* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-15 18:54 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-15 18:54 UTC (permalink / raw
To: gentoo-commits
commit: df5765ccf2fcc59e11b068e559e0528356afe44f
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 15 18:56:10 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Jun 15 18:56:10 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=df5765cc
grsecurity-3.1-4.5.7-201606142010
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606142010.patch} | 1324 ++++++++++++++++----
2 files changed, 1056 insertions(+), 270 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 67f12a7..7dd453b 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606080852.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606142010.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
index 65f5e28..b46e7cf 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
@@ -3631,6 +3631,68 @@ index 549f6d3..909a9dc 100644
default y if ARM_ARCH_TIMER
select GENERIC_TIME_VSYSCALL
help
+diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c
+index 7d5f4c7..c6a0816 100644
+--- a/arch/arm/mm/alignment.c
++++ b/arch/arm/mm/alignment.c
+@@ -778,6 +778,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ u16 tinstr = 0;
+ int isize = 4;
+ int thumb2_32b = 0;
++ bool is_user_mode = user_mode(regs);
+
+ if (interrupts_enabled(regs))
+ local_irq_enable();
+@@ -786,14 +787,24 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+
+ if (thumb_mode(regs)) {
+ u16 *ptr = (u16 *)(instrptr & ~1);
+- fault = probe_kernel_address(ptr, tinstr);
++ if (is_user_mode) {
++ pax_open_userland();
++ fault = probe_kernel_address(ptr, tinstr);
++ pax_close_userland();
++ } else
++ fault = probe_kernel_address(ptr, tinstr);
+ tinstr = __mem_to_opcode_thumb16(tinstr);
+ if (!fault) {
+ if (cpu_architecture() >= CPU_ARCH_ARMv7 &&
+ IS_T32(tinstr)) {
+ /* Thumb-2 32-bit */
+ u16 tinst2 = 0;
+- fault = probe_kernel_address(ptr + 1, tinst2);
++ if (is_user_mode) {
++ pax_open_userland();
++ fault = probe_kernel_address(ptr + 1, tinst2);
++ pax_close_userland();
++ } else
++ fault = probe_kernel_address(ptr + 1, tinst2);
+ tinst2 = __mem_to_opcode_thumb16(tinst2);
+ instr = __opcode_thumb32_compose(tinstr, tinst2);
+ thumb2_32b = 1;
+@@ -803,7 +814,12 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ }
+ }
+ } else {
+- fault = probe_kernel_address((void *)instrptr, instr);
++ if (is_user_mode) {
++ pax_open_userland();
++ fault = probe_kernel_address((void *)instrptr, instr);
++ pax_close_userland();
++ } else
++ fault = probe_kernel_address((void *)instrptr, instr);
+ instr = __mem_to_opcode_arm(instr);
+ }
+
+@@ -812,7 +828,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ goto bad_or_fault;
+ }
+
+- if (user_mode(regs))
++ if (is_user_mode)
+ goto user;
+
+ ai_sys += 1;
diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c
index 9f9d542..5189649 100644
--- a/arch/arm/mm/cache-l2x0.c
@@ -97446,6 +97508,123 @@ index 8580831..36166e5 100644
retval = sysfs_create_mount_point(kernel_kobj, "debug");
if (retval)
return retval;
+diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
+index feef8a9..f024040 100644
+--- a/fs/ecryptfs/file.c
++++ b/fs/ecryptfs/file.c
+@@ -112,7 +112,6 @@ static int ecryptfs_readdir(struct file *file, struct dir_context *ctx)
+ .sb = inode->i_sb,
+ };
+ lower_file = ecryptfs_file_to_lower(file);
+- lower_file->f_pos = ctx->pos;
+ rc = iterate_dir(lower_file, &buf.ctx);
+ ctx->pos = buf.ctx.pos;
+ if (rc < 0)
+@@ -223,14 +222,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
+ }
+ ecryptfs_set_file_lower(
+ file, ecryptfs_inode_to_private(inode)->lower_file);
+- if (d_is_dir(ecryptfs_dentry)) {
+- ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
+- mutex_lock(&crypt_stat->cs_mutex);
+- crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
+- mutex_unlock(&crypt_stat->cs_mutex);
+- rc = 0;
+- goto out;
+- }
+ rc = read_or_initialize_metadata(ecryptfs_dentry);
+ if (rc)
+ goto out_put;
+@@ -247,6 +238,45 @@ out:
+ return rc;
+ }
+
++/**
++ * ecryptfs_dir_open
++ * @inode: inode speciying file to open
++ * @file: Structure to return filled in
++ *
++ * Opens the file specified by inode.
++ *
++ * Returns zero on success; non-zero otherwise
++ */
++static int ecryptfs_dir_open(struct inode *inode, struct file *file)
++{
++ struct dentry *ecryptfs_dentry = file->f_path.dentry;
++ /* Private value of ecryptfs_dentry allocated in
++ * ecryptfs_lookup() */
++ struct ecryptfs_file_info *file_info;
++ struct file *lower_file;
++
++ /* Released in ecryptfs_release or end of function if failure */
++ file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
++ ecryptfs_set_file_private(file, file_info);
++ if (unlikely(!file_info)) {
++ ecryptfs_printk(KERN_ERR,
++ "Error attempting to allocate memory\n");
++ return -ENOMEM;
++ }
++ lower_file = dentry_open(ecryptfs_dentry_to_lower_path(ecryptfs_dentry),
++ file->f_flags, current_cred());
++ if (IS_ERR(lower_file)) {
++ printk(KERN_ERR "%s: Error attempting to initialize "
++ "the lower file for the dentry with name "
++ "[%pd]; rc = [%ld]\n", __func__,
++ ecryptfs_dentry, PTR_ERR(lower_file));
++ kmem_cache_free(ecryptfs_file_info_cache, file_info);
++ return PTR_ERR(lower_file);
++ }
++ ecryptfs_set_file_lower(file, lower_file);
++ return 0;
++}
++
+ static int ecryptfs_flush(struct file *file, fl_owner_t td)
+ {
+ struct file *lower_file = ecryptfs_file_to_lower(file);
+@@ -267,6 +297,19 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
+ return 0;
+ }
+
++static int ecryptfs_dir_release(struct inode *inode, struct file *file)
++{
++ fput(ecryptfs_file_to_lower(file));
++ kmem_cache_free(ecryptfs_file_info_cache,
++ ecryptfs_file_to_private(file));
++ return 0;
++}
++
++static loff_t ecryptfs_dir_llseek(struct file *file, loff_t offset, int whence)
++{
++ return vfs_llseek(ecryptfs_file_to_lower(file), offset, whence);
++}
++
+ static int
+ ecryptfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
+ {
+@@ -346,20 +389,16 @@ const struct file_operations ecryptfs_dir_fops = {
+ #ifdef CONFIG_COMPAT
+ .compat_ioctl = ecryptfs_compat_ioctl,
+ #endif
+- .open = ecryptfs_open,
+- .flush = ecryptfs_flush,
+- .release = ecryptfs_release,
++ .open = ecryptfs_dir_open,
++ .release = ecryptfs_dir_release,
+ .fsync = ecryptfs_fsync,
+- .fasync = ecryptfs_fasync,
+- .splice_read = generic_file_splice_read,
+- .llseek = default_llseek,
++ .llseek = ecryptfs_dir_llseek,
+ };
+
+ const struct file_operations ecryptfs_main_fops = {
+ .llseek = generic_file_llseek,
+ .read_iter = ecryptfs_read_update_atime,
+ .write_iter = generic_file_write_iter,
+- .iterate = ecryptfs_readdir,
+ .unlocked_ioctl = ecryptfs_unlocked_ioctl,
+ #ifdef CONFIG_COMPAT
+ .compat_ioctl = ecryptfs_compat_ioctl,
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
index 4e685ac..462fc20 100644
--- a/fs/ecryptfs/inode.c
@@ -97483,6 +97662,45 @@ index 6bd67e2..1d71a4b 100644
}
s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
+diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
+index 866bb18..e818f5a 100644
+--- a/fs/ecryptfs/kthread.c
++++ b/fs/ecryptfs/kthread.c
+@@ -25,6 +25,7 @@
+ #include <linux/slab.h>
+ #include <linux/wait.h>
+ #include <linux/mount.h>
++#include <linux/file.h>
+ #include "ecryptfs_kernel.h"
+
+ struct ecryptfs_open_req {
+@@ -147,7 +148,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
+ (*lower_file) = dentry_open(&req.path, flags, cred);
+ if (!IS_ERR(*lower_file))
+- goto out;
++ goto have_file;
+ if ((flags & O_ACCMODE) == O_RDONLY) {
+ rc = PTR_ERR((*lower_file));
+ goto out;
+@@ -165,8 +166,16 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ mutex_unlock(&ecryptfs_kthread_ctl.mux);
+ wake_up(&ecryptfs_kthread_ctl.wait);
+ wait_for_completion(&req.done);
+- if (IS_ERR(*lower_file))
++ if (IS_ERR(*lower_file)) {
+ rc = PTR_ERR(*lower_file);
++ goto out;
++ }
++have_file:
++ if ((*lower_file)->f_op->mmap == NULL) {
++ fput(*lower_file);
++ *lower_file = NULL;
++ rc = -EMEDIUMTYPE;
++ }
+ out:
+ return rc;
+ }
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
index e4141f2..d8263e8 100644
--- a/fs/ecryptfs/miscdev.c
@@ -97497,7 +97715,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..b1bb7fa 100644
+index dcd4ac7..50eef0a 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -97835,15 +98053,7 @@ index dcd4ac7..b1bb7fa 100644
set_fs(old_fs);
return result;
}
-@@ -869,6 +959,7 @@ static int exec_mmap(struct mm_struct *mm)
- tsk->mm = mm;
- tsk->active_mm = mm;
- activate_mm(active_mm, mm);
-+ populate_stack();
- tsk->mm->vmacache_seqnum = 0;
- vmacache_flush(tsk);
- task_unlock(tsk);
-@@ -1277,7 +1368,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1277,7 +1367,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -97852,7 +98062,7 @@ index dcd4ac7..b1bb7fa 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
else
p->fs->in_exec = 1;
-@@ -1478,6 +1569,31 @@ static int exec_binprm(struct linux_binprm *bprm)
+@@ -1478,6 +1568,31 @@ static int exec_binprm(struct linux_binprm *bprm)
return ret;
}
@@ -97884,7 +98094,7 @@ index dcd4ac7..b1bb7fa 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1486,6 +1602,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1486,6 +1601,11 @@ static int do_execveat_common(int fd, struct filename *filename,
struct user_arg_ptr envp,
int flags)
{
@@ -97896,7 +98106,7 @@ index dcd4ac7..b1bb7fa 100644
char *pathbuf = NULL;
struct linux_binprm *bprm;
struct file *file;
-@@ -1495,6 +1616,8 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1495,6 +1615,8 @@ static int do_execveat_common(int fd, struct filename *filename,
if (IS_ERR(filename))
return PTR_ERR(filename);
@@ -97905,7 +98115,7 @@ index dcd4ac7..b1bb7fa 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1558,6 +1681,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1558,6 +1680,11 @@ static int do_execveat_common(int fd, struct filename *filename,
}
bprm->interp = bprm->filename;
@@ -97917,7 +98127,7 @@ index dcd4ac7..b1bb7fa 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_unmark;
-@@ -1574,24 +1702,70 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1574,24 +1701,70 @@ static int do_execveat_common(int fd, struct filename *filename,
if (retval < 0)
goto out;
@@ -97992,7 +98202,7 @@ index dcd4ac7..b1bb7fa 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1603,6 +1777,14 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1603,6 +1776,14 @@ static int do_execveat_common(int fd, struct filename *filename,
put_files_struct(displaced);
return retval;
@@ -98007,7 +98217,7 @@ index dcd4ac7..b1bb7fa 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1749,3 +1931,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -98163,7 +98373,7 @@ index dcd4ac7..b1bb7fa 100644
+
+#ifdef CONFIG_PAX_USERCOPY
+/* 0: not at all, 1: fully, 2: fully inside frame, -1: partially (implies an error) */
-+static noinline int check_stack_object(const void *obj, unsigned long len)
++static noinline int check_stack_object(unsigned long obj, unsigned long len)
+{
+ const void * const stack = task_stack_page(current);
+ const void * const stackend = stack + THREAD_SIZE;
@@ -98176,10 +98386,10 @@ index dcd4ac7..b1bb7fa 100644
+ if (obj + len < obj)
+ return -1;
+
-+ if (obj + len <= stack || stackend <= obj)
++ if (obj + len <= (unsigned long)stack || (unsigned long)stackend <= obj)
+ return 0;
+
-+ if (obj < stack || stackend < obj + len)
++ if (obj < (unsigned long)stack || (unsigned long)stackend < obj + len)
+ return -1;
+
+#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86)
@@ -98198,8 +98408,8 @@ index dcd4ac7..b1bb7fa 100644
+ causing us to bail out and correctly report
+ the copy as invalid
+ */
-+ if (obj + len <= frame)
-+ return obj >= oldframe + 2 * sizeof(void *) ? 2 : -1;
++ if (obj + len <= (unsigned long)frame)
++ return obj >= (unsigned long)oldframe + 2 * sizeof(void *) ? 2 : -1;
+ oldframe = frame;
+ frame = *(const void * const *)frame;
+ }
@@ -98280,7 +98490,7 @@ index dcd4ac7..b1bb7fa 100644
+
+ type = check_heap_object(ptr, n);
+ if (!type) {
-+ int ret = check_stack_object(ptr, n);
++ int ret = check_stack_object((unsigned long)ptr, n);
+ if (ret == 1 || ret == 2)
+ return;
+ if (ret == 0) {
@@ -113366,10 +113576,24 @@ index fe5b6e6..cd2913c 100644
kfree(ctl_table_arg);
goto out;
diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 361ab4e..9720b97 100644
+index 361ab4e..55e45e9 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
-@@ -187,7 +187,15 @@ void __init proc_root_init(void)
+@@ -121,6 +121,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
+ if (IS_ERR(sb))
+ return ERR_CAST(sb);
+
++ /*
++ * procfs isn't actually a stacking filesystem; however, there is
++ * too much magic going on inside it to permit stacking things on
++ * top of it
++ */
++ sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
++
+ if (!proc_parse_options(options, ns)) {
+ deactivate_locked_super(sb);
+ return ERR_PTR(-EINVAL);
+@@ -187,7 +194,15 @@ void __init proc_root_init(void)
proc_create_mount_point("openprom");
#endif
proc_tty_init();
@@ -115023,6 +115247,157 @@ index 642d55d..d8ccf82 100644
xfs_dir3_get_dtype(dp->i_mount, filetype)))
return 0;
sfep = dp->d_ops->sf_nextentry(sfp, sfep);
+diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
+index d7a490f..59a8848 100644
+--- a/fs/xfs/xfs_icache.c
++++ b/fs/xfs/xfs_icache.c
+@@ -91,13 +91,6 @@ xfs_inode_free_callback(
+ struct inode *inode = container_of(head, struct inode, i_rcu);
+ struct xfs_inode *ip = XFS_I(inode);
+
+- kmem_zone_free(xfs_inode_zone, ip);
+-}
+-
+-void
+-xfs_inode_free(
+- struct xfs_inode *ip)
+-{
+ switch (ip->i_d.di_mode & S_IFMT) {
+ case S_IFREG:
+ case S_IFDIR:
+@@ -115,6 +108,25 @@ xfs_inode_free(
+ ip->i_itemp = NULL;
+ }
+
++ kmem_zone_free(xfs_inode_zone, ip);
++}
++
++static void
++__xfs_inode_free(
++ struct xfs_inode *ip)
++{
++ /* asserts to verify all state is correct here */
++ ASSERT(atomic_read(&ip->i_pincount) == 0);
++ ASSERT(!xfs_isiflocked(ip));
++ XFS_STATS_DEC(ip->i_mount, vn_active);
++
++ call_rcu(&VFS_I(ip)->i_rcu, xfs_inode_free_callback);
++}
++
++void
++xfs_inode_free(
++ struct xfs_inode *ip)
++{
+ /*
+ * Because we use RCU freeing we need to ensure the inode always
+ * appears to be reclaimed with an invalid inode number when in the
+@@ -126,12 +138,7 @@ xfs_inode_free(
+ ip->i_ino = 0;
+ spin_unlock(&ip->i_flags_lock);
+
+- /* asserts to verify all state is correct here */
+- ASSERT(atomic_read(&ip->i_pincount) == 0);
+- ASSERT(!xfs_isiflocked(ip));
+- XFS_STATS_DEC(ip->i_mount, vn_active);
+-
+- call_rcu(&VFS_I(ip)->i_rcu, xfs_inode_free_callback);
++ __xfs_inode_free(ip);
+ }
+
+ /*
+@@ -741,8 +748,7 @@ __xfs_inode_set_reclaim_tag(
+ if (!pag->pag_ici_reclaimable) {
+ /* propagate the reclaim tag up into the perag radix tree */
+ spin_lock(&ip->i_mount->m_perag_lock);
+- radix_tree_tag_set(&ip->i_mount->m_perag_tree,
+- XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino),
++ radix_tree_tag_set(&ip->i_mount->m_perag_tree, pag->pag_agno,
+ XFS_ICI_RECLAIM_TAG);
+ spin_unlock(&ip->i_mount->m_perag_lock);
+
+@@ -786,8 +792,7 @@ __xfs_inode_clear_reclaim(
+ if (!pag->pag_ici_reclaimable) {
+ /* clear the reclaim tag from the perag radix tree */
+ spin_lock(&ip->i_mount->m_perag_lock);
+- radix_tree_tag_clear(&ip->i_mount->m_perag_tree,
+- XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino),
++ radix_tree_tag_clear(&ip->i_mount->m_perag_tree, pag->pag_agno,
+ XFS_ICI_RECLAIM_TAG);
+ spin_unlock(&ip->i_mount->m_perag_lock);
+ trace_xfs_perag_clear_reclaim(ip->i_mount, pag->pag_agno,
+@@ -898,6 +903,7 @@ xfs_reclaim_inode(
+ int sync_mode)
+ {
+ struct xfs_buf *bp = NULL;
++ xfs_ino_t ino = ip->i_ino; /* for radix_tree_delete */
+ int error;
+
+ restart:
+@@ -962,6 +968,22 @@ restart:
+
+ xfs_iflock(ip);
+ reclaim:
++ /*
++ * Because we use RCU freeing we need to ensure the inode always appears
++ * to be reclaimed with an invalid inode number when in the free state.
++ * We do this as early as possible under the ILOCK and flush lock so
++ * that xfs_iflush_cluster() can be guaranteed to detect races with us
++ * here. By doing this, we guarantee that once xfs_iflush_cluster has
++ * locked both the XFS_ILOCK and the flush lock that it will see either
++ * a valid, flushable inode that will serialise correctly against the
++ * locks below, or it will see a clean (and invalid) inode that it can
++ * skip.
++ */
++ spin_lock(&ip->i_flags_lock);
++ ip->i_flags = XFS_IRECLAIM;
++ ip->i_ino = 0;
++ spin_unlock(&ip->i_flags_lock);
++
+ xfs_ifunlock(ip);
+ xfs_iunlock(ip, XFS_ILOCK_EXCL);
+
+@@ -975,7 +997,7 @@ reclaim:
+ */
+ spin_lock(&pag->pag_ici_lock);
+ if (!radix_tree_delete(&pag->pag_ici_root,
+- XFS_INO_TO_AGINO(ip->i_mount, ip->i_ino)))
++ XFS_INO_TO_AGINO(ip->i_mount, ino)))
+ ASSERT(0);
+ __xfs_inode_clear_reclaim(pag, ip);
+ spin_unlock(&pag->pag_ici_lock);
+@@ -992,7 +1014,7 @@ reclaim:
+ xfs_qm_dqdetach(ip);
+ xfs_iunlock(ip, XFS_ILOCK_EXCL);
+
+- xfs_inode_free(ip);
++ __xfs_inode_free(ip);
+ return error;
+
+ out_ifunlock:
+diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
+index c738a52..658eea8 100644
+--- a/fs/xfs/xfs_inode.c
++++ b/fs/xfs/xfs_inode.c
+@@ -3259,6 +3259,19 @@ xfs_iflush_cluster(
+ continue;
+ }
+
++
++ /*
++ * Check the inode number again, just to be certain we are not
++ * racing with freeing in xfs_reclaim_inode(). See the comments
++ * in that function for more information as to why the initial
++ * check is not sufficient.
++ */
++ if (!iq->i_ino) {
++ xfs_ifunlock(iq);
++ xfs_iunlock(iq, XFS_ILOCK_SHARED);
++ continue;
++ }
++
+ /*
+ * arriving here means that this inode can be flushed. First
+ * re-check that it's dirty before flushing.
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 478d04e..3d6a86b 100644
--- a/fs/xfs/xfs_ioctl.c
@@ -132656,7 +133031,7 @@ index 556ec1e..38c19c9 100644
/*
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a10494a..9f25fd6 100644
+index a10494a..2d7faf1 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -7,7 +7,7 @@
@@ -132929,17 +133304,16 @@ index a10494a..9f25fd6 100644
{
return tsk->pid;
}
-@@ -2289,6 +2397,26 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
+#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+static inline void populate_stack(void)
++static inline void populate_stack(void *stack)
+{
-+ struct task_struct *curtask = current;
+ int c;
-+ int *ptr = curtask->stack;
-+ int *end = curtask->stack + THREAD_SIZE;
++ int *ptr = stack;
++ int *end = stack + THREAD_SIZE;
+
+ while (ptr < end) {
+ c = *(volatile int *)ptr;
@@ -132948,7 +133322,7 @@ index a10494a..9f25fd6 100644
+ }
+}
+#else
-+static inline void populate_stack(void)
++static inline void populate_stack(void *stack)
+{
+}
+#endif
@@ -132956,7 +133330,7 @@ index a10494a..9f25fd6 100644
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2417,7 +2545,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
+@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
void yield(void);
union thread_union {
@@ -132966,7 +133340,7 @@ index a10494a..9f25fd6 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2450,6 +2580,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -132974,7 +133348,7 @@ index a10494a..9f25fd6 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2481,7 +2612,7 @@ extern void proc_caches_init(void);
+@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void);
extern void flush_signals(struct task_struct *);
extern void ignore_signals(struct task_struct *);
extern void flush_signal_handlers(struct task_struct *, int force_default);
@@ -132983,7 +133357,7 @@ index a10494a..9f25fd6 100644
static inline int kernel_dequeue_signal(siginfo_t *info)
{
-@@ -2635,7 +2766,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -132992,7 +133366,7 @@ index a10494a..9f25fd6 100644
extern int do_execve(struct filename *,
const char __user * const __user *,
-@@ -2750,11 +2881,13 @@ static inline int thread_group_empty(struct task_struct *p)
+@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p)
* It must not be nested with write_lock_irq(&tasklist_lock),
* neither inside nor outside.
*/
@@ -133006,7 +133380,7 @@ index a10494a..9f25fd6 100644
static inline void task_unlock(struct task_struct *p)
{
spin_unlock(&p->alloc_lock);
-@@ -2840,9 +2973,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#define task_stack_end_corrupted(task) \
(*(end_of_stack(task)) != STACK_END_MAGIC)
@@ -138371,10 +138745,10 @@ index c112abb..49d919f 100644
if (wo->wo_flags & __WNOTHREAD)
break;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 2e391c7..555531a 100644
+index 2e391c7..4af22a9 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -188,12 +188,54 @@ static void free_thread_info(struct thread_info *ti)
+@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
void thread_info_cache_init(void)
{
thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE,
@@ -138405,7 +138779,8 @@ index 2e391c7..555531a 100644
+ if (ret == NULL) {
+ free_thread_info(*lowmem_stack);
+ *lowmem_stack = NULL;
-+ }
++ } else
++ populate_stack(ret);
+
+out:
+ return ret;
@@ -138430,7 +138805,7 @@ index 2e391c7..555531a 100644
/* SLAB cache for signal_struct structures (tsk->signal) */
static struct kmem_cache *signal_cachep;
-@@ -212,18 +254,22 @@ struct kmem_cache *vm_area_cachep;
+@@ -212,18 +255,22 @@ struct kmem_cache *vm_area_cachep;
/* SLAB cache for mm_struct structures (tsk->mm) */
static struct kmem_cache *mm_cachep;
@@ -138456,7 +138831,7 @@ index 2e391c7..555531a 100644
rt_mutex_debug_task_free(tsk);
ftrace_graph_exit_task(tsk);
put_seccomp_filter(tsk);
-@@ -290,7 +336,7 @@ static void set_max_threads(unsigned int max_threads_suggested)
+@@ -290,7 +337,7 @@ static void set_max_threads(unsigned int max_threads_suggested)
#ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
/* Initialized by the architecture: */
@@ -138465,7 +138840,7 @@ index 2e391c7..555531a 100644
#endif
void __init fork_init(void)
-@@ -335,6 +381,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -335,6 +382,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
{
struct task_struct *tsk;
struct thread_info *ti;
@@ -138473,7 +138848,7 @@ index 2e391c7..555531a 100644
int node = tsk_fork_get_node(orig);
int err;
-@@ -342,7 +389,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -342,7 +390,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
if (!tsk)
return NULL;
@@ -138482,7 +138857,7 @@ index 2e391c7..555531a 100644
if (!ti)
goto free_tsk;
-@@ -351,6 +398,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -351,6 +399,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
goto free_ti;
tsk->stack = ti;
@@ -138492,7 +138867,7 @@ index 2e391c7..555531a 100644
#ifdef CONFIG_SECCOMP
/*
* We must handle setting up seccomp filters once we're under
-@@ -367,7 +417,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -367,7 +418,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
set_task_stack_end_magic(tsk);
#ifdef CONFIG_CC_STACKPROTECTOR
@@ -138501,7 +138876,7 @@ index 2e391c7..555531a 100644
#endif
/*
-@@ -382,24 +432,90 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -382,24 +433,90 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
tsk->task_frag.page = NULL;
tsk->wake_q.next = NULL;
@@ -138596,7 +138971,7 @@ index 2e391c7..555531a 100644
uprobe_start_dup_mmap();
down_write(&oldmm->mmap_sem);
-@@ -430,52 +546,14 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -430,52 +547,14 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
prev = NULL;
for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
@@ -138653,7 +139028,7 @@ index 2e391c7..555531a 100644
}
/*
-@@ -507,6 +585,38 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -507,6 +586,38 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
if (retval)
goto out;
}
@@ -138692,7 +139067,7 @@ index 2e391c7..555531a 100644
/* a new mm has just been created */
arch_dup_mmap(oldmm, mm);
retval = 0;
-@@ -516,14 +626,6 @@ out:
+@@ -516,14 +627,6 @@ out:
up_write(&oldmm->mmap_sem);
uprobe_end_dup_mmap();
return retval;
@@ -138707,7 +139082,7 @@ index 2e391c7..555531a 100644
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -798,8 +900,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+@@ -798,8 +901,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
return ERR_PTR(err);
mm = get_task_mm(task);
@@ -138718,7 +139093,7 @@ index 2e391c7..555531a 100644
mmput(mm);
mm = ERR_PTR(-EACCES);
}
-@@ -1000,13 +1102,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -1000,13 +1103,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
@@ -138740,7 +139115,7 @@ index 2e391c7..555531a 100644
return 0;
}
-@@ -1239,7 +1348,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
+@@ -1239,7 +1349,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
* parts of the process environment (as per the clone
* flags). The actual kick-off is left to the caller.
*/
@@ -138749,7 +139124,7 @@ index 2e391c7..555531a 100644
unsigned long stack_start,
unsigned long stack_size,
int __user *child_tidptr,
-@@ -1310,6 +1419,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1310,6 +1420,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -138759,7 +139134,7 @@ index 2e391c7..555531a 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (p->real_cred->user != INIT_USER &&
-@@ -1568,6 +1680,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_cancel_cgroup;
}
@@ -138771,7 +139146,7 @@ index 2e391c7..555531a 100644
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1657,6 +1774,8 @@ bad_fork_cleanup_count:
+@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -138780,7 +139155,7 @@ index 2e391c7..555531a 100644
return ERR_PTR(retval);
}
-@@ -1719,6 +1838,7 @@ long _do_fork(unsigned long clone_flags,
+@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace, tls);
@@ -138788,7 +139163,7 @@ index 2e391c7..555531a 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1735,6 +1855,8 @@ long _do_fork(unsigned long clone_flags,
+@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -138797,7 +139172,7 @@ index 2e391c7..555531a 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1871,7 +1993,7 @@ void __init proc_caches_init(void)
+@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
NULL);
@@ -138806,7 +139181,7 @@ index 2e391c7..555531a 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1919,7 +2041,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -138815,7 +139190,7 @@ index 2e391c7..555531a 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -2032,7 +2154,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -138825,7 +139200,7 @@ index 2e391c7..555531a 100644
new_fs = NULL;
else
new_fs = fs;
-@@ -2096,7 +2219,7 @@ int unshare_files(struct files_struct **displaced)
+@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
int sysctl_max_threads(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -141676,7 +142051,7 @@ index a5d966c..9c2d28b 100644
#ifdef CONFIG_RT_GROUP_SCHED
/*
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 1c1d2a0..a8b297a 100644
+index 1c1d2a0..1b7307c 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -2263,7 +2263,7 @@ void set_numabalancing_state(bool enabled)
@@ -141706,18 +142081,27 @@ index 1c1d2a0..a8b297a 100644
next = head->next;
head->next = NULL;
head = next;
-@@ -2784,8 +2784,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2784,8 +2784,9 @@ context_switch(struct rq *rq, struct task_struct *prev,
next->active_mm = oldmm;
atomic_inc(&oldmm->mm_count);
enter_lazy_tlb(oldmm, next);
- } else
+ } else {
switch_mm(oldmm, mm, next);
-+ populate_stack();
+ }
if (!prev->mm) {
prev->active_mm = NULL;
+@@ -3109,7 +3110,8 @@ static noinline void __schedule_bug(struct task_struct *prev)
+ static inline void schedule_debug(struct task_struct *prev)
+ {
+ #ifdef CONFIG_SCHED_STACK_END_CHECK
+- BUG_ON(task_stack_end_corrupted(prev));
++ if (task_stack_end_corrupted(prev))
++ panic("corrupted stack end detected inside scheduler\n");
+ #endif
+
+ if (unlikely(in_atomic_preempt_off())) {
@@ -3609,6 +3611,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = nice_to_rlimit(nice);
@@ -141745,15 +142129,7 @@ index 1c1d2a0..a8b297a 100644
/* can't increase priority */
if (attr->sched_priority > p->rt_priority &&
attr->sched_priority > rlim_rtprio)
-@@ -5285,6 +5291,7 @@ void idle_task_exit(void)
-
- if (mm != &init_mm) {
- switch_mm(mm, &init_mm, current);
-+ populate_stack();
- finish_arch_post_lock_switch();
- }
- mmdrop(mm);
-@@ -5410,7 +5417,7 @@ static void migrate_tasks(struct rq *dead_rq)
+@@ -5410,7 +5416,7 @@ static void migrate_tasks(struct rq *dead_rq)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -141762,7 +142138,7 @@ index 1c1d2a0..a8b297a 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -5427,17 +5434,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -5427,17 +5433,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -141784,7 +142160,7 @@ index 1c1d2a0..a8b297a 100644
/*
* In the intermediate directories, both the child directory and
-@@ -5445,22 +5452,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -5445,22 +5451,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -141816,7 +142192,7 @@ index 1c1d2a0..a8b297a 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -5480,7 +5490,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5480,7 +5489,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -141825,7 +142201,7 @@ index 1c1d2a0..a8b297a 100644
if (table == NULL)
return NULL;
-@@ -5518,9 +5528,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5518,9 +5527,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -141837,7 +142213,7 @@ index 1c1d2a0..a8b297a 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5547,11 +5557,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5547,11 +5556,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -141852,7 +142228,7 @@ index 1c1d2a0..a8b297a 100644
if (entry == NULL)
return;
-@@ -5573,8 +5585,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5573,8 +5584,12 @@ static void unregister_sched_domain_sysctl(void)
{
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -142205,10 +142581,18 @@ index d903c02..c3efd35 100644
unsigned long flags;
int ret = 0;
diff --git a/kernel/smpboot.c b/kernel/smpboot.c
-index d264f59..48b8da3 100644
+index d264f59..fd4da04 100644
--- a/kernel/smpboot.c
+++ b/kernel/smpboot.c
-@@ -301,7 +301,7 @@ int smpboot_register_percpu_thread_cpumask(struct smp_hotplug_thread *plug_threa
+@@ -13,6 +13,7 @@
+ #include <linux/percpu.h>
+ #include <linux/kthread.h>
+ #include <linux/smpboot.h>
++#include <asm/pgtable.h>
+
+ #include "smpboot.h"
+
+@@ -301,7 +302,7 @@ int smpboot_register_percpu_thread_cpumask(struct smp_hotplug_thread *plug_threa
if (cpumask_test_cpu(cpu, cpumask))
smpboot_unpark_thread(plug_thread, cpu);
}
@@ -142217,7 +142601,7 @@ index d264f59..48b8da3 100644
out:
mutex_unlock(&smpboot_threads_lock);
put_online_cpus();
-@@ -319,7 +319,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -319,7 +320,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
{
get_online_cpus();
mutex_lock(&smpboot_threads_lock);
@@ -142226,6 +142610,16 @@ index d264f59..48b8da3 100644
smpboot_destroy_threads(plug_thread);
mutex_unlock(&smpboot_threads_lock);
put_online_cpus();
+@@ -359,7 +360,9 @@ int smpboot_update_cpumask_percpu_thread(struct smp_hotplug_thread *plug_thread,
+ for_each_cpu_and(cpu, tmp, cpu_online_mask)
+ smpboot_unpark_thread(plug_thread, cpu);
+
++ pax_open_kernel();
+ cpumask_copy(old, new);
++ pax_close_kernel();
+
+ mutex_unlock(&smpboot_threads_lock);
+ put_online_cpus();
diff --git a/kernel/softirq.c b/kernel/softirq.c
index 479e443..4072c49 100644
--- a/kernel/softirq.c
@@ -148702,9 +149096,18 @@ index 1d11790..1cc6074 100644
spin_unlock_irqrestore(&zone->lock, flags);
}
diff --git a/mm/percpu.c b/mm/percpu.c
-index 998607a..4854f93 100644
+index 998607a..389e6ba 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
+@@ -110,7 +110,7 @@ struct pcpu_chunk {
+ int map_used; /* # of map entries used before the sentry */
+ int map_alloc; /* # of map entries allocated */
+ int *map; /* allocation map */
+- struct work_struct map_extend_work;/* async ->map[] extension */
++ struct list_head map_extend_list;/* on pcpu_map_extend_chunks */
+
+ void *data; /* chunk data */
+ int first_free; /* no free below this */
@@ -131,7 +131,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
static unsigned int pcpu_high_unit_cpu __read_mostly;
@@ -148714,6 +149117,192 @@ index 998607a..4854f93 100644
EXPORT_SYMBOL_GPL(pcpu_base_addr);
static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */
+@@ -160,10 +160,13 @@ static struct pcpu_chunk *pcpu_reserved_chunk;
+ static int pcpu_reserved_chunk_limit;
+
+ static DEFINE_SPINLOCK(pcpu_lock); /* all internal data structures */
+-static DEFINE_MUTEX(pcpu_alloc_mutex); /* chunk create/destroy, [de]pop */
++static DEFINE_MUTEX(pcpu_alloc_mutex); /* chunk create/destroy, [de]pop, map ext */
+
+ static struct list_head *pcpu_slot __read_mostly; /* chunk list slots */
+
++/* chunks which need their map areas extended, protected by pcpu_lock */
++static LIST_HEAD(pcpu_map_extend_chunks);
++
+ /*
+ * The number of empty populated pages, protected by pcpu_lock. The
+ * reserved chunk doesn't contribute to the count.
+@@ -393,13 +396,19 @@ static int pcpu_need_to_extend(struct pcpu_chunk *chunk, bool is_atomic)
+ {
+ int margin, new_alloc;
+
++ lockdep_assert_held(&pcpu_lock);
++
+ if (is_atomic) {
+ margin = 3;
+
+ if (chunk->map_alloc <
+- chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW &&
+- pcpu_async_enabled)
+- schedule_work(&chunk->map_extend_work);
++ chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW) {
++ if (list_empty(&chunk->map_extend_list)) {
++ list_add_tail(&chunk->map_extend_list,
++ &pcpu_map_extend_chunks);
++ pcpu_schedule_balance_work();
++ }
++ }
+ } else {
+ margin = PCPU_ATOMIC_MAP_MARGIN_HIGH;
+ }
+@@ -433,6 +442,8 @@ static int pcpu_extend_area_map(struct pcpu_chunk *chunk, int new_alloc)
+ size_t old_size = 0, new_size = new_alloc * sizeof(new[0]);
+ unsigned long flags;
+
++ lockdep_assert_held(&pcpu_alloc_mutex);
++
+ new = pcpu_mem_zalloc(new_size);
+ if (!new)
+ return -ENOMEM;
+@@ -465,20 +476,6 @@ out_unlock:
+ return 0;
+ }
+
+-static void pcpu_map_extend_workfn(struct work_struct *work)
+-{
+- struct pcpu_chunk *chunk = container_of(work, struct pcpu_chunk,
+- map_extend_work);
+- int new_alloc;
+-
+- spin_lock_irq(&pcpu_lock);
+- new_alloc = pcpu_need_to_extend(chunk, false);
+- spin_unlock_irq(&pcpu_lock);
+-
+- if (new_alloc)
+- pcpu_extend_area_map(chunk, new_alloc);
+-}
+-
+ /**
+ * pcpu_fit_in_area - try to fit the requested allocation in a candidate area
+ * @chunk: chunk the candidate area belongs to
+@@ -738,7 +735,7 @@ static struct pcpu_chunk *pcpu_alloc_chunk(void)
+ chunk->map_used = 1;
+
+ INIT_LIST_HEAD(&chunk->list);
+- INIT_WORK(&chunk->map_extend_work, pcpu_map_extend_workfn);
++ INIT_LIST_HEAD(&chunk->map_extend_list);
+ chunk->free_size = pcpu_unit_size;
+ chunk->contig_hint = pcpu_unit_size;
+
+@@ -893,6 +890,9 @@ static void __percpu *pcpu_alloc(size_t size, size_t align, bool reserved,
+ return NULL;
+ }
+
++ if (!is_atomic)
++ mutex_lock(&pcpu_alloc_mutex);
++
+ spin_lock_irqsave(&pcpu_lock, flags);
+
+ /* serve reserved allocations from the reserved chunk if available */
+@@ -965,12 +965,9 @@ restart:
+ if (is_atomic)
+ goto fail;
+
+- mutex_lock(&pcpu_alloc_mutex);
+-
+ if (list_empty(&pcpu_slot[pcpu_nr_slots - 1])) {
+ chunk = pcpu_create_chunk();
+ if (!chunk) {
+- mutex_unlock(&pcpu_alloc_mutex);
+ err = "failed to allocate new chunk";
+ goto fail;
+ }
+@@ -981,7 +978,6 @@ restart:
+ spin_lock_irqsave(&pcpu_lock, flags);
+ }
+
+- mutex_unlock(&pcpu_alloc_mutex);
+ goto restart;
+
+ area_found:
+@@ -991,8 +987,6 @@ area_found:
+ if (!is_atomic) {
+ int page_start, page_end, rs, re;
+
+- mutex_lock(&pcpu_alloc_mutex);
+-
+ page_start = PFN_DOWN(off);
+ page_end = PFN_UP(off + size);
+
+@@ -1003,7 +997,6 @@ area_found:
+
+ spin_lock_irqsave(&pcpu_lock, flags);
+ if (ret) {
+- mutex_unlock(&pcpu_alloc_mutex);
+ pcpu_free_area(chunk, off, &occ_pages);
+ err = "failed to populate";
+ goto fail_unlock;
+@@ -1043,6 +1036,8 @@ fail:
+ /* see the flag handling in pcpu_blance_workfn() */
+ pcpu_atomic_alloc_failed = true;
+ pcpu_schedule_balance_work();
++ } else {
++ mutex_unlock(&pcpu_alloc_mutex);
+ }
+ return NULL;
+ }
+@@ -1127,6 +1122,7 @@ static void pcpu_balance_workfn(struct work_struct *work)
+ if (chunk == list_first_entry(free_head, struct pcpu_chunk, list))
+ continue;
+
++ list_del_init(&chunk->map_extend_list);
+ list_move(&chunk->list, &to_free);
+ }
+
+@@ -1144,6 +1140,25 @@ static void pcpu_balance_workfn(struct work_struct *work)
+ pcpu_destroy_chunk(chunk);
+ }
+
++ /* service chunks which requested async area map extension */
++ do {
++ int new_alloc = 0;
++
++ spin_lock_irq(&pcpu_lock);
++
++ chunk = list_first_entry_or_null(&pcpu_map_extend_chunks,
++ struct pcpu_chunk, map_extend_list);
++ if (chunk) {
++ list_del_init(&chunk->map_extend_list);
++ new_alloc = pcpu_need_to_extend(chunk, false);
++ }
++
++ spin_unlock_irq(&pcpu_lock);
++
++ if (new_alloc)
++ pcpu_extend_area_map(chunk, new_alloc);
++ } while (chunk);
++
+ /*
+ * Ensure there are certain number of free populated pages for
+ * atomic allocs. Fill up from the most packed so that atomic
+@@ -1642,7 +1657,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
+ */
+ schunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
+ INIT_LIST_HEAD(&schunk->list);
+- INIT_WORK(&schunk->map_extend_work, pcpu_map_extend_workfn);
++ INIT_LIST_HEAD(&schunk->map_extend_list);
+ schunk->base_addr = base_addr;
+ schunk->map = smap;
+ schunk->map_alloc = ARRAY_SIZE(smap);
+@@ -1671,7 +1686,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
+ if (dyn_size) {
+ dchunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
+ INIT_LIST_HEAD(&dchunk->list);
+- INIT_WORK(&dchunk->map_extend_work, pcpu_map_extend_workfn);
++ INIT_LIST_HEAD(&dchunk->map_extend_list);
+ dchunk->base_addr = base_addr;
+ dchunk->map = dmap;
+ dchunk->map_alloc = ARRAY_SIZE(dmap);
diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
index 5d453e5..4043093 100644
--- a/mm/process_vm_access.c
@@ -148966,7 +149555,7 @@ index 440e2a7..9091191 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 621fbcb..272a1f3 100644
+index 621fbcb..9bf872e 100644
--- a/mm/slab.c
+++ b/mm/slab.c
@@ -116,6 +116,7 @@
@@ -149039,7 +149628,16 @@ index 621fbcb..272a1f3 100644
/*
* Adjust the object sizes so that we clear
-@@ -3367,6 +3372,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+@@ -2123,6 +2128,8 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
+ BUG_ON(flags & SLAB_POISON);
+ #endif
+
++ flags = pax_sanitize_slab_flags(flags);
++
+ /*
+ * Check that size is in terms of words. This is needed to avoid
+ * unaligned accesses for some archs when redzoning is used, and makes
+@@ -3367,6 +3374,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
struct array_cache *ac = cpu_cache_get(cachep);
check_irq_off();
@@ -149060,7 +149658,7 @@ index 621fbcb..272a1f3 100644
kmemleak_free_recursive(objp, cachep->flags);
objp = cache_free_debugcheck(cachep, objp, caller);
-@@ -3492,7 +3511,7 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
+@@ -3492,7 +3513,7 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
return kmem_cache_alloc_node_trace(cachep, flags, node, size);
}
@@ -149069,7 +149667,7 @@ index 621fbcb..272a1f3 100644
{
return __do_kmalloc_node(size, flags, node, _RET_IP_);
}
-@@ -3512,7 +3531,7 @@ EXPORT_SYMBOL(__kmalloc_node_track_caller);
+@@ -3512,7 +3533,7 @@ EXPORT_SYMBOL(__kmalloc_node_track_caller);
* @flags: the type of memory to allocate (see kmalloc).
* @caller: function caller for debug tracking of the caller
*/
@@ -149078,7 +149676,7 @@ index 621fbcb..272a1f3 100644
unsigned long caller)
{
struct kmem_cache *cachep;
-@@ -3585,6 +3604,7 @@ void kfree(const void *objp)
+@@ -3585,6 +3606,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
@@ -149086,7 +149684,7 @@ index 621fbcb..272a1f3 100644
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4004,14 +4024,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4004,14 +4026,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
}
/* cpu stats */
{
@@ -149113,7 +149711,7 @@ index 621fbcb..272a1f3 100644
#endif
}
-@@ -4219,13 +4247,80 @@ static const struct file_operations proc_slabstats_operations = {
+@@ -4219,13 +4249,80 @@ static const struct file_operations proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -149196,7 +149794,7 @@ index 621fbcb..272a1f3 100644
* ksize - get the actual amount of memory allocated for a given object
* @objp: Pointer to the object
diff --git a/mm/slab.h b/mm/slab.h
-index 2eedace..cd94091 100644
+index 2eedace..7de6f9b 100644
--- a/mm/slab.h
+++ b/mm/slab.h
@@ -22,7 +22,7 @@ struct kmem_cache {
@@ -149208,7 +149806,7 @@ index 2eedace..cd94091 100644
void (*ctor)(void *); /* Called on object slot creation */
struct list_head list; /* List of all slab caches on the system */
};
-@@ -66,6 +66,20 @@ extern struct list_head slab_caches;
+@@ -66,6 +66,35 @@ extern struct list_head slab_caches;
/* The slab cache that manages slab cache information */
extern struct kmem_cache *kmem_cache;
@@ -149223,13 +149821,28 @@ index 2eedace..cd94091 100644
+ PAX_SANITIZE_SLAB_FAST,
+ PAX_SANITIZE_SLAB_FULL,
+};
++
+extern enum pax_sanitize_mode pax_sanitize_slab;
++
++static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
++{
++ if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
++ flags |= SLAB_NO_SANITIZE;
++ else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
++ flags &= ~SLAB_NO_SANITIZE;
++ return flags;
++}
++#else
++static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
++{
++ return flags;
++}
+#endif
+
unsigned long calculate_alignment(unsigned long flags,
unsigned long align, unsigned long size);
-@@ -115,7 +129,8 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
+@@ -115,7 +144,8 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
/* Legal flag mask for kmem_cache_create(), for various configurations */
#define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
@@ -149239,7 +149852,7 @@ index 2eedace..cd94091 100644
#if defined(CONFIG_DEBUG_SLAB)
#define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
-@@ -311,6 +326,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -311,6 +341,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
return s;
page = virt_to_head_page(x);
@@ -149250,7 +149863,7 @@ index 2eedace..cd94091 100644
if (slab_equal_or_root(cachep, s))
return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index 065b7bd..3c2c410 100644
+index 065b7bd..185af36 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
@@ -25,11 +25,35 @@
@@ -149317,21 +149930,7 @@ index 065b7bd..3c2c410 100644
list_add(&s->list, &slab_caches);
out:
if (err)
-@@ -408,6 +432,13 @@ kmem_cache_create(const char *name, size_t size, size_t align,
- */
- flags &= CACHE_CREATE_MASK;
-
-+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
-+ flags |= SLAB_NO_SANITIZE;
-+ else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
-+ flags &= ~SLAB_NO_SANITIZE;
-+#endif
-+
- s = __kmem_cache_alias(name, size, align, flags, ctor);
- if (s)
- goto out_unlock;
-@@ -469,7 +500,7 @@ static void release_caches(struct list_head *release, bool need_rcu_barrier)
+@@ -469,7 +493,7 @@ static void release_caches(struct list_head *release, bool need_rcu_barrier)
rcu_barrier();
list_for_each_entry_safe(s, s2, release, list) {
@@ -149340,7 +149939,7 @@ index 065b7bd..3c2c410 100644
sysfs_slab_remove(s);
#else
slab_kmem_cache_release(s);
-@@ -713,8 +744,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -713,8 +737,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
mutex_lock(&slab_mutex);
@@ -149350,7 +149949,7 @@ index 065b7bd..3c2c410 100644
goto out_unlock;
err = shutdown_memcg_caches(s, &release, &need_rcu_barrier);
-@@ -780,7 +810,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+@@ -780,7 +803,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
name, size, err);
@@ -149359,7 +149958,7 @@ index 065b7bd..3c2c410 100644
}
struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
-@@ -793,7 +823,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -793,7 +816,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
create_boot_cache(s, name, size, flags);
list_add(&s->list, &slab_caches);
@@ -149368,7 +149967,7 @@ index 065b7bd..3c2c410 100644
return s;
}
-@@ -805,6 +835,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+@@ -805,6 +828,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
EXPORT_SYMBOL(kmalloc_dma_caches);
#endif
@@ -149380,7 +149979,7 @@ index 065b7bd..3c2c410 100644
/*
* Conversion table for small slabs sizes / 8 to the index in the
* kmalloc array. This is necessary for slabs < 192 since we have non power
-@@ -869,6 +904,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+@@ -869,6 +897,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
return kmalloc_dma_caches[index];
#endif
@@ -149394,7 +149993,7 @@ index 065b7bd..3c2c410 100644
return kmalloc_caches[index];
}
-@@ -961,7 +1003,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -961,7 +996,7 @@ void __init create_kmalloc_caches(unsigned long flags)
for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
if (!kmalloc_caches[i])
@@ -149403,7 +150002,7 @@ index 065b7bd..3c2c410 100644
/*
* Caches that are not of the two-to-the-power-of size.
-@@ -969,9 +1011,9 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -969,9 +1004,9 @@ void __init create_kmalloc_caches(unsigned long flags)
* earlier power of two caches
*/
if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
@@ -149415,7 +150014,7 @@ index 065b7bd..3c2c410 100644
}
/* Kmalloc array is now usable */
-@@ -992,6 +1034,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -992,6 +1027,23 @@ void __init create_kmalloc_caches(unsigned long flags)
}
}
#endif
@@ -149439,7 +150038,7 @@ index 065b7bd..3c2c410 100644
}
#endif /* !CONFIG_SLOB */
-@@ -1051,6 +1110,9 @@ static void print_slabinfo_header(struct seq_file *m)
+@@ -1051,6 +1103,9 @@ static void print_slabinfo_header(struct seq_file *m)
seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
"<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
@@ -149449,7 +150048,7 @@ index 065b7bd..3c2c410 100644
#endif
seq_putc(m, '\n');
}
-@@ -1180,7 +1242,7 @@ static int __init slab_proc_init(void)
+@@ -1180,7 +1235,7 @@ static int __init slab_proc_init(void)
module_init(slab_proc_init);
#endif /* CONFIG_SLABINFO */
@@ -149459,7 +150058,7 @@ index 065b7bd..3c2c410 100644
{
void *ret;
diff --git a/mm/slob.c b/mm/slob.c
-index 5ec1580..017a002 100644
+index 5ec1580..93f3beb 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -67,6 +67,7 @@
@@ -149641,7 +150240,7 @@ index 5ec1580..017a002 100644
{
return __do_kmalloc_node(size, gfp, NUMA_NO_NODE, _RET_IP_);
}
-@@ -491,34 +516,123 @@ void kfree(const void *block)
+@@ -491,39 +516,130 @@ void kfree(const void *block)
return;
kmemleak_free(block);
@@ -149774,7 +150373,14 @@ index 5ec1580..017a002 100644
}
EXPORT_SYMBOL(ksize);
-@@ -534,23 +648,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+ {
++ flags = pax_sanitize_slab_flags(flags);
++
+ if (flags & SLAB_DESTROY_BY_RCU) {
+ /* leave room for rcu footer at the end of object */
+ c->size += sizeof(struct slob_rcu);
+@@ -534,23 +650,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
static void *slob_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
{
@@ -149810,7 +150416,7 @@ index 5ec1580..017a002 100644
if (b && c->ctor)
c->ctor(b);
-@@ -566,7 +690,7 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
+@@ -566,7 +692,7 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
EXPORT_SYMBOL(kmem_cache_alloc);
#ifdef CONFIG_NUMA
@@ -149819,7 +150425,7 @@ index 5ec1580..017a002 100644
{
return __do_kmalloc_node(size, gfp, node, _RET_IP_);
}
-@@ -579,12 +703,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
+@@ -579,12 +705,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
EXPORT_SYMBOL(kmem_cache_alloc_node);
#endif
@@ -149840,7 +150446,7 @@ index 5ec1580..017a002 100644
}
static void kmem_rcu_free(struct rcu_head *head)
-@@ -592,22 +720,36 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -592,22 +722,36 @@ static void kmem_rcu_free(struct rcu_head *head)
struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
@@ -149882,7 +150488,7 @@ index 5ec1580..017a002 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 2a722e1..1e5e2f8 100644
+index 2a722e1..af44068 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -34,6 +34,7 @@
@@ -149911,16 +150517,17 @@ index 2a722e1..1e5e2f8 100644
s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
#ifdef CONFIG_STACKTRACE
{
-@@ -2767,6 +2768,21 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
+@@ -2767,6 +2768,22 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
slab_free_freelist_hook(s, head, tail);
+#ifdef CONFIG_PAX_MEMORY_SANITIZE
+ if (!(s->flags & SLAB_NO_SANITIZE)) {
++ int offset = s->offset ? 0 : sizeof(void *);
+ void *x = head;
+
+ while (1) {
-+ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
++ memset(x + offset, PAX_MEMORY_SANITIZE_VALUE, s->object_size - offset);
+ if (s->ctor)
+ s->ctor(x);
+ if (x == tail_obj)
@@ -149933,17 +150540,7 @@ index 2a722e1..1e5e2f8 100644
redo:
/*
* Determine the currently cpus per cpu slab.
-@@ -3264,6 +3280,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
- s->inuse = size;
-
- if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
-+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+ (!(flags & SLAB_NO_SANITIZE)) ||
-+#endif
- s->ctor)) {
- /*
- * Relocate free pointer after the object if it is not
-@@ -3514,7 +3533,7 @@ static int __init setup_slub_min_objects(char *str)
+@@ -3514,7 +3531,7 @@ static int __init setup_slub_min_objects(char *str)
__setup("slub_min_objects=", setup_slub_min_objects);
@@ -149952,7 +150549,7 @@ index 2a722e1..1e5e2f8 100644
{
struct kmem_cache *s;
void *ret;
-@@ -3552,7 +3571,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
+@@ -3552,7 +3569,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
return ptr;
}
@@ -149961,7 +150558,7 @@ index 2a722e1..1e5e2f8 100644
{
struct kmem_cache *s;
void *ret;
-@@ -3600,6 +3619,70 @@ static size_t __ksize(const void *object)
+@@ -3600,6 +3617,70 @@ static size_t __ksize(const void *object)
return slab_ksize(page->slab_cache);
}
@@ -150032,7 +150629,7 @@ index 2a722e1..1e5e2f8 100644
size_t ksize(const void *object)
{
size_t size = __ksize(object);
-@@ -3620,6 +3703,7 @@ void kfree(const void *x)
+@@ -3620,6 +3701,7 @@ void kfree(const void *x)
if (unlikely(ZERO_OR_NULL_PTR(x)))
return;
@@ -150040,7 +150637,7 @@ index 2a722e1..1e5e2f8 100644
page = virt_to_head_page(x);
if (unlikely(!PageSlab(page))) {
BUG_ON(!PageCompound(page));
-@@ -3937,7 +4021,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -3937,7 +4019,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
s = find_mergeable(size, align, flags, name, ctor);
if (s) {
@@ -150049,7 +150646,7 @@ index 2a722e1..1e5e2f8 100644
/*
* Adjust the object sizes so that we clear
-@@ -3953,7 +4037,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -3953,7 +4035,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
}
if (sysfs_slab_alias(s, name)) {
@@ -150058,6 +150655,15 @@ index 2a722e1..1e5e2f8 100644
s = NULL;
}
}
+@@ -3965,6 +4047,8 @@ int __kmem_cache_create(struct kmem_cache *s, unsigned long flags)
+ {
+ int err;
+
++ flags = pax_sanitize_slab_flags(flags);
++
+ err = kmem_cache_open(s, flags);
+ if (err)
+ return err;
@@ -4070,7 +4154,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
@@ -165468,12 +166074,13 @@ index 0000000..e31e92f
+}
diff --git a/scripts/gcc-plugins/latent_entropy_plugin.c b/scripts/gcc-plugins/latent_entropy_plugin.c
new file mode 100644
-index 0000000..f08a221
+index 0000000..be3978c
--- /dev/null
+++ b/scripts/gcc-plugins/latent_entropy_plugin.c
-@@ -0,0 +1,438 @@
+@@ -0,0 +1,613 @@
+/*
+ * Copyright 2012-2016 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2016 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2
+ *
+ * Note: the choice of the license means that the compilation process is
@@ -165481,32 +166088,89 @@ index 0000000..f08a221
+ * but for the kernel it doesn't matter since it doesn't link against
+ * any of the gcc libraries
+ *
-+ * gcc plugin to help generate a little bit of entropy from program state,
-+ * used throughout the uptime of the kernel
++ * This gcc plugin helps generate a little bit of entropy from program state,
++ * used throughout the uptime of the kernel. Here is an instrumentation example:
++ *
++ * before:
++ * void __latent_entropy test(int argc, char *argv[])
++ * {
++ * printf("%u %s\n", argc, *argv);
++ * }
++ *
++ * after:
++ * void __latent_entropy test(int argc, char *argv[])
++ * {
++ * // latent_entropy_execute() 1.
++ * unsigned long local_entropy;
++ * // init_local_entropy() 1.
++ * void *local_entropy_frame_addr;
++ * // init_local_entropy() 3.
++ * unsigned long temp_latent_entropy;
++ *
++ * // init_local_entropy() 2.
++ * local_entropy_frame_addr = __builtin_frame_address(0);
++ * local_entropy = (unsigned long) local_entropy_frame_addr;
++ *
++ * // init_local_entropy() 4.
++ * temp_latent_entropy = latent_entropy;
++ * // init_local_entropy() 5.
++ * local_entropy ^= temp_latent_entropy;
++ *
++ * // latent_entropy_execute() 3.
++ * local_entropy += 4623067384293424948;
++ *
++ * printf("%u %s\n", argc, *argv);
++ *
++ * // latent_entropy_execute() 4.
++ * temp_latent_entropy = rol(temp_latent_entropy, local_entropy);
++ * latent_entropy = temp_latent_entropy;
++ * }
++ *
++ * It would look like this in C:
++ *
++ * unsigned long local_entropy = latent_entropy;
++ * local_entropy ^= 1234567890;
++ * local_entropy ^= (unsigned long)__builtin_frame_address(0);
++ * local_entropy += 9876543210;
++ * latent_entropy = rol(local_entropy, 6);
+ *
+ * TODO:
+ * - add ipa pass to identify not explicitly marked candidate functions
-+ * - mix in more program state (function arguments/return values, loop variables, etc)
++ * - mix in more program state (function arguments/return values,
++ * loop variables, etc)
+ * - more instrumentation control via attribute parameters
+ *
+ * BUGS:
+ * - none known
++ *
++ * Options:
++ * -fplugin-arg-latent_entropy_plugin-disable
++ *
++ * Attribute: __attribute__((latent_entropy))
++ * The latent_entropy gcc attribute can be only on functions and variables.
++ * If it is on a function then the plugin will instrument it. If the attribute
++ * is on a variable then the plugin will initialize it with a random value.
++ * The variable must be an integer, an integer array type or a structure
++ * with integer fields.
+ */
+
+#include "gcc-common.h"
+
+int plugin_is_GPL_compatible;
+
-+static bool enabled = true;
-+
+static GTY(()) tree latent_entropy_decl;
+
+static struct plugin_info latent_entropy_plugin_info = {
-+ .version = "201605212030",
++ .version = "201606141920",
+ .help = "disable\tturn off latent entropy instrumentation\n",
+};
+
+static unsigned HOST_WIDE_INT seed;
++/*
++ * get_random_seed() (this is a GCC function) generates the seed.
++ * This is a simple random generator without any cryptographic security because
++ * the entropy doesn't come from here.
++ */
+static unsigned HOST_WIDE_INT get_random_const(void)
+{
+ unsigned int i;
@@ -165522,10 +166186,21 @@ index 0000000..f08a221
+ return ret;
+}
+
-+static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
++static tree tree_get_random_const(tree type)
+{
-+ tree type;
+ unsigned long long mask;
++
++ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
++ mask = 2 * (mask - 1) + 1;
++
++ if (TYPE_UNSIGNED(type))
++ return build_int_cstu(type, mask & get_random_const());
++ return build_int_cst(type, mask & get_random_const());
++}
++
++static tree handle_latent_entropy_attribute(tree *node, tree name, tree args __unused, int flags __unused, bool *no_add_attrs)
++{
++ tree type;
+#if BUILDING_GCC_VERSION <= 4007
+ VEC(constructor_elt, gc) *vals;
+#else
@@ -165555,8 +166230,9 @@ index 0000000..f08a221
+ switch (TREE_CODE(type)) {
+ default:
+ *no_add_attrs = true;
-+ error("variable %qD with %qE attribute must be an integer or a fixed length integer array type"
-+ "or a fixed sized structure with integer fields", *node, name);
++ error("variable %qD with %qE attribute must be an integer"
++ " or a fixed length integer array type"
++ " or a fixed sized structure with integer fields", *node, name);
+ break;
+
+ case RECORD_TYPE: {
@@ -165567,11 +166243,13 @@ index 0000000..f08a221
+ tree fieldtype;
+
+ fieldtype = TREE_TYPE(field);
-+ if (TREE_CODE(fieldtype) != INTEGER_TYPE) {
-+ *no_add_attrs = true;
-+ error("structure variable %qD with %qE attribute has a non-integer field %qE", *node, name, field);
-+ break;
-+ }
++ if (TREE_CODE(fieldtype) == INTEGER_TYPE)
++ continue;
++
++ *no_add_attrs = true;
++ error("structure variable %qD with %qE attribute has"
++ " a non-integer field %qE", *node, name, field);
++ break;
+ }
+
+ if (field)
@@ -165584,31 +166262,21 @@ index 0000000..f08a221
+#endif
+
+ for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
-+ tree fieldtype;
-+
-+ fieldtype = TREE_TYPE(field);
-+ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(fieldtype)) - 1);
-+ mask = 2 * (mask - 1) + 1;
++ tree random_const;
+
-+ if (TYPE_UNSIGNED(fieldtype))
-+ CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cstu(fieldtype, mask & get_random_const()));
-+ else
-+ CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cst(fieldtype, mask & get_random_const()));
++ random_const = tree_get_random_const(TREE_TYPE(field));
++ CONSTRUCTOR_APPEND_ELT(vals, field, random_const);
+ }
+
++ /* Initialize the fields with random constants */
+ DECL_INITIAL(*node) = build_constructor(type, vals);
+//debug_tree(DECL_INITIAL(*node));
+ break;
+ }
+
++ /* Initialize the variable with a random constant */
+ case INTEGER_TYPE:
-+ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
-+ mask = 2 * (mask - 1) + 1;
-+
-+ if (TYPE_UNSIGNED(type))
-+ DECL_INITIAL(*node) = build_int_cstu(type, mask & get_random_const());
-+ else
-+ DECL_INITIAL(*node) = build_int_cst(type, mask & get_random_const());
++ DECL_INITIAL(*node) = tree_get_random_const(type);
+ break;
+
+ case ARRAY_TYPE: {
@@ -165621,7 +166289,8 @@ index 0000000..f08a221
+
+ if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
+ *no_add_attrs = true;
-+ error("array variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++ error("array variable %qD with %qE attribute must be"
++ " a fixed length integer array type", *node, name);
+ break;
+ }
+
@@ -165632,15 +166301,13 @@ index 0000000..f08a221
+ vec_alloc(vals, nelt);
+#endif
+
-+ mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1);
-+ mask = 2 * (mask - 1) + 1;
++ for (i = 0; i < nelt; i++) {
++ tree random_const = tree_get_random_const(elt_type);
+
-+ for (i = 0; i < nelt; i++)
-+ if (TYPE_UNSIGNED(elt_type))
-+ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const()));
-+ else
-+ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const()));
++ CONSTRUCTOR_APPEND_ELT(vals, size_int(i), random_const);
++ }
+
++ /* Initialize the elements of the array with random constants */
+ DECL_INITIAL(*node) = build_constructor(type, vals);
+//debug_tree(DECL_INITIAL(*node));
+ break;
@@ -165668,7 +166335,7 @@ index 0000000..f08a221
+#endif
+};
+
-+static void register_attributes(void *event_data, void *data)
++static void register_attributes(void *event_data __unused, void *data __unused)
+{
+ register_attribute(&latent_entropy_attr);
+}
@@ -165686,6 +166353,28 @@ index 0000000..f08a221
+ return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
+}
+
++static tree create_a_tmp_var(tree type, const char *name)
++{
++ tree var;
++
++ var = create_tmp_var(type, name);
++ add_referenced_var(var);
++ mark_sym_for_renaming(var);
++ return var;
++}
++
++/*
++ * Set up the next operation and its constant operand to use in the latent
++ * entropy PRNG. When RHS is specified, the request is for perturbing the
++ * local latent entropy variable, otherwise it is for perturbing the global
++ * latent entropy variable where the two operands are already given by the
++ * local and global latent entropy variables themselves.
++ *
++ * The operation is one of add/xor/rol when instrumenting the local entropy
++ * variable and one of add/xor when perturbing the global entropy variable.
++ * Rotation is not used for the latter case because it would transmit less
++ * entropy to the global variable than the other two operations.
++ */
+static enum tree_code get_op(tree *rhs)
+{
+ static enum tree_code op;
@@ -165701,6 +166390,10 @@ index 0000000..f08a221
+ case PLUS_EXPR:
+ if (rhs) {
+ op = LROTATE_EXPR;
++ /*
++ * This code limits the value of random_const to
++ * the size of a wide int for the rotation
++ */
+ random_const &= HOST_BITS_PER_WIDE_INT - 1;
+ break;
+ }
@@ -165719,85 +166412,174 @@ index 0000000..f08a221
+{
+ gimple_stmt_iterator gsi;
+ gimple assign;
-+ tree addxorrol, rhs;
++ tree rhs;
+ enum tree_code op;
+
+ op = get_op(&rhs);
-+ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs);
-+ assign = gimple_build_assign(local_entropy, addxorrol);
++ assign = gimple_build_assign_with_ops(op, local_entropy, local_entropy, rhs);
+ gsi = gsi_after_labels(bb);
+ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
+ update_stmt(assign);
+//debug_bb(bb);
+}
+
-+static void perturb_latent_entropy(basic_block bb, tree rhs)
++static void __perturb_latent_entropy(gimple_stmt_iterator *gsi, tree local_entropy)
+{
-+ gimple_stmt_iterator gsi;
+ gimple assign;
-+ tree addxorrol, temp;
++ tree temp;
++ enum tree_code op;
+
+ /* 1. create temporary copy of latent_entropy */
-+ temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
-+ add_referenced_var(temp);
++ temp = create_a_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
+
+ /* 2. read... */
-+ temp = make_ssa_name(temp, NULL);
-+ assign = gimple_build_assign(temp, latent_entropy_decl);
-+ SSA_NAME_DEF_STMT(temp) = assign;
+ add_referenced_var(latent_entropy_decl);
-+ gsi = gsi_after_labels(bb);
-+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++ mark_sym_for_renaming(latent_entropy_decl);
++ assign = gimple_build_assign(temp, latent_entropy_decl);
++ gsi_insert_before(gsi, assign, GSI_NEW_STMT);
+ update_stmt(assign);
+
+ /* 3. ...modify... */
-+ addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs);
-+ temp = make_ssa_name(SSA_NAME_VAR(temp), NULL);
-+ assign = gimple_build_assign(temp, addxorrol);
-+ SSA_NAME_DEF_STMT(temp) = assign;
-+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++ op = get_op(NULL);
++ assign = gimple_build_assign_with_ops(op, temp, temp, local_entropy);
++ gsi_insert_after(gsi, assign, GSI_NEW_STMT);
+ update_stmt(assign);
+
+ /* 4. ...write latent_entropy */
+ assign = gimple_build_assign(latent_entropy_decl, temp);
++ gsi_insert_after(gsi, assign, GSI_NEW_STMT);
++ update_stmt(assign);
++}
++
++static bool handle_tail_calls(basic_block bb, tree local_entropy)
++{
++ gimple_stmt_iterator gsi;
++
++ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++ gcall *call;
++ gimple stmt = gsi_stmt(gsi);
++
++ if (!is_gimple_call(stmt))
++ continue;
++
++ call = as_a_gcall(stmt);
++ if (!gimple_call_tail_p(call))
++ continue;
++
++ __perturb_latent_entropy(&gsi, local_entropy);
++ return true;
++ }
++
++ return false;
++}
++
++static void perturb_latent_entropy(tree local_entropy)
++{
++ edge_iterator ei;
++ edge e, last_bb_e;
++ basic_block last_bb;
++
++ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++ last_bb_e = single_pred_edge(EXIT_BLOCK_PTR_FOR_FN(cfun));
++
++ FOR_EACH_EDGE(e, ei, last_bb_e->src->preds) {
++ if (ENTRY_BLOCK_PTR_FOR_FN(cfun) == e->src)
++ continue;
++ if (EXIT_BLOCK_PTR_FOR_FN(cfun) == e->src)
++ continue;
++
++ handle_tail_calls(e->src, local_entropy);
++ }
++
++ last_bb = single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun));
++ if (!handle_tail_calls(last_bb, local_entropy)) {
++ gimple_stmt_iterator gsi = gsi_last_bb(last_bb);
++
++ __perturb_latent_entropy(&gsi, local_entropy);
++ }
++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++}
++
++static void init_local_entropy(basic_block bb, tree local_entropy)
++{
++ gimple assign, call;
++ tree frame_addr, rand_const, temp, fndecl, udi_frame_addr;
++ enum tree_code op;
++ gimple_stmt_iterator gsi = gsi_after_labels(bb);
++
++ /* 1. create local_entropy_frame_addr */
++ frame_addr = create_a_tmp_var(ptr_type_node, "local_entropy_frame_addr");
++
++ /* 2. local_entropy_frame_addr = __builtin_frame_address() */
++ fndecl = builtin_decl_implicit(BUILT_IN_FRAME_ADDRESS);
++ call = gimple_build_call(fndecl, 1, integer_zero_node);
++ gimple_call_set_lhs(call, frame_addr);
++ gsi_insert_before(&gsi, call, GSI_NEW_STMT);
++ update_stmt(call);
++
++ udi_frame_addr = fold_convert(unsigned_intDI_type_node, frame_addr);
++ assign = gimple_build_assign(local_entropy, udi_frame_addr);
++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++ update_stmt(assign);
++
++ /* 3. create temporary copy of latent_entropy */
++ temp = create_a_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
++
++ /* 4. read the global entropy variable into local entropy */
++ add_referenced_var(latent_entropy_decl);
++ mark_sym_for_renaming(latent_entropy_decl);
++ assign = gimple_build_assign(temp, latent_entropy_decl);
++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++ update_stmt(assign);
++
++ /* 5. mix local_entropy_frame_addr into local entropy */
++ assign = gimple_build_assign_with_ops(BIT_XOR_EXPR, local_entropy, local_entropy, temp);
++ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++ update_stmt(assign);
++
++ rand_const = build_int_cstu(unsigned_intDI_type_node, get_random_const());
++ op = get_op(NULL);
++ assign = gimple_build_assign_with_ops(op, local_entropy, local_entropy, rand_const);
+ gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
+ update_stmt(assign);
++//debug_bb(bb);
++}
++
++static bool create_latent_entropy_decl(void)
++{
++ varpool_node_ptr node;
++
++ if (latent_entropy_decl != NULL_TREE)
++ return true;
++
++ FOR_EACH_VARIABLE(node) {
++ tree var = NODE_DECL(node);
++
++ if (DECL_NAME_LENGTH(var) < sizeof("latent_entropy") - 1)
++ continue;
++ if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy"))
++ continue;
++
++ latent_entropy_decl = var;
++// debug_tree(var);
++ break;
++ }
++
++ return latent_entropy_decl != NULL_TREE;
+}
+
+static unsigned int latent_entropy_execute(void)
+{
+ basic_block bb;
-+ gimple assign;
-+ gimple_stmt_iterator gsi;
+ tree local_entropy;
+
-+ if (!latent_entropy_decl) {
-+ varpool_node_ptr node;
-+
-+ FOR_EACH_VARIABLE(node) {
-+ tree var = NODE_DECL(node);
-+
-+ if (DECL_NAME_LENGTH(var) < sizeof("latent_entropy") - 1)
-+ continue;
-+ if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy"))
-+ continue;
-+ latent_entropy_decl = var;
-+// debug_tree(var);
-+ break;
-+ }
-+ if (!latent_entropy_decl) {
-+// debug_tree(current_function_decl);
-+ return 0;
-+ }
++ if (!create_latent_entropy_decl()) {
++// debug_tree(current_function_decl);
++ return 0;
+ }
+
+//fprintf(stderr, "latent_entropy: %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
+
-+ /* 1. create local entropy variable */
-+ local_entropy = create_tmp_var(unsigned_intDI_type_node, "local_entropy");
-+ add_referenced_var(local_entropy);
-+ mark_sym_for_renaming(local_entropy);
-+
+ /* 2. initialize local entropy variable */
+ gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
+ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
@@ -165807,13 +166589,13 @@ index 0000000..f08a221
+ gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
+ bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
+ }
-+ gsi = gsi_after_labels(bb);
+
-+ assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const()));
-+// gimple_set_location(assign, loc);
-+ gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
-+ update_stmt(assign);
-+//debug_bb(bb);
++ /* 1. create the local entropy variable */
++ local_entropy = create_a_tmp_var(unsigned_intDI_type_node, "local_entropy");
++
++ /* 2. initialize the local entropy variable */
++ init_local_entropy(bb, local_entropy);
++
+ bb = bb->next_bb;
+
+ /* 3. instrument each BB with an operation on the local entropy variable */
@@ -165824,13 +166606,11 @@ index 0000000..f08a221
+ };
+
+ /* 4. mix local entropy into the global entropy variable */
-+ gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
-+ perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy);
-+//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++ perturb_latent_entropy(local_entropy);
+ return 0;
+}
+
-+static void latent_entropy_start_unit(void *gcc_data, void *user_data)
++static void latent_entropy_start_unit(void *gcc_data __unused, void *user_data __unused)
+{
+ tree latent_entropy_type;
+
@@ -165865,6 +166645,7 @@ index 0000000..f08a221
+
+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
+{
++ bool enabled = true;
+ const char * const plugin_name = plugin_info->base_name;
+ const int argc = plugin_info->argc;
+ const struct plugin_argument * const argv = plugin_info->argv;
@@ -168186,10 +168967,10 @@ index 0000000..f74d85a
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
-index 0000000..2a420f3
+index 0000000..e0a04a1
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12444 @@
+@@ -0,0 +1,12445 @@
+disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
+disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
+disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -180634,6 +181415,7 @@ index 0000000..2a420f3
+enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL
+enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL
+enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL
++enable_so_offset_lv_35617 offset lv 0 35617 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh
new file mode 100644
index 0000000..be9724d
@@ -180745,13 +181527,13 @@ index 0000000..be9724d
+exit 0
diff --git a/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
new file mode 100644
-index 0000000..ee987da
+index 0000000..cef2817
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
@@ -0,0 +1,369 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -181120,13 +181902,13 @@ index 0000000..ee987da
+#include "gcc-generate-gimple-pass.h"
diff --git a/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
new file mode 100644
-index 0000000..f29aac6
+index 0000000..c40bc7c
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
@@ -0,0 +1,1166 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182292,13 +183074,13 @@ index 0000000..f29aac6
+}
diff --git a/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
new file mode 100644
-index 0000000..c910983
+index 0000000..5ea5f35
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182772,13 +183554,13 @@ index 0000000..4bd2e7f
+#endif
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
new file mode 100644
-index 0000000..4098952
+index 0000000..00c7430
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182972,10 +183754,10 @@ index 0000000..4098952
+}
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
new file mode 100644
-index 0000000..cbb8a80
+index 0000000..4ed1988
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21645 @@
+@@ -0,0 +1,21644 @@
+enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
+enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
+enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
@@ -194807,7 +195589,6 @@ index 0000000..cbb8a80
+enable_so_blocksize_brcmf_sdio_35612 blocksize brcmf_sdio 0 35612 NULL
+enable_so_sqp_demux_mlx4_caps_35613 sqp_demux mlx4_caps 0 35613 NULL nohasharray
+enable_so_maxcontacts_mt_device_35613 maxcontacts mt_device 0 35613 &enable_so_sqp_demux_mlx4_caps_35613
-+enable_so_offset_lv_35617 offset lv 0 35617 NULL
+enable_so_generic_perform_write_fndecl_35619 generic_perform_write fndecl 0-3 35619 NULL nohasharray
+enable_so_ext4_update_final_de_fndecl_35619 ext4_update_final_de fndecl 2-3 35619 &enable_so_generic_perform_write_fndecl_35619 nohasharray
+enable_so_count_fm10k_ring_35619 count fm10k_ring 0 35619 &enable_so_ext4_update_final_de_fndecl_35619
@@ -204623,13 +205404,14 @@ index 0000000..cbb8a80
+enable_so_connector_write_fndecl_65534 connector_write fndecl 3 65534 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
new file mode 100644
-index 0000000..17bc0d8
+index 0000000..74e91b2
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,97 @@
+enable_so_spa_set_aux_vdevs_fndecl_746 spa_set_aux_vdevs fndecl 3 746 NULL
+enable_so_zfs_lookup_fndecl_2144 zfs_lookup fndecl 0 2144 NULL
+enable_so_mappedread_fndecl_2627 mappedread fndecl 2 2627 NULL
++enable_so_SMACL_Alloc_fndecl_2775 SMACL_Alloc fndecl 1 2775 NULL
+enable_so_vdev_disk_dio_alloc_fndecl_2957 vdev_disk_dio_alloc fndecl 1 2957 NULL
+enable_so_nv_alloc_pushpage_spl_fndecl_4286 nv_alloc_pushpage_spl fndecl 2 4286 NULL
+enable_so_zpl_xattr_get_fndecl_4574 zpl_xattr_get fndecl 0 4574 NULL
@@ -204648,6 +205430,7 @@ index 0000000..17bc0d8
+enable_so_dmu_snapshot_realname_fndecl_14632 dmu_snapshot_realname fndecl 4 14632 NULL
+enable_so_kmem_alloc_debug_fndecl_14852 kmem_alloc_debug fndecl 1 14852 NULL
+enable_so_kmalloc_node_nofail_fndecl_15151 kmalloc_node_nofail fndecl 1 15151 NULL
++enable_so_size_VNet_EventHeader_15382 size VNet_EventHeader 0 15382 NULL
+enable_so_dmu_write_uio_fndecl_16351 dmu_write_uio fndecl 4 16351 NULL
+enable_so_zfs_log_write_fndecl_16524 zfs_log_write fndecl 6-5 16524 NULL
+enable_so_sa_build_layouts_fndecl_16910 sa_build_layouts fndecl 3 16910 NULL
@@ -204676,6 +205459,7 @@ index 0000000..17bc0d8
+enable_so_zfs_replay_fuids_fndecl_31479 zfs_replay_fuids fndecl 4 31479 NULL
+enable_so_spa_history_log_to_phys_fndecl_31632 spa_history_log_to_phys fndecl 0-1 31632 NULL
+enable_so___zpl_xattr_get_fndecl_32601 __zpl_xattr_get fndecl 0 32601 NULL
++enable_so_VNetUserListenerRead_fndecl_34039 VNetUserListenerRead fndecl 4 34039 NULL
+enable_so_proc_copyout_string_fndecl_34049 proc_copyout_string fndecl 2 34049 NULL
+enable_so_nv_alloc_sleep_spl_fndecl_34544 nv_alloc_sleep_spl fndecl 2 34544 NULL
+enable_so_nv_alloc_nosleep_spl_fndecl_34761 nv_alloc_nosleep_spl fndecl 2 34761 NULL
@@ -204709,6 +205493,8 @@ index 0000000..17bc0d8
+enable_so_zfs_log_write_fndecl_50162 zfs_log_write fndecl 6-5 50162 NULL
+enable_so_i_fm_alloc_fndecl_51038 i_fm_alloc fndecl 2 51038 NULL
+enable_so_copyout_fndecl_51409 copyout fndecl 3 51409 NULL
++enable_so_VNetKernel_MemoryAllocate_fndecl_53131 VNetKernel_MemoryAllocate fndecl 1 53131 NULL
++enable_so_VNetUserIfWrite_fndecl_54044 VNetUserIfWrite fndecl 4 54044 NULL
+enable_so_zvol_log_write_fndecl_54898 zvol_log_write fndecl 4-3 54898 NULL
+enable_so_zfs_acl_node_alloc_fndecl_55641 zfs_acl_node_alloc fndecl 1 55641 NULL
+enable_so_get_nvlist_fndecl_56685 get_nvlist fndecl 2 56685 NULL
@@ -204721,13 +205507,13 @@ index 0000000..17bc0d8
+enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
new file mode 100644
-index 0000000..0a679f8
+index 0000000..457ea92
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
@@ -0,0 +1,1163 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -205890,13 +206676,13 @@ index 0000000..0a679f8
+#include "gcc-generate-ipa-pass.h"
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
new file mode 100644
-index 0000000..7f459ed
+index 0000000..b5291e1
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
@@ -0,0 +1,505 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -206401,13 +207187,13 @@ index 0000000..7f459ed
+
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
new file mode 100644
-index 0000000..3f8f032
+index 0000000..be40980
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -206697,13 +207483,13 @@ index 0000000..3f8f032
+}
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
new file mode 100644
-index 0000000..87af656
+index 0000000..f24bbc0
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -207055,13 +207841,13 @@ index 0000000..87af656
+
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
new file mode 100644
-index 0000000..eebcf4c
+index 0000000..1f5768d
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
@@ -0,0 +1,743 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
@@ -207804,13 +208590,13 @@ index 0000000..eebcf4c
+}
diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
new file mode 100644
-index 0000000..062204a
+index 0000000..69e3a85
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
@@ -0,0 +1,1025 @@
+/*
+ * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
+ *
+ * Homepage:
+ * https://github.com/ephox-gcc-plugins/size_overflow
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-21 10:18 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-21 10:18 UTC (permalink / raw
To: gentoo-commits
commit: 4bff175b49380f941e6d1434a6ab0fb250b2e280
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 21 10:21:03 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jun 21 10:21:03 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4bff175b
grsecurity-3.1-4.5.7-201606202152
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606202152.patch} | 23 +++++++++++++++-------
2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 7dd453b..068b4c9 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606142010.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
index b46e7cf..5ac1e8a 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
@@ -115435,7 +115435,7 @@ index ec0e239..ab85b22 100644
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..f172760
+index 0000000..821601d
--- /dev/null
+++ b/grsecurity/Kconfig
@@ -0,0 +1,1205 @@
@@ -115582,14 +115582,14 @@ index 0000000..f172760
+config GRKERNSEC_KSTACKOVERFLOW
+ bool "Prevent kernel stack overflows"
+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on !IA64 && 64BIT
++ depends on X86_64
+ help
+ If you say Y here, the kernel's process stacks will be allocated
+ with vmalloc instead of the kernel's default allocator. This
+ introduces guard pages that in combination with the alloca checking
-+ of the STACKLEAK feature prevents all forms of kernel process stack
-+ overflow abuse. Note that this is different from kernel stack
-+ buffer overflows.
++ of the STACKLEAK feature and removal of thread_info from the kernel
++ stack prevents all forms of kernel process stack overflow abuse.
++ Note that this is different from kernel stack buffer overflows.
+
+config GRKERNSEC_BRUTE
+ bool "Deter exploit bruteforcing"
@@ -156888,7 +156888,7 @@ index f2280f7..c0a006f 100644
struct irlap_cb *self = (struct irlap_cb *) data;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index fc3598a..03a184e 100644
+index fc3598a..03a184e3 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv)
@@ -211999,7 +211999,7 @@ index 5105c2c..a5010e6 100644
extern struct key_type key_type_request_key_auth;
extern struct key *request_key_auth_new(struct key *target,
diff --git a/security/keys/key.c b/security/keys/key.c
-index 09ef276..ab2894f 100644
+index 09ef276..357db79 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
@@ -212011,6 +212011,15 @@ index 09ef276..ab2894f 100644
key->index_key.type = type;
key->user = user;
key->quotalen = quotalen;
+@@ -582,7 +582,7 @@ int key_reject_and_link(struct key *key,
+
+ mutex_unlock(&key_construction_mutex);
+
+- if (keyring)
++ if (keyring && link_ret == 0)
+ __key_link_end(keyring, &key->index_key, edit);
+
+ /* wake up anyone waiting for a key to be constructed */
@@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype)
struct key_type *p;
int ret;
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-27 10:26 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-27 10:26 UTC (permalink / raw
To: gentoo-commits
commit: 8bf1f839085fc6cb7cde16cc44895e8203618936
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 27 10:28:23 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jun 27 10:28:23 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8bf1f839
grsecurity-3.1-4.5.7-201606262019
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606262019.patch} | 1079 +++++++++++++++-----
2 files changed, 848 insertions(+), 233 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 068b4c9..b74a9dd 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
index 5ac1e8a..3d3b9d3 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
@@ -1,3 +1,15 @@
+diff --git a/.gitignore b/.gitignore
+index fd3a355..c47e86a 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -37,6 +37,7 @@ modules.builtin
+ Module.symvers
+ *.dwo
+ *.su
++*.c.[012]*.*
+
+ #
+ # Top-level generic files
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
index 8ea834f..1462492 100644
--- a/Documentation/dontdiff
@@ -408,7 +420,7 @@ index a93b414..f50a50b 100644
A toggle value indicating if modules are allowed to be loaded
diff --git a/Makefile b/Makefile
-index 90e4bd9..44d0d41 100644
+index 90e4bd9..66ce952 100644
--- a/Makefile
+++ b/Makefile
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -422,16 +434,7 @@ index 90e4bd9..44d0d41 100644
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \
-@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE
- export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL
- export KBUILD_ARFLAGS
-
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
-+
- # When compiling out-of-tree modules, put MODVERDIR in the module
- # tree rather than in the kernel tree. The kernel tree might
- # even be read-only.
-@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),)
+@@ -547,7 +549,7 @@ ifeq ($(KBUILD_EXTMOD),)
# in parallel
PHONY += scripts
scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
@@ -440,23 +443,16 @@ index 90e4bd9..44d0d41 100644
$(Q)$(MAKE) $(build)=$(@)
# Objects we will link into vmlinux / subdirs we need to visit
-@@ -622,6 +626,15 @@ endif
+@@ -622,6 +624,8 @@ endif
# Tell gcc to never replace conditional load with a non-conditional one
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0)
-+PHONY += gcc-plugins
-+gcc-plugins: scripts_basic
-+ifdef CONFIG_GCC_PLUGINS
-+ $(Q)$(MAKE) $(build)=scripts/gcc-plugins
-+endif
-+ @:
-+
+include scripts/Makefile.gcc-plugins
+
ifdef CONFIG_READABLE_ASM
# Disable optimizations that make assembler listings hard to read.
# reorder blocks reorders the control in the function
-@@ -715,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
+@@ -715,7 +719,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g)
else
KBUILD_CFLAGS += -g
endif
@@ -465,7 +461,7 @@ index 90e4bd9..44d0d41 100644
endif
ifdef CONFIG_DEBUG_INFO_DWARF4
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,)
-@@ -887,7 +900,7 @@ export mod_sign_cmd
+@@ -887,7 +891,7 @@ export mod_sign_cmd
ifeq ($(KBUILD_EXTMOD),)
@@ -474,7 +470,7 @@ index 90e4bd9..44d0d41 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -990,7 +994,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
archprepare: archheaders archscripts prepare1 scripts_basic
@@ -483,7 +479,7 @@ index 90e4bd9..44d0d41 100644
$(Q)$(MAKE) $(build)=.
# All the preparing..
-@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1185,7 +1189,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.pem signing_key.priv signing_key.x509 \
x509.genkey extra_certificates signing_key.x509.keyid \
@@ -496,7 +492,7 @@ index 90e4bd9..44d0d41 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1224,7 +1241,7 @@ distclean: mrproper
+@@ -1224,7 +1232,7 @@ distclean: mrproper
@find $(srctree) $(RCS_FIND_IGNORE) \
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -505,6 +501,14 @@ index 90e4bd9..44d0d41 100644
-type f -print | xargs rm -f
+@@ -1443,6 +1451,7 @@ clean: $(clean-dirs)
+ -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
+ -o -name '*.symtypes' -o -name 'modules.order' \
+ -o -name modules.builtin -o -name '.tmp_*.o.*' \
++ -o -name '*.c.[012]*.*' \
+ -o -name '*.gcno' \) -type f -print | xargs rm -f
+
+ # Generate tags for editors
diff --git a/arch/Kconfig b/arch/Kconfig
index f6b649d..5ba628b 100644
--- a/arch/Kconfig
@@ -8882,7 +8886,7 @@ index 2c01665..85a54a8 100644
sechdrs, module);
#endif
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 54ed9c7..681162e 100644
+index 54ed9c7..681162e5 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -1185,8 +1185,8 @@ void show_regs(struct pt_regs * regs)
@@ -17956,7 +17960,7 @@ index 0224987..0359810 100644
fprintf(outfile, "const struct vdso_image %s = {\n", name);
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index b8f69e2..2489643 100644
+index b8f69e2..b142158 100644
--- a/arch/x86/entry/vdso/vma.c
+++ b/arch/x86/entry/vdso/vma.c
@@ -20,10 +20,7 @@
@@ -18012,7 +18016,7 @@ index b8f69e2..2489643 100644
up_fail:
if (ret)
- current->mm->context.vdso = NULL;
-+ current->mm->context.vdso = 0;
++ mm->context.vdso = 0;
up_write(&mm->mmap_sem);
return ret;
@@ -21815,14 +21819,14 @@ index 9fb2f2b..8e18c70 100644
#define MODULES_END VMALLOC_END
#define MODULES_LEN (MODULES_VADDR - MODULES_END)
diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
-index 2ee7811..afd76c0 100644
+index 2ee7811..1779bde 100644
--- a/arch/x86/include/asm/pgtable_64.h
+++ b/arch/x86/include/asm/pgtable_64.h
@@ -16,11 +16,17 @@
extern pud_t level3_kernel_pgt[512];
extern pud_t level3_ident_pgt[512];
-+extern pud_t level3_vmalloc_start_pgt[512];
++extern pud_t level3_vmalloc_start_pgt[4][512];
+extern pud_t level3_vmalloc_end_pgt[512];
+extern pud_t level3_vmemmap_pgt[512];
+extern pud_t level2_vmemmap_pgt[512];
@@ -25822,6 +25826,28 @@ index a316ca9..07e219e 100644
ret = intel_cqm_setup_rmid_cache();
if (ret)
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_cstate.c b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+index 75a38b5..36cb0a9 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_cstate.c
++++ b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+@@ -92,14 +92,14 @@
+ #include "perf_event.h"
+
+ #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \
+-static ssize_t __cstate_##_var##_show(struct kobject *kobj, \
+- struct kobj_attribute *attr, \
++static ssize_t __cstate_##_var##_show(struct device *dev, \
++ struct device_attribute *attr, \
+ char *page) \
+ { \
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \
+ return sprintf(page, _format "\n"); \
+ } \
+-static struct kobj_attribute format_attr_##_var = \
++static struct device_attribute format_attr_##_var = \
+ __ATTR(_name, 0444, __cstate_##_var##_show, NULL)
+
+ static ssize_t cstate_get_attr_cpumask(struct device *dev,
diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
index 9551401..649b91c 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
@@ -27568,7 +27594,7 @@ index 6bc9ae2..33997fe 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..f429d4f 100644
+index ffdc0e8..60b5d16 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -27593,12 +27619,15 @@ index ffdc0e8..f429d4f 100644
.text
__HEAD
-@@ -92,11 +100,33 @@ startup_64:
+@@ -92,11 +100,36 @@ startup_64:
* Fixup the physical addresses in the page table
*/
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 8(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 16(%rip)
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 24(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
+ addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
@@ -27629,7 +27658,7 @@ index ffdc0e8..f429d4f 100644
/*
* Set up the identity mapping for the switchover. These
-@@ -180,11 +210,12 @@ ENTRY(secondary_startup_64)
+@@ -180,11 +213,12 @@ ENTRY(secondary_startup_64)
/* Sanitize CPU configuration */
call verify_cpu
@@ -27644,7 +27673,7 @@ index ffdc0e8..f429d4f 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +236,21 @@ ENTRY(secondary_startup_64)
+@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -27667,7 +27696,7 @@ index ffdc0e8..f429d4f 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -288,6 +330,7 @@ ENTRY(secondary_startup_64)
+@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -27675,7 +27704,7 @@ index ffdc0e8..f429d4f 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -321,7 +364,7 @@ ENDPROC(start_cpu0)
+@@ -321,7 +367,7 @@ ENDPROC(start_cpu0)
.quad INIT_PER_CPU_VAR(irq_stack_union)
GLOBAL(stack_start)
@@ -27684,7 +27713,7 @@ index ffdc0e8..f429d4f 100644
.word 0
__FINITDATA
-@@ -401,7 +444,7 @@ early_idt_handler_common:
+@@ -401,7 +447,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -27693,7 +27722,7 @@ index ffdc0e8..f429d4f 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -430,6 +473,7 @@ ENDPROC(early_idt_handler_common)
+@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
@@ -27701,7 +27730,7 @@ index ffdc0e8..f429d4f 100644
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +496,67 @@ GLOBAL(name)
+@@ -452,40 +499,70 @@ GLOBAL(name)
__INITDATA
NEXT_PAGE(early_level4_pgt)
.fill 511,8,0
@@ -27723,7 +27752,10 @@ index ffdc0e8..f429d4f 100644
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMALLOC_START*8, 0
-+ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*0 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*1 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*2 + _KERNPG_TABLE
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*3 + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMALLOC_END*8, 0
+ .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ .org init_level4_pgt + L4_VMEMMAP_START*8, 0
@@ -27750,7 +27782,7 @@ index ffdc0e8..f429d4f 100644
+#endif
+
+NEXT_PAGE(level3_vmalloc_start_pgt)
-+ .fill 512,8,0
++ .fill 4*512,8,0
+
+NEXT_PAGE(level3_vmalloc_end_pgt)
+ .fill 512,8,0
@@ -27781,7 +27813,7 @@ index ffdc0e8..f429d4f 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -502,31 +573,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -28964,7 +28996,7 @@ index 005c03e..7000fe4 100644
if ((s64)val != *(s32 *)loc)
goto overflow;
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 64f9616..c94695d 100644
+index 64f9616..4036384 100644
--- a/arch/x86/kernel/msr.c
+++ b/arch/x86/kernel/msr.c
@@ -39,6 +39,7 @@
@@ -28975,19 +29007,21 @@ index 64f9616..c94695d 100644
#include <asm/processor.h>
#include <asm/msr.h>
-@@ -83,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+@@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
int err = 0;
ssize_t bytes = 0;
+#ifdef CONFIG_GRKERNSEC_KMEM
-+ gr_handle_msr_write();
-+ return -EPERM;
++ if (reg != MSR_IA32_ENERGY_PERF_BIAS) {
++ gr_handle_msr_write();
++ return -EPERM;
++ }
+#endif
+
if (count % 8)
return -EINVAL; /* Invalid chunk size */
-@@ -130,6 +136,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+@@ -130,6 +138,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
err = -EBADF;
break;
}
@@ -28998,7 +29032,7 @@ index 64f9616..c94695d 100644
if (copy_from_user(®s, uregs, sizeof regs)) {
err = -EFAULT;
break;
-@@ -213,7 +223,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
+@@ -213,7 +225,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
return notifier_from_errno(err);
}
@@ -35741,7 +35775,7 @@ index 740d7ac..4091827 100644
#endif /* CONFIG_HUGETLB_PAGE */
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..eeba8bb 100644
+index 493f541..d8e6b22 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -35780,7 +35814,7 @@ index 493f541..eeba8bb 100644
__flush_tlb_all();
early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +648,40 @@ void __init init_mem_mapping(void)
+@@ -634,10 +648,34 @@ void __init init_mem_mapping(void)
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
*/
@@ -35792,37 +35826,30 @@ index 493f541..eeba8bb 100644
+
int devmem_is_allowed(unsigned long pagenr)
{
-- if (pagenr < 256)
+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* allow BDA */
+ if (!pagenr)
- return 1;
++ return 1;
+ /* allow EBDA */
+ if (pagenr >= ebda_start && pagenr < ebda_end)
+ return 1;
+ /* if tboot is in use, allow access to its hardcoded serial log range */
+ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
+ return 1;
-+#else
-+ if (!pagenr)
-+ return 1;
-+#ifdef CONFIG_VM86
-+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
-+ return 1;
-+#endif
-+#endif
-+
+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ return 1;
-+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* throw out everything else below 1MB */
+ if (pagenr <= 256)
+ return 0;
++#else
+ if (pagenr < 256)
+ return 1;
+#endif
++
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -683,8 +727,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -38861,14 +38888,17 @@ index e3679db..16b93d1 100644
#ifdef CONFIG_ACPI_NUMA
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index c913ca4..a314c65 100644
+index c913ca4..55f8877 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
-@@ -1950,7 +1950,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
* L3_k[511] -> level2_fixmap_pgt */
convert_pfn_mfn(level3_kernel_pgt);
-+ convert_pfn_mfn(level3_vmalloc_start_pgt);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[0]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[1]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[2]);
++ convert_pfn_mfn(level3_vmalloc_start_pgt[3]);
+ convert_pfn_mfn(level3_vmalloc_end_pgt);
+ convert_pfn_mfn(level3_vmemmap_pgt);
/* L3_k[511][506] -> level1_fixmap_pgt */
@@ -38876,11 +38906,14 @@ index c913ca4..a314c65 100644
convert_pfn_mfn(level2_fixmap_pgt);
}
/* We get [511][511] and have Xen's version of level2_kernel_pgt */
-@@ -1980,11 +1984,22 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1980,11 +1987,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
-+ set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[0], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[1], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[2], PAGE_KERNEL_RO);
++ set_page_prot(level3_vmalloc_start_pgt[3], PAGE_KERNEL_RO);
+ set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO);
+ set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
@@ -38900,7 +38933,7 @@ index c913ca4..a314c65 100644
/* Pin down new L4 */
pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
-@@ -2395,6 +2410,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2395,6 +2416,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if CONFIG_PGTABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -38908,7 +38941,7 @@ index c913ca4..a314c65 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2423,6 +2439,10 @@ static void xen_leave_lazy_mmu(void)
+@@ -2423,6 +2445,10 @@ static void xen_leave_lazy_mmu(void)
preempt_enable();
}
@@ -38919,7 +38952,7 @@ index c913ca4..a314c65 100644
static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.read_cr2 = xen_read_cr2,
.write_cr2 = xen_write_cr2,
-@@ -2435,7 +2455,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2435,7 +2461,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.flush_tlb_single = xen_flush_tlb_single,
.flush_tlb_others = xen_flush_tlb_others,
@@ -38928,7 +38961,7 @@ index c913ca4..a314c65 100644
.pgd_alloc = xen_pgd_alloc,
.pgd_free = xen_pgd_free,
-@@ -2472,6 +2492,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2472,6 +2498,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -44269,6 +44302,23 @@ index 984c5e9..c873659 100644
err_out:
mutex_unlock(&devfreq_list_lock);
+diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
+index 155c146..0a697f4 100644
+--- a/drivers/dma-buf/dma-buf.c
++++ b/drivers/dma-buf/dma-buf.c
+@@ -835,10 +835,9 @@ static int dma_buf_describe(struct seq_file *s)
+
+ static int dma_buf_show(struct seq_file *s, void *unused)
+ {
+- void (*func)(struct seq_file *) = s->private;
++ int (*func)(struct seq_file *) = s->private;
+
+- func(s);
+- return 0;
++ return func(s);
+ }
+
+ static int dma_buf_debug_open(struct inode *inode, struct file *file)
diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c
index 10fcaba..326f709 100644
--- a/drivers/dma/sh/shdma-base.c
@@ -45707,6 +45757,212 @@ index 7b69070..d7bd78b 100644
pqn->q);
if (retval != 0)
return retval;
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+index ff08ce4..5b8758f 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+@@ -239,10 +239,16 @@ int cz_dpm_powergate_vce(struct pp_hwmgr *hwmgr, bool bgate)
+
+ static struct phm_master_table_item cz_enable_clock_power_gatings_list[] = {
+ /*we don't need an exit table here, because there is only D3 cold on Kv*/
+- { phm_cf_want_uvd_power_gating, cz_tf_uvd_power_gating_initialize },
+- { phm_cf_want_vce_power_gating, cz_tf_vce_power_gating_initialize },
++ {
++ .isFunctionNeededInRuntimeTable = phm_cf_want_uvd_power_gating,
++ .tableFunction = cz_tf_uvd_power_gating_initialize
++ },
++ {
++ .isFunctionNeededInRuntimeTable = phm_cf_want_vce_power_gating,
++ .tableFunction = cz_tf_vce_power_gating_initialize
++ },
+ /* to do { NULL, cz_tf_xdma_power_gating_enable }, */
+- { NULL, NULL }
++ { }
+ };
+
+ struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+index 2ea012e..b4256b4 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+@@ -915,13 +915,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_set_power_state_list[] = {
+- {NULL, cz_tf_update_sclk_limit},
+- {NULL, cz_tf_set_deep_sleep_sclk_threshold},
+- {NULL, cz_tf_set_watermark_threshold},
+- {NULL, cz_tf_set_enabled_levels},
+- {NULL, cz_tf_enable_nb_dpm},
+- {NULL, cz_tf_update_low_mem_pstate},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_update_sclk_limit },
++ { .tableFunction = cz_tf_set_deep_sleep_sclk_threshold },
++ { .tableFunction = cz_tf_set_watermark_threshold },
++ { .tableFunction = cz_tf_set_enabled_levels },
++ { .tableFunction = cz_tf_enable_nb_dpm },
++ { .tableFunction = cz_tf_update_low_mem_pstate },
++ { }
+ };
+
+ static struct phm_master_table_header cz_set_power_state_master = {
+@@ -931,15 +931,15 @@ static struct phm_master_table_header cz_set_power_state_master = {
+ };
+
+ static struct phm_master_table_item cz_setup_asic_list[] = {
+- {NULL, cz_tf_reset_active_process_mask},
+- {NULL, cz_tf_upload_pptable_to_smu},
+- {NULL, cz_tf_init_sclk_limit},
+- {NULL, cz_tf_init_uvd_limit},
+- {NULL, cz_tf_init_vce_limit},
+- {NULL, cz_tf_init_acp_limit},
+- {NULL, cz_tf_init_power_gate_state},
+- {NULL, cz_tf_init_sclk_threshold},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_reset_active_process_mask },
++ { .tableFunction = cz_tf_upload_pptable_to_smu },
++ { .tableFunction = cz_tf_init_sclk_limit },
++ { .tableFunction = cz_tf_init_uvd_limit },
++ { .tableFunction = cz_tf_init_vce_limit },
++ { .tableFunction = cz_tf_init_acp_limit },
++ { .tableFunction = cz_tf_init_power_gate_state },
++ { .tableFunction = cz_tf_init_sclk_threshold },
++ { }
+ };
+
+ static struct phm_master_table_header cz_setup_asic_master = {
+@@ -984,10 +984,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_power_down_asic_list[] = {
+- {NULL, cz_tf_power_up_display_clock_sys_pll},
+- {NULL, cz_tf_clear_nb_dpm_flag},
+- {NULL, cz_tf_reset_cc6_data},
+- {NULL, NULL}
++ { .tableFunction = cz_tf_power_up_display_clock_sys_pll },
++ { .tableFunction = cz_tf_clear_nb_dpm_flag },
++ { .tableFunction = cz_tf_reset_cc6_data },
++ { }
+ };
+
+ static struct phm_master_table_header cz_power_down_asic_master = {
+@@ -1095,8 +1095,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
+ }
+
+ static struct phm_master_table_item cz_disable_dpm_list[] = {
+- { NULL, cz_tf_check_for_dpm_enabled},
+- {NULL, NULL},
++ { .tableFunction = cz_tf_check_for_dpm_enabled },
++ { },
+ };
+
+
+@@ -1107,13 +1107,13 @@ static struct phm_master_table_header cz_disable_dpm_master = {
+ };
+
+ static struct phm_master_table_item cz_enable_dpm_list[] = {
+- { NULL, cz_tf_check_for_dpm_disabled },
+- { NULL, cz_tf_program_voting_clients },
+- { NULL, cz_tf_start_dpm},
+- { NULL, cz_tf_program_bootup_state},
+- { NULL, cz_tf_enable_didt },
+- { NULL, cz_tf_reset_acp_boot_level },
+- {NULL, NULL},
++ { .tableFunction = cz_tf_check_for_dpm_disabled },
++ { .tableFunction = cz_tf_program_voting_clients },
++ { .tableFunction = cz_tf_start_dpm },
++ { .tableFunction = cz_tf_program_bootup_state },
++ { .tableFunction = cz_tf_enable_didt },
++ { .tableFunction = cz_tf_reset_acp_boot_level },
++ { },
+ };
+
+ static struct phm_master_table_header cz_enable_dpm_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+index e76a7de..ae5fb7e 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+@@ -617,17 +617,17 @@ static int tf_fiji_thermal_disable_alert(struct pp_hwmgr *hwmgr,
+
+ static struct phm_master_table_item
+ fiji_thermal_start_thermal_controller_master_list[] = {
+- {NULL, tf_fiji_thermal_initialize},
+- {NULL, tf_fiji_thermal_set_temperature_range},
+- {NULL, tf_fiji_thermal_enable_alert},
++ { .tableFunction = tf_fiji_thermal_initialize},
++ { .tableFunction = tf_fiji_thermal_set_temperature_range},
++ { .tableFunction = tf_fiji_thermal_enable_alert},
+ /* We should restrict performance levels to low before we halt the SMC.
+ * On the other hand we are still in boot state when we do this
+ * so it would be pointless.
+ * If this assumption changes we have to revisit this table.
+ */
+- {NULL, tf_fiji_thermal_setup_fan_table},
+- {NULL, tf_fiji_thermal_start_smc_fan_control},
+- {NULL, NULL}
++ { .tableFunction = tf_fiji_thermal_setup_fan_table},
++ { .tableFunction = tf_fiji_thermal_start_smc_fan_control},
++ { }
+ };
+
+ static struct phm_master_table_header
+@@ -639,10 +639,10 @@ fiji_thermal_start_thermal_controller_master = {
+
+ static struct phm_master_table_item
+ fiji_thermal_set_temperature_range_master_list[] = {
+- {NULL, tf_fiji_thermal_disable_alert},
+- {NULL, tf_fiji_thermal_set_temperature_range},
+- {NULL, tf_fiji_thermal_enable_alert},
+- {NULL, NULL}
++ { .tableFunction = tf_fiji_thermal_disable_alert},
++ { .tableFunction = tf_fiji_thermal_set_temperature_range},
++ { .tableFunction = tf_fiji_thermal_enable_alert},
++ { }
+ };
+
+ struct phm_master_table_header
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+index a188174..74acdc0 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+@@ -526,16 +526,16 @@ static int tf_tonga_thermal_disable_alert(struct pp_hwmgr *hwmgr, void *input, v
+ }
+
+ static struct phm_master_table_item tonga_thermal_start_thermal_controller_master_list[] = {
+- { NULL, tf_tonga_thermal_initialize },
+- { NULL, tf_tonga_thermal_set_temperature_range },
+- { NULL, tf_tonga_thermal_enable_alert },
++ { .tableFunction = tf_tonga_thermal_initialize },
++ { .tableFunction = tf_tonga_thermal_set_temperature_range },
++ { .tableFunction = tf_tonga_thermal_enable_alert },
+ /* We should restrict performance levels to low before we halt the SMC.
+ * On the other hand we are still in boot state when we do this so it would be pointless.
+ * If this assumption changes we have to revisit this table.
+ */
+- { NULL, tf_tonga_thermal_setup_fan_table},
+- { NULL, tf_tonga_thermal_start_smc_fan_control},
+- { NULL, NULL }
++ { .tableFunction = tf_tonga_thermal_setup_fan_table},
++ { .tableFunction = tf_tonga_thermal_start_smc_fan_control},
++ { }
+ };
+
+ static struct phm_master_table_header tonga_thermal_start_thermal_controller_master = {
+@@ -545,10 +545,10 @@ static struct phm_master_table_header tonga_thermal_start_thermal_controller_mas
+ };
+
+ static struct phm_master_table_item tonga_thermal_set_temperature_range_master_list[] = {
+- { NULL, tf_tonga_thermal_disable_alert},
+- { NULL, tf_tonga_thermal_set_temperature_range},
+- { NULL, tf_tonga_thermal_enable_alert},
+- { NULL, NULL }
++ { .tableFunction = tf_tonga_thermal_disable_alert},
++ { .tableFunction = tf_tonga_thermal_set_temperature_range},
++ { .tableFunction = tf_tonga_thermal_enable_alert},
++ { }
+ };
+
+ struct phm_master_table_header tonga_thermal_set_temperature_range_master = {
diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
index 8b2becd..2d8f572 100644
--- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
@@ -48656,6 +48912,29 @@ index c13fb5b..55a3802 100644
return -EFAULT;
*off += size;
+diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
+index 2f1ddca..700145b 100644
+--- a/drivers/hid/usbhid/hiddev.c
++++ b/drivers/hid/usbhid/hiddev.c
+@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
+ goto inval;
+ } else if (uref->usage_index >= field->report_count)
+ goto inval;
+-
+- else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
+- (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
+- uref->usage_index + uref_multi->num_values > field->report_count))
+- goto inval;
+ }
+
++ if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
++ (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
++ uref->usage_index + uref_multi->num_values > field->report_count))
++ goto inval;
++
+ switch (cmd) {
+ case HIDIOCGUSAGE:
+ uref->value = field->value[uref->usage_index];
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
index 1161d68..7a42e2c 100644
--- a/drivers/hv/channel.c
@@ -48681,27 +48960,76 @@ index 1161d68..7a42e2c 100644
packetlen_aligned = ALIGN(packetlen, sizeof(u64));
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 11bca51..17bdc9b 100644
+index 11bca51..360c83e 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
-@@ -95,7 +95,7 @@ u64 hv_do_hypercall(u64 control, void *input, void *output)
+@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = {
+ };
+ #endif
+
++extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE);
++asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;");
+
+ /*
+ * hv_init - Main initialization routine.
+@@ -193,7 +195,6 @@ int hv_init(void)
{
- u64 input_address = (input) ? virt_to_phys(input) : 0;
- u64 output_address = (output) ? virt_to_phys(output) : 0;
-- void *hypercall_page = hv_context.hypercall_page;
-+ void *hypercall_page = (void *)ktva_ktla((unsigned long)hv_context.hypercall_page);
- #ifdef CONFIG_X86_64
- u64 hv_status = 0;
+ int max_leaf;
+ union hv_x64_msr_hypercall_contents hypercall_msr;
+- void *virtaddr = NULL;
-@@ -218,7 +218,7 @@ int hv_init(void)
+ memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
+ memset(hv_context.synic_message_page, 0,
+@@ -218,14 +219,9 @@ int hv_init(void)
/* See if the hypercall page is already set */
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
-+ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
+-
+- if (!virtaddr)
+- goto cleanup;
+-
+ hypercall_msr.enable = 1;
- if (!virtaddr)
+- hypercall_msr.guest_physical_address = vmalloc_to_pfn(virtaddr);
++ hypercall_msr.guest_physical_address = __phys_to_pfn(__pa(ktla_ktva((unsigned long)hv_hypercall_page)));
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+
+ /* Confirm that hypercall page did get setup. */
+@@ -235,7 +231,7 @@ int hv_init(void)
+ if (!hypercall_msr.enable)
goto cleanup;
+
+- hv_context.hypercall_page = virtaddr;
++ hv_context.hypercall_page = hv_hypercall_page;
+
+ #ifdef CONFIG_X86_64
+ if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
+@@ -259,13 +255,9 @@ int hv_init(void)
+ return 0;
+
+ cleanup:
+- if (virtaddr) {
+- if (hypercall_msr.enable) {
+- hypercall_msr.as_uint64 = 0;
+- wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+- }
+-
+- vfree(virtaddr);
++ if (hypercall_msr.enable) {
++ hypercall_msr.as_uint64 = 0;
++ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+ }
+
+ return -ENOTSUPP;
+@@ -286,7 +278,6 @@ void hv_cleanup(void)
+ if (hv_context.hypercall_page) {
+ hypercall_msr.as_uint64 = 0;
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+- vfree(hv_context.hypercall_page);
+ hv_context.hypercall_page = NULL;
+ }
+
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
index b853b4b..3647b37 100644
--- a/drivers/hv/hv_balloon.c
@@ -67848,10 +68176,25 @@ index 3f155e7..0f4b1f0 100644
&proc_bus_pci_dev_operations);
proc_initialized = 1;
diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
-index 7796d0a..c83b0ae 100644
+index 7796d0a..2f9d2f6 100644
--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
-@@ -1115,7 +1115,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
+@@ -406,8 +406,12 @@ static void __assign_resources_sorted(struct list_head *head,
+
+ /* Update res in head list with add_size in realloc_head list */
+ list_for_each_entry_safe(dev_res, tmp_res, head, list) {
+- dev_res->res->end += get_res_add_size(realloc_head,
+- dev_res->res);
++ resource_size_t add_size = get_res_add_size(realloc_head, dev_res->res);
++
++ if (dev_res->res->start == 0 && dev_res->res->end == RESOURCE_SIZE_MAX)
++ dev_res->res->end = add_size - 1;
++ else
++ dev_res->res->end += get_res_add_size(realloc_head, dev_res->res);
+
+ /*
+ * There are two kinds of additional resources in the list:
+@@ -1115,7 +1119,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
return 0;
}
@@ -97715,7 +98058,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..50eef0a 100644
+index dcd4ac7..f651515 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -97924,7 +98267,14 @@ index dcd4ac7..50eef0a 100644
/*
* cover the whole range: [new_start, old_end)
*/
-@@ -681,10 +727,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -675,20 +721,16 @@ int setup_arg_pages(struct linux_binprm *bprm,
+ stack_base = PAGE_ALIGN(stack_top - stack_base);
+
+ stack_shift = vma->vm_start - stack_base;
+- mm->arg_start = bprm->p - stack_shift;
++ mm->arg_end = mm->arg_start = bprm->p - stack_shift;
+ bprm->p = vma->vm_end - stack_shift;
+ #else
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
@@ -97935,6 +98285,11 @@ index dcd4ac7..50eef0a 100644
stack_shift = vma->vm_end - stack_top;
bprm->p -= stack_shift;
+- mm->arg_start = bprm->p;
++ mm->arg_end = mm->arg_start = bprm->p;
+ #endif
+
+ if (bprm->loader)
@@ -696,8 +738,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
bprm->exec -= stack_shift;
@@ -103205,7 +103560,7 @@ index 7824bfb..bddd8a4 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index 4fb1691..a518f2e0 100644
+index 4fb1691..3077a5c 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1516,6 +1516,9 @@ static int do_umount(struct mount *mnt, int flags)
@@ -103292,16 +103647,15 @@ index 4fb1691..a518f2e0 100644
atomic_set(&new_ns->count, 1);
new_ns->root = NULL;
INIT_LIST_HEAD(&new_ns->list);
-@@ -2778,7 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2778,6 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
return new_ns;
}
--struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
-+__latent_entropy struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
++__latent_entropy
+ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
struct user_namespace *user_ns, struct fs_struct *new_fs)
{
- struct mnt_namespace *new_ns;
-@@ -2899,8 +2918,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2899,8 +2919,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
@@ -103312,7 +103666,7 @@ index 4fb1691..a518f2e0 100644
{
int ret;
char *kernel_type;
-@@ -3006,6 +3025,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -3006,6 +3026,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -103324,7 +103678,7 @@ index 4fb1691..a518f2e0 100644
get_fs_root(current->fs, &root);
old_mp = lock_mount(&old);
error = PTR_ERR(old_mp);
-@@ -3324,7 +3348,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
+@@ -3324,7 +3349,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
!ns_capable(current_user_ns(), CAP_SYS_ADMIN))
return -EPERM;
@@ -106266,7 +106620,7 @@ index 4123551..813b403 100644
#endif /* _NFSD4_CURRENT_STATE_H */
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
-index 1580ea6..9c7f44f 100644
+index 1580ea6..5d74e50 100644
--- a/fs/nfsd/nfs2acl.c
+++ b/fs/nfsd/nfs2acl.c
@@ -27,9 +27,10 @@ nfsacld_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106296,6 +106650,47 @@ index 1580ea6..9c7f44f 100644
struct inode *inode;
svc_fh *fh;
__be32 nfserr = 0;
+@@ -104,22 +105,21 @@ static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp,
+ goto out;
+
+ inode = d_inode(fh->fh_dentry);
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+- error = -EOPNOTSUPP;
+- goto out_errno;
+- }
+
+ error = fh_want_write(fh);
+ if (error)
+ goto out_errno;
+
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++ fh_lock(fh);
++
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ if (error)
+- goto out_drop_write;
+- error = inode->i_op->set_acl(inode, argp->acl_default,
+- ACL_TYPE_DEFAULT);
++ goto out_drop_lock;
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+ if (error)
+- goto out_drop_write;
++ goto out_drop_lock;
++
++ fh_unlock(fh);
+
+ fh_drop_write(fh);
+
+@@ -131,7 +131,8 @@ out:
+ posix_acl_release(argp->acl_access);
+ posix_acl_release(argp->acl_default);
+ return nfserr;
+-out_drop_write:
++out_drop_lock:
++ fh_unlock(fh);
+ fh_drop_write(fh);
+ out_errno:
+ nfserr = nfserrno(error);
@@ -141,9 +142,10 @@ out_errno:
/*
* Check file attributes
@@ -106472,7 +106867,7 @@ index 1580ea6..9c7f44f 100644
sizeof(struct nfsd3_##rest##res), \
0, \
diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
-index 01df4cd..f11e111 100644
+index 01df4cd..36a8d76 100644
--- a/fs/nfsd/nfs3acl.c
+++ b/fs/nfsd/nfs3acl.c
@@ -26,9 +26,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106502,7 +106897,37 @@ index 01df4cd..f11e111 100644
struct inode *inode;
svc_fh *fh;
__be32 nfserr = 0;
-@@ -125,9 +126,10 @@ out:
+@@ -95,22 +96,20 @@ static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp,
+ goto out;
+
+ inode = d_inode(fh->fh_dentry);
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+- error = -EOPNOTSUPP;
+- goto out_errno;
+- }
+
+ error = fh_want_write(fh);
+ if (error)
+ goto out_errno;
+
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++ fh_lock(fh);
++
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ if (error)
+- goto out_drop_write;
+- error = inode->i_op->set_acl(inode, argp->acl_default,
+- ACL_TYPE_DEFAULT);
++ goto out_drop_lock;
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+
+-out_drop_write:
++out_drop_lock:
++ fh_unlock(fh);
+ fh_drop_write(fh);
+ out_errno:
+ nfserr = nfserrno(error);
+@@ -125,9 +124,10 @@ out:
/*
* XDR decode functions
*/
@@ -106515,7 +106940,7 @@ index 01df4cd..f11e111 100644
p = nfs3svc_decode_fh(p, &args->fh);
if (!p)
return 0;
-@@ -137,9 +139,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -137,9 +137,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
}
@@ -106528,7 +106953,7 @@ index 01df4cd..f11e111 100644
struct kvec *head = rqstp->rq_arg.head;
unsigned int base;
int n;
-@@ -168,9 +171,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -168,9 +169,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
*/
/* GETACL */
@@ -106541,7 +106966,7 @@ index 01df4cd..f11e111 100644
struct dentry *dentry = resp->fh.fh_dentry;
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
-@@ -213,9 +217,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -213,9 +215,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
}
/* SETACL */
@@ -106554,7 +106979,7 @@ index 01df4cd..f11e111 100644
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
return xdr_ressize_check(rqstp, p);
-@@ -224,9 +229,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -224,9 +227,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
/*
* XDR release functions
*/
@@ -106567,7 +106992,7 @@ index 01df4cd..f11e111 100644
fh_put(&resp->fh);
posix_acl_release(resp->acl_access);
posix_acl_release(resp->acl_default);
-@@ -240,10 +246,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
+@@ -240,10 +244,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
struct nfsd3_voidargs { int dummy; };
#define PROC(name, argt, rest, relt, cache, respsize) \
@@ -107598,6 +108023,45 @@ index 2246454..b866de8 100644
fh_put(&resp->fh1);
fh_put(&resp->fh2);
return 1;
+diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
+index 6adabd6..71292a0 100644
+--- a/fs/nfsd/nfs4acl.c
++++ b/fs/nfsd/nfs4acl.c
+@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ dentry = fhp->fh_dentry;
+ inode = d_inode(dentry);
+
+- if (!inode->i_op->set_acl || !IS_POSIXACL(inode))
+- return nfserr_attrnotsupp;
+-
+ if (S_ISDIR(inode->i_mode))
+ flags = NFS4_ACL_DIR;
+
+@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ if (host_error < 0)
+ goto out_nfserr;
+
+- host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS);
++ fh_lock(fhp);
++
++ host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl);
+ if (host_error < 0)
+- goto out_release;
++ goto out_drop_lock;
+
+ if (S_ISDIR(inode->i_mode)) {
+- host_error = inode->i_op->set_acl(inode, dpacl,
+- ACL_TYPE_DEFAULT);
++ host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl);
+ }
+
+-out_release:
++out_drop_lock:
++ fh_unlock(fhp);
++
+ posix_acl_release(pacl);
+ posix_acl_release(dpacl);
+ out_nfserr:
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
index 7389cb1..e031e30d 100644
--- a/fs/nfsd/nfs4callback.c
@@ -112182,7 +112646,7 @@ index ab8dad3..932cb27 100644
if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
diff --git a/fs/posix_acl.c b/fs/posix_acl.c
-index 711dd51..e55fd79 100644
+index 711dd51..afa7a82 100644
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -20,6 +20,7 @@
@@ -112262,6 +112726,74 @@ index 711dd51..e55fd79 100644
acl_e->e_gid =
make_kgid(user_ns,
le32_to_cpu(entry->e_id));
+@@ -786,39 +797,47 @@ posix_acl_xattr_get(const struct xattr_handler *handler,
+ return error;
+ }
+
++int
++set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
++{
++ if (!IS_POSIXACL(inode))
++ return -EOPNOTSUPP;
++ if (!inode->i_op->set_acl)
++ return -EOPNOTSUPP;
++
++ if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
++ return acl ? -EACCES : 0;
++ if (!inode_owner_or_capable(inode))
++ return -EPERM;
++
++ if (acl) {
++ int ret = posix_acl_valid(acl);
++ if (ret)
++ return ret;
++ }
++ return inode->i_op->set_acl(inode, acl, type);
++}
++EXPORT_SYMBOL(set_posix_acl);
++
+ static int
+ posix_acl_xattr_set(const struct xattr_handler *handler,
+- struct dentry *dentry, const char *name,
+- const void *value, size_t size, int flags)
++ struct dentry *dentry,
++ const char *name, const void *value,
++ size_t size, int flags)
+ {
+ struct inode *inode = d_backing_inode(dentry);
+ struct posix_acl *acl = NULL;
+ int ret;
+
+- if (!IS_POSIXACL(inode))
+- return -EOPNOTSUPP;
+- if (!inode->i_op->set_acl)
+- return -EOPNOTSUPP;
+-
+- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
+- return value ? -EACCES : 0;
+- if (!inode_owner_or_capable(inode))
+- return -EPERM;
++ if (strcmp(name, "") != 0)
++ return -EINVAL;
+
+ if (value) {
+ acl = posix_acl_from_xattr(&init_user_ns, value, size);
+ if (IS_ERR(acl))
+ return PTR_ERR(acl);
+-
+- if (acl) {
+- ret = posix_acl_valid(acl);
+- if (ret)
+- goto out;
+- }
+ }
+-
+- ret = inode->i_op->set_acl(inode, acl, handler->flags);
+-out:
++ ret = set_posix_acl(inode, handler->flags, acl);
+ posix_acl_release(acl);
+ return ret;
+ }
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
index 1ade120..a86f1a2 100644
--- a/fs/proc/Kconfig
@@ -128108,7 +128640,7 @@ index a76c917..75d6aeb 100644
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
/*
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
-index eeae401..c108d27 100644
+index eeae401..985c04d 100644
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -116,9 +116,9 @@
@@ -128124,7 +128656,7 @@ index eeae401..c108d27 100644
#define __maybe_unused __attribute__((unused))
#define __always_unused __attribute__((unused))
-@@ -184,9 +184,39 @@
+@@ -184,9 +184,41 @@
# define __compiletime_warning(message) __attribute__((warning(message)))
# define __compiletime_error(message) __attribute__((error(message)))
#endif /* __CHECKER__ */
@@ -128153,9 +128685,11 @@ index eeae401..c108d27 100644
+#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
+#endif
+
++#ifndef __CHECKER__
+#ifdef LATENT_ENTROPY_PLUGIN
+#define __latent_entropy __attribute__((latent_entropy))
+#endif
++#endif
+
+#ifdef INITIFY_PLUGIN
+#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
@@ -130605,34 +131139,24 @@ index ba7a9b0..33a0237 100644
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
extern void unregister_pppox_proto(int proto_num);
diff --git a/include/linux/init.h b/include/linux/init.h
-index b449f37..61005b3 100644
+index b449f37..3416791 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
-@@ -37,9 +37,17 @@
- * section.
- */
+@@ -39,7 +39,7 @@
-+#define add_init_latent_entropy __latent_entropy
-+
-+#ifdef CONFIG_MEMORY_HOTPLUG
-+#define add_meminit_latent_entropy
-+#else
-+#define add_meminit_latent_entropy __latent_entropy
-+#endif
-+
/* These are for everybody (although not all archs will actually
discard it in modules) */
-#define __init __section(.init.text) __cold notrace
-+#define __init __section(.init.text) __cold notrace add_init_latent_entropy
++#define __init __section(.init.text) __cold notrace __latent_entropy
#define __initdata __section(.init.data)
#define __initconst __constsection(.init.rodata)
#define __exitdata __section(.exit.data)
-@@ -92,7 +100,7 @@
+@@ -92,7 +92,7 @@
#define __exit __section(.exit.text) __exitused __cold notrace
/* Used for MEMORY_HOTPLUG */
-#define __meminit __section(.meminit.text) __cold notrace
-+#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy
++#define __meminit __section(.meminit.text) __cold notrace __latent_entropy
#define __meminitdata __section(.meminit.data)
#define __meminitconst __constsection(.meminit.rodata)
#define __memexit __section(.memexit.text) __exitused __cold notrace
@@ -132727,7 +133251,7 @@ index b2505ac..5f7ab55 100644
extern bool qid_valid(struct kqid qid);
diff --git a/include/linux/random.h b/include/linux/random.h
-index 9c29122..9112a5b9 100644
+index 9c29122..f94151b 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -18,9 +18,19 @@ struct random_ready_callback {
@@ -132735,14 +133259,14 @@ index 9c29122..9112a5b9 100644
extern void add_device_randomness(const void *, unsigned int);
+
++#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
+static inline void add_latent_entropy(void)
+{
-+
-+#ifdef LATENT_ENTROPY_PLUGIN
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+#endif
-+
+}
++#else
++static inline void add_latent_entropy(void) {}
++#endif
+
extern void add_input_randomness(unsigned int type, unsigned int code,
- unsigned int value);
@@ -134629,10 +135153,21 @@ index 00c9d68..bc0188b 100644
struct tty_ldisc {
diff --git a/include/linux/types.h b/include/linux/types.h
-index 70dd3df..c61727f 100644
+index 70dd3df..7950943 100644
--- a/include/linux/types.h
+++ b/include/linux/types.h
-@@ -176,10 +176,26 @@ typedef struct {
+@@ -160,8 +160,10 @@ typedef unsigned __bitwise__ oom_flags_t;
+
+ #ifdef CONFIG_PHYS_ADDR_T_64BIT
+ typedef u64 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULLONG_MAX
+ #else
+ typedef u32 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULONG_MAX
+ #endif
+
+ typedef phys_addr_t resource_size_t;
+@@ -176,10 +178,26 @@ typedef struct {
int counter;
} atomic_t;
@@ -136759,20 +137294,6 @@ index 2232080..ae4d217 100644
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-diff --git a/init/Makefile b/init/Makefile
-index 7bc47ee..6da2dc7 100644
---- a/init/Makefile
-+++ b/init/Makefile
-@@ -2,6 +2,9 @@
- # Makefile for the linux kernel.
- #
-
-+ccflags-y := $(GCC_PLUGINS_CFLAGS)
-+asflags-y := $(GCC_PLUGINS_AFLAGS)
-+
- obj-y := main.o version.o mounts.o
- ifneq ($(CONFIG_BLK_DEV_INITRD),y)
- obj-y += noinitramfs.o
diff --git a/init/do_mounts.c b/init/do_mounts.c
index dea5de9..497f996 100644
--- a/init/do_mounts.c
@@ -148942,7 +149463,7 @@ index 62bbf35..04d12eb 100644
struct bdi_writeback *wb = dtc->wb;
unsigned long write_bw = wb->avg_write_bandwidth;
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 1d11790..1cc6074 100644
+index 1d11790..6d640cb 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -63,6 +63,7 @@
@@ -148990,7 +149511,6 @@ index 1d11790..1cc6074 100644
local_irq_restore(flags);
}
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
+bool __meminitdata extra_latent_entropy;
+
+static int __init setup_pax_extra_latent_entropy(char *str)
@@ -149000,6 +149520,7 @@ index 1d11790..1cc6074 100644
+}
+early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy);
+
++#ifdef LATENT_ENTROPY_PLUGIN
+volatile u64 latent_entropy __latent_entropy;
+EXPORT_SYMBOL(latent_entropy);
+#endif
@@ -149007,11 +149528,10 @@ index 1d11790..1cc6074 100644
static void __init __free_pages_boot_core(struct page *page,
unsigned long pfn, unsigned int order)
{
-@@ -1059,6 +1084,19 @@ static void __init __free_pages_boot_core(struct page *page,
+@@ -1059,6 +1084,21 @@ static void __init __free_pages_boot_core(struct page *page,
__ClearPageReserved(p);
set_page_count(p, 0);
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
+ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
+ u64 hash = 0;
+ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
@@ -149019,15 +149539,18 @@ index 1d11790..1cc6074 100644
+
+ for (index = 0; index < end; index++)
+ hash ^= hash + data[index];
++#ifdef LATENT_ENTROPY_PLUGIN
+ latent_entropy ^= hash;
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+ }
++#else
++ add_device_randomness((const void *)&hash, sizeof(hash));
+#endif
++ }
+
page_zone(page)->managed_pages += nr_pages;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -1115,7 +1153,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
+@@ -1115,7 +1155,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
}
#endif
@@ -149035,7 +149558,7 @@ index 1d11790..1cc6074 100644
void __init __free_pages_bootmem(struct page *page, unsigned long pfn,
unsigned int order)
{
-@@ -1419,9 +1456,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
+@@ -1419,9 +1458,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
kernel_map_pages(page, 1 << order, 1);
kasan_alloc_pages(page, order);
@@ -149047,7 +149570,7 @@ index 1d11790..1cc6074 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
-@@ -1955,8 +1994,9 @@ static void drain_pages(unsigned int cpu)
+@@ -1955,8 +1996,9 @@ static void drain_pages(unsigned int cpu)
* The CPU has to be pinned. When zone parameter is non-NULL, spill just
* the single zone's pages.
*/
@@ -149058,7 +149581,7 @@ index 1d11790..1cc6074 100644
int cpu = smp_processor_id();
if (zone)
-@@ -2016,8 +2056,7 @@ void drain_all_pages(struct zone *zone)
+@@ -2016,8 +2058,7 @@ void drain_all_pages(struct zone *zone)
else
cpumask_clear_cpu(cpu, &cpus_with_pcps);
}
@@ -149068,7 +149591,7 @@ index 1d11790..1cc6074 100644
}
#ifdef CONFIG_HIBERNATION
-@@ -2289,7 +2328,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -2289,7 +2330,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
}
__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
@@ -149077,7 +149600,7 @@ index 1d11790..1cc6074 100644
!test_bit(ZONE_FAIR_DEPLETED, &zone->flags))
set_bit(ZONE_FAIR_DEPLETED, &zone->flags);
-@@ -2506,7 +2545,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -2506,7 +2547,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
do {
mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -149086,7 +149609,7 @@ index 1d11790..1cc6074 100644
clear_bit(ZONE_FAIR_DEPLETED, &zone->flags);
} while (zone++ != preferred_zone);
}
-@@ -6100,7 +6139,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -6100,7 +6141,7 @@ static void __setup_per_zone_wmarks(void)
__mod_zone_page_state(zone, NR_ALLOC_BATCH,
high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -153559,6 +154082,33 @@ index 30d875d..760f4f1 100644
err_alloc:
return -ENOMEM;
}
+diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
+index c35fdfa..063ef67 100644
+--- a/net/ieee802154/core.c
++++ b/net/ieee802154/core.c
+@@ -110,7 +110,7 @@ struct wpan_phy *wpan_phy_idx_to_wpan_phy(int wpan_phy_idx)
+ struct wpan_phy *
+ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+ {
+- static atomic_t wpan_phy_counter = ATOMIC_INIT(0);
++ static atomic_unchecked_t wpan_phy_counter = ATOMIC_INIT(0);
+ struct cfg802154_registered_device *rdev;
+ size_t alloc_size;
+
+@@ -121,11 +121,11 @@ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+
+ rdev->ops = ops;
+
+- rdev->wpan_phy_idx = atomic_inc_return(&wpan_phy_counter);
++ rdev->wpan_phy_idx = atomic_inc_return_unchecked(&wpan_phy_counter);
+
+ if (unlikely(rdev->wpan_phy_idx < 0)) {
+ /* ugh, wrapped! */
+- atomic_dec(&wpan_phy_counter);
++ atomic_dec_unchecked(&wpan_phy_counter);
+ kfree(rdev);
+ return NULL;
+ }
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 5c5db66..c10a4a2 100644
--- a/net/ipv4/af_inet.c
@@ -157793,7 +158343,7 @@ index 45da11a..ef3e5dc 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 6b94f0b..bb0cc8b 100644
+index 6b94f0b..03e9b12 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1581,7 +1581,7 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
@@ -157805,6 +158355,15 @@ index 6b94f0b..bb0cc8b 100644
{
int i, bucket, rc;
unsigned int hashsize, old_size;
+@@ -1780,7 +1780,7 @@ void nf_conntrack_init_end(void)
+
+ int nf_conntrack_init_net(struct net *net)
+ {
+- static atomic64_t unique_id;
++ static atomic64_unchecked_t unique_id;
+ int ret = -ENOMEM;
+ int cpu;
+
@@ -1804,7 +1804,7 @@ int nf_conntrack_init_net(struct net *net)
goto err_pcpu_lists;
@@ -161469,10 +162028,42 @@ index 805681a..17a7088 100644
.done = link->done,
};
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
-index 1db6d73..0819042 100644
+index 1db6d73..6e020e4 100644
--- a/scripts/Kbuild.include
+++ b/scripts/Kbuild.include
-@@ -146,7 +146,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
+@@ -107,16 +107,20 @@ as-option = $(call try-run,\
+ as-instr = $(call try-run,\
+ printf "%b\n" "$(1)" | $(CC) $(KBUILD_AFLAGS) -c -x assembler -o "$$TMP" -,$(2),$(3))
+
++# Do not attempt to build with gcc plugins during cc-option tests.
++# (And this uses delayed resolution so the flags will be up to date.)
++CC_OPTION_CFLAGS = $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
++
+ # cc-option
+ # Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
+
+ cc-option = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+
+ # cc-option-yn
+ # Usage: flag := $(call cc-option-yn,-march=winchip-c6)
+ cc-option-yn = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
+
+ # cc-option-align
+ # Prefix align with either -falign or -malign
+@@ -126,7 +130,7 @@ cc-option-align = $(subst -functions=0,,\
+ # cc-disable-warning
+ # Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable)
+ cc-disable-warning = $(call try-run,\
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
+
+ # cc-name
+ # Expands to either gcc or clang
+@@ -146,7 +150,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
# cc-ldoption
# Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both)
cc-ldoption = $(call try-run,\
@@ -161482,17 +162073,15 @@ index 1db6d73..0819042 100644
# ld-option
# Usage: LDFLAGS += $(call ld-option, -X)
diff --git a/scripts/Makefile b/scripts/Makefile
-index fd0d53d..1471190 100644
+index fd0d53d..9364092 100644
--- a/scripts/Makefile
+++ b/scripts/Makefile
-@@ -44,6 +44,7 @@ subdir-y += mod
- subdir-$(CONFIG_SECURITY_SELINUX) += selinux
- subdir-$(CONFIG_DTC) += dtc
+@@ -46,4 +46,4 @@ subdir-$(CONFIG_DTC) += dtc
subdir-$(CONFIG_GDB_SCRIPTS) += gdb
-+subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
# Let clean descend into subdirs
- subdir- += basic kconfig package
+-subdir- += basic kconfig package
++subdir- += basic kconfig package gcc-plugins
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
index 2c47f9c..9d46008 100644
--- a/scripts/Makefile.build
@@ -161507,16 +162096,17 @@ index 2c47f9c..9d46008 100644
endif
diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean
-index 55c96cb..e4e88ab 100644
+index 55c96cb..50616ea 100644
--- a/scripts/Makefile.clean
+++ b/scripts/Makefile.clean
-@@ -38,7 +38,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn))
+@@ -38,7 +38,9 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn))
__clean-files := $(extra-y) $(extra-m) $(extra-) \
$(always) $(targets) $(clean-files) \
$(host-progs) \
- $(hostprogs-y) $(hostprogs-m) $(hostprogs-)
+ $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \
-+ $(hostlibs-y) $(hostlibs-m) $(hostlibs-)
++ $(hostlibs-y) $(hostlibs-m) $(hostlibs-) \
++ $(hostcxxlibs-y) $(hostcxxlibs-m)
__clean-files := $(filter-out $(no-clean-files), $(__clean-files))
@@ -161537,10 +162127,10 @@ index 53449a6..c1fd180 100644
warning-2 += -Wdisabled-optimization
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
new file mode 100644
-index 0000000..08d4e22
+index 0000000..97e7a48
--- /dev/null
+++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,96 @@
+ifdef CONFIG_GCC_PLUGINS
+ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
+ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
@@ -161568,13 +162158,19 @@ index 0000000..08d4e22
+
+ gcc-plugin-y += colorize_plugin.so
+
++ gcc-plugin-subdir-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin
+ gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin/size_overflow_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW) += -DSIZE_OVERFLOW_PLUGIN
+
++ gcc-plugin-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode
++
++
+ gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN
+ ifdef CONFIG_PAX_LATENT_ENTROPY
-+ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
++ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable
+ endif
+
+ gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
@@ -161583,6 +162179,7 @@ index 0000000..08d4e22
+ gcc-plugin-y += initify_plugin.so
+ gcc-plugin-cflags-y += -DINITIFY_PLUGIN
+
++ gcc-plugin-subdir-$(CONFIG_PAX_RAP) += rap_plugin
+ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so
+ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call
+# gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -fplugin-arg-rap_plugin-report=func,fptr,abs
@@ -161595,25 +162192,43 @@ index 0000000..08d4e22
+ GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
+ GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y)
+
++ export PLUGINCC GCC_PLUGIN GCC_PLUGIN_SUBDIR GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
+ export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS
+
++ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
++ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++ GCC_PLUGIN := $(gcc-plugin-y)
++ GCC_PLUGIN_SUBDIR := $(gcc-plugin-subdir-y)
++endif
++
++# If plugins aren't supported, abort the build before hard-to-read compiler
++# errors start getting spewed by the main build.
++PHONY += gcc-plugins-check
++gcc-plugins-check: FORCE
++ifdef CONFIG_GCC_PLUGINS
+ ifeq ($(PLUGINCC),)
+ ifneq ($(GCC_PLUGINS_CFLAGS),)
+ ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-+ PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
-+ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?)
++ $(Q)$(srctree)/scripts/gcc-plugin.sh --show-error "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" || true
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc installation does not support plugins, perhaps the necessary headers are missing?" >&2
+ else
-+ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc version does not support plugins, you should upgrade it to at least gcc 4.5" >&2
+ endif
-+ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure)
++ @echo "PAX_MEMORY_STACKLEAK and other features will be less secure" >&2 && exit 1
+ endif
+ endif
++endif
++ @:
+
-+ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++# Actually do the build, if requested.
++PHONY += gcc-plugins
++gcc-plugins: scripts_basic gcc-plugins-check
++ifdef CONFIG_GCC_PLUGINS
++ $(Q)$(MAKE) $(build)=scripts/gcc-plugins
+endif
++ @:
diff --git a/scripts/Makefile.host b/scripts/Makefile.host
-index 133edfa..3439bd8 100644
+index 133edfa..ac03751 100644
--- a/scripts/Makefile.host
+++ b/scripts/Makefile.host
@@ -20,7 +20,25 @@
@@ -161672,7 +162287,7 @@ index 133edfa..3439bd8 100644
host-objdirs := $(addprefix $(obj)/,$(host-objdirs))
obj-dirs += $(host-objdirs)
-@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
+@@ -124,5 +158,42 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@
$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE
$(call if_changed_dep,host-cxxobjs)
@@ -161684,6 +162299,9 @@ index 133edfa..3439bd8 100644
+ $(call if_changed_dep,host-cshobjs)
+
+# Compile .c file, create position independent .o file
++# Note that plugin capable gcc versions can be either C or C++ based
++# therefore plugin source files have to be compilable in both C and C++ mode.
++# This is why a C++ compiler is invoked on a .c file.
+# host-cxxshobjs -> .o
+quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@
+ cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $<
@@ -161698,7 +162316,7 @@ index 133edfa..3439bd8 100644
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
+$(host-cshlib): FORCE
+ $(call if_changed,host-cshlib)
-+$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs)
++$(call multi_depend, $(host-cshlib), .so, -objs)
+
+# Link a shared library, based on position independent .o files
+# *.o -> .so shared library (host-cxxshlib)
@@ -161708,7 +162326,7 @@ index 133edfa..3439bd8 100644
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
+$(host-cxxshlib): FORCE
+ $(call if_changed,host-cxxshlib)
-+$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs)
++$(call multi_depend, $(host-cxxshlib), .so, -objs)
+
targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\
- $(host-cxxmulti) $(host-cxxobjs)
@@ -161917,12 +162535,19 @@ index e229b84..7141e8e 100644
while (get_node_by_phandle(root, phandle))
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
new file mode 100644
-index 0000000..fb92075
+index 0000000..b65224b
--- /dev/null
+++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,51 @@
+@@ -0,0 +1,65 @@
+#!/bin/sh
+srctree=$(dirname "$0")
++
++SHOW_ERROR=
++if [ "$1" = "--show-error" ] ; then
++ SHOW_ERROR=1
++ shift || true
++fi
++
+gccplugins_dir=$($3 -print-file-name=plugin)
+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
+#include "gcc-common.h"
@@ -161936,6 +162561,9 @@ index 0000000..fb92075
+
+if [ $? -ne 0 ]
+then
++ if [ -n "$SHOW_ERROR" ] ; then
++ echo "${plugincc}" >&2
++ fi
+ exit 1
+fi
+
@@ -161971,6 +162599,10 @@ index 0000000..fb92075
+ echo "$2"
+ exit 0
+fi
++
++if [ -n "$SHOW_ERROR" ] ; then
++ echo "${plugincc}" >&2
++fi
+exit 1
diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore
new file mode 100644
@@ -161981,67 +162613,45 @@ index 0000000..de92ed9
+randomize_layout_seed.h
diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
new file mode 100644
-index 0000000..ad7ca02
+index 0000000..ec5bc00
--- /dev/null
+++ b/scripts/gcc-plugins/Makefile
-@@ -0,0 +1,57 @@
-+#CC := gcc
-+#PLUGIN_SOURCE_FILES := pax_plugin.c
-+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
-+GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
-+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99
+@@ -0,0 +1,35 @@
++GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
+
+ifeq ($(PLUGINCC),$(HOSTCC))
-+HOSTLIBS := hostlibs
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
-+export HOST_EXTRACFLAGS
++ HOSTLIBS := hostlibs
++ HOST_EXTRACFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
++ export HOST_EXTRACFLAGS
+else
-+HOSTLIBS := hostcxxlibs
-+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -fno-exceptions -fasynchronous-unwind-tables -ggdb -Wall -W -Wno-unused-parameter -Wno-narrowing -Wno-unused-variable
-+export HOST_EXTRACXXFLAGS
++ HOSTLIBS := hostcxxlibs
++ HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti
++ HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
++ HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable
++ HOST_EXTRACXXFLAGS += -Wall -W -Wno-unused-parameter
++ export HOST_EXTRACXXFLAGS
+endif
+
-+export GCCPLUGINS_DIR HOSTLIBS
-+
-+$(HOSTLIBS)-$(CONFIG_PAX_CONSTIFY_PLUGIN) := constify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
-+$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
-+$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
-+$(HOSTLIBS)-y += colorize_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
-+$(HOSTLIBS)-y += initify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so
-+
-+subdir-$(CONFIG_PAX_SIZE_OVERFLOW) := size_overflow_plugin
-+subdir- += size_overflow_plugin
-+
-+subdir-$(CONFIG_PAX_RAP) += rap_plugin
-+subdir- += rap_plugin
++export HOSTLIBS
+
++$(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p)))
+always := $($(HOSTLIBS)-y)
-+
-+constify_plugin-objs := constify_plugin.o
-+stackleak_plugin-objs := stackleak_plugin.o
-+kallocstat_plugin-objs := kallocstat_plugin.o
-+kernexec_plugin-objs := kernexec_plugin.o
-+checker_plugin-objs := checker_plugin.o
-+colorize_plugin-objs := colorize_plugin.o
-+latent_entropy_plugin-objs := latent_entropy_plugin.o
-+structleak_plugin-objs := structleak_plugin.o
-+initify_plugin-objs := initify_plugin.o
-+randomize_layout_plugin-objs := randomize_layout_plugin.o
++$(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o))
+
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
+
+quiet_cmd_create_randomize_layout_seed = GENSEED $@
-+ cmd_create_randomize_layout_seed = \
++ cmd_create_randomize_layout_seed = \
+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
+ $(call if_changed,create_randomize_layout_seed)
-+
++
+targets += randomize_layout_seed.h randomize_layout_hash.h
++
++subdir-y := $(GCC_PLUGIN_SUBDIR)
++subdir- += $(GCC_PLUGIN_SUBDIR)
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c
new file mode 100644
index 0000000..efaf576
@@ -167639,14 +168249,16 @@ index 0000000..a716d7a
+}
diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile
new file mode 100644
-index 0000000..8171be8
+index 0000000..f2a0a03
--- /dev/null
+++ b/scripts/gcc-plugins/rap_plugin/Makefile
-@@ -0,0 +1,4 @@
+@@ -0,0 +1,6 @@
+$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so
+always := $($(HOSTLIBS)-y)
+
+rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c))
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h
new file mode 100644
index 0000000..f6a284d
@@ -168933,10 +169545,10 @@ index 0000000..c4b24b9
+size_overflow_hash_aux.h
diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile
new file mode 100644
-index 0000000..f74d85a
+index 0000000..a6418b4
--- /dev/null
+++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,30 @@
+HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf)
+
+$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so
@@ -168965,6 +169577,8 @@ index 0000000..f74d85a
+ $(call if_changed,build_disable_size_overflow_hash)
+
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
++
++clean-files += *.so
diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
new file mode 100644
index 0000000..e0a04a1
@@ -210718,10 +211332,10 @@ index 23ba1c6..cad2484 100755
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index e452378..8059bd2 100644
+index e452378..e634654 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,993 @@
+@@ -4,6 +4,994 @@
menu "Security options"
@@ -211673,7 +212287,8 @@ index e452378..8059bd2 100644
+ extract some entropy from both original and artificially created
+ program state. This will help especially embedded systems where
+ there is little 'natural' source of entropy normally. The cost
-+ is some slowdown of the boot process and fork and irq processing.
++ is some slowdown of the boot process (about 0.5%) and fork and
++ irq processing.
+
+ When pax_extra_latent_entropy is passed on the kernel command line,
+ entropy will be extracted from up to the first 4GB of RAM while the
@@ -211715,7 +212330,7 @@ index e452378..8059bd2 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1091,7 @@ config INTEL_TXT
+@@ -104,7 +1092,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-28 11:22 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-28 11:22 UTC (permalink / raw
To: gentoo-commits
commit: fe9cd0792773d512df74e504d2ef92946d02f6da
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 11:24:47 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jun 28 11:24:47 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fe9cd079
grsecurity-3.1-4.5.7-201606280009
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606280009.patch} | 32 ++++++++++++----------
2 files changed, 18 insertions(+), 16 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index b74a9dd..bdf9f5e 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606280009.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
index 3d3b9d3..f3179f6 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..f651515 100644
+index dcd4ac7..7a1a7dc 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,8 +56,20 @@
@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
argv, envp, flags);
}
#endif
@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644
+ printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-+ preempt_disable();
-+ show_regs(regs);
-+ preempt_enable();
-+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
++ BUG();
+}
+#endif
+
@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644
if (wo->wo_flags & __WNOTHREAD)
break;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 2e391c7..4af22a9 100644
+index 2e391c7..87a5bfe 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
if (p->real_cred->user != INIT_USER &&
-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_cancel_cgroup;
}
@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644
+ */
+ gr_copy_label(p);
+
++#ifdef CONFIG_GRKERNSEC_SETXID
++ if (p->delayed_cred)
++ get_cred(p->delayed_cred);
++#endif
++
if (likely(p->pid)) {
ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644
return ERR_PTR(retval);
}
-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags,
p = copy_process(clone_flags, stack_start, stack_size,
child_tidptr, NULL, trace, tls);
@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644
/*
* Do this prior waking up the new thread - the thread pointer
* might get invalid after that point, if the thread exits quickly.
-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void)
sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
NULL);
@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644
mmap_init();
nsproxy_cache_init();
}
-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644
new_fs = NULL;
else
new_fs = fs;
-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced)
int sysctl_max_threads(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-30 13:09 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-30 13:09 UTC (permalink / raw
To: gentoo-commits
commit: 9efc134b4d978753db4dd108ac3fb9e5b8f0a52b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 13:12:16 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 13:12:16 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=9efc134b
grsecurity-3.1-4.5.7-201606282216
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606282216.patch} | 680 ++++++++++++++++-----
2 files changed, 524 insertions(+), 158 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index bdf9f5e..b74e534 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606280009.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606282216.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
index f3179f6..01f7898 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
@@ -8554,6 +8554,37 @@ index 523673d..4aeef3b 100644
: "=&r"(tmp)
: "r"(&rw->lock)
: "cr0", "xer", "memory");
+diff --git a/arch/powerpc/include/asm/string.h b/arch/powerpc/include/asm/string.h
+index e40010a..d3c3d6b 100644
+--- a/arch/powerpc/include/asm/string.h
++++ b/arch/powerpc/include/asm/string.h
+@@ -15,17 +15,17 @@
+ #define __HAVE_ARCH_MEMCMP
+ #define __HAVE_ARCH_MEMCHR
+
+-extern char * strcpy(char *,const char *);
+-extern char * strncpy(char *,const char *, __kernel_size_t);
++extern char * strcpy(char *,const char *) __nocapture(2);
++extern char * strncpy(char *,const char *, __kernel_size_t) __nocapture(2);
+ extern __kernel_size_t strlen(const char *);
+-extern int strcmp(const char *,const char *);
+-extern int strncmp(const char *, const char *, __kernel_size_t);
+-extern char * strcat(char *, const char *);
++extern int strcmp(const char *,const char *) __nocapture(1, 2);
++extern int strncmp(const char *, const char *, __kernel_size_t) __nocapture(1, 2);
++extern char * strcat(char *, const char *) __nocapture(2);
+ extern void * memset(void *,int,__kernel_size_t);
+-extern void * memcpy(void *,const void *,__kernel_size_t);
+-extern void * memmove(void *,const void *,__kernel_size_t);
+-extern int memcmp(const void *,const void *,__kernel_size_t);
+-extern void * memchr(const void *,int,__kernel_size_t);
++extern void * memcpy(void *,const void *,__kernel_size_t) __nocapture(2);
++extern void * memmove(void *,const void *,__kernel_size_t) __nocapture(2);
++extern int memcmp(const void *,const void *,__kernel_size_t) __nocapture(1, 2);
++extern void * memchr(const void *,int,__kernel_size_t) __nocapture(1);
+
+ #endif /* __KERNEL__ */
+
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
index 7efee4a..48d47cc 100644
--- a/arch/powerpc/include/asm/thread_info.h
@@ -12410,7 +12441,7 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3bf45a0..25ca7da 100644
+index 3bf45a0..b08241b 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -38,14 +38,13 @@ config X86
@@ -12446,7 +12477,23 @@ index 3bf45a0..25ca7da 100644
select HAVE_GENERIC_DMA_COHERENT if X86_32
select HAVE_HW_BREAKPOINT
select HAVE_IDE
-@@ -290,7 +290,7 @@ config X86_64_SMP
+@@ -184,11 +184,13 @@ config MMU
+ def_bool y
+
+ config ARCH_MMAP_RND_BITS_MIN
+- default 28 if 64BIT
++ default 28 if 64BIT && !PAX_PER_CPU_PGD
++ default 27 if 64BIT && PAX_PER_CPU_PGD
+ default 8
+
+ config ARCH_MMAP_RND_BITS_MAX
+- default 32 if 64BIT
++ default 32 if 64BIT && !PAX_PER_CPU_PGD
++ default 27 if 64BIT && PAX_PER_CPU_PGD
+ default 16
+
+ config ARCH_MMAP_RND_COMPAT_BITS_MIN
+@@ -290,7 +292,7 @@ config X86_64_SMP
config X86_32_LAZY_GS
def_bool y
@@ -12455,7 +12502,7 @@ index 3bf45a0..25ca7da 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -674,6 +674,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -674,6 +676,7 @@ config SCHED_OMIT_FRAME_POINTER
menuconfig HYPERVISOR_GUEST
bool "Linux guest support"
@@ -12463,7 +12510,7 @@ index 3bf45a0..25ca7da 100644
---help---
Say Y here to enable options for running Linux under various hyper-
visors. This option enables basic hypervisor detection and platform
-@@ -1073,6 +1074,7 @@ config VM86
+@@ -1073,6 +1076,7 @@ config VM86
config X86_16BIT
bool "Enable support for 16-bit segments" if EXPERT
@@ -12471,7 +12518,7 @@ index 3bf45a0..25ca7da 100644
default y
depends on MODIFY_LDT_SYSCALL
---help---
-@@ -1227,6 +1229,7 @@ choice
+@@ -1227,6 +1231,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -12479,7 +12526,7 @@ index 3bf45a0..25ca7da 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1263,6 +1266,7 @@ config NOHIGHMEM
+@@ -1263,6 +1268,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -12487,7 +12534,7 @@ index 3bf45a0..25ca7da 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1315,7 +1319,7 @@ config PAGE_OFFSET
+@@ -1315,7 +1321,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -12496,7 +12543,7 @@ index 3bf45a0..25ca7da 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1336,7 +1340,6 @@ config X86_PAE
+@@ -1336,7 +1342,6 @@ config X86_PAE
config ARCH_PHYS_ADDR_T_64BIT
def_bool y
@@ -12504,7 +12551,7 @@ index 3bf45a0..25ca7da 100644
config ARCH_DMA_ADDR_T_64BIT
def_bool y
-@@ -1467,7 +1470,7 @@ config ARCH_PROC_KCORE_TEXT
+@@ -1467,7 +1472,7 @@ config ARCH_PROC_KCORE_TEXT
config ILLEGAL_POINTER_VALUE
hex
@@ -12513,7 +12560,7 @@ index 3bf45a0..25ca7da 100644
default 0xdead000000000000 if X86_64
source "mm/Kconfig"
-@@ -1776,6 +1779,7 @@ source kernel/Kconfig.hz
+@@ -1776,6 +1781,7 @@ source kernel/Kconfig.hz
config KEXEC
bool "kexec system call"
select KEXEC_CORE
@@ -12521,7 +12568,7 @@ index 3bf45a0..25ca7da 100644
---help---
kexec is a system call that implements the ability to shutdown your
current kernel, and to start another kernel. It is like a reboot
-@@ -1958,7 +1962,9 @@ config X86_NEED_RELOCS
+@@ -1958,7 +1964,9 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned"
@@ -12532,7 +12579,7 @@ index 3bf45a0..25ca7da 100644
range 0x2000 0x1000000 if X86_32
range 0x200000 0x1000000 if X86_64
---help---
-@@ -2041,6 +2047,7 @@ config COMPAT_VDSO
+@@ -2041,6 +2049,7 @@ config COMPAT_VDSO
def_bool n
prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
depends on X86_32 || IA32_EMULATION
@@ -12540,7 +12587,7 @@ index 3bf45a0..25ca7da 100644
---help---
Certain buggy versions of glibc will crash if they are
presented with a 32-bit vDSO that is not mapped at the address
-@@ -2081,15 +2088,6 @@ choice
+@@ -2081,15 +2090,6 @@ choice
If unsure, select "Emulate".
@@ -12556,7 +12603,7 @@ index 3bf45a0..25ca7da 100644
config LEGACY_VSYSCALL_EMULATE
bool "Emulate"
help
-@@ -2170,6 +2168,22 @@ config MODIFY_LDT_SYSCALL
+@@ -2170,6 +2170,22 @@ config MODIFY_LDT_SYSCALL
Saying 'N' here may make sense for embedded or server kernels.
@@ -12995,22 +13042,6 @@ index db75d07..8e6d0af 100644
struct biosregs ireg, oreg;
struct e820entry *desc = boot_params.e820_map;
static struct e820entry buf; /* static so it is zeroed */
-diff --git a/arch/x86/boot/string.h b/arch/x86/boot/string.h
-index 725e820..d7ea2759 100644
---- a/arch/x86/boot/string.h
-+++ b/arch/x86/boot/string.h
-@@ -6,9 +6,9 @@
- #undef memset
- #undef memcmp
-
--void *memcpy(void *dst, const void *src, size_t len);
-+void *memcpy(void *dst, const void *src, size_t len) __nocapture(2);
- void *memset(void *dst, int c, size_t len);
--int memcmp(const void *s1, const void *s2, size_t len);
-+int memcmp(const void *s1, const void *s2, size_t len) __nocapture(1, 2);
-
- /*
- * Access builtin version by default. If one needs to use optimized version,
diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
index ba3e100..6501b8f 100644
--- a/arch/x86/boot/video-vesa.c
@@ -43254,6 +43285,40 @@ index aa872d2..afeae37 100644
/**
* struct samsung_clk_reg_dump: register dump of clock controller registers.
+diff --git a/drivers/clk/socfpga/clk-gate-a10.c b/drivers/clk/socfpga/clk-gate-a10.c
+index 1cebf25..ff2186f 100644
+--- a/drivers/clk/socfpga/clk-gate-a10.c
++++ b/drivers/clk/socfpga/clk-gate-a10.c
+@@ -19,6 +19,7 @@
+ #include <linux/mfd/syscon.h>
+ #include <linux/of.h>
+ #include <linux/regmap.h>
++#include <asm/pgtable.h>
+
+ #include "clk.h"
+
+@@ -97,7 +98,7 @@ static int socfpga_clk_prepare(struct clk_hw *hwclk)
+ return 0;
+ }
+
+-static struct clk_ops gateclk_ops = {
++static clk_ops_no_const gateclk_ops __read_only = {
+ .prepare = socfpga_clk_prepare,
+ .recalc_rate = socfpga_gate_clk_recalc_rate,
+ };
+@@ -129,8 +130,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
+ socfpga_clk->hw.reg = clk_mgr_a10_base_addr + clk_gate[0];
+ socfpga_clk->hw.bit_idx = clk_gate[1];
+
+- gateclk_ops.enable = clk_gate_ops.enable;
+- gateclk_ops.disable = clk_gate_ops.disable;
++ pax_open_kernel();
++ const_cast(gateclk_ops.enable) = clk_gate_ops.enable;
++ const_cast(gateclk_ops.disable) = clk_gate_ops.disable;
++ pax_close_kernel();
+ }
+
+ rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c
index aa7a6e6..1e9b426 100644
--- a/drivers/clk/socfpga/clk-gate.c
@@ -43288,6 +43353,40 @@ index aa7a6e6..1e9b426 100644
}
rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
+diff --git a/drivers/clk/socfpga/clk-pll-a10.c b/drivers/clk/socfpga/clk-pll-a10.c
+index 402d630..d8590c8 100644
+--- a/drivers/clk/socfpga/clk-pll-a10.c
++++ b/drivers/clk/socfpga/clk-pll-a10.c
+@@ -18,6 +18,7 @@
+ #include <linux/io.h>
+ #include <linux/of.h>
+ #include <linux/of_address.h>
++#include <asm/pgtable.h>
+
+ #include "clk.h"
+
+@@ -69,7 +70,7 @@ static u8 clk_pll_get_parent(struct clk_hw *hwclk)
+ CLK_MGR_PLL_CLK_SRC_MASK;
+ }
+
+-static struct clk_ops clk_pll_ops = {
++static clk_ops_no_const clk_pll_ops __read_only = {
+ .recalc_rate = clk_pll_recalc_rate,
+ .get_parent = clk_pll_get_parent,
+ };
+@@ -112,8 +113,10 @@ static struct __init clk * __socfpga_pll_init(struct device_node *node,
+ pll_clk->hw.hw.init = &init;
+
+ pll_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
+- clk_pll_ops.enable = clk_gate_ops.enable;
+- clk_pll_ops.disable = clk_gate_ops.disable;
++ pax_open_kernel();
++ const_cast(clk_pll_ops.enable) = clk_gate_ops.enable;
++ const_cast(clk_pll_ops.disable) = clk_gate_ops.disable;
++ pax_close_kernel();
+
+ clk = clk_register(NULL, &pll_clk->hw.hw);
+ if (WARN_ON(IS_ERR(clk))) {
diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
index c7f4631..8d1b7d0 100644
--- a/drivers/clk/socfpga/clk-pll.c
@@ -48960,19 +49059,18 @@ index 1161d68..7a42e2c 100644
packetlen_aligned = ALIGN(packetlen, sizeof(u64));
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 11bca51..360c83e 100644
+index 11bca51..cc7da6f 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
-@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = {
+@@ -183,6 +183,7 @@ static struct clocksource hyperv_cs_tsc = {
};
#endif
-+extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE);
-+asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;");
++static char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE) __used __section(".text");
/*
* hv_init - Main initialization routine.
-@@ -193,7 +195,6 @@ int hv_init(void)
+@@ -193,7 +194,6 @@ int hv_init(void)
{
int max_leaf;
union hv_x64_msr_hypercall_contents hypercall_msr;
@@ -48980,7 +49078,7 @@ index 11bca51..360c83e 100644
memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
memset(hv_context.synic_message_page, 0,
-@@ -218,14 +219,9 @@ int hv_init(void)
+@@ -218,14 +218,9 @@ int hv_init(void)
/* See if the hypercall page is already set */
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
@@ -48996,7 +49094,7 @@ index 11bca51..360c83e 100644
wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
/* Confirm that hypercall page did get setup. */
-@@ -235,7 +231,7 @@ int hv_init(void)
+@@ -235,7 +230,7 @@ int hv_init(void)
if (!hypercall_msr.enable)
goto cleanup;
@@ -49005,7 +49103,7 @@ index 11bca51..360c83e 100644
#ifdef CONFIG_X86_64
if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
-@@ -259,13 +255,9 @@ int hv_init(void)
+@@ -259,13 +254,9 @@ int hv_init(void)
return 0;
cleanup:
@@ -49022,7 +49120,7 @@ index 11bca51..360c83e 100644
}
return -ENOTSUPP;
-@@ -286,7 +278,6 @@ void hv_cleanup(void)
+@@ -286,7 +277,6 @@ void hv_cleanup(void)
if (hv_context.hypercall_page) {
hypercall_msr.as_uint64 = 0;
wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
@@ -49160,7 +49258,7 @@ index 579bdf9..0dac21d5 100644
enable_cap_knobs, "IBM Active Energy Manager",
{
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
-index 0af7fd3..2701c0a 100644
+index 0af7fd3..9aade6a 100644
--- a/drivers/hwmon/applesmc.c
+++ b/drivers/hwmon/applesmc.c
@@ -1105,7 +1105,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
@@ -49172,6 +49270,15 @@ index 0af7fd3..2701c0a 100644
int ret, i;
for (grp = groups; grp->format; grp++) {
+@@ -1242,7 +1242,7 @@ static int applesmc_dmi_match(const struct dmi_system_id *id)
+ * Note that DMI_MATCH(...,"MacBook") will match "MacBookPro1,1".
+ * So we need to put "Apple MacBook Pro" before "Apple MacBook".
+ */
+-static __initdata struct dmi_system_id applesmc_whitelist[] = {
++static __initconst struct dmi_system_id applesmc_whitelist[] = {
+ { applesmc_dmi_match, "Apple MacBook Air", {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Apple"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir") },
diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c
index cccef87..06ce8ec 100644
--- a/drivers/hwmon/asus_atk0110.c
@@ -49214,7 +49321,7 @@ index 6a27eb2..349ed23 100644
};
diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
-index c43318d..72f7656 100644
+index c43318d..2574fc5 100644
--- a/drivers/hwmon/dell-smm-hwmon.c
+++ b/drivers/hwmon/dell-smm-hwmon.c
@@ -819,7 +819,7 @@ static const struct i8k_config_data i8k_config_data[] = {
@@ -49222,10 +49329,19 @@ index c43318d..72f7656 100644
};
-static struct dmi_system_id i8k_dmi_table[] __initdata = {
-+static const struct dmi_system_id i8k_dmi_table[] __initconst = {
++static struct dmi_system_id i8k_dmi_table[] __initconst = {
{
.ident = "Dell Inspiron",
.matches = {
+@@ -929,7 +929,7 @@ static struct dmi_system_id i8k_dmi_table[] __initdata = {
+
+ MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
+
+-static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
++static struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
+ {
+ /*
+ * CPU fan speed going up and down on Dell Studio XPS 8000
diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c
index 1f64378..2b6e615 100644
--- a/drivers/hwmon/ibmaem.c
@@ -51034,7 +51150,7 @@ index 59ee4b8..e4b6234 100644
if (smmu->features & ARM_SMMU_FEAT_TRANS_S1)
diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
-index 381ca5a..f383021 100644
+index 381ca5a..6443bb0 100644
--- a/drivers/iommu/io-pgtable-arm.c
+++ b/drivers/iommu/io-pgtable-arm.c
@@ -39,9 +39,6 @@
@@ -51114,7 +51230,14 @@ index 381ca5a..f383021 100644
return data;
}
-@@ -911,9 +909,9 @@ static struct iommu_gather_ops dummy_tlb_ops __initdata = {
+@@ -905,15 +903,15 @@ static void dummy_tlb_sync(void *cookie)
+ WARN_ON(cookie != cfg_cookie);
+ }
+
+-static struct iommu_gather_ops dummy_tlb_ops __initdata = {
++static struct iommu_gather_ops dummy_tlb_ops __initconst = {
+ .tlb_flush_all = dummy_tlb_flush_all,
+ .tlb_add_flush = dummy_tlb_add_flush,
.tlb_sync = dummy_tlb_sync,
};
@@ -53132,6 +53255,32 @@ index 67c2187..fc71e33 100644
hc->timeout_tl.data = (ulong)hc;
init_timer(&hc->timeout_tl);
hc->timeout_on = 0; /* state that we have timer off */
+diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c
+index 0f9ed1e..2715d6f 100644
+--- a/drivers/leds/leds-clevo-mail.c
++++ b/drivers/leds/leds-clevo-mail.c
+@@ -40,7 +40,7 @@ static int __init clevo_mail_led_dmi_callback(const struct dmi_system_id *id)
+ * detected as working, but in reality it is not) as low as
+ * possible.
+ */
+-static struct dmi_system_id clevo_mail_led_dmi_table[] __initdata = {
++static struct dmi_system_id clevo_mail_led_dmi_table[] __initconst = {
+ {
+ .callback = clevo_mail_led_dmi_callback,
+ .ident = "Clevo D410J",
+diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c
+index 046cb70..6b20d39 100644
+--- a/drivers/leds/leds-ss4200.c
++++ b/drivers/leds/leds-ss4200.c
+@@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
+ * detected as working, but in reality it is not) as low as
+ * possible.
+ */
+-static struct dmi_system_id nas_led_whitelist[] __initdata = {
++static struct dmi_system_id nas_led_whitelist[] __initconst = {
+ {
+ .callback = ss4200_led_dmi_callback,
+ .ident = "Intel SS4200-E",
diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
index 9e385b3..7077882 100644
--- a/drivers/lguest/core.c
@@ -68239,6 +68388,19 @@ index 523b6b7..eb4c74d 100644
/* Disable irqs of this PIO controller */
writel_relaxed(~0, at91_gpio->regbase + PIO_IDR);
+diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
+index 2b441e9..855d867 100644
+--- a/drivers/platform/chrome/chromeos_laptop.c
++++ b/drivers/platform/chrome/chromeos_laptop.c
+@@ -498,7 +498,7 @@ static struct chromeos_laptop cr48 = {
+ .callback = chromeos_laptop_dmi_matched, \
+ .driver_data = (void *)&board_
+
+-static struct dmi_system_id chromeos_laptop_dmi_table[] __initdata = {
++static struct dmi_system_id chromeos_laptop_dmi_table[] __initconst = {
+ {
+ .ident = "Samsung Series 5 550",
+ .matches = {
diff --git a/drivers/platform/chrome/chromeos_pstore.c b/drivers/platform/chrome/chromeos_pstore.c
index 3474920..acc9581 100644
--- a/drivers/platform/chrome/chromeos_pstore.c
@@ -68252,6 +68414,19 @@ index 3474920..acc9581 100644
{
/*
* Today all Chromebooks/boxes ship with Google_* as version and
+diff --git a/drivers/platform/chrome/cros_ec_lpc.c b/drivers/platform/chrome/cros_ec_lpc.c
+index f9a2454..03f513c 100644
+--- a/drivers/platform/chrome/cros_ec_lpc.c
++++ b/drivers/platform/chrome/cros_ec_lpc.c
+@@ -300,7 +300,7 @@ static int cros_ec_lpc_remove(struct platform_device *pdev)
+ return 0;
+ }
+
+-static struct dmi_system_id cros_ec_lpc_dmi_table[] __initdata = {
++static struct dmi_system_id cros_ec_lpc_dmi_table[] __initconst = {
+ {
+ /*
+ * Today all Chromebooks/boxes ship with Google_* as version and
diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c
index 1e1e594..8fe59c5 100644
--- a/drivers/platform/x86/alienware-wmi.c
@@ -112988,7 +113163,7 @@ index b6c00ce..ab37ad1 100644
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 45f2162..6484c0f 100644
+index 45f2162..284806a 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -113,6 +113,14 @@ struct pid_entry {
@@ -113149,18 +113324,40 @@ index 45f2162..6484c0f 100644
/*
* Let's make getdents(), stat(), and open()
* consistent with each other. If a process
-@@ -811,6 +871,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
+@@ -804,13 +864,24 @@ static const struct file_operations proc_single_file_operations = {
+ };
+
+-struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
++struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id)
+ {
+ struct task_struct *task = get_proc_task(inode);
+ struct mm_struct *mm = ERR_PTR(-ESRCH);
+
++ if (ptracer_exec_id)
++ *ptracer_exec_id = 0;
++
if (task) {
mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
+ if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
+ mmput(mm);
+ mm = ERR_PTR(-EPERM);
+ }
++#ifdef CONFIG_GRKERNSEC
++ if (ptracer_exec_id)
++ current_is_ptracer(task, ptracer_exec_id);
++#endif
put_task_struct(task);
if (!IS_ERR_OR_NULL(mm)) {
-@@ -832,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -826,12 +897,17 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
+
+ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+ {
+- struct mm_struct *mm = proc_mem_open(inode, mode);
++ struct mm_struct *mm = proc_mem_open(inode, mode, NULL);
+
+ if (IS_ERR(mm))
return PTR_ERR(mm);
file->private_data = mm;
@@ -113172,25 +113369,34 @@ index 45f2162..6484c0f 100644
return 0;
}
-@@ -853,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -853,6 +929,26 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
+#ifdef CONFIG_GRKERNSEC
-+ if (write)
++ struct task_struct *task = get_proc_task(file_inode(file));
++ bool is_by_ptracer = false;
++
++ if (task) {
++ is_by_ptracer = current_is_ptracer(task, NULL);
++ put_task_struct(task);
++ }
++
++ if (write && !is_by_ptracer)
+ return -EPERM;
-+#endif
++
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ if (file->f_version != current->exec_id) {
++ if (file->f_version != current->exec_id && !is_by_ptracer) {
+ gr_log_badprocpid("mem");
+ return 0;
+ }
+#endif
++#endif
+
if (!mm)
return 0;
-@@ -865,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -865,7 +961,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
goto free;
while (count > 0) {
@@ -113199,7 +113405,7 @@ index 45f2162..6484c0f 100644
if (write && copy_from_user(page, buf, this_len)) {
copied = -EFAULT;
-@@ -959,6 +1039,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -959,6 +1055,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!mm || !mm->env_end)
return 0;
@@ -113213,7 +113419,7 @@ index 45f2162..6484c0f 100644
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
return -ENOMEM;
-@@ -972,9 +1059,12 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -972,9 +1075,12 @@ static ssize_t environ_read(struct file *file, char __user *buf,
env_end = mm->env_end;
up_read(&mm->mmap_sem);
@@ -113227,7 +113433,7 @@ index 45f2162..6484c0f 100644
if (src >= (env_end - env_start))
break;
-@@ -1584,7 +1674,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
+@@ -1584,7 +1690,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
return ERR_PTR(-ECHILD);
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -113236,7 +113442,7 @@ index 45f2162..6484c0f 100644
goto out;
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1628,8 +1718,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1628,8 +1734,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -113257,7 +113463,7 @@ index 45f2162..6484c0f 100644
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1679,7 +1779,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1679,7 +1795,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -113269,7 +113475,7 @@ index 45f2162..6484c0f 100644
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1715,10 +1819,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1715,10 +1835,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
return -ENOENT;
}
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -113289,7 +113495,7 @@ index 45f2162..6484c0f 100644
}
}
rcu_read_unlock();
-@@ -1756,11 +1869,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1756,11 +1885,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -113310,7 +113516,7 @@ index 45f2162..6484c0f 100644
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2301,6 +2423,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2301,6 +2439,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -113320,7 +113526,7 @@ index 45f2162..6484c0f 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2331,6 +2456,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
+@@ -2331,6 +2472,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
if (!task)
return -ENOENT;
@@ -113330,7 +113536,7 @@ index 45f2162..6484c0f 100644
if (!dir_emit_dots(file, ctx))
goto out;
-@@ -2743,7 +2871,9 @@ static const struct inode_operations proc_task_inode_operations;
+@@ -2743,7 +2887,9 @@ static const struct inode_operations proc_task_inode_operations;
static const struct pid_entry tgid_base_stuff[] = {
DIR("task", S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
DIR("fd", S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
@@ -113340,7 +113546,7 @@ index 45f2162..6484c0f 100644
DIR("fdinfo", S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
DIR("ns", S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
#ifdef CONFIG_NET
-@@ -2761,7 +2891,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2761,7 +2907,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -113349,7 +113555,7 @@ index 45f2162..6484c0f 100644
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
-@@ -2786,10 +2916,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2786,10 +2932,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -113362,7 +113568,7 @@ index 45f2162..6484c0f 100644
ONE("stack", S_IRUSR, proc_pid_stack),
#endif
#ifdef CONFIG_SCHED_INFO
-@@ -2823,6 +2953,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2823,6 +2969,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
ONE("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -113372,7 +113578,7 @@ index 45f2162..6484c0f 100644
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2955,7 +3088,14 @@ static int proc_pid_instantiate(struct inode *dir,
+@@ -2955,7 +3104,14 @@ static int proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -113387,7 +113593,7 @@ index 45f2162..6484c0f 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2993,7 +3133,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2993,7 +3149,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
@@ -113399,7 +113605,7 @@ index 45f2162..6484c0f 100644
put_task_struct(task);
out:
return ERR_PTR(result);
-@@ -3107,7 +3251,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3107,7 +3267,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -113408,7 +113614,7 @@ index 45f2162..6484c0f 100644
ONE("syscall", S_IRUSR, proc_pid_syscall),
#endif
REG("cmdline", S_IRUGO, proc_pid_cmdline_ops),
-@@ -3134,10 +3278,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3134,10 +3294,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -113653,7 +113859,7 @@ index 42305dd..968caba 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index aa27810..9f2d3b2 100644
+index aa27810..6f98bdd 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
@@ -47,9 +47,10 @@ struct proc_dir_entry {
@@ -113700,6 +113906,21 @@ index aa27810..9f2d3b2 100644
extern int proc_readdir_de(struct proc_dir_entry *, struct file *, struct dir_context *);
static inline struct proc_dir_entry *pde_get(struct proc_dir_entry *pde)
+@@ -285,9 +292,12 @@ struct proc_maps_private {
+ #ifdef CONFIG_NUMA
+ struct mempolicy *task_mempolicy;
+ #endif
+-};
++#ifdef CONFIG_GRKERNSEC
++ u64 ptracer_exec_id;
++#endif
++} __randomize_layout;
+
+-struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode);
++struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id);
+
+ extern const struct file_operations proc_pid_maps_operations;
+ extern const struct file_operations proc_tid_maps_operations;
diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c
index a352d57..cb94a5c 100644
--- a/fs/proc/interrupts.c
@@ -114256,7 +114477,7 @@ index 510413eb..34d9a8c 100644
seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 9d2f3e0..52c3ee0 100644
+index 9d2f3e0..0cb1d3f 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -15,12 +15,19 @@
@@ -114316,7 +114537,20 @@ index 9d2f3e0..52c3ee0 100644
hugetlb_report_usage(m, mm);
}
-@@ -281,7 +305,7 @@ static int is_stack(struct proc_maps_private *priv,
+@@ -230,7 +254,11 @@ static int proc_maps_open(struct inode *inode, struct file *file,
+ return -ENOMEM;
+
+ priv->inode = inode;
+- priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
++#ifdef CONFIG_GRKERNSEC
++ priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, &priv->ptracer_exec_id);
++#else
++ priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
++#endif
+ if (IS_ERR(priv->mm)) {
+ int err = PTR_ERR(priv->mm);
+
+@@ -281,11 +309,11 @@ static int is_stack(struct proc_maps_private *priv,
stack = vma_is_stack_for_task(vma, task);
rcu_read_unlock();
}
@@ -114325,38 +114559,37 @@ index 9d2f3e0..52c3ee0 100644
}
static void
-@@ -304,13 +328,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+-show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
++show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid, bool restrict)
+ {
+ struct mm_struct *mm = vma->vm_mm;
+ struct file *file = vma->vm_file;
+@@ -304,13 +332,8 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
}
- /* We don't show the stack guard page in /proc/maps */
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ start = PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start;
-+ end = PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end;
-+#else
- start = vma->vm_start;
+- start = vma->vm_start;
- if (stack_guard_page_start(vma, start))
- start += PAGE_SIZE;
- end = vma->vm_end;
+- end = vma->vm_end;
- if (stack_guard_page_end(vma, end))
- end -= PAGE_SIZE;
-+#endif
++ start = restrict ? 0UL : vma->vm_start;
++ end = restrict ? 0UL : vma->vm_end;
seq_setwidth(m, 25 + sizeof(void *) * 6 - 1);
seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ",
-@@ -320,7 +344,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -320,7 +343,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
flags & VM_WRITE ? 'w' : '-',
flags & VM_EXEC ? 'x' : '-',
flags & VM_MAYSHARE ? 's' : 'p',
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
-+#else
- pgoff,
-+#endif
+- pgoff,
++ restrict ? 0UL : pgoff,
MAJOR(dev), MINOR(dev), ino);
/*
-@@ -329,7 +357,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -329,7 +352,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
*/
if (file) {
seq_pad(m, ' ');
@@ -114365,20 +114598,29 @@ index 9d2f3e0..52c3ee0 100644
goto done;
}
-@@ -366,6 +394,12 @@ done:
+@@ -366,7 +389,20 @@ done:
static int show_map(struct seq_file *m, void *v, int is_pid)
{
+- show_map_vma(m, v, is_pid);
++ bool restrict = false;
++
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ if (current->exec_id != m->exec_id) {
++ struct vm_area_struct *vma = (struct vm_area_struct *)v;
++ struct proc_maps_private *priv = m->private;
++ restrict = current->exec_id != priv->ptracer_exec_id;
++ if (current->exec_id != m->exec_id && restrict) {
+ gr_log_badprocpid("maps");
+ return 0;
+ }
++ if (restrict)
++ restrict = PAX_RAND_FLAGS(vma->vm_mm);
+#endif
- show_map_vma(m, v, is_pid);
++ show_map_vma(m, v, is_pid, restrict);
m_cache_vma(m, v);
return 0;
-@@ -646,6 +680,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
+ }
+@@ -646,6 +682,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
[ilog2(VM_RAND_READ)] = "rr",
[ilog2(VM_DONTCOPY)] = "dc",
[ilog2(VM_DONTEXPAND)] = "de",
@@ -114388,9 +114630,11 @@ index 9d2f3e0..52c3ee0 100644
[ilog2(VM_ACCOUNT)] = "ac",
[ilog2(VM_NORESERVE)] = "nr",
[ilog2(VM_HUGETLB)] = "ht",
-@@ -715,6 +752,12 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -714,7 +753,14 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ .mm = vma->vm_mm,
.private = &mss,
};
++ bool restrict = false;
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
+ if (current->exec_id != m->exec_id) {
@@ -114401,33 +114645,44 @@ index 9d2f3e0..52c3ee0 100644
memset(&mss, 0, sizeof mss);
#ifdef CONFIG_SHMEM
-@@ -741,8 +784,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -741,10 +787,15 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
}
#endif
- /* mmap_sem is held in m_start */
- walk_page_vma(vma, &smaps_walk);
+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ if (!PAX_RAND_FLAGS(vma->vm_mm))
++ if (PAX_RAND_FLAGS(vma->vm_mm))
++ restrict = true;
++ else
+#endif
+ /* mmap_sem is held in m_start */
+ walk_page_vma(vma, &smaps_walk);
- show_map_vma(m, vma, is_pid);
+- show_map_vma(m, vma, is_pid);
++ show_map_vma(m, vma, is_pid, restrict);
-@@ -764,7 +810,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ seq_printf(m,
+ "Size: %8lu kB\n"
+@@ -764,7 +815,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
"KernelPageSize: %8lu kB\n"
"MMUPageSize: %8lu kB\n"
"Locked: %8lu kB\n",
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+ PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
-+#else
- (vma->vm_end - vma->vm_start) >> 10,
-+#endif
+- (vma->vm_end - vma->vm_start) >> 10,
++ restrict ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
-@@ -1615,6 +1665,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1412,7 +1463,7 @@ static int pagemap_open(struct inode *inode, struct file *file)
+ {
+ struct mm_struct *mm;
+
+- mm = proc_mem_open(inode, PTRACE_MODE_READ);
++ mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
+ if (IS_ERR(mm))
+ return PTR_ERR(mm);
+ file->private_data = mm;
+@@ -1615,6 +1666,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
char buffer[64];
int nid;
@@ -114441,7 +114696,7 @@ index 9d2f3e0..52c3ee0 100644
if (!mm)
return 0;
-@@ -1629,11 +1686,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1629,11 +1687,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
}
@@ -114459,7 +114714,7 @@ index 9d2f3e0..52c3ee0 100644
seq_puts(m, " heap");
} else if (is_stack(proc_priv, vma, is_pid)) {
diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
-index faacb0c..ce736cd 100644
+index faacb0c..b185575 100644
--- a/fs/proc/task_nommu.c
+++ b/fs/proc/task_nommu.c
@@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
@@ -114489,6 +114744,15 @@ index faacb0c..ce736cd 100644
} else if (mm && is_stack(priv, vma, is_pid)) {
seq_pad(m, ' ');
seq_printf(m, "[stack]");
+@@ -287,7 +287,7 @@ static int maps_open(struct inode *inode, struct file *file,
+ return -ENOMEM;
+
+ priv->inode = inode;
+- priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
++ priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
+ if (IS_ERR(priv->mm)) {
+ int err = PTR_ERR(priv->mm);
+
diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
index 4e61388..1a2523d 100644
--- a/fs/proc/vmcore.c
@@ -131914,6 +132178,19 @@ index 792c898..3f045d6 100644
atomic_t numainfo_updating;
#endif
+diff --git a/include/linux/memory.h b/include/linux/memory.h
+index 8b8d8d1..75abd50 100644
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -123,7 +123,7 @@ extern struct memory_block *find_memory_block(struct mem_section *);
+
+ #ifdef CONFIG_MEMORY_HOTPLUG
+ #define hotplug_memory_notifier(fn, pri) ({ \
+- static __meminitdata struct notifier_block fn##_mem_nb =\
++ static __meminitconst struct notifier_block fn##_mem_nb =\
+ { .notifier_call = fn, .priority = pri };\
+ register_memory_notifier(&fn##_mem_nb); \
+ })
diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
index 2696c1f..9320d41 100644
--- a/include/linux/mempolicy.h
@@ -133552,7 +133829,7 @@ index 556ec1e..38c19c9 100644
/*
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a10494a..2d7faf1 100644
+index a10494a..3ab8d31 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -7,7 +7,7 @@
@@ -133825,7 +134102,7 @@ index a10494a..2d7faf1 100644
{
return tsk->pid;
}
-@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2289,6 +2397,46 @@ extern u64 sched_clock_cpu(int cpu);
extern void sched_clock_init(void);
@@ -133848,10 +134125,31 @@ index a10494a..2d7faf1 100644
+}
+#endif
+
++#ifdef CONFIG_GRKERNSEC
++static inline bool current_is_ptracer(struct task_struct *task, u64 *exec_id)
++{
++ bool ret = false;
++ if (!task->ptrace)
++ return ret;
++
++ rcu_read_lock();
++ read_lock(&tasklist_lock);
++ if (task->parent && task->parent == current) {
++ ret = true;
++ if (exec_id)
++ *exec_id = task->parent->exec_id;
++ }
++ read_unlock(&tasklist_lock);
++ rcu_read_unlock();
++
++ return ret;
++}
++#endif
++
#ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
static inline void sched_clock_tick(void)
{
-@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
+@@ -2417,7 +2565,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
void yield(void);
union thread_union {
@@ -133861,7 +134159,7 @@ index a10494a..2d7faf1 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2450,6 +2600,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -133869,7 +134167,7 @@ index a10494a..2d7faf1 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void);
+@@ -2481,7 +2632,7 @@ extern void proc_caches_init(void);
extern void flush_signals(struct task_struct *);
extern void ignore_signals(struct task_struct *);
extern void flush_signal_handlers(struct task_struct *, int force_default);
@@ -133878,7 +134176,7 @@ index a10494a..2d7faf1 100644
static inline int kernel_dequeue_signal(siginfo_t *info)
{
-@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2635,7 +2786,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -133887,7 +134185,7 @@ index a10494a..2d7faf1 100644
extern int do_execve(struct filename *,
const char __user * const __user *,
-@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p)
+@@ -2750,11 +2901,13 @@ static inline int thread_group_empty(struct task_struct *p)
* It must not be nested with write_lock_irq(&tasklist_lock),
* neither inside nor outside.
*/
@@ -133901,7 +134199,7 @@ index a10494a..2d7faf1 100644
static inline void task_unlock(struct task_struct *p)
{
spin_unlock(&p->alloc_lock);
-@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2840,9 +2993,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#define task_stack_end_corrupted(task) \
(*(end_of_stack(task)) != STACK_END_MAGIC)
@@ -162129,10 +162427,10 @@ index 53449a6..c1fd180 100644
warning-2 += -Wdisabled-optimization
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
new file mode 100644
-index 0000000..97e7a48
+index 0000000..3dfdd31
--- /dev/null
+++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,96 @@
+@@ -0,0 +1,98 @@
+ifdef CONFIG_GCC_PLUGINS
+ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
+ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
@@ -162180,6 +162478,8 @@ index 0000000..97e7a48
+
+ gcc-plugin-y += initify_plugin.so
+ gcc-plugin-cflags-y += -DINITIFY_PLUGIN
++# -fplugin-arg-initify_plugin-search_init_exit_functions
++# gcc-plugin-cflags-y += -fplugin-arg-initify_plugin-verbose
+
+ gcc-plugin-subdir-$(CONFIG_PAX_RAP) += rap_plugin
+ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so
@@ -163326,10 +163626,10 @@ index 0000000..ffe60f6
+}
diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c
new file mode 100644
-index 0000000..7142f36
+index 0000000..e25c12c
--- /dev/null
+++ b/scripts/gcc-plugins/constify_plugin.c
-@@ -0,0 +1,521 @@
+@@ -0,0 +1,574 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu>
@@ -163355,10 +163655,25 @@ index 0000000..7142f36
+static bool enabled = true;
+
+static struct plugin_info const_plugin_info = {
-+ .version = "201605212045",
++ .version = "201606280200",
+ .help = "disable\tturn off constification\n",
+};
+
++static struct {
++ const char *name;
++ const char *asm_op;
++} const_sections[] = {
++ {".init.rodata", "\t.section\t.init.rodata,\"a\""},
++ {".ref.rodata", "\t.section\t.ref.rodata,\"a\""},
++ {".devinit.rodata", "\t.section\t.devinit.rodata,\"a\""},
++ {".devexit.rodata", "\t.section\t.devexit.rodata,\"a\""},
++ {".cpuinit.rodata", "\t.section\t.cpuinit.rodata,\"a\""},
++ {".cpuexit.rodata", "\t.section\t.cpuexit.rodata,\"a\""},
++ {".meminit.rodata", "\t.section\t.meminit.rodata,\"a\""},
++ {".memexit.rodata", "\t.section\t.memexit.rodata,\"a\""},
++ {".data..read_only", "\t.section\t.data..read_only,\"a\""},
++};
++
+typedef struct {
+ bool has_fptr_field;
+ bool has_writable_field;
@@ -163706,33 +164021,85 @@ index 0000000..7142f36
+ TYPE_CONSTIFY_VISITED(type) = 1;
+}
+
-+static void check_global_variables(void *event_data, void *data)
++static bool is_constified_var(varpool_node_ptr node)
+{
-+ varpool_node_ptr node;
++ tree var = NODE_DECL(node);
++ tree type = TREE_TYPE(var);
+
-+ FOR_EACH_VARIABLE(node) {
-+ tree var = NODE_DECL(node);
-+ tree type = TREE_TYPE(var);
++ if (DECL_EXTERNAL(var))
++ return false;
+
-+ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
-+ continue;
++ // XXX handle more complex nesting of arrays/structs
++ if (TREE_CODE(type) == ARRAY_TYPE)
++ type = TREE_TYPE(type);
+
-+ if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type))
-+ continue;
++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
++ return false;
+
-+ if (!TYPE_CONSTIFY_VISITED(type))
-+ continue;
++ if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type))
++ return false;
+
-+ if (DECL_EXTERNAL(var))
-+ continue;
++ if (!TYPE_CONSTIFY_VISITED(type))
++ return false;
++
++ return true;
++}
++
++static void check_section_mismatch(varpool_node_ptr node)
++{
++ tree var, section;
++ size_t i;
++
++ var = NODE_DECL(node);
++ section = lookup_attribute("section", DECL_ATTRIBUTES(var));
++ if (!section) {
++ gcc_assert(!get_decl_section_name(var));
++ return;
++ } else
++ gcc_assert(get_decl_section_name(var));
++
++//fprintf(stderr, "SECTIONAME: [%s] ", get_decl_section_name(var));
++//debug_tree(var);
++
++ gcc_assert(!TREE_CHAIN(section));
++ gcc_assert(TREE_VALUE(section));
++
++ section = TREE_VALUE(TREE_VALUE(section));
++ gcc_assert(!strcmp(TREE_STRING_POINTER(section), get_decl_section_name(var)));
++//debug_tree(section);
++
++ for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++ if (!strcmp(const_sections[i].name, get_decl_section_name(var)))
++ return;
++
++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qD placed into writable section %E", var, section);
++}
++
++// this works around a gcc bug/feature where uninitialized globals
++// are moved into the .bss section regardless of any constification
++// see gcc/varasm.c:bss_initializer_p()
++static void fix_initializer(varpool_node_ptr node)
++{
++ tree var = NODE_DECL(node);
++ tree type = TREE_TYPE(var);
++
++ if (DECL_INITIAL(var))
++ return;
++
++ DECL_INITIAL(var) = build_constructor(type, NULL);
++// inform(DECL_SOURCE_LOCATION(var), "constified variable %qE moved into .rodata", var);
++}
++
++static void check_global_variables(void *event_data, void *data)
++{
++ varpool_node_ptr node;
+
-+ if (DECL_INITIAL(var))
++ FOR_EACH_VARIABLE(node) {
++ if (!is_constified_var(node))
+ continue;
+
-+ // this works around a gcc bug/feature where uninitialized globals
-+ // are moved into the .bss section regardless of any constification
-+ DECL_INITIAL(var) = build_constructor(type, NULL);
-+// inform(DECL_SOURCE_LOCATION(var), "constified variable %qE moved into .rodata", var);
++ check_section_mismatch(node);
++ fix_initializer(node);
+ }
+}
+
@@ -163769,30 +164136,16 @@ index 0000000..7142f36
+#define NO_GATE
+#include "gcc-generate-gimple-pass.h"
+
-+static struct {
-+ const char *name;
-+ const char *asm_op;
-+} sections[] = {
-+ {".init.rodata", "\t.section\t.init.rodata,\"a\""},
-+ {".ref.rodata", "\t.section\t.ref.rodata,\"a\""},
-+ {".devinit.rodata", "\t.section\t.devinit.rodata,\"a\""},
-+ {".devexit.rodata", "\t.section\t.devexit.rodata,\"a\""},
-+ {".cpuinit.rodata", "\t.section\t.cpuinit.rodata,\"a\""},
-+ {".cpuexit.rodata", "\t.section\t.cpuexit.rodata,\"a\""},
-+ {".meminit.rodata", "\t.section\t.meminit.rodata,\"a\""},
-+ {".memexit.rodata", "\t.section\t.memexit.rodata,\"a\""},
-+ {".data..read_only", "\t.section\t.data..read_only,\"a\""},
-+};
-+
+static unsigned int (*old_section_type_flags)(tree decl, const char *name, int reloc);
+
+static unsigned int constify_section_type_flags(tree decl, const char *name, int reloc)
+{
+ size_t i;
+
-+ for (i = 0; i < ARRAY_SIZE(sections); i++)
-+ if (!strcmp(sections[i].name, name))
++ for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++ if (!strcmp(const_sections[i].name, name))
+ return 0;
++
+ return old_section_type_flags(decl, name, reloc);
+}
+
@@ -163800,9 +164153,9 @@ index 0000000..7142f36
+{
+// size_t i;
+
-+// for (i = 0; i < ARRAY_SIZE(sections); i++)
-+// sections[i].section = get_unnamed_section(0, output_section_asm_op, sections[i].asm_op);
-+// sections[i].section = get_section(sections[i].name, 0, NULL);
++// for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++// const_sections[i].section = get_unnamed_section(0, output_section_asm_op, const_sections[i].asm_op);
++// const_sections[i].section = get_section(const_sections[i].name, 0, NULL);
+
+ old_section_type_flags = targetm.section_type_flags;
+ targetm.section_type_flags = constify_section_type_flags;
@@ -163853,10 +164206,10 @@ index 0000000..7142f36
+}
diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
new file mode 100644
-index 0000000..0c0b842
+index 0000000..fd6362e7
--- /dev/null
+++ b/scripts/gcc-plugins/gcc-common.h
-@@ -0,0 +1,879 @@
+@@ -0,0 +1,892 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -164396,6 +164749,14 @@ index 0000000..0c0b842
+
+typedef struct rtx_def rtx_insn;
+
++static inline const char *get_decl_section_name(const_tree decl)
++{
++ if (!DECL_SECTION_NAME(decl))
++ return NULL;
++
++ return TREE_STRING_POINTER(DECL_SECTION_NAME(decl));
++}
++
+static inline void set_decl_section_name(tree node, const char *value)
+{
+ if (value)
@@ -164513,6 +164874,11 @@ index 0000000..0c0b842
+
+#define INSN_DELETED_P(insn) (insn)->deleted()
+
++static inline const char *get_decl_section_name(const_tree decl)
++{
++ return DECL_SECTION_NAME(decl);
++}
++
+/* symtab/cgraph related */
+#define debug_cgraph_node(node) (node)->debug()
+#define cgraph_get_node(decl) cgraph_node::get(decl)
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-30 13:19 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-30 13:19 UTC (permalink / raw
To: gentoo-commits
commit: 69430df88d9fcc4b3ad98e37688ac7d1dd4e7c6e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 13:21:52 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 13:21:52 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=69430df8
grsecurity-3.1-4.5.7-201606292300
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606292300.patch} | 322 +++++++++++++++++++--
2 files changed, 295 insertions(+), 29 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index b74e534..6531b4d 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606282216.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606292300.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
index 01f7898..4f4d48f 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
@@ -49321,7 +49321,7 @@ index 6a27eb2..349ed23 100644
};
diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
-index c43318d..2574fc5 100644
+index c43318d..24bfd03 100644
--- a/drivers/hwmon/dell-smm-hwmon.c
+++ b/drivers/hwmon/dell-smm-hwmon.c
@@ -819,7 +819,7 @@ static const struct i8k_config_data i8k_config_data[] = {
@@ -49329,7 +49329,7 @@ index c43318d..2574fc5 100644
};
-static struct dmi_system_id i8k_dmi_table[] __initdata = {
-+static struct dmi_system_id i8k_dmi_table[] __initconst = {
++static const struct dmi_system_id i8k_dmi_table[] __initconst = {
{
.ident = "Dell Inspiron",
.matches = {
@@ -49338,7 +49338,7 @@ index c43318d..2574fc5 100644
MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
-static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
-+static struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
++static const struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
{
/*
* CPU fan speed going up and down on Dell Studio XPS 8000
@@ -58553,6 +58553,19 @@ index 556a2df..e771329 100644
{
spin_lock(&sbc_gxx_spin);
sbc_gxx_page(map, adr);
+diff --git a/drivers/mtd/nand/brcmnand/brcmnand.h b/drivers/mtd/nand/brcmnand/brcmnand.h
+index ef5eabb..2b61d03 100644
+--- a/drivers/mtd/nand/brcmnand/brcmnand.h
++++ b/drivers/mtd/nand/brcmnand/brcmnand.h
+@@ -24,7 +24,7 @@ struct brcmnand_soc {
+ bool (*ctlrdy_ack)(struct brcmnand_soc *soc);
+ void (*ctlrdy_set_enabled)(struct brcmnand_soc *soc, bool en);
+ void (*prepare_data_bus)(struct brcmnand_soc *soc, bool prepare);
+-};
++} __no_const;
+
+ static inline void brcmnand_soc_data_bus_prepare(struct brcmnand_soc *soc)
+ {
diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
index aa1a616..a47a33d 100644
--- a/drivers/mtd/nand/cafe_nand.c
@@ -62716,6 +62729,18 @@ index f9db2ce..6cd460c 100644
return ring_first(r);
}
+diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
+index a400288..0c59bcd 100644
+--- a/drivers/net/loopback.c
++++ b/drivers/net/loopback.c
+@@ -217,6 +217,6 @@ out:
+ }
+
+ /* Registered in net/core/dev.c */
+-struct pernet_operations __net_initdata loopback_net_ops = {
++struct pernet_operations __net_initconst loopback_net_ops = {
+ .init = loopback_net_init,
+ };
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 94e6888..c5c3f55 100644
--- a/drivers/net/macvlan.c
@@ -114042,7 +114067,7 @@ index f8595e8..e0d13cbd 100644
seq_putc(m, '\n');
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index 350984a..0fb02a9 100644
+index 350984a..a78a18c 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -23,9 +23,27 @@
@@ -114107,6 +114132,15 @@ index 350984a..0fb02a9 100644
err = -ENXIO;
net = get_proc_net(inode);
if (net == NULL)
+@@ -220,7 +251,7 @@ static __net_exit void proc_net_ns_exit(struct net *net)
+ kfree(net->proc_net);
+ }
+
+-static struct pernet_operations __net_initdata proc_net_ns_ops = {
++static struct pernet_operations __net_initconst proc_net_ns_ops = {
+ .init = proc_net_ns_init,
+ .exit = proc_net_ns_exit,
+ };
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index fe5b6e6..cd2913c 100644
--- a/fs/proc/proc_sysctl.c
@@ -132854,7 +132888,7 @@ index 25ef630..fc83c44 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 6d1d8f4..f1ed976 100644
+index 6d1d8f4..e9b37d6 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -1257,6 +1257,7 @@ struct net_device_ops {
@@ -132885,6 +132919,15 @@ index 6d1d8f4..f1ed976 100644
#ifdef CONFIG_WIRELESS_EXT
const struct iw_handler_def * wireless_handlers;
+@@ -4069,7 +4070,7 @@ static inline void netif_keep_dst(struct net_device *dev)
+ dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_XMIT_DST_RELEASE_PERM);
+ }
+
+-extern struct pernet_operations __net_initdata loopback_net_ops;
++extern struct pernet_operations __net_initconst loopback_net_ops;
+
+ /* Logging, debugging and troubleshooting/diagnostic helpers. */
+
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 0ad5567..79b35f5a 100644
--- a/include/linux/netfilter.h
@@ -138381,7 +138424,7 @@ index 798cad1..d6ffc17 100644
if ((requested_mode & ~granted_mode & 0007) &&
!ns_capable(ns->user_ns, CAP_IPC_OWNER))
diff --git a/kernel/audit.c b/kernel/audit.c
-index 3a3e5de..3a2baad 100644
+index 3a3e5de..2f79ee6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -123,7 +123,7 @@ u32 audit_sig_sid = 0;
@@ -138420,6 +138463,15 @@ index 3a3e5de..3a2baad 100644
s.backlog = skb_queue_len(&audit_skb_queue);
s.feature_bitmap = AUDIT_FEATURE_BITMAP_ALL;
s.backlog_wait_time = audit_backlog_wait_time_master;
+@@ -1156,7 +1156,7 @@ static void __net_exit audit_net_exit(struct net *net)
+ netlink_kernel_release(sock);
+ }
+
+-static struct pernet_operations audit_net_ops __net_initdata = {
++static struct pernet_operations audit_net_ops __net_initconst = {
+ .init = audit_net_init,
+ .exit = audit_net_exit,
+ .id = &audit_net_id,
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 195ffae..fb880f9 100644
--- a/kernel/auditsc.c
@@ -153409,7 +153461,7 @@ index fa9dc64..73dd85a 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index 0ef061b..6d2375a 100644
+index 0ef061b..94ee1d8 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -1766,7 +1766,7 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -153477,6 +153529,24 @@ index 0ef061b..6d2375a 100644
return storage;
}
EXPORT_SYMBOL(dev_get_stats);
+@@ -7922,7 +7922,7 @@ static void __net_exit netdev_exit(struct net *net)
+ kfree(net->dev_index_head);
+ }
+
+-static struct pernet_operations __net_initdata netdev_net_ops = {
++static struct pernet_operations __net_initconst netdev_net_ops = {
+ .init = netdev_init,
+ .exit = netdev_exit,
+ };
+@@ -8022,7 +8022,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
+ rtnl_unlock();
+ }
+
+-static struct pernet_operations __net_initdata default_device_ops = {
++static struct pernet_operations __net_initconst default_device_ops = {
+ .exit = default_device_exit,
+ .exit_batch = default_device_exit_batch,
+ };
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index b94b1d2..da3ed7c 100644
--- a/net/core/dev_ioctl.c
@@ -153648,7 +153718,7 @@ index f18ae91..f033693 100644
tmp.extra1 = &zero;
diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
-index 2bf8329..2eb1423 100644
+index 2bf8329..ea323e4 100644
--- a/net/core/net-procfs.c
+++ b/net/core/net-procfs.c
@@ -79,7 +79,13 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
@@ -153698,6 +153768,24 @@ index 2bf8329..2eb1423 100644
}
return 0;
+@@ -347,7 +358,7 @@ static void __net_exit dev_proc_net_exit(struct net *net)
+ remove_proc_entry("dev", net->proc_net);
+ }
+
+-static struct pernet_operations __net_initdata dev_proc_ops = {
++static struct pernet_operations __net_initconst dev_proc_ops = {
+ .init = dev_proc_net_init,
+ .exit = dev_proc_net_exit,
+ };
+@@ -409,7 +420,7 @@ static void __net_exit dev_mc_net_exit(struct net *net)
+ remove_proc_entry("dev_mcast", net->proc_net);
+ }
+
+-static struct pernet_operations __net_initdata dev_mc_net_ops = {
++static struct pernet_operations __net_initconst dev_mc_net_ops = {
+ .init = dev_mc_net_init,
+ .exit = dev_mc_net_exit,
+ };
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
index b6c8a66..0da5ffc 100644
--- a/net/core/net-sysfs.c
@@ -153712,9 +153800,18 @@ index b6c8a66..0da5ffc 100644
static DEVICE_ATTR_RO(carrier_changes);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
-index 2c2eb1b..a53be3e 100644
+index 2c2eb1b..2f3b518 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
+@@ -526,7 +526,7 @@ static __net_exit void net_ns_net_exit(struct net *net)
+ ns_free_inum(&net->ns);
+ }
+
+-static struct pernet_operations __net_initdata net_ns_ops = {
++static struct pernet_operations __net_initconst net_ns_ops = {
+ .init = net_ns_net_init,
+ .exit = net_ns_net_exit,
+ };
@@ -775,7 +775,7 @@ static int __register_pernet_operations(struct list_head *list,
int error;
LIST_HEAD(net_exit_list);
@@ -153936,7 +154033,7 @@ index 9835d9a..d49237a 100644
}
diff --git a/net/core/sock.c b/net/core/sock.c
-index 6c1c8bc..325316d 100644
+index 6c1c8bc..20a14a7 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -409,7 +409,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -154100,6 +154197,15 @@ index 6c1c8bc..325316d 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
+@@ -3004,7 +3009,7 @@ static __net_exit void proto_exit_net(struct net *net)
+ }
+
+
+-static __net_initdata struct pernet_operations proto_net_ops = {
++static __net_initconst struct pernet_operations proto_net_ops = {
+ .init = proto_init_net,
+ .exit = proto_exit_net,
+ };
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
index a996ce8..e0d5d3d 100644
--- a/net/core/sock_diag.c
@@ -154410,7 +154516,7 @@ index c35fdfa..063ef67 100644
return NULL;
}
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
-index 5c5db66..c10a4a2 100644
+index 5c5db66..cc029f2 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1389,7 +1389,7 @@ int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
@@ -154422,6 +154528,24 @@ index 5c5db66..c10a4a2 100644
#endif
return -EINVAL;
}
+@@ -1591,7 +1591,7 @@ static __net_exit void ipv4_mib_exit_net(struct net *net)
+ free_percpu(net->mib.tcp_statistics);
+ }
+
+-static __net_initdata struct pernet_operations ipv4_mib_ops = {
++static __net_initconst struct pernet_operations ipv4_mib_ops = {
+ .init = ipv4_mib_init_net,
+ .exit = ipv4_mib_exit_net,
+ };
+@@ -1624,7 +1624,7 @@ static __net_exit void inet_exit_net(struct net *net)
+ {
+ }
+
+-static __net_initdata struct pernet_operations af_inet_ops = {
++static __net_initconst struct pernet_operations af_inet_ops = {
+ .init = inet_init_net,
+ .exit = inet_exit_net,
+ };
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 59b3e0e..ff060b8 100644
--- a/net/ipv4/arp.c
@@ -154436,7 +154560,7 @@ index 59b3e0e..ff060b8 100644
struct dst_entry *dst = NULL;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index 0212591..329a13a 100644
+index 0212591..250d044 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -69,7 +69,8 @@
@@ -154526,6 +154650,15 @@ index 0212591..329a13a 100644
err_alloc_ctl:
#endif
if (dflt != &ipv4_devconf_dflt)
+@@ -2368,7 +2372,7 @@ static __net_exit void devinet_exit_net(struct net *net)
+ kfree(net->ipv4.devconf_all);
+ }
+
+-static __net_initdata struct pernet_operations devinet_ops = {
++static __net_initconst struct pernet_operations devinet_ops = {
+ .init = devinet_init_net,
+ .exit = devinet_exit_net,
+ };
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 63566ec..82e85abc8 100644
--- a/net/ipv4/fib_frontend.c
@@ -154567,6 +154700,19 @@ index 2b68418..fb7bee8 100644
return nh->nh_saddr;
}
+diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
+index 36e2697..33cf94a 100644
+--- a/net/ipv4/icmp.c
++++ b/net/ipv4/icmp.c
+@@ -1231,7 +1231,7 @@ fail:
+ return err;
+ }
+
+-static struct pernet_operations __net_initdata icmp_sk_ops = {
++static struct pernet_operations __net_initconst icmp_sk_ops = {
+ .init = icmp_sk_init,
+ .exit = icmp_sk_exit,
+ };
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 6414891..30ec9bf 100644
--- a/net/ipv4/inet_connection_sock.c
@@ -155328,7 +155474,7 @@ index d3a2716..884331c 100644
static int ping_v4_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
-index 3abd9d7..c5e4052 100644
+index 3abd9d7..50f84dbc 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -333,7 +333,7 @@ static void icmpmsg_put(struct seq_file *seq)
@@ -155365,8 +155511,17 @@ index 3abd9d7..c5e4052 100644
}
/*
+@@ -532,7 +532,7 @@ static __net_exit void ip_proc_exit_net(struct net *net)
+ remove_proc_entry("sockstat", net->proc_net);
+ }
+
+-static __net_initdata struct pernet_operations ip_proc_ops = {
++static __net_initconst struct pernet_operations ip_proc_ops = {
+ .init = ip_proc_init_net,
+ .exit = ip_proc_exit_net,
+ };
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 7113bae..0e9e9a6 100644
+index 7113bae..8d468b5 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -323,7 +323,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -155420,8 +155575,17 @@ index 7113bae..0e9e9a6 100644
}
static int raw_seq_show(struct seq_file *seq, void *v)
+@@ -1095,7 +1099,7 @@ static __net_exit void raw_exit_net(struct net *net)
+ remove_proc_entry("raw", net->proc_net);
+ }
+
+-static __net_initdata struct pernet_operations raw_net_ops = {
++static __net_initconst struct pernet_operations raw_net_ops = {
+ .init = raw_init_net,
+ .exit = raw_exit_net,
+ };
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index b050cf9..3b7fc47 100644
+index b050cf9..562413b 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -232,7 +232,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -155451,6 +155615,15 @@ index b050cf9..3b7fc47 100644
}
static const struct file_operations rt_acct_proc_fops = {
+@@ -413,7 +413,7 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
+ #endif
+ }
+
+-static struct pernet_operations ip_rt_proc_ops __net_initdata = {
++static struct pernet_operations ip_rt_proc_ops __net_initconst = {
+ .init = ip_rt_do_proc_init,
+ .exit = ip_rt_do_proc_exit,
+ };
@@ -463,7 +463,7 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
#define IP_IDENTS_SZ 2048u
@@ -155521,7 +155694,16 @@ index b050cf9..3b7fc47 100644
err_dup:
return -ENOMEM;
}
-@@ -2817,8 +2817,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2809,7 +2809,7 @@ static __net_exit void sysctl_route_net_exit(struct net *net)
+ kfree(tbl);
+ }
+
+-static __net_initdata struct pernet_operations sysctl_route_ops = {
++static __net_initconst struct pernet_operations sysctl_route_ops = {
+ .init = sysctl_route_net_init,
+ .exit = sysctl_route_net_exit,
+ };
+@@ -2817,14 +2817,14 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
static __net_init int rt_genid_init(struct net *net)
{
@@ -155532,6 +155714,22 @@ index b050cf9..3b7fc47 100644
get_random_bytes(&net->ipv4.dev_addr_genid,
sizeof(net->ipv4.dev_addr_genid));
return 0;
+ }
+
+-static __net_initdata struct pernet_operations rt_genid_ops = {
++static __net_initconst struct pernet_operations rt_genid_ops = {
+ .init = rt_genid_init,
+ };
+
+@@ -2848,7 +2848,7 @@ static void __net_exit ipv4_inetpeer_exit(struct net *net)
+ kfree(bp);
+ }
+
+-static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
++static __net_initconst struct pernet_operations ipv4_inetpeer_ops = {
+ .init = ipv4_inetpeer_init,
+ .exit = ipv4_inetpeer_exit,
+ };
@@ -2862,11 +2862,7 @@ int __init ip_rt_init(void)
int rc = 0;
int cpu;
@@ -155546,7 +155744,7 @@ index b050cf9..3b7fc47 100644
ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
if (!ip_tstamps)
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index 4d367b4..84f04b1 100644
+index 4d367b4..aff5814 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -66,7 +66,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
@@ -155631,6 +155829,15 @@ index 4d367b4..84f04b1 100644
if (!net->ipv4.ipv4_hdr)
goto err_reg;
+@@ -1009,7 +1011,7 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
+ kfree(table);
+ }
+
+-static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
++static __net_initconst struct pernet_operations ipv4_sysctl_ops = {
+ .init = ipv4_sysctl_init_net,
+ .exit = ipv4_sysctl_exit_net,
+ };
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 3b2c8e9..601c090 100644
--- a/net/ipv4/tcp_input.c
@@ -155702,7 +155909,7 @@ index 3b2c8e9..601c090 100644
write_pnet(&ireq->ireq_net, sock_net(sk_listener));
ireq->ireq_family = sk_listener->sk_family;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index a7b1a90..9f6c261 100644
+index a7b1a90..56a4c5e 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -88,6 +88,10 @@ int sysctl_tcp_tw_reuse __read_mostly;
@@ -155760,6 +155967,28 @@ index a7b1a90..9f6c261 100644
tcp_v4_send_reset(NULL, skb);
}
+@@ -2405,7 +2423,7 @@ static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
+ inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
+ }
+
+-static struct pernet_operations __net_initdata tcp_sk_ops = {
++static struct pernet_operations __net_initconst tcp_sk_ops = {
+ .init = tcp_sk_init,
+ .exit = tcp_sk_exit,
+ .exit_batch = tcp_sk_exit_batch,
+diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
+index a726d78..efd778e 100644
+--- a/net/ipv4/tcp_metrics.c
++++ b/net/ipv4/tcp_metrics.c
+@@ -1163,7 +1163,7 @@ static void __net_exit tcp_net_metrics_exit(struct net *net)
+ tcp_metrics_flush_all(net);
+ }
+
+-static __net_initdata struct pernet_operations tcp_net_metrics_ops = {
++static __net_initconst struct pernet_operations tcp_net_metrics_ops = {
+ .init = tcp_net_metrics_init,
+ .exit = tcp_net_metrics_exit,
+ };
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 9b02af2..5b73e16 100644
--- a/net/ipv4/tcp_minisocks.c
@@ -155961,7 +156190,7 @@ index fd840c7..b517627 100644
struct iphdr *iph = ip_hdr(skb);
int ihl = iph->ihl * 4;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
-index 7b0edb3..785b3f6 100644
+index 7b0edb3..f597227 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -215,11 +215,11 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
@@ -156013,6 +156242,15 @@ index 7b0edb3..785b3f6 100644
err_alloc:
return -ENOMEM;
}
+@@ -369,7 +368,7 @@ static void __net_exit xfrm4_net_exit(struct net *net)
+ dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
+ }
+
+-static struct pernet_operations __net_initdata xfrm4_net_ops = {
++static struct pernet_operations __net_initconst xfrm4_net_ops = {
+ .init = xfrm4_net_init,
+ .exit = xfrm4_net_exit,
+ };
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 542074c..648df74 100644
--- a/net/ipv4/xfrm4_state.c
@@ -159235,7 +159473,7 @@ index 11de55e..f25e448 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index d2bc03f..a95bb86 100644
+index d2bc03f..94d26ac 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -287,7 +287,7 @@ static void netlink_overrun(struct sock *sk)
@@ -159287,6 +159525,15 @@ index d2bc03f..a95bb86 100644
sock_i_ino(s)
);
+@@ -3295,7 +3297,7 @@ static void __init netlink_add_usersock_entry(void)
+ netlink_table_ungrab();
+ }
+
+-static struct pernet_operations __net_initdata netlink_net_ops = {
++static struct pernet_operations __net_initconst netlink_net_ops = {
+ .init = netlink_net_init,
+ .exit = netlink_net_exit,
+ };
diff --git a/net/netlink/diag.c b/net/netlink/diag.c
index 3ee63a3cf..d6df4d8 100644
--- a/net/netlink/diag.c
@@ -162097,7 +162344,7 @@ index 0917f04..f4e3d8c 100644
if (!proc_create("x25/route", S_IRUGO, init_net.proc_net,
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index b5e665b..3030b1d 100644
+index b5e665b..cc7abfa 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -332,7 +332,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
@@ -162166,6 +162413,15 @@ index b5e665b..3030b1d 100644
}
return err;
}
+@@ -3074,7 +3072,7 @@ static void __net_exit xfrm_net_exit(struct net *net)
+ xfrm_statistics_fini(net);
+ }
+
+-static struct pernet_operations __net_initdata xfrm_net_ops = {
++static struct pernet_operations __net_initconst xfrm_net_ops = {
+ .init = xfrm_net_init,
+ .exit = xfrm_net_exit,
+ };
@@ -3266,7 +3264,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
sizeof(pol->xfrm_vec[i].saddr));
pol->xfrm_vec[i].encap_family = mp->new_family;
@@ -163626,10 +163882,10 @@ index 0000000..ffe60f6
+}
diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c
new file mode 100644
-index 0000000..e25c12c
+index 0000000..7a047cd
--- /dev/null
+++ b/scripts/gcc-plugins/constify_plugin.c
-@@ -0,0 +1,574 @@
+@@ -0,0 +1,583 @@
+/*
+ * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
+ * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu>
@@ -164026,6 +164282,9 @@ index 0000000..e25c12c
+ tree var = NODE_DECL(node);
+ tree type = TREE_TYPE(var);
+
++ if (node->alias)
++ return false;
++
+ if (DECL_EXTERNAL(var))
+ return false;
+
@@ -164053,7 +164312,13 @@ index 0000000..e25c12c
+ var = NODE_DECL(node);
+ section = lookup_attribute("section", DECL_ATTRIBUTES(var));
+ if (!section) {
-+ gcc_assert(!get_decl_section_name(var));
++ const char *name = get_decl_section_name(var);
++
++ if (name) {
++ fprintf(stderr, "DECL_SECTION [%s] ", name);
++ dump_varpool_node(stderr, node);
++ gcc_unreachable();
++ }
+ return;
+ } else
+ gcc_assert(get_decl_section_name(var));
@@ -164206,10 +164471,10 @@ index 0000000..e25c12c
+}
diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
new file mode 100644
-index 0000000..fd6362e7
+index 0000000..7b14844
--- /dev/null
+++ b/scripts/gcc-plugins/gcc-common.h
-@@ -0,0 +1,892 @@
+@@ -0,0 +1,893 @@
+#ifndef GCC_COMMON_H_INCLUDED
+#define GCC_COMMON_H_INCLUDED
+
@@ -164751,8 +165016,8 @@ index 0000000..fd6362e7
+
+static inline const char *get_decl_section_name(const_tree decl)
+{
-+ if (!DECL_SECTION_NAME(decl))
-+ return NULL;
++ if (DECL_SECTION_NAME(decl) == NULL_TREE)
++ return NULL;
+
+ return TREE_STRING_POINTER(DECL_SECTION_NAME(decl));
+}
@@ -164887,6 +165152,7 @@ index 0000000..fd6362e7
+#define cgraph_n_nodes symtab->cgraph_count
+#define cgraph_max_uid symtab->cgraph_max_uid
+#define varpool_get_node(decl) varpool_node::get(decl)
++#define dump_varpool_node(file, node) (node)->dump(file)
+
+#define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \
+ (caller)->create_edge((callee), (call_stmt), (count), (freq))
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-07-02 8:57 Anthony G. Basile
0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-07-02 8:57 UTC (permalink / raw
To: gentoo-commits
commit: d32dd7f3f7697ee461fd2faa0fd051877e411bc1
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 2 08:59:46 2016 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jul 2 08:59:46 2016 +0000
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=d32dd7f3
grsecurity-3.1-4.5.7-201606302132
4.5.7/0000_README | 2 +-
...> 4420_grsecurity-3.1-4.5.7-201606302132.patch} | 416 ++++++++++++---------
4.5.7/4425_grsec_remove_EI_PAX.patch | 2 +-
4.5.7/4450_grsec-kconfig-default-gids.patch | 8 +-
4.5.7/4470_disable-compat_vdso.patch | 2 +-
4.5.7/4475_emutramp_default_on.patch | 4 +-
6 files changed, 252 insertions(+), 182 deletions(-)
diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 6531b4d..cd47bdd 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.1-4.5.7-201606292300.patch
+Patch: 4420_grsecurity-3.1-4.5.7-201606302132.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
index 4f4d48f..6f9feec 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
@@ -12658,7 +12658,7 @@ index 3ba5ff2..44bdacc 100644
config X86_MINIMUM_CPU_FAMILY
int
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index 9b18ed9..9528749 100644
+index 9b18ed9..0fb0660 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -55,6 +55,7 @@ config X86_PTDUMP
@@ -12669,16 +12669,15 @@ index 9b18ed9..9528749 100644
select X86_PTDUMP_CORE
---help---
Say Y here if you want to show the kernel pagetable layout in a
-@@ -77,7 +78,7 @@ config EFI_PGT_DUMP
+@@ -77,7 +78,6 @@ config EFI_PGT_DUMP
config DEBUG_RODATA
bool "Write protect kernel read-only data structures"
default y
- depends on DEBUG_KERNEL
-+ depends on DEBUG_KERNEL && BROKEN
---help---
Mark the kernel read-only data as write-protected in the pagetables,
in order to catch accidental (and incorrect) writes to such const
-@@ -123,7 +124,7 @@ config DEBUG_WX
+@@ -123,7 +123,7 @@ config DEBUG_WX
config DEBUG_SET_MODULE_RONX
bool "Set loadable kernel module data as NX and text as RO"
@@ -12687,7 +12686,7 @@ index 9b18ed9..9528749 100644
---help---
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
-@@ -375,6 +376,7 @@ config X86_DEBUG_FPU
+@@ -375,6 +375,7 @@ config X86_DEBUG_FPU
config PUNIT_ATOM_DEBUG
tristate "ATOM Punit debug driver"
select DEBUG_FS
@@ -27194,7 +27193,7 @@ index 2c0f340..76c1d24 100644
for (i = 0; i < NUM_EXCEPTION_VECTORS; i++)
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 6bc9ae2..33997fe 100644
+index 6bc9ae2..51f7c58 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -27,6 +27,12 @@
@@ -27466,28 +27465,23 @@ index 6bc9ae2..33997fe 100644
pushl 16(%esp)
pushl 24(%esp)
pushl 32(%esp)
-@@ -663,29 +755,34 @@ ENTRY(setup_once_ref)
- /*
- * BSS section
- */
+@@ -660,11 +752,8 @@ ENTRY(initial_code)
+ ENTRY(setup_once_ref)
+ .long setup_once
+
+-/*
+- * BSS section
+- */
-__PAGE_ALIGNED_BSS
- .align PAGE_SIZE
++__READ_ONLY
++ .balign PAGE_SIZE
#ifdef CONFIG_X86_PAE
-+.section .initial_pg_pmd,"a",@progbits
initial_pg_pmd:
.fill 1024*KPMDS,4,0
- #else
-+.section .initial_page_table,"a",@progbits
- ENTRY(initial_page_table)
- .fill 1024,4,0
- #endif
-+.section .initial_pg_fixmap,"a",@progbits
- initial_pg_fixmap:
- .fill 1024,4,0
-+.section .empty_zero_page,"a",@progbits
+@@ -677,15 +766,18 @@ initial_pg_fixmap:
ENTRY(empty_zero_page)
.fill 4096,1,0
-+.section .swapper_pg_dir,"a",@progbits
ENTRY(swapper_pg_dir)
- .fill 1024,4,0
+#ifdef CONFIG_X86_PAE
@@ -27503,21 +27497,24 @@ index 6bc9ae2..33997fe 100644
-__PAGE_ALIGNED_DATA
- /* Page-aligned for the benefit of paravirt? */
- .align PAGE_SIZE
-+.section .initial_page_table,"a",@progbits
++__READ_ONLY
++ .balign PAGE_SIZE
ENTRY(initial_page_table)
.long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */
# if KPMDS == 3
-@@ -704,12 +801,20 @@ ENTRY(initial_page_table)
+@@ -703,13 +795,21 @@ ENTRY(initial_page_table)
+ # else
# error "Kernel PMDs should be 1, 2 or 3"
# endif
- .align PAGE_SIZE /* needs to be page-sized too */
+- .align PAGE_SIZE /* needs to be page-sized too */
++ .balign PAGE_SIZE /* needs to be page-sized too */
+
-+#ifdef CONFIG_PAX_PER_CPU_PGD
++# ifdef CONFIG_PAX_PER_CPU_PGD
+ENTRY(cpu_pgd)
+ .rept 2*NR_CPUS
+ .fill PTRS_PER_PGD,8,0
+ .endr
-+#endif
++# endif
+
#endif
@@ -27529,16 +27526,16 @@ index 6bc9ae2..33997fe 100644
__INITRODATA
int_msg:
-@@ -737,7 +842,7 @@ fault_msg:
+@@ -737,7 +837,7 @@ fault_msg:
* segment size, and 32-bit linear address value:
*/
- .data
-+.section .rodata,"a",@progbits
++__READ_ONLY
.globl boot_gdt_descr
.globl idt_descr
-@@ -746,7 +851,7 @@ fault_msg:
+@@ -746,7 +846,7 @@ fault_msg:
.word 0 # 32 bit align gdt_desc.address
boot_gdt_descr:
.word __BOOT_DS+7
@@ -27547,7 +27544,7 @@ index 6bc9ae2..33997fe 100644
.word 0 # 32-bit align idt_desc.address
idt_descr:
-@@ -757,7 +862,7 @@ idt_descr:
+@@ -757,7 +857,7 @@ idt_descr:
.word 0 # 32 bit align gdt_desc.address
ENTRY(early_gdt_descr)
.word GDT_ENTRIES*8-1
@@ -27556,7 +27553,7 @@ index 6bc9ae2..33997fe 100644
/*
* The boot_gdt must mirror the equivalent in setup.S and is
-@@ -766,5 +871,65 @@ ENTRY(early_gdt_descr)
+@@ -766,5 +866,65 @@ ENTRY(early_gdt_descr)
.align L1_CACHE_BYTES
ENTRY(boot_gdt)
.fill GDT_ENTRY_BOOT_CS,8,0
@@ -27625,7 +27622,7 @@ index 6bc9ae2..33997fe 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..60b5d16 100644
+index ffdc0e8..1827c62 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -27704,7 +27701,7 @@ index ffdc0e8..60b5d16 100644
movq %rcx, %cr4
/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64)
+@@ -205,10 +239,24 @@ ENTRY(secondary_startup_64)
movl $MSR_EFER, %ecx
rdmsr
btsl $_EFER_SCE, %eax /* Enable System Call */
@@ -27716,7 +27713,10 @@ index ffdc0e8..60b5d16 100644
+ je 1f
btsq $_PAGE_BIT_NX,early_pmd_flags(%rip)
+ btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip)
-+ btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip)
++ btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START)(%rip)
++ btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 8(%rip)
++ btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 16(%rip)
++ btsq $_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 24(%rip)
+ btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip)
+ btsq $_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip)
+ btsq $_PAGE_BIT_NX, level2_fixmap_pgt + 8*504(%rip)
@@ -27727,7 +27727,7 @@ index ffdc0e8..60b5d16 100644
1: wrmsr /* Make changes effective */
/* Setup cr0 */
-@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64)
+@@ -288,6 +336,7 @@ ENTRY(secondary_startup_64)
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
* address given in m16:64.
*/
@@ -27735,7 +27735,7 @@ index ffdc0e8..60b5d16 100644
movq initial_code(%rip),%rax
pushq $0 # fake return address to stop unwinder
pushq $__KERNEL_CS # set correct cs
-@@ -321,7 +367,7 @@ ENDPROC(start_cpu0)
+@@ -321,7 +370,7 @@ ENDPROC(start_cpu0)
.quad INIT_PER_CPU_VAR(irq_stack_union)
GLOBAL(stack_start)
@@ -27744,7 +27744,7 @@ index ffdc0e8..60b5d16 100644
.word 0
__FINITDATA
-@@ -401,7 +447,7 @@ early_idt_handler_common:
+@@ -401,7 +450,7 @@ early_idt_handler_common:
call dump_stack
#ifdef CONFIG_KALLSYMS
leaq early_idt_ripmsg(%rip),%rdi
@@ -27753,15 +27753,15 @@ index ffdc0e8..60b5d16 100644
call __print_symbol
#endif
#endif /* EARLY_PRINTK */
-@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common)
+@@ -430,6 +479,7 @@ ENDPROC(early_idt_handler_common)
early_recursion_flag:
.long 0
-+ .section .rodata,"a",@progbits
++ __READ_ONLY
#ifdef CONFIG_EARLY_PRINTK
early_idt_msg:
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +499,70 @@ GLOBAL(name)
+@@ -452,40 +502,70 @@ GLOBAL(name)
__INITDATA
NEXT_PAGE(early_level4_pgt)
.fill 511,8,0
@@ -27772,7 +27772,7 @@ index ffdc0e8..60b5d16 100644
.fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0
- .data
-+ .section .rodata,"a",@progbits
++ __READ_ONLY
-#ifndef CONFIG_XEN
NEXT_PAGE(init_level4_pgt)
@@ -27844,7 +27844,7 @@ index ffdc0e8..60b5d16 100644
NEXT_PAGE(level2_kernel_pgt)
/*
-@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -502,31 +582,79 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -31240,7 +31240,7 @@ index e574b85..5514c57 100644
case VM86_GET_AND_RESET_IRQ: {
return get_and_reset_irq(irqnumber);
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 74e4bf1..a9a6168 100644
+index 74e4bf1..0897a97 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -31310,7 +31310,7 @@ index 74e4bf1..a9a6168 100644
HEAD_TEXT
. = ALIGN(8);
_stext = .;
-@@ -104,13 +124,47 @@ SECTIONS
+@@ -104,13 +124,35 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
@@ -31343,18 +31343,6 @@ index 74e4bf1..a9a6168 100644
+ _etext = . - __KERNEL_TEXT_OFFSET;
+ }
+
-+#ifdef CONFIG_X86_32
-+ . = ALIGN(PAGE_SIZE);
-+ .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
-+ . = ALIGN(PAGE_SIZE);
-+ *(.empty_zero_page)
-+ *(.initial_pg_fixmap)
-+ *(.initial_pg_pmd)
-+ *(.initial_page_table)
-+ *(.swapper_pg_dir)
-+ } :rodata
-+#endif
-+
+ . = ALIGN(PAGE_SIZE);
+ NOTES :rodata :note
+
@@ -31362,7 +31350,7 @@ index 74e4bf1..a9a6168 100644
#if defined(CONFIG_DEBUG_RODATA)
/* .text should occupy whole number of pages */
-@@ -122,16 +176,20 @@ SECTIONS
+@@ -122,16 +164,20 @@ SECTIONS
/* Data */
.data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -31386,7 +31374,7 @@ index 74e4bf1..a9a6168 100644
PAGE_ALIGNED_DATA(PAGE_SIZE)
-@@ -174,12 +232,19 @@ SECTIONS
+@@ -174,12 +220,19 @@ SECTIONS
. = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
/* Init code and data - will be freed after init */
@@ -31409,7 +31397,7 @@ index 74e4bf1..a9a6168 100644
/*
* percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
* output PHDR, so the next output section - .init.text - should
-@@ -190,12 +255,33 @@ SECTIONS
+@@ -190,12 +243,33 @@ SECTIONS
"per-CPU data too large - increase CONFIG_PHYSICAL_START")
#endif
@@ -31447,7 +31435,7 @@ index 74e4bf1..a9a6168 100644
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
-@@ -266,19 +352,12 @@ SECTIONS
+@@ -266,19 +340,12 @@ SECTIONS
}
. = ALIGN(8);
@@ -31468,7 +31456,7 @@ index 74e4bf1..a9a6168 100644
PERCPU_SECTION(INTERNODE_CACHE_BYTES)
#endif
-@@ -297,16 +376,10 @@ SECTIONS
+@@ -297,16 +364,10 @@ SECTIONS
.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
__smp_locks = .;
*(.smp_locks)
@@ -31486,7 +31474,7 @@ index 74e4bf1..a9a6168 100644
/* BSS */
. = ALIGN(PAGE_SIZE);
.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -322,6 +395,7 @@ SECTIONS
+@@ -322,6 +383,7 @@ SECTIONS
__brk_base = .;
. += 64 * 1024; /* 64k alignment slop space */
*(.brk_reservation) /* areas brk users have reserved */
@@ -31494,7 +31482,7 @@ index 74e4bf1..a9a6168 100644
__brk_limit = .;
}
-@@ -348,13 +422,12 @@ SECTIONS
+@@ -348,13 +410,12 @@ SECTIONS
* for the boot processor.
*/
#define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -35806,7 +35794,7 @@ index 740d7ac..4091827 100644
#endif /* CONFIG_HUGETLB_PAGE */
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..d8e6b22 100644
+index 493f541..ee7a3f0 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -35817,16 +35805,15 @@ index 493f541..d8e6b22 100644
#include <asm/cacheflush.h>
#include <asm/e820.h>
-@@ -17,6 +18,8 @@
+@@ -17,6 +18,7 @@
#include <asm/proto.h>
#include <asm/dma.h> /* for MAX_DMA_PFN */
#include <asm/microcode.h>
-+#include <asm/desc.h>
+#include <asm/bios_ebda.h>
/*
* We need to define the tracepoints somewhere, and tlb.c
-@@ -618,7 +621,18 @@ void __init init_mem_mapping(void)
+@@ -618,7 +620,18 @@ void __init init_mem_mapping(void)
early_ioremap_page_table_range_init();
#endif
@@ -35845,7 +35832,7 @@ index 493f541..d8e6b22 100644
__flush_tlb_all();
early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +648,34 @@ void __init init_mem_mapping(void)
+@@ -634,10 +647,34 @@ void __init init_mem_mapping(void)
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
*/
@@ -35880,8 +35867,8 @@ index 493f541..d8e6b22 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
- #endif
+@@ -645,6 +682,29 @@ int devmem_is_allowed(unsigned long pagenr)
+ return 0;
}
+#ifdef CONFIG_GRKERNSEC_KMEM
@@ -35907,109 +35894,29 @@ index 493f541..d8e6b22 100644
+static inline void gr_init_ebda(void) { }
+#endif
+
+ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ {
+ unsigned long begin_aligned, end_aligned;
+@@ -668,7 +728,7 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ */
+ #ifdef CONFIG_DEBUG_PAGEALLOC
+ printk(KERN_INFO "debug: unmapping init [mem %#010lx-%#010lx]\n",
+- begin, end - 1);
++ begin, end - 1);
+ set_memory_np(begin, (end - begin) >> PAGE_SHIFT);
+ #else
+ /*
+@@ -685,6 +745,8 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+
void free_initmem(void)
{
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifdef CONFIG_X86_32
-+ /* PaX: limit KERNEL_CS to actual size */
-+ unsigned long addr, limit;
-+ struct desc_struct d;
-+ int cpu;
-+#else
-+ pgd_t *pgd;
-+ pud_t *pud;
-+ pmd_t *pmd;
-+ unsigned long addr, end;
-+#endif
-+#endif
-+
+ gr_init_ebda();
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifdef CONFIG_X86_32
-+ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
-+ limit = (limit - 1UL) >> PAGE_SHIFT;
-+
-+ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
-+ for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
-+ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
-+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
-+ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
-+ }
-+
-+ /* PaX: make KERNEL_CS read-only */
-+ addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
-+ if (!paravirt_enabled())
-+ set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
-+/*
-+ for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ }
-+*/
-+#ifdef CONFIG_X86_PAE
-+ set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
-+/*
-+ for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+ }
-+*/
-+#endif
-+
-+#ifdef CONFIG_MODULES
-+ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
-+#endif
-+
-+#else
-+ /* PaX: make kernel code/rodata read-only, rest non-executable */
-+ set_memory_ro((unsigned long)_text, ((unsigned long)(_sdata - _text) >> PAGE_SHIFT));
-+ set_memory_nx((unsigned long)_sdata, (__START_KERNEL_map + KERNEL_IMAGE_SIZE - (unsigned long)_sdata) >> PAGE_SHIFT);
-+
-+ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ if (!pmd_present(*pmd))
-+ continue;
-+ if (addr >= (unsigned long)_text)
-+ BUG_ON(!pmd_large(*pmd));
-+ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
-+ BUG_ON(pmd_write(*pmd));
-+// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ else
-+ BUG_ON(!(pmd_flags(*pmd) & _PAGE_NX));
-+// set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+ }
-+
-+ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
-+ end = addr + KERNEL_IMAGE_SIZE;
-+ for (; addr < end; addr += PMD_SIZE) {
-+ pgd = pgd_offset_k(addr);
-+ pud = pud_offset(pgd, addr);
-+ pmd = pmd_offset(pud, addr);
-+ if (!pmd_present(*pmd))
-+ continue;
-+ if (addr >= (unsigned long)_text)
-+ BUG_ON(!pmd_large(*pmd));
-+ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
-+ BUG_ON(pmd_write(*pmd));
-+// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+ }
-+#endif
-+
-+ flush_tlb_all();
-+#endif
-+
free_init_pages("unused kernel",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index cb4ef3d..377ec5a 100644
+index cb4ef3d..1b13259 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
@@ -36253,16 +36160,77 @@ index cb4ef3d..377ec5a 100644
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -927,6 +931,7 @@ void mark_rodata_ro(void)
+@@ -911,7 +915,7 @@ static void mark_nxdata_nx(void)
+ * When this called, init has already been executed and released,
+ * so everything past _etext should be NX.
+ */
+- unsigned long start = PFN_ALIGN(_etext);
++ unsigned long start = ktla_ktva(PFN_ALIGN(_etext));
+ /*
+ * This comes from is_kernel_text upper limit. Also HPAGE where used:
+ */
+@@ -927,26 +931,47 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
+- set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
+- printk(KERN_INFO "Write protecting the kernel text: %luk\n",
+- size >> 10);
++ if (config_enabled(CONFIG_PAX_KERNEXEC)) {
++ /* PaX: limit KERNEL_CS to actual size */
++ unsigned long limit;
++ struct desc_struct d;
++ int cpu;
+
+- kernel_set_to_readonly = 1;
++ limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
++ limit = (limit - 1UL) >> PAGE_SHIFT;
++
++ memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
++ for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
++ pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++ write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
++ }
++
++ if (config_enabled(CONFIG_MODULES))
++ set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
++ }
++
+ start = ktla_ktva(start);
++ /* PaX: make KERNEL_CS read-only */
++ if (config_enabled(CONFIG_PAX_KERNEXEC) && !paravirt_enabled()) {
++ set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
++ printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10);
++
++ kernel_set_to_readonly = 1;
+
+ #ifdef CONFIG_CPA_DEBUG
+- printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n",
+- start, start+size);
+- set_pages_rw(virt_to_page(start), size>>PAGE_SHIFT);
++ printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", start, start+size);
++ set_pages_rw(virt_to_page(start), size>>PAGE_SHIFT);
+
+- printk(KERN_INFO "Testing CPA: write protecting again\n");
+- set_pages_ro(virt_to_page(start), size>>PAGE_SHIFT);
++ printk(KERN_INFO "Testing CPA: write protecting again\n");
++ set_pages_ro(virt_to_page(start), size>>PAGE_SHIFT);
+ #endif
++ }
+
+ start += size;
+- size = (unsigned long)__end_rodata - start;
++ size = PFN_ALIGN(_sdata) - start;
set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
- printk(KERN_INFO "Write protecting the kernel text: %luk\n",
- size >> 10);
+- printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+- size >> 10);
++ printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", size >> 10);
+ rodata_test();
+
+ #ifdef CONFIG_CPA_DEBUG
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 5488d21..6063860 100644
+index 5488d21..9f75681 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -137,7 +137,7 @@ int kernel_ident_mapping_init(struct x86_mapping_info *info, pgd_t *pgd_page,
@@ -36395,6 +36363,94 @@ index 5488d21..6063860 100644
spin_unlock(&init_mm.page_table_lock);
pgd_changed = true;
}
+@@ -1107,8 +1135,7 @@ void set_kernel_text_ro(void)
+ if (!kernel_set_to_readonly)
+ return;
+
+- pr_debug("Set kernel text: %lx - %lx for read only\n",
+- start, end);
++ pr_debug("Set kernel text: %lx - %lx for read only\n", start, end);
+
+ /*
+ * Set the kernel identity mapping for text RO.
+@@ -1118,15 +1145,20 @@ void set_kernel_text_ro(void)
+
+ void mark_rodata_ro(void)
+ {
++ unsigned long addr;
+ unsigned long start = PFN_ALIGN(_text);
+ unsigned long rodata_start = PFN_ALIGN(__start_rodata);
++#ifdef CONFIG_PAX_KERNEXEC
++ unsigned long end = PFN_ALIGN(_sdata);
++ unsigned long text_end = end;
++#else
+ unsigned long end = (unsigned long) &__end_rodata_hpage_align;
+ unsigned long text_end = PFN_ALIGN(&__stop___ex_table);
++#endif
+ unsigned long rodata_end = PFN_ALIGN(&__end_rodata);
+ unsigned long all_end;
+
+- printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+- (end - start) >> 10);
++ printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10);
+ set_memory_ro(start, (end - start) >> PAGE_SHIFT);
+
+ kernel_set_to_readonly = 1;
+@@ -1156,12 +1188,54 @@ void mark_rodata_ro(void)
+ set_memory_ro(start, (end-start) >> PAGE_SHIFT);
+ #endif
+
++#ifdef CONFIG_PAX_KERNEXEC
++ /* PaX: ensure that kernel code/rodata is read-only, the rest is non-executable */
++ for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
++ pgd_t *pgd;
++ pud_t *pud;
++ pmd_t *pmd;
++
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ if (!pmd_present(*pmd))
++ continue;
++ if (addr >= (unsigned long)_text)
++ BUG_ON(!pmd_large(*pmd));
++ if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
++ BUG_ON(pmd_write(*pmd));
++// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++ else
++ BUG_ON(!(pmd_flags(*pmd) & _PAGE_NX));
++// set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++ }
++
++ addr = (unsigned long)__va(__pa(__START_KERNEL_map));
++ end = addr + KERNEL_IMAGE_SIZE;
++ for (; addr < end; addr += PMD_SIZE) {
++ pgd_t *pgd;
++ pud_t *pud;
++ pmd_t *pmd;
++
++ pgd = pgd_offset_k(addr);
++ pud = pud_offset(pgd, addr);
++ pmd = pmd_offset(pud, addr);
++ if (!pmd_present(*pmd))
++ continue;
++ if (addr >= (unsigned long)_text)
++ BUG_ON(!pmd_large(*pmd));
++ if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
++ BUG_ON(pmd_write(*pmd));
++// set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++ }
++#else
+ free_init_pages("unused kernel",
+ (unsigned long) __va(__pa_symbol(text_end)),
+ (unsigned long) __va(__pa_symbol(rodata_start)));
+ free_init_pages("unused kernel",
+ (unsigned long) __va(__pa_symbol(rodata_end)),
+ (unsigned long) __va(__pa_symbol(_sdata)));
++#endif
+
+ debug_checkwx();
+ }
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
index 9c0ff04..9020d5f 100644
--- a/arch/x86/mm/iomap_32.c
@@ -131434,7 +131490,7 @@ index ba7a9b0..33a0237 100644
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
extern void unregister_pppox_proto(int proto_num);
diff --git a/include/linux/init.h b/include/linux/init.h
-index b449f37..3416791 100644
+index b449f37..2bf1598 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -39,7 +39,7 @@
@@ -131455,6 +131511,19 @@ index b449f37..3416791 100644
#define __meminitdata __section(.meminit.data)
#define __meminitconst __constsection(.meminit.rodata)
#define __memexit __section(.memexit.text) __exitused __cold notrace
+@@ -117,6 +117,12 @@
+ #define __REFDATA .section ".ref.data", "aw"
+ #define __REFCONST .section ".ref.rodata", "a"
+
++#ifdef CONFIG_PAX_KERNEXEC
++#define __READ_ONLY .section ".data..read_only","a",%progbits
++#else
++#define __READ_ONLY .section ".data..mostly","aw",%progbits
++#endif
++
+ #ifndef __ASSEMBLY__
+ /*
+ * Used for initialization calls..
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index f2cb8d4..2f0363e 100644
--- a/include/linux/init_task.h
@@ -211966,10 +212035,10 @@ index 23ba1c6..cad2484 100755
# Find all available archs
find_all_archs()
diff --git a/security/Kconfig b/security/Kconfig
-index e452378..e634654 100644
+index e452378..cc25231 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,994 @@
+@@ -4,6 +4,995 @@
menu "Security options"
@@ -212559,6 +212628,7 @@ index e452378..e634654 100644
+ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
++ select DEBUG_RODATA if X86
+ select ARM_KERNMEM_PERMS if ARM
+ help
+ This is the kernel land equivalent of PAGEEXEC and MPROTECT,
@@ -212964,7 +213034,7 @@ index e452378..e634654 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1092,7 @@ config INTEL_TXT
+@@ -104,7 +1093,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
diff --git a/4.5.7/4425_grsec_remove_EI_PAX.patch b/4.5.7/4425_grsec_remove_EI_PAX.patch
index 2a1aa6c..c988c9a 100644
--- a/4.5.7/4425_grsec_remove_EI_PAX.patch
+++ b/4.5.7/4425_grsec_remove_EI_PAX.patch
@@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
--- linux-3.7.1-hardened.orig/security/Kconfig 2012-12-26 08:39:29.000000000 -0500
+++ linux-3.7.1-hardened/security/Kconfig 2012-12-26 09:05:44.000000000 -0500
-@@ -279,7 +279,7 @@
+@@ -280,7 +280,7 @@
config PAX_EI_PAX
bool 'Use legacy ELF header marking'
diff --git a/4.5.7/4450_grsec-kconfig-default-gids.patch b/4.5.7/4450_grsec-kconfig-default-gids.patch
index 79a866b..ccf0abd 100644
--- a/4.5.7/4450_grsec-kconfig-default-gids.patch
+++ b/4.5.7/4450_grsec-kconfig-default-gids.patch
@@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
diff -Nuar a/security/Kconfig b/security/Kconfig
--- a/security/Kconfig 2012-10-13 09:51:35.000000000 -0400
+++ b/security/Kconfig 2012-10-13 09:52:59.000000000 -0400
-@@ -207,7 +207,7 @@
+@@ -208,7 +208,7 @@
config GRKERNSEC_PROC_GID
int "GID exempted from /proc restrictions"
@@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group will be exempted from
grsecurity's /proc restrictions, allowing users of the specified
-@@ -218,7 +218,7 @@
+@@ -219,7 +219,7 @@
config GRKERNSEC_TPE_UNTRUSTED_GID
int "GID for TPE-untrusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines which group untrusted users should
be added to. These users will be placed under grsecurity's Trusted Path
-@@ -230,7 +230,7 @@
+@@ -231,7 +231,7 @@
config GRKERNSEC_TPE_TRUSTED_GID
int "GID for TPE-trusted users"
depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
help
Setting this GID determines what group TPE restrictions will be
*disabled* for. If the sysctl option is enabled, a sysctl option
-@@ -239,7 +239,7 @@
+@@ -240,7 +240,7 @@
config GRKERNSEC_SYMLINKOWN_GID
int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
depends on GRKERNSEC_CONFIG_SERVER
diff --git a/4.5.7/4470_disable-compat_vdso.patch b/4.5.7/4470_disable-compat_vdso.patch
index 4aba080..febce96 100644
--- a/4.5.7/4470_disable-compat_vdso.patch
+++ b/4.5.7/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
-@@ -2044,29 +2044,8 @@
+@@ -2047,29 +2047,8 @@
config COMPAT_VDSO
def_bool n
diff --git a/4.5.7/4475_emutramp_default_on.patch b/4.5.7/4475_emutramp_default_on.patch
index afd6019..feb8c7b 100644
--- a/4.5.7/4475_emutramp_default_on.patch
+++ b/4.5.7/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
--- linux-3.9.2-hardened.orig/security/Kconfig 2013-05-18 08:53:41.000000000 -0400
+++ linux-3.9.2-hardened/security/Kconfig 2013-05-18 09:17:57.000000000 -0400
-@@ -439,7 +439,7 @@
+@@ -440,7 +440,7 @@
config PAX_EMUTRAMP
bool "Emulate trampolines"
@@ -19,7 +19,7 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur
depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
help
There are some programs and libraries that for one reason or
-@@ -462,6 +462,12 @@
+@@ -463,6 +463,12 @@
utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
for the affected files.
^ permalink raw reply related [flat|nested] 7+ messages in thread
end of thread, other threads:[~2016-07-02 8:57 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-28 11:22 [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2016-07-02 8:57 Anthony G. Basile
2016-06-30 13:19 Anthony G. Basile
2016-06-30 13:09 Anthony G. Basile
2016-06-27 10:26 Anthony G. Basile
2016-06-21 10:18 Anthony G. Basile
2016-06-15 18:54 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox