public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-15 18:54 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-15 18:54 UTC (permalink / raw
  To: gentoo-commits

commit:     df5765ccf2fcc59e11b068e559e0528356afe44f
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Wed Jun 15 18:56:10 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed Jun 15 18:56:10 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=df5765cc

grsecurity-3.1-4.5.7-201606142010

 4.5.7/0000_README                                  |    2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606142010.patch} | 1324 ++++++++++++++++----
 2 files changed, 1056 insertions(+), 270 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 67f12a7..7dd453b 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606080852.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606142010.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
index 65f5e28..b46e7cf 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606080852.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
@@ -3631,6 +3631,68 @@ index 549f6d3..909a9dc 100644
  	default y if ARM_ARCH_TIMER
  	select GENERIC_TIME_VSYSCALL
  	help
+diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c
+index 7d5f4c7..c6a0816 100644
+--- a/arch/arm/mm/alignment.c
++++ b/arch/arm/mm/alignment.c
+@@ -778,6 +778,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ 	u16 tinstr = 0;
+ 	int isize = 4;
+ 	int thumb2_32b = 0;
++	bool is_user_mode = user_mode(regs);
+ 
+ 	if (interrupts_enabled(regs))
+ 		local_irq_enable();
+@@ -786,14 +787,24 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ 
+ 	if (thumb_mode(regs)) {
+ 		u16 *ptr = (u16 *)(instrptr & ~1);
+-		fault = probe_kernel_address(ptr, tinstr);
++		if (is_user_mode) {
++			pax_open_userland();
++			fault = probe_kernel_address(ptr, tinstr);
++			pax_close_userland();
++		} else
++			fault = probe_kernel_address(ptr, tinstr);
+ 		tinstr = __mem_to_opcode_thumb16(tinstr);
+ 		if (!fault) {
+ 			if (cpu_architecture() >= CPU_ARCH_ARMv7 &&
+ 			    IS_T32(tinstr)) {
+ 				/* Thumb-2 32-bit */
+ 				u16 tinst2 = 0;
+-				fault = probe_kernel_address(ptr + 1, tinst2);
++				if (is_user_mode) {
++					pax_open_userland();
++					fault = probe_kernel_address(ptr + 1, tinst2);
++					pax_close_userland();
++				} else
++					fault = probe_kernel_address(ptr + 1, tinst2);
+ 				tinst2 = __mem_to_opcode_thumb16(tinst2);
+ 				instr = __opcode_thumb32_compose(tinstr, tinst2);
+ 				thumb2_32b = 1;
+@@ -803,7 +814,12 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ 			}
+ 		}
+ 	} else {
+-		fault = probe_kernel_address((void *)instrptr, instr);
++		if (is_user_mode) {
++			pax_open_userland();
++			fault = probe_kernel_address((void *)instrptr, instr);
++			pax_close_userland();
++		} else
++			fault = probe_kernel_address((void *)instrptr, instr);
+ 		instr = __mem_to_opcode_arm(instr);
+ 	}
+ 
+@@ -812,7 +828,7 @@ do_alignment(unsigned long addr, unsigned int fsr, struct pt_regs *regs)
+ 		goto bad_or_fault;
+ 	}
+ 
+-	if (user_mode(regs))
++	if (is_user_mode)
+ 		goto user;
+ 
+ 	ai_sys += 1;
 diff --git a/arch/arm/mm/cache-l2x0.c b/arch/arm/mm/cache-l2x0.c
 index 9f9d542..5189649 100644
 --- a/arch/arm/mm/cache-l2x0.c
@@ -97446,6 +97508,123 @@ index 8580831..36166e5 100644
  	retval = sysfs_create_mount_point(kernel_kobj, "debug");
  	if (retval)
  		return retval;
+diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c
+index feef8a9..f024040 100644
+--- a/fs/ecryptfs/file.c
++++ b/fs/ecryptfs/file.c
+@@ -112,7 +112,6 @@ static int ecryptfs_readdir(struct file *file, struct dir_context *ctx)
+ 		.sb = inode->i_sb,
+ 	};
+ 	lower_file = ecryptfs_file_to_lower(file);
+-	lower_file->f_pos = ctx->pos;
+ 	rc = iterate_dir(lower_file, &buf.ctx);
+ 	ctx->pos = buf.ctx.pos;
+ 	if (rc < 0)
+@@ -223,14 +222,6 @@ static int ecryptfs_open(struct inode *inode, struct file *file)
+ 	}
+ 	ecryptfs_set_file_lower(
+ 		file, ecryptfs_inode_to_private(inode)->lower_file);
+-	if (d_is_dir(ecryptfs_dentry)) {
+-		ecryptfs_printk(KERN_DEBUG, "This is a directory\n");
+-		mutex_lock(&crypt_stat->cs_mutex);
+-		crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED);
+-		mutex_unlock(&crypt_stat->cs_mutex);
+-		rc = 0;
+-		goto out;
+-	}
+ 	rc = read_or_initialize_metadata(ecryptfs_dentry);
+ 	if (rc)
+ 		goto out_put;
+@@ -247,6 +238,45 @@ out:
+ 	return rc;
+ }
+ 
++/**
++ * ecryptfs_dir_open
++ * @inode: inode speciying file to open
++ * @file: Structure to return filled in
++ *
++ * Opens the file specified by inode.
++ *
++ * Returns zero on success; non-zero otherwise
++ */
++static int ecryptfs_dir_open(struct inode *inode, struct file *file)
++{
++	struct dentry *ecryptfs_dentry = file->f_path.dentry;
++	/* Private value of ecryptfs_dentry allocated in
++	 * ecryptfs_lookup() */
++	struct ecryptfs_file_info *file_info;
++	struct file *lower_file;
++
++	/* Released in ecryptfs_release or end of function if failure */
++	file_info = kmem_cache_zalloc(ecryptfs_file_info_cache, GFP_KERNEL);
++	ecryptfs_set_file_private(file, file_info);
++	if (unlikely(!file_info)) {
++		ecryptfs_printk(KERN_ERR,
++				"Error attempting to allocate memory\n");
++		return -ENOMEM;
++	}
++	lower_file = dentry_open(ecryptfs_dentry_to_lower_path(ecryptfs_dentry),
++				 file->f_flags, current_cred());
++	if (IS_ERR(lower_file)) {
++		printk(KERN_ERR "%s: Error attempting to initialize "
++			"the lower file for the dentry with name "
++			"[%pd]; rc = [%ld]\n", __func__,
++			ecryptfs_dentry, PTR_ERR(lower_file));
++		kmem_cache_free(ecryptfs_file_info_cache, file_info);
++		return PTR_ERR(lower_file);
++	}
++	ecryptfs_set_file_lower(file, lower_file);
++	return 0;
++}
++
+ static int ecryptfs_flush(struct file *file, fl_owner_t td)
+ {
+ 	struct file *lower_file = ecryptfs_file_to_lower(file);
+@@ -267,6 +297,19 @@ static int ecryptfs_release(struct inode *inode, struct file *file)
+ 	return 0;
+ }
+ 
++static int ecryptfs_dir_release(struct inode *inode, struct file *file)
++{
++	fput(ecryptfs_file_to_lower(file));
++	kmem_cache_free(ecryptfs_file_info_cache,
++			ecryptfs_file_to_private(file));
++	return 0;
++}
++
++static loff_t ecryptfs_dir_llseek(struct file *file, loff_t offset, int whence)
++{
++	return vfs_llseek(ecryptfs_file_to_lower(file), offset, whence);
++}
++
+ static int
+ ecryptfs_fsync(struct file *file, loff_t start, loff_t end, int datasync)
+ {
+@@ -346,20 +389,16 @@ const struct file_operations ecryptfs_dir_fops = {
+ #ifdef CONFIG_COMPAT
+ 	.compat_ioctl = ecryptfs_compat_ioctl,
+ #endif
+-	.open = ecryptfs_open,
+-	.flush = ecryptfs_flush,
+-	.release = ecryptfs_release,
++	.open = ecryptfs_dir_open,
++	.release = ecryptfs_dir_release,
+ 	.fsync = ecryptfs_fsync,
+-	.fasync = ecryptfs_fasync,
+-	.splice_read = generic_file_splice_read,
+-	.llseek = default_llseek,
++	.llseek = ecryptfs_dir_llseek,
+ };
+ 
+ const struct file_operations ecryptfs_main_fops = {
+ 	.llseek = generic_file_llseek,
+ 	.read_iter = ecryptfs_read_update_atime,
+ 	.write_iter = generic_file_write_iter,
+-	.iterate = ecryptfs_readdir,
+ 	.unlocked_ioctl = ecryptfs_unlocked_ioctl,
+ #ifdef CONFIG_COMPAT
+ 	.compat_ioctl = ecryptfs_compat_ioctl,
 diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c
 index 4e685ac..462fc20 100644
 --- a/fs/ecryptfs/inode.c
@@ -97483,6 +97662,45 @@ index 6bd67e2..1d71a4b 100644
  	}
  	s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
  	if (max_packet_size < ECRYPTFS_TAG_70_MIN_METADATA_SIZE) {
+diff --git a/fs/ecryptfs/kthread.c b/fs/ecryptfs/kthread.c
+index 866bb18..e818f5a 100644
+--- a/fs/ecryptfs/kthread.c
++++ b/fs/ecryptfs/kthread.c
+@@ -25,6 +25,7 @@
+ #include <linux/slab.h>
+ #include <linux/wait.h>
+ #include <linux/mount.h>
++#include <linux/file.h>
+ #include "ecryptfs_kernel.h"
+ 
+ struct ecryptfs_open_req {
+@@ -147,7 +148,7 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ 	flags |= IS_RDONLY(d_inode(lower_dentry)) ? O_RDONLY : O_RDWR;
+ 	(*lower_file) = dentry_open(&req.path, flags, cred);
+ 	if (!IS_ERR(*lower_file))
+-		goto out;
++		goto have_file;
+ 	if ((flags & O_ACCMODE) == O_RDONLY) {
+ 		rc = PTR_ERR((*lower_file));
+ 		goto out;
+@@ -165,8 +166,16 @@ int ecryptfs_privileged_open(struct file **lower_file,
+ 	mutex_unlock(&ecryptfs_kthread_ctl.mux);
+ 	wake_up(&ecryptfs_kthread_ctl.wait);
+ 	wait_for_completion(&req.done);
+-	if (IS_ERR(*lower_file))
++	if (IS_ERR(*lower_file)) {
+ 		rc = PTR_ERR(*lower_file);
++		goto out;
++	}
++have_file:
++	if ((*lower_file)->f_op->mmap == NULL) {
++		fput(*lower_file);
++		*lower_file = NULL;
++		rc = -EMEDIUMTYPE;
++	}
+ out:
+ 	return rc;
+ }
 diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c
 index e4141f2..d8263e8 100644
 --- a/fs/ecryptfs/miscdev.c
@@ -97497,7 +97715,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..b1bb7fa 100644
+index dcd4ac7..50eef0a 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -97835,15 +98053,7 @@ index dcd4ac7..b1bb7fa 100644
  	set_fs(old_fs);
  	return result;
  }
-@@ -869,6 +959,7 @@ static int exec_mmap(struct mm_struct *mm)
- 	tsk->mm = mm;
- 	tsk->active_mm = mm;
- 	activate_mm(active_mm, mm);
-+	populate_stack();
- 	tsk->mm->vmacache_seqnum = 0;
- 	vmacache_flush(tsk);
- 	task_unlock(tsk);
-@@ -1277,7 +1368,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1277,7 +1367,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm)
  	}
  	rcu_read_unlock();
  
@@ -97852,7 +98062,7 @@ index dcd4ac7..b1bb7fa 100644
  		bprm->unsafe |= LSM_UNSAFE_SHARE;
  	else
  		p->fs->in_exec = 1;
-@@ -1478,6 +1569,31 @@ static int exec_binprm(struct linux_binprm *bprm)
+@@ -1478,6 +1568,31 @@ static int exec_binprm(struct linux_binprm *bprm)
  	return ret;
  }
  
@@ -97884,7 +98094,7 @@ index dcd4ac7..b1bb7fa 100644
  /*
   * sys_execve() executes a new program.
   */
-@@ -1486,6 +1602,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1486,6 +1601,11 @@ static int do_execveat_common(int fd, struct filename *filename,
  			      struct user_arg_ptr envp,
  			      int flags)
  {
@@ -97896,7 +98106,7 @@ index dcd4ac7..b1bb7fa 100644
  	char *pathbuf = NULL;
  	struct linux_binprm *bprm;
  	struct file *file;
-@@ -1495,6 +1616,8 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1495,6 +1615,8 @@ static int do_execveat_common(int fd, struct filename *filename,
  	if (IS_ERR(filename))
  		return PTR_ERR(filename);
  
@@ -97905,7 +98115,7 @@ index dcd4ac7..b1bb7fa 100644
  	/*
  	 * We move the actual failure in case of RLIMIT_NPROC excess from
  	 * set*uid() to execve() because too many poorly written programs
-@@ -1558,6 +1681,11 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1558,6 +1680,11 @@ static int do_execveat_common(int fd, struct filename *filename,
  	}
  	bprm->interp = bprm->filename;
  
@@ -97917,7 +98127,7 @@ index dcd4ac7..b1bb7fa 100644
  	retval = bprm_mm_init(bprm);
  	if (retval)
  		goto out_unmark;
-@@ -1574,24 +1702,70 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1574,24 +1701,70 @@ static int do_execveat_common(int fd, struct filename *filename,
  	if (retval < 0)
  		goto out;
  
@@ -97992,7 +98202,7 @@ index dcd4ac7..b1bb7fa 100644
  	current->fs->in_exec = 0;
  	current->in_execve = 0;
  	acct_update_integrals(current);
-@@ -1603,6 +1777,14 @@ static int do_execveat_common(int fd, struct filename *filename,
+@@ -1603,6 +1776,14 @@ static int do_execveat_common(int fd, struct filename *filename,
  		put_files_struct(displaced);
  	return retval;
  
@@ -98007,7 +98217,7 @@ index dcd4ac7..b1bb7fa 100644
  out:
  	if (bprm->mm) {
  		acct_arg_size(bprm, 0);
-@@ -1749,3 +1931,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
  				  argv, envp, flags);
  }
  #endif
@@ -98163,7 +98373,7 @@ index dcd4ac7..b1bb7fa 100644
 +
 +#ifdef CONFIG_PAX_USERCOPY
 +/* 0: not at all, 1: fully, 2: fully inside frame, -1: partially (implies an error) */
-+static noinline int check_stack_object(const void *obj, unsigned long len)
++static noinline int check_stack_object(unsigned long obj, unsigned long len)
 +{
 +	const void * const stack = task_stack_page(current);
 +	const void * const stackend = stack + THREAD_SIZE;
@@ -98176,10 +98386,10 @@ index dcd4ac7..b1bb7fa 100644
 +	if (obj + len < obj)
 +		return -1;
 +
-+	if (obj + len <= stack || stackend <= obj)
++	if (obj + len <= (unsigned long)stack || (unsigned long)stackend <= obj)
 +		return 0;
 +
-+	if (obj < stack || stackend < obj + len)
++	if (obj < (unsigned long)stack || (unsigned long)stackend < obj + len)
 +		return -1;
 +
 +#if defined(CONFIG_FRAME_POINTER) && defined(CONFIG_X86)
@@ -98198,8 +98408,8 @@ index dcd4ac7..b1bb7fa 100644
 +		   causing us to bail out and correctly report
 +		   the copy as invalid
 +		*/
-+		if (obj + len <= frame)
-+			return obj >= oldframe + 2 * sizeof(void *) ? 2 : -1;
++		if (obj + len <= (unsigned long)frame)
++			return obj >= (unsigned long)oldframe + 2 * sizeof(void *) ? 2 : -1;
 +		oldframe = frame;
 +		frame = *(const void * const *)frame;
 +	}
@@ -98280,7 +98490,7 @@ index dcd4ac7..b1bb7fa 100644
 +
 +	type = check_heap_object(ptr, n);
 +	if (!type) {
-+		int ret = check_stack_object(ptr, n);
++		int ret = check_stack_object((unsigned long)ptr, n);
 +		if (ret == 1 || ret == 2)
 +			return;
 +		if (ret == 0) {
@@ -113366,10 +113576,24 @@ index fe5b6e6..cd2913c 100644
  			kfree(ctl_table_arg);
  			goto out;
 diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 361ab4e..9720b97 100644
+index 361ab4e..55e45e9 100644
 --- a/fs/proc/root.c
 +++ b/fs/proc/root.c
-@@ -187,7 +187,15 @@ void __init proc_root_init(void)
+@@ -121,6 +121,13 @@ static struct dentry *proc_mount(struct file_system_type *fs_type,
+ 	if (IS_ERR(sb))
+ 		return ERR_CAST(sb);
+ 
++	/*
++	 * procfs isn't actually a stacking filesystem; however, there is
++	 * too much magic going on inside it to permit stacking things on
++	 * top of it
++	 */
++	sb->s_stack_depth = FILESYSTEM_MAX_STACK_DEPTH;
++
+ 	if (!proc_parse_options(options, ns)) {
+ 		deactivate_locked_super(sb);
+ 		return ERR_PTR(-EINVAL);
+@@ -187,7 +194,15 @@ void __init proc_root_init(void)
  	proc_create_mount_point("openprom");
  #endif
  	proc_tty_init();
@@ -115023,6 +115247,157 @@ index 642d55d..d8ccf82 100644
  			    xfs_dir3_get_dtype(dp->i_mount, filetype)))
  			return 0;
  		sfep = dp->d_ops->sf_nextentry(sfp, sfep);
+diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
+index d7a490f..59a8848 100644
+--- a/fs/xfs/xfs_icache.c
++++ b/fs/xfs/xfs_icache.c
+@@ -91,13 +91,6 @@ xfs_inode_free_callback(
+ 	struct inode		*inode = container_of(head, struct inode, i_rcu);
+ 	struct xfs_inode	*ip = XFS_I(inode);
+ 
+-	kmem_zone_free(xfs_inode_zone, ip);
+-}
+-
+-void
+-xfs_inode_free(
+-	struct xfs_inode	*ip)
+-{
+ 	switch (ip->i_d.di_mode & S_IFMT) {
+ 	case S_IFREG:
+ 	case S_IFDIR:
+@@ -115,6 +108,25 @@ xfs_inode_free(
+ 		ip->i_itemp = NULL;
+ 	}
+ 
++	kmem_zone_free(xfs_inode_zone, ip);
++}
++
++static void
++__xfs_inode_free(
++	struct xfs_inode	*ip)
++{
++	/* asserts to verify all state is correct here */
++	ASSERT(atomic_read(&ip->i_pincount) == 0);
++	ASSERT(!xfs_isiflocked(ip));
++	XFS_STATS_DEC(ip->i_mount, vn_active);
++
++	call_rcu(&VFS_I(ip)->i_rcu, xfs_inode_free_callback);
++}
++
++void
++xfs_inode_free(
++	struct xfs_inode	*ip)
++{
+ 	/*
+ 	 * Because we use RCU freeing we need to ensure the inode always
+ 	 * appears to be reclaimed with an invalid inode number when in the
+@@ -126,12 +138,7 @@ xfs_inode_free(
+ 	ip->i_ino = 0;
+ 	spin_unlock(&ip->i_flags_lock);
+ 
+-	/* asserts to verify all state is correct here */
+-	ASSERT(atomic_read(&ip->i_pincount) == 0);
+-	ASSERT(!xfs_isiflocked(ip));
+-	XFS_STATS_DEC(ip->i_mount, vn_active);
+-
+-	call_rcu(&VFS_I(ip)->i_rcu, xfs_inode_free_callback);
++	__xfs_inode_free(ip);
+ }
+ 
+ /*
+@@ -741,8 +748,7 @@ __xfs_inode_set_reclaim_tag(
+ 	if (!pag->pag_ici_reclaimable) {
+ 		/* propagate the reclaim tag up into the perag radix tree */
+ 		spin_lock(&ip->i_mount->m_perag_lock);
+-		radix_tree_tag_set(&ip->i_mount->m_perag_tree,
+-				XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino),
++		radix_tree_tag_set(&ip->i_mount->m_perag_tree, pag->pag_agno,
+ 				XFS_ICI_RECLAIM_TAG);
+ 		spin_unlock(&ip->i_mount->m_perag_lock);
+ 
+@@ -786,8 +792,7 @@ __xfs_inode_clear_reclaim(
+ 	if (!pag->pag_ici_reclaimable) {
+ 		/* clear the reclaim tag from the perag radix tree */
+ 		spin_lock(&ip->i_mount->m_perag_lock);
+-		radix_tree_tag_clear(&ip->i_mount->m_perag_tree,
+-				XFS_INO_TO_AGNO(ip->i_mount, ip->i_ino),
++		radix_tree_tag_clear(&ip->i_mount->m_perag_tree, pag->pag_agno,
+ 				XFS_ICI_RECLAIM_TAG);
+ 		spin_unlock(&ip->i_mount->m_perag_lock);
+ 		trace_xfs_perag_clear_reclaim(ip->i_mount, pag->pag_agno,
+@@ -898,6 +903,7 @@ xfs_reclaim_inode(
+ 	int			sync_mode)
+ {
+ 	struct xfs_buf		*bp = NULL;
++	xfs_ino_t		ino = ip->i_ino; /* for radix_tree_delete */
+ 	int			error;
+ 
+ restart:
+@@ -962,6 +968,22 @@ restart:
+ 
+ 	xfs_iflock(ip);
+ reclaim:
++	/*
++	 * Because we use RCU freeing we need to ensure the inode always appears
++	 * to be reclaimed with an invalid inode number when in the free state.
++	 * We do this as early as possible under the ILOCK and flush lock so
++	 * that xfs_iflush_cluster() can be guaranteed to detect races with us
++	 * here. By doing this, we guarantee that once xfs_iflush_cluster has
++	 * locked both the XFS_ILOCK and the flush lock that it will see either
++	 * a valid, flushable inode that will serialise correctly against the
++	 * locks below, or it will see a clean (and invalid) inode that it can
++	 * skip.
++	 */
++	spin_lock(&ip->i_flags_lock);
++	ip->i_flags = XFS_IRECLAIM;
++	ip->i_ino = 0;
++	spin_unlock(&ip->i_flags_lock);
++
+ 	xfs_ifunlock(ip);
+ 	xfs_iunlock(ip, XFS_ILOCK_EXCL);
+ 
+@@ -975,7 +997,7 @@ reclaim:
+ 	 */
+ 	spin_lock(&pag->pag_ici_lock);
+ 	if (!radix_tree_delete(&pag->pag_ici_root,
+-				XFS_INO_TO_AGINO(ip->i_mount, ip->i_ino)))
++				XFS_INO_TO_AGINO(ip->i_mount, ino)))
+ 		ASSERT(0);
+ 	__xfs_inode_clear_reclaim(pag, ip);
+ 	spin_unlock(&pag->pag_ici_lock);
+@@ -992,7 +1014,7 @@ reclaim:
+ 	xfs_qm_dqdetach(ip);
+ 	xfs_iunlock(ip, XFS_ILOCK_EXCL);
+ 
+-	xfs_inode_free(ip);
++	__xfs_inode_free(ip);
+ 	return error;
+ 
+ out_ifunlock:
+diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
+index c738a52..658eea8 100644
+--- a/fs/xfs/xfs_inode.c
++++ b/fs/xfs/xfs_inode.c
+@@ -3259,6 +3259,19 @@ xfs_iflush_cluster(
+ 			continue;
+ 		}
+ 
++
++		/*
++		 * Check the inode number again, just to be certain we are not
++		 * racing with freeing in xfs_reclaim_inode(). See the comments
++		 * in that function for more information as to why the initial
++		 * check is not sufficient.
++		 */
++		if (!iq->i_ino) {
++			xfs_ifunlock(iq);
++			xfs_iunlock(iq, XFS_ILOCK_SHARED);
++			continue;
++		}
++
+ 		/*
+ 		 * arriving here means that this inode can be flushed.  First
+ 		 * re-check that it's dirty before flushing.
 diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
 index 478d04e..3d6a86b 100644
 --- a/fs/xfs/xfs_ioctl.c
@@ -132656,7 +133031,7 @@ index 556ec1e..38c19c9 100644
  
  /*
 diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a10494a..9f25fd6 100644
+index a10494a..2d7faf1 100644
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -7,7 +7,7 @@
@@ -132929,17 +133304,16 @@ index a10494a..9f25fd6 100644
  {
  	return tsk->pid;
  }
-@@ -2289,6 +2397,26 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu);
  
  extern void sched_clock_init(void);
  
 +#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW
-+static inline void populate_stack(void)
++static inline void populate_stack(void *stack)
 +{
-+	struct task_struct *curtask = current;
 +	int c;
-+	int *ptr = curtask->stack;
-+	int *end = curtask->stack + THREAD_SIZE;
++	int *ptr = stack;
++	int *end = stack + THREAD_SIZE;
 +
 +	while (ptr < end) {
 +		c = *(volatile int *)ptr;
@@ -132948,7 +133322,7 @@ index a10494a..9f25fd6 100644
 +	}
 +}
 +#else
-+static inline void populate_stack(void)
++static inline void populate_stack(void *stack)
 +{
 +}
 +#endif
@@ -132956,7 +133330,7 @@ index a10494a..9f25fd6 100644
  #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  static inline void sched_clock_tick(void)
  {
-@@ -2417,7 +2545,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
+@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
  void yield(void);
  
  union thread_union {
@@ -132966,7 +133340,7 @@ index a10494a..9f25fd6 100644
  	unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
-@@ -2450,6 +2580,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns;
   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -132974,7 +133348,7 @@ index a10494a..9f25fd6 100644
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
  		struct pid_namespace *ns);
  
-@@ -2481,7 +2612,7 @@ extern void proc_caches_init(void);
+@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void);
  extern void flush_signals(struct task_struct *);
  extern void ignore_signals(struct task_struct *);
  extern void flush_signal_handlers(struct task_struct *, int force_default);
@@ -132983,7 +133357,7 @@ index a10494a..9f25fd6 100644
  
  static inline int kernel_dequeue_signal(siginfo_t *info)
  {
-@@ -2635,7 +2766,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
@@ -132992,7 +133366,7 @@ index a10494a..9f25fd6 100644
  
  extern int do_execve(struct filename *,
  		     const char __user * const __user *,
-@@ -2750,11 +2881,13 @@ static inline int thread_group_empty(struct task_struct *p)
+@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p)
   * It must not be nested with write_lock_irq(&tasklist_lock),
   * neither inside nor outside.
   */
@@ -133006,7 +133380,7 @@ index a10494a..9f25fd6 100644
  static inline void task_unlock(struct task_struct *p)
  {
  	spin_unlock(&p->alloc_lock);
-@@ -2840,9 +2973,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
  #define task_stack_end_corrupted(task) \
  		(*(end_of_stack(task)) != STACK_END_MAGIC)
  
@@ -138371,10 +138745,10 @@ index c112abb..49d919f 100644
  		if (wo->wo_flags & __WNOTHREAD)
  			break;
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 2e391c7..555531a 100644
+index 2e391c7..4af22a9 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
-@@ -188,12 +188,54 @@ static void free_thread_info(struct thread_info *ti)
+@@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
  void thread_info_cache_init(void)
  {
  	thread_info_cache = kmem_cache_create("thread_info", THREAD_SIZE,
@@ -138405,7 +138779,8 @@ index 2e391c7..555531a 100644
 +	if (ret == NULL) {
 +		free_thread_info(*lowmem_stack);
 +		*lowmem_stack = NULL;
-+	}
++	} else
++		populate_stack(ret);
 +
 +out:
 +	return ret;
@@ -138430,7 +138805,7 @@ index 2e391c7..555531a 100644
  /* SLAB cache for signal_struct structures (tsk->signal) */
  static struct kmem_cache *signal_cachep;
  
-@@ -212,18 +254,22 @@ struct kmem_cache *vm_area_cachep;
+@@ -212,18 +255,22 @@ struct kmem_cache *vm_area_cachep;
  /* SLAB cache for mm_struct structures (tsk->mm) */
  static struct kmem_cache *mm_cachep;
  
@@ -138456,7 +138831,7 @@ index 2e391c7..555531a 100644
  	rt_mutex_debug_task_free(tsk);
  	ftrace_graph_exit_task(tsk);
  	put_seccomp_filter(tsk);
-@@ -290,7 +336,7 @@ static void set_max_threads(unsigned int max_threads_suggested)
+@@ -290,7 +337,7 @@ static void set_max_threads(unsigned int max_threads_suggested)
  
  #ifdef CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT
  /* Initialized by the architecture: */
@@ -138465,7 +138840,7 @@ index 2e391c7..555531a 100644
  #endif
  
  void __init fork_init(void)
-@@ -335,6 +381,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -335,6 +382,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
  {
  	struct task_struct *tsk;
  	struct thread_info *ti;
@@ -138473,7 +138848,7 @@ index 2e391c7..555531a 100644
  	int node = tsk_fork_get_node(orig);
  	int err;
  
-@@ -342,7 +389,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -342,7 +390,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
  	if (!tsk)
  		return NULL;
  
@@ -138482,7 +138857,7 @@ index 2e391c7..555531a 100644
  	if (!ti)
  		goto free_tsk;
  
-@@ -351,6 +398,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -351,6 +399,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
  		goto free_ti;
  
  	tsk->stack = ti;
@@ -138492,7 +138867,7 @@ index 2e391c7..555531a 100644
  #ifdef CONFIG_SECCOMP
  	/*
  	 * We must handle setting up seccomp filters once we're under
-@@ -367,7 +417,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -367,7 +418,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
  	set_task_stack_end_magic(tsk);
  
  #ifdef CONFIG_CC_STACKPROTECTOR
@@ -138501,7 +138876,7 @@ index 2e391c7..555531a 100644
  #endif
  
  	/*
-@@ -382,24 +432,90 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -382,24 +433,90 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
  	tsk->task_frag.page = NULL;
  	tsk->wake_q.next = NULL;
  
@@ -138596,7 +138971,7 @@ index 2e391c7..555531a 100644
  
  	uprobe_start_dup_mmap();
  	down_write(&oldmm->mmap_sem);
-@@ -430,52 +546,14 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -430,52 +547,14 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
  
  	prev = NULL;
  	for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
@@ -138653,7 +139028,7 @@ index 2e391c7..555531a 100644
  		}
  
  		/*
-@@ -507,6 +585,38 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -507,6 +586,38 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
  		if (retval)
  			goto out;
  	}
@@ -138692,7 +139067,7 @@ index 2e391c7..555531a 100644
  	/* a new mm has just been created */
  	arch_dup_mmap(oldmm, mm);
  	retval = 0;
-@@ -516,14 +626,6 @@ out:
+@@ -516,14 +627,6 @@ out:
  	up_write(&oldmm->mmap_sem);
  	uprobe_end_dup_mmap();
  	return retval;
@@ -138707,7 +139082,7 @@ index 2e391c7..555531a 100644
  }
  
  static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -798,8 +900,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+@@ -798,8 +901,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
  		return ERR_PTR(err);
  
  	mm = get_task_mm(task);
@@ -138718,7 +139093,7 @@ index 2e391c7..555531a 100644
  		mmput(mm);
  		mm = ERR_PTR(-EACCES);
  	}
-@@ -1000,13 +1102,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -1000,13 +1103,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
  			spin_unlock(&fs->lock);
  			return -EAGAIN;
  		}
@@ -138740,7 +139115,7 @@ index 2e391c7..555531a 100644
  	return 0;
  }
  
-@@ -1239,7 +1348,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
+@@ -1239,7 +1349,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid)
   * parts of the process environment (as per the clone
   * flags). The actual kick-off is left to the caller.
   */
@@ -138749,7 +139124,7 @@ index 2e391c7..555531a 100644
  					unsigned long stack_start,
  					unsigned long stack_size,
  					int __user *child_tidptr,
-@@ -1310,6 +1419,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1310,6 +1420,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
  	DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
  #endif
  	retval = -EAGAIN;
@@ -138759,7 +139134,7 @@ index 2e391c7..555531a 100644
  	if (atomic_read(&p->real_cred->user->processes) >=
  			task_rlimit(p, RLIMIT_NPROC)) {
  		if (p->real_cred->user != INIT_USER &&
-@@ -1568,6 +1680,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
  		goto bad_fork_cancel_cgroup;
  	}
  
@@ -138771,7 +139146,7 @@ index 2e391c7..555531a 100644
  	if (likely(p->pid)) {
  		ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
  
-@@ -1657,6 +1774,8 @@ bad_fork_cleanup_count:
+@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
  bad_fork_free:
  	free_task(p);
  fork_out:
@@ -138780,7 +139155,7 @@ index 2e391c7..555531a 100644
  	return ERR_PTR(retval);
  }
  
-@@ -1719,6 +1838,7 @@ long _do_fork(unsigned long clone_flags,
+@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
  
  	p = copy_process(clone_flags, stack_start, stack_size,
  			 child_tidptr, NULL, trace, tls);
@@ -138788,7 +139163,7 @@ index 2e391c7..555531a 100644
  	/*
  	 * Do this prior waking up the new thread - the thread pointer
  	 * might get invalid after that point, if the thread exits quickly.
-@@ -1735,6 +1855,8 @@ long _do_fork(unsigned long clone_flags,
+@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
  		if (clone_flags & CLONE_PARENT_SETTID)
  			put_user(nr, parent_tidptr);
  
@@ -138797,7 +139172,7 @@ index 2e391c7..555531a 100644
  		if (clone_flags & CLONE_VFORK) {
  			p->vfork_done = &vfork;
  			init_completion(&vfork);
-@@ -1871,7 +1993,7 @@ void __init proc_caches_init(void)
+@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
  			sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
  			SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
  			NULL);
@@ -138806,7 +139181,7 @@ index 2e391c7..555531a 100644
  	mmap_init();
  	nsproxy_cache_init();
  }
-@@ -1919,7 +2041,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
  		return 0;
  
  	/* don't need lock here; in the worst case we'll do useless copy */
@@ -138815,7 +139190,7 @@ index 2e391c7..555531a 100644
  		return 0;
  
  	*new_fsp = copy_fs_struct(fs);
-@@ -2032,7 +2154,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
  			fs = current->fs;
  			spin_lock(&fs->lock);
  			current->fs = new_fs;
@@ -138825,7 +139200,7 @@ index 2e391c7..555531a 100644
  				new_fs = NULL;
  			else
  				new_fs = fs;
-@@ -2096,7 +2219,7 @@ int unshare_files(struct files_struct **displaced)
+@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
  int sysctl_max_threads(struct ctl_table *table, int write,
  		       void __user *buffer, size_t *lenp, loff_t *ppos)
  {
@@ -141676,7 +142051,7 @@ index a5d966c..9c2d28b 100644
  #ifdef CONFIG_RT_GROUP_SCHED
  	/*
 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 1c1d2a0..a8b297a 100644
+index 1c1d2a0..1b7307c 100644
 --- a/kernel/sched/core.c
 +++ b/kernel/sched/core.c
 @@ -2263,7 +2263,7 @@ void set_numabalancing_state(bool enabled)
@@ -141706,18 +142081,27 @@ index 1c1d2a0..a8b297a 100644
  		next = head->next;
  		head->next = NULL;
  		head = next;
-@@ -2784,8 +2784,10 @@ context_switch(struct rq *rq, struct task_struct *prev,
+@@ -2784,8 +2784,9 @@ context_switch(struct rq *rq, struct task_struct *prev,
  		next->active_mm = oldmm;
  		atomic_inc(&oldmm->mm_count);
  		enter_lazy_tlb(oldmm, next);
 -	} else
 +	} else {
  		switch_mm(oldmm, mm, next);
-+		populate_stack();
 +	}
  
  	if (!prev->mm) {
  		prev->active_mm = NULL;
+@@ -3109,7 +3110,8 @@ static noinline void __schedule_bug(struct task_struct *prev)
+ static inline void schedule_debug(struct task_struct *prev)
+ {
+ #ifdef CONFIG_SCHED_STACK_END_CHECK
+-	BUG_ON(task_stack_end_corrupted(prev));
++	if (task_stack_end_corrupted(prev))
++		panic("corrupted stack end detected inside scheduler\n");
+ #endif
+ 
+ 	if (unlikely(in_atomic_preempt_off())) {
 @@ -3609,6 +3611,8 @@ int can_nice(const struct task_struct *p, const int nice)
  	/* convert nice value [19,-20] to rlimit style value [1,40] */
  	int nice_rlim = nice_to_rlimit(nice);
@@ -141745,15 +142129,7 @@ index 1c1d2a0..a8b297a 100644
  			/* can't increase priority */
  			if (attr->sched_priority > p->rt_priority &&
  			    attr->sched_priority > rlim_rtprio)
-@@ -5285,6 +5291,7 @@ void idle_task_exit(void)
- 
- 	if (mm != &init_mm) {
- 		switch_mm(mm, &init_mm, current);
-+		populate_stack();
- 		finish_arch_post_lock_switch();
- 	}
- 	mmdrop(mm);
-@@ -5410,7 +5417,7 @@ static void migrate_tasks(struct rq *dead_rq)
+@@ -5410,7 +5416,7 @@ static void migrate_tasks(struct rq *dead_rq)
  
  #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
  
@@ -141762,7 +142138,7 @@ index 1c1d2a0..a8b297a 100644
  	{
  		.procname	= "sched_domain",
  		.mode		= 0555,
-@@ -5427,17 +5434,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -5427,17 +5433,17 @@ static struct ctl_table sd_ctl_root[] = {
  	{}
  };
  
@@ -141784,7 +142160,7 @@ index 1c1d2a0..a8b297a 100644
  
  	/*
  	 * In the intermediate directories, both the child directory and
-@@ -5445,22 +5452,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -5445,22 +5451,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
  	 * will always be set. In the lowest directory the names are
  	 * static strings and all have proc handlers.
  	 */
@@ -141816,7 +142192,7 @@ index 1c1d2a0..a8b297a 100644
  		const char *procname, void *data, int maxlen,
  		umode_t mode, proc_handler *proc_handler,
  		bool load_idx)
-@@ -5480,7 +5490,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5480,7 +5489,7 @@ set_table_entry(struct ctl_table *entry,
  static struct ctl_table *
  sd_alloc_ctl_domain_table(struct sched_domain *sd)
  {
@@ -141825,7 +142201,7 @@ index 1c1d2a0..a8b297a 100644
  
  	if (table == NULL)
  		return NULL;
-@@ -5518,9 +5528,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5518,9 +5527,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
  	return table;
  }
  
@@ -141837,7 +142213,7 @@ index 1c1d2a0..a8b297a 100644
  	struct sched_domain *sd;
  	int domain_num = 0, i;
  	char buf[32];
-@@ -5547,11 +5557,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5547,11 +5556,13 @@ static struct ctl_table_header *sd_sysctl_header;
  static void register_sched_domain_sysctl(void)
  {
  	int i, cpu_num = num_possible_cpus();
@@ -141852,7 +142228,7 @@ index 1c1d2a0..a8b297a 100644
  
  	if (entry == NULL)
  		return;
-@@ -5573,8 +5585,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5573,8 +5584,12 @@ static void unregister_sched_domain_sysctl(void)
  {
  	unregister_sysctl_table(sd_sysctl_header);
  	sd_sysctl_header = NULL;
@@ -142205,10 +142581,18 @@ index d903c02..c3efd35 100644
  	unsigned long flags;
  	int ret = 0;
 diff --git a/kernel/smpboot.c b/kernel/smpboot.c
-index d264f59..48b8da3 100644
+index d264f59..fd4da04 100644
 --- a/kernel/smpboot.c
 +++ b/kernel/smpboot.c
-@@ -301,7 +301,7 @@ int smpboot_register_percpu_thread_cpumask(struct smp_hotplug_thread *plug_threa
+@@ -13,6 +13,7 @@
+ #include <linux/percpu.h>
+ #include <linux/kthread.h>
+ #include <linux/smpboot.h>
++#include <asm/pgtable.h>
+ 
+ #include "smpboot.h"
+ 
+@@ -301,7 +302,7 @@ int smpboot_register_percpu_thread_cpumask(struct smp_hotplug_thread *plug_threa
  		if (cpumask_test_cpu(cpu, cpumask))
  			smpboot_unpark_thread(plug_thread, cpu);
  	}
@@ -142217,7 +142601,7 @@ index d264f59..48b8da3 100644
  out:
  	mutex_unlock(&smpboot_threads_lock);
  	put_online_cpus();
-@@ -319,7 +319,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
+@@ -319,7 +320,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread)
  {
  	get_online_cpus();
  	mutex_lock(&smpboot_threads_lock);
@@ -142226,6 +142610,16 @@ index d264f59..48b8da3 100644
  	smpboot_destroy_threads(plug_thread);
  	mutex_unlock(&smpboot_threads_lock);
  	put_online_cpus();
+@@ -359,7 +360,9 @@ int smpboot_update_cpumask_percpu_thread(struct smp_hotplug_thread *plug_thread,
+ 	for_each_cpu_and(cpu, tmp, cpu_online_mask)
+ 		smpboot_unpark_thread(plug_thread, cpu);
+ 
++	pax_open_kernel();
+ 	cpumask_copy(old, new);
++	pax_close_kernel();
+ 
+ 	mutex_unlock(&smpboot_threads_lock);
+ 	put_online_cpus();
 diff --git a/kernel/softirq.c b/kernel/softirq.c
 index 479e443..4072c49 100644
 --- a/kernel/softirq.c
@@ -148702,9 +149096,18 @@ index 1d11790..1cc6074 100644
  		spin_unlock_irqrestore(&zone->lock, flags);
  	}
 diff --git a/mm/percpu.c b/mm/percpu.c
-index 998607a..4854f93 100644
+index 998607a..389e6ba 100644
 --- a/mm/percpu.c
 +++ b/mm/percpu.c
+@@ -110,7 +110,7 @@ struct pcpu_chunk {
+ 	int			map_used;	/* # of map entries used before the sentry */
+ 	int			map_alloc;	/* # of map entries allocated */
+ 	int			*map;		/* allocation map */
+-	struct work_struct	map_extend_work;/* async ->map[] extension */
++	struct list_head	map_extend_list;/* on pcpu_map_extend_chunks */
+ 
+ 	void			*data;		/* chunk data */
+ 	int			first_free;	/* no free below this */
 @@ -131,7 +131,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly;
  static unsigned int pcpu_high_unit_cpu __read_mostly;
  
@@ -148714,6 +149117,192 @@ index 998607a..4854f93 100644
  EXPORT_SYMBOL_GPL(pcpu_base_addr);
  
  static const int *pcpu_unit_map __read_mostly;		/* cpu -> unit */
+@@ -160,10 +160,13 @@ static struct pcpu_chunk *pcpu_reserved_chunk;
+ static int pcpu_reserved_chunk_limit;
+ 
+ static DEFINE_SPINLOCK(pcpu_lock);	/* all internal data structures */
+-static DEFINE_MUTEX(pcpu_alloc_mutex);	/* chunk create/destroy, [de]pop */
++static DEFINE_MUTEX(pcpu_alloc_mutex);	/* chunk create/destroy, [de]pop, map ext */
+ 
+ static struct list_head *pcpu_slot __read_mostly; /* chunk list slots */
+ 
++/* chunks which need their map areas extended, protected by pcpu_lock */
++static LIST_HEAD(pcpu_map_extend_chunks);
++
+ /*
+  * The number of empty populated pages, protected by pcpu_lock.  The
+  * reserved chunk doesn't contribute to the count.
+@@ -393,13 +396,19 @@ static int pcpu_need_to_extend(struct pcpu_chunk *chunk, bool is_atomic)
+ {
+ 	int margin, new_alloc;
+ 
++	lockdep_assert_held(&pcpu_lock);
++
+ 	if (is_atomic) {
+ 		margin = 3;
+ 
+ 		if (chunk->map_alloc <
+-		    chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW &&
+-		    pcpu_async_enabled)
+-			schedule_work(&chunk->map_extend_work);
++		    chunk->map_used + PCPU_ATOMIC_MAP_MARGIN_LOW) {
++			if (list_empty(&chunk->map_extend_list)) {
++				list_add_tail(&chunk->map_extend_list,
++					      &pcpu_map_extend_chunks);
++				pcpu_schedule_balance_work();
++			}
++		}
+ 	} else {
+ 		margin = PCPU_ATOMIC_MAP_MARGIN_HIGH;
+ 	}
+@@ -433,6 +442,8 @@ static int pcpu_extend_area_map(struct pcpu_chunk *chunk, int new_alloc)
+ 	size_t old_size = 0, new_size = new_alloc * sizeof(new[0]);
+ 	unsigned long flags;
+ 
++	lockdep_assert_held(&pcpu_alloc_mutex);
++
+ 	new = pcpu_mem_zalloc(new_size);
+ 	if (!new)
+ 		return -ENOMEM;
+@@ -465,20 +476,6 @@ out_unlock:
+ 	return 0;
+ }
+ 
+-static void pcpu_map_extend_workfn(struct work_struct *work)
+-{
+-	struct pcpu_chunk *chunk = container_of(work, struct pcpu_chunk,
+-						map_extend_work);
+-	int new_alloc;
+-
+-	spin_lock_irq(&pcpu_lock);
+-	new_alloc = pcpu_need_to_extend(chunk, false);
+-	spin_unlock_irq(&pcpu_lock);
+-
+-	if (new_alloc)
+-		pcpu_extend_area_map(chunk, new_alloc);
+-}
+-
+ /**
+  * pcpu_fit_in_area - try to fit the requested allocation in a candidate area
+  * @chunk: chunk the candidate area belongs to
+@@ -738,7 +735,7 @@ static struct pcpu_chunk *pcpu_alloc_chunk(void)
+ 	chunk->map_used = 1;
+ 
+ 	INIT_LIST_HEAD(&chunk->list);
+-	INIT_WORK(&chunk->map_extend_work, pcpu_map_extend_workfn);
++	INIT_LIST_HEAD(&chunk->map_extend_list);
+ 	chunk->free_size = pcpu_unit_size;
+ 	chunk->contig_hint = pcpu_unit_size;
+ 
+@@ -893,6 +890,9 @@ static void __percpu *pcpu_alloc(size_t size, size_t align, bool reserved,
+ 		return NULL;
+ 	}
+ 
++	if (!is_atomic)
++		mutex_lock(&pcpu_alloc_mutex);
++
+ 	spin_lock_irqsave(&pcpu_lock, flags);
+ 
+ 	/* serve reserved allocations from the reserved chunk if available */
+@@ -965,12 +965,9 @@ restart:
+ 	if (is_atomic)
+ 		goto fail;
+ 
+-	mutex_lock(&pcpu_alloc_mutex);
+-
+ 	if (list_empty(&pcpu_slot[pcpu_nr_slots - 1])) {
+ 		chunk = pcpu_create_chunk();
+ 		if (!chunk) {
+-			mutex_unlock(&pcpu_alloc_mutex);
+ 			err = "failed to allocate new chunk";
+ 			goto fail;
+ 		}
+@@ -981,7 +978,6 @@ restart:
+ 		spin_lock_irqsave(&pcpu_lock, flags);
+ 	}
+ 
+-	mutex_unlock(&pcpu_alloc_mutex);
+ 	goto restart;
+ 
+ area_found:
+@@ -991,8 +987,6 @@ area_found:
+ 	if (!is_atomic) {
+ 		int page_start, page_end, rs, re;
+ 
+-		mutex_lock(&pcpu_alloc_mutex);
+-
+ 		page_start = PFN_DOWN(off);
+ 		page_end = PFN_UP(off + size);
+ 
+@@ -1003,7 +997,6 @@ area_found:
+ 
+ 			spin_lock_irqsave(&pcpu_lock, flags);
+ 			if (ret) {
+-				mutex_unlock(&pcpu_alloc_mutex);
+ 				pcpu_free_area(chunk, off, &occ_pages);
+ 				err = "failed to populate";
+ 				goto fail_unlock;
+@@ -1043,6 +1036,8 @@ fail:
+ 		/* see the flag handling in pcpu_blance_workfn() */
+ 		pcpu_atomic_alloc_failed = true;
+ 		pcpu_schedule_balance_work();
++	} else {
++		mutex_unlock(&pcpu_alloc_mutex);
+ 	}
+ 	return NULL;
+ }
+@@ -1127,6 +1122,7 @@ static void pcpu_balance_workfn(struct work_struct *work)
+ 		if (chunk == list_first_entry(free_head, struct pcpu_chunk, list))
+ 			continue;
+ 
++		list_del_init(&chunk->map_extend_list);
+ 		list_move(&chunk->list, &to_free);
+ 	}
+ 
+@@ -1144,6 +1140,25 @@ static void pcpu_balance_workfn(struct work_struct *work)
+ 		pcpu_destroy_chunk(chunk);
+ 	}
+ 
++	/* service chunks which requested async area map extension */
++	do {
++		int new_alloc = 0;
++
++		spin_lock_irq(&pcpu_lock);
++
++		chunk = list_first_entry_or_null(&pcpu_map_extend_chunks,
++					struct pcpu_chunk, map_extend_list);
++		if (chunk) {
++			list_del_init(&chunk->map_extend_list);
++			new_alloc = pcpu_need_to_extend(chunk, false);
++		}
++
++		spin_unlock_irq(&pcpu_lock);
++
++		if (new_alloc)
++			pcpu_extend_area_map(chunk, new_alloc);
++	} while (chunk);
++
+ 	/*
+ 	 * Ensure there are certain number of free populated pages for
+ 	 * atomic allocs.  Fill up from the most packed so that atomic
+@@ -1642,7 +1657,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
+ 	 */
+ 	schunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
+ 	INIT_LIST_HEAD(&schunk->list);
+-	INIT_WORK(&schunk->map_extend_work, pcpu_map_extend_workfn);
++	INIT_LIST_HEAD(&schunk->map_extend_list);
+ 	schunk->base_addr = base_addr;
+ 	schunk->map = smap;
+ 	schunk->map_alloc = ARRAY_SIZE(smap);
+@@ -1671,7 +1686,7 @@ int __init pcpu_setup_first_chunk(const struct pcpu_alloc_info *ai,
+ 	if (dyn_size) {
+ 		dchunk = memblock_virt_alloc(pcpu_chunk_struct_size, 0);
+ 		INIT_LIST_HEAD(&dchunk->list);
+-		INIT_WORK(&dchunk->map_extend_work, pcpu_map_extend_workfn);
++		INIT_LIST_HEAD(&dchunk->map_extend_list);
+ 		dchunk->base_addr = base_addr;
+ 		dchunk->map = dmap;
+ 		dchunk->map_alloc = ARRAY_SIZE(dmap);
 diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c
 index 5d453e5..4043093 100644
 --- a/mm/process_vm_access.c
@@ -148966,7 +149555,7 @@ index 440e2a7..9091191 100644
  		return -ENOMEM;
  
 diff --git a/mm/slab.c b/mm/slab.c
-index 621fbcb..272a1f3 100644
+index 621fbcb..9bf872e 100644
 --- a/mm/slab.c
 +++ b/mm/slab.c
 @@ -116,6 +116,7 @@
@@ -149039,7 +149628,16 @@ index 621fbcb..272a1f3 100644
  
  		/*
  		 * Adjust the object sizes so that we clear
-@@ -3367,6 +3372,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+@@ -2123,6 +2128,8 @@ __kmem_cache_create (struct kmem_cache *cachep, unsigned long flags)
+ 		BUG_ON(flags & SLAB_POISON);
+ #endif
+ 
++	flags = pax_sanitize_slab_flags(flags);
++
+ 	/*
+ 	 * Check that size is in terms of words.  This is needed to avoid
+ 	 * unaligned accesses for some archs when redzoning is used, and makes
+@@ -3367,6 +3374,20 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
  	struct array_cache *ac = cpu_cache_get(cachep);
  
  	check_irq_off();
@@ -149060,7 +149658,7 @@ index 621fbcb..272a1f3 100644
  	kmemleak_free_recursive(objp, cachep->flags);
  	objp = cache_free_debugcheck(cachep, objp, caller);
  
-@@ -3492,7 +3511,7 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
+@@ -3492,7 +3513,7 @@ __do_kmalloc_node(size_t size, gfp_t flags, int node, unsigned long caller)
  	return kmem_cache_alloc_node_trace(cachep, flags, node, size);
  }
  
@@ -149069,7 +149667,7 @@ index 621fbcb..272a1f3 100644
  {
  	return __do_kmalloc_node(size, flags, node, _RET_IP_);
  }
-@@ -3512,7 +3531,7 @@ EXPORT_SYMBOL(__kmalloc_node_track_caller);
+@@ -3512,7 +3533,7 @@ EXPORT_SYMBOL(__kmalloc_node_track_caller);
   * @flags: the type of memory to allocate (see kmalloc).
   * @caller: function caller for debug tracking of the caller
   */
@@ -149078,7 +149676,7 @@ index 621fbcb..272a1f3 100644
  					  unsigned long caller)
  {
  	struct kmem_cache *cachep;
-@@ -3585,6 +3604,7 @@ void kfree(const void *objp)
+@@ -3585,6 +3606,7 @@ void kfree(const void *objp)
  
  	if (unlikely(ZERO_OR_NULL_PTR(objp)))
  		return;
@@ -149086,7 +149684,7 @@ index 621fbcb..272a1f3 100644
  	local_irq_save(flags);
  	kfree_debugcheck(objp);
  	c = virt_to_cache(objp);
-@@ -4004,14 +4024,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4004,14 +4026,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
  	}
  	/* cpu stats */
  	{
@@ -149113,7 +149711,7 @@ index 621fbcb..272a1f3 100644
  #endif
  }
  
-@@ -4219,13 +4247,80 @@ static const struct file_operations proc_slabstats_operations = {
+@@ -4219,13 +4249,80 @@ static const struct file_operations proc_slabstats_operations = {
  static int __init slab_proc_init(void)
  {
  #ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -149196,7 +149794,7 @@ index 621fbcb..272a1f3 100644
   * ksize - get the actual amount of memory allocated for a given object
   * @objp: Pointer to the object
 diff --git a/mm/slab.h b/mm/slab.h
-index 2eedace..cd94091 100644
+index 2eedace..7de6f9b 100644
 --- a/mm/slab.h
 +++ b/mm/slab.h
 @@ -22,7 +22,7 @@ struct kmem_cache {
@@ -149208,7 +149806,7 @@ index 2eedace..cd94091 100644
  	void (*ctor)(void *);	/* Called on object slot creation */
  	struct list_head list;	/* List of all slab caches on the system */
  };
-@@ -66,6 +66,20 @@ extern struct list_head slab_caches;
+@@ -66,6 +66,35 @@ extern struct list_head slab_caches;
  /* The slab cache that manages slab cache information */
  extern struct kmem_cache *kmem_cache;
  
@@ -149223,13 +149821,28 @@ index 2eedace..cd94091 100644
 +	PAX_SANITIZE_SLAB_FAST,
 +	PAX_SANITIZE_SLAB_FULL,
 +};
++
 +extern enum pax_sanitize_mode pax_sanitize_slab;
++
++static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
++{
++	if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
++		flags |= SLAB_NO_SANITIZE;
++	else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
++		flags &= ~SLAB_NO_SANITIZE;
++	return flags;
++}
++#else
++static inline unsigned long pax_sanitize_slab_flags(unsigned long flags)
++{
++	return flags;
++}
 +#endif
 +
  unsigned long calculate_alignment(unsigned long flags,
  		unsigned long align, unsigned long size);
  
-@@ -115,7 +129,8 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
+@@ -115,7 +144,8 @@ static inline unsigned long kmem_cache_flags(unsigned long object_size,
  
  /* Legal flag mask for kmem_cache_create(), for various configurations */
  #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
@@ -149239,7 +149852,7 @@ index 2eedace..cd94091 100644
  
  #if defined(CONFIG_DEBUG_SLAB)
  #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
-@@ -311,6 +326,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -311,6 +341,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
  		return s;
  
  	page = virt_to_head_page(x);
@@ -149250,7 +149863,7 @@ index 2eedace..cd94091 100644
  	if (slab_equal_or_root(cachep, s))
  		return cachep;
 diff --git a/mm/slab_common.c b/mm/slab_common.c
-index 065b7bd..3c2c410 100644
+index 065b7bd..185af36 100644
 --- a/mm/slab_common.c
 +++ b/mm/slab_common.c
 @@ -25,11 +25,35 @@
@@ -149317,21 +149930,7 @@ index 065b7bd..3c2c410 100644
  	list_add(&s->list, &slab_caches);
  out:
  	if (err)
-@@ -408,6 +432,13 @@ kmem_cache_create(const char *name, size_t size, size_t align,
- 	 */
- 	flags &= CACHE_CREATE_MASK;
- 
-+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+	if (pax_sanitize_slab == PAX_SANITIZE_SLAB_OFF || (flags & SLAB_DESTROY_BY_RCU))
-+		flags |= SLAB_NO_SANITIZE;
-+	else if (pax_sanitize_slab == PAX_SANITIZE_SLAB_FULL)
-+		flags &= ~SLAB_NO_SANITIZE;
-+#endif
-+
- 	s = __kmem_cache_alias(name, size, align, flags, ctor);
- 	if (s)
- 		goto out_unlock;
-@@ -469,7 +500,7 @@ static void release_caches(struct list_head *release, bool need_rcu_barrier)
+@@ -469,7 +493,7 @@ static void release_caches(struct list_head *release, bool need_rcu_barrier)
  		rcu_barrier();
  
  	list_for_each_entry_safe(s, s2, release, list) {
@@ -149340,7 +149939,7 @@ index 065b7bd..3c2c410 100644
  		sysfs_slab_remove(s);
  #else
  		slab_kmem_cache_release(s);
-@@ -713,8 +744,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -713,8 +737,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
  
  	mutex_lock(&slab_mutex);
  
@@ -149350,7 +149949,7 @@ index 065b7bd..3c2c410 100644
  		goto out_unlock;
  
  	err = shutdown_memcg_caches(s, &release, &need_rcu_barrier);
-@@ -780,7 +810,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+@@ -780,7 +803,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
  		panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
  					name, size, err);
  
@@ -149359,7 +149958,7 @@ index 065b7bd..3c2c410 100644
  }
  
  struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
-@@ -793,7 +823,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -793,7 +816,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
  
  	create_boot_cache(s, name, size, flags);
  	list_add(&s->list, &slab_caches);
@@ -149368,7 +149967,7 @@ index 065b7bd..3c2c410 100644
  	return s;
  }
  
-@@ -805,6 +835,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+@@ -805,6 +828,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
  EXPORT_SYMBOL(kmalloc_dma_caches);
  #endif
  
@@ -149380,7 +149979,7 @@ index 065b7bd..3c2c410 100644
  /*
   * Conversion table for small slabs sizes / 8 to the index in the
   * kmalloc array. This is necessary for slabs < 192 since we have non power
-@@ -869,6 +904,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+@@ -869,6 +897,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
  		return kmalloc_dma_caches[index];
  
  #endif
@@ -149394,7 +149993,7 @@ index 065b7bd..3c2c410 100644
  	return kmalloc_caches[index];
  }
  
-@@ -961,7 +1003,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -961,7 +996,7 @@ void __init create_kmalloc_caches(unsigned long flags)
  
  	for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
  		if (!kmalloc_caches[i])
@@ -149403,7 +150002,7 @@ index 065b7bd..3c2c410 100644
  
  		/*
  		 * Caches that are not of the two-to-the-power-of size.
-@@ -969,9 +1011,9 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -969,9 +1004,9 @@ void __init create_kmalloc_caches(unsigned long flags)
  		 * earlier power of two caches
  		 */
  		if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
@@ -149415,7 +150014,7 @@ index 065b7bd..3c2c410 100644
  	}
  
  	/* Kmalloc array is now usable */
-@@ -992,6 +1034,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+@@ -992,6 +1027,23 @@ void __init create_kmalloc_caches(unsigned long flags)
  		}
  	}
  #endif
@@ -149439,7 +150038,7 @@ index 065b7bd..3c2c410 100644
  }
  #endif /* !CONFIG_SLOB */
  
-@@ -1051,6 +1110,9 @@ static void print_slabinfo_header(struct seq_file *m)
+@@ -1051,6 +1103,9 @@ static void print_slabinfo_header(struct seq_file *m)
  	seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
  		 "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
  	seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
@@ -149449,7 +150048,7 @@ index 065b7bd..3c2c410 100644
  #endif
  	seq_putc(m, '\n');
  }
-@@ -1180,7 +1242,7 @@ static int __init slab_proc_init(void)
+@@ -1180,7 +1235,7 @@ static int __init slab_proc_init(void)
  module_init(slab_proc_init);
  #endif /* CONFIG_SLABINFO */
  
@@ -149459,7 +150058,7 @@ index 065b7bd..3c2c410 100644
  {
  	void *ret;
 diff --git a/mm/slob.c b/mm/slob.c
-index 5ec1580..017a002 100644
+index 5ec1580..93f3beb 100644
 --- a/mm/slob.c
 +++ b/mm/slob.c
 @@ -67,6 +67,7 @@
@@ -149641,7 +150240,7 @@ index 5ec1580..017a002 100644
  {
  	return __do_kmalloc_node(size, gfp, NUMA_NO_NODE, _RET_IP_);
  }
-@@ -491,34 +516,123 @@ void kfree(const void *block)
+@@ -491,39 +516,130 @@ void kfree(const void *block)
  		return;
  	kmemleak_free(block);
  
@@ -149774,7 +150373,14 @@ index 5ec1580..017a002 100644
  }
  EXPORT_SYMBOL(ksize);
  
-@@ -534,23 +648,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+ {
++	flags = pax_sanitize_slab_flags(flags);
++
+ 	if (flags & SLAB_DESTROY_BY_RCU) {
+ 		/* leave room for rcu footer at the end of object */
+ 		c->size += sizeof(struct slob_rcu);
+@@ -534,23 +650,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
  
  static void *slob_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
  {
@@ -149810,7 +150416,7 @@ index 5ec1580..017a002 100644
  
  	if (b && c->ctor)
  		c->ctor(b);
-@@ -566,7 +690,7 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
+@@ -566,7 +692,7 @@ void *kmem_cache_alloc(struct kmem_cache *cachep, gfp_t flags)
  EXPORT_SYMBOL(kmem_cache_alloc);
  
  #ifdef CONFIG_NUMA
@@ -149819,7 +150425,7 @@ index 5ec1580..017a002 100644
  {
  	return __do_kmalloc_node(size, gfp, node, _RET_IP_);
  }
-@@ -579,12 +703,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
+@@ -579,12 +705,16 @@ void *kmem_cache_alloc_node(struct kmem_cache *cachep, gfp_t gfp, int node)
  EXPORT_SYMBOL(kmem_cache_alloc_node);
  #endif
  
@@ -149840,7 +150446,7 @@ index 5ec1580..017a002 100644
  }
  
  static void kmem_rcu_free(struct rcu_head *head)
-@@ -592,22 +720,36 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -592,22 +722,36 @@ static void kmem_rcu_free(struct rcu_head *head)
  	struct slob_rcu *slob_rcu = (struct slob_rcu *)head;
  	void *b = (void *)slob_rcu - (slob_rcu->size - sizeof(struct slob_rcu));
  
@@ -149882,7 +150488,7 @@ index 5ec1580..017a002 100644
  EXPORT_SYMBOL(kmem_cache_free);
  
 diff --git a/mm/slub.c b/mm/slub.c
-index 2a722e1..1e5e2f8 100644
+index 2a722e1..af44068 100644
 --- a/mm/slub.c
 +++ b/mm/slub.c
 @@ -34,6 +34,7 @@
@@ -149911,16 +150517,17 @@ index 2a722e1..1e5e2f8 100644
  	       s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
  #ifdef CONFIG_STACKTRACE
  	{
-@@ -2767,6 +2768,21 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
+@@ -2767,6 +2768,22 @@ static __always_inline void slab_free(struct kmem_cache *s, struct page *page,
  
  	slab_free_freelist_hook(s, head, tail);
  
 +#ifdef CONFIG_PAX_MEMORY_SANITIZE
 +	if (!(s->flags & SLAB_NO_SANITIZE)) {
++		int offset = s->offset ? 0 : sizeof(void *);
 +		void *x = head;
 +
 +		while (1) {
-+			memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
++			memset(x + offset, PAX_MEMORY_SANITIZE_VALUE, s->object_size - offset);
 +			if (s->ctor)
 +				s->ctor(x);
 +			if (x == tail_obj)
@@ -149933,17 +150540,7 @@ index 2a722e1..1e5e2f8 100644
  redo:
  	/*
  	 * Determine the currently cpus per cpu slab.
-@@ -3264,6 +3280,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
- 	s->inuse = size;
- 
- 	if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
-+#ifdef CONFIG_PAX_MEMORY_SANITIZE
-+		(!(flags & SLAB_NO_SANITIZE)) ||
-+#endif
- 		s->ctor)) {
- 		/*
- 		 * Relocate free pointer after the object if it is not
-@@ -3514,7 +3533,7 @@ static int __init setup_slub_min_objects(char *str)
+@@ -3514,7 +3531,7 @@ static int __init setup_slub_min_objects(char *str)
  
  __setup("slub_min_objects=", setup_slub_min_objects);
  
@@ -149952,7 +150549,7 @@ index 2a722e1..1e5e2f8 100644
  {
  	struct kmem_cache *s;
  	void *ret;
-@@ -3552,7 +3571,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
+@@ -3552,7 +3569,7 @@ static void *kmalloc_large_node(size_t size, gfp_t flags, int node)
  	return ptr;
  }
  
@@ -149961,7 +150558,7 @@ index 2a722e1..1e5e2f8 100644
  {
  	struct kmem_cache *s;
  	void *ret;
-@@ -3600,6 +3619,70 @@ static size_t __ksize(const void *object)
+@@ -3600,6 +3617,70 @@ static size_t __ksize(const void *object)
  	return slab_ksize(page->slab_cache);
  }
  
@@ -150032,7 +150629,7 @@ index 2a722e1..1e5e2f8 100644
  size_t ksize(const void *object)
  {
  	size_t size = __ksize(object);
-@@ -3620,6 +3703,7 @@ void kfree(const void *x)
+@@ -3620,6 +3701,7 @@ void kfree(const void *x)
  	if (unlikely(ZERO_OR_NULL_PTR(x)))
  		return;
  
@@ -150040,7 +150637,7 @@ index 2a722e1..1e5e2f8 100644
  	page = virt_to_head_page(x);
  	if (unlikely(!PageSlab(page))) {
  		BUG_ON(!PageCompound(page));
-@@ -3937,7 +4021,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -3937,7 +4019,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
  
  	s = find_mergeable(size, align, flags, name, ctor);
  	if (s) {
@@ -150049,7 +150646,7 @@ index 2a722e1..1e5e2f8 100644
  
  		/*
  		 * Adjust the object sizes so that we clear
-@@ -3953,7 +4037,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
+@@ -3953,7 +4035,7 @@ __kmem_cache_alias(const char *name, size_t size, size_t align,
  		}
  
  		if (sysfs_slab_alias(s, name)) {
@@ -150058,6 +150655,15 @@ index 2a722e1..1e5e2f8 100644
  			s = NULL;
  		}
  	}
+@@ -3965,6 +4047,8 @@ int __kmem_cache_create(struct kmem_cache *s, unsigned long flags)
+ {
+ 	int err;
+ 
++	flags = pax_sanitize_slab_flags(flags);
++
+ 	err = kmem_cache_open(s, flags);
+ 	if (err)
+ 		return err;
 @@ -4070,7 +4154,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
  }
  #endif
@@ -165468,12 +166074,13 @@ index 0000000..e31e92f
 +}
 diff --git a/scripts/gcc-plugins/latent_entropy_plugin.c b/scripts/gcc-plugins/latent_entropy_plugin.c
 new file mode 100644
-index 0000000..f08a221
+index 0000000..be3978c
 --- /dev/null
 +++ b/scripts/gcc-plugins/latent_entropy_plugin.c
-@@ -0,0 +1,438 @@
+@@ -0,0 +1,613 @@
 +/*
 + * Copyright 2012-2016 by the PaX Team <pageexec@freemail.hu>
++ * Copyright 2016 by Emese Revfy <re.emese@gmail.com>
 + * Licensed under the GPL v2
 + *
 + * Note: the choice of the license means that the compilation process is
@@ -165481,32 +166088,89 @@ index 0000000..f08a221
 + *       but for the kernel it doesn't matter since it doesn't link against
 + *       any of the gcc libraries
 + *
-+ * gcc plugin to help generate a little bit of entropy from program state,
-+ * used throughout the uptime of the kernel
++ * This gcc plugin helps generate a little bit of entropy from program state,
++ * used throughout the uptime of the kernel. Here is an instrumentation example:
++ *
++ * before:
++ * void __latent_entropy test(int argc, char *argv[])
++ * {
++ *	printf("%u %s\n", argc, *argv);
++ * }
++ *
++ * after:
++ * void __latent_entropy test(int argc, char *argv[])
++ * {
++ *	// latent_entropy_execute() 1.
++ *	unsigned long local_entropy;
++ *	// init_local_entropy() 1.
++ *	void *local_entropy_frame_addr;
++ *	// init_local_entropy() 3.
++ *	unsigned long temp_latent_entropy;
++ *
++ *	// init_local_entropy() 2.
++ *	local_entropy_frame_addr = __builtin_frame_address(0);
++ *	local_entropy = (unsigned long) local_entropy_frame_addr;
++ *
++ *	// init_local_entropy() 4.
++ *	temp_latent_entropy = latent_entropy;
++ *	// init_local_entropy() 5.
++ *	local_entropy ^= temp_latent_entropy;
++ *
++ *	// latent_entropy_execute() 3.
++ *	local_entropy += 4623067384293424948;
++ *
++ *	printf("%u %s\n", argc, *argv);
++ *
++ *	// latent_entropy_execute() 4.
++ *	temp_latent_entropy = rol(temp_latent_entropy, local_entropy);
++ *	latent_entropy = temp_latent_entropy;
++ * }
++ *
++ * It would look like this in C:
++ *
++ * unsigned long local_entropy = latent_entropy;
++ * local_entropy ^= 1234567890;
++ * local_entropy ^= (unsigned long)__builtin_frame_address(0);
++ * local_entropy += 9876543210;
++ * latent_entropy = rol(local_entropy, 6);
 + *
 + * TODO:
 + * - add ipa pass to identify not explicitly marked candidate functions
-+ * - mix in more program state (function arguments/return values, loop variables, etc)
++ * - mix in more program state (function arguments/return values,
++ *   loop variables, etc)
 + * - more instrumentation control via attribute parameters
 + *
 + * BUGS:
 + * - none known
++ *
++ * Options:
++ * -fplugin-arg-latent_entropy_plugin-disable
++ *
++ * Attribute: __attribute__((latent_entropy))
++ *  The latent_entropy gcc attribute can be only on functions and variables.
++ *  If it is on a function then the plugin will instrument it. If the attribute
++ *  is on a variable then the plugin will initialize it with a random value.
++ *  The variable must be an integer, an integer array type or a structure
++ *  with integer fields.
 + */
 +
 +#include "gcc-common.h"
 +
 +int plugin_is_GPL_compatible;
 +
-+static bool enabled = true;
-+
 +static GTY(()) tree latent_entropy_decl;
 +
 +static struct plugin_info latent_entropy_plugin_info = {
-+	.version	= "201605212030",
++	.version	= "201606141920",
 +	.help		= "disable\tturn off latent entropy instrumentation\n",
 +};
 +
 +static unsigned HOST_WIDE_INT seed;
++/*
++ * get_random_seed() (this is a GCC function) generates the seed.
++ * This is a simple random generator without any cryptographic security because
++ * the entropy doesn't come from here.
++ */
 +static unsigned HOST_WIDE_INT get_random_const(void)
 +{
 +	unsigned int i;
@@ -165522,10 +166186,21 @@ index 0000000..f08a221
 +	return ret;
 +}
 +
-+static tree handle_latent_entropy_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs)
++static tree tree_get_random_const(tree type)
 +{
-+	tree type;
 +	unsigned long long mask;
++
++	mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
++	mask = 2 * (mask - 1) + 1;
++
++	if (TYPE_UNSIGNED(type))
++		return build_int_cstu(type, mask & get_random_const());
++	return build_int_cst(type, mask & get_random_const());
++}
++
++static tree handle_latent_entropy_attribute(tree *node, tree name, tree args __unused, int flags __unused, bool *no_add_attrs)
++{
++	tree type;
 +#if BUILDING_GCC_VERSION <= 4007
 +	VEC(constructor_elt, gc) *vals;
 +#else
@@ -165555,8 +166230,9 @@ index 0000000..f08a221
 +		switch (TREE_CODE(type)) {
 +		default:
 +			*no_add_attrs = true;
-+			error("variable %qD with %qE attribute must be an integer or a fixed length integer array type"
-+				"or a fixed sized structure with integer fields", *node, name);
++			error("variable %qD with %qE attribute must be an integer"
++				" or a fixed length integer array type"
++				" or a fixed sized structure with integer fields", *node, name);
 +			break;
 +
 +		case RECORD_TYPE: {
@@ -165567,11 +166243,13 @@ index 0000000..f08a221
 +				tree fieldtype;
 +
 +				fieldtype = TREE_TYPE(field);
-+				if (TREE_CODE(fieldtype) != INTEGER_TYPE) {
-+					*no_add_attrs = true;
-+					error("structure variable %qD with %qE attribute has a non-integer field %qE", *node, name, field);
-+					break;
-+				}
++				if (TREE_CODE(fieldtype) == INTEGER_TYPE)
++					continue;
++
++				*no_add_attrs = true;
++				error("structure variable %qD with %qE attribute has"
++					" a non-integer field %qE", *node, name, field);
++				break;
 +			}
 +
 +			if (field)
@@ -165584,31 +166262,21 @@ index 0000000..f08a221
 +#endif
 +
 +			for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) {
-+				tree fieldtype;
-+
-+				fieldtype = TREE_TYPE(field);
-+				mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(fieldtype)) - 1);
-+				mask = 2 * (mask - 1) + 1;
++				tree random_const;
 +
-+				if (TYPE_UNSIGNED(fieldtype))
-+					CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cstu(fieldtype, mask & get_random_const()));
-+				else
-+					CONSTRUCTOR_APPEND_ELT(vals, field, build_int_cst(fieldtype, mask & get_random_const()));
++				random_const = tree_get_random_const(TREE_TYPE(field));
++				CONSTRUCTOR_APPEND_ELT(vals, field, random_const);
 +			}
 +
++			/* Initialize the fields with random constants */
 +			DECL_INITIAL(*node) = build_constructor(type, vals);
 +//debug_tree(DECL_INITIAL(*node));
 +			break;
 +		}
 +
++		/* Initialize the variable with a random constant */
 +		case INTEGER_TYPE:
-+			mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(type)) - 1);
-+			mask = 2 * (mask - 1) + 1;
-+
-+			if (TYPE_UNSIGNED(type))
-+				DECL_INITIAL(*node) = build_int_cstu(type, mask & get_random_const());
-+			else
-+				DECL_INITIAL(*node) = build_int_cst(type, mask & get_random_const());
++			DECL_INITIAL(*node) = tree_get_random_const(type);
 +			break;
 +
 +		case ARRAY_TYPE: {
@@ -165621,7 +166289,8 @@ index 0000000..f08a221
 +
 +			if (TREE_CODE(elt_type) != INTEGER_TYPE || !array_size || TREE_CODE(array_size) != INTEGER_CST) {
 +				*no_add_attrs = true;
-+				error("array variable %qD with %qE attribute must be a fixed length integer array type", *node, name);
++				error("array variable %qD with %qE attribute must be"
++					" a fixed length integer array type", *node, name);
 +				break;
 +			}
 +
@@ -165632,15 +166301,13 @@ index 0000000..f08a221
 +			vec_alloc(vals, nelt);
 +#endif
 +
-+			mask = 1ULL << (TREE_INT_CST_LOW(TYPE_SIZE(elt_type)) - 1);
-+			mask = 2 * (mask - 1) + 1;
++			for (i = 0; i < nelt; i++) {
++				tree random_const = tree_get_random_const(elt_type);
 +
-+			for (i = 0; i < nelt; i++)
-+				if (TYPE_UNSIGNED(elt_type))
-+					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cstu(elt_type, mask & get_random_const()));
-+				else
-+					CONSTRUCTOR_APPEND_ELT(vals, size_int(i), build_int_cst(elt_type, mask & get_random_const()));
++				CONSTRUCTOR_APPEND_ELT(vals, size_int(i), random_const);
++			}
 +
++			/* Initialize the elements of the array with random constants */
 +			DECL_INITIAL(*node) = build_constructor(type, vals);
 +//debug_tree(DECL_INITIAL(*node));
 +			break;
@@ -165668,7 +166335,7 @@ index 0000000..f08a221
 +#endif
 +};
 +
-+static void register_attributes(void *event_data, void *data)
++static void register_attributes(void *event_data __unused, void *data __unused)
 +{
 +	register_attribute(&latent_entropy_attr);
 +}
@@ -165686,6 +166353,28 @@ index 0000000..f08a221
 +	return lookup_attribute("latent_entropy", DECL_ATTRIBUTES(current_function_decl)) != NULL_TREE;
 +}
 +
++static tree create_a_tmp_var(tree type, const char *name)
++{
++	tree var;
++
++	var = create_tmp_var(type, name);
++	add_referenced_var(var);
++	mark_sym_for_renaming(var);
++	return var;
++}
++
++/*
++ * Set up the next operation and its constant operand to use in the latent
++ * entropy PRNG. When RHS is specified, the request is for perturbing the
++ * local latent entropy variable, otherwise it is for perturbing the global
++ * latent entropy variable where the two operands are already given by the
++ * local and global latent entropy variables themselves.
++ *
++ * The operation is one of add/xor/rol when instrumenting the local entropy
++ * variable and one of add/xor when perturbing the global entropy variable.
++ * Rotation is not used for the latter case because it would transmit less
++ * entropy to the global variable than the other two operations.
++ */
 +static enum tree_code get_op(tree *rhs)
 +{
 +	static enum tree_code op;
@@ -165701,6 +166390,10 @@ index 0000000..f08a221
 +	case PLUS_EXPR:
 +		if (rhs) {
 +			op = LROTATE_EXPR;
++			/*
++			 * This code limits the value of random_const to
++			 * the size of a wide int for the rotation
++			 */
 +			random_const &= HOST_BITS_PER_WIDE_INT - 1;
 +			break;
 +		}
@@ -165719,85 +166412,174 @@ index 0000000..f08a221
 +{
 +	gimple_stmt_iterator gsi;
 +	gimple assign;
-+	tree addxorrol, rhs;
++	tree rhs;
 +	enum tree_code op;
 +
 +	op = get_op(&rhs);
-+	addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs);
-+	assign = gimple_build_assign(local_entropy, addxorrol);
++	assign = gimple_build_assign_with_ops(op, local_entropy, local_entropy, rhs);
 +	gsi = gsi_after_labels(bb);
 +	gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
 +	update_stmt(assign);
 +//debug_bb(bb);
 +}
 +
-+static void perturb_latent_entropy(basic_block bb, tree rhs)
++static void __perturb_latent_entropy(gimple_stmt_iterator *gsi, tree local_entropy)
 +{
-+	gimple_stmt_iterator gsi;
 +	gimple assign;
-+	tree addxorrol, temp;
++	tree temp;
++	enum tree_code op;
 +
 +	/* 1. create temporary copy of latent_entropy */
-+	temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
-+	add_referenced_var(temp);
++	temp = create_a_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
 +
 +	/* 2. read... */
-+	temp = make_ssa_name(temp, NULL);
-+	assign = gimple_build_assign(temp, latent_entropy_decl);
-+	SSA_NAME_DEF_STMT(temp) = assign;
 +	add_referenced_var(latent_entropy_decl);
-+	gsi = gsi_after_labels(bb);
-+	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++	mark_sym_for_renaming(latent_entropy_decl);
++	assign = gimple_build_assign(temp, latent_entropy_decl);
++	gsi_insert_before(gsi, assign, GSI_NEW_STMT);
 +	update_stmt(assign);
 +
 +	/* 3. ...modify... */
-+	addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs);
-+	temp = make_ssa_name(SSA_NAME_VAR(temp), NULL);
-+	assign = gimple_build_assign(temp, addxorrol);
-+	SSA_NAME_DEF_STMT(temp) = assign;
-+	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++	op = get_op(NULL);
++	assign = gimple_build_assign_with_ops(op, temp, temp, local_entropy);
++	gsi_insert_after(gsi, assign, GSI_NEW_STMT);
 +	update_stmt(assign);
 +
 +	/* 4. ...write latent_entropy */
 +	assign = gimple_build_assign(latent_entropy_decl, temp);
++	gsi_insert_after(gsi, assign, GSI_NEW_STMT);
++	update_stmt(assign);
++}
++
++static bool handle_tail_calls(basic_block bb, tree local_entropy)
++{
++	gimple_stmt_iterator gsi;
++
++	for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
++		gcall *call;
++		gimple stmt = gsi_stmt(gsi);
++
++		if (!is_gimple_call(stmt))
++			continue;
++
++		call = as_a_gcall(stmt);
++		if (!gimple_call_tail_p(call))
++			continue;
++
++		__perturb_latent_entropy(&gsi, local_entropy);
++		return true;
++	}
++
++	return false;
++}
++
++static void perturb_latent_entropy(tree local_entropy)
++{
++	edge_iterator ei;
++	edge e, last_bb_e;
++	basic_block last_bb;
++
++	gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++	last_bb_e = single_pred_edge(EXIT_BLOCK_PTR_FOR_FN(cfun));
++
++	FOR_EACH_EDGE(e, ei, last_bb_e->src->preds) {
++		if (ENTRY_BLOCK_PTR_FOR_FN(cfun) == e->src)
++			continue;
++		if (EXIT_BLOCK_PTR_FOR_FN(cfun) == e->src)
++			continue;
++
++		handle_tail_calls(e->src, local_entropy);
++	}
++
++	last_bb = single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun));
++	if (!handle_tail_calls(last_bb, local_entropy)) {
++		gimple_stmt_iterator gsi = gsi_last_bb(last_bb);
++
++		__perturb_latent_entropy(&gsi, local_entropy);
++	}
++//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++}
++
++static void init_local_entropy(basic_block bb, tree local_entropy)
++{
++	gimple assign, call;
++	tree frame_addr, rand_const, temp, fndecl, udi_frame_addr;
++	enum tree_code op;
++	gimple_stmt_iterator gsi = gsi_after_labels(bb);
++
++	/* 1. create local_entropy_frame_addr */
++	frame_addr = create_a_tmp_var(ptr_type_node, "local_entropy_frame_addr");
++
++	/* 2. local_entropy_frame_addr = __builtin_frame_address() */
++	fndecl = builtin_decl_implicit(BUILT_IN_FRAME_ADDRESS);
++	call = gimple_build_call(fndecl, 1, integer_zero_node);
++	gimple_call_set_lhs(call, frame_addr);
++	gsi_insert_before(&gsi, call, GSI_NEW_STMT);
++	update_stmt(call);
++
++	udi_frame_addr = fold_convert(unsigned_intDI_type_node, frame_addr);
++	assign = gimple_build_assign(local_entropy, udi_frame_addr);
++	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++	update_stmt(assign);
++
++	/* 3. create temporary copy of latent_entropy */
++	temp = create_a_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy");
++
++	/* 4. read the global entropy variable into local entropy */
++	add_referenced_var(latent_entropy_decl);
++	mark_sym_for_renaming(latent_entropy_decl);
++	assign = gimple_build_assign(temp, latent_entropy_decl);
++	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++	update_stmt(assign);
++
++	/* 5. mix local_entropy_frame_addr into local entropy */
++	assign = gimple_build_assign_with_ops(BIT_XOR_EXPR, local_entropy, local_entropy, temp);
++	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
++	update_stmt(assign);
++
++	rand_const = build_int_cstu(unsigned_intDI_type_node, get_random_const());
++	op = get_op(NULL);
++	assign = gimple_build_assign_with_ops(op, local_entropy, local_entropy, rand_const);
 +	gsi_insert_after(&gsi, assign, GSI_NEW_STMT);
 +	update_stmt(assign);
++//debug_bb(bb);
++}
++
++static bool create_latent_entropy_decl(void)
++{
++	varpool_node_ptr node;
++
++	if (latent_entropy_decl != NULL_TREE)
++		return true;
++
++	FOR_EACH_VARIABLE(node) {
++		tree var = NODE_DECL(node);
++
++		if (DECL_NAME_LENGTH(var) < sizeof("latent_entropy") - 1)
++			continue;
++		if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy"))
++			continue;
++
++		latent_entropy_decl = var;
++//		debug_tree(var);
++		break;
++	}
++
++	return latent_entropy_decl != NULL_TREE;
 +}
 +
 +static unsigned int latent_entropy_execute(void)
 +{
 +	basic_block bb;
-+	gimple assign;
-+	gimple_stmt_iterator gsi;
 +	tree local_entropy;
 +
-+	if (!latent_entropy_decl) {
-+		varpool_node_ptr node;
-+
-+		FOR_EACH_VARIABLE(node) {
-+			tree var = NODE_DECL(node);
-+
-+			if (DECL_NAME_LENGTH(var) < sizeof("latent_entropy") - 1)
-+				continue;
-+			if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy"))
-+				continue;
-+			latent_entropy_decl = var;
-+//			debug_tree(var);
-+			break;
-+		}
-+		if (!latent_entropy_decl) {
-+//			debug_tree(current_function_decl);
-+			return 0;
-+		}
++	if (!create_latent_entropy_decl()) {
++//		debug_tree(current_function_decl);
++		return 0;
 +	}
 +
 +//fprintf(stderr, "latent_entropy: %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
 +
-+	/* 1. create local entropy variable */
-+	local_entropy = create_tmp_var(unsigned_intDI_type_node, "local_entropy");
-+	add_referenced_var(local_entropy);
-+	mark_sym_for_renaming(local_entropy);
-+
 +	/* 2. initialize local entropy variable */
 +	gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
 +	bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
@@ -165807,13 +166589,13 @@ index 0000000..f08a221
 +		gcc_assert(single_succ_p(ENTRY_BLOCK_PTR_FOR_FN(cfun)));
 +		bb = single_succ(ENTRY_BLOCK_PTR_FOR_FN(cfun));
 +	}
-+	gsi = gsi_after_labels(bb);
 +
-+	assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const()));
-+//	gimple_set_location(assign, loc);
-+	gsi_insert_before(&gsi, assign, GSI_NEW_STMT);
-+	update_stmt(assign);
-+//debug_bb(bb);
++	/* 1. create the local entropy variable */
++	local_entropy = create_a_tmp_var(unsigned_intDI_type_node, "local_entropy");
++
++	/* 2. initialize the local entropy variable */
++	init_local_entropy(bb, local_entropy);
++
 +	bb = bb->next_bb;
 +
 +	/* 3. instrument each BB with an operation on the local entropy variable */
@@ -165824,13 +166606,11 @@ index 0000000..f08a221
 +	};
 +
 +	/* 4. mix local entropy into the global entropy variable */
-+	gcc_assert(single_pred_p(EXIT_BLOCK_PTR_FOR_FN(cfun)));
-+	perturb_latent_entropy(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)), local_entropy);
-+//debug_bb(single_pred(EXIT_BLOCK_PTR_FOR_FN(cfun)));
++	perturb_latent_entropy(local_entropy);
 +	return 0;
 +}
 +
-+static void latent_entropy_start_unit(void *gcc_data, void *user_data)
++static void latent_entropy_start_unit(void *gcc_data __unused, void *user_data __unused)
 +{
 +	tree latent_entropy_type;
 +
@@ -165865,6 +166645,7 @@ index 0000000..f08a221
 +
 +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version)
 +{
++	bool enabled = true;
 +	const char * const plugin_name = plugin_info->base_name;
 +	const int argc = plugin_info->argc;
 +	const struct plugin_argument * const argv = plugin_info->argv;
@@ -168186,10 +168967,10 @@ index 0000000..f74d85a
 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
 new file mode 100644
-index 0000000..2a420f3
+index 0000000..e0a04a1
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
-@@ -0,0 +1,12444 @@
+@@ -0,0 +1,12445 @@
 +disable_so_interrupt_pnode_gru_message_queue_desc_4 interrupt_pnode gru_message_queue_desc 0 4 NULL
 +disable_so_bch_btree_insert_fndecl_12 bch_btree_insert fndecl 0 12 NULL
 +disable_so_macvlan_sync_address_fndecl_22 macvlan_sync_address fndecl 0 22 NULL nohasharray
@@ -180634,6 +181415,7 @@ index 0000000..2a420f3
 +enable_so_inofree_iagctl_5194 inofree iagctl 0 5194 NULL
 +enable_so_inofreefwd_iag_4921 inofreefwd iag 0 4921 NULL
 +enable_so_iagnum_iag_23227 iagnum iag 0 23227 NULL
++enable_so_offset_lv_35617 offset lv 0 35617 NULL
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh b/scripts/gcc-plugins/size_overflow_plugin/generate_size_overflow_hash.sh
 new file mode 100644
 index 0000000..be9724d
@@ -180745,13 +181527,13 @@ index 0000000..be9724d
 +exit 0
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
 new file mode 100644
-index 0000000..ee987da
+index 0000000..cef2817
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/insert_size_overflow_asm.c
 @@ -0,0 +1,369 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -181120,13 +181902,13 @@ index 0000000..ee987da
 +#include "gcc-generate-gimple-pass.h"
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
 new file mode 100644
-index 0000000..f29aac6
+index 0000000..c40bc7c
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/intentional_overflow.c
 @@ -0,0 +1,1166 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182292,13 +183074,13 @@ index 0000000..f29aac6
 +}
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
 new file mode 100644
-index 0000000..c910983
+index 0000000..5ea5f35
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/remove_unnecessary_dup.c
 @@ -0,0 +1,137 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182772,13 +183554,13 @@ index 0000000..4bd2e7f
 +#endif
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
 new file mode 100644
-index 0000000..4098952
+index 0000000..00c7430
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_debug.c
 @@ -0,0 +1,194 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -182972,10 +183754,10 @@ index 0000000..4098952
 +}
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
 new file mode 100644
-index 0000000..cbb8a80
+index 0000000..4ed1988
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash.data
-@@ -0,0 +1,21645 @@
+@@ -0,0 +1,21644 @@
 +enable_so_recv_ctrl_pipe_us_data_0 recv_ctrl_pipe us_data 0 0 NULL
 +enable_so___earlyonly_bootmem_alloc_fndecl_3 __earlyonly_bootmem_alloc fndecl 2-3-4 3 NULL
 +enable_so_v9fs_xattr_get_acl_fndecl_4 v9fs_xattr_get_acl fndecl 5 4 NULL
@@ -194807,7 +195589,6 @@ index 0000000..cbb8a80
 +enable_so_blocksize_brcmf_sdio_35612 blocksize brcmf_sdio 0 35612 NULL
 +enable_so_sqp_demux_mlx4_caps_35613 sqp_demux mlx4_caps 0 35613 NULL nohasharray
 +enable_so_maxcontacts_mt_device_35613 maxcontacts mt_device 0 35613 &enable_so_sqp_demux_mlx4_caps_35613
-+enable_so_offset_lv_35617 offset lv 0 35617 NULL
 +enable_so_generic_perform_write_fndecl_35619 generic_perform_write fndecl 0-3 35619 NULL nohasharray
 +enable_so_ext4_update_final_de_fndecl_35619 ext4_update_final_de fndecl 2-3 35619 &enable_so_generic_perform_write_fndecl_35619 nohasharray
 +enable_so_count_fm10k_ring_35619 count fm10k_ring 0 35619 &enable_so_ext4_update_final_de_fndecl_35619
@@ -204623,13 +205404,14 @@ index 0000000..cbb8a80
 +enable_so_connector_write_fndecl_65534 connector_write fndecl 3 65534 NULL
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
 new file mode 100644
-index 0000000..17bc0d8
+index 0000000..74e91b2
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_hash_aux.data
-@@ -0,0 +1,92 @@
+@@ -0,0 +1,97 @@
 +enable_so_spa_set_aux_vdevs_fndecl_746 spa_set_aux_vdevs fndecl 3 746 NULL
 +enable_so_zfs_lookup_fndecl_2144 zfs_lookup fndecl 0 2144 NULL
 +enable_so_mappedread_fndecl_2627 mappedread fndecl 2 2627 NULL
++enable_so_SMACL_Alloc_fndecl_2775 SMACL_Alloc fndecl 1 2775 NULL
 +enable_so_vdev_disk_dio_alloc_fndecl_2957 vdev_disk_dio_alloc fndecl 1 2957 NULL
 +enable_so_nv_alloc_pushpage_spl_fndecl_4286 nv_alloc_pushpage_spl fndecl 2 4286 NULL
 +enable_so_zpl_xattr_get_fndecl_4574 zpl_xattr_get fndecl 0 4574 NULL
@@ -204648,6 +205430,7 @@ index 0000000..17bc0d8
 +enable_so_dmu_snapshot_realname_fndecl_14632 dmu_snapshot_realname fndecl 4 14632 NULL
 +enable_so_kmem_alloc_debug_fndecl_14852 kmem_alloc_debug fndecl 1 14852 NULL
 +enable_so_kmalloc_node_nofail_fndecl_15151 kmalloc_node_nofail fndecl 1 15151 NULL
++enable_so_size_VNet_EventHeader_15382 size VNet_EventHeader 0 15382 NULL
 +enable_so_dmu_write_uio_fndecl_16351 dmu_write_uio fndecl 4 16351 NULL
 +enable_so_zfs_log_write_fndecl_16524 zfs_log_write fndecl 6-5 16524 NULL
 +enable_so_sa_build_layouts_fndecl_16910 sa_build_layouts fndecl 3 16910 NULL
@@ -204676,6 +205459,7 @@ index 0000000..17bc0d8
 +enable_so_zfs_replay_fuids_fndecl_31479 zfs_replay_fuids fndecl 4 31479 NULL
 +enable_so_spa_history_log_to_phys_fndecl_31632 spa_history_log_to_phys fndecl 0-1 31632 NULL
 +enable_so___zpl_xattr_get_fndecl_32601 __zpl_xattr_get fndecl 0 32601 NULL
++enable_so_VNetUserListenerRead_fndecl_34039 VNetUserListenerRead fndecl 4 34039 NULL
 +enable_so_proc_copyout_string_fndecl_34049 proc_copyout_string fndecl 2 34049 NULL
 +enable_so_nv_alloc_sleep_spl_fndecl_34544 nv_alloc_sleep_spl fndecl 2 34544 NULL
 +enable_so_nv_alloc_nosleep_spl_fndecl_34761 nv_alloc_nosleep_spl fndecl 2 34761 NULL
@@ -204709,6 +205493,8 @@ index 0000000..17bc0d8
 +enable_so_zfs_log_write_fndecl_50162 zfs_log_write fndecl 6-5 50162 NULL
 +enable_so_i_fm_alloc_fndecl_51038 i_fm_alloc fndecl 2 51038 NULL
 +enable_so_copyout_fndecl_51409 copyout fndecl 3 51409 NULL
++enable_so_VNetKernel_MemoryAllocate_fndecl_53131 VNetKernel_MemoryAllocate fndecl 1 53131 NULL
++enable_so_VNetUserIfWrite_fndecl_54044 VNetUserIfWrite fndecl 4 54044 NULL
 +enable_so_zvol_log_write_fndecl_54898 zvol_log_write fndecl 4-3 54898 NULL
 +enable_so_zfs_acl_node_alloc_fndecl_55641 zfs_acl_node_alloc fndecl 1 55641 NULL
 +enable_so_get_nvlist_fndecl_56685 get_nvlist fndecl 2 56685 NULL
@@ -204721,13 +205507,13 @@ index 0000000..17bc0d8
 +enable_so_zpios_read_fndecl_64734 zpios_read fndecl 3 64734 NULL
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
 new file mode 100644
-index 0000000..0a679f8
+index 0000000..457ea92
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_ipa.c
 @@ -0,0 +1,1163 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -205890,13 +206676,13 @@ index 0000000..0a679f8
 +#include "gcc-generate-ipa-pass.h"
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
 new file mode 100644
-index 0000000..7f459ed
+index 0000000..b5291e1
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_misc.c
 @@ -0,0 +1,505 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -206401,13 +207187,13 @@ index 0000000..7f459ed
 +
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
 new file mode 100644
-index 0000000..3f8f032
+index 0000000..be40980
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin.c
 @@ -0,0 +1,290 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -206697,13 +207483,13 @@ index 0000000..3f8f032
 +}
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
 new file mode 100644
-index 0000000..87af656
+index 0000000..f24bbc0
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_plugin_hash.c
 @@ -0,0 +1,352 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -207055,13 +207841,13 @@ index 0000000..87af656
 +
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
 new file mode 100644
-index 0000000..eebcf4c
+index 0000000..1f5768d
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform.c
 @@ -0,0 +1,743 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow
@@ -207804,13 +208590,13 @@ index 0000000..eebcf4c
 +}
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
 new file mode 100644
-index 0000000..062204a
+index 0000000..69e3a85
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/size_overflow_transform_core.c
 @@ -0,0 +1,1025 @@
 +/*
 + * Copyright 2011-2016 by Emese Revfy <re.emese@gmail.com>
-+ * Licensed under the GPL v2, or (at your option) v3
++ * Licensed under the GPL v2
 + *
 + * Homepage:
 + * https://github.com/ephox-gcc-plugins/size_overflow


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-21 10:18 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-21 10:18 UTC (permalink / raw
  To: gentoo-commits

commit:     4bff175b49380f941e6d1434a6ab0fb250b2e280
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 21 10:21:03 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jun 21 10:21:03 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=4bff175b

grsecurity-3.1-4.5.7-201606202152

 4.5.7/0000_README                                  |  2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606202152.patch} | 23 +++++++++++++++-------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 7dd453b..068b4c9 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606142010.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606202152.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
index b46e7cf..5ac1e8a 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606142010.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
@@ -115435,7 +115435,7 @@ index ec0e239..ab85b22 100644
  
 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
 new file mode 100644
-index 0000000..f172760
+index 0000000..821601d
 --- /dev/null
 +++ b/grsecurity/Kconfig
 @@ -0,0 +1,1205 @@
@@ -115582,14 +115582,14 @@ index 0000000..f172760
 +config GRKERNSEC_KSTACKOVERFLOW
 +	bool "Prevent kernel stack overflows"
 +	default y if GRKERNSEC_CONFIG_AUTO
-+	depends on !IA64 && 64BIT
++	depends on X86_64
 +	help
 +	  If you say Y here, the kernel's process stacks will be allocated
 +	  with vmalloc instead of the kernel's default allocator.  This
 +	  introduces guard pages that in combination with the alloca checking
-+	  of the STACKLEAK feature prevents all forms of kernel process stack
-+	  overflow abuse.  Note that this is different from kernel stack
-+	  buffer overflows.
++	  of the STACKLEAK feature and removal of thread_info from the kernel
++	  stack prevents all forms of kernel process stack overflow abuse.
++          Note that this is different from kernel stack buffer overflows.
 +
 +config GRKERNSEC_BRUTE
 +	bool "Deter exploit bruteforcing"
@@ -156888,7 +156888,7 @@ index f2280f7..c0a006f 100644
  	struct irlap_cb *self = (struct irlap_cb *) data;
  
 diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index fc3598a..03a184e 100644
+index fc3598a..03a184e3 100644
 --- a/net/iucv/af_iucv.c
 +++ b/net/iucv/af_iucv.c
 @@ -685,10 +685,10 @@ static void __iucv_auto_name(struct iucv_sock *iucv)
@@ -211999,7 +211999,7 @@ index 5105c2c..a5010e6 100644
  extern struct key_type key_type_request_key_auth;
  extern struct key *request_key_auth_new(struct key *target,
 diff --git a/security/keys/key.c b/security/keys/key.c
-index 09ef276..ab2894f 100644
+index 09ef276..357db79 100644
 --- a/security/keys/key.c
 +++ b/security/keys/key.c
 @@ -283,7 +283,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
@@ -212011,6 +212011,15 @@ index 09ef276..ab2894f 100644
  	key->index_key.type = type;
  	key->user = user;
  	key->quotalen = quotalen;
+@@ -582,7 +582,7 @@ int key_reject_and_link(struct key *key,
+ 
+ 	mutex_unlock(&key_construction_mutex);
+ 
+-	if (keyring)
++	if (keyring && link_ret == 0)
+ 		__key_link_end(keyring, &key->index_key, edit);
+ 
+ 	/* wake up anyone waiting for a key to be constructed */
 @@ -1077,7 +1077,9 @@ int register_key_type(struct key_type *ktype)
  	struct key_type *p;
  	int ret;


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-27 10:26 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-27 10:26 UTC (permalink / raw
  To: gentoo-commits

commit:     8bf1f839085fc6cb7cde16cc44895e8203618936
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jun 27 10:28:23 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jun 27 10:28:23 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8bf1f839

grsecurity-3.1-4.5.7-201606262019

 4.5.7/0000_README                                  |    2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606262019.patch} | 1079 +++++++++++++++-----
 2 files changed, 848 insertions(+), 233 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 068b4c9..b74a9dd 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606202152.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606262019.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
index 5ac1e8a..3d3b9d3 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
@@ -1,3 +1,15 @@
+diff --git a/.gitignore b/.gitignore
+index fd3a355..c47e86a 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -37,6 +37,7 @@ modules.builtin
+ Module.symvers
+ *.dwo
+ *.su
++*.c.[012]*.*
+ 
+ #
+ # Top-level generic files
 diff --git a/Documentation/dontdiff b/Documentation/dontdiff
 index 8ea834f..1462492 100644
 --- a/Documentation/dontdiff
@@ -408,7 +420,7 @@ index a93b414..f50a50b 100644
  
  A toggle value indicating if modules are allowed to be loaded
 diff --git a/Makefile b/Makefile
-index 90e4bd9..44d0d41 100644
+index 90e4bd9..66ce952 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -422,16 +434,7 @@ index 90e4bd9..44d0d41 100644
  
  ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1)
  HOSTCFLAGS  += -Wno-unused-value -Wno-unused-parameter \
-@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE
- export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL
- export KBUILD_ARFLAGS
- 
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
-+
- # When compiling out-of-tree modules, put MODVERDIR in the module
- # tree rather than in the kernel tree. The kernel tree might
- # even be read-only.
-@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),)
+@@ -547,7 +549,7 @@ ifeq ($(KBUILD_EXTMOD),)
  # in parallel
  PHONY += scripts
  scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \
@@ -440,23 +443,16 @@ index 90e4bd9..44d0d41 100644
  	$(Q)$(MAKE) $(build)=$(@)
  
  # Objects we will link into vmlinux / subdirs we need to visit
-@@ -622,6 +626,15 @@ endif
+@@ -622,6 +624,8 @@ endif
  # Tell gcc to never replace conditional load with a non-conditional one
  KBUILD_CFLAGS	+= $(call cc-option,--param=allow-store-data-races=0)
  
-+PHONY += gcc-plugins
-+gcc-plugins: scripts_basic
-+ifdef CONFIG_GCC_PLUGINS
-+	$(Q)$(MAKE) $(build)=scripts/gcc-plugins
-+endif
-+	@:
-+
 +include scripts/Makefile.gcc-plugins
 +
  ifdef CONFIG_READABLE_ASM
  # Disable optimizations that make assembler listings hard to read.
  # reorder blocks reorders the control in the function
-@@ -715,7 +728,7 @@ KBUILD_CFLAGS   += $(call cc-option, -gsplit-dwarf, -g)
+@@ -715,7 +719,7 @@ KBUILD_CFLAGS   += $(call cc-option, -gsplit-dwarf, -g)
  else
  KBUILD_CFLAGS	+= -g
  endif
@@ -465,7 +461,7 @@ index 90e4bd9..44d0d41 100644
  endif
  ifdef CONFIG_DEBUG_INFO_DWARF4
  KBUILD_CFLAGS	+= $(call cc-option, -gdwarf-4,)
-@@ -887,7 +900,7 @@ export mod_sign_cmd
+@@ -887,7 +891,7 @@ export mod_sign_cmd
  
  
  ifeq ($(KBUILD_EXTMOD),)
@@ -474,7 +470,7 @@ index 90e4bd9..44d0d41 100644
  
  vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
  		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
+@@ -990,7 +994,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \
  
  archprepare: archheaders archscripts prepare1 scripts_basic
  
@@ -483,7 +479,7 @@ index 90e4bd9..44d0d41 100644
  	$(Q)$(MAKE) $(build)=.
  
  # All the preparing..
-@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
+@@ -1185,7 +1189,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \
  		  Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
  		  signing_key.pem signing_key.priv signing_key.x509	\
  		  x509.genkey extra_certificates signing_key.x509.keyid	\
@@ -496,7 +492,7 @@ index 90e4bd9..44d0d41 100644
  
  # clean - Delete most, but leave enough to build external modules
  #
-@@ -1224,7 +1241,7 @@ distclean: mrproper
+@@ -1224,7 +1232,7 @@ distclean: mrproper
  	@find $(srctree) $(RCS_FIND_IGNORE) \
  		\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
  		-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
@@ -505,6 +501,14 @@ index 90e4bd9..44d0d41 100644
  		-type f -print | xargs rm -f
  
  
+@@ -1443,6 +1451,7 @@ clean: $(clean-dirs)
+ 		-o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \
+ 		-o -name '*.symtypes' -o -name 'modules.order' \
+ 		-o -name modules.builtin -o -name '.tmp_*.o.*' \
++		-o -name '*.c.[012]*.*' \
+ 		-o -name '*.gcno' \) -type f -print | xargs rm -f
+ 
+ # Generate tags for editors
 diff --git a/arch/Kconfig b/arch/Kconfig
 index f6b649d..5ba628b 100644
 --- a/arch/Kconfig
@@ -8882,7 +8886,7 @@ index 2c01665..85a54a8 100644
  			    sechdrs, module);
  #endif
 diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 54ed9c7..681162e 100644
+index 54ed9c7..681162e5 100644
 --- a/arch/powerpc/kernel/process.c
 +++ b/arch/powerpc/kernel/process.c
 @@ -1185,8 +1185,8 @@ void show_regs(struct pt_regs * regs)
@@ -17956,7 +17960,7 @@ index 0224987..0359810 100644
  
  	fprintf(outfile, "const struct vdso_image %s = {\n", name);
 diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
-index b8f69e2..2489643 100644
+index b8f69e2..b142158 100644
 --- a/arch/x86/entry/vdso/vma.c
 +++ b/arch/x86/entry/vdso/vma.c
 @@ -20,10 +20,7 @@
@@ -18012,7 +18016,7 @@ index b8f69e2..2489643 100644
  up_fail:
  	if (ret)
 -		current->mm->context.vdso = NULL;
-+		current->mm->context.vdso = 0;
++		mm->context.vdso = 0;
  
  	up_write(&mm->mmap_sem);
  	return ret;
@@ -21815,14 +21819,14 @@ index 9fb2f2b..8e18c70 100644
  #define MODULES_END	VMALLOC_END
  #define MODULES_LEN	(MODULES_VADDR - MODULES_END)
 diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h
-index 2ee7811..afd76c0 100644
+index 2ee7811..1779bde 100644
 --- a/arch/x86/include/asm/pgtable_64.h
 +++ b/arch/x86/include/asm/pgtable_64.h
 @@ -16,11 +16,17 @@
  
  extern pud_t level3_kernel_pgt[512];
  extern pud_t level3_ident_pgt[512];
-+extern pud_t level3_vmalloc_start_pgt[512];
++extern pud_t level3_vmalloc_start_pgt[4][512];
 +extern pud_t level3_vmalloc_end_pgt[512];
 +extern pud_t level3_vmemmap_pgt[512];
 +extern pud_t level2_vmemmap_pgt[512];
@@ -25822,6 +25826,28 @@ index a316ca9..07e219e 100644
  
  	ret = intel_cqm_setup_rmid_cache();
  	if (ret)
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_cstate.c b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+index 75a38b5..36cb0a9 100644
+--- a/arch/x86/kernel/cpu/perf_event_intel_cstate.c
++++ b/arch/x86/kernel/cpu/perf_event_intel_cstate.c
+@@ -92,14 +92,14 @@
+ #include "perf_event.h"
+ 
+ #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format)		\
+-static ssize_t __cstate_##_var##_show(struct kobject *kobj,	\
+-				struct kobj_attribute *attr,	\
++static ssize_t __cstate_##_var##_show(struct device *dev,	\
++				struct device_attribute *attr,	\
+ 				char *page)			\
+ {								\
+ 	BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE);		\
+ 	return sprintf(page, _format "\n");			\
+ }								\
+-static struct kobj_attribute format_attr_##_var =		\
++static struct device_attribute format_attr_##_var =		\
+ 	__ATTR(_name, 0444, __cstate_##_var##_show, NULL)
+ 
+ static ssize_t cstate_get_attr_cpumask(struct device *dev,
 diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c
 index 9551401..649b91c 100644
 --- a/arch/x86/kernel/cpu/perf_event_intel_ds.c
@@ -27568,7 +27594,7 @@ index 6bc9ae2..33997fe 100644
 +	.fill PAGE_SIZE_asm - GDT_SIZE,1,0
 +	.endr
 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..f429d4f 100644
+index ffdc0e8..60b5d16 100644
 --- a/arch/x86/kernel/head_64.S
 +++ b/arch/x86/kernel/head_64.S
 @@ -20,6 +20,8 @@
@@ -27593,12 +27619,15 @@ index ffdc0e8..f429d4f 100644
  
  	.text
  	__HEAD
-@@ -92,11 +100,33 @@ startup_64:
+@@ -92,11 +100,36 @@ startup_64:
  	 * Fixup the physical addresses in the page table
  	 */
  	addq	%rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
++	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 8(%rip)
++	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 16(%rip)
++	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 24(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
 +	addq	%rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
@@ -27629,7 +27658,7 @@ index ffdc0e8..f429d4f 100644
  
  	/*
  	 * Set up the identity mapping for the switchover.  These
-@@ -180,11 +210,12 @@ ENTRY(secondary_startup_64)
+@@ -180,11 +213,12 @@ ENTRY(secondary_startup_64)
  	/* Sanitize CPU configuration */
  	call verify_cpu
  
@@ -27644,7 +27673,7 @@ index ffdc0e8..f429d4f 100644
  	movq	%rcx, %cr4
  
  	/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +236,21 @@ ENTRY(secondary_startup_64)
+@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64)
  	movl	$MSR_EFER, %ecx
  	rdmsr
  	btsl	$_EFER_SCE, %eax	/* Enable System Call */
@@ -27667,7 +27696,7 @@ index ffdc0e8..f429d4f 100644
  1:	wrmsr				/* Make changes effective */
  
  	/* Setup cr0 */
-@@ -288,6 +330,7 @@ ENTRY(secondary_startup_64)
+@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64)
  	 *	REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
  	 *		address given in m16:64.
  	 */
@@ -27675,7 +27704,7 @@ index ffdc0e8..f429d4f 100644
  	movq	initial_code(%rip),%rax
  	pushq	$0		# fake return address to stop unwinder
  	pushq	$__KERNEL_CS	# set correct cs
-@@ -321,7 +364,7 @@ ENDPROC(start_cpu0)
+@@ -321,7 +367,7 @@ ENDPROC(start_cpu0)
  	.quad	INIT_PER_CPU_VAR(irq_stack_union)
  
  	GLOBAL(stack_start)
@@ -27684,7 +27713,7 @@ index ffdc0e8..f429d4f 100644
  	.word  0
  	__FINITDATA
  
-@@ -401,7 +444,7 @@ early_idt_handler_common:
+@@ -401,7 +447,7 @@ early_idt_handler_common:
  	call dump_stack
  #ifdef CONFIG_KALLSYMS	
  	leaq early_idt_ripmsg(%rip),%rdi
@@ -27693,7 +27722,7 @@ index ffdc0e8..f429d4f 100644
  	call __print_symbol
  #endif
  #endif /* EARLY_PRINTK */
-@@ -430,6 +473,7 @@ ENDPROC(early_idt_handler_common)
+@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common)
  early_recursion_flag:
  	.long 0
  
@@ -27701,7 +27730,7 @@ index ffdc0e8..f429d4f 100644
  #ifdef CONFIG_EARLY_PRINTK
  early_idt_msg:
  	.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +496,67 @@ GLOBAL(name)
+@@ -452,40 +499,70 @@ GLOBAL(name)
  	__INITDATA
  NEXT_PAGE(early_level4_pgt)
  	.fill	511,8,0
@@ -27723,7 +27752,10 @@ index ffdc0e8..f429d4f 100644
  	.org    init_level4_pgt + L4_PAGE_OFFSET*8, 0
  	.quad   level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMALLOC_START*8, 0
-+	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE
++	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*0 + _KERNPG_TABLE
++	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*1 + _KERNPG_TABLE
++	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*2 + _KERNPG_TABLE
++	.quad	level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*3 + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMALLOC_END*8, 0
 +	.quad	level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE
 +	.org	init_level4_pgt + L4_VMEMMAP_START*8, 0
@@ -27750,7 +27782,7 @@ index ffdc0e8..f429d4f 100644
 +#endif
 +
 +NEXT_PAGE(level3_vmalloc_start_pgt)
-+	.fill	512,8,0
++	.fill	4*512,8,0
 +
 +NEXT_PAGE(level3_vmalloc_end_pgt)
 +	.fill	512,8,0
@@ -27781,7 +27813,7 @@ index ffdc0e8..f429d4f 100644
  
  NEXT_PAGE(level2_kernel_pgt)
  	/*
-@@ -502,31 +573,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
  		KERNEL_IMAGE_SIZE/PMD_SIZE)
  
  NEXT_PAGE(level2_fixmap_pgt)
@@ -28964,7 +28996,7 @@ index 005c03e..7000fe4 100644
  			if ((s64)val != *(s32 *)loc)
  				goto overflow;
 diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c
-index 64f9616..c94695d 100644
+index 64f9616..4036384 100644
 --- a/arch/x86/kernel/msr.c
 +++ b/arch/x86/kernel/msr.c
 @@ -39,6 +39,7 @@
@@ -28975,19 +29007,21 @@ index 64f9616..c94695d 100644
  
  #include <asm/processor.h>
  #include <asm/msr.h>
-@@ -83,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
+@@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf,
  	int err = 0;
  	ssize_t bytes = 0;
  
 +#ifdef CONFIG_GRKERNSEC_KMEM
-+	gr_handle_msr_write();
-+	return -EPERM;
++	if (reg != MSR_IA32_ENERGY_PERF_BIAS) {
++		gr_handle_msr_write();
++		return -EPERM;
++	}
 +#endif
 +
  	if (count % 8)
  		return -EINVAL;	/* Invalid chunk size */
  
-@@ -130,6 +136,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
+@@ -130,6 +138,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg)
  			err = -EBADF;
  			break;
  		}
@@ -28998,7 +29032,7 @@ index 64f9616..c94695d 100644
  		if (copy_from_user(&regs, uregs, sizeof regs)) {
  			err = -EFAULT;
  			break;
-@@ -213,7 +223,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
+@@ -213,7 +225,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb,
  	return notifier_from_errno(err);
  }
  
@@ -35741,7 +35775,7 @@ index 740d7ac..4091827 100644
  #endif /* CONFIG_HUGETLB_PAGE */
  
 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..eeba8bb 100644
+index 493f541..d8e6b22 100644
 --- a/arch/x86/mm/init.c
 +++ b/arch/x86/mm/init.c
 @@ -4,6 +4,7 @@
@@ -35780,7 +35814,7 @@ index 493f541..eeba8bb 100644
  	__flush_tlb_all();
  
  	early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +648,40 @@ void __init init_mem_mapping(void)
+@@ -634,10 +648,34 @@ void __init init_mem_mapping(void)
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   */
@@ -35792,37 +35826,30 @@ index 493f541..eeba8bb 100644
 +
  int devmem_is_allowed(unsigned long pagenr)
  {
--	if (pagenr < 256)
 +#ifdef CONFIG_GRKERNSEC_KMEM
 +	/* allow BDA */
 +	if (!pagenr)
- 		return 1;
++		return 1;
 +	/* allow EBDA */
 +	if (pagenr >= ebda_start && pagenr < ebda_end)
 +		return 1;
 +	/* if tboot is in use, allow access to its hardcoded serial log range */
 +	if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
 +		return 1;
-+#else
-+	if (!pagenr)
-+		return 1;
-+#ifdef CONFIG_VM86
-+	if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
-+		return 1;
-+#endif
-+#endif
-+
 +	if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
 +		return 1;
-+#ifdef CONFIG_GRKERNSEC_KMEM
 +	/* throw out everything else below 1MB */
 +	if (pagenr <= 256)
 +		return 0;
++#else
+ 	if (pagenr < 256)
+ 		return 1;
 +#endif
++
  	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
  		return 0;
  	if (!page_is_ram(pagenr))
-@@ -683,8 +727,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
  #endif
  }
  
@@ -38861,14 +38888,17 @@ index e3679db..16b93d1 100644
  
  #ifdef CONFIG_ACPI_NUMA
 diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index c913ca4..a314c65 100644
+index c913ca4..55f8877 100644
 --- a/arch/x86/xen/mmu.c
 +++ b/arch/x86/xen/mmu.c
-@@ -1950,7 +1950,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
  		 * L3_k[511] -> level2_fixmap_pgt */
  		convert_pfn_mfn(level3_kernel_pgt);
  
-+		convert_pfn_mfn(level3_vmalloc_start_pgt);
++		convert_pfn_mfn(level3_vmalloc_start_pgt[0]);
++		convert_pfn_mfn(level3_vmalloc_start_pgt[1]);
++		convert_pfn_mfn(level3_vmalloc_start_pgt[2]);
++		convert_pfn_mfn(level3_vmalloc_start_pgt[3]);
 +		convert_pfn_mfn(level3_vmalloc_end_pgt);
 +		convert_pfn_mfn(level3_vmemmap_pgt);
  		/* L3_k[511][506] -> level1_fixmap_pgt */
@@ -38876,11 +38906,14 @@ index c913ca4..a314c65 100644
  		convert_pfn_mfn(level2_fixmap_pgt);
  	}
  	/* We get [511][511] and have Xen's version of level2_kernel_pgt */
-@@ -1980,11 +1984,22 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
+@@ -1980,11 +1987,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
  		set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
  		set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
  		set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
-+		set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO);
++		set_page_prot(level3_vmalloc_start_pgt[0], PAGE_KERNEL_RO);
++		set_page_prot(level3_vmalloc_start_pgt[1], PAGE_KERNEL_RO);
++		set_page_prot(level3_vmalloc_start_pgt[2], PAGE_KERNEL_RO);
++		set_page_prot(level3_vmalloc_start_pgt[3], PAGE_KERNEL_RO);
 +		set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO);
 +		set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
  		set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
@@ -38900,7 +38933,7 @@ index c913ca4..a314c65 100644
  
  		/* Pin down new L4 */
  		pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
-@@ -2395,6 +2410,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2395,6 +2416,7 @@ static void __init xen_post_allocator_init(void)
  	pv_mmu_ops.set_pud = xen_set_pud;
  #if CONFIG_PGTABLE_LEVELS == 4
  	pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -38908,7 +38941,7 @@ index c913ca4..a314c65 100644
  #endif
  
  	/* This will work as long as patching hasn't happened yet
-@@ -2423,6 +2439,10 @@ static void xen_leave_lazy_mmu(void)
+@@ -2423,6 +2445,10 @@ static void xen_leave_lazy_mmu(void)
  	preempt_enable();
  }
  
@@ -38919,7 +38952,7 @@ index c913ca4..a314c65 100644
  static const struct pv_mmu_ops xen_mmu_ops __initconst = {
  	.read_cr2 = xen_read_cr2,
  	.write_cr2 = xen_write_cr2,
-@@ -2435,7 +2455,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2435,7 +2461,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
  	.flush_tlb_single = xen_flush_tlb_single,
  	.flush_tlb_others = xen_flush_tlb_others,
  
@@ -38928,7 +38961,7 @@ index c913ca4..a314c65 100644
  
  	.pgd_alloc = xen_pgd_alloc,
  	.pgd_free = xen_pgd_free,
-@@ -2472,6 +2492,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2472,6 +2498,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
  	.pud_val = PV_CALLEE_SAVE(xen_pud_val),
  	.make_pud = PV_CALLEE_SAVE(xen_make_pud),
  	.set_pgd = xen_set_pgd_hyper,
@@ -44269,6 +44302,23 @@ index 984c5e9..c873659 100644
  err_out:
  	mutex_unlock(&devfreq_list_lock);
  
+diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c
+index 155c146..0a697f4 100644
+--- a/drivers/dma-buf/dma-buf.c
++++ b/drivers/dma-buf/dma-buf.c
+@@ -835,10 +835,9 @@ static int dma_buf_describe(struct seq_file *s)
+ 
+ static int dma_buf_show(struct seq_file *s, void *unused)
+ {
+-	void (*func)(struct seq_file *) = s->private;
++	int (*func)(struct seq_file *) = s->private;
+ 
+-	func(s);
+-	return 0;
++	return func(s);
+ }
+ 
+ static int dma_buf_debug_open(struct inode *inode, struct file *file)
 diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c
 index 10fcaba..326f709 100644
 --- a/drivers/dma/sh/shdma-base.c
@@ -45707,6 +45757,212 @@ index 7b69070..d7bd78b 100644
  							pqn->q);
  	if (retval != 0)
  		return retval;
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+index ff08ce4..5b8758f 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c
+@@ -239,10 +239,16 @@ int cz_dpm_powergate_vce(struct pp_hwmgr *hwmgr, bool bgate)
+ 
+ static struct phm_master_table_item cz_enable_clock_power_gatings_list[] = {
+ 	/*we don't need an exit table here, because there is only D3 cold on Kv*/
+-	{ phm_cf_want_uvd_power_gating, cz_tf_uvd_power_gating_initialize },
+-	{ phm_cf_want_vce_power_gating, cz_tf_vce_power_gating_initialize },
++	{
++	  .isFunctionNeededInRuntimeTable = phm_cf_want_uvd_power_gating,
++	  .tableFunction = cz_tf_uvd_power_gating_initialize
++	},
++	{
++	  .isFunctionNeededInRuntimeTable = phm_cf_want_vce_power_gating,
++	  .tableFunction = cz_tf_vce_power_gating_initialize
++	},
+ 	/* to do { NULL, cz_tf_xdma_power_gating_enable }, */
+-	{ NULL, NULL }
++	{ }
+ };
+ 
+ struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+index 2ea012e..b4256b4 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c
+@@ -915,13 +915,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr,
+ }
+ 
+ static struct phm_master_table_item cz_set_power_state_list[] = {
+-	{NULL, cz_tf_update_sclk_limit},
+-	{NULL, cz_tf_set_deep_sleep_sclk_threshold},
+-	{NULL, cz_tf_set_watermark_threshold},
+-	{NULL, cz_tf_set_enabled_levels},
+-	{NULL, cz_tf_enable_nb_dpm},
+-	{NULL, cz_tf_update_low_mem_pstate},
+-	{NULL, NULL}
++	{ .tableFunction = cz_tf_update_sclk_limit },
++	{ .tableFunction = cz_tf_set_deep_sleep_sclk_threshold },
++	{ .tableFunction = cz_tf_set_watermark_threshold },
++	{ .tableFunction = cz_tf_set_enabled_levels },
++	{ .tableFunction = cz_tf_enable_nb_dpm },
++	{ .tableFunction = cz_tf_update_low_mem_pstate },
++	{ }
+ };
+ 
+ static struct phm_master_table_header cz_set_power_state_master = {
+@@ -931,15 +931,15 @@ static struct phm_master_table_header cz_set_power_state_master = {
+ };
+ 
+ static struct phm_master_table_item cz_setup_asic_list[] = {
+-	{NULL, cz_tf_reset_active_process_mask},
+-	{NULL, cz_tf_upload_pptable_to_smu},
+-	{NULL, cz_tf_init_sclk_limit},
+-	{NULL, cz_tf_init_uvd_limit},
+-	{NULL, cz_tf_init_vce_limit},
+-	{NULL, cz_tf_init_acp_limit},
+-	{NULL, cz_tf_init_power_gate_state},
+-	{NULL, cz_tf_init_sclk_threshold},
+-	{NULL, NULL}
++	{ .tableFunction = cz_tf_reset_active_process_mask },
++	{ .tableFunction = cz_tf_upload_pptable_to_smu },
++	{ .tableFunction = cz_tf_init_sclk_limit },
++	{ .tableFunction = cz_tf_init_uvd_limit },
++	{ .tableFunction = cz_tf_init_vce_limit },
++	{ .tableFunction = cz_tf_init_acp_limit },
++	{ .tableFunction = cz_tf_init_power_gate_state },
++	{ .tableFunction = cz_tf_init_sclk_threshold },
++	{ }
+ };
+ 
+ static struct phm_master_table_header cz_setup_asic_master = {
+@@ -984,10 +984,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr,
+ }
+ 
+ static struct phm_master_table_item cz_power_down_asic_list[] = {
+-	{NULL, cz_tf_power_up_display_clock_sys_pll},
+-	{NULL, cz_tf_clear_nb_dpm_flag},
+-	{NULL, cz_tf_reset_cc6_data},
+-	{NULL, NULL}
++	{ .tableFunction = cz_tf_power_up_display_clock_sys_pll },
++	{ .tableFunction = cz_tf_clear_nb_dpm_flag },
++	{ .tableFunction = cz_tf_reset_cc6_data },
++	{ }
+ };
+ 
+ static struct phm_master_table_header cz_power_down_asic_master = {
+@@ -1095,8 +1095,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr,
+ }
+ 
+ static struct phm_master_table_item cz_disable_dpm_list[] = {
+-	{ NULL, cz_tf_check_for_dpm_enabled},
+-	{NULL, NULL},
++	{ .tableFunction = cz_tf_check_for_dpm_enabled },
++	{ },
+ };
+ 
+ 
+@@ -1107,13 +1107,13 @@ static struct phm_master_table_header cz_disable_dpm_master = {
+ };
+ 
+ static struct phm_master_table_item cz_enable_dpm_list[] = {
+-	{ NULL, cz_tf_check_for_dpm_disabled },
+-	{ NULL, cz_tf_program_voting_clients },
+-	{ NULL, cz_tf_start_dpm},
+-	{ NULL, cz_tf_program_bootup_state},
+-	{ NULL, cz_tf_enable_didt },
+-	{ NULL, cz_tf_reset_acp_boot_level },
+-	{NULL, NULL},
++	{ .tableFunction = cz_tf_check_for_dpm_disabled },
++	{ .tableFunction = cz_tf_program_voting_clients },
++	{ .tableFunction = cz_tf_start_dpm },
++	{ .tableFunction = cz_tf_program_bootup_state },
++	{ .tableFunction = cz_tf_enable_didt },
++	{ .tableFunction = cz_tf_reset_acp_boot_level },
++	{ },
+ };
+ 
+ static struct phm_master_table_header cz_enable_dpm_master = {
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+index e76a7de..ae5fb7e 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c
+@@ -617,17 +617,17 @@ static int tf_fiji_thermal_disable_alert(struct pp_hwmgr *hwmgr,
+ 
+ static struct phm_master_table_item
+ fiji_thermal_start_thermal_controller_master_list[] = {
+-	{NULL, tf_fiji_thermal_initialize},
+-	{NULL, tf_fiji_thermal_set_temperature_range},
+-	{NULL, tf_fiji_thermal_enable_alert},
++	{ .tableFunction = tf_fiji_thermal_initialize},
++	{ .tableFunction = tf_fiji_thermal_set_temperature_range},
++	{ .tableFunction = tf_fiji_thermal_enable_alert},
+ /* We should restrict performance levels to low before we halt the SMC.
+  * On the other hand we are still in boot state when we do this
+  * so it would be pointless.
+  * If this assumption changes we have to revisit this table.
+  */
+-	{NULL, tf_fiji_thermal_setup_fan_table},
+-	{NULL, tf_fiji_thermal_start_smc_fan_control},
+-	{NULL, NULL}
++	{ .tableFunction = tf_fiji_thermal_setup_fan_table},
++	{ .tableFunction = tf_fiji_thermal_start_smc_fan_control},
++	{ }
+ };
+ 
+ static struct phm_master_table_header
+@@ -639,10 +639,10 @@ fiji_thermal_start_thermal_controller_master = {
+ 
+ static struct phm_master_table_item
+ fiji_thermal_set_temperature_range_master_list[] = {
+-	{NULL, tf_fiji_thermal_disable_alert},
+-	{NULL, tf_fiji_thermal_set_temperature_range},
+-	{NULL, tf_fiji_thermal_enable_alert},
+-	{NULL, NULL}
++	{ .tableFunction = tf_fiji_thermal_disable_alert},
++	{ .tableFunction = tf_fiji_thermal_set_temperature_range},
++	{ .tableFunction = tf_fiji_thermal_enable_alert},
++	{ }
+ };
+ 
+ struct phm_master_table_header
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+index a188174..74acdc0 100644
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c
+@@ -526,16 +526,16 @@ static int tf_tonga_thermal_disable_alert(struct pp_hwmgr *hwmgr, void *input, v
+ }
+ 
+ static struct phm_master_table_item tonga_thermal_start_thermal_controller_master_list[] = {
+-	{ NULL, tf_tonga_thermal_initialize },
+-	{ NULL, tf_tonga_thermal_set_temperature_range },
+-	{ NULL, tf_tonga_thermal_enable_alert },
++	{ .tableFunction = tf_tonga_thermal_initialize },
++	{ .tableFunction = tf_tonga_thermal_set_temperature_range },
++	{ .tableFunction = tf_tonga_thermal_enable_alert },
+ /* We should restrict performance levels to low before we halt the SMC.
+  * On the other hand we are still in boot state when we do this so it would be pointless.
+  * If this assumption changes we have to revisit this table.
+  */
+-	{ NULL, tf_tonga_thermal_setup_fan_table},
+-	{ NULL, tf_tonga_thermal_start_smc_fan_control},
+-	{ NULL, NULL }
++	{ .tableFunction = tf_tonga_thermal_setup_fan_table},
++	{ .tableFunction = tf_tonga_thermal_start_smc_fan_control},
++	{ }
+ };
+ 
+ static struct phm_master_table_header tonga_thermal_start_thermal_controller_master = {
+@@ -545,10 +545,10 @@ static struct phm_master_table_header tonga_thermal_start_thermal_controller_mas
+ };
+ 
+ static struct phm_master_table_item tonga_thermal_set_temperature_range_master_list[] = {
+-	{ NULL, tf_tonga_thermal_disable_alert},
+-	{ NULL, tf_tonga_thermal_set_temperature_range},
+-	{ NULL, tf_tonga_thermal_enable_alert},
+-	{ NULL, NULL }
++	{ .tableFunction = tf_tonga_thermal_disable_alert},
++	{ .tableFunction = tf_tonga_thermal_set_temperature_range},
++	{ .tableFunction = tf_tonga_thermal_enable_alert},
++	{ }
+ };
+ 
+ struct phm_master_table_header tonga_thermal_set_temperature_range_master = {
 diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
 index 8b2becd..2d8f572 100644
 --- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c
@@ -48656,6 +48912,29 @@ index c13fb5b..55a3802 100644
  		return -EFAULT;
  
  	*off += size;
+diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c
+index 2f1ddca..700145b 100644
+--- a/drivers/hid/usbhid/hiddev.c
++++ b/drivers/hid/usbhid/hiddev.c
+@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd,
+ 					goto inval;
+ 			} else if (uref->usage_index >= field->report_count)
+ 				goto inval;
+-
+-			else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
+-				 (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
+-				  uref->usage_index + uref_multi->num_values > field->report_count))
+-				goto inval;
+ 		}
+ 
++		if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) &&
++		    (uref_multi->num_values > HID_MAX_MULTI_USAGES ||
++		     uref->usage_index + uref_multi->num_values > field->report_count))
++			goto inval;
++
+ 		switch (cmd) {
+ 		case HIDIOCGUSAGE:
+ 			uref->value = field->value[uref->usage_index];
 diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c
 index 1161d68..7a42e2c 100644
 --- a/drivers/hv/channel.c
@@ -48681,27 +48960,76 @@ index 1161d68..7a42e2c 100644
  	packetlen_aligned = ALIGN(packetlen, sizeof(u64));
  
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 11bca51..17bdc9b 100644
+index 11bca51..360c83e 100644
 --- a/drivers/hv/hv.c
 +++ b/drivers/hv/hv.c
-@@ -95,7 +95,7 @@ u64 hv_do_hypercall(u64 control, void *input, void *output)
+@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = {
+ };
+ #endif
+ 
++extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE);
++asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;");
+ 
+ /*
+  * hv_init - Main initialization routine.
+@@ -193,7 +195,6 @@ int hv_init(void)
  {
- 	u64 input_address = (input) ? virt_to_phys(input) : 0;
- 	u64 output_address = (output) ? virt_to_phys(output) : 0;
--	void *hypercall_page = hv_context.hypercall_page;
-+	void *hypercall_page = (void *)ktva_ktla((unsigned long)hv_context.hypercall_page);
- #ifdef CONFIG_X86_64
- 	u64 hv_status = 0;
+ 	int max_leaf;
+ 	union hv_x64_msr_hypercall_contents hypercall_msr;
+-	void *virtaddr = NULL;
  
-@@ -218,7 +218,7 @@ int hv_init(void)
+ 	memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
+ 	memset(hv_context.synic_message_page, 0,
+@@ -218,14 +219,9 @@ int hv_init(void)
  	/* See if the hypercall page is already set */
  	rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
  
 -	virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC);
-+	virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX);
+-
+-	if (!virtaddr)
+-		goto cleanup;
+-
+ 	hypercall_msr.enable = 1;
  
- 	if (!virtaddr)
+-	hypercall_msr.guest_physical_address = vmalloc_to_pfn(virtaddr);
++	hypercall_msr.guest_physical_address = __phys_to_pfn(__pa(ktla_ktva((unsigned long)hv_hypercall_page)));
+ 	wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+ 
+ 	/* Confirm that hypercall page did get setup. */
+@@ -235,7 +231,7 @@ int hv_init(void)
+ 	if (!hypercall_msr.enable)
  		goto cleanup;
+ 
+-	hv_context.hypercall_page = virtaddr;
++	hv_context.hypercall_page = hv_hypercall_page;
+ 
+ #ifdef CONFIG_X86_64
+ 	if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
+@@ -259,13 +255,9 @@ int hv_init(void)
+ 	return 0;
+ 
+ cleanup:
+-	if (virtaddr) {
+-		if (hypercall_msr.enable) {
+-			hypercall_msr.as_uint64 = 0;
+-			wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+-		}
+-
+-		vfree(virtaddr);
++	if (hypercall_msr.enable) {
++		hypercall_msr.as_uint64 = 0;
++		wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+ 	}
+ 
+ 	return -ENOTSUPP;
+@@ -286,7 +278,6 @@ void hv_cleanup(void)
+ 	if (hv_context.hypercall_page) {
+ 		hypercall_msr.as_uint64 = 0;
+ 		wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
+-		vfree(hv_context.hypercall_page);
+ 		hv_context.hypercall_page = NULL;
+ 	}
+ 
 diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c
 index b853b4b..3647b37 100644
 --- a/drivers/hv/hv_balloon.c
@@ -67848,10 +68176,25 @@ index 3f155e7..0f4b1f0 100644
  		    &proc_bus_pci_dev_operations);
  	proc_initialized = 1;
 diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
-index 7796d0a..c83b0ae 100644
+index 7796d0a..2f9d2f6 100644
 --- a/drivers/pci/setup-bus.c
 +++ b/drivers/pci/setup-bus.c
-@@ -1115,7 +1115,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
+@@ -406,8 +406,12 @@ static void __assign_resources_sorted(struct list_head *head,
+ 
+ 	/* Update res in head list with add_size in realloc_head list */
+ 	list_for_each_entry_safe(dev_res, tmp_res, head, list) {
+-		dev_res->res->end += get_res_add_size(realloc_head,
+-							dev_res->res);
++		resource_size_t add_size = get_res_add_size(realloc_head, dev_res->res);
++
++		if (dev_res->res->start == 0 && dev_res->res->end == RESOURCE_SIZE_MAX)
++			dev_res->res->end = add_size - 1;
++		else
++			dev_res->res->end += get_res_add_size(realloc_head, dev_res->res);
+ 
+ 		/*
+ 		 * There are two kinds of additional resources in the list:
+@@ -1115,7 +1119,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask,
  	return 0;
  }
  
@@ -97715,7 +98058,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..50eef0a 100644
+index dcd4ac7..f651515 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -97924,7 +98267,14 @@ index dcd4ac7..50eef0a 100644
  	/*
  	 * cover the whole range: [new_start, old_end)
  	 */
-@@ -681,10 +727,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
+@@ -675,20 +721,16 @@ int setup_arg_pages(struct linux_binprm *bprm,
+ 	stack_base = PAGE_ALIGN(stack_top - stack_base);
+ 
+ 	stack_shift = vma->vm_start - stack_base;
+-	mm->arg_start = bprm->p - stack_shift;
++	mm->arg_end = mm->arg_start = bprm->p - stack_shift;
+ 	bprm->p = vma->vm_end - stack_shift;
+ #else
  	stack_top = arch_align_stack(stack_top);
  	stack_top = PAGE_ALIGN(stack_top);
  
@@ -97935,6 +98285,11 @@ index dcd4ac7..50eef0a 100644
  	stack_shift = vma->vm_end - stack_top;
  
  	bprm->p -= stack_shift;
+-	mm->arg_start = bprm->p;
++	mm->arg_end = mm->arg_start = bprm->p;
+ #endif
+ 
+ 	if (bprm->loader)
 @@ -696,8 +738,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
  	bprm->exec -= stack_shift;
  
@@ -103205,7 +103560,7 @@ index 7824bfb..bddd8a4 100644
  out:
  	return len;
 diff --git a/fs/namespace.c b/fs/namespace.c
-index 4fb1691..a518f2e0 100644
+index 4fb1691..3077a5c 100644
 --- a/fs/namespace.c
 +++ b/fs/namespace.c
 @@ -1516,6 +1516,9 @@ static int do_umount(struct mount *mnt, int flags)
@@ -103292,16 +103647,15 @@ index 4fb1691..a518f2e0 100644
  	atomic_set(&new_ns->count, 1);
  	new_ns->root = NULL;
  	INIT_LIST_HEAD(&new_ns->list);
-@@ -2778,7 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
+@@ -2778,6 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns)
  	return new_ns;
  }
  
--struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
-+__latent_entropy struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
++__latent_entropy
+ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns,
  		struct user_namespace *user_ns, struct fs_struct *new_fs)
  {
- 	struct mnt_namespace *new_ns;
-@@ -2899,8 +2918,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2899,8 +2919,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
  }
  EXPORT_SYMBOL(mount_subtree);
  
@@ -103312,7 +103666,7 @@ index 4fb1691..a518f2e0 100644
  {
  	int ret;
  	char *kernel_type;
-@@ -3006,6 +3025,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -3006,6 +3026,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
  	if (error)
  		goto out2;
  
@@ -103324,7 +103678,7 @@ index 4fb1691..a518f2e0 100644
  	get_fs_root(current->fs, &root);
  	old_mp = lock_mount(&old);
  	error = PTR_ERR(old_mp);
-@@ -3324,7 +3348,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
+@@ -3324,7 +3349,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns)
  	    !ns_capable(current_user_ns(), CAP_SYS_ADMIN))
  		return -EPERM;
  
@@ -106266,7 +106620,7 @@ index 4123551..813b403 100644
  
  #endif   /* _NFSD4_CURRENT_STATE_H */
 diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c
-index 1580ea6..9c7f44f 100644
+index 1580ea6..5d74e50 100644
 --- a/fs/nfsd/nfs2acl.c
 +++ b/fs/nfsd/nfs2acl.c
 @@ -27,9 +27,10 @@ nfsacld_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106296,6 +106650,47 @@ index 1580ea6..9c7f44f 100644
  	struct inode *inode;
  	svc_fh *fh;
  	__be32 nfserr = 0;
+@@ -104,22 +105,21 @@ static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp,
+ 		goto out;
+ 
+ 	inode = d_inode(fh->fh_dentry);
+-	if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+-		error = -EOPNOTSUPP;
+-		goto out_errno;
+-	}
+ 
+ 	error = fh_want_write(fh);
+ 	if (error)
+ 		goto out_errno;
+ 
+-	error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++	fh_lock(fh);
++
++	error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ 	if (error)
+-		goto out_drop_write;
+-	error = inode->i_op->set_acl(inode, argp->acl_default,
+-				     ACL_TYPE_DEFAULT);
++		goto out_drop_lock;
++	error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+ 	if (error)
+-		goto out_drop_write;
++		goto out_drop_lock;
++
++	fh_unlock(fh);
+ 
+ 	fh_drop_write(fh);
+ 
+@@ -131,7 +131,8 @@ out:
+ 	posix_acl_release(argp->acl_access);
+ 	posix_acl_release(argp->acl_default);
+ 	return nfserr;
+-out_drop_write:
++out_drop_lock:
++	fh_unlock(fh);
+ 	fh_drop_write(fh);
+ out_errno:
+ 	nfserr = nfserrno(error);
 @@ -141,9 +142,10 @@ out_errno:
  /*
   * Check file attributes
@@ -106472,7 +106867,7 @@ index 1580ea6..9c7f44f 100644
     sizeof(struct nfsd3_##rest##res),		\
     0,						\
 diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c
-index 01df4cd..f11e111 100644
+index 01df4cd..36a8d76 100644
 --- a/fs/nfsd/nfs3acl.c
 +++ b/fs/nfsd/nfs3acl.c
 @@ -26,9 +26,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp)
@@ -106502,7 +106897,37 @@ index 01df4cd..f11e111 100644
  	struct inode *inode;
  	svc_fh *fh;
  	__be32 nfserr = 0;
-@@ -125,9 +126,10 @@ out:
+@@ -95,22 +96,20 @@ static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp,
+ 		goto out;
+ 
+ 	inode = d_inode(fh->fh_dentry);
+-	if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) {
+-		error = -EOPNOTSUPP;
+-		goto out_errno;
+-	}
+ 
+ 	error = fh_want_write(fh);
+ 	if (error)
+ 		goto out_errno;
+ 
+-	error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS);
++	fh_lock(fh);
++
++	error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access);
+ 	if (error)
+-		goto out_drop_write;
+-	error = inode->i_op->set_acl(inode, argp->acl_default,
+-				     ACL_TYPE_DEFAULT);
++		goto out_drop_lock;
++	error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default);
+ 
+-out_drop_write:
++out_drop_lock:
++	fh_unlock(fh);
+ 	fh_drop_write(fh);
+ out_errno:
+ 	nfserr = nfserrno(error);
+@@ -125,9 +124,10 @@ out:
  /*
   * XDR decode functions
   */
@@ -106515,7 +106940,7 @@ index 01df4cd..f11e111 100644
  	p = nfs3svc_decode_fh(p, &args->fh);
  	if (!p)
  		return 0;
-@@ -137,9 +139,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -137,9 +137,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p,
  }
  
  
@@ -106528,7 +106953,7 @@ index 01df4cd..f11e111 100644
  	struct kvec *head = rqstp->rq_arg.head;
  	unsigned int base;
  	int n;
-@@ -168,9 +171,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
+@@ -168,9 +169,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p,
   */
  
  /* GETACL */
@@ -106541,7 +106966,7 @@ index 01df4cd..f11e111 100644
  	struct dentry *dentry = resp->fh.fh_dentry;
  
  	p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
-@@ -213,9 +217,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -213,9 +215,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p,
  }
  
  /* SETACL */
@@ -106554,7 +106979,7 @@ index 01df4cd..f11e111 100644
  	p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh);
  
  	return xdr_ressize_check(rqstp, p);
-@@ -224,9 +229,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
+@@ -224,9 +227,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p,
  /*
   * XDR release functions
   */
@@ -106567,7 +106992,7 @@ index 01df4cd..f11e111 100644
  	fh_put(&resp->fh);
  	posix_acl_release(resp->acl_access);
  	posix_acl_release(resp->acl_default);
-@@ -240,10 +246,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
+@@ -240,10 +244,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p,
  struct nfsd3_voidargs { int dummy; };
  
  #define PROC(name, argt, rest, relt, cache, respsize)	\
@@ -107598,6 +108023,45 @@ index 2246454..b866de8 100644
  	fh_put(&resp->fh1);
  	fh_put(&resp->fh2);
  	return 1;
+diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c
+index 6adabd6..71292a0 100644
+--- a/fs/nfsd/nfs4acl.c
++++ b/fs/nfsd/nfs4acl.c
+@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ 	dentry = fhp->fh_dentry;
+ 	inode = d_inode(dentry);
+ 
+-	if (!inode->i_op->set_acl || !IS_POSIXACL(inode))
+-		return nfserr_attrnotsupp;
+-
+ 	if (S_ISDIR(inode->i_mode))
+ 		flags = NFS4_ACL_DIR;
+ 
+@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp,
+ 	if (host_error < 0)
+ 		goto out_nfserr;
+ 
+-	host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS);
++	fh_lock(fhp);
++
++	host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl);
+ 	if (host_error < 0)
+-		goto out_release;
++		goto out_drop_lock;
+ 
+ 	if (S_ISDIR(inode->i_mode)) {
+-		host_error = inode->i_op->set_acl(inode, dpacl,
+-						  ACL_TYPE_DEFAULT);
++		host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl);
+ 	}
+ 
+-out_release:
++out_drop_lock:
++	fh_unlock(fhp);
++
+ 	posix_acl_release(pacl);
+ 	posix_acl_release(dpacl);
+ out_nfserr:
 diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c
 index 7389cb1..e031e30d 100644
 --- a/fs/nfsd/nfs4callback.c
@@ -112182,7 +112646,7 @@ index ab8dad3..932cb27 100644
  
  		if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) {
 diff --git a/fs/posix_acl.c b/fs/posix_acl.c
-index 711dd51..e55fd79 100644
+index 711dd51..afa7a82 100644
 --- a/fs/posix_acl.c
 +++ b/fs/posix_acl.c
 @@ -20,6 +20,7 @@
@@ -112262,6 +112726,74 @@ index 711dd51..e55fd79 100644
  				acl_e->e_gid =
  					make_kgid(user_ns,
  						  le32_to_cpu(entry->e_id));
+@@ -786,39 +797,47 @@ posix_acl_xattr_get(const struct xattr_handler *handler,
+ 	return error;
+ }
+ 
++int
++set_posix_acl(struct inode *inode, int type, struct posix_acl *acl)
++{
++	if (!IS_POSIXACL(inode))
++		return -EOPNOTSUPP;
++	if (!inode->i_op->set_acl)
++		return -EOPNOTSUPP;
++
++	if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
++		return acl ? -EACCES : 0;
++	if (!inode_owner_or_capable(inode))
++		return -EPERM;
++
++	if (acl) {
++		int ret = posix_acl_valid(acl);
++		if (ret)
++			return ret;
++	}
++	return inode->i_op->set_acl(inode, acl, type);
++}
++EXPORT_SYMBOL(set_posix_acl);
++
+ static int
+ posix_acl_xattr_set(const struct xattr_handler *handler,
+-		    struct dentry *dentry, const char *name,
+-		    const void *value, size_t size, int flags)
++		    struct dentry *dentry,
++		    const char *name, const void *value,
++		    size_t size, int flags)
+ {
+ 	struct inode *inode = d_backing_inode(dentry);
+ 	struct posix_acl *acl = NULL;
+ 	int ret;
+ 
+-	if (!IS_POSIXACL(inode))
+-		return -EOPNOTSUPP;
+-	if (!inode->i_op->set_acl)
+-		return -EOPNOTSUPP;
+-
+-	if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode))
+-		return value ? -EACCES : 0;
+-	if (!inode_owner_or_capable(inode))
+-		return -EPERM;
++	if (strcmp(name, "") != 0)
++		return -EINVAL;
+ 
+ 	if (value) {
+ 		acl = posix_acl_from_xattr(&init_user_ns, value, size);
+ 		if (IS_ERR(acl))
+ 			return PTR_ERR(acl);
+-
+-		if (acl) {
+-			ret = posix_acl_valid(acl);
+-			if (ret)
+-				goto out;
+-		}
+ 	}
+-
+-	ret = inode->i_op->set_acl(inode, acl, handler->flags);
+-out:
++	ret = set_posix_acl(inode, handler->flags, acl);
+ 	posix_acl_release(acl);
+ 	return ret;
+ }
 diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
 index 1ade120..a86f1a2 100644
 --- a/fs/proc/Kconfig
@@ -128108,7 +128640,7 @@ index a76c917..75d6aeb 100644
  asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t);
  /*
 diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h
-index eeae401..c108d27 100644
+index eeae401..985c04d 100644
 --- a/include/linux/compiler-gcc.h
 +++ b/include/linux/compiler-gcc.h
 @@ -116,9 +116,9 @@
@@ -128124,7 +128656,7 @@ index eeae401..c108d27 100644
  #define __maybe_unused		__attribute__((unused))
  #define __always_unused		__attribute__((unused))
  
-@@ -184,9 +184,39 @@
+@@ -184,9 +184,41 @@
  # define __compiletime_warning(message) __attribute__((warning(message)))
  # define __compiletime_error(message) __attribute__((error(message)))
  #endif /* __CHECKER__ */
@@ -128153,9 +128685,11 @@ index eeae401..c108d27 100644
 +#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__)))
 +#endif
 +
++#ifndef __CHECKER__
 +#ifdef LATENT_ENTROPY_PLUGIN
 +#define __latent_entropy __attribute__((latent_entropy))
 +#endif
++#endif
 +
 +#ifdef INITIFY_PLUGIN
 +#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__)))
@@ -130605,34 +131139,24 @@ index ba7a9b0..33a0237 100644
  extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
  extern void unregister_pppox_proto(int proto_num);
 diff --git a/include/linux/init.h b/include/linux/init.h
-index b449f37..61005b3 100644
+index b449f37..3416791 100644
 --- a/include/linux/init.h
 +++ b/include/linux/init.h
-@@ -37,9 +37,17 @@
-  * section.
-  */
+@@ -39,7 +39,7 @@
  
-+#define add_init_latent_entropy __latent_entropy
-+
-+#ifdef CONFIG_MEMORY_HOTPLUG
-+#define add_meminit_latent_entropy
-+#else
-+#define add_meminit_latent_entropy __latent_entropy
-+#endif
-+
  /* These are for everybody (although not all archs will actually
     discard it in modules) */
 -#define __init		__section(.init.text) __cold notrace
-+#define __init		__section(.init.text) __cold notrace add_init_latent_entropy
++#define __init		__section(.init.text) __cold notrace __latent_entropy
  #define __initdata	__section(.init.data)
  #define __initconst	__constsection(.init.rodata)
  #define __exitdata	__section(.exit.data)
-@@ -92,7 +100,7 @@
+@@ -92,7 +92,7 @@
  #define __exit          __section(.exit.text) __exitused __cold notrace
  
  /* Used for MEMORY_HOTPLUG */
 -#define __meminit        __section(.meminit.text) __cold notrace
-+#define __meminit        __section(.meminit.text) __cold notrace add_meminit_latent_entropy
++#define __meminit        __section(.meminit.text) __cold notrace __latent_entropy
  #define __meminitdata    __section(.meminit.data)
  #define __meminitconst   __constsection(.meminit.rodata)
  #define __memexit        __section(.memexit.text) __exitused __cold notrace
@@ -132727,7 +133251,7 @@ index b2505ac..5f7ab55 100644
  extern bool qid_valid(struct kqid qid);
  
 diff --git a/include/linux/random.h b/include/linux/random.h
-index 9c29122..9112a5b9 100644
+index 9c29122..f94151b 100644
 --- a/include/linux/random.h
 +++ b/include/linux/random.h
 @@ -18,9 +18,19 @@ struct random_ready_callback {
@@ -132735,14 +133259,14 @@ index 9c29122..9112a5b9 100644
  
  extern void add_device_randomness(const void *, unsigned int);
 +
++#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__)
 +static inline void add_latent_entropy(void)
 +{
-+
-+#ifdef LATENT_ENTROPY_PLUGIN
 +	add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+#endif
-+
 +}
++#else
++static inline void add_latent_entropy(void) {}
++#endif
 +
  extern void add_input_randomness(unsigned int type, unsigned int code,
 -				 unsigned int value);
@@ -134629,10 +135153,21 @@ index 00c9d68..bc0188b 100644
  
  struct tty_ldisc {
 diff --git a/include/linux/types.h b/include/linux/types.h
-index 70dd3df..c61727f 100644
+index 70dd3df..7950943 100644
 --- a/include/linux/types.h
 +++ b/include/linux/types.h
-@@ -176,10 +176,26 @@ typedef struct {
+@@ -160,8 +160,10 @@ typedef unsigned __bitwise__ oom_flags_t;
+ 
+ #ifdef CONFIG_PHYS_ADDR_T_64BIT
+ typedef u64 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULLONG_MAX
+ #else
+ typedef u32 phys_addr_t;
++#define RESOURCE_SIZE_MAX ULONG_MAX
+ #endif
+ 
+ typedef phys_addr_t resource_size_t;
+@@ -176,10 +178,26 @@ typedef struct {
  	int counter;
  } atomic_t;
  
@@ -136759,20 +137294,6 @@ index 2232080..ae4d217 100644
  	help
  	  Randomizing heap placement makes heap exploits harder, but it
  	  also breaks ancient binaries (including anything libc5 based).
-diff --git a/init/Makefile b/init/Makefile
-index 7bc47ee..6da2dc7 100644
---- a/init/Makefile
-+++ b/init/Makefile
-@@ -2,6 +2,9 @@
- # Makefile for the linux kernel.
- #
- 
-+ccflags-y := $(GCC_PLUGINS_CFLAGS)
-+asflags-y := $(GCC_PLUGINS_AFLAGS)
-+
- obj-y                          := main.o version.o mounts.o
- ifneq ($(CONFIG_BLK_DEV_INITRD),y)
- obj-y                          += noinitramfs.o
 diff --git a/init/do_mounts.c b/init/do_mounts.c
 index dea5de9..497f996 100644
 --- a/init/do_mounts.c
@@ -148942,7 +149463,7 @@ index 62bbf35..04d12eb 100644
  	struct bdi_writeback *wb = dtc->wb;
  	unsigned long write_bw = wb->avg_write_bandwidth;
 diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 1d11790..1cc6074 100644
+index 1d11790..6d640cb 100644
 --- a/mm/page_alloc.c
 +++ b/mm/page_alloc.c
 @@ -63,6 +63,7 @@
@@ -148990,7 +149511,6 @@ index 1d11790..1cc6074 100644
  	local_irq_restore(flags);
  }
  
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
 +bool __meminitdata extra_latent_entropy;
 +
 +static int __init setup_pax_extra_latent_entropy(char *str)
@@ -149000,6 +149520,7 @@ index 1d11790..1cc6074 100644
 +}
 +early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy);
 +
++#ifdef LATENT_ENTROPY_PLUGIN
 +volatile u64 latent_entropy __latent_entropy;
 +EXPORT_SYMBOL(latent_entropy);
 +#endif
@@ -149007,11 +149528,10 @@ index 1d11790..1cc6074 100644
  static void __init __free_pages_boot_core(struct page *page,
  					unsigned long pfn, unsigned int order)
  {
-@@ -1059,6 +1084,19 @@ static void __init __free_pages_boot_core(struct page *page,
+@@ -1059,6 +1084,21 @@ static void __init __free_pages_boot_core(struct page *page,
  	__ClearPageReserved(p);
  	set_page_count(p, 0);
  
-+#ifdef CONFIG_PAX_LATENT_ENTROPY
 +	if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) {
 +		u64 hash = 0;
 +		size_t index, end = PAGE_SIZE * nr_pages / sizeof hash;
@@ -149019,15 +149539,18 @@ index 1d11790..1cc6074 100644
 +
 +		for (index = 0; index < end; index++)
 +			hash ^= hash + data[index];
++#ifdef LATENT_ENTROPY_PLUGIN
 +		latent_entropy ^= hash;
 +		add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy));
-+	}
++#else
++		add_device_randomness((const void *)&hash, sizeof(hash));
 +#endif
++	}
 +
  	page_zone(page)->managed_pages += nr_pages;
  	set_page_refcounted(page);
  	__free_pages(page, order);
-@@ -1115,7 +1153,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
+@@ -1115,7 +1155,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node,
  }
  #endif
  
@@ -149035,7 +149558,7 @@ index 1d11790..1cc6074 100644
  void __init __free_pages_bootmem(struct page *page, unsigned long pfn,
  							unsigned int order)
  {
-@@ -1419,9 +1456,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
+@@ -1419,9 +1458,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags,
  	kernel_map_pages(page, 1 << order, 1);
  	kasan_alloc_pages(page, order);
  
@@ -149047,7 +149570,7 @@ index 1d11790..1cc6074 100644
  
  	if (order && (gfp_flags & __GFP_COMP))
  		prep_compound_page(page, order);
-@@ -1955,8 +1994,9 @@ static void drain_pages(unsigned int cpu)
+@@ -1955,8 +1996,9 @@ static void drain_pages(unsigned int cpu)
   * The CPU has to be pinned. When zone parameter is non-NULL, spill just
   * the single zone's pages.
   */
@@ -149058,7 +149581,7 @@ index 1d11790..1cc6074 100644
  	int cpu = smp_processor_id();
  
  	if (zone)
-@@ -2016,8 +2056,7 @@ void drain_all_pages(struct zone *zone)
+@@ -2016,8 +2058,7 @@ void drain_all_pages(struct zone *zone)
  		else
  			cpumask_clear_cpu(cpu, &cpus_with_pcps);
  	}
@@ -149068,7 +149591,7 @@ index 1d11790..1cc6074 100644
  }
  
  #ifdef CONFIG_HIBERNATION
-@@ -2289,7 +2328,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
+@@ -2289,7 +2330,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone,
  	}
  
  	__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order));
@@ -149077,7 +149600,7 @@ index 1d11790..1cc6074 100644
  	    !test_bit(ZONE_FAIR_DEPLETED, &zone->flags))
  		set_bit(ZONE_FAIR_DEPLETED, &zone->flags);
  
-@@ -2506,7 +2545,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
+@@ -2506,7 +2547,7 @@ static void reset_alloc_batches(struct zone *preferred_zone)
  	do {
  		mod_zone_page_state(zone, NR_ALLOC_BATCH,
  			high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -149086,7 +149609,7 @@ index 1d11790..1cc6074 100644
  		clear_bit(ZONE_FAIR_DEPLETED, &zone->flags);
  	} while (zone++ != preferred_zone);
  }
-@@ -6100,7 +6139,7 @@ static void __setup_per_zone_wmarks(void)
+@@ -6100,7 +6141,7 @@ static void __setup_per_zone_wmarks(void)
  
  		__mod_zone_page_state(zone, NR_ALLOC_BATCH,
  			high_wmark_pages(zone) - low_wmark_pages(zone) -
@@ -153559,6 +154082,33 @@ index 30d875d..760f4f1 100644
  err_alloc:
  	return -ENOMEM;
  }
+diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c
+index c35fdfa..063ef67 100644
+--- a/net/ieee802154/core.c
++++ b/net/ieee802154/core.c
+@@ -110,7 +110,7 @@ struct wpan_phy *wpan_phy_idx_to_wpan_phy(int wpan_phy_idx)
+ struct wpan_phy *
+ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+ {
+-	static atomic_t wpan_phy_counter = ATOMIC_INIT(0);
++	static atomic_unchecked_t wpan_phy_counter = ATOMIC_INIT(0);
+ 	struct cfg802154_registered_device *rdev;
+ 	size_t alloc_size;
+ 
+@@ -121,11 +121,11 @@ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size)
+ 
+ 	rdev->ops = ops;
+ 
+-	rdev->wpan_phy_idx = atomic_inc_return(&wpan_phy_counter);
++	rdev->wpan_phy_idx = atomic_inc_return_unchecked(&wpan_phy_counter);
+ 
+ 	if (unlikely(rdev->wpan_phy_idx < 0)) {
+ 		/* ugh, wrapped! */
+-		atomic_dec(&wpan_phy_counter);
++		atomic_dec_unchecked(&wpan_phy_counter);
+ 		kfree(rdev);
+ 		return NULL;
+ 	}
 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
 index 5c5db66..c10a4a2 100644
 --- a/net/ipv4/af_inet.c
@@ -157793,7 +158343,7 @@ index 45da11a..ef3e5dc 100644
  	table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 6b94f0b..bb0cc8b 100644
+index 6b94f0b..03e9b12 100644
 --- a/net/netfilter/nf_conntrack_core.c
 +++ b/net/netfilter/nf_conntrack_core.c
 @@ -1581,7 +1581,7 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls)
@@ -157805,6 +158355,15 @@ index 6b94f0b..bb0cc8b 100644
  {
  	int i, bucket, rc;
  	unsigned int hashsize, old_size;
+@@ -1780,7 +1780,7 @@ void nf_conntrack_init_end(void)
+ 
+ int nf_conntrack_init_net(struct net *net)
+ {
+-	static atomic64_t unique_id;
++	static atomic64_unchecked_t unique_id;
+ 	int ret = -ENOMEM;
+ 	int cpu;
+ 
 @@ -1804,7 +1804,7 @@ int nf_conntrack_init_net(struct net *net)
  		goto err_pcpu_lists;
  
@@ -161469,10 +162028,42 @@ index 805681a..17a7088 100644
  				.done = link->done,
  			};
 diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include
-index 1db6d73..0819042 100644
+index 1db6d73..6e020e4 100644
 --- a/scripts/Kbuild.include
 +++ b/scripts/Kbuild.include
-@@ -146,7 +146,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
+@@ -107,16 +107,20 @@ as-option = $(call try-run,\
+ as-instr = $(call try-run,\
+ 	printf "%b\n" "$(1)" | $(CC) $(KBUILD_AFLAGS) -c -x assembler -o "$$TMP" -,$(2),$(3))
+ 
++# Do not attempt to build with gcc plugins during cc-option tests.
++# (And this uses delayed resolution so the flags will be up to date.)
++CC_OPTION_CFLAGS = $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS))
++
+ # cc-option
+ # Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586)
+ 
+ cc-option = $(call try-run,\
+-	$(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
++	$(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2))
+ 
+ # cc-option-yn
+ # Usage: flag := $(call cc-option-yn,-march=winchip-c6)
+ cc-option-yn = $(call try-run,\
+-	$(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
++	$(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n)
+ 
+ # cc-option-align
+ # Prefix align with either -falign or -malign
+@@ -126,7 +130,7 @@ cc-option-align = $(subst -functions=0,,\
+ # cc-disable-warning
+ # Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable)
+ cc-disable-warning = $(call try-run,\
+-	$(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
++	$(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1)))
+ 
+ # cc-name
+ # Expands to either gcc or clang
+@@ -146,7 +150,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4))
  # cc-ldoption
  # Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both)
  cc-ldoption = $(call try-run,\
@@ -161482,17 +162073,15 @@ index 1db6d73..0819042 100644
  # ld-option
  # Usage: LDFLAGS += $(call ld-option, -X)
 diff --git a/scripts/Makefile b/scripts/Makefile
-index fd0d53d..1471190 100644
+index fd0d53d..9364092 100644
 --- a/scripts/Makefile
 +++ b/scripts/Makefile
-@@ -44,6 +44,7 @@ subdir-y                     += mod
- subdir-$(CONFIG_SECURITY_SELINUX) += selinux
- subdir-$(CONFIG_DTC)         += dtc
+@@ -46,4 +46,4 @@ subdir-$(CONFIG_DTC)         += dtc
  subdir-$(CONFIG_GDB_SCRIPTS) += gdb
-+subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins
  
  # Let clean descend into subdirs
- subdir-	+= basic kconfig package
+-subdir-	+= basic kconfig package
++subdir-	+= basic kconfig package gcc-plugins
 diff --git a/scripts/Makefile.build b/scripts/Makefile.build
 index 2c47f9c..9d46008 100644
 --- a/scripts/Makefile.build
@@ -161507,16 +162096,17 @@ index 2c47f9c..9d46008 100644
  endif
  
 diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean
-index 55c96cb..e4e88ab 100644
+index 55c96cb..50616ea 100644
 --- a/scripts/Makefile.clean
 +++ b/scripts/Makefile.clean
-@@ -38,7 +38,8 @@ subdir-ymn	:= $(addprefix $(obj)/,$(subdir-ymn))
+@@ -38,7 +38,9 @@ subdir-ymn	:= $(addprefix $(obj)/,$(subdir-ymn))
  __clean-files	:= $(extra-y) $(extra-m) $(extra-)       \
  		   $(always) $(targets) $(clean-files)   \
  		   $(host-progs)                         \
 -		   $(hostprogs-y) $(hostprogs-m) $(hostprogs-)
 +		   $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \
-+		   $(hostlibs-y) $(hostlibs-m) $(hostlibs-)
++		   $(hostlibs-y) $(hostlibs-m) $(hostlibs-) \
++		   $(hostcxxlibs-y) $(hostcxxlibs-m)
  
  __clean-files   := $(filter-out $(no-clean-files), $(__clean-files))
  
@@ -161537,10 +162127,10 @@ index 53449a6..c1fd180 100644
  warning-2 += -Wdisabled-optimization
 diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
 new file mode 100644
-index 0000000..08d4e22
+index 0000000..97e7a48
 --- /dev/null
 +++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,71 @@
+@@ -0,0 +1,96 @@
 +ifdef CONFIG_GCC_PLUGINS
 +  __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
 +  PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
@@ -161568,13 +162158,19 @@ index 0000000..08d4e22
 +
 +  gcc-plugin-y						+= colorize_plugin.so
 +
++  gcc-plugin-subdir-$(CONFIG_PAX_SIZE_OVERFLOW)		+= size_overflow_plugin
 +  gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW)		+= size_overflow_plugin/size_overflow_plugin.so
 +  gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW)		+= -DSIZE_OVERFLOW_PLUGIN
 +
++  gcc-plugin-$(CONFIG_GRKERNSEC_RANDSTRUCT)		+= randomize_layout_plugin.so
++  gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT)	+= -DRANDSTRUCT_PLUGIN
++  gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode
++
++
 +  gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY)		+= latent_entropy_plugin.so
 +  gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY)	+= -DLATENT_ENTROPY_PLUGIN
 +  ifdef CONFIG_PAX_LATENT_ENTROPY
-+    DISABLE_LATENT_ENTROPY_PLUGIN				+= -fplugin-arg-latent_entropy_plugin-disable
++    DISABLE_LATENT_ENTROPY_PLUGIN			+= -fplugin-arg-latent_entropy_plugin-disable
 +  endif
 +
 +  gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK)		+= structleak_plugin.so
@@ -161583,6 +162179,7 @@ index 0000000..08d4e22
 +  gcc-plugin-y						+= initify_plugin.so
 +  gcc-plugin-cflags-y					+= -DINITIFY_PLUGIN
 +
++  gcc-plugin-subdir-$(CONFIG_PAX_RAP)			+= rap_plugin
 +  gcc-plugin-$(CONFIG_PAX_RAP)				+= rap_plugin/rap_plugin.so
 +  gcc-plugin-cflags-$(CONFIG_PAX_RAP)			+= -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call
 +#  gcc-plugin-cflags-$(CONFIG_PAX_RAP)			+= -fplugin-arg-rap_plugin-report=func,fptr,abs
@@ -161595,25 +162192,43 @@ index 0000000..08d4e22
 +  GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y))
 +  GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y)
 +
++  export PLUGINCC GCC_PLUGIN GCC_PLUGIN_SUBDIR GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS
 +  export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS
 +
++  KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
++  KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++  GCC_PLUGIN := $(gcc-plugin-y)
++  GCC_PLUGIN_SUBDIR := $(gcc-plugin-subdir-y)
++endif
++
++# If plugins aren't supported, abort the build before hard-to-read compiler
++# errors start getting spewed by the main build.
++PHONY += gcc-plugins-check
++gcc-plugins-check: FORCE
++ifdef CONFIG_GCC_PLUGINS
 +  ifeq ($(PLUGINCC),)
 +    ifneq ($(GCC_PLUGINS_CFLAGS),)
 +      ifeq ($(call cc-ifversion, -ge, 0405, y), y)
-+        PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
-+        $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?)
++	$(Q)$(srctree)/scripts/gcc-plugin.sh --show-error "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" || true
++	@echo "Cannot use CONFIG_GCC_PLUGINS: your gcc installation does not support plugins, perhaps the necessary headers are missing?" >&2
 +      else
-+        $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least)
++	@echo "Cannot use CONFIG_GCC_PLUGINS: your gcc version does not support plugins, you should upgrade it to at least gcc 4.5" >&2
 +      endif
-+      $(warning PAX_MEMORY_STACKLEAK and other features will be less secure)
++	@echo "PAX_MEMORY_STACKLEAK and other features will be less secure" >&2 && exit 1
 +    endif
 +  endif
++endif
++	@:
 +
-+  KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS)
-+  KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS)
++# Actually do the build, if requested.
++PHONY += gcc-plugins
++gcc-plugins: scripts_basic gcc-plugins-check
++ifdef CONFIG_GCC_PLUGINS
++	$(Q)$(MAKE) $(build)=scripts/gcc-plugins
 +endif
++	@:
 diff --git a/scripts/Makefile.host b/scripts/Makefile.host
-index 133edfa..3439bd8 100644
+index 133edfa..ac03751 100644
 --- a/scripts/Makefile.host
 +++ b/scripts/Makefile.host
 @@ -20,7 +20,25 @@
@@ -161672,7 +162287,7 @@ index 133edfa..3439bd8 100644
  host-objdirs    := $(addprefix $(obj)/,$(host-objdirs))
  
  obj-dirs += $(host-objdirs)
-@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs	= HOSTCXX $@
+@@ -124,5 +158,42 @@ quiet_cmd_host-cxxobjs	= HOSTCXX $@
  $(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE
  	$(call if_changed_dep,host-cxxobjs)
  
@@ -161684,6 +162299,9 @@ index 133edfa..3439bd8 100644
 +	$(call if_changed_dep,host-cshobjs)
 +
 +# Compile .c file, create position independent .o file
++# Note that plugin capable gcc versions can be either C or C++ based
++# therefore plugin source files have to be compilable in both C and C++ mode.
++# This is why a C++ compiler is invoked on a .c file.
 +# host-cxxshobjs -> .o
 +quiet_cmd_host-cxxshobjs	= HOSTCXX -fPIC $@
 +      cmd_host-cxxshobjs	= $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $<
@@ -161698,7 +162316,7 @@ index 133edfa..3439bd8 100644
 +			  $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
 +$(host-cshlib): FORCE
 +	$(call if_changed,host-cshlib)
-+$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs)
++$(call multi_depend, $(host-cshlib), .so, -objs)
 +
 +# Link a shared library, based on position independent .o files
 +# *.o -> .so shared library (host-cxxshlib)
@@ -161708,7 +162326,7 @@ index 133edfa..3439bd8 100644
 +			  $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F))
 +$(host-cxxshlib): FORCE
 +	$(call if_changed,host-cxxshlib)
-+$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs)
++$(call multi_depend, $(host-cxxshlib), .so, -objs)
 +
  targets += $(host-csingle)  $(host-cmulti) $(host-cobjs)\
 -	   $(host-cxxmulti) $(host-cxxobjs)
@@ -161917,12 +162535,19 @@ index e229b84..7141e8e 100644
  	while (get_node_by_phandle(root, phandle))
 diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh
 new file mode 100644
-index 0000000..fb92075
+index 0000000..b65224b
 --- /dev/null
 +++ b/scripts/gcc-plugin.sh
-@@ -0,0 +1,51 @@
+@@ -0,0 +1,65 @@
 +#!/bin/sh
 +srctree=$(dirname "$0")
++
++SHOW_ERROR=
++if [ "$1" = "--show-error" ] ; then
++	SHOW_ERROR=1
++	shift || true
++fi
++
 +gccplugins_dir=$($3 -print-file-name=plugin)
 +plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF
 +#include "gcc-common.h"
@@ -161936,6 +162561,9 @@ index 0000000..fb92075
 +
 +if [ $? -ne 0 ]
 +then
++	if [ -n "$SHOW_ERROR" ] ; then
++		echo "${plugincc}" >&2
++	fi
 +	exit 1
 +fi
 +
@@ -161971,6 +162599,10 @@ index 0000000..fb92075
 +	echo "$2"
 +	exit 0
 +fi
++
++if [ -n "$SHOW_ERROR" ] ; then
++	echo "${plugincc}" >&2
++fi
 +exit 1
 diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore
 new file mode 100644
@@ -161981,67 +162613,45 @@ index 0000000..de92ed9
 +randomize_layout_seed.h
 diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile
 new file mode 100644
-index 0000000..ad7ca02
+index 0000000..ec5bc00
 --- /dev/null
 +++ b/scripts/gcc-plugins/Makefile
-@@ -0,0 +1,57 @@
-+#CC := gcc
-+#PLUGIN_SOURCE_FILES := pax_plugin.c
-+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES))
-+GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
-+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99
+@@ -0,0 +1,35 @@
++GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin)
 +
 +ifeq ($(PLUGINCC),$(HOSTCC))
-+HOSTLIBS := hostlibs
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
-+export HOST_EXTRACFLAGS
++  HOSTLIBS := hostlibs
++  HOST_EXTRACFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W
++  export HOST_EXTRACFLAGS
 +else
-+HOSTLIBS := hostcxxlibs
-+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -fno-exceptions -fasynchronous-unwind-tables -ggdb -Wall -W -Wno-unused-parameter -Wno-narrowing -Wno-unused-variable
-+export HOST_EXTRACXXFLAGS
++  HOSTLIBS := hostcxxlibs
++  HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti
++  HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb
++  HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable
++  HOST_EXTRACXXFLAGS += -Wall -W -Wno-unused-parameter
++  export HOST_EXTRACXXFLAGS
 +endif
 +
-+export GCCPLUGINS_DIR HOSTLIBS
-+
-+$(HOSTLIBS)-$(CONFIG_PAX_CONSTIFY_PLUGIN) := constify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so
-+$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so
-+$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so
-+$(HOSTLIBS)-y += colorize_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so
-+$(HOSTLIBS)-y += initify_plugin.so
-+$(HOSTLIBS)-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so
-+
-+subdir-$(CONFIG_PAX_SIZE_OVERFLOW) := size_overflow_plugin
-+subdir- += size_overflow_plugin
-+
-+subdir-$(CONFIG_PAX_RAP) += rap_plugin
-+subdir- += rap_plugin
++export HOSTLIBS
 +
++$(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p)))
 +always := $($(HOSTLIBS)-y)
-+
-+constify_plugin-objs := constify_plugin.o
-+stackleak_plugin-objs := stackleak_plugin.o
-+kallocstat_plugin-objs := kallocstat_plugin.o
-+kernexec_plugin-objs := kernexec_plugin.o
-+checker_plugin-objs := checker_plugin.o
-+colorize_plugin-objs := colorize_plugin.o
-+latent_entropy_plugin-objs := latent_entropy_plugin.o
-+structleak_plugin-objs := structleak_plugin.o
-+initify_plugin-objs := initify_plugin.o
-+randomize_layout_plugin-objs := randomize_layout_plugin.o
++$(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o))
 +
 +$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h
 +
 +quiet_cmd_create_randomize_layout_seed = GENSEED  $@
-+      cmd_create_randomize_layout_seed = \
++	cmd_create_randomize_layout_seed = \
 +	$(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h
 +$(objtree)/$(obj)/randomize_layout_seed.h: FORCE
 +	$(call if_changed,create_randomize_layout_seed)
-+
++ 
 +targets += randomize_layout_seed.h randomize_layout_hash.h
++
++subdir-y := $(GCC_PLUGIN_SUBDIR)
++subdir-  += $(GCC_PLUGIN_SUBDIR)
++
++clean-files += *.so
 diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c
 new file mode 100644
 index 0000000..efaf576
@@ -167639,14 +168249,16 @@ index 0000000..a716d7a
 +}
 diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile
 new file mode 100644
-index 0000000..8171be8
+index 0000000..f2a0a03
 --- /dev/null
 +++ b/scripts/gcc-plugins/rap_plugin/Makefile
-@@ -0,0 +1,4 @@
+@@ -0,0 +1,6 @@
 +$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so
 +always := $($(HOSTLIBS)-y)
 +
 +rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c))
++
++clean-files += *.so
 diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h
 new file mode 100644
 index 0000000..f6a284d
@@ -168933,10 +169545,10 @@ index 0000000..c4b24b9
 +size_overflow_hash_aux.h
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile
 new file mode 100644
-index 0000000..f74d85a
+index 0000000..a6418b4
 --- /dev/null
 +++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,30 @@
 +HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf)
 +
 +$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so
@@ -168965,6 +169577,8 @@ index 0000000..f74d85a
 +	$(call if_changed,build_disable_size_overflow_hash)
 +
 +targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h
++
++clean-files += *.so
 diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data
 new file mode 100644
 index 0000000..e0a04a1
@@ -210718,10 +211332,10 @@ index 23ba1c6..cad2484 100755
  # Find all available archs
  find_all_archs()
 diff --git a/security/Kconfig b/security/Kconfig
-index e452378..8059bd2 100644
+index e452378..e634654 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -4,6 +4,993 @@
+@@ -4,6 +4,994 @@
  
  menu "Security options"
  
@@ -211673,7 +212287,8 @@ index e452378..8059bd2 100644
 +	  extract some entropy from both original and artificially created
 +	  program state.  This will help especially embedded systems where
 +	  there is little 'natural' source of entropy normally.  The cost
-+	  is some slowdown of the boot process and fork and irq processing.
++	  is some slowdown of the boot process (about 0.5%) and fork and
++	  irq processing.
 +
 +	  When pax_extra_latent_entropy is passed on the kernel command line,
 +	  entropy will be extracted from up to the first 4GB of RAM while the
@@ -211715,7 +212330,7 @@ index e452378..8059bd2 100644
  source security/keys/Kconfig
  
  config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1091,7 @@ config INTEL_TXT
+@@ -104,7 +1092,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-28 11:22 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-28 11:22 UTC (permalink / raw
  To: gentoo-commits

commit:     fe9cd0792773d512df74e504d2ef92946d02f6da
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Jun 28 11:24:47 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Jun 28 11:24:47 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=fe9cd079

grsecurity-3.1-4.5.7-201606280009

 4.5.7/0000_README                                  |  2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606280009.patch} | 32 ++++++++++++----------
 2 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index b74a9dd..bdf9f5e 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606262019.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606280009.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
index 3d3b9d3..f3179f6 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
@@ -98058,7 +98058,7 @@ index e4141f2..d8263e8 100644
  		i += packet_length_size;
  		if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
 diff --git a/fs/exec.c b/fs/exec.c
-index dcd4ac7..f651515 100644
+index dcd4ac7..7a1a7dc 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -56,8 +56,20 @@
@@ -98572,7 +98572,7 @@ index dcd4ac7..f651515 100644
  out:
  	if (bprm->mm) {
  		acct_arg_size(bprm, 0);
-@@ -1749,3 +1930,319 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
+@@ -1749,3 +1930,316 @@ COMPAT_SYSCALL_DEFINE5(execveat, int, fd,
  				  argv, envp, flags);
  }
  #endif
@@ -98719,10 +98719,7 @@ index dcd4ac7..f651515 100644
 +		printk(KERN_EMERG "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
 +				from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
 +	print_symbol(KERN_EMERG "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
-+	preempt_disable();
-+	show_regs(regs);
-+	preempt_enable();
-+	force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
++	BUG();
 +}
 +#endif
 +
@@ -139266,7 +139263,7 @@ index c112abb..49d919f 100644
  		if (wo->wo_flags & __WNOTHREAD)
  			break;
 diff --git a/kernel/fork.c b/kernel/fork.c
-index 2e391c7..4af22a9 100644
+index 2e391c7..87a5bfe 100644
 --- a/kernel/fork.c
 +++ b/kernel/fork.c
 @@ -188,12 +188,55 @@ static void free_thread_info(struct thread_info *ti)
@@ -139655,7 +139652,7 @@ index 2e391c7..4af22a9 100644
  	if (atomic_read(&p->real_cred->user->processes) >=
  			task_rlimit(p, RLIMIT_NPROC)) {
  		if (p->real_cred->user != INIT_USER &&
-@@ -1568,6 +1681,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1568,6 +1681,16 @@ static struct task_struct *copy_process(unsigned long clone_flags,
  		goto bad_fork_cancel_cgroup;
  	}
  
@@ -139664,10 +139661,15 @@ index 2e391c7..4af22a9 100644
 +	*/
 +	gr_copy_label(p);
 +
++#ifdef CONFIG_GRKERNSEC_SETXID
++	if (p->delayed_cred)
++		get_cred(p->delayed_cred);
++#endif
++
  	if (likely(p->pid)) {
  		ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace);
  
-@@ -1657,6 +1775,8 @@ bad_fork_cleanup_count:
+@@ -1657,6 +1780,8 @@ bad_fork_cleanup_count:
  bad_fork_free:
  	free_task(p);
  fork_out:
@@ -139676,7 +139678,7 @@ index 2e391c7..4af22a9 100644
  	return ERR_PTR(retval);
  }
  
-@@ -1719,6 +1839,7 @@ long _do_fork(unsigned long clone_flags,
+@@ -1719,6 +1844,7 @@ long _do_fork(unsigned long clone_flags,
  
  	p = copy_process(clone_flags, stack_start, stack_size,
  			 child_tidptr, NULL, trace, tls);
@@ -139684,7 +139686,7 @@ index 2e391c7..4af22a9 100644
  	/*
  	 * Do this prior waking up the new thread - the thread pointer
  	 * might get invalid after that point, if the thread exits quickly.
-@@ -1735,6 +1856,8 @@ long _do_fork(unsigned long clone_flags,
+@@ -1735,6 +1861,8 @@ long _do_fork(unsigned long clone_flags,
  		if (clone_flags & CLONE_PARENT_SETTID)
  			put_user(nr, parent_tidptr);
  
@@ -139693,7 +139695,7 @@ index 2e391c7..4af22a9 100644
  		if (clone_flags & CLONE_VFORK) {
  			p->vfork_done = &vfork;
  			init_completion(&vfork);
-@@ -1871,7 +1994,7 @@ void __init proc_caches_init(void)
+@@ -1871,7 +1999,7 @@ void __init proc_caches_init(void)
  			sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
  			SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK|SLAB_ACCOUNT,
  			NULL);
@@ -139702,7 +139704,7 @@ index 2e391c7..4af22a9 100644
  	mmap_init();
  	nsproxy_cache_init();
  }
-@@ -1919,7 +2042,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1919,7 +2047,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
  		return 0;
  
  	/* don't need lock here; in the worst case we'll do useless copy */
@@ -139711,7 +139713,7 @@ index 2e391c7..4af22a9 100644
  		return 0;
  
  	*new_fsp = copy_fs_struct(fs);
-@@ -2032,7 +2155,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -2032,7 +2160,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
  			fs = current->fs;
  			spin_lock(&fs->lock);
  			current->fs = new_fs;
@@ -139721,7 +139723,7 @@ index 2e391c7..4af22a9 100644
  				new_fs = NULL;
  			else
  				new_fs = fs;
-@@ -2096,7 +2220,7 @@ int unshare_files(struct files_struct **displaced)
+@@ -2096,7 +2225,7 @@ int unshare_files(struct files_struct **displaced)
  int sysctl_max_threads(struct ctl_table *table, int write,
  		       void __user *buffer, size_t *lenp, loff_t *ppos)
  {


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-30 13:09 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-30 13:09 UTC (permalink / raw
  To: gentoo-commits

commit:     9efc134b4d978753db4dd108ac3fb9e5b8f0a52b
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 13:12:16 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 13:12:16 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=9efc134b

grsecurity-3.1-4.5.7-201606282216

 4.5.7/0000_README                                  |   2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606282216.patch} | 680 ++++++++++++++++-----
 2 files changed, 524 insertions(+), 158 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index bdf9f5e..b74e534 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606280009.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606282216.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
index f3179f6..01f7898 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606280009.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
@@ -8554,6 +8554,37 @@ index 523673d..4aeef3b 100644
  	: "=&r"(tmp)
  	: "r"(&rw->lock)
  	: "cr0", "xer", "memory");
+diff --git a/arch/powerpc/include/asm/string.h b/arch/powerpc/include/asm/string.h
+index e40010a..d3c3d6b 100644
+--- a/arch/powerpc/include/asm/string.h
++++ b/arch/powerpc/include/asm/string.h
+@@ -15,17 +15,17 @@
+ #define __HAVE_ARCH_MEMCMP
+ #define __HAVE_ARCH_MEMCHR
+ 
+-extern char * strcpy(char *,const char *);
+-extern char * strncpy(char *,const char *, __kernel_size_t);
++extern char * strcpy(char *,const char *) __nocapture(2);
++extern char * strncpy(char *,const char *, __kernel_size_t) __nocapture(2);
+ extern __kernel_size_t strlen(const char *);
+-extern int strcmp(const char *,const char *);
+-extern int strncmp(const char *, const char *, __kernel_size_t);
+-extern char * strcat(char *, const char *);
++extern int strcmp(const char *,const char *) __nocapture(1, 2);
++extern int strncmp(const char *, const char *, __kernel_size_t) __nocapture(1, 2);
++extern char * strcat(char *, const char *) __nocapture(2);
+ extern void * memset(void *,int,__kernel_size_t);
+-extern void * memcpy(void *,const void *,__kernel_size_t);
+-extern void * memmove(void *,const void *,__kernel_size_t);
+-extern int memcmp(const void *,const void *,__kernel_size_t);
+-extern void * memchr(const void *,int,__kernel_size_t);
++extern void * memcpy(void *,const void *,__kernel_size_t) __nocapture(2);
++extern void * memmove(void *,const void *,__kernel_size_t) __nocapture(2);
++extern int memcmp(const void *,const void *,__kernel_size_t) __nocapture(1, 2);
++extern void * memchr(const void *,int,__kernel_size_t) __nocapture(1);
+ 
+ #endif /* __KERNEL__ */
+ 
 diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
 index 7efee4a..48d47cc 100644
 --- a/arch/powerpc/include/asm/thread_info.h
@@ -12410,7 +12441,7 @@ index ad8f795..2c7eec6 100644
  /*
   * Memory returned by kmalloc() may be used for DMA, so we must make
 diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index 3bf45a0..25ca7da 100644
+index 3bf45a0..b08241b 100644
 --- a/arch/x86/Kconfig
 +++ b/arch/x86/Kconfig
 @@ -38,14 +38,13 @@ config X86
@@ -12446,7 +12477,23 @@ index 3bf45a0..25ca7da 100644
  	select HAVE_GENERIC_DMA_COHERENT	if X86_32
  	select HAVE_HW_BREAKPOINT
  	select HAVE_IDE
-@@ -290,7 +290,7 @@ config X86_64_SMP
+@@ -184,11 +184,13 @@ config MMU
+ 	def_bool y
+ 
+ config ARCH_MMAP_RND_BITS_MIN
+-	default 28 if 64BIT
++	default 28 if 64BIT && !PAX_PER_CPU_PGD
++	default 27 if 64BIT && PAX_PER_CPU_PGD
+ 	default 8
+ 
+ config ARCH_MMAP_RND_BITS_MAX
+-	default 32 if 64BIT
++	default 32 if 64BIT && !PAX_PER_CPU_PGD
++	default 27 if 64BIT && PAX_PER_CPU_PGD
+ 	default 16
+ 
+ config ARCH_MMAP_RND_COMPAT_BITS_MIN
+@@ -290,7 +292,7 @@ config X86_64_SMP
  
  config X86_32_LAZY_GS
  	def_bool y
@@ -12455,7 +12502,7 @@ index 3bf45a0..25ca7da 100644
  
  config ARCH_HWEIGHT_CFLAGS
  	string
-@@ -674,6 +674,7 @@ config SCHED_OMIT_FRAME_POINTER
+@@ -674,6 +676,7 @@ config SCHED_OMIT_FRAME_POINTER
  
  menuconfig HYPERVISOR_GUEST
  	bool "Linux guest support"
@@ -12463,7 +12510,7 @@ index 3bf45a0..25ca7da 100644
  	---help---
  	  Say Y here to enable options for running Linux under various hyper-
  	  visors. This option enables basic hypervisor detection and platform
-@@ -1073,6 +1074,7 @@ config VM86
+@@ -1073,6 +1076,7 @@ config VM86
  
  config X86_16BIT
  	bool "Enable support for 16-bit segments" if EXPERT
@@ -12471,7 +12518,7 @@ index 3bf45a0..25ca7da 100644
  	default y
  	depends on MODIFY_LDT_SYSCALL
  	---help---
-@@ -1227,6 +1229,7 @@ choice
+@@ -1227,6 +1231,7 @@ choice
  
  config NOHIGHMEM
  	bool "off"
@@ -12479,7 +12526,7 @@ index 3bf45a0..25ca7da 100644
  	---help---
  	  Linux can use up to 64 Gigabytes of physical memory on x86 systems.
  	  However, the address space of 32-bit x86 processors is only 4
-@@ -1263,6 +1266,7 @@ config NOHIGHMEM
+@@ -1263,6 +1268,7 @@ config NOHIGHMEM
  
  config HIGHMEM4G
  	bool "4GB"
@@ -12487,7 +12534,7 @@ index 3bf45a0..25ca7da 100644
  	---help---
  	  Select this if you have a 32-bit processor and between 1 and 4
  	  gigabytes of physical RAM.
-@@ -1315,7 +1319,7 @@ config PAGE_OFFSET
+@@ -1315,7 +1321,7 @@ config PAGE_OFFSET
  	hex
  	default 0xB0000000 if VMSPLIT_3G_OPT
  	default 0x80000000 if VMSPLIT_2G
@@ -12496,7 +12543,7 @@ index 3bf45a0..25ca7da 100644
  	default 0x40000000 if VMSPLIT_1G
  	default 0xC0000000
  	depends on X86_32
-@@ -1336,7 +1340,6 @@ config X86_PAE
+@@ -1336,7 +1342,6 @@ config X86_PAE
  
  config ARCH_PHYS_ADDR_T_64BIT
  	def_bool y
@@ -12504,7 +12551,7 @@ index 3bf45a0..25ca7da 100644
  
  config ARCH_DMA_ADDR_T_64BIT
  	def_bool y
-@@ -1467,7 +1470,7 @@ config ARCH_PROC_KCORE_TEXT
+@@ -1467,7 +1472,7 @@ config ARCH_PROC_KCORE_TEXT
  
  config ILLEGAL_POINTER_VALUE
         hex
@@ -12513,7 +12560,7 @@ index 3bf45a0..25ca7da 100644
         default 0xdead000000000000 if X86_64
  
  source "mm/Kconfig"
-@@ -1776,6 +1779,7 @@ source kernel/Kconfig.hz
+@@ -1776,6 +1781,7 @@ source kernel/Kconfig.hz
  config KEXEC
  	bool "kexec system call"
  	select KEXEC_CORE
@@ -12521,7 +12568,7 @@ index 3bf45a0..25ca7da 100644
  	---help---
  	  kexec is a system call that implements the ability to shutdown your
  	  current kernel, and to start another kernel.  It is like a reboot
-@@ -1958,7 +1962,9 @@ config X86_NEED_RELOCS
+@@ -1958,7 +1964,9 @@ config X86_NEED_RELOCS
  
  config PHYSICAL_ALIGN
  	hex "Alignment value to which kernel should be aligned"
@@ -12532,7 +12579,7 @@ index 3bf45a0..25ca7da 100644
  	range 0x2000 0x1000000 if X86_32
  	range 0x200000 0x1000000 if X86_64
  	---help---
-@@ -2041,6 +2047,7 @@ config COMPAT_VDSO
+@@ -2041,6 +2049,7 @@ config COMPAT_VDSO
  	def_bool n
  	prompt "Disable the 32-bit vDSO (needed for glibc 2.3.3)"
  	depends on X86_32 || IA32_EMULATION
@@ -12540,7 +12587,7 @@ index 3bf45a0..25ca7da 100644
  	---help---
  	  Certain buggy versions of glibc will crash if they are
  	  presented with a 32-bit vDSO that is not mapped at the address
-@@ -2081,15 +2088,6 @@ choice
+@@ -2081,15 +2090,6 @@ choice
  
  	  If unsure, select "Emulate".
  
@@ -12556,7 +12603,7 @@ index 3bf45a0..25ca7da 100644
  	config LEGACY_VSYSCALL_EMULATE
  		bool "Emulate"
  		help
-@@ -2170,6 +2168,22 @@ config MODIFY_LDT_SYSCALL
+@@ -2170,6 +2170,22 @@ config MODIFY_LDT_SYSCALL
  
  	  Saying 'N' here may make sense for embedded or server kernels.
  
@@ -12995,22 +13042,6 @@ index db75d07..8e6d0af 100644
  	struct biosregs ireg, oreg;
  	struct e820entry *desc = boot_params.e820_map;
  	static struct e820entry buf; /* static so it is zeroed */
-diff --git a/arch/x86/boot/string.h b/arch/x86/boot/string.h
-index 725e820..d7ea2759 100644
---- a/arch/x86/boot/string.h
-+++ b/arch/x86/boot/string.h
-@@ -6,9 +6,9 @@
- #undef memset
- #undef memcmp
- 
--void *memcpy(void *dst, const void *src, size_t len);
-+void *memcpy(void *dst, const void *src, size_t len) __nocapture(2);
- void *memset(void *dst, int c, size_t len);
--int memcmp(const void *s1, const void *s2, size_t len);
-+int memcmp(const void *s1, const void *s2, size_t len) __nocapture(1, 2);
- 
- /*
-  * Access builtin version by default. If one needs to use optimized version,
 diff --git a/arch/x86/boot/video-vesa.c b/arch/x86/boot/video-vesa.c
 index ba3e100..6501b8f 100644
 --- a/arch/x86/boot/video-vesa.c
@@ -43254,6 +43285,40 @@ index aa872d2..afeae37 100644
  
  /**
   * struct samsung_clk_reg_dump: register dump of clock controller registers.
+diff --git a/drivers/clk/socfpga/clk-gate-a10.c b/drivers/clk/socfpga/clk-gate-a10.c
+index 1cebf25..ff2186f 100644
+--- a/drivers/clk/socfpga/clk-gate-a10.c
++++ b/drivers/clk/socfpga/clk-gate-a10.c
+@@ -19,6 +19,7 @@
+ #include <linux/mfd/syscon.h>
+ #include <linux/of.h>
+ #include <linux/regmap.h>
++#include <asm/pgtable.h>
+ 
+ #include "clk.h"
+ 
+@@ -97,7 +98,7 @@ static int socfpga_clk_prepare(struct clk_hw *hwclk)
+ 	return 0;
+ }
+ 
+-static struct clk_ops gateclk_ops = {
++static clk_ops_no_const gateclk_ops __read_only = {
+ 	.prepare = socfpga_clk_prepare,
+ 	.recalc_rate = socfpga_gate_clk_recalc_rate,
+ };
+@@ -129,8 +130,10 @@ static void __init __socfpga_gate_init(struct device_node *node,
+ 		socfpga_clk->hw.reg = clk_mgr_a10_base_addr + clk_gate[0];
+ 		socfpga_clk->hw.bit_idx = clk_gate[1];
+ 
+-		gateclk_ops.enable = clk_gate_ops.enable;
+-		gateclk_ops.disable = clk_gate_ops.disable;
++		pax_open_kernel();
++		const_cast(gateclk_ops.enable) = clk_gate_ops.enable;
++		const_cast(gateclk_ops.disable) = clk_gate_ops.disable;
++		pax_close_kernel();
+ 	}
+ 
+ 	rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
 diff --git a/drivers/clk/socfpga/clk-gate.c b/drivers/clk/socfpga/clk-gate.c
 index aa7a6e6..1e9b426 100644
 --- a/drivers/clk/socfpga/clk-gate.c
@@ -43288,6 +43353,40 @@ index aa7a6e6..1e9b426 100644
  	}
  
  	rc = of_property_read_u32(node, "fixed-divider", &fixed_div);
+diff --git a/drivers/clk/socfpga/clk-pll-a10.c b/drivers/clk/socfpga/clk-pll-a10.c
+index 402d630..d8590c8 100644
+--- a/drivers/clk/socfpga/clk-pll-a10.c
++++ b/drivers/clk/socfpga/clk-pll-a10.c
+@@ -18,6 +18,7 @@
+ #include <linux/io.h>
+ #include <linux/of.h>
+ #include <linux/of_address.h>
++#include <asm/pgtable.h>
+ 
+ #include "clk.h"
+ 
+@@ -69,7 +70,7 @@ static u8 clk_pll_get_parent(struct clk_hw *hwclk)
+ 		CLK_MGR_PLL_CLK_SRC_MASK;
+ }
+ 
+-static struct clk_ops clk_pll_ops = {
++static clk_ops_no_const clk_pll_ops __read_only = {
+ 	.recalc_rate = clk_pll_recalc_rate,
+ 	.get_parent = clk_pll_get_parent,
+ };
+@@ -112,8 +113,10 @@ static struct __init clk * __socfpga_pll_init(struct device_node *node,
+ 	pll_clk->hw.hw.init = &init;
+ 
+ 	pll_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
+-	clk_pll_ops.enable = clk_gate_ops.enable;
+-	clk_pll_ops.disable = clk_gate_ops.disable;
++	pax_open_kernel();
++	const_cast(clk_pll_ops.enable) = clk_gate_ops.enable;
++	const_cast(clk_pll_ops.disable) = clk_gate_ops.disable;
++	pax_close_kernel();
+ 
+ 	clk = clk_register(NULL, &pll_clk->hw.hw);
+ 	if (WARN_ON(IS_ERR(clk))) {
 diff --git a/drivers/clk/socfpga/clk-pll.c b/drivers/clk/socfpga/clk-pll.c
 index c7f4631..8d1b7d0 100644
 --- a/drivers/clk/socfpga/clk-pll.c
@@ -48960,19 +49059,18 @@ index 1161d68..7a42e2c 100644
  	packetlen_aligned = ALIGN(packetlen, sizeof(u64));
  
 diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 11bca51..360c83e 100644
+index 11bca51..cc7da6f 100644
 --- a/drivers/hv/hv.c
 +++ b/drivers/hv/hv.c
-@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = {
+@@ -183,6 +183,7 @@ static struct clocksource hyperv_cs_tsc = {
  };
  #endif
  
-+extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE);
-+asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;");
++static char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE) __used __section(".text");
  
  /*
   * hv_init - Main initialization routine.
-@@ -193,7 +195,6 @@ int hv_init(void)
+@@ -193,7 +194,6 @@ int hv_init(void)
  {
  	int max_leaf;
  	union hv_x64_msr_hypercall_contents hypercall_msr;
@@ -48980,7 +49078,7 @@ index 11bca51..360c83e 100644
  
  	memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS);
  	memset(hv_context.synic_message_page, 0,
-@@ -218,14 +219,9 @@ int hv_init(void)
+@@ -218,14 +218,9 @@ int hv_init(void)
  	/* See if the hypercall page is already set */
  	rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
  
@@ -48996,7 +49094,7 @@ index 11bca51..360c83e 100644
  	wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
  
  	/* Confirm that hypercall page did get setup. */
-@@ -235,7 +231,7 @@ int hv_init(void)
+@@ -235,7 +230,7 @@ int hv_init(void)
  	if (!hypercall_msr.enable)
  		goto cleanup;
  
@@ -49005,7 +49103,7 @@ index 11bca51..360c83e 100644
  
  #ifdef CONFIG_X86_64
  	if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) {
-@@ -259,13 +255,9 @@ int hv_init(void)
+@@ -259,13 +254,9 @@ int hv_init(void)
  	return 0;
  
  cleanup:
@@ -49022,7 +49120,7 @@ index 11bca51..360c83e 100644
  	}
  
  	return -ENOTSUPP;
-@@ -286,7 +278,6 @@ void hv_cleanup(void)
+@@ -286,7 +277,6 @@ void hv_cleanup(void)
  	if (hv_context.hypercall_page) {
  		hypercall_msr.as_uint64 = 0;
  		wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64);
@@ -49160,7 +49258,7 @@ index 579bdf9..0dac21d5 100644
  		enable_cap_knobs, "IBM Active Energy Manager",
  		{
 diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
-index 0af7fd3..2701c0a 100644
+index 0af7fd3..9aade6a 100644
 --- a/drivers/hwmon/applesmc.c
 +++ b/drivers/hwmon/applesmc.c
 @@ -1105,7 +1105,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
@@ -49172,6 +49270,15 @@ index 0af7fd3..2701c0a 100644
  	int ret, i;
  
  	for (grp = groups; grp->format; grp++) {
+@@ -1242,7 +1242,7 @@ static int applesmc_dmi_match(const struct dmi_system_id *id)
+  * Note that DMI_MATCH(...,"MacBook") will match "MacBookPro1,1".
+  * So we need to put "Apple MacBook Pro" before "Apple MacBook".
+  */
+-static __initdata struct dmi_system_id applesmc_whitelist[] = {
++static __initconst struct dmi_system_id applesmc_whitelist[] = {
+ 	{ applesmc_dmi_match, "Apple MacBook Air", {
+ 	  DMI_MATCH(DMI_BOARD_VENDOR, "Apple"),
+ 	  DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir") },
 diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c
 index cccef87..06ce8ec 100644
 --- a/drivers/hwmon/asus_atk0110.c
@@ -49214,7 +49321,7 @@ index 6a27eb2..349ed23 100644
  };
  
 diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
-index c43318d..72f7656 100644
+index c43318d..2574fc5 100644
 --- a/drivers/hwmon/dell-smm-hwmon.c
 +++ b/drivers/hwmon/dell-smm-hwmon.c
 @@ -819,7 +819,7 @@ static const struct i8k_config_data i8k_config_data[] = {
@@ -49222,10 +49329,19 @@ index c43318d..72f7656 100644
  };
  
 -static struct dmi_system_id i8k_dmi_table[] __initdata = {
-+static const struct dmi_system_id i8k_dmi_table[] __initconst = {
++static struct dmi_system_id i8k_dmi_table[] __initconst = {
  	{
  		.ident = "Dell Inspiron",
  		.matches = {
+@@ -929,7 +929,7 @@ static struct dmi_system_id i8k_dmi_table[] __initdata = {
+ 
+ MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
+ 
+-static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
++static struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
+ 	{
+ 		/*
+ 		 * CPU fan speed going up and down on Dell Studio XPS 8000
 diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c
 index 1f64378..2b6e615 100644
 --- a/drivers/hwmon/ibmaem.c
@@ -51034,7 +51150,7 @@ index 59ee4b8..e4b6234 100644
  
  	if (smmu->features & ARM_SMMU_FEAT_TRANS_S1)
 diff --git a/drivers/iommu/io-pgtable-arm.c b/drivers/iommu/io-pgtable-arm.c
-index 381ca5a..f383021 100644
+index 381ca5a..6443bb0 100644
 --- a/drivers/iommu/io-pgtable-arm.c
 +++ b/drivers/iommu/io-pgtable-arm.c
 @@ -39,9 +39,6 @@
@@ -51114,7 +51230,14 @@ index 381ca5a..f383021 100644
  
  	return data;
  }
-@@ -911,9 +909,9 @@ static struct iommu_gather_ops dummy_tlb_ops __initdata = {
+@@ -905,15 +903,15 @@ static void dummy_tlb_sync(void *cookie)
+ 	WARN_ON(cookie != cfg_cookie);
+ }
+ 
+-static struct iommu_gather_ops dummy_tlb_ops __initdata = {
++static struct iommu_gather_ops dummy_tlb_ops __initconst = {
+ 	.tlb_flush_all	= dummy_tlb_flush_all,
+ 	.tlb_add_flush	= dummy_tlb_add_flush,
  	.tlb_sync	= dummy_tlb_sync,
  };
  
@@ -53132,6 +53255,32 @@ index 67c2187..fc71e33 100644
  	hc->timeout_tl.data = (ulong)hc;
  	init_timer(&hc->timeout_tl);
  	hc->timeout_on = 0; /* state that we have timer off */
+diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c
+index 0f9ed1e..2715d6f 100644
+--- a/drivers/leds/leds-clevo-mail.c
++++ b/drivers/leds/leds-clevo-mail.c
+@@ -40,7 +40,7 @@ static int __init clevo_mail_led_dmi_callback(const struct dmi_system_id *id)
+  * detected as working, but in reality it is not) as low as
+  * possible.
+  */
+-static struct dmi_system_id clevo_mail_led_dmi_table[] __initdata = {
++static struct dmi_system_id clevo_mail_led_dmi_table[] __initconst = {
+ 	{
+ 		.callback = clevo_mail_led_dmi_callback,
+ 		.ident = "Clevo D410J",
+diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c
+index 046cb70..6b20d39 100644
+--- a/drivers/leds/leds-ss4200.c
++++ b/drivers/leds/leds-ss4200.c
+@@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection");
+  * detected as working, but in reality it is not) as low as
+  * possible.
+  */
+-static struct dmi_system_id nas_led_whitelist[] __initdata = {
++static struct dmi_system_id nas_led_whitelist[] __initconst = {
+ 	{
+ 		.callback = ss4200_led_dmi_callback,
+ 		.ident = "Intel SS4200-E",
 diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
 index 9e385b3..7077882 100644
 --- a/drivers/lguest/core.c
@@ -68239,6 +68388,19 @@ index 523b6b7..eb4c74d 100644
  
  	/* Disable irqs of this PIO controller */
  	writel_relaxed(~0, at91_gpio->regbase + PIO_IDR);
+diff --git a/drivers/platform/chrome/chromeos_laptop.c b/drivers/platform/chrome/chromeos_laptop.c
+index 2b441e9..855d867 100644
+--- a/drivers/platform/chrome/chromeos_laptop.c
++++ b/drivers/platform/chrome/chromeos_laptop.c
+@@ -498,7 +498,7 @@ static struct chromeos_laptop cr48 = {
+ 	.callback = chromeos_laptop_dmi_matched, \
+ 	.driver_data = (void *)&board_
+ 
+-static struct dmi_system_id chromeos_laptop_dmi_table[] __initdata = {
++static struct dmi_system_id chromeos_laptop_dmi_table[] __initconst = {
+ 	{
+ 		.ident = "Samsung Series 5 550",
+ 		.matches = {
 diff --git a/drivers/platform/chrome/chromeos_pstore.c b/drivers/platform/chrome/chromeos_pstore.c
 index 3474920..acc9581 100644
 --- a/drivers/platform/chrome/chromeos_pstore.c
@@ -68252,6 +68414,19 @@ index 3474920..acc9581 100644
  	{
  		/*
  		 * Today all Chromebooks/boxes ship with Google_* as version and
+diff --git a/drivers/platform/chrome/cros_ec_lpc.c b/drivers/platform/chrome/cros_ec_lpc.c
+index f9a2454..03f513c 100644
+--- a/drivers/platform/chrome/cros_ec_lpc.c
++++ b/drivers/platform/chrome/cros_ec_lpc.c
+@@ -300,7 +300,7 @@ static int cros_ec_lpc_remove(struct platform_device *pdev)
+ 	return 0;
+ }
+ 
+-static struct dmi_system_id cros_ec_lpc_dmi_table[] __initdata = {
++static struct dmi_system_id cros_ec_lpc_dmi_table[] __initconst = {
+ 	{
+ 		/*
+ 		 * Today all Chromebooks/boxes ship with Google_* as version and
 diff --git a/drivers/platform/x86/alienware-wmi.c b/drivers/platform/x86/alienware-wmi.c
 index 1e1e594..8fe59c5 100644
 --- a/drivers/platform/x86/alienware-wmi.c
@@ -112988,7 +113163,7 @@ index b6c00ce..ab37ad1 100644
  static struct pid *
  get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
 diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 45f2162..6484c0f 100644
+index 45f2162..284806a 100644
 --- a/fs/proc/base.c
 +++ b/fs/proc/base.c
 @@ -113,6 +113,14 @@ struct pid_entry {
@@ -113149,18 +113324,40 @@ index 45f2162..6484c0f 100644
  			/*
  			 * Let's make getdents(), stat(), and open()
  			 * consistent with each other.  If a process
-@@ -811,6 +871,10 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
+@@ -804,13 +864,24 @@ static const struct file_operations proc_single_file_operations = {
+ };
  
+ 
+-struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
++struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id)
+ {
+ 	struct task_struct *task = get_proc_task(inode);
+ 	struct mm_struct *mm = ERR_PTR(-ESRCH);
+ 
++	if (ptracer_exec_id)
++		*ptracer_exec_id = 0;
++
  	if (task) {
  		mm = mm_access(task, mode | PTRACE_MODE_FSCREDS);
 +		if (!IS_ERR_OR_NULL(mm) && gr_acl_handle_procpidmem(task)) {
 +			mmput(mm);
 +			mm = ERR_PTR(-EPERM);
 +		}
++#ifdef CONFIG_GRKERNSEC
++		if (ptracer_exec_id)
++			current_is_ptracer(task, ptracer_exec_id);
++#endif
  		put_task_struct(task);
  
  		if (!IS_ERR_OR_NULL(mm)) {
-@@ -832,6 +896,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -826,12 +897,17 @@ struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode)
+ 
+ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+ {
+-	struct mm_struct *mm = proc_mem_open(inode, mode);
++	struct mm_struct *mm = proc_mem_open(inode, mode, NULL);
+ 
+ 	if (IS_ERR(mm))
  		return PTR_ERR(mm);
  
  	file->private_data = mm;
@@ -113172,25 +113369,34 @@ index 45f2162..6484c0f 100644
  	return 0;
  }
  
-@@ -853,6 +922,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -853,6 +929,26 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
  	ssize_t copied;
  	char *page;
  
 +#ifdef CONFIG_GRKERNSEC
-+	if (write)
++	struct task_struct *task = get_proc_task(file_inode(file));
++	bool is_by_ptracer = false;
++
++	if (task) {
++		is_by_ptracer = current_is_ptracer(task, NULL);
++		put_task_struct(task);
++	}
++
++	if (write && !is_by_ptracer)
 +		return -EPERM;
-+#endif
++
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+	if (file->f_version != current->exec_id) {
++	if (file->f_version != current->exec_id && !is_by_ptracer) {
 +		gr_log_badprocpid("mem");
 +		return 0;
 +	}
 +#endif
++#endif
 +
  	if (!mm)
  		return 0;
  
-@@ -865,7 +945,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -865,7 +961,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
  		goto free;
  
  	while (count > 0) {
@@ -113199,7 +113405,7 @@ index 45f2162..6484c0f 100644
  
  		if (write && copy_from_user(page, buf, this_len)) {
  			copied = -EFAULT;
-@@ -959,6 +1039,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -959,6 +1055,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
  	if (!mm || !mm->env_end)
  		return 0;
  
@@ -113213,7 +113419,7 @@ index 45f2162..6484c0f 100644
  	page = (char *)__get_free_page(GFP_TEMPORARY);
  	if (!page)
  		return -ENOMEM;
-@@ -972,9 +1059,12 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -972,9 +1075,12 @@ static ssize_t environ_read(struct file *file, char __user *buf,
  	env_end = mm->env_end;
  	up_read(&mm->mmap_sem);
  
@@ -113227,7 +113433,7 @@ index 45f2162..6484c0f 100644
  
  		if (src >= (env_end - env_start))
  			break;
-@@ -1584,7 +1674,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
+@@ -1584,7 +1690,7 @@ static const char *proc_pid_get_link(struct dentry *dentry,
  		return ERR_PTR(-ECHILD);
  
  	/* Are we allowed to snoop on the tasks file descriptors? */
@@ -113236,7 +113442,7 @@ index 45f2162..6484c0f 100644
  		goto out;
  
  	error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1628,8 +1718,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1628,8 +1734,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
  	struct path path;
  
  	/* Are we allowed to snoop on the tasks file descriptors? */
@@ -113257,7 +113463,7 @@ index 45f2162..6484c0f 100644
  
  	error = PROC_I(inode)->op.proc_get_link(dentry, &path);
  	if (error)
-@@ -1679,7 +1779,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1679,7 +1795,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
  		rcu_read_lock();
  		cred = __task_cred(task);
  		inode->i_uid = cred->euid;
@@ -113269,7 +113475,7 @@ index 45f2162..6484c0f 100644
  		rcu_read_unlock();
  	}
  	security_task_to_inode(task, inode);
-@@ -1715,10 +1819,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1715,10 +1835,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
  			return -ENOENT;
  		}
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -113289,7 +113495,7 @@ index 45f2162..6484c0f 100644
  		}
  	}
  	rcu_read_unlock();
-@@ -1756,11 +1869,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1756,11 +1885,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
  
  	if (task) {
  		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -113310,7 +113516,7 @@ index 45f2162..6484c0f 100644
  			rcu_read_unlock();
  		} else {
  			inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2301,6 +2423,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2301,6 +2439,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
  	if (!task)
  		goto out_no_task;
  
@@ -113320,7 +113526,7 @@ index 45f2162..6484c0f 100644
  	/*
  	 * Yes, it does not scale. And it should not. Don't add
  	 * new entries into /proc/<tgid>/ without very good reasons.
-@@ -2331,6 +2456,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
+@@ -2331,6 +2472,9 @@ static int proc_pident_readdir(struct file *file, struct dir_context *ctx,
  	if (!task)
  		return -ENOENT;
  
@@ -113330,7 +113536,7 @@ index 45f2162..6484c0f 100644
  	if (!dir_emit_dots(file, ctx))
  		goto out;
  
-@@ -2743,7 +2871,9 @@ static const struct inode_operations proc_task_inode_operations;
+@@ -2743,7 +2887,9 @@ static const struct inode_operations proc_task_inode_operations;
  static const struct pid_entry tgid_base_stuff[] = {
  	DIR("task",       S_IRUGO|S_IXUGO, proc_task_inode_operations, proc_task_operations),
  	DIR("fd",         S_IRUSR|S_IXUSR, proc_fd_inode_operations, proc_fd_operations),
@@ -113340,7 +113546,7 @@ index 45f2162..6484c0f 100644
  	DIR("fdinfo",     S_IRUSR|S_IXUSR, proc_fdinfo_inode_operations, proc_fdinfo_operations),
  	DIR("ns",	  S_IRUSR|S_IXUGO, proc_ns_dir_inode_operations, proc_ns_dir_operations),
  #ifdef CONFIG_NET
-@@ -2761,7 +2891,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2761,7 +2907,7 @@ static const struct pid_entry tgid_base_stuff[] = {
  	REG("autogroup",  S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
  #endif
  	REG("comm",      S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -113349,7 +113555,7 @@ index 45f2162..6484c0f 100644
  	ONE("syscall",    S_IRUSR, proc_pid_syscall),
  #endif
  	REG("cmdline",    S_IRUGO, proc_pid_cmdline_ops),
-@@ -2786,10 +2916,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2786,10 +2932,10 @@ static const struct pid_entry tgid_base_stuff[] = {
  #ifdef CONFIG_SECURITY
  	DIR("attr",       S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
  #endif
@@ -113362,7 +113568,7 @@ index 45f2162..6484c0f 100644
  	ONE("stack",      S_IRUSR, proc_pid_stack),
  #endif
  #ifdef CONFIG_SCHED_INFO
-@@ -2823,6 +2953,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2823,6 +2969,9 @@ static const struct pid_entry tgid_base_stuff[] = {
  #ifdef CONFIG_HARDWALL
  	ONE("hardwall",   S_IRUGO, proc_pid_hardwall),
  #endif
@@ -113372,7 +113578,7 @@ index 45f2162..6484c0f 100644
  #ifdef CONFIG_USER_NS
  	REG("uid_map",    S_IRUGO|S_IWUSR, proc_uid_map_operations),
  	REG("gid_map",    S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2955,7 +3088,14 @@ static int proc_pid_instantiate(struct inode *dir,
+@@ -2955,7 +3104,14 @@ static int proc_pid_instantiate(struct inode *dir,
  	if (!inode)
  		goto out;
  
@@ -113387,7 +113593,7 @@ index 45f2162..6484c0f 100644
  	inode->i_op = &proc_tgid_base_inode_operations;
  	inode->i_fop = &proc_tgid_base_operations;
  	inode->i_flags|=S_IMMUTABLE;
-@@ -2993,7 +3133,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2993,7 +3149,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
  	if (!task)
  		goto out;
  
@@ -113399,7 +113605,7 @@ index 45f2162..6484c0f 100644
  	put_task_struct(task);
  out:
  	return ERR_PTR(result);
-@@ -3107,7 +3251,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3107,7 +3267,7 @@ static const struct pid_entry tid_base_stuff[] = {
  	REG("sched",     S_IRUGO|S_IWUSR, proc_pid_sched_operations),
  #endif
  	REG("comm",      S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -113408,7 +113614,7 @@ index 45f2162..6484c0f 100644
  	ONE("syscall",   S_IRUSR, proc_pid_syscall),
  #endif
  	REG("cmdline",   S_IRUGO, proc_pid_cmdline_ops),
-@@ -3134,10 +3278,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3134,10 +3294,10 @@ static const struct pid_entry tid_base_stuff[] = {
  #ifdef CONFIG_SECURITY
  	DIR("attr",      S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
  #endif
@@ -113653,7 +113859,7 @@ index 42305dd..968caba 100644
  		if (de->size)
  			inode->i_size = de->size;
 diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index aa27810..9f2d3b2 100644
+index aa27810..6f98bdd 100644
 --- a/fs/proc/internal.h
 +++ b/fs/proc/internal.h
 @@ -47,9 +47,10 @@ struct proc_dir_entry {
@@ -113700,6 +113906,21 @@ index aa27810..9f2d3b2 100644
  extern int proc_readdir_de(struct proc_dir_entry *, struct file *, struct dir_context *);
  
  static inline struct proc_dir_entry *pde_get(struct proc_dir_entry *pde)
+@@ -285,9 +292,12 @@ struct proc_maps_private {
+ #ifdef CONFIG_NUMA
+ 	struct mempolicy *task_mempolicy;
+ #endif
+-};
++#ifdef CONFIG_GRKERNSEC
++	u64 ptracer_exec_id;
++#endif
++} __randomize_layout;
+ 
+-struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode);
++struct mm_struct *proc_mem_open(struct inode *inode, unsigned int mode, u64 *ptracer_exec_id);
+ 
+ extern const struct file_operations proc_pid_maps_operations;
+ extern const struct file_operations proc_tid_maps_operations;
 diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c
 index a352d57..cb94a5c 100644
 --- a/fs/proc/interrupts.c
@@ -114256,7 +114477,7 @@ index 510413eb..34d9a8c 100644
  	seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq);
  
 diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 9d2f3e0..52c3ee0 100644
+index 9d2f3e0..0cb1d3f 100644
 --- a/fs/proc/task_mmu.c
 +++ b/fs/proc/task_mmu.c
 @@ -15,12 +15,19 @@
@@ -114316,7 +114537,20 @@ index 9d2f3e0..52c3ee0 100644
  	hugetlb_report_usage(m, mm);
  }
  
-@@ -281,7 +305,7 @@ static int is_stack(struct proc_maps_private *priv,
+@@ -230,7 +254,11 @@ static int proc_maps_open(struct inode *inode, struct file *file,
+ 		return -ENOMEM;
+ 
+ 	priv->inode = inode;
+-	priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
++#ifdef CONFIG_GRKERNSEC
++	priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, &priv->ptracer_exec_id);
++#else
++	priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
++#endif
+ 	if (IS_ERR(priv->mm)) {
+ 		int err = PTR_ERR(priv->mm);
+ 
+@@ -281,11 +309,11 @@ static int is_stack(struct proc_maps_private *priv,
  			stack = vma_is_stack_for_task(vma, task);
  		rcu_read_unlock();
  	}
@@ -114325,38 +114559,37 @@ index 9d2f3e0..52c3ee0 100644
  }
  
  static void
-@@ -304,13 +328,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+-show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
++show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid, bool restrict)
+ {
+ 	struct mm_struct *mm = vma->vm_mm;
+ 	struct file *file = vma->vm_file;
+@@ -304,13 +332,8 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
  		pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT;
  	}
  
 -	/* We don't show the stack guard page in /proc/maps */
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+	start = PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start;
-+	end = PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end;
-+#else
- 	start = vma->vm_start;
+-	start = vma->vm_start;
 -	if (stack_guard_page_start(vma, start))
 -		start += PAGE_SIZE;
- 	end = vma->vm_end;
+-	end = vma->vm_end;
 -	if (stack_guard_page_end(vma, end))
 -		end -= PAGE_SIZE;
-+#endif
++	start = restrict ? 0UL : vma->vm_start;
++	end = restrict ? 0UL : vma->vm_end;
  
  	seq_setwidth(m, 25 + sizeof(void *) * 6 - 1);
  	seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ",
-@@ -320,7 +344,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -320,7 +343,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
  			flags & VM_WRITE ? 'w' : '-',
  			flags & VM_EXEC ? 'x' : '-',
  			flags & VM_MAYSHARE ? 's' : 'p',
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+			PAX_RAND_FLAGS(mm) ? 0UL : pgoff,
-+#else
- 			pgoff,
-+#endif
+-			pgoff,
++			restrict ? 0UL : pgoff,
  			MAJOR(dev), MINOR(dev), ino);
  
  	/*
-@@ -329,7 +357,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
+@@ -329,7 +352,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid)
  	 */
  	if (file) {
  		seq_pad(m, ' ');
@@ -114365,20 +114598,29 @@ index 9d2f3e0..52c3ee0 100644
  		goto done;
  	}
  
-@@ -366,6 +394,12 @@ done:
+@@ -366,7 +389,20 @@ done:
  
  static int show_map(struct seq_file *m, void *v, int is_pid)
  {
+-	show_map_vma(m, v, is_pid);
++	bool restrict = false;
++
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+	if (current->exec_id != m->exec_id) {
++	struct vm_area_struct *vma = (struct vm_area_struct *)v;
++	struct proc_maps_private *priv = m->private;
++	restrict = current->exec_id != priv->ptracer_exec_id;
++	if (current->exec_id != m->exec_id && restrict) {
 +		gr_log_badprocpid("maps");
 +		return 0;
 +	}
++	if (restrict)
++		restrict = PAX_RAND_FLAGS(vma->vm_mm);
 +#endif
- 	show_map_vma(m, v, is_pid);
++	show_map_vma(m, v, is_pid, restrict);
  	m_cache_vma(m, v);
  	return 0;
-@@ -646,6 +680,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
+ }
+@@ -646,6 +682,9 @@ static void show_smap_vma_flags(struct seq_file *m, struct vm_area_struct *vma)
  		[ilog2(VM_RAND_READ)]	= "rr",
  		[ilog2(VM_DONTCOPY)]	= "dc",
  		[ilog2(VM_DONTEXPAND)]	= "de",
@@ -114388,9 +114630,11 @@ index 9d2f3e0..52c3ee0 100644
  		[ilog2(VM_ACCOUNT)]	= "ac",
  		[ilog2(VM_NORESERVE)]	= "nr",
  		[ilog2(VM_HUGETLB)]	= "ht",
-@@ -715,6 +752,12 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -714,7 +753,14 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ 		.mm = vma->vm_mm,
  		.private = &mss,
  	};
++	bool restrict = false;
  
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
 +	if (current->exec_id != m->exec_id) {
@@ -114401,33 +114645,44 @@ index 9d2f3e0..52c3ee0 100644
  	memset(&mss, 0, sizeof mss);
  
  #ifdef CONFIG_SHMEM
-@@ -741,8 +784,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+@@ -741,10 +787,15 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
  	}
  #endif
  
 -	/* mmap_sem is held in m_start */
 -	walk_page_vma(vma, &smaps_walk);
 +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+	if (!PAX_RAND_FLAGS(vma->vm_mm))
++	if (PAX_RAND_FLAGS(vma->vm_mm))
++		restrict = true;
++	else
 +#endif
 +		/* mmap_sem is held in m_start */
 +		walk_page_vma(vma, &smaps_walk);
  
- 	show_map_vma(m, vma, is_pid);
+-	show_map_vma(m, vma, is_pid);
++	show_map_vma(m, vma, is_pid, restrict);
  
-@@ -764,7 +810,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
+ 	seq_printf(m,
+ 		   "Size:           %8lu kB\n"
+@@ -764,7 +815,7 @@ static int show_smap(struct seq_file *m, void *v, int is_pid)
  		   "KernelPageSize: %8lu kB\n"
  		   "MMUPageSize:    %8lu kB\n"
  		   "Locked:         %8lu kB\n",
-+#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
-+		   PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
-+#else
- 		   (vma->vm_end - vma->vm_start) >> 10,
-+#endif
+-		   (vma->vm_end - vma->vm_start) >> 10,
++		   restrict ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
  		   mss.resident >> 10,
  		   (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
  		   mss.shared_clean  >> 10,
-@@ -1615,6 +1665,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1412,7 +1463,7 @@ static int pagemap_open(struct inode *inode, struct file *file)
+ {
+ 	struct mm_struct *mm;
+ 
+-	mm = proc_mem_open(inode, PTRACE_MODE_READ);
++	mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
+ 	if (IS_ERR(mm))
+ 		return PTR_ERR(mm);
+ 	file->private_data = mm;
+@@ -1615,6 +1666,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
  	char buffer[64];
  	int nid;
  
@@ -114441,7 +114696,7 @@ index 9d2f3e0..52c3ee0 100644
  	if (!mm)
  		return 0;
  
-@@ -1629,11 +1686,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
+@@ -1629,11 +1687,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
  		mpol_to_str(buffer, sizeof(buffer), proc_priv->task_mempolicy);
  	}
  
@@ -114459,7 +114714,7 @@ index 9d2f3e0..52c3ee0 100644
  		seq_puts(m, " heap");
  	} else if (is_stack(proc_priv, vma, is_pid)) {
 diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c
-index faacb0c..ce736cd 100644
+index faacb0c..b185575 100644
 --- a/fs/proc/task_nommu.c
 +++ b/fs/proc/task_nommu.c
 @@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm)
@@ -114489,6 +114744,15 @@ index faacb0c..ce736cd 100644
  	} else if (mm && is_stack(priv, vma, is_pid)) {
  		seq_pad(m, ' ');
  		seq_printf(m, "[stack]");
+@@ -287,7 +287,7 @@ static int maps_open(struct inode *inode, struct file *file,
+ 		return -ENOMEM;
+ 
+ 	priv->inode = inode;
+-	priv->mm = proc_mem_open(inode, PTRACE_MODE_READ);
++	priv->mm = proc_mem_open(inode, PTRACE_MODE_READ, NULL);
+ 	if (IS_ERR(priv->mm)) {
+ 		int err = PTR_ERR(priv->mm);
+ 
 diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
 index 4e61388..1a2523d 100644
 --- a/fs/proc/vmcore.c
@@ -131914,6 +132178,19 @@ index 792c898..3f045d6 100644
  	atomic_t	numainfo_updating;
  #endif
  
+diff --git a/include/linux/memory.h b/include/linux/memory.h
+index 8b8d8d1..75abd50 100644
+--- a/include/linux/memory.h
++++ b/include/linux/memory.h
+@@ -123,7 +123,7 @@ extern struct memory_block *find_memory_block(struct mem_section *);
+ 
+ #ifdef CONFIG_MEMORY_HOTPLUG
+ #define hotplug_memory_notifier(fn, pri) ({		\
+-	static __meminitdata struct notifier_block fn##_mem_nb =\
++	static __meminitconst struct notifier_block fn##_mem_nb =\
+ 		{ .notifier_call = fn, .priority = pri };\
+ 	register_memory_notifier(&fn##_mem_nb);			\
+ })
 diff --git a/include/linux/mempolicy.h b/include/linux/mempolicy.h
 index 2696c1f..9320d41 100644
 --- a/include/linux/mempolicy.h
@@ -133552,7 +133829,7 @@ index 556ec1e..38c19c9 100644
  
  /*
 diff --git a/include/linux/sched.h b/include/linux/sched.h
-index a10494a..2d7faf1 100644
+index a10494a..3ab8d31 100644
 --- a/include/linux/sched.h
 +++ b/include/linux/sched.h
 @@ -7,7 +7,7 @@
@@ -133825,7 +134102,7 @@ index a10494a..2d7faf1 100644
  {
  	return tsk->pid;
  }
-@@ -2289,6 +2397,25 @@ extern u64 sched_clock_cpu(int cpu);
+@@ -2289,6 +2397,46 @@ extern u64 sched_clock_cpu(int cpu);
  
  extern void sched_clock_init(void);
  
@@ -133848,10 +134125,31 @@ index a10494a..2d7faf1 100644
 +}
 +#endif
 +
++#ifdef CONFIG_GRKERNSEC
++static inline bool current_is_ptracer(struct task_struct *task, u64 *exec_id)
++{
++	bool ret = false;
++        if (!task->ptrace)
++		return ret;
++
++	rcu_read_lock();
++	read_lock(&tasklist_lock);
++	if (task->parent && task->parent == current) {
++		ret = true;
++		if (exec_id)
++			*exec_id = task->parent->exec_id;
++	}
++	read_unlock(&tasklist_lock);
++	rcu_read_unlock();
++
++	return ret;
++}
++#endif
++
  #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK
  static inline void sched_clock_tick(void)
  {
-@@ -2417,7 +2544,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
+@@ -2417,7 +2565,9 @@ extern void set_curr_task(int cpu, struct task_struct *p);
  void yield(void);
  
  union thread_union {
@@ -133861,7 +134159,7 @@ index a10494a..2d7faf1 100644
  	unsigned long stack[THREAD_SIZE/sizeof(long)];
  };
  
-@@ -2450,6 +2579,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -2450,6 +2600,7 @@ extern struct pid_namespace init_pid_ns;
   */
  
  extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -133869,7 +134167,7 @@ index a10494a..2d7faf1 100644
  extern struct task_struct *find_task_by_pid_ns(pid_t nr,
  		struct pid_namespace *ns);
  
-@@ -2481,7 +2611,7 @@ extern void proc_caches_init(void);
+@@ -2481,7 +2632,7 @@ extern void proc_caches_init(void);
  extern void flush_signals(struct task_struct *);
  extern void ignore_signals(struct task_struct *);
  extern void flush_signal_handlers(struct task_struct *, int force_default);
@@ -133878,7 +134176,7 @@ index a10494a..2d7faf1 100644
  
  static inline int kernel_dequeue_signal(siginfo_t *info)
  {
-@@ -2635,7 +2765,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2635,7 +2786,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
  extern void exit_itimers(struct signal_struct *);
  extern void flush_itimer_signals(void);
  
@@ -133887,7 +134185,7 @@ index a10494a..2d7faf1 100644
  
  extern int do_execve(struct filename *,
  		     const char __user * const __user *,
-@@ -2750,11 +2880,13 @@ static inline int thread_group_empty(struct task_struct *p)
+@@ -2750,11 +2901,13 @@ static inline int thread_group_empty(struct task_struct *p)
   * It must not be nested with write_lock_irq(&tasklist_lock),
   * neither inside nor outside.
   */
@@ -133901,7 +134199,7 @@ index a10494a..2d7faf1 100644
  static inline void task_unlock(struct task_struct *p)
  {
  	spin_unlock(&p->alloc_lock);
-@@ -2840,9 +2972,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2840,9 +2993,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
  #define task_stack_end_corrupted(task) \
  		(*(end_of_stack(task)) != STACK_END_MAGIC)
  
@@ -162129,10 +162427,10 @@ index 53449a6..c1fd180 100644
  warning-2 += -Wdisabled-optimization
 diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins
 new file mode 100644
-index 0000000..97e7a48
+index 0000000..3dfdd31
 --- /dev/null
 +++ b/scripts/Makefile.gcc-plugins
-@@ -0,0 +1,96 @@
+@@ -0,0 +1,98 @@
 +ifdef CONFIG_GCC_PLUGINS
 +  __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC))
 +  PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)")
@@ -162180,6 +162478,8 @@ index 0000000..97e7a48
 +
 +  gcc-plugin-y						+= initify_plugin.so
 +  gcc-plugin-cflags-y					+= -DINITIFY_PLUGIN
++# -fplugin-arg-initify_plugin-search_init_exit_functions
++#  gcc-plugin-cflags-y					+= -fplugin-arg-initify_plugin-verbose
 +
 +  gcc-plugin-subdir-$(CONFIG_PAX_RAP)			+= rap_plugin
 +  gcc-plugin-$(CONFIG_PAX_RAP)				+= rap_plugin/rap_plugin.so
@@ -163326,10 +163626,10 @@ index 0000000..ffe60f6
 +}
 diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c
 new file mode 100644
-index 0000000..7142f36
+index 0000000..e25c12c
 --- /dev/null
 +++ b/scripts/gcc-plugins/constify_plugin.c
-@@ -0,0 +1,521 @@
+@@ -0,0 +1,574 @@
 +/*
 + * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
 + * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu>
@@ -163355,10 +163655,25 @@ index 0000000..7142f36
 +static bool enabled = true;
 +
 +static struct plugin_info const_plugin_info = {
-+	.version	= "201605212045",
++	.version	= "201606280200",
 +	.help		= "disable\tturn off constification\n",
 +};
 +
++static struct {
++	const char *name;
++	const char *asm_op;
++} const_sections[] = {
++	{".init.rodata",     "\t.section\t.init.rodata,\"a\""},
++	{".ref.rodata",      "\t.section\t.ref.rodata,\"a\""},
++	{".devinit.rodata",  "\t.section\t.devinit.rodata,\"a\""},
++	{".devexit.rodata",  "\t.section\t.devexit.rodata,\"a\""},
++	{".cpuinit.rodata",  "\t.section\t.cpuinit.rodata,\"a\""},
++	{".cpuexit.rodata",  "\t.section\t.cpuexit.rodata,\"a\""},
++	{".meminit.rodata",  "\t.section\t.meminit.rodata,\"a\""},
++	{".memexit.rodata",  "\t.section\t.memexit.rodata,\"a\""},
++	{".data..read_only", "\t.section\t.data..read_only,\"a\""},
++};
++
 +typedef struct {
 +	bool has_fptr_field;
 +	bool has_writable_field;
@@ -163706,33 +164021,85 @@ index 0000000..7142f36
 +	TYPE_CONSTIFY_VISITED(type) = 1;
 +}
 +
-+static void check_global_variables(void *event_data, void *data)
++static bool is_constified_var(varpool_node_ptr node)
 +{
-+	varpool_node_ptr node;
++	tree var = NODE_DECL(node);
++	tree type = TREE_TYPE(var);
 +
-+	FOR_EACH_VARIABLE(node) {
-+		tree var = NODE_DECL(node);
-+		tree type = TREE_TYPE(var);
++	if (DECL_EXTERNAL(var))
++		return false;
 +
-+		if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
-+			continue;
++	// XXX handle more complex nesting of arrays/structs
++	if (TREE_CODE(type) == ARRAY_TYPE)
++		type = TREE_TYPE(type);
 +
-+		if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type))
-+			continue;
++	if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE)
++		return false;
 +
-+		if (!TYPE_CONSTIFY_VISITED(type))
-+			continue;
++	if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type))
++		return false;
 +
-+		if (DECL_EXTERNAL(var))
-+			continue;
++	if (!TYPE_CONSTIFY_VISITED(type))
++		return false;
++
++	return true;
++}
++
++static void check_section_mismatch(varpool_node_ptr node)
++{
++	tree var, section;
++	size_t i;
++
++	var = NODE_DECL(node);
++	section = lookup_attribute("section", DECL_ATTRIBUTES(var));
++	if (!section) {
++		gcc_assert(!get_decl_section_name(var));
++		return;
++	} else
++		gcc_assert(get_decl_section_name(var));
++
++//fprintf(stderr, "SECTIONAME: [%s] ", get_decl_section_name(var));
++//debug_tree(var);
++
++	gcc_assert(!TREE_CHAIN(section));
++	gcc_assert(TREE_VALUE(section));
++
++	section = TREE_VALUE(TREE_VALUE(section));
++	gcc_assert(!strcmp(TREE_STRING_POINTER(section), get_decl_section_name(var)));
++//debug_tree(section);
++
++	for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++		if (!strcmp(const_sections[i].name, get_decl_section_name(var)))
++			return;
++
++	error_at(DECL_SOURCE_LOCATION(var), "constified variable %qD placed into writable section %E", var, section);
++}
++
++// this works around a gcc bug/feature where uninitialized globals
++// are moved into the .bss section regardless of any constification
++// see gcc/varasm.c:bss_initializer_p()
++static void fix_initializer(varpool_node_ptr node)
++{
++	tree var = NODE_DECL(node);
++	tree type = TREE_TYPE(var);
++
++	if (DECL_INITIAL(var))
++		return;
++
++	DECL_INITIAL(var) = build_constructor(type, NULL);
++//	inform(DECL_SOURCE_LOCATION(var), "constified variable %qE moved into .rodata", var);
++}
++
++static void check_global_variables(void *event_data, void *data)
++{
++	varpool_node_ptr node;
 +
-+		if (DECL_INITIAL(var))
++	FOR_EACH_VARIABLE(node) {
++		if (!is_constified_var(node))
 +			continue;
 +
-+		// this works around a gcc bug/feature where uninitialized globals
-+		// are moved into the .bss section regardless of any constification
-+		DECL_INITIAL(var) = build_constructor(type, NULL);
-+//		inform(DECL_SOURCE_LOCATION(var), "constified variable %qE moved into .rodata", var);
++		check_section_mismatch(node);
++		fix_initializer(node);
 +	}
 +}
 +
@@ -163769,30 +164136,16 @@ index 0000000..7142f36
 +#define NO_GATE
 +#include "gcc-generate-gimple-pass.h"
 +
-+static struct {
-+	const char *name;
-+	const char *asm_op;
-+} sections[] = {
-+	{".init.rodata",     "\t.section\t.init.rodata,\"a\""},
-+	{".ref.rodata",      "\t.section\t.ref.rodata,\"a\""},
-+	{".devinit.rodata",  "\t.section\t.devinit.rodata,\"a\""},
-+	{".devexit.rodata",  "\t.section\t.devexit.rodata,\"a\""},
-+	{".cpuinit.rodata",  "\t.section\t.cpuinit.rodata,\"a\""},
-+	{".cpuexit.rodata",  "\t.section\t.cpuexit.rodata,\"a\""},
-+	{".meminit.rodata",  "\t.section\t.meminit.rodata,\"a\""},
-+	{".memexit.rodata",  "\t.section\t.memexit.rodata,\"a\""},
-+	{".data..read_only", "\t.section\t.data..read_only,\"a\""},
-+};
-+
 +static unsigned int (*old_section_type_flags)(tree decl, const char *name, int reloc);
 +
 +static unsigned int constify_section_type_flags(tree decl, const char *name, int reloc)
 +{
 +	size_t i;
 +
-+	for (i = 0; i < ARRAY_SIZE(sections); i++)
-+		if (!strcmp(sections[i].name, name))
++	for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++		if (!strcmp(const_sections[i].name, name))
 +			return 0;
++
 +	return old_section_type_flags(decl, name, reloc);
 +}
 +
@@ -163800,9 +164153,9 @@ index 0000000..7142f36
 +{
 +//	size_t i;
 +
-+//	for (i = 0; i < ARRAY_SIZE(sections); i++)
-+//		sections[i].section = get_unnamed_section(0, output_section_asm_op, sections[i].asm_op);
-+//		sections[i].section = get_section(sections[i].name, 0, NULL);
++//	for (i = 0; i < ARRAY_SIZE(const_sections); i++)
++//		const_sections[i].section = get_unnamed_section(0, output_section_asm_op, const_sections[i].asm_op);
++//		const_sections[i].section = get_section(const_sections[i].name, 0, NULL);
 +
 +	old_section_type_flags = targetm.section_type_flags;
 +	targetm.section_type_flags = constify_section_type_flags;
@@ -163853,10 +164206,10 @@ index 0000000..7142f36
 +}
 diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
 new file mode 100644
-index 0000000..0c0b842
+index 0000000..fd6362e7
 --- /dev/null
 +++ b/scripts/gcc-plugins/gcc-common.h
-@@ -0,0 +1,879 @@
+@@ -0,0 +1,892 @@
 +#ifndef GCC_COMMON_H_INCLUDED
 +#define GCC_COMMON_H_INCLUDED
 +
@@ -164396,6 +164749,14 @@ index 0000000..0c0b842
 +
 +typedef struct rtx_def rtx_insn;
 +
++static inline const char *get_decl_section_name(const_tree decl)
++{
++	if (!DECL_SECTION_NAME(decl))
++		return  NULL;
++
++	return TREE_STRING_POINTER(DECL_SECTION_NAME(decl));
++}
++
 +static inline void set_decl_section_name(tree node, const char *value)
 +{
 +	if (value)
@@ -164513,6 +164874,11 @@ index 0000000..0c0b842
 +
 +#define INSN_DELETED_P(insn) (insn)->deleted()
 +
++static inline const char *get_decl_section_name(const_tree decl)
++{
++	return DECL_SECTION_NAME(decl);
++}
++
 +/* symtab/cgraph related */
 +#define debug_cgraph_node(node) (node)->debug()
 +#define cgraph_get_node(decl) cgraph_node::get(decl)


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-06-30 13:19 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-06-30 13:19 UTC (permalink / raw
  To: gentoo-commits

commit:     69430df88d9fcc4b3ad98e37688ac7d1dd4e7c6e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Jun 30 13:21:52 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Jun 30 13:21:52 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=69430df8

grsecurity-3.1-4.5.7-201606292300

 4.5.7/0000_README                                  |   2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606292300.patch} | 322 +++++++++++++++++++--
 2 files changed, 295 insertions(+), 29 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index b74e534..6531b4d 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606282216.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606292300.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
index 01f7898..4f4d48f 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606282216.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
@@ -49321,7 +49321,7 @@ index 6a27eb2..349ed23 100644
  };
  
 diff --git a/drivers/hwmon/dell-smm-hwmon.c b/drivers/hwmon/dell-smm-hwmon.c
-index c43318d..2574fc5 100644
+index c43318d..24bfd03 100644
 --- a/drivers/hwmon/dell-smm-hwmon.c
 +++ b/drivers/hwmon/dell-smm-hwmon.c
 @@ -819,7 +819,7 @@ static const struct i8k_config_data i8k_config_data[] = {
@@ -49329,7 +49329,7 @@ index c43318d..2574fc5 100644
  };
  
 -static struct dmi_system_id i8k_dmi_table[] __initdata = {
-+static struct dmi_system_id i8k_dmi_table[] __initconst = {
++static const struct dmi_system_id i8k_dmi_table[] __initconst = {
  	{
  		.ident = "Dell Inspiron",
  		.matches = {
@@ -49338,7 +49338,7 @@ index c43318d..2574fc5 100644
  MODULE_DEVICE_TABLE(dmi, i8k_dmi_table);
  
 -static struct dmi_system_id i8k_blacklist_dmi_table[] __initdata = {
-+static struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
++static const struct dmi_system_id i8k_blacklist_dmi_table[] __initconst = {
  	{
  		/*
  		 * CPU fan speed going up and down on Dell Studio XPS 8000
@@ -58553,6 +58553,19 @@ index 556a2df..e771329 100644
  {
  	spin_lock(&sbc_gxx_spin);
  	sbc_gxx_page(map, adr);
+diff --git a/drivers/mtd/nand/brcmnand/brcmnand.h b/drivers/mtd/nand/brcmnand/brcmnand.h
+index ef5eabb..2b61d03 100644
+--- a/drivers/mtd/nand/brcmnand/brcmnand.h
++++ b/drivers/mtd/nand/brcmnand/brcmnand.h
+@@ -24,7 +24,7 @@ struct brcmnand_soc {
+ 	bool (*ctlrdy_ack)(struct brcmnand_soc *soc);
+ 	void (*ctlrdy_set_enabled)(struct brcmnand_soc *soc, bool en);
+ 	void (*prepare_data_bus)(struct brcmnand_soc *soc, bool prepare);
+-};
++} __no_const;
+ 
+ static inline void brcmnand_soc_data_bus_prepare(struct brcmnand_soc *soc)
+ {
 diff --git a/drivers/mtd/nand/cafe_nand.c b/drivers/mtd/nand/cafe_nand.c
 index aa1a616..a47a33d 100644
 --- a/drivers/mtd/nand/cafe_nand.c
@@ -62716,6 +62729,18 @@ index f9db2ce..6cd460c 100644
  	return ring_first(r);
  }
  
+diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c
+index a400288..0c59bcd 100644
+--- a/drivers/net/loopback.c
++++ b/drivers/net/loopback.c
+@@ -217,6 +217,6 @@ out:
+ }
+ 
+ /* Registered in net/core/dev.c */
+-struct pernet_operations __net_initdata loopback_net_ops = {
++struct pernet_operations __net_initconst loopback_net_ops = {
+        .init = loopback_net_init,
+ };
 diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
 index 94e6888..c5c3f55 100644
 --- a/drivers/net/macvlan.c
@@ -114042,7 +114067,7 @@ index f8595e8..e0d13cbd 100644
  
  	seq_putc(m, '\n');
 diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index 350984a..0fb02a9 100644
+index 350984a..a78a18c 100644
 --- a/fs/proc/proc_net.c
 +++ b/fs/proc/proc_net.c
 @@ -23,9 +23,27 @@
@@ -114107,6 +114132,15 @@ index 350984a..0fb02a9 100644
  	err = -ENXIO;
  	net = get_proc_net(inode);
  	if (net == NULL)
+@@ -220,7 +251,7 @@ static __net_exit void proc_net_ns_exit(struct net *net)
+ 	kfree(net->proc_net);
+ }
+ 
+-static struct pernet_operations __net_initdata proc_net_ns_ops = {
++static struct pernet_operations __net_initconst proc_net_ns_ops = {
+ 	.init = proc_net_ns_init,
+ 	.exit = proc_net_ns_exit,
+ };
 diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
 index fe5b6e6..cd2913c 100644
 --- a/fs/proc/proc_sysctl.c
@@ -132854,7 +132888,7 @@ index 25ef630..fc83c44 100644
  struct iovec;
  struct kvec;
 diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 6d1d8f4..f1ed976 100644
+index 6d1d8f4..e9b37d6 100644
 --- a/include/linux/netdevice.h
 +++ b/include/linux/netdevice.h
 @@ -1257,6 +1257,7 @@ struct net_device_ops {
@@ -132885,6 +132919,15 @@ index 6d1d8f4..f1ed976 100644
  
  #ifdef CONFIG_WIRELESS_EXT
  	const struct iw_handler_def *	wireless_handlers;
+@@ -4069,7 +4070,7 @@ static inline void netif_keep_dst(struct net_device *dev)
+ 	dev->priv_flags &= ~(IFF_XMIT_DST_RELEASE | IFF_XMIT_DST_RELEASE_PERM);
+ }
+ 
+-extern struct pernet_operations __net_initdata loopback_net_ops;
++extern struct pernet_operations __net_initconst loopback_net_ops;
+ 
+ /* Logging, debugging and troubleshooting/diagnostic helpers. */
+ 
 diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
 index 0ad5567..79b35f5a 100644
 --- a/include/linux/netfilter.h
@@ -138381,7 +138424,7 @@ index 798cad1..d6ffc17 100644
  	if ((requested_mode & ~granted_mode & 0007) &&
  	    !ns_capable(ns->user_ns, CAP_IPC_OWNER))
 diff --git a/kernel/audit.c b/kernel/audit.c
-index 3a3e5de..3a2baad 100644
+index 3a3e5de..2f79ee6 100644
 --- a/kernel/audit.c
 +++ b/kernel/audit.c
 @@ -123,7 +123,7 @@ u32		audit_sig_sid = 0;
@@ -138420,6 +138463,15 @@ index 3a3e5de..3a2baad 100644
  		s.backlog		= skb_queue_len(&audit_skb_queue);
  		s.feature_bitmap	= AUDIT_FEATURE_BITMAP_ALL;
  		s.backlog_wait_time	= audit_backlog_wait_time_master;
+@@ -1156,7 +1156,7 @@ static void __net_exit audit_net_exit(struct net *net)
+ 	netlink_kernel_release(sock);
+ }
+ 
+-static struct pernet_operations audit_net_ops __net_initdata = {
++static struct pernet_operations audit_net_ops __net_initconst = {
+ 	.init = audit_net_init,
+ 	.exit = audit_net_exit,
+ 	.id = &audit_net_id,
 diff --git a/kernel/auditsc.c b/kernel/auditsc.c
 index 195ffae..fb880f9 100644
 --- a/kernel/auditsc.c
@@ -153409,7 +153461,7 @@ index fa9dc64..73dd85a 100644
  
  	return err;
 diff --git a/net/core/dev.c b/net/core/dev.c
-index 0ef061b..6d2375a 100644
+index 0ef061b..94ee1d8 100644
 --- a/net/core/dev.c
 +++ b/net/core/dev.c
 @@ -1766,7 +1766,7 @@ int __dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
@@ -153477,6 +153529,24 @@ index 0ef061b..6d2375a 100644
  	return storage;
  }
  EXPORT_SYMBOL(dev_get_stats);
+@@ -7922,7 +7922,7 @@ static void __net_exit netdev_exit(struct net *net)
+ 	kfree(net->dev_index_head);
+ }
+ 
+-static struct pernet_operations __net_initdata netdev_net_ops = {
++static struct pernet_operations __net_initconst netdev_net_ops = {
+ 	.init = netdev_init,
+ 	.exit = netdev_exit,
+ };
+@@ -8022,7 +8022,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list)
+ 	rtnl_unlock();
+ }
+ 
+-static struct pernet_operations __net_initdata default_device_ops = {
++static struct pernet_operations __net_initconst default_device_ops = {
+ 	.exit = default_device_exit,
+ 	.exit_batch = default_device_exit_batch,
+ };
 diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
 index b94b1d2..da3ed7c 100644
 --- a/net/core/dev_ioctl.c
@@ -153648,7 +153718,7 @@ index f18ae91..f033693 100644
  
  	tmp.extra1 = &zero;
 diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
-index 2bf8329..2eb1423 100644
+index 2bf8329..ea323e4 100644
 --- a/net/core/net-procfs.c
 +++ b/net/core/net-procfs.c
 @@ -79,7 +79,13 @@ static void dev_seq_printf_stats(struct seq_file *seq, struct net_device *dev)
@@ -153698,6 +153768,24 @@ index 2bf8329..2eb1423 100644
  	}
  
  	return 0;
+@@ -347,7 +358,7 @@ static void __net_exit dev_proc_net_exit(struct net *net)
+ 	remove_proc_entry("dev", net->proc_net);
+ }
+ 
+-static struct pernet_operations __net_initdata dev_proc_ops = {
++static struct pernet_operations __net_initconst dev_proc_ops = {
+ 	.init = dev_proc_net_init,
+ 	.exit = dev_proc_net_exit,
+ };
+@@ -409,7 +420,7 @@ static void __net_exit dev_mc_net_exit(struct net *net)
+ 	remove_proc_entry("dev_mcast", net->proc_net);
+ }
+ 
+-static struct pernet_operations __net_initdata dev_mc_net_ops = {
++static struct pernet_operations __net_initconst dev_mc_net_ops = {
+ 	.init = dev_mc_net_init,
+ 	.exit = dev_mc_net_exit,
+ };
 diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
 index b6c8a66..0da5ffc 100644
 --- a/net/core/net-sysfs.c
@@ -153712,9 +153800,18 @@ index b6c8a66..0da5ffc 100644
  static DEVICE_ATTR_RO(carrier_changes);
  
 diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
-index 2c2eb1b..a53be3e 100644
+index 2c2eb1b..2f3b518 100644
 --- a/net/core/net_namespace.c
 +++ b/net/core/net_namespace.c
+@@ -526,7 +526,7 @@ static __net_exit void net_ns_net_exit(struct net *net)
+ 	ns_free_inum(&net->ns);
+ }
+ 
+-static struct pernet_operations __net_initdata net_ns_ops = {
++static struct pernet_operations __net_initconst net_ns_ops = {
+ 	.init = net_ns_net_init,
+ 	.exit = net_ns_net_exit,
+ };
 @@ -775,7 +775,7 @@ static int __register_pernet_operations(struct list_head *list,
  	int error;
  	LIST_HEAD(net_exit_list);
@@ -153936,7 +154033,7 @@ index 9835d9a..d49237a 100644
  }
  
 diff --git a/net/core/sock.c b/net/core/sock.c
-index 6c1c8bc..325316d 100644
+index 6c1c8bc..20a14a7 100644
 --- a/net/core/sock.c
 +++ b/net/core/sock.c
 @@ -409,7 +409,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -154100,6 +154197,15 @@ index 6c1c8bc..325316d 100644
  
  	msg->msg_flags |= MSG_ERRQUEUE;
  	err = copied;
+@@ -3004,7 +3009,7 @@ static __net_exit void proto_exit_net(struct net *net)
+ }
+ 
+ 
+-static __net_initdata struct pernet_operations proto_net_ops = {
++static __net_initconst struct pernet_operations proto_net_ops = {
+ 	.init = proto_init_net,
+ 	.exit = proto_exit_net,
+ };
 diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
 index a996ce8..e0d5d3d 100644
 --- a/net/core/sock_diag.c
@@ -154410,7 +154516,7 @@ index c35fdfa..063ef67 100644
  		return NULL;
  	}
 diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
-index 5c5db66..c10a4a2 100644
+index 5c5db66..cc029f2 100644
 --- a/net/ipv4/af_inet.c
 +++ b/net/ipv4/af_inet.c
 @@ -1389,7 +1389,7 @@ int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
@@ -154422,6 +154528,24 @@ index 5c5db66..c10a4a2 100644
  #endif
  	return -EINVAL;
  }
+@@ -1591,7 +1591,7 @@ static __net_exit void ipv4_mib_exit_net(struct net *net)
+ 	free_percpu(net->mib.tcp_statistics);
+ }
+ 
+-static __net_initdata struct pernet_operations ipv4_mib_ops = {
++static __net_initconst struct pernet_operations ipv4_mib_ops = {
+ 	.init = ipv4_mib_init_net,
+ 	.exit = ipv4_mib_exit_net,
+ };
+@@ -1624,7 +1624,7 @@ static __net_exit void inet_exit_net(struct net *net)
+ {
+ }
+ 
+-static __net_initdata struct pernet_operations af_inet_ops = {
++static __net_initconst struct pernet_operations af_inet_ops = {
+ 	.init = inet_init_net,
+ 	.exit = inet_exit_net,
+ };
 diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
 index 59b3e0e..ff060b8 100644
 --- a/net/ipv4/arp.c
@@ -154436,7 +154560,7 @@ index 59b3e0e..ff060b8 100644
  	struct dst_entry *dst = NULL;
  
 diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index 0212591..329a13a 100644
+index 0212591..250d044 100644
 --- a/net/ipv4/devinet.c
 +++ b/net/ipv4/devinet.c
 @@ -69,7 +69,8 @@
@@ -154526,6 +154650,15 @@ index 0212591..329a13a 100644
  err_alloc_ctl:
  #endif
  	if (dflt != &ipv4_devconf_dflt)
+@@ -2368,7 +2372,7 @@ static __net_exit void devinet_exit_net(struct net *net)
+ 	kfree(net->ipv4.devconf_all);
+ }
+ 
+-static __net_initdata struct pernet_operations devinet_ops = {
++static __net_initconst struct pernet_operations devinet_ops = {
+ 	.init = devinet_init_net,
+ 	.exit = devinet_exit_net,
+ };
 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
 index 63566ec..82e85abc8 100644
 --- a/net/ipv4/fib_frontend.c
@@ -154567,6 +154700,19 @@ index 2b68418..fb7bee8 100644
  
  	return nh->nh_saddr;
  }
+diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
+index 36e2697..33cf94a 100644
+--- a/net/ipv4/icmp.c
++++ b/net/ipv4/icmp.c
+@@ -1231,7 +1231,7 @@ fail:
+ 	return err;
+ }
+ 
+-static struct pernet_operations __net_initdata icmp_sk_ops = {
++static struct pernet_operations __net_initconst icmp_sk_ops = {
+        .init = icmp_sk_init,
+        .exit = icmp_sk_exit,
+ };
 diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
 index 6414891..30ec9bf 100644
 --- a/net/ipv4/inet_connection_sock.c
@@ -155328,7 +155474,7 @@ index d3a2716..884331c 100644
  
  static int ping_v4_seq_show(struct seq_file *seq, void *v)
 diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
-index 3abd9d7..c5e4052 100644
+index 3abd9d7..50f84dbc 100644
 --- a/net/ipv4/proc.c
 +++ b/net/ipv4/proc.c
 @@ -333,7 +333,7 @@ static void icmpmsg_put(struct seq_file *seq)
@@ -155365,8 +155511,17 @@ index 3abd9d7..c5e4052 100644
  }
  
  /*
+@@ -532,7 +532,7 @@ static __net_exit void ip_proc_exit_net(struct net *net)
+ 	remove_proc_entry("sockstat", net->proc_net);
+ }
+ 
+-static __net_initdata struct pernet_operations ip_proc_ops = {
++static __net_initconst struct pernet_operations ip_proc_ops = {
+ 	.init = ip_proc_init_net,
+ 	.exit = ip_proc_exit_net,
+ };
 diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
-index 7113bae..0e9e9a6 100644
+index 7113bae..8d468b5 100644
 --- a/net/ipv4/raw.c
 +++ b/net/ipv4/raw.c
 @@ -323,7 +323,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -155420,8 +155575,17 @@ index 7113bae..0e9e9a6 100644
  }
  
  static int raw_seq_show(struct seq_file *seq, void *v)
+@@ -1095,7 +1099,7 @@ static __net_exit void raw_exit_net(struct net *net)
+ 	remove_proc_entry("raw", net->proc_net);
+ }
+ 
+-static __net_initdata struct pernet_operations raw_net_ops = {
++static __net_initconst struct pernet_operations raw_net_ops = {
+ 	.init = raw_init_net,
+ 	.exit = raw_exit_net,
+ };
 diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index b050cf9..3b7fc47 100644
+index b050cf9..562413b 100644
 --- a/net/ipv4/route.c
 +++ b/net/ipv4/route.c
 @@ -232,7 +232,7 @@ static const struct seq_operations rt_cache_seq_ops = {
@@ -155451,6 +155615,15 @@ index b050cf9..3b7fc47 100644
  }
  
  static const struct file_operations rt_acct_proc_fops = {
+@@ -413,7 +413,7 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
+ #endif
+ }
+ 
+-static struct pernet_operations ip_rt_proc_ops __net_initdata =  {
++static struct pernet_operations ip_rt_proc_ops __net_initconst =  {
+ 	.init = ip_rt_do_proc_init,
+ 	.exit = ip_rt_do_proc_exit,
+ };
 @@ -463,7 +463,7 @@ static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst,
  
  #define IP_IDENTS_SZ 2048u
@@ -155521,7 +155694,16 @@ index b050cf9..3b7fc47 100644
  err_dup:
  	return -ENOMEM;
  }
-@@ -2817,8 +2817,8 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
+@@ -2809,7 +2809,7 @@ static __net_exit void sysctl_route_net_exit(struct net *net)
+ 	kfree(tbl);
+ }
+ 
+-static __net_initdata struct pernet_operations sysctl_route_ops = {
++static __net_initconst struct pernet_operations sysctl_route_ops = {
+ 	.init = sysctl_route_net_init,
+ 	.exit = sysctl_route_net_exit,
+ };
+@@ -2817,14 +2817,14 @@ static __net_initdata struct pernet_operations sysctl_route_ops = {
  
  static __net_init int rt_genid_init(struct net *net)
  {
@@ -155532,6 +155714,22 @@ index b050cf9..3b7fc47 100644
  	get_random_bytes(&net->ipv4.dev_addr_genid,
  			 sizeof(net->ipv4.dev_addr_genid));
  	return 0;
+ }
+ 
+-static __net_initdata struct pernet_operations rt_genid_ops = {
++static __net_initconst struct pernet_operations rt_genid_ops = {
+ 	.init = rt_genid_init,
+ };
+ 
+@@ -2848,7 +2848,7 @@ static void __net_exit ipv4_inetpeer_exit(struct net *net)
+ 	kfree(bp);
+ }
+ 
+-static __net_initdata struct pernet_operations ipv4_inetpeer_ops = {
++static __net_initconst struct pernet_operations ipv4_inetpeer_ops = {
+ 	.init	=	ipv4_inetpeer_init,
+ 	.exit	=	ipv4_inetpeer_exit,
+ };
 @@ -2862,11 +2862,7 @@ int __init ip_rt_init(void)
  	int rc = 0;
  	int cpu;
@@ -155546,7 +155744,7 @@ index b050cf9..3b7fc47 100644
  	ip_tstamps = kcalloc(IP_IDENTS_SZ, sizeof(*ip_tstamps), GFP_KERNEL);
  	if (!ip_tstamps)
 diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index 4d367b4..84f04b1 100644
+index 4d367b4..aff5814 100644
 --- a/net/ipv4/sysctl_net_ipv4.c
 +++ b/net/ipv4/sysctl_net_ipv4.c
 @@ -66,7 +66,7 @@ static int ipv4_local_port_range(struct ctl_table *table, int write,
@@ -155631,6 +155829,15 @@ index 4d367b4..84f04b1 100644
  	if (!net->ipv4.ipv4_hdr)
  		goto err_reg;
  
+@@ -1009,7 +1011,7 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
+ 	kfree(table);
+ }
+ 
+-static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
++static __net_initconst struct pernet_operations ipv4_sysctl_ops = {
+ 	.init = ipv4_sysctl_init_net,
+ 	.exit = ipv4_sysctl_exit_net,
+ };
 diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
 index 3b2c8e9..601c090 100644
 --- a/net/ipv4/tcp_input.c
@@ -155702,7 +155909,7 @@ index 3b2c8e9..601c090 100644
  		write_pnet(&ireq->ireq_net, sock_net(sk_listener));
  		ireq->ireq_family = sk_listener->sk_family;
 diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index a7b1a90..9f6c261 100644
+index a7b1a90..56a4c5e 100644
 --- a/net/ipv4/tcp_ipv4.c
 +++ b/net/ipv4/tcp_ipv4.c
 @@ -88,6 +88,10 @@ int sysctl_tcp_tw_reuse __read_mostly;
@@ -155760,6 +155967,28 @@ index a7b1a90..9f6c261 100644
  		tcp_v4_send_reset(NULL, skb);
  	}
  
+@@ -2405,7 +2423,7 @@ static void __net_exit tcp_sk_exit_batch(struct list_head *net_exit_list)
+ 	inet_twsk_purge(&tcp_hashinfo, &tcp_death_row, AF_INET);
+ }
+ 
+-static struct pernet_operations __net_initdata tcp_sk_ops = {
++static struct pernet_operations __net_initconst tcp_sk_ops = {
+        .init	   = tcp_sk_init,
+        .exit	   = tcp_sk_exit,
+        .exit_batch = tcp_sk_exit_batch,
+diff --git a/net/ipv4/tcp_metrics.c b/net/ipv4/tcp_metrics.c
+index a726d78..efd778e 100644
+--- a/net/ipv4/tcp_metrics.c
++++ b/net/ipv4/tcp_metrics.c
+@@ -1163,7 +1163,7 @@ static void __net_exit tcp_net_metrics_exit(struct net *net)
+ 	tcp_metrics_flush_all(net);
+ }
+ 
+-static __net_initdata struct pernet_operations tcp_net_metrics_ops = {
++static __net_initconst struct pernet_operations tcp_net_metrics_ops = {
+ 	.init	=	tcp_net_metrics_init,
+ 	.exit	=	tcp_net_metrics_exit,
+ };
 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
 index 9b02af2..5b73e16 100644
 --- a/net/ipv4/tcp_minisocks.c
@@ -155961,7 +156190,7 @@ index fd840c7..b517627 100644
  	struct iphdr *iph = ip_hdr(skb);
  	int ihl = iph->ihl * 4;
 diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
-index 7b0edb3..785b3f6 100644
+index 7b0edb3..f597227 100644
 --- a/net/ipv4/xfrm4_policy.c
 +++ b/net/ipv4/xfrm4_policy.c
 @@ -215,11 +215,11 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
@@ -156013,6 +156242,15 @@ index 7b0edb3..785b3f6 100644
  err_alloc:
  	return -ENOMEM;
  }
+@@ -369,7 +368,7 @@ static void __net_exit xfrm4_net_exit(struct net *net)
+ 	dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);
+ }
+ 
+-static struct pernet_operations __net_initdata xfrm4_net_ops = {
++static struct pernet_operations __net_initconst xfrm4_net_ops = {
+ 	.init	= xfrm4_net_init,
+ 	.exit	= xfrm4_net_exit,
+ };
 diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
 index 542074c..648df74 100644
 --- a/net/ipv4/xfrm4_state.c
@@ -159235,7 +159473,7 @@ index 11de55e..f25e448 100644
  	return 0;
  }
 diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index d2bc03f..a95bb86 100644
+index d2bc03f..94d26ac 100644
 --- a/net/netlink/af_netlink.c
 +++ b/net/netlink/af_netlink.c
 @@ -287,7 +287,7 @@ static void netlink_overrun(struct sock *sk)
@@ -159287,6 +159525,15 @@ index d2bc03f..a95bb86 100644
  			   sock_i_ino(s)
  			);
  
+@@ -3295,7 +3297,7 @@ static void __init netlink_add_usersock_entry(void)
+ 	netlink_table_ungrab();
+ }
+ 
+-static struct pernet_operations __net_initdata netlink_net_ops = {
++static struct pernet_operations __net_initconst netlink_net_ops = {
+ 	.init = netlink_net_init,
+ 	.exit = netlink_net_exit,
+ };
 diff --git a/net/netlink/diag.c b/net/netlink/diag.c
 index 3ee63a3cf..d6df4d8 100644
 --- a/net/netlink/diag.c
@@ -162097,7 +162344,7 @@ index 0917f04..f4e3d8c 100644
  
  	if (!proc_create("x25/route", S_IRUGO, init_net.proc_net,
 diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index b5e665b..3030b1d 100644
+index b5e665b..cc7abfa 100644
 --- a/net/xfrm/xfrm_policy.c
 +++ b/net/xfrm/xfrm_policy.c
 @@ -332,7 +332,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
@@ -162166,6 +162413,15 @@ index b5e665b..3030b1d 100644
  	}
  	return err;
  }
+@@ -3074,7 +3072,7 @@ static void __net_exit xfrm_net_exit(struct net *net)
+ 	xfrm_statistics_fini(net);
+ }
+ 
+-static struct pernet_operations __net_initdata xfrm_net_ops = {
++static struct pernet_operations __net_initconst xfrm_net_ops = {
+ 	.init = xfrm_net_init,
+ 	.exit = xfrm_net_exit,
+ };
 @@ -3266,7 +3264,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
  			       sizeof(pol->xfrm_vec[i].saddr));
  			pol->xfrm_vec[i].encap_family = mp->new_family;
@@ -163626,10 +163882,10 @@ index 0000000..ffe60f6
 +}
 diff --git a/scripts/gcc-plugins/constify_plugin.c b/scripts/gcc-plugins/constify_plugin.c
 new file mode 100644
-index 0000000..e25c12c
+index 0000000..7a047cd
 --- /dev/null
 +++ b/scripts/gcc-plugins/constify_plugin.c
-@@ -0,0 +1,574 @@
+@@ -0,0 +1,583 @@
 +/*
 + * Copyright 2011 by Emese Revfy <re.emese@gmail.com>
 + * Copyright 2011-2016 by PaX Team <pageexec@freemail.hu>
@@ -164026,6 +164282,9 @@ index 0000000..e25c12c
 +	tree var = NODE_DECL(node);
 +	tree type = TREE_TYPE(var);
 +
++	if (node->alias)
++		return false;
++
 +	if (DECL_EXTERNAL(var))
 +		return false;
 +
@@ -164053,7 +164312,13 @@ index 0000000..e25c12c
 +	var = NODE_DECL(node);
 +	section = lookup_attribute("section", DECL_ATTRIBUTES(var));
 +	if (!section) {
-+		gcc_assert(!get_decl_section_name(var));
++		const char *name = get_decl_section_name(var);
++
++		if (name) {
++			fprintf(stderr, "DECL_SECTION [%s] ", name);
++			dump_varpool_node(stderr, node);
++			gcc_unreachable();
++		}
 +		return;
 +	} else
 +		gcc_assert(get_decl_section_name(var));
@@ -164206,10 +164471,10 @@ index 0000000..e25c12c
 +}
 diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
 new file mode 100644
-index 0000000..fd6362e7
+index 0000000..7b14844
 --- /dev/null
 +++ b/scripts/gcc-plugins/gcc-common.h
-@@ -0,0 +1,892 @@
+@@ -0,0 +1,893 @@
 +#ifndef GCC_COMMON_H_INCLUDED
 +#define GCC_COMMON_H_INCLUDED
 +
@@ -164751,8 +165016,8 @@ index 0000000..fd6362e7
 +
 +static inline const char *get_decl_section_name(const_tree decl)
 +{
-+	if (!DECL_SECTION_NAME(decl))
-+		return  NULL;
++	if (DECL_SECTION_NAME(decl) == NULL_TREE)
++		return NULL;
 +
 +	return TREE_STRING_POINTER(DECL_SECTION_NAME(decl));
 +}
@@ -164887,6 +165152,7 @@ index 0000000..fd6362e7
 +#define cgraph_n_nodes symtab->cgraph_count
 +#define cgraph_max_uid symtab->cgraph_max_uid
 +#define varpool_get_node(decl) varpool_node::get(decl)
++#define dump_varpool_node(file, node) (node)->dump(file)
 +
 +#define cgraph_create_edge(caller, callee, call_stmt, count, freq, nest) \
 +	(caller)->create_edge((callee), (call_stmt), (count), (freq))


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/
@ 2016-07-02  8:57 Anthony G. Basile
  0 siblings, 0 replies; 7+ messages in thread
From: Anthony G. Basile @ 2016-07-02  8:57 UTC (permalink / raw
  To: gentoo-commits

commit:     d32dd7f3f7697ee461fd2faa0fd051877e411bc1
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jul  2 08:59:46 2016 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jul  2 08:59:46 2016 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=d32dd7f3

grsecurity-3.1-4.5.7-201606302132

 4.5.7/0000_README                                  |   2 +-
 ...> 4420_grsecurity-3.1-4.5.7-201606302132.patch} | 416 ++++++++++++---------
 4.5.7/4425_grsec_remove_EI_PAX.patch               |   2 +-
 4.5.7/4450_grsec-kconfig-default-gids.patch        |   8 +-
 4.5.7/4470_disable-compat_vdso.patch               |   2 +-
 4.5.7/4475_emutramp_default_on.patch               |   4 +-
 6 files changed, 252 insertions(+), 182 deletions(-)

diff --git a/4.5.7/0000_README b/4.5.7/0000_README
index 6531b4d..cd47bdd 100644
--- a/4.5.7/0000_README
+++ b/4.5.7/0000_README
@@ -2,7 +2,7 @@ README
 -----------------------------------------------------------------------------
 Individual Patch Descriptions:
 -----------------------------------------------------------------------------
-Patch:	4420_grsecurity-3.1-4.5.7-201606292300.patch
+Patch:	4420_grsecurity-3.1-4.5.7-201606302132.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 

diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
similarity index 99%
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
index 4f4d48f..6f9feec 100644
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606292300.patch
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606302132.patch
@@ -12658,7 +12658,7 @@ index 3ba5ff2..44bdacc 100644
  config X86_MINIMUM_CPU_FAMILY
  	int
 diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index 9b18ed9..9528749 100644
+index 9b18ed9..0fb0660 100644
 --- a/arch/x86/Kconfig.debug
 +++ b/arch/x86/Kconfig.debug
 @@ -55,6 +55,7 @@ config X86_PTDUMP
@@ -12669,16 +12669,15 @@ index 9b18ed9..9528749 100644
  	select X86_PTDUMP_CORE
  	---help---
  	  Say Y here if you want to show the kernel pagetable layout in a
-@@ -77,7 +78,7 @@ config EFI_PGT_DUMP
+@@ -77,7 +78,6 @@ config EFI_PGT_DUMP
  config DEBUG_RODATA
  	bool "Write protect kernel read-only data structures"
  	default y
 -	depends on DEBUG_KERNEL
-+	depends on DEBUG_KERNEL && BROKEN
  	---help---
  	  Mark the kernel read-only data as write-protected in the pagetables,
  	  in order to catch accidental (and incorrect) writes to such const
-@@ -123,7 +124,7 @@ config DEBUG_WX
+@@ -123,7 +123,7 @@ config DEBUG_WX
  
  config DEBUG_SET_MODULE_RONX
  	bool "Set loadable kernel module data as NX and text as RO"
@@ -12687,7 +12686,7 @@ index 9b18ed9..9528749 100644
  	---help---
  	  This option helps catch unintended modifications to loadable
  	  kernel module's text and read-only data. It also prevents execution
-@@ -375,6 +376,7 @@ config X86_DEBUG_FPU
+@@ -375,6 +375,7 @@ config X86_DEBUG_FPU
  config PUNIT_ATOM_DEBUG
  	tristate "ATOM Punit debug driver"
  	select DEBUG_FS
@@ -27194,7 +27193,7 @@ index 2c0f340..76c1d24 100644
  
  	for (i = 0; i < NUM_EXCEPTION_VECTORS; i++)
 diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 6bc9ae2..33997fe 100644
+index 6bc9ae2..51f7c58 100644
 --- a/arch/x86/kernel/head_32.S
 +++ b/arch/x86/kernel/head_32.S
 @@ -27,6 +27,12 @@
@@ -27466,28 +27465,23 @@ index 6bc9ae2..33997fe 100644
  	pushl 16(%esp)
  	pushl 24(%esp)
  	pushl 32(%esp)
-@@ -663,29 +755,34 @@ ENTRY(setup_once_ref)
- /*
-  * BSS section
-  */
+@@ -660,11 +752,8 @@ ENTRY(initial_code)
+ ENTRY(setup_once_ref)
+ 	.long setup_once
+ 
+-/*
+- * BSS section
+- */
 -__PAGE_ALIGNED_BSS
 -	.align PAGE_SIZE
++__READ_ONLY
++	.balign	PAGE_SIZE
  #ifdef CONFIG_X86_PAE
-+.section .initial_pg_pmd,"a",@progbits
  initial_pg_pmd:
  	.fill 1024*KPMDS,4,0
- #else
-+.section .initial_page_table,"a",@progbits
- ENTRY(initial_page_table)
- 	.fill 1024,4,0
- #endif
-+.section .initial_pg_fixmap,"a",@progbits
- initial_pg_fixmap:
- 	.fill 1024,4,0
-+.section .empty_zero_page,"a",@progbits
+@@ -677,15 +766,18 @@ initial_pg_fixmap:
  ENTRY(empty_zero_page)
  	.fill 4096,1,0
-+.section .swapper_pg_dir,"a",@progbits
  ENTRY(swapper_pg_dir)
 -	.fill 1024,4,0
 +#ifdef CONFIG_X86_PAE
@@ -27503,21 +27497,24 @@ index 6bc9ae2..33997fe 100644
 -__PAGE_ALIGNED_DATA
 -	/* Page-aligned for the benefit of paravirt? */
 -	.align PAGE_SIZE
-+.section .initial_page_table,"a",@progbits
++__READ_ONLY
++	.balign	PAGE_SIZE
  ENTRY(initial_page_table)
  	.long	pa(initial_pg_pmd+PGD_IDENT_ATTR),0	/* low identity map */
  # if KPMDS == 3
-@@ -704,12 +801,20 @@ ENTRY(initial_page_table)
+@@ -703,13 +795,21 @@ ENTRY(initial_page_table)
+ # else
  #  error "Kernel PMDs should be 1, 2 or 3"
  # endif
- 	.align PAGE_SIZE		/* needs to be page-sized too */
+-	.align PAGE_SIZE		/* needs to be page-sized too */
++	.balign PAGE_SIZE		/* needs to be page-sized too */
 +
-+#ifdef CONFIG_PAX_PER_CPU_PGD
++# ifdef CONFIG_PAX_PER_CPU_PGD
 +ENTRY(cpu_pgd)
 +	.rept 2*NR_CPUS
 +	.fill	PTRS_PER_PGD,8,0
 +	.endr
-+#endif
++# endif
 +
  #endif
  
@@ -27529,16 +27526,16 @@ index 6bc9ae2..33997fe 100644
  
  __INITRODATA
  int_msg:
-@@ -737,7 +842,7 @@ fault_msg:
+@@ -737,7 +837,7 @@ fault_msg:
   * segment size, and 32-bit linear address value:
   */
  
 -	.data
-+.section .rodata,"a",@progbits
++__READ_ONLY
  .globl boot_gdt_descr
  .globl idt_descr
  
-@@ -746,7 +851,7 @@ fault_msg:
+@@ -746,7 +846,7 @@ fault_msg:
  	.word 0				# 32 bit align gdt_desc.address
  boot_gdt_descr:
  	.word __BOOT_DS+7
@@ -27547,7 +27544,7 @@ index 6bc9ae2..33997fe 100644
  
  	.word 0				# 32-bit align idt_desc.address
  idt_descr:
-@@ -757,7 +862,7 @@ idt_descr:
+@@ -757,7 +857,7 @@ idt_descr:
  	.word 0				# 32 bit align gdt_desc.address
  ENTRY(early_gdt_descr)
  	.word GDT_ENTRIES*8-1
@@ -27556,7 +27553,7 @@ index 6bc9ae2..33997fe 100644
  
  /*
   * The boot_gdt must mirror the equivalent in setup.S and is
-@@ -766,5 +871,65 @@ ENTRY(early_gdt_descr)
+@@ -766,5 +866,65 @@ ENTRY(early_gdt_descr)
  	.align L1_CACHE_BYTES
  ENTRY(boot_gdt)
  	.fill GDT_ENTRY_BOOT_CS,8,0
@@ -27625,7 +27622,7 @@ index 6bc9ae2..33997fe 100644
 +	.fill PAGE_SIZE_asm - GDT_SIZE,1,0
 +	.endr
 diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index ffdc0e8..60b5d16 100644
+index ffdc0e8..1827c62 100644
 --- a/arch/x86/kernel/head_64.S
 +++ b/arch/x86/kernel/head_64.S
 @@ -20,6 +20,8 @@
@@ -27704,7 +27701,7 @@ index ffdc0e8..60b5d16 100644
  	movq	%rcx, %cr4
  
  	/* Setup early boot stage 4 level pagetables. */
-@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64)
+@@ -205,10 +239,24 @@ ENTRY(secondary_startup_64)
  	movl	$MSR_EFER, %ecx
  	rdmsr
  	btsl	$_EFER_SCE, %eax	/* Enable System Call */
@@ -27716,7 +27713,10 @@ index ffdc0e8..60b5d16 100644
 +	je	1f
  	btsq	$_PAGE_BIT_NX,early_pmd_flags(%rip)
 +	btsq	$_PAGE_BIT_NX, init_level4_pgt + 8*L4_PAGE_OFFSET(%rip)
-+	btsq	$_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_START(%rip)
++	btsq	$_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START)(%rip)
++	btsq	$_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 8(%rip)
++	btsq	$_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 16(%rip)
++	btsq	$_PAGE_BIT_NX, init_level4_pgt + (8*L4_VMALLOC_START) + 24(%rip)
 +	btsq	$_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMALLOC_END(%rip)
 +	btsq	$_PAGE_BIT_NX, init_level4_pgt + 8*L4_VMEMMAP_START(%rip)
 +	btsq	$_PAGE_BIT_NX, level2_fixmap_pgt + 8*504(%rip)
@@ -27727,7 +27727,7 @@ index ffdc0e8..60b5d16 100644
  1:	wrmsr				/* Make changes effective */
  
  	/* Setup cr0 */
-@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64)
+@@ -288,6 +336,7 @@ ENTRY(secondary_startup_64)
  	 *	REX.W + FF /5 JMP m16:64 Jump far, absolute indirect,
  	 *		address given in m16:64.
  	 */
@@ -27735,7 +27735,7 @@ index ffdc0e8..60b5d16 100644
  	movq	initial_code(%rip),%rax
  	pushq	$0		# fake return address to stop unwinder
  	pushq	$__KERNEL_CS	# set correct cs
-@@ -321,7 +367,7 @@ ENDPROC(start_cpu0)
+@@ -321,7 +370,7 @@ ENDPROC(start_cpu0)
  	.quad	INIT_PER_CPU_VAR(irq_stack_union)
  
  	GLOBAL(stack_start)
@@ -27744,7 +27744,7 @@ index ffdc0e8..60b5d16 100644
  	.word  0
  	__FINITDATA
  
-@@ -401,7 +447,7 @@ early_idt_handler_common:
+@@ -401,7 +450,7 @@ early_idt_handler_common:
  	call dump_stack
  #ifdef CONFIG_KALLSYMS	
  	leaq early_idt_ripmsg(%rip),%rdi
@@ -27753,15 +27753,15 @@ index ffdc0e8..60b5d16 100644
  	call __print_symbol
  #endif
  #endif /* EARLY_PRINTK */
-@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common)
+@@ -430,6 +479,7 @@ ENDPROC(early_idt_handler_common)
  early_recursion_flag:
  	.long 0
  
-+	.section .rodata,"a",@progbits
++	__READ_ONLY
  #ifdef CONFIG_EARLY_PRINTK
  early_idt_msg:
  	.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
-@@ -452,40 +499,70 @@ GLOBAL(name)
+@@ -452,40 +502,70 @@ GLOBAL(name)
  	__INITDATA
  NEXT_PAGE(early_level4_pgt)
  	.fill	511,8,0
@@ -27772,7 +27772,7 @@ index ffdc0e8..60b5d16 100644
  	.fill	512*EARLY_DYNAMIC_PAGE_TABLES,8,0
  
 -	.data
-+	.section .rodata,"a",@progbits
++	__READ_ONLY
  
 -#ifndef CONFIG_XEN
  NEXT_PAGE(init_level4_pgt)
@@ -27844,7 +27844,7 @@ index ffdc0e8..60b5d16 100644
  
  NEXT_PAGE(level2_kernel_pgt)
  	/*
-@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -502,31 +582,79 @@ NEXT_PAGE(level2_kernel_pgt)
  		KERNEL_IMAGE_SIZE/PMD_SIZE)
  
  NEXT_PAGE(level2_fixmap_pgt)
@@ -31240,7 +31240,7 @@ index e574b85..5514c57 100644
  		case VM86_GET_AND_RESET_IRQ: {
  			return get_and_reset_irq(irqnumber);
 diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 74e4bf1..a9a6168 100644
+index 74e4bf1..0897a97 100644
 --- a/arch/x86/kernel/vmlinux.lds.S
 +++ b/arch/x86/kernel/vmlinux.lds.S
 @@ -26,6 +26,13 @@
@@ -31310,7 +31310,7 @@ index 74e4bf1..a9a6168 100644
  		HEAD_TEXT
  		. = ALIGN(8);
  		_stext = .;
-@@ -104,13 +124,47 @@ SECTIONS
+@@ -104,13 +124,35 @@ SECTIONS
  		IRQENTRY_TEXT
  		*(.fixup)
  		*(.gnu.warning)
@@ -31343,18 +31343,6 @@ index 74e4bf1..a9a6168 100644
 +		_etext = . - __KERNEL_TEXT_OFFSET;
 +	}
 +
-+#ifdef CONFIG_X86_32
-+	. = ALIGN(PAGE_SIZE);
-+	.rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
-+		. = ALIGN(PAGE_SIZE);
-+		*(.empty_zero_page)
-+		*(.initial_pg_fixmap)
-+		*(.initial_pg_pmd)
-+		*(.initial_page_table)
-+		*(.swapper_pg_dir)
-+	} :rodata
-+#endif
-+
 +	. = ALIGN(PAGE_SIZE);
 +	NOTES :rodata :note
 +
@@ -31362,7 +31350,7 @@ index 74e4bf1..a9a6168 100644
  
  #if defined(CONFIG_DEBUG_RODATA)
  	/* .text should occupy whole number of pages */
-@@ -122,16 +176,20 @@ SECTIONS
+@@ -122,16 +164,20 @@ SECTIONS
  
  	/* Data */
  	.data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -31386,7 +31374,7 @@ index 74e4bf1..a9a6168 100644
  
  		PAGE_ALIGNED_DATA(PAGE_SIZE)
  
-@@ -174,12 +232,19 @@ SECTIONS
+@@ -174,12 +220,19 @@ SECTIONS
         . = ALIGN(__vvar_page + PAGE_SIZE, PAGE_SIZE);
  
  	/* Init code and data - will be freed after init */
@@ -31409,7 +31397,7 @@ index 74e4bf1..a9a6168 100644
  	/*
  	 * percpu offsets are zero-based on SMP.  PERCPU_VADDR() changes the
  	 * output PHDR, so the next output section - .init.text - should
-@@ -190,12 +255,33 @@ SECTIONS
+@@ -190,12 +243,33 @@ SECTIONS
  	       "per-CPU data too large - increase CONFIG_PHYSICAL_START")
  #endif
  
@@ -31447,7 +31435,7 @@ index 74e4bf1..a9a6168 100644
  
  	.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
  		__x86_cpu_dev_start = .;
-@@ -266,19 +352,12 @@ SECTIONS
+@@ -266,19 +340,12 @@ SECTIONS
  	}
  
  	. = ALIGN(8);
@@ -31468,7 +31456,7 @@ index 74e4bf1..a9a6168 100644
  	PERCPU_SECTION(INTERNODE_CACHE_BYTES)
  #endif
  
-@@ -297,16 +376,10 @@ SECTIONS
+@@ -297,16 +364,10 @@ SECTIONS
  	.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
  		__smp_locks = .;
  		*(.smp_locks)
@@ -31486,7 +31474,7 @@ index 74e4bf1..a9a6168 100644
  	/* BSS */
  	. = ALIGN(PAGE_SIZE);
  	.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -322,6 +395,7 @@ SECTIONS
+@@ -322,6 +383,7 @@ SECTIONS
  		__brk_base = .;
  		. += 64 * 1024;		/* 64k alignment slop space */
  		*(.brk_reservation)	/* areas brk users have reserved */
@@ -31494,7 +31482,7 @@ index 74e4bf1..a9a6168 100644
  		__brk_limit = .;
  	}
  
-@@ -348,13 +422,12 @@ SECTIONS
+@@ -348,13 +410,12 @@ SECTIONS
   * for the boot processor.
   */
  #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -35806,7 +35794,7 @@ index 740d7ac..4091827 100644
  #endif /* CONFIG_HUGETLB_PAGE */
  
 diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 493f541..d8e6b22 100644
+index 493f541..ee7a3f0 100644
 --- a/arch/x86/mm/init.c
 +++ b/arch/x86/mm/init.c
 @@ -4,6 +4,7 @@
@@ -35817,16 +35805,15 @@ index 493f541..d8e6b22 100644
  
  #include <asm/cacheflush.h>
  #include <asm/e820.h>
-@@ -17,6 +18,8 @@
+@@ -17,6 +18,7 @@
  #include <asm/proto.h>
  #include <asm/dma.h>		/* for MAX_DMA_PFN */
  #include <asm/microcode.h>
-+#include <asm/desc.h>
 +#include <asm/bios_ebda.h>
  
  /*
   * We need to define the tracepoints somewhere, and tlb.c
-@@ -618,7 +621,18 @@ void __init init_mem_mapping(void)
+@@ -618,7 +620,18 @@ void __init init_mem_mapping(void)
  	early_ioremap_page_table_range_init();
  #endif
  
@@ -35845,7 +35832,7 @@ index 493f541..d8e6b22 100644
  	__flush_tlb_all();
  
  	early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -634,10 +648,34 @@ void __init init_mem_mapping(void)
+@@ -634,10 +647,34 @@ void __init init_mem_mapping(void)
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   */
@@ -35880,8 +35867,8 @@ index 493f541..d8e6b22 100644
  	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
  		return 0;
  	if (!page_is_ram(pagenr))
-@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
- #endif
+@@ -645,6 +682,29 @@ int devmem_is_allowed(unsigned long pagenr)
+ 	return 0;
  }
  
 +#ifdef CONFIG_GRKERNSEC_KMEM
@@ -35907,109 +35894,29 @@ index 493f541..d8e6b22 100644
 +static inline void gr_init_ebda(void) { }
 +#endif
 +
+ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ {
+ 	unsigned long begin_aligned, end_aligned;
+@@ -668,7 +728,7 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ 	 */
+ #ifdef CONFIG_DEBUG_PAGEALLOC
+ 	printk(KERN_INFO "debug: unmapping init [mem %#010lx-%#010lx]\n",
+-		begin, end - 1);
++	       begin, end - 1);
+ 	set_memory_np(begin, (end - begin) >> PAGE_SHIFT);
+ #else
+ 	/*
+@@ -685,6 +745,8 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+ 
  void free_initmem(void)
  {
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifdef CONFIG_X86_32
-+	/* PaX: limit KERNEL_CS to actual size */
-+	unsigned long addr, limit;
-+	struct desc_struct d;
-+	int cpu;
-+#else
-+	pgd_t *pgd;
-+	pud_t *pud;
-+	pmd_t *pmd;
-+	unsigned long addr, end;
-+#endif
-+#endif
-+
 +	gr_init_ebda();
 +
-+#ifdef CONFIG_PAX_KERNEXEC
-+#ifdef CONFIG_X86_32
-+	limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
-+	limit = (limit - 1UL) >> PAGE_SHIFT;
-+
-+	memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
-+	for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
-+		pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
-+		write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
-+		write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
-+	}
-+
-+	/* PaX: make KERNEL_CS read-only */
-+	addr = PFN_ALIGN(ktla_ktva((unsigned long)&_text));
-+	if (!paravirt_enabled())
-+		set_memory_ro(addr, (PFN_ALIGN(_sdata) - addr) >> PAGE_SHIFT);
-+/*
-+		for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_sdata; addr += PMD_SIZE) {
-+			pgd = pgd_offset_k(addr);
-+			pud = pud_offset(pgd, addr);
-+			pmd = pmd_offset(pud, addr);
-+			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+		}
-+*/
-+#ifdef CONFIG_X86_PAE
-+	set_memory_nx(PFN_ALIGN(__init_begin), (PFN_ALIGN(__init_end) - PFN_ALIGN(__init_begin)) >> PAGE_SHIFT);
-+/*
-+	for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
-+		pgd = pgd_offset_k(addr);
-+		pud = pud_offset(pgd, addr);
-+		pmd = pmd_offset(pud, addr);
-+		set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+	}
-+*/
-+#endif
-+
-+#ifdef CONFIG_MODULES
-+	set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
-+#endif
-+
-+#else
-+	/* PaX: make kernel code/rodata read-only, rest non-executable */
-+	set_memory_ro((unsigned long)_text, ((unsigned long)(_sdata - _text) >> PAGE_SHIFT));
-+	set_memory_nx((unsigned long)_sdata, (__START_KERNEL_map + KERNEL_IMAGE_SIZE - (unsigned long)_sdata) >> PAGE_SHIFT);
-+
-+	for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
-+		pgd = pgd_offset_k(addr);
-+		pud = pud_offset(pgd, addr);
-+		pmd = pmd_offset(pud, addr);
-+		if (!pmd_present(*pmd))
-+			continue;
-+		if (addr >= (unsigned long)_text)
-+			BUG_ON(!pmd_large(*pmd));
-+		if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
-+			BUG_ON(pmd_write(*pmd));
-+//			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+		else
-+			BUG_ON(!(pmd_flags(*pmd) & _PAGE_NX));
-+//			set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
-+	}
-+
-+	addr = (unsigned long)__va(__pa(__START_KERNEL_map));
-+	end = addr + KERNEL_IMAGE_SIZE;
-+	for (; addr < end; addr += PMD_SIZE) {
-+	pgd = pgd_offset_k(addr);
-+		pud = pud_offset(pgd, addr);
-+		pmd = pmd_offset(pud, addr);
-+		if (!pmd_present(*pmd))
-+			continue;
-+		if (addr >= (unsigned long)_text)
-+			BUG_ON(!pmd_large(*pmd));
-+		if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
-+			BUG_ON(pmd_write(*pmd));
-+//			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
-+	}
-+#endif
-+
-+	flush_tlb_all();
-+#endif
-+
  	free_init_pages("unused kernel",
  			(unsigned long)(&__init_begin),
  			(unsigned long)(&__init_end));
 diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index cb4ef3d..377ec5a 100644
+index cb4ef3d..1b13259 100644
 --- a/arch/x86/mm/init_32.c
 +++ b/arch/x86/mm/init_32.c
 @@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
@@ -36253,16 +36160,77 @@ index cb4ef3d..377ec5a 100644
  	pr_debug("Set kernel text: %lx - %lx for read only\n",
  		 start, start+size);
  
-@@ -927,6 +931,7 @@ void mark_rodata_ro(void)
+@@ -911,7 +915,7 @@ static void mark_nxdata_nx(void)
+ 	 * When this called, init has already been executed and released,
+ 	 * so everything past _etext should be NX.
+ 	 */
+-	unsigned long start = PFN_ALIGN(_etext);
++	unsigned long start = ktla_ktva(PFN_ALIGN(_etext));
+ 	/*
+ 	 * This comes from is_kernel_text upper limit. Also HPAGE where used:
+ 	 */
+@@ -927,26 +931,47 @@ void mark_rodata_ro(void)
  	unsigned long start = PFN_ALIGN(_text);
  	unsigned long size = PFN_ALIGN(_etext) - start;
  
+-	set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
+-	printk(KERN_INFO "Write protecting the kernel text: %luk\n",
+-		size >> 10);
++	if (config_enabled(CONFIG_PAX_KERNEXEC)) {
++		/* PaX: limit KERNEL_CS to actual size */
++		unsigned long limit;
++		struct desc_struct d;
++		int cpu;
+ 
+-	kernel_set_to_readonly = 1;
++		limit = paravirt_enabled() ? ktva_ktla(0xffffffff) : (unsigned long)&_etext;
++		limit = (limit - 1UL) >> PAGE_SHIFT;
++
++		memset(__LOAD_PHYSICAL_ADDR + PAGE_OFFSET, POISON_FREE_INITMEM, PAGE_SIZE);
++		for (cpu = 0; cpu < nr_cpu_ids; cpu++) {
++			pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
++			write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++			write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEXEC_KERNEL_CS, &d, DESCTYPE_S);
++		}
++
++		if (config_enabled(CONFIG_MODULES))
++			set_memory_4k((unsigned long)MODULES_EXEC_VADDR, (MODULES_EXEC_END - MODULES_EXEC_VADDR) >> PAGE_SHIFT);
++	}
++
 +	start = ktla_ktva(start);
++	/* PaX: make KERNEL_CS read-only */
++	if (config_enabled(CONFIG_PAX_KERNEXEC) && !paravirt_enabled()) {
++		set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
++		printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10);
++
++		kernel_set_to_readonly = 1;
+ 
+ #ifdef CONFIG_CPA_DEBUG
+-	printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n",
+-		start, start+size);
+-	set_pages_rw(virt_to_page(start), size>>PAGE_SHIFT);
++		printk(KERN_INFO "Testing CPA: Reverting %lx-%lx\n", start, start+size);
++		set_pages_rw(virt_to_page(start), size>>PAGE_SHIFT);
+ 
+-	printk(KERN_INFO "Testing CPA: write protecting again\n");
+-	set_pages_ro(virt_to_page(start), size>>PAGE_SHIFT);
++		printk(KERN_INFO "Testing CPA: write protecting again\n");
++		set_pages_ro(virt_to_page(start), size>>PAGE_SHIFT);
+ #endif
++	}
+ 
+ 	start += size;
+-	size = (unsigned long)__end_rodata - start;
++	size = PFN_ALIGN(_sdata) - start;
  	set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
- 	printk(KERN_INFO "Write protecting the kernel text: %luk\n",
- 		size >> 10);
+-	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+-		size >> 10);
++	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", size >> 10);
+ 	rodata_test();
+ 
+ #ifdef CONFIG_CPA_DEBUG
 diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 5488d21..6063860 100644
+index 5488d21..9f75681 100644
 --- a/arch/x86/mm/init_64.c
 +++ b/arch/x86/mm/init_64.c
 @@ -137,7 +137,7 @@ int kernel_ident_mapping_init(struct x86_mapping_info *info, pgd_t *pgd_page,
@@ -36395,6 +36363,94 @@ index 5488d21..6063860 100644
  		spin_unlock(&init_mm.page_table_lock);
  		pgd_changed = true;
  	}
+@@ -1107,8 +1135,7 @@ void set_kernel_text_ro(void)
+ 	if (!kernel_set_to_readonly)
+ 		return;
+ 
+-	pr_debug("Set kernel text: %lx - %lx for read only\n",
+-		 start, end);
++	pr_debug("Set kernel text: %lx - %lx for read only\n", start, end);
+ 
+ 	/*
+ 	 * Set the kernel identity mapping for text RO.
+@@ -1118,15 +1145,20 @@ void set_kernel_text_ro(void)
+ 
+ void mark_rodata_ro(void)
+ {
++	unsigned long addr;
+ 	unsigned long start = PFN_ALIGN(_text);
+ 	unsigned long rodata_start = PFN_ALIGN(__start_rodata);
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long end = PFN_ALIGN(_sdata);
++	unsigned long text_end = end;
++#else
+ 	unsigned long end = (unsigned long) &__end_rodata_hpage_align;
+ 	unsigned long text_end = PFN_ALIGN(&__stop___ex_table);
++#endif
+ 	unsigned long rodata_end = PFN_ALIGN(&__end_rodata);
+ 	unsigned long all_end;
+ 
+-	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
+-	       (end - start) >> 10);
++	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", (end - start) >> 10);
+ 	set_memory_ro(start, (end - start) >> PAGE_SHIFT);
+ 
+ 	kernel_set_to_readonly = 1;
+@@ -1156,12 +1188,54 @@ void mark_rodata_ro(void)
+ 	set_memory_ro(start, (end-start) >> PAGE_SHIFT);
+ #endif
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	/* PaX: ensure that kernel code/rodata is read-only, the rest is non-executable */
++	for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
++		pgd_t *pgd;
++		pud_t *pud;
++		pmd_t *pmd;
++
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		if (!pmd_present(*pmd))
++			continue;
++		if (addr >= (unsigned long)_text)
++			BUG_ON(!pmd_large(*pmd));
++		if ((unsigned long)_text <= addr && addr < (unsigned long)_sdata)
++			BUG_ON(pmd_write(*pmd));
++//			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++		else
++			BUG_ON(!(pmd_flags(*pmd) & _PAGE_NX));
++//			set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++	}
++
++	addr = (unsigned long)__va(__pa(__START_KERNEL_map));
++	end = addr + KERNEL_IMAGE_SIZE;
++	for (; addr < end; addr += PMD_SIZE) {
++		pgd_t *pgd;
++		pud_t *pud;
++		pmd_t *pmd;
++
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		if (!pmd_present(*pmd))
++			continue;
++		if (addr >= (unsigned long)_text)
++			BUG_ON(!pmd_large(*pmd));
++		if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_sdata)))
++			BUG_ON(pmd_write(*pmd));
++//			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++	}
++#else
+ 	free_init_pages("unused kernel",
+ 			(unsigned long) __va(__pa_symbol(text_end)),
+ 			(unsigned long) __va(__pa_symbol(rodata_start)));
+ 	free_init_pages("unused kernel",
+ 			(unsigned long) __va(__pa_symbol(rodata_end)),
+ 			(unsigned long) __va(__pa_symbol(_sdata)));
++#endif
+ 
+ 	debug_checkwx();
+ }
 diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
 index 9c0ff04..9020d5f 100644
 --- a/arch/x86/mm/iomap_32.c
@@ -131434,7 +131490,7 @@ index ba7a9b0..33a0237 100644
  extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
  extern void unregister_pppox_proto(int proto_num);
 diff --git a/include/linux/init.h b/include/linux/init.h
-index b449f37..3416791 100644
+index b449f37..2bf1598 100644
 --- a/include/linux/init.h
 +++ b/include/linux/init.h
 @@ -39,7 +39,7 @@
@@ -131455,6 +131511,19 @@ index b449f37..3416791 100644
  #define __meminitdata    __section(.meminit.data)
  #define __meminitconst   __constsection(.meminit.rodata)
  #define __memexit        __section(.memexit.text) __exitused __cold notrace
+@@ -117,6 +117,12 @@
+ #define __REFDATA        .section       ".ref.data", "aw"
+ #define __REFCONST       .section       ".ref.rodata", "a"
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++#define __READ_ONLY	.section	".data..read_only","a",%progbits
++#else
++#define __READ_ONLY	.section	".data..mostly","aw",%progbits
++#endif
++
+ #ifndef __ASSEMBLY__
+ /*
+  * Used for initialization calls..
 diff --git a/include/linux/init_task.h b/include/linux/init_task.h
 index f2cb8d4..2f0363e 100644
 --- a/include/linux/init_task.h
@@ -211966,10 +212035,10 @@ index 23ba1c6..cad2484 100755
  # Find all available archs
  find_all_archs()
 diff --git a/security/Kconfig b/security/Kconfig
-index e452378..e634654 100644
+index e452378..cc25231 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -4,6 +4,994 @@
+@@ -4,6 +4,995 @@
  
  menu "Security options"
  
@@ -212559,6 +212628,7 @@ index e452378..e634654 100644
 +	depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
 +	select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
 +	select PAX_KERNEXEC_PLUGIN if X86_64
++	select DEBUG_RODATA if X86
 +	select ARM_KERNMEM_PERMS if ARM
 +	help
 +	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
@@ -212964,7 +213034,7 @@ index e452378..e634654 100644
  source security/keys/Kconfig
  
  config SECURITY_DMESG_RESTRICT
-@@ -104,7 +1092,7 @@ config INTEL_TXT
+@@ -104,7 +1093,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX

diff --git a/4.5.7/4425_grsec_remove_EI_PAX.patch b/4.5.7/4425_grsec_remove_EI_PAX.patch
index 2a1aa6c..c988c9a 100644
--- a/4.5.7/4425_grsec_remove_EI_PAX.patch
+++ b/4.5.7/4425_grsec_remove_EI_PAX.patch
@@ -8,7 +8,7 @@ X-Gentoo-Bug-URL: https://bugs.gentoo.org/445600
 diff -Nuar linux-3.7.1-hardened.orig/security/Kconfig linux-3.7.1-hardened/security/Kconfig
 --- linux-3.7.1-hardened.orig/security/Kconfig	2012-12-26 08:39:29.000000000 -0500
 +++ linux-3.7.1-hardened/security/Kconfig	2012-12-26 09:05:44.000000000 -0500
-@@ -279,7 +279,7 @@
+@@ -280,7 +280,7 @@
  
  config PAX_EI_PAX
  	bool 'Use legacy ELF header marking'

diff --git a/4.5.7/4450_grsec-kconfig-default-gids.patch b/4.5.7/4450_grsec-kconfig-default-gids.patch
index 79a866b..ccf0abd 100644
--- a/4.5.7/4450_grsec-kconfig-default-gids.patch
+++ b/4.5.7/4450_grsec-kconfig-default-gids.patch
@@ -73,7 +73,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
 diff -Nuar a/security/Kconfig b/security/Kconfig
 --- a/security/Kconfig	2012-10-13 09:51:35.000000000 -0400
 +++ b/security/Kconfig	2012-10-13 09:52:59.000000000 -0400
-@@ -207,7 +207,7 @@
+@@ -208,7 +208,7 @@
  
  config GRKERNSEC_PROC_GID
  	int "GID exempted from /proc restrictions"
@@ -82,7 +82,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
  	help
  	  Setting this GID determines which group will be exempted from
  	  grsecurity's /proc restrictions, allowing users of the specified
-@@ -218,7 +218,7 @@
+@@ -219,7 +219,7 @@
  config GRKERNSEC_TPE_UNTRUSTED_GID
          int "GID for TPE-untrusted users"
          depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
@@ -91,7 +91,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
          help
  	  Setting this GID determines which group untrusted users should
  	  be added to.  These users will be placed under grsecurity's Trusted Path
-@@ -230,7 +230,7 @@
+@@ -231,7 +231,7 @@
  config GRKERNSEC_TPE_TRUSTED_GID
          int "GID for TPE-trusted users"
          depends on GRKERNSEC_CONFIG_SERVER && GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
@@ -100,7 +100,7 @@ diff -Nuar a/security/Kconfig b/security/Kconfig
          help
            Setting this GID determines what group TPE restrictions will be
            *disabled* for.  If the sysctl option is enabled, a sysctl option
-@@ -239,7 +239,7 @@
+@@ -240,7 +240,7 @@
  config GRKERNSEC_SYMLINKOWN_GID
          int "GID for users with kernel-enforced SymlinksIfOwnerMatch"
          depends on GRKERNSEC_CONFIG_SERVER

diff --git a/4.5.7/4470_disable-compat_vdso.patch b/4.5.7/4470_disable-compat_vdso.patch
index 4aba080..febce96 100644
--- a/4.5.7/4470_disable-compat_vdso.patch
+++ b/4.5.7/4470_disable-compat_vdso.patch
@@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
 --- a/arch/x86/Kconfig	2009-07-31 01:36:57.323857684 +0100
 +++ b/arch/x86/Kconfig	2009-07-31 01:51:39.395749681 +0100
-@@ -2044,29 +2044,8 @@
+@@ -2047,29 +2047,8 @@
  
  config COMPAT_VDSO
  	def_bool n

diff --git a/4.5.7/4475_emutramp_default_on.patch b/4.5.7/4475_emutramp_default_on.patch
index afd6019..feb8c7b 100644
--- a/4.5.7/4475_emutramp_default_on.patch
+++ b/4.5.7/4475_emutramp_default_on.patch
@@ -10,7 +10,7 @@ See bug:
 diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/security/Kconfig
 --- linux-3.9.2-hardened.orig/security/Kconfig	2013-05-18 08:53:41.000000000 -0400
 +++ linux-3.9.2-hardened/security/Kconfig	2013-05-18 09:17:57.000000000 -0400
-@@ -439,7 +439,7 @@
+@@ -440,7 +440,7 @@
  
  config PAX_EMUTRAMP
  	bool "Emulate trampolines"
@@ -19,7 +19,7 @@ diff -Naur linux-3.9.2-hardened.orig/security/Kconfig linux-3.9.2-hardened/secur
  	depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || X86)
  	help
  	  There are some programs and libraries that for one reason or
-@@ -462,6 +462,12 @@
+@@ -463,6 +463,12 @@
  	  utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
  	  for the affected files.
  


^ permalink raw reply related	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2016-07-02  8:57 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-06-28 11:22 [gentoo-commits] proj/hardened-patchset:master commit in: 4.5.7/ Anthony G. Basile
  -- strict thread matches above, loose matches on Subject: below --
2016-07-02  8:57 Anthony G. Basile
2016-06-30 13:19 Anthony G. Basile
2016-06-30 13:09 Anthony G. Basile
2016-06-27 10:26 Anthony G. Basile
2016-06-21 10:18 Anthony G. Basile
2016-06-15 18:54 Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox