diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 20 | ||||
-rw-r--r-- | main/linux-grsec/ccache.patch | 10 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch (renamed from main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch) | 647 |
3 files changed, 468 insertions, 209 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 0da0975fa1..8551ef6dcd 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.13.7 +pkgver=3.13.8 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,8 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.13.7-201403252047.patch + grsecurity-3.0-3.13.8-201404011912.patch + ccache.patch fix-memory-map-for-PIE-applications.patch platform-introduce-OF-style-modalias-support-for-pla.patch @@ -148,8 +149,9 @@ dev() { } md5sums="0ecbaf65c00374eb4a826c2f9f37606f linux-3.13.tar.xz -cb33b329d3417846d310c7f58a2614b6 patch-3.13.7.xz -00dbb1fb5bfc08842d97c02ece67e441 grsecurity-3.0-3.13.7-201403252047.patch +72b911bfc50de88c67bd0e8732978deb patch-3.13.8.xz +8d342a525405ccd167eb95a20c0e1062 grsecurity-3.0-3.13.8-201404011912.patch +2a1bac5f61da1962dfa90dfb16895eef ccache.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-for-pla.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch @@ -157,8 +159,9 @@ f5c7e4f1dc67f8560e4b9bbe75726d13 platform-introduce-OF-style-modalias-support-f 3949ef829d102d36255ff92ff76936d2 kernelconfig.x86_64 6ea461c60077b09aa75040f7672c7250 kernelconfig.armhf" sha256sums="4d5e5eee5f276424c32e9591f1b6c971baedc7b49f28ce03d1f48b1e5d6226a2 linux-3.13.tar.xz -4e7a062493c2a0dd2f2aa0ec636a47b2b1785aebccf652ae56e68f0dfc083f89 patch-3.13.7.xz -2bd65311a72df142f5b4f7be20f4b1e26fc62c076dba9991f0efba12dc847538 grsecurity-3.0-3.13.7-201403252047.patch +073a392f4d156955df26a09c3236faf375da0afc49077e6b805f5788b8fffb10 patch-3.13.8.xz +9121632468387fa458326d1e05a62f855ba8c8ab49998500f56dca7768208bbb grsecurity-3.0-3.13.8-201404011912.patch +b6abce04f005314f768707a54f85d150cfde1a738f20c569ffa0d11770ff70dc ccache.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch e90bb651da4ff16df25565e44ca70e26367bbcbf9d27962c796c6afd5eecea96 platform-introduce-OF-style-modalias-support-for-pla.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch @@ -166,8 +169,9 @@ f8297eb16cfbe48d5202072e21fa16ebac95de26c8cfa8ec5a66610504af2f81 kernelconfig.x fd55e28d9baf330d6593453da592bcc03779694e7c3fb496fec47cdad1d7bcaa kernelconfig.x86_64 c1e583baa6694643f85b8df0924cc7c4fac0f6eef963969615e6e642db0f969a kernelconfig.armhf" sha512sums="1ba223bb4b885d691a67196d86a8aaf7b4a1c351bf2a762f50f1b0c32da00dd0c28895872a66b49e8d244498d996876609268e64861d28ac4048886ef9f79b87 linux-3.13.tar.xz -bee628e25d8ed378fd32d0e96ac20f24d1bef2950377cee249b65db918bd528a744cc1058006f9e945095ccc81805d715eb27e5c36f2515c7dcfdf5fe6b6c7a6 patch-3.13.7.xz -f118a017084f8dee3d5ae0f9435f96e9e5cff7c2d4672855622133cc6fd811c4e481c6b6f907b43c691f0531bfaf168dbd08877e29c25da82989492bc4186de4 grsecurity-3.0-3.13.7-201403252047.patch +d61fc7e95e461b8f0f09ac6e3456eea160f64555bd0c78449d98a6a06e14929915dd6f739f7c7ee34512fbf9eb44ed17e2d262830f86194cb66a4760d019f8f0 patch-3.13.8.xz +0dcb393b94a36fea3698856031e165bc665b5a5f4a080dadcf6f4928e4776780fb16b23c5de8a0446c9a3766afa42f36df67f000b0b020e13c025b474fb68531 grsecurity-3.0-3.13.8-201404011912.patch +f6e36cc94cb0c06ba181362f6de6c9fd431e571fbb35acad78d8790ae107531add54f6cb87d78180dd604076d2326885d16127fc4176ed07277ea89c151ce4e0 ccache.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 2ef795ebd70939be346cba824e6af2ca3d8220cdbc54b9fe3a6861cf44bc0df954ca91b7f6e68dcecebdb8a6a1651c12869588cea8c191f9054fe7a8db02f2a4 platform-introduce-OF-style-modalias-support-for-pla.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch diff --git a/main/linux-grsec/ccache.patch b/main/linux-grsec/ccache.patch new file mode 100644 index 0000000000..b6c7090b74 --- /dev/null +++ b/main/linux-grsec/ccache.patch @@ -0,0 +1,10 @@ +--- ./scripts/gcc-plugin.sh.orig 2014-04-02 11:25:17.447803082 +0000 ++++ ./scripts/gcc-plugin.sh 2014-04-02 11:25:35.211351328 +0000 +@@ -1,6 +1,6 @@ + #!/bin/bash + srctree=$(dirname "$0") +-gccplugins_dir=$("$3" -print-file-name=plugin) ++gccplugins_dir=$($3 -print-file-name=plugin) + plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF + #include "gcc-common.h" + #if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) diff --git a/main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch b/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch index 52f42f1148..9c4aaacd2f 100644 --- a/main/linux-grsec/grsecurity-3.0-3.13.7-201403252047.patch +++ b/main/linux-grsec/grsecurity-3.0-3.13.8-201404011912.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9f214b4..8c9c622 100644 +index 4cab13b..b7d5e41 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4097,7 +4097,7 @@ index cf08bdf..772656c 100644 unsigned long search_exception_table(unsigned long addr); diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index 3e8f106..a0a1fe4 100644 +index ac1d883..5a7bb91 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c @@ -30,6 +30,8 @@ @@ -4109,7 +4109,7 @@ index 3e8f106..a0a1fe4 100644 #include <asm/mach/arch.h> #include <asm/mach/map.h> -@@ -681,7 +683,46 @@ void free_initmem(void) +@@ -682,7 +684,46 @@ void free_initmem(void) { #ifdef CONFIG_HAVE_TCM extern char __tcm_start, __tcm_end; @@ -6662,18 +6662,9 @@ index 25da651..ae2a259 100644 #endif /* __ASM_SMTC_PROC_H */ diff --git a/arch/mips/include/asm/syscall.h b/arch/mips/include/asm/syscall.h -index 81c8913..81d8432 100644 +index 33e8dbf..81d8432 100644 --- a/arch/mips/include/asm/syscall.h +++ b/arch/mips/include/asm/syscall.h -@@ -29,7 +29,7 @@ static inline long syscall_get_nr(struct task_struct *task, - static inline unsigned long mips_get_syscall_arg(unsigned long *arg, - struct task_struct *task, struct pt_regs *regs, unsigned int n) - { -- unsigned long usp = regs->regs[29]; -+ unsigned long usp __maybe_unused = regs->regs[29]; - - switch (n) { - case 0: case 1: case 2: case 3: @@ -39,14 +39,14 @@ static inline unsigned long mips_get_syscall_arg(unsigned long *arg, #ifdef CONFIG_32BIT @@ -17558,7 +17549,7 @@ index 81bb91b..9392125 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 5ad38ad..71db3f2 100644 +index 5ad38ad..f228861 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -45,6 +45,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -17681,7 +17672,30 @@ index 5ad38ad..71db3f2 100644 #include <linux/mm_types.h> #include <linux/mmdebug.h> #include <linux/log2.h> -@@ -580,7 +655,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) +@@ -445,20 +520,10 @@ static inline int pte_same(pte_t a, pte_t b) + return a.pte == b.pte; + } + +-static inline int pteval_present(pteval_t pteval) +-{ +- /* +- * Yes Linus, _PAGE_PROTNONE == _PAGE_NUMA. Expressing it this +- * way clearly states that the intent is that protnone and numa +- * hinting ptes are considered present for the purposes of +- * pagetable operations like zapping, protection changes, gup etc. +- */ +- return pteval & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_NUMA); +-} +- + static inline int pte_present(pte_t a) + { +- return pteval_present(pte_flags(a)); ++ return pte_flags(a) & (_PAGE_PRESENT | _PAGE_PROTNONE | ++ _PAGE_NUMA); + } + + #define pte_accessible pte_accessible +@@ -580,7 +645,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17690,7 +17704,7 @@ index 5ad38ad..71db3f2 100644 /* Find an entry in the second-level page table.. */ static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) -@@ -620,7 +695,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) +@@ -620,7 +685,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) * Currently stuck as a macro due to indirect forward reference to * linux/mmzone.h's __section_mem_map_addr() definition: */ @@ -17699,7 +17713,7 @@ index 5ad38ad..71db3f2 100644 /* to find an entry in a page-table-directory. */ static inline unsigned long pud_index(unsigned long address) -@@ -635,7 +710,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -635,7 +700,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -17708,7 +17722,7 @@ index 5ad38ad..71db3f2 100644 } static inline int pgd_none(pgd_t pgd) -@@ -658,7 +733,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -658,7 +723,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -17722,7 +17736,7 @@ index 5ad38ad..71db3f2 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -669,6 +749,23 @@ static inline int pgd_none(pgd_t pgd) +@@ -669,6 +739,23 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -17746,7 +17760,7 @@ index 5ad38ad..71db3f2 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -835,11 +932,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -835,11 +922,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -24440,7 +24454,7 @@ index f36bd42..56ee1534 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index a468c0a..b9aed84 100644 +index a468c0a..c7dec74 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -24532,6 +24546,15 @@ index a468c0a..b9aed84 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs +@@ -313,7 +344,7 @@ ENDPROC(start_cpu0) + .quad INIT_PER_CPU_VAR(irq_stack_union) + + GLOBAL(stack_start) +- .quad init_thread_union+THREAD_SIZE-8 ++ .quad init_thread_union+THREAD_SIZE-16 + .word 0 + __FINITDATA + @@ -391,7 +422,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS @@ -26509,18 +26532,10 @@ index c8e41e9..64049ef 100644 /* * PCI ids solely used for fixups_table go here diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S -index 3fd2c69..16ef367 100644 +index 3fd2c69..a444264 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S -@@ -11,6 +11,7 @@ - #include <asm/kexec.h> - #include <asm/processor-flags.h> - #include <asm/pgtable_types.h> -+#include <asm/alternative-asm.h> - - /* - * Must be relocatable PIC code callable as a C function -@@ -96,8 +97,7 @@ relocate_kernel: +@@ -96,8 +96,7 @@ relocate_kernel: /* jump to identity mapped page */ addq $(identity_mapped - relocate_kernel), %r8 @@ -26530,14 +26545,6 @@ index 3fd2c69..16ef367 100644 identity_mapped: /* set return address to 0 if not preserving context */ -@@ -167,6 +167,7 @@ identity_mapped: - xorl %r14d, %r14d - xorl %r15d, %r15d - -+ pax_force_retaddr 0, 1 - ret - - 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index cb233bc..23b4879 100644 --- a/arch/x86/kernel/setup.c @@ -26823,7 +26830,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 85dc05a..1241266 100644 +index 85dc05a..f8c96f6 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,18 @@ static void notrace start_secondary(void *unused) @@ -26851,9 +26858,12 @@ index 85dc05a..1241266 100644 /* * Check TSC synchronization with the BP: */ -@@ -751,6 +755,7 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -749,8 +753,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) + alternatives_enable_smp(); + idle->thread.sp = (unsigned long) (((struct pt_regs *) - (THREAD_SIZE + task_stack_page(idle))) - 1); +- (THREAD_SIZE + task_stack_page(idle))) - 1); ++ (THREAD_SIZE - 16 + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; + per_cpu(current_tinfo, cpu) = &idle->tinfo; @@ -28085,7 +28095,7 @@ index d86ff15..e77b023 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index ad75d77..a679d32 100644 +index cba218a..1cc1bed 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -331,7 +331,7 @@ retry_walk: @@ -28125,7 +28135,7 @@ index 532add1..59eb241 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index dcc4de3..6bf73f4 100644 +index 31c3e8b..ca3acc6 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -33527,7 +33537,7 @@ index 0000000..dace51c +EXPORT_SYMBOL(__pax_close_userland); +#endif diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S -index 877b9a1..f746de8 100644 +index 0149575..f746de8 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S @@ -9,6 +9,7 @@ @@ -33601,15 +33611,6 @@ index 877b9a1..f746de8 100644 ret #define sk_negative_common(SIZE) \ -@@ -140,7 +149,7 @@ bpf_slow_path_byte_msh: - push %r9; \ - push SKBDATA; \ - /* rsi already has offset */ \ -- mov $SIZE,%ecx; /* size */ \ -+ mov $SIZE,%edx; /* size */ \ - call bpf_internal_load_pointer_neg_helper; \ - test %rax,%rax; \ - pop SKBDATA; \ @@ -157,6 +166,7 @@ sk_load_word_negative_offset: sk_negative_common(4) mov (%rax), %eax @@ -35431,18 +35432,30 @@ index fa6ade7..73da73a5 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 3c76c3d..7871755 100644 +index 3c76c3d..7327d91 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -379,7 +379,7 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) +@@ -365,7 +365,7 @@ void xen_ptep_modify_prot_commit(struct mm_struct *mm, unsigned long addr, + /* Assume pteval_t is equivalent to all the other *val_t types. */ + static pteval_t pte_mfn_to_pfn(pteval_t val) + { +- if (pteval_present(val)) { ++ if (val & _PAGE_PRESENT) { + unsigned long mfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; + unsigned long pfn = mfn_to_pfn(mfn); + +@@ -379,9 +379,9 @@ static pteval_t pte_mfn_to_pfn(pteval_t val) return val; } -static pteval_t pte_pfn_to_mfn(pteval_t val) +static pteval_t __intentional_overflow(-1) pte_pfn_to_mfn(pteval_t val) { - if (pteval_present(val)) { +- if (pteval_present(val)) { ++ if (val & _PAGE_PRESENT) { unsigned long pfn = (val & PTE_PFN_MASK) >> PAGE_SHIFT; + pteval_t flags = val & PTE_FLAGS_MASK; + unsigned long mfn; @@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ @@ -40054,6 +40067,19 @@ index a3ba9a8..ee52ddd 100644 unsigned relocs_total = 0; unsigned relocs_max = UINT_MAX / sizeof(struct drm_i915_gem_relocation_entry); +diff --git a/drivers/gpu/drm/i915/i915_gem_gtt.c b/drivers/gpu/drm/i915/i915_gem_gtt.c +index d3c3b5b..e79720d 100644 +--- a/drivers/gpu/drm/i915/i915_gem_gtt.c ++++ b/drivers/gpu/drm/i915/i915_gem_gtt.c +@@ -828,7 +828,7 @@ void i915_gem_suspend_gtt_mappings(struct drm_device *dev) + dev_priv->gtt.base.clear_range(&dev_priv->gtt.base, + dev_priv->gtt.base.start / PAGE_SIZE, + dev_priv->gtt.base.total / PAGE_SIZE, +- false); ++ true); + } + + void i915_gem_restore_gtt_mappings(struct drm_device *dev) diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c index 3c59584..500f2e9 100644 --- a/drivers/gpu/drm/i915/i915_ioc32.c @@ -40090,7 +40116,7 @@ index 3c59584..500f2e9 100644 return ret; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index a209177..842a89a 100644 +index 9702704..3fb9e40 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -1419,7 +1419,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) @@ -40147,7 +40173,7 @@ index a209177..842a89a 100644 I915_WRITE(GEN8_MASTER_IRQ, 0); POSTING_READ(GEN8_MASTER_IRQ); -@@ -2998,7 +2998,7 @@ static void gen8_irq_uninstall(struct drm_device *dev) +@@ -2996,7 +2996,7 @@ static void gen8_irq_uninstall(struct drm_device *dev) if (!dev_priv) return; @@ -40156,7 +40182,7 @@ index a209177..842a89a 100644 I915_WRITE(GEN8_MASTER_IRQ, 0); -@@ -3092,7 +3092,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -3090,7 +3090,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40165,7 +40191,7 @@ index a209177..842a89a 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -3178,7 +3178,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) +@@ -3176,7 +3176,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -40174,7 +40200,7 @@ index a209177..842a89a 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -3253,7 +3253,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -3251,7 +3251,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40183,7 +40209,7 @@ index a209177..842a89a 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -3360,7 +3360,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) +@@ -3358,7 +3358,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; int pipe, ret = IRQ_NONE; @@ -40192,7 +40218,7 @@ index a209177..842a89a 100644 iir = I915_READ(IIR); do { -@@ -3487,7 +3487,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -3485,7 +3485,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -40201,7 +40227,7 @@ index a209177..842a89a 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -3603,7 +3603,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) +@@ -3601,7 +3601,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -41431,7 +41457,7 @@ index cea623c..73011b0 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index f0c5e07..399256e 100644 +index f0c5e07..49a4d4a 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -41443,6 +41469,15 @@ index f0c5e07..399256e 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), +@@ -154,7 +154,7 @@ int hv_init(void) + /* See if the hypercall page is already set */ + rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); + +- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC); ++ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX); + + if (!virtaddr) + goto cleanup; diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c index 7e17a54..a50a33d 100644 --- a/drivers/hv/hv_balloon.c @@ -44483,10 +44518,10 @@ index 46da365..3ba4206 100644 dev_set_drvdata(&dev->dev, dev); rc = device_add(&dev->dev); diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c -index 20e345d..da56fe4 100644 +index a1c641e..3007da9 100644 --- a/drivers/media/usb/dvb-usb/cxusb.c +++ b/drivers/media/usb/dvb-usb/cxusb.c -@@ -1101,7 +1101,7 @@ static struct dib0070_config dib7070p_dib0070_config = { +@@ -1112,7 +1112,7 @@ static struct dib0070_config dib7070p_dib0070_config = { struct dib0700_adapter_state { int (*set_param_save) (struct dvb_frontend *); @@ -44496,7 +44531,7 @@ index 20e345d..da56fe4 100644 static int dib7070_set_param_override(struct dvb_frontend *fe) { diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c -index c1a63b2..dbcbfb6 100644 +index f272ed8..6289f9c 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c @@ -121,7 +121,7 @@ struct su3000_state { @@ -45476,19 +45511,6 @@ index 7b5424f..ed1d6ac 100644 err = -EFAULT; goto cmd_rel_host; } -diff --git a/drivers/mmc/card/queue.c b/drivers/mmc/card/queue.c -index 357bbc5..3e049c1 100644 ---- a/drivers/mmc/card/queue.c -+++ b/drivers/mmc/card/queue.c -@@ -197,7 +197,7 @@ int mmc_init_queue(struct mmc_queue *mq, struct mmc_card *card, - struct mmc_queue_req *mqrq_prev = &mq->mqrq[1]; - - if (mmc_dev(host)->dma_mask && *mmc_dev(host)->dma_mask) -- limit = dma_max_pfn(mmc_dev(host)) << PAGE_SHIFT; -+ limit = (u64)dma_max_pfn(mmc_dev(host)) << PAGE_SHIFT; - - mq->card = card; - mq->queue = blk_init_queue(mmc_request_fn, lock); diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c index e5b5eeb..7bf2212 100644 --- a/drivers/mmc/core/mmc_ops.c @@ -48189,10 +48211,10 @@ index 84419af..268ede8 100644 &dev_attr_energy_uj.attr; } diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index 75dffb79..df850cd 100644 +index 7271299..20217a5 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c -@@ -3370,7 +3370,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3366,7 +3366,7 @@ regulator_register(const struct regulator_desc *regulator_desc, { const struct regulation_constraints *constraints = NULL; const struct regulator_init_data *init_data; @@ -48201,7 +48223,7 @@ index 75dffb79..df850cd 100644 struct regulator_dev *rdev; struct device *dev; int ret, i; -@@ -3440,7 +3440,7 @@ regulator_register(const struct regulator_desc *regulator_desc, +@@ -3436,7 +3436,7 @@ regulator_register(const struct regulator_desc *regulator_desc, rdev->dev.of_node = config->of_node; rdev->dev.parent = dev; dev_set_name(&rdev->dev, "regulator.%d", @@ -49336,7 +49358,7 @@ index fe0bcb1..c9255be 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 7bd7f0d..93159d8 100644 +index 62ec84b..93159d8 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1474,7 +1474,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) @@ -49360,15 +49382,6 @@ index 7bd7f0d..93159d8 100644 disposition = scsi_decide_disposition(cmd); if (disposition != SUCCESS && -@@ -1684,7 +1684,7 @@ u64 scsi_calculate_bounce_limit(struct Scsi_Host *shost) - - host_dev = scsi_get_device(shost); - if (host_dev && host_dev->dma_mask) -- bounce_limit = dma_max_pfn(host_dev) << PAGE_SHIFT; -+ bounce_limit = (u64)dma_max_pfn(host_dev) << PAGE_SHIFT; - - return bounce_limit; - } diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 8ff62c2..693b6f7 100644 --- a/drivers/scsi/scsi_sysfs.c @@ -52092,6 +52105,38 @@ index 1eab4ac..e21efc9 100644 iommu_group_id(group->iommu_group)); return 0; +diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c +index b12176f..e5522d9 100644 +--- a/drivers/vhost/net.c ++++ b/drivers/vhost/net.c +@@ -528,6 +528,12 @@ static int get_rx_bufs(struct vhost_virtqueue *vq, + *iovcount = seg; + if (unlikely(log)) + *log_num = nlogs; ++ ++ /* Detect overrun */ ++ if (unlikely(datalen > 0)) { ++ r = UIO_MAXIOV + 1; ++ goto err; ++ } + return headcount; + err: + vhost_discard_vq_desc(vq, headcount); +@@ -583,6 +589,14 @@ static void handle_rx(struct vhost_net *net) + /* On error, stop handling until the next kick. */ + if (unlikely(headcount < 0)) + break; ++ /* On overrun, truncate and discard */ ++ if (unlikely(headcount > UIO_MAXIOV)) { ++ msg.msg_iovlen = 1; ++ err = sock->ops->recvmsg(NULL, sock, &msg, ++ 1, MSG_DONTWAIT | MSG_TRUNC); ++ pr_debug("Discarded rx packet: len %zd\n", sock_len); ++ continue; ++ } + /* OK, now we need to know about added descriptors. */ + if (!headcount) { + if (unlikely(vhost_enable_notify(&net->dev, vq))) { diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c index 5174eba..451e6bc 100644 --- a/drivers/vhost/vringh.c @@ -55593,6 +55638,54 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, +diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c +index 4c02e2b..2c85267 100644 +--- a/drivers/xen/balloon.c ++++ b/drivers/xen/balloon.c +@@ -406,12 +406,26 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) + state = BP_EAGAIN; + break; + } +- +- pfn = page_to_pfn(page); +- frame_list[i] = pfn_to_mfn(pfn); +- + scrub_page(page); + ++ frame_list[i] = page_to_pfn(page); ++ } ++ ++ /* ++ * Ensure that ballooned highmem pages don't have kmaps. ++ * ++ * Do this before changing the p2m as kmap_flush_unused() ++ * reads PTEs to obtain pages (and hence needs the original ++ * p2m entry). ++ */ ++ kmap_flush_unused(); ++ ++ /* Update direct mapping, invalidate P2M, and add to balloon. */ ++ for (i = 0; i < nr_pages; i++) { ++ pfn = frame_list[i]; ++ frame_list[i] = pfn_to_mfn(pfn); ++ page = pfn_to_page(pfn); ++ + #ifdef CONFIG_XEN_HAVE_PVMMU + /* + * Ballooned out frames are effectively replaced with +@@ -436,11 +450,9 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) + } + #endif + +- balloon_append(pfn_to_page(pfn)); ++ balloon_append(page); + } + +- /* Ensure that ballooned highmem pages don't have kmaps. */ +- kmap_flush_unused(); + flush_tlb_all(); + + set_xen_guest_handle(reservation.extent_start, frame_list); diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -55684,6 +55777,61 @@ index 062a5f6..e5618e0 100644 return -EINVAL; file = aio_private_file(ctx, nr_pages); +diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c +index 2408473..80ef38c 100644 +--- a/fs/anon_inodes.c ++++ b/fs/anon_inodes.c +@@ -41,19 +41,8 @@ static const struct dentry_operations anon_inodefs_dentry_operations = { + static struct dentry *anon_inodefs_mount(struct file_system_type *fs_type, + int flags, const char *dev_name, void *data) + { +- struct dentry *root; +- root = mount_pseudo(fs_type, "anon_inode:", NULL, ++ return mount_pseudo(fs_type, "anon_inode:", NULL, + &anon_inodefs_dentry_operations, ANON_INODE_FS_MAGIC); +- if (!IS_ERR(root)) { +- struct super_block *s = root->d_sb; +- anon_inode_inode = alloc_anon_inode(s); +- if (IS_ERR(anon_inode_inode)) { +- dput(root); +- deactivate_locked_super(s); +- root = ERR_CAST(anon_inode_inode); +- } +- } +- return root; + } + + static struct file_system_type anon_inode_fs_type = { +@@ -175,22 +164,15 @@ EXPORT_SYMBOL_GPL(anon_inode_getfd); + + static int __init anon_inode_init(void) + { +- int error; +- +- error = register_filesystem(&anon_inode_fs_type); +- if (error) +- goto err_exit; + anon_inode_mnt = kern_mount(&anon_inode_fs_type); +- if (IS_ERR(anon_inode_mnt)) { +- error = PTR_ERR(anon_inode_mnt); +- goto err_unregister_filesystem; +- } ++ if (IS_ERR(anon_inode_mnt)) ++ panic("anon_inode_init() kernel mount failed (%ld)\n", PTR_ERR(anon_inode_mnt)); ++ ++ anon_inode_inode = alloc_anon_inode(anon_inode_mnt->mnt_sb); ++ if (IS_ERR(anon_inode_inode)) ++ panic("anon_inode_init() inode allocation failed (%ld)\n", PTR_ERR(anon_inode_inode)); ++ + return 0; +- +-err_unregister_filesystem: +- unregister_filesystem(&anon_inode_fs_type); +-err_exit: +- panic(KERN_ERR "anon_inode_init() failed (%d)\n", error); + } + + fs_initcall(anon_inode_init); diff --git a/fs/attr.c b/fs/attr.c index 5d4e59d..fd02418 100644 --- a/fs/attr.c @@ -58018,7 +58166,7 @@ index bc3fbcd..6031650 100644 return 0; while (nr) { diff --git a/fs/dcache.c b/fs/dcache.c -index fdbe230..ba17c1f 100644 +index fdbe230..d852932 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -1495,7 +1495,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name) @@ -58030,6 +58178,18 @@ index fdbe230..ba17c1f 100644 if (!dname) { kmem_cache_free(dentry_cache, dentry); return NULL; +@@ -2833,9 +2833,9 @@ static int prepend_name(char **buffer, int *buflen, struct qstr *name) + u32 dlen = ACCESS_ONCE(name->len); + char *p; + +- if (*buflen < dlen + 1) +- return -ENAMETOOLONG; + *buflen -= dlen + 1; ++ if (*buflen < 0) ++ return -ENAMETOOLONG; + p = *buffer -= dlen + 1; + *p++ = '/'; + while (dlen--) { @@ -3428,7 +3428,8 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; @@ -61024,7 +61184,7 @@ index a17458c..e69fb5b 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index cfe6608..f9deefc 100644 +index cfe6608..a24748c 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -61100,7 +61260,57 @@ index cfe6608..f9deefc 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1582,6 +1596,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1098,7 +1112,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, + return false; + + if (!d_mountpoint(path->dentry)) +- break; ++ return true; + + mounted = __lookup_mnt(path->mnt, path->dentry); + if (!mounted) +@@ -1114,20 +1128,7 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, + */ + *inode = path->dentry->d_inode; + } +- return true; +-} +- +-static void follow_mount_rcu(struct nameidata *nd) +-{ +- while (d_mountpoint(nd->path.dentry)) { +- struct mount *mounted; +- mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); +- if (!mounted) +- break; +- nd->path.mnt = &mounted->mnt; +- nd->path.dentry = mounted->mnt.mnt_root; +- nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); +- } ++ return read_seqretry(&mount_lock, nd->m_seq); + } + + static int follow_dotdot_rcu(struct nameidata *nd) +@@ -1155,7 +1156,17 @@ static int follow_dotdot_rcu(struct nameidata *nd) + break; + nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); + } +- follow_mount_rcu(nd); ++ while (d_mountpoint(nd->path.dentry)) { ++ struct mount *mounted; ++ mounted = __lookup_mnt(nd->path.mnt, nd->path.dentry); ++ if (!mounted) ++ break; ++ nd->path.mnt = &mounted->mnt; ++ nd->path.dentry = mounted->mnt.mnt_root; ++ nd->seq = read_seqcount_begin(&nd->path.dentry->d_seq); ++ if (!read_seqretry(&mount_lock, nd->m_seq)) ++ goto failed; ++ } + nd->inode = nd->path.dentry->d_inode; + return 0; + +@@ -1582,6 +1593,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) if (res) break; res = walk_component(nd, path, LOOKUP_FOLLOW); @@ -61109,7 +61319,7 @@ index cfe6608..f9deefc 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1655,7 +1671,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1655,7 +1668,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -61118,7 +61328,7 @@ index cfe6608..f9deefc 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1939,6 +1955,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1939,6 +1952,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -61127,7 +61337,7 @@ index cfe6608..f9deefc 100644 put_link(nd, &link, cookie); } } -@@ -1946,6 +1964,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1946,6 +1961,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -61141,7 +61351,7 @@ index cfe6608..f9deefc 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!d_is_directory(nd->path.dentry)) { path_put(&nd->path); -@@ -1973,8 +1998,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -1973,8 +1995,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -61158,7 +61368,7 @@ index cfe6608..f9deefc 100644 return retval; } -@@ -2548,6 +2580,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2548,6 +2577,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -61172,7 +61382,7 @@ index cfe6608..f9deefc 100644 return 0; } -@@ -2779,7 +2818,7 @@ looked_up: +@@ -2779,7 +2815,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -61181,7 +61391,7 @@ index cfe6608..f9deefc 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2814,6 +2853,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2814,6 +2850,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -61199,7 +61409,7 @@ index cfe6608..f9deefc 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2835,6 +2885,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2835,6 +2882,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -61208,7 +61418,7 @@ index cfe6608..f9deefc 100644 } out_no_open: path->dentry = dentry; -@@ -2849,7 +2901,7 @@ out_dput: +@@ -2849,7 +2898,7 @@ out_dput: /* * Handle the last step of open() */ @@ -61217,7 +61427,7 @@ index cfe6608..f9deefc 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2899,6 +2951,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2899,6 +2948,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -61233,7 +61443,7 @@ index cfe6608..f9deefc 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2918,7 +2979,7 @@ retry_lookup: +@@ -2918,7 +2976,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -61242,7 +61452,7 @@ index cfe6608..f9deefc 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2942,11 +3003,28 @@ retry_lookup: +@@ -2942,11 +3000,28 @@ retry_lookup: goto finish_open_created; } @@ -61272,7 +61482,7 @@ index cfe6608..f9deefc 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2987,6 +3065,11 @@ finish_lookup: +@@ -2987,6 +3062,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -61284,7 +61494,7 @@ index cfe6608..f9deefc 100644 return 1; } -@@ -2996,7 +3079,6 @@ finish_lookup: +@@ -2996,7 +3076,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -61292,7 +61502,7 @@ index cfe6608..f9deefc 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3006,7 +3088,18 @@ finish_open: +@@ -3006,7 +3085,18 @@ finish_open: path_put(&save_parent); return error; } @@ -61311,7 +61521,7 @@ index cfe6608..f9deefc 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3170,7 +3263,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3170,7 +3260,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -61320,7 +61530,7 @@ index cfe6608..f9deefc 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3188,7 +3281,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3188,7 +3278,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -61329,7 +61539,7 @@ index cfe6608..f9deefc 100644 put_link(nd, &link, cookie); } out: -@@ -3288,9 +3381,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3288,9 +3378,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -61343,7 +61553,7 @@ index cfe6608..f9deefc 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3342,6 +3437,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3342,6 +3434,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -61364,7 +61574,7 @@ index cfe6608..f9deefc 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3404,6 +3513,17 @@ retry: +@@ -3404,6 +3510,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61382,7 +61592,7 @@ index cfe6608..f9deefc 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3420,6 +3540,8 @@ retry: +@@ -3420,6 +3537,8 @@ retry: break; } out: @@ -61391,7 +61601,7 @@ index cfe6608..f9deefc 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3472,9 +3594,16 @@ retry: +@@ -3472,9 +3591,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -61408,7 +61618,7 @@ index cfe6608..f9deefc 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3555,6 +3684,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3555,6 +3681,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -61417,7 +61627,7 @@ index cfe6608..f9deefc 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3587,10 +3718,21 @@ retry: +@@ -3587,10 +3715,21 @@ retry: error = -ENOENT; goto exit3; } @@ -61439,7 +61649,7 @@ index cfe6608..f9deefc 100644 exit3: dput(dentry); exit2: -@@ -3680,6 +3822,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3680,6 +3819,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -61448,7 +61658,7 @@ index cfe6608..f9deefc 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3706,10 +3850,22 @@ retry_deleg: +@@ -3706,10 +3847,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -61471,7 +61681,7 @@ index cfe6608..f9deefc 100644 exit2: dput(dentry); } -@@ -3797,9 +3953,17 @@ retry: +@@ -3797,9 +3950,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -61489,7 +61699,7 @@ index cfe6608..f9deefc 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3902,6 +4066,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3902,6 +4063,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -61497,7 +61707,7 @@ index cfe6608..f9deefc 100644 int how = 0; int error; -@@ -3925,7 +4090,7 @@ retry: +@@ -3925,7 +4087,7 @@ retry: if (error) return error; @@ -61506,7 +61716,7 @@ index cfe6608..f9deefc 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3937,11 +4102,28 @@ retry: +@@ -3937,11 +4099,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -61535,7 +61745,7 @@ index cfe6608..f9deefc 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4228,6 +4410,12 @@ retry_deleg: +@@ -4228,6 +4407,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -61548,7 +61758,7 @@ index cfe6608..f9deefc 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4235,6 +4423,9 @@ retry_deleg: +@@ -4235,6 +4420,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -61558,7 +61768,7 @@ index cfe6608..f9deefc 100644 exit5: dput(new_dentry); exit4: -@@ -4271,6 +4462,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4271,6 +4459,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -61567,7 +61777,7 @@ index cfe6608..f9deefc 100644 int len; len = PTR_ERR(link); -@@ -4280,7 +4473,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4280,7 +4470,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -64953,10 +65163,10 @@ index 104455b..764c512 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..031e895 +index 0000000..13b7885 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1157 @@ +@@ -0,0 +1,1155 @@ +# +# grecurity configuration +# @@ -64970,18 +65180,16 @@ index 0000000..031e895 + help + If you say Y here, /dev/kmem and /dev/mem won't be allowed to + be written to or read from to modify or leak the contents of the running -+ kernel. /dev/port will also not be allowed to be opened, and support -+ for /dev/cpu/*/msr and kexec will be removed. If you have module -+ support disabled, enabling this will close up six ways that are -+ currently used to insert malicious code into the running kernel. ++ kernel. /dev/port will also not be allowed to be opened, writing to ++ /dev/cpu/*/msr will be prevented, and support for kexec will be removed. ++ If you have module support disabled, enabling this will close up several ++ ways that are currently used to insert malicious code into the running ++ kernel. + + Even with this feature enabled, we still highly recommend that + you use the RBAC system, as it is still possible for an attacker to + modify the running kernel through other more obscure methods. + -+ Enabling this feature will prevent the "cpupower" and "powertop" tools -+ from working. -+ + It is highly recommended that you say Y here if you meet all the + conditions above. + @@ -87648,7 +87856,7 @@ index 06ec886..9dba35e 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index be7c86b..b972b27 100644 +index 97fb834..b972b27 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -87663,22 +87871,6 @@ index be7c86b..b972b27 100644 if (syslog_action_restricted(type)) { if (capable(CAP_SYSLOG)) return 0; -@@ -1080,7 +1085,6 @@ static int syslog_print_all(char __user *buf, int size, bool clear) - next_seq = log_next_seq; - - len = 0; -- prev = 0; - while (len >= 0 && seq < next_seq) { - struct printk_log *msg = log_from_idx(idx); - int textlen; -@@ -2789,7 +2793,6 @@ bool kmsg_dump_get_buffer(struct kmsg_dumper *dumper, bool syslog, - next_idx = idx; - - l = 0; -- prev = 0; - while (seq < dumper->next_seq) { - struct printk_log *msg = log_from_idx(idx); - diff --git a/kernel/profile.c b/kernel/profile.c index 6631e1e..310c266 100644 --- a/kernel/profile.c @@ -90104,10 +90296,10 @@ index 26dc348..8708ca7 100644 + return atomic64_inc_return_unchecked(&trace_counter); } diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 2e58196..fdd3d61 100644 +index ba983dc..911aaf9 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1681,7 +1681,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call, +@@ -1675,7 +1675,6 @@ __trace_early_add_new_event(struct ftrace_event_call *call, return 0; } @@ -90809,7 +91001,7 @@ index 7811ed3..f80ca19 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/random32.c b/lib/random32.c -index 1e5b2df..fb616c7 100644 +index 1e5b2df..009bfe8 100644 --- a/lib/random32.c +++ b/lib/random32.c @@ -44,7 +44,7 @@ @@ -90821,6 +91013,27 @@ index 1e5b2df..fb616c7 100644 /** * prandom_u32_state - seeded pseudo-random number generator. +@@ -244,8 +244,19 @@ static void __prandom_reseed(bool late) + static bool latch = false; + static DEFINE_SPINLOCK(lock); + ++ /* Asking for random bytes might result in bytes getting ++ * moved into the nonblocking pool and thus marking it ++ * as initialized. In this case we would double back into ++ * this function and attempt to do a late reseed. ++ * Ignore the pointless attempt to reseed again if we're ++ * already waiting for bytes when the nonblocking pool ++ * got initialized. ++ */ ++ + /* only allow initial seeding (late == false) once */ +- spin_lock_irqsave(&lock, flags); ++ if (!spin_trylock_irqsave(&lock, flags)) ++ return; ++ + if (latch && !late) + goto out; + latch = true; diff --git a/lib/rbtree.c b/lib/rbtree.c index 65f4eff..2cfa167 100644 --- a/lib/rbtree.c @@ -96442,7 +96655,7 @@ index 3f9b0f3..fc6d4fa 100644 if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 4a5df7b..9ad1f1d 100644 +index 464303f..9c30218 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -186,7 +186,7 @@ static void con_fault(struct ceph_connection *con); @@ -101318,24 +101531,6 @@ index e83c416..f87df4c 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index a642fd616..1eebf22 100644 ---- a/net/sunrpc/auth_gss/auth_gss.c -+++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -500,10 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth, - default: - err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); - if (err) -- goto err_free_msg; -+ goto err_put_pipe_version; - }; - kref_get(&gss_auth->kref); - return gss_msg; -+err_put_pipe_version: -+ put_pipe_version(gss_auth->net); - err_free_msg: - kfree(gss_msg); - err: diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 1b94a9c..496f7f5 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c @@ -101689,7 +101884,7 @@ index d38bb45..38d5df5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index d7c1ac6..8e92764 100644 +index d7c1ac6..b0fc322 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net, @@ -101738,7 +101933,52 @@ index d7c1ac6..8e92764 100644 done_path_create(&path, dentry); return err; } -@@ -2335,9 +2354,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -1785,8 +1804,11 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -1911,6 +1933,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + struct unix_sock *u = unix_sk(sk); + struct sockaddr_un *sunaddr = msg->msg_name; + int copied = 0; ++ int noblock = flags & MSG_DONTWAIT; + int check_creds = 0; + int target; + int err = 0; +@@ -1926,7 +1949,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + goto out; + + target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); +- timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); ++ timeo = sock_rcvtimeo(sk, noblock); + + /* Lock the socket to prevent queue disordering + * while sleeps in memcpy_tomsg +@@ -1938,8 +1961,11 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + } + + err = mutex_lock_interruptible(&u->readlock); +- if (err) { +- err = sock_intr_errno(timeo); ++ if (unlikely(err)) { ++ /* recvmsg() in non blocking mode is supposed to return -EAGAIN ++ * sk_rcvtimeo is not honored by mutex_lock_interruptible() ++ */ ++ err = noblock ? -EAGAIN : -ERESTARTSYS; + goto out; + } + +@@ -2335,9 +2361,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -101753,7 +101993,7 @@ index d7c1ac6..8e92764 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2364,8 +2387,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2364,8 +2394,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -102292,26 +102532,25 @@ index 078fe1d..fbdb363 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..5e0222d +index 0000000..3c23999 --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,17 @@ +@@ -0,0 +1,16 @@ +#!/bin/bash -+plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF -+#include "gcc-plugin.h" -+#include "tree.h" -+#include "tm.h" -+#include "rtl.h" -+#ifdef ENABLE_BUILD_WITH_CXX ++srctree=$(dirname "$0") ++gccplugins_dir=$("$3" -print-file-name=plugin) ++plugincc=$("$1" -E -shared - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++#include "gcc-common.h" ++#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 +#else +#warning $1 +#endif -+EOF` ++EOF ++) +if [ $? -eq 0 ] +then -+ [[ "$plugincc" =~ "$1" ]] && echo "$1" -+ [[ "$plugincc" =~ "$2" ]] && echo "$2" ++ ( [[ "$plugincc" =~ "$1" ]] && echo "$1" ) || ( [[ "$plugincc" =~ "$2" ]] && echo "$2" ) +fi diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh index 5de5660..d3deb89 100644 @@ -102537,7 +102776,7 @@ index 0865b3e..7235dd4 100644 __ksymtab_gpl : { *(SORT(___ksymtab_gpl+*)) } __ksymtab_unused : { *(SORT(___ksymtab_unused+*)) } diff --git a/scripts/package/builddeb b/scripts/package/builddeb -index 90e521f..e9eaf8f 100644 +index c1bb9be..63aed853 100644 --- a/scripts/package/builddeb +++ b/scripts/package/builddeb @@ -281,6 +281,7 @@ fi @@ -106836,10 +107075,10 @@ index 0000000..dd73713 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..1a98bed +index 0000000..319229d --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,451 @@ +@@ -0,0 +1,457 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -106868,7 +107107,7 @@ index 0000000..1a98bed +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201402240545", ++ .version = "201403280150", + .help = NULL +}; + @@ -107040,6 +107279,10 @@ index 0000000..1a98bed + +static bool gate_latent_entropy(void) +{ ++ // don't bother with noreturn functions for now ++ if (TREE_THIS_VOLATILE(current_function_decl)) ++ return false; ++ + return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE; +} + @@ -107164,7 +107407,8 @@ index 0000000..1a98bed + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); +//debug_bb(bb); -+ bb = bb->next_bb; ++ gcc_assert(single_succ_p(bb)); ++ bb = single_succ(bb); + + // 3. instrument each BB with an operation on the local entropy variable + while (bb != EXIT_BLOCK_PTR_FOR_FN(cfun)) { @@ -107174,8 +107418,9 @@ index 0000000..1a98bed + }; + + // 4. mix local entropy into the global entropy variable -+ perturb_latent_entropy(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb, local_entropy); -+//debug_bb(EXIT_BLOCK_PTR_FOR_FN(cfun)->prev_bb); ++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun))); ++ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy); ++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun))); + return 0; +} + |