diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 8 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9-3.3.6-201205131658.patch (renamed from main/linux-grsec/grsecurity-2.9-3.3.5-201205071839.patch) | 773 |
2 files changed, 621 insertions, 160 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 1a4e1e713f..3a85b1ba79 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.3.5 +pkgver=3.3.6 _kernver=3.3 pkgrel=0 pkgdesc="Linux kernel with grsecurity" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9-3.3.5-201205071839.patch + grsecurity-2.9-3.3.6-201205131658.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -138,8 +138,8 @@ dev() { } md5sums="7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz -d346edca5d3de7052f49996b01cef401 patch-3.3.5.xz -1c2f2313347889b313f8af1212c708bf grsecurity-2.9-3.3.5-201205071839.patch +a7f67e9c491403906e4bb475de194631 patch-3.3.6.xz +47553b5150ed81a8ee1a4d9fec2688e0 grsecurity-2.9-3.3.6-201205131658.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 5d2818cb5329aec600ee8ffc3896a728 kernelconfig.x86 39552b468a33a04678113c12ec6c1a91 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9-3.3.5-201205071839.patch b/main/linux-grsec/grsecurity-2.9-3.3.6-201205131658.patch index 222eccde75..0bad506a6b 100644 --- a/main/linux-grsec/grsecurity-2.9-3.3.5-201205071839.patch +++ b/main/linux-grsec/grsecurity-2.9-3.3.6-201205131658.patch @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 64615e9..64d72ce 100644 +index 9cd6941..92e68ff 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1457,6 +1457,36 @@ index e4c96cc..1145653 100644 #endif /* __ASSEMBLY__ */ #define arch_align_stack(x) (x) +diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h +index d4c24d4..4ac53e8 100644 +--- a/arch/arm/include/asm/thread_info.h ++++ b/arch/arm/include/asm/thread_info.h +@@ -141,6 +141,12 @@ extern void vfp_flush_hwstate(struct thread_info *); + #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ + #define TIF_SYSCALL_TRACE 8 + #define TIF_SYSCALL_AUDIT 9 ++ ++/* within 8 bits of TIF_SYSCALL_TRACE ++ to meet flexible second operand requirements ++*/ ++#define TIF_GRSEC_SETXID 10 ++ + #define TIF_POLLING_NRFLAG 16 + #define TIF_USING_IWMMXT 17 + #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ +@@ -156,9 +162,11 @@ extern void vfp_flush_hwstate(struct thread_info *); + #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) + #define _TIF_RESTORE_SIGMASK (1 << TIF_RESTORE_SIGMASK) + #define _TIF_SECCOMP (1 << TIF_SECCOMP) ++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) + + /* Checks for any syscall work in entry-common.S */ +-#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) ++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ ++ _TIF_GRSEC_SETXID) + + /* + * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 2958976..12ccac4 100644 --- a/arch/arm/include/asm/uaccess.h @@ -1568,6 +1598,30 @@ index 971d65c..cc936fb 100644 #ifdef CONFIG_MMU /* * The vectors page is always readable from user space for the +diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c +index f5ce8ab..4b73893 100644 +--- a/arch/arm/kernel/ptrace.c ++++ b/arch/arm/kernel/ptrace.c +@@ -905,10 +905,19 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + asmlinkage int syscall_trace(int why, struct pt_regs *regs, int scno) + { + unsigned long ip; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (why) + audit_syscall_exit(regs); + else diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c index a255c39..4a19b25 100644 --- a/arch/arm/kernel/setup.c @@ -2791,6 +2845,40 @@ index 6018c80..7c37203 100644 +#define arch_align_stack(x) ((x) & ~0xfUL) #endif /* _ASM_SYSTEM_H */ +diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h +index 0d85d8e..ec71487 100644 +--- a/arch/mips/include/asm/thread_info.h ++++ b/arch/mips/include/asm/thread_info.h +@@ -123,6 +123,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); + #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ + #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ + #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ ++/* li takes a 32bit immediate */ ++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ + #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ + + #ifdef CONFIG_MIPS32_O32 +@@ -146,15 +148,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); + #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR) + #define _TIF_FPUBOUND (1<<TIF_FPUBOUND) + #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) ++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) ++ ++#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID) + + /* work to do in syscall_trace_leave() */ +-#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) ++#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID) + + /* work to do on interrupt/exception return */ + #define _TIF_WORK_MASK (0x0000ffef & \ + ~(_TIF_SECCOMP | _TIF_SYSCALL_AUDIT)) + /* work to do on any return to u-space */ +-#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP) ++#define _TIF_ALLWORK_MASK ((0x8000ffff & ~_TIF_SECCOMP) | _TIF_GRSEC_SETXID) + + #endif /* __KERNEL__ */ + diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c index 9fdd8bc..4bd7f1a 100644 --- a/arch/mips/kernel/binfmt_elfn32.c @@ -2847,6 +2935,85 @@ index 7955409..ceaea7c 100644 - - return sp & ALMASK; -} +diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c +index 7786b60..3e38c72 100644 +--- a/arch/mips/kernel/ptrace.c ++++ b/arch/mips/kernel/ptrace.c +@@ -529,6 +529,10 @@ static inline int audit_arch(void) + return arch; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + /* + * Notification of system call entry/exit + * - triggered by current->work.syscall_trace +@@ -538,6 +542,11 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) + /* do the secure computing check first */ + secure_computing(regs->regs[2]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (!(current->ptrace & PT_PTRACED)) + goto out; + +diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S +index a632bc1..0b77c7c 100644 +--- a/arch/mips/kernel/scall32-o32.S ++++ b/arch/mips/kernel/scall32-o32.S +@@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) + + stack_done: + lw t0, TI_FLAGS($28) # syscall tracing enabled? +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + and t0, t1 + bnez t0, syscall_trace_entry # -> yes + +diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S +index 3b5a5e9..e1ee86d 100644 +--- a/arch/mips/kernel/scall64-64.S ++++ b/arch/mips/kernel/scall64-64.S +@@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, syscall_trace_entry +diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S +index 6be6f70..1859577 100644 +--- a/arch/mips/kernel/scall64-n32.S ++++ b/arch/mips/kernel/scall64-n32.S +@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) + + sd a3, PT_R26(sp) # save a3 for syscall restarting + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, n32_syscall_trace_entry +diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S +index 5422855..74e63a3 100644 +--- a/arch/mips/kernel/scall64-o32.S ++++ b/arch/mips/kernel/scall64-o32.S +@@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) + PTR 4b, bad_stack + .previous + +- li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT ++ li t1, _TIF_SYSCALL_WORK + LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? + and t0, t1, t0 + bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c index 69ebd58..e4bff83 100644 --- a/arch/mips/mm/fault.c @@ -3689,6 +3856,40 @@ index c377457..3c69fbc 100644 /* Used in very early kernel initialization. */ extern unsigned long reloc_offset(void); +diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h +index 96471494..60ed5a2 100644 +--- a/arch/powerpc/include/asm/thread_info.h ++++ b/arch/powerpc/include/asm/thread_info.h +@@ -104,13 +104,15 @@ static inline struct thread_info *current_thread_info(void) + #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ + #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ + #define TIF_SINGLESTEP 8 /* singlestepping active */ +-#define TIF_MEMDIE 9 /* is terminating due to OOM killer */ + #define TIF_SECCOMP 10 /* secure computing */ + #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */ + #define TIF_NOERROR 12 /* Force successful syscall return */ + #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */ + #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */ + #define TIF_RUNLATCH 16 /* Is the runlatch enabled? */ ++#define TIF_MEMDIE 17 /* is terminating due to OOM killer */ ++/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */ ++#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */ + + /* as above, but as bit values */ + #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) +@@ -128,8 +130,11 @@ static inline struct thread_info *current_thread_info(void) + #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) + #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) + #define _TIF_RUNLATCH (1<<TIF_RUNLATCH) ++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) ++ + #define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ +- _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT) ++ _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT \ ++ _TIF_GRSEC_SETXID) + + #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \ + _TIF_NOTIFY_RESUME) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index bd0fb84..a42a14b 100644 --- a/arch/powerpc/include/asm/uaccess.h @@ -4065,6 +4266,45 @@ index d817ab0..b23b18e 100644 - - return ret; -} +diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c +index 5b43325..94a5bb4 100644 +--- a/arch/powerpc/kernel/ptrace.c ++++ b/arch/powerpc/kernel/ptrace.c +@@ -1702,6 +1702,10 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + /* + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. +@@ -1712,6 +1716,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) + + secure_computing(regs->gpr[0]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (test_thread_flag(TIF_SYSCALL_TRACE) && + tracehook_report_syscall_entry(regs)) + /* +@@ -1746,6 +1755,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) + { + int step; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c index 836a5a1..27289a3 100644 --- a/arch/powerpc/kernel/signal_32.c @@ -5253,7 +5493,7 @@ index c2a1080..21ed218 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 01d057f..0a02f7e 100644 +index 01d057f..13a7d2f 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5265,6 +5505,38 @@ index 01d057f..0a02f7e 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; +@@ -214,10 +216,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ + /* flag bit 6 is available */ + #define TIF_32BIT 7 /* 32-bit binary */ +-/* flag bit 8 is available */ ++#define TIF_GRSEC_SETXID 8 /* update credentials on syscall entry/exit */ + #define TIF_SECCOMP 9 /* secure computing */ + #define TIF_SYSCALL_AUDIT 10 /* syscall auditing active */ + #define TIF_SYSCALL_TRACEPOINT 11 /* syscall tracepoint instrumentation */ ++ + /* NOTE: Thread flags >= 12 should be ones we have no interest + * in using in assembly, else we can't use the mask as + * an immediate value in instructions such as andcc. +@@ -236,12 +239,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); + #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) + #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) + #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) ++#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) + + #define _TIF_USER_WORK_MASK ((0xff << TI_FLAG_WSAVED_SHIFT) | \ + _TIF_DO_NOTIFY_RESUME_MASK | \ + _TIF_NEED_RESCHED) + #define _TIF_DO_NOTIFY_RESUME_MASK (_TIF_NOTIFY_RESUME | _TIF_SIGPENDING) + ++#define _TIF_WORK_SYSCALL \ ++ (_TIF_SYSCALL_TRACE | _TIF_SECCOMP | _TIF_SYSCALL_AUDIT | \ ++ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) ++ ++ + /* + * Thread-synchronous status. + * diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h index e88fbe5..96b0ce5 100644 --- a/arch/sparc/include/asm/uaccess.h @@ -5475,6 +5747,45 @@ index 39d8b05..d1a7d90 100644 (void *) gp->tpc, (void *) gp->o7, (void *) gp->i7, +diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c +index 9388844..0075fd2 100644 +--- a/arch/sparc/kernel/ptrace_64.c ++++ b/arch/sparc/kernel/ptrace_64.c +@@ -1058,6 +1058,10 @@ long arch_ptrace(struct task_struct *child, long request, + return ret; + } + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + asmlinkage int syscall_trace_enter(struct pt_regs *regs) + { + int ret = 0; +@@ -1065,6 +1069,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) + /* do the secure computing check first */ + secure_computing(regs->u_regs[UREG_G1]); + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + if (test_thread_flag(TIF_SYSCALL_TRACE)) + ret = tracehook_report_syscall_entry(regs); + +@@ -1085,6 +1094,11 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs) + + asmlinkage void syscall_trace_leave(struct pt_regs *regs) + { ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c index 42b282f..28ce9f2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c @@ -5648,6 +5959,55 @@ index 232df99..cee1f9c 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S +index 1d7e274..b39c527 100644 +--- a/arch/sparc/kernel/syscalls.S ++++ b/arch/sparc/kernel/syscalls.S +@@ -62,7 +62,7 @@ sys32_rt_sigreturn: + #endif + .align 32 + 1: ldx [%g6 + TI_FLAGS], %l5 +- andcc %l5, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l5, _TIF_WORK_SYSCALL, %g0 + be,pt %icc, rtrap + nop + call syscall_trace_leave +@@ -179,7 +179,7 @@ linux_sparc_syscall32: + + srl %i5, 0, %o5 ! IEU1 + srl %i2, 0, %o2 ! IEU0 Group +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l0, _TIF_WORK_SYSCALL, %g0 + bne,pn %icc, linux_syscall_trace32 ! CTI + mov %i0, %l5 ! IEU1 + call %l7 ! CTI Group brk forced +@@ -202,7 +202,7 @@ linux_sparc_syscall: + + mov %i3, %o3 ! IEU1 + mov %i4, %o4 ! IEU0 Group +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 ++ andcc %l0, _TIF_WORK_SYSCALL, %g0 + bne,pn %icc, linux_syscall_trace ! CTI Group + mov %i0, %l5 ! IEU0 + 2: call %l7 ! CTI Group brk forced +@@ -226,7 +226,7 @@ ret_sys_call: + + cmp %o0, -ERESTART_RESTARTBLOCK + bgeu,pn %xcc, 1f +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6 ++ andcc %l0, _TIF_WORK_SYSCALL, %l6 + 80: + /* System call success, clear Carry condition code. */ + andn %g3, %g2, %g3 +@@ -241,7 +241,7 @@ ret_sys_call: + /* System call failure, set Carry condition code. + * Also, get abs(errno) to return to the process. + */ +- andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %l6 ++ andcc %l0, _TIF_WORK_SYSCALL, %l6 + sub %g0, %o0, %o0 + or %g3, %g2, %g3 + stx %o0, [%sp + PTREGS_OFF + PT_V9_I0] diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c @@ -7519,7 +7879,7 @@ index 7116dcb..d9ae1d7 100644 #endif diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c -index 89bbf4e..869908e 100644 +index e77f4e4..17e511f 100644 --- a/arch/x86/boot/compressed/relocs.c +++ b/arch/x86/boot/compressed/relocs.c @@ -13,8 +13,11 @@ @@ -7624,7 +7984,7 @@ index 89bbf4e..869908e 100644 rel->r_info = elf32_to_cpu(rel->r_info); } } -@@ -396,14 +440,14 @@ static void read_relocs(FILE *fp) +@@ -396,13 +440,13 @@ static void read_relocs(FILE *fp) static void print_absolute_symbols(void) { @@ -7635,13 +7995,12 @@ index 89bbf4e..869908e 100644 for (i = 0; i < ehdr.e_shnum; i++) { struct section *sec = &secs[i]; char *sym_strtab; - Elf32_Sym *sh_symtab; - int j; + unsigned int j; if (sec->shdr.sh_type != SHT_SYMTAB) { continue; -@@ -431,14 +475,14 @@ static void print_absolute_symbols(void) +@@ -429,14 +473,14 @@ static void print_absolute_symbols(void) static void print_absolute_relocs(void) { @@ -7658,7 +8017,7 @@ index 89bbf4e..869908e 100644 if (sec->shdr.sh_type != SHT_REL) { continue; } -@@ -499,13 +543,13 @@ static void print_absolute_relocs(void) +@@ -497,13 +541,13 @@ static void print_absolute_relocs(void) static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) { @@ -7674,7 +8033,7 @@ index 89bbf4e..869908e 100644 struct section *sec = &secs[i]; if (sec->shdr.sh_type != SHT_REL) { -@@ -530,6 +574,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) +@@ -528,6 +572,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) !is_rel_reloc(sym_name(sym_strtab, sym))) { continue; } @@ -7697,7 +8056,7 @@ index 89bbf4e..869908e 100644 switch (r_type) { case R_386_NONE: case R_386_PC32: -@@ -571,7 +631,7 @@ static int cmp_relocs(const void *va, const void *vb) +@@ -569,7 +629,7 @@ static int cmp_relocs(const void *va, const void *vb) static void emit_relocs(int as_text) { @@ -7706,7 +8065,7 @@ index 89bbf4e..869908e 100644 /* Count how many relocations I have and allocate space for them. */ reloc_count = 0; walk_relocs(count_reloc); -@@ -665,6 +725,7 @@ int main(int argc, char **argv) +@@ -663,6 +723,7 @@ int main(int argc, char **argv) fname, strerror(errno)); } read_ehdr(fp); @@ -12132,7 +12491,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index cfd8144..1b1127d 100644 +index cfd8144..664ac89 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -12182,7 +12541,45 @@ index cfd8144..1b1127d 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -169,45 +163,40 @@ struct thread_info { +@@ -95,6 +89,7 @@ struct thread_info { + #define TIF_BLOCKSTEP 25 /* set when we want DEBUGCTLMSR_BTF */ + #define TIF_LAZY_MMU_UPDATES 27 /* task is updating the mmu lazily */ + #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */ ++#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ + + #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) + #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) +@@ -116,16 +111,17 @@ struct thread_info { + #define _TIF_BLOCKSTEP (1 << TIF_BLOCKSTEP) + #define _TIF_LAZY_MMU_UPDATES (1 << TIF_LAZY_MMU_UPDATES) + #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) ++#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) + + /* work to do in syscall_trace_enter() */ + #define _TIF_WORK_SYSCALL_ENTRY \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \ +- _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT) ++ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) + + /* work to do in syscall_trace_leave() */ + #define _TIF_WORK_SYSCALL_EXIT \ + (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SINGLESTEP | \ +- _TIF_SYSCALL_TRACEPOINT) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) + + /* work to do on interrupt/exception return */ + #define _TIF_WORK_MASK \ +@@ -135,7 +131,8 @@ struct thread_info { + + /* work to do on any return to user space */ + #define _TIF_ALLWORK_MASK \ +- ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT) ++ ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \ ++ _TIF_GRSEC_SETXID) + + /* Only used for 64 bit */ + #define _TIF_DO_NOTIFY_MASK \ +@@ -169,45 +166,40 @@ struct thread_info { ret; \ }) @@ -12253,7 +12650,7 @@ index cfd8144..1b1127d 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -215,27 +204,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -215,27 +207,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -12283,7 +12680,7 @@ index cfd8144..1b1127d 100644 #endif #endif /* !X86_32 */ -@@ -269,5 +239,16 @@ extern void arch_task_cache_init(void); +@@ -269,5 +242,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -14606,7 +15003,7 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 7b784f4..76aaad7 100644 +index 7b784f4..db6b628 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -179,13 +179,146 @@ @@ -14799,7 +15196,7 @@ index 7b784f4..76aaad7 100644 +#ifdef CONFIG_PAX_KERNEXEC + jae resume_userspace + -+ PAX_EXIT_KERNEL ++ pax_exit_kernel + jmp resume_kernel +#else jb resume_kernel # not returning to v8086 or userspace @@ -18533,7 +18930,7 @@ index cfa5c90..4facd28 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 5026738..e1b5aa8 100644 +index 5026738..574f70a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -792,6 +792,10 @@ static int ioperm_active(struct task_struct *target, @@ -18582,6 +18979,41 @@ index 5026738..e1b5aa8 100644 } void user_single_step_siginfo(struct task_struct *tsk, +@@ -1361,6 +1365,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, + # define IS_IA32 0 + #endif + ++#ifdef CONFIG_GRKERNSEC_SETXID ++extern void gr_delayed_cred_worker(void); ++#endif ++ + /* + * We must return the syscall number to actually look up in the table. + * This can be -1L to skip running any syscall at all. +@@ -1369,6 +1377,11 @@ long syscall_trace_enter(struct pt_regs *regs) + { + long ret = 0; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + /* + * If we stepped into a sysenter/syscall insn, it trapped in + * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. +@@ -1412,6 +1425,11 @@ void syscall_trace_leave(struct pt_regs *regs) + { + bool step; + ++#ifdef CONFIG_GRKERNSEC_SETXID ++ if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) ++ gr_delayed_cred_worker(); ++#endif ++ + audit_syscall_exit(regs); + + if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c index 42eb330..139955c 100644 --- a/arch/x86/kernel/pvclock.c @@ -18820,7 +19252,7 @@ index d7d5099..28555d0 100644 bss_resource.start = virt_to_phys(&__bss_start); bss_resource.end = virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c -index 71f4727..217419b 100644 +index 5a98aa2..848d2be 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -18879,7 +19311,7 @@ index 71f4727..217419b 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void) +@@ -219,6 +221,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -18891,7 +19323,7 @@ index 71f4727..217419b 100644 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void) +@@ -259,6 +266,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -20334,7 +20766,7 @@ index e385214..f8df033 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 3b4c8d8..f457b63 100644 +index a7a6f60..04b745a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1306,7 +1306,11 @@ static void reload_tss(void) @@ -20349,7 +20781,7 @@ index 3b4c8d8..f457b63 100644 load_TR_desc(); } -@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void) +@@ -2637,8 +2641,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20363,7 +20795,7 @@ index 3b4c8d8..f457b63 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) +@@ -3654,7 +3661,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20372,7 +20804,7 @@ index 3b4c8d8..f457b63 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6192,6 +6199,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20385,7 +20817,7 @@ index 3b4c8d8..f457b63 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6240,6 +6253,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20397,7 +20829,7 @@ index 3b4c8d8..f457b63 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6268,7 +6286,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -20416,7 +20848,7 @@ index 3b4c8d8..f457b63 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 9cbfc06..943ffa6 100644 +index 8d1c6c6..6e6d611 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -873,6 +873,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) @@ -20461,7 +20893,7 @@ index 9cbfc06..943ffa6 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3497,6 +3501,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, +@@ -3499,6 +3503,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, struct kvm_vcpu *vcpu, u32 access, @@ -20471,7 +20903,7 @@ index 9cbfc06..943ffa6 100644 struct x86_exception *exception) { void *data = val; -@@ -3528,6 +3535,9 @@ out: +@@ -3530,6 +3537,9 @@ out: /* used for instruction fetching */ static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20481,7 +20913,7 @@ index 9cbfc06..943ffa6 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -3552,6 +3562,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); +@@ -3554,6 +3564,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, gva_t addr, void *val, unsigned int bytes, @@ -20491,7 +20923,7 @@ index 9cbfc06..943ffa6 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -3665,12 +3678,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) +@@ -3667,12 +3680,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) } static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, @@ -20508,7 +20940,7 @@ index 9cbfc06..943ffa6 100644 void *val, int bytes) { return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -3821,6 +3838,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, +@@ -3823,6 +3840,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, const void *old, const void *new, unsigned int bytes, @@ -20521,7 +20953,7 @@ index 9cbfc06..943ffa6 100644 struct x86_exception *exception) { struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4780,7 +4803,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4782,7 +4805,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -20906,7 +21338,7 @@ index e8e7e0d..56fd1b0 100644 movl %eax, (v) movl %edx, 4(v) diff --git a/arch/x86/lib/atomic64_cx8_32.S b/arch/x86/lib/atomic64_cx8_32.S -index 391a083..d658e9f 100644 +index 391a083..3a2cf39 100644 --- a/arch/x86/lib/atomic64_cx8_32.S +++ b/arch/x86/lib/atomic64_cx8_32.S @@ -35,10 +35,20 @@ ENTRY(atomic64_read_cx8) @@ -21017,7 +21449,7 @@ index 391a083..d658e9f 100644 -.macro incdec_return func ins insc -ENTRY(atomic64_\func\()_return_cx8) -+.macro incdec_return func ins insc unchecked ++.macro incdec_return func ins insc unchecked="" +ENTRY(atomic64_\func\()_return\unchecked\()_cx8) CFI_STARTPROC SAVE ebx @@ -24310,7 +24742,7 @@ index f4f29b1..5cac4fb 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 8ecbb4b..29efd37 100644 +index 8ecbb4b..a269cab 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -24386,7 +24818,7 @@ index 8ecbb4b..29efd37 100644 /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,66 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -321,14 +328,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, largest_hole = 0; mm->free_area_cache = base; } @@ -24401,16 +24833,10 @@ index 8ecbb4b..29efd37 100644 + addr = (mm->free_area_cache - len); do { + addr &= huge_page_mask(h); -+ vma = find_vma(mm, addr); /* * Lookup failure means no vma is above this address, * i.e. return with success: -- */ -- vma = find_vma(mm, addr); -- if (!vma) -- return addr; -- -- /* +@@ -341,46 +349,47 @@ try_again: * new region fits between prev_vma->vm_end and * vma->vm_start, use it: */ @@ -24483,7 +24909,7 @@ index 8ecbb4b..29efd37 100644 mm->cached_hole_size = ~0UL; addr = hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -388,6 +392,7 @@ fail: +@@ -388,6 +397,7 @@ fail: /* * Restore the topdown base: */ @@ -24491,7 +24917,7 @@ index 8ecbb4b..29efd37 100644 mm->free_area_cache = base; mm->cached_hole_size = ~0UL; -@@ -401,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -401,10 +411,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -24512,7 +24938,7 @@ index 8ecbb4b..29efd37 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -416,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -416,8 +435,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -24940,7 +25366,7 @@ index 8663f6c..829ae76 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 436a030..2b60088 100644 +index 436a030..4f97ffc 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -25057,6 +25483,15 @@ index 436a030..2b60088 100644 adr = (void *)(((unsigned long)adr) | left); return adr; +@@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, + unmap_low_page(pmd); + + spin_lock(&init_mm.page_table_lock); +- pud_populate(&init_mm, pud, __va(pmd_phys)); ++ pud_populate_kernel(&init_mm, pud, __va(pmd_phys)); + spin_unlock(&init_mm.page_table_lock); + } + __flush_tlb_all(); @@ -592,7 +606,7 @@ kernel_physical_mapping_init(unsigned long start, unmap_low_page(pud); @@ -26837,10 +27272,10 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 4172af8..2c8ed7f 100644 +index 4e517d4..68a48f5 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -26849,7 +27284,7 @@ index 4172af8..2c8ed7f 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1029,30 +1027,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1030,30 +1028,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -26887,7 +27322,7 @@ index 4172af8..2c8ed7f 100644 { if (pm_power_off) pm_power_off(); -@@ -1155,7 +1153,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1156,7 +1154,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -26906,7 +27341,7 @@ index 4172af8..2c8ed7f 100644 xen_setup_features(); -@@ -1186,13 +1194,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1187,13 +1195,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -26921,10 +27356,10 @@ index 4172af8..2c8ed7f 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 95c1cf6..4bfa5be 100644 +index dc19347..1b07a2c 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1738,6 +1738,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, convert_pfn_mfn(init_level4_pgt); convert_pfn_mfn(level3_ident_pgt); convert_pfn_mfn(level3_kernel_pgt); @@ -26934,7 +27369,7 @@ index 95c1cf6..4bfa5be 100644 l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1751,7 +1754,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1756,7 +1759,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -26946,7 +27381,7 @@ index 95c1cf6..4bfa5be 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1958,6 +1965,7 @@ static void __init xen_post_allocator_init(void) +@@ -1963,6 +1970,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -26954,7 +27389,7 @@ index 95c1cf6..4bfa5be 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2039,6 +2047,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2044,6 +2052,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -46851,10 +47286,10 @@ index 5698746..6086012 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 3645cd3..786809c 100644 +index c60267e..193d9e4 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -914,7 +914,7 @@ static struct file_system_type hugetlbfs_fs_type = { +@@ -902,7 +902,7 @@ static struct file_system_type hugetlbfs_fs_type = { .kill_sb = kill_litter_super, }; @@ -47597,7 +48032,7 @@ index f649fba..236bf92 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index edf6d3e..bdd1da7 100644 +index b96fe94..a4dbece 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -925,7 +925,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, @@ -49831,10 +50266,10 @@ index ab30253..4d86958 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..4089e05 +index 0000000..2645296 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1078 @@ +@@ -0,0 +1,1079 @@ +# +# grecurity configuration +# @@ -49969,7 +50404,7 @@ index 0000000..4089e05 + select GRKERNSEC_PROC_ADD + select GRKERNSEC_CHROOT_CHMOD + select GRKERNSEC_CHROOT_NICE -+ select GRKERNSEC_SETXID ++ select GRKERNSEC_SETXID if (X86 || SPARC64 || PPC || ARM || MIPS) + select GRKERNSEC_AUDIT_MOUNT + select GRKERNSEC_MODHARDEN if (MODULES) + select GRKERNSEC_HARDEN_PTRACE @@ -50664,6 +51099,7 @@ index 0000000..4089e05 + +config GRKERNSEC_SETXID + bool "Enforce consistent multithreaded privileges" ++ depends on (X86 || SPARC64 || PPC || ARM || MIPS) + help + If you say Y here, a change from a root uid to a non-root uid + in a multithreaded application will cause the resulting uids, @@ -50959,10 +51395,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..42813ac +index 0000000..a6d83f0 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4192 @@ +@@ -0,0 +1,4193 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -54820,21 +55256,22 @@ index 0000000..42813ac + if (unlikely(!(gr_status & GR_READY))) + return 0; +#endif ++ if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { ++ read_lock(&tasklist_lock); ++ while (tmp->pid > 0) { ++ if (tmp == curtemp) ++ break; ++ tmp = tmp->real_parent; ++ } + -+ read_lock(&tasklist_lock); -+ while (tmp->pid > 0) { -+ if (tmp == curtemp) -+ break; -+ tmp = tmp->real_parent; -+ } -+ -+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || -+ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) { ++ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && current_uid() && !(gr_status & GR_READY)) || ++ ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) { ++ read_unlock(&tasklist_lock); ++ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); ++ return 1; ++ } + read_unlock(&tasklist_lock); -+ gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); -+ return 1; + } -+ read_unlock(&tasklist_lock); + +#ifdef CONFIG_GRKERNSEC_HARDEN_PTRACE + if (!(gr_status & GR_READY)) @@ -62544,7 +62981,7 @@ index 9c07dce..a92fa71 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index bc21720..098aefa 100644 +index 4c4e83d..5f16617 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); @@ -63114,7 +63551,7 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 4f3b01a..8256d1a 100644 +index 7e472b7..212d381 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1002,6 +1002,7 @@ struct net_device_ops { @@ -66076,7 +66513,7 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index 48c6fd3..3342f00 100644 +index 48c6fd3..8398912 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -204,6 +204,15 @@ void exit_creds(struct task_struct *tsk) @@ -66113,7 +66550,7 @@ index 48c6fd3..3342f00 100644 /* dumpability changes */ if (old->euid != new->euid || old->egid != new->egid || -@@ -540,6 +551,92 @@ int commit_creds(struct cred *new) +@@ -540,6 +551,101 @@ int commit_creds(struct cred *new) put_cred(old); return 0; } @@ -66179,6 +66616,8 @@ index 48c6fd3..3342f00 100644 +int commit_creds(struct cred *new) +{ +#ifdef CONFIG_GRKERNSEC_SETXID ++ int ret; ++ int schedule_it = 0; + struct task_struct *t; + + /* we won't get called with tasklist_lock held for writing @@ -66187,20 +66626,27 @@ index 48c6fd3..3342f00 100644 + */ + if (grsec_enable_setxid && !current_is_single_threaded() && + !current_uid() && new->uid) { ++ schedule_it = 1; ++ } ++ ret = __commit_creds(new); ++ if (schedule_it) { + rcu_read_lock(); + read_lock(&tasklist_lock); + for (t = next_thread(current); t != current; + t = next_thread(t)) { + if (t->delayed_cred == NULL) { + t->delayed_cred = get_cred(new); ++ set_tsk_thread_flag(t, TIF_GRSEC_SETXID); + set_tsk_need_resched(t); + } + } + read_unlock(&tasklist_lock); + rcu_read_unlock(); + } -+#endif ++ return ret; ++#else + return __commit_creds(new); ++#endif +} + EXPORT_SYMBOL(commit_creds); @@ -69073,39 +69519,10 @@ index e8a1f83..363d17d 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 478a04c..6970d99 100644 +index 478a04c..e16339a 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3142,6 +3142,19 @@ pick_next_task(struct rq *rq) - BUG(); /* the idle class will always have a runnable task */ - } - -+#ifdef CONFIG_GRKERNSEC_SETXID -+extern void gr_delayed_cred_worker(void); -+static inline void gr_cred_schedule(void) -+{ -+ if (unlikely(current->delayed_cred)) -+ gr_delayed_cred_worker(); -+} -+#else -+static inline void gr_cred_schedule(void) -+{ -+} -+#endif -+ - /* - * __schedule() is the main scheduler function. - */ -@@ -3161,6 +3174,8 @@ need_resched: - - schedule_debug(prev); - -+ gr_cred_schedule(); -+ - if (sched_feat(HRTICK)) - hrtick_clear(rq); - -@@ -3851,6 +3866,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3851,6 +3851,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -69114,7 +69531,7 @@ index 478a04c..6970d99 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3884,7 +3901,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3884,7 +3886,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -69124,7 +69541,7 @@ index 478a04c..6970d99 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -4041,6 +4059,7 @@ recheck: +@@ -4041,6 +4044,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -70448,6 +70865,28 @@ index 013a761..c28f3fc 100644 #define free(a) kfree(a) #endif +diff --git a/lib/ioremap.c b/lib/ioremap.c +index da4e2ad..6373b5f 100644 +--- a/lib/ioremap.c ++++ b/lib/ioremap.c +@@ -38,7 +38,7 @@ static inline int ioremap_pmd_range(pud_t *pud, unsigned long addr, + unsigned long next; + + phys_addr -= addr; +- pmd = pmd_alloc(&init_mm, pud, addr); ++ pmd = pmd_alloc_kernel(&init_mm, pud, addr); + if (!pmd) + return -ENOMEM; + do { +@@ -56,7 +56,7 @@ static inline int ioremap_pud_range(pgd_t *pgd, unsigned long addr, + unsigned long next; + + phys_addr -= addr; +- pud = pud_alloc(&init_mm, pgd, addr); ++ pud = pud_alloc_kernel(&init_mm, pgd, addr); + if (!pud) + return -ENOMEM; + do { diff --git a/lib/is_single_threaded.c b/lib/is_single_threaded.c index bd2bea9..6b3c95e 100644 --- a/lib/is_single_threaded.c @@ -70677,10 +71116,10 @@ index 8f7fc39..69bf1e9 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index a7cf829..d60e0e1 100644 +index 24b1787..e0fbc01 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2425,6 +2425,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -70708,7 +71147,7 @@ index a7cf829..d60e0e1 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2459,6 +2480,11 @@ retry_avoidcopy: +@@ -2538,6 +2559,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70720,7 +71159,7 @@ index a7cf829..d60e0e1 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2613,6 +2639,10 @@ retry: +@@ -2692,6 +2718,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -70731,7 +71170,7 @@ index a7cf829..d60e0e1 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2642,6 +2672,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2721,6 +2751,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -70742,7 +71181,7 @@ index a7cf829..d60e0e1 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2655,6 +2689,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2734,6 +2768,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -70982,7 +71421,7 @@ index 56080ea..115071e 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 10b4dda..b1f60ad 100644 +index 10b4dda..06857f3 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -71109,7 +71548,29 @@ index 10b4dda..b1f60ad 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2472,6 +2485,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2364,7 +2377,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, + + BUG_ON(pud_huge(*pud)); + +- pmd = pmd_alloc(mm, pud, addr); ++ pmd = (mm == &init_mm) ? ++ pmd_alloc_kernel(mm, pud, addr) : ++ pmd_alloc(mm, pud, addr); + if (!pmd) + return -ENOMEM; + do { +@@ -2384,7 +2399,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, + unsigned long next; + int err; + +- pud = pud_alloc(mm, pgd, addr); ++ pud = (mm == &init_mm) ? ++ pud_alloc_kernel(mm, pgd, addr) : ++ pud_alloc(mm, pgd, addr); + if (!pud) + return -ENOMEM; + do { +@@ -2472,6 +2489,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -71296,7 +71757,7 @@ index 10b4dda..b1f60ad 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2683,6 +2876,12 @@ gotten: +@@ -2683,6 +2880,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -71309,7 +71770,7 @@ index 10b4dda..b1f60ad 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2734,6 +2933,10 @@ gotten: +@@ -2734,6 +2937,10 @@ gotten: page_remove_rmap(old_page); } @@ -71320,7 +71781,7 @@ index 10b4dda..b1f60ad 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3013,6 +3216,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3013,6 +3220,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -71332,7 +71793,7 @@ index 10b4dda..b1f60ad 100644 unlock_page(page); if (swapcache) { /* -@@ -3036,6 +3244,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3036,6 +3248,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71344,7 +71805,7 @@ index 10b4dda..b1f60ad 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3055,40 +3268,6 @@ out_release: +@@ -3055,40 +3272,6 @@ out_release: } /* @@ -71385,7 +71846,7 @@ index 10b4dda..b1f60ad 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3097,27 +3276,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3097,27 +3280,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -71418,7 +71879,7 @@ index 10b4dda..b1f60ad 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3136,6 +3311,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3136,6 +3315,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -71430,7 +71891,7 @@ index 10b4dda..b1f60ad 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3143,6 +3323,12 @@ setpte: +@@ -3143,6 +3327,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71443,7 +71904,7 @@ index 10b4dda..b1f60ad 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3286,6 +3472,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3286,6 +3476,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -71456,7 +71917,7 @@ index 10b4dda..b1f60ad 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3305,6 +3497,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3305,6 +3501,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -71471,7 +71932,7 @@ index 10b4dda..b1f60ad 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3458,6 +3658,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3458,6 +3662,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -71484,7 +71945,7 @@ index 10b4dda..b1f60ad 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3474,6 +3680,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3474,6 +3684,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -71495,7 +71956,7 @@ index 10b4dda..b1f60ad 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3485,6 +3695,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3485,6 +3699,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -71530,7 +71991,7 @@ index 10b4dda..b1f60ad 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3514,7 +3752,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3514,7 +3756,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -71539,7 +72000,7 @@ index 10b4dda..b1f60ad 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3551,6 +3789,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3551,6 +3793,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -71563,7 +72024,7 @@ index 10b4dda..b1f60ad 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3581,6 +3836,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3581,6 +3840,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -71594,7 +72055,7 @@ index 10b4dda..b1f60ad 100644 #endif /* __PAGETABLE_PMD_FOLDED */ int make_pages_present(unsigned long addr, unsigned long end) -@@ -3618,7 +3897,7 @@ static int __init gate_vma_init(void) +@@ -3618,7 +3901,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -75428,7 +75889,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 7f72c9c..e29943b 100644 +index 0336374..659088a 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name) @@ -75446,7 +75907,7 @@ index 7f72c9c..e29943b 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1585,7 +1589,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1605,7 +1609,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -75455,7 +75916,7 @@ index 7f72c9c..e29943b 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1595,7 +1599,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1615,7 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -75464,7 +75925,7 @@ index 7f72c9c..e29943b 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2057,7 +2061,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2077,7 +2081,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75473,7 +75934,7 @@ index 7f72c9c..e29943b 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2913,7 +2917,7 @@ enqueue: +@@ -2933,7 +2937,7 @@ enqueue: local_irq_restore(flags); @@ -75482,7 +75943,7 @@ index 7f72c9c..e29943b 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2985,7 +2989,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3005,7 +3009,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -75491,7 +75952,7 @@ index 7f72c9c..e29943b 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3273,7 +3277,7 @@ ncls: +@@ -3293,7 +3297,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -75500,7 +75961,7 @@ index 7f72c9c..e29943b 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3833,7 +3837,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3853,7 +3857,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -75509,7 +75970,7 @@ index 7f72c9c..e29943b 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5858,7 +5862,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5878,7 +5882,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -86454,7 +86915,7 @@ index af0f22f..9a7d479 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index c4ac57e..527711d 100644 +index 7858228..2919715 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -86466,7 +86927,7 @@ index c4ac57e..527711d 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2313,7 +2313,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2318,7 +2318,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -86475,7 +86936,7 @@ index c4ac57e..527711d 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2367,10 +2367,10 @@ static int hardware_enable_all(void) +@@ -2372,10 +2372,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -86488,7 +86949,7 @@ index c4ac57e..527711d 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2733,7 +2733,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2738,7 +2738,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -86497,7 +86958,7 @@ index c4ac57e..527711d 100644 struct module *module) { int r; -@@ -2796,7 +2796,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2801,7 +2801,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -86506,7 +86967,7 @@ index c4ac57e..527711d 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2806,9 +2806,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2811,9 +2811,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; |