diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 16 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9-3.2.9-201203112136.patch (renamed from main/linux-grsec/grsecurity-2.9-3.2.7-201202261954.patch) | 2131 | ||||
-rw-r--r-- | main/linux-grsec/inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch | 174 | ||||
-rw-r--r-- | main/linux-grsec/linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch | 53 | ||||
-rw-r--r-- | main/linux-grsec/route-remove-redirect-genid.patch | 81 |
5 files changed, 2036 insertions, 419 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 6eba993dcf..13a6bed57a 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,9 +2,9 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.2.7 +pkgver=3.2.9 _kernver=3.2 -pkgrel=1 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,12 +14,13 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 http://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.9-3.2.7-201202261954.patch + grsecurity-2.9-3.2.9-201203112136.patch 0004-arp-flush-arp-cache-on-device-change.patch x86-centaur-enable-cx8-for-via-eden-too.patch - linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch + inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch + route-remove-redirect-genid.patch kernelconfig.x86 kernelconfig.x86_64 @@ -140,10 +141,11 @@ dev() { } md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 -899624bffed6a19578613b672cc9483f patch-3.2.7.bz2 -27f2e8898e796ff0301f3193e2ba76b3 grsecurity-2.9-3.2.7-201202261954.patch +4610f3e62a5446422d1e81a90ab3cd06 patch-3.2.9.bz2 +349de864a65ad6714e20bf8a14dd8756 grsecurity-2.9-3.2.9-201203112136.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch -62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch +0e57daa3b43acadd82ae66fa9e3f7da1 inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch +06061e5de624849e082c3c8dbe37c908 route-remove-redirect-genid.patch a4e7d46b18ca1495a1605c8520d74ee3 kernelconfig.x86 147306257d376f27799e9e72a303c80c kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9-3.2.7-201202261954.patch b/main/linux-grsec/grsecurity-2.9-3.2.9-201203112136.patch index 5978e7ccc7..f67d967925 100644 --- a/main/linux-grsec/grsecurity-2.9-3.2.7-201202261954.patch +++ b/main/linux-grsec/grsecurity-2.9-3.2.9-201203112136.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index dfa6fc6..0095943 100644 +index dfa6fc6..0aa3907 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -5,6 +5,7 @@ @@ -96,15 +96,16 @@ index dfa6fc6..0095943 100644 keywords.c ksym.c* ksym.h* -@@ -154,7 +168,6 @@ kxgettext +@@ -154,7 +168,7 @@ kxgettext lkc_defs.h lex.c lex.*.c -linux ++lib1funcs.S logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -166,14 +179,15 @@ machtypes.h +@@ -166,14 +180,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -121,7 +122,7 @@ index dfa6fc6..0095943 100644 mkprep mkregtable mktables -@@ -209,6 +223,7 @@ r300_reg_safe.h +@@ -209,6 +224,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -129,7 +130,7 @@ index dfa6fc6..0095943 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -219,6 +234,7 @@ setup +@@ -219,6 +235,7 @@ setup setup.bin setup.elf sImage @@ -137,7 +138,7 @@ index dfa6fc6..0095943 100644 sm_tbl* split-include syscalltab.h -@@ -229,6 +245,7 @@ tftpboot.img +@@ -229,6 +246,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -145,7 +146,7 @@ index dfa6fc6..0095943 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -246,7 +263,9 @@ vmlinux +@@ -246,7 +264,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -155,7 +156,7 @@ index dfa6fc6..0095943 100644 vmlinuz voffset.h vsyscall.lds -@@ -254,9 +273,11 @@ vsyscall_32.lds +@@ -254,9 +274,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -186,7 +187,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index d1bdc90..c985d2a 100644 +index 5f1739b..abd56ea 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -212,7 +213,7 @@ index d1bdc90..c985d2a 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,48 @@ else +@@ -564,6 +565,50 @@ else KBUILD_CFLAGS += -O2 endif @@ -238,7 +239,9 @@ index d1bdc90..c985d2a 100644 +CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN +endif +endif -+GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) ++COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so ++GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) +export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN +ifeq ($(KBUILD_EXTMOD),) @@ -261,7 +264,7 @@ index d1bdc90..c985d2a 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +751,7 @@ export mod_strip_cmd +@@ -708,7 +753,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -270,7 +273,7 @@ index d1bdc90..c985d2a 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +975,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -279,7 +282,7 @@ index d1bdc90..c985d2a 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +986,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -288,7 +291,7 @@ index d1bdc90..c985d2a 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1030,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -296,7 +299,7 @@ index d1bdc90..c985d2a 100644 prepare: prepare0 # Generate some files -@@ -1086,6 +1132,8 @@ all: modules +@@ -1086,6 +1134,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -305,7 +308,7 @@ index d1bdc90..c985d2a 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1149,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1101,7 +1151,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -314,7 +317,7 @@ index d1bdc90..c985d2a 100644 # Target to install modules PHONY += modules_install -@@ -1198,6 +1246,7 @@ distclean: mrproper +@@ -1198,6 +1248,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -322,7 +325,7 @@ index d1bdc90..c985d2a 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1358,6 +1407,8 @@ PHONY += $(module-dirs) modules +@@ -1358,6 +1409,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -331,7 +334,7 @@ index d1bdc90..c985d2a 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1535,21 @@ else +@@ -1484,17 +1537,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -357,7 +360,7 @@ index d1bdc90..c985d2a 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1559,15 @@ endif +@@ -1504,11 +1561,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -396,6 +399,32 @@ index 640f909..48b6597 100644 #define smp_mb__before_atomic_dec() smp_mb() #define smp_mb__after_atomic_dec() smp_mb() #define smp_mb__before_atomic_inc() smp_mb() +diff --git a/arch/alpha/include/asm/cache.h b/arch/alpha/include/asm/cache.h +index ad368a9..fbe0f25 100644 +--- a/arch/alpha/include/asm/cache.h ++++ b/arch/alpha/include/asm/cache.h +@@ -4,19 +4,19 @@ + #ifndef __ARCH_ALPHA_CACHE_H + #define __ARCH_ALPHA_CACHE_H + ++#include <linux/const.h> + + /* Bytes per L1 (data) cache line. */ + #if defined(CONFIG_ALPHA_GENERIC) || defined(CONFIG_ALPHA_EV6) +-# define L1_CACHE_BYTES 64 + # define L1_CACHE_SHIFT 6 + #else + /* Both EV4 and EV5 are write-through, read-allocate, + direct-mapped, physical. + */ +-# define L1_CACHE_BYTES 32 + # define L1_CACHE_SHIFT 5 + #endif + ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + #define SMP_CACHE_BYTES L1_CACHE_BYTES + + #endif diff --git a/arch/alpha/include/asm/elf.h b/arch/alpha/include/asm/elf.h index da5449e..7418343 100644 --- a/arch/alpha/include/asm/elf.h @@ -645,7 +674,7 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 86976d0..6610950 100644 +index 86976d0..35bff41 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -659,7 +688,163 @@ index 86976d0..6610950 100644 #define ATOMIC_INIT(i) { (i) } #ifdef __KERNEL__ -@@ -239,6 +243,14 @@ typedef struct { +@@ -27,6 +31,9 @@ + #define atomic_read(v) (*(volatile int *)&(v)->counter) + #define atomic_set(v,i) (((v)->counter) = (i)) + ++#define atomic_read_unchecked(v) (*(volatile int *)&(v)->counter) ++#define atomic_set_unchecked(v,i) (((v)->counter) = (i)) ++ + #if __LINUX_ARM_ARCH__ >= 6 + + /* +@@ -42,6 +49,28 @@ static inline void atomic_add(int i, atomic_t *v) + __asm__ __volatile__("@ atomic_add\n" + "1: ldrex %0, [%3]\n" + " add %0, %0, %4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strex %1, %0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "Ir" (i) ++ : "cc"); ++} ++ ++static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v) ++{ ++ unsigned long tmp; ++ int result; ++ ++ __asm__ __volatile__("@ atomic_add_unchecked\n" ++"1: ldrex %0, [%3]\n" ++" add %0, %0, %4\n" + " strex %1, %0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -60,6 +89,34 @@ static inline int atomic_add_return(int i, atomic_t *v) + __asm__ __volatile__("@ atomic_add_return\n" + "1: ldrex %0, [%3]\n" + " add %0, %0, %4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strex %1, %0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "Ir" (i) ++ : "cc"); ++ ++ smp_mb(); ++ ++ return result; ++} ++ ++static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) ++{ ++ unsigned long tmp; ++ int result; ++ ++ smp_mb(); ++ ++ __asm__ __volatile__("@ atomic_add_return_unchecked\n" ++"1: ldrex %0, [%3]\n" ++" add %0, %0, %4\n" + " strex %1, %0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -80,6 +137,28 @@ static inline void atomic_sub(int i, atomic_t *v) + __asm__ __volatile__("@ atomic_sub\n" + "1: ldrex %0, [%3]\n" + " sub %0, %0, %4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strex %1, %0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "Ir" (i) ++ : "cc"); ++} ++ ++static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v) ++{ ++ unsigned long tmp; ++ int result; ++ ++ __asm__ __volatile__("@ atomic_sub_unchecked\n" ++"1: ldrex %0, [%3]\n" ++" sub %0, %0, %4\n" + " strex %1, %0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -132,6 +211,28 @@ static inline int atomic_cmpxchg(atomic_t *ptr, int old, int new) + return oldval; + } + ++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *ptr, int old, int new) ++{ ++ unsigned long oldval, res; ++ ++ smp_mb(); ++ ++ do { ++ __asm__ __volatile__("@ atomic_cmpxchg_unchecked\n" ++ "ldrex %1, [%3]\n" ++ "mov %0, #0\n" ++ "teq %1, %4\n" ++ "strexeq %0, %5, [%3]\n" ++ : "=&r" (res), "=&r" (oldval), "+Qo" (ptr->counter) ++ : "r" (&ptr->counter), "Ir" (old), "r" (new) ++ : "cc"); ++ } while (res); ++ ++ smp_mb(); ++ ++ return oldval; ++} ++ + static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) + { + unsigned long tmp, tmp2; +@@ -207,6 +308,7 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) + #endif /* __LINUX_ARM_ARCH__ */ + + #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) ++#define atomic_xchg_unchecked(v, new) (xchg_unchecked(&((v)->counter), new)) + + static inline int __atomic_add_unless(atomic_t *v, int a, int u) + { +@@ -219,11 +321,15 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) + } + + #define atomic_inc(v) atomic_add(1, v) ++#define atomic_inc_unchecked(v) atomic_add_unchecked(1, v) + #define atomic_dec(v) atomic_sub(1, v) ++#define atomic_dec_unchecked(v) atomic_sub_unchecked(1, v) + + #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0) ++#define atomic_inc_and_test_unchecked(v) (atomic_add_return_unchecked(1, v) == 0) + #define atomic_dec_and_test(v) (atomic_sub_return(1, v) == 0) + #define atomic_inc_return(v) (atomic_add_return(1, v)) ++#define atomic_inc_return_unchecked(v) (atomic_add_return_unchecked(1, v)) + #define atomic_dec_return(v) (atomic_sub_return(1, v)) + #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) + +@@ -239,6 +345,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; @@ -674,23 +859,217 @@ index 86976d0..6610950 100644 #define ATOMIC64_INIT(i) { (i) } static inline u64 atomic64_read(atomic64_t *v) -@@ -459,6 +471,16 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -254,6 +368,19 @@ static inline u64 atomic64_read(atomic64_t *v) + return result; + } + ++static inline u64 atomic64_read_unchecked(atomic64_unchecked_t *v) ++{ ++ u64 result; ++ ++ __asm__ __volatile__("@ atomic64_read_unchecked\n" ++" ldrexd %0, %H0, [%1]" ++ : "=&r" (result) ++ : "r" (&v->counter), "Qo" (v->counter) ++ ); ++ ++ return result; ++} ++ + static inline void atomic64_set(atomic64_t *v, u64 i) + { + u64 tmp; +@@ -268,6 +395,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) + : "cc"); + } + ++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, u64 i) ++{ ++ u64 tmp; ++ ++ __asm__ __volatile__("@ atomic64_set_unchecked\n" ++"1: ldrexd %0, %H0, [%2]\n" ++" strexd %0, %3, %H3, [%2]\n" ++" teq %0, #0\n" ++" bne 1b" ++ : "=&r" (tmp), "=Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); ++} ++ + static inline void atomic64_add(u64 i, atomic64_t *v) + { + u64 result; +@@ -277,6 +418,29 @@ static inline void atomic64_add(u64 i, atomic64_t *v) + "1: ldrexd %0, %H0, [%3]\n" + " adds %0, %0, %4\n" + " adc %H0, %H0, %H4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strexd %1, %0, %H0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); ++} ++ ++static inline void atomic64_add_unchecked(u64 i, atomic64_unchecked_t *v) ++{ ++ u64 result; ++ unsigned long tmp; ++ ++ __asm__ __volatile__("@ atomic64_add_unchecked\n" ++"1: ldrexd %0, %H0, [%3]\n" ++" adds %0, %0, %4\n" ++" adc %H0, %H0, %H4\n" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -296,6 +460,35 @@ static inline u64 atomic64_add_return(u64 i, atomic64_t *v) + "1: ldrexd %0, %H0, [%3]\n" + " adds %0, %0, %4\n" + " adc %H0, %H0, %H4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strexd %1, %0, %H0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); ++ ++ smp_mb(); ++ ++ return result; ++} ++ ++static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v) ++{ ++ u64 result; ++ unsigned long tmp; ++ ++ smp_mb(); ++ ++ __asm__ __volatile__("@ atomic64_add_return_unchecked\n" ++"1: ldrexd %0, %H0, [%3]\n" ++" adds %0, %0, %4\n" ++" adc %H0, %H0, %H4\n" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -317,6 +510,29 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) + "1: ldrexd %0, %H0, [%3]\n" + " subs %0, %0, %4\n" + " sbc %H0, %H0, %H4\n" ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ "bvc 2f\n" ++ "\tbkpt 0xf103\n2:\n" ++#endif ++ ++" strexd %1, %0, %H0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); ++} ++ ++static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v) ++{ ++ u64 result; ++ unsigned long tmp; ++ ++ __asm__ __volatile__("@ atomic64_sub_unchecked\n" ++"1: ldrexd %0, %H0, [%3]\n" ++" subs %0, %0, %4\n" ++" sbc %H0, %H0, %H4\n" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" + " bne 1b" +@@ -372,6 +588,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) + return oldval; + } + ++static inline u64 atomic64_cmpxchg_unchecked(atomic64_unchecked_t *ptr, u64 old, u64 new) ++{ ++ u64 oldval; ++ unsigned long res; ++ ++ smp_mb(); ++ ++ do { ++ __asm__ __volatile__("@ atomic64_cmpxchg_unchecked\n" ++ "ldrexd %1, %H1, [%3]\n" ++ "mov %0, #0\n" ++ "teq %1, %4\n" ++ "teqeq %H1, %H4\n" ++ "strexdeq %0, %5, %H5, [%3]" ++ : "=&r" (res), "=&r" (oldval), "+Qo" (ptr->counter) ++ : "r" (&ptr->counter), "r" (old), "r" (new) ++ : "cc"); ++ } while (res); ++ ++ smp_mb(); ++ ++ return oldval; ++} ++ + static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) + { + u64 result; +@@ -451,10 +691,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) + + #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) + #define atomic64_inc(v) atomic64_add(1LL, (v)) ++#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1LL, (v)) + #define atomic64_inc_return(v) atomic64_add_return(1LL, (v)) ++#define atomic64_inc_return_unchecked(v) atomic64_add_return_unchecked(1LL, (v)) + #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0) + #define atomic64_sub_and_test(a, v) (atomic64_sub_return((a), (v)) == 0) + #define atomic64_dec(v) atomic64_sub(1LL, (v)) ++#define atomic64_dec_unchecked(v) atomic64_sub_unchecked(1LL, (v)) + #define atomic64_dec_return(v) atomic64_sub_return(1LL, (v)) #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0) #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL) +diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h +index 75fe66b..2255c86 100644 +--- a/arch/arm/include/asm/cache.h ++++ b/arch/arm/include/asm/cache.h +@@ -4,8 +4,10 @@ + #ifndef __ASMARM_CACHE_H + #define __ASMARM_CACHE_H -+#define atomic64_read_unchecked(v) atomic64_read(v) -+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) -+#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) -+#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) -+#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) -+#define atomic64_inc_unchecked(v) atomic64_inc(v) -+#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) -+#define atomic64_dec_unchecked(v) atomic64_dec(v) -+#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) ++#include <linux/const.h> + - #endif /* !CONFIG_GENERIC_ATOMIC64 */ - #endif - #endif + #define L1_CACHE_SHIFT CONFIG_ARM_L1_CACHE_SHIFT +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + /* + * Memory returned by kmalloc() may be used for DMA, so we must make +diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h +index d5d8d5c..ad92c96 100644 +--- a/arch/arm/include/asm/cacheflush.h ++++ b/arch/arm/include/asm/cacheflush.h +@@ -108,7 +108,7 @@ struct cpu_cache_fns { + void (*dma_unmap_area)(const void *, size_t, int); + + void (*dma_flush_range)(const void *, const void *); +-}; ++} __no_const; + + /* + * Select the calling method diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h index 0e9ce8d..6ef1e03 100644 --- a/arch/arm/include/asm/elf.h @@ -734,6 +1113,54 @@ index e51b1e8..32a3113 100644 KM_TYPE_NR }; +diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h +index 53426c6..c7baff3 100644 +--- a/arch/arm/include/asm/outercache.h ++++ b/arch/arm/include/asm/outercache.h +@@ -35,7 +35,7 @@ struct outer_cache_fns { + #endif + void (*set_debug)(unsigned long); + void (*resume)(void); +-}; ++} __no_const; + + #ifdef CONFIG_OUTER_CACHE + +diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h +index ca94653..6ac0d56 100644 +--- a/arch/arm/include/asm/page.h ++++ b/arch/arm/include/asm/page.h +@@ -123,7 +123,7 @@ struct cpu_user_fns { + void (*cpu_clear_user_highpage)(struct page *page, unsigned long vaddr); + void (*cpu_copy_user_highpage)(struct page *to, struct page *from, + unsigned long vaddr, struct vm_area_struct *vma); +-}; ++} __no_const; + + #ifdef MULTI_USER + extern struct cpu_user_fns cpu_user; +diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h +index 984014b..92345b9 100644 +--- a/arch/arm/include/asm/system.h ++++ b/arch/arm/include/asm/system.h +@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, + + #define xchg(ptr,x) \ + ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) ++#define xchg_unchecked(ptr,x) \ ++ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) + + extern asmlinkage void c_backtrace(unsigned long fp, int pmode); + +@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void); + extern void cpu_init(void); + + void arm_machine_restart(char mode, const char *cmd); +-extern void (*arm_pm_restart)(char str, const char *cmd); ++extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn; + + #define UDBG_UNDEFINED (1 << 0) + #define UDBG_SYSCALL (1 << 1) diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index b293616..96310e5 100644 --- a/arch/arm/include/asm/uaccess.h @@ -809,7 +1236,7 @@ index 5b0bce6..becd81c 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 3d0c6fb..3dcae52 100644 +index 3d0c6fb..9d326fa 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -820,7 +1247,33 @@ index 3d0c6fb..3dcae52 100644 #include <linux/hw_breakpoint.h> #include <linux/cpuidle.h> -@@ -484,12 +483,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused) + __setup("nohlt", nohlt_setup); + __setup("hlt", hlt_setup); + +-void arm_machine_restart(char mode, const char *cmd) ++__noreturn void arm_machine_restart(char mode, const char *cmd) + { + /* Disable interrupts first */ + local_irq_disable(); +@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd) + void (*pm_power_off)(void); + EXPORT_SYMBOL(pm_power_off); + +-void (*arm_pm_restart)(char str, const char *cmd) = arm_machine_restart; ++void (*arm_pm_restart)(char str, const char *cmd) __noreturn = arm_machine_restart; + EXPORT_SYMBOL_GPL(arm_pm_restart); + + static void do_nothing(void *unused) +@@ -248,6 +247,7 @@ void machine_power_off(void) + machine_shutdown(); + if (pm_power_off) + pm_power_off(); ++ BUG(); + } + + void machine_restart(char *cmd) +@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -833,6 +1286,27 @@ index 3d0c6fb..3dcae52 100644 #ifdef CONFIG_MMU /* * The vectors page is always readable from user space for the +diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c +index 8fc2c8f..064c150 100644 +--- a/arch/arm/kernel/setup.c ++++ b/arch/arm/kernel/setup.c +@@ -108,13 +108,13 @@ struct processor processor __read_mostly; + struct cpu_tlb_fns cpu_tlb __read_mostly; + #endif + #ifdef MULTI_USER +-struct cpu_user_fns cpu_user __read_mostly; ++struct cpu_user_fns cpu_user __read_only; + #endif + #ifdef MULTI_CACHE +-struct cpu_cache_fns cpu_cache __read_mostly; ++struct cpu_cache_fns cpu_cache __read_only; + #endif + #ifdef CONFIG_OUTER_CACHE +-struct outer_cache_fns outer_cache __read_mostly; ++struct outer_cache_fns outer_cache __read_only; + EXPORT_SYMBOL(outer_cache); + #endif + diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c index 99a5727..a3d5bb1 100644 --- a/arch/arm/kernel/traps.c @@ -883,6 +1357,18 @@ index 66a477a..bee61d3 100644 .pushsection .fixup,"ax" .align 0 +diff --git a/arch/arm/lib/copy_page.S b/arch/arm/lib/copy_page.S +index 6ee2f67..d1cce76 100644 +--- a/arch/arm/lib/copy_page.S ++++ b/arch/arm/lib/copy_page.S +@@ -10,6 +10,7 @@ + * ASM optimised string functions + */ + #include <linux/linkage.h> ++#include <linux/const.h> + #include <asm/assembler.h> + #include <asm/asm-offsets.h> + #include <asm/cache.h> diff --git a/arch/arm/lib/copy_to_user.S b/arch/arm/lib/copy_to_user.S index d066df6..df28194 100644 --- a/arch/arm/lib/copy_to_user.S @@ -1098,6 +1584,48 @@ index 44b628e..623ee2a 100644 /* * Remember the place where we stopped the search: */ +diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h +index 4c1a363..df311d0 100644 +--- a/arch/arm/plat-samsung/include/plat/dma-ops.h ++++ b/arch/arm/plat-samsung/include/plat/dma-ops.h +@@ -41,7 +41,7 @@ struct samsung_dma_ops { + int (*started)(unsigned ch); + int (*flush)(unsigned ch); + int (*stop)(unsigned ch); +-}; ++} __no_const; + + extern void *samsung_dmadev_get_ops(void); + extern void *s3c_dma_get_ops(void); +diff --git a/arch/arm/plat-samsung/include/plat/ehci.h b/arch/arm/plat-samsung/include/plat/ehci.h +index 5f28cae..3d23723 100644 +--- a/arch/arm/plat-samsung/include/plat/ehci.h ++++ b/arch/arm/plat-samsung/include/plat/ehci.h +@@ -14,7 +14,7 @@ + struct s5p_ehci_platdata { + int (*phy_init)(struct platform_device *pdev, int type); + int (*phy_exit)(struct platform_device *pdev, int type); +-}; ++} __no_const; + + extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd); + +diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h +index c3a58a1..78fbf54 100644 +--- a/arch/avr32/include/asm/cache.h ++++ b/arch/avr32/include/asm/cache.h +@@ -1,8 +1,10 @@ + #ifndef __ASM_AVR32_CACHE_H + #define __ASM_AVR32_CACHE_H + ++#include <linux/const.h> ++ + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + /* + * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h index 3b3159b..425ea94 100644 --- a/arch/avr32/include/asm/elf.h @@ -1177,6 +1705,60 @@ index f7040a1..db9f300 100644 if (exception_trace && printk_ratelimit()) printk("%s%s[%d]: segfault at %08lx pc %08lx " "sp %08lx ecr %lu\n", +diff --git a/arch/blackfin/include/asm/cache.h b/arch/blackfin/include/asm/cache.h +index 568885a..f8008df 100644 +--- a/arch/blackfin/include/asm/cache.h ++++ b/arch/blackfin/include/asm/cache.h +@@ -7,6 +7,7 @@ + #ifndef __ARCH_BLACKFIN_CACHE_H + #define __ARCH_BLACKFIN_CACHE_H + ++#include <linux/const.h> + #include <linux/linkage.h> /* for asmlinkage */ + + /* +@@ -14,7 +15,7 @@ + * Blackfin loads 32 bytes for cache + */ + #define L1_CACHE_SHIFT 5 +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + #define SMP_CACHE_BYTES L1_CACHE_BYTES + + #define ARCH_DMA_MINALIGN L1_CACHE_BYTES +diff --git a/arch/cris/include/arch-v10/arch/cache.h b/arch/cris/include/arch-v10/arch/cache.h +index aea2718..3639a60 100644 +--- a/arch/cris/include/arch-v10/arch/cache.h ++++ b/arch/cris/include/arch-v10/arch/cache.h +@@ -1,8 +1,9 @@ + #ifndef _ASM_ARCH_CACHE_H + #define _ASM_ARCH_CACHE_H + ++#include <linux/const.h> + /* Etrax 100LX have 32-byte cache-lines. */ +-#define L1_CACHE_BYTES 32 + #define L1_CACHE_SHIFT 5 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #endif /* _ASM_ARCH_CACHE_H */ +diff --git a/arch/cris/include/arch-v32/arch/cache.h b/arch/cris/include/arch-v32/arch/cache.h +index 1de779f..336fad3 100644 +--- a/arch/cris/include/arch-v32/arch/cache.h ++++ b/arch/cris/include/arch-v32/arch/cache.h +@@ -1,11 +1,12 @@ + #ifndef _ASM_CRIS_ARCH_CACHE_H + #define _ASM_CRIS_ARCH_CACHE_H + ++#include <linux/const.h> + #include <arch/hwregs/dma.h> + + /* A cache-line is 32 bytes. */ +-#define L1_CACHE_BYTES 32 + #define L1_CACHE_SHIFT 5 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define __read_mostly __attribute__((__section__(".data.read_mostly"))) + diff --git a/arch/frv/include/asm/atomic.h b/arch/frv/include/asm/atomic.h index 0d8a7d6..d0c9ff5 100644 --- a/arch/frv/include/asm/atomic.h @@ -1198,6 +1780,23 @@ index 0d8a7d6..d0c9ff5 100644 static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) { int c, old; +diff --git a/arch/frv/include/asm/cache.h b/arch/frv/include/asm/cache.h +index 2797163..c2a401d 100644 +--- a/arch/frv/include/asm/cache.h ++++ b/arch/frv/include/asm/cache.h +@@ -12,10 +12,11 @@ + #ifndef __ASM_CACHE_H + #define __ASM_CACHE_H + ++#include <linux/const.h> + + /* bytes per L1 cache line */ + #define L1_CACHE_SHIFT (CONFIG_FRV_L1_CACHE_SHIFT) +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define __cacheline_aligned __attribute__((aligned(L1_CACHE_BYTES))) + #define ____cacheline_aligned __attribute__((aligned(L1_CACHE_BYTES))) diff --git a/arch/frv/include/asm/kmap_types.h b/arch/frv/include/asm/kmap_types.h index f8e16b2..c73ff79 100644 --- a/arch/frv/include/asm/kmap_types.h @@ -1242,6 +1841,40 @@ index 385fd30..6c3d97e 100644 goto success; addr = vma->vm_end; } +diff --git a/arch/h8300/include/asm/cache.h b/arch/h8300/include/asm/cache.h +index c635028..6d9445a 100644 +--- a/arch/h8300/include/asm/cache.h ++++ b/arch/h8300/include/asm/cache.h +@@ -1,8 +1,10 @@ + #ifndef __ARCH_H8300_CACHE_H + #define __ARCH_H8300_CACHE_H + ++#include <linux/const.h> ++ + /* bytes per L1 cache line */ +-#define L1_CACHE_BYTES 4 ++#define L1_CACHE_BYTES _AC(4,UL) + + /* m68k-elf-gcc 2.95.2 doesn't like these */ + +diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h +index 0f01de2..d37d309 100644 +--- a/arch/hexagon/include/asm/cache.h ++++ b/arch/hexagon/include/asm/cache.h +@@ -21,9 +21,11 @@ + #ifndef __ASM_CACHE_H + #define __ASM_CACHE_H + ++#include <linux/const.h> ++ + /* Bytes per L1 cache line */ +-#define L1_CACHE_SHIFT (5) +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_SHIFT 5 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define __cacheline_aligned __aligned(L1_CACHE_BYTES) + #define ____cacheline_aligned __aligned(L1_CACHE_BYTES) diff --git a/arch/ia64/include/asm/atomic.h b/arch/ia64/include/asm/atomic.h index 3fad89e..3047da5 100644 --- a/arch/ia64/include/asm/atomic.h @@ -1263,6 +1896,27 @@ index 3fad89e..3047da5 100644 /* Atomic operations are already serializing */ #define smp_mb__before_atomic_dec() barrier() #define smp_mb__after_atomic_dec() barrier() +diff --git a/arch/ia64/include/asm/cache.h b/arch/ia64/include/asm/cache.h +index 988254a..e1ee885 100644 +--- a/arch/ia64/include/asm/cache.h ++++ b/arch/ia64/include/asm/cache.h +@@ -1,6 +1,7 @@ + #ifndef _ASM_IA64_CACHE_H + #define _ASM_IA64_CACHE_H + ++#include <linux/const.h> + + /* + * Copyright (C) 1998-2000 Hewlett-Packard Co +@@ -9,7 +10,7 @@ + + /* Bytes per L1 (data) cache line. */ + #define L1_CACHE_SHIFT CONFIG_IA64_L1_CACHE_SHIFT +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #ifdef CONFIG_SMP + # define SMP_CACHE_SHIFT L1_CACHE_SHIFT diff --git a/arch/ia64/include/asm/elf.h b/arch/ia64/include/asm/elf.h index b5298eb..67c6e62 100644 --- a/arch/ia64/include/asm/elf.h @@ -1578,6 +2232,22 @@ index 00cb0e2..2ad8024 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); down_write(¤t->mm->mmap_sem); if (insert_vm_struct(current->mm, vma)) { +diff --git a/arch/m32r/include/asm/cache.h b/arch/m32r/include/asm/cache.h +index 40b3ee9..8c2c112 100644 +--- a/arch/m32r/include/asm/cache.h ++++ b/arch/m32r/include/asm/cache.h +@@ -1,8 +1,10 @@ + #ifndef _ASM_M32R_CACHE_H + #define _ASM_M32R_CACHE_H + ++#include <linux/const.h> ++ + /* L1 cache line size */ + #define L1_CACHE_SHIFT 4 +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #endif /* _ASM_M32R_CACHE_H */ diff --git a/arch/m32r/lib/usercopy.c b/arch/m32r/lib/usercopy.c index 82abd15..d95ae5d 100644 --- a/arch/m32r/lib/usercopy.c @@ -1602,6 +2272,41 @@ index 82abd15..d95ae5d 100644 prefetchw(to); if (access_ok(VERIFY_READ, from, n)) __copy_user_zeroing(to,from,n); +diff --git a/arch/m68k/include/asm/cache.h b/arch/m68k/include/asm/cache.h +index 0395c51..5f26031 100644 +--- a/arch/m68k/include/asm/cache.h ++++ b/arch/m68k/include/asm/cache.h +@@ -4,9 +4,11 @@ + #ifndef __ARCH_M68K_CACHE_H + #define __ARCH_M68K_CACHE_H + ++#include <linux/const.h> ++ + /* bytes per L1 cache line */ + #define L1_CACHE_SHIFT 4 +-#define L1_CACHE_BYTES (1<< L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define ARCH_DMA_MINALIGN L1_CACHE_BYTES + +diff --git a/arch/microblaze/include/asm/cache.h b/arch/microblaze/include/asm/cache.h +index 4efe96a..60e8699 100644 +--- a/arch/microblaze/include/asm/cache.h ++++ b/arch/microblaze/include/asm/cache.h +@@ -13,11 +13,12 @@ + #ifndef _ASM_MICROBLAZE_CACHE_H + #define _ASM_MICROBLAZE_CACHE_H + ++#include <linux/const.h> + #include <asm/registers.h> + + #define L1_CACHE_SHIFT 5 + /* word-granular cache in microblaze */ +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define SMP_CACHE_BYTES L1_CACHE_BYTES + diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h index 1d93f81..67794d0 100644 --- a/arch/mips/include/asm/atomic.h @@ -1634,6 +2339,23 @@ index 1d93f81..67794d0 100644 #endif /* CONFIG_64BIT */ /* +diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h +index b4db69f..8f3b093 100644 +--- a/arch/mips/include/asm/cache.h ++++ b/arch/mips/include/asm/cache.h +@@ -9,10 +9,11 @@ + #ifndef _ASM_CACHE_H + #define _ASM_CACHE_H + ++#include <linux/const.h> + #include <kmalloc.h> + + #define L1_CACHE_SHIFT CONFIG_MIPS_L1_CACHE_SHIFT +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define SMP_CACHE_SHIFT L1_CACHE_SHIFT + #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h index 455c0ac..ad65fbe 100644 --- a/arch/mips/include/asm/elf.h @@ -1852,6 +2574,66 @@ index 302d779..7d35bf8 100644 - - return ret; -} +diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h +index 967d144..db12197 100644 +--- a/arch/mn10300/proc-mn103e010/include/proc/cache.h ++++ b/arch/mn10300/proc-mn103e010/include/proc/cache.h +@@ -11,12 +11,14 @@ + #ifndef _ASM_PROC_CACHE_H + #define _ASM_PROC_CACHE_H + ++#include <linux/const.h> ++ + /* L1 cache */ + + #define L1_CACHE_NWAYS 4 /* number of ways in caches */ + #define L1_CACHE_NENTRIES 256 /* number of entries in each way */ +-#define L1_CACHE_BYTES 16 /* bytes per entry */ + #define L1_CACHE_SHIFT 4 /* shift for bytes per entry */ ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) /* bytes per entry */ + #define L1_CACHE_WAYDISP 0x1000 /* displacement of one way from the next */ + + #define L1_CACHE_TAG_VALID 0x00000001 /* cache tag valid bit */ +diff --git a/arch/mn10300/proc-mn2ws0050/include/proc/cache.h b/arch/mn10300/proc-mn2ws0050/include/proc/cache.h +index bcb5df2..84fabd2 100644 +--- a/arch/mn10300/proc-mn2ws0050/include/proc/cache.h ++++ b/arch/mn10300/proc-mn2ws0050/include/proc/cache.h +@@ -16,13 +16,15 @@ + #ifndef _ASM_PROC_CACHE_H + #define _ASM_PROC_CACHE_H + ++#include <linux/const.h> ++ + /* + * L1 cache + */ + #define L1_CACHE_NWAYS 4 /* number of ways in caches */ + #define L1_CACHE_NENTRIES 128 /* number of entries in each way */ +-#define L1_CACHE_BYTES 32 /* bytes per entry */ + #define L1_CACHE_SHIFT 5 /* shift for bytes per entry */ ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) /* bytes per entry */ + #define L1_CACHE_WAYDISP 0x1000 /* distance from one way to the next */ + + #define L1_CACHE_TAG_VALID 0x00000001 /* cache tag valid bit */ +diff --git a/arch/openrisc/include/asm/cache.h b/arch/openrisc/include/asm/cache.h +index 4ce7a01..449202a 100644 +--- a/arch/openrisc/include/asm/cache.h ++++ b/arch/openrisc/include/asm/cache.h +@@ -19,11 +19,13 @@ + #ifndef __ASM_OPENRISC_CACHE_H + #define __ASM_OPENRISC_CACHE_H + ++#include <linux/const.h> ++ + /* FIXME: How can we replace these with values from the CPU... + * they shouldn't be hard-coded! + */ + +-#define L1_CACHE_BYTES 16 + #define L1_CACHE_SHIFT 4 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #endif /* __ASM_OPENRISC_CACHE_H */ diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h index 4054b31..a10c105 100644 --- a/arch/parisc/include/asm/atomic.h @@ -1873,6 +2655,34 @@ index 4054b31..a10c105 100644 #endif /* !CONFIG_64BIT */ +diff --git a/arch/parisc/include/asm/cache.h b/arch/parisc/include/asm/cache.h +index 47f11c7..3420df2 100644 +--- a/arch/parisc/include/asm/cache.h ++++ b/arch/parisc/include/asm/cache.h +@@ -5,6 +5,7 @@ + #ifndef __ARCH_PARISC_CACHE_H + #define __ARCH_PARISC_CACHE_H + ++#include <linux/const.h> + + /* + * PA 2.0 processors have 64-byte cachelines; PA 1.1 processors have +@@ -15,13 +16,13 @@ + * just ruin performance. + */ + #ifdef CONFIG_PA20 +-#define L1_CACHE_BYTES 64 + #define L1_CACHE_SHIFT 6 + #else +-#define L1_CACHE_BYTES 32 + #define L1_CACHE_SHIFT 5 + #endif + ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) ++ + #ifndef __ASSEMBLY__ + + #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h index 19f6cb1..6c78cf2 100644 --- a/arch/parisc/include/asm/elf.h @@ -2256,6 +3066,27 @@ index 02e41b5..ec6e26c 100644 #endif /* __powerpc64__ */ #endif /* __KERNEL__ */ +diff --git a/arch/powerpc/include/asm/cache.h b/arch/powerpc/include/asm/cache.h +index 4b50941..5605819 100644 +--- a/arch/powerpc/include/asm/cache.h ++++ b/arch/powerpc/include/asm/cache.h +@@ -3,6 +3,7 @@ + + #ifdef __KERNEL__ + ++#include <linux/const.h> + + /* bytes per L1 cache line */ + #if defined(CONFIG_8xx) || defined(CONFIG_403GCX) +@@ -22,7 +23,7 @@ + #define L1_CACHE_SHIFT 7 + #endif + +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define SMP_CACHE_BYTES L1_CACHE_BYTES + diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h index 3bf9cca..e7457d0 100644 --- a/arch/powerpc/include/asm/elf.h @@ -2636,6 +3467,34 @@ index cf9c69b..ebc9640 100644 mr r5,r3 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) +diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c +index 745c1e7..59d97a6 100644 +--- a/arch/powerpc/kernel/irq.c ++++ b/arch/powerpc/kernel/irq.c +@@ -547,9 +547,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node, + host->ops = ops; + host->of_node = of_node_get(of_node); + +- if (host->ops->match == NULL) +- host->ops->match = default_irq_host_match; +- + raw_spin_lock_irqsave(&irq_big_lock, flags); + + /* If it's a legacy controller, check for duplicates and +@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *node) + */ + raw_spin_lock_irqsave(&irq_big_lock, flags); + list_for_each_entry(h, &irq_hosts, link) +- if (h->ops->match(h, node)) { ++ if (h->ops->match) { ++ if (h->ops->match(h, node)) { ++ found = h; ++ break; ++ } ++ } else if (default_irq_host_match(h, node)) { + found = h; + break; + } diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c index 0b6d796..d760ddb 100644 --- a/arch/powerpc/kernel/module_32.c @@ -3104,6 +3963,22 @@ index 8517d2a..d2738d4 100644 #define smp_mb__before_atomic_dec() smp_mb() #define smp_mb__after_atomic_dec() smp_mb() #define smp_mb__before_atomic_inc() smp_mb() +diff --git a/arch/s390/include/asm/cache.h b/arch/s390/include/asm/cache.h +index 2a30d5a..5e5586f 100644 +--- a/arch/s390/include/asm/cache.h ++++ b/arch/s390/include/asm/cache.h +@@ -11,8 +11,10 @@ + #ifndef __ARCH_S390_CACHE_H + #define __ARCH_S390_CACHE_H + +-#define L1_CACHE_BYTES 256 ++#include <linux/const.h> ++ + #define L1_CACHE_SHIFT 8 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + #define NET_SKB_PAD 32 + + #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h index 547f1a6..0b22b53 100644 --- a/arch/s390/include/asm/elf.h @@ -3351,6 +4226,21 @@ index f09c748..cf9ec1d 100644 mm->get_unmapped_area = s390_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h +index ae3d59f..f65f075 100644 +--- a/arch/score/include/asm/cache.h ++++ b/arch/score/include/asm/cache.h +@@ -1,7 +1,9 @@ + #ifndef _ASM_SCORE_CACHE_H + #define _ASM_SCORE_CACHE_H + ++#include <linux/const.h> ++ + #define L1_CACHE_SHIFT 4 +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #endif /* _ASM_SCORE_CACHE_H */ diff --git a/arch/score/include/asm/system.h b/arch/score/include/asm/system.h index 589d5c7..669e274 100644 --- a/arch/score/include/asm/system.h @@ -3377,6 +4267,23 @@ index 25d0803..d6c8e36 100644 -{ - return sp; -} +diff --git a/arch/sh/include/asm/cache.h b/arch/sh/include/asm/cache.h +index ef9e555..331bd29 100644 +--- a/arch/sh/include/asm/cache.h ++++ b/arch/sh/include/asm/cache.h +@@ -9,10 +9,11 @@ + #define __ASM_SH_CACHE_H + #ifdef __KERNEL__ + ++#include <linux/const.h> + #include <linux/init.h> + #include <cpu/cache.h> + +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #define __read_mostly __attribute__((__section__(".data..read_mostly"))) + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c index afeb710..d1d1289 100644 --- a/arch/sh/mm/mmap.c @@ -3480,17 +4387,19 @@ index ad1fb5d..fc5315b 100644 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) VMLINUX_MAIN += $(drivers-y) $(net-y) -diff --git a/arch/sparc/include/asm/atomic.h b/arch/sparc/include/asm/atomic.h -index 8ff83d8..4a459c2 100644 ---- a/arch/sparc/include/asm/atomic.h -+++ b/arch/sparc/include/asm/atomic.h -@@ -4,5 +4,6 @@ - #include <asm/atomic_64.h> - #else - #include <asm/atomic_32.h> +diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h +index 5c3c8b6..ba822fa 100644 +--- a/arch/sparc/include/asm/atomic_32.h ++++ b/arch/sparc/include/asm/atomic_32.h +@@ -13,6 +13,8 @@ + + #include <linux/types.h> + +#include <asm-generic/atomic64.h> - #endif - #endif ++ + #ifdef __KERNEL__ + + #include <asm/system.h> diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index 9f421df..b81fc12 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -3682,15 +4591,20 @@ index 9f421df..b81fc12 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/sparc/include/asm/cache.h b/arch/sparc/include/asm/cache.h -index 69358b5..17b4745 100644 +index 69358b5..9d0d492 100644 --- a/arch/sparc/include/asm/cache.h +++ b/arch/sparc/include/asm/cache.h -@@ -10,7 +10,7 @@ +@@ -7,10 +7,12 @@ + #ifndef _SPARC_CACHE_H + #define _SPARC_CACHE_H + ++#include <linux/const.h> ++ #define ARCH_SLAB_MINALIGN __alignof__(unsigned long long) #define L1_CACHE_SHIFT 5 -#define L1_CACHE_BYTES 32 -+#define L1_CACHE_BYTES 32UL ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) #ifdef CONFIG_SPARC32 #define SMP_CACHE_BYTES_SHIFT 5 @@ -5739,6 +6653,24 @@ index 27fe667..36d474c 100644 /* Atomic dec and inc don't implement barrier, so provide them if needed. */ #define smp_mb__before_atomic_dec() smp_mb() #define smp_mb__after_atomic_dec() smp_mb() +diff --git a/arch/tile/include/asm/cache.h b/arch/tile/include/asm/cache.h +index 392e533..536b092 100644 +--- a/arch/tile/include/asm/cache.h ++++ b/arch/tile/include/asm/cache.h +@@ -15,11 +15,12 @@ + #ifndef _ASM_TILE_CACHE_H + #define _ASM_TILE_CACHE_H + ++#include <linux/const.h> + #include <arch/chip.h> + + /* bytes per L1 data cache line */ + #define L1_CACHE_SHIFT CHIP_L1D_LOG_LINE_SIZE() +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + /* bytes per L2 cache line */ + #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/um/Makefile b/arch/um/Makefile index 7730af6..cce5b19 100644 --- a/arch/um/Makefile @@ -5754,6 +6686,26 @@ index 7730af6..cce5b19 100644 #This will adjust *FLAGS accordingly to the platform. include $(srctree)/$(ARCH_DIR)/Makefile-os-$(OS) +diff --git a/arch/um/include/asm/cache.h b/arch/um/include/asm/cache.h +index 19e1bdd..3665b77 100644 +--- a/arch/um/include/asm/cache.h ++++ b/arch/um/include/asm/cache.h +@@ -1,6 +1,7 @@ + #ifndef __UM_CACHE_H + #define __UM_CACHE_H + ++#include <linux/const.h> + + #if defined(CONFIG_UML_X86) && !defined(CONFIG_64BIT) + # define L1_CACHE_SHIFT (CONFIG_X86_L1_CACHE_SHIFT) +@@ -12,6 +13,6 @@ + # define L1_CACHE_SHIFT 5 + #endif + +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + #endif diff --git a/arch/um/include/asm/kmap_types.h b/arch/um/include/asm/kmap_types.h index 6c03acd..a5e0215 100644 --- a/arch/um/include/asm/kmap_types.h @@ -5807,6 +6759,23 @@ index c533835..84db18e 100644 unsigned long get_wchan(struct task_struct *p) { unsigned long stack_page, sp, ip; +diff --git a/arch/unicore32/include/asm/cache.h b/arch/unicore32/include/asm/cache.h +index ad8f795..2c7eec6 100644 +--- a/arch/unicore32/include/asm/cache.h ++++ b/arch/unicore32/include/asm/cache.h +@@ -12,8 +12,10 @@ + #ifndef __UNICORE_CACHE_H__ + #define __UNICORE_CACHE_H__ + +-#define L1_CACHE_SHIFT (5) +-#define L1_CACHE_BYTES (1 << L1_CACHE_SHIFT) ++#include <linux/const.h> ++ ++#define L1_CACHE_SHIFT 5 ++#define L1_CACHE_BYTES (_AC(1,UL) << L1_CACHE_SHIFT) + + /* + * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index efb4294..61bc18c 100644 --- a/arch/x86/Kconfig @@ -6839,7 +7808,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index fd84387..0b4af7d 100644 +index fd84387..887aa7e 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -6851,6 +7820,34 @@ index fd84387..0b4af7d 100644 fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; +@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs) + current->mm->free_area_cache = TASK_UNMAPPED_BASE; + current->mm->cached_hole_size = 0; + ++ retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); ++ if (retval < 0) { ++ /* Someone check-me: is this error path enough? */ ++ send_sig(SIGKILL, current, 0); ++ return retval; ++ } ++ + install_exec_creds(bprm); + current->flags &= ~PF_FORKNOEXEC; + +@@ -410,13 +419,6 @@ beyond_if: + + set_brk(current->mm->start_brk, current->mm->brk); + +- retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); +- if (retval < 0) { +- /* Someone check-me: is this error path enough? */ +- send_sig(SIGKILL, current, 0); +- return retval; +- } +- + current->mm->start_stack = + (unsigned long)create_aout_tables((char __user *)bprm->p, bprm); + /* start thread */ diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c index 6557769..ef6ae89 100644 --- a/arch/x86/ia32/ia32_signal.c @@ -8830,7 +9827,7 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index c9e09ea..73888df 100644 +index a850b4d..bae26dc 100644 --- a/arch/x86/include/asm/i387.h +++ b/arch/x86/include/asm/i387.h @@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) @@ -8857,31 +9854,15 @@ index c9e09ea..73888df 100644 /* * Clear the bytes not touched by the fxsave and reserved * for the SW usage. -@@ -213,13 +223,8 @@ static inline void fpu_fxsave(struct fpu *fpu) - #endif /* CONFIG_X86_64 */ - - /* We need a safe address that is cheap to find and that is already -- in L1 during context switch. The best choices are unfortunately -- different for UP and SMP */ --#ifdef CONFIG_SMP --#define safe_address (__per_cpu_offset[0]) --#else --#define safe_address (kstat_cpu(0).cpustat.user) --#endif -+ in L1 during context switch. */ -+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) +@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void) + static inline bool interrupted_user_mode(void) + { + struct pt_regs *regs = get_irq_regs(); +- return regs && user_mode_vm(regs); ++ return regs && user_mode(regs); + } /* - * These must be called with preempt disabled -@@ -312,7 +317,7 @@ static inline void kernel_fpu_begin(void) - struct thread_info *me = current_thread_info(); - preempt_disable(); - if (me->status & TS_USEDFPU) -- __save_init_fpu(me->task); -+ __save_init_fpu(current); - else - clts(); - } diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h index d8e8eef..99f81ae 100644 --- a/arch/x86/include/asm/io.h @@ -9985,7 +10966,7 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index b650435..eefa566 100644 +index bb3ee36..781a6b8 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -268,7 +268,7 @@ struct tss_struct { @@ -9997,7 +10978,7 @@ index b650435..eefa566 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -10018,7 +10999,7 @@ index b650435..eefa566 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -10027,7 +11008,7 @@ index b650435..eefa566 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -10040,7 +11021,7 @@ index b650435..eefa566 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -10049,7 +11030,7 @@ index b650435..eefa566 100644 __regs__ - 1; \ }) -@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -10065,7 +11046,7 @@ index b650435..eefa566 100644 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -10079,7 +11060,7 @@ index b650435..eefa566 100644 } /* -@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -10610,7 +11591,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index a1fe5c1..ee326d8 100644 +index d7ef849..6af292e 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -10754,7 +11735,7 @@ index a1fe5c1..ee326d8 100644 #endif #endif /* !X86_32 */ -@@ -266,5 +242,16 @@ extern void arch_task_cache_init(void); +@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -16624,7 +17605,7 @@ index ee5d4fb..426649b 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 795b79f..063767a 100644 +index 8598296..bfadef0 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); @@ -16675,10 +17656,10 @@ index 795b79f..063767a 100644 int cpu = smp_processor_id(); - struct tss_struct *tss = &per_cpu(init_tss, cpu); + struct tss_struct *tss = init_tss + cpu; - bool preload_fpu; + fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -331,6 +332,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -16689,32 +17670,32 @@ index 795b79f..063767a 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -366,6 +371,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); + percpu_write(current_task, next_p); + percpu_write(current_tinfo, &next_p->tinfo); + - if (preload_fpu) - __math_state_restore(); + /* + * Restore %gs if needed (which is common) + */ +@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) -@@ -375,8 +383,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) - if (prev->gs | next->gs) - lazy_load_gs(next->gs); + switch_fpu_finish(next_p, fpu); - percpu_write(current_task, next_p); - return prev_p; } -@@ -406,4 +412,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 3bd7e6e..90b2bcf 100644 +index 6a364a6..b147d11 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -16751,9 +17732,9 @@ index 3bd7e6e..90b2bcf 100644 - struct tss_struct *tss = &per_cpu(init_tss, cpu); + struct tss_struct *tss = init_tss + cpu; unsigned fsindex, gsindex; - bool preload_fpu; + fpu_switch_t fpu; -@@ -475,10 +475,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -16766,7 +17747,7 @@ index 3bd7e6e..90b2bcf 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -540,12 +539,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -17822,7 +18803,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index a8e3eb8..c9dbd7d 100644 +index 31d9d0f..e244dd9 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -17967,25 +18948,17 @@ index a8e3eb8..c9dbd7d 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -568,7 +597,7 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) - void __math_state_restore(void) +@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) + void __math_state_restore(struct task_struct *tsk) { - struct thread_info *thread = current_thread_info(); -- struct task_struct *tsk = thread->task; -+ struct task_struct *tsk = current; - - /* - * Paranoid restore. send a SIGSEGV if we fail to restore the state. -@@ -595,8 +624,7 @@ void __math_state_restore(void) - */ - asmlinkage void math_state_restore(void) - { -- struct thread_info *thread = current_thread_info(); -- struct task_struct *tsk = thread->task; -+ struct task_struct *tsk = current; + /* We need a safe address that is cheap to find and that is already +- in L1. We've just brought in "tsk->thread.has_fpu", so use that */ +-#define safe_address (tsk->thread.has_fpu) ++ in L1. */ ++#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) - if (!tsk_used_math(tsk)) { - local_irq_enable(); + /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception + is pending. Clear the x87 state here by setting it to fixed diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -18396,7 +19369,7 @@ index 9796c2f..f686fbf 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index a391134..d0b63b6e 100644 +index 7110911..e8cdee5 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c @@ -130,7 +130,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, @@ -18408,7 +19381,7 @@ index a391134..d0b63b6e 100644 fx_sw_user->extended_size - FP_XSTATE_MAGIC2_SIZE)); if (err) -@@ -267,7 +267,7 @@ fx_only: +@@ -266,7 +266,7 @@ fx_only: * the other extended state. */ xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); @@ -18417,7 +19390,7 @@ index a391134..d0b63b6e 100644 } /* -@@ -299,7 +299,7 @@ int restore_i387_xstate(void __user *buf) +@@ -295,7 +295,7 @@ int restore_i387_xstate(void __user *buf) if (use_xsave()) err = restore_user_xstate(buf); else @@ -18540,7 +19513,7 @@ index e32243e..a6e6172 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 579a0b5..ed7bbf9 100644 +index 4ea7678..b3a7084 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1305,7 +1305,11 @@ static void reload_tss(void) @@ -25133,6 +26106,67 @@ index b095739..8c17bcd 100644 struct trap_info; void xen_copy_trap_info(struct trap_info *traps); +diff --git a/arch/xtensa/variants/dc232b/include/variant/core.h b/arch/xtensa/variants/dc232b/include/variant/core.h +index 525bd3d..ef888b1 100644 +--- a/arch/xtensa/variants/dc232b/include/variant/core.h ++++ b/arch/xtensa/variants/dc232b/include/variant/core.h +@@ -119,9 +119,9 @@ + ----------------------------------------------------------------------*/ + + #define XCHAL_ICACHE_LINESIZE 32 /* I-cache line size in bytes */ +-#define XCHAL_DCACHE_LINESIZE 32 /* D-cache line size in bytes */ + #define XCHAL_ICACHE_LINEWIDTH 5 /* log2(I line size in bytes) */ + #define XCHAL_DCACHE_LINEWIDTH 5 /* log2(D line size in bytes) */ ++#define XCHAL_DCACHE_LINESIZE (_AC(1,UL) << XCHAL_DCACHE_LINEWIDTH) /* D-cache line size in bytes */ + + #define XCHAL_ICACHE_SIZE 16384 /* I-cache size in bytes or 0 */ + #define XCHAL_DCACHE_SIZE 16384 /* D-cache size in bytes or 0 */ +diff --git a/arch/xtensa/variants/fsf/include/variant/core.h b/arch/xtensa/variants/fsf/include/variant/core.h +index 2f33760..835e50a 100644 +--- a/arch/xtensa/variants/fsf/include/variant/core.h ++++ b/arch/xtensa/variants/fsf/include/variant/core.h +@@ -11,6 +11,7 @@ + #ifndef _XTENSA_CORE_H + #define _XTENSA_CORE_H + ++#include <linux/const.h> + + /**************************************************************************** + Parameters Useful for Any Code, USER or PRIVILEGED +@@ -112,9 +113,9 @@ + ----------------------------------------------------------------------*/ + + #define XCHAL_ICACHE_LINESIZE 16 /* I-cache line size in bytes */ +-#define XCHAL_DCACHE_LINESIZE 16 /* D-cache line size in bytes */ + #define XCHAL_ICACHE_LINEWIDTH 4 /* log2(I line size in bytes) */ + #define XCHAL_DCACHE_LINEWIDTH 4 /* log2(D line size in bytes) */ ++#define XCHAL_DCACHE_LINESIZE (_AC(1,UL) << XCHAL_DCACHE_LINEWIDTH) /* D-cache line size in bytes */ + + #define XCHAL_ICACHE_SIZE 8192 /* I-cache size in bytes or 0 */ + #define XCHAL_DCACHE_SIZE 8192 /* D-cache size in bytes or 0 */ +diff --git a/arch/xtensa/variants/s6000/include/variant/core.h b/arch/xtensa/variants/s6000/include/variant/core.h +index af00795..2bb8105 100644 +--- a/arch/xtensa/variants/s6000/include/variant/core.h ++++ b/arch/xtensa/variants/s6000/include/variant/core.h +@@ -11,6 +11,7 @@ + #ifndef _XTENSA_CORE_CONFIGURATION_H + #define _XTENSA_CORE_CONFIGURATION_H + ++#include <linux/const.h> + + /**************************************************************************** + Parameters Useful for Any Code, USER or PRIVILEGED +@@ -118,9 +119,9 @@ + ----------------------------------------------------------------------*/ + + #define XCHAL_ICACHE_LINESIZE 16 /* I-cache line size in bytes */ +-#define XCHAL_DCACHE_LINESIZE 16 /* D-cache line size in bytes */ + #define XCHAL_ICACHE_LINEWIDTH 4 /* log2(I line size in bytes) */ + #define XCHAL_DCACHE_LINEWIDTH 4 /* log2(D line size in bytes) */ ++#define XCHAL_DCACHE_LINESIZE (_AC(1,UL) << XCHAL_DCACHE_LINEWIDTH) /* D-cache line size in bytes */ + + #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ + #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c index 58916af..9cb880b 100644 --- a/block/blk-iopoll.c @@ -28881,6 +29915,18 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { +diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c +index cb1acff..8861bc5 100644 +--- a/drivers/gpu/drm/radeon/r600_cs.c ++++ b/drivers/gpu/drm/radeon/r600_cs.c +@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct radeon_cs_parser *p, u32 idx, + h0 = G_038004_TEX_HEIGHT(word1) + 1; + d0 = G_038004_TEX_DEPTH(word1); + nfaces = 1; ++ array = 0; + switch (G_038000_DIM(word0)) { + case V_038000_SQ_TEX_DIM_1D: + case V_038000_SQ_TEX_DIM_2D: diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h index 8227e76..ce0b195 100644 --- a/drivers/gpu/drm/radeon/radeon.h @@ -33867,7 +34913,7 @@ index 1cfbf22..be96487 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 04e74f4..a960176 100644 +index dfee1b3..a454fb6 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -35231,7 +36277,7 @@ index bafccb3..e3ac78d 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h -index 9e8f010..af9efb5 100644 +index 9e8f010..af9efb56 100644 --- a/drivers/staging/iio/buffer_generic.h +++ b/drivers/staging/iio/buffer_generic.h @@ -64,7 +64,7 @@ struct iio_buffer_access_funcs { @@ -35620,7 +36666,7 @@ index 6845228..df77141 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 861628e..659ae80 100644 +index e4ddb93..2fc6e0f 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( @@ -35662,7 +36708,7 @@ index 861628e..659ae80 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); -@@ -4273,7 +4273,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4296,7 +4296,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -35671,7 +36717,7 @@ index 861628e..659ae80 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4522,7 +4522,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4545,7 +4545,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -35680,7 +36726,7 @@ index 861628e..659ae80 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4559,7 +4559,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4582,7 +4582,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -39794,7 +40840,7 @@ index 8342ca6..82fd192 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index a6395bd..a5b24c4 100644 +index a6395bd..f1e376a 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -39836,7 +40882,17 @@ index a6395bd..a5b24c4 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; -@@ -262,6 +269,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -259,9 +266,37 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) + current->mm->free_area_cache = current->mm->mmap_base; + current->mm->cached_hole_size = 0; + ++ retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); ++ if (retval < 0) { ++ /* Someone check-me: is this error path enough? */ ++ send_sig(SIGKILL, current, 0); ++ return retval; ++ } ++ install_exec_creds(bprm); current->flags &= ~PF_FORKNOEXEC; @@ -39864,7 +40920,7 @@ index a6395bd..a5b24c4 100644 if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -334,7 +362,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -334,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -39873,8 +40929,22 @@ index a6395bd..a5b24c4 100644 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); +@@ -352,13 +387,6 @@ beyond_if: + return retval; + } + +- retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); +- if (retval < 0) { +- /* Someone check-me: is this error path enough? */ +- send_sig(SIGKILL, current, 0); +- return retval; +- } +- + current->mm->start_stack = + (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); + #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 21ac5ee..31d14e9 100644 +index 21ac5ee..dbf63ee 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -40009,6 +41079,7 @@ index 21ac5ee..31d14e9 100644 return error; } ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static unsigned long pax_parse_pt_pax_softmode(const struct elf_phdr * const elf_phdata) +{ + unsigned long pax_flags = 0UL; @@ -40154,7 +41225,7 @@ index 21ac5ee..31d14e9 100644 +#endif + +#ifdef CONFIG_PAX_SEGMEXEC -+ if (!(__supported_pte_mask & _PAGE_NX)) { ++ if (!(pax_flags & MF_PAX_PAGEEXEC) || !(__supported_pte_mask & _PAGE_NX)) { + pax_flags &= ~MF_PAX_PAGEEXEC; + pax_flags |= MF_PAX_SEGMEXEC; + } @@ -40328,7 +41399,6 @@ index 21ac5ee..31d14e9 100644 + +} + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) +{ + unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; @@ -40565,6 +41635,15 @@ index 21ac5ee..31d14e9 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } +@@ -1421,7 +1886,7 @@ static int fill_thread_core_info(struct elf_thread_core_info *t, + for (i = 1; i < view->n; ++i) { + const struct user_regset *regset = &view->regsets[i]; + do_thread_regset_writeback(t->task, regset); +- if (regset->core_note_type && ++ if (regset->core_note_type && regset->get && + (!regset->active || regset->active(t->task, regset))) { + int ret; + size_t size = regset->n * regset->size; @@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } @@ -41632,7 +42711,7 @@ index f3a257d..715ac0f 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index d2039ca..a766407 100644 +index af11098..81e3bbe 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, @@ -41698,7 +42777,7 @@ index 608c1c3..7d040a8 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 3625464..04855f9 100644 +index 3625464..cdeecdb 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,12 +55,28 @@ @@ -41766,11 +42845,11 @@ index 3625464..04855f9 100644 return page; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ // only allow 1MB for argv+env on suid/sgid binaries ++ // only allow 512KB for argv+env on suid/sgid binaries + // to prevent easy ASLR exhaustion + if (((bprm->cred->euid != current_euid()) || + (bprm->cred->egid != current_egid())) && -+ (size > (1024 * 1024))) { ++ (size > (512 * 1024))) { + put_page(page); + return NULL; + } @@ -41798,7 +42877,7 @@ index 3625464..04855f9 100644 + +#ifdef CONFIG_PAX_RANDUSTACK + if (randomize_va_space) -+ bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK; ++ bprm->p ^= random32() & ~PAGE_MASK; +#endif + return 0; @@ -42023,18 +43102,36 @@ index 3625464..04855f9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1442,6 +1475,10 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1442,6 +1475,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+static atomic64_unchecked_t global_exec_counter = ATOMIC64_INIT(0); ++static DEFINE_PER_CPU(u64, exec_counter); ++static int __init init_exec_counters(void) ++{ ++ unsigned int cpu; ++ ++ for_each_possible_cpu(cpu) { ++ per_cpu(exec_counter, cpu) = (u64)cpu; ++ } ++ ++ return 0; ++} ++early_initcall(init_exec_counters); ++static inline void increment_exec_counter(void) ++{ ++ BUILD_BUG_ON(NR_CPUS > (1 << 16)); ++ current->exec_id = this_cpu_add_return(exec_counter, 1 << 16); ++} ++#else ++static inline void increment_exec_counter(void) {} +#endif + /* * sys_execve() executes a new program. */ -@@ -1450,6 +1487,11 @@ static int do_execve_common(const char *filename, +@@ -1450,6 +1505,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -42046,7 +43143,7 @@ index 3625464..04855f9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1457,6 +1499,8 @@ static int do_execve_common(const char *filename, +@@ -1457,6 +1517,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -42055,7 +43152,7 @@ index 3625464..04855f9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1497,12 +1541,27 @@ static int do_execve_common(const char *filename, +@@ -1497,12 +1559,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -42083,24 +43180,10 @@ index 3625464..04855f9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1532,11 +1591,46 @@ static int do_execve_common(const char *filename, +@@ -1519,24 +1596,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; -+ if (!gr_tpe_allow(file)) { -+ retval = -EACCES; -+ goto out; -+ } -+ -+ if (gr_check_crash_exec(file)) { -+ retval = -EACCES; -+ goto out; -+ } -+ -+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); -+ -+ gr_handle_exec_args(bprm, argv); -+ +#ifdef CONFIG_GRKERNSEC + old_acl = current->acl; + memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim)); @@ -42108,12 +43191,50 @@ index 3625464..04855f9 100644 + get_file(file); + current->exec_file = file; +#endif ++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP ++ /* limit suid stack to 8MB ++ we saved the old limits above and will restore them if this exec fails ++ */ ++ if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) && ++ (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024))) ++ current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024; ++#endif ++ ++ if (!gr_tpe_allow(file)) { ++ retval = -EACCES; ++ goto out_fail; ++ } ++ ++ if (gr_check_crash_exec(file)) { ++ retval = -EACCES; ++ goto out_fail; ++ } + + retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt, + bprm->unsafe); + if (retval < 0) + goto out_fail; + + retval = copy_strings_kernel(1, &bprm->filename, bprm); + if (retval < 0) +- goto out; ++ goto out_fail; + + bprm->exec = bprm->p; + retval = copy_strings(bprm->envc, envp, bprm); + if (retval < 0) +- goto out; ++ goto out_fail; + + retval = copy_strings(bprm->argc, argv, bprm); + if (retval < 0) +- goto out; ++ goto out_fail; ++ ++ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); ++ ++ gr_handle_exec_args(bprm, argv); + retval = search_binary_handler(bprm,regs); if (retval < 0) - goto out; @@ -42124,14 +43245,12 @@ index 3625464..04855f9 100644 +#endif /* execve succeeded */ -+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP -+ current->exec_id = atomic64_inc_return_unchecked(&global_exec_counter); -+#endif + ++ increment_exec_counter(); current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1545,6 +1639,14 @@ static int do_execve_common(const char *filename, +@@ -1545,6 +1663,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -42146,7 +43265,7 @@ index 3625464..04855f9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1618,7 +1720,7 @@ static int expand_corename(struct core_name *cn) +@@ -1618,7 +1744,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -42155,7 +43274,7 @@ index 3625464..04855f9 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1715,7 +1817,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1715,7 +1841,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -42164,7 +43283,7 @@ index 3625464..04855f9 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1812,6 +1914,218 @@ out: +@@ -1812,6 +1938,218 @@ out: return ispipe; } @@ -42355,7 +43474,7 @@ index 3625464..04855f9 100644 +#endif +} + -+NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ++__noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) +{ + if (current->signal->curr_ip) + printk(KERN_ERR "PAX: From %pI4: kernel memory %s attempt detected %s %p (%s) (%lu bytes)\n", @@ -42383,7 +43502,7 @@ index 3625464..04855f9 100644 static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2023,17 +2337,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2023,17 +2361,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -42406,7 +43525,7 @@ index 3625464..04855f9 100644 pipe_unlock(pipe); } -@@ -2094,7 +2408,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2094,7 +2432,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -42415,7 +43534,7 @@ index 3625464..04855f9 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2109,6 +2423,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2109,6 +2447,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -42425,7 +43544,7 @@ index 3625464..04855f9 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2176,7 +2493,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2176,7 +2517,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -42434,7 +43553,7 @@ index 3625464..04855f9 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2203,6 +2520,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2203,6 +2544,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -42443,7 +43562,7 @@ index 3625464..04855f9 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2246,7 +2565,7 @@ close_fail: +@@ -2246,7 +2589,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -42452,7 +43571,7 @@ index 3625464..04855f9 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2265,7 +2584,7 @@ fail: +@@ -2265,7 +2608,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44416,7 +45535,7 @@ index 637694b..f84a121 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 5008f01..90328a7 100644 +index 744e942..24ef47f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) @@ -44491,7 +45610,7 @@ index 5008f01..90328a7 100644 error = 0; if (s) error = __vfs_follow_link(nd, s); -@@ -1622,6 +1638,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -44513,7 +45632,7 @@ index 5008f01..90328a7 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1649,6 +1680,15 @@ static int do_path_lookup(int dfd, const char *name, +@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name, retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) { @@ -44529,7 +45648,7 @@ index 5008f01..90328a7 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2046,6 +2086,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -44543,7 +45662,7 @@ index 5008f01..90328a7 100644 return 0; } -@@ -2107,6 +2154,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -44560,7 +45679,7 @@ index 5008f01..90328a7 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error = -EISDIR; -@@ -2117,6 +2174,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -44577,7 +45696,7 @@ index 5008f01..90328a7 100644 audit_inode(pathname, dir); goto ok; } -@@ -2138,6 +2205,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(-ECHILD); @@ -44594,7 +45713,7 @@ index 5008f01..90328a7 100644 error = -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2178,6 +2255,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { int mode = op->mode; @@ -44607,7 +45726,7 @@ index 5008f01..90328a7 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2201,6 +2284,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -44616,7 +45735,7 @@ index 5008f01..90328a7 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2210,6 +2295,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* * It already exists. */ @@ -44636,7 +45755,7 @@ index 5008f01..90328a7 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2422,6 +2520,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -44648,7 +45767,7 @@ index 5008f01..90328a7 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2444,6 +2547,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -44669,7 +45788,7 @@ index 5008f01..90328a7 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2511,6 +2628,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44687,7 +45806,7 @@ index 5008f01..90328a7 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2528,6 +2656,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -44697,7 +45816,7 @@ index 5008f01..90328a7 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2577,12 +2708,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) +@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44719,7 +45838,7 @@ index 5008f01..90328a7 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2662,6 +2802,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -44728,7 +45847,7 @@ index 5008f01..90328a7 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2690,6 +2832,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -44744,7 +45863,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2697,6 +2848,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -44753,7 +45872,7 @@ index 5008f01..90328a7 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2759,6 +2912,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -44762,7 +45881,7 @@ index 5008f01..90328a7 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2781,6 +2936,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -44779,7 +45898,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2788,6 +2953,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -44788,7 +45907,7 @@ index 5008f01..90328a7 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2863,10 +3030,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44807,7 +45926,7 @@ index 5008f01..90328a7 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2938,6 +3113,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -44815,7 +45934,7 @@ index 5008f01..90328a7 100644 int how = 0; int error; -@@ -2961,7 +3137,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -44824,7 +45943,7 @@ index 5008f01..90328a7 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2972,13 +3148,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -44855,7 +45974,7 @@ index 5008f01..90328a7 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3206,6 +3399,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; @@ -44868,7 +45987,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3215,6 +3414,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -44878,7 +45997,7 @@ index 5008f01..90328a7 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3240,6 +3442,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -44887,7 +46006,7 @@ index 5008f01..90328a7 100644 int len; len = PTR_ERR(link); -@@ -3249,7 +3453,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -45534,7 +46653,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3a1dafd..1456746 100644 +index 3a1dafd..bf1bd84 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -45642,9 +46761,12 @@ index 3a1dafd..1456746 100644 esp, eip, /* The signal information here is obsolete. -@@ -535,6 +592,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) + { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; - struct mm_struct *mm = get_task_mm(task); +- struct mm_struct *mm = get_task_mm(task); ++ struct mm_struct *mm; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (current->exec_id != m->exec_id) { @@ -45652,7 +46774,7 @@ index 3a1dafd..1456746 100644 + return 0; + } +#endif -+ ++ mm = get_task_mm(task); if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); @@ -47340,10 +48462,10 @@ index 23ce927..e274cc1 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..41df561 +index 0000000..4089e05 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1075 @@ +@@ -0,0 +1,1078 @@ +# +# grecurity configuration +# @@ -47618,11 +48740,13 @@ index 0000000..41df561 + dangerous sources of information, this option causes reads of sensitive + /proc/<pid> entries where the file descriptor was opened in a different + task than the one performing the read. Such attempts are logged. -+ Finally, this option limits argv/env strings for suid/sgid binaries -+ to 1MB to prevent a complete exhaustion of the stack entropy provided -+ by ASLR. ++ This option also limits argv/env strings for suid/sgid binaries ++ to 512KB to prevent a complete exhaustion of the stack entropy provided ++ by ASLR. Finally, it places an 8MB stack resource limit on suid/sgid ++ binaries to prevent alternative mmap layouts from being abused. ++ + If you use PaX it is essential that you say Y here as it closes up -+ several holes that make full ASLR useless for suid/sgid binaries. ++ several holes that make full ASLR useless locally. + +config GRKERNSEC_BRUTE + bool "Deter exploit bruteforcing" @@ -47762,8 +48886,9 @@ index 0000000..41df561 + Depending upon the option you choose, you can either restrict users to + see only the processes they themselves run, or choose a group that can + view all processes and files normally restricted to root if you choose -+ the "restrict to user only" option. NOTE: If you're running identd as -+ a non-root user, you will have to run it as the group you specify here. ++ the "restrict to user only" option. NOTE: If you're running identd or ++ ntpd as a non-root user, you will have to run it as the group you ++ specify here. + +config GRKERNSEC_PROC_USER + bool "Restrict /proc to user only" @@ -48421,10 +49546,10 @@ index 0000000..41df561 +endmenu diff --git a/grsecurity/Makefile b/grsecurity/Makefile new file mode 100644 -index 0000000..496e60d +index 0000000..1b9afa9 --- /dev/null +++ b/grsecurity/Makefile -@@ -0,0 +1,40 @@ +@@ -0,0 +1,38 @@ +# grsecurity's ACL system was originally written in 2001 by Michael Dalton +# during 2001-2009 it has been completely redesigned by Brad Spengler +# into an RBAC system @@ -48433,9 +49558,7 @@ index 0000000..496e60d +# are copyright Brad Spengler - Open Source Security, Inc., and released +# under the GPL v2 or higher + -+ifndef CONFIG_IA64 +KBUILD_CFLAGS += -Werror -+endif + +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ + grsec_mount.o grsec_sig.o grsec_sysctl.o \ @@ -48467,10 +49590,10 @@ index 0000000..496e60d +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..7715893 +index 0000000..2733872 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4164 @@ +@@ -0,0 +1,4163 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -50246,7 +51369,7 @@ index 0000000..7715893 + +static struct acl_object_label * +chk_glob_label(struct acl_object_label *globbed, -+ struct dentry *dentry, struct vfsmount *mnt, char **path) ++ const struct dentry *dentry, const struct vfsmount *mnt, char **path) +{ + struct acl_object_label *tmp; + @@ -50279,8 +51402,7 @@ index 0000000..7715893 + retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj); + if (retval) { + if (checkglob && retval->globbed) { -+ retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry, -+ (struct vfsmount *)orig_mnt, path); ++ retval2 = chk_glob_label(retval->globbed, orig_dentry, orig_mnt, path); + if (retval2) + retval = retval2; + } @@ -57654,6 +58776,19 @@ index 1bfcfe5..e04c5c9 100644 +#define L1_CACHE_BYTES (1UL << L1_CACHE_SHIFT) #endif /* __ASM_GENERIC_CACHE_H */ +diff --git a/include/asm-generic/emergency-restart.h b/include/asm-generic/emergency-restart.h +index 0d68a1e..b74a761 100644 +--- a/include/asm-generic/emergency-restart.h ++++ b/include/asm-generic/emergency-restart.h +@@ -1,7 +1,7 @@ + #ifndef _ASM_GENERIC_EMERGENCY_RESTART_H + #define _ASM_GENERIC_EMERGENCY_RESTART_H + +-static inline void machine_emergency_restart(void) ++static inline __noreturn void machine_emergency_restart(void) + { + machine_restart(NULL); + } diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64.h index 1ca3efc..e3dc852 100644 --- a/include/asm-generic/int-l64.h @@ -58447,10 +59582,10 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index e0bc4ff..d79c2fa 100644 +index 10b2288..09180e4 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1608,7 +1608,8 @@ struct file_operations { +@@ -1609,7 +1609,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -60435,6 +61570,18 @@ index b1f8912..c955bff 100644 /* * Protect attach/detach and child_list: +diff --git a/include/linux/personality.h b/include/linux/personality.h +index 8fc7dd1a..c19d89e 100644 +--- a/include/linux/personality.h ++++ b/include/linux/personality.h +@@ -44,6 +44,7 @@ enum { + #define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC | \ + ADDR_NO_RANDOMIZE | \ + ADDR_COMPAT_LAYOUT | \ ++ ADDR_LIMIT_3GB | \ + MMAP_PAGE_ZERO) + + /* diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index 77257c9..51d473a 100644 --- a/include/linux/pipe_fs_i.h @@ -60607,6 +61754,30 @@ index e0879a7..a12f962 100644 #include <asm/emergency-restart.h> #endif +diff --git a/include/linux/regset.h b/include/linux/regset.h +index 8abee65..5150fd1 100644 +--- a/include/linux/regset.h ++++ b/include/linux/regset.h +@@ -335,6 +335,9 @@ static inline int copy_regset_to_user(struct task_struct *target, + { + const struct user_regset *regset = &view->regsets[setno]; + ++ if (!regset->get) ++ return -EOPNOTSUPP; ++ + if (!access_ok(VERIFY_WRITE, data, size)) + return -EIO; + +@@ -358,6 +361,9 @@ static inline int copy_regset_from_user(struct task_struct *target, + { + const struct user_regset *regset = &view->regsets[setno]; + ++ if (!regset->set) ++ return -EOPNOTSUPP; ++ + if (!access_ok(VERIFY_READ, data, size)) + return -EIO; + diff --git a/include/linux/reiserfs_fs.h b/include/linux/reiserfs_fs.h index 96d465f..b084e05 100644 --- a/include/linux/reiserfs_fs.h @@ -60687,7 +61858,7 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1c4f3e9..b4e4851 100644 +index 1c4f3e9..342eb1f 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -60871,7 +62042,7 @@ index 1c4f3e9..b4e4851 100644 +extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_refcount_overflow(struct pt_regs *regs); -+extern NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) ATTRIB_NORET; ++extern __noreturn void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type); + /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) @@ -60912,7 +62083,7 @@ index 1c4f3e9..b4e4851 100644 extern void flush_itimer_signals(void); -extern NORET_TYPE void do_group_exit(int); -+extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET; ++extern __noreturn void do_group_exit(int); extern void daemonize(const char *, ...); extern int allow_signal(int); @@ -61279,7 +62450,7 @@ index c14fe86..393245e 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 703cfa3..0b8ca72ac 100644 +index 703cfa33..0b8ca72ac 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -155,7 +155,11 @@ enum @@ -61799,10 +62970,10 @@ index 9e5425b..8136ffc 100644 /* Protects from simultaneous access to first_req list */ spinlock_t info_list_lock; diff --git a/include/net/flow.h b/include/net/flow.h -index 57f15a7..0de26c6 100644 +index 2a7eefd..3250f3b 100644 --- a/include/net/flow.h +++ b/include/net/flow.h -@@ -208,6 +208,6 @@ extern struct flow_cache_object *flow_cache_lookup( +@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup( extern void flow_cache_flush(void); extern void flow_cache_flush_deferred(void); @@ -62197,7 +63368,7 @@ index 444cd6b..3327cc5 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index a79886c..b483af6 100644 +index 94bbec3..3a8c6b0 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h @@ -346,7 +346,7 @@ struct t10_reservation_ops { @@ -62220,7 +63391,7 @@ index a79886c..b483af6 100644 atomic_t t_transport_active; atomic_t t_transport_complete; atomic_t t_transport_queue_active; -@@ -704,7 +704,7 @@ struct se_device { +@@ -705,7 +705,7 @@ struct se_device { /* Active commands on this virtual SE device */ atomic_t simple_cmds; atomic_t depth_left; @@ -62725,7 +63896,7 @@ index 5b4293d..f179875 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 7385de2..a8180e0 100644 +index 7385de2..a8180e08 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -63555,7 +64726,7 @@ index 58690af..d903d75 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index e6e01b9..619f837 100644 +index e6e01b9..0a21b0a 100644 --- a/kernel/exit.c +++ b/kernel/exit.c @@ -57,6 +57,10 @@ @@ -63634,11 +64805,20 @@ index e6e01b9..619f837 100644 exit_mm(tsk); if (group_dead) +@@ -1068,7 +1091,7 @@ SYSCALL_DEFINE1(exit, int, error_code) + * Take down every thread in the group. This is called by fatal signals + * as well as by sys_exit_group (below). + */ +-NORET_TYPE void ++__noreturn void + do_group_exit(int exit_code) + { + struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index da4a6a1..0973380 100644 +index 0acf42c0..9e40e2e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -280,7 +280,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -63647,7 +64827,7 @@ index da4a6a1..0973380 100644 #endif /* -@@ -304,13 +304,77 @@ out: +@@ -305,13 +305,77 @@ out: } #ifdef CONFIG_MMU @@ -63727,7 +64907,7 @@ index da4a6a1..0973380 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -322,8 +386,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -63738,7 +64918,7 @@ index da4a6a1..0973380 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -339,8 +403,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -63747,7 +64927,7 @@ index da4a6a1..0973380 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -348,53 +410,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -63805,7 +64985,7 @@ index da4a6a1..0973380 100644 /* * Link in the new vma and copy the page table entries. -@@ -417,6 +437,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -63837,7 +65017,7 @@ index da4a6a1..0973380 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -425,14 +470,6 @@ out: +@@ -426,14 +471,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -63852,7 +65032,7 @@ index da4a6a1..0973380 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -644,6 +681,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) +@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) } EXPORT_SYMBOL_GPL(get_task_mm); @@ -63879,7 +65059,7 @@ index da4a6a1..0973380 100644 /* Please note the differences between mmput and mm_release. * mmput is called whenever we stop holding onto a mm_struct, * error success whatever. -@@ -829,13 +886,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -63895,7 +65075,7 @@ index da4a6a1..0973380 100644 return 0; } -@@ -1097,6 +1155,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -63905,7 +65085,7 @@ index da4a6a1..0973380 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1256,6 +1317,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -63914,7 +65094,7 @@ index da4a6a1..0973380 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1418,6 +1481,8 @@ bad_fork_cleanup_count: +@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -63923,7 +65103,7 @@ index da4a6a1..0973380 100644 return ERR_PTR(retval); } -@@ -1518,6 +1583,8 @@ long do_fork(unsigned long clone_flags, +@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -63932,7 +65112,7 @@ index da4a6a1..0973380 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1627,7 +1694,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -63941,7 +65121,7 @@ index da4a6a1..0973380 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1716,7 +1783,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -67701,7 +68881,7 @@ index d9df745..e73c2fe 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 993599e..84dc70e 100644 +index 993599e..f1dbc14 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -67773,7 +68953,26 @@ index 993599e..84dc70e 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1608,11 +1624,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -878,9 +894,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + case 'U': + return uuid_string(buf, end, ptr, spec, fmt); + case 'V': +- return buf + vsnprintf(buf, end > buf ? end - buf : 0, +- ((struct va_format *)ptr)->fmt, +- *(((struct va_format *)ptr)->va)); ++ { ++ va_list va; ++ ++ va_copy(va, *((struct va_format *)ptr)->va); ++ buf += vsnprintf(buf, end > buf ? end - buf : 0, ++ ((struct va_format *)ptr)->fmt, va); ++ va_end(va); ++ return buf; ++ } + case 'K': + /* + * %pK cannot be used in IRQ context because its test +@@ -1608,11 +1630,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -67788,7 +68987,7 @@ index 993599e..84dc70e 100644 } \ args += sizeof(type); \ value; \ -@@ -1675,7 +1691,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1675,7 +1697,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -68955,7 +70154,7 @@ index 4f4f53b..9511904 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..44552cf 100644 +index eae90af..c930262 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -69289,7 +70488,18 @@ index eae90af..44552cf 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1281,6 +1412,19 @@ munmap_back: +@@ -1266,8 +1397,9 @@ munmap_back: + vma->vm_pgoff = pgoff; + INIT_LIST_HEAD(&vma->anon_vma_chain); + ++ error = -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */ ++ + if (file) { +- error = -EINVAL; + if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) + goto free_vma; + if (vm_flags & VM_DENYWRITE) { +@@ -1281,6 +1413,19 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -69309,7 +70519,16 @@ index eae90af..44552cf 100644 if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); -@@ -1316,6 +1460,11 @@ munmap_back: +@@ -1293,6 +1438,8 @@ munmap_back: + pgoff = vma->vm_pgoff; + vm_flags = vma->vm_flags; + } else if (vm_flags & VM_SHARED) { ++ if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP))) ++ goto free_vma; + error = shmem_zero_setup(vma); + if (error) + goto free_vma; +@@ -1316,6 +1463,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -69321,7 +70540,7 @@ index eae90af..44552cf 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1324,6 +1473,7 @@ out: +@@ -1324,6 +1476,7 @@ out: mm->total_vm += len >> PAGE_SHIFT; vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -69329,7 +70548,7 @@ index eae90af..44552cf 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1341,6 +1491,12 @@ unmap_and_free_vma: +@@ -1341,6 +1494,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -69342,7 +70561,7 @@ index eae90af..44552cf 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1348,6 +1504,44 @@ unacct_error: +@@ -1348,6 +1507,44 @@ unacct_error: return error; } @@ -69387,7 +70606,7 @@ index eae90af..44552cf 100644 /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1374,18 +1568,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1374,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -69418,7 +70637,7 @@ index eae90af..44552cf 100644 } full_search: -@@ -1396,34 +1595,40 @@ full_search: +@@ -1396,34 +1598,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -69470,7 +70689,7 @@ index eae90af..44552cf 100644 mm->free_area_cache = addr; mm->cached_hole_size = ~0UL; } -@@ -1441,7 +1646,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1441,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -69479,7 +70698,7 @@ index eae90af..44552cf 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1450,13 +1655,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1450,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -69502,7 +70721,7 @@ index eae90af..44552cf 100644 } /* check if free_area_cache is useful for us */ -@@ -1471,7 +1681,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1471,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* make sure it can fit in the remaining address space */ if (addr > len) { vma = find_vma(mm, addr-len); @@ -69511,7 +70730,7 @@ index eae90af..44552cf 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -1488,7 +1698,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1488,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, * return with success: */ vma = find_vma(mm, addr); @@ -69520,7 +70739,7 @@ index eae90af..44552cf 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1497,8 +1707,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1497,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -69531,7 +70750,7 @@ index eae90af..44552cf 100644 bottomup: /* -@@ -1507,13 +1717,21 @@ bottomup: +@@ -1507,13 +1720,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -69555,7 +70774,7 @@ index eae90af..44552cf 100644 mm->cached_hole_size = ~0UL; return addr; -@@ -1522,6 +1740,12 @@ bottomup: +@@ -1522,6 +1743,12 @@ bottomup: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -69568,7 +70787,7 @@ index eae90af..44552cf 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1529,8 +1753,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1529,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -69580,14 +70799,13 @@ index eae90af..44552cf 100644 } unsigned long -@@ -1603,40 +1829,42 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -1603,40 +1832,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); -/* Same as find_vma, but also return a pointer to the previous VMA in *pprev. */ +/* + * Same as find_vma, but also return a pointer to the previous VMA in *pprev. -+ * Note: pprev is set to NULL when return value is NULL. + */ struct vm_area_struct * find_vma_prev(struct mm_struct *mm, unsigned long addr, @@ -69597,22 +70815,13 @@ index eae90af..44552cf 100644 - struct rb_node *rb_node; - if (!mm) - goto out; -+ struct vm_area_struct *vma; - +- - /* Guard against addr being lower than the first VMA */ - vma = mm->mmap; -+ vma = find_vma(mm, addr); -+ *pprev = vma ? vma->vm_prev : NULL; -+ return vma; -+} - +- - /* Go through the RB tree quickly. */ - rb_node = mm->mm_rb.rb_node; -+#ifdef CONFIG_PAX_SEGMEXEC -+struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) -+{ -+ struct vm_area_struct *vma_m; - +- - while (rb_node) { - struct vm_area_struct *vma_tmp; - vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb); @@ -69623,17 +70832,35 @@ index eae90af..44552cf 100644 - prev = vma_tmp; - if (!prev->vm_next || (addr < prev->vm_next->vm_end)) - break; -- rb_node = rb_node->rb_right; -- } -+ BUG_ON(!vma || vma->vm_start >= vma->vm_end); -+ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { -+ BUG_ON(vma->vm_mirror); -+ return NULL; ++ struct vm_area_struct *vma; ++ ++ vma = find_vma(mm, addr); ++ if (vma) { ++ *pprev = vma->vm_prev; ++ } else { ++ struct rb_node *rb_node = mm->mm_rb.rb_node; ++ *pprev = NULL; ++ while (rb_node) { ++ *pprev = rb_entry(rb_node, struct vm_area_struct, vm_rb); + rb_node = rb_node->rb_right; + } } -- ++ return vma; ++} ++ ++#ifdef CONFIG_PAX_SEGMEXEC ++struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) ++{ ++ struct vm_area_struct *vma_m; + -out: - *pprev = prev; - return prev ? prev->vm_next : vma; ++ BUG_ON(!vma || vma->vm_start >= vma->vm_end); ++ if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { ++ BUG_ON(vma->vm_mirror); ++ return NULL; ++ } + BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end); + vma_m = vma->vm_mirror; + BUG_ON(!vma_m || vma_m->vm_mirror != vma); @@ -69648,7 +70875,7 @@ index eae90af..44552cf 100644 /* * Verify that the stack growth is acceptable and -@@ -1654,6 +1882,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1654,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -69656,7 +70883,7 @@ index eae90af..44552cf 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1664,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1664,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -69664,7 +70891,7 @@ index eae90af..44552cf 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1694,37 +1924,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1694,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -69722,7 +70949,7 @@ index eae90af..44552cf 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1739,6 +1980,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -1739,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -69731,7 +70958,7 @@ index eae90af..44552cf 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); return error; -@@ -1752,6 +1995,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1752,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -69740,7 +70967,7 @@ index eae90af..44552cf 100644 /* * We must make sure the anon_vma is allocated -@@ -1765,6 +2010,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1765,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -69756,7 +70983,7 @@ index eae90af..44552cf 100644 vma_lock_anon_vma(vma); /* -@@ -1774,9 +2028,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1774,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -69775,7 +71002,7 @@ index eae90af..44552cf 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1786,11 +2048,22 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1786,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma, if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -69798,7 +71025,7 @@ index eae90af..44552cf 100644 khugepaged_enter_vma_merge(vma); return error; } -@@ -1860,6 +2133,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -1860,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -69812,7 +71039,7 @@ index eae90af..44552cf 100644 mm->total_vm -= nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); -@@ -1905,6 +2185,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1905,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -69829,7 +71056,7 @@ index eae90af..44552cf 100644 rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1933,14 +2223,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1933,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -69863,7 +71090,7 @@ index eae90af..44552cf 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1953,6 +2262,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1953,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -69886,7 +71113,7 @@ index eae90af..44552cf 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -1978,6 +2303,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1978,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -69929,7 +71156,7 @@ index eae90af..44552cf 100644 /* Success. */ if (!err) return 0; -@@ -1990,10 +2351,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1990,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, removed_exe_file_vma(mm); fput(new->vm_file); } @@ -69949,7 +71176,7 @@ index eae90af..44552cf 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2006,6 +2375,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2006,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -69965,7 +71192,7 @@ index eae90af..44552cf 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2017,11 +2395,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2017,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -69996,7 +71223,7 @@ index eae90af..44552cf 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2096,6 +2493,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2096,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -70005,7 +71232,7 @@ index eae90af..44552cf 100644 return 0; } -@@ -2108,22 +2507,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2108,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) profile_munmap(addr); @@ -70034,7 +71261,7 @@ index eae90af..44552cf 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2137,6 +2532,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2137,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -70042,7 +71269,7 @@ index eae90af..44552cf 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2148,16 +2544,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2148,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -70074,7 +71301,7 @@ index eae90af..44552cf 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2174,22 +2584,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2174,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -70101,7 +71328,7 @@ index eae90af..44552cf 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2203,7 +2613,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2203,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -70110,7 +71337,7 @@ index eae90af..44552cf 100644 return -ENOMEM; } -@@ -2217,11 +2627,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2217,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -70125,7 +71352,7 @@ index eae90af..44552cf 100644 return addr; } -@@ -2268,8 +2679,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2268,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -70137,7 +71364,7 @@ index eae90af..44552cf 100644 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2283,6 +2696,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2283,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -70151,7 +71378,7 @@ index eae90af..44552cf 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2305,7 +2725,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2305,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -70174,7 +71401,7 @@ index eae90af..44552cf 100644 return 0; } -@@ -2323,6 +2758,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2323,6 +2769,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; struct mempolicy *pol; @@ -70183,7 +71410,7 @@ index eae90af..44552cf 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2373,6 +2810,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2373,6 +2821,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -70223,7 +71450,7 @@ index eae90af..44552cf 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2383,7 +2853,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) unsigned long lim; lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -70232,7 +71459,7 @@ index eae90af..44552cf 100644 if (cur + npages > lim) return 0; return 1; -@@ -2454,6 +2924,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -70631,7 +71858,7 @@ index 7fa41b4..6087460 100644 return count; } diff --git a/mm/nommu.c b/mm/nommu.c -index b982290..7d73f53 100644 +index ee7e57e..cae4e40 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -70642,7 +71869,7 @@ index b982290..7d73f53 100644 atomic_long_t mmap_pages_allocated; -@@ -825,15 +824,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -829,15 +828,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -70658,7 +71885,7 @@ index b982290..7d73f53 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1553,6 +1543,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1557,6 +1547,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -72734,7 +73961,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 5a13edf..a6f2bd2 100644 +index c56cacf..b28e35f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) @@ -72806,7 +74033,7 @@ index 5a13edf..a6f2bd2 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3891,7 +3895,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -72815,7 +74042,7 @@ index 5a13edf..a6f2bd2 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5949,7 +5953,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -73395,7 +74622,7 @@ index 94cdbc5..0cb0063 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index c89e354..8bd55c8 100644 +index eb90aa8..22bf114 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -73408,7 +74635,7 @@ index c89e354..8bd55c8 100644 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1627,6 +1630,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1632,6 +1635,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -73418,7 +74645,7 @@ index c89e354..8bd55c8 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1689,12 +1695,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1694,12 +1700,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -73441,7 +74668,7 @@ index c89e354..8bd55c8 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1744,6 +1757,10 @@ no_tcp_socket: +@@ -1749,6 +1762,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -73452,7 +74679,7 @@ index c89e354..8bd55c8 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2404,7 +2421,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, +@@ -2409,7 +2426,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -73464,7 +74691,7 @@ index c89e354..8bd55c8 100644 len); } -@@ -2454,7 +2475,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2459,7 +2480,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -73478,7 +74705,7 @@ index c89e354..8bd55c8 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2482,7 +2508,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, +@@ -2487,7 +2513,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -74226,7 +75453,7 @@ index 30d7355..e260095 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index a7536fd..4039cc0 100644 +index 7d9b21d..0687004 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) @@ -74373,7 +75600,7 @@ index 29fa5ba..8debc79 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 093cc32..9209ae1 100644 +index 6dc7d7d..e45913a 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -75937,7 +77164,7 @@ index 9049a5c..cfa6f5c 100644 } diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index d2b366c..51ff91e 100644 +index d2b366c..51ff91ebc 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -109,7 +109,7 @@ endif @@ -76252,7 +77479,7 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..eeabc9f 100644 +index 51bd5a0..3a4ebd0 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -4,6 +4,627 @@ @@ -76830,7 +78057,7 @@ index 51bd5a0..eeabc9f 100644 + +config PAX_REFCOUNT + bool "Prevent various kernel object reference counter overflows" -+ depends on GRKERNSEC && (X86 || SPARC64) ++ depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86) + help + By saying Y here the kernel will detect and prevent overflowing + various (but not all) kinds of object reference counters. Such @@ -77813,23 +79040,24 @@ index a39edcc..1014050 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..29b6b75 +index 0000000..894c8bf --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,21 @@ +@@ -0,0 +1,23 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) +GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + -+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu99 ++HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb + +hostlibs-y := constify_plugin.so +hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so +hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so +hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so +hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so ++hostlibs-y += colorize_plugin.so + +always := $(hostlibs-y) + @@ -77838,6 +79066,7 @@ index 0000000..29b6b75 +kallocstat_plugin-objs := kallocstat_plugin.o +kernexec_plugin-objs := kernexec_plugin.o +checker_plugin-objs := checker_plugin.o ++colorize_plugin-objs := colorize_plugin.o diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..d41b5af @@ -78015,6 +79244,159 @@ index 0000000..d41b5af + + return 0; +} +diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c +new file mode 100644 +index 0000000..ee950d0 +--- /dev/null ++++ b/tools/gcc/colorize_plugin.c +@@ -0,0 +1,147 @@ ++/* ++ * Copyright 2012 by PaX Team <pageexec@freemail.hu> ++ * Licensed under the GPL v2 ++ * ++ * Note: the choice of the license means that the compilation process is ++ * NOT 'eligible' as defined by gcc's library exception to the GPL v3, ++ * but for the kernel it doesn't matter since it doesn't link against ++ * any of the gcc libraries ++ * ++ * gcc plugin to colorize diagnostic output ++ * ++ */ ++ ++#include "gcc-plugin.h" ++#include "config.h" ++#include "system.h" ++#include "coretypes.h" ++#include "tree.h" ++#include "tree-pass.h" ++#include "flags.h" ++#include "intl.h" ++#include "toplev.h" ++#include "plugin.h" ++#include "diagnostic.h" ++#include "plugin-version.h" ++#include "tm.h" ++ ++int plugin_is_GPL_compatible; ++ ++static struct plugin_info colorize_plugin_info = { ++ .version = "201203092200", ++}; ++ ++#define GREEN "\033[32m\033[2m" ++#define LIGHTGREEN "\033[32m\033[1m" ++#define YELLOW "\033[33m\033[2m" ++#define LIGHTYELLOW "\033[33m\033[1m" ++#define RED "\033[31m\033[2m" ++#define LIGHTRED "\033[31m\033[1m" ++#define BLUE "\033[34m\033[2m" ++#define LIGHTBLUE "\033[34m\033[1m" ++#define BRIGHT "\033[m\033[1m" ++#define NORMAL "\033[m" ++ ++static diagnostic_starter_fn old_starter; ++static diagnostic_finalizer_fn old_finalizer; ++ ++static void start_colorize(diagnostic_context *context, diagnostic_info *diagnostic) ++{ ++ const char *color; ++ char *newprefix; ++ ++ switch (diagnostic->kind) { ++ case DK_NOTE: ++ color = LIGHTBLUE; ++ break; ++ ++ case DK_PEDWARN: ++ case DK_WARNING: ++ color = LIGHTYELLOW; ++ break; ++ ++ case DK_ERROR: ++ case DK_FATAL: ++ case DK_ICE: ++ case DK_PERMERROR: ++ case DK_SORRY: ++ color = LIGHTRED; ++ break; ++ ++ default: ++ color = NORMAL; ++ } ++ ++ old_starter(context, diagnostic); ++ if (-1 == asprintf(&newprefix, "%s%s" NORMAL, color, context->printer->prefix)) ++ return; ++ pp_destroy_prefix(context->printer); ++ pp_set_prefix(context->printer, newprefix); ++} ++ ++static void finalize_colorize(diagnostic_context *context, diagnostic_info *diagnostic) ++{ ++ old_finalizer(context, diagnostic); ++} ++ ++static void colorize_arm(void) ++{ ++ old_starter = diagnostic_starter(global_dc); ++ old_finalizer = diagnostic_finalizer(global_dc); ++ ++ diagnostic_starter(global_dc) = start_colorize; ++ diagnostic_finalizer(global_dc) = finalize_colorize; ++} ++ ++static unsigned int execute_colorize_rearm(void) ++{ ++ if (diagnostic_starter(global_dc) == start_colorize) ++ return 0; ++ ++ colorize_arm(); ++ return 0; ++} ++ ++struct simple_ipa_opt_pass pass_ipa_colorize_rearm = { ++ .pass = { ++ .type = SIMPLE_IPA_PASS, ++ .name = "colorize_rearm", ++ .gate = NULL, ++ .execute = execute_colorize_rearm, ++ .sub = NULL, ++ .next = NULL, ++ .static_pass_number = 0, ++ .tv_id = TV_NONE, ++ .properties_required = 0, ++ .properties_provided = 0, ++ .properties_destroyed = 0, ++ .todo_flags_start = 0, ++ .todo_flags_finish = 0 ++ } ++}; ++ ++static void colorize_start_unit(void *gcc_data, void *user_data) ++{ ++ colorize_arm(); ++} ++ ++int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) ++{ ++ const char * const plugin_name = plugin_info->base_name; ++ struct register_pass_info colorize_rearm_pass_info = { ++ .pass = &pass_ipa_colorize_rearm.pass, ++ .reference_pass_name = "*free_lang_data", ++ .ref_pass_instance_number = 0, ++ .pos_op = PASS_POS_INSERT_AFTER ++ }; ++ ++ if (!plugin_default_version_check(version, &gcc_version)) { ++ error(G_("incompatible gcc/plugin versions")); ++ return 1; ++ } ++ ++ register_callback(plugin_name, PLUGIN_INFO, NULL, &colorize_plugin_info); ++ register_callback(plugin_name, PLUGIN_START_UNIT, &colorize_start_unit, NULL); ++ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &colorize_rearm_pass_info); ++ return 0; ++} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 index 0000000..704a564 @@ -78932,10 +80314,10 @@ index 0000000..008f159 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..8b61031 +index 0000000..ea79948 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,295 @@ +@@ -0,0 +1,326 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -78982,10 +80364,12 @@ index 0000000..8b61031 +static int track_frame_size = -1; +static const char track_function[] = "pax_track_stack"; +static const char check_function[] = "pax_check_alloca"; ++static tree pax_check_alloca_decl; ++static tree pax_track_stack_decl; +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201111150100", ++ .version = "201203021600", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -79038,27 +80422,20 @@ index 0000000..8b61031 +static void stackleak_check_alloca(gimple_stmt_iterator *gsi) +{ + gimple check_alloca; -+ tree fndecl, fntype, alloca_size; ++ tree alloca_size; + + // insert call to void pax_check_alloca(unsigned long size) -+ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); -+ fndecl = build_fn_decl(check_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO + alloca_size = gimple_call_arg(gsi_stmt(*gsi), 0); -+ check_alloca = gimple_build_call(fndecl, 1, alloca_size); ++ check_alloca = gimple_build_call(pax_check_alloca_decl, 1, alloca_size); + gsi_insert_before(gsi, check_alloca, GSI_SAME_STMT); +} + +static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi) +{ + gimple track_stack; -+ tree fndecl, fntype; + + // insert call to void pax_track_stack(void) -+ fntype = build_function_type_list(void_type_node, NULL_TREE); -+ fndecl = build_fn_decl(track_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO -+ track_stack = gimple_build_call(fndecl, 0); ++ track_stack = gimple_build_call(pax_track_stack_decl, 0); + gsi_insert_after(gsi, track_stack, GSI_CONTINUE_LINKING); +} + @@ -79095,7 +80472,7 @@ index 0000000..8b61031 +static unsigned int execute_stackleak_tree_instrument(void) +{ + basic_block bb, entry_bb; -+ bool prologue_instrumented = false; ++ bool prologue_instrumented = false, is_leaf = true; + + entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb; + @@ -79104,8 +80481,15 @@ index 0000000..8b61031 + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ gimple stmt; ++ ++ stmt = gsi_stmt(gsi); ++ ++ if (is_gimple_call(stmt)) ++ is_leaf = false; ++ + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> -+ if (!is_alloca(gsi_stmt(gsi))) ++ if (!is_alloca(stmt)) + continue; + + // 2. insert stack overflow check before each __builtin_alloca call @@ -79118,6 +80502,13 @@ index 0000000..8b61031 + } + } + ++ // special case for some bad linux code: taking the address of static inline functions will materialize them ++ // but we mustn't instrument some of them as the resulting stack alignment required by the function call ABI ++ // will break other assumptions regarding the expected (but not otherwise enforced) register clobbering ABI. ++ // case in point: native_save_fl on amd64 when optimized for size clobbers rdx if it were instrumented here. ++ if (is_leaf && !TREE_PUBLIC(current_function_decl) && DECL_DECLARED_INLINE_P(current_function_decl)) ++ return 0; ++ + // 4. insert track call at the beginning + if (!prologue_instrumented) { + gimple_stmt_iterator gsi; @@ -79177,6 +80568,27 @@ index 0000000..8b61031 + return 0; +} + ++static void stackleak_start_unit(void *gcc_data, void *user_data) ++{ ++ tree fntype; ++ ++ // declare void pax_check_alloca(unsigned long size) ++ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); ++ pax_check_alloca_decl = build_fn_decl(check_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_check_alloca_decl); // for LTO ++ TREE_PUBLIC(pax_check_alloca_decl) = 1; ++ DECL_EXTERNAL(pax_check_alloca_decl) = 1; ++ DECL_ARTIFICIAL(pax_check_alloca_decl) = 1; ++ ++ // declare void pax_track_stack(void) ++ fntype = build_function_type_list(void_type_node, NULL_TREE); ++ pax_track_stack_decl = build_fn_decl(track_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_track_stack_decl); // for LTO ++ TREE_PUBLIC(pax_track_stack_decl) = 1; ++ DECL_EXTERNAL(pax_track_stack_decl) = 1; ++ DECL_ARTIFICIAL(pax_track_stack_decl) = 1; ++} ++ +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + const char * const plugin_name = plugin_info->base_name; @@ -79188,7 +80600,7 @@ index 0000000..8b61031 +// .reference_pass_name = "tree_profile", + .reference_pass_name = "optimized", + .ref_pass_instance_number = 0, -+ .pos_op = PASS_POS_INSERT_AFTER ++ .pos_op = PASS_POS_INSERT_BEFORE + }; + struct register_pass_info stackleak_final_pass_info = { + .pass = &stackleak_final_rtl_opt_pass.pass, @@ -79226,6 +80638,7 @@ index 0000000..8b61031 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + ++ register_callback(plugin_name, PLUGIN_START_UNIT, &stackleak_start_unit, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_tree_instrument_pass_info); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_final_pass_info); + diff --git a/main/linux-grsec/inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch b/main/linux-grsec/inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch new file mode 100644 index 0000000000..0f26cf40ae --- /dev/null +++ b/main/linux-grsec/inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch @@ -0,0 +1,174 @@ +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Tue, 6 Mar 2012 21:20:26 +0000 (+0000) +Subject: inetpeer: Invalidate the inetpeer tree along with the routing cache +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git;a=commitdiff_plain;h=5faa5df1fa2024bd750089ff21dcc4191798263d + +inetpeer: Invalidate the inetpeer tree along with the routing cache + +We initialize the routing metrics with the values cached on the +inetpeer in rt_init_metrics(). So if we have the metrics cached on the +inetpeer, we ignore the user configured fib_metrics. + +To fix this issue, we replace the old tree with a fresh initialized +inet_peer_base. The old tree is removed later with a delayed work queue. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + +diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h +index 06b795d..ff04a33 100644 +--- a/include/net/inetpeer.h ++++ b/include/net/inetpeer.h +@@ -41,6 +41,7 @@ struct inet_peer { + u32 pmtu_orig; + u32 pmtu_learned; + struct inetpeer_addr_base redirect_learned; ++ struct list_head gc_list; + /* + * Once inet_peer is queued for deletion (refcnt == -1), following fields + * are not available: rid, ip_id_count, tcp_ts, tcp_ts_stamp +@@ -96,6 +97,8 @@ static inline struct inet_peer *inet_getpeer_v6(const struct in6_addr *v6daddr, + extern void inet_putpeer(struct inet_peer *p); + extern bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout); + ++extern void inetpeer_invalidate_tree(int family); ++ + /* + * temporary check to make sure we dont access rid, ip_id_count, tcp_ts, + * tcp_ts_stamp if no refcount is taken on inet_peer +diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c +index bf4a9c4..deea2e9 100644 +--- a/net/ipv4/inetpeer.c ++++ b/net/ipv4/inetpeer.c +@@ -17,6 +17,7 @@ + #include <linux/kernel.h> + #include <linux/mm.h> + #include <linux/net.h> ++#include <linux/workqueue.h> + #include <net/ip.h> + #include <net/inetpeer.h> + #include <net/secure_seq.h> +@@ -66,6 +67,11 @@ + + static struct kmem_cache *peer_cachep __read_mostly; + ++static LIST_HEAD(gc_list); ++static const int gc_delay = 60 * HZ; ++static struct delayed_work gc_work; ++static DEFINE_SPINLOCK(gc_lock); ++ + #define node_height(x) x->avl_height + + #define peer_avl_empty ((struct inet_peer *)&peer_fake_node) +@@ -102,6 +108,50 @@ int inet_peer_threshold __read_mostly = 65536 + 128; /* start to throw entries m + int inet_peer_minttl __read_mostly = 120 * HZ; /* TTL under high load: 120 sec */ + int inet_peer_maxttl __read_mostly = 10 * 60 * HZ; /* usual time to live: 10 min */ + ++static void inetpeer_gc_worker(struct work_struct *work) ++{ ++ struct inet_peer *p, *n; ++ LIST_HEAD(list); ++ ++ spin_lock_bh(&gc_lock); ++ list_replace_init(&gc_list, &list); ++ spin_unlock_bh(&gc_lock); ++ ++ if (list_empty(&list)) ++ return; ++ ++ list_for_each_entry_safe(p, n, &list, gc_list) { ++ ++ if(need_resched()) ++ cond_resched(); ++ ++ if (p->avl_left != peer_avl_empty) { ++ list_add_tail(&p->avl_left->gc_list, &list); ++ p->avl_left = peer_avl_empty; ++ } ++ ++ if (p->avl_right != peer_avl_empty) { ++ list_add_tail(&p->avl_right->gc_list, &list); ++ p->avl_right = peer_avl_empty; ++ } ++ ++ n = list_entry(p->gc_list.next, struct inet_peer, gc_list); ++ ++ if (!atomic_read(&p->refcnt)) { ++ list_del(&p->gc_list); ++ kmem_cache_free(peer_cachep, p); ++ } ++ } ++ ++ if (list_empty(&list)) ++ return; ++ ++ spin_lock_bh(&gc_lock); ++ list_splice(&list, &gc_list); ++ spin_unlock_bh(&gc_lock); ++ ++ schedule_delayed_work(&gc_work, gc_delay); ++} + + /* Called from ip_output.c:ip_init */ + void __init inet_initpeers(void) +@@ -126,6 +176,7 @@ void __init inet_initpeers(void) + 0, SLAB_HWCACHE_ALIGN | SLAB_PANIC, + NULL); + ++ INIT_DELAYED_WORK_DEFERRABLE(&gc_work, inetpeer_gc_worker); + } + + static int addr_compare(const struct inetpeer_addr *a, +@@ -449,7 +500,7 @@ relookup: + p->pmtu_orig = 0; + p->redirect_genid = 0; + memset(&p->redirect_learned, 0, sizeof(p->redirect_learned)); +- ++ INIT_LIST_HEAD(&p->gc_list); + + /* Link the node. */ + link_to_pool(p, base); +@@ -509,3 +560,30 @@ bool inet_peer_xrlim_allow(struct inet_peer *peer, int timeout) + return rc; + } + EXPORT_SYMBOL(inet_peer_xrlim_allow); ++ ++void inetpeer_invalidate_tree(int family) ++{ ++ struct inet_peer *old, *new, *prev; ++ struct inet_peer_base *base = family_to_base(family); ++ ++ write_seqlock_bh(&base->lock); ++ ++ old = base->root; ++ if (old == peer_avl_empty_rcu) ++ goto out; ++ ++ new = peer_avl_empty_rcu; ++ ++ prev = cmpxchg(&base->root, old, new); ++ if (prev == old) { ++ base->total = 0; ++ spin_lock(&gc_lock); ++ list_add_tail(&prev->gc_list, &gc_list); ++ spin_unlock(&gc_lock); ++ schedule_delayed_work(&gc_work, gc_delay); ++ } ++ ++out: ++ write_sequnlock_bh(&base->lock); ++} ++EXPORT_SYMBOL(inetpeer_invalidate_tree); +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index bcacf54..23ce0c1 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -938,6 +938,7 @@ static void rt_cache_invalidate(struct net *net) + get_random_bytes(&shuffle, sizeof(shuffle)); + atomic_add(shuffle + 1U, &net->ipv4.rt_genid); + redirect_genid++; ++ inetpeer_invalidate_tree(AF_INET); + } + + /* diff --git a/main/linux-grsec/linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch b/main/linux-grsec/linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch deleted file mode 100644 index 7ca4147826..0000000000 --- a/main/linux-grsec/linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index f30112f..26a6249 100644 ---- a/net/ipv4/route.c -+++ b/net/ipv4/route.c -@@ -1841,6 +1841,22 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst) - return mtu; - } - -+static void __rt_init_metrics(struct rtable *rt, struct fib_info *fi, -+ struct inet_peer *peer) -+{ -+ if (peer && fi->fib_metrics == (u32 *) dst_default_metrics) { -+ dst_init_metrics(&rt->dst, peer->metrics, false); -+ return; -+ } -+ -+ if (fi->fib_metrics != (u32 *) dst_default_metrics) { -+ rt->fi = fi; -+ atomic_inc(&fi->fib_clntref); -+ } -+ -+ dst_init_metrics(&rt->dst, fi->fib_metrics, true); -+} -+ - static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4, - struct fib_info *fi) - { -@@ -1859,7 +1875,8 @@ static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4, - if (inet_metrics_new(peer)) - memcpy(peer->metrics, fi->fib_metrics, - sizeof(u32) * RTAX_MAX); -- dst_init_metrics(&rt->dst, peer->metrics, false); -+ -+ __rt_init_metrics(rt, fi, peer); - - check_peer_pmtu(&rt->dst, peer); - if (peer->redirect_genid != redirect_genid) -@@ -1869,13 +1886,8 @@ static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4, - rt->rt_gateway = peer->redirect_learned.a4; - rt->rt_flags |= RTCF_REDIRECTED; - } -- } else { -- if (fi->fib_metrics != (u32 *) dst_default_metrics) { -- rt->fi = fi; -- atomic_inc(&fi->fib_clntref); -- } -- dst_init_metrics(&rt->dst, fi->fib_metrics, true); -- } -+ } else -+ __rt_init_metrics(rt, fi, NULL); - } - - static void rt_set_nexthop(struct rtable *rt, const struct flowi4 *fl4, diff --git a/main/linux-grsec/route-remove-redirect-genid.patch b/main/linux-grsec/route-remove-redirect-genid.patch new file mode 100644 index 0000000000..7c1d28b468 --- /dev/null +++ b/main/linux-grsec/route-remove-redirect-genid.patch @@ -0,0 +1,81 @@ +One hunk was remove from this patch. + + +From: Steffen Klassert <steffen.klassert@secunet.com> +Date: Tue, 6 Mar 2012 21:21:10 +0000 (+0000) +Subject: route: Remove redirect_genid +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet.git;a=commitdiff_plain;h=ac3f48de09d8f4b73397047e413fadff7f65cfa7 + +route: Remove redirect_genid + +As we invalidate the inetpeer tree along with the routing cache now, +we don't need a genid to reset the redirect handling when the routing +cache is flushed. + +Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + +diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h +index ff04a33..b94765e 100644 +--- a/include/net/inetpeer.h ++++ b/include/net/inetpeer.h +@@ -35,7 +35,6 @@ struct inet_peer { + + u32 metrics[RTAX_MAX]; + u32 rate_tokens; /* rate limiting for ICMP */ +- int redirect_genid; + unsigned long rate_last; + unsigned long pmtu_expires; + u32 pmtu_orig; +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 23ce0c1..0197747 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -132,7 +132,6 @@ static int ip_rt_mtu_expires __read_mostly = 10 * 60 * HZ; + static int ip_rt_min_pmtu __read_mostly = 512 + 20 + 20; + static int ip_rt_min_advmss __read_mostly = 256; + static int rt_chain_length_max __read_mostly = 20; +-static int redirect_genid; + + static struct delayed_work expires_work; + static unsigned long expires_ljiffies; +@@ -937,7 +936,6 @@ static void rt_cache_invalidate(struct net *net) + + get_random_bytes(&shuffle, sizeof(shuffle)); + atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid); +- redirect_genid++; + inetpeer_invalidate_tree(AF_INET); + } + +@@ -1486,10 +1484,8 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw, + + peer = rt->peer; + if (peer) { +- if (peer->redirect_learned.a4 != new_gw || +- peer->redirect_genid != redirect_genid) { ++ if (peer->redirect_learned.a4 != new_gw) { + peer->redirect_learned.a4 = new_gw; +- peer->redirect_genid = redirect_genid; + atomic_inc(&__rt_peer_genid); + } + check_peer_redir(&rt->dst, peer); +@@ -1794,8 +1790,6 @@ static void ipv4_validate_peer(struct rtable *rt) + if (peer) { + check_peer_pmtu(&rt->dst, peer); + +- if (peer->redirect_genid != redirect_genid) +- peer->redirect_learned.a4 = 0; + if (peer->redirect_learned.a4 && + peer->redirect_learned.a4 != rt->rt_gateway) + check_peer_redir(&rt->dst, peer); +@@ -1959,8 +1953,7 @@ static void rt_init_metrics(struct rtable *rt, const struct flowi4 *fl4, + dst_init_metrics(&rt->dst, peer->metrics, false); + + check_peer_pmtu(&rt->dst, peer); +- if (peer->redirect_genid != redirect_genid) +- peer->redirect_learned.a4 = 0; ++ + if (peer->redirect_learned.a4 && + peer->redirect_learned.a4 != rt->rt_gateway) { + rt->rt_gateway = peer->redirect_learned.a4; |