summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2014-10-26 19:37:32 -0400
committerAnthony G. Basile <blueness@gentoo.org>2014-10-26 19:37:32 -0400
commit8801439b591b20c32fe51a572be45604841c2ac6 (patch)
treea77bbe5bdd8827fc15121433089ab4a24adfd643 /3.14.22
parentGrsec/PaX: 3.0-3.2.63-201410201736 (diff)
downloadhardened-patchset-8801439b591b20c32fe51a572be45604841c2ac6.tar.gz
hardened-patchset-8801439b591b20c32fe51a572be45604841c2ac6.tar.bz2
hardened-patchset-8801439b591b20c32fe51a572be45604841c2ac6.zip
Grsec/PaX: 3.0-{3.2.63,3.14.22,3.17.1}-20141025002720141025
Diffstat (limited to '3.14.22')
-rw-r--r--3.14.22/0000_README2
-rw-r--r--3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch (renamed from 3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch)788
2 files changed, 769 insertions, 21 deletions
diff --git a/3.14.22/0000_README b/3.14.22/0000_README
index 9652232..de2e1c4 100644
--- a/3.14.22/0000_README
+++ b/3.14.22/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.22-201410192047.patch
+Patch: 4420_grsecurity-3.0-3.14.22-201410250026.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch b/3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch
index 8d0df77..9bb50c5 100644
--- a/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch
+++ b/3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch
@@ -854,6 +854,22 @@ index 98838a0..b304fb4 100644
} else if (!cause) {
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff --git a/arch/arc/kernel/kgdb.c b/arch/arc/kernel/kgdb.c
+index a2ff5c5..ecf6a78 100644
+--- a/arch/arc/kernel/kgdb.c
++++ b/arch/arc/kernel/kgdb.c
+@@ -158,11 +158,6 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code,
+ return -1;
+ }
+
+-unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs)
+-{
+- return instruction_pointer(regs);
+-}
+-
+ int kgdb_arch_init(void)
+ {
+ single_step_data.armed = 0;
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 4733d32..b142a40 100644
--- a/arch/arm/Kconfig
@@ -9846,6 +9862,20 @@ index 370ca1e..d4f4a98 100644
extern unsigned long sparc64_elf_hwcap;
#define ELF_HWCAP sparc64_elf_hwcap
+diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h
+index a12dbe3..0337e85 100644
+--- a/arch/sparc/include/asm/oplib_64.h
++++ b/arch/sparc/include/asm/oplib_64.h
+@@ -62,7 +62,8 @@ struct linux_mem_p1275 {
+ /* You must call prom_init() before using any of the library services,
+ * preferably as early as possible. Pass it the romvec pointer.
+ */
+-extern void prom_init(void *cif_handler, void *cif_stack);
++void prom_init(void *cif_handler);
++void prom_init_report(void);
+
+ /* Boot argument acquisition, returns the boot command line string. */
+ extern char *prom_getbootargs(void);
diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h
index 9b1c36d..209298b 100644
--- a/arch/sparc/include/asm/pgalloc_32.h
@@ -9938,6 +9968,21 @@ index 79da178..c2eede8 100644
#define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
SRMMU_DIRTY | SRMMU_REF)
+diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h
+index 5e35e05..b1a29e9 100644
+--- a/arch/sparc/include/asm/setup.h
++++ b/arch/sparc/include/asm/setup.h
+@@ -24,6 +24,10 @@ static inline int con_is_present(void)
+ }
+ #endif
+
++#ifdef CONFIG_SPARC64
++void __init start_early_boot(void);
++#endif
++
+ extern void sun_do_break(void);
+ extern int stop_a_enabled;
+ extern int scons_pwroff;
diff --git a/arch/sparc/include/asm/spinlock_64.h b/arch/sparc/include/asm/spinlock_64.h
index 9689176..63c18ea 100644
--- a/arch/sparc/include/asm/spinlock_64.h
@@ -10227,6 +10272,108 @@ index d15cc17..d0ae796 100644
extra-y := head_$(BITS).o
+diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h
+index 140966f..620009d 100644
+--- a/arch/sparc/kernel/entry.h
++++ b/arch/sparc/kernel/entry.h
+@@ -66,13 +66,10 @@ struct pause_patch_entry {
+ extern struct pause_patch_entry __pause_3insn_patch,
+ __pause_3insn_patch_end;
+
+-extern void __init per_cpu_patch(void);
+-extern void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
+- struct sun4v_1insn_patch_entry *);
+-extern void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
+- struct sun4v_2insn_patch_entry *);
+-extern void __init sun4v_patch(void);
+-extern void __init boot_cpu_id_too_large(int cpu);
++void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *,
++ struct sun4v_1insn_patch_entry *);
++void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *,
++ struct sun4v_2insn_patch_entry *);
+ extern unsigned int dcache_parity_tl1_occurred;
+ extern unsigned int icache_parity_tl1_occurred;
+
+diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S
+index 452f04fe..fbea0ac 100644
+--- a/arch/sparc/kernel/head_64.S
++++ b/arch/sparc/kernel/head_64.S
+@@ -660,14 +660,12 @@ tlb_fixup_done:
+ sethi %hi(init_thread_union), %g6
+ or %g6, %lo(init_thread_union), %g6
+ ldx [%g6 + TI_TASK], %g4
+- mov %sp, %l6
+
+ wr %g0, ASI_P, %asi
+ mov 1, %g1
+ sllx %g1, THREAD_SHIFT, %g1
+ sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1
+ add %g6, %g1, %sp
+- mov 0, %fp
+
+ /* Set per-cpu pointer initially to zero, this makes
+ * the boot-cpu use the in-kernel-image per-cpu areas
+@@ -694,44 +692,14 @@ tlb_fixup_done:
+ nop
+ #endif
+
+- mov %l6, %o1 ! OpenPROM stack
+ call prom_init
+ mov %l7, %o0 ! OpenPROM cif handler
+
+- /* Initialize current_thread_info()->cpu as early as possible.
+- * In order to do that accurately we have to patch up the get_cpuid()
+- * assembler sequences. And that, in turn, requires that we know
+- * if we are on a Starfire box or not. While we're here, patch up
+- * the sun4v sequences as well.
++ /* To create a one-register-window buffer between the kernel's
++ * initial stack and the last stack frame we use from the firmware,
++ * do the rest of the boot from a C helper function.
+ */
+- call check_if_starfire
+- nop
+- call per_cpu_patch
+- nop
+- call sun4v_patch
+- nop
+-
+-#ifdef CONFIG_SMP
+- call hard_smp_processor_id
+- nop
+- cmp %o0, NR_CPUS
+- blu,pt %xcc, 1f
+- nop
+- call boot_cpu_id_too_large
+- nop
+- /* Not reached... */
+-
+-1:
+-#else
+- mov 0, %o0
+-#endif
+- sth %o0, [%g6 + TI_CPU]
+-
+- call prom_init_report
+- nop
+-
+- /* Off we go.... */
+- call start_kernel
++ call start_early_boot
+ nop
+ /* Not reached... */
+
+diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S
+index b7ddcdd..cdbfec2 100644
+--- a/arch/sparc/kernel/hvtramp.S
++++ b/arch/sparc/kernel/hvtramp.S
+@@ -109,7 +109,6 @@ hv_cpu_startup:
+ sllx %g5, THREAD_SHIFT, %g5
+ sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
+ add %g6, %g5, %sp
+- mov 0, %fp
+
+ call init_irqwork_curcpu
+ nop
diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
index 510baec..9ff2607 100644
--- a/arch/sparc/kernel/process_32.c
@@ -10349,6 +10496,68 @@ index c13c9f2..d572c34 100644
audit_syscall_exit(regs);
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
+diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c
+index 3fdb455..949f773 100644
+--- a/arch/sparc/kernel/setup_64.c
++++ b/arch/sparc/kernel/setup_64.c
+@@ -30,6 +30,7 @@
+ #include <linux/cpu.h>
+ #include <linux/initrd.h>
+ #include <linux/module.h>
++#include <linux/start_kernel.h>
+
+ #include <asm/io.h>
+ #include <asm/processor.h>
+@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE];
+
+ static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 };
+
+-void __init per_cpu_patch(void)
++static void __init per_cpu_patch(void)
+ {
+ struct cpuid_patch_entry *p;
+ unsigned long ver;
+@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start,
+ }
+ }
+
+-void __init sun4v_patch(void)
++static void __init sun4v_patch(void)
+ {
+ extern void sun4v_hvapi_init(void);
+
+@@ -335,14 +336,25 @@ static void __init pause_patch(void)
+ }
+ }
+
+-#ifdef CONFIG_SMP
+-void __init boot_cpu_id_too_large(int cpu)
++void __init start_early_boot(void)
+ {
+- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
+- cpu, NR_CPUS);
+- prom_halt();
++ int cpu;
++
++ check_if_starfire();
++ per_cpu_patch();
++ sun4v_patch();
++
++ cpu = hard_smp_processor_id();
++ if (cpu >= NR_CPUS) {
++ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n",
++ cpu, NR_CPUS);
++ prom_halt();
++ }
++ current_thread_info()->cpu = cpu;
++
++ prom_init_report();
++ start_kernel();
+ }
+-#endif
+
+ /* On Ultra, we support all of the v8 capabilities. */
+ unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR |
diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c
index 8416d7f..f83823c 100644
--- a/arch/sparc/kernel/smp_64.c
@@ -10626,6 +10835,36 @@ index 33a17e7..d87fb1f 100644
ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc
2:
+diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S
+index 737f8cb..88ede1d 100644
+--- a/arch/sparc/kernel/trampoline_64.S
++++ b/arch/sparc/kernel/trampoline_64.S
+@@ -109,10 +109,13 @@ startup_continue:
+ brnz,pn %g1, 1b
+ nop
+
+- sethi %hi(p1275buf), %g2
+- or %g2, %lo(p1275buf), %g2
+- ldx [%g2 + 0x10], %l2
+- add %l2, -(192 + 128), %sp
++ /* Get onto temporary stack which will be in the locked
++ * kernel image.
++ */
++ sethi %hi(tramp_stack), %g1
++ or %g1, %lo(tramp_stack), %g1
++ add %g1, TRAMP_STACK_SIZE, %g1
++ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp
+ flushw
+
+ /* Setup the loop variables:
+@@ -394,7 +397,6 @@ after_lock_tlb:
+ sllx %g5, THREAD_SHIFT, %g5
+ sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5
+ add %g6, %g5, %sp
+- mov 0, %fp
+
+ rdpr %pstate, %o1
+ or %o1, PSTATE_IE, %o1
diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c
index 6629829..036032d 100644
--- a/arch/sparc/kernel/traps_32.c
@@ -11962,6 +12201,47 @@ index 4ced3fc..234f1e4 100644
/* Pure DTLB misses do not tell us whether the fault causing
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
+diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
+index 1aed043..ae6ce38 100644
+--- a/arch/sparc/mm/gup.c
++++ b/arch/sparc/mm/gup.c
+@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end,
+ return 1;
+ }
+
++int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
++ struct page **pages)
++{
++ struct mm_struct *mm = current->mm;
++ unsigned long addr, len, end;
++ unsigned long next, flags;
++ pgd_t *pgdp;
++ int nr = 0;
++
++ start &= PAGE_MASK;
++ addr = start;
++ len = (unsigned long) nr_pages << PAGE_SHIFT;
++ end = start + len;
++
++ local_irq_save(flags);
++ pgdp = pgd_offset(mm, addr);
++ do {
++ pgd_t pgd = *pgdp;
++
++ next = pgd_addr_end(addr, end);
++ if (pgd_none(pgd))
++ break;
++ if (!gup_pud_range(pgd, addr, next, write, pages, &nr))
++ break;
++ } while (pgdp++, addr = next, addr != end);
++ local_irq_restore(flags);
++
++ return nr;
++}
++
+ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ struct page **pages)
+ {
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index d329537..2c3746a 100644
--- a/arch/sparc/mm/hugetlbpage.c
@@ -12106,6 +12386,63 @@ index 9686224..dfbdb10 100644
#endif /* CONFIG_SMP */
#endif /* CONFIG_DEBUG_DCFLUSH */
}
+diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S
+index 9c86b4b..8050f38 100644
+--- a/arch/sparc/prom/cif.S
++++ b/arch/sparc/prom/cif.S
+@@ -11,11 +11,10 @@
+ .text
+ .globl prom_cif_direct
+ prom_cif_direct:
++ save %sp, -192, %sp
+ sethi %hi(p1275buf), %o1
+ or %o1, %lo(p1275buf), %o1
+- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack
+- save %o2, -192, %sp
+- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler
++ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler
+ mov %g4, %l0
+ mov %g5, %l1
+ mov %g6, %l3
+diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c
+index d95db75..110b0d7 100644
+--- a/arch/sparc/prom/init_64.c
++++ b/arch/sparc/prom/init_64.c
+@@ -26,13 +26,13 @@ phandle prom_chosen_node;
+ * It gets passed the pointer to the PROM vector.
+ */
+
+-extern void prom_cif_init(void *, void *);
++extern void prom_cif_init(void *);
+
+-void __init prom_init(void *cif_handler, void *cif_stack)
++void __init prom_init(void *cif_handler)
+ {
+ phandle node;
+
+- prom_cif_init(cif_handler, cif_stack);
++ prom_cif_init(cif_handler);
+
+ prom_chosen_node = prom_finddevice(prom_chosen_path);
+ if (!prom_chosen_node || (s32)prom_chosen_node == -1)
+diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c
+index e58b817..c27c30e4 100644
+--- a/arch/sparc/prom/p1275.c
++++ b/arch/sparc/prom/p1275.c
+@@ -19,7 +19,6 @@
+ struct {
+ long prom_callback; /* 0x00 */
+ void (*prom_cif_handler)(long *); /* 0x08 */
+- unsigned long prom_cif_stack; /* 0x10 */
+ } p1275buf;
+
+ extern void prom_world(int);
+@@ -51,5 +50,4 @@ void p1275_cmd_direct(unsigned long *args)
+ void prom_cif_init(void *cif_handler, void *cif_stack)
+ {
+ p1275buf.prom_cif_handler = (void (*)(long *))cif_handler;
+- p1275buf.prom_cif_stack = (unsigned long)cif_stack;
+ }
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index b3692ce..e4517c9 100644
--- a/arch/tile/Kconfig
@@ -33139,7 +33476,7 @@ index f35c66c..84b95ef 100644
if (vma == &gate_vma)
return "[vsyscall]";
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
-index 7b179b4..6bd17777 100644
+index 7b179b49..6bd17777 100644
--- a/arch/x86/mm/iomap_32.c
+++ b/arch/x86/mm/iomap_32.c
@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
@@ -35205,6 +35542,56 @@ index 1bbedc4..eb795b5 100644
}
static unsigned long __init intel_mid_calibrate_tsc(void)
+diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
+index 46aa25c..59a68ed 100644
+--- a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
++++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h
+@@ -10,10 +10,9 @@
+ */
+
+
+-/* __attribute__((weak)) makes these declarations overridable */
+ /* For every CPU addition a new get_<cpuname>_ops interface needs
+ * to be added.
+ */
+-extern void *get_penwell_ops(void) __attribute__((weak));
+-extern void *get_cloverview_ops(void) __attribute__((weak));
+-extern void *get_tangier_ops(void) __attribute__((weak));
++extern const void *get_penwell_ops(void);
++extern const void *get_cloverview_ops(void);
++extern const void *get_tangier_ops(void);
+diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c
+index 23381d2..8ddc10e 100644
+--- a/arch/x86/platform/intel-mid/mfld.c
++++ b/arch/x86/platform/intel-mid/mfld.c
+@@ -64,12 +64,12 @@ static void __init penwell_arch_setup(void)
+ pm_power_off = mfld_power_off;
+ }
+
+-void *get_penwell_ops(void)
++const void *get_penwell_ops(void)
+ {
+ return &penwell_ops;
+ }
+
+-void *get_cloverview_ops(void)
++const void *get_cloverview_ops(void)
+ {
+ return &penwell_ops;
+ }
+diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c
+index aaca917..66eadbc 100644
+--- a/arch/x86/platform/intel-mid/mrfl.c
++++ b/arch/x86/platform/intel-mid/mrfl.c
+@@ -97,7 +97,7 @@ static struct intel_mid_ops tangier_ops = {
+ .arch_setup = tangier_arch_setup,
+ };
+
+-void *get_tangier_ops(void)
++const void *get_tangier_ops(void)
+ {
+ return &tangier_ops;
+ }
diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c
index d6ee929..3637cb5 100644
--- a/arch/x86/platform/olpc/olpc_dt.c
@@ -36473,6 +36860,20 @@ index 7bdd61b..afec999 100644
static void cryptd_queue_worker(struct work_struct *work);
+diff --git a/crypto/cts.c b/crypto/cts.c
+index 042223f..133f087 100644
+--- a/crypto/cts.c
++++ b/crypto/cts.c
+@@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
+ /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
+ memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
+ /* 6. Decrypt En to create Pn-1 */
+- memset(iv, 0, sizeof(iv));
++ memzero_explicit(iv, sizeof(iv));
++
+ sg_set_buf(&sgsrc[0], s + bsize, bsize);
+ sg_set_buf(&sgdst[0], d, bsize);
+ err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index 309d345..1632720 100644
--- a/crypto/pcrypt.c
@@ -36486,6 +36887,118 @@ index 309d345..1632720 100644
if (!ret)
kobject_uevent(&pinst->kobj, KOBJ_ADD);
+diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
+index 4279480..7bb0474 100644
+--- a/crypto/sha1_generic.c
++++ b/crypto/sha1_generic.c
+@@ -64,7 +64,7 @@ int crypto_sha1_update(struct shash_desc *desc, const u8 *data,
+ src = data + done;
+ } while (done + SHA1_BLOCK_SIZE <= len);
+
+- memset(temp, 0, sizeof(temp));
++ memzero_explicit(temp, sizeof(temp));
+ partial = 0;
+ }
+ memcpy(sctx->buffer + partial, src, len - done);
+diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
+index 5433667..32c5e5e 100644
+--- a/crypto/sha256_generic.c
++++ b/crypto/sha256_generic.c
+@@ -210,10 +210,9 @@ static void sha256_transform(u32 *state, const u8 *input)
+
+ /* clear any sensitive info... */
+ a = b = c = d = e = f = g = h = t1 = t2 = 0;
+- memset(W, 0, 64 * sizeof(u32));
++ memzero_explicit(W, 64 * sizeof(u32));
+ }
+
+-
+ static int sha224_init(struct shash_desc *desc)
+ {
+ struct sha256_state *sctx = shash_desc_ctx(desc);
+@@ -316,7 +315,7 @@ static int sha224_final(struct shash_desc *desc, u8 *hash)
+ sha256_final(desc, D);
+
+ memcpy(hash, D, SHA224_DIGEST_SIZE);
+- memset(D, 0, SHA256_DIGEST_SIZE);
++ memzero_explicit(D, SHA256_DIGEST_SIZE);
+
+ return 0;
+ }
+diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
+index 6ed124f..04d295a 100644
+--- a/crypto/sha512_generic.c
++++ b/crypto/sha512_generic.c
+@@ -238,7 +238,7 @@ static int sha384_final(struct shash_desc *desc, u8 *hash)
+ sha512_final(desc, D);
+
+ memcpy(hash, D, 48);
+- memset(D, 0, 64);
++ memzero_explicit(D, 64);
+
+ return 0;
+ }
+diff --git a/crypto/tgr192.c b/crypto/tgr192.c
+index 8740355..3c7af0d 100644
+--- a/crypto/tgr192.c
++++ b/crypto/tgr192.c
+@@ -612,7 +612,7 @@ static int tgr160_final(struct shash_desc *desc, u8 * out)
+
+ tgr192_final(desc, D);
+ memcpy(out, D, TGR160_DIGEST_SIZE);
+- memset(D, 0, TGR192_DIGEST_SIZE);
++ memzero_explicit(D, TGR192_DIGEST_SIZE);
+
+ return 0;
+ }
+@@ -623,7 +623,7 @@ static int tgr128_final(struct shash_desc *desc, u8 * out)
+
+ tgr192_final(desc, D);
+ memcpy(out, D, TGR128_DIGEST_SIZE);
+- memset(D, 0, TGR192_DIGEST_SIZE);
++ memzero_explicit(D, TGR192_DIGEST_SIZE);
+
+ return 0;
+ }
+diff --git a/crypto/vmac.c b/crypto/vmac.c
+index 2eb11a3..d84c24b 100644
+--- a/crypto/vmac.c
++++ b/crypto/vmac.c
+@@ -613,7 +613,7 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out)
+ }
+ mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx);
+ memcpy(out, &mac, sizeof(vmac_t));
+- memset(&mac, 0, sizeof(vmac_t));
++ memzero_explicit(&mac, sizeof(vmac_t));
+ memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx));
+ ctx->partial_size = 0;
+ return 0;
+diff --git a/crypto/wp512.c b/crypto/wp512.c
+index 180f1d6..ec64e77 100644
+--- a/crypto/wp512.c
++++ b/crypto/wp512.c
+@@ -1102,8 +1102,8 @@ static int wp384_final(struct shash_desc *desc, u8 *out)
+ u8 D[64];
+
+ wp512_final(desc, D);
+- memcpy (out, D, WP384_DIGEST_SIZE);
+- memset (D, 0, WP512_DIGEST_SIZE);
++ memcpy(out, D, WP384_DIGEST_SIZE);
++ memzero_explicit(D, WP512_DIGEST_SIZE);
+
+ return 0;
+ }
+@@ -1113,8 +1113,8 @@ static int wp256_final(struct shash_desc *desc, u8 *out)
+ u8 D[64];
+
+ wp512_final(desc, D);
+- memcpy (out, D, WP256_DIGEST_SIZE);
+- memset (D, 0, WP512_DIGEST_SIZE);
++ memcpy(out, D, WP256_DIGEST_SIZE);
++ memzero_explicit(D, WP512_DIGEST_SIZE);
+
+ return 0;
+ }
diff --git a/drivers/acpi/acpica/hwxfsleep.c b/drivers/acpi/acpica/hwxfsleep.c
index 15dddc1..b61cf0c 100644
--- a/drivers/acpi/acpica/hwxfsleep.c
@@ -39176,7 +39689,7 @@ index 8320abd..ec48108 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index 429b75b..de805d0 100644
+index 429b75b..58488cc 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -284,9 +284,6 @@
@@ -39222,6 +39735,35 @@ index 429b75b..de805d0 100644
unsigned int add =
((pool_size - entropy_count)*anfrac*3) >> s;
+@@ -1063,8 +1060,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+ * pool while mixing, and hash one final time.
+ */
+ sha_transform(hash.w, extract, workspace);
+- memset(extract, 0, sizeof(extract));
+- memset(workspace, 0, sizeof(workspace));
++ memzero_explicit(extract, sizeof(extract));
++ memzero_explicit(workspace, sizeof(workspace));
+
+ /*
+ * In case the hash function has some recognizable output
+@@ -1076,7 +1073,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out)
+ hash.w[2] ^= rol32(hash.w[2], 16);
+
+ memcpy(out, &hash, EXTRACT_SIZE);
+- memset(&hash, 0, sizeof(hash));
++ memzero_explicit(&hash, sizeof(hash));
+ }
+
+ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+@@ -1124,7 +1121,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf,
+ }
+
+ /* Wipe data just returned from memory */
+- memset(tmp, 0, sizeof(tmp));
++ memzero_explicit(tmp, sizeof(tmp));
+
+ return ret;
+ }
@@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
extract_buf(r, tmp);
@@ -39231,6 +39773,15 @@ index 429b75b..de805d0 100644
ret = -EFAULT;
break;
}
+@@ -1162,7 +1159,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf,
+ }
+
+ /* Wipe data just returned from memory */
+- memset(tmp, 0, sizeof(tmp));
++ memzero_explicit(tmp, sizeof(tmp));
+
+ return ret;
+ }
@@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid);
#include <linux/sysctl.h>
@@ -64708,7 +65259,7 @@ index 2183fcf..3c32a98 100644
help
Various /proc files exist to monitor process memory utilization:
diff --git a/fs/proc/array.c b/fs/proc/array.c
-index baf3464..6873520 100644
+index baf3464..5b394ec 100644
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -60,6 +60,7 @@
@@ -64846,14 +65397,22 @@ index baf3464..6873520 100644
if (mm) {
size = task_statm(mm, &shared, &text, &data, &resident);
mmput(mm);
-@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+@@ -581,6 +649,21 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
return 0;
}
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
+int proc_pid_ipaddr(struct task_struct *task, char *buffer)
+{
-+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip);
++ unsigned long flags;
++ u32 curr_ip = 0;
++
++ if (lock_task_sighand(task, &flags)) {
++ curr_ip = task->signal->curr_ip;
++ unlock_task_sighand(task, &flags);
++ }
++
++ return sprintf(buffer, "%pI4\n", &curr_ip);
+}
+#endif
+
@@ -77402,7 +77961,7 @@ index 0000000..3860c7e
+}
diff --git a/grsecurity/grsec_sock.c b/grsecurity/grsec_sock.c
new file mode 100644
-index 0000000..c0aef3a
+index 0000000..e3650b6
--- /dev/null
+++ b/grsecurity/grsec_sock.c
@@ -0,0 +1,244 @@
@@ -77529,10 +78088,10 @@ index 0000000..c0aef3a
+
+#endif
+
-+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
++void gr_update_task_in_ip_table(const struct inet_sock *inet)
+{
+#ifdef CONFIG_GRKERNSEC
-+ struct signal_struct *sig = task->signal;
++ struct signal_struct *sig = current->signal;
+ struct conn_table_entry *newent;
+
+ newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
@@ -79383,6 +79942,19 @@ index 939533d..cf0a57c 100644
/**
* struct clk_init_data - holds init data that's common to all clocks and is
+diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h
+index 67301a4..879065d 100644
+--- a/include/linux/clocksource.h
++++ b/include/linux/clocksource.h
+@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_get_next(void);
+ extern void clocksource_change_rating(struct clocksource *cs, int rating);
+ extern void clocksource_suspend(void);
+ extern void clocksource_resume(void);
+-extern struct clocksource * __init __weak clocksource_default_clock(void);
++extern struct clocksource * __init clocksource_default_clock(void);
+ extern void clocksource_mark_unstable(struct clocksource *cs);
+
+ extern u64
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 3f448c6..df3ce1d 100644
--- a/include/linux/compat.h
@@ -79717,6 +80289,32 @@ index d08e4d2..95fad61 100644
int cpumask_any_but(const struct cpumask *mask, unsigned int cpu);
/**
+diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h
+index 7032518..60023e5 100644
+--- a/include/linux/crash_dump.h
++++ b/include/linux/crash_dump.h
+@@ -14,14 +14,13 @@
+ extern unsigned long long elfcorehdr_addr;
+ extern unsigned long long elfcorehdr_size;
+
+-extern int __weak elfcorehdr_alloc(unsigned long long *addr,
+- unsigned long long *size);
+-extern void __weak elfcorehdr_free(unsigned long long addr);
+-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos);
+-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
+-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma,
+- unsigned long from, unsigned long pfn,
+- unsigned long size, pgprot_t prot);
++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size);
++extern void elfcorehdr_free(unsigned long long addr);
++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos);
++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos);
++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma,
++ unsigned long from, unsigned long pfn,
++ unsigned long size, pgprot_t prot);
+
+ extern ssize_t copy_oldmem_page(unsigned long, char *, size_t,
+ unsigned long, int);
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 04421e8..a85afd4 100644
--- a/include/linux/cred.h
@@ -81917,7 +82515,7 @@ index a74c3a8..28d3f21 100644
extern struct key_type key_type_keyring;
diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h
-index 6b06d37..c134867 100644
+index 6b06d37..19f605f 100644
--- a/include/linux/kgdb.h
+++ b/include/linux/kgdb.h
@@ -52,7 +52,7 @@ extern int kgdb_connected;
@@ -81938,7 +82536,7 @@ index 6b06d37..c134867 100644
/**
* struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB.
-@@ -279,7 +279,7 @@ struct kgdb_io {
+@@ -279,11 +279,11 @@ struct kgdb_io {
void (*pre_exception) (void);
void (*post_exception) (void);
int is_console;
@@ -81947,6 +82545,11 @@ index 6b06d37..c134867 100644
extern struct kgdb_arch arch_kgdb_ops;
+-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs);
++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs);
+
+ #ifdef CONFIG_SERIAL_KGDB_NMI
+ extern int kgdb_register_nmi_console(void);
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
index 0555cc6..40116ce 100644
--- a/include/linux/kmod.h
@@ -82196,6 +82799,19 @@ index c45c089..298841c 100644
{
u32 remainder;
return div_u64_rem(dividend, divisor, &remainder);
+diff --git a/include/linux/memory.h b/include/linux/memory.h
+index bb7384e..8b8d8d1 100644
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -35,7 +35,7 @@ struct memory_block {
+ };
+
+ int arch_get_memory_phys_device(unsigned long start_pfn);
+-unsigned long __weak memory_block_size_bytes(void);
++unsigned long memory_block_size_bytes(void);
+
+ /* These states are exposed to userspace as text strings in sysfs */
+ #define MEM_ONLINE (1<<0) /* exposed to userspace */
diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
index 5bba088..7ad4ae7 100644
--- a/include/linux/mempolicy.h
@@ -84304,6 +84920,29 @@ index 680f9a3..f13aeb0 100644
__SONET_ITEMS
#undef __HANDLE_ITEM
};
+diff --git a/include/linux/string.h b/include/linux/string.h
+index ac889c5..0ed878d 100644
+--- a/include/linux/string.h
++++ b/include/linux/string.h
+@@ -129,7 +129,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4);
+ #endif
+
+ extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos,
+- const void *from, size_t available);
++ const void *from, size_t available);
+
+ /**
+ * strstarts - does @str start with @prefix?
+@@ -141,7 +141,8 @@ static inline bool strstarts(const char *str, const char *prefix)
+ return strncmp(str, prefix, strlen(prefix)) == 0;
+ }
+
+-extern size_t memweight(const void *ptr, size_t bytes);
++size_t memweight(const void *ptr, size_t bytes);
++void memzero_explicit(void *s, size_t count);
+
+ /**
+ * kbasename - return the last part of a pathname.
diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h
index 07d8e53..dc934c9 100644
--- a/include/linux/sunrpc/addr.h
@@ -93941,10 +94580,33 @@ index 0922579..9d7adb9 100644
#endif
}
diff --git a/lib/string.c b/lib/string.c
-index e5878de..315fad2 100644
+index e5878de..64941b2 100644
--- a/lib/string.c
+++ b/lib/string.c
-@@ -789,9 +789,9 @@ void *memchr_inv(const void *start, int c, size_t bytes)
+@@ -586,6 +586,22 @@ void *memset(void *s, int c, size_t count)
+ EXPORT_SYMBOL(memset);
+ #endif
+
++/**
++ * memzero_explicit - Fill a region of memory (e.g. sensitive
++ * keying data) with 0s.
++ * @s: Pointer to the start of the area.
++ * @count: The size of the area.
++ *
++ * memzero_explicit() doesn't need an arch-specific version as
++ * it just invokes the one of memset() implicitly.
++ */
++void memzero_explicit(void *s, size_t count)
++{
++ memset(s, 0, count);
++ OPTIMIZER_HIDE_VAR(s);
++}
++EXPORT_SYMBOL(memzero_explicit);
++
+ #ifndef __HAVE_ARCH_MEMCPY
+ /**
+ * memcpy - Copy one area of memory to another
+@@ -789,9 +805,9 @@ void *memchr_inv(const void *start, int c, size_t bytes)
return check_bytes8(start, value, bytes);
value64 = value;
@@ -94697,7 +95359,7 @@ index 33365e9..2234ef9 100644
}
unset_migratetype_isolate(page, MIGRATE_MOVABLE);
diff --git a/mm/memory.c b/mm/memory.c
-index 492e36f..3771c0a 100644
+index 492e36f..55613ed 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -94734,6 +95396,19 @@ index 492e36f..3771c0a 100644
}
/*
+@@ -679,10 +685,10 @@ static void print_bad_pte(struct vm_area_struct *vma, unsigned long addr,
+ * Choose text because data symbols depend on CONFIG_KALLSYMS_ALL=y
+ */
+ if (vma->vm_ops)
+- printk(KERN_ALERT "vma->vm_ops->fault: %pSR\n",
++ printk(KERN_ALERT "vma->vm_ops->fault: %pAR\n",
+ vma->vm_ops->fault);
+ if (vma->vm_file)
+- printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pSR\n",
++ printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pAR\n",
+ vma->vm_file->f_op->mmap);
+ dump_stack();
+ add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
@@ -1636,12 +1642,6 @@ no_page_table:
return page;
}
@@ -100952,7 +101627,7 @@ index 0d1e2cb..4501a2c 100644
void inet_get_local_port_range(struct net *net, int *low, int *high)
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
-index 8b9cf27..0d8d592 100644
+index 8b9cf27..9c17cab 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -18,6 +18,7 @@
@@ -100967,7 +101642,7 @@ index 8b9cf27..0d8d592 100644
return inet_ehashfn(net, laddr, lport, faddr, fport);
}
-+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
++extern void gr_update_task_in_ip_table(const struct inet_sock *inet);
+
/*
* Allocate and initialize a new local port bind bucket.
@@ -100976,7 +101651,7 @@ index 8b9cf27..0d8d592 100644
twrefcnt += inet_twsk_bind_unhash(tw, hinfo);
spin_unlock(&head->lock);
-+ gr_update_task_in_ip_table(current, inet_sk(sk));
++ gr_update_task_in_ip_table(inet_sk(sk));
+
if (tw) {
inet_twsk_deschedule(tw, death_row);
@@ -102786,10 +103461,45 @@ index 20b63d2..31a777d 100644
kfree_skb(skb);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
-index 5f8e128..865d38e 100644
+index 5f8e128..d32ac8c 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
-@@ -212,11 +212,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+@@ -170,8 +170,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+ case IPPROTO_DCCP:
+ if (!onlyproto && (nh + offset + 4 < skb->data ||
+ pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
+- __be16 *ports = (__be16 *)exthdr;
++ __be16 *ports;
+
++ nh = skb_network_header(skb);
++ ports = (__be16 *)(nh + offset);
+ fl6->fl6_sport = ports[!!reverse];
+ fl6->fl6_dport = ports[!reverse];
+ }
+@@ -180,8 +182,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+
+ case IPPROTO_ICMPV6:
+ if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) {
+- u8 *icmp = (u8 *)exthdr;
++ u8 *icmp;
+
++ nh = skb_network_header(skb);
++ icmp = (u8 *)(nh + offset);
+ fl6->fl6_icmp_type = icmp[0];
+ fl6->fl6_icmp_code = icmp[1];
+ }
+@@ -192,8 +196,9 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
+ case IPPROTO_MH:
+ if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) {
+ struct ip6_mh *mh;
+- mh = (struct ip6_mh *)exthdr;
+
++ nh = skb_network_header(skb);
++ mh = (struct ip6_mh *)(nh + offset);
+ fl6->fl6_mh_type = mh->ip6mh_type;
+ }
+ fl6->flowi6_proto = nexthdr;
+@@ -212,11 +217,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
}
}
@@ -102803,7 +103513,7 @@ index 5f8e128..865d38e 100644
return dst_entries_get_fast(ops) > ops->gc_thresh * 2;
}
-@@ -329,19 +329,19 @@ static struct ctl_table xfrm6_policy_table[] = {
+@@ -329,19 +334,19 @@ static struct ctl_table xfrm6_policy_table[] = {
static int __net_init xfrm6_net_init(struct net *net)
{
@@ -102828,7 +103538,7 @@ index 5f8e128..865d38e 100644
if (!hdr)
goto err_reg;
-@@ -349,8 +349,7 @@ static int __net_init xfrm6_net_init(struct net *net)
+@@ -349,8 +354,7 @@ static int __net_init xfrm6_net_init(struct net *net)
return 0;
err_reg:
@@ -123835,6 +124545,44 @@ index 0a578fe..b81f62d 100644
0; \
})
+diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c
+index 714b949..1f0dc1e 100644
+--- a/virt/kvm/iommu.c
++++ b/virt/kvm/iommu.c
+@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm,
+ gfn_t base_gfn, unsigned long npages);
+
+ static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn,
+- unsigned long size)
++ unsigned long npages)
+ {
+ gfn_t end_gfn;
+ pfn_t pfn;
+
+ pfn = gfn_to_pfn_memslot(slot, gfn);
+- end_gfn = gfn + (size >> PAGE_SHIFT);
++ end_gfn = gfn + npages;
+ gfn += 1;
+
+ if (is_error_noslot_pfn(pfn))
+@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ * Pin all pages we are about to map in memory. This is
+ * important because we unmap and unpin in 4kb steps later.
+ */
+- pfn = kvm_pin_pages(slot, gfn, page_size);
++ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT);
+ if (is_error_noslot_pfn(pfn)) {
+ gfn += 1;
+ continue;
+@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot)
+ if (r) {
+ printk(KERN_ERR "kvm_iommu_map_address:"
+ "iommu failed to map pfn=%llx\n", pfn);
+- kvm_unpin_pages(kvm, pfn, page_size);
++ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT);
+ goto unmap_pages;
+ }
+
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index 03a0381..8b31923 100644
--- a/virt/kvm/kvm_main.c