diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2012-06-18 08:45:44 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2012-06-18 08:45:44 -0400 |
| commit | 230909a311c93618d18dd8cb92ba15bea420bd07 (patch) | |
| tree | b024633b4faba3df9cb08c058f3f2d9b83608af2 | |
| parent | Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.2}-201206160836 (diff) | |
| download | hardened-patchset-20120617.tar.gz hardened-patchset-20120617.tar.bz2 hardened-patchset-20120617.zip | |
Grsec/PaX: 2.9-{2.6.32.59,3.2.20,3.4.3}-20120617183620120617
| -rw-r--r-- | 2.6.32/0000_README | 2 | ||||
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206160835.patch) | 418 | ||||
| -rw-r--r-- | 3.2.20/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.20/4420_grsecurity-2.9.1-3.2.20-201206171957.patch (renamed from 3.2.20/4420_grsecurity-2.9.1-3.2.20-201206160836.patch) | 283 | ||||
| -rw-r--r-- | 3.4.3/0000_README (renamed from 3.4.2/0000_README) | 6 | ||||
| -rw-r--r-- | 3.4.3/1002_linux-3.4.3.patch | 1622 | ||||
| -rw-r--r-- | 3.4.3/4420_grsecurity-2.9.1-3.4.3-201206171836.patch (renamed from 3.4.2/4420_grsecurity-2.9.1-3.4.2-201206160836.patch) | 137 | ||||
| -rw-r--r-- | 3.4.3/4430_grsec-remove-localversion-grsec.patch (renamed from 3.4.2/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4435_grsec-mute-warnings.patch (renamed from 3.4.2/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4440_grsec-remove-protected-paths.patch (renamed from 3.4.2/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4445_grsec-pax-without-grsec.patch (renamed from 3.4.2/4445_grsec-pax-without-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4450_grsec-kconfig-default-gids.patch (renamed from 3.4.2/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4455_grsec-kconfig-gentoo.patch (renamed from 3.4.2/4455_grsec-kconfig-gentoo.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4460-grsec-kconfig-proc-user.patch (renamed from 3.4.2/4460-grsec-kconfig-proc-user.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.4.2/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.4.3/4470_disable-compat_vdso.patch (renamed from 3.4.2/4470_disable-compat_vdso.patch) | 0 |
16 files changed, 2160 insertions, 310 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 75c3519..e239f2b 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201206160835.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206160835.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch index 249ffe4..eff2b70 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206160835.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201206171956.patch @@ -221,7 +221,7 @@ index 613da5d..4fe3eda 100644 M: Liam Girdwood <lrg@slimlogic.co.uk> M: Mark Brown <broonie@opensource.wolfsonmicro.com> diff --git a/Makefile b/Makefile -index 3a9a721..683dc09 100644 +index 3a9a721..69f34e7 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -256,12 +256,13 @@ index 3a9a721..683dc09 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,55 @@ else +@@ -526,6 +527,56 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS -+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN @@ -291,7 +292,7 @@ index 3a9a721..683dc09 100644 +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) +GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN ++export PLUGINCC CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -312,7 +313,7 @@ index 3a9a721..683dc09 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +697,7 @@ export mod_strip_cmd +@@ -647,7 +698,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -321,7 +322,7 @@ index 3a9a721..683dc09 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +918,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +919,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -330,7 +331,7 @@ index 3a9a721..683dc09 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +929,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +930,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -339,7 +340,7 @@ index 3a9a721..683dc09 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1038,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1039,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -347,7 +348,7 @@ index 3a9a721..683dc09 100644 prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1180,8 @@ all: modules +@@ -1127,6 +1181,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -356,7 +357,7 @@ index 3a9a721..683dc09 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1191,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1192,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -365,7 +366,7 @@ index 3a9a721..683dc09 100644 # Target to install modules PHONY += modules_install -@@ -1201,7 +1256,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ +@@ -1201,7 +1257,7 @@ MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ include/linux/utsrelease.h \ include/linux/bounds.h include/asm*/asm-offsets.h \ @@ -374,7 +375,7 @@ index 3a9a721..683dc09 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1300,7 @@ distclean: mrproper +@@ -1245,7 +1301,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -383,7 +384,7 @@ index 3a9a721..683dc09 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1347,7 @@ help: +@@ -1292,6 +1348,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -391,7 +392,7 @@ index 3a9a721..683dc09 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1449,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1450,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -400,7 +401,7 @@ index 3a9a721..683dc09 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1506,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1507,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -409,7 +410,7 @@ index 3a9a721..683dc09 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1571,21 @@ else +@@ -1513,17 +1572,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -435,7 +436,7 @@ index 3a9a721..683dc09 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1595,15 @@ endif +@@ -1533,11 +1596,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -14192,7 +14193,7 @@ index 61c5874..8a046e9 100644 # include "uaccess_32.h" #else diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 632fb44..b8785282 100644 +index 632fb44..9aef8c8 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -12,15 +12,15 @@ @@ -14287,7 +14288,7 @@ index 632fb44..b8785282 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -182,14 +205,62 @@ static __always_inline unsigned long +@@ -182,14 +205,86 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { @@ -14298,6 +14299,22 @@ index 632fb44..b8785282 100644 + return __copy_from_user_ll_nocache_nozero(to, from, n); +} + ++extern void copy_to_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_to_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_to_user() buffer size is not provably correct") ++#endif ++; ++ ++extern void copy_from_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_from_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_from_user() buffer size is not provably correct") ++#endif ++; ++ +/** + * copy_to_user: - Copy a block of data into user space. + * @to: Destination address, in user space. @@ -14314,7 +14331,11 @@ index 632fb44..b8785282 100644 +static __always_inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ -+ if (access_ok(VERIFY_WRITE, to, n)) ++ int sz = __compiletime_object_size(from); ++ ++ if (unlikely(sz != -1 && sz < n)) ++ copy_to_user_overflow(); ++ else if (access_ok(VERIFY_WRITE, to, n)) + n = __copy_to_user(to, from, n); + return n; +} @@ -14338,7 +14359,11 @@ index 632fb44..b8785282 100644 +static __always_inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) +{ -+ if (access_ok(VERIFY_READ, from, n)) ++ int sz = __compiletime_object_size(to); ++ ++ if (unlikely(sz != -1 && sz < n)) ++ copy_from_user_overflow(); ++ else if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); + else if ((long)n > 0) { + if (!__builtin_constant_p(n)) @@ -14356,7 +14381,7 @@ index 632fb44..b8785282 100644 long __must_check strncpy_from_user(char *dst, const char __user *src, long count); long __must_check __strncpy_from_user(char *dst, -@@ -212,7 +283,7 @@ long __must_check __strncpy_from_user(char *dst, +@@ -212,7 +307,7 @@ long __must_check __strncpy_from_user(char *dst, #define strlen_user(str) strnlen_user(str, LONG_MAX) long strnlen_user(const char __user *str, long n); @@ -14367,7 +14392,7 @@ index 632fb44..b8785282 100644 #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index db24b21..00b1ea6 100644 +index db24b21..443d022 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -9,6 +9,9 @@ @@ -14380,7 +14405,7 @@ index db24b21..00b1ea6 100644 /* * Copy To/From Userspace -@@ -16,116 +19,205 @@ +@@ -16,116 +19,233 @@ /* Handles exceptions in both to and from, but doesn't do access_ok */ __must_check unsigned long @@ -14394,12 +14419,29 @@ index db24b21..00b1ea6 100644 -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); +copy_in_user(void __user *to, const void __user *from, unsigned long len); ++ ++extern void copy_to_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_to_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_to_user() buffer size is not provably correct") ++#endif ++; ++ ++extern void copy_from_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_from_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_from_user() buffer size is not provably correct") ++#endif ++; static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) { - int ret = 0; ++ int sz = __compiletime_object_size(dst); + unsigned ret = 0; might_fault(); @@ -14414,6 +14456,11 @@ index db24b21..00b1ea6 100644 + return size; +#endif + ++ if (unlikely(sz != -1 && sz < size)) { ++ copy_from_user_overflow(); ++ return size; ++ } ++ + if (!__builtin_constant_p(size)) { + check_object_size(dst, size, false); + @@ -14480,6 +14527,7 @@ index db24b21..00b1ea6 100644 +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) { - int ret = 0; ++ int sz = __compiletime_object_size(dst); + unsigned ret = 0; might_fault(); @@ -14496,6 +14544,11 @@ index db24b21..00b1ea6 100644 + return size; +#endif + ++ if (unlikely(sz != -1 && sz < size)) { ++ copy_to_user_overflow(); ++ return size; ++ } ++ + if (!__builtin_constant_p(size)) { + check_object_size(src, size, true); + @@ -14624,7 +14677,7 @@ index db24b21..00b1ea6 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -134,7 +226,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -134,7 +254,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -14633,7 +14686,7 @@ index db24b21..00b1ea6 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -144,7 +236,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -144,7 +264,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -14642,7 +14695,7 @@ index db24b21..00b1ea6 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -153,7 +245,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -153,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -14651,7 +14704,7 @@ index db24b21..00b1ea6 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -161,8 +253,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -161,8 +281,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -14670,7 +14723,7 @@ index db24b21..00b1ea6 100644 } } -@@ -173,36 +273,78 @@ __strncpy_from_user(char *dst, const char __user *src, long count); +@@ -173,36 +301,78 @@ __strncpy_from_user(char *dst, const char __user *src, long count); __must_check long strnlen_user(const char __user *str, long n); __must_check long __strnlen_user(const char __user *str, long n); __must_check long strlen_user(const char __user *str); @@ -25034,7 +25087,7 @@ index bf9a7d5..fb06ab5 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 1f118d4..fc661b0 100644 +index 1f118d4..a99a1eb 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -25581,7 +25634,7 @@ index 1f118d4..fc661b0 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,59 +949,38 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -827,59 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -25610,29 +25663,15 @@ index 1f118d4..fc661b0 100644 - */ -unsigned long -copy_to_user(void __user *to, const void *from, unsigned long n) -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+void __set_fs(mm_segment_t x) ++void copy_from_user_overflow(void) { - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; -+ switch (x.seg) { -+ case 0: -+ loadsegment(gs, 0); -+ break; -+ case TASK_SIZE_MAX: -+ loadsegment(gs, __USER_DS); -+ break; -+ case -1UL: -+ loadsegment(gs, __KERNEL_DS); -+ break; -+ default: -+ BUG(); -+ } -+ return; ++ WARN(1, "Buffer overflow detected!\n"); } -EXPORT_SYMBOL(copy_to_user); -+EXPORT_SYMBOL(__set_fs); ++EXPORT_SYMBOL(copy_from_user_overflow); -/** - * copy_from_user: - Copy a block of data from user space. @@ -25652,21 +25691,47 @@ index 1f118d4..fc661b0 100644 - */ -unsigned long -copy_from_user(void *to, const void __user *from, unsigned long n) -+void set_fs(mm_segment_t x) ++void copy_to_user_overflow(void) { - if (access_ok(VERIFY_READ, from, n)) - n = __copy_from_user(to, from, n); - else - memset(to, 0, n); - return n; -+ current_thread_info()->addr_limit = x; -+ __set_fs(x); ++ WARN(1, "Buffer overflow detected!\n"); } -EXPORT_SYMBOL(copy_from_user); ++EXPORT_SYMBOL(copy_to_user_overflow); ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++void __set_fs(mm_segment_t x) ++{ ++ switch (x.seg) { ++ case 0: ++ loadsegment(gs, 0); ++ break; ++ case TASK_SIZE_MAX: ++ loadsegment(gs, __USER_DS); ++ break; ++ case -1UL: ++ loadsegment(gs, __KERNEL_DS); ++ break; ++ default: ++ BUG(); ++ } ++ return; ++} ++EXPORT_SYMBOL(__set_fs); ++ ++void set_fs(mm_segment_t x) ++{ ++ current_thread_info()->addr_limit = x; ++ __set_fs(x); ++} +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..8633ad8 100644 +index b7c2849..ca4b1cb 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -42,6 +42,12 @@ long @@ -25730,6 +25795,22 @@ index b7c2849..8633ad8 100644 { char c; unsigned zero_len; +@@ -181,3 +201,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) + break; + return len; + } ++ ++void copy_from_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_to_user_overflow); diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c index 61b41ca..5fef66a 100644 --- a/arch/x86/mm/extable.c @@ -85496,7 +85577,7 @@ index c8f2a5f7..1618a5c 100644 /* audit system wants to get cap info from files as well */ struct dentry; diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 450fa59..246fa19 100644 +index 450fa59..7c875cb 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h @@ -14,6 +14,9 @@ @@ -85509,7 +85590,7 @@ index 450fa59..246fa19 100644 /* * A trick to suppress uninitialized variable warning without generating any * code -@@ -36,4 +39,16 @@ +@@ -36,4 +39,23 @@ the kernel context */ #define __cold __attribute__((__cold__)) @@ -85517,6 +85598,7 @@ index 450fa59..246fa19 100644 +#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) +#define __bos0(ptr) __bos((ptr), 0) +#define __bos1(ptr) __bos((ptr), 1) ++#endif + +#if __GNUC_MINOR__ >= 5 +#ifdef CONSTIFY_PLUGIN @@ -85525,9 +85607,15 @@ index 450fa59..246fa19 100644 +#endif +#endif + ++#if __GNUC_MINOR__ > 0 ++#define __compiletime_object_size(obj) __builtin_object_size(obj, 0) ++#endif ++#if __GNUC_MINOR__ >= 4 && !defined(__CHECKER__) ++#define __compiletime_warning(message) __attribute__((warning(message))) ++#define __compiletime_error(message) __attribute__((error(message))) #endif diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 04fb513..6189f3b 100644 +index 04fb513..edaeada 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,11 +5,14 @@ @@ -85621,7 +85709,27 @@ index 04fb513..6189f3b 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -278,6 +329,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -266,6 +317,19 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); + # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) + #endif + ++/* Compile time object size, -1 for unknown */ ++#ifndef __compiletime_object_size ++# define __compiletime_object_size(obj) -1 ++#endif ++#ifndef __compiletime_warning ++# define __compiletime_warning(message) ++#endif ++#ifndef __compiletime_error ++# define __compiletime_error(message) ++#endif ++#ifndef __linktime_error ++# define __linktime_error(message) ++#endif + /* + * Prevent the compiler from merging or refetching accesses. The compiler + * is also forbidden from reordering successive instances of ACCESS_ONCE(), +@@ -278,6 +342,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -104317,7 +104425,7 @@ index 45b7d56..19e828c 100644 .store = foo_attr_store, }; diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index 341b589..405aed3 100644 +index 341b589..29fffe0 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -59,7 +59,7 @@ endif @@ -104325,7 +104433,7 @@ index 341b589..405aed3 100644 # Do not include host rules unless needed -ifneq ($(hostprogs-y)$(hostprogs-m),) -+ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m),) ++ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m)$(hostcxxlibs-y)$(hostcxxlibs-m),) include scripts/Makefile.host endif @@ -104344,24 +104452,75 @@ index 6f89fbb..53adc9c 100644 # as clean-files is given relative to the current directory, this adds # a $(obj) prefix, except for absolute paths diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 1ac414f..a1c1451 100644 +index 1ac414f..38575f7 100644 --- a/scripts/Makefile.host +++ b/scripts/Makefile.host -@@ -31,6 +31,7 @@ +@@ -31,6 +31,8 @@ # Note: Shared libraries consisting of C++ files are not supported __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m)) ++__hostcxxlibs := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) # C code # Executables compiled from a single .c file -@@ -54,6 +55,7 @@ host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) +@@ -54,11 +56,15 @@ host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) # Shared libaries (only .c supported) # Shared libraries (.so) - all .so files referenced in "xxx-objs" host-cshlib := $(sort $(filter %.so, $(host-cobjs))) +host-cshlib += $(sort $(filter %.so, $(__hostlibs))) ++host-cxxshlib := $(sort $(filter %.so, $(__hostcxxlibs))) # Remove .so files from "xxx-objs" host-cobjs := $(filter-out %.so,$(host-cobjs)) ++host-cxxobjs := $(filter-out %.so,$(host-cxxobjs)) + +-#Object (.o) files used by the shared libaries ++# Object (.o) files used by the shared libaries + host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) ++host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) + + # output directory for programs/.o files + # hostprogs-y := tools/build may have been specified. Retrieve directory +@@ -82,7 +88,9 @@ host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) + host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) + host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) + host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) ++host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) + host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) ++host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) + host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) + + obj-dirs += $(host-objdirs) +@@ -156,6 +164,13 @@ quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ + $(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cshobjs) + ++# Compile .c file, create position independent .o file ++# host-cxxshobjs -> .o ++quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ ++ cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< ++$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE ++ $(call if_changed_dep,host-cxxshobjs) ++ + # Link a shared library, based on position independent .o files + # *.o -> .so shared library (host-cshlib) + quiet_cmd_host-cshlib = HOSTLLD -shared $@ +@@ -165,6 +180,15 @@ quiet_cmd_host-cshlib = HOSTLLD -shared $@ + $(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE + $(call if_changed,host-cshlib) + ++# Link a shared library, based on position independent .o files ++# *.o -> .so shared library (host-cxxshlib) ++quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ ++ cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \ ++ $(addprefix $(obj)/,$($(@F:.so=-objs))) \ ++ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) ++$(host-cxxshlib): $(obj)/%: $(host-cxxshobjs) FORCE ++ $(call if_changed,host-cxxshlib) ++ + targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ +- $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) ++ $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index 6bf21f8..c0546b3 100644 @@ -104408,12 +104567,27 @@ index 6bf21f8..c0546b3 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..8729101 +index 0000000..5a412da --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,2 @@ +@@ -0,0 +1,17 @@ +#!/bin/sh -+echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" ++plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++#include "gcc-plugin.h" ++#include "tree.h" ++#include "tm.h" ++#include "rtl.h" ++#ifdef ENABLE_BUILD_WITH_CXX ++#warning $2 ++#else ++#warning $1 ++#endif ++EOF` ++if [ $? -eq 0 ] ++then ++ [[ "$plugincc" =~ "$1" ]] && echo $1 ++ [[ "$plugincc" =~ "$2" ]] && echo $2 ++fi diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c index 62a9025..65b82ad 100644 --- a/scripts/mod/file2alias.c @@ -106609,28 +106783,33 @@ index 79633ea..9732e90 100644 } diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..ca64170 +index 0000000..991f33b --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,26 @@ +@@ -0,0 +1,31 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) +GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + ++ifeq ($(PLUGINCC),$(HOSTCC)) ++HOSTLIBS := hostlibs +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb -+CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer ++else ++HOSTLIBS := hostcxxlibs ++HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter ++endif + -+hostlibs-y := constify_plugin.so -+hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so -+hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so -+hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so -+hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so -+hostlibs-y += colorize_plugin.so -+hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so ++$(HOSTLIBS)-y := constify_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so ++$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so ++$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so ++$(HOSTLIBS)-y += colorize_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so + -+always := $(hostlibs-y) ++always := $($(HOSTLIBS)-y) + +constify_plugin-objs := constify_plugin.o +stackleak_plugin-objs := stackleak_plugin.o @@ -106818,10 +106997,10 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c new file mode 100644 -index 0000000..ee950d0 +index 0000000..7a5e311 --- /dev/null +++ b/tools/gcc/colorize_plugin.c -@@ -0,0 +1,147 @@ +@@ -0,0 +1,148 @@ +/* + * Copyright 2012 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -106853,6 +107032,7 @@ index 0000000..ee950d0 + +static struct plugin_info colorize_plugin_info = { + .version = "201203092200", ++ .help = NULL, +}; + +#define GREEN "\033[32m\033[2m" @@ -121183,10 +121363,10 @@ index 0000000..604f3f0 +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..9ad0f39 +index 0000000..273e66a --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1221 @@ +@@ -0,0 +1,1203 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -121199,7 +121379,7 @@ index 0000000..9ad0f39 + * The recomputed argument is checked against TYPE_MAX and an event is logged on overflow and the triggering process is killed. + * + * Usage: -+ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c ++ * $ gcc -I`gcc -print-file-name=plugin`/include/c-family -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -ggdb -Wall -W -Wno-missing-field-initializers -o size_overflow_plugin.so size_overflow_plugin.c + * $ gcc -fplugin=size_overflow_plugin.so test.c -O2 + */ + @@ -121253,8 +121433,8 @@ index 0000000..9ad0f39 +static unsigned int handle_function(void); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120612beta", -+ .help = "no-size_overflow\tturn off size overflow checking\n", ++ .version = "20120617beta", ++ .help = "no-size-overflow\tturn off size overflow checking\n", +}; + +static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) @@ -121279,6 +121459,9 @@ index 0000000..9ad0f39 + .type_required = true, + .function_type_required = true, + .handler = handle_size_overflow_attribute ++#if BUILDING_GCC_VERSION >= 4007 ++ .affects_type_identity = false ++#endif +}; + +static void register_attributes(void __unused *event_data, void __unused *data) @@ -121539,11 +121722,17 @@ index 0000000..9ad0f39 + +static tree cast_a_tree(tree type, tree var) +{ ++ gcc_assert(type != NULL_TREE && var != NULL_TREE); + gcc_assert(fold_convertible_p(type, var)); + + return fold_convert(type, var); +} + ++static tree signed_cast(tree var) ++{ ++ return cast_a_tree(signed_size_overflow_type, var); ++} ++ +static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) +{ + gimple assign; @@ -121642,7 +121831,7 @@ index 0000000..9ad0f39 + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); ++ rhs1 = signed_cast(rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -121680,13 +121869,6 @@ index 0000000..9ad0f39 + return phi; +} + -+static tree signed_cast_constant(tree node) -+{ -+ gcc_assert(is_gimple_constant(node)); -+ -+ return cast_a_tree(signed_size_overflow_type, node); -+} -+ +static basic_block create_a_first_bb(void) +{ + basic_block first_bb; @@ -121782,7 +121964,7 @@ index 0000000..9ad0f39 + + arg = gimple_phi_arg_def(oldstmt, i); + if (is_gimple_constant(arg)) -+ arg = signed_cast_constant(arg); ++ arg = signed_cast(arg); + lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); + if (lhs == NULL_TREE) + lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); @@ -121815,7 +121997,7 @@ index 0000000..9ad0f39 + tree rhs1 = gimple_assign_rhs1(def_stmt); + + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast(rhs1), NULL_TREE, NULL_TREE); + + gcc_assert(TREE_CODE(rhs1) != COND_EXPR); + switch (TREE_CODE(rhs1)) { @@ -121944,19 +122126,6 @@ index 0000000..9ad0f39 +// print_the_code_insertions(stmt); +} + -+static tree get_type_for_check(tree rhs) -+{ -+ tree def_rhs; -+ gimple def_stmt = get_def_stmt(rhs); -+ -+ if (!gimple_assign_cast_p(def_stmt)) -+ return TREE_TYPE(rhs); -+ def_rhs = gimple_assign_rhs1(def_stmt); -+ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) -+ return TREE_TYPE(def_rhs); -+ return TREE_TYPE(rhs); -+} -+ +static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) +{ + gimple ucast_stmt; @@ -121971,61 +122140,54 @@ index 0000000..9ad0f39 + +static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) +{ -+ tree type_max, type_min, rhs_type; ++ tree type_max, type_min, rhs_type = TREE_TYPE(rhs); + gimple ucast_stmt; + + if (!*potentionally_overflowed) + return; + -+ rhs_type = get_type_for_check(rhs); -+ + if (TYPE_UNSIGNED(rhs_type)) { + ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); + type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); + } else { -+ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ type_max = signed_cast(TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); + -+ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ type_min = signed_cast(TYPE_MIN_VALUE(rhs_type)); + insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); + } +} + -+static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs, tree new_rhs) +{ + gimple assign; + gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ tree new_rhs, origtype = TREE_TYPE(orig_rhs); ++ tree origtype = TREE_TYPE(orig_rhs); + + gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); + -+ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); -+ if (new_rhs == NULL_TREE) -+ return NULL_TREE; -+ + assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); + gsi_insert_before(&gsi, assign, GSI_SAME_STMT); + update_stmt(assign); + return gimple_get_lhs(assign); +} + -+static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree orig_rhs, tree var_rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) +{ -+ tree new_rhs, cast_rhs; ++ tree new_rhs; + + if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); + -+ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); -+ if (new_rhs != NULL_TREE) { -+ gimple_assign_set_rhs(def_stmt, new_rhs); -+ update_stmt(def_stmt); ++ if (var_rhs == NULL_TREE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + -+ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, orig_rhs, var_rhs); ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); + -+ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); -+ } ++ check_size_overflow(def_stmt, var_rhs, orig_rhs, potentionally_overflowed); + return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); +} + @@ -122066,10 +122228,10 @@ index 0000000..9ad0f39 + new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + + if (is_gimple_constant(rhs2)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, new_rhs1, signed_cast(rhs2), &gimple_assign_set_rhs1); + + if (is_gimple_constant(rhs1)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, new_rhs2, signed_cast(rhs1), new_rhs2, &gimple_assign_set_rhs2); + + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); +} @@ -122078,7 +122240,7 @@ index 0000000..9ad0f39 +static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) +{ + if (is_gimple_constant(rhs)) -+ return signed_cast_constant(rhs); ++ return signed_cast(rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; + return expand(visited, potentionally_overflowed, rhs); diff --git a/3.2.20/0000_README b/3.2.20/0000_README index fb633c6..032419d 100644 --- a/3.2.20/0000_README +++ b/3.2.20/0000_README @@ -6,7 +6,7 @@ Patch: 1019_linux-3.2.20.patch From: http://www.kernel.org Desc: Linux 3.2.20 -Patch: 4420_grsecurity-2.9.1-3.2.20-201206160836.patch +Patch: 4420_grsecurity-2.9.1-3.2.20-201206171957.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206160836.patch b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206171957.patch index 5d95369..e582270 100644 --- a/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206160836.patch +++ b/3.2.20/4420_grsecurity-2.9.1-3.2.20-201206171957.patch @@ -203,7 +203,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index c7e9cc4..8448a0f 100644 +index c7e9cc4..7ce8f8d 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -229,12 +229,13 @@ index c7e9cc4..8448a0f 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,55 @@ else +@@ -564,6 +565,56 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS -+ifeq ($(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(CC)"), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN @@ -264,7 +265,7 @@ index c7e9cc4..8448a0f 100644 +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) +GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN ++export PLUGINCC CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -285,7 +286,7 @@ index c7e9cc4..8448a0f 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +758,7 @@ export mod_strip_cmd +@@ -708,7 +759,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -294,7 +295,7 @@ index c7e9cc4..8448a0f 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +982,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +983,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -303,7 +304,7 @@ index c7e9cc4..8448a0f 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +993,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +994,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -312,7 +313,7 @@ index c7e9cc4..8448a0f 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1037,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1038,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -320,7 +321,7 @@ index c7e9cc4..8448a0f 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1142,8 @@ all: modules +@@ -1089,6 +1143,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -329,7 +330,7 @@ index c7e9cc4..8448a0f 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1159,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1160,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -338,7 +339,7 @@ index c7e9cc4..8448a0f 100644 # Target to install modules PHONY += modules_install -@@ -1201,6 +1256,7 @@ distclean: mrproper +@@ -1201,6 +1257,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -346,7 +347,7 @@ index c7e9cc4..8448a0f 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1417,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1418,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -355,7 +356,7 @@ index c7e9cc4..8448a0f 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1545,21 @@ else +@@ -1487,17 +1546,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -381,7 +382,7 @@ index c7e9cc4..8448a0f 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1569,15 @@ endif +@@ -1507,11 +1570,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -12976,7 +12977,7 @@ index 566e803..ce99a01 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..bf1a2cc 100644 +index 1c66d30..d0f1634 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -13007,7 +13008,7 @@ index 1c66d30..bf1a2cc 100644 { unsigned ret; -@@ -32,142 +37,226 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -32,142 +37,238 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -13027,6 +13028,22 @@ index 1c66d30..bf1a2cc 100644 -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); +copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); ++ ++extern void copy_to_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_to_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_to_user() buffer size is not provably correct") ++#endif ++; ++ ++extern void copy_from_user_overflow(void) ++#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS ++ __compiletime_error("copy_from_user() buffer size is not provably correct") ++#else ++ __compiletime_warning("copy_from_user() buffer size is not provably correct") ++#endif ++; static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, @@ -13085,9 +13102,7 @@ index 1c66d30..bf1a2cc 100644 +#endif + + if (unlikely(sz != -1 && sz < size)) { -+#ifdef CONFIG_DEBUG_VM -+ WARN(1, "Buffer overflow detected!\n"); -+#endif ++ copy_from_user_overflow(); + return size; + } + @@ -13173,9 +13188,7 @@ index 1c66d30..bf1a2cc 100644 +#endif + + if (unlikely(sz != -1 && sz < size)) { -+#ifdef CONFIG_DEBUG_VM -+ WARN(1, "Buffer overflow detected!\n"); -+#endif ++ copy_to_user_overflow(); + return size; + } + @@ -13282,7 +13295,7 @@ index 1c66d30..bf1a2cc 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +265,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -176,7 +277,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -13291,7 +13304,7 @@ index 1c66d30..bf1a2cc 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +275,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -186,7 +287,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -13300,7 +13313,7 @@ index 1c66d30..bf1a2cc 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +284,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +296,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -13309,7 +13322,7 @@ index 1c66d30..bf1a2cc 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,8 +292,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,8 +304,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -13328,7 +13341,7 @@ index 1c66d30..bf1a2cc 100644 } } -@@ -215,39 +312,76 @@ __strncpy_from_user(char *dst, const char __user *src, long count); +@@ -215,39 +324,76 @@ __strncpy_from_user(char *dst, const char __user *src, long count); __must_check long strnlen_user(const char __user *str, long n); __must_check long __strnlen_user(const char __user *str, long n); __must_check long strlen_user(const char __user *str); @@ -23508,7 +23521,7 @@ index e218d5d..a99a1eb 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..8633ad8 100644 +index b7c2849..ca4b1cb 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -42,6 +42,12 @@ long @@ -23572,6 +23585,22 @@ index b7c2849..8633ad8 100644 { char c; unsigned zero_len; +@@ -181,3 +201,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) + break; + return len; + } ++ ++void copy_from_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} ++EXPORT_SYMBOL(copy_to_user_overflow); diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c index d0474ad..36e9257 100644 --- a/arch/x86/mm/extable.c @@ -79152,7 +79181,7 @@ index 0174034..65eaf78 100644 } diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index d2b366c..51ff91ebc 100644 +index d2b366c..2d5a6f8 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -109,7 +109,7 @@ endif @@ -79160,7 +79189,7 @@ index d2b366c..51ff91ebc 100644 # Do not include host rules unless needed -ifneq ($(hostprogs-y)$(hostprogs-m),) -+ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m),) ++ifneq ($(hostprogs-y)$(hostprogs-m)$(hostlibs-y)$(hostlibs-m)$(hostcxxlibs-y)$(hostcxxlibs-m),) include scripts/Makefile.host endif @@ -79221,24 +79250,75 @@ index a57f5bd..d3bae5e 100644 echo "\#include <asm-generic/$$F>" > $(install)/$$F; \ done; \ diff --git a/scripts/Makefile.host b/scripts/Makefile.host -index 1ac414f..a1c1451 100644 +index 1ac414f..38575f7 100644 --- a/scripts/Makefile.host +++ b/scripts/Makefile.host -@@ -31,6 +31,7 @@ +@@ -31,6 +31,8 @@ # Note: Shared libraries consisting of C++ files are not supported __hostprogs := $(sort $(hostprogs-y) $(hostprogs-m)) +__hostlibs := $(sort $(hostlibs-y) $(hostlibs-m)) ++__hostcxxlibs := $(sort $(hostcxxlibs-y) $(hostcxxlibs-m)) # C code # Executables compiled from a single .c file -@@ -54,6 +55,7 @@ host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) +@@ -54,11 +56,15 @@ host-cxxobjs := $(sort $(foreach m,$(host-cxxmulti),$($(m)-cxxobjs))) # Shared libaries (only .c supported) # Shared libraries (.so) - all .so files referenced in "xxx-objs" host-cshlib := $(sort $(filter %.so, $(host-cobjs))) +host-cshlib += $(sort $(filter %.so, $(__hostlibs))) ++host-cxxshlib := $(sort $(filter %.so, $(__hostcxxlibs))) # Remove .so files from "xxx-objs" host-cobjs := $(filter-out %.so,$(host-cobjs)) ++host-cxxobjs := $(filter-out %.so,$(host-cxxobjs)) + +-#Object (.o) files used by the shared libaries ++# Object (.o) files used by the shared libaries + host-cshobjs := $(sort $(foreach m,$(host-cshlib),$($(m:.so=-objs)))) ++host-cxxshobjs := $(sort $(foreach m,$(host-cxxshlib),$($(m:.so=-objs)))) + + # output directory for programs/.o files + # hostprogs-y := tools/build may have been specified. Retrieve directory +@@ -82,7 +88,9 @@ host-cobjs := $(addprefix $(obj)/,$(host-cobjs)) + host-cxxmulti := $(addprefix $(obj)/,$(host-cxxmulti)) + host-cxxobjs := $(addprefix $(obj)/,$(host-cxxobjs)) + host-cshlib := $(addprefix $(obj)/,$(host-cshlib)) ++host-cxxshlib := $(addprefix $(obj)/,$(host-cxxshlib)) + host-cshobjs := $(addprefix $(obj)/,$(host-cshobjs)) ++host-cxxshobjs := $(addprefix $(obj)/,$(host-cxxshobjs)) + host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) + + obj-dirs += $(host-objdirs) +@@ -156,6 +164,13 @@ quiet_cmd_host-cshobjs = HOSTCC -fPIC $@ + $(host-cshobjs): $(obj)/%.o: $(src)/%.c FORCE + $(call if_changed_dep,host-cshobjs) + ++# Compile .c file, create position independent .o file ++# host-cxxshobjs -> .o ++quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ ++ cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< ++$(host-cxxshobjs): $(obj)/%.o: $(src)/%.c FORCE ++ $(call if_changed_dep,host-cxxshobjs) ++ + # Link a shared library, based on position independent .o files + # *.o -> .so shared library (host-cshlib) + quiet_cmd_host-cshlib = HOSTLLD -shared $@ +@@ -165,6 +180,15 @@ quiet_cmd_host-cshlib = HOSTLLD -shared $@ + $(host-cshlib): $(obj)/%: $(host-cshobjs) FORCE + $(call if_changed,host-cshlib) + ++# Link a shared library, based on position independent .o files ++# *.o -> .so shared library (host-cxxshlib) ++quiet_cmd_host-cxxshlib = HOSTLLD -shared $@ ++ cmd_host-cxxshlib = $(HOSTCXX) $(HOSTLDFLAGS) -shared -o $@ \ ++ $(addprefix $(obj)/,$($(@F:.so=-objs))) \ ++ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) ++$(host-cxxshlib): $(obj)/%: $(host-cxxshobjs) FORCE ++ $(call if_changed,host-cxxshlib) ++ + targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ +- $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) ++ $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c index cb1f50c..cef2a7c 100644 @@ -79289,12 +79369,27 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..8729101 +index 0000000..5a412da --- /dev/null +++ b/scripts/gcc-plugin.sh -@@ -0,0 +1,2 @@ +@@ -0,0 +1,17 @@ +#!/bin/sh -+echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" ++plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++#include "gcc-plugin.h" ++#include "tree.h" ++#include "tm.h" ++#include "rtl.h" ++#ifdef ENABLE_BUILD_WITH_CXX ++#warning $2 ++#else ++#warning $1 ++#endif ++EOF` ++if [ $? -eq 0 ] ++then ++ [[ "$plugincc" =~ "$1" ]] && echo $1 ++ [[ "$plugincc" =~ "$2" ]] && echo $2 ++fi diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c index d1d0ae8..6b73b2a 100644 --- a/scripts/mod/file2alias.c @@ -81096,28 +81191,33 @@ index a39edcc..1014050 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..ca64170 +index 0000000..991f33b --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,26 @@ +@@ -0,0 +1,31 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) +GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + ++ifeq ($(PLUGINCC),$(HOSTCC)) ++HOSTLIBS := hostlibs +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb -+CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer ++else ++HOSTLIBS := hostcxxlibs ++HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter ++endif + -+hostlibs-y := constify_plugin.so -+hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so -+hostlibs-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so -+hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so -+hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so -+hostlibs-y += colorize_plugin.so -+hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so ++$(HOSTLIBS)-y := constify_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so ++$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so ++$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so ++$(HOSTLIBS)-y += colorize_plugin.so ++$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so + -+always := $(hostlibs-y) ++always := $($(HOSTLIBS)-y) + +constify_plugin-objs := constify_plugin.o +stackleak_plugin-objs := stackleak_plugin.o @@ -81305,10 +81405,10 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c new file mode 100644 -index 0000000..ee950d0 +index 0000000..7a5e311 --- /dev/null +++ b/tools/gcc/colorize_plugin.c -@@ -0,0 +1,147 @@ +@@ -0,0 +1,148 @@ +/* + * Copyright 2012 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -81340,6 +81440,7 @@ index 0000000..ee950d0 + +static struct plugin_info colorize_plugin_info = { + .version = "201203092200", ++ .help = NULL, +}; + +#define GREEN "\033[32m\033[2m" @@ -99089,10 +99190,10 @@ index 0000000..cd8690a +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..9ad0f39 +index 0000000..273e66a --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1221 @@ +@@ -0,0 +1,1203 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -99105,7 +99206,7 @@ index 0000000..9ad0f39 + * The recomputed argument is checked against TYPE_MAX and an event is logged on overflow and the triggering process is killed. + * + * Usage: -+ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c ++ * $ gcc -I`gcc -print-file-name=plugin`/include/c-family -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -ggdb -Wall -W -Wno-missing-field-initializers -o size_overflow_plugin.so size_overflow_plugin.c + * $ gcc -fplugin=size_overflow_plugin.so test.c -O2 + */ + @@ -99159,8 +99260,8 @@ index 0000000..9ad0f39 +static unsigned int handle_function(void); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120612beta", -+ .help = "no-size_overflow\tturn off size overflow checking\n", ++ .version = "20120617beta", ++ .help = "no-size-overflow\tturn off size overflow checking\n", +}; + +static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) @@ -99185,6 +99286,9 @@ index 0000000..9ad0f39 + .type_required = true, + .function_type_required = true, + .handler = handle_size_overflow_attribute ++#if BUILDING_GCC_VERSION >= 4007 ++ .affects_type_identity = false ++#endif +}; + +static void register_attributes(void __unused *event_data, void __unused *data) @@ -99445,11 +99549,17 @@ index 0000000..9ad0f39 + +static tree cast_a_tree(tree type, tree var) +{ ++ gcc_assert(type != NULL_TREE && var != NULL_TREE); + gcc_assert(fold_convertible_p(type, var)); + + return fold_convert(type, var); +} + ++static tree signed_cast(tree var) ++{ ++ return cast_a_tree(signed_size_overflow_type, var); ++} ++ +static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) +{ + gimple assign; @@ -99548,7 +99658,7 @@ index 0000000..9ad0f39 + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); ++ rhs1 = signed_cast(rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -99586,13 +99696,6 @@ index 0000000..9ad0f39 + return phi; +} + -+static tree signed_cast_constant(tree node) -+{ -+ gcc_assert(is_gimple_constant(node)); -+ -+ return cast_a_tree(signed_size_overflow_type, node); -+} -+ +static basic_block create_a_first_bb(void) +{ + basic_block first_bb; @@ -99688,7 +99791,7 @@ index 0000000..9ad0f39 + + arg = gimple_phi_arg_def(oldstmt, i); + if (is_gimple_constant(arg)) -+ arg = signed_cast_constant(arg); ++ arg = signed_cast(arg); + lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); + if (lhs == NULL_TREE) + lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); @@ -99721,7 +99824,7 @@ index 0000000..9ad0f39 + tree rhs1 = gimple_assign_rhs1(def_stmt); + + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast(rhs1), NULL_TREE, NULL_TREE); + + gcc_assert(TREE_CODE(rhs1) != COND_EXPR); + switch (TREE_CODE(rhs1)) { @@ -99850,19 +99953,6 @@ index 0000000..9ad0f39 +// print_the_code_insertions(stmt); +} + -+static tree get_type_for_check(tree rhs) -+{ -+ tree def_rhs; -+ gimple def_stmt = get_def_stmt(rhs); -+ -+ if (!gimple_assign_cast_p(def_stmt)) -+ return TREE_TYPE(rhs); -+ def_rhs = gimple_assign_rhs1(def_stmt); -+ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) -+ return TREE_TYPE(def_rhs); -+ return TREE_TYPE(rhs); -+} -+ +static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) +{ + gimple ucast_stmt; @@ -99877,61 +99967,54 @@ index 0000000..9ad0f39 + +static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) +{ -+ tree type_max, type_min, rhs_type; ++ tree type_max, type_min, rhs_type = TREE_TYPE(rhs); + gimple ucast_stmt; + + if (!*potentionally_overflowed) + return; + -+ rhs_type = get_type_for_check(rhs); -+ + if (TYPE_UNSIGNED(rhs_type)) { + ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); + type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); + } else { -+ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ type_max = signed_cast(TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); + -+ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ type_min = signed_cast(TYPE_MIN_VALUE(rhs_type)); + insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); + } +} + -+static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs, tree new_rhs) +{ + gimple assign; + gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ tree new_rhs, origtype = TREE_TYPE(orig_rhs); ++ tree origtype = TREE_TYPE(orig_rhs); + + gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); + -+ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); -+ if (new_rhs == NULL_TREE) -+ return NULL_TREE; -+ + assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); + gsi_insert_before(&gsi, assign, GSI_SAME_STMT); + update_stmt(assign); + return gimple_get_lhs(assign); +} + -+static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree orig_rhs, tree var_rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) +{ -+ tree new_rhs, cast_rhs; ++ tree new_rhs; + + if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); + -+ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); -+ if (new_rhs != NULL_TREE) { -+ gimple_assign_set_rhs(def_stmt, new_rhs); -+ update_stmt(def_stmt); ++ if (var_rhs == NULL_TREE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + -+ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, orig_rhs, var_rhs); ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); + -+ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); -+ } ++ check_size_overflow(def_stmt, var_rhs, orig_rhs, potentionally_overflowed); + return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); +} + @@ -99972,10 +100055,10 @@ index 0000000..9ad0f39 + new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + + if (is_gimple_constant(rhs2)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, new_rhs1, signed_cast(rhs2), &gimple_assign_set_rhs1); + + if (is_gimple_constant(rhs1)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, new_rhs2, signed_cast(rhs1), new_rhs2, &gimple_assign_set_rhs2); + + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); +} @@ -99984,7 +100067,7 @@ index 0000000..9ad0f39 +static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) +{ + if (is_gimple_constant(rhs)) -+ return signed_cast_constant(rhs); ++ return signed_cast(rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; + return expand(visited, potentionally_overflowed, rhs); diff --git a/3.4.2/0000_README b/3.4.3/0000_README index e8b7a86..510fb5d 100644 --- a/3.4.2/0000_README +++ b/3.4.3/0000_README @@ -2,7 +2,11 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.4.2-201206160836.patch +Patch: 1002_linux-3.4.3.patch +From: http://www.kernel.org +Desc: Linux 3.4.3 + +Patch: 4420_grsecurity-2.9.1-3.4.3-201206171836.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.4.3/1002_linux-3.4.3.patch b/3.4.3/1002_linux-3.4.3.patch new file mode 100644 index 0000000..2c6ffa6 --- /dev/null +++ b/3.4.3/1002_linux-3.4.3.patch @@ -0,0 +1,1622 @@ +diff --git a/Makefile b/Makefile +index 901a955..a0804c6 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 4 +-SUBLEVEL = 2 ++SUBLEVEL = 3 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c +index 0b6d796..2e3200c 100644 +--- a/arch/powerpc/kernel/module_32.c ++++ b/arch/powerpc/kernel/module_32.c +@@ -176,8 +176,8 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr, + + static inline int entry_matches(struct ppc_plt_entry *entry, Elf32_Addr val) + { +- if (entry->jump[0] == 0x3d600000 + ((val + 0x8000) >> 16) +- && entry->jump[1] == 0x396b0000 + (val & 0xffff)) ++ if (entry->jump[0] == 0x3d800000 + ((val + 0x8000) >> 16) ++ && entry->jump[1] == 0x398c0000 + (val & 0xffff)) + return 1; + return 0; + } +@@ -204,10 +204,9 @@ static uint32_t do_plt_call(void *location, + entry++; + } + +- /* Stolen from Paul Mackerras as well... */ +- entry->jump[0] = 0x3d600000+((val+0x8000)>>16); /* lis r11,sym@ha */ +- entry->jump[1] = 0x396b0000 + (val&0xffff); /* addi r11,r11,sym@l*/ +- entry->jump[2] = 0x7d6903a6; /* mtctr r11 */ ++ entry->jump[0] = 0x3d800000+((val+0x8000)>>16); /* lis r12,sym@ha */ ++ entry->jump[1] = 0x398c0000 + (val&0xffff); /* addi r12,r12,sym@l*/ ++ entry->jump[2] = 0x7d8903a6; /* mtctr r12 */ + entry->jump[3] = 0x4e800420; /* bctr */ + + DEBUGP("Initialized plt for 0x%x at %p\n", val, entry); +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +index 2c42cd7..730e69c 100644 +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -474,6 +474,7 @@ void timer_interrupt(struct pt_regs * regs) + struct pt_regs *old_regs; + u64 *next_tb = &__get_cpu_var(decrementers_next_tb); + struct clock_event_device *evt = &__get_cpu_var(decrementers); ++ u64 now; + + /* Ensure a positive value is written to the decrementer, or else + * some CPUs will continue to take decrementer exceptions. +@@ -508,9 +509,16 @@ void timer_interrupt(struct pt_regs * regs) + irq_work_run(); + } + +- *next_tb = ~(u64)0; +- if (evt->event_handler) +- evt->event_handler(evt); ++ now = get_tb_or_rtc(); ++ if (now >= *next_tb) { ++ *next_tb = ~(u64)0; ++ if (evt->event_handler) ++ evt->event_handler(evt); ++ } else { ++ now = *next_tb - now; ++ if (now <= DECREMENTER_MAX) ++ set_dec((int)now); ++ } + + #ifdef CONFIG_PPC64 + /* collect purr register values often, for accurate calculations */ +diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S +index be6d9e3..3470624 100644 +--- a/arch/x86/crypto/aesni-intel_asm.S ++++ b/arch/x86/crypto/aesni-intel_asm.S +@@ -2460,10 +2460,12 @@ ENTRY(aesni_cbc_dec) + pxor IN3, STATE4 + movaps IN4, IV + #else +- pxor (INP), STATE2 +- pxor 0x10(INP), STATE3 + pxor IN1, STATE4 + movaps IN2, IV ++ movups (INP), IN1 ++ pxor IN1, STATE2 ++ movups 0x10(INP), IN2 ++ pxor IN2, STATE3 + #endif + movups STATE1, (OUTP) + movups STATE2, 0x10(OUTP) +diff --git a/arch/x86/include/asm/uv/uv_bau.h b/arch/x86/include/asm/uv/uv_bau.h +index becf47b..6149b47 100644 +--- a/arch/x86/include/asm/uv/uv_bau.h ++++ b/arch/x86/include/asm/uv/uv_bau.h +@@ -149,7 +149,6 @@ + /* 4 bits of software ack period */ + #define UV2_ACK_MASK 0x7UL + #define UV2_ACK_UNITS_SHFT 3 +-#define UV2_LEG_SHFT UV2H_LB_BAU_MISC_CONTROL_USE_LEGACY_DESCRIPTOR_FORMATS_SHFT + #define UV2_EXT_SHFT UV2H_LB_BAU_MISC_CONTROL_ENABLE_EXTENDED_SB_STATUS_SHFT + + /* +diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c +index 99b5717..2c1d178 100644 +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -51,6 +51,7 @@ struct threshold_block { + unsigned int cpu; + u32 address; + u16 interrupt_enable; ++ bool interrupt_capable; + u16 threshold_limit; + struct kobject kobj; + struct list_head miscj; +@@ -83,6 +84,21 @@ struct thresh_restart { + u16 old_limit; + }; + ++static bool lvt_interrupt_supported(unsigned int bank, u32 msr_high_bits) ++{ ++ /* ++ * bank 4 supports APIC LVT interrupts implicitly since forever. ++ */ ++ if (bank == 4) ++ return true; ++ ++ /* ++ * IntP: interrupt present; if this bit is set, the thresholding ++ * bank can generate APIC LVT interrupts ++ */ ++ return msr_high_bits & BIT(28); ++} ++ + static int lvt_off_valid(struct threshold_block *b, int apic, u32 lo, u32 hi) + { + int msr = (hi & MASK_LVTOFF_HI) >> 20; +@@ -104,8 +120,10 @@ static int lvt_off_valid(struct threshold_block *b, int apic, u32 lo, u32 hi) + return 1; + }; + +-/* must be called with correct cpu affinity */ +-/* Called via smp_call_function_single() */ ++/* ++ * Called via smp_call_function_single(), must be called with correct ++ * cpu affinity. ++ */ + static void threshold_restart_bank(void *_tr) + { + struct thresh_restart *tr = _tr; +@@ -128,6 +146,12 @@ static void threshold_restart_bank(void *_tr) + (new_count & THRESHOLD_MAX); + } + ++ /* clear IntType */ ++ hi &= ~MASK_INT_TYPE_HI; ++ ++ if (!tr->b->interrupt_capable) ++ goto done; ++ + if (tr->set_lvt_off) { + if (lvt_off_valid(tr->b, tr->lvt_off, lo, hi)) { + /* set new lvt offset */ +@@ -136,9 +160,10 @@ static void threshold_restart_bank(void *_tr) + } + } + +- tr->b->interrupt_enable ? +- (hi = (hi & ~MASK_INT_TYPE_HI) | INT_TYPE_APIC) : +- (hi &= ~MASK_INT_TYPE_HI); ++ if (tr->b->interrupt_enable) ++ hi |= INT_TYPE_APIC; ++ ++ done: + + hi |= MASK_COUNT_EN_HI; + wrmsr(tr->b->address, lo, hi); +@@ -202,14 +227,17 @@ void mce_amd_feature_init(struct cpuinfo_x86 *c) + if (shared_bank[bank] && c->cpu_core_id) + break; + +- offset = setup_APIC_mce(offset, +- (high & MASK_LVTOFF_HI) >> 20); +- + memset(&b, 0, sizeof(b)); +- b.cpu = cpu; +- b.bank = bank; +- b.block = block; +- b.address = address; ++ b.cpu = cpu; ++ b.bank = bank; ++ b.block = block; ++ b.address = address; ++ b.interrupt_capable = lvt_interrupt_supported(bank, high); ++ ++ if (b.interrupt_capable) { ++ int new = (high & MASK_LVTOFF_HI) >> 20; ++ offset = setup_APIC_mce(offset, new); ++ } + + mce_threshold_block_init(&b, offset); + mce_threshold_vector = amd_threshold_interrupt; +@@ -309,6 +337,9 @@ store_interrupt_enable(struct threshold_block *b, const char *buf, size_t size) + struct thresh_restart tr; + unsigned long new; + ++ if (!b->interrupt_capable) ++ return -EINVAL; ++ + if (strict_strtoul(buf, 0, &new) < 0) + return -EINVAL; + +@@ -467,6 +498,7 @@ static __cpuinit int allocate_threshold_blocks(unsigned int cpu, + b->cpu = cpu; + b->address = address; + b->interrupt_enable = 0; ++ b->interrupt_capable = lvt_interrupt_supported(bank, high); + b->threshold_limit = THRESHOLD_MAX; + + INIT_LIST_HEAD(&b->miscj); +diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c +index 3ae0e61..59880af 100644 +--- a/arch/x86/platform/uv/tlb_uv.c ++++ b/arch/x86/platform/uv/tlb_uv.c +@@ -1295,7 +1295,6 @@ static void __init enable_timeouts(void) + */ + mmr_image |= (1L << SOFTACK_MSHIFT); + if (is_uv2_hub()) { +- mmr_image &= ~(1L << UV2_LEG_SHFT); + mmr_image |= (1L << UV2_EXT_SHFT); + } + write_mmr_misc_control(pnode, mmr_image); +diff --git a/drivers/acpi/video.c b/drivers/acpi/video.c +index 9577b6f..66e8f73 100644 +--- a/drivers/acpi/video.c ++++ b/drivers/acpi/video.c +@@ -1745,6 +1745,7 @@ static int acpi_video_bus_remove(struct acpi_device *device, int type) + + static int __init intel_opregion_present(void) + { ++ int i915 = 0; + #if defined(CONFIG_DRM_I915) || defined(CONFIG_DRM_I915_MODULE) + struct pci_dev *dev = NULL; + u32 address; +@@ -1757,10 +1758,10 @@ static int __init intel_opregion_present(void) + pci_read_config_dword(dev, 0xfc, &address); + if (!address) + continue; +- return 1; ++ i915 = 1; + } + #endif +- return 0; ++ return i915; + } + + int acpi_video_register(void) +diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c +index 7857e8f..3c809bf 100644 +--- a/drivers/ata/ata_piix.c ++++ b/drivers/ata/ata_piix.c +@@ -1554,6 +1554,39 @@ static bool piix_broken_system_poweroff(struct pci_dev *pdev) + return false; + } + ++static int prefer_ms_hyperv = 1; ++module_param(prefer_ms_hyperv, int, 0); ++ ++static void piix_ignore_devices_quirk(struct ata_host *host) ++{ ++#if IS_ENABLED(CONFIG_HYPERV_STORAGE) ++ static const struct dmi_system_id ignore_hyperv[] = { ++ { ++ /* On Hyper-V hypervisors the disks are exposed on ++ * both the emulated SATA controller and on the ++ * paravirtualised drivers. The CD/DVD devices ++ * are only exposed on the emulated controller. ++ * Request we ignore ATA devices on this host. ++ */ ++ .ident = "Hyper-V Virtual Machine", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, ++ "Microsoft Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Virtual Machine"), ++ }, ++ }, ++ { } /* terminate list */ ++ }; ++ const struct dmi_system_id *dmi = dmi_first_match(ignore_hyperv); ++ ++ if (dmi && prefer_ms_hyperv) { ++ host->flags |= ATA_HOST_IGNORE_ATA; ++ dev_info(host->dev, "%s detected, ATA device ignore set\n", ++ dmi->ident); ++ } ++#endif ++} ++ + /** + * piix_init_one - Register PIIX ATA PCI device with kernel services + * @pdev: PCI device to register +@@ -1669,6 +1702,9 @@ static int __devinit piix_init_one(struct pci_dev *pdev, + } + host->flags |= ATA_HOST_PARALLEL_SCAN; + ++ /* Allow hosts to specify device types to ignore when scanning. */ ++ piix_ignore_devices_quirk(host); ++ + pci_set_master(pdev); + return ata_pci_sff_activate_host(host, ata_bmdma_interrupt, sht); + } +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index 23763a1..d31ee55 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -1973,6 +1973,12 @@ retry: + if (class == ATA_DEV_ATA) { + if (!ata_id_is_ata(id) && !ata_id_is_cfa(id)) + goto err_out; ++ if (ap->host->flags & ATA_HOST_IGNORE_ATA && ++ ata_id_is_ata(id)) { ++ ata_dev_dbg(dev, ++ "host indicates ignore ATA devices, ignored\n"); ++ return -ENOENT; ++ } + } else { + if (ata_id_is_ata(id)) + goto err_out; +diff --git a/drivers/bcma/driver_chipcommon_pmu.c b/drivers/bcma/driver_chipcommon_pmu.c +index a058842..61ce405 100644 +--- a/drivers/bcma/driver_chipcommon_pmu.c ++++ b/drivers/bcma/driver_chipcommon_pmu.c +@@ -139,7 +139,9 @@ void bcma_pmu_workarounds(struct bcma_drv_cc *cc) + bcma_chipco_chipctl_maskset(cc, 0, ~0, 0x7); + break; + case 0x4331: +- /* BCM4331 workaround is SPROM-related, we put it in sprom.c */ ++ case 43431: ++ /* Ext PA lines must be enabled for tx on BCM4331 */ ++ bcma_chipco_bcm4331_ext_pa_lines_ctl(cc, true); + break; + case 43224: + if (bus->chipinfo.rev == 0) { +diff --git a/drivers/bcma/sprom.c b/drivers/bcma/sprom.c +index 3e2a600..4588da2 100644 +--- a/drivers/bcma/sprom.c ++++ b/drivers/bcma/sprom.c +@@ -432,13 +432,13 @@ int bcma_sprom_get(struct bcma_bus *bus) + if (!sprom) + return -ENOMEM; + +- if (bus->chipinfo.id == 0x4331) ++ if (bus->chipinfo.id == 0x4331 || bus->chipinfo.id == 43431) + bcma_chipco_bcm4331_ext_pa_lines_ctl(&bus->drv_cc, false); + + pr_debug("SPROM offset 0x%x\n", offset); + bcma_sprom_read(bus, offset, sprom); + +- if (bus->chipinfo.id == 0x4331) ++ if (bus->chipinfo.id == 0x4331 || bus->chipinfo.id == 43431) + bcma_chipco_bcm4331_ext_pa_lines_ctl(&bus->drv_cc, true); + + err = bcma_sprom_valid(sprom); +diff --git a/drivers/char/agp/intel-agp.c b/drivers/char/agp/intel-agp.c +index 962e75d..4293c48 100644 +--- a/drivers/char/agp/intel-agp.c ++++ b/drivers/char/agp/intel-agp.c +@@ -898,6 +898,7 @@ static struct pci_device_id agp_intel_pci_table[] = { + ID(PCI_DEVICE_ID_INTEL_B43_HB), + ID(PCI_DEVICE_ID_INTEL_B43_1_HB), + ID(PCI_DEVICE_ID_INTEL_IRONLAKE_D_HB), ++ ID(PCI_DEVICE_ID_INTEL_IRONLAKE_D2_HB), + ID(PCI_DEVICE_ID_INTEL_IRONLAKE_M_HB), + ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MA_HB), + ID(PCI_DEVICE_ID_INTEL_IRONLAKE_MC2_HB), +diff --git a/drivers/char/agp/intel-agp.h b/drivers/char/agp/intel-agp.h +index 7ea18a5..439d7e7 100644 +--- a/drivers/char/agp/intel-agp.h ++++ b/drivers/char/agp/intel-agp.h +@@ -211,6 +211,7 @@ + #define PCI_DEVICE_ID_INTEL_G41_HB 0x2E30 + #define PCI_DEVICE_ID_INTEL_G41_IG 0x2E32 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_D_HB 0x0040 ++#define PCI_DEVICE_ID_INTEL_IRONLAKE_D2_HB 0x0069 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_D_IG 0x0042 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_M_HB 0x0044 + #define PCI_DEVICE_ID_INTEL_IRONLAKE_MA_HB 0x0062 +diff --git a/drivers/char/hw_random/atmel-rng.c b/drivers/char/hw_random/atmel-rng.c +index f518b99..6289f0e 100644 +--- a/drivers/char/hw_random/atmel-rng.c ++++ b/drivers/char/hw_random/atmel-rng.c +@@ -36,6 +36,13 @@ static int atmel_trng_read(struct hwrng *rng, void *buf, size_t max, + /* data ready? */ + if (readl(trng->base + TRNG_ODATA) & 1) { + *data = readl(trng->base + TRNG_ODATA); ++ /* ++ ensure data ready is only set again AFTER the next data ++ word is ready in case it got set between checking ISR ++ and reading ODATA, so we don't risk re-reading the ++ same word ++ */ ++ readl(trng->base + TRNG_ISR); + return 4; + } else + return 0; +diff --git a/drivers/gpu/drm/gma500/psb_drv.c b/drivers/gpu/drm/gma500/psb_drv.c +index c34adf9..09af2ff 100644 +--- a/drivers/gpu/drm/gma500/psb_drv.c ++++ b/drivers/gpu/drm/gma500/psb_drv.c +@@ -349,7 +349,7 @@ static int psb_driver_load(struct drm_device *dev, unsigned long chipset) + PSB_WSGX32(0x30000000, PSB_CR_BIF_3D_REQ_BASE); + + /* igd_opregion_init(&dev_priv->opregion_dev); */ +- acpi_video_register(); ++/* acpi_video_register(); */ + if (dev_priv->lid_state) + psb_lid_timer_init(dev_priv); + +diff --git a/drivers/gpu/drm/i915/intel_ringbuffer.c b/drivers/gpu/drm/i915/intel_ringbuffer.c +index 62892a8..302d3d5 100644 +--- a/drivers/gpu/drm/i915/intel_ringbuffer.c ++++ b/drivers/gpu/drm/i915/intel_ringbuffer.c +@@ -309,6 +309,7 @@ static int init_ring_common(struct intel_ring_buffer *ring) + ring->head = I915_READ_HEAD(ring); + ring->tail = I915_READ_TAIL(ring) & TAIL_ADDR; + ring->space = ring_space(ring); ++ ring->last_retired_head = -1; + } + + return 0; +@@ -1026,6 +1027,10 @@ int intel_init_ring_buffer(struct drm_device *dev, + if (ret) + goto err_unref; + ++ ret = i915_gem_object_set_to_gtt_domain(obj, true); ++ if (ret) ++ goto err_unpin; ++ + ring->map.size = ring->size; + ring->map.offset = dev->agp->base + obj->gtt_offset; + ring->map.type = 0; +diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c +index fa86035..7b11edb 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_connector.c ++++ b/drivers/gpu/drm/nouveau/nouveau_connector.c +@@ -654,7 +654,13 @@ nouveau_connector_detect_depth(struct drm_connector *connector) + if (nv_connector->edid && connector->display_info.bpc) + return; + +- /* if not, we're out of options unless we're LVDS, default to 8bpc */ ++ /* EDID 1.4 is *supposed* to be supported on eDP, but, Apple... */ ++ if (nv_connector->type == DCB_CONNECTOR_eDP) { ++ connector->display_info.bpc = 6; ++ return; ++ } ++ ++ /* we're out of options unless we're LVDS, default to 8bpc */ + if (nv_encoder->dcb->type != OUTPUT_LVDS) { + connector->display_info.bpc = 8; + return; +diff --git a/drivers/gpu/drm/radeon/evergreen_cs.c b/drivers/gpu/drm/radeon/evergreen_cs.c +index 70089d3..ea69dae 100644 +--- a/drivers/gpu/drm/radeon/evergreen_cs.c ++++ b/drivers/gpu/drm/radeon/evergreen_cs.c +@@ -52,6 +52,7 @@ struct evergreen_cs_track { + u32 cb_color_view[12]; + u32 cb_color_pitch[12]; + u32 cb_color_slice[12]; ++ u32 cb_color_slice_idx[12]; + u32 cb_color_attrib[12]; + u32 cb_color_cmask_slice[8];/* unused */ + u32 cb_color_fmask_slice[8];/* unused */ +@@ -127,12 +128,14 @@ static void evergreen_cs_track_init(struct evergreen_cs_track *track) + track->cb_color_info[i] = 0; + track->cb_color_view[i] = 0xFFFFFFFF; + track->cb_color_pitch[i] = 0; +- track->cb_color_slice[i] = 0; ++ track->cb_color_slice[i] = 0xfffffff; ++ track->cb_color_slice_idx[i] = 0; + } + track->cb_target_mask = 0xFFFFFFFF; + track->cb_shader_mask = 0xFFFFFFFF; + track->cb_dirty = true; + ++ track->db_depth_slice = 0xffffffff; + track->db_depth_view = 0xFFFFC000; + track->db_depth_size = 0xFFFFFFFF; + track->db_depth_control = 0xFFFFFFFF; +@@ -250,10 +253,9 @@ static int evergreen_surface_check_2d(struct radeon_cs_parser *p, + { + struct evergreen_cs_track *track = p->track; + unsigned palign, halign, tileb, slice_pt; ++ unsigned mtile_pr, mtile_ps, mtileb; + + tileb = 64 * surf->bpe * surf->nsamples; +- palign = track->group_size / (8 * surf->bpe * surf->nsamples); +- palign = MAX(8, palign); + slice_pt = 1; + if (tileb > surf->tsplit) { + slice_pt = tileb / surf->tsplit; +@@ -262,7 +264,10 @@ static int evergreen_surface_check_2d(struct radeon_cs_parser *p, + /* macro tile width & height */ + palign = (8 * surf->bankw * track->npipes) * surf->mtilea; + halign = (8 * surf->bankh * surf->nbanks) / surf->mtilea; +- surf->layer_size = surf->nbx * surf->nby * surf->bpe * slice_pt; ++ mtileb = (palign / 8) * (halign / 8) * tileb;; ++ mtile_pr = surf->nbx / palign; ++ mtile_ps = (mtile_pr * surf->nby) / halign; ++ surf->layer_size = mtile_ps * mtileb * slice_pt; + surf->base_align = (palign / 8) * (halign / 8) * tileb; + surf->palign = palign; + surf->halign = halign; +@@ -434,6 +439,39 @@ static int evergreen_cs_track_validate_cb(struct radeon_cs_parser *p, unsigned i + + offset += surf.layer_size * mslice; + if (offset > radeon_bo_size(track->cb_color_bo[id])) { ++ /* old ddx are broken they allocate bo with w*h*bpp but ++ * program slice with ALIGN(h, 8), catch this and patch ++ * command stream. ++ */ ++ if (!surf.mode) { ++ volatile u32 *ib = p->ib->ptr; ++ unsigned long tmp, nby, bsize, size, min = 0; ++ ++ /* find the height the ddx wants */ ++ if (surf.nby > 8) { ++ min = surf.nby - 8; ++ } ++ bsize = radeon_bo_size(track->cb_color_bo[id]); ++ tmp = track->cb_color_bo_offset[id] << 8; ++ for (nby = surf.nby; nby > min; nby--) { ++ size = nby * surf.nbx * surf.bpe * surf.nsamples; ++ if ((tmp + size * mslice) <= bsize) { ++ break; ++ } ++ } ++ if (nby > min) { ++ surf.nby = nby; ++ slice = ((nby * surf.nbx) / 64) - 1; ++ if (!evergreen_surface_check(p, &surf, "cb")) { ++ /* check if this one works */ ++ tmp += surf.layer_size * mslice; ++ if (tmp <= bsize) { ++ ib[track->cb_color_slice_idx[id]] = slice; ++ goto old_ddx_ok; ++ } ++ } ++ } ++ } + dev_warn(p->dev, "%s:%d cb[%d] bo too small (layer size %d, " + "offset %d, max layer %d, bo size %ld, slice %d)\n", + __func__, __LINE__, id, surf.layer_size, +@@ -446,6 +484,7 @@ static int evergreen_cs_track_validate_cb(struct radeon_cs_parser *p, unsigned i + surf.tsplit, surf.mtilea); + return -EINVAL; + } ++old_ddx_ok: + + return 0; + } +@@ -1532,6 +1571,7 @@ static int evergreen_cs_check_reg(struct radeon_cs_parser *p, u32 reg, u32 idx) + case CB_COLOR7_SLICE: + tmp = (reg - CB_COLOR0_SLICE) / 0x3c; + track->cb_color_slice[tmp] = radeon_get_ib_value(p, idx); ++ track->cb_color_slice_idx[tmp] = idx; + track->cb_dirty = true; + break; + case CB_COLOR8_SLICE: +@@ -1540,6 +1580,7 @@ static int evergreen_cs_check_reg(struct radeon_cs_parser *p, u32 reg, u32 idx) + case CB_COLOR11_SLICE: + tmp = ((reg - CB_COLOR8_SLICE) / 0x1c) + 8; + track->cb_color_slice[tmp] = radeon_get_ib_value(p, idx); ++ track->cb_color_slice_idx[tmp] = idx; + track->cb_dirty = true; + break; + case CB_COLOR0_ATTRIB: +diff --git a/drivers/gpu/drm/radeon/radeon_drv.c b/drivers/gpu/drm/radeon/radeon_drv.c +index ef7bb3f..15250fb 100644 +--- a/drivers/gpu/drm/radeon/radeon_drv.c ++++ b/drivers/gpu/drm/radeon/radeon_drv.c +@@ -57,9 +57,10 @@ + * 2.13.0 - virtual memory support, streamout + * 2.14.0 - add evergreen tiling informations + * 2.15.0 - add max_pipes query ++ * 2.16.0 - fix evergreen 2D tiled surface calculation + */ + #define KMS_DRIVER_MAJOR 2 +-#define KMS_DRIVER_MINOR 15 ++#define KMS_DRIVER_MINOR 16 + #define KMS_DRIVER_PATCHLEVEL 0 + int radeon_driver_load_kms(struct drm_device *dev, unsigned long flags); + int radeon_driver_unload_kms(struct drm_device *dev); +diff --git a/drivers/gpu/drm/ttm/ttm_bo.c b/drivers/gpu/drm/ttm/ttm_bo.c +index 1843418..8b73ae8 100644 +--- a/drivers/gpu/drm/ttm/ttm_bo.c ++++ b/drivers/gpu/drm/ttm/ttm_bo.c +@@ -1193,6 +1193,7 @@ int ttm_bo_init(struct ttm_bo_device *bdev, + (*destroy)(bo); + else + kfree(bo); ++ ttm_mem_global_free(mem_glob, acc_size); + return -EINVAL; + } + bo->destroy = destroy; +@@ -1294,22 +1295,14 @@ int ttm_bo_create(struct ttm_bo_device *bdev, + struct ttm_buffer_object **p_bo) + { + struct ttm_buffer_object *bo; +- struct ttm_mem_global *mem_glob = bdev->glob->mem_glob; + size_t acc_size; + int ret; + +- acc_size = ttm_bo_acc_size(bdev, size, sizeof(struct ttm_buffer_object)); +- ret = ttm_mem_global_alloc(mem_glob, acc_size, false, false); +- if (unlikely(ret != 0)) +- return ret; +- + bo = kzalloc(sizeof(*bo), GFP_KERNEL); +- +- if (unlikely(bo == NULL)) { +- ttm_mem_global_free(mem_glob, acc_size); ++ if (unlikely(bo == NULL)) + return -ENOMEM; +- } + ++ acc_size = ttm_bo_acc_size(bdev, size, sizeof(struct ttm_buffer_object)); + ret = ttm_bo_init(bdev, bo, size, type, placement, page_alignment, + buffer_start, interruptible, + persistent_swap_storage, acc_size, NULL); +diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c +index 536bda0..8dc84d6 100644 +--- a/drivers/net/can/c_can/c_can.c ++++ b/drivers/net/can/c_can/c_can.c +@@ -686,7 +686,7 @@ static int c_can_get_berr_counter(const struct net_device *dev, + * + * We iterate from priv->tx_echo to priv->tx_next and check if the + * packet has been transmitted, echo it back to the CAN framework. +- * If we discover a not yet transmitted package, stop looking for more. ++ * If we discover a not yet transmitted packet, stop looking for more. + */ + static void c_can_do_tx(struct net_device *dev) + { +@@ -698,7 +698,7 @@ static void c_can_do_tx(struct net_device *dev) + for (/* nix */; (priv->tx_next - priv->tx_echo) > 0; priv->tx_echo++) { + msg_obj_no = get_tx_echo_msg_obj(priv); + val = c_can_read_reg32(priv, &priv->regs->txrqst1); +- if (!(val & (1 << msg_obj_no))) { ++ if (!(val & (1 << (msg_obj_no - 1)))) { + can_get_echo_skb(dev, + msg_obj_no - C_CAN_MSG_OBJ_TX_FIRST); + stats->tx_bytes += priv->read_reg(priv, +@@ -706,6 +706,8 @@ static void c_can_do_tx(struct net_device *dev) + & IF_MCONT_DLC_MASK; + stats->tx_packets++; + c_can_inval_msg_object(dev, 0, msg_obj_no); ++ } else { ++ break; + } + } + +@@ -950,7 +952,7 @@ static int c_can_poll(struct napi_struct *napi, int quota) + struct net_device *dev = napi->dev; + struct c_can_priv *priv = netdev_priv(dev); + +- irqstatus = priv->read_reg(priv, &priv->regs->interrupt); ++ irqstatus = priv->irqstatus; + if (!irqstatus) + goto end; + +@@ -1028,12 +1030,11 @@ end: + + static irqreturn_t c_can_isr(int irq, void *dev_id) + { +- u16 irqstatus; + struct net_device *dev = (struct net_device *)dev_id; + struct c_can_priv *priv = netdev_priv(dev); + +- irqstatus = priv->read_reg(priv, &priv->regs->interrupt); +- if (!irqstatus) ++ priv->irqstatus = priv->read_reg(priv, &priv->regs->interrupt); ++ if (!priv->irqstatus) + return IRQ_NONE; + + /* disable all interrupts and schedule the NAPI */ +@@ -1063,10 +1064,11 @@ static int c_can_open(struct net_device *dev) + goto exit_irq_fail; + } + ++ napi_enable(&priv->napi); ++ + /* start the c_can controller */ + c_can_start(dev); + +- napi_enable(&priv->napi); + netif_start_queue(dev); + + return 0; +diff --git a/drivers/net/can/c_can/c_can.h b/drivers/net/can/c_can/c_can.h +index 9b7fbef..5f32d34 100644 +--- a/drivers/net/can/c_can/c_can.h ++++ b/drivers/net/can/c_can/c_can.h +@@ -76,6 +76,7 @@ struct c_can_priv { + unsigned int tx_next; + unsigned int tx_echo; + void *priv; /* for board-specific data */ ++ u16 irqstatus; + }; + + struct net_device *alloc_c_can_dev(void); +diff --git a/drivers/net/usb/sierra_net.c b/drivers/net/usb/sierra_net.c +index b59cf20..cc9776c 100644 +--- a/drivers/net/usb/sierra_net.c ++++ b/drivers/net/usb/sierra_net.c +@@ -946,7 +946,7 @@ struct sk_buff *sierra_net_tx_fixup(struct usbnet *dev, struct sk_buff *skb, + } + + static const u8 sierra_net_ifnum_list[] = { 7, 10, 11 }; +-static const struct sierra_net_info_data sierra_net_info_data_68A3 = { ++static const struct sierra_net_info_data sierra_net_info_data_direct_ip = { + .rx_urb_size = 8 * 1024, + .whitelist = { + .infolen = ARRAY_SIZE(sierra_net_ifnum_list), +@@ -954,7 +954,7 @@ static const struct sierra_net_info_data sierra_net_info_data_68A3 = { + } + }; + +-static const struct driver_info sierra_net_info_68A3 = { ++static const struct driver_info sierra_net_info_direct_ip = { + .description = "Sierra Wireless USB-to-WWAN Modem", + .flags = FLAG_WWAN | FLAG_SEND_ZLP, + .bind = sierra_net_bind, +@@ -962,12 +962,18 @@ static const struct driver_info sierra_net_info_68A3 = { + .status = sierra_net_status, + .rx_fixup = sierra_net_rx_fixup, + .tx_fixup = sierra_net_tx_fixup, +- .data = (unsigned long)&sierra_net_info_data_68A3, ++ .data = (unsigned long)&sierra_net_info_data_direct_ip, + }; + + static const struct usb_device_id products[] = { + {USB_DEVICE(0x1199, 0x68A3), /* Sierra Wireless USB-to-WWAN modem */ +- .driver_info = (unsigned long) &sierra_net_info_68A3}, ++ .driver_info = (unsigned long) &sierra_net_info_direct_ip}, ++ {USB_DEVICE(0x0F3D, 0x68A3), /* AT&T Direct IP modem */ ++ .driver_info = (unsigned long) &sierra_net_info_direct_ip}, ++ {USB_DEVICE(0x1199, 0x68AA), /* Sierra Wireless Direct IP LTE modem */ ++ .driver_info = (unsigned long) &sierra_net_info_direct_ip}, ++ {USB_DEVICE(0x0F3D, 0x68AA), /* AT&T Direct IP LTE modem */ ++ .driver_info = (unsigned long) &sierra_net_info_direct_ip}, + + {}, /* last item */ + }; +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c +index c417560..bef3f24 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c +@@ -1222,7 +1222,7 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv, + key_flags |= STA_KEY_MULTICAST_MSK; + + sta_cmd.key.key_flags = key_flags; +- sta_cmd.key.key_offset = WEP_INVALID_OFFSET; ++ sta_cmd.key.key_offset = keyconf->hw_key_idx; + sta_cmd.sta.modify_mask = STA_MODIFY_KEY_MASK; + sta_cmd.mode = STA_CONTROL_MODIFY_MSK; + +diff --git a/drivers/net/wireless/iwlwifi/iwl-mac80211.c b/drivers/net/wireless/iwlwifi/iwl-mac80211.c +index c24a713..1018f9b 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-mac80211.c ++++ b/drivers/net/wireless/iwlwifi/iwl-mac80211.c +@@ -196,6 +196,7 @@ int iwlagn_mac_setup_register(struct iwl_priv *priv, + WIPHY_FLAG_DISABLE_BEACON_HINTS | + WIPHY_FLAG_IBSS_RSN; + ++#ifdef CONFIG_PM_SLEEP + if (priv->fw->img[IWL_UCODE_WOWLAN].sec[0].len && + trans(priv)->ops->wowlan_suspend && + device_can_wakeup(trans(priv)->dev)) { +@@ -214,6 +215,7 @@ int iwlagn_mac_setup_register(struct iwl_priv *priv, + hw->wiphy->wowlan.pattern_max_len = + IWLAGN_WOWLAN_MAX_PATTERN_LEN; + } ++#endif + + if (iwlagn_mod_params.power_save) + hw->wiphy->flags |= WIPHY_FLAG_PS_ON_BY_DEFAULT; +@@ -243,6 +245,7 @@ int iwlagn_mac_setup_register(struct iwl_priv *priv, + ret = ieee80211_register_hw(priv->hw); + if (ret) { + IWL_ERR(priv, "Failed to register hw (error %d)\n", ret); ++ iwl_leds_exit(priv); + return ret; + } + priv->mac80211_registered = 1; +diff --git a/drivers/net/wireless/iwlwifi/iwl-prph.h b/drivers/net/wireless/iwlwifi/iwl-prph.h +index 3b10692..dfd5466 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-prph.h ++++ b/drivers/net/wireless/iwlwifi/iwl-prph.h +@@ -224,6 +224,7 @@ + #define SCD_TXFACT (SCD_BASE + 0x10) + #define SCD_ACTIVE (SCD_BASE + 0x14) + #define SCD_QUEUECHAIN_SEL (SCD_BASE + 0xe8) ++#define SCD_CHAINEXT_EN (SCD_BASE + 0x244) + #define SCD_AGGR_SEL (SCD_BASE + 0x248) + #define SCD_INTERRUPT_MASK (SCD_BASE + 0x108) + +diff --git a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c +index 4d7b30d..66df016 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c ++++ b/drivers/net/wireless/iwlwifi/iwl-trans-pcie.c +@@ -1128,6 +1128,11 @@ static void iwl_tx_start(struct iwl_trans *trans) + iwl_write_prph(trans, SCD_DRAM_BASE_ADDR, + trans_pcie->scd_bc_tbls.dma >> 10); + ++ /* The chain extension of the SCD doesn't work well. This feature is ++ * enabled by default by the HW, so we need to disable it manually. ++ */ ++ iwl_write_prph(trans, SCD_CHAINEXT_EN, 0); ++ + /* Enable DMA channel */ + for (chan = 0; chan < FH_TCSR_CHNL_NUM ; chan++) + iwl_write_direct32(trans, FH_TCSR_CHNL_TX_CONFIG_REG(chan), +diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c +index 001735f..5601302 100644 +--- a/drivers/net/wireless/rt2x00/rt2800usb.c ++++ b/drivers/net/wireless/rt2x00/rt2800usb.c +@@ -922,6 +922,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x1482, 0x3c09) }, + /* AirTies */ + { USB_DEVICE(0x1eda, 0x2012) }, ++ { USB_DEVICE(0x1eda, 0x2210) }, + { USB_DEVICE(0x1eda, 0x2310) }, + /* Allwin */ + { USB_DEVICE(0x8516, 0x2070) }, +@@ -991,6 +992,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + /* DVICO */ + { USB_DEVICE(0x0fe9, 0xb307) }, + /* Edimax */ ++ { USB_DEVICE(0x7392, 0x4085) }, + { USB_DEVICE(0x7392, 0x7711) }, + { USB_DEVICE(0x7392, 0x7717) }, + { USB_DEVICE(0x7392, 0x7718) }, +@@ -1066,6 +1068,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + /* Philips */ + { USB_DEVICE(0x0471, 0x200f) }, + /* Planex */ ++ { USB_DEVICE(0x2019, 0x5201) }, + { USB_DEVICE(0x2019, 0xab25) }, + { USB_DEVICE(0x2019, 0xed06) }, + /* Quanta */ +@@ -1134,6 +1137,10 @@ static struct usb_device_id rt2800usb_device_table[] = { + #ifdef CONFIG_RT2800USB_RT33XX + /* Belkin */ + { USB_DEVICE(0x050d, 0x945b) }, ++ /* Panasonic */ ++ { USB_DEVICE(0x083a, 0xb511) }, ++ /* Philips */ ++ { USB_DEVICE(0x0471, 0x20dd) }, + /* Ralink */ + { USB_DEVICE(0x148f, 0x3370) }, + { USB_DEVICE(0x148f, 0x8070) }, +@@ -1145,6 +1152,8 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x8516, 0x3572) }, + /* Askey */ + { USB_DEVICE(0x1690, 0x0744) }, ++ { USB_DEVICE(0x1690, 0x0761) }, ++ { USB_DEVICE(0x1690, 0x0764) }, + /* Cisco */ + { USB_DEVICE(0x167b, 0x4001) }, + /* EnGenius */ +@@ -1159,20 +1168,25 @@ static struct usb_device_id rt2800usb_device_table[] = { + /* Sitecom */ + { USB_DEVICE(0x0df6, 0x0041) }, + { USB_DEVICE(0x0df6, 0x0062) }, ++ { USB_DEVICE(0x0df6, 0x0065) }, ++ { USB_DEVICE(0x0df6, 0x0066) }, ++ { USB_DEVICE(0x0df6, 0x0068) }, + /* Toshiba */ + { USB_DEVICE(0x0930, 0x0a07) }, + /* Zinwell */ + { USB_DEVICE(0x5a57, 0x0284) }, + #endif + #ifdef CONFIG_RT2800USB_RT53XX +- /* Alpha */ +- { USB_DEVICE(0x2001, 0x3c15) }, +- { USB_DEVICE(0x2001, 0x3c19) }, + /* Arcadyan */ + { USB_DEVICE(0x043e, 0x7a12) }, + /* Azurewave */ + { USB_DEVICE(0x13d3, 0x3329) }, + { USB_DEVICE(0x13d3, 0x3365) }, ++ /* D-Link */ ++ { USB_DEVICE(0x2001, 0x3c15) }, ++ { USB_DEVICE(0x2001, 0x3c19) }, ++ { USB_DEVICE(0x2001, 0x3c1c) }, ++ { USB_DEVICE(0x2001, 0x3c1d) }, + /* LG innotek */ + { USB_DEVICE(0x043e, 0x7a22) }, + /* Panasonic */ +@@ -1224,12 +1238,8 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x07d1, 0x3c0b) }, + { USB_DEVICE(0x07d1, 0x3c17) }, + { USB_DEVICE(0x2001, 0x3c17) }, +- /* Edimax */ +- { USB_DEVICE(0x7392, 0x4085) }, + /* Encore */ + { USB_DEVICE(0x203d, 0x14a1) }, +- /* Fujitsu Stylistic 550 */ +- { USB_DEVICE(0x1690, 0x0761) }, + /* Gemtek */ + { USB_DEVICE(0x15a9, 0x0010) }, + /* Gigabyte */ +@@ -1250,7 +1260,6 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x05a6, 0x0101) }, + { USB_DEVICE(0x1d4d, 0x0010) }, + /* Planex */ +- { USB_DEVICE(0x2019, 0x5201) }, + { USB_DEVICE(0x2019, 0xab24) }, + /* Qcom */ + { USB_DEVICE(0x18e8, 0x6259) }, +diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h +index 471f87c..c264dfa 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00.h ++++ b/drivers/net/wireless/rt2x00/rt2x00.h +@@ -396,8 +396,7 @@ struct rt2x00_intf { + * for hardware which doesn't support hardware + * sequence counting. + */ +- spinlock_t seqlock; +- u16 seqno; ++ atomic_t seqno; + }; + + static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) +diff --git a/drivers/net/wireless/rt2x00/rt2x00mac.c b/drivers/net/wireless/rt2x00/rt2x00mac.c +index 2df2eb6..a8885f0 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00mac.c ++++ b/drivers/net/wireless/rt2x00/rt2x00mac.c +@@ -277,7 +277,6 @@ int rt2x00mac_add_interface(struct ieee80211_hw *hw, + else + rt2x00dev->intf_sta_count++; + +- spin_lock_init(&intf->seqlock); + mutex_init(&intf->beacon_skb_mutex); + intf->beacon = entry; + +diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c +index 9b1b2b7..50f92d5 100644 +--- a/drivers/net/wireless/rt2x00/rt2x00queue.c ++++ b/drivers/net/wireless/rt2x00/rt2x00queue.c +@@ -207,6 +207,7 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, + struct ieee80211_tx_info *tx_info = IEEE80211_SKB_CB(skb); + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; + struct rt2x00_intf *intf = vif_to_intf(tx_info->control.vif); ++ u16 seqno; + + if (!(tx_info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ)) + return; +@@ -227,15 +228,13 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, + * sequence counting per-frame, since those will override the + * sequence counter given by mac80211. + */ +- spin_lock(&intf->seqlock); +- + if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) +- intf->seqno += 0x10; +- hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); +- hdr->seq_ctrl |= cpu_to_le16(intf->seqno); +- +- spin_unlock(&intf->seqlock); ++ seqno = atomic_add_return(0x10, &intf->seqno); ++ else ++ seqno = atomic_read(&intf->seqno); + ++ hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); ++ hdr->seq_ctrl |= cpu_to_le16(seqno); + } + + static void rt2x00queue_create_tx_descriptor_plcp(struct rt2x00_dev *rt2x00dev, +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index 61b16c6..0df0d1f 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -257,10 +257,13 @@ static noinline int cow_file_range_inline(struct btrfs_trans_handle *trans, + ret = insert_inline_extent(trans, root, inode, start, + inline_len, compressed_size, + compress_type, compressed_pages); +- if (ret) { ++ if (ret && ret != -ENOSPC) { + btrfs_abort_transaction(trans, root, ret); + return ret; ++ } else if (ret == -ENOSPC) { ++ return 1; + } ++ + btrfs_delalloc_release_metadata(inode, end + 1 - start); + btrfs_drop_extent_cache(inode, start, aligned_end - 1, 0); + return 0; +diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c +index 4bbd07a..8da837b 100644 +--- a/fs/ext4/balloc.c ++++ b/fs/ext4/balloc.c +@@ -90,8 +90,8 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + * unusual file system layouts. + */ + if (ext4_block_in_group(sb, ext4_block_bitmap(sb, gdp), block_group)) { +- block_cluster = EXT4_B2C(sbi, (start - +- ext4_block_bitmap(sb, gdp))); ++ block_cluster = EXT4_B2C(sbi, ++ ext4_block_bitmap(sb, gdp) - start); + if (block_cluster < num_clusters) + block_cluster = -1; + else if (block_cluster == num_clusters) { +@@ -102,7 +102,7 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + + if (ext4_block_in_group(sb, ext4_inode_bitmap(sb, gdp), block_group)) { + inode_cluster = EXT4_B2C(sbi, +- start - ext4_inode_bitmap(sb, gdp)); ++ ext4_inode_bitmap(sb, gdp) - start); + if (inode_cluster < num_clusters) + inode_cluster = -1; + else if (inode_cluster == num_clusters) { +@@ -114,7 +114,7 @@ unsigned ext4_num_overhead_clusters(struct super_block *sb, + itbl_blk = ext4_inode_table(sb, gdp); + for (i = 0; i < sbi->s_itb_per_group; i++) { + if (ext4_block_in_group(sb, itbl_blk + i, block_group)) { +- c = EXT4_B2C(sbi, start - itbl_blk + i); ++ c = EXT4_B2C(sbi, itbl_blk + i - start); + if ((c < num_clusters) || (c == inode_cluster) || + (c == block_cluster) || (c == itbl_cluster)) + continue; +diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c +index df5ac04..bc43832 100644 +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -863,6 +863,7 @@ int fuse_update_attributes(struct inode *inode, struct kstat *stat, + if (stat) { + generic_fillattr(inode, stat); + stat->mode = fi->orig_i_mode; ++ stat->ino = fi->orig_ino; + } + } + +diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h +index 572cefc..d181926 100644 +--- a/fs/fuse/fuse_i.h ++++ b/fs/fuse/fuse_i.h +@@ -82,6 +82,9 @@ struct fuse_inode { + preserve the original mode */ + umode_t orig_i_mode; + ++ /** 64 bit inode number */ ++ u64 orig_ino; ++ + /** Version of last attribute change */ + u64 attr_version; + +diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c +index 26783eb..a59cf5e 100644 +--- a/fs/fuse/inode.c ++++ b/fs/fuse/inode.c +@@ -91,6 +91,7 @@ static struct inode *fuse_alloc_inode(struct super_block *sb) + fi->nlookup = 0; + fi->attr_version = 0; + fi->writectr = 0; ++ fi->orig_ino = 0; + INIT_LIST_HEAD(&fi->write_files); + INIT_LIST_HEAD(&fi->queued_writes); + INIT_LIST_HEAD(&fi->writepages); +@@ -139,6 +140,18 @@ static int fuse_remount_fs(struct super_block *sb, int *flags, char *data) + return 0; + } + ++/* ++ * ino_t is 32-bits on 32-bit arch. We have to squash the 64-bit value down ++ * so that it will fit. ++ */ ++static ino_t fuse_squash_ino(u64 ino64) ++{ ++ ino_t ino = (ino_t) ino64; ++ if (sizeof(ino_t) < sizeof(u64)) ++ ino ^= ino64 >> (sizeof(u64) - sizeof(ino_t)) * 8; ++ return ino; ++} ++ + void fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, + u64 attr_valid) + { +@@ -148,7 +161,7 @@ void fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, + fi->attr_version = ++fc->attr_version; + fi->i_time = attr_valid; + +- inode->i_ino = attr->ino; ++ inode->i_ino = fuse_squash_ino(attr->ino); + inode->i_mode = (inode->i_mode & S_IFMT) | (attr->mode & 07777); + set_nlink(inode, attr->nlink); + inode->i_uid = attr->uid; +@@ -174,6 +187,8 @@ void fuse_change_attributes_common(struct inode *inode, struct fuse_attr *attr, + fi->orig_i_mode = inode->i_mode; + if (!(fc->flags & FUSE_DEFAULT_PERMISSIONS)) + inode->i_mode &= ~S_ISVTX; ++ ++ fi->orig_ino = attr->ino; + } + + void fuse_change_attributes(struct inode *inode, struct fuse_attr *attr, +diff --git a/include/linux/libata.h b/include/linux/libata.h +index e926df7..6e887c7 100644 +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -247,6 +247,7 @@ enum { + ATA_HOST_SIMPLEX = (1 << 0), /* Host is simplex, one DMA channel per host only */ + ATA_HOST_STARTED = (1 << 1), /* Host started */ + ATA_HOST_PARALLEL_SCAN = (1 << 2), /* Ports on this host can be scanned in parallel */ ++ ATA_HOST_IGNORE_ATA = (1 << 3), /* Ignore ATA devices on this host. */ + + /* bits 24:31 of host->flags are reserved for LLD specific flags */ + +diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h +index ea36486..944bc18 100644 +--- a/include/linux/moduleparam.h ++++ b/include/linux/moduleparam.h +@@ -128,7 +128,7 @@ struct kparam_array + * The ops can have NULL set or get functions. + */ + #define module_param_cb(name, ops, arg, perm) \ +- __module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, 0) ++ __module_param_call(MODULE_PARAM_PREFIX, name, ops, arg, perm, -1) + + /** + * <level>_param_cb - general callback for a module/cmdline parameter +@@ -192,7 +192,7 @@ struct kparam_array + { (void *)set, (void *)get }; \ + __module_param_call(MODULE_PARAM_PREFIX, \ + name, &__param_ops_##name, arg, \ +- (perm) + sizeof(__check_old_set_param(set))*0, 0) ++ (perm) + sizeof(__check_old_set_param(set))*0, -1) + + /* We don't get oldget: it's often a new-style param_get_uint, etc. */ + static inline int +@@ -272,7 +272,7 @@ static inline void __kernel_param_unlock(void) + */ + #define core_param(name, var, type, perm) \ + param_check_##type(name, &(var)); \ +- __module_param_call("", name, ¶m_ops_##type, &var, perm, 0) ++ __module_param_call("", name, ¶m_ops_##type, &var, perm, -1) + #endif /* !MODULE */ + + /** +@@ -290,7 +290,7 @@ static inline void __kernel_param_unlock(void) + = { len, string }; \ + __module_param_call(MODULE_PARAM_PREFIX, name, \ + ¶m_ops_string, \ +- .str = &__param_string_##name, perm, 0); \ ++ .str = &__param_string_##name, perm, -1); \ + __MODULE_PARM_TYPE(name, "string") + + /** +@@ -431,7 +431,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); + __module_param_call(MODULE_PARAM_PREFIX, name, \ + ¶m_array_ops, \ + .arr = &__param_arr_##name, \ +- perm, 0); \ ++ perm, -1); \ + __MODULE_PARM_TYPE(name, "array of " #type) + + extern struct kernel_param_ops param_array_ops; +diff --git a/init/main.c b/init/main.c +index cb54cd3..b08c5f7 100644 +--- a/init/main.c ++++ b/init/main.c +@@ -508,7 +508,7 @@ asmlinkage void __init start_kernel(void) + parse_early_param(); + parse_args("Booting kernel", static_command_line, __start___param, + __stop___param - __start___param, +- 0, 0, &unknown_bootoption); ++ -1, -1, &unknown_bootoption); + + jump_label_init(); + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index e5212ae..2000e06 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -6230,11 +6230,8 @@ int sched_domain_level_max; + + static int __init setup_relax_domain_level(char *str) + { +- unsigned long val; +- +- val = simple_strtoul(str, NULL, 0); +- if (val < sched_domain_level_max) +- default_relax_domain_level = val; ++ if (kstrtoint(str, 0, &default_relax_domain_level)) ++ pr_warn("Unable to set relax_domain_level\n"); + + return 1; + } +@@ -6439,7 +6436,6 @@ struct sched_domain *build_sched_domain(struct sched_domain_topology_level *tl, + if (!sd) + return child; + +- set_domain_attribute(sd, attr); + cpumask_and(sched_domain_span(sd), cpu_map, tl->mask(cpu)); + if (child) { + sd->level = child->level + 1; +@@ -6447,6 +6443,7 @@ struct sched_domain *build_sched_domain(struct sched_domain_topology_level *tl, + child->parent = sd; + } + sd->child = child; ++ set_domain_attribute(sd, attr); + + return sd; + } +diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c +index d66b213..d42574df 100644 +--- a/kernel/time/timekeeping.c ++++ b/kernel/time/timekeeping.c +@@ -964,6 +964,7 @@ static cycle_t logarithmic_accumulation(cycle_t offset, int shift) + timekeeper.xtime.tv_sec++; + leap = second_overflow(timekeeper.xtime.tv_sec); + timekeeper.xtime.tv_sec += leap; ++ timekeeper.wall_to_monotonic.tv_sec -= leap; + } + + /* Accumulate raw time */ +@@ -1079,6 +1080,7 @@ static void update_wall_time(void) + timekeeper.xtime.tv_sec++; + leap = second_overflow(timekeeper.xtime.tv_sec); + timekeeper.xtime.tv_sec += leap; ++ timekeeper.wall_to_monotonic.tv_sec -= leap; + } + + timekeeping_update(false); +diff --git a/lib/btree.c b/lib/btree.c +index e5ec1e9..5cf9e74 100644 +--- a/lib/btree.c ++++ b/lib/btree.c +@@ -319,8 +319,8 @@ void *btree_get_prev(struct btree_head *head, struct btree_geo *geo, + + if (head->height == 0) + return NULL; +-retry: + longcpy(key, __key, geo->keylen); ++retry: + dec_key(geo, key); + + node = head->node; +@@ -351,7 +351,7 @@ retry: + } + miss: + if (retry_key) { +- __key = retry_key; ++ longcpy(key, retry_key, geo->keylen); + retry_key = NULL; + goto retry; + } +diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c +index c20051b..48f937e 100644 +--- a/net/mac80211/iface.c ++++ b/net/mac80211/iface.c +@@ -514,6 +514,18 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, + ieee80211_configure_filter(local); + break; + default: ++ mutex_lock(&local->mtx); ++ if (local->hw_roc_dev == sdata->dev && ++ local->hw_roc_channel) { ++ /* ignore return value since this is racy */ ++ drv_cancel_remain_on_channel(local); ++ ieee80211_queue_work(&local->hw, &local->hw_roc_done); ++ } ++ mutex_unlock(&local->mtx); ++ ++ flush_work(&local->hw_roc_start); ++ flush_work(&local->hw_roc_done); ++ + flush_work(&sdata->work); + /* + * When we get here, the interface is marked down. +diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c +index f054e94..935aa4b 100644 +--- a/net/mac80211/offchannel.c ++++ b/net/mac80211/offchannel.c +@@ -234,6 +234,22 @@ static void ieee80211_hw_roc_done(struct work_struct *work) + return; + } + ++ /* was never transmitted */ ++ if (local->hw_roc_skb) { ++ u64 cookie; ++ ++ cookie = local->hw_roc_cookie ^ 2; ++ ++ cfg80211_mgmt_tx_status(local->hw_roc_dev, cookie, ++ local->hw_roc_skb->data, ++ local->hw_roc_skb->len, false, ++ GFP_KERNEL); ++ ++ kfree_skb(local->hw_roc_skb); ++ local->hw_roc_skb = NULL; ++ local->hw_roc_skb_for_status = NULL; ++ } ++ + if (!local->hw_roc_for_tx) + cfg80211_remain_on_channel_expired(local->hw_roc_dev, + local->hw_roc_cookie, +diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c +index 38137cb..d93d39b 100644 +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -378,7 +378,7 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU) + /* make the station visible */ + sta_info_hash_add(local, sta); + +- list_add(&sta->list, &local->sta_list); ++ list_add_rcu(&sta->list, &local->sta_list); + + set_sta_flag(sta, WLAN_STA_INSERTED); + +@@ -688,7 +688,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta) + if (ret) + return ret; + +- list_del(&sta->list); ++ list_del_rcu(&sta->list); + + mutex_lock(&local->key_mtx); + for (i = 0; i < NUM_DEFAULT_KEYS; i++) +diff --git a/net/mac80211/util.c b/net/mac80211/util.c +index 3862c96..eb9d7c0 100644 +--- a/net/mac80211/util.c ++++ b/net/mac80211/util.c +@@ -1224,7 +1224,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) + enum ieee80211_sta_state state; + + for (state = IEEE80211_STA_NOTEXIST; +- state < sta->sta_state - 1; state++) ++ state < sta->sta_state; state++) + WARN_ON(drv_sta_state(local, sta->sdata, sta, + state, state + 1)); + } +diff --git a/net/wireless/util.c b/net/wireless/util.c +index 957f2562..b5b6890 100644 +--- a/net/wireless/util.c ++++ b/net/wireless/util.c +@@ -936,6 +936,7 @@ int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev, + enum nl80211_iftype iftype) + { + struct wireless_dev *wdev_iter; ++ u32 used_iftypes = BIT(iftype); + int num[NUM_NL80211_IFTYPES]; + int total = 1; + int i, j; +@@ -969,12 +970,14 @@ int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev, + + num[wdev_iter->iftype]++; + total++; ++ used_iftypes |= BIT(wdev_iter->iftype); + } + mutex_unlock(&rdev->devlist_mtx); + + for (i = 0; i < rdev->wiphy.n_iface_combinations; i++) { + const struct ieee80211_iface_combination *c; + struct ieee80211_iface_limit *limits; ++ u32 all_iftypes = 0; + + c = &rdev->wiphy.iface_combinations[i]; + +@@ -989,6 +992,7 @@ int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev, + if (rdev->wiphy.software_iftypes & BIT(iftype)) + continue; + for (j = 0; j < c->n_limits; j++) { ++ all_iftypes |= limits[j].types; + if (!(limits[j].types & BIT(iftype))) + continue; + if (limits[j].max < num[iftype]) +@@ -996,7 +1000,20 @@ int cfg80211_can_change_interface(struct cfg80211_registered_device *rdev, + limits[j].max -= num[iftype]; + } + } +- /* yay, it fits */ ++ ++ /* ++ * Finally check that all iftypes that we're currently ++ * using are actually part of this combination. If they ++ * aren't then we can't use this combination and have ++ * to continue to the next. ++ */ ++ if ((all_iftypes & used_iftypes) != used_iftypes) ++ goto cont; ++ ++ /* ++ * This combination covered all interface types and ++ * supported the requested numbers, so we're good. ++ */ + kfree(limits); + return 0; + cont: +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 7810913..e56c2c8 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6606,6 +6606,7 @@ enum { + ALC662_FIXUP_ASUS_MODE7, + ALC662_FIXUP_ASUS_MODE8, + ALC662_FIXUP_NO_JACK_DETECT, ++ ALC662_FIXUP_ZOTAC_Z68, + }; + + static const struct alc_fixup alc662_fixups[] = { +@@ -6755,6 +6756,13 @@ static const struct alc_fixup alc662_fixups[] = { + .type = ALC_FIXUP_FUNC, + .v.func = alc_fixup_no_jack_detect, + }, ++ [ALC662_FIXUP_ZOTAC_Z68] = { ++ .type = ALC_FIXUP_PINS, ++ .v.pins = (const struct alc_pincfg[]) { ++ { 0x1b, 0x02214020 }, /* Front HP */ ++ { } ++ } ++ }, + }; + + static const struct snd_pci_quirk alc662_fixup_tbl[] = { +@@ -6768,6 +6776,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = { + SND_PCI_QUIRK(0x144d, 0xc051, "Samsung R720", ALC662_FIXUP_IDEAPAD), + SND_PCI_QUIRK(0x17aa, 0x38af, "Lenovo Ideapad Y550P", ALC662_FIXUP_IDEAPAD), + SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Ideapad Y550", ALC662_FIXUP_IDEAPAD), ++ SND_PCI_QUIRK(0x19da, 0xa130, "Zotac Z68", ALC662_FIXUP_ZOTAC_Z68), + SND_PCI_QUIRK(0x1b35, 0x2206, "CZC P10T", ALC662_FIXUP_CZC_P10T), + + #if 0 +diff --git a/sound/soc/codecs/wm8994.c b/sound/soc/codecs/wm8994.c +index 2de12eb..f351b93 100644 +--- a/sound/soc/codecs/wm8994.c ++++ b/sound/soc/codecs/wm8994.c +@@ -46,6 +46,39 @@ + #define WM8994_NUM_DRC 3 + #define WM8994_NUM_EQ 3 + ++static struct { ++ unsigned int reg; ++ unsigned int mask; ++} wm8994_vu_bits[] = { ++ { WM8994_LEFT_LINE_INPUT_1_2_VOLUME, WM8994_IN1_VU }, ++ { WM8994_RIGHT_LINE_INPUT_1_2_VOLUME, WM8994_IN1_VU }, ++ { WM8994_LEFT_LINE_INPUT_3_4_VOLUME, WM8994_IN2_VU }, ++ { WM8994_RIGHT_LINE_INPUT_3_4_VOLUME, WM8994_IN2_VU }, ++ { WM8994_SPEAKER_VOLUME_LEFT, WM8994_SPKOUT_VU }, ++ { WM8994_SPEAKER_VOLUME_RIGHT, WM8994_SPKOUT_VU }, ++ { WM8994_LEFT_OUTPUT_VOLUME, WM8994_HPOUT1_VU }, ++ { WM8994_RIGHT_OUTPUT_VOLUME, WM8994_HPOUT1_VU }, ++ { WM8994_LEFT_OPGA_VOLUME, WM8994_MIXOUT_VU }, ++ { WM8994_RIGHT_OPGA_VOLUME, WM8994_MIXOUT_VU }, ++ ++ { WM8994_AIF1_DAC1_LEFT_VOLUME, WM8994_AIF1DAC1_VU }, ++ { WM8994_AIF1_DAC1_RIGHT_VOLUME, WM8994_AIF1DAC1_VU }, ++ { WM8994_AIF1_DAC2_LEFT_VOLUME, WM8994_AIF1DAC2_VU }, ++ { WM8994_AIF1_DAC2_RIGHT_VOLUME, WM8994_AIF1DAC2_VU }, ++ { WM8994_AIF2_DAC_LEFT_VOLUME, WM8994_AIF2DAC_VU }, ++ { WM8994_AIF2_DAC_RIGHT_VOLUME, WM8994_AIF2DAC_VU }, ++ { WM8994_AIF1_ADC1_LEFT_VOLUME, WM8994_AIF1ADC1_VU }, ++ { WM8994_AIF1_ADC1_RIGHT_VOLUME, WM8994_AIF1ADC1_VU }, ++ { WM8994_AIF1_ADC2_LEFT_VOLUME, WM8994_AIF1ADC2_VU }, ++ { WM8994_AIF1_ADC2_RIGHT_VOLUME, WM8994_AIF1ADC2_VU }, ++ { WM8994_AIF2_ADC_LEFT_VOLUME, WM8994_AIF2ADC_VU }, ++ { WM8994_AIF2_ADC_RIGHT_VOLUME, WM8994_AIF1ADC2_VU }, ++ { WM8994_DAC1_LEFT_VOLUME, WM8994_DAC1_VU }, ++ { WM8994_DAC1_RIGHT_VOLUME, WM8994_DAC1_VU }, ++ { WM8994_DAC2_LEFT_VOLUME, WM8994_DAC2_VU }, ++ { WM8994_DAC2_RIGHT_VOLUME, WM8994_DAC2_VU }, ++}; ++ + static int wm8994_drc_base[] = { + WM8994_AIF1_DRC1_1, + WM8994_AIF1_DRC2_1, +@@ -1006,6 +1039,7 @@ static int aif1clk_ev(struct snd_soc_dapm_widget *w, + struct snd_soc_codec *codec = w->codec; + struct wm8994 *control = codec->control_data; + int mask = WM8994_AIF1DAC1L_ENA | WM8994_AIF1DAC1R_ENA; ++ int i; + int dac; + int adc; + int val; +@@ -1064,6 +1098,13 @@ static int aif1clk_ev(struct snd_soc_dapm_widget *w, + WM8994_AIF1DAC2L_ENA); + break; + ++ case SND_SOC_DAPM_POST_PMU: ++ for (i = 0; i < ARRAY_SIZE(wm8994_vu_bits); i++) ++ snd_soc_write(codec, wm8994_vu_bits[i].reg, ++ snd_soc_read(codec, ++ wm8994_vu_bits[i].reg)); ++ break; ++ + case SND_SOC_DAPM_PRE_PMD: + case SND_SOC_DAPM_POST_PMD: + snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, +@@ -1089,6 +1130,7 @@ static int aif2clk_ev(struct snd_soc_dapm_widget *w, + struct snd_kcontrol *kcontrol, int event) + { + struct snd_soc_codec *codec = w->codec; ++ int i; + int dac; + int adc; + int val; +@@ -1139,6 +1181,13 @@ static int aif2clk_ev(struct snd_soc_dapm_widget *w, + WM8994_AIF2DACR_ENA); + break; + ++ case SND_SOC_DAPM_POST_PMU: ++ for (i = 0; i < ARRAY_SIZE(wm8994_vu_bits); i++) ++ snd_soc_write(codec, wm8994_vu_bits[i].reg, ++ snd_soc_read(codec, ++ wm8994_vu_bits[i].reg)); ++ break; ++ + case SND_SOC_DAPM_PRE_PMD: + case SND_SOC_DAPM_POST_PMD: + snd_soc_update_bits(codec, WM8994_POWER_MANAGEMENT_5, +@@ -1207,17 +1256,19 @@ static int late_enable_ev(struct snd_soc_dapm_widget *w, + switch (event) { + case SND_SOC_DAPM_PRE_PMU: + if (wm8994->aif1clk_enable) { +- aif1clk_ev(w, kcontrol, event); ++ aif1clk_ev(w, kcontrol, SND_SOC_DAPM_PRE_PMU); + snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, + WM8994_AIF1CLK_ENA_MASK, + WM8994_AIF1CLK_ENA); ++ aif1clk_ev(w, kcontrol, SND_SOC_DAPM_POST_PMU); + wm8994->aif1clk_enable = 0; + } + if (wm8994->aif2clk_enable) { +- aif2clk_ev(w, kcontrol, event); ++ aif2clk_ev(w, kcontrol, SND_SOC_DAPM_PRE_PMU); + snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, + WM8994_AIF2CLK_ENA_MASK, + WM8994_AIF2CLK_ENA); ++ aif2clk_ev(w, kcontrol, SND_SOC_DAPM_POST_PMU); + wm8994->aif2clk_enable = 0; + } + break; +@@ -1238,15 +1289,17 @@ static int late_disable_ev(struct snd_soc_dapm_widget *w, + switch (event) { + case SND_SOC_DAPM_POST_PMD: + if (wm8994->aif1clk_disable) { ++ aif1clk_ev(w, kcontrol, SND_SOC_DAPM_PRE_PMD); + snd_soc_update_bits(codec, WM8994_AIF1_CLOCKING_1, + WM8994_AIF1CLK_ENA_MASK, 0); +- aif1clk_ev(w, kcontrol, event); ++ aif1clk_ev(w, kcontrol, SND_SOC_DAPM_POST_PMD); + wm8994->aif1clk_disable = 0; + } + if (wm8994->aif2clk_disable) { ++ aif2clk_ev(w, kcontrol, SND_SOC_DAPM_PRE_PMD); + snd_soc_update_bits(codec, WM8994_AIF2_CLOCKING_1, + WM8994_AIF2CLK_ENA_MASK, 0); +- aif2clk_ev(w, kcontrol, event); ++ aif2clk_ev(w, kcontrol, SND_SOC_DAPM_POST_PMD); + wm8994->aif2clk_disable = 0; + } + break; +@@ -1583,9 +1636,11 @@ SND_SOC_DAPM_POST("Late Disable PGA", late_disable_ev) + + static const struct snd_soc_dapm_widget wm8994_lateclk_widgets[] = { + SND_SOC_DAPM_SUPPLY("AIF1CLK", WM8994_AIF1_CLOCKING_1, 0, 0, aif1clk_ev, +- SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_PRE_PMD), ++ SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMU | ++ SND_SOC_DAPM_PRE_PMD), + SND_SOC_DAPM_SUPPLY("AIF2CLK", WM8994_AIF2_CLOCKING_1, 0, 0, aif2clk_ev, +- SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_PRE_PMD), ++ SND_SOC_DAPM_PRE_PMU | SND_SOC_DAPM_POST_PMU | ++ SND_SOC_DAPM_PRE_PMD), + SND_SOC_DAPM_PGA("Direct Voice", SND_SOC_NOPM, 0, 0, NULL, 0), + SND_SOC_DAPM_MIXER("SPKL", WM8994_POWER_MANAGEMENT_3, 8, 0, + left_speaker_mixer, ARRAY_SIZE(left_speaker_mixer)), +@@ -3939,39 +3994,11 @@ static int wm8994_codec_probe(struct snd_soc_codec *codec) + + pm_runtime_put(codec->dev); + +- /* Latch volume updates (right only; we always do left then right). */ +- snd_soc_update_bits(codec, WM8994_AIF1_DAC1_LEFT_VOLUME, +- WM8994_AIF1DAC1_VU, WM8994_AIF1DAC1_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_DAC1_RIGHT_VOLUME, +- WM8994_AIF1DAC1_VU, WM8994_AIF1DAC1_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_DAC2_LEFT_VOLUME, +- WM8994_AIF1DAC2_VU, WM8994_AIF1DAC2_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_DAC2_RIGHT_VOLUME, +- WM8994_AIF1DAC2_VU, WM8994_AIF1DAC2_VU); +- snd_soc_update_bits(codec, WM8994_AIF2_DAC_LEFT_VOLUME, +- WM8994_AIF2DAC_VU, WM8994_AIF2DAC_VU); +- snd_soc_update_bits(codec, WM8994_AIF2_DAC_RIGHT_VOLUME, +- WM8994_AIF2DAC_VU, WM8994_AIF2DAC_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_ADC1_LEFT_VOLUME, +- WM8994_AIF1ADC1_VU, WM8994_AIF1ADC1_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_ADC1_RIGHT_VOLUME, +- WM8994_AIF1ADC1_VU, WM8994_AIF1ADC1_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_ADC2_LEFT_VOLUME, +- WM8994_AIF1ADC2_VU, WM8994_AIF1ADC2_VU); +- snd_soc_update_bits(codec, WM8994_AIF1_ADC2_RIGHT_VOLUME, +- WM8994_AIF1ADC2_VU, WM8994_AIF1ADC2_VU); +- snd_soc_update_bits(codec, WM8994_AIF2_ADC_LEFT_VOLUME, +- WM8994_AIF2ADC_VU, WM8994_AIF1ADC2_VU); +- snd_soc_update_bits(codec, WM8994_AIF2_ADC_RIGHT_VOLUME, +- WM8994_AIF2ADC_VU, WM8994_AIF1ADC2_VU); +- snd_soc_update_bits(codec, WM8994_DAC1_LEFT_VOLUME, +- WM8994_DAC1_VU, WM8994_DAC1_VU); +- snd_soc_update_bits(codec, WM8994_DAC1_RIGHT_VOLUME, +- WM8994_DAC1_VU, WM8994_DAC1_VU); +- snd_soc_update_bits(codec, WM8994_DAC2_LEFT_VOLUME, +- WM8994_DAC2_VU, WM8994_DAC2_VU); +- snd_soc_update_bits(codec, WM8994_DAC2_RIGHT_VOLUME, +- WM8994_DAC2_VU, WM8994_DAC2_VU); ++ /* Latch volume update bits */ ++ for (i = 0; i < ARRAY_SIZE(wm8994_vu_bits); i++) ++ snd_soc_update_bits(codec, wm8994_vu_bits[i].reg, ++ wm8994_vu_bits[i].mask, ++ wm8994_vu_bits[i].mask); + + /* Set the low bit of the 3D stereo depth so TLV matches */ + snd_soc_update_bits(codec, WM8994_AIF1_DAC1_FILTERS_2, diff --git a/3.4.2/4420_grsecurity-2.9.1-3.4.2-201206160836.patch b/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206171836.patch index 7ce88db..57ad302 100644 --- a/3.4.2/4420_grsecurity-2.9.1-3.4.2-201206160836.patch +++ b/3.4.3/4420_grsecurity-2.9.1-3.4.3-201206171836.patch @@ -227,7 +227,7 @@ index c1601e5..08557ce 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 901a955..dbc701b 100644 +index a0804c6..f487027 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -4147,7 +4147,7 @@ index 8f880bc..c5bd2f3 100644 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) diff --git a/arch/powerpc/kernel/module_32.c b/arch/powerpc/kernel/module_32.c -index 0b6d796..d760ddb 100644 +index 2e3200c..72095ce 100644 --- a/arch/powerpc/kernel/module_32.c +++ b/arch/powerpc/kernel/module_32.c @@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr *hdr, @@ -8070,7 +8070,7 @@ index 5b577d5..3c1fed4 100644 movq r1,r2; \ movq r3,r4; \ diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S -index be6d9e3..21fbbca 100644 +index 3470624..201259d 100644 --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -31,6 +31,7 @@ @@ -8225,7 +8225,7 @@ index be6d9e3..21fbbca 100644 /* * void aesni_cbc_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, -@@ -2498,7 +2523,9 @@ ENTRY(aesni_cbc_dec) +@@ -2500,7 +2525,9 @@ ENTRY(aesni_cbc_dec) popl LEN popl IVP #endif @@ -8235,7 +8235,7 @@ index be6d9e3..21fbbca 100644 #ifdef __x86_64__ .align 16 -@@ -2524,6 +2551,7 @@ _aesni_inc_init: +@@ -2526,6 +2553,7 @@ _aesni_inc_init: mov $1, TCTR_LOW MOVQ_R64_XMM TCTR_LOW INC MOVQ_R64_XMM CTR TCTR_LOW @@ -8243,7 +8243,7 @@ index be6d9e3..21fbbca 100644 ret /* -@@ -2552,6 +2580,7 @@ _aesni_inc: +@@ -2554,6 +2582,7 @@ _aesni_inc: .Linc_low: movaps CTR, IV PSHUFB_XMM BSWAP_MASK IV @@ -8251,7 +8251,7 @@ index be6d9e3..21fbbca 100644 ret /* -@@ -2612,5 +2641,7 @@ ENTRY(aesni_ctr_enc) +@@ -2614,5 +2643,7 @@ ENTRY(aesni_ctr_enc) .Lctr_enc_ret: movups IV, (IVP) .Lctr_enc_just_ret: @@ -27650,10 +27650,10 @@ index 0734086..3ad3e4c 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 23763a1..6375e67 100644 +index d31ee55..8363a8b 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4742,7 +4742,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -27662,7 +27662,7 @@ index 23763a1..6375e67 100644 ap = qc->ap; qc->flags = 0; -@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4758,7 +4758,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -27671,7 +27671,7 @@ index 23763a1..6375e67 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5822,6 +5822,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -27679,7 +27679,7 @@ index 23763a1..6375e67 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5835,8 +5836,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -42519,10 +42519,10 @@ index 4106264..8157ede 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 61b16c6..b492c09 100644 +index 0df0d1f..4bdcbfe 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7071,7 +7071,7 @@ fail: +@@ -7074,7 +7074,7 @@ fail: return -ENOMEM; } @@ -42531,7 +42531,7 @@ index 61b16c6..b492c09 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7085,6 +7085,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7088,6 +7088,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -44186,7 +44186,7 @@ index baac1b1..1499b62 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 4bbd07a..a37bee6 100644 +index 8da837b..ed3835b 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c @@ -463,8 +463,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, @@ -45963,10 +45963,10 @@ index 7df2b5e..5804aa7 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index df5ac04..08cee2a 100644 +index bc43832..0cfe5a6 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1180,7 +1180,7 @@ static char *read_link(struct dentry *dentry) +@@ -1181,7 +1181,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -61522,10 +61522,10 @@ index 72cbf08..dd0201d 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index e926df7..1713bd8 100644 +index 6e887c7..4539601 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -909,7 +909,7 @@ struct ata_port_operations { +@@ -910,7 +910,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -61997,7 +61997,7 @@ index b2be02e..72d2f78 100644 or 0. */ int apply_relocate(Elf_Shdr *sechdrs, diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index ea36486..91e70f4 100644 +index 944bc18..042d291 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -286,7 +286,7 @@ static inline void __kernel_param_unlock(void) @@ -64257,7 +64257,7 @@ index 8216c30..25e8e32 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index cb54cd3..8773e3c 100644 +index b08c5f7..09f865e 100644 --- a/init/main.c +++ b/init/main.c @@ -95,6 +95,8 @@ static inline void mark_rodata_ro(void) { } @@ -67912,7 +67912,7 @@ index 0984a21..939f183 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index e5212ae..2fcf98d 100644 +index 2000e06..79cf3d8 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -3907,6 +3907,8 @@ int can_nice(const struct task_struct *p, const int nice) @@ -68671,7 +68671,7 @@ index f113755..ec24223 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index d66b213..6947686 100644 +index d42574df..247414c 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -75525,7 +75525,7 @@ index db8fae5..ff070cd 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index c20051b..2accbc4 100644 +index 48f937e..4ccd7b8 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) @@ -75573,7 +75573,7 @@ index c20051b..2accbc4 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -550,7 +550,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -562,7 +562,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -75653,7 +75653,7 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 3862c96..3258ddc 100644 +index eb9d7c0..d34b832 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -1179,7 +1179,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) @@ -97776,10 +97776,10 @@ index 0000000..c2eca90 +}; diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..64846cb +index 0000000..273e66a --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1224 @@ +@@ -0,0 +1,1203 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -97792,7 +97792,7 @@ index 0000000..64846cb + * The recomputed argument is checked against TYPE_MAX and an event is logged on overflow and the triggering process is killed. + * + * Usage: -+ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c ++ * $ gcc -I`gcc -print-file-name=plugin`/include/c-family -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -ggdb -Wall -W -Wno-missing-field-initializers -o size_overflow_plugin.so size_overflow_plugin.c + * $ gcc -fplugin=size_overflow_plugin.so test.c -O2 + */ + @@ -97846,8 +97846,8 @@ index 0000000..64846cb +static unsigned int handle_function(void); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120612beta", -+ .help = "no-size_overflow\tturn off size overflow checking\n", ++ .version = "20120617beta", ++ .help = "no-size-overflow\tturn off size overflow checking\n", +}; + +static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) @@ -97871,7 +97871,7 @@ index 0000000..64846cb + .decl_required = false, + .type_required = true, + .function_type_required = true, -+ .handler = handle_size_overflow_attribute, ++ .handler = handle_size_overflow_attribute +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = false +#endif @@ -98135,11 +98135,17 @@ index 0000000..64846cb + +static tree cast_a_tree(tree type, tree var) +{ ++ gcc_assert(type != NULL_TREE && var != NULL_TREE); + gcc_assert(fold_convertible_p(type, var)); + + return fold_convert(type, var); +} + ++static tree signed_cast(tree var) ++{ ++ return cast_a_tree(signed_size_overflow_type, var); ++} ++ +static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) +{ + gimple assign; @@ -98238,7 +98244,7 @@ index 0000000..64846cb + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = cast_a_tree(signed_size_overflow_type, rhs1); ++ rhs1 = signed_cast(rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -98276,13 +98282,6 @@ index 0000000..64846cb + return phi; +} + -+static tree signed_cast_constant(tree node) -+{ -+ gcc_assert(is_gimple_constant(node)); -+ -+ return cast_a_tree(signed_size_overflow_type, node); -+} -+ +static basic_block create_a_first_bb(void) +{ + basic_block first_bb; @@ -98378,7 +98377,7 @@ index 0000000..64846cb + + arg = gimple_phi_arg_def(oldstmt, i); + if (is_gimple_constant(arg)) -+ arg = signed_cast_constant(arg); ++ arg = signed_cast(arg); + lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); + if (lhs == NULL_TREE) + lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); @@ -98411,7 +98410,7 @@ index 0000000..64846cb + tree rhs1 = gimple_assign_rhs1(def_stmt); + + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast(rhs1), NULL_TREE, NULL_TREE); + + gcc_assert(TREE_CODE(rhs1) != COND_EXPR); + switch (TREE_CODE(rhs1)) { @@ -98540,19 +98539,6 @@ index 0000000..64846cb +// print_the_code_insertions(stmt); +} + -+static tree get_type_for_check(tree rhs) -+{ -+ tree def_rhs; -+ gimple def_stmt = get_def_stmt(rhs); -+ -+ if (!gimple_assign_cast_p(def_stmt)) -+ return TREE_TYPE(rhs); -+ def_rhs = gimple_assign_rhs1(def_stmt); -+ if (TREE_CODE(TREE_TYPE(def_rhs)) == INTEGER_TYPE) -+ return TREE_TYPE(def_rhs); -+ return TREE_TYPE(rhs); -+} -+ +static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) +{ + gimple ucast_stmt; @@ -98567,61 +98553,54 @@ index 0000000..64846cb + +static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) +{ -+ tree type_max, type_min, rhs_type; ++ tree type_max, type_min, rhs_type = TREE_TYPE(rhs); + gimple ucast_stmt; + + if (!*potentionally_overflowed) + return; + -+ rhs_type = get_type_for_check(rhs); -+ + if (TYPE_UNSIGNED(rhs_type)) { + ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); + type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); + } else { -+ type_max = cast_a_tree(signed_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ type_max = signed_cast(TYPE_MAX_VALUE(rhs_type)); + insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); + -+ type_min = cast_a_tree(signed_size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ type_min = signed_cast(TYPE_MIN_VALUE(rhs_type)); + insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); + } +} + -+static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs) ++static tree change_assign_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt, tree orig_rhs, tree new_rhs) +{ + gimple assign; + gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ tree new_rhs, origtype = TREE_TYPE(orig_rhs); ++ tree origtype = TREE_TYPE(orig_rhs); + + gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); + -+ new_rhs = expand(visited, potentionally_overflowed, orig_rhs); -+ if (new_rhs == NULL_TREE) -+ return NULL_TREE; -+ + assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); + gsi_insert_before(&gsi, assign, GSI_SAME_STMT); + update_stmt(assign); + return gimple_get_lhs(assign); +} + -+static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree orig_rhs, tree var_rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) +{ -+ tree new_rhs, cast_rhs; ++ tree new_rhs; + + if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); + -+ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, rhs); -+ if (new_rhs != NULL_TREE) { -+ gimple_assign_set_rhs(def_stmt, new_rhs); -+ update_stmt(def_stmt); ++ if (var_rhs == NULL_TREE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); + -+ cast_rhs = gimple_assign_rhs1(get_def_stmt(new_rhs)); ++ new_rhs = change_assign_rhs(visited, potentionally_overflowed, def_stmt, orig_rhs, var_rhs); ++ gimple_assign_set_rhs(def_stmt, new_rhs); ++ update_stmt(def_stmt); + -+ check_size_overflow(def_stmt, cast_rhs, rhs, potentionally_overflowed); -+ } ++ check_size_overflow(def_stmt, var_rhs, orig_rhs, potentionally_overflowed); + return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); +} + @@ -98662,10 +98641,10 @@ index 0000000..64846cb + new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + + if (is_gimple_constant(rhs2)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, signed_cast_constant(rhs2), &gimple_assign_set_rhs1); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, new_rhs1, signed_cast(rhs2), &gimple_assign_set_rhs1); + + if (is_gimple_constant(rhs1)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, signed_cast_constant(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, new_rhs2, signed_cast(rhs1), new_rhs2, &gimple_assign_set_rhs2); + + return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); +} @@ -98674,7 +98653,7 @@ index 0000000..64846cb +static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) +{ + if (is_gimple_constant(rhs)) -+ return signed_cast_constant(rhs); ++ return signed_cast(rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; + return expand(visited, potentionally_overflowed, rhs); diff --git a/3.4.2/4430_grsec-remove-localversion-grsec.patch b/3.4.3/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.4.2/4430_grsec-remove-localversion-grsec.patch +++ b/3.4.3/4430_grsec-remove-localversion-grsec.patch diff --git a/3.4.2/4435_grsec-mute-warnings.patch b/3.4.3/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.4.2/4435_grsec-mute-warnings.patch +++ b/3.4.3/4435_grsec-mute-warnings.patch diff --git a/3.4.2/4440_grsec-remove-protected-paths.patch b/3.4.3/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.4.2/4440_grsec-remove-protected-paths.patch +++ b/3.4.3/4440_grsec-remove-protected-paths.patch diff --git a/3.4.2/4445_grsec-pax-without-grsec.patch b/3.4.3/4445_grsec-pax-without-grsec.patch index 35255c2..35255c2 100644 --- a/3.4.2/4445_grsec-pax-without-grsec.patch +++ b/3.4.3/4445_grsec-pax-without-grsec.patch diff --git a/3.4.2/4450_grsec-kconfig-default-gids.patch b/3.4.3/4450_grsec-kconfig-default-gids.patch index 123f877..123f877 100644 --- a/3.4.2/4450_grsec-kconfig-default-gids.patch +++ b/3.4.3/4450_grsec-kconfig-default-gids.patch diff --git a/3.4.2/4455_grsec-kconfig-gentoo.patch b/3.4.3/4455_grsec-kconfig-gentoo.patch index b9dc3e5..b9dc3e5 100644 --- a/3.4.2/4455_grsec-kconfig-gentoo.patch +++ b/3.4.3/4455_grsec-kconfig-gentoo.patch diff --git a/3.4.2/4460-grsec-kconfig-proc-user.patch b/3.4.3/4460-grsec-kconfig-proc-user.patch index b2b3188..b2b3188 100644 --- a/3.4.2/4460-grsec-kconfig-proc-user.patch +++ b/3.4.3/4460-grsec-kconfig-proc-user.patch diff --git a/3.4.2/4465_selinux-avc_audit-log-curr_ip.patch b/3.4.3/4465_selinux-avc_audit-log-curr_ip.patch index 5a9d80c..5a9d80c 100644 --- a/3.4.2/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.4.3/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.4.2/4470_disable-compat_vdso.patch b/3.4.3/4470_disable-compat_vdso.patch index c40f44f..c40f44f 100644 --- a/3.4.2/4470_disable-compat_vdso.patch +++ b/3.4.3/4470_disable-compat_vdso.patch |