diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-04-06 21:51:47 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-04-06 21:51:47 -0400 |
| commit | c609df6c830330818ec52a8eab7e7f6870b2afe1 (patch) | |
| tree | 44e5cbd2a34e0a0ef9803af4685c67aaf6565c07 | |
| parent | Grsec/PaX: 3.1-{3.14.37,3.19.3}-201503270049 (diff) | |
| download | hardened-patchset-20150405.tar.gz hardened-patchset-20150405.tar.bz2 hardened-patchset-20150405.zip | |
Grsec/PaX: 3.1-{3.2.68,3.14.37,3.19.3}-20150405140520150405
| -rw-r--r-- | 3.14.37/0000_README | 2 | ||||
| -rw-r--r-- | 3.14.37/4420_grsecurity-3.1-3.14.37-201504051405.patch (renamed from 3.14.37/4420_grsecurity-3.1-3.14.37-201503270048.patch) | 588 | ||||
| -rw-r--r-- | 3.19.3/0000_README | 2 | ||||
| -rw-r--r-- | 3.19.3/4420_grsecurity-3.1-3.19.3-201504021826.patch (renamed from 3.19.3/4420_grsecurity-3.1-3.19.3-201503270049.patch) | 515 | ||||
| -rw-r--r-- | 3.2.68/0000_README | 2 | ||||
| -rw-r--r-- | 3.2.68/4420_grsecurity-3.1-3.2.68-201504021823.patch (renamed from 3.2.68/4420_grsecurity-3.1-3.2.68-201503251805.patch) | 296 |
6 files changed, 1177 insertions, 228 deletions
diff --git a/3.14.37/0000_README b/3.14.37/0000_README index 6e499e4..cbf4ba6 100644 --- a/3.14.37/0000_README +++ b/3.14.37/0000_README @@ -6,7 +6,7 @@ Patch: 1036_linux-3.14.37.patch From: http://www.kernel.org Desc: Linux 3.14.37 -Patch: 4420_grsecurity-3.1-3.14.37-201503270048.patch +Patch: 4420_grsecurity-3.1-3.14.37-201504051405.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.37/4420_grsecurity-3.1-3.14.37-201503270048.patch b/3.14.37/4420_grsecurity-3.1-3.14.37-201504051405.patch index e462e33..b383085 100644 --- a/3.14.37/4420_grsecurity-3.1-3.14.37-201503270048.patch +++ b/3.14.37/4420_grsecurity-3.1-3.14.37-201504051405.patch @@ -235,21 +235,24 @@ index b89a739..e289b9b 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 5d91ba1..935a4e7 100644 +index 5d91ba1..ef1d374 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1084,6 +1084,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1084,6 +1084,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. Default: 1024 + grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ grsec_sysfs_restrict= Format: 0 | 1 ++ Default: 1 ++ Disables GRKERNSEC_SYSFS_RESTRICT if enabled in config + hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2081,6 +2085,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2081,6 +2088,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings @@ -260,7 +263,7 @@ index 5d91ba1..935a4e7 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2348,6 +2356,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2348,6 +2359,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -10165,10 +10168,18 @@ index 0167d26..767bb0c 100644 #include <asm/uaccess_64.h> #else diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h -index 53a28dd..50c38c3 100644 +index 53a28dd..6e11369 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h -@@ -250,27 +250,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig +@@ -47,6 +47,7 @@ + #define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; }) + #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) + #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size))) ++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size)) + #define access_ok(type, addr, size) \ + ({ (void)(type); __access_ok((unsigned long)(addr), size); }) + +@@ -250,27 +251,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -10220,7 +10231,7 @@ index 53a28dd..50c38c3 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index ad7e178..c9e7423 100644 +index ad7e178..26cd4a7 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -10231,7 +10242,19 @@ index ad7e178..c9e7423 100644 #include <asm/asi.h> #include <asm/spitfire.h> #include <asm-generic/uaccess-unaligned.h> -@@ -214,8 +215,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, +@@ -54,6 +55,11 @@ static inline int __access_ok(const void __user * addr, unsigned long size) + return 1; + } + ++static inline int access_ok_noprefault(int type, const void __user * addr, unsigned long size) ++{ ++ return 1; ++} ++ + static inline int access_ok(int type, const void __user * addr, unsigned long size) + { + return 1; +@@ -214,8 +220,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long size) { @@ -10248,7 +10271,7 @@ index ad7e178..c9e7423 100644 if (unlikely(ret)) ret = copy_from_user_fixup(to, from, size); -@@ -231,8 +239,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, +@@ -231,8 +244,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long size) { @@ -21150,7 +21173,7 @@ index c005fdd..e33da29 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index e6bddd5..517213d 100644 +index e6bddd5..5b0c55c 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -88,60 +88,6 @@ static const struct cpu_dev default_cpu = { @@ -21283,10 +21306,20 @@ index e6bddd5..517213d 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -885,6 +884,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -885,6 +884,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); ++#ifdef CONFIG_X86_32 ++#ifdef CONFIG_PAX_PAGEEXEC ++ if (!(__supported_pte_mask & _PAGE_NX)) ++ clear_cpu_cap(c, X86_FEATURE_PSE); ++#endif ++#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ clear_cpu_cap(c, X86_FEATURE_SEP); ++#endif ++#endif ++ +#ifdef CONFIG_X86_64 + setup_pcid(c); +#endif @@ -21294,18 +21327,7 @@ index e6bddd5..517213d 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -893,6 +896,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) - /* Filter out anything that depends on CPUID levels we don't have */ - filter_cpuid_features(c, true); - -+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)) -+ setup_clear_cpu_cap(X86_FEATURE_SEP); -+#endif -+ - /* If the model name is still unset, do table lookup. */ - if (!c->x86_model_id[0]) { - const char *p; -@@ -1080,10 +1087,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1080,10 +1093,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -21321,7 +21343,7 @@ index e6bddd5..517213d 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1097,7 +1106,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1097,7 +1112,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -21330,7 +21352,7 @@ index e6bddd5..517213d 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1247,7 +1256,7 @@ void cpu_init(void) +@@ -1247,7 +1262,7 @@ void cpu_init(void) load_ucode_ap(); cpu = stack_smp_processor_id(); @@ -21339,7 +21361,7 @@ index e6bddd5..517213d 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1282,7 +1291,6 @@ void cpu_init(void) +@@ -1282,7 +1297,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -21347,7 +21369,7 @@ index e6bddd5..517213d 100644 enable_x2apic(); /* -@@ -1334,7 +1342,7 @@ void cpu_init(void) +@@ -1334,7 +1348,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -30219,7 +30241,7 @@ index 7609e0e..b449b98 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index a451235..1daa956 100644 +index a451235..a74bfa3 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S @@ -33,17 +33,40 @@ @@ -30244,8 +30266,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --1: movzbl (%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30257,6 +30277,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-1: movzbl (%_ASM_AX),%edx +1: __copyuser_seg movzbl (%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30274,8 +30296,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --2: movzwl -1(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30287,6 +30307,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-2: movzwl -1(%_ASM_AX),%edx +2: __copyuser_seg movzwl -1(%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30304,8 +30326,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --3: movl -3(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30317,6 +30337,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-3: movl -3(%_ASM_AX),%edx +3: __copyuser_seg movl -3(%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30895,7 +30917,7 @@ index f6d13ee..d789440 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index fc6ba17..d4d989d 100644 +index fc6ba17..14ad9a5 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S @@ -16,7 +16,9 @@ @@ -30943,8 +30965,6 @@ index fc6ba17..d4d989d 100644 + GET_THREAD_INFO(%_ASM_BX) cmp TI_addr_limit(%_ASM_BX),%_ASM_CX jae bad_put_user - ASM_STAC --1: movb %al,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30956,6 +30976,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-1: movb %al,(%_ASM_CX) +1: __copyuser_seg movb %al,(_DEST) xor %eax,%eax EXIT @@ -30970,8 +30992,6 @@ index fc6ba17..d4d989d 100644 sub $1,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --2: movw %ax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30983,6 +31003,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-2: movw %ax,(%_ASM_CX) +2: __copyuser_seg movw %ax,(_DEST) xor %eax,%eax EXIT @@ -30997,8 +31019,6 @@ index fc6ba17..d4d989d 100644 sub $3,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --3: movl %eax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -31010,6 +31030,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-3: movl %eax,(%_ASM_CX) +3: __copyuser_seg movl %eax,(_DEST) xor %eax,%eax EXIT @@ -31024,8 +31046,6 @@ index fc6ba17..d4d989d 100644 sub $7,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --4: mov %_ASM_AX,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -31037,6 +31057,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-4: mov %_ASM_AX,(%_ASM_CX) +4: __copyuser_seg mov %_ASM_AX,(_DEST) #ifdef CONFIG_X86_32 -5: movl %edx,4(%_ASM_CX) @@ -43391,6 +43413,20 @@ index a841123..055ebeb 100644 if (!can_do_mlock()) return ERR_PTR(-EPERM); +diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c +index 2adc143..619e970 100644 +--- a/drivers/infiniband/core/uverbs_cmd.c ++++ b/drivers/infiniband/core/uverbs_cmd.c +@@ -923,6 +923,9 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, + if (copy_from_user(&cmd, buf, sizeof cmd)) + return -EFAULT; + ++ if (!access_ok_noprefault(VERIFY_READ, cmd.start, cmd.length)) ++ return -EFAULT; ++ + INIT_UDATA(&udata, buf + sizeof cmd, + (unsigned long) cmd.response + sizeof resp, + in_len - sizeof cmd, out_len - sizeof resp); diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c index 41b1195..27971a0 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c @@ -61038,21 +61074,32 @@ index 4366127..b8c2cf9 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 1ff8fe5..5bf8b25 100644 +index 1ff8fe5..31407fe 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -424,7 +424,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -422,10 +422,20 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); + * If debugfs is not enabled in the kernel, the value -%ENODEV will be + * returned. */ ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { +- return __create_file(name, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, +- parent, NULL, NULL); ++ umode_t mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; ++ +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT -+ return __create_file(name, S_IFDIR | S_IRWXU, -+#else - return __create_file(name, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, ++ if (grsec_enable_sysfs_restrict) ++ mode = S_IFDIR | S_IRWXU; +#endif - parent, NULL, NULL); ++ ++ return __create_file(name, mode, parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); + diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index a85ceb7..5097313b 100644 --- a/fs/ecryptfs/inode.c @@ -68319,10 +68366,21 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index ee0d761..b346c58 100644 +index ee0d761..2f33d21 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c -@@ -62,9 +62,16 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) +@@ -54,6 +54,10 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) + kfree(path); + } + ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ + /** + * sysfs_create_dir_ns - create a directory for an object with a namespace tag + * @kobj: object we're creating directory for +@@ -62,9 +66,16 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) { struct kernfs_node *parent, *kn; @@ -68339,7 +68397,7 @@ index ee0d761..b346c58 100644 if (kobj->parent) parent = kobj->parent->sd; else -@@ -73,11 +80,22 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) +@@ -73,11 +84,24 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) if (!parent) return -ENOENT; @@ -68354,6 +68412,8 @@ index ee0d761..b346c58 100644 + (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) || + (!strcmp(parent_name, "system") && !strcmp(name, "cpu"))) + mode = S_IRWXU | S_IRUGO | S_IXUGO; ++ if (!grsec_enable_sysfs_restrict) ++ mode = S_IRWXU | S_IRUGO | S_IXUGO; +#endif + + kn = kernfs_create_dir_ns(parent, name, @@ -88618,6 +88678,26 @@ index ef6103b..d4e65dd 100644 #define ELFMAG0 0x7f /* EI_MAG */ #define ELFMAG1 'E' #define ELFMAG2 'L' +diff --git a/include/uapi/linux/netfilter/xt_connlimit.h b/include/uapi/linux/netfilter/xt_connlimit.h +index f165609..d1366f0 100644 +--- a/include/uapi/linux/netfilter/xt_connlimit.h ++++ b/include/uapi/linux/netfilter/xt_connlimit.h +@@ -22,8 +22,13 @@ struct xt_connlimit_info { + #endif + }; + unsigned int limit; +- /* revision 1 */ +- __u32 flags; ++ union { ++ /* revision 0 */ ++ unsigned int inverse; ++ ++ /* revision 1 */ ++ __u32 flags; ++ }; + + /* Used internally by the kernel */ + struct xt_connlimit_data *data __attribute__((aligned(8))); diff --git a/include/uapi/linux/personality.h b/include/uapi/linux/personality.h index aa169c4..6a2771d 100644 --- a/include/uapi/linux/personality.h @@ -89117,7 +89197,7 @@ index 93b6139..8d628b7 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 58c132d..ac3f3b0 100644 +index 58c132d..310b5fa 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ extern void radix_tree_init(void); @@ -89129,7 +89209,7 @@ index 58c132d..ac3f3b0 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -158,6 +160,75 @@ static int __init set_reset_devices(char *str) +@@ -158,6 +160,85 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -89142,6 +89222,16 @@ index 58c132d..ac3f3b0 100644 +} +__setup("grsec_proc_gid=", setup_grsec_proc_gid); +#endif ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++int grsec_enable_sysfs_restrict = 1; ++static int __init setup_grsec_sysfs_restrict(char *str) ++{ ++ if (!simple_strtol(str, NULL, 0)) ++ grsec_enable_sysfs_restrict = 0; ++ return 1; ++} ++__setup("grsec_sysfs_restrict", setup_grsec_sysfs_restrict); ++#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +unsigned long pax_user_shadow_base __read_only; @@ -89205,7 +89295,7 @@ index 58c132d..ac3f3b0 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -692,25 +763,24 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -692,25 +773,24 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -89236,7 +89326,7 @@ index 58c132d..ac3f3b0 100644 return ret; } -@@ -817,8 +887,8 @@ static int run_init_process(const char *init_filename) +@@ -817,8 +897,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -89247,7 +89337,7 @@ index 58c132d..ac3f3b0 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -835,6 +905,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -835,6 +915,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -89258,7 +89348,7 @@ index 58c132d..ac3f3b0 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -859,6 +933,11 @@ static int __ref kernel_init(void *unused) +@@ -859,6 +943,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -89270,7 +89360,7 @@ index 58c132d..ac3f3b0 100644 /* * We try each of these until one succeeds. * -@@ -914,7 +993,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -914,7 +1003,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -89279,7 +89369,7 @@ index 58c132d..ac3f3b0 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -927,11 +1006,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -927,11 +1016,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -95201,7 +95291,7 @@ index e3be87e..abc908f 100644 /* make curr_ret_stack visible before we add the ret_stack */ smp_wmb(); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 774a080..7fa60b1 100644 +index 774a080..d09b170 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -95216,17 +95306,22 @@ index 774a080..7fa60b1 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu { +@@ -473,11 +473,11 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; - local_t overrun; - local_t commit_overrun; +- local_t dropped_events; + local_unchecked_t overrun; + local_unchecked_t commit_overrun; - local_t dropped_events; ++ local_unchecked_t dropped_events; local_t committing; - local_t commits; +- local_t commits; ++ local_unchecked_t commits; + unsigned long read; + unsigned long read_bytes; + u64 write_stamp; @@ -1005,8 +1005,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. @@ -95318,6 +95413,15 @@ index 774a080..7fa60b1 100644 goto out_reset; } +@@ -2330,7 +2330,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, + * this is easy, just stop here. + */ + if (!(buffer->flags & RB_FL_OVERWRITE)) { +- local_inc(&cpu_buffer->dropped_events); ++ local_inc_unchecked(&cpu_buffer->dropped_events); + goto out_reset; + } + @@ -2356,7 +2356,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == @@ -95363,6 +95467,42 @@ index 774a080..7fa60b1 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); +@@ -2486,7 +2486,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, + static void rb_start_commit(struct ring_buffer_per_cpu *cpu_buffer) + { + local_inc(&cpu_buffer->committing); +- local_inc(&cpu_buffer->commits); ++ local_inc_unchecked(&cpu_buffer->commits); + } + + static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) +@@ -2498,7 +2498,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + return; + + again: +- commits = local_read(&cpu_buffer->commits); ++ commits = local_read_unchecked(&cpu_buffer->commits); + /* synchronize with interrupts */ + barrier(); + if (local_read(&cpu_buffer->committing) == 1) +@@ -2514,7 +2514,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + * updating of the commit page and the clearing of the + * committing counter. + */ +- if (unlikely(local_read(&cpu_buffer->commits) != commits) && ++ if (unlikely(local_read_unchecked(&cpu_buffer->commits) != commits) && + !local_read(&cpu_buffer->committing)) { + local_inc(&cpu_buffer->committing); + goto again; +@@ -2544,7 +2544,7 @@ rb_reserve_next_event(struct ring_buffer *buffer, + barrier(); + if (unlikely(ACCESS_ONCE(cpu_buffer->buffer) != buffer)) { + local_dec(&cpu_buffer->committing); +- local_dec(&cpu_buffer->commits); ++ local_dec_unchecked(&cpu_buffer->commits); + return NULL; + } + #endif @@ -2863,7 +2863,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ @@ -95408,6 +95548,15 @@ index 774a080..7fa60b1 100644 return ret; } +@@ -3293,7 +3293,7 @@ ring_buffer_dropped_events_cpu(struct ring_buffer *buffer, int cpu) + return 0; + + cpu_buffer = buffer->buffers[cpu]; +- ret = local_read(&cpu_buffer->dropped_events); ++ ret = local_read_unchecked(&cpu_buffer->dropped_events); + + return ret; + } @@ -3356,7 +3356,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { @@ -95448,7 +95597,7 @@ index 774a080..7fa60b1 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4145,14 +4145,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4145,18 +4145,18 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -95462,11 +95611,17 @@ index 774a080..7fa60b1 100644 local_set(&cpu_buffer->entries_bytes, 0); - local_set(&cpu_buffer->overrun, 0); - local_set(&cpu_buffer->commit_overrun, 0); +- local_set(&cpu_buffer->dropped_events, 0); + local_set_unchecked(&cpu_buffer->overrun, 0); + local_set_unchecked(&cpu_buffer->commit_overrun, 0); - local_set(&cpu_buffer->dropped_events, 0); ++ local_set_unchecked(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); +- local_set(&cpu_buffer->commits, 0); ++ local_set_unchecked(&cpu_buffer->commits, 0); + cpu_buffer->read = 0; + cpu_buffer->read_bytes = 0; + @@ -4557,8 +4557,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; @@ -96410,6 +96565,22 @@ index f07a40d..0a445a7 100644 retval = 1; } spin_unlock(&lockref->lock); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 10ad042d..25b47b5 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -274,7 +274,11 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + { + int minlen = min_t(int, count, nla_len(src)); + ++ BUG_ON(minlen < 0); ++ + memcpy(dest, nla_data(src), minlen); ++ if (count > minlen) ++ memset(dest + minlen, 0, count - minlen); + + return minlen; + } diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c index 963b703..438bc51 100644 --- a/lib/percpu-refcount.c @@ -103893,6 +104064,19 @@ index bf2cb4a..d83ba8a 100644 p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW; p->rate_tokens = 0; /* 60*HZ is arbitrary, but chosen enough high so that the first +diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c +index ecb34b5..5c5ab40 100644 +--- a/net/ipv4/ip_forward.c ++++ b/net/ipv4/ip_forward.c +@@ -82,7 +82,7 @@ static int ip_forward_finish_gso(struct sk_buff *skb) + + features = netif_skb_dev_features(skb, dst->dev); + segs = skb_gso_segment(skb, features & ~NETIF_F_GSO_MASK); +- if (IS_ERR(segs)) { ++ if (IS_ERR_OR_NULL(segs)) { + kfree_skb(skb); + return -ENOMEM; + } diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 9ff497d..877a388 100644 --- a/net/ipv4/ip_fragment.c @@ -106767,6 +106951,19 @@ index 6ff12a1..d1815b6 100644 goto nla_put_failure; if (data_len) { +diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c +index 108120f..5b169db 100644 +--- a/net/netfilter/nfnetlink_queue_core.c ++++ b/net/netfilter/nfnetlink_queue_core.c +@@ -665,7 +665,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) + * returned by nf_queue. For instance, callers rely on -ECANCELED to + * mean 'ignore this hook'. + */ +- if (IS_ERR(segs)) ++ if (IS_ERR_OR_NULL(segs)) + goto out_err; + queued = 0; + err = 0; diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c index 7350723..c58f861 100644 --- a/net/netfilter/nft_compat.c @@ -106789,6 +106986,60 @@ index 7350723..c58f861 100644 set_fs(old_fs); ret = nla_put(skb, NFTA_MATCH_INFO, XT_ALIGN(m->matchsize), out); kfree(out); +diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c +index c40b269..b73fd7d 100644 +--- a/net/netfilter/xt_connlimit.c ++++ b/net/netfilter/xt_connlimit.c +@@ -274,25 +274,38 @@ static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) + kfree(info->data); + } + +-static struct xt_match connlimit_mt_reg __read_mostly = { +- .name = "connlimit", +- .revision = 1, +- .family = NFPROTO_UNSPEC, +- .checkentry = connlimit_mt_check, +- .match = connlimit_mt, +- .matchsize = sizeof(struct xt_connlimit_info), +- .destroy = connlimit_mt_destroy, +- .me = THIS_MODULE, ++static struct xt_match connlimit_mt_reg[] __read_mostly = { ++ { ++ .name = "connlimit", ++ .revision = 0, ++ .family = NFPROTO_UNSPEC, ++ .checkentry = connlimit_mt_check, ++ .match = connlimit_mt, ++ .matchsize = sizeof(struct xt_connlimit_info), ++ .destroy = connlimit_mt_destroy, ++ .me = THIS_MODULE, ++ }, ++ { ++ .name = "connlimit", ++ .revision = 1, ++ .family = NFPROTO_UNSPEC, ++ .checkentry = connlimit_mt_check, ++ .match = connlimit_mt, ++ .matchsize = sizeof(struct xt_connlimit_info), ++ .destroy = connlimit_mt_destroy, ++ .me = THIS_MODULE, ++ }, + }; + + static int __init connlimit_mt_init(void) + { +- return xt_register_match(&connlimit_mt_reg); ++ return xt_register_matches(connlimit_mt_reg, ++ ARRAY_SIZE(connlimit_mt_reg)); + } + + static void __exit connlimit_mt_exit(void) + { +- xt_unregister_match(&connlimit_mt_reg); ++ xt_unregister_matches(connlimit_mt_reg, ARRAY_SIZE(connlimit_mt_reg)); + } + + module_init(connlimit_mt_init); diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..c566332 @@ -106945,6 +107196,19 @@ index b74aa07..d41926e 100644 sax->fsa_ax25.sax25_call = nr->source_addr; *uaddr_len = sizeof(struct sockaddr_ax25); } +diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c +index 270b77d..0a9d0981 100644 +--- a/net/openvswitch/datapath.c ++++ b/net/openvswitch/datapath.c +@@ -314,6 +314,8 @@ static int queue_gso_packets(struct datapath *dp, struct sk_buff *skb, + segs = __skb_gso_segment(skb, NETIF_F_SG, false); + if (IS_ERR(segs)) + return PTR_ERR(segs); ++ if (segs == NULL) ++ return -EINVAL; + + /* Queue all of the segments. */ + skb = segs; diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 48b1817..d2c096b 100644 --- a/net/packet/af_packet.c @@ -108758,6 +109022,19 @@ index 0917f04..f4e3d8c 100644 return -ENOMEM; if (!proc_create("x25/route", S_IRUGO, init_net.proc_net, +diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c +index 3bb2cdc..616d812 100644 +--- a/net/xfrm/xfrm_output.c ++++ b/net/xfrm/xfrm_output.c +@@ -157,6 +157,8 @@ static int xfrm_output_gso(struct sk_buff *skb) + kfree_skb(skb); + if (IS_ERR(segs)) + return PTR_ERR(segs); ++ if (segs == NULL) ++ return -EINVAL; + + do { + struct sk_buff *nskb = segs->next; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 59cf325..e7fa6f0 100644 --- a/net/xfrm/xfrm_policy.c @@ -112954,10 +113231,10 @@ index 0000000..3b5af59 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..cd95c07 +index 0000000..14ec226 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,375 @@ +@@ -0,0 +1,520 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -113038,6 +113315,10 @@ index 0000000..cd95c07 +#include "tree-cfgcleanup.h" +#endif + ++#if BUILDING_GCC_VERSION >= 4008 ++#include "is-a.h" ++#endif ++ +#include "diagnostic.h" +//#include "tree-diagnostic.h" +#include "tree-dump.h" @@ -113080,6 +113361,9 @@ index 0000000..cd95c07 +//#include "lto-streamer.h" +#endif +//#include "lto-compress.h" ++#if BUILDING_GCC_VERSION >= 5000 ++//#include "lto-section-names.h" ++#endif + +//#include "expr.h" where are you... +extern rtx emit_move_insn(rtx x, rtx y); @@ -113108,11 +113392,11 @@ index 0000000..cd95c07 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_VEC_ELT_REVERSE(T,V,I,P) for (I = VEC_length(T, (V)) - 1; VEC_iterate(T, (V), (I), (P)); (I)--) -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) FOR_EACH_VEC_ELT_REVERSE(tree, (FUN)->local_decls, I, D) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 ++#define SCOPE_FILE_SCOPE_P(EXP) (!(EXP)) + +#ifndef O_BINARY +#define O_BINARY 0 @@ -113256,6 +113540,7 @@ index 0000000..cd95c07 +#define PROP_loops 0 +#define NODE_SYMBOL(node) (node) +#define NODE_DECL(node) (node)->decl ++#define INSN_LOCATION(INSN) RTL_LOCATION(INSN) + +static inline int bb_loop_depth(const_basic_block bb) +{ @@ -113276,6 +113561,13 @@ index 0000000..cd95c07 + cgraph_create_edge_including_clones((caller), (callee), (old_call_stmt), (call_stmt), (count), (freq), (reason)) +#endif + ++#if BUILDING_GCC_VERSION == 4007 || BUILDING_GCC_VERSION == 4008 ++static inline struct cgraph_node *cgraph_alias_target(struct cgraph_node *n) ++{ ++ return cgraph_alias_aliased_node(n); ++} ++#endif ++ +#if BUILDING_GCC_VERSION <= 4008 +#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN) +#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN) @@ -113295,6 +113587,11 @@ index 0000000..cd95c07 +} + +#define ipa_remove_stmt_references(cnode, stmt) ++typedef union gimple_statement_d gasm; ++typedef union gimple_statement_d gassign; ++typedef union gimple_statement_d gcall; ++typedef union gimple_statement_d gphi; ++typedef union gimple_statement_d greturn; +#endif + +#if BUILDING_GCC_VERSION == 4008 @@ -113312,6 +113609,29 @@ index 0000000..cd95c07 + +#if BUILDING_GCC_VERSION <= 4009 +#define TODO_verify_il 0 ++#define AVAIL_INTERPOSABLE AVAIL_OVERWRITABLE ++#endif ++ ++#if BUILDING_GCC_VERSION == 4009 ++typedef struct gimple_statement_base gasm; ++typedef struct gimple_statement_base gassign; ++typedef struct gimple_statement_base gcall; ++typedef struct gimple_statement_base gphi; ++typedef struct gimple_statement_base greturn; ++#endif ++ ++#if BUILDING_GCC_VERSION <= 4009 ++typedef struct rtx_def rtx_insn; ++ ++static inline gasm *as_a_gasm(gimple stmt) ++{ ++ return stmt; ++} ++ ++static inline gcall *as_a_gcall(gimple stmt) ++{ ++ return stmt; ++} +#endif + +#if BUILDING_GCC_VERSION >= 4009 @@ -113328,8 +113648,110 @@ index 0000000..cd95c07 +#define TODO_verify_stmts TODO_verify_il +#define TODO_verify_rtl_sharing TODO_verify_il + ++#define TREE_INT_CST_HIGH(NODE) ({ TREE_INT_CST_EXT_NUNITS(NODE) > 1 ? (unsigned HOST_WIDE_INT)TREE_INT_CST_ELT(NODE, 1) : 0; }) ++ ++#define INSN_DELETED_P(insn) (insn)->deleted() ++ ++extern bool is_simple_builtin(tree); ++ ++// symtab/cgraph related +#define debug_cgraph_node(node) (node)->debug() +#define cgraph_get_node(decl) cgraph_node::get(decl) ++#define cgraph_n_nodes symtab->cgraph_count ++#define cgraph_max_uid symtab->cgraph_max_uid ++ ++typedef struct cgraph_node *cgraph_node_ptr; ++typedef struct cgraph_edge *cgraph_edge_p; ++ ++static inline void change_decl_assembler_name(tree decl, tree name) ++{ ++ symtab->change_decl_assembler_name(decl, name); ++} ++ ++static inline void varpool_finalize_decl(tree decl) ++{ ++ varpool_node::finalize_decl(decl); ++} ++ ++static inline cgraph_node_ptr cgraph_function_node(cgraph_node_ptr node, enum availability *availability) ++{ ++ return node->function_symbol(availability); ++} ++ ++static inline cgraph_node_ptr cgraph_function_or_thunk_node(cgraph_node_ptr node, enum availability *availability = NULL) ++{ ++ return node->ultimate_alias_target(availability); ++} ++ ++static inline bool cgraph_only_called_directly_p(cgraph_node_ptr node) ++{ ++ return node->only_called_directly_p(); ++} ++ ++static inline enum availability cgraph_function_body_availability(cgraph_node_ptr node) ++{ ++ return node->get_availability(); ++} ++ ++static inline cgraph_node_ptr cgraph_alias_target(cgraph_node_ptr node) ++{ ++ return node->get_alias_target(); ++} ++ ++static inline struct cgraph_node_hook_list *cgraph_add_function_insertion_hook(cgraph_node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_insertion_hook(hook, data); ++} ++ ++static inline void cgraph_remove_function_insertion_hook(struct cgraph_node_hook_list *entry) ++{ ++ symtab->remove_cgraph_insertion_hook(entry); ++} ++ ++static inline struct cgraph_node_hook_list *cgraph_add_node_removal_hook(cgraph_node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_removal_hook(hook, data); ++} ++ ++static inline void cgraph_remove_node_removal_hook(struct cgraph_node_hook_list *entry) ++{ ++ symtab->remove_cgraph_removal_hook(entry); ++} ++ ++static inline struct cgraph_2node_hook_list *cgraph_add_node_duplication_hook(cgraph_2node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_duplication_hook(hook, data); ++} ++ ++static inline void cgraph_remove_node_duplication_hook(struct cgraph_2node_hook_list *entry) ++{ ++ symtab->remove_cgraph_duplication_hook(entry); ++} ++ ++// gimple related ++static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) ++{ ++ return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT); ++} ++ ++static inline gasm *as_a_gasm(gimple stmt) ++{ ++ return as_a<gasm *>(stmt); ++} ++ ++static inline gcall *as_a_gcall(gimple stmt) ++{ ++ return as_a<gcall *>(stmt); ++} ++ ++// IPA/LTO related ++#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) ++#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) ++ ++static inline cgraph_node_ptr ipa_ref_referring_node(struct ipa_ref *ref) ++{ ++ return dyn_cast<cgraph_node_ptr>(ref->referring); ++} +#endif + +#endif @@ -114066,10 +114488,10 @@ index 0000000..89f256d +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..e48b323 +index 0000000..2a39357 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,466 @@ +@@ -0,0 +1,467 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -114095,7 +114517,7 @@ index 0000000..e48b323 + +int plugin_is_GPL_compatible; + -+static tree latent_entropy_decl; ++static GTY(()) tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { + .version = "201409101820", @@ -114440,6 +114862,7 @@ index 0000000..e48b323 + TREE_STATIC(latent_entropy_decl) = 1; + TREE_PUBLIC(latent_entropy_decl) = 1; + TREE_USED(latent_entropy_decl) = 1; ++ DECL_PRESERVE_P(latent_entropy_decl) = 1; + TREE_THIS_VOLATILE(latent_entropy_decl) = 1; + DECL_EXTERNAL(latent_entropy_decl) = 1; + DECL_ARTIFICIAL(latent_entropy_decl) = 1; @@ -119546,7 +119969,7 @@ index 0000000..7c9e6d1 + diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h new file mode 100644 -index 0000000..e5b4e50 +index 0000000..37f8fc3 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow.h @@ -0,0 +1,127 @@ @@ -119579,11 +120002,11 @@ index 0000000..e5b4e50 +}; + +// size_overflow_plugin.c -+extern tree report_size_overflow_decl; -+extern tree size_overflow_type_HI; -+extern tree size_overflow_type_SI; -+extern tree size_overflow_type_DI; -+extern tree size_overflow_type_TI; ++extern GTY(()) tree report_size_overflow_decl; ++extern GTY(()) tree size_overflow_type_HI; ++extern GTY(()) tree size_overflow_type_SI; ++extern GTY(()) tree size_overflow_type_DI; ++extern GTY(()) tree size_overflow_type_TI; + + +// size_overflow_plugin_hash.c @@ -126597,10 +127020,10 @@ index 0000000..0888f6c + diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..924652b +index 0000000..90125d6 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,395 @@ +@@ -0,0 +1,396 @@ +/* + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -126628,7 +127051,8 @@ index 0000000..924652b +static int track_frame_size = -1; +static const char track_function[] = "pax_track_stack"; +static const char check_function[] = "pax_check_alloca"; -+static tree track_function_decl, check_function_decl; ++static GTY(()) tree track_function_decl; ++static GTY(()) tree check_function_decl; +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { diff --git a/3.19.3/0000_README b/3.19.3/0000_README index 4d5e072..571c76c 100644 --- a/3.19.3/0000_README +++ b/3.19.3/0000_README @@ -6,7 +6,7 @@ Patch: 1002_linux-3.19.3.patch From: http://www.kernel.org Desc: Linux 3.19.3 -Patch: 4420_grsecurity-3.1-3.19.3-201503270049.patch +Patch: 4420_grsecurity-3.1-3.19.3-201504021826.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.19.3/4420_grsecurity-3.1-3.19.3-201503270049.patch b/3.19.3/4420_grsecurity-3.1-3.19.3-201504021826.patch index 237bab8..f16dac3 100644 --- a/3.19.3/4420_grsecurity-3.1-3.19.3-201503270049.patch +++ b/3.19.3/4420_grsecurity-3.1-3.19.3-201504021826.patch @@ -313,21 +313,24 @@ index a311db8..415b28c 100644 A typical pattern in a Kbuild file looks like this: diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 176d4fe..17ceefa 100644 +index 176d4fe..6eabd3c 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1191,6 +1191,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1191,6 +1191,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. Default: 1024 + grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ grsec_sysfs_restrict= Format: 0 | 1 ++ Default: 1 ++ Disables GRKERNSEC_SYSFS_RESTRICT if enabled in config + hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2283,6 +2287,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2283,6 +2290,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. noexec=on: enable non-executable mappings (default) noexec=off: disable non-executable mappings @@ -338,7 +341,7 @@ index 176d4fe..17ceefa 100644 nosmap [X86] Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. -@@ -2584,6 +2592,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2584,6 +2595,30 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -4786,6 +4789,26 @@ index ce6d763..cfea917 100644 extern void *samsung_dmadev_get_ops(void); extern void *s3c_dma_get_ops(void); +diff --git a/arch/arm64/include/asm/atomic.h b/arch/arm64/include/asm/atomic.h +index 7047051..44e8675 100644 +--- a/arch/arm64/include/asm/atomic.h ++++ b/arch/arm64/include/asm/atomic.h +@@ -252,5 +252,15 @@ static inline int atomic64_add_unless(atomic64_t *v, long a, long u) + #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0) + #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL) + ++#define atomic64_read_unchecked(v) atomic64_read(v) ++#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) ++#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) ++#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) ++#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) ++#define atomic64_inc_unchecked(v) atomic64_inc(v) ++#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) ++#define atomic64_dec_unchecked(v) atomic64_dec(v) ++#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) ++ + #endif + #endif diff --git a/arch/arm64/include/asm/barrier.h b/arch/arm64/include/asm/barrier.h index a5abb00..9cbca9a 100644 --- a/arch/arm64/include/asm/barrier.h @@ -4824,6 +4847,22 @@ index 09da25b..3ea0d64 100644 break; default: BUILD_BUG(); +diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h +index e20df38..027ede3 100644 +--- a/arch/arm64/include/asm/pgalloc.h ++++ b/arch/arm64/include/asm/pgalloc.h +@@ -46,6 +46,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE)); + } + ++static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) ++{ ++ pud_populate(mm, pud, pmd); ++} ++ + #endif /* CONFIG_ARM64_PGTABLE_LEVELS > 2 */ + + #if CONFIG_ARM64_PGTABLE_LEVELS > 3 diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h index 3bf8f4e..5dd5491 100644 --- a/arch/arm64/include/asm/uaccess.h @@ -4836,6 +4875,19 @@ index 3bf8f4e..5dd5491 100644 #define access_ok(type, addr, size) __range_ok(addr, size) #define user_addr_max get_fs +diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c +index df34a70..5727a75 100644 +--- a/arch/arm64/mm/dma-mapping.c ++++ b/arch/arm64/mm/dma-mapping.c +@@ -137,7 +137,7 @@ static void __dma_free_coherent(struct device *dev, size_t size, + phys_to_page(paddr), + size >> PAGE_SHIFT); + if (!freed) +- swiotlb_free_coherent(dev, size, vaddr, dma_handle); ++ swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs); + } + + static void *__dma_alloc_noncoherent(struct device *dev, size_t size, diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h index c3a58a1..78fbf54 100644 --- a/arch/avr32/include/asm/cache.h @@ -10419,10 +10471,18 @@ index bd56c28..4b63d83 100644 #include <asm/uaccess_64.h> #else diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h -index 9634d08..f55fe4f 100644 +index 9634d08..020b2dc 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h -@@ -250,27 +250,46 @@ unsigned long __copy_user(void __user *to, const void __user *from, unsigned lon +@@ -47,6 +47,7 @@ + #define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; }) + #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) + #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size))) ++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size)) + #define access_ok(type, addr, size) \ + ({ (void)(type); __access_ok((unsigned long)(addr), size); }) + +@@ -250,27 +251,46 @@ unsigned long __copy_user(void __user *to, const void __user *from, unsigned lon static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -10474,7 +10534,7 @@ index 9634d08..f55fe4f 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index c990a5e..f17b9c1 100644 +index c990a5e..7384856 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -10485,7 +10545,19 @@ index c990a5e..f17b9c1 100644 #include <asm/asi.h> #include <asm/spitfire.h> #include <asm-generic/uaccess-unaligned.h> -@@ -214,8 +215,15 @@ unsigned long copy_from_user_fixup(void *to, const void __user *from, +@@ -54,6 +55,11 @@ static inline int __access_ok(const void __user * addr, unsigned long size) + return 1; + } + ++static inline int access_ok_noprefault(int type, const void __user * addr, unsigned long size) ++{ ++ return 1; ++} ++ + static inline int access_ok(int type, const void __user * addr, unsigned long size) + { + return 1; +@@ -214,8 +220,15 @@ unsigned long copy_from_user_fixup(void *to, const void __user *from, static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long size) { @@ -10502,7 +10574,7 @@ index c990a5e..f17b9c1 100644 if (unlikely(ret)) ret = copy_from_user_fixup(to, from, size); -@@ -231,8 +239,15 @@ unsigned long copy_to_user_fixup(void __user *to, const void *from, +@@ -231,8 +244,15 @@ unsigned long copy_to_user_fixup(void __user *to, const void *from, static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long size) { @@ -21132,7 +21204,7 @@ index 15c5df9..d9a604a 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index c604965..0b0e28a 100644 +index c604965..1558f4a 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -90,60 +90,6 @@ static const struct cpu_dev default_cpu = { @@ -21265,10 +21337,20 @@ index c604965..0b0e28a 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -895,6 +894,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) +@@ -895,6 +894,20 @@ static void identify_cpu(struct cpuinfo_x86 *c) setup_smep(c); setup_smap(c); ++#ifdef CONFIG_X86_32 ++#ifdef CONFIG_PAX_PAGEEXEC ++ if (!(__supported_pte_mask & _PAGE_NX)) ++ clear_cpu_cap(c, X86_FEATURE_PSE); ++#endif ++#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ clear_cpu_cap(c, X86_FEATURE_SEP); ++#endif ++#endif ++ +#ifdef CONFIG_X86_64 + setup_pcid(c); +#endif @@ -21276,18 +21358,7 @@ index c604965..0b0e28a 100644 /* * The vendor-specific functions might have changed features. * Now we do "generic changes." -@@ -903,6 +906,10 @@ static void identify_cpu(struct cpuinfo_x86 *c) - /* Filter out anything that depends on CPUID levels we don't have */ - filter_cpuid_features(c, true); - -+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)) -+ setup_clear_cpu_cap(X86_FEATURE_SEP); -+#endif -+ - /* If the model name is still unset, do table lookup. */ - if (!c->x86_model_id[0]) { - const char *p; -@@ -977,7 +984,7 @@ static void syscall32_cpu_init(void) +@@ -977,7 +990,7 @@ static void syscall32_cpu_init(void) void enable_sep_cpu(void) { int cpu = get_cpu(); @@ -21296,7 +21367,7 @@ index c604965..0b0e28a 100644 if (!boot_cpu_has(X86_FEATURE_SEP)) { put_cpu(); -@@ -1115,14 +1122,16 @@ static __init int setup_disablecpuid(char *arg) +@@ -1115,14 +1128,16 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -21317,7 +21388,7 @@ index c604965..0b0e28a 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE) __visible; -@@ -1299,7 +1308,7 @@ void cpu_init(void) +@@ -1299,7 +1314,7 @@ void cpu_init(void) */ load_ucode_ap(); @@ -21326,7 +21397,7 @@ index c604965..0b0e28a 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1331,7 +1340,6 @@ void cpu_init(void) +@@ -1331,7 +1346,6 @@ void cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -21334,7 +21405,7 @@ index c604965..0b0e28a 100644 enable_x2apic(); /* -@@ -1383,7 +1391,7 @@ void cpu_init(void) +@@ -1383,7 +1397,7 @@ void cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -30126,7 +30197,7 @@ index 1318f75..44c30fd 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index a451235..1daa956 100644 +index a451235..a74bfa3 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S @@ -33,17 +33,40 @@ @@ -30151,8 +30222,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --1: movzbl (%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30164,6 +30233,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-1: movzbl (%_ASM_AX),%edx +1: __copyuser_seg movzbl (%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30181,8 +30252,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --2: movzwl -1(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30194,6 +30263,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-2: movzwl -1(%_ASM_AX),%edx +2: __copyuser_seg movzwl -1(%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30211,8 +30282,6 @@ index a451235..1daa956 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user - ASM_STAC --3: movl -3(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_DX @@ -30224,6 +30293,8 @@ index a451235..1daa956 100644 + +#endif + + ASM_STAC +-3: movl -3(%_ASM_AX),%edx +3: __copyuser_seg movl -3(%_ASM_AX),%edx xor %eax,%eax ASM_CLAC @@ -30804,7 +30875,7 @@ index f6d13ee..d789440 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index fc6ba17..d4d989d 100644 +index fc6ba17..14ad9a5 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S @@ -16,7 +16,9 @@ @@ -30852,8 +30923,6 @@ index fc6ba17..d4d989d 100644 + GET_THREAD_INFO(%_ASM_BX) cmp TI_addr_limit(%_ASM_BX),%_ASM_CX jae bad_put_user - ASM_STAC --1: movb %al,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30865,6 +30934,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-1: movb %al,(%_ASM_CX) +1: __copyuser_seg movb %al,(_DEST) xor %eax,%eax EXIT @@ -30879,8 +30950,6 @@ index fc6ba17..d4d989d 100644 sub $1,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --2: movw %ax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30892,6 +30961,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-2: movw %ax,(%_ASM_CX) +2: __copyuser_seg movw %ax,(_DEST) xor %eax,%eax EXIT @@ -30906,8 +30977,6 @@ index fc6ba17..d4d989d 100644 sub $3,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --3: movl %eax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30919,6 +30988,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-3: movl %eax,(%_ASM_CX) +3: __copyuser_seg movl %eax,(_DEST) xor %eax,%eax EXIT @@ -30933,8 +31004,6 @@ index fc6ba17..d4d989d 100644 sub $7,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user - ASM_STAC --4: mov %_ASM_AX,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + mov pax_user_shadow_base,%_ASM_BX @@ -30946,6 +31015,8 @@ index fc6ba17..d4d989d 100644 + +#endif + + ASM_STAC +-4: mov %_ASM_AX,(%_ASM_CX) +4: __copyuser_seg mov %_ASM_AX,(_DEST) #ifdef CONFIG_X86_32 -5: movl %edx,4(%_ASM_CX) @@ -42552,6 +42623,20 @@ index aec7a6a..8c014b5 100644 if (!can_do_mlock()) return ERR_PTR(-EPERM); +diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c +index 6c52e72..6303e3f 100644 +--- a/drivers/infiniband/core/uverbs_cmd.c ++++ b/drivers/infiniband/core/uverbs_cmd.c +@@ -945,6 +945,9 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, + if (copy_from_user(&cmd, buf, sizeof cmd)) + return -EFAULT; + ++ if (!access_ok_noprefault(VERIFY_READ, cmd.start, cmd.length)) ++ return -EFAULT; ++ + INIT_UDATA(&udata, buf + sizeof cmd, + (unsigned long) cmd.response + sizeof resp, + in_len - sizeof cmd, out_len - sizeof resp); diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c index cb43c22..2e12dd7 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c @@ -60463,21 +60548,32 @@ index e368d4f..b40ba59 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 6f0ce53..780f4f8 100644 +index 6f0ce53..92bba36 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -425,7 +425,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -423,10 +423,20 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); + * If debugfs is not enabled in the kernel, the value -%ENODEV will be + * returned. */ ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { +- return __create_file(name, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, +- parent, NULL, NULL); ++ umode_t mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; ++ +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT -+ return __create_file(name, S_IFDIR | S_IRWXU, -+#else - return __create_file(name, S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, ++ if (grsec_enable_sysfs_restrict) ++ mode = S_IFDIR | S_IRWXU; +#endif - parent, NULL, NULL); ++ ++ return __create_file(name, mode, parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); + diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 1686dc2..9611c50 100644 --- a/fs/ecryptfs/inode.c @@ -67570,10 +67666,21 @@ index ae0c3ce..9ee641c 100644 generic_fillattr(inode, stat); return 0; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 0b45ff4..847de5b 100644 +index 0b45ff4..edf9d3a 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c -@@ -41,9 +41,16 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) +@@ -33,6 +33,10 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) + kfree(buf); + } + ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ + /** + * sysfs_create_dir_ns - create a directory for an object with a namespace tag + * @kobj: object we're creating directory for +@@ -41,9 +45,16 @@ void sysfs_warn_dup(struct kernfs_node *parent, const char *name) int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) { struct kernfs_node *parent, *kn; @@ -67590,7 +67697,7 @@ index 0b45ff4..847de5b 100644 if (kobj->parent) parent = kobj->parent->sd; else -@@ -52,11 +59,22 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) +@@ -52,11 +63,24 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) if (!parent) return -ENOENT; @@ -67605,6 +67712,8 @@ index 0b45ff4..847de5b 100644 + (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) || + (!strcmp(parent_name, "system") && !strcmp(name, "cpu"))) + mode = S_IRWXU | S_IRUGO | S_IXUGO; ++ if (!grsec_enable_sysfs_restrict) ++ mode = S_IRWXU | S_IRUGO | S_IXUGO; +#endif + + kn = kernfs_create_dir_ns(parent, name, @@ -87595,7 +87704,7 @@ index ad1bd77..dca2c1b 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 61b99376..85893612d 100644 +index 61b99376..1e346cb 100644 --- a/init/main.c +++ b/init/main.c @@ -100,6 +100,8 @@ extern void radix_tree_init(void); @@ -87607,7 +87716,7 @@ index 61b99376..85893612d 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -161,6 +163,75 @@ static int __init set_reset_devices(char *str) +@@ -161,6 +163,85 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -87620,6 +87729,16 @@ index 61b99376..85893612d 100644 +} +__setup("grsec_proc_gid=", setup_grsec_proc_gid); +#endif ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++int grsec_enable_sysfs_restrict = 1; ++static int __init setup_grsec_sysfs_restrict(char *str) ++{ ++ if (!simple_strtol(str, NULL, 0)) ++ grsec_enable_sysfs_restrict = 0; ++ return 1; ++} ++__setup("grsec_sysfs_restrict", setup_grsec_sysfs_restrict); ++#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +unsigned long pax_user_shadow_base __read_only; @@ -87683,7 +87802,7 @@ index 61b99376..85893612d 100644 static const char *argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -735,7 +806,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) +@@ -735,7 +816,7 @@ static bool __init_or_module initcall_blacklisted(initcall_t fn) struct blacklist_entry *entry; char *fn_name; @@ -87692,7 +87811,7 @@ index 61b99376..85893612d 100644 if (!fn_name) return false; -@@ -787,7 +858,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -787,7 +868,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -87701,7 +87820,7 @@ index 61b99376..85893612d 100644 if (initcall_blacklisted(fn)) return -EPERM; -@@ -797,18 +868,17 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -797,18 +878,17 @@ int __init_or_module do_one_initcall(initcall_t fn) else ret = fn(); @@ -87724,7 +87843,7 @@ index 61b99376..85893612d 100644 return ret; } -@@ -914,8 +984,8 @@ static int run_init_process(const char *init_filename) +@@ -914,8 +994,8 @@ static int run_init_process(const char *init_filename) { argv_init[0] = init_filename; return do_execve(getname_kernel(init_filename), @@ -87735,7 +87854,7 @@ index 61b99376..85893612d 100644 } static int try_to_run_init_process(const char *init_filename) -@@ -932,6 +1002,10 @@ static int try_to_run_init_process(const char *init_filename) +@@ -932,6 +1012,10 @@ static int try_to_run_init_process(const char *init_filename) return ret; } @@ -87746,7 +87865,7 @@ index 61b99376..85893612d 100644 static noinline void __init kernel_init_freeable(void); static int __ref kernel_init(void *unused) -@@ -956,6 +1030,11 @@ static int __ref kernel_init(void *unused) +@@ -956,6 +1040,11 @@ static int __ref kernel_init(void *unused) ramdisk_execute_command, ret); } @@ -87758,7 +87877,7 @@ index 61b99376..85893612d 100644 /* * We try each of these until one succeeds. * -@@ -1016,7 +1095,7 @@ static noinline void __init kernel_init_freeable(void) +@@ -1016,7 +1105,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -87767,7 +87886,7 @@ index 61b99376..85893612d 100644 pr_err("Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -1029,11 +1108,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -1029,11 +1118,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -93844,7 +93963,7 @@ index af5bffd..57664b8 100644 /* make curr_ret_stack visible before we add the ret_stack */ smp_wmb(); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index d2e151c..b68c835 100644 +index d2e151c..1498973 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -350,9 +350,9 @@ struct buffer_data_page { @@ -93859,17 +93978,22 @@ index d2e151c..b68c835 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu { +@@ -473,11 +473,11 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; - local_t overrun; - local_t commit_overrun; +- local_t dropped_events; + local_unchecked_t overrun; + local_unchecked_t commit_overrun; - local_t dropped_events; ++ local_unchecked_t dropped_events; local_t committing; - local_t commits; +- local_t commits; ++ local_unchecked_t commits; + unsigned long read; + unsigned long read_bytes; + u64 write_stamp; @@ -1047,8 +1047,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. @@ -93961,6 +94085,15 @@ index d2e151c..b68c835 100644 goto out_reset; } +@@ -2360,7 +2360,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, + * this is easy, just stop here. + */ + if (!(buffer->flags & RB_FL_OVERWRITE)) { +- local_inc(&cpu_buffer->dropped_events); ++ local_inc_unchecked(&cpu_buffer->dropped_events); + goto out_reset; + } + @@ -2386,7 +2386,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == @@ -94006,6 +94139,42 @@ index d2e151c..b68c835 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); +@@ -2516,7 +2516,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, + static void rb_start_commit(struct ring_buffer_per_cpu *cpu_buffer) + { + local_inc(&cpu_buffer->committing); +- local_inc(&cpu_buffer->commits); ++ local_inc_unchecked(&cpu_buffer->commits); + } + + static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) +@@ -2528,7 +2528,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + return; + + again: +- commits = local_read(&cpu_buffer->commits); ++ commits = local_read_unchecked(&cpu_buffer->commits); + /* synchronize with interrupts */ + barrier(); + if (local_read(&cpu_buffer->committing) == 1) +@@ -2544,7 +2544,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + * updating of the commit page and the clearing of the + * committing counter. + */ +- if (unlikely(local_read(&cpu_buffer->commits) != commits) && ++ if (unlikely(local_read_unchecked(&cpu_buffer->commits) != commits) && + !local_read(&cpu_buffer->committing)) { + local_inc(&cpu_buffer->committing); + goto again; +@@ -2574,7 +2574,7 @@ rb_reserve_next_event(struct ring_buffer *buffer, + barrier(); + if (unlikely(ACCESS_ONCE(cpu_buffer->buffer) != buffer)) { + local_dec(&cpu_buffer->committing); +- local_dec(&cpu_buffer->commits); ++ local_dec_unchecked(&cpu_buffer->commits); + return NULL; + } + #endif @@ -2904,7 +2904,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ @@ -94051,6 +94220,15 @@ index d2e151c..b68c835 100644 return ret; } +@@ -3334,7 +3334,7 @@ ring_buffer_dropped_events_cpu(struct ring_buffer *buffer, int cpu) + return 0; + + cpu_buffer = buffer->buffers[cpu]; +- ret = local_read(&cpu_buffer->dropped_events); ++ ret = local_read_unchecked(&cpu_buffer->dropped_events); + + return ret; + } @@ -3397,7 +3397,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { @@ -94091,7 +94269,7 @@ index d2e151c..b68c835 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -4186,14 +4186,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -4186,18 +4186,18 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -94105,11 +94283,17 @@ index d2e151c..b68c835 100644 local_set(&cpu_buffer->entries_bytes, 0); - local_set(&cpu_buffer->overrun, 0); - local_set(&cpu_buffer->commit_overrun, 0); +- local_set(&cpu_buffer->dropped_events, 0); + local_set_unchecked(&cpu_buffer->overrun, 0); + local_set_unchecked(&cpu_buffer->commit_overrun, 0); - local_set(&cpu_buffer->dropped_events, 0); ++ local_set_unchecked(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); +- local_set(&cpu_buffer->commits, 0); ++ local_set_unchecked(&cpu_buffer->commits, 0); + cpu_buffer->read = 0; + cpu_buffer->read_bytes = 0; + @@ -4598,8 +4598,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; @@ -94995,6 +95179,22 @@ index d2233de..fa1a2f6 100644 retval = 1; } spin_unlock(&lockref->lock); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index 9c3e85f..0affd1b 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -279,7 +279,11 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + { + int minlen = min_t(int, count, nla_len(src)); + ++ BUG_ON(minlen < 0); ++ + memcpy(dest, nla_data(src), minlen); ++ if (count > minlen) ++ memset(dest + minlen, 0, count - minlen); + + return minlen; + } diff --git a/lib/percpu-refcount.c b/lib/percpu-refcount.c index 6111bcb..02e816b 100644 --- a/lib/percpu-refcount.c @@ -110930,10 +111130,10 @@ index 0000000..3b5af59 +} diff --git a/tools/gcc/gcc-common.h b/tools/gcc/gcc-common.h new file mode 100644 -index 0000000..cd95c07 +index 0000000..14ec226 --- /dev/null +++ b/tools/gcc/gcc-common.h -@@ -0,0 +1,375 @@ +@@ -0,0 +1,520 @@ +#ifndef GCC_COMMON_H_INCLUDED +#define GCC_COMMON_H_INCLUDED + @@ -111014,6 +111214,10 @@ index 0000000..cd95c07 +#include "tree-cfgcleanup.h" +#endif + ++#if BUILDING_GCC_VERSION >= 4008 ++#include "is-a.h" ++#endif ++ +#include "diagnostic.h" +//#include "tree-diagnostic.h" +#include "tree-dump.h" @@ -111056,6 +111260,9 @@ index 0000000..cd95c07 +//#include "lto-streamer.h" +#endif +//#include "lto-compress.h" ++#if BUILDING_GCC_VERSION >= 5000 ++//#include "lto-section-names.h" ++#endif + +//#include "expr.h" where are you... +extern rtx emit_move_insn(rtx x, rtx y); @@ -111084,11 +111291,11 @@ index 0000000..cd95c07 +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + +#if BUILDING_GCC_VERSION == 4005 -+#define FOR_EACH_VEC_ELT_REVERSE(T,V,I,P) for (I = VEC_length(T, (V)) - 1; VEC_iterate(T, (V), (I), (P)); (I)--) -+#define FOR_EACH_LOCAL_DECL(FUN, I, D) FOR_EACH_VEC_ELT_REVERSE(tree, (FUN)->local_decls, I, D) ++#define FOR_EACH_LOCAL_DECL(FUN, I, D) for (tree vars = (FUN)->local_decls; vars && (D = TREE_VALUE(vars)); vars = TREE_CHAIN(vars), I) +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) +#define FOR_EACH_VEC_ELT(T, V, I, P) for (I = 0; VEC_iterate(T, (V), (I), (P)); ++(I)) +#define TODO_rebuild_cgraph_edges 0 ++#define SCOPE_FILE_SCOPE_P(EXP) (!(EXP)) + +#ifndef O_BINARY +#define O_BINARY 0 @@ -111232,6 +111439,7 @@ index 0000000..cd95c07 +#define PROP_loops 0 +#define NODE_SYMBOL(node) (node) +#define NODE_DECL(node) (node)->decl ++#define INSN_LOCATION(INSN) RTL_LOCATION(INSN) + +static inline int bb_loop_depth(const_basic_block bb) +{ @@ -111252,6 +111460,13 @@ index 0000000..cd95c07 + cgraph_create_edge_including_clones((caller), (callee), (old_call_stmt), (call_stmt), (count), (freq), (reason)) +#endif + ++#if BUILDING_GCC_VERSION == 4007 || BUILDING_GCC_VERSION == 4008 ++static inline struct cgraph_node *cgraph_alias_target(struct cgraph_node *n) ++{ ++ return cgraph_alias_aliased_node(n); ++} ++#endif ++ +#if BUILDING_GCC_VERSION <= 4008 +#define ENTRY_BLOCK_PTR_FOR_FN(FN) ENTRY_BLOCK_PTR_FOR_FUNCTION(FN) +#define EXIT_BLOCK_PTR_FOR_FN(FN) EXIT_BLOCK_PTR_FOR_FUNCTION(FN) @@ -111271,6 +111486,11 @@ index 0000000..cd95c07 +} + +#define ipa_remove_stmt_references(cnode, stmt) ++typedef union gimple_statement_d gasm; ++typedef union gimple_statement_d gassign; ++typedef union gimple_statement_d gcall; ++typedef union gimple_statement_d gphi; ++typedef union gimple_statement_d greturn; +#endif + +#if BUILDING_GCC_VERSION == 4008 @@ -111288,6 +111508,29 @@ index 0000000..cd95c07 + +#if BUILDING_GCC_VERSION <= 4009 +#define TODO_verify_il 0 ++#define AVAIL_INTERPOSABLE AVAIL_OVERWRITABLE ++#endif ++ ++#if BUILDING_GCC_VERSION == 4009 ++typedef struct gimple_statement_base gasm; ++typedef struct gimple_statement_base gassign; ++typedef struct gimple_statement_base gcall; ++typedef struct gimple_statement_base gphi; ++typedef struct gimple_statement_base greturn; ++#endif ++ ++#if BUILDING_GCC_VERSION <= 4009 ++typedef struct rtx_def rtx_insn; ++ ++static inline gasm *as_a_gasm(gimple stmt) ++{ ++ return stmt; ++} ++ ++static inline gcall *as_a_gcall(gimple stmt) ++{ ++ return stmt; ++} +#endif + +#if BUILDING_GCC_VERSION >= 4009 @@ -111304,8 +111547,110 @@ index 0000000..cd95c07 +#define TODO_verify_stmts TODO_verify_il +#define TODO_verify_rtl_sharing TODO_verify_il + ++#define TREE_INT_CST_HIGH(NODE) ({ TREE_INT_CST_EXT_NUNITS(NODE) > 1 ? (unsigned HOST_WIDE_INT)TREE_INT_CST_ELT(NODE, 1) : 0; }) ++ ++#define INSN_DELETED_P(insn) (insn)->deleted() ++ ++extern bool is_simple_builtin(tree); ++ ++// symtab/cgraph related +#define debug_cgraph_node(node) (node)->debug() +#define cgraph_get_node(decl) cgraph_node::get(decl) ++#define cgraph_n_nodes symtab->cgraph_count ++#define cgraph_max_uid symtab->cgraph_max_uid ++ ++typedef struct cgraph_node *cgraph_node_ptr; ++typedef struct cgraph_edge *cgraph_edge_p; ++ ++static inline void change_decl_assembler_name(tree decl, tree name) ++{ ++ symtab->change_decl_assembler_name(decl, name); ++} ++ ++static inline void varpool_finalize_decl(tree decl) ++{ ++ varpool_node::finalize_decl(decl); ++} ++ ++static inline cgraph_node_ptr cgraph_function_node(cgraph_node_ptr node, enum availability *availability) ++{ ++ return node->function_symbol(availability); ++} ++ ++static inline cgraph_node_ptr cgraph_function_or_thunk_node(cgraph_node_ptr node, enum availability *availability = NULL) ++{ ++ return node->ultimate_alias_target(availability); ++} ++ ++static inline bool cgraph_only_called_directly_p(cgraph_node_ptr node) ++{ ++ return node->only_called_directly_p(); ++} ++ ++static inline enum availability cgraph_function_body_availability(cgraph_node_ptr node) ++{ ++ return node->get_availability(); ++} ++ ++static inline cgraph_node_ptr cgraph_alias_target(cgraph_node_ptr node) ++{ ++ return node->get_alias_target(); ++} ++ ++static inline struct cgraph_node_hook_list *cgraph_add_function_insertion_hook(cgraph_node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_insertion_hook(hook, data); ++} ++ ++static inline void cgraph_remove_function_insertion_hook(struct cgraph_node_hook_list *entry) ++{ ++ symtab->remove_cgraph_insertion_hook(entry); ++} ++ ++static inline struct cgraph_node_hook_list *cgraph_add_node_removal_hook(cgraph_node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_removal_hook(hook, data); ++} ++ ++static inline void cgraph_remove_node_removal_hook(struct cgraph_node_hook_list *entry) ++{ ++ symtab->remove_cgraph_removal_hook(entry); ++} ++ ++static inline struct cgraph_2node_hook_list *cgraph_add_node_duplication_hook(cgraph_2node_hook hook, void *data) ++{ ++ return symtab->add_cgraph_duplication_hook(hook, data); ++} ++ ++static inline void cgraph_remove_node_duplication_hook(struct cgraph_2node_hook_list *entry) ++{ ++ symtab->remove_cgraph_duplication_hook(entry); ++} ++ ++// gimple related ++static inline gimple gimple_build_assign_with_ops(enum tree_code subcode, tree lhs, tree op1, tree op2 MEM_STAT_DECL) ++{ ++ return gimple_build_assign(lhs, subcode, op1, op2 PASS_MEM_STAT); ++} ++ ++static inline gasm *as_a_gasm(gimple stmt) ++{ ++ return as_a<gasm *>(stmt); ++} ++ ++static inline gcall *as_a_gcall(gimple stmt) ++{ ++ return as_a<gcall *>(stmt); ++} ++ ++// IPA/LTO related ++#define ipa_ref_list_referring_iterate(L,I,P) (L)->referring.iterate((I), &(P)) ++#define ipa_ref_list_reference_iterate(L,I,P) (L)->reference.iterate((I), &(P)) ++ ++static inline cgraph_node_ptr ipa_ref_referring_node(struct ipa_ref *ref) ++{ ++ return dyn_cast<cgraph_node_ptr>(ref->referring); ++} +#endif + +#endif @@ -112042,10 +112387,10 @@ index 0000000..89f256d +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..e48b323 +index 0000000..2a39357 --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,466 @@ +@@ -0,0 +1,467 @@ +/* + * Copyright 2012-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -112071,7 +112416,7 @@ index 0000000..e48b323 + +int plugin_is_GPL_compatible; + -+static tree latent_entropy_decl; ++static GTY(()) tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { + .version = "201409101820", @@ -112416,6 +112761,7 @@ index 0000000..e48b323 + TREE_STATIC(latent_entropy_decl) = 1; + TREE_PUBLIC(latent_entropy_decl) = 1; + TREE_USED(latent_entropy_decl) = 1; ++ DECL_PRESERVE_P(latent_entropy_decl) = 1; + TREE_THIS_VOLATILE(latent_entropy_decl) = 1; + DECL_EXTERNAL(latent_entropy_decl) = 1; + DECL_ARTIFICIAL(latent_entropy_decl) = 1; @@ -115520,7 +115866,7 @@ index 0000000..c955c6b + diff --git a/tools/gcc/size_overflow_plugin/size_overflow.h b/tools/gcc/size_overflow_plugin/size_overflow.h new file mode 100644 -index 0000000..ee99659 +index 0000000..516289f --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow.h @@ -0,0 +1,226 @@ @@ -115614,11 +115960,11 @@ index 0000000..ee99659 +}; + +// size_overflow_plugin.c -+extern tree report_size_overflow_decl; -+extern tree size_overflow_type_HI; -+extern tree size_overflow_type_SI; -+extern tree size_overflow_type_DI; -+extern tree size_overflow_type_TI; ++extern GTY(()) tree report_size_overflow_decl; ++extern GTY(()) tree size_overflow_type_HI; ++extern GTY(()) tree size_overflow_type_SI; ++extern GTY(()) tree size_overflow_type_DI; ++extern GTY(()) tree size_overflow_type_TI; + + +// size_overflow_plugin_hash.c @@ -146639,10 +146985,10 @@ index 0000000..fd4aa92 +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..924652b +index 0000000..90125d6 --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,395 @@ +@@ -0,0 +1,396 @@ +/* + * Copyright 2011-2014 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 @@ -146670,7 +147016,8 @@ index 0000000..924652b +static int track_frame_size = -1; +static const char track_function[] = "pax_track_stack"; +static const char check_function[] = "pax_check_alloca"; -+static tree track_function_decl, check_function_decl; ++static GTY(()) tree track_function_decl; ++static GTY(()) tree check_function_decl; +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { diff --git a/3.2.68/0000_README b/3.2.68/0000_README index 238a9f1..b13028d 100644 --- a/3.2.68/0000_README +++ b/3.2.68/0000_README @@ -190,7 +190,7 @@ Patch: 1067_linux-3.2.68.patch From: http://www.kernel.org Desc: Linux 3.2.68 -Patch: 4420_grsecurity-3.1-3.2.68-201503251805.patch +Patch: 4420_grsecurity-3.1-3.2.68-201504021823.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.68/4420_grsecurity-3.1-3.2.68-201503251805.patch b/3.2.68/4420_grsecurity-3.1-3.2.68-201504021823.patch index 9c4d314..e85b221 100644 --- a/3.2.68/4420_grsecurity-3.1-3.2.68-201503251805.patch +++ b/3.2.68/4420_grsecurity-3.1-3.2.68-201504021823.patch @@ -203,20 +203,24 @@ index dfa6fc6..ccbfbf3 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index f0001eb..1727e84 100644 +index f0001eb..8f5703b 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -859,6 +859,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -859,6 +859,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. gpt [EFI] Forces disk with valid GPT signature but invalid Protective MBR to be treated as GPT. + grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ grsec_sysfs_restrict= Format: 0 | 1 ++ Default: 1 ++ Disables GRKERNSEC_SYSFS_RESTRICT if enabled in config ++ hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -1963,6 +1966,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1963,6 +1970,27 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -7658,10 +7662,18 @@ index e88fbe5..bd0eda7 100644 #include <asm/uaccess_64.h> #else diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h -index 8303ac4..07f333d 100644 +index 8303ac4..d2eec81 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h -@@ -249,27 +249,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig +@@ -46,6 +46,7 @@ + #define __user_ok(addr, size) ({ (void)(size); (addr) < STACK_TOP; }) + #define __kernel_ok (segment_eq(get_fs(), KERNEL_DS)) + #define __access_ok(addr,size) (__user_ok((addr) & get_fs().seg,(size))) ++#define access_ok_noprefault(type, addr, size) access_ok((type), (addr), (size)) + #define access_ok(type, addr, size) \ + ({ (void)(type); __access_ok((unsigned long)(addr), size); }) + +@@ -249,27 +250,46 @@ extern unsigned long __copy_user(void __user *to, const void __user *from, unsig static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -7713,7 +7725,7 @@ index 8303ac4..07f333d 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index 6d6c731..2f65aba 100644 +index 6d6c731..c55ac5e 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -7724,7 +7736,19 @@ index 6d6c731..2f65aba 100644 #include <asm/asi.h> #include <asm/system.h> #include <asm/spitfire.h> -@@ -213,8 +214,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, +@@ -53,6 +54,11 @@ static inline int __access_ok(const void __user * addr, unsigned long size) + return 1; + } + ++static inline int access_ok_noprefault(int type, const void __user * addr, unsigned long size) ++{ ++ return 1; ++} ++ + static inline int access_ok(int type, const void __user * addr, unsigned long size) + { + return 1; +@@ -213,8 +219,15 @@ extern unsigned long copy_from_user_fixup(void *to, const void __user *from, static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long size) { @@ -7741,7 +7765,7 @@ index 6d6c731..2f65aba 100644 if (unlikely(ret)) ret = copy_from_user_fixup(to, from, size); -@@ -230,8 +238,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, +@@ -230,8 +243,15 @@ extern unsigned long copy_to_user_fixup(void __user *to, const void *from, static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long size) { @@ -17920,7 +17944,7 @@ index 60d4c33..3f51857 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 6284d6d..ac6d8c6 100644 +index 6284d6d..60561cb 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -17993,18 +18017,24 @@ index 6284d6d..ac6d8c6 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -841,6 +787,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) - /* Filter out anything that depends on CPUID levels we don't have */ - filter_cpuid_features(c, true); +@@ -769,6 +715,16 @@ static void __cpuinit generic_identify(struct cpuinfo_x86 *c) -+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)) -+ setup_clear_cpu_cap(X86_FEATURE_SEP); + setup_smep(c); + ++#ifdef CONFIG_X86_32 ++#ifdef CONFIG_PAX_PAGEEXEC ++ if (!(__supported_pte_mask & _PAGE_NX)) ++ clear_cpu_cap(c, X86_FEATURE_PSE); ++#endif ++#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ clear_cpu_cap(c, X86_FEATURE_SEP); ++#endif +#endif + - /* If the model name is still unset, do table lookup. */ - if (!c->x86_model_id[0]) { - const char *p; -@@ -1021,6 +971,9 @@ static __init int setup_disablecpuid(char *arg) + get_model_name(c); /* Default name */ + + detect_nopl(c); +@@ -1021,6 +977,9 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -18014,7 +18044,7 @@ index 6284d6d..ac6d8c6 100644 #ifdef CONFIG_X86_64 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; -@@ -1036,7 +989,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1036,7 +995,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -18023,7 +18053,7 @@ index 6284d6d..ac6d8c6 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1101,7 +1054,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) +@@ -1101,7 +1060,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs = __KERNEL_PERCPU; @@ -18032,7 +18062,7 @@ index 6284d6d..ac6d8c6 100644 return regs; } -@@ -1156,7 +1109,7 @@ void __cpuinit cpu_init(void) +@@ -1156,7 +1115,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -18041,7 +18071,7 @@ index 6284d6d..ac6d8c6 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1182,7 +1135,7 @@ void __cpuinit cpu_init(void) +@@ -1182,7 +1141,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -18050,7 +18080,7 @@ index 6284d6d..ac6d8c6 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1191,7 +1144,6 @@ void __cpuinit cpu_init(void) +@@ -1191,7 +1150,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -18058,7 +18088,7 @@ index 6284d6d..ac6d8c6 100644 if (cpu != 0) enable_x2apic(); -@@ -1245,7 +1197,7 @@ void __cpuinit cpu_init(void) +@@ -1245,7 +1203,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -41189,6 +41219,20 @@ index a841123..055ebeb 100644 if (!can_do_mlock()) return ERR_PTR(-EPERM); +diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c +index a8445b8..e43f9b9 100644 +--- a/drivers/infiniband/core/uverbs_cmd.c ++++ b/drivers/infiniband/core/uverbs_cmd.c +@@ -928,6 +928,9 @@ ssize_t ib_uverbs_reg_mr(struct ib_uverbs_file *file, + if (copy_from_user(&cmd, buf, sizeof cmd)) + return -EFAULT; + ++ if (!access_ok_noprefault(VERIFY_READ, cmd.start, cmd.length)) ++ return -EFAULT; ++ + INIT_UDATA(&udata, buf + sizeof cmd, + (unsigned long) cmd.response + sizeof resp, + in_len - sizeof cmd, out_len - sizeof resp); diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c index 40c8353..946b0e4 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c @@ -58640,7 +58684,7 @@ index 8bc98af..a49e6f0 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 6ac0893..238a21a 100644 +index 6ac0893..6edd689 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -145,6 +145,7 @@ static struct file_system_type debug_fs_type = { @@ -58651,18 +58695,30 @@ index 6ac0893..238a21a 100644 static int debugfs_create_by_name(const char *name, mode_t mode, struct dentry *parent, -@@ -261,7 +262,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -258,11 +259,20 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); + * If debugfs is not enabled in the kernel, the value -%ENODEV will be + * returned. + */ ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { - return debugfs_create_file(name, +- return debugfs_create_file(name, +- S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, +- parent, NULL, NULL); ++ umode_t mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; ++ +#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT -+ S_IFDIR | S_IRWXU, -+#else - S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO, ++ if (grsec_enable_sysfs_restrict) ++ mode = S_IFDIR | S_IRWXU; +#endif - parent, NULL, NULL); ++ ++ return debugfs_create_file(name, mode, parent, NULL, NULL); } EXPORT_SYMBOL_GPL(debugfs_create_dir); + diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index 782569b..175dea4 100644 --- a/fs/ecryptfs/inode.c @@ -66598,10 +66654,21 @@ index a475983..3aab767 100644 if (!bb->vm_ops) return -EINVAL; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index e756bc4..684ab5b71 100644 +index e756bc4..6e4ebbc 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c -@@ -642,6 +642,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, +@@ -87,6 +87,10 @@ static void sysfs_link_sibling(struct sysfs_dirent *sd) + rb_insert_color(&sd->name_node, &parent_sd->s_dir.name_tree); + } + ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++extern int grsec_enable_sysfs_restrict; ++#endif ++ + /** + * sysfs_unlink_sibling - unlink sysfs_dirent from sibling list + * @sd: sysfs_dirent of interest +@@ -642,6 +646,20 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, struct sysfs_dirent *sd; int rc; @@ -66615,6 +66682,8 @@ index e756bc4..684ab5b71 100644 + (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) || + (!strcmp(parent_name, "system") && !strcmp(name, "cpu"))) + mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; ++ if (!grsec_enable_sysfs_restrict) ++ mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO; +#endif + /* allocate */ @@ -88201,7 +88270,7 @@ index 2531811..4f036c4 100644 #ifdef CONFIG_BLK_DEV_RAM int fd; diff --git a/init/main.c b/init/main.c -index e937d9b..d7da1cf 100644 +index e937d9b..4700693 100644 --- a/init/main.c +++ b/init/main.c @@ -97,6 +97,8 @@ static inline void mark_rodata_ro(void) { } @@ -88213,7 +88282,7 @@ index e937d9b..d7da1cf 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -150,6 +152,64 @@ static int __init set_reset_devices(char *str) +@@ -150,6 +152,74 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -88226,6 +88295,16 @@ index e937d9b..d7da1cf 100644 +} +__setup("grsec_proc_gid=", setup_grsec_proc_gid); +#endif ++#ifdef CONFIG_GRKERNSEC_SYSFS_RESTRICT ++int grsec_enable_sysfs_restrict = 1; ++static int __init setup_grsec_sysfs_restrict(char *str) ++{ ++ if (!simple_strtol(str, NULL, 0)) ++ grsec_enable_sysfs_restrict = 0; ++ return 1; ++} ++__setup("grsec_sysfs_restrict", setup_grsec_sysfs_restrict); ++#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) +unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT; @@ -88278,7 +88357,7 @@ index e937d9b..d7da1cf 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -683,6 +743,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -683,6 +753,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -88286,7 +88365,7 @@ index e937d9b..d7da1cf 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -695,17 +756,18 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -695,17 +766,18 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -88309,7 +88388,7 @@ index e937d9b..d7da1cf 100644 return ret; } -@@ -754,6 +816,10 @@ static void run_init_process(const char *init_filename) +@@ -754,6 +826,10 @@ static void run_init_process(const char *init_filename) kernel_execve(init_filename, argv_init, envp_init); } @@ -88320,7 +88399,7 @@ index e937d9b..d7da1cf 100644 /* This is a non __init function. Force it to be noinline otherwise gcc * makes it inline to init() and it becomes part of init.text section */ -@@ -775,6 +841,11 @@ static noinline int init_post(void) +@@ -775,6 +851,11 @@ static noinline int init_post(void) ramdisk_execute_command); } @@ -88332,7 +88411,7 @@ index e937d9b..d7da1cf 100644 /* * We try each of these until one succeeds. * -@@ -827,7 +898,7 @@ static int __init kernel_init(void * unused) +@@ -827,7 +908,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -88341,7 +88420,7 @@ index e937d9b..d7da1cf 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -840,11 +911,13 @@ static int __init kernel_init(void * unused) +@@ -840,11 +921,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -90465,7 +90544,7 @@ index dc7bc08..4601964 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index a16dac1..67f7981 100644 +index a16dac1..d6f7dbc 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -64,7 +64,7 @@ static void free_modprobe_argv(struct subprocess_info *info) @@ -90593,7 +90672,7 @@ index a16dac1..67f7981 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -188,6 +241,20 @@ static int ____call_usermodehelper(void *data) +@@ -188,6 +241,21 @@ static int ____call_usermodehelper(void *data) */ set_user_nice(current, 0); @@ -90604,6 +90683,7 @@ index a16dac1..67f7981 100644 + */ + if ((strncmp(sub_info->path, "/sbin/", 6) && strncmp(sub_info->path, "/usr/lib/", 9) && + strncmp(sub_info->path, "/lib/", 5) && strncmp(sub_info->path, "/lib64/", 7) && ++ strncmp(sub_info->path, "/usr/libexec/", 13) && + strcmp(sub_info->path, "/usr/share/apport/apport")) || strstr(sub_info->path, "..")) { + printk(KERN_ALERT "grsec: denied exec of usermode helper binary %.950s located outside of /sbin and system library paths\n", sub_info->path); + retval = -EPERM; @@ -90614,7 +90694,7 @@ index a16dac1..67f7981 100644 retval = -ENOMEM; new = prepare_kernel_cred(current); if (!new) -@@ -221,6 +288,10 @@ fail: +@@ -221,6 +289,10 @@ fail: void call_usermodehelper_freeinfo(struct subprocess_info *info) { @@ -90625,7 +90705,7 @@ index a16dac1..67f7981 100644 if (info->cleanup) (*info->cleanup)(info); kfree(info); -@@ -265,7 +336,7 @@ static int wait_for_helper(void *data) +@@ -265,7 +337,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -90634,7 +90714,7 @@ index a16dac1..67f7981 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -413,7 +484,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, +@@ -413,7 +485,12 @@ struct subprocess_info *call_usermodehelper_setup(char *path, char **argv, goto out; INIT_WORK(&sub_info->work, __call_usermodehelper); @@ -90647,7 +90727,7 @@ index a16dac1..67f7981 100644 sub_info->argv = argv; sub_info->envp = envp; out: -@@ -512,7 +588,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec); +@@ -512,7 +589,7 @@ EXPORT_SYMBOL(call_usermodehelper_exec); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -94961,7 +95041,7 @@ index dcbafed..bba19b9 100644 /* make curr_ret_stack visible before we add the ret_stack */ smp_wmb(); diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index b252661..45b218f 100644 +index b252661..c3a5113 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -376,9 +376,9 @@ struct buffer_data_page { @@ -94976,7 +95056,7 @@ index b252661..45b218f 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -489,8 +489,8 @@ struct ring_buffer_per_cpu { +@@ -489,11 +489,11 @@ struct ring_buffer_per_cpu { unsigned long lost_events; unsigned long last_overrun; local_t entries_bytes; @@ -94986,7 +95066,11 @@ index b252661..45b218f 100644 + local_unchecked_t overrun; local_t entries; local_t committing; - local_t commits; +- local_t commits; ++ local_unchecked_t commits; + unsigned long read; + unsigned long read_bytes; + u64 write_stamp; @@ -884,8 +884,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. @@ -95117,6 +95201,42 @@ index b252661..45b218f 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); +@@ -2116,7 +2116,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, + static void rb_start_commit(struct ring_buffer_per_cpu *cpu_buffer) + { + local_inc(&cpu_buffer->committing); +- local_inc(&cpu_buffer->commits); ++ local_inc_unchecked(&cpu_buffer->commits); + } + + static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) +@@ -2128,7 +2128,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + return; + + again: +- commits = local_read(&cpu_buffer->commits); ++ commits = local_read_unchecked(&cpu_buffer->commits); + /* synchronize with interrupts */ + barrier(); + if (local_read(&cpu_buffer->committing) == 1) +@@ -2144,7 +2144,7 @@ static inline void rb_end_commit(struct ring_buffer_per_cpu *cpu_buffer) + * updating of the commit page and the clearing of the + * committing counter. + */ +- if (unlikely(local_read(&cpu_buffer->commits) != commits) && ++ if (unlikely(local_read_unchecked(&cpu_buffer->commits) != commits) && + !local_read(&cpu_buffer->committing)) { + local_inc(&cpu_buffer->committing); + goto again; +@@ -2174,7 +2174,7 @@ rb_reserve_next_event(struct ring_buffer *buffer, + barrier(); + if (unlikely(ACCESS_ONCE(cpu_buffer->buffer) != buffer)) { + local_dec(&cpu_buffer->committing); +- local_dec(&cpu_buffer->commits); ++ local_dec_unchecked(&cpu_buffer->commits); + return NULL; + } + #endif @@ -2440,7 +2440,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ @@ -95202,7 +95322,7 @@ index b252661..45b218f 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3593,14 +3593,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3593,17 +3593,17 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->commit_page = cpu_buffer->head_page; INIT_LIST_HEAD(&cpu_buffer->reader_page->list); @@ -95220,7 +95340,11 @@ index b252661..45b218f 100644 + local_set_unchecked(&cpu_buffer->overrun, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); - local_set(&cpu_buffer->commits, 0); +- local_set(&cpu_buffer->commits, 0); ++ local_set_unchecked(&cpu_buffer->commits, 0); + cpu_buffer->read = 0; + cpu_buffer->read_bytes = 0; + @@ -3998,8 +3998,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; @@ -96141,6 +96265,22 @@ index b8029a5..2b120e1 100644 + pax_close_kernel(); +} +EXPORT_SYMBOL(pax_list_del_rcu); +diff --git a/lib/nlattr.c b/lib/nlattr.c +index be25e35..4d920a2 100644 +--- a/lib/nlattr.c ++++ b/lib/nlattr.c +@@ -272,7 +272,11 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) + { + int minlen = min_t(int, count, nla_len(src)); + ++ BUG_ON(minlen < 0); ++ + memcpy(dest, nla_data(src), minlen); ++ if (count > minlen) ++ memset(dest + minlen, 0, count - minlen); + + return minlen; + } diff --git a/lib/radix-tree.c b/lib/radix-tree.c index d9df745..a541641b 100644 --- a/lib/radix-tree.c @@ -107704,6 +107844,19 @@ index 957374a..dcbce7a 100644 mutex_unlock(&nf_log_mutex); } +diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c +index b3a7db6..6d70533 100644 +--- a/net/netfilter/nf_queue.c ++++ b/net/netfilter/nf_queue.c +@@ -233,7 +233,7 @@ int nf_queue(struct sk_buff *skb, + * returned by nf_queue. For instance, callers rely on -ECANCELED to mean + * 'ignore this hook'. + */ +- if (IS_ERR(segs)) ++ if (IS_ERR_OR_NULL(segs)) + return -EINVAL; + + queued = 0; diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c index f042ae5..30ea486 100644 --- a/net/netfilter/nf_sockopt.c @@ -110519,6 +110672,19 @@ index 2ffde46..76f0432 100644 if (!x25_proc_dir) goto out; +diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c +index 47bacd8..e49d5f4 100644 +--- a/net/xfrm/xfrm_output.c ++++ b/net/xfrm/xfrm_output.c +@@ -151,6 +151,8 @@ static int xfrm_output_gso(struct sk_buff *skb) + kfree_skb(skb); + if (IS_ERR(segs)) + return PTR_ERR(segs); ++ if (segs == NULL) ++ return -EINVAL; + + do { + struct sk_buff *nskb = segs->next; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 113d20e..2bb5a4e 100644 --- a/net/xfrm/xfrm_policy.c @@ -122703,10 +122869,10 @@ index 0000000..4378111 +} diff --git a/tools/gcc/size_overflow_plugin/size_overflow_hash.data b/tools/gcc/size_overflow_plugin/size_overflow_hash.data new file mode 100644 -index 0000000..0d53d19 +index 0000000..6e35346 --- /dev/null +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data -@@ -0,0 +1,5121 @@ +@@ -0,0 +1,5133 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +compat_sock_setsockopt_23 compat_sock_setsockopt 5 23 NULL @@ -122884,6 +123050,7 @@ index 0000000..0d53d19 +zr364xx_read_2354 zr364xx_read 3 2354 NULL +viafb_iga2_odev_proc_write_2363 viafb_iga2_odev_proc_write 3 2363 NULL +rose_recvmsg_2368 rose_recvmsg 4 2368 NULL ++rts51x_read_ppbuf_2389 rts51x_read_ppbuf 3 2389 NULL +rxpipe_rx_prep_beacon_drop_read_2403 rxpipe_rx_prep_beacon_drop_read 3 2403 NULL +isdn_v110_open_2418 isdn_v110_open 3 2418 NULL +hfcpci_empty_fifo_2427 hfcpci_empty_fifo 4 2427 NULL @@ -123202,7 +123369,8 @@ index 0000000..0d53d19 +mpeg_read_6708 mpeg_read 3 6708 NULL +ibmpex_query_sensor_count_6709 ibmpex_query_sensor_count 0 6709 NULL +video_proc_write_6724 video_proc_write 3 6724 NULL -+posix_acl_xattr_count_6725 posix_acl_xattr_count 0-1 6725 NULL ++posix_acl_xattr_count_6725 posix_acl_xattr_count 0-1 6725 NULL nohasharray ++rts51x_transfer_data_rcc_6725 rts51x_transfer_data_rcc 4 6725 &posix_acl_xattr_count_6725 +rds_rdma_pages_6735 rds_rdma_pages 0 6735 NULL +device_queue_depth_6771 device_queue_depth 0 6771 NULL +kobject_add_varg_6781 kobject_add_varg 0 6781 NULL @@ -123291,6 +123459,7 @@ index 0000000..0d53d19 +diva_os_copy_from_user_7792 diva_os_copy_from_user 4 7792 NULL +config_desc_7878 config_desc 0 7878 NULL +dvb_dmxdev_read_sec_7892 dvb_dmxdev_read_sec 4 7892 NULL ++xd_read_data_from_ppb_7897 xd_read_data_from_ppb 4 7897 NULL +xfs_trans_get_efi_7898 xfs_trans_get_efi 2 7898 NULL +gfs2_tune_get_i_7903 gfs2_tune_get_i 0 7903 NULL +libfc_host_alloc_7917 libfc_host_alloc 2 7917 NULL @@ -123309,7 +123478,7 @@ index 0000000..0d53d19 +venus_lookup_8121 venus_lookup 4 8121 NULL +ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL +CalcCalPLL_8136 CalcCalPLL 0 8136 NULL -+ext_sd_execute_write_data_8175 ext_sd_execute_write_data 9 8175 NULL ++ext_sd_execute_write_data_8175 ext_sd_execute_write_data 9-11 8175 NULL +__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL +ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL +__nf_nat_mangle_tcp_packet_8190 __nf_nat_mangle_tcp_packet 5-7 8190 NULL @@ -123604,7 +123773,8 @@ index 0000000..0d53d19 +kmem_zalloc_11510 kmem_zalloc 1 11510 NULL +skb_cow_data_11565 skb_cow_data 0-2 11565 NULL +mlx4_init_cmpt_table_11569 mlx4_init_cmpt_table 3 11569 NULL -+lpfc_idiag_ctlacc_write_11576 lpfc_idiag_ctlacc_write 3 11576 NULL ++lpfc_idiag_ctlacc_write_11576 lpfc_idiag_ctlacc_write 3 11576 NULL nohasharray ++rts51x_write_ppbuf_11576 rts51x_write_ppbuf 3 11576 &lpfc_idiag_ctlacc_write_11576 +oprofilefs_ulong_to_user_11582 oprofilefs_ulong_to_user 3 11582 NULL +snd_pcm_action_11589 snd_pcm_action 0 11589 NULL +fw_device_op_ioctl_11595 fw_device_op_ioctl 2 11595 NULL @@ -124202,6 +124372,7 @@ index 0000000..0d53d19 +read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL +ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL +alloc_fcdev_18780 alloc_fcdev 1 18780 NULL ++sd_write_data_18803 sd_write_data 9 18803 NULL +ieee80211_auth_challenge_18810 ieee80211_auth_challenge 3 18810 NULL +iio_allocate_device_18821 iio_allocate_device 1 18821 NULL +sys_modify_ldt_18824 sys_modify_ldt 3 18824 NULL @@ -124823,6 +124994,7 @@ index 0000000..0d53d19 +scnprint_id_26842 scnprint_id 3-0 26842 NULL +ecryptfs_miscdev_write_26847 ecryptfs_miscdev_write 3 26847 NULL +svc_print_xprts_26881 svc_print_xprts 0 26881 NULL ++ms_read_bytes_26894 ms_read_bytes 6 26894 NULL +ctnetlink_counters_size_26898 ctnetlink_counters_size 0 26898 NULL +slhc_uncompress_26905 slhc_uncompress 0-3 26905 NULL +x25_asy_change_mtu_26928 x25_asy_change_mtu 2 26928 NULL @@ -126493,7 +126665,7 @@ index 0000000..0d53d19 +ubi_dbg_check_write_48525 ubi_dbg_check_write 0 48525 NULL +wiimote_hid_send_48528 wiimote_hid_send 3 48528 NULL +drbd_bm_capacity_48530 drbd_bm_capacity 0 48530 NULL -+ext_sd_execute_read_data_48589 ext_sd_execute_read_data 9 48589 NULL ++ext_sd_execute_read_data_48589 ext_sd_execute_read_data 9-11 48589 NULL +do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL +lc_create_48662 lc_create 3 48662 NULL +aes_encrypt_packets_read_48666 aes_encrypt_packets_read 3 48666 NULL @@ -126840,6 +127012,7 @@ index 0000000..0d53d19 +iwl_legacy_dbgfs_channels_read_52619 iwl_legacy_dbgfs_channels_read 3 52619 NULL +__iter_shared_inline_ref_inodes_52668 __iter_shared_inline_ref_inodes 0 52668 NULL +vendorextnWriteSection_52698 vendorextnWriteSection 0 52698 NULL ++ms_transfer_data_52705 ms_transfer_data 9 52705 NULL +cx25840_ir_rx_read_52724 cx25840_ir_rx_read 3 52724 NULL +blkcipher_next_slow_52733 blkcipher_next_slow 3-4 52733 NULL +relay_alloc_page_array_52735 relay_alloc_page_array 1 52735 NULL @@ -126943,6 +127116,7 @@ index 0000000..0d53d19 +i2400m_zrealloc_2x_54166 i2400m_zrealloc_2x 3 54166 NULL nohasharray +memcpy_toiovec_54166 memcpy_toiovec 3 54166 &i2400m_zrealloc_2x_54166 +p9_client_prepare_req_54175 p9_client_prepare_req 3 54175 NULL ++sd_read_data_54207 sd_read_data 9 54207 NULL +do_sys_poll_54221 do_sys_poll 2 54221 NULL +__register_chrdev_54223 __register_chrdev 2-3 54223 NULL +_format_mac_addr_54229 _format_mac_addr 2-0 54229 NULL @@ -126982,6 +127156,7 @@ index 0000000..0d53d19 +unix_dgram_connect_54535 unix_dgram_connect 3 54535 NULL +setsockopt_54539 setsockopt 5 54539 NULL +lbs_lowsnr_write_54549 lbs_lowsnr_write 3 54549 NULL ++rts51x_seq_read_register_54567 rts51x_seq_read_register 3 54567 NULL +nfsd_vfs_write_54577 nfsd_vfs_write 6 54577 NULL +fw_iso_buffer_init_54582 fw_iso_buffer_init 3 54582 NULL +xfrm_polexpire_msgsize_54589 xfrm_polexpire_msgsize 0 54589 NULL @@ -127048,12 +127223,14 @@ index 0000000..0d53d19 +ext4_ext_convert_to_initialized_55235 ext4_ext_convert_to_initialized 0 55235 NULL +memcpy_fromiovec_55247 memcpy_fromiovec 3 55247 NULL +lbs_failcount_write_55276 lbs_failcount_write 3 55276 NULL -+rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL ++rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL nohasharray ++xd_read_cis_55291 xd_read_cis 4 55291 &rx_streaming_interval_read_55291 +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL +wimax_msg_len_55304 wimax_msg_len 0 55304 NULL +vme_user_read_55338 vme_user_read 3 55338 NULL +__wa_xfer_setup_sizes_55342 __wa_xfer_setup_sizes 0 55342 NULL nohasharray +sctp_datamsg_from_user_55342 sctp_datamsg_from_user 4 55342 &__wa_xfer_setup_sizes_55342 ++rts51x_seq_write_register_55345 rts51x_seq_write_register 3 55345 NULL +acpi_system_read_event_55362 acpi_system_read_event 3 55362 NULL +iwl_dbgfs_plcp_delta_read_55407 iwl_dbgfs_plcp_delta_read 3 55407 NULL +alloc_skb_55439 alloc_skb 1 55439 NULL @@ -127812,6 +127989,7 @@ index 0000000..0d53d19 +redirected_tty_write_65297 redirected_tty_write 3 65297 NULL +get_var_len_65304 get_var_len 0 65304 NULL +unpack_array_65318 unpack_array 0 65318 NULL ++rts51x_get_rsp_65334 rts51x_get_rsp 2 65334 NULL +dccp_setsockopt_service_65336 dccp_setsockopt_service 4 65336 NULL +dma_rx_requested_read_65354 dma_rx_requested_read 3 65354 NULL +alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL |