diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-01-23 08:26:09 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2014-01-23 08:26:09 +0000 |
commit | c7bbdca2a256fe6abded086bf4e27338f78f67f9 (patch) | |
tree | 905b7113d8155c65a4a2aa1e0f89e9e96d902fc1 /main/linux-virt-grsec | |
parent | a34a5dcf81b53f781e83f857e429d79e945f8af2 (diff) | |
download | aports-c7bbdca2a256fe6abded086bf4e27338f78f67f9.tar.bz2 aports-c7bbdca2a256fe6abded086bf4e27338f78f67f9.tar.xz |
main/linux-virt-grsec: upgrade to 3.12.8
Diffstat (limited to 'main/linux-virt-grsec')
-rw-r--r-- | main/linux-virt-grsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch) | 1415 |
2 files changed, 1107 insertions, 326 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD index 02eec6d71a..bf2e05f267 100644 --- a/main/linux-virt-grsec/APKBUILD +++ b/main/linux-virt-grsec/APKBUILD @@ -3,12 +3,12 @@ _flavor=virt-grsec pkgname=linux-${_flavor} -pkgver=3.12.7 +pkgver=3.12.8 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel for virtual guests with grsecurity" url="http://grsecurity.net" depends="mkinitfs linux-firmware" @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-$pkgver-201401120824.patch + grsecurity-3.0-$pkgver-201401191015.patch fix-memory-map-for-PIE-applications.patch kernelconfig.x86 @@ -145,20 +145,20 @@ dev() { } md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz -a158a29ecf49e768ebd2f34967991606 patch-3.12.7.xz -a90b0bcd0ece5c0bee4fa8155a0122fd grsecurity-3.0-3.12.7-201401120824.patch +03d34842e3a1197d17055610f62627b8 patch-3.12.8.xz +a7dd09d05b98cca3b7c00098698bdd38 grsecurity-3.0-3.12.8-201401191015.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch cc0bc34dd6d4f4396fa70ceaa5aa4a1a kernelconfig.x86 93a67bcefa885e0089247694c3e1fa25 kernelconfig.x86_64" sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz -ac57d56064bb23dae55fe656c407c662e842c98a6a5411251d6bb79c9718f555 patch-3.12.7.xz -1ff99432fb966b8646bfa73f6828c8e25351afcfac2acbd3f019448926de9278 grsecurity-3.0-3.12.7-201401120824.patch +a8e056bec1a39bbca8d2df9c477a9dee0e263ae4335601548eda14326e83e782 patch-3.12.8.xz +8ec870556270bb0041b1b7fcc4d86328c62023a288b8e914b8721c94956ac737 grsecurity-3.0-3.12.8-201401191015.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch bb7418bfdfbe45476331412b17a06abb08f8a0f44fe8ff978fd3413e8671ae66 kernelconfig.x86 4a11a2edd0dc69687f96f6c80140537b8ba74684244af59a1ffe74cd69712c6c kernelconfig.x86_64" sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz -070536e1ed0911e91e96f32038b38efd8d531a306b09eb3074f68ebd7c582cf09574ea712666c3e3dff8443d66d054028a58497dd5e11f66d3bb5eb4570aee78 patch-3.12.7.xz -34475fd4f167492550f2cc0df7f0b4eb4f616e1a40d1e914128c20b0ec3a77d7c7a57f1fe7874316e4081ac15d06e4bf33b841477b69757409fe54c4f40d76ce grsecurity-3.0-3.12.7-201401120824.patch +27cf39ed82d2b28669a7a63b577814b625e9fa73fce4e15c5f4a35358621356e4364c4892427fb5e02982087090404f5ce871357a04c0372d008b1e55ca55aee patch-3.12.8.xz +d8d9ead63a728385fff54597cd25d0856d9f1e964d871cf75ed9563beb358ea8f6e87d81ed16432c02772fa3d8e1caf45b15e0cce4ec4c07e73e0ef531f28016 grsecurity-3.0-3.12.8-201401191015.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch b2245e3eeb020651eb36289d658b32a0ace45e00c392113e8589dbc31f5bd602fb3284b915b4924c235c7886f5e773ad731ddb392ca9e7b10528e0344bdafaef kernelconfig.x86 203ef17038ebdb92dbdd6547875816012442f6d4c3d5ea43d9f4898b4c074feda85c485c3bf2aa1b6de127985292aaeef3596e66f06282c7853f9ff7db0a5df4 kernelconfig.x86_64" diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch b/main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch index 6b060dc4d0..07d9c2507f 100644 --- a/main/linux-virt-grsec/grsecurity-3.0-3.12.7-201401120824.patch +++ b/main/linux-virt-grsec/grsecurity-3.0-3.12.8-201401191015.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b89a739..79768fb 100644 +index b89a739..903b673 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -61,7 +61,7 @@ index b89a739..79768fb 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -92,19 +101,24 @@ bounds.h +@@ -92,32 +101,40 @@ bounds.h bsetup btfixupprep build @@ -86,7 +86,11 @@ index b89a739..79768fb 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +129,11 @@ devlist.h* + crc32table.h* + cscope.* + defkeymap.c ++devicetable-offsets.h + devlist.h* dnotify_test docproc dslm @@ -98,7 +102,7 @@ index b89a739..79768fb 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +141,15 @@ fore200e_pca_fw.c* +@@ -125,12 +142,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -114,7 +118,7 @@ index b89a739..79768fb 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,14 +164,14 @@ int32.c +@@ -145,14 +165,14 @@ int32.c int4.c int8.c kallsyms @@ -131,7 +135,7 @@ index b89a739..79768fb 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -162,14 +181,15 @@ mach-types.h +@@ -162,14 +182,15 @@ mach-types.h machtypes.h map map_hugetlb @@ -148,7 +152,7 @@ index b89a739..79768fb 100644 mkprep mkregtable mktables -@@ -185,6 +205,8 @@ oui.c* +@@ -185,6 +206,8 @@ oui.c* page-types parse.c parse.h @@ -157,7 +161,7 @@ index b89a739..79768fb 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -194,6 +216,7 @@ perf-archive +@@ -194,6 +217,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -165,7 +169,7 @@ index b89a739..79768fb 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -203,7 +226,10 @@ r200_reg_safe.h +@@ -203,7 +227,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -176,7 +180,7 @@ index b89a739..79768fb 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -213,8 +239,12 @@ series +@@ -213,8 +240,12 @@ series setup setup.bin setup.elf @@ -189,7 +193,7 @@ index b89a739..79768fb 100644 split-include syscalltab.h tables.c -@@ -224,6 +254,7 @@ tftpboot.img +@@ -224,6 +255,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -197,7 +201,7 @@ index b89a739..79768fb 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -235,13 +266,17 @@ vdso32.lds +@@ -235,13 +267,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -215,7 +219,7 @@ index b89a739..79768fb 100644 vmlinuz voffset.h vsyscall.lds -@@ -249,9 +284,12 @@ vsyscall_32.lds +@@ -249,9 +285,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -281,7 +285,7 @@ index 4f7c57c..a2dc685 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c2f0b79..2e5e090 100644 +index 5d0ec13..d3dcef2 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -400,7 +404,13 @@ index c2f0b79..2e5e090 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -838,6 +900,7 @@ prepare0: archprepare FORCE +@@ -834,10 +896,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ + + archprepare: archheaders archscripts prepare1 scripts_basic + ++prepare0: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++prepare0: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) + prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -408,7 +418,7 @@ index c2f0b79..2e5e090 100644 prepare: prepare0 # Generate some files -@@ -945,6 +1008,8 @@ all: modules +@@ -945,6 +1010,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -417,7 +427,7 @@ index c2f0b79..2e5e090 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -960,7 +1025,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -960,7 +1027,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -426,7 +436,7 @@ index c2f0b79..2e5e090 100644 # Target to install modules PHONY += modules_install -@@ -1026,7 +1091,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1026,7 +1093,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -435,7 +445,7 @@ index c2f0b79..2e5e090 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1066,6 +1131,7 @@ distclean: mrproper +@@ -1066,6 +1133,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -443,7 +453,7 @@ index c2f0b79..2e5e090 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1227,6 +1293,8 @@ PHONY += $(module-dirs) modules +@@ -1227,6 +1295,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -452,7 +462,7 @@ index c2f0b79..2e5e090 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1366,17 +1434,21 @@ else +@@ -1366,17 +1436,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -478,7 +488,7 @@ index c2f0b79..2e5e090 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1386,11 +1458,15 @@ endif +@@ -1386,11 +1460,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -3083,10 +3093,10 @@ index 72024ea..ae302dd 100644 void __init smp_set_ops(struct smp_operations *ops) { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 65ed63f..430c478 100644 +index 1f735aa..08af6f7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c -@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); +@@ -61,7 +61,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) { #ifdef CONFIG_KALLSYMS @@ -3095,7 +3105,7 @@ index 65ed63f..430c478 100644 #else printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); #endif -@@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; +@@ -263,6 +263,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; static int die_owner = -1; static unsigned int die_nest_count; @@ -3104,7 +3114,7 @@ index 65ed63f..430c478 100644 static unsigned long oops_begin(void) { int cpu; -@@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) +@@ -305,6 +307,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -3114,7 +3124,7 @@ index 65ed63f..430c478 100644 if (signr) do_exit(signr); } -@@ -629,7 +634,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) +@@ -635,7 +640,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) * The user helper at 0xffff0fe0 must be used instead. * (see entry-armv.S for details) */ @@ -3124,7 +3134,7 @@ index 65ed63f..430c478 100644 } return 0; -@@ -886,7 +893,11 @@ void __init early_trap_init(void *vectors_base) +@@ -892,7 +899,11 @@ void __init early_trap_init(void *vectors_base) kuser_init(vectors_base); flush_icache_range(vectors, vectors + PAGE_SIZE * 2); @@ -4570,6 +4580,24 @@ index b1d17ee..7a6f4d3 100644 create_mapping(&map); } } +diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c +index 99b44e0..8c9106f 100644 +--- a/arch/arm/net/bpf_jit_32.c ++++ b/arch/arm/net/bpf_jit_32.c +@@ -637,10 +637,10 @@ load_ind: + emit(ARM_MUL(r_A, r_A, r_X), ctx); + break; + case BPF_S_ALU_DIV_K: +- /* current k == reciprocal_value(userspace k) */ ++ if (k == 1) ++ break; + emit_mov_i(r_scratch, k, ctx); +- /* A = top 32 bits of the product */ +- emit(ARM_UMULL(r_scratch, r_A, r_A, r_scratch), ctx); ++ emit_udiv(r_A, r_A, r_scratch, ctx); + break; + case BPF_S_ALU_DIV_X: + update_on_xread(ctx); diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c index a5bc92d..0bb4730 100644 --- a/arch/arm/plat-omap/sram.c @@ -8468,6 +8496,25 @@ index 7ce9cf3..a964087 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c +index 2345bdb..ebbb2f1 100644 +--- a/arch/powerpc/net/bpf_jit_comp.c ++++ b/arch/powerpc/net/bpf_jit_comp.c +@@ -209,10 +209,11 @@ static int bpf_jit_build_body(struct sk_filter *fp, u32 *image, + } + PPC_DIVWU(r_A, r_A, r_X); + break; +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ ++ case BPF_S_ALU_DIV_K: /* A /= K */ ++ if (K == 1) ++ break; + PPC_LI32(r_scratch1, K); +- /* Top 32 bits of 64bit result -> A */ +- PPC_MULHWU(r_A, r_A, r_scratch1); ++ PPC_DIVWU(r_A, r_A, r_scratch1); + break; + case BPF_S_ALU_AND_X: + ctx->seen |= SEEN_XREG; diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c index 9098692..3d54cd1 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c @@ -8773,6 +8820,41 @@ index 4002329..99b67cb 100644 mm->get_unmapped_area = s390_get_unmapped_area_topdown; } } +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index a5df511..06f5acc 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -371,11 +371,13 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter, + /* dr %r4,%r12 */ + EMIT2(0x1d4c); + break; +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K) */ +- /* m %r4,<d(K)>(%r13) */ +- EMIT4_DISP(0x5c40d000, EMIT_CONST(K)); +- /* lr %r5,%r4 */ +- EMIT2(0x1854); ++ case BPF_S_ALU_DIV_K: /* A /= K */ ++ if (K == 1) ++ break; ++ /* lhi %r4,0 */ ++ EMIT4(0xa7480000); ++ /* d %r4,<d(K)>(%r13) */ ++ EMIT4_DISP(0x5d40d000, EMIT_CONST(K)); + break; + case BPF_S_ALU_MOD_X: /* A %= X */ + jit->seen |= SEEN_XREG | SEEN_RET0; +@@ -391,6 +393,11 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter, + EMIT2(0x1854); + break; + case BPF_S_ALU_MOD_K: /* A %= K */ ++ if (K == 1) { ++ /* lhi %r5,0 */ ++ EMIT4(0xa7580000); ++ break; ++ } + /* lhi %r4,0 */ + EMIT4(0xa7480000); + /* d %r4,<d(K)>(%r13) */ diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h index ae3d59f..f65f075 100644 --- a/arch/score/include/asm/cache.h @@ -11396,6 +11478,34 @@ index ed82eda..0d80e77 100644 #endif /* CONFIG_SMP */ #endif /* CONFIG_DEBUG_DCFLUSH */ } +diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c +index 218b6b2..01fe994 100644 +--- a/arch/sparc/net/bpf_jit_comp.c ++++ b/arch/sparc/net/bpf_jit_comp.c +@@ -497,9 +497,20 @@ void bpf_jit_compile(struct sk_filter *fp) + case BPF_S_ALU_MUL_K: /* A *= K */ + emit_alu_K(MUL, K); + break; +- case BPF_S_ALU_DIV_K: /* A /= K */ +- emit_alu_K(MUL, K); +- emit_read_y(r_A); ++ case BPF_S_ALU_DIV_K: /* A /= K with K != 0*/ ++ if (K == 1) ++ break; ++ emit_write_y(G0); ++#ifdef CONFIG_SPARC32 ++ /* The Sparc v8 architecture requires ++ * three instructions between a %y ++ * register write and the first use. ++ */ ++ emit_nop(); ++ emit_nop(); ++ emit_nop(); ++#endif ++ emit_alu_K(DIV, K); + break; + case BPF_S_ALU_DIV_X: /* A /= X; */ + emit_cmpi(r_X, 0); diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index d45a2c4..3c05a78 100644 --- a/arch/tile/Kconfig @@ -15990,7 +16100,7 @@ index 77a99ac..39ff7f5 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 4d0bda7..221da4d 100644 +index 5be9f87..0320912 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h @@ -124,8 +124,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk) @@ -16015,14 +16125,14 @@ index 4d0bda7..221da4d 100644 }) @@ -298,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) - "emms\n\t" /* clear stack tags */ - "fildl %P[addr]", /* set F?P to defined value */ - X86_FEATURE_FXSAVE_LEAK, -- [addr] "m" (tsk->thread.fpu.has_fpu)); -+ [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); + "fnclex\n\t" + "emms\n\t" + "fildl %P[addr]" /* set F?P to defined value */ +- : : [addr] "m" (tsk->thread.fpu.has_fpu)); ++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); + } return fpu_restore_checking(&tsk->thread.fpu); - } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h index be27ba1..04a8801 100644 --- a/arch/x86/include/asm/futex.h @@ -24240,7 +24350,7 @@ index 22d0687..e07b2a5 100644 } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 4186755..784efa0 100644 +index 4186755..18d6a9e 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c @@ -39,7 +39,7 @@ static int check_stack_overflow(void) @@ -24310,7 +24420,7 @@ index 4186755..784efa0 100644 return 1; } -@@ -121,29 +125,14 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -121,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void irq_ctx_init(int cpu) { @@ -24326,9 +24436,7 @@ index 4186755..784efa0 100644 - irqctx->tinfo.cpu = cpu; - irqctx->tinfo.preempt_count = HARDIRQ_OFFSET; - irqctx->tinfo.addr_limit = MAKE_MM_SEG(0); -+ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); -+ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); - +- - per_cpu(hardirq_ctx, cpu) = irqctx; - - irqctx = page_address(alloc_pages_node(cpu_to_node(cpu), @@ -24339,12 +24447,12 @@ index 4186755..784efa0 100644 - irqctx->tinfo.addr_limit = MAKE_MM_SEG(0); - - per_cpu(softirq_ctx, cpu) = irqctx; -+ printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", -+ cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); ++ per_cpu(hardirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); ++ per_cpu(softirq_ctx, cpu) = page_address(alloc_pages_node(cpu_to_node(cpu), THREADINFO_GFP, THREAD_SIZE_ORDER)); printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +141,6 @@ void irq_ctx_init(int cpu) +@@ -152,7 +138,6 @@ void irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -24352,7 +24460,7 @@ index 4186755..784efa0 100644 union irq_ctx *irqctx; u32 *isp; -@@ -162,15 +150,22 @@ asmlinkage void do_softirq(void) +@@ -162,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -24379,7 +24487,7 @@ index 4186755..784efa0 100644 /* * Shouldn't happen, we returned above if in_interrupt(): */ -@@ -191,7 +186,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) +@@ -191,7 +183,7 @@ bool handle_irq(unsigned irq, struct pt_regs *regs) if (unlikely(!desc)) return false; @@ -32902,7 +33010,7 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 26328e8..5f96c25 100644 +index 26328e8..8dfe0d5 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) @@ -33132,9 +33240,14 @@ index 26328e8..5f96c25 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -360,13 +457,23 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -359,15 +456,29 @@ void bpf_jit_compile(struct sk_filter *fp) + EMIT2(0x89, 0xd0); /* mov %edx,%eax */ break; case BPF_S_ALU_MOD_K: /* A %= K; */ ++ if (K == 1) { ++ CLEAR_A(); ++ break; ++ } EMIT2(0x31, 0xd2); /* xor %edx,%edx */ +#ifdef CONFIG_GRKERNSEC_JIT_HARDEN + DILUTE_CONST_SEQUENCE(K, randkey); @@ -33144,19 +33257,24 @@ index 26328e8..5f96c25 100644 EMIT2(0xf7, 0xf1); /* div %ecx */ EMIT2(0x89, 0xd0); /* mov %edx,%eax */ break; - case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ +- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ +- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */ +- EMIT(K, 4); +- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ ++ case BPF_S_ALU_DIV_K: /* A /= K */ ++ if (K == 1) ++ break; ++ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ +#ifdef CONFIG_GRKERNSEC_JIT_HARDEN + DILUTE_CONST_SEQUENCE(K, randkey); -+ // imul rax, rcx -+ EMIT4(0x48, 0x0f, 0xaf, 0xc1); +#else - EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */ - EMIT(K, 4); ++ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */ +#endif - EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ ++ EMIT2(0xf7, 0xf1); /* div %ecx */ break; case BPF_S_ALU_AND_X: -@@ -637,8 +744,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; + seen |= SEEN_XREG; +@@ -637,8 +748,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -33166,7 +33284,7 @@ index 26328e8..5f96c25 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -728,10 +834,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -728,10 +838,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; if (unlikely(proglen + ilen > oldproglen)) { pr_err("bpb_jit_compile fatal error\n"); kfree(addrs); @@ -33180,7 +33298,7 @@ index 26328e8..5f96c25 100644 } proglen += ilen; addrs[i] = proglen; -@@ -764,7 +872,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -764,7 +876,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; if (image) { bpf_flush_icache(header, image + proglen); @@ -33188,7 +33306,7 @@ index 26328e8..5f96c25 100644 fp->bpf_func = (void *)image; } out: -@@ -776,10 +883,9 @@ static void bpf_jit_free_deferred(struct work_struct *work) +@@ -776,10 +887,9 @@ static void bpf_jit_free_deferred(struct work_struct *work) { struct sk_filter *fp = container_of(work, struct sk_filter, work); unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; @@ -37556,7 +37674,7 @@ index d39cca6..8c1e269 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 7a744d3..35a177ee 100644 +index 7a744d3..895af8f 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -269,8 +269,13 @@ @@ -37602,7 +37720,20 @@ index 7a744d3..35a177ee 100644 smp_wmb(); if (out) -@@ -1029,7 +1041,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -603,8 +615,11 @@ retry: + + if (!r->initialized && nbits > 0) { + r->entropy_total += nbits; +- if (r->entropy_total > 128) ++ if (r->entropy_total > 128) { + r->initialized = 1; ++ if (r == &nonblocking_pool) ++ prandom_reseed_late(); ++ } + } + + trace_credit_entropy_bits(r->name, nbits, entropy_count, +@@ -1029,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -37611,7 +37742,7 @@ index 7a744d3..35a177ee 100644 ret = -EFAULT; break; } -@@ -1365,7 +1377,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1365,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -37620,7 +37751,7 @@ index 7a744d3..35a177ee 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; -@@ -1381,7 +1393,7 @@ static char sysctl_bootid[16]; +@@ -1381,7 +1396,7 @@ static char sysctl_bootid[16]; static int proc_do_uuid(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -42591,9 +42722,27 @@ index aacf6bf..67d63f2 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 73dc8a3..bdd515a 100644 +index 73dc8a3..859d581f6 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c +@@ -1319,7 +1319,7 @@ read_again: + /* Could not read all from this device, so we will + * need another r10_bio. + */ +- sectors_handled = (r10_bio->sectors + max_sectors ++ sectors_handled = (r10_bio->sector + max_sectors + - bio->bi_sector); + r10_bio->sectors = max_sectors; + spin_lock_irq(&conf->device_lock); +@@ -1327,7 +1327,7 @@ read_again: + bio->bi_phys_segments = 2; + else + bio->bi_phys_segments++; +- spin_unlock(&conf->device_lock); ++ spin_unlock_irq(&conf->device_lock); + /* Cannot call generic_make_request directly + * as that will be queued in __generic_make_request + * and subsequent mempool_alloc might block @@ -1963,7 +1963,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc @@ -42653,8 +42802,30 @@ index 73dc8a3..bdd515a 100644 } rdev_dec_pending(rdev, mddev); +@@ -3220,10 +3220,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + if (j == conf->copies) { + /* Cannot recover, so abort the recovery or + * record a bad block */ +- put_buf(r10_bio); +- if (rb2) +- atomic_dec(&rb2->remaining); +- r10_bio = rb2; + if (any_working) { + /* problem is that there are bad blocks + * on other device(s) +@@ -3255,6 +3251,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, + mirror->recovery_disabled + = mddev->recovery_disabled; + } ++ put_buf(r10_bio); ++ if (rb2) ++ atomic_dec(&rb2->remaining); ++ r10_bio = rb2; + break; + } + } diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 8a0665d..984c46d 100644 +index 8a0665d..b322118 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1887,21 +1887,21 @@ static void raid5_end_read_request(struct bio * bi, int error) @@ -42692,6 +42863,24 @@ index 8a0665d..984c46d 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", +@@ -3502,7 +3502,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s) + */ + set_bit(R5_Insync, &dev->flags); + +- if (rdev && test_bit(R5_WriteError, &dev->flags)) { ++ if (test_bit(R5_WriteError, &dev->flags)) { + /* This flag does not apply to '.replacement' + * only to .rdev, so make sure to check that*/ + struct md_rdev *rdev2 = rcu_dereference( +@@ -3515,7 +3515,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s) + } else + clear_bit(R5_WriteError, &dev->flags); + } +- if (rdev && test_bit(R5_MadeGood, &dev->flags)) { ++ if (test_bit(R5_MadeGood, &dev->flags)) { + /* This flag does not apply to '.replacement' + * only to .rdev, so make sure to check that*/ + struct md_rdev *rdev2 = rcu_dereference( diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c index 401ef64..836e563 100644 --- a/drivers/media/dvb-core/dvbdev.c @@ -44335,10 +44524,10 @@ index fb3f8dc..9d2ff38 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c -index 03acf57..e1251ff 100644 +index 3dd39dc..85efa46 100644 --- a/drivers/net/ethernet/sfc/ptp.c +++ b/drivers/net/ethernet/sfc/ptp.c -@@ -539,7 +539,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) +@@ -541,7 +541,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) ptp->start.dma_addr); /* Clear flag that signals MC ready */ @@ -44362,19 +44551,6 @@ index 50617c5..b13724c 100644 } /* To mask all all interrupts.*/ -diff --git a/drivers/net/hamradio/hdlcdrv.c b/drivers/net/hamradio/hdlcdrv.c -index 3169252..5d78c1d 100644 ---- a/drivers/net/hamradio/hdlcdrv.c -+++ b/drivers/net/hamradio/hdlcdrv.c -@@ -571,6 +571,8 @@ static int hdlcdrv_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - case HDLCDRVCTL_CALIBRATE: - if(!capable(CAP_SYS_RAWIO)) - return -EPERM; -+ if (bi.data.calibrate > INT_MAX / s->par.bitrate) -+ return -EINVAL; - s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; - return 0; - diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h @@ -44460,10 +44636,10 @@ index 9bf46bd..bfdaa84 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index dc76670..e18f39c 100644 +index 5895e4d..0343d45 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1189,7 +1189,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1182,7 +1182,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -44533,10 +44709,10 @@ index 6327df2..e6e1ebe 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 782e38b..d076fdc 100644 +index 7c8343a..80d1e69 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1834,7 +1834,7 @@ unlock: +@@ -1838,7 +1838,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -44545,7 +44721,7 @@ index 782e38b..d076fdc 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1847,6 +1847,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1851,6 +1851,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, unsigned int ifindex; int ret; @@ -44669,7 +44845,7 @@ index a79e9d3..78cd4fa 100644 /* we will have to manufacture ethernet headers, prepare template */ diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 2ef5b62..6fa0ec3 100644 +index 1462368..578941c 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -2615,7 +2615,7 @@ nla_put_failure: @@ -47377,10 +47553,10 @@ index f379c7f..e8fc69c 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 2634d69..fcf7a81 100644 +index dbc024b..6e3b837 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2940,7 +2940,7 @@ static int sd_probe(struct device *dev) +@@ -2943,7 +2943,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -53516,7 +53692,7 @@ index 89dec7f..361b0d75 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 4c94a79..228e9da 100644 +index 4c94a79..9d5fb56 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -53685,7 +53861,7 @@ index 4c94a79..228e9da 100644 } error = load_addr; -@@ -538,6 +569,322 @@ out: +@@ -538,6 +569,336 @@ out: return error; } @@ -53826,12 +54002,48 @@ index 4c94a79..228e9da 100644 +#endif + +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) -+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) ++static unsigned long pax_parse_defaults(void) +{ + unsigned long pax_flags = 0UL; + ++#ifdef CONFIG_PAX_SOFTMODE ++ if (pax_softmode) ++ return pax_flags; ++#endif ++ ++#ifdef CONFIG_PAX_PAGEEXEC ++ pax_flags |= MF_PAX_PAGEEXEC; ++#endif ++ ++#ifdef CONFIG_PAX_SEGMEXEC ++ pax_flags |= MF_PAX_SEGMEXEC; ++#endif ++ ++#ifdef CONFIG_PAX_MPROTECT ++ pax_flags |= MF_PAX_MPROTECT; ++#endif ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (randomize_va_space) ++ pax_flags |= MF_PAX_RANDMMAP; ++#endif ++ ++ return pax_flags; ++} ++ ++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) ++{ ++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK; ++ +#ifdef CONFIG_PAX_EI_PAX + ++#ifdef CONFIG_PAX_SOFTMODE ++ if (pax_softmode) ++ return pax_flags; ++#endif ++ ++ pax_flags = 0UL; ++ +#ifdef CONFIG_PAX_PAGEEXEC + if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) + pax_flags |= MF_PAX_PAGEEXEC; @@ -53857,28 +54069,10 @@ index 4c94a79..228e9da 100644 + pax_flags |= MF_PAX_RANDMMAP; +#endif + -+#else -+ -+#ifdef CONFIG_PAX_PAGEEXEC -+ pax_flags |= MF_PAX_PAGEEXEC; -+#endif -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ pax_flags |= MF_PAX_SEGMEXEC; -+#endif -+ -+#ifdef CONFIG_PAX_MPROTECT -+ pax_flags |= MF_PAX_MPROTECT; -+#endif -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (randomize_va_space) -+ pax_flags |= MF_PAX_RANDMMAP; -+#endif -+ +#endif + + return pax_flags; ++ +} + +static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) @@ -53894,7 +54088,7 @@ index 4c94a79..228e9da 100644 + ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || + ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || + ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; + +#ifdef CONFIG_PAX_SOFTMODE + if (pax_softmode) @@ -53907,7 +54101,7 @@ index 4c94a79..228e9da 100644 + } +#endif + -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; +} + +static unsigned long pax_parse_xattr_pax(struct file * const file) @@ -53919,44 +54113,37 @@ index 4c94a79..228e9da 100644 + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; + + xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); -+ switch (xattr_size) { -+ default: -+ return ~0UL; -+ -+ case -ENODATA: -+ break; ++ if (xattr_size < 0 || xattr_size > sizeof xattr_value) ++ return PAX_PARSE_FLAGS_FALLBACK; + -+ case 0 ... sizeof xattr_value: -+ for (i = 0; i < xattr_size; i++) -+ switch (xattr_value[i]) { -+ default: -+ return ~0UL; -+ -+#define parse_flag(option1, option2, flag) \ -+ case option1: \ -+ if (pax_flags_hardmode & MF_PAX_##flag) \ -+ return ~0UL; \ -+ pax_flags_hardmode |= MF_PAX_##flag; \ -+ break; \ -+ case option2: \ -+ if (pax_flags_softmode & MF_PAX_##flag) \ -+ return ~0UL; \ -+ pax_flags_softmode |= MF_PAX_##flag; \ -+ break; ++ for (i = 0; i < xattr_size; i++) ++ switch (xattr_value[i]) { ++ default: ++ return PAX_PARSE_FLAGS_FALLBACK; ++ ++#define parse_flag(option1, option2, flag) \ ++ case option1: \ ++ if (pax_flags_hardmode & MF_PAX_##flag) \ ++ return PAX_PARSE_FLAGS_FALLBACK;\ ++ pax_flags_hardmode |= MF_PAX_##flag; \ ++ break; \ ++ case option2: \ ++ if (pax_flags_softmode & MF_PAX_##flag) \ ++ return PAX_PARSE_FLAGS_FALLBACK;\ ++ pax_flags_softmode |= MF_PAX_##flag; \ ++ break; + -+ parse_flag('p', 'P', PAGEEXEC); -+ parse_flag('e', 'E', EMUTRAMP); -+ parse_flag('m', 'M', MPROTECT); -+ parse_flag('r', 'R', RANDMMAP); -+ parse_flag('s', 'S', SEGMEXEC); ++ parse_flag('p', 'P', PAGEEXEC); ++ parse_flag('e', 'E', EMUTRAMP); ++ parse_flag('m', 'M', MPROTECT); ++ parse_flag('r', 'R', RANDMMAP); ++ parse_flag('s', 'S', SEGMEXEC); + +#undef parse_flag -+ } -+ break; -+ } ++ } + + if (pax_flags_hardmode & pax_flags_softmode) -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; + +#ifdef CONFIG_PAX_SOFTMODE + if (pax_softmode) @@ -53966,27 +54153,30 @@ index 4c94a79..228e9da 100644 + + return pax_parse_xattr_pax_hardmode(pax_flags_hardmode); +#else -+ return ~0UL; ++ return PAX_PARSE_FLAGS_FALLBACK; +#endif + +} + +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) +{ -+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; ++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags; + -+ pax_flags = pax_parse_ei_pax(elf_ex); ++ pax_flags = pax_parse_defaults(); ++ ei_pax_flags = pax_parse_ei_pax(elf_ex); + pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata); + xattr_pax_flags = pax_parse_xattr_pax(file); + -+ if (pt_pax_flags == ~0UL) -+ pt_pax_flags = xattr_pax_flags; -+ else if (xattr_pax_flags == ~0UL) -+ xattr_pax_flags = pt_pax_flags; -+ if (pt_pax_flags != xattr_pax_flags) ++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK && ++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK && ++ pt_pax_flags != xattr_pax_flags) + return -EINVAL; -+ if (pt_pax_flags != ~0UL) ++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK) ++ pax_flags = xattr_pax_flags; ++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK) + pax_flags = pt_pax_flags; ++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK) ++ pax_flags = ei_pax_flags; + +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) + if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { @@ -54008,7 +54198,7 @@ index 4c94a79..228e9da 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -554,6 +901,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -554,6 +915,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -54020,7 +54210,7 @@ index 4c94a79..228e9da 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -572,7 +924,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -572,7 +938,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -54029,7 +54219,7 @@ index 4c94a79..228e9da 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -582,12 +934,12 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -582,12 +948,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -54043,7 +54233,7 @@ index 4c94a79..228e9da 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -723,11 +1075,82 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -723,11 +1089,82 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -54127,7 +54317,7 @@ index 4c94a79..228e9da 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -817,6 +1240,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -817,6 +1254,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -54148,7 +54338,7 @@ index 4c94a79..228e9da 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -849,9 +1286,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -849,9 +1300,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -54161,7 +54351,7 @@ index 4c94a79..228e9da 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -890,17 +1327,45 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -890,17 +1341,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -54213,7 +54403,7 @@ index 4c94a79..228e9da 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1122,7 +1587,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1122,7 +1601,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -54222,7 +54412,7 @@ index 4c94a79..228e9da 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1160,7 +1625,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1160,7 +1639,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -54231,7 +54421,7 @@ index 4c94a79..228e9da 100644 goto whole; /* -@@ -1385,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1385,9 +1864,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -54243,7 +54433,7 @@ index 4c94a79..228e9da 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1396,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, +@@ -1396,7 +1875,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, { mm_segment_t old_fs = get_fs(); set_fs(KERNEL_DS); @@ -54252,7 +54442,7 @@ index 4c94a79..228e9da 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2023,14 +2488,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2023,14 +2502,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -54269,7 +54459,7 @@ index 4c94a79..228e9da 100644 return size; } -@@ -2123,7 +2588,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2123,7 +2602,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -54278,7 +54468,7 @@ index 4c94a79..228e9da 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2137,10 +2602,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2137,10 +2616,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -54291,7 +54481,7 @@ index 4c94a79..228e9da 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2154,7 +2621,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2154,7 +2635,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -54300,7 +54490,7 @@ index 4c94a79..228e9da 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2165,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2165,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -54308,7 +54498,7 @@ index 4c94a79..228e9da 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2189,7 +2657,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2189,7 +2671,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -54317,7 +54507,7 @@ index 4c94a79..228e9da 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2198,6 +2666,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2198,6 +2680,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -54325,7 +54515,7 @@ index 4c94a79..228e9da 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2215,6 +2684,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2215,6 +2698,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -54333,7 +54523,7 @@ index 4c94a79..228e9da 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2235,6 +2705,167 @@ out: +@@ -2235,6 +2719,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -59542,6 +59732,34 @@ index 72cb28e..5b5f87d 100644 set_fs(oldfs); if (host_err < 0) +diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c +index 9f6b486..a1a19163 100644 +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -1440,17 +1440,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci, + + nilfs_clear_logs(&sci->sc_segbufs); + +- err = nilfs_segctor_extend_segments(sci, nilfs, nadd); +- if (unlikely(err)) +- return err; +- + if (sci->sc_stage.flags & NILFS_CF_SUFREED) { + err = nilfs_sufile_cancel_freev(nilfs->ns_sufile, + sci->sc_freesegs, + sci->sc_nfreesegs, + NULL); + WARN_ON(err); /* do not happen */ ++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED; + } ++ ++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd); ++ if (unlikely(err)) ++ return err; ++ + nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA); + sci->sc_stage = prev_stage; + } diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c index fea6bd5..8ee9d81 100644 --- a/fs/nls/nls_base.c @@ -62472,6 +62690,19 @@ index 9fbea87..6b19972 100644 int count; struct posix_acl *acl; struct posix_acl_entry *acl_e; +diff --git a/fs/xfs/xfs_attr_remote.c b/fs/xfs/xfs_attr_remote.c +index 712a502..18180a3 100644 +--- a/fs/xfs/xfs_attr_remote.c ++++ b/fs/xfs/xfs_attr_remote.c +@@ -110,7 +110,7 @@ xfs_attr3_rmt_verify( + if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt)) + return false; + if (be32_to_cpu(rmt->rm_offset) + +- be32_to_cpu(rmt->rm_bytes) >= XATTR_SIZE_MAX) ++ be32_to_cpu(rmt->rm_bytes) > XATTR_SIZE_MAX) + return false; + if (rmt->rm_owner == 0) + return false; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c index f47e65c..e7125d9 100644 --- a/fs/xfs/xfs_bmap.c @@ -77618,7 +77849,7 @@ index 8e47bc7..c70fd73 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/net.h b/include/linux/net.h -index 8bd9d92..08b1c20 100644 +index 41103f8..631edff 100644 --- a/include/linux/net.h +++ b/include/linux/net.h @@ -191,7 +191,7 @@ struct net_proto_family { @@ -77631,7 +77862,7 @@ index 8bd9d92..08b1c20 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 25f5d2d1..5cf2120 100644 +index 21eae43..4fff130 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1098,6 +1098,7 @@ struct net_device_ops { @@ -78085,7 +78316,7 @@ index cc7494a..1e27036 100644 extern bool qid_valid(struct kqid qid); diff --git a/include/linux/random.h b/include/linux/random.h -index bf9085e..1e8bbcf 100644 +index bf9085e..02aca5f 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -10,9 +10,19 @@ @@ -78110,7 +78341,7 @@ index bf9085e..1e8bbcf 100644 extern void get_random_bytes(void *buf, int nbytes); extern void get_random_bytes_arch(void *buf, int nbytes); -@@ -23,16 +33,21 @@ extern int random_int_secret_init(void); +@@ -23,16 +33,22 @@ extern int random_int_secret_init(void); extern const struct file_operations random_fops, urandom_fops; #endif @@ -78122,8 +78353,10 @@ index bf9085e..1e8bbcf 100644 +u32 prandom_u32(void) __intentional_overflow(-1); void prandom_bytes(void *buf, int nbytes); void prandom_seed(u32 seed); ++void prandom_reseed_late(void); - u32 prandom_u32_state(struct rnd_state *); +-u32 prandom_u32_state(struct rnd_state *); ++u32 prandom_u32_state(struct rnd_state *state); void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); +static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void) @@ -78134,6 +78367,20 @@ index bf9085e..1e8bbcf 100644 /* * Handle minimum values for seeds */ +@@ -50,9 +66,10 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed) + { + u32 i = (seed >> 32) ^ (seed << 10) ^ seed; + +- state->s1 = __seed(i, 2); +- state->s2 = __seed(i, 8); +- state->s3 = __seed(i, 16); ++ state->s1 = __seed(i, 2U); ++ state->s2 = __seed(i, 8U); ++ state->s3 = __seed(i, 16U); ++ state->s4 = __seed(i, 128U); + } + + #ifdef CONFIG_ARCH_RANDOM diff --git a/include/linux/rculist.h b/include/linux/rculist.h index 4106721..132d42c 100644 --- a/include/linux/rculist.h @@ -78277,7 +78524,7 @@ index 6dacb93..6174423 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index b1e963e..114b8fd 100644 +index b1e963e..4916219 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -62,6 +62,7 @@ struct bio_list; @@ -78406,7 +78653,7 @@ index b1e963e..114b8fd 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1411,8 +1451,78 @@ struct task_struct { +@@ -1411,8 +1451,79 @@ struct task_struct { unsigned int sequential_io; unsigned int sequential_io_avg; #endif @@ -78448,6 +78695,7 @@ index b1e963e..114b8fd 100644 +#endif + +extern int pax_check_flags(unsigned long *); ++#define PAX_PARSE_FLAGS_FALLBACK (~0UL) + +/* if tsk != current then task_lock must be held on it */ +#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) @@ -78485,7 +78733,7 @@ index b1e963e..114b8fd 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1471,7 +1581,7 @@ struct pid_namespace; +@@ -1471,7 +1582,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -78494,7 +78742,7 @@ index b1e963e..114b8fd 100644 { return tsk->pid; } -@@ -1921,7 +2031,9 @@ void yield(void); +@@ -1921,7 +2032,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -78504,7 +78752,7 @@ index b1e963e..114b8fd 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns; +@@ -1954,6 +2067,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -78512,7 +78760,7 @@ index b1e963e..114b8fd 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2118,7 +2232,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -78521,7 +78769,7 @@ index b1e963e..114b8fd 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2309,9 +2423,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -78617,7 +78865,7 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index f66f346..2e304d5 100644 +index efa1649..ff898ac 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -639,7 +639,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -78656,7 +78904,7 @@ index f66f346..2e304d5 100644 } /** -@@ -1741,7 +1741,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1746,7 +1746,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -78665,7 +78913,7 @@ index f66f346..2e304d5 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2339,7 +2339,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2344,7 +2344,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -78674,7 +78922,7 @@ index f66f346..2e304d5 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, -@@ -2618,6 +2618,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2623,6 +2623,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -80645,6 +80893,19 @@ index aa169c4..6a2771d 100644 MMAP_PAGE_ZERO) /* +diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h +index 7471b5b..f97f514 100644 +--- a/include/uapi/linux/random.h ++++ b/include/uapi/linux/random.h +@@ -41,7 +41,7 @@ struct rand_pool_info { + }; + + struct rnd_state { +- __u32 s1, s2, s3; ++ __u32 s1, s2, s3, s4; + }; + + /* Exported functions */ diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h index 7530e74..e714828 100644 --- a/include/uapi/linux/screen_info.h @@ -80691,22 +80952,18 @@ index 0e011eb..82681b1 100644 #ifdef __HAVE_BUILTIN_BSWAP64__ return __builtin_bswap64(val); diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h -index 6d67213..8dab561 100644 +index 6d67213..552fdd9 100644 --- a/include/uapi/linux/sysctl.h +++ b/include/uapi/linux/sysctl.h -@@ -155,7 +155,11 @@ enum +@@ -155,8 +155,6 @@ enum KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ }; - -+#ifdef CONFIG_PAX_SOFTMODE -+enum { -+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ -+}; -+#endif - +- /* CTL_VM names: */ enum + { diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h index e4629b9..6958086 100644 --- a/include/uapi/linux/xattr.h @@ -85662,7 +85919,7 @@ index 4a07353..66b5291 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 5ac63c9..d912786 100644 +index ceae65e..3ac1344 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2868,7 +2868,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); @@ -85834,7 +86091,7 @@ index 5ac63c9..d912786 100644 #else static void register_sched_domain_sysctl(void) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 7765ad8..774519f 100644 +index 4117323..91c91ac 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated) @@ -85846,7 +86103,7 @@ index 7765ad8..774519f 100644 p->mm->numa_scan_offset = 0; } -@@ -5847,7 +5847,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -5864,7 +5864,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -85856,7 +86113,7 @@ index 7765ad8..774519f 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h -index b3c5653..a4d192a 100644 +index a6208af..a2d7bb5 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -1004,7 +1004,7 @@ struct sched_class { @@ -87863,6 +88120,396 @@ index 7811ed3..f80ca19 100644 static inline void *ptr_to_indirect(void *ptr) { +diff --git a/lib/random32.c b/lib/random32.c +index 01e8890..1e5b2df 100644 +--- a/lib/random32.c ++++ b/lib/random32.c +@@ -2,19 +2,19 @@ + This is a maximally equidistributed combined Tausworthe generator + based on code from GNU Scientific Library 1.5 (30 Jun 2004) + +- x_n = (s1_n ^ s2_n ^ s3_n) ++ lfsr113 version: + +- s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19)) +- s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25)) +- s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11)) ++ x_n = (s1_n ^ s2_n ^ s3_n ^ s4_n) + +- The period of this generator is about 2^88. ++ s1_{n+1} = (((s1_n & 4294967294) << 18) ^ (((s1_n << 6) ^ s1_n) >> 13)) ++ s2_{n+1} = (((s2_n & 4294967288) << 2) ^ (((s2_n << 2) ^ s2_n) >> 27)) ++ s3_{n+1} = (((s3_n & 4294967280) << 7) ^ (((s3_n << 13) ^ s3_n) >> 21)) ++ s4_{n+1} = (((s4_n & 4294967168) << 13) ^ (((s4_n << 3) ^ s4_n) >> 12)) ++ ++ The period of this generator is about 2^113 (see erratum paper). + + From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe +- Generators", Mathematics of Computation, 65, 213 (1996), 203--213. +- +- This is available on the net from L'Ecuyer's home page, +- ++ Generators", Mathematics of Computation, 65, 213 (1996), 203--213: + http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps + ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps + +@@ -29,7 +29,7 @@ + that paper.) + + This affects the seeding procedure by imposing the requirement +- s1 > 1, s2 > 7, s3 > 15. ++ s1 > 1, s2 > 7, s3 > 15, s4 > 127. + + */ + +@@ -38,6 +38,11 @@ + #include <linux/export.h> + #include <linux/jiffies.h> + #include <linux/random.h> ++#include <linux/sched.h> ++ ++#ifdef CONFIG_RANDOM32_SELFTEST ++static void __init prandom_state_selftest(void); ++#endif + + static DEFINE_PER_CPU(struct rnd_state, net_rand_state); + +@@ -52,11 +57,12 @@ u32 prandom_u32_state(struct rnd_state *state) + { + #define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b) + +- state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12); +- state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4); +- state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17); ++ state->s1 = TAUSWORTHE(state->s1, 6U, 13U, 4294967294U, 18U); ++ state->s2 = TAUSWORTHE(state->s2, 2U, 27U, 4294967288U, 2U); ++ state->s3 = TAUSWORTHE(state->s3, 13U, 21U, 4294967280U, 7U); ++ state->s4 = TAUSWORTHE(state->s4, 3U, 12U, 4294967168U, 13U); + +- return (state->s1 ^ state->s2 ^ state->s3); ++ return (state->s1 ^ state->s2 ^ state->s3 ^ state->s4); + } + EXPORT_SYMBOL(prandom_u32_state); + +@@ -126,6 +132,38 @@ void prandom_bytes(void *buf, int bytes) + } + EXPORT_SYMBOL(prandom_bytes); + ++static void prandom_warmup(struct rnd_state *state) ++{ ++ /* Calling RNG ten times to satify recurrence condition */ ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++ prandom_u32_state(state); ++} ++ ++static void prandom_seed_very_weak(struct rnd_state *state, u32 seed) ++{ ++ /* Note: This sort of seeding is ONLY used in test cases and ++ * during boot at the time from core_initcall until late_initcall ++ * as we don't have a stronger entropy source available yet. ++ * After late_initcall, we reseed entire state, we have to (!), ++ * otherwise an attacker just needs to search 32 bit space to ++ * probe for our internal 128 bit state if he knows a couple ++ * of prandom32 outputs! ++ */ ++#define LCG(x) ((x) * 69069U) /* super-duper LCG */ ++ state->s1 = __seed(LCG(seed), 2U); ++ state->s2 = __seed(LCG(state->s1), 8U); ++ state->s3 = __seed(LCG(state->s2), 16U); ++ state->s4 = __seed(LCG(state->s3), 128U); ++} ++ + /** + * prandom_seed - add entropy to pseudo random number generator + * @seed: seed value +@@ -141,7 +179,9 @@ void prandom_seed(u32 entropy) + */ + for_each_possible_cpu (i) { + struct rnd_state *state = &per_cpu(net_rand_state, i); +- state->s1 = __seed(state->s1 ^ entropy, 2); ++ ++ state->s1 = __seed(state->s1 ^ entropy, 2U); ++ prandom_warmup(state); + } + } + EXPORT_SYMBOL(prandom_seed); +@@ -154,46 +194,249 @@ static int __init prandom_init(void) + { + int i; + ++#ifdef CONFIG_RANDOM32_SELFTEST ++ prandom_state_selftest(); ++#endif ++ + for_each_possible_cpu(i) { + struct rnd_state *state = &per_cpu(net_rand_state,i); + +-#define LCG(x) ((x) * 69069) /* super-duper LCG */ +- state->s1 = __seed(LCG(i + jiffies), 2); +- state->s2 = __seed(LCG(state->s1), 8); +- state->s3 = __seed(LCG(state->s2), 16); +- +- /* "warm it up" */ +- prandom_u32_state(state); +- prandom_u32_state(state); +- prandom_u32_state(state); +- prandom_u32_state(state); +- prandom_u32_state(state); +- prandom_u32_state(state); ++ prandom_seed_very_weak(state, (i + jiffies) ^ random_get_entropy()); ++ prandom_warmup(state); + } + return 0; + } + core_initcall(prandom_init); + ++static void __prandom_timer(unsigned long dontcare); ++static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0); ++ ++static void __prandom_timer(unsigned long dontcare) ++{ ++ u32 entropy; ++ unsigned long expires; ++ ++ get_random_bytes(&entropy, sizeof(entropy)); ++ prandom_seed(entropy); ++ ++ /* reseed every ~60 seconds, in [40 .. 80) interval with slack */ ++ expires = 40 + (prandom_u32() % 40); ++ seed_timer.expires = jiffies + msecs_to_jiffies(expires * MSEC_PER_SEC); ++ ++ add_timer(&seed_timer); ++} ++ ++static void __init __prandom_start_seed_timer(void) ++{ ++ set_timer_slack(&seed_timer, HZ); ++ seed_timer.expires = jiffies + msecs_to_jiffies(40 * MSEC_PER_SEC); ++ add_timer(&seed_timer); ++} ++ + /* + * Generate better values after random number generator + * is fully initialized. + */ +-static int __init prandom_reseed(void) ++static void __prandom_reseed(bool late) + { + int i; ++ unsigned long flags; ++ static bool latch = false; ++ static DEFINE_SPINLOCK(lock); ++ ++ /* only allow initial seeding (late == false) once */ ++ spin_lock_irqsave(&lock, flags); ++ if (latch && !late) ++ goto out; ++ latch = true; + + for_each_possible_cpu(i) { + struct rnd_state *state = &per_cpu(net_rand_state,i); +- u32 seeds[3]; ++ u32 seeds[4]; + + get_random_bytes(&seeds, sizeof(seeds)); +- state->s1 = __seed(seeds[0], 2); +- state->s2 = __seed(seeds[1], 8); +- state->s3 = __seed(seeds[2], 16); ++ state->s1 = __seed(seeds[0], 2U); ++ state->s2 = __seed(seeds[1], 8U); ++ state->s3 = __seed(seeds[2], 16U); ++ state->s4 = __seed(seeds[3], 128U); + +- /* mix it in */ +- prandom_u32_state(state); ++ prandom_warmup(state); + } ++out: ++ spin_unlock_irqrestore(&lock, flags); ++} ++ ++void prandom_reseed_late(void) ++{ ++ __prandom_reseed(true); ++} ++ ++static int __init prandom_reseed(void) ++{ ++ __prandom_reseed(false); ++ __prandom_start_seed_timer(); + return 0; + } + late_initcall(prandom_reseed); ++ ++#ifdef CONFIG_RANDOM32_SELFTEST ++static struct prandom_test1 { ++ u32 seed; ++ u32 result; ++} test1[] = { ++ { 1U, 3484351685U }, ++ { 2U, 2623130059U }, ++ { 3U, 3125133893U }, ++ { 4U, 984847254U }, ++}; ++ ++static struct prandom_test2 { ++ u32 seed; ++ u32 iteration; ++ u32 result; ++} test2[] = { ++ /* Test cases against taus113 from GSL library. */ ++ { 931557656U, 959U, 2975593782U }, ++ { 1339693295U, 876U, 3887776532U }, ++ { 1545556285U, 961U, 1615538833U }, ++ { 601730776U, 723U, 1776162651U }, ++ { 1027516047U, 687U, 511983079U }, ++ { 416526298U, 700U, 916156552U }, ++ { 1395522032U, 652U, 2222063676U }, ++ { 366221443U, 617U, 2992857763U }, ++ { 1539836965U, 714U, 3783265725U }, ++ { 556206671U, 994U, 799626459U }, ++ { 684907218U, 799U, 367789491U }, ++ { 2121230701U, 931U, 2115467001U }, ++ { 1668516451U, 644U, 3620590685U }, ++ { 768046066U, 883U, 2034077390U }, ++ { 1989159136U, 833U, 1195767305U }, ++ { 536585145U, 996U, 3577259204U }, ++ { 1008129373U, 642U, 1478080776U }, ++ { 1740775604U, 939U, 1264980372U }, ++ { 1967883163U, 508U, 10734624U }, ++ { 1923019697U, 730U, 3821419629U }, ++ { 442079932U, 560U, 3440032343U }, ++ { 1961302714U, 845U, 841962572U }, ++ { 2030205964U, 962U, 1325144227U }, ++ { 1160407529U, 507U, 240940858U }, ++ { 635482502U, 779U, 4200489746U }, ++ { 1252788931U, 699U, 867195434U }, ++ { 1961817131U, 719U, 668237657U }, ++ { 1071468216U, 983U, 917876630U }, ++ { 1281848367U, 932U, 1003100039U }, ++ { 582537119U, 780U, 1127273778U }, ++ { 1973672777U, 853U, 1071368872U }, ++ { 1896756996U, 762U, 1127851055U }, ++ { 847917054U, 500U, 1717499075U }, ++ { 1240520510U, 951U, 2849576657U }, ++ { 1685071682U, 567U, 1961810396U }, ++ { 1516232129U, 557U, 3173877U }, ++ { 1208118903U, 612U, 1613145022U }, ++ { 1817269927U, 693U, 4279122573U }, ++ { 1510091701U, 717U, 638191229U }, ++ { 365916850U, 807U, 600424314U }, ++ { 399324359U, 702U, 1803598116U }, ++ { 1318480274U, 779U, 2074237022U }, ++ { 697758115U, 840U, 1483639402U }, ++ { 1696507773U, 840U, 577415447U }, ++ { 2081979121U, 981U, 3041486449U }, ++ { 955646687U, 742U, 3846494357U }, ++ { 1250683506U, 749U, 836419859U }, ++ { 595003102U, 534U, 366794109U }, ++ { 47485338U, 558U, 3521120834U }, ++ { 619433479U, 610U, 3991783875U }, ++ { 704096520U, 518U, 4139493852U }, ++ { 1712224984U, 606U, 2393312003U }, ++ { 1318233152U, 922U, 3880361134U }, ++ { 855572992U, 761U, 1472974787U }, ++ { 64721421U, 703U, 683860550U }, ++ { 678931758U, 840U, 380616043U }, ++ { 692711973U, 778U, 1382361947U }, ++ { 677703619U, 530U, 2826914161U }, ++ { 92393223U, 586U, 1522128471U }, ++ { 1222592920U, 743U, 3466726667U }, ++ { 358288986U, 695U, 1091956998U }, ++ { 1935056945U, 958U, 514864477U }, ++ { 735675993U, 990U, 1294239989U }, ++ { 1560089402U, 897U, 2238551287U }, ++ { 70616361U, 829U, 22483098U }, ++ { 368234700U, 731U, 2913875084U }, ++ { 20221190U, 879U, 1564152970U }, ++ { 539444654U, 682U, 1835141259U }, ++ { 1314987297U, 840U, 1801114136U }, ++ { 2019295544U, 645U, 3286438930U }, ++ { 469023838U, 716U, 1637918202U }, ++ { 1843754496U, 653U, 2562092152U }, ++ { 400672036U, 809U, 4264212785U }, ++ { 404722249U, 965U, 2704116999U }, ++ { 600702209U, 758U, 584979986U }, ++ { 519953954U, 667U, 2574436237U }, ++ { 1658071126U, 694U, 2214569490U }, ++ { 420480037U, 749U, 3430010866U }, ++ { 690103647U, 969U, 3700758083U }, ++ { 1029424799U, 937U, 3787746841U }, ++ { 2012608669U, 506U, 3362628973U }, ++ { 1535432887U, 998U, 42610943U }, ++ { 1330635533U, 857U, 3040806504U }, ++ { 1223800550U, 539U, 3954229517U }, ++ { 1322411537U, 680U, 3223250324U }, ++ { 1877847898U, 945U, 2915147143U }, ++ { 1646356099U, 874U, 965988280U }, ++ { 805687536U, 744U, 4032277920U }, ++ { 1948093210U, 633U, 1346597684U }, ++ { 392609744U, 783U, 1636083295U }, ++ { 690241304U, 770U, 1201031298U }, ++ { 1360302965U, 696U, 1665394461U }, ++ { 1220090946U, 780U, 1316922812U }, ++ { 447092251U, 500U, 3438743375U }, ++ { 1613868791U, 592U, 828546883U }, ++ { 523430951U, 548U, 2552392304U }, ++ { 726692899U, 810U, 1656872867U }, ++ { 1364340021U, 836U, 3710513486U }, ++ { 1986257729U, 931U, 935013962U }, ++ { 407983964U, 921U, 728767059U }, ++}; ++ ++static void __init prandom_state_selftest(void) ++{ ++ int i, j, errors = 0, runs = 0; ++ bool error = false; ++ ++ for (i = 0; i < ARRAY_SIZE(test1); i++) { ++ struct rnd_state state; ++ ++ prandom_seed_very_weak(&state, test1[i].seed); ++ prandom_warmup(&state); ++ ++ if (test1[i].result != prandom_u32_state(&state)) ++ error = true; ++ } ++ ++ if (error) ++ pr_warn("prandom: seed boundary self test failed\n"); ++ else ++ pr_info("prandom: seed boundary self test passed\n"); ++ ++ for (i = 0; i < ARRAY_SIZE(test2); i++) { ++ struct rnd_state state; ++ ++ prandom_seed_very_weak(&state, test2[i].seed); ++ prandom_warmup(&state); ++ ++ for (j = 0; j < test2[i].iteration - 1; j++) ++ prandom_u32_state(&state); ++ ++ if (test2[i].result != prandom_u32_state(&state)) ++ errors++; ++ ++ runs++; ++ cond_resched(); ++ } ++ ++ if (errors) ++ pr_warn("prandom: %d/%d self tests failed\n", errors, runs); ++ else ++ pr_info("prandom: %d self tests passed\n", runs); ++} ++#endif diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c index bb2b201..46abaf9 100644 --- a/lib/strncpy_from_user.c @@ -88191,6 +88838,37 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); +diff --git a/mm/huge_memory.c b/mm/huge_memory.c +index 4796245..292a266 100644 +--- a/mm/huge_memory.c ++++ b/mm/huge_memory.c +@@ -1154,7 +1154,7 @@ alloc: + new_page = NULL; + + if (unlikely(!new_page)) { +- if (is_huge_zero_pmd(orig_pmd)) { ++ if (!page) { + ret = do_huge_pmd_wp_zero_page_fallback(mm, vma, + address, pmd, orig_pmd, haddr); + } else { +@@ -1181,7 +1181,7 @@ alloc: + + count_vm_event(THP_FAULT_ALLOC); + +- if (is_huge_zero_pmd(orig_pmd)) ++ if (!page) + clear_huge_page(new_page, haddr, HPAGE_PMD_NR); + else + copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR); +@@ -1207,7 +1207,7 @@ alloc: + page_add_new_anon_rmap(new_page, vma, haddr); + set_pmd_at(mm, haddr, pmd, entry); + update_mmu_cache_pmd(vma, address, pmd); +- if (is_huge_zero_pmd(orig_pmd)) { ++ if (!page) { + add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR); + put_huge_zero_page(); + } else { diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 0b7656e..d21cefc 100644 --- a/mm/hugetlb.c @@ -92558,7 +93236,7 @@ index de7c904..c84bf11 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index eaf63fc2..32b2629 100644 +index eaf63fc2..c6952b2 100644 --- a/mm/util.c +++ b/mm/util.c @@ -294,6 +294,12 @@ done: @@ -92574,6 +93252,18 @@ index eaf63fc2..32b2629 100644 mm->get_unmapped_area = arch_get_unmapped_area; } #endif +@@ -387,7 +393,10 @@ struct address_space *page_mapping(struct page *page) + { + struct address_space *mapping = page->mapping; + +- VM_BUG_ON(PageSlab(page)); ++ /* This happens if someone calls flush_dcache_page on slab page */ ++ if (unlikely(PageSlab(page))) ++ return NULL; ++ + if (unlikely(PageSwapCache(page))) { + swp_entry_t entry; + diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 1074543..136dbe0 100644 --- a/mm/vmalloc.c @@ -93685,6 +94375,68 @@ index 5b7d0e1..cb960fc 100644 } } EXPORT_SYMBOL(dev_load); +diff --git a/net/core/filter.c b/net/core/filter.c +index 01b7808..ad30d62 100644 +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -36,7 +36,6 @@ + #include <asm/uaccess.h> + #include <asm/unaligned.h> + #include <linux/filter.h> +-#include <linux/reciprocal_div.h> + #include <linux/ratelimit.h> + #include <linux/seccomp.h> + #include <linux/if_vlan.h> +@@ -166,7 +165,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb, + A /= X; + continue; + case BPF_S_ALU_DIV_K: +- A = reciprocal_divide(A, K); ++ A /= K; + continue; + case BPF_S_ALU_MOD_X: + if (X == 0) +@@ -553,11 +552,6 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) + /* Some instructions need special checks */ + switch (code) { + case BPF_S_ALU_DIV_K: +- /* check for division by zero */ +- if (ftest->k == 0) +- return -EINVAL; +- ftest->k = reciprocal_value(ftest->k); +- break; + case BPF_S_ALU_MOD_K: + /* check for division by zero */ + if (ftest->k == 0) +@@ -853,27 +847,7 @@ void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to) + to->code = decodes[code]; + to->jt = filt->jt; + to->jf = filt->jf; +- +- if (code == BPF_S_ALU_DIV_K) { +- /* +- * When loaded this rule user gave us X, which was +- * translated into R = r(X). Now we calculate the +- * RR = r(R) and report it back. If next time this +- * value is loaded and RRR = r(RR) is calculated +- * then the R == RRR will be true. +- * +- * One exception. X == 1 translates into R == 0 and +- * we can't calculate RR out of it with r(). +- */ +- +- if (filt->k == 0) +- to->k = 1; +- else +- to->k = reciprocal_value(filt->k); +- +- BUG_ON(reciprocal_value(to->k) != filt->k); +- } else +- to->k = filt->k; ++ to->k = filt->k; + } + + int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, unsigned int len) diff --git a/net/core/flow.c b/net/core/flow.c index dfa602c..3103d88 100644 --- a/net/core/flow.c @@ -93748,7 +94500,7 @@ index 7d84ea1..55385ae 100644 m->msg_iov = iov; diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index 6072610..7374c18 100644 +index 11af243..7357d84 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -2774,7 +2774,7 @@ static int proc_unres_qlen(struct ctl_table *ctl, int write, @@ -93832,10 +94584,10 @@ index 81d3a9a..a0bd7a8 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index fc75c9e..8c8e9be 100644 +index 0c1482c..f7ae314 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c -@@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) +@@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) struct udphdr *udph; struct iphdr *iph; struct ethhdr *eth; @@ -93844,7 +94596,7 @@ index fc75c9e..8c8e9be 100644 struct ipv6hdr *ip6h; udp_len = len + sizeof(*udph); -@@ -499,7 +499,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) +@@ -506,7 +506,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) put_unaligned(0x45, (unsigned char *)iph); iph->tos = 0; put_unaligned(htons(ip_len), &(iph->tot_len)); @@ -93933,7 +94685,7 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index c28c7fe..a399a6d 100644 +index 743e6eb..a399a6d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -3104,13 +3104,15 @@ void __init skb_init(void) @@ -93954,16 +94706,8 @@ index c28c7fe..a399a6d 100644 NULL); } -@@ -3541,6 +3543,7 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) - skb->tstamp.tv64 = 0; - skb->pkt_type = PACKET_HOST; - skb->skb_iif = 0; -+ skb->local_df = 0; - skb_dst_drop(skb); - skb->mark = 0; - secpath_reset(skb); diff --git a/net/core/sock.c b/net/core/sock.c -index 0b39e7a..5e9f91e 100644 +index 5cec994..81aa1dd 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -94255,6 +94999,23 @@ index 008f337..b03b8c9 100644 /* replace the top byte with new ECN | DSCP format */ *hc06_ptr = tmp; hc06_ptr += 4; +diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c +index 22b1a70..4efd237 100644 +--- a/net/ieee802154/nl-phy.c ++++ b/net/ieee802154/nl-phy.c +@@ -224,8 +224,10 @@ static int ieee802154_add_iface(struct sk_buff *skb, + + if (info->attrs[IEEE802154_ATTR_DEV_TYPE]) { + type = nla_get_u8(info->attrs[IEEE802154_ATTR_DEV_TYPE]); +- if (type >= __IEEE802154_DEV_MAX) +- return -EINVAL; ++ if (type >= __IEEE802154_DEV_MAX) { ++ rc = -EINVAL; ++ goto nla_put_failure; ++ } + } + + dev = phy->add_iface(phy, devname, type); diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index cfeb85c..385989a 100644 --- a/net/ipv4/af_inet.c @@ -94408,55 +95169,6 @@ index 6acb541..9ea617d 100644 EXPORT_SYMBOL(sysctl_local_reserved_ports); void inet_get_local_port_range(int *low, int *high) -diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c -index 5f64875..31cf54d 100644 ---- a/net/ipv4/inet_diag.c -+++ b/net/ipv4/inet_diag.c -@@ -106,6 +106,10 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, - - r->id.idiag_sport = inet->inet_sport; - r->id.idiag_dport = inet->inet_dport; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = inet->inet_rcv_saddr; - r->id.idiag_dst[0] = inet->inet_daddr; - -@@ -240,12 +244,19 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, - - r->idiag_family = tw->tw_family; - r->idiag_retrans = 0; -+ - r->id.idiag_if = tw->tw_bound_dev_if; - sock_diag_save_cookie(tw, r->id.idiag_cookie); -+ - r->id.idiag_sport = tw->tw_sport; - r->id.idiag_dport = tw->tw_dport; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = tw->tw_rcv_saddr; - r->id.idiag_dst[0] = tw->tw_daddr; -+ - r->idiag_state = tw->tw_substate; - r->idiag_timer = 3; - r->idiag_expires = DIV_ROUND_UP(tmo * 1000, HZ); -@@ -732,8 +743,13 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, - - r->id.idiag_sport = inet->inet_sport; - r->id.idiag_dport = ireq->rmt_port; -+ -+ memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src)); -+ memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst)); -+ - r->id.idiag_src[0] = ireq->loc_addr; - r->id.idiag_dst[0] = ireq->rmt_addr; -+ - r->idiag_expires = jiffies_to_msecs(tmo); - r->idiag_rqueue = 0; - r->idiag_wqueue = 0; diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 96da9c7..b956690 100644 --- a/net/ipv4/inet_hashtables.c @@ -94553,7 +95265,7 @@ index b66910a..cfe416e 100644 return -ENOMEM; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c -index d7aea4c..a8ee872 100644 +index e560ef3..218c5c5 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -115,7 +115,7 @@ static bool log_ecn_error = true; @@ -94565,7 +95277,7 @@ index d7aea4c..a8ee872 100644 static int ipgre_tunnel_init(struct net_device *dev); static int ipgre_net_id __read_mostly; -@@ -731,7 +731,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { +@@ -732,7 +732,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, }; @@ -94574,7 +95286,7 @@ index d7aea4c..a8ee872 100644 .kind = "gre", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -@@ -745,7 +745,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { +@@ -746,7 +746,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { .fill_info = ipgre_fill_info, }; @@ -94681,6 +95393,25 @@ index 7f80fb4..b0328f6 100644 .kind = "ipip", .maxtype = IFLA_IPTUN_MAX, .policy = ipip_policy, +diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c +index 62212c7..1672409 100644 +--- a/net/ipv4/ipmr.c ++++ b/net/ipv4/ipmr.c +@@ -157,9 +157,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id) + static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4, + struct mr_table **mrt) + { ++ int err; + struct ipmr_result res; +- struct fib_lookup_arg arg = { .result = &res, }; +- int err; ++ struct fib_lookup_arg arg = { ++ .result = &res, ++ .flags = FIB_LOOKUP_NOREF, ++ }; + + err = fib_rules_lookup(net->ipv4.mr_rules_ops, + flowi4_to_flowi(flp4), 0, &arg); diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 85a4f21..1beb1f5 100644 --- a/net/ipv4/netfilter/arp_tables.c @@ -95301,7 +96032,7 @@ index 4b85e6f..22f9ac9 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 5e2c2f1..6473c22 100644 +index 6ca9907..a1e6c00 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -95628,6 +96359,25 @@ index c1e11b5..568e633 100644 .kind = "ip6tnl", .maxtype = IFLA_IPTUN_MAX, .policy = ip6_tnl_policy, +diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c +index f365310..0eb4038 100644 +--- a/net/ipv6/ip6mr.c ++++ b/net/ipv6/ip6mr.c +@@ -141,9 +141,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id) + static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6, + struct mr6_table **mrt) + { ++ int err; + struct ip6mr_result res; +- struct fib_lookup_arg arg = { .result = &res, }; +- int err; ++ struct fib_lookup_arg arg = { ++ .result = &res, ++ .flags = FIB_LOOKUP_NOREF, ++ }; + + err = fib_rules_lookup(net->ipv6.mr6_rules_ops, + flowi6_to_flowi(flp6), 0, &arg); diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index d1e2e8e..51c19ae 100644 --- a/net/ipv6/ipv6_sockglue.c @@ -95936,10 +96686,10 @@ index 1aeb473..bea761c 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 77308af..36ed509 100644 +index 0accb13..f793130 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -3009,7 +3009,7 @@ struct ctl_table ipv6_route_table_template[] = { +@@ -3003,7 +3003,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -97135,10 +97885,10 @@ index 53c19a3..b0ac04a 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index ba2548b..1a4e98e 100644 +index 88cfbc1..05d73f5 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1699,7 +1699,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1720,7 +1720,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_packets++; @@ -97147,7 +97897,7 @@ index ba2548b..1a4e98e 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1708,7 +1708,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1729,7 +1729,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.stats1.tp_drops++; @@ -97156,7 +97906,7 @@ index ba2548b..1a4e98e 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -3261,7 +3261,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3275,7 +3275,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -97165,7 +97915,7 @@ index ba2548b..1a4e98e 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3304,7 +3304,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3318,7 +3318,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -97849,7 +98599,7 @@ index 6b36561..4f21064 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index e83c416..9169305 100644 +index e83c416..6342a2f 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -98024,15 +98774,6 @@ index e83c416..9169305 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, - struct socket *sock; - struct iovec iov; - struct msghdr msg; -- struct sockaddr_storage address; -+ struct sockaddr_storage address = { }; - int err, err2; - int fput_needed; - @@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ @@ -98042,15 +98783,6 @@ index e83c416..9169305 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2198,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, - int err, total_len, len; - - /* kernel mode address */ -- struct sockaddr_storage addr; -+ struct sockaddr_storage addr = { }; - - /* user mode address pointers */ - struct sockaddr __user *uaddr; @@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) @@ -98463,10 +99195,10 @@ index d38bb45..4fd6ac6 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 01625cc..d486b64 100644 +index a427623..387c80b 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -784,6 +784,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -790,6 +790,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -98479,7 +99211,7 @@ index 01625cc..d486b64 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -804,6 +810,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -810,6 +816,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -98493,7 +99225,7 @@ index 01625cc..d486b64 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -837,12 +850,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -843,12 +856,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -98512,7 +99244,7 @@ index 01625cc..d486b64 100644 done_path_create(&path, dentry); return err; } -@@ -2328,9 +2347,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2336,9 +2355,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -98527,7 +99259,7 @@ index 01625cc..d486b64 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2357,8 +2380,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2365,8 +2388,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -100586,10 +101318,44 @@ index fc3e662..7844c60 100644 lock = &avc_cache.slots_lock[hvalue]; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 392a044..5e931be 100644 +index 392a044..c3eb2bd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -220,6 +220,14 @@ static int inode_alloc_security(struct inode *inode) + return 0; + } + ++static void inode_free_rcu(struct rcu_head *head) ++{ ++ struct inode_security_struct *isec; ++ ++ isec = container_of(head, struct inode_security_struct, rcu); ++ kmem_cache_free(sel_inode_cache, isec); ++} ++ + static void inode_free_security(struct inode *inode) + { + struct inode_security_struct *isec = inode->i_security; +@@ -230,8 +238,16 @@ static void inode_free_security(struct inode *inode) + list_del_init(&isec->list); + spin_unlock(&sbsec->isec_lock); + +- inode->i_security = NULL; +- kmem_cache_free(sel_inode_cache, isec); ++ /* ++ * The inode may still be referenced in a path walk and ++ * a call to selinux_inode_permission() can be made ++ * after inode_free_security() is called. Ideally, the VFS ++ * wouldn't do this, but fixing that is a much harder ++ * job. For now, simply free the i_security via RCU, and ++ * leave the current inode->i_security pointer intact. ++ * The inode will be freed after the RCU grace period too. ++ */ ++ call_rcu(&isec->rcu, inode_free_rcu); + } + + static int file_alloc_security(struct file *file) +@@ -5693,7 +5709,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -100598,7 +101364,7 @@ index 392a044..5e931be 100644 .name = "selinux", .ptrace_access_check = selinux_ptrace_access_check, -@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void) +@@ -6045,6 +6061,9 @@ static void selinux_nf_ip_exit(void) #ifdef CONFIG_SECURITY_SELINUX_DISABLE static int selinux_disabled; @@ -100608,7 +101374,7 @@ index 392a044..5e931be 100644 int selinux_disable(void) { if (ss_initialized) { -@@ -6062,7 +6065,9 @@ int selinux_disable(void) +@@ -6062,7 +6081,9 @@ int selinux_disable(void) selinux_disabled = 1; selinux_enabled = 0; @@ -100619,6 +101385,22 @@ index 392a044..5e931be 100644 /* Try to destroy the avc node cache */ avc_disable(); +diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h +index aa47bca..6fd9dd2 100644 +--- a/security/selinux/include/objsec.h ++++ b/security/selinux/include/objsec.h +@@ -38,7 +38,10 @@ struct task_security_struct { + + struct inode_security_struct { + struct inode *inode; /* back pointer to inode object */ +- struct list_head list; /* list of inode_security_struct */ ++ union { ++ struct list_head list; /* list of inode_security_struct */ ++ struct rcu_head rcu; /* for freeing the inode_security_struct */ ++ }; + u32 task_sid; /* SID of creating task */ + u32 sid; /* SID of this object */ + u16 sclass; /* security class of this object */ diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h index c1af4e1..bcb003c 100644 --- a/security/selinux/include/xfrm.h @@ -101698,10 +102480,10 @@ index 0000000..414fe5e +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..ba59e50 +index 0000000..59bf839 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,558 @@ +@@ -0,0 +1,557 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu> @@ -101748,7 +102530,7 @@ index 0000000..ba59e50 +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201312032345", ++ .version = "201401140130", + .help = "no-constify\tturn off constification\n", +}; + @@ -101874,8 +102656,10 @@ index 0000000..ba59e50 + } + TYPE_READONLY(type) = 0; + C_TYPE_FIELDS_READONLY(type) = 0; -+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { ++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type)); ++ } +} + +static void deconstify_tree(tree node) @@ -101928,7 +102712,6 @@ index 0000000..ba59e50 + } + + if (TYPE_P(*node)) { -+ *no_add_attrs = false; + type = *node; + } else { + gcc_assert(TREE_CODE(*node) == TYPE_DECL); @@ -101948,6 +102731,8 @@ index 0000000..ba59e50 + if (TYPE_P(*node)) { + if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) + error("%qE attribute used on type %qT is incompatible with 'do_const'", name, type); ++ else ++ *no_add_attrs = false; + return NULL_TREE; + } + @@ -101967,6 +102752,7 @@ index 0000000..ba59e50 + TYPE_READONLY(type) = 1; + C_TYPE_FIELDS_READONLY(type) = 1; + TYPE_CONSTIFY_VISITED(type) = 1; ++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); +// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type)); +} + @@ -102078,7 +102864,7 @@ index 0000000..ba59e50 + TYPE_CONSTIFY_VISITED(type) = 1; +} + -+static void check_global_variables(void) ++static void check_global_variables(void *event_data, void *data) +{ + struct varpool_node *node; + @@ -102151,21 +102937,15 @@ index 0000000..ba59e50 + return ret; +} + -+static unsigned int check_variables(void) -+{ -+ check_global_variables(); -+ return check_local_variables(); -+} -+ +static struct gimple_opt_pass pass_local_variable = { + { + .type = GIMPLE_PASS, -+ .name = "check_variables", ++ .name = "check_local_variables", +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif + .gate = NULL, -+ .execute = check_variables, ++ .execute = check_local_variables, + .sub = NULL, + .next = NULL, + .static_pass_number = 0, @@ -102252,6 +103032,7 @@ index 0000000..ba59e50 + + register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info); + if (constify) { ++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info); + register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL); |