diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-08-28 23:49:37 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-08-28 23:49:37 -0400 |
commit | faf75b3fcbabeaab23af0a979389878c0f945e36 (patch) | |
tree | c2d31c721129b18212111fb0b6196c3aad9d699a /2.6.32 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208241943 (diff) | |
download | hardened-patchset-faf75b3fcbabeaab23af0a979389878c0f945e36.tar.gz hardened-patchset-faf75b3fcbabeaab23af0a979389878c0f945e36.tar.bz2 hardened-patchset-faf75b3fcbabeaab23af0a979389878c0f945e36.zip |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208271906
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch) | 380 |
2 files changed, 233 insertions, 149 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 9c19fa1..16680e5 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch index da02455..63a8206 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch @@ -4802,6 +4802,26 @@ index b97c2d6..dd01a6a 100644 } return error; } +diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c +index 3370e62..527c659 100644 +--- a/arch/powerpc/kernel/syscalls.c ++++ b/arch/powerpc/kernel/syscalls.c +@@ -201,11 +201,11 @@ long ppc64_personality(unsigned long personality) + long ret; + + if (personality(current->personality) == PER_LINUX32 +- && personality == PER_LINUX) +- personality = PER_LINUX32; ++ && personality(personality) == PER_LINUX) ++ personality = (personality & ~PER_MASK) | PER_LINUX32; + ret = sys_personality(personality); +- if (ret == PER_LINUX32) +- ret = PER_LINUX; ++ if (personality(ret) == PER_LINUX32) ++ ret = (ret & ~PER_MASK) | PER_LINUX; + return ret; + } + #endif diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 6f0ae1a..e4b6a56 100644 --- a/arch/powerpc/kernel/traps.c @@ -9657,7 +9677,7 @@ index 588a7aa..a3468b0 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 4edd8eb..29124b4 100644 +index 4edd8eb..273579e 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -13,7 +13,9 @@ @@ -9716,7 +9736,7 @@ index 4edd8eb..29124b4 100644 movl %ebp,%ebp /* zero extension */ pushq $__USER32_DS CFI_ADJUST_CFA_OFFSET 8 -@@ -135,28 +157,42 @@ ENTRY(ia32_sysenter_target) +@@ -135,28 +157,47 @@ ENTRY(ia32_sysenter_target) pushfq CFI_ADJUST_CFA_OFFSET 8 /*CFI_REL_OFFSET rflags,0*/ @@ -9739,6 +9759,11 @@ index 4edd8eb..29124b4 100644 cld SAVE_ARGS 0,0,1 + pax_enter_kernel_user ++ ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ + /* + * No need to follow this irqs on/off section: the syscall + * disabled irqs, here we enable it straight after entry: @@ -9765,7 +9790,7 @@ index 4edd8eb..29124b4 100644 CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -166,13 +202,15 @@ sysenter_do_call: +@@ -166,13 +207,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -9784,7 +9809,7 @@ index 4edd8eb..29124b4 100644 /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -200,6 +238,9 @@ sysexit_from_sys_call: +@@ -200,6 +243,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call audit_syscall_entry @@ -9794,7 +9819,7 @@ index 4edd8eb..29124b4 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -211,7 +252,7 @@ sysexit_from_sys_call: +@@ -211,7 +257,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -9803,7 +9828,7 @@ index 4edd8eb..29124b4 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON sti -@@ -221,12 +262,12 @@ sysexit_from_sys_call: +@@ -221,12 +267,12 @@ sysexit_from_sys_call: movzbl %al,%edi /* zero-extend that into %edi */ inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ call audit_syscall_exit @@ -9818,7 +9843,7 @@ index 4edd8eb..29124b4 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -244,7 +285,7 @@ sysexit_audit: +@@ -244,7 +290,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -9827,17 +9852,17 @@ index 4edd8eb..29124b4 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -252,6 +293,9 @@ sysenter_tracesys: - movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ - movq %rsp,%rdi /* &pt_regs -> arg1 */ - call syscall_trace_enter +@@ -256,6 +302,9 @@ sysenter_tracesys: + RESTORE_REST + cmpq $(IA32_NR_syscalls-1),%rax + ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ + + pax_erase_kstack + - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ - RESTORE_REST - cmpq $(IA32_NR_syscalls-1),%rax -@@ -283,19 +327,20 @@ ENDPROC(ia32_sysenter_target) + jmp sysenter_do_call + CFI_ENDPROC + ENDPROC(ia32_sysenter_target) +@@ -283,19 +332,25 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -9851,6 +9876,11 @@ index 4edd8eb..29124b4 100644 movq PER_CPU_VAR(kernel_stack),%rsp + SAVE_ARGS 8*6,1,1 + pax_enter_kernel_user ++ ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ /* * No need to follow this irqs on/off section: the syscall * disabled irqs and here we enable it straight after entry: @@ -9860,7 +9890,7 @@ index 4edd8eb..29124b4 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -311,13 +356,19 @@ ENTRY(ia32_cstar_target) +@@ -311,13 +366,19 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -9883,7 +9913,7 @@ index 4edd8eb..29124b4 100644 CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -327,13 +378,15 @@ cstar_do_call: +@@ -327,13 +388,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -9902,7 +9932,7 @@ index 4edd8eb..29124b4 100644 RESTORE_ARGS 1,-ARG_SKIP,1,1,1 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -361,7 +414,7 @@ sysretl_audit: +@@ -361,7 +424,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -9911,17 +9941,17 @@ index 4edd8eb..29124b4 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -370,6 +423,9 @@ cstar_tracesys: - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ - movq %rsp,%rdi /* &pt_regs -> arg1 */ - call syscall_trace_enter +@@ -375,6 +438,9 @@ cstar_tracesys: + xchgl %ebp,%r9d + cmpq $(IA32_NR_syscalls-1),%rax + ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ + + pax_erase_kstack + - LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ - RESTORE_REST - xchgl %ebp,%r9d -@@ -415,11 +471,6 @@ ENTRY(ia32_syscall) + jmp cstar_do_call + END(ia32_cstar_target) + +@@ -415,11 +481,6 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -9933,7 +9963,7 @@ index 4edd8eb..29124b4 100644 movl %eax,%eax pushq %rax CFI_ADJUST_CFA_OFFSET 8 -@@ -427,9 +478,15 @@ ENTRY(ia32_syscall) +@@ -427,9 +488,20 @@ ENTRY(ia32_syscall) /* note the registers are not zero extended to the sf. this could be a problem. */ SAVE_ARGS 0,0,1 @@ -9941,6 +9971,11 @@ index 4edd8eb..29124b4 100644 - orl $TS_COMPAT,TI_status(%r10) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) + pax_enter_kernel_user ++ ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ + /* + * No need to follow this irqs on/off section: the syscall + * disabled irqs and here we enable it straight after entry: @@ -9952,17 +9987,17 @@ index 4edd8eb..29124b4 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -448,6 +505,9 @@ ia32_tracesys: - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ - movq %rsp,%rdi /* &pt_regs -> arg1 */ - call syscall_trace_enter +@@ -452,6 +524,9 @@ ia32_tracesys: + RESTORE_REST + cmpq $(IA32_NR_syscalls-1),%rax + ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ + + pax_erase_kstack + - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ - RESTORE_REST - cmpq $(IA32_NR_syscalls-1),%rax -@@ -462,6 +522,7 @@ ia32_badsys: + jmp ia32_do_call + END(ia32_syscall) + +@@ -462,6 +537,7 @@ ia32_badsys: quiet_ni_syscall: movq $-ENOSYS,%rax @@ -17126,7 +17161,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index c097e7d..853746c 100644 +index c097e7d..a3f1930 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -95,12 +95,6 @@ @@ -17142,7 +17177,7 @@ index c097e7d..853746c 100644 /* * User gs save/restore * -@@ -185,13 +179,146 @@ +@@ -185,13 +179,153 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -17246,10 +17281,10 @@ index c097e7d..853746c 100644 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +/* + * ebp: thread_info -+ * ecx, edx: can be clobbered + */ +ENTRY(pax_erase_kstack) + pushl %edi ++ pushl %ecx + pushl %eax + + mov TI_lowest_stack(%ebp), %edi @@ -17273,6 +17308,12 @@ index c097e7d..853746c 100644 +2: cld + mov %esp, %ecx + sub %edi, %ecx ++ ++ cmp $THREAD_SIZE_asm, %ecx ++ jb 3f ++ ud2 ++3: ++ + shr $2, %ecx + rep stosl + @@ -17281,6 +17322,7 @@ index c097e7d..853746c 100644 + mov %edi, TI_lowest_stack(%ebp) + + popl %eax ++ popl %ecx + popl %edi + ret +ENDPROC(pax_erase_kstack) @@ -17290,7 +17332,7 @@ index c097e7d..853746c 100644 cld PUSH_GS pushl %fs -@@ -224,7 +351,7 @@ +@@ -224,7 +358,7 @@ pushl %ebx CFI_ADJUST_CFA_OFFSET 4 CFI_REL_OFFSET ebx, 0 @@ -17299,7 +17341,7 @@ index c097e7d..853746c 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -232,6 +359,15 @@ +@@ -232,6 +366,15 @@ SET_KERNEL_GS %edx .endm @@ -17315,7 +17357,7 @@ index c097e7d..853746c 100644 .macro RESTORE_INT_REGS popl %ebx CFI_ADJUST_CFA_OFFSET -4 -@@ -331,7 +467,7 @@ ENTRY(ret_from_fork) +@@ -331,7 +474,7 @@ ENTRY(ret_from_fork) CFI_ADJUST_CFA_OFFSET -4 jmp syscall_exit CFI_ENDPROC @@ -17324,7 +17366,7 @@ index c097e7d..853746c 100644 /* * Return to user mode is not as complex as all this looks, -@@ -347,12 +483,29 @@ ret_from_exception: +@@ -347,12 +490,29 @@ ret_from_exception: preempt_stop(CLBR_ANY) ret_from_intr: GET_THREAD_INFO(%ebp) @@ -17355,7 +17397,7 @@ index c097e7d..853746c 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -364,8 +517,8 @@ ENTRY(resume_userspace) +@@ -364,8 +524,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -17366,7 +17408,7 @@ index c097e7d..853746c 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -380,7 +533,7 @@ need_resched: +@@ -380,7 +540,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -17375,7 +17417,7 @@ index c097e7d..853746c 100644 #endif CFI_ENDPROC -@@ -414,25 +567,36 @@ sysenter_past_esp: +@@ -414,25 +574,36 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -17415,7 +17457,18 @@ index c097e7d..853746c 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -455,12 +619,24 @@ sysenter_do_call: +@@ -441,6 +612,10 @@ sysenter_past_esp: + + GET_THREAD_INFO(%ebp) + ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) + jnz sysenter_audit + sysenter_do_call: +@@ -455,12 +630,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -17440,7 +17493,7 @@ index c097e7d..853746c 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -477,6 +653,9 @@ sysenter_audit: +@@ -477,6 +664,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call audit_syscall_entry @@ -17450,7 +17503,7 @@ index c097e7d..853746c 100644 pushl %ebx CFI_ADJUST_CFA_OFFSET 4 movl PT_EAX(%esp),%eax /* reload syscall number */ -@@ -504,11 +683,17 @@ sysexit_audit: +@@ -504,11 +694,17 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -17470,7 +17523,19 @@ index c097e7d..853746c 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -538,6 +723,15 @@ syscall_exit: +@@ -520,6 +716,11 @@ ENTRY(system_call) + CFI_ADJUST_CFA_OFFSET 4 + SAVE_ALL + GET_THREAD_INFO(%ebp) ++ ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ + # system call tracing in operation / emulation + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) + jnz syscall_trace_entry +@@ -538,6 +739,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -17486,7 +17551,7 @@ index c097e7d..853746c 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -602,10 +796,29 @@ ldt_ss: +@@ -602,10 +812,29 @@ ldt_ss: mov PT_OLDESP(%esp), %eax /* load userspace esp */ mov %dx, %ax /* eax: new kernel esp */ sub %eax, %edx /* offset (low word is 0) */ @@ -17517,7 +17582,7 @@ index c097e7d..853746c 100644 pushl $__ESPFIX_SS CFI_ADJUST_CFA_OFFSET 4 push %eax /* new kernel esp */ -@@ -636,36 +849,30 @@ work_resched: +@@ -636,36 +865,30 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -17559,7 +17624,7 @@ index c097e7d..853746c 100644 # perform syscall exit tracing ALIGN -@@ -673,11 +880,14 @@ syscall_trace_entry: +@@ -673,11 +896,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -17575,7 +17640,7 @@ index c097e7d..853746c 100644 # perform syscall exit tracing ALIGN -@@ -690,20 +900,24 @@ syscall_exit_work: +@@ -690,20 +916,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -17603,7 +17668,7 @@ index c097e7d..853746c 100644 CFI_ENDPROC /* -@@ -726,6 +940,33 @@ PTREGSCALL(rt_sigreturn) +@@ -726,6 +956,33 @@ PTREGSCALL(rt_sigreturn) PTREGSCALL(vm86) PTREGSCALL(vm86old) @@ -17637,7 +17702,7 @@ index c097e7d..853746c 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -735,7 +976,13 @@ PTREGSCALL(vm86old) +@@ -735,7 +992,13 @@ PTREGSCALL(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -17652,7 +17717,7 @@ index c097e7d..853746c 100644 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */ mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */ shl $16, %eax -@@ -793,7 +1040,7 @@ vector=vector+1 +@@ -793,7 +1056,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -17661,7 +17726,7 @@ index c097e7d..853746c 100644 .previous END(interrupt) -@@ -840,7 +1087,7 @@ ENTRY(coprocessor_error) +@@ -840,7 +1103,7 @@ ENTRY(coprocessor_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17670,7 +17735,7 @@ index c097e7d..853746c 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -850,7 +1097,7 @@ ENTRY(simd_coprocessor_error) +@@ -850,7 +1113,7 @@ ENTRY(simd_coprocessor_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17679,7 +17744,7 @@ index c097e7d..853746c 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -860,7 +1107,7 @@ ENTRY(device_not_available) +@@ -860,7 +1123,7 @@ ENTRY(device_not_available) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17688,7 +17753,7 @@ index c097e7d..853746c 100644 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -869,12 +1116,12 @@ ENTRY(native_iret) +@@ -869,12 +1132,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -17703,7 +17768,7 @@ index c097e7d..853746c 100644 #endif ENTRY(overflow) -@@ -885,7 +1132,7 @@ ENTRY(overflow) +@@ -885,7 +1148,7 @@ ENTRY(overflow) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17712,7 +17777,7 @@ index c097e7d..853746c 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -895,7 +1142,7 @@ ENTRY(bounds) +@@ -895,7 +1158,7 @@ ENTRY(bounds) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17721,7 +17786,7 @@ index c097e7d..853746c 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -905,7 +1152,7 @@ ENTRY(invalid_op) +@@ -905,7 +1168,7 @@ ENTRY(invalid_op) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17730,7 +17795,7 @@ index c097e7d..853746c 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -915,7 +1162,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -915,7 +1178,7 @@ ENTRY(coprocessor_segment_overrun) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17739,7 +17804,7 @@ index c097e7d..853746c 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -923,7 +1170,7 @@ ENTRY(invalid_TSS) +@@ -923,7 +1186,7 @@ ENTRY(invalid_TSS) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17748,7 +17813,7 @@ index c097e7d..853746c 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -931,7 +1178,7 @@ ENTRY(segment_not_present) +@@ -931,7 +1194,7 @@ ENTRY(segment_not_present) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17757,7 +17822,7 @@ index c097e7d..853746c 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -939,7 +1186,7 @@ ENTRY(stack_segment) +@@ -939,7 +1202,7 @@ ENTRY(stack_segment) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17766,7 +17831,7 @@ index c097e7d..853746c 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -947,7 +1194,7 @@ ENTRY(alignment_check) +@@ -947,7 +1210,7 @@ ENTRY(alignment_check) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17775,7 +17840,7 @@ index c097e7d..853746c 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -957,7 +1204,7 @@ ENTRY(divide_error) +@@ -957,7 +1220,7 @@ ENTRY(divide_error) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17784,7 +17849,7 @@ index c097e7d..853746c 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -968,7 +1215,7 @@ ENTRY(machine_check) +@@ -968,7 +1231,7 @@ ENTRY(machine_check) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17793,7 +17858,7 @@ index c097e7d..853746c 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -979,7 +1226,7 @@ ENTRY(spurious_interrupt_bug) +@@ -979,7 +1242,7 @@ ENTRY(spurious_interrupt_bug) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17802,7 +17867,7 @@ index c097e7d..853746c 100644 ENTRY(kernel_thread_helper) pushl $0 # fake return address for unwinder -@@ -1095,7 +1342,7 @@ ENDPROC(xen_failsafe_callback) +@@ -1095,7 +1358,7 @@ ENDPROC(xen_failsafe_callback) ENTRY(mcount) ret @@ -17811,7 +17876,7 @@ index c097e7d..853746c 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1124,7 +1371,7 @@ ftrace_graph_call: +@@ -1124,7 +1387,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -17820,7 +17885,7 @@ index c097e7d..853746c 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1160,7 +1407,7 @@ trace: +@@ -1160,7 +1423,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -17829,7 +17894,7 @@ index c097e7d..853746c 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1181,7 +1428,7 @@ ENTRY(ftrace_graph_caller) +@@ -1181,7 +1444,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -17838,7 +17903,7 @@ index c097e7d..853746c 100644 .globl return_to_handler return_to_handler: -@@ -1198,7 +1445,6 @@ return_to_handler: +@@ -1198,7 +1461,6 @@ return_to_handler: ret #endif @@ -17846,7 +17911,7 @@ index c097e7d..853746c 100644 #include "syscall_table_32.S" syscall_table_size=(.-sys_call_table) -@@ -1255,15 +1501,18 @@ error_code: +@@ -1255,15 +1517,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -17867,7 +17932,7 @@ index c097e7d..853746c 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1309,7 +1558,7 @@ debug_stack_correct: +@@ -1309,7 +1574,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -17876,7 +17941,7 @@ index c097e7d..853746c 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1351,6 +1600,9 @@ nmi_stack_correct: +@@ -1351,6 +1616,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -17886,7 +17951,7 @@ index c097e7d..853746c 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1391,12 +1643,15 @@ nmi_espfix_stack: +@@ -1391,12 +1659,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -17903,7 +17968,7 @@ index c097e7d..853746c 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1409,7 +1664,7 @@ ENTRY(int3) +@@ -1409,7 +1680,7 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -17912,7 +17977,7 @@ index c097e7d..853746c 100644 ENTRY(general_protection) RING0_EC_FRAME -@@ -1417,7 +1672,7 @@ ENTRY(general_protection) +@@ -1417,7 +1688,7 @@ ENTRY(general_protection) CFI_ADJUST_CFA_OFFSET 4 jmp error_code CFI_ENDPROC @@ -17922,7 +17987,7 @@ index c097e7d..853746c 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 34a56a9..74613c5 100644 +index 34a56a9..0d13843 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -53,6 +53,8 @@ @@ -17998,7 +18063,7 @@ index 34a56a9..74613c5 100644 retq #endif -@@ -174,6 +182,282 @@ ENTRY(native_usergs_sysret64) +@@ -174,6 +182,280 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -18227,12 +18292,9 @@ index 34a56a9..74613c5 100644 +.endm + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK -+/* -+ * r11: thread_info -+ * rcx, rdx: can be clobbered -+ */ +ENTRY(pax_erase_kstack) + pushq %rdi ++ pushq %rcx + pushq %rax + pushq %r11 + @@ -18273,6 +18335,7 @@ index 34a56a9..74613c5 100644 + + popq %r11 + popq %rax ++ popq %rcx + popq %rdi + pax_force_retaddr + ret @@ -18281,7 +18344,7 @@ index 34a56a9..74613c5 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -233,8 +517,8 @@ ENDPROC(native_usergs_sysret64) +@@ -233,8 +515,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -18292,7 +18355,7 @@ index 34a56a9..74613c5 100644 .endm /* -@@ -317,7 +601,7 @@ ENTRY(save_args) +@@ -317,7 +599,7 @@ ENTRY(save_args) leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */ movq_cfi rbp, 8 /* push %rbp */ leaq 8(%rsp), %rbp /* mov %rsp, %ebp */ @@ -18301,7 +18364,7 @@ index 34a56a9..74613c5 100644 je 1f SWAPGS /* -@@ -337,9 +621,10 @@ ENTRY(save_args) +@@ -337,9 +619,10 @@ ENTRY(save_args) * We entered an interrupt context - irqs are off: */ 2: TRACE_IRQS_OFF @@ -18313,7 +18376,7 @@ index 34a56a9..74613c5 100644 ENTRY(save_rest) PARTIAL_FRAME 1 REST_SKIP+8 -@@ -352,9 +637,10 @@ ENTRY(save_rest) +@@ -352,9 +635,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -18325,7 +18388,7 @@ index 34a56a9..74613c5 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -383,9 +669,10 @@ ENTRY(save_paranoid) +@@ -383,9 +667,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -18338,7 +18401,7 @@ index 34a56a9..74613c5 100644 .popsection /* -@@ -409,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -409,7 +694,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -18347,7 +18410,7 @@ index 34a56a9..74613c5 100644 je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -419,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -419,7 +704,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -18356,7 +18419,7 @@ index 34a56a9..74613c5 100644 /* * System call entry. Upto 6 arguments in registers are supported. -@@ -455,7 +742,7 @@ END(ret_from_fork) +@@ -455,7 +740,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -18365,12 +18428,17 @@ index 34a56a9..74613c5 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -468,12 +755,13 @@ ENTRY(system_call_after_swapgs) +@@ -468,12 +753,18 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp + SAVE_ARGS 8*6,1 + pax_enter_kernel_user ++ ++#ifdef CONFIG_PAX_RANDKSTACK ++ pax_erase_kstack ++#endif ++ /* * No need to follow this irqs off/on section - it's straight * and short: @@ -18380,7 +18448,7 @@ index 34a56a9..74613c5 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -483,7 +771,7 @@ ENTRY(system_call_after_swapgs) +@@ -483,7 +774,7 @@ ENTRY(system_call_after_swapgs) system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -18389,7 +18457,7 @@ index 34a56a9..74613c5 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -502,6 +790,8 @@ sysret_check: +@@ -502,6 +793,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -18398,7 +18466,7 @@ index 34a56a9..74613c5 100644 /* * sysretq will re-enable interrupts: */ -@@ -555,14 +845,18 @@ badsys: +@@ -555,14 +848,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -18418,7 +18486,7 @@ index 34a56a9..74613c5 100644 jmp system_call_fastpath /* -@@ -592,16 +886,20 @@ tracesys: +@@ -592,16 +889,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -18440,7 +18508,7 @@ index 34a56a9..74613c5 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -613,7 +911,7 @@ tracesys: +@@ -613,7 +914,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -18449,15 +18517,18 @@ index 34a56a9..74613c5 100644 je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -624,6 +922,7 @@ GLOBAL(int_with_check) +@@ -624,7 +925,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) +- jmp retint_swapgs ++ pax_exit_kernel_user + pax_erase_kstack - jmp retint_swapgs ++ jmp retint_swapgs_pax /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -674,7 +973,7 @@ int_restore_rest: + /* First do a reschedule test. */ +@@ -674,7 +977,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -18466,7 +18537,7 @@ index 34a56a9..74613c5 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -690,7 +989,7 @@ ENTRY(\label) +@@ -690,7 +993,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -18475,7 +18546,7 @@ index 34a56a9..74613c5 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -708,9 +1007,10 @@ ENTRY(ptregscall_common) +@@ -708,9 +1011,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -18487,7 +18558,7 @@ index 34a56a9..74613c5 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -726,7 +1026,7 @@ ENTRY(stub_execve) +@@ -726,7 +1030,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -18496,7 +18567,7 @@ index 34a56a9..74613c5 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -744,7 +1044,7 @@ ENTRY(stub_rt_sigreturn) +@@ -744,7 +1048,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -18505,7 +18576,7 @@ index 34a56a9..74613c5 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -780,7 +1080,7 @@ vector=vector+1 +@@ -780,7 +1084,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -18514,7 +18585,7 @@ index 34a56a9..74613c5 100644 .previous END(interrupt) -@@ -800,6 +1100,16 @@ END(interrupt) +@@ -800,6 +1104,16 @@ END(interrupt) CFI_ADJUST_CFA_OFFSET 10*8 call save_args PARTIAL_FRAME 0 @@ -18531,7 +18602,7 @@ index 34a56a9..74613c5 100644 call \func .endm -@@ -822,7 +1132,7 @@ ret_from_intr: +@@ -822,7 +1136,7 @@ ret_from_intr: CFI_ADJUST_CFA_OFFSET -8 exit_intr: GET_THREAD_INFO(%rcx) @@ -18540,11 +18611,12 @@ index 34a56a9..74613c5 100644 je retint_kernel /* Interrupt came from user space */ -@@ -844,12 +1154,15 @@ retint_swapgs: /* return to user-space */ +@@ -844,12 +1158,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) + pax_exit_kernel_user ++retint_swapgs_pax: TRACE_IRQS_IRETQ SWAPGS jmp restore_args @@ -18556,7 +18628,7 @@ index 34a56a9..74613c5 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1253,7 @@ ENTRY(retint_kernel) +@@ -940,7 +1258,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -18565,7 +18637,7 @@ index 34a56a9..74613c5 100644 /* * APIC interrupts. -@@ -953,7 +1266,7 @@ ENTRY(\sym) +@@ -953,7 +1271,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -18574,7 +18646,7 @@ index 34a56a9..74613c5 100644 .endm #ifdef CONFIG_SMP -@@ -1032,12 +1345,22 @@ ENTRY(\sym) +@@ -1032,12 +1350,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -18598,7 +18670,7 @@ index 34a56a9..74613c5 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1049,12 +1372,22 @@ ENTRY(\sym) +@@ -1049,12 +1377,22 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -18622,7 +18694,7 @@ index 34a56a9..74613c5 100644 .endm .macro paranoidzeroentry_ist sym do_sym ist -@@ -1066,15 +1399,30 @@ ENTRY(\sym) +@@ -1066,15 +1404,30 @@ ENTRY(\sym) subq $15*8, %rsp call save_paranoid TRACE_IRQS_OFF @@ -18655,7 +18727,7 @@ index 34a56a9..74613c5 100644 .endm .macro errorentry sym do_sym -@@ -1085,13 +1433,23 @@ ENTRY(\sym) +@@ -1085,13 +1438,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET 15*8 call error_entry DEFAULT_FRAME 0 @@ -18680,7 +18752,7 @@ index 34a56a9..74613c5 100644 .endm /* error code is on the stack already */ -@@ -1104,13 +1462,23 @@ ENTRY(\sym) +@@ -1104,13 +1467,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -18705,7 +18777,7 @@ index 34a56a9..74613c5 100644 .endm zeroentry divide_error do_divide_error -@@ -1141,9 +1509,10 @@ gs_change: +@@ -1141,9 +1514,10 @@ gs_change: SWAPGS popf CFI_ADJUST_CFA_OFFSET -8 @@ -18717,7 +18789,7 @@ index 34a56a9..74613c5 100644 .section __ex_table,"a" .align 8 -@@ -1193,11 +1562,12 @@ ENTRY(kernel_thread) +@@ -1193,11 +1567,12 @@ ENTRY(kernel_thread) * of hacks for example to fork off the per-CPU idle tasks. * [Hopefully no generic code relies on the reschedule -AK] */ @@ -18732,7 +18804,7 @@ index 34a56a9..74613c5 100644 ENTRY(child_rip) pushq $0 # fake return address -@@ -1208,13 +1578,14 @@ ENTRY(child_rip) +@@ -1208,13 +1583,14 @@ ENTRY(child_rip) */ movq %rdi, %rax movq %rsi, %rdi @@ -18748,7 +18820,7 @@ index 34a56a9..74613c5 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1241,11 +1612,11 @@ ENTRY(kernel_execve) +@@ -1241,11 +1617,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -18762,7 +18834,7 @@ index 34a56a9..74613c5 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1263,9 +1634,10 @@ ENTRY(call_softirq) +@@ -1263,9 +1639,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -18774,7 +18846,7 @@ index 34a56a9..74613c5 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1303,7 +1675,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1303,7 +1680,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -18783,7 +18855,7 @@ index 34a56a9..74613c5 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1362,7 +1734,7 @@ ENTRY(xen_failsafe_callback) +@@ -1362,7 +1739,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -18792,7 +18864,7 @@ index 34a56a9..74613c5 100644 #endif /* CONFIG_XEN */ -@@ -1405,16 +1777,31 @@ ENTRY(paranoid_exit) +@@ -1405,16 +1782,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -18825,7 +18897,7 @@ index 34a56a9..74613c5 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1443,7 +1830,7 @@ paranoid_schedule: +@@ -1443,7 +1835,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -18834,7 +18906,7 @@ index 34a56a9..74613c5 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1470,12 +1857,13 @@ ENTRY(error_entry) +@@ -1470,12 +1862,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -18849,7 +18921,7 @@ index 34a56a9..74613c5 100644 ret CFI_ENDPROC -@@ -1497,7 +1885,7 @@ error_kernelspace: +@@ -1497,7 +1890,7 @@ error_kernelspace: cmpq $gs_change,RIP+8(%rsp) je error_swapgs jmp error_sti @@ -18858,7 +18930,7 @@ index 34a56a9..74613c5 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1517,7 +1905,7 @@ ENTRY(error_exit) +@@ -1517,7 +1910,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -18867,7 +18939,7 @@ index 34a56a9..74613c5 100644 /* runs on exception stack */ -@@ -1529,6 +1917,16 @@ ENTRY(nmi) +@@ -1529,6 +1922,16 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET 15*8 call save_paranoid DEFAULT_FRAME 0 @@ -18884,7 +18956,7 @@ index 34a56a9..74613c5 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1539,12 +1937,28 @@ ENTRY(nmi) +@@ -1539,12 +1942,28 @@ ENTRY(nmi) DISABLE_INTERRUPTS(CLBR_NONE) testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore @@ -18914,7 +18986,7 @@ index 34a56a9..74613c5 100644 jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1573,14 +1987,14 @@ nmi_schedule: +@@ -1573,14 +1992,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -68795,7 +68867,7 @@ index 90a6087..fa05803 100644 if (rc < 0) goto out_free; diff --git a/fs/eventpoll.c b/fs/eventpoll.c -index f539204..068db1f 100644 +index f539204..b2ad18e 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -200,6 +200,12 @@ struct eventpoll { @@ -69086,8 +69158,8 @@ index f539204..068db1f 100644 + error = PTR_ERR(file); + goto out_free_fd; + } -+ fd_install(fd, file); + ep->file = file; ++ fd_install(fd, file); + return fd; +out_free_fd: @@ -107553,10 +107625,10 @@ index d52f7a0..b66cdd9 100755 rm -f tags xtags ctags diff --git a/security/Kconfig b/security/Kconfig -index fb363cd..124d914 100644 +index fb363cd..a34a964 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,870 @@ +@@ -4,6 +4,882 @@ menu "Security options" @@ -108140,6 +108212,10 @@ index fb363cd..124d914 100644 + Select the method used to instrument function pointer dereferences. + Note that binary modules cannot be instrumented by this approach. + ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ + config PAX_KERNEXEC_PLUGIN_METHOD_BTS + bool "bts" + help @@ -108313,11 +108389,12 @@ index fb363cd..124d914 100644 + and you are advised to test this feature on your expected workload + before deploying it. + -+ Note: full support for this feature requires gcc with plugin support -+ so make sure your compiler is at least gcc 4.5.0. Using older gcc -+ versions means that functions with large enough stack frames may -+ leave uninitialized memory behind that may be exposed to a later -+ syscall leaking the stack. ++ Note that the full feature requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. Using ++ older gcc versions means that functions with large enough stack ++ frames may leave uninitialized memory behind that may be exposed ++ to a later syscall leaking the stack. + +config PAX_MEMORY_UDEREF + bool "Prevent invalid userland pointer dereference" @@ -108395,11 +108472,14 @@ index fb363cd..124d914 100644 + arguments marked by a size_overflow attribute with double integer + precision (DImode/TImode for 32/64 bit integer types). + -+ The recomputed argument is checked against INT_MAX and an event ++ The recomputed argument is checked against TYPE_MAX and an event + is logged on overflow and the triggering process is killed. + -+ Homepage: -+ http://www.grsecurity.net/~ephox/overflow_plugin/ ++ Homepage: http://www.grsecurity.net/~ephox/overflow_plugin/ ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. + +config PAX_LATENT_ENTROPY + bool "Generate some entropy during boot" @@ -108411,6 +108491,10 @@ index fb363cd..124d914 100644 + there is little 'natural' source of entropy normally. The cost + is some slowdown of the boot process. + ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ + Note that entropy extracted this way is not cryptographically + secure! + @@ -108427,7 +108511,7 @@ index fb363cd..124d914 100644 config KEYS bool "Enable access key retention support" help -@@ -146,7 +1010,7 @@ config INTEL_TXT +@@ -146,7 +1022,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX |