grsecurity-3.1-4.5.2-201604290633

2 files changed, 90 insertions, 55 deletions

diff --git a/4.5.2/0000_README b/4.5.2/0000_README
index 6857874..53f08f8 100644
--- a/4.5.2/0000_README
+++ b/4.5.2/0000_README
@@ -6,7 +6,7 @@ Patch:	1001_linux-4.5.2.patch
 From:	http://www.kernel.org
 Desc:	Linux 4.5.2
 
-Patch:	4420_grsecurity-3.1-4.5.2-201604282058.patch
+Patch:	4420_grsecurity-3.1-4.5.2-201604290633.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/4.5.2/4420_grsecurity-3.1-4.5.2-201604282058.patch b/4.5.2/4420_grsecurity-3.1-4.5.2-201604290633.patch
index 00a02a9..89fb9b5 100644
--- a/4.5.2/4420_grsecurity-3.1-4.5.2-201604282058.patch
+++ b/4.5.2/4420_grsecurity-3.1-4.5.2-201604290633.patch
@@ -15850,7 +15850,7 @@ index 1a4477c..0031513 100644
  		) {
  
 diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S
-index bb3e376..567eb30 100644
+index bb3e376..c49752a 100644
 --- a/arch/x86/entry/entry_32.S
 +++ b/arch/x86/entry/entry_32.S
 @@ -147,13 +147,157 @@
@@ -16231,7 +16231,7 @@ index bb3e376..567eb30 100644
  
  ENTRY(simd_coprocessor_error)
  	ASM_CLAC
-@@ -540,7 +758,7 @@ ENTRY(simd_coprocessor_error)
+@@ -540,20 +758,20 @@ ENTRY(simd_coprocessor_error)
  	pushl	$do_simd_coprocessor_error
  #endif
  	jmp	error_code
@@ -16240,7 +16240,13 @@ index bb3e376..567eb30 100644
  
  ENTRY(device_not_available)
  	ASM_CLAC
-@@ -553,7 +771,7 @@ END(device_not_available)
+ 	pushl	$-1				# mark this as an int
+ 	pushl	$do_device_not_available
+ 	jmp	error_code
+-END(device_not_available)
++ENDPROC(device_not_available)
+ 
+ #ifdef CONFIG_PARAVIRT
  ENTRY(native_iret)
  	iret
  	_ASM_EXTABLE(native_iret, iret_exc)
@@ -42998,10 +43004,17 @@ index eae5107..26e7a39 100644
  }
  EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
 diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c
-index cd83d47..3ad4309 100644
+index cd83d47..3d6afab 100644
 --- a/drivers/cpufreq/intel_pstate.c
 +++ b/drivers/cpufreq/intel_pstate.c
-@@ -147,7 +147,7 @@ static inline int32_t get_target_pstate_use_performance(struct cpudata *cpu);
+@@ -141,13 +141,13 @@ struct pstate_funcs {
+ struct cpu_defaults {
+ 	struct pstate_adjust_policy pid_policy;
+ 	struct pstate_funcs funcs;
+-};
++} __do_const;
+ 
+ static inline int32_t get_target_pstate_use_performance(struct cpudata *cpu);
  static inline int32_t get_target_pstate_use_cpu_load(struct cpudata *cpu);
  
  static struct pstate_adjust_policy pid_params;
@@ -45690,6 +45703,26 @@ index 813ef23..17928d6 100644
  			      struct drm_display_mode *mode)
  {
  	struct drm_device *dev = connector->dev;
+diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c b/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
+index 7cd87a0..be562ce 100644
+--- a/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
++++ b/drivers/gpu/drm/gma500/mdfld_dsi_dpi.c
+@@ -120,9 +120,14 @@ static void dsi_set_pipe_plane_enable_state(struct drm_device *dev,
+ 	u32 pipeconf_reg = PIPEACONF;
+ 	u32 dspcntr_reg = DSPACNTR;
+ 
+-	u32 dspcntr = dev_priv->dspcntr[pipe];
++	u32 dspcntr;
+ 	u32 mipi = MIPI_PORT_EN | PASS_FROM_SPHY_TO_AFE | SEL_FLOPPED_HSTX;
+ 
++	if (pipe == -1)
++		return;
++
++	dspcntr = dev_priv->dspcntr[pipe];
++
+ 	if (pipe) {
+ 		pipeconf_reg = PIPECCONF;
+ 		dspcntr_reg = DSPCCNTR;
 diff --git a/drivers/gpu/drm/gma500/mdfld_dsi_output.c b/drivers/gpu/drm/gma500/mdfld_dsi_output.c
 index d758f4c..7828190 100644
 --- a/drivers/gpu/drm/gma500/mdfld_dsi_output.c
@@ -65533,9 +65566,20 @@ index 1fc622b..8c48fc3 100644
  
  extern struct oprofile_stat_struct oprofile_stats;
 diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c
-index b48ac630..df1b012 100644
+index b48ac630..0a69794 100644
 --- a/drivers/oprofile/oprofilefs.c
 +++ b/drivers/oprofile/oprofilefs.c
+@@ -176,8 +176,8 @@ int oprofilefs_create_ro_ulong(struct dentry *root,
+ 
+ static ssize_t atomic_read_file(struct file *file, char __user *buf, size_t count, loff_t *offset)
+ {
+-	atomic_t *val = file->private_data;
+-	return oprofilefs_ulong_to_user(atomic_read(val), buf, count, offset);
++	atomic_unchecked_t *val = file->private_data;
++	return oprofilefs_ulong_to_user(atomic_read_unchecked(val), buf, count, offset);
+ }
+ 
+ 
 @@ -189,7 +189,7 @@ static const struct file_operations atomic_ro_fops = {
  
  
@@ -66251,7 +66295,7 @@ index e9caa34..72ed655 100644
  		.ident = "Sony Vaio",
  		.matches = {
 diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index a268a7a..67a0be4 100644
+index a268a7a..558ca4c 100644
 --- a/drivers/platform/x86/thinkpad_acpi.c
 +++ b/drivers/platform/x86/thinkpad_acpi.c
 @@ -2461,10 +2461,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn,
@@ -66275,15 +66319,7 @@ index a268a7a..67a0be4 100644
  {
  	int status;
  
-@@ -4221,6 +4221,7 @@ static const struct attribute_group bluetooth_attr_group = {
- 	.attrs = bluetooth_attributes,
- };
- 
-+const struct tpacpi_rfk_ops bluetooth_tprfk_ops_;
- static const struct tpacpi_rfk_ops bluetooth_tprfk_ops = {
- 	.get_status = bluetooth_get_status,
- 	.set_status = bluetooth_set_status,
-@@ -4352,7 +4353,7 @@ static int wan_get_status(void)
+@@ -4352,7 +4352,7 @@ static int wan_get_status(void)
  			TPACPI_RFK_RADIO_ON : TPACPI_RFK_RADIO_OFF;
  }
  
@@ -66292,7 +66328,7 @@ index a268a7a..67a0be4 100644
  {
  	int status;
  
-@@ -4538,7 +4539,7 @@ static int uwb_get_status(void)
+@@ -4538,7 +4538,7 @@ static int uwb_get_status(void)
  			TPACPI_RFK_RADIO_ON : TPACPI_RFK_RADIO_OFF;
  }
  
@@ -66301,7 +66337,7 @@ index a268a7a..67a0be4 100644
  {
  	int status;
  
-@@ -9450,7 +9451,7 @@ static struct ibm_init_struct ibms_init[] __initdata = {
+@@ -9450,7 +9450,7 @@ static struct ibm_init_struct ibms_init[] __initdata = {
  	},
  };
  
@@ -134194,19 +134230,20 @@ index 30f5362..8ed8ac9 100644
  	void *pmi_pal;
  	u8 *vbe_state_orig;		/*
 diff --git a/init/Kconfig b/init/Kconfig
-index 2232080..c5df76e 100644
+index 2232080..ae4d217 100644
 --- a/init/Kconfig
 +++ b/init/Kconfig
-@@ -286,6 +286,8 @@ config FHANDLE
+@@ -285,7 +285,8 @@ config FHANDLE
+ 
  config USELIB
  	bool "uselib syscall"
- 	def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
+-	def_bool ALPHA || M68K || SPARC || X86_32 || IA32_EMULATION
 +	default n
 +	depends on !GRKERNSEC
  	help
  	  This option enables the uselib syscall, a system call used in the
  	  dynamic linker from libc5 and earlier.  glibc does not use this
-@@ -628,6 +630,7 @@ config RCU_FAST_NO_HZ
+@@ -628,6 +629,7 @@ config RCU_FAST_NO_HZ
  config TREE_RCU_TRACE
  	def_bool RCU_TRACE && ( TREE_RCU || PREEMPT_RCU )
  	select DEBUG_FS
@@ -134214,7 +134251,7 @@ index 2232080..c5df76e 100644
  	help
  	  This option provides tracing for the TREE_RCU and
  	  PREEMPT_RCU implementations, permitting Makefile to
-@@ -1132,6 +1135,7 @@ endif # CGROUPS
+@@ -1132,6 +1134,7 @@ endif # CGROUPS
  config CHECKPOINT_RESTORE
  	bool "Checkpoint/restore support" if EXPERT
  	select PROC_CHILDREN
@@ -134222,7 +134259,7 @@ index 2232080..c5df76e 100644
  	default n
  	help
  	  Enables additional kernel features in a sake of checkpoint/restore.
-@@ -1676,7 +1680,7 @@ config SLUB_DEBUG
+@@ -1676,7 +1679,7 @@ config SLUB_DEBUG
  
  config COMPAT_BRK
  	bool "Disable heap randomization"
@@ -137469,7 +137506,7 @@ index 0551c21..f753f95 100644
  	debug_mutex_free_waiter(&waiter);
  	mutex_release(&lock->dep_map, 1, ip);
 diff --git a/kernel/module.c b/kernel/module.c
-index 794ebe8..70e7897 100644
+index 794ebe8..74c285e 100644
 --- a/kernel/module.c
 +++ b/kernel/module.c
 @@ -59,6 +59,7 @@
@@ -137631,7 +137668,7 @@ index 794ebe8..70e7897 100644
 +	__mod_update_bounds_rx(mod->core_layout.base_rx, mod->core_layout.size_rx);
 +	__mod_update_bounds_rw(mod->core_layout.base_rw, mod->core_layout.size_rw);
 +	if (mod->init_layout.size_rx)
-+		__mod_update_bounds_rw(mod->init_layout.base_rx, mod->init_layout.size_rx);
++		__mod_update_bounds_rx(mod->init_layout.base_rx, mod->init_layout.size_rx);
 +	if (mod->init_layout.size_rw)
 +		__mod_update_bounds_rw(mod->init_layout.base_rw, mod->init_layout.size_rw);
  }
@@ -137992,7 +138029,7 @@ index 794ebe8..70e7897 100644
  }
  
  /*
-@@ -2509,7 +2593,11 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2509,7 +2593,9 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
  	Elf_Shdr *symsec = &info->sechdrs[info->index.sym];
  
  	/* Set up to point into init section. */
@@ -138000,12 +138037,10 @@ index 794ebe8..70e7897 100644
 +	mod->kallsyms = mod->init_layout.base_rx + info->mod_kallsyms_init_off;
 +
 +	pax_open_kernel();
-+
-+	pax_open_kernel();
  
  	mod->kallsyms->symtab = (void *)symsec->sh_addr;
  	mod->kallsyms->num_symtab = symsec->sh_size / sizeof(Elf_Sym);
-@@ -2522,8 +2610,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2522,8 +2608,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
  			= elf_type(&mod->kallsyms->symtab[i], info);
  
  	/* Now populate the cut down core kallsyms for after init. */
@@ -138016,7 +138051,7 @@ index 794ebe8..70e7897 100644
  	src = mod->kallsyms->symtab;
  	for (ndst = i = 0; i < mod->kallsyms->num_symtab; i++) {
  		if (i == 0 ||
-@@ -2536,6 +2624,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2536,6 +2622,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
  		}
  	}
  	mod->core_kallsyms.num_symtab = ndst;
@@ -138025,7 +138060,7 @@ index 794ebe8..70e7897 100644
  }
  #else
  static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2835,7 +2925,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2835,7 +2923,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
  	mod = (void *)info->sechdrs[info->index.mod].sh_addr;
  
  	if (info->index.sym == 0) {
@@ -138041,7 +138076,7 @@ index 794ebe8..70e7897 100644
  		return ERR_PTR(-ENOEXEC);
  	}
  
-@@ -2851,8 +2949,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2851,8 +2947,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
  static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  {
  	const char *modmagic = get_modinfo(info, "vermagic");
@@ -138056,7 +138091,7 @@ index 794ebe8..70e7897 100644
  	if (flags & MODULE_INIT_IGNORE_VERMAGIC)
  		modmagic = NULL;
  
-@@ -2877,7 +2981,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2877,7 +2979,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
  	}
  
  	/* Set up license info based on the info section */
@@ -138065,7 +138100,7 @@ index 794ebe8..70e7897 100644
  
  	return 0;
  }
-@@ -2974,7 +3078,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2974,7 +3076,7 @@ static int move_module(struct module *mod, struct load_info *info)
  	void *ptr;
  
  	/* Do the allocs. */
@@ -138074,7 +138109,7 @@ index 794ebe8..70e7897 100644
  	/*
  	 * The pointer to this block is stored in the module structure
  	 * which is inside the block. Just mark it as not being a
-@@ -2984,11 +3088,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2984,11 +3086,11 @@ static int move_module(struct module *mod, struct load_info *info)
  	if (!ptr)
  		return -ENOMEM;
  
@@ -138090,7 +138125,7 @@ index 794ebe8..70e7897 100644
  		/*
  		 * The pointer to this block is stored in the module structure
  		 * which is inside the block. This block doesn't need to be
-@@ -2997,13 +3101,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2997,13 +3099,45 @@ static int move_module(struct module *mod, struct load_info *info)
  		 */
  		kmemleak_ignore(ptr);
  		if (!ptr) {
@@ -138140,7 +138175,7 @@ index 794ebe8..70e7897 100644
  
  	/* Transfer each section which specifies SHF_ALLOC */
  	pr_debug("final section addresses:\n");
-@@ -3014,16 +3150,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -3014,16 +3148,45 @@ static int move_module(struct module *mod, struct load_info *info)
  		if (!(shdr->sh_flags & SHF_ALLOC))
  			continue;
  
@@ -138193,7 +138228,7 @@ index 794ebe8..70e7897 100644
  		pr_debug("\t0x%lx %s\n",
  			 (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
  	}
-@@ -3080,12 +3245,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -3080,12 +3243,12 @@ static void flush_module_icache(const struct module *mod)
  	 * Do it before processing of module parameters, so the module
  	 * can provide parameter accessor functions of its own.
  	 */
@@ -138212,7 +138247,7 @@ index 794ebe8..70e7897 100644
  
  	set_fs(old_fs);
  }
-@@ -3143,8 +3308,10 @@ static void module_deallocate(struct module *mod, struct load_info *info)
+@@ -3143,8 +3306,10 @@ static void module_deallocate(struct module *mod, struct load_info *info)
  {
  	percpu_modfree(mod);
  	module_arch_freeing_init(mod);
@@ -138225,7 +138260,7 @@ index 794ebe8..70e7897 100644
  }
  
  int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -3157,7 +3324,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -3157,7 +3322,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
  static int post_relocation(struct module *mod, const struct load_info *info)
  {
  	/* Sort exception table now relocations are done. */
@@ -138235,7 +138270,7 @@ index 794ebe8..70e7897 100644
  
  	/* Copy relocated percpu area over. */
  	percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3205,13 +3374,15 @@ static void do_mod_ctors(struct module *mod)
+@@ -3205,13 +3372,15 @@ static void do_mod_ctors(struct module *mod)
  /* For freeing module_init on success, in case kallsyms traversing */
  struct mod_initfree {
  	struct rcu_head rcu;
@@ -138253,7 +138288,7 @@ index 794ebe8..70e7897 100644
  	kfree(m);
  }
  
-@@ -3231,7 +3402,8 @@ static noinline int do_init_module(struct module *mod)
+@@ -3231,7 +3400,8 @@ static noinline int do_init_module(struct module *mod)
  		ret = -ENOMEM;
  		goto fail;
  	}
@@ -138263,7 +138298,7 @@ index 794ebe8..70e7897 100644
  
  	/*
  	 * We want to find out whether @mod uses async during init.  Clear
-@@ -3290,10 +3462,10 @@ static noinline int do_init_module(struct module *mod)
+@@ -3290,10 +3460,10 @@ static noinline int do_init_module(struct module *mod)
  	mod_tree_remove_init(mod);
  	disable_ro_nx(&mod->init_layout);
  	module_arch_freeing_init(mod);
@@ -138278,7 +138313,7 @@ index 794ebe8..70e7897 100644
  	/*
  	 * We want to free module_init, but be aware that kallsyms may be
  	 * walking this with preempt disabled.  In all the failure paths, we
-@@ -3481,9 +3653,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3481,9 +3651,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
  	if (err)
  		goto free_unload;
  
@@ -138317,7 +138352,7 @@ index 794ebe8..70e7897 100644
  	/* Fix up syms, so that st_value is a pointer to location. */
  	err = simplify_symbols(mod, info);
  	if (err < 0)
-@@ -3499,13 +3700,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3499,13 +3698,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
  
  	flush_module_icache(mod);
  
@@ -138331,7 +138366,7 @@ index 794ebe8..70e7897 100644
  	dynamic_debug_setup(info->debug, info->num_debug);
  
  	/* Ftrace init must be called in the MODULE_STATE_UNFORMED state */
-@@ -3557,11 +3751,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3557,11 +3749,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
   ddebug_cleanup:
  	dynamic_debug_remove(info->debug);
  	synchronize_sched();
@@ -138344,7 +138379,7 @@ index 794ebe8..70e7897 100644
   free_unload:
  	module_unload_free(mod);
   unlink_mod:
-@@ -3581,7 +3774,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3581,7 +3772,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
  	 */
  	ftrace_release_mod(mod);
  	/* Free lock-classes; relies on the preceding sync_rcu() */
@@ -138354,7 +138389,7 @@ index 794ebe8..70e7897 100644
  
  	module_deallocate(mod, info);
   free_copy:
-@@ -3664,10 +3858,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3664,10 +3856,16 @@ static const char *get_ksymbol(struct module *mod,
  	struct mod_kallsyms *kallsyms = rcu_dereference_sched(mod->kallsyms);
  
  	/* At worse, next value is at end of module */
@@ -138374,7 +138409,7 @@ index 794ebe8..70e7897 100644
  
  	/* Scan for closest preceding symbol, and next symbol. (ELF
  	   starts real symbols at 1). */
-@@ -3920,7 +4120,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3920,7 +4118,7 @@ static int m_show(struct seq_file *m, void *p)
  		return 0;
  
  	seq_printf(m, "%s %u",
@@ -138383,7 +138418,7 @@ index 794ebe8..70e7897 100644
  	print_unload_info(m, mod);
  
  	/* Informative for users. */
-@@ -3929,7 +4129,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3929,7 +4127,7 @@ static int m_show(struct seq_file *m, void *p)
  		   mod->state == MODULE_STATE_COMING ? "Loading" :
  		   "Live");
  	/* Used by oprofile and other similar tools. */
@@ -138392,7 +138427,7 @@ index 794ebe8..70e7897 100644
  
  	/* Taints info */
  	if (mod->taints)
-@@ -3965,7 +4165,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3965,7 +4163,17 @@ static const struct file_operations proc_modules_operations = {
  
  static int __init proc_modules_init(void)
  {
@@ -138410,7 +138445,7 @@ index 794ebe8..70e7897 100644
  	return 0;
  }
  module_init(proc_modules_init);
-@@ -4026,7 +4236,8 @@ struct module *__module_address(unsigned long addr)
+@@ -4026,7 +4234,8 @@ struct module *__module_address(unsigned long addr)
  {
  	struct module *mod;
  
@@ -138420,7 +138455,7 @@ index 794ebe8..70e7897 100644
  		return NULL;
  
  	module_assert_mutex_or_preempt();
-@@ -4069,11 +4280,21 @@ bool is_module_text_address(unsigned long addr)
+@@ -4069,11 +4278,21 @@ bool is_module_text_address(unsigned long addr)
   */
  struct module *__module_text_address(unsigned long addr)
  {