diff options
-rw-r--r-- | testing/linux-virt-grsec/APKBUILD | 10 | ||||
-rw-r--r-- | testing/linux-virt-grsec/grsecurity-2.9-3.3.8-201206042136.patch (renamed from testing/linux-virt-grsec/grsecurity-2.9-3.3.7-201205261259.patch) | 908 |
2 files changed, 534 insertions, 384 deletions
diff --git a/testing/linux-virt-grsec/APKBUILD b/testing/linux-virt-grsec/APKBUILD index 08a58fd32..d50f478f1 100644 --- a/testing/linux-virt-grsec/APKBUILD +++ b/testing/linux-virt-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-virt-${_flavor} -pkgver=3.3.7 +pkgver=3.3.8 _kernver=3.3 pkgrel=3 pkgdesc="Linux kernel with grsecurity" @@ -14,8 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9-3.3.7-201205261259.patch - pax-out-of-tree-workaround.patch + grsecurity-2.9-3.3.8-201206042136.patch xen-xsave.patch kernelconfig.x86 @@ -137,8 +136,7 @@ dev() { } md5sums="7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz -622a3b43238559aeb778279969631260 patch-3.3.7.xz -097be38de4ae03e4d9dbec3217b15afb grsecurity-2.9-3.3.7-201205261259.patch -1aa70cff67ae2cca7cf1b8be83573eae pax-out-of-tree-workaround.patch +e1714b5136a7f4dab1b5d2d7f98e2891 patch-3.3.8.xz +4a97aa5ad465a5d829e88c8234f75417 grsecurity-2.9-3.3.8-201206042136.patch 0d095dbf194d5609ad260ecd3f0ab15d xen-xsave.patch db2bba20ed88080a1d78ca5cc26f6ae1 kernelconfig.x86" diff --git a/testing/linux-virt-grsec/grsecurity-2.9-3.3.7-201205261259.patch b/testing/linux-virt-grsec/grsecurity-2.9-3.3.8-201206042136.patch index be98c7f60..e7f177dc8 100644 --- a/testing/linux-virt-grsec/grsecurity-2.9-3.3.7-201205261259.patch +++ b/testing/linux-virt-grsec/grsecurity-2.9-3.3.8-201206042136.patch @@ -195,7 +195,7 @@ index d99fd9c..8689fef 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 073f74f..b379941 100644 +index db96149..f101728 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -210,17 +210,6 @@ index 073f74f..b379941 100644 # Decide whether to build built-in, modular, or both. # Normally, just do built-in. -@@ -357,8 +358,8 @@ CFLAGS_GCOV = -fprofile-arcs -ftest-coverage - - # Use LINUXINCLUDE when you must reference the include/ directory. - # Needed to be compatible with the O= option --LINUXINCLUDE := -I$(srctree)/arch/$(hdr-arch)/include \ -- -Iarch/$(hdr-arch)/include/generated -Iinclude \ -+LINUXINCLUDE := -isystem arch/$(hdr-arch)/include \ -+ -isystem arch/$(hdr-arch)/include/generated -isystem include \ - $(if $(KBUILD_SRC), -I$(srctree)/include) \ - -include $(srctree)/include/linux/kconfig.h - @@ -407,8 +408,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn --exc # Rules shared between *config targets and build targets @@ -323,7 +312,7 @@ index 073f74f..b379941 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1142,8 @@ all: modules +@@ -1092,6 +1145,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -332,7 +321,7 @@ index 073f74f..b379941 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1107,7 +1162,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -341,7 +330,7 @@ index 073f74f..b379941 100644 # Target to install modules PHONY += modules_install -@@ -1201,6 +1256,7 @@ distclean: mrproper +@@ -1204,6 +1259,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -349,7 +338,7 @@ index 073f74f..b379941 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules +@@ -1364,6 +1420,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -358,7 +347,7 @@ index 073f74f..b379941 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1545,21 @@ else +@@ -1490,17 +1548,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -384,7 +373,7 @@ index 073f74f..b379941 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1569,15 @@ endif +@@ -1510,11 +1572,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -1336,7 +1325,7 @@ index 75fe66b..2255c86 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index d5d8d5c..ad92c96 100644 +index 1252a26..9dc17b5 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -108,7 +108,7 @@ struct cpu_cache_fns { @@ -1655,7 +1644,7 @@ index a255c39..4a19b25 100644 #endif diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index f84dfe6..13e94f7 100644 +index 504b28a..62f7a7d 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt @@ -7717,7 +7706,7 @@ index e46c214..7c72b55 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 209ba12..15140db 100644 +index 015f0c5..b405802 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7728,7 +7717,7 @@ index 209ba12..15140db 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -201,3 +202,12 @@ define archhelp +@@ -205,3 +206,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -7800,7 +7789,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index fd55a2f..217b501 100644 +index e398bb5..3a382ca 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -7909,201 +7898,6 @@ index 7116dcb..d9ae1d7 100644 error("Wrong destination address"); #endif -diff --git a/arch/x86/boot/compressed/relocs.c b/arch/x86/boot/compressed/relocs.c -index e77f4e4..17e511f 100644 ---- a/arch/x86/boot/compressed/relocs.c -+++ b/arch/x86/boot/compressed/relocs.c -@@ -13,8 +13,11 @@ - - static void die(char *fmt, ...); - -+#include "../../../../include/generated/autoconf.h" -+ - #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) - static Elf32_Ehdr ehdr; -+static Elf32_Phdr *phdr; - static unsigned long reloc_count, reloc_idx; - static unsigned long *relocs; - -@@ -270,9 +273,39 @@ static void read_ehdr(FILE *fp) - } - } - -+static void read_phdrs(FILE *fp) -+{ -+ unsigned int i; -+ -+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); -+ if (!phdr) { -+ die("Unable to allocate %d program headers\n", -+ ehdr.e_phnum); -+ } -+ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) { -+ die("Seek to %d failed: %s\n", -+ ehdr.e_phoff, strerror(errno)); -+ } -+ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) { -+ die("Cannot read ELF program headers: %s\n", -+ strerror(errno)); -+ } -+ for(i = 0; i < ehdr.e_phnum; i++) { -+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); -+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); -+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); -+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); -+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); -+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); -+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); -+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); -+ } -+ -+} -+ - static void read_shdrs(FILE *fp) - { -- int i; -+ unsigned int i; - Elf32_Shdr shdr; - - secs = calloc(ehdr.e_shnum, sizeof(struct section)); -@@ -307,7 +340,7 @@ static void read_shdrs(FILE *fp) - - static void read_strtabs(FILE *fp) - { -- int i; -+ unsigned int i; - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_STRTAB) { -@@ -332,7 +365,7 @@ static void read_strtabs(FILE *fp) - - static void read_symtabs(FILE *fp) - { -- int i,j; -+ unsigned int i,j; - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_SYMTAB) { -@@ -365,7 +398,9 @@ static void read_symtabs(FILE *fp) - - static void read_relocs(FILE *fp) - { -- int i,j; -+ unsigned int i,j; -+ uint32_t base; -+ - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - if (sec->shdr.sh_type != SHT_REL) { -@@ -385,9 +420,18 @@ static void read_relocs(FILE *fp) - die("Cannot read symbol table: %s\n", - strerror(errno)); - } -+ base = 0; -+ for (j = 0; j < ehdr.e_phnum; j++) { -+ if (phdr[j].p_type != PT_LOAD ) -+ continue; -+ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) -+ continue; -+ base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; -+ break; -+ } - for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { - Elf32_Rel *rel = &sec->reltab[j]; -- rel->r_offset = elf32_to_cpu(rel->r_offset); -+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base; - rel->r_info = elf32_to_cpu(rel->r_info); - } - } -@@ -396,13 +440,13 @@ static void read_relocs(FILE *fp) - - static void print_absolute_symbols(void) - { -- int i; -+ unsigned int i; - printf("Absolute symbols\n"); - printf(" Num: Value Size Type Bind Visibility Name\n"); - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - char *sym_strtab; -- int j; -+ unsigned int j; - - if (sec->shdr.sh_type != SHT_SYMTAB) { - continue; -@@ -429,14 +473,14 @@ static void print_absolute_symbols(void) - - static void print_absolute_relocs(void) - { -- int i, printed = 0; -+ unsigned int i, printed = 0; - - for (i = 0; i < ehdr.e_shnum; i++) { - struct section *sec = &secs[i]; - struct section *sec_applies, *sec_symtab; - char *sym_strtab; - Elf32_Sym *sh_symtab; -- int j; -+ unsigned int j; - if (sec->shdr.sh_type != SHT_REL) { - continue; - } -@@ -497,13 +541,13 @@ static void print_absolute_relocs(void) - - static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) - { -- int i; -+ unsigned int i; - /* Walk through the relocations */ - for (i = 0; i < ehdr.e_shnum; i++) { - char *sym_strtab; - Elf32_Sym *sh_symtab; - struct section *sec_applies, *sec_symtab; -- int j; -+ unsigned int j; - struct section *sec = &secs[i]; - - if (sec->shdr.sh_type != SHT_REL) { -@@ -528,6 +572,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym)) - !is_rel_reloc(sym_name(sym_strtab, sym))) { - continue; - } -+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ -+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) -+ continue; -+ -+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) -+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ -+ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) -+ continue; -+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) -+ continue; -+#endif -+ - switch (r_type) { - case R_386_NONE: - case R_386_PC32: -@@ -569,7 +629,7 @@ static int cmp_relocs(const void *va, const void *vb) - - static void emit_relocs(int as_text) - { -- int i; -+ unsigned int i; - /* Count how many relocations I have and allocate space for them. */ - reloc_count = 0; - walk_relocs(count_reloc); -@@ -663,6 +723,7 @@ int main(int argc, char **argv) - fname, strerror(errno)); - } - read_ehdr(fp); -+ read_phdrs(fp); - read_shdrs(fp); - read_strtabs(fp); - read_symtabs(fp); diff --git a/arch/x86/boot/cpucheck.c b/arch/x86/boot/cpucheck.c index 4d3ff03..e4972ff 100644 --- a/arch/x86/boot/cpucheck.c @@ -10982,7 +10776,7 @@ index 5f55e69..e20bfb1 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h -index 6902152..399f3a2 100644 +index 6902152..da4283a 100644 --- a/arch/x86/include/asm/mmu_context.h +++ b/arch/x86/include/asm/mmu_context.h @@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); @@ -11025,8 +10819,8 @@ index 6902152..399f3a2 100644 /* Re-load page tables */ +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS); ++ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); + load_cr3(get_cpu_pgd(cpu)); +#else @@ -11065,8 +10859,8 @@ index 6902152..399f3a2 100644 + +#ifdef CONFIG_PAX_PER_CPU_PGD + pax_open_kernel(); -+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd, USER_PGD_PTRS); -+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd, USER_PGD_PTRS); ++ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); ++ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); + pax_close_kernel(); + load_cr3(get_cpu_pgd(cpu)); +#endif @@ -11452,7 +11246,7 @@ index effff47..bbb8295 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 49afb3f..ed14d07 100644 +index 49afb3f..91a8c63 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -11621,13 +11415,13 @@ index 49afb3f..ed14d07 100644 } +#ifdef CONFIG_PAX_PER_CPU_PGD -+extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++extern void __clone_user_pgds(pgd_t *dst, const pgd_t *src); +#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count); ++extern void __shadow_user_pgds(pgd_t *dst, const pgd_t *src); +#else -+static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) {} ++static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) {} +#endif #include <asm-generic/pgtable.h> @@ -14357,7 +14151,7 @@ index 3e6ff6c..54b4992 100644 } #endif diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 5a11ae2..a1a1c8a 100644 +index dee004f..327a57e 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -14408,7 +14202,7 @@ index 5a11ae2..a1a1c8a 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t) +@@ -666,7 +667,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -14417,7 +14211,7 @@ index 5a11ae2..a1a1c8a 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1454,7 +1455,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -14426,7 +14220,7 @@ index 5a11ae2..a1a1c8a 100644 unexpected_machine_check; /* -@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1477,7 +1478,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -14436,7 +14230,7 @@ index 5a11ae2..a1a1c8a 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1491,7 +1494,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -14445,7 +14239,7 @@ index 5a11ae2..a1a1c8a 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -14454,7 +14248,7 @@ index 5a11ae2..a1a1c8a 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1507,7 +1510,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -14463,7 +14257,7 @@ index 5a11ae2..a1a1c8a 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1518,7 +1521,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -14472,7 +14266,7 @@ index 5a11ae2..a1a1c8a 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2237,7 +2240,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -24685,7 +24479,7 @@ index 8ecbb4b..a269cab 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 6cabf65..00139c4 100644 +index 6cabf65..74565da 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -17,6 +17,8 @@ @@ -24762,7 +24556,7 @@ index 6cabf65..00139c4 100644 + } + if (ebda_addr && ebda_size) { + ebda_start = ebda_addr >> PAGE_SHIFT; -+ ebda_end = min(PAGE_ALIGN(ebda_addr + ebda_size), 0xa0000) >> PAGE_SHIFT; ++ ebda_end = min((unsigned int)PAGE_ALIGN(ebda_addr + ebda_size), (unsigned int)0xa0000) >> PAGE_SHIFT; + } else { + ebda_start = 0x9f000 >> PAGE_SHIFT; + ebda_end = 0xa0000 >> PAGE_SHIFT; @@ -24780,6 +24574,11 @@ index 6cabf65..00139c4 100644 + unsigned long addr, limit; + struct desc_struct d; + int cpu; ++#else ++ pgd_t *pgd; ++ pud_t *pud; ++ pmd_t *pmd; ++ unsigned long addr, end; +#endif +#endif + @@ -24825,11 +24624,6 @@ index 6cabf65..00139c4 100644 +#endif + +#else -+ pgd_t *pgd; -+ pud_t *pud; -+ pmd_t *pmd; -+ unsigned long addr, end; -+ + /* PaX: make kernel code/rodata read-only, rest non-executable */ + for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) { + pgd = pgd_offset_k(addr); @@ -25701,10 +25495,10 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..7d9628f 100644 +index 8573b83..4f3ed7e 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c -@@ -84,10 +84,60 @@ static inline void pgd_list_del(pgd_t *pgd) +@@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) list_del(&page->lru); } @@ -25713,16 +25507,20 @@ index 8573b83..7d9628f 100644 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +pgdval_t clone_pgd_mask __read_only = ~_PAGE_PRESENT; -+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src, int count) ++void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) +{ ++ unsigned int count = USER_PGD_PTRS; + + while (count--) + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} +#endif - ++ +#ifdef CONFIG_PAX_PER_CPU_PGD -+void __clone_user_pgds(pgd_t *dst, const pgd_t *src, int count) ++void __clone_user_pgds(pgd_t *dst, const pgd_t *src) +{ ++ unsigned int count = USER_PGD_PTRS; ++ + while (count--) { + pgd_t pgd; + @@ -25767,7 +25565,7 @@ index 8573b83..7d9628f 100644 static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) { BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); -@@ -128,6 +178,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -128,6 +182,7 @@ static void pgd_dtor(pgd_t *pgd) pgd_list_del(pgd); spin_unlock(&pgd_lock); } @@ -25775,7 +25573,7 @@ index 8573b83..7d9628f 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries -@@ -140,7 +191,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) * -- wli */ @@ -25784,7 +25582,7 @@ index 8573b83..7d9628f 100644 /* * In PAE mode, we need to do a cr3 reload (=tlb flush) when * updating the top-level pagetable entries to guarantee the -@@ -152,7 +203,7 @@ static void pgd_dtor(pgd_t *pgd) +@@ -152,7 +207,7 @@ static void pgd_dtor(pgd_t *pgd) * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate * and initialize the kernel pmds here. */ @@ -25793,7 +25591,7 @@ index 8573b83..7d9628f 100644 void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) { -@@ -170,36 +221,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) +@@ -170,36 +225,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) */ flush_tlb_mm(mm); } @@ -25843,7 +25641,7 @@ index 8573b83..7d9628f 100644 return -ENOMEM; } -@@ -212,51 +265,55 @@ static int preallocate_pmds(pmd_t *pmds[]) +@@ -212,51 +269,55 @@ static int preallocate_pmds(pmd_t *pmds[]) * preallocate which never got a corresponding vma will need to be * freed manually. */ @@ -25916,7 +25714,7 @@ index 8573b83..7d9628f 100644 pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); -@@ -265,11 +322,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -265,11 +326,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) mm->pgd = pgd; @@ -25930,7 +25728,7 @@ index 8573b83..7d9628f 100644 /* * Make sure that pre-populating the pmds is atomic with -@@ -279,14 +336,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) +@@ -279,14 +340,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) spin_lock(&pgd_lock); pgd_ctor(mm, pgd); @@ -25948,7 +25746,7 @@ index 8573b83..7d9628f 100644 out_free_pgd: free_page((unsigned long)pgd); out: -@@ -295,7 +352,7 @@ out: +@@ -295,7 +356,7 @@ out: void pgd_free(struct mm_struct *mm, pgd_t *pgd) { @@ -26852,6 +26650,206 @@ index f10c0af..3ec1f95 100644 syscall_init(); /* This sets MSR_*STAR and related */ #endif +diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c +index b685296..5cdc8ad 100644 +--- a/arch/x86/tools/relocs.c ++++ b/arch/x86/tools/relocs.c +@@ -14,8 +14,16 @@ + + static void die(char *fmt, ...); + ++#include "../../../include/generated/autoconf.h" ++#ifdef CONFIG_X86_32 ++#define __PAGE_OFFSET CONFIG_PAGE_OFFSET ++#else ++#define __PAGE_OFFSET 0 ++#endif ++ + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + static Elf32_Ehdr ehdr; ++static Elf32_Phdr *phdr; + static unsigned long reloc_count, reloc_idx; + static unsigned long *relocs; + static unsigned long reloc16_count, reloc16_idx; +@@ -323,9 +331,39 @@ static void read_ehdr(FILE *fp) + } + } + ++static void read_phdrs(FILE *fp) ++{ ++ unsigned int i; ++ ++ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr)); ++ if (!phdr) { ++ die("Unable to allocate %d program headers\n", ++ ehdr.e_phnum); ++ } ++ if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) { ++ die("Seek to %d failed: %s\n", ++ ehdr.e_phoff, strerror(errno)); ++ } ++ if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) { ++ die("Cannot read ELF program headers: %s\n", ++ strerror(errno)); ++ } ++ for(i = 0; i < ehdr.e_phnum; i++) { ++ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type); ++ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset); ++ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr); ++ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr); ++ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz); ++ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz); ++ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags); ++ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align); ++ } ++ ++} ++ + static void read_shdrs(FILE *fp) + { +- int i; ++ unsigned int i; + Elf32_Shdr shdr; + + secs = calloc(ehdr.e_shnum, sizeof(struct section)); +@@ -360,7 +398,7 @@ static void read_shdrs(FILE *fp) + + static void read_strtabs(FILE *fp) + { +- int i; ++ unsigned int i; + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_STRTAB) { +@@ -385,7 +423,7 @@ static void read_strtabs(FILE *fp) + + static void read_symtabs(FILE *fp) + { +- int i,j; ++ unsigned int i,j; + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_SYMTAB) { +@@ -418,7 +456,9 @@ static void read_symtabs(FILE *fp) + + static void read_relocs(FILE *fp) + { +- int i,j; ++ unsigned int i,j; ++ uint32_t base; ++ + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + if (sec->shdr.sh_type != SHT_REL) { +@@ -438,9 +478,18 @@ static void read_relocs(FILE *fp) + die("Cannot read symbol table: %s\n", + strerror(errno)); + } ++ base = 0; ++ for (j = 0; j < ehdr.e_phnum; j++) { ++ if (phdr[j].p_type != PT_LOAD ) ++ continue; ++ if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz) ++ continue; ++ base = __PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr; ++ break; ++ } + for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) { + Elf32_Rel *rel = &sec->reltab[j]; +- rel->r_offset = elf32_to_cpu(rel->r_offset); ++ rel->r_offset = elf32_to_cpu(rel->r_offset) + base; + rel->r_info = elf32_to_cpu(rel->r_info); + } + } +@@ -449,13 +498,13 @@ static void read_relocs(FILE *fp) + + static void print_absolute_symbols(void) + { +- int i; ++ unsigned int i; + printf("Absolute symbols\n"); + printf(" Num: Value Size Type Bind Visibility Name\n"); + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + char *sym_strtab; +- int j; ++ unsigned int j; + + if (sec->shdr.sh_type != SHT_SYMTAB) { + continue; +@@ -482,14 +531,14 @@ static void print_absolute_symbols(void) + + static void print_absolute_relocs(void) + { +- int i, printed = 0; ++ unsigned int i, printed = 0; + + for (i = 0; i < ehdr.e_shnum; i++) { + struct section *sec = &secs[i]; + struct section *sec_applies, *sec_symtab; + char *sym_strtab; + Elf32_Sym *sh_symtab; +- int j; ++ unsigned int j; + if (sec->shdr.sh_type != SHT_REL) { + continue; + } +@@ -551,13 +600,13 @@ static void print_absolute_relocs(void) + static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), + int use_real_mode) + { +- int i; ++ unsigned int i; + /* Walk through the relocations */ + for (i = 0; i < ehdr.e_shnum; i++) { + char *sym_strtab; + Elf32_Sym *sh_symtab; + struct section *sec_applies, *sec_symtab; +- int j; ++ unsigned int j; + struct section *sec = &secs[i]; + + if (sec->shdr.sh_type != SHT_REL) { +@@ -583,6 +632,22 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym), + + shn_abs = sym->st_shndx == SHN_ABS; + ++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */ ++ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load")) ++ continue; ++ ++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32) ++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */ ++ if (!strcmp(sec_name(sym->st_shndx), ".module.text") && !strcmp(sym_name(sym_strtab, sym), "_etext")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".init.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text")) ++ continue; ++ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR")) ++ continue; ++#endif ++ + switch (r_type) { + case R_386_NONE: + case R_386_PC32: +@@ -674,7 +739,7 @@ static int write32(unsigned int v, FILE *f) + + static void emit_relocs(int as_text, int use_real_mode) + { +- int i; ++ unsigned int i; + /* Count how many relocations I have and allocate space for them. */ + reloc_count = 0; + walk_relocs(count_reloc, use_real_mode); +@@ -801,6 +866,7 @@ int main(int argc, char **argv) + fname, strerror(errno)); + } + read_ehdr(fp); ++ read_phdrs(fp); + read_shdrs(fp); + read_strtabs(fp); + read_symtabs(fp); diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index 5d17950..2253fc9 100644 --- a/arch/x86/vdso/Makefile @@ -27025,7 +27023,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 4e517d4..68a48f5 100644 +index 4e517d4..8426127 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -27037,7 +27035,18 @@ index 4e517d4..68a48f5 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1030,30 +1028,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -982,7 +980,10 @@ static const struct pv_cpu_ops xen_cpu_ops __initconst = { + .wbinvd = native_wbinvd, + + .read_msr = native_read_msr_safe, ++ .rdmsr_regs = native_rdmsr_safe_regs, + .write_msr = xen_write_msr_safe, ++ .wrmsr_regs = native_wrmsr_safe_regs, ++ + .read_tsc = native_read_tsc, + .read_pmc = native_read_pmc, + +@@ -1030,30 +1031,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27075,7 +27084,7 @@ index 4e517d4..68a48f5 100644 { if (pm_power_off) pm_power_off(); -@@ -1156,7 +1154,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1156,7 +1157,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27094,7 +27103,7 @@ index 4e517d4..68a48f5 100644 xen_setup_features(); -@@ -1187,13 +1195,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1187,13 +1198,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -28703,6 +28712,25 @@ index 8493536..31adee0 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else +diff --git a/drivers/base/node.c b/drivers/base/node.c +index 90aa2a1..af1a177 100644 +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -592,11 +592,9 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) + { + int n; + +- n = nodelist_scnprintf(buf, PAGE_SIZE, node_states[state]); +- if (n > 0 && PAGE_SIZE > n + 1) { +- *(buf + n++) = '\n'; +- *(buf + n++) = '\0'; +- } ++ n = nodelist_scnprintf(buf, PAGE_SIZE-2, node_states[state]); ++ buf[n++] = '\n'; ++ buf[n] = '\0'; + return n; + } + diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c index caf995f..6f76697 100644 --- a/drivers/base/power/wakeup.c @@ -30629,10 +30657,10 @@ index e159e33..cdcc663 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 5bd4361..0241a42 100644 +index 307c5e6..a1e4216 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) +@@ -472,7 +472,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; struct drm_i915_master_private *master_priv; @@ -30641,7 +30669,7 @@ index 5bd4361..0241a42 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -566,7 +566,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -563,7 +563,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) struct drm_i915_master_private *master_priv; u32 bsd_usr_interrupt = GT_BSD_USER_INTERRUPT; @@ -30650,7 +30678,7 @@ index 5bd4361..0241a42 100644 if (IS_GEN6(dev)) bsd_usr_interrupt = GT_GEN6_BSD_USER_INTERRUPT; -@@ -1231,7 +1231,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) +@@ -1228,7 +1228,7 @@ static irqreturn_t i915_driver_irq_handler(DRM_IRQ_ARGS) int ret = IRQ_NONE, pipe; bool blc_event = false; @@ -30659,7 +30687,7 @@ index 5bd4361..0241a42 100644 iir = I915_READ(IIR); -@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1740,7 +1740,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -30668,7 +30696,7 @@ index 5bd4361..0241a42 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1929,7 +1929,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -30678,7 +30706,7 @@ index 5bd4361..0241a42 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 2163818..cede019 100644 +index 9ab9b16..e5b1b8d 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, @@ -31433,6 +31461,19 @@ index 75dbe34..f9204a8 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); +diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c +index 17dabc1..bf248eb 100644 +--- a/drivers/hid/hid-wiimote-debug.c ++++ b/drivers/hid/hid-wiimote-debug.c +@@ -72,7 +72,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s, + else if (size == 0) + return -EIO; + +- if (copy_to_user(u, buf, size)) ++ if (size > sizeof(buf) || copy_to_user(u, buf, size)) + return -EFAULT; + + *off += size; diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c index b1ec0e2..c295a61 100644 --- a/drivers/hid/usbhid/hiddev.c @@ -33203,6 +33244,19 @@ index 1f355bb..43f1fea 100644 return -EFAULT; } else memcpy(msg, buf, count); +diff --git a/drivers/leds/leds-mc13783.c b/drivers/leds/leds-mc13783.c +index 8bc4915..4cc6a2e 100644 +--- a/drivers/leds/leds-mc13783.c ++++ b/drivers/leds/leds-mc13783.c +@@ -280,7 +280,7 @@ static int __devinit mc13783_led_probe(struct platform_device *pdev) + return -EINVAL; + } + +- led = kzalloc(sizeof(*led) * pdata->num_leds, GFP_KERNEL); ++ led = kcalloc(pdata->num_leds, sizeof(*led), GFP_KERNEL); + if (led == NULL) { + dev_err(&pdev->dev, "failed to alloc memory\n"); + return -ENOMEM; diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c index b5fdcb7..5b6c59f 100644 --- a/drivers/lguest/core.c @@ -33592,7 +33646,7 @@ index b89c548..2af3ce4 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 363aaf4..d875264 100644 +index 1ae4327..4ecabb5 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -34002,7 +34056,7 @@ index 8418c02..8555013 100644 NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2), NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2), diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 16a089f..ab1667d 100644 +index 16a089f..1661b11 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c @@ -326,6 +326,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo @@ -34014,6 +34068,15 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) { dev->rdsstat = 1; +@@ -347,7 +349,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo + readbuf[i++] = dev->rdsbuf[dev->rdsout++]; + mutex_unlock(&dev->lock); + +- if (copy_to_user(data, readbuf, i)) ++ if (i > sizeof(readbuf) || copy_to_user(data, readbuf, i)) + return -EFAULT; + return i; + } diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -36545,7 +36608,7 @@ index 351dc0b..951dc32 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index b96962c..0c82ec2 100644 +index e640b73..2f68432 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h) @@ -36557,7 +36620,7 @@ index b96962c..0c82ec2 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h) +@@ -2987,7 +2987,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36566,7 +36629,7 @@ index b96962c..0c82ec2 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h) +@@ -2997,7 +2997,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; /* Tell the controller execute command */ @@ -36575,7 +36638,7 @@ index b96962c..0c82ec2 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h) +@@ -3006,17 +3006,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -36596,7 +36659,7 @@ index b96962c..0c82ec2 100644 (h->interrupts_enabled == 0); } -@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -3915,7 +3915,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36605,7 +36668,7 @@ index b96962c..0c82ec2 100644 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4160,7 +4160,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -36614,7 +36677,7 @@ index b96962c..0c82ec2 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4344,7 +4344,7 @@ reinit_after_soft_reset: +@@ -4340,7 +4340,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36623,7 +36686,7 @@ index b96962c..0c82ec2 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4378,7 +4378,7 @@ reinit_after_soft_reset: +@@ -4374,7 +4374,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36632,7 +36695,7 @@ index b96962c..0c82ec2 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4397,9 +4397,9 @@ reinit_after_soft_reset: +@@ -4393,9 +4393,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36644,7 +36707,7 @@ index b96962c..0c82ec2 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4420,7 +4420,7 @@ reinit_after_soft_reset: +@@ -4416,7 +4416,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -36653,7 +36716,7 @@ index b96962c..0c82ec2 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -36662,7 +36725,7 @@ index b96962c..0c82ec2 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -41489,7 +41552,7 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index a40c05e..785c583 100644 +index 5fd95e0..b4a96f8 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c @@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, @@ -41524,7 +41587,7 @@ index a40c05e..785c583 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); } -@@ -1368,7 +1368,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, +@@ -1371,7 +1371,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41533,7 +41596,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_bytes_identical_show(struct device *fbdev, -@@ -1376,7 +1376,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, +@@ -1379,7 +1379,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41542,7 +41605,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_bytes_sent_show(struct device *fbdev, -@@ -1384,7 +1384,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, +@@ -1387,7 +1387,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41551,7 +41614,7 @@ index a40c05e..785c583 100644 } static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, -@@ -1392,7 +1392,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, +@@ -1395,7 +1395,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -41560,7 +41623,7 @@ index a40c05e..785c583 100644 } static ssize_t edid_show( -@@ -1449,10 +1449,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, +@@ -1452,10 +1452,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; @@ -41849,7 +41912,7 @@ index e95d1b6..3454244 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index b9d64d8..86cb1d5 100644 +index 3b65ee7..aa6ec34 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -41861,7 +41924,7 @@ index b9d64d8..86cb1d5 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -1461,22 +1461,27 @@ static ssize_t aio_fsync(struct kiocb *iocb) +@@ -1461,18 +1461,19 @@ static ssize_t aio_fsync(struct kiocb *iocb) static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) { ssize_t ret; @@ -41883,11 +41946,15 @@ index b9d64d8..86cb1d5 100644 &kiocb->ki_iovec, 1); if (ret < 0) goto out; +@@ -1481,6 +1482,11 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) + if (ret < 0) + goto out; + if (kiocb->ki_iovec == &iovstack) { + kiocb->ki_inline_vec = iovstack; + kiocb->ki_iovec = &kiocb->ki_inline_vec; + } ++ kiocb->ki_nr_segs = kiocb->ki_nbytes; kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ @@ -42934,10 +43001,10 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index b980ecd..74800bf 100644 +index 4fc4dbb..d3a5b93 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -833,7 +833,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, +@@ -838,7 +838,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -42946,7 +43013,7 @@ index b980ecd..74800bf 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1229,7 +1229,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -1234,7 +1234,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -42956,7 +43023,7 @@ index b980ecd..74800bf 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index 5e9f198..6bf9b1c 100644 +index 236dd6c..46c6530 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -703,7 +703,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -44834,6 +44901,19 @@ index cb990b2..4820141 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; +diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c +index f9d948f..8601f4b 100644 +--- a/fs/ext4/resize.c ++++ b/fs/ext4/resize.c +@@ -161,6 +161,8 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned long flexbg_size) + if (flex_gd == NULL) + goto out3; + ++ if (flexbg_size >= UINT_MAX / sizeof(struct ext4_new_flex_group_data)) ++ goto out2; + flex_gd->count = flexbg_size; + + flex_gd->groups = kmalloc(sizeof(struct ext4_new_group_data) * diff --git a/fs/fcntl.c b/fs/fcntl.c index 22764c7..86372c9 100644 --- a/fs/fcntl.c @@ -60608,7 +60688,7 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index f4b6e06..d6ba573 100644 +index fd65e0d..7232c62 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1628,7 +1628,8 @@ struct file_operations { @@ -60704,7 +60784,7 @@ index c3da42d..c70e0df 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index e61d319..0da8505 100644 +index 017a7fb..33a8507 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -185,7 +185,7 @@ struct gendisk { @@ -62768,6 +62848,27 @@ index 58969b2..ead129b 100644 /** * preempt_notifier - key for installing preemption notifiers +diff --git a/include/linux/printk.h b/include/linux/printk.h +index f0e22f7..82dd544 100644 +--- a/include/linux/printk.h ++++ b/include/linux/printk.h +@@ -94,6 +94,8 @@ void early_printk(const char *fmt, ...); + extern int printk_needs_cpu(int cpu); + extern void printk_tick(void); + ++extern int kptr_restrict; ++ + #ifdef CONFIG_PRINTK + asmlinkage __printf(1, 0) + int vprintk(const char *fmt, va_list args); +@@ -112,7 +114,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, + + extern int printk_delay_msec; + extern int dmesg_restrict; +-extern int kptr_restrict; + + void log_buf_kexec_setup(void); + void __init setup_log_buf(int early); diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 85c5073..51fac8b 100644 --- a/include/linux/proc_fs.h @@ -64480,10 +64581,10 @@ index 1c09820..7f5ec79 100644 TP_ARGS(irq, action, ret), diff --git a/include/video/udlfb.h b/include/video/udlfb.h -index c41f308..6918de3 100644 +index f9466fa..f4e2b81 100644 --- a/include/video/udlfb.h +++ b/include/video/udlfb.h -@@ -52,10 +52,10 @@ struct dlfb_data { +@@ -53,10 +53,10 @@ struct dlfb_data { u32 pseudo_palette[256]; int blank_mode; /*one of FB_BLANK_ */ /* blit-only rendering path metrics, exposed through sysfs */ @@ -64834,7 +64935,7 @@ index 8216c30..25e8e32 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index ff49a6d..5fa0429 100644 +index 45a7bf5..7ba1b61 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -64896,7 +64997,7 @@ index ff49a6d..5fa0429 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -675,6 +720,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -672,6 +717,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -64904,7 +65005,7 @@ index ff49a6d..5fa0429 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -687,15 +733,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -684,15 +730,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -64924,7 +65025,7 @@ index ff49a6d..5fa0429 100644 } return ret; -@@ -814,7 +860,7 @@ static int __init kernel_init(void * unused) +@@ -815,7 +861,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -64933,7 +65034,7 @@ index ff49a6d..5fa0429 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -827,11 +873,13 @@ static int __init kernel_init(void * unused) +@@ -828,11 +874,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -65872,7 +65973,7 @@ index 46c8b14..d868958 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 423d5a4..4608ecf 100644 +index 423d5a4..881923e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -285,7 +285,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -65897,7 +65998,7 @@ index 423d5a4..4608ecf 100644 + + charge = 0; + if (mpnt->vm_flags & VM_ACCOUNT) { -+ unsigned int len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; ++ unsigned long len = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; + if (security_vm_enough_memory(len)) + goto fail_nomem; + charge = len; @@ -68891,7 +68992,7 @@ index 888d227..f04b318 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index f03a6ef..5fcc8af 100644 +index f03a6ef..735d95c 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -86,6 +86,13 @@ @@ -68908,7 +69009,18 @@ index f03a6ef..5fcc8af 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; -@@ -191,6 +198,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -165,10 +172,8 @@ static int proc_taint(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); + #endif + +-#ifdef CONFIG_PRINTK + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); +-#endif + + #ifdef CONFIG_MAGIC_SYSRQ + /* Note: sysrq code uses it's own private copy */ +@@ -191,6 +196,7 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, } #endif @@ -68916,7 +69028,7 @@ index f03a6ef..5fcc8af 100644 static struct ctl_table root_table[]; static struct ctl_table_root sysctl_table_root; -@@ -220,6 +228,20 @@ extern struct ctl_table epoll_table[]; +@@ -220,6 +226,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -68937,7 +69049,7 @@ index f03a6ef..5fcc8af 100644 /* The default sysctl tables: */ static struct ctl_table root_table[] = { -@@ -266,6 +288,22 @@ static int max_extfrag_threshold = 1000; +@@ -266,6 +286,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -68960,7 +69072,7 @@ index f03a6ef..5fcc8af 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -550,7 +588,7 @@ static struct ctl_table kern_table[] = { +@@ -550,7 +586,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -68969,7 +69081,7 @@ index f03a6ef..5fcc8af 100644 }, { .procname = "modules_disabled", -@@ -717,16 +755,20 @@ static struct ctl_table kern_table[] = { +@@ -717,16 +753,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -68991,7 +69103,7 @@ index f03a6ef..5fcc8af 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] = { +@@ -1225,6 +1265,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -69005,7 +69117,7 @@ index f03a6ef..5fcc8af 100644 #else { .procname = "nr_trim_pages", -@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op) +@@ -1729,6 +1776,17 @@ static int test_perm(int mode, int op) int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) { int mode; @@ -69023,7 +69135,7 @@ index f03a6ef..5fcc8af 100644 if (root->permissions) mode = root->permissions(root, current->nsproxy, table); -@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2133,6 +2191,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -69040,7 +69152,7 @@ index f03a6ef..5fcc8af 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -2238,6 +2306,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -69049,7 +69161,23 @@ index f03a6ef..5fcc8af 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2430,7 +2500,6 @@ static int proc_taint(struct ctl_table *table, int write, + return err; + } + +-#ifdef CONFIG_PRINTK + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +@@ -2439,7 +2508,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); + } +-#endif + + struct do_proc_dointvec_minmax_conv_param { + int *min; +@@ -2554,8 +2622,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -69062,7 +69190,7 @@ index f03a6ef..5fcc8af 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2950,6 +3021,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -69075,7 +69203,7 @@ index f03a6ef..5fcc8af 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -3006,6 +3083,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -69964,7 +70092,7 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index e338407..49b5b7a 100644 +index e338407..4210331 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -247,10 +247,10 @@ config KSM @@ -69981,6 +70109,15 @@ index e338407..49b5b7a 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. +@@ -280,7 +280,7 @@ config MEMORY_FAILURE + + config HWPOISON_INJECT + tristate "HWPoison pages injector" +- depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS ++ depends on MEMORY_FAILURE && DEBUG_KERNEL && PROC_FS && !GRKERNSEC + select PROC_PAGE_MONITOR + + config NOMMU_INITIAL_TRIM_EXCESS diff --git a/mm/filemap.c b/mm/filemap.c index b662757..3081ddd 100644 --- a/mm/filemap.c @@ -70061,7 +70198,7 @@ index 8f7fc39..69bf1e9 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index fece520..7fad868 100644 +index fece520..e10da7f 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2146,6 +2146,15 @@ static void hugetlb_vm_op_open(struct vm_area_struct *vma) @@ -70208,12 +70345,13 @@ index fece520..7fad868 100644 } /* -@@ -3009,6 +3076,9 @@ int hugetlb_reserve_pages(struct inode *inode, +@@ -3009,6 +3076,10 @@ int hugetlb_reserve_pages(struct inode *inode, if (!vma || vma->vm_flags & VM_MAYSHARE) region_add(&inode->i_mapping->private_list, from, to); return 0; +out_err: -+ resv_map_put(vma); ++ if (vma) ++ resv_map_put(vma); + return ret; } @@ -71075,10 +71213,10 @@ index 10b4dda..06857f3 100644 * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 0a37570..2048346 100644 +index a8f97d5..e2ed444 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -619,6 +619,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -71089,15 +71227,15 @@ index 0a37570..2048346 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -679,6 +683,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, - err = policy_vma(vma, new_pol); - if (err) - goto out; +@@ -672,6 +676,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, + if (err) + goto out; + } + +#ifdef CONFIG_PAX_SEGMEXEC + vma_m = pax_find_mirror_vma(vma); -+ if (vma_m) { -+ err = policy_vma(vma_m, new_pol); ++ if (vma_m && vma_m->vm_ops && vma_m->vm_ops->set_policy) { ++ err = vma_m->vm_ops->set_policy(vma_m, new_pol); + if (err) + goto out; + } @@ -71106,7 +71244,7 @@ index 0a37570..2048346 100644 } out: -@@ -1112,6 +1126,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1105,6 +1119,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -71124,7 +71262,7 @@ index 0a37570..2048346 100644 if (end == start) return 0; -@@ -1330,6 +1355,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1323,6 +1348,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, if (!mm) goto out; @@ -71139,7 +71277,7 @@ index 0a37570..2048346 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1339,8 +1372,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1332,8 +1365,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -73948,7 +74086,7 @@ index 14380e9..e244704 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index f31b29d..8bdcae2 100644 +index 099c209..7db7b6f 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -74016,7 +74154,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 86ce9a5..fc9fb61 100644 +index 86ce9a5..550d03c 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74215,6 +74353,17 @@ index 86ce9a5..fc9fb61 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; +@@ -2375,8 +2442,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, + return NULL; + } + +- vms = kzalloc(sizeof(vms[0]) * nr_vms, GFP_KERNEL); +- vas = kzalloc(sizeof(vas[0]) * nr_vms, GFP_KERNEL); ++ vms = kcalloc(nr_vms, sizeof(vms[0]), GFP_KERNEL); ++ vas = kcalloc(nr_vms, sizeof(vas[0]), GFP_KERNEL); + if (!vas || !vms) + goto err_free2; + diff --git a/mm/vmstat.c b/mm/vmstat.c index f600557..1459fc8 100644 --- a/mm/vmstat.c @@ -78114,28 +78263,6 @@ index 1ac414f..a1c1451 100644 # Remove .so files from "xxx-objs" host-cobjs := $(filter-out %.so,$(host-cobjs)) -diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib -index 00c368c..bb3f3e9 100644 ---- a/scripts/Makefile.lib -+++ b/scripts/Makefile.lib -@@ -144,14 +144,14 @@ __a_flags = $(call flags,_a_flags) - __cpp_flags = $(call flags,_cpp_flags) - endif - --c_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \ -+c_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \ - $(__c_flags) $(modkern_cflags) \ - -D"KBUILD_STR(s)=\#s" $(basename_flags) $(modname_flags) - --a_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \ -+a_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \ - $(__a_flags) $(modkern_aflags) - --cpp_flags = -Wp,-MD,$(depfile) $(NOSTDINC_FLAGS) $(LINUXINCLUDE) \ -+cpp_flags = -Wp,-MD,$(depfile) $(LINUXINCLUDE) $(NOSTDINC_FLAGS) \ - $(__cpp_flags) - - ld_flags = $(LDFLAGS) $(ldflags-y) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index cb1f50c..cef2a7c 100644 --- a/scripts/basic/fixdep.c @@ -80278,10 +80405,10 @@ index 0000000..ee950d0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..88a7438 +index 0000000..89b7f56 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,303 @@ +@@ -0,0 +1,328 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> + * Copyright 2011 by PaX Team <pageexec@freemail.hu> @@ -80322,24 +80449,47 @@ index 0000000..88a7438 +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201111150100", ++ .version = "201205300030", + .help = "no-constify\tturn off constification\n", +}; + -+static void constify_type(tree type); -+static bool walk_struct(tree node); ++static void deconstify_tree(tree node); + -+static tree deconstify_type(tree old_type) ++static void deconstify_type(tree type) +{ -+ tree new_type, field; ++ tree field; ++ ++ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) { ++ tree type = TREE_TYPE(field); ++ ++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) ++ continue; ++ if (!TYPE_READONLY(type)) ++ continue; ++ ++ deconstify_tree(field); ++ } ++ TYPE_READONLY(type) = 0; ++ C_TYPE_FIELDS_READONLY(type) = 0; ++} ++ ++static void deconstify_tree(tree node) ++{ ++ tree old_type, new_type, field; ++ ++ old_type = TREE_TYPE(node); ++ ++ gcc_assert(TYPE_READONLY(old_type) && (TYPE_QUALS(old_type) & TYPE_QUAL_CONST)); + + new_type = build_qualified_type(old_type, TYPE_QUALS(old_type) & ~TYPE_QUAL_CONST); + TYPE_FIELDS(new_type) = copy_list(TYPE_FIELDS(new_type)); + for (field = TYPE_FIELDS(new_type); field; field = TREE_CHAIN(field)) + DECL_FIELD_CONTEXT(field) = new_type; -+ TYPE_READONLY(new_type) = 0; -+ C_TYPE_FIELDS_READONLY(new_type) = 0; -+ return new_type; ++ ++ deconstify_type(new_type); ++ ++ TREE_READONLY(node) = 0; ++ TREE_TYPE(node) = new_type; +} + +static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) @@ -80383,14 +80533,19 @@ index 0000000..88a7438 + } + + if (TREE_CODE(*node) == TYPE_DECL) { -+ TREE_TYPE(*node) = deconstify_type(type); -+ TREE_READONLY(*node) = 0; ++ deconstify_tree(*node); + return NULL_TREE; + } + + return NULL_TREE; +} + ++static void constify_type(tree type) ++{ ++ TYPE_READONLY(type) = 1; ++ C_TYPE_FIELDS_READONLY(type) = 1; ++} ++ +static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ + *no_add_attrs = true; @@ -80441,12 +80596,6 @@ index 0000000..88a7438 + register_attribute(&do_const_attr); +} + -+static void constify_type(tree type) -+{ -+ TYPE_READONLY(type) = 1; -+ C_TYPE_FIELDS_READONLY(type) = 1; -+} -+ +static bool is_fptr(tree field) +{ + tree ptr = TREE_TYPE(field); @@ -80461,11 +80610,14 @@ index 0000000..88a7438 +{ + tree field; + -+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) ++ if (TYPE_FIELDS(node) == NULL_TREE) + return false; + -+ if (TYPE_FIELDS(node) == NULL_TREE) ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) { ++ gcc_assert(!TYPE_READONLY(node)); ++ deconstify_type(node); + return false; ++ } + + for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) { + tree type = TREE_TYPE(field); @@ -95132,7 +95284,7 @@ index 0000000..ce7366b +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..4154daf +index 0000000..92b8ee6 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c @@ -0,0 +1,1188 @@ @@ -95358,7 +95510,7 @@ index 0000000..4154daf + const char *curfunc = NAME(func); + + new_hash = get_hash_num(curfunc, filename, 0); -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename); ++// inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s+", curfunc, curfunc, argnum, new_hash, filename); +} + +static void check_missing_attribute(tree arg) |