"
+ 
+ #elif defined(__INTEL_COMPILER)
+-#include "acintel.h"
++#include <acpi/platform/acintel.h>
+ 
+ #endif
+ 
+diff --git a/include/acpi/platform/acintel.h b/include/acpi/platform/acintel.h
+new file mode 100644
+index 0000000..17bd3b7
+--- /dev/null
++++ b/include/acpi/platform/acintel.h
+@@ -0,0 +1,87 @@
++/******************************************************************************
++ *
++ * Name: acintel.h - VC specific defines, etc.
++ *
++ *****************************************************************************/
++
++/*
++ * Copyright (C) 2000 - 2017, Intel Corp.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions, and the following disclaimer,
++ *    without modification.
++ * 2. Redistributions in binary form must reproduce at minimum a disclaimer
++ *    substantially similar to the "NO WARRANTY" disclaimer below
++ *    ("Disclaimer") and any redistribution must be conditioned upon
++ *    including a substantially similar Disclaimer requirement for further
++ *    binary redistribution.
++ * 3. Neither the names of the above-listed copyright holders nor the names
++ *    of any contributors may be used to endorse or promote products derived
++ *    from this software without specific prior written permission.
++ *
++ * Alternatively, this software may be distributed under the terms of the
++ * GNU General Public License ("GPL") version 2 as published by the Free
++ * Software Foundation.
++ *
++ * NO WARRANTY
++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
++ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
++ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
++ * POSSIBILITY OF SUCH DAMAGES.
++ */
++
++#ifndef __ACINTEL_H__
++#define __ACINTEL_H__
++
++/*
++ * Use compiler specific <stdarg.h> is a good practice for even when
++ * -nostdinc is specified (i.e., ACPI_USE_STANDARD_HEADERS undefined.
++ */
++#include <stdarg.h>
++
++/* Configuration specific to Intel 64-bit C compiler */
++
++#define COMPILER_DEPENDENT_INT64    __int64
++#define COMPILER_DEPENDENT_UINT64   unsigned __int64
++#define ACPI_INLINE                 __inline
++
++/*
++ * Calling conventions:
++ *
++ * ACPI_SYSTEM_XFACE        - Interfaces to host OS (handlers, threads)
++ * ACPI_EXTERNAL_XFACE      - External ACPI interfaces
++ * ACPI_INTERNAL_XFACE      - Internal ACPI interfaces
++ * ACPI_INTERNAL_VAR_XFACE  - Internal variable-parameter list interfaces
++ */
++#define ACPI_SYSTEM_XFACE
++#define ACPI_EXTERNAL_XFACE
++#define ACPI_INTERNAL_XFACE
++#define ACPI_INTERNAL_VAR_XFACE
++
++/* remark 981 - operands evaluated in no particular order */
++#pragma warning(disable:981)
++
++/* warn C4100: unreferenced formal parameter */
++#pragma warning(disable:4100)
++
++/* warn C4127: conditional expression is constant */
++#pragma warning(disable:4127)
++
++/* warn C4706: assignment within conditional expression */
++#pragma warning(disable:4706)
++
++/* warn C4214: bit field types other than int */
++#pragma warning(disable:4214)
++
++#endif				/* __ACINTEL_H__ */
+diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h
+index 2052011..6c70444 100644
+--- a/include/linux/ptr_ring.h
++++ b/include/linux/ptr_ring.h
+@@ -111,6 +111,11 @@ static inline int __ptr_ring_produce(struct ptr_ring *r, void *ptr)
+ 	return 0;
+ }
+ 
++/*
++ * Note: resize (below) nests producer lock within consumer lock, so if you
++ * consume in interrupt or BH context, you must disable interrupts/BH when
++ * calling this.
++ */
+ static inline int ptr_ring_produce(struct ptr_ring *r, void *ptr)
+ {
+ 	int ret;
+@@ -242,6 +247,11 @@ static inline void *__ptr_ring_consume(struct ptr_ring *r)
+ 	return ptr;
+ }
+ 
++/*
++ * Note: resize (below) nests producer lock within consumer lock, so if you
++ * call this in interrupt or BH context, you must disable interrupts/BH when
++ * producing.
++ */
+ static inline void *ptr_ring_consume(struct ptr_ring *r)
+ {
+ 	void *ptr;
+@@ -357,7 +367,7 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
+ 	void **old;
+ 	void *ptr;
+ 
+-	while ((ptr = ptr_ring_consume(r)))
++	while ((ptr = __ptr_ring_consume(r)))
+ 		if (producer < size)
+ 			queue[producer++] = ptr;
+ 		else if (destroy)
+@@ -372,6 +382,12 @@ static inline void **__ptr_ring_swap_queue(struct ptr_ring *r, void **queue,
+ 	return old;
+ }
+ 
++/*
++ * Note: producer lock is nested within consumer lock, so if you
++ * resize you must make sure all uses nest correctly.
++ * In particular if you consume ring in interrupt or BH context, you must
++ * disable interrupts/BH when doing so.
++ */
+ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
+ 				  void (*destroy)(void *))
+ {
+@@ -382,17 +398,25 @@ static inline int ptr_ring_resize(struct ptr_ring *r, int size, gfp_t gfp,
+ 	if (!queue)
+ 		return -ENOMEM;
+ 
+-	spin_lock_irqsave(&(r)->producer_lock, flags);
++	spin_lock_irqsave(&(r)->consumer_lock, flags);
++	spin_lock(&(r)->producer_lock);
+ 
+ 	old = __ptr_ring_swap_queue(r, queue, size, gfp, destroy);
+ 
+-	spin_unlock_irqrestore(&(r)->producer_lock, flags);
++	spin_unlock(&(r)->producer_lock);
++	spin_unlock_irqrestore(&(r)->consumer_lock, flags);
+ 
+ 	kfree(old);
+ 
+ 	return 0;
+ }
+ 
++/*
++ * Note: producer lock is nested within consumer lock, so if you
++ * resize you must make sure all uses nest correctly.
++ * In particular if you consume ring in interrupt or BH context, you must
++ * disable interrupts/BH when doing so.
++ */
+ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
+ 					   int size,
+ 					   gfp_t gfp, void (*destroy)(void *))
+@@ -412,10 +436,12 @@ static inline int ptr_ring_resize_multiple(struct ptr_ring **rings, int nrings,
+ 	}
+ 
+ 	for (i = 0; i < nrings; ++i) {
+-		spin_lock_irqsave(&(rings[i])->producer_lock, flags);
++		spin_lock_irqsave(&(rings[i])->consumer_lock, flags);
++		spin_lock(&(rings[i])->producer_lock);
+ 		queues[i] = __ptr_ring_swap_queue(rings[i], queues[i],
+ 						  size, gfp, destroy);
+-		spin_unlock_irqrestore(&(rings[i])->producer_lock, flags);
++		spin_unlock(&(rings[i])->producer_lock);
++		spin_unlock_irqrestore(&(rings[i])->consumer_lock, flags);
+ 	}
+ 
+ 	for (i = 0; i < nrings; ++i)
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 8fde443..6ff2d77 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -757,15 +757,20 @@ static int cgwb_bdi_init(struct backing_dev_info *bdi)
+ 	if (!bdi->wb_congested)
+ 		return -ENOMEM;
+ 
++	atomic_set(&bdi->wb_congested->refcnt, 1);
++
+ 	err = wb_init(&bdi->wb, bdi, 1, GFP_KERNEL);
+ 	if (err) {
+-		kfree(bdi->wb_congested);
++		wb_congested_put(bdi->wb_congested);
+ 		return err;
+ 	}
+ 	return 0;
+ }
+ 
+-static void cgwb_bdi_destroy(struct backing_dev_info *bdi) { }
++static void cgwb_bdi_destroy(struct backing_dev_info *bdi)
++{
++	wb_congested_put(bdi->wb_congested);
++}
+ 
+ #endif	/* CONFIG_CGROUP_WRITEBACK */
+ 
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index 2ae929f..9901e5b 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -2927,7 +2927,8 @@ static void neigh_proc_update(struct ctl_table *ctl, int write)
+ 		return;
+ 
+ 	set_bit(index, p->data_state);
+-	call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
++	if (index == NEIGH_VAR_DELAY_PROBE_TIME)
++		call_netevent_notifiers(NETEVENT_DELAY_PROBE_TIME_UPDATE, p);
+ 	if (!dev) /* NULL dev means this is default value */
+ 		neigh_copy_dflt_parms(net, p, index);
+ }
+diff --git a/net/dccp/input.c b/net/dccp/input.c
+index ba34718..8fedc2d 100644
+--- a/net/dccp/input.c
++++ b/net/dccp/input.c
+@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+ 			if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
+ 								    skb) < 0)
+ 				return 1;
+-			goto discard;
++			consume_skb(skb);
++			return 0;
+ 		}
+ 		if (dh->dccph_type == DCCP_PKT_RESET)
+ 			goto discard;
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
+index 65336f3..9826695 100644
+--- a/net/ipv4/ip_sockglue.c
++++ b/net/ipv4/ip_sockglue.c
+@@ -105,10 +105,10 @@ static void ip_cmsg_recv_checksum(struct msghdr *msg, struct sk_buff *skb,
+ 	if (skb->ip_summed != CHECKSUM_COMPLETE)
+ 		return;
+ 
+-	if (offset != 0)
+-		csum = csum_sub(csum,
+-				csum_partial(skb_transport_header(skb) + tlen,
+-					     offset, 0));
++	if (offset != 0) {
++		int tend_off = skb_transport_offset(skb) + tlen;
++		csum = csum_sub(csum, skb_checksum(skb, tend_off, offset, 0));
++	}
+ 
+ 	put_cmsg(msg, SOL_IP, IP_CHECKSUM, sizeof(__wsum), &csum);
+ }
+diff --git a/net/irda/irqueue.c b/net/irda/irqueue.c
+index acbe61c..160dc89 100644
+--- a/net/irda/irqueue.c
++++ b/net/irda/irqueue.c
+@@ -383,9 +383,6 @@ EXPORT_SYMBOL(hashbin_new);
+  *    for deallocating this structure if it's complex. If not the user can
+  *    just supply kfree, which should take care of the job.
+  */
+-#ifdef CONFIG_LOCKDEP
+-static int hashbin_lock_depth = 0;
+-#endif
+ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ {
+ 	irda_queue_t* queue;
+@@ -396,22 +393,27 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ 	IRDA_ASSERT(hashbin->magic == HB_MAGIC, return -1;);
+ 
+ 	/* Synchronize */
+-	if ( hashbin->hb_type & HB_LOCK ) {
+-		spin_lock_irqsave_nested(&hashbin->hb_spinlock, flags,
+-					 hashbin_lock_depth++);
+-	}
++	if (hashbin->hb_type & HB_LOCK)
++		spin_lock_irqsave(&hashbin->hb_spinlock, flags);
+ 
+ 	/*
+ 	 *  Free the entries in the hashbin, TODO: use hashbin_clear when
+ 	 *  it has been shown to work
+ 	 */
+ 	for (i = 0; i < HASHBIN_SIZE; i ++ ) {
+-		queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
+-		while (queue ) {
+-			if (free_func)
+-				(*free_func)(queue);
+-			queue = dequeue_first(
+-				(irda_queue_t**) &hashbin->hb_queue[i]);
++		while (1) {
++			queue = dequeue_first((irda_queue_t**) &hashbin->hb_queue[i]);
++
++			if (!queue)
++				break;
++
++			if (free_func) {
++				if (hashbin->hb_type & HB_LOCK)
++					spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
++				free_func(queue);
++				if (hashbin->hb_type & HB_LOCK)
++					spin_lock_irqsave(&hashbin->hb_spinlock, flags);
++			}
+ 		}
+ 	}
+ 
+@@ -420,12 +422,8 @@ int hashbin_delete( hashbin_t* hashbin, FREE_FUNC free_func)
+ 	hashbin->magic = ~HB_MAGIC;
+ 
+ 	/* Release lock */
+-	if ( hashbin->hb_type & HB_LOCK) {
++	if (hashbin->hb_type & HB_LOCK)
+ 		spin_unlock_irqrestore(&hashbin->hb_spinlock, flags);
+-#ifdef CONFIG_LOCKDEP
+-		hashbin_lock_depth--;
+-#endif
+-	}
+ 
+ 	/*
+ 	 *  Free the hashbin structure
+diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
+index 7e08a4d..a646f34 100644
+--- a/net/kcm/kcmsock.c
++++ b/net/kcm/kcmsock.c
+@@ -929,23 +929,25 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ 			goto out_error;
+ 	}
+ 
+-	/* New message, alloc head skb */
+-	head = alloc_skb(0, sk->sk_allocation);
+-	while (!head) {
+-		kcm_push(kcm);
+-		err = sk_stream_wait_memory(sk, &timeo);
+-		if (err)
+-			goto out_error;
+-
++	if (msg_data_left(msg)) {
++		/* New message, alloc head skb */
+ 		head = alloc_skb(0, sk->sk_allocation);
+-	}
++		while (!head) {
++			kcm_push(kcm);
++			err = sk_stream_wait_memory(sk, &timeo);
++			if (err)
++				goto out_error;
+ 
+-	skb = head;
++			head = alloc_skb(0, sk->sk_allocation);
++		}
+ 
+-	/* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
+-	 * csum_and_copy_from_iter from skb_do_copy_data_nocache.
+-	 */
+-	skb->ip_summed = CHECKSUM_UNNECESSARY;
++		skb = head;
++
++		/* Set ip_summed to CHECKSUM_UNNECESSARY to avoid calling
++		 * csum_and_copy_from_iter from skb_do_copy_data_nocache.
++		 */
++		skb->ip_summed = CHECKSUM_UNNECESSARY;
++	}
+ 
+ start:
+ 	while (msg_data_left(msg)) {
+@@ -1018,10 +1020,12 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ 	if (eor) {
+ 		bool not_busy = skb_queue_empty(&sk->sk_write_queue);
+ 
+-		/* Message complete, queue it on send buffer */
+-		__skb_queue_tail(&sk->sk_write_queue, head);
+-		kcm->seq_skb = NULL;
+-		KCM_STATS_INCR(kcm->stats.tx_msgs);
++		if (head) {
++			/* Message complete, queue it on send buffer */
++			__skb_queue_tail(&sk->sk_write_queue, head);
++			kcm->seq_skb = NULL;
++			KCM_STATS_INCR(kcm->stats.tx_msgs);
++		}
+ 
+ 		if (msg->msg_flags & MSG_BATCH) {
+ 			kcm->tx_wait_more = true;
+@@ -1040,8 +1044,10 @@ static int kcm_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+ 	} else {
+ 		/* Message not complete, save state */
+ partial_message:
+-		kcm->seq_skb = head;
+-		kcm_tx_msg(head)->last_skb = skb;
++		if (head) {
++			kcm->seq_skb = head;
++			kcm_tx_msg(head)->last_skb = skb;
++		}
+ 	}
+ 
+ 	KCM_STATS_ADD(kcm->stats.tx_bytes, copied);
+diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c
+index 3e821da..8bc5a1b 100644
+--- a/net/llc/llc_conn.c
++++ b/net/llc/llc_conn.c
+@@ -821,7 +821,10 @@ void llc_conn_handler(struct llc_sap *sap, struct sk_buff *skb)
+ 		 * another trick required to cope with how the PROCOM state
+ 		 * machine works. -acme
+ 		 */
++		skb_orphan(skb);
++		sock_hold(sk);
+ 		skb->sk = sk;
++		skb->destructor = sock_efree;
+ 	}
+ 	if (!sock_owned_by_user(sk))
+ 		llc_conn_rcv(sk, skb);
+diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
+index d0e1e80..5404d0d 100644
+--- a/net/llc/llc_sap.c
++++ b/net/llc/llc_sap.c
+@@ -290,7 +290,10 @@ static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
+ 
+ 	ev->type   = LLC_SAP_EV_TYPE_PDU;
+ 	ev->reason = 0;
++	skb_orphan(skb);
++	sock_hold(sk);
+ 	skb->sk = sk;
++	skb->destructor = sock_efree;
+ 	llc_sap_state_process(sap, skb);
+ }
+ 
+diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
+index 7341adf..6dc44d9 100644
+--- a/net/netfilter/nf_conntrack_helper.c
++++ b/net/netfilter/nf_conntrack_helper.c
+@@ -188,6 +188,26 @@ nf_ct_helper_ext_add(struct nf_conn *ct,
+ }
+ EXPORT_SYMBOL_GPL(nf_ct_helper_ext_add);
+ 
++static struct nf_conntrack_helper *
++nf_ct_lookup_helper(struct nf_conn *ct, struct net *net)
++{
++	if (!net->ct.sysctl_auto_assign_helper) {
++		if (net->ct.auto_assign_helper_warned)
++			return NULL;
++		if (!__nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple))
++			return NULL;
++		pr_info("nf_conntrack: default automatic helper assignment "
++			"has been turned off for security reasons and CT-based "
++			" firewall rule not found. Use the iptables CT target "
++			"to attach helpers instead.\n");
++		net->ct.auto_assign_helper_warned = 1;
++		return NULL;
++	}
++
++	return __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
++}
++
++
+ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
+ 			      gfp_t flags)
+ {
+@@ -213,21 +233,14 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
+ 	}
+ 
+ 	help = nfct_help(ct);
+-	if (net->ct.sysctl_auto_assign_helper && helper == NULL) {
+-		helper = __nf_ct_helper_find(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+-		if (unlikely(!net->ct.auto_assign_helper_warned && helper)) {
+-			pr_info("nf_conntrack: automatic helper "
+-				"assignment is deprecated and it will "
+-				"be removed soon. Use the iptables CT target "
+-				"to attach helpers instead.\n");
+-			net->ct.auto_assign_helper_warned = true;
+-		}
+-	}
+ 
+ 	if (helper == NULL) {
+-		if (help)
+-			RCU_INIT_POINTER(help->helper, NULL);
+-		return 0;
++		helper = nf_ct_lookup_helper(ct, net);
++		if (helper == NULL) {
++			if (help)
++				RCU_INIT_POINTER(help->helper, NULL);
++			return 0;
++		}
+ 	}
+ 
+ 	if (help == NULL) {
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
+index 458722b..34de326 100644
+--- a/net/packet/af_packet.c
++++ b/net/packet/af_packet.c
+@@ -1497,6 +1497,8 @@ static void __fanout_link(struct sock *sk, struct packet_sock *po)
+ 	f->arr[f->num_members] = sk;
+ 	smp_wmb();
+ 	f->num_members++;
++	if (f->num_members == 1)
++		dev_add_pack(&f->prot_hook);
+ 	spin_unlock(&f->lock);
+ }
+ 
+@@ -1513,6 +1515,8 @@ static void __fanout_unlink(struct sock *sk, struct packet_sock *po)
+ 	BUG_ON(i >= f->num_members);
+ 	f->arr[i] = f->arr[f->num_members - 1];
+ 	f->num_members--;
++	if (f->num_members == 0)
++		__dev_remove_pack(&f->prot_hook);
+ 	spin_unlock(&f->lock);
+ }
+ 
+@@ -1619,6 +1623,7 @@ static void fanout_release_data(struct packet_fanout *f)
+ 
+ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ {
++	struct packet_rollover *rollover = NULL;
+ 	struct packet_sock *po = pkt_sk(sk);
+ 	struct packet_fanout *f, *match;
+ 	u8 type = type_flags & 0xff;
+@@ -1641,23 +1646,28 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ 		return -EINVAL;
+ 	}
+ 
++	mutex_lock(&fanout_mutex);
++
++	err = -EINVAL;
+ 	if (!po->running)
+-		return -EINVAL;
++		goto out;
+ 
++	err = -EALREADY;
+ 	if (po->fanout)
+-		return -EALREADY;
++		goto out;
+ 
+ 	if (type == PACKET_FANOUT_ROLLOVER ||
+ 	    (type_flags & PACKET_FANOUT_FLAG_ROLLOVER)) {
+-		po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
+-		if (!po->rollover)
+-			return -ENOMEM;
+-		atomic_long_set(&po->rollover->num, 0);
+-		atomic_long_set(&po->rollover->num_huge, 0);
+-		atomic_long_set(&po->rollover->num_failed, 0);
++		err = -ENOMEM;
++		rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
++		if (!rollover)
++			goto out;
++		atomic_long_set(&rollover->num, 0);
++		atomic_long_set(&rollover->num_huge, 0);
++		atomic_long_set(&rollover->num_failed, 0);
++		po->rollover = rollover;
+ 	}
+ 
+-	mutex_lock(&fanout_mutex);
+ 	match = NULL;
+ 	list_for_each_entry(f, &fanout_list, list) {
+ 		if (f->id == id &&
+@@ -1687,7 +1697,6 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ 		match->prot_hook.func = packet_rcv_fanout;
+ 		match->prot_hook.af_packet_priv = match;
+ 		match->prot_hook.id_match = match_fanout_group;
+-		dev_add_pack(&match->prot_hook);
+ 		list_add(&match->list, &fanout_list);
+ 	}
+ 	err = -EINVAL;
+@@ -1704,36 +1713,40 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ 		}
+ 	}
+ out:
+-	mutex_unlock(&fanout_mutex);
+-	if (err) {
+-		kfree(po->rollover);
++	if (err && rollover) {
++		kfree(rollover);
+ 		po->rollover = NULL;
+ 	}
++	mutex_unlock(&fanout_mutex);
+ 	return err;
+ }
+ 
+-static void fanout_release(struct sock *sk)
++/* If pkt_sk(sk)->fanout->sk_ref is zero, this function removes
++ * pkt_sk(sk)->fanout from fanout_list and returns pkt_sk(sk)->fanout.
++ * It is the responsibility of the caller to call fanout_release_data() and
++ * free the returned packet_fanout (after synchronize_net())
++ */
++static struct packet_fanout *fanout_release(struct sock *sk)
+ {
+ 	struct packet_sock *po = pkt_sk(sk);
+ 	struct packet_fanout *f;
+ 
++	mutex_lock(&fanout_mutex);
+ 	f = po->fanout;
+-	if (!f)
+-		return;
++	if (f) {
++		po->fanout = NULL;
+ 
+-	mutex_lock(&fanout_mutex);
+-	po->fanout = NULL;
++		if (atomic_dec_and_test(&f->sk_ref))
++			list_del(&f->list);
++		else
++			f = NULL;
+ 
+-	if (atomic_dec_and_test(&f->sk_ref)) {
+-		list_del(&f->list);
+-		dev_remove_pack(&f->prot_hook);
+-		fanout_release_data(f);
+-		kfree(f);
++		if (po->rollover)
++			kfree_rcu(po->rollover, rcu);
+ 	}
+ 	mutex_unlock(&fanout_mutex);
+ 
+-	if (po->rollover)
+-		kfree_rcu(po->rollover, rcu);
++	return f;
+ }
+ 
+ static bool packet_extra_vlan_len_allowed(const struct net_device *dev,
+@@ -2965,6 +2978,7 @@ static int packet_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+ 	struct packet_sock *po;
++	struct packet_fanout *f;
+ 	struct net *net;
+ 	union tpacket_req_u req_u;
+ 
+@@ -3004,9 +3018,14 @@ static int packet_release(struct socket *sock)
+ 		packet_set_ring(sk, &req_u, 1, 1);
+ 	}
+ 
+-	fanout_release(sk);
++	f = fanout_release(sk);
+ 
+ 	synchronize_net();
++
++	if (f) {
++		fanout_release_data(f);
++		kfree(f);
++	}
+ 	/*
+ 	 *	Now the socket is dead. No more input will appear.
+ 	 */
+@@ -3958,7 +3977,6 @@ static int packet_notifier(struct notifier_block *this,
+ 				}
+ 				if (msg == NETDEV_UNREGISTER) {
+ 					packet_cached_dev_reset(po);
+-					fanout_release(sk);
+ 					po->ifindex = -1;
+ 					if (po->prot_hook.dev)
+ 						dev_put(po->prot_hook.dev);
+diff --git a/net/socket.c b/net/socket.c
+index 73dc69f..6bbccf0 100644
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -2197,8 +2197,10 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
+ 		return err;
+ 
+ 	err = sock_error(sock->sk);
+-	if (err)
++	if (err) {
++		datagrams = err;
+ 		goto out_put;
++	}
+ 
+ 	entry = mmsg;
+ 	compat_entry = (struct compat_mmsghdr __user *)mmsg;
diff --git a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
index ce908bf..c9d116e 100644
--- a/4.9.12/4420_grsecurity-3.1-4.9.12-201702231830.patch
+++ b/4.9.13/4420_grsecurity-3.1-4.9.13-201702270729.patch
@@ -310,10 +310,10 @@ index 9b9c479..5a635ff 100644
  	A typical pattern in a Kbuild file looks like this:
  
 diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 922dec8..a45d4a2 100644
+index 65b05ba..725a42a 100644
 --- a/Documentation/kernel-parameters.txt
 +++ b/Documentation/kernel-parameters.txt
-@@ -1422,6 +1422,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1426,6 +1426,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
  			[KNL] Should the hard-lockup detector generate
  			backtraces on all cpus.
  			Format: <integer>
@@ -326,7 +326,7 @@ index 922dec8..a45d4a2 100644
  
  	hashdist=	[KNL,NUMA] Large hashes allocated during boot
  			are distributed across NUMA nodes.  Defaults on
-@@ -2651,6 +2657,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2655,6 +2661,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
  			noexec=on: enable non-executable mappings (default)
  			noexec=off: disable non-executable mappings
  
@@ -337,7 +337,7 @@ index 922dec8..a45d4a2 100644
  	nosmap		[X86]
  			Disable SMAP (Supervisor Mode Access Prevention)
  			even if it is supported by processor.
-@@ -2959,6 +2969,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -2963,6 +2973,35 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
  			the specified number of seconds.  This is to be used if
  			your oopses keep scrolling off the screen.
  
@@ -419,7 +419,7 @@ index 3d0ae15..84e5412 100644
        cmd_syscalls = $(CONFIG_SHELL) $< $(CC) $(c_flags) $(missing_syscalls_flags)
  
 diff --git a/Makefile b/Makefile
-index 3cd6f6f..43e4233 100644
+index 14dc275..3ff2e6b 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -302,7 +302,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -30243,10 +30243,10 @@ index 06eb322..ca545b8 100644
 +EXPORT_SYMBOL(pax_check_alloca);
 +#endif
 diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index 36cf1a4..046b56f 100644
+index 36cf1a4..f3362b0 100644
 --- a/arch/x86/kernel/dumpstack_64.c
 +++ b/arch/x86/kernel/dumpstack_64.c
-@@ -237,8 +237,42 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -237,8 +237,41 @@ int is_valid_bugaddr(unsigned long ip)
  {
  	unsigned short ud2;
  
@@ -30274,7 +30274,6 @@ index 36cf1a4..046b56f 100644
 +
 +	case STACK_TYPE_IRQ:
 +		stack_left = sp & (IRQ_STACK_SIZE - 1);
-+		put_cpu();
 +		break;
 +
 +	case STACK_TYPE_EXCEPTION ... STACK_TYPE_EXCEPTION_LAST:
@@ -70084,10 +70083,10 @@ index 95cf1d8..b2a00f6 100644
  };
  
 diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 0fafaa9..0227536 100644
+index d4f495b..9b39d92 100644
 --- a/drivers/net/vxlan.c
 +++ b/drivers/net/vxlan.c
-@@ -3193,7 +3193,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
+@@ -3195,7 +3195,7 @@ static struct net *vxlan_get_link_net(const struct net_device *dev)
  	return vxlan->net;
  }
  
@@ -70096,7 +70095,7 @@ index 0fafaa9..0227536 100644
  	.kind		= "vxlan",
  	.maxtype	= IFLA_VXLAN_MAX,
  	.policy		= vxlan_policy,
-@@ -3277,7 +3277,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
+@@ -3279,7 +3279,7 @@ static int vxlan_netdevice_event(struct notifier_block *unused,
  	return NOTIFY_DONE;
  }
  
@@ -85235,7 +85234,7 @@ index a260cde..c395165 100644
  /* This is only available if kgdboc is a built in for early debugging */
  static int __init kgdboc_early_init(char *opt)
 diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c
-index 7312e7e..0a0f8b6 100644
+index 6788e75..16f20c5 100644
 --- a/drivers/tty/serial/msm_serial.c
 +++ b/drivers/tty/serial/msm_serial.c
 @@ -1726,7 +1726,7 @@ static struct uart_driver msm_uart_driver = {
@@ -86804,7 +86803,7 @@ index 460cebf..eb16bb4 100644
  
  int
 diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
-index 8967715..4a3791b 100644
+index b6f1ade..fb83f15 100644
 --- a/drivers/usb/serial/console.c
 +++ b/drivers/usb/serial/console.c
 @@ -126,7 +126,7 @@ static int usb_console_setup(struct console *co, char *options)
@@ -86816,7 +86815,7 @@ index 8967715..4a3791b 100644
  	if (!tty_port_initialized(&port->port)) {
  		if (serial->type->set_termios) {
  			/*
-@@ -172,7 +172,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -173,7 +173,7 @@ static int usb_console_setup(struct console *co, char *options)
  	}
  	/* Now that any required fake tty operations are completed restore
  	 * the tty port count */
@@ -86825,7 +86824,7 @@ index 8967715..4a3791b 100644
  	/* The console is special in terms of closing the device so
  	 * indicate this port is now acting as a system console. */
  	port->port.console = 1;
-@@ -184,7 +184,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -185,7 +185,7 @@ static int usb_console_setup(struct console *co, char *options)
  	tty_port_tty_set(&port->port, NULL);
  	tty_kref_put(tty);
   reset_open_count:
@@ -86834,7 +86833,7 @@ index 8967715..4a3791b 100644
  	usb_autopm_put_interface(serial->interface);
   error_get_interface:
  	usb_serial_put(serial);
-@@ -195,7 +195,7 @@ static int usb_console_setup(struct console *co, char *options)
+@@ -196,7 +196,7 @@ static int usb_console_setup(struct console *co, char *options)
  static void usb_console_write(struct console *co,
  					const char *buf, unsigned count)
  {
@@ -156652,7 +156651,7 @@ index afcc550..ed3f097 100644
  	depends on !KMEMCHECK
  	select PAGE_EXTENSION
 diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 8fde443..a8cc381 100644
+index 6ff2d77..0452af3 100644
 --- a/mm/backing-dev.c
 +++ b/mm/backing-dev.c
 @@ -12,7 +12,7 @@
@@ -156664,7 +156663,7 @@ index 8fde443..a8cc381 100644
  
  struct backing_dev_info noop_backing_dev_info = {
  	.name		= "noop",
-@@ -898,7 +898,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
+@@ -903,7 +903,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name)
  		return err;
  
  	err = bdi_register(bdi, NULL, "%.28s-%ld", name,
@@ -164068,7 +164067,7 @@ index 18e8893..82936b2 100644
  			fle->object = flo;
  		else
 diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 2ae929f..fc8150d 100644
+index 9901e5b..0b38f5b 100644
 --- a/net/core/neighbour.c
 +++ b/net/core/neighbour.c
 @@ -860,7 +860,7 @@ static void neigh_probe(struct neighbour *neigh)
@@ -164143,7 +164142,7 @@ index 2ae929f..fc8150d 100644
  
  	tmp.extra1 = &zero;
  	tmp.extra2 = &unres_qlen_max;
-@@ -2936,7 +2936,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
+@@ -2937,7 +2937,7 @@ static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write,
  					   void __user *buffer,
  					   size_t *lenp, loff_t *ppos)
  {
@@ -164825,20 +164824,6 @@ index 0df2aa6..7db59f7 100644
  	.init = sysctl_core_net_init,
  	.exit = sysctl_core_net_exit,
  };
-diff --git a/net/dccp/input.c b/net/dccp/input.c
-index ba34718..8fedc2d 100644
---- a/net/dccp/input.c
-+++ b/net/dccp/input.c
-@@ -606,7 +606,8 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
- 			if (inet_csk(sk)->icsk_af_ops->conn_request(sk,
- 								    skb) < 0)
- 				return 1;
--			goto discard;
-+			consume_skb(skb);
-+			return 0;
- 		}
- 		if (dh->dccph_type == DCCP_PKT_RESET)
- 			goto discard;
 diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
 index 13d6b1a..eaa0cee 100644
 --- a/net/decnet/af_decnet.c
@@ -165513,7 +165498,7 @@ index d6feabb..9cb3988 100644
  						  ICMP_PROT_UNREACH, 0);
  				}
 diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
-index 65336f3..3c7e4b7 100644
+index 9826695..84ffcbb 100644
 --- a/net/ipv4/ip_sockglue.c
 +++ b/net/ipv4/ip_sockglue.c
 @@ -1342,7 +1342,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
@@ -169057,7 +169042,7 @@ index da9df2d..d8f3df4 100644
  	table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
-index 7341adf..0c5cfd3 100644
+index 6dc44d9..6ccf1a3 100644
 --- a/net/netfilter/nf_conntrack_helper.c
 +++ b/net/netfilter/nf_conntrack_helper.c
 @@ -57,7 +57,7 @@ static struct ctl_table helper_sysctl_table[] = {
@@ -169942,7 +169927,7 @@ index 7eb955e..479c9a6 100644
  
  static int __init ovs_vxlan_tnl_init(void)
 diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index 458722b..5852eae 100644
+index 34de326..071ac96 100644
 --- a/net/packet/af_packet.c
 +++ b/net/packet/af_packet.c
 @@ -278,7 +278,7 @@ static int packet_direct_xmit(struct sk_buff *skb)
@@ -169975,20 +169960,20 @@ index 458722b..5852eae 100644
  	return idx;
  }
  
-@@ -1652,9 +1652,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
- 		po->rollover = kzalloc(sizeof(*po->rollover), GFP_KERNEL);
- 		if (!po->rollover)
- 			return -ENOMEM;
--		atomic_long_set(&po->rollover->num, 0);
--		atomic_long_set(&po->rollover->num_huge, 0);
--		atomic_long_set(&po->rollover->num_failed, 0);
-+		atomic_long_set_unchecked(&po->rollover->num, 0);
-+		atomic_long_set_unchecked(&po->rollover->num_huge, 0);
-+		atomic_long_set_unchecked(&po->rollover->num_failed, 0);
+@@ -1662,9 +1662,9 @@ static int fanout_add(struct sock *sk, u16 id, u16 type_flags)
+ 		rollover = kzalloc(sizeof(*rollover), GFP_KERNEL);
+ 		if (!rollover)
+ 			goto out;
+-		atomic_long_set(&rollover->num, 0);
+-		atomic_long_set(&rollover->num_huge, 0);
+-		atomic_long_set(&rollover->num_failed, 0);
++		atomic_long_set_unchecked(&rollover->num, 0);
++		atomic_long_set_unchecked(&rollover->num_huge, 0);
++		atomic_long_set_unchecked(&rollover->num_failed, 0);
+ 		po->rollover = rollover;
  	}
  
- 	mutex_lock(&fanout_mutex);
-@@ -2106,7 +2106,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -2119,7 +2119,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
  	is_drop_n_account = true;
  	spin_lock(&sk->sk_receive_queue.lock);
  	po->stats.stats1.tp_drops++;
@@ -169997,7 +169982,7 @@ index 458722b..5852eae 100644
  	spin_unlock(&sk->sk_receive_queue.lock);
  
  drop_n_restore:
-@@ -3848,7 +3848,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3867,7 +3867,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
  	case PACKET_HDRLEN:
  		if (len > sizeof(int))
  			len = sizeof(int);
@@ -170006,7 +169991,7 @@ index 458722b..5852eae 100644
  			return -EFAULT;
  		switch (val) {
  		case TPACKET_V1:
-@@ -3883,9 +3883,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3902,9 +3902,9 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
  	case PACKET_ROLLOVER_STATS:
  		if (!po->rollover)
  			return -EINVAL;
@@ -170019,7 +170004,7 @@ index 458722b..5852eae 100644
  		data = &rstats;
  		lv = sizeof(rstats);
  		break;
-@@ -3903,7 +3903,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3922,7 +3922,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
  		len = lv;
  	if (put_user(len, optlen))
  		return -EFAULT;
@@ -170648,7 +170633,7 @@ index daf8554..4ab495b 100644
  
  	table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
 diff --git a/net/socket.c b/net/socket.c
-index 73dc69f..ca77f2f 100644
+index 6bbccf0..1991a22 100644
 --- a/net/socket.c
 +++ b/net/socket.c
 @@ -89,6 +89,7 @@
@@ -170867,7 +170852,7 @@ index 73dc69f..ca77f2f 100644
  
  	/* user mode address pointers */
  	struct sockaddr __user *uaddr;
-@@ -2733,7 +2798,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
+@@ -2735,7 +2800,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
  	ifr = compat_alloc_user_space(buf_size);
  	rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
  
@@ -170876,7 +170861,7 @@ index 73dc69f..ca77f2f 100644
  		return -EFAULT;
  
  	if (put_user(convert_in ? rxnfc : compat_ptr(data),
-@@ -2844,7 +2909,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2846,7 +2911,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
  		old_fs = get_fs();
  		set_fs(KERNEL_DS);
  		err = dev_ioctl(net, cmd,
@@ -170885,7 +170870,7 @@ index 73dc69f..ca77f2f 100644
  		set_fs(old_fs);
  
  		return err;
-@@ -2937,7 +3002,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -2939,7 +3004,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
  
  	old_fs = get_fs();
  	set_fs(KERNEL_DS);
@@ -170894,7 +170879,7 @@ index 73dc69f..ca77f2f 100644
  	set_fs(old_fs);
  
  	if (cmd == SIOCGIFMAP && !err) {
-@@ -3021,7 +3086,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3023,7 +3088,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
  		ret |= get_user(rtdev, &(ur4->rt_dev));
  		if (rtdev) {
  			ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -170903,7 +170888,7 @@ index 73dc69f..ca77f2f 100644
  			devname[15] = 0;
  		} else
  			r4.rt_dev = NULL;
-@@ -3248,8 +3313,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3250,8 +3315,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
  	int __user *uoptlen;
  	int err;
  
@@ -170914,7 +170899,7 @@ index 73dc69f..ca77f2f 100644
  
  	set_fs(KERNEL_DS);
  	if (level == SOL_SOCKET)
-@@ -3269,7 +3334,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3271,7 +3336,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
  	char __user *uoptval;
  	int err;
  
@@ -193078,10 +193063,10 @@ index 0000000..74e91b2
 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/e_fields.data b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
 new file mode 100644
-index 0000000..1181e93
+index 0000000..0928e48
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/e_fields.data
-@@ -0,0 +1,16321 @@
+@@ -0,0 +1,16326 @@
 +recv_ctrl_pipe_us_data_0_fields recv_ctrl_pipe us_data 0 0 NULL
 +__earlyonly_bootmem_alloc_fndecl_3_fields __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
 +size_ttm_mem_reg_8_fields size ttm_mem_reg 0 8 NULL
@@ -193956,6 +193941,7 @@ index 0000000..1181e93
 +xfer_len_nvme_trans_io_cdb_3486_fields xfer_len nvme_trans_io_cdb 0 3486 NULL
 +from_dio_submit_3494_fields from dio_submit 0 3494 NULL
 +hs_bkt_bits_cfs_hash_3509_fields hs_bkt_bits cfs_hash 0 3509 NULL
++statesize_hash_alg_common_3517_fields statesize hash_alg_common 0 3517 NULL
 +gru_vtop_fndecl_3522_fields gru_vtop fndecl 2 3522 NULL
 +cipso_v4_gentag_rng_fndecl_3532_fields cipso_v4_gentag_rng fndecl 0 3532 NULL
 +cl_out_max_entry_size_mvumi_hs_page1_3540_fields cl_out_max_entry_size mvumi_hs_page1 0 3540 NULL
@@ -194562,6 +194548,7 @@ index 0000000..1181e93
 +dmi_len_vardecl_dmi_scan_c_6054_fields dmi_len vardecl_dmi_scan.c 0 6054 NULL nohasharray
 +ext4_inode_table_fndecl_6054_fields ext4_inode_table fndecl 0 6054 &dmi_len_vardecl_dmi_scan_c_6054_fields
 +map_base_tpm_inf_dev_6056_fields map_base tpm_inf_dev 0 6056 NULL
++reqsize_kpp_alg_6064_fields reqsize kpp_alg 0 6064 NULL
 +length_hci_ev_le_advertising_info_6074_fields length hci_ev_le_advertising_info 0 6074 NULL
 +elog_len_extlog_l1_head_6075_fields elog_len extlog_l1_head 0 6075 NULL
 +ioctx_alloc_fndecl_6081_fields ioctx_alloc fndecl 1 6081 NULL
@@ -195113,7 +195100,8 @@ index 0000000..1181e93
 +datablklen_capi_register_params_8275_fields datablklen capi_register_params 0 8275 NULL
 +cdc_ncm_check_tx_max_fndecl_8278_fields cdc_ncm_check_tx_max fndecl 0-2 8278 NULL
 +msg_len_rndis_message_8281_fields msg_len rndis_message 0 8281 NULL
-+__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL
++__sg_free_table_fndecl_8283_fields __sg_free_table fndecl 2 8283 NULL nohasharray
++expectedlen_drbg_testvec_8283_fields expectedlen drbg_testvec 0 8283 &__sg_free_table_fndecl_8283_fields
 +rxrpc_kernel_recv_data_fndecl_8286_fields rxrpc_kernel_recv_data fndecl 4 8286 NULL
 +tail_len_cfg80211_beacon_data_8293_fields tail_len cfg80211_beacon_data 0 8293 NULL
 +ns_blocks_per_segment_the_nilfs_8295_fields ns_blocks_per_segment the_nilfs 0 8295 NULL nohasharray
@@ -204534,6 +204522,7 @@ index 0000000..1181e93
 +ecc_strength_ds_nand_chip_45651_fields ecc_strength_ds nand_chip 0 45651 NULL
 +inftl_writeblock_fndecl_45653_fields inftl_writeblock fndecl 2 45653 NULL
 +size_core_name_45656_fields size core_name 0 45656 NULL
++b_public_size_kpp_testvec_45660_fields b_public_size kpp_testvec 0 45660 NULL
 +blockmask_alauda_media_info_45662_fields blockmask alauda_media_info 0 45662 NULL
 +dmi_base_vardecl_dmi_scan_c_45673_fields dmi_base vardecl_dmi_scan.c 0 45673 NULL
 +_snd_pcm_hw_param_min_fndecl_45677_fields _snd_pcm_hw_param_min fndecl 3 45677 NULL
@@ -207995,6 +207984,7 @@ index 0000000..1181e93
 +fq_resize_fndecl_59744_fields fq_resize fndecl 2 59744 &ocfs2_read_dx_leaves_fndecl_59744_fields
 +nx_fw_cmd_set_phy_fndecl_59745_fields nx_fw_cmd_set_phy fndecl 3 59745 NULL
 +mt_count_mtop_59746_fields mt_count mtop 0 59746 NULL
++seedsize_rng_alg_59748_fields seedsize rng_alg 0 59748 NULL
 +xlog_write_calc_vec_length_fndecl_59749_fields xlog_write_calc_vec_length fndecl 0 59749 NULL
 +request_size_afs_call_59750_fields request_size afs_call 0 59750 NULL
 +addr_phys_netup_dma_59759_fields addr_phys netup_dma 0 59759 NULL
@@ -225700,7 +225690,7 @@ index 0a578fe..b81f62d 100644
  })
  
 diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 7f9ee29..39268bd 100644
+index 7f9ee29..1dccca1 100644
 --- a/virt/kvm/kvm_main.c
 +++ b/virt/kvm/kvm_main.c
 @@ -93,12 +93,17 @@ LIST_HEAD(vm_list);
@@ -225723,7 +225713,18 @@ index 7f9ee29..39268bd 100644
  
  struct dentry *kvm_debugfs_dir;
  EXPORT_SYMBOL_GPL(kvm_debugfs_dir);
-@@ -911,7 +916,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -572,6 +577,10 @@ static int kvm_create_vm_debugfs(struct kvm *kvm, int fd)
+ 	struct kvm_stat_data *stat_data;
+ 	struct kvm_stats_debugfs_item *p;
+ 
++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT
++	return 0;
++#endif
++
+ 	if (!debugfs_initialized())
+ 		return 0;
+ 
+@@ -911,7 +920,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
  	/* We can read the guest memory with __xxx_user() later on. */
  	if ((id < KVM_USER_MEM_SLOTS) &&
  	    ((mem->userspace_addr & (PAGE_SIZE - 1)) ||
@@ -225732,7 +225733,7 @@ index 7f9ee29..39268bd 100644
  			(void __user *)(unsigned long)mem->userspace_addr,
  			mem->memory_size)))
  		goto out;
-@@ -2025,9 +2030,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+@@ -2025,9 +2034,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
  
  int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
  {
@@ -225752,7 +225753,7 @@ index 7f9ee29..39268bd 100644
  }
  EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
  
-@@ -2379,7 +2392,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -2379,7 +2396,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
  	return 0;
  }
  
@@ -225761,7 +225762,7 @@ index 7f9ee29..39268bd 100644
  	.release        = kvm_vcpu_release,
  	.unlocked_ioctl = kvm_vcpu_ioctl,
  #ifdef CONFIG_KVM_COMPAT
-@@ -3144,7 +3157,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
+@@ -3144,7 +3161,7 @@ static long kvm_vm_compat_ioctl(struct file *filp,
  }
  #endif
  
@@ -225770,21 +225771,7 @@ index 7f9ee29..39268bd 100644
  	.release        = kvm_vm_release,
  	.unlocked_ioctl = kvm_vm_ioctl,
  #ifdef CONFIG_KVM_COMPAT
-@@ -3181,11 +3194,13 @@ static int kvm_dev_ioctl_create_vm(unsigned long type)
- 		return PTR_ERR(file);
- 	}
- 
-+#ifndef CONFIG_GRKERNSEC_SYSFS_RESTRICT
- 	if (kvm_create_vm_debugfs(kvm, r) < 0) {
- 		put_unused_fd(r);
- 		fput(file);
- 		return -ENOMEM;
- 	}
-+#endif
- 
- 	fd_install(r, file);
- 	return r;
-@@ -3231,7 +3246,7 @@ static long kvm_dev_ioctl(struct file *filp,
+@@ -3231,7 +3248,7 @@ static long kvm_dev_ioctl(struct file *filp,
  	return r;
  }
  
@@ -225793,7 +225780,7 @@ index 7f9ee29..39268bd 100644
  	.unlocked_ioctl = kvm_dev_ioctl,
  	.compat_ioctl   = kvm_dev_ioctl,
  	.llseek		= noop_llseek,
-@@ -3257,7 +3272,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -3257,7 +3274,7 @@ static void hardware_enable_nolock(void *junk)
  
  	if (r) {
  		cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -225802,7 +225789,7 @@ index 7f9ee29..39268bd 100644
  		pr_info("kvm: enabling virtualization on CPU%d failed\n", cpu);
  	}
  }
-@@ -3314,10 +3329,10 @@ static int hardware_enable_all(void)
+@@ -3314,10 +3331,10 @@ static int hardware_enable_all(void)
  
  	kvm_usage_count++;
  	if (kvm_usage_count == 1) {
@@ -225815,7 +225802,7 @@ index 7f9ee29..39268bd 100644
  			hardware_disable_all_nolock();
  			r = -EBUSY;
  		}
-@@ -3877,8 +3892,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3877,8 +3894,9 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  	/* A kmem cache lets us meet the alignment requirements of fx_save. */
  	if (!vcpu_align)
  		vcpu_align = __alignof__(struct kvm_vcpu);
@@ -225827,7 +225814,7 @@ index 7f9ee29..39268bd 100644
  	if (!kvm_vcpu_cache) {
  		r = -ENOMEM;
  		goto out_free_3;
-@@ -3888,9 +3904,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3888,9 +3906,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  	if (r)
  		goto out_free;
  
@@ -225839,7 +225826,7 @@ index 7f9ee29..39268bd 100644
  
  	r = misc_register(&kvm_dev);
  	if (r) {
-@@ -3900,9 +3918,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3900,9 +3920,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
  
  	register_syscore_ops(&kvm_syscore_ops);
  
diff --git a/4.9.12/4425_grsec_remove_EI_PAX.patch b/4.9.13/4425_grsec_remove_EI_PAX.patch
index 594598a..594598a 100644
--- a/4.9.12/4425_grsec_remove_EI_PAX.patch
+++ b/4.9.13/4425_grsec_remove_EI_PAX.patch
diff --git a/4.9.12/4426_default_XATTR_PAX_FLAGS.patch b/4.9.13/4426_default_XATTR_PAX_FLAGS.patch
index f7e97b5..f7e97b5 100644
--- a/4.9.12/4426_default_XATTR_PAX_FLAGS.patch
+++ b/4.9.13/4426_default_XATTR_PAX_FLAGS.patch
diff --git a/4.9.12/4427_force_XATTR_PAX_tmpfs.patch b/4.9.13/4427_force_XATTR_PAX_tmpfs.patch
index 3871139..3871139 100644
--- a/4.9.12/4427_force_XATTR_PAX_tmpfs.patch
+++ b/4.9.13/4427_force_XATTR_PAX_tmpfs.patch
diff --git a/4.9.12/4430_grsec-remove-localversion-grsec.patch b/4.9.13/4430_grsec-remove-localversion-grsec.patch
index 31cf878..31cf878 100644
--- a/4.9.12/4430_grsec-remove-localversion-grsec.patch
+++ b/4.9.13/4430_grsec-remove-localversion-grsec.patch
diff --git a/4.9.12/4435_grsec-mute-warnings.patch b/4.9.13/4435_grsec-mute-warnings.patch
index 8929222..8929222 100644
--- a/4.9.12/4435_grsec-mute-warnings.patch
+++ b/4.9.13/4435_grsec-mute-warnings.patch
diff --git a/4.9.12/4440_grsec-remove-protected-paths.patch b/4.9.13/4440_grsec-remove-protected-paths.patch
index 741546d..741546d 100644
--- a/4.9.12/4440_grsec-remove-protected-paths.patch
+++ b/4.9.13/4440_grsec-remove-protected-paths.patch
diff --git a/4.9.12/4450_grsec-kconfig-default-gids.patch b/4.9.13/4450_grsec-kconfig-default-gids.patch
index cee6e27..cee6e27 100644
--- a/4.9.12/4450_grsec-kconfig-default-gids.patch
+++ b/4.9.13/4450_grsec-kconfig-default-gids.patch
diff --git a/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch b/4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
index 06a5294..06a5294 100644
--- a/4.9.12/4465_selinux-avc_audit-log-curr_ip.patch
+++ b/4.9.13/4465_selinux-avc_audit-log-curr_ip.patch
diff --git a/4.9.12/4470_disable-compat_vdso.patch b/4.9.13/4470_disable-compat_vdso.patch
index a1401d8..a1401d8 100644
--- a/4.9.12/4470_disable-compat_vdso.patch
+++ b/4.9.13/4470_disable-compat_vdso.patch
diff --git a/4.9.12/4475_emutramp_default_on.patch b/4.9.13/4475_emutramp_default_on.patch
index feb8c7b..feb8c7b 100644
--- a/4.9.12/4475_emutramp_default_on.patch
+++ b/4.9.13/4475_emutramp_default_on.patch