From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 963511391DB for ; Sun, 16 Mar 2014 23:21:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CD4A7E0A85; Sun, 16 Mar 2014 23:20:53 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 37AE2E0A84 for ; Sun, 16 Mar 2014 23:20:53 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id AED4B33FAFE for ; Sun, 16 Mar 2014 23:20:51 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id A9FF218875 for ; Sun, 16 Mar 2014 23:20:49 +0000 (UTC) From: "Anthony G. Basile" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" Message-ID: <1395012029.7d38603b7484977e86f9f626ee789660d8e5833b.blueness@gentoo> Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.55/, 3.13.5/, 3.13.6/ X-VCS-Repository: proj/hardened-patchset X-VCS-Files: 3.13.5/0000_README 3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch 3.13.5/4425_grsec_remove_EI_PAX.patch 3.13.5/4427_force_XATTR_PAX_tmpfs.patch 3.13.5/4430_grsec-remove-localversion-grsec.patch 3.13.5/4435_grsec-mute-warnings.patch 3.13.5/4440_grsec-remove-protected-paths.patch 3.13.5/4450_grsec-kconfig-default-gids.patch 3.13.5/4465_selinux-avc_audit-log-curr_ip.patch 3.13.5/4470_disable-compat_vdso.patch 3.13.5/4475_emutramp_default_on.patch 3.13.6/0000_README 3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch 3.13.6/4425_grsec_remove_EI_PAX.patch 3.13.6/4427_force_XATTR_PAX_tmpfs.patch 3.13.6/4430_grsec-remove-localversion-grsec.patch 3.13.6/4435_grsec-mute-warnings.patch 3.13.6/4440_grsec-remove-protected-paths.patch 3.13.6/4450_grsec-kconfig-default-gids.patch 3.13.6/4465_selinux-avc_audit-log-curr_ip.patch 3.13.6/4470_disable-compat_vdso.patch 3.13.6/4475_emutramp_default_on.patch 3.2.55/0000_README 3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch 3.2.5 5/4420_grsecurity-3.0-3.2.55-201403142107.patch 3.2.55/4475_emutramp_default_on.patch X-VCS-Directories: 3.2.55/ 3.13.5/ 3.13.6/ X-VCS-Committer: blueness X-VCS-Committer-Name: Anthony G. Basile X-VCS-Revision: 7d38603b7484977e86f9f626ee789660d8e5833b X-VCS-Branch: master Date: Sun, 16 Mar 2014 23:20:49 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 8cd67805-c6be-416c-9099-74e133c81fe8 X-Archives-Hash: f1438afd254bb29a7d0c68ed7a59e45b commit: 7d38603b7484977e86f9f626ee789660d8e5833b Author: Anthony G. Basile gentoo org> AuthorDate: Sun Mar 16 23:20:29 2014 +0000 Commit: Anthony G. Basile gentoo org> CommitDate: Sun Mar 16 23:20:29 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=7d38603b Grsec/PaX: 3.0-{3.2.55,3.13.6}-201403142112 --- {3.13.5 => 3.13.6}/0000_README | 2 +- .../4420_grsecurity-3.0-3.13.6-201403142112.patch | 1097 +++++++++----------- {3.13.5 => 3.13.6}/4425_grsec_remove_EI_PAX.patch | 0 .../4427_force_XATTR_PAX_tmpfs.patch | 0 .../4430_grsec-remove-localversion-grsec.patch | 0 {3.13.5 => 3.13.6}/4435_grsec-mute-warnings.patch | 0 .../4440_grsec-remove-protected-paths.patch | 0 .../4450_grsec-kconfig-default-gids.patch | 0 .../4465_selinux-avc_audit-log-curr_ip.patch | 0 {3.13.5 => 3.13.6}/4470_disable-compat_vdso.patch | 0 {3.13.5 => 3.13.6}/4475_emutramp_default_on.patch | 6 +- 3.2.55/0000_README | 2 +- ... 4420_grsecurity-3.0-3.2.55-201403142107.patch} | 515 ++++++++- 3.2.55/4475_emutramp_default_on.patch | 6 +- 14 files changed, 954 insertions(+), 674 deletions(-) diff --git a/3.13.5/0000_README b/3.13.6/0000_README similarity index 96% rename from 3.13.5/0000_README rename to 3.13.6/0000_README index c20a3d4..9a10b46 100644 --- a/3.13.5/0000_README +++ b/3.13.6/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.13.5-201403041938.patch +Patch: 4420_grsecurity-3.0-3.13.6-201403142112.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch b/3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch similarity index 99% rename from 3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch rename to 3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch index 9efbd6a..3ef5afe 100644 --- a/3.13.5/4420_grsecurity-3.0-3.13.5-201403041938.patch +++ b/3.13.6/4420_grsecurity-3.0-3.13.6-201403142112.patch @@ -287,7 +287,7 @@ index b9e9bd8..bf49b92 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index a03bbf9..0817ef1 100644 +index dfe5fec..b8d23eb 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -1571,7 +1571,7 @@ index 75fe66b..ba3dee4 100644 #endif diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index ee753f1..2c2afeb 100644 +index ab91ebb..2c2afeb 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h @@ -116,7 +116,7 @@ struct cpu_cache_fns { @@ -1583,14 +1583,6 @@ index ee753f1..2c2afeb 100644 /* * Select the calling method -@@ -212,6 +212,7 @@ extern void copy_to_user_page(struct vm_area_struct *, struct page *, - static inline void __flush_icache_all(void) - { - __flush_icache_preferred(); -+ dsb(); - } - - /* diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h index 6dcc164..b14d917 100644 --- a/arch/arm/include/asm/checksum.h @@ -1989,7 +1981,7 @@ index 626989f..9d67a33 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index 4f95039..04d626a 100644 +index 1d15673..04d626a 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h @@ -82,6 +82,7 @@ @@ -2008,29 +2000,6 @@ index 4f95039..04d626a 100644 #define L_PTE_XN_HIGH (1 << (54 - 32)) #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) -@@ -120,13 +122,16 @@ - /* - * 2nd stage PTE definitions for LPAE. - */ --#define L_PTE_S2_MT_UNCACHED (_AT(pteval_t, 0x5) << 2) /* MemAttr[3:0] */ --#define L_PTE_S2_MT_WRITETHROUGH (_AT(pteval_t, 0xa) << 2) /* MemAttr[3:0] */ --#define L_PTE_S2_MT_WRITEBACK (_AT(pteval_t, 0xf) << 2) /* MemAttr[3:0] */ --#define L_PTE_S2_RDONLY (_AT(pteval_t, 1) << 6) /* HAP[1] */ --#define L_PTE_S2_RDWR (_AT(pteval_t, 3) << 6) /* HAP[2:1] */ -+#define L_PTE_S2_MT_UNCACHED (_AT(pteval_t, 0x0) << 2) /* strongly ordered */ -+#define L_PTE_S2_MT_WRITETHROUGH (_AT(pteval_t, 0xa) << 2) /* normal inner write-through */ -+#define L_PTE_S2_MT_WRITEBACK (_AT(pteval_t, 0xf) << 2) /* normal inner write-back */ -+#define L_PTE_S2_MT_DEV_SHARED (_AT(pteval_t, 0x1) << 2) /* device */ -+#define L_PTE_S2_MT_MASK (_AT(pteval_t, 0xf) << 2) - --#define L_PMD_S2_RDWR (_AT(pmdval_t, 3) << 6) /* HAP[2:1] */ -+#define L_PTE_S2_RDONLY (_AT(pteval_t, 1) << 6) /* HAP[1] */ -+#define L_PTE_S2_RDWR (_AT(pteval_t, 3) << 6) /* HAP[2:1] */ -+ -+#define L_PMD_S2_RDWR (_AT(pmdval_t, 3) << 6) /* HAP[2:1] */ - - /* - * Hyp-mode PL2 PTE definitions for LPAE. diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h index 1571d12..b8a9b43 100644 --- a/arch/arm/include/asm/pgtable.h @@ -2150,32 +2119,6 @@ index 22a3b9b..7f214ee 100644 /* * set platform specific SMP operations -diff --git a/arch/arm/include/asm/spinlock.h b/arch/arm/include/asm/spinlock.h -index ef3c607..ac4bfae 100644 ---- a/arch/arm/include/asm/spinlock.h -+++ b/arch/arm/include/asm/spinlock.h -@@ -37,18 +37,9 @@ - - static inline void dsb_sev(void) - { --#if __LINUX_ARM_ARCH__ >= 7 -- __asm__ __volatile__ ( -- "dsb ishst\n" -- SEV -- ); --#else -- __asm__ __volatile__ ( -- "mcr p15, 0, %0, c7, c10, 4\n" -- SEV -- : : "r" (0) -- ); --#endif -+ -+ dsb(ishst); -+ __asm__(SEV); - } - - /* diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h index 71a06b2..8bb9ae1 100644 --- a/arch/arm/include/asm/thread_info.h @@ -3512,7 +3455,7 @@ index 827d1500..2885dc6 100644 }; diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c -index d24926e..a7645a6 100644 +index ab43755..ccfa231 100644 --- a/arch/arm/mach-omap2/gpmc.c +++ b/arch/arm/mach-omap2/gpmc.c @@ -148,7 +148,6 @@ struct omap3_gpmc_regs { @@ -4213,18 +4156,6 @@ index f123d6e..04bf569 100644 return __arm_ioremap_caller(phys_addr, size, mtype, __builtin_return_address(0)); -diff --git a/arch/arm/mm/mm.h b/arch/arm/mm/mm.h -index d5a982d..7ea641b7 100644 ---- a/arch/arm/mm/mm.h -+++ b/arch/arm/mm/mm.h -@@ -38,6 +38,7 @@ static inline pmd_t *pmd_off_k(unsigned long virt) - - struct mem_type { - pteval_t prot_pte; -+ pteval_t prot_pte_s2; - pmdval_t prot_l1; - pmdval_t prot_sect; - unsigned int domain; diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index 5e85ed3..b10a7ed 100644 --- a/arch/arm/mm/mmap.c @@ -4337,7 +4268,7 @@ index 5e85ed3..b10a7ed 100644 } } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index 580ef2d..4ed7f76 100644 +index 911d433..8580952 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c @@ -38,6 +38,22 @@ @@ -4363,13 +4294,13 @@ index 580ef2d..4ed7f76 100644 /* * empty_zero_page is a special page that is used for * zero-initialized data and COW. -@@ -230,13 +246,25 @@ __setup("noalign", noalign_setup); +@@ -230,11 +246,19 @@ __setup("noalign", noalign_setup); #endif /* ifdef CONFIG_CPU_CP15 / else */ -#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN +#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY -+#define PROT_PTE_S2_DEVICE PROT_PTE_DEVICE|L_PTE_XN + #define PROT_PTE_S2_DEVICE PROT_PTE_DEVICE #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE -static struct mem_type mem_types[] = { @@ -4385,13 +4316,7 @@ index 580ef2d..4ed7f76 100644 [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | L_PTE_SHARED, -+ .prot_pte_s2 = s2_policy(PROT_PTE_S2_DEVICE) | -+ s2_policy(L_PTE_S2_MT_DEV_SHARED) | -+ L_PTE_SHARED, - .prot_l1 = PMD_TYPE_TABLE, - .prot_sect = PROT_SECT_DEVICE | PMD_SECT_S, - .domain = DOMAIN_IO, -@@ -262,16 +290,16 @@ static struct mem_type mem_types[] = { +@@ -266,16 +290,16 @@ static struct mem_type mem_types[] = { [MT_UNCACHED] = { .prot_pte = PROT_PTE_DEVICE, .prot_l1 = PMD_TYPE_TABLE, @@ -4411,7 +4336,7 @@ index 580ef2d..4ed7f76 100644 .domain = DOMAIN_KERNEL, }, #endif -@@ -279,36 +307,54 @@ static struct mem_type mem_types[] = { +@@ -283,36 +307,54 @@ static struct mem_type mem_types[] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_RDONLY, .prot_l1 = PMD_TYPE_TABLE, @@ -4474,7 +4399,7 @@ index 580ef2d..4ed7f76 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_ITCM] = { -@@ -318,10 +364,10 @@ static struct mem_type mem_types[] = { +@@ -322,10 +364,10 @@ static struct mem_type mem_types[] = { }, [MT_MEMORY_SO] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | @@ -4487,7 +4412,7 @@ index 580ef2d..4ed7f76 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_DMA_READY] = { -@@ -407,9 +453,35 @@ static void __init build_mem_type_table(void) +@@ -411,9 +453,35 @@ static void __init build_mem_type_table(void) * to prevent speculative instruction fetches. */ mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; @@ -4523,17 +4448,7 @@ index 580ef2d..4ed7f76 100644 } if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* -@@ -458,7 +530,8 @@ static void __init build_mem_type_table(void) - cp = &cache_policies[cachepolicy]; - vecs_pgprot = kern_pgprot = user_pgprot = cp->pte; - s2_pgprot = cp->pte_s2; -- hyp_device_pgprot = s2_device_pgprot = mem_types[MT_DEVICE].prot_pte; -+ hyp_device_pgprot = mem_types[MT_DEVICE].prot_pte; -+ s2_device_pgprot = mem_types[MT_DEVICE].prot_pte_s2; - - /* - * ARMv6 and above have extended page tables. -@@ -470,6 +543,9 @@ static void __init build_mem_type_table(void) +@@ -475,6 +543,9 @@ static void __init build_mem_type_table(void) * from SVC mode and no access from userspace. */ mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; @@ -4543,7 +4458,7 @@ index 580ef2d..4ed7f76 100644 mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; #endif -@@ -487,11 +563,17 @@ static void __init build_mem_type_table(void) +@@ -492,11 +563,17 @@ static void __init build_mem_type_table(void) mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; @@ -4565,7 +4480,7 @@ index 580ef2d..4ed7f76 100644 } } -@@ -502,15 +584,20 @@ static void __init build_mem_type_table(void) +@@ -507,15 +584,20 @@ static void __init build_mem_type_table(void) if (cpu_arch >= CPU_ARCH_ARMv6) { if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* Non-cacheable Normal is XCB = 001 */ @@ -4589,7 +4504,7 @@ index 580ef2d..4ed7f76 100644 } #ifdef CONFIG_ARM_LPAE -@@ -526,6 +613,8 @@ static void __init build_mem_type_table(void) +@@ -531,6 +613,8 @@ static void __init build_mem_type_table(void) vecs_pgprot |= PTE_EXT_AF; #endif @@ -4598,7 +4513,7 @@ index 580ef2d..4ed7f76 100644 for (i = 0; i < 16; i++) { pteval_t v = pgprot_val(protection_map[i]); protection_map[i] = __pgprot(v | user_pgprot); -@@ -543,10 +632,15 @@ static void __init build_mem_type_table(void) +@@ -548,10 +632,15 @@ static void __init build_mem_type_table(void) mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; @@ -4617,7 +4532,7 @@ index 580ef2d..4ed7f76 100644 mem_types[MT_ROM].prot_sect |= cp->pmd; switch (cp->pmd) { -@@ -1188,18 +1282,15 @@ void __init arm_mm_memblock_reserve(void) +@@ -1193,18 +1282,15 @@ void __init arm_mm_memblock_reserve(void) * called function. This means you can't use any function or debugging * method which may touch any device, otherwise the kernel _will_ crash. */ @@ -4640,7 +4555,7 @@ index 580ef2d..4ed7f76 100644 for (addr = VMALLOC_START; addr; addr += PMD_SIZE) pmd_clear(pmd_off_k(addr)); -@@ -1239,7 +1330,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc) +@@ -1244,7 +1330,7 @@ static void __init devicemaps_init(const struct machine_desc *mdesc) * location (0xffff0000). If we aren't using high-vectors, also * create a mapping at the low-vectors virtual address. */ @@ -4649,7 +4564,7 @@ index 580ef2d..4ed7f76 100644 map.virtual = 0xffff0000; map.length = PAGE_SIZE; #ifdef CONFIG_KUSER_HELPERS -@@ -1311,8 +1402,39 @@ static void __init map_lowmem(void) +@@ -1316,8 +1402,39 @@ static void __init map_lowmem(void) map.pfn = __phys_to_pfn(start); map.virtual = __phys_to_virt(start); map.length = end - start; @@ -4690,47 +4605,6 @@ index 580ef2d..4ed7f76 100644 create_mapping(&map); } } -diff --git a/arch/arm/mm/proc-v6.S b/arch/arm/mm/proc-v6.S -index 45dc29f..32b3558 100644 ---- a/arch/arm/mm/proc-v6.S -+++ b/arch/arm/mm/proc-v6.S -@@ -208,7 +208,6 @@ __v6_setup: - mcr p15, 0, r0, c7, c14, 0 @ clean+invalidate D cache - mcr p15, 0, r0, c7, c5, 0 @ invalidate I cache - mcr p15, 0, r0, c7, c15, 0 @ clean+invalidate cache -- mcr p15, 0, r0, c7, c10, 4 @ drain write buffer - #ifdef CONFIG_MMU - mcr p15, 0, r0, c8, c7, 0 @ invalidate I + D TLBs - mcr p15, 0, r0, c2, c0, 2 @ TTB control register -@@ -218,6 +217,8 @@ __v6_setup: - ALT_UP(orr r8, r8, #TTB_FLAGS_UP) - mcr p15, 0, r8, c2, c0, 1 @ load TTB1 - #endif /* CONFIG_MMU */ -+ mcr p15, 0, r0, c7, c10, 4 @ drain write buffer and -+ @ complete invalidations - adr r5, v6_crval - ldmia r5, {r5, r6} - ARM_BE8(orr r6, r6, #1 << 25) @ big-endian page tables -diff --git a/arch/arm/mm/proc-v7.S b/arch/arm/mm/proc-v7.S -index bd17819..74f6033 100644 ---- a/arch/arm/mm/proc-v7.S -+++ b/arch/arm/mm/proc-v7.S -@@ -351,7 +351,6 @@ __v7_setup: - - 4: mov r10, #0 - mcr p15, 0, r10, c7, c5, 0 @ I+BTB cache invalidate -- dsb - #ifdef CONFIG_MMU - mcr p15, 0, r10, c8, c7, 0 @ invalidate I + D TLBs - v7_ttb_setup r10, r4, r8, r5 @ TTBCR, TTBRx setup -@@ -360,6 +359,7 @@ __v7_setup: - mcr p15, 0, r5, c10, c2, 0 @ write PRRR - mcr p15, 0, r6, c10, c2, 1 @ write NMRR - #endif -+ dsb @ Complete invalidations - #ifndef CONFIG_ARM_THUMBEE - mrc p15, 0, r0, c0, c1, 0 @ read ID_PFR0 for ThumbEE - and r0, r0, #(0xf << 12) @ ThumbEE enabled field diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c index a5bc92d..0bb4730 100644 --- a/arch/arm/plat-omap/sram.c @@ -5560,6 +5434,19 @@ index 650de39..6982b02 100644 help kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot +diff --git a/arch/mips/cavium-octeon/dma-octeon.c b/arch/mips/cavium-octeon/dma-octeon.c +index 02f2444..506969c 100644 +--- a/arch/mips/cavium-octeon/dma-octeon.c ++++ b/arch/mips/cavium-octeon/dma-octeon.c +@@ -199,7 +199,7 @@ static void octeon_dma_free_coherent(struct device *dev, size_t size, + if (dma_release_from_coherent(dev, order, vaddr)) + return; + +- swiotlb_free_coherent(dev, size, vaddr, dma_handle); ++ swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs); + } + + static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr) diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h index 7eed2f2..c4e385d 100644 --- a/arch/mips/include/asm/atomic.h @@ -6521,6 +6408,19 @@ index c1f6afa..38cc6e9 100644 +#define arch_align_stack(x) ((x) & ~0xfUL) #endif /* _ASM_EXEC_H */ +diff --git a/arch/mips/include/asm/hw_irq.h b/arch/mips/include/asm/hw_irq.h +index 9e8ef59..1139d6b 100644 +--- a/arch/mips/include/asm/hw_irq.h ++++ b/arch/mips/include/asm/hw_irq.h +@@ -10,7 +10,7 @@ + + #include + +-extern atomic_t irq_err_count; ++extern atomic_unchecked_t irq_err_count; + + /* + * interrupt-retrigger: NOP for now. This may not be appropriate for all diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h index d44622c..64990d2 100644 --- a/arch/mips/include/asm/local.h @@ -6728,6 +6628,32 @@ index 202e581..689ca79 100644 #include /* +diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c +index 2b91fe8..fe4f6b4 100644 +--- a/arch/mips/kernel/i8259.c ++++ b/arch/mips/kernel/i8259.c +@@ -205,7 +205,7 @@ spurious_8259A_irq: + printk(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq); + spurious_irq_mask |= irqmask; + } +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + /* + * Theoretically we do not have to handle this IRQ, + * but in Linux this does not cause problems and is +diff --git a/arch/mips/kernel/irq-gt641xx.c b/arch/mips/kernel/irq-gt641xx.c +index 44a1f79..2bd6aa3 100644 +--- a/arch/mips/kernel/irq-gt641xx.c ++++ b/arch/mips/kernel/irq-gt641xx.c +@@ -110,7 +110,7 @@ void gt641xx_irq_dispatch(void) + } + } + +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + } + + void __init gt641xx_irq_init(void) diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c index d1fea7a..45602ea 100644 --- a/arch/mips/kernel/irq.c @@ -6800,6 +6726,38 @@ index b52e1d2..1a3ca09 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) trace_sys_enter(regs, regs->regs[2]); +diff --git a/arch/mips/kernel/reset.c b/arch/mips/kernel/reset.c +index 07fc524..b9d7f28 100644 +--- a/arch/mips/kernel/reset.c ++++ b/arch/mips/kernel/reset.c +@@ -13,6 +13,7 @@ + #include + + #include ++#include + + /* + * Urgs ... Too many MIPS machines to handle this in a generic way. +@@ -29,16 +30,19 @@ void machine_restart(char *command) + { + if (_machine_restart) + _machine_restart(command); ++ BUG(); + } + + void machine_halt(void) + { + if (_machine_halt) + _machine_halt(); ++ BUG(); + } + + void machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); ++ BUG(); + } diff --git a/arch/mips/kernel/smtc-proc.c b/arch/mips/kernel/smtc-proc.c index c10aa84..9ec2e60 100644 --- a/arch/mips/kernel/smtc-proc.c @@ -6981,7 +6939,7 @@ index becc42b..9e43d4b 100644 tsk->thread.error_code = write; #if 0 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index f1baadd..8537544 100644 +index f1baadd..5472dca 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -7010,7 +6968,7 @@ index f1baadd..8537544 100644 vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, addr, len, offset)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } @@ -7085,6 +7043,58 @@ index f1baadd..8537544 100644 int __virt_addr_valid(const volatile void *kaddr) { return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); +diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c +index 59cccd9..f39ac2f 100644 +--- a/arch/mips/pci/pci-octeon.c ++++ b/arch/mips/pci/pci-octeon.c +@@ -327,8 +327,8 @@ static int octeon_write_config(struct pci_bus *bus, unsigned int devfn, + + + static struct pci_ops octeon_pci_ops = { +- octeon_read_config, +- octeon_write_config, ++ .read = octeon_read_config, ++ .write = octeon_write_config, + }; + + static struct resource octeon_pci_mem_resource = { +diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c +index 5e36c33..eb4a17b 100644 +--- a/arch/mips/pci/pcie-octeon.c ++++ b/arch/mips/pci/pcie-octeon.c +@@ -1792,8 +1792,8 @@ static int octeon_dummy_write_config(struct pci_bus *bus, unsigned int devfn, + } + + static struct pci_ops octeon_pcie0_ops = { +- octeon_pcie0_read_config, +- octeon_pcie0_write_config, ++ .read = octeon_pcie0_read_config, ++ .write = octeon_pcie0_write_config, + }; + + static struct resource octeon_pcie0_mem_resource = { +@@ -1813,8 +1813,8 @@ static struct pci_controller octeon_pcie0_controller = { + }; + + static struct pci_ops octeon_pcie1_ops = { +- octeon_pcie1_read_config, +- octeon_pcie1_write_config, ++ .read = octeon_pcie1_read_config, ++ .write = octeon_pcie1_write_config, + }; + + static struct resource octeon_pcie1_mem_resource = { +@@ -1834,8 +1834,8 @@ static struct pci_controller octeon_pcie1_controller = { + }; + + static struct pci_ops octeon_dummy_ops = { +- octeon_dummy_read_config, +- octeon_dummy_write_config, ++ .read = octeon_dummy_read_config, ++ .write = octeon_dummy_write_config, + }; + + static struct resource octeon_dummy_mem_resource = { diff --git a/arch/mips/sgi-ip27/ip27-nmi.c b/arch/mips/sgi-ip27/ip27-nmi.c index a2358b4..7cead4f 100644 --- a/arch/mips/sgi-ip27/ip27-nmi.c @@ -7110,6 +7120,54 @@ index a2358b4..7cead4f 100644 #endif /* +diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c +index a046b30..6799527 100644 +--- a/arch/mips/sni/rm200.c ++++ b/arch/mips/sni/rm200.c +@@ -270,7 +270,7 @@ spurious_8259A_irq: + "spurious RM200 8259A interrupt: IRQ%d.\n", irq); + spurious_irq_mask |= irqmask; + } +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + /* + * Theoretically we do not have to handle this IRQ, + * but in Linux this does not cause problems and is +diff --git a/arch/mips/vr41xx/common/icu.c b/arch/mips/vr41xx/common/icu.c +index 41e873b..34d33a7 100644 +--- a/arch/mips/vr41xx/common/icu.c ++++ b/arch/mips/vr41xx/common/icu.c +@@ -653,7 +653,7 @@ static int icu_get_irq(unsigned int irq) + + printk(KERN_ERR "spurious ICU interrupt: %04x,%04x\n", pend1, pend2); + +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + + return -1; + } +diff --git a/arch/mips/vr41xx/common/irq.c b/arch/mips/vr41xx/common/irq.c +index ae0e4ee..e8f0692 100644 +--- a/arch/mips/vr41xx/common/irq.c ++++ b/arch/mips/vr41xx/common/irq.c +@@ -64,7 +64,7 @@ static void irq_dispatch(unsigned int irq) + irq_cascade_t *cascade; + + if (irq >= NR_IRQS) { +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + return; + } + +@@ -84,7 +84,7 @@ static void irq_dispatch(unsigned int irq) + ret = cascade->get_irq(irq); + irq = ret; + if (ret < 0) +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + else + irq_dispatch(irq); + if (!irqd_irq_disabled(idata) && chip->irq_unmask) diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h index 967d144..db12197 100644 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h @@ -8356,7 +8414,7 @@ index 68027bf..b26fd31 100644 tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp; } else { diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 4299104..29e2c51 100644 +index 448245f..b9bae83 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, @@ -20926,10 +20984,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 8e13293..9bfd68c 100644 +index db6cdbe..faaf834 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1348,7 +1348,7 @@ static void __init pmu_check_apic(void) +@@ -1351,7 +1351,7 @@ static void __init pmu_check_apic(void) pr_info("no hardware sampling interrupt available.\n"); } @@ -20938,7 +20996,7 @@ index 8e13293..9bfd68c 100644 .name = "format", .attrs = NULL, }; -@@ -1447,7 +1447,7 @@ static struct attribute *events_attr[] = { +@@ -1450,7 +1450,7 @@ static struct attribute *events_attr[] = { NULL, }; @@ -20947,7 +21005,7 @@ index 8e13293..9bfd68c 100644 .name = "events", .attrs = events_attr, }; -@@ -1958,7 +1958,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1961,7 +1961,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -20956,7 +21014,7 @@ index 8e13293..9bfd68c 100644 } return get_desc_base(desc + idx); -@@ -2048,7 +2048,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -2051,7 +2051,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -27723,7 +27781,7 @@ index c7168a5..09070fc 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index da7837e..86c6ebf 100644 +index dcc4de3..6bf73f4 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1316,12 +1316,12 @@ static void vmcs_write64(unsigned long field, u64 value) @@ -27883,7 +27941,7 @@ index da7837e..86c6ebf 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index d89d51b..fa94855 100644 +index 4e33b85..fa94855 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -1791,8 +1791,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) @@ -27915,15 +27973,6 @@ index d89d51b..fa94855 100644 { int r; struct kvm_x86_ops *ops = opaque; -@@ -6163,7 +6165,7 @@ static int complete_emulated_mmio(struct kvm_vcpu *vcpu) - frag->len -= len; - } - -- if (vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments) { -+ if (vcpu->mmio_cur_fragment >= vcpu->mmio_nr_fragments) { - vcpu->mmio_needed = 0; - - /* FIXME: return into emulator if single-stepping. */ diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c index bdf8532..f63c587 100644 --- a/arch/x86/lguest/boot.c @@ -33134,7 +33183,7 @@ index 0000000..dace51c +EXPORT_SYMBOL(__pax_close_userland); +#endif diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S -index 877b9a1..a8ecf42 100644 +index 877b9a1..f746de8 100644 --- a/arch/x86/net/bpf_jit.S +++ b/arch/x86/net/bpf_jit.S @@ -9,6 +9,7 @@ @@ -33208,6 +33257,15 @@ index 877b9a1..a8ecf42 100644 ret #define sk_negative_common(SIZE) \ +@@ -140,7 +149,7 @@ bpf_slow_path_byte_msh: + push %r9; \ + push SKBDATA; \ + /* rsi already has offset */ \ +- mov $SIZE,%ecx; /* size */ \ ++ mov $SIZE,%edx; /* size */ \ + call bpf_internal_load_pointer_neg_helper; \ + test %rax,%rax; \ + pop SKBDATA; \ @@ -157,6 +166,7 @@ sk_load_word_negative_offset: sk_negative_common(4) mov (%rax), %eax @@ -33247,7 +33305,7 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 4ed75dd..8dfe0d5 100644 +index 4ed75dd..3cf24f0b 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) @@ -33446,14 +33504,9 @@ index 4ed75dd..8dfe0d5 100644 if (!bpf_jit_enable) return; -@@ -202,11 +297,15 @@ void bpf_jit_compile(struct sk_filter *fp) - if (addrs == NULL) +@@ -203,10 +298,10 @@ void bpf_jit_compile(struct sk_filter *fp) return; -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ randkey = get_random_int(); -+#endif -+ /* Before first pass, make a rough estimation of addrs[] - * each bpf instruction is translated to less than 64 bytes + * each bpf instruction is translated to less than MAX_INSTR_CODE_SIZE bytes @@ -33464,6 +33517,17 @@ index 4ed75dd..8dfe0d5 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ +@@ -285,6 +380,10 @@ void bpf_jit_compile(struct sk_filter *fp) + for (i = 0; i < flen; i++) { + unsigned int K = filter[i].k; + ++#ifdef CONFIG_GRKERNSEC_JIT_HARDEN ++ randkey = prandom_u32(); ++#endif ++ + switch (filter[i].code) { + case BPF_S_ALU_ADD_X: /* A += X; */ + seen |= SEEN_XREG; @@ -317,10 +416,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) @@ -38550,7 +38614,7 @@ index 4cf0d28..5830372 100644 .priority = 1, }; diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c -index d51f17ed..9f43b15 100644 +index aa366ec..f34f555 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -112,10 +112,10 @@ struct pstate_funcs { @@ -39780,10 +39844,10 @@ index a209177..842a89a 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 2bde35d..529646c 100644 +index 3c5ff7a..ae759ca 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -10492,13 +10492,13 @@ struct intel_quirk { +@@ -10506,13 +10506,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -39799,7 +39863,7 @@ index 2bde35d..529646c 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -10506,18 +10506,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -10520,18 +10520,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } @@ -43343,7 +43407,7 @@ index 3ba6a38..b0fa9b0 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 7da3476..f75839e 100644 +index 3bb4506..56e20cc 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -49358,7 +49422,7 @@ index f1bbb8c..a73eaba 100644 unsigned int p2m_timeouts; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index 0315f60..2ecae10 100644 +index 0315f60..ce93f406 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -418,11 +418,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) @@ -49382,7 +49446,7 @@ index 0315f60..2ecae10 100644 */ #ifdef CONFIG_64BIT - atomic64_add(1, (atomic64_t *)&priv->stats.rx_dropped); -+ atomic64_unchecked_add(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped); ++ atomic64_add_unchecked(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped); #else - atomic_add(1, (atomic_t *)&priv->stats.rx_dropped); + atomic_add_unchecked(1, (atomic_unchecked_t *)&priv->stats.rx_dropped); @@ -51421,10 +51485,10 @@ index b369292..9f3ba40 100644 gs_free_requests(gser->out, &port->read_pool, NULL); gs_free_requests(gser->out, &port->read_queue, NULL); diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index 835fc08..f8b22bf 100644 +index 1bb85be..29e28d9 100644 --- a/drivers/usb/host/ehci-hub.c +++ b/drivers/usb/host/ehci-hub.c -@@ -762,7 +762,7 @@ static struct urb *request_single_step_set_feature_urb( +@@ -780,7 +780,7 @@ static struct urb *request_single_step_set_feature_urb( urb->transfer_flags = URB_DIR_IN; usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -51433,7 +51497,7 @@ index 835fc08..f8b22bf 100644 urb->setup_dma = dma_map_single( hcd->self.controller, urb->setup_packet, -@@ -829,7 +829,7 @@ static int ehset_single_step_set_feature(struct usb_hcd *hcd, int port) +@@ -847,7 +847,7 @@ static int ehset_single_step_set_feature(struct usb_hcd *hcd, int port) urb->status = -EINPROGRESS; usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -55158,7 +55222,7 @@ index 062a5f6..e5618e0 100644 file = aio_private_file(ctx, nr_pages); diff --git a/fs/attr.c b/fs/attr.c -index 267968d..5dd8f96 100644 +index 5d4e59d..fd02418 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -56847,7 +56911,7 @@ index 579c6d5..95b6d03353 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 5a5a872..63e4c62 100644 +index a1c9ead..63e4c62 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -56868,63 +56932,6 @@ index 5a5a872..63e4c62 100644 scanned = true; } retry: -@@ -2381,7 +2385,7 @@ cifs_iovec_write(struct file *file, const struct iovec *iov, - unsigned long nr_segs, loff_t *poffset) - { - unsigned long nr_pages, i; -- size_t copied, len, cur_len; -+ size_t bytes, copied, len, cur_len; - ssize_t total_written = 0; - loff_t offset; - struct iov_iter it; -@@ -2436,14 +2440,45 @@ cifs_iovec_write(struct file *file, const struct iovec *iov, - - save_len = cur_len; - for (i = 0; i < nr_pages; i++) { -- copied = min_t(const size_t, cur_len, PAGE_SIZE); -+ bytes = min_t(const size_t, cur_len, PAGE_SIZE); - copied = iov_iter_copy_from_user(wdata->pages[i], &it, -- 0, copied); -+ 0, bytes); - cur_len -= copied; - iov_iter_advance(&it, copied); -+ /* -+ * If we didn't copy as much as we expected, then that -+ * may mean we trod into an unmapped area. Stop copying -+ * at that point. On the next pass through the big -+ * loop, we'll likely end up getting a zero-length -+ * write and bailing out of it. -+ */ -+ if (copied < bytes) -+ break; - } - cur_len = save_len - cur_len; - -+ /* -+ * If we have no data to send, then that probably means that -+ * the copy above failed altogether. That's most likely because -+ * the address in the iovec was bogus. Set the rc to -EFAULT, -+ * free anything we allocated and bail out. -+ */ -+ if (!cur_len) { -+ for (i = 0; i < nr_pages; i++) -+ put_page(wdata->pages[i]); -+ kfree(wdata); -+ rc = -EFAULT; -+ break; -+ } -+ -+ /* -+ * i + 1 now represents the number of pages we actually used in -+ * the copy phase above. Bring nr_pages down to that, and free -+ * any pages that we didn't use. -+ */ -+ for ( ; nr_pages > i + 1; nr_pages--) -+ put_page(wdata->pages[nr_pages - 1]); -+ - wdata->sync_mode = WB_SYNC_ALL; - wdata->nr_pages = nr_pages; - wdata->offset = (__u64)offset; diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c index 2f9f379..43f8025 100644 --- a/fs/cifs/misc.c @@ -57057,10 +57064,10 @@ index ffc9ef9..b3c992b 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 757da3e..07bf1ed 100644 +index 192f51a..539307e 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c -@@ -370,8 +370,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) +@@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) #ifdef CONFIG_CIFS_STATS int i; for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) { @@ -57071,7 +57078,7 @@ index 757da3e..07bf1ed 100644 } #endif } -@@ -411,65 +411,65 @@ static void +@@ -405,65 +405,65 @@ static void smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -57178,10 +57185,10 @@ index 757da3e..07bf1ed 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 2013234..a720734 100644 +index 787e171..31dcd0a 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c -@@ -2091,8 +2091,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, +@@ -2093,8 +2093,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, default: cifs_dbg(VFS, "info level %u isn't supported\n", srch_inf->info_level); @@ -58492,19 +58499,10 @@ index 6ea7b14..8fa16d9 100644 if (free_clusters >= (nclusters + dirty_clusters + resv_clusters)) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index ece5556..242c50a 100644 +index d3a534f..242c50a 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -771,6 +771,8 @@ do { \ - if (EXT4_FITS_IN_INODE(raw_inode, einode, xtime)) \ - (einode)->xtime.tv_sec = \ - (signed)le32_to_cpu((raw_inode)->xtime); \ -+ else \ -+ (einode)->xtime.tv_sec = 0; \ - if (EXT4_FITS_IN_INODE(raw_inode, einode, xtime ## _extra)) \ - ext4_decode_extra_time(&(einode)->xtime, \ - raw_inode->xtime ## _extra); \ -@@ -1267,19 +1269,19 @@ struct ext4_sb_info { +@@ -1269,19 +1269,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -58534,39 +58532,6 @@ index ece5556..242c50a 100644 atomic_t s_lock_busy; /* locality groups */ -diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c -index 3384dc4..02dd709 100644 ---- a/fs/ext4/extents.c -+++ b/fs/ext4/extents.c -@@ -3906,6 +3906,7 @@ ext4_ext_handle_uninitialized_extents(handle_t *handle, struct inode *inode, - } else - err = ret; - map->m_flags |= EXT4_MAP_MAPPED; -+ map->m_pblk = newblock; - if (allocated > map->m_len) - allocated = map->m_len; - map->m_len = allocated; -diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c -index 60589b6..4a5fe55 100644 ---- a/fs/ext4/ioctl.c -+++ b/fs/ext4/ioctl.c -@@ -144,7 +144,7 @@ static long swap_inode_boot_loader(struct super_block *sb, - handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); - if (IS_ERR(handle)) { - err = -EINVAL; -- goto swap_boot_out; -+ goto journal_err_out; - } - - /* Protect extent tree against block allocations via delalloc */ -@@ -202,6 +202,7 @@ static long swap_inode_boot_loader(struct super_block *sb, - - ext4_double_up_write_data_sem(inode, inode_bl); - -+journal_err_out: - ext4_inode_resume_unlocked_dio(inode); - ext4_inode_resume_unlocked_dio(inode_bl); - diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 04a5c75..09894fa 100644 --- a/fs/ext4/mballoc.c @@ -58697,96 +58662,8 @@ index 04434ad..6404663 100644 __ext4_warning(sb, function, line, "MMP failure info: last update time: %llu, last update " "node: %s, last update device: %s\n", -diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index c5adbb3..f3b84cd 100644 ---- a/fs/ext4/resize.c -+++ b/fs/ext4/resize.c -@@ -243,6 +243,7 @@ static int ext4_alloc_group_tables(struct super_block *sb, - ext4_group_t group; - ext4_group_t last_group; - unsigned overhead; -+ __u16 uninit_mask = (flexbg_size > 1) ? ~EXT4_BG_BLOCK_UNINIT : ~0; - - BUG_ON(flex_gd->count == 0 || group_data == NULL); - -@@ -266,7 +267,7 @@ next_group: - src_group++; - for (; src_group <= last_group; src_group++) { - overhead = ext4_group_overhead_blocks(sb, src_group); -- if (overhead != 0) -+ if (overhead == 0) - last_blk += group_data[src_group - group].blocks_count; - else - break; -@@ -280,8 +281,7 @@ next_group: - group = ext4_get_group_number(sb, start_blk - 1); - group -= group_data[0].group; - group_data[group].free_blocks_count--; -- if (flexbg_size > 1) -- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT; -+ flex_gd->bg_flags[group] &= uninit_mask; - } - - /* Allocate inode bitmaps */ -@@ -292,22 +292,30 @@ next_group: - group = ext4_get_group_number(sb, start_blk - 1); - group -= group_data[0].group; - group_data[group].free_blocks_count--; -- if (flexbg_size > 1) -- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT; -+ flex_gd->bg_flags[group] &= uninit_mask; - } - - /* Allocate inode tables */ - for (; it_index < flex_gd->count; it_index++) { -- if (start_blk + EXT4_SB(sb)->s_itb_per_group > last_blk) -+ unsigned int itb = EXT4_SB(sb)->s_itb_per_group; -+ ext4_fsblk_t next_group_start; -+ -+ if (start_blk + itb > last_blk) - goto next_group; - group_data[it_index].inode_table = start_blk; -- group = ext4_get_group_number(sb, start_blk - 1); -+ group = ext4_get_group_number(sb, start_blk); -+ next_group_start = ext4_group_first_block_no(sb, group + 1); - group -= group_data[0].group; -- group_data[group].free_blocks_count -= -- EXT4_SB(sb)->s_itb_per_group; -- if (flexbg_size > 1) -- flex_gd->bg_flags[group] &= ~EXT4_BG_BLOCK_UNINIT; - -+ if (start_blk + itb > next_group_start) { -+ flex_gd->bg_flags[group + 1] &= uninit_mask; -+ overhead = start_blk + itb - next_group_start; -+ group_data[group + 1].free_blocks_count -= overhead; -+ itb -= overhead; -+ } -+ -+ group_data[group].free_blocks_count -= itb; -+ flex_gd->bg_flags[group] &= uninit_mask; - start_blk += EXT4_SB(sb)->s_itb_per_group; - } - -@@ -401,7 +409,7 @@ static int set_flexbg_block_bitmap(struct super_block *sb, handle_t *handle, - start = ext4_group_first_block_no(sb, group); - group -= flex_gd->groups[0].group; - -- count2 = sb->s_blocksize * 8 - (block - start); -+ count2 = EXT4_BLOCKS_PER_GROUP(sb) - (block - start); - if (count2 > count) - count2 = count; - -@@ -620,7 +628,7 @@ handle_ib: - if (err) - goto out; - count = group_table_count[j]; -- start = group_data[i].block_bitmap; -+ start = (&group_data[i].block_bitmap)[j]; - block = start; - } - diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 1f7784d..a82e4e8 100644 +index 710fed2..a82e4e8 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -1270,7 +1270,7 @@ static ext4_fsblk_t get_sb_block(void **data) @@ -58807,36 +58684,6 @@ index 1f7784d..a82e4e8 100644 static int parse_strtoull(const char *buf, unsigned long long max, unsigned long long *value) -@@ -3695,16 +3695,22 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - for (i = 0; i < 4; i++) - sbi->s_hash_seed[i] = le32_to_cpu(es->s_hash_seed[i]); - sbi->s_def_hash_version = es->s_def_hash_version; -- i = le32_to_cpu(es->s_flags); -- if (i & EXT2_FLAGS_UNSIGNED_HASH) -- sbi->s_hash_unsigned = 3; -- else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { -+ if (EXT4_HAS_COMPAT_FEATURE(sb, EXT4_FEATURE_COMPAT_DIR_INDEX)) { -+ i = le32_to_cpu(es->s_flags); -+ if (i & EXT2_FLAGS_UNSIGNED_HASH) -+ sbi->s_hash_unsigned = 3; -+ else if ((i & EXT2_FLAGS_SIGNED_HASH) == 0) { - #ifdef __CHAR_UNSIGNED__ -- es->s_flags |= cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); -- sbi->s_hash_unsigned = 3; -+ if (!(sb->s_flags & MS_RDONLY)) -+ es->s_flags |= -+ cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH); -+ sbi->s_hash_unsigned = 3; - #else -- es->s_flags |= cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); -+ if (!(sb->s_flags & MS_RDONLY)) -+ es->s_flags |= -+ cpu_to_le32(EXT2_FLAGS_SIGNED_HASH); - #endif -+ } - } - - /* Handle clustersize */ diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 1423c48..9c0c6dc 100644 --- a/fs/ext4/xattr.c @@ -60570,26 +60417,6 @@ index 4bcdad3..1883822 100644 res = next - LAST_INO_BATCH; } -diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c -index 8360674..60bb365 100644 ---- a/fs/jbd2/transaction.c -+++ b/fs/jbd2/transaction.c -@@ -514,11 +514,13 @@ int jbd2_journal_start_reserved(handle_t *handle, unsigned int type, - * similarly constrained call sites - */ - ret = start_this_handle(journal, handle, GFP_NOFS); -- if (ret < 0) -+ if (ret < 0) { - jbd2_journal_free_reserved(handle); -+ return ret; -+ } - handle->h_type = type; - handle->h_line_no = line_no; -- return ret; -+ return 0; - } - EXPORT_SYMBOL(jbd2_journal_start_reserved); - diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c index 4a6cf28..d3a29d3 100644 --- a/fs/jffs2/erase.c @@ -61435,10 +61262,10 @@ index f4ccfe6..a5cf064 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 00ad1c2..2fde15e 100644 +index 5d94c02..630214f 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1146,16 +1146,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1153,16 +1153,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -62398,7 +62225,7 @@ index 1bd2077..2f7cfd5 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 03c8d74..4efb575 100644 +index 03c8d74..68a79e8 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -113,6 +113,14 @@ struct pid_entry { @@ -62707,7 +62534,15 @@ index 03c8d74..4efb575 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2172,6 +2290,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -1819,6 +1937,7 @@ static int proc_map_files_get_link(struct dentry *dentry, struct path *path) + if (rc) + goto out_mmput; + ++ rc = -ENOENT; + down_read(&mm->mmap_sem); + vma = find_exact_vma(mm, vm_start, vm_end); + if (vma && vma->vm_file) { +@@ -2172,6 +2291,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -62717,7 +62552,7 @@ index 03c8d74..4efb575 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc// without very good reasons. -@@ -2202,6 +2323,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, +@@ -2202,6 +2324,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx, if (!task) return -ENOENT; @@ -62727,7 +62562,7 @@ index 03c8d74..4efb575 100644 if (!dir_emit_dots(file, ctx)) goto out; -@@ -2591,7 +2715,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2591,7 +2716,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -62736,7 +62571,7 @@ index 03c8d74..4efb575 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2616,10 +2740,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2616,10 +2741,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -62749,7 +62584,7 @@ index 03c8d74..4efb575 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2653,6 +2777,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2653,6 +2778,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -62759,7 +62594,7 @@ index 03c8d74..4efb575 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2783,7 +2910,14 @@ static int proc_pid_instantiate(struct inode *dir, +@@ -2783,7 +2911,14 @@ static int proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -62774,7 +62609,7 @@ index 03c8d74..4efb575 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2821,7 +2955,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2821,7 +2956,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -62786,7 +62621,7 @@ index 03c8d74..4efb575 100644 put_task_struct(task); out: return ERR_PTR(result); -@@ -2927,7 +3065,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2927,7 +3066,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -62795,7 +62630,7 @@ index 03c8d74..4efb575 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2954,10 +3092,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2954,10 +3093,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -78958,7 +78793,7 @@ index 89b7c24..382af74 100644 return res->end - res->start + 1; } diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h -index f6c82de..de8619e 100644 +index d6ad91f..f10f279 100644 --- a/include/linux/ipc_namespace.h +++ b/include/linux/ipc_namespace.h @@ -70,7 +70,7 @@ struct ipc_namespace { @@ -79980,7 +79815,7 @@ index 69be3e6..0fb422d 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index ce2a1f5..cb9bc8c 100644 +index 2177a6b..67fc561 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -1129,6 +1129,7 @@ struct net_device_ops { @@ -81015,7 +80850,7 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 6f69b3f..71ac613 100644 +index 37cb679..dbaebc0 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -643,7 +643,7 @@ bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, @@ -81081,7 +80916,7 @@ index 6f69b3f..71ac613 100644 struct iovec *to, int size); int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, int hlen, struct iovec *iov); -@@ -2617,6 +2617,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2618,6 +2618,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -83873,10 +83708,19 @@ index b0e99de..09f385c 100644 int oldval; int rc; diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c -index 383d638..943fdbb 100644 +index 5bb8bfe..a38ec05 100644 --- a/ipc/mq_sysctl.c +++ b/ipc/mq_sysctl.c @@ -25,7 +25,7 @@ static void *get_mq(ctl_table *table) + static int proc_mq_dointvec(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table mq_table; ++ ctl_table_no_const mq_table; + memcpy(&mq_table, table, sizeof(mq_table)); + mq_table.data = get_mq(table); + +@@ -35,7 +35,7 @@ static int proc_mq_dointvec(ctl_table *table, int write, static int proc_mq_dointvec_minmax(ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -83886,7 +83730,7 @@ index 383d638..943fdbb 100644 mq_table.data = get_mq(table); diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 95827ce..09e6d38 100644 +index b8d4aed..96a4fe8 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, @@ -84262,10 +84106,10 @@ index 4e66bf9..cdccecf 100644 +} +EXPORT_SYMBOL(inode_capable_nolog); diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index bc1dcab..f3a6b42 100644 +index 271acd8..54b70fe 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5607,7 +5607,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, +@@ -5609,7 +5609,7 @@ static int cgroup_css_links_read(struct cgroup_subsys_state *css, struct css_set *cset = link->cset; struct task_struct *task; int count = 0; @@ -84685,7 +84529,7 @@ index 0b097c8..11dd5c5 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index f574401..11b21f0 100644 +index 6ed1163..f36346e 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -157,8 +157,15 @@ static struct srcu_struct pmus_srcu; @@ -85557,7 +85401,7 @@ index 9c97016..df438f8 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index b086006..655e2aa 100644 +index b086006..b66f630 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -85685,7 +85529,7 @@ index b086006..655e2aa 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -218,6 +271,19 @@ static int ____call_usermodehelper(void *data) +@@ -218,6 +271,20 @@ static int ____call_usermodehelper(void *data) */ set_user_nice(current, 0); @@ -85695,7 +85539,8 @@ index b086006..655e2aa 100644 + on that copy + */ + if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) && -+ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7)) || strstr(sub_info->path, "..")) { ++ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) && ++ strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) { + printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path); + retval = -EPERM; + goto fail; @@ -85705,7 +85550,7 @@ index b086006..655e2aa 100644 retval = -ENOMEM; new = prepare_kernel_cred(current); if (!new) -@@ -240,8 +306,8 @@ static int ____call_usermodehelper(void *data) +@@ -240,8 +307,8 @@ static int ____call_usermodehelper(void *data) commit_creds(new); retval = do_execve(sub_info->path, @@ -85716,7 +85561,7 @@ index b086006..655e2aa 100644 if (!retval) return 0; -@@ -260,6 +326,10 @@ static int call_helper(void *data) +@@ -260,6 +327,10 @@ static int call_helper(void *data) static void call_usermodehelper_freeinfo(struct subprocess_info *info) { @@ -85727,7 +85572,7 @@ index b086006..655e2aa 100644 if (info->cleanup) (*info->cleanup)(info); kfree(info); -@@ -303,7 +373,7 @@ static int wait_for_helper(void *data) +@@ -303,7 +374,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -85736,7 +85581,7 @@ index b086006..655e2aa 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -542,7 +612,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, +@@ -542,7 +613,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, goto out; INIT_WORK(&sub_info->work, __call_usermodehelper); @@ -85749,7 +85594,7 @@ index b086006..655e2aa 100644 sub_info->argv = argv; sub_info->envp = envp; -@@ -650,7 +725,7 @@ EXPORT_SYMBOL(call_usermodehelper); +@@ -650,7 +726,7 @@ EXPORT_SYMBOL(call_usermodehelper); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -87021,9 +86866,18 @@ index 2abd25d..02c4faa 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index c00b4ce..a846117 100644 +index c00b4ce..98c7d1a 100644 --- a/kernel/panic.c +++ b/kernel/panic.c +@@ -52,7 +52,7 @@ EXPORT_SYMBOL(panic_blink); + /* + * Stop ourself in panic -- architecture code may override this + */ +-void __weak panic_smp_self_stop(void) ++void __weak __noreturn panic_smp_self_stop(void) + { + while (1) + cpu_relax(); @@ -407,7 +407,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, disable_trace_on_warning(); @@ -89922,10 +89776,10 @@ index 4431610..4265616 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index b010eac..e4bda78 100644 +index a8381cf..1ce1331 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -4671,7 +4671,7 @@ static void rebind_workers(struct worker_pool *pool) +@@ -4678,7 +4678,7 @@ static void rebind_workers(struct worker_pool *pool) WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); worker_flags |= WORKER_REBOUND; worker_flags &= ~WORKER_UNBOUND; @@ -90721,6 +90575,72 @@ index ce682f7..1fb54f9 100644 if (err) { bdi_destroy(bdi); return err; +diff --git a/mm/compaction.c b/mm/compaction.c +index f58bcd0..b74dc61 100644 +--- a/mm/compaction.c ++++ b/mm/compaction.c +@@ -251,7 +251,6 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, + { + int nr_scanned = 0, total_isolated = 0; + struct page *cursor, *valid_page = NULL; +- unsigned long nr_strict_required = end_pfn - blockpfn; + unsigned long flags; + bool locked = false; + +@@ -264,11 +263,12 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, + + nr_scanned++; + if (!pfn_valid_within(blockpfn)) +- continue; ++ goto isolate_fail; ++ + if (!valid_page) + valid_page = page; + if (!PageBuddy(page)) +- continue; ++ goto isolate_fail; + + /* + * The zone lock must be held to isolate freepages. +@@ -289,12 +289,10 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, + + /* Recheck this is a buddy page under lock */ + if (!PageBuddy(page)) +- continue; ++ goto isolate_fail; + + /* Found a free page, break it into order-0 pages */ + isolated = split_free_page(page); +- if (!isolated && strict) +- break; + total_isolated += isolated; + for (i = 0; i < isolated; i++) { + list_add(&page->lru, freelist); +@@ -305,7 +303,15 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, + if (isolated) { + blockpfn += isolated - 1; + cursor += isolated - 1; ++ continue; + } ++ ++isolate_fail: ++ if (strict) ++ break; ++ else ++ continue; ++ + } + + trace_mm_compaction_isolate_freepages(nr_scanned, total_isolated); +@@ -315,7 +321,7 @@ static unsigned long isolate_freepages_block(struct compact_control *cc, + * pages requested were isolated. If there were any failures, 0 is + * returned and CMA will fail. + */ +- if (strict && nr_strict_required > total_isolated) ++ if (strict && blockpfn < end_pfn) + total_isolated = 0; + + if (locked) diff --git a/mm/filemap.c b/mm/filemap.c index b7749a9..50d1123 100644 --- a/mm/filemap.c @@ -91225,7 +91145,7 @@ index 90977ac..487ab84 100644 } unset_migratetype_isolate(page, MIGRATE_MOVABLE); diff --git a/mm/memory.c b/mm/memory.c -index 6768ce9..4c41d69 100644 +index dda27b9..c56b9d6 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -402,6 +402,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -91795,10 +91715,10 @@ index 6768ce9..4c41d69 100644 + } +#endif + - retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3838,6 +4079,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) + if (!pud) +@@ -3830,6 +4071,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -91822,7 +91742,7 @@ index 6768ce9..4c41d69 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3868,6 +4126,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3860,6 +4118,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -91853,7 +91773,7 @@ index 6768ce9..4c41d69 100644 #endif /* __PAGETABLE_PMD_FOLDED */ #if !defined(__HAVE_ARCH_GATE_AREA) -@@ -3881,7 +4163,7 @@ static int __init gate_vma_init(void) +@@ -3873,7 +4155,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -91862,7 +91782,7 @@ index 6768ce9..4c41d69 100644 return 0; } -@@ -4015,8 +4297,8 @@ out: +@@ -4007,8 +4289,8 @@ out: return ret; } @@ -91873,7 +91793,7 @@ index 6768ce9..4c41d69 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4042,8 +4324,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); +@@ -4034,8 +4316,8 @@ EXPORT_SYMBOL_GPL(generic_access_phys); * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -91884,7 +91804,7 @@ index 6768ce9..4c41d69 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4051,7 +4333,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4043,7 +4325,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -91893,7 +91813,7 @@ index 6768ce9..4c41d69 100644 void *maddr; struct page *page = NULL; -@@ -4110,8 +4392,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4102,8 +4384,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -91904,7 +91824,7 @@ index 6768ce9..4c41d69 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4121,11 +4403,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4113,11 +4395,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -95569,22 +95489,6 @@ index 9321a77..ed2f256 100644 set_fs(oldfs); if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN) -diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c -index 9c5a1aa..3c6c637 100644 ---- a/net/9p/trans_virtio.c -+++ b/net/9p/trans_virtio.c -@@ -340,7 +340,10 @@ static int p9_get_mapped_pages(struct virtio_chan *chan, - int count = nr_pages; - while (nr_pages) { - s = rest_of_page(data); -- pages[index++] = kmap_to_page(data); -+ if (is_vmalloc_addr(data)) -+ pages[index++] = vmalloc_to_page(data); -+ else -+ pages[index++] = kmap_to_page(data); - data += s; - nr_pages--; - } diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c index 876fbe8..8bbea9f 100644 --- a/net/atm/atm_misc.c @@ -95764,10 +95668,10 @@ index 919a5ce..cc6b444 100644 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); if (!table) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index b9c8a6e..ed0f711 100644 +index f7270b9..cd0d879 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -297,7 +297,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) +@@ -307,7 +307,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) /* randomize initial seqno to avoid collision */ get_random_bytes(&random_seqno, sizeof(random_seqno)); @@ -95776,7 +95680,7 @@ index b9c8a6e..ed0f711 100644 hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); -@@ -884,9 +884,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) +@@ -894,9 +894,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) batadv_ogm_packet->tvlv_len = htons(tvlv_len); /* change sequence number to network order */ @@ -95788,7 +95692,7 @@ index b9c8a6e..ed0f711 100644 batadv_iv_ogm_slide_own_bcast_window(hard_iface); batadv_iv_ogm_queue_add(bat_priv, hard_iface->bat_iv.ogm_buff, -@@ -1251,7 +1251,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, +@@ -1261,7 +1261,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ @@ -96072,10 +95976,10 @@ index 0f45522..dab651f 100644 list_del(&p->list); goto out; diff --git a/net/can/af_can.c b/net/can/af_can.c -index d249874..99e197b 100644 +index a27f8aa..67174a3 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c -@@ -862,7 +862,7 @@ static const struct net_proto_family can_family_ops = { +@@ -863,7 +863,7 @@ static const struct net_proto_family can_family_ops = { }; /* notifier block for netdevice event */ @@ -96291,7 +96195,7 @@ index a16ed7b..eb44d17 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 0ce469e..dfb53d2 100644 +index 616eccf..31832d38 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1684,14 +1684,14 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) @@ -96311,7 +96215,7 @@ index 0ce469e..dfb53d2 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2434,7 +2434,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2434,7 +2434,7 @@ static int illegal_highdma(const struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -96320,7 +96224,7 @@ index 0ce469e..dfb53d2 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -3222,7 +3222,7 @@ enqueue: +@@ -3224,7 +3224,7 @@ enqueue: local_irq_restore(flags); @@ -96329,7 +96233,7 @@ index 0ce469e..dfb53d2 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3294,7 +3294,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3296,7 +3296,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -96338,7 +96242,7 @@ index 0ce469e..dfb53d2 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3628,7 +3628,7 @@ ncls: +@@ -3630,7 +3630,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -96347,7 +96251,7 @@ index 0ce469e..dfb53d2 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4288,7 +4288,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4290,7 +4290,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -96356,7 +96260,7 @@ index 0ce469e..dfb53d2 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -6177,7 +6177,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6179,7 +6179,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -96560,7 +96464,7 @@ index 81d3a9a..a0bd7a8 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index 19fe9c7..b6bb620 100644 +index 81975f2..9ef3531 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -435,7 +435,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -96661,10 +96565,10 @@ index b442e7e..6f5b5a2 100644 { struct socket *sock; diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index 0b5149c..24e9976 100644 +index deffb37..213db0a 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2004,7 +2004,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -2006,7 +2006,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -96673,7 +96577,7 @@ index 0b5149c..24e9976 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3117,13 +3117,15 @@ void __init skb_init(void) +@@ -3119,13 +3119,15 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -96692,7 +96596,7 @@ index 0b5149c..24e9976 100644 } diff --git a/net/core/sock.c b/net/core/sock.c -index 5393b4b..997c88b 100644 +index fbc5cfb..6d7e8c3 100644 --- a/net/core/sock.c +++ b/net/core/sock.c @@ -393,7 +393,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -96779,7 +96683,7 @@ index 5393b4b..997c88b 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2351,7 +2351,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2353,7 +2353,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -96788,7 +96692,7 @@ index 5393b4b..997c88b 100644 } EXPORT_SYMBOL(sock_init_data); -@@ -2476,6 +2476,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) +@@ -2478,6 +2478,7 @@ void sock_enable_timestamp(struct sock *sk, int flag) int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, int level, int type) { @@ -96796,7 +96700,7 @@ index 5393b4b..997c88b 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2497,7 +2498,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, +@@ -2499,7 +2500,8 @@ int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len, sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -97028,10 +96932,10 @@ index 70011e0..454ca6a 100644 } diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index a1b5bcb..62ec5c6 100644 +index f4b34d8..c54a163 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c -@@ -1533,7 +1533,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) +@@ -1534,7 +1534,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -97040,7 +96944,7 @@ index a1b5bcb..62ec5c6 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -1844,7 +1844,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, +@@ -1845,7 +1845,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, idx = 0; head = &net->dev_index_head[h]; rcu_read_lock(); @@ -97049,7 +96953,7 @@ index a1b5bcb..62ec5c6 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2069,7 +2069,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, +@@ -2070,7 +2070,7 @@ static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) @@ -97058,7 +96962,7 @@ index a1b5bcb..62ec5c6 100644 struct ctl_table_header *sysctl_header; struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; } devinet_sysctl = { -@@ -2191,7 +2191,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2192,7 +2192,7 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL @@ -97067,7 +96971,7 @@ index a1b5bcb..62ec5c6 100644 struct ctl_table_header *forw_hdr; #endif -@@ -2209,7 +2209,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2210,7 +2210,7 @@ static __net_init int devinet_init_net(struct net *net) goto err_alloc_dflt; #ifdef CONFIG_SYSCTL @@ -97076,7 +96980,7 @@ index a1b5bcb..62ec5c6 100644 if (tbl == NULL) goto err_alloc_ctl; -@@ -2229,7 +2229,10 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2230,7 +2230,10 @@ static __net_init int devinet_init_net(struct net *net) goto err_reg_dflt; err = -ENOMEM; @@ -97088,7 +96992,7 @@ index a1b5bcb..62ec5c6 100644 if (forw_hdr == NULL) goto err_reg_ctl; net->ipv4.forw_hdr = forw_hdr; -@@ -2245,8 +2248,7 @@ err_reg_ctl: +@@ -2246,8 +2249,7 @@ err_reg_ctl: err_reg_dflt: __devinet_sysctl_unregister(all); err_reg_all: @@ -97666,7 +97570,7 @@ index 23c3e5b..cdb8b36 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index f8da282..133a1c7 100644 +index e611651f..0c17263 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2621,34 +2621,34 @@ static struct ctl_table ipv4_route_flush_table[] = { @@ -98212,7 +98116,7 @@ index e1a6393..f634ce5 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 4b6b720..272c0c5 100644 +index 9c05d77..9cfa714 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -589,7 +589,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -98233,7 +98137,7 @@ index 4b6b720..272c0c5 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -3962,7 +3962,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -3964,7 +3964,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -98242,7 +98146,7 @@ index 4b6b720..272c0c5 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4569,7 +4569,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4571,7 +4571,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -98251,7 +98155,7 @@ index 4b6b720..272c0c5 100644 rt_genid_bump_ipv6(net); } -@@ -4590,7 +4590,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, +@@ -4592,7 +4592,7 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -98260,7 +98164,7 @@ index 4b6b720..272c0c5 100644 int ret; /* -@@ -4675,7 +4675,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, +@@ -4677,7 +4677,7 @@ int addrconf_sysctl_disable(struct ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -98716,9 +98620,18 @@ index cc85a9b..526a133 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 4b4944c..4580b91 100644 +index 4b4944c..d346b14 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c +@@ -1495,7 +1495,7 @@ int ip6_route_add(struct fib6_config *cfg) + if (!table) + goto out; + +- rt = ip6_dst_alloc(net, NULL, DST_NOCOUNT, table); ++ rt = ip6_dst_alloc(net, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT, table); + + if (!rt) { + err = -ENOMEM; @@ -2954,7 +2954,7 @@ struct ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) @@ -100602,10 +100515,10 @@ index a26065b..af7be05 100644 auth.skb = chunk->auth_chunk; auth.asoc = chunk->asoc; diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 42b709c..e7d09ac 100644 +index 146b35d..1021a34 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -2153,11 +2153,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -2176,11 +2176,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -100620,7 +100533,7 @@ index 42b709c..e7d09ac 100644 /* * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, -@@ -4229,13 +4231,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, +@@ -4252,13 +4254,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -100638,7 +100551,7 @@ index 42b709c..e7d09ac 100644 return -EFAULT; return 0; } -@@ -4253,6 +4258,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4276,6 +4281,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -100647,7 +100560,7 @@ index 42b709c..e7d09ac 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4261,7 +4268,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4284,7 +4291,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -100657,7 +100570,7 @@ index 42b709c..e7d09ac 100644 return -EFAULT; return 0; } -@@ -4633,12 +4641,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4656,12 +4664,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -100674,7 +100587,7 @@ index 42b709c..e7d09ac 100644 return -EFAULT; return 0; } -@@ -4679,6 +4690,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4702,6 +4713,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -100724,7 +100637,7 @@ index b0565af..d135e6e 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index e83c416..1094d88 100644 +index e83c416..f87df4c 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -100899,7 +100812,18 @@ index e83c416..1094d88 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1972,6 +2038,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, + { + if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) + return -EFAULT; ++ ++ if (kmsg->msg_namelen < 0) ++ return -EINVAL; ++ + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) + kmsg->msg_namelen = sizeof(struct sockaddr_storage); + return 0; +@@ -2047,7 +2117,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -100908,7 +100832,7 @@ index e83c416..1094d88 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2227,7 +2297,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -100917,7 +100841,7 @@ index e83c416..1094d88 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2871,7 +2937,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2871,7 +2941,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) ifr = compat_alloc_user_space(buf_size); rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); @@ -100926,7 +100850,7 @@ index e83c416..1094d88 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2985,14 +3051,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2985,14 +3055,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -100943,7 +100867,7 @@ index e83c416..1094d88 100644 return -EFAULT; if (get_user(data, &ifr32->ifr_ifru.ifru_data)) -@@ -3094,7 +3160,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3094,7 +3164,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -100952,7 +100876,7 @@ index e83c416..1094d88 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3199,7 +3265,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3199,7 +3269,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -100961,7 +100885,7 @@ index e83c416..1094d88 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3425,8 +3491,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3425,8 +3495,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -100972,7 +100896,7 @@ index e83c416..1094d88 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3446,7 +3512,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3446,7 +3516,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -100982,70 +100906,23 @@ index e83c416..1094d88 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c -index 42fdfc6..1eebf22 100644 +index a642fd616..1eebf22 100644 --- a/net/sunrpc/auth_gss/auth_gss.c +++ b/net/sunrpc/auth_gss/auth_gss.c -@@ -108,6 +108,7 @@ struct gss_auth { - static DEFINE_SPINLOCK(pipe_version_lock); - static struct rpc_wait_queue pipe_version_rpc_waitqueue; - static DECLARE_WAIT_QUEUE_HEAD(pipe_version_waitqueue); -+static void gss_put_auth(struct gss_auth *gss_auth); - - static void gss_free_ctx(struct gss_cl_ctx *); - static const struct rpc_pipe_ops gss_upcall_ops_v0; -@@ -320,6 +321,7 @@ gss_release_msg(struct gss_upcall_msg *gss_msg) - if (gss_msg->ctx != NULL) - gss_put_ctx(gss_msg->ctx); - rpc_destroy_wait_queue(&gss_msg->rpc_waitqueue); -+ gss_put_auth(gss_msg->auth); - kfree(gss_msg); - } - -@@ -498,9 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth, +@@ -500,10 +500,12 @@ gss_alloc_msg(struct gss_auth *gss_auth, default: err = gss_encode_v1_msg(gss_msg, service_name, gss_auth->target_name); if (err) - goto err_free_msg; + goto err_put_pipe_version; }; -+ kref_get(&gss_auth->kref); + kref_get(&gss_auth->kref); return gss_msg; +err_put_pipe_version: + put_pipe_version(gss_auth->net); err_free_msg: kfree(gss_msg); err: -@@ -1071,6 +1076,12 @@ gss_free_callback(struct kref *kref) - } - - static void -+gss_put_auth(struct gss_auth *gss_auth) -+{ -+ kref_put(&gss_auth->kref, gss_free_callback); -+} -+ -+static void - gss_destroy(struct rpc_auth *auth) - { - struct gss_auth *gss_auth = container_of(auth, -@@ -1091,7 +1102,7 @@ gss_destroy(struct rpc_auth *auth) - gss_auth->gss_pipe[1] = NULL; - rpcauth_destroy_credcache(auth); - -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - /* -@@ -1262,7 +1273,7 @@ gss_destroy_nullcred(struct rpc_cred *cred) - call_rcu(&cred->cr_rcu, gss_free_cred_callback); - if (ctx) - gss_put_ctx(ctx); -- kref_put(&gss_auth->kref, gss_free_callback); -+ gss_put_auth(gss_auth); - } - - static void diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c index 1b94a9c..496f7f5 100644 --- a/net/sunrpc/auth_gss/svcauth_gss.c @@ -101372,37 +101249,6 @@ index 62e4f9b..dd3f2d7 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); -diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c -index dd9d295..cad4a95 100644 ---- a/net/sunrpc/xprtsock.c -+++ b/net/sunrpc/xprtsock.c -@@ -504,6 +504,7 @@ static int xs_nospace(struct rpc_task *task) - struct rpc_rqst *req = task->tk_rqstp; - struct rpc_xprt *xprt = req->rq_xprt; - struct sock_xprt *transport = container_of(xprt, struct sock_xprt, xprt); -+ struct sock *sk = transport->inet; - int ret = -EAGAIN; - - dprintk("RPC: %5u xmit incomplete (%u left of %u)\n", -@@ -521,7 +522,7 @@ static int xs_nospace(struct rpc_task *task) - * window size - */ - set_bit(SOCK_NOSPACE, &transport->sock->flags); -- transport->inet->sk_write_pending++; -+ sk->sk_write_pending++; - /* ...and wait for more buffer space */ - xprt_wait_for_buffer_space(task, xs_nospace_callback); - } -@@ -531,6 +532,9 @@ static int xs_nospace(struct rpc_task *task) - } - - spin_unlock_bh(&xprt->transport_lock); -+ -+ /* Race breaker in case memory is freed before above code is called */ -+ sk->sk_write_space(sk); - return ret; - } - diff --git a/net/sysctl_net.c b/net/sysctl_net.c index e7000be..e3b0ba7 100644 --- a/net/sysctl_net.c @@ -102337,10 +102183,10 @@ index 8fac3fd..32ff38d 100644 unsigned int secindex_strings; diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..0ebde711 100644 +index e9c6ac7..75578c4 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,959 @@ +@@ -4,6 +4,960 @@ menu "Security options" @@ -102767,8 +102613,9 @@ index e9c6ac7..0ebde711 100644 + 3 GB. + +config PAX_EMUTRAMP -+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) -+ default y if PARISC ++ bool "Emulate trampolines" ++ default y if PARISC || GRKERNSEC_CONFIG_AUTO ++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) + help + There are some programs and libraries that for one reason or + another attempt to execute special small code snippets from @@ -103300,7 +103147,7 @@ index e9c6ac7..0ebde711 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +1056,7 @@ config INTEL_TXT +@@ -103,7 +1057,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX diff --git a/3.13.5/4425_grsec_remove_EI_PAX.patch b/3.13.6/4425_grsec_remove_EI_PAX.patch similarity index 100% rename from 3.13.5/4425_grsec_remove_EI_PAX.patch rename to 3.13.6/4425_grsec_remove_EI_PAX.patch diff --git a/3.13.5/4427_force_XATTR_PAX_tmpfs.patch b/3.13.6/4427_force_XATTR_PAX_tmpfs.patch similarity index 100% rename from 3.13.5/4427_force_XATTR_PAX_tmpfs.patch rename to 3.13.6/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.13.5/4430_grsec-remove-localversion-grsec.patch b/3.13.6/4430_grsec-remove-localversion-grsec.patch similarity index 100% rename from 3.13.5/4430_grsec-remove-localversion-grsec.patch rename to 3.13.6/4430_grsec-remove-localversion-grsec.patch diff --git a/3.13.5/4435_grsec-mute-warnings.patch b/3.13.6/4435_grsec-mute-warnings.patch similarity index 100% rename from 3.13.5/4435_grsec-mute-warnings.patch rename to 3.13.6/4435_grsec-mute-warnings.patch diff --git a/3.13.5/4440_grsec-remove-protected-paths.patch b/3.13.6/4440_grsec-remove-protected-paths.patch similarity index 100% rename from 3.13.5/4440_grsec-remove-protected-paths.patch rename to 3.13.6/4440_grsec-remove-protected-paths.patch diff --git a/3.13.5/4450_grsec-kconfig-default-gids.patch b/3.13.6/4450_grsec-kconfig-default-gids.patch similarity index 100% rename from 3.13.5/4450_grsec-kconfig-default-gids.patch rename to 3.13.6/4450_grsec-kconfig-default-gids.patch diff --git a/3.13.5/4465_selinux-avc_audit-log-curr_ip.patch b/3.13.6/4465_selinux-avc_audit-log-curr_ip.patch similarity index 100% rename from 3.13.5/4465_selinux-avc_audit-log-curr_ip.patch rename to 3.13.6/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.13.5/4470_disable-compat_vdso.patch b/3.13.6/4470_disable-compat_vdso.patch similarity index 100% rename from 3.13.5/4470_disable-compat_vdso.patch rename to 3.13.6/4470_disable-compat_vdso.patch diff --git a/3.13.5/4475_emutramp_default_on.patch b/3.13.6/4475_emutramp_default_on.patch similarity index 80% rename from 3.13.5/4475_emutramp_default_on.patch rename to 3.13.6/4475_emutramp_default_on.patch index 30f6978..a453a5b 100644 --- a/3.13.5/4475_emutramp_default_on.patch +++ b/3.13.6/4475_emutramp_default_on.patch @@ -13,9 +13,9 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur @@ -428,7 +428,7 @@ config PAX_EMUTRAMP - bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) -- default y if PARISC + bool "Emulate trampolines" +- default y if PARISC || GRKERNSEC_CONFIG_AUTO + default y + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) help There are some programs and libraries that for one reason or - another attempt to execute special small code snippets from diff --git a/3.2.55/0000_README b/3.2.55/0000_README index 6e1b2f5..14a043a 100644 --- a/3.2.55/0000_README +++ b/3.2.55/0000_README @@ -138,7 +138,7 @@ Patch: 1054_linux-3.2.55.patch From: http://www.kernel.org Desc: Linux 3.2.55 -Patch: 4420_grsecurity-3.0-3.2.55-201403041936.patch +Patch: 4420_grsecurity-3.0-3.2.55-201403142107.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch b/3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch similarity index 99% rename from 3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch rename to 3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch index 5a6b289..bfd99a7 100644 --- a/3.2.55/4420_grsecurity-3.0-3.2.55-201403041936.patch +++ b/3.2.55/4420_grsecurity-3.0-3.2.55-201403142107.patch @@ -3720,6 +3720,19 @@ index d46f1da..d72dc10 100644 help kexec is a system call that implements the ability to shutdown your current kernel, and to start another kernel. It is like a reboot +diff --git a/arch/mips/cavium-octeon/dma-octeon.c b/arch/mips/cavium-octeon/dma-octeon.c +index ea4feba..1960ddd 100644 +--- a/arch/mips/cavium-octeon/dma-octeon.c ++++ b/arch/mips/cavium-octeon/dma-octeon.c +@@ -189,7 +189,7 @@ static void octeon_dma_free_coherent(struct device *dev, size_t size, + if (dma_release_from_coherent(dev, order, vaddr)) + return; + +- swiotlb_free_coherent(dev, size, vaddr, dma_handle); ++ swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs); + } + + static dma_addr_t octeon_unity_phys_to_dma(struct device *dev, phys_addr_t paddr) diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h index 1d93f81..67794d0 100644 --- a/arch/mips/include/asm/atomic.h @@ -3794,6 +3807,19 @@ index 455c0ac..ad65fbe 100644 -#define arch_randomize_brk arch_randomize_brk - #endif /* _ASM_ELF_H */ +diff --git a/arch/mips/include/asm/hw_irq.h b/arch/mips/include/asm/hw_irq.h +index 9e8ef59..1139d6b 100644 +--- a/arch/mips/include/asm/hw_irq.h ++++ b/arch/mips/include/asm/hw_irq.h +@@ -10,7 +10,7 @@ + + #include + +-extern atomic_t irq_err_count; ++extern atomic_unchecked_t irq_err_count; + + /* + * interrupt-retrigger: NOP for now. This may not be appropriate for all diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h index e59cd1a..8e329d6 100644 --- a/arch/mips/include/asm/page.h @@ -3905,6 +3931,32 @@ index ff44823..97f8906 100644 #include /* +diff --git a/arch/mips/kernel/i8259.c b/arch/mips/kernel/i8259.c +index 32b397b..3a5143a 100644 +--- a/arch/mips/kernel/i8259.c ++++ b/arch/mips/kernel/i8259.c +@@ -205,7 +205,7 @@ spurious_8259A_irq: + printk(KERN_DEBUG "spurious 8259A interrupt: IRQ%d.\n", irq); + spurious_irq_mask |= irqmask; + } +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + /* + * Theoretically we do not have to handle this IRQ, + * but in Linux this does not cause problems and is +diff --git a/arch/mips/kernel/irq-gt641xx.c b/arch/mips/kernel/irq-gt641xx.c +index 883fc6c..28c0acd 100644 +--- a/arch/mips/kernel/irq-gt641xx.c ++++ b/arch/mips/kernel/irq-gt641xx.c +@@ -110,7 +110,7 @@ void gt641xx_irq_dispatch(void) + } + } + +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + } + + void __init gt641xx_irq_init(void) diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index bf128d7..bc244d6 100644 --- a/arch/mips/kernel/process.c @@ -3952,6 +4004,38 @@ index 4e6ea1f..0922422 100644 if (!(current->ptrace & PT_PTRACED)) goto out; +diff --git a/arch/mips/kernel/reset.c b/arch/mips/kernel/reset.c +index 07fc524..b9d7f28 100644 +--- a/arch/mips/kernel/reset.c ++++ b/arch/mips/kernel/reset.c +@@ -13,6 +13,7 @@ + #include + + #include ++#include + + /* + * Urgs ... Too many MIPS machines to handle this in a generic way. +@@ -29,16 +30,19 @@ void machine_restart(char *command) + { + if (_machine_restart) + _machine_restart(command); ++ BUG(); + } + + void machine_halt(void) + { + if (_machine_halt) + _machine_halt(); ++ BUG(); + } + + void machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); ++ BUG(); + } diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S index a632bc1..0b77c7c 100644 --- a/arch/mips/kernel/scall32-o32.S @@ -4033,7 +4117,7 @@ index 937cf33..adb39bb 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..3845a09 100644 +index 302d779..b8b4e97 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -4062,7 +4146,7 @@ index 302d779..3845a09 100644 vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, &addr, len, offset)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, &addr, len, offset)) return addr; } @@ -4071,7 +4155,7 @@ index 302d779..3845a09 100644 if (TASK_SIZE - len < addr) return -ENOMEM; - if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vmm, &addr, len, offset)) ++ if (check_heap_stack_gap(vma, &addr, len, offset)) return addr; addr = vma->vm_end; if (do_color_align) @@ -4083,7 +4167,7 @@ index 302d779..3845a09 100644 - if (!vma || addr <= vma->vm_start) { + addr -= len; + vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vmm, &addr, len, offset)) ++ if (check_heap_stack_gap(vma, &addr, len, offset)) { /* cache the address as a hint for next time */ - return mm->free_area_cache = addr - len; + return (mm->free_area_cache = addr); @@ -4107,7 +4191,7 @@ index 302d779..3845a09 100644 */ vma = find_vma(mm, addr); - if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (check_heap_stack_gap(vmm, &addr, len, offset)) { ++ if (check_heap_stack_gap(vma, &addr, len, offset)) { /* cache the address as a hint for next time */ return mm->free_area_cache = addr; } @@ -4186,6 +4270,95 @@ index 302d779..3845a09 100644 - - return ret; -} +diff --git a/arch/mips/pci/pci-octeon.c b/arch/mips/pci/pci-octeon.c +index ed1c542..88552ac 100644 +--- a/arch/mips/pci/pci-octeon.c ++++ b/arch/mips/pci/pci-octeon.c +@@ -335,8 +335,8 @@ static int octeon_write_config(struct pci_bus *bus, unsigned int devfn, + + + static struct pci_ops octeon_pci_ops = { +- octeon_read_config, +- octeon_write_config, ++ .read = octeon_read_config, ++ .write = octeon_write_config, + }; + + static struct resource octeon_pci_mem_resource = { +diff --git a/arch/mips/pci/pcie-octeon.c b/arch/mips/pci/pcie-octeon.c +index 0583c463..c07a38e 100644 +--- a/arch/mips/pci/pcie-octeon.c ++++ b/arch/mips/pci/pcie-octeon.c +@@ -1238,8 +1238,8 @@ static int octeon_pcie1_write_config(struct pci_bus *bus, unsigned int devfn, + } + + static struct pci_ops octeon_pcie0_ops = { +- octeon_pcie0_read_config, +- octeon_pcie0_write_config, ++ .read = octeon_pcie0_read_config, ++ .write = octeon_pcie0_write_config, + }; + + static struct resource octeon_pcie0_mem_resource = { +@@ -1259,8 +1259,8 @@ static struct pci_controller octeon_pcie0_controller = { + }; + + static struct pci_ops octeon_pcie1_ops = { +- octeon_pcie1_read_config, +- octeon_pcie1_write_config, ++ .read = octeon_pcie1_read_config, ++ .write = octeon_pcie1_write_config, + }; + + static struct resource octeon_pcie1_mem_resource = { +diff --git a/arch/mips/sni/rm200.c b/arch/mips/sni/rm200.c +index 3ab5b5d..67145ff 100644 +--- a/arch/mips/sni/rm200.c ++++ b/arch/mips/sni/rm200.c +@@ -270,7 +270,7 @@ spurious_8259A_irq: + "spurious RM200 8259A interrupt: IRQ%d.\n", irq); + spurious_irq_mask |= irqmask; + } +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + /* + * Theoretically we do not have to handle this IRQ, + * but in Linux this does not cause problems and is +diff --git a/arch/mips/vr41xx/common/icu.c b/arch/mips/vr41xx/common/icu.c +index a39ef32..98c4860 100644 +--- a/arch/mips/vr41xx/common/icu.c ++++ b/arch/mips/vr41xx/common/icu.c +@@ -653,7 +653,7 @@ static int icu_get_irq(unsigned int irq) + + printk(KERN_ERR "spurious ICU interrupt: %04x,%04x\n", pend1, pend2); + +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + + return -1; + } +diff --git a/arch/mips/vr41xx/common/irq.c b/arch/mips/vr41xx/common/irq.c +index fad2bef..6499c27 100644 +--- a/arch/mips/vr41xx/common/irq.c ++++ b/arch/mips/vr41xx/common/irq.c +@@ -65,7 +65,7 @@ static void irq_dispatch(unsigned int irq) + irq_cascade_t *cascade; + + if (irq >= NR_IRQS) { +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + return; + } + +@@ -85,7 +85,7 @@ static void irq_dispatch(unsigned int irq) + ret = cascade->get_irq(irq); + irq = ret; + if (ret < 0) +- atomic_inc(&irq_err_count); ++ atomic_inc_unchecked(&irq_err_count); + else + irq_dispatch(irq); + if (!irqd_irq_disabled(idata) && chip->irq_unmask) diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h index 967d144..db12197 100644 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h @@ -29533,7 +29706,7 @@ index 6687022..ceabcfa 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 5a5b6e4..37ccbe3 100644 +index 5a5b6e4..3cbf9b7 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -11,6 +11,7 @@ @@ -29688,7 +29861,7 @@ index 5a5b6e4..37ccbe3 100644 if (!bpf_jit_enable) return; -@@ -141,11 +239,19 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -141,11 +239,15 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -29696,10 +29869,6 @@ index 5a5b6e4..37ccbe3 100644 + if (!fp->work) + goto out; + -+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN -+ randkey = get_random_int(); -+#endif -+ /* Before first pass, make a rough estimation of addrs[] - * each bpf instruction is translated to less than 64 bytes + * each bpf instruction is translated to less than MAX_INSTR_CODE_SIZE bytes @@ -29710,6 +29879,17 @@ index 5a5b6e4..37ccbe3 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ +@@ -221,6 +323,10 @@ void bpf_jit_compile(struct sk_filter *fp) + for (i = 0; i < flen; i++) { + unsigned int K = filter[i].k; + ++#ifdef CONFIG_GRKERNSEC_JIT_HARDEN ++ randkey = prandom_u32(); ++#endif ++ + switch (filter[i].code) { + case BPF_S_ALU_ADD_X: /* A += X; */ + seen |= SEEN_XREG; @@ -253,10 +359,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) @@ -47058,7 +47238,7 @@ index 2cd0de2..0169c04 100644 struct snd_kcontrol_new kctl; char name[32]; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index 8b307b4..a97ac91 100644 +index 8b307b4..f999246 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) @@ -47082,7 +47262,7 @@ index 8b307b4..a97ac91 100644 */ #ifdef CONFIG_64BIT - atomic64_add(1, (atomic64_t *)&priv->stats.rx_dropped); -+ atomic64_unchecked_add(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped); ++ atomic64_add_unchecked(1, (atomic64_unchecked_t *)&priv->stats.rx_dropped); #else - atomic_add(1, (atomic_t *)&priv->stats.rx_dropped); + atomic_add_unchecked(1, (atomic_unchecked_t *)&priv->stats.rx_dropped); @@ -81584,10 +81764,35 @@ index e6454b6..cda5eaf 100644 static inline struct page *sk_stream_alloc_page(struct sock *sk) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index fe46019..1422c5a 100644 +index fe46019..b2e8119 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -470,7 +470,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -433,6 +433,24 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS]; + extern struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + struct ip_options *opt); + #ifdef CONFIG_SYN_COOKIES ++#include ++ ++/* Syncookies use a monotonic timer which increments every 64 seconds. ++ * This counter is used both as a hash input and partially encoded into ++ * the cookie value. A cookie is only validated further if the delta ++ * between the current counter value and the encoded one is less than this, ++ * i.e. a sent cookie is valid only at most for 128 seconds (or less if ++ * the counter advances immediately after a cookie is generated). ++ */ ++#define MAX_SYNCOOKIE_AGE 2 ++ ++static inline u32 tcp_cookie_time(void) ++{ ++ struct timespec now; ++ getnstimeofday(&now); ++ return now.tv_sec >> 6; /* 64 seconds granularity */ ++} ++ + extern __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, + __u16 *mss); + #else +@@ -470,7 +488,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -81596,7 +81801,7 @@ index fe46019..1422c5a 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -633,8 +633,8 @@ struct tcp_skb_cb { +@@ -633,8 +651,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -81607,7 +81812,7 @@ index fe46019..1422c5a 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ __u8 sacked; /* State flags for SACK/FACK. */ -@@ -647,7 +647,7 @@ struct tcp_skb_cb { +@@ -647,7 +665,7 @@ struct tcp_skb_cb { #define TCPCB_EVER_RETRANS 0x80 /* Ever retransmitted frame */ #define TCPCB_RETRANS (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS) @@ -84665,7 +84870,7 @@ index dc7bc08..4601964 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index a16dac1..3227c2c 100644 +index a16dac1..67f7981 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -64,7 +64,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -84793,7 +84998,7 @@ index a16dac1..3227c2c 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -188,6 +241,19 @@ static int ____call_usermodehelper(void *data) +@@ -188,6 +241,20 @@ static int ____call_usermodehelper(void *data) */ set_user_nice(current, 0); @@ -84803,7 +85008,8 @@ index a16dac1..3227c2c 100644 + on that copy + */ + if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) && -+ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7)) || strstr(sub_info->path, "..")) { ++ strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) && ++ strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) { + printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path); + retval = -EPERM; + goto fail; @@ -84813,7 +85019,7 @@ index a16dac1..3227c2c 100644 retval = -ENOMEM; new = prepare_kernel_cred(current); if (!new) -@@ -221,6 +287,10 @@ fail: +@@ -221,6 +288,10 @@ fail: void call_usermodehelper_freeinfo(struct subprocess_info *info) { @@ -84824,7 +85030,7 @@ index a16dac1..3227c2c 100644 if (info->cleanup) (*info->cleanup)(info); kfree(info); -@@ -265,7 +335,7 @@ static int wait_for_helper(void *data) +@@ -265,7 +336,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -84833,7 +85039,7 @@ index a16dac1..3227c2c 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -413,7 +483,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, +@@ -413,7 +484,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, goto out; INIT_WORK(&sub_info->work, __call_usermodehelper); @@ -84846,7 +85052,7 @@ index a16dac1..3227c2c 100644 sub_info->argv = argv; sub_info->envp = envp; out: -@@ -512,7 +587,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec); +@@ -512,7 +588,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -98663,6 +98869,122 @@ index 6768ce2..c682a62 100644 .init = rt_genid_init, }; +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index 8a1bed2..d41ac11 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -89,8 +89,7 @@ __u32 cookie_init_timestamp(struct request_sock *req) + + + static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport, +- __be16 dport, __u32 sseq, __u32 count, +- __u32 data) ++ __be16 dport, __u32 sseq, __u32 data) + { + /* + * Compute the secure sequence number. +@@ -102,7 +101,7 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport, + * As an extra hack, we add a small "data" value that encodes the + * MSS into the second hash value. + */ +- ++ u32 count = tcp_cookie_time(); + return (cookie_hash(saddr, daddr, sport, dport, 0, 0) + + sseq + (count << COOKIEBITS) + + ((cookie_hash(saddr, daddr, sport, dport, count, 1) + data) +@@ -114,22 +113,21 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport, + * If the syncookie is bad, the data returned will be out of + * range. This must be checked by the caller. + * +- * The count value used to generate the cookie must be within +- * "maxdiff" if the current (passed-in) "count". The return value +- * is (__u32)-1 if this test fails. ++ * The count value used to generate the cookie must be less than ++ * MAX_SYNCOOKIE_AGE minutes in the past. ++ * The return value (__u32)-1 if this test fails. + */ + static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr, +- __be16 sport, __be16 dport, __u32 sseq, +- __u32 count, __u32 maxdiff) ++ __be16 sport, __be16 dport, __u32 sseq) + { +- __u32 diff; ++ u32 diff, count = tcp_cookie_time(); + + /* Strip away the layers from the cookie */ + cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq; + + /* Cookie is now reduced to (count * 2^24) ^ (hash % 2^24) */ + diff = (count - (cookie >> COOKIEBITS)) & ((__u32) - 1 >> COOKIEBITS); +- if (diff >= maxdiff) ++ if (diff >= MAX_SYNCOOKIE_AGE) + return (__u32)-1; + + return (cookie - +@@ -138,22 +136,22 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr, + } + + /* +- * MSS Values are taken from the 2009 paper +- * 'Measuring TCP Maximum Segment Size' by S. Alcock and R. Nelson: +- * - values 1440 to 1460 accounted for 80% of observed mss values +- * - values outside the 536-1460 range are rare (<0.2%). ++ * MSS Values are chosen based on the 2011 paper ++ * 'An Analysis of TCP Maximum Segement Sizes' by S. Alcock and R. Nelson. ++ * Values .. ++ * .. lower than 536 are rare (< 0.2%) ++ * .. between 537 and 1299 account for less than < 1.5% of observed values ++ * .. in the 1300-1349 range account for about 15 to 20% of observed mss values ++ * .. exceeding 1460 are very rare (< 0.04%) + * +- * Table must be sorted. ++ * 1460 is the single most frequently announced mss value (30 to 46% depending ++ * on monitor location). Table must be sorted. + */ + static __u16 const msstab[] = { +- 64, +- 512, + 536, +- 1024, +- 1440, ++ 1300, ++ 1440, /* 1440, 1452: PPPoE */ + 1460, +- 4312, +- 8960, + }; + + /* +@@ -178,17 +176,10 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp) + + return secure_tcp_syn_cookie(iph->saddr, iph->daddr, + th->source, th->dest, ntohl(th->seq), +- jiffies / (HZ * 60), mssind); ++ mssind); + } + + /* +- * This (misnamed) value is the age of syncookie which is permitted. +- * Its ideal value should be dependent on TCP_TIMEOUT_INIT and +- * sysctl_tcp_retries1. It's a rather complicated formula (exponential +- * backoff) to compute at runtime so it's currently hardcoded here. +- */ +-#define COUNTER_TRIES 4 +-/* + * Check if a ack sequence number is a valid syncookie. + * Return the decoded mss if it is, or 0 if not. + */ +@@ -198,9 +189,7 @@ static inline int cookie_check(struct sk_buff *skb, __u32 cookie) + const struct tcphdr *th = tcp_hdr(skb); + __u32 seq = ntohl(th->seq) - 1; + __u32 mssind = check_tcp_syn_cookie(cookie, iph->saddr, iph->daddr, +- th->source, th->dest, seq, +- jiffies / (HZ * 60), +- COUNTER_TRIES); ++ th->source, th->dest, seq); + + return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0; + } diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 739b073..7ac6591 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -99508,9 +99830,18 @@ index eba5deb..61e026f 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 9a4f437..d13bf8b 100644 +index 9a4f437..d6b0d59 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c +@@ -1250,7 +1250,7 @@ int ip6_route_add(struct fib6_config *cfg) + goto out; + } + +- rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, DST_NOCOUNT); ++ rt = ip6_dst_alloc(&net->ipv6.ip6_dst_ops, NULL, (cfg->fc_flags & RTF_ADDRCONF) ? 0 : DST_NOCOUNT); + + if (rt == NULL) { + err = -ENOMEM; @@ -2808,7 +2808,7 @@ ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) @@ -99520,6 +99851,96 @@ index 9a4f437..d13bf8b 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), +diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c +index 5a0d664..0177566a 100644 +--- a/net/ipv6/syncookies.c ++++ b/net/ipv6/syncookies.c +@@ -27,26 +27,21 @@ extern __u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS]; + #define COOKIEBITS 24 /* Upper bits store count */ + #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1) + +-/* Table must be sorted. */ ++/* RFC 2460, Section 8.3: ++ * [ipv6 tcp] MSS must be computed as the maximum packet size minus 60 [..] ++ * ++ * Due to IPV6_MIN_MTU=1280 the lowest possible MSS is 1220, which allows ++ * using higher values than ipv4 tcp syncookies. ++ * The other values are chosen based on ethernet (1500 and 9k MTU), plus ++ * one that accounts for common encap (PPPoe) overhead. Table must be sorted. ++ */ + static __u16 const msstab[] = { +- 64, +- 512, +- 536, +- 1280 - 60, ++ 1280 - 60, /* IPV6_MIN_MTU - 60 */ + 1480 - 60, + 1500 - 60, +- 4460 - 60, + 9000 - 60, + }; + +-/* +- * This (misnamed) value is the age of syncookie which is permitted. +- * Its ideal value should be dependent on TCP_TIMEOUT_INIT and +- * sysctl_tcp_retries1. It's a rather complicated formula (exponential +- * backoff) to compute at runtime so it's currently hardcoded here. +- */ +-#define COUNTER_TRIES 4 +- + static inline struct sock *get_cookie_sock(struct sock *sk, struct sk_buff *skb, + struct request_sock *req, + struct dst_entry *dst) +@@ -89,8 +84,9 @@ static u32 cookie_hash(const struct in6_addr *saddr, const struct in6_addr *dadd + static __u32 secure_tcp_syn_cookie(const struct in6_addr *saddr, + const struct in6_addr *daddr, + __be16 sport, __be16 dport, __u32 sseq, +- __u32 count, __u32 data) ++ __u32 data) + { ++ u32 count = tcp_cookie_time(); + return (cookie_hash(saddr, daddr, sport, dport, 0, 0) + + sseq + (count << COOKIEBITS) + + ((cookie_hash(saddr, daddr, sport, dport, count, 1) + data) +@@ -99,15 +95,14 @@ static __u32 secure_tcp_syn_cookie(const struct in6_addr *saddr, + + static __u32 check_tcp_syn_cookie(__u32 cookie, const struct in6_addr *saddr, + const struct in6_addr *daddr, __be16 sport, +- __be16 dport, __u32 sseq, __u32 count, +- __u32 maxdiff) ++ __be16 dport, __u32 sseq) + { +- __u32 diff; ++ __u32 diff, count = tcp_cookie_time(); + + cookie -= cookie_hash(saddr, daddr, sport, dport, 0, 0) + sseq; + + diff = (count - (cookie >> COOKIEBITS)) & ((__u32) -1 >> COOKIEBITS); +- if (diff >= maxdiff) ++ if (diff >= MAX_SYNCOOKIE_AGE) + return (__u32)-1; + + return (cookie - +@@ -133,8 +128,7 @@ __u32 cookie_v6_init_sequence(struct sock *sk, const struct sk_buff *skb, __u16 + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_SYNCOOKIESSENT); + + return secure_tcp_syn_cookie(&iph->saddr, &iph->daddr, th->source, +- th->dest, ntohl(th->seq), +- jiffies / (HZ * 60), mssind); ++ th->dest, ntohl(th->seq), mssind); + } + + static inline int cookie_check(const struct sk_buff *skb, __u32 cookie) +@@ -143,8 +137,7 @@ static inline int cookie_check(const struct sk_buff *skb, __u32 cookie) + const struct tcphdr *th = tcp_hdr(skb); + __u32 seq = ntohl(th->seq) - 1; + __u32 mssind = check_tcp_syn_cookie(cookie, &iph->saddr, &iph->daddr, +- th->source, th->dest, seq, +- jiffies / (HZ * 60), COUNTER_TRIES); ++ th->source, th->dest, seq); + + return mssind < ARRAY_SIZE(msstab) ? msstab[mssind] : 0; + } diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 166a57c..dc4e6b8 100644 --- a/net/ipv6/sysctl_net_ipv6.c @@ -101828,7 +102249,7 @@ index 8da4481..d02565e 100644 + (rtt >> sctp_rto_alpha); } else { diff --git a/net/socket.c b/net/socket.c -index d4faade..1c51abc 100644 +index d4faade..002025a 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -102003,7 +102424,18 @@ index d4faade..1c51abc 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1966,7 +2032,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1884,6 +1950,10 @@ static int copy_msghdr_from_user(struct msghdr *kmsg, + { + if (copy_from_user(kmsg, umsg, sizeof(struct msghdr))) + return -EFAULT; ++ ++ if (kmsg->msg_namelen < 0) ++ return -EINVAL; ++ + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage)) + kmsg->msg_namelen = sizeof(struct sockaddr_storage); + return 0; +@@ -1966,7 +2036,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -102012,7 +102444,7 @@ index d4faade..1c51abc 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2148,7 +2214,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2148,7 +2218,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, /* Save the user-mode address (verify_iovec will change the * kernel msghdr to use the kernel address space) */ @@ -102022,7 +102454,7 @@ index d4faade..1c51abc 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) err = verify_compat_iovec(msg_sys, iov, -@@ -2792,9 +2859,9 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2792,9 +2863,9 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -102034,7 +102466,7 @@ index d4faade..1c51abc 100644 return -EFAULT; if (put_user(convert_in ? rxnfc : compat_ptr(data), -@@ -2816,12 +2883,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2816,12 +2887,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -102051,7 +102483,7 @@ index d4faade..1c51abc 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2833,12 +2900,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2833,12 +2904,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -102068,7 +102500,7 @@ index d4faade..1c51abc 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2908,14 +2975,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2908,14 +2979,14 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -102085,7 +102517,7 @@ index d4faade..1c51abc 100644 return -EFAULT; if (get_user(data, &ifr32->ifr_ifru.ifru_data)) -@@ -3017,7 +3084,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3017,7 +3088,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -102094,7 +102526,7 @@ index d4faade..1c51abc 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3122,7 +3189,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3122,7 +3193,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -102103,7 +102535,7 @@ index d4faade..1c51abc 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3362,8 +3429,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3362,8 +3433,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -102114,7 +102546,7 @@ index d4faade..1c51abc 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3383,7 +3450,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3383,7 +3454,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -103854,10 +104286,10 @@ index 38f6617..e70b72b 100755 exuberant() diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..8c5f2ab 100644 +index 51bd5a0..d4191c5 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,954 @@ +@@ -4,6 +4,955 @@ menu "Security options" @@ -104283,8 +104715,9 @@ index 51bd5a0..8c5f2ab 100644 + 3 GB. + +config PAX_EMUTRAMP -+ bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) -+ default y if PARISC ++ bool "Emulate trampolines" ++ default y if PARISC || GRKERNSEC_CONFIG_AUTO ++ depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) + help + There are some programs and libraries that for one reason or + another attempt to execute special small code snippets from @@ -104812,7 +105245,7 @@ index 51bd5a0..8c5f2ab 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +1117,7 @@ config INTEL_TXT +@@ -169,7 +1118,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX diff --git a/3.2.55/4475_emutramp_default_on.patch b/3.2.55/4475_emutramp_default_on.patch index cfde6f8..10a2580 100644 --- a/3.2.55/4475_emutramp_default_on.patch +++ b/3.2.55/4475_emutramp_default_on.patch @@ -13,9 +13,9 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur @@ -427,7 +427,7 @@ config PAX_EMUTRAMP - bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) -- default y if PARISC + bool "Emulate trampolines" +- default y if PARISC || GRKERNSEC_CONFIG_AUTO + default y + depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86) help There are some programs and libraries that for one reason or - another attempt to execute special small code snippets from