diff options
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 33 | ||||
| -rw-r--r-- | main/linux-grsec/CVE-2013-2851.patch | 60 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch) | 1479 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 4 | ||||
| -rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 4 |
5 files changed, 1042 insertions, 538 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index cd5bb1737..1b93d5b90 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.9.6 +pkgver=3.9.7 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.9.6-201306171904.patch + grsecurity-2.9.1-3.9.7-201306231443.patch 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch @@ -26,8 +26,6 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch - CVE-2013-2851.patch - kernelconfig.x86 kernelconfig.x86_64 " @@ -151,38 +149,35 @@ dev() { } md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz -897cffc5167a561b38c6748e7f0a4215 patch-3.9.6.xz -8c9e11d9121958fa866b330ed3dbe4bd grsecurity-2.9.1-3.9.6-201306171904.patch +74005c469fbd309ab631d981e2d3a6e7 patch-3.9.7.xz +a5db3ef848185c32ad4b0bbfe19106aa grsecurity-2.9.1-3.9.7-201306231443.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -eca3b4897b2a2191576ba719609cc654 CVE-2013-2851.patch -3e219a1f25136b204d00865939532fe9 kernelconfig.x86 -1d057c89927a68e5f44896887ad3e379 kernelconfig.x86_64" +bfb5ddcfbc1c9f30253de200ec2a0eb0 kernelconfig.x86 +0b6534366d8abbd36c40744163c81e5a kernelconfig.x86_64" sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz -13296dad939ef4e05adba87b9d0476aa8e2ccf92866f14835327dae8a1402fc3 patch-3.9.6.xz -a14302153a717e8cf8346c44ed4ac620b87a38795afa72c3f61797eab221290d grsecurity-2.9.1-3.9.6-201306171904.patch +23db9de5ffa2f8f36d61da85ee46656a3373f8868415c1f3c77c51c41fabfda8 patch-3.9.7.xz +0aa3ec9d60640ee06ca6c6aed877ce2ee99c2b8a2ee8be50ad92c43ed6570617 grsecurity-2.9.1-3.9.7-201306231443.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -461d159751095d3624d74867dc8b3e3865e3a67c4b3cd48188f5ae2f1f1f66cb CVE-2013-2851.patch -cc3bd3d23f6a73ea6488c158de9d195ad5e3d87859ce02d92a04f0e08c9503d3 kernelconfig.x86 -b780ef646b3b30a5b0307102367e17d45bb3a0ab7e37cf92a1ce783c3149243a kernelconfig.x86_64" +c017c0a47fa0dfdefe148aa73e8a19fabb1957dc699de0f94d8d4d9a45bf5abe kernelconfig.x86 +aafae208fc72eaad9d09fcd8220e0d70379d8c7c7f658c10aa96990dc0b36207 kernelconfig.x86_64" sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz -6c79bde85d86c7e7dca160d5bdd5826ae05ed41cb372d0a94e4f9840413351a8bc1fec50159d59dbac462345bd13c31c6c4d8c47187ee6d87b4d71c8560093da patch-3.9.6.xz -fe8a4fffb18b6ef88951e97cd20e464674e10d2a6a76a0b17d4922b87b24c6653a81d798f0b93dfb7545da011a29d73dfafd73b258f528bbe81984ef24c137ac grsecurity-2.9.1-3.9.6-201306171904.patch +dcf38bca1ee1b90bffd97c74c00720613dbab9183aa600401a821fe20ea665629bc43544053bd2ffe18ebfe1ee2d72d139f22d2f070374f5e231831ed6c89251 patch-3.9.7.xz +73f819bd44c724bbdc2e01ed4154c9fd53d0a8d1099ffabf56e995d82a9dbcb03c742e1c048cae9b0052d43dbda4d1c2150f6c14a1b958c25eef8b5571047f80 grsecurity-2.9.1-3.9.7-201306231443.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch -5e5c9ac96b87efc811bd612774934a5fb8635a34d7fbe13ea80f5a8da19efa2a71f0bcab08a85224612f332d7485cea1d6cbd4d64644d90a3dd576f3458e5a99 CVE-2013-2851.patch -00fd8694455935f96e46b6624388b8c04af27ce4295040362da78c34bf9f08382bc69c1b8b273145573a59e3b4eecfa251119560da19ab390f171a8a6da18298 kernelconfig.x86 -6276f503f9dd7ea228b1661f9a36edcf18d2c4cfb6d9c4e3e1496a4f70709cc693fc8498186d86dd3f303c909c50e478cb95e08a05f50bda77c9cf165aca1ba1 kernelconfig.x86_64" +bcf675bafd3aac174195a2d38571b9b54f4b6e0635ab3363699ae8845794dc44bcfe952585fae881d81065d4a25333a3e033808c99c977aa4a797b81e5a36c3f kernelconfig.x86 +a8bf4cc1cdb4d1bde9fe4cd4040a596a52a24817fad15b29785ba10ab1d80fd4ae9589ac92f98c8b6b3b5e5510f01b9c9b96b11a2cf05c9684eb0bd62ee6676e kernelconfig.x86_64" diff --git a/main/linux-grsec/CVE-2013-2851.patch b/main/linux-grsec/CVE-2013-2851.patch deleted file mode 100644 index 3407731c7..000000000 --- a/main/linux-grsec/CVE-2013-2851.patch +++ /dev/null @@ -1,60 +0,0 @@ -Subject: [PATCH 1/8] block: do not pass disk names as format strings - -Disk names may contain arbitrary strings, so they must not be interpreted -as format strings. It seems that only md allows arbitrary strings to be -used for disk names, but this could allow for a local memory corruption -from uid 0 into ring 0. - -CVE-2013-2851 - -Signed-off-by: Kees Cook <keescook@chromium.org> -Cc: stable@vger.kernel.org -Cc: Jens Axboe <axboe@kernel.dk> ---- - block/genhd.c | 2 +- - drivers/block/nbd.c | 3 ++- - drivers/scsi/osd/osd_uld.c | 2 +- - 3 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/block/genhd.c b/block/genhd.c -index 20625ee..cdeb527 100644 ---- a/block/genhd.c -+++ b/block/genhd.c -@@ -512,7 +512,7 @@ static void register_disk(struct gendisk *disk) - - ddev->parent = disk->driverfs_dev; - -- dev_set_name(ddev, disk->disk_name); -+ dev_set_name(ddev, "%s", disk->disk_name); - - /* delay uevents, until we scanned partition table */ - dev_set_uevent_suppress(ddev, 1); -diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c -index 037288e..46b35f7 100644 ---- a/drivers/block/nbd.c -+++ b/drivers/block/nbd.c -@@ -714,7 +714,8 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, - else - blk_queue_flush(nbd->disk->queue, 0); - -- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name); -+ thread = kthread_create(nbd_thread, nbd, "%s", -+ nbd->disk->disk_name); - if (IS_ERR(thread)) { - mutex_lock(&nbd->tx_lock); - return PTR_ERR(thread); -diff --git a/drivers/scsi/osd/osd_uld.c b/drivers/scsi/osd/osd_uld.c -index 0fab6b5..9d86947 100644 ---- a/drivers/scsi/osd/osd_uld.c -+++ b/drivers/scsi/osd/osd_uld.c -@@ -485,7 +485,7 @@ static int osd_probe(struct device *dev) - oud->class_dev.class = &osd_uld_class; - oud->class_dev.parent = dev; - oud->class_dev.release = __remove; -- error = dev_set_name(&oud->class_dev, disk->disk_name); -+ error = dev_set_name(&oud->class_dev, "%s", disk->disk_name); - if (error) { - OSD_ERR("dev_set_name failed => %d\n", error); - goto err_put_cdev; --- -1.7.9.5 diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch index 430bb2aca..5af323247 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index b89a739..b47493f 100644 +index b89a739..79768fb 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -41,7 +41,7 @@ index b89a739..b47493f 100644 .*.d .mm 53c700_d.h -@@ -69,6 +75,7 @@ Image +@@ -69,9 +75,11 @@ Image Module.markers Module.symvers PENDING @@ -49,7 +49,11 @@ index b89a739..b47493f 100644 SCCS System.map* TAGS -@@ -80,6 +87,7 @@ aic7*seq.h* ++TRACEEVENT-CFLAGS + aconf + af_names.h + aic7*reg.h* +@@ -80,6 +88,7 @@ aic7*seq.h* aicasm aicdb.h* altivec*.c @@ -57,7 +61,7 @@ index b89a739..b47493f 100644 asm-offsets.h asm_offsets.h autoconf.h* -@@ -92,19 +100,24 @@ bounds.h +@@ -92,19 +101,24 @@ bounds.h bsetup btfixupprep build @@ -82,7 +86,7 @@ index b89a739..b47493f 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -115,9 +128,11 @@ devlist.h* +@@ -115,9 +129,11 @@ devlist.h* dnotify_test docproc dslm @@ -94,7 +98,7 @@ index b89a739..b47493f 100644 fixdep flask.h fore200e_mkfirm -@@ -125,12 +140,15 @@ fore200e_pca_fw.c* +@@ -125,12 +141,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -110,7 +114,7 @@ index b89a739..b47493f 100644 hpet_example hugepage-mmap hugepage-shm -@@ -145,14 +163,14 @@ int32.c +@@ -145,14 +164,14 @@ int32.c int4.c int8.c kallsyms @@ -127,7 +131,7 @@ index b89a739..b47493f 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -162,14 +180,15 @@ mach-types.h +@@ -162,14 +181,15 @@ mach-types.h machtypes.h map map_hugetlb @@ -144,7 +148,7 @@ index b89a739..b47493f 100644 mkprep mkregtable mktables -@@ -185,6 +204,8 @@ oui.c* +@@ -185,6 +205,8 @@ oui.c* page-types parse.c parse.h @@ -153,7 +157,7 @@ index b89a739..b47493f 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -194,6 +215,7 @@ perf-archive +@@ -194,6 +216,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,7 +165,7 @@ index b89a739..b47493f 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -203,7 +225,10 @@ r200_reg_safe.h +@@ -203,7 +226,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -172,7 +176,7 @@ index b89a739..b47493f 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -213,8 +238,12 @@ series +@@ -213,8 +239,12 @@ series setup setup.bin setup.elf @@ -185,7 +189,7 @@ index b89a739..b47493f 100644 split-include syscalltab.h tables.c -@@ -224,6 +253,7 @@ tftpboot.img +@@ -224,6 +254,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -193,7 +197,7 @@ index b89a739..b47493f 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -235,13 +265,17 @@ vdso32.lds +@@ -235,13 +266,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -211,7 +215,7 @@ index b89a739..b47493f 100644 vmlinuz voffset.h vsyscall.lds -@@ -249,9 +283,12 @@ vsyscall_32.lds +@@ -249,9 +284,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -259,7 +263,7 @@ index 8ccbf27..afffeb4 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 4a40307..9ac699b 100644 +index a129b15..548231d 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -6633,7 +6637,7 @@ index ae54553..cf2184d 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 3bbe7ed..14ec3eb 100644 +index 644378e..b6f2c26 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -1390,10 +1390,10 @@ handle_page_fault: @@ -6682,7 +6686,7 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 9600c36..0c156d7 100644 +index 0d86c8a..df4c5f2 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -871,8 +871,8 @@ void show_regs(struct pt_regs * regs) @@ -6718,7 +6722,7 @@ index 9600c36..0c156d7 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1396,58 +1396,3 @@ void __ppc64_runlatch_off(void) +@@ -1396,58 +1396,3 @@ void notrace __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -6856,7 +6860,7 @@ index 3ce1f86..c30e629 100644 }; diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 29857c6..bd31e27 100644 +index bf33ace..e836d8b 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) @@ -10062,6 +10066,20 @@ index d2b5944..bd813f2 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c +index 83d89bc..37e7bc4 100644 +--- a/arch/sparc/mm/tlb.c ++++ b/arch/sparc/mm/tlb.c +@@ -85,8 +85,8 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + } + + if (!tb->active) { +- global_flush_tlb_page(mm, vaddr); + flush_tsb_user_page(mm, vaddr); ++ global_flush_tlb_page(mm, vaddr); + goto out; + } + diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -10503,7 +10521,7 @@ index 5ef205c..342191d 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 35ee62f..b6609b6 100644 +index c205035..5853587 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -150,7 +150,6 @@ again: @@ -10522,6 +10540,48 @@ index 35ee62f..b6609b6 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: return status; +diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S +index a53440e..c3dbf1e 100644 +--- a/arch/x86/boot/compressed/efi_stub_32.S ++++ b/arch/x86/boot/compressed/efi_stub_32.S +@@ -46,16 +46,13 @@ ENTRY(efi_call_phys) + * parameter 2, ..., param n. To make things easy, we save the return + * address of efi_call_phys in a global variable. + */ +- popl %ecx +- movl %ecx, saved_return_addr(%edx) +- /* get the function pointer into ECX*/ +- popl %ecx +- movl %ecx, efi_rt_function_ptr(%edx) ++ popl saved_return_addr(%edx) ++ popl efi_rt_function_ptr(%edx) + + /* + * 3. Call the physical function. + */ +- call *%ecx ++ call *efi_rt_function_ptr(%edx) + + /* + * 4. Balance the stack. And because EAX contain the return value, +@@ -67,15 +64,12 @@ ENTRY(efi_call_phys) + 1: popl %edx + subl $1b, %edx + +- movl efi_rt_function_ptr(%edx), %ecx +- pushl %ecx ++ pushl efi_rt_function_ptr(%edx) + + /* + * 10. Push the saved return address onto the stack and return. + */ +- movl saved_return_addr(%edx), %ecx +- pushl %ecx +- ret ++ jmpl *saved_return_addr(%edx) + ENDPROC(efi_call_phys) + .previous + diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S index 1e3184f..0d11e2e 100644 --- a/arch/x86/boot/compressed/head_32.S @@ -17405,7 +17465,7 @@ index 7c6f7d5..8cac382 100644 }; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 7bc1263..ce2cbfb 100644 +index 7bc1263..bff5686 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -17456,6 +17516,15 @@ index 7bc1263..ce2cbfb 100644 return; } /* First print corrected ones that are still unlogged */ +@@ -353,7 +354,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) + if (!fake_panic) { + if (panic_timeout == 0) + panic_timeout = mca_cfg.panic_timeout; +- panic(msg); ++ panic("%s", msg); + } else + pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg); + } @@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ @@ -18171,6 +18240,21 @@ index b653675..51cc8c0 100644 +} +EXPORT_SYMBOL(pax_check_alloca); +#endif +diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c +index d32abea..74daf4f 100644 +--- a/arch/x86/kernel/e820.c ++++ b/arch/x86/kernel/e820.c +@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void) + + static void early_panic(char *msg) + { +- early_printk(msg); +- panic(msg); ++ early_printk("%s", msg); ++ panic("%s", msg); + } + + static int userdef __initdata; diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c index 9b9f18b..9fcaa04 100644 --- a/arch/x86/kernel/early_printk.c @@ -18944,7 +19028,7 @@ index 8f3e2de..934870f 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index c1d01e6..5625dce 100644 +index c1d01e6..1bef85a 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -19031,7 +19115,7 @@ index c1d01e6..5625dce 100644 #endif -@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64) +@@ -284,6 +293,311 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -19139,7 +19223,9 @@ index c1d01e6..5625dce 100644 +#endif +#ifdef CONFIG_PAX_RANDKSTACK + pushq %rax ++ pushq %r11 + call pax_randomize_kstack ++ popq %r11 + popq %rax +#endif + .endm @@ -19202,10 +19288,10 @@ index c1d01e6..5625dce 100644 +ENDPROC(pax_enter_kernel_user) + +ENTRY(pax_exit_kernel_user) -+ push %rdi ++ pushq %rdi ++ pushq %rbx + +#ifdef CONFIG_PARAVIRT -+ pushq %rbx + PV_SAVE_REGS(CLBR_RDI) +#endif + @@ -19217,13 +19303,14 @@ index c1d01e6..5625dce 100644 +#endif + + GET_CR3_INTO_RDI -+ add $__START_KERNEL_map,%rdi -+ sub phys_base(%rip),%rdi ++ mov %rdi,%rbx ++ add $__START_KERNEL_map,%rbx ++ sub phys_base(%rip),%rbx + +#ifdef CONFIG_PARAVIRT ++ pushq %rdi + cmpl $0, pv_info+PARAVIRT_enabled + jz 1f -+ mov %rdi,%rbx + i = 0 + .rept USER_PGD_PTRS + mov i*8(%rbx),%rsi @@ -19232,21 +19319,23 @@ index c1d01e6..5625dce 100644 + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) + i = i + 1 + .endr ++ popq %rdi ++ PV_RESTORE_REGS(CLBR_RDI) + jmp 2f +1: +#endif + + i = 0 + .rept USER_PGD_PTRS -+ movb $0x67,i*8(%rdi) ++ movb $0x67,i*8(%rbx) + i = i + 1 + .endr + +#ifdef CONFIG_PARAVIRT -+2: PV_RESTORE_REGS(CLBR_RDI) -+ popq %rbx ++2: +#endif + ++ popq %rbx + popq %rdi + pax_force_retaddr + retq @@ -19255,6 +19344,30 @@ index c1d01e6..5625dce 100644 +ENDPROC(pax_exit_kernel_user) +#endif + ++ .macro pax_enter_kernel_nmi ++ pax_set_fptr_mask ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ GET_CR0_INTO_RDI ++ bts $16,%rdi ++ SET_RDI_INTO_CR0 ++ jc 110f ++ or $2,%ebx ++110: ++#endif ++ .endm ++ ++ .macro pax_exit_kernel_nmi ++#ifdef CONFIG_PAX_KERNEXEC ++ test $2,%ebx ++ jz 110f ++ GET_CR0_INTO_RDI ++ btr $16,%rdi ++ SET_RDI_INTO_CR0 ++110: ++#endif ++ .endm ++ +.macro pax_erase_kstack +#ifdef CONFIG_PAX_MEMORY_STACKLEAK + call pax_erase_kstack @@ -19314,7 +19427,7 @@ index c1d01e6..5625dce 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64) +@@ -375,8 +689,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -19325,7 +19438,7 @@ index c1d01e6..5625dce 100644 .endm /* -@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64) +@@ -463,7 +777,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -19334,7 +19447,7 @@ index c1d01e6..5625dce 100644 je 1f SWAPGS /* -@@ -498,9 +783,10 @@ ENTRY(save_rest) +@@ -498,9 +812,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -19346,7 +19459,7 @@ index c1d01e6..5625dce 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -529,9 +815,10 @@ ENTRY(save_paranoid) +@@ -529,9 +844,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -19359,7 +19472,7 @@ index c1d01e6..5625dce 100644 .popsection /* -@@ -553,7 +840,7 @@ ENTRY(ret_from_fork) +@@ -553,7 +869,7 @@ ENTRY(ret_from_fork) RESTORE_REST @@ -19368,7 +19481,7 @@ index c1d01e6..5625dce 100644 jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -571,7 +858,7 @@ ENTRY(ret_from_fork) +@@ -571,7 +887,7 @@ ENTRY(ret_from_fork) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19377,7 +19490,7 @@ index c1d01e6..5625dce 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -608,7 +895,7 @@ END(ret_from_fork) +@@ -608,7 +924,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -19386,7 +19499,7 @@ index c1d01e6..5625dce 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs) +@@ -621,16 +937,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -19412,7 +19525,7 @@ index c1d01e6..5625dce 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -640,7 +934,7 @@ system_call_fastpath: +@@ -640,7 +963,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -19421,7 +19534,7 @@ index c1d01e6..5625dce 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -654,10 +948,13 @@ sysret_check: +@@ -654,10 +977,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -19436,7 +19549,7 @@ index c1d01e6..5625dce 100644 /* * sysretq will re-enable interrupts: */ -@@ -709,14 +1006,18 @@ badsys: +@@ -709,14 +1035,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -19456,7 +19569,7 @@ index c1d01e6..5625dce 100644 jmp system_call_fastpath /* -@@ -737,7 +1038,7 @@ sysret_audit: +@@ -737,7 +1067,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -19465,7 +19578,7 @@ index c1d01e6..5625dce 100644 jz auditsys #endif SAVE_REST -@@ -745,12 +1046,16 @@ tracesys: +@@ -745,12 +1075,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -19482,7 +19595,7 @@ index c1d01e6..5625dce 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -759,7 +1064,7 @@ tracesys: +@@ -759,7 +1093,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -19491,7 +19604,7 @@ index c1d01e6..5625dce 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -780,7 +1085,9 @@ GLOBAL(int_with_check) +@@ -780,7 +1114,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -19502,7 +19615,7 @@ index c1d01e6..5625dce 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -826,7 +1133,7 @@ int_restore_rest: +@@ -826,7 +1162,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -19511,7 +19624,7 @@ index c1d01e6..5625dce 100644 .macro FORK_LIKE func ENTRY(stub_\func) -@@ -839,9 +1146,10 @@ ENTRY(stub_\func) +@@ -839,9 +1175,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -19523,7 +19636,7 @@ index c1d01e6..5625dce 100644 .endm .macro FIXED_FRAME label,func -@@ -851,9 +1159,10 @@ ENTRY(\label) +@@ -851,9 +1188,10 @@ ENTRY(\label) FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET call \func RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET @@ -19535,7 +19648,7 @@ index c1d01e6..5625dce 100644 .endm FORK_LIKE clone -@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common) +@@ -870,9 +1208,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -19547,7 +19660,7 @@ index c1d01e6..5625dce 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -885,7 +1195,7 @@ ENTRY(stub_execve) +@@ -885,7 +1224,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19556,7 +19669,7 @@ index c1d01e6..5625dce 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn) +@@ -902,7 +1241,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19565,7 +19678,7 @@ index c1d01e6..5625dce 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn) +@@ -916,7 +1255,7 @@ ENTRY(stub_x32_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19574,7 +19687,7 @@ index c1d01e6..5625dce 100644 ENTRY(stub_x32_execve) CFI_STARTPROC -@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve) +@@ -930,7 +1269,7 @@ ENTRY(stub_x32_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19583,7 +19696,7 @@ index c1d01e6..5625dce 100644 #endif -@@ -967,7 +1277,7 @@ vector=vector+1 +@@ -967,7 +1306,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -19592,7 +19705,7 @@ index c1d01e6..5625dce 100644 .previous END(interrupt) -@@ -987,6 +1297,16 @@ END(interrupt) +@@ -987,6 +1326,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -19609,7 +19722,7 @@ index c1d01e6..5625dce 100644 call \func .endm -@@ -1019,7 +1339,7 @@ ret_from_intr: +@@ -1019,7 +1368,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -19618,7 +19731,7 @@ index c1d01e6..5625dce 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1041,12 +1361,16 @@ retint_swapgs: /* return to user-space */ +@@ -1041,12 +1390,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -19635,7 +19748,7 @@ index c1d01e6..5625dce 100644 /* * The iretq could re-enable interrupts: */ -@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel) +@@ -1129,7 +1482,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -19644,7 +19757,7 @@ index c1d01e6..5625dce 100644 /* * End of kprobes section */ -@@ -1147,7 +1471,7 @@ ENTRY(\sym) +@@ -1147,7 +1500,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -19653,7 +19766,7 @@ index c1d01e6..5625dce 100644 .endm #ifdef CONFIG_SMP -@@ -1203,12 +1527,22 @@ ENTRY(\sym) +@@ -1203,12 +1556,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -19677,7 +19790,7 @@ index c1d01e6..5625dce 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1221,15 +1555,25 @@ ENTRY(\sym) +@@ -1221,15 +1584,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -19705,7 +19818,7 @@ index c1d01e6..5625dce 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1240,14 +1584,30 @@ ENTRY(\sym) +@@ -1240,14 +1613,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -19737,7 +19850,7 @@ index c1d01e6..5625dce 100644 .endm .macro errorentry sym do_sym -@@ -1259,13 +1619,23 @@ ENTRY(\sym) +@@ -1259,13 +1648,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -19762,7 +19875,7 @@ index c1d01e6..5625dce 100644 .endm /* error code is on the stack already */ -@@ -1279,13 +1649,23 @@ ENTRY(\sym) +@@ -1279,13 +1678,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -19787,7 +19900,7 @@ index c1d01e6..5625dce 100644 .endm zeroentry divide_error do_divide_error -@@ -1315,9 +1695,10 @@ gs_change: +@@ -1315,9 +1724,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -19799,7 +19912,7 @@ index c1d01e6..5625dce 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1345,9 +1726,10 @@ ENTRY(call_softirq) +@@ -1345,9 +1755,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -19811,7 +19924,7 @@ index c1d01e6..5625dce 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1385,7 +1796,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -19820,7 +19933,7 @@ index c1d01e6..5625dce 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback) +@@ -1444,7 +1855,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -19829,7 +19942,7 @@ index c1d01e6..5625dce 100644 apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit) +@@ -1498,16 +1909,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -19862,7 +19975,7 @@ index c1d01e6..5625dce 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1536,7 +1933,7 @@ paranoid_schedule: +@@ -1536,7 +1962,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -19871,7 +19984,7 @@ index c1d01e6..5625dce 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1563,12 +1960,13 @@ ENTRY(error_entry) +@@ -1563,12 +1989,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -19886,7 +19999,7 @@ index c1d01e6..5625dce 100644 ret /* -@@ -1595,7 +1993,7 @@ bstep_iret: +@@ -1595,7 +2022,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -19895,7 +20008,7 @@ index c1d01e6..5625dce 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1615,7 +2013,7 @@ ENTRY(error_exit) +@@ -1615,7 +2042,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -19904,7 +20017,7 @@ index c1d01e6..5625dce 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1673,9 +2071,11 @@ ENTRY(nmi) +@@ -1673,9 +2100,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -19917,7 +20030,7 @@ index c1d01e6..5625dce 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1709,8 +2109,7 @@ nested_nmi: +@@ -1709,8 +2138,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -19927,51 +20040,40 @@ index c1d01e6..5625dce 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1728,6 +2127,7 @@ nested_nmi_out: +@@ -1728,6 +2156,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ -+ pax_force_retaddr_bts ++# pax_force_retaddr_bts INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1844,6 +2244,17 @@ end_repeat_nmi: +@@ -1844,6 +2273,8 @@ end_repeat_nmi: */ movq %cr2, %r12 -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ testb $3, CS(%rsp) -+ jnz 1f -+ pax_enter_kernel -+ jmp 2f -+1: pax_enter_kernel_user -+2: -+#else -+ pax_enter_kernel -+#endif ++ pax_enter_kernel_nmi + /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1859,23 +2270,34 @@ end_repeat_nmi: - testl %ebx,%ebx /* swapgs needed? */ +@@ -1856,26 +2287,31 @@ end_repeat_nmi: + movq %r12, %cr2 + 1: + +- testl %ebx,%ebx /* swapgs needed? */ ++ testl $1,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel_user -+#else -+ pax_exit_kernel -+#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 6*8 -+ /* Clear the NMI executing stack variable */ -+ movq $0, 5*8(%rsp) -+ jmp irq_return nmi_restore: -+ pax_exit_kernel ++ pax_exit_kernel_nmi /* Pop the extra iret frame at once */ RESTORE_ALL 6*8 ++ testb $3, 8(%rsp) ++ jnz 1f + pax_force_retaddr_bts ++1: /* Clear the NMI executing stack variable */ movq $0, 5*8(%rsp) @@ -22479,7 +22581,7 @@ index 76fa1e9..abf09ea 100644 .shutdown = native_machine_shutdown, .emergency_restart = native_machine_emergency_restart, diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S -index 7a6f3b3..bed145d7 100644 +index f2bb9c9..bed145d7 100644 --- a/arch/x86/kernel/relocate_kernel_64.S +++ b/arch/x86/kernel/relocate_kernel_64.S @@ -11,6 +11,7 @@ @@ -22490,15 +22592,7 @@ index 7a6f3b3..bed145d7 100644 /* * Must be relocatable PIC code callable as a C function -@@ -160,13 +161,14 @@ identity_mapped: - xorq %rbp, %rbp - xorq %r8, %r8 - xorq %r9, %r9 -- xorq %r10, %r9 -+ xorq %r10, %r10 - xorq %r11, %r11 - xorq %r12, %r12 - xorq %r13, %r13 +@@ -167,6 +168,7 @@ identity_mapped: xorq %r14, %r14 xorq %r15, %r15 @@ -23547,7 +23641,7 @@ index 3dbdd9c..888b14e 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 22a1530..8fbaaad 100644 +index 22a1530..5efafbf 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -23632,7 +23726,7 @@ index 22a1530..8fbaaad 100644 + . = ALIGN(PAGE_SIZE); + .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) { + -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES) ++#ifdef CONFIG_PAX_KERNEXEC + MODULES_EXEC_VADDR = .; + BYTE(0) + . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024); @@ -28089,7 +28183,7 @@ index ae1aa71..d9bea75 100644 #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/ diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 59b7fc4..b1dd75f 100644 +index 0c13708..689fe7f 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -4,6 +4,7 @@ @@ -30397,6 +30491,31 @@ index c77b24a..c979855 100644 return !(ret & 0xff00); } EXPORT_SYMBOL(pcibios_set_irq_routing); +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index 90f3a52..714e825 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) + * that by attempting to use more space than is available. + */ + unsigned long dummy_size = remaining_size + 1024; +- void *dummy = kmalloc(dummy_size, GFP_ATOMIC); ++ void *dummy = kzalloc(dummy_size, GFP_ATOMIC); ++ ++ if (!dummy) ++ return EFI_OUT_OF_RESOURCES; + + status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, + EFI_VARIABLE_NON_VOLATILE | +@@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) + 0, dummy); + } + ++ kfree(dummy); ++ + /* + * The runtime code may now have triggered a garbage collection + * run, so check the variable info again diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c index 40e4469..1ab536e 100644 --- a/arch/x86/platform/efi/efi_32.c @@ -31645,6 +31764,47 @@ index 7c668c8..db3521c 100644 if (err) { err = -EFAULT; goto out; +diff --git a/block/genhd.c b/block/genhd.c +index 3c001fb..d15a9e8 100644 +--- a/block/genhd.c ++++ b/block/genhd.c +@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf) + + /* + * Register device numbers dev..(dev+range-1) +- * range must be nonzero ++ * Noop if @range is zero. + * The hash chain is sorted on range, so that subranges can override. + */ + void blk_register_region(dev_t devt, unsigned long range, struct module *module, + struct kobject *(*probe)(dev_t, int *, void *), + int (*lock)(dev_t, void *), void *data) + { +- kobj_map(bdev_map, devt, range, module, probe, lock, data); ++ if (range) ++ kobj_map(bdev_map, devt, range, module, probe, lock, data); + } + + EXPORT_SYMBOL(blk_register_region); + ++/* undo blk_register_region(), noop if @range is zero */ + void blk_unregister_region(dev_t devt, unsigned long range) + { +- kobj_unmap(bdev_map, devt, range); ++ if (range) ++ kobj_unmap(bdev_map, devt, range); + } + + EXPORT_SYMBOL(blk_unregister_region); +@@ -512,7 +515,7 @@ static void register_disk(struct gendisk *disk) + + ddev->parent = disk->driverfs_dev; + +- dev_set_name(ddev, disk->disk_name); ++ dev_set_name(ddev, "%s", disk->disk_name); + + /* delay uevents, until we scanned partition table */ + dev_set_uevent_suppress(ddev, 1); diff --git a/block/partitions/efi.c b/block/partitions/efi.c index ff5804e..a88acad 100644 --- a/block/partitions/efi.c @@ -31725,6 +31885,19 @@ index 9a87daa..fb17486 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/algapi.c b/crypto/algapi.c +index 6149a6e..55ed50d 100644 +--- a/crypto/algapi.c ++++ b/crypto/algapi.c +@@ -495,7 +495,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name) + + struct crypto_template *crypto_lookup_template(const char *name) + { +- return try_then_request_module(__crypto_lookup_template(name), name); ++ return try_then_request_module(__crypto_lookup_template(name), "%s", name); + } + EXPORT_SYMBOL_GPL(crypto_lookup_template); + diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -31747,6 +31920,30 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c +index b2c99dc..476c9fb 100644 +--- a/crypto/pcrypt.c ++++ b/crypto/pcrypt.c +@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name) + int ret; + + pinst->kobj.kset = pcrypt_kset; +- ret = kobject_add(&pinst->kobj, NULL, name); ++ ret = kobject_add(&pinst->kobj, NULL, "%s", name); + if (!ret) + kobject_uevent(&pinst->kobj, KOBJ_ADD); + +@@ -455,8 +455,8 @@ static int pcrypt_init_padata(struct padata_pcrypt *pcrypt, + + get_online_cpus(); + +- pcrypt->wq = alloc_workqueue(name, +- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1); ++ pcrypt->wq = alloc_workqueue("%s", ++ WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1, name); + if (!pcrypt->wq) + goto err; + diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h index f220d64..d359ad6 100644 --- a/drivers/acpi/apei/apei-internal.h @@ -32969,6 +33166,19 @@ index 969c3c2..9b72956 100644 wake_up(&zatm_vcc->tx_wait); } +diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c +index d78b204..ecc1929 100644 +--- a/drivers/base/attribute_container.c ++++ b/drivers/base/attribute_container.c +@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev, + ic->classdev.parent = get_device(dev); + ic->classdev.class = cont->class; + cont->class->dev_release = attribute_container_release; +- dev_set_name(&ic->classdev, dev_name(dev)); ++ dev_set_name(&ic->classdev, "%s", dev_name(dev)); + if (fn) + fn(cont, dev, &ic->classdev); + else diff --git a/drivers/base/bus.c b/drivers/base/bus.c index 519865b..e540db3 100644 --- a/drivers/base/bus.c @@ -33054,6 +33264,19 @@ index 9a6b05a..2fc8fb9 100644 int ret = 0; if (IS_ERR_OR_NULL(genpd)) +diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c +index a53ebd2..8f73eeb 100644 +--- a/drivers/base/power/sysfs.c ++++ b/drivers/base/power/sysfs.c +@@ -185,7 +185,7 @@ static ssize_t rtpm_status_show(struct device *dev, + return -EIO; + } + } +- return sprintf(buf, p); ++ return sprintf(buf, "%s", p); + } + + static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL); diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c index 79715e7..df06b3b 100644 --- a/drivers/base/power/wakeup.c @@ -33116,10 +33339,10 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index 1c1b8e5..b7fc681 100644 +index dadea48..a1f3835 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1184,6 +1184,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -33572,6 +33795,19 @@ index dfe7583..83768bb 100644 set_fs(old_fs); if (likely(bw == len)) return 0; +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c +index 7fecc78..84d217c 100644 +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -714,7 +714,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd, + else + blk_queue_flush(nbd->disk->queue, 0); + +- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name); ++ thread = kthread_create(nbd_thread, nbd, "%s", nbd->disk->disk_name); + if (IS_ERR(thread)) { + mutex_lock(&nbd->tx_lock); + return PTR_ERR(thread); diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c index 2e7de7a..ed86dc0 100644 --- a/drivers/block/pktcdvd.c @@ -33586,7 +33822,7 @@ index 2e7de7a..ed86dc0 100644 static DEFINE_MUTEX(pktcdvd_mutex); static struct pktcdvd_device *pkt_devs[MAX_WRITERS]; diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c -index d620b44..e9abc80 100644 +index d620b44..d7538c2 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi) @@ -33637,6 +33873,15 @@ index d620b44..e9abc80 100644 if (cgc->buffer == NULL) return -ENOMEM; +@@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info, + struct cdrom_device_info *cdi; + int ret; + +- ret = scnprintf(info + *pos, max_size - *pos, header); ++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header); + if (!ret) + return 1; + diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c index d59cdcb..11afddf 100644 --- a/drivers/cdrom/gdrom.c @@ -33731,6 +33976,19 @@ index d784650..e8bfd69 100644 struct hpet_info *info) { struct hpet_timer __iomem *timer; +diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c +index 86fe45c..c0ea948 100644 +--- a/drivers/char/hw_random/intel-rng.c ++++ b/drivers/char/hw_random/intel-rng.c +@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n"; + + if (no_fwh_detect) + return -ENODEV; +- printk(warning); ++ printk("%s", warning); + return -EBUSY; + } + diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c index 053201b0..8335cce 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c @@ -33800,7 +34058,7 @@ index 0ac9b45..6179fb5 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 2c644af..d4d7f17 100644 +index 2c644af..4b7aede 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -33944,6 +34202,15 @@ index 2c644af..d4d7f17 100644 }; static int memory_open(struct inode *inode, struct file *filp) +@@ -904,7 +954,7 @@ static int __init chr_dev_init(void) + continue; + + device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), +- NULL, devlist[minor].name); ++ NULL, "%s", devlist[minor].name); + } + + return tty_init(); diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c index c689697..04e6d6a2 100644 --- a/drivers/char/mwave/tp3780i.c @@ -34477,9 +34744,18 @@ index 428754a..8bdf9cc 100644 .name = "cpuidle", }; diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c -index 3b36797..289c16a 100644 +index 3b36797..db0b0c0 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c +@@ -477,7 +477,7 @@ struct devfreq *devfreq_add_device(struct device *dev, + GFP_KERNEL); + devfreq->last_stat_updated = jiffies; + +- dev_set_name(&devfreq->dev, dev_name(dev)); ++ dev_set_name(&devfreq->dev, "%s", dev_name(dev)); + err = device_register(&devfreq->dev); + if (err) { + put_device(&devfreq->dev); @@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor) goto err_out; } @@ -34863,6 +35139,28 @@ index 25f91cd..a376f55 100644 ++file_priv->ioctl_count; DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", +diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c +index 48c52f7..0cfb60f 100644 +--- a/drivers/gpu/drm/drm_encoder_slave.c ++++ b/drivers/gpu/drm/drm_encoder_slave.c +@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev, + struct i2c_adapter *adap, + const struct i2c_board_info *info) + { +- char modalias[sizeof(I2C_MODULE_PREFIX) +- + I2C_NAME_SIZE]; + struct module *module = NULL; + struct i2c_client *client; + struct drm_i2c_encoder_driver *encoder_drv; + int err = 0; + +- snprintf(modalias, sizeof(modalias), +- "%s%s", I2C_MODULE_PREFIX, info->type); +- request_module(modalias); ++ request_module("%s%s", I2C_MODULE_PREFIX, info->type); + + client = i2c_new_device(adap, info); + if (!client) { diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c index 429e07d..e681a2c 100644 --- a/drivers/gpu/drm/drm_fops.c @@ -35141,6 +35439,19 @@ index 7d30802..42c6cbb 100644 drm_put_dev(dev); } mutex_unlock(&drm_global_mutex); +diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c +index 0229665..f61329c 100644 +--- a/drivers/gpu/drm/drm_sysfs.c ++++ b/drivers/gpu/drm/drm_sysfs.c +@@ -499,7 +499,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event); + int drm_sysfs_device_add(struct drm_minor *minor) + { + int err; +- char *minor_str; ++ const char *minor_str; + + minor->kdev.parent = minor->dev->dev; + diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c index 004ecdf..db1f6e0 100644 --- a/drivers/gpu/drm/i810/i810_dma.c @@ -35943,6 +36254,28 @@ index fad6633..4ff94de 100644 } else { if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) +diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c +index dbc2def..0a9f710 100644 +--- a/drivers/gpu/drm/ttm/ttm_memory.c ++++ b/drivers/gpu/drm/ttm/ttm_memory.c +@@ -264,7 +264,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_kernel = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; +@@ -347,7 +347,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob, + zone->glob = glob; + glob->zone_dma32 = zone; + ret = kobject_init_and_add( +- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name); ++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name); + if (unlikely(ret != 0)) { + kobject_put(&zone->kobj); + return ret; diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c index bd2a3b4..122d9ad 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -37418,9 +37751,18 @@ index b972d43..8943713 100644 /** diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c -index 7c11ff3..5b2d7a7 100644 +index 7c11ff3..a2a0457 100644 --- a/drivers/iommu/irq_remapping.c +++ b/drivers/iommu/irq_remapping.c +@@ -348,7 +348,7 @@ int setup_hpet_msi_remapped(unsigned int irq, unsigned int id) + void panic_if_irq_remap(const char *msg) + { + if (irq_remapping_enabled) +- panic(msg); ++ panic("%s", msg); + } + + static void ir_ack_apic_edge(struct irq_data *data) @@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) void irq_remap_modify_chip_defaults(struct irq_chip *chip) @@ -38225,10 +38567,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 6af167f..40c25a1 100644 +index 7116798..c81390c 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1826,7 +1826,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1836,7 +1836,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -38237,7 +38579,7 @@ index 6af167f..40c25a1 100644 } sectors -= s; sect += s; -@@ -2048,7 +2048,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2058,7 +2058,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -38247,10 +38589,10 @@ index 6af167f..40c25a1 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 46c14e5..4db5966 100644 +index e4ea992..d234520 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1942,7 +1942,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -38259,7 +38601,7 @@ index 46c14e5..4db5966 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2291,7 +2291,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -38268,7 +38610,7 @@ index 46c14e5..4db5966 100644 ktime_get_ts(&cur_time_mon); -@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2313,9 +2313,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -38280,7 +38622,7 @@ index 46c14e5..4db5966 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2369,8 +2369,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -38291,7 +38633,7 @@ index 46c14e5..4db5966 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2378,7 +2378,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -38300,7 +38642,7 @@ index 46c14e5..4db5966 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2533,7 +2533,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -38310,7 +38652,7 @@ index 46c14e5..4db5966 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index f4e87bf..0d4ad3f 100644 +index 251ab64..ed23a18 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error) @@ -40387,19 +40729,6 @@ index 784e81c..349e01e 100644 struct ath_nf_limits { s16 max; -diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c -index 64b637a..911c4c0 100644 ---- a/drivers/net/wireless/b43/main.c -+++ b/drivers/net/wireless/b43/main.c -@@ -2451,7 +2451,7 @@ static void b43_request_firmware(struct work_struct *work) - for (i = 0; i < B43_NR_FWTYPES; i++) { - errmsg = ctx->errors[i]; - if (strlen(errmsg)) -- b43err(dev->wl, errmsg); -+ b43err(dev->wl, "%s", errmsg); - } - b43_print_fw_helptext(dev->wl, 1); - goto out; diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c index c353b5f..62aaca2 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c @@ -47528,6 +47857,19 @@ index ff22871..b129bed 100644 info->var.accel_flags = (!noaccel); +diff --git a/drivers/video/output.c b/drivers/video/output.c +index 0d6f2cd..6285b97 100644 +--- a/drivers/video/output.c ++++ b/drivers/video/output.c +@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name, + new_dev->props = op; + new_dev->dev.class = &video_output_class; + new_dev->dev.parent = dev; +- dev_set_name(&new_dev->dev, name); ++ dev_set_name(&new_dev->dev, "%s", name); + dev_set_drvdata(&new_dev->dev, devdata); + ret_code = device_register(&new_dev->dev); + if (ret_code) { diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c index 76d9053..dec2bfd 100644 --- a/drivers/video/s1d13xxxfb.c @@ -51224,6 +51566,19 @@ index f3190ab..84ffb21 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; +diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c +index b3b1f7d..cff51d5 100644 +--- a/fs/ext4/mmp.c ++++ b/fs/ext4/mmp.c +@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh, + void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp, + const char *function, unsigned int line, const char *msg) + { +- __ext4_warning(sb, function, line, msg); ++ __ext4_warning(sb, function, line, "%s", msg); + __ext4_warning(sb, function, line, + "MMP failure info: last update time: %llu, last update " + "node: %s, last update device: %s\n", diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index 3beae6a..8cc5637 100644 --- a/fs/ext4/resize.c @@ -51264,9 +51619,18 @@ index 3beae6a..8cc5637 100644 else if (input->reserved_blocks > input->blocks_count / 5) ext4_warning(sb, "Reserved blocks too high (%u)", diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index febbe0e..782c4fd 100644 +index febbe0e..d0cdc02 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c +@@ -1238,7 +1238,7 @@ static ext4_fsblk_t get_sb_block(void **data) + } + + #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3)) +-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" ++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n" + "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n"; + + #ifdef CONFIG_QUOTA @@ -2380,7 +2380,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); @@ -53103,6 +53467,19 @@ index 9760ecb..9b838ef 100644 memcpy(c->data, &cookie, 4); c->len=4; +diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c +index a2aa97d..10d6c41 100644 +--- a/fs/lockd/svc.c ++++ b/fs/lockd/svc.c +@@ -305,7 +305,7 @@ static int lockd_start_svc(struct svc_serv *serv) + svc_sock_update_bufs(serv); + serv->sv_maxconn = nlm_max_connections; + +- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name); ++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name); + if (IS_ERR(nlmsvc_task)) { + error = PTR_ERR(nlmsvc_task); + printk(KERN_WARNING diff --git a/fs/locks.c b/fs/locks.c index cb424a4..850e4dd 100644 --- a/fs/locks.c @@ -53803,6 +54180,30 @@ index e945b81..fc018e2 100644 return -EINVAL; get_mnt_ns(mnt_ns); +diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c +index 5088b57..eabd719 100644 +--- a/fs/nfs/callback.c ++++ b/fs/nfs/callback.c +@@ -208,7 +208,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, + struct svc_rqst *rqstp; + int (*callback_svc)(void *vrqstp); + struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion]; +- char svc_name[12]; + int ret; + + nfs_callback_bc_serv(minorversion, xprt, serv); +@@ -232,10 +231,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt, + + svc_sock_update_bufs(serv); + +- sprintf(svc_name, "nfsv4.%u-svc", minorversion); + cb_info->serv = serv; + cb_info->rqst = rqstp; +- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name); ++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion); + if (IS_ERR(cb_info->task)) { + ret = PTR_ERR(cb_info->task); + svc_exit_thread(cb_info->rqst); diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c index 59461c9..b17c57e 100644 --- a/fs/nfs/callback_xdr.c @@ -53840,6 +54241,19 @@ index 1f94167..79c4ce4 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c +index d41a351..7899577 100644 +--- a/fs/nfs/nfs4state.c ++++ b/fs/nfs/nfs4state.c +@@ -1182,7 +1182,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp) + snprintf(buf, sizeof(buf), "%s-manager", + rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR)); + rcu_read_unlock(); +- task = kthread_run(nfs4_run_state_manager, clp, buf); ++ task = kthread_run(nfs4_run_state_manager, clp, "%s", buf); + if (IS_ERR(task)) { + printk(KERN_ERR "%s: kthread_run: %ld\n", + __func__, PTR_ERR(task)); diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index d401d01..10b3e62 100644 --- a/fs/nfsd/nfs4proc.c @@ -53885,10 +54299,10 @@ index 6eb0dc5..29067a9 100644 }; diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index ca05f6d..411a576 100644 +index ca05f6d..b88c3a7 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -461,13 +461,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) { struct svc_cacherep *rp = rqstp->rq_cacherep; struct kvec *resv = &rqstp->rq_res.head[0], *cachv; @@ -53901,7 +54315,8 @@ index ca05f6d..411a576 100644 - len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); - len >>= 2; + if (statp) { -+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); ++ len = (char*)statp - (char*)resv->iov_base; ++ len = resv->iov_len - len; + len >>= 2; + } @@ -67692,7 +68107,7 @@ index 34025df..d94bbbc 100644 /* * Users often need to create attribute structures for their configurable diff --git a/include/linux/cpu.h b/include/linux/cpu.h -index ce7a074..01ab8ac 100644 +index 714e792..e6130d9 100644 --- a/include/linux/cpu.h +++ b/include/linux/cpu.h @@ -115,7 +115,7 @@ enum { @@ -72140,7 +72555,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 6071e91..ca6a489 100644 +index 6071e91..4c73b47 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -72148,7 +72563,7 @@ index 6071e91..ca6a489 100644 #define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */ #define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */ + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) +#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */ +#endif + @@ -73657,7 +74072,7 @@ index ba0a7f36..2bcf1d5 100644 { INIT_THREAD_INFO(init_task) }; +#endif diff --git a/init/initramfs.c b/init/initramfs.c -index a67ef9d..3d88592 100644 +index a67ef9d..2d17ed9 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -84,7 +84,7 @@ static void __init free_hash(void) @@ -73768,6 +74183,15 @@ index a67ef9d..3d88592 100644 state = SkipIt; next_state = Reset; return 0; +@@ -583,7 +583,7 @@ static int __init populate_rootfs(void) + { + char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size); + if (err) +- panic(err); /* Failed to decompress INTERNAL initramfs */ ++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */ + if (initrd_start) { + #ifdef CONFIG_BLK_DEV_RAM + int fd; diff --git a/init/main.c b/init/main.c index 63534a1..85feae2 100644 --- a/init/main.c @@ -74184,7 +74608,7 @@ index b9bd7f0..1762b4a 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index d596e53..dbef3c3 100644 +index 8a667f10..7375e3f 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -116,7 +116,7 @@ u32 audit_sig_sid = 0; @@ -77131,37 +77555,10 @@ index 98088e0..aaf95c0 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index abbdd9e..f294251 100644 +index 0e4eba6a..d58ebf0 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait) - return ret; - } - -+static int check_syslog_permissions(int type, bool from_file); -+ - static int devkmsg_open(struct inode *inode, struct file *file) - { - struct devkmsg_user *user; - int err; - -+ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE); -+ if (err) -+ return err; -+ - /* write-only does not need any file context */ - if ((file->f_flags & O_ACCMODE) == O_WRONLY) - return 0; -@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type) - if (dmesg_restrict) - return 1; - /* Unless restricted, we allow "read all" and "get buffer size" for everybody */ -- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; -+ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; - } - - static int check_syslog_permissions(int type, bool from_file) -@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -395,6 +395,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -77549,7 +77946,7 @@ index e1f3a8c..42c94a2 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 5b8ad82..17274d1 100644 +index 5b8ad82..59e1f64 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c @@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, @@ -77803,6 +78200,15 @@ index 5b8ad82..17274d1 100644 rcu_prepare_for_idle_init(cpu); raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ +@@ -2964,7 +2964,7 @@ static int __init rcu_spawn_gp_kthread(void) + struct task_struct *t; + + for_each_rcu_flavor(rsp) { +- t = kthread_run(rcu_gp_kthread, rsp, rsp->name); ++ t = kthread_run(rcu_gp_kthread, rsp, "%s", rsp->name); + BUG_ON(IS_ERR(t)); + rnp = rcu_get_root(rsp); + raw_spin_lock_irqsave(&rnp->lock, flags); diff --git a/kernel/rcutree.h b/kernel/rcutree.h index c896b50..c357252 100644 --- a/kernel/rcutree.h @@ -78571,7 +78977,7 @@ index 01d5ccb..cdcbee6 100644 return idx; } diff --git a/kernel/sys.c b/kernel/sys.c -index 0da73cf..5c2af3c 100644 +index e5f0aca..8d58b1f 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -78587,7 +78993,7 @@ index 0da73cf..5c2af3c 100644 no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; -@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) +@@ -621,6 +627,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) goto error; } @@ -78597,7 +79003,7 @@ index 0da73cf..5c2af3c 100644 if (rgid != (gid_t) -1 || (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) new->sgid = new->egid; -@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) +@@ -656,6 +665,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) old = current_cred(); retval = -EPERM; @@ -78608,7 +79014,7 @@ index 0da73cf..5c2af3c 100644 if (nsown_capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = kgid; else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) -@@ -650,7 +663,7 @@ error: +@@ -673,7 +686,7 @@ error: /* * change the user struct in a credentials set to match the new UID */ @@ -78617,7 +79023,7 @@ index 0da73cf..5c2af3c 100644 { struct user_struct *new_user; -@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) +@@ -753,6 +766,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) goto error; } @@ -78627,7 +79033,7 @@ index 0da73cf..5c2af3c 100644 if (!uid_eq(new->uid, old->uid)) { retval = set_user(new); if (retval < 0) -@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -803,6 +819,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; @@ -78640,7 +79046,7 @@ index 0da73cf..5c2af3c 100644 if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = kuid; if (!uid_eq(kuid, old->uid)) { -@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) +@@ -872,6 +894,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } @@ -78650,7 +79056,7 @@ index 0da73cf..5c2af3c 100644 if (ruid != (uid_t) -1) { new->uid = kruid; if (!uid_eq(kruid, old->uid)) { -@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) +@@ -954,6 +979,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } @@ -78660,7 +79066,7 @@ index 0da73cf..5c2af3c 100644 if (rgid != (gid_t) -1) new->gid = krgid; if (egid != (gid_t) -1) -@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -1015,12 +1043,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || nsown_capable(CAP_SETUID)) { if (!uid_eq(kuid, old->fsuid)) { @@ -78677,7 +79083,7 @@ index 0da73cf..5c2af3c 100644 abort_creds(new); return old_fsuid; -@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -1053,12 +1085,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || nsown_capable(CAP_SETGID)) { @@ -78694,7 +79100,7 @@ index 0da73cf..5c2af3c 100644 abort_creds(new); return old_fsgid; -@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1366,19 +1402,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -78719,7 +79125,7 @@ index 0da73cf..5c2af3c 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, +@@ -1580,6 +1616,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, */ new_rlim->rlim_cur = 1; } @@ -80094,9 +80500,18 @@ index bd2bea9..6b3c95e 100644 return false; diff --git a/lib/kobject.c b/lib/kobject.c -index a654866..a4fd13d 100644 +index a654866..d8bb115 100644 --- a/lib/kobject.c +++ b/lib/kobject.c +@@ -805,7 +805,7 @@ static struct kset *kset_create(const char *name, + kset = kzalloc(sizeof(*kset), GFP_KERNEL); + if (!kset) + return NULL; +- retval = kobject_set_name(&kset->kobj, name); ++ retval = kobject_set_name(&kset->kobj, "%s", name); + if (retval) { + kfree(kset); + return NULL; @@ -859,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); @@ -80489,6 +80904,28 @@ index 3bea74f..e821c99 100644 select PROC_PAGE_MONITOR config NOMMU_INITIAL_TRIM_EXCESS +diff --git a/mm/backing-dev.c b/mm/backing-dev.c +index 41733c5..d80d7a9 100644 +--- a/mm/backing-dev.c ++++ b/mm/backing-dev.c +@@ -716,7 +716,6 @@ EXPORT_SYMBOL(bdi_destroy); + int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + unsigned int cap) + { +- char tmp[32]; + int err; + + bdi->name = name; +@@ -725,8 +724,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, + if (err) + return err; + +- sprintf(tmp, "%.28s%s", name, "-%d"); +- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); ++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq)); + if (err) { + bdi_destroy(bdi); + return err; diff --git a/mm/filemap.c b/mm/filemap.c index e1979fd..dda5120 100644 --- a/mm/filemap.c @@ -80555,7 +80992,7 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 1a12f5b..a85b8fc 100644 +index ce4cb19..93899ef 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, @@ -81722,10 +82159,10 @@ index 7431001..0f8344e 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 22ed5c1..87c424c 100644 +index c04d9af..0b41805 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1395,8 +1395,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -83456,7 +83893,7 @@ index efe6814..64b4701 100644 .next = NULL, }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 8fcced7..ebcd481 100644 +index 0d4fef2..8870335 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -59,6 +59,7 @@ @@ -84423,7 +84860,7 @@ index eeed4a0..6ee34ec 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 4aec537..a64753d 100644 +index 4aec537..8043df1 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -197,7 +197,7 @@ struct track { @@ -84667,6 +85104,15 @@ index 4aec537..a64753d 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; +@@ -5289,7 +5371,7 @@ static int sysfs_slab_add(struct kmem_cache *s) + } + + s->kobj.kset = slab_kset; +- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name); ++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name); + if (err) { + kobject_put(&s->kobj); + return err; @@ -5323,6 +5405,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); @@ -84816,7 +85262,7 @@ index ab1424d..7c5bd5a 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 0f751f2..ef398a0 100644 +index 0f751f2..2bc3bd1 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -84826,7 +85272,7 @@ index 0f751f2..ef398a0 100644 - pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte); - WARN_ON(!pte_none(ptent) && !pte_present(ptent)); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) { + BUG_ON(!pte_exec(*pte)); + set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC)); @@ -84851,7 +85297,7 @@ index 0f751f2..ef398a0 100644 struct page *page = pages[*nr]; - if (WARN_ON(!pte_none(*pte))) -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + if (pgprot_val(prot) & _PAGE_NX) +#endif + @@ -84891,14 +85337,7 @@ index 0f751f2..ef398a0 100644 if (!pud) return -ENOMEM; do { -@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x) - * and fall back on vmalloc() if that fails. Others - * just put it in the vmalloc space. - */ --#if defined(CONFIG_MODULES) && defined(MODULES_VADDR) -+#ifdef CONFIG_MODULES -+#ifdef MODULES_VADDR - unsigned long addr = (unsigned long)x; +@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x) if (addr >= MODULES_VADDR && addr < MODULES_END) return 1; #endif @@ -84908,12 +85347,10 @@ index 0f751f2..ef398a0 100644 + return 1; +#endif + -+#endif -+ return is_vmalloc_addr(x); } -@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) +@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr) if (!pgd_none(*pgd)) { pud_t *pud = pud_offset(pgd, addr); @@ -84928,7 +85365,7 @@ index 0f751f2..ef398a0 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void); +@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void); * Allocate a region of KVA of the specified size and alignment, within the * vstart and vend. */ @@ -84937,12 +85374,12 @@ index 0f751f2..ef398a0 100644 unsigned long align, unsigned long vstart, unsigned long vend, int node, gfp_t gfp_mask) -@@ -1328,6 +1367,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1328,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); + -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (flags & VM_KERNEXEC) { + if (start != VMALLOC_START || end != VMALLOC_END) + return NULL; @@ -84954,11 +85391,11 @@ index 0f751f2..ef398a0 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1569,6 +1615,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + flags |= VM_KERNEXEC; +#endif @@ -84966,11 +85403,11 @@ index 0f751f2..ef398a0 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1670,6 +1721,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; -+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) ++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC) + if (!(pgprot_val(prot) & _PAGE_NX)) + area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC, + VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); @@ -84980,7 +85417,7 @@ index 0f751f2..ef398a0 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1845,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -84992,7 +85429,7 @@ index 0f751f2..ef398a0 100644 NUMA_NO_NODE, __builtin_return_address(0)); } -@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2139,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -85001,7 +85438,7 @@ index 0f751f2..ef398a0 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -2578,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) @@ -85388,6 +85825,31 @@ index 50e079f..49ce2d2 100644 frag1->seqno = htons(seqno - 1); frag2->seqno = htons(seqno); +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index b88605f..958e3e2 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -1793,16 +1793,16 @@ int hci_register_dev(struct hci_dev *hdev) + list_add(&hdev->list, &hci_dev_list); + write_unlock(&hci_dev_list_lock); + +- hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND | +- WQ_MEM_RECLAIM, 1); ++ hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND | ++ WQ_MEM_RECLAIM, 1, hdev->name); + if (!hdev->workqueue) { + error = -ENOMEM; + goto err; + } + +- hdev->req_workqueue = alloc_workqueue(hdev->name, ++ hdev->req_workqueue = alloc_workqueue("%s", + WQ_HIGHPRI | WQ_UNBOUND | +- WQ_MEM_RECLAIM, 1); ++ WQ_MEM_RECLAIM, 1, hdev->name); + if (!hdev->req_workqueue) { + destroy_workqueue(hdev->workqueue); + error = -ENOMEM; diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c index 6a93614..1415549 100644 --- a/net/bluetooth/hci_sock.c @@ -85402,7 +85864,7 @@ index 6a93614..1415549 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 7c7e932..8d23158 100644 +index c5f9cd6..8d23158 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c @@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, @@ -85418,223 +85880,6 @@ index 7c7e932..8d23158 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) -@@ -3568,10 +3570,14 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) - } - - static inline int l2cap_command_rej(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data; - -+ if (cmd_len < sizeof(*rej)) -+ return -EPROTO; -+ - if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD) - return 0; - -@@ -3720,11 +3726,14 @@ sendresp: - } - - static int l2cap_connect_req(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data) - { - struct hci_dev *hdev = conn->hcon->hdev; - struct hci_conn *hcon = conn->hcon; - -+ if (cmd_len < sizeof(struct l2cap_conn_req)) -+ return -EPROTO; -+ - hci_dev_lock(hdev); - if (test_bit(HCI_MGMT, &hdev->dev_flags) && - !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags)) -@@ -3738,7 +3747,8 @@ static int l2cap_connect_req(struct l2cap_conn *conn, - } - - static int l2cap_connect_create_rsp(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data; - u16 scid, dcid, result, status; -@@ -3746,6 +3756,9 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn, - u8 req[128]; - int err; - -+ if (cmd_len < sizeof(*rsp)) -+ return -EPROTO; -+ - scid = __le16_to_cpu(rsp->scid); - dcid = __le16_to_cpu(rsp->dcid); - result = __le16_to_cpu(rsp->result); -@@ -3843,6 +3856,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, - struct l2cap_chan *chan; - int len, err = 0; - -+ if (cmd_len < sizeof(*req)) -+ return -EPROTO; -+ - dcid = __le16_to_cpu(req->dcid); - flags = __le16_to_cpu(req->flags); - -@@ -3866,7 +3882,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn, - - /* Reject if config buffer is too small. */ - len = cmd_len - sizeof(*req); -- if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) { -+ if (chan->conf_len + len > sizeof(chan->conf_req)) { - l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP, - l2cap_build_conf_rsp(chan, rsp, - L2CAP_CONF_REJECT, flags), rsp); -@@ -3944,14 +3960,18 @@ unlock: - } - - static inline int l2cap_config_rsp(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data; - u16 scid, flags, result; - struct l2cap_chan *chan; -- int len = le16_to_cpu(cmd->len) - sizeof(*rsp); -+ int len = cmd_len - sizeof(*rsp); - int err = 0; - -+ if (cmd_len < sizeof(*rsp)) -+ return -EPROTO; -+ - scid = __le16_to_cpu(rsp->scid); - flags = __le16_to_cpu(rsp->flags); - result = __le16_to_cpu(rsp->result); -@@ -4052,7 +4072,8 @@ done: - } - - static inline int l2cap_disconnect_req(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data; - struct l2cap_disconn_rsp rsp; -@@ -4060,6 +4081,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, - struct l2cap_chan *chan; - struct sock *sk; - -+ if (cmd_len != sizeof(*req)) -+ return -EPROTO; -+ - scid = __le16_to_cpu(req->scid); - dcid = __le16_to_cpu(req->dcid); - -@@ -4099,12 +4123,16 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn, - } - - static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data; - u16 dcid, scid; - struct l2cap_chan *chan; - -+ if (cmd_len != sizeof(*rsp)) -+ return -EPROTO; -+ - scid = __le16_to_cpu(rsp->scid); - dcid = __le16_to_cpu(rsp->dcid); - -@@ -4134,11 +4162,15 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn, - } - - static inline int l2cap_information_req(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_info_req *req = (struct l2cap_info_req *) data; - u16 type; - -+ if (cmd_len != sizeof(*req)) -+ return -EPROTO; -+ - type = __le16_to_cpu(req->type); - - BT_DBG("type 0x%4.4x", type); -@@ -4185,11 +4217,15 @@ static inline int l2cap_information_req(struct l2cap_conn *conn, - } - - static inline int l2cap_information_rsp(struct l2cap_conn *conn, -- struct l2cap_cmd_hdr *cmd, u8 *data) -+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, -+ u8 *data) - { - struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; - u16 type, result; - -+ if (cmd_len != sizeof(*rsp)) -+ return -EPROTO; -+ - type = __le16_to_cpu(rsp->type); - result = __le16_to_cpu(rsp->result); - -@@ -5055,16 +5091,16 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, - - switch (cmd->code) { - case L2CAP_COMMAND_REJ: -- l2cap_command_rej(conn, cmd, data); -+ l2cap_command_rej(conn, cmd, cmd_len, data); - break; - - case L2CAP_CONN_REQ: -- err = l2cap_connect_req(conn, cmd, data); -+ err = l2cap_connect_req(conn, cmd, cmd_len, data); - break; - - case L2CAP_CONN_RSP: - case L2CAP_CREATE_CHAN_RSP: -- err = l2cap_connect_create_rsp(conn, cmd, data); -+ err = l2cap_connect_create_rsp(conn, cmd, cmd_len, data); - break; - - case L2CAP_CONF_REQ: -@@ -5072,15 +5108,15 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, - break; - - case L2CAP_CONF_RSP: -- err = l2cap_config_rsp(conn, cmd, data); -+ err = l2cap_config_rsp(conn, cmd, cmd_len, data); - break; - - case L2CAP_DISCONN_REQ: -- err = l2cap_disconnect_req(conn, cmd, data); -+ err = l2cap_disconnect_req(conn, cmd, cmd_len, data); - break; - - case L2CAP_DISCONN_RSP: -- err = l2cap_disconnect_rsp(conn, cmd, data); -+ err = l2cap_disconnect_rsp(conn, cmd, cmd_len, data); - break; - - case L2CAP_ECHO_REQ: -@@ -5091,11 +5127,11 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn, - break; - - case L2CAP_INFO_REQ: -- err = l2cap_information_req(conn, cmd, data); -+ err = l2cap_information_req(conn, cmd, cmd_len, data); - break; - - case L2CAP_INFO_RSP: -- err = l2cap_information_rsp(conn, cmd, data); -+ err = l2cap_information_rsp(conn, cmd, cmd_len, data); - break; - - case L2CAP_CREATE_CHAN_REQ: diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c index 1bcfb84..dad9f98 100644 --- a/net/bluetooth/l2cap_sock.c @@ -89030,6 +89275,28 @@ index 58ab405..50eb8d3 100644 unsigned int users) { if (users > 0) +diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c +index ba65b20..2a4d937 100644 +--- a/net/netfilter/nf_conntrack_proto_dccp.c ++++ b/net/netfilter/nf_conntrack_proto_dccp.c +@@ -456,7 +456,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, + + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) +- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg); ++ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg); + return false; + } + +@@ -613,7 +613,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, + + out_invalid: + if (LOG_INVALID(net, IPPROTO_DCCP)) +- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg); ++ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg); + return -NF_ACCEPT; + } + diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index fedee39..d62a93d 100644 --- a/net/netfilter/nf_conntrack_standalone.c @@ -90576,9 +90843,18 @@ index 5356b12..c0f4c29 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index 89a588b..ba2cef8 100644 +index 89a588b..678ed90 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c +@@ -740,7 +740,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs) + + __module_get(serv->sv_module); + task = kthread_create_on_node(serv->sv_function, rqstp, +- node, serv->sv_name); ++ node, "%s", serv->sv_name); + if (IS_ERR(task)) { + error = PTR_ERR(task); + module_put(serv->sv_module); @@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) svc_putnl(resv, RPC_SUCCESS); @@ -91681,10 +91957,10 @@ index f5eb43d..1814de8 100644 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..e6254cf 100644 +index e9c6ac7..66bf8e9 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,944 @@ +@@ -4,6 +4,945 @@ menu "Security options" @@ -92309,15 +92585,16 @@ index e9c6ac7..e6254cf 100644 + int "Minimum amount of memory reserved for module code" + default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER) + default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP) -+ depends on PAX_KERNEXEC && X86_32 && MODULES ++ depends on PAX_KERNEXEC && X86_32 + help + Due to implementation details the kernel must reserve a fixed -+ amount of memory for module code at compile time that cannot be -+ changed at runtime. Here you can specify the minimum amount -+ in MB that will be reserved. Due to the same implementation -+ details this size will always be rounded up to the next 2/4 MB -+ boundary (depends on PAE) so the actually available memory for -+ module code will usually be more than this minimum. ++ amount of memory for runtime allocated code (such as modules) ++ at compile time that cannot be changed at runtime. Here you ++ can specify the minimum amount in MB that will be reserved. ++ Due to the same implementation details this size will always ++ be rounded up to the next 2/4 MB boundary (depends on PAE) so ++ the actually available memory for runtime allocated code will ++ usually be more than this minimum. + + The default 4 MB should be enough for most users but if you have + an excessive number of modules (e.g., most distribution configs @@ -92629,7 +92906,7 @@ index e9c6ac7..e6254cf 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1041,7 @@ config INTEL_TXT +@@ -103,7 +1042,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -92638,6 +92915,272 @@ index e9c6ac7..e6254cf 100644 default 65536 help This is the portion of low virtual memory which should be protected +diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig +index 9b9013b..51ebf96 100644 +--- a/security/apparmor/Kconfig ++++ b/security/apparmor/Kconfig +@@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE + boot. + + If you are unsure how to answer this question, answer 1. ++ ++config SECURITY_APPARMOR_COMPAT_24 ++ bool "Enable AppArmor 2.4 compatability" ++ depends on SECURITY_APPARMOR ++ default y ++ help ++ This option enables compatability with AppArmor 2.4. It is ++ recommended if compatability with older versions of AppArmor ++ is desired. +diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c +index 16c15ec..42b7c9f 100644 +--- a/security/apparmor/apparmorfs.c ++++ b/security/apparmor/apparmorfs.c +@@ -182,6 +182,234 @@ const struct file_operations aa_fs_seq_file_ops = { + .release = single_release, + }; + ++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 ++/** ++ * __next_namespace - find the next namespace to list ++ * @root: root namespace to stop search at (NOT NULL) ++ * @ns: current ns position (NOT NULL) ++ * ++ * Find the next namespace from @ns under @root and handle all locking needed ++ * while switching current namespace. ++ * ++ * Returns: next namespace or NULL if at last namespace under @root ++ * NOTE: will not unlock root->lock ++ */ ++static struct aa_namespace *__next_namespace(struct aa_namespace *root, ++ struct aa_namespace *ns) ++{ ++ struct aa_namespace *parent; ++ ++ /* is next namespace a child */ ++ if (!list_empty(&ns->sub_ns)) { ++ struct aa_namespace *next; ++ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list); ++ read_lock(&next->lock); ++ return next; ++ } ++ ++ /* check if the next ns is a sibling, parent, gp, .. */ ++ parent = ns->parent; ++ while (parent) { ++ read_unlock(&ns->lock); ++ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) { ++ read_lock(&ns->lock); ++ return ns; ++ } ++ if (parent == root) ++ return NULL; ++ ns = parent; ++ parent = parent->parent; ++ } ++ ++ return NULL; ++} ++ ++/** ++ * __first_profile - find the first profile in a namespace ++ * @root: namespace that is root of profiles being displayed (NOT NULL) ++ * @ns: namespace to start in (NOT NULL) ++ * ++ * Returns: unrefcounted profile or NULL if no profile ++ */ ++static struct aa_profile *__first_profile(struct aa_namespace *root, ++ struct aa_namespace *ns) ++{ ++ for ( ; ns; ns = __next_namespace(root, ns)) { ++ if (!list_empty(&ns->base.profiles)) ++ return list_first_entry(&ns->base.profiles, ++ struct aa_profile, base.list); ++ } ++ return NULL; ++} ++ ++/** ++ * __next_profile - step to the next profile in a profile tree ++ * @profile: current profile in tree (NOT NULL) ++ * ++ * Perform a depth first taversal on the profile tree in a namespace ++ * ++ * Returns: next profile or NULL if done ++ * Requires: profile->ns.lock to be held ++ */ ++static struct aa_profile *__next_profile(struct aa_profile *p) ++{ ++ struct aa_profile *parent; ++ struct aa_namespace *ns = p->ns; ++ ++ /* is next profile a child */ ++ if (!list_empty(&p->base.profiles)) ++ return list_first_entry(&p->base.profiles, typeof(*p), ++ base.list); ++ ++ /* is next profile a sibling, parent sibling, gp, subling, .. */ ++ parent = p->parent; ++ while (parent) { ++ list_for_each_entry_continue(p, &parent->base.profiles, ++ base.list) ++ return p; ++ p = parent; ++ parent = parent->parent; ++ } ++ ++ /* is next another profile in the namespace */ ++ list_for_each_entry_continue(p, &ns->base.profiles, base.list) ++ return p; ++ ++ return NULL; ++} ++ ++/** ++ * next_profile - step to the next profile in where ever it may be ++ * @root: root namespace (NOT NULL) ++ * @profile: current profile (NOT NULL) ++ * ++ * Returns: next profile or NULL if there isn't one ++ */ ++static struct aa_profile *next_profile(struct aa_namespace *root, ++ struct aa_profile *profile) ++{ ++ struct aa_profile *next = __next_profile(profile); ++ if (next) ++ return next; ++ ++ /* finished all profiles in namespace move to next namespace */ ++ return __first_profile(root, __next_namespace(root, profile->ns)); ++} ++ ++/** ++ * p_start - start a depth first traversal of profile tree ++ * @f: seq_file to fill ++ * @pos: current position ++ * ++ * Returns: first profile under current namespace or NULL if none found ++ * ++ * acquires first ns->lock ++ */ ++static void *p_start(struct seq_file *f, loff_t *pos) ++ __acquires(root->lock) ++{ ++ struct aa_profile *profile = NULL; ++ struct aa_namespace *root = aa_current_profile()->ns; ++ loff_t l = *pos; ++ f->private = aa_get_namespace(root); ++ ++ ++ /* find the first profile */ ++ read_lock(&root->lock); ++ profile = __first_profile(root, root); ++ ++ /* skip to position */ ++ for (; profile && l > 0; l--) ++ profile = next_profile(root, profile); ++ ++ return profile; ++} ++ ++/** ++ * p_next - read the next profile entry ++ * @f: seq_file to fill ++ * @p: profile previously returned ++ * @pos: current position ++ * ++ * Returns: next profile after @p or NULL if none ++ * ++ * may acquire/release locks in namespace tree as necessary ++ */ ++static void *p_next(struct seq_file *f, void *p, loff_t *pos) ++{ ++ struct aa_profile *profile = p; ++ struct aa_namespace *root = f->private; ++ (*pos)++; ++ ++ return next_profile(root, profile); ++} ++ ++/** ++ * p_stop - stop depth first traversal ++ * @f: seq_file we are filling ++ * @p: the last profile writen ++ * ++ * Release all locking done by p_start/p_next on namespace tree ++ */ ++static void p_stop(struct seq_file *f, void *p) ++ __releases(root->lock) ++{ ++ struct aa_profile *profile = p; ++ struct aa_namespace *root = f->private, *ns; ++ ++ if (profile) { ++ for (ns = profile->ns; ns && ns != root; ns = ns->parent) ++ read_unlock(&ns->lock); ++ } ++ read_unlock(&root->lock); ++ aa_put_namespace(root); ++} ++ ++/** ++ * seq_show_profile - show a profile entry ++ * @f: seq_file to file ++ * @p: current position (profile) (NOT NULL) ++ * ++ * Returns: error on failure ++ */ ++static int seq_show_profile(struct seq_file *f, void *p) ++{ ++ struct aa_profile *profile = (struct aa_profile *)p; ++ struct aa_namespace *root = f->private; ++ ++ if (profile->ns != root) ++ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns)); ++ seq_printf(f, "%s (%s)\n", profile->base.hname, ++ COMPLAIN_MODE(profile) ? "complain" : "enforce"); ++ ++ return 0; ++} ++ ++static const struct seq_operations aa_fs_profiles_op = { ++ .start = p_start, ++ .next = p_next, ++ .stop = p_stop, ++ .show = seq_show_profile, ++}; ++ ++static int profiles_open(struct inode *inode, struct file *file) ++{ ++ return seq_open(file, &aa_fs_profiles_op); ++} ++ ++static int profiles_release(struct inode *inode, struct file *file) ++{ ++ return seq_release(inode, file); ++} ++ ++const struct file_operations aa_fs_profiles_fops = { ++ .open = profiles_open, ++ .read = seq_read, ++ .llseek = seq_lseek, ++ .release = profiles_release, ++}; ++#endif /* CONFIG_SECURITY_APPARMOR_COMPAT_24 */ ++ + /** Base file system setup **/ + + static struct aa_fs_entry aa_fs_entry_file[] = { +@@ -210,6 +438,9 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = { + AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load), + AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace), + AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove), ++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24 ++ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops), ++#endif + AA_FS_DIR("features", aa_fs_entry_features), + { } + }; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b21830e..a7d1a17 100644 --- a/security/apparmor/lsm.c @@ -93286,6 +93829,19 @@ index 040c60e..989a19a 100644 dev->status = SNDRV_SEQ_DEVICE_FREE; dev->driver_data = NULL; ops->num_init_devices--; +diff --git a/sound/core/sound.c b/sound/core/sound.c +index 70ccdab..50f2e10 100644 +--- a/sound/core/sound.c ++++ b/sound/core/sound.c +@@ -86,7 +86,7 @@ static void snd_request_other(int minor) + case SNDRV_MINOR_TIMER: str = "snd-timer"; break; + default: return; + } +- request_module(str); ++ request_module("%s", str); + } + + #endif /* modular kernel */ diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c index 4e0dd22..7a1f32c 100644 --- a/sound/drivers/mts64.c @@ -93613,6 +94169,19 @@ index 7decbd9..d17d9d0 100644 struct device_node *np = pdev->dev.of_node; const char *p, *sprop; const uint32_t *iprop; +diff --git a/sound/sound_core.c b/sound/sound_core.c +index bb23009..db346c2 100644 +--- a/sound/sound_core.c ++++ b/sound/sound_core.c +@@ -292,7 +292,7 @@ retry: + } + + device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor), +- NULL, s->name+6); ++ NULL, "%s", s->name+6); + return s->unit_minor; + + fail: diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore new file mode 100644 index 0000000..50f2f2f diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 5774d1f22..3f5031657 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.5 Kernel Configuration +# Linux/x86 3.9.7 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -2308,7 +2308,7 @@ CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y # CONFIG_ATH9K_DEBUGFS is not set -CONFIG_ATH9K_RATE_CONTROL=y +# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index df9536d19..f338d7ad0 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 3.9.5 Kernel Configuration +# Linux/x86 3.9.7 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -2282,7 +2282,7 @@ CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y # CONFIG_ATH9K_DEBUGFS is not set -CONFIG_ATH9K_RATE_CONTROL=y +# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m |