diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2014-03-29 13:55:05 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2014-03-29 13:55:05 -0400 |
| commit | c19c10924711f4e252bf33481835766230f57d8e (patch) | |
| tree | 65b2db85d8a29b5fbbfb5c253604bd6b631ddbaf | |
| parent | Grsec/PaX: 3.0-{3.2.55,3.13.6}-201403202349 (diff) | |
| download | hardened-patchset-c19c10924711f4e252bf33481835766230f57d8e.tar.gz hardened-patchset-c19c10924711f4e252bf33481835766230f57d8e.tar.bz2 hardened-patchset-c19c10924711f4e252bf33481835766230f57d8e.zip | |
Grsec/PaX: 3.0-{3.2.55,3.13.7}-20140328185820140328
| -rw-r--r-- | 3.13.7/0000_README (renamed from 3.13.6/0000_README) | 2 | ||||
| -rw-r--r-- | 3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch (renamed from 3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch) | 820 | ||||
| -rw-r--r-- | 3.13.7/4425_grsec_remove_EI_PAX.patch (renamed from 3.13.6/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.13.6/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4430_grsec-remove-localversion-grsec.patch (renamed from 3.13.6/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4435_grsec-mute-warnings.patch (renamed from 3.13.6/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4440_grsec-remove-protected-paths.patch (renamed from 3.13.6/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4450_grsec-kconfig-default-gids.patch (renamed from 3.13.6/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.13.6/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4470_disable-compat_vdso.patch (renamed from 3.13.6/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.13.7/4475_emutramp_default_on.patch (renamed from 3.13.6/4475_emutramp_default_on.patch) | 0 | ||||
| -rw-r--r-- | 3.2.55/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch (renamed from 3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch) | 221 |
13 files changed, 664 insertions, 381 deletions
diff --git a/3.13.6/0000_README b/3.13.7/0000_README index 1864b5a..f9125d0 100644 --- a/3.13.6/0000_README +++ b/3.13.7/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.13.6-201403202349.patch +Patch: 4420_grsecurity-3.0-3.13.7-201403281902.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch b/3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch index 521e844..8e4e492 100644 --- a/3.13.6/4420_grsecurity-3.0-3.13.6-201403202349.patch +++ b/3.13.7/4420_grsecurity-3.0-3.13.7-201403281902.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index dfe5fec..079642c 100644 +index 9f214b4..8c9c622 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -874,10 +874,10 @@ index 98838a0..b304fb4 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index c1f1a7e..554b0cd 100644 +index 47085a0..f975a53 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1828,7 +1828,7 @@ config ALIGNMENT_TRAP +@@ -1830,7 +1830,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -886,7 +886,7 @@ index c1f1a7e..554b0cd 100644 default y if CPU_FEROCEON help Implement faster copy_to_user and clear_user methods for CPU -@@ -2100,6 +2100,7 @@ config XIP_PHYS_ADDR +@@ -2102,6 +2102,7 @@ config XIP_PHYS_ADDR config KEXEC bool "Kexec system call (EXPERIMENTAL)" depends on (!SMP || PM_SLEEP_SMP) @@ -8524,7 +8524,7 @@ index 6cff040..74ac5d1 100644 sechdrs, module); #endif diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 4a96556..dd95f6c 100644 +index ea2f6a3..dbb2be3 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -888,8 +888,8 @@ void show_regs(struct pt_regs * regs) @@ -8538,7 +8538,7 @@ index 4a96556..dd95f6c 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1376,10 +1376,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1385,10 +1385,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -8551,7 +8551,7 @@ index 4a96556..dd95f6c 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1399,7 +1399,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1408,7 +1408,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -8560,7 +8560,7 @@ index 4a96556..dd95f6c 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1435,58 +1435,3 @@ void notrace __ppc64_runlatch_off(void) +@@ -1444,58 +1444,3 @@ void notrace __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -10433,7 +10433,7 @@ index beb0b5a..5a153f7 100644 } } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index 87729ff..192f9d8 100644 +index 87729ff..d87fb1f 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S @@ -52,7 +52,7 @@ sys32_rt_sigreturn: @@ -10445,7 +10445,7 @@ index 87729ff..192f9d8 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -184,7 +184,7 @@ linux_sparc_syscall32: +@@ -184,12 +184,13 @@ linux_sparc_syscall32: srl %i3, 0, %o3 ! IEU0 srl %i2, 0, %o2 ! IEU0 Group @@ -10454,7 +10454,14 @@ index 87729ff..192f9d8 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 5: call %l7 ! CTI Group brk forced -@@ -207,7 +207,7 @@ linux_sparc_syscall: + srl %i5, 0, %o5 ! IEU1 +- ba,a,pt %xcc, 3f ++ ba,pt %xcc, 3f ++ sra %o0, 0, %o0 + + /* Linux native system calls enter here... */ + .align 32 +@@ -207,7 +208,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -10463,7 +10470,13 @@ index 87729ff..192f9d8 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -223,7 +223,7 @@ ret_sys_call: +@@ -217,13 +218,12 @@ linux_sparc_syscall: + 3: stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] + ret_sys_call: + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %g3 +- sra %o0, 0, %o0 + mov %ulo(TSTATE_XCARRY | TSTATE_ICARRY), %g2 + sllx %g2, 32, %g2 cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -17545,7 +17558,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 5ad38ad..71db3f2 100644 +index 5ad38ad..f228861 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17668,7 +17681,30 @@ index 5ad38ad..71db3f2 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b) + return a.pte == b.pte; + } + +-static inline int pteval_present(pteval_t pteval) +-{ +- /* +- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this +- * way clearly states that the intent is that protnone and numa +- * hinting ptes are considered present for the purposes of +- * pagetable operations like zapping, protection changes, gup etc. +- */ +- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA); +-} +- + static inline int pte_present(pte_t a) + { +- return pteval_present(pte_flags(a)); ++ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE | ++ _PAGE_NUMA); + } + + #define pte_accessible pte_accessible +@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17677,7 +17713,7 @@ index 5ad38ad..71db3f2 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17686,7 +17722,7 @@ index 5ad38ad..71db3f2 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17695,7 +17731,7 @@ index 5ad38ad..71db3f2 100644 } static inline int pgd_none(pgd_t pgd) -@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17709,7 +17745,7 @@ index 5ad38ad..71db3f2 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17733,7 +17769,7 @@ index 5ad38ad..71db3f2 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -24004,7 +24040,7 @@ index 85126cc..1bbce17 100644 init_level4_pgt[511] = early_level4_pgt[511]; diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index 81ba276..30c5411 100644 +index f36bd42..56ee1534 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -24227,16 +24263,16 @@ index 81ba276..30c5411 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) -@@ -544,7 +629,7 @@ ENDPROC(early_idt_handlers) - /* This is global to keep gas from relaxing the jumps */ - ENTRY(early_idt_handler) - cld +@@ -548,7 +633,7 @@ ENTRY(early_idt_handler) + cmpl $2,(%esp) # X86_TRAP_NMI + je is_nmi # Ignore NMI + - cmpl $2,%ss:early_recursion_flag + cmpl $1,%ss:early_recursion_flag je hlt_loop incl %ss:early_recursion_flag -@@ -582,8 +667,8 @@ ENTRY(early_idt_handler) +@@ -586,8 +671,8 @@ ENTRY(early_idt_handler) pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk @@ -24246,7 +24282,7 @@ index 81ba276..30c5411 100644 hlt_loop: hlt jmp hlt_loop -@@ -602,8 +687,11 @@ ENDPROC(early_idt_handler) +@@ -607,8 +692,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -24259,7 +24295,7 @@ index 81ba276..30c5411 100644 pushl %eax pushl %ecx pushl %edx -@@ -612,9 +700,6 @@ ignore_int: +@@ -617,9 +705,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -24269,7 +24305,7 @@ index 81ba276..30c5411 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -648,29 +733,34 @@ ENTRY(setup_once_ref) +@@ -653,29 +738,34 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -24309,7 +24345,7 @@ index 81ba276..30c5411 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -689,12 +779,20 @@ ENTRY(initial_page_table) +@@ -694,12 +784,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -24331,7 +24367,7 @@ index 81ba276..30c5411 100644 __INITRODATA int_msg: -@@ -722,7 +820,7 @@ fault_msg: +@@ -727,7 +825,7 @@ fault_msg: * segment size, and 32-bit linear address value: */ @@ -24340,7 +24376,7 @@ index 81ba276..30c5411 100644 .globl boot_gdt_descr .globl idt_descr -@@ -731,7 +829,7 @@ fault_msg: +@@ -736,7 +834,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -24349,7 +24385,7 @@ index 81ba276..30c5411 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -742,7 +840,7 @@ idt_descr: +@@ -747,7 +845,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -24358,7 +24394,7 @@ index 81ba276..30c5411 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -751,5 +849,65 @@ ENTRY(early_gdt_descr) +@@ -756,5 +854,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -24427,7 +24463,7 @@ index 81ba276..30c5411 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e1aabdb..fee4fee 100644 +index a468c0a..c7dec74 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -24519,7 +24555,16 @@ index e1aabdb..fee4fee 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -388,7 +419,7 @@ ENTRY(early_idt_handler) +@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) + .quad INIT_PER_CPU_VAR(irq_stack_union) + + GLOBAL(stack_start) +- .quad init_thread_union+THREAD_SIZE-8 ++ .quad init_thread_union+THREAD_SIZE-16 + .word 0 + __FINITDATA + +@@ -391,7 +422,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -24528,7 +24573,7 @@ index e1aabdb..fee4fee 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -416,6 +447,7 @@ ENDPROC(early_idt_handler) +@@ -420,6 +451,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -24536,7 +24581,7 @@ index e1aabdb..fee4fee 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -443,29 +475,52 @@ NEXT_PAGE(early_level4_pgt) +@@ -447,29 +479,52 @@ NEXT_PAGE(early_level4_pgt) NEXT_PAGE(early_dynamic_pgts) .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 @@ -24598,7 +24643,7 @@ index e1aabdb..fee4fee 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -473,6 +528,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -477,6 +532,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -24608,7 +24653,7 @@ index e1aabdb..fee4fee 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -490,28 +548,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -494,28 +552,64 @@ NEXT_PAGE(level2_kernel_pgt) NEXT_PAGE(level2_fixmap_pgt) .fill 506,8,0 .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -24709,7 +24754,7 @@ index 05fd74f..c3548b1 100644 +EXPORT_SYMBOL(cpu_pgd); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index e8368c6..9c1a712 100644 +index d5dd808..b6432cf 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -26496,18 +26541,10 @@ index c8e41e9..64049ef 100644 /* * PCI ids solely used for fixups_table go here diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S -index 3fd2c69..16ef367 100644 +index 3fd2c69..a444264 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S -@@ -11,6 +11,7 @@ - #include <asm/kexec.h> - #include <asm/processor-flags.h> - #include <asm/pgtable_types.h> -+#include <asm/alternative-asm.h> - - /* - * Must be relocatable PIC code callable as a C function -@@ -96,8 +97,7 @@ relocate_kernel: +@@ -96,8 +96,7 @@ relocate_kernel: /* jump to identity mapped page */ addq $(identity_mapped - relocate_kernel), %r8 @@ -26517,14 +26554,6 @@ index 3fd2c69..16ef367 100644 identity_mapped: /* set return address to 0 if not preserving context */ -@@ -167,6 +167,7 @@ identity_mapped: - xorl %r14d, %r14d - xorl %r15d, %r15d - -+ pax_force_retaddr 0, 1 - ret - - 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index cb233bc..23b4879 100644 --- a/arch/x86/kernel/setup.c @@ -26810,7 +26839,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 85dc05a..1241266 100644 +index 85dc05a..f8c96f6 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused) @@ -26838,9 +26867,12 @@ index 85dc05a..1241266 100644 /* * Check TSC synchronization with the BP: */ -@@ -751,6 +755,7 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) + alternatives_enable_smp(); + idle->thread.sp = (unsigned long) (((struct pt_regs *) - (THREAD_SIZE + task_stack_page(idle))) - 1); +- (THREAD_SIZE + task_stack_page(idle))) - 1); ++ (THREAD_SIZE - 16 + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; + per_cpu(current_tinfo, cpu) = &idle->tinfo; @@ -28085,10 +28117,10 @@ index ad75d77..a679d32 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index c7168a5..09070fc 100644 +index 532add1..59eb241 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3497,7 +3497,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3495,7 +3495,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -35418,18 +35450,30 @@ index fa6ade7..73da73a5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3c76c3d..7871755 100644 +index 3c76c3d..7327d91 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) +@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr, + /* Assume pteval_t is equivalent to all the other *val_t types. */ + static pteval_t pte_mfn_to_pfn(pteval_t val) + { +- if (pteval_present(val)) { ++ if (val & _PAGE_PRESENT) { + unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; + unsigned long pfn = mfn_to_pfn(mfn); + +@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) return val; } -static pteval_t pte_pfn_to_mfn(pteval_t val) +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val) { - if (pteval_present(val)) { +- if (pteval_present(val)) { ++ if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; + pteval_t flags = val & PTE_FLAGS_MASK; + unsigned long mfn; @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ @@ -36085,7 +36129,7 @@ index c482f8c..c832240 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 1a3dbd1..dfc6e5c 100644 +index 8cb2522..a815e54 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -36097,7 +36141,7 @@ index 1a3dbd1..dfc6e5c 100644 struct ata_force_param { const char *name; -@@ -4850,7 +4850,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4851,7 +4851,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -36106,7 +36150,7 @@ index 1a3dbd1..dfc6e5c 100644 ap = qc->ap; qc->flags = 0; -@@ -4866,7 +4866,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4867,7 +4867,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -36115,7 +36159,7 @@ index 1a3dbd1..dfc6e5c 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5985,6 +5985,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5986,6 +5986,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -36123,7 +36167,7 @@ index 1a3dbd1..dfc6e5c 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5998,8 +5999,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5999,8 +6000,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -36134,7 +36178,7 @@ index 1a3dbd1..dfc6e5c 100644 spin_unlock(&lock); } -@@ -6192,7 +6194,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6193,7 +6195,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -38821,10 +38865,10 @@ index caf41eb..223d27a 100644 default: break; diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 8d19f7c..6bc2daa 100644 +index 99a443e..8cb6f02 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1885,7 +1885,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1878,7 +1878,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -38833,7 +38877,7 @@ index 8d19f7c..6bc2daa 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2115,7 +2115,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2108,7 +2108,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -38842,7 +38886,7 @@ index 8d19f7c..6bc2daa 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2148,8 +2148,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2141,8 +2141,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -38957,10 +39001,10 @@ index 4cf0d28..5830372 100644 .priority = 1, }; diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index aa366ec..f34f555 100644 +index b687df8..ae733fc 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c -@@ -112,10 +112,10 @@ struct pstate_funcs { +@@ -123,10 +123,10 @@ struct pstate_funcs { struct cpu_defaults { struct pstate_adjust_policy pid_policy; struct pstate_funcs funcs; @@ -38973,16 +39017,16 @@ index aa366ec..f34f555 100644 struct perf_limits { int no_turbo; -@@ -462,7 +462,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) +@@ -517,7 +517,7 @@ static void intel_pstate_set_pstate(struct cpudata *cpu, int pstate) cpu->pstate.current_pstate = pstate; -- pstate_funcs.set(pstate); -+ pstate_funcs->set(pstate); +- pstate_funcs.set(cpu, pstate); ++ pstate_funcs->set(cpu, pstate); } static inline void intel_pstate_pstate_increase(struct cpudata *cpu, int steps) -@@ -484,9 +484,9 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) +@@ -539,12 +539,12 @@ static void intel_pstate_get_cpu_pstates(struct cpudata *cpu) { sprintf(cpu->name, "Intel 2nd generation core"); @@ -38993,9 +39037,14 @@ index aa366ec..f34f555 100644 + cpu->pstate.max_pstate = pstate_funcs->get_max(); + cpu->pstate.turbo_pstate = pstate_funcs->get_turbo(); +- if (pstate_funcs.get_vid) +- pstate_funcs.get_vid(cpu); ++ if (pstate_funcs->get_vid) ++ pstate_funcs->get_vid(cpu); + /* * goto max pstate so we don't slow up boot if we are built-in if we are -@@ -750,9 +750,9 @@ static int intel_pstate_msrs_not_valid(void) +@@ -808,9 +808,9 @@ static int intel_pstate_msrs_not_valid(void) rdmsrl(MSR_IA32_APERF, aperf); rdmsrl(MSR_IA32_MPERF, mperf); @@ -39008,7 +39057,7 @@ index aa366ec..f34f555 100644 return -ENODEV; rdmsrl(MSR_IA32_APERF, tmp); -@@ -766,7 +766,7 @@ static int intel_pstate_msrs_not_valid(void) +@@ -824,7 +824,7 @@ static int intel_pstate_msrs_not_valid(void) return 0; } @@ -39017,7 +39066,7 @@ index aa366ec..f34f555 100644 { pid_params.sample_rate_ms = policy->sample_rate_ms; pid_params.p_gain_pct = policy->p_gain_pct; -@@ -778,10 +778,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) +@@ -836,11 +836,7 @@ static void copy_pid_params(struct pstate_adjust_policy *policy) static void copy_cpu_funcs(struct pstate_funcs *funcs) { @@ -39025,6 +39074,7 @@ index aa366ec..f34f555 100644 - pstate_funcs.get_min = funcs->get_min; - pstate_funcs.get_turbo = funcs->get_turbo; - pstate_funcs.set = funcs->set; +- pstate_funcs.get_vid = funcs->get_vid; + pstate_funcs = funcs; } @@ -39492,7 +39542,7 @@ index 57ea7f4..af06b76 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c -index de4aa40..49ab1f2 100644 +index 2c6d5e1..a2cca6b 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -253,7 +253,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma); @@ -39681,27 +39731,6 @@ index 9902732..64b62dd 100644 return -EINVAL; } -diff --git a/drivers/gpu/drm/armada/armada_drv.c b/drivers/gpu/drm/armada/armada_drv.c -index 62d0ff3..073dbf3 100644 ---- a/drivers/gpu/drm/armada/armada_drv.c -+++ b/drivers/gpu/drm/armada/armada_drv.c -@@ -68,15 +68,7 @@ void __armada_drm_queue_unref_work(struct drm_device *dev, - { - struct armada_private *priv = dev->dev_private; - -- /* -- * Yes, we really must jump through these hoops just to store a -- * _pointer_ to something into the kfifo. This is utterly insane -- * and idiotic, because it kfifo requires the _data_ pointed to by -- * the pointer const, not the pointer itself. Not only that, but -- * you have to pass a pointer _to_ the pointer you want stored. -- */ -- const struct drm_framebuffer *silly_api_alert = fb; -- WARN_ON(!kfifo_put(&priv->fb_unref, &silly_api_alert)); -+ WARN_ON(!kfifo_put(&priv->fb_unref, fb)); - schedule_work(&priv->fb_unref_work); - } - diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c index d6cf77c..2842146 100644 --- a/drivers/gpu/drm/drm_crtc.c @@ -40056,6 +40085,19 @@ index a3ba9a8..ee52ddd 100644 unsigned relocs_total = 0; unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); +diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c +index d3c3b5b..e79720d 100644 +--- a/drivers/gpu/drm/i915/i915_gem_gtt.c ++++ b/drivers/gpu/drm/i915/i915_gem_gtt.c +@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev) + dev_priv->gtt.base.clear_range(&dev_priv->gtt.base, + dev_priv->gtt.base.start / PAGE_SIZE, + dev_priv->gtt.base.total / PAGE_SIZE, +- false); ++ true); + } + + void i915_gem_restore_gtt_mappings(struct drm_device *dev) diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c index 3c59584..500f2e9 100644 --- a/drivers/gpu/drm/i915/i915_ioc32.c @@ -40921,10 +40963,10 @@ index 4d20910..6726b6d 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 71245d6..94c556d 100644 +index 84323c9..cf07baf 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -784,7 +784,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) +@@ -787,7 +787,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) man->size = size >> PAGE_SHIFT; } @@ -40933,7 +40975,7 @@ index 71245d6..94c556d 100644 static const struct vm_operations_struct *ttm_vm_ops = NULL; static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -825,8 +825,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -828,8 +828,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -40944,7 +40986,7 @@ index 71245d6..94c556d 100644 } vma->vm_ops = &radeon_ttm_vm_ops; return 0; -@@ -855,38 +857,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data) +@@ -858,38 +860,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data) static int radeon_ttm_debugfs_init(struct radeon_device *rdev) { #if defined(CONFIG_DEBUG_FS) @@ -45726,7 +45768,7 @@ index 6a53c15..6e7d1e7 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 5c3835a..d18b952 100644 +index cf9917b..c658558 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -150,6 +150,7 @@ @@ -45972,7 +46014,7 @@ index c737f0e..32b8682 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c -index 3dd39dc..85efa46 100644 +index a124103..59c74f8 100644 --- a/drivers/net/ethernet/sfc/ptp.c +++ b/drivers/net/ethernet/sfc/ptp.c @@ -541,7 +541,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) @@ -46048,10 +46090,10 @@ index bf0d55e..82bcfbd1 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index bc8faae..e51e25d 100644 +index d7e2907..1f8bfee 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -990,13 +990,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -993,13 +993,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -46074,7 +46116,7 @@ index bc8faae..e51e25d 100644 return rtnl_link_register(ops); }; -@@ -1051,7 +1053,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -1054,7 +1056,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -46166,10 +46208,10 @@ index b75ae5b..953c157 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index ecec802..614f08f 100644 +index 55c9238..ebb6ee5 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1839,7 +1839,7 @@ unlock: +@@ -1841,7 +1841,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -46178,7 +46220,7 @@ index ecec802..614f08f 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1852,6 +1852,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1854,6 +1854,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -48191,10 +48233,10 @@ index 84419af..268ede8 100644 &dev_attr_energy_uj.attr; } diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index 0186c1b..6491409 100644 +index 75dffb79..df850cd 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3369,7 +3369,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3370,7 +3370,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -48203,7 +48245,7 @@ index 0186c1b..6491409 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3439,7 +3439,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3440,7 +3440,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.of_node = config->of_node; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -55595,6 +55637,54 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, +diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c +index 4c02e2b..2c85267 100644 +--- a/drivers/xen/balloon.c ++++ b/drivers/xen/balloon.c +@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) + state = BP_EAGAIN; + break; + } +- +- pfn = page_to_pfn(page); +- frame_list[i] = pfn_to_mfn(pfn); +- + scrub_page(page); + ++ frame_list[i] = page_to_pfn(page); ++ } ++ ++ /* ++ * Ensure that ballooned highmem pages don't have kmaps. ++ * ++ * Do this before changing the p2m as kmap_flush_unused() ++ * reads PTEs to obtain pages (and hence needs the original ++ * p2m entry). ++ */ ++ kmap_flush_unused(); ++ ++ /* Update direct mapping, invalidate P2M, and add to balloon. */ ++ for (i = 0; i < nr_pages; i++) { ++ pfn = frame_list[i]; ++ frame_list[i] = pfn_to_mfn(pfn); ++ page = pfn_to_page(pfn); ++ + #ifdef CONFIG_XEN_HAVE_PVMMU + /* + * Ballooned out frames are effectively replaced with +@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) + } + #endif + +- balloon_append(pfn_to_page(pfn)); ++ balloon_append(page); + } + +- /* Ensure that ballooned highmem pages don't have kmaps. */ +- kmap_flush_unused(); + flush_tlb_all(); + + set_xen_guest_handle(reservation.extent_start, frame_list); diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -55686,6 +55776,61 @@ index 062a5f6..e5618e0 100644 return -EINVAL; file = aio_private_file(ctx, nr_pages); +diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c +index 2408473..80ef38c 100644 +--- a/fs/anon_inodes.c ++++ b/fs/anon_inodes.c +@@ -41,19 +41,8 @@ static const struct dentry_operations anon_inodefs_dentry_operations = { + static struct dentry *anon_inodefs_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) + { +- struct dentry *root; +- root = mount_pseudo(fs_type, "anon_inode:", NULL, ++ return mount_pseudo(fs_type, "anon_inode:", NULL, + &anon_inodefs_dentry_operations, ANON_INODE_FS_MAGIC); +- if (!IS_ERR(root)) { +- struct super_block *s = root->d_sb; +- anon_inode_inode = alloc_anon_inode(s); +- if (IS_ERR(anon_inode_inode)) { +- dput(root); +- deactivate_locked_super(s); +- root = ERR_CAST(anon_inode_inode); +- } +- } +- return root; + } + + static struct file_system_type anon_inode_fs_type = { +@@ -175,22 +164,15 @@ EXPORT_SYMBOL_GPL(anon_inode_getfd); + + static int __init anon_inode_init(void) + { +- int error; +- +- error = register_filesystem(&anon_inode_fs_type); +- if (error) +- goto err_exit; + anon_inode_mnt = kern_mount(&anon_inode_fs_type); +- if (IS_ERR(anon_inode_mnt)) { +- error = PTR_ERR(anon_inode_mnt); +- goto err_unregister_filesystem; +- } ++ if (IS_ERR(anon_inode_mnt)) ++ panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); ++ ++ anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); ++ if (IS_ERR(anon_inode_inode)) ++ panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); ++ + return 0; +- +-err_unregister_filesystem: +- unregister_filesystem(&anon_inode_fs_type); +-err_exit: +- panic(KERN_ERR "anon_inode_init() failed (%d)\n", error); + } + + fs_initcall(anon_inode_init); diff --git a/fs/attr.c b/fs/attr.c index 5d4e59d..fd02418 100644 --- a/fs/attr.c @@ -56899,10 +57044,10 @@ index 1e86823..8e34695 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 316136b..e7a3a50 100644 +index 3de01b4..6547c39 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1028,9 +1028,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1217,9 +1217,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -58020,7 +58165,7 @@ index bc3fbcd..6031650 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index fdbe230..ba17c1f 100644 +index fdbe230..d852932 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) @@ -58032,6 +58177,18 @@ index fdbe230..ba17c1f 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; +@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) + u32 dlen = ACCESS_ONCE(name->len); + char *p; + +- if (*buflen < dlen + 1) +- return -ENAMETOOLONG; + *buflen -= dlen + 1; ++ if (*buflen < 0) ++ return -ENAMETOOLONG; + p = *buffer -= dlen + 1; + *p++ = '/'; + while (dlen--) { @@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; @@ -61026,7 +61183,7 @@ index a17458c..e69fb5b 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 3531dee..3177227 100644 +index cfe6608..a24748c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -61102,7 +61259,57 @@ index 3531dee..3177227 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1582,6 +1596,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, + return false; + + if (!d_mountpoint(path->dentry)) +- break; ++ return true; + + mounted = __lookup_mnt(path->mnt, path->dentry); + if (!mounted) +@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, + */ + *inode = path->dentry->d_inode; + } +- return true; +-} +- +-static void follow_mount_rcu(struct nameidata *nd) +-{ +- while (d_mountpoint(nd->path.dentry)) { +- struct mount *mounted; +- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); +- if (!mounted) +- break; +- nd->path.mnt = &mounted->mnt; +- nd->path.dentry = mounted->mnt.mnt_root; +- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); +- } ++ return read_seqretry(&mount_lock, nd->m_seq); + } + + static int follow_dotdot_rcu(struct nameidata *nd) +@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd) + break; + nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); + } +- follow_mount_rcu(nd); ++ while (d_mountpoint(nd->path.dentry)) { ++ struct mount *mounted; ++ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); ++ if (!mounted) ++ break; ++ nd->path.mnt = &mounted->mnt; ++ nd->path.dentry = mounted->mnt.mnt_root; ++ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); ++ if (!read_seqretry(&mount_lock, nd->m_seq)) ++ goto failed; ++ } + nd->inode = nd->path.dentry->d_inode; + return 0; + +@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -61111,7 +61318,7 @@ index 3531dee..3177227 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1655,7 +1671,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -61120,7 +61327,7 @@ index 3531dee..3177227 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1939,6 +1955,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -61129,7 +61336,7 @@ index 3531dee..3177227 100644 put_link(nd, &link, cookie); } } -@@ -1946,6 +1964,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -61143,7 +61350,7 @@ index 3531dee..3177227 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_is_directory(nd->path.dentry)) { path_put(&nd->path); -@@ -1973,8 +1998,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -61160,7 +61367,7 @@ index 3531dee..3177227 100644 return retval; } -@@ -2548,6 +2580,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -61174,7 +61381,7 @@ index 3531dee..3177227 100644 return 0; } -@@ -2779,7 +2818,7 @@ looked_up: +@@ -2779,7 +2815,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -61183,7 +61390,7 @@ index 3531dee..3177227 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2814,6 +2853,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -61201,7 +61408,7 @@ index 3531dee..3177227 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2835,6 +2885,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -61210,7 +61417,7 @@ index 3531dee..3177227 100644 } out_no_open: path->dentry = dentry; -@@ -2849,7 +2901,7 @@ out_dput: +@@ -2849,7 +2898,7 @@ out_dput: /* * Handle the last step of open() */ @@ -61219,7 +61426,7 @@ index 3531dee..3177227 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2899,6 +2951,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -61235,7 +61442,7 @@ index 3531dee..3177227 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2918,7 +2979,7 @@ retry_lookup: +@@ -2918,7 +2976,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -61244,7 +61451,7 @@ index 3531dee..3177227 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2942,11 +3003,28 @@ retry_lookup: +@@ -2942,11 +3000,28 @@ retry_lookup: goto finish_open_created; } @@ -61274,7 +61481,7 @@ index 3531dee..3177227 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2987,6 +3065,11 @@ finish_lookup: +@@ -2987,6 +3062,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -61286,7 +61493,7 @@ index 3531dee..3177227 100644 return 1; } -@@ -2996,7 +3079,6 @@ finish_lookup: +@@ -2996,7 +3076,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -61294,7 +61501,7 @@ index 3531dee..3177227 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3006,7 +3088,18 @@ finish_open: +@@ -3006,7 +3085,18 @@ finish_open: path_put(&save_parent); return error; } @@ -61313,7 +61520,7 @@ index 3531dee..3177227 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3170,7 +3263,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -61322,7 +61529,7 @@ index 3531dee..3177227 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3188,7 +3281,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -61331,7 +61538,7 @@ index 3531dee..3177227 100644 put_link(nd, &link, cookie); } out: -@@ -3288,9 +3381,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -61345,7 +61552,7 @@ index 3531dee..3177227 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3342,6 +3437,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -61366,7 +61573,7 @@ index 3531dee..3177227 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3404,6 +3513,17 @@ retry: +@@ -3404,6 +3510,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61384,7 +61591,7 @@ index 3531dee..3177227 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3420,6 +3540,8 @@ retry: +@@ -3420,6 +3537,8 @@ retry: break; } out: @@ -61393,7 +61600,7 @@ index 3531dee..3177227 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3472,9 +3594,16 @@ retry: +@@ -3472,9 +3591,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61410,7 +61617,7 @@ index 3531dee..3177227 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3555,6 +3684,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -61419,7 +61626,7 @@ index 3531dee..3177227 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3587,10 +3718,21 @@ retry: +@@ -3587,10 +3715,21 @@ retry: error = -ENOENT; goto exit3; } @@ -61441,7 +61648,7 @@ index 3531dee..3177227 100644 exit3: dput(dentry); exit2: -@@ -3680,6 +3822,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -61450,7 +61657,7 @@ index 3531dee..3177227 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3706,10 +3850,22 @@ retry_deleg: +@@ -3706,10 +3847,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -61473,7 +61680,7 @@ index 3531dee..3177227 100644 exit2: dput(dentry); } -@@ -3797,9 +3953,17 @@ retry: +@@ -3797,9 +3950,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -61491,7 +61698,7 @@ index 3531dee..3177227 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3902,6 +4066,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -61499,7 +61706,7 @@ index 3531dee..3177227 100644 int how = 0; int error; -@@ -3925,7 +4090,7 @@ retry: +@@ -3925,7 +4087,7 @@ retry: if (error) return error; @@ -61508,7 +61715,7 @@ index 3531dee..3177227 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3937,11 +4102,28 @@ retry: +@@ -3937,11 +4099,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -61537,7 +61744,7 @@ index 3531dee..3177227 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4225,6 +4407,12 @@ retry_deleg: +@@ -4228,6 +4407,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -61550,7 +61757,7 @@ index 3531dee..3177227 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4232,6 +4420,9 @@ retry_deleg: +@@ -4235,6 +4420,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -61560,7 +61767,7 @@ index 3531dee..3177227 100644 exit5: dput(new_dentry); exit4: -@@ -4268,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -61569,7 +61776,7 @@ index 3531dee..3177227 100644 int len; len = PTR_ERR(link); -@@ -4277,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -62690,7 +62897,7 @@ index 1bd2077..2f7cfd5 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 03c8d74..68a79e8 100644 +index b59a34b..68a79e8 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -62999,15 +63206,7 @@ index 03c8d74..68a79e8 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -1819,6 +1937,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path) - if (rc) - goto out_mmput; - -+ rc = -ENOENT; - down_read(&mm->mmap_sem); - vma = find_exact_vma(mm, vm_start, vm_end); - if (vma && vma->vm_file) { -@@ -2172,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2173,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -63017,7 +63216,7 @@ index 03c8d74..68a79e8 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2202,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2203,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -63027,7 +63226,7 @@ index 03c8d74..68a79e8 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2591,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2592,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -63036,7 +63235,7 @@ index 03c8d74..68a79e8 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2616,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2617,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -63049,7 +63248,7 @@ index 03c8d74..68a79e8 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2653,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2654,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -63059,7 +63258,7 @@ index 03c8d74..68a79e8 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2783,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2784,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -63074,7 +63273,7 @@ index 03c8d74..68a79e8 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2821,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2822,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -63086,7 +63285,7 @@ index 03c8d74..68a79e8 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2927,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2928,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -63095,7 +63294,7 @@ index 03c8d74..68a79e8 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2954,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2955,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -64963,10 +65162,10 @@ index 104455b..764c512 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..031e895 +index 0000000..13b7885 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1157 @@ +@@ -0,0 +1,1155 @@ +# +# grecurity configuration +# @@ -64980,18 +65179,16 @@ index 0000000..031e895 + help + If you say Y here, /dev/kmem and /dev/mem won't be allowed to + be written to or read from to modify or leak the contents of the running -+ kernel. /dev/port will also not be allowed to be opened, and support -+ for /dev/cpu/*/msr and kexec will be removed. If you have module -+ support disabled, enabling this will close up six ways that are -+ currently used to insert malicious code into the running kernel. ++ kernel. /dev/port will also not be allowed to be opened, writing to ++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed. ++ If you have module support disabled, enabling this will close up several ++ ways that are currently used to insert malicious code into the running ++ kernel. + + Even with this feature enabled, we still highly recommend that + you use the RBAC system, as it is still possible for an attacker to + modify the running kernel through other more obscure methods. + -+ Enabling this feature will prevent the "cpupower" and "powertop" tools -+ from working. -+ + It is highly recommended that you say Y here if you meet all the + conditions above. + @@ -79641,7 +79838,7 @@ index 9fe426b..8148be6 100644 static inline int vma_dup_policy(struct vm_area_struct *src, struct vm_area_struct *dst) diff --git a/include/linux/mm.h b/include/linux/mm.h -index 9fac6dd..158ca43 100644 +index 0ab5439..2859c61 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -117,6 +117,11 @@ extern unsigned int kobjsize(const void *objp); @@ -82990,10 +83187,37 @@ index 2ef3c3e..e02013e 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 70e55d2..c5d8d53 100644 +index 9250d62..10a7f03 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -540,7 +540,7 @@ void tcp_retransmit_timer(struct sock *sk); +@@ -480,20 +480,21 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + #ifdef CONFIG_SYN_COOKIES + #include <linux/ktime.h> + +-/* Syncookies use a monotonic timer which increments every 64 seconds. ++/* Syncookies use a monotonic timer which increments every 60 seconds. + * This counter is used both as a hash input and partially encoded into + * the cookie value. A cookie is only validated further if the delta + * between the current counter value and the encoded one is less than this, +- * i.e. a sent cookie is valid only at most for 128 seconds (or less if ++ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if + * the counter advances immediately after a cookie is generated). + */ + #define MAX_SYNCOOKIE_AGE 2 + + static inline u32 tcp_cookie_time(void) + { +- struct timespec now; +- getnstimeofday(&now); +- return now.tv_sec >> 6; /* 64 seconds granularity */ ++ u64 val = get_jiffies_64(); ++ ++ do_div(val, 60 * HZ); ++ return val; + } + + u32 __cookie_v4_init_sequence(const struct iphdr *iph, const struct tcphdr *th, +@@ -540,7 +541,7 @@ void tcp_retransmit_timer(struct sock *sk); void tcp_xmit_retransmit_queue(struct sock *); void tcp_simple_retransmit(struct sock *); int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -83002,7 +83226,7 @@ index 70e55d2..c5d8d53 100644 void tcp_send_probe0(struct sock *); void tcp_send_partial(struct sock *); -@@ -711,8 +711,8 @@ struct tcp_skb_cb { +@@ -711,8 +712,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -83013,7 +83237,7 @@ index 70e55d2..c5d8d53 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -726,7 +726,7 @@ struct tcp_skb_cb { +@@ -726,7 +727,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -84213,7 +84437,7 @@ index b8d4aed..96a4fe8 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 558aa91..359e718 100644 +index 52770bf..1c60a6f 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -297,18 +297,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -84458,7 +84682,7 @@ index 15ec13a..986322e 100644 if (!ab) return; diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 90594c9..abbeed7 100644 +index ff32843..27fc708 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -1945,7 +1945,7 @@ int auditsc_get_stamp(struct audit_context *ctx, @@ -84470,7 +84694,7 @@ index 90594c9..abbeed7 100644 static int audit_set_loginuid_perm(kuid_t loginuid) { -@@ -2008,7 +2008,7 @@ int audit_set_loginuid(kuid_t loginuid) +@@ -2011,7 +2011,7 @@ int audit_set_loginuid(kuid_t loginuid) /* are we setting or clearing? */ if (uid_valid(loginuid)) @@ -88792,7 +89016,7 @@ index c677510..132bb14 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index e64b079..a46bd34 100644 +index ce501de..1805320 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1652,7 +1652,7 @@ void task_numa_fault(int last_cpupid, int node, int pages, int flags) @@ -90087,7 +90311,7 @@ index 26dc348..8708ca7 100644 + return atomic64_inc_return_unchecked(&trace_counter); } diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index a11800a..3dafde5 100644 +index 2e58196..fdd3d61 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1681,7 +1681,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call, @@ -91046,72 +91270,6 @@ index ce682f7..1fb54f9 100644 if (err) { bdi_destroy(bdi); return err; -diff --git a/mm/compaction.c b/mm/compaction.c -index f58bcd0..b74dc61 100644 ---- a/mm/compaction.c -+++ b/mm/compaction.c -@@ -251,7 +251,6 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, - { - int nr_scanned = 0, total_isolated = 0; - struct page *cursor, *valid_page = NULL; -- unsigned long nr_strict_required = end_pfn - blockpfn; - unsigned long flags; - bool locked = false; - -@@ -264,11 +263,12 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, - - nr_scanned++; - if (!pfn_valid_within(blockpfn)) -- continue; -+ goto isolate_fail; -+ - if (!valid_page) - valid_page = page; - if (!PageBuddy(page)) -- continue; -+ goto isolate_fail; - - /* - * The zone lock must be held to isolate freepages. -@@ -289,12 +289,10 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, - - /* Recheck this is a buddy page under lock */ - if (!PageBuddy(page)) -- continue; -+ goto isolate_fail; - - /* Found a free page, break it into order-0 pages */ - isolated = split_free_page(page); -- if (!isolated && strict) -- break; - total_isolated += isolated; - for (i = 0; i < isolated; i++) { - list_add(&page->lru, freelist); -@@ -305,7 +303,15 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, - if (isolated) { - blockpfn += isolated - 1; - cursor += isolated - 1; -+ continue; - } -+ -+isolate_fail: -+ if (strict) -+ break; -+ else -+ continue; -+ - } - - trace_mm_compaction_isolate_freepages(nr_scanned, total_isolated); -@@ -315,7 +321,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, - * pages requested were isolated. If there were any failures, 0 is - * returned and CMA will fail. - */ -- if (strict && nr_strict_required > total_isolated) -+ if (strict && blockpfn < end_pfn) - total_isolated = 0; - - if (locked) diff --git a/mm/filemap.c b/mm/filemap.c index b7749a9..50d1123 100644 --- a/mm/filemap.c @@ -94145,7 +94303,7 @@ index 7106cb1..0805f48 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 5248fe0..0f693aa 100644 +index 56f268d..4d35ec4 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -96834,7 +96992,7 @@ index b618694..192bbba 100644 m->msg_iov = iov; diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 932c6d7..71fd94a 100644 +index 43128dd..e4d4311 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -2775,7 +2775,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write, @@ -97375,10 +97533,10 @@ index 1865fdf..581a595 100644 if (flags & MSG_TRUNC) copied = skb->len; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index 70011e0..454ca6a 100644 +index e4d96d4..e1651da 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c -@@ -1683,13 +1683,9 @@ static int __init inet_init(void) +@@ -1686,13 +1686,9 @@ static int __init inet_init(void) BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb)); @@ -97393,7 +97551,7 @@ index 70011e0..454ca6a 100644 rc = proto_register(&udp_prot, 1); if (rc) -@@ -1796,8 +1792,6 @@ out_unregister_udp_proto: +@@ -1799,8 +1795,6 @@ out_unregister_udp_proto: proto_unregister(&udp_prot); out_unregister_tcp_proto: proto_unregister(&tcp_prot); @@ -100976,24 +101134,6 @@ index 1a6eef3..17e898f 100644 NULL, sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, -diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c -index a26065b..af7be05 100644 ---- a/net/sctp/sm_statefuns.c -+++ b/net/sctp/sm_statefuns.c -@@ -759,6 +759,13 @@ sctp_disposition_t sctp_sf_do_5_1D_ce(struct net *net, - struct sctp_chunk auth; - sctp_ierror_t ret; - -+ /* Make sure that we and the peer are AUTH capable */ -+ if (!net->sctp.auth_enable || !new_asoc->peer.auth_capable) { -+ kfree_skb(chunk->auth_chunk); -+ sctp_association_free(new_asoc); -+ return sctp_sf_pdiscard(net, ep, asoc, type, arg, commands); -+ } -+ - /* set-up our fake chunk so that we can process it */ - auth.skb = chunk->auth_chunk; - auth.asoc = chunk->asoc; diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 146b35d..1021a34 100644 --- a/net/sctp/socket.c @@ -101756,10 +101896,10 @@ index d38bb45..38d5df5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index a427623..387c80b 100644 +index d7c1ac6..b0fc322 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -790,6 +790,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -101772,7 +101912,7 @@ index a427623..387c80b 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -810,6 +816,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -809,6 +815,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -101786,7 +101926,7 @@ index a427623..387c80b 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -843,12 +856,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -842,12 +855,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -101805,7 +101945,52 @@ index a427623..387c80b 100644 done_path_create(&path, dentry); return err; } -@@ -2336,9 +2355,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + struct unix_sock *u = unix_sk(sk); + struct sockaddr_un *sunaddr = msg->msg_name; + int copied = 0; ++ int noblock = flags & MSG_DONTWAIT; + int check_creds = 0; + int target; + int err = 0; +@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); +- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); ++ timeo = sock_rcvtimeo(sk, noblock); + + /* Lock the socket to prevent queue disordering + * while sleeps in memcpy_tomsg +@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + } + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(timeo); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -101820,7 +102005,7 @@ index a427623..387c80b 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2365,8 +2388,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -102359,26 +102544,25 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..5e0222d +index 0000000..ed4c19a --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,17 @@ +@@ -0,0 +1,16 @@ +#!/bin/bash -+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF -+#include "gcc-plugin.h" -+#include "tree.h" -+#include "tm.h" -+#include "rtl.h" -+#ifdef ENABLE_BUILD_WITH_CXX ++srctree=$(dirname "$0") ++gccplugins_dir=$("$1" -print-file-name=plugin) ++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++#include "gcc-common.h" ++#if __GNUC__ > 4 || __GNUC_MINOR__ >= 8 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 +#else +#warning $1 +#endif -+EOF` ++EOF ++) +if [ $? -eq 0 ] +then -+ [[ "$plugincc" =~ "$1" ]] && echo "$1" -+ [[ "$plugincc" =~ "$2" ]] && echo "$2" ++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" ) +fi diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh index 5de5660..d3deb89 100644 @@ -106903,10 +107087,10 @@ index 0000000..dd73713 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..1a98bed +index 0000000..c96f80f --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,451 @@ +@@ -0,0 +1,457 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -106935,7 +107119,7 @@ index 0000000..1a98bed +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201402240545", ++ .version = "201403042150", + .help = NULL +}; + @@ -107107,6 +107291,10 @@ index 0000000..1a98bed + +static bool gate_latent_entropy(void) +{ ++ // don't bother with noreturn functions for now ++ if (TREE_THIS_VOLATILE(current_function_decl)) ++ return false; ++ + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE; +} + @@ -107231,7 +107419,8 @@ index 0000000..1a98bed + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); +//debug_bb(bb); -+ bb = bb->next_bb; ++ gcc_assert(single_succ_p(bb)); ++ bb = single_succ(bb); + + // 3. instrument each BB with an operation on the local entropy variable + while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) { @@ -107241,8 +107430,9 @@ index 0000000..1a98bed + }; + + // 4. mix local entropy into the global entropy variable -+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy); -+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb); ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun))); ++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy); ++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun))); + return 0; +} + @@ -108276,10 +108466,10 @@ index 0000000..8dafb22 +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..102f0d6 +index 0000000..9529806 --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,5703 @@ +@@ -0,0 +1,5709 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -110005,6 +110195,7 @@ index 0000000..102f0d6 +lustre_pack_request_19992 lustre_pack_request 0 19992 NULL +diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL +lov_stripe_md_size_20009 lov_stripe_md_size 0-1 20009 NULL ++tree_mod_log_eb_move_20011 tree_mod_log_eb_move 5 20011 NULL +SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL +split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL +alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL @@ -110025,6 +110216,7 @@ index 0000000..102f0d6 +pvr2_ctrl_value_to_sym_20229 pvr2_ctrl_value_to_sym 5 20229 NULL +rose_sendmsg_20249 rose_sendmsg 4 20249 NULL +tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL ++btrfs_header_nritems_20296 btrfs_header_nritems 0 20296 NULL +r10_sync_page_io_20307 r10_sync_page_io 3 20307 NULL +dm_get_reserved_bio_based_ios_20315 dm_get_reserved_bio_based_ios 0 20315 NULL +tx_tx_burst_programmed_read_20320 tx_tx_burst_programmed_read 3 20320 NULL @@ -110134,6 +110326,7 @@ index 0000000..102f0d6 +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL +SYSC_rt_sigpending_21379 SYSC_rt_sigpending 2 21379 NULL +video_ioctl2_21380 video_ioctl2 2 21380 NULL ++insert_ptr_21386 insert_ptr 6 21386 NULL +diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL +snd_m3_inw_21406 snd_m3_inw 0 21406 NULL +snapshot_read_next_21426 snapshot_read_next 0 21426 NULL @@ -111051,6 +111244,7 @@ index 0000000..102f0d6 +kobject_add_internal_32133 kobject_add_internal 0 32133 NULL +venus_link_32165 venus_link 5 32165 NULL +do_writepages_32173 do_writepages 0 32173 NULL ++del_ptr_32197 del_ptr 4 32197 NULL +wusb_ccm_mac_32199 wusb_ccm_mac 7 32199 NULL +riva_get_cmap_len_32218 riva_get_cmap_len 0 32218 NULL +caif_seqpkt_recvmsg_32241 caif_seqpkt_recvmsg 4 32241 NULL @@ -112416,6 +112610,7 @@ index 0000000..102f0d6 +posix_acl_fix_xattr_from_user_47793 posix_acl_fix_xattr_from_user 2 47793 NULL +W6692_empty_Bfifo_47804 W6692_empty_Bfifo 2 47804 NULL +lov_packmd_47810 lov_packmd 0 47810 NULL ++tree_mod_log_insert_move_47823 tree_mod_log_insert_move 5 47823 NULL +pinconf_dbg_config_write_47835 pinconf_dbg_config_write 3 47835 NULL +KEY_SIZE_47855 KEY_SIZE 0 47855 NULL +vhci_read_47878 vhci_read 3 47878 NULL @@ -113983,6 +114178,7 @@ index 0000000..102f0d6 +dpcm_state_read_file_65489 dpcm_state_read_file 3 65489 NULL +lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9 65493 NULL +nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL ++tree_mod_log_eb_copy_65535 tree_mod_log_eb_copy 6 65535 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 index 0000000..fa0524c diff --git a/3.13.6/4425_grsec_remove_EI_PAX.patch b/3.13.7/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.13.6/4425_grsec_remove_EI_PAX.patch +++ b/3.13.7/4425_grsec_remove_EI_PAX.patch diff --git a/3.13.6/4427_force_XATTR_PAX_tmpfs.patch b/3.13.7/4427_force_XATTR_PAX_tmpfs.patch index 23e60cd..23e60cd 100644 --- a/3.13.6/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.13.7/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.13.6/4430_grsec-remove-localversion-grsec.patch b/3.13.7/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.13.6/4430_grsec-remove-localversion-grsec.patch +++ b/3.13.7/4430_grsec-remove-localversion-grsec.patch diff --git a/3.13.6/4435_grsec-mute-warnings.patch b/3.13.7/4435_grsec-mute-warnings.patch index cb51a05..cb51a05 100644 --- a/3.13.6/4435_grsec-mute-warnings.patch +++ b/3.13.7/4435_grsec-mute-warnings.patch diff --git a/3.13.6/4440_grsec-remove-protected-paths.patch b/3.13.7/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.13.6/4440_grsec-remove-protected-paths.patch +++ b/3.13.7/4440_grsec-remove-protected-paths.patch diff --git a/3.13.6/4450_grsec-kconfig-default-gids.patch b/3.13.7/4450_grsec-kconfig-default-gids.patch index abff221..abff221 100644 --- a/3.13.6/4450_grsec-kconfig-default-gids.patch +++ b/3.13.7/4450_grsec-kconfig-default-gids.patch diff --git a/3.13.6/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.7/4465_selinux-avc_audit-log-curr_ip.patch index 6caf9de..6caf9de 100644 --- a/3.13.6/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.13.7/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.13.6/4470_disable-compat_vdso.patch b/3.13.7/4470_disable-compat_vdso.patch index a25c029..a25c029 100644 --- a/3.13.6/4470_disable-compat_vdso.patch +++ b/3.13.7/4470_disable-compat_vdso.patch diff --git a/3.13.6/4475_emutramp_default_on.patch b/3.13.7/4475_emutramp_default_on.patch index a453a5b..a453a5b 100644 --- a/3.13.6/4475_emutramp_default_on.patch +++ b/3.13.7/4475_emutramp_default_on.patch diff --git a/3.2.55/0000_README b/3.2.55/0000_README index a3b6dc5..89a0c5a 100644 --- a/3.2.55/0000_README +++ b/3.2.55/0000_README @@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch From: http://www.kernel.org Desc: Linux 3.2.55 -Patch: 4420_grsecurity-3.0-3.2.55-201403202347.patch +Patch: 4420_grsecurity-3.0-3.2.55-201403281858.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch index c1f6b08..aabac92 100644 --- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403202347.patch +++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403281858.patch @@ -8035,7 +8035,7 @@ index 5e4252b..379f84f 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index 817187d..1d4541e 100644 +index 817187d..2cc50b0 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S @@ -62,7 +62,7 @@ sys32_rt_sigreturn: @@ -8047,7 +8047,7 @@ index 817187d..1d4541e 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -179,7 +179,7 @@ linux_sparc_syscall32: +@@ -179,12 +179,13 @@ linux_sparc_syscall32: srl %i3, 0, %o3 ! IEU0 srl %i2, 0, %o2 ! IEU0 Group @@ -8056,7 +8056,14 @@ index 817187d..1d4541e 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 5: call %l7 ! CTI Group brk forced -@@ -202,7 +202,7 @@ linux_sparc_syscall: + srl %i5, 0, %o5 ! IEU1 +- ba,a,pt %xcc, 3f ++ ba,pt %xcc, 3f ++ sra %o0, 0, %o0 + + /* Linux native system calls enter here... */ + .align 32 +@@ -202,7 +203,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -8065,7 +8072,13 @@ index 817187d..1d4541e 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -218,7 +218,7 @@ ret_sys_call: +@@ -212,13 +213,12 @@ linux_sparc_syscall: + 3: stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] + ret_sys_call: + ldx [%sp + PTREGS_OFF + PT_V9_TSTATE], %g3 +- sra %o0, 0, %o0 + mov %ulo(TSTATE_XCARRY | TSTATE_ICARRY), %g2 + sllx %g2, 32, %g2 cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -20624,7 +20637,7 @@ index ce0be7c..1252d68 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e11e394..0a8c254 100644 +index e11e394..b4611a6 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -20735,7 +20748,15 @@ index e11e394..0a8c254 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -269,7 +275,7 @@ ENTRY(secondary_startup_64) +@@ -262,14 +268,14 @@ ENTRY(secondary_startup_64) + .quad INIT_PER_CPU_VAR(irq_stack_union) + + ENTRY(stack_start) +- .quad init_thread_union+THREAD_SIZE-8 ++ .quad init_thread_union+THREAD_SIZE-16 + .word 0 + __FINITDATA + bad_address: jmp bad_address @@ -22763,26 +22784,6 @@ index c8e41e9..64049ef 100644 /* * PCI ids solely used for fixups_table go here -diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S -index f2bb9c9..bed145d7 100644 ---- a/arch/x86/kernel/relocate_kernel_64.S -+++ b/arch/x86/kernel/relocate_kernel_64.S -@@ -11,6 +11,7 @@ - #include <asm/kexec.h> - #include <asm/processor-flags.h> - #include <asm/pgtable_types.h> -+#include <asm/alternative-asm.h> - - /* - * Must be relocatable PIC code callable as a C function -@@ -167,6 +168,7 @@ identity_mapped: - xorq %r14, %r14 - xorq %r15, %r15 - -+ pax_force_retaddr 0, 1 - ret - - 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index b506f41..c954434 100644 --- a/arch/x86/kernel/setup.c @@ -23039,9 +23040,18 @@ index 16204dc..0e7d4b7 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 9f548cb..caf76f7 100644 +index 9f548cb..053b7e5 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c +@@ -692,7 +692,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) + */ + if (c_idle.idle) { + c_idle.idle->thread.sp = (unsigned long) (((struct pt_regs *) +- (THREAD_SIZE + task_stack_page(c_idle.idle))) - 1); ++ (THREAD_SIZE - 16 + task_stack_page(c_idle.idle))) - 1); + init_idle(c_idle.idle, cpu); + goto do_rest; + } @@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) set_idle_for_cpu(cpu, c_idle.idle); do_rest: @@ -53047,6 +53057,34 @@ index 8cdd8ea..64197b4 100644 kiocb->ki_nr_segs = kiocb->ki_nbytes; kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ +diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c +index f11e43e..544bdd2 100644 +--- a/fs/anon_inodes.c ++++ b/fs/anon_inodes.c +@@ -216,13 +216,10 @@ static int __init anon_inode_init(void) + { + int error; + +- error = register_filesystem(&anon_inode_fs_type); +- if (error) +- goto err_exit; + anon_inode_mnt = kern_mount(&anon_inode_fs_type); + if (IS_ERR(anon_inode_mnt)) { + error = PTR_ERR(anon_inode_mnt); +- goto err_unregister_filesystem; ++ goto err_exit; + } + anon_inode_inode = anon_inode_mkinode(); + if (IS_ERR(anon_inode_inode)) { +@@ -234,8 +231,6 @@ static int __init anon_inode_init(void) + + err_mntput: + kern_unmount(anon_inode_mnt); +-err_unregister_filesystem: +- unregister_filesystem(&anon_inode_fs_type); + err_exit: + panic(KERN_ERR "anon_inode_init() failed (%d)\n", error); + } diff --git a/fs/attr.c b/fs/attr.c index b8f55c4..4c2b80c 100644 --- a/fs/attr.c @@ -63383,10 +63421,10 @@ index 8a89949..6776861 100644 xfs_init_zones(void) diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..9ad8151 +index 0000000..3dd4ae7 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1143 @@ +@@ -0,0 +1,1141 @@ +# +# grecurity configuration +# @@ -63400,18 +63438,16 @@ index 0000000..9ad8151 + help + If you say Y here, /dev/kmem and /dev/mem won't be allowed to + be written to or read from to modify or leak the contents of the running -+ kernel. /dev/port will also not be allowed to be opened, and support -+ for /dev/cpu/*/msr and kexec will be removed. If you have module -+ support disabled, enabling this will close up six ways that are -+ currently used to insert malicious code into the running kernel. ++ kernel. /dev/port will also not be allowed to be opened, writing to ++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed. ++ If you have module support disabled, enabling this will close up several ++ ways that are currently used to insert malicious code into the running ++ kernel. + + Even with this feature enabled, we still highly recommend that + you use the RBAC system, as it is still possible for an attacker to + modify the running kernel through other more obscure methods. + -+ Enabling this feature will prevent the "cpupower" and "powertop" tools -+ from working. -+ + It is highly recommended that you say Y here if you meet all the + conditions above. + @@ -82128,35 +82164,36 @@ index e6454b6..cda5eaf 100644 static inline struct page *sk_stream_alloc_page(struct sock *sk) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index fe46019..b2e8119 100644 +index fe46019..ce07abd 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -433,6 +433,24 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS]; +@@ -433,6 +433,25 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS]; extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, struct ip_options *opt); #ifdef CONFIG_SYN_COOKIES +#include <linux/ktime.h> + -+/* Syncookies use a monotonic timer which increments every 64 seconds. ++/* Syncookies use a monotonic timer which increments every 60 seconds. + * This counter is used both as a hash input and partially encoded into + * the cookie value. A cookie is only validated further if the delta + * between the current counter value and the encoded one is less than this, -+ * i.e. a sent cookie is valid only at most for 128 seconds (or less if ++ * i.e. a sent cookie is valid only at most for 2*60 seconds (or less if + * the counter advances immediately after a cookie is generated). + */ +#define MAX_SYNCOOKIE_AGE 2 + +static inline u32 tcp_cookie_time(void) +{ -+ struct timespec now; -+ getnstimeofday(&now); -+ return now.tv_sec >> 6; /* 64 seconds granularity */ ++ u64 val = get_jiffies_64(); ++ ++ do_div(val, 60 * HZ); ++ return val; +} + extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mss); #else -@@ -470,7 +488,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -470,7 +489,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -82165,7 +82202,7 @@ index fe46019..b2e8119 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -633,8 +651,8 @@ struct tcp_skb_cb { +@@ -633,8 +652,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -82176,7 +82213,7 @@ index fe46019..b2e8119 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ __u8 sacked; /* State flags for SACK/FACK. */ -@@ -647,7 +665,7 @@ struct tcp_skb_cb { +@@ -647,7 +666,7 @@ struct tcp_skb_cb { #define TCPCB_EVER_RETRANS 0x80 /* Ever retransmitted frame */ #define TCPCB_RETRANS (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS) @@ -102183,7 +102220,7 @@ index e7ed43a..6afa140 100644 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 2, len); diff --git a/net/rxrpc/ar-input.c b/net/rxrpc/ar-input.c -index 1a2b0633..e8d1382 100644 +index 1a2b0633..e8d1382e 100644 --- a/net/rxrpc/ar-input.c +++ b/net/rxrpc/ar-input.c @@ -340,9 +340,9 @@ void rxrpc_fast_process_packet(struct rxrpc_call *call, struct sk_buff *skb) @@ -103741,7 +103778,7 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index eddfdec..e20439d 100644 +index eddfdec..9eb64a4 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -768,6 +768,12 @@ static struct sock *unix_find_other(struct net *net, @@ -103790,7 +103827,52 @@ index eddfdec..e20439d 100644 mutex_unlock(&path.dentry->d_inode->i_mutex); dput(path.dentry); path.dentry = dentry; -@@ -2269,9 +2289,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -1771,8 +1791,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -1887,6 +1910,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + struct unix_sock *u = unix_sk(sk); + struct sockaddr_un *sunaddr = msg->msg_name; + int copied = 0; ++ int noblock = flags & MSG_DONTWAIT; + int check_creds = 0; + int target; + int err = 0; +@@ -1901,7 +1925,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); +- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); ++ timeo = sock_rcvtimeo(sk, noblock); + + /* Lock the socket to prevent queue disordering + * while sleeps in memcpy_tomsg +@@ -1913,8 +1937,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + } + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(timeo); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -2269,9 +2296,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -103805,7 +103887,7 @@ index eddfdec..e20439d 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2298,8 +2322,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2298,8 +2329,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -104363,26 +104445,25 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..5e0222d +index 0000000..ed4c19a --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,17 @@ +@@ -0,0 +1,16 @@ +#!/bin/bash -+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF -+#include "gcc-plugin.h" -+#include "tree.h" -+#include "tm.h" -+#include "rtl.h" -+#ifdef ENABLE_BUILD_WITH_CXX ++srctree=$(dirname "$0") ++gccplugins_dir=$("$1" -print-file-name=plugin) ++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++#include "gcc-common.h" ++#if __GNUC__ > 4 || __GNUC_MINOR__ >= 8 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 +#else +#warning $1 +#endif -+EOF` ++EOF ++) +if [ $? -eq 0 ] +then -+ [[ "$plugincc" =~ "$1" ]] && echo "$1" -+ [[ "$plugincc" =~ "$2" ]] && echo "$2" ++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" ) +fi diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl index 48462be..3e08f94 100644 @@ -109931,10 +110012,10 @@ index 0000000..dd73713 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..1a98bed +index 0000000..c96f80f --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,451 @@ +@@ -0,0 +1,457 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -109963,7 +110044,7 @@ index 0000000..1a98bed +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201402240545", ++ .version = "201403042150", + .help = NULL +}; + @@ -110135,6 +110216,10 @@ index 0000000..1a98bed + +static bool gate_latent_entropy(void) +{ ++ // don't bother with noreturn functions for now ++ if (TREE_THIS_VOLATILE(current_function_decl)) ++ return false; ++ + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE; +} + @@ -110259,7 +110344,8 @@ index 0000000..1a98bed + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); +//debug_bb(bb); -+ bb = bb->next_bb; ++ gcc_assert(single_succ_p(bb)); ++ bb = single_succ(bb); + + // 3. instrument each BB with an operation on the local entropy variable + while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) { @@ -110269,8 +110355,9 @@ index 0000000..1a98bed + }; + + // 4. mix local entropy into the global entropy variable -+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy); -+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb); ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun))); ++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy); ++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun))); + return 0; +} + |