diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-01-29 19:37:48 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-01-29 19:37:48 -0500 |
| commit | 04f05e9597748ec6c7a09636e6a910d49244c26b (patch) | |
| tree | 3a239417dd34544515ca6ca2ad7ae0b1ba6262d7 | |
| parent | Grsec/PaX: 2.9.1-3.7.4-201301252226 (diff) | |
| download | hardened-patchset-04f05e9597748ec6c7a09636e6a910d49244c26b.tar.gz hardened-patchset-04f05e9597748ec6c7a09636e6a910d49244c26b.tar.bz2 hardened-patchset-04f05e9597748ec6c7a09636e6a910d49244c26b.zip | |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.37,3.7.5}-201301281957
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch) | 157 | ||||
| -rw-r--r-- | 3.2.37/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch (renamed from 3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch) | 357 | ||||
| -rw-r--r-- | 3.7.5/0000_README (renamed from 3.7.4/0000_README) | 2 | ||||
| -rw-r--r-- | 3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch (renamed from 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch) | 277 | ||||
| -rw-r--r-- | 3.7.5/4425_grsec_remove_EI_PAX.patch (renamed from 3.7.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4430_grsec-remove-localversion-grsec.patch (renamed from 3.7.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4435_grsec-mute-warnings.patch (renamed from 3.7.4/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4440_grsec-remove-protected-paths.patch (renamed from 3.7.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4450_grsec-kconfig-default-gids.patch (renamed from 3.7.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.7.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.7.5/4470_disable-compat_vdso.patch (renamed from 3.7.4/4470_disable-compat_vdso.patch) | 0 |
13 files changed, 551 insertions, 246 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index e95f139..584dc17 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch index 5cfce60..dd6c22f 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch @@ -70315,7 +70315,7 @@ index b9b37ff..19dfa23 100644 .close = binder_vma_close, }; diff --git a/drivers/staging/b3dfg/b3dfg.c b/drivers/staging/b3dfg/b3dfg.c -index cda26bb..39fed3f 100644 +index cda26bb4..39fed3f 100644 --- a/drivers/staging/b3dfg/b3dfg.c +++ b/drivers/staging/b3dfg/b3dfg.c @@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_area_struct *vma, @@ -75182,7 +75182,7 @@ index 0133b5a..3710d09 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index a64fde6..0f8c4d1 100644 +index a64fde6..621e25d 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -75651,7 +75651,7 @@ index a64fde6..0f8c4d1 100644 unsigned int random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK -+ if (randomize_va_space) ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) + return stack_top - current->mm->delta_stack; +#endif + @@ -77563,15 +77563,16 @@ index ff57421..f65f88a 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 86fafc6..509ab19 100644 +index 86fafc6..c1f24b5 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -56,12 +56,33 @@ +@@ -56,12 +56,34 @@ #include <linux/fsnotify.h> #include <linux/fs_struct.h> #include <linux/pipe_fs_i.h> +#include <linux/random.h> +#include <linux/seq_file.h> ++#include <linux/mman.h> + +#ifdef CONFIG_PAX_REFCOUNT +#include <linux/kallsyms.h> @@ -77600,7 +77601,7 @@ index 86fafc6..509ab19 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -178,18 +199,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -178,18 +200,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -77622,7 +77623,7 @@ index 86fafc6..509ab19 100644 return NULL; if (write) { -@@ -205,6 +218,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -205,6 +219,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -77640,7 +77641,7 @@ index 86fafc6..509ab19 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -263,6 +287,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -263,6 +288,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS; @@ -77652,7 +77653,7 @@ index 86fafc6..509ab19 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); err = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1); -@@ -276,6 +305,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +306,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -77665,7 +77666,7 @@ index 86fafc6..509ab19 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -400,8 +435,9 @@ static int count(char __user * __user * argv, int max) +@@ -400,8 +436,9 @@ static int count(char __user * __user * argv, int max) if (!p) break; argv++; @@ -77676,7 +77677,7 @@ index 86fafc6..509ab19 100644 if (fatal_signal_pending(current)) return -ERESTARTNOHAND; -@@ -510,7 +546,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm) +@@ -510,7 +547,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm) int r; mm_segment_t oldfs = get_fs(); set_fs(KERNEL_DS); @@ -77685,7 +77686,7 @@ index 86fafc6..509ab19 100644 set_fs(oldfs); return r; } -@@ -540,7 +576,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -540,7 +577,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather *tlb; @@ -77695,7 +77696,7 @@ index 86fafc6..509ab19 100644 /* * ensure there are no vmas between where we want to go -@@ -549,6 +586,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -549,6 +587,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -77706,7 +77707,7 @@ index 86fafc6..509ab19 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -630,10 +671,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -630,10 +672,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -77717,7 +77718,7 @@ index 86fafc6..509ab19 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -645,6 +682,14 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -645,6 +683,14 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -77732,7 +77733,7 @@ index 86fafc6..509ab19 100644 vm_flags = VM_STACK_FLAGS; /* -@@ -658,19 +703,24 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -658,19 +704,24 @@ int setup_arg_pages(struct linux_binprm *bprm, vm_flags &= ~VM_EXEC; vm_flags |= mm->def_flags; @@ -77764,7 +77765,35 @@ index 86fafc6..509ab19 100644 stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE; stack_size = vma->vm_end - vma->vm_start; /* -@@ -721,6 +771,8 @@ struct file *open_exec(const char *name) +@@ -690,6 +741,27 @@ int setup_arg_pages(struct linux_binprm *bprm, + stack_base = vma->vm_start - stack_expand; + #endif + ret = expand_stack(vma, stack_base); ++ ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR) ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) { ++ unsigned long size, flags, vm_flags; ++ ++ size = STACK_TOP - vma->vm_end; ++ flags = MAP_FIXED | MAP_PRIVATE; ++ vm_flags = VM_DONTEXPAND | VM_RESERVED; ++ ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0); ++ ++#ifdef CONFIG_X86 ++ if (!ret) { ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0); ++ } ++#endif ++ ++ } ++#endif ++ + if (ret) + ret = -EFAULT; + +@@ -721,6 +793,8 @@ struct file *open_exec(const char *name) fsnotify_open(file->f_path.dentry); @@ -77773,7 +77802,7 @@ index 86fafc6..509ab19 100644 err = deny_write_access(file); if (err) goto exit; -@@ -744,7 +796,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -744,7 +818,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -77782,7 +77811,7 @@ index 86fafc6..509ab19 100644 set_fs(old_fs); return result; } -@@ -985,6 +1037,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) +@@ -985,6 +1059,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) perf_event_comm(tsk); } @@ -77804,7 +77833,7 @@ index 86fafc6..509ab19 100644 int flush_old_exec(struct linux_binprm * bprm) { int retval; -@@ -999,6 +1066,7 @@ int flush_old_exec(struct linux_binprm * bprm) +@@ -999,6 +1088,7 @@ int flush_old_exec(struct linux_binprm * bprm) set_mm_exe_file(bprm->mm, bprm->file); @@ -77812,7 +77841,7 @@ index 86fafc6..509ab19 100644 /* * Release all of the old mmap stuff */ -@@ -1023,10 +1091,6 @@ EXPORT_SYMBOL(flush_old_exec); +@@ -1023,10 +1113,6 @@ EXPORT_SYMBOL(flush_old_exec); void setup_new_exec(struct linux_binprm * bprm) { @@ -77823,7 +77852,7 @@ index 86fafc6..509ab19 100644 arch_pick_mmap_layout(current->mm); /* This is the point of no return */ -@@ -1037,18 +1101,7 @@ void setup_new_exec(struct linux_binprm * bprm) +@@ -1037,18 +1123,7 @@ void setup_new_exec(struct linux_binprm * bprm) else set_dumpable(current->mm, suid_dumpable); @@ -77843,7 +77872,7 @@ index 86fafc6..509ab19 100644 /* Set the new mm task size. We have to do that late because it may * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1090,14 +1143,14 @@ EXPORT_SYMBOL(setup_new_exec); +@@ -1090,14 +1165,14 @@ EXPORT_SYMBOL(setup_new_exec); */ int prepare_bprm_creds(struct linux_binprm *bprm) { @@ -77860,7 +77889,7 @@ index 86fafc6..509ab19 100644 return -ENOMEM; } -@@ -1105,7 +1158,7 @@ void free_bprm(struct linux_binprm *bprm) +@@ -1105,7 +1180,7 @@ void free_bprm(struct linux_binprm *bprm) { free_arg_pages(bprm); if (bprm->cred) { @@ -77869,7 +77898,7 @@ index 86fafc6..509ab19 100644 abort_creds(bprm->cred); } kfree(bprm); -@@ -1126,13 +1179,13 @@ void install_exec_creds(struct linux_binprm *bprm) +@@ -1126,13 +1201,13 @@ void install_exec_creds(struct linux_binprm *bprm) * credentials; any time after this it may be unlocked. */ security_bprm_committed_creds(bprm); @@ -77885,7 +77914,7 @@ index 86fafc6..509ab19 100644 * PTRACE_ATTACH */ int check_unsafe_exec(struct linux_binprm *bprm) -@@ -1152,7 +1205,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1152,7 +1227,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -77894,7 +77923,7 @@ index 86fafc6..509ab19 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1339,6 +1392,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1339,6 +1414,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -77916,7 +77945,7 @@ index 86fafc6..509ab19 100644 /* * sys_execve() executes a new program. */ -@@ -1347,11 +1415,35 @@ int do_execve(char * filename, +@@ -1347,11 +1437,35 @@ int do_execve(char * filename, char __user *__user *envp, struct pt_regs * regs) { @@ -77952,7 +77981,7 @@ index 86fafc6..509ab19 100644 retval = unshare_files(&displaced); if (retval) -@@ -1377,12 +1469,27 @@ int do_execve(char * filename, +@@ -1377,12 +1491,27 @@ int do_execve(char * filename, if (IS_ERR(file)) goto out_unmark; @@ -77980,7 +78009,7 @@ index 86fafc6..509ab19 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1399,25 +1506,66 @@ int do_execve(char * filename, +@@ -1399,25 +1528,66 @@ int do_execve(char * filename, if (retval < 0) goto out; @@ -78051,7 +78080,7 @@ index 86fafc6..509ab19 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1426,6 +1574,14 @@ int do_execve(char * filename, +@@ -1426,6 +1596,14 @@ int do_execve(char * filename, put_files_struct(displaced); return retval; @@ -78066,7 +78095,7 @@ index 86fafc6..509ab19 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1591,6 +1747,251 @@ out: +@@ -1591,6 +1769,251 @@ out: return ispipe; } @@ -78318,7 +78347,7 @@ index 86fafc6..509ab19 100644 static int zap_process(struct task_struct *start) { struct task_struct *t; -@@ -1793,17 +2194,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -1793,17 +2216,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -78341,7 +78370,7 @@ index 86fafc6..509ab19 100644 pipe_unlock(pipe); } -@@ -1826,10 +2227,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1826,10 +2249,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) char **helper_argv = NULL; int helper_argc = 0; int dump_count = 0; @@ -78356,7 +78385,7 @@ index 86fafc6..509ab19 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -1874,6 +2278,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1874,6 +2300,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) */ clear_thread_flag(TIF_SIGPENDING); @@ -78365,7 +78394,7 @@ index 86fafc6..509ab19 100644 /* * lock_kernel() because format_corename() is controlled by sysctl, which * uses lock_kernel() -@@ -1908,7 +2314,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -1908,7 +2336,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) goto fail_unlock; } @@ -78374,7 +78403,7 @@ index 86fafc6..509ab19 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -1972,7 +2378,7 @@ close_fail: +@@ -1972,7 +2400,7 @@ close_fail: filp_close(file, NULL); fail_dropcount: if (dump_count) @@ -100120,7 +100149,7 @@ index 5ad70a6..108e1dc 100644 #ifdef CONFIG_KMEMTRACE diff --git a/include/linux/snmp.h b/include/linux/snmp.h -index 0f953fe..05d45da 100644 +index 0f953fe4..05d45da 100644 --- a/include/linux/snmp.h +++ b/include/linux/snmp.h @@ -208,7 +208,6 @@ enum @@ -106263,10 +106292,20 @@ index 29bd4ba..8c5de90 100644 WARN_ON(pendowner->pi_blocked_on->lock != lock); diff --git a/kernel/sched.c b/kernel/sched.c -index 0591df8..db35e3d 100644 +index 0591df8..dcf3f9f 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -5043,7 +5043,7 @@ out: +@@ -2618,7 +2618,8 @@ out: + */ + int wake_up_process(struct task_struct *p) + { +- return try_to_wake_up(p, TASK_ALL, 0); ++ WARN_ON(task_is_stopped_or_traced(p)); ++ return try_to_wake_up(p, TASK_NORMAL, 0); + } + EXPORT_SYMBOL(wake_up_process); + +@@ -5043,7 +5044,7 @@ out: * In CONFIG_NO_HZ case, the idle load balance owner will do the * rebalancing for all the cpus for whom scheduler ticks are stopped. */ @@ -106275,7 +106314,7 @@ index 0591df8..db35e3d 100644 { int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); -@@ -5700,6 +5700,8 @@ asmlinkage void __sched schedule(void) +@@ -5700,6 +5701,8 @@ asmlinkage void __sched schedule(void) struct rq *rq; int cpu; @@ -106284,7 +106323,7 @@ index 0591df8..db35e3d 100644 need_resched: preempt_disable(); cpu = smp_processor_id(); -@@ -5770,7 +5772,7 @@ EXPORT_SYMBOL(schedule); +@@ -5770,7 +5773,7 @@ EXPORT_SYMBOL(schedule); * Look out! "owner" is an entirely speculative pointer * access and not reliable. */ @@ -106293,7 +106332,7 @@ index 0591df8..db35e3d 100644 { unsigned int cpu; struct rq *rq; -@@ -5784,10 +5786,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) +@@ -5784,10 +5787,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) * DEBUG_PAGEALLOC could have unmapped it if * the mutex owner just released it and exited. */ @@ -106306,7 +106345,7 @@ index 0591df8..db35e3d 100644 #endif /* -@@ -5816,7 +5818,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) +@@ -5816,7 +5819,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner) /* * Is that owner really running on that cpu? */ @@ -106315,7 +106354,7 @@ index 0591df8..db35e3d 100644 return 0; cpu_relax(); -@@ -6359,6 +6361,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -6359,6 +6362,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -106324,7 +106363,7 @@ index 0591df8..db35e3d 100644 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur || capable(CAP_SYS_NICE)); } -@@ -6392,7 +6396,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -6392,7 +6397,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -106334,7 +106373,7 @@ index 0591df8..db35e3d 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -8774,7 +8779,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd) +@@ -8774,7 +8780,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd) long power; int weight; @@ -107273,7 +107312,7 @@ index d9d6206..f19467e 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 4872937..ec96a13 100644 +index 4872937..26ba80f 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1100,13 +1100,18 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -107297,6 +107336,15 @@ index 4872937..ec96a13 100644 } /* +@@ -2726,7 +2731,7 @@ static int ftrace_module_notify(struct notifier_block *self, + + struct notifier_block ftrace_module_nb = { + .notifier_call = ftrace_module_notify, +- .priority = 0, ++ .priority = INT_MAX, /* Run before anything that can use kprobes */ + }; + + extern unsigned long __start_mcount_loc[]; @@ -3068,8 +3073,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -108697,7 +108745,7 @@ index f03e8e2..7354343 100644 diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index c346660..b47382f 100644 +index c346660..33486fe 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -358,7 +358,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -108705,10 +108753,19 @@ index c346660..b47382f 100644 for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr); ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr); } } +@@ -1677,7 +1677,7 @@ static int __init kmemleak_late_init(void) + return -ENOMEM; + } + +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL, ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL, + &kmemleak_fops); + if (!dentry) + pr_warning("Failed to create the debugfs kmemleak file\n"); diff --git a/mm/maccess.c b/mm/maccess.c index 9073695..1127f348 100644 --- a/mm/maccess.c diff --git a/3.2.37/0000_README b/3.2.37/0000_README index 4df42aa..f61fd16 100644 --- a/3.2.37/0000_README +++ b/3.2.37/0000_README @@ -66,7 +66,7 @@ Patch: 1036_linux-3.2.37.patch From: http://www.kernel.org Desc: Linux 3.2.37 -Patch: 4420_grsecurity-2.9.1-3.2.37-201301230047.patch +Patch: 4420_grsecurity-2.9.1-3.2.37-201301281956.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch b/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch index b33e963..c2ee615 100644 --- a/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch +++ b/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch @@ -3207,7 +3207,7 @@ index 937cf33..adb39bb 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..ad1772c 100644 +index 302d779..573314a 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -3258,7 +3258,19 @@ index 302d779..ad1772c 100644 /* cache the address as a hint for next time */ return mm->free_area_cache = addr - len; } -@@ -165,7 +170,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, + goto bottomup; + + addr = mm->mmap_base - len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); + + do { ++ if (do_color_align) ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff); + /* + * Lookup failure means no vma is above this address, + * else if new region fits below vma->vm_start, * return with success: */ vma = find_vma(mm, addr); @@ -3267,7 +3279,20 @@ index 302d779..ad1772c 100644 /* cache the address as a hint for next time */ return mm->free_area_cache = addr; } -@@ -242,30 +247,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ +- addr = vma->vm_start - len; +- if (do_color_align) +- addr = COLOUR_ALIGN_DOWN(addr, pgoff); +- } while (likely(len < vma->vm_start)); ++ addr = skip_heap_stack_gap(vma, len, offset); ++ } while (!IS_ERR_VALUE(addr)); + + bottomup: + /* +@@ -242,30 +245,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm) mm->unmap_area = arch_unmap_area_topdown; } } @@ -19327,7 +19352,7 @@ index 6a364a6..b147d11 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 2dc4121..89febda 100644 +index 2dc4121..5178bcc 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -181,14 +181,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -19349,6 +19374,15 @@ index 2dc4121..89febda 100644 return (unsigned long)regs; } +@@ -585,7 +584,7 @@ static void ptrace_triggered(struct perf_event *bp, + static unsigned long ptrace_get_dr7(struct perf_event *bp[]) + { + int i; +- int dr7 = 0; ++ unsigned long dr7 = 0; + struct arch_hw_breakpoint *info; + + for (i = 0; i < HBP_NUM; i++) { @@ -852,7 +851,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { @@ -36651,7 +36685,7 @@ index b94d5f7..7f494c5 100644 extern int xpc_disengage_timedout; extern int xpc_activate_IRQ_rcvd; diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c -index d971817..3805cce 100644 +index d971817..33bdca5 100644 --- a/drivers/misc/sgi-xp/xpc_main.c +++ b/drivers/misc/sgi-xp/xpc_main.c @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = { @@ -36663,6 +36697,15 @@ index d971817..3805cce 100644 /* * Timer function to enforce the timelimit on the partition disengage. +@@ -1210,7 +1210,7 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args) + + if (((die_args->trapnr == X86_TRAP_MF) || + (die_args->trapnr == X86_TRAP_XF)) && +- !user_mode_vm(die_args->regs)) ++ !user_mode(die_args->regs)) + xpc_die_deactivate(); + + break; diff --git a/drivers/misc/ti-st/st_core.c b/drivers/misc/ti-st/st_core.c index ba168a7..399925d6 100644 --- a/drivers/misc/ti-st/st_core.c @@ -44544,7 +44587,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..e65f3cf 100644 +index 8dd615c..60fbfd2 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -45011,7 +45054,7 @@ index 8dd615c..e65f3cf 100644 unsigned int random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK -+ if (randomize_va_space) ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) + return stack_top - current->mm->delta_stack; +#endif + @@ -46441,15 +46484,16 @@ index 451b9b8..12e5a03 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index c27fa0d..02a6a78 100644 +index c27fa0d..fbd8ac4 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,12 +55,33 @@ +@@ -55,12 +55,34 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> +#include <linux/random.h> +#include <linux/seq_file.h> ++#include <linux/mman.h> + +#ifdef CONFIG_PAX_REFCOUNT +#include <linux/kallsyms.h> @@ -46478,7 +46522,7 @@ index c27fa0d..02a6a78 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -70,7 +91,7 @@ struct core_name { +@@ -70,7 +92,7 @@ struct core_name { char *corename; int used, size; }; @@ -46487,7 +46531,7 @@ index c27fa0d..02a6a78 100644 /* The maximal length of core_pattern is also specified in sysctl.c */ -@@ -188,18 +209,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -188,18 +210,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -46509,7 +46553,7 @@ index c27fa0d..02a6a78 100644 return NULL; if (write) { -@@ -215,6 +228,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -215,6 +229,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -46527,7 +46571,7 @@ index c27fa0d..02a6a78 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -274,6 +298,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -274,6 +299,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -46539,7 +46583,7 @@ index c27fa0d..02a6a78 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -288,6 +317,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -288,6 +318,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -46552,7 +46596,7 @@ index c27fa0d..02a6a78 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,19 +431,7 @@ err: +@@ -396,19 +432,7 @@ err: return err; } @@ -46573,7 +46617,7 @@ index c27fa0d..02a6a78 100644 { const char __user *native; -@@ -417,14 +440,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -417,14 +441,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -46590,7 +46634,7 @@ index c27fa0d..02a6a78 100644 return native; } -@@ -443,11 +466,12 @@ static int count(struct user_arg_ptr argv, int max) +@@ -443,11 +467,12 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -46605,7 +46649,7 @@ index c27fa0d..02a6a78 100644 if (fatal_signal_pending(current)) return -ERESTARTNOHAND; -@@ -477,7 +501,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -477,7 +502,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -46614,7 +46658,7 @@ index c27fa0d..02a6a78 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -559,7 +583,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -559,7 +584,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -46623,7 +46667,7 @@ index c27fa0d..02a6a78 100644 }; set_fs(KERNEL_DS); -@@ -594,7 +618,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -594,7 +619,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -46633,7 +46677,7 @@ index c27fa0d..02a6a78 100644 /* * ensure there are no vmas between where we want to go -@@ -603,6 +628,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -603,6 +629,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -46644,7 +46688,7 @@ index c27fa0d..02a6a78 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -683,10 +712,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -683,10 +713,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -46655,7 +46699,7 @@ index c27fa0d..02a6a78 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -698,8 +723,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -698,8 +724,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -46684,7 +46728,7 @@ index c27fa0d..02a6a78 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -718,13 +763,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -718,13 +764,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -46698,7 +46742,35 @@ index c27fa0d..02a6a78 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -782,6 +820,8 @@ struct file *open_exec(const char *name) +@@ -748,6 +787,27 @@ int setup_arg_pages(struct linux_binprm *bprm, + #endif + current->mm->start_stack = bprm->p; + ret = expand_stack(vma, stack_base); ++ ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR) ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) { ++ unsigned long size, flags, vm_flags; ++ ++ size = STACK_TOP - vma->vm_end; ++ flags = MAP_FIXED | MAP_PRIVATE; ++ vm_flags = VM_DONTEXPAND | VM_RESERVED; ++ ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0); ++ ++#ifdef CONFIG_X86 ++ if (!ret) { ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0); ++ } ++#endif ++ ++ } ++#endif ++ + if (ret) + ret = -EFAULT; + +@@ -782,6 +842,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -46707,7 +46779,7 @@ index c27fa0d..02a6a78 100644 err = deny_write_access(file); if (err) goto exit; -@@ -805,7 +845,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -805,7 +867,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -46716,7 +46788,7 @@ index c27fa0d..02a6a78 100644 set_fs(old_fs); return result; } -@@ -1070,6 +1110,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) +@@ -1070,6 +1132,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) perf_event_comm(tsk); } @@ -46738,7 +46810,7 @@ index c27fa0d..02a6a78 100644 int flush_old_exec(struct linux_binprm * bprm) { int retval; -@@ -1084,6 +1139,7 @@ int flush_old_exec(struct linux_binprm * bprm) +@@ -1084,6 +1161,7 @@ int flush_old_exec(struct linux_binprm * bprm) set_mm_exe_file(bprm->mm, bprm->file); @@ -46746,7 +46818,7 @@ index c27fa0d..02a6a78 100644 /* * Release all of the old mmap stuff */ -@@ -1116,10 +1172,6 @@ EXPORT_SYMBOL(would_dump); +@@ -1116,10 +1194,6 @@ EXPORT_SYMBOL(would_dump); void setup_new_exec(struct linux_binprm * bprm) { @@ -46757,7 +46829,7 @@ index c27fa0d..02a6a78 100644 arch_pick_mmap_layout(current->mm); /* This is the point of no return */ -@@ -1130,18 +1182,7 @@ void setup_new_exec(struct linux_binprm * bprm) +@@ -1130,18 +1204,7 @@ void setup_new_exec(struct linux_binprm * bprm) else set_dumpable(current->mm, suid_dumpable); @@ -46777,7 +46849,7 @@ index c27fa0d..02a6a78 100644 /* Set the new mm task size. We have to do that late because it may * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1266,7 +1307,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1266,7 +1329,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -46786,7 +46858,7 @@ index c27fa0d..02a6a78 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1461,6 +1502,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1461,6 +1524,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -46815,7 +46887,7 @@ index c27fa0d..02a6a78 100644 /* * sys_execve() executes a new program. */ -@@ -1469,6 +1532,11 @@ static int do_execve_common(const char *filename, +@@ -1469,6 +1554,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -46827,7 +46899,7 @@ index c27fa0d..02a6a78 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1476,6 +1544,8 @@ static int do_execve_common(const char *filename, +@@ -1476,6 +1566,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -46836,7 +46908,7 @@ index c27fa0d..02a6a78 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1516,12 +1586,27 @@ static int do_execve_common(const char *filename, +@@ -1516,12 +1608,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -46864,7 +46936,7 @@ index c27fa0d..02a6a78 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1538,24 +1623,65 @@ static int do_execve_common(const char *filename, +@@ -1538,24 +1645,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -46934,7 +47006,7 @@ index c27fa0d..02a6a78 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1564,6 +1690,14 @@ static int do_execve_common(const char *filename, +@@ -1564,6 +1712,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -46949,7 +47021,7 @@ index c27fa0d..02a6a78 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1637,7 +1771,7 @@ static int expand_corename(struct core_name *cn) +@@ -1637,7 +1793,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -46958,7 +47030,7 @@ index c27fa0d..02a6a78 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1734,7 +1868,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1734,7 +1890,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -46967,7 +47039,7 @@ index c27fa0d..02a6a78 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1831,6 +1965,250 @@ out: +@@ -1831,6 +1987,250 @@ out: return ispipe; } @@ -47218,7 +47290,7 @@ index c27fa0d..02a6a78 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2004,17 +2382,17 @@ static void coredump_finish(struct mm_struct *mm) +@@ -2004,17 +2404,17 @@ static void coredump_finish(struct mm_struct *mm) void set_dumpable(struct mm_struct *mm, int value) { switch (value) { @@ -47239,7 +47311,7 @@ index c27fa0d..02a6a78 100644 set_bit(MMF_DUMP_SECURELY, &mm->flags); smp_wmb(); set_bit(MMF_DUMPABLE, &mm->flags); -@@ -2027,7 +2405,7 @@ static int __get_dumpable(unsigned long mm_flags) +@@ -2027,7 +2427,7 @@ static int __get_dumpable(unsigned long mm_flags) int ret; ret = mm_flags & MMF_DUMPABLE_MASK; @@ -47248,7 +47320,7 @@ index c27fa0d..02a6a78 100644 } int get_dumpable(struct mm_struct *mm) -@@ -2042,17 +2420,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2042,17 +2442,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -47271,7 +47343,7 @@ index c27fa0d..02a6a78 100644 pipe_unlock(pipe); } -@@ -2113,7 +2491,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2113,7 +2513,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -47281,7 +47353,7 @@ index c27fa0d..02a6a78 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2128,6 +2507,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2128,6 +2529,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -47291,7 +47363,7 @@ index c27fa0d..02a6a78 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2138,14 +2520,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2138,14 +2542,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) if (!cred) goto fail; /* @@ -47312,7 +47384,7 @@ index c27fa0d..02a6a78 100644 } retval = coredump_wait(exit_code, &core_state); -@@ -2195,7 +2579,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2195,7 +2601,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -47321,7 +47393,7 @@ index c27fa0d..02a6a78 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2222,9 +2606,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2222,9 +2628,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -47341,7 +47413,7 @@ index c27fa0d..02a6a78 100644 cprm.file = filp_open(cn.corename, O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag, 0600); -@@ -2265,7 +2659,7 @@ close_fail: +@@ -2265,7 +2681,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -47350,7 +47422,7 @@ index c27fa0d..02a6a78 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2284,7 +2678,7 @@ fail: +@@ -2284,7 +2700,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -71904,10 +71976,86 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 78ab24a..332c915 100644 +index 78ab24a..f8e2cdc 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) +@@ -122,6 +122,40 @@ void __ptrace_unlink(struct task_struct *child) + spin_unlock(&child->sighand->siglock); + } + ++/* Ensure that nothing can wake it up, even SIGKILL */ ++static bool ptrace_freeze_traced(struct task_struct *task) ++{ ++ bool ret = false; ++ ++ /* Lockless, nobody but us can set this flag */ ++ if (task->jobctl & JOBCTL_LISTENING) ++ return ret; ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (task_is_traced(task) && !__fatal_signal_pending(task)) { ++ task->state = __TASK_TRACED; ++ ret = true; ++ } ++ spin_unlock_irq(&task->sighand->siglock); ++ ++ return ret; ++} ++ ++static void ptrace_unfreeze_traced(struct task_struct *task) ++{ ++ if (task->state != __TASK_TRACED) ++ return; ++ ++ WARN_ON(!task->ptrace || task->parent != current); ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (__fatal_signal_pending(task)) ++ wake_up_state(task, __TASK_TRACED); ++ else ++ task->state = TASK_TRACED; ++ spin_unlock_irq(&task->sighand->siglock); ++} ++ + /** + * ptrace_check_attach - check whether ptracee is ready for ptrace operation + * @child: ptracee to check for +@@ -151,28 +185,34 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) + * be changed by us so it's not changing right after this. + */ + read_lock(&tasklist_lock); +- if ((child->ptrace & PT_PTRACED) && child->parent == current) { ++ if (child->ptrace && child->parent == current) { ++ WARN_ON(child->state == __TASK_TRACED); + /* + * child->sighand can't be NULL, release_task() + * does ptrace_unlink() before __exit_signal(). + */ +- spin_lock_irq(&child->sighand->siglock); +- WARN_ON_ONCE(task_is_stopped(child)); +- if (ignore_state || (task_is_traced(child) && +- !(child->jobctl & JOBCTL_LISTENING))) ++ if (ignore_state || ptrace_freeze_traced(child)) + ret = 0; +- spin_unlock_irq(&child->sighand->siglock); + } + read_unlock(&tasklist_lock); + +- if (!ret && !ignore_state) +- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; ++ if (!ret && !ignore_state) { ++ if (!wait_task_inactive(child, __TASK_TRACED)) { ++ /* ++ * This can only happen if may_ptrace_stop() fails and ++ * ptrace_stop() changes ->state back to TASK_RUNNING, ++ * so we should not worry about leaking __TASK_TRACED. ++ */ ++ WARN_ON(child->state == __TASK_TRACED); ++ ret = -ESRCH; ++ } ++ } + +- /* All systems go.. */ return ret; } @@ -71917,7 +72065,7 @@ index 78ab24a..332c915 100644 { const struct cred *cred = current_cred(), *tcred; -@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -198,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) cred->gid == tcred->sgid && cred->gid == tcred->gid)) goto ok; @@ -71927,7 +72075,7 @@ index 78ab24a..332c915 100644 goto ok; rcu_read_unlock(); return -EPERM; -@@ -207,7 +209,9 @@ ok: +@@ -207,7 +248,9 @@ ok: smp_rmb(); if (task->mm) dumpable = get_dumpable(task->mm); @@ -71938,7 +72086,7 @@ index 78ab24a..332c915 100644 return -EPERM; return security_ptrace_access_check(task, mode); -@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -217,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) { int err; task_lock(task); @@ -71961,7 +72109,7 @@ index 78ab24a..332c915 100644 task_unlock(task); return !err; } -@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -262,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, goto out; task_lock(task); @@ -71970,7 +72118,7 @@ index 78ab24a..332c915 100644 task_unlock(task); if (retval) goto unlock_creds; -@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -277,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request, task->ptrace = PT_PTRACED; if (seize) task->ptrace |= PT_SEIZED; @@ -71979,7 +72127,7 @@ index 78ab24a..332c915 100644 task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); -@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -483,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -71988,7 +72136,7 @@ index 78ab24a..332c915 100644 return -EFAULT; copied += retval; src += retval; -@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -680,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -71997,7 +72145,7 @@ index 78ab24a..332c915 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -882,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -72020,7 +72168,16 @@ index 78ab24a..332c915 100644 goto out_put_task_struct; } -@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -899,6 +963,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, + goto out_put_task_struct; + + ret = arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); + + out_put_task_struct: + put_task_struct(child); +@@ -915,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -72029,7 +72186,7 @@ index 78ab24a..332c915 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1025,21 +1091,31 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -72052,6 +72209,17 @@ index 78ab24a..332c915 100644 goto out_put_task_struct; } + ret = ptrace_check_attach(child, request == PTRACE_KILL || + request == PTRACE_INTERRUPT); +- if (!ret) ++ if (!ret) { + ret = compat_arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); ++ } + + out_put_task_struct: + put_task_struct(child); diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c index 636af6d..8af70ab 100644 --- a/kernel/rcutiny.c @@ -72565,10 +72733,20 @@ index 3d9f31c..7fefc9e 100644 default: diff --git a/kernel/sched.c b/kernel/sched.c -index fcc893f..a628984 100644 +index fcc893f..223b418 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -5290,6 +5290,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -2924,7 +2924,8 @@ out: + */ + int wake_up_process(struct task_struct *p) + { +- return try_to_wake_up(p, TASK_ALL, 0); ++ WARN_ON(task_is_stopped_or_traced(p)); ++ return try_to_wake_up(p, TASK_NORMAL, 0); + } + EXPORT_SYMBOL(wake_up_process); + +@@ -5290,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -72577,7 +72755,7 @@ index fcc893f..a628984 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -5323,7 +5325,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -5323,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -72587,7 +72765,7 @@ index fcc893f..a628984 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -5480,6 +5483,7 @@ recheck: +@@ -5480,6 +5484,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -72631,7 +72809,7 @@ index 66e4576..d05c6d5 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 08e0b97..cdf6f49 100644 +index 08e0b97..e3ad9b7 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -72740,7 +72918,26 @@ index 08e0b97..cdf6f49 100644 return ret; } -@@ -2763,7 +2786,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -1765,6 +1788,10 @@ static inline int may_ptrace_stop(void) + * If SIGKILL was already sent before the caller unlocked + * ->siglock we must see ->core_state != NULL. Otherwise it + * is safe to enter schedule(). ++ * ++ * This is almost outdated, a task with the pending SIGKILL can't ++ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported ++ * after SIGKILL was already dequeued. + */ + if (unlikely(current->mm->core_state) && + unlikely(current->mm == current->parent->mm)) +@@ -1890,6 +1917,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) + if (gstop_done) + do_notify_parent_cldstop(current, false, why); + ++ /* tasklist protects us from ptrace_freeze_traced() */ + __set_current_state(TASK_RUNNING); + if (clear_code) + current->exit_code = 0; +@@ -2763,7 +2791,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -73620,7 +73817,7 @@ index 16fc34a..efd8bb8 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 54dba59..5c6d44e 100644 +index 54dba59..1690055 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -73652,6 +73849,15 @@ index 54dba59..5c6d44e 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; +@@ -3482,7 +3487,7 @@ static int ftrace_module_notify(struct notifier_block *self, + + struct notifier_block ftrace_module_nb = { + .notifier_call = ftrace_module_notify, +- .priority = 0, ++ .priority = INT_MAX, /* Run before anything that can use kprobes */ + }; + + extern unsigned long __start_mcount_loc[]; @@ -3968,8 +3973,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER @@ -74947,7 +75153,7 @@ index 0c26b5e..1cc340f 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index f3b2a00..61da94d 100644 +index f3b2a00..5899e43 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -74955,10 +75161,19 @@ index f3b2a00..61da94d 100644 for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr); ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr); } } +@@ -1745,7 +1745,7 @@ static int __init kmemleak_late_init(void) + return -ENOMEM; + } + +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL, ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL, + &kmemleak_fops); + if (!dentry) + pr_warning("Failed to create the debugfs kmemleak file\n"); diff --git a/mm/maccess.c b/mm/maccess.c index d53adf9..03a24bf 100644 --- a/mm/maccess.c diff --git a/3.7.4/0000_README b/3.7.5/0000_README index f410177..71573a5 100644 --- a/3.7.4/0000_README +++ b/3.7.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.7.4-201301252226.patch +Patch: 4420_grsecurity-2.9.1-3.7.5-201301281957.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch b/3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch index 29e3b84..8d072d3 100644 --- a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch +++ b/3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch @@ -251,7 +251,7 @@ index 9776f06..18b1856 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index f9196bc..63b33e4 100644 +index ecf87b1..f0c8483 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3478,6 +3478,19 @@ index d9439ef..d0cac6b 100644 /* Remember the address where we stopped this search: */ mm->free_area_cache = addr + len; return addr; +diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c +index c64460b..4d250a6 100644 +--- a/arch/ia64/kernel/topology.c ++++ b/arch/ia64/kernel/topology.c +@@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cache_cpu_notifier = ++static struct notifier_block cache_cpu_notifier = + { + .notifier_call = cache_cpu_callback + }; diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0ccb28f..8992469 100644 --- a/arch/ia64/kernel/vmlinux.lds.S @@ -3975,7 +3988,7 @@ index ddcec1e..c7f983e 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..ee9ffb5 100644 +index 302d779..573314a 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -4055,7 +4068,7 @@ index 302d779..ee9ffb5 100644 - if (do_color_align) - addr = COLOUR_ALIGN_DOWN(addr, pgoff); - } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len); ++ addr = skip_heap_stack_gap(vma, len, offset); + } while (!IS_ERR_VALUE(addr)); bottomup: @@ -15599,10 +15612,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 4a3374e..1ca3ecb 100644 +index d18b2b8..d3b834c 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1765,7 +1765,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1759,7 +1759,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -15611,7 +15624,7 @@ index 4a3374e..1ca3ecb 100644 } return get_desc_base(desc + idx); -@@ -1855,7 +1855,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1849,7 +1849,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -20550,7 +20563,7 @@ index f3e2ec8..ad5287a 100644 if (err) { pr_debug("do_boot_cpu failed %d\n", err); diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c -index cd3b243..4ba27a4 100644 +index 9b4d51d..5d28b58 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re @@ -29978,10 +29991,10 @@ index bd4e5dc..0497b66 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 586362e..ca71b9b 100644 +index c8ac4fe..631818e 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4775,7 +4775,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4779,7 +4779,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -29990,7 +30003,7 @@ index 586362e..ca71b9b 100644 ap = qc->ap; qc->flags = 0; -@@ -4791,7 +4791,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4795,7 +4795,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -29999,7 +30012,7 @@ index 586362e..ca71b9b 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5887,6 +5887,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5891,6 +5891,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -30007,7 +30020,7 @@ index 586362e..ca71b9b 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5900,8 +5901,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5904,8 +5905,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -32395,10 +32408,10 @@ index 515a42c..5ecf3ba 100644 void fw_card_initialize(struct fw_card *card, const struct fw_card_driver *driver, struct device *device); diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index b298158..7ed8432 100644 +index fd3ae62..669efe3 100644 --- a/drivers/firmware/dmi_scan.c +++ b/drivers/firmware/dmi_scan.c -@@ -452,11 +452,6 @@ void __init dmi_scan_machine(void) +@@ -491,11 +491,6 @@ void __init dmi_scan_machine(void) } } else { @@ -32410,7 +32423,7 @@ index b298158..7ed8432 100644 p = dmi_ioremap(0xF0000, 0x10000); if (p == NULL) goto error; -@@ -726,7 +721,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), +@@ -770,7 +765,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *), if (buf == NULL) return -1; @@ -32831,10 +32844,10 @@ index 92f1750..3beba74 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 3eea143..a0b77db 100644 +index 67036e9..b9f1357 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -660,7 +660,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, +@@ -681,7 +681,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, i915_gem_clflush_object(obj); if (obj->base.pending_write_domain) @@ -32843,7 +32856,7 @@ index 3eea143..a0b77db 100644 flush_domains |= obj->base.write_domain; } -@@ -691,9 +691,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -712,9 +712,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -36227,7 +36240,7 @@ index b94d5f7..7f494c5 100644 extern int xpc_disengage_timedout; extern int xpc_activate_IRQ_rcvd; diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c -index d971817..3805cce 100644 +index d971817..33bdca5 100644 --- a/drivers/misc/sgi-xp/xpc_main.c +++ b/drivers/misc/sgi-xp/xpc_main.c @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = { @@ -36239,6 +36252,15 @@ index d971817..3805cce 100644 /* * Timer function to enforce the timelimit on the partition disengage. +@@ -1210,7 +1210,7 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args) + + if (((die_args->trapnr == X86_TRAP_MF) || + (die_args->trapnr == X86_TRAP_XF)) && +- !user_mode_vm(die_args->regs)) ++ !user_mode(die_args->regs)) + xpc_die_deactivate(); + + break; diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c index a0e1720..ee63d0b 100644 --- a/drivers/mmc/core/mmc_ops.c @@ -37548,7 +37570,7 @@ index 76ba8a1..20ca857 100644 /* initialize our int15 lock */ diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 213753b..b4abaac 100644 +index 449f257..0731e96 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -38819,7 +38841,7 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 352bc77..c049b14 100644 +index a45e12a..d9120cb 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -2899,7 +2899,7 @@ static int sd_probe(struct device *dev) @@ -47345,6 +47367,20 @@ index 71a600a..20d87b1 100644 f_modown(filp, pid, type, force); return 0; } +diff --git a/fs/fhandle.c b/fs/fhandle.c +index f775bfd..629bd4c 100644 +--- a/fs/fhandle.c ++++ b/fs/fhandle.c +@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path, + } else + retval = 0; + /* copy the mount id */ +- if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id, +- sizeof(*mnt_id)) || ++ if (put_user(real_mount(path->mnt)->mnt_id, mnt_id) || + copy_to_user(ufh, handle, + sizeof(struct file_handle) + handle_bytes)) + retval = -EFAULT; diff --git a/fs/fifo.c b/fs/fifo.c index cf6f434..3d7942c 100644 --- a/fs/fifo.c @@ -64757,7 +64793,7 @@ index ecc5543..0e96bcc 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index e931c9a..7aa8f6f 100644 +index 1e36c63..0c5046e 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h @@ -915,7 +915,7 @@ struct ata_port_operations { @@ -65067,7 +65103,7 @@ index fed3def..7cc3f93 100644 #define HID_GROUP_ANY 0x0000 diff --git a/include/linux/module.h b/include/linux/module.h -index 7760c6d..983ee18 100644 +index 1375ee3..d631af0 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,9 +17,11 @@ @@ -65617,7 +65653,7 @@ index bfe1f47..6a33ee3 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index 0dd42a0..f5dc099 100644 +index 3e63925..1d69dff 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -61,6 +61,7 @@ struct bio_list; @@ -67585,10 +67621,10 @@ index f5b978a..69dbfe8 100644 if (!S_ISBLK(stat.st_mode)) return 0; diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c -index 5e4ded5..aa3cd7e 100644 +index f9acf71..1e19144 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c -@@ -54,8 +54,8 @@ static void __init handle_initrd(void) +@@ -58,8 +58,8 @@ static void __init handle_initrd(void) create_dev("/dev/root.old", Root_RAM0); /* mount initrd on rootfs' /root */ mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); @@ -67599,7 +67635,7 @@ index 5e4ded5..aa3cd7e 100644 /* * In case that a resume from disk is carried out by linuxrc or one of -@@ -69,31 +69,31 @@ static void __init handle_initrd(void) +@@ -73,31 +73,31 @@ static void __init handle_initrd(void) current->flags &= ~PF_FREEZER_SKIP; /* move initrd to rootfs' /old */ @@ -67638,7 +67674,7 @@ index 5e4ded5..aa3cd7e 100644 printk(KERN_NOTICE "Trying to free ramdisk memory ... "); if (fd < 0) { error = fd; -@@ -116,11 +116,11 @@ int __init initrd_load(void) +@@ -120,11 +120,11 @@ int __init initrd_load(void) * mounted in the normal path. */ if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { @@ -67810,7 +67846,7 @@ index 84c6bf1..8899338 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index e33e09d..b699703 100644 +index cd147a9..12ce8c2 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -67955,7 +67991,7 @@ index e33e09d..b699703 100644 } static int run_init_process(const char *init_filename) -@@ -876,7 +950,7 @@ static void __init kernel_init_freeable(void) +@@ -876,7 +950,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -67964,7 +68000,7 @@ index e33e09d..b699703 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -889,11 +963,13 @@ static void __init kernel_init_freeable(void) +@@ -889,11 +963,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -68718,11 +68754,11 @@ index 9a61738..c5c8f3a 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 4d5f8d5..4743f33 100644 +index 8875254..7cf4928 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c -@@ -1972,7 +1972,7 @@ static int kdb_lsmod(int argc, const char **argv) - list_for_each_entry(mod, kdb_modules, list) { +@@ -1974,7 +1974,7 @@ static int kdb_lsmod(int argc, const char **argv) + continue; kdb_printf("%-20s%8u 0x%p ", mod->name, - mod->core_size, (void *)mod); @@ -68730,7 +68766,7 @@ index 4d5f8d5..4743f33 100644 #ifdef CONFIG_MODULE_UNLOAD kdb_printf("%4ld ", module_refcount(mod)); #endif -@@ -1982,7 +1982,7 @@ static int kdb_lsmod(int argc, const char **argv) +@@ -1984,7 +1984,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); else kdb_printf(" (Live)"); @@ -69773,7 +69809,7 @@ index 91c32a0..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 6e48c3a..ac2ef5b 100644 +index 3e544f4..096cb73 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -59,6 +59,7 @@ @@ -69794,7 +69830,7 @@ index 6e48c3a..ac2ef5b 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -318,7 +320,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -319,7 +321,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -69803,16 +69839,16 @@ index 6e48c3a..ac2ef5b 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -340,7 +342,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, - #endif - }; +@@ -344,7 +346,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data)) + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data)) return true; } return false; -@@ -472,7 +474,7 @@ static inline void __percpu *mod_percpu(struct module *mod) +@@ -484,7 +486,7 @@ static inline void __percpu *mod_percpu(struct module *mod) static int percpu_modalloc(struct module *mod, unsigned long size, unsigned long align) { @@ -69821,7 +69857,7 @@ index 6e48c3a..ac2ef5b 100644 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1072,7 +1074,7 @@ struct module_attribute module_uevent = +@@ -1088,7 +1090,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -69830,7 +69866,7 @@ index 6e48c3a..ac2ef5b 100644 } static struct module_attribute modinfo_coresize = -@@ -1081,7 +1083,7 @@ static struct module_attribute modinfo_coresize = +@@ -1097,7 +1099,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -69839,7 +69875,7 @@ index 6e48c3a..ac2ef5b 100644 } static struct module_attribute modinfo_initsize = -@@ -1295,7 +1297,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1311,7 +1313,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -69848,7 +69884,7 @@ index 6e48c3a..ac2ef5b 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1761,21 +1763,21 @@ static void set_section_ro_nx(void *base, +@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -69878,10 +69914,10 @@ index 6e48c3a..ac2ef5b 100644 set_memory_rw); } -@@ -1786,14 +1788,14 @@ void set_all_modules_text_rw(void) - - mutex_lock(&module_mutex); +@@ -1804,14 +1806,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if ((mod->module_core) && (mod->core_text_size)) { - set_page_attributes(mod->module_core, - mod->module_core + mod->core_text_size, @@ -69899,10 +69935,10 @@ index 6e48c3a..ac2ef5b 100644 set_memory_rw); } } -@@ -1807,14 +1809,14 @@ void set_all_modules_text_ro(void) - - mutex_lock(&module_mutex); +@@ -1827,14 +1829,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if ((mod->module_core) && (mod->core_text_size)) { - set_page_attributes(mod->module_core, - mod->module_core + mod->core_text_size, @@ -69920,7 +69956,7 @@ index 6e48c3a..ac2ef5b 100644 set_memory_ro); } } -@@ -1860,16 +1862,19 @@ static void free_module(struct module *mod) +@@ -1880,16 +1882,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -69943,7 +69979,7 @@ index 6e48c3a..ac2ef5b 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1939,9 +1944,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1959,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -69975,7 +70011,7 @@ index 6e48c3a..ac2ef5b 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1962,7 +1989,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -69985,7 +70021,7 @@ index 6e48c3a..ac2ef5b 100644 break; } -@@ -1981,11 +2010,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2001,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -70006,7 +70042,7 @@ index 6e48c3a..ac2ef5b 100644 return ret; } -@@ -2069,22 +2107,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2089,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -70033,7 +70069,7 @@ index 6e48c3a..ac2ef5b 100644 } pr_debug("Init section allocation order:\n"); -@@ -2098,23 +2126,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2118,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -70062,7 +70098,7 @@ index 6e48c3a..ac2ef5b 100644 } } -@@ -2286,7 +2304,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2306,7 +2324,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -70071,7 +70107,7 @@ index 6e48c3a..ac2ef5b 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2306,13 +2324,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2326,13 +2344,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -70089,7 +70125,7 @@ index 6e48c3a..ac2ef5b 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2330,12 +2348,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2350,12 +2368,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -70106,7 +70142,7 @@ index 6e48c3a..ac2ef5b 100644 src = mod->symtab; *s++ = 0; for (ndst = i = 0; i < mod->num_symtab; i++) { -@@ -2348,6 +2368,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2368,6 +2388,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -70115,7 +70151,7 @@ index 6e48c3a..ac2ef5b 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2381,17 +2403,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2401,17 +2423,33 @@ void * __weak module_alloc(unsigned long size) return size == 0 ? NULL : vmalloc_exec(size); } @@ -70154,7 +70190,7 @@ index 6e48c3a..ac2ef5b 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2610,8 +2648,14 @@ static struct module *setup_load_info(struct load_info *info) +@@ -2630,8 +2668,14 @@ static struct module *setup_load_info(struct load_info *info) static int check_modinfo(struct module *mod, struct load_info *info) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -70169,7 +70205,7 @@ index 6e48c3a..ac2ef5b 100644 /* This is allowed: modprobe --force will invalidate it. */ if (!modmagic) { err = try_to_force_load(mod, "bad vermagic"); -@@ -2634,7 +2678,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2654,7 +2698,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) } /* Set up license info based on the info section */ @@ -70178,7 +70214,7 @@ index 6e48c3a..ac2ef5b 100644 return 0; } -@@ -2728,7 +2772,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2748,7 +2792,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -70187,7 +70223,7 @@ index 6e48c3a..ac2ef5b 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2738,23 +2782,50 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2758,23 +2802,50 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -70246,7 +70282,7 @@ index 6e48c3a..ac2ef5b 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2765,16 +2836,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2785,16 +2856,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -70299,7 +70335,7 @@ index 6e48c3a..ac2ef5b 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2829,12 +2929,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2849,12 +2949,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -70318,7 +70354,7 @@ index 6e48c3a..ac2ef5b 100644 set_fs(old_fs); } -@@ -2904,8 +3004,10 @@ out: +@@ -2924,8 +3024,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -70331,7 +70367,7 @@ index 6e48c3a..ac2ef5b 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2918,7 +3020,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2938,7 +3040,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -70341,7 +70377,7 @@ index 6e48c3a..ac2ef5b 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -2989,9 +3093,38 @@ static struct module *load_module(void __user *umod, +@@ -3036,9 +3140,38 @@ again: if (err) goto free_unload; @@ -70380,23 +70416,9 @@ index 6e48c3a..ac2ef5b 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, &info); if (err < 0) -@@ -3007,13 +3140,6 @@ static struct module *load_module(void __user *umod, - - flush_module_icache(mod); - -- /* Now copy in args */ -- mod->args = strndup_user(uargs, ~0UL >> 1); -- if (IS_ERR(mod->args)) { -- err = PTR_ERR(mod->args); -- goto free_arch_cleanup; -- } -- - /* Mark state as coming so strong_try_module_get() ignores us. */ - mod->state = MODULE_STATE_COMING; - -@@ -3081,11 +3207,11 @@ again: - unlock: +@@ -3104,11 +3237,11 @@ again: mutex_unlock(&module_mutex); + dynamic_debug_remove(info.debug); synchronize_sched(); - kfree(mod->args); free_arch_cleanup: @@ -70406,8 +70428,8 @@ index 6e48c3a..ac2ef5b 100644 + kfree(mod->args); free_unload: module_unload_free(mod); - free_module: -@@ -3126,16 +3252,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, + unlink_mod: +@@ -3155,16 +3288,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -70432,7 +70454,7 @@ index 6e48c3a..ac2ef5b 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3180,11 +3306,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -3209,11 +3342,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -70450,7 +70472,7 @@ index 6e48c3a..ac2ef5b 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3216,10 +3343,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3245,10 +3379,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -70470,8 +70492,8 @@ index 6e48c3a..ac2ef5b 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3454,7 +3587,7 @@ static int m_show(struct seq_file *m, void *p) - char buf[8]; +@@ -3501,7 +3641,7 @@ static int m_show(struct seq_file *m, void *p) + return 0; seq_printf(m, "%s %u", - mod->name, mod->init_size + mod->core_size); @@ -70479,7 +70501,7 @@ index 6e48c3a..ac2ef5b 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3463,7 +3596,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3510,7 +3650,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -70488,7 +70510,7 @@ index 6e48c3a..ac2ef5b 100644 /* Taints info */ if (mod->taints) -@@ -3499,7 +3632,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3546,7 +3686,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -70506,7 +70528,7 @@ index 6e48c3a..ac2ef5b 100644 return 0; } module_init(proc_modules_init); -@@ -3558,12 +3701,12 @@ struct module *__module_address(unsigned long addr) +@@ -3607,14 +3757,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -70515,14 +70537,16 @@ index 6e48c3a..ac2ef5b 100644 + (addr < module_addr_min_rw || addr > module_addr_max_rw)) return NULL; - list_for_each_entry_rcu(mod, &modules, list) + list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if (within_module_core(addr, mod) - || within_module_init(addr, mod)) + if (within_module_init(addr, mod) || within_module_core(addr, mod)) return mod; + } return NULL; - } -@@ -3597,11 +3740,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3649,11 +3799,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -71025,10 +71049,10 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 1f5e55d..8b8f969 100644 +index fbea91d..9bf15e8 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -280,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -319,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; @@ -71037,7 +71061,7 @@ index 1f5e55d..8b8f969 100644 flags |= PT_PTRACE_CAP; task->ptrace = flags; -@@ -487,7 +487,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -526,7 +526,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -71046,7 +71070,7 @@ index 1f5e55d..8b8f969 100644 return -EFAULT; copied += retval; src += retval; -@@ -672,7 +672,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -711,7 +711,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -71055,7 +71079,7 @@ index 1f5e55d..8b8f969 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -874,14 +874,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -913,14 +913,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -71078,7 +71102,7 @@ index 1f5e55d..8b8f969 100644 goto out_put_task_struct; } -@@ -907,7 +914,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -948,7 +955,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -71087,7 +71111,7 @@ index 1f5e55d..8b8f969 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1017,14 +1024,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1058,14 +1065,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -71739,10 +71763,10 @@ index 15f60d0..7e50319 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 2d8927f..f617765 100644 +index c529d00..d00b4f3 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3562,6 +3562,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3563,6 +3563,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -71751,7 +71775,7 @@ index 2d8927f..f617765 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3595,7 +3597,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3596,7 +3598,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -71761,7 +71785,7 @@ index 2d8927f..f617765 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3749,6 +3752,7 @@ recheck: +@@ -3750,6 +3753,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -71783,7 +71807,7 @@ index 6b800a1..0c36227 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index e4d4014..76cf5dd 100644 +index 57dde52..2c561f0 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -49,12 +49,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -71829,7 +71853,7 @@ index e4d4014..76cf5dd 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -817,6 +820,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -811,6 +814,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -71843,7 +71867,7 @@ index e4d4014..76cf5dd 100644 return security_task_kill(t, info, sig, 0); } -@@ -1198,7 +1208,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1192,7 +1202,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -71852,7 +71876,7 @@ index e4d4014..76cf5dd 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1235,6 +1245,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1229,6 +1239,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -71860,7 +71884,7 @@ index e4d4014..76cf5dd 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1249,9 +1260,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1243,9 +1254,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -71879,7 +71903,7 @@ index e4d4014..76cf5dd 100644 return ret; } -@@ -1318,8 +1338,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1312,8 +1332,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -71892,7 +71916,7 @@ index e4d4014..76cf5dd 100644 return ret; } -@@ -2864,7 +2887,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2863,7 +2886,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -72672,7 +72696,7 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 51b7159..18137d6 100644 +index 356bc2f..7c94fc0 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -73270,10 +73294,10 @@ index 06fdfa1..97c5c7d 100644 } EXPORT_SYMBOL(bitmap_parselist_user); diff --git a/lib/bug.c b/lib/bug.c -index a28c141..2bd3d95 100644 +index d0cdf14..4d07bd2 100644 --- a/lib/bug.c +++ b/lib/bug.c -@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) +@@ -134,6 +134,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) return BUG_TRAP_TYPE_NONE; bug = find_bug(bugaddr); @@ -73916,7 +73940,7 @@ index 3c5197d..08d0065 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index a217cc5..74c9ec0 100644 +index a217cc5..44b2b35 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -73924,10 +73948,19 @@ index a217cc5..74c9ec0 100644 for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr); ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr); } } +@@ -1852,7 +1852,7 @@ static int __init kmemleak_late_init(void) + return -ENOMEM; + } + +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL, ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL, + &kmemleak_fops); + if (!dentry) + pr_warning("Failed to create the debugfs kmemleak file\n"); diff --git a/mm/maccess.c b/mm/maccess.c index d53adf9..03a24bf 100644 --- a/mm/maccess.c diff --git a/3.7.4/4425_grsec_remove_EI_PAX.patch b/3.7.5/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.7.4/4425_grsec_remove_EI_PAX.patch +++ b/3.7.5/4425_grsec_remove_EI_PAX.patch diff --git a/3.7.4/4430_grsec-remove-localversion-grsec.patch b/3.7.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.7.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.7.5/4430_grsec-remove-localversion-grsec.patch diff --git a/3.7.4/4435_grsec-mute-warnings.patch b/3.7.5/4435_grsec-mute-warnings.patch index e1a7a3c..e1a7a3c 100644 --- a/3.7.4/4435_grsec-mute-warnings.patch +++ b/3.7.5/4435_grsec-mute-warnings.patch diff --git a/3.7.4/4440_grsec-remove-protected-paths.patch b/3.7.5/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.7.4/4440_grsec-remove-protected-paths.patch +++ b/3.7.5/4440_grsec-remove-protected-paths.patch diff --git a/3.7.4/4450_grsec-kconfig-default-gids.patch b/3.7.5/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.7.4/4450_grsec-kconfig-default-gids.patch +++ b/3.7.5/4450_grsec-kconfig-default-gids.patch diff --git a/3.7.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.7.5/4465_selinux-avc_audit-log-curr_ip.patch index 5b614b1..5b614b1 100644 --- a/3.7.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.7.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.7.4/4470_disable-compat_vdso.patch b/3.7.5/4470_disable-compat_vdso.patch index d32044a..d32044a 100644 --- a/3.7.4/4470_disable-compat_vdso.patch +++ b/3.7.5/4470_disable-compat_vdso.patch |