diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-06-30 13:47:50 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-07-02 12:17:41 +0000 |
commit | 78be1870e0d06800585803e45edd3890b783b649 (patch) | |
tree | 516f6d7d33ca777f82467693a780393b55c40218 | |
parent | 70807f221a141a1f6ec1316dd0e50d1a79bcac14 (diff) | |
download | alpine_aports-78be1870e0d06800585803e45edd3890b783b649.tar.bz2 alpine_aports-78be1870e0d06800585803e45edd3890b783b649.tar.xz alpine_aports-78be1870e0d06800585803e45edd3890b783b649.zip |
main/linux-grsec: upgrade to 3.9.8 kernel
(cherry picked from commit 880edc4d94f2c63f6f002a6392bf7a2b7316eca2)
-rw-r--r-- | main/linux-grsec/APKBUILD | 28 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch) | 1224 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 3 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 3 |
4 files changed, 516 insertions, 742 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 1b93d5b90a..ebbddba2a3 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | _flavor=grsec | 3 | _flavor=grsec |
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=3.9.7 | 5 | pkgver=3.9.8 |
6 | case $pkgver in | 6 | case $pkgver in |
7 | *.*.*) _kernver=${pkgver%.*};; | 7 | *.*.*) _kernver=${pkgver%.*};; |
8 | *.*) _kernver=${pkgver};; | 8 | *.*) _kernver=${pkgver};; |
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} | |||
17 | install= | 17 | install= |
18 | source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz | 18 | source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz |
19 | http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz | 19 | http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz |
20 | grsecurity-2.9.1-3.9.7-201306231443.patch | 20 | grsecurity-2.9.1-3.9.8-201306272057.patch |
21 | 21 | ||
22 | 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 22 | 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
23 | 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 23 | 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
@@ -149,35 +149,35 @@ dev() { | |||
149 | } | 149 | } |
150 | 150 | ||
151 | md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz | 151 | md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz |
152 | 74005c469fbd309ab631d981e2d3a6e7 patch-3.9.7.xz | 152 | c5f2166686a913abf550bfed8b77df27 patch-3.9.8.xz |
153 | a5db3ef848185c32ad4b0bbfe19106aa grsecurity-2.9.1-3.9.7-201306231443.patch | 153 | 53d60133a86b812060b048275f928041 grsecurity-2.9.1-3.9.8-201306272057.patch |
154 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 154 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
155 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 155 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
156 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 156 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
157 | 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 157 | 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
158 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 158 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
159 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 159 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
160 | bfb5ddcfbc1c9f30253de200ec2a0eb0 kernelconfig.x86 | 160 | d89089b3c7eb94dd9f65cf8a357fc36d kernelconfig.x86 |
161 | 0b6534366d8abbd36c40744163c81e5a kernelconfig.x86_64" | 161 | eb147f09fef5996a488c247790205cd6 kernelconfig.x86_64" |
162 | sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz | 162 | sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz |
163 | 23db9de5ffa2f8f36d61da85ee46656a3373f8868415c1f3c77c51c41fabfda8 patch-3.9.7.xz | 163 | 2eda9068e81269467e3c247f3343a146731fc45284b12b4bc546bc44dbb263e7 patch-3.9.8.xz |
164 | 0aa3ec9d60640ee06ca6c6aed877ce2ee99c2b8a2ee8be50ad92c43ed6570617 grsecurity-2.9.1-3.9.7-201306231443.patch | 164 | 587022b1fc72157e43011551404c7d664dcc3b6c95b72a853ef2ce721e474057 grsecurity-2.9.1-3.9.8-201306272057.patch |
165 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 165 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
166 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 166 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
167 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 167 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
168 | 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 168 | 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
169 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 169 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
170 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 170 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
171 | c017c0a47fa0dfdefe148aa73e8a19fabb1957dc699de0f94d8d4d9a45bf5abe kernelconfig.x86 | 171 | de3c17420664ae4e52826c6e602aade0deeae94f72253f85b3e48771491ed5d6 kernelconfig.x86 |
172 | aafae208fc72eaad9d09fcd8220e0d70379d8c7c7f658c10aa96990dc0b36207 kernelconfig.x86_64" | 172 | e1cce320f207cc2ba72b9d154c7060c8cbed52c664319dfd21f24e8956d0bf3e kernelconfig.x86_64" |
173 | sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz | 173 | sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz |
174 | dcf38bca1ee1b90bffd97c74c00720613dbab9183aa600401a821fe20ea665629bc43544053bd2ffe18ebfe1ee2d72d139f22d2f070374f5e231831ed6c89251 patch-3.9.7.xz | 174 | 60b7d694d39faf937e7b732eb3117b8442059c5c8857c9d439eec8a87d5bc185505e64062f5ae02c3512acf5af778caf615c35d3499cb8089a4569c05da65b9c patch-3.9.8.xz |
175 | 73f819bd44c724bbdc2e01ed4154c9fd53d0a8d1099ffabf56e995d82a9dbcb03c742e1c048cae9b0052d43dbda4d1c2150f6c14a1b958c25eef8b5571047f80 grsecurity-2.9.1-3.9.7-201306231443.patch | 175 | 4ca36180a1fc325a558acf73ec9fe3808542498a8f808f73b87a9f6b05ff290d5a5ab20ce39c547a18ce37d093a9857f5c77c495796e62fef986dfa301a9e566 grsecurity-2.9.1-3.9.8-201306272057.patch |
176 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 176 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
177 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 177 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
178 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 178 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
179 | d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 179 | d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
180 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 180 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
181 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 181 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
182 | bcf675bafd3aac174195a2d38571b9b54f4b6e0635ab3363699ae8845794dc44bcfe952585fae881d81065d4a25333a3e033808c99c977aa4a797b81e5a36c3f kernelconfig.x86 | 182 | c51ac429c3e811976318a7ca2a4f7fc48bcf290e885ceeb09a1a56ee32c37b673f6e789789cf36876747bd54e4dc55d340ad888ba0eb8e7f45f60e8ef7ea67b4 kernelconfig.x86 |
183 | a8bf4cc1cdb4d1bde9fe4cd4040a596a52a24817fad15b29785ba10ab1d80fd4ae9589ac92f98c8b6b3b5e5510f01b9c9b96b11a2cf05c9684eb0bd62ee6676e kernelconfig.x86_64" | 183 | 584e778f96a05388051b05eb6f1c20377bc8aad72d0cd678323af7aaaab85ecc992244fe6bf3f27ab88131903490fd8af3c3fb56062490dd90dca1ba91d4da21 kernelconfig.x86_64" |
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch index 5af3232471..3efd0e4c4b 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.9.8-201306272057.patch | |||
@@ -263,7 +263,7 @@ index 8ccbf27..afffeb4 100644 | |||
263 | 263 | ||
264 | pcd. [PARIDE] | 264 | pcd. [PARIDE] |
265 | diff --git a/Makefile b/Makefile | 265 | diff --git a/Makefile b/Makefile |
266 | index a129b15..548231d 100644 | 266 | index b013cbe..4ca639b 100644 |
267 | --- a/Makefile | 267 | --- a/Makefile |
268 | +++ b/Makefile | 268 | +++ b/Makefile |
269 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ | 269 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
@@ -811,10 +811,10 @@ index 0c4132d..88f0d53 100644 | |||
811 | /* Allow reads even for write-only mappings */ | 811 | /* Allow reads even for write-only mappings */ |
812 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) | 812 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) |
813 | diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig | 813 | diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig |
814 | index 1cacda4..2cef624 100644 | 814 | index 70cd012..71b82cd 100644 |
815 | --- a/arch/arm/Kconfig | 815 | --- a/arch/arm/Kconfig |
816 | +++ b/arch/arm/Kconfig | 816 | +++ b/arch/arm/Kconfig |
817 | @@ -1850,7 +1850,7 @@ config ALIGNMENT_TRAP | 817 | @@ -1860,7 +1860,7 @@ config ALIGNMENT_TRAP |
818 | 818 | ||
819 | config UACCESS_WITH_MEMCPY | 819 | config UACCESS_WITH_MEMCPY |
820 | bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" | 820 | bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" |
@@ -3799,7 +3799,7 @@ index 04d9006..c547d85 100644 | |||
3799 | return __arm_ioremap_caller(phys_addr, size, mtype, | 3799 | return __arm_ioremap_caller(phys_addr, size, mtype, |
3800 | __builtin_return_address(0)); | 3800 | __builtin_return_address(0)); |
3801 | diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c | 3801 | diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c |
3802 | index 10062ce..cd34fb9 100644 | 3802 | index 10062ce..8695745 100644 |
3803 | --- a/arch/arm/mm/mmap.c | 3803 | --- a/arch/arm/mm/mmap.c |
3804 | +++ b/arch/arm/mm/mmap.c | 3804 | +++ b/arch/arm/mm/mmap.c |
3805 | @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, | 3805 | @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, |
@@ -3876,20 +3876,7 @@ index 10062ce..cd34fb9 100644 | |||
3876 | addr = vm_unmapped_area(&info); | 3876 | addr = vm_unmapped_area(&info); |
3877 | 3877 | ||
3878 | /* | 3878 | /* |
3879 | @@ -162,6 +172,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 3879 | @@ -173,6 +183,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
3880 | VM_BUG_ON(addr != -ENOMEM); | ||
3881 | info.flags = 0; | ||
3882 | info.low_limit = mm->mmap_base; | ||
3883 | + | ||
3884 | +#ifdef CONFIG_PAX_RANDMMAP | ||
3885 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | ||
3886 | + info.low_limit += mm->delta_mmap; | ||
3887 | +#endif | ||
3888 | + | ||
3889 | info.high_limit = TASK_SIZE; | ||
3890 | addr = vm_unmapped_area(&info); | ||
3891 | } | ||
3892 | @@ -173,6 +189,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) | ||
3893 | { | 3880 | { |
3894 | unsigned long random_factor = 0UL; | 3881 | unsigned long random_factor = 0UL; |
3895 | 3882 | ||
@@ -3900,7 +3887,7 @@ index 10062ce..cd34fb9 100644 | |||
3900 | /* 8 bits of randomness in 20 address space bits */ | 3887 | /* 8 bits of randomness in 20 address space bits */ |
3901 | if ((current->flags & PF_RANDOMIZE) && | 3888 | if ((current->flags & PF_RANDOMIZE) && |
3902 | !(current->personality & ADDR_NO_RANDOMIZE)) | 3889 | !(current->personality & ADDR_NO_RANDOMIZE)) |
3903 | @@ -180,10 +200,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) | 3890 | @@ -180,10 +194,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) |
3904 | 3891 | ||
3905 | if (mmap_is_legacy()) { | 3892 | if (mmap_is_legacy()) { |
3906 | mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; | 3893 | mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; |
@@ -5767,19 +5754,6 @@ index e0a8235..ce2f1e1 100644 | |||
5767 | ret = __copy_from_user(to, from, n); | 5754 | ret = __copy_from_user(to, from, n); |
5768 | else | 5755 | else |
5769 | copy_from_user_overflow(); | 5756 | copy_from_user_overflow(); |
5770 | diff --git a/arch/parisc/kernel/drivers.c b/arch/parisc/kernel/drivers.c | ||
5771 | index 5709c5e..14285ca 100644 | ||
5772 | --- a/arch/parisc/kernel/drivers.c | ||
5773 | +++ b/arch/parisc/kernel/drivers.c | ||
5774 | @@ -394,7 +394,7 @@ EXPORT_SYMBOL(print_pci_hwpath); | ||
5775 | static void setup_bus_id(struct parisc_device *padev) | ||
5776 | { | ||
5777 | struct hardware_path path; | ||
5778 | - char name[20]; | ||
5779 | + char name[28]; | ||
5780 | char *output = name; | ||
5781 | int i; | ||
5782 | |||
5783 | diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c | 5757 | diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c |
5784 | index 2a625fb..9908930 100644 | 5758 | index 2a625fb..9908930 100644 |
5785 | --- a/arch/parisc/kernel/module.c | 5759 | --- a/arch/parisc/kernel/module.c |
@@ -5883,20 +5857,6 @@ index 2a625fb..9908930 100644 | |||
5883 | 5857 | ||
5884 | DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", | 5858 | DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", |
5885 | me->arch.unwind_section, table, end, gp); | 5859 | me->arch.unwind_section, table, end, gp); |
5886 | diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c | ||
5887 | index a3328c2..3b812eb 100644 | ||
5888 | --- a/arch/parisc/kernel/setup.c | ||
5889 | +++ b/arch/parisc/kernel/setup.c | ||
5890 | @@ -69,7 +69,8 @@ void __init setup_cmdline(char **cmdline_p) | ||
5891 | /* called from hpux boot loader */ | ||
5892 | boot_command_line[0] = '\0'; | ||
5893 | } else { | ||
5894 | - strcpy(boot_command_line, (char *)__va(boot_args[1])); | ||
5895 | + strlcpy(boot_command_line, (char *)__va(boot_args[1]), | ||
5896 | + COMMAND_LINE_SIZE); | ||
5897 | |||
5898 | #ifdef CONFIG_BLK_DEV_INITRD | ||
5899 | if (boot_args[2] != 0) /* did palo pass us a ramdisk? */ | ||
5900 | diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c | 5860 | diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c |
5901 | index 5dfd248..64914ac 100644 | 5861 | index 5dfd248..64914ac 100644 |
5902 | --- a/arch/parisc/kernel/sys_parisc.c | 5862 | --- a/arch/parisc/kernel/sys_parisc.c |
@@ -5972,10 +5932,10 @@ index 5dfd248..64914ac 100644 | |||
5972 | return addr; | 5932 | return addr; |
5973 | } | 5933 | } |
5974 | diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c | 5934 | diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c |
5975 | index aeb8f8f..27a6c2f 100644 | 5935 | index c6ae9f5..e9c3cf4 100644 |
5976 | --- a/arch/parisc/kernel/traps.c | 5936 | --- a/arch/parisc/kernel/traps.c |
5977 | +++ b/arch/parisc/kernel/traps.c | 5937 | +++ b/arch/parisc/kernel/traps.c |
5978 | @@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) | 5938 | @@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) |
5979 | 5939 | ||
5980 | down_read(¤t->mm->mmap_sem); | 5940 | down_read(¤t->mm->mmap_sem); |
5981 | vma = find_vma(current->mm,regs->iaoq[0]); | 5941 | vma = find_vma(current->mm,regs->iaoq[0]); |
@@ -10285,7 +10245,7 @@ index ad8f795..2c7eec6 100644 | |||
10285 | /* | 10245 | /* |
10286 | * Memory returned by kmalloc() may be used for DMA, so we must make | 10246 | * Memory returned by kmalloc() may be used for DMA, so we must make |
10287 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig | 10247 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
10288 | index 6ef2a37..74ad6ad 100644 | 10248 | index de80b33..c0f0899 100644 |
10289 | --- a/arch/x86/Kconfig | 10249 | --- a/arch/x86/Kconfig |
10290 | +++ b/arch/x86/Kconfig | 10250 | +++ b/arch/x86/Kconfig |
10291 | @@ -243,7 +243,7 @@ config X86_HT | 10251 | @@ -243,7 +243,7 @@ config X86_HT |
@@ -19028,7 +18988,7 @@ index 8f3e2de..934870f 100644 | |||
19028 | 18988 | ||
19029 | /* | 18989 | /* |
19030 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S | 18990 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
19031 | index c1d01e6..1bef85a 100644 | 18991 | index c1d01e6..7f633850 100644 |
19032 | --- a/arch/x86/kernel/entry_64.S | 18992 | --- a/arch/x86/kernel/entry_64.S |
19033 | +++ b/arch/x86/kernel/entry_64.S | 18993 | +++ b/arch/x86/kernel/entry_64.S |
19034 | @@ -59,6 +59,8 @@ | 18994 | @@ -59,6 +59,8 @@ |
@@ -19115,7 +19075,7 @@ index c1d01e6..1bef85a 100644 | |||
19115 | #endif | 19075 | #endif |
19116 | 19076 | ||
19117 | 19077 | ||
19118 | @@ -284,6 +293,311 @@ ENTRY(native_usergs_sysret64) | 19078 | @@ -284,6 +293,309 @@ ENTRY(native_usergs_sysret64) |
19119 | ENDPROC(native_usergs_sysret64) | 19079 | ENDPROC(native_usergs_sysret64) |
19120 | #endif /* CONFIG_PARAVIRT */ | 19080 | #endif /* CONFIG_PARAVIRT */ |
19121 | 19081 | ||
@@ -19245,9 +19205,9 @@ index c1d01e6..1bef85a 100644 | |||
19245 | + sub phys_base(%rip),%rbx | 19205 | + sub phys_base(%rip),%rbx |
19246 | + | 19206 | + |
19247 | +#ifdef CONFIG_PARAVIRT | 19207 | +#ifdef CONFIG_PARAVIRT |
19248 | + pushq %rdi | ||
19249 | + cmpl $0, pv_info+PARAVIRT_enabled | 19208 | + cmpl $0, pv_info+PARAVIRT_enabled |
19250 | + jz 1f | 19209 | + jz 1f |
19210 | + pushq %rdi | ||
19251 | + i = 0 | 19211 | + i = 0 |
19252 | + .rept USER_PGD_PTRS | 19212 | + .rept USER_PGD_PTRS |
19253 | + mov i*8(%rbx),%rsi | 19213 | + mov i*8(%rbx),%rsi |
@@ -19256,6 +19216,7 @@ index c1d01e6..1bef85a 100644 | |||
19256 | + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) | 19216 | + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) |
19257 | + i = i + 1 | 19217 | + i = i + 1 |
19258 | + .endr | 19218 | + .endr |
19219 | + popq %rdi | ||
19259 | + jmp 2f | 19220 | + jmp 2f |
19260 | +1: | 19221 | +1: |
19261 | +#endif | 19222 | +#endif |
@@ -19267,7 +19228,7 @@ index c1d01e6..1bef85a 100644 | |||
19267 | + .endr | 19228 | + .endr |
19268 | + | 19229 | + |
19269 | +#ifdef CONFIG_PARAVIRT | 19230 | +#ifdef CONFIG_PARAVIRT |
19270 | +2: popq %rdi | 19231 | +2: |
19271 | +#endif | 19232 | +#endif |
19272 | + SET_RDI_INTO_CR3 | 19233 | + SET_RDI_INTO_CR3 |
19273 | + | 19234 | + |
@@ -19308,7 +19269,6 @@ index c1d01e6..1bef85a 100644 | |||
19308 | + sub phys_base(%rip),%rbx | 19269 | + sub phys_base(%rip),%rbx |
19309 | + | 19270 | + |
19310 | +#ifdef CONFIG_PARAVIRT | 19271 | +#ifdef CONFIG_PARAVIRT |
19311 | + pushq %rdi | ||
19312 | + cmpl $0, pv_info+PARAVIRT_enabled | 19272 | + cmpl $0, pv_info+PARAVIRT_enabled |
19313 | + jz 1f | 19273 | + jz 1f |
19314 | + i = 0 | 19274 | + i = 0 |
@@ -19319,8 +19279,6 @@ index c1d01e6..1bef85a 100644 | |||
19319 | + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) | 19279 | + call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched) |
19320 | + i = i + 1 | 19280 | + i = i + 1 |
19321 | + .endr | 19281 | + .endr |
19322 | + popq %rdi | ||
19323 | + PV_RESTORE_REGS(CLBR_RDI) | ||
19324 | + jmp 2f | 19282 | + jmp 2f |
19325 | +1: | 19283 | +1: |
19326 | +#endif | 19284 | +#endif |
@@ -19332,7 +19290,7 @@ index c1d01e6..1bef85a 100644 | |||
19332 | + .endr | 19290 | + .endr |
19333 | + | 19291 | + |
19334 | +#ifdef CONFIG_PARAVIRT | 19292 | +#ifdef CONFIG_PARAVIRT |
19335 | +2: | 19293 | +2: PV_RESTORE_REGS(CLBR_RDI) |
19336 | +#endif | 19294 | +#endif |
19337 | + | 19295 | + |
19338 | + popq %rbx | 19296 | + popq %rbx |
@@ -19350,8 +19308,8 @@ index c1d01e6..1bef85a 100644 | |||
19350 | +#ifdef CONFIG_PAX_KERNEXEC | 19308 | +#ifdef CONFIG_PAX_KERNEXEC |
19351 | + GET_CR0_INTO_RDI | 19309 | + GET_CR0_INTO_RDI |
19352 | + bts $16,%rdi | 19310 | + bts $16,%rdi |
19353 | + SET_RDI_INTO_CR0 | ||
19354 | + jc 110f | 19311 | + jc 110f |
19312 | + SET_RDI_INTO_CR0 | ||
19355 | + or $2,%ebx | 19313 | + or $2,%ebx |
19356 | +110: | 19314 | +110: |
19357 | +#endif | 19315 | +#endif |
@@ -19359,8 +19317,8 @@ index c1d01e6..1bef85a 100644 | |||
19359 | + | 19317 | + |
19360 | + .macro pax_exit_kernel_nmi | 19318 | + .macro pax_exit_kernel_nmi |
19361 | +#ifdef CONFIG_PAX_KERNEXEC | 19319 | +#ifdef CONFIG_PAX_KERNEXEC |
19362 | + test $2,%ebx | 19320 | + btr $1,%ebx |
19363 | + jz 110f | 19321 | + jnc 110f |
19364 | + GET_CR0_INTO_RDI | 19322 | + GET_CR0_INTO_RDI |
19365 | + btr $16,%rdi | 19323 | + btr $16,%rdi |
19366 | + SET_RDI_INTO_CR0 | 19324 | + SET_RDI_INTO_CR0 |
@@ -19427,7 +19385,7 @@ index c1d01e6..1bef85a 100644 | |||
19427 | 19385 | ||
19428 | .macro TRACE_IRQS_IRETQ offset=ARGOFFSET | 19386 | .macro TRACE_IRQS_IRETQ offset=ARGOFFSET |
19429 | #ifdef CONFIG_TRACE_IRQFLAGS | 19387 | #ifdef CONFIG_TRACE_IRQFLAGS |
19430 | @@ -375,8 +689,8 @@ ENDPROC(native_usergs_sysret64) | 19388 | @@ -375,8 +687,8 @@ ENDPROC(native_usergs_sysret64) |
19431 | .endm | 19389 | .endm |
19432 | 19390 | ||
19433 | .macro UNFAKE_STACK_FRAME | 19391 | .macro UNFAKE_STACK_FRAME |
@@ -19438,7 +19396,7 @@ index c1d01e6..1bef85a 100644 | |||
19438 | .endm | 19396 | .endm |
19439 | 19397 | ||
19440 | /* | 19398 | /* |
19441 | @@ -463,7 +777,7 @@ ENDPROC(native_usergs_sysret64) | 19399 | @@ -463,7 +775,7 @@ ENDPROC(native_usergs_sysret64) |
19442 | movq %rsp, %rsi | 19400 | movq %rsp, %rsi |
19443 | 19401 | ||
19444 | leaq -RBP(%rsp),%rdi /* arg1 for handler */ | 19402 | leaq -RBP(%rsp),%rdi /* arg1 for handler */ |
@@ -19447,7 +19405,7 @@ index c1d01e6..1bef85a 100644 | |||
19447 | je 1f | 19405 | je 1f |
19448 | SWAPGS | 19406 | SWAPGS |
19449 | /* | 19407 | /* |
19450 | @@ -498,9 +812,10 @@ ENTRY(save_rest) | 19408 | @@ -498,9 +810,10 @@ ENTRY(save_rest) |
19451 | movq_cfi r15, R15+16 | 19409 | movq_cfi r15, R15+16 |
19452 | movq %r11, 8(%rsp) /* return address */ | 19410 | movq %r11, 8(%rsp) /* return address */ |
19453 | FIXUP_TOP_OF_STACK %r11, 16 | 19411 | FIXUP_TOP_OF_STACK %r11, 16 |
@@ -19459,7 +19417,7 @@ index c1d01e6..1bef85a 100644 | |||
19459 | 19417 | ||
19460 | /* save complete stack frame */ | 19418 | /* save complete stack frame */ |
19461 | .pushsection .kprobes.text, "ax" | 19419 | .pushsection .kprobes.text, "ax" |
19462 | @@ -529,9 +844,10 @@ ENTRY(save_paranoid) | 19420 | @@ -529,9 +842,10 @@ ENTRY(save_paranoid) |
19463 | js 1f /* negative -> in kernel */ | 19421 | js 1f /* negative -> in kernel */ |
19464 | SWAPGS | 19422 | SWAPGS |
19465 | xorl %ebx,%ebx | 19423 | xorl %ebx,%ebx |
@@ -19472,7 +19430,7 @@ index c1d01e6..1bef85a 100644 | |||
19472 | .popsection | 19430 | .popsection |
19473 | 19431 | ||
19474 | /* | 19432 | /* |
19475 | @@ -553,7 +869,7 @@ ENTRY(ret_from_fork) | 19433 | @@ -553,7 +867,7 @@ ENTRY(ret_from_fork) |
19476 | 19434 | ||
19477 | RESTORE_REST | 19435 | RESTORE_REST |
19478 | 19436 | ||
@@ -19481,7 +19439,7 @@ index c1d01e6..1bef85a 100644 | |||
19481 | jz 1f | 19439 | jz 1f |
19482 | 19440 | ||
19483 | testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET | 19441 | testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
19484 | @@ -571,7 +887,7 @@ ENTRY(ret_from_fork) | 19442 | @@ -571,7 +885,7 @@ ENTRY(ret_from_fork) |
19485 | RESTORE_REST | 19443 | RESTORE_REST |
19486 | jmp int_ret_from_sys_call | 19444 | jmp int_ret_from_sys_call |
19487 | CFI_ENDPROC | 19445 | CFI_ENDPROC |
@@ -19490,7 +19448,7 @@ index c1d01e6..1bef85a 100644 | |||
19490 | 19448 | ||
19491 | /* | 19449 | /* |
19492 | * System call entry. Up to 6 arguments in registers are supported. | 19450 | * System call entry. Up to 6 arguments in registers are supported. |
19493 | @@ -608,7 +924,7 @@ END(ret_from_fork) | 19451 | @@ -608,7 +922,7 @@ END(ret_from_fork) |
19494 | ENTRY(system_call) | 19452 | ENTRY(system_call) |
19495 | CFI_STARTPROC simple | 19453 | CFI_STARTPROC simple |
19496 | CFI_SIGNAL_FRAME | 19454 | CFI_SIGNAL_FRAME |
@@ -19499,7 +19457,7 @@ index c1d01e6..1bef85a 100644 | |||
19499 | CFI_REGISTER rip,rcx | 19457 | CFI_REGISTER rip,rcx |
19500 | /*CFI_REGISTER rflags,r11*/ | 19458 | /*CFI_REGISTER rflags,r11*/ |
19501 | SWAPGS_UNSAFE_STACK | 19459 | SWAPGS_UNSAFE_STACK |
19502 | @@ -621,16 +937,23 @@ GLOBAL(system_call_after_swapgs) | 19460 | @@ -621,16 +935,23 @@ GLOBAL(system_call_after_swapgs) |
19503 | 19461 | ||
19504 | movq %rsp,PER_CPU_VAR(old_rsp) | 19462 | movq %rsp,PER_CPU_VAR(old_rsp) |
19505 | movq PER_CPU_VAR(kernel_stack),%rsp | 19463 | movq PER_CPU_VAR(kernel_stack),%rsp |
@@ -19525,7 +19483,7 @@ index c1d01e6..1bef85a 100644 | |||
19525 | jnz tracesys | 19483 | jnz tracesys |
19526 | system_call_fastpath: | 19484 | system_call_fastpath: |
19527 | #if __SYSCALL_MASK == ~0 | 19485 | #if __SYSCALL_MASK == ~0 |
19528 | @@ -640,7 +963,7 @@ system_call_fastpath: | 19486 | @@ -640,7 +961,7 @@ system_call_fastpath: |
19529 | cmpl $__NR_syscall_max,%eax | 19487 | cmpl $__NR_syscall_max,%eax |
19530 | #endif | 19488 | #endif |
19531 | ja badsys | 19489 | ja badsys |
@@ -19534,7 +19492,7 @@ index c1d01e6..1bef85a 100644 | |||
19534 | call *sys_call_table(,%rax,8) # XXX: rip relative | 19492 | call *sys_call_table(,%rax,8) # XXX: rip relative |
19535 | movq %rax,RAX-ARGOFFSET(%rsp) | 19493 | movq %rax,RAX-ARGOFFSET(%rsp) |
19536 | /* | 19494 | /* |
19537 | @@ -654,10 +977,13 @@ sysret_check: | 19495 | @@ -654,10 +975,13 @@ sysret_check: |
19538 | LOCKDEP_SYS_EXIT | 19496 | LOCKDEP_SYS_EXIT |
19539 | DISABLE_INTERRUPTS(CLBR_NONE) | 19497 | DISABLE_INTERRUPTS(CLBR_NONE) |
19540 | TRACE_IRQS_OFF | 19498 | TRACE_IRQS_OFF |
@@ -19549,7 +19507,7 @@ index c1d01e6..1bef85a 100644 | |||
19549 | /* | 19507 | /* |
19550 | * sysretq will re-enable interrupts: | 19508 | * sysretq will re-enable interrupts: |
19551 | */ | 19509 | */ |
19552 | @@ -709,14 +1035,18 @@ badsys: | 19510 | @@ -709,14 +1033,18 @@ badsys: |
19553 | * jump back to the normal fast path. | 19511 | * jump back to the normal fast path. |
19554 | */ | 19512 | */ |
19555 | auditsys: | 19513 | auditsys: |
@@ -19569,7 +19527,7 @@ index c1d01e6..1bef85a 100644 | |||
19569 | jmp system_call_fastpath | 19527 | jmp system_call_fastpath |
19570 | 19528 | ||
19571 | /* | 19529 | /* |
19572 | @@ -737,7 +1067,7 @@ sysret_audit: | 19530 | @@ -737,7 +1065,7 @@ sysret_audit: |
19573 | /* Do syscall tracing */ | 19531 | /* Do syscall tracing */ |
19574 | tracesys: | 19532 | tracesys: |
19575 | #ifdef CONFIG_AUDITSYSCALL | 19533 | #ifdef CONFIG_AUDITSYSCALL |
@@ -19578,7 +19536,7 @@ index c1d01e6..1bef85a 100644 | |||
19578 | jz auditsys | 19536 | jz auditsys |
19579 | #endif | 19537 | #endif |
19580 | SAVE_REST | 19538 | SAVE_REST |
19581 | @@ -745,12 +1075,16 @@ tracesys: | 19539 | @@ -745,12 +1073,16 @@ tracesys: |
19582 | FIXUP_TOP_OF_STACK %rdi | 19540 | FIXUP_TOP_OF_STACK %rdi |
19583 | movq %rsp,%rdi | 19541 | movq %rsp,%rdi |
19584 | call syscall_trace_enter | 19542 | call syscall_trace_enter |
@@ -19595,7 +19553,7 @@ index c1d01e6..1bef85a 100644 | |||
19595 | RESTORE_REST | 19553 | RESTORE_REST |
19596 | #if __SYSCALL_MASK == ~0 | 19554 | #if __SYSCALL_MASK == ~0 |
19597 | cmpq $__NR_syscall_max,%rax | 19555 | cmpq $__NR_syscall_max,%rax |
19598 | @@ -759,7 +1093,7 @@ tracesys: | 19556 | @@ -759,7 +1091,7 @@ tracesys: |
19599 | cmpl $__NR_syscall_max,%eax | 19557 | cmpl $__NR_syscall_max,%eax |
19600 | #endif | 19558 | #endif |
19601 | ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ | 19559 | ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ |
@@ -19604,7 +19562,7 @@ index c1d01e6..1bef85a 100644 | |||
19604 | call *sys_call_table(,%rax,8) | 19562 | call *sys_call_table(,%rax,8) |
19605 | movq %rax,RAX-ARGOFFSET(%rsp) | 19563 | movq %rax,RAX-ARGOFFSET(%rsp) |
19606 | /* Use IRET because user could have changed frame */ | 19564 | /* Use IRET because user could have changed frame */ |
19607 | @@ -780,7 +1114,9 @@ GLOBAL(int_with_check) | 19565 | @@ -780,7 +1112,9 @@ GLOBAL(int_with_check) |
19608 | andl %edi,%edx | 19566 | andl %edi,%edx |
19609 | jnz int_careful | 19567 | jnz int_careful |
19610 | andl $~TS_COMPAT,TI_status(%rcx) | 19568 | andl $~TS_COMPAT,TI_status(%rcx) |
@@ -19615,7 +19573,7 @@ index c1d01e6..1bef85a 100644 | |||
19615 | 19573 | ||
19616 | /* Either reschedule or signal or syscall exit tracking needed. */ | 19574 | /* Either reschedule or signal or syscall exit tracking needed. */ |
19617 | /* First do a reschedule test. */ | 19575 | /* First do a reschedule test. */ |
19618 | @@ -826,7 +1162,7 @@ int_restore_rest: | 19576 | @@ -826,7 +1160,7 @@ int_restore_rest: |
19619 | TRACE_IRQS_OFF | 19577 | TRACE_IRQS_OFF |
19620 | jmp int_with_check | 19578 | jmp int_with_check |
19621 | CFI_ENDPROC | 19579 | CFI_ENDPROC |
@@ -19624,7 +19582,7 @@ index c1d01e6..1bef85a 100644 | |||
19624 | 19582 | ||
19625 | .macro FORK_LIKE func | 19583 | .macro FORK_LIKE func |
19626 | ENTRY(stub_\func) | 19584 | ENTRY(stub_\func) |
19627 | @@ -839,9 +1175,10 @@ ENTRY(stub_\func) | 19585 | @@ -839,9 +1173,10 @@ ENTRY(stub_\func) |
19628 | DEFAULT_FRAME 0 8 /* offset 8: return address */ | 19586 | DEFAULT_FRAME 0 8 /* offset 8: return address */ |
19629 | call sys_\func | 19587 | call sys_\func |
19630 | RESTORE_TOP_OF_STACK %r11, 8 | 19588 | RESTORE_TOP_OF_STACK %r11, 8 |
@@ -19636,7 +19594,7 @@ index c1d01e6..1bef85a 100644 | |||
19636 | .endm | 19594 | .endm |
19637 | 19595 | ||
19638 | .macro FIXED_FRAME label,func | 19596 | .macro FIXED_FRAME label,func |
19639 | @@ -851,9 +1188,10 @@ ENTRY(\label) | 19597 | @@ -851,9 +1186,10 @@ ENTRY(\label) |
19640 | FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET | 19598 | FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET |
19641 | call \func | 19599 | call \func |
19642 | RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET | 19600 | RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET |
@@ -19648,7 +19606,7 @@ index c1d01e6..1bef85a 100644 | |||
19648 | .endm | 19606 | .endm |
19649 | 19607 | ||
19650 | FORK_LIKE clone | 19608 | FORK_LIKE clone |
19651 | @@ -870,9 +1208,10 @@ ENTRY(ptregscall_common) | 19609 | @@ -870,9 +1206,10 @@ ENTRY(ptregscall_common) |
19652 | movq_cfi_restore R12+8, r12 | 19610 | movq_cfi_restore R12+8, r12 |
19653 | movq_cfi_restore RBP+8, rbp | 19611 | movq_cfi_restore RBP+8, rbp |
19654 | movq_cfi_restore RBX+8, rbx | 19612 | movq_cfi_restore RBX+8, rbx |
@@ -19660,7 +19618,7 @@ index c1d01e6..1bef85a 100644 | |||
19660 | 19618 | ||
19661 | ENTRY(stub_execve) | 19619 | ENTRY(stub_execve) |
19662 | CFI_STARTPROC | 19620 | CFI_STARTPROC |
19663 | @@ -885,7 +1224,7 @@ ENTRY(stub_execve) | 19621 | @@ -885,7 +1222,7 @@ ENTRY(stub_execve) |
19664 | RESTORE_REST | 19622 | RESTORE_REST |
19665 | jmp int_ret_from_sys_call | 19623 | jmp int_ret_from_sys_call |
19666 | CFI_ENDPROC | 19624 | CFI_ENDPROC |
@@ -19669,7 +19627,7 @@ index c1d01e6..1bef85a 100644 | |||
19669 | 19627 | ||
19670 | /* | 19628 | /* |
19671 | * sigreturn is special because it needs to restore all registers on return. | 19629 | * sigreturn is special because it needs to restore all registers on return. |
19672 | @@ -902,7 +1241,7 @@ ENTRY(stub_rt_sigreturn) | 19630 | @@ -902,7 +1239,7 @@ ENTRY(stub_rt_sigreturn) |
19673 | RESTORE_REST | 19631 | RESTORE_REST |
19674 | jmp int_ret_from_sys_call | 19632 | jmp int_ret_from_sys_call |
19675 | CFI_ENDPROC | 19633 | CFI_ENDPROC |
@@ -19678,7 +19636,7 @@ index c1d01e6..1bef85a 100644 | |||
19678 | 19636 | ||
19679 | #ifdef CONFIG_X86_X32_ABI | 19637 | #ifdef CONFIG_X86_X32_ABI |
19680 | ENTRY(stub_x32_rt_sigreturn) | 19638 | ENTRY(stub_x32_rt_sigreturn) |
19681 | @@ -916,7 +1255,7 @@ ENTRY(stub_x32_rt_sigreturn) | 19639 | @@ -916,7 +1253,7 @@ ENTRY(stub_x32_rt_sigreturn) |
19682 | RESTORE_REST | 19640 | RESTORE_REST |
19683 | jmp int_ret_from_sys_call | 19641 | jmp int_ret_from_sys_call |
19684 | CFI_ENDPROC | 19642 | CFI_ENDPROC |
@@ -19687,7 +19645,7 @@ index c1d01e6..1bef85a 100644 | |||
19687 | 19645 | ||
19688 | ENTRY(stub_x32_execve) | 19646 | ENTRY(stub_x32_execve) |
19689 | CFI_STARTPROC | 19647 | CFI_STARTPROC |
19690 | @@ -930,7 +1269,7 @@ ENTRY(stub_x32_execve) | 19648 | @@ -930,7 +1267,7 @@ ENTRY(stub_x32_execve) |
19691 | RESTORE_REST | 19649 | RESTORE_REST |
19692 | jmp int_ret_from_sys_call | 19650 | jmp int_ret_from_sys_call |
19693 | CFI_ENDPROC | 19651 | CFI_ENDPROC |
@@ -19696,7 +19654,7 @@ index c1d01e6..1bef85a 100644 | |||
19696 | 19654 | ||
19697 | #endif | 19655 | #endif |
19698 | 19656 | ||
19699 | @@ -967,7 +1306,7 @@ vector=vector+1 | 19657 | @@ -967,7 +1304,7 @@ vector=vector+1 |
19700 | 2: jmp common_interrupt | 19658 | 2: jmp common_interrupt |
19701 | .endr | 19659 | .endr |
19702 | CFI_ENDPROC | 19660 | CFI_ENDPROC |
@@ -19705,7 +19663,7 @@ index c1d01e6..1bef85a 100644 | |||
19705 | 19663 | ||
19706 | .previous | 19664 | .previous |
19707 | END(interrupt) | 19665 | END(interrupt) |
19708 | @@ -987,6 +1326,16 @@ END(interrupt) | 19666 | @@ -987,6 +1324,16 @@ END(interrupt) |
19709 | subq $ORIG_RAX-RBP, %rsp | 19667 | subq $ORIG_RAX-RBP, %rsp |
19710 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP | 19668 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP |
19711 | SAVE_ARGS_IRQ | 19669 | SAVE_ARGS_IRQ |
@@ -19722,7 +19680,7 @@ index c1d01e6..1bef85a 100644 | |||
19722 | call \func | 19680 | call \func |
19723 | .endm | 19681 | .endm |
19724 | 19682 | ||
19725 | @@ -1019,7 +1368,7 @@ ret_from_intr: | 19683 | @@ -1019,7 +1366,7 @@ ret_from_intr: |
19726 | 19684 | ||
19727 | exit_intr: | 19685 | exit_intr: |
19728 | GET_THREAD_INFO(%rcx) | 19686 | GET_THREAD_INFO(%rcx) |
@@ -19731,7 +19689,7 @@ index c1d01e6..1bef85a 100644 | |||
19731 | je retint_kernel | 19689 | je retint_kernel |
19732 | 19690 | ||
19733 | /* Interrupt came from user space */ | 19691 | /* Interrupt came from user space */ |
19734 | @@ -1041,12 +1390,16 @@ retint_swapgs: /* return to user-space */ | 19692 | @@ -1041,12 +1388,16 @@ retint_swapgs: /* return to user-space */ |
19735 | * The iretq could re-enable interrupts: | 19693 | * The iretq could re-enable interrupts: |
19736 | */ | 19694 | */ |
19737 | DISABLE_INTERRUPTS(CLBR_ANY) | 19695 | DISABLE_INTERRUPTS(CLBR_ANY) |
@@ -19748,7 +19706,7 @@ index c1d01e6..1bef85a 100644 | |||
19748 | /* | 19706 | /* |
19749 | * The iretq could re-enable interrupts: | 19707 | * The iretq could re-enable interrupts: |
19750 | */ | 19708 | */ |
19751 | @@ -1129,7 +1482,7 @@ ENTRY(retint_kernel) | 19709 | @@ -1129,7 +1480,7 @@ ENTRY(retint_kernel) |
19752 | #endif | 19710 | #endif |
19753 | 19711 | ||
19754 | CFI_ENDPROC | 19712 | CFI_ENDPROC |
@@ -19757,7 +19715,7 @@ index c1d01e6..1bef85a 100644 | |||
19757 | /* | 19715 | /* |
19758 | * End of kprobes section | 19716 | * End of kprobes section |
19759 | */ | 19717 | */ |
19760 | @@ -1147,7 +1500,7 @@ ENTRY(\sym) | 19718 | @@ -1147,7 +1498,7 @@ ENTRY(\sym) |
19761 | interrupt \do_sym | 19719 | interrupt \do_sym |
19762 | jmp ret_from_intr | 19720 | jmp ret_from_intr |
19763 | CFI_ENDPROC | 19721 | CFI_ENDPROC |
@@ -19766,7 +19724,7 @@ index c1d01e6..1bef85a 100644 | |||
19766 | .endm | 19724 | .endm |
19767 | 19725 | ||
19768 | #ifdef CONFIG_SMP | 19726 | #ifdef CONFIG_SMP |
19769 | @@ -1203,12 +1556,22 @@ ENTRY(\sym) | 19727 | @@ -1203,12 +1554,22 @@ ENTRY(\sym) |
19770 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 19728 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19771 | call error_entry | 19729 | call error_entry |
19772 | DEFAULT_FRAME 0 | 19730 | DEFAULT_FRAME 0 |
@@ -19790,7 +19748,7 @@ index c1d01e6..1bef85a 100644 | |||
19790 | .endm | 19748 | .endm |
19791 | 19749 | ||
19792 | .macro paranoidzeroentry sym do_sym | 19750 | .macro paranoidzeroentry sym do_sym |
19793 | @@ -1221,15 +1584,25 @@ ENTRY(\sym) | 19751 | @@ -1221,15 +1582,25 @@ ENTRY(\sym) |
19794 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 19752 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19795 | call save_paranoid | 19753 | call save_paranoid |
19796 | TRACE_IRQS_OFF | 19754 | TRACE_IRQS_OFF |
@@ -19818,7 +19776,7 @@ index c1d01e6..1bef85a 100644 | |||
19818 | .macro paranoidzeroentry_ist sym do_sym ist | 19776 | .macro paranoidzeroentry_ist sym do_sym ist |
19819 | ENTRY(\sym) | 19777 | ENTRY(\sym) |
19820 | INTR_FRAME | 19778 | INTR_FRAME |
19821 | @@ -1240,14 +1613,30 @@ ENTRY(\sym) | 19779 | @@ -1240,14 +1611,30 @@ ENTRY(\sym) |
19822 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 19780 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19823 | call save_paranoid | 19781 | call save_paranoid |
19824 | TRACE_IRQS_OFF_DEBUG | 19782 | TRACE_IRQS_OFF_DEBUG |
@@ -19850,7 +19808,7 @@ index c1d01e6..1bef85a 100644 | |||
19850 | .endm | 19808 | .endm |
19851 | 19809 | ||
19852 | .macro errorentry sym do_sym | 19810 | .macro errorentry sym do_sym |
19853 | @@ -1259,13 +1648,23 @@ ENTRY(\sym) | 19811 | @@ -1259,13 +1646,23 @@ ENTRY(\sym) |
19854 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 19812 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19855 | call error_entry | 19813 | call error_entry |
19856 | DEFAULT_FRAME 0 | 19814 | DEFAULT_FRAME 0 |
@@ -19875,7 +19833,7 @@ index c1d01e6..1bef85a 100644 | |||
19875 | .endm | 19833 | .endm |
19876 | 19834 | ||
19877 | /* error code is on the stack already */ | 19835 | /* error code is on the stack already */ |
19878 | @@ -1279,13 +1678,23 @@ ENTRY(\sym) | 19836 | @@ -1279,13 +1676,23 @@ ENTRY(\sym) |
19879 | call save_paranoid | 19837 | call save_paranoid |
19880 | DEFAULT_FRAME 0 | 19838 | DEFAULT_FRAME 0 |
19881 | TRACE_IRQS_OFF | 19839 | TRACE_IRQS_OFF |
@@ -19900,7 +19858,7 @@ index c1d01e6..1bef85a 100644 | |||
19900 | .endm | 19858 | .endm |
19901 | 19859 | ||
19902 | zeroentry divide_error do_divide_error | 19860 | zeroentry divide_error do_divide_error |
19903 | @@ -1315,9 +1724,10 @@ gs_change: | 19861 | @@ -1315,9 +1722,10 @@ gs_change: |
19904 | 2: mfence /* workaround */ | 19862 | 2: mfence /* workaround */ |
19905 | SWAPGS | 19863 | SWAPGS |
19906 | popfq_cfi | 19864 | popfq_cfi |
@@ -19912,7 +19870,7 @@ index c1d01e6..1bef85a 100644 | |||
19912 | 19870 | ||
19913 | _ASM_EXTABLE(gs_change,bad_gs) | 19871 | _ASM_EXTABLE(gs_change,bad_gs) |
19914 | .section .fixup,"ax" | 19872 | .section .fixup,"ax" |
19915 | @@ -1345,9 +1755,10 @@ ENTRY(call_softirq) | 19873 | @@ -1345,9 +1753,10 @@ ENTRY(call_softirq) |
19916 | CFI_DEF_CFA_REGISTER rsp | 19874 | CFI_DEF_CFA_REGISTER rsp |
19917 | CFI_ADJUST_CFA_OFFSET -8 | 19875 | CFI_ADJUST_CFA_OFFSET -8 |
19918 | decl PER_CPU_VAR(irq_count) | 19876 | decl PER_CPU_VAR(irq_count) |
@@ -19924,7 +19882,7 @@ index c1d01e6..1bef85a 100644 | |||
19924 | 19882 | ||
19925 | #ifdef CONFIG_XEN | 19883 | #ifdef CONFIG_XEN |
19926 | zeroentry xen_hypervisor_callback xen_do_hypervisor_callback | 19884 | zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
19927 | @@ -1385,7 +1796,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) | 19885 | @@ -1385,7 +1794,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
19928 | decl PER_CPU_VAR(irq_count) | 19886 | decl PER_CPU_VAR(irq_count) |
19929 | jmp error_exit | 19887 | jmp error_exit |
19930 | CFI_ENDPROC | 19888 | CFI_ENDPROC |
@@ -19933,7 +19891,7 @@ index c1d01e6..1bef85a 100644 | |||
19933 | 19891 | ||
19934 | /* | 19892 | /* |
19935 | * Hypervisor uses this for application faults while it executes. | 19893 | * Hypervisor uses this for application faults while it executes. |
19936 | @@ -1444,7 +1855,7 @@ ENTRY(xen_failsafe_callback) | 19894 | @@ -1444,7 +1853,7 @@ ENTRY(xen_failsafe_callback) |
19937 | SAVE_ALL | 19895 | SAVE_ALL |
19938 | jmp error_exit | 19896 | jmp error_exit |
19939 | CFI_ENDPROC | 19897 | CFI_ENDPROC |
@@ -19942,7 +19900,7 @@ index c1d01e6..1bef85a 100644 | |||
19942 | 19900 | ||
19943 | apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ | 19901 | apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ |
19944 | xen_hvm_callback_vector xen_evtchn_do_upcall | 19902 | xen_hvm_callback_vector xen_evtchn_do_upcall |
19945 | @@ -1498,16 +1909,31 @@ ENTRY(paranoid_exit) | 19903 | @@ -1498,16 +1907,31 @@ ENTRY(paranoid_exit) |
19946 | TRACE_IRQS_OFF_DEBUG | 19904 | TRACE_IRQS_OFF_DEBUG |
19947 | testl %ebx,%ebx /* swapgs needed? */ | 19905 | testl %ebx,%ebx /* swapgs needed? */ |
19948 | jnz paranoid_restore | 19906 | jnz paranoid_restore |
@@ -19975,7 +19933,7 @@ index c1d01e6..1bef85a 100644 | |||
19975 | jmp irq_return | 19933 | jmp irq_return |
19976 | paranoid_userspace: | 19934 | paranoid_userspace: |
19977 | GET_THREAD_INFO(%rcx) | 19935 | GET_THREAD_INFO(%rcx) |
19978 | @@ -1536,7 +1962,7 @@ paranoid_schedule: | 19936 | @@ -1536,7 +1960,7 @@ paranoid_schedule: |
19979 | TRACE_IRQS_OFF | 19937 | TRACE_IRQS_OFF |
19980 | jmp paranoid_userspace | 19938 | jmp paranoid_userspace |
19981 | CFI_ENDPROC | 19939 | CFI_ENDPROC |
@@ -19984,7 +19942,7 @@ index c1d01e6..1bef85a 100644 | |||
19984 | 19942 | ||
19985 | /* | 19943 | /* |
19986 | * Exception entry point. This expects an error code/orig_rax on the stack. | 19944 | * Exception entry point. This expects an error code/orig_rax on the stack. |
19987 | @@ -1563,12 +1989,13 @@ ENTRY(error_entry) | 19945 | @@ -1563,12 +1987,13 @@ ENTRY(error_entry) |
19988 | movq_cfi r14, R14+8 | 19946 | movq_cfi r14, R14+8 |
19989 | movq_cfi r15, R15+8 | 19947 | movq_cfi r15, R15+8 |
19990 | xorl %ebx,%ebx | 19948 | xorl %ebx,%ebx |
@@ -19999,7 +19957,7 @@ index c1d01e6..1bef85a 100644 | |||
19999 | ret | 19957 | ret |
20000 | 19958 | ||
20001 | /* | 19959 | /* |
20002 | @@ -1595,7 +2022,7 @@ bstep_iret: | 19960 | @@ -1595,7 +2020,7 @@ bstep_iret: |
20003 | movq %rcx,RIP+8(%rsp) | 19961 | movq %rcx,RIP+8(%rsp) |
20004 | jmp error_swapgs | 19962 | jmp error_swapgs |
20005 | CFI_ENDPROC | 19963 | CFI_ENDPROC |
@@ -20008,7 +19966,7 @@ index c1d01e6..1bef85a 100644 | |||
20008 | 19966 | ||
20009 | 19967 | ||
20010 | /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ | 19968 | /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
20011 | @@ -1615,7 +2042,7 @@ ENTRY(error_exit) | 19969 | @@ -1615,7 +2040,7 @@ ENTRY(error_exit) |
20012 | jnz retint_careful | 19970 | jnz retint_careful |
20013 | jmp retint_swapgs | 19971 | jmp retint_swapgs |
20014 | CFI_ENDPROC | 19972 | CFI_ENDPROC |
@@ -20017,7 +19975,7 @@ index c1d01e6..1bef85a 100644 | |||
20017 | 19975 | ||
20018 | /* | 19976 | /* |
20019 | * Test if a given stack is an NMI stack or not. | 19977 | * Test if a given stack is an NMI stack or not. |
20020 | @@ -1673,9 +2100,11 @@ ENTRY(nmi) | 19978 | @@ -1673,9 +2098,11 @@ ENTRY(nmi) |
20021 | * If %cs was not the kernel segment, then the NMI triggered in user | 19979 | * If %cs was not the kernel segment, then the NMI triggered in user |
20022 | * space, which means it is definitely not nested. | 19980 | * space, which means it is definitely not nested. |
20023 | */ | 19981 | */ |
@@ -20030,7 +19988,7 @@ index c1d01e6..1bef85a 100644 | |||
20030 | /* | 19988 | /* |
20031 | * Check the special variable on the stack to see if NMIs are | 19989 | * Check the special variable on the stack to see if NMIs are |
20032 | * executing. | 19990 | * executing. |
20033 | @@ -1709,8 +2138,7 @@ nested_nmi: | 19991 | @@ -1709,8 +2136,7 @@ nested_nmi: |
20034 | 19992 | ||
20035 | 1: | 19993 | 1: |
20036 | /* Set up the interrupted NMIs stack to jump to repeat_nmi */ | 19994 | /* Set up the interrupted NMIs stack to jump to repeat_nmi */ |
@@ -20040,7 +19998,7 @@ index c1d01e6..1bef85a 100644 | |||
20040 | CFI_ADJUST_CFA_OFFSET 1*8 | 19998 | CFI_ADJUST_CFA_OFFSET 1*8 |
20041 | leaq -10*8(%rsp), %rdx | 19999 | leaq -10*8(%rsp), %rdx |
20042 | pushq_cfi $__KERNEL_DS | 20000 | pushq_cfi $__KERNEL_DS |
20043 | @@ -1728,6 +2156,7 @@ nested_nmi_out: | 20001 | @@ -1728,6 +2154,7 @@ nested_nmi_out: |
20044 | CFI_RESTORE rdx | 20002 | CFI_RESTORE rdx |
20045 | 20003 | ||
20046 | /* No need to check faults here */ | 20004 | /* No need to check faults here */ |
@@ -20048,7 +20006,7 @@ index c1d01e6..1bef85a 100644 | |||
20048 | INTERRUPT_RETURN | 20006 | INTERRUPT_RETURN |
20049 | 20007 | ||
20050 | CFI_RESTORE_STATE | 20008 | CFI_RESTORE_STATE |
20051 | @@ -1844,6 +2273,8 @@ end_repeat_nmi: | 20009 | @@ -1844,6 +2271,8 @@ end_repeat_nmi: |
20052 | */ | 20010 | */ |
20053 | movq %cr2, %r12 | 20011 | movq %cr2, %r12 |
20054 | 20012 | ||
@@ -20057,7 +20015,7 @@ index c1d01e6..1bef85a 100644 | |||
20057 | /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ | 20015 | /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
20058 | movq %rsp,%rdi | 20016 | movq %rsp,%rdi |
20059 | movq $-1,%rsi | 20017 | movq $-1,%rsi |
20060 | @@ -1856,26 +2287,31 @@ end_repeat_nmi: | 20018 | @@ -1856,26 +2285,31 @@ end_repeat_nmi: |
20061 | movq %r12, %cr2 | 20019 | movq %r12, %cr2 |
20062 | 1: | 20020 | 1: |
20063 | 20021 | ||
@@ -20604,7 +20562,7 @@ index 73afd11..d1670f5 100644 | |||
20604 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 | 20562 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 |
20605 | + .endr | 20563 | + .endr |
20606 | diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S | 20564 | diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
20607 | index 321d65e..e9437f7 100644 | 20565 | index 321d65e..7830f05 100644 |
20608 | --- a/arch/x86/kernel/head_64.S | 20566 | --- a/arch/x86/kernel/head_64.S |
20609 | +++ b/arch/x86/kernel/head_64.S | 20567 | +++ b/arch/x86/kernel/head_64.S |
20610 | @@ -20,6 +20,8 @@ | 20568 | @@ -20,6 +20,8 @@ |
@@ -20770,7 +20728,7 @@ index 321d65e..e9437f7 100644 | |||
20770 | NEXT_PAGE(level2_kernel_pgt) | 20728 | NEXT_PAGE(level2_kernel_pgt) |
20771 | /* | 20729 | /* |
20772 | * 512 MB kernel mapping. We spend a full page on this pagetable | 20730 | * 512 MB kernel mapping. We spend a full page on this pagetable |
20773 | @@ -488,38 +536,64 @@ NEXT_PAGE(level2_kernel_pgt) | 20731 | @@ -488,39 +536,64 @@ NEXT_PAGE(level2_kernel_pgt) |
20774 | KERNEL_IMAGE_SIZE/PMD_SIZE) | 20732 | KERNEL_IMAGE_SIZE/PMD_SIZE) |
20775 | 20733 | ||
20776 | NEXT_PAGE(level2_fixmap_pgt) | 20734 | NEXT_PAGE(level2_fixmap_pgt) |
@@ -20844,8 +20802,9 @@ index 321d65e..e9437f7 100644 | |||
20844 | - .skip IDT_ENTRIES * 16 | 20802 | - .skip IDT_ENTRIES * 16 |
20845 | + .fill 512,8,0 | 20803 | + .fill 512,8,0 |
20846 | 20804 | ||
20847 | __PAGE_ALIGNED_BSS | 20805 | - __PAGE_ALIGNED_BSS |
20848 | NEXT_PAGE(empty_zero_page) | 20806 | NEXT_PAGE(empty_zero_page) |
20807 | .skip PAGE_SIZE | ||
20849 | diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c | 20808 | diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c |
20850 | index 0fa6912..37fce70 100644 | 20809 | index 0fa6912..37fce70 100644 |
20851 | --- a/arch/x86/kernel/i386_ksyms_32.c | 20810 | --- a/arch/x86/kernel/i386_ksyms_32.c |
@@ -22601,7 +22560,7 @@ index f2bb9c9..bed145d7 100644 | |||
22601 | 22560 | ||
22602 | 1: | 22561 | 1: |
22603 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c | 22562 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
22604 | index fae9134..f8e4a47 100644 | 22563 | index fae9134..8fcd87c 100644 |
22605 | --- a/arch/x86/kernel/setup.c | 22564 | --- a/arch/x86/kernel/setup.c |
22606 | +++ b/arch/x86/kernel/setup.c | 22565 | +++ b/arch/x86/kernel/setup.c |
22607 | @@ -111,6 +111,7 @@ | 22566 | @@ -111,6 +111,7 @@ |
@@ -22644,7 +22603,7 @@ index fae9134..f8e4a47 100644 | |||
22644 | void __init setup_arch(char **cmdline_p) | 22603 | void __init setup_arch(char **cmdline_p) |
22645 | { | 22604 | { |
22646 | +#ifdef CONFIG_X86_32 | 22605 | +#ifdef CONFIG_X86_32 |
22647 | + memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - ____LOAD_PHYSICAL_ADDR); | 22606 | + memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - LOAD_PHYSICAL_ADDR); |
22648 | +#else | 22607 | +#else |
22649 | memblock_reserve(__pa_symbol(_text), | 22608 | memblock_reserve(__pa_symbol(_text), |
22650 | (unsigned long)__bss_stop - (unsigned long)_text); | 22609 | (unsigned long)__bss_stop - (unsigned long)_text); |
@@ -22923,10 +22882,10 @@ index 9b4d51d..5d28b58 100644 | |||
22923 | switch (opcode[i]) { | 22882 | switch (opcode[i]) { |
22924 | diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c | 22883 | diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c |
22925 | new file mode 100644 | 22884 | new file mode 100644 |
22926 | index 0000000..207bec6 | 22885 | index 0000000..5877189 |
22927 | --- /dev/null | 22886 | --- /dev/null |
22928 | +++ b/arch/x86/kernel/sys_i386_32.c | 22887 | +++ b/arch/x86/kernel/sys_i386_32.c |
22929 | @@ -0,0 +1,250 @@ | 22888 | @@ -0,0 +1,189 @@ |
22930 | +/* | 22889 | +/* |
22931 | + * This file contains various random system calls that | 22890 | + * This file contains various random system calls that |
22932 | + * have a non-standard calling sequence on the Linux/i386 | 22891 | + * have a non-standard calling sequence on the Linux/i386 |
@@ -22947,6 +22906,7 @@ index 0000000..207bec6 | |||
22947 | +#include <linux/file.h> | 22906 | +#include <linux/file.h> |
22948 | +#include <linux/utsname.h> | 22907 | +#include <linux/utsname.h> |
22949 | +#include <linux/ipc.h> | 22908 | +#include <linux/ipc.h> |
22909 | +#include <linux/elf.h> | ||
22950 | + | 22910 | + |
22951 | +#include <linux/uaccess.h> | 22911 | +#include <linux/uaccess.h> |
22952 | +#include <linux/unistd.h> | 22912 | +#include <linux/unistd.h> |
@@ -22969,13 +22929,28 @@ index 0000000..207bec6 | |||
22969 | + return 0; | 22929 | + return 0; |
22970 | +} | 22930 | +} |
22971 | + | 22931 | + |
22932 | +/* | ||
22933 | + * Align a virtual address to avoid aliasing in the I$ on AMD F15h. | ||
22934 | + */ | ||
22935 | +static unsigned long get_align_mask(void) | ||
22936 | +{ | ||
22937 | + if (va_align.flags < 0 || !(va_align.flags & ALIGN_VA_32)) | ||
22938 | + return 0; | ||
22939 | + | ||
22940 | + if (!(current->flags & PF_RANDOMIZE)) | ||
22941 | + return 0; | ||
22942 | + | ||
22943 | + return va_align.mask; | ||
22944 | +} | ||
22945 | + | ||
22972 | +unsigned long | 22946 | +unsigned long |
22973 | +arch_get_unmapped_area(struct file *filp, unsigned long addr, | 22947 | +arch_get_unmapped_area(struct file *filp, unsigned long addr, |
22974 | + unsigned long len, unsigned long pgoff, unsigned long flags) | 22948 | + unsigned long len, unsigned long pgoff, unsigned long flags) |
22975 | +{ | 22949 | +{ |
22976 | + struct mm_struct *mm = current->mm; | 22950 | + struct mm_struct *mm = current->mm; |
22977 | + struct vm_area_struct *vma; | 22951 | + struct vm_area_struct *vma; |
22978 | + unsigned long start_addr, pax_task_size = TASK_SIZE; | 22952 | + unsigned long pax_task_size = TASK_SIZE; |
22953 | + struct vm_unmapped_area_info info; | ||
22979 | + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); | 22954 | + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); |
22980 | + | 22955 | + |
22981 | +#ifdef CONFIG_PAX_SEGMEXEC | 22956 | +#ifdef CONFIG_PAX_SEGMEXEC |
@@ -23003,61 +22978,35 @@ index 0000000..207bec6 | |||
23003 | + return addr; | 22978 | + return addr; |
23004 | + } | 22979 | + } |
23005 | + } | 22980 | + } |
23006 | + if (len > mm->cached_hole_size) { | 22981 | + |
23007 | + start_addr = addr = mm->free_area_cache; | 22982 | + info.flags = 0; |
23008 | + } else { | 22983 | + info.length = len; |
23009 | + start_addr = addr = mm->mmap_base; | 22984 | + info.align_mask = filp ? get_align_mask() : 0; |
23010 | + mm->cached_hole_size = 0; | 22985 | + info.align_offset = pgoff << PAGE_SHIFT; |
23011 | + } | 22986 | + info.threadstack_offset = offset; |
23012 | + | 22987 | + |
23013 | +#ifdef CONFIG_PAX_PAGEEXEC | 22988 | +#ifdef CONFIG_PAX_PAGEEXEC |
23014 | + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) { | 22989 | + if (!(__supported_pte_mask & _PAGE_NX) && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE)) { |
23015 | + start_addr = 0x00110000UL; | 22990 | + info.low_limit = 0x00110000UL; |
22991 | + info.high_limit = mm->start_code; | ||
23016 | + | 22992 | + |
23017 | +#ifdef CONFIG_PAX_RANDMMAP | 22993 | +#ifdef CONFIG_PAX_RANDMMAP |
23018 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | 22994 | + if (mm->pax_flags & MF_PAX_RANDMMAP) |
23019 | + start_addr += mm->delta_mmap & 0x03FFF000UL; | 22995 | + info.low_limit += mm->delta_mmap & 0x03FFF000UL; |
23020 | +#endif | 22996 | +#endif |
23021 | + | 22997 | + |
23022 | + if (mm->start_brk <= start_addr && start_addr < mm->mmap_base) | 22998 | + if (info.low_limit < info.high_limit) { |
23023 | + start_addr = addr = mm->mmap_base; | 22999 | + addr = vm_unmapped_area(&info); |
23024 | + else | 23000 | + if (!IS_ERR_VALUE(addr)) |
23025 | + addr = start_addr; | 23001 | + return addr; |
23026 | + } | 23002 | + } |
23003 | + } else | ||
23027 | +#endif | 23004 | +#endif |
23028 | + | 23005 | + |
23029 | +full_search: | 23006 | + info.low_limit = mm->mmap_base; |
23030 | + for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { | 23007 | + info.high_limit = pax_task_size; |
23031 | + /* At this point: (!vma || addr < vma->vm_end). */ | ||
23032 | + if (pax_task_size - len < addr) { | ||
23033 | + /* | ||
23034 | + * Start a new search - just in case we missed | ||
23035 | + * some holes. | ||
23036 | + */ | ||
23037 | + if (start_addr != mm->mmap_base) { | ||
23038 | + start_addr = addr = mm->mmap_base; | ||
23039 | + mm->cached_hole_size = 0; | ||
23040 | + goto full_search; | ||
23041 | + } | ||
23042 | + return -ENOMEM; | ||
23043 | + } | ||
23044 | + if (check_heap_stack_gap(vma, addr, len, offset)) | ||
23045 | + break; | ||
23046 | + if (addr + mm->cached_hole_size < vma->vm_start) | ||
23047 | + mm->cached_hole_size = vma->vm_start - addr; | ||
23048 | + addr = vma->vm_end; | ||
23049 | + if (mm->start_brk <= addr && addr < mm->mmap_base) { | ||
23050 | + start_addr = addr = mm->mmap_base; | ||
23051 | + mm->cached_hole_size = 0; | ||
23052 | + goto full_search; | ||
23053 | + } | ||
23054 | + } | ||
23055 | + | 23008 | + |
23056 | + /* | 23009 | + return vm_unmapped_area(&info); |
23057 | + * Remember the place where we stopped the search: | ||
23058 | + */ | ||
23059 | + mm->free_area_cache = addr + len; | ||
23060 | + return addr; | ||
23061 | +} | 23010 | +} |
23062 | + | 23011 | + |
23063 | +unsigned long | 23012 | +unsigned long |
@@ -23067,7 +23016,8 @@ index 0000000..207bec6 | |||
23067 | +{ | 23016 | +{ |
23068 | + struct vm_area_struct *vma; | 23017 | + struct vm_area_struct *vma; |
23069 | + struct mm_struct *mm = current->mm; | 23018 | + struct mm_struct *mm = current->mm; |
23070 | + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; | 23019 | + unsigned long addr = addr0, pax_task_size = TASK_SIZE; |
23020 | + struct vm_unmapped_area_info info; | ||
23071 | + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); | 23021 | + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); |
23072 | + | 23022 | + |
23073 | +#ifdef CONFIG_PAX_SEGMEXEC | 23023 | +#ifdef CONFIG_PAX_SEGMEXEC |
@@ -23103,46 +23053,18 @@ index 0000000..207bec6 | |||
23103 | + } | 23053 | + } |
23104 | + } | 23054 | + } |
23105 | + | 23055 | + |
23106 | + /* check if free_area_cache is useful for us */ | 23056 | + info.flags = VM_UNMAPPED_AREA_TOPDOWN; |
23107 | + if (len <= mm->cached_hole_size) { | 23057 | + info.length = len; |
23108 | + mm->cached_hole_size = 0; | 23058 | + info.low_limit = PAGE_SIZE; |
23109 | + mm->free_area_cache = mm->mmap_base; | 23059 | + info.high_limit = mm->mmap_base; |
23110 | + } | 23060 | + info.align_mask = filp ? get_align_mask() : 0; |
23111 | + | 23061 | + info.align_offset = pgoff << PAGE_SHIFT; |
23112 | + /* either no address requested or can't fit in requested address hole */ | 23062 | + info.threadstack_offset = offset; |
23113 | + addr = mm->free_area_cache; | ||
23114 | + | ||
23115 | + /* make sure it can fit in the remaining address space */ | ||
23116 | + if (addr > len) { | ||
23117 | + vma = find_vma(mm, addr-len); | ||
23118 | + if (check_heap_stack_gap(vma, addr - len, len, offset)) | ||
23119 | + /* remember the address as a hint for next time */ | ||
23120 | + return (mm->free_area_cache = addr-len); | ||
23121 | + } | ||
23122 | + | ||
23123 | + if (mm->mmap_base < len) | ||
23124 | + goto bottomup; | ||
23125 | + | ||
23126 | + addr = mm->mmap_base-len; | ||
23127 | + | ||
23128 | + do { | ||
23129 | + /* | ||
23130 | + * Lookup failure means no vma is above this address, | ||
23131 | + * else if new region fits below vma->vm_start, | ||
23132 | + * return with success: | ||
23133 | + */ | ||
23134 | + vma = find_vma(mm, addr); | ||
23135 | + if (check_heap_stack_gap(vma, addr, len, offset)) | ||
23136 | + /* remember the address as a hint for next time */ | ||
23137 | + return (mm->free_area_cache = addr); | ||
23138 | + | ||
23139 | + /* remember the largest hole we saw so far */ | ||
23140 | + if (addr + mm->cached_hole_size < vma->vm_start) | ||
23141 | + mm->cached_hole_size = vma->vm_start - addr; | ||
23142 | + | 23063 | + |
23143 | + /* try just below the current vma->vm_start */ | 23064 | + addr = vm_unmapped_area(&info); |
23144 | + addr = skip_heap_stack_gap(vma, len, offset); | 23065 | + if (!(addr & ~PAGE_MASK)) |
23145 | + } while (!IS_ERR_VALUE(addr)); | 23066 | + return addr; |
23067 | + VM_BUG_ON(addr != -ENOMEM); | ||
23146 | + | 23068 | + |
23147 | +bottomup: | 23069 | +bottomup: |
23148 | + /* | 23070 | + /* |
@@ -23151,31 +23073,7 @@ index 0000000..207bec6 | |||
23151 | + * can happen with large stack limits and large mmap() | 23073 | + * can happen with large stack limits and large mmap() |
23152 | + * allocations. | 23074 | + * allocations. |
23153 | + */ | 23075 | + */ |
23154 | + | 23076 | + return arch_get_unmapped_area(filp, addr0, len, pgoff, flags); |
23155 | +#ifdef CONFIG_PAX_SEGMEXEC | ||
23156 | + if (mm->pax_flags & MF_PAX_SEGMEXEC) | ||
23157 | + mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; | ||
23158 | + else | ||
23159 | +#endif | ||
23160 | + | ||
23161 | + mm->mmap_base = TASK_UNMAPPED_BASE; | ||
23162 | + | ||
23163 | +#ifdef CONFIG_PAX_RANDMMAP | ||
23164 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | ||
23165 | + mm->mmap_base += mm->delta_mmap; | ||
23166 | +#endif | ||
23167 | + | ||
23168 | + mm->free_area_cache = mm->mmap_base; | ||
23169 | + mm->cached_hole_size = ~0UL; | ||
23170 | + addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | ||
23171 | + /* | ||
23172 | + * Restore the topdown base: | ||
23173 | + */ | ||
23174 | + mm->mmap_base = base; | ||
23175 | + mm->free_area_cache = base; | ||
23176 | + mm->cached_hole_size = ~0UL; | ||
23177 | + | ||
23178 | + return addr; | ||
23179 | +} | 23077 | +} |
23180 | diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c | 23078 | diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c |
23181 | index dbded5a..ace2781 100644 | 23079 | index dbded5a..ace2781 100644 |
@@ -24301,10 +24199,10 @@ index 0af1807..06912bb 100644 | |||
24301 | 24199 | ||
24302 | vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) | 24200 | vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) |
24303 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | 24201 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
24304 | index e172132..c3d3e27 100644 | 24202 | index 8563b45..272f1fe 100644 |
24305 | --- a/arch/x86/kvm/x86.c | 24203 | --- a/arch/x86/kvm/x86.c |
24306 | +++ b/arch/x86/kvm/x86.c | 24204 | +++ b/arch/x86/kvm/x86.c |
24307 | @@ -1686,8 +1686,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) | 24205 | @@ -1685,8 +1685,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) |
24308 | { | 24206 | { |
24309 | struct kvm *kvm = vcpu->kvm; | 24207 | struct kvm *kvm = vcpu->kvm; |
24310 | int lm = is_long_mode(vcpu); | 24208 | int lm = is_long_mode(vcpu); |
@@ -24315,7 +24213,7 @@ index e172132..c3d3e27 100644 | |||
24315 | u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 | 24213 | u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 |
24316 | : kvm->arch.xen_hvm_config.blob_size_32; | 24214 | : kvm->arch.xen_hvm_config.blob_size_32; |
24317 | u32 page_num = data & ~PAGE_MASK; | 24215 | u32 page_num = data & ~PAGE_MASK; |
24318 | @@ -2567,6 +2567,8 @@ long kvm_arch_dev_ioctl(struct file *filp, | 24216 | @@ -2566,6 +2566,8 @@ long kvm_arch_dev_ioctl(struct file *filp, |
24319 | if (n < msr_list.nmsrs) | 24217 | if (n < msr_list.nmsrs) |
24320 | goto out; | 24218 | goto out; |
24321 | r = -EFAULT; | 24219 | r = -EFAULT; |
@@ -24324,7 +24222,7 @@ index e172132..c3d3e27 100644 | |||
24324 | if (copy_to_user(user_msr_list->indices, &msrs_to_save, | 24222 | if (copy_to_user(user_msr_list->indices, &msrs_to_save, |
24325 | num_msrs_to_save * sizeof(u32))) | 24223 | num_msrs_to_save * sizeof(u32))) |
24326 | goto out; | 24224 | goto out; |
24327 | @@ -2696,7 +2698,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, | 24225 | @@ -2695,7 +2697,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, |
24328 | static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, | 24226 | static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, |
24329 | struct kvm_interrupt *irq) | 24227 | struct kvm_interrupt *irq) |
24330 | { | 24228 | { |
@@ -24333,7 +24231,7 @@ index e172132..c3d3e27 100644 | |||
24333 | return -EINVAL; | 24231 | return -EINVAL; |
24334 | if (irqchip_in_kernel(vcpu->kvm)) | 24232 | if (irqchip_in_kernel(vcpu->kvm)) |
24335 | return -ENXIO; | 24233 | return -ENXIO; |
24336 | @@ -5247,7 +5249,7 @@ static struct notifier_block pvclock_gtod_notifier = { | 24234 | @@ -5246,7 +5248,7 @@ static struct notifier_block pvclock_gtod_notifier = { |
24337 | }; | 24235 | }; |
24338 | #endif | 24236 | #endif |
24339 | 24237 | ||
@@ -30491,31 +30389,6 @@ index c77b24a..c979855 100644 | |||
30491 | return !(ret & 0xff00); | 30389 | return !(ret & 0xff00); |
30492 | } | 30390 | } |
30493 | EXPORT_SYMBOL(pcibios_set_irq_routing); | 30391 | EXPORT_SYMBOL(pcibios_set_irq_routing); |
30494 | diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c | ||
30495 | index 90f3a52..714e825 100644 | ||
30496 | --- a/arch/x86/platform/efi/efi.c | ||
30497 | +++ b/arch/x86/platform/efi/efi.c | ||
30498 | @@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) | ||
30499 | * that by attempting to use more space than is available. | ||
30500 | */ | ||
30501 | unsigned long dummy_size = remaining_size + 1024; | ||
30502 | - void *dummy = kmalloc(dummy_size, GFP_ATOMIC); | ||
30503 | + void *dummy = kzalloc(dummy_size, GFP_ATOMIC); | ||
30504 | + | ||
30505 | + if (!dummy) | ||
30506 | + return EFI_OUT_OF_RESOURCES; | ||
30507 | |||
30508 | status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID, | ||
30509 | EFI_VARIABLE_NON_VOLATILE | | ||
30510 | @@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size) | ||
30511 | 0, dummy); | ||
30512 | } | ||
30513 | |||
30514 | + kfree(dummy); | ||
30515 | + | ||
30516 | /* | ||
30517 | * The runtime code may now have triggered a garbage collection | ||
30518 | * run, so check the variable info again | ||
30519 | diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c | 30392 | diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c |
30520 | index 40e4469..1ab536e 100644 | 30393 | index 40e4469..1ab536e 100644 |
30521 | --- a/arch/x86/platform/efi/efi_32.c | 30394 | --- a/arch/x86/platform/efi/efi_32.c |
@@ -37668,7 +37541,7 @@ index 04c69af..5f92d00 100644 | |||
37668 | #include <linux/input.h> | 37541 | #include <linux/input.h> |
37669 | #include <linux/gameport.h> | 37542 | #include <linux/gameport.h> |
37670 | diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c | 37543 | diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c |
37671 | index d6cbfe9..6225402 100644 | 37544 | index fa061d4..4a6957c 100644 |
37672 | --- a/drivers/input/joystick/xpad.c | 37545 | --- a/drivers/input/joystick/xpad.c |
37673 | +++ b/drivers/input/joystick/xpad.c | 37546 | +++ b/drivers/input/joystick/xpad.c |
37674 | @@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, | 37547 | @@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, |
@@ -38029,7 +37902,7 @@ index 64e204e..c6bf189 100644 | |||
38029 | .callback = ss4200_led_dmi_callback, | 37902 | .callback = ss4200_led_dmi_callback, |
38030 | .ident = "Intel SS4200-E", | 37903 | .ident = "Intel SS4200-E", |
38031 | diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c | 37904 | diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c |
38032 | index a5ebc00..982886f 100644 | 37905 | index a5ebc00..3de3364 100644 |
38033 | --- a/drivers/lguest/core.c | 37906 | --- a/drivers/lguest/core.c |
38034 | +++ b/drivers/lguest/core.c | 37907 | +++ b/drivers/lguest/core.c |
38035 | @@ -92,9 +92,17 @@ static __init int map_switcher(void) | 37908 | @@ -92,9 +92,17 @@ static __init int map_switcher(void) |
@@ -38037,7 +37910,7 @@ index a5ebc00..982886f 100644 | |||
38037 | * allocates an extra guard page, so we need space for that. | 37910 | * allocates an extra guard page, so we need space for that. |
38038 | */ | 37911 | */ |
38039 | + | 37912 | + |
38040 | +#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) | 37913 | +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) |
38041 | + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, | 37914 | + switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE, |
38042 | + VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR | 37915 | + VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR |
38043 | + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); | 37916 | + + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE); |
@@ -40147,7 +40020,7 @@ index b0c3de9..fc5857e 100644 | |||
40147 | return -EIO; | 40020 | return -EIO; |
40148 | } | 40021 | } |
40149 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c | 40022 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c |
40150 | index 15ba8c4..3f56838 100644 | 40023 | index 54fd2ef..33c8a4f 100644 |
40151 | --- a/drivers/net/ethernet/realtek/r8169.c | 40024 | --- a/drivers/net/ethernet/realtek/r8169.c |
40152 | +++ b/drivers/net/ethernet/realtek/r8169.c | 40025 | +++ b/drivers/net/ethernet/realtek/r8169.c |
40153 | @@ -740,22 +740,22 @@ struct rtl8169_private { | 40026 | @@ -740,22 +740,22 @@ struct rtl8169_private { |
@@ -40290,10 +40163,23 @@ index 011062e..ada88e9 100644 | |||
40290 | }; | 40163 | }; |
40291 | 40164 | ||
40292 | diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c | 40165 | diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c |
40293 | index a449439..1e468fe 100644 | 40166 | index acf6450..8f771b7 100644 |
40294 | --- a/drivers/net/macvtap.c | 40167 | --- a/drivers/net/macvtap.c |
40295 | +++ b/drivers/net/macvtap.c | 40168 | +++ b/drivers/net/macvtap.c |
40296 | @@ -1090,7 +1090,7 @@ static int macvtap_device_event(struct notifier_block *unused, | 40169 | @@ -525,8 +525,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, |
40170 | return -EMSGSIZE; | ||
40171 | num_pages = get_user_pages_fast(base, size, 0, &page[i]); | ||
40172 | if (num_pages != size) { | ||
40173 | - for (i = 0; i < num_pages; i++) | ||
40174 | - put_page(page[i]); | ||
40175 | + int j; | ||
40176 | + | ||
40177 | + for (j = 0; j < num_pages; j++) | ||
40178 | + put_page(page[i + j]); | ||
40179 | return -EFAULT; | ||
40180 | } | ||
40181 | truesize = size * PAGE_SIZE; | ||
40182 | @@ -1099,7 +1101,7 @@ static int macvtap_device_event(struct notifier_block *unused, | ||
40297 | return NOTIFY_DONE; | 40183 | return NOTIFY_DONE; |
40298 | } | 40184 | } |
40299 | 40185 | ||
@@ -40350,7 +40236,7 @@ index 1252d9c..80e660b 100644 | |||
40350 | 40236 | ||
40351 | /* We've got a compressed packet; read the change byte */ | 40237 | /* We've got a compressed packet; read the change byte */ |
40352 | diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c | 40238 | diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c |
40353 | index bf34192..fba3500 100644 | 40239 | index 0017b67..ab8f595 100644 |
40354 | --- a/drivers/net/team/team.c | 40240 | --- a/drivers/net/team/team.c |
40355 | +++ b/drivers/net/team/team.c | 40241 | +++ b/drivers/net/team/team.c |
40356 | @@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused, | 40242 | @@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused, |
@@ -40363,10 +40249,23 @@ index bf34192..fba3500 100644 | |||
40363 | }; | 40249 | }; |
40364 | 40250 | ||
40365 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | 40251 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
40366 | index 755fa9e..631fdce 100644 | 40252 | index 8ad822e..eb895f1 100644 |
40367 | --- a/drivers/net/tun.c | 40253 | --- a/drivers/net/tun.c |
40368 | +++ b/drivers/net/tun.c | 40254 | +++ b/drivers/net/tun.c |
40369 | @@ -1841,7 +1841,7 @@ unlock: | 40255 | @@ -1013,8 +1013,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from, |
40256 | return -EMSGSIZE; | ||
40257 | num_pages = get_user_pages_fast(base, size, 0, &page[i]); | ||
40258 | if (num_pages != size) { | ||
40259 | - for (i = 0; i < num_pages; i++) | ||
40260 | - put_page(page[i]); | ||
40261 | + int j; | ||
40262 | + | ||
40263 | + for (j = 0; j < num_pages; j++) | ||
40264 | + put_page(page[i + j]); | ||
40265 | return -EFAULT; | ||
40266 | } | ||
40267 | truesize = size * PAGE_SIZE; | ||
40268 | @@ -1859,7 +1861,7 @@ unlock: | ||
40370 | } | 40269 | } |
40371 | 40270 | ||
40372 | static long __tun_chr_ioctl(struct file *file, unsigned int cmd, | 40271 | static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
@@ -40375,7 +40274,7 @@ index 755fa9e..631fdce 100644 | |||
40375 | { | 40274 | { |
40376 | struct tun_file *tfile = file->private_data; | 40275 | struct tun_file *tfile = file->private_data; |
40377 | struct tun_struct *tun; | 40276 | struct tun_struct *tun; |
40378 | @@ -1853,6 +1853,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, | 40277 | @@ -1871,6 +1873,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
40379 | int vnet_hdr_sz; | 40278 | int vnet_hdr_sz; |
40380 | int ret; | 40279 | int ret; |
40381 | 40280 | ||
@@ -40477,10 +40376,10 @@ index e2dd324..be92fcf 100644 | |||
40477 | hso_start_serial_device(serial_table[i], GFP_NOIO); | 40376 | hso_start_serial_device(serial_table[i], GFP_NOIO); |
40478 | hso_kick_transmit(dev2ser(serial_table[i])); | 40377 | hso_kick_transmit(dev2ser(serial_table[i])); |
40479 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c | 40378 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c |
40480 | index 7cee7a3..1eb9f3b 100644 | 40379 | index a4fe5f1..6c9e77f 100644 |
40481 | --- a/drivers/net/vxlan.c | 40380 | --- a/drivers/net/vxlan.c |
40482 | +++ b/drivers/net/vxlan.c | 40381 | +++ b/drivers/net/vxlan.c |
40483 | @@ -1443,7 +1443,7 @@ nla_put_failure: | 40382 | @@ -1454,7 +1454,7 @@ nla_put_failure: |
40484 | return -EMSGSIZE; | 40383 | return -EMSGSIZE; |
40485 | } | 40384 | } |
40486 | 40385 | ||
@@ -40489,6 +40388,62 @@ index 7cee7a3..1eb9f3b 100644 | |||
40489 | .kind = "vxlan", | 40388 | .kind = "vxlan", |
40490 | .maxtype = IFLA_VXLAN_MAX, | 40389 | .maxtype = IFLA_VXLAN_MAX, |
40491 | .policy = vxlan_policy, | 40390 | .policy = vxlan_policy, |
40391 | diff --git a/drivers/net/wan/dlci.c b/drivers/net/wan/dlci.c | ||
40392 | index 147614e..6a8a382 100644 | ||
40393 | --- a/drivers/net/wan/dlci.c | ||
40394 | +++ b/drivers/net/wan/dlci.c | ||
40395 | @@ -384,21 +384,37 @@ static int dlci_del(struct dlci_add *dlci) | ||
40396 | struct frad_local *flp; | ||
40397 | struct net_device *master, *slave; | ||
40398 | int err; | ||
40399 | + bool found = false; | ||
40400 | + | ||
40401 | + rtnl_lock(); | ||
40402 | |||
40403 | /* validate slave device */ | ||
40404 | master = __dev_get_by_name(&init_net, dlci->devname); | ||
40405 | - if (!master) | ||
40406 | - return -ENODEV; | ||
40407 | + if (!master) { | ||
40408 | + err = -ENODEV; | ||
40409 | + goto out; | ||
40410 | + } | ||
40411 | + | ||
40412 | + list_for_each_entry(dlp, &dlci_devs, list) { | ||
40413 | + if (dlp->master == master) { | ||
40414 | + found = true; | ||
40415 | + break; | ||
40416 | + } | ||
40417 | + } | ||
40418 | + if (!found) { | ||
40419 | + err = -ENODEV; | ||
40420 | + goto out; | ||
40421 | + } | ||
40422 | |||
40423 | if (netif_running(master)) { | ||
40424 | - return -EBUSY; | ||
40425 | + err = -EBUSY; | ||
40426 | + goto out; | ||
40427 | } | ||
40428 | |||
40429 | dlp = netdev_priv(master); | ||
40430 | slave = dlp->slave; | ||
40431 | flp = netdev_priv(slave); | ||
40432 | |||
40433 | - rtnl_lock(); | ||
40434 | err = (*flp->deassoc)(slave, master); | ||
40435 | if (!err) { | ||
40436 | list_del(&dlp->list); | ||
40437 | @@ -407,8 +423,8 @@ static int dlci_del(struct dlci_add *dlci) | ||
40438 | |||
40439 | dev_put(slave); | ||
40440 | } | ||
40441 | +out: | ||
40442 | rtnl_unlock(); | ||
40443 | - | ||
40444 | return err; | ||
40445 | } | ||
40446 | |||
40492 | diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c | 40447 | diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c |
40493 | index 5ac5f7a..5f82012 100644 | 40448 | index 5ac5f7a..5f82012 100644 |
40494 | --- a/drivers/net/wireless/at76c50x-usb.c | 40449 | --- a/drivers/net/wireless/at76c50x-usb.c |
@@ -43581,10 +43536,10 @@ index 1f8cba6..47b06c2 100644 | |||
43581 | } | 43536 | } |
43582 | EXPORT_SYMBOL_GPL(n_tty_inherit_ops); | 43537 | EXPORT_SYMBOL_GPL(n_tty_inherit_ops); |
43583 | diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c | 43538 | diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c |
43584 | index 125e0fd..8c50690 100644 | 43539 | index 74a5e8b..40c36a7 100644 |
43585 | --- a/drivers/tty/pty.c | 43540 | --- a/drivers/tty/pty.c |
43586 | +++ b/drivers/tty/pty.c | 43541 | +++ b/drivers/tty/pty.c |
43587 | @@ -800,8 +800,10 @@ static void __init unix98_pty_init(void) | 43542 | @@ -797,8 +797,10 @@ static void __init unix98_pty_init(void) |
43588 | panic("Couldn't register Unix98 pts driver"); | 43543 | panic("Couldn't register Unix98 pts driver"); |
43589 | 43544 | ||
43590 | /* Now create the /dev/ptmx special device */ | 43545 | /* Now create the /dev/ptmx special device */ |
@@ -44398,7 +44353,7 @@ index a9af1b9a..1e08e7f 100644 | |||
44398 | ret = -EPERM; | 44353 | ret = -EPERM; |
44399 | goto reterr; | 44354 | goto reterr; |
44400 | diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c | 44355 | diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c |
44401 | index c8b9262..7e824e6 100644 | 44356 | index b645c47..a55c182 100644 |
44402 | --- a/drivers/uio/uio.c | 44357 | --- a/drivers/uio/uio.c |
44403 | +++ b/drivers/uio/uio.c | 44358 | +++ b/drivers/uio/uio.c |
44404 | @@ -25,6 +25,7 @@ | 44359 | @@ -25,6 +25,7 @@ |
@@ -44431,7 +44386,7 @@ index c8b9262..7e824e6 100644 | |||
44431 | } | 44386 | } |
44432 | 44387 | ||
44433 | static struct device_attribute uio_class_attributes[] = { | 44388 | static struct device_attribute uio_class_attributes[] = { |
44434 | @@ -397,7 +398,7 @@ void uio_event_notify(struct uio_info *info) | 44389 | @@ -398,7 +399,7 @@ void uio_event_notify(struct uio_info *info) |
44435 | { | 44390 | { |
44436 | struct uio_device *idev = info->uio_dev; | 44391 | struct uio_device *idev = info->uio_dev; |
44437 | 44392 | ||
@@ -44440,7 +44395,7 @@ index c8b9262..7e824e6 100644 | |||
44440 | wake_up_interruptible(&idev->wait); | 44395 | wake_up_interruptible(&idev->wait); |
44441 | kill_fasync(&idev->async_queue, SIGIO, POLL_IN); | 44396 | kill_fasync(&idev->async_queue, SIGIO, POLL_IN); |
44442 | } | 44397 | } |
44443 | @@ -450,7 +451,7 @@ static int uio_open(struct inode *inode, struct file *filep) | 44398 | @@ -451,7 +452,7 @@ static int uio_open(struct inode *inode, struct file *filep) |
44444 | } | 44399 | } |
44445 | 44400 | ||
44446 | listener->dev = idev; | 44401 | listener->dev = idev; |
@@ -44449,7 +44404,7 @@ index c8b9262..7e824e6 100644 | |||
44449 | filep->private_data = listener; | 44404 | filep->private_data = listener; |
44450 | 44405 | ||
44451 | if (idev->info->open) { | 44406 | if (idev->info->open) { |
44452 | @@ -501,7 +502,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) | 44407 | @@ -502,7 +503,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) |
44453 | return -EIO; | 44408 | return -EIO; |
44454 | 44409 | ||
44455 | poll_wait(filep, &idev->wait, wait); | 44410 | poll_wait(filep, &idev->wait, wait); |
@@ -44458,7 +44413,7 @@ index c8b9262..7e824e6 100644 | |||
44458 | return POLLIN | POLLRDNORM; | 44413 | return POLLIN | POLLRDNORM; |
44459 | return 0; | 44414 | return 0; |
44460 | } | 44415 | } |
44461 | @@ -526,7 +527,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, | 44416 | @@ -527,7 +528,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, |
44462 | do { | 44417 | do { |
44463 | set_current_state(TASK_INTERRUPTIBLE); | 44418 | set_current_state(TASK_INTERRUPTIBLE); |
44464 | 44419 | ||
@@ -44467,7 +44422,7 @@ index c8b9262..7e824e6 100644 | |||
44467 | if (event_count != listener->event_count) { | 44422 | if (event_count != listener->event_count) { |
44468 | if (copy_to_user(buf, &event_count, count)) | 44423 | if (copy_to_user(buf, &event_count, count)) |
44469 | retval = -EFAULT; | 44424 | retval = -EFAULT; |
44470 | @@ -595,13 +596,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) | 44425 | @@ -596,13 +597,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) |
44471 | static void uio_vma_open(struct vm_area_struct *vma) | 44426 | static void uio_vma_open(struct vm_area_struct *vma) |
44472 | { | 44427 | { |
44473 | struct uio_device *idev = vma->vm_private_data; | 44428 | struct uio_device *idev = vma->vm_private_data; |
@@ -44483,7 +44438,7 @@ index c8b9262..7e824e6 100644 | |||
44483 | } | 44438 | } |
44484 | 44439 | ||
44485 | static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) | 44440 | static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) |
44486 | @@ -808,7 +809,7 @@ int __uio_register_device(struct module *owner, | 44441 | @@ -809,7 +810,7 @@ int __uio_register_device(struct module *owner, |
44487 | idev->owner = owner; | 44442 | idev->owner = owner; |
44488 | idev->info = info; | 44443 | idev->info = info; |
44489 | init_waitqueue_head(&idev->wait); | 44444 | init_waitqueue_head(&idev->wait); |
@@ -57045,7 +57000,7 @@ index ca9ecaa..60100c7 100644 | |||
57045 | kfree(s); | 57000 | kfree(s); |
57046 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig | 57001 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
57047 | new file mode 100644 | 57002 | new file mode 100644 |
57048 | index 0000000..ba9c5e3 | 57003 | index 0000000..4fb1dde |
57049 | --- /dev/null | 57004 | --- /dev/null |
57050 | +++ b/grsecurity/Kconfig | 57005 | +++ b/grsecurity/Kconfig |
57051 | @@ -0,0 +1,1053 @@ | 57006 | @@ -0,0 +1,1053 @@ |
@@ -57156,7 +57111,7 @@ index 0000000..ba9c5e3 | |||
57156 | +config GRKERNSEC_RAND_THREADSTACK | 57111 | +config GRKERNSEC_RAND_THREADSTACK |
57157 | + bool "Insert random gaps between thread stacks" | 57112 | + bool "Insert random gaps between thread stacks" |
57158 | + default y if GRKERNSEC_CONFIG_AUTO | 57113 | + default y if GRKERNSEC_CONFIG_AUTO |
57159 | + depends on PAX_RANDMMAP && !PPC && BROKEN | 57114 | + depends on PAX_RANDMMAP && !PPC |
57160 | + help | 57115 | + help |
57161 | + If you say Y here, a random-sized gap will be enforced between allocated | 57116 | + If you say Y here, a random-sized gap will be enforced between allocated |
57162 | + thread stacks. Glibc's NPTL and other threading libraries that | 57117 | + thread stacks. Glibc's NPTL and other threading libraries that |
@@ -70255,7 +70210,7 @@ index b8ba855..0148090 100644 | |||
70255 | u32 remainder; | 70210 | u32 remainder; |
70256 | return div_u64_rem(dividend, divisor, &remainder); | 70211 | return div_u64_rem(dividend, divisor, &remainder); |
70257 | diff --git a/include/linux/mm.h b/include/linux/mm.h | 70212 | diff --git a/include/linux/mm.h b/include/linux/mm.h |
70258 | index e2091b8..821db54 100644 | 70213 | index e2091b8..3c7b38c 100644 |
70259 | --- a/include/linux/mm.h | 70214 | --- a/include/linux/mm.h |
70260 | +++ b/include/linux/mm.h | 70215 | +++ b/include/linux/mm.h |
70261 | @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); | 70216 | @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); |
@@ -70428,14 +70383,29 @@ index e2091b8..821db54 100644 | |||
70428 | 70383 | ||
70429 | #ifdef CONFIG_MMU | 70384 | #ifdef CONFIG_MMU |
70430 | extern int __mm_populate(unsigned long addr, unsigned long len, | 70385 | extern int __mm_populate(unsigned long addr, unsigned long len, |
70431 | @@ -1483,6 +1497,7 @@ struct vm_unmapped_area_info { | 70386 | @@ -1483,10 +1497,11 @@ struct vm_unmapped_area_info { |
70432 | unsigned long high_limit; | 70387 | unsigned long high_limit; |
70433 | unsigned long align_mask; | 70388 | unsigned long align_mask; |
70434 | unsigned long align_offset; | 70389 | unsigned long align_offset; |
70435 | + unsigned long threadstack_offset; | 70390 | + unsigned long threadstack_offset; |
70436 | }; | 70391 | }; |
70437 | 70392 | ||
70438 | extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); | 70393 | -extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); |
70394 | -extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); | ||
70395 | +extern unsigned long unmapped_area(const struct vm_unmapped_area_info *info); | ||
70396 | +extern unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info); | ||
70397 | |||
70398 | /* | ||
70399 | * Search for an unmapped address range. | ||
70400 | @@ -1498,7 +1513,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info); | ||
70401 | * - satisfies (begin_addr & align_mask) == (align_offset & align_mask) | ||
70402 | */ | ||
70403 | static inline unsigned long | ||
70404 | -vm_unmapped_area(struct vm_unmapped_area_info *info) | ||
70405 | +vm_unmapped_area(const struct vm_unmapped_area_info *info) | ||
70406 | { | ||
70407 | if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN)) | ||
70408 | return unmapped_area(info); | ||
70439 | @@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add | 70409 | @@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add |
70440 | extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, | 70410 | extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, |
70441 | struct vm_area_struct **pprev); | 70411 | struct vm_area_struct **pprev); |
@@ -70968,7 +70938,7 @@ index 45fc162..01a4068 100644 | |||
70968 | /** | 70938 | /** |
70969 | * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot | 70939 | * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot |
70970 | diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h | 70940 | diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h |
70971 | index 1d795df..b0a6449 100644 | 70941 | index 2f522a3..494e45f 100644 |
70972 | --- a/include/linux/perf_event.h | 70942 | --- a/include/linux/perf_event.h |
70973 | +++ b/include/linux/perf_event.h | 70943 | +++ b/include/linux/perf_event.h |
70974 | @@ -333,8 +333,8 @@ struct perf_event { | 70944 | @@ -333,8 +333,8 @@ struct perf_event { |
@@ -70993,7 +70963,7 @@ index 1d795df..b0a6449 100644 | |||
70993 | 70963 | ||
70994 | /* | 70964 | /* |
70995 | * Protect attach/detach and child_list: | 70965 | * Protect attach/detach and child_list: |
70996 | @@ -704,7 +704,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 | 70966 | @@ -703,7 +703,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 |
70997 | entry->ip[entry->nr++] = ip; | 70967 | entry->ip[entry->nr++] = ip; |
70998 | } | 70968 | } |
70999 | 70969 | ||
@@ -71002,7 +70972,7 @@ index 1d795df..b0a6449 100644 | |||
71002 | extern int sysctl_perf_event_mlock; | 70972 | extern int sysctl_perf_event_mlock; |
71003 | extern int sysctl_perf_event_sample_rate; | 70973 | extern int sysctl_perf_event_sample_rate; |
71004 | 70974 | ||
71005 | @@ -712,19 +712,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, | 70975 | @@ -711,19 +711,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, |
71006 | void __user *buffer, size_t *lenp, | 70976 | void __user *buffer, size_t *lenp, |
71007 | loff_t *ppos); | 70977 | loff_t *ppos); |
71008 | 70978 | ||
@@ -71030,7 +71000,7 @@ index 1d795df..b0a6449 100644 | |||
71030 | } | 71000 | } |
71031 | 71001 | ||
71032 | extern void perf_event_init(void); | 71002 | extern void perf_event_init(void); |
71033 | @@ -812,7 +817,7 @@ static inline void perf_restore_debug_store(void) { } | 71003 | @@ -811,7 +816,7 @@ static inline void perf_restore_debug_store(void) { } |
71034 | */ | 71004 | */ |
71035 | #define perf_cpu_notifier(fn) \ | 71005 | #define perf_cpu_notifier(fn) \ |
71036 | do { \ | 71006 | do { \ |
@@ -71039,7 +71009,7 @@ index 1d795df..b0a6449 100644 | |||
71039 | { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ | 71009 | { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ |
71040 | unsigned long cpu = smp_processor_id(); \ | 71010 | unsigned long cpu = smp_processor_id(); \ |
71041 | unsigned long flags; \ | 71011 | unsigned long flags; \ |
71042 | @@ -831,7 +836,7 @@ do { \ | 71012 | @@ -830,7 +835,7 @@ do { \ |
71043 | struct perf_pmu_events_attr { | 71013 | struct perf_pmu_events_attr { |
71044 | struct device_attribute attr; | 71014 | struct device_attribute attr; |
71045 | u64 id; | 71015 | u64 id; |
@@ -71702,7 +71672,7 @@ index 429c199..4d42e38 100644 | |||
71702 | 71672 | ||
71703 | /* shm_mode upper byte flags */ | 71673 | /* shm_mode upper byte flags */ |
71704 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h | 71674 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
71705 | index b8292d8..96db310 100644 | 71675 | index 1f2803c..4858a3d 100644 |
71706 | --- a/include/linux/skbuff.h | 71676 | --- a/include/linux/skbuff.h |
71707 | +++ b/include/linux/skbuff.h | 71677 | +++ b/include/linux/skbuff.h |
71708 | @@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, | 71678 | @@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, |
@@ -72023,20 +71993,6 @@ index e8d702e..0a56eb4 100644 | |||
72023 | 71993 | ||
72024 | int sock_diag_register(const struct sock_diag_handler *h); | 71994 | int sock_diag_register(const struct sock_diag_handler *h); |
72025 | void sock_diag_unregister(const struct sock_diag_handler *h); | 71995 | void sock_diag_unregister(const struct sock_diag_handler *h); |
72026 | diff --git a/include/linux/socket.h b/include/linux/socket.h | ||
72027 | index 2b9f74b..e897bdc 100644 | ||
72028 | --- a/include/linux/socket.h | ||
72029 | +++ b/include/linux/socket.h | ||
72030 | @@ -321,6 +321,9 @@ extern int put_cmsg(struct msghdr*, int level, int type, int len, void *data); | ||
72031 | |||
72032 | struct timespec; | ||
72033 | |||
72034 | +/* The __sys_...msg variants allow MSG_CMSG_COMPAT */ | ||
72035 | +extern long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags); | ||
72036 | +extern long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags); | ||
72037 | extern int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
72038 | unsigned int flags, struct timespec *timeout); | ||
72039 | extern int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, | ||
72040 | diff --git a/include/linux/sonet.h b/include/linux/sonet.h | 71996 | diff --git a/include/linux/sonet.h b/include/linux/sonet.h |
72041 | index 680f9a3..f13aeb0 100644 | 71997 | index 680f9a3..f13aeb0 100644 |
72042 | --- a/include/linux/sonet.h | 71998 | --- a/include/linux/sonet.h |
@@ -75189,7 +75145,7 @@ index 00eb8f7..d7e3244 100644 | |||
75189 | #ifdef CONFIG_MODULE_UNLOAD | 75145 | #ifdef CONFIG_MODULE_UNLOAD |
75190 | { | 75146 | { |
75191 | diff --git a/kernel/events/core.c b/kernel/events/core.c | 75147 | diff --git a/kernel/events/core.c b/kernel/events/core.c |
75192 | index 9fcb094..353baaaf 100644 | 75148 | index f8ddcfb..77c06ec 100644 |
75193 | --- a/kernel/events/core.c | 75149 | --- a/kernel/events/core.c |
75194 | +++ b/kernel/events/core.c | 75150 | +++ b/kernel/events/core.c |
75195 | @@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu; | 75151 | @@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu; |
@@ -75218,7 +75174,7 @@ index 9fcb094..353baaaf 100644 | |||
75218 | 75174 | ||
75219 | static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, | 75175 | static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, |
75220 | enum event_type_t event_type); | 75176 | enum event_type_t event_type); |
75221 | @@ -2677,7 +2684,7 @@ static void __perf_event_read(void *info) | 75177 | @@ -2674,7 +2681,7 @@ static void __perf_event_read(void *info) |
75222 | 75178 | ||
75223 | static inline u64 perf_event_count(struct perf_event *event) | 75179 | static inline u64 perf_event_count(struct perf_event *event) |
75224 | { | 75180 | { |
@@ -75227,7 +75183,7 @@ index 9fcb094..353baaaf 100644 | |||
75227 | } | 75183 | } |
75228 | 75184 | ||
75229 | static u64 perf_event_read(struct perf_event *event) | 75185 | static u64 perf_event_read(struct perf_event *event) |
75230 | @@ -3007,9 +3014,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) | 75186 | @@ -3020,9 +3027,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) |
75231 | mutex_lock(&event->child_mutex); | 75187 | mutex_lock(&event->child_mutex); |
75232 | total += perf_event_read(event); | 75188 | total += perf_event_read(event); |
75233 | *enabled += event->total_time_enabled + | 75189 | *enabled += event->total_time_enabled + |
@@ -75239,7 +75195,7 @@ index 9fcb094..353baaaf 100644 | |||
75239 | 75195 | ||
75240 | list_for_each_entry(child, &event->child_list, child_list) { | 75196 | list_for_each_entry(child, &event->child_list, child_list) { |
75241 | total += perf_event_read(child); | 75197 | total += perf_event_read(child); |
75242 | @@ -3412,10 +3419,10 @@ void perf_event_update_userpage(struct perf_event *event) | 75198 | @@ -3408,10 +3415,10 @@ void perf_event_update_userpage(struct perf_event *event) |
75243 | userpg->offset -= local64_read(&event->hw.prev_count); | 75199 | userpg->offset -= local64_read(&event->hw.prev_count); |
75244 | 75200 | ||
75245 | userpg->time_enabled = enabled + | 75201 | userpg->time_enabled = enabled + |
@@ -75252,7 +75208,7 @@ index 9fcb094..353baaaf 100644 | |||
75252 | 75208 | ||
75253 | arch_perf_update_userpage(userpg, now); | 75209 | arch_perf_update_userpage(userpg, now); |
75254 | 75210 | ||
75255 | @@ -3886,7 +3893,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, | 75211 | @@ -3961,7 +3968,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size, |
75256 | 75212 | ||
75257 | /* Data. */ | 75213 | /* Data. */ |
75258 | sp = perf_user_stack_pointer(regs); | 75214 | sp = perf_user_stack_pointer(regs); |
@@ -75261,7 +75217,7 @@ index 9fcb094..353baaaf 100644 | |||
75261 | dyn_size = dump_size - rem; | 75217 | dyn_size = dump_size - rem; |
75262 | 75218 | ||
75263 | perf_output_skip(handle, rem); | 75219 | perf_output_skip(handle, rem); |
75264 | @@ -3974,11 +3981,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, | 75220 | @@ -4049,11 +4056,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, |
75265 | values[n++] = perf_event_count(event); | 75221 | values[n++] = perf_event_count(event); |
75266 | if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { | 75222 | if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { |
75267 | values[n++] = enabled + | 75223 | values[n++] = enabled + |
@@ -75275,7 +75231,7 @@ index 9fcb094..353baaaf 100644 | |||
75275 | } | 75231 | } |
75276 | if (read_format & PERF_FORMAT_ID) | 75232 | if (read_format & PERF_FORMAT_ID) |
75277 | values[n++] = primary_event_id(event); | 75233 | values[n++] = primary_event_id(event); |
75278 | @@ -4726,12 +4733,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) | 75234 | @@ -4801,12 +4808,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) |
75279 | * need to add enough zero bytes after the string to handle | 75235 | * need to add enough zero bytes after the string to handle |
75280 | * the 64bit alignment we do later. | 75236 | * the 64bit alignment we do later. |
75281 | */ | 75237 | */ |
@@ -75290,7 +75246,7 @@ index 9fcb094..353baaaf 100644 | |||
75290 | if (IS_ERR(name)) { | 75246 | if (IS_ERR(name)) { |
75291 | name = strncpy(tmp, "//toolong", sizeof(tmp)); | 75247 | name = strncpy(tmp, "//toolong", sizeof(tmp)); |
75292 | goto got_name; | 75248 | goto got_name; |
75293 | @@ -6167,7 +6174,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, | 75249 | @@ -6242,7 +6249,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, |
75294 | event->parent = parent_event; | 75250 | event->parent = parent_event; |
75295 | 75251 | ||
75296 | event->ns = get_pid_ns(task_active_pid_ns(current)); | 75252 | event->ns = get_pid_ns(task_active_pid_ns(current)); |
@@ -75299,7 +75255,7 @@ index 9fcb094..353baaaf 100644 | |||
75299 | 75255 | ||
75300 | event->state = PERF_EVENT_STATE_INACTIVE; | 75256 | event->state = PERF_EVENT_STATE_INACTIVE; |
75301 | 75257 | ||
75302 | @@ -6463,6 +6470,11 @@ SYSCALL_DEFINE5(perf_event_open, | 75258 | @@ -6552,6 +6559,11 @@ SYSCALL_DEFINE5(perf_event_open, |
75303 | if (flags & ~PERF_FLAG_ALL) | 75259 | if (flags & ~PERF_FLAG_ALL) |
75304 | return -EINVAL; | 75260 | return -EINVAL; |
75305 | 75261 | ||
@@ -75311,7 +75267,7 @@ index 9fcb094..353baaaf 100644 | |||
75311 | err = perf_copy_attr(attr_uptr, &attr); | 75267 | err = perf_copy_attr(attr_uptr, &attr); |
75312 | if (err) | 75268 | if (err) |
75313 | return err; | 75269 | return err; |
75314 | @@ -6795,10 +6807,10 @@ static void sync_child_event(struct perf_event *child_event, | 75270 | @@ -6884,10 +6896,10 @@ static void sync_child_event(struct perf_event *child_event, |
75315 | /* | 75271 | /* |
75316 | * Add back the child's count to the parent's count: | 75272 | * Add back the child's count to the parent's count: |
75317 | */ | 75273 | */ |
@@ -75326,10 +75282,10 @@ index 9fcb094..353baaaf 100644 | |||
75326 | 75282 | ||
75327 | /* | 75283 | /* |
75328 | diff --git a/kernel/events/internal.h b/kernel/events/internal.h | 75284 | diff --git a/kernel/events/internal.h b/kernel/events/internal.h |
75329 | index eb675c4..54912ff 100644 | 75285 | index ca65997..cc8cee4 100644 |
75330 | --- a/kernel/events/internal.h | 75286 | --- a/kernel/events/internal.h |
75331 | +++ b/kernel/events/internal.h | 75287 | +++ b/kernel/events/internal.h |
75332 | @@ -77,10 +77,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) | 75288 | @@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) |
75333 | return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); | 75289 | return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); |
75334 | } | 75290 | } |
75335 | 75291 | ||
@@ -75342,7 +75298,7 @@ index eb675c4..54912ff 100644 | |||
75342 | { \ | 75298 | { \ |
75343 | unsigned long size, written; \ | 75299 | unsigned long size, written; \ |
75344 | \ | 75300 | \ |
75345 | @@ -112,17 +112,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n) | 75301 | @@ -116,17 +116,17 @@ static inline int memcpy_common(void *dst, const void *src, size_t n) |
75346 | return n; | 75302 | return n; |
75347 | } | 75303 | } |
75348 | 75304 | ||
@@ -82244,7 +82200,7 @@ index 79b7cf7..9944291 100644 | |||
82244 | capable(CAP_IPC_LOCK)) | 82200 | capable(CAP_IPC_LOCK)) |
82245 | ret = do_mlockall(flags); | 82201 | ret = do_mlockall(flags); |
82246 | diff --git a/mm/mmap.c b/mm/mmap.c | 82202 | diff --git a/mm/mmap.c b/mm/mmap.c |
82247 | index 0dceed8..e7cfc40 100644 | 82203 | index 0dceed8..bfcaf45 100644 |
82248 | --- a/mm/mmap.c | 82204 | --- a/mm/mmap.c |
82249 | +++ b/mm/mmap.c | 82205 | +++ b/mm/mmap.c |
82250 | @@ -33,6 +33,7 @@ | 82206 | @@ -33,6 +33,7 @@ |
@@ -82645,10 +82601,11 @@ index 0dceed8..e7cfc40 100644 | |||
82645 | kmem_cache_free(vm_area_cachep, vma); | 82601 | kmem_cache_free(vm_area_cachep, vma); |
82646 | unacct_error: | 82602 | unacct_error: |
82647 | if (charged) | 82603 | if (charged) |
82648 | @@ -1584,6 +1744,62 @@ unacct_error: | 82604 | @@ -1584,7 +1744,63 @@ unacct_error: |
82649 | return error; | 82605 | return error; |
82650 | } | 82606 | } |
82651 | 82607 | ||
82608 | -unsigned long unmapped_area(struct vm_unmapped_area_info *info) | ||
82652 | +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK | 82609 | +#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK |
82653 | +unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) | 82610 | +unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) |
82654 | +{ | 82611 | +{ |
@@ -82705,10 +82662,76 @@ index 0dceed8..e7cfc40 100644 | |||
82705 | + return -ENOMEM; | 82662 | + return -ENOMEM; |
82706 | +} | 82663 | +} |
82707 | + | 82664 | + |
82708 | unsigned long unmapped_area(struct vm_unmapped_area_info *info) | 82665 | +unsigned long unmapped_area(const struct vm_unmapped_area_info *info) |
82709 | { | 82666 | { |
82710 | /* | 82667 | /* |
82711 | @@ -1803,6 +2019,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, | 82668 | * We implement the search by looking for an rbtree node that |
82669 | @@ -1632,11 +1848,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) | ||
82670 | } | ||
82671 | } | ||
82672 | |||
82673 | - gap_start = vma->vm_prev ? vma->vm_prev->vm_end : 0; | ||
82674 | + gap_start = vma->vm_prev ? vma->vm_prev->vm_end: 0; | ||
82675 | check_current: | ||
82676 | /* Check if current node has a suitable gap */ | ||
82677 | if (gap_start > high_limit) | ||
82678 | return -ENOMEM; | ||
82679 | + | ||
82680 | + if (gap_end - gap_start > info->threadstack_offset) | ||
82681 | + gap_start += info->threadstack_offset; | ||
82682 | + else | ||
82683 | + gap_start = gap_end; | ||
82684 | + | ||
82685 | + if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) { | ||
82686 | + if (gap_end - gap_start > sysctl_heap_stack_gap) | ||
82687 | + gap_start += sysctl_heap_stack_gap; | ||
82688 | + else | ||
82689 | + gap_start = gap_end; | ||
82690 | + } | ||
82691 | + if (vma->vm_flags & VM_GROWSDOWN) { | ||
82692 | + if (gap_end - gap_start > sysctl_heap_stack_gap) | ||
82693 | + gap_end -= sysctl_heap_stack_gap; | ||
82694 | + else | ||
82695 | + gap_end = gap_start; | ||
82696 | + } | ||
82697 | if (gap_end >= low_limit && gap_end - gap_start >= length) | ||
82698 | goto found; | ||
82699 | |||
82700 | @@ -1686,7 +1920,7 @@ found: | ||
82701 | return gap_start; | ||
82702 | } | ||
82703 | |||
82704 | -unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info) | ||
82705 | +unsigned long unmapped_area_topdown(const struct vm_unmapped_area_info *info) | ||
82706 | { | ||
82707 | struct mm_struct *mm = current->mm; | ||
82708 | struct vm_area_struct *vma; | ||
82709 | @@ -1740,6 +1974,24 @@ check_current: | ||
82710 | gap_end = vma->vm_start; | ||
82711 | if (gap_end < low_limit) | ||
82712 | return -ENOMEM; | ||
82713 | + | ||
82714 | + if (gap_end - gap_start > info->threadstack_offset) | ||
82715 | + gap_end -= info->threadstack_offset; | ||
82716 | + else | ||
82717 | + gap_end = gap_start; | ||
82718 | + | ||
82719 | + if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) { | ||
82720 | + if (gap_end - gap_start > sysctl_heap_stack_gap) | ||
82721 | + gap_start += sysctl_heap_stack_gap; | ||
82722 | + else | ||
82723 | + gap_start = gap_end; | ||
82724 | + } | ||
82725 | + if (vma->vm_flags & VM_GROWSDOWN) { | ||
82726 | + if (gap_end - gap_start > sysctl_heap_stack_gap) | ||
82727 | + gap_end -= sysctl_heap_stack_gap; | ||
82728 | + else | ||
82729 | + gap_end = gap_start; | ||
82730 | + } | ||
82731 | if (gap_start <= high_limit && gap_end - gap_start >= length) | ||
82732 | goto found; | ||
82733 | |||
82734 | @@ -1803,6 +2055,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, | ||
82712 | struct mm_struct *mm = current->mm; | 82735 | struct mm_struct *mm = current->mm; |
82713 | struct vm_area_struct *vma; | 82736 | struct vm_area_struct *vma; |
82714 | struct vm_unmapped_area_info info; | 82737 | struct vm_unmapped_area_info info; |
@@ -82716,7 +82739,7 @@ index 0dceed8..e7cfc40 100644 | |||
82716 | 82739 | ||
82717 | if (len > TASK_SIZE) | 82740 | if (len > TASK_SIZE) |
82718 | return -ENOMEM; | 82741 | return -ENOMEM; |
82719 | @@ -1810,29 +2027,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, | 82742 | @@ -1810,29 +2063,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, |
82720 | if (flags & MAP_FIXED) | 82743 | if (flags & MAP_FIXED) |
82721 | return addr; | 82744 | return addr; |
82722 | 82745 | ||
@@ -82765,7 +82788,7 @@ index 0dceed8..e7cfc40 100644 | |||
82765 | mm->free_area_cache = addr; | 82788 | mm->free_area_cache = addr; |
82766 | } | 82789 | } |
82767 | 82790 | ||
82768 | @@ -1850,6 +2083,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 82791 | @@ -1850,6 +2119,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
82769 | struct mm_struct *mm = current->mm; | 82792 | struct mm_struct *mm = current->mm; |
82770 | unsigned long addr = addr0; | 82793 | unsigned long addr = addr0; |
82771 | struct vm_unmapped_area_info info; | 82794 | struct vm_unmapped_area_info info; |
@@ -82773,7 +82796,7 @@ index 0dceed8..e7cfc40 100644 | |||
82773 | 82796 | ||
82774 | /* requested length too big for entire address space */ | 82797 | /* requested length too big for entire address space */ |
82775 | if (len > TASK_SIZE) | 82798 | if (len > TASK_SIZE) |
82776 | @@ -1858,12 +2092,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 82799 | @@ -1858,12 +2128,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
82777 | if (flags & MAP_FIXED) | 82800 | if (flags & MAP_FIXED) |
82778 | return addr; | 82801 | return addr; |
82779 | 82802 | ||
@@ -82791,7 +82814,7 @@ index 0dceed8..e7cfc40 100644 | |||
82791 | return addr; | 82814 | return addr; |
82792 | } | 82815 | } |
82793 | 82816 | ||
82794 | @@ -1872,6 +2109,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 82817 | @@ -1872,6 +2145,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
82795 | info.low_limit = PAGE_SIZE; | 82818 | info.low_limit = PAGE_SIZE; |
82796 | info.high_limit = mm->mmap_base; | 82819 | info.high_limit = mm->mmap_base; |
82797 | info.align_mask = 0; | 82820 | info.align_mask = 0; |
@@ -82799,7 +82822,7 @@ index 0dceed8..e7cfc40 100644 | |||
82799 | addr = vm_unmapped_area(&info); | 82822 | addr = vm_unmapped_area(&info); |
82800 | 82823 | ||
82801 | /* | 82824 | /* |
82802 | @@ -1884,6 +2122,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 82825 | @@ -1884,6 +2158,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
82803 | VM_BUG_ON(addr != -ENOMEM); | 82826 | VM_BUG_ON(addr != -ENOMEM); |
82804 | info.flags = 0; | 82827 | info.flags = 0; |
82805 | info.low_limit = TASK_UNMAPPED_BASE; | 82828 | info.low_limit = TASK_UNMAPPED_BASE; |
@@ -82812,7 +82835,7 @@ index 0dceed8..e7cfc40 100644 | |||
82812 | info.high_limit = TASK_SIZE; | 82835 | info.high_limit = TASK_SIZE; |
82813 | addr = vm_unmapped_area(&info); | 82836 | addr = vm_unmapped_area(&info); |
82814 | } | 82837 | } |
82815 | @@ -1894,6 +2138,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 82838 | @@ -1894,6 +2174,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, |
82816 | 82839 | ||
82817 | void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) | 82840 | void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) |
82818 | { | 82841 | { |
@@ -82825,7 +82848,7 @@ index 0dceed8..e7cfc40 100644 | |||
82825 | /* | 82848 | /* |
82826 | * Is this a new hole at the highest possible address? | 82849 | * Is this a new hole at the highest possible address? |
82827 | */ | 82850 | */ |
82828 | @@ -1901,8 +2151,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) | 82851 | @@ -1901,8 +2187,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) |
82829 | mm->free_area_cache = addr; | 82852 | mm->free_area_cache = addr; |
82830 | 82853 | ||
82831 | /* dont allow allocations above current base */ | 82854 | /* dont allow allocations above current base */ |
@@ -82837,7 +82860,7 @@ index 0dceed8..e7cfc40 100644 | |||
82837 | } | 82860 | } |
82838 | 82861 | ||
82839 | unsigned long | 82862 | unsigned long |
82840 | @@ -2001,6 +2253,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, | 82863 | @@ -2001,6 +2289,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, |
82841 | return vma; | 82864 | return vma; |
82842 | } | 82865 | } |
82843 | 82866 | ||
@@ -82866,7 +82889,7 @@ index 0dceed8..e7cfc40 100644 | |||
82866 | /* | 82889 | /* |
82867 | * Verify that the stack growth is acceptable and | 82890 | * Verify that the stack growth is acceptable and |
82868 | * update accounting. This is shared with both the | 82891 | * update accounting. This is shared with both the |
82869 | @@ -2017,6 +2291,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | 82892 | @@ -2017,6 +2327,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
82870 | return -ENOMEM; | 82893 | return -ENOMEM; |
82871 | 82894 | ||
82872 | /* Stack limit test */ | 82895 | /* Stack limit test */ |
@@ -82874,7 +82897,7 @@ index 0dceed8..e7cfc40 100644 | |||
82874 | if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) | 82897 | if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) |
82875 | return -ENOMEM; | 82898 | return -ENOMEM; |
82876 | 82899 | ||
82877 | @@ -2027,6 +2302,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | 82900 | @@ -2027,6 +2338,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
82878 | locked = mm->locked_vm + grow; | 82901 | locked = mm->locked_vm + grow; |
82879 | limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); | 82902 | limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); |
82880 | limit >>= PAGE_SHIFT; | 82903 | limit >>= PAGE_SHIFT; |
@@ -82882,7 +82905,7 @@ index 0dceed8..e7cfc40 100644 | |||
82882 | if (locked > limit && !capable(CAP_IPC_LOCK)) | 82905 | if (locked > limit && !capable(CAP_IPC_LOCK)) |
82883 | return -ENOMEM; | 82906 | return -ENOMEM; |
82884 | } | 82907 | } |
82885 | @@ -2056,37 +2332,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns | 82908 | @@ -2056,37 +2368,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns |
82886 | * PA-RISC uses this for its stack; IA64 for its Register Backing Store. | 82909 | * PA-RISC uses this for its stack; IA64 for its Register Backing Store. |
82887 | * vma is the last one with address > vma->vm_end. Have to extend vma. | 82910 | * vma is the last one with address > vma->vm_end. Have to extend vma. |
82888 | */ | 82911 | */ |
@@ -82940,7 +82963,7 @@ index 0dceed8..e7cfc40 100644 | |||
82940 | unsigned long size, grow; | 82963 | unsigned long size, grow; |
82941 | 82964 | ||
82942 | size = address - vma->vm_start; | 82965 | size = address - vma->vm_start; |
82943 | @@ -2121,6 +2408,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) | 82966 | @@ -2121,6 +2444,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) |
82944 | } | 82967 | } |
82945 | } | 82968 | } |
82946 | } | 82969 | } |
@@ -82949,7 +82972,7 @@ index 0dceed8..e7cfc40 100644 | |||
82949 | vma_unlock_anon_vma(vma); | 82972 | vma_unlock_anon_vma(vma); |
82950 | khugepaged_enter_vma_merge(vma); | 82973 | khugepaged_enter_vma_merge(vma); |
82951 | validate_mm(vma->vm_mm); | 82974 | validate_mm(vma->vm_mm); |
82952 | @@ -2135,6 +2424,8 @@ int expand_downwards(struct vm_area_struct *vma, | 82975 | @@ -2135,6 +2460,8 @@ int expand_downwards(struct vm_area_struct *vma, |
82953 | unsigned long address) | 82976 | unsigned long address) |
82954 | { | 82977 | { |
82955 | int error; | 82978 | int error; |
@@ -82958,7 +82981,7 @@ index 0dceed8..e7cfc40 100644 | |||
82958 | 82981 | ||
82959 | /* | 82982 | /* |
82960 | * We must make sure the anon_vma is allocated | 82983 | * We must make sure the anon_vma is allocated |
82961 | @@ -2148,6 +2439,15 @@ int expand_downwards(struct vm_area_struct *vma, | 82984 | @@ -2148,6 +2475,15 @@ int expand_downwards(struct vm_area_struct *vma, |
82962 | if (error) | 82985 | if (error) |
82963 | return error; | 82986 | return error; |
82964 | 82987 | ||
@@ -82974,7 +82997,7 @@ index 0dceed8..e7cfc40 100644 | |||
82974 | vma_lock_anon_vma(vma); | 82997 | vma_lock_anon_vma(vma); |
82975 | 82998 | ||
82976 | /* | 82999 | /* |
82977 | @@ -2157,9 +2457,17 @@ int expand_downwards(struct vm_area_struct *vma, | 83000 | @@ -2157,9 +2493,17 @@ int expand_downwards(struct vm_area_struct *vma, |
82978 | */ | 83001 | */ |
82979 | 83002 | ||
82980 | /* Somebody else might have raced and expanded it already */ | 83003 | /* Somebody else might have raced and expanded it already */ |
@@ -82993,7 +83016,7 @@ index 0dceed8..e7cfc40 100644 | |||
82993 | size = vma->vm_end - address; | 83016 | size = vma->vm_end - address; |
82994 | grow = (vma->vm_start - address) >> PAGE_SHIFT; | 83017 | grow = (vma->vm_start - address) >> PAGE_SHIFT; |
82995 | 83018 | ||
82996 | @@ -2184,13 +2492,27 @@ int expand_downwards(struct vm_area_struct *vma, | 83019 | @@ -2184,13 +2528,27 @@ int expand_downwards(struct vm_area_struct *vma, |
82997 | vma->vm_pgoff -= grow; | 83020 | vma->vm_pgoff -= grow; |
82998 | anon_vma_interval_tree_post_update_vma(vma); | 83021 | anon_vma_interval_tree_post_update_vma(vma); |
82999 | vma_gap_update(vma); | 83022 | vma_gap_update(vma); |
@@ -83021,7 +83044,7 @@ index 0dceed8..e7cfc40 100644 | |||
83021 | khugepaged_enter_vma_merge(vma); | 83044 | khugepaged_enter_vma_merge(vma); |
83022 | validate_mm(vma->vm_mm); | 83045 | validate_mm(vma->vm_mm); |
83023 | return error; | 83046 | return error; |
83024 | @@ -2288,6 +2610,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) | 83047 | @@ -2288,6 +2646,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) |
83025 | do { | 83048 | do { |
83026 | long nrpages = vma_pages(vma); | 83049 | long nrpages = vma_pages(vma); |
83027 | 83050 | ||
@@ -83035,7 +83058,7 @@ index 0dceed8..e7cfc40 100644 | |||
83035 | if (vma->vm_flags & VM_ACCOUNT) | 83058 | if (vma->vm_flags & VM_ACCOUNT) |
83036 | nr_accounted += nrpages; | 83059 | nr_accounted += nrpages; |
83037 | vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); | 83060 | vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); |
83038 | @@ -2333,6 +2662,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, | 83061 | @@ -2333,6 +2698,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, |
83039 | insertion_point = (prev ? &prev->vm_next : &mm->mmap); | 83062 | insertion_point = (prev ? &prev->vm_next : &mm->mmap); |
83040 | vma->vm_prev = NULL; | 83063 | vma->vm_prev = NULL; |
83041 | do { | 83064 | do { |
@@ -83052,7 +83075,7 @@ index 0dceed8..e7cfc40 100644 | |||
83052 | vma_rb_erase(vma, &mm->mm_rb); | 83075 | vma_rb_erase(vma, &mm->mm_rb); |
83053 | mm->map_count--; | 83076 | mm->map_count--; |
83054 | tail_vma = vma; | 83077 | tail_vma = vma; |
83055 | @@ -2364,14 +2703,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 83078 | @@ -2364,14 +2739,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
83056 | struct vm_area_struct *new; | 83079 | struct vm_area_struct *new; |
83057 | int err = -ENOMEM; | 83080 | int err = -ENOMEM; |
83058 | 83081 | ||
@@ -83086,7 +83109,7 @@ index 0dceed8..e7cfc40 100644 | |||
83086 | /* most fields are the same, copy all, and then fixup */ | 83109 | /* most fields are the same, copy all, and then fixup */ |
83087 | *new = *vma; | 83110 | *new = *vma; |
83088 | 83111 | ||
83089 | @@ -2384,6 +2742,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 83112 | @@ -2384,6 +2778,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
83090 | new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); | 83113 | new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); |
83091 | } | 83114 | } |
83092 | 83115 | ||
@@ -83109,7 +83132,7 @@ index 0dceed8..e7cfc40 100644 | |||
83109 | pol = mpol_dup(vma_policy(vma)); | 83132 | pol = mpol_dup(vma_policy(vma)); |
83110 | if (IS_ERR(pol)) { | 83133 | if (IS_ERR(pol)) { |
83111 | err = PTR_ERR(pol); | 83134 | err = PTR_ERR(pol); |
83112 | @@ -2406,6 +2780,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 83135 | @@ -2406,6 +2816,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
83113 | else | 83136 | else |
83114 | err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); | 83137 | err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); |
83115 | 83138 | ||
@@ -83146,7 +83169,7 @@ index 0dceed8..e7cfc40 100644 | |||
83146 | /* Success. */ | 83169 | /* Success. */ |
83147 | if (!err) | 83170 | if (!err) |
83148 | return 0; | 83171 | return 0; |
83149 | @@ -2415,10 +2819,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 83172 | @@ -2415,10 +2855,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
83150 | new->vm_ops->close(new); | 83173 | new->vm_ops->close(new); |
83151 | if (new->vm_file) | 83174 | if (new->vm_file) |
83152 | fput(new->vm_file); | 83175 | fput(new->vm_file); |
@@ -83166,7 +83189,7 @@ index 0dceed8..e7cfc40 100644 | |||
83166 | kmem_cache_free(vm_area_cachep, new); | 83189 | kmem_cache_free(vm_area_cachep, new); |
83167 | out_err: | 83190 | out_err: |
83168 | return err; | 83191 | return err; |
83169 | @@ -2431,6 +2843,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, | 83192 | @@ -2431,6 +2879,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, |
83170 | int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, | 83193 | int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
83171 | unsigned long addr, int new_below) | 83194 | unsigned long addr, int new_below) |
83172 | { | 83195 | { |
@@ -83182,7 +83205,7 @@ index 0dceed8..e7cfc40 100644 | |||
83182 | if (mm->map_count >= sysctl_max_map_count) | 83205 | if (mm->map_count >= sysctl_max_map_count) |
83183 | return -ENOMEM; | 83206 | return -ENOMEM; |
83184 | 83207 | ||
83185 | @@ -2442,11 +2863,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, | 83208 | @@ -2442,11 +2899,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, |
83186 | * work. This now handles partial unmappings. | 83209 | * work. This now handles partial unmappings. |
83187 | * Jeremy Fitzhardinge <jeremy@goop.org> | 83210 | * Jeremy Fitzhardinge <jeremy@goop.org> |
83188 | */ | 83211 | */ |
@@ -83213,7 +83236,7 @@ index 0dceed8..e7cfc40 100644 | |||
83213 | if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) | 83236 | if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) |
83214 | return -EINVAL; | 83237 | return -EINVAL; |
83215 | 83238 | ||
83216 | @@ -2521,6 +2961,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) | 83239 | @@ -2521,6 +2997,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) |
83217 | /* Fix up all other VM information */ | 83240 | /* Fix up all other VM information */ |
83218 | remove_vma_list(mm, vma); | 83241 | remove_vma_list(mm, vma); |
83219 | 83242 | ||
@@ -83222,7 +83245,7 @@ index 0dceed8..e7cfc40 100644 | |||
83222 | return 0; | 83245 | return 0; |
83223 | } | 83246 | } |
83224 | 83247 | ||
83225 | @@ -2529,6 +2971,13 @@ int vm_munmap(unsigned long start, size_t len) | 83248 | @@ -2529,6 +3007,13 @@ int vm_munmap(unsigned long start, size_t len) |
83226 | int ret; | 83249 | int ret; |
83227 | struct mm_struct *mm = current->mm; | 83250 | struct mm_struct *mm = current->mm; |
83228 | 83251 | ||
@@ -83236,7 +83259,7 @@ index 0dceed8..e7cfc40 100644 | |||
83236 | down_write(&mm->mmap_sem); | 83259 | down_write(&mm->mmap_sem); |
83237 | ret = do_munmap(mm, start, len); | 83260 | ret = do_munmap(mm, start, len); |
83238 | up_write(&mm->mmap_sem); | 83261 | up_write(&mm->mmap_sem); |
83239 | @@ -2542,16 +2991,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) | 83262 | @@ -2542,16 +3027,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) |
83240 | return vm_munmap(addr, len); | 83263 | return vm_munmap(addr, len); |
83241 | } | 83264 | } |
83242 | 83265 | ||
@@ -83253,7 +83276,7 @@ index 0dceed8..e7cfc40 100644 | |||
83253 | /* | 83276 | /* |
83254 | * this is really a simplified "do_mmap". it only handles | 83277 | * this is really a simplified "do_mmap". it only handles |
83255 | * anonymous maps. eventually we may be able to do some | 83278 | * anonymous maps. eventually we may be able to do some |
83256 | @@ -2565,6 +3004,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) | 83279 | @@ -2565,6 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
83257 | struct rb_node ** rb_link, * rb_parent; | 83280 | struct rb_node ** rb_link, * rb_parent; |
83258 | pgoff_t pgoff = addr >> PAGE_SHIFT; | 83281 | pgoff_t pgoff = addr >> PAGE_SHIFT; |
83259 | int error; | 83282 | int error; |
@@ -83261,7 +83284,7 @@ index 0dceed8..e7cfc40 100644 | |||
83261 | 83284 | ||
83262 | len = PAGE_ALIGN(len); | 83285 | len = PAGE_ALIGN(len); |
83263 | if (!len) | 83286 | if (!len) |
83264 | @@ -2572,16 +3012,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) | 83287 | @@ -2572,16 +3048,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
83265 | 83288 | ||
83266 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; | 83289 | flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
83267 | 83290 | ||
@@ -83293,7 +83316,7 @@ index 0dceed8..e7cfc40 100644 | |||
83293 | locked += mm->locked_vm; | 83316 | locked += mm->locked_vm; |
83294 | lock_limit = rlimit(RLIMIT_MEMLOCK); | 83317 | lock_limit = rlimit(RLIMIT_MEMLOCK); |
83295 | lock_limit >>= PAGE_SHIFT; | 83318 | lock_limit >>= PAGE_SHIFT; |
83296 | @@ -2598,21 +3052,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) | 83319 | @@ -2598,21 +3088,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
83297 | /* | 83320 | /* |
83298 | * Clear old maps. this also does some error checking for us | 83321 | * Clear old maps. this also does some error checking for us |
83299 | */ | 83322 | */ |
@@ -83318,7 +83341,7 @@ index 0dceed8..e7cfc40 100644 | |||
83318 | return -ENOMEM; | 83341 | return -ENOMEM; |
83319 | 83342 | ||
83320 | /* Can we just expand an old private anonymous mapping? */ | 83343 | /* Can we just expand an old private anonymous mapping? */ |
83321 | @@ -2626,7 +3079,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) | 83344 | @@ -2626,7 +3115,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
83322 | */ | 83345 | */ |
83323 | vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); | 83346 | vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); |
83324 | if (!vma) { | 83347 | if (!vma) { |
@@ -83327,7 +83350,7 @@ index 0dceed8..e7cfc40 100644 | |||
83327 | return -ENOMEM; | 83350 | return -ENOMEM; |
83328 | } | 83351 | } |
83329 | 83352 | ||
83330 | @@ -2640,9 +3093,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) | 83353 | @@ -2640,9 +3129,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) |
83331 | vma_link(mm, vma, prev, rb_link, rb_parent); | 83354 | vma_link(mm, vma, prev, rb_link, rb_parent); |
83332 | out: | 83355 | out: |
83333 | perf_event_mmap(vma); | 83356 | perf_event_mmap(vma); |
@@ -83340,7 +83363,7 @@ index 0dceed8..e7cfc40 100644 | |||
83340 | return addr; | 83363 | return addr; |
83341 | } | 83364 | } |
83342 | 83365 | ||
83343 | @@ -2704,6 +3158,7 @@ void exit_mmap(struct mm_struct *mm) | 83366 | @@ -2704,6 +3194,7 @@ void exit_mmap(struct mm_struct *mm) |
83344 | while (vma) { | 83367 | while (vma) { |
83345 | if (vma->vm_flags & VM_ACCOUNT) | 83368 | if (vma->vm_flags & VM_ACCOUNT) |
83346 | nr_accounted += vma_pages(vma); | 83369 | nr_accounted += vma_pages(vma); |
@@ -83348,7 +83371,7 @@ index 0dceed8..e7cfc40 100644 | |||
83348 | vma = remove_vma(vma); | 83371 | vma = remove_vma(vma); |
83349 | } | 83372 | } |
83350 | vm_unacct_memory(nr_accounted); | 83373 | vm_unacct_memory(nr_accounted); |
83351 | @@ -2720,6 +3175,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) | 83374 | @@ -2720,6 +3211,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
83352 | struct vm_area_struct *prev; | 83375 | struct vm_area_struct *prev; |
83353 | struct rb_node **rb_link, *rb_parent; | 83376 | struct rb_node **rb_link, *rb_parent; |
83354 | 83377 | ||
@@ -83362,7 +83385,7 @@ index 0dceed8..e7cfc40 100644 | |||
83362 | /* | 83385 | /* |
83363 | * The vm_pgoff of a purely anonymous vma should be irrelevant | 83386 | * The vm_pgoff of a purely anonymous vma should be irrelevant |
83364 | * until its first write fault, when page's anon_vma and index | 83387 | * until its first write fault, when page's anon_vma and index |
83365 | @@ -2743,7 +3205,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) | 83388 | @@ -2743,7 +3241,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) |
83366 | security_vm_enough_memory_mm(mm, vma_pages(vma))) | 83389 | security_vm_enough_memory_mm(mm, vma_pages(vma))) |
83367 | return -ENOMEM; | 83390 | return -ENOMEM; |
83368 | 83391 | ||
@@ -83384,7 +83407,7 @@ index 0dceed8..e7cfc40 100644 | |||
83384 | return 0; | 83407 | return 0; |
83385 | } | 83408 | } |
83386 | 83409 | ||
83387 | @@ -2763,6 +3239,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, | 83410 | @@ -2763,6 +3275,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
83388 | struct mempolicy *pol; | 83411 | struct mempolicy *pol; |
83389 | bool faulted_in_anon_vma = true; | 83412 | bool faulted_in_anon_vma = true; |
83390 | 83413 | ||
@@ -83393,7 +83416,7 @@ index 0dceed8..e7cfc40 100644 | |||
83393 | /* | 83416 | /* |
83394 | * If anonymous vma has not yet been faulted, update new pgoff | 83417 | * If anonymous vma has not yet been faulted, update new pgoff |
83395 | * to match new location, to increase its chance of merging. | 83418 | * to match new location, to increase its chance of merging. |
83396 | @@ -2829,6 +3307,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, | 83419 | @@ -2829,6 +3343,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, |
83397 | return NULL; | 83420 | return NULL; |
83398 | } | 83421 | } |
83399 | 83422 | ||
@@ -83433,7 +83456,7 @@ index 0dceed8..e7cfc40 100644 | |||
83433 | /* | 83456 | /* |
83434 | * Return true if the calling process may expand its vm space by the passed | 83457 | * Return true if the calling process may expand its vm space by the passed |
83435 | * number of pages | 83458 | * number of pages |
83436 | @@ -2840,6 +3351,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) | 83459 | @@ -2840,6 +3387,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) |
83437 | 83460 | ||
83438 | lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; | 83461 | lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; |
83439 | 83462 | ||
@@ -83441,7 +83464,7 @@ index 0dceed8..e7cfc40 100644 | |||
83441 | if (cur + npages > lim) | 83464 | if (cur + npages > lim) |
83442 | return 0; | 83465 | return 0; |
83443 | return 1; | 83466 | return 1; |
83444 | @@ -2910,6 +3422,22 @@ int install_special_mapping(struct mm_struct *mm, | 83467 | @@ -2910,6 +3458,22 @@ int install_special_mapping(struct mm_struct *mm, |
83445 | vma->vm_start = addr; | 83468 | vma->vm_start = addr; |
83446 | vma->vm_end = addr + len; | 83469 | vma->vm_end = addr + len; |
83447 | 83470 | ||
@@ -85864,10 +85887,20 @@ index 6a93614..1415549 100644 | |||
85864 | err = -EFAULT; | 85887 | err = -EFAULT; |
85865 | break; | 85888 | break; |
85866 | diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c | 85889 | diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c |
85867 | index c5f9cd6..8d23158 100644 | 85890 | index c5f9cd6..dfc8ec1 100644 |
85868 | --- a/net/bluetooth/l2cap_core.c | 85891 | --- a/net/bluetooth/l2cap_core.c |
85869 | +++ b/net/bluetooth/l2cap_core.c | 85892 | +++ b/net/bluetooth/l2cap_core.c |
85870 | @@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, | 85893 | @@ -2743,6 +2743,9 @@ static struct sk_buff *l2cap_build_cmd(struct l2cap_conn *conn, u8 code, |
85894 | BT_DBG("conn %p, code 0x%2.2x, ident 0x%2.2x, len %u", | ||
85895 | conn, code, ident, dlen); | ||
85896 | |||
85897 | + if (conn->mtu < L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE) | ||
85898 | + return NULL; | ||
85899 | + | ||
85900 | len = L2CAP_HDR_SIZE + L2CAP_CMD_HDR_SIZE + dlen; | ||
85901 | count = min_t(unsigned int, conn->mtu, len); | ||
85902 | |||
85903 | @@ -3395,8 +3398,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, | ||
85871 | break; | 85904 | break; |
85872 | 85905 | ||
85873 | case L2CAP_CONF_RFC: | 85906 | case L2CAP_CONF_RFC: |
@@ -85880,6 +85913,15 @@ index c5f9cd6..8d23158 100644 | |||
85880 | 85913 | ||
85881 | if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && | 85914 | if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && |
85882 | rfc.mode != chan->mode) | 85915 | rfc.mode != chan->mode) |
85916 | @@ -4221,7 +4226,7 @@ static inline int l2cap_information_rsp(struct l2cap_conn *conn, | ||
85917 | struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data; | ||
85918 | u16 type, result; | ||
85919 | |||
85920 | - if (cmd_len != sizeof(*rsp)) | ||
85921 | + if (cmd_len < sizeof(*rsp)) | ||
85922 | return -EPROTO; | ||
85923 | |||
85924 | type = __le16_to_cpu(rsp->type); | ||
85883 | diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c | 85925 | diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c |
85884 | index 1bcfb84..dad9f98 100644 | 85926 | index 1bcfb84..dad9f98 100644 |
85885 | --- a/net/bluetooth/l2cap_sock.c | 85927 | --- a/net/bluetooth/l2cap_sock.c |
@@ -86111,7 +86153,7 @@ index 117814a..ad4fb73 100644 | |||
86111 | 86153 | ||
86112 | if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { | 86154 | if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { |
86113 | diff --git a/net/compat.c b/net/compat.c | 86155 | diff --git a/net/compat.c b/net/compat.c |
86114 | index 79ae884..0541331 100644 | 86156 | index f0a1ba6..0541331 100644 |
86115 | --- a/net/compat.c | 86157 | --- a/net/compat.c |
86116 | +++ b/net/compat.c | 86158 | +++ b/net/compat.c |
86117 | @@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) | 86159 | @@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) |
@@ -86241,45 +86283,7 @@ index 79ae884..0541331 100644 | |||
86241 | struct group_filter __user *kgf; | 86283 | struct group_filter __user *kgf; |
86242 | int __user *koptlen; | 86284 | int __user *koptlen; |
86243 | u32 interface, fmode, numsrc; | 86285 | u32 interface, fmode, numsrc; |
86244 | @@ -734,19 +734,25 @@ static unsigned char nas[21] = { | 86286 | @@ -805,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) |
86245 | |||
86246 | asmlinkage long compat_sys_sendmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) | ||
86247 | { | ||
86248 | - return sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
86249 | + if (flags & MSG_CMSG_COMPAT) | ||
86250 | + return -EINVAL; | ||
86251 | + return __sys_sendmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
86252 | } | ||
86253 | |||
86254 | asmlinkage long compat_sys_sendmmsg(int fd, struct compat_mmsghdr __user *mmsg, | ||
86255 | unsigned int vlen, unsigned int flags) | ||
86256 | { | ||
86257 | + if (flags & MSG_CMSG_COMPAT) | ||
86258 | + return -EINVAL; | ||
86259 | return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, | ||
86260 | flags | MSG_CMSG_COMPAT); | ||
86261 | } | ||
86262 | |||
86263 | asmlinkage long compat_sys_recvmsg(int fd, struct compat_msghdr __user *msg, unsigned int flags) | ||
86264 | { | ||
86265 | - return sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
86266 | + if (flags & MSG_CMSG_COMPAT) | ||
86267 | + return -EINVAL; | ||
86268 | + return __sys_recvmsg(fd, (struct msghdr __user *)msg, flags | MSG_CMSG_COMPAT); | ||
86269 | } | ||
86270 | |||
86271 | asmlinkage long compat_sys_recv(int fd, void __user *buf, size_t len, unsigned int flags) | ||
86272 | @@ -768,6 +774,9 @@ asmlinkage long compat_sys_recvmmsg(int fd, struct compat_mmsghdr __user *mmsg, | ||
86273 | int datagrams; | ||
86274 | struct timespec ktspec; | ||
86275 | |||
86276 | + if (flags & MSG_CMSG_COMPAT) | ||
86277 | + return -EINVAL; | ||
86278 | + | ||
86279 | if (COMPAT_USE_64BIT_TIME) | ||
86280 | return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen, | ||
86281 | flags | MSG_CMSG_COMPAT, | ||
86282 | @@ -796,7 +805,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) | ||
86283 | 86287 | ||
86284 | if (call < SYS_SOCKET || call > SYS_SENDMMSG) | 86288 | if (call < SYS_SOCKET || call > SYS_SENDMMSG) |
86285 | return -EINVAL; | 86289 | return -EINVAL; |
@@ -86302,7 +86306,7 @@ index 368f9c3..f82d4a3 100644 | |||
86302 | 86306 | ||
86303 | return err; | 86307 | return err; |
86304 | diff --git a/net/core/dev.c b/net/core/dev.c | 86308 | diff --git a/net/core/dev.c b/net/core/dev.c |
86305 | index 9a278e9..15f2b9e 100644 | 86309 | index c9eb9e6..922c789 100644 |
86306 | --- a/net/core/dev.c | 86310 | --- a/net/core/dev.c |
86307 | +++ b/net/core/dev.c | 86311 | +++ b/net/core/dev.c |
86308 | @@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) | 86312 | @@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) |
@@ -86332,7 +86336,7 @@ index 9a278e9..15f2b9e 100644 | |||
86332 | 86336 | ||
86333 | #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) | 86337 | #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) |
86334 | 86338 | ||
86335 | @@ -3093,7 +3093,7 @@ enqueue: | 86339 | @@ -3099,7 +3099,7 @@ enqueue: |
86336 | 86340 | ||
86337 | local_irq_restore(flags); | 86341 | local_irq_restore(flags); |
86338 | 86342 | ||
@@ -86341,7 +86345,7 @@ index 9a278e9..15f2b9e 100644 | |||
86341 | kfree_skb(skb); | 86345 | kfree_skb(skb); |
86342 | return NET_RX_DROP; | 86346 | return NET_RX_DROP; |
86343 | } | 86347 | } |
86344 | @@ -3165,7 +3165,7 @@ int netif_rx_ni(struct sk_buff *skb) | 86348 | @@ -3171,7 +3171,7 @@ int netif_rx_ni(struct sk_buff *skb) |
86345 | } | 86349 | } |
86346 | EXPORT_SYMBOL(netif_rx_ni); | 86350 | EXPORT_SYMBOL(netif_rx_ni); |
86347 | 86351 | ||
@@ -86350,7 +86354,7 @@ index 9a278e9..15f2b9e 100644 | |||
86350 | { | 86354 | { |
86351 | struct softnet_data *sd = &__get_cpu_var(softnet_data); | 86355 | struct softnet_data *sd = &__get_cpu_var(softnet_data); |
86352 | 86356 | ||
86353 | @@ -3490,7 +3490,7 @@ ncls: | 86357 | @@ -3496,7 +3496,7 @@ ncls: |
86354 | ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); | 86358 | ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); |
86355 | } else { | 86359 | } else { |
86356 | drop: | 86360 | drop: |
@@ -86359,7 +86363,7 @@ index 9a278e9..15f2b9e 100644 | |||
86359 | kfree_skb(skb); | 86363 | kfree_skb(skb); |
86360 | /* Jamal, now you will not able to escape explaining | 86364 | /* Jamal, now you will not able to escape explaining |
86361 | * me how you were going to use this. :-) | 86365 | * me how you were going to use this. :-) |
86362 | @@ -4095,7 +4095,7 @@ void netif_napi_del(struct napi_struct *napi) | 86366 | @@ -4101,7 +4101,7 @@ void netif_napi_del(struct napi_struct *napi) |
86363 | } | 86367 | } |
86364 | EXPORT_SYMBOL(netif_napi_del); | 86368 | EXPORT_SYMBOL(netif_napi_del); |
86365 | 86369 | ||
@@ -86368,7 +86372,7 @@ index 9a278e9..15f2b9e 100644 | |||
86368 | { | 86372 | { |
86369 | struct softnet_data *sd = &__get_cpu_var(softnet_data); | 86373 | struct softnet_data *sd = &__get_cpu_var(softnet_data); |
86370 | unsigned long time_limit = jiffies + 2; | 86374 | unsigned long time_limit = jiffies + 2; |
86371 | @@ -5522,7 +5522,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, | 86375 | @@ -5528,7 +5528,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, |
86372 | } else { | 86376 | } else { |
86373 | netdev_stats_to_stats64(storage, &dev->stats); | 86377 | netdev_stats_to_stats64(storage, &dev->stats); |
86374 | } | 86378 | } |
@@ -86639,7 +86643,7 @@ index e61a8bb..6a2f13c 100644 | |||
86639 | #ifdef CONFIG_INET | 86643 | #ifdef CONFIG_INET |
86640 | static u32 seq_scale(u32 seq) | 86644 | static u32 seq_scale(u32 seq) |
86641 | diff --git a/net/core/sock.c b/net/core/sock.c | 86645 | diff --git a/net/core/sock.c b/net/core/sock.c |
86642 | index 1432266..1a0d4a1 100644 | 86646 | index 684c37d..b541900 100644 |
86643 | --- a/net/core/sock.c | 86647 | --- a/net/core/sock.c |
86644 | +++ b/net/core/sock.c | 86648 | +++ b/net/core/sock.c |
86645 | @@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) | 86649 | @@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) |
@@ -87168,7 +87172,7 @@ index 52c273e..579060b 100644 | |||
87168 | return -ENOMEM; | 87172 | return -ENOMEM; |
87169 | } | 87173 | } |
87170 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c | 87174 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c |
87171 | index 91d66db..4af7d99 100644 | 87175 | index c7e8c04..56cb4c1 100644 |
87172 | --- a/net/ipv4/ip_gre.c | 87176 | --- a/net/ipv4/ip_gre.c |
87173 | +++ b/net/ipv4/ip_gre.c | 87177 | +++ b/net/ipv4/ip_gre.c |
87174 | @@ -124,7 +124,7 @@ static bool log_ecn_error = true; | 87178 | @@ -124,7 +124,7 @@ static bool log_ecn_error = true; |
@@ -87298,7 +87302,7 @@ index bf6c5cf..ab2e9c6 100644 | |||
87298 | return res; | 87302 | return res; |
87299 | } | 87303 | } |
87300 | diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c | 87304 | diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c |
87301 | index 8f024d4..8b3500c 100644 | 87305 | index 7533846..d2361d1 100644 |
87302 | --- a/net/ipv4/ipip.c | 87306 | --- a/net/ipv4/ipip.c |
87303 | +++ b/net/ipv4/ipip.c | 87307 | +++ b/net/ipv4/ipip.c |
87304 | @@ -138,7 +138,7 @@ struct ipip_net { | 87308 | @@ -138,7 +138,7 @@ struct ipip_net { |
@@ -87486,10 +87490,10 @@ index dd44e0a..06dcca4 100644 | |||
87486 | 87490 | ||
87487 | static int raw_seq_show(struct seq_file *seq, void *v) | 87491 | static int raw_seq_show(struct seq_file *seq, void *v) |
87488 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c | 87492 | diff --git a/net/ipv4/route.c b/net/ipv4/route.c |
87489 | index 6e28514..5e1b055 100644 | 87493 | index cfede9a..22248f9 100644 |
87490 | --- a/net/ipv4/route.c | 87494 | --- a/net/ipv4/route.c |
87491 | +++ b/net/ipv4/route.c | 87495 | +++ b/net/ipv4/route.c |
87492 | @@ -2553,34 +2553,34 @@ static struct ctl_table ipv4_route_flush_table[] = { | 87496 | @@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = { |
87493 | .maxlen = sizeof(int), | 87497 | .maxlen = sizeof(int), |
87494 | .mode = 0200, | 87498 | .mode = 0200, |
87495 | .proc_handler = ipv4_sysctl_rtcache_flush, | 87499 | .proc_handler = ipv4_sysctl_rtcache_flush, |
@@ -87532,7 +87536,7 @@ index 6e28514..5e1b055 100644 | |||
87532 | err_dup: | 87536 | err_dup: |
87533 | return -ENOMEM; | 87537 | return -ENOMEM; |
87534 | } | 87538 | } |
87535 | @@ -2603,7 +2603,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { | 87539 | @@ -2608,7 +2608,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { |
87536 | 87540 | ||
87537 | static __net_init int rt_genid_init(struct net *net) | 87541 | static __net_init int rt_genid_init(struct net *net) |
87538 | { | 87542 | { |
@@ -87681,29 +87685,11 @@ index 960fd29..d55bf64 100644 | |||
87681 | 87685 | ||
87682 | hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); | 87686 | hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); |
87683 | if (hdr == NULL) | 87687 | if (hdr == NULL) |
87684 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c | ||
87685 | index e220207..cdeb839 100644 | ||
87686 | --- a/net/ipv4/tcp.c | ||
87687 | +++ b/net/ipv4/tcp.c | ||
87688 | @@ -3383,8 +3383,11 @@ int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *hp, | ||
87689 | |||
87690 | for (i = 0; i < shi->nr_frags; ++i) { | ||
87691 | const struct skb_frag_struct *f = &shi->frags[i]; | ||
87692 | - struct page *page = skb_frag_page(f); | ||
87693 | - sg_set_page(&sg, page, skb_frag_size(f), f->page_offset); | ||
87694 | + unsigned int offset = f->page_offset; | ||
87695 | + struct page *page = skb_frag_page(f) + (offset >> PAGE_SHIFT); | ||
87696 | + | ||
87697 | + sg_set_page(&sg, page, skb_frag_size(f), | ||
87698 | + offset_in_page(offset)); | ||
87699 | if (crypto_hash_update(desc, &sg, skb_frag_size(f))) | ||
87700 | return 1; | ||
87701 | } | ||
87702 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c | 87688 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
87703 | index 13b9c08..d33a8d0 100644 | 87689 | index 59163c8..8277c51 100644 |
87704 | --- a/net/ipv4/tcp_input.c | 87690 | --- a/net/ipv4/tcp_input.c |
87705 | +++ b/net/ipv4/tcp_input.c | 87691 | +++ b/net/ipv4/tcp_input.c |
87706 | @@ -4724,7 +4724,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, | 87692 | @@ -4727,7 +4727,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, |
87707 | * simplifies code) | 87693 | * simplifies code) |
87708 | */ | 87694 | */ |
87709 | static void | 87695 | static void |
@@ -87712,7 +87698,7 @@ index 13b9c08..d33a8d0 100644 | |||
87712 | struct sk_buff *head, struct sk_buff *tail, | 87698 | struct sk_buff *head, struct sk_buff *tail, |
87713 | u32 start, u32 end) | 87699 | u32 start, u32 end) |
87714 | { | 87700 | { |
87715 | @@ -5838,6 +5838,7 @@ discard: | 87701 | @@ -5841,6 +5841,7 @@ discard: |
87716 | tcp_paws_reject(&tp->rx_opt, 0)) | 87702 | tcp_paws_reject(&tp->rx_opt, 0)) |
87717 | goto discard_and_undo; | 87703 | goto discard_and_undo; |
87718 | 87704 | ||
@@ -87720,7 +87706,7 @@ index 13b9c08..d33a8d0 100644 | |||
87720 | if (th->syn) { | 87706 | if (th->syn) { |
87721 | /* We see SYN without ACK. It is attempt of | 87707 | /* We see SYN without ACK. It is attempt of |
87722 | * simultaneous connect with crossed SYNs. | 87708 | * simultaneous connect with crossed SYNs. |
87723 | @@ -5888,6 +5889,7 @@ discard: | 87709 | @@ -5891,6 +5892,7 @@ discard: |
87724 | goto discard; | 87710 | goto discard; |
87725 | #endif | 87711 | #endif |
87726 | } | 87712 | } |
@@ -87728,7 +87714,7 @@ index 13b9c08..d33a8d0 100644 | |||
87728 | /* "fifth, if neither of the SYN or RST bits is set then | 87714 | /* "fifth, if neither of the SYN or RST bits is set then |
87729 | * drop the segment and return." | 87715 | * drop the segment and return." |
87730 | */ | 87716 | */ |
87731 | @@ -5932,7 +5934,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, | 87717 | @@ -5935,7 +5937,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, |
87732 | goto discard; | 87718 | goto discard; |
87733 | 87719 | ||
87734 | if (th->syn) { | 87720 | if (th->syn) { |
@@ -88023,7 +88009,7 @@ index 9a459be..086b866 100644 | |||
88023 | return -ENOMEM; | 88009 | return -ENOMEM; |
88024 | } | 88010 | } |
88025 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c | 88011 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
88026 | index dae802c..bfa4baa 100644 | 88012 | index 50a4c7c..50a27e6 100644 |
88027 | --- a/net/ipv6/addrconf.c | 88013 | --- a/net/ipv6/addrconf.c |
88028 | +++ b/net/ipv6/addrconf.c | 88014 | +++ b/net/ipv6/addrconf.c |
88029 | @@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) | 88015 | @@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) |
@@ -88035,7 +88021,7 @@ index dae802c..bfa4baa 100644 | |||
88035 | 88021 | ||
88036 | if (ops->ndo_do_ioctl) { | 88022 | if (ops->ndo_do_ioctl) { |
88037 | mm_segment_t oldfs = get_fs(); | 88023 | mm_segment_t oldfs = get_fs(); |
88038 | @@ -4410,7 +4410,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, | 88024 | @@ -4412,7 +4412,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, |
88039 | int *valp = ctl->data; | 88025 | int *valp = ctl->data; |
88040 | int val = *valp; | 88026 | int val = *valp; |
88041 | loff_t pos = *ppos; | 88027 | loff_t pos = *ppos; |
@@ -88044,7 +88030,7 @@ index dae802c..bfa4baa 100644 | |||
88044 | int ret; | 88030 | int ret; |
88045 | 88031 | ||
88046 | /* | 88032 | /* |
88047 | @@ -4492,7 +4492,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, | 88033 | @@ -4494,7 +4494,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, |
88048 | int *valp = ctl->data; | 88034 | int *valp = ctl->data; |
88049 | int val = *valp; | 88035 | int val = *valp; |
88050 | loff_t pos = *ppos; | 88036 | loff_t pos = *ppos; |
@@ -88107,18 +88093,28 @@ index 95d13c7..791fe2f 100644 | |||
88107 | .maxtype = IFLA_GRE_MAX, | 88093 | .maxtype = IFLA_GRE_MAX, |
88108 | .policy = ip6gre_policy, | 88094 | .policy = ip6gre_policy, |
88109 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c | 88095 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
88110 | index 155eccf..851fdae 100644 | 88096 | index 851fdae..9d4d1fd 100644 |
88111 | --- a/net/ipv6/ip6_output.c | 88097 | --- a/net/ipv6/ip6_output.c |
88112 | +++ b/net/ipv6/ip6_output.c | 88098 | +++ b/net/ipv6/ip6_output.c |
88113 | @@ -1147,7 +1147,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, | 88099 | @@ -822,11 +822,17 @@ static struct dst_entry *ip6_sk_dst_check(struct sock *sk, |
88114 | if (WARN_ON(np->cork.opt)) | 88100 | const struct flowi6 *fl6) |
88115 | return -EINVAL; | 88101 | { |
88102 | struct ipv6_pinfo *np = inet6_sk(sk); | ||
88103 | - struct rt6_info *rt = (struct rt6_info *)dst; | ||
88104 | + struct rt6_info *rt; | ||
88116 | 88105 | ||
88117 | - np->cork.opt = kmalloc(opt->tot_len, sk->sk_allocation); | 88106 | if (!dst) |
88118 | + np->cork.opt = kzalloc(opt->tot_len, sk->sk_allocation); | 88107 | goto out; |
88119 | if (unlikely(np->cork.opt == NULL)) | ||
88120 | return -ENOBUFS; | ||
88121 | 88108 | ||
88109 | + if (dst->ops->family != AF_INET6) { | ||
88110 | + dst_release(dst); | ||
88111 | + return NULL; | ||
88112 | + } | ||
88113 | + | ||
88114 | + rt = (struct rt6_info *)dst; | ||
88115 | /* Yes, checking route validity in not connected | ||
88116 | * case is not very simple. Take into account, | ||
88117 | * that we do not support routing by source, TOS, | ||
88122 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c | 88118 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
88123 | index fff83cb..82d49dd 100644 | 88119 | index fff83cb..82d49dd 100644 |
88124 | --- a/net/ipv6/ip6_tunnel.c | 88120 | --- a/net/ipv6/ip6_tunnel.c |
@@ -88697,10 +88693,26 @@ index 4fe76ff..426a904 100644 | |||
88697 | }; | 88693 | }; |
88698 | 88694 | ||
88699 | diff --git a/net/key/af_key.c b/net/key/af_key.c | 88695 | diff --git a/net/key/af_key.c b/net/key/af_key.c |
88700 | index 5b1e5af..2358147 100644 | 88696 | index 5b1e5af..1b929e7 100644 |
88701 | --- a/net/key/af_key.c | 88697 | --- a/net/key/af_key.c |
88702 | +++ b/net/key/af_key.c | 88698 | +++ b/net/key/af_key.c |
88703 | @@ -3041,10 +3041,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc | 88699 | @@ -1710,6 +1710,7 @@ static int key_notify_sa_flush(const struct km_event *c) |
88700 | hdr->sadb_msg_version = PF_KEY_V2; | ||
88701 | hdr->sadb_msg_errno = (uint8_t) 0; | ||
88702 | hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); | ||
88703 | + hdr->sadb_msg_reserved = 0; | ||
88704 | |||
88705 | pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); | ||
88706 | |||
88707 | @@ -2695,6 +2696,7 @@ static int key_notify_policy_flush(const struct km_event *c) | ||
88708 | hdr->sadb_msg_errno = (uint8_t) 0; | ||
88709 | hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC; | ||
88710 | hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t)); | ||
88711 | + hdr->sadb_msg_reserved = 0; | ||
88712 | pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net); | ||
88713 | return 0; | ||
88714 | |||
88715 | @@ -3041,10 +3043,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc | ||
88704 | static u32 get_acqseq(void) | 88716 | static u32 get_acqseq(void) |
88705 | { | 88717 | { |
88706 | u32 res; | 88718 | u32 res; |
@@ -88713,33 +88725,6 @@ index 5b1e5af..2358147 100644 | |||
88713 | } while (!res); | 88725 | } while (!res); |
88714 | return res; | 88726 | return res; |
88715 | } | 88727 | } |
88716 | diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c | ||
88717 | index 637a341..8dec687 100644 | ||
88718 | --- a/net/l2tp/l2tp_ppp.c | ||
88719 | +++ b/net/l2tp/l2tp_ppp.c | ||
88720 | @@ -346,19 +346,19 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh | ||
88721 | skb_put(skb, 2); | ||
88722 | |||
88723 | /* Copy user data into skb */ | ||
88724 | - error = memcpy_fromiovec(skb->data, m->msg_iov, total_len); | ||
88725 | + error = memcpy_fromiovec(skb_put(skb, total_len), m->msg_iov, | ||
88726 | + total_len); | ||
88727 | if (error < 0) { | ||
88728 | kfree_skb(skb); | ||
88729 | goto error_put_sess_tun; | ||
88730 | } | ||
88731 | - skb_put(skb, total_len); | ||
88732 | |||
88733 | l2tp_xmit_skb(session, skb, session->hdr_len); | ||
88734 | |||
88735 | sock_put(ps->tunnel_sock); | ||
88736 | sock_put(sk); | ||
88737 | |||
88738 | - return error; | ||
88739 | + return total_len; | ||
88740 | |||
88741 | error_put_sess_tun: | ||
88742 | sock_put(ps->tunnel_sock); | ||
88743 | diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c | 88728 | diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c |
88744 | index 843d8c4..cb04fa1 100644 | 88729 | index 843d8c4..cb04fa1 100644 |
88745 | --- a/net/mac80211/cfg.c | 88730 | --- a/net/mac80211/cfg.c |
@@ -89356,6 +89341,22 @@ index 9e31269..bc4c1b7 100644 | |||
89356 | mutex_unlock(&nf_log_mutex); | 89341 | mutex_unlock(&nf_log_mutex); |
89357 | } | 89342 | } |
89358 | 89343 | ||
89344 | diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c | ||
89345 | index 96ccdf7..dac11f7 100644 | ||
89346 | --- a/net/netfilter/nf_nat_sip.c | ||
89347 | +++ b/net/netfilter/nf_nat_sip.c | ||
89348 | @@ -230,9 +230,10 @@ static unsigned int nf_nat_sip(struct sk_buff *skb, unsigned int protoff, | ||
89349 | &ct->tuplehash[!dir].tuple.src.u3, | ||
89350 | false); | ||
89351 | if (!mangle_packet(skb, protoff, dataoff, dptr, datalen, | ||
89352 | - poff, plen, buffer, buflen)) | ||
89353 | + poff, plen, buffer, buflen)) { | ||
89354 | nf_ct_helper_log(skb, ct, "cannot mangle received"); | ||
89355 | return NF_DROP; | ||
89356 | + } | ||
89357 | } | ||
89358 | |||
89359 | /* The rport= parameter (RFC 3581) contains the port number | ||
89359 | diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c | 89360 | diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c |
89360 | index f042ae5..30ea486 100644 | 89361 | index f042ae5..30ea486 100644 |
89361 | --- a/net/netfilter/nf_sockopt.c | 89362 | --- a/net/netfilter/nf_sockopt.c |
@@ -89576,10 +89577,10 @@ index 103bd70..f21aad3 100644 | |||
89576 | *uaddr_len = sizeof(struct sockaddr_ax25); | 89577 | *uaddr_len = sizeof(struct sockaddr_ax25); |
89577 | } | 89578 | } |
89578 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c | 89579 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
89579 | index f83e172..223ffe1 100644 | 89580 | index e50f72a..f71867d 100644 |
89580 | --- a/net/packet/af_packet.c | 89581 | --- a/net/packet/af_packet.c |
89581 | +++ b/net/packet/af_packet.c | 89582 | +++ b/net/packet/af_packet.c |
89582 | @@ -1571,7 +1571,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, | 89583 | @@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, |
89583 | 89584 | ||
89584 | spin_lock(&sk->sk_receive_queue.lock); | 89585 | spin_lock(&sk->sk_receive_queue.lock); |
89585 | po->stats.tp_packets++; | 89586 | po->stats.tp_packets++; |
@@ -89588,7 +89589,7 @@ index f83e172..223ffe1 100644 | |||
89588 | __skb_queue_tail(&sk->sk_receive_queue, skb); | 89589 | __skb_queue_tail(&sk->sk_receive_queue, skb); |
89589 | spin_unlock(&sk->sk_receive_queue.lock); | 89590 | spin_unlock(&sk->sk_receive_queue.lock); |
89590 | sk->sk_data_ready(sk, skb->len); | 89591 | sk->sk_data_ready(sk, skb->len); |
89591 | @@ -1580,7 +1580,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, | 89592 | @@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, |
89592 | drop_n_acct: | 89593 | drop_n_acct: |
89593 | spin_lock(&sk->sk_receive_queue.lock); | 89594 | spin_lock(&sk->sk_receive_queue.lock); |
89594 | po->stats.tp_drops++; | 89595 | po->stats.tp_drops++; |
@@ -89597,7 +89598,7 @@ index f83e172..223ffe1 100644 | |||
89597 | spin_unlock(&sk->sk_receive_queue.lock); | 89598 | spin_unlock(&sk->sk_receive_queue.lock); |
89598 | 89599 | ||
89599 | drop_n_restore: | 89600 | drop_n_restore: |
89600 | @@ -2558,6 +2558,7 @@ out: | 89601 | @@ -2579,6 +2579,7 @@ out: |
89601 | 89602 | ||
89602 | static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) | 89603 | static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) |
89603 | { | 89604 | { |
@@ -89605,7 +89606,7 @@ index f83e172..223ffe1 100644 | |||
89605 | struct sock_exterr_skb *serr; | 89606 | struct sock_exterr_skb *serr; |
89606 | struct sk_buff *skb, *skb2; | 89607 | struct sk_buff *skb, *skb2; |
89607 | int copied, err; | 89608 | int copied, err; |
89608 | @@ -2579,8 +2580,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) | 89609 | @@ -2600,8 +2601,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) |
89609 | sock_recv_timestamp(msg, sk, skb); | 89610 | sock_recv_timestamp(msg, sk, skb); |
89610 | 89611 | ||
89611 | serr = SKB_EXT_ERR(skb); | 89612 | serr = SKB_EXT_ERR(skb); |
@@ -89616,22 +89617,7 @@ index f83e172..223ffe1 100644 | |||
89616 | 89617 | ||
89617 | msg->msg_flags |= MSG_ERRQUEUE; | 89618 | msg->msg_flags |= MSG_ERRQUEUE; |
89618 | err = copied; | 89619 | err = copied; |
89619 | @@ -2769,12 +2771,11 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, | 89620 | @@ -3225,7 +3227,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
89620 | return -EOPNOTSUPP; | ||
89621 | |||
89622 | uaddr->sa_family = AF_PACKET; | ||
89623 | + memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data)); | ||
89624 | rcu_read_lock(); | ||
89625 | dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); | ||
89626 | if (dev) | ||
89627 | - strncpy(uaddr->sa_data, dev->name, 14); | ||
89628 | - else | ||
89629 | - memset(uaddr->sa_data, 0, 14); | ||
89630 | + strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data)); | ||
89631 | rcu_read_unlock(); | ||
89632 | *uaddr_len = sizeof(*uaddr); | ||
89633 | |||
89634 | @@ -3205,7 +3206,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, | ||
89635 | case PACKET_HDRLEN: | 89621 | case PACKET_HDRLEN: |
89636 | if (len > sizeof(int)) | 89622 | if (len > sizeof(int)) |
89637 | len = sizeof(int); | 89623 | len = sizeof(int); |
@@ -89640,7 +89626,7 @@ index f83e172..223ffe1 100644 | |||
89640 | return -EFAULT; | 89626 | return -EFAULT; |
89641 | switch (val) { | 89627 | switch (val) { |
89642 | case TPACKET_V1: | 89628 | case TPACKET_V1: |
89643 | @@ -3247,7 +3248,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, | 89629 | @@ -3267,7 +3269,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, |
89644 | len = lv; | 89630 | len = lv; |
89645 | if (put_user(len, optlen)) | 89631 | if (put_user(len, optlen)) |
89646 | return -EFAULT; | 89632 | return -EFAULT; |
@@ -90176,33 +90162,6 @@ index 391a245..296b3d7 100644 | |||
90176 | } | 90162 | } |
90177 | 90163 | ||
90178 | /* Initialize IPv6 support and register with socket layer. */ | 90164 | /* Initialize IPv6 support and register with socket layer. */ |
90179 | diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c | ||
90180 | index 01dca75..e9426bb 100644 | ||
90181 | --- a/net/sctp/outqueue.c | ||
90182 | +++ b/net/sctp/outqueue.c | ||
90183 | @@ -206,6 +206,8 @@ static inline int sctp_cacc_skip(struct sctp_transport *primary, | ||
90184 | */ | ||
90185 | void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) | ||
90186 | { | ||
90187 | + memset(q, 0, sizeof(struct sctp_outq)); | ||
90188 | + | ||
90189 | q->asoc = asoc; | ||
90190 | INIT_LIST_HEAD(&q->out_chunk_list); | ||
90191 | INIT_LIST_HEAD(&q->control_chunk_list); | ||
90192 | @@ -213,13 +215,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) | ||
90193 | INIT_LIST_HEAD(&q->sacked); | ||
90194 | INIT_LIST_HEAD(&q->abandoned); | ||
90195 | |||
90196 | - q->fast_rtx = 0; | ||
90197 | - q->outstanding_bytes = 0; | ||
90198 | q->empty = 1; | ||
90199 | - q->cork = 0; | ||
90200 | - | ||
90201 | - q->malloced = 0; | ||
90202 | - q->out_qlen = 0; | ||
90203 | } | ||
90204 | |||
90205 | /* Free the outqueue structure and any related pending chunks. | ||
90206 | diff --git a/net/sctp/probe.c b/net/sctp/probe.c | 90165 | diff --git a/net/sctp/probe.c b/net/sctp/probe.c |
90207 | index ad0dba8..e62c225 100644 | 90166 | index ad0dba8..e62c225 100644 |
90208 | --- a/net/sctp/probe.c | 90167 | --- a/net/sctp/probe.c |
@@ -90287,7 +90246,7 @@ index 8aab894..f6b7e7d 100644 | |||
90287 | sctp_generate_t1_cookie_event, | 90246 | sctp_generate_t1_cookie_event, |
90288 | sctp_generate_t1_init_event, | 90247 | sctp_generate_t1_init_event, |
90289 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c | 90248 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
90290 | index b907073..7bea2ca 100644 | 90249 | index 02c43e4..7bea2ca 100644 |
90291 | --- a/net/sctp/socket.c | 90250 | --- a/net/sctp/socket.c |
90292 | +++ b/net/sctp/socket.c | 90251 | +++ b/net/sctp/socket.c |
90293 | @@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, | 90252 | @@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, |
@@ -90305,20 +90264,7 @@ index b907073..7bea2ca 100644 | |||
90305 | 90264 | ||
90306 | /* | 90265 | /* |
90307 | * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, | 90266 | * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, |
90308 | @@ -4002,6 +4004,12 @@ SCTP_STATIC void sctp_destroy_sock(struct sock *sk) | 90267 | @@ -4221,13 +4223,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, |
90309 | |||
90310 | /* Release our hold on the endpoint. */ | ||
90311 | sp = sctp_sk(sk); | ||
90312 | + /* This could happen during socket init, thus we bail out | ||
90313 | + * early, since the rest of the below is not setup either. | ||
90314 | + */ | ||
90315 | + if (sp->ep == NULL) | ||
90316 | + return; | ||
90317 | + | ||
90318 | if (sp->do_auto_asconf) { | ||
90319 | sp->do_auto_asconf = 0; | ||
90320 | list_del(&sp->auto_asconf_list); | ||
90321 | @@ -4215,13 +4223,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, | ||
90322 | static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, | 90268 | static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, |
90323 | int __user *optlen) | 90269 | int __user *optlen) |
90324 | { | 90270 | { |
@@ -90336,7 +90282,7 @@ index b907073..7bea2ca 100644 | |||
90336 | return -EFAULT; | 90282 | return -EFAULT; |
90337 | return 0; | 90283 | return 0; |
90338 | } | 90284 | } |
90339 | @@ -4239,6 +4250,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, | 90285 | @@ -4245,6 +4250,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, |
90340 | */ | 90286 | */ |
90341 | static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) | 90287 | static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) |
90342 | { | 90288 | { |
@@ -90345,7 +90291,7 @@ index b907073..7bea2ca 100644 | |||
90345 | /* Applicable to UDP-style socket only */ | 90291 | /* Applicable to UDP-style socket only */ |
90346 | if (sctp_style(sk, TCP)) | 90292 | if (sctp_style(sk, TCP)) |
90347 | return -EOPNOTSUPP; | 90293 | return -EOPNOTSUPP; |
90348 | @@ -4247,7 +4260,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv | 90294 | @@ -4253,7 +4260,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv |
90349 | len = sizeof(int); | 90295 | len = sizeof(int); |
90350 | if (put_user(len, optlen)) | 90296 | if (put_user(len, optlen)) |
90351 | return -EFAULT; | 90297 | return -EFAULT; |
@@ -90355,7 +90301,7 @@ index b907073..7bea2ca 100644 | |||
90355 | return -EFAULT; | 90301 | return -EFAULT; |
90356 | return 0; | 90302 | return 0; |
90357 | } | 90303 | } |
90358 | @@ -4619,12 +4633,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, | 90304 | @@ -4625,12 +4633,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, |
90359 | */ | 90305 | */ |
90360 | static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) | 90306 | static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) |
90361 | { | 90307 | { |
@@ -90372,7 +90318,7 @@ index b907073..7bea2ca 100644 | |||
90372 | return -EFAULT; | 90318 | return -EFAULT; |
90373 | return 0; | 90319 | return 0; |
90374 | } | 90320 | } |
90375 | @@ -4665,6 +4682,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, | 90321 | @@ -4671,6 +4682,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, |
90376 | addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; | 90322 | addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; |
90377 | if (space_left < addrlen) | 90323 | if (space_left < addrlen) |
90378 | return -ENOMEM; | 90324 | return -ENOMEM; |
@@ -90404,7 +90350,7 @@ index bf3c6e8..376d8d0 100644 | |||
90404 | 90350 | ||
90405 | table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); | 90351 | table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); |
90406 | diff --git a/net/socket.c b/net/socket.c | 90352 | diff --git a/net/socket.c b/net/socket.c |
90407 | index 88f759a..74be616 100644 | 90353 | index e216502..74be616 100644 |
90408 | --- a/net/socket.c | 90354 | --- a/net/socket.c |
90409 | +++ b/net/socket.c | 90355 | +++ b/net/socket.c |
90410 | @@ -88,6 +88,7 @@ | 90356 | @@ -88,6 +88,7 @@ |
@@ -90575,16 +90521,7 @@ index 88f759a..74be616 100644 | |||
90575 | int err, err2; | 90521 | int err, err2; |
90576 | int fput_needed; | 90522 | int fput_needed; |
90577 | 90523 | ||
90578 | @@ -1978,7 +2040,7 @@ struct used_address { | 90524 | @@ -2045,7 +2107,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
90579 | unsigned int name_len; | ||
90580 | }; | ||
90581 | |||
90582 | -static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, | ||
90583 | +static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, | ||
90584 | struct msghdr *msg_sys, unsigned int flags, | ||
90585 | struct used_address *used_address) | ||
90586 | { | ||
90587 | @@ -2045,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, | ||
90588 | * checking falls down on this. | 90525 | * checking falls down on this. |
90589 | */ | 90526 | */ |
90590 | if (copy_from_user(ctl_buf, | 90527 | if (copy_from_user(ctl_buf, |
@@ -90593,83 +90530,7 @@ index 88f759a..74be616 100644 | |||
90593 | ctl_len)) | 90530 | ctl_len)) |
90594 | goto out_freectl; | 90531 | goto out_freectl; |
90595 | msg_sys->msg_control = ctl_buf; | 90532 | msg_sys->msg_control = ctl_buf; |
90596 | @@ -2093,20 +2155,28 @@ out: | 90533 | @@ -2196,7 +2258,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
90597 | * BSD sendmsg interface | ||
90598 | */ | ||
90599 | |||
90600 | +long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags) | ||
90601 | +{ | ||
90602 | + int fput_needed, err; | ||
90603 | + struct msghdr msg_sys; | ||
90604 | + struct socket *sock; | ||
90605 | + | ||
90606 | + sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
90607 | + if (!sock) | ||
90608 | + goto out; | ||
90609 | + | ||
90610 | + err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL); | ||
90611 | + | ||
90612 | + fput_light(sock->file, fput_needed); | ||
90613 | +out: | ||
90614 | + return err; | ||
90615 | +} | ||
90616 | + | ||
90617 | SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags) | ||
90618 | { | ||
90619 | - int fput_needed, err; | ||
90620 | - struct msghdr msg_sys; | ||
90621 | - struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
90622 | - | ||
90623 | - if (!sock) | ||
90624 | - goto out; | ||
90625 | - | ||
90626 | - err = __sys_sendmsg(sock, msg, &msg_sys, flags, NULL); | ||
90627 | - | ||
90628 | - fput_light(sock->file, fput_needed); | ||
90629 | -out: | ||
90630 | - return err; | ||
90631 | + if (flags & MSG_CMSG_COMPAT) | ||
90632 | + return -EINVAL; | ||
90633 | + return __sys_sendmsg(fd, msg, flags); | ||
90634 | } | ||
90635 | |||
90636 | /* | ||
90637 | @@ -2139,15 +2209,16 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
90638 | |||
90639 | while (datagrams < vlen) { | ||
90640 | if (MSG_CMSG_COMPAT & flags) { | ||
90641 | - err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry, | ||
90642 | - &msg_sys, flags, &used_address); | ||
90643 | + err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry, | ||
90644 | + &msg_sys, flags, &used_address); | ||
90645 | if (err < 0) | ||
90646 | break; | ||
90647 | err = __put_user(err, &compat_entry->msg_len); | ||
90648 | ++compat_entry; | ||
90649 | } else { | ||
90650 | - err = __sys_sendmsg(sock, (struct msghdr __user *)entry, | ||
90651 | - &msg_sys, flags, &used_address); | ||
90652 | + err = ___sys_sendmsg(sock, | ||
90653 | + (struct msghdr __user *)entry, | ||
90654 | + &msg_sys, flags, &used_address); | ||
90655 | if (err < 0) | ||
90656 | break; | ||
90657 | err = put_user(err, &entry->msg_len); | ||
90658 | @@ -2171,10 +2242,12 @@ int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
90659 | SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg, | ||
90660 | unsigned int, vlen, unsigned int, flags) | ||
90661 | { | ||
90662 | + if (flags & MSG_CMSG_COMPAT) | ||
90663 | + return -EINVAL; | ||
90664 | return __sys_sendmmsg(fd, mmsg, vlen, flags); | ||
90665 | } | ||
90666 | |||
90667 | -static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | ||
90668 | +static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | ||
90669 | struct msghdr *msg_sys, unsigned int flags, int nosec) | ||
90670 | { | ||
90671 | struct compat_msghdr __user *msg_compat = | ||
90672 | @@ -2185,7 +2258,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | ||
90673 | int err, total_len, len; | 90534 | int err, total_len, len; |
90674 | 90535 | ||
90675 | /* kernel mode address */ | 90536 | /* kernel mode address */ |
@@ -90678,7 +90539,7 @@ index 88f759a..74be616 100644 | |||
90678 | 90539 | ||
90679 | /* user mode address pointers */ | 90540 | /* user mode address pointers */ |
90680 | struct sockaddr __user *uaddr; | 90541 | struct sockaddr __user *uaddr; |
90681 | @@ -2213,7 +2286,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | 90542 | @@ -2224,7 +2286,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
90682 | * kernel msghdr to use the kernel address space) | 90543 | * kernel msghdr to use the kernel address space) |
90683 | */ | 90544 | */ |
90684 | 90545 | ||
@@ -90687,84 +90548,7 @@ index 88f759a..74be616 100644 | |||
90687 | uaddr_len = COMPAT_NAMELEN(msg); | 90548 | uaddr_len = COMPAT_NAMELEN(msg); |
90688 | if (MSG_CMSG_COMPAT & flags) { | 90549 | if (MSG_CMSG_COMPAT & flags) { |
90689 | err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); | 90550 | err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); |
90690 | @@ -2266,21 +2339,29 @@ out: | 90551 | @@ -2975,7 +3037,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, |
90691 | * BSD recvmsg interface | ||
90692 | */ | ||
90693 | |||
90694 | +long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags) | ||
90695 | +{ | ||
90696 | + int fput_needed, err; | ||
90697 | + struct msghdr msg_sys; | ||
90698 | + struct socket *sock; | ||
90699 | + | ||
90700 | + sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
90701 | + if (!sock) | ||
90702 | + goto out; | ||
90703 | + | ||
90704 | + err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0); | ||
90705 | + | ||
90706 | + fput_light(sock->file, fput_needed); | ||
90707 | +out: | ||
90708 | + return err; | ||
90709 | +} | ||
90710 | + | ||
90711 | SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg, | ||
90712 | unsigned int, flags) | ||
90713 | { | ||
90714 | - int fput_needed, err; | ||
90715 | - struct msghdr msg_sys; | ||
90716 | - struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
90717 | - | ||
90718 | - if (!sock) | ||
90719 | - goto out; | ||
90720 | - | ||
90721 | - err = __sys_recvmsg(sock, msg, &msg_sys, flags, 0); | ||
90722 | - | ||
90723 | - fput_light(sock->file, fput_needed); | ||
90724 | -out: | ||
90725 | - return err; | ||
90726 | + if (flags & MSG_CMSG_COMPAT) | ||
90727 | + return -EINVAL; | ||
90728 | + return __sys_recvmsg(fd, msg, flags); | ||
90729 | } | ||
90730 | |||
90731 | /* | ||
90732 | @@ -2320,17 +2401,18 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
90733 | * No need to ask LSM for more than the first datagram. | ||
90734 | */ | ||
90735 | if (MSG_CMSG_COMPAT & flags) { | ||
90736 | - err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry, | ||
90737 | - &msg_sys, flags & ~MSG_WAITFORONE, | ||
90738 | - datagrams); | ||
90739 | + err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry, | ||
90740 | + &msg_sys, flags & ~MSG_WAITFORONE, | ||
90741 | + datagrams); | ||
90742 | if (err < 0) | ||
90743 | break; | ||
90744 | err = __put_user(err, &compat_entry->msg_len); | ||
90745 | ++compat_entry; | ||
90746 | } else { | ||
90747 | - err = __sys_recvmsg(sock, (struct msghdr __user *)entry, | ||
90748 | - &msg_sys, flags & ~MSG_WAITFORONE, | ||
90749 | - datagrams); | ||
90750 | + err = ___sys_recvmsg(sock, | ||
90751 | + (struct msghdr __user *)entry, | ||
90752 | + &msg_sys, flags & ~MSG_WAITFORONE, | ||
90753 | + datagrams); | ||
90754 | if (err < 0) | ||
90755 | break; | ||
90756 | err = put_user(err, &entry->msg_len); | ||
90757 | @@ -2397,6 +2479,9 @@ SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg, | ||
90758 | int datagrams; | ||
90759 | struct timespec timeout_sys; | ||
90760 | |||
90761 | + if (flags & MSG_CMSG_COMPAT) | ||
90762 | + return -EINVAL; | ||
90763 | + | ||
90764 | if (!timeout) | ||
90765 | return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL); | ||
90766 | |||
90767 | @@ -2952,7 +3037,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, | ||
90768 | old_fs = get_fs(); | 90552 | old_fs = get_fs(); |
90769 | set_fs(KERNEL_DS); | 90553 | set_fs(KERNEL_DS); |
90770 | err = dev_ioctl(net, cmd, | 90554 | err = dev_ioctl(net, cmd, |
@@ -90773,7 +90557,7 @@ index 88f759a..74be616 100644 | |||
90773 | set_fs(old_fs); | 90557 | set_fs(old_fs); |
90774 | 90558 | ||
90775 | return err; | 90559 | return err; |
90776 | @@ -3061,7 +3146,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, | 90560 | @@ -3084,7 +3146,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, |
90777 | 90561 | ||
90778 | old_fs = get_fs(); | 90562 | old_fs = get_fs(); |
90779 | set_fs(KERNEL_DS); | 90563 | set_fs(KERNEL_DS); |
@@ -90782,7 +90566,7 @@ index 88f759a..74be616 100644 | |||
90782 | set_fs(old_fs); | 90566 | set_fs(old_fs); |
90783 | 90567 | ||
90784 | if (cmd == SIOCGIFMAP && !err) { | 90568 | if (cmd == SIOCGIFMAP && !err) { |
90785 | @@ -3166,7 +3251,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, | 90569 | @@ -3189,7 +3251,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, |
90786 | ret |= __get_user(rtdev, &(ur4->rt_dev)); | 90570 | ret |= __get_user(rtdev, &(ur4->rt_dev)); |
90787 | if (rtdev) { | 90571 | if (rtdev) { |
90788 | ret |= copy_from_user(devname, compat_ptr(rtdev), 15); | 90572 | ret |= copy_from_user(devname, compat_ptr(rtdev), 15); |
@@ -90791,7 +90575,7 @@ index 88f759a..74be616 100644 | |||
90791 | devname[15] = 0; | 90575 | devname[15] = 0; |
90792 | } else | 90576 | } else |
90793 | r4.rt_dev = NULL; | 90577 | r4.rt_dev = NULL; |
90794 | @@ -3392,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, | 90578 | @@ -3415,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, |
90795 | int __user *uoptlen; | 90579 | int __user *uoptlen; |
90796 | int err; | 90580 | int err; |
90797 | 90581 | ||
@@ -90802,7 +90586,7 @@ index 88f759a..74be616 100644 | |||
90802 | 90586 | ||
90803 | set_fs(KERNEL_DS); | 90587 | set_fs(KERNEL_DS); |
90804 | if (level == SOL_SOCKET) | 90588 | if (level == SOL_SOCKET) |
90805 | @@ -3413,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, | 90589 | @@ -3436,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, |
90806 | char __user *uoptval; | 90590 | char __user *uoptval; |
90807 | int err; | 90591 | int err; |
90808 | 90592 | ||
@@ -91300,18 +91084,6 @@ index c8717c1..08539f5 100644 | |||
91300 | err = handler(dev, info, (union iwreq_data *) iwp, extra); | 91084 | err = handler(dev, info, (union iwreq_data *) iwp, extra); |
91301 | 91085 | ||
91302 | iwp->length += essid_compat; | 91086 | iwp->length += essid_compat; |
91303 | diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c | ||
91304 | index bcfda89..0cf003d 100644 | ||
91305 | --- a/net/xfrm/xfrm_output.c | ||
91306 | +++ b/net/xfrm/xfrm_output.c | ||
91307 | @@ -64,6 +64,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err) | ||
91308 | |||
91309 | if (unlikely(x->km.state != XFRM_STATE_VALID)) { | ||
91310 | XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEINVALID); | ||
91311 | + err = -EINVAL; | ||
91312 | goto error; | ||
91313 | } | ||
91314 | |||
91315 | diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c | 91087 | diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c |
91316 | index 167c67d..3f2ae427 100644 | 91088 | index 167c67d..3f2ae427 100644 |
91317 | --- a/net/xfrm/xfrm_policy.c | 91089 | --- a/net/xfrm/xfrm_policy.c |
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 3f50316571..de622fca84 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/x86 3.9.7 Kernel Configuration | 3 | # Linux/x86 3.9.8 Kernel Configuration |
4 | # | 4 | # |
5 | # CONFIG_64BIT is not set | 5 | # CONFIG_64BIT is not set |
6 | CONFIG_X86_32=y | 6 | CONFIG_X86_32=y |
@@ -5523,6 +5523,7 @@ CONFIG_GRKERNSEC_KMEM=y | |||
5523 | # CONFIG_GRKERNSEC_VM86 is not set | 5523 | # CONFIG_GRKERNSEC_VM86 is not set |
5524 | # CONFIG_GRKERNSEC_IO is not set | 5524 | # CONFIG_GRKERNSEC_IO is not set |
5525 | CONFIG_GRKERNSEC_PERF_HARDEN=y | 5525 | CONFIG_GRKERNSEC_PERF_HARDEN=y |
5526 | # CONFIG_GRKERNSEC_RAND_THREADSTACK is not set | ||
5526 | CONFIG_GRKERNSEC_PROC_MEMMAP=y | 5527 | CONFIG_GRKERNSEC_PROC_MEMMAP=y |
5527 | # CONFIG_GRKERNSEC_BRUTE is not set | 5528 | # CONFIG_GRKERNSEC_BRUTE is not set |
5528 | # CONFIG_GRKERNSEC_MODHARDEN is not set | 5529 | # CONFIG_GRKERNSEC_MODHARDEN is not set |
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index f338d7ad0b..feaf716d88 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/x86 3.9.7 Kernel Configuration | 3 | # Linux/x86 3.9.8 Kernel Configuration |
4 | # | 4 | # |
5 | CONFIG_64BIT=y | 5 | CONFIG_64BIT=y |
6 | CONFIG_X86_64=y | 6 | CONFIG_X86_64=y |
@@ -5460,6 +5460,7 @@ CONFIG_GRKERNSEC_KMEM=y | |||
5460 | # CONFIG_GRKERNSEC_IO is not set | 5460 | # CONFIG_GRKERNSEC_IO is not set |
5461 | CONFIG_GRKERNSEC_JIT_HARDEN=y | 5461 | CONFIG_GRKERNSEC_JIT_HARDEN=y |
5462 | CONFIG_GRKERNSEC_PERF_HARDEN=y | 5462 | CONFIG_GRKERNSEC_PERF_HARDEN=y |
5463 | # CONFIG_GRKERNSEC_RAND_THREADSTACK is not set | ||
5463 | CONFIG_GRKERNSEC_PROC_MEMMAP=y | 5464 | CONFIG_GRKERNSEC_PROC_MEMMAP=y |
5464 | # CONFIG_GRKERNSEC_BRUTE is not set | 5465 | # CONFIG_GRKERNSEC_BRUTE is not set |
5465 | # CONFIG_GRKERNSEC_MODHARDEN is not set | 5466 | # CONFIG_GRKERNSEC_MODHARDEN is not set |