diff options
Diffstat (limited to '3.2.63')
-rw-r--r-- | 3.2.63/0000_README | 2 | ||||
-rw-r--r-- | 3.2.63/4420_grsecurity-3.0-3.2.63-201410250023.patch (renamed from 3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch) | 653 |
2 files changed, 631 insertions, 24 deletions
diff --git a/3.2.63/0000_README b/3.2.63/0000_README index 860a604..5a21a10 100644 --- a/3.2.63/0000_README +++ b/3.2.63/0000_README @@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch From: http://www.kernel.org Desc: Linux 3.2.63 -Patch: 4420_grsecurity-3.0-3.2.63-201410201736.patch +Patch: 4420_grsecurity-3.0-3.2.63-201410250023.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201410250023.patch index 045f3ce..02b9ab1 100644 --- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410201736.patch +++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201410250023.patch @@ -7226,6 +7226,20 @@ index 7df8b7f..4946269 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap +diff --git a/arch/sparc/include/asm/oplib_64.h b/arch/sparc/include/asm/oplib_64.h +index 97a9047..290b0cd 100644 +--- a/arch/sparc/include/asm/oplib_64.h ++++ b/arch/sparc/include/asm/oplib_64.h +@@ -62,7 +62,8 @@ struct linux_mem_p1275 { + /* You must call prom_init() before using any of the library services, + * preferably as early as possible. Pass it the romvec pointer. + */ +-extern void prom_init(void *cif_handler, void *cif_stack); ++void prom_init(void *cif_handler); ++void prom_init_report(void); + + /* Boot argument acquisition, returns the boot command line string. */ + extern char *prom_getbootargs(void); diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/page_32.h index 156707b..aefa786 100644 --- a/arch/sparc/include/asm/page_32.h @@ -7329,6 +7343,21 @@ index f6ae2b2..b03ffc7 100644 #define SRMMU_PAGE_KERNEL __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \ SRMMU_DIRTY | SRMMU_REF) +diff --git a/arch/sparc/include/asm/setup.h b/arch/sparc/include/asm/setup.h +index 64718ba..a7e4178 100644 +--- a/arch/sparc/include/asm/setup.h ++++ b/arch/sparc/include/asm/setup.h +@@ -21,6 +21,10 @@ extern unsigned char boot_cpu_id; + extern unsigned char boot_cpu_id4; + #endif + ++#ifdef CONFIG_SPARC64 ++void __init start_early_boot(void); ++#endif ++ + #endif /* __KERNEL__ */ + + #endif /* _SPARC_SETUP_H */ diff --git a/arch/sparc/include/asm/spinlock_64.h b/arch/sparc/include/asm/spinlock_64.h index 9689176..63c18ea 100644 --- a/arch/sparc/include/asm/spinlock_64.h @@ -7655,6 +7684,108 @@ index 27728e1..0010e923 100644 memset(&pkt, 0, sizeof(pkt)); pkt.header.data.tag.type = DS_DATA; pkt.header.data.handle = cp->handle; +diff --git a/arch/sparc/kernel/entry.h b/arch/sparc/kernel/entry.h +index 0c218e4..f8125bc 100644 +--- a/arch/sparc/kernel/entry.h ++++ b/arch/sparc/kernel/entry.h +@@ -59,13 +59,10 @@ struct popc_6insn_patch_entry { + extern struct popc_6insn_patch_entry __popc_6insn_patch, + __popc_6insn_patch_end; + +-extern void __init per_cpu_patch(void); +-extern void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, +- struct sun4v_1insn_patch_entry *); +-extern void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, +- struct sun4v_2insn_patch_entry *); +-extern void __init sun4v_patch(void); +-extern void __init boot_cpu_id_too_large(int cpu); ++void sun4v_patch_1insn_range(struct sun4v_1insn_patch_entry *, ++ struct sun4v_1insn_patch_entry *); ++void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *, ++ struct sun4v_2insn_patch_entry *); + extern unsigned int dcache_parity_tl1_occurred; + extern unsigned int icache_parity_tl1_occurred; + +diff --git a/arch/sparc/kernel/head_64.S b/arch/sparc/kernel/head_64.S +index 0d810c2..fec9fd6 100644 +--- a/arch/sparc/kernel/head_64.S ++++ b/arch/sparc/kernel/head_64.S +@@ -629,14 +629,12 @@ tlb_fixup_done: + sethi %hi(init_thread_union), %g6 + or %g6, %lo(init_thread_union), %g6 + ldx [%g6 + TI_TASK], %g4 +- mov %sp, %l6 + + wr %g0, ASI_P, %asi + mov 1, %g1 + sllx %g1, THREAD_SHIFT, %g1 + sub %g1, (STACKFRAME_SZ + STACK_BIAS), %g1 + add %g6, %g1, %sp +- mov 0, %fp + + /* Set per-cpu pointer initially to zero, this makes + * the boot-cpu use the in-kernel-image per-cpu areas +@@ -663,44 +661,14 @@ tlb_fixup_done: + nop + #endif + +- mov %l6, %o1 ! OpenPROM stack + call prom_init + mov %l7, %o0 ! OpenPROM cif handler + +- /* Initialize current_thread_info()->cpu as early as possible. +- * In order to do that accurately we have to patch up the get_cpuid() +- * assembler sequences. And that, in turn, requires that we know +- * if we are on a Starfire box or not. While we're here, patch up +- * the sun4v sequences as well. ++ /* To create a one-register-window buffer between the kernel's ++ * initial stack and the last stack frame we use from the firmware, ++ * do the rest of the boot from a C helper function. + */ +- call check_if_starfire +- nop +- call per_cpu_patch +- nop +- call sun4v_patch +- nop +- +-#ifdef CONFIG_SMP +- call hard_smp_processor_id +- nop +- cmp %o0, NR_CPUS +- blu,pt %xcc, 1f +- nop +- call boot_cpu_id_too_large +- nop +- /* Not reached... */ +- +-1: +-#else +- mov 0, %o0 +-#endif +- sth %o0, [%g6 + TI_CPU] +- +- call prom_init_report +- nop +- +- /* Off we go.... */ +- call start_kernel ++ call start_early_boot + nop + /* Not reached... */ + +diff --git a/arch/sparc/kernel/hvtramp.S b/arch/sparc/kernel/hvtramp.S +index 9365432..b69d224 100644 +--- a/arch/sparc/kernel/hvtramp.S ++++ b/arch/sparc/kernel/hvtramp.S +@@ -111,7 +111,6 @@ hv_cpu_startup: + sllx %g5, THREAD_SHIFT, %g5 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 + add %g6, %g5, %sp +- mov 0, %fp + + call init_irqwork_curcpu + nop diff --git a/arch/sparc/kernel/leon_kernel.c b/arch/sparc/kernel/leon_kernel.c index a19c8a0..d04a60b 100644 --- a/arch/sparc/kernel/leon_kernel.c @@ -7805,6 +7936,68 @@ index 96ee50a..68ce124 100644 #ifdef CONFIG_AUDITSYSCALL if (unlikely(current->audit_context)) { unsigned long tstate = regs->tstate; +diff --git a/arch/sparc/kernel/setup_64.c b/arch/sparc/kernel/setup_64.c +index a854a1c..52488a5 100644 +--- a/arch/sparc/kernel/setup_64.c ++++ b/arch/sparc/kernel/setup_64.c +@@ -30,6 +30,7 @@ + #include <linux/cpu.h> + #include <linux/initrd.h> + #include <linux/module.h> ++#include <linux/start_kernel.h> + + #include <asm/system.h> + #include <asm/io.h> +@@ -174,7 +175,7 @@ char reboot_command[COMMAND_LINE_SIZE]; + + static struct pt_regs fake_swapper_regs = { { 0, }, 0, 0, 0, 0 }; + +-void __init per_cpu_patch(void) ++static void __init per_cpu_patch(void) + { + struct cpuid_patch_entry *p; + unsigned long ver; +@@ -266,7 +267,7 @@ void sun4v_patch_2insn_range(struct sun4v_2insn_patch_entry *start, + } + } + +-void __init sun4v_patch(void) ++static void __init sun4v_patch(void) + { + extern void sun4v_hvapi_init(void); + +@@ -316,14 +317,25 @@ static void __init popc_patch(void) + } + } + +-#ifdef CONFIG_SMP +-void __init boot_cpu_id_too_large(int cpu) ++void __init start_early_boot(void) + { +- prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", +- cpu, NR_CPUS); +- prom_halt(); ++ int cpu; ++ ++ check_if_starfire(); ++ per_cpu_patch(); ++ sun4v_patch(); ++ ++ cpu = hard_smp_processor_id(); ++ if (cpu >= NR_CPUS) { ++ prom_printf("Serious problem, boot cpu id (%d) >= NR_CPUS (%d)\n", ++ cpu, NR_CPUS); ++ prom_halt(); ++ } ++ current_thread_info()->cpu = cpu; ++ ++ prom_init_report(); ++ start_kernel(); + } +-#endif + + /* On Ultra, we support all of the v8 capabilities. */ + unsigned long sparc64_elf_hwcap = (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c index ffd1245..948b0b7 100644 --- a/arch/sparc/kernel/smp_64.c @@ -8134,6 +8327,36 @@ index 7408201..b349841 100644 .notifier_call = sysfs_cpu_notify, }; +diff --git a/arch/sparc/kernel/trampoline_64.S b/arch/sparc/kernel/trampoline_64.S +index 8fa84a3..3fc8ad5 100644 +--- a/arch/sparc/kernel/trampoline_64.S ++++ b/arch/sparc/kernel/trampoline_64.S +@@ -112,10 +112,13 @@ startup_continue: + brnz,pn %g1, 1b + nop + +- sethi %hi(p1275buf), %g2 +- or %g2, %lo(p1275buf), %g2 +- ldx [%g2 + 0x10], %l2 +- add %l2, -(192 + 128), %sp ++ /* Get onto temporary stack which will be in the locked ++ * kernel image. ++ */ ++ sethi %hi(tramp_stack), %g1 ++ or %g1, %lo(tramp_stack), %g1 ++ add %g1, TRAMP_STACK_SIZE, %g1 ++ sub %g1, STACKFRAME_SZ + STACK_BIAS + 256, %sp + flushw + + /* Setup the loop variables: +@@ -397,7 +400,6 @@ after_lock_tlb: + sllx %g5, THREAD_SHIFT, %g5 + sub %g5, (STACKFRAME_SZ + STACK_BIAS), %g5 + add %g6, %g5, %sp +- mov 0, %fp + + rdpr %pstate, %o1 + or %o1, PSTATE_IE, %o1 diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c @@ -9603,6 +9826,47 @@ index 2c0b966..00bf94e 100644 /* Pure DTLB misses do not tell us whether the fault causing * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the +diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c +index 42c55df..20da942 100644 +--- a/arch/sparc/mm/gup.c ++++ b/arch/sparc/mm/gup.c +@@ -106,6 +106,36 @@ static int gup_pud_range(pgd_t pgd, unsigned long addr, unsigned long end, + return 1; + } + ++int __get_user_pages_fast(unsigned long start, int nr_pages, int write, ++ struct page **pages) ++{ ++ struct mm_struct *mm = current->mm; ++ unsigned long addr, len, end; ++ unsigned long next, flags; ++ pgd_t *pgdp; ++ int nr = 0; ++ ++ start &= PAGE_MASK; ++ addr = start; ++ len = (unsigned long) nr_pages << PAGE_SHIFT; ++ end = start + len; ++ ++ local_irq_save(flags); ++ pgdp = pgd_offset(mm, addr); ++ do { ++ pgd_t pgd = *pgdp; ++ ++ next = pgd_addr_end(addr, end); ++ if (pgd_none(pgd)) ++ break; ++ if (!gup_pud_range(pgd, addr, next, write, pages, &nr)) ++ break; ++ } while (pgdp++, addr = next, addr != end); ++ local_irq_restore(flags); ++ ++ return nr; ++} ++ + int get_user_pages_fast(unsigned long start, int nr_pages, int write, + struct page **pages) + { diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c index 07e1453..ae6e02e 100644 --- a/arch/sparc/mm/hugetlbpage.c @@ -9803,6 +10067,63 @@ index cbef74e..c38fead 100644 BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL)); page_kernel = pgprot_val(SRMMU_PAGE_KERNEL); +diff --git a/arch/sparc/prom/cif.S b/arch/sparc/prom/cif.S +index 9c86b4b..8050f38 100644 +--- a/arch/sparc/prom/cif.S ++++ b/arch/sparc/prom/cif.S +@@ -11,11 +11,10 @@ + .text + .globl prom_cif_direct + prom_cif_direct: ++ save %sp, -192, %sp + sethi %hi(p1275buf), %o1 + or %o1, %lo(p1275buf), %o1 +- ldx [%o1 + 0x0010], %o2 ! prom_cif_stack +- save %o2, -192, %sp +- ldx [%i1 + 0x0008], %l2 ! prom_cif_handler ++ ldx [%o1 + 0x0008], %l2 ! prom_cif_handler + mov %g4, %l0 + mov %g5, %l1 + mov %g6, %l3 +diff --git a/arch/sparc/prom/init_64.c b/arch/sparc/prom/init_64.c +index 5016c5e..ffb1cc5 100644 +--- a/arch/sparc/prom/init_64.c ++++ b/arch/sparc/prom/init_64.c +@@ -26,13 +26,13 @@ phandle prom_chosen_node; + * failure. It gets passed the pointer to the PROM vector. + */ + +-extern void prom_cif_init(void *, void *); ++extern void prom_cif_init(void *); + +-void __init prom_init(void *cif_handler, void *cif_stack) ++void __init prom_init(void *cif_handler) + { + phandle node; + +- prom_cif_init(cif_handler, cif_stack); ++ prom_cif_init(cif_handler); + + prom_chosen_node = prom_finddevice(prom_chosen_path); + if (!prom_chosen_node || (s32)prom_chosen_node == -1) +diff --git a/arch/sparc/prom/p1275.c b/arch/sparc/prom/p1275.c +index d9850c2..5bbbc23 100644 +--- a/arch/sparc/prom/p1275.c ++++ b/arch/sparc/prom/p1275.c +@@ -21,7 +21,6 @@ + struct { + long prom_callback; /* 0x00 */ + void (*prom_cif_handler)(long *); /* 0x08 */ +- unsigned long prom_cif_stack; /* 0x10 */ + } p1275buf; + + extern void prom_world(int); +@@ -53,5 +52,4 @@ void p1275_cmd_direct(unsigned long *args) + void prom_cif_init(void *cif_handler, void *cif_stack) + { + p1275buf.prom_cif_handler = (void (*)(long *))cif_handler; +- p1275buf.prom_cif_stack = (unsigned long)cif_stack; + } diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index 6cb8319..ee12bac 100644 --- a/arch/tile/Kconfig @@ -29346,7 +29667,7 @@ index 44b93da..5a0b3ee 100644 if (vma == &gate_vma) return "[vsyscall]"; diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c -index 7b179b4..6bd17777 100644 +index 7b179b49..6bd17777 100644 --- a/arch/x86/mm/iomap_32.c +++ b/arch/x86/mm/iomap_32.c @@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot) @@ -32205,6 +32526,18 @@ index 1366a89..88178fe 100644 .notifier_call = blk_cpu_notify, }; +diff --git a/block/blk-throttle.c b/block/blk-throttle.c +index 5eed6a7..0e8abe9 100644 +--- a/block/blk-throttle.c ++++ b/block/blk-throttle.c +@@ -361,6 +361,7 @@ static struct throtl_grp * throtl_get_tg(struct throtl_data *td) + /* Group allocation failed. Account the IO to root group */ + if (!tg) { + tg = td->root_tg; ++ rcu_read_unlock(); + return tg; + } + diff --git a/block/bsg.c b/block/bsg.c index c0ab25c..9d49f8f 100644 --- a/block/bsg.c @@ -32491,6 +32824,26 @@ index 5d41894..22021e4 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); +diff --git a/drivers/acpi/atomicio.c b/drivers/acpi/atomicio.c +index cfc0cc1..61fdbaa 100644 +--- a/drivers/acpi/atomicio.c ++++ b/drivers/acpi/atomicio.c +@@ -286,6 +286,7 @@ static int acpi_atomic_read_mem(u64 paddr, u64 *val, u32 width) + break; + #endif + default: ++ rcu_read_unlock(); + return -EINVAL; + } + rcu_read_unlock(); +@@ -315,6 +316,7 @@ static int acpi_atomic_write_mem(u64 paddr, u64 val, u32 width) + break; + #endif + default: ++ rcu_read_unlock(); + return -EINVAL; + } + rcu_read_unlock(); diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c index cb96296..b81293b 100644 --- a/drivers/acpi/blacklist.c @@ -35152,7 +35505,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index c244f0e..a86bc96 100644 +index c244f0e..2b94e16 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -255,10 +255,8 @@ @@ -36081,6 +36434,17 @@ index c244f0e..a86bc96 100644 spin_lock_irqsave(&r->lock, flags); for (i = 0; i < r->poolinfo->poolwords; i += 16) sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); +@@ -954,8 +1056,8 @@ static void extract_buf(struct entropy_store *r, __u8 *out) + * pool while mixing, and hash one final time. + */ + sha_transform(hash.w, extract, workspace); +- memset(extract, 0, sizeof(extract)); +- memset(workspace, 0, sizeof(workspace)); ++ memzero_explicit(extract, sizeof(extract)); ++ memzero_explicit(workspace, sizeof(workspace)); + + /* + * In case the hash function has some recognizable output @@ -966,27 +1068,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) hash.w[1] ^= hash.w[4]; hash.w[2] ^= rol32(hash.w[2], 16); @@ -36097,7 +36461,8 @@ index c244f0e..a86bc96 100644 - } - memcpy(out, &hash, EXTRACT_SIZE); - memset(&hash, 0, sizeof(hash)); +- memset(&hash, 0, sizeof(hash)); ++ memzero_explicit(&hash, sizeof(hash)); } +/* @@ -36145,7 +36510,13 @@ index c244f0e..a86bc96 100644 spin_lock_irqsave(&r->lock, flags); if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) panic("Hardware RNG duplicated output!\n"); -@@ -1015,12 +1131,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, +@@ -1010,17 +1126,22 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, + } + + /* Wipe data just returned from memory */ +- memset(tmp, 0, sizeof(tmp)); ++ memzero_explicit(tmp, sizeof(tmp)); + return ret; } @@ -36172,6 +36543,15 @@ index c244f0e..a86bc96 100644 ret = -EFAULT; break; } +@@ -1047,7 +1168,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, + } + + /* Wipe data just returned from memory */ +- memset(tmp, 0, sizeof(tmp)); ++ memzero_explicit(tmp, sizeof(tmp)); + + return ret; + } @@ -1055,11 +1176,20 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, /* * This function is the exported kernel interface. It returns some @@ -62880,7 +63260,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 439b5a1..61db155 100644 +index 439b5a1..5dec96d 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -63005,7 +63385,7 @@ index 439b5a1..61db155 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -544,3 +608,10 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -544,3 +608,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -63013,7 +63393,15 @@ index 439b5a1..61db155 100644 +#ifdef CONFIG_GRKERNSEC_PROC_IPADDR +int proc_pid_ipaddr(struct task_struct *task, char *buffer) +{ -+ return sprintf(buffer, "%pI4\n", &task->signal->curr_ip); ++ unsigned long flags; ++ u32 curr_ip = 0; ++ ++ if (lock_task_sighand(task, &flags)) { ++ curr_ip = task->signal->curr_ip; ++ unlock_task_sighand(task, &flags); ++ } ++ ++ return sprintf(buffer, "%pI4\n", &curr_ip); +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c @@ -76102,7 +76490,7 @@ index 0000000..c6a07aa +} diff --git a/grsecurity/grsec_sock.c b/grsecurity/grsec_sock.c new file mode 100644 -index 0000000..c0aef3a +index 0000000..e3650b6 --- /dev/null +++ b/grsecurity/grsec_sock.c @@ -0,0 +1,244 @@ @@ -76229,10 +76617,10 @@ index 0000000..c0aef3a + +#endif + -+void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet) ++void gr_update_task_in_ip_table(const struct inet_sock *inet) +{ +#ifdef CONFIG_GRKERNSEC -+ struct signal_struct *sig = task->signal; ++ struct signal_struct *sig = current->signal; + struct conn_table_entry *newent; + + newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC); @@ -78223,6 +78611,19 @@ index 04ffb2e..6799180 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); +diff --git a/include/linux/clocksource.h b/include/linux/clocksource.h +index 081147d..da89543 100644 +--- a/include/linux/clocksource.h ++++ b/include/linux/clocksource.h +@@ -284,7 +284,7 @@ extern struct clocksource* clocksource_get_next(void); + extern void clocksource_change_rating(struct clocksource *cs, int rating); + extern void clocksource_suspend(void); + extern void clocksource_resume(void); +-extern struct clocksource * __init __weak clocksource_default_clock(void); ++extern struct clocksource * __init clocksource_default_clock(void); + extern void clocksource_mark_unstable(struct clocksource *cs); + + extern void diff --git a/include/linux/compat.h b/include/linux/compat.h index d42bd48..554dcd5 100644 --- a/include/linux/compat.h @@ -78245,6 +78646,20 @@ index d42bd48..554dcd5 100644 /* * epoll (fs/eventpoll.c) compat bits follow ... +diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h +index 5633053..9ac1a7a 100644 +--- a/include/linux/compiler-gcc.h ++++ b/include/linux/compiler-gcc.h +@@ -37,6 +37,9 @@ + __asm__ ("" : "=r"(__ptr) : "0"(ptr)); \ + (typeof(ptr)) (__ptr + (off)); }) + ++/* Make the optimizer believe the variable can be manipulated arbitrarily. */ ++#define OPTIMIZER_HIDE_VAR(var) __asm__ ("" : "=r" (var) : "0" (var)) ++ + #ifdef __CHECKER__ + #define __must_be_array(arr) 0 + #else diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h index e2a360a..1d61efb 100644 --- a/include/linux/compiler-gcc4.h @@ -78288,8 +78703,33 @@ index e2a360a..1d61efb 100644 #endif #if __GNUC_MINOR__ > 0 +diff --git a/include/linux/compiler-intel.h b/include/linux/compiler-intel.h +index cba9593..1a97cac 100644 +--- a/include/linux/compiler-intel.h ++++ b/include/linux/compiler-intel.h +@@ -15,6 +15,7 @@ + */ + #undef barrier + #undef RELOC_HIDE ++#undef OPTIMIZER_HIDE_VAR + + #define barrier() __memory_barrier() + +@@ -23,6 +24,12 @@ + __ptr = (unsigned long) (ptr); \ + (typeof(ptr)) (__ptr + (off)); }) + ++/* This should act as an optimization barrier on var. ++ * Given that this compiler does not have inline assembly, a compiler barrier ++ * is the best we can do. ++ */ ++#define OPTIMIZER_HIDE_VAR(var) barrier() ++ + /* Intel ECC compiler doesn't support __builtin_types_compatible_p() */ + #define __must_be_array(a) 0 + diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 320d6c9..f4c24bf 100644 +index 320d6c9..92ea3ae 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,31 +5,51 @@ @@ -78356,7 +78796,18 @@ index 320d6c9..f4c24bf 100644 #endif #ifdef __KERNEL__ -@@ -264,6 +286,30 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -164,6 +186,10 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); + (typeof(ptr)) (__ptr + (off)); }) + #endif + ++#ifndef OPTIMIZER_HIDE_VAR ++#define OPTIMIZER_HIDE_VAR(var) barrier() ++#endif ++ + #endif /* __KERNEL__ */ + + #endif /* __ASSEMBLY__ */ +@@ -264,6 +290,30 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif @@ -78387,7 +78838,7 @@ index 320d6c9..f4c24bf 100644 /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +319,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -273,6 +323,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #define __cold #endif @@ -78410,7 +78861,7 @@ index 320d6c9..f4c24bf 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -292,6 +354,18 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -292,6 +358,18 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #endif #ifndef __compiletime_error # define __compiletime_error(message) @@ -78429,7 +78880,7 @@ index 320d6c9..f4c24bf 100644 #endif /* -@@ -306,6 +380,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -306,6 +384,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -80860,7 +81311,7 @@ index 9efd081..19f989c 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index c4d2fc1..5df9c19 100644 +index c4d2fc1..ef36389 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -53,7 +53,7 @@ extern int kgdb_connected; @@ -80881,7 +81332,7 @@ index c4d2fc1..5df9c19 100644 /** * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. -@@ -277,7 +277,7 @@ struct kgdb_io { +@@ -277,11 +277,11 @@ struct kgdb_io { void (*pre_exception) (void); void (*post_exception) (void); int is_console; @@ -80890,6 +81341,11 @@ index c4d2fc1..5df9c19 100644 extern struct kgdb_arch arch_kgdb_ops; +-extern unsigned long __weak kgdb_arch_pc(int exception, struct pt_regs *regs); ++extern unsigned long kgdb_arch_pc(int exception, struct pt_regs *regs); + + extern int kgdb_register_io_module(struct kgdb_io *local_kgdb_io_ops); + extern void kgdb_unregister_io_module(struct kgdb_io *local_kgdb_io_ops); diff --git a/include/linux/kmod.h b/include/linux/kmod.h index f8d4b27..8560882 100644 --- a/include/linux/kmod.h @@ -83504,6 +83960,29 @@ index 6a40c76..1747b67 100644 enum { false = 0, +diff --git a/include/linux/string.h b/include/linux/string.h +index e033564..e43a65c 100644 +--- a/include/linux/string.h ++++ b/include/linux/string.h +@@ -133,7 +133,7 @@ int bprintf(u32 *bin_buf, size_t size, const char *fmt, ...) __printf(3, 4); + #endif + + extern ssize_t memory_read_from_buffer(void *to, size_t count, loff_t *ppos, +- const void *from, size_t available); ++ const void *from, size_t available); + + /** + * strstarts - does @str start with @prefix? +@@ -144,5 +144,9 @@ static inline bool strstarts(const char *str, const char *prefix) + { + return strncmp(str, prefix, strlen(prefix)) == 0; + } ++ ++size_t memweight(const void *ptr, size_t bytes); ++void memzero_explicit(void *s, size_t count); ++ + #endif + #endif /* _LINUX_STRING_H_ */ diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h index 3d8f9c4..349a695 100644 --- a/include/linux/sunrpc/clnt.h @@ -94076,7 +94555,7 @@ index b8029a5..2b120e1 100644 +} +EXPORT_SYMBOL(pax_list_del_rcu); diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index d9df745..e73c2fe 100644 +index d9df745..a541641b 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c @@ -80,7 +80,7 @@ struct radix_tree_preload { @@ -94088,6 +94567,18 @@ index d9df745..e73c2fe 100644 static inline void *ptr_to_indirect(void *ptr) { +@@ -1273,8 +1273,10 @@ unsigned long radix_tree_locate_item(struct radix_tree_root *root, void *item) + + node = indirect_to_ptr(node); + max_index = radix_tree_maxindex(node->height); +- if (cur_index > max_index) ++ if (cur_index > max_index) { ++ rcu_read_unlock(); + break; ++ } + + cur_index = __locate(node, item, cur_index, &found_index); + rcu_read_unlock(); diff --git a/lib/random32.c b/lib/random32.c index 1f44bdc..009bfe8 100644 --- a/lib/random32.c @@ -94589,6 +95080,33 @@ index 1f44bdc..009bfe8 100644 + pr_info("prandom: %d self tests passed\n", runs); +} +#endif +diff --git a/lib/string.c b/lib/string.c +index dc4a863..40136f6 100644 +--- a/lib/string.c ++++ b/lib/string.c +@@ -583,6 +583,22 @@ void *memset(void *s, int c, size_t count) + EXPORT_SYMBOL(memset); + #endif + ++/** ++ * memzero_explicit - Fill a region of memory (e.g. sensitive ++ * keying data) with 0s. ++ * @s: Pointer to the start of the area. ++ * @count: The size of the area. ++ * ++ * memzero_explicit() doesn't need an arch-specific version as ++ * it just invokes the one of memset() implicitly. ++ */ ++void memzero_explicit(void *s, size_t count) ++{ ++ memset(s, 0, count); ++ OPTIMIZER_HIDE_VAR(s); ++} ++EXPORT_SYMBOL(memzero_explicit); ++ + #ifndef __HAVE_ARCH_MEMCPY + /** + * memcpy - Copy one area of memory to another diff --git a/lib/vsprintf.c b/lib/vsprintf.c index ae02e42..4ffc938 100644 --- a/lib/vsprintf.c @@ -102760,7 +103278,7 @@ index 6be5e8e..22df23e 100644 tmo = req->expires - jiffies; if (tmo < 0) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 4afcf31..392d206 100644 +index 4afcf31..a15c188 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -102774,7 +103292,7 @@ index 4afcf31..392d206 100644 #include <net/secure_seq.h> #include <net/ip.h> -+extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet); ++extern void gr_update_task_in_ip_table(const struct inet_sock *inet); + /* * Allocate and initialize a new local port bind bucket. @@ -102783,7 +103301,7 @@ index 4afcf31..392d206 100644 twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); -+ gr_update_task_in_ip_table(current, inet_sk(sk)); ++ gr_update_task_in_ip_table(inet_sk(sk)); + if (tw) { inet_twsk_deschedule(tw, death_row); @@ -104590,10 +105108,45 @@ index f8bec1e..8628321 100644 int udp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c -index db78e7d..c88f974 100644 +index db78e7d..df6de01 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c -@@ -202,11 +202,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) +@@ -160,8 +160,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + case IPPROTO_DCCP: + if (!onlyproto && (nh + offset + 4 < skb->data || + pskb_may_pull(skb, nh + offset + 4 - skb->data))) { +- __be16 *ports = (__be16 *)exthdr; ++ __be16 *ports; + ++ nh = skb_network_header(skb); ++ ports = (__be16 *)(nh + offset); + fl6->fl6_sport = ports[!!reverse]; + fl6->fl6_dport = ports[!reverse]; + } +@@ -170,8 +172,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + + case IPPROTO_ICMPV6: + if (!onlyproto && pskb_may_pull(skb, nh + offset + 2 - skb->data)) { +- u8 *icmp = (u8 *)exthdr; ++ u8 *icmp; + ++ nh = skb_network_header(skb); ++ icmp = (u8 *)(nh + offset); + fl6->fl6_icmp_type = icmp[0]; + fl6->fl6_icmp_code = icmp[1]; + } +@@ -182,8 +186,9 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) + case IPPROTO_MH: + if (!onlyproto && pskb_may_pull(skb, nh + offset + 3 - skb->data)) { + struct ip6_mh *mh; +- mh = (struct ip6_mh *)exthdr; + ++ nh = skb_network_header(skb); ++ mh = (struct ip6_mh *)(nh + offset); + fl6->fl6_mh_type = mh->ip6mh_type; + } + fl6->flowi6_proto = nexthdr; +@@ -202,11 +207,11 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) } } @@ -105558,6 +106111,22 @@ index f042ae5..30ea486 100644 mutex_unlock(&nf_sockopt_mutex); } EXPORT_SYMBOL(nf_unregister_sockopt); +diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c +index b4f8d84..4ffd251 100644 +--- a/net/netfilter/nfnetlink.c ++++ b/net/netfilter/nfnetlink.c +@@ -170,8 +170,10 @@ replay: + + err = nla_parse(cda, ss->cb[cb_id].attr_count, + attr, attrlen, ss->cb[cb_id].policy); +- if (err < 0) ++ if (err < 0) { ++ rcu_read_unlock(); + return err; ++ } + + if (nc->call_rcu) { + err = nc->call_rcu(net->nfnl, skb, nlh, diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c index 66b2c54..4ea49be 100644 --- a/net/netfilter/nfnetlink_log.c @@ -126703,6 +127272,44 @@ index 547628e..74de9f2 100644 +#endif + #endif +diff --git a/virt/kvm/iommu.c b/virt/kvm/iommu.c +index c946700..e32c93c 100644 +--- a/virt/kvm/iommu.c ++++ b/virt/kvm/iommu.c +@@ -43,13 +43,13 @@ static void kvm_iommu_put_pages(struct kvm *kvm, + gfn_t base_gfn, unsigned long npages); + + static pfn_t kvm_pin_pages(struct kvm *kvm, struct kvm_memory_slot *slot, +- gfn_t gfn, unsigned long size) ++ gfn_t gfn, unsigned long npages) + { + gfn_t end_gfn; + pfn_t pfn; + + pfn = gfn_to_pfn_memslot(kvm, slot, gfn); +- end_gfn = gfn + (size >> PAGE_SHIFT); ++ end_gfn = gfn + npages; + gfn += 1; + + if (is_error_pfn(pfn)) +@@ -117,7 +117,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + * Pin all pages we are about to map in memory. This is + * important because we unmap and unpin in 4kb steps later. + */ +- pfn = kvm_pin_pages(kvm, slot, gfn, page_size); ++ pfn = kvm_pin_pages(kvm, slot, gfn, page_size >> PAGE_SHIFT); + if (is_error_pfn(pfn)) { + gfn += 1; + continue; +@@ -129,7 +129,7 @@ int kvm_iommu_map_pages(struct kvm *kvm, struct kvm_memory_slot *slot) + if (r) { + printk(KERN_ERR "kvm_iommu_map_address:" + "iommu failed to map pfn=%llx\n", pfn); +- kvm_unpin_pages(kvm, pfn, page_size); ++ kvm_unpin_pages(kvm, pfn, page_size >> PAGE_SHIFT); + goto unmap_pages; + } + diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d83aa5e..52970b8 100644 --- a/virt/kvm/kvm_main.c |