main/linux-grsec: upgrade to grsecurity-3.0-3.14.15-201408032014

fixes #3277

2 files changed, 111 insertions, 75 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 1327bb5ebd..f42b214f02 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
 esac
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
 install=
 source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
 	http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
-	grsecurity-3.0-3.14.15-201407312005.patch
+	grsecurity-3.0-3.14.15-201408032014.patch
 
 	fix-memory-map-for-PIE-applications.patch
 	imx6q-no-unclocked-sleep.patch
@@ -166,7 +166,7 @@ dev() {
 
 md5sums="b621207b3f6ecbb67db18b13258f8ea8  linux-3.14.tar.xz
 497579393986bb76e08abc355e59550c  patch-3.14.15.xz
-2a44c70e3bd3efcdbca973f65d81c9c5  grsecurity-3.0-3.14.15-201407312005.patch
+d1d5b12a0a0f0f8dd8588d42bd3b2375  grsecurity-3.0-3.14.15-201408032014.patch
 c6a4ae7e8ca6159e1631545515805216  fix-memory-map-for-PIE-applications.patch
 1a307fc1d63231bf01d22493a4f14378  imx6q-no-unclocked-sleep.patch
 69688dbc1669bfd04dec7bb316e58b8d  kernelconfig.x86
@@ -174,7 +174,7 @@ e0b3a0898935183bf42078350d2e31f1  kernelconfig.x86_64
 0d71b1663f7cbfffc6e403deca4bbe86  kernelconfig.armhf"
 sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa  linux-3.14.tar.xz
 fd0fff77dd5274fd53bce431275cf203357d1a96a6c6129f0562b07232399ed2  patch-3.14.15.xz
-a3b1ce09f002037274f1ace901353b5c13bebfcb95f6533753f3a6062060aedd  grsecurity-3.0-3.14.15-201407312005.patch
+c52e543a680cf82721aa378251fd66f223a03a294343ae9500bc6d1d59771f8f  grsecurity-3.0-3.14.15-201408032014.patch
 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7  fix-memory-map-for-PIE-applications.patch
 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3  imx6q-no-unclocked-sleep.patch
 61c9344b8643ab81b0d7230f77fa003c8e2ce46bf4ea18315708e77ccef5de83  kernelconfig.x86
@@ -182,7 +182,7 @@ a3b1ce09f002037274f1ace901353b5c13bebfcb95f6533753f3a6062060aedd  grsecurity-3.0
 3cddaac02211dd0f5eb4531aecc3a1427f29dcec7b31d9fe0042192d591bcdc8  kernelconfig.armhf"
 sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e  linux-3.14.tar.xz
 9a9d99a5e6f724f3c7063212ce7187e1bf15a1931aacc0e56fcb46b5f1f8266c47dd61ca0dafdfeb27a7348817629fa2d26df0f0d6f36d7ceab6295b39a5e5d9  patch-3.14.15.xz
-e865427b195329e5e690231a6ec4b84a74f714acdd4740571d964ff5ee6ec1af5c9bce62515861d58ef9d866451f2c091ba1ea455424cbaa179a5d2a91a48731  grsecurity-3.0-3.14.15-201407312005.patch
+2edef8d733b2fbfeb65de833e85d2f2693967263e8b8faf7838192af763b6868ad41daaf71d26327566ab5a8184a87be159388a1ceb48bea88ece1fbc0adaf19  grsecurity-3.0-3.14.15-201408032014.patch
 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7  fix-memory-map-for-PIE-applications.patch
 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221  imx6q-no-unclocked-sleep.patch
 0889c17d6509b8078aa2fd1ba2977a8fa88260bd080e780aeefd7eb6a8805b3bb9a3132991fc1050e6b7bce0ca118ce7f2c57c0f33459812f69c4dee75ff96cf  kernelconfig.x86
diff --git a/main/linux-grsec/grsecurity-3.0-3.14.15-201407312005.patch b/main/linux-grsec/grsecurity-3.0-3.14.15-201408032014.patch
index c19e4e319d..96db0fa027 100644
--- a/main/linux-grsec/grsecurity-3.0-3.14.15-201407312005.patch
+++ b/main/linux-grsec/grsecurity-3.0-3.14.15-201408032014.patch
@@ -19763,7 +19763,7 @@ index 04905bf..49203ca 100644
  }
  
 diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 0d592e0..7437fcc 100644
+index 0d592e0..526f797 100644
 --- a/arch/x86/include/asm/uaccess.h
 +++ b/arch/x86/include/asm/uaccess.h
 @@ -7,6 +7,7 @@
@@ -20180,7 +20180,7 @@ index 0d592e0..7437fcc 100644
 +			copy_from_user_overflow();
 +		else
 +			__copy_from_user_overflow(sz, n);
-+	} if (access_ok(VERIFY_READ, from, n))
++	} else if (access_ok(VERIFY_READ, from, n))
 +		n = __copy_from_user(to, from, n);
 +	else if ((long)n > 0)
 +		memset(to, 0, n);
@@ -24623,7 +24623,7 @@ index 85126cc..1bbce17 100644
  	init_level4_pgt[511] = early_level4_pgt[511];
  
 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index f36bd42..56ee1534 100644
+index f36bd42..0ab4474 100644
 --- a/arch/x86/kernel/head_32.S
 +++ b/arch/x86/kernel/head_32.S
 @@ -26,6 +26,12 @@
@@ -25035,7 +25035,7 @@ index f36bd42..56ee1534 100644
 +	.quad 0x00009b000000ffff	/* 0xc0 APM CS 16 code (16 bit) */
 +	.quad 0x004093000000ffff	/* 0xc8 APM DS    data */
 +
-+	.quad 0x00c0930000000000	/* 0xd0 - ESPFIX SS */
++	.quad 0x00c093000000ffff	/* 0xd0 - ESPFIX SS */
 +	.quad 0x0040930000000000	/* 0xd8 - PERCPU */
 +	.quad 0x0040910000000017	/* 0xe0 - STACK_CANARY */
 +	.quad 0x0000000000000000	/* 0xe8 - PCIBIOS_CS */
@@ -27368,7 +27368,7 @@ index 5cdff03..80fa283 100644
  		 * Up to this point, the boot CPU has been using .init.data
  		 * area.  Reload any changed state for the boot CPU.
 diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 9e5de68..16c53cb 100644
+index 9e5de68..147c254 100644
 --- a/arch/x86/kernel/signal.c
 +++ b/arch/x86/kernel/signal.c
 @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp)
@@ -27385,7 +27385,7 @@ index 9e5de68..16c53cb 100644
  
  	if (current->mm->context.vdso)
 -		restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
-+		restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
++		restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
  	else
 -		restorer = &frame->retcode;
 +		restorer = (void __user *)&frame->retcode;
@@ -27407,9 +27407,9 @@ index 9e5de68..16c53cb 100644
  		/* Set up to return from userspace.  */
 -		restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
 +		if (current->mm->context.vdso)
-+			restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
++			restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
 +		else
-+		restorer = (void __user *)&frame->retcode;
++			restorer = (void __user *)&frame->retcode;
  		if (ksig->ka.sa.sa_flags & SA_RESTORER)
  			restorer = ksig->ka.sa.sa_restorer;
  		put_user_ex(restorer, &frame->pretcode);
@@ -71990,7 +71990,7 @@ index 0000000..25f54ef
 +};
 diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
 new file mode 100644
-index 0000000..361a099
+index 0000000..3f8ade0
 --- /dev/null
 +++ b/grsecurity/gracl_policy.c
 @@ -0,0 +1,1782 @@
@@ -72049,9 +72049,9 @@ index 0000000..361a099
 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
 +extern void gr_clear_learn_entries(void);
 +
-+static struct gr_arg gr_usermode;
-+static unsigned char gr_system_salt[GR_SALT_LEN];
-+static unsigned char gr_system_sum[GR_SHA_LEN];
++struct gr_arg *gr_usermode __read_only;
++unsigned char *gr_system_salt __read_only;
++unsigned char *gr_system_sum __read_only;
 +
 +static unsigned int gr_auth_attempts = 0;
 +static unsigned long gr_auth_expires = 0UL;
@@ -73293,8 +73293,8 @@ index 0000000..361a099
 +{
 +	int error = 0;
 +
-+	memcpy(&gr_system_salt, args->salt, sizeof(gr_system_salt));
-+	memcpy(&gr_system_sum, args->sum, sizeof(gr_system_sum));
++	memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
++	memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
 +
 +	if (init_variables(args, false)) {
 +		gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
@@ -73521,11 +73521,11 @@ index 0000000..361a099
 +	if (error)
 +		goto out;
 +
-+	error = copy_gr_arg(uwrap.arg, &gr_usermode);
++	error = copy_gr_arg(uwrap.arg, gr_usermode);
 +	if (error)
 +		goto out;
 +
-+	if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_SPROLEPAM &&
++	if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
 +	    gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
 +	    time_after(gr_auth_expires, get_seconds())) {
 +		error = -EBUSY;
@@ -73537,8 +73537,8 @@ index 0000000..361a099
 +	   locking
 +	 */
 +
-+	if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_STATUS &&
-+	    gr_usermode.mode != GR_UNSPROLE && gr_usermode.mode != GR_SPROLEPAM &&
++	if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
++	    gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
 +	    gr_is_global_nonroot(current_uid())) {
 +		error = -EPERM;
 +		goto out;
@@ -73546,15 +73546,15 @@ index 0000000..361a099
 +
 +	/* ensure pw and special role name are null terminated */
 +
-+	gr_usermode.pw[GR_PW_LEN - 1] = '\0';
-+	gr_usermode.sp_role[GR_SPROLE_LEN - 1] = '\0';
++	gr_usermode->pw[GR_PW_LEN - 1] = '\0';
++	gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
 +
 +	/* Okay. 
 +	 * We have our enough of the argument structure..(we have yet
 +	 * to copy_from_user the tables themselves) . Copy the tables
 +	 * only if we need them, i.e. for loading operations. */
 +
-+	switch (gr_usermode.mode) {
++	switch (gr_usermode->mode) {
 +	case GR_STATUS:
 +			if (gr_acl_is_enabled()) {
 +				error = 1;
@@ -73564,12 +73564,12 @@ index 0000000..361a099
 +				error = 2;
 +			goto out;
 +	case GR_SHUTDOWN:
-+		if (gr_acl_is_enabled() && !(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
++		if (gr_acl_is_enabled() && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
 +			stop_machine(gr_rbac_disable, NULL, NULL);
 +			free_variables(false);
-+			memset(&gr_usermode, 0, sizeof(gr_usermode));
-+			memset(&gr_system_salt, 0, sizeof(gr_system_salt));
-+			memset(&gr_system_sum, 0, sizeof(gr_system_sum));
++			memset(gr_usermode, 0, sizeof(struct gr_arg));
++			memset(gr_system_salt, 0, GR_SALT_LEN);
++			memset(gr_system_sum, 0, GR_SHA_LEN);
 +			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
 +		} else if (gr_acl_is_enabled()) {
 +			gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
@@ -73580,7 +73580,7 @@ index 0000000..361a099
 +		}
 +		break;
 +	case GR_ENABLE:
-+		if (!gr_acl_is_enabled() && !(error2 = gracl_init(&gr_usermode)))
++		if (!gr_acl_is_enabled() && !(error2 = gracl_init(gr_usermode)))
 +			gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
 +		else {
 +			if (gr_acl_is_enabled())
@@ -73596,8 +73596,8 @@ index 0000000..361a099
 +		if (!gr_acl_is_enabled()) {
 +			gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
 +			error = -EAGAIN;
-+		} else if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
-+			error2 = gracl_reload(&gr_usermode, oldmode);
++		} else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
++			error2 = gracl_reload(gr_usermode, oldmode);
 +			if (!error2)
 +				gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
 +			else {
@@ -73616,20 +73616,20 @@ index 0000000..361a099
 +			break;
 +		}
 +
-+		if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) {
++		if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
 +			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
-+			if (gr_usermode.segv_device && gr_usermode.segv_inode) {
++			if (gr_usermode->segv_device && gr_usermode->segv_inode) {
 +				struct acl_subject_label *segvacl;
 +				segvacl =
-+				    lookup_acl_subj_label(gr_usermode.segv_inode,
-+							  gr_usermode.segv_device,
++				    lookup_acl_subj_label(gr_usermode->segv_inode,
++							  gr_usermode->segv_device,
 +							  current->role);
 +				if (segvacl) {
 +					segvacl->crashes = 0;
 +					segvacl->expires = 0;
 +				}
-+			} else if (gr_find_uid(gr_usermode.segv_uid) >= 0) {
-+				gr_remove_uid(gr_usermode.segv_uid);
++			} else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
++				gr_remove_uid(gr_usermode->segv_uid);
 +			}
 +		} else {
 +			gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
@@ -73656,11 +73656,11 @@ index 0000000..361a099
 +		}
 +
 +		if (lookup_special_role_auth
-+		    (gr_usermode.mode, gr_usermode.sp_role, &sprole_salt, &sprole_sum)
++		    (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
 +		    && ((!sprole_salt && !sprole_sum)
-+			|| !(chkpw(&gr_usermode, sprole_salt, sprole_sum)))) {
++			|| !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
 +			char *p = "";
-+			assign_special_role(gr_usermode.sp_role);
++			assign_special_role(gr_usermode->sp_role);
 +			read_lock(&tasklist_lock);
 +			if (current->real_parent)
 +				p = current->real_parent->role->rolename;
@@ -73668,7 +73668,7 @@ index 0000000..361a099
 +			gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
 +					p, acl_sp_role_value);
 +		} else {
-+			gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode.sp_role);
++			gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
 +			error = -EPERM;
 +			if(!(current->role->auth_attempts++))
 +				current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
@@ -73702,7 +73702,7 @@ index 0000000..361a099
 +		}
 +		break;
 +	default:
-+		gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode.mode);
++		gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
 +		error = -EINVAL;
 +		break;
 +	}
@@ -75326,10 +75326,10 @@ index 0000000..8ca18bf
 +}
 diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
 new file mode 100644
-index 0000000..ae6c028
+index 0000000..b7cb191
 --- /dev/null
 +++ b/grsecurity/grsec_init.c
-@@ -0,0 +1,272 @@
+@@ -0,0 +1,286 @@
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
 +#include <linux/mm.h>
@@ -75409,6 +75409,10 @@ index 0000000..ae6c028
 +char *gr_alert_log_buf;
 +char *gr_audit_log_buf;
 +
++extern struct gr_arg *gr_usermode;
++extern unsigned char *gr_system_salt;
++extern unsigned char *gr_system_sum;
++
 +void __init
 +grsecurity_init(void)
 +{
@@ -75449,6 +75453,16 @@ index 0000000..ae6c028
 +		return;
 +	}
 +
++	/* allocate memory for authentication structure */
++	gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
++	gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
++	gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
++
++	if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
++		panic("Unable to allocate grsecurity authentication structure");
++		return;
++	}
++
 +#ifdef CONFIG_GRKERNSEC_IO
 +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO)
 +	grsec_disable_privio = 1;
@@ -77406,10 +77420,10 @@ index 0000000..ae02d8e
 +EXPORT_SYMBOL_GPL(gr_handle_new_usb);
 diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
 new file mode 100644
-index 0000000..9f7b1ac
+index 0000000..158b330
 --- /dev/null
 +++ b/grsecurity/grsum.c
-@@ -0,0 +1,61 @@
+@@ -0,0 +1,64 @@
 +#include <linux/err.h>
 +#include <linux/kernel.h>
 +#include <linux/sched.h>
@@ -77426,47 +77440,50 @@ index 0000000..9f7b1ac
 +int
 +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
 +{
-+	char *p;
 +	struct crypto_hash *tfm;
 +	struct hash_desc desc;
-+	struct scatterlist sg;
-+	unsigned char temp_sum[GR_SHA_LEN];
-+	volatile int retval = 0;
++	struct scatterlist sg[2];
++	unsigned char temp_sum[GR_SHA_LEN] __attribute__((aligned(__alignof__(unsigned long))));
++	unsigned long *tmpsumptr = (unsigned long *)temp_sum;
++	unsigned long *sumptr = (unsigned long *)sum;
++	int cryptres;
++	int retval = 1;
++	volatile int mismatched = 0;
 +	volatile int dummy = 0;
 +	unsigned int i;
 +
-+	sg_init_table(&sg, 1);
-+
 +	tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
 +	if (IS_ERR(tfm)) {
 +		/* should never happen, since sha256 should be built in */
++		memset(entry->pw, 0, GR_PW_LEN);
 +		return 1;
 +	}
 +
++	sg_init_table(sg, 2);
++	sg_set_buf(&sg[0], salt, GR_SALT_LEN);
++	sg_set_buf(&sg[1], entry->pw, strlen(entry->pw));
++
 +	desc.tfm = tfm;
 +	desc.flags = 0;
 +
-+	crypto_hash_init(&desc);
-+
-+	p = salt;
-+	sg_set_buf(&sg, p, GR_SALT_LEN);
-+	crypto_hash_update(&desc, &sg, sg.length);
-+
-+	p = entry->pw;
-+	sg_set_buf(&sg, p, strlen(p));
-+	
-+	crypto_hash_update(&desc, &sg, sg.length);
-+
-+	crypto_hash_final(&desc, temp_sum);
++	cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw),
++					temp_sum);
 +
 +	memset(entry->pw, 0, GR_PW_LEN);
 +
-+	for (i = 0; i < GR_SHA_LEN; i++)
-+		if (sum[i] != temp_sum[i])
-+			retval = 1;
++	if (cryptres)
++		goto out;
++
++	for (i = 0; i < GR_SHA_LEN/sizeof(tmpsumptr[0]); i++)
++		if (sumptr[i] != tmpsumptr[i])
++			mismatched = 1;
 +		else
 +			dummy = 1;	// waste a cycle
 +
++	if (!mismatched)
++		retval = dummy - 1;
++
++out:
 +	crypto_free_hash(tfm);
 +
 +	return retval;
@@ -100500,7 +100517,7 @@ index c04518f..d67116b 100644
  
  static int raw_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index 031553f..af4a0c2 100644
+index 031553f..1f6f4e2 100644
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
 @@ -89,6 +89,7 @@
@@ -100550,7 +100567,7 @@ index 031553f..af4a0c2 100644
 - * But broken packet identifier may be better than no packet at all.
 +#define IP_IDENTS_SZ 2048u
 +struct ip_ident_bucket {
-+	atomic_t	id;
++	atomic_unchecked_t	id;
 +	u32		stamp32;
 +};
 +
@@ -100579,7 +100596,7 @@ index 031553f..af4a0c2 100644
 +	if (old != now && cmpxchg(&bucket->stamp32, old, now) == old)
 +		delta = prandom_u32_max(now - old);
 +
-+	return atomic_add_return(segs + delta, &bucket->id) - segs;
++	return atomic_add_return_unchecked(segs + delta, &bucket->id) - segs;
  }
 +EXPORT_SYMBOL(ip_idents_reserve);
  
@@ -122133,10 +122150,10 @@ index 0000000..0888f6c
 +
 diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c
 new file mode 100644
-index 0000000..dd94983
+index 0000000..924652b
 --- /dev/null
 +++ b/tools/gcc/stackleak_plugin.c
-@@ -0,0 +1,376 @@
+@@ -0,0 +1,395 @@
 +/*
 + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -122168,7 +122185,7 @@ index 0000000..dd94983
 +static bool init_locals;
 +
 +static struct plugin_info stackleak_plugin_info = {
-+	.version	= "201402131920",
++	.version	= "201408011900",
 +	.help		= "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n"
 +//			  "initialize-locals\t\tforcibly initialize all stack frames\n"
 +};
@@ -122314,6 +122331,25 @@ index 0000000..dd94983
 +
 +static bool gate_stackleak_track_stack(void)
 +{
++	tree section;
++
++	if (ix86_cmodel != CM_KERNEL)
++		return false;
++
++	section = lookup_attribute("section", DECL_ATTRIBUTES(current_function_decl));
++	if (section && TREE_VALUE(section)) {
++		section = TREE_VALUE(TREE_VALUE(section));
++
++		if (!strncmp(TREE_STRING_POINTER(section), ".init.text", 10))
++			return false;
++		if (!strncmp(TREE_STRING_POINTER(section), ".devinit.text", 13))
++			return false;
++		if (!strncmp(TREE_STRING_POINTER(section), ".cpuinit.text", 13))
++			return false;
++		if (!strncmp(TREE_STRING_POINTER(section), ".meminit.text", 13))
++			return false;
++	}
++
 +	return track_frame_size >= 0;
 +}
 +