diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-03-04 09:49:46 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-03-04 09:49:46 -0500 |
| commit | ec8c51cd545a43fca3d89468b7c69872cac8f076 (patch) | |
| tree | 776d82f82df10a6233df02c5596343d1f999da77 | |
| parent | Grsec/PaX: 2.9-2.6.32.57-201202251202 + 2.9-3.2.7-201202251203 (diff) | |
| download | hardened-patchset-ec8c51cd545a43fca3d89468b7c69872cac8f076.tar.gz hardened-patchset-ec8c51cd545a43fca3d89468b7c69872cac8f076.tar.bz2 hardened-patchset-ec8c51cd545a43fca3d89468b7c69872cac8f076.zip | |
Grsec/PaX: 2.9-2.6.32.57-201203022148 + 2.9-3.2.9-20120302214820120302
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9-2.6.32.57-201203022148.patch (renamed from 2.6.32/4420_grsecurity-2.9-2.6.32.57-201202251202.patch) | 566 | ||||
| -rw-r--r-- | 2.6.32/4440_grsec-remove-protected-paths.patch | 2 | ||||
| -rw-r--r-- | 2.6.32/4445_grsec-pax-without-grsec.patch | 6 | ||||
| -rw-r--r-- | 2.6.32/4450_grsec-kconfig-default-gids.patch | 14 | ||||
| -rw-r--r-- | 2.6.32/4460-grsec-kconfig-proc-user.patch | 4 | ||||
| -rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
| -rw-r--r-- | 3.2.7/1006_linux-3.2.7.patch | 994 | ||||
| -rw-r--r-- | 3.2.9/0000_README (renamed from 3.2.7/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.9/4420_grsecurity-2.9-3.2.9-201203022148.patch (renamed from 3.2.7/4420_grsecurity-2.9-3.2.7-201202251203.patch) | 427 | ||||
| -rw-r--r-- | 3.2.9/4425_grsec_enable_xtpax.patch (renamed from 3.2.7/4425_grsec_enable_xtpax.patch) | 0 | ||||
| -rw-r--r-- | 3.2.9/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.7/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.9/4435_grsec-mute-warnings.patch (renamed from 3.2.7/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.9/4440_grsec-remove-protected-paths.patch (renamed from 3.2.7/4440_grsec-remove-protected-paths.patch) | 2 | ||||
| -rw-r--r-- | 3.2.9/4445_grsec-pax-without-grsec.patch (renamed from 3.2.7/4445_grsec-pax-without-grsec.patch) | 6 | ||||
| -rw-r--r-- | 3.2.9/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.7/4450_grsec-kconfig-default-gids.patch) | 14 | ||||
| -rw-r--r-- | 3.2.9/4455_grsec-kconfig-gentoo.patch (renamed from 3.2.7/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.2.9/4460-grsec-kconfig-proc-user.patch (renamed from 3.2.7/4460-grsec-kconfig-proc-user.patch) | 4 | ||||
| -rw-r--r-- | 3.2.9/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.7/4465_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
| -rw-r--r-- | 3.2.9/4470_disable-compat_vdso.patch (renamed from 3.2.7/4470_disable-compat_vdso.patch) | 0 |
20 files changed, 754 insertions, 1297 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index d4a9997..b14a3bc 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -22,7 +22,7 @@ Patch: 1056_linux-2.6.32.57.patch From: http://www.kernel.org Desc: Linux 2.6.32.57 -Patch: 4420_grsecurity-2.9-2.6.32.57-201202251202.patch +Patch: 4420_grsecurity-2.9-2.6.32.57-201203022148.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9-2.6.32.57-201202251202.patch b/2.6.32/4420_grsecurity-2.9-2.6.32.57-201203022148.patch index 59a7ef3..f2893fd 100644 --- a/2.6.32/4420_grsecurity-2.9-2.6.32.57-201202251202.patch +++ b/2.6.32/4420_grsecurity-2.9-2.6.32.57-201203022148.patch @@ -185,7 +185,7 @@ index c840e7d..f4c451c 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 3377650..76aacb3 100644 +index 3377650..095e46d 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -220,32 +220,34 @@ index 3377650..76aacb3 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,46 @@ else +@@ -526,6 +527,48 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN -+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN ++CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK -+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN -+STACKLEAK_PLUGIN += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 ++STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN ++STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 +endif +ifdef CONFIG_KALLOCSTAT_PLUGIN -+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so ++KALLOCSTAT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so +endif +ifdef CONFIG_PAX_KERNEXEC_PLUGIN -+KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so -+KERNEXEC_PLUGIN += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) ++KERNEXEC_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so ++KERNEXEC_PLUGIN_CFLAGS += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) -DKERNEXEC_PLUGIN ++KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN +endif +ifdef CONFIG_CHECKER_PLUGIN +ifeq ($(call cc-ifversion, -ge, 0406, y), y) -+CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN ++CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN +endif +endif -+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN) ++GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) ++GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) +export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: @@ -267,7 +269,7 @@ index 3377650..76aacb3 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +688,7 @@ export mod_strip_cmd +@@ -647,7 +690,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -276,15 +278,16 @@ index 3377650..76aacb3 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +909,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +911,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in -+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS) ++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +919,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +922,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -293,23 +296,24 @@ index 3377650..76aacb3 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1028,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1031,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. -+prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS)) ++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1170,7 @@ all: modules +@@ -1127,6 +1173,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS) ++modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1180,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1184,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -318,7 +322,7 @@ index 3377650..76aacb3 100644 # Target to install modules PHONY += modules_install -@@ -1201,7 +1245,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ +@@ -1201,7 +1249,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ include/linux/utsrelease.h \ include/linux/bounds.h include/asm*/asm-offsets.h \ @@ -327,7 +331,7 @@ index 3377650..76aacb3 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1289,7 @@ distclean: mrproper +@@ -1245,7 +1293,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -336,7 +340,7 @@ index 3377650..76aacb3 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1336,7 @@ help: +@@ -1292,6 +1340,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -344,15 +348,16 @@ index 3377650..76aacb3 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1438,7 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1442,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS) ++modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1494,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1499,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -361,18 +366,20 @@ index 3377650..76aacb3 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1559,19 @@ else +@@ -1513,17 +1564,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif -%.s: %.c prepare scripts FORCE -+%.s: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.s: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.i: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -%.o: %.c prepare scripts FORCE -+%.o: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.o: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.lst: %.c prepare scripts FORCE @@ -385,18 +392,20 @@ index 3377650..76aacb3 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1581,13 @@ endif +@@ -1533,11 +1588,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%/: prepare scripts FORCE -+%/: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%/: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%.ko: prepare scripts FORCE -+%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.ko: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ @@ -2881,7 +2890,7 @@ index 3f17b83..1f9e766 100644 #include <asm-generic/getorder.h> diff --git a/arch/powerpc/include/asm/pci.h b/arch/powerpc/include/asm/pci.h -index b5ea626..4030822 100644 +index b5ea626..40308222 100644 --- a/arch/powerpc/include/asm/pci.h +++ b/arch/powerpc/include/asm/pci.h @@ -65,8 +65,8 @@ static inline int pci_get_legacy_ide_irq(struct pci_dev *dev, int channel) @@ -8436,7 +8445,7 @@ index 016218c..47ccbdd 100644 set_fs(old_fs); diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h -index e2077d3..b7a8919 100644 +index e2077d3..17d07ad 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h @@ -8,10 +8,10 @@ @@ -8456,7 +8465,7 @@ index e2077d3..b7a8919 100644 .endm #endif -+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#ifdef KERNEXEC_PLUGIN + .macro pax_force_retaddr_bts rip=0 + btsq $63,\rip(%rsp) + .endm @@ -18113,7 +18122,7 @@ index 8d82a77..0baf312 100644 .gdb_bpt_instr = { 0xcc }, .flags = KGDB_HW_BREAKPOINT, diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 7a67820..8d15b75 100644 +index 7a67820..70ea187 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -168,9 +168,13 @@ static void __kprobes set_jmp_op(void *from, void *to) @@ -18203,7 +18212,7 @@ index 7a67820..8d15b75 100644 /* Skip orig_ax, ip, cs */ " addq $24, %rsp\n" " popfq\n" -+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#ifdef KERNEXEC_PLUGIN + " btsq $63,(%rsp)\n" +#endif #else @@ -24839,7 +24848,7 @@ index 63a6ba6..79abd7a 100644 return (void *)vaddr; } diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index f46c340..6ff9a26 100644 +index f46c3407..6ff9a26 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -267,13 +267,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -30944,6 +30953,39 @@ index a5d585d..d087be3 100644 .show = kobj_pkt_show, .store = kobj_pkt_store }; +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c +index 59cccc9..a4592ec 100644 +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -2057,11 +2057,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf, + if (!nr) + return -ENOMEM; + +- if (!access_ok(VERIFY_WRITE, ubuf, nframes * CD_FRAMESIZE_RAW)) { +- ret = -EFAULT; +- goto out; +- } +- + cgc.data_direction = CGC_DATA_READ; + while (nframes > 0) { + if (nr > nframes) +@@ -2070,7 +2065,7 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf, + ret = cdrom_read_block(cdi, &cgc, lba, nr, 1, CD_FRAMESIZE_RAW); + if (ret) + break; +- if (__copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) { ++ if (copy_to_user(ubuf, cgc.buffer, CD_FRAMESIZE_RAW * nr)) { + ret = -EFAULT; + break; + } +@@ -2078,7 +2073,6 @@ static int cdrom_read_cdda_old(struct cdrom_device_info *cdi, __u8 __user *ubuf, + nframes -= nr; + lba += nr; + } +-out: + kfree(cgc.buffer); + return ret; + } diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig index 6aad99e..89cd142 100644 --- a/drivers/char/Kconfig @@ -46529,7 +46571,7 @@ index 0133b5a..b3baa9f 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 1ed37ba..de82ab7 100644 +index 1ed37ba..308a022 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,6 +31,7 @@ @@ -46666,6 +46708,7 @@ index 1ed37ba..de82ab7 100644 return error; } ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static unsigned long pax_parse_pt_pax_softmode(const struct elf_phdr * const elf_phdata) +{ + unsigned long pax_flags = 0UL; @@ -46811,7 +46854,7 @@ index 1ed37ba..de82ab7 100644 +#endif + +#ifdef CONFIG_PAX_SEGMEXEC -+ if (!(__supported_pte_mask & _PAGE_NX)) { ++ if (!(pax_flags & MF_PAX_PAGEEXEC) || !(__supported_pte_mask & _PAGE_NX)) { + pax_flags &= ~MF_PAX_PAGEEXEC; + pax_flags |= MF_PAX_SEGMEXEC; + } @@ -46985,7 +47028,6 @@ index 1ed37ba..de82ab7 100644 + +} + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) +{ + unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; @@ -48627,10 +48669,38 @@ index 7a5f1ac..205b034 100644 out: return rc; } +diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c +index 4e25328..3015389 100644 +--- a/fs/ecryptfs/file.c ++++ b/fs/ecryptfs/file.c +@@ -323,11 +323,11 @@ ecryptfs_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) + + const struct file_operations ecryptfs_dir_fops = { + .readdir = ecryptfs_readdir, ++ .read = generic_read_dir, + .unlocked_ioctl = ecryptfs_unlocked_ioctl, + #ifdef CONFIG_COMPAT + .compat_ioctl = ecryptfs_compat_ioctl, + #endif +- .mmap = generic_file_mmap, + .open = ecryptfs_open, + .flush = ecryptfs_flush, + .release = ecryptfs_release, diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index 88ba4d4..073f003 100644 +index 88ba4d4..55639ca 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c +@@ -575,8 +575,8 @@ static int ecryptfs_rmdir(struct inode *dir, struct dentry *dentry) + dget(lower_dentry); + rc = vfs_rmdir(lower_dir_dentry->d_inode, lower_dentry); + dput(lower_dentry); +- if (!rc) +- d_delete(lower_dentry); ++ if (!rc && dentry->d_inode) ++ clear_nlink(dentry->d_inode); + fsstack_copy_attr_times(dir, lower_dir_dentry->d_inode); + dir->i_nlink = lower_dir_dentry->d_inode->i_nlink; + unlock_dir(lower_dir_dentry); @@ -660,7 +660,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, old_fs = get_fs(); set_fs(get_ds()); @@ -48649,6 +48719,235 @@ index 88ba4d4..073f003 100644 set_fs(old_fs); if (rc < 0) goto out_free; +@@ -758,18 +758,23 @@ upper_size_to_lower_size(struct ecryptfs_crypt_stat *crypt_stat, + } + + /** +- * ecryptfs_truncate ++ * truncate_upper + * @dentry: The ecryptfs layer dentry +- * @new_length: The length to expand the file to ++ * @ia: Address of the ecryptfs inode's attributes ++ * @lower_ia: Address of the lower inode's attributes + * + * Function to handle truncations modifying the size of the file. Note + * that the file sizes are interpolated. When expanding, we are simply +- * writing strings of 0's out. When truncating, we need to modify the +- * underlying file size according to the page index interpolations. ++ * writing strings of 0's out. When truncating, we truncate the upper ++ * inode and update the lower_ia according to the page index ++ * interpolations. If ATTR_SIZE is set in lower_ia->ia_valid upon return, ++ * the caller must use lower_ia in a call to notify_change() to perform ++ * the truncation of the lower inode. + * + * Returns zero on success; non-zero otherwise + */ +-int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) ++static int truncate_upper(struct dentry *dentry, struct iattr *ia, ++ struct iattr *lower_ia) + { + int rc = 0; + struct inode *inode = dentry->d_inode; +@@ -780,8 +785,10 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) + loff_t lower_size_before_truncate; + loff_t lower_size_after_truncate; + +- if (unlikely((new_length == i_size))) ++ if (unlikely((ia->ia_size == i_size))) { ++ lower_ia->ia_valid &= ~ATTR_SIZE; + goto out; ++ } + crypt_stat = &ecryptfs_inode_to_private(dentry->d_inode)->crypt_stat; + /* Set up a fake ecryptfs file, this is used to interface with + * the file in the underlying filesystem so that the +@@ -801,28 +808,30 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) + &fake_ecryptfs_file, + ecryptfs_inode_to_private(dentry->d_inode)->lower_file); + /* Switch on growing or shrinking file */ +- if (new_length > i_size) { ++ if (ia->ia_size > i_size) { + char zero[] = { 0x00 }; + ++ lower_ia->ia_valid &= ~ATTR_SIZE; + /* Write a single 0 at the last position of the file; + * this triggers code that will fill in 0's throughout + * the intermediate portion of the previous end of the + * file and the new and of the file */ + rc = ecryptfs_write(&fake_ecryptfs_file, zero, +- (new_length - 1), 1); +- } else { /* new_length < i_size_read(inode) */ +- /* We're chopping off all the pages down do the page +- * in which new_length is located. Fill in the end of +- * that page from (new_length & ~PAGE_CACHE_MASK) to ++ (ia->ia_size - 1), 1); ++ } else { /* ia->ia_size < i_size_read(inode) */ ++ /* We're chopping off all the pages down to the page ++ * in which ia->ia_size is located. Fill in the end of ++ * that page from (ia->ia_size & ~PAGE_CACHE_MASK) to + * PAGE_CACHE_SIZE with zeros. */ + size_t num_zeros = (PAGE_CACHE_SIZE +- - (new_length & ~PAGE_CACHE_MASK)); ++ - (ia->ia_size & ~PAGE_CACHE_MASK)); + + if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { +- rc = vmtruncate(inode, new_length); ++ rc = vmtruncate(inode, ia->ia_size); + if (rc) + goto out_free; +- rc = vmtruncate(lower_dentry->d_inode, new_length); ++ lower_ia->ia_size = ia->ia_size; ++ lower_ia->ia_valid |= ATTR_SIZE; + goto out_free; + } + if (num_zeros) { +@@ -834,7 +843,7 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) + goto out_free; + } + rc = ecryptfs_write(&fake_ecryptfs_file, zeros_virt, +- new_length, num_zeros); ++ ia->ia_size, num_zeros); + kfree(zeros_virt); + if (rc) { + printk(KERN_ERR "Error attempting to zero out " +@@ -843,7 +852,7 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) + goto out_free; + } + } +- vmtruncate(inode, new_length); ++ vmtruncate(inode, ia->ia_size); + rc = ecryptfs_write_inode_size_to_metadata(inode); + if (rc) { + printk(KERN_ERR "Problem with " +@@ -856,10 +865,12 @@ int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) + lower_size_before_truncate = + upper_size_to_lower_size(crypt_stat, i_size); + lower_size_after_truncate = +- upper_size_to_lower_size(crypt_stat, new_length); +- if (lower_size_after_truncate < lower_size_before_truncate) +- vmtruncate(lower_dentry->d_inode, +- lower_size_after_truncate); ++ upper_size_to_lower_size(crypt_stat, ia->ia_size); ++ if (lower_size_after_truncate < lower_size_before_truncate) { ++ lower_ia->ia_size = lower_size_after_truncate; ++ lower_ia->ia_valid |= ATTR_SIZE; ++ } else ++ lower_ia->ia_valid &= ~ATTR_SIZE; + } + out_free: + if (ecryptfs_file_to_private(&fake_ecryptfs_file)) +@@ -869,6 +880,33 @@ out: + return rc; + } + ++/** ++ * ecryptfs_truncate ++ * @dentry: The ecryptfs layer dentry ++ * @new_length: The length to expand the file to ++ * ++ * Simple function that handles the truncation of an eCryptfs inode and ++ * its corresponding lower inode. ++ * ++ * Returns zero on success; non-zero otherwise ++ */ ++int ecryptfs_truncate(struct dentry *dentry, loff_t new_length) ++{ ++ struct iattr ia = { .ia_valid = ATTR_SIZE, .ia_size = new_length }; ++ struct iattr lower_ia = { .ia_valid = 0 }; ++ int rc; ++ ++ rc = truncate_upper(dentry, &ia, &lower_ia); ++ if (!rc && lower_ia.ia_valid & ATTR_SIZE) { ++ struct dentry *lower_dentry = ecryptfs_dentry_to_lower(dentry); ++ ++ mutex_lock(&lower_dentry->d_inode->i_mutex); ++ rc = notify_change(lower_dentry, &lower_ia); ++ mutex_unlock(&lower_dentry->d_inode->i_mutex); ++ } ++ return rc; ++} ++ + static int + ecryptfs_permission(struct inode *inode, int mask) + { +@@ -891,6 +929,7 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) + { + int rc = 0; + struct dentry *lower_dentry; ++ struct iattr lower_ia; + struct inode *inode; + struct inode *lower_inode; + struct ecryptfs_crypt_stat *crypt_stat; +@@ -929,15 +968,11 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) + } + } + mutex_unlock(&crypt_stat->cs_mutex); ++ memcpy(&lower_ia, ia, sizeof(lower_ia)); ++ if (ia->ia_valid & ATTR_FILE) ++ lower_ia.ia_file = ecryptfs_file_to_lower(ia->ia_file); + if (ia->ia_valid & ATTR_SIZE) { +- ecryptfs_printk(KERN_DEBUG, +- "ia->ia_valid = [0x%x] ATTR_SIZE" " = [0x%x]\n", +- ia->ia_valid, ATTR_SIZE); +- rc = ecryptfs_truncate(dentry, ia->ia_size); +- /* ecryptfs_truncate handles resizing of the lower file */ +- ia->ia_valid &= ~ATTR_SIZE; +- ecryptfs_printk(KERN_DEBUG, "ia->ia_valid = [%x]\n", +- ia->ia_valid); ++ rc = truncate_upper(dentry, ia, &lower_ia); + if (rc < 0) + goto out; + } +@@ -946,11 +981,11 @@ static int ecryptfs_setattr(struct dentry *dentry, struct iattr *ia) + * mode change is for clearing setuid/setgid bits. Allow lower fs + * to interpret this in its own way. + */ +- if (ia->ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) +- ia->ia_valid &= ~ATTR_MODE; ++ if (lower_ia.ia_valid & (ATTR_KILL_SUID | ATTR_KILL_SGID)) ++ lower_ia.ia_valid &= ~ATTR_MODE; + + mutex_lock(&lower_dentry->d_inode->i_mutex); +- rc = notify_change(lower_dentry, ia); ++ rc = notify_change(lower_dentry, &lower_ia); + mutex_unlock(&lower_dentry->d_inode->i_mutex); + out: + fsstack_copy_attr_all(inode, lower_inode, NULL); +diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c +index c6ac85d..c52df75 100644 +--- a/fs/ecryptfs/main.c ++++ b/fs/ecryptfs/main.c +@@ -487,6 +487,7 @@ out: + } + + struct kmem_cache *ecryptfs_sb_info_cache; ++static struct file_system_type ecryptfs_fs_type; + + /** + * ecryptfs_fill_super +@@ -561,6 +562,23 @@ static int ecryptfs_read_super(struct super_block *sb, const char *dev_name) + ecryptfs_printk(KERN_WARNING, "path_lookup() failed\n"); + goto out; + } ++ ++ if (path.dentry->d_sb->s_type == &ecryptfs_fs_type) { ++ rc = -EINVAL; ++ printk(KERN_ERR "Mount on filesystem of type " ++ "eCryptfs explicitly disallowed due to " ++ "known incompatibilities\n"); ++ goto out_free; ++ } ++ ++ if (check_ruid && path.dentry->d_inode->i_uid != current_uid()) { ++ rc = -EPERM; ++ printk(KERN_ERR "Mount of device (uid: %d) not owned by " ++ "requested user (uid: %d)\n", ++ path.dentry->d_inode->i_uid, current_uid()); ++ goto out_free; ++ } ++ + ecryptfs_set_superblock_lower(sb, path.dentry->d_sb); + sb->s_maxbytes = path.dentry->d_sb->s_maxbytes; + sb->s_blocksize = path.dentry->d_sb->s_blocksize; diff --git a/fs/exec.c b/fs/exec.c index 86fafc6..6272c0e 100644 --- a/fs/exec.c @@ -53021,7 +53320,7 @@ index 50f8f06..c5755df 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index c5ef152..24a1b87 100644 +index c5ef152..28c94f7 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -53135,9 +53434,12 @@ index c5ef152..24a1b87 100644 esp, eip, /* The signal information here is obsolete. -@@ -519,6 +578,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -517,8 +576,16 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) + { int size = 0, resident = 0, shared = 0, text = 0, lib = 0, data = 0; - struct mm_struct *mm = get_task_mm(task); +- struct mm_struct *mm = get_task_mm(task); ++ struct mm_struct *mm; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (current->exec_id != m->exec_id) { @@ -53146,10 +53448,11 @@ index c5ef152..24a1b87 100644 + } +#endif + ++ mm = get_task_mm(task); if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -528,3 +594,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -528,3 +595,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -88073,10 +88376,10 @@ index 0000000..008f159 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..8b61031 +index 0000000..4a9b187 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,295 @@ +@@ -0,0 +1,326 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -88123,10 +88426,12 @@ index 0000000..8b61031 +static int track_frame_size = -1; +static const char track_function[] = "pax_track_stack"; +static const char check_function[] = "pax_check_alloca"; ++static tree pax_check_alloca_decl; ++static tree pax_track_stack_decl; +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201111150100", ++ .version = "201203021600", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -88179,27 +88484,20 @@ index 0000000..8b61031 +static void stackleak_check_alloca(gimple_stmt_iterator *gsi) +{ + gimple check_alloca; -+ tree fndecl, fntype, alloca_size; ++ tree alloca_size; + + // insert call to void pax_check_alloca(unsigned long size) -+ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); -+ fndecl = build_fn_decl(check_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO + alloca_size = gimple_call_arg(gsi_stmt(*gsi), 0); -+ check_alloca = gimple_build_call(fndecl, 1, alloca_size); ++ check_alloca = gimple_build_call(pax_check_alloca_decl, 1, alloca_size); + gsi_insert_before(gsi, check_alloca, GSI_SAME_STMT); +} + +static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi) +{ + gimple track_stack; -+ tree fndecl, fntype; + + // insert call to void pax_track_stack(void) -+ fntype = build_function_type_list(void_type_node, NULL_TREE); -+ fndecl = build_fn_decl(track_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO -+ track_stack = gimple_build_call(fndecl, 0); ++ track_stack = gimple_build_call(pax_track_stack_decl, 0); + gsi_insert_after(gsi, track_stack, GSI_CONTINUE_LINKING); +} + @@ -88236,7 +88534,7 @@ index 0000000..8b61031 +static unsigned int execute_stackleak_tree_instrument(void) +{ + basic_block bb, entry_bb; -+ bool prologue_instrumented = false; ++ bool prologue_instrumented = false, is_leaf = true; + + entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb; + @@ -88245,8 +88543,15 @@ index 0000000..8b61031 + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ gimple stmt; ++ ++ stmt = gsi_stmt(gsi); ++ ++ if (is_gimple_call(stmt)) ++ is_leaf = false; ++ + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> -+ if (!is_alloca(gsi_stmt(gsi))) ++ if (!is_alloca(stmt)) + continue; + + // 2. insert stack overflow check before each __builtin_alloca call @@ -88259,6 +88564,13 @@ index 0000000..8b61031 + } + } + ++ // special case for some bad linux code: taking the address of static inline functions will materialize them ++ // but we mustn't instrument some of them as the resulting stack alignment required by the function call ABI ++ // will break other assumptions regarding the expected (but not otherwise enforced) register clobbering ABI. ++ // case in point: native_save_fl on amd64 when optimized for size clobbers rdx if it were instrumented here. ++ if (is_leaf && !TREE_PUBLIC(current_function_decl) && DECL_DECLARED_INLINE_P(current_function_decl)) ++ return 0; ++ + // 4. insert track call at the beginning + if (!prologue_instrumented) { + gimple_stmt_iterator gsi; @@ -88318,6 +88630,27 @@ index 0000000..8b61031 + return 0; +} + ++static void stackleak_start_unit(void *gcc_data, void *user_dat) ++{ ++ tree fntype; ++ ++ // declare void pax_check_alloca(unsigned long size) ++ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); ++ pax_check_alloca_decl = build_fn_decl(check_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_check_alloca_decl); // for LTO ++ TREE_PUBLIC(pax_check_alloca_decl) = 1; ++ DECL_EXTERNAL(pax_check_alloca_decl) = 1; ++ DECL_ARTIFICIAL(pax_check_alloca_decl) = 1; ++ ++ // declare void pax_track_stack(void) ++ fntype = build_function_type_list(void_type_node, NULL_TREE); ++ pax_track_stack_decl = build_fn_decl(track_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_track_stack_decl); // for LTO ++ TREE_PUBLIC(pax_track_stack_decl) = 1; ++ DECL_EXTERNAL(pax_track_stack_decl) = 1; ++ DECL_ARTIFICIAL(pax_track_stack_decl) = 1; ++} ++ +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + const char * const plugin_name = plugin_info->base_name; @@ -88329,7 +88662,7 @@ index 0000000..8b61031 +// .reference_pass_name = "tree_profile", + .reference_pass_name = "optimized", + .ref_pass_instance_number = 0, -+ .pos_op = PASS_POS_INSERT_AFTER ++ .pos_op = PASS_POS_INSERT_BEFORE + }; + struct register_pass_info stackleak_final_pass_info = { + .pass = &stackleak_final_rtl_opt_pass.pass, @@ -88367,6 +88700,7 @@ index 0000000..8b61031 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + ++ register_callback("start_unit", PLUGIN_START_UNIT, &stackleak_start_unit, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_tree_instrument_pass_info); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_final_pass_info); + @@ -88399,10 +88733,112 @@ index 83b3dde..835bee7 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 4f3434f..159bc3e 100644 +index 4f3434f..fc63040 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -2494,7 +2494,7 @@ asmlinkage void kvm_handle_fault_on_reboot(void) +@@ -43,6 +43,8 @@ + #include <linux/swap.h> + #include <linux/bitops.h> + #include <linux/spinlock.h> ++#include <linux/namei.h> ++#include <linux/fs.h> + + #include <asm/processor.h> + #include <asm/io.h> +@@ -575,12 +577,73 @@ out: + return r; + } + ++/* ++ * We want to test whether the caller has been granted permissions to ++ * use this device. To be able to configure and control the device, ++ * the user needs access to PCI configuration space and BAR resources. ++ * These are accessed through PCI sysfs. PCI config space is often ++ * passed to the process calling this ioctl via file descriptor, so we ++ * can't rely on access to that file. We can check for permissions ++ * on each of the BAR resource files, which is a pretty clear ++ * indicator that the user has been granted access to the device. ++ */ ++static int probe_sysfs_permissions(struct pci_dev *dev) ++{ ++#ifdef CONFIG_SYSFS ++ int i; ++ bool bar_found = false; ++ ++ for (i = PCI_STD_RESOURCES; i <= PCI_STD_RESOURCE_END; i++) { ++ char *kpath, *syspath; ++ struct path path; ++ struct inode *inode; ++ int r; ++ ++ if (!pci_resource_len(dev, i)) ++ continue; ++ ++ kpath = kobject_get_path(&dev->dev.kobj, GFP_KERNEL); ++ if (!kpath) ++ return -ENOMEM; ++ ++ /* Per sysfs-rules, sysfs is always at /sys */ ++ syspath = kasprintf(GFP_KERNEL, "/sys%s/resource%d", kpath, i); ++ kfree(kpath); ++ if (!syspath) ++ return -ENOMEM; ++ ++ r = kern_path(syspath, LOOKUP_FOLLOW, &path); ++ kfree(syspath); ++ if (r) ++ return r; ++ ++ inode = path.dentry->d_inode; ++ ++ r = inode_permission(inode, MAY_READ | MAY_WRITE | MAY_ACCESS); ++ path_put(&path); ++ if (r) ++ return r; ++ ++ bar_found = true; ++ } ++ ++ /* If no resources, probably something special */ ++ if (!bar_found) ++ return -EPERM; ++ ++ return 0; ++#else ++ return -EINVAL; /* No way to control the device without sysfs */ ++#endif ++} ++ + static int kvm_vm_ioctl_assign_device(struct kvm *kvm, + struct kvm_assigned_pci_dev *assigned_dev) + { + int r = 0; + struct kvm_assigned_dev_kernel *match; + struct pci_dev *dev; ++ u8 header_type; + + down_read(&kvm->slots_lock); + mutex_lock(&kvm->lock); +@@ -607,6 +670,18 @@ static int kvm_vm_ioctl_assign_device(struct kvm *kvm, + r = -EINVAL; + goto out_free; + } ++ ++ /* Don't allow bridges to be assigned */ ++ pci_read_config_byte(dev, PCI_HEADER_TYPE, &header_type); ++ if ((header_type & PCI_HEADER_TYPE) != PCI_HEADER_TYPE_NORMAL) { ++ r = -EPERM; ++ goto out_put; ++ } ++ ++ r = probe_sysfs_permissions(dev); ++ if (r) ++ goto out_put; ++ + if (pci_enable_device(dev)) { + printk(KERN_INFO "%s: Could not enable PCI device\n", __func__); + r = -EBUSY; +@@ -2494,7 +2569,7 @@ asmlinkage void kvm_handle_fault_on_reboot(void) if (kvm_rebooting) /* spin while reset goes on */ while (true) @@ -88411,7 +88847,7 @@ index 4f3434f..159bc3e 100644 /* Fault while not rebooting. We want the trace. */ BUG(); } -@@ -2714,7 +2714,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2714,7 +2789,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -88420,7 +88856,7 @@ index 4f3434f..159bc3e 100644 struct module *module) { int r; -@@ -2767,15 +2767,17 @@ int kvm_init(void *opaque, unsigned int vcpu_size, +@@ -2767,15 +2842,17 @@ int kvm_init(void *opaque, unsigned int vcpu_size, /* A kmem cache lets us meet the alignment requirements of fx_save. */ kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, __alignof__(struct kvm_vcpu), diff --git a/2.6.32/4440_grsec-remove-protected-paths.patch b/2.6.32/4440_grsec-remove-protected-paths.patch index 5cec66c..339cc6e 100644 --- a/2.6.32/4440_grsec-remove-protected-paths.patch +++ b/2.6.32/4440_grsec-remove-protected-paths.patch @@ -6,7 +6,7 @@ the filesystem. diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile --- a/grsecurity/Makefile 2011-10-19 19:48:21.000000000 -0400 +++ b/grsecurity/Makefile 2011-10-19 19:50:44.000000000 -0400 -@@ -27,10 +27,4 @@ +@@ -29,10 +29,4 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/2.6.32/4445_grsec-pax-without-grsec.patch b/2.6.32/4445_grsec-pax-without-grsec.patch index 0f87dc1..591a120 100644 --- a/2.6.32/4445_grsec-pax-without-grsec.patch +++ b/2.6.32/4445_grsec-pax-without-grsec.patch @@ -36,7 +36,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c diff -Naur a/fs/exec.c b/fs/exec.c --- a/fs/exec.c 2011-04-17 18:15:55.000000000 -0400 +++ b/fs/exec.c 2011-04-17 18:29:40.000000000 -0400 -@@ -1812,9 +1812,11 @@ +@@ -1832,9 +1832,11 @@ } up_read(&mm->mmap_sem); } @@ -48,7 +48,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -1829,10 +1831,12 @@ +@@ -1849,10 +1851,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -61,7 +61,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -1892,10 +1896,12 @@ +@@ -1912,10 +1916,12 @@ NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) { diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch index 763d845..498adb6 100644 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch @@ -12,7 +12,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-12-12 15:11:47.000000000 -0500 +++ b/grsecurity/Kconfig 2011-12-12 15:13:17.000000000 -0500 -@@ -433,7 +433,7 @@ +@@ -439,7 +439,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -21,7 +21,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -661,7 +661,7 @@ +@@ -667,7 +667,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -30,7 +30,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -865,7 +865,7 @@ +@@ -871,7 +871,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -39,7 +39,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -874,7 +874,7 @@ +@@ -880,7 +880,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -48,7 +48,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -947,7 +947,7 @@ +@@ -953,7 +953,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -57,7 +57,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -968,7 +968,7 @@ +@@ -974,7 +974,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -66,7 +66,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -986,7 +986,7 @@ +@@ -992,7 +992,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4460-grsec-kconfig-proc-user.patch b/2.6.32/4460-grsec-kconfig-proc-user.patch index ca88ef7..1e181f3 100644 --- a/2.6.32/4460-grsec-kconfig-proc-user.patch +++ b/2.6.32/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 07:46:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 07:47:20.000000000 -0400 -@@ -667,7 +667,7 @@ +@@ -673,7 +673,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -675,7 +675,7 @@ +@@ -681,7 +681,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch index 0873c15..fe2f190 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -1296,6 +1296,27 @@ +@@ -1302,6 +1302,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.7/1006_linux-3.2.7.patch b/3.2.7/1006_linux-3.2.7.patch deleted file mode 100644 index 08a6ba3..0000000 --- a/3.2.7/1006_linux-3.2.7.patch +++ /dev/null @@ -1,994 +0,0 @@ -diff --git a/Makefile b/Makefile -index 47fe496..d1bdc90 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 2 --SUBLEVEL = 6 -+SUBLEVEL = 7 - EXTRAVERSION = - NAME = Saber-toothed Squirrel - -diff --git a/arch/x86/pci/xen.c b/arch/x86/pci/xen.c -index 492ade8..d99346e 100644 ---- a/arch/x86/pci/xen.c -+++ b/arch/x86/pci/xen.c -@@ -374,7 +374,7 @@ int __init pci_xen_init(void) - - int __init pci_xen_hvm_init(void) - { -- if (!xen_feature(XENFEAT_hvm_pirqs)) -+ if (!xen_have_vector_callback || !xen_feature(XENFEAT_hvm_pirqs)) - return 0; - - #ifdef CONFIG_ACPI -diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c -index 88f160b..107f6f7 100644 ---- a/crypto/sha512_generic.c -+++ b/crypto/sha512_generic.c -@@ -31,11 +31,6 @@ static inline u64 Maj(u64 x, u64 y, u64 z) - return (x & y) | (z & (x | y)); - } - --static inline u64 RORu64(u64 x, u64 y) --{ -- return (x >> y) | (x << (64 - y)); --} -- - static const u64 sha512_K[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, - 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, -@@ -66,10 +61,10 @@ static const u64 sha512_K[80] = { - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL, - }; - --#define e0(x) (RORu64(x,28) ^ RORu64(x,34) ^ RORu64(x,39)) --#define e1(x) (RORu64(x,14) ^ RORu64(x,18) ^ RORu64(x,41)) --#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7)) --#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6)) -+#define e0(x) (ror64(x,28) ^ ror64(x,34) ^ ror64(x,39)) -+#define e1(x) (ror64(x,14) ^ ror64(x,18) ^ ror64(x,41)) -+#define s0(x) (ror64(x, 1) ^ ror64(x, 8) ^ (x >> 7)) -+#define s1(x) (ror64(x,19) ^ ror64(x,61) ^ (x >> 6)) - - static inline void LOAD_OP(int I, u64 *W, const u8 *input) - { -@@ -78,7 +73,7 @@ static inline void LOAD_OP(int I, u64 *W, const u8 *input) - - static inline void BLEND_OP(int I, u64 *W) - { -- W[I % 16] += s1(W[(I-2) % 16]) + W[(I-7) % 16] + s0(W[(I-15) % 16]); -+ W[I & 15] += s1(W[(I-2) & 15]) + W[(I-7) & 15] + s0(W[(I-15) & 15]); - } - - static void -@@ -89,46 +84,42 @@ sha512_transform(u64 *state, const u8 *input) - int i; - u64 W[16]; - -- /* load the input */ -- for (i = 0; i < 16; i++) -- LOAD_OP(i, W, input); -- - /* load the state into our registers */ - a=state[0]; b=state[1]; c=state[2]; d=state[3]; - e=state[4]; f=state[5]; g=state[6]; h=state[7]; - --#define SHA512_0_15(i, a, b, c, d, e, f, g, h) \ -- t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[i]; \ -- t2 = e0(a) + Maj(a, b, c); \ -- d += t1; \ -- h = t1 + t2 -- --#define SHA512_16_79(i, a, b, c, d, e, f, g, h) \ -- BLEND_OP(i, W); \ -- t1 = h + e1(e) + Ch(e, f, g) + sha512_K[i] + W[(i)%16]; \ -- t2 = e0(a) + Maj(a, b, c); \ -- d += t1; \ -- h = t1 + t2 -- -- for (i = 0; i < 16; i += 8) { -- SHA512_0_15(i, a, b, c, d, e, f, g, h); -- SHA512_0_15(i + 1, h, a, b, c, d, e, f, g); -- SHA512_0_15(i + 2, g, h, a, b, c, d, e, f); -- SHA512_0_15(i + 3, f, g, h, a, b, c, d, e); -- SHA512_0_15(i + 4, e, f, g, h, a, b, c, d); -- SHA512_0_15(i + 5, d, e, f, g, h, a, b, c); -- SHA512_0_15(i + 6, c, d, e, f, g, h, a, b); -- SHA512_0_15(i + 7, b, c, d, e, f, g, h, a); -- } -- for (i = 16; i < 80; i += 8) { -- SHA512_16_79(i, a, b, c, d, e, f, g, h); -- SHA512_16_79(i + 1, h, a, b, c, d, e, f, g); -- SHA512_16_79(i + 2, g, h, a, b, c, d, e, f); -- SHA512_16_79(i + 3, f, g, h, a, b, c, d, e); -- SHA512_16_79(i + 4, e, f, g, h, a, b, c, d); -- SHA512_16_79(i + 5, d, e, f, g, h, a, b, c); -- SHA512_16_79(i + 6, c, d, e, f, g, h, a, b); -- SHA512_16_79(i + 7, b, c, d, e, f, g, h, a); -+ /* now iterate */ -+ for (i=0; i<80; i+=8) { -+ if (!(i & 8)) { -+ int j; -+ -+ if (i < 16) { -+ /* load the input */ -+ for (j = 0; j < 16; j++) -+ LOAD_OP(i + j, W, input); -+ } else { -+ for (j = 0; j < 16; j++) { -+ BLEND_OP(i + j, W); -+ } -+ } -+ } -+ -+ t1 = h + e1(e) + Ch(e,f,g) + sha512_K[i ] + W[(i & 15)]; -+ t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2; -+ t1 = g + e1(d) + Ch(d,e,f) + sha512_K[i+1] + W[(i & 15) + 1]; -+ t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2; -+ t1 = f + e1(c) + Ch(c,d,e) + sha512_K[i+2] + W[(i & 15) + 2]; -+ t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2; -+ t1 = e + e1(b) + Ch(b,c,d) + sha512_K[i+3] + W[(i & 15) + 3]; -+ t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2; -+ t1 = d + e1(a) + Ch(a,b,c) + sha512_K[i+4] + W[(i & 15) + 4]; -+ t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2; -+ t1 = c + e1(h) + Ch(h,a,b) + sha512_K[i+5] + W[(i & 15) + 5]; -+ t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2; -+ t1 = b + e1(g) + Ch(g,h,a) + sha512_K[i+6] + W[(i & 15) + 6]; -+ t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2; -+ t1 = a + e1(f) + Ch(f,g,h) + sha512_K[i+7] + W[(i & 15) + 7]; -+ t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2; - } - - state[0] += a; state[1] += b; state[2] += c; state[3] += d; -diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c -index db3b461..94f860c 100644 ---- a/drivers/gpu/drm/i915/intel_dp.c -+++ b/drivers/gpu/drm/i915/intel_dp.c -@@ -208,17 +208,8 @@ intel_dp_link_clock(uint8_t link_bw) - */ - - static int --intel_dp_link_required(struct intel_dp *intel_dp, int pixel_clock, int check_bpp) -+intel_dp_link_required(int pixel_clock, int bpp) - { -- struct drm_crtc *crtc = intel_dp->base.base.crtc; -- struct intel_crtc *intel_crtc = to_intel_crtc(crtc); -- int bpp = 24; -- -- if (check_bpp) -- bpp = check_bpp; -- else if (intel_crtc) -- bpp = intel_crtc->bpp; -- - return (pixel_clock * bpp + 9) / 10; - } - -@@ -245,12 +236,11 @@ intel_dp_mode_valid(struct drm_connector *connector, - return MODE_PANEL; - } - -- mode_rate = intel_dp_link_required(intel_dp, mode->clock, 0); -+ mode_rate = intel_dp_link_required(mode->clock, 24); - max_rate = intel_dp_max_data_rate(max_link_clock, max_lanes); - - if (mode_rate > max_rate) { -- mode_rate = intel_dp_link_required(intel_dp, -- mode->clock, 18); -+ mode_rate = intel_dp_link_required(mode->clock, 18); - if (mode_rate > max_rate) - return MODE_CLOCK_HIGH; - else -@@ -683,7 +673,7 @@ intel_dp_mode_fixup(struct drm_encoder *encoder, struct drm_display_mode *mode, - int lane_count, clock; - int max_lane_count = intel_dp_max_lane_count(intel_dp); - int max_clock = intel_dp_max_link_bw(intel_dp) == DP_LINK_BW_2_7 ? 1 : 0; -- int bpp = mode->private_flags & INTEL_MODE_DP_FORCE_6BPC ? 18 : 0; -+ int bpp = mode->private_flags & INTEL_MODE_DP_FORCE_6BPC ? 18 : 24; - static int bws[2] = { DP_LINK_BW_1_62, DP_LINK_BW_2_7 }; - - if (is_edp(intel_dp) && intel_dp->panel_fixed_mode) { -@@ -701,7 +691,7 @@ intel_dp_mode_fixup(struct drm_encoder *encoder, struct drm_display_mode *mode, - for (clock = 0; clock <= max_clock; clock++) { - int link_avail = intel_dp_max_data_rate(intel_dp_link_clock(bws[clock]), lane_count); - -- if (intel_dp_link_required(intel_dp, mode->clock, bpp) -+ if (intel_dp_link_required(mode->clock, bpp) - <= link_avail) { - intel_dp->link_bw = bws[clock]; - intel_dp->lane_count = lane_count; -diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c -index e441911..b83f745 100644 ---- a/drivers/gpu/drm/i915/intel_lvds.c -+++ b/drivers/gpu/drm/i915/intel_lvds.c -@@ -694,6 +694,14 @@ static const struct dmi_system_id intel_no_lvds[] = { - }, - { - .callback = intel_no_lvds_dmi_callback, -+ .ident = "AOpen i45GMx-I", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "AOpen"), -+ DMI_MATCH(DMI_BOARD_NAME, "i45GMx-I"), -+ }, -+ }, -+ { -+ .callback = intel_no_lvds_dmi_callback, - .ident = "Aopen i945GTt-VFA", - .matches = { - DMI_MATCH(DMI_PRODUCT_VERSION, "AO00001JW"), -diff --git a/drivers/hwmon/f75375s.c b/drivers/hwmon/f75375s.c -index 95cbfb3..e4ab491 100644 ---- a/drivers/hwmon/f75375s.c -+++ b/drivers/hwmon/f75375s.c -@@ -159,7 +159,7 @@ static inline void f75375_write8(struct i2c_client *client, u8 reg, - static inline void f75375_write16(struct i2c_client *client, u8 reg, - u16 value) - { -- int err = i2c_smbus_write_byte_data(client, reg, (value << 8)); -+ int err = i2c_smbus_write_byte_data(client, reg, (value >> 8)); - if (err) - return; - i2c_smbus_write_byte_data(client, reg + 1, (value & 0xFF)); -@@ -311,7 +311,7 @@ static int set_pwm_enable_direct(struct i2c_client *client, int nr, int val) - fanmode |= (3 << FAN_CTRL_MODE(nr)); - break; - case 2: /* AUTOMATIC*/ -- fanmode |= (2 << FAN_CTRL_MODE(nr)); -+ fanmode |= (1 << FAN_CTRL_MODE(nr)); - break; - case 3: /* fan speed */ - break; -diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c -index a7ee502..72bc756 100644 ---- a/drivers/mmc/host/atmel-mci.c -+++ b/drivers/mmc/host/atmel-mci.c -@@ -965,11 +965,14 @@ static void atmci_start_request(struct atmel_mci *host, - host->data_status = 0; - - if (host->need_reset) { -+ iflags = atmci_readl(host, ATMCI_IMR); -+ iflags &= (ATMCI_SDIOIRQA | ATMCI_SDIOIRQB); - atmci_writel(host, ATMCI_CR, ATMCI_CR_SWRST); - atmci_writel(host, ATMCI_CR, ATMCI_CR_MCIEN); - atmci_writel(host, ATMCI_MR, host->mode_reg); - if (host->caps.has_cfg_reg) - atmci_writel(host, ATMCI_CFG, host->cfg_reg); -+ atmci_writel(host, ATMCI_IER, iflags); - host->need_reset = false; - } - atmci_writel(host, ATMCI_SDCR, slot->sdc_reg); -diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c -index 3aaeb08..baf3d42 100644 ---- a/drivers/mmc/host/dw_mmc.c -+++ b/drivers/mmc/host/dw_mmc.c -@@ -22,7 +22,6 @@ - #include <linux/ioport.h> - #include <linux/module.h> - #include <linux/platform_device.h> --#include <linux/scatterlist.h> - #include <linux/seq_file.h> - #include <linux/slab.h> - #include <linux/stat.h> -@@ -502,8 +501,14 @@ static void dw_mci_submit_data(struct dw_mci *host, struct mmc_data *data) - host->dir_status = DW_MCI_SEND_STATUS; - - if (dw_mci_submit_data_dma(host, data)) { -+ int flags = SG_MITER_ATOMIC; -+ if (host->data->flags & MMC_DATA_READ) -+ flags |= SG_MITER_TO_SG; -+ else -+ flags |= SG_MITER_FROM_SG; -+ -+ sg_miter_start(&host->sg_miter, data->sg, data->sg_len, flags); - host->sg = data->sg; -- host->pio_offset = 0; - host->part_buf_start = 0; - host->part_buf_count = 0; - -@@ -953,6 +958,7 @@ static void dw_mci_tasklet_func(unsigned long priv) - * generates a block interrupt, hence setting - * the scatter-gather pointer to NULL. - */ -+ sg_miter_stop(&host->sg_miter); - host->sg = NULL; - ctrl = mci_readl(host, CTRL); - ctrl |= SDMMC_CTRL_FIFO_RESET; -@@ -1286,54 +1292,44 @@ static void dw_mci_pull_data(struct dw_mci *host, void *buf, int cnt) - - static void dw_mci_read_data_pio(struct dw_mci *host) - { -- struct scatterlist *sg = host->sg; -- void *buf = sg_virt(sg); -- unsigned int offset = host->pio_offset; -+ struct sg_mapping_iter *sg_miter = &host->sg_miter; -+ void *buf; -+ unsigned int offset; - struct mmc_data *data = host->data; - int shift = host->data_shift; - u32 status; - unsigned int nbytes = 0, len; -+ unsigned int remain, fcnt; - - do { -- len = host->part_buf_count + -- (SDMMC_GET_FCNT(mci_readl(host, STATUS)) << shift); -- if (offset + len <= sg->length) { -+ if (!sg_miter_next(sg_miter)) -+ goto done; -+ -+ host->sg = sg_miter->__sg; -+ buf = sg_miter->addr; -+ remain = sg_miter->length; -+ offset = 0; -+ -+ do { -+ fcnt = (SDMMC_GET_FCNT(mci_readl(host, STATUS)) -+ << shift) + host->part_buf_count; -+ len = min(remain, fcnt); -+ if (!len) -+ break; - dw_mci_pull_data(host, (void *)(buf + offset), len); -- - offset += len; - nbytes += len; -- -- if (offset == sg->length) { -- flush_dcache_page(sg_page(sg)); -- host->sg = sg = sg_next(sg); -- if (!sg) -- goto done; -- -- offset = 0; -- buf = sg_virt(sg); -- } -- } else { -- unsigned int remaining = sg->length - offset; -- dw_mci_pull_data(host, (void *)(buf + offset), -- remaining); -- nbytes += remaining; -- -- flush_dcache_page(sg_page(sg)); -- host->sg = sg = sg_next(sg); -- if (!sg) -- goto done; -- -- offset = len - remaining; -- buf = sg_virt(sg); -- dw_mci_pull_data(host, buf, offset); -- nbytes += offset; -- } -+ remain -= len; -+ } while (remain); -+ sg_miter->consumed = offset; - - status = mci_readl(host, MINTSTS); - mci_writel(host, RINTSTS, SDMMC_INT_RXDR); - if (status & DW_MCI_DATA_ERROR_FLAGS) { - host->data_status = status; - data->bytes_xfered += nbytes; -+ sg_miter_stop(sg_miter); -+ host->sg = NULL; - smp_wmb(); - - set_bit(EVENT_DATA_ERROR, &host->pending_events); -@@ -1342,65 +1338,66 @@ static void dw_mci_read_data_pio(struct dw_mci *host) - return; - } - } while (status & SDMMC_INT_RXDR); /*if the RXDR is ready read again*/ -- host->pio_offset = offset; - data->bytes_xfered += nbytes; -+ -+ if (!remain) { -+ if (!sg_miter_next(sg_miter)) -+ goto done; -+ sg_miter->consumed = 0; -+ } -+ sg_miter_stop(sg_miter); - return; - - done: - data->bytes_xfered += nbytes; -+ sg_miter_stop(sg_miter); -+ host->sg = NULL; - smp_wmb(); - set_bit(EVENT_XFER_COMPLETE, &host->pending_events); - } - - static void dw_mci_write_data_pio(struct dw_mci *host) - { -- struct scatterlist *sg = host->sg; -- void *buf = sg_virt(sg); -- unsigned int offset = host->pio_offset; -+ struct sg_mapping_iter *sg_miter = &host->sg_miter; -+ void *buf; -+ unsigned int offset; - struct mmc_data *data = host->data; - int shift = host->data_shift; - u32 status; - unsigned int nbytes = 0, len; -+ unsigned int fifo_depth = host->fifo_depth; -+ unsigned int remain, fcnt; - - do { -- len = ((host->fifo_depth - -- SDMMC_GET_FCNT(mci_readl(host, STATUS))) << shift) -- - host->part_buf_count; -- if (offset + len <= sg->length) { -+ if (!sg_miter_next(sg_miter)) -+ goto done; -+ -+ host->sg = sg_miter->__sg; -+ buf = sg_miter->addr; -+ remain = sg_miter->length; -+ offset = 0; -+ -+ do { -+ fcnt = ((fifo_depth - -+ SDMMC_GET_FCNT(mci_readl(host, STATUS))) -+ << shift) - host->part_buf_count; -+ len = min(remain, fcnt); -+ if (!len) -+ break; - host->push_data(host, (void *)(buf + offset), len); -- - offset += len; - nbytes += len; -- if (offset == sg->length) { -- host->sg = sg = sg_next(sg); -- if (!sg) -- goto done; -- -- offset = 0; -- buf = sg_virt(sg); -- } -- } else { -- unsigned int remaining = sg->length - offset; -- -- host->push_data(host, (void *)(buf + offset), -- remaining); -- nbytes += remaining; -- -- host->sg = sg = sg_next(sg); -- if (!sg) -- goto done; -- -- offset = len - remaining; -- buf = sg_virt(sg); -- host->push_data(host, (void *)buf, offset); -- nbytes += offset; -- } -+ remain -= len; -+ } while (remain); -+ sg_miter->consumed = offset; - - status = mci_readl(host, MINTSTS); - mci_writel(host, RINTSTS, SDMMC_INT_TXDR); - if (status & DW_MCI_DATA_ERROR_FLAGS) { - host->data_status = status; - data->bytes_xfered += nbytes; -+ sg_miter_stop(sg_miter); -+ host->sg = NULL; - - smp_wmb(); - -@@ -1410,12 +1407,20 @@ static void dw_mci_write_data_pio(struct dw_mci *host) - return; - } - } while (status & SDMMC_INT_TXDR); /* if TXDR write again */ -- host->pio_offset = offset; - data->bytes_xfered += nbytes; -+ -+ if (!remain) { -+ if (!sg_miter_next(sg_miter)) -+ goto done; -+ sg_miter->consumed = 0; -+ } -+ sg_miter_stop(sg_miter); - return; - - done: - data->bytes_xfered += nbytes; -+ sg_miter_stop(sg_miter); -+ host->sg = NULL; - smp_wmb(); - set_bit(EVENT_XFER_COMPLETE, &host->pending_events); - } -@@ -1618,6 +1623,7 @@ static void dw_mci_work_routine_card(struct work_struct *work) - * block interrupt, hence setting the - * scatter-gather pointer to NULL. - */ -+ sg_miter_stop(&host->sg_miter); - host->sg = NULL; - - ctrl = mci_readl(host, CTRL); -diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c -index ced5444..222954d 100644 ---- a/drivers/net/ethernet/intel/igb/igb_main.c -+++ b/drivers/net/ethernet/intel/igb/igb_main.c -@@ -4965,7 +4965,8 @@ static int igb_find_enabled_vfs(struct igb_adapter *adapter) - vf_devfn = pdev->devfn + 0x80; - pvfdev = pci_get_device(hw->vendor_id, device_id, NULL); - while (pvfdev) { -- if (pvfdev->devfn == vf_devfn) -+ if (pvfdev->devfn == vf_devfn && -+ (pvfdev->bus->number >= pdev->bus->number)) - vfs_found++; - vf_devfn += vf_stride; - pvfdev = pci_get_device(hw->vendor_id, -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c -index 00fcd39..e571356 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_sriov.c -@@ -67,7 +67,8 @@ static int ixgbe_find_enabled_vfs(struct ixgbe_adapter *adapter) - vf_devfn = pdev->devfn + 0x80; - pvfdev = pci_get_device(IXGBE_INTEL_VENDOR_ID, device_id, NULL); - while (pvfdev) { -- if (pvfdev->devfn == vf_devfn) -+ if (pvfdev->devfn == vf_devfn && -+ (pvfdev->bus->number >= pdev->bus->number)) - vfs_found++; - vf_devfn += 2; - pvfdev = pci_get_device(IXGBE_INTEL_VENDOR_ID, -diff --git a/drivers/net/ethernet/toshiba/Kconfig b/drivers/net/ethernet/toshiba/Kconfig -index 0517647..74acb5c 100644 ---- a/drivers/net/ethernet/toshiba/Kconfig -+++ b/drivers/net/ethernet/toshiba/Kconfig -@@ -5,7 +5,7 @@ - config NET_VENDOR_TOSHIBA - bool "Toshiba devices" - default y -- depends on PCI && (PPC_IBM_CELL_BLADE || PPC_CELLEB) || PPC_PS3 -+ depends on PCI && (PPC_IBM_CELL_BLADE || PPC_CELLEB || MIPS) || PPC_PS3 - ---help--- - If you have a network (Ethernet) card belonging to this class, say Y - and read the Ethernet-HOWTO, available from -diff --git a/drivers/net/wireless/ath/ath9k/hw.c b/drivers/net/wireless/ath/ath9k/hw.c -index 8873c6e..8b0c2ca 100644 ---- a/drivers/net/wireless/ath/ath9k/hw.c -+++ b/drivers/net/wireless/ath/ath9k/hw.c -@@ -1034,13 +1034,16 @@ void ath9k_hw_init_global_settings(struct ath_hw *ah) - - /* - * Workaround for early ACK timeouts, add an offset to match the -- * initval's 64us ack timeout value. -+ * initval's 64us ack timeout value. Use 48us for the CTS timeout. - * This was initially only meant to work around an issue with delayed - * BA frames in some implementations, but it has been found to fix ACK - * timeout issues in other cases as well. - */ -- if (conf->channel && conf->channel->band == IEEE80211_BAND_2GHZ) -+ if (conf->channel && conf->channel->band == IEEE80211_BAND_2GHZ) { - acktimeout += 64 - sifstime - ah->slottime; -+ ctstimeout += 48 - sifstime - ah->slottime; -+ } -+ - - ath9k_hw_set_sifs_time(ah, sifstime); - ath9k_hw_setslottime(ah, slottime); -diff --git a/drivers/net/wireless/ath/ath9k/init.c b/drivers/net/wireless/ath/ath9k/init.c -index d4c909f..57622e0 100644 ---- a/drivers/net/wireless/ath/ath9k/init.c -+++ b/drivers/net/wireless/ath/ath9k/init.c -@@ -775,6 +775,11 @@ int ath9k_init_device(u16 devid, struct ath_softc *sc, - ARRAY_SIZE(ath9k_tpt_blink)); - #endif - -+ INIT_WORK(&sc->hw_reset_work, ath_reset_work); -+ INIT_WORK(&sc->hw_check_work, ath_hw_check); -+ INIT_WORK(&sc->paprd_work, ath_paprd_calibrate); -+ INIT_DELAYED_WORK(&sc->hw_pll_work, ath_hw_pll_work); -+ - /* Register with mac80211 */ - error = ieee80211_register_hw(hw); - if (error) -@@ -793,10 +798,6 @@ int ath9k_init_device(u16 devid, struct ath_softc *sc, - goto error_world; - } - -- INIT_WORK(&sc->hw_reset_work, ath_reset_work); -- INIT_WORK(&sc->hw_check_work, ath_hw_check); -- INIT_WORK(&sc->paprd_work, ath_paprd_calibrate); -- INIT_DELAYED_WORK(&sc->hw_pll_work, ath_hw_pll_work); - sc->last_rssi = ATH_RSSI_DUMMY_MARKER; - - ath_init_leds(sc); -diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c -index 67b862c..2f3aeac 100644 ---- a/drivers/net/wireless/ath/ath9k/recv.c -+++ b/drivers/net/wireless/ath/ath9k/recv.c -@@ -824,6 +824,14 @@ static bool ath9k_rx_accept(struct ath_common *common, - (ATH9K_RXERR_DECRYPT | ATH9K_RXERR_CRC | ATH9K_RXERR_MIC | - ATH9K_RXERR_KEYMISS)); - -+ /* -+ * Key miss events are only relevant for pairwise keys where the -+ * descriptor does contain a valid key index. This has been observed -+ * mostly with CCMP encryption. -+ */ -+ if (rx_stats->rs_keyix == ATH9K_RXKEYIX_INVALID) -+ rx_stats->rs_status &= ~ATH9K_RXERR_KEYMISS; -+ - if (!rx_stats->rs_datalen) - return false; - /* -diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c -index 63e4be4..720edf5 100644 ---- a/fs/cifs/connect.c -+++ b/fs/cifs/connect.c -@@ -756,10 +756,11 @@ standard_receive3(struct TCP_Server_Info *server, struct mid_q_entry *mid) - cifs_dump_mem("Bad SMB: ", buf, - min_t(unsigned int, server->total_read, 48)); - -- if (mid) -- handle_mid(mid, server, smb_buffer, length); -+ if (!mid) -+ return length; - -- return length; -+ handle_mid(mid, server, smb_buffer, length); -+ return 0; - } - - static int -diff --git a/fs/cifs/dir.c b/fs/cifs/dir.c -index d7eeb9d..e4c3334 100644 ---- a/fs/cifs/dir.c -+++ b/fs/cifs/dir.c -@@ -492,7 +492,7 @@ cifs_lookup(struct inode *parent_dir_inode, struct dentry *direntry, - { - int xid; - int rc = 0; /* to get around spurious gcc warning, set to zero here */ -- __u32 oplock = 0; -+ __u32 oplock = enable_oplocks ? REQ_OPLOCK : 0; - __u16 fileHandle = 0; - bool posix_open = false; - struct cifs_sb_info *cifs_sb; -diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c -index 517f211..54f5786 100644 ---- a/fs/fs-writeback.c -+++ b/fs/fs-writeback.c -@@ -48,14 +48,6 @@ struct wb_writeback_work { - }; - - /* -- * Include the creation of the trace points after defining the -- * wb_writeback_work structure so that the definition remains local to this -- * file. -- */ --#define CREATE_TRACE_POINTS --#include <trace/events/writeback.h> -- --/* - * We don't actually have pdflush, but this one is exported though /proc... - */ - int nr_pdflush_threads; -@@ -87,6 +79,14 @@ static inline struct inode *wb_inode(struct list_head *head) - return list_entry(head, struct inode, i_wb_list); - } - -+/* -+ * Include the creation of the trace points after defining the -+ * wb_writeback_work structure and inline functions so that the definition -+ * remains local to this file. -+ */ -+#define CREATE_TRACE_POINTS -+#include <trace/events/writeback.h> -+ - /* Wakeup flusher thread or forker thread to fork it. Requires bdi->wb_lock. */ - static void bdi_wakeup_flusher(struct backing_dev_info *bdi) - { -diff --git a/include/linux/bitops.h b/include/linux/bitops.h -index a3ef66a..fc8a3ff 100644 ---- a/include/linux/bitops.h -+++ b/include/linux/bitops.h -@@ -50,6 +50,26 @@ static inline unsigned long hweight_long(unsigned long w) - } - - /** -+ * rol64 - rotate a 64-bit value left -+ * @word: value to rotate -+ * @shift: bits to roll -+ */ -+static inline __u64 rol64(__u64 word, unsigned int shift) -+{ -+ return (word << shift) | (word >> (64 - shift)); -+} -+ -+/** -+ * ror64 - rotate a 64-bit value right -+ * @word: value to rotate -+ * @shift: bits to roll -+ */ -+static inline __u64 ror64(__u64 word, unsigned int shift) -+{ -+ return (word >> shift) | (word << (64 - shift)); -+} -+ -+/** - * rol32 - rotate a 32-bit value left - * @word: value to rotate - * @shift: bits to roll -diff --git a/include/linux/mmc/dw_mmc.h b/include/linux/mmc/dw_mmc.h -index 6dc9b80..107fcb3 100644 ---- a/include/linux/mmc/dw_mmc.h -+++ b/include/linux/mmc/dw_mmc.h -@@ -14,6 +14,8 @@ - #ifndef LINUX_MMC_DW_MMC_H - #define LINUX_MMC_DW_MMC_H - -+#include <linux/scatterlist.h> -+ - #define MAX_MCI_SLOTS 2 - - enum dw_mci_state { -@@ -40,7 +42,7 @@ struct mmc_data; - * @lock: Spinlock protecting the queue and associated data. - * @regs: Pointer to MMIO registers. - * @sg: Scatterlist entry currently being processed by PIO code, if any. -- * @pio_offset: Offset into the current scatterlist entry. -+ * @sg_miter: PIO mapping scatterlist iterator. - * @cur_slot: The slot which is currently using the controller. - * @mrq: The request currently being processed on @cur_slot, - * or NULL if the controller is idle. -@@ -115,7 +117,7 @@ struct dw_mci { - void __iomem *regs; - - struct scatterlist *sg; -- unsigned int pio_offset; -+ struct sg_mapping_iter sg_miter; - - struct dw_mci_slot *cur_slot; - struct mmc_request *mrq; -diff --git a/include/linux/proportions.h b/include/linux/proportions.h -index ef35bb7..26a8a4e 100644 ---- a/include/linux/proportions.h -+++ b/include/linux/proportions.h -@@ -81,7 +81,11 @@ void prop_inc_percpu(struct prop_descriptor *pd, struct prop_local_percpu *pl) - * Limit the time part in order to ensure there are some bits left for the - * cycle counter and fraction multiply. - */ -+#if BITS_PER_LONG == 32 - #define PROP_MAX_SHIFT (3*BITS_PER_LONG/4) -+#else -+#define PROP_MAX_SHIFT (BITS_PER_LONG/2) -+#endif - - #define PROP_FRAC_SHIFT (BITS_PER_LONG - PROP_MAX_SHIFT - 1) - #define PROP_FRAC_BASE (1UL << PROP_FRAC_SHIFT) -diff --git a/include/trace/events/writeback.h b/include/trace/events/writeback.h -index 99d1d0d..1f48f14 100644 ---- a/include/trace/events/writeback.h -+++ b/include/trace/events/writeback.h -@@ -47,7 +47,10 @@ DECLARE_EVENT_CLASS(writeback_work_class, - __field(int, reason) - ), - TP_fast_assign( -- strncpy(__entry->name, dev_name(bdi->dev), 32); -+ struct device *dev = bdi->dev; -+ if (!dev) -+ dev = default_backing_dev_info.dev; -+ strncpy(__entry->name, dev_name(dev), 32); - __entry->nr_pages = work->nr_pages; - __entry->sb_dev = work->sb ? work->sb->s_dev : 0; - __entry->sync_mode = work->sync_mode; -@@ -418,7 +421,7 @@ DECLARE_EVENT_CLASS(writeback_single_inode_template, - - TP_fast_assign( - strncpy(__entry->name, -- dev_name(inode->i_mapping->backing_dev_info->dev), 32); -+ dev_name(inode_to_bdi(inode)->dev), 32); - __entry->ino = inode->i_ino; - __entry->state = inode->i_state; - __entry->dirtied_when = inode->dirtied_when; -diff --git a/kernel/relay.c b/kernel/relay.c -index 226fade..b6f803a 100644 ---- a/kernel/relay.c -+++ b/kernel/relay.c -@@ -164,10 +164,14 @@ depopulate: - */ - static struct rchan_buf *relay_create_buf(struct rchan *chan) - { -- struct rchan_buf *buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL); -- if (!buf) -+ struct rchan_buf *buf; -+ -+ if (chan->n_subbufs > UINT_MAX / sizeof(size_t *)) - return NULL; - -+ buf = kzalloc(sizeof(struct rchan_buf), GFP_KERNEL); -+ if (!buf) -+ return NULL; - buf->padding = kmalloc(chan->n_subbufs * sizeof(size_t *), GFP_KERNEL); - if (!buf->padding) - goto free_buf; -@@ -574,6 +578,8 @@ struct rchan *relay_open(const char *base_filename, - - if (!(subbuf_size && n_subbufs)) - return NULL; -+ if (subbuf_size > UINT_MAX / n_subbufs) -+ return NULL; - - chan = kzalloc(sizeof(struct rchan), GFP_KERNEL); - if (!chan) -diff --git a/mm/backing-dev.c b/mm/backing-dev.c -index 71034f4..2b49dd2 100644 ---- a/mm/backing-dev.c -+++ b/mm/backing-dev.c -@@ -318,7 +318,7 @@ static void wakeup_timer_fn(unsigned long data) - if (bdi->wb.task) { - trace_writeback_wake_thread(bdi); - wake_up_process(bdi->wb.task); -- } else { -+ } else if (bdi->dev) { - /* - * When bdi tasks are inactive for long time, they are killed. - * In this case we have to wake-up the forker thread which -@@ -584,6 +584,8 @@ EXPORT_SYMBOL(bdi_register_dev); - */ - static void bdi_wb_shutdown(struct backing_dev_info *bdi) - { -+ struct task_struct *task; -+ - if (!bdi_cap_writeback_dirty(bdi)) - return; - -@@ -604,9 +606,14 @@ static void bdi_wb_shutdown(struct backing_dev_info *bdi) - * unfreeze of the thread before calling kthread_stop(), otherwise - * it would never exet if it is currently stuck in the refrigerator. - */ -- if (bdi->wb.task) { -- thaw_process(bdi->wb.task); -- kthread_stop(bdi->wb.task); -+ spin_lock_bh(&bdi->wb_lock); -+ task = bdi->wb.task; -+ bdi->wb.task = NULL; -+ spin_unlock_bh(&bdi->wb_lock); -+ -+ if (task) { -+ thaw_process(task); -+ kthread_stop(task); - } - } - -@@ -627,7 +634,9 @@ static void bdi_prune_sb(struct backing_dev_info *bdi) - - void bdi_unregister(struct backing_dev_info *bdi) - { -- if (bdi->dev) { -+ struct device *dev = bdi->dev; -+ -+ if (dev) { - bdi_set_min_ratio(bdi, 0); - trace_writeback_bdi_unregister(bdi); - bdi_prune_sb(bdi); -@@ -636,8 +645,12 @@ void bdi_unregister(struct backing_dev_info *bdi) - if (!bdi_cap_flush_forker(bdi)) - bdi_wb_shutdown(bdi); - bdi_debug_unregister(bdi); -- device_unregister(bdi->dev); -+ -+ spin_lock_bh(&bdi->wb_lock); - bdi->dev = NULL; -+ spin_unlock_bh(&bdi->wb_lock); -+ -+ device_unregister(dev); - } - } - EXPORT_SYMBOL(bdi_unregister); -diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c -index 5c51607..064d20f 100644 ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -616,7 +616,7 @@ static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw, - index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % - tid_agg_rx->buf_size; - if (!tid_agg_rx->reorder_buf[index] && -- tid_agg_rx->stored_mpdu_num > 1) { -+ tid_agg_rx->stored_mpdu_num) { - /* - * No buffers ready to be released, but check whether any - * frames in the reorder buffer have timed out. -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index 34e5fcc..9c197d4 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -4213,8 +4213,26 @@ enum { - PINFIX_PB_M5210, - PINFIX_ACER_ASPIRE_7736, - PINFIX_ASUS_W90V, -+ ALC889_FIXUP_DAC_ROUTE, - }; - -+/* Fix the connection of some pins for ALC889: -+ * At least, Acer Aspire 5935 shows the connections to DAC3/4 don't -+ * work correctly (bko#42740) -+ */ -+static void alc889_fixup_dac_route(struct hda_codec *codec, -+ const struct alc_fixup *fix, int action) -+{ -+ if (action == ALC_FIXUP_ACT_PRE_PROBE) { -+ hda_nid_t conn1[2] = { 0x0c, 0x0d }; -+ hda_nid_t conn2[2] = { 0x0e, 0x0f }; -+ snd_hda_override_conn_list(codec, 0x14, 2, conn1); -+ snd_hda_override_conn_list(codec, 0x15, 2, conn1); -+ snd_hda_override_conn_list(codec, 0x18, 2, conn2); -+ snd_hda_override_conn_list(codec, 0x1a, 2, conn2); -+ } -+} -+ - static const struct alc_fixup alc882_fixups[] = { - [PINFIX_ABIT_AW9D_MAX] = { - .type = ALC_FIXUP_PINS, -@@ -4251,10 +4269,15 @@ static const struct alc_fixup alc882_fixups[] = { - { } - } - }, -+ [ALC889_FIXUP_DAC_ROUTE] = { -+ .type = ALC_FIXUP_FUNC, -+ .v.func = alc889_fixup_dac_route, -+ }, - }; - - static const struct snd_pci_quirk alc882_fixup_tbl[] = { - SND_PCI_QUIRK(0x1025, 0x0155, "Packard-Bell M5120", PINFIX_PB_M5210), -+ SND_PCI_QUIRK(0x1025, 0x0259, "Acer Aspire 5935", ALC889_FIXUP_DAC_ROUTE), - SND_PCI_QUIRK(0x1043, 0x1873, "ASUS W90V", PINFIX_ASUS_W90V), - SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", PINFIX_LENOVO_Y530), - SND_PCI_QUIRK(0x147b, 0x107a, "Abit AW9D-MAX", PINFIX_ABIT_AW9D_MAX), -diff --git a/sound/pci/hda/patch_via.c b/sound/pci/hda/patch_via.c -index a0a3f50..1fe1308 100644 ---- a/sound/pci/hda/patch_via.c -+++ b/sound/pci/hda/patch_via.c -@@ -665,6 +665,9 @@ static void via_auto_init_analog_input(struct hda_codec *codec) - /* init input-src */ - for (i = 0; i < spec->num_adc_nids; i++) { - int adc_idx = spec->inputs[spec->cur_mux[i]].adc_idx; -+ /* secondary ADCs must have the unique MUX */ -+ if (i > 0 && !spec->mux_nids[i]) -+ break; - if (spec->mux_nids[adc_idx]) { - int mux_idx = spec->inputs[spec->cur_mux[i]].mux_idx; - snd_hda_codec_write(codec, spec->mux_nids[adc_idx], 0, -diff --git a/sound/pci/intel8x0.c b/sound/pci/intel8x0.c -index 11718b49..55f48fb 100644 ---- a/sound/pci/intel8x0.c -+++ b/sound/pci/intel8x0.c -@@ -2102,6 +2102,12 @@ static struct ac97_quirk ac97_quirks[] __devinitdata = { - }, - { - .subvendor = 0x161f, -+ .subdevice = 0x202f, -+ .name = "Gateway M520", -+ .type = AC97_TUNE_INV_EAPD -+ }, -+ { -+ .subvendor = 0x161f, - .subdevice = 0x203a, - .name = "Gateway 4525GZ", /* AD1981B */ - .type = AC97_TUNE_INV_EAPD -diff --git a/tools/perf/bench/mem-memcpy-x86-64-asm.S b/tools/perf/bench/mem-memcpy-x86-64-asm.S -index a57b66e..185a96d 100644 ---- a/tools/perf/bench/mem-memcpy-x86-64-asm.S -+++ b/tools/perf/bench/mem-memcpy-x86-64-asm.S -@@ -1,2 +1,8 @@ - - #include "../../../arch/x86/lib/memcpy_64.S" -+/* -+ * We need to provide note.GNU-stack section, saying that we want -+ * NOT executable stack. Otherwise the final linking will assume that -+ * the ELF stack should not be restricted at all and set it RWX. -+ */ -+.section .note.GNU-stack,"",@progbits -diff --git a/tools/perf/util/evsel.c b/tools/perf/util/evsel.c -index d7915d4..efca198 100644 ---- a/tools/perf/util/evsel.c -+++ b/tools/perf/util/evsel.c -@@ -390,6 +390,7 @@ int perf_event__parse_sample(const union perf_event *event, u64 type, - - data->cpu = data->pid = data->tid = -1; - data->stream_id = data->id = data->time = -1ULL; -+ data->period = 1; - - if (event->header.type != PERF_RECORD_SAMPLE) { - if (!sample_id_all) diff --git a/3.2.7/0000_README b/3.2.9/0000_README index 7342063..4b71aa6 100644 --- a/3.2.7/0000_README +++ b/3.2.9/0000_README @@ -2,11 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1006_linux-3.2.7.patch -From: http://www.kernel.org -Desc: Linux 3.2.7 - -Patch: 4420_grsecurity-2.9-3.2.7-201202251203.patch +Patch: 4420_grsecurity-2.9-3.2.9-201203022148.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.7/4420_grsecurity-2.9-3.2.7-201202251203.patch b/3.2.9/4420_grsecurity-2.9-3.2.9-201203022148.patch index be7621a..fa03b34 100644 --- a/3.2.7/4420_grsecurity-2.9-3.2.7-201202251203.patch +++ b/3.2.9/4420_grsecurity-2.9-3.2.9-201203022148.patch @@ -186,7 +186,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index d1bdc90..e95fe1a 100644 +index 5f1739b..1831396 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -212,32 +212,34 @@ index d1bdc90..e95fe1a 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,46 @@ else +@@ -564,6 +565,48 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS +ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN -+CONSTIFY_PLUGIN := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN ++CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK -+STACKLEAK_PLUGIN := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN -+STACKLEAK_PLUGIN += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 ++STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN ++STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 +endif +ifdef CONFIG_KALLOCSTAT_PLUGIN -+KALLOCSTAT_PLUGIN := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so ++KALLOCSTAT_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kallocstat_plugin.so +endif +ifdef CONFIG_PAX_KERNEXEC_PLUGIN -+KERNEXEC_PLUGIN := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so -+KERNEXEC_PLUGIN += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) ++KERNEXEC_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/kernexec_plugin.so ++KERNEXEC_PLUGIN_CFLAGS += -fplugin-arg-kernexec_plugin-method=$(CONFIG_PAX_KERNEXEC_PLUGIN_METHOD) -DKERNEXEC_PLUGIN ++KERNEXEC_PLUGIN_AFLAGS := -DKERNEXEC_PLUGIN +endif +ifdef CONFIG_CHECKER_PLUGIN +ifeq ($(call cc-ifversion, -ge, 0406, y), y) -+CHECKER_PLUGIN := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN ++CHECKER_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/checker_plugin.so -DCHECKER_PLUGIN +endif +endif -+GCC_PLUGINS := $(CONSTIFY_PLUGIN) $(STACKLEAK_PLUGIN) $(KALLOCSTAT_PLUGIN) $(KERNEXEC_PLUGIN) $(CHECKER_PLUGIN) ++GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) ++GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) +export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: @@ -259,7 +261,7 @@ index d1bdc90..e95fe1a 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +749,7 @@ export mod_strip_cmd +@@ -708,7 +751,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -268,15 +270,16 @@ index d1bdc90..e95fe1a 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +973,7 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +975,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in -+$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS) ++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++$(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +983,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +986,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -285,23 +288,24 @@ index d1bdc90..e95fe1a 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1027,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1030,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. -+prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS),$(KBUILD_CFLAGS)) ++prepare: KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) prepare: prepare0 # Generate some files -@@ -1086,6 +1129,7 @@ all: modules +@@ -1086,6 +1132,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS) ++modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1145,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1101,7 +1149,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -310,7 +314,7 @@ index d1bdc90..e95fe1a 100644 # Target to install modules PHONY += modules_install -@@ -1198,6 +1242,7 @@ distclean: mrproper +@@ -1198,6 +1246,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -318,26 +322,29 @@ index d1bdc90..e95fe1a 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1358,6 +1403,7 @@ PHONY += $(module-dirs) modules +@@ -1358,6 +1407,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) -+modules: KBUILD_CFLAGS += $(GCC_PLUGINS) ++modules: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++modules: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1530,19 @@ else +@@ -1484,17 +1535,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif -%.s: %.c prepare scripts FORCE -+%.s: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.s: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.s: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.s: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.i: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -%.o: %.c prepare scripts FORCE -+%.o: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.o: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.o: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.o: %.c gcc-plugins prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.lst: %.c prepare scripts FORCE @@ -350,18 +357,20 @@ index d1bdc90..e95fe1a 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1552,13 @@ endif +@@ -1504,11 +1559,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%/: prepare scripts FORCE -+%/: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%/: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%/: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%/: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) -%.ko: prepare scripts FORCE -+%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS) ++%.ko: KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) ++%.ko: KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) +%.ko: gcc-plugins prepare scripts FORCE $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ @@ -7304,7 +7313,7 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h -index 091508b..e245ff2 100644 +index 091508b..7692c6f 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h @@ -4,10 +4,10 @@ @@ -7324,7 +7333,7 @@ index 091508b..e245ff2 100644 .endm #endif -+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#ifdef KERNEXEC_PLUGIN + .macro pax_force_retaddr_bts rip=0 + btsq $63,\rip(%rsp) + .endm @@ -8821,7 +8830,7 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index c9e09ea..73888df 100644 +index a850b4d..bae26dc 100644 --- a/arch/x86/include/asm/i387.h +++ b/arch/x86/include/asm/i387.h @@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) @@ -8848,31 +8857,15 @@ index c9e09ea..73888df 100644 /* * Clear the bytes not touched by the fxsave and reserved * for the SW usage. -@@ -213,13 +223,8 @@ static inline void fpu_fxsave(struct fpu *fpu) - #endif /* CONFIG_X86_64 */ - - /* We need a safe address that is cheap to find and that is already -- in L1 during context switch. The best choices are unfortunately -- different for UP and SMP */ --#ifdef CONFIG_SMP --#define safe_address (__per_cpu_offset[0]) --#else --#define safe_address (kstat_cpu(0).cpustat.user) --#endif -+ in L1 during context switch. */ -+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) +@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void) + static inline bool interrupted_user_mode(void) + { + struct pt_regs *regs = get_irq_regs(); +- return regs && user_mode_vm(regs); ++ return regs && user_mode(regs); + } /* - * These must be called with preempt disabled -@@ -312,7 +317,7 @@ static inline void kernel_fpu_begin(void) - struct thread_info *me = current_thread_info(); - preempt_disable(); - if (me->status & TS_USEDFPU) -- __save_init_fpu(me->task); -+ __save_init_fpu(current); - else - clts(); - } diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h index d8e8eef..99f81ae 100644 --- a/arch/x86/include/asm/io.h @@ -9976,7 +9969,7 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index b650435..eefa566 100644 +index bb3ee36..781a6b8 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h @@ -268,7 +268,7 @@ struct tss_struct { @@ -9988,7 +9981,7 @@ index b650435..eefa566 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -10009,7 +10002,7 @@ index b650435..eefa566 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -10018,7 +10011,7 @@ index b650435..eefa566 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -10031,7 +10024,7 @@ index b650435..eefa566 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -10040,7 +10033,7 @@ index b650435..eefa566 100644 __regs__ - 1; \ }) -@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -10056,7 +10049,7 @@ index b650435..eefa566 100644 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -10070,7 +10063,7 @@ index b650435..eefa566 100644 } /* -@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -10601,7 +10594,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index a1fe5c1..ee326d8 100644 +index d7ef849..6af292e 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -10745,7 +10738,7 @@ index a1fe5c1..ee326d8 100644 #endif #endif /* !X86_32 */ -@@ -266,5 +242,16 @@ extern void arch_task_cache_init(void); +@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -15876,7 +15869,7 @@ index faba577..93b9e71 100644 return single_step_cont(regs, args); break; diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 7da647d..5d3c4c1 100644 +index 7da647d..56fe348 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -118,8 +118,11 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -15966,7 +15959,7 @@ index 7da647d..5d3c4c1 100644 " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" -+#ifdef CONFIG_PAX_KERNEXEC_PLUGIN ++#ifdef KERNEXEC_PLUGIN + " btsq $63,(%rsp)\n" +#endif #else @@ -16615,7 +16608,7 @@ index ee5d4fb..426649b 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 795b79f..063767a 100644 +index 8598296..bfadef0 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); @@ -16666,10 +16659,10 @@ index 795b79f..063767a 100644 int cpu = smp_processor_id(); - struct tss_struct *tss = &per_cpu(init_tss, cpu); + struct tss_struct *tss = init_tss + cpu; - bool preload_fpu; + fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -331,6 +332,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -16680,32 +16673,32 @@ index 795b79f..063767a 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -366,6 +371,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); + percpu_write(current_task, next_p); + percpu_write(current_tinfo, &next_p->tinfo); + - if (preload_fpu) - __math_state_restore(); + /* + * Restore %gs if needed (which is common) + */ +@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) -@@ -375,8 +383,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) - if (prev->gs | next->gs) - lazy_load_gs(next->gs); + switch_fpu_finish(next_p, fpu); - percpu_write(current_task, next_p); - return prev_p; } -@@ -406,4 +412,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 3bd7e6e..90b2bcf 100644 +index 6a364a6..b147d11 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -16742,9 +16735,9 @@ index 3bd7e6e..90b2bcf 100644 - struct tss_struct *tss = &per_cpu(init_tss, cpu); + struct tss_struct *tss = init_tss + cpu; unsigned fsindex, gsindex; - bool preload_fpu; + fpu_switch_t fpu; -@@ -475,10 +475,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -16757,7 +16750,7 @@ index 3bd7e6e..90b2bcf 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -540,12 +539,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -17813,7 +17806,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index a8e3eb8..c9dbd7d 100644 +index 31d9d0f..e244dd9 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -17958,25 +17951,17 @@ index a8e3eb8..c9dbd7d 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -568,7 +597,7 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) - void __math_state_restore(void) +@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) + void __math_state_restore(struct task_struct *tsk) { - struct thread_info *thread = current_thread_info(); -- struct task_struct *tsk = thread->task; -+ struct task_struct *tsk = current; - - /* - * Paranoid restore. send a SIGSEGV if we fail to restore the state. -@@ -595,8 +624,7 @@ void __math_state_restore(void) - */ - asmlinkage void math_state_restore(void) - { -- struct thread_info *thread = current_thread_info(); -- struct task_struct *tsk = thread->task; -+ struct task_struct *tsk = current; + /* We need a safe address that is cheap to find and that is already +- in L1. We've just brought in "tsk->thread.has_fpu", so use that */ +-#define safe_address (tsk->thread.has_fpu) ++ in L1. */ ++#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) - if (!tsk_used_math(tsk)) { - local_irq_enable(); + /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception + is pending. Clear the x87 state here by setting it to fixed diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -18387,7 +18372,7 @@ index 9796c2f..f686fbf 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index a391134..d0b63b6e 100644 +index 7110911..e8cdee5 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c @@ -130,7 +130,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, @@ -18399,7 +18384,7 @@ index a391134..d0b63b6e 100644 fx_sw_user->extended_size - FP_XSTATE_MAGIC2_SIZE)); if (err) -@@ -267,7 +267,7 @@ fx_only: +@@ -266,7 +266,7 @@ fx_only: * the other extended state. */ xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); @@ -18408,7 +18393,7 @@ index a391134..d0b63b6e 100644 } /* -@@ -299,7 +299,7 @@ int restore_i387_xstate(void __user *buf) +@@ -295,7 +295,7 @@ int restore_i387_xstate(void __user *buf) if (use_xsave()) err = restore_user_xstate(buf); else @@ -18531,7 +18516,7 @@ index e32243e..a6e6172 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 579a0b5..ed7bbf9 100644 +index 4ea7678..b3a7084 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1305,7 +1305,11 @@ static void reload_tss(void) @@ -33858,7 +33843,7 @@ index 1cfbf22..be96487 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 04e74f4..a960176 100644 +index dfee1b3..a454fb6 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -35611,7 +35596,7 @@ index 6845228..df77141 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 861628e..659ae80 100644 +index e4ddb93..2fc6e0f 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c @@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( @@ -35653,7 +35638,7 @@ index 861628e..659ae80 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); -@@ -4273,7 +4273,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4296,7 +4296,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -35662,7 +35647,7 @@ index 861628e..659ae80 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4522,7 +4522,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4545,7 +4545,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -35671,7 +35656,7 @@ index 861628e..659ae80 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4559,7 +4559,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4582,7 +4582,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -39865,7 +39850,7 @@ index a6395bd..a5b24c4 100644 fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 21ac5ee..31d14e9 100644 +index 21ac5ee..ca0d90f 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -40000,6 +39985,7 @@ index 21ac5ee..31d14e9 100644 return error; } ++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static unsigned long pax_parse_pt_pax_softmode(const struct elf_phdr * const elf_phdata) +{ + unsigned long pax_flags = 0UL; @@ -40145,7 +40131,7 @@ index 21ac5ee..31d14e9 100644 +#endif + +#ifdef CONFIG_PAX_SEGMEXEC -+ if (!(__supported_pte_mask & _PAGE_NX)) { ++ if (!(pax_flags & MF_PAX_PAGEEXEC) || !(__supported_pte_mask & _PAGE_NX)) { + pax_flags &= ~MF_PAX_PAGEEXEC; + pax_flags |= MF_PAX_SEGMEXEC; + } @@ -40319,7 +40305,6 @@ index 21ac5ee..31d14e9 100644 + +} + -+#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_XATTR_PAX_FLAGS) +static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) +{ + unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; @@ -41623,7 +41608,7 @@ index f3a257d..715ac0f 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index d2039ca..a766407 100644 +index af11098..81e3bbe 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, @@ -44407,7 +44392,7 @@ index 637694b..f84a121 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 5008f01..90328a7 100644 +index 744e942..24ef47f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) @@ -44482,7 +44467,7 @@ index 5008f01..90328a7 100644 error = 0; if (s) error = __vfs_follow_link(nd, s); -@@ -1622,6 +1638,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -44504,7 +44489,7 @@ index 5008f01..90328a7 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1649,6 +1680,15 @@ static int do_path_lookup(int dfd, const char *name, +@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name, retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) { @@ -44520,7 +44505,7 @@ index 5008f01..90328a7 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2046,6 +2086,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -44534,7 +44519,7 @@ index 5008f01..90328a7 100644 return 0; } -@@ -2107,6 +2154,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -44551,7 +44536,7 @@ index 5008f01..90328a7 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error = -EISDIR; -@@ -2117,6 +2174,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -44568,7 +44553,7 @@ index 5008f01..90328a7 100644 audit_inode(pathname, dir); goto ok; } -@@ -2138,6 +2205,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(-ECHILD); @@ -44585,7 +44570,7 @@ index 5008f01..90328a7 100644 error = -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2178,6 +2255,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { int mode = op->mode; @@ -44598,7 +44583,7 @@ index 5008f01..90328a7 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2201,6 +2284,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -44607,7 +44592,7 @@ index 5008f01..90328a7 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2210,6 +2295,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* * It already exists. */ @@ -44627,7 +44612,7 @@ index 5008f01..90328a7 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2422,6 +2520,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -44639,7 +44624,7 @@ index 5008f01..90328a7 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2444,6 +2547,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -44660,7 +44645,7 @@ index 5008f01..90328a7 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2511,6 +2628,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44678,7 +44663,7 @@ index 5008f01..90328a7 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2528,6 +2656,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -44688,7 +44673,7 @@ index 5008f01..90328a7 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2577,12 +2708,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) +@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44710,7 +44695,7 @@ index 5008f01..90328a7 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2662,6 +2802,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -44719,7 +44704,7 @@ index 5008f01..90328a7 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2690,6 +2832,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -44735,7 +44720,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2697,6 +2848,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -44744,7 +44729,7 @@ index 5008f01..90328a7 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2759,6 +2912,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -44753,7 +44738,7 @@ index 5008f01..90328a7 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2781,6 +2936,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -44770,7 +44755,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2788,6 +2953,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -44779,7 +44764,7 @@ index 5008f01..90328a7 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2863,10 +3030,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -44798,7 +44783,7 @@ index 5008f01..90328a7 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2938,6 +3113,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -44806,7 +44791,7 @@ index 5008f01..90328a7 100644 int how = 0; int error; -@@ -2961,7 +3137,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -44815,7 +44800,7 @@ index 5008f01..90328a7 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2972,13 +3148,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -44846,7 +44831,7 @@ index 5008f01..90328a7 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3206,6 +3399,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; @@ -44859,7 +44844,7 @@ index 5008f01..90328a7 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3215,6 +3414,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -44869,7 +44854,7 @@ index 5008f01..90328a7 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3240,6 +3442,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -44878,7 +44863,7 @@ index 5008f01..90328a7 100644 int len; len = PTR_ERR(link); -@@ -3249,7 +3453,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -45525,7 +45510,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3a1dafd..1456746 100644 +index 3a1dafd..bf1bd84 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -45633,9 +45618,12 @@ index 3a1dafd..1456746 100644 esp, eip, /* The signal information here is obsolete. -@@ -535,6 +592,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, + struct pid *pid, struct task_struct *task) + { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; - struct mm_struct *mm = get_task_mm(task); +- struct mm_struct *mm = get_task_mm(task); ++ struct mm_struct *mm; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + if (current->exec_id != m->exec_id) { @@ -45643,7 +45631,7 @@ index 3a1dafd..1456746 100644 + return 0; + } +#endif -+ ++ mm = get_task_mm(task); if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); @@ -58438,10 +58426,10 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index e0bc4ff..d79c2fa 100644 +index 10b2288..09180e4 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1608,7 +1608,8 @@ struct file_operations { +@@ -1609,7 +1609,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -59261,7 +59249,7 @@ index 0000000..da390f1 +#endif diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h new file mode 100644 -index 0000000..f885406 +index 0000000..ae576a1 --- /dev/null +++ b/include/linux/grmsg.h @@ -0,0 +1,109 @@ @@ -59316,7 +59304,7 @@ index 0000000..f885406 +#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by " +#define GR_INITF_ACL_MSG "init_variables() failed %s by " +#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader" -+#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by " ++#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by " +#define GR_SHUTS_ACL_MSG "shutdown auth success for " +#define GR_SHUTF_ACL_MSG "shutdown auth failure for " +#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for " @@ -61270,7 +61258,7 @@ index c14fe86..393245e 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 703cfa3..0b8ca72ac 100644 +index 703cfa33..0b8ca72ac 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -155,7 +155,11 @@ enum @@ -61790,10 +61778,10 @@ index 9e5425b..8136ffc 100644 /* Protects from simultaneous access to first_req list */ spinlock_t info_list_lock; diff --git a/include/net/flow.h b/include/net/flow.h -index 57f15a7..0de26c6 100644 +index 2a7eefd..3250f3b 100644 --- a/include/net/flow.h +++ b/include/net/flow.h -@@ -208,6 +208,6 @@ extern struct flow_cache_object *flow_cache_lookup( +@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup( extern void flow_cache_flush(void); extern void flow_cache_flush_deferred(void); @@ -62188,7 +62176,7 @@ index 444cd6b..3327cc5 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index a79886c..b483af6 100644 +index 94bbec3..3a8c6b0 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h @@ -346,7 +346,7 @@ struct t10_reservation_ops { @@ -62211,7 +62199,7 @@ index a79886c..b483af6 100644 atomic_t t_transport_active; atomic_t t_transport_complete; atomic_t t_transport_queue_active; -@@ -704,7 +704,7 @@ struct se_device { +@@ -705,7 +705,7 @@ struct se_device { /* Active commands on this virtual SE device */ atomic_t simple_cmds; atomic_t depth_left; @@ -62716,7 +62704,7 @@ index 5b4293d..f179875 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 7385de2..a8180e0 100644 +index 7385de2..a8180e08 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -63626,10 +63614,10 @@ index e6e01b9..619f837 100644 if (group_dead) diff --git a/kernel/fork.c b/kernel/fork.c -index da4a6a1..0973380 100644 +index 0acf42c0..9e40e2e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -280,7 +280,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -63638,7 +63626,7 @@ index da4a6a1..0973380 100644 #endif /* -@@ -304,13 +304,77 @@ out: +@@ -305,13 +305,77 @@ out: } #ifdef CONFIG_MMU @@ -63718,7 +63706,7 @@ index da4a6a1..0973380 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -322,8 +386,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -63729,7 +63717,7 @@ index da4a6a1..0973380 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -339,8 +403,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -63738,7 +63726,7 @@ index da4a6a1..0973380 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -348,53 +410,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -63796,7 +63784,7 @@ index da4a6a1..0973380 100644 /* * Link in the new vma and copy the page table entries. -@@ -417,6 +437,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -63828,7 +63816,7 @@ index da4a6a1..0973380 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -425,14 +470,6 @@ out: +@@ -426,14 +471,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -63843,7 +63831,7 @@ index da4a6a1..0973380 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -644,6 +681,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) +@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) } EXPORT_SYMBOL_GPL(get_task_mm); @@ -63870,7 +63858,7 @@ index da4a6a1..0973380 100644 /* Please note the differences between mmput and mm_release. * mmput is called whenever we stop holding onto a mm_struct, * error success whatever. -@@ -829,13 +886,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -63886,7 +63874,7 @@ index da4a6a1..0973380 100644 return 0; } -@@ -1097,6 +1155,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -63896,7 +63884,7 @@ index da4a6a1..0973380 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1256,6 +1317,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -63905,7 +63893,7 @@ index da4a6a1..0973380 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1418,6 +1481,8 @@ bad_fork_cleanup_count: +@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -63914,7 +63902,7 @@ index da4a6a1..0973380 100644 return ERR_PTR(retval); } -@@ -1518,6 +1583,8 @@ long do_fork(unsigned long clone_flags, +@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -63923,7 +63911,7 @@ index da4a6a1..0973380 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1627,7 +1694,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -63932,7 +63920,7 @@ index da4a6a1..0973380 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1716,7 +1783,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -70622,7 +70610,7 @@ index 7fa41b4..6087460 100644 return count; } diff --git a/mm/nommu.c b/mm/nommu.c -index b982290..7d73f53 100644 +index ee7e57e..cae4e40 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -70633,7 +70621,7 @@ index b982290..7d73f53 100644 atomic_long_t mmap_pages_allocated; -@@ -825,15 +824,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -829,15 +828,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -70649,7 +70637,7 @@ index b982290..7d73f53 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1553,6 +1543,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1557,6 +1547,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -72725,7 +72713,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 5a13edf..a6f2bd2 100644 +index c56cacf..b28e35f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) @@ -72797,7 +72785,7 @@ index 5a13edf..a6f2bd2 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3891,7 +3895,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -72806,7 +72794,7 @@ index 5a13edf..a6f2bd2 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5949,7 +5953,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -73386,7 +73374,7 @@ index 94cdbc5..0cb0063 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index c89e354..8bd55c8 100644 +index eb90aa8..22bf114 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; @@ -73399,7 +73387,7 @@ index c89e354..8bd55c8 100644 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1627,6 +1630,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1632,6 +1635,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -73409,7 +73397,7 @@ index c89e354..8bd55c8 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1689,12 +1695,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1694,12 +1700,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -73432,7 +73420,7 @@ index c89e354..8bd55c8 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1744,6 +1757,10 @@ no_tcp_socket: +@@ -1749,6 +1762,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -73443,7 +73431,7 @@ index c89e354..8bd55c8 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2404,7 +2421,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, +@@ -2409,7 +2426,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -73455,7 +73443,7 @@ index c89e354..8bd55c8 100644 len); } -@@ -2454,7 +2475,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2459,7 +2480,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -73469,7 +73457,7 @@ index c89e354..8bd55c8 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2482,7 +2508,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, +@@ -2487,7 +2513,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -74217,7 +74205,7 @@ index 30d7355..e260095 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index a7536fd..4039cc0 100644 +index 7d9b21d..0687004 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c @@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) @@ -74364,7 +74352,7 @@ index 29fa5ba..8debc79 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 093cc32..9209ae1 100644 +index 6dc7d7d..e45913a 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -75928,7 +75916,7 @@ index 9049a5c..cfa6f5c 100644 } diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index d2b366c..51ff91e 100644 +index d2b366c..51ff91ebc 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -109,7 +109,7 @@ endif @@ -77804,7 +77792,7 @@ index a39edcc..1014050 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..29b6b75 +index 0000000..481a163 --- /dev/null +++ b/tools/gcc/Makefile @@ -0,0 +1,21 @@ @@ -77814,7 +77802,7 @@ index 0000000..29b6b75 +GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + -+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu99 ++HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu99 -ggdb + +hostlibs-y := constify_plugin.so +hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so @@ -78923,10 +78911,10 @@ index 0000000..008f159 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..8b61031 +index 0000000..4a9b187 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,295 @@ +@@ -0,0 +1,326 @@ +/* + * Copyright 2011 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -78973,10 +78961,12 @@ index 0000000..8b61031 +static int track_frame_size = -1; +static const char track_function[] = "pax_track_stack"; +static const char check_function[] = "pax_check_alloca"; ++static tree pax_check_alloca_decl; ++static tree pax_track_stack_decl; +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201111150100", ++ .version = "201203021600", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -79029,27 +79019,20 @@ index 0000000..8b61031 +static void stackleak_check_alloca(gimple_stmt_iterator *gsi) +{ + gimple check_alloca; -+ tree fndecl, fntype, alloca_size; ++ tree alloca_size; + + // insert call to void pax_check_alloca(unsigned long size) -+ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); -+ fndecl = build_fn_decl(check_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO + alloca_size = gimple_call_arg(gsi_stmt(*gsi), 0); -+ check_alloca = gimple_build_call(fndecl, 1, alloca_size); ++ check_alloca = gimple_build_call(pax_check_alloca_decl, 1, alloca_size); + gsi_insert_before(gsi, check_alloca, GSI_SAME_STMT); +} + +static void stackleak_add_instrumentation(gimple_stmt_iterator *gsi) +{ + gimple track_stack; -+ tree fndecl, fntype; + + // insert call to void pax_track_stack(void) -+ fntype = build_function_type_list(void_type_node, NULL_TREE); -+ fndecl = build_fn_decl(track_function, fntype); -+ DECL_ASSEMBLER_NAME(fndecl); // for LTO -+ track_stack = gimple_build_call(fndecl, 0); ++ track_stack = gimple_build_call(pax_track_stack_decl, 0); + gsi_insert_after(gsi, track_stack, GSI_CONTINUE_LINKING); +} + @@ -79086,7 +79069,7 @@ index 0000000..8b61031 +static unsigned int execute_stackleak_tree_instrument(void) +{ + basic_block bb, entry_bb; -+ bool prologue_instrumented = false; ++ bool prologue_instrumented = false, is_leaf = true; + + entry_bb = ENTRY_BLOCK_PTR_FOR_FUNCTION(cfun)->next_bb; + @@ -79095,8 +79078,15 @@ index 0000000..8b61031 + gimple_stmt_iterator gsi; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { ++ gimple stmt; ++ ++ stmt = gsi_stmt(gsi); ++ ++ if (is_gimple_call(stmt)) ++ is_leaf = false; ++ + // gimple match: align 8 built-in BUILT_IN_NORMAL:BUILT_IN_ALLOCA attributes <tree_list 0xb7576450> -+ if (!is_alloca(gsi_stmt(gsi))) ++ if (!is_alloca(stmt)) + continue; + + // 2. insert stack overflow check before each __builtin_alloca call @@ -79109,6 +79099,13 @@ index 0000000..8b61031 + } + } + ++ // special case for some bad linux code: taking the address of static inline functions will materialize them ++ // but we mustn't instrument some of them as the resulting stack alignment required by the function call ABI ++ // will break other assumptions regarding the expected (but not otherwise enforced) register clobbering ABI. ++ // case in point: native_save_fl on amd64 when optimized for size clobbers rdx if it were instrumented here. ++ if (is_leaf && !TREE_PUBLIC(current_function_decl) && DECL_DECLARED_INLINE_P(current_function_decl)) ++ return 0; ++ + // 4. insert track call at the beginning + if (!prologue_instrumented) { + gimple_stmt_iterator gsi; @@ -79168,6 +79165,27 @@ index 0000000..8b61031 + return 0; +} + ++static void stackleak_start_unit(void *gcc_data, void *user_dat) ++{ ++ tree fntype; ++ ++ // declare void pax_check_alloca(unsigned long size) ++ fntype = build_function_type_list(void_type_node, long_unsigned_type_node, NULL_TREE); ++ pax_check_alloca_decl = build_fn_decl(check_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_check_alloca_decl); // for LTO ++ TREE_PUBLIC(pax_check_alloca_decl) = 1; ++ DECL_EXTERNAL(pax_check_alloca_decl) = 1; ++ DECL_ARTIFICIAL(pax_check_alloca_decl) = 1; ++ ++ // declare void pax_track_stack(void) ++ fntype = build_function_type_list(void_type_node, NULL_TREE); ++ pax_track_stack_decl = build_fn_decl(track_function, fntype); ++ DECL_ASSEMBLER_NAME(pax_track_stack_decl); // for LTO ++ TREE_PUBLIC(pax_track_stack_decl) = 1; ++ DECL_EXTERNAL(pax_track_stack_decl) = 1; ++ DECL_ARTIFICIAL(pax_track_stack_decl) = 1; ++} ++ +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) +{ + const char * const plugin_name = plugin_info->base_name; @@ -79179,7 +79197,7 @@ index 0000000..8b61031 +// .reference_pass_name = "tree_profile", + .reference_pass_name = "optimized", + .ref_pass_instance_number = 0, -+ .pos_op = PASS_POS_INSERT_AFTER ++ .pos_op = PASS_POS_INSERT_BEFORE + }; + struct register_pass_info stackleak_final_pass_info = { + .pass = &stackleak_final_rtl_opt_pass.pass, @@ -79217,6 +79235,7 @@ index 0000000..8b61031 + error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); + } + ++ register_callback("start_unit", PLUGIN_START_UNIT, &stackleak_start_unit, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_tree_instrument_pass_info); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &stackleak_final_pass_info); + diff --git a/3.2.7/4425_grsec_enable_xtpax.patch b/3.2.9/4425_grsec_enable_xtpax.patch index 9735ecf..9735ecf 100644 --- a/3.2.7/4425_grsec_enable_xtpax.patch +++ b/3.2.9/4425_grsec_enable_xtpax.patch diff --git a/3.2.7/4430_grsec-remove-localversion-grsec.patch b/3.2.9/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.7/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.9/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.7/4435_grsec-mute-warnings.patch b/3.2.9/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.7/4435_grsec-mute-warnings.patch +++ b/3.2.9/4435_grsec-mute-warnings.patch diff --git a/3.2.7/4440_grsec-remove-protected-paths.patch b/3.2.9/4440_grsec-remove-protected-paths.patch index 4afb3e2..5602e8e 100644 --- a/3.2.7/4440_grsec-remove-protected-paths.patch +++ b/3.2.9/4440_grsec-remove-protected-paths.patch @@ -6,7 +6,7 @@ the filesystem. diff -Naur a/grsecurity/Makefile b/grsecurity/Makefile --- a/grsecurity/Makefile 2011-10-19 20:42:50.000000000 -0400 +++ b/grsecurity/Makefile 2011-10-19 20:45:08.000000000 -0400 -@@ -27,10 +27,4 @@ +@@ -31,10 +31,4 @@ ifdef CONFIG_GRKERNSEC_HIDESYM extra-y := grsec_hidesym.o $(obj)/grsec_hidesym.o: diff --git a/3.2.7/4445_grsec-pax-without-grsec.patch b/3.2.9/4445_grsec-pax-without-grsec.patch index 9992f51..0ef9311 100644 --- a/3.2.7/4445_grsec-pax-without-grsec.patch +++ b/3.2.9/4445_grsec-pax-without-grsec.patch @@ -36,7 +36,7 @@ diff -Naur a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c diff -Naur a/fs/exec.c b/fs/exec.c --- a/fs/exec.c 2011-04-17 19:05:03.000000000 -0400 +++ b/fs/exec.c 2011-04-17 19:20:30.000000000 -0400 -@@ -2004,9 +2004,11 @@ +@@ -2024,9 +2024,11 @@ } up_read(&mm->mmap_sem); } @@ -48,7 +48,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -@@ -2021,10 +2023,12 @@ +@@ -2041,10 +2043,12 @@ #ifdef CONFIG_PAX_REFCOUNT void pax_report_refcount_overflow(struct pt_regs *regs) { @@ -61,7 +61,7 @@ diff -Naur a/fs/exec.c b/fs/exec.c printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), current_uid(), current_euid()); print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); -@@ -2083,10 +2087,12 @@ +@@ -2103,10 +2107,12 @@ NORET_TYPE void pax_report_usercopy(const void *ptr, unsigned long len, bool to, const char *type) { diff --git a/3.2.7/4450_grsec-kconfig-default-gids.patch b/3.2.9/4450_grsec-kconfig-default-gids.patch index 0807a4e..71b2089 100644 --- a/3.2.7/4450_grsec-kconfig-default-gids.patch +++ b/3.2.9/4450_grsec-kconfig-default-gids.patch @@ -12,7 +12,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-12-12 16:54:30.000000000 -0500 +++ b/grsecurity/Kconfig 2011-12-12 16:55:09.000000000 -0500 -@@ -434,7 +434,7 @@ +@@ -440,7 +440,7 @@ config GRKERNSEC_PROC_GID int "GID for special group" depends on GRKERNSEC_PROC_USERGROUP @@ -21,7 +21,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_PROC_ADD bool "Additional restrictions" -@@ -662,7 +662,7 @@ +@@ -668,7 +668,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -30,7 +30,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -866,7 +866,7 @@ +@@ -872,7 +872,7 @@ config GRKERNSEC_TPE_GID int "GID for untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -39,7 +39,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -875,7 +875,7 @@ +@@ -881,7 +881,7 @@ config GRKERNSEC_TPE_GID int "GID for trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -48,7 +48,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -948,7 +948,7 @@ +@@ -954,7 +954,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -57,7 +57,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -969,7 +969,7 @@ +@@ -975,7 +975,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -66,7 +66,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -987,7 +987,7 @@ +@@ -993,7 +993,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.2.7/4455_grsec-kconfig-gentoo.patch b/3.2.9/4455_grsec-kconfig-gentoo.patch index 587b7d9..587b7d9 100644 --- a/3.2.7/4455_grsec-kconfig-gentoo.patch +++ b/3.2.9/4455_grsec-kconfig-gentoo.patch diff --git a/3.2.7/4460-grsec-kconfig-proc-user.patch b/3.2.9/4460-grsec-kconfig-proc-user.patch index 72b894a..1081ed5 100644 --- a/3.2.7/4460-grsec-kconfig-proc-user.patch +++ b/3.2.9/4460-grsec-kconfig-proc-user.patch @@ -6,7 +6,7 @@ in a different way to avoid bug #366019. This patch should eventually go upstre diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-06-29 10:02:56.000000000 -0400 +++ b/grsecurity/Kconfig 2011-06-29 10:08:07.000000000 -0400 -@@ -668,7 +668,7 @@ +@@ -674,7 +674,7 @@ config GRKERNSEC_PROC_USER bool "Restrict /proc to user only" @@ -15,7 +15,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help If you say Y here, non-root users will only be able to view their own processes, and restricts them from viewing network-related information, -@@ -676,7 +676,7 @@ +@@ -682,7 +682,7 @@ config GRKERNSEC_PROC_USERGROUP bool "Allow special group" diff --git a/3.2.7/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.9/4465_selinux-avc_audit-log-curr_ip.patch index 7c9894c..cbd978d 100644 --- a/3.2.7/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.9/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -1297,6 +1297,27 @@ +@@ -1303,6 +1303,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.7/4470_disable-compat_vdso.patch b/3.2.9/4470_disable-compat_vdso.patch index 4742d01..4742d01 100644 --- a/3.2.7/4470_disable-compat_vdso.patch +++ b/3.2.9/4470_disable-compat_vdso.patch |