diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 39 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch) | 799 | ||||
-rw-r--r-- | main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch | 44 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 3 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 3 | ||||
-rw-r--r-- | main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch | 114 |
6 files changed, 386 insertions, 616 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index fc6b18a8da..997d1d4726 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,12 +2,12 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.9.4 +pkgver=3.9.5 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,10 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.9.4-201306011536.patch - - leds-leds-gpio-reserve-gpio-before-using-it.patch - ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch + grsecurity-2.9.1-3.9.5-201306102218.patch 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch @@ -152,41 +149,35 @@ dev() { } md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -922c4553299e6692a28761d3032fc012 patch-3.9.4.xz -08c33c99cb779ebd296d2b274c2deeda grsecurity-2.9.1-3.9.4-201306011536.patch -83db7136608d8101ae130728539dc376 leds-leds-gpio-reserve-gpio-before-using-it.patch -ac9a50bdbe91ba6e5205e83f7e734ff5 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch +aa22187ae5cd482a69097e9e59244491 patch-3.9.5.xz +58dec4906c5abc6dc29355eb31816933 grsecurity-2.9.1-3.9.5-201306102218.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -fd6fd35309c0e8c1f05cb725df958f22 kernelconfig.x86 -fd61ff58d25155997c0d6f73e7ca7a7d kernelconfig.x86_64" +3e219a1f25136b204d00865939532fe9 kernelconfig.x86 +1d057c89927a68e5f44896887ad3e379 kernelconfig.x86_64" sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz -694ea0d527556c5a214597596f37cdb598d2a0652d6f5e86b8c0de718990ccec patch-3.9.4.xz -3bf95754ba94f3dfa7a91d92726e83c9092feab9e990f70d31bc52974bff27b0 grsecurity-2.9.1-3.9.4-201306011536.patch -13676bc5610a8d03e788ac76734babd1338b023bb39559452ee54652b046e6f4 leds-leds-gpio-reserve-gpio-before-using-it.patch -ab0dcb52342990ad05af5ce21acd1e95fb65cc7e76ec98e45c7ece7433bc9f23 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch +f25145ff6ddde7a633839aabfd97b0d8239e14c494fd16210871229a35c1c0de patch-3.9.5.xz +196ee8f6b9fc368ac7c09dc6f929e947f4a02b7ef66c2f84f00fa7f682774604 grsecurity-2.9.1-3.9.5-201306102218.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -b44c6671b344ddae1da94e6c051a0e708af8609c1f2ff40d962301ed5023c83a kernelconfig.x86 -7a6700a6db89f8c2c7f8cce7d77f4ddb3fcad889d72c709c2833af795ef1bc79 kernelconfig.x86_64" +cc3bd3d23f6a73ea6488c158de9d195ad5e3d87859ce02d92a04f0e08c9503d3 kernelconfig.x86 +b780ef646b3b30a5b0307102367e17d45bb3a0ab7e37cf92a1ce783c3149243a kernelconfig.x86_64" sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz -2a2eb511a610e8e3ddbc38b8bce0b96e60875009b7981542c98f0de3a601632a205fa9f90c6912094196dbda6536083b3990b28204c243a406f5595c40df0965 patch-3.9.4.xz -eb326ded756cbe086c7999c5a982b6b695ae8ee3c25523a22acd480d97de0603d86eeef5252fe957ed5ccd4e7736db271a253264108e757b23a9bd3e82b32529 grsecurity-2.9.1-3.9.4-201306011536.patch -10d2cf4fb308d1bc8cb5b9df3f9a6d7b9cef453244673bcbe66bd9b64af410a498e203d4dfa51f53461362ad981736eadc46537616b2c0514f57f4d8864c830d leds-leds-gpio-reserve-gpio-before-using-it.patch -769291e92f2f5ae5375d98b80bf8790b089c87437f1660cf8d5e9d45d7221280b6824bcb1d2564cbe12310a88df48443c56ecc9ce5468858829088221aa80327 ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch +8e9a064adadd062c7ca52c44de19dfd46b029e60f2832988a606e086b669ea699861ec57732d4abfb16e486f767d123fcfd66da7c2ddde380b7c13582bb44983 patch-3.9.5.xz +704f65e048888c64aa02214e80103745f16f2ddebe9e8304331208436481ca6b1fcadc2e862203142ac98b6d5f7c409ba542b68c11775c4e7ba765a63b3ab2a6 grsecurity-2.9.1-3.9.5-201306102218.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -2516c47145f53cfa5624a9a8839b3590fd16a980aa4c8c48af4db025960d33abe855a5c698ee701a0d3704a96a9a3f93cd6c3cc8c9b8fdf73f230c15ad2f7611 kernelconfig.x86 -0a3739e5e1fe29fcce8c686d8ac223316467a2efaaa18cb3d1abf6c7a66dc86be12c26755dff1aef6d0f5a028ce4f6dfc5664ab42b484046949f401f3b9198f9 kernelconfig.x86_64" +00fd8694455935f96e46b6624388b8c04af27ce4295040362da78c34bf9f08382bc69c1b8b273145573a59e3b4eecfa251119560da19ab390f171a8a6da18298 kernelconfig.x86 +6276f503f9dd7ea228b1661f9a36edcf18d2c4cfb6d9c4e3e1496a4f70709cc693fc8498186d86dd3f303c909c50e478cb95e08a05f50bda77c9cf165aca1ba1 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch index 9a1a55c812..49e438f1bb 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.9.4-201306011536.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.9.5-201306102218.patch @@ -259,7 +259,7 @@ index 8ccbf27..afffeb4 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index bfbfaf9..d0b1bb8 100644 +index 8818c95..ced0bb1 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3390,7 +3390,7 @@ index 044c31d..2ee0861 100644 struct omap_device *omap_device_alloc(struct platform_device *pdev, struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index a202a47..c430564 100644 +index 3a750de..4c9b88f 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops { @@ -5763,6 +5763,19 @@ index e0a8235..ce2f1e1 100644 ret = __copy_from_user(to, from, n); else copy_from_user_overflow(); +diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c +index 5709c5e..14285ca 100644 +--- a/arch/parisc/kernel/drivers.c ++++ b/arch/parisc/kernel/drivers.c +@@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath); + static void setup_bus_id(struct parisc_device *padev) + { + struct hardware_path path; +- char name[20]; ++ char name[28]; + char *output = name; + int i; + diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c @@ -5866,6 +5879,20 @@ index 2a625fb..9908930 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); +diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c +index a3328c2..3b812eb 100644 +--- a/arch/parisc/kernel/setup.c ++++ b/arch/parisc/kernel/setup.c +@@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p) + /* called from hpux boot loader */ + boot_command_line[0] = '\0'; + } else { +- strcpy(boot_command_line, (char *)__va(boot_args[1])); ++ strlcpy(boot_command_line, (char *)__va(boot_args[1]), ++ COMMAND_LINE_SIZE); + + #ifdef CONFIG_BLK_DEV_INITRD + if (boot_args[2] != 0) /* did palo pass us a ramdisk? */ diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c index 5dfd248..64914ac 100644 --- a/arch/parisc/kernel/sys_parisc.c @@ -6353,10 +6380,10 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index c9c67fc..e10c012 100644 +index 3b097a8..8f8c774 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h -@@ -245,6 +245,7 @@ +@@ -234,6 +234,7 @@ #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */ #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */ #define DSISR_NOHPTE 0x40000000 /* no translation found */ @@ -6790,10 +6817,10 @@ index f9b30c6..d72e7a3 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 95068bf..9ba1814 100644 +index 201385c..0f01828 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -982,7 +982,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -976,7 +976,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -6803,10 +6830,10 @@ index 95068bf..9ba1814 100644 tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp; } else { diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index c179428..58acdaa 100644 +index 3459473..2d40783 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, +@@ -749,7 +749,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, #endif /* Set up to return from userspace. */ @@ -6829,10 +6856,10 @@ index 3ce1f86..c30e629 100644 }; diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 83efa2f..6bb5839 100644 +index 1c22b2d..3b56e67 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) +@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) return flags; } @@ -6841,7 +6868,7 @@ index 83efa2f..6bb5839 100644 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { -@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, +@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -20475,7 +20502,7 @@ index 73afd11..d1670f5 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 08f7e80..40cbed5 100644 +index 321d65e..e9437f7 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -20516,7 +20543,7 @@ index 08f7e80..40cbed5 100644 /* * Set up the identity mapping for the switchover. These -@@ -175,8 +187,8 @@ ENTRY(secondary_startup_64) +@@ -177,8 +189,8 @@ ENTRY(secondary_startup_64) movq $(init_level4_pgt - __START_KERNEL_map), %rax 1: @@ -20527,7 +20554,7 @@ index 08f7e80..40cbed5 100644 movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -197,10 +209,18 @@ ENTRY(secondary_startup_64) +@@ -199,10 +211,18 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -20547,7 +20574,7 @@ index 08f7e80..40cbed5 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -280,6 +300,7 @@ ENTRY(secondary_startup_64) +@@ -282,6 +302,7 @@ ENTRY(secondary_startup_64) * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, * address given in m16:64. */ @@ -20555,7 +20582,7 @@ index 08f7e80..40cbed5 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -386,7 +407,7 @@ ENTRY(early_idt_handler) +@@ -388,7 +409,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -20564,7 +20591,7 @@ index 08f7e80..40cbed5 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -414,6 +435,7 @@ ENDPROC(early_idt_handler) +@@ -416,6 +437,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 @@ -20572,7 +20599,7 @@ index 08f7e80..40cbed5 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -443,27 +465,50 @@ NEXT_PAGE(early_dynamic_pgts) +@@ -445,27 +467,50 @@ NEXT_PAGE(early_dynamic_pgts) .data @@ -20631,7 +20658,7 @@ index 08f7e80..40cbed5 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -471,6 +516,9 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -473,6 +518,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -20641,7 +20668,7 @@ index 08f7e80..40cbed5 100644 NEXT_PAGE(level2_kernel_pgt) /* * 512 MB kernel mapping. We spend a full page on this pagetable -@@ -486,38 +534,64 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -488,38 +536,64 @@ NEXT_PAGE(level2_kernel_pgt) KERNEL_IMAGE_SIZE/PMD_SIZE) NEXT_PAGE(level2_fixmap_pgt) @@ -20743,10 +20770,10 @@ index 0fa6912..37fce70 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 245a71d..89d9ce4 100644 +index cb33909..1163b40 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c -@@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void) +@@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) static inline bool interrupted_user_mode(void) { struct pt_regs *regs = get_irq_regs(); @@ -23943,7 +23970,7 @@ index a20ecb5..d0e2194 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index 59622c9..f338414 100644 +index 698eece..776b682 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) @@ -31882,10 +31909,10 @@ index 34c8216..f56c828 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 63c743b..0422dc6 100644 +index cf15aee..e0b7078 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4786,7 +4786,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -31894,7 +31921,7 @@ index 63c743b..0422dc6 100644 ap = qc->ap; qc->flags = 0; -@@ -4802,7 +4802,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4808,7 +4808,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -31903,7 +31930,7 @@ index 63c743b..0422dc6 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5926,6 +5926,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -31911,7 +31938,7 @@ index 63c743b..0422dc6 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5939,8 +5940,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -31951,7 +31978,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index 77a7480..05cde58 100644 +index 77a7480d..05cde58 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -33220,7 +33247,7 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 3f08713..56a586a 100644 +index 3f08713..87d4b4a 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) @@ -33295,7 +33322,15 @@ index 3f08713..56a586a 100644 a1 = a; a &= ~3; if ((c = h->cmpQ) == NULL) { -@@ -1449,11 +1449,11 @@ static int sendcmd( +@@ -1195,6 +1195,7 @@ out_passthru: + ida_pci_info_struct pciinfo; + + if (!arg) return -EINVAL; ++ memset(&pciinfo, 0, sizeof(pciinfo)); + pciinfo.bus = host->pci_dev->bus->number; + pciinfo.dev_fn = host->pci_dev->devfn; + pciinfo.board_id = host->board_id; +@@ -1449,11 +1450,11 @@ static int sendcmd( /* * Disable interrupt */ @@ -33309,7 +33344,7 @@ index 3f08713..56a586a 100644 if (temp != 0) { break; } -@@ -1466,7 +1466,7 @@ DBG( +@@ -1466,7 +1467,7 @@ DBG( /* * Send the cmd */ @@ -33318,7 +33353,7 @@ index 3f08713..56a586a 100644 complete = pollcomplete(ctlr); pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, -@@ -1549,9 +1549,9 @@ static int revalidate_allvol(ctlr_info_t *host) +@@ -1549,9 +1550,9 @@ static int revalidate_allvol(ctlr_info_t *host) * we check the new geometry. Then turn interrupts back on when * we're done. */ @@ -33330,7 +33365,7 @@ index 3f08713..56a586a 100644 for(i=0; i<NWD; i++) { struct gendisk *disk = ida_gendisk[ctlr][i]; -@@ -1591,7 +1591,7 @@ static int pollcomplete(int ctlr) +@@ -1591,7 +1592,7 @@ static int pollcomplete(int ctlr) /* Wait (up to 2 seconds) for a command to complete */ for (i = 200000; i > 0; i--) { @@ -33542,7 +33577,7 @@ index 2e7de7a..ed86dc0 100644 static DEFINE_MUTEX(pktcdvd_mutex); static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index d620b44..587561e 100644 +index d620b44..e9abc80 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -33575,6 +33610,24 @@ index d620b44..587561e 100644 cdinfo(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name); } +@@ -2107,7 +2108,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf, + */ + nr = nframes; + do { +- cgc.buffer = kmalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL); ++ cgc.buffer = kzalloc(CD_FRAMESIZE_RAW * nr, GFP_KERNEL); + if (cgc.buffer) + break; + +@@ -2882,7 +2883,7 @@ static noinline int mmc_ioctl_cdrom_read_data(struct cdrom_device_info *cdi, + if (lba < 0) + return -EINVAL; + +- cgc->buffer = kmalloc(blocksize, GFP_KERNEL); ++ cgc->buffer = kzalloc(blocksize, GFP_KERNEL); + if (cgc->buffer == NULL) + return -ENOMEM; + diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c index d59cdcb..11afddf 100644 --- a/drivers/cdrom/gdrom.c @@ -33882,6 +33935,18 @@ index 2c644af..d4d7f17 100644 }; static int memory_open(struct inode *inode, struct file *filp) +diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c +index c689697..04e6d6a 100644 +--- a/drivers/char/mwave/tp3780i.c ++++ b/drivers/char/mwave/tp3780i.c +@@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities + PRINTK_2(TRACE_TP3780I, + "tp3780i::tp3780I_QueryAbilities entry pBDData %p\n", pBDData); + ++ memset(pAbilities, 0, sizeof(*pAbilities)); + /* fill out standard constant fields */ + pAbilities->instr_per_sec = pBDData->rDspSettings.uIps; + pAbilities->data_size = pBDData->rDspSettings.uDStoreSize; diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c index 9df78e2..01ba9ae 100644 --- a/drivers/char/nvram.c @@ -33971,7 +34036,7 @@ index 5c5cc00..ac9edb7 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 32a6c57..98038d5 100644 +index eccd7cc..98038d5 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -34017,85 +34082,7 @@ index 32a6c57..98038d5 100644 smp_wmb(); if (out) -@@ -865,16 +877,24 @@ static size_t account(struct entropy_store *r, size_t nbytes, int min, - if (r->entropy_count / 8 < min + reserved) { - nbytes = 0; - } else { -+ int entropy_count, orig; -+retry: -+ entropy_count = orig = ACCESS_ONCE(r->entropy_count); - /* If limited, never pull more than available */ -- if (r->limit && nbytes + reserved >= r->entropy_count / 8) -- nbytes = r->entropy_count/8 - reserved; -+ if (r->limit && nbytes + reserved >= entropy_count / 8) -+ nbytes = entropy_count/8 - reserved; - -- if (r->entropy_count / 8 >= nbytes + reserved) -- r->entropy_count -= nbytes*8; -- else -- r->entropy_count = reserved; -+ if (entropy_count / 8 >= nbytes + reserved) { -+ entropy_count -= nbytes*8; -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) -+ goto retry; -+ } else { -+ entropy_count = reserved; -+ if (cmpxchg(&r->entropy_count, orig, entropy_count) != orig) -+ goto retry; -+ } - -- if (r->entropy_count < random_write_wakeup_thresh) -+ if (entropy_count < random_write_wakeup_thresh) - wakeup_write = 1; - } - -@@ -957,10 +977,23 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - { - ssize_t ret = 0, i; - __u8 tmp[EXTRACT_SIZE]; -+ unsigned long flags; - - /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */ -- if (fips_enabled && !r->last_data_init) -- nbytes += EXTRACT_SIZE; -+ if (fips_enabled) { -+ spin_lock_irqsave(&r->lock, flags); -+ if (!r->last_data_init) { -+ r->last_data_init = true; -+ spin_unlock_irqrestore(&r->lock, flags); -+ trace_extract_entropy(r->name, EXTRACT_SIZE, -+ r->entropy_count, _RET_IP_); -+ xfer_secondary_pool(r, EXTRACT_SIZE); -+ extract_buf(r, tmp); -+ spin_lock_irqsave(&r->lock, flags); -+ memcpy(r->last_data, tmp, EXTRACT_SIZE); -+ } -+ spin_unlock_irqrestore(&r->lock, flags); -+ } - - trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_); - xfer_secondary_pool(r, nbytes); -@@ -970,19 +1003,6 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - extract_buf(r, tmp); - - if (fips_enabled) { -- unsigned long flags; -- -- -- /* prime last_data value if need be, per fips 140-2 */ -- if (!r->last_data_init) { -- spin_lock_irqsave(&r->lock, flags); -- memcpy(r->last_data, tmp, EXTRACT_SIZE); -- r->last_data_init = true; -- nbytes -= EXTRACT_SIZE; -- spin_unlock_irqrestore(&r->lock, flags); -- extract_buf(r, tmp); -- } -- - spin_lock_irqsave(&r->lock, flags); - if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) - panic("Hardware RNG duplicated output!\n"); -@@ -1024,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1032,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -34104,7 +34091,7 @@ index 32a6c57..98038d5 100644 ret = -EFAULT; break; } -@@ -1360,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1368,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -34113,7 +34100,7 @@ index 32a6c57..98038d5 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; -@@ -1376,7 +1396,7 @@ static char sysctl_bootid[16]; +@@ -1384,7 +1396,7 @@ static char sysctl_bootid[16]; static int proc_do_uuid(ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -35743,10 +35730,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 44b8034..cc722fd 100644 +index 5073665..31d15a6 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -977,7 +977,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -976,7 +976,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -37505,6 +37492,37 @@ index 89562a8..218999b 100644 capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */ capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ +diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c +index 9b1b274..c123709 100644 +--- a/drivers/isdn/capi/kcapi.c ++++ b/drivers/isdn/capi/kcapi.c +@@ -93,7 +93,7 @@ capi_ctr_put(struct capi_ctr *ctr) + + static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr) + { +- if (contr - 1 >= CAPI_MAXCONTR) ++ if (contr < 1 || contr - 1 >= CAPI_MAXCONTR) + return NULL; + + return capi_controller[contr - 1]; +@@ -103,7 +103,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid) + { + lockdep_assert_held(&capi_controller_lock); + +- if (applid - 1 >= CAPI_MAXAPPL) ++ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL) + return NULL; + + return capi_applications[applid - 1]; +@@ -111,7 +111,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid) + + static inline struct capi20_appl *get_capi_appl_by_nr(u16 applid) + { +- if (applid - 1 >= CAPI_MAXAPPL) ++ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL) + return NULL; + + return rcu_dereference(capi_applications[applid - 1]); diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c index e2b5396..c5486dc 100644 --- a/drivers/isdn/gigaset/interface.c @@ -39597,7 +39615,7 @@ index ff90760..08d8aed 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 8d7d4c2..95f7681 100644 +index 25309bf..fcfd54c 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h @@ -147,6 +147,7 @@ @@ -40506,10 +40524,10 @@ index 12c4f31..484d948 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index cffdf4f..7cefb69 100644 +index 2b49f48..14fc244 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -2144,25 +2144,19 @@ static int __init init_mac80211_hwsim(void) +@@ -2143,25 +2143,19 @@ static int __init init_mac80211_hwsim(void) if (channels > 1) { hwsim_if_comb.num_different_channels = channels; @@ -42680,7 +42698,7 @@ index 5f13890..36a044b 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c -index bc5e9da..dacd556 100644 +index a94e66f..31984d0 100644 --- a/drivers/staging/vt6656/hostap.c +++ b/drivers/staging/vt6656/hostap.c @@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -42751,48 +42769,6 @@ index adbe5a8..d387359 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ -diff --git a/drivers/target/iscsi/iscsi_target_parameters.c b/drivers/target/iscsi/iscsi_target_parameters.c -index ca2be40..93ae910 100644 ---- a/drivers/target/iscsi/iscsi_target_parameters.c -+++ b/drivers/target/iscsi/iscsi_target_parameters.c -@@ -712,9 +712,9 @@ static int iscsi_add_notunderstood_response( - } - INIT_LIST_HEAD(&extra_response->er_list); - -- strncpy(extra_response->key, key, strlen(key) + 1); -- strncpy(extra_response->value, NOTUNDERSTOOD, -- strlen(NOTUNDERSTOOD) + 1); -+ strlcpy(extra_response->key, key, sizeof(extra_response->key)); -+ strlcpy(extra_response->value, NOTUNDERSTOOD, -+ sizeof(extra_response->value)); - - list_add_tail(&extra_response->er_list, - ¶m_list->extra_response_list); -@@ -1583,8 +1583,6 @@ int iscsi_decode_text_input( - - if (phase & PHASE_SECURITY) { - if (iscsi_check_for_auth_key(key) > 0) { -- char *tmpptr = key + strlen(key); -- *tmpptr = '='; - kfree(tmpbuf); - return 1; - } -diff --git a/drivers/target/iscsi/iscsi_target_parameters.h b/drivers/target/iscsi/iscsi_target_parameters.h -index 1e1b750..2c536a0 100644 ---- a/drivers/target/iscsi/iscsi_target_parameters.h -+++ b/drivers/target/iscsi/iscsi_target_parameters.h -@@ -1,8 +1,10 @@ - #ifndef ISCSI_PARAMETERS_H - #define ISCSI_PARAMETERS_H - -+#include <scsi/iscsi_proto.h> -+ - struct iscsi_extra_response { -- char key[64]; -+ char key[KEY_MAXLEN]; - char value[32]; - struct list_head er_list; - } ____cacheline_aligned; diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c index 2e4d655..fd72e68 100644 --- a/drivers/target/target_core_device.c @@ -42807,10 +42783,10 @@ index 2e4d655..fd72e68 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 0d46276..f327cab5 100644 +index fc9a5a0..1d5975e 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1081,7 +1081,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -43153,10 +43129,10 @@ index 4a43ef5d7..aa71f27 100644 dlci_get(dlci->gsm->dlci[0]); mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 05e72be..67f6a0f 100644 +index 1f8cba6..47b06c2 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2197,6 +2197,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2205,6 +2205,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -44078,7 +44054,7 @@ index c8b9262..7e824e6 100644 ret = uio_get_minor(idev); if (ret) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c -index b7eb86a..c00402f 100644 +index 8a7eb77..c00402f 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev, @@ -44090,16 +44066,6 @@ index b7eb86a..c00402f 100644 return -EINVAL; pos += tmp; -@@ -686,7 +686,8 @@ static int cxacru_cm_get_array(struct cxacru_data *instance, enum cxacru_cm_requ - { - int ret, len; - __le32 *buf; -- int offb, offd; -+ int offb; -+ unsigned int offd; - const int stride = CMD_PACKET_SIZE / (4 * 2) - 1; - int buflen = ((size - 1) / stride + 1 + size * 2) * 4; - diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c index 35f10bf..6a38a0b 100644 --- a/drivers/usb/atm/usbatm.c @@ -51161,39 +51127,6 @@ index febbe0e..782c4fd 100644 static int parse_strtoul(const char *buf, unsigned long max, unsigned long *value) -diff --git a/fs/fat/inode.c b/fs/fat/inode.c -index acf6e47..e7a7fde 100644 ---- a/fs/fat/inode.c -+++ b/fs/fat/inode.c -@@ -1223,6 +1223,19 @@ static int fat_read_root(struct inode *inode) - return 0; - } - -+static unsigned long calc_fat_clusters(struct super_block *sb) -+{ -+ struct msdos_sb_info *sbi = MSDOS_SB(sb); -+ -+ /* Divide first to avoid overflow */ -+ if (sbi->fat_bits != 12) { -+ unsigned long ent_per_sec = sb->s_blocksize * 8 / sbi->fat_bits; -+ return ent_per_sec * sbi->fat_length; -+ } -+ -+ return sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits; -+} -+ - /* - * Read the super block of an MS-DOS FS. - */ -@@ -1427,7 +1440,7 @@ int fat_fill_super(struct super_block *sb, void *data, int silent, int isvfat, - sbi->dirty = b->fat16.state & FAT_STATE_DIRTY; - - /* check that FAT table does not overflow */ -- fat_clusters = sbi->fat_length * sb->s_blocksize * 8 / sbi->fat_bits; -+ fat_clusters = calc_fat_clusters(sb); - total_clusters = min(total_clusters, fat_clusters - FAT_START_ENT); - if (total_clusters > MAX_FAT(sb)) { - if (!silent) diff --git a/fs/fcntl.c b/fs/fcntl.c index 6599222..e7bf0de 100644 --- a/fs/fcntl.c @@ -52844,10 +52777,10 @@ index 11dfa0c..6f64416 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index ff15522..092a0f6 100644 +index 185c479..51b9986 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1409,7 +1409,7 @@ static char *read_link(struct dentry *dentry) +@@ -1415,7 +1415,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -53940,10 +53873,18 @@ index e7bc1d7..06bd4bb 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 5d84442..bf24453 100644 +index 5d84442..2c034ba 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, +@@ -121,6 +121,7 @@ static int fill_event_metadata(struct fsnotify_group *group, + metadata->event_len = FAN_EVENT_METADATA_LEN; + metadata->metadata_len = FAN_EVENT_METADATA_LEN; + metadata->vers = FANOTIFY_METADATA_VERSION; ++ metadata->reserved = 0; + metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; + metadata->pid = pid_vnr(event->tgid); + if (unlikely(event->mask & FAN_Q_OVERFLOW)) +@@ -251,8 +252,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, fd = fanotify_event_metadata.fd; ret = -EFAULT; @@ -56526,7 +56467,7 @@ index d681e34..2a3f5ab 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index d82efaa..0904a8e 100644 +index ca9ecaa..60100c7 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -395,7 +395,7 @@ xfs_vn_put_link( @@ -56540,10 +56481,10 @@ index d82efaa..0904a8e 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..7174794 +index 0000000..ba9c5e3 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1031 @@ +@@ -0,0 +1,1053 @@ +# +# grecurity configuration +# @@ -56629,6 +56570,25 @@ index 0000000..7174794 + If you're using KERNEXEC, it's recommended that you enable this option + to supplement the hardening of the kernel. + ++config GRKERNSEC_PERF_HARDEN ++ bool "Disable unprivileged PERF_EVENTS usage by default" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on PERF_EVENTS ++ help ++ If you say Y here, the range of acceptable values for the ++ /proc/sys/kernel/perf_event_paranoid sysctl will be expanded to allow and ++ default to a new value: 3. When the sysctl is set to this value, no ++ unprivileged use of the PERF_EVENTS syscall interface will be permitted. ++ ++ Though PERF_EVENTS can be used legitimately for performance monitoring ++ and low-level application profiling, it is forced on regardless of ++ configuration, has been at fault for several vulnerabilities, and ++ creates new opportunities for side channels and other information leaks. ++ ++ This feature puts PERF_EVENTS into a secure default state and permits ++ the administrator to change out of it temporarily if unprivileged ++ application profiling is needed. ++ +config GRKERNSEC_RAND_THREADSTACK + bool "Insert random gaps between thread stacks" + default y if GRKERNSEC_CONFIG_AUTO @@ -56739,6 +56699,9 @@ index 0000000..7174794 + useful protection against local kernel exploitation of overflows + and arbitrary read/write vulnerabilities. + ++ It is highly recommended that you enable GRKERNSEC_PERF_HARDEN ++ in addition to this feature. ++ +config GRKERNSEC_KERN_LOCKOUT + bool "Active kernel exploit response" + default y if GRKERNSEC_CONFIG_AUTO @@ -70441,7 +70404,7 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 1d795df..727aa7b 100644 +index 1d795df..b0a6449 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -333,8 +333,8 @@ struct perf_event { @@ -70475,8 +70438,15 @@ index 1d795df..727aa7b 100644 extern int sysctl_perf_event_mlock; extern int sysctl_perf_event_sample_rate; -@@ -714,17 +714,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -712,19 +712,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, + loff_t *ppos); ++static inline bool perf_paranoid_any(void) ++{ ++ return sysctl_perf_event_legitimately_concerned > 2; ++} ++ static inline bool perf_paranoid_tracepoint_raw(void) { - return sysctl_perf_event_paranoid > -1; @@ -70496,7 +70466,7 @@ index 1d795df..727aa7b 100644 } extern void perf_event_init(void); -@@ -812,7 +812,7 @@ static inline void perf_restore_debug_store(void) { } +@@ -812,7 +817,7 @@ static inline void perf_restore_debug_store(void) { } */ #define perf_cpu_notifier(fn) \ do { \ @@ -70505,7 +70475,7 @@ index 1d795df..727aa7b 100644 { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ unsigned long cpu = smp_processor_id(); \ unsigned long flags; \ -@@ -831,7 +831,7 @@ do { \ +@@ -831,7 +836,7 @@ do { \ struct perf_pmu_events_attr { struct device_attribute attr; u64 id; @@ -72906,10 +72876,10 @@ index a6a059c..2243336 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index c4af592..20c52d2 100644 +index f8640f3..b72d113 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -657,7 +657,7 @@ struct se_device { +@@ -658,7 +658,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -74209,10 +74179,10 @@ index f6c2ce5..982c0f9 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index ba1f977..f840d9c 100644 +index a48de6a..df24bfe 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5569,7 +5569,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5567,7 +5567,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -74632,15 +74602,19 @@ index 00eb8f7..d7e3244 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 9fcb094..fd68c54 100644 +index 9fcb094..8370228 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -155,7 +155,11 @@ static struct srcu_struct pmus_srcu; +@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu; + * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv ++ * 3 - disallow all unpriv perf event use */ -int sysctl_perf_event_paranoid __read_mostly = 1; -+#ifdef CONFIG_GRKERNSEC_HIDESYM ++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN ++int sysctl_perf_event_legitimately_concerned __read_mostly = 3; ++#elif CONFIG_GRKERNSEC_HIDESYM +int sysctl_perf_event_legitimately_concerned __read_mostly = 2; +#else +int sysctl_perf_event_legitimately_concerned __read_mostly = 1; @@ -74648,7 +74622,7 @@ index 9fcb094..fd68c54 100644 /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -182,7 +186,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -182,7 +189,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -74657,7 +74631,7 @@ index 9fcb094..fd68c54 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2677,7 +2681,7 @@ static void __perf_event_read(void *info) +@@ -2677,7 +2684,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -74666,7 +74640,7 @@ index 9fcb094..fd68c54 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3007,9 +3011,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3007,9 +3014,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -74678,7 +74652,7 @@ index 9fcb094..fd68c54 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3412,10 +3416,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3412,10 +3419,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -74691,7 +74665,7 @@ index 9fcb094..fd68c54 100644 arch_perf_update_userpage(userpg, now); -@@ -3886,7 +3890,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, +@@ -3886,7 +3893,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, /* Data. */ sp = perf_user_stack_pointer(regs); @@ -74700,7 +74674,7 @@ index 9fcb094..fd68c54 100644 dyn_size = dump_size - rem; perf_output_skip(handle, rem); -@@ -3974,11 +3978,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3974,11 +3981,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -74714,7 +74688,7 @@ index 9fcb094..fd68c54 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4726,12 +4730,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4726,12 +4733,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -74729,7 +74703,7 @@ index 9fcb094..fd68c54 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -6167,7 +6171,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6167,7 +6174,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -74738,7 +74712,19 @@ index 9fcb094..fd68c54 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6795,10 +6799,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6463,6 +6470,11 @@ SYSCALL_DEFINE5(perf_event_open, + if (flags & ~PERF_FLAG_ALL) + return -EINVAL; + ++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN ++ if (perf_paranoid_any() && !capable(CAP_SYS_ADMIN)) ++ return -EACCES; ++#endif ++ + err = perf_copy_attr(attr_uptr, &attr); + if (err) + return err; +@@ -6795,10 +6807,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -75791,7 +75777,7 @@ index b2c71c5..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 0925c9a..6b044ac 100644 +index 97f202c..109575f 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -75956,7 +75942,7 @@ index 0925c9a..6b044ac 100644 set_memory_ro); } } -@@ -1881,16 +1883,19 @@ static void free_module(struct module *mod) +@@ -1886,16 +1888,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -75979,7 +75965,7 @@ index 0925c9a..6b044ac 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1960,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1965,9 +1970,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -76011,7 +75997,7 @@ index 0925c9a..6b044ac 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1983,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1988,7 +2015,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -76021,7 +76007,7 @@ index 0925c9a..6b044ac 100644 break; } -@@ -2002,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2007,11 +2036,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -76042,7 +76028,7 @@ index 0925c9a..6b044ac 100644 return ret; } -@@ -2090,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2095,22 +2133,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -76069,7 +76055,7 @@ index 0925c9a..6b044ac 100644 } pr_debug("Init section allocation order:\n"); -@@ -2119,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2124,23 +2152,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -76098,7 +76084,7 @@ index 0925c9a..6b044ac 100644 } } -@@ -2308,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2313,7 +2331,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -76107,7 +76093,7 @@ index 0925c9a..6b044ac 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2325,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2330,13 +2348,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -76125,7 +76111,7 @@ index 0925c9a..6b044ac 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2349,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2354,12 +2372,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -76142,7 +76128,7 @@ index 0925c9a..6b044ac 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2366,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2371,6 +2391,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -76151,7 +76137,7 @@ index 0925c9a..6b044ac 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2399,17 +2421,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2404,17 +2426,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -76190,7 +76176,7 @@ index 0925c9a..6b044ac 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2685,8 +2723,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2690,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -76205,7 +76191,7 @@ index 0925c9a..6b044ac 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2712,7 +2756,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2717,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -76214,7 +76200,7 @@ index 0925c9a..6b044ac 100644 return 0; } -@@ -2806,7 +2850,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2811,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -76223,7 +76209,7 @@ index 0925c9a..6b044ac 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2816,11 +2860,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2821,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -76239,7 +76225,7 @@ index 0925c9a..6b044ac 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2829,13 +2873,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2834,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -76289,7 +76275,7 @@ index 0925c9a..6b044ac 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2846,16 +2922,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2851,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -76342,7 +76328,7 @@ index 0925c9a..6b044ac 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2912,12 +3017,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2917,12 +3022,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -76361,7 +76347,7 @@ index 0925c9a..6b044ac 100644 set_fs(old_fs); } -@@ -2987,8 +3092,10 @@ out: +@@ -2992,8 +3097,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -76374,7 +76360,7 @@ index 0925c9a..6b044ac 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -3001,7 +3108,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -3006,7 +3113,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -76384,7 +76370,7 @@ index 0925c9a..6b044ac 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3055,16 +3164,16 @@ static int do_init_module(struct module *mod) +@@ -3060,16 +3169,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -76409,7 +76395,7 @@ index 0925c9a..6b044ac 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3126,11 +3235,12 @@ static int do_init_module(struct module *mod) +@@ -3131,11 +3240,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -76427,7 +76413,7 @@ index 0925c9a..6b044ac 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3257,9 +3367,38 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3262,9 +3372,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -76466,7 +76452,7 @@ index 0925c9a..6b044ac 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3275,13 +3414,6 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3280,13 +3419,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -76480,7 +76466,7 @@ index 0925c9a..6b044ac 100644 dynamic_debug_setup(info->debug, info->num_debug); /* Finally it's fully formed, ready to start executing. */ -@@ -3316,11 +3448,10 @@ static int load_module(struct load_info *info, const char __user *uargs, +@@ -3321,11 +3453,10 @@ static int load_module(struct load_info *info, const char __user *uargs, ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); @@ -76493,7 +76479,7 @@ index 0925c9a..6b044ac 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3403,10 +3534,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3408,10 +3539,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -76513,7 +76499,7 @@ index 0925c9a..6b044ac 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3659,7 +3796,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3664,7 +3801,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -76522,7 +76508,7 @@ index 0925c9a..6b044ac 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3668,7 +3805,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3673,7 +3810,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -76531,7 +76517,7 @@ index 0925c9a..6b044ac 100644 /* Taints info */ if (mod->taints) -@@ -3704,7 +3841,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3709,7 +3846,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -76549,7 +76535,7 @@ index 0925c9a..6b044ac 100644 return 0; } module_init(proc_modules_init); -@@ -3765,14 +3912,14 @@ struct module *__module_address(unsigned long addr) +@@ -3770,14 +3917,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -76567,7 +76553,7 @@ index 0925c9a..6b044ac 100644 return mod; } return NULL; -@@ -3807,11 +3954,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3812,11 +3959,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -78585,7 +78571,7 @@ index 0da73cf..5c2af3c 100644 if (!retval) { if (old_rlim) diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index afc1dc6..5e28bbf 100644 +index afc1dc6..f6cf355 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -93,7 +93,6 @@ @@ -78596,6 +78582,34 @@ index afc1dc6..5e28bbf 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; +@@ -120,18 +119,18 @@ extern int blk_iopoll_enabled; + + /* Constants used for minimum and maximum */ + #ifdef CONFIG_LOCKUP_DETECTOR +-static int sixty = 60; +-static int neg_one = -1; ++static int sixty __read_only = 60; + #endif + +-static int zero; +-static int __maybe_unused one = 1; +-static int __maybe_unused two = 2; +-static int __maybe_unused three = 3; +-static unsigned long one_ul = 1; +-static int one_hundred = 100; ++static int neg_one __read_only = -1; ++static int zero __read_only = 0; ++static int __maybe_unused one __read_only = 1; ++static int __maybe_unused two __read_only = 2; ++static int __maybe_unused three __read_only = 3; ++static unsigned long one_ul __read_only = 1; ++static int one_hundred __read_only = 100; + #ifdef CONFIG_PRINTK +-static int ten_thousand = 10000; ++static int ten_thousand __read_only = 10000; + #endif + + /* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */ @@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -78691,7 +78705,7 @@ index afc1dc6..5e28bbf 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1026,8 +1059,8 @@ static struct ctl_table kern_table[] = { +@@ -1026,10 +1059,17 @@ static struct ctl_table kern_table[] = { */ { .procname = "perf_event_paranoid", @@ -78700,9 +78714,19 @@ index afc1dc6..5e28bbf 100644 + .data = &sysctl_perf_event_legitimately_concerned, + .maxlen = sizeof(sysctl_perf_event_legitimately_concerned), .mode = 0644, - .proc_handler = proc_dointvec, +- .proc_handler = proc_dointvec, ++ /* go ahead, be a hero */ ++ .proc_handler = proc_dointvec_minmax_sysadmin, ++ .extra1 = &neg_one, ++#ifdef CONFIG_GRKERNSEC_PERF_HARDEN ++ .extra2 = &three, ++#else ++ .extra2 = &two, ++#endif }, -@@ -1283,6 +1316,13 @@ static struct ctl_table vm_table[] = { + { + .procname = "perf_event_mlock_kb", +@@ -1283,6 +1323,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -78716,7 +78740,7 @@ index afc1dc6..5e28bbf 100644 #else { .procname = "nr_trim_pages", -@@ -1733,6 +1773,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1733,6 +1780,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -78733,7 +78757,7 @@ index afc1dc6..5e28bbf 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1838,6 +1888,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1838,6 +1895,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -78742,7 +78766,7 @@ index afc1dc6..5e28bbf 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2002,7 +2054,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2002,7 +2061,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -78751,7 +78775,7 @@ index afc1dc6..5e28bbf 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2030,7 +2082,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2030,7 +2089,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -78759,7 +78783,7 @@ index afc1dc6..5e28bbf 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2039,7 +2090,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2039,7 +2097,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -78767,7 +78791,7 @@ index afc1dc6..5e28bbf 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2186,8 +2236,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2186,8 +2243,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -78780,7 +78804,7 @@ index afc1dc6..5e28bbf 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2579,6 +2632,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2579,6 +2639,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -78793,7 +78817,7 @@ index afc1dc6..5e28bbf 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2635,5 +2694,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2635,5 +2701,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -80367,24 +80391,6 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index e2f7f5aa..a4510d4 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -2318,7 +2318,12 @@ static void collapse_huge_page(struct mm_struct *mm, - pte_unmap(pte); - spin_lock(&mm->page_table_lock); - BUG_ON(!pmd_none(*pmd)); -- set_pmd_at(mm, address, pmd, _pmd); -+ /* -+ * We can only use set_pmd_at when establishing -+ * hugepmds and never for establishing regular pmds that -+ * points to regular pagetables. Use pmd_populate for that -+ */ -+ pmd_populate(mm, pmd, pmd_pgtable(_pmd)); - spin_unlock(&mm->page_table_lock); - anon_vma_unlock_write(vma->anon_vma); - goto out; diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 1a12f5b..a85b8fc 100644 --- a/mm/hugetlb.c @@ -81553,7 +81559,7 @@ index 7431001..0f8344e 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 3bbaf5d..299b0e9 100644 +index 22ed5c1..87c424c 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, @@ -82849,133 +82855,6 @@ index 0dceed8..671951c 100644 vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND; vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); -diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c -index be04122..6725ff1 100644 ---- a/mm/mmu_notifier.c -+++ b/mm/mmu_notifier.c -@@ -40,48 +40,44 @@ void __mmu_notifier_release(struct mm_struct *mm) - int id; - - /* -- * srcu_read_lock() here will block synchronize_srcu() in -- * mmu_notifier_unregister() until all registered -- * ->release() callouts this function makes have -- * returned. -+ * SRCU here will block mmu_notifier_unregister until -+ * ->release returns. - */ - id = srcu_read_lock(&srcu); -+ hlist_for_each_entry_rcu(mn, &mm->mmu_notifier_mm->list, hlist) -+ /* -+ * If ->release runs before mmu_notifier_unregister it must be -+ * handled, as it's the only way for the driver to flush all -+ * existing sptes and stop the driver from establishing any more -+ * sptes before all the pages in the mm are freed. -+ */ -+ if (mn->ops->release) -+ mn->ops->release(mn, mm); -+ srcu_read_unlock(&srcu, id); -+ - spin_lock(&mm->mmu_notifier_mm->lock); - while (unlikely(!hlist_empty(&mm->mmu_notifier_mm->list))) { - mn = hlist_entry(mm->mmu_notifier_mm->list.first, - struct mmu_notifier, - hlist); -- - /* -- * Unlink. This will prevent mmu_notifier_unregister() -- * from also making the ->release() callout. -+ * We arrived before mmu_notifier_unregister so -+ * mmu_notifier_unregister will do nothing other than to wait -+ * for ->release to finish and for mmu_notifier_unregister to -+ * return. - */ - hlist_del_init_rcu(&mn->hlist); -- spin_unlock(&mm->mmu_notifier_mm->lock); -- -- /* -- * Clear sptes. (see 'release' description in mmu_notifier.h) -- */ -- if (mn->ops->release) -- mn->ops->release(mn, mm); -- -- spin_lock(&mm->mmu_notifier_mm->lock); - } - spin_unlock(&mm->mmu_notifier_mm->lock); - - /* -- * All callouts to ->release() which we have done are complete. -- * Allow synchronize_srcu() in mmu_notifier_unregister() to complete -- */ -- srcu_read_unlock(&srcu, id); -- -- /* -- * mmu_notifier_unregister() may have unlinked a notifier and may -- * still be calling out to it. Additionally, other notifiers -- * may have been active via vmtruncate() et. al. Block here -- * to ensure that all notifier callouts for this mm have been -- * completed and the sptes are really cleaned up before returning -- * to exit_mmap(). -+ * synchronize_srcu here prevents mmu_notifier_release from returning to -+ * exit_mmap (which would proceed with freeing all pages in the mm) -+ * until the ->release method returns, if it was invoked by -+ * mmu_notifier_unregister. -+ * -+ * The mmu_notifier_mm can't go away from under us because one mm_count -+ * is held by exit_mmap. - */ - synchronize_srcu(&srcu); - } -@@ -292,31 +288,34 @@ void mmu_notifier_unregister(struct mmu_notifier *mn, struct mm_struct *mm) - { - BUG_ON(atomic_read(&mm->mm_count) <= 0); - -- spin_lock(&mm->mmu_notifier_mm->lock); - if (!hlist_unhashed(&mn->hlist)) { -+ /* -+ * SRCU here will force exit_mmap to wait for ->release to -+ * finish before freeing the pages. -+ */ - int id; - -- /* -- * Ensure we synchronize up with __mmu_notifier_release(). -- */ - id = srcu_read_lock(&srcu); -- -- hlist_del_rcu(&mn->hlist); -- spin_unlock(&mm->mmu_notifier_mm->lock); -- -- if (mn->ops->release) -- mn->ops->release(mn, mm); -- - /* -- * Allow __mmu_notifier_release() to complete. -+ * exit_mmap will block in mmu_notifier_release to guarantee -+ * that ->release is called before freeing the pages. - */ -+ if (mn->ops->release) -+ mn->ops->release(mn, mm); - srcu_read_unlock(&srcu, id); -- } else -+ -+ spin_lock(&mm->mmu_notifier_mm->lock); -+ /* -+ * Can not use list_del_rcu() since __mmu_notifier_release -+ * can delete it before we hold the lock. -+ */ -+ hlist_del_init_rcu(&mn->hlist); - spin_unlock(&mm->mmu_notifier_mm->lock); -+ } - - /* -- * Wait for any running method to finish, including ->release() if it -- * was run by __mmu_notifier_release() instead of us. -+ * Wait for any running method to finish, of course including -+ * ->release if it was run by mmu_notifier_relase instead of us. - */ - synchronize_srcu(&srcu); - diff --git a/mm/mprotect.c b/mm/mprotect.c index 94722a4..07d9926 100644 --- a/mm/mprotect.c @@ -87120,6 +86999,24 @@ index 960fd29..d55bf64 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) +diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c +index e220207..cdeb839 100644 +--- a/net/ipv4/tcp.c ++++ b/net/ipv4/tcp.c +@@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp, + + for (i = 0; i < shi->nr_frags; ++i) { + const struct skb_frag_struct *f = &shi->frags[i]; +- struct page *page = skb_frag_page(f); +- sg_set_page(&sg, page, skb_frag_size(f), f->page_offset); ++ unsigned int offset = f->page_offset; ++ struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT); ++ ++ sg_set_page(&sg, page, skb_frag_size(f), ++ offset_in_page(offset)); + if (crypto_hash_update(desc, &sg, skb_frag_size(f))) + return 1; + } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 13b9c08..d33a8d0 100644 --- a/net/ipv4/tcp_input.c @@ -87527,6 +87424,19 @@ index 95d13c7..791fe2f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index 155eccf..851fdae 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + if (WARN_ON(np->cork.opt)) + return -EINVAL; + +- np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); ++ np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); + if (unlikely(np->cork.opt == NULL)) + return -ENOBUFS; + diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index fff83cb..82d49dd 100644 --- a/net/ipv6/ip6_tunnel.c @@ -88061,6 +87971,19 @@ index 362ba47..66196f4 100644 seq_printf(m, "Max data size: %d\n", self->max_data_size); seq_printf(m, "Max header size: %d\n", self->max_header_size); +diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c +index 8c00416..9ea0c93 100644 +--- a/net/irda/irlap_frame.c ++++ b/net/irda/irlap_frame.c +@@ -544,7 +544,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self, + /* + * We now have some discovery info to deliver! + */ +- discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC); ++ discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC); + if (!discovery) { + IRDA_WARNING("%s: unable to malloc!\n", __func__); + return; diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index 206ce6d..cfb27cd 100644 --- a/net/iucv/af_iucv.c @@ -88163,7 +88086,7 @@ index 5672533..6738c93 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index d51ca9d..042c35f 100644 +index 9cbebc2..14879bb 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) @@ -89949,7 +89872,7 @@ index d5f35f1..da2680b5 100644 task->tk_action = call_reserve; } diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index f8529fc..ce8c643 100644 +index 5356b12..c0f4c29 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c @@ -261,9 +261,9 @@ static int rpc_wait_bit_killable(void *word) @@ -90413,6 +90336,18 @@ index c8717c1..08539f5 100644 err = handler(dev, info, (union iwreq_data *) iwp, extra); iwp->length += essid_compat; +diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c +index bcfda89..0cf003d 100644 +--- a/net/xfrm/xfrm_output.c ++++ b/net/xfrm/xfrm_output.c +@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) + + if (unlikely(x->km.state != XFRM_STATE_VALID)) { + XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); ++ err = -EINVAL; + goto error; + } + diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 167c67d..3f2ae427 100644 --- a/net/xfrm/xfrm_policy.c diff --git a/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch b/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch deleted file mode 100644 index 7cb0dade7c..0000000000 --- a/main/linux-grsec/ipsec-xfrm-properly-handle-invalid-states-as-an-error.patch +++ /dev/null @@ -1,44 +0,0 @@ -From patchwork Wed May 22 11:40:47 2013 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 8bit -Subject: [ipsec] xfrm: properly handle invalid states as an error -Date: Wed, 22 May 2013 01:40:47 -0000 -From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi> -X-Patchwork-Id: 245594 -Message-Id: <1369222847-8542-1-git-send-email-timo.teras@iki.fi> -To: netdev@vger.kernel.org -Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>, - Li RongQing <roy.qing.li@gmail.com>, - Steffen Klassert <steffen.klassert@secunet.com> - -The error exit path needs err explicitly set. Otherwise it -returns success and the only caller, xfrm_output_resume(), -would oops in skb_dst(skb)->ops derefence as skb_dst(skb) is -NULL. - -Bug introduced in commit bb65a9cb (xfrm: removes a superfluous -check and add a statistic). - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> -Cc: Li RongQing <roy.qing.li@gmail.com> -Cc: Steffen Klassert <steffen.klassert@secunet.com> - ---- -Should go also to 3.9-stable. - - net/xfrm/xfrm_output.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c -index bcfda89..0cf003d 100644 ---- a/net/xfrm/xfrm_output.c -+++ b/net/xfrm/xfrm_output.c -@@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) - - if (unlikely(x->km.state != XFRM_STATE_VALID)) { - XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); -+ err = -EINVAL; - goto error; - } - diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index e7d4331a7f..5774d1f22d 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.3 Kernel Configuration +# Linux/x86 3.9.5 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -5522,6 +5522,7 @@ CONFIG_PAX_USERCOPY=y CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_VM86 is not set # CONFIG_GRKERNSEC_IO is not set +CONFIG_GRKERNSEC_PERF_HARDEN=y CONFIG_GRKERNSEC_PROC_MEMMAP=y # CONFIG_GRKERNSEC_BRUTE is not set # CONFIG_GRKERNSEC_MODHARDEN is not set diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 561ab2088a..df9536d19f 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.3 Kernel Configuration +# Linux/x86 3.9.5 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -5459,6 +5459,7 @@ CONFIG_PAX_USERCOPY=y CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_IO is not set CONFIG_GRKERNSEC_JIT_HARDEN=y +CONFIG_GRKERNSEC_PERF_HARDEN=y CONFIG_GRKERNSEC_PROC_MEMMAP=y # CONFIG_GRKERNSEC_BRUTE is not set # CONFIG_GRKERNSEC_MODHARDEN is not set diff --git a/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch b/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch deleted file mode 100644 index f7af3b2a07..0000000000 --- a/main/linux-grsec/leds-leds-gpio-reserve-gpio-before-using-it.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 37e3042c345024aa5e39a1a28a667a00b75fd6ce Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Fri, 17 May 2013 09:31:13 +0300 -Subject: [PATCH] leds: leds-gpio: reserve gpio before using it -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This reverts commit a99d76f (leds: leds-gpio: use gpio_request_one) -and commit 2d7c22f (leds: leds-gpio: set devm_gpio_request_one() -flags param correctly) which was a fix of the first one. - -The conversion to devm_gpio_request in commit e3b1d44c (leds: -leds-gpio: use devm_gpio_request_one) is not reverted. - -The problem is that gpio_cansleep() and gpio_get_value_cansleep() -calls can crash if the gpio is not first reserved. Incidentally this -same bug existed earlier and was fixed similarly in commit d95cbe61 -(leds: Fix potential leds-gpio oops). But the OOPS is real. It happens -when GPIOs are provided by module which is not yet loaded. - -So this fixes the following BUG during my ALIX boot (3.9.2-vanilla): - -BUG: unable to handle kernel NULL pointer dereference at 0000004c -IP: [<c11287d6>] __gpio_cansleep+0xe/0x1a -*pde = 00000000 -Oops: 0000 [#1] SMP -Modules linked in: leds_gpio(+) via_rhine mii cs5535_mfd mfd_core -geode_rng rng_core geode_aes isofs nls_utf8 nls_cp437 vfat fat -ata_generic pata_amd pata_cs5536 pata_acpi libata ehci_pci ehci_hcd -ohci_hcd usb_storage usbcore usb_common sd_mod scsi_mod squashfs loop -Pid: 881, comm: modprobe Not tainted 3.9.2 #1-Alpine -EIP: 0060:[<c11287d6>] EFLAGS: 00010282 CPU: 0 -EIP is at __gpio_cansleep+0xe/0x1a -EAX: 00000000 EBX: cf364018 ECX: c132b8b9 EDX: 00000000 -ESI: c13993a4 EDI: c1399370 EBP: cded9dbc ESP: cded9dbc - DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 -CR0: 8005003b CR2: 0000004c CR3: 0f0c4000 CR4: 00000090 -DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000 -DR6: ffff0ff0 DR7: 00000400 -Process modprobe (pid: 881, ti=cded8000 task=cf094aa0 task.ti=cded8000) -Stack: - cded9de0 d09471cb 00000000 c1399260 cf364014 00000000 c1399260 c1399254 - d0949014 cded9df4 c118cd59 c1399260 d0949014 d0949014 cded9e08 c118ba47 - c1399260 d0949014 c1399294 cded9e1c c118bb75 cded9e24 d0949014 00000000 -Call Trace: - [<d09471cb>] gpio_led_probe+0xba/0x203 [leds_gpio] - [<c118cd59>] platform_drv_probe+0x26/0x48 - [<c118ba47>] driver_probe_device+0x75/0x15c - [<c118bb75>] __driver_attach+0x47/0x63 - [<c118a727>] bus_for_each_dev+0x3c/0x66 - [<c118b6f9>] driver_attach+0x14/0x16 - [<c118bb2e>] ? driver_probe_device+0x15c/0x15c - [<c118b3d5>] bus_add_driver+0xbd/0x1bc - [<d08b4000>] ? 0xd08b3fff - [<d08b4000>] ? 0xd08b3fff - [<c118bffc>] driver_register+0x74/0xec - [<d08b4000>] ? 0xd08b3fff - [<c118c8e8>] platform_driver_register+0x38/0x3a - [<d08b400d>] gpio_led_driver_init+0xd/0x1000 [leds_gpio] - [<c100116c>] do_one_initcall+0x6b/0x10f - [<d08b4000>] ? 0xd08b3fff - [<c105e918>] load_module+0x1631/0x1907 - [<c10975d6>] ? insert_vmalloc_vmlist+0x14/0x43 - [<c1098d5b>] ? __vmalloc_node_range+0x13e/0x15f - [<c105ec50>] sys_init_module+0x62/0x77 - [<c1257888>] syscall_call+0x7/0xb -EIP: [<c11287d6>] __gpio_cansleep+0xe/0x1a SS:ESP 0068:cded9dbc -CR2: 000000000000004c - ---[ end trace 5308fb20d2514822 ]--- - -Signed-off-by: Timo Teräs <timo.teras@iki.f> -Cc: Jingoo Han <jg1.han@samsung.com> -Cc: Sachin Kamat <sachin.kamat@linaro.org> -Cc: Raphael Assenat <raph@8d.com> -Cc: Trent Piepho <tpiepho@freescale.com> -Cc: Javier Martinez Canillas <javier.martinez@collabora.co.uk> -Cc: Arnaud Patard <arnaud.patard@rtp-net.org> -Cc: Ezequiel Garcia <ezequiel.garcia@free-electrons.com> ---- - drivers/leds/leds-gpio.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/drivers/leds/leds-gpio.c b/drivers/leds/leds-gpio.c -index a0d931b..b02b679 100644 ---- a/drivers/leds/leds-gpio.c -+++ b/drivers/leds/leds-gpio.c -@@ -107,6 +107,10 @@ static int create_gpio_led(const struct gpio_led *template, - return 0; - } - -+ ret = devm_gpio_request(parent, template->gpio, template->name); -+ if (ret < 0) -+ return ret; -+ - led_dat->cdev.name = template->name; - led_dat->cdev.default_trigger = template->default_trigger; - led_dat->gpio = template->gpio; -@@ -126,10 +130,7 @@ static int create_gpio_led(const struct gpio_led *template, - if (!template->retain_state_suspended) - led_dat->cdev.flags |= LED_CORE_SUSPENDRESUME; - -- ret = devm_gpio_request_one(parent, template->gpio, -- (led_dat->active_low ^ state) ? -- GPIOF_OUT_INIT_HIGH : GPIOF_OUT_INIT_LOW, -- template->name); -+ ret = gpio_direction_output(led_dat->gpio, led_dat->active_low ^ state); - if (ret < 0) - return ret; - --- -1.8.2.3 - - |