diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-02-18 08:45:03 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-02-18 08:45:03 -0500 |
commit | 08dfefa04e5888a50cad8c94f940d679007aa3d8 (patch) | |
tree | 318c81af381c8eeff9434a29429d460bacab4678 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.38,3.7.8}-201302161158 (diff) | |
download | hardened-patchset-08dfefa04e5888a50cad8c94f940d679007aa3d8.tar.gz hardened-patchset-08dfefa04e5888a50cad8c94f940d679007aa3d8.tar.bz2 hardened-patchset-08dfefa04e5888a50cad8c94f940d679007aa3d8.zip |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.38,3.7.9}-201302171808
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302171807.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302161146.patch) | 1515 | ||||
-rw-r--r-- | 2.6.32/4470_disable-compat_vdso.patch | 13 | ||||
-rw-r--r-- | 3.2.38/0000_README | 2 | ||||
-rw-r--r-- | 3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch (renamed from 3.2.38/4420_grsecurity-2.9.1-3.2.38-201302151927.patch) | 1557 | ||||
-rw-r--r-- | 3.7.9/0000_README (renamed from 3.7.8/0000_README) | 2 | ||||
-rw-r--r-- | 3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch (renamed from 3.7.8/4420_grsecurity-2.9.1-3.7.8-201302161158.patch) | 370 | ||||
-rw-r--r-- | 3.7.9/4425_grsec_remove_EI_PAX.patch (renamed from 3.7.8/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4430_grsec-remove-localversion-grsec.patch (renamed from 3.7.8/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4435_grsec-mute-warnings.patch (renamed from 3.7.8/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4440_grsec-remove-protected-paths.patch (renamed from 3.7.8/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4450_grsec-kconfig-default-gids.patch (renamed from 3.7.8/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.7.8/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.7.9/4470_disable-compat_vdso.patch (renamed from 3.7.8/4470_disable-compat_vdso.patch) | 0 |
13 files changed, 1752 insertions, 1707 deletions
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302161146.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302171807.patch index beb1e7f..7e2e5c8 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302161146.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302171807.patch @@ -5232,10 +5232,21 @@ index 5973631..ad617af 100644 for (i = 0; i < lmb.memory.cnt - 1; i++) { lmb_region_max_pfn = diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 0d957a4..26d968f 100644 +index 0d957a4..eae383e 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c -@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -65,6 +65,10 @@ static unsigned long mmap_rnd(void) + { + unsigned long rnd = 0; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (current->flags & PF_RANDOMIZE) { + /* 8MB for 32bit, 1GB for 64bit */ + if (is_32bit_task()) +@@ -99,10 +103,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -6912,7 +6923,7 @@ index 3a82e65..ad9761e 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index cfa0e19..6a250b0 100644 +index cfa0e19..23de658 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -120,12 +120,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -7050,7 +7061,18 @@ index cfa0e19..6a250b0 100644 bottomup: /* -@@ -384,6 +386,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -366,6 +368,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + { + unsigned long random_factor = 0UL; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (current->flags & PF_RANDOMIZE) { + random_factor = get_random_int(); + if (test_thread_flag(TIF_32BIT)) +@@ -384,6 +390,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -7063,7 +7085,7 @@ index cfa0e19..6a250b0 100644 mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -398,6 +406,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -398,6 +410,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -8839,7 +8861,7 @@ index d1b93c4..ae1b7fd 100644 void default_idle(void); diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index aa889d6..883686f 100644 +index aa889d6..5b677d1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -223,7 +223,7 @@ config X86_TRAMPOLINE @@ -8918,7 +8940,7 @@ index aa889d6..883686f 100644 + def_bool n prompt "Compat VDSO support" depends on X86_32 || IA32_EMULATION -+ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF ++ depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF ---help--- Map the 32-bit VDSO to the predictable old-style address too. ---help--- @@ -13099,9 +13121,45 @@ index efb3899..ef30687 100644 #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h -index 9357473..04fa525 100644 +index 9357473..12e6413 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h +@@ -78,7 +78,7 @@ struct pv_init_ops { + */ + unsigned (*patch)(u8 type, u16 clobber, void *insnbuf, + unsigned long addr, unsigned len); +-}; ++} __no_const; + + + struct pv_lazy_ops { +@@ -90,7 +90,7 @@ struct pv_lazy_ops { + struct pv_time_ops { + unsigned long long (*sched_clock)(void); + unsigned long (*get_tsc_khz)(void); +-}; ++} __no_const; + + struct pv_cpu_ops { + /* hooks for various privileged instructions */ +@@ -186,7 +186,7 @@ struct pv_cpu_ops { + + void (*start_context_switch)(struct task_struct *prev); + void (*end_context_switch)(struct task_struct *next); +-}; ++} __no_const; + + struct pv_irq_ops { + /* +@@ -217,7 +217,7 @@ struct pv_apic_ops { + unsigned long start_eip, + unsigned long start_esp); + #endif +-}; ++} __no_const; + + struct pv_mmu_ops { + unsigned long (*read_cr2)(void); @@ -301,6 +301,7 @@ struct pv_mmu_ops { struct paravirt_callee_save make_pud; @@ -13123,6 +13181,15 @@ index 9357473..04fa525 100644 }; struct raw_spinlock; +@@ -326,7 +333,7 @@ struct pv_lock_ops { + void (*spin_lock_flags)(struct raw_spinlock *lock, unsigned long flags); + int (*spin_trylock)(struct raw_spinlock *lock); + void (*spin_unlock)(struct raw_spinlock *lock); +-}; ++} __no_const; + + /* This contains all the paravirt structures: we get a convenient + * number for each function using the offset which we use to indicate diff --git a/arch/x86/include/asm/pci_x86.h b/arch/x86/include/asm/pci_x86.h index b399988..3f47c38 100644 --- a/arch/x86/include/asm/pci_x86.h @@ -13251,7 +13318,7 @@ index 33927d2..ccde329 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index af6fd36..fffaf4b 100644 +index af6fd36..60da657 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -39,6 +39,7 @@ extern struct list_head pgd_list; @@ -13281,7 +13348,7 @@ index af6fd36..fffaf4b 100644 + preempt_disable(); + barrier(); + cr0 = read_cr0() ^ X86_CR0_WP; -+ BUG_ON(unlikely(cr0 & X86_CR0_WP)); ++ BUG_ON(cr0 & X86_CR0_WP); + write_cr0(cr0); + return cr0 ^ X86_CR0_WP; +} @@ -13291,7 +13358,7 @@ index af6fd36..fffaf4b 100644 + unsigned long cr0; + + cr0 = read_cr0() ^ X86_CR0_WP; -+ BUG_ON(unlikely(!(cr0 & X86_CR0_WP))); ++ BUG_ON(!(cr0 & X86_CR0_WP)); + write_cr0(cr0); + barrier(); + preempt_enable_no_resched(); @@ -13864,7 +13931,7 @@ index 0f0d908..f2e3da2 100644 } diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h -index 562d4fd..6e655f2 100644 +index 562d4fd..1e42a5b 100644 --- a/arch/x86/include/asm/reboot.h +++ b/arch/x86/include/asm/reboot.h @@ -6,19 +6,19 @@ @@ -13880,8 +13947,9 @@ index 562d4fd..6e655f2 100644 void (*shutdown)(void); void (*crash_shutdown)(struct pt_regs *); - void (*emergency_restart)(void); +-}; + void (* __noreturn emergency_restart)(void); - }; ++} __no_const; extern struct machine_ops machine_ops; @@ -14100,7 +14168,7 @@ index 14e0ed8..7f7dd5e 100644 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS* 8 + 3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS* 8 + 3) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 4c2f63c..57ac225 100644 +index 4c2f63c..5685db2 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -24,7 +24,7 @@ extern unsigned int num_processors; @@ -14124,6 +14192,15 @@ index 4c2f63c..57ac225 100644 struct smp_ops { void (*smp_prepare_boot_cpu)(void); +@@ -60,7 +57,7 @@ struct smp_ops { + + void (*send_call_func_ipi)(const struct cpumask *mask); + void (*send_call_func_single_ipi)(int cpu); +-}; ++} __no_const; + + /* Globals due to paravirt */ + extern void set_cpu_sibling_map(int cpu); @@ -175,14 +172,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); @@ -14476,10 +14553,10 @@ index 19c3ce4..4ad5ba4 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 61c5874..8a046e9 100644 +index 61c5874..28d8b16 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h -@@ -8,12 +8,15 @@ +@@ -8,6 +8,7 @@ #include <linux/thread_info.h> #include <linux/prefetch.h> #include <linux/string.h> @@ -14487,15 +14564,7 @@ index 61c5874..8a046e9 100644 #include <asm/asm.h> #include <asm/page.h> - #define VERIFY_READ 0 - #define VERIFY_WRITE 1 - -+extern void check_object_size(const void *ptr, unsigned long n, bool to); -+ - /* - * The fs value determines whether argument validity checking should be - * performed or not. If get_fs() == USER_DS, checking is performed, with -@@ -29,7 +32,12 @@ +@@ -29,7 +30,12 @@ #define get_ds() (KERNEL_DS) #define get_fs() (current_thread_info()->addr_limit) @@ -14508,7 +14577,7 @@ index 61c5874..8a046e9 100644 #define segment_eq(a, b) ((a).seg == (b).seg) -@@ -77,7 +85,33 @@ +@@ -77,7 +83,33 @@ * checks that the pointer is in the user space range - after calling * this function, memory access functions may still return -EFAULT. */ @@ -14543,7 +14612,7 @@ index 61c5874..8a046e9 100644 /* * The exception table consists of pairs of addresses: the first is the -@@ -183,12 +217,20 @@ extern int __get_user_bad(void); +@@ -183,12 +215,20 @@ extern int __get_user_bad(void); asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -14567,7 +14636,7 @@ index 61c5874..8a046e9 100644 "3:\n" \ ".section .fixup,\"ax\"\n" \ "4: movl %3,%0\n" \ -@@ -200,8 +242,8 @@ extern int __get_user_bad(void); +@@ -200,8 +240,8 @@ extern int __get_user_bad(void); : "A" (x), "r" (addr), "i" (errret), "0" (err)) #define __put_user_asm_ex_u64(x, addr) \ @@ -14578,7 +14647,7 @@ index 61c5874..8a046e9 100644 "3:\n" \ _ASM_EXTABLE(1b, 2b - 1b) \ _ASM_EXTABLE(2b, 3b - 2b) \ -@@ -253,7 +295,7 @@ extern void __put_user_8(void); +@@ -253,7 +293,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -14587,7 +14656,7 @@ index 61c5874..8a046e9 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -374,7 +416,7 @@ do { \ +@@ -374,7 +414,7 @@ do { \ } while (0) #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ @@ -14596,7 +14665,7 @@ index 61c5874..8a046e9 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -382,7 +424,7 @@ do { \ +@@ -382,7 +422,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -14605,7 +14674,7 @@ index 61c5874..8a046e9 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -407,7 +449,7 @@ do { \ +@@ -407,7 +447,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -14614,7 +14683,7 @@ index 61c5874..8a046e9 100644 "2:\n" \ _ASM_EXTABLE(1b, 2b - 1b) \ : ltype(x) : "m" (__m(addr))) -@@ -424,13 +466,24 @@ do { \ +@@ -424,13 +464,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -14641,7 +14710,7 @@ index 61c5874..8a046e9 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -438,7 +491,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -438,7 +489,7 @@ struct __large_struct { unsigned long buf[100]; }; * aliasing issues. */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ @@ -14650,7 +14719,7 @@ index 61c5874..8a046e9 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -446,10 +499,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -446,10 +497,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -14663,7 +14732,7 @@ index 61c5874..8a046e9 100644 "2:\n" \ _ASM_EXTABLE(1b, 2b - 1b) \ : : ltype(x), "m" (__m(addr))) -@@ -488,8 +541,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -488,8 +539,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -14676,7 +14745,7 @@ index 61c5874..8a046e9 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -511,8 +568,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -511,8 +566,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -14689,7 +14758,7 @@ index 61c5874..8a046e9 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -530,7 +591,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -530,7 +589,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -14698,7 +14767,7 @@ index 61c5874..8a046e9 100644 } while (0) #ifdef CONFIG_X86_WP_WORKS_OK -@@ -567,6 +628,7 @@ extern struct movsl_mask { +@@ -567,6 +626,7 @@ extern struct movsl_mask { #define ARCH_HAS_NOCACHE_UACCESS 1 @@ -14707,7 +14776,7 @@ index 61c5874..8a046e9 100644 # include "uaccess_32.h" #else diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 632fb44..8bd6fa7 100644 +index 632fb44..b284405 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -12,15 +12,15 @@ @@ -14731,7 +14800,7 @@ index 632fb44..8bd6fa7 100644 /** * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. -@@ -44,6 +44,11 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero +@@ -44,6 +44,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { @@ -14740,18 +14809,11 @@ index 632fb44..8bd6fa7 100644 + if ((long)n < 0) + return n; + ++ check_object_size(from, n, true); ++ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -62,6 +67,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) - return ret; - } - } -+ if (!__builtin_constant_p(n)) -+ check_object_size(from, n, true); - return __copy_to_user_ll(to, from, n); - } - @@ -83,12 +90,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -14769,7 +14831,7 @@ index 632fb44..8bd6fa7 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -138,6 +149,12 @@ static __always_inline unsigned long +@@ -138,6 +149,14 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -14779,18 +14841,11 @@ index 632fb44..8bd6fa7 100644 + if ((long)n < 0) + return n; + ++ check_object_size(to, n, false); ++ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -153,6 +170,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) - return ret; - } - } -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); - return __copy_from_user_ll(to, from, n); - } - @@ -160,6 +179,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { @@ -14802,7 +14857,7 @@ index 632fb44..8bd6fa7 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -182,14 +205,73 @@ static __always_inline unsigned long +@@ -182,14 +205,72 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -14862,15 +14917,14 @@ index 632fb44..8bd6fa7 100644 +{ + size_t sz = __compiletime_object_size(to); + ++ check_object_size(to, n, false); ++ + if (unlikely(sz != (size_t)-1 && sz < n)) + copy_from_user_overflow(); + else if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); -+ else if ((long)n > 0) { -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); ++ else if ((long)n > 0) + memset(to, 0, n); -+ } + return n; } @@ -14882,7 +14936,7 @@ index 632fb44..8bd6fa7 100644 long __must_check strncpy_from_user(char *dst, const char __user *src, long count); long __must_check __strncpy_from_user(char *dst, -@@ -212,7 +294,7 @@ long __must_check __strncpy_from_user(char *dst, +@@ -212,7 +293,7 @@ long __must_check __strncpy_from_user(char *dst, #define strlen_user(str) strnlen_user(str, LONG_MAX) long strnlen_user(const char __user *str, long n); @@ -14893,7 +14947,7 @@ index 632fb44..8bd6fa7 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index db24b21..73adc70 100644 +index db24b21..9fa9f18 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -9,6 +9,9 @@ @@ -14939,6 +14993,8 @@ index db24b21..73adc70 100644 + if (size > INT_MAX) + return size; + ++ check_object_size(dst, size, false); ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (!__access_ok(VERIFY_READ, src, size)) + return size; @@ -14950,7 +15006,6 @@ index db24b21..73adc70 100644 + } + + if (!__builtin_constant_p(size)) { -+ check_object_size(dst, size, false); + return copy_user_generic(dst, (__force_kernel const void *)____m(src), size); + } switch (size) { @@ -15007,14 +15062,14 @@ index db24b21..73adc70 100644 + unsigned ret = 0; might_fault(); -- if (!__builtin_constant_p(size)) -- return copy_user_generic((__force void *)dst, src, size); + + pax_track_stack(); + + if (size > INT_MAX) + return size; + ++ check_object_size(src, size, true); ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (!__access_ok(VERIFY_WRITE, dst, size)) + return size; @@ -15025,10 +15080,9 @@ index db24b21..73adc70 100644 + return size; + } + -+ if (!__builtin_constant_p(size)) { -+ check_object_size(src, size, true); + if (!__builtin_constant_p(size)) +- return copy_user_generic((__force void *)dst, src, size); + return copy_user_generic((__force_kernel void *)____m(dst), src, size); -+ } switch (size) { - case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst, + case 1:__put_user_asm(*(const u8 *)src, (u8 __user *)dst, @@ -15089,13 +15143,12 @@ index db24b21..73adc70 100644 +{ might_fault(); + ++ check_object_size(to, len, false); ++ + if (access_ok(VERIFY_READ, from, len)) + len = __copy_from_user(to, from, len); -+ else if (len < INT_MAX) { -+ if (!__builtin_constant_p(len)) -+ check_object_size(to, len, false); ++ else if (len < INT_MAX) + memset(to, 0, len); -+ } + return len; +} + @@ -15332,6 +15385,46 @@ index d0983d2..1f7c9e9 100644 #endif /* __KERNEL__ */ #endif /* _ASM_X86_VSYSCALL_H */ +diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h +index 2c756fd..062473d 100644 +--- a/arch/x86/include/asm/x86_init.h ++++ b/arch/x86/include/asm/x86_init.h +@@ -88,7 +88,7 @@ struct x86_init_timers { + void (*setup_percpu_clockev)(void); + void (*tsc_pre_init)(void); + void (*timer_init)(void); +-}; ++} __no_const; + + /** + * struct x86_init_ops - functions for platform specific setup +@@ -101,7 +101,7 @@ struct x86_init_ops { + struct x86_init_oem oem; + struct x86_init_paging paging; + struct x86_init_timers timers; +-}; ++} __no_const; + + /** + * struct x86_cpuinit_ops - platform specific cpu hotplug setups +@@ -109,7 +109,7 @@ struct x86_init_ops { + */ + struct x86_cpuinit_ops { + void (*setup_percpu_clockev)(void); +-}; ++} __no_const; + + /** + * struct x86_platform_ops - platform specific runtime functions +@@ -121,7 +121,7 @@ struct x86_platform_ops { + unsigned long (*calibrate_tsc)(void); + unsigned long (*get_wallclock)(void); + int (*set_wallclock)(unsigned long nowtime); +-}; ++} __no_const; + + extern struct x86_init_ops x86_init; + extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h index 727acc1..52c9e4c 100644 --- a/arch/x86/include/asm/xsave.h @@ -15669,31 +15762,6 @@ index 8928d97..f799cea 100644 spin_lock(&ioapic_lock); __mask_and_edge_IO_APIC_irq(cfg); __unmask_and_level_IO_APIC_irq(cfg); -diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c -index efa00e2..63f96f5 100644 ---- a/arch/x86/kernel/apic/numaq_32.c -+++ b/arch/x86/kernel/apic/numaq_32.c -@@ -275,13 +275,13 @@ static __init void early_check_numaq(void) - early_get_smp_config(); - - if (found_numaq) { -- x86_init.mpparse.mpc_record = numaq_mpc_record; -- x86_init.mpparse.setup_ioapic_ids = x86_init_noop; -- x86_init.mpparse.mpc_apic_id = mpc_apic_id; -- x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem; -- x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus; -- x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info; -- x86_init.timers.tsc_pre_init = numaq_tsc_init; -+ *(void **)&x86_init.mpparse.mpc_record = numaq_mpc_record; -+ *(void **)&x86_init.mpparse.setup_ioapic_ids = x86_init_noop; -+ *(void **)&x86_init.mpparse.mpc_apic_id = mpc_apic_id; -+ *(void **)&x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem; -+ *(void **)&x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus; -+ *(void **)&x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info; -+ *(void **)&x86_init.timers.tsc_pre_init = numaq_tsc_init; - } - } - diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c index 151ace6..f317474 100644 --- a/arch/x86/kernel/apm_32.c @@ -16509,19 +16577,6 @@ index 898df97..9e82503 100644 static struct wd_ops intel_arch_wd_ops __read_mostly = { .reserve = single_msr_reserve, .unreserve = single_msr_unreserve, -diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c -index 9580152..bca82d1 100644 ---- a/arch/x86/kernel/cpu/vmware.c -+++ b/arch/x86/kernel/cpu/vmware.c -@@ -79,7 +79,7 @@ void __init vmware_platform_setup(void) - VMWARE_PORT(GETHZ, eax, ebx, ecx, edx); - - if (ebx != UINT_MAX) -- x86_platform.calibrate_tsc = vmware_get_tsc_khz; -+ *(void **)&x86_platform.calibrate_tsc = vmware_get_tsc_khz; - else - printk(KERN_WARNING - "Failed to get TSC freq from the hypervisor\n"); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index ff95824..2ffdcb5 100644 --- a/arch/x86/kernel/crash.c @@ -16946,21 +17001,6 @@ index b9c830c..1e41a96 100644 va_start(ap, fmt); n = vscnprintf(buf, sizeof(buf), fmt, ap); early_console->write(early_console, buf, n); -diff --git a/arch/x86/kernel/efi.c b/arch/x86/kernel/efi.c -index cdcfb12..15589d9 100644 ---- a/arch/x86/kernel/efi.c -+++ b/arch/x86/kernel/efi.c -@@ -455,8 +455,8 @@ void __init efi_init(void) - do_add_efi_memmap(); - - #ifdef CONFIG_X86_32 -- x86_platform.get_wallclock = efi_get_time; -- x86_platform.set_wallclock = efi_set_rtc_mmss; -+ *(void **)&x86_platform.get_wallclock = efi_get_time; -+ *(void **)&x86_platform.set_wallclock = efi_set_rtc_mmss; - #endif - - /* Setup for EFI runtime service */ diff --git a/arch/x86/kernel/efi_32.c b/arch/x86/kernel/efi_32.c index 5cab48e..b025f9b 100644 --- a/arch/x86/kernel/efi_32.c @@ -19184,10 +19224,10 @@ index 9dbb527..9fe4f21 100644 return -EFAULT; diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 4f8e250..87a66e9 100644 +index 4f8e250..df24706 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c -@@ -16,13 +16,14 @@ +@@ -16,6 +16,7 @@ #include <asm/apic.h> #include <asm/io_apic.h> #include <asm/bios_ebda.h> @@ -19195,16 +19235,6 @@ index 4f8e250..87a66e9 100644 static void __init i386_default_early_setup(void) { - /* Initilize 32bit specific setup functions */ -- x86_init.resources.probe_roms = probe_roms; -- x86_init.resources.reserve_resources = i386_reserve_resources; -- x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc; -+ *(void **)&x86_init.resources.probe_roms = probe_roms; -+ *(void **)&x86_init.resources.reserve_resources = i386_reserve_resources; -+ *(void **)&x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc; - - reserve_ebda_region(); - } @@ -31,7 +32,7 @@ void __init i386_start_kernel(void) { reserve_trampoline_memory(); @@ -20537,18 +20567,9 @@ index 7a67820..17c9752 100644 switch (val) { diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index 63b0ec8..4211963 100644 +index 63b0ec8..6d92227 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c -@@ -201,7 +201,7 @@ static void __init paravirt_ops_setup(void) - pv_info.paravirt_enabled = 1; - - if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) -- pv_cpu_ops.io_delay = kvm_io_delay; -+ *(void **)&pv_cpu_ops.io_delay = kvm_io_delay; - - if (kvm_para_has_feature(KVM_FEATURE_MMU_OP)) { - pv_mmu_ops.set_pte = kvm_set_pte; @@ -216,6 +216,7 @@ static void __init paravirt_ops_setup(void) pv_mmu_ops.set_pud = kvm_set_pud; #if PAGETABLE_LEVELS == 4 @@ -20557,39 +20578,6 @@ index 63b0ec8..4211963 100644 #endif #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; -diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c -index feaeb0d..9c62757 100644 ---- a/arch/x86/kernel/kvmclock.c -+++ b/arch/x86/kernel/kvmclock.c -@@ -184,20 +184,20 @@ void __init kvmclock_init(void) - if (kvmclock && kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE)) { - if (kvm_register_clock("boot clock")) - return; -- pv_time_ops.sched_clock = kvm_clock_read; -- x86_platform.calibrate_tsc = kvm_get_tsc_khz; -- x86_platform.get_wallclock = kvm_get_wallclock; -- x86_platform.set_wallclock = kvm_set_wallclock; -+ *(void **)&pv_time_ops.sched_clock = kvm_clock_read; -+ *(void **)&x86_platform.calibrate_tsc = kvm_get_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = kvm_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = kvm_set_wallclock; - #ifdef CONFIG_X86_LOCAL_APIC -- x86_cpuinit.setup_percpu_clockev = -+ *(void **)&x86_cpuinit.setup_percpu_clockev = - kvm_setup_secondary_clock; - #endif - #ifdef CONFIG_SMP -- smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu; -+ *(void **)&smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu; - #endif -- machine_ops.shutdown = kvm_shutdown; -+ *(void **)&machine_ops.shutdown = kvm_shutdown; - #ifdef CONFIG_KEXEC -- machine_ops.crash_shutdown = kvm_crash_shutdown; -+ *(void **)&machine_ops.crash_shutdown = kvm_crash_shutdown; - #endif - kvm_get_preset_lpj(); - clocksource_register(&kvm_clock); diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ec6ef60..ab2c824 100644 --- a/arch/x86/kernel/ldt.c @@ -20906,19 +20894,6 @@ index 89f386f..9028f51 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; -diff --git a/arch/x86/kernel/mrst.c b/arch/x86/kernel/mrst.c -index 3b7078a..7367929 100644 ---- a/arch/x86/kernel/mrst.c -+++ b/arch/x86/kernel/mrst.c -@@ -19,6 +19,6 @@ - */ - void __init x86_mrst_early_setup(void) - { -- x86_init.resources.probe_roms = x86_init_noop; -- x86_init.resources.reserve_resources = x86_init_noop; -+ *(void **)&x86_init.resources.probe_roms = x86_init_noop; -+ *(void **)&x86_init.resources.reserve_resources = x86_init_noop; - } diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 5eaeb5e..63a053b 100644 --- a/arch/x86/kernel/msr.c @@ -20947,7 +20922,7 @@ index 3a7c5a4..9191528 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index 1b1739d..e39fa7f 100644 +index 1b1739d..dea6077 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) @@ -21010,7 +20985,7 @@ index 1b1739d..e39fa7f 100644 return insn_len; } -@@ -294,7 +303,7 @@ void arch_flush_lazy_mmu_mode(void) +@@ -294,22 +303,22 @@ void arch_flush_lazy_mmu_mode(void) preempt_enable(); } @@ -21019,7 +20994,16 @@ index 1b1739d..e39fa7f 100644 .name = "bare hardware", .paravirt_enabled = 0, .kernel_rpl = 0, -@@ -309,7 +318,7 @@ struct pv_time_ops pv_time_ops = { + .shared_kernel_pmd = 1, /* Only used when CONFIG_X86_PAE is set */ + }; + +-struct pv_init_ops pv_init_ops = { ++struct pv_init_ops pv_init_ops __read_only = { + .patch = native_patch, + }; + +-struct pv_time_ops pv_time_ops = { ++struct pv_time_ops pv_time_ops __read_only = { .sched_clock = native_sched_clock, }; @@ -21028,7 +21012,23 @@ index 1b1739d..e39fa7f 100644 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -388,15 +397,20 @@ struct pv_apic_ops pv_apic_ops = { +@@ -321,7 +330,7 @@ struct pv_irq_ops pv_irq_ops = { + #endif + }; + +-struct pv_cpu_ops pv_cpu_ops = { ++struct pv_cpu_ops pv_cpu_ops __read_only = { + .cpuid = native_cpuid, + .get_debugreg = native_get_debugreg, + .set_debugreg = native_set_debugreg, +@@ -382,21 +391,26 @@ struct pv_cpu_ops pv_cpu_ops = { + .end_context_switch = paravirt_nop, + }; + +-struct pv_apic_ops pv_apic_ops = { ++struct pv_apic_ops pv_apic_ops __read_only = { + #ifdef CONFIG_X86_LOCAL_APIC + .startup_ipi_hook = paravirt_nop, #endif }; @@ -21567,7 +21567,7 @@ index c06acdd..2404a26 100644 audit_syscall_exit(AUDITSC_RESULT(regs->ax), regs->ax); diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index cf98100..7250c30 100644 +index cf98100..169bb39 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -33,7 +33,7 @@ void (*pm_power_off)(void); @@ -21688,14 +21688,18 @@ index cf98100..7250c30 100644 { if (pm_power_off) { if (!reboot_force) -@@ -694,6 +694,7 @@ static void native_machine_power_off(void) +@@ -694,9 +694,10 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); + do { } while (1); } - struct machine_ops machine_ops = { +-struct machine_ops machine_ops = { ++struct machine_ops machine_ops __read_only = { + .power_off = native_machine_power_off, + .shutdown = native_machine_shutdown, + .emergency_restart = native_machine_emergency_restart, diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index 7a6f3b3..976a959 100644 --- a/arch/x86/kernel/relocate_kernel_64.S @@ -21894,6 +21898,19 @@ index 6a44a76..a9287a1 100644 return; if (current_thread_info()->status & TS_RESTORE_SIGMASK) +diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c +index 29f0a78..374912c 100644 +--- a/arch/x86/kernel/smp.c ++++ b/arch/x86/kernel/smp.c +@@ -224,7 +224,7 @@ void smp_call_function_single_interrupt(struct pt_regs *regs) + irq_exit(); + } + +-struct smp_ops smp_ops = { ++struct smp_ops smp_ops __read_only = { + .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu, + .smp_prepare_cpus = native_smp_prepare_cpus, + .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 7e8e905..64d5c32 100644 --- a/arch/x86/kernel/smpboot.c @@ -23138,7 +23155,7 @@ index 9c4e625..c992817 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmi_32.c b/arch/x86/kernel/vmi_32.c -index d430e4c..9efc93d 100644 +index d430e4c..831f817 100644 --- a/arch/x86/kernel/vmi_32.c +++ b/arch/x86/kernel/vmi_32.c @@ -44,12 +44,17 @@ typedef u32 __attribute__((regparm(1))) (VROMFUNC)(void); @@ -23261,79 +23278,6 @@ index d430e4c..9efc93d 100644 return 1; } } -@@ -604,9 +626,9 @@ do { \ - reloc = call_vrom_long_func(vmi_rom, get_reloc, \ - VMI_CALL_##vmicall); \ - if (rel->type == VMI_RELOCATION_CALL_REL) \ -- opname = (void *)rel->eip; \ -+ *(void **)&opname = (void *)rel->eip; \ - else if (rel->type == VMI_RELOCATION_NOP) \ -- opname = (void *)vmi_nop; \ -+ *(void **)&opname = (void *)vmi_nop; \ - else if (rel->type != VMI_RELOCATION_NONE) \ - printk(KERN_WARNING "VMI: Unknown relocation " \ - "type %d for " #vmicall"\n",\ -@@ -626,7 +648,7 @@ do { \ - VMI_CALL_##vmicall); \ - BUG_ON(rel->type == VMI_RELOCATION_JUMP_REL); \ - if (rel->type == VMI_RELOCATION_CALL_REL) { \ -- opname = wrapper; \ -+ *(void **)&opname = wrapper; \ - vmi_ops.cache = (void *)rel->eip; \ - } \ - } while (0) -@@ -650,7 +672,7 @@ static inline int __init activate_vmi(void) - pv_info.kernel_rpl = kernel_cs & SEGMENT_RPL_MASK; - pv_info.name = "vmi [deprecated]"; - -- pv_init_ops.patch = vmi_patch; -+ *(void **)&pv_init_ops.patch = vmi_patch; - - /* - * Many of these operations are ABI compatible with VMI. -@@ -706,7 +728,7 @@ static inline int __init activate_vmi(void) - para_fill(pv_cpu_ops.store_gdt, GetGDT); - para_fill(pv_cpu_ops.store_idt, GetIDT); - para_fill(pv_cpu_ops.store_tr, GetTR); -- pv_cpu_ops.load_tls = vmi_load_tls; -+ *(void **)&pv_cpu_ops.load_tls = vmi_load_tls; - para_wrap(pv_cpu_ops.write_ldt_entry, vmi_write_ldt_entry, - write_ldt_entry, WriteLDTEntry); - para_wrap(pv_cpu_ops.write_gdt_entry, vmi_write_gdt_entry, -@@ -790,8 +812,8 @@ static inline int __init activate_vmi(void) - * the backend. They are performance critical anyway, so requiring - * a patch is not a big problem. - */ -- pv_cpu_ops.irq_enable_sysexit = (void *)0xfeedbab0; -- pv_cpu_ops.iret = (void *)0xbadbab0; -+ *(void **)&pv_cpu_ops.irq_enable_sysexit = (void *)0xfeedbab0; -+ *(void **)&pv_cpu_ops.iret = (void *)0xbadbab0; - - #ifdef CONFIG_SMP - para_wrap(pv_apic_ops.startup_ipi_hook, vmi_startup_ipi_hook, set_initial_ap_state, SetInitialAPState); -@@ -817,15 +839,15 @@ static inline int __init activate_vmi(void) - vmi_timer_ops.set_alarm = vmi_get_function(VMI_CALL_SetAlarm); - vmi_timer_ops.cancel_alarm = - vmi_get_function(VMI_CALL_CancelAlarm); -- x86_init.timers.timer_init = vmi_time_init; -+ *(void **)&x86_init.timers.timer_init = vmi_time_init; - #ifdef CONFIG_X86_LOCAL_APIC -- x86_init.timers.setup_percpu_clockev = vmi_time_bsp_init; -- x86_cpuinit.setup_percpu_clockev = vmi_time_ap_init; -+ *(void **)&x86_init.timers.setup_percpu_clockev = vmi_time_bsp_init; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = vmi_time_ap_init; - #endif -- pv_time_ops.sched_clock = vmi_sched_clock; -- x86_platform.calibrate_tsc = vmi_tsc_khz; -- x86_platform.get_wallclock = vmi_get_wallclock; -- x86_platform.set_wallclock = vmi_set_wallclock; -+ *(void **)&pv_time_ops.sched_clock = vmi_sched_clock; -+ *(void **)&x86_platform.calibrate_tsc = vmi_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = vmi_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = vmi_set_wallclock; - - /* We have true wallclock functions; disable CMOS clock sync */ - no_sync_cmos_clock = 1; @@ -836,6 +858,11 @@ static inline int __init activate_vmi(void) para_fill(pv_irq_ops.safe_halt, Halt); @@ -23673,19 +23617,6 @@ index 3c68fe2..7a8c35b 100644 "kernel image bigger than KERNEL_IMAGE_SIZE"); #ifdef CONFIG_SMP -diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c -index a1d804b..1ab845e 100644 ---- a/arch/x86/kernel/vsmp_64.c -+++ b/arch/x86/kernel/vsmp_64.c -@@ -98,7 +98,7 @@ static void __init set_vsmp_pv_ops(void) - pv_irq_ops.irq_enable = PV_CALLEE_SAVE(vsmp_irq_enable); - pv_irq_ops.save_fl = PV_CALLEE_SAVE(vsmp_save_fl); - pv_irq_ops.restore_fl = PV_CALLEE_SAVE(vsmp_restore_fl); -- pv_init_ops.patch = vsmp_patch; -+ *(void **)&pv_init_ops.patch = vsmp_patch; - - ctl &= ~(1 << 4); - writel(ctl, address + 4); diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c index 62f39d7..3bc46a1 100644 --- a/arch/x86/kernel/vsyscall_64.c @@ -24051,28 +23982,9 @@ index 271fddf..ea708b4 100644 if (kvm_x86_ops) { printk(KERN_ERR "kvm: already loaded the other module\n"); diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 7e59dc1..6673211 100644 +index 7e59dc1..b88c98f 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1088,12 +1088,12 @@ static u32 lguest_apic_safe_wait_icr_idle(void) - - static void set_lguest_basic_apic_ops(void) - { -- apic->read = lguest_apic_read; -- apic->write = lguest_apic_write; -- apic->icr_read = lguest_apic_icr_read; -- apic->icr_write = lguest_apic_icr_write; -- apic->wait_icr_idle = lguest_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; -+ *(void **)&apic->read = lguest_apic_read; -+ *(void **)&apic->write = lguest_apic_write; -+ *(void **)&apic->icr_read = lguest_apic_icr_read; -+ *(void **)&apic->icr_write = lguest_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = lguest_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; - }; - #endif - @@ -1172,9 +1172,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. @@ -24085,81 +23997,6 @@ index 7e59dc1..6673211 100644 } /*G:050 -@@ -1264,28 +1265,28 @@ __init void lguest_init(void) - pv_irq_ops.safe_halt = lguest_safe_halt; - - /* Setup operations */ -- pv_init_ops.patch = lguest_patch; -+ *(void **)&pv_init_ops.patch = lguest_patch; - - /* Intercepts of various CPU instructions */ -- pv_cpu_ops.load_gdt = lguest_load_gdt; -- pv_cpu_ops.cpuid = lguest_cpuid; -- pv_cpu_ops.load_idt = lguest_load_idt; -- pv_cpu_ops.iret = lguest_iret; -- pv_cpu_ops.load_sp0 = lguest_load_sp0; -- pv_cpu_ops.load_tr_desc = lguest_load_tr_desc; -- pv_cpu_ops.set_ldt = lguest_set_ldt; -- pv_cpu_ops.load_tls = lguest_load_tls; -- pv_cpu_ops.set_debugreg = lguest_set_debugreg; -- pv_cpu_ops.clts = lguest_clts; -- pv_cpu_ops.read_cr0 = lguest_read_cr0; -- pv_cpu_ops.write_cr0 = lguest_write_cr0; -- pv_cpu_ops.read_cr4 = lguest_read_cr4; -- pv_cpu_ops.write_cr4 = lguest_write_cr4; -- pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry; -- pv_cpu_ops.write_idt_entry = lguest_write_idt_entry; -- pv_cpu_ops.wbinvd = lguest_wbinvd; -- pv_cpu_ops.start_context_switch = paravirt_start_context_switch; -- pv_cpu_ops.end_context_switch = lguest_end_context_switch; -+ *(void **)&pv_cpu_ops.load_gdt = lguest_load_gdt; -+ *(void **)&pv_cpu_ops.cpuid = lguest_cpuid; -+ *(void **)&pv_cpu_ops.load_idt = lguest_load_idt; -+ *(void **)&pv_cpu_ops.iret = lguest_iret; -+ *(void **)&pv_cpu_ops.load_sp0 = lguest_load_sp0; -+ *(void **)&pv_cpu_ops.load_tr_desc = lguest_load_tr_desc; -+ *(void **)&pv_cpu_ops.set_ldt = lguest_set_ldt; -+ *(void **)&pv_cpu_ops.load_tls = lguest_load_tls; -+ *(void **)&pv_cpu_ops.set_debugreg = lguest_set_debugreg; -+ *(void **)&pv_cpu_ops.clts = lguest_clts; -+ *(void **)&pv_cpu_ops.read_cr0 = lguest_read_cr0; -+ *(void **)&pv_cpu_ops.write_cr0 = lguest_write_cr0; -+ *(void **)&pv_cpu_ops.read_cr4 = lguest_read_cr4; -+ *(void **)&pv_cpu_ops.write_cr4 = lguest_write_cr4; -+ *(void **)&pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry; -+ *(void **)&pv_cpu_ops.write_idt_entry = lguest_write_idt_entry; -+ *(void **)&pv_cpu_ops.wbinvd = lguest_wbinvd; -+ *(void **)&pv_cpu_ops.start_context_switch = paravirt_start_context_switch; -+ *(void **)&pv_cpu_ops.end_context_switch = lguest_end_context_switch; - - /* Pagetable management */ - pv_mmu_ops.write_cr3 = lguest_write_cr3; -@@ -1313,11 +1314,11 @@ __init void lguest_init(void) - set_lguest_basic_apic_ops(); - #endif - -- x86_init.resources.memory_setup = lguest_memory_setup; -- x86_init.irqs.intr_init = lguest_init_IRQ; -- x86_init.timers.timer_init = lguest_time_init; -- x86_platform.calibrate_tsc = lguest_tsc_khz; -- x86_platform.get_wallclock = lguest_get_wallclock; -+ *(void **)&x86_init.resources.memory_setup = lguest_memory_setup; -+ *(void **)&x86_init.irqs.intr_init = lguest_init_IRQ; -+ *(void **)&x86_init.timers.timer_init = lguest_time_init; -+ *(void **)&x86_platform.calibrate_tsc = lguest_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = lguest_get_wallclock; - - /* - * Now is a good time to look at the implementations of these functions -@@ -1410,7 +1411,7 @@ __init void lguest_init(void) - * routine. - */ - pm_power_off = lguest_power_off; -- machine_ops.restart = lguest_restart; -+ *(void **)&machine_ops.restart = lguest_restart; - - /* - * Now we're set up, call i386_start_kernel() in head32.c and we proceed diff --git a/arch/x86/lib/atomic64_32.c b/arch/x86/lib/atomic64_32.c index 824fa0b..c619e96 100644 --- a/arch/x86/lib/atomic64_32.c @@ -26669,7 +26506,7 @@ index 61b41ca..5fef66a 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 249ad57..8d4b579 100644 +index 249ad57..da3a8c4 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -11,10 +11,19 @@ @@ -26936,7 +26773,7 @@ index 249ad57..8d4b579 100644 + if (address >= TASK_SIZE) + error_code |= PF_PROT; + -+ if (show_unhandled_signals) ++ if (likely(show_unhandled_signals)) + show_signal_msg(regs, error_code, address, tsk); + tsk->thread.cr2 = address; @@ -27479,7 +27316,7 @@ index 63a6ba6..79abd7a 100644 return (void *)vaddr; } diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index f46c3407..c56a9d1 100644 +index f46c3407..4984c26 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -267,13 +267,21 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -27683,7 +27520,14 @@ index f46c3407..c56a9d1 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -415,8 +439,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -412,11 +436,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -29182,6 +29026,20 @@ index 347d882..4baf6b6 100644 { u32 x = 0; int year, devfn; +diff --git a/arch/x86/pci/mmconfig-shared.c b/arch/x86/pci/mmconfig-shared.c +index 602c172..28703ae 100644 +--- a/arch/x86/pci/mmconfig-shared.c ++++ b/arch/x86/pci/mmconfig-shared.c +@@ -340,8 +340,7 @@ static void __init pci_mmcfg_insert_resources(void) + char *names; + unsigned num_buses; + +- res = kcalloc(PCI_MMCFG_RESOURCE_NAME_LEN + sizeof(*res), +- pci_mmcfg_config_num, GFP_KERNEL); ++ res = kcalloc(pci_mmcfg_config_num, PCI_MMCFG_RESOURCE_NAME_LEN + sizeof(*res), GFP_KERNEL); + if (!res) { + printk(KERN_ERR "PCI: Unable to allocate MMCONFIG resources\n"); + return; diff --git a/arch/x86/pci/mmconfig_32.c b/arch/x86/pci/mmconfig_32.c index f10a7e9..0425342 100644 --- a/arch/x86/pci/mmconfig_32.c @@ -29910,7 +29768,7 @@ index 21e1aeb..2c0b3c4 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index d52f895..499ef73 100644 +index d52f895..5a92cc3 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -71,8 +71,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -29951,26 +29809,7 @@ index d52f895..499ef73 100644 end = start + __get_cpu_var(idt_desc).size + 1; xen_mc_flush(); -@@ -718,12 +714,12 @@ static u32 xen_safe_apic_wait_icr_idle(void) - - static void set_xen_basic_apic_ops(void) - { -- apic->read = xen_apic_read; -- apic->write = xen_apic_write; -- apic->icr_read = xen_apic_icr_read; -- apic->icr_write = xen_apic_icr_write; -- apic->wait_icr_idle = xen_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; -+ *(void **)&apic->read = xen_apic_read; -+ *(void **)&apic->write = xen_apic_write; -+ *(void **)&apic->icr_read = xen_apic_icr_read; -+ *(void **)&apic->icr_write = xen_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = xen_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; - } - - #endif -@@ -996,7 +992,7 @@ static const struct pv_apic_ops xen_apic_ops __initdata = { +@@ -996,25 +992,25 @@ static const struct pv_apic_ops xen_apic_ops __initdata = { #endif }; @@ -29979,8 +29818,10 @@ index d52f895..499ef73 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1004,17 +1000,17 @@ static void xen_reboot(int reason) - BUG(); +- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r)) +- BUG(); ++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r); ++ BUG(); } -static void xen_restart(char *msg) @@ -30000,26 +29841,7 @@ index d52f895..499ef73 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1040,14 +1036,14 @@ static const struct machine_ops __initdata xen_machine_ops = { - */ - static void __init xen_setup_stackprotector(void) - { -- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot; -- pv_cpu_ops.load_gdt = xen_load_gdt_boot; -+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot; -+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt_boot; - - setup_stack_canary_segment(0); - switch_to_new_gdt(0); - -- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry; -- pv_cpu_ops.load_gdt = xen_load_gdt; -+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry; -+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt; - } - - /* First C function to be called on Xen boot */ -@@ -1062,22 +1058,22 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1062,10 +1058,10 @@ asmlinkage void __init xen_start_kernel(void) /* Install Xen paravirt ops */ pv_info = xen_info; @@ -30032,29 +29854,8 @@ index d52f895..499ef73 100644 + memcpy((void *)&pv_cpu_ops, &xen_cpu_ops, sizeof pv_cpu_ops); + memcpy((void *)&pv_apic_ops, &xen_apic_ops, sizeof pv_apic_ops); -- x86_init.resources.memory_setup = xen_memory_setup; -- x86_init.oem.arch_setup = xen_arch_setup; -- x86_init.oem.banner = xen_banner; -+ *(void **)&x86_init.resources.memory_setup = xen_memory_setup; -+ *(void **)&x86_init.oem.arch_setup = xen_arch_setup; -+ *(void **)&x86_init.oem.banner = xen_banner; - -- x86_init.timers.timer_init = xen_time_init; -- x86_init.timers.setup_percpu_clockev = x86_init_noop; -- x86_cpuinit.setup_percpu_clockev = x86_init_noop; -+ *(void **)&x86_init.timers.timer_init = xen_time_init; -+ *(void **)&x86_init.timers.setup_percpu_clockev = x86_init_noop; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = x86_init_noop; - -- x86_platform.calibrate_tsc = xen_tsc_khz; -- x86_platform.get_wallclock = xen_get_wallclock; -- x86_platform.set_wallclock = xen_set_wallclock; -+ *(void **)&x86_platform.calibrate_tsc = xen_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = xen_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = xen_set_wallclock; - - /* - * Set up some pagetable state before starting to set any ptes. + x86_init.resources.memory_setup = xen_memory_setup; + x86_init.oem.arch_setup = xen_arch_setup; @@ -1098,9 +1094,20 @@ asmlinkage void __init xen_start_kernel(void) */ __userpte_alloc_gfp &= ~__GFP_HIGHMEM; @@ -30094,19 +29895,8 @@ index d52f895..499ef73 100644 xen_smp_init(); -diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c -index 9d30105..6774081 100644 ---- a/arch/x86/xen/irq.c -+++ b/arch/x86/xen/irq.c -@@ -129,5 +129,5 @@ static const struct pv_irq_ops xen_irq_ops __initdata = { - void __init xen_init_irq_ops() - { - pv_irq_ops = xen_irq_ops; -- x86_init.irqs.intr_init = xen_init_IRQ; -+ *(void **)&x86_init.irqs.intr_init = xen_init_IRQ; - } diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 8f4452c..3dd48c4 100644 +index 8f4452c..38873e5 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1717,6 +1717,9 @@ __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, @@ -30147,17 +29937,6 @@ index 8f4452c..3dd48c4 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, -@@ -1963,8 +1972,8 @@ static const struct pv_mmu_ops xen_mmu_ops __initdata = { - - void __init xen_init_mmu_ops(void) - { -- x86_init.paging.pagetable_setup_start = xen_pagetable_setup_start; -- x86_init.paging.pagetable_setup_done = xen_pagetable_setup_done; -+ *(void **)&x86_init.paging.pagetable_setup_start = xen_pagetable_setup_start; -+ *(void **)&x86_init.paging.pagetable_setup_done = xen_pagetable_setup_done; - pv_mmu_ops = xen_mmu_ops; - } - diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c index ad0047f..cfec0c4 100644 --- a/arch/x86/xen/setup.c @@ -30235,34 +30014,11 @@ index a96204a..4d2ebba 100644 xen_fill_possible_map(); xen_init_spinlocks(); } -diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c -index 36a5141..4ef9c78 100644 ---- a/arch/x86/xen/spinlock.c -+++ b/arch/x86/xen/spinlock.c -@@ -372,12 +372,12 @@ void xen_uninit_lock_cpu(int cpu) - - void __init xen_init_spinlocks(void) - { -- pv_lock_ops.spin_is_locked = xen_spin_is_locked; -- pv_lock_ops.spin_is_contended = xen_spin_is_contended; -- pv_lock_ops.spin_lock = xen_spin_lock; -- pv_lock_ops.spin_lock_flags = xen_spin_lock_flags; -- pv_lock_ops.spin_trylock = xen_spin_trylock; -- pv_lock_ops.spin_unlock = xen_spin_unlock; -+ *(void **)&pv_lock_ops.spin_is_locked = xen_spin_is_locked; -+ *(void **)&pv_lock_ops.spin_is_contended = xen_spin_is_contended; -+ *(void **)&pv_lock_ops.spin_lock = xen_spin_lock; -+ *(void **)&pv_lock_ops.spin_lock_flags = xen_spin_lock_flags; -+ *(void **)&pv_lock_ops.spin_trylock = xen_spin_trylock; -+ *(void **)&pv_lock_ops.spin_unlock = xen_spin_unlock; - } - - #ifdef CONFIG_XEN_DEBUG_FS diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index 9a95a9c..4f39e774 100644 +index 9a95a9c..c457aa7 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S -@@ -83,14 +83,14 @@ ENTRY(xen_iret) +@@ -83,16 +83,16 @@ ENTRY(xen_iret) ESP_OFFSET=4 # bytes pushed onto stack /* @@ -30281,8 +30037,34 @@ index 9a95a9c..4f39e774 100644 + mov PER_CPU_VAR(xen_vcpu), %eax + pop %fs #else - movl per_cpu__xen_vcpu, %eax +- movl per_cpu__xen_vcpu, %eax ++ movl %ss:xen_vcpu, %eax #endif + + /* check IF state we're restoring */ +@@ -105,11 +105,11 @@ ENTRY(xen_iret) + * resuming the code, so we don't have to be worried about + * being preempted to another CPU. + */ +- setz XEN_vcpu_info_mask(%eax) ++ setz %ss:XEN_vcpu_info_mask(%eax) + xen_iret_start_crit: + + /* check for unmasked and pending */ +- cmpw $0x0001, XEN_vcpu_info_pending(%eax) ++ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) + + /* + * If there's something pending, mask events again so we can +@@ -117,7 +117,7 @@ xen_iret_start_crit: + * touch XEN_vcpu_info_mask. + */ + jne 1f +- movb $1, XEN_vcpu_info_mask(%eax) ++ movb $1, %ss:XEN_vcpu_info_mask(%eax) + + 1: popl %eax + diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index 1a5ff24..a187d40 100644 --- a/arch/x86/xen/xen-head.S @@ -30774,17 +30556,14 @@ index c216062..eec10d2 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c -index d0d25e2..961643d 100644 +index d0d25e2..94ecee0 100644 --- a/drivers/acpi/proc.c +++ b/drivers/acpi/proc.c -@@ -391,20 +391,15 @@ acpi_system_write_wakeup_device(struct file *file, - size_t count, loff_t * ppos) - { +@@ -393,17 +393,14 @@ acpi_system_write_wakeup_device(struct file *file, struct list_head *node, *next; -- char strbuf[5]; -- char str[5] = ""; + char strbuf[5]; + char str[5] = ""; - unsigned int len = count; -+ char strbuf[5] = {0}; struct acpi_device *found_dev = NULL; - if (len > 4) @@ -30798,20 +30577,10 @@ index d0d25e2..961643d 100644 + if (copy_from_user(strbuf, buffer, count)) return -EFAULT; - strbuf[len] = '\0'; -- sscanf(strbuf, "%s", str); + strbuf[count] = '\0'; + sscanf(strbuf, "%s", str); mutex_lock(&acpi_device_lock); - list_for_each_safe(node, next, &acpi_wakeup_device_list) { -@@ -413,7 +408,7 @@ acpi_system_write_wakeup_device(struct file *file, - if (!dev->wakeup.flags.valid) - continue; - -- if (!strncmp(dev->pnp.bus_id, str, 4)) { -+ if (!strncmp(dev->pnp.bus_id, strbuf, 4)) { - dev->wakeup.state.enabled = - dev->wakeup.state.enabled ? 0 : 1; - found_dev = dev; diff --git a/drivers/acpi/processor_core.c b/drivers/acpi/processor_core.c index 7102474..de8ad22 100644 --- a/drivers/acpi/processor_core.c @@ -45028,7 +44797,7 @@ index 97163f7..65574ff 100644 spinlock_t user_irq_lock; /** Refcount for i915_user_irq_get() versus i915_user_irq_put(). */ diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c -index 27a3074..eb3f959 100644 +index 27a3074..df81827 100644 --- a/drivers/gpu/drm/i915/i915_gem.c +++ b/drivers/gpu/drm/i915/i915_gem.c @@ -102,7 +102,7 @@ i915_gem_get_aperture_ioctl(struct drm_device *dev, void *data, @@ -45058,6 +44827,17 @@ index 27a3074..eb3f959 100644 /* Assert that the object is not currently in any GPU domain. As it * wasn't in the GTT, there shouldn't be any way it could have been in +@@ -3639,8 +3639,8 @@ i915_gem_execbuffer(struct drm_device *dev, void *data, + return -EINVAL; + } + /* Copy in the exec list from userland */ +- exec_list = drm_calloc_large(sizeof(*exec_list), args->buffer_count); +- object_list = drm_calloc_large(sizeof(*object_list), args->buffer_count); ++ exec_list = drm_calloc_large(args->buffer_count, sizeof(*exec_list)); ++ object_list = drm_calloc_large(args->buffer_count, sizeof(*object_list)); + if (exec_list == NULL || object_list == NULL) { + DRM_ERROR("Failed to allocate exec or object list " + "for %d buffers\n", @@ -3755,9 +3755,9 @@ i915_gem_execbuffer(struct drm_device *dev, void *data, "%d/%d gtt bytes\n", atomic_read(&dev->object_count), @@ -48650,36 +48430,20 @@ index 9c1d3ac..b1b49e9 100644 tmComResInfo_t tRsp = { 0, 0, 0, 0, 0, 0 }; diff --git a/drivers/media/video/usbvideo/ibmcam.c b/drivers/media/video/usbvideo/ibmcam.c -index b085496..cde0270 100644 +index b085496..527b519 100644 --- a/drivers/media/video/usbvideo/ibmcam.c +++ b/drivers/media/video/usbvideo/ibmcam.c -@@ -3947,15 +3947,15 @@ static struct usb_device_id id_table[] = { +@@ -3947,7 +3947,7 @@ static struct usb_device_id id_table[] = { static int __init ibmcam_init(void) { struct usbvideo_cb cbTbl; - memset(&cbTbl, 0, sizeof(cbTbl)); -- cbTbl.probe = ibmcam_probe; -- cbTbl.setupOnOpen = ibmcam_setup_on_open; -- cbTbl.videoStart = ibmcam_video_start; -- cbTbl.videoStop = ibmcam_video_stop; -- cbTbl.processData = ibmcam_ProcessIsocData; -- cbTbl.postProcess = usbvideo_DeinterlaceFrame; -- cbTbl.adjustPicture = ibmcam_adjust_picture; -- cbTbl.getFPS = ibmcam_calculate_fps; + memset((void *)&cbTbl, 0, sizeof(cbTbl)); -+ *(void **)&cbTbl.probe = ibmcam_probe; -+ *(void **)&cbTbl.setupOnOpen = ibmcam_setup_on_open; -+ *(void **)&cbTbl.videoStart = ibmcam_video_start; -+ *(void **)&cbTbl.videoStop = ibmcam_video_stop; -+ *(void **)&cbTbl.processData = ibmcam_ProcessIsocData; -+ *(void **)&cbTbl.postProcess = usbvideo_DeinterlaceFrame; -+ *(void **)&cbTbl.adjustPicture = ibmcam_adjust_picture; -+ *(void **)&cbTbl.getFPS = ibmcam_calculate_fps; - return usbvideo_register( - &cams, - MAX_IBMCAM, + cbTbl.probe = ibmcam_probe; + cbTbl.setupOnOpen = ibmcam_setup_on_open; + cbTbl.videoStart = ibmcam_video_start; diff --git a/drivers/media/video/usbvideo/konicawc.c b/drivers/media/video/usbvideo/konicawc.c -index 31d57f2..600b735 100644 +index 31d57f2..aa5085d 100644 --- a/drivers/media/video/usbvideo/konicawc.c +++ b/drivers/media/video/usbvideo/konicawc.c @@ -225,7 +225,7 @@ static void konicawc_register_input(struct konicawc *cam, struct usb_device *dev @@ -48691,33 +48455,15 @@ index 31d57f2..600b735 100644 cam->input = input_dev = input_allocate_device(); if (!input_dev) { -@@ -935,16 +935,16 @@ static int __init konicawc_init(void) +@@ -935,7 +935,7 @@ static int __init konicawc_init(void) struct usbvideo_cb cbTbl; printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ":" DRIVER_DESC "\n"); - memset(&cbTbl, 0, sizeof(cbTbl)); -- cbTbl.probe = konicawc_probe; -- cbTbl.setupOnOpen = konicawc_setup_on_open; -- cbTbl.processData = konicawc_process_isoc; -- cbTbl.getFPS = konicawc_calculate_fps; -- cbTbl.setVideoMode = konicawc_set_video_mode; -- cbTbl.startDataPump = konicawc_start_data; -- cbTbl.stopDataPump = konicawc_stop_data; -- cbTbl.adjustPicture = konicawc_adjust_picture; -- cbTbl.userFree = konicawc_free_uvd; + memset((void * )&cbTbl, 0, sizeof(cbTbl)); -+ *(void **)&cbTbl.probe = konicawc_probe; -+ *(void **)&cbTbl.setupOnOpen = konicawc_setup_on_open; -+ *(void **)&cbTbl.processData = konicawc_process_isoc; -+ *(void **)&cbTbl.getFPS = konicawc_calculate_fps; -+ *(void **)&cbTbl.setVideoMode = konicawc_set_video_mode; -+ *(void **)&cbTbl.startDataPump = konicawc_start_data; -+ *(void **)&cbTbl.stopDataPump = konicawc_stop_data; -+ *(void **)&cbTbl.adjustPicture = konicawc_adjust_picture; -+ *(void **)&cbTbl.userFree = konicawc_free_uvd; - return usbvideo_register( - &cams, - MAX_CAMERAS, + cbTbl.probe = konicawc_probe; + cbTbl.setupOnOpen = konicawc_setup_on_open; + cbTbl.processData = konicawc_process_isoc; diff --git a/drivers/media/video/usbvideo/quickcam_messenger.c b/drivers/media/video/usbvideo/quickcam_messenger.c index 803d3e4..c4d1b96 100644 --- a/drivers/media/video/usbvideo/quickcam_messenger.c @@ -48731,58 +48477,19 @@ index 803d3e4..c4d1b96 100644 cam->input = input_dev = input_allocate_device(); if (!input_dev) { -diff --git a/drivers/media/video/usbvideo/ultracam.c b/drivers/media/video/usbvideo/ultracam.c -index fbd1b63..292f9f0 100644 ---- a/drivers/media/video/usbvideo/ultracam.c -+++ b/drivers/media/video/usbvideo/ultracam.c -@@ -655,14 +655,14 @@ static int __init ultracam_init(void) - { - struct usbvideo_cb cbTbl; - memset(&cbTbl, 0, sizeof(cbTbl)); -- cbTbl.probe = ultracam_probe; -- cbTbl.setupOnOpen = ultracam_setup_on_open; -- cbTbl.videoStart = ultracam_video_start; -- cbTbl.videoStop = ultracam_video_stop; -- cbTbl.processData = ultracam_ProcessIsocData; -- cbTbl.postProcess = usbvideo_DeinterlaceFrame; -- cbTbl.adjustPicture = ultracam_adjust_picture; -- cbTbl.getFPS = ultracam_calculate_fps; -+ *(void **)&cbTbl.probe = ultracam_probe; -+ *(void **)&cbTbl.setupOnOpen = ultracam_setup_on_open; -+ *(void **)&cbTbl.videoStart = ultracam_video_start; -+ *(void **)&cbTbl.videoStop = ultracam_video_stop; -+ *(void **)&cbTbl.processData = ultracam_ProcessIsocData; -+ *(void **)&cbTbl.postProcess = usbvideo_DeinterlaceFrame; -+ *(void **)&cbTbl.adjustPicture = ultracam_adjust_picture; -+ *(void **)&cbTbl.getFPS = ultracam_calculate_fps; - return usbvideo_register( - &cams, - MAX_CAMERAS, diff --git a/drivers/media/video/usbvideo/usbvideo.c b/drivers/media/video/usbvideo/usbvideo.c -index dea8b32..34f6878 100644 +index dea8b32..9c02650 100644 --- a/drivers/media/video/usbvideo/usbvideo.c +++ b/drivers/media/video/usbvideo/usbvideo.c -@@ -697,15 +697,15 @@ int usbvideo_register( +@@ -697,7 +697,7 @@ int usbvideo_register( __func__, cams, base_size, num_cams); /* Copy callbacks, apply defaults for those that are not set */ - memmove(&cams->cb, cbTbl, sizeof(cams->cb)); + memmove((void *)&cams->cb, cbTbl, sizeof(cams->cb)); if (cams->cb.getFrame == NULL) -- cams->cb.getFrame = usbvideo_GetFrame; -+ *(void **)&cams->cb.getFrame = usbvideo_GetFrame; + cams->cb.getFrame = usbvideo_GetFrame; if (cams->cb.disconnect == NULL) -- cams->cb.disconnect = usbvideo_Disconnect; -+ *(void **)&cams->cb.disconnect = usbvideo_Disconnect; - if (cams->cb.startDataPump == NULL) -- cams->cb.startDataPump = usbvideo_StartDataPump; -+ *(void **)&cams->cb.startDataPump = usbvideo_StartDataPump; - if (cams->cb.stopDataPump == NULL) -- cams->cb.stopDataPump = usbvideo_StopDataPump; -+ *(void **)&cams->cb.stopDataPump = usbvideo_StopDataPump; - - cams->num_cameras = num_cams; - cams->cam = (struct uvd *) &cams[1]; diff --git a/drivers/media/video/usbvideo/usbvideo.h b/drivers/media/video/usbvideo/usbvideo.h index c66985b..7fa143a 100644 --- a/drivers/media/video/usbvideo/usbvideo.h @@ -62708,6 +62415,20 @@ index 2490aa3..185d647 100644 .kind = "macvlan", .priv_size = sizeof(struct macvlan_dev), .get_tx_queues = macvlan_get_tx_queues, +diff --git a/drivers/net/mlx4/eq.c b/drivers/net/mlx4/eq.c +index bffb799..20374f5 100644 +--- a/drivers/net/mlx4/eq.c ++++ b/drivers/net/mlx4/eq.c +@@ -552,8 +552,7 @@ int mlx4_init_eq_table(struct mlx4_dev *dev) + int err; + int i; + +- priv->eq_table.uar_map = kcalloc(sizeof *priv->eq_table.uar_map, +- mlx4_num_eq_uar(dev), GFP_KERNEL); ++ priv->eq_table.uar_map = kcalloc(mlx4_num_eq_uar(dev), sizeof *priv->eq_table.uar_map, GFP_KERNEL); + if (!priv->eq_table.uar_map) { + err = -ENOMEM; + goto err_out_free; diff --git a/drivers/net/mlx4/main.c b/drivers/net/mlx4/main.c index 291a505..2543756 100644 --- a/drivers/net/mlx4/main.c @@ -63691,7 +63412,7 @@ index f450bc9..2b747c8 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c -index 07f69ee..32a818f 100644 +index 07f69ee..57fc4c7 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -331,6 +331,12 @@ static void rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) @@ -63701,7 +63422,7 @@ index 07f69ee..32a818f 100644 + /* prevent rx skb allocation when error ratio is high */ + if (test_bit(EVENT_RX_KILL, &dev->flags)) { + usb_free_urb(urb); -+ return -ENOLINK; ++ return; + } + if ((skb = alloc_skb (size + NET_IP_ALIGN, flags)) == NULL) { @@ -63716,7 +63437,7 @@ index 07f69ee..32a818f 100644 + dev->pkt_cnt = 0; + dev->pkt_err = 0; + } else { -+ if (state == rx_cleanup) ++ if (entry->state == rx_cleanup) + dev->pkt_err++; + if (dev->pkt_err > 20) + set_bit(EVENT_RX_KILL, &dev->flags); @@ -77699,7 +77420,7 @@ index ff57421..f65f88a 100644 out_free_fd: diff --git a/fs/exec.c b/fs/exec.c -index 86fafc6..c1f24b5 100644 +index 86fafc6..0f75c42 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,12 +56,34 @@ @@ -78437,7 +78158,7 @@ index 86fafc6..c1f24b5 100644 +} +#endif + -+void check_object_size(const void *ptr, unsigned long n, bool to) ++void __check_object_size(const void *ptr, unsigned long n, bool to) +{ + +#ifdef CONFIG_PAX_USERCOPY @@ -78457,7 +78178,7 @@ index 86fafc6..c1f24b5 100644 +#endif + +} -+EXPORT_SYMBOL(check_object_size); ++EXPORT_SYMBOL(__check_object_size); + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +void pax_track_stack(void) @@ -80453,6 +80174,19 @@ index b359543..d212be4 100644 { if (!IS_ERR(link)) free_page((unsigned long) link); +diff --git a/fs/gfs2/dir.c b/fs/gfs2/dir.c +index 0bb3129..6904644 100644 +--- a/fs/gfs2/dir.c ++++ b/fs/gfs2/dir.c +@@ -1095,7 +1095,7 @@ static int dir_double_exhash(struct gfs2_inode *dip) + + /* Allocate both the "from" and "to" buffers in one big chunk */ + +- buf = kcalloc(3, sdp->sd_hash_bsize, GFP_NOFS | __GFP_NOFAIL); ++ buf = kcalloc(sdp->sd_hash_bsize, 3, GFP_NOFS | __GFP_NOFAIL); + + for (block = dip->i_disksize >> sdp->sd_hash_bsize_shift; block--;) { + error = gfs2_dir_read_data(dip, (char *)buf, diff --git a/fs/gfs2/ops_inode.c b/fs/gfs2/ops_inode.c index 247436c..e650ccb 100644 --- a/fs/gfs2/ops_inode.c @@ -80590,10 +80324,48 @@ index 43022f3..7298079 100644 if (!sbi) return -ENOMEM; diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 2179de8..80c3284 100644 +index 2179de8..d1993f6 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -897,7 +897,7 @@ static struct file_system_type hugetlbfs_fs_type = { +@@ -146,6 +146,10 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (addr) { + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); +@@ -157,7 +161,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + start_addr = mm->free_area_cache; + + if (len <= mm->cached_hole_size) +- start_addr = TASK_UNMAPPED_BASE; ++ start_addr = mm->mmap_base; + + full_search: + addr = ALIGN(start_addr, huge_page_size(h)); +@@ -169,14 +173,14 @@ full_search: + * Start a new search - just in case we missed + * some holes. + */ +- if (start_addr != TASK_UNMAPPED_BASE) { +- start_addr = TASK_UNMAPPED_BASE; ++ if (start_addr != mm->mmap_base) { ++ start_addr = mm->mmap_base; + goto full_search; + } + return -ENOMEM; + } + +- if (!vma || addr + len <= vma->vm_start) ++ if (check_heap_stack_gap(vma, addr, len)) + return addr; + addr = ALIGN(vma->vm_end, huge_page_size(h)); + } +@@ -897,7 +901,7 @@ static struct file_system_type hugetlbfs_fs_type = { .kill_sb = kill_litter_super, }; @@ -80887,22 +80659,6 @@ index fde92d1..6256b88 100644 } lock_kernel(); -diff --git a/fs/mbcache.c b/fs/mbcache.c -index ec88ff3..b843a82 100644 ---- a/fs/mbcache.c -+++ b/fs/mbcache.c -@@ -266,9 +266,9 @@ mb_cache_create(const char *name, struct mb_cache_op *cache_op, - if (!cache) - goto fail; - cache->c_name = name; -- cache->c_op.free = NULL; -+ *(void **)&cache->c_op.free = NULL; - if (cache_op) -- cache->c_op.free = cache_op->free; -+ *(void **)&cache->c_op.free = cache_op->free; - atomic_set(&cache->c_entry_count, 0); - cache->c_bucket_bits = bucket_bits; - #ifdef MB_CACHE_INDEXES_COUNT diff --git a/fs/namei.c b/fs/namei.c index b0afbd4..2b96439 100644 --- a/fs/namei.c @@ -98337,7 +98093,7 @@ index 21a6f5d..7c7d19f 100644 .files = &init_files, \ .signal = &init_signals, \ diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index c739150..be577b5 100644 +index c739150..ab83f58 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -369,7 +369,7 @@ enum @@ -98354,8 +98110,9 @@ index c739150..be577b5 100644 struct softirq_action { - void (*action)(struct softirq_action *); +-}; + void (*action)(void); - }; ++} __no_const; asmlinkage void do_softirq(void); asmlinkage void __do_softirq(void); @@ -99592,7 +99349,7 @@ index 14a86bc..17d0700 100644 /* * CONFIG_RELAY kernel API, kernel/relay.c diff --git a/include/linux/sched.h b/include/linux/sched.h -index 71849bf..a612150 100644 +index 71849bf..9dc8027 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio; @@ -99758,7 +99515,7 @@ index 71849bf..a612150 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored adress in ret_stack */ int curr_ret_stack; -@@ -1542,6 +1598,57 @@ struct task_struct { +@@ -1542,6 +1598,56 @@ struct task_struct { #endif /* CONFIG_TRACING */ }; @@ -99805,7 +99562,6 @@ index 71849bf..a612150 100644 +extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_refcount_overflow(struct pt_regs *regs); -+extern void check_object_size(const void *ptr, unsigned long n, bool to); + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +extern void pax_track_stack(void); @@ -99816,7 +99572,7 @@ index 71849bf..a612150 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed) -@@ -1740,7 +1847,7 @@ extern void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t * +@@ -1740,7 +1846,7 @@ extern void thread_group_times(struct task_struct *p, cputime_t *ut, cputime_t * #define PF_DUMPCORE 0x00000200 /* dumped core */ #define PF_SIGNALED 0x00000400 /* killed by a signal */ #define PF_MEMALLOC 0x00000800 /* Allocating memory */ @@ -99825,7 +99581,7 @@ index 71849bf..a612150 100644 #define PF_USED_MATH 0x00002000 /* if unset the fpu must be initialized before use */ #define PF_FREEZING 0x00004000 /* freeze in progress. do not account to load */ #define PF_NOFREEZE 0x00008000 /* this thread should not be frozen */ -@@ -1978,7 +2085,9 @@ void yield(void); +@@ -1978,7 +2084,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -99835,7 +99591,7 @@ index 71849bf..a612150 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2011,6 +2120,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2011,6 +2119,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -99843,7 +99599,7 @@ index 71849bf..a612150 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2155,7 +2265,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2155,7 +2264,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -99852,7 +99608,7 @@ index 71849bf..a612150 100644 extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2284,9 +2394,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2284,9 +2393,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -99864,7 +99620,7 @@ index 71849bf..a612150 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } -@@ -2459,7 +2569,16 @@ static inline void thread_group_cputime_free(struct signal_struct *sig) +@@ -2459,7 +2568,16 @@ static inline void thread_group_cputime_free(struct signal_struct *sig) extern void recalc_sigpending_and_wake(struct task_struct *t); extern void recalc_sigpending(void); @@ -99882,7 +99638,7 @@ index 71849bf..a612150 100644 /* * Wrappers for p->thread_info->cpu access. No-op on UP. -@@ -2616,6 +2735,23 @@ static inline unsigned long rlimit_max(unsigned int limit) +@@ -2616,6 +2734,23 @@ static inline unsigned long rlimit_max(unsigned int limit) return task_rlimit_max(current, limit); } @@ -99921,7 +99677,7 @@ index 1ee2c05..81b7ec4 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index d40d23f..d739b08 100644 +index d40d23f..7bef69e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -34,6 +34,7 @@ @@ -99958,7 +99714,14 @@ index d40d23f..d739b08 100644 int (*settime) (struct timespec *ts, struct timezone *tz); int (*vm_enough_memory) (struct mm_struct *mm, long pages); -@@ -1740,7 +1742,7 @@ int security_acct(struct file *file); +@@ -1734,13 +1736,14 @@ int security_capset(struct cred *new, const struct cred *old, + const kernel_cap_t *inheritable, + const kernel_cap_t *permitted); + int security_capable(int cap); ++int security_capable_noaudit(int cap); + int security_real_capable(struct task_struct *tsk, int cap); + int security_real_capable_noaudit(struct task_struct *tsk, int cap); + int security_acct(struct file *file); int security_sysctl(struct ctl_table *table, int op); int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); @@ -99967,7 +99730,19 @@ index d40d23f..d739b08 100644 int security_settime(struct timespec *ts, struct timezone *tz); int security_vm_enough_memory(long pages); int security_vm_enough_memory_mm(struct mm_struct *mm, long pages); -@@ -1986,9 +1988,9 @@ static inline int security_quota_on(struct dentry *dentry) +@@ -1943,6 +1946,11 @@ static inline int security_capable(int cap) + return cap_capable(current, current_cred(), cap, SECURITY_CAP_AUDIT); + } + ++static inline int security_capable_noaudit(int cap) ++{ ++ return cap_capable(current, current_cred(), cap, SECURITY_CAP_NOAUDIT); ++} ++ + static inline int security_real_capable(struct task_struct *tsk, int cap) + { + int ret; +@@ -1986,9 +1994,9 @@ static inline int security_quota_on(struct dentry *dentry) return 0; } @@ -100106,7 +99881,7 @@ index 4e647bb..23b3911 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 2da8372..45c2b89 100644 +index 2da8372..740c52f 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -100156,7 +99931,26 @@ index 2da8372..45c2b89 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -263,7 +276,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -217,8 +230,18 @@ size_t ksize(const void *); + * for general use, and so are not documented here. For a full list of + * potential flags, always refer to linux/gfp.h. + */ ++ ++extern void kcalloc_error(void) ++#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) ++__compiletime_warning("kcalloc called with swapped arguments?"); ++#else ++__compiletime_error("kcalloc called with swapped arguments?"); ++#endif ++ + static inline void *kcalloc(size_t n, size_t size, gfp_t flags) + { ++ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) ++ kcalloc_error(); + if (size != 0 && n > ULONG_MAX / size) + return NULL; + return __kmalloc(n * size, flags | __GFP_ZERO); +@@ -263,7 +286,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, * request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -100165,7 +99959,7 @@ index 2da8372..45c2b89 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -281,7 +294,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -281,7 +304,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); * allocation request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -100663,7 +100457,7 @@ index 99adcdc..09207eb 100644 #ifdef CONFIG_MAGIC_SYSRQ diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h -index a8cc4e1..98d3b85 100644 +index a8cc4e1..6708eb2 100644 --- a/include/linux/thread_info.h +++ b/include/linux/thread_info.h @@ -23,7 +23,7 @@ struct restart_block { @@ -100675,6 +100469,20 @@ index a8cc4e1..98d3b85 100644 u32 val; u32 flags; u32 bitset; +@@ -126,6 +126,13 @@ static inline void set_restore_sigmask(void) + } + #endif /* TIF_RESTORE_SIGMASK && !HAVE_SET_RESTORE_SIGMASK */ + ++extern void __check_object_size(const void *ptr, unsigned long n, bool to); ++static inline void check_object_size(const void *ptr, unsigned long n, bool to) ++{ ++ if (!__builtin_constant_p(n)) ++ __check_object_size(ptr, n, to); ++} ++ + #endif /* __KERNEL__ */ + + #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tracehook.h b/include/linux/tracehook.h index 1eb44a9..77ac9f4 100644 --- a/include/linux/tracehook.h @@ -102540,7 +102348,7 @@ index 267e484..ac41bc3 100644 if (context && context->in_syscall) { diff --git a/kernel/capability.c b/kernel/capability.c -index 8a944f5..eed9491 100644 +index 8a944f5..7c9e099 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -254,7 +254,7 @@ SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t, data) @@ -102567,11 +102375,11 @@ index 8a944f5..eed9491 100644 +int capable_nolog(int cap) +{ + if (unlikely(!cap_valid(cap))) { -+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap); ++ printk(KERN_CRIT "capable_nolog() called with invalid cap=%u\n", cap); + BUG(); + } + -+ if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) { ++ if (security_capable_noaudit(cap) == 0 && gr_is_capable_nolog(cap)) { + current->flags |= PF_SUPERPRIV; + return 1; + } @@ -104260,7 +104068,7 @@ index d4aba4f..0bb4763 100644 seq_printf(m, "%40s %14lu %29s %s\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 4b270e6..ca3d254 100644 +index 4b270e6..6e0aa89 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -55,6 +55,7 @@ @@ -104608,7 +104416,7 @@ index 4b270e6..ca3d254 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2274,23 +2341,47 @@ static noinline struct module *load_module(void __user *umod, +@@ -2274,10 +2341,10 @@ static noinline struct module *load_module(void __user *umod, err = -ENOMEM; goto free_percpu; } @@ -104622,12 +104430,11 @@ index 4b270e6..ca3d254 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be - * scanned as it contains data and code that will be freed +@@ -2285,12 +2352,36 @@ static noinline struct module *load_module(void __user *umod, * after the module is initialized. */ -- kmemleak_ignore(ptr); + kmemleak_ignore(ptr); - if (!ptr && mod->init_size) { -+ kmemleak_not_leak(ptr); + if (!ptr && mod->init_size_rw) { err = -ENOMEM; - goto free_core; @@ -104651,7 +104458,7 @@ index 4b270e6..ca3d254 100644 + mod->module_core_rx = ptr; + + ptr = module_alloc_update_bounds_rx(mod->init_size_rx); -+ kmemleak_not_leak(ptr); ++ kmemleak_ignore(ptr); + if (!ptr && mod->init_size_rx) { + err = -ENOMEM; + goto free_core_rx; @@ -106920,10 +106727,15 @@ index aa9cff3..631a0de 100644 spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 04a0252..580c512 100644 +index 04a0252..4ee2bbb 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c -@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp +@@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; + EXPORT_SYMBOL(irq_stat); + #endif + +-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; ++static struct softirq_action softirq_vec[NR_SOFTIRQS] __read_only __aligned(PAGE_SIZE); static DEFINE_PER_CPU(struct task_struct *, ksoftirqd); @@ -106950,21 +106762,16 @@ index 04a0252..580c512 100644 trace_softirq_exit(h, softirq_vec); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %td %s %p" -@@ -363,9 +363,11 @@ void raise_softirq(unsigned int nr) +@@ -363,7 +363,7 @@ void raise_softirq(unsigned int nr) local_irq_restore(flags); } -void open_softirq(int nr, void (*action)(struct softirq_action *)) +void open_softirq(int nr, void (*action)(void)) { -- softirq_vec[nr].action = action; -+ pax_open_kernel(); -+ *(void **)&softirq_vec[nr].action = action; -+ pax_close_kernel(); + softirq_vec[nr].action = action; } - - /* -@@ -419,7 +421,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -419,7 +419,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -106973,7 +106780,7 @@ index 04a0252..580c512 100644 { struct tasklet_struct *list; -@@ -454,7 +456,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -454,7 +454,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -108073,7 +107880,7 @@ index a2a2d1f..7f32b09 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index d128f65..f37b4af 100644 +index d128f65..4ab26e4 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -951,13 +951,10 @@ static LIST_HEAD(ftrace_module_file_list); @@ -108107,10 +107914,10 @@ index d128f65..f37b4af 100644 - file_ops->format = ftrace_event_format_fops; - file_ops->format.owner = mod; + pax_open_kernel(); -+ *(void **)&mod->trace_id.owner = mod; -+ *(void **)&mod->trace_enable.owner = mod; -+ *(void **)&mod->trace_filter.owner = mod; -+ *(void **)&mod->trace_format.owner = mod; ++ mod->trace_id.owner = mod; ++ mod->trace_enable.owner = mod; ++ mod->trace_filter.owner = mod; ++ mod->trace_format.owner = mod; + pax_close_kernel(); list_add(&file_ops->list, &ftrace_module_file_list); @@ -113864,38 +113671,18 @@ index 9601587..8c4824e 100644 if (!fle->object || fle->genid == genid) continue; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 9d70042..ef608bd 100644 +index 9d70042..9adcdc5 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c -@@ -160,11 +160,13 @@ int __rtnl_register(int protocol, int msgtype, - rtnl_msg_handlers[protocol] = tab; - } - -+ pax_open_kernel(); - if (doit) -- tab[msgindex].doit = doit; -+ *(void **)&tab[msgindex].doit = doit; - - if (dumpit) -- tab[msgindex].dumpit = dumpit; -+ *(void **)&tab[msgindex].dumpit = dumpit; -+ pax_close_kernel(); - - return 0; - } -@@ -208,8 +210,10 @@ int rtnl_unregister(int protocol, int msgtype) - if (rtnl_msg_handlers[protocol] == NULL) - return -ENOENT; +@@ -57,7 +57,7 @@ struct rtnl_link + { + rtnl_doit_func doit; + rtnl_dumpit_func dumpit; +-}; ++} __no_const; -- rtnl_msg_handlers[protocol][msgindex].doit = NULL; -- rtnl_msg_handlers[protocol][msgindex].dumpit = NULL; -+ pax_open_kernel(); -+ *(void **)&rtnl_msg_handlers[protocol][msgindex].doit = NULL; -+ *(void **)&rtnl_msg_handlers[protocol][msgindex].dumpit = NULL; -+ pax_close_kernel(); + static DEFINE_MUTEX(rtnl_mutex); - return 0; - } diff --git a/net/core/scm.c b/net/core/scm.c index d98eafc..1a190a9 100644 --- a/net/core/scm.c @@ -116944,7 +116731,7 @@ index 7043b29..06edcdf 100644 /* diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c -index 74697b2..10f9b77 100644 +index 74697b2..5006c23 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -88,11 +88,11 @@ static int rxrpc_instantiate_xdr_rxkad(struct key *key, const __be32 *xdr, @@ -116961,6 +116748,24 @@ index 74697b2..10f9b77 100644 if (!token->kad) { kfree(token); return -ENOMEM; +@@ -212,7 +212,7 @@ static int rxrpc_krb5_decode_principal(struct krb5_principal *princ, + if (toklen <= (n_parts + 1) * 4) + return -EINVAL; + +- princ->name_parts = kcalloc(sizeof(char *), n_parts, GFP_KERNEL); ++ princ->name_parts = kcalloc(n_parts, sizeof(char *), GFP_KERNEL); + if (!princ->name_parts) + return -ENOMEM; + +@@ -336,7 +336,7 @@ static int rxrpc_krb5_decode_tagged_array(struct krb5_tagged_data **_td, + + _debug("n_elem %d", n_elem); + +- td = kcalloc(sizeof(struct krb5_tagged_data), n_elem, ++ td = kcalloc(n_elem, sizeof(struct krb5_tagged_data), + GFP_KERNEL); + if (!td) + return -ENOMEM; @@ -730,10 +730,10 @@ static int rxrpc_instantiate(struct key *key, const void *data, size_t datalen) goto error; @@ -118489,7 +118294,7 @@ index d52f7a0..b66cdd9 100755 rm -f tags xtags ctags diff --git a/security/Kconfig b/security/Kconfig -index fb363cd..9fc4cfa 100644 +index fb363cd..55a557a 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,896 @@ @@ -119068,7 +118873,7 @@ index fb363cd..9fc4cfa 100644 +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on X86 && (!X86_32 || X86_WP_WORKS_OK) && !XEN ++ depends on X86 && !XEN && (!X86_32 || X86_WP_WORKS_OK) + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + select PAX_KERNEXEC_PLUGIN if X86_64 + help @@ -119651,7 +119456,7 @@ index 2f7ffa6..0455400 100644 }; diff --git a/security/security.c b/security/security.c -index c4c6732..7abf13b 100644 +index c4c6732..bc63d84 100644 --- a/security/security.c +++ b/security/security.c @@ -24,7 +24,7 @@ static __initdata char chosen_lsm[SECURITY_NAME_MAX + 1]; @@ -119672,7 +119477,20 @@ index c4c6732..7abf13b 100644 { if (verify(ops)) { printk(KERN_DEBUG "%s could not verify " -@@ -199,9 +199,9 @@ int security_quota_on(struct dentry *dentry) +@@ -157,6 +157,12 @@ int security_capable(int cap) + SECURITY_CAP_AUDIT); + } + ++int security_capable_noaudit(int cap) ++{ ++ return security_ops->capable(current, current_cred(), cap, ++ SECURITY_CAP_AUDIT); ++} ++ + int security_real_capable(struct task_struct *tsk, int cap) + { + const struct cred *cred; +@@ -199,9 +205,9 @@ int security_quota_on(struct dentry *dentry) return security_ops->quota_on(dentry); } @@ -120591,53 +120409,10 @@ index 0a1b2f6..d999b21 100644 if (playback) snd_pcm_set_ops(pcm, SNDRV_PCM_STREAM_PLAYBACK, &soc_pcm_ops); diff --git a/sound/usb/usbaudio.c b/sound/usb/usbaudio.c -index 79633ea..9732e90 100644 +index 79633ea..e92baee 100644 --- a/sound/usb/usbaudio.c +++ b/sound/usb/usbaudio.c -@@ -963,12 +963,12 @@ static int snd_usb_pcm_playback_trigger(struct snd_pcm_substream *substream, - switch (cmd) { - case SNDRV_PCM_TRIGGER_START: - case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: -- subs->ops.prepare = prepare_playback_urb; -+ *(void **)&subs->ops.prepare = prepare_playback_urb; - return 0; - case SNDRV_PCM_TRIGGER_STOP: - return deactivate_urbs(subs, 0, 0); - case SNDRV_PCM_TRIGGER_PAUSE_PUSH: -- subs->ops.prepare = prepare_nodata_playback_urb; -+ *(void **)&subs->ops.prepare = prepare_nodata_playback_urb; - return 0; - default: - return -EINVAL; -@@ -985,15 +985,15 @@ static int snd_usb_pcm_capture_trigger(struct snd_pcm_substream *substream, - - switch (cmd) { - case SNDRV_PCM_TRIGGER_START: -- subs->ops.retire = retire_capture_urb; -+ *(void **)&subs->ops.retire = retire_capture_urb; - return start_urbs(subs, substream->runtime); - case SNDRV_PCM_TRIGGER_STOP: - return deactivate_urbs(subs, 0, 0); - case SNDRV_PCM_TRIGGER_PAUSE_PUSH: -- subs->ops.retire = retire_paused_capture_urb; -+ *(void **)&subs->ops.retire = retire_paused_capture_urb; - return 0; - case SNDRV_PCM_TRIGGER_PAUSE_RELEASE: -- subs->ops.retire = retire_capture_urb; -+ *(void **)&subs->ops.retire = retire_capture_urb; - return 0; - default: - return -EINVAL; -@@ -1542,7 +1542,7 @@ static int snd_usb_pcm_prepare(struct snd_pcm_substream *substream) - /* for playback, submit the URBs now; otherwise, the first hwptr_done - * updates for all URBs would happen at the same time when starting */ - if (subs->direction == SNDRV_PCM_STREAM_PLAYBACK) { -- subs->ops.prepare = prepare_nodata_playback_urb; -+ *(void **)&subs->ops.prepare = prepare_nodata_playback_urb; - return start_urbs(subs, runtime); - } else - return 0; -@@ -2228,14 +2228,14 @@ static void init_substream(struct snd_usb_stream *as, int stream, struct audiofo +@@ -2228,9 +2228,9 @@ static void init_substream(struct snd_usb_stream *as, int stream, struct audiofo subs->direction = stream; subs->dev = as->chip->dev; if (snd_usb_get_speed(subs->dev) == USB_SPEED_FULL) { @@ -120649,12 +120424,6 @@ index 79633ea..9732e90 100644 switch (as->chip->usb_id) { case USB_ID(0x041e, 0x3f02): /* E-Mu 0202 USB */ case USB_ID(0x041e, 0x3f04): /* E-Mu 0404 USB */ - case USB_ID(0x041e, 0x3f0a): /* E-Mu Tracker Pre */ -- subs->ops.retire_sync = retire_playback_sync_urb_hs_emu; -+ *(void **)&subs->ops.retire_sync = retire_playback_sync_urb_hs_emu; - break; - } - } diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore new file mode 100644 index 0000000..50f2f2f @@ -120890,12 +120659,12 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c new file mode 100644 -index 0000000..846aeb0 +index 0000000..414fe5e --- /dev/null +++ b/tools/gcc/colorize_plugin.c -@@ -0,0 +1,148 @@ +@@ -0,0 +1,151 @@ +/* -+ * Copyright 2012 by PaX Team <pageexec@freemail.hu> ++ * Copyright 2012-2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -120924,7 +120693,7 @@ index 0000000..846aeb0 +int plugin_is_GPL_compatible; + +static struct plugin_info colorize_plugin_info = { -+ .version = "201203092200", ++ .version = "201302112000", + .help = NULL, +}; + @@ -121003,6 +120772,9 @@ index 0000000..846aeb0 + .pass = { + .type = SIMPLE_IPA_PASS, + .name = "colorize_rearm", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = execute_colorize_rearm, + .sub = NULL, @@ -121044,10 +120816,10 @@ index 0000000..846aeb0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..1742271 +index 0000000..c415c9d --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,349 @@ +@@ -0,0 +1,359 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu> @@ -121088,7 +120860,7 @@ index 0000000..1742271 +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201301150230", ++ .version = "201302112000", + .help = "no-constify\tturn off constification\n", +}; + @@ -121310,16 +121082,23 @@ index 0000000..1742271 +{ + unsigned int ret = 0; + tree var; -+ referenced_var_iterator rvi; + +#if BUILDING_GCC_VERSION == 4005 -+ FOR_EACH_REFERENCED_VAR(var, rvi) { ++ tree vars; +#else -+ FOR_EACH_REFERENCED_VAR(cfun, var, rvi) { ++ unsigned int i; ++#endif ++ ++#if BUILDING_GCC_VERSION == 4005 ++ for (vars = cfun->local_decls; vars; vars = TREE_CHAIN(vars)) { ++ var = TREE_VALUE(vars); ++#else ++ FOR_EACH_LOCAL_DECL(cfun, i, var) { +#endif + tree type = TREE_TYPE(var); + -+ if (!DECL_P(var) || TREE_STATIC(var) || DECL_EXTERNAL(var)) ++ gcc_assert(DECL_P(var)); ++ if (is_global_var(var)) + continue; + + if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) @@ -121331,8 +121110,8 @@ index 0000000..1742271 +// if (lookup_attribute("no_const", DECL_ATTRIBUTES(var))) +// continue; + -+// if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) -+// continue; ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) ++ continue; + + if (walk_struct(type)) { + error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); @@ -121346,6 +121125,9 @@ index 0000000..1742271 + { + .type = GIMPLE_PASS, + .name = "check_local_variables", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = check_local_variables, + .sub = NULL, @@ -121499,12 +121281,12 @@ index 0000000..e518932 +exit 0 diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c new file mode 100644 -index 0000000..a86e422 +index 0000000..568b360 --- /dev/null +++ b/tools/gcc/kallocstat_plugin.c -@@ -0,0 +1,167 @@ +@@ -0,0 +1,170 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -121556,7 +121338,7 @@ index 0000000..a86e422 +}; + +static struct plugin_info kallocstat_plugin_info = { -+ .version = "201111150100", ++ .version = "201302112000", +}; + +static unsigned int execute_kallocstat(void); @@ -121565,6 +121347,9 @@ index 0000000..a86e422 + .pass = { + .type = GIMPLE_PASS, + .name = "kallocstat", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = execute_kallocstat, + .sub = NULL, @@ -121672,12 +121457,12 @@ index 0000000..a86e422 +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..8856202 +index 0000000..0408e06 --- /dev/null +++ b/tools/gcc/kernexec_plugin.c -@@ -0,0 +1,432 @@ +@@ -0,0 +1,465 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -121720,10 +121505,14 @@ index 0000000..8856202 +#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN) +#endif + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +int plugin_is_GPL_compatible; + +static struct plugin_info kernexec_plugin_info = { -+ .version = "201111291120", ++ .version = "201302112000", + .help = "method=[bts|or]\tinstrumentation method\n" +}; + @@ -121739,6 +121528,9 @@ index 0000000..8856202 + .pass = { + .type = GIMPLE_PASS, + .name = "kernexec_reload", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_reload, + .sub = NULL, @@ -121757,6 +121549,9 @@ index 0000000..8856202 + .pass = { + .type = GIMPLE_PASS, + .name = "kernexec_fptr", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_fptr, + .sub = NULL, @@ -121775,6 +121570,9 @@ index 0000000..8856202 + .pass = { + .type = RTL_PASS, + .name = "kernexec_retaddr", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_retaddr, + .sub = NULL, @@ -121872,8 +121670,10 @@ index 0000000..8856202 + + // create temporary unsigned long variable used for bitops and cast fptr to it + intptr = create_tmp_var(long_unsigned_type_node, "kernexec_bts"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(intptr); + mark_sym_for_renaming(intptr); ++#endif + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); + update_stmt(assign_intptr); @@ -121887,8 +121687,10 @@ index 0000000..8856202 + + // cast temporary unsigned long back to a temporary fptr variable + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); ++#endif + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); + gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); + update_stmt(assign_new_fptr); @@ -121902,24 +121704,36 @@ index 0000000..8856202 +{ + gimple asm_or_stmt, call_stmt; + tree old_fptr, new_fptr, input, output; ++#if BUILDING_GCC_VERSION <= 4007 + VEC(tree, gc) *inputs = NULL; + VEC(tree, gc) *outputs = NULL; ++#else ++ vec<tree, va_gc> *inputs = NULL; ++ vec<tree, va_gc> *outputs = NULL; ++#endif + + call_stmt = gsi_stmt(*gsi); + old_fptr = gimple_call_fn(call_stmt); + + // create temporary fptr variable + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_or"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); ++#endif + + // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr)); + input = build_tree_list(NULL_TREE, build_string(2, "0")); + input = chainon(NULL_TREE, build_tree_list(input, old_fptr)); + output = build_tree_list(NULL_TREE, build_string(3, "=r")); + output = chainon(NULL_TREE, build_tree_list(output, new_fptr)); ++#if BUILDING_GCC_VERSION <= 4007 + VEC_safe_push(tree, gc, inputs, input); + VEC_safe_push(tree, gc, outputs, output); ++#else ++ vec_safe_push(inputs, input); ++ vec_safe_push(outputs, output); ++#endif + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); + gimple_asm_set_volatile(asm_or_stmt, true); + gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); @@ -121957,9 +121771,13 @@ index 0000000..8856202 + gcc_unreachable(); + + // ... through a function pointer -+ fn = SSA_NAME_VAR(fn); -+ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) -+ continue; ++ if (SSA_NAME_VAR(fn) != NULL_TREE) { ++ fn = SSA_NAME_VAR(fn); ++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) { ++ debug_tree(fn); ++ gcc_unreachable(); ++ } ++ } + fn = TREE_TYPE(fn); + if (TREE_CODE(fn) != POINTER_TYPE) + continue; @@ -122110,12 +121928,12 @@ index 0000000..8856202 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..b8008f7 +index 0000000..1276616 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,295 @@ +@@ -0,0 +1,321 @@ +/* -+ * Copyright 2012 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2012-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -122155,12 +121973,16 @@ index 0000000..b8008f7 +#include "emit-rtl.h" +#include "tree-flow.h" + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +int plugin_is_GPL_compatible; + +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201207271820", ++ .version = "201302112000", + .help = NULL +}; + @@ -122171,6 +121993,9 @@ index 0000000..b8008f7 + .pass = { + .type = GIMPLE_PASS, + .name = "latent_entropy", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_latent_entropy, + .execute = execute_latent_entropy, + .sub = NULL, @@ -122266,7 +122091,9 @@ index 0000000..b8008f7 + op = get_op(&rhs); + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); + assign = gimple_build_assign(local_entropy, addxorrol); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif +//debug_bb(bb); + gsi = gsi_after_labels(bb); + gsi_insert_before(&gsi, assign, GSI_NEW_STMT); @@ -122281,12 +122108,16 @@ index 0000000..b8008f7 + + // 1. create temporary copy of latent_entropy + temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(temp); + mark_sym_for_renaming(temp); ++#endif + + // 2. read... + assign = gimple_build_assign(temp, latent_entropy_decl); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi = gsi_after_labels(bb); + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); @@ -122294,13 +122125,17 @@ index 0000000..b8008f7 + // 3. ...modify... + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); + assign = gimple_build_assign(temp, addxorrol); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); + + // 4. ...write latent_entropy + assign = gimple_build_assign(latent_entropy_decl, temp); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); +} @@ -122315,8 +122150,13 @@ index 0000000..b8008f7 + if (!latent_entropy_decl) { + struct varpool_node *node; + ++#if BUILDING_GCC_VERSION <= 4007 + for (node = varpool_nodes; node; node = node->next) { + tree var = node->decl; ++#else ++ FOR_EACH_VARIABLE(node) { ++ tree var = node->symbol.decl; ++#endif + if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy")) + continue; + latent_entropy_decl = var; @@ -122333,8 +122173,10 @@ index 0000000..b8008f7 + + // 1. create local entropy variable + local_entropy = create_tmp_var(unsigned_intDI_type_node, "local_entropy"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(local_entropy); + mark_sym_for_renaming(local_entropy); ++#endif + + // 2. initialize local entropy variable + bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; @@ -122344,7 +122186,9 @@ index 0000000..b8008f7 + + assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); +// gimple_set_location(assign, loc); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); + bb = bb->next_bb; @@ -124982,10 +124826,10 @@ index 0000000..7cfdcc5 +atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..792ee60 +index 0000000..d52f2ee --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1930 @@ +@@ -0,0 +1,1941 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -125026,6 +124870,10 @@ index 0000000..792ee60 +#define C_DECL_IMPLICIT(EXP) DECL_LANG_FLAG_2 (EXP) +#endif + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +struct size_overflow_hash { + const struct size_overflow_hash * const next; + const char * const name; @@ -125378,8 +125226,10 @@ index 0000000..792ee60 +{ + tree new_var = create_tmp_var(type, "cicus"); + ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_var); + mark_sym_for_renaming(new_var); ++#endif + return new_var; +} + @@ -125599,11 +125449,13 @@ index 0000000..792ee60 + basic_block bb; + gimple phi; + gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); ++ gimple_seq seq; + + bb = gsi_bb(gsi); + + phi = create_phi_node(result, bb); -+ gsi = gsi_last(phi_nodes(bb)); ++ seq = phi_nodes(bb); ++ gsi = gsi_last(seq); + gsi_remove(&gsi, false); + + gsi = gsi_for_stmt(oldstmt); @@ -126843,13 +126695,16 @@ index 0000000..792ee60 + .pass = { + .type = GIMPLE_PASS, + .name = "size_overflow", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = handle_function, + .sub = NULL, + .next = NULL, + .static_pass_number = 0, + .tv_id = TV_NONE, -+ .properties_required = PROP_cfg | PROP_referenced_vars, ++ .properties_required = PROP_cfg, + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, @@ -126918,12 +126773,12 @@ index 0000000..792ee60 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..38d2014 +index 0000000..ac2901e --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,313 @@ +@@ -0,0 +1,327 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -126961,6 +126816,10 @@ index 0000000..38d2014 +#include "rtl.h" +#include "emit-rtl.h" + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +extern void print_gimple_stmt(FILE *, gimple, int, int); + +int plugin_is_GPL_compatible; @@ -126971,7 +126830,7 @@ index 0000000..38d2014 +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201203140940", ++ .version = "201302112000", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -126984,6 +126843,9 @@ index 0000000..38d2014 + .pass = { + .type = GIMPLE_PASS, + .name = "stackleak_tree_instrument", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_stackleak_track_stack, + .execute = execute_stackleak_tree_instrument, + .sub = NULL, @@ -127002,6 +126864,9 @@ index 0000000..38d2014 + .pass = { + .type = RTL_PASS, + .name = "stackleak_final", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_stackleak_track_stack, + .execute = execute_stackleak_final, + .sub = NULL, @@ -127138,7 +127003,7 @@ index 0000000..38d2014 + +static unsigned int execute_stackleak_final(void) +{ -+ rtx insn; ++ rtx insn, next; + + if (cfun->calls_alloca) + return 0; @@ -127148,10 +127013,11 @@ index 0000000..38d2014 + return 0; + + // 1. find pax_track_stack calls -+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { ++ for (insn = get_insns(); insn; insn = next) { + // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil)) + rtx body; + ++ next = NEXT_INSN(insn); + if (!CALL_P(insn)) + continue; + body = PATTERN(insn); @@ -127167,10 +127033,13 @@ index 0000000..38d2014 + continue; +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); + // 2. delete call -+ insn = delete_insn_and_edges(insn); ++ delete_insn_and_edges(insn); +#if BUILDING_GCC_VERSION >= 4007 -+ if (GET_CODE(insn) == NOTE && NOTE_KIND(insn) == NOTE_INSN_CALL_ARG_LOCATION) -+ insn = delete_insn_and_edges(insn); ++ if (GET_CODE(next) == NOTE && NOTE_KIND(next) == NOTE_INSN_CALL_ARG_LOCATION) { ++ insn = next; ++ next = NEXT_INSN(insn); ++ delete_insn_and_edges(insn); ++ } +#endif + } + @@ -127262,7 +127131,7 @@ index 83b3dde..835bee7 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 82b6fdc..3a1bf69 100644 +index 82b6fdc..57cc875 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -81,7 +81,12 @@ static cpumask_var_t cpus_hardware_enabled; @@ -127279,6 +127148,33 @@ index 82b6fdc..3a1bf69 100644 struct dentry *kvm_debugfs_dir; +@@ -1823,7 +1828,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) + return 0; + } + +-static struct file_operations kvm_vcpu_fops = { ++static file_operations_no_const kvm_vcpu_fops __read_only = { + .release = kvm_vcpu_release, + .unlocked_ioctl = kvm_vcpu_ioctl, + .compat_ioctl = kvm_vcpu_ioctl, +@@ -2423,7 +2428,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) + return 0; + } + +-static struct file_operations kvm_vm_fops = { ++static file_operations_no_const kvm_vm_fops __read_only = { + .release = kvm_vm_release, + .unlocked_ioctl = kvm_vm_ioctl, + .compat_ioctl = kvm_vm_ioctl, +@@ -2510,7 +2515,7 @@ out: + return r; + } + +-static struct file_operations kvm_chardev_ops = { ++static file_operations_no_const kvm_chardev_ops __read_only = { + .unlocked_ioctl = kvm_dev_ioctl, + .compat_ioctl = kvm_dev_ioctl, + }; @@ -2573,7 +2578,7 @@ asmlinkage void kvm_handle_fault_on_reboot(void) if (kvm_rebooting) /* spin while reset goes on */ @@ -127308,13 +127204,10 @@ index 82b6fdc..3a1bf69 100644 goto out_free_5; } -- kvm_chardev_ops.owner = module; -- kvm_vm_fops.owner = module; -- kvm_vcpu_fops.owner = module; + pax_open_kernel(); -+ *(void **)&kvm_chardev_ops.owner = module; -+ *(void **)&kvm_vm_fops.owner = module; -+ *(void **)&kvm_vcpu_fops.owner = module; + kvm_chardev_ops.owner = module; + kvm_vm_fops.owner = module; + kvm_vcpu_fops.owner = module; + pax_close_kernel(); r = misc_register(&kvm_dev); diff --git a/2.6.32/4470_disable-compat_vdso.patch b/2.6.32/4470_disable-compat_vdso.patch index a54092e..c3762ce 100644 --- a/2.6.32/4470_disable-compat_vdso.patch +++ b/2.6.32/4470_disable-compat_vdso.patch @@ -1,10 +1,9 @@ -From: Jory A. Pratt <anarchy@gentoo.org> - No need to wrap vdso calls as gentoo does not use any version of glibc <=2.3.3 --- From: Gordon Malm <gengor@gentoo.org> From: Kerin Millar <kerframil@gmail.com> +From: Jory A. Pratt <anarchy@gentoo.org> COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It conflicts with various parts of PaX, crashing the system if enabled @@ -24,16 +23,16 @@ intact. Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 -diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig ---- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 -+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1625,17 +1625,8 @@ +diff -Naur a/arch/x86/Kconfig b/arch/x86/Kconfig +--- a/arch/x86/Kconfig 2013-02-18 05:43:19.000000000 -0500 ++++ b/arch/x86/Kconfig 2013-02-18 06:08:57.000000000 -0500 +@@ -1626,17 +1626,8 @@ config COMPAT_VDSO def_bool n - prompt "Compat VDSO support" depends on X86_32 || IA32_EMULATION - depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF + depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF - ---help--- - Map the 32-bit VDSO to the predictable old-style address too. - ---help--- diff --git a/3.2.38/0000_README b/3.2.38/0000_README index 2b340f4..6ecee87 100644 --- a/3.2.38/0000_README +++ b/3.2.38/0000_README @@ -70,7 +70,7 @@ Patch: 1037_linux-3.2.38.patch From: http://www.kernel.org Desc: Linux 3.2.38 -Patch: 4420_grsecurity-2.9.1-3.2.38-201302151927.patch +Patch: 4420_grsecurity-2.9.1-3.2.38-201302171808.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302151927.patch b/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch index dbf3f8b..ce8c16c 100644 --- a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302151927.patch +++ b/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch @@ -11183,7 +11183,7 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index b4973f4..7c4d3fc 100644 +index b4973f4..8c1fb95 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -459,7 +459,7 @@ struct kvm_arch { @@ -11195,15 +11195,6 @@ index b4973f4..7c4d3fc 100644 struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; /* * Hash table of struct kvm_mmu_page. -@@ -638,7 +638,7 @@ struct kvm_x86_ops { - int (*check_intercept)(struct kvm_vcpu *vcpu, - struct x86_instruction_info *info, - enum x86_intercept_stage stage); --}; -+} __do_const; - - struct kvm_arch_async_pf { - u32 token; diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..3534f04 100644 --- a/arch/x86/include/asm/local.h @@ -11749,9 +11740,45 @@ index a7d2db9..edb023e 100644 #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h -index 8e8b9a4..35918cc 100644 +index 8e8b9a4..74bb422 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h +@@ -84,7 +84,7 @@ struct pv_init_ops { + */ + unsigned (*patch)(u8 type, u16 clobber, void *insnbuf, + unsigned long addr, unsigned len); +-}; ++} __no_const; + + + struct pv_lazy_ops { +@@ -97,7 +97,7 @@ struct pv_time_ops { + unsigned long long (*sched_clock)(void); + unsigned long long (*steal_clock)(int cpu); + unsigned long (*get_tsc_khz)(void); +-}; ++} __no_const; + + struct pv_cpu_ops { + /* hooks for various privileged instructions */ +@@ -193,7 +193,7 @@ struct pv_cpu_ops { + + void (*start_context_switch)(struct task_struct *prev); + void (*end_context_switch)(struct task_struct *next); +-}; ++} __no_const; + + struct pv_irq_ops { + /* +@@ -224,7 +224,7 @@ struct pv_apic_ops { + unsigned long start_eip, + unsigned long start_esp); + #endif +-}; ++} __no_const; + + struct pv_mmu_ops { + unsigned long (*read_cr2)(void); @@ -313,6 +313,7 @@ struct pv_mmu_ops { struct paravirt_callee_save make_pud; @@ -11773,6 +11800,15 @@ index 8e8b9a4..35918cc 100644 }; struct arch_spinlock; +@@ -334,7 +341,7 @@ struct pv_lock_ops { + void (*spin_lock_flags)(struct arch_spinlock *lock, unsigned long flags); + int (*spin_trylock)(struct arch_spinlock *lock); + void (*spin_unlock)(struct arch_spinlock *lock); +-}; ++} __no_const; + + /* This contains all the paravirt structures: we get a convenient + * number for each function using the offset which we use to indicate diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h index b4389a4..7024269 100644 --- a/arch/x86/include/asm/pgalloc.h @@ -12498,7 +12534,7 @@ index 3b96fd4..8790004 100644 } #endif diff --git a/arch/x86/include/asm/reboot.h b/arch/x86/include/asm/reboot.h -index 92f29706..f4f21fd 100644 +index 92f29706..d0a1a53 100644 --- a/arch/x86/include/asm/reboot.h +++ b/arch/x86/include/asm/reboot.h @@ -6,19 +6,19 @@ @@ -12514,8 +12550,9 @@ index 92f29706..f4f21fd 100644 void (*shutdown)(void); void (*crash_shutdown)(struct pt_regs *); - void (*emergency_restart)(void); +-}; + void (* __noreturn emergency_restart)(void); - }; ++} __no_const; extern struct machine_ops machine_ops; @@ -12717,7 +12754,7 @@ index 5e64171..f58957e 100644 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 73b11bc..4803d4b 100644 +index 73b11bc..d4a3b63 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map); @@ -12729,6 +12766,15 @@ index 73b11bc..4803d4b 100644 static inline struct cpumask *cpu_sibling_mask(int cpu) { +@@ -77,7 +77,7 @@ struct smp_ops { + + void (*send_call_func_ipi)(const struct cpumask *mask); + void (*send_call_func_single_ipi)(int cpu); +-}; ++} __no_const; + + /* Globals due to paravirt */ + extern void set_cpu_sibling_map(int cpu); @@ -192,14 +192,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); @@ -13945,6 +13991,55 @@ index bb05228..d763d5b 100644 }) #endif +diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h +index 1971e65..6fa8756 100644 +--- a/arch/x86/include/asm/x86_init.h ++++ b/arch/x86/include/asm/x86_init.h +@@ -101,7 +101,7 @@ struct x86_init_timers { + void (*tsc_pre_init)(void); + void (*timer_init)(void); + void (*wallclock_init)(void); +-}; ++} __no_const; + + /** + * struct x86_init_iommu - platform specific iommu setup +@@ -139,7 +139,7 @@ struct x86_init_ops { + struct x86_init_timers timers; + struct x86_init_iommu iommu; + struct x86_init_pci pci; +-}; ++} __no_const; + + /** + * struct x86_cpuinit_ops - platform specific cpu hotplug setups +@@ -147,7 +147,7 @@ struct x86_init_ops { + */ + struct x86_cpuinit_ops { + void (*setup_percpu_clockev)(void); +-}; ++} __no_const; + + /** + * struct x86_platform_ops - platform specific runtime functions +@@ -169,7 +169,7 @@ struct x86_platform_ops { + void (*nmi_init)(void); + unsigned char (*get_nmi_reason)(void); + int (*i8042_detect)(void); +-}; ++} __no_const; + + struct pci_dev; + +@@ -177,7 +177,7 @@ struct x86_msi_ops { + int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type); + void (*teardown_msi_irq)(unsigned int irq); + void (*teardown_msi_irqs)(struct pci_dev *dev); +-}; ++} __no_const; + + extern struct x86_init_ops x86_init; + extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h index c6ce245..aab6adb 100644 --- a/arch/x86/include/asm/xsave.h @@ -13985,19 +14080,6 @@ index c6ce245..aab6adb 100644 "2:\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" -diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index 479d03c..ee1bb25 100644 ---- a/arch/x86/kernel/acpi/boot.c -+++ b/arch/x86/kernel/acpi/boot.c -@@ -1569,7 +1569,7 @@ int __init acpi_boot_init(void) - acpi_table_parse(ACPI_SIG_HPET, acpi_parse_hpet); - - if (!acpi_noirq) -- x86_init.pci.init = pci_acpi_init; -+ *(void **)&x86_init.pci.init = pci_acpi_init; - - return 0; - } diff --git a/arch/x86/kernel/acpi/realmode/Makefile b/arch/x86/kernel/acpi/realmode/Makefile index 6a564ac..3f3a3d7 100644 --- a/arch/x86/kernel/acpi/realmode/Makefile @@ -14208,32 +14290,6 @@ index bda833c..a9bdd97 100644 return addr; } -diff --git a/arch/x86/kernel/amd_gart_64.c b/arch/x86/kernel/amd_gart_64.c -index b1e7c7f..eb07876 100644 ---- a/arch/x86/kernel/amd_gart_64.c -+++ b/arch/x86/kernel/amd_gart_64.c -@@ -850,7 +850,7 @@ int __init gart_iommu_init(void) - - flush_gart(); - dma_ops = &gart_dma_ops; -- x86_platform.iommu_shutdown = gart_iommu_shutdown; -+ *(void **)&x86_platform.iommu_shutdown = gart_iommu_shutdown; - swiotlb = 0; - - return 0; -diff --git a/arch/x86/kernel/aperture_64.c b/arch/x86/kernel/aperture_64.c -index 3d2661c..58f1983 100644 ---- a/arch/x86/kernel/aperture_64.c -+++ b/arch/x86/kernel/aperture_64.c -@@ -396,7 +396,7 @@ int __init gart_iommu_hole_init(void) - - iommu_detected = 1; - gart_iommu_aperture = 1; -- x86_init.iommu.iommu_init = gart_iommu_init; -+ *(void **)&x86_init.iommu.iommu_init = gart_iommu_init; - - ctl = read_pci_config(bus, slot, 3, - AMD64_GARTAPERTURECTL); diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index c4e3581..7e2f9d0 100644 --- a/arch/x86/kernel/apic/apic.c @@ -14256,6 +14312,64 @@ index c4e3581..7e2f9d0 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); +diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c +index f7a41e4..be25d88 100644 +--- a/arch/x86/kernel/apic/apic_flat_64.c ++++ b/arch/x86/kernel/apic/apic_flat_64.c +@@ -171,7 +171,7 @@ static int flat_phys_pkg_id(int initial_apic_id, int index_msb) + return initial_apic_id >> index_msb; + } + +-static struct apic apic_flat = { ++static struct apic apic_flat __read_only = { + .name = "flat", + .probe = NULL, + .acpi_madt_oem_check = flat_acpi_madt_oem_check, +@@ -327,7 +327,7 @@ static int physflat_probe(void) + return 0; + } + +-static struct apic apic_physflat = { ++static struct apic apic_physflat __read_only = { + + .name = "physical flat", + .probe = physflat_probe, +diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c +index 521bead..a724871 100644 +--- a/arch/x86/kernel/apic/bigsmp_32.c ++++ b/arch/x86/kernel/apic/bigsmp_32.c +@@ -193,7 +193,7 @@ static int probe_bigsmp(void) + return dmi_bigsmp; + } + +-static struct apic apic_bigsmp = { ++static struct apic apic_bigsmp __read_only = { + + .name = "bigsmp", + .probe = probe_bigsmp, +diff --git a/arch/x86/kernel/apic/es7000_32.c b/arch/x86/kernel/apic/es7000_32.c +index 5d513bc..6c9c1ca 100644 +--- a/arch/x86/kernel/apic/es7000_32.c ++++ b/arch/x86/kernel/apic/es7000_32.c +@@ -619,8 +619,7 @@ static int es7000_mps_oem_check_cluster(struct mpc_table *mpc, char *oem, + return ret && es7000_apic_is_cluster(); + } + +-/* We've been warned by a false positive warning.Use __refdata to keep calm. */ +-static struct apic __refdata apic_es7000_cluster = { ++static struct apic apic_es7000_cluster __read_only = { + + .name = "es7000", + .probe = probe_es7000, +@@ -685,7 +684,7 @@ static struct apic __refdata apic_es7000_cluster = { + .x86_32_early_logical_apicid = es7000_early_logical_apicid, + }; + +-static struct apic __refdata apic_es7000 = { ++static struct apic __refdata apic_es7000 __read_only = { + + .name = "es7000", + .probe = probe_es7000, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c index 6d939d7..0697fcc 100644 --- a/arch/x86/kernel/apic/io_apic.c @@ -14297,47 +14411,84 @@ index 6d939d7..0697fcc 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c -index c4a61ca..8339ba6 100644 +index c4a61ca..4c63d32 100644 --- a/arch/x86/kernel/apic/numaq_32.c +++ b/arch/x86/kernel/apic/numaq_32.c -@@ -257,14 +257,14 @@ static __init void early_check_numaq(void) - early_get_smp_config(); - - if (found_numaq) { -- x86_init.mpparse.mpc_record = numaq_mpc_record; -- x86_init.mpparse.setup_ioapic_ids = x86_init_noop; -- x86_init.mpparse.mpc_apic_id = mpc_apic_id; -- x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem; -- x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus; -- x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info; -- x86_init.timers.tsc_pre_init = numaq_tsc_init; -- x86_init.pci.init = pci_numaq_init; -+ *(void **)&x86_init.mpparse.mpc_record = numaq_mpc_record; -+ *(void **)&x86_init.mpparse.setup_ioapic_ids = x86_init_noop; -+ *(void **)&x86_init.mpparse.mpc_apic_id = mpc_apic_id; -+ *(void **)&x86_init.mpparse.smp_read_mpc_oem = smp_read_mpc_oem; -+ *(void **)&x86_init.mpparse.mpc_oem_pci_bus = mpc_oem_pci_bus; -+ *(void **)&x86_init.mpparse.mpc_oem_bus_info = mpc_oem_bus_info; -+ *(void **)&x86_init.timers.tsc_pre_init = numaq_tsc_init; -+ *(void **)&x86_init.pci.init = pci_numaq_init; - } +@@ -472,8 +472,7 @@ static void numaq_setup_portio_remap(void) + (u_long) xquad_portio, (u_long) num_quads*XQUAD_PORTIO_QUAD); + } + +-/* Use __refdata to keep false positive warning calm. */ +-static struct apic __refdata apic_numaq = { ++static struct apic apic_numaq __read_only = { + + .name = "NUMAQ", + .probe = probe_numaq, +diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c +index 0787bb3..e222a80 100644 +--- a/arch/x86/kernel/apic/probe_32.c ++++ b/arch/x86/kernel/apic/probe_32.c +@@ -87,7 +87,7 @@ static int probe_default(void) + return 1; + } + +-static struct apic apic_default = { ++static struct apic apic_default __read_only = { + + .name = "default", + .probe = probe_default, +diff --git a/arch/x86/kernel/apic/summit_32.c b/arch/x86/kernel/apic/summit_32.c +index 1911442..2424a83 100644 +--- a/arch/x86/kernel/apic/summit_32.c ++++ b/arch/x86/kernel/apic/summit_32.c +@@ -491,7 +491,7 @@ void setup_summit(void) + } + #endif + +-static struct apic apic_summit = { ++static struct apic apic_summit __read_only = { + + .name = "summit", + .probe = probe_summit, +diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c +index 5007958..7a534f0 100644 +--- a/arch/x86/kernel/apic/x2apic_cluster.c ++++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -208,7 +208,7 @@ static int x2apic_cluster_probe(void) + return 0; } +-static struct apic apic_x2apic_cluster = { ++static struct apic apic_x2apic_cluster __read_only = { + + .name = "cluster x2apic", + .probe = x2apic_cluster_probe, +diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c +index f5373df..b0955f2 100644 +--- a/arch/x86/kernel/apic/x2apic_phys.c ++++ b/arch/x86/kernel/apic/x2apic_phys.c +@@ -114,7 +114,7 @@ static int x2apic_phys_probe(void) + return apic == &apic_x2apic_phys; + } + +-static struct apic apic_x2apic_phys = { ++static struct apic apic_x2apic_phys __read_only = { + + .name = "physical x2apic", + .probe = x2apic_phys_probe, diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c -index 79b05b8..0fc42b0 100644 +index 79b05b8..bc1d972 100644 --- a/arch/x86/kernel/apic/x2apic_uv_x.c +++ b/arch/x86/kernel/apic/x2apic_uv_x.c -@@ -139,8 +139,8 @@ static int __init uv_acpi_madt_oem_check(char *oem_id, char *oem_table_id) - is_uv1 ? UV1_HUB_REVISION_BASE : UV2_HUB_REVISION_BASE; - pnodeid = early_get_pnodeid(); - early_get_apic_pnode_shift(); -- x86_platform.is_untracked_pat_range = uv_is_untracked_pat_range; -- x86_platform.nmi_init = uv_nmi_init; -+ *(void **)&x86_platform.is_untracked_pat_range = uv_is_untracked_pat_range; -+ *(void **)&x86_platform.nmi_init = uv_nmi_init; - if (!strcmp(oem_table_id, "UVL")) - uv_system_type = UV_LEGACY_APIC; - else if (!strcmp(oem_table_id, "UVX")) +@@ -346,7 +346,7 @@ static int uv_probe(void) + return apic == &apic_x2apic_uv_x; + } + +-static struct apic __refdata apic_x2apic_uv_x = { ++static struct apic apic_x2apic_uv_x __read_only = { + + .name = "UV large system", + .probe = uv_probe, diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c index a46bd38..6b906d7 100644 --- a/arch/x86/kernel/apm_32.c @@ -14962,19 +15113,6 @@ index 2bda212..78cc605 100644 } } -diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c -index d22d0c4..088eb6f 100644 ---- a/arch/x86/kernel/cpu/vmware.c -+++ b/arch/x86/kernel/cpu/vmware.c -@@ -79,7 +79,7 @@ static void __init vmware_platform_setup(void) - VMWARE_PORT(GETHZ, eax, ebx, ecx, edx); - - if (ebx != UINT_MAX) -- x86_platform.calibrate_tsc = vmware_get_tsc_khz; -+ *(void **)&x86_platform.calibrate_tsc = vmware_get_tsc_khz; - else - printk(KERN_WARNING - "Failed to get TSC freq from the hypervisor\n"); diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 13ad899..f642b9a 100644 --- a/arch/x86/kernel/crash.c @@ -17270,10 +17408,10 @@ index c9a281f..3658fbe 100644 return -EFAULT; diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 3bb0850..a5f08e5 100644 +index 3bb0850..55a56f4 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c -@@ -19,12 +19,13 @@ +@@ -19,6 +19,7 @@ #include <asm/io_apic.h> #include <asm/bios_ebda.h> #include <asm/tlbflush.h> @@ -17281,14 +17419,6 @@ index 3bb0850..a5f08e5 100644 static void __init i386_default_early_setup(void) { - /* Initialize 32bit specific setup functions */ -- x86_init.resources.reserve_resources = i386_reserve_resources; -- x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc; -+ *(void **)&x86_init.resources.reserve_resources = i386_reserve_resources; -+ *(void **)&x86_init.mpparse.setup_ioapic_ids = setup_ioapic_ids_from_mpc; - - reserve_ebda_region(); - } @@ -33,7 +34,7 @@ void __init i386_start_kernel(void) { memblock_init(); @@ -18624,18 +18754,9 @@ index 7da647d..c828808 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..c15abd7 100644 +index a9c2116..a52d4fc 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c -@@ -422,7 +422,7 @@ static void __init paravirt_ops_setup(void) - pv_info.paravirt_enabled = 1; - - if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) -- pv_cpu_ops.io_delay = kvm_io_delay; -+ *(void **)&pv_cpu_ops.io_delay = kvm_io_delay; - - if (kvm_para_has_feature(KVM_FEATURE_MMU_OP)) { - pv_mmu_ops.set_pte = kvm_set_pte; @@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) pv_mmu_ops.set_pud = kvm_set_pud; #if PAGETABLE_LEVELS == 4 @@ -18644,54 +18765,6 @@ index a9c2116..c15abd7 100644 #endif #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; -@@ -601,15 +602,15 @@ void __init kvm_guest_init(void) - for (i = 0; i < KVM_TASK_SLEEP_HASHSIZE; i++) - spin_lock_init(&async_pf_sleepers[i].lock); - if (kvm_para_has_feature(KVM_FEATURE_ASYNC_PF)) -- x86_init.irqs.trap_init = kvm_apf_trap_init; -+ *(void **)&x86_init.irqs.trap_init = kvm_apf_trap_init; - - if (kvm_para_has_feature(KVM_FEATURE_STEAL_TIME)) { - has_steal_clock = 1; -- pv_time_ops.steal_clock = kvm_steal_clock; -+ *(void **)&pv_time_ops.steal_clock = kvm_steal_clock; - } - - #ifdef CONFIG_SMP -- smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu; -+ *(void **)&smp_ops.smp_prepare_boot_cpu = kvm_smp_prepare_boot_cpu; - register_cpu_notifier(&kvm_cpu_notifier); - #else - kvm_guest_cpu_init(); -diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c -index 44842d7..4ac78f74 100644 ---- a/arch/x86/kernel/kvmclock.c -+++ b/arch/x86/kernel/kvmclock.c -@@ -189,17 +189,17 @@ void __init kvmclock_init(void) - - if (kvm_register_clock("boot clock")) - return; -- pv_time_ops.sched_clock = kvm_clock_read; -- x86_platform.calibrate_tsc = kvm_get_tsc_khz; -- x86_platform.get_wallclock = kvm_get_wallclock; -- x86_platform.set_wallclock = kvm_set_wallclock; -+ *(void **)&pv_time_ops.sched_clock = kvm_clock_read; -+ *(void **)&x86_platform.calibrate_tsc = kvm_get_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = kvm_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = kvm_set_wallclock; - #ifdef CONFIG_X86_LOCAL_APIC -- x86_cpuinit.setup_percpu_clockev = -+ *(void **)&x86_cpuinit.setup_percpu_clockev = - kvm_setup_secondary_clock; - #endif -- machine_ops.shutdown = kvm_shutdown; -+ *(void **)&machine_ops.shutdown = kvm_shutdown; - #ifdef CONFIG_KEXEC -- machine_ops.crash_shutdown = kvm_crash_shutdown; -+ *(void **)&machine_ops.crash_shutdown = kvm_crash_shutdown; - #endif - kvm_get_preset_lpj(); - clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ea69726..604d066 100644 --- a/arch/x86/kernel/ldt.c @@ -18987,7 +19060,7 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index d90272e..81820dd 100644 +index d90272e..1afe104 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -53,6 +53,9 @@ u64 _paravirt_ident_64(u64 x) @@ -19041,7 +19114,18 @@ index d90272e..81820dd 100644 .name = "bare hardware", .paravirt_enabled = 0, .kernel_rpl = 0, -@@ -322,7 +329,7 @@ struct pv_time_ops pv_time_ops = { +@@ -313,16 +320,16 @@ struct pv_info pv_info = { + #endif + }; + +-struct pv_init_ops pv_init_ops = { ++struct pv_init_ops pv_init_ops __read_only = { + .patch = native_patch, + }; + +-struct pv_time_ops pv_time_ops = { ++struct pv_time_ops pv_time_ops __read_only = { + .sched_clock = native_sched_clock, .steal_clock = native_steal_clock, }; @@ -19050,7 +19134,23 @@ index d90272e..81820dd 100644 .save_fl = __PV_IS_CALLEE_SAVE(native_save_fl), .restore_fl = __PV_IS_CALLEE_SAVE(native_restore_fl), .irq_disable = __PV_IS_CALLEE_SAVE(native_irq_disable), -@@ -401,15 +408,20 @@ struct pv_apic_ops pv_apic_ops = { +@@ -334,7 +341,7 @@ struct pv_irq_ops pv_irq_ops = { + #endif + }; + +-struct pv_cpu_ops pv_cpu_ops = { ++struct pv_cpu_ops pv_cpu_ops __read_only = { + .cpuid = native_cpuid, + .get_debugreg = native_get_debugreg, + .set_debugreg = native_set_debugreg, +@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = { + .end_context_switch = paravirt_nop, + }; + +-struct pv_apic_ops pv_apic_ops = { ++struct pv_apic_ops pv_apic_ops __read_only= { + #ifdef CONFIG_X86_LOCAL_APIC + .startup_ipi_hook = paravirt_nop, #endif }; @@ -19094,19 +19194,6 @@ index d90272e..81820dd 100644 }; EXPORT_SYMBOL_GPL(pv_time_ops); -diff --git a/arch/x86/kernel/pci-calgary_64.c b/arch/x86/kernel/pci-calgary_64.c -index 726494b..304df20 100644 ---- a/arch/x86/kernel/pci-calgary_64.c -+++ b/arch/x86/kernel/pci-calgary_64.c -@@ -1463,7 +1463,7 @@ int __init detect_calgary(void) - printk(KERN_INFO "PCI-DMA: Calgary TCE table spec is %d\n", - specified_table_size); - -- x86_init.iommu.iommu_init = calgary_iommu_init; -+ *(void **)&x86_init.iommu.iommu_init = calgary_iommu_init; - } - return calgary_found; - diff --git a/arch/x86/kernel/pci-iommu_table.c b/arch/x86/kernel/pci-iommu_table.c index 35ccf75..7a15747 100644 --- a/arch/x86/kernel/pci-iommu_table.c @@ -19427,7 +19514,7 @@ index 6a364a6..b147d11 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 2dc4121..5178bcc 100644 +index 2dc4121..869e219 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -181,14 +181,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -19489,7 +19576,7 @@ index 2dc4121..5178bcc 100644 #ifdef CONFIG_X86_64 -static struct user_regset x86_64_regsets[] __read_mostly = { -+static struct user_regset x86_64_regsets[] = { ++static user_regset_no_const x86_64_regsets[] __read_only = { [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct) / sizeof(long), @@ -19498,11 +19585,11 @@ index 2dc4121..5178bcc 100644 #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION -static struct user_regset x86_32_regsets[] __read_mostly = { -+static struct user_regset x86_32_regsets[] = { ++static user_regset_no_const x86_32_regsets[] __read_only = { [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct32) / sizeof(u32), -@@ -1326,13 +1325,13 @@ static const struct user_regset_view user_x86_32_view = { +@@ -1326,7 +1325,7 @@ static const struct user_regset_view user_x86_32_view = { */ u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; @@ -19510,15 +19597,7 @@ index 2dc4121..5178bcc 100644 +void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask) { #ifdef CONFIG_X86_64 -- x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); -+ *(unsigned int *)&x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); - #endif - #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION -- x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64); -+ *(unsigned int *)&x86_32_regsets[REGSET_XSTATE].n = size / sizeof(u64); - #endif - xstate_fx_sw_bytes[USER_XSTATE_XCR0_WORD] = xstate_mask; - } + x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); @@ -1361,7 +1360,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; @@ -19596,7 +19675,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 47f4e5f..f8abbbc 100644 +index 47f4e5f..849a8a6 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -19724,14 +19803,18 @@ index 47f4e5f..f8abbbc 100644 { if (pm_power_off) { if (!reboot_force) -@@ -707,6 +739,7 @@ static void native_machine_power_off(void) +@@ -707,9 +739,10 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); + unreachable(); } - struct machine_ops machine_ops = { +-struct machine_ops machine_ops = { ++struct machine_ops machine_ops __read_only = { + .power_off = native_machine_power_off, + .shutdown = native_machine_shutdown, + .emergency_restart = native_machine_emergency_restart, diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index 7a6f3b3..bed145d7 100644 --- a/arch/x86/kernel/relocate_kernel_64.S @@ -19947,6 +20030,19 @@ index 54ddaeb2..22c3bdc 100644 return; signr = get_signal_to_deliver(&info, &ka, regs, NULL); +diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c +index 16204dc..0e7d4b7 100644 +--- a/arch/x86/kernel/smp.c ++++ b/arch/x86/kernel/smp.c +@@ -225,7 +225,7 @@ void smp_call_function_single_interrupt(struct pt_regs *regs) + irq_exit(); + } + +-struct smp_ops smp_ops = { ++struct smp_ops smp_ops __read_only = { + .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu, + .smp_prepare_cpus = native_smp_prepare_cpus, + .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c index 9f548cb..caf76f7 100644 --- a/arch/x86/kernel/smpboot.c @@ -21085,19 +21181,6 @@ index 0f703f1..3b426f3 100644 "kernel image bigger than KERNEL_IMAGE_SIZE"); #ifdef CONFIG_SMP -diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c -index a1d804b..1ab845e 100644 ---- a/arch/x86/kernel/vsmp_64.c -+++ b/arch/x86/kernel/vsmp_64.c -@@ -98,7 +98,7 @@ static void __init set_vsmp_pv_ops(void) - pv_irq_ops.irq_enable = PV_CALLEE_SAVE(vsmp_irq_enable); - pv_irq_ops.save_fl = PV_CALLEE_SAVE(vsmp_save_fl); - pv_irq_ops.restore_fl = PV_CALLEE_SAVE(vsmp_restore_fl); -- pv_init_ops.patch = vsmp_patch; -+ *(void **)&pv_init_ops.patch = vsmp_patch; - - ctl &= ~(1 << 4); - writel(ctl, address + 4); diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c index e4d4a22..47ee71f 100644 --- a/arch/x86/kernel/vsyscall_64.c @@ -21163,6 +21246,36 @@ index 9796c2f..f686fbf 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); +diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c +index c1d6cd5..204ac00 100644 +--- a/arch/x86/kernel/x86_init.c ++++ b/arch/x86/kernel/x86_init.c +@@ -90,14 +90,14 @@ struct x86_init_ops x86_init __initdata = { + }, + }; + +-struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { ++struct x86_cpuinit_ops x86_cpuinit __cpuinitconst = { + .setup_percpu_clockev = setup_secondary_APIC_clock, + }; + + static void default_nmi_init(void) { }; + static int default_i8042_detect(void) { return 1; }; + +-struct x86_platform_ops x86_platform = { ++struct x86_platform_ops x86_platform __read_only = { + .calibrate_tsc = native_calibrate_tsc, + .wallclock_init = wallclock_init_noop, + .get_wallclock = mach_get_cmos_time, +@@ -110,7 +110,7 @@ struct x86_platform_ops x86_platform = { + }; + + EXPORT_SYMBOL_GPL(x86_platform); +-struct x86_msi_ops x86_msi = { ++struct x86_msi_ops x86_msi __read_only = { + .setup_msi_irqs = native_setup_msi_irqs, + .teardown_msi_irq = native_teardown_msi_irq, + .teardown_msi_irqs = default_teardown_msi_irqs, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c index 7110911..069da9c 100644 --- a/arch/x86/kernel/xsave.c @@ -21512,28 +21625,9 @@ index f4063fd..3c40814 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index cf4603b..21234b6 100644 +index cf4603b..7cdde38 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1111,12 +1111,12 @@ static u32 lguest_apic_safe_wait_icr_idle(void) - - static void set_lguest_basic_apic_ops(void) - { -- apic->read = lguest_apic_read; -- apic->write = lguest_apic_write; -- apic->icr_read = lguest_apic_icr_read; -- apic->icr_write = lguest_apic_icr_write; -- apic->wait_icr_idle = lguest_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; -+ *(void **)&apic->read = lguest_apic_read; -+ *(void **)&apic->write = lguest_apic_write; -+ *(void **)&apic->icr_read = lguest_apic_icr_read; -+ *(void **)&apic->icr_write = lguest_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = lguest_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; - }; - #endif - @@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. @@ -21546,81 +21640,6 @@ index cf4603b..21234b6 100644 } /*G:050 -@@ -1287,28 +1288,28 @@ __init void lguest_init(void) - pv_irq_ops.safe_halt = lguest_safe_halt; - - /* Setup operations */ -- pv_init_ops.patch = lguest_patch; -+ *(void **)&pv_init_ops.patch = lguest_patch; - - /* Intercepts of various CPU instructions */ -- pv_cpu_ops.load_gdt = lguest_load_gdt; -- pv_cpu_ops.cpuid = lguest_cpuid; -- pv_cpu_ops.load_idt = lguest_load_idt; -- pv_cpu_ops.iret = lguest_iret; -- pv_cpu_ops.load_sp0 = lguest_load_sp0; -- pv_cpu_ops.load_tr_desc = lguest_load_tr_desc; -- pv_cpu_ops.set_ldt = lguest_set_ldt; -- pv_cpu_ops.load_tls = lguest_load_tls; -- pv_cpu_ops.set_debugreg = lguest_set_debugreg; -- pv_cpu_ops.clts = lguest_clts; -- pv_cpu_ops.read_cr0 = lguest_read_cr0; -- pv_cpu_ops.write_cr0 = lguest_write_cr0; -- pv_cpu_ops.read_cr4 = lguest_read_cr4; -- pv_cpu_ops.write_cr4 = lguest_write_cr4; -- pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry; -- pv_cpu_ops.write_idt_entry = lguest_write_idt_entry; -- pv_cpu_ops.wbinvd = lguest_wbinvd; -- pv_cpu_ops.start_context_switch = paravirt_start_context_switch; -- pv_cpu_ops.end_context_switch = lguest_end_context_switch; -+ *(void **)&pv_cpu_ops.load_gdt = lguest_load_gdt; -+ *(void **)&pv_cpu_ops.cpuid = lguest_cpuid; -+ *(void **)&pv_cpu_ops.load_idt = lguest_load_idt; -+ *(void **)&pv_cpu_ops.iret = lguest_iret; -+ *(void **)&pv_cpu_ops.load_sp0 = lguest_load_sp0; -+ *(void **)&pv_cpu_ops.load_tr_desc = lguest_load_tr_desc; -+ *(void **)&pv_cpu_ops.set_ldt = lguest_set_ldt; -+ *(void **)&pv_cpu_ops.load_tls = lguest_load_tls; -+ *(void **)&pv_cpu_ops.set_debugreg = lguest_set_debugreg; -+ *(void **)&pv_cpu_ops.clts = lguest_clts; -+ *(void **)&pv_cpu_ops.read_cr0 = lguest_read_cr0; -+ *(void **)&pv_cpu_ops.write_cr0 = lguest_write_cr0; -+ *(void **)&pv_cpu_ops.read_cr4 = lguest_read_cr4; -+ *(void **)&pv_cpu_ops.write_cr4 = lguest_write_cr4; -+ *(void **)&pv_cpu_ops.write_gdt_entry = lguest_write_gdt_entry; -+ *(void **)&pv_cpu_ops.write_idt_entry = lguest_write_idt_entry; -+ *(void **)&pv_cpu_ops.wbinvd = lguest_wbinvd; -+ *(void **)&pv_cpu_ops.start_context_switch = paravirt_start_context_switch; -+ *(void **)&pv_cpu_ops.end_context_switch = lguest_end_context_switch; - - /* Pagetable management */ - pv_mmu_ops.write_cr3 = lguest_write_cr3; -@@ -1336,11 +1337,11 @@ __init void lguest_init(void) - set_lguest_basic_apic_ops(); - #endif - -- x86_init.resources.memory_setup = lguest_memory_setup; -- x86_init.irqs.intr_init = lguest_init_IRQ; -- x86_init.timers.timer_init = lguest_time_init; -- x86_platform.calibrate_tsc = lguest_tsc_khz; -- x86_platform.get_wallclock = lguest_get_wallclock; -+ *(void **)&x86_init.resources.memory_setup = lguest_memory_setup; -+ *(void **)&x86_init.irqs.intr_init = lguest_init_IRQ; -+ *(void **)&x86_init.timers.timer_init = lguest_time_init; -+ *(void **)&x86_platform.calibrate_tsc = lguest_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = lguest_get_wallclock; - - /* - * Now is a good time to look at the implementations of these functions -@@ -1429,7 +1430,7 @@ __init void lguest_init(void) - * routine. - */ - pm_power_off = lguest_power_off; -- machine_ops.restart = lguest_restart; -+ *(void **)&machine_ops.restart = lguest_restart; - - /* - * Now we're set up, call i386_start_kernel() in head32.c and we proceed diff --git a/arch/x86/lib/atomic64_32.c b/arch/x86/lib/atomic64_32.c index 042f682..c92afb6 100644 --- a/arch/x86/lib/atomic64_32.c @@ -27399,19 +27418,6 @@ index bff89df..377758a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, -diff --git a/arch/x86/pci/acpi.c b/arch/x86/pci/acpi.c -index 0ed97d8..ac1ec9d 100644 ---- a/arch/x86/pci/acpi.c -+++ b/arch/x86/pci/acpi.c -@@ -436,7 +436,7 @@ int __init pci_acpi_init(void) - acpi_irq_penalty_init(); - pcibios_enable_irq = acpi_pci_irq_enable; - pcibios_disable_irq = acpi_pci_irq_disable; -- x86_init.pci.init_irq = x86_init_noop; -+ *(void **)&x86_init.pci.init_irq = x86_init_noop; - - if (pci_routeirq) { - /* diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c index cb29191..036766d 100644 --- a/arch/x86/pci/mrst.c @@ -27735,60 +27741,6 @@ index db0e9a5..0372c14 100644 return !(ret & 0xff00); } EXPORT_SYMBOL(pcibios_set_irq_routing); -diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c -index 4c262f6..01f170b 100644 ---- a/arch/x86/pci/xen.c -+++ b/arch/x86/pci/xen.c -@@ -369,9 +369,9 @@ int __init pci_xen_init(void) - #endif - - #ifdef CONFIG_PCI_MSI -- x86_msi.setup_msi_irqs = xen_setup_msi_irqs; -- x86_msi.teardown_msi_irq = xen_teardown_msi_irq; -- x86_msi.teardown_msi_irqs = xen_teardown_msi_irqs; -+ *(void **)&x86_msi.setup_msi_irqs = xen_setup_msi_irqs; -+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq; -+ *(void **)&x86_msi.teardown_msi_irqs = xen_teardown_msi_irqs; - #endif - return 0; - } -@@ -390,8 +390,8 @@ int __init pci_xen_hvm_init(void) - #endif - - #ifdef CONFIG_PCI_MSI -- x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; -- x86_msi.teardown_msi_irq = xen_teardown_msi_irq; -+ *(void **)&x86_msi.setup_msi_irqs = xen_hvm_setup_msi_irqs; -+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq; - #endif - return 0; - } -@@ -448,8 +448,8 @@ int __init pci_xen_initial_domain(void) - int irq; - - #ifdef CONFIG_PCI_MSI -- x86_msi.setup_msi_irqs = xen_initdom_setup_msi_irqs; -- x86_msi.teardown_msi_irq = xen_teardown_msi_irq; -+ *(void **)&x86_msi.setup_msi_irqs = xen_initdom_setup_msi_irqs; -+ *(void **)&x86_msi.teardown_msi_irq = xen_teardown_msi_irq; - #endif - xen_setup_acpi_sci(); - __acpi_register_gsi = acpi_register_gsi_xen; -diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c -index bef9991..ca3dab1 100644 ---- a/arch/x86/platform/efi/efi.c -+++ b/arch/x86/platform/efi/efi.c -@@ -596,8 +596,8 @@ void __init efi_init(void) - set_bit(EFI_MEMMAP, &x86_efi_facility); - - #ifdef CONFIG_X86_32 -- x86_platform.get_wallclock = efi_get_time; -- x86_platform.set_wallclock = efi_set_rtc_mmss; -+ *(void **)&x86_platform.get_wallclock = efi_get_time; -+ *(void **)&x86_platform.set_wallclock = efi_set_rtc_mmss; - #endif - - #if EFI_DEBUG diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c index 40e4469..1ab536e 100644 --- a/arch/x86/platform/efi/efi_32.c @@ -28028,7 +27980,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index ad4ec1c..50d15e3 100644 +index ad4ec1c..686479e 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -28054,92 +28006,6 @@ index ad4ec1c..50d15e3 100644 } /* parse all the mtimer info to a static mtimer array */ -@@ -242,14 +244,14 @@ static void __init mrst_time_init(void) - case MRST_TIMER_APBT_ONLY: - break; - case MRST_TIMER_LAPIC_APBT: -- x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock; -- x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock; -+ *(void **)&x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock; - break; - default: - if (!boot_cpu_has(X86_FEATURE_ARAT)) - break; -- x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock; -- x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock; -+ *(void **)&x86_init.timers.setup_percpu_clockev = setup_boot_APIC_clock; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = setup_secondary_APIC_clock; - return; - } - /* we need at least one APB timer */ -@@ -296,35 +298,35 @@ static unsigned char mrst_get_nmi_reason(void) - */ - void __init x86_mrst_early_setup(void) - { -- x86_init.resources.probe_roms = x86_init_noop; -- x86_init.resources.reserve_resources = x86_init_noop; -+ *(void **)&x86_init.resources.probe_roms = x86_init_noop; -+ *(void **)&x86_init.resources.reserve_resources = x86_init_noop; - -- x86_init.timers.timer_init = mrst_time_init; -- x86_init.timers.setup_percpu_clockev = x86_init_noop; -+ *(void **)&x86_init.timers.timer_init = mrst_time_init; -+ *(void **)&x86_init.timers.setup_percpu_clockev = x86_init_noop; - -- x86_init.irqs.pre_vector_init = x86_init_noop; -+ *(void **)&x86_init.irqs.pre_vector_init = x86_init_noop; - -- x86_init.oem.arch_setup = mrst_arch_setup; -+ *(void **)&x86_init.oem.arch_setup = mrst_arch_setup; - -- x86_cpuinit.setup_percpu_clockev = apbt_setup_secondary_clock; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = apbt_setup_secondary_clock; - -- x86_platform.calibrate_tsc = mrst_calibrate_tsc; -- x86_platform.i8042_detect = mrst_i8042_detect; -- x86_init.timers.wallclock_init = mrst_rtc_init; -- x86_platform.get_nmi_reason = mrst_get_nmi_reason; -+ *(void **)&x86_platform.calibrate_tsc = mrst_calibrate_tsc; -+ *(void **)&x86_platform.i8042_detect = mrst_i8042_detect; -+ *(void **)&x86_init.timers.wallclock_init = mrst_rtc_init; -+ *(void **)&x86_platform.get_nmi_reason = mrst_get_nmi_reason; - -- x86_init.pci.init = pci_mrst_init; -- x86_init.pci.fixup_irqs = x86_init_noop; -+ *(void **)&x86_init.pci.init = pci_mrst_init; -+ *(void **)&x86_init.pci.fixup_irqs = x86_init_noop; - - legacy_pic = &null_legacy_pic; - - /* Moorestown specific power_off/restart method */ - pm_power_off = mrst_power_off; -- machine_ops.emergency_restart = mrst_reboot; -+ *(void **)&machine_ops.emergency_restart = mrst_reboot; - - /* Avoid searching for BIOS MP tables */ -- x86_init.mpparse.find_smp_config = x86_init_noop; -- x86_init.mpparse.get_smp_config = x86_init_uint_noop; -+ *(void **)&x86_init.mpparse.find_smp_config = x86_init_noop; -+ *(void **)&x86_init.mpparse.get_smp_config = x86_init_uint_noop; - set_bit(MP_BUS_ISA, mp_bus_not_pci); - } - -diff --git a/arch/x86/platform/mrst/vrtc.c b/arch/x86/platform/mrst/vrtc.c -index 225bd0f..22e8086 100644 ---- a/arch/x86/platform/mrst/vrtc.c -+++ b/arch/x86/platform/mrst/vrtc.c -@@ -120,8 +120,8 @@ void __init mrst_rtc_init(void) - - vrtc_virt_base = (void __iomem *)set_fixmap_offset_nocache(FIX_LNW_VRTC, - vrtc_paddr); -- x86_platform.get_wallclock = vrtc_get_time; -- x86_platform.set_wallclock = vrtc_set_mmss; -+ *(void **)&x86_platform.get_wallclock = vrtc_get_time; -+ *(void **)&x86_platform.set_wallclock = vrtc_set_mmss; - } - - /* diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c index d6ee929..3637cb5 100644 --- a/arch/x86/platform/olpc/olpc_dt.c @@ -28549,7 +28415,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 69b9ef6..e07ccfc 100644 +index 69b9ef6..c76f1fe 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -28581,26 +28447,7 @@ index 69b9ef6..e07ccfc 100644 int f; /* -@@ -761,12 +757,12 @@ static u32 xen_safe_apic_wait_icr_idle(void) - - static void set_xen_basic_apic_ops(void) - { -- apic->read = xen_apic_read; -- apic->write = xen_apic_write; -- apic->icr_read = xen_apic_icr_read; -- apic->icr_write = xen_apic_icr_write; -- apic->wait_icr_idle = xen_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; -+ *(void **)&apic->read = xen_apic_read; -+ *(void **)&apic->write = xen_apic_write; -+ *(void **)&apic->icr_read = xen_apic_icr_read; -+ *(void **)&apic->icr_write = xen_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = xen_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; - } - - #endif -@@ -1057,7 +1053,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1057,30 +1053,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -28609,8 +28456,10 @@ index 69b9ef6..e07ccfc 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1065,17 +1061,17 @@ static void xen_reboot(int reason) - BUG(); +- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r)) +- BUG(); ++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r); ++ BUG(); } -static void xen_restart(char *msg) @@ -28630,45 +28479,12 @@ index 69b9ef6..e07ccfc 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1125,14 +1121,14 @@ static const struct machine_ops xen_machine_ops __initconst = { - */ - static void __init xen_setup_stackprotector(void) - { -- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot; -- pv_cpu_ops.load_gdt = xen_load_gdt_boot; -+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry_boot; -+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt_boot; - - setup_stack_canary_segment(0); - switch_to_new_gdt(0); - -- pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry; -- pv_cpu_ops.load_gdt = xen_load_gdt; -+ *(void **)&pv_cpu_ops.write_gdt_entry = xen_write_gdt_entry; -+ *(void **)&pv_cpu_ops.load_gdt = xen_load_gdt; - } - - /* First C function to be called on Xen boot */ -@@ -1151,13 +1147,13 @@ asmlinkage void __init xen_start_kernel(void) - - /* Install Xen paravirt ops */ - pv_info = xen_info; -- pv_init_ops = xen_init_ops; -- pv_cpu_ops = xen_cpu_ops; -- pv_apic_ops = xen_apic_ops; -+ memcpy((void *)&pv_init_ops, &xen_init_ops, sizeof pv_init_ops); -+ memcpy((void *)&pv_cpu_ops, &xen_cpu_ops, sizeof pv_cpu_ops); -+ memcpy((void *)&pv_apic_ops, &xen_apic_ops, sizeof pv_apic_ops); - -- x86_init.resources.memory_setup = xen_memory_setup; -- x86_init.oem.arch_setup = xen_arch_setup; -- x86_init.oem.banner = xen_banner; -+ *(void **)&x86_init.resources.memory_setup = xen_memory_setup; -+ *(void **)&x86_init.oem.arch_setup = xen_arch_setup; -+ *(void **)&x86_init.oem.banner = xen_banner; - - xen_init_time_ops(); +-static void xen_machine_power_off(void) ++static void __noreturn xen_machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); @@ -1181,7 +1177,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; @@ -28704,48 +28520,8 @@ index 69b9ef6..e07ccfc 100644 xen_smp_init(); -@@ -1293,7 +1292,7 @@ asmlinkage void __init xen_start_kernel(void) - add_preferred_console("tty", 0, NULL); - add_preferred_console("hvc", 0, NULL); - if (pci_xen) -- x86_init.pci.arch_init = pci_xen_init; -+ *(void **)&x86_init.pci.arch_init = pci_xen_init; - } else { - const struct dom0_vga_console_info *info = - (void *)((char *)xen_start_info + -@@ -1307,8 +1306,8 @@ asmlinkage void __init xen_start_kernel(void) - pci_request_acs(); - - /* Avoid searching for BIOS MP tables */ -- x86_init.mpparse.find_smp_config = x86_init_noop; -- x86_init.mpparse.get_smp_config = x86_init_uint_noop; -+ *(void **)&x86_init.mpparse.find_smp_config = x86_init_noop; -+ *(void **)&x86_init.mpparse.get_smp_config = x86_init_uint_noop; - } - #ifdef CONFIG_PCI - /* PCI BIOS service won't work from a PV guest. */ -@@ -1420,7 +1419,7 @@ static void __init xen_hvm_guest_init(void) - xen_hvm_smp_init(); - register_cpu_notifier(&xen_hvm_cpu_notifier); - xen_unplug_emulated_devices(); -- x86_init.irqs.intr_init = xen_init_IRQ; -+ *(void **)&x86_init.irqs.intr_init = xen_init_IRQ; - xen_hvm_init_time_ops(); - xen_hvm_init_mmu_ops(); - } -diff --git a/arch/x86/xen/irq.c b/arch/x86/xen/irq.c -index 8bbb465..dcc060a 100644 ---- a/arch/x86/xen/irq.c -+++ b/arch/x86/xen/irq.c -@@ -129,5 +129,5 @@ static const struct pv_irq_ops xen_irq_ops __initconst = { - void __init xen_init_irq_ops(void) - { - pv_irq_ops = xen_irq_ops; -- x86_init.irqs.intr_init = xen_init_IRQ; -+ *(void **)&x86_init.irqs.intr_init = xen_init_IRQ; - } diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 2b8b0de..34eb69e 100644 +index 2b8b0de..0787f8a 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1757,6 +1757,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, @@ -28786,21 +28562,8 @@ index 2b8b0de..34eb69e 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, -@@ -2086,9 +2095,9 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { - - void __init xen_init_mmu_ops(void) - { -- x86_init.mapping.pagetable_reserve = xen_mapping_pagetable_reserve; -- x86_init.paging.pagetable_setup_start = xen_pagetable_setup_start; -- x86_init.paging.pagetable_setup_done = xen_pagetable_setup_done; -+ *(void **)&x86_init.mapping.pagetable_reserve = xen_mapping_pagetable_reserve; -+ *(void **)&x86_init.paging.pagetable_setup_start = xen_pagetable_setup_start; -+ *(void **)&x86_init.paging.pagetable_setup_done = xen_pagetable_setup_done; - pv_mmu_ops = xen_mmu_ops; - - memset(dummy_mapping, 0xff, PAGE_SIZE); diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 9a23fff..ddaa2fa 100644 +index 9a23fff..c05e794 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -28856,97 +28619,11 @@ index 9a23fff..ddaa2fa 100644 xen_fill_possible_map(); xen_init_spinlocks(); } -@@ -570,10 +564,10 @@ void __init xen_hvm_smp_init(void) - { - if (!xen_have_vector_callback) - return; -- smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus; -- smp_ops.smp_send_reschedule = xen_smp_send_reschedule; -- smp_ops.cpu_up = xen_hvm_cpu_up; -- smp_ops.cpu_die = xen_hvm_cpu_die; -- smp_ops.send_call_func_ipi = xen_smp_send_call_function_ipi; -- smp_ops.send_call_func_single_ipi = xen_smp_send_call_function_single_ipi; -+ *(void **)&smp_ops.smp_prepare_cpus = xen_hvm_smp_prepare_cpus; -+ *(void **)&smp_ops.smp_send_reschedule = xen_smp_send_reschedule; -+ *(void **)&smp_ops.cpu_up = xen_hvm_cpu_up; -+ *(void **)&smp_ops.cpu_die = xen_hvm_cpu_die; -+ *(void **)&smp_ops.send_call_func_ipi = xen_smp_send_call_function_ipi; -+ *(void **)&smp_ops.send_call_func_single_ipi = xen_smp_send_call_function_single_ipi; - } -diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c -index d69cc6c..8afa11d 100644 ---- a/arch/x86/xen/spinlock.c -+++ b/arch/x86/xen/spinlock.c -@@ -390,12 +390,12 @@ void __init xen_init_spinlocks(void) - { - BUILD_BUG_ON(sizeof(struct xen_spinlock) > sizeof(arch_spinlock_t)); - -- pv_lock_ops.spin_is_locked = xen_spin_is_locked; -- pv_lock_ops.spin_is_contended = xen_spin_is_contended; -- pv_lock_ops.spin_lock = xen_spin_lock; -- pv_lock_ops.spin_lock_flags = xen_spin_lock_flags; -- pv_lock_ops.spin_trylock = xen_spin_trylock; -- pv_lock_ops.spin_unlock = xen_spin_unlock; -+ *(void **)&pv_lock_ops.spin_is_locked = xen_spin_is_locked; -+ *(void **)&pv_lock_ops.spin_is_contended = xen_spin_is_contended; -+ *(void **)&pv_lock_ops.spin_lock = xen_spin_lock; -+ *(void **)&pv_lock_ops.spin_lock_flags = xen_spin_lock_flags; -+ *(void **)&pv_lock_ops.spin_trylock = xen_spin_trylock; -+ *(void **)&pv_lock_ops.spin_unlock = xen_spin_unlock; - } - - #ifdef CONFIG_XEN_DEBUG_FS -diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c -index 0296a95..3c51a2d 100644 ---- a/arch/x86/xen/time.c -+++ b/arch/x86/xen/time.c -@@ -481,15 +481,15 @@ static void __init xen_time_init(void) - - void __init xen_init_time_ops(void) - { -- pv_time_ops = xen_time_ops; -+ memcpy((void *)&pv_time_ops, &xen_time_ops, sizeof pv_time_ops); - -- x86_init.timers.timer_init = xen_time_init; -- x86_init.timers.setup_percpu_clockev = x86_init_noop; -- x86_cpuinit.setup_percpu_clockev = x86_init_noop; -+ *(void **)&x86_init.timers.timer_init = xen_time_init; -+ *(void **)&x86_init.timers.setup_percpu_clockev = x86_init_noop; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = x86_init_noop; - -- x86_platform.calibrate_tsc = xen_tsc_khz; -- x86_platform.get_wallclock = xen_get_wallclock; -- x86_platform.set_wallclock = xen_set_wallclock; -+ *(void **)&x86_platform.calibrate_tsc = xen_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = xen_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = xen_set_wallclock; - } - - #ifdef CONFIG_XEN_PVHVM -@@ -514,12 +514,12 @@ void __init xen_hvm_init_time_ops(void) - return; - } - -- pv_time_ops = xen_time_ops; -- x86_init.timers.setup_percpu_clockev = xen_time_init; -- x86_cpuinit.setup_percpu_clockev = xen_hvm_setup_cpu_clockevents; -+ memcpy((void *)&pv_time_ops, &xen_time_ops, sizeof pv_time_ops); -+ *(void **)&x86_init.timers.setup_percpu_clockev = xen_time_init; -+ *(void **)&x86_cpuinit.setup_percpu_clockev = xen_hvm_setup_cpu_clockevents; - -- x86_platform.calibrate_tsc = xen_tsc_khz; -- x86_platform.get_wallclock = xen_get_wallclock; -- x86_platform.set_wallclock = xen_set_wallclock; -+ *(void **)&x86_platform.calibrate_tsc = xen_tsc_khz; -+ *(void **)&x86_platform.get_wallclock = xen_get_wallclock; -+ *(void **)&x86_platform.set_wallclock = xen_set_wallclock; - } - #endif diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index b040b0e..8cc4fe0 100644 +index b040b0e..c457aa7 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S -@@ -83,14 +83,14 @@ ENTRY(xen_iret) +@@ -83,16 +83,16 @@ ENTRY(xen_iret) ESP_OFFSET=4 # bytes pushed onto stack /* @@ -28965,8 +28642,34 @@ index b040b0e..8cc4fe0 100644 + mov PER_CPU_VAR(xen_vcpu), %eax + pop %fs #else - movl xen_vcpu, %eax +- movl xen_vcpu, %eax ++ movl %ss:xen_vcpu, %eax #endif + + /* check IF state we're restoring */ +@@ -105,11 +105,11 @@ ENTRY(xen_iret) + * resuming the code, so we don't have to be worried about + * being preempted to another CPU. + */ +- setz XEN_vcpu_info_mask(%eax) ++ setz %ss:XEN_vcpu_info_mask(%eax) + xen_iret_start_crit: + + /* check for unmasked and pending */ +- cmpw $0x0001, XEN_vcpu_info_pending(%eax) ++ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) + + /* + * If there's something pending, mask events again so we can +@@ -117,7 +117,7 @@ xen_iret_start_crit: + * touch XEN_vcpu_info_mask. + */ + jne 1f +- movb $1, XEN_vcpu_info_mask(%eax) ++ movb $1, %ss:XEN_vcpu_info_mask(%eax) + + 1: popl %eax + diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index aaa7291..3f77960 100644 --- a/arch/x86/xen/xen-head.S @@ -29201,6 +28904,93 @@ index 9e76a32..48d7145 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c +index a0f768c..9f73037 100644 +--- a/crypto/ablkcipher.c ++++ b/crypto/ablkcipher.c +@@ -388,9 +388,9 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +@@ -469,9 +469,9 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<built-in>"); ++ strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +diff --git a/crypto/aead.c b/crypto/aead.c +index 04add3dc..479b7d1 100644 +--- a/crypto/aead.c ++++ b/crypto/aead.c +@@ -117,9 +117,8 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- aead->geniv ?: "<built-in>"); ++ strncpy(raead.type, "aead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +@@ -203,8 +202,8 @@ static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv); ++ strncpy(raead.type, "nivaead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +diff --git a/crypto/ahash.c b/crypto/ahash.c +index ac93c99..7fe1752 100644 +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -404,7 +404,7 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_hash rhash; + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash"); ++ strncpy(rhash.type, "ahash", sizeof(rhash.type)); + + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c +index 1e61d1a..04f0f38 100644 +--- a/crypto/blkcipher.c ++++ b/crypto/blkcipher.c +@@ -499,9 +499,9 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_blkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -29223,6 +29013,148 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c +index 0605a2b..911f215b 100644 +--- a/crypto/crypto_user.c ++++ b/crypto/crypto_user.c +@@ -26,6 +26,8 @@ + #include <net/net_namespace.h> + #include "internal.h" + ++#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) ++ + DEFINE_MUTEX(crypto_cfg_mutex); + + /* The crypto netlink socket */ +@@ -71,7 +73,7 @@ static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_cipher rcipher; + +- snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher"); ++ strncpy(rcipher.type, "cipher", sizeof(rcipher.type)); + + rcipher.blocksize = alg->cra_blocksize; + rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; +@@ -90,7 +92,7 @@ static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rcomp; + +- snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression"); ++ strncpy(rcomp.type, "compression", sizeof(rcomp.type)); + + NLA_PUT(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rcomp); +@@ -104,12 +106,14 @@ nla_put_failure: + static int crypto_report_one(struct crypto_alg *alg, + struct crypto_user_alg *ualg, struct sk_buff *skb) + { +- memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); +- memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, +- sizeof(ualg->cru_driver_name)); +- memcpy(&ualg->cru_module_name, module_name(alg->cra_module), +- CRYPTO_MAX_ALG_NAME); ++ strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); ++ strncpy(ualg->cru_driver_name, alg->cra_driver_name, ++ sizeof(ualg->cru_driver_name)); ++ strncpy(ualg->cru_module_name, module_name(alg->cra_module), ++ sizeof(ualg->cru_module_name)); + ++ ualg->cru_type = 0; ++ ualg->cru_mask = 0; + ualg->cru_flags = alg->cra_flags; + ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); + +@@ -118,7 +122,7 @@ static int crypto_report_one(struct crypto_alg *alg, + if (alg->cra_flags & CRYPTO_ALG_LARVAL) { + struct crypto_report_larval rl; + +- snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval"); ++ strncpy(rl.type, "larval", sizeof(rl.type)); + + NLA_PUT(skb, CRYPTOCFGA_REPORT_LARVAL, + sizeof(struct crypto_report_larval), &rl); +@@ -192,7 +196,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, + struct crypto_dump_info info; + int err; + +- if (!p->cru_driver_name) ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ ++ if (!p->cru_driver_name[0]) + return -EINVAL; + + alg = crypto_alg_match(p, 1); +@@ -256,6 +263,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + LIST_HEAD(list); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (priority && !strlen(p->cru_driver_name)) + return -EINVAL; + +@@ -283,6 +293,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_alg *alg; + struct crypto_user_alg *p = nlmsg_data(nlh); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + alg = crypto_alg_match(p, 1); + if (!alg) + return -ENOENT; +@@ -310,6 +323,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_user_alg *p = nlmsg_data(nlh); + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (strlen(p->cru_driver_name)) + exact = 1; + +diff --git a/crypto/pcompress.c b/crypto/pcompress.c +index 2e458e5..0931af2 100644 +--- a/crypto/pcompress.c ++++ b/crypto/pcompress.c +@@ -53,7 +53,7 @@ static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rpcomp; + +- snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp"); ++ strncpy(rpcomp.type, "pcomp", sizeof(rpcomp.type)); + + NLA_PUT(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rpcomp); +diff --git a/crypto/rng.c b/crypto/rng.c +index 64f864f..1966c1d 100644 +--- a/crypto/rng.c ++++ b/crypto/rng.c +@@ -65,7 +65,7 @@ static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_rng rrng; + +- snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng"); ++ strncpy(rrng.type, "rng", sizeof(rrng.type)); + + rrng.seedsize = alg->cra_rng.seedsize; + +diff --git a/crypto/shash.c b/crypto/shash.c +index 9100912..f507294 100644 +--- a/crypto/shash.c ++++ b/crypto/shash.c +@@ -530,7 +530,8 @@ static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_hash rhash; + struct shash_alg *salg = __crypto_shash_alg(alg); + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash"); ++ strncpy(rhash.type, "shash", sizeof(rhash.type)); ++ + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = salg->digestsize; + diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c index 5d41894..22021e4 100644 --- a/drivers/acpi/apei/cper.c @@ -32042,22 +31974,18 @@ index 982f1f5..d21e5da 100644 iounmap(buf); return 0; diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index 5d5a868..4c9ec84 100644 +index 5d5a868..d866cfb 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c -@@ -1232,9 +1232,9 @@ efivars_init(void) - return -ENOMEM; - } +@@ -1204,7 +1204,7 @@ out: + EXPORT_SYMBOL_GPL(register_efivars); -- ops.get_variable = efi.get_variable; -- ops.set_variable = efi.set_variable; -- ops.get_next_variable = efi.get_next_variable; -+ *(void **)&ops.get_variable = efi.get_variable; -+ *(void **)&ops.set_variable = efi.set_variable; -+ *(void **)&ops.get_next_variable = efi.get_next_variable; - error = register_efivars(&__efivars, &ops, efi_kobj); - if (error) - goto err_put; + static struct efivars __efivars; +-static struct efivar_operations ops; ++static efivar_operations_no_const ops __read_only; + + /* + * For now we register the efi subsystem with the firmware subsystem diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c index 98723cb..10ca85b 100644 --- a/drivers/gpio/gpio-vr41xx.c @@ -33235,18 +33163,25 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 0b5468b..9c4b308 100644 +index 0b5468b..5001296 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c +@@ -631,7 +631,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) + man->size = size >> PAGE_SHIFT; + } + +-static struct vm_operations_struct radeon_ttm_vm_ops; ++static vm_operations_struct_no_const radeon_ttm_vm_ops __read_only; + static const struct vm_operations_struct *ttm_vm_ops = NULL; + + static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) @@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; -- radeon_ttm_vm_ops = *ttm_vm_ops; -- radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + pax_open_kernel(); -+ memcpy((void *)&radeon_ttm_vm_ops, ttm_vm_ops, sizeof(radeon_ttm_vm_ops)); -+ *(void **)&radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + radeon_ttm_vm_ops = *ttm_vm_ops; + radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + pax_close_kernel(); } vma->vm_ops = &radeon_ttm_vm_ops; @@ -35035,41 +34970,6 @@ index ba70058..571d25d 100644 serio->dev.bus = &serio_bus; serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; -diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c -index 62a4d5c..84c482a 100644 ---- a/drivers/iommu/amd_iommu_init.c -+++ b/drivers/iommu/amd_iommu_init.c -@@ -1502,7 +1502,7 @@ static int __init amd_iommu_init(void) - - register_syscore_ops(&amd_iommu_syscore_ops); - -- x86_platform.iommu_shutdown = disable_iommus; -+ *(void **)&x86_platform.iommu_shutdown = disable_iommus; - - if (iommu_pass_through) - goto out; -@@ -1572,7 +1572,7 @@ int __init amd_iommu_detect(void) - if (acpi_table_parse("IVRS", early_amd_iommu_detect) == 0) { - iommu_detected = 1; - amd_iommu_detected = 1; -- x86_init.iommu.iommu_init = amd_iommu_init; -+ *(void **)&x86_init.iommu.iommu_init = amd_iommu_init; - - /* Make sure ACS will be enabled */ - pci_request_acs(); -diff --git a/drivers/iommu/dmar.c b/drivers/iommu/dmar.c -index 97b2e21..7cfe357 100644 ---- a/drivers/iommu/dmar.c -+++ b/drivers/iommu/dmar.c -@@ -568,7 +568,7 @@ int __init detect_intel_iommu(void) - - #ifdef CONFIG_X86 - if (ret) -- x86_init.iommu.iommu_init = intel_iommu_init; -+ *(void **)&x86_init.iommu.iommu_init = intel_iommu_init; - #endif - } - early_acpi_os_unmap_memory(dmar_tbl, dmar_tbl_size); diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index e44933d..9ba484a 100644 --- a/drivers/isdn/capi/capi.c @@ -37364,18 +37264,17 @@ index 4c8e199..f7f5587 100644 if (!q_vector->rxr_count) return IRQ_HANDLED; diff --git a/drivers/net/ethernet/mellanox/mlx4/eq.c b/drivers/net/ethernet/mellanox/mlx4/eq.c -index 24ee967..b5c9b99 100644 +index 24ee967..9a07e41 100644 --- a/drivers/net/ethernet/mellanox/mlx4/eq.c +++ b/drivers/net/ethernet/mellanox/mlx4/eq.c -@@ -570,8 +570,9 @@ int mlx4_init_eq_table(struct mlx4_dev *dev) +@@ -570,8 +570,8 @@ int mlx4_init_eq_table(struct mlx4_dev *dev) int err; int i; - priv->eq_table.uar_map = kcalloc(sizeof *priv->eq_table.uar_map, - mlx4_num_eq_uar(dev), GFP_KERNEL); + priv->eq_table.uar_map = kcalloc(mlx4_num_eq_uar(dev), -+ sizeof *priv->eq_table.uar_map, -+ GFP_KERNEL); ++ sizeof *priv->eq_table.uar_map, GFP_KERNEL); if (!priv->eq_table.uar_map) { err = -ENOMEM; goto err_out_free; @@ -64212,6 +64111,18 @@ index 75f53f8..5c7972d 100644 struct dma_pinned_list *pinned_list, struct page *page, unsigned int offset, size_t len); +diff --git a/include/linux/efi.h b/include/linux/efi.h +index 1721c41..aaa7b53 100644 +--- a/include/linux/efi.h ++++ b/include/linux/efi.h +@@ -471,6 +471,7 @@ struct efivar_operations { + efi_get_next_variable_t *get_next_variable; + efi_set_variable_t *set_variable; + }; ++typedef struct efivar_operations __no_const efivar_operations_no_const; + + struct efivars { + /* diff --git a/include/linux/elf.h b/include/linux/elf.h index 31f0508..5421c01 100644 --- a/include/linux/elf.h @@ -65732,7 +65643,7 @@ index cdde2b3..d782954 100644 .files = &init_files, \ .signal = &init_signals, \ diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index a64b00e..464d8bc 100644 +index a64b00e..2ef3855f 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h @@ -441,7 +441,7 @@ enum @@ -65749,8 +65660,9 @@ index a64b00e..464d8bc 100644 struct softirq_action { - void (*action)(struct softirq_action *); +-}; + void (*action)(void); - }; ++} __no_const; asmlinkage void do_softirq(void); asmlinkage void __do_softirq(void); @@ -65946,7 +65858,7 @@ index 3797270..7765ede 100644 struct mca_bus { u64 default_dma_mask; diff --git a/include/linux/mm.h b/include/linux/mm.h -index 4baadd1..293e034 100644 +index 4baadd1..8699dc0 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -65964,7 +65876,15 @@ index 4baadd1..293e034 100644 #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */ #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ -@@ -1012,34 +1019,6 @@ int set_page_dirty(struct page *page); +@@ -241,6 +248,7 @@ struct vm_operations_struct { + const nodemask_t *to, unsigned long flags); + #endif + }; ++typedef struct vm_operations_struct __no_const vm_operations_struct_no_const; + + struct mmu_gather; + struct inode; +@@ -1012,34 +1020,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -65999,7 +65919,7 @@ index 4baadd1..293e034 100644 extern unsigned long move_page_tables(struct vm_area_struct *vma, unsigned long old_addr, struct vm_area_struct *new_vma, unsigned long new_addr, unsigned long len); -@@ -1134,6 +1113,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) +@@ -1134,6 +1114,15 @@ static inline void sync_mm_rss(struct task_struct *task, struct mm_struct *mm) } #endif @@ -66015,7 +65935,7 @@ index 4baadd1..293e034 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1152,8 +1140,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1152,8 +1141,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -66031,7 +65951,7 @@ index 4baadd1..293e034 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1162,8 +1157,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1162,8 +1158,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -66047,7 +65967,7 @@ index 4baadd1..293e034 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1181,11 +1183,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1181,11 +1184,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -66071,7 +65991,7 @@ index 4baadd1..293e034 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1419,6 +1433,7 @@ out: +@@ -1419,6 +1434,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -66079,7 +65999,7 @@ index 4baadd1..293e034 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1476,6 +1491,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1476,6 +1492,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -66090,7 +66010,7 @@ index 4baadd1..293e034 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1492,15 +1511,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) +@@ -1492,15 +1512,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; } @@ -66106,7 +66026,7 @@ index 4baadd1..293e034 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1614,7 +1624,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1614,7 +1625,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -66115,7 +66035,7 @@ index 4baadd1..293e034 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1628,5 +1638,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, +@@ -1628,5 +1639,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, unsigned int pages_per_huge_page); #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ @@ -66769,15 +66689,16 @@ index e0879a7..a12f962 100644 #endif diff --git a/include/linux/regset.h b/include/linux/regset.h -index 686f373..a72ed78 100644 +index 686f373..6ade19e 100644 --- a/include/linux/regset.h +++ b/include/linux/regset.h -@@ -160,7 +160,7 @@ struct user_regset { +@@ -160,7 +160,8 @@ struct user_regset { unsigned int align; unsigned int bias; unsigned int core_note_type; -}; +} __do_const; ++typedef struct user_regset __no_const user_regset_no_const; /** * struct user_regset_view - available regsets @@ -67145,7 +67066,7 @@ index 899fbb4..1cb4138 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index e8c619d..e0cbd1c 100644 +index e8c619d..a06aa39 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -37,6 +37,7 @@ @@ -67156,6 +67077,28 @@ index e8c619d..e0cbd1c 100644 #include <net/flow.h> /* Maximum number of letters for an LSM name string */ +@@ -1676,6 +1677,8 @@ int security_capset(struct cred *new, const struct cred *old, + const kernel_cap_t *permitted); + int security_capable(struct user_namespace *ns, const struct cred *cred, + int cap); ++int security_capable_noaudit(struct user_namespace *ns, const struct cred *cred, ++ int cap); + int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, + int cap); + int security_real_capable_noaudit(struct task_struct *tsk, +@@ -1880,6 +1883,12 @@ static inline int security_capable(struct user_namespace *ns, + return cap_capable(current, cred, ns, cap, SECURITY_CAP_AUDIT); + } + ++static inline int security_capable_noaudit(struct user_namespace *ns, ++ const struct cred *cred, int cap) ++{ ++ return cap_capable(current, cred, ns, cap, SECURITY_CAP_NOAUDIT); ++} ++ + static inline int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, int cap) + { + int ret; diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index 0b69a46..b2ffa4c 100644 --- a/include/linux/seq_file.h @@ -69455,7 +69398,7 @@ index 47b7fc1..c003c33 100644 if (context && context->in_syscall) { diff --git a/kernel/capability.c b/kernel/capability.c -index b463871..fa3ea1f 100644 +index b463871..59495fd 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -69484,11 +69427,11 @@ index b463871..fa3ea1f 100644 +bool ns_capable_nolog(struct user_namespace *ns, int cap) +{ + if (unlikely(!cap_valid(cap))) { -+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap); ++ printk(KERN_CRIT "capable_nolog() called with invalid cap=%u\n", cap); + BUG(); + } + -+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) { ++ if (security_capable_noaudit(ns, current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) { + current->flags |= PF_SUPERPRIV; + return true; + } @@ -73357,10 +73300,15 @@ index 9e800b2..451c00b 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..1021f81 100644 +index 2c71d91..2c2ecef 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c -@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp +@@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; + EXPORT_SYMBOL(irq_stat); + #endif + +-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; ++static struct softirq_action softirq_vec[NR_SOFTIRQS] __read_only __aligned(PAGE_SIZE); DEFINE_PER_CPU(struct task_struct *, ksoftirqd); @@ -73378,21 +73326,16 @@ index 2c71d91..1021f81 100644 trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %u %s %p" -@@ -385,9 +385,11 @@ void raise_softirq(unsigned int nr) +@@ -385,7 +385,7 @@ void raise_softirq(unsigned int nr) local_irq_restore(flags); } -void open_softirq(int nr, void (*action)(struct softirq_action *)) -+void open_softirq(int nr, void (*action)(void)) ++void __init open_softirq(int nr, void (*action)(void)) { -- softirq_vec[nr].action = action; -+ pax_open_kernel(); -+ *(void **)&softirq_vec[nr].action = action; -+ pax_close_kernel(); + softirq_vec[nr].action = action; } - - /* -@@ -441,7 +443,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -441,7 +441,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -73401,7 +73344,7 @@ index 2c71d91..1021f81 100644 { struct tasklet_struct *list; -@@ -476,7 +478,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -476,7 +476,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -74549,7 +74492,7 @@ index 5638104..f047453 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index c212a7f..7b02394 100644 +index c212a7f..a2560bc 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1299,10 +1299,6 @@ static LIST_HEAD(ftrace_module_file_list); @@ -74579,10 +74522,10 @@ index c212a7f..7b02394 100644 - file_ops->format = ftrace_event_format_fops; - file_ops->format.owner = mod; + pax_open_kernel(); -+ *(void **)&mod->trace_id.owner = mod; -+ *(void **)&mod->trace_enable.owner = mod; -+ *(void **)&mod->trace_filter.owner = mod; -+ *(void **)&mod->trace_format.owner = mod; ++ mod->trace_id.owner = mod; ++ mod->trace_enable.owner = mod; ++ mod->trace_filter.owner = mod; ++ mod->trace_format.owner = mod; + pax_close_kernel(); list_add(&file_ops->list, &ftrace_module_file_list); @@ -80933,42 +80876,18 @@ index c40f27e..7f49254 100644 m->msg_iov = iov; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 5229c7f..e1550a7 100644 +index 5229c7f..6cb13fa 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c -@@ -197,14 +197,16 @@ int __rtnl_register(int protocol, int msgtype, - rtnl_msg_handlers[protocol] = tab; - } - -+ pax_open_kernel(); - if (doit) -- tab[msgindex].doit = doit; -+ *(void **)&tab[msgindex].doit = doit; - - if (dumpit) -- tab[msgindex].dumpit = dumpit; -+ *(void **)&tab[msgindex].dumpit = dumpit; - - if (calcit) -- tab[msgindex].calcit = calcit; -+ *(void **)&tab[msgindex].calcit = calcit; -+ pax_close_kernel(); +@@ -57,7 +57,7 @@ struct rtnl_link { + rtnl_doit_func doit; + rtnl_dumpit_func dumpit; + rtnl_calcit_func calcit; +-}; ++} __no_const; - return 0; - } -@@ -247,8 +249,10 @@ int rtnl_unregister(int protocol, int msgtype) - if (rtnl_msg_handlers[protocol] == NULL) - return -ENOENT; + static DEFINE_MUTEX(rtnl_mutex); -- rtnl_msg_handlers[protocol][msgindex].doit = NULL; -- rtnl_msg_handlers[protocol][msgindex].dumpit = NULL; -+ pax_open_kernel(); -+ *(void **)&rtnl_msg_handlers[protocol][msgindex].doit = NULL; -+ *(void **)&rtnl_msg_handlers[protocol][msgindex].dumpit = NULL; -+ pax_close_kernel(); - - return 0; - } diff --git a/net/core/scm.c b/net/core/scm.c index ff52ad0..aff1c0f 100644 --- a/net/core/scm.c @@ -86263,7 +86182,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index e2f684a..8d62ef5 100644 +index e2f684a..8eed291 100644 --- a/security/security.c +++ b/security/security.c @@ -26,8 +26,8 @@ @@ -86287,6 +86206,20 @@ index e2f684a..8d62ef5 100644 } /* Save user chosen LSM */ +@@ -162,6 +164,13 @@ int security_capable(struct user_namespace *ns, const struct cred *cred, + SECURITY_CAP_AUDIT); + } + ++int security_capable_noaudit(struct user_namespace *ns, const struct cred *cred, ++ int cap) ++{ ++ return security_ops->capable(current, cred, ns, cap, ++ SECURITY_CAP_NOAUDIT); ++} ++ + int security_real_capable(struct task_struct *tsk, struct user_namespace *ns, + int cap) + { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 1126c10..effb32b 100644 --- a/security/selinux/hooks.c @@ -94368,7 +94301,7 @@ index 6789d78..4afd019e 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index ec747dc..ea82dda 100644 +index ec747dc..38a8e47 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,12 +75,17 @@ LIST_HEAD(vm_list); @@ -94400,6 +94333,33 @@ index ec747dc..ea82dda 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; +@@ -1630,7 +1635,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) + return 0; + } + +-static struct file_operations kvm_vcpu_fops = { ++static file_operations_no_const kvm_vcpu_fops __read_only = { + .release = kvm_vcpu_release, + .unlocked_ioctl = kvm_vcpu_ioctl, + #ifdef CONFIG_COMPAT +@@ -2150,7 +2155,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) + return 0; + } + +-static struct file_operations kvm_vm_fops = { ++static file_operations_no_const kvm_vm_fops __read_only = { + .release = kvm_vm_release, + .unlocked_ioctl = kvm_vm_ioctl, + #ifdef CONFIG_COMPAT +@@ -2248,7 +2253,7 @@ out: + return r; + } + +-static struct file_operations kvm_chardev_ops = { ++static file_operations_no_const kvm_chardev_ops __read_only = { + .unlocked_ioctl = kvm_dev_ioctl, + .compat_ioctl = kvm_dev_ioctl, + .llseek = noop_llseek, @@ -2274,7 +2279,7 @@ static void hardware_enable_nolock(void *junk) if (r) { @@ -94444,13 +94404,10 @@ index ec747dc..ea82dda 100644 if (r) goto out_free; -- kvm_chardev_ops.owner = module; -- kvm_vm_fops.owner = module; -- kvm_vcpu_fops.owner = module; + pax_open_kernel(); -+ *(void **)&kvm_chardev_ops.owner = module; -+ *(void **)&kvm_vm_fops.owner = module; -+ *(void **)&kvm_vcpu_fops.owner = module; + kvm_chardev_ops.owner = module; + kvm_vm_fops.owner = module; + kvm_vcpu_fops.owner = module; + pax_close_kernel(); r = misc_register(&kvm_dev); diff --git a/3.7.8/0000_README b/3.7.9/0000_README index c6ec76a..bd6a050 100644 --- a/3.7.8/0000_README +++ b/3.7.9/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.7.8-201302161158.patch +Patch: 4420_grsecurity-2.9.1-3.7.9-201302171808.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.7.8/4420_grsecurity-2.9.1-3.7.8-201302161158.patch b/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch index 652bbf8..f81b3df 100644 --- a/3.7.8/4420_grsecurity-2.9.1-3.7.8-201302161158.patch +++ b/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch @@ -251,7 +251,7 @@ index 9776f06..18b1856 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index ad48987..d808c2d 100644 +index 5634228..b54a897 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -12662,7 +12662,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index a1f780d..9f6c8dd 100644 +index 796ed83..9f6c8dd 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -12725,19 +12725,7 @@ index a1f780d..9f6c8dd 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -142,6 +182,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd) - return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT; - } - -+static inline unsigned long pud_pfn(pud_t pud) -+{ -+ return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT; -+} -+ - #define pte_page(pte) pfn_to_page(pte_pfn(pte)) - - static inline int pmd_large(pmd_t pte) -@@ -195,9 +240,29 @@ static inline pte_t pte_wrprotect(pte_t pte) +@@ -200,9 +240,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -12768,7 +12756,7 @@ index a1f780d..9f6c8dd 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -389,6 +454,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -394,6 +454,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -12784,7 +12772,7 @@ index a1f780d..9f6c8dd 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -565,7 +639,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -570,7 +639,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -12793,7 +12781,7 @@ index a1f780d..9f6c8dd 100644 } static inline int pgd_none(pgd_t pgd) -@@ -588,7 +662,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -593,7 +662,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -12807,7 +12795,7 @@ index a1f780d..9f6c8dd 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -599,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -12828,7 +12816,7 @@ index a1f780d..9f6c8dd 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -763,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -15201,10 +15189,10 @@ index c88baa4..a89def0 100644 .name = "cluster x2apic", .probe = x2apic_cluster_probe, diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c -index e03a1e1..0e41d28 100644 +index 562a76d..a003c0f 100644 --- a/arch/x86/kernel/apic/x2apic_phys.c +++ b/arch/x86/kernel/apic/x2apic_phys.c -@@ -88,7 +88,7 @@ static int x2apic_phys_probe(void) +@@ -89,7 +89,7 @@ static int x2apic_phys_probe(void) return apic == &apic_x2apic_phys; } @@ -25094,7 +25082,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 8e13ecb..60bf506 100644 +index 79ff7da..610cf70 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -25298,12 +25286,11 @@ index 8e13ecb..60bf506 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -749,12 +831,30 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -748,6 +830,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, + return; } #endif - -- if (unlikely(show_unhandled_signals)) -- show_signal_msg(regs, error_code, address, tsk); ++ +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) + if (pax_is_fetch_fault(regs, error_code, address)) { + @@ -25318,21 +25305,11 @@ index 8e13ecb..60bf506 100644 + do_group_exit(SIGKILL); + } +#endif - - /* Kernel addresses are always protection faults: */ -+ if (address >= TASK_SIZE) -+ error_code |= PF_PROT; -+ -+ if (show_unhandled_signals) -+ show_signal_msg(regs, error_code, address, tsk); + - tsk->thread.cr2 = address; -- tsk->thread.error_code = error_code | (address >= TASK_SIZE); -+ tsk->thread.error_code = error_code; - tsk->thread.trap_nr = X86_TRAP_PF; - - force_sig_info_fault(SIGSEGV, si_code, address, tsk, 0); -@@ -845,7 +945,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, + /* Kernel addresses are always protection faults: */ + if (address >= TASK_SIZE) + error_code |= PF_PROT; +@@ -847,7 +945,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -25341,7 +25318,7 @@ index 8e13ecb..60bf506 100644 code = BUS_MCEERR_AR; } #endif -@@ -901,6 +1001,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -903,6 +1001,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -25441,7 +25418,7 @@ index 8e13ecb..60bf506 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -973,6 +1166,9 @@ int show_unhandled_signals = 1; +@@ -975,6 +1166,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -25451,7 +25428,7 @@ index 8e13ecb..60bf506 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1001,7 +1197,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -1003,7 +1197,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -25460,7 +25437,7 @@ index 8e13ecb..60bf506 100644 return false; return true; -@@ -1017,18 +1213,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1019,18 +1213,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -25499,7 +25476,7 @@ index 8e13ecb..60bf506 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1089,7 +1300,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1091,7 +1300,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -25508,7 +25485,7 @@ index 8e13ecb..60bf506 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1151,6 +1362,11 @@ retry: +@@ -1153,6 +1362,11 @@ retry: might_sleep(); } @@ -25520,7 +25497,7 @@ index 8e13ecb..60bf506 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1162,18 +1378,24 @@ retry: +@@ -1164,18 +1378,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -25556,7 +25533,7 @@ index 8e13ecb..60bf506 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1237,3 +1459,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1239,3 +1459,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) __do_page_fault(regs, error_code); exception_exit(regs); } @@ -26552,7 +26529,7 @@ index 11a5800..4bd9977 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 3baff25..678a54e 100644 +index ce42da7..678a54e 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -26700,17 +26677,7 @@ index 3baff25..678a54e 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -829,6 +849,9 @@ int kern_addr_valid(unsigned long addr) - if (pud_none(*pud)) - return 0; - -+ if (pud_large(*pud)) -+ return pfn_valid(pud_pfn(*pud)); -+ - pmd = pmd_offset(pud, addr); - if (pmd_none(*pmd)) - return 0; -@@ -851,8 +874,8 @@ int kern_addr_valid(unsigned long addr) +@@ -854,8 +874,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -26721,7 +26688,7 @@ index 3baff25..678a54e 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -886,7 +909,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -889,7 +909,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -29250,7 +29217,7 @@ index 353c50f..8f3c179 100644 xen_init_spinlocks(); } diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index f9643fc..602e8af 100644 +index 33ca6e4..0ded929 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S @@ -84,14 +84,14 @@ ENTRY(xen_iret) @@ -29263,16 +29230,16 @@ index f9643fc..602e8af 100644 */ #ifdef CONFIG_SMP - GET_THREAD_INFO(%eax) -- movl TI_cpu(%eax), %eax -- movl __per_cpu_offset(,%eax,4), %eax -- mov xen_vcpu(%eax), %eax +- movl %ss:TI_cpu(%eax), %eax +- movl %ss:__per_cpu_offset(,%eax,4), %eax +- mov %ss:xen_vcpu(%eax), %eax + push %fs + mov $(__KERNEL_PERCPU), %eax + mov %eax, %fs + mov PER_CPU_VAR(xen_vcpu), %eax + pop %fs #else - movl xen_vcpu, %eax + movl %ss:xen_vcpu, %eax #endif diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index 7faed58..ba4427c 100644 @@ -29533,6 +29500,93 @@ index 9a87daa..fb17486 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c +index 533de95..7d4a8d2 100644 +--- a/crypto/ablkcipher.c ++++ b/crypto/ablkcipher.c +@@ -388,9 +388,9 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +@@ -469,9 +469,9 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<built-in>"); ++ strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +diff --git a/crypto/aead.c b/crypto/aead.c +index 0b8121e..27bc487 100644 +--- a/crypto/aead.c ++++ b/crypto/aead.c +@@ -117,9 +117,8 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- aead->geniv ?: "<built-in>"); ++ strncpy(raead.type, "aead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +@@ -203,8 +202,8 @@ static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv); ++ strncpy(raead.type, "nivaead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +diff --git a/crypto/ahash.c b/crypto/ahash.c +index 3887856..793a27f 100644 +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -404,7 +404,7 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_hash rhash; + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash"); ++ strncpy(rhash.type, "ahash", sizeof(rhash.type)); + + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c +index a8d85a1..c44e014 100644 +--- a/crypto/blkcipher.c ++++ b/crypto/blkcipher.c +@@ -499,9 +499,9 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_blkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -29555,6 +29609,151 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c +index 35d700a..dfd511f 100644 +--- a/crypto/crypto_user.c ++++ b/crypto/crypto_user.c +@@ -30,6 +30,8 @@ + + #include "internal.h" + ++#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) ++ + static DEFINE_MUTEX(crypto_cfg_mutex); + + /* The crypto netlink socket */ +@@ -75,7 +77,7 @@ static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_cipher rcipher; + +- snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher"); ++ strncpy(rcipher.type, "cipher", sizeof(rcipher.type)); + + rcipher.blocksize = alg->cra_blocksize; + rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; +@@ -94,8 +96,7 @@ static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rcomp; + +- snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression"); +- ++ strncpy(rcomp.type, "compression", sizeof(rcomp.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rcomp)) + goto nla_put_failure; +@@ -108,12 +109,14 @@ nla_put_failure: + static int crypto_report_one(struct crypto_alg *alg, + struct crypto_user_alg *ualg, struct sk_buff *skb) + { +- memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); +- memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, +- sizeof(ualg->cru_driver_name)); +- memcpy(&ualg->cru_module_name, module_name(alg->cra_module), +- CRYPTO_MAX_ALG_NAME); ++ strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); ++ strncpy(ualg->cru_driver_name, alg->cra_driver_name, ++ sizeof(ualg->cru_driver_name)); ++ strncpy(ualg->cru_module_name, module_name(alg->cra_module), ++ sizeof(ualg->cru_module_name)); + ++ ualg->cru_type = 0; ++ ualg->cru_mask = 0; + ualg->cru_flags = alg->cra_flags; + ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); + +@@ -122,8 +125,7 @@ static int crypto_report_one(struct crypto_alg *alg, + if (alg->cra_flags & CRYPTO_ALG_LARVAL) { + struct crypto_report_larval rl; + +- snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval"); +- ++ strncpy(rl.type, "larval", sizeof(rl.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, + sizeof(struct crypto_report_larval), &rl)) + goto nla_put_failure; +@@ -196,7 +198,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, + struct crypto_dump_info info; + int err; + +- if (!p->cru_driver_name) ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ ++ if (!p->cru_driver_name[0]) + return -EINVAL; + + alg = crypto_alg_match(p, 1); +@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + LIST_HEAD(list); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (priority && !strlen(p->cru_driver_name)) + return -EINVAL; + +@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_alg *alg; + struct crypto_user_alg *p = nlmsg_data(nlh); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + alg = crypto_alg_match(p, 1); + if (!alg) + return -ENOENT; +@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_user_alg *p = nlmsg_data(nlh); + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (strlen(p->cru_driver_name)) + exact = 1; + +diff --git a/crypto/pcompress.c b/crypto/pcompress.c +index 04e083f..7140fe7 100644 +--- a/crypto/pcompress.c ++++ b/crypto/pcompress.c +@@ -53,8 +53,7 @@ static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rpcomp; + +- snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp"); +- ++ strncpy(rpcomp.type, "pcomp", sizeof(rpcomp.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rpcomp)) + goto nla_put_failure; +diff --git a/crypto/rng.c b/crypto/rng.c +index f3b7894..e0a25c2 100644 +--- a/crypto/rng.c ++++ b/crypto/rng.c +@@ -65,7 +65,7 @@ static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_rng rrng; + +- snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng"); ++ strncpy(rrng.type, "rng", sizeof(rrng.type)); + + rrng.seedsize = alg->cra_rng.seedsize; + +diff --git a/crypto/shash.c b/crypto/shash.c +index f426330f..929058a 100644 +--- a/crypto/shash.c ++++ b/crypto/shash.c +@@ -530,7 +530,8 @@ static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_hash rhash; + struct shash_alg *salg = __crypto_shash_alg(alg); + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash"); ++ strncpy(rhash.type, "shash", sizeof(rhash.type)); ++ + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = salg->digestsize; + diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c index e6defd8..c26a225 100644 --- a/drivers/acpi/apei/cper.c @@ -33060,7 +33259,7 @@ index 8e9057b..af6dacb 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 5ebe1b3..44209ea 100644 +index 5ebe1b3..cf69ba0 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c @@ -781,7 +781,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) @@ -33072,6 +33271,17 @@ index 5ebe1b3..44209ea 100644 static const struct vm_operations_struct *ttm_vm_ops = NULL; static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -822,8 +822,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) + } + if (unlikely(ttm_vm_ops == NULL)) { + ttm_vm_ops = vma->vm_ops; ++ pax_open_kernel(); + radeon_ttm_vm_ops = *ttm_vm_ops; + radeon_ttm_vm_ops.fault = &radeon_ttm_fault; ++ pax_close_kernel(); + } + vma->vm_ops = &radeon_ttm_vm_ops; + return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c index 5706d2a..17aedaa 100644 --- a/drivers/gpu/drm/radeon/rs690.c @@ -68250,7 +68460,7 @@ index 157e989..b28b365 100644 struct audit_buffer *ab; diff --git a/kernel/capability.c b/kernel/capability.c -index 493d972..ea17248 100644 +index 493d972..f87dfbd 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -68306,11 +68516,11 @@ index 493d972..ea17248 100644 +bool ns_capable_nolog(struct user_namespace *ns, int cap) +{ + if (unlikely(!cap_valid(cap))) { -+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap); ++ printk(KERN_CRIT "capable_nolog() called with invalid cap=%u\n", cap); + BUG(); + } + -+ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) { ++ if (security_capable_noaudit(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) { + current->flags |= PF_SUPERPRIV; + return true; + } @@ -74885,7 +75095,7 @@ index 346d32d..d7adff2 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index f0b9ce5..da8d069 100644 +index c9bd528..da8d069 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -74935,21 +75145,7 @@ index f0b9ce5..da8d069 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -517,17 +527,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) - static int do_mlockall(int flags) - { - struct vm_area_struct * vma, * prev = NULL; -- unsigned int def_flags = 0; - - if (flags & MCL_FUTURE) -- def_flags = VM_LOCKED; -- current->mm->def_flags = def_flags; -+ current->mm->def_flags |= VM_LOCKED; -+ else -+ current->mm->def_flags &= ~VM_LOCKED; - if (flags == MCL_FUTURE) - goto out; - +@@ -528,6 +538,12 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; diff --git a/3.7.8/4425_grsec_remove_EI_PAX.patch b/3.7.9/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.7.8/4425_grsec_remove_EI_PAX.patch +++ b/3.7.9/4425_grsec_remove_EI_PAX.patch diff --git a/3.7.8/4430_grsec-remove-localversion-grsec.patch b/3.7.9/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.7.8/4430_grsec-remove-localversion-grsec.patch +++ b/3.7.9/4430_grsec-remove-localversion-grsec.patch diff --git a/3.7.8/4435_grsec-mute-warnings.patch b/3.7.9/4435_grsec-mute-warnings.patch index e1a7a3c..e1a7a3c 100644 --- a/3.7.8/4435_grsec-mute-warnings.patch +++ b/3.7.9/4435_grsec-mute-warnings.patch diff --git a/3.7.8/4440_grsec-remove-protected-paths.patch b/3.7.9/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.7.8/4440_grsec-remove-protected-paths.patch +++ b/3.7.9/4440_grsec-remove-protected-paths.patch diff --git a/3.7.8/4450_grsec-kconfig-default-gids.patch b/3.7.9/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.7.8/4450_grsec-kconfig-default-gids.patch +++ b/3.7.9/4450_grsec-kconfig-default-gids.patch diff --git a/3.7.8/4465_selinux-avc_audit-log-curr_ip.patch b/3.7.9/4465_selinux-avc_audit-log-curr_ip.patch index 5b614b1..5b614b1 100644 --- a/3.7.8/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.7.9/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.7.8/4470_disable-compat_vdso.patch b/3.7.9/4470_disable-compat_vdso.patch index 1037ba9..1037ba9 100644 --- a/3.7.8/4470_disable-compat_vdso.patch +++ b/3.7.9/4470_disable-compat_vdso.patch |