diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-06-24 08:03:43 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-06-24 08:03:43 -0400 |
commit | 74cd2f49da1b5d3cb08a010a3d1151e2936abf8f (patch) | |
tree | 9fd4008ee0a8806f120e2b4b4cc939bd85974bfc /3.2.47 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.61,3.2.47,3.9.6}-201306182033 (diff) | |
download | hardened-patchset-20130623.tar.gz hardened-patchset-20130623.tar.bz2 hardened-patchset-20130623.zip |
Grsec/PaX: 2.9.1-{3.2.47,3.9.7}-20130623144320130623
Diffstat (limited to '3.2.47')
-rw-r--r-- | 3.2.47/0000_README | 2 | ||||
-rw-r--r-- | 3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch (renamed from 3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch) | 980 |
2 files changed, 822 insertions, 160 deletions
diff --git a/3.2.47/0000_README b/3.2.47/0000_README index 2a74306..b9aefff 100644 --- a/3.2.47/0000_README +++ b/3.2.47/0000_README @@ -106,7 +106,7 @@ Patch: 1046_linux-3.2.47.patch From: http://www.kernel.org Desc: Linux 3.2.47 -Patch: 4420_grsecurity-2.9.1-3.2.47-201306191807.patch +Patch: 4420_grsecurity-2.9.1-3.2.47-201306231441.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch index 579f1c1..548030a 100644 --- a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch +++ b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index dfa6fc6..fad9813 100644 +index dfa6fc6..be27ac3 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -41,7 +41,7 @@ index dfa6fc6..fad9813 100644 .*.d .mm 53c700_d.h -@@ -70,6 +76,7 @@ Kerntypes +@@ -70,9 +76,11 @@ Kerntypes Module.markers Module.symvers PENDING @@ -49,7 +49,11 @@ index dfa6fc6..fad9813 100644 SCCS System.map* TAGS -@@ -81,6 +88,7 @@ aic7*seq.h* ++TRACEEVENT-CFLAGS + aconf + af_names.h + aic7*reg.h* +@@ -81,6 +89,7 @@ aic7*seq.h* aicasm aicdb.h* altivec*.c @@ -57,7 +61,7 @@ index dfa6fc6..fad9813 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -93,19 +101,24 @@ bounds.h +@@ -93,19 +102,24 @@ bounds.h bsetup btfixupprep build @@ -82,7 +86,7 @@ index dfa6fc6..fad9813 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -116,9 +129,11 @@ devlist.h* +@@ -116,9 +130,11 @@ devlist.h* dnotify_test docproc dslm @@ -94,7 +98,7 @@ index dfa6fc6..fad9813 100644 fixdep flask.h fore200e_mkfirm -@@ -126,12 +141,15 @@ fore200e_pca_fw.c* +@@ -126,12 +142,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -110,7 +114,7 @@ index dfa6fc6..fad9813 100644 hpet_example hugepage-mmap hugepage-shm -@@ -146,7 +164,7 @@ int32.c +@@ -146,7 +165,7 @@ int32.c int4.c int8.c kallsyms @@ -119,7 +123,7 @@ index dfa6fc6..fad9813 100644 keywords.c ksym.c* ksym.h* -@@ -154,7 +172,7 @@ kxgettext +@@ -154,7 +173,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -128,7 +132,7 @@ index dfa6fc6..fad9813 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -166,14 +184,15 @@ machtypes.h +@@ -166,14 +185,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -145,7 +149,7 @@ index dfa6fc6..fad9813 100644 mkprep mkregtable mktables -@@ -209,6 +228,7 @@ r300_reg_safe.h +@@ -209,6 +229,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -153,7 +157,7 @@ index dfa6fc6..fad9813 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -218,7 +238,10 @@ series +@@ -218,7 +239,10 @@ series setup setup.bin setup.elf @@ -164,7 +168,7 @@ index dfa6fc6..fad9813 100644 sm_tbl* split-include syscalltab.h -@@ -229,6 +252,7 @@ tftpboot.img +@@ -229,6 +253,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -172,7 +176,7 @@ index dfa6fc6..fad9813 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -246,7 +270,9 @@ vmlinux +@@ -246,7 +271,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -182,7 +186,7 @@ index dfa6fc6..fad9813 100644 vmlinuz voffset.h vsyscall.lds -@@ -254,9 +280,12 @@ vsyscall_32.lds +@@ -254,9 +281,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -15634,7 +15638,7 @@ index 0e89635..f0a7525 100644 }; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 3b67877..bf490b9 100644 +index 3b67877..77e760c 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -15685,6 +15689,15 @@ index 3b67877..bf490b9 100644 return; } /* First print corrected ones that are still unlogged */ +@@ -307,7 +308,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) + if (!fake_panic) { + if (panic_timeout == 0) + panic_timeout = mce_panic_timeout; +- panic(msg); ++ panic("%s", msg); + } else + pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg); + } @@ -616,7 +617,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ @@ -15901,6 +15914,19 @@ index 13ad899..f642b9a 100644 crash_fixup_ss_esp(&fixed_regs, regs); regs = &fixed_regs; } +diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c +index afa64ad..dce67dd 100644 +--- a/arch/x86/kernel/crash_dump_64.c ++++ b/arch/x86/kernel/crash_dump_64.c +@@ -36,7 +36,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf, + return -ENOMEM; + + if (userbuf) { +- if (copy_to_user(buf, vaddr + offset, csize)) { ++ if (copy_to_user((char __force_user *)buf, vaddr + offset, csize)) { + iounmap(vaddr); + return -EFAULT; + } diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c index 37250fe..bf2ec74 100644 --- a/arch/x86/kernel/doublefault_32.c @@ -16291,6 +16317,21 @@ index 6d728d9..80f1867 100644 +} +EXPORT_SYMBOL(pax_check_alloca); +#endif +diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c +index 303a0e4..0aad351 100644 +--- a/arch/x86/kernel/e820.c ++++ b/arch/x86/kernel/e820.c +@@ -829,8 +829,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void) + + static void early_panic(char *msg) + { +- early_printk(msg); +- panic(msg); ++ early_printk("%s", msg); ++ panic("%s", msg); + } + + static int userdef __initdata; diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c index cd28a35..c72ed9a 100644 --- a/arch/x86/kernel/early_printk.c @@ -17115,7 +17156,7 @@ index d2d488b8..a4f589f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 6274f5f..7342ebb 100644 +index 6274f5f..7157a62 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -55,6 +55,8 @@ @@ -17191,7 +17232,7 @@ index 6274f5f..7342ebb 100644 jmp *%rdi #endif -@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) +@@ -178,6 +186,311 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -17299,7 +17340,9 @@ index 6274f5f..7342ebb 100644 +#endif +#ifdef CONFIG_PAX_RANDKSTACK + pushq %rax ++ pushq %r11 + call pax_randomize_kstack ++ popq %r11 + popq %rax +#endif + .endm @@ -17362,10 +17405,10 @@ index 6274f5f..7342ebb 100644 +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) -+ push %rdi ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT -+ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + @@ -17377,13 +17420,14 @@ index 6274f5f..7342ebb 100644 +#endif + + GET_CR3_INTO_RDI -+ add $__START_KERNEL_map,%rdi -+ sub phys_base(%rip),%rdi ++ mov %rdi,%rbx ++ add $__START_KERNEL_map,%rbx ++ sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT ++ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f -+ mov %rdi,%rbx + i = 0 + .rept USER_PGD_PTRS + mov i*8(%rbx),%rsi @@ -17392,21 +17436,23 @@ index 6274f5f..7342ebb 100644 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) + i = i + 1 + .endr ++ popq %rdi ++ PV_RESTORE_REGS(CLBR_RDI) + jmp 2f +1: +#endif + + i = 0 + .rept USER_PGD_PTRS -+ movb $0x67,i*8(%rdi) ++ movb $0x67,i*8(%rbx) + i = i + 1 + .endr + +#ifdef CONFIG_PARAVIRT -+2: PV_RESTORE_REGS(CLBR_RDI) -+ popq %rbx ++2: +#endif + ++ popq %rbx + popq %rdi + pax_force_retaddr + retq @@ -17415,6 +17461,30 @@ index 6274f5f..7342ebb 100644 +ENDPROC(pax_exit_kernel_user) +#endif + ++ .macro pax_enter_kernel_nmi ++ pax_set_fptr_mask ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ GET_CR0_INTO_RDI ++ bts $16,%rdi ++ SET_RDI_INTO_CR0 ++ jc 110f ++ or $2,%ebx ++110: ++#endif ++ .endm ++ ++ .macro pax_exit_kernel_nmi ++#ifdef CONFIG_PAX_KERNEXEC ++ test $2,%ebx ++ jz 110f ++ GET_CR0_INTO_RDI ++ btr $16,%rdi ++ SET_RDI_INTO_CR0 ++110: ++#endif ++ .endm ++ +.macro pax_erase_kstack +#ifdef CONFIG_PAX_MEMORY_STACKLEAK + call pax_erase_kstack @@ -17474,7 +17544,7 @@ index 6274f5f..7342ebb 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) +@@ -231,8 +544,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -17485,7 +17555,7 @@ index 6274f5f..7342ebb 100644 .endm /* -@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) +@@ -319,7 +632,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -17494,7 +17564,7 @@ index 6274f5f..7342ebb 100644 je 1f SWAPGS /* -@@ -355,9 +639,10 @@ ENTRY(save_rest) +@@ -355,9 +668,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -17506,7 +17576,7 @@ index 6274f5f..7342ebb 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +671,10 @@ ENTRY(save_paranoid) +@@ -386,9 +700,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -17519,7 +17589,7 @@ index 6274f5f..7342ebb 100644 .popsection /* -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -410,7 +725,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -17528,7 +17598,7 @@ index 6274f5f..7342ebb 100644 je int_ret_from_sys_call testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -420,7 +735,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -17537,7 +17607,7 @@ index 6274f5f..7342ebb 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +742,7 @@ END(ret_from_fork) +@@ -456,7 +771,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -17546,7 +17616,7 @@ index 6274f5f..7342ebb 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,12 +755,18 @@ ENTRY(system_call_after_swapgs) +@@ -469,12 +784,18 @@ ENTRY(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -17566,7 +17636,7 @@ index 6274f5f..7342ebb 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -484,7 +776,7 @@ ENTRY(system_call_after_swapgs) +@@ -484,7 +805,7 @@ ENTRY(system_call_after_swapgs) system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -17575,7 +17645,7 @@ index 6274f5f..7342ebb 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -503,6 +795,8 @@ sysret_check: +@@ -503,6 +824,8 @@ sysret_check: andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -17584,7 +17654,7 @@ index 6274f5f..7342ebb 100644 /* * sysretq will re-enable interrupts: */ -@@ -554,14 +848,18 @@ badsys: +@@ -554,14 +877,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -17604,7 +17674,7 @@ index 6274f5f..7342ebb 100644 jmp system_call_fastpath /* -@@ -591,16 +889,20 @@ tracesys: +@@ -591,16 +918,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -17626,7 +17696,7 @@ index 6274f5f..7342ebb 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -612,7 +914,7 @@ tracesys: +@@ -612,7 +943,7 @@ tracesys: GLOBAL(int_ret_from_sys_call) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -17635,7 +17705,7 @@ index 6274f5f..7342ebb 100644 je retint_restore_args movl $_TIF_ALLWORK_MASK,%edi /* edi: mask to check */ -@@ -623,7 +925,9 @@ GLOBAL(int_with_check) +@@ -623,7 +954,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -17646,7 +17716,7 @@ index 6274f5f..7342ebb 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -669,7 +973,7 @@ int_restore_rest: +@@ -669,7 +1002,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -17655,7 +17725,7 @@ index 6274f5f..7342ebb 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -685,7 +989,7 @@ ENTRY(\label) +@@ -685,7 +1018,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -17664,7 +17734,7 @@ index 6274f5f..7342ebb 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -703,9 +1007,10 @@ ENTRY(ptregscall_common) +@@ -703,9 +1036,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -17676,7 +17746,7 @@ index 6274f5f..7342ebb 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -720,7 +1025,7 @@ ENTRY(stub_execve) +@@ -720,7 +1054,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17685,7 +17755,7 @@ index 6274f5f..7342ebb 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -738,7 +1043,7 @@ ENTRY(stub_rt_sigreturn) +@@ -738,7 +1072,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17694,7 +17764,7 @@ index 6274f5f..7342ebb 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -773,7 +1078,7 @@ vector=vector+1 +@@ -773,7 +1107,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -17703,7 +17773,7 @@ index 6274f5f..7342ebb 100644 .previous END(interrupt) -@@ -793,6 +1098,16 @@ END(interrupt) +@@ -793,6 +1127,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -17720,7 +17790,7 @@ index 6274f5f..7342ebb 100644 call \func .endm -@@ -824,7 +1139,7 @@ ret_from_intr: +@@ -824,7 +1168,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -17729,7 +17799,7 @@ index 6274f5f..7342ebb 100644 je retint_kernel /* Interrupt came from user space */ -@@ -846,12 +1161,16 @@ retint_swapgs: /* return to user-space */ +@@ -846,12 +1190,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -17746,7 +17816,7 @@ index 6274f5f..7342ebb 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1259,7 @@ ENTRY(retint_kernel) +@@ -940,7 +1288,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -17755,7 +17825,7 @@ index 6274f5f..7342ebb 100644 /* * End of kprobes section */ -@@ -956,7 +1275,7 @@ ENTRY(\sym) +@@ -956,7 +1304,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -17764,7 +17834,7 @@ index 6274f5f..7342ebb 100644 .endm #ifdef CONFIG_SMP -@@ -1021,12 +1340,22 @@ ENTRY(\sym) +@@ -1021,12 +1369,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17788,7 +17858,7 @@ index 6274f5f..7342ebb 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1038,15 +1367,25 @@ ENTRY(\sym) +@@ -1038,15 +1396,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17816,7 +17886,7 @@ index 6274f5f..7342ebb 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1056,14 +1395,30 @@ ENTRY(\sym) +@@ -1056,14 +1424,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17848,7 +17918,7 @@ index 6274f5f..7342ebb 100644 .endm .macro errorentry sym do_sym -@@ -1074,13 +1429,23 @@ ENTRY(\sym) +@@ -1074,13 +1458,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17873,7 +17943,7 @@ index 6274f5f..7342ebb 100644 .endm /* error code is on the stack already */ -@@ -1093,13 +1458,23 @@ ENTRY(\sym) +@@ -1093,13 +1487,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -17898,7 +17968,7 @@ index 6274f5f..7342ebb 100644 .endm zeroentry divide_error do_divide_error -@@ -1129,9 +1504,10 @@ gs_change: +@@ -1129,9 +1533,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -17910,7 +17980,7 @@ index 6274f5f..7342ebb 100644 .section __ex_table,"a" .align 8 -@@ -1153,13 +1529,14 @@ ENTRY(kernel_thread_helper) +@@ -1153,13 +1558,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -17926,7 +17996,7 @@ index 6274f5f..7342ebb 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1186,11 +1563,11 @@ ENTRY(kernel_execve) +@@ -1186,11 +1592,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -17940,7 +18010,7 @@ index 6274f5f..7342ebb 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1208,9 +1585,10 @@ ENTRY(call_softirq) +@@ -1208,9 +1614,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -17952,7 +18022,7 @@ index 6274f5f..7342ebb 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1248,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1248,7 +1655,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -17961,7 +18031,7 @@ index 6274f5f..7342ebb 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1307,7 +1685,7 @@ ENTRY(xen_failsafe_callback) +@@ -1307,7 +1714,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -17970,7 +18040,7 @@ index 6274f5f..7342ebb 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1356,16 +1734,31 @@ ENTRY(paranoid_exit) +@@ -1356,16 +1763,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -18003,7 +18073,7 @@ index 6274f5f..7342ebb 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1394,7 +1787,7 @@ paranoid_schedule: +@@ -1394,7 +1816,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -18012,7 +18082,7 @@ index 6274f5f..7342ebb 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1421,12 +1814,13 @@ ENTRY(error_entry) +@@ -1421,12 +1843,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -18027,7 +18097,7 @@ index 6274f5f..7342ebb 100644 ret /* -@@ -1453,7 +1847,7 @@ bstep_iret: +@@ -1453,7 +1876,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -18036,7 +18106,7 @@ index 6274f5f..7342ebb 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1473,7 +1867,7 @@ ENTRY(error_exit) +@@ -1473,7 +1896,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -18045,54 +18115,38 @@ index 6274f5f..7342ebb 100644 /* runs on exception stack */ -@@ -1485,6 +1879,16 @@ ENTRY(nmi) +@@ -1485,6 +1908,8 @@ ENTRY(nmi) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid DEFAULT_FRAME 0 -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ testb $3, CS(%rsp) -+ jnz 1f -+ pax_enter_kernel -+ jmp 2f -+1: pax_enter_kernel_user -+2: -+#else -+ pax_enter_kernel -+#endif ++ pax_enter_kernel_nmi ++ /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,12 +1899,28 @@ ENTRY(nmi) +@@ -1493,15 +1918,19 @@ ENTRY(nmi) + /* paranoidexit; without TRACE_IRQS_OFF */ + /* ebx: no swapgs flag */ DISABLE_INTERRUPTS(CLBR_NONE) - testl %ebx,%ebx /* swapgs needed? */ +- testl %ebx,%ebx /* swapgs needed? */ ++ testl $1,%ebx /* swapgs needed? */ jnz nmi_restore -- testl $3,CS(%rsp) -+ testb $3,CS(%rsp) + testl $3,CS(%rsp) jnz nmi_userspace -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel -+ SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 -+ pax_force_retaddr_bts -+ jmp irq_return -+#endif nmi_swapgs: -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel_user -+#else -+ pax_exit_kernel -+#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 -+ jmp irq_return nmi_restore: -+ pax_exit_kernel ++ pax_exit_kernel_nmi RESTORE_ALL 8 +- jmp irq_return ++ testb $3, 8(%rsp) ++ jnz 1f + pax_force_retaddr_bts - jmp irq_return ++1: jmp irq_return nmi_userspace: GET_THREAD_INFO(%rcx) -@@ -1529,14 +1949,14 @@ nmi_schedule: + movl TI_flags(%rcx),%ebx +@@ -1529,14 +1958,14 @@ nmi_schedule: jmp paranoid_exit CFI_ENDPROC #endif @@ -21872,7 +21926,7 @@ index 04b8726..0c35b29 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 0f703f1..3b426f3 100644 +index 0f703f1..cd7e91b 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -21957,7 +22011,7 @@ index 0f703f1..3b426f3 100644 + . = ALIGN(PAGE_SIZE); + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) { + -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES) ++#ifdef CONFIG_PAX_KERNEXEC + MODULES_EXEC_VADDR = .; + BYTE(0) + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024); @@ -29985,6 +30039,47 @@ index 7b72502..646105c 100644 if (err) { err = -EFAULT; goto out; +diff --git a/block/genhd.c b/block/genhd.c +index 6edf228..078f68b9 100644 +--- a/block/genhd.c ++++ b/block/genhd.c +@@ -474,21 +474,24 @@ static char *bdevt_str(dev_t devt, char *buf) + + /* + * Register device numbers dev..(dev+range-1) +- * range must be nonzero ++ * Noop if @range is zero. + * The hash chain is sorted on range, so that subranges can override. + */ + void blk_register_region(dev_t devt, unsigned long range, struct module *module, + struct kobject *(*probe)(dev_t, int *, void *), + int (*lock)(dev_t, void *), void *data) + { +- kobj_map(bdev_map, devt, range, module, probe, lock, data); ++ if (range) ++ kobj_map(bdev_map, devt, range, module, probe, lock, data); + } + + EXPORT_SYMBOL(blk_register_region); + ++/* undo blk_register_region(), noop if @range is zero */ + void blk_unregister_region(dev_t devt, unsigned long range) + { +- kobj_unmap(bdev_map, devt, range); ++ if (range) ++ kobj_unmap(bdev_map, devt, range); + } + + EXPORT_SYMBOL(blk_unregister_region); +@@ -519,7 +522,7 @@ void register_disk(struct gendisk *disk) + + ddev->parent = disk->driverfs_dev; + +- dev_set_name(ddev, disk->disk_name); ++ dev_set_name(ddev, "%s", disk->disk_name); + + /* delay uevents, until we scanned partition table */ + dev_set_uevent_suppress(ddev, 1); diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index 9e76a32..48d7145 100644 --- a/block/scsi_ioctl.c @@ -30040,6 +30135,19 @@ index 9e76a32..48d7145 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/algapi.c b/crypto/algapi.c +index 54dd4e3..27ea1b0 100644 +--- a/crypto/algapi.c ++++ b/crypto/algapi.c +@@ -477,7 +477,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name) + + struct crypto_template *crypto_lookup_template(const char *name) + { +- return try_then_request_module(__crypto_lookup_template(name), name); ++ return try_then_request_module(__crypto_lookup_template(name), "%s", name); + } + EXPORT_SYMBOL_GPL(crypto_lookup_template); + diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -30117,6 +30225,19 @@ index 5b63b8d..6f46ba0 100644 if (strlen(p->cru_driver_name)) exact = 1; +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c +index 29a89da..7e23990 100644 +--- a/crypto/pcrypt.c ++++ b/crypto/pcrypt.c +@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) + int ret; + + pinst->kobj.kset = pcrypt_kset; +- ret = kobject_add(&pinst->kobj, NULL, name); ++ ret = kobject_add(&pinst->kobj, NULL, "%s", name); + if (!ret) + kobject_uevent(&pinst->kobj, KOBJ_ADD); + diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h index f57050e..7ccfc74 100644 --- a/drivers/acpi/apei/apei-internal.h @@ -31369,8 +31490,21 @@ index d889f56..17eb71e 100644 wake_up(&zatm_vcc->tx_wait); } +diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c +index 8fc200b..32763bb 100644 +--- a/drivers/base/attribute_container.c ++++ b/drivers/base/attribute_container.c +@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev, + ic->classdev.parent = get_device(dev); + ic->classdev.class = cont->class; + cont->class->dev_release = attribute_container_release; +- dev_set_name(&ic->classdev, dev_name(dev)); ++ dev_set_name(&ic->classdev, "%s", dev_name(dev)); + if (fn) + fn(cont, dev, &ic->classdev); + else diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index a4760e0..51283cf 100644 +index a4760e0..ea524a0 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir) @@ -31382,6 +31516,21 @@ index a4760e0..51283cf 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else +@@ -393,11 +393,11 @@ static int devtmpfsd(void *p) + *err = sys_unshare(CLONE_NEWNS); + if (*err) + goto out; +- *err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options); ++ *err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)"/", (char __force_user *)"devtmpfs", MS_SILENT, (char __force_user *)options); + if (*err) + goto out; +- sys_chdir("/.."); /* will traverse into overmounted root */ +- sys_chroot("."); ++ sys_chdir((char __force_user *)"/.."); /* will traverse into overmounted root */ ++ sys_chroot((char __force_user *)"."); + complete(&setup_done); + while (1) { + spin_lock(&req_lock); diff --git a/drivers/base/node.c b/drivers/base/node.c index 5693ece..e39a621 100644 --- a/drivers/base/node.c @@ -31409,6 +31558,19 @@ index 5693ece..e39a621 100644 static ssize_t show_node_state(struct sysdev_class *class, struct sysdev_class_attribute *attr, char *buf) +diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c +index adf41be0..b044daf 100644 +--- a/drivers/base/power/sysfs.c ++++ b/drivers/base/power/sysfs.c +@@ -184,7 +184,7 @@ static ssize_t rtpm_status_show(struct device *dev, + return -EIO; + } + } +- return sprintf(buf, p); ++ return sprintf(buf, "%s", p); + } + + static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL); diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c index caf995f..6f76697 100644 --- a/drivers/base/power/wakeup.c @@ -32024,6 +32186,19 @@ index a365562..933bbbd 100644 set_fs(old_fs); if (likely(bw == len)) return 0; +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c +index 40a0fcb..556767c 100644 +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -675,7 +675,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo, + + mutex_unlock(&lo->tx_lock); + +- thread = kthread_create(nbd_thread, lo, lo->disk->disk_name); ++ thread = kthread_create(nbd_thread, lo, "%s", lo->disk->disk_name); + if (IS_ERR(thread)) { + mutex_lock(&lo->tx_lock); + return PTR_ERR(thread); diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c index a63b0a2..30228d1 100644 --- a/drivers/block/pktcdvd.c @@ -32038,7 +32213,7 @@ index a63b0a2..30228d1 100644 static DEFINE_MUTEX(pktcdvd_mutex); static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index 2678b6f..d82ca54 100644 +index 2678b6f..a691234 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -419,7 +419,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -32089,6 +32264,15 @@ index 2678b6f..d82ca54 100644 if (cgc->buffer == NULL) return -ENOMEM; +@@ -3432,7 +3433,7 @@ static int cdrom_print_info(const char *header, int val, char *info, + struct cdrom_device_info *cdi; + int ret; + +- ret = scnprintf(info + *pos, max_size - *pos, header); ++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header); + if (!ret) + return 1; + diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c index 3ceaf00..e3c3d38 100644 --- a/drivers/cdrom/gdrom.c @@ -32123,8 +32307,21 @@ index 4364303..9adf4ee 100644 default y source "drivers/s390/char/Kconfig" +diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c +index a48e05b..6bac831 100644 +--- a/drivers/char/agp/compat_ioctl.c ++++ b/drivers/char/agp/compat_ioctl.c +@@ -108,7 +108,7 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user + return -ENOMEM; + } + +- if (copy_from_user(usegment, (void __user *) ureserve.seg_list, ++ if (copy_from_user(usegment, (void __force_user *) ureserve.seg_list, + sizeof(*usegment) * ureserve.seg_count)) { + kfree(usegment); + kfree(ksegment); diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c -index 2e04433..22afc64 100644 +index 2e04433..771f2cc 100644 --- a/drivers/char/agp/frontend.c +++ b/drivers/char/agp/frontend.c @@ -817,7 +817,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) @@ -32136,6 +32333,15 @@ index 2e04433..22afc64 100644 return -EFAULT; client = agp_find_client_by_pid(reserve.pid); +@@ -847,7 +847,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg) + if (segment == NULL) + return -ENOMEM; + +- if (copy_from_user(segment, (void __user *) reserve.seg_list, ++ if (copy_from_user(segment, (void __force_user *) reserve.seg_list, + sizeof(struct agp_segment) * reserve.seg_count)) { + kfree(segment); + return -EFAULT; diff --git a/drivers/char/briq_panel.c b/drivers/char/briq_panel.c index 095ab90..afad0a4 100644 --- a/drivers/char/briq_panel.c @@ -32206,6 +32412,19 @@ index 14d49e4..d331fd8 100644 struct hpet_info *info) { struct hpet_timer __iomem *timer; +diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c +index 86fe45c..c0ea948 100644 +--- a/drivers/char/hw_random/intel-rng.c ++++ b/drivers/char/hw_random/intel-rng.c +@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n"; + + if (no_fwh_detect) + return -ENODEV; +- printk(warning); ++ printk("%s", warning); + return -EBUSY; + } + diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 58c0e63..46c16bf 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c @@ -32288,7 +32507,7 @@ index 1aeaaba..e018570 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 1451790..d42d89d 100644 +index 1451790..046b083 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -32369,6 +32588,15 @@ index 1451790..d42d89d 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; +@@ -376,7 +407,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf, + else + csize = count; + +- rc = copy_oldmem_page(pfn, buf, csize, offset, 1); ++ rc = copy_oldmem_page(pfn, (char __force_kernel *)buf, csize, offset, 1); + if (rc < 0) + return rc; + buf += csize; @@ -396,9 +427,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -32435,6 +32663,15 @@ index 1451790..d42d89d 100644 }; static int memory_open(struct inode *inode, struct file *filp) +@@ -931,7 +986,7 @@ static int __init chr_dev_init(void) + if (!devlist[minor].name) + continue; + device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), +- NULL, devlist[minor].name); ++ NULL, "%s", devlist[minor].name); + } + + return tty_init(); diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c index c689697..04e6d6a2 100644 --- a/drivers/char/mwave/tp3780i.c @@ -32937,6 +33174,19 @@ index 1e756e1..6f7ead5 100644 .attrs = cpuclass_default_attrs, .name = "cpuidle", }; +diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c +index 59d24e9..0d20240 100644 +--- a/drivers/devfreq/devfreq.c ++++ b/drivers/devfreq/devfreq.c +@@ -372,7 +372,7 @@ struct devfreq *devfreq_add_device(struct device *dev, + = msecs_to_jiffies(devfreq->profile->polling_ms); + devfreq->nb.notifier_call = devfreq_notifier_call; + +- dev_set_name(&devfreq->dev, dev_name(dev)); ++ dev_set_name(&devfreq->dev, "%s", dev_name(dev)); + err = device_register(&devfreq->dev); + if (err) { + put_device(&devfreq->dev); diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c index eb1d864..39ee5a7 100644 --- a/drivers/dma/dmatest.c @@ -33598,6 +33848,28 @@ index 40c187c..59da444 100644 ++file_priv->ioctl_count; DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", +diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c +index fb94355..e1fcec5 100644 +--- a/drivers/gpu/drm/drm_encoder_slave.c ++++ b/drivers/gpu/drm/drm_encoder_slave.c +@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev, + struct i2c_adapter *adap, + const struct i2c_board_info *info) + { +- char modalias[sizeof(I2C_MODULE_PREFIX) +- + I2C_NAME_SIZE]; + struct module *module = NULL; + struct i2c_client *client; + struct drm_i2c_encoder_driver *encoder_drv; + int err = 0; + +- snprintf(modalias, sizeof(modalias), +- "%s%s", I2C_MODULE_PREFIX, info->type); +- request_module(modalias); ++ request_module("%s%s", I2C_MODULE_PREFIX, info->type); + + client = i2c_new_device(adap, info); + if (!client) { diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index 020b103..68ae292 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -33847,6 +34119,19 @@ index 632ae24..244cf4a 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ +diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c +index 0f9ef9b..48bd695 100644 +--- a/drivers/gpu/drm/drm_sysfs.c ++++ b/drivers/gpu/drm/drm_sysfs.c +@@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event); + int drm_sysfs_device_add(struct drm_minor *minor) + { + int err; +- char *minor_str; ++ const char *minor_str; + + minor->kdev.parent = minor->dev->dev; + diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c index 8f371e8..9f85d52 100644 --- a/drivers/gpu/drm/i810/i810_dma.c @@ -34939,6 +35224,28 @@ index 63db75d..999004d 100644 dev_warn(rdev->dev, "failed blitter (%d) falling back to memcpy\n", r); } +diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c +index e70ddd8..ddfa1cd 100644 +--- a/drivers/gpu/drm/ttm/ttm_memory.c ++++ b/drivers/gpu/drm/ttm/ttm_memory.c +@@ -263,7 +263,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_kernel = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; +@@ -346,7 +346,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_dma32 = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c index 9e4313e..46fad36 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -35104,6 +35411,28 @@ index a0c2f12..68ae6cb 100644 } while (*seqno == 0); if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) { +diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c +index 66917c6..2dcc8ae 100644 +--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c ++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c +@@ -135,7 +135,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data, + int ret; + + num_clips = arg->num_clips; +- clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr; ++ clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr; + + if (unlikely(num_clips == 0)) + return 0; +@@ -221,7 +221,7 @@ int vmw_present_readback_ioctl(struct drm_device *dev, void *data, + int ret; + + num_clips = arg->num_clips; +- clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr; ++ clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr; + + if (unlikely(num_clips == 0)) + return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c index cabc95f..14b3d77 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c @@ -35443,6 +35772,19 @@ index 29015eb..af2d8e9 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(nforce2_lock); +diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c +index 57a45ce8..51bd6c1 100644 +--- a/drivers/i2c/i2c-dev.c ++++ b/drivers/i2c/i2c-dev.c +@@ -276,7 +276,7 @@ static noinline int i2cdev_ioctl_rdrw(struct i2c_client *client, + res = -EINVAL; + break; + } +- data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf; ++ data_ptrs[i] = (u8 __force_user *)rdwr_pa[i].buf; + rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len); + if (IS_ERR(rdwr_pa[i].buf)) { + res = PTR_ERR(rdwr_pa[i].buf); diff --git a/drivers/ide/aec62xx.c b/drivers/ide/aec62xx.c index 57d00ca..0145194 100644 --- a/drivers/ide/aec62xx.c @@ -38106,6 +38448,59 @@ index a0895bf..b451f5b 100644 .owner = THIS_MODULE, .open = timblogiw_open, .release = timblogiw_close, +diff --git a/drivers/media/video/v4l2-compat-ioctl32.c b/drivers/media/video/v4l2-compat-ioctl32.c +index c68531b..82a9ea0 100644 +--- a/drivers/media/video/v4l2-compat-ioctl32.c ++++ b/drivers/media/video/v4l2-compat-ioctl32.c +@@ -332,7 +332,7 @@ struct v4l2_buffer32 { + __u32 reserved; + }; + +-static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32, ++static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32, + enum v4l2_memory memory) + { + void __user *up_pln; +@@ -358,7 +358,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32, + return 0; + } + +-static int put_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32, ++static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32, + enum v4l2_memory memory) + { + if (copy_in_user(up32, up, 2 * sizeof(__u32)) || +diff --git a/drivers/media/video/v4l2-ioctl.c b/drivers/media/video/v4l2-ioctl.c +index 639abee..e2336f4 100644 +--- a/drivers/media/video/v4l2-ioctl.c ++++ b/drivers/media/video/v4l2-ioctl.c +@@ -2197,7 +2197,7 @@ static unsigned long cmd_input_size(unsigned int cmd) + } + + static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, +- void * __user *user_ptr, void ***kernel_ptr) ++ void __user **user_ptr, void ***kernel_ptr) + { + int ret = 0; + +@@ -2212,7 +2212,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, + ret = -EINVAL; + break; + } +- *user_ptr = (void __user *)buf->m.planes; ++ *user_ptr = (void __force_user *)buf->m.planes; + *kernel_ptr = (void *)&buf->m.planes; + *array_size = sizeof(struct v4l2_plane) * buf->length; + ret = 1; +@@ -2230,7 +2230,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, + ret = -EINVAL; + break; + } +- *user_ptr = (void __user *)ctrls->controls; ++ *user_ptr = (void __force_user *)ctrls->controls; + *kernel_ptr = (void *)&ctrls->controls; + *array_size = sizeof(struct v4l2_ext_control) + * ctrls->count; diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c index 668f5c6..65df5f2 100644 --- a/drivers/memstick/host/r592.c @@ -46886,6 +47281,19 @@ index 081dc47..6e20d0b 100644 info->var.accel_flags = (!noaccel); +diff --git a/drivers/video/output.c b/drivers/video/output.c +index 0d6f2cd..6285b97 100644 +--- a/drivers/video/output.c ++++ b/drivers/video/output.c +@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name, + new_dev->props = op; + new_dev->dev.class = &video_output_class; + new_dev->dev.parent = dev; +- dev_set_name(&new_dev->dev, name); ++ dev_set_name(&new_dev->dev, "%s", name); + dev_set_drvdata(&new_dev->dev, devdata); + ret_code = device_register(&new_dev->dev); + if (ret_code) { diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c index 28b1c6c..b9939d9 100644 --- a/drivers/video/s1d13xxxfb.c @@ -47311,6 +47719,19 @@ index fef20db..d28b1ab 100644 if (!file->private_data) return -ENOMEM; return 0; +diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c +index 2524e4c..2962cc6a 100644 +--- a/fs/9p/vfs_addr.c ++++ b/fs/9p/vfs_addr.c +@@ -185,7 +185,7 @@ static int v9fs_vfs_writepage_locked(struct page *page) + + retval = v9fs_file_write_internal(inode, + v9inode->writeback_fid, +- (__force const char __user *)buffer, ++ (const char __force_user *)buffer, + len, &offset, 0); + if (retval > 0) + retval = 0; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 879ed88..bc03a01 100644 --- a/fs/9p/vfs_inode.c @@ -47649,7 +48070,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..315240a 100644 +index 8dd615c..ff7ac04 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -47884,7 +48305,7 @@ index 8dd615c..315240a 100644 +#endif + +#ifdef CONFIG_PAX_EMUTRAMP -+ if (pax_flags_softmode & MF_PAX_EMUTRAMP) ++ if ((pax_flags_softmode & MF_PAX_EMUTRAMP) && (pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))) + pax_flags |= MF_PAX_EMUTRAMP; +#endif + @@ -49414,7 +49835,7 @@ index 112e45a..b59845b 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index f854cf9..93292ff 100644 +index f854cf9..d513829 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, @@ -49426,6 +49847,17 @@ index f854cf9..93292ff 100644 if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || __get_user(ss.port_high, &ss32->port_high)) return -EFAULT; +@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd, + for (i = 0; i < nmsgs; i++) { + if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16))) + return -EFAULT; +- if (get_user(datap, &umsgs[i].buf) || +- put_user(compat_ptr(datap), &tmsgs[i].buf)) ++ if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) || ++ put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf)) + return -EFAULT; + } + return sys_ioctl(fd, cmd, (unsigned long)tdata); @@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file, copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) || copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) || @@ -49670,7 +50102,7 @@ index 451b9b8..12e5a03 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 312e297..4c133f2 100644 +index 312e297..699f362 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,35 @@ @@ -49864,7 +50296,7 @@ index 312e297..4c133f2 100644 mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { - .ptr.native = (const char __user *const __user *)__argv, -+ .ptr.native = (const char __force_user *const __force_user *)__argv, ++ .ptr.native = (const char __force_user * const __force_user *)__argv, }; set_fs(KERNEL_DS); @@ -50897,8 +51329,21 @@ index 9243103..750691a 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; +diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c +index f3358ab..fbb1d90 100644 +--- a/fs/ext4/mmp.c ++++ b/fs/ext4/mmp.c +@@ -73,7 +73,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, + void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, + const char *function, unsigned int line, const char *msg) + { +- __ext4_warning(sb, function, line, msg); ++ __ext4_warning(sb, function, line, "%s", msg); + __ext4_warning(sb, function, line, + "MMP failure info: last update time: %llu, last update " + "node: %s, last update device: %s\n", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 259e950..ee9c9f3 100644 +index 259e950..2d40e76 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = { @@ -50919,6 +51364,15 @@ index 259e950..ee9c9f3 100644 #define IS_EXT3_SB(sb) ((sb)->s_bdev->bd_holder == &ext3_fs_type) #else #define IS_EXT3_SB(sb) (0) +@@ -1438,7 +1442,7 @@ static ext4_fsblk_t get_sb_block(void **data) + } + + #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3)) +-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" ++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" + "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; + + #ifdef CONFIG_QUOTA @@ -2469,7 +2473,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); @@ -52976,6 +53430,19 @@ index 8392cb8..80d6193 100644 memcpy(c->data, &cookie, 4); c->len=4; +diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c +index 2444780..2544030 100644 +--- a/fs/lockd/svc.c ++++ b/fs/lockd/svc.c +@@ -295,7 +295,7 @@ int lockd_up(void) + svc_sock_update_bufs(serv); + serv->sv_maxconn = nlm_max_connections; + +- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name); ++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name); + if (IS_ERR(nlmsvc_task)) { + error = PTR_ERR(nlmsvc_task); + svc_exit_thread(nlmsvc_rqst); diff --git a/fs/locks.c b/fs/locks.c index fcc50ab..c3dacf26 100644 --- a/fs/locks.c @@ -53617,7 +54084,7 @@ index 9680cef..36c9152 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index ca4913a..8d4cf9e 100644 +index ca4913a..4d493ac 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1327,6 +1327,9 @@ static int do_umount(struct vfsmount *mnt, int flags) @@ -53640,6 +54107,24 @@ index ca4913a..8d4cf9e 100644 return retval; } +@@ -1357,7 +1363,7 @@ static int do_umount(struct vfsmount *mnt, int flags) + * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD + */ + +-SYSCALL_DEFINE2(umount, char __user *, name, int, flags) ++SYSCALL_DEFINE2(umount, const char __user *, name, int, flags) + { + struct path path; + int retval; +@@ -1396,7 +1402,7 @@ out: + /* + * The 2.0 compatible umount. No flags. + */ +-SYSCALL_DEFINE1(oldumount, char __user *, name) ++SYSCALL_DEFINE1(oldumount, const char __user *, name) + { + return sys_umount(name, 0); + } @@ -2337,6 +2343,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -53667,6 +54152,17 @@ index ca4913a..8d4cf9e 100644 return retval; } +@@ -2518,8 +2537,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) + } + EXPORT_SYMBOL(mount_subtree); + +-SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, +- char __user *, type, unsigned long, flags, void __user *, data) ++SYSCALL_DEFINE5(mount, const char __user *, dev_name, const char __user *, dir_name, ++ const char __user *, type, unsigned long, flags, void __user *, data) + { + int ret; + char *kernel_type; @@ -2606,6 +2625,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -53691,6 +54187,30 @@ index cbd1a61..b43f68b 100644 static int __init init_ncp_fs(void) { +diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c +index 516f337..82a82df 100644 +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -250,7 +250,6 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt) + struct svc_rqst *rqstp; + int (*callback_svc)(void *vrqstp); + struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; +- char svc_name[12]; + int ret = 0; + int minorversion_setup; + +@@ -280,10 +279,9 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt) + + svc_sock_update_bufs(serv); + +- sprintf(svc_name, "nfsv4.%u-svc", minorversion); + cb_info->serv = serv; + cb_info->rqst = rqstp; +- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name); ++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion); + if (IS_ERR(cb_info->task)) { + ret = PTR_ERR(cb_info->task); + svc_exit_thread(cb_info->rqst); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c index 168cb93..20486571 100644 --- a/fs/nfs/callback_xdr.c @@ -53846,10 +54366,10 @@ index ade5316..f1a6152 100644 }; diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index 2cbac34..06593b2 100644 +index 2cbac34..21c9120 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -259,13 +259,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -259,13 +259,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) { struct svc_cacherep *rp; struct kvec *resv = &rqstp->rq_res.head[0], *cachv; @@ -53862,7 +54382,8 @@ index 2cbac34..06593b2 100644 - len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); - len >>= 2; + if (statp) { -+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); ++ len = (char*)statp - (char*)resv->iov_base; ++ len = resv->iov_len - len; + len >>= 2; + } @@ -55943,6 +56464,36 @@ index 980de54..78b2faa 100644 if (!mm || IS_ERR(mm)) { put_task_struct(priv->task); priv->task = NULL; +diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c +index b0f450a..8ba3e5d 100644 +--- a/fs/proc/vmcore.c ++++ b/fs/proc/vmcore.c +@@ -97,9 +97,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count, + nr_bytes = count; + + /* If pfn is not ram, return zeros for sparse dump files */ +- if (pfn_is_ram(pfn) == 0) +- memset(buf, 0, nr_bytes); +- else { ++ if (pfn_is_ram(pfn) == 0) { ++ if (userbuf) { ++ if (clear_user((char __force_user *)buf, nr_bytes)) ++ return -EFAULT; ++ } else ++ memset(buf, 0, nr_bytes); ++ } else { + tmp = copy_oldmem_page(pfn, buf, nr_bytes, + offset, userbuf); + if (tmp < 0) +@@ -184,7 +188,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer, + tsz = nr_bytes; + + while (buflen) { +- tmp = read_from_oldmem(buffer, tsz, &start, 1); ++ tmp = read_from_oldmem((char __force_kernel *)buffer, tsz, &start, 1); + if (tmp < 0) + return tmp; + buflen -= tsz; diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c index 3bdd214..e570832 100644 --- a/fs/qnx4/inode.c @@ -72401,9 +72952,25 @@ index ea0c02f..0eed39d 100644 #ifdef __arch_swab64 return __arch_swab64(val); diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index 86a24b1..5991c65 100644 +index 86a24b1..58153f1 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h +@@ -392,11 +392,11 @@ asmlinkage long sys_sync(void); + asmlinkage long sys_fsync(unsigned int fd); + asmlinkage long sys_fdatasync(unsigned int fd); + asmlinkage long sys_bdflush(int func, long data); +-asmlinkage long sys_mount(char __user *dev_name, char __user *dir_name, +- char __user *type, unsigned long flags, ++asmlinkage long sys_mount(const char __user *dev_name, const char __user *dir_name, ++ const char __user *type, unsigned long flags, + void __user *data); +-asmlinkage long sys_umount(char __user *name, int flags); +-asmlinkage long sys_oldumount(char __user *name); ++asmlinkage long sys_umount(const char __user *name, int flags); ++asmlinkage long sys_oldumount(const char __user *name); + asmlinkage long sys_truncate(const char __user *path, long length); + asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length); + asmlinkage long sys_stat(const char __user *filename, @@ -608,7 +608,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *); asmlinkage long sys_send(int, void __user *, size_t, unsigned); @@ -72829,7 +73396,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 4bde182..86b5ac7 100644 +index 4bde182..dff01df 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -72837,7 +73404,7 @@ index 4bde182..86b5ac7 100644 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */ #define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */ + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) +#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */ +#endif + @@ -74055,7 +74622,7 @@ index 32c4799..c27ee74 100644 sys_ioctl(fd, RAID_AUTORUN, raid_autopart); sys_close(fd); diff --git a/init/initramfs.c b/init/initramfs.c -index 2531811..040d4d4 100644 +index 2531811..4f036c4 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -74,7 +74,7 @@ static void __init free_hash(void) @@ -74166,6 +74733,15 @@ index 2531811..040d4d4 100644 state = SkipIt; next_state = Reset; return 0; +@@ -573,7 +573,7 @@ static int __init populate_rootfs(void) + { + char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size); + if (err) +- panic(err); /* Failed to decompress INTERNAL initramfs */ ++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */ + if (initrd_start) { + #ifdef CONFIG_BLK_DEV_RAM + int fd; diff --git a/init/main.c b/init/main.c index 5d0eb1d..19ff85b 100644 --- a/init/main.c @@ -80553,9 +81129,18 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/kobject.c b/lib/kobject.c -index 83bd5b3..a0de35f 100644 +index 83bd5b3..8a0c75f 100644 --- a/lib/kobject.c +++ b/lib/kobject.c +@@ -844,7 +844,7 @@ static struct kset *kset_create(const char *name, + kset = kzalloc(sizeof(*kset), GFP_KERNEL); + if (!kset) + return NULL; +- retval = kobject_set_name(&kset->kobj, name); ++ retval = kobject_set_name(&kset->kobj, "%s", name); + if (retval) { + kfree(kset); + return NULL; @@ -898,9 +898,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); @@ -80926,6 +81511,28 @@ index 011b110..fad8776 100644 select PROC_PAGE_MONITOR config NOMMU_INITIAL_TRIM_EXCESS +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index 2b49dd2..00bdcdb 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -759,7 +759,6 @@ EXPORT_SYMBOL(bdi_destroy); + int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + unsigned int cap) + { +- char tmp[32]; + int err; + + bdi->name = name; +@@ -768,8 +767,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + if (err) + return err; + +- sprintf(tmp, "%.28s%s", name, "-%d"); +- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); ++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq)); + if (err) { + bdi_destroy(bdi); + return err; diff --git a/mm/filemap.c b/mm/filemap.c index 556858c..ec09758 100644 --- a/mm/filemap.c @@ -85105,7 +85712,7 @@ index 8105be4..e1af823 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 5710788..431fdf8 100644 +index 5710788..12ea6c9 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -186,7 +186,7 @@ static enum { @@ -85395,6 +86002,15 @@ index 5710788..431fdf8 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; +@@ -5265,7 +5348,7 @@ static int sysfs_slab_add(struct kmem_cache *s) + } + + s->kobj.kset = slab_kset; +- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name); ++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name); + if (err) { + kobject_put(&s->kobj); + return err; @@ -5299,6 +5382,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); @@ -85531,7 +86147,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index eeba3bb..8555cab 100644 +index eeba3bb..5ebaf67 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -85541,7 +86157,7 @@ index eeba3bb..8555cab 100644 - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte); - WARN_ON(!pte_none(ptent) && !pte_present(ptent)); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) { + BUG_ON(!pte_exec(*pte)); + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC)); @@ -85566,7 +86182,7 @@ index eeba3bb..8555cab 100644 struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(*pte))) -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if (pgprot_val(prot) & _PAGE_NX) +#endif + @@ -85606,14 +86222,7 @@ index eeba3bb..8555cab 100644 if (!pud) return -ENOMEM; do { -@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x) - * and fall back on vmalloc() if that fails. Others - * just put it in the vmalloc space. - */ --#if defined(CONFIG_MODULES) && defined(MODULES_VADDR) -+#ifdef CONFIG_MODULES -+#ifdef MODULES_VADDR - unsigned long addr = (unsigned long)x; +@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x) if (addr >= MODULES_VADDR && addr < MODULES_END) return 1; #endif @@ -85623,12 +86232,10 @@ index eeba3bb..8555cab 100644 + return 1; +#endif + -+#endif -+ return is_vmalloc_addr(x); } -@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) +@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) if (!pgd_none(*pgd)) { pud_t *pud = pud_offset(pgd, addr); @@ -85643,7 +86250,7 @@ index eeba3bb..8555cab 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void); +@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void); * Allocate a region of KVA of the specified size and alignment, within the * vstart and vend. */ @@ -85652,12 +86259,12 @@ index eeba3bb..8555cab 100644 unsigned long align, unsigned long vstart, unsigned long vend, int node, gfp_t gfp_mask) -@@ -1295,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1295,6 +1331,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (flags & VM_KERNEXEC) { + if (start != VMALLOC_START || end != VMALLOC_END) + return NULL; @@ -85669,11 +86276,11 @@ index eeba3bb..8555cab 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1527,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1527,6 +1573,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + flags |= VM_KERNEXEC; +#endif @@ -85681,11 +86288,11 @@ index eeba3bb..8555cab 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1628,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1628,6 +1679,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC, + VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); @@ -85695,7 +86302,7 @@ index eeba3bb..8555cab 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1801,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1801,10 +1859,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -85707,7 +86314,7 @@ index eeba3bb..8555cab 100644 -1, __builtin_return_address(0)); } -@@ -2099,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2099,6 +2156,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -85716,7 +86323,7 @@ index eeba3bb..8555cab 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2351,8 +2413,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, +@@ -2351,8 +2410,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, return NULL; } @@ -85727,7 +86334,7 @@ index eeba3bb..8555cab 100644 if (!vas || !vms) goto err_free; -@@ -2536,11 +2598,15 @@ static int s_show(struct seq_file *m, void *p) +@@ -2536,11 +2595,15 @@ static int s_show(struct seq_file *m, void *p) { struct vm_struct *v = p; @@ -89859,7 +90466,7 @@ index 14af632..9914188 100644 table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c -index 2e664a6..0c3e635 100644 +index 2e664a6..4264602 100644 --- a/net/netfilter/nf_conntrack_proto_dccp.c +++ b/net/netfilter/nf_conntrack_proto_dccp.c @@ -391,7 +391,7 @@ struct dccp_net { @@ -89871,6 +90478,24 @@ index 2e664a6..0c3e635 100644 #endif }; +@@ -459,7 +459,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, + + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) +- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg); ++ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg); + return false; + } + +@@ -612,7 +612,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, + + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) +- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg); ++ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg); + return -NF_ACCEPT; + } + diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 05e9feb..3b519f3 100644 --- a/net/netfilter/nf_conntrack_standalone.c @@ -91415,9 +92040,18 @@ index 206c61e..e3641fb 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index c80c162..8bf128b 100644 +index c80c162..83a1e28 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c +@@ -732,7 +732,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) + + __module_get(serv->sv_module); + task = kthread_create_on_node(serv->sv_function, rqstp, +- node, serv->sv_name); ++ node, "%s", serv->sv_name); + if (IS_ERR(task)) { + error = PTR_ERR(task); + module_put(serv->sv_module); @@ -1145,7 +1145,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) svc_putnl(resv, RPC_SUCCESS); @@ -92597,10 +93231,10 @@ index 38f6617..e70b72b 100755 exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..7b71be9 100644 +index 51bd5a0..999fbad 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,944 @@ +@@ -4,6 +4,945 @@ menu "Security options" @@ -93224,15 +93858,16 @@ index 51bd5a0..7b71be9 100644 + int "Minimum amount of memory reserved for module code" + default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) + default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) -+ depends on PAX_KERNEXEC && X86_32 && MODULES ++ depends on PAX_KERNEXEC && X86_32 + help + Due to implementation details the kernel must reserve a fixed -+ amount of memory for module code at compile time that cannot be -+ changed at runtime. Here you can specify the minimum amount -+ in MB that will be reserved. Due to the same implementation -+ details this size will always be rounded up to the next 2/4 MB -+ boundary (depends on PAE) so the actually available memory for -+ module code will usually be more than this minimum. ++ amount of memory for runtime allocated code (such as modules) ++ at compile time that cannot be changed at runtime. Here you ++ can specify the minimum amount in MB that will be reserved. ++ Due to the same implementation details this size will always ++ be rounded up to the next 2/4 MB boundary (depends on PAE) so ++ the actually available memory for runtime allocated code will ++ usually be more than this minimum. + + The default 4 MB should be enough for most users but if you have + an excessive number of modules (e.g., most distribution configs @@ -93545,7 +94180,7 @@ index 51bd5a0..7b71be9 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +1107,7 @@ config INTEL_TXT +@@ -169,7 +1108,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -95099,6 +95734,19 @@ index 5cf8d65..912a79c 100644 dev->status = SNDRV_SEQ_DEVICE_FREE; dev->driver_data = NULL; ops->num_init_devices--; +diff --git a/sound/core/sound.c b/sound/core/sound.c +index 8e17b4d..6819e80 100644 +--- a/sound/core/sound.c ++++ b/sound/core/sound.c +@@ -87,7 +87,7 @@ static void snd_request_other(int minor) + case SNDRV_MINOR_TIMER: str = "snd-timer"; break; + default: return; + } +- request_module(str); ++ request_module("%s", str); + } + + #endif /* modular kernel */ diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c index f24bf9a..1f7b67c 100644 --- a/sound/drivers/mts64.c @@ -95407,6 +96055,19 @@ index ee15337..ab0ec34 100644 } if (playback) +diff --git a/sound/sound_core.c b/sound/sound_core.c +index 6ce2778..f25c378 100644 +--- a/sound/sound_core.c ++++ b/sound/sound_core.c +@@ -293,7 +293,7 @@ retry: + } + + device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor), +- NULL, s->name+6); ++ NULL, "%s", s->name+6); + return s->unit_minor; + + fail: diff --git a/sound/usb/card.h b/sound/usb/card.h index 0a7ca6c..f4b948c 100644 --- a/sound/usb/card.h @@ -95488,10 +96149,10 @@ index 0000000..144dbee +targets += size_overflow_hash.h diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 -index 0000000..d41b5af +index 0000000..22f03c0 --- /dev/null +++ b/tools/gcc/checker_plugin.c -@@ -0,0 +1,171 @@ +@@ -0,0 +1,172 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -95545,6 +96206,7 @@ index 0000000..d41b5af + +static struct plugin_info checker_plugin_info = { + .version = "201111150100", ++ .help = NULL, +}; + +#define ADDR_SPACE_KERNEL 0 |