diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-15 10:03:34 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-16 06:29:56 +0000 |
| commit | 7554c18ebee7a6ead45cc74b248f86ac42100a07 (patch) | |
| tree | 74c86e503274daab6e472a4c56aa2dc833dcd6b4 /main | |
| parent | 0cdce5a0b47ed05c701a78ddd774d22da975851b (diff) | |
| download | aports-7554c18ebee7a6ead45cc74b248f86ac42100a07.tar.bz2 aports-7554c18ebee7a6ead45cc74b248f86ac42100a07.tar.xz | |
main/linux-grsec: upgrade to 3.8.7
this update disables constify plugin which now depends on kernexec
Diffstat (limited to 'main')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 28 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch) | 998 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 12 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 12 |
4 files changed, 698 insertions, 352 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index a670f459b3..f7579358d9 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.8.6 +pkgver=3.8.7 _kernver=3.8 pkgrel=0 pkgdesc="Linux kernel with grsecurity" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.8.6-201304082215.patch + grsecurity-2.9.1-3.8.7-201304142158.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -141,20 +141,20 @@ dev() { } md5sums="1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz -f11748a53d4ec0e2dcbfbb64526d6434 patch-3.8.6.xz -365ee5c7ccd0095db4aaa972d3a33d45 grsecurity-2.9.1-3.8.6-201304082215.patch +d166692330220c425d69db82c9d693b6 patch-3.8.7.xz +b1d5626b6cdce1037c06ace84e04acff grsecurity-2.9.1-3.8.7-201304142158.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch -f82f73f341a0cdac97ef8ffd188ae08b kernelconfig.x86 -eefa5ca3d2b63a1082aaf1b42a85e4f0 kernelconfig.x86_64" +0914bcf698bb5e1a39d2888ad2c5c442 kernelconfig.x86 +477f1a2a20dd6634dfa42f4732235370 kernelconfig.x86_64" sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz -19b2748e9c11c6ca7672dc0b945725914a7481fad8c5f0fb5c1658115f04c72a patch-3.8.6.xz -cdcb882156b6b4861a4d5862cc132787c1484ebc435d52a2422711f6fc2489ad grsecurity-2.9.1-3.8.6-201304082215.patch +35596a6e1504354ce165a36b743fc14eeeae3a462a321eafca54ab1b3215f861 patch-3.8.7.xz +eea6cedf3e2ab2d45df7d9a04113f97ed8b666d7c248bfa34c0976216535b33f grsecurity-2.9.1-3.8.7-201304142158.patch e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch -a50c35f891e272332bdd33dff24b248502f1efb2f5b5941b662ca5bf0e3d31a1 kernelconfig.x86 -06598a7e3860995a24b5926e2ed42c85787902faf052c4066266716516b7d389 kernelconfig.x86_64" +fea4df55c6db0a058eb24ede61473bf401a52ceb1945d5d552421847cc947160 kernelconfig.x86 +6b4c04220aaecd9854ac6e889e7518c931f1c3f5f2e7c32c2c084ccfc3be911f kernelconfig.x86_64" sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz -7e1a36d54f32534d434c9968d1ad7bb47e86fdca68abb227a20ac8faf88c39b3d32b710578de8af8f418997b02e3bac0a4ea446ce143e2eb9b7906b2031a000d patch-3.8.6.xz -b9a8a1850ccb77472f66d2e3b7ed20426af0b8531caa87a323df1bd16df86ae28910f075202e4a59f6ebf9cf2e3e31173f0d46db28b4033eff9ed798f3529798 grsecurity-2.9.1-3.8.6-201304082215.patch +311cb2b75671ec842c7f4f4724af5afe2a23458eb28f2199ed9a4472f7a34e10ccd1f656a4c61634a0f6606714d5d4ebd6007ea90eddbdd32d83179e4adcb242 patch-3.8.7.xz +cf265d345fe2ba1d53b7cccddfb5a06424ca49da48a76261fa18f8e963155fbcfea99a3eb016f6a78cfb6e5477bfb97972322633cf503470f9d01592dd3b6f6c grsecurity-2.9.1-3.8.7-201304142158.patch b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch -f137e63a9065c41a808e39c43784226787b7b19d056c721909039358c5ac3bcc94e5386ae99e422c1be3186f08e75565cf2e8e874986965222639a0efae84486 kernelconfig.x86 -2b7c401ff742fa06b7d35403eccf486968b3e9460f14d5743d2747cbb86f97dafc874978ef870df277d972ceb984988a753c08b17fa95da0f8d91fabcf55cf46 kernelconfig.x86_64" +ffb12d33f55dbc50e97156feaf65e29f6b332750e43c33ed90b2def5029d039b0b87d559483cf3a80f330dadac68f921fa276dc6cc9fbc4e60050985d823501e kernelconfig.x86 +3bdc68b0b8d36b051ac543f13eba1151902e1e43e76abef8d8dcbaa6927db6365f1b091505569af8146c89e486e24647e8e96fb6b96f30a0071f59e5923950cb kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch b/main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch index ccb497cccf..8cb1973696 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.8.6-201304082215.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.8.7-201304142158.patch @@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 10075d6..dcb3e14 100644 +index 85204da..9d99250 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -269,7 +269,7 @@ index 10075d6..dcb3e14 100644 -HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -HOSTCXXFLAGS = -O2 +HOSTCFLAGS = -Wall -W -Wmissing-prototypes -Wstrict-prototypes -Wno-unused-parameter -Wno-missing-field-initializers -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks -+HOSTCLFAGS += $(call cc-option, -Wno-empty-body) ++HOSTCFLAGS += $(call cc-option, -Wno-empty-body) +HOSTCXXFLAGS = -O2 -Wall -W -fno-delete-null-pointer-checks # Decide whether to build built-in, modular, or both. @@ -5199,9 +5199,18 @@ index 24603be..948052d 100644 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c -index 77597e5..6f28f3f 100644 +index 77597e5..189dd62f 100644 --- a/arch/ia64/kernel/palinfo.c +++ b/arch/ia64/kernel/palinfo.c +@@ -977,7 +977,7 @@ create_palinfo_proc_entries(unsigned int cpu) + struct proc_dir_entry **pdir; + struct proc_dir_entry *cpu_dir; + int j; +- char cpustr[sizeof(CPUSTR)]; ++ char cpustr[3+4+1]; + + + /* @@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -6663,6 +6672,19 @@ index 3d5c9dc..62f8414 100644 #define DSISR_PROTFAULT 0x08000000 /* protection fault */ #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ +diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h +index 195ce2a..ab5c614 100644 +--- a/arch/powerpc/include/asm/smp.h ++++ b/arch/powerpc/include/asm/smp.h +@@ -50,7 +50,7 @@ struct smp_ops_t { + int (*cpu_disable)(void); + void (*cpu_die)(unsigned int nr); + int (*cpu_bootable)(unsigned int nr); +-}; ++} __no_const; + + extern void smp_send_debugger_break(void); + extern void start_secondary_resume(void); diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h index 406b7b9..af63426 100644 --- a/arch/powerpc/include/asm/thread_info.h @@ -10484,7 +10506,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 0694d09..b58b3aa 100644 +index 0694d09..58ea1a1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -238,7 +238,7 @@ config X86_HT @@ -10539,19 +10561,12 @@ index 0694d09..b58b3aa 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1599,6 +1601,7 @@ config KEXEC_JUMP - config PHYSICAL_START - hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) - default "0x1000000" -+ range 0x400000 0x40000000 - ---help--- - This gives the physical address where the kernel is loaded. - -@@ -1662,6 +1665,7 @@ config X86_NEED_RELOCS +@@ -1662,6 +1664,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" -+ range 0x400000 0x1000000 if PAX_KERNEXEC ++ range 0x200000 0x1000000 if PAX_KERNEXEC && X86_PAE ++ range 0x400000 0x1000000 if PAX_KERNEXEC && !X86_PAE range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address @@ -10713,7 +10728,7 @@ index 18997e5..83d9c67 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 8a84501..b2d165f 100644 +index 5ef205c..342191d 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -15899,6 +15914,19 @@ index 2d946e6..e453ec4 100644 + #endif #endif /* _ASM_X86_THREAD_INFO_H */ +diff --git a/arch/x86/include/asm/tlb.h b/arch/x86/include/asm/tlb.h +index 4fef207..c779730 100644 +--- a/arch/x86/include/asm/tlb.h ++++ b/arch/x86/include/asm/tlb.h +@@ -7,7 +7,7 @@ + + #define tlb_flush(tlb) \ + { \ +- if (tlb->fullmm == 0) \ ++ if (!tlb->fullmm && !tlb->need_flush_all) \ + flush_tlb_mm_range(tlb->mm, tlb->start, tlb->end, 0UL); \ + else \ + flush_tlb_mm_range(tlb->mm, 0UL, TLB_FLUSH_ALL, 0UL); \ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h index 1709801..0a60f2f 100644 --- a/arch/x86/include/asm/uaccess.h @@ -19228,7 +19256,7 @@ index 6ed91d9..6cc365b 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index cb3c591..bc63707 100644 +index cb3c591..7ba137c 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -19370,7 +19398,7 @@ index cb3c591..bc63707 100644 + pax_force_retaddr + retq + -+2: ljmpq __KERNEL_CS,1f ++2: ljmpq __KERNEL_CS,1b +3: ljmpq __KERNEXEC_KERNEL_CS,4f +4: SET_RDI_INTO_CR0 + jmp 1b @@ -20171,6 +20199,31 @@ index cb3c591..bc63707 100644 /* * Check the special variable on the stack to see if NMIs are * executing. +@@ -1712,14 +2102,13 @@ nested_nmi: + + 1: + /* Set up the interrupted NMIs stack to jump to repeat_nmi */ +- leaq -1*8(%rsp), %rdx +- movq %rdx, %rsp ++ subq $8, %rsp + CFI_ADJUST_CFA_OFFSET 1*8 + leaq -10*8(%rsp), %rdx + pushq_cfi $__KERNEL_DS + pushq_cfi %rdx + pushfq_cfi +- pushq_cfi $__KERNEL_CS ++ pushq_cfi 6*8(%rsp) + pushq_cfi $repeat_nmi + + /* Put stack back */ +@@ -1731,6 +2120,7 @@ nested_nmi_out: + CFI_RESTORE rdx + + /* No need to check faults here */ ++ pax_force_retaddr_bts + INTERRUPT_RETURN + + CFI_RESTORE_STATE @@ -1847,6 +2237,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -28943,7 +28996,7 @@ index 75c9a6a..498d677 100644 if (vma == &gate_vma) return "[vsyscall]"; diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c -index 7b179b4..6bd1777 100644 +index 7b179b4..6bd17777 100644 --- a/arch/x86/mm/iomap_32.c +++ b/arch/x86/mm/iomap_32.c @@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot) @@ -29384,10 +29437,24 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index e27fbf8..8b56dc9 100644 +index e27fbf8..213e72b 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -58,6 +58,13 @@ void ___pte_free_tlb(struct mmu_gather *tlb, struct page *pte) + void ___pmd_free_tlb(struct mmu_gather *tlb, pmd_t *pmd) + { + paravirt_release_pmd(__pa(pmd) >> PAGE_SHIFT); ++ /* ++ * NOTE! For PAE, any changes to the top page-directory-pointer-table ++ * entries need a full cr3 reload to flush. ++ */ ++#ifdef CONFIG_X86_PAE ++ tlb->need_flush_all = 1; ++#endif + tlb_remove_page(tlb, virt_to_page(pmd)); + } + +@@ -84,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -29454,7 +29521,7 @@ index e27fbf8..8b56dc9 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +182,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +189,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -29462,7 +29529,7 @@ index e27fbf8..8b56dc9 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd) * -- nyc */ @@ -29471,7 +29538,7 @@ index e27fbf8..8b56dc9 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +207,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +214,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -29480,7 +29547,7 @@ index e27fbf8..8b56dc9 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +225,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +232,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -29530,7 +29597,7 @@ index e27fbf8..8b56dc9 100644 return -ENOMEM; } -@@ -212,51 +269,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +276,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -29603,7 +29670,7 @@ index e27fbf8..8b56dc9 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +326,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +333,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -29617,7 +29684,7 @@ index e27fbf8..8b56dc9 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +340,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +347,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -29635,7 +29702,7 @@ index e27fbf8..8b56dc9 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +356,7 @@ out: +@@ -295,7 +363,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -31422,7 +31489,7 @@ index 431e875..cbb23f3 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 2262003..f229ced 100644 +index 2262003..3ee61cf 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -31450,10 +31517,19 @@ index 2262003..f229ced 100644 unsigned int size = dtr->size + 1; - unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; - unsigned long frames[pages]; -+ unsigned long frames[65536 / PAGE_SIZE]; ++ unsigned long frames[(GDT_SIZE + PAGE_SIZE - 1) / PAGE_SIZE]; int f; /* +@@ -554,7 +550,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) + * 8-byte entries, or 16 4k pages.. + */ + +- BUG_ON(size > 65536); ++ BUG_ON(size > GDT_SIZE); + BUG_ON(va & ~PAGE_MASK); + + for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) { @@ -939,7 +935,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) return 0; } @@ -31520,22 +31596,20 @@ index 2262003..f229ced 100644 xen_setup_features(); -@@ -1399,14 +1405,7 @@ asmlinkage void __init xen_start_kernel(void) - pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit; - } +@@ -1401,13 +1407,6 @@ asmlinkage void __init xen_start_kernel(void) + + machine_ops = xen_machine_ops; -- machine_ops = xen_machine_ops; -- - /* - * The only reliable way to retain the initial address of the - * percpu gdt_page is to remember it here, so we can go and - * mark it RW later, when the initial percpu area is freed. - */ - xen_initial_gdt = &per_cpu(gdt_page, 0); -+ memcpy((void *)&machine_ops, &xen_machine_ops, sizeof machine_ops); - +- xen_smp_init(); + #ifdef CONFIG_ACPI_NUMA @@ -1598,7 +1597,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -31546,10 +31620,46 @@ index 2262003..f229ced 100644 }; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 01de35c..0bda07b 100644 +index 01de35c..692023f 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1739,14 +1739,18 @@ static void *m2v(phys_addr_t maddr) + } + + /* Set the page permissions on an identity-mapped pages */ +-static void set_page_prot(void *addr, pgprot_t prot) ++static void set_page_prot_flags(void *addr, pgprot_t prot, unsigned long flags) + { + unsigned long pfn = __pa(addr) >> PAGE_SHIFT; + pte_t pte = pfn_pte(pfn, prot); + +- if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, 0)) ++ if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, flags)) + BUG(); + } ++static void set_page_prot(void *addr, pgprot_t prot) ++{ ++ return set_page_prot_flags(addr, prot, UVMF_NONE); ++} + #ifdef CONFIG_X86_32 + static void __init xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn) + { +@@ -1830,12 +1834,12 @@ static void __init check_pt_base(unsigned long *pt_base, unsigned long *pt_end, + unsigned long addr) + { + if (*pt_base == PFN_DOWN(__pa(addr))) { +- set_page_prot((void *)addr, PAGE_KERNEL); ++ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG); + clear_page((void *)addr); + (*pt_base)++; + } + if (*pt_end == PFN_DOWN(__pa(addr))) { +- set_page_prot((void *)addr, PAGE_KERNEL); ++ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG); + clear_page((void *)addr); + (*pt_end)--; + } +@@ -1881,6 +1885,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); @@ -31559,7 +31669,7 @@ index 01de35c..0bda07b 100644 /* We get [511][511] and have Xen's version of level2_kernel_pgt */ l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); -@@ -1910,8 +1913,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1910,8 +1917,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -31572,7 +31682,7 @@ index 01de35c..0bda07b 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2097,6 +2104,7 @@ static void __init xen_post_allocator_init(void) +@@ -2097,6 +2108,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -31580,7 +31690,7 @@ index 01de35c..0bda07b 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2178,6 +2186,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2178,6 +2190,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -32208,10 +32318,10 @@ index 6cd7805..07facb3 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 46cd3f4..0871ad0 100644 +index 501c209..5f28b4d 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4784,7 +4784,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -32220,7 +32330,7 @@ index 46cd3f4..0871ad0 100644 ap = qc->ap; qc->flags = 0; -@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4800,7 +4800,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -32229,7 +32339,7 @@ index 46cd3f4..0871ad0 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5896,6 +5896,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -32237,7 +32347,7 @@ index 46cd3f4..0871ad0 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5909,8 +5910,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -35061,7 +35171,7 @@ index be174ca..7f38143 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 133b413..fd68225 100644 +index 32d7775..c8be5e1 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -35073,7 +35183,7 @@ index 133b413..fd68225 100644 dev->sigdata.lock = NULL; -@@ -134,7 +134,7 @@ int drm_open(struct inode *inode, struct file *filp) +@@ -135,7 +135,7 @@ int drm_open(struct inode *inode, struct file *filp) if (drm_device_is_unplugged(dev)) return -ENODEV; @@ -35081,8 +35191,8 @@ index 133b413..fd68225 100644 + if (local_inc_return(&dev->open_count) == 1) need_setup = 1; mutex_lock(&dev->struct_mutex); - old_mapping = dev->dev_mapping; -@@ -149,7 +149,7 @@ int drm_open(struct inode *inode, struct file *filp) + old_imapping = inode->i_mapping; +@@ -151,7 +151,7 @@ int drm_open(struct inode *inode, struct file *filp) retcode = drm_open_helper(inode, filp, dev); if (retcode) goto err_undo; @@ -35091,7 +35201,7 @@ index 133b413..fd68225 100644 if (need_setup) { retcode = drm_setup(dev); if (retcode) -@@ -164,7 +164,7 @@ err_undo: +@@ -166,7 +166,7 @@ err_undo: iput(container_of(dev->dev_mapping, struct inode, i_data)); dev->dev_mapping = old_mapping; mutex_unlock(&dev->struct_mutex); @@ -35100,7 +35210,7 @@ index 133b413..fd68225 100644 return retcode; } EXPORT_SYMBOL(drm_open); -@@ -438,7 +438,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -440,7 +440,7 @@ int drm_release(struct inode *inode, struct file *filp) mutex_lock(&drm_global_mutex); @@ -35109,7 +35219,7 @@ index 133b413..fd68225 100644 if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -447,10 +447,10 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -449,10 +449,10 @@ int drm_release(struct inode *inode, struct file *filp) * Begin inline drm_release */ @@ -35122,7 +35232,7 @@ index 133b413..fd68225 100644 /* Release any auth tokens that might point to this file_priv, (do that under the drm_global_mutex) */ -@@ -547,8 +547,8 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -549,8 +549,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -35437,7 +35547,7 @@ index 7339a4b..445aaba 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 7adf5a7..e24fb51 100644 +index ba8805a..39d5330 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, @@ -35609,7 +35719,7 @@ index fe84338..a863190 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index e6e4df7..6a9a1bd 100644 +index d3f834a..0ad1b37 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -39701,6 +39811,27 @@ index 10bc093..a2fb42a 100644 } return rval; +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +index 5523da3..4fcf274 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c +@@ -4767,7 +4767,7 @@ static void bnx2x_after_function_update(struct bnx2x *bp) + q); + } + +- if (!NO_FCOE(bp)) { ++ if (!NO_FCOE(bp) && CNIC_ENABLED(bp)) { + fp = &bp->fp[FCOE_IDX(bp)]; + queue_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj; + +@@ -13047,6 +13047,7 @@ static int bnx2x_unregister_cnic(struct net_device *dev) + RCU_INIT_POINTER(bp->cnic_ops, NULL); + mutex_unlock(&bp->cnic_mutex); + synchronize_rcu(); ++ bp->cnic_enabled = false; + kfree(bp->cnic_kwq); + bp->cnic_kwq = NULL; + diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c index 09b625e..15b16fe 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c @@ -39826,6 +39957,142 @@ index b901a01..1ff32ee 100644 #include "ftmac100.h" +diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c +index a59f077..7925d77 100644 +--- a/drivers/net/ethernet/intel/e100.c ++++ b/drivers/net/ethernet/intel/e100.c +@@ -870,7 +870,7 @@ err_unlock: + } + + static int e100_exec_cb(struct nic *nic, struct sk_buff *skb, +- void (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *)) ++ int (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *)) + { + struct cb *cb; + unsigned long flags; +@@ -888,10 +888,13 @@ static int e100_exec_cb(struct nic *nic, struct sk_buff *skb, + nic->cbs_avail--; + cb->skb = skb; + ++ err = cb_prepare(nic, cb, skb); ++ if (err) ++ goto err_unlock; ++ + if (unlikely(!nic->cbs_avail)) + err = -ENOSPC; + +- cb_prepare(nic, cb, skb); + + /* Order is important otherwise we'll be in a race with h/w: + * set S-bit in current first, then clear S-bit in previous. */ +@@ -1091,7 +1094,7 @@ static void e100_get_defaults(struct nic *nic) + nic->mii.mdio_write = mdio_write; + } + +-static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) ++static int e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) + { + struct config *config = &cb->u.config; + u8 *c = (u8 *)config; +@@ -1181,6 +1184,7 @@ static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) + netif_printk(nic, hw, KERN_DEBUG, nic->netdev, + "[16-23]=%02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X\n", + c[16], c[17], c[18], c[19], c[20], c[21], c[22], c[23]); ++ return 0; + } + + /************************************************************************* +@@ -1331,7 +1335,7 @@ static const struct firmware *e100_request_firmware(struct nic *nic) + return fw; + } + +-static void e100_setup_ucode(struct nic *nic, struct cb *cb, ++static int e100_setup_ucode(struct nic *nic, struct cb *cb, + struct sk_buff *skb) + { + const struct firmware *fw = (void *)skb; +@@ -1358,6 +1362,7 @@ static void e100_setup_ucode(struct nic *nic, struct cb *cb, + cb->u.ucode[min_size] |= cpu_to_le32((BUNDLESMALL) ? 0xFFFF : 0xFF80); + + cb->command = cpu_to_le16(cb_ucode | cb_el); ++ return 0; + } + + static inline int e100_load_ucode_wait(struct nic *nic) +@@ -1400,18 +1405,20 @@ static inline int e100_load_ucode_wait(struct nic *nic) + return err; + } + +-static void e100_setup_iaaddr(struct nic *nic, struct cb *cb, ++static int e100_setup_iaaddr(struct nic *nic, struct cb *cb, + struct sk_buff *skb) + { + cb->command = cpu_to_le16(cb_iaaddr); + memcpy(cb->u.iaaddr, nic->netdev->dev_addr, ETH_ALEN); ++ return 0; + } + +-static void e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb) ++static int e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb) + { + cb->command = cpu_to_le16(cb_dump); + cb->u.dump_buffer_addr = cpu_to_le32(nic->dma_addr + + offsetof(struct mem, dump_buf)); ++ return 0; + } + + static int e100_phy_check_without_mii(struct nic *nic) +@@ -1581,7 +1588,7 @@ static int e100_hw_init(struct nic *nic) + return 0; + } + +-static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) ++static int e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) + { + struct net_device *netdev = nic->netdev; + struct netdev_hw_addr *ha; +@@ -1596,6 +1603,7 @@ static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) + memcpy(&cb->u.multi.addr[i++ * ETH_ALEN], &ha->addr, + ETH_ALEN); + } ++ return 0; + } + + static void e100_set_multicast_list(struct net_device *netdev) +@@ -1756,11 +1764,18 @@ static void e100_watchdog(unsigned long data) + round_jiffies(jiffies + E100_WATCHDOG_PERIOD)); + } + +-static void e100_xmit_prepare(struct nic *nic, struct cb *cb, ++static int e100_xmit_prepare(struct nic *nic, struct cb *cb, + struct sk_buff *skb) + { ++ dma_addr_t dma_addr; + cb->command = nic->tx_command; + ++ dma_addr = pci_map_single(nic->pdev, ++ skb->data, skb->len, PCI_DMA_TODEVICE); ++ /* If we can't map the skb, have the upper layer try later */ ++ if (pci_dma_mapping_error(nic->pdev, dma_addr)) ++ return -ENOMEM; ++ + /* + * Use the last 4 bytes of the SKB payload packet as the CRC, used for + * testing, ie sending frames with bad CRC. +@@ -1777,11 +1792,10 @@ static void e100_xmit_prepare(struct nic *nic, struct cb *cb, + cb->u.tcb.tcb_byte_count = 0; + cb->u.tcb.threshold = nic->tx_threshold; + cb->u.tcb.tbd_count = 1; +- cb->u.tcb.tbd.buf_addr = cpu_to_le32(pci_map_single(nic->pdev, +- skb->data, skb->len, PCI_DMA_TODEVICE)); +- /* check for mapping failure? */ ++ cb->u.tcb.tbd.buf_addr = cpu_to_le32(dma_addr); + cb->u.tcb.tbd.size = cpu_to_le16(skb->len); + skb_tx_timestamp(skb); ++ return 0; + } + + static netdev_tx_t e100_xmit_frame(struct sk_buff *skb, diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c index bb9256a..56d8752 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c @@ -39878,7 +40145,7 @@ index fbe5363..266b4e3 100644 __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 998974f..ecd26db 100644 +index 2d849da..23bba3b 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -741,22 +741,22 @@ struct rtl8169_private { @@ -40648,20 +40915,6 @@ index ff90855..e46d223 100644 } spin_lock_init(&hwsim_radio_lock); -diff --git a/drivers/net/wireless/mwifiex/cfg80211.c b/drivers/net/wireless/mwifiex/cfg80211.c -index cdb11b3..3eca710 100644 ---- a/drivers/net/wireless/mwifiex/cfg80211.c -+++ b/drivers/net/wireless/mwifiex/cfg80211.c -@@ -1846,7 +1846,8 @@ mwifiex_cfg80211_scan(struct wiphy *wiphy, - } - } - -- for (i = 0; i < request->n_channels; i++) { -+ for (i = 0; i < min_t(u32, request->n_channels, -+ MWIFIEX_USER_SCAN_CHAN_MAX); i++) { - chan = request->channels[i]; - priv->user_scan_cfg->chan_list[i].chan_number = chan->hw_value; - priv->user_scan_cfg->chan_list[i].radio_type = chan->band; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c index abe1d03..fb02c22 100644 --- a/drivers/net/wireless/rndis_wlan.c @@ -50452,10 +50705,51 @@ index cc7709e..7e7211f 100644 /* Free the char* */ kfree(buf); diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c -index 412e6ed..4292d22 100644 +index 412e6ed..d8263e8 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c -@@ -315,7 +315,7 @@ check_list: +@@ -80,13 +80,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) + int rc; + + mutex_lock(&ecryptfs_daemon_hash_mux); +- rc = try_module_get(THIS_MODULE); +- if (rc == 0) { +- rc = -EIO; +- printk(KERN_ERR "%s: Error attempting to increment module use " +- "count; rc = [%d]\n", __func__, rc); +- goto out_unlock_daemon_list; +- } + rc = ecryptfs_find_daemon_by_euid(&daemon); + if (!rc) { + rc = -EINVAL; +@@ -96,7 +89,7 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) + if (rc) { + printk(KERN_ERR "%s: Error attempting to spawn daemon; " + "rc = [%d]\n", __func__, rc); +- goto out_module_put_unlock_daemon_list; ++ goto out_unlock_daemon_list; + } + mutex_lock(&daemon->mux); + if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { +@@ -108,9 +101,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) + atomic_inc(&ecryptfs_num_miscdev_opens); + out_unlock_daemon: + mutex_unlock(&daemon->mux); +-out_module_put_unlock_daemon_list: +- if (rc) +- module_put(THIS_MODULE); + out_unlock_daemon_list: + mutex_unlock(&ecryptfs_daemon_hash_mux); + return rc; +@@ -147,7 +137,6 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file) + "bug.\n", __func__, rc); + BUG(); + } +- module_put(THIS_MODULE); + return rc; + } + +@@ -315,7 +304,7 @@ check_list: goto out_unlock_msg_ctx; i = PKT_TYPE_SIZE + PKT_CTR_SIZE; if (msg_ctx->msg) { @@ -50464,6 +50758,14 @@ index 412e6ed..4292d22 100644 goto out_unlock_msg_ctx; i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) +@@ -471,6 +460,7 @@ out_free: + + + static const struct file_operations ecryptfs_miscdev_fops = { ++ .owner = THIS_MODULE, + .open = ecryptfs_miscdev_open, + .poll = ecryptfs_miscdev_poll, + .read = ecryptfs_miscdev_read, diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c index b2a34a1..162fa69 100644 --- a/fs/ecryptfs/read_write.c @@ -53175,9 +53477,18 @@ index 78bde32..767e906 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 14084b7..29af1d9 100644 +index 14084b7..6a439ea 100644 --- a/fs/inode.c +++ b/fs/inode.c +@@ -725,7 +725,7 @@ void prune_icache_sb(struct super_block *sb, int nr_to_scan) + * inode to the back of the list so we don't spin on it. + */ + if (!spin_trylock(&inode->i_lock)) { +- list_move_tail(&inode->i_lru, &sb->s_inode_lru); ++ list_move(&inode->i_lru, &sb->s_inode_lru); + continue; + } + @@ -880,8 +880,8 @@ unsigned int get_next_ino(void) #ifdef CONFIG_SMP @@ -53894,7 +54205,7 @@ index ec97aef..e67718d 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 5dd7709..0002ebe 100644 +index 5dd7709..6f64e9c 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -53917,6 +54228,15 @@ index 5dd7709..0002ebe 100644 return retval; } +@@ -1713,7 +1719,7 @@ static int do_loopback(struct path *path, const char *old_name, + + if (IS_ERR(mnt)) { + err = PTR_ERR(mnt); +- goto out; ++ goto out2; + } + + err = graft_tree(mnt, path); @@ -2294,6 +2300,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -56082,21 +56402,6 @@ index 157e474..65a6114 100644 #define FILESYSTEM_CHANGED_TB(tb) (get_generation((tb)->tb_sb) != (tb)->fs_gen) #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ -diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c -index c196369..4cce1d9 100644 ---- a/fs/reiserfs/xattr.c -+++ b/fs/reiserfs/xattr.c -@@ -187,8 +187,8 @@ fill_with_dentries(void *buf, const char *name, int namelen, loff_t offset, - if (dbuf->count == ARRAY_SIZE(dbuf->dentries)) - return -ENOSPC; - -- if (name[0] == '.' && (name[1] == '\0' || -- (name[1] == '.' && name[2] == '\0'))) -+ if (name[0] == '.' && (namelen < 2 || -+ (namelen == 2 && name[1] == '.'))) - return 0; - - dentry = lookup_one_len(name, dbuf->xadir, namelen); diff --git a/fs/select.c b/fs/select.c index 2ef72d9..f213b17 100644 --- a/fs/select.c @@ -57776,7 +58081,7 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..d0e7b38 +index 0000000..b306b36 --- /dev/null +++ b/grsecurity/gracl.c @@ -0,0 +1,4071 @@ @@ -60112,7 +60417,7 @@ index 0000000..d0e7b38 + return; + + for (i = 0; i < RLIM_NLIMITS; i++) { -+ if (!(proc->resmask & (1 << i))) ++ if (!(proc->resmask & (1U << i))) + continue; + + task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur; @@ -61347,7 +61652,7 @@ index 0000000..d0e7b38 + acl = task->acl; + + if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) || -+ !(acl->resmask & (1 << (unsigned short) res)))) ++ !(acl->resmask & (1U << (unsigned short) res)))) + return; + + if (wanted >= acl->res[res].rlim_cur) { @@ -62517,10 +62822,10 @@ index 0000000..a340c17 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..4699807 +index 0000000..8132048 --- /dev/null +++ b/grsecurity/gracl_ip.c -@@ -0,0 +1,384 @@ +@@ -0,0 +1,387 @@ +#include <linux/kernel.h> +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -62627,7 +62932,7 @@ index 0000000..4699807 + + curr = current->acl; + -+ if (curr->sock_families[domain / 32] & (1 << (domain % 32))) { ++ if (curr->sock_families[domain / 32] & (1U << (domain % 32))) { + /* the family is allowed, if this is PF_INET allow it only if + the extra sock type/protocol checks pass */ + if (domain == PF_INET) @@ -62654,8 +62959,8 @@ index 0000000..4699807 + if (!curr->ips) + goto exit; + -+ if ((curr->ip_type & (1 << type)) && -+ (curr->ip_proto[protocol / 32] & (1 << (protocol % 32)))) ++ if ((curr->ip_type & (1U << type)) && ++ (curr->ip_proto[protocol / 32] & (1U << (protocol % 32)))) + goto exit; + + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { @@ -62692,6 +62997,9 @@ index 0000000..4699807 + gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), gr_proto_to_name(protocol)); + else ++#ifndef CONFIG_IPV6 ++ if (domain != PF_INET6) ++#endif + gr_log_str2_int(GR_DONT_AUDIT, GR_SOCK_NOINET_MSG, gr_sockfamily_to_name(domain), + gr_socktype_to_name(type), protocol); + @@ -62707,8 +63015,8 @@ index 0000000..4699807 + (ip_port <= ip->high) && + ((ntohl(ip_addr) & our_netmask) == + (ntohl(our_addr) & our_netmask)) -+ && (ip->proto[protocol / 32] & (1 << (protocol % 32))) -+ && (ip->type & (1 << type))) { ++ && (ip->proto[protocol / 32] & (1U << (protocol % 32))) ++ && (ip->type & (1U << type))) { + if (ip->mode & GR_INVERT) + return 2; // specifically denied + else @@ -63194,7 +63502,7 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..8c8fc9d +index 0000000..cb1e5ab --- /dev/null +++ b/grsecurity/gracl_segv.c @@ -0,0 +1,303 @@ @@ -63395,7 +63703,7 @@ index 0000000..8c8fc9d + + curr = task->acl; + -+ if (!(curr->resmask & (1 << GR_CRASH_RES))) ++ if (!(curr->resmask & (1U << GR_CRASH_RES))) + return; + + if (time_before_eq(curr->expires, get_seconds())) { @@ -63461,7 +63769,7 @@ index 0000000..8c8fc9d + current->role); + read_unlock(&gr_inode_lock); + -+ if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) || ++ if (!curr || !(curr->resmask & (1U << GR_CRASH_RES)) || + (!curr->crashes && !curr->expires)) + return 0; + @@ -67212,6 +67520,24 @@ index 5cf680a..4b74d62 100644 #endif /* CONFIG_MMU */ #endif /* !__ASSEMBLY__ */ +diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h +index 25f01d0..b1b1fa6 100644 +--- a/include/asm-generic/tlb.h ++++ b/include/asm-generic/tlb.h +@@ -99,7 +99,12 @@ struct mmu_gather { + unsigned int need_flush : 1, /* Did free PTEs */ + fast_mode : 1; /* No batching */ + +- unsigned int fullmm; ++ /* we are in the middle of an operation to clear ++ * a full mm and can make some optimizations */ ++ unsigned int fullmm : 1, ++ /* we have performed an operation which ++ * requires a complete flush of the tlb */ ++ need_flush_all : 1; + + struct mmu_gather_batch *active; + struct mmu_gather_batch local; diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index d1ea7ce..b1ebf2a 100644 --- a/include/asm-generic/vmlinux.lds.h @@ -69758,10 +70084,10 @@ index 2c497ab..afe32f5 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 649e5f8..ead5194 100644 +index 0621bca..24d6851 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -915,7 +915,7 @@ struct ata_port_operations { +@@ -916,7 +916,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -78423,7 +78749,7 @@ index 2f194e9..2c05ea9 100644 .priority = 10, }; diff --git a/kernel/sys.c b/kernel/sys.c -index 265b376..4e42ef5 100644 +index 265b376..48b8613 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -78512,17 +78838,16 @@ index 265b376..4e42ef5 100644 if (rgid != (gid_t) -1) new->gid = krgid; if (egid != (gid_t) -1) -@@ -981,6 +1009,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) - if (!uid_valid(kuid)) - return old_fsuid; - -+ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid)) -+ goto error; +@@ -989,12 +1017,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) + uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || + nsown_capable(CAP_SETUID)) { + if (!uid_eq(kuid, old->fsuid)) { ++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid)) ++ goto error; + - new = prepare_creds(); - if (!new) - return old_fsuid; -@@ -995,6 +1026,7 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) + new->fsuid = kuid; + if (security_task_fix_setuid(new, old, LSM_SETID_FS) == 0) + goto change_okay; } } @@ -79133,10 +79458,18 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index b27052c..0e1af95 100644 +index 64bc5d8..1ed69e2 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -668,7 +668,6 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat) + free_page(tmp); + } + +- free_page((unsigned long)stat->pages); + stat->pages = NULL; + stat->start = NULL; + +@@ -1874,12 +1873,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -79156,7 +79489,7 @@ index b27052c..0e1af95 100644 } /* -@@ -2965,7 +2970,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2965,7 +2969,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -79165,7 +79498,7 @@ index b27052c..0e1af95 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; -@@ -3832,8 +3837,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -3832,8 +3836,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -79176,7 +79509,7 @@ index b27052c..0e1af95 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, +@@ -4555,8 +4561,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER static int ftrace_graph_active; @@ -79185,7 +79518,7 @@ index b27052c..0e1af95 100644 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) { return 0; -@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, +@@ -4700,6 +4704,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, return NOTIFY_DONE; } @@ -79196,7 +79529,7 @@ index b27052c..0e1af95 100644 int register_ftrace_graph(trace_func_graph_ret_t retfunc, trace_func_graph_ent_t entryfunc) { -@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, +@@ -4713,7 +4721,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, goto out; } @@ -79986,10 +80319,33 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/kobject.c b/lib/kobject.c -index e07ee1f..998489d 100644 +index e07ee1f..a4fd13d 100644 --- a/lib/kobject.c +++ b/lib/kobject.c -@@ -852,9 +852,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); +@@ -529,6 +529,13 @@ struct kobject *kobject_get(struct kobject *kobj) + return kobj; + } + ++static struct kobject *kobject_get_unless_zero(struct kobject *kobj) ++{ ++ if (!kref_get_unless_zero(&kobj->kref)) ++ kobj = NULL; ++ return kobj; ++} ++ + /* + * kobject_cleanup - free kobject resources. + * @kobj: object to cleanup +@@ -751,7 +758,7 @@ struct kobject *kset_find_obj(struct kset *kset, const char *name) + + list_for_each_entry(k, &kset->list, entry) { + if (kobject_name(k) && !strcmp(kobject_name(k), name)) { +- ret = kobject_get(k); ++ ret = kobject_get_unless_zero(k); + break; + } + } +@@ -852,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); static DEFINE_SPINLOCK(kobj_ns_type_lock); @@ -80822,10 +81178,18 @@ index c6e4dd3..1f41988 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index bb1369f..b9631d2 100644 +index bb1369f..38014f5 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -212,6 +212,7 @@ void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm) + tlb->mm = mm; + + tlb->fullmm = fullmm; ++ tlb->need_flush_all = 0; + tlb->start = -1UL; + tlb->end = 0; + tlb->need_flush = 0; +@@ -433,6 +434,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -80833,7 +81197,7 @@ index bb1369f..b9631d2 100644 start &= PUD_MASK; if (start < floor) return; -@@ -447,6 +448,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -447,6 +449,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -80842,7 +81206,7 @@ index bb1369f..b9631d2 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -466,6 +469,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -466,6 +470,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -80850,7 +81214,7 @@ index bb1369f..b9631d2 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -480,6 +484,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -480,6 +485,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -80859,7 +81223,7 @@ index bb1369f..b9631d2 100644 } /* -@@ -1618,12 +1624,6 @@ no_page_table: +@@ -1618,12 +1625,6 @@ no_page_table: return page; } @@ -80872,7 +81236,7 @@ index bb1369f..b9631d2 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1709,10 +1709,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1709,10 +1710,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, i = 0; @@ -80885,7 +81249,7 @@ index bb1369f..b9631d2 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1760,7 +1760,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1760,7 +1761,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -80894,7 +81258,7 @@ index bb1369f..b9631d2 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1787,11 +1787,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1787,11 +1788,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -80906,7 +81270,7 @@ index bb1369f..b9631d2 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1865,7 +1860,7 @@ next_page: +@@ -1865,7 +1861,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -80915,7 +81279,7 @@ index bb1369f..b9631d2 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2072,6 +2067,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2072,6 +2068,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -80926,7 +81290,7 @@ index bb1369f..b9631d2 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2116,9 +2115,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2116,9 +2116,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -80948,7 +81312,7 @@ index bb1369f..b9631d2 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2201,6 +2212,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2201,6 +2213,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -80956,7 +81320,7 @@ index bb1369f..b9631d2 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2401,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2401,7 +2414,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -80967,7 +81331,7 @@ index bb1369f..b9631d2 100644 if (!pmd) return -ENOMEM; do { -@@ -2421,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2421,7 +2436,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -80978,7 +81342,7 @@ index bb1369f..b9631d2 100644 if (!pud) return -ENOMEM; do { -@@ -2509,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2509,6 +2526,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -81165,7 +81529,7 @@ index bb1369f..b9631d2 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2725,6 +2921,12 @@ gotten: +@@ -2725,6 +2922,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -81178,7 +81542,7 @@ index bb1369f..b9631d2 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2776,6 +2978,10 @@ gotten: +@@ -2776,6 +2979,10 @@ gotten: page_remove_rmap(old_page); } @@ -81189,7 +81553,7 @@ index bb1369f..b9631d2 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3051,6 +3257,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3051,6 +3258,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -81201,7 +81565,7 @@ index bb1369f..b9631d2 100644 unlock_page(page); if (swapcache) { /* -@@ -3074,6 +3285,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3074,6 +3286,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81213,7 +81577,7 @@ index bb1369f..b9631d2 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3093,40 +3309,6 @@ out_release: +@@ -3093,40 +3310,6 @@ out_release: } /* @@ -81254,7 +81618,7 @@ index bb1369f..b9631d2 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3135,27 +3317,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3135,27 +3318,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -81287,7 +81651,7 @@ index bb1369f..b9631d2 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3174,6 +3352,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3174,6 +3353,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -81299,7 +81663,7 @@ index bb1369f..b9631d2 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3181,6 +3364,12 @@ setpte: +@@ -3181,6 +3365,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81312,7 +81676,7 @@ index bb1369f..b9631d2 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3324,6 +3513,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3324,6 +3514,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -81325,7 +81689,7 @@ index bb1369f..b9631d2 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3343,6 +3538,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3343,6 +3539,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -81340,7 +81704,7 @@ index bb1369f..b9631d2 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3664,6 +3867,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3664,6 +3868,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -81353,7 +81717,7 @@ index bb1369f..b9631d2 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3680,6 +3889,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3680,6 +3890,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -81364,7 +81728,7 @@ index bb1369f..b9631d2 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3691,6 +3904,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3691,6 +3905,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -81399,7 +81763,7 @@ index bb1369f..b9631d2 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3789,6 +4030,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3789,6 +4031,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81423,7 +81787,7 @@ index bb1369f..b9631d2 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3819,11 +4077,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3819,11 +4078,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81461,7 +81825,7 @@ index bb1369f..b9631d2 100644 struct vm_area_struct * vma; vma = find_vma(current->mm, addr); -@@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void) +@@ -3856,7 +4139,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -81470,7 +81834,7 @@ index bb1369f..b9631d2 100644 return 0; } -@@ -3990,8 +4272,8 @@ out: +@@ -3990,8 +4273,8 @@ out: return ret; } @@ -81481,7 +81845,7 @@ index bb1369f..b9631d2 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4016,8 +4298,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +@@ -4016,8 +4299,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -81492,7 +81856,7 @@ index bb1369f..b9631d2 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4025,7 +4307,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4025,7 +4308,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -81501,7 +81865,7 @@ index bb1369f..b9631d2 100644 void *maddr; struct page *page = NULL; -@@ -4084,8 +4366,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4084,8 +4367,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -81512,7 +81876,7 @@ index bb1369f..b9631d2 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4095,11 +4377,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4095,11 +4378,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -81694,7 +82058,7 @@ index c9bd528..da8d069 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 8832b87..04240d1 100644 +index 90db251..04240d1 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -32,6 +32,7 @@ @@ -82277,15 +82641,6 @@ index 8832b87..04240d1 100644 } unsigned long -@@ -1922,7 +2172,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) - - /* Check the cache first. */ - /* (Cache hit rate is typically around 35%.) */ -- vma = mm->mmap_cache; -+ vma = ACCESS_ONCE(mm->mmap_cache); - if (!(vma && vma->vm_end > addr && vma->vm_start <= addr)) { - struct rb_node *rb_node; - @@ -1974,6 +2224,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -83245,7 +83600,7 @@ index e1031e1..1f2a0a1 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 79c3cac..b2601ea 100644 +index bbe1f3f..b2601ea 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -83256,15 +83611,6 @@ index 79c3cac..b2601ea 100644 atomic_long_t mmap_pages_allocated; -@@ -819,7 +818,7 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) - struct vm_area_struct *vma; - - /* check the cache first */ -- vma = mm->mmap_cache; -+ vma = ACCESS_ONCE(mm->mmap_cache); - if (vma && vma->vm_start <= addr && vma->vm_end > addr) - return vma; - @@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); @@ -85519,7 +85865,7 @@ index ddac1ee..3ee0a78 100644 }; diff --git a/net/can/gw.c b/net/can/gw.c -index 574dda78e..3d2b3da 100644 +index 28e7bdc..d42c4cd 100644 --- a/net/can/gw.c +++ b/net/can/gw.c @@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); @@ -85935,7 +86281,7 @@ index 8acce01..2e306bb 100644 return error; } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 6212ec9..dd4ad3b 100644 +index 6212ec9..5ee16b2 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -85973,6 +86319,24 @@ index 6212ec9..dd4ad3b 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); +@@ -1068,7 +1071,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) + rcu_read_lock(); + cb->seq = net->dev_base_seq; + +- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + + if (tb[IFLA_EXT_MASK]) +@@ -1924,7 +1927,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) + u32 ext_filter_mask = 0; + u16 min_ifinfo_dump_size = 0; + +- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + if (tb[IFLA_EXT_MASK]) + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); diff --git a/net/core/scm.c b/net/core/scm.c index 2dc6cda..2159524 100644 --- a/net/core/scm.c @@ -87747,7 +88111,7 @@ index e85c48b..b8268d3 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 8d19346..e47216f 100644 +index 8d19346..f122ba5 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -87761,7 +88125,15 @@ index 8d19346..e47216f 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1440,6 +1444,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -386,6 +390,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, + + if (dst) + dst->ops->redirect(dst, sk, skb); ++ goto out; + } + + if (type == ICMPV6_PKT_TOOBIG) { +@@ -1440,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -87771,7 +88143,7 @@ index 8d19346..e47216f 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1521,12 +1528,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1521,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -87794,7 +88166,7 @@ index 8d19346..e47216f 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1575,6 +1590,10 @@ no_tcp_socket: +@@ -1575,6 +1591,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -88009,7 +88381,7 @@ index 5b426a6..970032b 100644 return res; } diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 0479c64..9e72ff4 100644 +index 49c48c6..9e72ff4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, @@ -88021,34 +88393,7 @@ index 0479c64..9e72ff4 100644 local->_oper_channel = chandef->chan; local->_oper_channel_type = cfg80211_get_chandef_type(chandef); ieee80211_hw_config(local, 0); -@@ -2499,7 +2499,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, - list_del(&dep->list); - mutex_unlock(&local->mtx); - -- ieee80211_roc_notify_destroy(dep); -+ ieee80211_roc_notify_destroy(dep, true); - return 0; - } - -@@ -2539,7 +2539,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, - ieee80211_start_next_roc(local); - mutex_unlock(&local->mtx); - -- ieee80211_roc_notify_destroy(found); -+ ieee80211_roc_notify_destroy(found, true); - } else { - /* work may be pending so use it all the time */ - found->abort = true; -@@ -2549,6 +2549,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local, - - /* work will clean up etc */ - flush_delayed_work(&found->work); -+ WARN_ON(!found->to_be_freed); -+ kfree(found); - } - - return 0; -@@ -2716,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, +@@ -2718,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -88058,7 +88403,7 @@ index 0479c64..9e72ff4 100644 ieee80211_queue_work(&local->hw, &local->reconfig_filter); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 2ed065c..bec0c2b 100644 +index 55d8f89..bec0c2b 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -88069,15 +88414,7 @@ index 2ed065c..bec0c2b 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -346,6 +347,7 @@ struct ieee80211_roc_work { - struct ieee80211_channel *chan; - - bool started, abort, hw_begun, notified; -+ bool to_be_freed; - - unsigned long hw_start_time; - -@@ -909,7 +911,7 @@ struct ieee80211_local { +@@ -910,7 +911,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -88086,15 +88423,6 @@ index 2ed065c..bec0c2b 100644 int monitors, cooked_mntrs; /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, -@@ -1363,7 +1365,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local); - void ieee80211_roc_setup(struct ieee80211_local *local); - void ieee80211_start_next_roc(struct ieee80211_local *local); - void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); --void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc); -+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); - void ieee80211_sw_roc_work(struct work_struct *work); - void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); - diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index 8be854e..ad72a69 100644 --- a/net/mac80211/iface.c @@ -88175,84 +88503,6 @@ index 1b087ff..bf600e9 100644 ret = drv_config(local, changed); /* * Goal: -diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c -index a3ad4c3..7acbdaa 100644 ---- a/net/mac80211/offchannel.c -+++ b/net/mac80211/offchannel.c -@@ -299,10 +299,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local) - } - } - --void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) -+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free) - { - struct ieee80211_roc_work *dep, *tmp; - -+ if (WARN_ON(roc->to_be_freed)) -+ return; -+ - /* was never transmitted */ - if (roc->frame) { - cfg80211_mgmt_tx_status(&roc->sdata->wdev, -@@ -318,9 +321,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) - GFP_KERNEL); - - list_for_each_entry_safe(dep, tmp, &roc->dependents, list) -- ieee80211_roc_notify_destroy(dep); -+ ieee80211_roc_notify_destroy(dep, true); - -- kfree(roc); -+ if (free) -+ kfree(roc); -+ else -+ roc->to_be_freed = true; - } - - void ieee80211_sw_roc_work(struct work_struct *work) -@@ -333,6 +339,9 @@ void ieee80211_sw_roc_work(struct work_struct *work) - - mutex_lock(&local->mtx); - -+ if (roc->to_be_freed) -+ goto out_unlock; -+ - if (roc->abort) - goto finish; - -@@ -372,7 +381,7 @@ void ieee80211_sw_roc_work(struct work_struct *work) - finish: - list_del(&roc->list); - started = roc->started; -- ieee80211_roc_notify_destroy(roc); -+ ieee80211_roc_notify_destroy(roc, !roc->abort); - - if (started) { - drv_flush(local, false); -@@ -412,7 +421,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work) - - list_del(&roc->list); - -- ieee80211_roc_notify_destroy(roc); -+ ieee80211_roc_notify_destroy(roc, true); - - /* if there's another roc, start it now */ - ieee80211_start_next_roc(local); -@@ -462,12 +471,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) - list_for_each_entry_safe(roc, tmp, &tmp_list, list) { - if (local->ops->remain_on_channel) { - list_del(&roc->list); -- ieee80211_roc_notify_destroy(roc); -+ ieee80211_roc_notify_destroy(roc, true); - } else { - ieee80211_queue_delayed_work(&local->hw, &roc->work, 0); - - /* work will clean up etc */ - flush_delayed_work(&roc->work); -+ WARN_ON(!roc->to_be_freed); -+ kfree(roc); - } - } - diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c index 79a48f3..5e185c9 100644 --- a/net/mac80211/pm.c @@ -90053,10 +90303,34 @@ index 2ca51c7..ee5feb5 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 507b5e8..049e64a 100644 +index 716aa41..75e88ea 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -1272,7 +1272,9 @@ call_start(struct rpc_task *task) +@@ -303,10 +303,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru + err = rpciod_up(); + if (err) + goto out_no_rpciod; ++ + err = -EINVAL; +- if (!xprt) +- goto out_no_xprt; +- + if (args->version >= program->nrvers) + goto out_err; + version = program->version[args->version]; +@@ -381,10 +379,9 @@ out_no_principal: + out_no_stats: + kfree(clnt); + out_err: +- xprt_put(xprt); +-out_no_xprt: + rpciod_down(); + out_no_rpciod: ++ xprt_put(xprt); + return ERR_PTR(err); + } + +@@ -1270,7 +1267,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -91165,10 +91439,10 @@ index e4fd45b..2eeb5c4 100644 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..20df9f1 100644 +index e9c6ac7..4cb4ecc 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,944 @@ +@@ -4,6 +4,943 @@ menu "Security options" @@ -92008,7 +92282,7 @@ index e9c6ac7..20df9f1 100644 +config PAX_CONSTIFY_PLUGIN + bool "Automatically constify eligible structures" + default y -+ depends on !UML ++ depends on !UML && PAX_KERNEXEC + help + By saying Y here the compiler will automatically constify a class + of types that contain only function pointers. This reduces the @@ -92054,7 +92328,6 @@ index e9c6ac7..20df9f1 100644 + Since this has a negligible performance impact, you should enable + this feature. + -+ +config PAX_USERCOPY_DEBUG + bool + depends on X86 && PAX_USERCOPY @@ -92113,7 +92386,7 @@ index e9c6ac7..20df9f1 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1041,7 @@ config INTEL_TXT +@@ -103,7 +1040,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -100963,17 +101236,20 @@ index 0000000..ddd5b2e +alloc_dr_65495 alloc_dr 2 65495 NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..63c46e5 +index 0000000..9db0d0e --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,2050 @@ +@@ -0,0 +1,2114 @@ +/* -+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> ++ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 + * + * Homepage: + * http://www.grsecurity.net/~ephox/overflow_plugin/ + * ++ * Documentation: ++ * http://forums.grsecurity.net/viewtopic.php?f=7&t=3043 ++ * + * This plugin recomputes expressions of function arguments marked by a size_overflow attribute + * with double integer precision (DImode/TImode for 32/64 bit integer types). + * The recomputed argument is checked against TYPE_MAX and an event is logged on overflow and the triggering process is killed. @@ -101053,7 +101329,7 @@ index 0000000..63c46e5 +static void print_missing_msg(tree func, unsigned int argnum); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20130316beta", ++ .version = "20130410beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -101858,6 +102134,61 @@ index 0000000..63c46e5 + return create_assign(visited, stmt, rhs1, AFTER_STMT); +} + ++static bool no_uses(tree node) ++{ ++ imm_use_iterator imm_iter; ++ use_operand_p use_p; ++ ++ FOR_EACH_IMM_USE_FAST(use_p, imm_iter, node) { ++ const_gimple use_stmt = USE_STMT(use_p); ++ if (use_stmt == NULL) ++ return true; ++ if (is_gimple_debug(use_stmt)) ++ continue; ++ if (!(gimple_bb(use_stmt)->flags & BB_REACHABLE)) ++ continue; ++ return false; ++ } ++ return true; ++} ++ ++// 3.8.5 mm/page-writeback.c __ilog2_u64(): ret, uint + uintmax; uint -> int; int max ++static bool is_const_plus_unsigned_signed_truncation(const_tree lhs) ++{ ++ tree rhs1, lhs_type, rhs_type, rhs2, not_const_rhs; ++ gimple def_stmt = get_def_stmt(lhs); ++ ++ if (!def_stmt || !gimple_assign_cast_p(def_stmt)) ++ return false; ++ ++ rhs1 = gimple_assign_rhs1(def_stmt); ++ rhs_type = TREE_TYPE(rhs1); ++ lhs_type = TREE_TYPE(lhs); ++ if (TYPE_UNSIGNED(lhs_type) || !TYPE_UNSIGNED(rhs_type)) ++ return false; ++ if (TYPE_MODE(lhs_type) != TYPE_MODE(rhs_type)) ++ return false; ++ ++ def_stmt = get_def_stmt(rhs1); ++ if (!def_stmt || gimple_code(def_stmt) != GIMPLE_ASSIGN || gimple_num_ops(def_stmt) != 3) ++ return false; ++ ++ if (gimple_assign_rhs_code(def_stmt) != PLUS_EXPR) ++ return false; ++ ++ rhs1 = gimple_assign_rhs1(def_stmt); ++ rhs2 = gimple_assign_rhs2(def_stmt); ++ if (!is_gimple_constant(rhs1) && !is_gimple_constant(rhs2)) ++ return false; ++ ++ if (is_gimple_constant(rhs2)) ++ not_const_rhs = rhs1; ++ else ++ not_const_rhs = rhs2; ++ ++ return no_uses(not_const_rhs); ++} ++ +static bool skip_lhs_cast_check(const_gimple stmt) +{ + const_tree rhs = gimple_assign_rhs1(stmt); @@ -101867,6 +102198,9 @@ index 0000000..63c46e5 + if (gimple_code(def_stmt) == GIMPLE_ASM) + return true; + ++ if (is_const_plus_unsigned_signed_truncation(rhs)) ++ return true; ++ + return false; +} + @@ -102116,6 +102450,9 @@ index 0000000..63c46e5 + + gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE); + ++ if (is_const_plus_unsigned_signed_truncation(rhs)) ++ return; ++ + type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type)); + // typemax (-1) < typemin (0) + if (TREE_OVERFLOW(type_max)) @@ -103352,10 +103689,10 @@ index 0000000..ac2901e +} diff --git a/tools/gcc/structleak_plugin.c b/tools/gcc/structleak_plugin.c new file mode 100644 -index 0000000..5afca14 +index 0000000..41770fc --- /dev/null +++ b/tools/gcc/structleak_plugin.c -@@ -0,0 +1,271 @@ +@@ -0,0 +1,272 @@ +/* + * Copyright 2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -103500,9 +103837,11 @@ index 0000000..5afca14 + // we're looking for an assignment of a single rhs... + if (!gimple_assign_single_p(stmt)) + continue; ++#if BUILDING_GCC_VERSION >= 4007 + // ... of a non-clobbering expression... + if (TREE_CLOBBER_P(rhs1)) + continue; ++#endif + // ... to our variable... + if (gimple_get_lhs(stmt) != var) + continue; @@ -103512,8 +103851,7 @@ index 0000000..5afca14 + } + + // build the initializer expression -+ initializer = make_node(CONSTRUCTOR); -+ TREE_TYPE(initializer) = TREE_TYPE(var); ++ initializer = build_constructor(TREE_TYPE(var), NULL); + + // build the initializer stmt + init_stmt = gimple_build_assign(var, initializer); diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 707b1834a9..c14d186c63 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 3.8.5 Kernel Configuration +# Linux/i386 3.8.7 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -5287,7 +5287,10 @@ CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set # CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -5380,6 +5383,7 @@ CONFIG_DEBUG_NMI_SELFTEST=y # Grsecurity # CONFIG_ARCH_TRACK_EXEC_LIMIT=y +CONFIG_PAX_USERCOPY_SLABS=y CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_CONFIG_AUTO is not set CONFIG_GRKERNSEC_CONFIG_CUSTOM=y @@ -5429,11 +5433,11 @@ CONFIG_PAX_RANDMMAP=y # # CONFIG_PAX_MEMORY_SANITIZE is not set # CONFIG_PAX_MEMORY_STACKLEAK is not set -# CONFIG_PAX_MEMORY_STRUCTLEAK is not set +CONFIG_PAX_MEMORY_STRUCTLEAK=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y -CONFIG_PAX_CONSTIFY_PLUGIN=y -# CONFIG_PAX_USERCOPY is not set +CONFIG_PAX_USERCOPY=y +# CONFIG_PAX_USERCOPY_DEBUG is not set # CONFIG_PAX_SIZE_OVERFLOW is not set # CONFIG_PAX_LATENT_ENTROPY is not set diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index fc28faeb66..2f4361cb25 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 3.8.2 Kernel Configuration +# Linux/x86_64 3.8.7 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -5222,7 +5222,10 @@ CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_PROVE_LOCKING is not set # CONFIG_SPARSE_RCU_POINTER is not set +# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -5316,6 +5319,7 @@ CONFIG_DEBUG_NMI_SELFTEST=y # Grsecurity # CONFIG_TASK_SIZE_MAX_SHIFT=47 +CONFIG_PAX_USERCOPY_SLABS=y CONFIG_GRKERNSEC=y # CONFIG_GRKERNSEC_CONFIG_AUTO is not set CONFIG_GRKERNSEC_CONFIG_CUSTOM=y @@ -5365,10 +5369,10 @@ CONFIG_PAX_RANDMMAP=y # # CONFIG_PAX_MEMORY_SANITIZE is not set # CONFIG_PAX_MEMORY_STACKLEAK is not set -# CONFIG_PAX_MEMORY_STRUCTLEAK is not set +CONFIG_PAX_MEMORY_STRUCTLEAK=y CONFIG_PAX_REFCOUNT=y -CONFIG_PAX_CONSTIFY_PLUGIN=y -# CONFIG_PAX_USERCOPY is not set +CONFIG_PAX_USERCOPY=y +# CONFIG_PAX_USERCOPY_DEBUG is not set # CONFIG_PAX_SIZE_OVERFLOW is not set # CONFIG_PAX_LATENT_ENTROPY is not set |