aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-08-06 06:39:23 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-08-07 06:56:26 +0000
commit407aa3d5f3d8f5ac0e2c852b5e651e7a49325641 (patch)
treec95f785140bbb54e1b7a64f190f877052215670b
parente528c1f10f6151dec8c1d84f8bfe1f736e5426fa (diff)
downloadalpine_aports-407aa3d5f3d8f5ac0e2c852b5e651e7a49325641.tar.bz2
alpine_aports-407aa3d5f3d8f5ac0e2c852b5e651e7a49325641.tar.xz
alpine_aports-407aa3d5f3d8f5ac0e2c852b5e651e7a49325641.zip
main/linux-grsec: upgrade to 3.10.5
(cherry picked from commit 2f916b4a5031fccc91681f906ac28f8b7e12c639)
Diffstat
-rw-r--r--main/linux-grsec/APKBUILD16
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.4-201308030031.patch)487
2 files changed, 235 insertions, 268 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 15a08e86df..18702b1cc0 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
2 2
3_flavor=grsec 3_flavor=grsec
4pkgname=linux-${_flavor} 4pkgname=linux-${_flavor}
5pkgver=3.10.4 5pkgver=3.10.5
6case $pkgver in 6case $pkgver in
7*.*.*) _kernver=${pkgver%.*};; 7*.*.*) _kernver=${pkgver%.*};;
8*.*) _kernver=${pkgver};; 8*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
17install= 17install=
18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 18source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz 19 http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
20 grsecurity-2.9.1-3.10.4-201308030031.patch 20 grsecurity-2.9.1-3.10.5-201308052154.patch
21 21
22 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 22 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
23 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 23 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -149,8 +149,8 @@ dev() {
149} 149}
150 150
151md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz 151md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
1522e46ab138670b3171b52b849568cb42f patch-3.10.4.xz 1526366a8d4b0429ab6836c296ba298fb0e patch-3.10.5.xz
15362bb9b34f874425600ada2817ddf23b6 grsecurity-2.9.1-3.10.4-201308030031.patch 153e214ec80b95e11df16f1b8d6a9e617fc grsecurity-2.9.1-3.10.5-201308052154.patch
154a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 154a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
155656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 155656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
156aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 156aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -160,8 +160,8 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p
1601a111abaeb381bf47d9e979a85fba2ee kernelconfig.x86 1601a111abaeb381bf47d9e979a85fba2ee kernelconfig.x86
1611312267644d0c729bd7c7af979b29c8d kernelconfig.x86_64" 1611312267644d0c729bd7c7af979b29c8d kernelconfig.x86_64"
162sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz 162sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
163d8ef39930663cc916e57e06b308a1654f2a03903a3c5a0d3a5503c6d58e2b2b8 patch-3.10.4.xz 163c96b69a10ef5ade798dcaa1867df156ccc9e173225d5aa427d00c6e89246e035 patch-3.10.5.xz
1643acf56b31b85298c56cee026fd01f3b0643c44743bd61476db85f15d9209c72b grsecurity-2.9.1-3.10.4-201308030031.patch 1640fce4515e69d73d580134e8e9ac19b80e0e603315ae259b1954a62f3f444883a grsecurity-2.9.1-3.10.5-201308052154.patch
1656af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 1656af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
166dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 166dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
1670985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 1670985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -171,8 +171,8 @@ fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-
1711ef74cf3703dd26201970a2d9f043fed7e03ad2540a20f810cec8add93f81ccd kernelconfig.x86 1711ef74cf3703dd26201970a2d9f043fed7e03ad2540a20f810cec8add93f81ccd kernelconfig.x86
1721c4b4a74d982fdc8d3baddcdaa674ae4b4a3390daba024fca55e85604af74507 kernelconfig.x86_64" 1721c4b4a74d982fdc8d3baddcdaa674ae4b4a3390daba024fca55e85604af74507 kernelconfig.x86_64"
173sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz 173sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
174382adb3faf7feda6c5dd8f401c0ad0a2dbbc62e33d5f85d4181a56567abdec3be5b5279d35829a3a9a53a54949ea10de3f31c4256eba1f132fda79197af46819 patch-3.10.4.xz 174583c1301ae362a2eee26253b477d78d472d7db1ff736491dcaf67a76a8badcfe103c0cfdde8cd2a0c2becb2017a11d522f417a4754f8838ed88d6f4a42dab738 patch-3.10.5.xz
175e39d89f2c5e20e642488234a7a0967f8f46239e267eb73a1ab2375b4cf58528ebb239e4a47a102b674e0deb7b0aa713a1d037f97a47a77f87dcca8217ffe00ad grsecurity-2.9.1-3.10.4-201308030031.patch 175e56d207163b8c17bd63564ebbe916458ebcc892016216f98f395f3e208229d6533c2cfbe1463400526cde9eed3beb153725ac98ee6dfe27b46ef28679de0a24f grsecurity-2.9.1-3.10.5-201308052154.patch
17681e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 17681e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
17751ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 17751ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
17857d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch 17857d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.4-201308030031.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch
index 9cf4026039..f2633c140b 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.10.4-201308030031.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch
@@ -267,7 +267,7 @@ index 2fe6e76..df58221 100644
267 267
268 pcd. [PARIDE] 268 pcd. [PARIDE]
269diff --git a/Makefile b/Makefile 269diff --git a/Makefile b/Makefile
270index b4df9b2..256e7cc 100644 270index f8349d0..563a504 100644
271--- a/Makefile 271--- a/Makefile
272+++ b/Makefile 272+++ b/Makefile
273@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ 273@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -16647,10 +16647,10 @@ index 230c8ea..f915130 100644
16647 * HP laptops which use a DSDT reporting as HP/SB400/10000, 16647 * HP laptops which use a DSDT reporting as HP/SB400/10000,
16648 * which includes some code which overrides all temperature 16648 * which includes some code which overrides all temperature
16649diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c 16649diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
16650index b44577b..27d8443 100644 16650index ec94e11..7fbbec0 100644
16651--- a/arch/x86/kernel/acpi/sleep.c 16651--- a/arch/x86/kernel/acpi/sleep.c
16652+++ b/arch/x86/kernel/acpi/sleep.c 16652+++ b/arch/x86/kernel/acpi/sleep.c
16653@@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) 16653@@ -88,8 +88,12 @@ int acpi_suspend_lowlevel(void)
16654 #else /* CONFIG_64BIT */ 16654 #else /* CONFIG_64BIT */
16655 #ifdef CONFIG_SMP 16655 #ifdef CONFIG_SMP
16656 stack_start = (unsigned long)temp_stack + sizeof(temp_stack); 16656 stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
@@ -17650,7 +17650,7 @@ index e9a701a..35317d6 100644
17650 wmb(); 17650 wmb();
17651 17651
17652diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c 17652diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
17653index 726bf96..81f0526 100644 17653index ca22b73..9987afe 100644
17654--- a/arch/x86/kernel/cpu/mtrr/main.c 17654--- a/arch/x86/kernel/cpu/mtrr/main.c
17655+++ b/arch/x86/kernel/cpu/mtrr/main.c 17655+++ b/arch/x86/kernel/cpu/mtrr/main.c
17656@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); 17656@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex);
@@ -20620,7 +20620,7 @@ index 73afd11..d1670f5 100644
20620+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0 20620+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
20621+ .endr 20621+ .endr
20622diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S 20622diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
20623index 321d65e..863089b 100644 20623index a836860..bdeb7a5 100644
20624--- a/arch/x86/kernel/head_64.S 20624--- a/arch/x86/kernel/head_64.S
20625+++ b/arch/x86/kernel/head_64.S 20625+++ b/arch/x86/kernel/head_64.S
20626@@ -20,6 +20,8 @@ 20626@@ -20,6 +20,8 @@
@@ -20862,25 +20862,23 @@ index 321d65e..863089b 100644
20862 #include "../../x86/xen/xen-head.S" 20862 #include "../../x86/xen/xen-head.S"
20863- 20863-
20864- .section .bss, "aw", @nobits 20864- .section .bss, "aw", @nobits
20865- .align L1_CACHE_BYTES 20865+
20866-ENTRY(idt_table) 20866+ .section .rodata,"a",@progbits
20867+NEXT_PAGE(empty_zero_page)
20868+ .skip PAGE_SIZE
20869+
20870 .align PAGE_SIZE
20871 ENTRY(idt_table)
20867- .skip IDT_ENTRIES * 16 20872- .skip IDT_ENTRIES * 16
20873+ .fill 512,8,0
20868 20874
20869- .align L1_CACHE_BYTES 20875 .align L1_CACHE_BYTES
20870-ENTRY(nmi_idt_table) 20876 ENTRY(nmi_idt_table)
20871- .skip IDT_ENTRIES * 16 20877- .skip IDT_ENTRIES * 16
20872- 20878-
20873- __PAGE_ALIGNED_BSS 20879- __PAGE_ALIGNED_BSS
20874+ .section .rodata,"a",@progbits 20880-NEXT_PAGE(empty_zero_page)
20875 NEXT_PAGE(empty_zero_page) 20881- .skip PAGE_SIZE
20876 .skip PAGE_SIZE
20877+
20878+ .align L1_CACHE_BYTES
20879+ENTRY(idt_table)
20880+ .fill 512,8,0
20881+
20882+ .align L1_CACHE_BYTES
20883+ENTRY(nmi_idt_table)
20884+ .fill 512,8,0 20882+ .fill 512,8,0
20885diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c 20883diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
20886index 0fa6912..37fce70 100644 20884index 0fa6912..37fce70 100644
@@ -35636,7 +35634,7 @@ index e913d32..4d9b351 100644
35636 if (IS_GEN6(dev) || IS_GEN7(dev)) { 35634 if (IS_GEN6(dev) || IS_GEN7(dev)) {
35637 seq_printf(m, 35635 seq_printf(m,
35638diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c 35636diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
35639index 3b315ba..aac280f 100644 35637index f968590..19115e35 100644
35640--- a/drivers/gpu/drm/i915/i915_dma.c 35638--- a/drivers/gpu/drm/i915/i915_dma.c
35641+++ b/drivers/gpu/drm/i915/i915_dma.c 35639+++ b/drivers/gpu/drm/i915/i915_dma.c
35642@@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) 35640@@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
@@ -35649,10 +35647,10 @@ index 3b315ba..aac280f 100644
35649 return can_switch; 35647 return can_switch;
35650 } 35648 }
35651diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h 35649diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
35652index 9669a0b..bb65176 100644 35650index 47d8b68..52f5d8d 100644
35653--- a/drivers/gpu/drm/i915/i915_drv.h 35651--- a/drivers/gpu/drm/i915/i915_drv.h
35654+++ b/drivers/gpu/drm/i915/i915_drv.h 35652+++ b/drivers/gpu/drm/i915/i915_drv.h
35655@@ -915,7 +915,7 @@ typedef struct drm_i915_private { 35653@@ -916,7 +916,7 @@ typedef struct drm_i915_private {
35656 drm_dma_handle_t *status_page_dmah; 35654 drm_dma_handle_t *status_page_dmah;
35657 struct resource mch_res; 35655 struct resource mch_res;
35658 35656
@@ -35661,7 +35659,7 @@ index 9669a0b..bb65176 100644
35661 35659
35662 /* protects the irq masks */ 35660 /* protects the irq masks */
35663 spinlock_t irq_lock; 35661 spinlock_t irq_lock;
35664@@ -1811,7 +1811,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( 35662@@ -1813,7 +1813,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
35665 struct drm_i915_private *dev_priv, unsigned port); 35663 struct drm_i915_private *dev_priv, unsigned port);
35666 extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); 35664 extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
35667 extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); 35665 extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -35825,10 +35823,10 @@ index e5e32869..1678f36 100644
35825 iir = I915_READ(IIR); 35823 iir = I915_READ(IIR);
35826 35824
35827diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c 35825diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
35828index 56746dc..b5a214f 100644 35826index e1f4e6e..c94a4b3 100644
35829--- a/drivers/gpu/drm/i915/intel_display.c 35827--- a/drivers/gpu/drm/i915/intel_display.c
35830+++ b/drivers/gpu/drm/i915/intel_display.c 35828+++ b/drivers/gpu/drm/i915/intel_display.c
35831@@ -8919,13 +8919,13 @@ struct intel_quirk { 35829@@ -8933,13 +8933,13 @@ struct intel_quirk {
35832 int subsystem_vendor; 35830 int subsystem_vendor;
35833 int subsystem_device; 35831 int subsystem_device;
35834 void (*hook)(struct drm_device *dev); 35832 void (*hook)(struct drm_device *dev);
@@ -35844,7 +35842,7 @@ index 56746dc..b5a214f 100644
35844 35842
35845 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) 35843 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
35846 { 35844 {
35847@@ -8933,18 +8933,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) 35845@@ -8947,18 +8947,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
35848 return 1; 35846 return 1;
35849 } 35847 }
35850 35848
@@ -38401,10 +38399,10 @@ index 5a2c754..0fa55db 100644
38401 38399
38402 seq_printf(seq, "\n"); 38400 seq_printf(seq, "\n");
38403diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c 38401diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
38404index aa04f02..2a1309e 100644 38402index 81a79b7..87a0f73 100644
38405--- a/drivers/md/dm-ioctl.c 38403--- a/drivers/md/dm-ioctl.c
38406+++ b/drivers/md/dm-ioctl.c 38404+++ b/drivers/md/dm-ioctl.c
38407@@ -1694,7 +1694,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) 38405@@ -1697,7 +1697,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
38408 cmd == DM_LIST_VERSIONS_CMD) 38406 cmd == DM_LIST_VERSIONS_CMD)
38409 return 0; 38407 return 0;
38410 38408
@@ -38567,7 +38565,7 @@ index 60bce43..9b997d0 100644
38567 pmd->bl_info.value_type.inc = data_block_inc; 38565 pmd->bl_info.value_type.inc = data_block_inc;
38568 pmd->bl_info.value_type.dec = data_block_dec; 38566 pmd->bl_info.value_type.dec = data_block_dec;
38569diff --git a/drivers/md/dm.c b/drivers/md/dm.c 38567diff --git a/drivers/md/dm.c b/drivers/md/dm.c
38570index d5370a9..8761bbc 100644 38568index 33f2010..23fb84c 100644
38571--- a/drivers/md/dm.c 38569--- a/drivers/md/dm.c
38572+++ b/drivers/md/dm.c 38570+++ b/drivers/md/dm.c
38573@@ -169,9 +169,9 @@ struct mapped_device { 38571@@ -169,9 +169,9 @@ struct mapped_device {
@@ -38582,7 +38580,7 @@ index d5370a9..8761bbc 100644
38582 struct list_head uevent_list; 38580 struct list_head uevent_list;
38583 spinlock_t uevent_lock; /* Protect access to uevent_list */ 38581 spinlock_t uevent_lock; /* Protect access to uevent_list */
38584 38582
38585@@ -1877,8 +1877,8 @@ static struct mapped_device *alloc_dev(int minor) 38583@@ -1884,8 +1884,8 @@ static struct mapped_device *alloc_dev(int minor)
38586 rwlock_init(&md->map_lock); 38584 rwlock_init(&md->map_lock);
38587 atomic_set(&md->holders, 1); 38585 atomic_set(&md->holders, 1);
38588 atomic_set(&md->open_count, 0); 38586 atomic_set(&md->open_count, 0);
@@ -38593,7 +38591,7 @@ index d5370a9..8761bbc 100644
38593 INIT_LIST_HEAD(&md->uevent_list); 38591 INIT_LIST_HEAD(&md->uevent_list);
38594 spin_lock_init(&md->uevent_lock); 38592 spin_lock_init(&md->uevent_lock);
38595 38593
38596@@ -2026,7 +2026,7 @@ static void event_callback(void *context) 38594@@ -2033,7 +2033,7 @@ static void event_callback(void *context)
38597 38595
38598 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); 38596 dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
38599 38597
@@ -38602,7 +38600,7 @@ index d5370a9..8761bbc 100644
38602 wake_up(&md->eventq); 38600 wake_up(&md->eventq);
38603 } 38601 }
38604 38602
38605@@ -2683,18 +2683,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, 38603@@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
38606 38604
38607 uint32_t dm_next_uevent_seq(struct mapped_device *md) 38605 uint32_t dm_next_uevent_seq(struct mapped_device *md)
38608 { 38606 {
@@ -38625,7 +38623,7 @@ index d5370a9..8761bbc 100644
38625 38623
38626 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) 38624 void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
38627diff --git a/drivers/md/md.c b/drivers/md/md.c 38625diff --git a/drivers/md/md.c b/drivers/md/md.c
38628index 9b82377..6b6922d 100644 38626index 51f0345..c77810e 100644
38629--- a/drivers/md/md.c 38627--- a/drivers/md/md.c
38630+++ b/drivers/md/md.c 38628+++ b/drivers/md/md.c
38631@@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); 38629@@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
@@ -38775,7 +38773,7 @@ index 3e6d115..ffecdeb 100644
38775 /*----------------------------------------------------------------*/ 38773 /*----------------------------------------------------------------*/
38776 38774
38777diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c 38775diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
38778index 6e17f81..140f717 100644 38776index 6f48244..7d29145 100644
38779--- a/drivers/md/raid1.c 38777--- a/drivers/md/raid1.c
38780+++ b/drivers/md/raid1.c 38778+++ b/drivers/md/raid1.c
38781@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) 38779@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
@@ -38787,7 +38785,7 @@ index 6e17f81..140f717 100644
38787 } 38785 }
38788 sectors -= s; 38786 sectors -= s;
38789 sect += s; 38787 sect += s;
38790@@ -2042,7 +2042,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, 38788@@ -2049,7 +2049,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
38791 test_bit(In_sync, &rdev->flags)) { 38789 test_bit(In_sync, &rdev->flags)) {
38792 if (r1_sync_page_io(rdev, sect, s, 38790 if (r1_sync_page_io(rdev, sect, s,
38793 conf->tmppage, READ)) { 38791 conf->tmppage, READ)) {
@@ -38797,7 +38795,7 @@ index 6e17f81..140f717 100644
38797 "md/raid1:%s: read error corrected " 38795 "md/raid1:%s: read error corrected "
38798 "(%d sectors at %llu on %s)\n", 38796 "(%d sectors at %llu on %s)\n",
38799diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c 38797diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
38800index d61eb7e..adfd00a 100644 38798index 081bb33..3c4b287 100644
38801--- a/drivers/md/raid10.c 38799--- a/drivers/md/raid10.c
38802+++ b/drivers/md/raid10.c 38800+++ b/drivers/md/raid10.c
38803@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error) 38801@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error)
@@ -38809,7 +38807,7 @@ index d61eb7e..adfd00a 100644
38809 &conf->mirrors[d].rdev->corrected_errors); 38807 &conf->mirrors[d].rdev->corrected_errors);
38810 38808
38811 /* for reconstruct, we always reschedule after a read. 38809 /* for reconstruct, we always reschedule after a read.
38812@@ -2292,7 +2292,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) 38810@@ -2298,7 +2298,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
38813 { 38811 {
38814 struct timespec cur_time_mon; 38812 struct timespec cur_time_mon;
38815 unsigned long hours_since_last; 38813 unsigned long hours_since_last;
@@ -38818,7 +38816,7 @@ index d61eb7e..adfd00a 100644
38818 38816
38819 ktime_get_ts(&cur_time_mon); 38817 ktime_get_ts(&cur_time_mon);
38820 38818
38821@@ -2314,9 +2314,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) 38819@@ -2320,9 +2320,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
38822 * overflowing the shift of read_errors by hours_since_last. 38820 * overflowing the shift of read_errors by hours_since_last.
38823 */ 38821 */
38824 if (hours_since_last >= 8 * sizeof(read_errors)) 38822 if (hours_since_last >= 8 * sizeof(read_errors))
@@ -38830,7 +38828,7 @@ index d61eb7e..adfd00a 100644
38830 } 38828 }
38831 38829
38832 static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, 38830 static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
38833@@ -2370,8 +2370,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 38831@@ -2376,8 +2376,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
38834 return; 38832 return;
38835 38833
38836 check_decay_read_errors(mddev, rdev); 38834 check_decay_read_errors(mddev, rdev);
@@ -38841,7 +38839,7 @@ index d61eb7e..adfd00a 100644
38841 char b[BDEVNAME_SIZE]; 38839 char b[BDEVNAME_SIZE];
38842 bdevname(rdev->bdev, b); 38840 bdevname(rdev->bdev, b);
38843 38841
38844@@ -2379,7 +2379,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 38842@@ -2385,7 +2385,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
38845 "md/raid10:%s: %s: Raid device exceeded " 38843 "md/raid10:%s: %s: Raid device exceeded "
38846 "read_error threshold [cur %d:max %d]\n", 38844 "read_error threshold [cur %d:max %d]\n",
38847 mdname(mddev), b, 38845 mdname(mddev), b,
@@ -38850,7 +38848,7 @@ index d61eb7e..adfd00a 100644
38850 printk(KERN_NOTICE 38848 printk(KERN_NOTICE
38851 "md/raid10:%s: %s: Failing raid device\n", 38849 "md/raid10:%s: %s: Failing raid device\n",
38852 mdname(mddev), b); 38850 mdname(mddev), b);
38853@@ -2534,7 +2534,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 38851@@ -2540,7 +2540,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
38854 sect + 38852 sect +
38855 choose_data_offset(r10_bio, rdev)), 38853 choose_data_offset(r10_bio, rdev)),
38856 bdevname(rdev->bdev, b)); 38854 bdevname(rdev->bdev, b));
@@ -38860,7 +38858,7 @@ index d61eb7e..adfd00a 100644
38860 38858
38861 rdev_dec_pending(rdev, mddev); 38859 rdev_dec_pending(rdev, mddev);
38862diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c 38860diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
38863index 05e4a10..48fbe37 100644 38861index a35b846..e295c6d 100644
38864--- a/drivers/md/raid5.c 38862--- a/drivers/md/raid5.c
38865+++ b/drivers/md/raid5.c 38863+++ b/drivers/md/raid5.c
38866@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error) 38864@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -40348,6 +40346,37 @@ index b0c3de9..fc5857e 100644
40348 } else { 40346 } else {
40349 return -EIO; 40347 return -EIO;
40350 } 40348 }
40349diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
40350index 6acf82b..14b097e 100644
40351--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
40352+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
40353@@ -206,10 +206,10 @@ int qlcnic_fw_cmd_set_drv_version(struct qlcnic_adapter *adapter)
40354 if (err) {
40355 dev_info(&adapter->pdev->dev,
40356 "Failed to set driver version in firmware\n");
40357- return -EIO;
40358+ err = -EIO;
40359 }
40360-
40361- return 0;
40362+ qlcnic_free_mbx_args(&cmd);
40363+ return err;
40364 }
40365
40366 int
40367diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
40368index d3f8797..82a03d3 100644
40369--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
40370+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
40371@@ -262,7 +262,7 @@ void qlcnic_82xx_change_filter(struct qlcnic_adapter *adapter, u64 *uaddr,
40372
40373 mac_req = (struct qlcnic_mac_req *)&(req->words[0]);
40374 mac_req->op = vlan_id ? QLCNIC_MAC_VLAN_ADD : QLCNIC_MAC_ADD;
40375- memcpy(mac_req->mac_addr, &uaddr, ETH_ALEN);
40376+ memcpy(mac_req->mac_addr, uaddr, ETH_ALEN);
40377
40378 vlan_req = (struct qlcnic_vlan_req *)&req->words[1];
40379 vlan_req->vlan_id = cpu_to_le16(vlan_id);
40351diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c 40380diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
40352index 393f961..d343034 100644 40381index 393f961..d343034 100644
40353--- a/drivers/net/ethernet/realtek/r8169.c 40382--- a/drivers/net/ethernet/realtek/r8169.c
@@ -43062,10 +43091,10 @@ index f379c7f..e8fc69c 100644
43062 43091
43063 transport_setup_device(&rport->dev); 43092 transport_setup_device(&rport->dev);
43064diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c 43093diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
43065index 1b1125e..31a2019 100644 43094index 610417e..1544fa9 100644
43066--- a/drivers/scsi/sd.c 43095--- a/drivers/scsi/sd.c
43067+++ b/drivers/scsi/sd.c 43096+++ b/drivers/scsi/sd.c
43068@@ -2936,7 +2936,7 @@ static int sd_probe(struct device *dev) 43097@@ -2928,7 +2928,7 @@ static int sd_probe(struct device *dev)
43069 sdkp->disk = gd; 43098 sdkp->disk = gd;
43070 sdkp->index = index; 43099 sdkp->index = index;
43071 atomic_set(&sdkp->openers, 0); 43100 atomic_set(&sdkp->openers, 0);
@@ -44412,7 +44441,7 @@ index 1afe192..73d2c20 100644
44412 kfree(ld); 44441 kfree(ld);
44413 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); 44442 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
44414diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c 44443diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
44415index 121aeb9..0d2c4b9 100644 44444index f597e88..b7f68ed 100644
44416--- a/drivers/tty/tty_port.c 44445--- a/drivers/tty/tty_port.c
44417+++ b/drivers/tty/tty_port.c 44446+++ b/drivers/tty/tty_port.c
44418@@ -232,7 +232,7 @@ void tty_port_hangup(struct tty_port *port) 44447@@ -232,7 +232,7 @@ void tty_port_hangup(struct tty_port *port)
@@ -44424,7 +44453,7 @@ index 121aeb9..0d2c4b9 100644
44424 port->flags &= ~ASYNC_NORMAL_ACTIVE; 44453 port->flags &= ~ASYNC_NORMAL_ACTIVE;
44425 tty = port->tty; 44454 tty = port->tty;
44426 if (tty) 44455 if (tty)
44427@@ -391,7 +391,7 @@ int tty_port_block_til_ready(struct tty_port *port, 44456@@ -390,7 +390,7 @@ int tty_port_block_til_ready(struct tty_port *port,
44428 /* The port lock protects the port counts */ 44457 /* The port lock protects the port counts */
44429 spin_lock_irqsave(&port->lock, flags); 44458 spin_lock_irqsave(&port->lock, flags);
44430 if (!tty_hung_up_p(filp)) 44459 if (!tty_hung_up_p(filp))
@@ -44433,7 +44462,7 @@ index 121aeb9..0d2c4b9 100644
44433 port->blocked_open++; 44462 port->blocked_open++;
44434 spin_unlock_irqrestore(&port->lock, flags); 44463 spin_unlock_irqrestore(&port->lock, flags);
44435 44464
44436@@ -433,7 +433,7 @@ int tty_port_block_til_ready(struct tty_port *port, 44465@@ -432,7 +432,7 @@ int tty_port_block_til_ready(struct tty_port *port,
44437 we must not mess that up further */ 44466 we must not mess that up further */
44438 spin_lock_irqsave(&port->lock, flags); 44467 spin_lock_irqsave(&port->lock, flags);
44439 if (!tty_hung_up_p(filp)) 44468 if (!tty_hung_up_p(filp))
@@ -44442,7 +44471,7 @@ index 121aeb9..0d2c4b9 100644
44442 port->blocked_open--; 44471 port->blocked_open--;
44443 if (retval == 0) 44472 if (retval == 0)
44444 port->flags |= ASYNC_NORMAL_ACTIVE; 44473 port->flags |= ASYNC_NORMAL_ACTIVE;
44445@@ -467,19 +467,19 @@ int tty_port_close_start(struct tty_port *port, 44474@@ -466,19 +466,19 @@ int tty_port_close_start(struct tty_port *port,
44446 return 0; 44475 return 0;
44447 } 44476 }
44448 44477
@@ -44469,7 +44498,7 @@ index 121aeb9..0d2c4b9 100644
44469 spin_unlock_irqrestore(&port->lock, flags); 44498 spin_unlock_irqrestore(&port->lock, flags);
44470 if (port->ops->drop) 44499 if (port->ops->drop)
44471 port->ops->drop(port); 44500 port->ops->drop(port);
44472@@ -565,7 +565,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, 44501@@ -564,7 +564,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
44473 { 44502 {
44474 spin_lock_irq(&port->lock); 44503 spin_lock_irq(&port->lock);
44475 if (!tty_hung_up_p(filp)) 44504 if (!tty_hung_up_p(filp))
@@ -48683,7 +48712,7 @@ index bce8769..7fc7544 100644
48683 fd_offset + ex.a_text); 48712 fd_offset + ex.a_text);
48684 if (error != N_DATADDR(ex)) { 48713 if (error != N_DATADDR(ex)) {
48685diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c 48714diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
48686index f8a0b0e..8c841c3 100644 48715index f8a0b0e..6f036ed 100644
48687--- a/fs/binfmt_elf.c 48716--- a/fs/binfmt_elf.c
48688+++ b/fs/binfmt_elf.c 48717+++ b/fs/binfmt_elf.c
48689@@ -34,6 +34,7 @@ 48718@@ -34,6 +34,7 @@
@@ -49497,7 +49526,7 @@ index f8a0b0e..8c841c3 100644
49497+ unsigned long oldflags; 49526+ unsigned long oldflags;
49498+ bool is_textrel_rw, is_textrel_rx, is_relro; 49527+ bool is_textrel_rw, is_textrel_rx, is_relro;
49499+ 49528+
49500+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT)) 49529+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT) || !vma->vm_file)
49501+ return; 49530+ return;
49502+ 49531+
49503+ oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ); 49532+ oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
@@ -49505,15 +49534,15 @@ index f8a0b0e..8c841c3 100644
49505+ 49534+
49506+#ifdef CONFIG_PAX_ELFRELOCS 49535+#ifdef CONFIG_PAX_ELFRELOCS
49507+ /* possible TEXTREL */ 49536+ /* possible TEXTREL */
49508+ is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ); 49537+ is_textrel_rw = !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
49509+ is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ); 49538+ is_textrel_rx = vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
49510+#else 49539+#else
49511+ is_textrel_rw = false; 49540+ is_textrel_rw = false;
49512+ is_textrel_rx = false; 49541+ is_textrel_rx = false;
49513+#endif 49542+#endif
49514+ 49543+
49515+ /* possible RELRO */ 49544+ /* possible RELRO */
49516+ is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ); 49545+ is_relro = vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
49517+ 49546+
49518+ if (!is_textrel_rw && !is_textrel_rx && !is_relro) 49547+ if (!is_textrel_rw && !is_textrel_rx && !is_relro)
49519+ return; 49548+ return;
@@ -54516,10 +54545,10 @@ index e76244e..9fe8f2f1 100644
54516 /* Don't cache excessive amounts of data and XDR failures */ 54545 /* Don't cache excessive amounts of data and XDR failures */
54517 if (!statp || len > (256 >> 2)) { 54546 if (!statp || len > (256 >> 2)) {
54518diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c 54547diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
54519index 84ce601..633d226 100644 54548index baf149a..76b86ad 100644
54520--- a/fs/nfsd/vfs.c 54549--- a/fs/nfsd/vfs.c
54521+++ b/fs/nfsd/vfs.c 54550+++ b/fs/nfsd/vfs.c
54522@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, 54551@@ -940,7 +940,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
54523 } else { 54552 } else {
54524 oldfs = get_fs(); 54553 oldfs = get_fs();
54525 set_fs(KERNEL_DS); 54554 set_fs(KERNEL_DS);
@@ -54528,7 +54557,7 @@ index 84ce601..633d226 100644
54528 set_fs(oldfs); 54557 set_fs(oldfs);
54529 } 54558 }
54530 54559
54531@@ -1026,7 +1026,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, 54560@@ -1027,7 +1027,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
54532 54561
54533 /* Write the data. */ 54562 /* Write the data. */
54534 oldfs = get_fs(); set_fs(KERNEL_DS); 54563 oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -54537,7 +54566,7 @@ index 84ce601..633d226 100644
54537 set_fs(oldfs); 54566 set_fs(oldfs);
54538 if (host_err < 0) 54567 if (host_err < 0)
54539 goto out_nfserr; 54568 goto out_nfserr;
54540@@ -1572,7 +1572,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) 54569@@ -1573,7 +1573,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
54541 */ 54570 */
54542 54571
54543 oldfs = get_fs(); set_fs(KERNEL_DS); 54572 oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -56975,63 +57004,6 @@ index 04ce1ac..a13dd1e 100644
56975 57004
56976 generic_fillattr(inode, stat); 57005 generic_fillattr(inode, stat);
56977 return 0; 57006 return 0;
56978diff --git a/fs/super.c b/fs/super.c
56979index 7465d43..68307c0 100644
56980--- a/fs/super.c
56981+++ b/fs/super.c
56982@@ -336,19 +336,19 @@ EXPORT_SYMBOL(deactivate_super);
56983 * and want to turn it into a full-blown active reference. grab_super()
56984 * is called with sb_lock held and drops it. Returns 1 in case of
56985 * success, 0 if we had failed (superblock contents was already dead or
56986- * dying when grab_super() had been called).
56987+ * dying when grab_super() had been called). Note that this is only
56988+ * called for superblocks not in rundown mode (== ones still on ->fs_supers
56989+ * of their type), so increment of ->s_count is OK here.
56990 */
56991 static int grab_super(struct super_block *s) __releases(sb_lock)
56992 {
56993- if (atomic_inc_not_zero(&s->s_active)) {
56994- spin_unlock(&sb_lock);
56995- return 1;
56996- }
56997- /* it's going away */
56998 s->s_count++;
56999 spin_unlock(&sb_lock);
57000- /* wait for it to die */
57001 down_write(&s->s_umount);
57002+ if ((s->s_flags & MS_BORN) && atomic_inc_not_zero(&s->s_active)) {
57003+ put_super(s);
57004+ return 1;
57005+ }
57006 up_write(&s->s_umount);
57007 put_super(s);
57008 return 0;
57009@@ -463,11 +463,6 @@ retry:
57010 destroy_super(s);
57011 s = NULL;
57012 }
57013- down_write(&old->s_umount);
57014- if (unlikely(!(old->s_flags & MS_BORN))) {
57015- deactivate_locked_super(old);
57016- goto retry;
57017- }
57018 return old;
57019 }
57020 }
57021@@ -660,10 +655,10 @@ restart:
57022 if (hlist_unhashed(&sb->s_instances))
57023 continue;
57024 if (sb->s_bdev == bdev) {
57025- if (grab_super(sb)) /* drops sb_lock */
57026- return sb;
57027- else
57028+ if (!grab_super(sb))
57029 goto restart;
57030+ up_write(&sb->s_umount);
57031+ return sb;
57032 }
57033 }
57034 spin_unlock(&sb_lock);
57035diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c 57007diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
57036index 15c68f9..36a8b3e 100644 57008index 15c68f9..36a8b3e 100644
57037--- a/fs/sysfs/bin.c 57009--- a/fs/sysfs/bin.c
@@ -58499,7 +58471,7 @@ index 0000000..36845aa
58499+endif 58471+endif
58500diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c 58472diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
58501new file mode 100644 58473new file mode 100644
58502index 0000000..6907918 58474index 0000000..c0793fd
58503--- /dev/null 58475--- /dev/null
58504+++ b/grsecurity/gracl.c 58476+++ b/grsecurity/gracl.c
58505@@ -0,0 +1,4178 @@ 58477@@ -0,0 +1,4178 @@
@@ -61757,7 +61729,7 @@ index 0000000..6907918
61757+ unsigned char *sprole_sum = NULL; 61729+ unsigned char *sprole_sum = NULL;
61758+ int error = 0; 61730+ int error = 0;
61759+ int error2 = 0; 61731+ int error2 = 0;
61760+ size_t req_count; 61732+ size_t req_count = 0;
61761+ 61733+
61762+ mutex_lock(&gr_dev_mutex); 61734+ mutex_lock(&gr_dev_mutex);
61763+ 61735+
@@ -76398,7 +76370,7 @@ index 7bb73f9..d7978ed 100644
76398 { 76370 {
76399 struct signal_struct *sig = current->signal; 76371 struct signal_struct *sig = current->signal;
76400diff --git a/kernel/fork.c b/kernel/fork.c 76372diff --git a/kernel/fork.c b/kernel/fork.c
76401index 987b28a..e0102b2 100644 76373index 987b28a..11ee8a5 100644
76402--- a/kernel/fork.c 76374--- a/kernel/fork.c
76403+++ b/kernel/fork.c 76375+++ b/kernel/fork.c
76404@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) 76376@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
@@ -76684,31 +76656,7 @@ index 987b28a..e0102b2 100644
76684 return ERR_PTR(retval); 76656 return ERR_PTR(retval);
76685 } 76657 }
76686 76658
76687@@ -1579,6 +1639,23 @@ long do_fork(unsigned long clone_flags, 76659@@ -1613,6 +1673,8 @@ long do_fork(unsigned long clone_flags,
76688 return -EINVAL;
76689 }
76690
76691+#ifdef CONFIG_GRKERNSEC
76692+ if (clone_flags & CLONE_NEWUSER) {
76693+ /*
76694+ * This doesn't really inspire confidence:
76695+ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
76696+ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
76697+ * Increases kernel attack surface in areas developers
76698+ * previously cared little about ("low importance due
76699+ * to requiring "root" capability")
76700+ * To be removed when this code receives *proper* review
76701+ */
76702+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
76703+ !capable(CAP_SETGID))
76704+ return -EPERM;
76705+ }
76706+#endif
76707+
76708 /*
76709 * Determine whether and which event to report to ptracer. When
76710 * called from kernel_thread or CLONE_UNTRACED is explicitly
76711@@ -1613,6 +1690,8 @@ long do_fork(unsigned long clone_flags,
76712 if (clone_flags & CLONE_PARENT_SETTID) 76660 if (clone_flags & CLONE_PARENT_SETTID)
76713 put_user(nr, parent_tidptr); 76661 put_user(nr, parent_tidptr);
76714 76662
@@ -76717,7 +76665,7 @@ index 987b28a..e0102b2 100644
76717 if (clone_flags & CLONE_VFORK) { 76665 if (clone_flags & CLONE_VFORK) {
76718 p->vfork_done = &vfork; 76666 p->vfork_done = &vfork;
76719 init_completion(&vfork); 76667 init_completion(&vfork);
76720@@ -1723,7 +1802,7 @@ void __init proc_caches_init(void) 76668@@ -1723,7 +1785,7 @@ void __init proc_caches_init(void)
76721 mm_cachep = kmem_cache_create("mm_struct", 76669 mm_cachep = kmem_cache_create("mm_struct",
76722 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, 76670 sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
76723 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); 76671 SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
@@ -76726,7 +76674,7 @@ index 987b28a..e0102b2 100644
76726 mmap_init(); 76674 mmap_init();
76727 nsproxy_cache_init(); 76675 nsproxy_cache_init();
76728 } 76676 }
76729@@ -1763,7 +1842,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) 76677@@ -1763,7 +1825,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
76730 return 0; 76678 return 0;
76731 76679
76732 /* don't need lock here; in the worst case we'll do useless copy */ 76680 /* don't need lock here; in the worst case we'll do useless copy */
@@ -76735,7 +76683,7 @@ index 987b28a..e0102b2 100644
76735 return 0; 76683 return 0;
76736 76684
76737 *new_fsp = copy_fs_struct(fs); 76685 *new_fsp = copy_fs_struct(fs);
76738@@ -1875,7 +1954,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) 76686@@ -1875,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
76739 fs = current->fs; 76687 fs = current->fs;
76740 spin_lock(&fs->lock); 76688 spin_lock(&fs->lock);
76741 current->fs = new_fs; 76689 current->fs = new_fs;
@@ -81051,10 +80999,10 @@ index e444ff8..438b8f4 100644
81051 *data_page = bpage; 80999 *data_page = bpage;
81052 81000
81053diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c 81001diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
81054index 0b936d8..306a7eb 100644 81002index f7bc3ce..b8ef9b5 100644
81055--- a/kernel/trace/trace.c 81003--- a/kernel/trace/trace.c
81056+++ b/kernel/trace/trace.c 81004+++ b/kernel/trace/trace.c
81057@@ -3302,7 +3302,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) 81005@@ -3303,7 +3303,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
81058 return 0; 81006 return 0;
81059 } 81007 }
81060 81008
@@ -81077,10 +81025,10 @@ index 51b4448..7be601f 100644
81077 /* 81025 /*
81078 * Normal trace_printk() and friends allocates special buffers 81026 * Normal trace_printk() and friends allocates special buffers
81079diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c 81027diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
81080index 6dfd48b..a6d88d0 100644 81028index 6953263..2004e16 100644
81081--- a/kernel/trace/trace_events.c 81029--- a/kernel/trace/trace_events.c
81082+++ b/kernel/trace/trace_events.c 81030+++ b/kernel/trace/trace_events.c
81083@@ -1731,10 +1731,6 @@ static LIST_HEAD(ftrace_module_file_list); 81031@@ -1748,10 +1748,6 @@ static LIST_HEAD(ftrace_module_file_list);
81084 struct ftrace_module_file_ops { 81032 struct ftrace_module_file_ops {
81085 struct list_head list; 81033 struct list_head list;
81086 struct module *mod; 81034 struct module *mod;
@@ -81091,7 +81039,7 @@ index 6dfd48b..a6d88d0 100644
81091 }; 81039 };
81092 81040
81093 static struct ftrace_module_file_ops * 81041 static struct ftrace_module_file_ops *
81094@@ -1775,17 +1771,12 @@ trace_create_file_ops(struct module *mod) 81042@@ -1792,17 +1788,12 @@ trace_create_file_ops(struct module *mod)
81095 81043
81096 file_ops->mod = mod; 81044 file_ops->mod = mod;
81097 81045
@@ -81115,7 +81063,7 @@ index 6dfd48b..a6d88d0 100644
81115 81063
81116 list_add(&file_ops->list, &ftrace_module_file_list); 81064 list_add(&file_ops->list, &ftrace_module_file_list);
81117 81065
81118@@ -1878,8 +1869,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call, 81066@@ -1895,8 +1886,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call,
81119 struct ftrace_module_file_ops *file_ops) 81067 struct ftrace_module_file_ops *file_ops)
81120 { 81068 {
81121 return __trace_add_new_event(call, tr, 81069 return __trace_add_new_event(call, tr,
@@ -81214,10 +81162,55 @@ index b20428c..4845a10 100644
81214 81162
81215 local_irq_save(flags); 81163 local_irq_save(flags);
81216diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c 81164diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
81217index d8c30db..e065e89 100644 81165index d8c30db..f2f6af5 100644
81218--- a/kernel/user_namespace.c 81166--- a/kernel/user_namespace.c
81219+++ b/kernel/user_namespace.c 81167+++ b/kernel/user_namespace.c
81220@@ -853,7 +853,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) 81168@@ -79,6 +79,21 @@ int create_user_ns(struct cred *new)
81169 !kgid_has_mapping(parent_ns, group))
81170 return -EPERM;
81171
81172+#ifdef CONFIG_GRKERNSEC
81173+ /*
81174+ * This doesn't really inspire confidence:
81175+ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
81176+ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
81177+ * Increases kernel attack surface in areas developers
81178+ * previously cared little about ("low importance due
81179+ * to requiring "root" capability")
81180+ * To be removed when this code receives *proper* review
81181+ */
81182+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
81183+ !capable(CAP_SETGID))
81184+ return -EPERM;
81185+#endif
81186+
81187 ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
81188 if (!ns)
81189 return -ENOMEM;
81190@@ -105,6 +120,7 @@ int create_user_ns(struct cred *new)
81191 int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
81192 {
81193 struct cred *cred;
81194+ int err;
81195
81196 if (!(unshare_flags & CLONE_NEWUSER))
81197 return 0;
81198@@ -113,8 +129,12 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred)
81199 if (!cred)
81200 return -ENOMEM;
81201
81202- *new_cred = cred;
81203- return create_user_ns(cred);
81204+ err = create_user_ns(cred);
81205+ if (err)
81206+ put_cred(cred);
81207+ else
81208+ *new_cred = cred;
81209+ return err;
81210 }
81211
81212 void free_user_ns(struct user_namespace *ns)
81213@@ -853,7 +873,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
81221 if (atomic_read(&current->mm->mm_users) > 1) 81214 if (atomic_read(&current->mm->mm_users) > 1)
81222 return -EINVAL; 81215 return -EINVAL;
81223 81216
@@ -82419,7 +82412,7 @@ index ceb0c7f..b2b8e94 100644
82419 } else { 82412 } else {
82420 pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", 82413 pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
82421diff --git a/mm/memory.c b/mm/memory.c 82414diff --git a/mm/memory.c b/mm/memory.c
82422index 61a262b..77a94d1 100644 82415index 5e50800..c47ba9a 100644
82423--- a/mm/memory.c 82416--- a/mm/memory.c
82424+++ b/mm/memory.c 82417+++ b/mm/memory.c
82425@@ -429,6 +429,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, 82418@@ -429,6 +429,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
@@ -82456,7 +82449,7 @@ index 61a262b..77a94d1 100644
82456 } 82449 }
82457 82450
82458 /* 82451 /*
82459@@ -1635,12 +1641,6 @@ no_page_table: 82452@@ -1638,12 +1644,6 @@ no_page_table:
82460 return page; 82453 return page;
82461 } 82454 }
82462 82455
@@ -82469,7 +82462,7 @@ index 61a262b..77a94d1 100644
82469 /** 82462 /**
82470 * __get_user_pages() - pin user pages in memory 82463 * __get_user_pages() - pin user pages in memory
82471 * @tsk: task_struct of target task 82464 * @tsk: task_struct of target task
82472@@ -1727,10 +1727,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 82465@@ -1730,10 +1730,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
82473 82466
82474 i = 0; 82467 i = 0;
82475 82468
@@ -82482,7 +82475,7 @@ index 61a262b..77a94d1 100644
82482 if (!vma && in_gate_area(mm, start)) { 82475 if (!vma && in_gate_area(mm, start)) {
82483 unsigned long pg = start & PAGE_MASK; 82476 unsigned long pg = start & PAGE_MASK;
82484 pgd_t *pgd; 82477 pgd_t *pgd;
82485@@ -1779,7 +1779,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 82478@@ -1782,7 +1782,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
82486 goto next_page; 82479 goto next_page;
82487 } 82480 }
82488 82481
@@ -82491,7 +82484,7 @@ index 61a262b..77a94d1 100644
82491 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || 82484 (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
82492 !(vm_flags & vma->vm_flags)) 82485 !(vm_flags & vma->vm_flags))
82493 return i ? : -EFAULT; 82486 return i ? : -EFAULT;
82494@@ -1808,11 +1808,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, 82487@@ -1811,11 +1811,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
82495 int ret; 82488 int ret;
82496 unsigned int fault_flags = 0; 82489 unsigned int fault_flags = 0;
82497 82490
@@ -82503,7 +82496,7 @@ index 61a262b..77a94d1 100644
82503 if (foll_flags & FOLL_WRITE) 82496 if (foll_flags & FOLL_WRITE)
82504 fault_flags |= FAULT_FLAG_WRITE; 82497 fault_flags |= FAULT_FLAG_WRITE;
82505 if (nonblocking) 82498 if (nonblocking)
82506@@ -1892,7 +1887,7 @@ next_page: 82499@@ -1895,7 +1890,7 @@ next_page:
82507 start += page_increm * PAGE_SIZE; 82500 start += page_increm * PAGE_SIZE;
82508 nr_pages -= page_increm; 82501 nr_pages -= page_increm;
82509 } while (nr_pages && start < vma->vm_end); 82502 } while (nr_pages && start < vma->vm_end);
@@ -82512,7 +82505,7 @@ index 61a262b..77a94d1 100644
82512 return i; 82505 return i;
82513 } 82506 }
82514 EXPORT_SYMBOL(__get_user_pages); 82507 EXPORT_SYMBOL(__get_user_pages);
82515@@ -2099,6 +2094,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, 82508@@ -2102,6 +2097,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
82516 page_add_file_rmap(page); 82509 page_add_file_rmap(page);
82517 set_pte_at(mm, addr, pte, mk_pte(page, prot)); 82510 set_pte_at(mm, addr, pte, mk_pte(page, prot));
82518 82511
@@ -82523,7 +82516,7 @@ index 61a262b..77a94d1 100644
82523 retval = 0; 82516 retval = 0;
82524 pte_unmap_unlock(pte, ptl); 82517 pte_unmap_unlock(pte, ptl);
82525 return retval; 82518 return retval;
82526@@ -2143,9 +2142,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, 82519@@ -2146,9 +2145,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
82527 if (!page_count(page)) 82520 if (!page_count(page))
82528 return -EINVAL; 82521 return -EINVAL;
82529 if (!(vma->vm_flags & VM_MIXEDMAP)) { 82522 if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -82545,7 +82538,7 @@ index 61a262b..77a94d1 100644
82545 } 82538 }
82546 return insert_page(vma, addr, page, vma->vm_page_prot); 82539 return insert_page(vma, addr, page, vma->vm_page_prot);
82547 } 82540 }
82548@@ -2228,6 +2239,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, 82541@@ -2231,6 +2242,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
82549 unsigned long pfn) 82542 unsigned long pfn)
82550 { 82543 {
82551 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); 82544 BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -82553,7 +82546,7 @@ index 61a262b..77a94d1 100644
82553 82546
82554 if (addr < vma->vm_start || addr >= vma->vm_end) 82547 if (addr < vma->vm_start || addr >= vma->vm_end)
82555 return -EFAULT; 82548 return -EFAULT;
82556@@ -2475,7 +2487,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, 82549@@ -2478,7 +2490,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
82557 82550
82558 BUG_ON(pud_huge(*pud)); 82551 BUG_ON(pud_huge(*pud));
82559 82552
@@ -82564,7 +82557,7 @@ index 61a262b..77a94d1 100644
82564 if (!pmd) 82557 if (!pmd)
82565 return -ENOMEM; 82558 return -ENOMEM;
82566 do { 82559 do {
82567@@ -2495,7 +2509,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, 82560@@ -2498,7 +2512,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
82568 unsigned long next; 82561 unsigned long next;
82569 int err; 82562 int err;
82570 82563
@@ -82575,7 +82568,7 @@ index 61a262b..77a94d1 100644
82575 if (!pud) 82568 if (!pud)
82576 return -ENOMEM; 82569 return -ENOMEM;
82577 do { 82570 do {
82578@@ -2583,6 +2599,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo 82571@@ -2586,6 +2602,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
82579 copy_user_highpage(dst, src, va, vma); 82572 copy_user_highpage(dst, src, va, vma);
82580 } 82573 }
82581 82574
@@ -82762,7 +82755,7 @@ index 61a262b..77a94d1 100644
82762 /* 82755 /*
82763 * This routine handles present pages, when users try to write 82756 * This routine handles present pages, when users try to write
82764 * to a shared page. It is done by copying the page to a new address 82757 * to a shared page. It is done by copying the page to a new address
82765@@ -2799,6 +2995,12 @@ gotten: 82758@@ -2802,6 +2998,12 @@ gotten:
82766 */ 82759 */
82767 page_table = pte_offset_map_lock(mm, pmd, address, &ptl); 82760 page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
82768 if (likely(pte_same(*page_table, orig_pte))) { 82761 if (likely(pte_same(*page_table, orig_pte))) {
@@ -82775,7 +82768,7 @@ index 61a262b..77a94d1 100644
82775 if (old_page) { 82768 if (old_page) {
82776 if (!PageAnon(old_page)) { 82769 if (!PageAnon(old_page)) {
82777 dec_mm_counter_fast(mm, MM_FILEPAGES); 82770 dec_mm_counter_fast(mm, MM_FILEPAGES);
82778@@ -2850,6 +3052,10 @@ gotten: 82771@@ -2853,6 +3055,10 @@ gotten:
82779 page_remove_rmap(old_page); 82772 page_remove_rmap(old_page);
82780 } 82773 }
82781 82774
@@ -82786,7 +82779,7 @@ index 61a262b..77a94d1 100644
82786 /* Free the old page.. */ 82779 /* Free the old page.. */
82787 new_page = old_page; 82780 new_page = old_page;
82788 ret |= VM_FAULT_WRITE; 82781 ret |= VM_FAULT_WRITE;
82789@@ -3125,6 +3331,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, 82782@@ -3128,6 +3334,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
82790 swap_free(entry); 82783 swap_free(entry);
82791 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) 82784 if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
82792 try_to_free_swap(page); 82785 try_to_free_swap(page);
@@ -82798,7 +82791,7 @@ index 61a262b..77a94d1 100644
82798 unlock_page(page); 82791 unlock_page(page);
82799 if (page != swapcache) { 82792 if (page != swapcache) {
82800 /* 82793 /*
82801@@ -3148,6 +3359,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, 82794@@ -3151,6 +3362,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
82802 82795
82803 /* No need to invalidate - it was non-present before */ 82796 /* No need to invalidate - it was non-present before */
82804 update_mmu_cache(vma, address, page_table); 82797 update_mmu_cache(vma, address, page_table);
@@ -82810,7 +82803,7 @@ index 61a262b..77a94d1 100644
82810 unlock: 82803 unlock:
82811 pte_unmap_unlock(page_table, ptl); 82804 pte_unmap_unlock(page_table, ptl);
82812 out: 82805 out:
82813@@ -3167,40 +3383,6 @@ out_release: 82806@@ -3170,40 +3386,6 @@ out_release:
82814 } 82807 }
82815 82808
82816 /* 82809 /*
@@ -82851,7 +82844,7 @@ index 61a262b..77a94d1 100644
82851 * We enter with non-exclusive mmap_sem (to exclude vma changes, 82844 * We enter with non-exclusive mmap_sem (to exclude vma changes,
82852 * but allow concurrent faults), and pte mapped but not yet locked. 82845 * but allow concurrent faults), and pte mapped but not yet locked.
82853 * We return with mmap_sem still held, but pte unmapped and unlocked. 82846 * We return with mmap_sem still held, but pte unmapped and unlocked.
82854@@ -3209,27 +3391,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, 82847@@ -3212,27 +3394,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
82855 unsigned long address, pte_t *page_table, pmd_t *pmd, 82848 unsigned long address, pte_t *page_table, pmd_t *pmd,
82856 unsigned int flags) 82849 unsigned int flags)
82857 { 82850 {
@@ -82884,7 +82877,7 @@ index 61a262b..77a94d1 100644
82884 if (unlikely(anon_vma_prepare(vma))) 82877 if (unlikely(anon_vma_prepare(vma)))
82885 goto oom; 82878 goto oom;
82886 page = alloc_zeroed_user_highpage_movable(vma, address); 82879 page = alloc_zeroed_user_highpage_movable(vma, address);
82887@@ -3253,6 +3431,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, 82880@@ -3256,6 +3434,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
82888 if (!pte_none(*page_table)) 82881 if (!pte_none(*page_table))
82889 goto release; 82882 goto release;
82890 82883
@@ -82896,7 +82889,7 @@ index 61a262b..77a94d1 100644
82896 inc_mm_counter_fast(mm, MM_ANONPAGES); 82889 inc_mm_counter_fast(mm, MM_ANONPAGES);
82897 page_add_new_anon_rmap(page, vma, address); 82890 page_add_new_anon_rmap(page, vma, address);
82898 setpte: 82891 setpte:
82899@@ -3260,6 +3443,12 @@ setpte: 82892@@ -3263,6 +3446,12 @@ setpte:
82900 82893
82901 /* No need to invalidate - it was non-present before */ 82894 /* No need to invalidate - it was non-present before */
82902 update_mmu_cache(vma, address, page_table); 82895 update_mmu_cache(vma, address, page_table);
@@ -82909,7 +82902,7 @@ index 61a262b..77a94d1 100644
82909 unlock: 82902 unlock:
82910 pte_unmap_unlock(page_table, ptl); 82903 pte_unmap_unlock(page_table, ptl);
82911 return 0; 82904 return 0;
82912@@ -3403,6 +3592,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, 82905@@ -3406,6 +3595,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
82913 */ 82906 */
82914 /* Only go through if we didn't race with anybody else... */ 82907 /* Only go through if we didn't race with anybody else... */
82915 if (likely(pte_same(*page_table, orig_pte))) { 82908 if (likely(pte_same(*page_table, orig_pte))) {
@@ -82922,7 +82915,7 @@ index 61a262b..77a94d1 100644
82922 flush_icache_page(vma, page); 82915 flush_icache_page(vma, page);
82923 entry = mk_pte(page, vma->vm_page_prot); 82916 entry = mk_pte(page, vma->vm_page_prot);
82924 if (flags & FAULT_FLAG_WRITE) 82917 if (flags & FAULT_FLAG_WRITE)
82925@@ -3422,6 +3617,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, 82918@@ -3425,6 +3620,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
82926 82919
82927 /* no need to invalidate: a not-present page won't be cached */ 82920 /* no need to invalidate: a not-present page won't be cached */
82928 update_mmu_cache(vma, address, page_table); 82921 update_mmu_cache(vma, address, page_table);
@@ -82937,7 +82930,7 @@ index 61a262b..77a94d1 100644
82937 } else { 82930 } else {
82938 if (cow_page) 82931 if (cow_page)
82939 mem_cgroup_uncharge_page(cow_page); 82932 mem_cgroup_uncharge_page(cow_page);
82940@@ -3743,6 +3946,12 @@ int handle_pte_fault(struct mm_struct *mm, 82933@@ -3746,6 +3949,12 @@ int handle_pte_fault(struct mm_struct *mm,
82941 if (flags & FAULT_FLAG_WRITE) 82934 if (flags & FAULT_FLAG_WRITE)
82942 flush_tlb_fix_spurious_fault(vma, address); 82935 flush_tlb_fix_spurious_fault(vma, address);
82943 } 82936 }
@@ -82950,7 +82943,7 @@ index 61a262b..77a94d1 100644
82950 unlock: 82943 unlock:
82951 pte_unmap_unlock(pte, ptl); 82944 pte_unmap_unlock(pte, ptl);
82952 return 0; 82945 return 0;
82953@@ -3759,6 +3968,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, 82946@@ -3762,6 +3971,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
82954 pmd_t *pmd; 82947 pmd_t *pmd;
82955 pte_t *pte; 82948 pte_t *pte;
82956 82949
@@ -82961,7 +82954,7 @@ index 61a262b..77a94d1 100644
82961 __set_current_state(TASK_RUNNING); 82954 __set_current_state(TASK_RUNNING);
82962 82955
82963 count_vm_event(PGFAULT); 82956 count_vm_event(PGFAULT);
82964@@ -3770,6 +3983,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, 82957@@ -3773,6 +3986,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
82965 if (unlikely(is_vm_hugetlb_page(vma))) 82958 if (unlikely(is_vm_hugetlb_page(vma)))
82966 return hugetlb_fault(mm, vma, address, flags); 82959 return hugetlb_fault(mm, vma, address, flags);
82967 82960
@@ -82996,7 +82989,7 @@ index 61a262b..77a94d1 100644
82996 retry: 82989 retry:
82997 pgd = pgd_offset(mm, address); 82990 pgd = pgd_offset(mm, address);
82998 pud = pud_alloc(mm, pgd, address); 82991 pud = pud_alloc(mm, pgd, address);
82999@@ -3868,6 +4109,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) 82992@@ -3871,6 +4112,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
83000 spin_unlock(&mm->page_table_lock); 82993 spin_unlock(&mm->page_table_lock);
83001 return 0; 82994 return 0;
83002 } 82995 }
@@ -83020,7 +83013,7 @@ index 61a262b..77a94d1 100644
83020 #endif /* __PAGETABLE_PUD_FOLDED */ 83013 #endif /* __PAGETABLE_PUD_FOLDED */
83021 83014
83022 #ifndef __PAGETABLE_PMD_FOLDED 83015 #ifndef __PAGETABLE_PMD_FOLDED
83023@@ -3898,6 +4156,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) 83016@@ -3901,6 +4159,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
83024 spin_unlock(&mm->page_table_lock); 83017 spin_unlock(&mm->page_table_lock);
83025 return 0; 83018 return 0;
83026 } 83019 }
@@ -83051,7 +83044,7 @@ index 61a262b..77a94d1 100644
83051 #endif /* __PAGETABLE_PMD_FOLDED */ 83044 #endif /* __PAGETABLE_PMD_FOLDED */
83052 83045
83053 #if !defined(__HAVE_ARCH_GATE_AREA) 83046 #if !defined(__HAVE_ARCH_GATE_AREA)
83054@@ -3911,7 +4193,7 @@ static int __init gate_vma_init(void) 83047@@ -3914,7 +4196,7 @@ static int __init gate_vma_init(void)
83055 gate_vma.vm_start = FIXADDR_USER_START; 83048 gate_vma.vm_start = FIXADDR_USER_START;
83056 gate_vma.vm_end = FIXADDR_USER_END; 83049 gate_vma.vm_end = FIXADDR_USER_END;
83057 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; 83050 gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -83060,7 +83053,7 @@ index 61a262b..77a94d1 100644
83060 83053
83061 return 0; 83054 return 0;
83062 } 83055 }
83063@@ -4045,8 +4327,8 @@ out: 83056@@ -4048,8 +4330,8 @@ out:
83064 return ret; 83057 return ret;
83065 } 83058 }
83066 83059
@@ -83071,7 +83064,7 @@ index 61a262b..77a94d1 100644
83071 { 83064 {
83072 resource_size_t phys_addr; 83065 resource_size_t phys_addr;
83073 unsigned long prot = 0; 83066 unsigned long prot = 0;
83074@@ -4071,8 +4353,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, 83067@@ -4074,8 +4356,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
83075 * Access another process' address space as given in mm. If non-NULL, use the 83068 * Access another process' address space as given in mm. If non-NULL, use the
83076 * given task for page fault accounting. 83069 * given task for page fault accounting.
83077 */ 83070 */
@@ -83082,7 +83075,7 @@ index 61a262b..77a94d1 100644
83082 { 83075 {
83083 struct vm_area_struct *vma; 83076 struct vm_area_struct *vma;
83084 void *old_buf = buf; 83077 void *old_buf = buf;
83085@@ -4080,7 +4362,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, 83078@@ -4083,7 +4365,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
83086 down_read(&mm->mmap_sem); 83079 down_read(&mm->mmap_sem);
83087 /* ignore errors, just check how much was successfully transferred */ 83080 /* ignore errors, just check how much was successfully transferred */
83088 while (len) { 83081 while (len) {
@@ -83091,7 +83084,7 @@ index 61a262b..77a94d1 100644
83091 void *maddr; 83084 void *maddr;
83092 struct page *page = NULL; 83085 struct page *page = NULL;
83093 83086
83094@@ -4139,8 +4421,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, 83087@@ -4142,8 +4424,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
83095 * 83088 *
83096 * The caller must hold a reference on @mm. 83089 * The caller must hold a reference on @mm.
83097 */ 83090 */
@@ -83102,7 +83095,7 @@ index 61a262b..77a94d1 100644
83102 { 83095 {
83103 return __access_remote_vm(NULL, mm, addr, buf, len, write); 83096 return __access_remote_vm(NULL, mm, addr, buf, len, write);
83104 } 83097 }
83105@@ -4150,11 +4432,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, 83098@@ -4153,11 +4435,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
83106 * Source/target buffer must be kernel space, 83099 * Source/target buffer must be kernel space,
83107 * Do not walk the page table directly, use get_user_pages 83100 * Do not walk the page table directly, use get_user_pages
83108 */ 83101 */
@@ -83118,7 +83111,7 @@ index 61a262b..77a94d1 100644
83118 mm = get_task_mm(tsk); 83111 mm = get_task_mm(tsk);
83119 if (!mm) 83112 if (!mm)
83120diff --git a/mm/mempolicy.c b/mm/mempolicy.c 83113diff --git a/mm/mempolicy.c b/mm/mempolicy.c
83121index 7431001..0f8344e 100644 83114index 4baf12e..5497066 100644
83122--- a/mm/mempolicy.c 83115--- a/mm/mempolicy.c
83123+++ b/mm/mempolicy.c 83116+++ b/mm/mempolicy.c
83124@@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, 83117@@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -83132,11 +83125,7 @@ index 7431001..0f8344e 100644
83132 vma = find_vma(mm, start); 83125 vma = find_vma(mm, start);
83133 if (!vma || vma->vm_start > start) 83126 if (!vma || vma->vm_start > start)
83134 return -EFAULT; 83127 return -EFAULT;
83135@@ -744,9 +748,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, 83128@@ -751,6 +755,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
83136 if (err)
83137 goto out;
83138 }
83139+
83140 err = vma_replace_policy(vma, new_pol); 83129 err = vma_replace_policy(vma, new_pol);
83141 if (err) 83130 if (err)
83142 goto out; 83131 goto out;
@@ -83153,7 +83142,7 @@ index 7431001..0f8344e 100644
83153 } 83142 }
83154 83143
83155 out: 83144 out:
83156@@ -1202,6 +1217,17 @@ static long do_mbind(unsigned long start, unsigned long len, 83145@@ -1206,6 +1220,17 @@ static long do_mbind(unsigned long start, unsigned long len,
83157 83146
83158 if (end < start) 83147 if (end < start)
83159 return -EINVAL; 83148 return -EINVAL;
@@ -83171,7 +83160,7 @@ index 7431001..0f8344e 100644
83171 if (end == start) 83160 if (end == start)
83172 return 0; 83161 return 0;
83173 83162
83174@@ -1430,8 +1456,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, 83163@@ -1434,8 +1459,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
83175 */ 83164 */
83176 tcred = __task_cred(task); 83165 tcred = __task_cred(task);
83177 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && 83166 if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -83181,7 +83170,7 @@ index 7431001..0f8344e 100644
83181 rcu_read_unlock(); 83170 rcu_read_unlock();
83182 err = -EPERM; 83171 err = -EPERM;
83183 goto out_put; 83172 goto out_put;
83184@@ -1462,6 +1487,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, 83173@@ -1466,6 +1490,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
83185 goto out; 83174 goto out;
83186 } 83175 }
83187 83176
@@ -83283,7 +83272,7 @@ index 79b7cf7..9944291 100644
83283 capable(CAP_IPC_LOCK)) 83272 capable(CAP_IPC_LOCK))
83284 ret = do_mlockall(flags); 83273 ret = do_mlockall(flags);
83285diff --git a/mm/mmap.c b/mm/mmap.c 83274diff --git a/mm/mmap.c b/mm/mmap.c
83286index f681e18..623110e 100644 83275index 7dbe397..e84c411 100644
83287--- a/mm/mmap.c 83276--- a/mm/mmap.c
83288+++ b/mm/mmap.c 83277+++ b/mm/mmap.c
83289@@ -36,6 +36,7 @@ 83278@@ -36,6 +36,7 @@
@@ -83532,7 +83521,7 @@ index f681e18..623110e 100644
83532+ if (mm->pax_flags & MF_PAX_MPROTECT) { 83521+ if (mm->pax_flags & MF_PAX_MPROTECT) {
83533+ 83522+
83534+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG 83523+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
83535+ if (file && (vm_flags & VM_EXEC) && mm->binfmt && 83524+ if (file && !pgoff && (vm_flags & VM_EXEC) && mm->binfmt &&
83536+ mm->binfmt->handle_mmap) 83525+ mm->binfmt->handle_mmap)
83537+ mm->binfmt->handle_mmap(file); 83526+ mm->binfmt->handle_mmap(file);
83538+#endif 83527+#endif
@@ -88145,10 +88134,28 @@ index 2e7f194..0fa4d6d 100644
88145 88134
88146 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); 88135 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
88147diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c 88136diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
88148index dfc39d4..0b82c4d 100644 88137index dfc39d4..0d4fa52 100644
88149--- a/net/ipv4/devinet.c 88138--- a/net/ipv4/devinet.c
88150+++ b/net/ipv4/devinet.c 88139+++ b/net/ipv4/devinet.c
88151@@ -1529,7 +1529,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb) 88140@@ -771,7 +771,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
88141 ci = nla_data(tb[IFA_CACHEINFO]);
88142 if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
88143 err = -EINVAL;
88144- goto errout;
88145+ goto errout_free;
88146 }
88147 *pvalid_lft = ci->ifa_valid;
88148 *pprefered_lft = ci->ifa_prefered;
88149@@ -779,6 +779,8 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
88150
88151 return ifa;
88152
88153+errout_free:
88154+ inet_free_ifa(ifa);
88155 errout:
88156 return ERR_PTR(err);
88157 }
88158@@ -1529,7 +1531,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
88152 idx = 0; 88159 idx = 0;
88153 head = &net->dev_index_head[h]; 88160 head = &net->dev_index_head[h];
88154 rcu_read_lock(); 88161 rcu_read_lock();
@@ -88157,7 +88164,7 @@ index dfc39d4..0b82c4d 100644
88157 net->dev_base_seq; 88164 net->dev_base_seq;
88158 hlist_for_each_entry_rcu(dev, head, index_hlist) { 88165 hlist_for_each_entry_rcu(dev, head, index_hlist) {
88159 if (idx < s_idx) 88166 if (idx < s_idx)
88160@@ -1840,7 +1840,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb, 88167@@ -1840,7 +1842,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
88161 idx = 0; 88168 idx = 0;
88162 head = &net->dev_index_head[h]; 88169 head = &net->dev_index_head[h];
88163 rcu_read_lock(); 88170 rcu_read_lock();
@@ -88166,7 +88173,7 @@ index dfc39d4..0b82c4d 100644
88166 net->dev_base_seq; 88173 net->dev_base_seq;
88167 hlist_for_each_entry_rcu(dev, head, index_hlist) { 88174 hlist_for_each_entry_rcu(dev, head, index_hlist) {
88168 if (idx < s_idx) 88175 if (idx < s_idx)
88169@@ -2065,7 +2065,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, 88176@@ -2065,7 +2067,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
88170 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ 88177 #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
88171 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) 88178 DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
88172 88179
@@ -88175,7 +88182,7 @@ index dfc39d4..0b82c4d 100644
88175 struct ctl_table_header *sysctl_header; 88182 struct ctl_table_header *sysctl_header;
88176 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; 88183 struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
88177 } devinet_sysctl = { 88184 } devinet_sysctl = {
88178@@ -2183,7 +2183,7 @@ static __net_init int devinet_init_net(struct net *net) 88185@@ -2183,7 +2185,7 @@ static __net_init int devinet_init_net(struct net *net)
88179 int err; 88186 int err;
88180 struct ipv4_devconf *all, *dflt; 88187 struct ipv4_devconf *all, *dflt;
88181 #ifdef CONFIG_SYSCTL 88188 #ifdef CONFIG_SYSCTL
@@ -88184,7 +88191,7 @@ index dfc39d4..0b82c4d 100644
88184 struct ctl_table_header *forw_hdr; 88191 struct ctl_table_header *forw_hdr;
88185 #endif 88192 #endif
88186 88193
88187@@ -2201,7 +2201,7 @@ static __net_init int devinet_init_net(struct net *net) 88194@@ -2201,7 +2203,7 @@ static __net_init int devinet_init_net(struct net *net)
88188 goto err_alloc_dflt; 88195 goto err_alloc_dflt;
88189 88196
88190 #ifdef CONFIG_SYSCTL 88197 #ifdef CONFIG_SYSCTL
@@ -88193,7 +88200,7 @@ index dfc39d4..0b82c4d 100644
88193 if (tbl == NULL) 88200 if (tbl == NULL)
88194 goto err_alloc_ctl; 88201 goto err_alloc_ctl;
88195 88202
88196@@ -2221,7 +2221,10 @@ static __net_init int devinet_init_net(struct net *net) 88203@@ -2221,7 +2223,10 @@ static __net_init int devinet_init_net(struct net *net)
88197 goto err_reg_dflt; 88204 goto err_reg_dflt;
88198 88205
88199 err = -ENOMEM; 88206 err = -ENOMEM;
@@ -88205,7 +88212,7 @@ index dfc39d4..0b82c4d 100644
88205 if (forw_hdr == NULL) 88212 if (forw_hdr == NULL)
88206 goto err_reg_ctl; 88213 goto err_reg_ctl;
88207 net->ipv4.forw_hdr = forw_hdr; 88214 net->ipv4.forw_hdr = forw_hdr;
88208@@ -2237,8 +2240,7 @@ err_reg_ctl: 88215@@ -2237,8 +2242,7 @@ err_reg_ctl:
88209 err_reg_dflt: 88216 err_reg_dflt:
88210 __devinet_sysctl_unregister(all); 88217 __devinet_sysctl_unregister(all);
88211 err_reg_all: 88218 err_reg_all:
@@ -91289,6 +91296,18 @@ index f226709..0e735a8 100644
91289 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); 91296 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
91290 91297
91291 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); 91298 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
91299diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c
91300index ca8e0a5..1f9c314 100644
91301--- a/net/sched/sch_atm.c
91302+++ b/net/sched/sch_atm.c
91303@@ -605,6 +605,7 @@ static int atm_tc_dump_class(struct Qdisc *sch, unsigned long cl,
91304 struct sockaddr_atmpvc pvc;
91305 int state;
91306
91307+ memset(&pvc, 0, sizeof(pvc));
91308 pvc.sap_family = AF_ATMPVC;
91309 pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1;
91310 pvc.sap_addr.vpi = flow->vcc->vpi;
91292diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c 91311diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
91293index 391a245..296b3d7 100644 91312index 391a245..296b3d7 100644
91294--- a/net/sctp/ipv6.c 91313--- a/net/sctp/ipv6.c
@@ -91906,58 +91925,6 @@ index 8343737..677025e 100644
91906 .mode = 0644, 91925 .mode = 0644,
91907 .proc_handler = read_reset_stat, 91926 .proc_handler = read_reset_stat,
91908 }, 91927 },
91909diff --git a/net/sunrpc/xprtrdma/svc_rdma_marshal.c b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
91910index 8d2eddd..65b1462 100644
91911--- a/net/sunrpc/xprtrdma/svc_rdma_marshal.c
91912+++ b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
91913@@ -98,6 +98,7 @@ void svc_rdma_rcl_chunk_counts(struct rpcrdma_read_chunk *ch,
91914 */
91915 static u32 *decode_write_list(u32 *va, u32 *vaend)
91916 {
91917+ unsigned long start, end;
91918 int nchunks;
91919
91920 struct rpcrdma_write_array *ary =
91921@@ -113,9 +114,12 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
91922 return NULL;
91923 }
91924 nchunks = ntohl(ary->wc_nchunks);
91925- if (((unsigned long)&ary->wc_array[0] +
91926- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
91927- (unsigned long)vaend) {
91928+
91929+ start = (unsigned long)&ary->wc_array[0];
91930+ end = (unsigned long)vaend;
91931+ if (nchunks < 0 ||
91932+ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
91933+ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
91934 dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
91935 ary, nchunks, vaend);
91936 return NULL;
91937@@ -129,6 +133,7 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
91938
91939 static u32 *decode_reply_array(u32 *va, u32 *vaend)
91940 {
91941+ unsigned long start, end;
91942 int nchunks;
91943 struct rpcrdma_write_array *ary =
91944 (struct rpcrdma_write_array *)va;
91945@@ -143,9 +148,12 @@ static u32 *decode_reply_array(u32 *va, u32 *vaend)
91946 return NULL;
91947 }
91948 nchunks = ntohl(ary->wc_nchunks);
91949- if (((unsigned long)&ary->wc_array[0] +
91950- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
91951- (unsigned long)vaend) {
91952+
91953+ start = (unsigned long)&ary->wc_array[0];
91954+ end = (unsigned long)vaend;
91955+ if (nchunks < 0 ||
91956+ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
91957+ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
91958 dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
91959 ary, nchunks, vaend);
91960 return NULL;
91961diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c 91928diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
91962index 0ce7552..d074459 100644 91929index 0ce7552..d074459 100644
91963--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c 91930--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -92894,7 +92861,7 @@ index f5eb43d..1814de8 100644
92894 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); 92861 shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
92895 shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); 92862 shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
92896diff --git a/security/Kconfig b/security/Kconfig 92863diff --git a/security/Kconfig b/security/Kconfig
92897index e9c6ac7..0d298ea 100644 92864index e9c6ac7..a4d558d 100644
92898--- a/security/Kconfig 92865--- a/security/Kconfig
92899+++ b/security/Kconfig 92866+++ b/security/Kconfig
92900@@ -4,6 +4,956 @@ 92867@@ -4,6 +4,956 @@
@@ -93577,7 +93544,7 @@ index e9c6ac7..0d298ea 100644
93577+ 93544+
93578+config PAX_RANDKSTACK 93545+config PAX_RANDKSTACK
93579+ bool "Randomize kernel stack base" 93546+ bool "Randomize kernel stack base"
93580+ default y if GRKERNSEC_CONFIG_AUTO 93547+ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX)
93581+ depends on X86_TSC && X86 93548+ depends on X86_TSC && X86
93582+ help 93549+ help
93583+ By saying Y here the kernel will randomize every task's kernel 93550+ By saying Y here the kernel will randomize every task's kernel
© 2015 Mike Crute