diff options
Diffstat (limited to '3.14.22')
| -rw-r--r-- | 3.14.22/0000_README | 2 | ||||
| -rw-r--r-- | 3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch (renamed from 3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch) | 788 |
2 files changed, 769 insertions, 21 deletions
diff --git a/3.14.22/0000_README b/3.14.22/0000_README index 9652232..de2e1c4 100644 --- a/3.14.22/0000_README +++ b/3.14.22/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.22-201410192047.patch +Patch: 4420_grsecurity-3.0-3.14.22-201410250026.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch b/3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch index 8d0df77..9bb50c5 100644 --- a/3.14.22/4420_grsecurity-3.0-3.14.22-201410192047.patch +++ b/3.14.22/4420_grsecurity-3.0-3.14.22-201410250026.patch @@ -854,6 +854,22 @@ index 98838a0..b304fb4 100644 } else if (!cause) { /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) +diff --git a/arch/arc/kernel/kgdb.c b/arch/arc/kernel/kgdb.c +index a2ff5c5..ecf6a78 100644 +--- a/arch/arc/kernel/kgdb.c ++++ b/arch/arc/kernel/kgdb.c +@@ -158,11 +158,6 @@ int kgdb_arch_handle_exception(int e_vector, int signo, int err_code, + return -1; + } + +-unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs) +-{ +- return instruction_pointer(regs); +-} +- + int kgdb_arch_init(void) + { + single_step_data.armed = 0; diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig index 4733d32..b142a40 100644 --- a/arch/arm/Kconfig @@ -9846,6 +9862,20 @@ index 370ca1e..d4f4a98 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap +diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h +index a12dbe3..0337e85 100644 +--- a/arch/sparc/include/asm/oplib_64.h ++++ b/arch/sparc/include/asm/oplib_64.h +@@ -62,7 +62,8 @@ struct linux_mem_p1275 { + /* You must call prom_init() before using any of the library services, + * preferably as early as possible. Pass it the romvec pointer. + */ +-extern void prom_init(void *cif_handler, void *cif_stack); ++void prom_init(void *cif_handler); ++void prom_init_report(void); + + /* Boot argument acquisition, returns the boot command line string. */ + extern char *prom_getbootargs(void); diff --git a/arch/sparc/include/asm/pgalloc_32.h b/arch/sparc/include/asm/pgalloc_32.h index 9b1c36d..209298b 100644 --- a/arch/sparc/include/asm/pgalloc_32.h @@ -9938,6 +9968,21 @@ index 79da178..c2eede8 100644 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \ SRMMU_DIRTY | SRMMU_REF) +diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h +index 5e35e05..b1a29e9 100644 +--- a/arch/sparc/include/asm/setup.h ++++ b/arch/sparc/include/asm/setup.h +@@ -24,6 +24,10 @@ static inline int con_is_present(void) + } + #endif + ++#ifdef CONFIG_SPARC64 ++void __init start_early_boot(void); ++#endif ++ + extern void sun_do_break(void); + extern int stop_a_enabled; + extern int scons_pwroff; diff --git a/arch/sparc/include/asm/spinlock_64.h b/arch/sparc/include/asm/spinlock_64.h index 9689176..63c18ea 100644 --- a/arch/sparc/include/asm/spinlock_64.h @@ -10227,6 +10272,108 @@ index d15cc17..d0ae796 100644 extra-y := head_$(BITS).o +diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h +index 140966f..620009d 100644 +--- a/arch/sparc/kernel/entry.h ++++ b/arch/sparc/kernel/entry.h +@@ -66,13 +66,10 @@ struct pause_patch_entry { + extern struct pause_patch_entry __pause_3insn_patch, + __pause_3insn_patch_end; + +-extern void __init per_cpu_patch(void); +-extern void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, +- struct sun4v_1insn_patch_entry *); +-extern void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, +- struct sun4v_2insn_patch_entry *); +-extern void __init sun4v_patch(void); +-extern void __init boot_cpu_id_too_large(int cpu); ++void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, ++ struct sun4v_1insn_patch_entry *); ++void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, ++ struct sun4v_2insn_patch_entry *); + extern unsigned int dcache_parity_tl1_occurred; + extern unsigned int icache_parity_tl1_occurred; + +diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S +index 452f04fe..fbea0ac 100644 +--- a/arch/sparc/kernel/head_64.S ++++ b/arch/sparc/kernel/head_64.S +@@ -660,14 +660,12 @@ tlb_fixup_done: + sethi %hi(init_thread_union), %g6 + or %g6, %lo(init_thread_union), %g6 + ldx [%g6 + TI_TASK], %g4 +- mov %sp, %l6 + + wr %g0, ASI_P, %asi + mov 1, %g1 + sllx %g1, THREAD_SHIFT, %g1 + sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1 + add %g6, %g1, %sp +- mov 0, %fp + + /* Set per-cpu pointer initially to zero, this makes + * the boot-cpu use the in-kernel-image per-cpu areas +@@ -694,44 +692,14 @@ tlb_fixup_done: + nop + #endif + +- mov %l6, %o1 ! OpenPROM stack + call prom_init + mov %l7, %o0 ! OpenPROM cif handler + +- /* Initialize current_thread_info()->cpu as early as possible. +- * In order to do that accurately we have to patch up the get_cpuid() +- * assembler sequences. And that, in turn, requires that we know +- * if we are on a Starfire box or not. While we're here, patch up +- * the sun4v sequences as well. ++ /* To create a one-register-window buffer between the kernel's ++ * initial stack and the last stack frame we use from the firmware, ++ * do the rest of the boot from a C helper function. + */ +- call check_if_starfire +- nop +- call per_cpu_patch +- nop +- call sun4v_patch +- nop +- +-#ifdef CONFIG_SMP +- call hard_smp_processor_id +- nop +- cmp %o0, NR_CPUS +- blu,pt %xcc, 1f +- nop +- call boot_cpu_id_too_large +- nop +- /* Not reached... */ +- +-1: +-#else +- mov 0, %o0 +-#endif +- sth %o0, [%g6 + TI_CPU] +- +- call prom_init_report +- nop +- +- /* Off we go.... */ +- call start_kernel ++ call start_early_boot + nop + /* Not reached... */ + +diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S +index b7ddcdd..cdbfec2 100644 +--- a/arch/sparc/kernel/hvtramp.S ++++ b/arch/sparc/kernel/hvtramp.S +@@ -109,7 +109,6 @@ hv_cpu_startup: + sllx %g5, THREAD_SHIFT, %g5 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 + add %g6, %g5, %sp +- mov 0, %fp + + call init_irqwork_curcpu + nop diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c index 510baec..9ff2607 100644 --- a/arch/sparc/kernel/process_32.c @@ -10349,6 +10496,68 @@ index c13c9f2..d572c34 100644 audit_syscall_exit(regs); if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) +diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c +index 3fdb455..949f773 100644 +--- a/arch/sparc/kernel/setup_64.c ++++ b/arch/sparc/kernel/setup_64.c +@@ -30,6 +30,7 @@ + #include <linux/cpu.h> + #include <linux/initrd.h> + #include <linux/module.h> ++#include <linux/start_kernel.h> + + #include <asm/io.h> + #include <asm/processor.h> +@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE]; + + static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 }; + +-void __init per_cpu_patch(void) ++static void __init per_cpu_patch(void) + { + struct cpuid_patch_entry *p; + unsigned long ver; +@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start, + } + } + +-void __init sun4v_patch(void) ++static void __init sun4v_patch(void) + { + extern void sun4v_hvapi_init(void); + +@@ -335,14 +336,25 @@ static void __init pause_patch(void) + } + } + +-#ifdef CONFIG_SMP +-void __init boot_cpu_id_too_large(int cpu) ++void __init start_early_boot(void) + { +- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", +- cpu, NR_CPUS); +- prom_halt(); ++ int cpu; ++ ++ check_if_starfire(); ++ per_cpu_patch(); ++ sun4v_patch(); ++ ++ cpu = hard_smp_processor_id(); ++ if (cpu >= NR_CPUS) { ++ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", ++ cpu, NR_CPUS); ++ prom_halt(); ++ } ++ current_thread_info()->cpu = cpu; ++ ++ prom_init_report(); ++ start_kernel(); + } +-#endif + + /* On Ultra, we support all of the v8 capabilities. */ + unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c index 8416d7f..f83823c 100644 --- a/arch/sparc/kernel/smp_64.c @@ -10626,6 +10835,36 @@ index 33a17e7..d87fb1f 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S +index 737f8cb..88ede1d 100644 +--- a/arch/sparc/kernel/trampoline_64.S ++++ b/arch/sparc/kernel/trampoline_64.S +@@ -109,10 +109,13 @@ startup_continue: + brnz,pn %g1, 1b + nop + +- sethi %hi(p1275buf), %g2 +- or %g2, %lo(p1275buf), %g2 +- ldx [%g2 + 0x10], %l2 +- add %l2, -(192 + 128), %sp ++ /* Get onto temporary stack which will be in the locked ++ * kernel image. ++ */ ++ sethi %hi(tramp_stack), %g1 ++ or %g1, %lo(tramp_stack), %g1 ++ add %g1, TRAMP_STACK_SIZE, %g1 ++ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp + flushw + + /* Setup the loop variables: +@@ -394,7 +397,6 @@ after_lock_tlb: + sllx %g5, THREAD_SHIFT, %g5 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 + add %g6, %g5, %sp +- mov 0, %fp + + rdpr %pstate, %o1 + or %o1, PSTATE_IE, %o1 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 6629829..036032d 100644 --- a/arch/sparc/kernel/traps_32.c @@ -11962,6 +12201,47 @@ index 4ced3fc..234f1e4 100644 /* Pure DTLB misses do not tell us whether the fault causing * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the +diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c +index 1aed043..ae6ce38 100644 +--- a/arch/sparc/mm/gup.c ++++ b/arch/sparc/mm/gup.c +@@ -160,6 +160,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end, + return 1; + } + ++int __get_user_pages_fast(unsigned long start, int nr_pages, int write, ++ struct page **pages) ++{ ++ struct mm_struct *mm = current->mm; ++ unsigned long addr, len, end; ++ unsigned long next, flags; ++ pgd_t *pgdp; ++ int nr = 0; ++ ++ start &= PAGE_MASK; ++ addr = start; ++ len = (unsigned long) nr_pages << PAGE_SHIFT; ++ end = start + len; ++ ++ local_irq_save(flags); ++ pgdp = pgd_offset(mm, addr); ++ do { ++ pgd_t pgd = *pgdp; ++ ++ next = pgd_addr_end(addr, end); ++ if (pgd_none(pgd)) ++ break; ++ if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) ++ break; ++ } while (pgdp++, addr = next, addr != end); ++ local_irq_restore(flags); ++ ++ return nr; ++} ++ + int get_user_pages_fast(unsigned long start, int nr_pages, int write, + struct page **pages) + { diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index d329537..2c3746a 100644 --- a/arch/sparc/mm/hugetlbpage.c @@ -12106,6 +12386,63 @@ index 9686224..dfbdb10 100644 #endif /* CONFIG_SMP */ #endif /* CONFIG_DEBUG_DCFLUSH */ } +diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S +index 9c86b4b..8050f38 100644 +--- a/arch/sparc/prom/cif.S ++++ b/arch/sparc/prom/cif.S +@@ -11,11 +11,10 @@ + .text + .globl prom_cif_direct + prom_cif_direct: ++ save %sp, -192, %sp + sethi %hi(p1275buf), %o1 + or %o1, %lo(p1275buf), %o1 +- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack +- save %o2, -192, %sp +- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler ++ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler + mov %g4, %l0 + mov %g5, %l1 + mov %g6, %l3 +diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c +index d95db75..110b0d7 100644 +--- a/arch/sparc/prom/init_64.c ++++ b/arch/sparc/prom/init_64.c +@@ -26,13 +26,13 @@ phandle prom_chosen_node; + * It gets passed the pointer to the PROM vector. + */ + +-extern void prom_cif_init(void *, void *); ++extern void prom_cif_init(void *); + +-void __init prom_init(void *cif_handler, void *cif_stack) ++void __init prom_init(void *cif_handler) + { + phandle node; + +- prom_cif_init(cif_handler, cif_stack); ++ prom_cif_init(cif_handler); + + prom_chosen_node = prom_finddevice(prom_chosen_path); + if (!prom_chosen_node || (s32)prom_chosen_node == -1) +diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c +index e58b817..c27c30e4 100644 +--- a/arch/sparc/prom/p1275.c ++++ b/arch/sparc/prom/p1275.c +@@ -19,7 +19,6 @@ + struct { + long prom_callback; /* 0x00 */ + void (*prom_cif_handler)(long *); /* 0x08 */ +- unsigned long prom_cif_stack; /* 0x10 */ + } p1275buf; + + extern void prom_world(int); +@@ -51,5 +50,4 @@ void p1275_cmd_direct(unsigned long *args) + void prom_cif_init(void *cif_handler, void *cif_stack) + { + p1275buf.prom_cif_handler = (void (*)(long *))cif_handler; +- p1275buf.prom_cif_stack = (unsigned long)cif_stack; + } diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index b3692ce..e4517c9 100644 --- a/arch/tile/Kconfig @@ -33139,7 +33476,7 @@ index f35c66c..84b95ef 100644 if (vma == &gate_vma) return "[vsyscall]"; diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c -index 7b179b4..6bd17777 100644 +index 7b179b49..6bd17777 100644 --- a/arch/x86/mm/iomap_32.c +++ b/arch/x86/mm/iomap_32.c @@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot) @@ -35205,6 +35542,56 @@ index 1bbedc4..eb795b5 100644 } static unsigned long __init intel_mid_calibrate_tsc(void) +diff --git a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h +index 46aa25c..59a68ed 100644 +--- a/arch/x86/platform/intel-mid/intel_mid_weak_decls.h ++++ b/arch/x86/platform/intel-mid/intel_mid_weak_decls.h +@@ -10,10 +10,9 @@ + */ + + +-/* __attribute__((weak)) makes these declarations overridable */ + /* For every CPU addition a new get_<cpuname>_ops interface needs + * to be added. + */ +-extern void *get_penwell_ops(void) __attribute__((weak)); +-extern void *get_cloverview_ops(void) __attribute__((weak)); +-extern void *get_tangier_ops(void) __attribute__((weak)); ++extern const void *get_penwell_ops(void); ++extern const void *get_cloverview_ops(void); ++extern const void *get_tangier_ops(void); +diff --git a/arch/x86/platform/intel-mid/mfld.c b/arch/x86/platform/intel-mid/mfld.c +index 23381d2..8ddc10e 100644 +--- a/arch/x86/platform/intel-mid/mfld.c ++++ b/arch/x86/platform/intel-mid/mfld.c +@@ -64,12 +64,12 @@ static void __init penwell_arch_setup(void) + pm_power_off = mfld_power_off; + } + +-void *get_penwell_ops(void) ++const void *get_penwell_ops(void) + { + return &penwell_ops; + } + +-void *get_cloverview_ops(void) ++const void *get_cloverview_ops(void) + { + return &penwell_ops; + } +diff --git a/arch/x86/platform/intel-mid/mrfl.c b/arch/x86/platform/intel-mid/mrfl.c +index aaca917..66eadbc 100644 +--- a/arch/x86/platform/intel-mid/mrfl.c ++++ b/arch/x86/platform/intel-mid/mrfl.c +@@ -97,7 +97,7 @@ static struct intel_mid_ops tangier_ops = { + .arch_setup = tangier_arch_setup, + }; + +-void *get_tangier_ops(void) ++const void *get_tangier_ops(void) + { + return &tangier_ops; + } diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c index d6ee929..3637cb5 100644 --- a/arch/x86/platform/olpc/olpc_dt.c @@ -36473,6 +36860,20 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/cts.c b/crypto/cts.c +index 042223f..133f087 100644 +--- a/crypto/cts.c ++++ b/crypto/cts.c +@@ -202,7 +202,8 @@ static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx, + /* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */ + memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn); + /* 6. Decrypt En to create Pn-1 */ +- memset(iv, 0, sizeof(iv)); ++ memzero_explicit(iv, sizeof(iv)); ++ + sg_set_buf(&sgsrc[0], s + bsize, bsize); + sg_set_buf(&sgdst[0], d, bsize); + err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize); diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c index 309d345..1632720 100644 --- a/crypto/pcrypt.c @@ -36486,6 +36887,118 @@ index 309d345..1632720 100644 if (!ret) kobject_uevent(&pinst->kobj, KOBJ_ADD); +diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c +index 4279480..7bb0474 100644 +--- a/crypto/sha1_generic.c ++++ b/crypto/sha1_generic.c +@@ -64,7 +64,7 @@ int crypto_sha1_update(struct shash_desc *desc, const u8 *data, + src = data + done; + } while (done + SHA1_BLOCK_SIZE <= len); + +- memset(temp, 0, sizeof(temp)); ++ memzero_explicit(temp, sizeof(temp)); + partial = 0; + } + memcpy(sctx->buffer + partial, src, len - done); +diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c +index 5433667..32c5e5e 100644 +--- a/crypto/sha256_generic.c ++++ b/crypto/sha256_generic.c +@@ -210,10 +210,9 @@ static void sha256_transform(u32 *state, const u8 *input) + + /* clear any sensitive info... */ + a = b = c = d = e = f = g = h = t1 = t2 = 0; +- memset(W, 0, 64 * sizeof(u32)); ++ memzero_explicit(W, 64 * sizeof(u32)); + } + +- + static int sha224_init(struct shash_desc *desc) + { + struct sha256_state *sctx = shash_desc_ctx(desc); +@@ -316,7 +315,7 @@ static int sha224_final(struct shash_desc *desc, u8 *hash) + sha256_final(desc, D); + + memcpy(hash, D, SHA224_DIGEST_SIZE); +- memset(D, 0, SHA256_DIGEST_SIZE); ++ memzero_explicit(D, SHA256_DIGEST_SIZE); + + return 0; + } +diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c +index 6ed124f..04d295a 100644 +--- a/crypto/sha512_generic.c ++++ b/crypto/sha512_generic.c +@@ -238,7 +238,7 @@ static int sha384_final(struct shash_desc *desc, u8 *hash) + sha512_final(desc, D); + + memcpy(hash, D, 48); +- memset(D, 0, 64); ++ memzero_explicit(D, 64); + + return 0; + } +diff --git a/crypto/tgr192.c b/crypto/tgr192.c +index 8740355..3c7af0d 100644 +--- a/crypto/tgr192.c ++++ b/crypto/tgr192.c +@@ -612,7 +612,7 @@ static int tgr160_final(struct shash_desc *desc, u8 * out) + + tgr192_final(desc, D); + memcpy(out, D, TGR160_DIGEST_SIZE); +- memset(D, 0, TGR192_DIGEST_SIZE); ++ memzero_explicit(D, TGR192_DIGEST_SIZE); + + return 0; + } +@@ -623,7 +623,7 @@ static int tgr128_final(struct shash_desc *desc, u8 * out) + + tgr192_final(desc, D); + memcpy(out, D, TGR128_DIGEST_SIZE); +- memset(D, 0, TGR192_DIGEST_SIZE); ++ memzero_explicit(D, TGR192_DIGEST_SIZE); + + return 0; + } +diff --git a/crypto/vmac.c b/crypto/vmac.c +index 2eb11a3..d84c24b 100644 +--- a/crypto/vmac.c ++++ b/crypto/vmac.c +@@ -613,7 +613,7 @@ static int vmac_final(struct shash_desc *pdesc, u8 *out) + } + mac = vmac(ctx->partial, ctx->partial_size, nonce, NULL, ctx); + memcpy(out, &mac, sizeof(vmac_t)); +- memset(&mac, 0, sizeof(vmac_t)); ++ memzero_explicit(&mac, sizeof(vmac_t)); + memset(&ctx->__vmac_ctx, 0, sizeof(struct vmac_ctx)); + ctx->partial_size = 0; + return 0; +diff --git a/crypto/wp512.c b/crypto/wp512.c +index 180f1d6..ec64e77 100644 +--- a/crypto/wp512.c ++++ b/crypto/wp512.c +@@ -1102,8 +1102,8 @@ static int wp384_final(struct shash_desc *desc, u8 *out) + u8 D[64]; + + wp512_final(desc, D); +- memcpy (out, D, WP384_DIGEST_SIZE); +- memset (D, 0, WP512_DIGEST_SIZE); ++ memcpy(out, D, WP384_DIGEST_SIZE); ++ memzero_explicit(D, WP512_DIGEST_SIZE); + + return 0; + } +@@ -1113,8 +1113,8 @@ static int wp256_final(struct shash_desc *desc, u8 *out) + u8 D[64]; + + wp512_final(desc, D); +- memcpy (out, D, WP256_DIGEST_SIZE); +- memset (D, 0, WP512_DIGEST_SIZE); ++ memcpy(out, D, WP256_DIGEST_SIZE); ++ memzero_explicit(D, WP512_DIGEST_SIZE); + + return 0; + } diff --git a/drivers/acpi/acpica/hwxfsleep.c b/drivers/acpi/acpica/hwxfsleep.c index 15dddc1..b61cf0c 100644 --- a/drivers/acpi/acpica/hwxfsleep.c @@ -39176,7 +39689,7 @@ index 8320abd..ec48108 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 429b75b..de805d0 100644 +index 429b75b..58488cc 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -284,9 +284,6 @@ @@ -39222,6 +39735,35 @@ index 429b75b..de805d0 100644 unsigned int add = ((pool_size - entropy_count)*anfrac*3) >> s; +@@ -1063,8 +1060,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out) + * pool while mixing, and hash one final time. + */ + sha_transform(hash.w, extract, workspace); +- memset(extract, 0, sizeof(extract)); +- memset(workspace, 0, sizeof(workspace)); ++ memzero_explicit(extract, sizeof(extract)); ++ memzero_explicit(workspace, sizeof(workspace)); + + /* + * In case the hash function has some recognizable output +@@ -1076,7 +1073,7 @@ static void extract_buf(struct entropy_store *r, __u8 *out) + hash.w[2] ^= rol32(hash.w[2], 16); + + memcpy(out, &hash, EXTRACT_SIZE); +- memset(&hash, 0, sizeof(hash)); ++ memzero_explicit(&hash, sizeof(hash)); + } + + static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -1124,7 +1121,7 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, + } + + /* Wipe data just returned from memory */ +- memset(tmp, 0, sizeof(tmp)); ++ memzero_explicit(tmp, sizeof(tmp)); + + return ret; + } @@ -1151,7 +1148,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); @@ -39231,6 +39773,15 @@ index 429b75b..de805d0 100644 ret = -EFAULT; break; } +@@ -1162,7 +1159,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, + } + + /* Wipe data just returned from memory */ +- memset(tmp, 0, sizeof(tmp)); ++ memzero_explicit(tmp, sizeof(tmp)); + + return ret; + } @@ -1507,7 +1504,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> @@ -64708,7 +65259,7 @@ index 2183fcf..3c32a98 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index baf3464..6873520 100644 +index baf3464..5b394ec 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -64846,14 +65397,22 @@ index baf3464..6873520 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -581,6 +649,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -581,6 +649,21 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR +int proc_pid_ipaddr(struct task_struct *task, char *buffer) +{ -+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip); ++ unsigned long flags; ++ u32 curr_ip = 0; ++ ++ if (lock_task_sighand(task, &flags)) { ++ curr_ip = task->signal->curr_ip; ++ unlock_task_sighand(task, &flags); ++ } ++ ++ return sprintf(buffer, "%pI4\n", &curr_ip); +} +#endif + @@ -77402,7 +77961,7 @@ index 0000000..3860c7e +} diff --git a/grsecurity/grsec_sock.c b/grsecurity/grsec_sock.c new file mode 100644 -index 0000000..c0aef3a +index 0000000..e3650b6 --- /dev/null +++ b/grsecurity/grsec_sock.c @@ -0,0 +1,244 @@ @@ -77529,10 +78088,10 @@ index 0000000..c0aef3a + +#endif + -+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet) ++void gr_update_task_in_ip_table(const struct inet_sock *inet) +{ +#ifdef CONFIG_GRKERNSEC -+ struct signal_struct *sig = task->signal; ++ struct signal_struct *sig = current->signal; + struct conn_table_entry *newent; + + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC); @@ -79383,6 +79942,19 @@ index 939533d..cf0a57c 100644 /** * struct clk_init_data - holds init data that's common to all clocks and is +diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h +index 67301a4..879065d 100644 +--- a/include/linux/clocksource.h ++++ b/include/linux/clocksource.h +@@ -289,7 +289,7 @@ extern struct clocksource* clocksource_get_next(void); + extern void clocksource_change_rating(struct clocksource *cs, int rating); + extern void clocksource_suspend(void); + extern void clocksource_resume(void); +-extern struct clocksource * __init __weak clocksource_default_clock(void); ++extern struct clocksource * __init clocksource_default_clock(void); + extern void clocksource_mark_unstable(struct clocksource *cs); + + extern u64 diff --git a/include/linux/compat.h b/include/linux/compat.h index 3f448c6..df3ce1d 100644 --- a/include/linux/compat.h @@ -79717,6 +80289,32 @@ index d08e4d2..95fad61 100644 int cpumask_any_but(const struct cpumask *mask, unsigned int cpu); /** +diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h +index 7032518..60023e5 100644 +--- a/include/linux/crash_dump.h ++++ b/include/linux/crash_dump.h +@@ -14,14 +14,13 @@ + extern unsigned long long elfcorehdr_addr; + extern unsigned long long elfcorehdr_size; + +-extern int __weak elfcorehdr_alloc(unsigned long long *addr, +- unsigned long long *size); +-extern void __weak elfcorehdr_free(unsigned long long addr); +-extern ssize_t __weak elfcorehdr_read(char *buf, size_t count, u64 *ppos); +-extern ssize_t __weak elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); +-extern int __weak remap_oldmem_pfn_range(struct vm_area_struct *vma, +- unsigned long from, unsigned long pfn, +- unsigned long size, pgprot_t prot); ++extern int elfcorehdr_alloc(unsigned long long *addr, unsigned long long *size); ++extern void elfcorehdr_free(unsigned long long addr); ++extern ssize_t elfcorehdr_read(char *buf, size_t count, u64 *ppos); ++extern ssize_t elfcorehdr_read_notes(char *buf, size_t count, u64 *ppos); ++extern int remap_oldmem_pfn_range(struct vm_area_struct *vma, ++ unsigned long from, unsigned long pfn, ++ unsigned long size, pgprot_t prot); + + extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, + unsigned long, int); diff --git a/include/linux/cred.h b/include/linux/cred.h index 04421e8..a85afd4 100644 --- a/include/linux/cred.h @@ -81917,7 +82515,7 @@ index a74c3a8..28d3f21 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index 6b06d37..c134867 100644 +index 6b06d37..19f605f 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -52,7 +52,7 @@ extern int kgdb_connected; @@ -81938,7 +82536,7 @@ index 6b06d37..c134867 100644 /** * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. -@@ -279,7 +279,7 @@ struct kgdb_io { +@@ -279,11 +279,11 @@ struct kgdb_io { void (*pre_exception) (void); void (*post_exception) (void); int is_console; @@ -81947,6 +82545,11 @@ index 6b06d37..c134867 100644 extern struct kgdb_arch arch_kgdb_ops; +-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); ++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); + + #ifdef CONFIG_SERIAL_KGDB_NMI + extern int kgdb_register_nmi_console(void); diff --git a/include/linux/kmod.h b/include/linux/kmod.h index 0555cc6..40116ce 100644 --- a/include/linux/kmod.h @@ -82196,6 +82799,19 @@ index c45c089..298841c 100644 { u32 remainder; return div_u64_rem(dividend, divisor, &remainder); +diff --git a/include/linux/memory.h b/include/linux/memory.h +index bb7384e..8b8d8d1 100644 +--- a/include/linux/memory.h ++++ b/include/linux/memory.h +@@ -35,7 +35,7 @@ struct memory_block { + }; + + int arch_get_memory_phys_device(unsigned long start_pfn); +-unsigned long __weak memory_block_size_bytes(void); ++unsigned long memory_block_size_bytes(void); + + /* These states are exposed to userspace as text strings in sysfs */ + #define MEM_ONLINE (1<<0) /* exposed to userspace */ diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h index 5bba088..7ad4ae7 100644 --- a/include/linux/mempolicy.h @@ -84304,6 +84920,29 @@ index 680f9a3..f13aeb0 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; +diff --git a/include/linux/string.h b/include/linux/string.h +index ac889c5..0ed878d 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -129,7 +129,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4); + #endif + + extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, +- const void *from, size_t available); ++ const void *from, size_t available); + + /** + * strstarts - does @str start with @prefix? +@@ -141,7 +141,8 @@ static inline bool strstarts(const char *str, const char *prefix) + return strncmp(str, prefix, strlen(prefix)) == 0; + } + +-extern size_t memweight(const void *ptr, size_t bytes); ++size_t memweight(const void *ptr, size_t bytes); ++void memzero_explicit(void *s, size_t count); + + /** + * kbasename - return the last part of a pathname. diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h index 07d8e53..dc934c9 100644 --- a/include/linux/sunrpc/addr.h @@ -93941,10 +94580,33 @@ index 0922579..9d7adb9 100644 #endif } diff --git a/lib/string.c b/lib/string.c -index e5878de..315fad2 100644 +index e5878de..64941b2 100644 --- a/lib/string.c +++ b/lib/string.c -@@ -789,9 +789,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) +@@ -586,6 +586,22 @@ void *memset(void *s, int c, size_t count) + EXPORT_SYMBOL(memset); + #endif + ++/** ++ * memzero_explicit - Fill a region of memory (e.g. sensitive ++ * keying data) with 0s. ++ * @s: Pointer to the start of the area. ++ * @count: The size of the area. ++ * ++ * memzero_explicit() doesn't need an arch-specific version as ++ * it just invokes the one of memset() implicitly. ++ */ ++void memzero_explicit(void *s, size_t count) ++{ ++ memset(s, 0, count); ++ OPTIMIZER_HIDE_VAR(s); ++} ++EXPORT_SYMBOL(memzero_explicit); ++ + #ifndef __HAVE_ARCH_MEMCPY + /** + * memcpy - Copy one area of memory to another +@@ -789,9 +805,9 @@ void *memchr_inv(const void *start, int c, size_t bytes) return check_bytes8(start, value, bytes); value64 = value; @@ -94697,7 +95359,7 @@ index 33365e9..2234ef9 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 492e36f..3771c0a 100644 +index 492e36f..55613ed 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -403,6 +403,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -94734,6 +95396,19 @@ index 492e36f..3771c0a 100644 } /* +@@ -679,10 +685,10 @@ static void print_bad_pte(struct vm_area_struct *vma, unsigned long addr, + * Choose text because data symbols depend on CONFIG_KALLSYMS_ALL=y + */ + if (vma->vm_ops) +- printk(KERN_ALERT "vma->vm_ops->fault: %pSR\n", ++ printk(KERN_ALERT "vma->vm_ops->fault: %pAR\n", + vma->vm_ops->fault); + if (vma->vm_file) +- printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pSR\n", ++ printk(KERN_ALERT "vma->vm_file->f_op->mmap: %pAR\n", + vma->vm_file->f_op->mmap); + dump_stack(); + add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE); @@ -1636,12 +1642,6 @@ no_page_table: return page; } @@ -100952,7 +101627,7 @@ index 0d1e2cb..4501a2c 100644 void inet_get_local_port_range(struct net *net, int *low, int *high) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 8b9cf27..0d8d592 100644 +index 8b9cf27..9c17cab 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,6 +18,7 @@ @@ -100967,7 +101642,7 @@ index 8b9cf27..0d8d592 100644 return inet_ehashfn(net, laddr, lport, faddr, fport); } -+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet); ++extern void gr_update_task_in_ip_table(const struct inet_sock *inet); + /* * Allocate and initialize a new local port bind bucket. @@ -100976,7 +101651,7 @@ index 8b9cf27..0d8d592 100644 twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); -+ gr_update_task_in_ip_table(current, inet_sk(sk)); ++ gr_update_task_in_ip_table(inet_sk(sk)); + if (tw) { inet_twsk_deschedule(tw, death_row); @@ -102786,10 +103461,45 @@ index 20b63d2..31a777d 100644 kfree_skb(skb); diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index 5f8e128..865d38e 100644 +index 5f8e128..d32ac8c 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c -@@ -212,11 +212,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) +@@ -170,8 +170,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + case IPPROTO_DCCP: + if (!onlyproto && (nh + offset + 4 < skb->data || + pskb_may_pull(skb, nh + offset + 4 - skb->data))) { +- __be16 *ports = (__be16 *)exthdr; ++ __be16 *ports; + ++ nh = skb_network_header(skb); ++ ports = (__be16 *)(nh + offset); + fl6->fl6_sport = ports[!!reverse]; + fl6->fl6_dport = ports[!reverse]; + } +@@ -180,8 +182,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + + case IPPROTO_ICMPV6: + if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) { +- u8 *icmp = (u8 *)exthdr; ++ u8 *icmp; + ++ nh = skb_network_header(skb); ++ icmp = (u8 *)(nh + offset); + fl6->fl6_icmp_type = icmp[0]; + fl6->fl6_icmp_code = icmp[1]; + } +@@ -192,8 +196,9 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + case IPPROTO_MH: + if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) { + struct ip6_mh *mh; +- mh = (struct ip6_mh *)exthdr; + ++ nh = skb_network_header(skb); ++ mh = (struct ip6_mh *)(nh + offset); + fl6->fl6_mh_type = mh->ip6mh_type; + } + fl6->flowi6_proto = nexthdr; +@@ -212,11 +217,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) } } @@ -102803,7 +103513,7 @@ index 5f8e128..865d38e 100644 return dst_entries_get_fast(ops) > ops->gc_thresh * 2; } -@@ -329,19 +329,19 @@ static struct ctl_table xfrm6_policy_table[] = { +@@ -329,19 +334,19 @@ static struct ctl_table xfrm6_policy_table[] = { static int __net_init xfrm6_net_init(struct net *net) { @@ -102828,7 +103538,7 @@ index 5f8e128..865d38e 100644 if (!hdr) goto err_reg; -@@ -349,8 +349,7 @@ static int __net_init xfrm6_net_init(struct net *net) +@@ -349,8 +354,7 @@ static int __net_init xfrm6_net_init(struct net *net) return 0; err_reg: @@ -123835,6 +124545,44 @@ index 0a578fe..b81f62d 100644 0; \ }) +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index 714b949..1f0dc1e 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm, + gfn_t base_gfn, unsigned long npages); + + static pfn_t kvm_pin_pages(struct kvm_memory_slot *slot, gfn_t gfn, +- unsigned long size) ++ unsigned long npages) + { + gfn_t end_gfn; + pfn_t pfn; + + pfn = gfn_to_pfn_memslot(slot, gfn); +- end_gfn = gfn + (size >> PAGE_SHIFT); ++ end_gfn = gfn + npages; + gfn += 1; + + if (is_error_noslot_pfn(pfn)) +@@ -119,7 +119,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + * Pin all pages we are about to map in memory. This is + * important because we unmap and unpin in 4kb steps later. + */ +- pfn = kvm_pin_pages(slot, gfn, page_size); ++ pfn = kvm_pin_pages(slot, gfn, page_size >> PAGE_SHIFT); + if (is_error_noslot_pfn(pfn)) { + gfn += 1; + continue; +@@ -131,7 +131,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + if (r) { + printk(KERN_ERR "kvm_iommu_map_address:" + "iommu failed to map pfn=%llx\n", pfn); +- kvm_unpin_pages(kvm, pfn, page_size); ++ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT); + goto unmap_pages; + } + diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 03a0381..8b31923 100644 --- a/virt/kvm/kvm_main.c |