Grsec/PaX: 3.0-{3.2.66,3.14.28,3.18.2}-20150114232520150114

author: Anthony G. Basile <blueness@gentoo.org> 2015-01-15 19:29:49 -0500
committer: Anthony G. Basile <blueness@gentoo.org> 2015-01-15 19:29:49 -0500
commit: 44e08a97859303381577b13c0c1407626dda2195 (patch)
tree: 85cde8caab039321ace3b6fe728fd69ec2fddde1
parent: Grsec/PaX: 3.0-{3.2.66,3.14.2i,3.18.2}-201501120821 (diff)
download: hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.tar.gz
hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.tar.bz2
hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.zip
6 files changed, 412 insertions, 119 deletions
diff --git a/3.14.28/0000_README b/3.14.28/0000_README
index fd01bb1..ae1226b 100644
--- a/3.14.28/0000_README
+++ b/3.14.28/0000_README
@@ -6,7 +6,7 @@ Patch:	1027_linux-3.14.28.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.14.28
 
-Patch:	4420_grsecurity-3.0-3.14.28-201501120819.patch
+Patch:	4420_grsecurity-3.0-3.14.28-201501142323.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.14.28/4420_grsecurity-3.0-3.14.28-201501120819.patch b/3.14.28/4420_grsecurity-3.0-3.14.28-201501142323.patch
index 2e17d75..7a014f0 100644
--- a/3.14.28/4420_grsecurity-3.0-3.14.28-201501120819.patch
+++ b/3.14.28/4420_grsecurity-3.0-3.14.28-201501142323.patch
@@ -51781,7 +51781,7 @@ index 236ed66..dd9cd74 100644
  		goto err_busy;
  	}
 diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 7a6d85e..4c55a18 100644
+index 7a6d85e..1304fbe 100644
 --- a/drivers/staging/line6/driver.c
 +++ b/drivers/staging/line6/driver.c
 @@ -458,7 +458,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -51832,6 +51832,89 @@ index 7a6d85e..4c55a18 100644
  
  	/* receive the result: */
  	ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -515,7 +522,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ 	struct usb_device *usbdev = line6->usbdev;
+ 	int ret;
+-	unsigned char status;
++	unsigned char *status;
+ 
+ 	ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ 			      USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -528,26 +535,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ 		return ret;
+ 	}
+ 
++	status = kmalloc(1, GFP_KERNEL);
++	if (status == NULL)
++		return -ENOMEM;
++
+ 	do {
+ 		ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 				      0x67,
+ 				      USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ 				      USB_DIR_IN,
+ 				      0x0012, 0x0000,
+-				      &status, 1, LINE6_TIMEOUT * HZ);
++				      status, 1, LINE6_TIMEOUT * HZ);
+ 
+ 		if (ret < 0) {
+ 			dev_err(line6->ifcdev,
+ 				"receiving status failed (error %d)\n", ret);
++			kfree(status);
+ 			return ret;
+ 		}
+-	} while (status == 0xff);
++	} while (*status == 0xff);
+ 
+-	if (status != 0) {
++	if (*status != 0) {
+ 		dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++		kfree(status);
+ 		return -EINVAL;
+ 	}
+ 
++	kfree(status);
++
+ 	return 0;
+ }
+ 
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index af2e7e5..e558d65 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+  */
+ 
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+ 
+ #include "audio.h"
+@@ -304,14 +305,20 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+-	int ticks;
++	int *ticks;
+ 	struct usb_line6 *line6 = &toneport->line6;
+ 	struct usb_device *usbdev = line6->usbdev;
+ 	u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+ 
++	ticks = kmalloc(sizeof(int), GFP_KERNEL);
++	if (ticks == NULL)
++		return;
++
+ 	/* sync time on device with host: */
+-	ticks = (int)get_seconds();
+-	line6_write_data(line6, 0x80c6, &ticks, 4);
++	*ticks = (int)get_seconds();
++	line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++	kfree(ticks);
+ 
+ 	/* enable device: */
+ 	toneport_send_cmd(usbdev, 0x0301, 0x0000);
 diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
 index 3f8020c..649fded 100644
 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c
@@ -73265,10 +73348,10 @@ index 0000000..ca25605
 +
 diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
 new file mode 100644
-index 0000000..a89b1f4
+index 0000000..4c7e00a
 --- /dev/null
 +++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,437 @@
+@@ -0,0 +1,439 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/types.h>
@@ -73701,7 +73784,9 @@ index 0000000..a89b1f4
 +	if (unlikely(!gr_acl_is_enabled()))
 +		return 0;
 +
-+	if (task != current && task->acl->mode & GR_PROTPROCFD)
++	if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++	    !(current->acl->mode & GR_POVERRIDE) &&
++	    !(current->role->roletype & GR_ROLE_GOD))
 +		return -EACCES;
 +
 +	return 0;
diff --git a/3.18.2/0000_README b/3.18.2/0000_README
index a8cc951..2c74448 100644
--- a/3.18.2/0000_README
+++ b/3.18.2/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.0-3.18.2-201501120821.patch
+Patch:	4420_grsecurity-3.0-3.18.2-201501142325.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.18.2/4420_grsecurity-3.0-3.18.2-201501120821.patch b/3.18.2/4420_grsecurity-3.0-3.18.2-201501142325.patch
index 7f13fdf..462cdbf 100644
--- a/3.18.2/4420_grsecurity-3.0-3.18.2-201501120821.patch
+++ b/3.18.2/4420_grsecurity-3.0-3.18.2-201501142325.patch
@@ -962,7 +962,7 @@ index 89c4b5c..847a7be 100644
  	  kexec is a system call that implements the ability to shutdown your
  	  current kernel, and to start another kernel.  It is like a reboot
 diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index e22c119..8fa9957 100644
+index e22c119..eaa807d 100644
 --- a/arch/arm/include/asm/atomic.h
 +++ b/arch/arm/include/asm/atomic.h
 @@ -18,17 +18,41 @@
@@ -1363,7 +1363,7 @@ index e22c119..8fa9957 100644
 +#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \
 +				  __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
 +
-+#define __ATOMIC64_OP_RETURN(op, op1, op2, post_op, extable)		\
++#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable)	\
 +static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \
  {									\
  	long long result;						\
@@ -22268,10 +22268,10 @@ index 01d1c18..8073693 100644
  #include <asm/processor.h>
  #include <asm/fcntl.h>
 diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 344b63f..ccdac7a 100644
+index 344b63f..55adf14 100644
 --- a/arch/x86/kernel/entry_32.S
 +++ b/arch/x86/kernel/entry_32.S
-@@ -177,13 +177,153 @@
+@@ -177,13 +177,154 @@
  	/*CFI_REL_OFFSET gs, PT_GS*/
  .endm
  .macro SET_KERNEL_GS reg
@@ -22400,6 +22400,7 @@ index 344b63f..ccdac7a 100644
 +	jne 1b
 +
 +2:	cld
++	or $2*4, %edi
 +	mov %esp, %ecx
 +	sub %edi, %ecx
 +
@@ -22426,7 +22427,7 @@ index 344b63f..ccdac7a 100644
  	cld
  	PUSH_GS
  	pushl_cfi %fs
-@@ -206,7 +346,7 @@
+@@ -206,7 +347,7 @@
  	CFI_REL_OFFSET ecx, 0
  	pushl_cfi %ebx
  	CFI_REL_OFFSET ebx, 0
@@ -22435,7 +22436,7 @@ index 344b63f..ccdac7a 100644
  	movl %edx, %ds
  	movl %edx, %es
  	movl $(__KERNEL_PERCPU), %edx
-@@ -214,6 +354,15 @@
+@@ -214,6 +355,15 @@
  	SET_KERNEL_GS %edx
  .endm
  
@@ -22451,7 +22452,7 @@ index 344b63f..ccdac7a 100644
  .macro RESTORE_INT_REGS
  	popl_cfi %ebx
  	CFI_RESTORE ebx
-@@ -297,7 +446,7 @@ ENTRY(ret_from_fork)
+@@ -297,7 +447,7 @@ ENTRY(ret_from_fork)
  	popfl_cfi
  	jmp syscall_exit
  	CFI_ENDPROC
@@ -22460,7 +22461,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(ret_from_kernel_thread)
  	CFI_STARTPROC
-@@ -340,7 +489,15 @@ ret_from_intr:
+@@ -340,7 +490,15 @@ ret_from_intr:
  	andl $SEGMENT_RPL_MASK, %eax
  #endif
  	cmpl $USER_RPL, %eax
@@ -22476,7 +22477,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(resume_userspace)
  	LOCKDEP_SYS_EXIT
-@@ -352,8 +509,8 @@ ENTRY(resume_userspace)
+@@ -352,8 +510,8 @@ ENTRY(resume_userspace)
  	andl $_TIF_WORK_MASK, %ecx	# is there any work to be done on
  					# int/exception return?
  	jne work_pending
@@ -22487,7 +22488,7 @@ index 344b63f..ccdac7a 100644
  
  #ifdef CONFIG_PREEMPT
  ENTRY(resume_kernel)
-@@ -365,7 +522,7 @@ need_resched:
+@@ -365,7 +523,7 @@ need_resched:
  	jz restore_all
  	call preempt_schedule_irq
  	jmp need_resched
@@ -22496,7 +22497,7 @@ index 344b63f..ccdac7a 100644
  #endif
  	CFI_ENDPROC
  
-@@ -395,30 +552,45 @@ sysenter_past_esp:
+@@ -395,30 +553,45 @@ sysenter_past_esp:
  	/*CFI_REL_OFFSET cs, 0*/
  	/*
  	 * Push current_thread_info()->sysenter_return to the stack.
@@ -22545,7 +22546,7 @@ index 344b63f..ccdac7a 100644
  	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
  	jnz sysenter_audit
  sysenter_do_call:
-@@ -434,12 +606,24 @@ sysenter_after_call:
+@@ -434,12 +607,24 @@ sysenter_after_call:
  	testl $_TIF_ALLWORK_MASK, %ecx
  	jne sysexit_audit
  sysenter_exit:
@@ -22570,7 +22571,7 @@ index 344b63f..ccdac7a 100644
  	PTGS_TO_GS
  	ENABLE_INTERRUPTS_SYSEXIT
  
-@@ -453,6 +637,9 @@ sysenter_audit:
+@@ -453,6 +638,9 @@ sysenter_audit:
  	pushl_cfi PT_ESI(%esp)		/* a3: 5th arg */
  	pushl_cfi PT_EDX+4(%esp)	/* a2: 4th arg */
  	call __audit_syscall_entry
@@ -22580,7 +22581,7 @@ index 344b63f..ccdac7a 100644
  	popl_cfi %ecx /* get that remapped edx off the stack */
  	popl_cfi %ecx /* get that remapped esi off the stack */
  	movl PT_EAX(%esp),%eax		/* reload syscall number */
-@@ -479,10 +666,16 @@ sysexit_audit:
+@@ -479,10 +667,16 @@ sysexit_audit:
  
  	CFI_ENDPROC
  .pushsection .fixup,"ax"
@@ -22599,7 +22600,7 @@ index 344b63f..ccdac7a 100644
  	PTGS_TO_GS_EX
  ENDPROC(ia32_sysenter_target)
  
-@@ -493,6 +686,11 @@ ENTRY(system_call)
+@@ -493,6 +687,11 @@ ENTRY(system_call)
  	pushl_cfi %eax			# save orig_eax
  	SAVE_ALL
  	GET_THREAD_INFO(%ebp)
@@ -22611,7 +22612,7 @@ index 344b63f..ccdac7a 100644
  					# system call tracing in operation / emulation
  	testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
  	jnz syscall_trace_entry
-@@ -512,6 +710,15 @@ syscall_exit:
+@@ -512,6 +711,15 @@ syscall_exit:
  	testl $_TIF_ALLWORK_MASK, %ecx	# current->work
  	jne syscall_exit_work
  
@@ -22627,7 +22628,7 @@ index 344b63f..ccdac7a 100644
  restore_all:
  	TRACE_IRQS_IRET
  restore_all_notrace:
-@@ -566,14 +773,34 @@ ldt_ss:
+@@ -566,14 +774,34 @@ ldt_ss:
   * compensating for the offset by changing to the ESPFIX segment with
   * a base address that matches for the difference.
   */
@@ -22665,7 +22666,7 @@ index 344b63f..ccdac7a 100644
  	pushl_cfi $__ESPFIX_SS
  	pushl_cfi %eax			/* new kernel esp */
  	/* Disable interrupts, but do not irqtrace this section: we
-@@ -603,20 +830,18 @@ work_resched:
+@@ -603,20 +831,18 @@ work_resched:
  	movl TI_flags(%ebp), %ecx
  	andl $_TIF_WORK_MASK, %ecx	# is there any work to be done other
  					# than syscall tracing?
@@ -22688,7 +22689,7 @@ index 344b63f..ccdac7a 100644
  #endif
  	TRACE_IRQS_ON
  	ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -637,7 +862,7 @@ work_notifysig_v86:
+@@ -637,7 +863,7 @@ work_notifysig_v86:
  	movl %eax, %esp
  	jmp 1b
  #endif
@@ -22697,7 +22698,7 @@ index 344b63f..ccdac7a 100644
  
  	# perform syscall exit tracing
  	ALIGN
-@@ -645,11 +870,14 @@ syscall_trace_entry:
+@@ -645,11 +871,14 @@ syscall_trace_entry:
  	movl $-ENOSYS,PT_EAX(%esp)
  	movl %esp, %eax
  	call syscall_trace_enter
@@ -22713,7 +22714,7 @@ index 344b63f..ccdac7a 100644
  
  	# perform syscall exit tracing
  	ALIGN
-@@ -662,26 +890,30 @@ syscall_exit_work:
+@@ -662,26 +891,30 @@ syscall_exit_work:
  	movl %esp, %eax
  	call syscall_trace_leave
  	jmp resume_userspace
@@ -22748,7 +22749,7 @@ index 344b63f..ccdac7a 100644
  	CFI_ENDPROC
  
  .macro FIXUP_ESPFIX_STACK
-@@ -694,8 +926,15 @@ END(sysenter_badsys)
+@@ -694,8 +927,15 @@ END(sysenter_badsys)
   */
  #ifdef CONFIG_X86_ESPFIX32
  	/* fixup the stack */
@@ -22766,7 +22767,7 @@ index 344b63f..ccdac7a 100644
  	shl $16, %eax
  	addl %esp, %eax			/* the adjusted stack pointer */
  	pushl_cfi $__KERNEL_DS
-@@ -751,7 +990,7 @@ vector=vector+1
+@@ -751,7 +991,7 @@ vector=vector+1
    .endr
  2:	jmp common_interrupt
  .endr
@@ -22775,7 +22776,7 @@ index 344b63f..ccdac7a 100644
  
  .previous
  END(interrupt)
-@@ -808,7 +1047,7 @@ ENTRY(coprocessor_error)
+@@ -808,7 +1048,7 @@ ENTRY(coprocessor_error)
  	pushl_cfi $do_coprocessor_error
  	jmp error_code
  	CFI_ENDPROC
@@ -22784,7 +22785,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(simd_coprocessor_error)
  	RING0_INT_FRAME
-@@ -821,7 +1060,7 @@ ENTRY(simd_coprocessor_error)
+@@ -821,7 +1061,7 @@ ENTRY(simd_coprocessor_error)
  .section .altinstructions,"a"
  	altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
  .previous
@@ -22793,7 +22794,7 @@ index 344b63f..ccdac7a 100644
  663:	pushl $do_simd_coprocessor_error
  664:
  .previous
-@@ -830,7 +1069,7 @@ ENTRY(simd_coprocessor_error)
+@@ -830,7 +1070,7 @@ ENTRY(simd_coprocessor_error)
  #endif
  	jmp error_code
  	CFI_ENDPROC
@@ -22802,7 +22803,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(device_not_available)
  	RING0_INT_FRAME
-@@ -839,18 +1078,18 @@ ENTRY(device_not_available)
+@@ -839,18 +1079,18 @@ ENTRY(device_not_available)
  	pushl_cfi $do_device_not_available
  	jmp error_code
  	CFI_ENDPROC
@@ -22824,7 +22825,7 @@ index 344b63f..ccdac7a 100644
  #endif
  
  ENTRY(overflow)
-@@ -860,7 +1099,7 @@ ENTRY(overflow)
+@@ -860,7 +1100,7 @@ ENTRY(overflow)
  	pushl_cfi $do_overflow
  	jmp error_code
  	CFI_ENDPROC
@@ -22833,7 +22834,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(bounds)
  	RING0_INT_FRAME
-@@ -869,7 +1108,7 @@ ENTRY(bounds)
+@@ -869,7 +1109,7 @@ ENTRY(bounds)
  	pushl_cfi $do_bounds
  	jmp error_code
  	CFI_ENDPROC
@@ -22842,7 +22843,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(invalid_op)
  	RING0_INT_FRAME
-@@ -878,7 +1117,7 @@ ENTRY(invalid_op)
+@@ -878,7 +1118,7 @@ ENTRY(invalid_op)
  	pushl_cfi $do_invalid_op
  	jmp error_code
  	CFI_ENDPROC
@@ -22851,7 +22852,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(coprocessor_segment_overrun)
  	RING0_INT_FRAME
-@@ -887,7 +1126,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -887,7 +1127,7 @@ ENTRY(coprocessor_segment_overrun)
  	pushl_cfi $do_coprocessor_segment_overrun
  	jmp error_code
  	CFI_ENDPROC
@@ -22860,7 +22861,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(invalid_TSS)
  	RING0_EC_FRAME
-@@ -895,7 +1134,7 @@ ENTRY(invalid_TSS)
+@@ -895,7 +1135,7 @@ ENTRY(invalid_TSS)
  	pushl_cfi $do_invalid_TSS
  	jmp error_code
  	CFI_ENDPROC
@@ -22869,7 +22870,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(segment_not_present)
  	RING0_EC_FRAME
-@@ -903,7 +1142,7 @@ ENTRY(segment_not_present)
+@@ -903,7 +1143,7 @@ ENTRY(segment_not_present)
  	pushl_cfi $do_segment_not_present
  	jmp error_code
  	CFI_ENDPROC
@@ -22878,7 +22879,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(stack_segment)
  	RING0_EC_FRAME
-@@ -911,7 +1150,7 @@ ENTRY(stack_segment)
+@@ -911,7 +1151,7 @@ ENTRY(stack_segment)
  	pushl_cfi $do_stack_segment
  	jmp error_code
  	CFI_ENDPROC
@@ -22887,7 +22888,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(alignment_check)
  	RING0_EC_FRAME
-@@ -919,7 +1158,7 @@ ENTRY(alignment_check)
+@@ -919,7 +1159,7 @@ ENTRY(alignment_check)
  	pushl_cfi $do_alignment_check
  	jmp error_code
  	CFI_ENDPROC
@@ -22896,7 +22897,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(divide_error)
  	RING0_INT_FRAME
-@@ -928,7 +1167,7 @@ ENTRY(divide_error)
+@@ -928,7 +1168,7 @@ ENTRY(divide_error)
  	pushl_cfi $do_divide_error
  	jmp error_code
  	CFI_ENDPROC
@@ -22905,7 +22906,7 @@ index 344b63f..ccdac7a 100644
  
  #ifdef CONFIG_X86_MCE
  ENTRY(machine_check)
-@@ -938,7 +1177,7 @@ ENTRY(machine_check)
+@@ -938,7 +1178,7 @@ ENTRY(machine_check)
  	pushl_cfi machine_check_vector
  	jmp error_code
  	CFI_ENDPROC
@@ -22914,7 +22915,7 @@ index 344b63f..ccdac7a 100644
  #endif
  
  ENTRY(spurious_interrupt_bug)
-@@ -948,7 +1187,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -948,7 +1188,7 @@ ENTRY(spurious_interrupt_bug)
  	pushl_cfi $do_spurious_interrupt_bug
  	jmp error_code
  	CFI_ENDPROC
@@ -22923,7 +22924,7 @@ index 344b63f..ccdac7a 100644
  
  #ifdef CONFIG_XEN
  /* Xen doesn't set %esp to be precisely what the normal sysenter
-@@ -1054,7 +1293,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1054,7 +1294,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
  
  ENTRY(mcount)
  	ret
@@ -22932,7 +22933,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(ftrace_caller)
  	pushl %eax
-@@ -1084,7 +1323,7 @@ ftrace_graph_call:
+@@ -1084,7 +1324,7 @@ ftrace_graph_call:
  .globl ftrace_stub
  ftrace_stub:
  	ret
@@ -22941,7 +22942,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(ftrace_regs_caller)
  	pushf	/* push flags before compare (in cs location) */
-@@ -1182,7 +1421,7 @@ trace:
+@@ -1182,7 +1422,7 @@ trace:
  	popl %ecx
  	popl %eax
  	jmp ftrace_stub
@@ -22950,7 +22951,7 @@ index 344b63f..ccdac7a 100644
  #endif /* CONFIG_DYNAMIC_FTRACE */
  #endif /* CONFIG_FUNCTION_TRACER */
  
-@@ -1200,7 +1439,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1200,7 +1440,7 @@ ENTRY(ftrace_graph_caller)
  	popl %ecx
  	popl %eax
  	ret
@@ -22959,7 +22960,7 @@ index 344b63f..ccdac7a 100644
  
  .globl return_to_handler
  return_to_handler:
-@@ -1261,15 +1500,18 @@ error_code:
+@@ -1261,15 +1501,18 @@ error_code:
  	movl $-1, PT_ORIG_EAX(%esp)	# no syscall to restart
  	REG_TO_PTGS %ecx
  	SET_KERNEL_GS %ecx
@@ -22980,7 +22981,7 @@ index 344b63f..ccdac7a 100644
  
  /*
   * Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1312,7 +1554,7 @@ debug_stack_correct:
+@@ -1312,7 +1555,7 @@ debug_stack_correct:
  	call do_debug
  	jmp ret_from_exception
  	CFI_ENDPROC
@@ -22989,7 +22990,7 @@ index 344b63f..ccdac7a 100644
  
  /*
   * NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1352,6 +1594,9 @@ nmi_stack_correct:
+@@ -1352,6 +1595,9 @@ nmi_stack_correct:
  	xorl %edx,%edx		# zero error code
  	movl %esp,%eax		# pt_regs pointer
  	call do_nmi
@@ -22999,7 +23000,7 @@ index 344b63f..ccdac7a 100644
  	jmp restore_all_notrace
  	CFI_ENDPROC
  
-@@ -1389,13 +1634,16 @@ nmi_espfix_stack:
+@@ -1389,13 +1635,16 @@ nmi_espfix_stack:
  	FIXUP_ESPFIX_STACK		# %eax == %esp
  	xorl %edx,%edx			# zero error code
  	call do_nmi
@@ -23017,7 +23018,7 @@ index 344b63f..ccdac7a 100644
  
  ENTRY(int3)
  	RING0_INT_FRAME
-@@ -1408,14 +1656,14 @@ ENTRY(int3)
+@@ -1408,14 +1657,14 @@ ENTRY(int3)
  	call do_int3
  	jmp ret_from_exception
  	CFI_ENDPROC
@@ -23034,7 +23035,7 @@ index 344b63f..ccdac7a 100644
  
  #ifdef CONFIG_KVM_GUEST
  ENTRY(async_page_fault)
-@@ -1424,6 +1672,6 @@ ENTRY(async_page_fault)
+@@ -1424,6 +1673,6 @@ ENTRY(async_page_fault)
  	pushl_cfi $do_async_page_fault
  	jmp error_code
  	CFI_ENDPROC
@@ -23043,7 +23044,7 @@ index 344b63f..ccdac7a 100644
  #endif
  
 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c0226ab..96a8ab7 100644
+index c0226ab..0d1dc48 100644
 --- a/arch/x86/kernel/entry_64.S
 +++ b/arch/x86/kernel/entry_64.S
 @@ -59,6 +59,8 @@
@@ -23055,7 +23056,7 @@ index c0226ab..96a8ab7 100644
  
  /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this.  */
  #include <linux/elf-em.h>
-@@ -81,6 +83,430 @@ ENTRY(native_usergs_sysret64)
+@@ -81,6 +83,431 @@ ENTRY(native_usergs_sysret64)
  ENDPROC(native_usergs_sysret64)
  #endif /* CONFIG_PARAVIRT */
  
@@ -23460,6 +23461,7 @@ index c0226ab..96a8ab7 100644
 +	jne 1b
 +
 +2:	cld
++	or $2*8, %rdi
 +	mov %esp, %ecx
 +	sub %edi, %ecx
 +
@@ -23486,7 +23488,7 @@ index c0226ab..96a8ab7 100644
  
  .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
  #ifdef CONFIG_TRACE_IRQFLAGS
-@@ -117,7 +543,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -117,7 +544,7 @@ ENDPROC(native_usergs_sysret64)
  .endm
  
  .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23495,7 +23497,7 @@ index c0226ab..96a8ab7 100644
  	jnc  1f
  	TRACE_IRQS_ON_DEBUG
  1:
-@@ -155,27 +581,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -155,27 +582,6 @@ ENDPROC(native_usergs_sysret64)
  	movq \tmp,R11+\offset(%rsp)
  	.endm
  
@@ -23523,7 +23525,7 @@ index c0226ab..96a8ab7 100644
  /*
   * initial frame state for interrupts (and exceptions without error code)
   */
-@@ -241,25 +646,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -241,25 +647,26 @@ ENDPROC(native_usergs_sysret64)
  /* save partial stack frame */
  	.macro SAVE_ARGS_IRQ
  	cld
@@ -23563,7 +23565,7 @@ index c0226ab..96a8ab7 100644
  	je 1f
  	SWAPGS
  	/*
-@@ -279,6 +685,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -279,6 +686,18 @@ ENDPROC(native_usergs_sysret64)
  			0x06 /* DW_OP_deref */, \
  			0x08 /* DW_OP_const1u */, SS+8-RBP, \
  			0x22 /* DW_OP_plus */
@@ -23582,7 +23584,7 @@ index c0226ab..96a8ab7 100644
  	/* We entered an interrupt context - irqs are off: */
  	TRACE_IRQS_OFF
  	.endm
-@@ -308,9 +726,52 @@ ENTRY(save_paranoid)
+@@ -308,9 +727,52 @@ ENTRY(save_paranoid)
  	js 1f	/* negative -> in kernel */
  	SWAPGS
  	xorl %ebx,%ebx
@@ -23637,7 +23639,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * A newly forked process directly context switches into this address.
-@@ -331,7 +792,7 @@ ENTRY(ret_from_fork)
+@@ -331,7 +793,7 @@ ENTRY(ret_from_fork)
  
  	RESTORE_REST
  
@@ -23646,7 +23648,7 @@ index c0226ab..96a8ab7 100644
  	jz   1f
  
  	testl $_TIF_IA32, TI_flags(%rcx)	# 32-bit compat task needs IRET
-@@ -341,15 +802,13 @@ ENTRY(ret_from_fork)
+@@ -341,15 +803,13 @@ ENTRY(ret_from_fork)
  	jmp ret_from_sys_call			# go to the SYSRET fastpath
  
  1:
@@ -23663,7 +23665,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * System call entry. Up to 6 arguments in registers are supported.
-@@ -386,7 +845,7 @@ END(ret_from_fork)
+@@ -386,7 +846,7 @@ END(ret_from_fork)
  ENTRY(system_call)
  	CFI_STARTPROC	simple
  	CFI_SIGNAL_FRAME
@@ -23672,7 +23674,7 @@ index c0226ab..96a8ab7 100644
  	CFI_REGISTER	rip,rcx
  	/*CFI_REGISTER	rflags,r11*/
  	SWAPGS_UNSAFE_STACK
-@@ -399,16 +858,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs)
  
  	movq	%rsp,PER_CPU_VAR(old_rsp)
  	movq	PER_CPU_VAR(kernel_stack),%rsp
@@ -23698,7 +23700,7 @@ index c0226ab..96a8ab7 100644
  	jnz tracesys
  system_call_fastpath:
  #if __SYSCALL_MASK == ~0
-@@ -432,10 +898,13 @@ sysret_check:
+@@ -432,10 +899,13 @@ sysret_check:
  	LOCKDEP_SYS_EXIT
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
@@ -23713,7 +23715,7 @@ index c0226ab..96a8ab7 100644
  	/*
  	 * sysretq will re-enable interrupts:
  	 */
-@@ -494,12 +963,15 @@ sysret_audit:
+@@ -494,12 +964,15 @@ sysret_audit:
  
  	/* Do syscall tracing */
  tracesys:
@@ -23731,7 +23733,7 @@ index c0226ab..96a8ab7 100644
  	jmp system_call_fastpath	/*      and return to the fast path */
  
  tracesys_phase2:
-@@ -510,12 +982,14 @@ tracesys_phase2:
+@@ -510,12 +983,14 @@ tracesys_phase2:
  	movq %rax,%rdx
  	call syscall_trace_enter_phase2
  
@@ -23747,7 +23749,7 @@ index c0226ab..96a8ab7 100644
  	RESTORE_REST
  #if __SYSCALL_MASK == ~0
  	cmpq $__NR_syscall_max,%rax
-@@ -545,7 +1019,9 @@ GLOBAL(int_with_check)
+@@ -545,7 +1020,9 @@ GLOBAL(int_with_check)
  	andl %edi,%edx
  	jnz   int_careful
  	andl    $~TS_COMPAT,TI_status(%rcx)
@@ -23758,7 +23760,7 @@ index c0226ab..96a8ab7 100644
  
  	/* Either reschedule or signal or syscall exit tracking needed. */
  	/* First do a reschedule test. */
-@@ -591,7 +1067,7 @@ int_restore_rest:
+@@ -591,7 +1068,7 @@ int_restore_rest:
  	TRACE_IRQS_OFF
  	jmp int_with_check
  	CFI_ENDPROC
@@ -23767,7 +23769,7 @@ index c0226ab..96a8ab7 100644
  
  	.macro FORK_LIKE func
  ENTRY(stub_\func)
-@@ -604,9 +1080,10 @@ ENTRY(stub_\func)
+@@ -604,9 +1081,10 @@ ENTRY(stub_\func)
  	DEFAULT_FRAME 0 8		/* offset 8: return address */
  	call sys_\func
  	RESTORE_TOP_OF_STACK %r11, 8
@@ -23780,7 +23782,7 @@ index c0226ab..96a8ab7 100644
  	.endm
  
  	.macro FIXED_FRAME label,func
-@@ -616,9 +1093,10 @@ ENTRY(\label)
+@@ -616,9 +1094,10 @@ ENTRY(\label)
  	FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
  	call \func
  	RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23792,7 +23794,7 @@ index c0226ab..96a8ab7 100644
  	.endm
  
  	FORK_LIKE  clone
-@@ -626,19 +1104,6 @@ END(\label)
+@@ -626,19 +1105,6 @@ END(\label)
  	FORK_LIKE  vfork
  	FIXED_FRAME stub_iopl, sys_iopl
  
@@ -23812,7 +23814,7 @@ index c0226ab..96a8ab7 100644
  ENTRY(stub_execve)
  	CFI_STARTPROC
  	addq $8, %rsp
-@@ -650,7 +1115,7 @@ ENTRY(stub_execve)
+@@ -650,7 +1116,7 @@ ENTRY(stub_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -23821,7 +23823,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * sigreturn is special because it needs to restore all registers on return.
-@@ -667,7 +1132,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -23830,7 +23832,7 @@ index c0226ab..96a8ab7 100644
  
  #ifdef CONFIG_X86_X32_ABI
  ENTRY(stub_x32_rt_sigreturn)
-@@ -681,7 +1146,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -23839,7 +23841,7 @@ index c0226ab..96a8ab7 100644
  
  ENTRY(stub_x32_execve)
  	CFI_STARTPROC
-@@ -695,7 +1160,7 @@ ENTRY(stub_x32_execve)
+@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -23848,7 +23850,7 @@ index c0226ab..96a8ab7 100644
  
  #endif
  
-@@ -732,7 +1197,7 @@ vector=vector+1
+@@ -732,7 +1198,7 @@ vector=vector+1
  2:	jmp common_interrupt
  .endr
  	CFI_ENDPROC
@@ -23857,7 +23859,7 @@ index c0226ab..96a8ab7 100644
  
  .previous
  END(interrupt)
-@@ -749,8 +1214,8 @@ END(interrupt)
+@@ -749,8 +1215,8 @@ END(interrupt)
  /* 0(%rsp): ~(interrupt number) */
  	.macro interrupt func
  	/* reserve pt_regs for scratch regs and rbp */
@@ -23868,7 +23870,7 @@ index c0226ab..96a8ab7 100644
  	SAVE_ARGS_IRQ
  	call \func
  	.endm
-@@ -773,14 +1238,14 @@ ret_from_intr:
+@@ -773,14 +1239,14 @@ ret_from_intr:
  
  	/* Restore saved previous stack */
  	popq %rsi
@@ -23887,7 +23889,7 @@ index c0226ab..96a8ab7 100644
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -802,12 +1267,35 @@ retint_swapgs:		/* return to user-space */
+@@ -802,12 +1268,35 @@ retint_swapgs:		/* return to user-space */
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23923,7 +23925,7 @@ index c0226ab..96a8ab7 100644
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -845,15 +1333,15 @@ native_irq_return_ldt:
+@@ -845,15 +1334,15 @@ native_irq_return_ldt:
  	SWAPGS
  	movq PER_CPU_VAR(espfix_waddr),%rdi
  	movq %rax,(0*8)(%rdi)	/* RAX */
@@ -23944,7 +23946,7 @@ index c0226ab..96a8ab7 100644
  	movq %rax,(4*8)(%rdi)
  	andl $0xffff0000,%eax
  	popq_cfi %rdi
-@@ -907,7 +1395,7 @@ ENTRY(retint_kernel)
+@@ -907,7 +1396,7 @@ ENTRY(retint_kernel)
  	jmp exit_intr
  #endif
  	CFI_ENDPROC
@@ -23953,7 +23955,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * APIC interrupts.
-@@ -921,7 +1409,7 @@ ENTRY(\sym)
+@@ -921,7 +1410,7 @@ ENTRY(\sym)
  	interrupt \do_sym
  	jmp ret_from_intr
  	CFI_ENDPROC
@@ -23962,7 +23964,7 @@ index c0226ab..96a8ab7 100644
  .endm
  
  #ifdef CONFIG_TRACING
-@@ -994,7 +1482,7 @@ apicinterrupt IRQ_WORK_VECTOR \
+@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \
  /*
   * Exception entry points.
   */
@@ -23971,7 +23973,7 @@ index c0226ab..96a8ab7 100644
  
  .macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
  ENTRY(\sym)
-@@ -1045,6 +1533,12 @@ ENTRY(\sym)
+@@ -1045,6 +1534,12 @@ ENTRY(\sym)
  	.endif
  
  	.if \shift_ist != -1
@@ -23984,7 +23986,7 @@ index c0226ab..96a8ab7 100644
  	subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist)
  	.endif
  
-@@ -1061,7 +1555,7 @@ ENTRY(\sym)
+@@ -1061,7 +1556,7 @@ ENTRY(\sym)
  	.endif
  
  	CFI_ENDPROC
@@ -23993,7 +23995,7 @@ index c0226ab..96a8ab7 100644
  .endm
  
  #ifdef CONFIG_TRACING
-@@ -1102,9 +1596,10 @@ gs_change:
+@@ -1102,9 +1597,10 @@ gs_change:
  2:	mfence		/* workaround */
  	SWAPGS
  	popfq_cfi
@@ -24005,7 +24007,7 @@ index c0226ab..96a8ab7 100644
  
  	_ASM_EXTABLE(gs_change,bad_gs)
  	.section .fixup,"ax"
-@@ -1132,9 +1627,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack)
  	CFI_DEF_CFA_REGISTER	rsp
  	CFI_ADJUST_CFA_OFFSET   -8
  	decl PER_CPU_VAR(irq_count)
@@ -24017,7 +24019,7 @@ index c0226ab..96a8ab7 100644
  
  #ifdef CONFIG_XEN
  idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -1172,7 +1668,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
+@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
  	decl PER_CPU_VAR(irq_count)
  	jmp  error_exit
  	CFI_ENDPROC
@@ -24026,7 +24028,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * Hypervisor uses this for application faults while it executes.
-@@ -1231,7 +1727,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback)
  	SAVE_ALL
  	jmp error_exit
  	CFI_ENDPROC
@@ -24035,7 +24037,7 @@ index c0226ab..96a8ab7 100644
  
  apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
  	xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1278,18 +1774,33 @@ ENTRY(paranoid_exit)
+@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit)
  	DEFAULT_FRAME
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF_DEBUG
@@ -24071,7 +24073,7 @@ index c0226ab..96a8ab7 100644
  	jmp irq_return
  paranoid_userspace:
  	GET_THREAD_INFO(%rcx)
-@@ -1318,7 +1829,7 @@ paranoid_schedule:
+@@ -1318,7 +1830,7 @@ paranoid_schedule:
  	TRACE_IRQS_OFF
  	jmp paranoid_userspace
  	CFI_ENDPROC
@@ -24080,7 +24082,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1345,12 +1856,23 @@ ENTRY(error_entry)
+@@ -1345,12 +1857,23 @@ ENTRY(error_entry)
  	movq %r14, R14+8(%rsp)
  	movq %r15, R15+8(%rsp)
  	xorl %ebx,%ebx
@@ -24105,7 +24107,7 @@ index c0226ab..96a8ab7 100644
  	ret
  
  /*
-@@ -1385,7 +1907,7 @@ error_bad_iret:
+@@ -1385,7 +1908,7 @@ error_bad_iret:
  	decl %ebx	/* Return to usergs */
  	jmp error_sti
  	CFI_ENDPROC
@@ -24114,7 +24116,7 @@ index c0226ab..96a8ab7 100644
  
  
  /* ebx:	no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1396,7 +1918,7 @@ ENTRY(error_exit)
+@@ -1396,7 +1919,7 @@ ENTRY(error_exit)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
  	GET_THREAD_INFO(%rcx)
@@ -24123,7 +24125,7 @@ index c0226ab..96a8ab7 100644
  	jne retint_kernel
  	LOCKDEP_SYS_EXIT_IRQ
  	movl TI_flags(%rcx),%edx
-@@ -1405,7 +1927,7 @@ ENTRY(error_exit)
+@@ -1405,7 +1928,7 @@ ENTRY(error_exit)
  	jnz retint_careful
  	jmp retint_swapgs
  	CFI_ENDPROC
@@ -24132,7 +24134,7 @@ index c0226ab..96a8ab7 100644
  
  /*
   * Test if a given stack is an NMI stack or not.
-@@ -1463,9 +1985,11 @@ ENTRY(nmi)
+@@ -1463,9 +1986,11 @@ ENTRY(nmi)
  	 * If %cs was not the kernel segment, then the NMI triggered in user
  	 * space, which means it is definitely not nested.
  	 */
@@ -24145,7 +24147,7 @@ index c0226ab..96a8ab7 100644
  	/*
  	 * Check the special variable on the stack to see if NMIs are
  	 * executing.
-@@ -1499,8 +2023,7 @@ nested_nmi:
+@@ -1499,8 +2024,7 @@ nested_nmi:
  
  1:
  	/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24155,7 +24157,7 @@ index c0226ab..96a8ab7 100644
  	CFI_ADJUST_CFA_OFFSET 1*8
  	leaq -10*8(%rsp), %rdx
  	pushq_cfi $__KERNEL_DS
-@@ -1518,6 +2041,7 @@ nested_nmi_out:
+@@ -1518,6 +2042,7 @@ nested_nmi_out:
  	CFI_RESTORE rdx
  
  	/* No need to check faults here */
@@ -24163,7 +24165,7 @@ index c0226ab..96a8ab7 100644
  	INTERRUPT_RETURN
  
  	CFI_RESTORE_STATE
-@@ -1614,13 +2138,13 @@ end_repeat_nmi:
+@@ -1614,13 +2139,13 @@ end_repeat_nmi:
  	subq $ORIG_RAX-R15, %rsp
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	/*
@@ -24179,7 +24181,7 @@ index c0226ab..96a8ab7 100644
  	DEFAULT_FRAME 0
  
  	/*
-@@ -1630,9 +2154,9 @@ end_repeat_nmi:
+@@ -1630,9 +2155,9 @@ end_repeat_nmi:
  	 * NMI itself takes a page fault, the page fault that was preempted
  	 * will read the information from the NMI page fault and not the
  	 * origin fault. Save it off and restore it if it changes.
@@ -24191,7 +24193,7 @@ index c0226ab..96a8ab7 100644
  
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
-@@ -1641,29 +2165,34 @@ end_repeat_nmi:
+@@ -1641,29 +2166,34 @@ end_repeat_nmi:
  
  	/* Did the NMI take a page fault? Restore cr2 if it did */
  	movq %cr2, %rcx
@@ -26555,7 +26557,7 @@ index e127dda..94e384d 100644
 +}
 +#endif
 diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 8f3ebfe..e6ced5a 100644
+index 8f3ebfe..cbc731b 100644
 --- a/arch/x86/kernel/process_32.c
 +++ b/arch/x86/kernel/process_32.c
 @@ -64,6 +64,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
@@ -26600,7 +26602,7 @@ index 8f3ebfe..e6ced5a 100644
  
  	p->thread.sp = (unsigned long) childregs;
  	p->thread.sp0 = (unsigned long) (childregs+1);
-+	p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++	p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
  	memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
  
  	if (unlikely(p->flags & PF_KTHREAD)) {
@@ -26664,7 +26666,7 @@ index 8f3ebfe..e6ced5a 100644
  }
 -
 diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 5a2c029..a7f67d3 100644
+index 5a2c029..ec8611d 100644
 --- a/arch/x86/kernel/process_64.c
 +++ b/arch/x86/kernel/process_64.c
 @@ -158,10 +158,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
@@ -26676,7 +26678,7 @@ index 5a2c029..a7f67d3 100644
  	childregs = task_pt_regs(p);
  	p->thread.sp = (unsigned long) childregs;
  	p->thread.usersp = me->thread.usersp;
-+	p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++	p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
  	set_tsk_thread_flag(p, TIF_FORK);
  	p->thread.io_bitmap_ptr = NULL;
  
@@ -37569,7 +37571,7 @@ index 472168c..4af587e 100644
  static ssize_t show_node_state(struct device *dev,
  			       struct device_attribute *attr, char *buf)
 diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index fb83d4a..4aa50ec 100644
+index fb83d4a..e1797b3 100644
 --- a/drivers/base/power/domain.c
 +++ b/drivers/base/power/domain.c
 @@ -1725,7 +1725,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
@@ -37590,6 +37592,17 @@ index fb83d4a..4aa50ec 100644
  	int ret = 0;
  
  	if (IS_ERR_OR_NULL(genpd))
+@@ -2215,7 +2215,9 @@ int genpd_dev_pm_attach(struct device *dev)
+ 		return ret;
+ 	}
+ 
+-	dev->pm_domain->detach = genpd_dev_pm_detach;
++	pax_open_kernel();
++	*(void **)&dev->pm_domain->detach = genpd_dev_pm_detach;
++	pax_close_kernel();
+ 
+ 	return 0;
+ }
 diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
 index a9d26ed..74b8405 100644
 --- a/drivers/base/power/sysfs.c
@@ -40090,6 +40103,19 @@ index 3784e81..73637b5 100644
  
  static struct {
  	spinlock_t lock;
+diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
+index 415682f..08438b8 100644
+--- a/drivers/gpio/gpio-omap.c
++++ b/drivers/gpio/gpio-omap.c
+@@ -1162,7 +1162,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
+ 	const struct omap_gpio_platform_data *pdata;
+ 	struct resource *res;
+ 	struct gpio_bank *bank;
+-	struct irq_chip *irqc;
++	irq_chip_no_const *irqc;
+ 	int ret;
+ 
+ 	match = of_match_device(of_match_ptr(omap_gpio_match), dev);
 diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
 index bf6c094..6573caf 100644
 --- a/drivers/gpio/gpio-rcar.c
@@ -43693,6 +43719,19 @@ index 38493ff..001538b 100644
  	.name			= "GIC",
  	.irq_mask		= gic_mask_irq,
  	.irq_unmask		= gic_unmask_irq,
+diff --git a/drivers/irqchip/irq-renesas-intc-irqpin.c b/drivers/irqchip/irq-renesas-intc-irqpin.c
+index 542e850..1bb094c 100644
+--- a/drivers/irqchip/irq-renesas-intc-irqpin.c
++++ b/drivers/irqchip/irq-renesas-intc-irqpin.c
+@@ -353,7 +353,7 @@ static int intc_irqpin_probe(struct platform_device *pdev)
+ 	struct intc_irqpin_iomem *i;
+ 	struct resource *io[INTC_IRQPIN_REG_NR];
+ 	struct resource *irq;
+-	struct irq_chip *irq_chip;
++	irq_chip_no_const *irq_chip;
+ 	void (*enable_fn)(struct irq_data *d);
+ 	void (*disable_fn)(struct irq_data *d);
+ 	const char *name = dev_name(dev);
 diff --git a/drivers/irqchip/irq-renesas-irqc.c b/drivers/irqchip/irq-renesas-irqc.c
 index 8777065..a4a9967 100644
 --- a/drivers/irqchip/irq-renesas-irqc.c
@@ -51888,7 +51927,7 @@ index 9cb222e..8766f26 100644
  
  	imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
 diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 503b2d7..c918745 100644
+index 503b2d7..c904931 100644
 --- a/drivers/staging/line6/driver.c
 +++ b/drivers/staging/line6/driver.c
 @@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -51939,6 +51978,89 @@ index 503b2d7..c918745 100644
  
  	/* receive the result: */
  	ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -520,7 +527,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ 	struct usb_device *usbdev = line6->usbdev;
+ 	int ret;
+-	unsigned char status;
++	unsigned char *status;
+ 
+ 	ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ 			      USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -533,26 +540,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ 		return ret;
+ 	}
+ 
++	status = kmalloc(1, GFP_KERNEL);
++	if (status == NULL)
++		return -ENOMEM;
++
+ 	do {
+ 		ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 				      0x67,
+ 				      USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ 				      USB_DIR_IN,
+ 				      0x0012, 0x0000,
+-				      &status, 1, LINE6_TIMEOUT * HZ);
++				      status, 1, LINE6_TIMEOUT * HZ);
+ 
+ 		if (ret < 0) {
+ 			dev_err(line6->ifcdev,
+ 				"receiving status failed (error %d)\n", ret);
++			kfree(status);
+ 			return ret;
+ 		}
+-	} while (status == 0xff);
++	} while (*status == 0xff);
+ 
+-	if (status != 0) {
++	if (*status != 0) {
+ 		dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++		kfree(status);
+ 		return -EINVAL;
+ 	}
+ 
++	kfree(status);
++
+ 	return 0;
+ }
+ 
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index 6943715..0a93632 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+  */
+ 
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+ 
+ #include "audio.h"
+@@ -307,14 +308,20 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+-	int ticks;
++	int *ticks;
+ 	struct usb_line6 *line6 = &toneport->line6;
+ 	struct usb_device *usbdev = line6->usbdev;
+ 	u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+ 
++	ticks = kmalloc(sizeof(int), GFP_KERNEL);
++	if (ticks == NULL)
++		return;
++
+ 	/* sync time on device with host: */
+-	ticks = (int)get_seconds();
+-	line6_write_data(line6, 0x80c6, &ticks, 4);
++	*ticks = (int)get_seconds();
++	line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++	kfree(ticks);
+ 
+ 	/* enable device: */
+ 	toneport_send_cmd(usbdev, 0x0301, 0x0000);
 diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
 index a94f336..6a1924d 100644
 --- a/drivers/staging/lustre/lnet/selftest/brw_test.c
@@ -60543,7 +60665,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index 7302b75..7d61d19 100644
+index 7302b75..b917171 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -61330,7 +61452,7 @@ index 7302b75..7d61d19 100644
 +{
 +	unsigned long sp = (unsigned long)&sp;
 +	if (sp < current_thread_info()->lowest_stack &&
-+	    sp > (unsigned long)task_stack_page(current))
++	    sp >= (unsigned long)task_stack_page(current) + 2 * sizeof(unsigned long))
 +		current_thread_info()->lowest_stack = sp;
 +	if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
 +		BUG();
@@ -72276,10 +72398,10 @@ index 0000000..ca25605
 +
 diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
 new file mode 100644
-index 0000000..4008fdc
+index 0000000..8ee8e4f
 --- /dev/null
 +++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,445 @@
+@@ -0,0 +1,447 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/types.h>
@@ -72720,7 +72842,9 @@ index 0000000..4008fdc
 +	if (unlikely(!gr_acl_is_enabled()))
 +		return 0;
 +
-+	if (task != current && task->acl->mode & GR_PROTPROCFD)
++	if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++	    !(current->acl->mode & GR_POVERRIDE) &&
++	    !(current->role->roletype & GR_ROLE_GOD))
 +		return -EACCES;
 +
 +	return 0;
diff --git a/3.2.66/0000_README b/3.2.66/0000_README
index 22258ee..f224bbd 100644
--- a/3.2.66/0000_README
+++ b/3.2.66/0000_README
@@ -182,7 +182,7 @@ Patch:	1065_linux-3.2.66.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.66
 
-Patch:	4420_grsecurity-3.0-3.2.66-201501111416.patch
+Patch:	4420_grsecurity-3.0-3.2.66-201501142321.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.66/4420_grsecurity-3.0-3.2.66-201501111416.patch b/3.2.66/4420_grsecurity-3.0-3.2.66-201501142321.patch
index 3b28713..0a514cd 100644
--- a/3.2.66/4420_grsecurity-3.0-3.2.66-201501111416.patch
+++ b/3.2.66/4420_grsecurity-3.0-3.2.66-201501142321.patch
@@ -50211,7 +50211,7 @@ index 66a34ad..65f6aea 100644
  	/* A userspace program has probably made an error if it tries to
  	 *  read something that is not a whole number of bpds.
 diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 851b762..9cdf4528 100644
+index 851b762..c09c498 100644
 --- a/drivers/staging/line6/driver.c
 +++ b/drivers/staging/line6/driver.c
 @@ -551,7 +551,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -50262,6 +50262,88 @@ index 851b762..9cdf4528 100644
  
  	/* receive the result: */
  	ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -608,7 +615,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ 	struct usb_device *usbdev = line6->usbdev;
+ 	int ret;
+-	unsigned char status;
++	unsigned char *status;
+ 
+ 	ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ 			      USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -621,26 +628,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ 		return ret;
+ 	}
+ 
++	status = kmalloc(1, GFP_KERNEL);
++	if (status == NULL)
++		return -ENOMEM;
++
+ 	do {
+ 		ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 				      0x67,
+ 				      USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ 				      USB_DIR_IN,
+ 				      0x0012, 0x0000,
+-				      &status, 1, LINE6_TIMEOUT * HZ);
++				      status, 1, LINE6_TIMEOUT * HZ);
+ 
+ 		if (ret < 0) {
+ 			dev_err(line6->ifcdev,
+ 				"receiving status failed (error %d)\n", ret);
++			kfree(status);
+ 			return ret;
+ 		}
+-	} while (status == 0xff);
++	} while (*status == 0xff);
+ 
+-	if (status != 0) {
++	if (*status != 0) {
+ 		dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++		kfree(status);
+ 		return -EINVAL;
+ 	}
+ 
++	kfree(status);
++
+ 	return 0;
+ }
+ 
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index 879e699..0d53b97 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+  */
+ 
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+ 
+ #include "audio.h"
+@@ -310,13 +311,19 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+-	int ticks;
++	int *ticks;
+ 	struct usb_line6 *line6 = &toneport->line6;
+ 	struct usb_device *usbdev = line6->usbdev;
+ 
++	ticks = kmalloc(sizeof(int), GFP_KERNEL);
++	if (ticks == NULL)
++		return;
++
+ 	/* sync time on device with host: */
+-	ticks = (int)get_seconds();
+-	line6_write_data(line6, 0x80c6, &ticks, 4);
++	*ticks = (int)get_seconds();
++	line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++	kfree(ticks);
+ 
+ 	/* enable device: */
+ 	toneport_send_cmd(usbdev, 0x0301, 0x0000);
 diff --git a/drivers/staging/media/solo6x10/g723.c b/drivers/staging/media/solo6x10/g723.c
 index 2cd0de2..0169c04 100644
 --- a/drivers/staging/media/solo6x10/g723.c
@@ -72034,10 +72116,10 @@ index 0000000..ca25605
 +
 diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
 new file mode 100644
-index 0000000..0805fd9
+index 0000000..b916759
 --- /dev/null
 +++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,437 @@
+@@ -0,0 +1,439 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/types.h>
@@ -72470,7 +72552,9 @@ index 0000000..0805fd9
 +	if (unlikely(!gr_acl_is_enabled()))
 +		return 0;
 +
-+	if (task != current && task->acl->mode & GR_PROTPROCFD)
++	if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++	    !(current->acl->mode & GR_POVERRIDE) &&
++	    !(current->role->roletype & GR_ROLE_GOD))
 +		return -EACCES;
 +
 +	return 0;
author	Anthony G. Basile <blueness@gentoo.org>	2015-01-15 19:29:49 -0500
committer	Anthony G. Basile <blueness@gentoo.org>	2015-01-15 19:29:49 -0500
commit	44e08a97859303381577b13c0c1407626dda2195 (patch)
tree	85cde8caab039321ace3b6fe728fd69ec2fddde1
parent	Grsec/PaX: 3.0-{3.2.66,3.14.2i,3.18.2}-201501120821 (diff)
download	hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.tar.gz hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.tar.bz2 hardened-patchset-44e08a97859303381577b13c0c1407626dda2195.zip