diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2015-02-23 08:21:43 +0000 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2015-02-23 08:21:43 +0000 |
| commit | 48c5c10b176753ab2654bbe22ad017c6b18af450 (patch) | |
| tree | e4fa0893d46e91e817c0ae992139f49c9f2e0070 | |
| parent | 7bc5e97911bdbfc3180312591c76ec63c94b08b8 (diff) | |
| download | aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.bz2 aports-48c5c10b176753ab2654bbe22ad017c6b18af450.tar.xz | |
main/linux-virtgrsec: upgrade to 3.18.7
| -rw-r--r-- | main/linux-virtgrsec/APKBUILD | 16 | ||||
| -rw-r--r-- | main/linux-virtgrsec/grsecurity-3.1-3.18.7-201502222138.patch (renamed from main/linux-virtgrsec/grsecurity-3.0-3.18.6-201502062100.patch) | 537 |
2 files changed, 331 insertions, 222 deletions
diff --git a/main/linux-virtgrsec/APKBUILD b/main/linux-virtgrsec/APKBUILD index e8a890215..b44d672d4 100644 --- a/main/linux-virtgrsec/APKBUILD +++ b/main/linux-virtgrsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=virtgrsec pkgname=linux-${_flavor} -pkgver=3.18.6 +pkgver=3.18.7 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-3.0-3.18.6-201502062100.patch + grsecurity-3.1-3.18.7-201502222138.patch fix-memory-map-for-PIE-applications.patch imx6q-no-unclocked-sleep.patch @@ -146,22 +146,22 @@ dev() { } md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz -30aa769974e64fd17a01724d1577a913 patch-3.18.6.xz -1bb44c0a509107101392b4d5e1c1bd10 grsecurity-3.0-3.18.6-201502062100.patch +9db3178b87ddf7c05e6191bf57645610 patch-3.18.7.xz +7e76bc2553a45e1d97d37c33dcf3411b grsecurity-3.1-3.18.7-201502222138.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 4938a7329976fd579206cb814ee75ef6 kernelconfig.x86 54daab617c2eab14d08afed2c8321620 kernelconfig.x86_64" sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz -84046931be1a0024eb7d2817480efe62e6b5e651257f4ed4114ddcbce92a23bb patch-3.18.6.xz -060c24087ed82d984ba8a956c5719857f9fcf425f99858e110a34135313e9e85 grsecurity-3.0-3.18.6-201502062100.patch +2267eee27227c85c6c7aee1ed6a14e1d7f11d70c3048c96bcb1e848fc5ab31ca patch-3.18.7.xz +2bfe1b3e6b3eeb10eeca68735e796f98e4856a2014feb2447510239dfce4d636 grsecurity-3.1-3.18.7-201502222138.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch baa8e42965fb7e4ab66f99eca6d5959c13919cdc67d31d949da4831b9a4addfa kernelconfig.x86 9bfda1dcffa2401e515d57991f105632bd20d316acc4807388f3a04e4879688e kernelconfig.x86_64" sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz -e8755c0a88192a658a2c55b325caa4242978db546b505db6d0feb4c3dc41d3ccafe814b230513867ed915e58bf63faa31544b196066e6222f133d75c48fc8bc1 patch-3.18.6.xz -c2377f4ec78b168d8bffab089dee1e5e60b9a453766a9bce9900bb42435bb705d8f94573c1f3f5e53d523fd10cd29a523410161ca27583566603371bbb4140ba grsecurity-3.0-3.18.6-201502062100.patch +a63f56818a3d16f7e39b9967ed751fd6f49837668d533e32ae5bbad7f834e0f3641d9829c27acaf7e65b10581dd1e7d15a05127550627edcd7f9ec7fb5780600 patch-3.18.7.xz +06cf7a7a77eb7f3601d96fefad98ae993680612cc945d53c2c70ae523af5fe30585818a6246309c65b47ec90a825a45e20b6e78413c725c7bac072add3f92ddf grsecurity-3.1-3.18.7-201502222138.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch b0f57415a3b29a6e8d414fd2701cabd789d33e1a8ce9278d8e6653acbcf8fe199bf75c3bfb61330f1c1c50d2480d24b74615b65f4bc1300bfcf0a517fa05989f kernelconfig.x86 diff --git a/main/linux-virtgrsec/grsecurity-3.0-3.18.6-201502062100.patch b/main/linux-virtgrsec/grsecurity-3.1-3.18.7-201502222138.patch index 7f1798fea..1db1bc35e 100644 --- a/main/linux-virtgrsec/grsecurity-3.0-3.18.6-201502062100.patch +++ b/main/linux-virtgrsec/grsecurity-3.1-3.18.7-201502222138.patch @@ -370,7 +370,7 @@ index f4c71d4..66811b1 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index d2bff2d..e505117 100644 +index 0efae22..380e711 100644 --- a/Makefile +++ b/Makefile @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -3894,7 +3894,7 @@ index 5e65ca8..879e7b3 100644 #define CACHE_LINE_SIZE 32 diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c -index 6eb97b3..e77848e 100644 +index 4370933..e77848e 100644 --- a/arch/arm/mm/context.c +++ b/arch/arm/mm/context.c @@ -43,7 +43,7 @@ @@ -3906,40 +3906,7 @@ index 6eb97b3..e77848e 100644 static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); static DEFINE_PER_CPU(atomic64_t, active_asids); -@@ -144,21 +144,17 @@ static void flush_context(unsigned int cpu) - /* Update the list of reserved ASIDs and the ASID bitmap. */ - bitmap_clear(asid_map, 0, NUM_USER_ASIDS); - for_each_possible_cpu(i) { -- if (i == cpu) { -- asid = 0; -- } else { -- asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -- /* -- * If this CPU has already been through a -- * rollover, but hasn't run another task in -- * the meantime, we must preserve its reserved -- * ASID, as this is the only trace we have of -- * the process it is still running. -- */ -- if (asid == 0) -- asid = per_cpu(reserved_asids, i); -- __set_bit(asid & ~ASID_MASK, asid_map); -- } -+ asid = atomic64_xchg(&per_cpu(active_asids, i), 0); -+ /* -+ * If this CPU has already been through a -+ * rollover, but hasn't run another task in -+ * the meantime, we must preserve its reserved -+ * ASID, as this is the only trace we have of -+ * the process it is still running. -+ */ -+ if (asid == 0) -+ asid = per_cpu(reserved_asids, i); -+ __set_bit(asid & ~ASID_MASK, asid_map); - per_cpu(reserved_asids, i) = asid; - } - -@@ -182,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -178,7 +178,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) { static u32 cur_idx = 1; u64 asid = atomic64_read(&mm->context.id); @@ -3948,7 +3915,7 @@ index 6eb97b3..e77848e 100644 if (asid != 0 && is_reserved_asid(asid)) { /* -@@ -203,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) +@@ -199,7 +199,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) */ asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx); if (asid == NUM_USER_ASIDS) { @@ -3957,7 +3924,7 @@ index 6eb97b3..e77848e 100644 &asid_generation); flush_context(cpu); asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); -@@ -234,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) +@@ -230,14 +230,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) cpu_set_reserved_ttbr0(); asid = atomic64_read(&mm->context.id); @@ -6878,7 +6845,7 @@ index 2242bdd..b284048 100644 } /* Arrange for an interrupt in a short while */ diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c -index 22b19c2..c5cc8c4 100644 +index d255a2a..916271c 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -688,7 +688,18 @@ asmlinkage void do_ov(struct pt_regs *regs) @@ -21666,7 +21633,7 @@ index 7dc5564..1273569 100644 wmb(); diff --git a/arch/x86/kernel/cpu/microcode/core.c b/arch/x86/kernel/cpu/microcode/core.c -index 15c2909..2cef20c 100644 +index 36a8361..e7058c2 100644 --- a/arch/x86/kernel/cpu/microcode/core.c +++ b/arch/x86/kernel/cpu/microcode/core.c @@ -518,7 +518,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) @@ -28204,7 +28171,7 @@ index e8edcf5..27f9344 100644 goto cannot_handle; if ((segoffs >> 16) == BIOSSEG) diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S -index 49edf2d..c0d1362 100644 +index 49edf2d..df596b1 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S @@ -26,6 +26,13 @@ @@ -28385,7 +28352,6 @@ index 49edf2d..c0d1362 100644 + .init.text (. - __KERNEL_TEXT_OFFSET): AT(init_begin - LOAD_OFFSET) { + VMLINUX_SYMBOL(_sinittext) = .; + INIT_TEXT -+ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(PAGE_SIZE); + } :text.init @@ -28396,6 +28362,7 @@ index 49edf2d..c0d1362 100644 + */ + .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) { + EXIT_TEXT ++ VMLINUX_SYMBOL(_einittext) = .; + . = ALIGN(16); + } :text.exit + . = init_begin + SIZEOF(.init.text) + SIZEOF(.exit.text); @@ -31745,7 +31712,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index a8612aa..5f91cf4 100644 +index 4d8ee82..ffc1011 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -32001,7 +31968,7 @@ index a8612aa..5f91cf4 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -867,7 +979,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -864,7 +976,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -32010,7 +31977,7 @@ index a8612aa..5f91cf4 100644 code = BUS_MCEERR_AR; } #endif -@@ -923,6 +1035,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -916,6 +1028,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -32110,7 +32077,7 @@ index a8612aa..5f91cf4 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -1008,6 +1213,9 @@ int show_unhandled_signals = 1; +@@ -1001,6 +1206,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -32120,7 +32087,7 @@ index a8612aa..5f91cf4 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1042,7 +1250,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -1035,7 +1243,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -32129,7 +32096,7 @@ index a8612aa..5f91cf4 100644 return false; return true; -@@ -1070,6 +1278,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1063,6 +1271,22 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, tsk = current; mm = tsk->mm; @@ -32152,7 +32119,7 @@ index a8612aa..5f91cf4 100644 /* * Detect and handle instructions that would cause a page fault for * both a tracked kernel page and a userspace page. -@@ -1147,7 +1371,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, +@@ -1140,7 +1364,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -32161,7 +32128,7 @@ index a8612aa..5f91cf4 100644 local_irq_enable(); error_code |= PF_USER; flags |= FAULT_FLAG_USER; -@@ -1194,6 +1418,11 @@ retry: +@@ -1187,6 +1411,11 @@ retry: might_sleep(); } @@ -32173,7 +32140,7 @@ index a8612aa..5f91cf4 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1205,18 +1434,24 @@ retry: +@@ -1198,18 +1427,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -32209,7 +32176,7 @@ index a8612aa..5f91cf4 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1333,3 +1568,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1327,3 +1562,292 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) } NOKPROBE_SYMBOL(trace_do_page_fault); #endif /* CONFIG_TRACING */ @@ -33259,7 +33226,7 @@ index 7b179b49..6bd17777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index af78e50..0790b03 100644 +index af78e50..4f1fe56 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -56,8 +56,8 @@ static int __ioremap_check_ram(unsigned long start_pfn, unsigned long nr_pages, @@ -33282,17 +33249,29 @@ index af78e50..0790b03 100644 { struct vm_struct *p, *o; -@@ -334,6 +334,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) - +@@ -329,30 +329,29 @@ EXPORT_SYMBOL(iounmap); + */ + void *xlate_dev_mem_ptr(unsigned long phys) + { +- void *addr; +- unsigned long start = phys & PAGE_MASK; +- /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ - if (page_is_ram(start >> PAGE_SHIFT)) +- if (page_is_ram(start >> PAGE_SHIFT)) ++ if (page_is_ram(phys >> PAGE_SHIFT)) +#ifdef CONFIG_HIGHMEM -+ if ((start >> PAGE_SHIFT) < max_low_pfn) ++ if ((phys >> PAGE_SHIFT) < max_low_pfn) +#endif return __va(phys); - addr = (void __force *)ioremap_cache(start, PAGE_SIZE); -@@ -346,13 +349,16 @@ void *xlate_dev_mem_ptr(unsigned long phys) +- addr = (void __force *)ioremap_cache(start, PAGE_SIZE); +- if (addr) +- addr = (void *)((unsigned long)addr | (phys & ~PAGE_MASK)); +- +- return addr; ++ return (void __force *)ioremap_cache(phys, PAGE_SIZE); + } + void unxlate_dev_mem_ptr(unsigned long phys, void *addr) { if (page_is_ram(phys >> PAGE_SHIFT)) @@ -33310,7 +33289,7 @@ index af78e50..0790b03 100644 static inline pmd_t * __init early_ioremap_pmd(unsigned long addr) { -@@ -388,8 +394,7 @@ void __init early_ioremap_init(void) +@@ -388,8 +387,7 @@ void __init early_ioremap_init(void) early_ioremap_setup(); pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN)); @@ -38706,7 +38685,7 @@ index 5c4e1f6..0ea58f9 100644 new_smi->interrupt_disabled = true; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 524b707..29d07c1 100644 +index 524b707..62a3d70 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -38754,15 +38733,17 @@ index 524b707..29d07c1 100644 #else static inline int range_is_allowed(unsigned long pfn, unsigned long size) { -@@ -122,6 +136,7 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -121,7 +135,8 @@ static ssize_t read_mem(struct file *file, char __user *buf, + #endif while (count > 0) { - unsigned long remaining; +- unsigned long remaining; ++ unsigned long remaining = 0; + char *temp; sz = size_inside_page(p, count); -@@ -137,7 +152,23 @@ static ssize_t read_mem(struct file *file, char __user *buf, +@@ -137,7 +152,24 @@ static ssize_t read_mem(struct file *file, char __user *buf, if (!ptr) return -EFAULT; @@ -38773,12 +38754,13 @@ index 524b707..29d07c1 100644 + unxlate_dev_mem_ptr(p, ptr); + return -ENOMEM; + } -+ memcpy(temp, ptr, sz); ++ remaining = probe_kernel_read(temp, ptr, sz); +#else + temp = ptr; +#endif + -+ remaining = copy_to_user(buf, temp, sz); ++ if (!remaining) ++ remaining = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38787,7 +38769,7 @@ index 524b707..29d07c1 100644 unxlate_dev_mem_ptr(p, ptr); if (remaining) return -EFAULT; -@@ -369,9 +400,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -369,9 +401,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, size_t count, loff_t *ppos) { unsigned long p = *ppos; @@ -38798,7 +38780,7 @@ index 524b707..29d07c1 100644 read = 0; if (p < (unsigned long) high_memory) { -@@ -393,6 +423,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -393,6 +424,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf, } #endif while (low_count > 0) { @@ -38807,7 +38789,7 @@ index 524b707..29d07c1 100644 sz = size_inside_page(p, low_count); /* -@@ -402,7 +434,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf, +@@ -402,7 +435,23 @@ static ssize_t read_kmem(struct file *file, char __user *buf, */ kbuf = xlate_dev_kmem_ptr((char *)p); @@ -38816,12 +38798,13 @@ index 524b707..29d07c1 100644 + temp = kmalloc(sz, GFP_KERNEL|GFP_USERCOPY); + if (!temp) + return -ENOMEM; -+ memcpy(temp, kbuf, sz); ++ err = probe_kernel_read(temp, kbuf, sz); +#else + temp = kbuf; +#endif + -+ err = copy_to_user(buf, temp, sz); ++ if (!err) ++ err = copy_to_user(buf, temp, sz); + +#ifdef CONFIG_PAX_USERCOPY + kfree(temp); @@ -38831,7 +38814,7 @@ index 524b707..29d07c1 100644 return -EFAULT; buf += sz; p += sz; -@@ -797,6 +844,9 @@ static const struct memdev { +@@ -797,6 +846,9 @@ static const struct memdev { #ifdef CONFIG_PRINTK [11] = { "kmsg", 0644, &kmsg_fops, NULL }, #endif @@ -38841,7 +38824,7 @@ index 524b707..29d07c1 100644 }; static int memory_open(struct inode *inode, struct file *filp) -@@ -868,7 +918,7 @@ static int __init chr_dev_init(void) +@@ -868,7 +920,7 @@ static int __init chr_dev_init(void) continue; device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor), @@ -38936,7 +38919,7 @@ index 0ea9986..e7b07e4 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 04645c0..560e350 100644 +index 04645c0..6416f00 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -289,9 +289,6 @@ @@ -38962,6 +38945,30 @@ index 04645c0..560e350 100644 static struct entropy_store input_pool = { .poolinfo = &poolinfo_table[0], +@@ -569,19 +566,19 @@ static void fast_mix(struct fast_pool *f) + __u32 c = f->pool[2], d = f->pool[3]; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 6); d = rol32(c, 27); ++ b = rol32(b, 6); d = rol32(d, 27); + d ^= a; b ^= c; + + a += b; c += d; +- b = rol32(a, 16); d = rol32(c, 14); ++ b = rol32(b, 16); d = rol32(d, 14); + d ^= a; b ^= c; + + f->pool[0] = a; f->pool[1] = b; @@ -635,7 +632,7 @@ retry: /* The +2 corresponds to the /4 in the denominator */ @@ -44925,7 +44932,7 @@ index 32e282f..5cec803 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index c1b0d52..07a0a5d 100644 +index b98765f..09e86d5 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -1730,6 +1730,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) @@ -50765,7 +50772,7 @@ index 302e626..12579af 100644 da->attr.name = info->pin_config[i].name; da->attr.mode = 0644; diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c -index fc6fb54..b8c794b 100644 +index fc6fb54..b8c794ba 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -3569,7 +3569,7 @@ regulator_register(const struct regulator_desc *regulator_desc, @@ -50823,15 +50830,16 @@ index dbedf17..18ff6b7 100644 if (pdata) { diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 793b662..85f74cd 100644 +index 793b662..01c20fc 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c @@ -584,10 +584,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) mc13xxx_unlock(mc13892); /* update mc13892_vcam ops */ +- memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, + pax_open_kernel(); - memcpy(&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, ++ memcpy((void *)&mc13892_vcam_ops, mc13892_regulators[MC13892_VCAM].desc.ops, sizeof(struct regulator_ops)); - mc13892_vcam_ops.set_mode = mc13892_vcam_set_mode, - mc13892_vcam_ops.get_mode = mc13892_vcam_get_mode, @@ -52058,24 +52066,10 @@ index ae45bd9..c32a586 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index cfba74c..4cdf6a1 100644 +index dd8c8d6..4cdf6a1 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2818,9 +2818,11 @@ static int sd_revalidate_disk(struct gendisk *disk) - */ - sd_set_flush_flag(sdkp); - -- max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue), -- sdkp->max_xfer_blocks); -+ max_xfer = sdkp->max_xfer_blocks; - max_xfer <<= ilog2(sdp->sector_size) - 9; -+ -+ max_xfer = min_not_zero(queue_max_hw_sectors(sdkp->disk->queue), -+ max_xfer); - blk_queue_max_hw_sectors(sdkp->disk->queue, max_xfer); - set_capacity(disk, sdkp->capacity); - sd_config_write_same(sdkp); -@@ -3022,7 +3024,7 @@ static int sd_probe(struct device *dev) +@@ -3024,7 +3024,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -60073,37 +60067,10 @@ index 02a33e5..3a28b5a 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 3e4d00a..4132187 100644 +index 9a7b6947..4132187 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c -@@ -366,6 +366,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - struct cifsLockInfo *li, *tmp; - struct cifs_fid fid; - struct cifs_pending_open open; -+ bool oplock_break_cancelled; - - spin_lock(&cifs_file_list_lock); - if (--cifs_file->count > 0) { -@@ -397,7 +398,7 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - } - spin_unlock(&cifs_file_list_lock); - -- cancel_work_sync(&cifs_file->oplock_break); -+ oplock_break_cancelled = cancel_work_sync(&cifs_file->oplock_break); - - if (!tcon->need_reconnect && !cifs_file->invalidHandle) { - struct TCP_Server_Info *server = tcon->ses->server; -@@ -409,6 +410,9 @@ void cifsFileInfo_put(struct cifsFileInfo *cifs_file) - _free_xid(xid); - } - -+ if (oplock_break_cancelled) -+ cifs_done_oplock_break(cifsi); -+ - cifs_del_pending_open(&open); - - /* -@@ -2056,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping, +@@ -2060,10 +2060,14 @@ static int cifs_writepages(struct address_space *mapping, index = mapping->writeback_index; /* Start from prev offset */ end = -1; } else { @@ -62280,7 +62247,7 @@ index 5797d45..7d7d79a 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 7dca743..f5e007d 100644 +index 7dca743..2f2786d 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -62305,7 +62272,7 @@ index 7dca743..f5e007d 100644 spin_unlock(&fs->lock); - if (old_root.dentry) + if (old_root.dentry) { -+ gr_inc_chroot_refcnts(old_root.dentry, old_root.mnt); ++ gr_dec_chroot_refcnts(old_root.dentry, old_root.mnt); path_put(&old_root); + } } @@ -64168,7 +64135,7 @@ index f82c628..9492b99 100644 #define MNT_NS_INTERNAL ERR_PTR(-EINVAL) /* distinct from any mnt_namespace */ diff --git a/fs/namei.c b/fs/namei.c -index db5fe86..ac769e4 100644 +index db5fe86..8bce5f0 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -331,17 +331,32 @@ int generic_permission(struct inode *inode, int mask) @@ -64549,7 +64516,7 @@ index db5fe86..ac769e4 100644 struct filename *name; struct dentry *dentry; struct nameidata nd; -+ ino_t saved_ino = 0; ++ u64 saved_ino = 0; + dev_t saved_dev = 0; unsigned int lookup_flags = 0; retry: @@ -64559,7 +64526,7 @@ index db5fe86..ac769e4 100644 goto exit3; } + -+ saved_ino = dentry->d_inode->i_ino; ++ saved_ino = gr_get_ino_from_dentry(dentry); + saved_dev = gr_get_dev_from_dentry(dentry); + + if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) { @@ -64580,7 +64547,7 @@ index db5fe86..ac769e4 100644 struct nameidata nd; struct inode *inode = NULL; struct inode *delegated_inode = NULL; -+ ino_t saved_ino = 0; ++ u64 saved_ino = 0; + dev_t saved_dev = 0; unsigned int lookup_flags = 0; retry: @@ -64591,7 +64558,7 @@ index db5fe86..ac769e4 100644 ihold(inode); + + if (inode->i_nlink <= 1) { -+ saved_ino = inode->i_ino; ++ saved_ino = gr_get_ino_from_dentry(dentry); + saved_dev = gr_get_dev_from_dentry(dentry); + } + if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) { @@ -69545,10 +69512,10 @@ index 0000000..30ababb +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..9c2d930 +index 0000000..6c1e154 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,2721 @@ +@@ -0,0 +1,2749 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -69656,11 +69623,26 @@ index 0000000..9c2d930 + return dentry->d_sb->s_dev; +} + ++static inline u64 __get_ino(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return btrfs_ino(dentry->d_inode); ++ else ++#endif ++ return dentry->d_inode->i_ino; ++} ++ +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ + return __get_dev(dentry); +} + ++u64 gr_get_ino_from_dentry(struct dentry *dentry) ++{ ++ return __get_ino(dentry); ++} ++ +static char gr_task_roletype_to_char(struct task_struct *task) +{ + switch (task->role->roletype & @@ -69999,7 +69981,7 @@ index 0000000..9c2d930 +} + +struct acl_subject_label * -+lookup_acl_subj_label(const ino_t ino, const dev_t dev, ++lookup_acl_subj_label(const u64 ino, const dev_t dev, + const struct acl_role_label *role) +{ + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); @@ -70019,7 +70001,7 @@ index 0000000..9c2d930 +} + +struct acl_subject_label * -+lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, ++lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, + const struct acl_role_label *role) +{ + unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); @@ -70039,7 +70021,7 @@ index 0000000..9c2d930 +} + +static struct acl_object_label * -+lookup_acl_obj_label(const ino_t ino, const dev_t dev, ++lookup_acl_obj_label(const u64 ino, const dev_t dev, + const struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); @@ -70059,7 +70041,7 @@ index 0000000..9c2d930 +} + +static struct acl_object_label * -+lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, ++lookup_acl_obj_label_create(const u64 ino, const dev_t dev, + const struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); @@ -70140,7 +70122,7 @@ index 0000000..9c2d930 +} + +static struct inodev_entry * -+lookup_inodev_entry(const ino_t ino, const dev_t dev) ++lookup_inodev_entry(const u64 ino, const dev_t dev) +{ + unsigned int index = gr_fhash(ino, dev, running_polstate.inodev_set.i_size); + struct inodev_entry *match; @@ -70365,7 +70347,7 @@ index 0000000..9c2d930 + +static struct acl_object_label * +__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt, -+ const ino_t curr_ino, const dev_t curr_dev, ++ const u64 curr_ino, const dev_t curr_dev, + const struct acl_subject_label *subj, char **path, const int checkglob) +{ + struct acl_subject_label *tmpsubj; @@ -70396,7 +70378,7 @@ index 0000000..9c2d930 + const struct acl_subject_label *subj, char **path, const int checkglob) +{ + int newglob = checkglob; -+ ino_t inode; ++ u64 inode; + dev_t device; + + /* if we aren't checking a subdirectory of the original path yet, don't do glob checking @@ -70408,7 +70390,7 @@ index 0000000..9c2d930 + newglob = GR_NO_GLOB; + + spin_lock(&curr_dentry->d_lock); -+ inode = curr_dentry->d_inode->i_ino; ++ inode = __get_ino(curr_dentry); + device = __get_dev(curr_dentry); + spin_unlock(&curr_dentry->d_lock); + @@ -70541,7 +70523,7 @@ index 0000000..9c2d930 + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); + retval = -+ lookup_acl_subj_label(dentry->d_inode->i_ino, ++ lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + spin_unlock(&dentry->d_lock); @@ -70556,7 +70538,7 @@ index 0000000..9c2d930 + + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + parent = dentry->d_parent; @@ -70570,7 +70552,7 @@ index 0000000..9c2d930 + + spin_lock(&dentry->d_lock); + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(dentry), + __get_dev(dentry), role); + read_unlock(&gr_inode_lock); + spin_unlock(&dentry->d_lock); @@ -70578,7 +70560,7 @@ index 0000000..9c2d930 + if (unlikely(retval == NULL)) { + /* gr_real_root is pinned, we don't need to hold a reference */ + read_lock(&gr_inode_lock); -+ retval = lookup_acl_subj_label(gr_real_root.dentry->d_inode->i_ino, ++ retval = lookup_acl_subj_label(__get_ino(gr_real_root.dentry), + __get_dev(gr_real_root.dentry), role); + read_unlock(&gr_inode_lock); + } @@ -70705,14 +70687,27 @@ index 0000000..9c2d930 + return; + + for (i = 0; i < RLIM_NLIMITS; i++) { ++ unsigned long rlim_cur, rlim_max; ++ + if (!(proc->resmask & (1U << i))) + continue; + -+ task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur; -+ task->signal->rlim[i].rlim_max = proc->res[i].rlim_max; ++ rlim_cur = proc->res[i].rlim_cur; ++ rlim_max = proc->res[i].rlim_max; ++ ++ if (i == RLIMIT_NOFILE) { ++ unsigned long saved_sysctl_nr_open = sysctl_nr_open; ++ if (rlim_cur > saved_sysctl_nr_open) ++ rlim_cur = saved_sysctl_nr_open; ++ if (rlim_max > saved_sysctl_nr_open) ++ rlim_max = saved_sysctl_nr_open; ++ } ++ ++ task->signal->rlim[i].rlim_cur = rlim_cur; ++ task->signal->rlim[i].rlim_max = rlim_max; + + if (i == RLIMIT_CPU) -+ update_rlimit_cpu(task, proc->res[i].rlim_cur); ++ update_rlimit_cpu(task, rlim_cur); + } + + return; @@ -71415,7 +71410,7 @@ index 0000000..9c2d930 + +/* always called with valid inodev ptr */ +static void -+do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev) ++do_handle_delete(struct inodev_entry *inodev, const u64 ino, const dev_t dev) +{ + struct acl_object_label *matchpo; + struct acl_subject_label *matchps; @@ -71443,7 +71438,7 @@ index 0000000..9c2d930 +} + +void -+gr_handle_delete(const ino_t ino, const dev_t dev) ++gr_handle_delete(const u64 ino, const dev_t dev) +{ + struct inodev_entry *inodev; + @@ -71460,8 +71455,8 @@ index 0000000..9c2d930 +} + +static void -+update_acl_obj_label(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice, ++update_acl_obj_label(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice, + struct acl_subject_label *subj) +{ + unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size); @@ -71499,8 +71494,8 @@ index 0000000..9c2d930 +} + +static void -+update_acl_subj_label(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice, ++update_acl_subj_label(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice, + struct acl_role_label *role) +{ + unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size); @@ -71538,8 +71533,8 @@ index 0000000..9c2d930 +} + +static void -+update_inodev_entry(const ino_t oldinode, const dev_t olddevice, -+ const ino_t newinode, const dev_t newdevice) ++update_inodev_entry(const u64 oldinode, const dev_t olddevice, ++ const u64 newinode, const dev_t newdevice) +{ + unsigned int index = gr_fhash(oldinode, olddevice, running_polstate.inodev_set.i_size); + struct inodev_entry *match; @@ -71575,7 +71570,7 @@ index 0000000..9c2d930 +} + +static void -+__do_handle_create(const struct name_entry *matchn, ino_t ino, dev_t dev) ++__do_handle_create(const struct name_entry *matchn, u64 ino, dev_t dev) +{ + struct acl_subject_label *subj; + struct acl_role_label *role; @@ -71608,7 +71603,7 @@ index 0000000..9c2d930 +do_handle_create(const struct name_entry *matchn, const struct dentry *dentry, + const struct vfsmount *mnt) +{ -+ ino_t ino = dentry->d_inode->i_ino; ++ u64 ino = __get_ino(dentry); + dev_t dev = __get_dev(dentry); + + __do_handle_create(matchn, ino, dev); @@ -71668,7 +71663,7 @@ index 0000000..9c2d930 + struct name_entry *matchn2 = NULL; + struct inodev_entry *inodev; + struct inode *inode = new_dentry->d_inode; -+ ino_t old_ino = old_dentry->d_inode->i_ino; ++ u64 old_ino = __get_ino(old_dentry); + dev_t old_dev = __get_dev(old_dentry); + unsigned int exchange = flags & RENAME_EXCHANGE; + @@ -71710,7 +71705,7 @@ index 0000000..9c2d930 + + write_lock(&gr_inode_lock); + if (unlikely((replace || exchange) && inode)) { -+ ino_t new_ino = inode->i_ino; ++ u64 new_ino = __get_ino(new_dentry); + dev_t new_dev = __get_dev(new_dentry); + + inodev = lookup_inodev_entry(new_ino, new_dev); @@ -72171,7 +72166,7 @@ index 0000000..9c2d930 + return 0; +} + -+int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino) ++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const u64 ino) +{ + struct task_struct *task = current; + struct dentry *dentry = file->f_path.dentry; @@ -72516,10 +72511,10 @@ index 0000000..1a94c11 + diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c new file mode 100644 -index 0000000..ca25605 +index 0000000..a43dd06 --- /dev/null +++ b/grsecurity/gracl_compat.c -@@ -0,0 +1,270 @@ +@@ -0,0 +1,269 @@ +#include <linux/kernel.h> +#include <linux/gracl.h> +#include <linux/compat.h> @@ -72534,8 +72529,7 @@ index 0000000..ca25605 + if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat))) + return -EFAULT; + -+ if (((uwrapcompat.version != GRSECURITY_VERSION) && -+ (uwrapcompat.version != 0x2901)) || ++ if ((uwrapcompat.version != GRSECURITY_VERSION) || + (uwrapcompat.size != sizeof(struct gr_arg_compat))) + return -EINVAL; + @@ -73850,10 +73844,10 @@ index 0000000..25f54ef +}; diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c new file mode 100644 -index 0000000..7949dcd +index 0000000..fd26052 --- /dev/null +++ b/grsecurity/gracl_policy.c -@@ -0,0 +1,1782 @@ +@@ -0,0 +1,1781 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -73933,8 +73927,8 @@ index 0000000..7949dcd +extern void insert_acl_subj_label(struct acl_subject_label *obj, struct acl_role_label *role); +extern struct name_entry * __lookup_name_entry(const struct gr_policy_state *state, const char *name); +extern char *gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt); -+extern struct acl_subject_label *lookup_acl_subj_label(const ino_t ino, const dev_t dev, const struct acl_role_label *role); -+extern struct acl_subject_label *lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, const struct acl_role_label *role); ++extern struct acl_subject_label *lookup_acl_subj_label(const u64 ino, const dev_t dev, const struct acl_role_label *role); ++extern struct acl_subject_label *lookup_acl_subj_label_deleted(const u64 ino, const dev_t dev, const struct acl_role_label *role); +extern void assign_special_role(const char *rolename); +extern struct acl_subject_label *chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, const struct acl_role_label *role); +extern int gr_rbac_disable(void *unused); @@ -74017,8 +74011,7 @@ index 0000000..7949dcd + if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper))) + return -EFAULT; + -+ if (((uwrap->version != GRSECURITY_VERSION) && -+ (uwrap->version != 0x2901)) || ++ if ((uwrap->version != GRSECURITY_VERSION) || + (uwrap->size != sizeof(struct gr_arg))) + return -EINVAL; + @@ -74203,7 +74196,7 @@ index 0000000..7949dcd +} + +static int -+insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted) ++insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted) +{ + struct name_entry **curr, *nentry; + struct inodev_entry *ientry; @@ -75712,10 +75705,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..2040e61 +index 0000000..218b66b --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,313 @@ +@@ -0,0 +1,324 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -75746,7 +75739,7 @@ index 0000000..2040e61 +static DEFINE_SPINLOCK(gr_uid_lock); +extern rwlock_t gr_inode_lock; +extern struct acl_subject_label * -+ lookup_acl_subj_label(const ino_t inode, const dev_t dev, ++ lookup_acl_subj_label(const u64 inode, const dev_t dev, + struct acl_role_label *role); + +static inline dev_t __get_dev(const struct dentry *dentry) @@ -75759,6 +75752,16 @@ index 0000000..2040e61 + return dentry->d_sb->s_dev; +} + ++static inline u64 __get_ino(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return btrfs_ino(dentry->d_inode); ++ else ++#endif ++ return dentry->d_inode->i_ino; ++} ++ +int +gr_init_uidset(void) +{ @@ -75979,13 +75982,14 @@ index 0000000..2040e61 +gr_check_crash_exec(const struct file *filp) +{ + struct acl_subject_label *curr; ++ struct dentry *dentry; + + if (unlikely(!gr_acl_is_enabled())) + return 0; + + read_lock(&gr_inode_lock); -+ curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino, -+ __get_dev(filp->f_path.dentry), ++ dentry = filp->f_path.dentry; ++ curr = lookup_acl_subj_label(__get_ino(dentry), __get_dev(dentry), + current->role); + read_unlock(&gr_inode_lock); + @@ -76575,10 +76579,10 @@ index 0000000..114ea4f +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..0f9ac91 +index 0000000..946f750 --- /dev/null +++ b/grsecurity/grsec_disabled.c -@@ -0,0 +1,440 @@ +@@ -0,0 +1,445 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -76700,7 +76704,7 @@ index 0000000..0f9ac91 +} + +void -+gr_handle_delete(const ino_t ino, const dev_t dev) ++gr_handle_delete(const u64 ino, const dev_t dev) +{ + return; +} @@ -76901,7 +76905,7 @@ index 0000000..0f9ac91 + +int +gr_acl_handle_filldir(const struct file *file, const char *name, -+ const int namelen, const ino_t ino) ++ const int namelen, const u64 ino) +{ + return 1; +} @@ -77010,6 +77014,11 @@ index 0000000..0f9ac91 + return dentry->d_sb->s_dev; +} + ++u64 gr_get_ino_from_dentry(struct dentry *dentry) ++{ ++ return dentry->d_inode->i_ino; ++} ++ +void gr_put_exec_file(struct task_struct *task) +{ + return; @@ -80575,6 +80584,39 @@ index d1a5582..4424efa 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer +diff --git a/include/linux/compiler-gcc5.h b/include/linux/compiler-gcc5.h +index c8c5659..d09f2ad 100644 +--- a/include/linux/compiler-gcc5.h ++++ b/include/linux/compiler-gcc5.h +@@ -28,6 +28,28 @@ + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ + ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) ++ ++#ifdef CONSTIFY_PLUGIN ++#error not yet ++#define __no_const __attribute__((no_const)) ++#define __do_const __attribute__((do_const)) ++#endif ++ ++#ifdef SIZE_OVERFLOW_PLUGIN ++#error not yet ++#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) ++#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) ++#endif ++ ++#ifdef LATENT_ENTROPY_PLUGIN ++#error not yet ++#define __latent_entropy __attribute__((latent_entropy)) ++#endif ++ + /* + * Mark a position in code as unreachable. This can be used to + * suppress control flow warnings after asm blocks that transfer diff --git a/include/linux/compiler.h b/include/linux/compiler.h index d5ad7b1..3b74638 100644 --- a/include/linux/compiler.h @@ -81399,10 +81441,10 @@ index 41b30fd..a3718cf 100644 { diff --git a/include/linux/gracl.h b/include/linux/gracl.h new file mode 100644 -index 0000000..edb2cb6 +index 0000000..91858e4 --- /dev/null +++ b/include/linux/gracl.h -@@ -0,0 +1,340 @@ +@@ -0,0 +1,342 @@ +#ifndef GR_ACL_H +#define GR_ACL_H + @@ -81414,8 +81456,8 @@ index 0000000..edb2cb6 + +/* Major status information */ + -+#define GR_VERSION "grsecurity 3.0" -+#define GRSECURITY_VERSION 0x3000 ++#define GR_VERSION "grsecurity 3.1" ++#define GRSECURITY_VERSION 0x3100 + +enum { + GR_SHUTDOWN = 0, @@ -81460,7 +81502,7 @@ index 0000000..edb2cb6 + +struct name_entry { + __u32 key; -+ ino_t inode; ++ u64 inode; + dev_t device; + char *name; + __u16 len; @@ -81508,7 +81550,7 @@ index 0000000..edb2cb6 + +struct acl_subject_label { + char *filename; -+ ino_t inode; ++ u64 inode; + dev_t device; + __u32 mode; + kernel_cap_t cap_mask; @@ -81596,7 +81638,7 @@ index 0000000..edb2cb6 + +struct acl_object_label { + char *filename; -+ ino_t inode; ++ u64 inode; + dev_t device; + __u32 mode; + @@ -81632,7 +81674,7 @@ index 0000000..edb2cb6 + unsigned char sp_role[GR_SPROLE_LEN]; + struct sprole_pw *sprole_pws; + dev_t segv_device; -+ ino_t segv_inode; ++ u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; @@ -81704,9 +81746,11 @@ index 0000000..edb2cb6 +} + +static __inline__ unsigned int -+gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz) ++gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz) +{ -+ return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); ++ unsigned int rem; ++ div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem); ++ return rem; +} + +static __inline__ unsigned int @@ -81745,7 +81789,7 @@ index 0000000..edb2cb6 + diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h new file mode 100644 -index 0000000..33ebd1f +index 0000000..af64092 --- /dev/null +++ b/include/linux/gracl_compat.h @@ -0,0 +1,156 @@ @@ -81772,7 +81816,7 @@ index 0000000..33ebd1f + +struct acl_subject_label_compat { + compat_uptr_t filename; -+ compat_ino_t inode; ++ compat_u64 inode; + __u32 device; + __u32 mode; + kernel_cap_t cap_mask; @@ -81860,7 +81904,7 @@ index 0000000..33ebd1f + +struct acl_object_label_compat { + compat_uptr_t filename; -+ compat_ino_t inode; ++ compat_u64 inode; + __u32 device; + __u32 mode; + @@ -81892,7 +81936,7 @@ index 0000000..33ebd1f + unsigned char sp_role[GR_SPROLE_LEN]; + compat_uptr_t sprole_pws; + __u32 segv_device; -+ compat_ino_t segv_inode; ++ compat_u64 segv_inode; + uid_t segv_uid; + __u16 num_sprole_pws; + __u16 mode; @@ -82428,10 +82472,10 @@ index 0000000..26ef560 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..6c76fcb +index 0000000..63c1850 --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,249 @@ +@@ -0,0 +1,250 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -82599,7 +82643,7 @@ index 0000000..6c76fcb + const struct vfsmount *parent_mnt); +__u32 gr_acl_handle_rmdir(const struct dentry *dentry, + const struct vfsmount *mnt); -+void gr_handle_delete(const ino_t ino, const dev_t dev); ++void gr_handle_delete(const u64 ino, const dev_t dev); +__u32 gr_acl_handle_unlink(const struct dentry *dentry, + const struct vfsmount *mnt); +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry, @@ -82628,7 +82672,7 @@ index 0000000..6c76fcb + const struct dentry *old_dentry, + const struct vfsmount *old_mnt); +int gr_acl_handle_filldir(const struct file *file, const char *name, -+ const unsigned int namelen, const ino_t ino); ++ const unsigned int namelen, const u64 ino); + +__u32 gr_acl_handle_unix(const struct dentry *dentry, + const struct vfsmount *mnt); @@ -82639,6 +82683,7 @@ index 0000000..6c76fcb +int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode); +void gr_audit_ptrace(struct task_struct *task); +dev_t gr_get_dev_from_dentry(struct dentry *dentry); ++u64 gr_get_ino_from_dentry(struct dentry *dentry); +void gr_put_exec_file(struct task_struct *task); + +int gr_ptrace_readexec(struct file *file, int unsafe_flags); @@ -92932,6 +92977,21 @@ index 2df8ef0..aae070f 100644 static inline void put_prev_task(struct rq *rq, struct task_struct *prev) { +diff --git a/kernel/seccomp.c b/kernel/seccomp.c +index 4ef9687..4f44028 100644 +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -629,7 +629,9 @@ static u32 __seccomp_phase1_filter(int this_syscall, struct seccomp_data *sd) + + switch (action) { + case SECCOMP_RET_ERRNO: +- /* Set the low-order 16-bits as a errno. */ ++ /* Set low-order bits as an errno, capped at MAX_ERRNO. */ ++ if (data > MAX_ERRNO) ++ data = MAX_ERRNO; + syscall_set_return_value(current, task_pt_regs(current), + -data, 0); + goto skip; diff --git a/kernel/signal.c b/kernel/signal.c index 8f0876f..1153a5a 100644 --- a/kernel/signal.c @@ -93071,10 +93131,10 @@ index 8f0876f..1153a5a 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { diff --git a/kernel/smpboot.c b/kernel/smpboot.c -index eb89e18..a4e6792 100644 +index 60d35ac5..59d289f 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c -@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -289,7 +289,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) } smpboot_unpark_thread(plug_thread, cpu); } @@ -93082,8 +93142,8 @@ index eb89e18..a4e6792 100644 + pax_list_add(&plug_thread->list, &hotplug_threads); out: mutex_unlock(&smpboot_threads_lock); - return ret; -@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) + put_online_cpus(); +@@ -307,7 +307,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) { get_online_cpus(); mutex_lock(&smpboot_threads_lock); @@ -93617,7 +93677,7 @@ index a7077d3..dd48a49 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 37e50aa..57a9501 100644 +index d8c724c..6b331a4 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -1399,7 +1399,7 @@ void hrtimer_peek_ahead_timers(void) @@ -96913,7 +96973,7 @@ index 73cf098..ab547c7 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 1620adb..348da48 100644 +index 1620adb..6b35ac8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -41,6 +41,7 @@ @@ -96978,6 +97038,24 @@ index 1620adb..348da48 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. +@@ -152,7 +173,7 @@ EXPORT_SYMBOL_GPL(vm_memory_committed); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + VM_WARN_ONCE(percpu_counter_read(&vm_committed_as) < + -(s64)vm_committed_as_batch * num_online_cpus(), +@@ -220,7 +241,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -274,6 +295,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; @@ -98505,7 +98583,7 @@ index b147f66..98a695ab 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index bd1808e..b63d87c 100644 +index bd1808e..22cbc6a 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -70,7 +70,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; @@ -98540,6 +98618,24 @@ index bd1808e..b63d87c 100644 *region = *vma->vm_region; new->vm_region = region; +@@ -1905,7 +1896,7 @@ EXPORT_SYMBOL(unmap_mapping_range); + */ + int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + { +- unsigned long free, allowed, reserve; ++ long free, allowed, reserve; + + vm_acct_memory(pages); + +@@ -1969,7 +1960,7 @@ int __vm_enough_memory(struct mm_struct *mm, long pages, int cap_sys_admin) + */ + if (mm) { + reserve = sysctl_user_reserve_kbytes >> (PAGE_SHIFT - 10); +- allowed -= min(mm->total_vm / 32, reserve); ++ allowed -= min_t(long, mm->total_vm / 32, reserve); + } + + if (percpu_counter_read_positive(&vm_committed_as) < allowed) @@ -2002,8 +1993,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -98876,7 +98972,7 @@ index 3e4c721..a5e3e39 100644 /* diff --git a/mm/shmem.c b/mm/shmem.c -index 185836b..d7255a1 100644 +index 0b4ba55..bcef4ae 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -33,7 +33,7 @@ @@ -107762,14 +107858,14 @@ index b304068..462d24e 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..42018ed +index 0000000..822fa9e --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,51 @@ +#!/bin/sh +srctree=$(dirname "$0") +gccplugins_dir=$($3 -print-file-name=plugin) -+plugincc=$($1 -E - -o /dev/null -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++plugincc=$($1 -E - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF +#include "gcc-common.h" +#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX) +#warning $2 CXX @@ -107800,7 +107896,7 @@ index 0000000..42018ed +esac + +# we need a c++ compiler that supports the designated initializer GNU extension -+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I${srctree}/../tools/gcc -I${gccplugins_dir}/include 2>&1 <<EOF ++plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF +#include "gcc-common.h" +class test { +public: @@ -109467,6 +109563,18 @@ index 4743d71..170a185 100644 err: if (iov != iovstack) kfree(iov); +diff --git a/security/keys/request_key.c b/security/keys/request_key.c +index 0c7aea4..486ef6f 100644 +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -414,6 +414,7 @@ link_check_failed: + + link_prealloc_failed: + mutex_unlock(&user->cons_lock); ++ key_put(key); + kleave(" = %d [prelink]", ret); + return ret; + diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -110967,10 +111075,10 @@ index 0000000..54461af +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..82bc5a8 +index 0000000..3b5af59 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,557 @@ +@@ -0,0 +1,558 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011-2014 by PaX Team <pageexec@freemail.hu> @@ -111404,7 +111512,8 @@ index 0000000..82bc5a8 +#if BUILDING_GCC_VERSION >= 4008 + .optinfo_flags = OPTGROUP_NONE, +#endif -+#if BUILDING_GCC_VERSION >= 4009 ++#if BUILDING_GCC_VERSION >= 5000 ++#elif BUILDING_GCC_VERSION >= 4009 + .has_gate = false, + .has_execute = true, +#else @@ -111512,8 +111621,8 @@ index 0000000..82bc5a8 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + -+ if (strcmp(lang_hooks.name, "GNU C")) { -+ inform(UNKNOWN_LOCATION, G_("%s supports C only"), plugin_name); ++ if (strncmp(lang_hooks.name, "GNU C", 5) && !strncmp(lang_hooks.name, "GNU C+", 6)) { ++ inform(UNKNOWN_LOCATION, G_("%s supports C only, not %s"), plugin_name, lang_hooks.name); + constify = false; + } + |