diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.28-201501120819.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch) | 335 |
2 files changed, 76 insertions, 277 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 8c6556f77e..0cf77bff23 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.27 +pkgver=3.14.28 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=2 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.27-201501042018.patch + grsecurity-3.0-3.14.28-201501120819.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -166,8 +166,8 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -d79fd9ea62b9c9dd3c17ed7651a9e408 patch-3.14.27.xz -ca00f323d00586c39cd56cba64b53959 grsecurity-3.0-3.14.27-201501042018.patch +502a4ee34af04e9b9e375e254f7b9a8f patch-3.14.28.xz +14277edb3cc6b593f80bf0e62ba8ec70 grsecurity-3.0-3.14.28-201501120819.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 59a78a67677e25540028414bb5eb6330 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch @@ -175,8 +175,8 @@ c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 38b50cd1a7670f886c5e9fe9f1f91496 kernelconfig.x86_64 6709c83fbbd38d40f31d39f0022d4ce9 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -5f84a4ff394444486d1715d5283383a8461ff089ed9b9fdc5dde2ed65531d21e patch-3.14.27.xz -3ce5950b71acc8b44db2611b5c72d999352b025dbfb8c90517ce0c8ab52d2e84 grsecurity-3.0-3.14.27-201501042018.patch +e3c79a30ac959c84c329be5461da88a5c79c6463da30d376c27bb103aee79b51 patch-3.14.28.xz +487f4b17658ab037586e9106bca355ad35195d1e78e73ceb2cc7feb55c54ef46 grsecurity-3.0-3.14.28-201501120819.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch f04d0f6610398f3657ddb2e6926113c43ec331ae256704bca4de11f432881ec5 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch @@ -184,8 +184,8 @@ bf953a65ba047b5316509da5bc7a6dbcee12767e343d26e8360369d27bfdbe78 kernelconfig.x d555a01f2b464e20cfa71c67ea6d571f80c707c5a3fea33879de09b085e2d7b6 kernelconfig.x86_64 01a6c90cf0643f8727d120aede2267ca7303c4ebe548c5d19222d4387ceb98cc kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -1191ef739905b2e5057c5273e5cf026baea1ea4855dca8375dbe4ecaa7e6d2d38b8103e2781554f2d9ecf9026fdad1086c6b9d8f0b41fcb8e39aca0612e208e7 patch-3.14.27.xz -5af36af71741806a91f509c2b71a6e47fb678c8afb12b2c8bc5890594e90ca27e44641f510187de121a5208cf510d860e71ea1b256cf0e0daf8cf5e4ead1e674 grsecurity-3.0-3.14.27-201501042018.patch +ae4dc86ff594f1a4c1a2a8786a1ad1293e539c8225ae202b87ad474c22dbe1906cd919566307a69ae48f2e3819d1024e6997adaff48a2184ac87ec61a38b6a34 patch-3.14.28.xz +633acca6d98d8a33ee34fcc5c4e51dffe30a682d39ad55bddcee196c15773dc410a59fa70691a73a638cfff7c74379b178952c69e30606435cc6dfae21775ef7 grsecurity-3.0-3.14.28-201501120819.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch ddc32533bd519db5298895eb2da5eb95390999bd3f6d27b5eee38551387df4a43f537235d6a9be859ee1f433420f3afbf01e2c1e7ca0175b27460598c5c385f9 gre-fix-the-inner-mac-header-in-nbma-gre-tunnels-xmit-path.patch diff --git a/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch b/main/linux-grsec/grsecurity-3.0-3.14.28-201501120819.patch index c044d3506c..2e17d7508a 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.27-201501042018.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.28-201501120819.patch @@ -292,7 +292,7 @@ index 7116fda..2f71588 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 944db23..f799f3e 100644 +index a2e572b..b0e0734 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -20522,24 +20522,6 @@ index bbae024..e1528f9 100644 #define BIOS_END 0x00100000 #define BIOS_ROM_BASE 0xffe00000 -diff --git a/arch/x86/include/uapi/asm/ldt.h b/arch/x86/include/uapi/asm/ldt.h -index 46727eb..6e1aaf7 100644 ---- a/arch/x86/include/uapi/asm/ldt.h -+++ b/arch/x86/include/uapi/asm/ldt.h -@@ -28,6 +28,13 @@ struct user_desc { - unsigned int seg_not_present:1; - unsigned int useable:1; - #ifdef __x86_64__ -+ /* -+ * Because this bit is not present in 32-bit user code, user -+ * programs can pass uninitialized values here. Therefore, in -+ * any context in which a user_desc comes from a 32-bit program, -+ * the kernel must act as though lm == 0, regardless of the -+ * actual value. -+ */ - unsigned int lm:1; - #endif - }; diff --git a/arch/x86/include/uapi/asm/ptrace-abi.h b/arch/x86/include/uapi/asm/ptrace-abi.h index 7b0a55a..ad115bf 100644 --- a/arch/x86/include/uapi/asm/ptrace-abi.h @@ -25884,38 +25866,6 @@ index c2bedae..25e7ab60 100644 .attr = { .name = "data", .mode = S_IRUGO, -diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index 713f1b3..0b1e1d5 100644 ---- a/arch/x86/kernel/kvm.c -+++ b/arch/x86/kernel/kvm.c -@@ -280,7 +280,14 @@ do_async_page_fault(struct pt_regs *regs, unsigned long error_code) - static void __init paravirt_ops_setup(void) - { - pv_info.name = "KVM"; -- pv_info.paravirt_enabled = 1; -+ -+ /* -+ * KVM isn't paravirt in the sense of paravirt_enabled. A KVM -+ * guest kernel works like a bare metal kernel with additional -+ * features, and paravirt_enabled is about features that are -+ * missing. -+ */ -+ pv_info.paravirt_enabled = 0; - - if (kvm_para_has_feature(KVM_FEATURE_NOP_IO_DELAY)) - pv_cpu_ops.io_delay = kvm_io_delay; -diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c -index e604109..c8e98cd 100644 ---- a/arch/x86/kernel/kvmclock.c -+++ b/arch/x86/kernel/kvmclock.c -@@ -263,7 +263,6 @@ void __init kvmclock_init(void) - #endif - kvm_get_preset_lpj(); - clocksource_register_hz(&kvm_clock, NSEC_PER_SEC); -- pv_info.paravirt_enabled = 1; - pv_info.name = "KVM"; - - if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE_STABLE_BIT)) diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index c37886d..d851d32 100644 --- a/arch/x86/kernel/ldt.c @@ -26728,7 +26678,7 @@ index 0de43e9..056b840 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 9c0280f..5bbb1c0 100644 +index e2d26ce..10f7ec2 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -158,10 +158,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, @@ -26762,17 +26712,18 @@ index 9c0280f..5bbb1c0 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -303,6 +306,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -334,6 +337,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) if (unlikely(next->ds | prev->ds)) loadsegment(ds, next->ds); + savesegment(ss, prev->ss); + if (unlikely(next->ss != prev->ss)) + loadsegment(ss, next->ss); - - /* We must save %fs and %gs before load_TLS() because - * %fs and %gs may be cleared by load_TLS(). -@@ -362,6 +368,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) ++ + /* + * Switch FS and GS. + * +@@ -407,6 +414,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = this_cpu_read(old_rsp); this_cpu_write(old_rsp, next->usersp); this_cpu_write(current_task, next_p); @@ -26780,7 +26731,7 @@ index 9c0280f..5bbb1c0 100644 /* * If it were not for PREEMPT_ACTIVE we could guarantee that the -@@ -371,9 +378,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -416,9 +424,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) task_thread_info(prev_p)->saved_preempt_count = this_cpu_read(__preempt_count); this_cpu_write(__preempt_count, task_thread_info(next_p)->saved_preempt_count); @@ -26791,7 +26742,7 @@ index 9c0280f..5bbb1c0 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -442,12 +447,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -487,12 +493,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -27884,58 +27835,10 @@ index 24d3c91..d06b473 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index f7fec09..d0f623f 100644 +index 4e942f3..d0f623f 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c -@@ -27,6 +27,37 @@ static int get_free_idx(void) - return -ESRCH; - } - -+static bool tls_desc_okay(const struct user_desc *info) -+{ -+ if (LDT_empty(info)) -+ return true; -+ -+ /* -+ * espfix is required for 16-bit data segments, but espfix -+ * only works for LDT segments. -+ */ -+ if (!info->seg_32bit) -+ return false; -+ -+ /* Only allow data segments in the TLS array. */ -+ if (info->contents > 1) -+ return false; -+ -+ /* -+ * Non-present segments with DPL 3 present an interesting attack -+ * surface. The kernel should handle such segments correctly, -+ * but TLS is very difficult to protect in a sandbox, so prevent -+ * such segments from being created. -+ * -+ * If userspace needs to remove a TLS entry, it can still delete -+ * it outright. -+ */ -+ if (info->seg_not_present) -+ return false; -+ -+ return true; -+} -+ - static void set_tls_desc(struct task_struct *p, int idx, - const struct user_desc *info, int n) - { -@@ -66,6 +97,9 @@ int do_set_thread_area(struct task_struct *p, int idx, - if (copy_from_user(&info, u_info, sizeof(info))) - return -EFAULT; - -+ if (!tls_desc_okay(&info)) -+ return -EINVAL; -+ - if (idx == -1) - idx = info.entry_number; - -@@ -84,6 +118,11 @@ int do_set_thread_area(struct task_struct *p, int idx, +@@ -118,6 +118,11 @@ int do_set_thread_area(struct task_struct *p, int idx, if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX) return -EINVAL; @@ -27947,15 +27850,7 @@ index f7fec09..d0f623f 100644 set_tls_desc(p, idx, &info, 1); return 0; -@@ -192,6 +231,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, - { - struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES]; - const struct user_desc *info; -+ int i; - - if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || - (pos % sizeof(struct user_desc)) != 0 || -@@ -200,11 +240,15 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, +@@ -235,7 +240,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, if (kbuf) info = kbuf; @@ -27964,14 +27859,6 @@ index f7fec09..d0f623f 100644 return -EFAULT; else info = infobuf; - -+ for (i = 0; i < count / sizeof(struct user_desc); i++) -+ if (!tls_desc_okay(info + i)) -+ return -EINVAL; -+ - set_tls_desc(target, - GDT_ENTRY_TLS_MIN + (pos / sizeof(struct user_desc)), - info, count / sizeof(struct user_desc)); diff --git a/arch/x86/kernel/tracepoint.c b/arch/x86/kernel/tracepoint.c index 1c113db..287b42e 100644 --- a/arch/x86/kernel/tracepoint.c @@ -44228,7 +44115,7 @@ index c9a02fe..0debc75 100644 INIT_LIST_HEAD(&serio_raw->client_list); init_waitqueue_head(&serio_raw->wait); diff --git a/drivers/iommu/amd_iommu.c b/drivers/iommu/amd_iommu.c -index 9cbef59..76d5cd3 100644 +index 9cbef59..26db8e4 100644 --- a/drivers/iommu/amd_iommu.c +++ b/drivers/iommu/amd_iommu.c @@ -878,11 +878,21 @@ static void copy_cmd_to_buffer(struct amd_iommu *iommu, @@ -44243,7 +44130,7 @@ index 9cbef59..76d5cd3 100644 - cmd->data[1] = upper_32_bits(__pa(address)); + +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW -+ if (object_starts_on_stack(address)) { ++ if (object_starts_on_stack((void *)address)) { + void *adjbuf = (void *)address - current->stack + current->lowmem_stack; + physaddr = __pa((u64)adjbuf); + } else @@ -44933,10 +44820,10 @@ index 7ef7461..5a09dac 100644 cl->fn = fn; cl->wq = wq; diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 4195a01..42527ac 100644 +index 8e51b3a..bc6febf 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c -@@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) +@@ -1775,7 +1775,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) chunk_kb ? "KB" : "B"); if (bitmap->storage.file) { seq_printf(seq, ", file: "); @@ -45341,10 +45228,10 @@ index 07bba96..2d6788c 100644 struct md_personality diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c -index 786b689..ea8c956 100644 +index f4e22bc..8f83114 100644 --- a/drivers/md/persistent-data/dm-space-map-metadata.c +++ b/drivers/md/persistent-data/dm-space-map-metadata.c -@@ -679,7 +679,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks) +@@ -681,7 +681,7 @@ static int sm_metadata_extend(struct dm_space_map *sm, dm_block_t extra_blocks) * Flick into a mode where all blocks get allocated in the new area. */ smm->begin = old_len; @@ -45353,7 +45240,7 @@ index 786b689..ea8c956 100644 /* * Extend. -@@ -710,7 +710,7 @@ out: +@@ -712,7 +712,7 @@ out: /* * Switch back to normal behaviour. */ @@ -47530,7 +47417,7 @@ index 82dc574..8539ab2 100644 break; diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c -index 7b5424f..ed1d6ac 100644 +index df72c47..7e2aad4 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -575,7 +575,7 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, @@ -63686,47 +63573,6 @@ index e846a32..bb06bd0 100644 put_cpu_var(last_ino); return res; } -diff --git a/fs/isofs/rock.c b/fs/isofs/rock.c -index f488bba..735d752 100644 ---- a/fs/isofs/rock.c -+++ b/fs/isofs/rock.c -@@ -30,6 +30,7 @@ struct rock_state { - int cont_size; - int cont_extent; - int cont_offset; -+ int cont_loops; - struct inode *inode; - }; - -@@ -73,6 +74,9 @@ static void init_rock_state(struct rock_state *rs, struct inode *inode) - rs->inode = inode; - } - -+/* Maximum number of Rock Ridge continuation entries */ -+#define RR_MAX_CE_ENTRIES 32 -+ - /* - * Returns 0 if the caller should continue scanning, 1 if the scan must end - * and -ve on error. -@@ -105,6 +109,8 @@ static int rock_continue(struct rock_state *rs) - goto out; - } - ret = -EIO; -+ if (++rs->cont_loops >= RR_MAX_CE_ENTRIES) -+ goto out; - bh = sb_bread(rs->inode->i_sb, rs->cont_extent); - if (bh) { - memcpy(rs->buffer, bh->b_data + rs->cont_offset, -@@ -356,6 +362,9 @@ repeat: - rs.cont_size = isonum_733(rr->u.CE.size); - break; - case SIG('E', 'R'): -+ /* Invalid length of ER tag id? */ -+ if (rr->u.ER.len_id + offsetof(struct rock_ridge, u.ER.data) > rr->len) -+ goto out; - ISOFS_SB(inode->i_sb)->s_rock = 1; - printk(KERN_DEBUG "ISO 9660 Extensions: "); - { diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -63769,7 +63615,7 @@ index e2b7483..855bca3 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c -index 39c0143..829bfe5 100644 +index 39c0143..79e8b68 100644 --- a/fs/kernfs/dir.c +++ b/fs/kernfs/dir.c @@ -28,7 +28,7 @@ DEFINE_MUTEX(kernfs_mutex); @@ -63781,7 +63627,7 @@ index 39c0143..829bfe5 100644 { unsigned long hash = init_name_hash(); unsigned int len = strlen(name); -@@ -729,11 +729,17 @@ static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry, +@@ -729,11 +729,19 @@ static int kernfs_iop_mkdir(struct inode *dir, struct dentry *dentry, { struct kernfs_node *parent = dir->i_private; struct kernfs_dir_ops *kdops = kernfs_root(parent)->dir_ops; @@ -63793,8 +63639,10 @@ index 39c0143..829bfe5 100644 - return kdops->mkdir(parent, dentry->d_name.name, mode); + ret = kdops->mkdir(parent, dentry->d_name.name, mode); + -+ if (!ret) -+ ret = kernfs_iop_lookup(dir, dentry, 0); ++ if (!ret) { ++ struct dentry *dentry_ret = kernfs_iop_lookup(dir, dentry, 0); ++ ret = PTR_ERR_OR_ZERO(dentry_ret); ++ } + + return ret; } @@ -64597,19 +64445,10 @@ index 0dd72c8..34dd17d 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index d9bf3ef..359b08c 100644 +index 039f380..4239636 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1295,6 +1295,8 @@ void umount_tree(struct mount *mnt, int how) - } - if (last) { - last->mnt_hash.next = unmounted.first; -+ if (unmounted.first) -+ unmounted.first->pprev = &last->mnt_hash.next; - unmounted.first = tmp_list.first; - unmounted.first->pprev = &unmounted.first; - } -@@ -1371,6 +1373,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1373,6 +1373,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -64619,7 +64458,7 @@ index d9bf3ef..359b08c 100644 return retval; } -@@ -1393,6 +1398,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1395,6 +1398,9 @@ static int do_umount(struct mount *mnt, int flags) } unlock_mount_hash(); namespace_unlock(); @@ -64629,7 +64468,7 @@ index d9bf3ef..359b08c 100644 return retval; } -@@ -1412,7 +1420,7 @@ static inline bool may_mount(void) +@@ -1414,7 +1420,7 @@ static inline bool may_mount(void) * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD */ @@ -64638,7 +64477,7 @@ index d9bf3ef..359b08c 100644 { struct path path; struct mount *mnt; -@@ -1454,7 +1462,7 @@ out: +@@ -1459,7 +1465,7 @@ out: /* * The 2.0 compatible umount. No flags. */ @@ -64647,7 +64486,7 @@ index d9bf3ef..359b08c 100644 { return sys_umount(name, 0); } -@@ -2503,6 +2511,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2514,6 +2520,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -64664,7 +64503,7 @@ index d9bf3ef..359b08c 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2517,6 +2535,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2528,6 +2544,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -64674,7 +64513,7 @@ index d9bf3ef..359b08c 100644 return retval; } -@@ -2534,7 +2555,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) +@@ -2545,7 +2564,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) * number incrementing at 10Ghz will take 12,427 years to wrap which * is effectively never, so we can ignore the possibility. */ @@ -64683,7 +64522,7 @@ index d9bf3ef..359b08c 100644 static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) { -@@ -2549,7 +2570,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2560,7 +2579,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) kfree(new_ns); return ERR_PTR(ret); } @@ -64692,7 +64531,7 @@ index d9bf3ef..359b08c 100644 atomic_set(&new_ns->count, 1); new_ns->root = NULL; INIT_LIST_HEAD(&new_ns->list); -@@ -2559,7 +2580,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) +@@ -2570,7 +2589,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) return new_ns; } @@ -64701,7 +64540,7 @@ index d9bf3ef..359b08c 100644 struct user_namespace *user_ns, struct fs_struct *new_fs) { struct mnt_namespace *new_ns; -@@ -2680,8 +2701,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) +@@ -2691,8 +2710,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) } EXPORT_SYMBOL(mount_subtree); @@ -64712,7 +64551,7 @@ index d9bf3ef..359b08c 100644 { int ret; char *kernel_type; -@@ -2794,6 +2815,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2805,6 +2824,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -64724,7 +64563,7 @@ index d9bf3ef..359b08c 100644 get_fs_root(current->fs, &root); old_mp = lock_mount(&old); error = PTR_ERR(old_mp); -@@ -3065,7 +3091,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -3076,7 +3100,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !ns_capable(current_user_ns(), CAP_SYS_ADMIN)) return -EPERM; @@ -65830,7 +65669,7 @@ index baf3464..5b394ec 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index b976062..584d0bc 100644 +index 489ba8c..72265d6 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -66159,7 +65998,7 @@ index b976062..584d0bc 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2597,7 +2721,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2648,7 +2772,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -66168,7 +66007,7 @@ index b976062..584d0bc 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2622,10 +2746,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2673,10 +2797,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -66181,7 +66020,7 @@ index b976062..584d0bc 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2659,6 +2783,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2710,6 +2834,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -66191,7 +66030,7 @@ index b976062..584d0bc 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2789,7 +2916,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2841,7 +2968,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -66206,7 +66045,7 @@ index b976062..584d0bc 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2827,7 +2961,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2879,7 +3013,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -66218,7 +66057,7 @@ index b976062..584d0bc 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2933,7 +3071,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2985,7 +3123,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -66227,7 +66066,7 @@ index b976062..584d0bc 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2960,10 +3098,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3012,10 +3150,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -68517,7 +68356,7 @@ index 3306b9f..a1e0eda 100644 } diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c -index d7c6dbe..0422b7b 100644 +index d89f324..0422b7b 100644 --- a/fs/udf/symlink.c +++ b/fs/udf/symlink.c @@ -30,49 +30,73 @@ @@ -68600,36 +68439,7 @@ index d7c6dbe..0422b7b 100644 } static int udf_symlink_filler(struct file *file, struct page *page) -@@ -80,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) - struct inode *inode = page->mapping->host; - struct buffer_head *bh = NULL; - unsigned char *symlink; -- int err = -EIO; -+ int err; - unsigned char *p = kmap(page); - struct udf_inode_info *iinfo; - uint32_t pos; - -+ /* We don't support symlinks longer than one block */ -+ if (inode->i_size > inode->i_sb->s_blocksize) { -+ err = -ENAMETOOLONG; -+ goto out_unmap; -+ } -+ - iinfo = UDF_I(inode); - pos = udf_block_map(inode, 0); - -@@ -94,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) - } else { - bh = sb_bread(inode->i_sb, pos); - -- if (!bh) -- goto out; -+ if (!bh) { -+ err = -EIO; -+ goto out_unlock_inode; -+ } - +@@ -108,8 +132,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) symlink = bh->b_data; } @@ -68641,18 +68451,6 @@ index d7c6dbe..0422b7b 100644 up_read(&iinfo->i_data_sem); SetPageUptodate(page); -@@ -109,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) - unlock_page(page); - return 0; - --out: -+out_unlock_inode: - up_read(&iinfo->i_data_sem); - SetPageError(page); -+out_unmap: - kunmap(page); - unlock_page(page); - return err; diff --git a/fs/udf/udfdecl.h b/fs/udf/udfdecl.h index be7dabb..6b10c98 100644 --- a/fs/udf/udfdecl.h @@ -80916,10 +80714,10 @@ index c1da539..1dcec55 100644 struct atmphy_ops { int (*start)(struct atm_dev *dev); diff --git a/include/linux/audit.h b/include/linux/audit.h -index ec1464d..833274b 100644 +index 419b7d7..b79b4f2 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h -@@ -196,7 +196,7 @@ static inline void audit_ptrace(struct task_struct *t) +@@ -200,7 +200,7 @@ static inline void audit_ptrace(struct task_struct *t) extern unsigned int audit_serial(void); extern int auditsc_get_stamp(struct audit_context *ctx, struct timespec *t, unsigned int *serial); @@ -81419,7 +81217,7 @@ index d08e4d2..95fad61 100644 /** diff --git a/include/linux/cred.h b/include/linux/cred.h -index 04421e8..a85afd4 100644 +index 6c58dd7..80d1d95 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -35,7 +35,7 @@ struct group_info { @@ -81431,7 +81229,7 @@ index 04421e8..a85afd4 100644 /** * get_group_info - Get a reference to a group info structure -@@ -136,7 +136,7 @@ struct cred { +@@ -137,7 +137,7 @@ struct cred { struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ struct group_info *group_info; /* supplementary groups for euid/fsgid */ struct rcu_head rcu; /* RCU deletion hook */ @@ -81440,7 +81238,7 @@ index 04421e8..a85afd4 100644 extern void __put_cred(struct cred *); extern void exit_creds(struct task_struct *); -@@ -194,6 +194,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) +@@ -195,6 +195,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) static inline void validate_process_creds(void) { } @@ -81450,7 +81248,7 @@ index 04421e8..a85afd4 100644 #endif /** -@@ -322,6 +325,7 @@ static inline void put_cred(const struct cred *_cred) +@@ -323,6 +326,7 @@ static inline void put_cred(const struct cred *_cred) #define task_uid(task) (task_cred_xxx((task), uid)) #define task_euid(task) (task_cred_xxx((task), euid)) @@ -86518,10 +86316,10 @@ index e452ba6..78f8e80 100644 /* * callback functions for platform diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 4836ba3..603f6ee 100644 +index e92abf9..b802b30 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h -@@ -33,7 +33,7 @@ struct user_namespace { +@@ -38,7 +38,7 @@ struct user_namespace { struct key *persistent_keyring_register; struct rw_semaphore persistent_keyring_register_sem; #endif @@ -91994,7 +91792,7 @@ index 6d63003..486a109 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index 9b9a266..c20ef80 100644 +index 82430c8..53d7793 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -92014,7 +91812,7 @@ index 9b9a266..c20ef80 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -445,10 +446,18 @@ EXPORT_SYMBOL(pid_task); +@@ -447,10 +448,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -92034,7 +91832,7 @@ index 9b9a266..c20ef80 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -456,6 +465,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -458,6 +467,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } @@ -94930,10 +94728,10 @@ index 7e3cd7a..5156a5fe 100644 mutex_lock(&syscall_trace_lock); sys_perf_refcount_exit--; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index 80a57af..7f5a7ff 100644 +index 153971e..ac4be58 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -82,6 +82,21 @@ int create_user_ns(struct cred *new) +@@ -83,6 +83,21 @@ int create_user_ns(struct cred *new) !kgid_has_mapping(parent_ns, group)) return -EPERM; @@ -94955,7 +94753,7 @@ index 80a57af..7f5a7ff 100644 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); if (!ns) return -ENOMEM; -@@ -865,7 +880,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) +@@ -966,7 +981,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) if (atomic_read(¤t->mm->mm_users) > 1) return -EINVAL; @@ -118556,10 +118354,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..bbd5d8e +index 0000000..19cb000 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,6034 @@ +@@ -0,0 +1,6035 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL @@ -121784,6 +121582,7 @@ index 0000000..bbd5d8e +l2cap_skbuff_fromiovec_35003 l2cap_skbuff_fromiovec 4-3 35003 NULL +sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL +coda_psdev_read_35029 coda_psdev_read 3 35029 NULL ++proc_setgroups_write_35039 proc_setgroups_write 3 35039 NULL +xfs_rtallocate_extent_35052 xfs_rtallocate_extent 0 35052 NULL +pwr_connection_out_of_sync_read_35061 pwr_connection_out_of_sync_read 3 35061 NULL +ntfs_attr_extend_initialized_35084 ntfs_attr_extend_initialized 0 35084 NULL |