diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-11 09:09:55 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-08-11 09:09:55 +0000 |
| commit | 33fffb713b12efbd723ff64ac836e9a11ec53a6d (patch) | |
| tree | 4f411ade77568d5c042d2d9a8658c7cadb9a2177 /main/linux-grsec | |
| parent | e5dc5f9c96c1c73d909bb807d0ca012d5a3af56d (diff) | |
| download | aports-33fffb713b12efbd723ff64ac836e9a11ec53a6d.tar.bz2 aports-33fffb713b12efbd723ff64ac836e9a11ec53a6d.tar.xz | |
main/linux-grsec: upgrade to 3.14.16
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 28 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch (renamed from main/linux-grsec/grsecurity-3.0-3.14.14-201407282111.patch) | 1336 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 6 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 6 |
4 files changed, 955 insertions, 421 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index c663fd299..d81bce9a9 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.14.14 +pkgver=3.14.16 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.14.14-201407282111.patch + grsecurity-3.0-3.14.16-201408110024.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -165,26 +165,26 @@ dev() { } md5sums="b621207b3f6ecbb67db18b13258f8ea8 linux-3.14.tar.xz -a0349eb104a30f55d0aef3f960a4f0df patch-3.14.14.xz -c462f939ea43655c0aaf007ea507366a grsecurity-3.0-3.14.14-201407282111.patch +0c17d6e79e240062a36d4a71a2f7d1f2 patch-3.14.16.xz +cba8b3e01874c01f982a360cc3aad33f grsecurity-3.0-3.14.16-201408110024.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch -83f0e1b1d2413bcb2dddcf87a10dc42b kernelconfig.x86 -0b07cc6ece6232c631e2d55f2dd860d6 kernelconfig.x86_64 +a5568899899e5c9350439859d1d19ea7 kernelconfig.x86 +7c1a91c0a59f4ec2beab859d46d5386a kernelconfig.x86_64 887980f603af6a1ac6f67edeae2e0d07 kernelconfig.armhf" sha256sums="61558aa490855f42b6340d1a1596be47454909629327c49a5e4e10268065dffa linux-3.14.tar.xz -282451336497b075749a99678de0ef638a46f22fbb0837480dfd354fb2561c1f patch-3.14.14.xz -f3021afbbad7c90578b37a4ad89b0067da4a613e988a71f4019733cd9a3129d8 grsecurity-3.0-3.14.14-201407282111.patch +3d3e79fd9795812f293aa38799c056aaea0f14da8294b31067f7768e9f38db2d patch-3.14.16.xz +e27fc08381e4937347b426e5f68149a0917dce79ef4f962b106ae158cdb4a619 grsecurity-3.0-3.14.16-201408110024.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch -5431d66b9c1af413b4dc6f91de00a6e830e3d780a79c5f85d2d8b013b151c169 kernelconfig.x86 -9f420cee74896fd3578c3b342188438ac5d6b0f327586c108367abcfc3f1e6ff kernelconfig.x86_64 +10e83bc49394f9989e359872c55b70b232954f57b9073889cc962882e8efb8de kernelconfig.x86 +7cf286c881796324839997953df2ad4c0bfe2206e8a7981d3b8bfc6f678a063d kernelconfig.x86_64 ab3e07f85f4dd090b2d22b485881031bd479a1c34fc9a2e9707cb8cdebfcfda4 kernelconfig.armhf" sha512sums="5730d83a7a81134c1e77c0bf89e42dee4f8251ad56c1ac2be20c59e26fdfaa7bea55f277e7af156b637f22e1584914a46089af85039177cb43485089c74ac26e linux-3.14.tar.xz -fc838621a786141f21b86741985e99e5c803b7a9476f126d95678bc6e23205e4cd3c33012b30559a5f4dc4bf25199963d1a8347d6486407581ec0677dd64d4a6 patch-3.14.14.xz -27d7bebc591f1c4800ebc4289900045346e8adebd6529e514d3ba1a9d9f043ca711ea0b1c43aa061c70906941bd3d8d072c7ee8bc8d6020fe3d236748031984e grsecurity-3.0-3.14.14-201407282111.patch +3004ce119ee9d6a13c8d1af6c3e1bd96794c89a98e914c0a0d80ff96c2a6f41ed3d2108aa86312d4b08646a38c9b47478c136252418a4964476b624e5e1fae70 patch-3.14.16.xz +f4a1dec548fb2bb2791d3b4a3e53a4f5f52fef95cd81e4d2dac0749474ff646b51b7f06eb9d83b27c9882e803164f7e60139d9781b144a7eba0819d565cf23b3 grsecurity-3.0-3.14.16-201408110024.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch -03f817222bf5812fa8363542e4ab108767212c67efe3994ea8fe9d0751215d9c3f166ce41de41f9070c855db6c04606828dc61265a1738920b984a24077347c4 kernelconfig.x86 -bc9e8f8a2ccb51fc2e03987657da80282354c248295f76541dba0f70b387161ad086b7a6c77647506e84064a9479f37a5a6e13a28f0aad6bbfef833bb746ee7d kernelconfig.x86_64 +6c04df806b654e64f4ee36619d16b9a5d105543e428cd43107a8073178644c734982933774cba136638b85ed899714b3d915ea9b9d879935d07d6705c5b70675 kernelconfig.x86 +35d1a86449bf1ec9f55102f97c3ceb55f932234231153a3c99826d272f9ab4889fd0648a8b95d80bd182a8ecec84081f6f20d035fcc740e0dc8cd9e92232a2f4 kernelconfig.x86_64 5a248ef45ad96557fd17f42d5e813d3be88e9bcbce6b0a545cd3831e466d8bfa5cba9d02ebf318d35b99274d39e0fd337050a4f8e5443447ac595db08f6ecb08 kernelconfig.armhf" diff --git a/main/linux-grsec/grsecurity-3.0-3.14.14-201407282111.patch b/main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch index f2197e016..cd58a6f54 100644 --- a/main/linux-grsec/grsecurity-3.0-3.14.14-201407282111.patch +++ b/main/linux-grsec/grsecurity-3.0-3.14.16-201408110024.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 230c7f6..64a1278 100644 +index 8b22e24..7f4d29b 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -313,10 +313,13 @@ index 230c7f6..64a1278 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -585,6 +586,72 @@ else +@@ -585,6 +586,75 @@ else KBUILD_CFLAGS += -O2 endif ++# Tell gcc to never replace conditional load with a non-conditional one ++KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) ++ +ifndef DISABLE_PAX_PLUGINS +ifeq ($(call cc-ifversion, -ge, 0408, y), y) +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") @@ -386,16 +389,7 @@ index 230c7f6..64a1278 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -639,6 +706,8 @@ KBUILD_CFLAGS += -fomit-frame-pointer - endif - endif - -+KBUILD_CFLAGS += $(call cc-option, -fno-var-tracking-assignments) -+ - ifdef CONFIG_DEBUG_INFO - KBUILD_CFLAGS += -g - KBUILD_AFLAGS += -Wa,--gdwarf-2 -@@ -779,7 +848,7 @@ export mod_sign_cmd +@@ -781,7 +851,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -404,7 +398,7 @@ index 230c7f6..64a1278 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -828,6 +897,8 @@ endif +@@ -830,6 +900,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -413,7 +407,7 @@ index 230c7f6..64a1278 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -837,7 +908,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -839,7 +911,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -422,7 +416,7 @@ index 230c7f6..64a1278 100644 $(Q)$(MAKE) $(build)=$@ define filechk_kernel.release -@@ -880,10 +951,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ +@@ -882,10 +954,13 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ archprepare: archheaders archscripts prepare1 scripts_basic @@ -436,7 +430,7 @@ index 230c7f6..64a1278 100644 prepare: prepare0 # Generate some files -@@ -991,6 +1065,8 @@ all: modules +@@ -993,6 +1068,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -445,7 +439,7 @@ index 230c7f6..64a1278 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1006,7 +1082,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1008,7 +1085,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -454,7 +448,7 @@ index 230c7f6..64a1278 100644 # Target to install modules PHONY += modules_install -@@ -1072,7 +1148,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1074,7 +1151,10 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -466,7 +460,7 @@ index 230c7f6..64a1278 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1111,7 +1190,7 @@ distclean: mrproper +@@ -1113,7 +1193,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -475,7 +469,7 @@ index 230c7f6..64a1278 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1273,6 +1352,8 @@ PHONY += $(module-dirs) modules +@@ -1275,6 +1355,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -484,7 +478,7 @@ index 230c7f6..64a1278 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1412,17 +1493,21 @@ else +@@ -1414,17 +1496,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -510,7 +504,7 @@ index 230c7f6..64a1278 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1432,11 +1517,15 @@ endif +@@ -1434,11 +1520,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -4338,7 +4332,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index b68c6b2..f66c492 100644 +index f15c22e..d830561 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -39,6 +39,22 @@ @@ -12652,7 +12646,7 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 7324107..a63fd9f 100644 +index c718d9f..511e6fa 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -126,7 +126,7 @@ config X86 @@ -12681,7 +12675,7 @@ index 7324107..a63fd9f 100644 ---help--- Say Y here to enable options for running Linux under various hyper- visors. This option enables basic hypervisor detection and platform -@@ -1112,7 +1113,7 @@ choice +@@ -1129,7 +1130,7 @@ choice config NOHIGHMEM bool "off" @@ -12690,7 +12684,7 @@ index 7324107..a63fd9f 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1149,7 +1150,7 @@ config NOHIGHMEM +@@ -1166,7 +1167,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -12699,7 +12693,7 @@ index 7324107..a63fd9f 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1202,7 +1203,7 @@ config PAGE_OFFSET +@@ -1219,7 +1220,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -12708,7 +12702,7 @@ index 7324107..a63fd9f 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1606,6 +1607,7 @@ source kernel/Kconfig.hz +@@ -1623,6 +1624,7 @@ source kernel/Kconfig.hz config KEXEC bool "kexec system call" @@ -12716,7 +12710,7 @@ index 7324107..a63fd9f 100644 ---help--- kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot -@@ -1757,7 +1759,9 @@ config X86_NEED_RELOCS +@@ -1774,7 +1776,9 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" @@ -12727,7 +12721,7 @@ index 7324107..a63fd9f 100644 range 0x2000 0x1000000 if X86_32 range 0x200000 0x1000000 if X86_64 ---help--- -@@ -1837,9 +1841,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1854,9 +1858,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -13105,10 +13099,10 @@ index 100a9a1..bb3bdb0 100644 err = check_cpuflags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index ec3b8ba..6a0db1f 100644 +index 04da6c2..a151f55 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -416,10 +416,14 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -434,10 +434,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -17193,7 +17187,7 @@ index 91d9c69..dfae7d0 100644 * Convert a virtual cached pointer to an uncached pointer */ diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h -index bba3cf8..06bc8da 100644 +index 0a8b519..80e7d5b 100644 --- a/arch/x86/include/asm/irqflags.h +++ b/arch/x86/include/asm/irqflags.h @@ -141,6 +141,11 @@ static inline notrace unsigned long arch_local_irq_save(void) @@ -18404,21 +18398,24 @@ index e22c1db..23a625a 100644 } diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index c883bf7..19970b3 100644 +index 7166e25..baaa6fe 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t; +@@ -61,9 +61,14 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) +#define MODULES_EXEC_VADDR MODULES_VADDR +#define MODULES_EXEC_END MODULES_END -+ + #define ESPFIX_PGD_ENTRY _AC(-2, UL) + #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) + +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) - ++ #define EARLY_DYNAMIC_PAGE_TABLES 64 + #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 94e40f1..ebd03e4 100644 --- a/arch/x86/include/asm/pgtable_types.h @@ -19772,7 +19769,7 @@ index 04905bf..49203ca 100644 } diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 0d592e0..7437fcc 100644 +index 0d592e0..526f797 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -20189,7 +20186,7 @@ index 0d592e0..7437fcc 100644 + copy_from_user_overflow(); + else + __copy_from_user_overflow(sz, n); -+ } if (access_ok(VERIFY_READ, from, n)) ++ } else if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); + else if ((long)n > 0) + memset(to, 0, n); @@ -20777,7 +20774,7 @@ index 7b0a55a..ad115bf 100644 /* top of stack page */ diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index cb648c8..91cb07e 100644 +index 56bac86..9d8df82 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -24,7 +24,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -22498,7 +22495,7 @@ index 01d1c18..8073693 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 6491353..a918952 100644 +index c5a9cb9..228d280 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -22841,7 +22838,7 @@ index 6491353..a918952 100644 # system call tracing in operation / emulation testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz syscall_trace_entry -@@ -525,6 +723,15 @@ syscall_exit: +@@ -526,6 +724,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -22857,7 +22854,7 @@ index 6491353..a918952 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -576,14 +783,34 @@ ldt_ss: +@@ -580,14 +787,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -22895,7 +22892,7 @@ index 6491353..a918952 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -612,20 +839,18 @@ work_resched: +@@ -617,20 +844,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -22918,7 +22915,7 @@ index 6491353..a918952 100644 #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -646,7 +871,7 @@ work_notifysig_v86: +@@ -651,7 +876,7 @@ work_notifysig_v86: movl %eax, %esp jmp 1b #endif @@ -22927,7 +22924,7 @@ index 6491353..a918952 100644 # perform syscall exit tracing ALIGN -@@ -654,11 +879,14 @@ syscall_trace_entry: +@@ -659,11 +884,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -22943,7 +22940,7 @@ index 6491353..a918952 100644 # perform syscall exit tracing ALIGN -@@ -671,26 +899,30 @@ syscall_exit_work: +@@ -676,26 +904,30 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -22965,22 +22962,22 @@ index 6491353..a918952 100644 +ENDPROC(syscall_fault) syscall_badsys: - movl $-ENOSYS,PT_EAX(%esp) - jmp syscall_exit + movl $-ENOSYS,%eax + jmp syscall_after_call -END(syscall_badsys) +ENDPROC(syscall_badsys) sysenter_badsys: - movl $-ENOSYS,PT_EAX(%esp) + movl $-ENOSYS,%eax jmp sysenter_after_call -END(syscall_badsys) +ENDPROC(sysenter_badsys) CFI_ENDPROC /* * End of kprobes section -@@ -706,8 +938,15 @@ END(syscall_badsys) - * normal stack and adjusts ESP with the matching offset. +@@ -712,8 +944,15 @@ END(syscall_badsys) */ + #ifdef CONFIG_X86_ESPFIX32 /* fixup the stack */ - mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ - mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ @@ -22996,7 +22993,7 @@ index 6491353..a918952 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -760,7 +999,7 @@ vector=vector+1 +@@ -769,7 +1008,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -23005,7 +23002,7 @@ index 6491353..a918952 100644 .previous END(interrupt) -@@ -821,7 +1060,7 @@ ENTRY(coprocessor_error) +@@ -830,7 +1069,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -23014,7 +23011,7 @@ index 6491353..a918952 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -834,7 +1073,7 @@ ENTRY(simd_coprocessor_error) +@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) .section .altinstructions,"a" altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f .previous @@ -23023,7 +23020,7 @@ index 6491353..a918952 100644 663: pushl $do_simd_coprocessor_error 664: .previous -@@ -843,7 +1082,7 @@ ENTRY(simd_coprocessor_error) +@@ -852,7 +1091,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -23032,7 +23029,7 @@ index 6491353..a918952 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -852,18 +1091,18 @@ ENTRY(device_not_available) +@@ -861,18 +1100,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -23054,7 +23051,7 @@ index 6491353..a918952 100644 #endif ENTRY(overflow) -@@ -873,7 +1112,7 @@ ENTRY(overflow) +@@ -882,7 +1121,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -23063,7 +23060,7 @@ index 6491353..a918952 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -882,7 +1121,7 @@ ENTRY(bounds) +@@ -891,7 +1130,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -23072,7 +23069,7 @@ index 6491353..a918952 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -891,7 +1130,7 @@ ENTRY(invalid_op) +@@ -900,7 +1139,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -23081,7 +23078,7 @@ index 6491353..a918952 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -900,7 +1139,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -909,7 +1148,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -23090,7 +23087,7 @@ index 6491353..a918952 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -908,7 +1147,7 @@ ENTRY(invalid_TSS) +@@ -917,7 +1156,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -23099,7 +23096,7 @@ index 6491353..a918952 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -916,7 +1155,7 @@ ENTRY(segment_not_present) +@@ -925,7 +1164,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -23108,7 +23105,7 @@ index 6491353..a918952 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -924,7 +1163,7 @@ ENTRY(stack_segment) +@@ -933,7 +1172,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -23117,7 +23114,7 @@ index 6491353..a918952 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -932,7 +1171,7 @@ ENTRY(alignment_check) +@@ -941,7 +1180,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -23126,7 +23123,7 @@ index 6491353..a918952 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -941,7 +1180,7 @@ ENTRY(divide_error) +@@ -950,7 +1189,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -23135,7 +23132,7 @@ index 6491353..a918952 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -951,7 +1190,7 @@ ENTRY(machine_check) +@@ -960,7 +1199,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -23144,7 +23141,7 @@ index 6491353..a918952 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -961,7 +1200,7 @@ ENTRY(spurious_interrupt_bug) +@@ -970,7 +1209,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -23153,7 +23150,7 @@ index 6491353..a918952 100644 /* * End of kprobes section */ -@@ -1071,7 +1310,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, +@@ -1080,7 +1319,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -23162,7 +23159,7 @@ index 6491353..a918952 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1104,7 +1343,7 @@ ftrace_graph_call: +@@ -1113,7 +1352,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -23171,7 +23168,7 @@ index 6491353..a918952 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1208,7 +1447,7 @@ trace: +@@ -1217,7 +1456,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -23180,7 +23177,7 @@ index 6491353..a918952 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1226,7 +1465,7 @@ ENTRY(ftrace_graph_caller) +@@ -1235,7 +1474,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -23189,7 +23186,7 @@ index 6491353..a918952 100644 .globl return_to_handler return_to_handler: -@@ -1292,15 +1531,18 @@ error_code: +@@ -1301,15 +1540,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -23210,7 +23207,7 @@ index 6491353..a918952 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1343,7 +1585,7 @@ debug_stack_correct: +@@ -1352,7 +1594,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -23219,7 +23216,7 @@ index 6491353..a918952 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1381,6 +1623,9 @@ nmi_stack_correct: +@@ -1392,6 +1634,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -23229,7 +23226,7 @@ index 6491353..a918952 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1417,12 +1662,15 @@ nmi_espfix_stack: +@@ -1429,13 +1674,16 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -23240,13 +23237,14 @@ index 6491353..a918952 100644 lss 12+4(%esp), %esp # back to espfix stack CFI_ADJUST_CFA_OFFSET -24 jmp irq_return + #endif CFI_ENDPROC -END(nmi) +ENDPROC(nmi) ENTRY(int3) RING0_INT_FRAME -@@ -1435,14 +1683,14 @@ ENTRY(int3) +@@ -1448,14 +1696,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -23263,7 +23261,7 @@ index 6491353..a918952 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1451,7 +1699,7 @@ ENTRY(async_page_fault) +@@ -1464,7 +1712,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -23273,19 +23271,19 @@ index 6491353..a918952 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1e96c36..3ff710a 100644 +index 03cd2a8..05a9aed 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -59,6 +59,8 @@ - #include <asm/context_tracking.h> +@@ -60,6 +60,8 @@ #include <asm/smap.h> + #include <asm/pgtable_types.h> #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -80,8 +82,9 @@ +@@ -81,8 +83,9 @@ #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(function_hook) @@ -23296,7 +23294,7 @@ index 1e96c36..3ff710a 100644 /* skip is set if stack has been adjusted */ .macro ftrace_caller_setup skip=0 -@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call) +@@ -123,8 +126,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -23307,7 +23305,7 @@ index 1e96c36..3ff710a 100644 ENTRY(ftrace_regs_caller) /* Save the current flags before compare (in SS location)*/ -@@ -191,7 +195,7 @@ ftrace_restore_flags: +@@ -192,7 +196,7 @@ ftrace_restore_flags: popfq jmp ftrace_stub @@ -23316,7 +23314,7 @@ index 1e96c36..3ff710a 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -212,6 +216,7 @@ ENTRY(function_hook) +@@ -213,6 +217,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -23324,7 +23322,7 @@ index 1e96c36..3ff710a 100644 retq trace: -@@ -225,12 +230,13 @@ trace: +@@ -226,12 +231,13 @@ trace: #endif subq $MCOUNT_INSN_SIZE, %rdi @@ -23339,7 +23337,7 @@ index 1e96c36..3ff710a 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller) +@@ -253,8 +259,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -23350,7 +23348,7 @@ index 1e96c36..3ff710a 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -269,7 +276,9 @@ GLOBAL(return_to_handler) +@@ -270,7 +277,9 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -23360,7 +23358,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) +@@ -285,6 +294,430 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -23791,7 +23789,7 @@ index 1e96c36..3ff710a 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64) +@@ -321,7 +754,7 @@ ENDPROC(native_usergs_sysret64) .endm .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET @@ -23800,7 +23798,7 @@ index 1e96c36..3ff710a 100644 jnc 1f TRACE_IRQS_ON_DEBUG 1: -@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64) +@@ -359,27 +792,6 @@ ENDPROC(native_usergs_sysret64) movq \tmp,R11+\offset(%rsp) .endm @@ -23828,7 +23826,7 @@ index 1e96c36..3ff710a 100644 /* * initial frame state for interrupts (and exceptions without error code) */ -@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64) +@@ -446,25 +858,26 @@ ENDPROC(native_usergs_sysret64) /* save partial stack frame */ .macro SAVE_ARGS_IRQ cld @@ -23868,7 +23866,7 @@ index 1e96c36..3ff710a 100644 je 1f SWAPGS /* -@@ -483,6 +896,18 @@ ENDPROC(native_usergs_sysret64) +@@ -484,6 +897,18 @@ ENDPROC(native_usergs_sysret64) 0x06 /* DW_OP_deref */, \ 0x08 /* DW_OP_const1u */, SS+8-RBP, \ 0x22 /* DW_OP_plus */ @@ -23887,7 +23885,7 @@ index 1e96c36..3ff710a 100644 /* We entered an interrupt context - irqs are off: */ TRACE_IRQS_OFF .endm -@@ -514,9 +939,52 @@ ENTRY(save_paranoid) +@@ -515,9 +940,52 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -23942,7 +23940,7 @@ index 1e96c36..3ff710a 100644 .popsection /* -@@ -538,7 +1006,7 @@ ENTRY(ret_from_fork) +@@ -539,7 +1007,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -23951,7 +23949,7 @@ index 1e96c36..3ff710a 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -548,15 +1016,13 @@ ENTRY(ret_from_fork) +@@ -549,15 +1017,13 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath 1: @@ -23968,7 +23966,7 @@ index 1e96c36..3ff710a 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -593,7 +1059,7 @@ END(ret_from_fork) +@@ -594,7 +1060,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -23977,7 +23975,7 @@ index 1e96c36..3ff710a 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -606,16 +1072,23 @@ GLOBAL(system_call_after_swapgs) +@@ -607,16 +1073,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -24003,7 +24001,7 @@ index 1e96c36..3ff710a 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -639,10 +1112,13 @@ sysret_check: +@@ -640,10 +1113,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -24018,7 +24016,7 @@ index 1e96c36..3ff710a 100644 /* * sysretq will re-enable interrupts: */ -@@ -701,6 +1177,9 @@ auditsys: +@@ -702,6 +1178,9 @@ auditsys: movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -24028,7 +24026,7 @@ index 1e96c36..3ff710a 100644 LOAD_ARGS 0 /* reload call-clobbered registers */ jmp system_call_fastpath -@@ -722,7 +1201,7 @@ sysret_audit: +@@ -723,7 +1202,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -24037,7 +24035,7 @@ index 1e96c36..3ff710a 100644 jz auditsys #endif SAVE_REST -@@ -730,12 +1209,15 @@ tracesys: +@@ -731,12 +1210,15 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -24054,7 +24052,7 @@ index 1e96c36..3ff710a 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -765,7 +1247,9 @@ GLOBAL(int_with_check) +@@ -766,7 +1248,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -24065,7 +24063,7 @@ index 1e96c36..3ff710a 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -811,7 +1295,7 @@ int_restore_rest: +@@ -812,7 +1296,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -24074,7 +24072,7 @@ index 1e96c36..3ff710a 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -824,9 +1308,10 @@ ENTRY(stub_\func) +@@ -825,9 +1309,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -24087,7 +24085,7 @@ index 1e96c36..3ff710a 100644 .endm .macro FIXED_FRAME label,func -@@ -836,9 +1321,10 @@ ENTRY(\label) +@@ -837,9 +1322,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -24099,7 +24097,7 @@ index 1e96c36..3ff710a 100644 .endm FORK_LIKE clone -@@ -846,19 +1332,6 @@ END(\label) +@@ -847,19 +1333,6 @@ END(\label) FORK_LIKE vfork FIXED_FRAME stub_iopl, sys_iopl @@ -24119,7 +24117,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_execve) CFI_STARTPROC addq $8, %rsp -@@ -870,7 +1343,7 @@ ENTRY(stub_execve) +@@ -871,7 +1344,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24128,7 +24126,7 @@ index 1e96c36..3ff710a 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -887,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) +@@ -888,7 +1361,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24137,7 +24135,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -901,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -902,7 +1375,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24146,7 +24144,7 @@ index 1e96c36..3ff710a 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -915,7 +1388,7 @@ ENTRY(stub_x32_execve) +@@ -916,7 +1389,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -24155,7 +24153,7 @@ index 1e96c36..3ff710a 100644 #endif -@@ -952,7 +1425,7 @@ vector=vector+1 +@@ -953,7 +1426,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -24164,7 +24162,7 @@ index 1e96c36..3ff710a 100644 .previous END(interrupt) -@@ -969,8 +1442,8 @@ END(interrupt) +@@ -970,8 +1443,8 @@ END(interrupt) /* 0(%rsp): ~(interrupt number) */ .macro interrupt func /* reserve pt_regs for scratch regs and rbp */ @@ -24175,7 +24173,7 @@ index 1e96c36..3ff710a 100644 SAVE_ARGS_IRQ call \func .endm -@@ -997,14 +1470,14 @@ ret_from_intr: +@@ -998,14 +1471,14 @@ ret_from_intr: /* Restore saved previous stack */ popq %rsi @@ -24194,7 +24192,7 @@ index 1e96c36..3ff710a 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1026,12 +1499,16 @@ retint_swapgs: /* return to user-space */ +@@ -1027,12 +1500,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -24211,16 +24209,32 @@ index 1e96c36..3ff710a 100644 /* * The iretq could re-enable interrupts: */ -@@ -1112,7 +1589,7 @@ ENTRY(retint_kernel) +@@ -1145,7 +1622,7 @@ ENTRY(retint_kernel) + jmp exit_intr #endif - CFI_ENDPROC -END(common_interrupt) +ENDPROC(common_interrupt) - /* - * End of kprobes section - */ -@@ -1130,7 +1607,7 @@ ENTRY(\sym) + + /* + * If IRET takes a fault on the espfix stack, then we +@@ -1167,13 +1644,13 @@ __do_double_fault: + cmpq $native_irq_return_iret,%rax + jne do_double_fault /* This shouldn't happen... */ + movq PER_CPU_VAR(kernel_stack),%rax +- subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ ++ subq $(6*8),%rax /* Reset to original stack */ + movq %rax,RSP(%rdi) + movq $0,(%rax) /* Missing (lost) #GP error code */ + movq $general_protection,RIP(%rdi) + retq + CFI_ENDPROC +-END(__do_double_fault) ++ENDPROC(__do_double_fault) + #else + # define __do_double_fault do_double_fault + #endif +@@ -1195,7 +1672,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -24229,7 +24243,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1218,7 +1695,7 @@ ENTRY(\sym) +@@ -1283,7 +1760,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24238,7 +24252,7 @@ index 1e96c36..3ff710a 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1236,10 +1713,10 @@ ENTRY(\sym) +@@ -1301,10 +1778,10 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24251,7 +24265,7 @@ index 1e96c36..3ff710a 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1252,12 +1729,18 @@ ENTRY(\sym) +@@ -1317,12 +1794,18 @@ ENTRY(\sym) TRACE_IRQS_OFF_DEBUG movq %rsp,%rdi /* pt_regs pointer */ xorl %esi,%esi /* no error code */ @@ -24271,7 +24285,7 @@ index 1e96c36..3ff710a 100644 .endm .macro errorentry sym do_sym -@@ -1275,7 +1758,7 @@ ENTRY(\sym) +@@ -1340,7 +1823,7 @@ ENTRY(\sym) call \do_sym jmp error_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24280,7 +24294,7 @@ index 1e96c36..3ff710a 100644 .endm #ifdef CONFIG_TRACING -@@ -1306,7 +1789,7 @@ ENTRY(\sym) +@@ -1371,7 +1854,7 @@ ENTRY(\sym) call \do_sym jmp paranoid_exit /* %ebx: no swapgs flag */ CFI_ENDPROC @@ -24289,7 +24303,7 @@ index 1e96c36..3ff710a 100644 .endm zeroentry divide_error do_divide_error -@@ -1336,9 +1819,10 @@ gs_change: +@@ -1401,9 +1884,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -24301,7 +24315,7 @@ index 1e96c36..3ff710a 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1366,9 +1850,10 @@ ENTRY(do_softirq_own_stack) +@@ -1431,9 +1915,10 @@ ENTRY(do_softirq_own_stack) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -24313,7 +24327,7 @@ index 1e96c36..3ff710a 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1406,7 +1891,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1471,7 +1956,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -24322,7 +24336,7 @@ index 1e96c36..3ff710a 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1465,7 +1950,7 @@ ENTRY(xen_failsafe_callback) +@@ -1530,7 +2015,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -24331,7 +24345,7 @@ index 1e96c36..3ff710a 100644 apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1517,18 +2002,33 @@ ENTRY(paranoid_exit) +@@ -1582,18 +2067,33 @@ ENTRY(paranoid_exit) DEFAULT_FRAME DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF_DEBUG @@ -24367,7 +24381,7 @@ index 1e96c36..3ff710a 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1557,7 +2057,7 @@ paranoid_schedule: +@@ -1622,7 +2122,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -24376,7 +24390,7 @@ index 1e96c36..3ff710a 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1584,12 +2084,23 @@ ENTRY(error_entry) +@@ -1649,12 +2149,23 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -24401,7 +24415,7 @@ index 1e96c36..3ff710a 100644 ret /* -@@ -1616,7 +2127,7 @@ bstep_iret: +@@ -1681,7 +2192,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -24410,7 +24424,7 @@ index 1e96c36..3ff710a 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1627,7 +2138,7 @@ ENTRY(error_exit) +@@ -1692,7 +2203,7 @@ ENTRY(error_exit) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF GET_THREAD_INFO(%rcx) @@ -24419,7 +24433,7 @@ index 1e96c36..3ff710a 100644 jne retint_kernel LOCKDEP_SYS_EXIT_IRQ movl TI_flags(%rcx),%edx -@@ -1636,7 +2147,7 @@ ENTRY(error_exit) +@@ -1701,7 +2212,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -24428,7 +24442,7 @@ index 1e96c36..3ff710a 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1694,9 +2205,11 @@ ENTRY(nmi) +@@ -1759,9 +2270,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -24441,7 +24455,7 @@ index 1e96c36..3ff710a 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1730,8 +2243,7 @@ nested_nmi: +@@ -1795,8 +2308,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -24451,7 +24465,7 @@ index 1e96c36..3ff710a 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1749,6 +2261,7 @@ nested_nmi_out: +@@ -1814,6 +2326,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -24459,7 +24473,7 @@ index 1e96c36..3ff710a 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1845,13 +2358,13 @@ end_repeat_nmi: +@@ -1910,13 +2423,13 @@ end_repeat_nmi: subq $ORIG_RAX-R15, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 /* @@ -24475,7 +24489,7 @@ index 1e96c36..3ff710a 100644 DEFAULT_FRAME 0 /* -@@ -1861,9 +2374,9 @@ end_repeat_nmi: +@@ -1926,9 +2439,9 @@ end_repeat_nmi: * NMI itself takes a page fault, the page fault that was preempted * will read the information from the NMI page fault and not the * origin fault. Save it off and restore it if it changes. @@ -24487,7 +24501,7 @@ index 1e96c36..3ff710a 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi -@@ -1872,31 +2385,36 @@ end_repeat_nmi: +@@ -1937,31 +2450,36 @@ end_repeat_nmi: /* Did the NMI take a page fault? Restore cr2 if it did */ movq %cr2, %rcx @@ -24529,6 +24543,19 @@ index 1e96c36..3ff710a 100644 /* * End of kprobes section +diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c +index 94d857f..bf1f0bf 100644 +--- a/arch/x86/kernel/espfix_64.c ++++ b/arch/x86/kernel/espfix_64.c +@@ -197,7 +197,7 @@ void init_espfix_ap(void) + set_pte(&pte_p[n*PTE_STRIDE], pte); + + /* Job is done for this CPU and any CPU which shares this page */ +- ACCESS_ONCE(espfix_pages[page]) = stack_page; ++ ACCESS_ONCE_RW(espfix_pages[page]) = stack_page; + + unlock_done: + mutex_unlock(&espfix_init_mutex); diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 1ffc32d..e52c745 100644 --- a/arch/x86/kernel/ftrace.c @@ -24632,7 +24659,7 @@ index 85126cc..1bbce17 100644 init_level4_pgt[511] = early_level4_pgt[511]; diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index f36bd42..56ee1534 100644 +index f36bd42..0ab4474 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -25044,7 +25071,7 @@ index f36bd42..56ee1534 100644 + .quad 0x00009b000000ffff /* 0xc0 APM CS 16 code (16 bit) */ + .quad 0x004093000000ffff /* 0xc8 APM DS data */ + -+ .quad 0x00c0930000000000 /* 0xd0 - ESPFIX SS */ ++ .quad 0x00c093000000ffff /* 0xd0 - ESPFIX SS */ + .quad 0x0040930000000000 /* 0xd8 - PERCPU */ + .quad 0x0040910000000017 /* 0xe0 - STACK_CANARY */ + .quad 0x0000000000000000 /* 0xe8 - PCIBIOS_CS */ @@ -26011,10 +26038,10 @@ index c2bedae..25e7ab60 100644 .name = "data", .mode = S_IRUGO, diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index dcbbaa1..81ae763 100644 +index c37886d..d851d32 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c -@@ -68,13 +68,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) +@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) if (reload) { #ifdef CONFIG_SMP preempt_disable(); @@ -26030,7 +26057,7 @@ index dcbbaa1..81ae763 100644 #endif } if (oldsize) { -@@ -96,7 +96,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) +@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t *new, mm_context_t *old) return err; for (i = 0; i < old->size; i++) @@ -26039,7 +26066,7 @@ index dcbbaa1..81ae763 100644 return 0; } -@@ -117,6 +117,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) +@@ -115,6 +115,24 @@ int init_new_context(struct task_struct *tsk, struct mm_struct *mm) retval = copy_ldt(&mm->context, &old_mm->context); mutex_unlock(&old_mm->context.lock); } @@ -26064,7 +26091,7 @@ index dcbbaa1..81ae763 100644 return retval; } -@@ -231,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -26075,9 +26102,9 @@ index dcbbaa1..81ae763 100644 + } +#endif + - /* - * On x86-64 we do not support 16-bit segments due to - * IRET leaking the high bits of the kernel stack address. + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { + error = -EINVAL; + goto out_unlock; diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c index 1667b1d..16492c5 100644 --- a/arch/x86/kernel/machine_kexec_32.c @@ -27377,7 +27404,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 9e5de68..16c53cb 100644 +index 9e5de68..147c254 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -190,7 +190,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -27394,7 +27421,7 @@ index 9e5de68..16c53cb 100644 if (current->mm->context.vdso) - restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); -+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); ++ restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn); else - restorer = &frame->retcode; + restorer = (void __user *)&frame->retcode; @@ -27416,9 +27443,9 @@ index 9e5de68..16c53cb 100644 /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); + if (current->mm->context.vdso) -+ restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); ++ restorer = (void __force_user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); + else -+ restorer = (void __user *)&frame->retcode; ++ restorer = (void __user *)&frame->retcode; if (ksig->ka.sa.sa_flags & SA_RESTORER) restorer = ksig->ka.sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); @@ -27468,7 +27495,7 @@ index 7c3a5a6..f0a8961 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index a32da80..041a4ff 100644 +index 395be6d..11665af 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -229,14 +229,17 @@ static void notrace start_secondary(void *unused) @@ -27493,7 +27520,7 @@ index a32da80..041a4ff 100644 /* * Check TSC synchronization with the BP: */ -@@ -749,8 +752,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -756,8 +759,9 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) alternatives_enable_smp(); idle->thread.sp = (unsigned long) (((struct pt_regs *) @@ -27504,7 +27531,7 @@ index a32da80..041a4ff 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -758,11 +762,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -765,11 +769,13 @@ static int do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -27521,7 +27548,7 @@ index a32da80..041a4ff 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -911,6 +917,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -918,6 +924,15 @@ int native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -35822,7 +35849,7 @@ index fd14be1..e3c79c0 100644 # diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c -index f1d633a..a75c5f7 100644 +index d6bfb87..876ee18 100644 --- a/arch/x86/vdso/vdso32-setup.c +++ b/arch/x86/vdso/vdso32-setup.c @@ -25,6 +25,7 @@ @@ -35833,7 +35860,7 @@ index f1d633a..a75c5f7 100644 enum { VDSO_DISABLED = 0, -@@ -227,7 +228,7 @@ static inline void map_compat_vdso(int map) +@@ -226,7 +227,7 @@ static inline void map_compat_vdso(int map) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -35842,7 +35869,7 @@ index f1d633a..a75c5f7 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -250,7 +251,7 @@ static int __init gate_vma_init(void) +@@ -249,7 +250,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -35851,7 +35878,7 @@ index f1d633a..a75c5f7 100644 return 0; } -@@ -331,14 +332,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -330,14 +331,14 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) if (compat) addr = VDSO_HIGH_BASE; else { @@ -35868,7 +35895,7 @@ index f1d633a..a75c5f7 100644 if (compat_uses_vma || !compat) { /* -@@ -354,11 +355,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) +@@ -353,11 +354,11 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) } current_thread_info()->sysenter_return = @@ -35882,7 +35909,7 @@ index f1d633a..a75c5f7 100644 up_write(&mm->mmap_sem); -@@ -412,8 +413,14 @@ __initcall(ia32_binfmt_init); +@@ -404,8 +405,14 @@ __initcall(ia32_binfmt_init); const char *arch_vma_name(struct vm_area_struct *vma) { @@ -35898,7 +35925,7 @@ index f1d633a..a75c5f7 100644 return NULL; } -@@ -423,7 +430,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) +@@ -415,7 +422,7 @@ struct vm_area_struct *get_gate_vma(struct mm_struct *mm) * Check to see if the corresponding task was created in compat vdso * mode. */ @@ -36357,7 +36384,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c -index dd0dd2d..e59db49 100644 +index d8f80e7..5f41702 100644 --- a/block/blk-cgroup.c +++ b/block/blk-cgroup.c @@ -809,7 +809,7 @@ static void blkcg_css_free(struct cgroup_subsys_state *css) @@ -36449,7 +36476,7 @@ index 420a5a9..23834aa 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c -index fbd5a67..f24fd95 100644 +index a0926a6..b2b14b2 100644 --- a/block/compat_ioctl.c +++ b/block/compat_ioctl.c @@ -156,7 +156,7 @@ static int compat_cdrom_generic_command(struct block_device *bdev, fmode_t mode, @@ -36782,7 +36809,7 @@ index 36605ab..6ef6d4b 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 62fda16..8063873 100644 +index f761603..3042d5c 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); @@ -36794,7 +36821,7 @@ index 62fda16..8063873 100644 struct ata_force_param { const char *name; -@@ -4858,7 +4858,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4863,7 +4863,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -36803,7 +36830,7 @@ index 62fda16..8063873 100644 ap = qc->ap; qc->flags = 0; -@@ -4874,7 +4874,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4879,7 +4879,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -36812,7 +36839,7 @@ index 62fda16..8063873 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5993,6 +5993,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5998,6 +5998,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -36820,7 +36847,7 @@ index 62fda16..8063873 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -6006,8 +6007,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -6011,8 +6012,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -36831,7 +36858,7 @@ index 62fda16..8063873 100644 spin_unlock(&lock); } -@@ -6200,7 +6202,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) +@@ -6208,7 +6210,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) /* give ports names and add SCSI hosts */ for (i = 0; i < host->n_ports; i++) { @@ -37499,7 +37526,7 @@ index 4217f29..88f547a 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index fa7d701..1e404c7 100644 +index fa7d7019..1e404c7 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -39518,10 +39545,10 @@ index 18448a7..d5fad43 100644 /* Force all MSRs to the same value */ diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 199b52b..e3503bb 100644 +index 153f4b9..d47054a 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1970,7 +1970,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) +@@ -1972,7 +1972,7 @@ void cpufreq_unregister_governor(struct cpufreq_governor *governor) #endif mutex_lock(&cpufreq_governor_mutex); @@ -39530,7 +39557,7 @@ index 199b52b..e3503bb 100644 mutex_unlock(&cpufreq_governor_mutex); return; } -@@ -2200,7 +2200,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -2202,7 +2202,7 @@ static int cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -39539,7 +39566,7 @@ index 199b52b..e3503bb 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -2240,13 +2240,17 @@ int cpufreq_boost_trigger_state(int state) +@@ -2242,13 +2242,17 @@ int cpufreq_boost_trigger_state(int state) return 0; write_lock_irqsave(&cpufreq_driver_lock, flags); @@ -39559,7 +39586,7 @@ index 199b52b..e3503bb 100644 write_unlock_irqrestore(&cpufreq_driver_lock, flags); pr_err("%s: Cannot %s BOOST\n", __func__, -@@ -2300,8 +2304,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2302,8 +2306,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -39573,7 +39600,7 @@ index 199b52b..e3503bb 100644 write_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { -@@ -2316,8 +2323,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -2318,8 +2325,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) * Check if driver provides function to enable boost - * if not, use cpufreq_boost_set_sw as default */ @@ -43517,10 +43544,10 @@ index 24c41ba..102d71f 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index 1c4c0db..6f7abe3 100644 +index 29ca0bb..f4bc2e3 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c -@@ -1772,7 +1772,7 @@ EXPORT_SYMBOL_GPL(input_class); +@@ -1774,7 +1774,7 @@ EXPORT_SYMBOL_GPL(input_class); */ struct input_dev *input_allocate_device(void) { @@ -43529,7 +43556,7 @@ index 1c4c0db..6f7abe3 100644 struct input_dev *dev; dev = kzalloc(sizeof(struct input_dev), GFP_KERNEL); -@@ -1787,7 +1787,7 @@ struct input_dev *input_allocate_device(void) +@@ -1789,7 +1789,7 @@ struct input_dev *input_allocate_device(void) INIT_LIST_HEAD(&dev->node); dev_set_name(&dev->dev, "input%ld", @@ -47174,6 +47201,19 @@ index 72ff14b..11d442d 100644 break; err = 0; break; +diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c +index 0180531..1aff970 100644 +--- a/drivers/net/ppp/pptp.c ++++ b/drivers/net/ppp/pptp.c +@@ -281,7 +281,7 @@ static int pptp_xmit(struct ppp_channel *chan, struct sk_buff *skb) + nf_reset(skb); + + skb->ip_summed = CHECKSUM_NONE; +- ip_select_ident(skb, &rt->dst, NULL); ++ ip_select_ident(skb, NULL); + ip_send_check(iph); + + ip_local_out(skb); diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c index 1252d9c..80e660b 100644 --- a/drivers/net/slip/slhc.c @@ -50446,10 +50486,10 @@ index d8afec8..3ec7152 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index 62ec84b..93159d8 100644 +index 64e487a..384f684 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1474,7 +1474,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1482,7 +1482,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -50458,7 +50498,7 @@ index 62ec84b..93159d8 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1500,9 +1500,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1508,9 +1508,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -59099,7 +59139,7 @@ index e081acb..911df21 100644 /* * We'll have a dentry and an inode for diff --git a/fs/coredump.c b/fs/coredump.c -index 0b2528f..836c55f 100644 +index a93f7e6..d58bcbe 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -442,8 +442,8 @@ static void wait_for_dump_helpers(struct file *file) @@ -62372,7 +62412,7 @@ index b29e42f..5ea7fdf 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index 8274c8d..e242796 100644 +index bdea109..e242796 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -330,17 +330,34 @@ int generic_permission(struct inode *inode, int mask) @@ -62508,19 +62548,7 @@ index 8274c8d..e242796 100644 return retval; } -@@ -2247,9 +2280,10 @@ done: - goto out; - } - path->dentry = dentry; -- path->mnt = mntget(nd->path.mnt); -+ path->mnt = nd->path.mnt; - if (should_follow_link(dentry, nd->flags & LOOKUP_FOLLOW)) - return 1; -+ mntget(path->mnt); - follow_mount(path); - error = 0; - out: -@@ -2557,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2558,6 +2591,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -62534,7 +62562,7 @@ index 8274c8d..e242796 100644 return 0; } -@@ -2788,7 +2829,7 @@ looked_up: +@@ -2789,7 +2829,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -62543,7 +62571,7 @@ index 8274c8d..e242796 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2823,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2824,6 +2864,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -62561,7 +62589,7 @@ index 8274c8d..e242796 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2844,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2845,6 +2896,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -62570,7 +62598,7 @@ index 8274c8d..e242796 100644 } out_no_open: path->dentry = dentry; -@@ -2858,7 +2912,7 @@ out_dput: +@@ -2859,7 +2912,7 @@ out_dput: /* * Handle the last step of open() */ @@ -62579,7 +62607,7 @@ index 8274c8d..e242796 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2908,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2909,6 +2962,15 @@ static int do_last(struct nameidata *nd, struct path *path, if (error) return error; @@ -62595,7 +62623,7 @@ index 8274c8d..e242796 100644 audit_inode(name, dir, LOOKUP_PARENT); error = -EISDIR; /* trailing slashes? */ -@@ -2927,7 +2990,7 @@ retry_lookup: +@@ -2928,7 +2990,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -62604,7 +62632,7 @@ index 8274c8d..e242796 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2951,11 +3014,28 @@ retry_lookup: +@@ -2952,11 +3014,28 @@ retry_lookup: goto finish_open_created; } @@ -62634,7 +62662,7 @@ index 8274c8d..e242796 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2996,6 +3076,11 @@ finish_lookup: +@@ -2997,6 +3076,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -62646,7 +62674,7 @@ index 8274c8d..e242796 100644 return 1; } -@@ -3005,7 +3090,6 @@ finish_lookup: +@@ -3006,7 +3090,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -62654,7 +62682,7 @@ index 8274c8d..e242796 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -3015,7 +3099,18 @@ finish_open: +@@ -3016,7 +3099,18 @@ finish_open: path_put(&save_parent); return error; } @@ -62673,7 +62701,7 @@ index 8274c8d..e242796 100644 error = -EISDIR; if ((open_flag & O_CREAT) && (d_is_directory(nd->path.dentry) || d_is_autodir(nd->path.dentry))) -@@ -3179,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3180,7 +3274,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -62682,7 +62710,7 @@ index 8274c8d..e242796 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -3197,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -3198,7 +3292,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -62691,7 +62719,7 @@ index 8274c8d..e242796 100644 put_link(nd, &link, cookie); } out: -@@ -3297,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3298,9 +3392,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -62705,7 +62733,7 @@ index 8274c8d..e242796 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3351,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3352,6 +3448,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -62726,7 +62754,7 @@ index 8274c8d..e242796 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3413,6 +3524,17 @@ retry: +@@ -3414,6 +3524,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62744,7 +62772,7 @@ index 8274c8d..e242796 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3429,6 +3551,8 @@ retry: +@@ -3430,6 +3551,8 @@ retry: break; } out: @@ -62753,7 +62781,7 @@ index 8274c8d..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3481,9 +3605,16 @@ retry: +@@ -3482,9 +3605,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -62770,7 +62798,7 @@ index 8274c8d..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3564,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3565,6 +3695,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -62779,7 +62807,7 @@ index 8274c8d..e242796 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3596,10 +3729,21 @@ retry: +@@ -3597,10 +3729,21 @@ retry: error = -ENOENT; goto exit3; } @@ -62801,7 +62829,7 @@ index 8274c8d..e242796 100644 exit3: dput(dentry); exit2: -@@ -3689,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3690,6 +3833,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; @@ -62810,7 +62838,7 @@ index 8274c8d..e242796 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3715,10 +3861,22 @@ retry_deleg: +@@ -3716,10 +3861,22 @@ retry_deleg: if (d_is_negative(dentry)) goto slashes; ihold(inode); @@ -62833,7 +62861,7 @@ index 8274c8d..e242796 100644 exit2: dput(dentry); } -@@ -3806,9 +3964,17 @@ retry: +@@ -3807,9 +3964,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -62851,7 +62879,7 @@ index 8274c8d..e242796 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3911,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3912,6 +4077,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, struct dentry *new_dentry; struct path old_path, new_path; struct inode *delegated_inode = NULL; @@ -62859,7 +62887,7 @@ index 8274c8d..e242796 100644 int how = 0; int error; -@@ -3934,7 +4101,7 @@ retry: +@@ -3935,7 +4101,7 @@ retry: if (error) return error; @@ -62868,7 +62896,7 @@ index 8274c8d..e242796 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3946,11 +4113,28 @@ retry: +@@ -3947,11 +4113,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -62897,7 +62925,7 @@ index 8274c8d..e242796 100644 done_path_create(&new_path, new_dentry); if (delegated_inode) { error = break_deleg_wait(&delegated_inode); -@@ -4237,6 +4421,12 @@ retry_deleg: +@@ -4238,6 +4421,12 @@ retry_deleg: if (new_dentry == trap) goto exit5; @@ -62910,7 +62938,7 @@ index 8274c8d..e242796 100644 error = security_path_rename(&oldnd.path, old_dentry, &newnd.path, new_dentry); if (error) -@@ -4244,6 +4434,9 @@ retry_deleg: +@@ -4245,6 +4434,9 @@ retry_deleg: error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry, &delegated_inode); @@ -62920,7 +62948,7 @@ index 8274c8d..e242796 100644 exit5: dput(new_dentry); exit4: -@@ -4280,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -4281,6 +4473,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -62929,7 +62957,7 @@ index 8274c8d..e242796 100644 int len; len = PTR_ERR(link); -@@ -4289,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -4290,7 +4484,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -63110,6 +63138,19 @@ index 15f9d98..082c625 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs3acl.c b/fs/nfs/nfs3acl.c +index 8f854dd..d0fec26 100644 +--- a/fs/nfs/nfs3acl.c ++++ b/fs/nfs/nfs3acl.c +@@ -256,7 +256,7 @@ nfs3_list_one_acl(struct inode *inode, int type, const char *name, void *data, + char *p = data + *result; + + acl = get_acl(inode, type); +- if (!acl) ++ if (IS_ERR_OR_NULL(acl)) + return 0; + + posix_acl_release(acl); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index f23a6ca..730ddcc 100644 --- a/fs/nfsd/nfs4proc.c @@ -71963,7 +72004,7 @@ index 0000000..25f54ef +}; diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c new file mode 100644 -index 0000000..361a099 +index 0000000..3f8ade0 --- /dev/null +++ b/grsecurity/gracl_policy.c @@ -0,0 +1,1782 @@ @@ -72022,9 +72063,9 @@ index 0000000..361a099 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum); +extern void gr_clear_learn_entries(void); + -+static struct gr_arg gr_usermode; -+static unsigned char gr_system_salt[GR_SALT_LEN]; -+static unsigned char gr_system_sum[GR_SHA_LEN]; ++struct gr_arg *gr_usermode __read_only; ++unsigned char *gr_system_salt __read_only; ++unsigned char *gr_system_sum __read_only; + +static unsigned int gr_auth_attempts = 0; +static unsigned long gr_auth_expires = 0UL; @@ -73266,8 +73307,8 @@ index 0000000..361a099 +{ + int error = 0; + -+ memcpy(&gr_system_salt, args->salt, sizeof(gr_system_salt)); -+ memcpy(&gr_system_sum, args->sum, sizeof(gr_system_sum)); ++ memcpy(gr_system_salt, args->salt, GR_SALT_LEN); ++ memcpy(gr_system_sum, args->sum, GR_SHA_LEN); + + if (init_variables(args, false)) { + gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION); @@ -73494,11 +73535,11 @@ index 0000000..361a099 + if (error) + goto out; + -+ error = copy_gr_arg(uwrap.arg, &gr_usermode); ++ error = copy_gr_arg(uwrap.arg, gr_usermode); + if (error) + goto out; + -+ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_SPROLEPAM && ++ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM && + gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES && + time_after(gr_auth_expires, get_seconds())) { + error = -EBUSY; @@ -73510,8 +73551,8 @@ index 0000000..361a099 + locking + */ + -+ if (gr_usermode.mode != GR_SPROLE && gr_usermode.mode != GR_STATUS && -+ gr_usermode.mode != GR_UNSPROLE && gr_usermode.mode != GR_SPROLEPAM && ++ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS && ++ gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM && + gr_is_global_nonroot(current_uid())) { + error = -EPERM; + goto out; @@ -73519,15 +73560,15 @@ index 0000000..361a099 + + /* ensure pw and special role name are null terminated */ + -+ gr_usermode.pw[GR_PW_LEN - 1] = '\0'; -+ gr_usermode.sp_role[GR_SPROLE_LEN - 1] = '\0'; ++ gr_usermode->pw[GR_PW_LEN - 1] = '\0'; ++ gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0'; + + /* Okay. + * We have our enough of the argument structure..(we have yet + * to copy_from_user the tables themselves) . Copy the tables + * only if we need them, i.e. for loading operations. */ + -+ switch (gr_usermode.mode) { ++ switch (gr_usermode->mode) { + case GR_STATUS: + if (gr_acl_is_enabled()) { + error = 1; @@ -73537,12 +73578,12 @@ index 0000000..361a099 + error = 2; + goto out; + case GR_SHUTDOWN: -+ if (gr_acl_is_enabled() && !(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) { ++ if (gr_acl_is_enabled() && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { + stop_machine(gr_rbac_disable, NULL, NULL); + free_variables(false); -+ memset(&gr_usermode, 0, sizeof(gr_usermode)); -+ memset(&gr_system_salt, 0, sizeof(gr_system_salt)); -+ memset(&gr_system_sum, 0, sizeof(gr_system_sum)); ++ memset(gr_usermode, 0, sizeof(struct gr_arg)); ++ memset(gr_system_salt, 0, GR_SALT_LEN); ++ memset(gr_system_sum, 0, GR_SHA_LEN); + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG); + } else if (gr_acl_is_enabled()) { + gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG); @@ -73553,7 +73594,7 @@ index 0000000..361a099 + } + break; + case GR_ENABLE: -+ if (!gr_acl_is_enabled() && !(error2 = gracl_init(&gr_usermode))) ++ if (!gr_acl_is_enabled() && !(error2 = gracl_init(gr_usermode))) + gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION); + else { + if (gr_acl_is_enabled()) @@ -73569,8 +73610,8 @@ index 0000000..361a099 + if (!gr_acl_is_enabled()) { + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION); + error = -EAGAIN; -+ } else if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) { -+ error2 = gracl_reload(&gr_usermode, oldmode); ++ } else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { ++ error2 = gracl_reload(gr_usermode, oldmode); + if (!error2) + gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION); + else { @@ -73589,20 +73630,20 @@ index 0000000..361a099 + break; + } + -+ if (!(chkpw(&gr_usermode, (unsigned char *)&gr_system_salt, (unsigned char *)&gr_system_sum))) { ++ if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) { + gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG); -+ if (gr_usermode.segv_device && gr_usermode.segv_inode) { ++ if (gr_usermode->segv_device && gr_usermode->segv_inode) { + struct acl_subject_label *segvacl; + segvacl = -+ lookup_acl_subj_label(gr_usermode.segv_inode, -+ gr_usermode.segv_device, ++ lookup_acl_subj_label(gr_usermode->segv_inode, ++ gr_usermode->segv_device, + current->role); + if (segvacl) { + segvacl->crashes = 0; + segvacl->expires = 0; + } -+ } else if (gr_find_uid(gr_usermode.segv_uid) >= 0) { -+ gr_remove_uid(gr_usermode.segv_uid); ++ } else if (gr_find_uid(gr_usermode->segv_uid) >= 0) { ++ gr_remove_uid(gr_usermode->segv_uid); + } + } else { + gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG); @@ -73629,11 +73670,11 @@ index 0000000..361a099 + } + + if (lookup_special_role_auth -+ (gr_usermode.mode, gr_usermode.sp_role, &sprole_salt, &sprole_sum) ++ (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum) + && ((!sprole_salt && !sprole_sum) -+ || !(chkpw(&gr_usermode, sprole_salt, sprole_sum)))) { ++ || !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) { + char *p = ""; -+ assign_special_role(gr_usermode.sp_role); ++ assign_special_role(gr_usermode->sp_role); + read_lock(&tasklist_lock); + if (current->real_parent) + p = current->real_parent->role->rolename; @@ -73641,7 +73682,7 @@ index 0000000..361a099 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG, + p, acl_sp_role_value); + } else { -+ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode.sp_role); ++ gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role); + error = -EPERM; + if(!(current->role->auth_attempts++)) + current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT; @@ -73675,7 +73716,7 @@ index 0000000..361a099 + } + break; + default: -+ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode.mode); ++ gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode); + error = -EINVAL; + break; + } @@ -75299,10 +75340,10 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..ae6c028 +index 0000000..b7cb191 --- /dev/null +++ b/grsecurity/grsec_init.c -@@ -0,0 +1,272 @@ +@@ -0,0 +1,286 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/mm.h> @@ -75382,6 +75423,10 @@ index 0000000..ae6c028 +char *gr_alert_log_buf; +char *gr_audit_log_buf; + ++extern struct gr_arg *gr_usermode; ++extern unsigned char *gr_system_salt; ++extern unsigned char *gr_system_sum; ++ +void __init +grsecurity_init(void) +{ @@ -75422,6 +75467,16 @@ index 0000000..ae6c028 + return; + } + ++ /* allocate memory for authentication structure */ ++ gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL); ++ gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL); ++ gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL); ++ ++ if (!gr_usermode || !gr_system_salt || !gr_system_sum) { ++ panic("Unable to allocate grsecurity authentication structure"); ++ return; ++ } ++ +#ifdef CONFIG_GRKERNSEC_IO +#if !defined(CONFIG_GRKERNSEC_SYSCTL_DISTRO) + grsec_disable_privio = 1; @@ -77379,10 +77434,10 @@ index 0000000..ae02d8e +EXPORT_SYMBOL_GPL(gr_handle_new_usb); diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c new file mode 100644 -index 0000000..9f7b1ac +index 0000000..158b330 --- /dev/null +++ b/grsecurity/grsum.c -@@ -0,0 +1,61 @@ +@@ -0,0 +1,64 @@ +#include <linux/err.h> +#include <linux/kernel.h> +#include <linux/sched.h> @@ -77399,47 +77454,50 @@ index 0000000..9f7b1ac +int +chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum) +{ -+ char *p; + struct crypto_hash *tfm; + struct hash_desc desc; -+ struct scatterlist sg; -+ unsigned char temp_sum[GR_SHA_LEN]; -+ volatile int retval = 0; ++ struct scatterlist sg[2]; ++ unsigned char temp_sum[GR_SHA_LEN] __attribute__((aligned(__alignof__(unsigned long)))); ++ unsigned long *tmpsumptr = (unsigned long *)temp_sum; ++ unsigned long *sumptr = (unsigned long *)sum; ++ int cryptres; ++ int retval = 1; ++ volatile int mismatched = 0; + volatile int dummy = 0; + unsigned int i; + -+ sg_init_table(&sg, 1); -+ + tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC); + if (IS_ERR(tfm)) { + /* should never happen, since sha256 should be built in */ ++ memset(entry->pw, 0, GR_PW_LEN); + return 1; + } + ++ sg_init_table(sg, 2); ++ sg_set_buf(&sg[0], salt, GR_SALT_LEN); ++ sg_set_buf(&sg[1], entry->pw, strlen(entry->pw)); ++ + desc.tfm = tfm; + desc.flags = 0; + -+ crypto_hash_init(&desc); -+ -+ p = salt; -+ sg_set_buf(&sg, p, GR_SALT_LEN); -+ crypto_hash_update(&desc, &sg, sg.length); -+ -+ p = entry->pw; -+ sg_set_buf(&sg, p, strlen(p)); -+ -+ crypto_hash_update(&desc, &sg, sg.length); -+ -+ crypto_hash_final(&desc, temp_sum); ++ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw), ++ temp_sum); + + memset(entry->pw, 0, GR_PW_LEN); + -+ for (i = 0; i < GR_SHA_LEN; i++) -+ if (sum[i] != temp_sum[i]) -+ retval = 1; ++ if (cryptres) ++ goto out; ++ ++ for (i = 0; i < GR_SHA_LEN/sizeof(tmpsumptr[0]); i++) ++ if (sumptr[i] != tmpsumptr[i]) ++ mismatched = 1; + else + dummy = 1; // waste a cycle + ++ if (!mismatched) ++ retval = dummy - 1; ++ ++out: + crypto_free_hash(tfm); + + return retval; @@ -80397,10 +80455,10 @@ index 0000000..b02ba9d +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..5c4bdee +index 0000000..b87dd26 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,249 @@ +@@ -0,0 +1,252 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -80412,6 +80470,9 @@ index 0000000..5c4bdee +#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP) +#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled." +#endif ++#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled" ++#endif +#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC) +#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled." +#endif @@ -81138,10 +81199,10 @@ index b8e9a43..632678d 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 3fee55e..42565b7 100644 +index e13b3ae..5f450e6 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -976,7 +976,7 @@ struct ata_port_operations { +@@ -977,7 +977,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -82327,7 +82388,7 @@ index 1841b58..fbeebf8 100644 #define preempt_set_need_resched() \ do { \ diff --git a/include/linux/printk.h b/include/linux/printk.h -index fa47e27..c08e034 100644 +index cbf094f..86007b7 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h @@ -114,6 +114,8 @@ static inline __printf(1, 2) __cold @@ -82419,7 +82480,7 @@ index cc7494a..1e27036 100644 extern bool qid_valid(struct kqid qid); diff --git a/include/linux/random.h b/include/linux/random.h -index 1cfce0e..b0b9235 100644 +index 1cfce0e..bf99e0b 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -9,9 +9,19 @@ @@ -82469,6 +82530,15 @@ index 1cfce0e..b0b9235 100644 /** * prandom_u32_max - returns a pseudo-random number in interval [0, ep_ro) * @ep_ro: right open interval endpoint +@@ -49,7 +64,7 @@ void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); + * + * Returns: pseudo-random number in interval [0, ep_ro) + */ +-static inline u32 prandom_u32_max(u32 ep_ro) ++static inline u32 __intentional_overflow(-1) prandom_u32_max(u32 ep_ro) + { + return (u32)(((u64) prandom_u32() * ep_ro) >> 32); + } diff --git a/include/linux/rbtree_augmented.h b/include/linux/rbtree_augmented.h index fea49b5..2ac22bb 100644 --- a/include/linux/rbtree_augmented.h @@ -84221,31 +84291,52 @@ index c55aeed..b3393f4 100644 /** inet_connection_sock - INET connection oriented sock * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index 058271b..1a44af7 100644 +index 058271b..1af4453 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h -@@ -47,8 +47,8 @@ struct inet_peer { +@@ -41,14 +41,13 @@ struct inet_peer { + struct rcu_head gc_rcu; + }; + /* +- * Once inet_peer is queued for deletion (refcnt == -1), following fields +- * are not available: rid, ip_id_count ++ * Once inet_peer is queued for deletion (refcnt == -1), following field ++ * is not available: rid + * We can share memory with rcu_head to help keep inet_peer small. */ union { struct { - atomic_t rid; /* Frag reception counter */ - atomic_t ip_id_count; /* IP ID for the next packet */ -+ atomic_unchecked_t rid; /* Frag reception counter */ -+ atomic_unchecked_t ip_id_count; /* IP ID for the next packet */ ++ atomic_unchecked_t rid; /* Frag reception counter */ }; struct rcu_head rcu; struct inet_peer *gc_next; -@@ -179,7 +179,7 @@ static inline int inet_getid(struct inet_peer *p, int more) - { - more++; - inet_peer_refcheck(p); -- return atomic_add_return(more, &p->ip_id_count) - more; -+ return atomic_add_return_unchecked(more, &p->ip_id_count) - more; +@@ -165,7 +164,7 @@ bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout); + void inetpeer_invalidate_tree(struct inet_peer_base *); + + /* +- * temporary check to make sure we dont access rid, ip_id_count, tcp_ts, ++ * temporary check to make sure we dont access rid, tcp_ts, + * tcp_ts_stamp if no refcount is taken on inet_peer + */ + static inline void inet_peer_refcheck(const struct inet_peer *p) +@@ -173,13 +172,4 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) + WARN_ON_ONCE(atomic_read(&p->refcnt) <= 0); } +- +-/* can be called with or without local BH being disabled */ +-static inline int inet_getid(struct inet_peer *p, int more) +-{ +- more++; +- inet_peer_refcheck(p); +- return atomic_add_return(more, &p->ip_id_count) - more; +-} +- #endif /* _NET_INETPEER_H */ diff --git a/include/net/ip.h b/include/net/ip.h -index 23be0fd..0cb3e2c 100644 +index 23be0fd..7251808 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -214,7 +214,7 @@ static inline void snmp_mib_free(void __percpu *ptr[SNMP_ARRAY_SZ]) @@ -84257,6 +84348,55 @@ index 23be0fd..0cb3e2c 100644 static inline int inet_is_reserved_local_port(int port) { return test_bit(port, sysctl_local_reserved_ports); +@@ -297,9 +297,10 @@ static inline unsigned int ip_skb_dst_mtu(const struct sk_buff *skb) + } + } + +-void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more); ++u32 ip_idents_reserve(u32 hash, int segs) __intentional_overflow(-1); ++void __ip_select_ident(struct iphdr *iph, int segs); + +-static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk) ++static inline void ip_select_ident_segs(struct sk_buff *skb, struct sock *sk, int segs) + { + struct iphdr *iph = ip_hdr(skb); + +@@ -309,24 +310,20 @@ static inline void ip_select_ident(struct sk_buff *skb, struct dst_entry *dst, s + * does not change, they drop every other packet in + * a TCP stream using header compression. + */ +- iph->id = (sk && inet_sk(sk)->inet_daddr) ? +- htons(inet_sk(sk)->inet_id++) : 0; +- } else +- __ip_select_ident(iph, dst, 0); +-} +- +-static inline void ip_select_ident_more(struct sk_buff *skb, struct dst_entry *dst, struct sock *sk, int more) +-{ +- struct iphdr *iph = ip_hdr(skb); +- +- if ((iph->frag_off & htons(IP_DF)) && !skb->local_df) { + if (sk && inet_sk(sk)->inet_daddr) { + iph->id = htons(inet_sk(sk)->inet_id); +- inet_sk(sk)->inet_id += 1 + more; +- } else ++ inet_sk(sk)->inet_id += segs; ++ } else { + iph->id = 0; +- } else +- __ip_select_ident(iph, dst, more); ++ } ++ } else { ++ __ip_select_ident(iph, segs); ++ } ++} ++ ++static inline void ip_select_ident(struct sk_buff *skb, struct sock *sk) ++{ ++ ip_select_ident_segs(skb, sk, 1); + } + + /* diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 9922093..a1755d6 100644 --- a/include/net/ip_fib.h @@ -84306,6 +84446,19 @@ index 5679d92..2e7a690 100644 /* ip_vs_est */ struct list_head est_list; /* estimator list */ spinlock_t est_lock; +diff --git a/include/net/ipv6.h b/include/net/ipv6.h +index 4f541f1..9ac6578 100644 +--- a/include/net/ipv6.h ++++ b/include/net/ipv6.h +@@ -660,8 +660,6 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add + return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); + } + +-void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); +- + int ip6_dst_hoplimit(struct dst_entry *dst); + + /* diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h index 8d4f588..2e37ad2 100644 --- a/include/net/irda/ircomm_tty.h @@ -84706,6 +84859,19 @@ index 0dfcc92..7967849 100644 /* Structure to track chunk fragments that have been acked, but peer +diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h +index f257486..3f36d45 100644 +--- a/include/net/secure_seq.h ++++ b/include/net/secure_seq.h +@@ -3,8 +3,6 @@ + + #include <linux/types.h> + +-__u32 secure_ip_id(__be32 daddr); +-__u32 secure_ipv6_id(const __be32 daddr[4]); + u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); + u32 secure_ipv6_port_ephemeral(const __be32 *saddr, const __be32 *daddr, + __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h index 2f7bc43..530dadc 100644 --- a/include/net/sock.h @@ -85728,7 +85894,7 @@ index 93b6139..8d628b7 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 9c7fd4c..650b4f1 100644 +index 58c132d..ac3f3b0 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ extern void radix_tree_init(void); @@ -85816,7 +85982,7 @@ index 9c7fd4c..650b4f1 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -688,25 +759,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -85847,7 +86013,7 @@ index 9c7fd4c..650b4f1 100644 return ret; } -@@ -813,8 +883,8 @@ static int run_init_process(const char *init_filename) +@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -85858,7 +86024,7 @@ index 9c7fd4c..650b4f1 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -831,6 +901,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -85869,7 +86035,7 @@ index 9c7fd4c..650b4f1 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -855,6 +929,11 @@ static int __ref kernel_init(void *unused) +@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -85881,7 +86047,7 @@ index 9c7fd4c..650b4f1 100644 /* * We try each of these until one succeeds. * -@@ -910,7 +989,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -85890,7 +86056,7 @@ index 9c7fd4c..650b4f1 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -923,11 +1002,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -89552,7 +89718,7 @@ index 14f9a8d..98ee610 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c -index 4dae9cb..039ffbb 100644 +index 8c086e6..a52bc51 100644 --- a/kernel/printk/printk.c +++ b/kernel/printk/printk.c @@ -385,6 +385,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -90557,7 +90723,7 @@ index a63f4dc..349bbb0 100644 unsigned long timeout) { diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 0aae0fc..2ba2b81 100644 +index 515e212..268a828 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1775,7 +1775,7 @@ void set_numabalancing_state(bool enabled) @@ -91981,7 +92147,7 @@ index 0954450..0ed035c 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 7e259b2..e9d9452 100644 +index 7113672..e8a9c80 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -3412,7 +3412,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -92007,10 +92173,10 @@ index c8bd809..33d7539 100644 /* * Normal trace_printk() and friends allocates special buffers diff --git a/kernel/trace/trace_clock.c b/kernel/trace/trace_clock.c -index 26dc348..8708ca7 100644 +index 57b67b1..66082a9 100644 --- a/kernel/trace/trace_clock.c +++ b/kernel/trace/trace_clock.c -@@ -123,7 +123,7 @@ u64 notrace trace_clock_global(void) +@@ -124,7 +124,7 @@ u64 notrace trace_clock_global(void) return now; } @@ -92019,7 +92185,7 @@ index 26dc348..8708ca7 100644 /* * trace_clock_counter(): simply an atomic counter. -@@ -132,5 +132,5 @@ static atomic64_t trace_counter; +@@ -133,5 +133,5 @@ static atomic64_t trace_counter; */ u64 notrace trace_clock_counter(void) { @@ -93131,7 +93297,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 30dd626..e0a6729 100644 +index 923f38e..74e159a 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -93176,7 +93342,7 @@ index 30dd626..e0a6729 100644 if (ret) goto out; -@@ -2615,6 +2619,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2616,6 +2620,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -93204,7 +93370,7 @@ index 30dd626..e0a6729 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2731,6 +2756,11 @@ retry_avoidcopy: +@@ -2732,6 +2757,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -93216,7 +93382,7 @@ index 30dd626..e0a6729 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2895,6 +2925,10 @@ retry: +@@ -2896,6 +2926,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -93227,7 +93393,7 @@ index 30dd626..e0a6729 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2925,6 +2959,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2926,6 +2960,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -93238,7 +93404,7 @@ index 30dd626..e0a6729 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2938,6 +2976,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2939,6 +2977,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -96054,7 +96220,7 @@ index 8740213..f87e25b 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index d013dba..d5ae30d 100644 +index 9f45f87..749bfd8 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -685,7 +685,7 @@ static long long pos_ratio_polynom(unsigned long setpoint, @@ -96067,7 +96233,7 @@ index d013dba..d5ae30d 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 7e7f947..254d009 100644 +index 62e400d..2072e4e 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -96641,7 +96807,7 @@ index 8184a7c..ab27737 100644 if (slab_equal_or_root(cachep, s)) return cachep; diff --git a/mm/slab_common.c b/mm/slab_common.c -index 1ec3c61..2067c11 100644 +index f149e67..b366f92 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -23,11 +23,22 @@ @@ -98075,7 +98241,7 @@ index 876fbe8..8bbea9f 100644 #undef __HANDLE_ITEM } diff --git a/net/atm/lec.c b/net/atm/lec.c -index 5a2f602..9396143 100644 +index 5a2f602..93961433 100644 --- a/net/atm/lec.c +++ b/net/atm/lec.c @@ -111,9 +111,9 @@ static inline void lec_arp_put(struct lec_arp_table *entry) @@ -98613,7 +98779,7 @@ index 988721a..947846d 100644 switch (ss->ss_family) { diff --git a/net/compat.c b/net/compat.c -index f50161f..94fa415 100644 +index f50161f..ab7644e 100644 --- a/net/compat.c +++ b/net/compat.c @@ -73,9 +73,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -98629,17 +98795,28 @@ index f50161f..94fa415 100644 return 0; } -@@ -87,7 +87,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -85,21 +85,22 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, + { + int tot_len; - if (kern_msg->msg_namelen) { +- if (kern_msg->msg_namelen) { ++ if (kern_msg->msg_name && kern_msg->msg_namelen) { if (mode == VERIFY_READ) { - int err = move_addr_to_kernel(kern_msg->msg_name, + int err = move_addr_to_kernel((void __force_user *)kern_msg->msg_name, kern_msg->msg_namelen, kern_address); if (err < 0) -@@ -99,7 +99,7 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, + return err; + } +- if (kern_msg->msg_name) +- kern_msg->msg_name = kern_address; +- } else ++ kern_msg->msg_name = kern_address; ++ } else { kern_msg->msg_name = NULL; ++ kern_msg->msg_namelen = 0; ++ } tot_len = iov_from_user_compat_to_kern(kern_iov, - (struct compat_iovec __user *)kern_msg->msg_iov, @@ -98647,7 +98824,7 @@ index f50161f..94fa415 100644 kern_msg->msg_iovlen); if (tot_len >= 0) kern_msg->msg_iov = kern_iov; -@@ -119,20 +119,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, +@@ -119,20 +120,20 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov, #define CMSG_COMPAT_FIRSTHDR(msg) \ (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \ @@ -98671,7 +98848,7 @@ index f50161f..94fa415 100644 msg->msg_controllen) return NULL; return (struct compat_cmsghdr __user *)ptr; -@@ -222,7 +222,7 @@ Efault: +@@ -222,7 +223,7 @@ Efault: int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data) { @@ -98680,7 +98857,7 @@ index f50161f..94fa415 100644 struct compat_cmsghdr cmhdr; struct compat_timeval ctv; struct compat_timespec cts[3]; -@@ -278,7 +278,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat +@@ -278,7 +279,7 @@ int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *dat void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm) { @@ -98689,7 +98866,7 @@ index f50161f..94fa415 100644 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; -@@ -366,7 +366,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, +@@ -366,7 +367,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, return -EFAULT; old_fs = get_fs(); set_fs(KERNEL_DS); @@ -98698,7 +98875,7 @@ index f50161f..94fa415 100644 set_fs(old_fs); return err; -@@ -427,7 +427,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, +@@ -427,7 +428,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, len = sizeof(ktime); old_fs = get_fs(); set_fs(KERNEL_DS); @@ -98707,7 +98884,7 @@ index f50161f..94fa415 100644 set_fs(old_fs); if (!err) { -@@ -570,7 +570,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -570,7 +571,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { @@ -98716,7 +98893,7 @@ index f50161f..94fa415 100644 struct group_req __user *kgr = compat_alloc_user_space(sizeof(struct group_req)); u32 interface; -@@ -591,7 +591,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -591,7 +592,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { @@ -98725,7 +98902,7 @@ index f50161f..94fa415 100644 struct group_source_req __user *kgsr = compat_alloc_user_space( sizeof(struct group_source_req)); u32 interface; -@@ -612,7 +612,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -612,7 +613,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, } case MCAST_MSFILTER: { @@ -98734,7 +98911,7 @@ index f50161f..94fa415 100644 struct group_filter __user *kgf; u32 interface, fmode, numsrc; -@@ -650,7 +650,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, +@@ -650,7 +651,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, char __user *optval, int __user *optlen, int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) { @@ -98743,7 +98920,7 @@ index f50161f..94fa415 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -803,7 +803,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) +@@ -803,7 +804,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; @@ -98968,11 +99145,15 @@ index dfa602c..3103d88 100644 fle->object = flo; else diff --git a/net/core/iovec.c b/net/core/iovec.c -index b618694..192bbba 100644 +index b618694..cd5f0af 100644 --- a/net/core/iovec.c +++ b/net/core/iovec.c -@@ -42,7 +42,7 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a - if (m->msg_namelen) { +@@ -39,23 +39,23 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a + { + int size, ct, err; + +- if (m->msg_namelen) { ++ if (m->msg_name && m->msg_namelen) { if (mode == VERIFY_READ) { void __user *namep; - namep = (void __user __force *) m->msg_name; @@ -98980,7 +99161,14 @@ index b618694..192bbba 100644 err = move_addr_to_kernel(namep, m->msg_namelen, address); if (err < 0) -@@ -55,7 +55,7 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a + return err; + } +- if (m->msg_name) +- m->msg_name = address; ++ m->msg_name = address; + } else { + m->msg_name = NULL; ++ m->msg_namelen = 0; } size = m->msg_iovlen * sizeof(struct iovec); @@ -99233,6 +99421,42 @@ index b442e7e..6f5b5a2 100644 i++, cmfptr++) { struct socket *sock; +diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c +index 897da56..ba71212 100644 +--- a/net/core/secure_seq.c ++++ b/net/core/secure_seq.c +@@ -85,31 +85,6 @@ EXPORT_SYMBOL(secure_ipv6_port_ephemeral); + #endif + + #ifdef CONFIG_INET +-__u32 secure_ip_id(__be32 daddr) +-{ +- u32 hash[MD5_DIGEST_WORDS]; +- +- net_secret_init(); +- hash[0] = (__force __u32) daddr; +- hash[1] = net_secret[13]; +- hash[2] = net_secret[14]; +- hash[3] = net_secret[15]; +- +- md5_transform(hash, net_secret); +- +- return hash[0]; +-} +- +-__u32 secure_ipv6_id(const __be32 daddr[4]) +-{ +- __u32 hash[4]; +- +- net_secret_init(); +- memcpy(hash, daddr, 16); +- md5_transform(hash, net_secret); +- +- return hash[0]; +-} + + __u32 secure_tcp_sequence_number(__be32 saddr, __be32 daddr, + __be16 sport, __be16 dport) diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 7f2e1fc..6206b10 100644 --- a/net/core/skbuff.c @@ -99697,6 +99921,28 @@ index 9d43468..ffa28cc 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c +index 9db3b87..0ffcd4d 100644 +--- a/net/ipv4/igmp.c ++++ b/net/ipv4/igmp.c +@@ -369,7 +369,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size) + pip->saddr = fl4.saddr; + pip->protocol = IPPROTO_IGMP; + pip->tot_len = 0; /* filled in later */ +- ip_select_ident(skb, &rt->dst, NULL); ++ ip_select_ident(skb, NULL); + ((u8 *)&pip[1])[0] = IPOPT_RA; + ((u8 *)&pip[1])[1] = 4; + ((u8 *)&pip[1])[2] = 0; +@@ -714,7 +714,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc, + iph->daddr = dst; + iph->saddr = fl4.saddr; + iph->protocol = IPPROTO_IGMP; +- ip_select_ident(skb, &rt->dst, NULL); ++ ip_select_ident(skb, NULL); + ((u8 *)&iph[1])[0] = IPOPT_RA; + ((u8 *)&iph[1])[1] = 4; + ((u8 *)&iph[1])[2] = 0; diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 0d1e2cb..4501a2c 100644 --- a/net/ipv4/inet_connection_sock.c @@ -99741,20 +99987,51 @@ index 8b9cf27..0d8d592 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index 48f4244..f56d83a 100644 +index 48f4244..d83ba8a 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c -@@ -496,8 +496,8 @@ relookup: +@@ -26,20 +26,7 @@ + * Theory of operations. + * We keep one entry for each peer IP address. The nodes contains long-living + * information about the peer which doesn't depend on routes. +- * At this moment this information consists only of ID field for the next +- * outgoing IP packet. This field is incremented with each packet as encoded +- * in inet_getid() function (include/net/inetpeer.h). +- * At the moment of writing this notes identifier of IP packets is generated +- * to be unpredictable using this code only for packets subjected +- * (actually or potentially) to defragmentation. I.e. DF packets less than +- * PMTU in size when local fragmentation is disabled use a constant ID and do +- * not use this code (see ip_select_ident() in include/net/ip.h). + * +- * Route cache entries hold references to our nodes. +- * New cache entries get references via lookup by destination IP address in +- * the avl tree. The reference is grabbed only when it's needed i.e. only +- * when we try to output IP packet which needs an unpredictable ID (see +- * __ip_select_ident() in net/ipv4/route.c). + * Nodes are removed only when reference counter goes to 0. + * When it's happened the node may be removed when a sufficient amount of + * time has been passed since its last use. The less-recently-used entry can +@@ -62,7 +49,6 @@ + * refcnt: atomically against modifications on other CPU; + * usually under some other lock to prevent node disappearing + * daddr: unchangeable +- * ip_id_count: atomic value (no lock needed) + */ + + static struct kmem_cache *peer_cachep __read_mostly; +@@ -496,11 +482,7 @@ relookup: if (p) { p->daddr = *daddr; atomic_set(&p->refcnt, 1); - atomic_set(&p->rid, 0); - atomic_set(&p->ip_id_count, +- (daddr->family == AF_INET) ? +- secure_ip_id(daddr->addr.a4) : +- secure_ipv6_id(daddr->addr.a6)); + atomic_set_unchecked(&p->rid, 0); -+ atomic_set_unchecked(&p->ip_id_count, - (daddr->family == AF_INET) ? - secure_ip_id(daddr->addr.a4) : - secure_ipv6_id(daddr->addr.a6)); + p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; + p->rate_tokens = 0; + /* 60*HZ is arbitrary, but chosen enough high so that the first diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index c10a3ce..dd71f84 100644 --- a/net/ipv4/ip_fragment.c @@ -99837,6 +100114,38 @@ index 94213c8..8bdb342 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index 73c6b63..ed88d78 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -148,7 +148,7 @@ int ip_build_and_send_pkt(struct sk_buff *skb, struct sock *sk, + iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); + iph->saddr = saddr; + iph->protocol = sk->sk_protocol; +- ip_select_ident(skb, &rt->dst, sk); ++ ip_select_ident(skb, sk); + + if (opt && opt->opt.optlen) { + iph->ihl += opt->opt.optlen>>2; +@@ -386,8 +386,7 @@ packet_routed: + ip_options_build(skb, &inet_opt->opt, inet->inet_daddr, rt, 0); + } + +- ip_select_ident_more(skb, &rt->dst, sk, +- (skb_shinfo(skb)->gso_segs ?: 1) - 1); ++ ip_select_ident_segs(skb, sk, skb_shinfo(skb)->gso_segs ?: 1); + + skb->priority = sk->sk_priority; + skb->mark = sk->sk_mark; +@@ -1338,7 +1337,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk, + iph->ttl = ttl; + iph->protocol = sk->sk_protocol; + ip_copy_addrs(iph, fl4); +- ip_select_ident(skb, &rt->dst, sk); ++ ip_select_ident(skb, sk); + + if (opt) { + iph->ihl += opt->optlen>>2; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c @@ -99860,6 +100169,19 @@ index 580dd96..9fcef7e 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c +index 8d69626..65b664d 100644 +--- a/net/ipv4/ip_tunnel_core.c ++++ b/net/ipv4/ip_tunnel_core.c +@@ -74,7 +74,7 @@ int iptunnel_xmit(struct rtable *rt, struct sk_buff *skb, + iph->daddr = dst; + iph->saddr = src; + iph->ttl = ttl; +- __ip_select_ident(iph, &rt->dst, (skb_shinfo(skb)->gso_segs ?: 1) - 1); ++ __ip_select_ident(iph, skb_shinfo(skb)->gso_segs ?: 1); + + err = ip_local_out(skb); + if (unlikely(net_xmit_eval(err))) diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c index e4a8f76..dd8ad72 100644 --- a/net/ipv4/ip_vti.c @@ -99935,6 +100257,19 @@ index 62eaa00..29b2dc2 100644 .kind = "ipip", .maxtype = IFLA_IPTUN_MAX, .policy = ipip_policy, +diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c +index 2886357..1149fc2 100644 +--- a/net/ipv4/ipmr.c ++++ b/net/ipv4/ipmr.c +@@ -1663,7 +1663,7 @@ static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr) + iph->protocol = IPPROTO_IPIP; + iph->ihl = 5; + iph->tot_len = htons(skb->len); +- ip_select_ident(skb, skb_dst(skb), NULL); ++ ip_select_ident(skb, NULL); + ip_send_check(iph); + + memset(&(IPCB(skb)->opt), 0, sizeof(IPCB(skb)->opt)); diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index f95b6f9..2ee2097 100644 --- a/net/ipv4/netfilter/arp_tables.c @@ -100118,7 +100453,7 @@ index e21934b..4e7cb58 100644 static int ping_v4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index c04518f..c402063 100644 +index c04518f..d67116b 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -100130,6 +100465,15 @@ index c04518f..c402063 100644 kfree_skb(skb); return NET_RX_DROP; } +@@ -389,7 +389,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4, + iph->check = 0; + iph->tot_len = htons(length); + if (!iph->id) +- ip_select_ident(skb, &rt->dst, NULL); ++ ip_select_ident(skb, NULL); + + iph->check = ip_fast_csum((unsigned char *)iph, iph->ihl); + } @@ -748,16 +748,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) @@ -100173,10 +100517,18 @@ index c04518f..c402063 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 031553f..e482974 100644 +index 031553f..1f6f4e2 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -233,7 +233,7 @@ static const struct seq_operations rt_cache_seq_ops = { +@@ -89,6 +89,7 @@ + #include <linux/rcupdate.h> + #include <linux/times.h> + #include <linux/slab.h> ++#include <linux/jhash.h> + #include <net/dst.h> + #include <net/net_namespace.h> + #include <net/protocol.h> +@@ -233,7 +234,7 @@ static const struct seq_operations rt_cache_seq_ops = { static int rt_cache_seq_open(struct inode *inode, struct file *file) { @@ -100185,7 +100537,7 @@ index 031553f..e482974 100644 } static const struct file_operations rt_cache_seq_fops = { -@@ -324,7 +324,7 @@ static const struct seq_operations rt_cpu_seq_ops = { +@@ -324,7 +325,7 @@ static const struct seq_operations rt_cpu_seq_ops = { static int rt_cpu_seq_open(struct inode *inode, struct file *file) { @@ -100194,7 +100546,7 @@ index 031553f..e482974 100644 } static const struct file_operations rt_cpu_seq_fops = { -@@ -362,7 +362,7 @@ static int rt_acct_proc_show(struct seq_file *m, void *v) +@@ -362,7 +363,7 @@ static int rt_acct_proc_show(struct seq_file *m, void *v) static int rt_acct_proc_open(struct inode *inode, struct file *file) { @@ -100203,7 +100555,78 @@ index 031553f..e482974 100644 } static const struct file_operations rt_acct_proc_fops = { -@@ -2624,34 +2624,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -462,39 +463,45 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, + return neigh_create(&arp_tbl, pkey, dev); + } + +-/* +- * Peer allocation may fail only in serious out-of-memory conditions. However +- * we still can generate some output. +- * Random ID selection looks a bit dangerous because we have no chances to +- * select ID being unique in a reasonable period of time. +- * But broken packet identifier may be better than no packet at all. ++#define IP_IDENTS_SZ 2048u ++struct ip_ident_bucket { ++ atomic_unchecked_t id; ++ u32 stamp32; ++}; ++ ++static struct ip_ident_bucket *ip_idents __read_mostly; ++ ++/* In order to protect privacy, we add a perturbation to identifiers ++ * if one generator is seldom used. This makes hard for an attacker ++ * to infer how many packets were sent between two points in time. + */ +-static void ip_select_fb_ident(struct iphdr *iph) ++u32 ip_idents_reserve(u32 hash, int segs) + { +- static DEFINE_SPINLOCK(ip_fb_id_lock); +- static u32 ip_fallback_id; +- u32 salt; ++ struct ip_ident_bucket *bucket = ip_idents + hash % IP_IDENTS_SZ; ++ u32 old = ACCESS_ONCE(bucket->stamp32); ++ u32 now = (u32)jiffies; ++ u32 delta = 0; + +- spin_lock_bh(&ip_fb_id_lock); +- salt = secure_ip_id((__force __be32)ip_fallback_id ^ iph->daddr); +- iph->id = htons(salt & 0xFFFF); +- ip_fallback_id = salt; +- spin_unlock_bh(&ip_fb_id_lock); ++ if (old != now && cmpxchg(&bucket->stamp32, old, now) == old) ++ delta = prandom_u32_max(now - old); ++ ++ return atomic_add_return_unchecked(segs + delta, &bucket->id) - segs; + } ++EXPORT_SYMBOL(ip_idents_reserve); + +-void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) ++void __ip_select_ident(struct iphdr *iph, int segs) + { +- struct net *net = dev_net(dst->dev); +- struct inet_peer *peer; ++ static u32 ip_idents_hashrnd __read_mostly; ++ u32 hash, id; + +- peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1); +- if (peer) { +- iph->id = htons(inet_getid(peer, more)); +- inet_putpeer(peer); +- return; +- } ++ net_get_random_once(&ip_idents_hashrnd, sizeof(ip_idents_hashrnd)); + +- ip_select_fb_ident(iph); ++ hash = jhash_3words((__force u32)iph->daddr, ++ (__force u32)iph->saddr, ++ iph->protocol, ++ ip_idents_hashrnd); ++ id = ip_idents_reserve(hash, segs); ++ iph->id = htons(id); + } + EXPORT_SYMBOL(__ip_select_ident); + +@@ -2624,34 +2631,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -100246,7 +100669,7 @@ index 031553f..e482974 100644 err_dup: return -ENOMEM; } -@@ -2674,8 +2674,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2674,8 +2681,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -100257,6 +100680,19 @@ index 031553f..e482974 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; +@@ -2718,6 +2725,12 @@ int __init ip_rt_init(void) + { + int rc = 0; + ++ ip_idents = kmalloc(IP_IDENTS_SZ * sizeof(*ip_idents), GFP_KERNEL); ++ if (!ip_idents) ++ panic("IP: failed to allocate ip_idents\n"); ++ ++ prandom_bytes(ip_idents, IP_IDENTS_SZ * sizeof(*ip_idents)); ++ + #ifdef CONFIG_IP_ROUTE_CLASSID + ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct)); + if (!ip_rt_acct) diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 44eba05..b36864b 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -100553,6 +100989,33 @@ index 64f0354..a81b39d 100644 if (retransmits_timed_out(sk, retry_until, syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ +diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c +index 06cae62..6b1a5fd 100644 +--- a/net/ipv4/tcp_vegas.c ++++ b/net/ipv4/tcp_vegas.c +@@ -219,7 +219,8 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack, u32 acked, + * This is: + * (actual rate in segments) * baseRTT + */ +- target_cwnd = tp->snd_cwnd * vegas->baseRTT / rtt; ++ target_cwnd = (u64)tp->snd_cwnd * vegas->baseRTT; ++ do_div(target_cwnd, rtt); + + /* Calculate the difference between the window we had, + * and the window we would like to have. This quantity +diff --git a/net/ipv4/tcp_veno.c b/net/ipv4/tcp_veno.c +index 326475a..603ad49 100644 +--- a/net/ipv4/tcp_veno.c ++++ b/net/ipv4/tcp_veno.c +@@ -145,7 +145,7 @@ static void tcp_veno_cong_avoid(struct sock *sk, u32 ack, u32 acked, + + rtt = veno->minrtt; + +- target_cwnd = (tp->snd_cwnd * veno->basertt); ++ target_cwnd = (u64)tp->snd_cwnd * veno->basertt; + target_cwnd <<= V_PARAM_SHIFT; + do_div(target_cwnd, rtt); + diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index b25e852..cdc3258 100644 --- a/net/ipv4/udp.c @@ -100671,6 +101134,24 @@ index b25e852..cdc3258 100644 } int udp4_seq_show(struct seq_file *seq, void *v) +diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c +index 31b1815..1f564a1 100644 +--- a/net/ipv4/xfrm4_mode_tunnel.c ++++ b/net/ipv4/xfrm4_mode_tunnel.c +@@ -117,12 +117,12 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb) + + top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ? + 0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF)); +- ip_select_ident(skb, dst->child, NULL); + + top_iph->ttl = ip4_dst_hoplimit(dst->child); + + top_iph->saddr = x->props.saddr.a4; + top_iph->daddr = x->id.daddr.a4; ++ ip_select_ident(skb, NULL); + + return 0; + } diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index e1a6393..f634ce5 100644 --- a/net/ipv4/xfrm4_policy.c @@ -100884,6 +101365,31 @@ index 2465d18..bc5bf7f 100644 .kind = "ip6gretap", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index a62b610..073e5a6 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -537,6 +537,20 @@ static void ip6_copy_metadata(struct sk_buff *to, struct sk_buff *from) + skb_copy_secmark(to, from); + } + ++static void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) ++{ ++ static u32 ip6_idents_hashrnd __read_mostly; ++ u32 hash, id; ++ ++ net_get_random_once(&ip6_idents_hashrnd, sizeof(ip6_idents_hashrnd)); ++ ++ hash = __ipv6_addr_jhash(&rt->rt6i_dst.addr, ip6_idents_hashrnd); ++ hash = __ipv6_addr_jhash(&rt->rt6i_src.addr, hash); ++ ++ id = ip_idents_reserve(hash, 1); ++ fhdr->identification = htonl(id); ++} ++ + int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) + { + struct sk_buff *frag; diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 9120339..cfdd84f 100644 --- a/net/ipv6/ip6_tunnel.c @@ -101033,27 +101539,40 @@ index 767ab8d..c5ec70a 100644 return -ENOMEM; } diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c -index b31a012..c36f09c 100644 +index b31a012..ab2f47d 100644 --- a/net/ipv6/output_core.c +++ b/net/ipv6/output_core.c -@@ -9,7 +9,7 @@ +@@ -7,30 +7,6 @@ + #include <net/ip6_fib.h> + #include <net/addrconf.h> - void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) - { +-void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) +-{ - static atomic_t ipv6_fragmentation_id; -+ static atomic_unchecked_t ipv6_fragmentation_id; - int ident; - - #if IS_ENABLED(CONFIG_IPV6) -@@ -26,7 +26,7 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) - } - } - #endif +- int ident; +- +-#if IS_ENABLED(CONFIG_IPV6) +- if (rt && !(rt->dst.flags & DST_NOPEER)) { +- struct inet_peer *peer; +- struct net *net; +- +- net = dev_net(rt->dst.dev); +- peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); +- if (peer) { +- fhdr->identification = htonl(inet_getid(peer, 0)); +- inet_putpeer(peer); +- return; +- } +- } +-#endif - ident = atomic_inc_return(&ipv6_fragmentation_id); -+ ident = atomic_inc_return_unchecked(&ipv6_fragmentation_id); - fhdr->identification = htonl(ident); - } - EXPORT_SYMBOL(ipv6_select_ident); +- fhdr->identification = htonl(ident); +-} +-EXPORT_SYMBOL(ipv6_select_ident); +- + int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr) + { + u16 offset = sizeof(struct ipv6hdr); diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c index bda7429..469b26b 100644 --- a/net/ipv6/ping.c @@ -101604,28 +102123,6 @@ index 7932697..a13d158 100644 } while (!res); return res; } -diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c -index ec66063..1e05bbd 100644 ---- a/net/l2tp/l2tp_ppp.c -+++ b/net/l2tp/l2tp_ppp.c -@@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, - int err; - - if (level != SOL_PPPOL2TP) -- return udp_prot.setsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (optlen < sizeof(int)) - return -EINVAL; -@@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, - struct pppol2tp_session *ps; - - if (level != SOL_PPPOL2TP) -- return udp_prot.getsockopt(sk, level, optname, optval, optlen); -+ return -EINVAL; - - if (get_user(len, optlen)) - return -EFAULT; diff --git a/net/llc/llc_proc.c b/net/llc/llc_proc.c index 1a3c7e0..80f8b0c 100644 --- a/net/llc/llc_proc.c @@ -102094,9 +102591,18 @@ index db80126..ef7110e 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index c47444e..b0961c6 100644 +index c47444e..e9a86e6 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c +@@ -883,7 +883,7 @@ ip_vs_tunnel_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, + iph->daddr = cp->daddr.ip; + iph->saddr = saddr; + iph->ttl = old_iph->ttl; +- ip_select_ident(skb, &rt->dst, NULL); ++ ip_select_ident(skb, NULL); + + /* Another hack: avoid icmp_send in ip_fragment */ + skb->local_df = 1; @@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; @@ -109632,10 +110138,10 @@ index 0000000..39d7cc7 +} diff --git a/tools/gcc/randomize_layout_plugin.c b/tools/gcc/randomize_layout_plugin.c new file mode 100644 -index 0000000..8dafb22 +index 0000000..a5cb46b --- /dev/null +++ b/tools/gcc/randomize_layout_plugin.c -@@ -0,0 +1,910 @@ +@@ -0,0 +1,915 @@ +/* + * Copyright 2014 by Open Source Security, Inc., Brad Spengler <spender@grsecurity.net> + * and PaX Team <pageexec@freemail.hu> @@ -109954,6 +110460,11 @@ index 0000000..8dafb22 + lookup_attribute("no_randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type)))) + return 0; + ++ /* Workaround for 3rd-party VirtualBox source that we can't modify ourselves */ ++ if (!strcmp((const char *)ORIG_TYPE_NAME(type), "INTNETTRUNKFACTORY") || ++ !strcmp((const char *)ORIG_TYPE_NAME(type), "RAWPCIFACTORY")) ++ return 0; ++ + /* throw out any structs in uapi */ + xloc = expand_location(DECL_SOURCE_LOCATION(TYPE_FIELDS(type))); + @@ -121617,10 +122128,10 @@ index 0000000..0888f6c + diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..dd94983 +index 0000000..924652b --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,376 @@ +@@ -0,0 +1,395 @@ +/* + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -121652,7 +122163,7 @@ index 0000000..dd94983 +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201402131920", ++ .version = "201408011900", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -121798,6 +122309,25 @@ index 0000000..dd94983 + +static bool gate_stackleak_track_stack(void) +{ ++ tree section; ++ ++ if (ix86_cmodel != CM_KERNEL) ++ return false; ++ ++ section = lookup_attribute("section", DECL_ATTRIBUTES(current_function_decl)); ++ if (section && TREE_VALUE(section)) { ++ section = TREE_VALUE(TREE_VALUE(section)); ++ ++ if (!strncmp(TREE_STRING_POINTER(section), ".init.text", 10)) ++ return false; ++ if (!strncmp(TREE_STRING_POINTER(section), ".devinit.text", 13)) ++ return false; ++ if (!strncmp(TREE_STRING_POINTER(section), ".cpuinit.text", 13)) ++ return false; ++ if (!strncmp(TREE_STRING_POINTER(section), ".meminit.text", 13)) ++ return false; ++ } ++ + return track_frame_size >= 0; +} + diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 74463fb61..525295939 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.6 Kernel Configuration +# Linux/x86 3.14.16 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -313,6 +313,7 @@ CONFIG_INLINE_READ_UNLOCK=y CONFIG_INLINE_READ_UNLOCK_IRQ=y CONFIG_INLINE_WRITE_UNLOCK=y CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -396,6 +397,7 @@ CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set # CONFIG_X86_MCE is not set CONFIG_VM86=y +# CONFIG_X86_16BIT is not set CONFIG_TOSHIBA=m CONFIG_I8K=m CONFIG_X86_REBOOTFIXUPS=y @@ -1543,8 +1545,8 @@ CONFIG_MTD_UBI_WL_THRESHOLD=4096 CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index ea04d3153..82ed1551d 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.14.6 Kernel Configuration +# Linux/x86 3.14.16 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -328,6 +328,7 @@ CONFIG_INLINE_READ_UNLOCK=y CONFIG_INLINE_READ_UNLOCK_IRQ=y CONFIG_INLINE_WRITE_UNLOCK=y CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -394,6 +395,7 @@ CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set # CONFIG_X86_MCE is not set +# CONFIG_X86_16BIT is not set CONFIG_I8K=m CONFIG_MICROCODE=m CONFIG_MICROCODE_INTEL=y @@ -1522,8 +1524,8 @@ CONFIG_MTD_UBI_WL_THRESHOLD=4096 CONFIG_MTD_UBI_BEB_LIMIT=20 # CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set -CONFIG_PARPORT=m CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +CONFIG_PARPORT=m CONFIG_PARPORT_PC=m CONFIG_PARPORT_SERIAL=m # CONFIG_PARPORT_PC_FIFO is not set |