From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.18.2/, 3.2.66/, 3.14.28/
Date: Fri, 16 Jan 2015 00:29:00 +0000 (UTC) [thread overview]
Message-ID: <1421368189.44e08a97859303381577b13c0c1407626dda2195.blueness@gentoo> (raw)
commit: 44e08a97859303381577b13c0c1407626dda2195
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jan 16 00:29:49 2015 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jan 16 00:29:49 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=44e08a97
Grsec/PaX: 3.0-{3.2.66,3.14.28,3.18.2}-201501142325
---
3.14.28/0000_README | 2 +-
...4420_grsecurity-3.0-3.14.28-201501142323.patch} | 93 +++++-
3.18.2/0000_README | 2 +-
... 4420_grsecurity-3.0-3.18.2-201501142325.patch} | 340 ++++++++++++++-------
3.2.66/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.66-201501142321.patch} | 92 +++++-
6 files changed, 412 insertions(+), 119 deletions(-)
diff --git a/3.14.28/0000_README b/3.14.28/0000_README
index fd01bb1..ae1226b 100644
--- a/3.14.28/0000_README
+++ b/3.14.28/0000_README
@@ -6,7 +6,7 @@ Patch: 1027_linux-3.14.28.patch
From: http://www.kernel.org
Desc: Linux 3.14.28
-Patch: 4420_grsecurity-3.0-3.14.28-201501120819.patch
+Patch: 4420_grsecurity-3.0-3.14.28-201501142323.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.28/4420_grsecurity-3.0-3.14.28-201501120819.patch b/3.14.28/4420_grsecurity-3.0-3.14.28-201501142323.patch
similarity index 99%
rename from 3.14.28/4420_grsecurity-3.0-3.14.28-201501120819.patch
rename to 3.14.28/4420_grsecurity-3.0-3.14.28-201501142323.patch
index 2e17d75..7a014f0 100644
--- a/3.14.28/4420_grsecurity-3.0-3.14.28-201501120819.patch
+++ b/3.14.28/4420_grsecurity-3.0-3.14.28-201501142323.patch
@@ -51781,7 +51781,7 @@ index 236ed66..dd9cd74 100644
goto err_busy;
}
diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 7a6d85e..4c55a18 100644
+index 7a6d85e..1304fbe 100644
--- a/drivers/staging/line6/driver.c
+++ b/drivers/staging/line6/driver.c
@@ -458,7 +458,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -51832,6 +51832,89 @@ index 7a6d85e..4c55a18 100644
/* receive the result: */
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -515,7 +522,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char status;
++ unsigned char *status;
+
+ ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -528,26 +535,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ return ret;
+ }
+
++ status = kmalloc(1, GFP_KERNEL);
++ if (status == NULL)
++ return -ENOMEM;
++
+ do {
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+ 0x0012, 0x0000,
+- &status, 1, LINE6_TIMEOUT * HZ);
++ status, 1, LINE6_TIMEOUT * HZ);
+
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receiving status failed (error %d)\n", ret);
++ kfree(status);
+ return ret;
+ }
+- } while (status == 0xff);
++ } while (*status == 0xff);
+
+- if (status != 0) {
++ if (*status != 0) {
+ dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++ kfree(status);
+ return -EINVAL;
+ }
+
++ kfree(status);
++
+ return 0;
+ }
+
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index af2e7e5..e558d65 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+
+ #include "audio.h"
+@@ -304,14 +305,20 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+- int ticks;
++ int *ticks;
+ struct usb_line6 *line6 = &toneport->line6;
+ struct usb_device *usbdev = line6->usbdev;
+ u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+
++ ticks = kmalloc(sizeof(int), GFP_KERNEL);
++ if (ticks == NULL)
++ return;
++
+ /* sync time on device with host: */
+- ticks = (int)get_seconds();
+- line6_write_data(line6, 0x80c6, &ticks, 4);
++ *ticks = (int)get_seconds();
++ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++ kfree(ticks);
+
+ /* enable device: */
+ toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
index 3f8020c..649fded 100644
--- a/drivers/staging/lustre/lnet/selftest/brw_test.c
@@ -73265,10 +73348,10 @@ index 0000000..ca25605
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
-index 0000000..a89b1f4
+index 0000000..4c7e00a
--- /dev/null
+++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,437 @@
+@@ -0,0 +1,439 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
@@ -73701,7 +73784,9 @@ index 0000000..a89b1f4
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
-+ if (task != current && task->acl->mode & GR_PROTPROCFD)
++ if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++ !(current->acl->mode & GR_POVERRIDE) &&
++ !(current->role->roletype & GR_ROLE_GOD))
+ return -EACCES;
+
+ return 0;
diff --git a/3.18.2/0000_README b/3.18.2/0000_README
index a8cc951..2c74448 100644
--- a/3.18.2/0000_README
+++ b/3.18.2/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.18.2-201501120821.patch
+Patch: 4420_grsecurity-3.0-3.18.2-201501142325.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.18.2/4420_grsecurity-3.0-3.18.2-201501120821.patch b/3.18.2/4420_grsecurity-3.0-3.18.2-201501142325.patch
similarity index 99%
rename from 3.18.2/4420_grsecurity-3.0-3.18.2-201501120821.patch
rename to 3.18.2/4420_grsecurity-3.0-3.18.2-201501142325.patch
index 7f13fdf..462cdbf 100644
--- a/3.18.2/4420_grsecurity-3.0-3.18.2-201501120821.patch
+++ b/3.18.2/4420_grsecurity-3.0-3.18.2-201501142325.patch
@@ -962,7 +962,7 @@ index 89c4b5c..847a7be 100644
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index e22c119..8fa9957 100644
+index e22c119..eaa807d 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -18,17 +18,41 @@
@@ -1363,7 +1363,7 @@ index e22c119..8fa9957 100644
+#define ATOMIC64_OP(op, op1, op2) __ATOMIC64_OP(op, , op1, op2, , ) \
+ __ATOMIC64_OP(op, _unchecked, op1, op2##s, __OVERFLOW_POST, __OVERFLOW_EXTABLE)
+
-+#define __ATOMIC64_OP_RETURN(op, op1, op2, post_op, extable) \
++#define __ATOMIC64_OP_RETURN(op, suffix, op1, op2, post_op, extable) \
+static inline long long atomic64_##op##_return##suffix(long long i, atomic64##suffix##_t *v) \
{ \
long long result; \
@@ -22268,10 +22268,10 @@ index 01d1c18..8073693 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 344b63f..ccdac7a 100644
+index 344b63f..55adf14 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
-@@ -177,13 +177,153 @@
+@@ -177,13 +177,154 @@
/*CFI_REL_OFFSET gs, PT_GS*/
.endm
.macro SET_KERNEL_GS reg
@@ -22400,6 +22400,7 @@ index 344b63f..ccdac7a 100644
+ jne 1b
+
+2: cld
++ or $2*4, %edi
+ mov %esp, %ecx
+ sub %edi, %ecx
+
@@ -22426,7 +22427,7 @@ index 344b63f..ccdac7a 100644
cld
PUSH_GS
pushl_cfi %fs
-@@ -206,7 +346,7 @@
+@@ -206,7 +347,7 @@
CFI_REL_OFFSET ecx, 0
pushl_cfi %ebx
CFI_REL_OFFSET ebx, 0
@@ -22435,7 +22436,7 @@ index 344b63f..ccdac7a 100644
movl %edx, %ds
movl %edx, %es
movl $(__KERNEL_PERCPU), %edx
-@@ -214,6 +354,15 @@
+@@ -214,6 +355,15 @@
SET_KERNEL_GS %edx
.endm
@@ -22451,7 +22452,7 @@ index 344b63f..ccdac7a 100644
.macro RESTORE_INT_REGS
popl_cfi %ebx
CFI_RESTORE ebx
-@@ -297,7 +446,7 @@ ENTRY(ret_from_fork)
+@@ -297,7 +447,7 @@ ENTRY(ret_from_fork)
popfl_cfi
jmp syscall_exit
CFI_ENDPROC
@@ -22460,7 +22461,7 @@ index 344b63f..ccdac7a 100644
ENTRY(ret_from_kernel_thread)
CFI_STARTPROC
-@@ -340,7 +489,15 @@ ret_from_intr:
+@@ -340,7 +490,15 @@ ret_from_intr:
andl $SEGMENT_RPL_MASK, %eax
#endif
cmpl $USER_RPL, %eax
@@ -22476,7 +22477,7 @@ index 344b63f..ccdac7a 100644
ENTRY(resume_userspace)
LOCKDEP_SYS_EXIT
-@@ -352,8 +509,8 @@ ENTRY(resume_userspace)
+@@ -352,8 +510,8 @@ ENTRY(resume_userspace)
andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
# int/exception return?
jne work_pending
@@ -22487,7 +22488,7 @@ index 344b63f..ccdac7a 100644
#ifdef CONFIG_PREEMPT
ENTRY(resume_kernel)
-@@ -365,7 +522,7 @@ need_resched:
+@@ -365,7 +523,7 @@ need_resched:
jz restore_all
call preempt_schedule_irq
jmp need_resched
@@ -22496,7 +22497,7 @@ index 344b63f..ccdac7a 100644
#endif
CFI_ENDPROC
-@@ -395,30 +552,45 @@ sysenter_past_esp:
+@@ -395,30 +553,45 @@ sysenter_past_esp:
/*CFI_REL_OFFSET cs, 0*/
/*
* Push current_thread_info()->sysenter_return to the stack.
@@ -22545,7 +22546,7 @@ index 344b63f..ccdac7a 100644
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz sysenter_audit
sysenter_do_call:
-@@ -434,12 +606,24 @@ sysenter_after_call:
+@@ -434,12 +607,24 @@ sysenter_after_call:
testl $_TIF_ALLWORK_MASK, %ecx
jne sysexit_audit
sysenter_exit:
@@ -22570,7 +22571,7 @@ index 344b63f..ccdac7a 100644
PTGS_TO_GS
ENABLE_INTERRUPTS_SYSEXIT
-@@ -453,6 +637,9 @@ sysenter_audit:
+@@ -453,6 +638,9 @@ sysenter_audit:
pushl_cfi PT_ESI(%esp) /* a3: 5th arg */
pushl_cfi PT_EDX+4(%esp) /* a2: 4th arg */
call __audit_syscall_entry
@@ -22580,7 +22581,7 @@ index 344b63f..ccdac7a 100644
popl_cfi %ecx /* get that remapped edx off the stack */
popl_cfi %ecx /* get that remapped esi off the stack */
movl PT_EAX(%esp),%eax /* reload syscall number */
-@@ -479,10 +666,16 @@ sysexit_audit:
+@@ -479,10 +667,16 @@ sysexit_audit:
CFI_ENDPROC
.pushsection .fixup,"ax"
@@ -22599,7 +22600,7 @@ index 344b63f..ccdac7a 100644
PTGS_TO_GS_EX
ENDPROC(ia32_sysenter_target)
-@@ -493,6 +686,11 @@ ENTRY(system_call)
+@@ -493,6 +687,11 @@ ENTRY(system_call)
pushl_cfi %eax # save orig_eax
SAVE_ALL
GET_THREAD_INFO(%ebp)
@@ -22611,7 +22612,7 @@ index 344b63f..ccdac7a 100644
# system call tracing in operation / emulation
testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
jnz syscall_trace_entry
-@@ -512,6 +710,15 @@ syscall_exit:
+@@ -512,6 +711,15 @@ syscall_exit:
testl $_TIF_ALLWORK_MASK, %ecx # current->work
jne syscall_exit_work
@@ -22627,7 +22628,7 @@ index 344b63f..ccdac7a 100644
restore_all:
TRACE_IRQS_IRET
restore_all_notrace:
-@@ -566,14 +773,34 @@ ldt_ss:
+@@ -566,14 +774,34 @@ ldt_ss:
* compensating for the offset by changing to the ESPFIX segment with
* a base address that matches for the difference.
*/
@@ -22665,7 +22666,7 @@ index 344b63f..ccdac7a 100644
pushl_cfi $__ESPFIX_SS
pushl_cfi %eax /* new kernel esp */
/* Disable interrupts, but do not irqtrace this section: we
-@@ -603,20 +830,18 @@ work_resched:
+@@ -603,20 +831,18 @@ work_resched:
movl TI_flags(%ebp), %ecx
andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
# than syscall tracing?
@@ -22688,7 +22689,7 @@ index 344b63f..ccdac7a 100644
#endif
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -637,7 +862,7 @@ work_notifysig_v86:
+@@ -637,7 +863,7 @@ work_notifysig_v86:
movl %eax, %esp
jmp 1b
#endif
@@ -22697,7 +22698,7 @@ index 344b63f..ccdac7a 100644
# perform syscall exit tracing
ALIGN
-@@ -645,11 +870,14 @@ syscall_trace_entry:
+@@ -645,11 +871,14 @@ syscall_trace_entry:
movl $-ENOSYS,PT_EAX(%esp)
movl %esp, %eax
call syscall_trace_enter
@@ -22713,7 +22714,7 @@ index 344b63f..ccdac7a 100644
# perform syscall exit tracing
ALIGN
-@@ -662,26 +890,30 @@ syscall_exit_work:
+@@ -662,26 +891,30 @@ syscall_exit_work:
movl %esp, %eax
call syscall_trace_leave
jmp resume_userspace
@@ -22748,7 +22749,7 @@ index 344b63f..ccdac7a 100644
CFI_ENDPROC
.macro FIXUP_ESPFIX_STACK
-@@ -694,8 +926,15 @@ END(sysenter_badsys)
+@@ -694,8 +927,15 @@ END(sysenter_badsys)
*/
#ifdef CONFIG_X86_ESPFIX32
/* fixup the stack */
@@ -22766,7 +22767,7 @@ index 344b63f..ccdac7a 100644
shl $16, %eax
addl %esp, %eax /* the adjusted stack pointer */
pushl_cfi $__KERNEL_DS
-@@ -751,7 +990,7 @@ vector=vector+1
+@@ -751,7 +991,7 @@ vector=vector+1
.endr
2: jmp common_interrupt
.endr
@@ -22775,7 +22776,7 @@ index 344b63f..ccdac7a 100644
.previous
END(interrupt)
-@@ -808,7 +1047,7 @@ ENTRY(coprocessor_error)
+@@ -808,7 +1048,7 @@ ENTRY(coprocessor_error)
pushl_cfi $do_coprocessor_error
jmp error_code
CFI_ENDPROC
@@ -22784,7 +22785,7 @@ index 344b63f..ccdac7a 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
-@@ -821,7 +1060,7 @@ ENTRY(simd_coprocessor_error)
+@@ -821,7 +1061,7 @@ ENTRY(simd_coprocessor_error)
.section .altinstructions,"a"
altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
.previous
@@ -22793,7 +22794,7 @@ index 344b63f..ccdac7a 100644
663: pushl $do_simd_coprocessor_error
664:
.previous
-@@ -830,7 +1069,7 @@ ENTRY(simd_coprocessor_error)
+@@ -830,7 +1070,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
CFI_ENDPROC
@@ -22802,7 +22803,7 @@ index 344b63f..ccdac7a 100644
ENTRY(device_not_available)
RING0_INT_FRAME
-@@ -839,18 +1078,18 @@ ENTRY(device_not_available)
+@@ -839,18 +1079,18 @@ ENTRY(device_not_available)
pushl_cfi $do_device_not_available
jmp error_code
CFI_ENDPROC
@@ -22824,7 +22825,7 @@ index 344b63f..ccdac7a 100644
#endif
ENTRY(overflow)
-@@ -860,7 +1099,7 @@ ENTRY(overflow)
+@@ -860,7 +1100,7 @@ ENTRY(overflow)
pushl_cfi $do_overflow
jmp error_code
CFI_ENDPROC
@@ -22833,7 +22834,7 @@ index 344b63f..ccdac7a 100644
ENTRY(bounds)
RING0_INT_FRAME
-@@ -869,7 +1108,7 @@ ENTRY(bounds)
+@@ -869,7 +1109,7 @@ ENTRY(bounds)
pushl_cfi $do_bounds
jmp error_code
CFI_ENDPROC
@@ -22842,7 +22843,7 @@ index 344b63f..ccdac7a 100644
ENTRY(invalid_op)
RING0_INT_FRAME
-@@ -878,7 +1117,7 @@ ENTRY(invalid_op)
+@@ -878,7 +1118,7 @@ ENTRY(invalid_op)
pushl_cfi $do_invalid_op
jmp error_code
CFI_ENDPROC
@@ -22851,7 +22852,7 @@ index 344b63f..ccdac7a 100644
ENTRY(coprocessor_segment_overrun)
RING0_INT_FRAME
-@@ -887,7 +1126,7 @@ ENTRY(coprocessor_segment_overrun)
+@@ -887,7 +1127,7 @@ ENTRY(coprocessor_segment_overrun)
pushl_cfi $do_coprocessor_segment_overrun
jmp error_code
CFI_ENDPROC
@@ -22860,7 +22861,7 @@ index 344b63f..ccdac7a 100644
ENTRY(invalid_TSS)
RING0_EC_FRAME
-@@ -895,7 +1134,7 @@ ENTRY(invalid_TSS)
+@@ -895,7 +1135,7 @@ ENTRY(invalid_TSS)
pushl_cfi $do_invalid_TSS
jmp error_code
CFI_ENDPROC
@@ -22869,7 +22870,7 @@ index 344b63f..ccdac7a 100644
ENTRY(segment_not_present)
RING0_EC_FRAME
-@@ -903,7 +1142,7 @@ ENTRY(segment_not_present)
+@@ -903,7 +1143,7 @@ ENTRY(segment_not_present)
pushl_cfi $do_segment_not_present
jmp error_code
CFI_ENDPROC
@@ -22878,7 +22879,7 @@ index 344b63f..ccdac7a 100644
ENTRY(stack_segment)
RING0_EC_FRAME
-@@ -911,7 +1150,7 @@ ENTRY(stack_segment)
+@@ -911,7 +1151,7 @@ ENTRY(stack_segment)
pushl_cfi $do_stack_segment
jmp error_code
CFI_ENDPROC
@@ -22887,7 +22888,7 @@ index 344b63f..ccdac7a 100644
ENTRY(alignment_check)
RING0_EC_FRAME
-@@ -919,7 +1158,7 @@ ENTRY(alignment_check)
+@@ -919,7 +1159,7 @@ ENTRY(alignment_check)
pushl_cfi $do_alignment_check
jmp error_code
CFI_ENDPROC
@@ -22896,7 +22897,7 @@ index 344b63f..ccdac7a 100644
ENTRY(divide_error)
RING0_INT_FRAME
-@@ -928,7 +1167,7 @@ ENTRY(divide_error)
+@@ -928,7 +1168,7 @@ ENTRY(divide_error)
pushl_cfi $do_divide_error
jmp error_code
CFI_ENDPROC
@@ -22905,7 +22906,7 @@ index 344b63f..ccdac7a 100644
#ifdef CONFIG_X86_MCE
ENTRY(machine_check)
-@@ -938,7 +1177,7 @@ ENTRY(machine_check)
+@@ -938,7 +1178,7 @@ ENTRY(machine_check)
pushl_cfi machine_check_vector
jmp error_code
CFI_ENDPROC
@@ -22914,7 +22915,7 @@ index 344b63f..ccdac7a 100644
#endif
ENTRY(spurious_interrupt_bug)
-@@ -948,7 +1187,7 @@ ENTRY(spurious_interrupt_bug)
+@@ -948,7 +1188,7 @@ ENTRY(spurious_interrupt_bug)
pushl_cfi $do_spurious_interrupt_bug
jmp error_code
CFI_ENDPROC
@@ -22923,7 +22924,7 @@ index 344b63f..ccdac7a 100644
#ifdef CONFIG_XEN
/* Xen doesn't set %esp to be precisely what the normal sysenter
-@@ -1054,7 +1293,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
+@@ -1054,7 +1294,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR,
ENTRY(mcount)
ret
@@ -22932,7 +22933,7 @@ index 344b63f..ccdac7a 100644
ENTRY(ftrace_caller)
pushl %eax
-@@ -1084,7 +1323,7 @@ ftrace_graph_call:
+@@ -1084,7 +1324,7 @@ ftrace_graph_call:
.globl ftrace_stub
ftrace_stub:
ret
@@ -22941,7 +22942,7 @@ index 344b63f..ccdac7a 100644
ENTRY(ftrace_regs_caller)
pushf /* push flags before compare (in cs location) */
-@@ -1182,7 +1421,7 @@ trace:
+@@ -1182,7 +1422,7 @@ trace:
popl %ecx
popl %eax
jmp ftrace_stub
@@ -22950,7 +22951,7 @@ index 344b63f..ccdac7a 100644
#endif /* CONFIG_DYNAMIC_FTRACE */
#endif /* CONFIG_FUNCTION_TRACER */
-@@ -1200,7 +1439,7 @@ ENTRY(ftrace_graph_caller)
+@@ -1200,7 +1440,7 @@ ENTRY(ftrace_graph_caller)
popl %ecx
popl %eax
ret
@@ -22959,7 +22960,7 @@ index 344b63f..ccdac7a 100644
.globl return_to_handler
return_to_handler:
-@@ -1261,15 +1500,18 @@ error_code:
+@@ -1261,15 +1501,18 @@ error_code:
movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
REG_TO_PTGS %ecx
SET_KERNEL_GS %ecx
@@ -22980,7 +22981,7 @@ index 344b63f..ccdac7a 100644
/*
* Debug traps and NMI can happen at the one SYSENTER instruction
-@@ -1312,7 +1554,7 @@ debug_stack_correct:
+@@ -1312,7 +1555,7 @@ debug_stack_correct:
call do_debug
jmp ret_from_exception
CFI_ENDPROC
@@ -22989,7 +22990,7 @@ index 344b63f..ccdac7a 100644
/*
* NMI is doubly nasty. It can happen _while_ we're handling
-@@ -1352,6 +1594,9 @@ nmi_stack_correct:
+@@ -1352,6 +1595,9 @@ nmi_stack_correct:
xorl %edx,%edx # zero error code
movl %esp,%eax # pt_regs pointer
call do_nmi
@@ -22999,7 +23000,7 @@ index 344b63f..ccdac7a 100644
jmp restore_all_notrace
CFI_ENDPROC
-@@ -1389,13 +1634,16 @@ nmi_espfix_stack:
+@@ -1389,13 +1635,16 @@ nmi_espfix_stack:
FIXUP_ESPFIX_STACK # %eax == %esp
xorl %edx,%edx # zero error code
call do_nmi
@@ -23017,7 +23018,7 @@ index 344b63f..ccdac7a 100644
ENTRY(int3)
RING0_INT_FRAME
-@@ -1408,14 +1656,14 @@ ENTRY(int3)
+@@ -1408,14 +1657,14 @@ ENTRY(int3)
call do_int3
jmp ret_from_exception
CFI_ENDPROC
@@ -23034,7 +23035,7 @@ index 344b63f..ccdac7a 100644
#ifdef CONFIG_KVM_GUEST
ENTRY(async_page_fault)
-@@ -1424,6 +1672,6 @@ ENTRY(async_page_fault)
+@@ -1424,6 +1673,6 @@ ENTRY(async_page_fault)
pushl_cfi $do_async_page_fault
jmp error_code
CFI_ENDPROC
@@ -23043,7 +23044,7 @@ index 344b63f..ccdac7a 100644
#endif
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c0226ab..96a8ab7 100644
+index c0226ab..0d1dc48 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -23055,7 +23056,7 @@ index c0226ab..96a8ab7 100644
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
-@@ -81,6 +83,430 @@ ENTRY(native_usergs_sysret64)
+@@ -81,6 +83,431 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -23460,6 +23461,7 @@ index c0226ab..96a8ab7 100644
+ jne 1b
+
+2: cld
++ or $2*8, %rdi
+ mov %esp, %ecx
+ sub %edi, %ecx
+
@@ -23486,7 +23488,7 @@ index c0226ab..96a8ab7 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -117,7 +543,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -117,7 +544,7 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
@@ -23495,7 +23497,7 @@ index c0226ab..96a8ab7 100644
jnc 1f
TRACE_IRQS_ON_DEBUG
1:
-@@ -155,27 +581,6 @@ ENDPROC(native_usergs_sysret64)
+@@ -155,27 +582,6 @@ ENDPROC(native_usergs_sysret64)
movq \tmp,R11+\offset(%rsp)
.endm
@@ -23523,7 +23525,7 @@ index c0226ab..96a8ab7 100644
/*
* initial frame state for interrupts (and exceptions without error code)
*/
-@@ -241,25 +646,26 @@ ENDPROC(native_usergs_sysret64)
+@@ -241,25 +647,26 @@ ENDPROC(native_usergs_sysret64)
/* save partial stack frame */
.macro SAVE_ARGS_IRQ
cld
@@ -23563,7 +23565,7 @@ index c0226ab..96a8ab7 100644
je 1f
SWAPGS
/*
-@@ -279,6 +685,18 @@ ENDPROC(native_usergs_sysret64)
+@@ -279,6 +686,18 @@ ENDPROC(native_usergs_sysret64)
0x06 /* DW_OP_deref */, \
0x08 /* DW_OP_const1u */, SS+8-RBP, \
0x22 /* DW_OP_plus */
@@ -23582,7 +23584,7 @@ index c0226ab..96a8ab7 100644
/* We entered an interrupt context - irqs are off: */
TRACE_IRQS_OFF
.endm
-@@ -308,9 +726,52 @@ ENTRY(save_paranoid)
+@@ -308,9 +727,52 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -23637,7 +23639,7 @@ index c0226ab..96a8ab7 100644
/*
* A newly forked process directly context switches into this address.
-@@ -331,7 +792,7 @@ ENTRY(ret_from_fork)
+@@ -331,7 +793,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -23646,7 +23648,7 @@ index c0226ab..96a8ab7 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -341,15 +802,13 @@ ENTRY(ret_from_fork)
+@@ -341,15 +803,13 @@ ENTRY(ret_from_fork)
jmp ret_from_sys_call # go to the SYSRET fastpath
1:
@@ -23663,7 +23665,7 @@ index c0226ab..96a8ab7 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -386,7 +845,7 @@ END(ret_from_fork)
+@@ -386,7 +846,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -23672,7 +23674,7 @@ index c0226ab..96a8ab7 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -399,16 +858,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -399,16 +859,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -23698,7 +23700,7 @@ index c0226ab..96a8ab7 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -432,10 +898,13 @@ sysret_check:
+@@ -432,10 +899,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -23713,7 +23715,7 @@ index c0226ab..96a8ab7 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -494,12 +963,15 @@ sysret_audit:
+@@ -494,12 +964,15 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
@@ -23731,7 +23733,7 @@ index c0226ab..96a8ab7 100644
jmp system_call_fastpath /* and return to the fast path */
tracesys_phase2:
-@@ -510,12 +982,14 @@ tracesys_phase2:
+@@ -510,12 +983,14 @@ tracesys_phase2:
movq %rax,%rdx
call syscall_trace_enter_phase2
@@ -23747,7 +23749,7 @@ index c0226ab..96a8ab7 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -545,7 +1019,9 @@ GLOBAL(int_with_check)
+@@ -545,7 +1020,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -23758,7 +23760,7 @@ index c0226ab..96a8ab7 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -591,7 +1067,7 @@ int_restore_rest:
+@@ -591,7 +1068,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -23767,7 +23769,7 @@ index c0226ab..96a8ab7 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -604,9 +1080,10 @@ ENTRY(stub_\func)
+@@ -604,9 +1081,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -23780,7 +23782,7 @@ index c0226ab..96a8ab7 100644
.endm
.macro FIXED_FRAME label,func
-@@ -616,9 +1093,10 @@ ENTRY(\label)
+@@ -616,9 +1094,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -23792,7 +23794,7 @@ index c0226ab..96a8ab7 100644
.endm
FORK_LIKE clone
-@@ -626,19 +1104,6 @@ END(\label)
+@@ -626,19 +1105,6 @@ END(\label)
FORK_LIKE vfork
FIXED_FRAME stub_iopl, sys_iopl
@@ -23812,7 +23814,7 @@ index c0226ab..96a8ab7 100644
ENTRY(stub_execve)
CFI_STARTPROC
addq $8, %rsp
-@@ -650,7 +1115,7 @@ ENTRY(stub_execve)
+@@ -650,7 +1116,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23821,7 +23823,7 @@ index c0226ab..96a8ab7 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -667,7 +1132,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -667,7 +1133,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23830,7 +23832,7 @@ index c0226ab..96a8ab7 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -681,7 +1146,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -681,7 +1147,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23839,7 +23841,7 @@ index c0226ab..96a8ab7 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -695,7 +1160,7 @@ ENTRY(stub_x32_execve)
+@@ -695,7 +1161,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -23848,7 +23850,7 @@ index c0226ab..96a8ab7 100644
#endif
-@@ -732,7 +1197,7 @@ vector=vector+1
+@@ -732,7 +1198,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -23857,7 +23859,7 @@ index c0226ab..96a8ab7 100644
.previous
END(interrupt)
-@@ -749,8 +1214,8 @@ END(interrupt)
+@@ -749,8 +1215,8 @@ END(interrupt)
/* 0(%rsp): ~(interrupt number) */
.macro interrupt func
/* reserve pt_regs for scratch regs and rbp */
@@ -23868,7 +23870,7 @@ index c0226ab..96a8ab7 100644
SAVE_ARGS_IRQ
call \func
.endm
-@@ -773,14 +1238,14 @@ ret_from_intr:
+@@ -773,14 +1239,14 @@ ret_from_intr:
/* Restore saved previous stack */
popq %rsi
@@ -23887,7 +23889,7 @@ index c0226ab..96a8ab7 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -802,12 +1267,35 @@ retint_swapgs: /* return to user-space */
+@@ -802,12 +1268,35 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -23923,7 +23925,7 @@ index c0226ab..96a8ab7 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -845,15 +1333,15 @@ native_irq_return_ldt:
+@@ -845,15 +1334,15 @@ native_irq_return_ldt:
SWAPGS
movq PER_CPU_VAR(espfix_waddr),%rdi
movq %rax,(0*8)(%rdi) /* RAX */
@@ -23944,7 +23946,7 @@ index c0226ab..96a8ab7 100644
movq %rax,(4*8)(%rdi)
andl $0xffff0000,%eax
popq_cfi %rdi
-@@ -907,7 +1395,7 @@ ENTRY(retint_kernel)
+@@ -907,7 +1396,7 @@ ENTRY(retint_kernel)
jmp exit_intr
#endif
CFI_ENDPROC
@@ -23953,7 +23955,7 @@ index c0226ab..96a8ab7 100644
/*
* APIC interrupts.
-@@ -921,7 +1409,7 @@ ENTRY(\sym)
+@@ -921,7 +1410,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -23962,7 +23964,7 @@ index c0226ab..96a8ab7 100644
.endm
#ifdef CONFIG_TRACING
-@@ -994,7 +1482,7 @@ apicinterrupt IRQ_WORK_VECTOR \
+@@ -994,7 +1483,7 @@ apicinterrupt IRQ_WORK_VECTOR \
/*
* Exception entry points.
*/
@@ -23971,7 +23973,7 @@ index c0226ab..96a8ab7 100644
.macro idtentry sym do_sym has_error_code:req paranoid=0 shift_ist=-1
ENTRY(\sym)
-@@ -1045,6 +1533,12 @@ ENTRY(\sym)
+@@ -1045,6 +1534,12 @@ ENTRY(\sym)
.endif
.if \shift_ist != -1
@@ -23984,7 +23986,7 @@ index c0226ab..96a8ab7 100644
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\shift_ist)
.endif
-@@ -1061,7 +1555,7 @@ ENTRY(\sym)
+@@ -1061,7 +1556,7 @@ ENTRY(\sym)
.endif
CFI_ENDPROC
@@ -23993,7 +23995,7 @@ index c0226ab..96a8ab7 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1102,9 +1596,10 @@ gs_change:
+@@ -1102,9 +1597,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -24005,7 +24007,7 @@ index c0226ab..96a8ab7 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1132,9 +1627,10 @@ ENTRY(do_softirq_own_stack)
+@@ -1132,9 +1628,10 @@ ENTRY(do_softirq_own_stack)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -24017,7 +24019,7 @@ index c0226ab..96a8ab7 100644
#ifdef CONFIG_XEN
idtentry xen_hypervisor_callback xen_do_hypervisor_callback has_error_code=0
-@@ -1172,7 +1668,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1172,7 +1669,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -24026,7 +24028,7 @@ index c0226ab..96a8ab7 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1231,7 +1727,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1231,7 +1728,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -24035,7 +24037,7 @@ index c0226ab..96a8ab7 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1278,18 +1774,33 @@ ENTRY(paranoid_exit)
+@@ -1278,18 +1775,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -24071,7 +24073,7 @@ index c0226ab..96a8ab7 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1318,7 +1829,7 @@ paranoid_schedule:
+@@ -1318,7 +1830,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -24080,7 +24082,7 @@ index c0226ab..96a8ab7 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1345,12 +1856,23 @@ ENTRY(error_entry)
+@@ -1345,12 +1857,23 @@ ENTRY(error_entry)
movq %r14, R14+8(%rsp)
movq %r15, R15+8(%rsp)
xorl %ebx,%ebx
@@ -24105,7 +24107,7 @@ index c0226ab..96a8ab7 100644
ret
/*
-@@ -1385,7 +1907,7 @@ error_bad_iret:
+@@ -1385,7 +1908,7 @@ error_bad_iret:
decl %ebx /* Return to usergs */
jmp error_sti
CFI_ENDPROC
@@ -24114,7 +24116,7 @@ index c0226ab..96a8ab7 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1396,7 +1918,7 @@ ENTRY(error_exit)
+@@ -1396,7 +1919,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -24123,7 +24125,7 @@ index c0226ab..96a8ab7 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1405,7 +1927,7 @@ ENTRY(error_exit)
+@@ -1405,7 +1928,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -24132,7 +24134,7 @@ index c0226ab..96a8ab7 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1463,9 +1985,11 @@ ENTRY(nmi)
+@@ -1463,9 +1986,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -24145,7 +24147,7 @@ index c0226ab..96a8ab7 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1499,8 +2023,7 @@ nested_nmi:
+@@ -1499,8 +2024,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -24155,7 +24157,7 @@ index c0226ab..96a8ab7 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1518,6 +2041,7 @@ nested_nmi_out:
+@@ -1518,6 +2042,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -24163,7 +24165,7 @@ index c0226ab..96a8ab7 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1614,13 +2138,13 @@ end_repeat_nmi:
+@@ -1614,13 +2139,13 @@ end_repeat_nmi:
subq $ORIG_RAX-R15, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
/*
@@ -24179,7 +24181,7 @@ index c0226ab..96a8ab7 100644
DEFAULT_FRAME 0
/*
-@@ -1630,9 +2154,9 @@ end_repeat_nmi:
+@@ -1630,9 +2155,9 @@ end_repeat_nmi:
* NMI itself takes a page fault, the page fault that was preempted
* will read the information from the NMI page fault and not the
* origin fault. Save it off and restore it if it changes.
@@ -24191,7 +24193,7 @@ index c0226ab..96a8ab7 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
-@@ -1641,29 +2165,34 @@ end_repeat_nmi:
+@@ -1641,29 +2166,34 @@ end_repeat_nmi:
/* Did the NMI take a page fault? Restore cr2 if it did */
movq %cr2, %rcx
@@ -26555,7 +26557,7 @@ index e127dda..94e384d 100644
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index 8f3ebfe..e6ced5a 100644
+index 8f3ebfe..cbc731b 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -64,6 +64,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
@@ -26600,7 +26602,7 @@ index 8f3ebfe..e6ced5a 100644
p->thread.sp = (unsigned long) childregs;
p->thread.sp0 = (unsigned long) (childregs+1);
-+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
if (unlikely(p->flags & PF_KTHREAD)) {
@@ -26664,7 +26666,7 @@ index 8f3ebfe..e6ced5a 100644
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 5a2c029..a7f67d3 100644
+index 5a2c029..ec8611d 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
@@ -158,10 +158,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
@@ -26676,7 +26678,7 @@ index 5a2c029..a7f67d3 100644
childregs = task_pt_regs(p);
p->thread.sp = (unsigned long) childregs;
p->thread.usersp = me->thread.usersp;
-+ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p);
++ p->tinfo.lowest_stack = (unsigned long)task_stack_page(p) + 2 * sizeof(unsigned long);
set_tsk_thread_flag(p, TIF_FORK);
p->thread.io_bitmap_ptr = NULL;
@@ -37569,7 +37571,7 @@ index 472168c..4af587e 100644
static ssize_t show_node_state(struct device *dev,
struct device_attribute *attr, char *buf)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index fb83d4a..4aa50ec 100644
+index fb83d4a..e1797b3 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -1725,7 +1725,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
@@ -37590,6 +37592,17 @@ index fb83d4a..4aa50ec 100644
int ret = 0;
if (IS_ERR_OR_NULL(genpd))
+@@ -2215,7 +2215,9 @@ int genpd_dev_pm_attach(struct device *dev)
+ return ret;
+ }
+
+- dev->pm_domain->detach = genpd_dev_pm_detach;
++ pax_open_kernel();
++ *(void **)&dev->pm_domain->detach = genpd_dev_pm_detach;
++ pax_close_kernel();
+
+ return 0;
+ }
diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
index a9d26ed..74b8405 100644
--- a/drivers/base/power/sysfs.c
@@ -40090,6 +40103,19 @@ index 3784e81..73637b5 100644
static struct {
spinlock_t lock;
+diff --git a/drivers/gpio/gpio-omap.c b/drivers/gpio/gpio-omap.c
+index 415682f..08438b8 100644
+--- a/drivers/gpio/gpio-omap.c
++++ b/drivers/gpio/gpio-omap.c
+@@ -1162,7 +1162,7 @@ static int omap_gpio_probe(struct platform_device *pdev)
+ const struct omap_gpio_platform_data *pdata;
+ struct resource *res;
+ struct gpio_bank *bank;
+- struct irq_chip *irqc;
++ irq_chip_no_const *irqc;
+ int ret;
+
+ match = of_match_device(of_match_ptr(omap_gpio_match), dev);
diff --git a/drivers/gpio/gpio-rcar.c b/drivers/gpio/gpio-rcar.c
index bf6c094..6573caf 100644
--- a/drivers/gpio/gpio-rcar.c
@@ -43693,6 +43719,19 @@ index 38493ff..001538b 100644
.name = "GIC",
.irq_mask = gic_mask_irq,
.irq_unmask = gic_unmask_irq,
+diff --git a/drivers/irqchip/irq-renesas-intc-irqpin.c b/drivers/irqchip/irq-renesas-intc-irqpin.c
+index 542e850..1bb094c 100644
+--- a/drivers/irqchip/irq-renesas-intc-irqpin.c
++++ b/drivers/irqchip/irq-renesas-intc-irqpin.c
+@@ -353,7 +353,7 @@ static int intc_irqpin_probe(struct platform_device *pdev)
+ struct intc_irqpin_iomem *i;
+ struct resource *io[INTC_IRQPIN_REG_NR];
+ struct resource *irq;
+- struct irq_chip *irq_chip;
++ irq_chip_no_const *irq_chip;
+ void (*enable_fn)(struct irq_data *d);
+ void (*disable_fn)(struct irq_data *d);
+ const char *name = dev_name(dev);
diff --git a/drivers/irqchip/irq-renesas-irqc.c b/drivers/irqchip/irq-renesas-irqc.c
index 8777065..a4a9967 100644
--- a/drivers/irqchip/irq-renesas-irqc.c
@@ -51888,7 +51927,7 @@ index 9cb222e..8766f26 100644
imx_drm_crtc = kzalloc(sizeof(*imx_drm_crtc), GFP_KERNEL);
diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 503b2d7..c918745 100644
+index 503b2d7..c904931 100644
--- a/drivers/staging/line6/driver.c
+++ b/drivers/staging/line6/driver.c
@@ -463,7 +463,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -51939,6 +51978,89 @@ index 503b2d7..c918745 100644
/* receive the result: */
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -520,7 +527,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char status;
++ unsigned char *status;
+
+ ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -533,26 +540,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ return ret;
+ }
+
++ status = kmalloc(1, GFP_KERNEL);
++ if (status == NULL)
++ return -ENOMEM;
++
+ do {
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+ 0x0012, 0x0000,
+- &status, 1, LINE6_TIMEOUT * HZ);
++ status, 1, LINE6_TIMEOUT * HZ);
+
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receiving status failed (error %d)\n", ret);
++ kfree(status);
+ return ret;
+ }
+- } while (status == 0xff);
++ } while (*status == 0xff);
+
+- if (status != 0) {
++ if (*status != 0) {
+ dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++ kfree(status);
+ return -EINVAL;
+ }
+
++ kfree(status);
++
+ return 0;
+ }
+
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index 6943715..0a93632 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+
+ #include "audio.h"
+@@ -307,14 +308,20 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+- int ticks;
++ int *ticks;
+ struct usb_line6 *line6 = &toneport->line6;
+ struct usb_device *usbdev = line6->usbdev;
+ u16 idProduct = le16_to_cpu(usbdev->descriptor.idProduct);
+
++ ticks = kmalloc(sizeof(int), GFP_KERNEL);
++ if (ticks == NULL)
++ return;
++
+ /* sync time on device with host: */
+- ticks = (int)get_seconds();
+- line6_write_data(line6, 0x80c6, &ticks, 4);
++ *ticks = (int)get_seconds();
++ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++ kfree(ticks);
+
+ /* enable device: */
+ toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/drivers/staging/lustre/lnet/selftest/brw_test.c b/drivers/staging/lustre/lnet/selftest/brw_test.c
index a94f336..6a1924d 100644
--- a/drivers/staging/lustre/lnet/selftest/brw_test.c
@@ -60543,7 +60665,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index 7302b75..7d61d19 100644
+index 7302b75..b917171 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -61330,7 +61452,7 @@ index 7302b75..7d61d19 100644
+{
+ unsigned long sp = (unsigned long)&sp;
+ if (sp < current_thread_info()->lowest_stack &&
-+ sp > (unsigned long)task_stack_page(current))
++ sp >= (unsigned long)task_stack_page(current) + 2 * sizeof(unsigned long))
+ current_thread_info()->lowest_stack = sp;
+ if (unlikely((sp & ~(THREAD_SIZE - 1)) < (THREAD_SIZE/16)))
+ BUG();
@@ -72276,10 +72398,10 @@ index 0000000..ca25605
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
-index 0000000..4008fdc
+index 0000000..8ee8e4f
--- /dev/null
+++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,445 @@
+@@ -0,0 +1,447 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
@@ -72720,7 +72842,9 @@ index 0000000..4008fdc
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
-+ if (task != current && task->acl->mode & GR_PROTPROCFD)
++ if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++ !(current->acl->mode & GR_POVERRIDE) &&
++ !(current->role->roletype & GR_ROLE_GOD))
+ return -EACCES;
+
+ return 0;
diff --git a/3.2.66/0000_README b/3.2.66/0000_README
index 22258ee..f224bbd 100644
--- a/3.2.66/0000_README
+++ b/3.2.66/0000_README
@@ -182,7 +182,7 @@ Patch: 1065_linux-3.2.66.patch
From: http://www.kernel.org
Desc: Linux 3.2.66
-Patch: 4420_grsecurity-3.0-3.2.66-201501111416.patch
+Patch: 4420_grsecurity-3.0-3.2.66-201501142321.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.66/4420_grsecurity-3.0-3.2.66-201501111416.patch b/3.2.66/4420_grsecurity-3.0-3.2.66-201501142321.patch
similarity index 99%
rename from 3.2.66/4420_grsecurity-3.0-3.2.66-201501111416.patch
rename to 3.2.66/4420_grsecurity-3.0-3.2.66-201501142321.patch
index 3b28713..0a514cd 100644
--- a/3.2.66/4420_grsecurity-3.0-3.2.66-201501111416.patch
+++ b/3.2.66/4420_grsecurity-3.0-3.2.66-201501142321.patch
@@ -50211,7 +50211,7 @@ index 66a34ad..65f6aea 100644
/* A userspace program has probably made an error if it tries to
* read something that is not a whole number of bpds.
diff --git a/drivers/staging/line6/driver.c b/drivers/staging/line6/driver.c
-index 851b762..9cdf4528 100644
+index 851b762..c09c498 100644
--- a/drivers/staging/line6/driver.c
+++ b/drivers/staging/line6/driver.c
@@ -551,7 +551,7 @@ int line6_read_data(struct usb_line6 *line6, int address, void *data,
@@ -50262,6 +50262,88 @@ index 851b762..9cdf4528 100644
/* receive the result: */
ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0), 0x67,
+@@ -608,7 +615,7 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ {
+ struct usb_device *usbdev = line6->usbdev;
+ int ret;
+- unsigned char status;
++ unsigned char *status;
+
+ ret = usb_control_msg(usbdev, usb_sndctrlpipe(usbdev, 0), 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_OUT,
+@@ -621,26 +628,34 @@ int line6_write_data(struct usb_line6 *line6, int address, void *data,
+ return ret;
+ }
+
++ status = kmalloc(1, GFP_KERNEL);
++ if (status == NULL)
++ return -ENOMEM;
++
+ do {
+ ret = usb_control_msg(usbdev, usb_rcvctrlpipe(usbdev, 0),
+ 0x67,
+ USB_TYPE_VENDOR | USB_RECIP_DEVICE |
+ USB_DIR_IN,
+ 0x0012, 0x0000,
+- &status, 1, LINE6_TIMEOUT * HZ);
++ status, 1, LINE6_TIMEOUT * HZ);
+
+ if (ret < 0) {
+ dev_err(line6->ifcdev,
+ "receiving status failed (error %d)\n", ret);
++ kfree(status);
+ return ret;
+ }
+- } while (status == 0xff);
++ } while (*status == 0xff);
+
+- if (status != 0) {
++ if (*status != 0) {
+ dev_err(line6->ifcdev, "write failed (error %d)\n", ret);
++ kfree(status);
+ return -EINVAL;
+ }
+
++ kfree(status);
++
+ return 0;
+ }
+
+diff --git a/drivers/staging/line6/toneport.c b/drivers/staging/line6/toneport.c
+index 879e699..0d53b97 100644
+--- a/drivers/staging/line6/toneport.c
++++ b/drivers/staging/line6/toneport.c
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/wait.h>
++#include <linux/slab.h>
+ #include <sound/control.h>
+
+ #include "audio.h"
+@@ -310,13 +311,19 @@ static void toneport_destruct(struct usb_interface *interface)
+ */
+ static void toneport_setup(struct usb_line6_toneport *toneport)
+ {
+- int ticks;
++ int *ticks;
+ struct usb_line6 *line6 = &toneport->line6;
+ struct usb_device *usbdev = line6->usbdev;
+
++ ticks = kmalloc(sizeof(int), GFP_KERNEL);
++ if (ticks == NULL)
++ return;
++
+ /* sync time on device with host: */
+- ticks = (int)get_seconds();
+- line6_write_data(line6, 0x80c6, &ticks, 4);
++ *ticks = (int)get_seconds();
++ line6_write_data(line6, 0x80c6, ticks, sizeof(int));
++
++ kfree(ticks);
+
+ /* enable device: */
+ toneport_send_cmd(usbdev, 0x0301, 0x0000);
diff --git a/drivers/staging/media/solo6x10/g723.c b/drivers/staging/media/solo6x10/g723.c
index 2cd0de2..0169c04 100644
--- a/drivers/staging/media/solo6x10/g723.c
@@ -72034,10 +72116,10 @@ index 0000000..ca25605
+
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
-index 0000000..0805fd9
+index 0000000..b916759
--- /dev/null
+++ b/grsecurity/gracl_fs.c
-@@ -0,0 +1,437 @@
+@@ -0,0 +1,439 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/types.h>
@@ -72470,7 +72552,9 @@ index 0000000..0805fd9
+ if (unlikely(!gr_acl_is_enabled()))
+ return 0;
+
-+ if (task != current && task->acl->mode & GR_PROTPROCFD)
++ if (task != current && (task->acl->mode & GR_PROTPROCFD) &&
++ !(current->acl->mode & GR_POVERRIDE) &&
++ !(current->role->roletype & GR_ROLE_GOD))
+ return -EACCES;
+
+ return 0;
reply other threads:[~2015-01-16 0:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1421368189.44e08a97859303381577b13c0c1407626dda2195.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox