diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 30 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.15-201408032014.patch) | 462 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 6 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 6 |
4 files changed, 243 insertions, 261 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index f42b214f02..4e3286136a 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.15 +pkgver=3.14.16 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.15-201408032014.patch + grsecurity-3.0-3.14.16-201408110024.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,26 +165,26 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -497579393986bb76e08abc355e59550c patch-3.14.15.xz -d1d5b12a0a0f0f8dd8588d42bd3b2375 grsecurity-3.0-3.14.15-201408032014.patch +0c17d6e79e240062a36d4a71a2f7d1f2 patch-3.14.16.xz +cba8b3e01874c01f982a360cc3aad33f grsecurity-3.0-3.14.16-201408110024.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch -69688dbc1669bfd04dec7bb316e58b8d kernelconfig.x86 -e0b3a0898935183bf42078350d2e31f1 kernelconfig.x86_64 +dc5e04d422b807e740fd15b141b89a62 kernelconfig.x86 +1aea3d3de4013c10712a582c8d738bf7 kernelconfig.x86_64 0d71b1663f7cbfffc6e403deca4bbe86 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -fd0fff77dd5274fd53bce431275cf203357d1a96a6c6129f0562b07232399ed2 patch-3.14.15.xz -c52e543a680cf82721aa378251fd66f223a03a294343ae9500bc6d1d59771f8f grsecurity-3.0-3.14.15-201408032014.patch +3d3e79fd9795812f293aa38799c056aaea0f14da8294b31067f7768e9f38db2d patch-3.14.16.xz +e27fc08381e4937347b426e5f68149a0917dce79ef4f962b106ae158cdb4a619 grsecurity-3.0-3.14.16-201408110024.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch -61c9344b8643ab81b0d7230f77fa003c8e2ce46bf4ea18315708e77ccef5de83 kernelconfig.x86 -1ce44d635856578779ff6c0d1ba97c4ce44e988411e3c702a79859c28bd8c91c kernelconfig.x86_64 +148fe2f06c98716744139f0c92aa702665bb9da96ecc163ef56c8ba3084d534a kernelconfig.x86 +1b26e8c006dccce38520b9b42a6ae43230d032307ec847ab77ea97d4616164f6 kernelconfig.x86_64 3cddaac02211dd0f5eb4531aecc3a1427f29dcec7b31d9fe0042192d591bcdc8 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -9a9d99a5e6f724f3c7063212ce7187e1bf15a1931aacc0e56fcb46b5f1f8266c47dd61ca0dafdfeb27a7348817629fa2d26df0f0d6f36d7ceab6295b39a5e5d9 patch-3.14.15.xz -2edef8d733b2fbfeb65de833e85d2f2693967263e8b8faf7838192af763b6868ad41daaf71d26327566ab5a8184a87be159388a1ceb48bea88ece1fbc0adaf19 grsecurity-3.0-3.14.15-201408032014.patch +3004ce119ee9d6a13c8d1af6c3e1bd96794c89a98e914c0a0d80ff96c2a6f41ed3d2108aa86312d4b08646a38c9b47478c136252418a4964476b624e5e1fae70 patch-3.14.16.xz +f4a1dec548fb2bb2791d3b4a3e53a4f5f52fef95cd81e4d2dac0749474ff646b51b7f06eb9d83b27c9882e803164f7e60139d9781b144a7eba0819d565cf23b3 grsecurity-3.0-3.14.16-201408110024.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch -0889c17d6509b8078aa2fd1ba2977a8fa88260bd080e780aeefd7eb6a8805b3bb9a3132991fc1050e6b7bce0ca118ce7f2c57c0f33459812f69c4dee75ff96cf kernelconfig.x86 -f413cb1b4942f217c223ab3bae845a2ea86c01dfd586ecce0e63598d775fafc975ed88f908e7291e20543cf4d15e01b26d5e4407de244ccbfe4fbebe74d25995 kernelconfig.x86_64 +65697a0652795bc2f57c74968b4e541b372bf9ebfd8effe9d17b75143f2444a76d41982dddee3c7cda28dc33c88f221b89964282d82761593ec697b5fa77f8d4 kernelconfig.x86 +799e497939ed879e118b9bccae970f69c4c64488f3ef52ed5f07685531f13fa756cc7656351d611e6ffb93809f7af526cab379c2e24171c6bb5eac88f77fcc2e kernelconfig.x86_64 c19ce8d5ef84e42d63435731afab351a68226d7b49caf5d6a3b43421a1a856eadfc69b503a2d757de10cba46bcfdf45c17bb0fed6cf0a14ac284050e655614dd kernelconfig.armhf" diff --git a/main/linux-grsec/grsecurity-3.0-3.14.15-201408032014.patch b/main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch index 96db0fa027..cd58a6f54d 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.15-201408032014.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 188523e..5c8d8ee 100644 +index 8b22e24..7f4d29b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -313,10 +313,13 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -585,6 +586,72 @@ else +@@ -585,6 +586,75 @@ else KBUILD_CFLAGS += -O2 endif ++# Tell gcc to never replace conditional load with a non-conditional one ++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -386,7 +389,7 @@ index 188523e..5c8d8ee 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -781,7 +848,7 @@ export mod_sign_cmd +@@ -781,7 +851,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -395,7 +398,7 @@ index 188523e..5c8d8ee 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -830,6 +897,8 @@ endif +@@ -830,6 +900,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -404,7 +407,7 @@ index 188523e..5c8d8ee 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -839,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -413,7 +416,7 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -882,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -427,7 +430,7 @@ index 188523e..5c8d8ee 100644 prepare: prepare0 # Generate some files -@@ -993,6 +1065,8 @@ all: modules +@@ -993,6 +1068,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -436,7 +439,7 @@ index 188523e..5c8d8ee 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1008,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -445,7 +448,7 @@ index 188523e..5c8d8ee 100644 # Target to install modules PHONY += modules_install -@@ -1074,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -457,7 +460,7 @@ index 188523e..5c8d8ee 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1113,7 +1190,7 @@ distclean: mrproper +@@ -1113,7 +1193,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -466,7 +469,7 @@ index 188523e..5c8d8ee 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1275,6 +1352,8 @@ PHONY += $(module-dirs) modules +@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -475,7 +478,7 @@ index 188523e..5c8d8ee 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1414,17 +1493,21 @@ else +@@ -1414,17 +1496,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -501,7 +504,7 @@ index 188523e..5c8d8ee 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1434,11 +1517,15 @@ endif +@@ -1434,11 +1520,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -4329,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index b68c6b2..f66c492 100644 +index f15c22e..d830561 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -39,6 +39,22 @@ @@ -12643,7 +12646,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 7324107..a63fd9f 100644 +index c718d9f..511e6fa 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -12672,7 +12675,7 @@ index 7324107..a63fd9f 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1112,7 +1113,7 @@ choice +@@ -1129,7 +1130,7 @@ choice config NOHIGHMEM bool "off" @@ -12681,7 +12684,7 @@ index 7324107..a63fd9f 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1149,7 +1150,7 @@ config NOHIGHMEM +@@ -1166,7 +1167,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12690,7 +12693,7 @@ index 7324107..a63fd9f 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1202,7 +1203,7 @@ config PAGE_OFFSET +@@ -1219,7 +1220,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12699,7 +12702,7 @@ index 7324107..a63fd9f 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz +@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12707,7 +12710,7 @@ index 7324107..a63fd9f 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS +@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12718,7 +12721,7 @@ index 7324107..a63fd9f 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -17184,7 +17187,7 @@ index 91d9c69..dfae7d0 100644 * Convert a virtual cached pointer to an uncached pointer */ diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h -index bba3cf8..06bc8da 100644 +index 0a8b519..80e7d5b 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void) @@ -18395,21 +18398,24 @@ index e22c1db..23a625a 100644 } diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index c883bf7..19970b3 100644 +index 7166e25..baaa6fe 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t; +@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) +#define MODULES_EXEC_VADDR MODULES_VADDR +#define MODULES_EXEC_END MODULES_END -+ + #define ESPFIX_PGD_ENTRY _AC(-2, UL) + #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) + +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) - ++ #define EARLY_DYNAMIC_PAGE_TABLES 64 + #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 94e40f1..ebd03e4 100644 --- a/arch/x86/include/asm/pgtable_types.h @@ -20768,7 +20774,7 @@ index 7b0a55a..ad115bf 100644 /* top of stack page */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index cb648c8..91cb07e 100644 +index 56bac86..9d8df82 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -22489,7 +22495,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index c87810b..413d83f 100644 +index c5a9cb9..228d280 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -22848,7 +22854,7 @@ index c87810b..413d83f 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -577,14 +784,34 @@ ldt_ss: +@@ -580,14 +787,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22886,7 +22892,7 @@ index c87810b..413d83f 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -613,20 +840,18 @@ work_resched: +@@ -617,20 +844,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22909,7 +22915,7 @@ index c87810b..413d83f 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -647,7 +872,7 @@ work_notifysig_v86: +@@ -651,7 +876,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22918,7 +22924,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -655,11 +880,14 @@ syscall_trace_entry: +@@ -659,11 +884,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22934,7 +22940,7 @@ index c87810b..413d83f 100644 # perform syscall exit tracing ALIGN -@@ -672,26 +900,30 @@ syscall_exit_work: +@@ -676,26 +904,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22969,9 +22975,9 @@ index c87810b..413d83f 100644 CFI_ENDPROC /* * End of kprobes section -@@ -707,8 +939,15 @@ END(syscall_badsys) - * normal stack and adjusts ESP with the matching offset. +@@ -712,8 +944,15 @@ END(syscall_badsys) */ + #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ - mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ - mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ @@ -22987,7 +22993,7 @@ index c87810b..413d83f 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -761,7 +1000,7 @@ vector=vector+1 +@@ -769,7 +1008,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -22996,7 +23002,7 @@ index c87810b..413d83f 100644 .previous END(interrupt) -@@ -822,7 +1061,7 @@ ENTRY(coprocessor_error) +@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -23005,7 +23011,7 @@ index c87810b..413d83f 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) +@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -23014,7 +23020,7 @@ index c87810b..413d83f 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -844,7 +1083,7 @@ ENTRY(simd_coprocessor_error) +@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -23023,7 +23029,7 @@ index c87810b..413d83f 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -853,18 +1092,18 @@ ENTRY(device_not_available) +@@ -861,18 +1100,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -23045,7 +23051,7 @@ index c87810b..413d83f 100644 #endif ENTRY(overflow) -@@ -874,7 +1113,7 @@ ENTRY(overflow) +@@ -882,7 +1121,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -23054,7 +23060,7 @@ index c87810b..413d83f 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -883,7 +1122,7 @@ ENTRY(bounds) +@@ -891,7 +1130,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -23063,7 +23069,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -892,7 +1131,7 @@ ENTRY(invalid_op) +@@ -900,7 +1139,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -23072,7 +23078,7 @@ index c87810b..413d83f 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -901,7 +1140,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -23081,7 +23087,7 @@ index c87810b..413d83f 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -909,7 +1148,7 @@ ENTRY(invalid_TSS) +@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -23090,7 +23096,7 @@ index c87810b..413d83f 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -917,7 +1156,7 @@ ENTRY(segment_not_present) +@@ -925,7 +1164,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -23099,7 +23105,7 @@ index c87810b..413d83f 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -925,7 +1164,7 @@ ENTRY(stack_segment) +@@ -933,7 +1172,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -23108,7 +23114,7 @@ index c87810b..413d83f 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -933,7 +1172,7 @@ ENTRY(alignment_check) +@@ -941,7 +1180,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -23117,7 +23123,7 @@ index c87810b..413d83f 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -942,7 +1181,7 @@ ENTRY(divide_error) +@@ -950,7 +1189,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -23126,7 +23132,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -952,7 +1191,7 @@ ENTRY(machine_check) +@@ -960,7 +1199,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -23135,7 +23141,7 @@ index c87810b..413d83f 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -962,7 +1201,7 @@ ENTRY(spurious_interrupt_bug) +@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -23144,7 +23150,7 @@ index c87810b..413d83f 100644 /* * End of kprobes section */ -@@ -1072,7 +1311,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -23153,7 +23159,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1105,7 +1344,7 @@ ftrace_graph_call: +@@ -1113,7 +1352,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -23162,7 +23168,7 @@ index c87810b..413d83f 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1209,7 +1448,7 @@ trace: +@@ -1217,7 +1456,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -23171,7 +23177,7 @@ index c87810b..413d83f 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1227,7 +1466,7 @@ ENTRY(ftrace_graph_caller) +@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -23180,7 +23186,7 @@ index c87810b..413d83f 100644 .globl return_to_handler return_to_handler: -@@ -1293,15 +1532,18 @@ error_code: +@@ -1301,15 +1540,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -23201,7 +23207,7 @@ index c87810b..413d83f 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1344,7 +1586,7 @@ debug_stack_correct: +@@ -1352,7 +1594,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -23210,7 +23216,7 @@ index c87810b..413d83f 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1382,6 +1624,9 @@ nmi_stack_correct: +@@ -1392,6 +1634,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -23220,7 +23226,7 @@ index c87810b..413d83f 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1418,12 +1663,15 @@ nmi_espfix_stack: +@@ -1429,13 +1674,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23231,13 +23237,14 @@ index c87810b..413d83f 100644 lss 12+4(%esp), %esp # back to espfix stack CFI_ADJUST_CFA_OFFSET -24 jmp irq_return + #endif CFI_ENDPROC -END(nmi) +ENDPROC(nmi) ENTRY(int3) RING0_INT_FRAME -@@ -1436,14 +1684,14 @@ ENTRY(int3) +@@ -1448,14 +1696,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23254,7 +23261,7 @@ index c87810b..413d83f 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1452,7 +1700,7 @@ ENTRY(async_page_fault) +@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -23264,19 +23271,19 @@ index c87810b..413d83f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1e96c36..3ff710a 100644 +index 03cd2a8..05a9aed 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -59,6 +59,8 @@ - #include <asm/context_tracking.h> +@@ -60,6 +60,8 @@ #include <asm/smap.h> + #include <asm/pgtable_types.h> #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -80,8 +82,9 @@ +@@ -81,8 +83,9 @@ #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(function_hook) @@ -23287,7 +23294,7 @@ index 1e96c36..3ff710a 100644 /* skip is set if stack has been adjusted */ .macro ftrace_caller_setup skip=0 -@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call) +@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -23298,7 +23305,7 @@ index 1e96c36..3ff710a 100644 ENTRY(ftrace_regs_caller) /* Save the current flags before compare (in SS location)*/ -@@ -191,7 +195,7 @@ ftrace_restore_flags: +@@ -192,7 +196,7 @@ ftrace_restore_flags: popfq jmp ftrace_stub @@ -23307,7 +23314,7 @@ index 1e96c36..3ff710a 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -212,6 +216,7 @@ ENTRY(function_hook) +@@ -213,6 +217,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -23315,7 +23322,7 @@ index 1e96c36..3ff710a 100644 retq trace: -@@ -225,12 +230,13 @@ trace: +@@ -226,12 +231,13 @@ trace: #endif subq $MCOUNT_INSN_SIZE, %rdi @@ -23330,7 +23337,7 @@ index 1e96c36..3ff710a 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller) +@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -23341,7 +23348,7 @@ index 1e96c36..3ff710a 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -269,7 +276,9 @@ GLOBAL(return_to_handler) +@@ -270,7 +277,9 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -23351,7 +23358,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) +@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -23782,7 +23789,7 @@ index 1e96c36..3ff710a 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64) +@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64) .endm .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET @@ -23791,7 +23798,7 @@ index 1e96c36..3ff710a 100644 jnc 1f TRACE_IRQS_ON_DEBUG 1: -@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64) +@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64) movq \tmp,R11+\offset(%rsp) .endm @@ -23819,7 +23826,7 @@ index 1e96c36..3ff710a 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64) +@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23859,7 +23866,7 @@ index 1e96c36..3ff710a 100644 je 1f SWAPGS /* -@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64) +@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23878,7 +23885,7 @@ index 1e96c36..3ff710a 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -514,9 +939,52 @@ ENTRY(save_paranoid) +@@ -515,9 +940,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23933,7 +23940,7 @@ index 1e96c36..3ff710a 100644 .popsection /* -@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork) +@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23942,7 +23949,7 @@ index 1e96c36..3ff710a 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork) +@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23959,7 +23966,7 @@ index 1e96c36..3ff710a 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -593,7 +1059,7 @@ END(ret_from_fork) +@@ -594,7 +1060,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23968,7 +23975,7 @@ index 1e96c36..3ff710a 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs) +@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -23994,7 +24001,7 @@ index 1e96c36..3ff710a 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -639,10 +1112,13 @@ sysret_check: +@@ -640,10 +1113,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -24009,7 +24016,7 @@ index 1e96c36..3ff710a 100644 /* * sysretq will re-enable interrupts: */ -@@ -701,6 +1177,9 @@ auditsys: +@@ -702,6 +1178,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -24019,7 +24026,7 @@ index 1e96c36..3ff710a 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -722,7 +1201,7 @@ sysret_audit: +@@ -723,7 +1202,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -24028,7 +24035,7 @@ index 1e96c36..3ff710a 100644 jz auditsys #endif SAVE_REST -@@ -730,12 +1209,15 @@ tracesys: +@@ -731,12 +1210,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -24045,7 +24052,7 @@ index 1e96c36..3ff710a 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -765,7 +1247,9 @@ GLOBAL(int_with_check) +@@ -766,7 +1248,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -24056,7 +24063,7 @@ index 1e96c36..3ff710a 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -811,7 +1295,7 @@ int_restore_rest: +@@ -812,7 +1296,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -24065,7 +24072,7 @@ index 1e96c36..3ff710a 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -824,9 +1308,10 @@ ENTRY(stub_\func) +@@ -825,9 +1309,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -24078,7 +24085,7 @@ index 1e96c36..3ff710a 100644 .endm .macro FIXED_FRAME label,func -@@ -836,9 +1321,10 @@ ENTRY(\label) +@@ -837,9 +1322,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -24090,7 +24097,7 @@ index 1e96c36..3ff710a 100644 .endm FORK_LIKE clone -@@ -846,19 +1332,6 @@ END(\label) +@@ -847,19 +1333,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -24110,7 +24117,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -870,7 +1343,7 @@ ENTRY(stub_execve) +@@ -871,7 +1344,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24119,7 +24126,7 @@ index 1e96c36..3ff710a 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) +@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24128,7 +24135,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24137,7 +24144,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve) +@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24146,7 +24153,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -952,7 +1425,7 @@ vector=vector+1 +@@ -953,7 +1426,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -24155,7 +24162,7 @@ index 1e96c36..3ff710a 100644 .previous END(interrupt) -@@ -969,8 +1442,8 @@ END(interrupt) +@@ -970,8 +1443,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -24166,7 +24173,7 @@ index 1e96c36..3ff710a 100644 SAVE_ARGS_IRQ call \func .endm -@@ -997,14 +1470,14 @@ ret_from_intr: +@@ -998,14 +1471,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -24185,7 +24192,7 @@ index 1e96c36..3ff710a 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24202,16 +24209,32 @@ index 1e96c36..3ff710a 100644 /* * The iretq could re-enable interrupts: */ -@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) + jmp exit_intr #endif - CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * End of kprobes section - */ -@@ -1130,7 +1607,7 @@ ENTRY(\sym) + + /* + * If IRET takes a fault on the espfix stack, then we +@@ -1167,13 +1644,13 @@ __do_double_fault: + cmpq $native_irq_return_iret,%rax + jne do_double_fault /* This shouldn't happen... */ + movq PER_CPU_VAR(kernel_stack),%rax +- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ ++ subq $(6*8),%rax /* Reset to original stack */ + movq %rax,RSP(%rdi) + movq $0,(%rax) /* Missing (lost) #GP error code */ + movq $general_protection,RIP(%rdi) + retq + CFI_ENDPROC +-END(__do_double_fault) ++ENDPROC(__do_double_fault) + #else + # define __do_double_fault do_double_fault + #endif +@@ -1195,7 +1672,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24220,7 +24243,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1218,7 +1695,7 @@ ENTRY(\sym) +@@ -1283,7 +1760,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24229,7 +24252,7 @@ index 1e96c36..3ff710a 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1236,10 +1713,10 @@ ENTRY(\sym) +@@ -1301,10 +1778,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24242,7 +24265,7 @@ index 1e96c36..3ff710a 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1252,12 +1729,18 @@ ENTRY(\sym) +@@ -1317,12 +1794,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24262,7 +24285,7 @@ index 1e96c36..3ff710a 100644 .endm .macro errorentry sym do_sym -@@ -1275,7 +1758,7 @@ ENTRY(\sym) +@@ -1340,7 +1823,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24271,7 +24294,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1306,7 +1789,7 @@ ENTRY(\sym) +@@ -1371,7 +1854,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24280,7 +24303,7 @@ index 1e96c36..3ff710a 100644 .endm zeroentry divide_error do_divide_error -@@ -1336,9 +1819,10 @@ gs_change: +@@ -1401,9 +1884,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24292,7 +24315,7 @@ index 1e96c36..3ff710a 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24304,7 +24327,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24313,7 +24336,7 @@ index 1e96c36..3ff710a 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24322,7 +24345,7 @@ index 1e96c36..3ff710a 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24358,7 +24381,7 @@ index 1e96c36..3ff710a 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1557,7 +2057,7 @@ paranoid_schedule: +@@ -1622,7 +2122,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24367,7 +24390,7 @@ index 1e96c36..3ff710a 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1584,12 +2084,23 @@ ENTRY(error_entry) +@@ -1649,12 +2149,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24392,7 +24415,7 @@ index 1e96c36..3ff710a 100644 ret /* -@@ -1616,7 +2127,7 @@ bstep_iret: +@@ -1681,7 +2192,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -24401,7 +24424,7 @@ index 1e96c36..3ff710a 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1627,7 +2138,7 @@ ENTRY(error_exit) +@@ -1692,7 +2203,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24410,7 +24433,7 @@ index 1e96c36..3ff710a 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1636,7 +2147,7 @@ ENTRY(error_exit) +@@ -1701,7 +2212,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24419,7 +24442,7 @@ index 1e96c36..3ff710a 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1694,9 +2205,11 @@ ENTRY(nmi) +@@ -1759,9 +2270,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24432,7 +24455,7 @@ index 1e96c36..3ff710a 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1730,8 +2243,7 @@ nested_nmi: +@@ -1795,8 +2308,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24442,7 +24465,7 @@ index 1e96c36..3ff710a 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1749,6 +2261,7 @@ nested_nmi_out: +@@ -1814,6 +2326,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24450,7 +24473,7 @@ index 1e96c36..3ff710a 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1845,13 +2358,13 @@ end_repeat_nmi: +@@ -1910,13 +2423,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24466,7 +24489,7 @@ index 1e96c36..3ff710a 100644 DEFAULT_FRAME 0 /* -@@ -1861,9 +2374,9 @@ end_repeat_nmi: +@@ -1926,9 +2439,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24478,7 +24501,7 @@ index 1e96c36..3ff710a 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1872,31 +2385,36 @@ end_repeat_nmi: +@@ -1937,31 +2450,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -24520,6 +24543,19 @@ index 1e96c36..3ff710a 100644 /* * End of kprobes section +diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c +index 94d857f..bf1f0bf 100644 +--- a/arch/x86/kernel/espfix_64.c ++++ b/arch/x86/kernel/espfix_64.c +@@ -197,7 +197,7 @@ void init_espfix_ap(void) + set_pte(&pte_p[n*PTE_STRIDE], pte); + + /* Job is done for this CPU and any CPU which shares this page */ +- ACCESS_ONCE(espfix_pages[page]) = stack_page; ++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page; + + unlock_done: + mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 1ffc32d..e52c745 100644 --- a/arch/x86/kernel/ftrace.c @@ -26002,10 +26038,10 @@ index c2bedae..25e7ab60 100644 .name = "data", .mode = S_IRUGO, diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index dcbbaa1..81ae763 100644 +index c37886d..d851d32 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -26021,7 +26057,7 @@ index dcbbaa1..81ae763 100644 #endif } if (oldsize) { -@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -26030,7 +26066,7 @@ index dcbbaa1..81ae763 100644 return 0; } -@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -26055,7 +26091,7 @@ index dcbbaa1..81ae763 100644 return retval; } -@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -26066,9 +26102,9 @@ index dcbbaa1..81ae763 100644 + } +#endif + - /* - * On x86-64 we do not support 16-bit segments due to - * IRET leaking the high bits of the kernel stack address. + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { + error = -EINVAL; + goto out_unlock; diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 1667b1d..16492c5 100644 --- a/arch/x86/kernel/machine_kexec_32.c @@ -27459,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index a32da80..041a4ff 100644 +index 395be6d..11665af 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused) @@ -27484,7 +27520,7 @@ index a32da80..041a4ff 100644 /* * Check TSC synchronization with the BP: */ -@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27495,7 +27531,7 @@ index a32da80..041a4ff 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -27512,7 +27548,7 @@ index a32da80..041a4ff 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -35813,7 +35849,7 @@ index fd14be1..e3c79c0 100644 # diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index f1d633a..a75c5f7 100644 +index d6bfb87..876ee18 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -25,6 +25,7 @@ @@ -35824,7 +35860,7 @@ index f1d633a..a75c5f7 100644 enum { VDSO_DISABLED = 0, -@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map) +@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -35833,7 +35869,7 @@ index f1d633a..a75c5f7 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -250,7 +251,7 @@ static int __init gate_vma_init(void) +@@ -249,7 +250,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -35842,7 +35878,7 @@ index f1d633a..a75c5f7 100644 return 0; } -@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (compat) addr = VDSO_HIGH_BASE; else { @@ -35859,7 +35895,7 @@ index f1d633a..a75c5f7 100644 if (compat_uses_vma || !compat) { /* -@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) } current_thread_info()->sysenter_return = @@ -35873,7 +35909,7 @@ index f1d633a..a75c5f7 100644 up_write(&mm->mmap_sem); -@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); +@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -35889,7 +35925,7 @@ index f1d633a..a75c5f7 100644 return NULL; } -@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) +@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) * Check to see if the corresponding task was created in compat vdso * mode. */ @@ -36582,26 +36618,6 @@ index 2648797..92ed21f 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/af_alg.c b/crypto/af_alg.c -index 966f893..6a3ad80 100644 ---- a/crypto/af_alg.c -+++ b/crypto/af_alg.c -@@ -21,6 +21,7 @@ - #include <linux/module.h> - #include <linux/net.h> - #include <linux/rwsem.h> -+#include <linux/security.h> - - struct alg_type_list { - const struct af_alg_type *type; -@@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) - - sock_init_data(newsock, sk2); - sock_graft(sk2, newsock); -+ security_sk_clone(sk, sk2); - - err = type->accept(ask->private, sk2); - if (err) { diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -39529,10 +39545,10 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 199b52b..e3503bb 100644 +index 153f4b9..d47054a 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -39541,7 +39557,7 @@ index 199b52b..e3503bb 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -39550,7 +39566,7 @@ index 199b52b..e3503bb 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -39570,7 +39586,7 @@ index 199b52b..e3503bb 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", __func__, -@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -39584,7 +39600,7 @@ index 199b52b..e3503bb 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -50470,25 +50486,10 @@ index d8afec8..3ec7152 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 62ec84b..384f684 100644 +index 64e487a..384f684 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) - scsi_next_command(cmd); - return; - } -+ } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) { -+ /* -+ * Certain non BLOCK_PC requests are commands that don't -+ * actually transfer anything (FLUSH), so cannot use -+ * good_bytes != blk_rq_bytes(req) as the signal for an error. -+ * This sets the error explicitly for the problem case. -+ */ -+ error = __scsi_error_from_host_byte(cmd, result); - } - - /* no bidi support for !REQ_TYPE_BLOCK_PC yet */ -@@ -1474,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -50497,7 +50498,7 @@ index 62ec84b..384f684 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1500,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -63137,6 +63138,19 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c +index 8f854dd..d0fec26 100644 +--- a/fs/nfs/nfs3acl.c ++++ b/fs/nfs/nfs3acl.c +@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, + char *p = data + *result; + + acl = get_acl(inode, type); +- if (!acl) ++ if (IS_ERR_OR_NULL(acl)) + return 0; + + posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -80441,10 +80455,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..5c4bdee +index 0000000..b87dd26 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,249 @@ +@@ -0,0 +1,252 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -80456,6 +80470,9 @@ index 0000000..5c4bdee +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif ++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" ++#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif @@ -82371,7 +82388,7 @@ index 1841b58..fbeebf8 100644 #define preempt_set_need_resched() \ do { \ diff --git a/include/linux/printk.h b/include/linux/printk.h -index fa47e27..c08e034 100644 +index cbf094f..86007b7 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h @@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold @@ -85877,7 +85894,7 @@ index 93b6139..8d628b7 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 9c7fd4c..650b4f1 100644 +index 58c132d..ac3f3b0 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ extern void radix_tree_init(void); @@ -85965,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -85996,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644 return ret; } -@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename) +@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -86007,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -86018,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused) +@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -86030,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644 /* * We try each of these until one succeeds. * -@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -86039,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -89701,7 +89718,7 @@ index 14f9a8d..98ee610 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 4dae9cb..039ffbb 100644 +index 8c086e6..a52bc51 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -90706,7 +90723,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 0aae0fc..2ba2b81 100644 +index 515e212..268a828 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -93559,23 +93576,6 @@ index 539eeb9..e24a987 100644 error = 0; if (end == start) return error; -diff --git a/mm/memcontrol.c b/mm/memcontrol.c -index 5b6b003..9b35da2 100644 ---- a/mm/memcontrol.c -+++ b/mm/memcontrol.c -@@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) - { - struct mem_cgroup_eventfd_list *ev; - -+ spin_lock(&memcg_oom_lock); -+ - list_for_each_entry(ev, &memcg->oom_notify, list) - eventfd_signal(ev->eventfd, 1); -+ -+ spin_unlock(&memcg_oom_lock); - return 0; - } - diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 33365e9..2234ef9 100644 --- a/mm/memory-failure.c @@ -96220,7 +96220,7 @@ index 8740213..f87e25b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index d013dba..d5ae30d 100644 +index 9f45f87..749bfd8 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -96233,7 +96233,7 @@ index d013dba..d5ae30d 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 7e7f947..254d009 100644 +index 62e400d..2072e4e 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -98241,7 +98241,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.c b/net/atm/lec.c -index 5a2f602..9396143 100644 +index 5a2f602..93961433 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry) @@ -102123,28 +102123,6 @@ index 7932697..a13d158 100644 } while (!res); return res; } -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index ec66063..1e05bbd 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, - int err; - - if (level != SOL_PPPOL2TP) -- return udp_prot.setsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (optlen < sizeof(int)) - return -EINVAL; -@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, - struct pppol2tp_session *ps; - - if (level != SOL_PPPOL2TP) -- return udp_prot.getsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (get_user(len, optlen)) - return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index b41567a310..d0be256571 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.6 Kernel Configuration +# Linux/x86 3.14.16 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -313,6 +313,7 @@ CONFIG_INLINE_READ_UNLOCK=y CONFIG_INLINE_READ_UNLOCK_IRQ=y CONFIG_INLINE_WRITE_UNLOCK=y CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -396,6 +397,7 @@ CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set # CONFIG_X86_MCE is not set CONFIG_VM86=y +# CONFIG_X86_16BIT is not set CONFIG_TOSHIBA=m CONFIG_I8K=m CONFIG_X86_REBOOTFIXUPS=y @@ -1543,8 +1545,8 @@ CONFIG_MTD_UBI_WL_THRESHOLD=4096 CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 1478e66922..ec7398ea36 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.6 Kernel Configuration +# Linux/x86 3.14.16 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -328,6 +328,7 @@ CONFIG_INLINE_READ_UNLOCK=y CONFIG_INLINE_READ_UNLOCK_IRQ=y CONFIG_INLINE_WRITE_UNLOCK=y CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -394,6 +395,7 @@ CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set # CONFIG_X86_MCE is not set +# CONFIG_X86_16BIT is not set CONFIG_I8K=m CONFIG_MICROCODE=m CONFIG_MICROCODE_INTEL=y @@ -1522,8 +1524,8 @@ CONFIG_MTD_UBI_WL_THRESHOLD=4096 CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set |