diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-08-18 09:41:29 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-09-03 06:21:26 +0000 |
commit | fee8451964a1c84a82a05ac0192b2301bb28fd37 (patch) | |
tree | ce1b9894497e645ba610bc19510e775a309fd805 | |
parent | f862fcee7f2eb3a39f40ea4d76c1d6b28f2e5298 (diff) | |
download | alpine_aports-fee8451964a1c84a82a05ac0192b2301bb28fd37.tar.bz2 alpine_aports-fee8451964a1c84a82a05ac0192b2301bb28fd37.tar.xz alpine_aports-fee8451964a1c84a82a05ac0192b2301bb28fd37.zip |
main/linux-grsec: upgrade to grsecurity-2.9.1-3.10.10-201309011630
-rw-r--r-- | main/linux-grsec/APKBUILD | 32 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.10.10-201309011630.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch) | 7832 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 7 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 7 | ||||
-rw-r--r-- | main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch | 45 |
5 files changed, 6951 insertions, 972 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 68ee9f23f5..b12155b577 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD | |||
@@ -2,7 +2,7 @@ | |||
2 | 2 | ||
3 | _flavor=grsec | 3 | _flavor=grsec |
4 | pkgname=linux-${_flavor} | 4 | pkgname=linux-${_flavor} |
5 | pkgver=3.10.5 | 5 | pkgver=3.10.10 |
6 | case $pkgver in | 6 | case $pkgver in |
7 | *.*.*) _kernver=${pkgver%.*};; | 7 | *.*.*) _kernver=${pkgver%.*};; |
8 | *.*) _kernver=${pkgver};; | 8 | *.*) _kernver=${pkgver};; |
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}} | |||
17 | install= | 17 | install= |
18 | source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz | 18 | source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz |
19 | http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz | 19 | http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz |
20 | grsecurity-2.9.1-3.10.5-201308052154.patch | 20 | grsecurity-2.9.1-3.10.10-201309011630.patch |
21 | 21 | ||
22 | 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 22 | 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
23 | 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 23 | 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
@@ -25,7 +25,6 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz | |||
25 | 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 25 | 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
26 | 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 26 | 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
27 | 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 27 | 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
28 | net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch | ||
29 | 28 | ||
30 | kernelconfig.x86 | 29 | kernelconfig.x86 |
31 | kernelconfig.x86_64 | 30 | kernelconfig.x86_64 |
@@ -150,38 +149,35 @@ dev() { | |||
150 | } | 149 | } |
151 | 150 | ||
152 | md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz | 151 | md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz |
153 | 6366a8d4b0429ab6836c296ba298fb0e patch-3.10.5.xz | 152 | d010ef17d3e577fd1bdcb6887f2b9836 patch-3.10.10.xz |
154 | e214ec80b95e11df16f1b8d6a9e617fc grsecurity-2.9.1-3.10.5-201308052154.patch | 153 | 93e8f4484f44dd0251ff5bb90bfa6505 grsecurity-2.9.1-3.10.10-201309011630.patch |
155 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 154 | a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
156 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 155 | 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
157 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 156 | aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
158 | 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 157 | 2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
159 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 158 | 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
160 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 159 | 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
161 | f0742f10b5e16078f9ea052a0b2665ad net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch | 160 | 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 |
162 | 1a111abaeb381bf47d9e979a85fba2ee kernelconfig.x86 | 161 | 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" |
163 | 1312267644d0c729bd7c7af979b29c8d kernelconfig.x86_64" | ||
164 | sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz | 162 | sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz |
165 | c96b69a10ef5ade798dcaa1867df156ccc9e173225d5aa427d00c6e89246e035 patch-3.10.5.xz | 163 | 22cb9a7721bacd40d83c2d630f672e09495ce9d29f896e874ea8669bb577e193 patch-3.10.10.xz |
166 | 0fce4515e69d73d580134e8e9ac19b80e0e603315ae259b1954a62f3f444883a grsecurity-2.9.1-3.10.5-201308052154.patch | 164 | ced13b573f77e5c17449a54fdc6252d3516a8ce2e44579cb4853a134ba2e89fb grsecurity-2.9.1-3.10.10-201309011630.patch |
167 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 165 | 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
168 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 166 | dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
169 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 167 | 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
170 | 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 168 | 260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
171 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 169 | ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
172 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 170 | fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
173 | df20f03dcc0f129f8bff6dbeefe0c0b9b8edad4906af20f6cf2d83f2dc36a40f net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch | 171 | 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 |
174 | 1ef74cf3703dd26201970a2d9f043fed7e03ad2540a20f810cec8add93f81ccd kernelconfig.x86 | 172 | f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" |
175 | 1c4b4a74d982fdc8d3baddcdaa674ae4b4a3390daba024fca55e85604af74507 kernelconfig.x86_64" | ||
176 | sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz | 173 | sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz |
177 | 583c1301ae362a2eee26253b477d78d472d7db1ff736491dcaf67a76a8badcfe103c0cfdde8cd2a0c2becb2017a11d522f417a4754f8838ed88d6f4a42dab738 patch-3.10.5.xz | 174 | 3e87e48d009f05bbaafad55b1f601dc84e6f095b14ec1ad3fe68b37d6722bf47f2482639a7e21b00e8a13f141f3f0e78bdb79e049661eef2aea1c9b93579734b patch-3.10.10.xz |
178 | e56d207163b8c17bd63564ebbe916458ebcc892016216f98f395f3e208229d6533c2cfbe1463400526cde9eed3beb153725ac98ee6dfe27b46ef28679de0a24f grsecurity-2.9.1-3.10.5-201308052154.patch | 175 | 6ab1b72480b91d1a8916769191051fd76a19231ad253d81aa1ed866cbb06512eb7fbee53a0d9fb0b584c0de663f1156958ca4e1194e1446ffa860c129b00ff8b grsecurity-2.9.1-3.10.10-201309011630.patch |
179 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch | 176 | 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch |
180 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch | 177 | 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch |
181 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch | 178 | 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch |
182 | d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch | 179 | d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch |
183 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch | 180 | 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch |
184 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch | 181 | 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch |
185 | 0ca9b0e140a9bdfa3c4e4958de4a6c53fff3d0d11b15cd9868baf49dfde1320e591f89c357b5a690cadb9e6ed48a1a506fea6a37b0b873f8a69f6899ba7967a8 net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch | 182 | 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 |
186 | 5d2057cb27362175d85cbe1b79586a3daaa16c1b36baa0bf433b594a85284a02460b28e90ee9dc3f5a8c973a7e8316e0be83099a40a039913e6f1c7036570196 kernelconfig.x86 | 183 | d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" |
187 | 89b5fe8a4930ef19deb00e18bb8a4ae4c87105bcf29b7e15c677f7e6a4d2618bb5c378da485aed573b5a2342e0cdff4d0ceae60f2b89cde603988de9f3c36929 kernelconfig.x86_64" | ||
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.10-201309011630.patch index f2633c140b..54e508953f 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.10.5-201308052154.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.10.10-201309011630.patch | |||
@@ -229,7 +229,7 @@ index b89a739..79768fb 100644 | |||
229 | +zconf.lex.c | 229 | +zconf.lex.c |
230 | zoffset.h | 230 | zoffset.h |
231 | diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt | 231 | diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt |
232 | index 2fe6e76..df58221 100644 | 232 | index 2fe6e76..889ee23 100644 |
233 | --- a/Documentation/kernel-parameters.txt | 233 | --- a/Documentation/kernel-parameters.txt |
234 | +++ b/Documentation/kernel-parameters.txt | 234 | +++ b/Documentation/kernel-parameters.txt |
235 | @@ -976,6 +976,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. | 235 | @@ -976,6 +976,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
@@ -243,7 +243,18 @@ index 2fe6e76..df58221 100644 | |||
243 | hashdist= [KNL,NUMA] Large hashes allocated during boot | 243 | hashdist= [KNL,NUMA] Large hashes allocated during boot |
244 | are distributed across NUMA nodes. Defaults on | 244 | are distributed across NUMA nodes. Defaults on |
245 | for 64-bit NUMA, off otherwise. | 245 | for 64-bit NUMA, off otherwise. |
246 | @@ -2195,6 +2199,22 @@ bytes respectively. Such letter suffixes can also be entirely omitted. | 246 | @@ -1928,6 +1932,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. |
247 | noexec=on: enable non-executable mappings (default) | ||
248 | noexec=off: disable non-executable mappings | ||
249 | |||
250 | + nopcid [X86-64] | ||
251 | + Disable PCID (Process-Context IDentifier) even if it | ||
252 | + is supported by the processor. | ||
253 | + | ||
254 | nosmap [X86] | ||
255 | Disable SMAP (Supervisor Mode Access Prevention) | ||
256 | even if it is supported by processor. | ||
257 | @@ -2195,6 +2203,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted. | ||
247 | the specified number of seconds. This is to be used if | 258 | the specified number of seconds. This is to be used if |
248 | your oopses keep scrolling off the screen. | 259 | your oopses keep scrolling off the screen. |
249 | 260 | ||
@@ -263,11 +274,14 @@ index 2fe6e76..df58221 100644 | |||
263 | + from the first 4GB of memory as the bootmem allocator | 274 | + from the first 4GB of memory as the bootmem allocator |
264 | + passes the memory pages to the buddy allocator. | 275 | + passes the memory pages to the buddy allocator. |
265 | + | 276 | + |
277 | + pax_weakuderef [X86-64] enables the weaker but faster form of UDEREF | ||
278 | + when the processor supports PCID. | ||
279 | + | ||
266 | pcbit= [HW,ISDN] | 280 | pcbit= [HW,ISDN] |
267 | 281 | ||
268 | pcd. [PARIDE] | 282 | pcd. [PARIDE] |
269 | diff --git a/Makefile b/Makefile | 283 | diff --git a/Makefile b/Makefile |
270 | index f8349d0..563a504 100644 | 284 | index b119684..13ac256 100644 |
271 | --- a/Makefile | 285 | --- a/Makefile |
272 | +++ b/Makefile | 286 | +++ b/Makefile |
273 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ | 287 | @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
@@ -815,7 +829,7 @@ index 0c4132d..88f0d53 100644 | |||
815 | /* Allow reads even for write-only mappings */ | 829 | /* Allow reads even for write-only mappings */ |
816 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) | 830 | if (!(vma->vm_flags & (VM_READ | VM_WRITE))) |
817 | diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig | 831 | diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig |
818 | index 136f263..f471277 100644 | 832 | index 18a9f5e..ca910b7 100644 |
819 | --- a/arch/arm/Kconfig | 833 | --- a/arch/arm/Kconfig |
820 | +++ b/arch/arm/Kconfig | 834 | +++ b/arch/arm/Kconfig |
821 | @@ -1766,7 +1766,7 @@ config ALIGNMENT_TRAP | 835 | @@ -1766,7 +1766,7 @@ config ALIGNMENT_TRAP |
@@ -1628,7 +1642,7 @@ index 6ddbe44..b5e38b1 100644 | |||
1628 | static inline void set_domain(unsigned val) { } | 1642 | static inline void set_domain(unsigned val) { } |
1629 | static inline void modify_domain(unsigned dom, unsigned type) { } | 1643 | static inline void modify_domain(unsigned dom, unsigned type) { } |
1630 | diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h | 1644 | diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h |
1631 | index 38050b1..9d90e8b 100644 | 1645 | index 56211f2..17e8a25 100644 |
1632 | --- a/arch/arm/include/asm/elf.h | 1646 | --- a/arch/arm/include/asm/elf.h |
1633 | +++ b/arch/arm/include/asm/elf.h | 1647 | +++ b/arch/arm/include/asm/elf.h |
1634 | @@ -116,7 +116,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); | 1648 | @@ -116,7 +116,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); |
@@ -1647,7 +1661,7 @@ index 38050b1..9d90e8b 100644 | |||
1647 | 1661 | ||
1648 | /* When the program starts, a1 contains a pointer to a function to be | 1662 | /* When the program starts, a1 contains a pointer to a function to be |
1649 | registered with atexit, as per the SVR4 ABI. A value of 0 means we | 1663 | registered with atexit, as per the SVR4 ABI. A value of 0 means we |
1650 | @@ -126,8 +133,4 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); | 1664 | @@ -126,10 +133,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs); |
1651 | extern void elf_set_personality(const struct elf32_hdr *); | 1665 | extern void elf_set_personality(const struct elf32_hdr *); |
1652 | #define SET_PERSONALITY(ex) elf_set_personality(&(ex)) | 1666 | #define SET_PERSONALITY(ex) elf_set_personality(&(ex)) |
1653 | 1667 | ||
@@ -1655,7 +1669,9 @@ index 38050b1..9d90e8b 100644 | |||
1655 | -extern unsigned long arch_randomize_brk(struct mm_struct *mm); | 1669 | -extern unsigned long arch_randomize_brk(struct mm_struct *mm); |
1656 | -#define arch_randomize_brk arch_randomize_brk | 1670 | -#define arch_randomize_brk arch_randomize_brk |
1657 | - | 1671 | - |
1658 | #endif | 1672 | #ifdef CONFIG_MMU |
1673 | #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 | ||
1674 | struct linux_binprm; | ||
1659 | diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h | 1675 | diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h |
1660 | index de53547..52b9a28 100644 | 1676 | index de53547..52b9a28 100644 |
1661 | --- a/arch/arm/include/asm/fncpy.h | 1677 | --- a/arch/arm/include/asm/fncpy.h |
@@ -1788,7 +1804,7 @@ index 12f71a1..04e063c 100644 | |||
1788 | #ifdef CONFIG_OUTER_CACHE | 1804 | #ifdef CONFIG_OUTER_CACHE |
1789 | 1805 | ||
1790 | diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h | 1806 | diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h |
1791 | index 812a494..71fc0b6 100644 | 1807 | index cbdc7a2..32f44fe 100644 |
1792 | --- a/arch/arm/include/asm/page.h | 1808 | --- a/arch/arm/include/asm/page.h |
1793 | +++ b/arch/arm/include/asm/page.h | 1809 | +++ b/arch/arm/include/asm/page.h |
1794 | @@ -114,7 +114,7 @@ struct cpu_user_fns { | 1810 | @@ -114,7 +114,7 @@ struct cpu_user_fns { |
@@ -1898,17 +1914,19 @@ index 5cfba15..f415e1a 100644 | |||
1898 | #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) | 1914 | #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) |
1899 | #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) | 1915 | #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) |
1900 | diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h | 1916 | diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h |
1901 | index f97ee02..07f1be5 100644 | 1917 | index f97ee02..cc9fe9e 100644 |
1902 | --- a/arch/arm/include/asm/pgtable-2level.h | 1918 | --- a/arch/arm/include/asm/pgtable-2level.h |
1903 | +++ b/arch/arm/include/asm/pgtable-2level.h | 1919 | +++ b/arch/arm/include/asm/pgtable-2level.h |
1904 | @@ -125,6 +125,7 @@ | 1920 | @@ -126,6 +126,9 @@ |
1905 | #define L_PTE_XN (_AT(pteval_t, 1) << 9) | ||
1906 | #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ | 1921 | #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ |
1907 | #define L_PTE_NONE (_AT(pteval_t, 1) << 11) | 1922 | #define L_PTE_NONE (_AT(pteval_t, 1) << 11) |
1908 | +#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/ | ||
1909 | 1923 | ||
1924 | +/* Two-level page tables only have PXN in the PGD, not in the PTE. */ | ||
1925 | +#define L_PTE_PXN (_AT(pteval_t, 0)) | ||
1926 | + | ||
1910 | /* | 1927 | /* |
1911 | * These are the memory types, defined to be compatible with | 1928 | * These are the memory types, defined to be compatible with |
1929 | * pre-ARMv6 CPUs cacheable and bufferable bits: XXCB | ||
1912 | diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h | 1930 | diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h |
1913 | index 18f5cef..25b8f43 100644 | 1931 | index 18f5cef..25b8f43 100644 |
1914 | --- a/arch/arm/include/asm/pgtable-3level-hwdef.h | 1932 | --- a/arch/arm/include/asm/pgtable-3level-hwdef.h |
@@ -1950,7 +1968,7 @@ index 86b8fe3..e25f975 100644 | |||
1950 | #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) | 1968 | #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) |
1951 | 1969 | ||
1952 | diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h | 1970 | diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h |
1953 | index 9bcd262..fba731c 100644 | 1971 | index 9bcd262..1ff999b 100644 |
1954 | --- a/arch/arm/include/asm/pgtable.h | 1972 | --- a/arch/arm/include/asm/pgtable.h |
1955 | +++ b/arch/arm/include/asm/pgtable.h | 1973 | +++ b/arch/arm/include/asm/pgtable.h |
1956 | @@ -30,6 +30,9 @@ | 1974 | @@ -30,6 +30,9 @@ |
@@ -1973,20 +1991,18 @@ index 9bcd262..fba731c 100644 | |||
1973 | extern void __pte_error(const char *file, int line, pte_t); | 1991 | extern void __pte_error(const char *file, int line, pte_t); |
1974 | extern void __pmd_error(const char *file, int line, pmd_t); | 1992 | extern void __pmd_error(const char *file, int line, pmd_t); |
1975 | extern void __pgd_error(const char *file, int line, pgd_t); | 1993 | extern void __pgd_error(const char *file, int line, pgd_t); |
1976 | @@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t); | 1994 | @@ -53,6 +59,48 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
1977 | #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) | 1995 | #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) |
1978 | #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) | 1996 | #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) |
1979 | 1997 | ||
1980 | +#define __HAVE_ARCH_PAX_OPEN_KERNEL | 1998 | +#define __HAVE_ARCH_PAX_OPEN_KERNEL |
1981 | +#define __HAVE_ARCH_PAX_CLOSE_KERNEL | 1999 | +#define __HAVE_ARCH_PAX_CLOSE_KERNEL |
1982 | + | 2000 | + |
1983 | +#ifdef CONFIG_PAX_KERNEXEC | 2001 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
1984 | +#include <asm/domain.h> | 2002 | +#include <asm/domain.h> |
1985 | +#include <linux/thread_info.h> | 2003 | +#include <linux/thread_info.h> |
1986 | +#include <linux/preempt.h> | 2004 | +#include <linux/preempt.h> |
1987 | +#endif | ||
1988 | + | 2005 | + |
1989 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) | ||
1990 | +static inline int test_domain(int domain, int domaintype) | 2006 | +static inline int test_domain(int domain, int domaintype) |
1991 | +{ | 2007 | +{ |
1992 | + return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); | 2008 | + return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); |
@@ -2024,7 +2040,7 @@ index 9bcd262..fba731c 100644 | |||
2024 | /* | 2040 | /* |
2025 | * This is the lowest virtual address we can permit any user space | 2041 | * This is the lowest virtual address we can permit any user space |
2026 | * mapping to be mapped at. This is particularly important for | 2042 | * mapping to be mapped at. This is particularly important for |
2027 | @@ -72,8 +122,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); | 2043 | @@ -72,8 +120,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); |
2028 | /* | 2044 | /* |
2029 | * The pgprot_* and protection_map entries will be fixed up in runtime | 2045 | * The pgprot_* and protection_map entries will be fixed up in runtime |
2030 | * to include the cachable and bufferable bits based on memory policy, | 2046 | * to include the cachable and bufferable bits based on memory policy, |
@@ -2035,7 +2051,7 @@ index 9bcd262..fba731c 100644 | |||
2035 | */ | 2051 | */ |
2036 | #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG | 2052 | #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG |
2037 | 2053 | ||
2038 | @@ -257,7 +307,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } | 2054 | @@ -257,7 +305,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } |
2039 | static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) | 2055 | static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) |
2040 | { | 2056 | { |
2041 | const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | | 2057 | const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | |
@@ -2057,22 +2073,6 @@ index f3628fb..a0672dd 100644 | |||
2057 | 2073 | ||
2058 | #ifndef MULTI_CPU | 2074 | #ifndef MULTI_CPU |
2059 | extern void cpu_proc_init(void); | 2075 | extern void cpu_proc_init(void); |
2060 | diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h | ||
2061 | index 06e7d50..8a8e251 100644 | ||
2062 | --- a/arch/arm/include/asm/processor.h | ||
2063 | +++ b/arch/arm/include/asm/processor.h | ||
2064 | @@ -65,9 +65,8 @@ struct thread_struct { | ||
2065 | regs->ARM_cpsr |= PSR_ENDSTATE; \ | ||
2066 | regs->ARM_pc = pc & ~1; /* pc */ \ | ||
2067 | regs->ARM_sp = sp; /* sp */ \ | ||
2068 | - regs->ARM_r2 = stack[2]; /* r2 (envp) */ \ | ||
2069 | - regs->ARM_r1 = stack[1]; /* r1 (argv) */ \ | ||
2070 | - regs->ARM_r0 = stack[0]; /* r0 (argc) */ \ | ||
2071 | + /* r2 (envp), r1 (argv), r0 (argc) */ \ | ||
2072 | + (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \ | ||
2073 | nommu_start_thread(regs); \ | ||
2074 | }) | ||
2075 | |||
2076 | diff --git a/arch/arm/include/asm/psci.h b/arch/arm/include/asm/psci.h | 2076 | diff --git a/arch/arm/include/asm/psci.h b/arch/arm/include/asm/psci.h |
2077 | index ce0dbe7..c085b6f 100644 | 2077 | index ce0dbe7..c085b6f 100644 |
2078 | --- a/arch/arm/include/asm/psci.h | 2078 | --- a/arch/arm/include/asm/psci.h |
@@ -2100,7 +2100,7 @@ index d3a22be..3a69ad5 100644 | |||
2100 | /* | 2100 | /* |
2101 | * set platform specific SMP operations | 2101 | * set platform specific SMP operations |
2102 | diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h | 2102 | diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h |
2103 | index 1995d1a..76693a2 100644 | 2103 | index f00b569..aa5bb41 100644 |
2104 | --- a/arch/arm/include/asm/thread_info.h | 2104 | --- a/arch/arm/include/asm/thread_info.h |
2105 | +++ b/arch/arm/include/asm/thread_info.h | 2105 | +++ b/arch/arm/include/asm/thread_info.h |
2106 | @@ -77,9 +77,9 @@ struct thread_info { | 2106 | @@ -77,9 +77,9 @@ struct thread_info { |
@@ -2129,7 +2129,7 @@ index 1995d1a..76693a2 100644 | |||
2129 | #define TIF_USING_IWMMXT 17 | 2129 | #define TIF_USING_IWMMXT 17 |
2130 | #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ | 2130 | #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ |
2131 | #define TIF_RESTORE_SIGMASK 20 | 2131 | #define TIF_RESTORE_SIGMASK 20 |
2132 | @@ -166,10 +170,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, | 2132 | @@ -165,10 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, |
2133 | #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) | 2133 | #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) |
2134 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) | 2134 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) |
2135 | #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) | 2135 | #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) |
@@ -2143,7 +2143,7 @@ index 1995d1a..76693a2 100644 | |||
2143 | /* | 2143 | /* |
2144 | * Change these and you break ASM code in entry-common.S | 2144 | * Change these and you break ASM code in entry-common.S |
2145 | diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h | 2145 | diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h |
2146 | index 7e1f760..d42d7f8 100644 | 2146 | index 7e1f760..de33b13 100644 |
2147 | --- a/arch/arm/include/asm/uaccess.h | 2147 | --- a/arch/arm/include/asm/uaccess.h |
2148 | +++ b/arch/arm/include/asm/uaccess.h | 2148 | +++ b/arch/arm/include/asm/uaccess.h |
2149 | @@ -18,6 +18,7 @@ | 2149 | @@ -18,6 +18,7 @@ |
@@ -2154,7 +2154,7 @@ index 7e1f760..d42d7f8 100644 | |||
2154 | 2154 | ||
2155 | #define VERIFY_READ 0 | 2155 | #define VERIFY_READ 0 |
2156 | #define VERIFY_WRITE 1 | 2156 | #define VERIFY_WRITE 1 |
2157 | @@ -63,11 +64,35 @@ extern int __put_user_bad(void); | 2157 | @@ -63,11 +64,38 @@ extern int __put_user_bad(void); |
2158 | static inline void set_fs(mm_segment_t fs) | 2158 | static inline void set_fs(mm_segment_t fs) |
2159 | { | 2159 | { |
2160 | current_thread_info()->addr_limit = fs; | 2160 | current_thread_info()->addr_limit = fs; |
@@ -2164,6 +2164,9 @@ index 7e1f760..d42d7f8 100644 | |||
2164 | 2164 | ||
2165 | #define segment_eq(a,b) ((a) == (b)) | 2165 | #define segment_eq(a,b) ((a) == (b)) |
2166 | 2166 | ||
2167 | +#define __HAVE_ARCH_PAX_OPEN_USERLAND | ||
2168 | +#define __HAVE_ARCH_PAX_CLOSE_USERLAND | ||
2169 | + | ||
2167 | +static inline void pax_open_userland(void) | 2170 | +static inline void pax_open_userland(void) |
2168 | +{ | 2171 | +{ |
2169 | + | 2172 | + |
@@ -2191,7 +2194,7 @@ index 7e1f760..d42d7f8 100644 | |||
2191 | #define __addr_ok(addr) ({ \ | 2194 | #define __addr_ok(addr) ({ \ |
2192 | unsigned long flag; \ | 2195 | unsigned long flag; \ |
2193 | __asm__("cmp %2, %0; movlo %0, #0" \ | 2196 | __asm__("cmp %2, %0; movlo %0, #0" \ |
2194 | @@ -143,8 +168,12 @@ extern int __get_user_4(void *); | 2197 | @@ -143,8 +171,12 @@ extern int __get_user_4(void *); |
2195 | 2198 | ||
2196 | #define get_user(x,p) \ | 2199 | #define get_user(x,p) \ |
2197 | ({ \ | 2200 | ({ \ |
@@ -2205,7 +2208,7 @@ index 7e1f760..d42d7f8 100644 | |||
2205 | }) | 2208 | }) |
2206 | 2209 | ||
2207 | extern int __put_user_1(void *, unsigned int); | 2210 | extern int __put_user_1(void *, unsigned int); |
2208 | @@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long); | 2211 | @@ -188,8 +220,12 @@ extern int __put_user_8(void *, unsigned long long); |
2209 | 2212 | ||
2210 | #define put_user(x,p) \ | 2213 | #define put_user(x,p) \ |
2211 | ({ \ | 2214 | ({ \ |
@@ -2219,7 +2222,7 @@ index 7e1f760..d42d7f8 100644 | |||
2219 | }) | 2222 | }) |
2220 | 2223 | ||
2221 | #else /* CONFIG_MMU */ | 2224 | #else /* CONFIG_MMU */ |
2222 | @@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs) | 2225 | @@ -230,13 +266,17 @@ static inline void set_fs(mm_segment_t fs) |
2223 | #define __get_user(x,ptr) \ | 2226 | #define __get_user(x,ptr) \ |
2224 | ({ \ | 2227 | ({ \ |
2225 | long __gu_err = 0; \ | 2228 | long __gu_err = 0; \ |
@@ -2237,7 +2240,7 @@ index 7e1f760..d42d7f8 100644 | |||
2237 | (void) 0; \ | 2240 | (void) 0; \ |
2238 | }) | 2241 | }) |
2239 | 2242 | ||
2240 | @@ -312,13 +349,17 @@ do { \ | 2243 | @@ -312,13 +352,17 @@ do { \ |
2241 | #define __put_user(x,ptr) \ | 2244 | #define __put_user(x,ptr) \ |
2242 | ({ \ | 2245 | ({ \ |
2243 | long __pu_err = 0; \ | 2246 | long __pu_err = 0; \ |
@@ -2255,7 +2258,7 @@ index 7e1f760..d42d7f8 100644 | |||
2255 | (void) 0; \ | 2258 | (void) 0; \ |
2256 | }) | 2259 | }) |
2257 | 2260 | ||
2258 | @@ -418,11 +459,44 @@ do { \ | 2261 | @@ -418,11 +462,44 @@ do { \ |
2259 | 2262 | ||
2260 | 2263 | ||
2261 | #ifdef CONFIG_MMU | 2264 | #ifdef CONFIG_MMU |
@@ -2303,7 +2306,7 @@ index 7e1f760..d42d7f8 100644 | |||
2303 | #else | 2306 | #else |
2304 | #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) | 2307 | #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) |
2305 | #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) | 2308 | #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) |
2306 | @@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l | 2309 | @@ -431,6 +508,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l |
2307 | 2310 | ||
2308 | static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) | 2311 | static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) |
2309 | { | 2312 | { |
@@ -2313,7 +2316,7 @@ index 7e1f760..d42d7f8 100644 | |||
2313 | if (access_ok(VERIFY_READ, from, n)) | 2316 | if (access_ok(VERIFY_READ, from, n)) |
2314 | n = __copy_from_user(to, from, n); | 2317 | n = __copy_from_user(to, from, n); |
2315 | else /* security hole - plug it */ | 2318 | else /* security hole - plug it */ |
2316 | @@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u | 2319 | @@ -440,6 +520,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u |
2317 | 2320 | ||
2318 | static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) | 2321 | static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) |
2319 | { | 2322 | { |
@@ -2363,7 +2366,7 @@ index 60d3b73..e5a0f22 100644 | |||
2363 | EXPORT_SYMBOL(__get_user_1); | 2366 | EXPORT_SYMBOL(__get_user_1); |
2364 | EXPORT_SYMBOL(__get_user_2); | 2367 | EXPORT_SYMBOL(__get_user_2); |
2365 | diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S | 2368 | diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S |
2366 | index 582b405..a78366b 100644 | 2369 | index d43c7e5..257c050 100644 |
2367 | --- a/arch/arm/kernel/entry-armv.S | 2370 | --- a/arch/arm/kernel/entry-armv.S |
2368 | +++ b/arch/arm/kernel/entry-armv.S | 2371 | +++ b/arch/arm/kernel/entry-armv.S |
2369 | @@ -47,6 +47,87 @@ | 2372 | @@ -47,6 +47,87 @@ |
@@ -2505,7 +2508,17 @@ index 582b405..a78366b 100644 | |||
2505 | sub sp, sp, #S_FRAME_SIZE | 2508 | sub sp, sp, #S_FRAME_SIZE |
2506 | ARM( stmib sp, {r1 - r12} ) | 2509 | ARM( stmib sp, {r1 - r12} ) |
2507 | THUMB( stmia sp, {r0 - r12} ) | 2510 | THUMB( stmia sp, {r0 - r12} ) |
2508 | @@ -414,7 +511,9 @@ __und_usr: | 2511 | @@ -357,7 +454,8 @@ ENDPROC(__pabt_svc) |
2512 | .endm | ||
2513 | |||
2514 | .macro kuser_cmpxchg_check | ||
2515 | -#if !defined(CONFIG_CPU_32v6K) && !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG) | ||
2516 | +#if !defined(CONFIG_CPU_32v6K) && defined(CONFIG_KUSER_HELPERS) && \ | ||
2517 | + !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG) | ||
2518 | #ifndef CONFIG_MMU | ||
2519 | #warning "NPTL on non MMU needs fixing" | ||
2520 | #else | ||
2521 | @@ -414,7 +512,9 @@ __und_usr: | ||
2509 | tst r3, #PSR_T_BIT @ Thumb mode? | 2522 | tst r3, #PSR_T_BIT @ Thumb mode? |
2510 | bne __und_usr_thumb | 2523 | bne __und_usr_thumb |
2511 | sub r4, r2, #4 @ ARM instr at LR - 4 | 2524 | sub r4, r2, #4 @ ARM instr at LR - 4 |
@@ -2515,7 +2528,7 @@ index 582b405..a78366b 100644 | |||
2515 | #ifdef CONFIG_CPU_ENDIAN_BE8 | 2528 | #ifdef CONFIG_CPU_ENDIAN_BE8 |
2516 | rev r0, r0 @ little endian instruction | 2529 | rev r0, r0 @ little endian instruction |
2517 | #endif | 2530 | #endif |
2518 | @@ -449,10 +548,14 @@ __und_usr_thumb: | 2531 | @@ -449,10 +549,14 @@ __und_usr_thumb: |
2519 | */ | 2532 | */ |
2520 | .arch armv6t2 | 2533 | .arch armv6t2 |
2521 | #endif | 2534 | #endif |
@@ -2530,7 +2543,7 @@ index 582b405..a78366b 100644 | |||
2530 | add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 | 2543 | add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 |
2531 | str r2, [sp, #S_PC] @ it's a 2x16bit instr, update | 2544 | str r2, [sp, #S_PC] @ it's a 2x16bit instr, update |
2532 | orr r0, r0, r5, lsl #16 | 2545 | orr r0, r0, r5, lsl #16 |
2533 | @@ -481,7 +584,8 @@ ENDPROC(__und_usr) | 2546 | @@ -481,7 +585,8 @@ ENDPROC(__und_usr) |
2534 | */ | 2547 | */ |
2535 | .pushsection .fixup, "ax" | 2548 | .pushsection .fixup, "ax" |
2536 | .align 2 | 2549 | .align 2 |
@@ -2540,7 +2553,7 @@ index 582b405..a78366b 100644 | |||
2540 | .popsection | 2553 | .popsection |
2541 | .pushsection __ex_table,"a" | 2554 | .pushsection __ex_table,"a" |
2542 | .long 1b, 4b | 2555 | .long 1b, 4b |
2543 | @@ -690,7 +794,7 @@ ENTRY(__switch_to) | 2556 | @@ -690,7 +795,7 @@ ENTRY(__switch_to) |
2544 | THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack | 2557 | THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack |
2545 | THUMB( str sp, [ip], #4 ) | 2558 | THUMB( str sp, [ip], #4 ) |
2546 | THUMB( str lr, [ip], #4 ) | 2559 | THUMB( str lr, [ip], #4 ) |
@@ -2549,7 +2562,7 @@ index 582b405..a78366b 100644 | |||
2549 | ldr r6, [r2, #TI_CPU_DOMAIN] | 2562 | ldr r6, [r2, #TI_CPU_DOMAIN] |
2550 | #endif | 2563 | #endif |
2551 | set_tls r3, r4, r5 | 2564 | set_tls r3, r4, r5 |
2552 | @@ -699,7 +803,7 @@ ENTRY(__switch_to) | 2565 | @@ -699,7 +804,7 @@ ENTRY(__switch_to) |
2553 | ldr r8, =__stack_chk_guard | 2566 | ldr r8, =__stack_chk_guard |
2554 | ldr r7, [r7, #TSK_STACK_CANARY] | 2567 | ldr r7, [r7, #TSK_STACK_CANARY] |
2555 | #endif | 2568 | #endif |
@@ -2719,19 +2732,32 @@ index 160f337..db67ee4 100644 | |||
2719 | ldrd r0, r1, [sp, #S_LR] @ calling lr and pc | 2732 | ldrd r0, r1, [sp, #S_LR] @ calling lr and pc |
2720 | clrex @ clear the exclusive monitor | 2733 | clrex @ clear the exclusive monitor |
2721 | diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c | 2734 | diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c |
2722 | index 2adda11..7fbe958 100644 | 2735 | index 25442f4..d4948fc 100644 |
2723 | --- a/arch/arm/kernel/fiq.c | 2736 | --- a/arch/arm/kernel/fiq.c |
2724 | +++ b/arch/arm/kernel/fiq.c | 2737 | +++ b/arch/arm/kernel/fiq.c |
2725 | @@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length) | 2738 | @@ -84,17 +84,16 @@ int show_fiq_list(struct seq_file *p, int prec) |
2726 | #if defined(CONFIG_CPU_USE_DOMAINS) | 2739 | |
2727 | memcpy((void *)0xffff001c, start, length); | 2740 | void set_fiq_handler(void *start, unsigned int length) |
2728 | #else | 2741 | { |
2742 | -#if defined(CONFIG_CPU_USE_DOMAINS) | ||
2743 | - void *base = (void *)0xffff0000; | ||
2744 | -#else | ||
2745 | void *base = vectors_page; | ||
2746 | -#endif | ||
2747 | unsigned offset = FIQ_OFFSET; | ||
2748 | |||
2729 | + pax_open_kernel(); | 2749 | + pax_open_kernel(); |
2730 | memcpy(vectors_page + 0x1c, start, length); | 2750 | memcpy(base + offset, start, length); |
2731 | + pax_close_kernel(); | 2751 | + pax_close_kernel(); |
2732 | #endif | 2752 | + |
2733 | flush_icache_range(0xffff001c, 0xffff001c + length); | 2753 | + if (!cache_is_vipt_nonaliasing()) |
2734 | if (!vectors_high()) | 2754 | + flush_icache_range(base + offset, offset + length); |
2755 | flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length); | ||
2756 | - if (!vectors_high()) | ||
2757 | - flush_icache_range(offset, offset + length); | ||
2758 | } | ||
2759 | |||
2760 | int claim_fiq(struct fiq_handler *f) | ||
2735 | diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S | 2761 | diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S |
2736 | index 8bac553..caee108 100644 | 2762 | index 8bac553..caee108 100644 |
2737 | --- a/arch/arm/kernel/head.S | 2763 | --- a/arch/arm/kernel/head.S |
@@ -2833,6 +2859,19 @@ index 07314af..c46655c 100644 | |||
2833 | 2859 | ||
2834 | flush_icache_range((uintptr_t)(addr), | 2860 | flush_icache_range((uintptr_t)(addr), |
2835 | (uintptr_t)(addr) + size); | 2861 | (uintptr_t)(addr) + size); |
2862 | diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c | ||
2863 | index e19edc6..e186ee1 100644 | ||
2864 | --- a/arch/arm/kernel/perf_event.c | ||
2865 | +++ b/arch/arm/kernel/perf_event.c | ||
2866 | @@ -56,7 +56,7 @@ armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config) | ||
2867 | int mapping; | ||
2868 | |||
2869 | if (config >= PERF_COUNT_HW_MAX) | ||
2870 | - return -ENOENT; | ||
2871 | + return -EINVAL; | ||
2872 | |||
2873 | mapping = (*event_map)[config]; | ||
2874 | return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping; | ||
2836 | diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c | 2875 | diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c |
2837 | index 1f2740e..b36e225 100644 | 2876 | index 1f2740e..b36e225 100644 |
2838 | --- a/arch/arm/kernel/perf_event_cpu.c | 2877 | --- a/arch/arm/kernel/perf_event_cpu.c |
@@ -2847,18 +2886,10 @@ index 1f2740e..b36e225 100644 | |||
2847 | }; | 2886 | }; |
2848 | 2887 | ||
2849 | diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c | 2888 | diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c |
2850 | index 6e8931c..82ec6a5 100644 | 2889 | index 5bc2615..dcd439f 100644 |
2851 | --- a/arch/arm/kernel/process.c | 2890 | --- a/arch/arm/kernel/process.c |
2852 | +++ b/arch/arm/kernel/process.c | 2891 | +++ b/arch/arm/kernel/process.c |
2853 | @@ -28,7 +28,6 @@ | 2892 | @@ -223,6 +223,7 @@ void machine_power_off(void) |
2854 | #include <linux/tick.h> | ||
2855 | #include <linux/utsname.h> | ||
2856 | #include <linux/uaccess.h> | ||
2857 | -#include <linux/random.h> | ||
2858 | #include <linux/hw_breakpoint.h> | ||
2859 | #include <linux/cpuidle.h> | ||
2860 | #include <linux/leds.h> | ||
2861 | @@ -223,6 +222,7 @@ void machine_power_off(void) | ||
2862 | 2893 | ||
2863 | if (pm_power_off) | 2894 | if (pm_power_off) |
2864 | pm_power_off(); | 2895 | pm_power_off(); |
@@ -2866,7 +2897,7 @@ index 6e8931c..82ec6a5 100644 | |||
2866 | } | 2897 | } |
2867 | 2898 | ||
2868 | /* | 2899 | /* |
2869 | @@ -236,7 +236,7 @@ void machine_power_off(void) | 2900 | @@ -236,7 +237,7 @@ void machine_power_off(void) |
2870 | * executing pre-reset code, and using RAM that the primary CPU's code wishes | 2901 | * executing pre-reset code, and using RAM that the primary CPU's code wishes |
2871 | * to use. Implementing such co-ordination would be essentially impossible. | 2902 | * to use. Implementing such co-ordination would be essentially impossible. |
2872 | */ | 2903 | */ |
@@ -2875,18 +2906,18 @@ index 6e8931c..82ec6a5 100644 | |||
2875 | { | 2906 | { |
2876 | smp_send_stop(); | 2907 | smp_send_stop(); |
2877 | 2908 | ||
2878 | @@ -258,8 +258,8 @@ void __show_regs(struct pt_regs *regs) | 2909 | @@ -258,8 +259,8 @@ void __show_regs(struct pt_regs *regs) |
2879 | 2910 | ||
2880 | show_regs_print_info(KERN_DEFAULT); | 2911 | show_regs_print_info(KERN_DEFAULT); |
2881 | 2912 | ||
2882 | - print_symbol("PC is at %s\n", instruction_pointer(regs)); | 2913 | - print_symbol("PC is at %s\n", instruction_pointer(regs)); |
2883 | - print_symbol("LR is at %s\n", regs->ARM_lr); | 2914 | - print_symbol("LR is at %s\n", regs->ARM_lr); |
2884 | + printk("PC is at %pA\n", instruction_pointer(regs)); | 2915 | + printk("PC is at %pA\n", (void *)instruction_pointer(regs)); |
2885 | + printk("LR is at %pA\n", regs->ARM_lr); | 2916 | + printk("LR is at %pA\n", (void *)regs->ARM_lr); |
2886 | printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" | 2917 | printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" |
2887 | "sp : %08lx ip : %08lx fp : %08lx\n", | 2918 | "sp : %08lx ip : %08lx fp : %08lx\n", |
2888 | regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, | 2919 | regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, |
2889 | @@ -426,12 +426,6 @@ unsigned long get_wchan(struct task_struct *p) | 2920 | @@ -426,12 +427,6 @@ unsigned long get_wchan(struct task_struct *p) |
2890 | return 0; | 2921 | return 0; |
2891 | } | 2922 | } |
2892 | 2923 | ||
@@ -2897,23 +2928,70 @@ index 6e8931c..82ec6a5 100644 | |||
2897 | -} | 2928 | -} |
2898 | - | 2929 | - |
2899 | #ifdef CONFIG_MMU | 2930 | #ifdef CONFIG_MMU |
2931 | #ifdef CONFIG_KUSER_HELPERS | ||
2900 | /* | 2932 | /* |
2901 | * The vectors page is always readable from user space for the | 2933 | @@ -447,7 +442,7 @@ static struct vm_area_struct gate_vma = { |
2902 | @@ -441,12 +435,12 @@ unsigned long arch_randomize_brk(struct mm_struct *mm) | ||
2903 | static struct vm_area_struct gate_vma = { | ||
2904 | .vm_start = 0xffff0000, | ||
2905 | .vm_end = 0xffff0000 + PAGE_SIZE, | ||
2906 | - .vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC, | ||
2907 | + .vm_flags = VM_NONE, | ||
2908 | }; | ||
2909 | 2934 | ||
2910 | static int __init gate_vma_init(void) | 2935 | static int __init gate_vma_init(void) |
2911 | { | 2936 | { |
2912 | - gate_vma.vm_page_prot = PAGE_READONLY_EXEC; | 2937 | - gate_vma.vm_page_prot = PAGE_READONLY_EXEC; |
2913 | + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); | 2938 | + gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags); |
2914 | return 0; | 2939 | return 0; |
2915 | } | 2940 | } |
2916 | arch_initcall(gate_vma_init); | 2941 | arch_initcall(gate_vma_init); |
2942 | @@ -466,48 +461,23 @@ int in_gate_area_no_mm(unsigned long addr) | ||
2943 | { | ||
2944 | return in_gate_area(NULL, addr); | ||
2945 | } | ||
2946 | -#define is_gate_vma(vma) ((vma) = &gate_vma) | ||
2947 | +#define is_gate_vma(vma) ((vma) == &gate_vma) | ||
2948 | #else | ||
2949 | #define is_gate_vma(vma) 0 | ||
2950 | #endif | ||
2951 | |||
2952 | const char *arch_vma_name(struct vm_area_struct *vma) | ||
2953 | { | ||
2954 | - return is_gate_vma(vma) ? "[vectors]" : | ||
2955 | - (vma->vm_mm && vma->vm_start == vma->vm_mm->context.sigpage) ? | ||
2956 | - "[sigpage]" : NULL; | ||
2957 | + return is_gate_vma(vma) ? "[vectors]" : NULL; | ||
2958 | } | ||
2959 | |||
2960 | -static struct page *signal_page; | ||
2961 | -extern struct page *get_signal_page(void); | ||
2962 | - | ||
2963 | int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp) | ||
2964 | { | ||
2965 | struct mm_struct *mm = current->mm; | ||
2966 | - unsigned long addr; | ||
2967 | - int ret; | ||
2968 | - | ||
2969 | - if (!signal_page) | ||
2970 | - signal_page = get_signal_page(); | ||
2971 | - if (!signal_page) | ||
2972 | - return -ENOMEM; | ||
2973 | |||
2974 | down_write(&mm->mmap_sem); | ||
2975 | - addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0); | ||
2976 | - if (IS_ERR_VALUE(addr)) { | ||
2977 | - ret = addr; | ||
2978 | - goto up_fail; | ||
2979 | - } | ||
2980 | - | ||
2981 | - ret = install_special_mapping(mm, addr, PAGE_SIZE, | ||
2982 | - VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC, | ||
2983 | - &signal_page); | ||
2984 | - | ||
2985 | - if (ret == 0) | ||
2986 | - mm->context.sigpage = addr; | ||
2987 | - | ||
2988 | - up_fail: | ||
2989 | + mm->context.sigpage = (PAGE_OFFSET + (get_random_int() % 0x3FFEFFE0)) & 0xFFFFFFFC; | ||
2990 | up_write(&mm->mmap_sem); | ||
2991 | - return ret; | ||
2992 | + return 0; | ||
2993 | } | ||
2994 | #endif | ||
2917 | diff --git a/arch/arm/kernel/psci.c b/arch/arm/kernel/psci.c | 2995 | diff --git a/arch/arm/kernel/psci.c b/arch/arm/kernel/psci.c |
2918 | index 3653164..d83e55d 100644 | 2996 | index 3653164..d83e55d 100644 |
2919 | --- a/arch/arm/kernel/psci.c | 2997 | --- a/arch/arm/kernel/psci.c |
@@ -3010,39 +3088,62 @@ index b4b1d39..efdc9be 100644 | |||
3010 | #ifdef MULTI_TLB | 3088 | #ifdef MULTI_TLB |
3011 | cpu_tlb = *list->tlb; | 3089 | cpu_tlb = *list->tlb; |
3012 | diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c | 3090 | diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c |
3013 | index 296786b..a8d4dd5 100644 | 3091 | index 5a42c12..a2bb7c6 100644 |
3014 | --- a/arch/arm/kernel/signal.c | 3092 | --- a/arch/arm/kernel/signal.c |
3015 | +++ b/arch/arm/kernel/signal.c | 3093 | +++ b/arch/arm/kernel/signal.c |
3016 | @@ -396,22 +396,14 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, | 3094 | @@ -45,8 +45,6 @@ static const unsigned long sigreturn_codes[7] = { |
3017 | __put_user(sigreturn_codes[idx+1], rc+1)) | 3095 | MOV_R7_NR_RT_SIGRETURN, SWI_SYS_RT_SIGRETURN, SWI_THUMB_RT_SIGRETURN, |
3018 | return 1; | 3096 | }; |
3019 | |||
3020 | - if (cpsr & MODE32_BIT) { | ||
3021 | - /* | ||
3022 | - * 32-bit code can use the new high-page | ||
3023 | - * signal return code support. | ||
3024 | - */ | ||
3025 | - retcode = KERN_SIGRETURN_CODE + (idx << 2) + thumb; | ||
3026 | - } else { | ||
3027 | - /* | ||
3028 | - * Ensure that the instruction cache sees | ||
3029 | - * the return code written onto the stack. | ||
3030 | - */ | ||
3031 | - flush_icache_range((unsigned long)rc, | ||
3032 | - (unsigned long)(rc + 2)); | ||
3033 | + /* | ||
3034 | + * Ensure that the instruction cache sees | ||
3035 | + * the return code written onto the stack. | ||
3036 | + */ | ||
3037 | + flush_icache_range((unsigned long)rc, | ||
3038 | + (unsigned long)(rc + 2)); | ||
3039 | |||
3040 | - retcode = ((unsigned long)rc) + thumb; | ||
3041 | - } | ||
3042 | + retcode = ((unsigned long)rc) + thumb; | ||
3043 | } | ||
3044 | 3097 | ||
3045 | regs->ARM_r0 = map_sig(ksig->sig); | 3098 | -static unsigned long signal_return_offset; |
3099 | - | ||
3100 | #ifdef CONFIG_CRUNCH | ||
3101 | static int preserve_crunch_context(struct crunch_sigframe __user *frame) | ||
3102 | { | ||
3103 | @@ -406,8 +404,7 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, | ||
3104 | * except when the MPU has protected the vectors | ||
3105 | * page from PL0 | ||
3106 | */ | ||
3107 | - retcode = mm->context.sigpage + signal_return_offset + | ||
3108 | - (idx << 2) + thumb; | ||
3109 | + retcode = mm->context.sigpage + (idx << 2) + thumb; | ||
3110 | } else | ||
3111 | #endif | ||
3112 | { | ||
3113 | @@ -611,33 +608,3 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall) | ||
3114 | } while (thread_flags & _TIF_WORK_MASK); | ||
3115 | return 0; | ||
3116 | } | ||
3117 | - | ||
3118 | -struct page *get_signal_page(void) | ||
3119 | -{ | ||
3120 | - unsigned long ptr; | ||
3121 | - unsigned offset; | ||
3122 | - struct page *page; | ||
3123 | - void *addr; | ||
3124 | - | ||
3125 | - page = alloc_pages(GFP_KERNEL, 0); | ||
3126 | - | ||
3127 | - if (!page) | ||
3128 | - return NULL; | ||
3129 | - | ||
3130 | - addr = page_address(page); | ||
3131 | - | ||
3132 | - /* Give the signal return code some randomness */ | ||
3133 | - offset = 0x200 + (get_random_int() & 0x7fc); | ||
3134 | - signal_return_offset = offset; | ||
3135 | - | ||
3136 | - /* | ||
3137 | - * Copy signal return handlers into the vector page, and | ||
3138 | - * set sigreturn to be a pointer to these. | ||
3139 | - */ | ||
3140 | - memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes)); | ||
3141 | - | ||
3142 | - ptr = (unsigned long)addr + offset; | ||
3143 | - flush_icache_range(ptr, ptr + sizeof(sigreturn_codes)); | ||
3144 | - | ||
3145 | - return page; | ||
3146 | -} | ||
3046 | diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c | 3147 | diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c |
3047 | index 5919eb4..b5d6dfe 100644 | 3148 | index 5919eb4..b5d6dfe 100644 |
3048 | --- a/arch/arm/kernel/smp.c | 3149 | --- a/arch/arm/kernel/smp.c |
@@ -3057,10 +3158,10 @@ index 5919eb4..b5d6dfe 100644 | |||
3057 | void __init smp_set_ops(struct smp_operations *ops) | 3158 | void __init smp_set_ops(struct smp_operations *ops) |
3058 | { | 3159 | { |
3059 | diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c | 3160 | diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c |
3060 | index 18b32e8..b0c8dca 100644 | 3161 | index 6b9567e..b8af2d6 100644 |
3061 | --- a/arch/arm/kernel/traps.c | 3162 | --- a/arch/arm/kernel/traps.c |
3062 | +++ b/arch/arm/kernel/traps.c | 3163 | +++ b/arch/arm/kernel/traps.c |
3063 | @@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); | 3164 | @@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); |
3064 | void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) | 3165 | void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) |
3065 | { | 3166 | { |
3066 | #ifdef CONFIG_KALLSYMS | 3167 | #ifdef CONFIG_KALLSYMS |
@@ -3069,7 +3170,7 @@ index 18b32e8..b0c8dca 100644 | |||
3069 | #else | 3170 | #else |
3070 | printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); | 3171 | printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); |
3071 | #endif | 3172 | #endif |
3072 | @@ -259,6 +259,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; | 3173 | @@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; |
3073 | static int die_owner = -1; | 3174 | static int die_owner = -1; |
3074 | static unsigned int die_nest_count; | 3175 | static unsigned int die_nest_count; |
3075 | 3176 | ||
@@ -3078,7 +3179,7 @@ index 18b32e8..b0c8dca 100644 | |||
3078 | static unsigned long oops_begin(void) | 3179 | static unsigned long oops_begin(void) |
3079 | { | 3180 | { |
3080 | int cpu; | 3181 | int cpu; |
3081 | @@ -301,6 +303,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) | 3182 | @@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr) |
3082 | panic("Fatal exception in interrupt"); | 3183 | panic("Fatal exception in interrupt"); |
3083 | if (panic_on_oops) | 3184 | if (panic_on_oops) |
3084 | panic("Fatal exception"); | 3185 | panic("Fatal exception"); |
@@ -3088,7 +3189,7 @@ index 18b32e8..b0c8dca 100644 | |||
3088 | if (signr) | 3189 | if (signr) |
3089 | do_exit(signr); | 3190 | do_exit(signr); |
3090 | } | 3191 | } |
3091 | @@ -594,7 +599,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) | 3192 | @@ -592,7 +597,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) |
3092 | * The user helper at 0xffff0fe0 must be used instead. | 3193 | * The user helper at 0xffff0fe0 must be used instead. |
3093 | * (see entry-armv.S for details) | 3194 | * (see entry-armv.S for details) |
3094 | */ | 3195 | */ |
@@ -3098,18 +3199,10 @@ index 18b32e8..b0c8dca 100644 | |||
3098 | } | 3199 | } |
3099 | return 0; | 3200 | return 0; |
3100 | 3201 | ||
3101 | @@ -834,13 +841,10 @@ void __init early_trap_init(void *vectors_base) | 3202 | @@ -848,5 +855,9 @@ void __init early_trap_init(void *vectors_base) |
3102 | */ | 3203 | kuser_init(vectors_base); |
3103 | kuser_get_tls_init(vectors); | ||
3104 | 3204 | ||
3105 | - /* | 3205 | flush_icache_range(vectors, vectors + PAGE_SIZE * 2); |
3106 | - * Copy signal return handlers into the vector page, and | ||
3107 | - * set sigreturn to be a pointer to these. | ||
3108 | - */ | ||
3109 | - memcpy((void *)(vectors + KERN_SIGRETURN_CODE - CONFIG_VECTORS_BASE), | ||
3110 | - sigreturn_codes, sizeof(sigreturn_codes)); | ||
3111 | - | ||
3112 | flush_icache_range(vectors, vectors + PAGE_SIZE); | ||
3113 | - modify_domain(DOMAIN_USER, DOMAIN_CLIENT); | 3206 | - modify_domain(DOMAIN_USER, DOMAIN_CLIENT); |
3114 | + | 3207 | + |
3115 | +#ifndef CONFIG_PAX_MEMORY_UDEREF | 3208 | +#ifndef CONFIG_PAX_MEMORY_UDEREF |
@@ -3118,7 +3211,7 @@ index 18b32e8..b0c8dca 100644 | |||
3118 | + | 3211 | + |
3119 | } | 3212 | } |
3120 | diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S | 3213 | diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S |
3121 | index a871b8e..123b00a 100644 | 3214 | index 33f2ea3..0b91824 100644 |
3122 | --- a/arch/arm/kernel/vmlinux.lds.S | 3215 | --- a/arch/arm/kernel/vmlinux.lds.S |
3123 | +++ b/arch/arm/kernel/vmlinux.lds.S | 3216 | +++ b/arch/arm/kernel/vmlinux.lds.S |
3124 | @@ -8,7 +8,11 @@ | 3217 | @@ -8,7 +8,11 @@ |
@@ -3166,7 +3259,7 @@ index a871b8e..123b00a 100644 | |||
3166 | 3259 | ||
3167 | #ifndef CONFIG_XIP_KERNEL | 3260 | #ifndef CONFIG_XIP_KERNEL |
3168 | . = ALIGN(PAGE_SIZE); | 3261 | . = ALIGN(PAGE_SIZE); |
3169 | @@ -207,6 +220,11 @@ SECTIONS | 3262 | @@ -224,6 +237,11 @@ SECTIONS |
3170 | . = PAGE_OFFSET + TEXT_OFFSET; | 3263 | . = PAGE_OFFSET + TEXT_OFFSET; |
3171 | #else | 3264 | #else |
3172 | __init_end = .; | 3265 | __init_end = .; |
@@ -3178,6 +3271,46 @@ index a871b8e..123b00a 100644 | |||
3178 | . = ALIGN(THREAD_SIZE); | 3271 | . = ALIGN(THREAD_SIZE); |
3179 | __data_loc = .; | 3272 | __data_loc = .; |
3180 | #endif | 3273 | #endif |
3274 | diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c | ||
3275 | index ef1703b..46b77f3 100644 | ||
3276 | --- a/arch/arm/kvm/arm.c | ||
3277 | +++ b/arch/arm/kvm/arm.c | ||
3278 | @@ -56,7 +56,7 @@ static unsigned long hyp_default_vectors; | ||
3279 | static DEFINE_PER_CPU(struct kvm_vcpu *, kvm_arm_running_vcpu); | ||
3280 | |||
3281 | /* The VMID used in the VTTBR */ | ||
3282 | -static atomic64_t kvm_vmid_gen = ATOMIC64_INIT(1); | ||
3283 | +static atomic64_unchecked_t kvm_vmid_gen = ATOMIC64_INIT(1); | ||
3284 | static u8 kvm_next_vmid; | ||
3285 | static DEFINE_SPINLOCK(kvm_vmid_lock); | ||
3286 | |||
3287 | @@ -392,7 +392,7 @@ void force_vm_exit(const cpumask_t *mask) | ||
3288 | */ | ||
3289 | static bool need_new_vmid_gen(struct kvm *kvm) | ||
3290 | { | ||
3291 | - return unlikely(kvm->arch.vmid_gen != atomic64_read(&kvm_vmid_gen)); | ||
3292 | + return unlikely(kvm->arch.vmid_gen != atomic64_read_unchecked(&kvm_vmid_gen)); | ||
3293 | } | ||
3294 | |||
3295 | /** | ||
3296 | @@ -425,7 +425,7 @@ static void update_vttbr(struct kvm *kvm) | ||
3297 | |||
3298 | /* First user of a new VMID generation? */ | ||
3299 | if (unlikely(kvm_next_vmid == 0)) { | ||
3300 | - atomic64_inc(&kvm_vmid_gen); | ||
3301 | + atomic64_inc_unchecked(&kvm_vmid_gen); | ||
3302 | kvm_next_vmid = 1; | ||
3303 | |||
3304 | /* | ||
3305 | @@ -442,7 +442,7 @@ static void update_vttbr(struct kvm *kvm) | ||
3306 | kvm_call_hyp(__kvm_flush_vm_context); | ||
3307 | } | ||
3308 | |||
3309 | - kvm->arch.vmid_gen = atomic64_read(&kvm_vmid_gen); | ||
3310 | + kvm->arch.vmid_gen = atomic64_read_unchecked(&kvm_vmid_gen); | ||
3311 | kvm->arch.vmid = kvm_next_vmid; | ||
3312 | kvm_next_vmid++; | ||
3313 | |||
3181 | diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S | 3314 | diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S |
3182 | index 14a0d98..7771a7d 100644 | 3315 | index 14a0d98..7771a7d 100644 |
3183 | --- a/arch/arm/lib/clear_user.S | 3316 | --- a/arch/arm/lib/clear_user.S |
@@ -3539,10 +3672,10 @@ index cad3ca86..1d79e0f 100644 | |||
3539 | extern void ux500_cpu_die(unsigned int cpu); | 3672 | extern void ux500_cpu_die(unsigned int cpu); |
3540 | 3673 | ||
3541 | diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig | 3674 | diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig |
3542 | index 35955b5..b475042 100644 | 3675 | index 08c9fe9..191320c 100644 |
3543 | --- a/arch/arm/mm/Kconfig | 3676 | --- a/arch/arm/mm/Kconfig |
3544 | +++ b/arch/arm/mm/Kconfig | 3677 | +++ b/arch/arm/mm/Kconfig |
3545 | @@ -432,7 +432,7 @@ config CPU_32v5 | 3678 | @@ -436,7 +436,7 @@ config CPU_32v5 |
3546 | 3679 | ||
3547 | config CPU_32v6 | 3680 | config CPU_32v6 |
3548 | bool | 3681 | bool |
@@ -3551,7 +3684,7 @@ index 35955b5..b475042 100644 | |||
3551 | select TLS_REG_EMUL if !CPU_32v6K && !MMU | 3684 | select TLS_REG_EMUL if !CPU_32v6K && !MMU |
3552 | 3685 | ||
3553 | config CPU_32v6K | 3686 | config CPU_32v6K |
3554 | @@ -581,6 +581,7 @@ config CPU_CP15_MPU | 3687 | @@ -585,6 +585,7 @@ config CPU_CP15_MPU |
3555 | 3688 | ||
3556 | config CPU_USE_DOMAINS | 3689 | config CPU_USE_DOMAINS |
3557 | bool | 3690 | bool |
@@ -3559,6 +3692,23 @@ index 35955b5..b475042 100644 | |||
3559 | help | 3692 | help |
3560 | This option enables or disables the use of domain switching | 3693 | This option enables or disables the use of domain switching |
3561 | via the set_fs() function. | 3694 | via the set_fs() function. |
3695 | @@ -780,6 +781,7 @@ config NEED_KUSER_HELPERS | ||
3696 | config KUSER_HELPERS | ||
3697 | bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS | ||
3698 | default y | ||
3699 | + depends on !(CPU_V6 || CPU_V6K || CPU_V7) | ||
3700 | help | ||
3701 | Warning: disabling this option may break user programs. | ||
3702 | |||
3703 | @@ -792,7 +794,7 @@ config KUSER_HELPERS | ||
3704 | See Documentation/arm/kernel_user_helpers.txt for details. | ||
3705 | |||
3706 | However, the fixed address nature of these helpers can be used | ||
3707 | - by ROP (return orientated programming) authors when creating | ||
3708 | + by ROP (Return Oriented Programming) authors when creating | ||
3709 | exploits. | ||
3710 | |||
3711 | If all of the binaries and libraries which run on your platform | ||
3562 | diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c | 3712 | diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c |
3563 | index 6f4585b..7b6f52b 100644 | 3713 | index 6f4585b..7b6f52b 100644 |
3564 | --- a/arch/arm/mm/alignment.c | 3714 | --- a/arch/arm/mm/alignment.c |
@@ -3624,8 +3774,56 @@ index 6f4585b..7b6f52b 100644 | |||
3624 | if (err) \ | 3774 | if (err) \ |
3625 | goto fault; \ | 3775 | goto fault; \ |
3626 | } while (0) | 3776 | } while (0) |
3777 | diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c | ||
3778 | index eeab06e..2638dc2 100644 | ||
3779 | --- a/arch/arm/mm/context.c | ||
3780 | +++ b/arch/arm/mm/context.c | ||
3781 | @@ -42,7 +42,7 @@ | ||
3782 | #define NUM_USER_ASIDS ASID_FIRST_VERSION | ||
3783 | |||
3784 | static DEFINE_RAW_SPINLOCK(cpu_asid_lock); | ||
3785 | -static atomic64_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION); | ||
3786 | +static atomic64_unchecked_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION); | ||
3787 | static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); | ||
3788 | |||
3789 | static DEFINE_PER_CPU(atomic64_t, active_asids); | ||
3790 | @@ -188,7 +188,7 @@ static int is_reserved_asid(u64 asid) | ||
3791 | static u64 new_context(struct mm_struct *mm, unsigned int cpu) | ||
3792 | { | ||
3793 | u64 asid = atomic64_read(&mm->context.id); | ||
3794 | - u64 generation = atomic64_read(&asid_generation); | ||
3795 | + u64 generation = atomic64_read_unchecked(&asid_generation); | ||
3796 | |||
3797 | if (asid != 0 && is_reserved_asid(asid)) { | ||
3798 | /* | ||
3799 | @@ -206,7 +206,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu) | ||
3800 | */ | ||
3801 | asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); | ||
3802 | if (asid == NUM_USER_ASIDS) { | ||
3803 | - generation = atomic64_add_return(ASID_FIRST_VERSION, | ||
3804 | + generation = atomic64_add_return_unchecked(ASID_FIRST_VERSION, | ||
3805 | &asid_generation); | ||
3806 | flush_context(cpu); | ||
3807 | asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, 1); | ||
3808 | @@ -235,14 +235,14 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) | ||
3809 | cpu_set_reserved_ttbr0(); | ||
3810 | |||
3811 | asid = atomic64_read(&mm->context.id); | ||
3812 | - if (!((asid ^ atomic64_read(&asid_generation)) >> ASID_BITS) | ||
3813 | + if (!((asid ^ atomic64_read_unchecked(&asid_generation)) >> ASID_BITS) | ||
3814 | && atomic64_xchg(&per_cpu(active_asids, cpu), asid)) | ||
3815 | goto switch_mm_fastpath; | ||
3816 | |||
3817 | raw_spin_lock_irqsave(&cpu_asid_lock, flags); | ||
3818 | /* Check that our ASID belongs to the current generation. */ | ||
3819 | asid = atomic64_read(&mm->context.id); | ||
3820 | - if ((asid ^ atomic64_read(&asid_generation)) >> ASID_BITS) { | ||
3821 | + if ((asid ^ atomic64_read_unchecked(&asid_generation)) >> ASID_BITS) { | ||
3822 | asid = new_context(mm, cpu); | ||
3823 | atomic64_set(&mm->context.id, asid); | ||
3824 | } | ||
3627 | diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c | 3825 | diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c |
3628 | index 5dbf13f..1a60561 100644 | 3826 | index 5dbf13f..a2d1876 100644 |
3629 | --- a/arch/arm/mm/fault.c | 3827 | --- a/arch/arm/mm/fault.c |
3630 | +++ b/arch/arm/mm/fault.c | 3828 | +++ b/arch/arm/mm/fault.c |
3631 | @@ -25,6 +25,7 @@ | 3829 | @@ -25,6 +25,7 @@ |
@@ -3728,12 +3926,31 @@ index 5dbf13f..1a60561 100644 | |||
3728 | printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", | 3926 | printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", |
3729 | inf->name, fsr, addr); | 3927 | inf->name, fsr, addr); |
3730 | 3928 | ||
3731 | @@ -575,9 +637,49 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) | 3929 | @@ -569,15 +631,68 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs * |
3930 | ifsr_info[nr].name = name; | ||
3931 | } | ||
3932 | |||
3933 | +asmlinkage int sys_sigreturn(struct pt_regs *regs); | ||
3934 | +asmlinkage int sys_rt_sigreturn(struct pt_regs *regs); | ||
3935 | + | ||
3936 | asmlinkage void __exception | ||
3937 | do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) | ||
3938 | { | ||
3732 | const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); | 3939 | const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); |
3733 | struct siginfo info; | 3940 | struct siginfo info; |
3734 | 3941 | + unsigned long pc = instruction_pointer(regs); | |
3942 | + | ||
3735 | + if (user_mode(regs)) { | 3943 | + if (user_mode(regs)) { |
3736 | + if (addr == 0xffff0fe0UL) { | 3944 | + unsigned long sigpage = current->mm->context.sigpage; |
3945 | + | ||
3946 | + if (sigpage <= pc && pc < sigpage + 7*4) { | ||
3947 | + if (pc < sigpage + 3*4) | ||
3948 | + sys_sigreturn(regs); | ||
3949 | + else | ||
3950 | + sys_rt_sigreturn(regs); | ||
3951 | + return; | ||
3952 | + } | ||
3953 | + if (pc == 0xffff0fe0UL) { | ||
3737 | + /* | 3954 | + /* |
3738 | + * PaX: __kuser_get_tls emulation | 3955 | + * PaX: __kuser_get_tls emulation |
3739 | + */ | 3956 | + */ |
@@ -3748,11 +3965,11 @@ index 5dbf13f..1a60561 100644 | |||
3748 | + if (current->signal->curr_ip) | 3965 | + if (current->signal->curr_ip) |
3749 | + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), | 3966 | + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), |
3750 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), | 3967 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
3751 | + addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); | 3968 | + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
3752 | + else | 3969 | + else |
3753 | + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), | 3970 | + printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), |
3754 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), | 3971 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()), |
3755 | + addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); | 3972 | + pc >= TASK_SIZE ? "non-executable kernel" : "userland", pc); |
3756 | + goto die; | 3973 | + goto die; |
3757 | + } | 3974 | + } |
3758 | +#endif | 3975 | +#endif |
@@ -3761,7 +3978,7 @@ index 5dbf13f..1a60561 100644 | |||
3761 | + if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) { | 3978 | + if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) { |
3762 | + unsigned int bkpt; | 3979 | + unsigned int bkpt; |
3763 | + | 3980 | + |
3764 | + if (!probe_kernel_address((unsigned int *)addr, bkpt) && bkpt == 0xe12f1073) { | 3981 | + if (!probe_kernel_address((unsigned int *)pc, bkpt) && cpu_to_le32(bkpt) == 0xe12f1073) { |
3765 | + current->thread.error_code = ifsr; | 3982 | + current->thread.error_code = ifsr; |
3766 | + current->thread.trap_no = 0; | 3983 | + current->thread.trap_no = 0; |
3767 | + pax_report_refcount_overflow(regs); | 3984 | + pax_report_refcount_overflow(regs); |
@@ -3770,7 +3987,7 @@ index 5dbf13f..1a60561 100644 | |||
3770 | + } | 3987 | + } |
3771 | + } | 3988 | + } |
3772 | +#endif | 3989 | +#endif |
3773 | + | 3990 | |
3774 | if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) | 3991 | if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) |
3775 | return; | 3992 | return; |
3776 | 3993 | ||
@@ -3997,7 +4214,7 @@ index 10062ce..8695745 100644 | |||
3997 | mm->unmap_area = arch_unmap_area_topdown; | 4214 | mm->unmap_area = arch_unmap_area_topdown; |
3998 | } | 4215 | } |
3999 | diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c | 4216 | diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c |
4000 | index 4d409e6..f375351 100644 | 4217 | index daf336f..4e6392c 100644 |
4001 | --- a/arch/arm/mm/mmu.c | 4218 | --- a/arch/arm/mm/mmu.c |
4002 | +++ b/arch/arm/mm/mmu.c | 4219 | +++ b/arch/arm/mm/mmu.c |
4003 | @@ -36,6 +36,22 @@ | 4220 | @@ -36,6 +36,22 @@ |
@@ -4064,7 +4281,7 @@ index 4d409e6..f375351 100644 | |||
4064 | .domain = DOMAIN_KERNEL, | 4281 | .domain = DOMAIN_KERNEL, |
4065 | }, | 4282 | }, |
4066 | #endif | 4283 | #endif |
4067 | @@ -277,36 +301,65 @@ static struct mem_type mem_types[] = { | 4284 | @@ -277,36 +301,54 @@ static struct mem_type mem_types[] = { |
4068 | .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | | 4285 | .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | |
4069 | L_PTE_RDONLY, | 4286 | L_PTE_RDONLY, |
4070 | .prot_l1 = PMD_TYPE_TABLE, | 4287 | .prot_l1 = PMD_TYPE_TABLE, |
@@ -4072,21 +4289,8 @@ index 4d409e6..f375351 100644 | |||
4072 | + .domain = DOMAIN_VECTORS, | 4289 | + .domain = DOMAIN_VECTORS, |
4073 | }, | 4290 | }, |
4074 | [MT_HIGH_VECTORS] = { | 4291 | [MT_HIGH_VECTORS] = { |
4075 | - .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | | 4292 | .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | |
4076 | - L_PTE_USER | L_PTE_RDONLY, | 4293 | L_PTE_USER | L_PTE_RDONLY, |
4077 | + /* we always want the vector page to be noaccess for userland on archs with | ||
4078 | + XN where we can enforce some reasonable measure of security | ||
4079 | + therefore, when kernexec is disabled, instead of L_PTE_USER | L_PTE_RDONLY | ||
4080 | + which turns into supervisor rwx, userland rx, we instead omit that entirely, | ||
4081 | + leaving it as supervisor rwx only | ||
4082 | + */ | ||
4083 | +#ifdef CONFIG_PAX_KERNEXEC | ||
4084 | + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_RDONLY, | ||
4085 | +#elif __LINUX_ARM_ARCH__ >= 6 | ||
4086 | + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, | ||
4087 | +#else | ||
4088 | + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_USER | L_PTE_RDONLY, | ||
4089 | +#endif | ||
4090 | .prot_l1 = PMD_TYPE_TABLE, | 4294 | .prot_l1 = PMD_TYPE_TABLE, |
4091 | - .domain = DOMAIN_USER, | 4295 | - .domain = DOMAIN_USER, |
4092 | + .domain = DOMAIN_VECTORS, | 4296 | + .domain = DOMAIN_VECTORS, |
@@ -4140,7 +4344,7 @@ index 4d409e6..f375351 100644 | |||
4140 | .domain = DOMAIN_KERNEL, | 4344 | .domain = DOMAIN_KERNEL, |
4141 | }, | 4345 | }, |
4142 | [MT_MEMORY_ITCM] = { | 4346 | [MT_MEMORY_ITCM] = { |
4143 | @@ -316,10 +369,10 @@ static struct mem_type mem_types[] = { | 4347 | @@ -316,10 +358,10 @@ static struct mem_type mem_types[] = { |
4144 | }, | 4348 | }, |
4145 | [MT_MEMORY_SO] = { | 4349 | [MT_MEMORY_SO] = { |
4146 | .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | | 4350 | .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | |
@@ -4153,7 +4357,7 @@ index 4d409e6..f375351 100644 | |||
4153 | .domain = DOMAIN_KERNEL, | 4357 | .domain = DOMAIN_KERNEL, |
4154 | }, | 4358 | }, |
4155 | [MT_MEMORY_DMA_READY] = { | 4359 | [MT_MEMORY_DMA_READY] = { |
4156 | @@ -405,9 +458,35 @@ static void __init build_mem_type_table(void) | 4360 | @@ -405,9 +447,35 @@ static void __init build_mem_type_table(void) |
4157 | * to prevent speculative instruction fetches. | 4361 | * to prevent speculative instruction fetches. |
4158 | */ | 4362 | */ |
4159 | mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; | 4363 | mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; |
@@ -4189,7 +4393,7 @@ index 4d409e6..f375351 100644 | |||
4189 | } | 4393 | } |
4190 | if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { | 4394 | if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { |
4191 | /* | 4395 | /* |
4192 | @@ -468,6 +547,9 @@ static void __init build_mem_type_table(void) | 4396 | @@ -468,6 +536,9 @@ static void __init build_mem_type_table(void) |
4193 | * from SVC mode and no access from userspace. | 4397 | * from SVC mode and no access from userspace. |
4194 | */ | 4398 | */ |
4195 | mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; | 4399 | mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; |
@@ -4199,7 +4403,7 @@ index 4d409e6..f375351 100644 | |||
4199 | mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; | 4403 | mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; |
4200 | mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; | 4404 | mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; |
4201 | #endif | 4405 | #endif |
4202 | @@ -485,11 +567,17 @@ static void __init build_mem_type_table(void) | 4406 | @@ -485,11 +556,17 @@ static void __init build_mem_type_table(void) |
4203 | mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; | 4407 | mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; |
4204 | mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; | 4408 | mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; |
4205 | mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; | 4409 | mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; |
@@ -4221,7 +4425,7 @@ index 4d409e6..f375351 100644 | |||
4221 | } | 4425 | } |
4222 | } | 4426 | } |
4223 | 4427 | ||
4224 | @@ -500,15 +588,20 @@ static void __init build_mem_type_table(void) | 4428 | @@ -500,15 +577,20 @@ static void __init build_mem_type_table(void) |
4225 | if (cpu_arch >= CPU_ARCH_ARMv6) { | 4429 | if (cpu_arch >= CPU_ARCH_ARMv6) { |
4226 | if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { | 4430 | if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { |
4227 | /* Non-cacheable Normal is XCB = 001 */ | 4431 | /* Non-cacheable Normal is XCB = 001 */ |
@@ -4245,7 +4449,7 @@ index 4d409e6..f375351 100644 | |||
4245 | } | 4449 | } |
4246 | 4450 | ||
4247 | #ifdef CONFIG_ARM_LPAE | 4451 | #ifdef CONFIG_ARM_LPAE |
4248 | @@ -524,6 +617,8 @@ static void __init build_mem_type_table(void) | 4452 | @@ -524,6 +606,8 @@ static void __init build_mem_type_table(void) |
4249 | vecs_pgprot |= PTE_EXT_AF; | 4453 | vecs_pgprot |= PTE_EXT_AF; |
4250 | #endif | 4454 | #endif |
4251 | 4455 | ||
@@ -4254,7 +4458,7 @@ index 4d409e6..f375351 100644 | |||
4254 | for (i = 0; i < 16; i++) { | 4458 | for (i = 0; i < 16; i++) { |
4255 | pteval_t v = pgprot_val(protection_map[i]); | 4459 | pteval_t v = pgprot_val(protection_map[i]); |
4256 | protection_map[i] = __pgprot(v | user_pgprot); | 4460 | protection_map[i] = __pgprot(v | user_pgprot); |
4257 | @@ -541,10 +636,15 @@ static void __init build_mem_type_table(void) | 4461 | @@ -541,10 +625,15 @@ static void __init build_mem_type_table(void) |
4258 | 4462 | ||
4259 | mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; | 4463 | mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; |
4260 | mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; | 4464 | mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; |
@@ -4273,12 +4477,12 @@ index 4d409e6..f375351 100644 | |||
4273 | mem_types[MT_ROM].prot_sect |= cp->pmd; | 4477 | mem_types[MT_ROM].prot_sect |= cp->pmd; |
4274 | 4478 | ||
4275 | switch (cp->pmd) { | 4479 | switch (cp->pmd) { |
4276 | @@ -1166,18 +1266,15 @@ void __init arm_mm_memblock_reserve(void) | 4480 | @@ -1166,18 +1255,15 @@ void __init arm_mm_memblock_reserve(void) |
4277 | * called function. This means you can't use any function or debugging | 4481 | * called function. This means you can't use any function or debugging |
4278 | * method which may touch any device, otherwise the kernel _will_ crash. | 4482 | * method which may touch any device, otherwise the kernel _will_ crash. |
4279 | */ | 4483 | */ |
4280 | + | 4484 | + |
4281 | +static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE); | 4485 | +static char vectors[PAGE_SIZE * 2] __read_only __aligned(PAGE_SIZE); |
4282 | + | 4486 | + |
4283 | static void __init devicemaps_init(struct machine_desc *mdesc) | 4487 | static void __init devicemaps_init(struct machine_desc *mdesc) |
4284 | { | 4488 | { |
@@ -4289,14 +4493,14 @@ index 4d409e6..f375351 100644 | |||
4289 | - /* | 4493 | - /* |
4290 | - * Allocate the vector page early. | 4494 | - * Allocate the vector page early. |
4291 | - */ | 4495 | - */ |
4292 | - vectors = early_alloc(PAGE_SIZE); | 4496 | - vectors = early_alloc(PAGE_SIZE * 2); |
4293 | - | 4497 | - |
4294 | - early_trap_init(vectors); | 4498 | - early_trap_init(vectors); |
4295 | + early_trap_init(&vectors); | 4499 | + early_trap_init(&vectors); |
4296 | 4500 | ||
4297 | for (addr = VMALLOC_START; addr; addr += PMD_SIZE) | 4501 | for (addr = VMALLOC_START; addr; addr += PMD_SIZE) |
4298 | pmd_clear(pmd_off_k(addr)); | 4502 | pmd_clear(pmd_off_k(addr)); |
4299 | @@ -1217,7 +1314,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) | 4503 | @@ -1217,7 +1303,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) |
4300 | * location (0xffff0000). If we aren't using high-vectors, also | 4504 | * location (0xffff0000). If we aren't using high-vectors, also |
4301 | * create a mapping at the low-vectors virtual address. | 4505 | * create a mapping at the low-vectors virtual address. |
4302 | */ | 4506 | */ |
@@ -4304,8 +4508,8 @@ index 4d409e6..f375351 100644 | |||
4304 | + map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); | 4508 | + map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); |
4305 | map.virtual = 0xffff0000; | 4509 | map.virtual = 0xffff0000; |
4306 | map.length = PAGE_SIZE; | 4510 | map.length = PAGE_SIZE; |
4307 | map.type = MT_HIGH_VECTORS; | 4511 | #ifdef CONFIG_KUSER_HELPERS |
4308 | @@ -1275,8 +1372,39 @@ static void __init map_lowmem(void) | 4512 | @@ -1287,8 +1373,39 @@ static void __init map_lowmem(void) |
4309 | map.pfn = __phys_to_pfn(start); | 4513 | map.pfn = __phys_to_pfn(start); |
4310 | map.virtual = __phys_to_virt(start); | 4514 | map.virtual = __phys_to_virt(start); |
4311 | map.length = end - start; | 4515 | map.length = end - start; |
@@ -4346,20 +4550,6 @@ index 4d409e6..f375351 100644 | |||
4346 | create_mapping(&map); | 4550 | create_mapping(&map); |
4347 | } | 4551 | } |
4348 | } | 4552 | } |
4349 | diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S | ||
4350 | index 9704097..3e36dde 100644 | ||
4351 | --- a/arch/arm/mm/proc-v7-2level.S | ||
4352 | +++ b/arch/arm/mm/proc-v7-2level.S | ||
4353 | @@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) | ||
4354 | tst r1, #L_PTE_XN | ||
4355 | orrne r3, r3, #PTE_EXT_XN | ||
4356 | |||
4357 | + tst r1, #L_PTE_PXN | ||
4358 | + orrne r3, r3, #PTE_EXT_PXN | ||
4359 | + | ||
4360 | tst r1, #L_PTE_YOUNG | ||
4361 | tstne r1, #L_PTE_VALID | ||
4362 | #ifndef CONFIG_CPU_USE_DOMAINS | ||
4363 | diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c | 4553 | diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c |
4364 | index a5bc92d..0bb4730 100644 | 4554 | index a5bc92d..0bb4730 100644 |
4365 | --- a/arch/arm/plat-omap/sram.c | 4555 | --- a/arch/arm/plat-omap/sram.c |
@@ -5244,10 +5434,10 @@ index 4efe96a..60e8699 100644 | |||
5244 | #define SMP_CACHE_BYTES L1_CACHE_BYTES | 5434 | #define SMP_CACHE_BYTES L1_CACHE_BYTES |
5245 | 5435 | ||
5246 | diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h | 5436 | diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h |
5247 | index 08b6079..eb272cf 100644 | 5437 | index 08b6079..8b554d2 100644 |
5248 | --- a/arch/mips/include/asm/atomic.h | 5438 | --- a/arch/mips/include/asm/atomic.h |
5249 | +++ b/arch/mips/include/asm/atomic.h | 5439 | +++ b/arch/mips/include/asm/atomic.h |
5250 | @@ -21,6 +21,10 @@ | 5440 | @@ -21,15 +21,39 @@ |
5251 | #include <asm/cmpxchg.h> | 5441 | #include <asm/cmpxchg.h> |
5252 | #include <asm/war.h> | 5442 | #include <asm/war.h> |
5253 | 5443 | ||
@@ -5257,24 +5447,899 @@ index 08b6079..eb272cf 100644 | |||
5257 | + | 5447 | + |
5258 | #define ATOMIC_INIT(i) { (i) } | 5448 | #define ATOMIC_INIT(i) { (i) } |
5259 | 5449 | ||
5450 | +#ifdef CONFIG_64BIT | ||
5451 | +#define _ASM_EXTABLE(from, to) \ | ||
5452 | +" .section __ex_table,\"a\"\n" \ | ||
5453 | +" .dword " #from ", " #to"\n" \ | ||
5454 | +" .previous\n" | ||
5455 | +#else | ||
5456 | +#define _ASM_EXTABLE(from, to) \ | ||
5457 | +" .section __ex_table,\"a\"\n" \ | ||
5458 | +" .word " #from ", " #to"\n" \ | ||
5459 | +" .previous\n" | ||
5460 | +#endif | ||
5461 | + | ||
5260 | /* | 5462 | /* |
5261 | @@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) | 5463 | * atomic_read - read atomic variable |
5464 | * @v: pointer of type atomic_t | ||
5465 | * | ||
5466 | * Atomically reads the value of @v. | ||
5262 | */ | 5467 | */ |
5263 | #define atomic64_add_negative(i, v) (atomic64_add_return(i, (v)) < 0) | 5468 | -#define atomic_read(v) (*(volatile int *)&(v)->counter) |
5469 | +static inline int atomic_read(const atomic_t *v) | ||
5470 | +{ | ||
5471 | + return (*(volatile const int *) &v->counter); | ||
5472 | +} | ||
5473 | + | ||
5474 | +static inline int atomic_read_unchecked(const atomic_unchecked_t *v) | ||
5475 | +{ | ||
5476 | + return (*(volatile const int *) &v->counter); | ||
5477 | +} | ||
5264 | 5478 | ||
5265 | +#define atomic64_read_unchecked(v) atomic64_read(v) | 5479 | /* |
5266 | +#define atomic64_set_unchecked(v, i) atomic64_set((v), (i)) | 5480 | * atomic_set - set atomic variable |
5267 | +#define atomic64_add_unchecked(a, v) atomic64_add((a), (v)) | 5481 | @@ -38,7 +62,15 @@ |
5268 | +#define atomic64_add_return_unchecked(a, v) atomic64_add_return((a), (v)) | 5482 | * |
5269 | +#define atomic64_sub_unchecked(a, v) atomic64_sub((a), (v)) | 5483 | * Atomically sets the value of @v to @i. |
5270 | +#define atomic64_inc_unchecked(v) atomic64_inc(v) | 5484 | */ |
5271 | +#define atomic64_inc_return_unchecked(v) atomic64_inc_return(v) | 5485 | -#define atomic_set(v, i) ((v)->counter = (i)) |
5272 | +#define atomic64_dec_unchecked(v) atomic64_dec(v) | 5486 | +static inline void atomic_set(atomic_t *v, int i) |
5273 | +#define atomic64_cmpxchg_unchecked(v, o, n) atomic64_cmpxchg((v), (o), (n)) | 5487 | +{ |
5488 | + v->counter = i; | ||
5489 | +} | ||
5274 | + | 5490 | + |
5275 | #endif /* CONFIG_64BIT */ | 5491 | +static inline void atomic_set_unchecked(atomic_unchecked_t *v, int i) |
5492 | +{ | ||
5493 | + v->counter = i; | ||
5494 | +} | ||
5495 | |||
5496 | /* | ||
5497 | * atomic_add - add integer to atomic variable | ||
5498 | @@ -47,7 +79,67 @@ | ||
5499 | * | ||
5500 | * Atomically adds @i to @v. | ||
5501 | */ | ||
5502 | -static __inline__ void atomic_add(int i, atomic_t * v) | ||
5503 | +static __inline__ void atomic_add(int i, atomic_t *v) | ||
5504 | +{ | ||
5505 | + int temp; | ||
5506 | + | ||
5507 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5508 | + __asm__ __volatile__( | ||
5509 | + " .set mips3 \n" | ||
5510 | + "1: ll %0, %1 # atomic_add \n" | ||
5511 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5512 | + /* Exception on overflow. */ | ||
5513 | + "2: add %0, %2 \n" | ||
5514 | +#else | ||
5515 | + " addu %0, %2 \n" | ||
5516 | +#endif | ||
5517 | + " sc %0, %1 \n" | ||
5518 | + " beqzl %0, 1b \n" | ||
5519 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5520 | + "3: \n" | ||
5521 | + _ASM_EXTABLE(2b, 3b) | ||
5522 | +#endif | ||
5523 | + " .set mips0 \n" | ||
5524 | + : "=&r" (temp), "+m" (v->counter) | ||
5525 | + : "Ir" (i)); | ||
5526 | + } else if (kernel_uses_llsc) { | ||
5527 | + __asm__ __volatile__( | ||
5528 | + " .set mips3 \n" | ||
5529 | + "1: ll %0, %1 # atomic_add \n" | ||
5530 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5531 | + /* Exception on overflow. */ | ||
5532 | + "2: add %0, %2 \n" | ||
5533 | +#else | ||
5534 | + " addu %0, %2 \n" | ||
5535 | +#endif | ||
5536 | + " sc %0, %1 \n" | ||
5537 | + " beqz %0, 1b \n" | ||
5538 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5539 | + "3: \n" | ||
5540 | + _ASM_EXTABLE(2b, 3b) | ||
5541 | +#endif | ||
5542 | + " .set mips0 \n" | ||
5543 | + : "=&r" (temp), "+m" (v->counter) | ||
5544 | + : "Ir" (i)); | ||
5545 | + } else { | ||
5546 | + unsigned long flags; | ||
5547 | + | ||
5548 | + raw_local_irq_save(flags); | ||
5549 | + __asm__ __volatile__( | ||
5550 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5551 | + /* Exception on overflow. */ | ||
5552 | + "1: add %0, %1 \n" | ||
5553 | + "2: \n" | ||
5554 | + _ASM_EXTABLE(1b, 2b) | ||
5555 | +#else | ||
5556 | + " addu %0, %1 \n" | ||
5557 | +#endif | ||
5558 | + : "+r" (v->counter) : "Ir" (i)); | ||
5559 | + raw_local_irq_restore(flags); | ||
5560 | + } | ||
5561 | +} | ||
5562 | + | ||
5563 | +static __inline__ void atomic_add_unchecked(int i, atomic_unchecked_t *v) | ||
5564 | { | ||
5565 | if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5566 | int temp; | ||
5567 | @@ -90,7 +182,67 @@ static __inline__ void atomic_add(int i, atomic_t * v) | ||
5568 | * | ||
5569 | * Atomically subtracts @i from @v. | ||
5570 | */ | ||
5571 | -static __inline__ void atomic_sub(int i, atomic_t * v) | ||
5572 | +static __inline__ void atomic_sub(int i, atomic_t *v) | ||
5573 | +{ | ||
5574 | + int temp; | ||
5575 | + | ||
5576 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5577 | + __asm__ __volatile__( | ||
5578 | + " .set mips3 \n" | ||
5579 | + "1: ll %0, %1 # atomic64_sub \n" | ||
5580 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5581 | + /* Exception on overflow. */ | ||
5582 | + "2: sub %0, %2 \n" | ||
5583 | +#else | ||
5584 | + " subu %0, %2 \n" | ||
5585 | +#endif | ||
5586 | + " sc %0, %1 \n" | ||
5587 | + " beqzl %0, 1b \n" | ||
5588 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5589 | + "3: \n" | ||
5590 | + _ASM_EXTABLE(2b, 3b) | ||
5591 | +#endif | ||
5592 | + " .set mips0 \n" | ||
5593 | + : "=&r" (temp), "+m" (v->counter) | ||
5594 | + : "Ir" (i)); | ||
5595 | + } else if (kernel_uses_llsc) { | ||
5596 | + __asm__ __volatile__( | ||
5597 | + " .set mips3 \n" | ||
5598 | + "1: ll %0, %1 # atomic64_sub \n" | ||
5599 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5600 | + /* Exception on overflow. */ | ||
5601 | + "2: sub %0, %2 \n" | ||
5602 | +#else | ||
5603 | + " subu %0, %2 \n" | ||
5604 | +#endif | ||
5605 | + " sc %0, %1 \n" | ||
5606 | + " beqz %0, 1b \n" | ||
5607 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5608 | + "3: \n" | ||
5609 | + _ASM_EXTABLE(2b, 3b) | ||
5610 | +#endif | ||
5611 | + " .set mips0 \n" | ||
5612 | + : "=&r" (temp), "+m" (v->counter) | ||
5613 | + : "Ir" (i)); | ||
5614 | + } else { | ||
5615 | + unsigned long flags; | ||
5616 | + | ||
5617 | + raw_local_irq_save(flags); | ||
5618 | + __asm__ __volatile__( | ||
5619 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5620 | + /* Exception on overflow. */ | ||
5621 | + "1: sub %0, %1 \n" | ||
5622 | + "2: \n" | ||
5623 | + _ASM_EXTABLE(1b, 2b) | ||
5624 | +#else | ||
5625 | + " subu %0, %1 \n" | ||
5626 | +#endif | ||
5627 | + : "+r" (v->counter) : "Ir" (i)); | ||
5628 | + raw_local_irq_restore(flags); | ||
5629 | + } | ||
5630 | +} | ||
5631 | + | ||
5632 | +static __inline__ void atomic_sub_unchecked(long i, atomic_unchecked_t *v) | ||
5633 | { | ||
5634 | if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5635 | int temp; | ||
5636 | @@ -129,7 +281,93 @@ static __inline__ void atomic_sub(int i, atomic_t * v) | ||
5637 | /* | ||
5638 | * Same as above, but return the result value | ||
5639 | */ | ||
5640 | -static __inline__ int atomic_add_return(int i, atomic_t * v) | ||
5641 | +static __inline__ int atomic_add_return(int i, atomic_t *v) | ||
5642 | +{ | ||
5643 | + int result; | ||
5644 | + int temp; | ||
5645 | + | ||
5646 | + smp_mb__before_llsc(); | ||
5647 | + | ||
5648 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5649 | + __asm__ __volatile__( | ||
5650 | + " .set mips3 \n" | ||
5651 | + "1: ll %1, %2 # atomic_add_return \n" | ||
5652 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5653 | + "2: add %0, %1, %3 \n" | ||
5654 | +#else | ||
5655 | + " addu %0, %1, %3 \n" | ||
5656 | +#endif | ||
5657 | + " sc %0, %2 \n" | ||
5658 | + " beqzl %0, 1b \n" | ||
5659 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5660 | + " b 4f \n" | ||
5661 | + " .set noreorder \n" | ||
5662 | + "3: b 5f \n" | ||
5663 | + " move %0, %1 \n" | ||
5664 | + " .set reorder \n" | ||
5665 | + _ASM_EXTABLE(2b, 3b) | ||
5666 | +#endif | ||
5667 | + "4: addu %0, %1, %3 \n" | ||
5668 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5669 | + "5: \n" | ||
5670 | +#endif | ||
5671 | + " .set mips0 \n" | ||
5672 | + : "=&r" (result), "=&r" (temp), "+m" (v->counter) | ||
5673 | + : "Ir" (i)); | ||
5674 | + } else if (kernel_uses_llsc) { | ||
5675 | + __asm__ __volatile__( | ||
5676 | + " .set mips3 \n" | ||
5677 | + "1: ll %1, %2 # atomic_add_return \n" | ||
5678 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5679 | + "2: add %0, %1, %3 \n" | ||
5680 | +#else | ||
5681 | + " addu %0, %1, %3 \n" | ||
5682 | +#endif | ||
5683 | + " sc %0, %2 \n" | ||
5684 | + " bnez %0, 4f \n" | ||
5685 | + " b 1b \n" | ||
5686 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5687 | + " .set noreorder \n" | ||
5688 | + "3: b 5f \n" | ||
5689 | + " move %0, %1 \n" | ||
5690 | + " .set reorder \n" | ||
5691 | + _ASM_EXTABLE(2b, 3b) | ||
5692 | +#endif | ||
5693 | + "4: addu %0, %1, %3 \n" | ||
5694 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5695 | + "5: \n" | ||
5696 | +#endif | ||
5697 | + " .set mips0 \n" | ||
5698 | + : "=&r" (result), "=&r" (temp), "+m" (v->counter) | ||
5699 | + : "Ir" (i)); | ||
5700 | + } else { | ||
5701 | + unsigned long flags; | ||
5702 | + | ||
5703 | + raw_local_irq_save(flags); | ||
5704 | + __asm__ __volatile__( | ||
5705 | + " lw %0, %1 \n" | ||
5706 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5707 | + /* Exception on overflow. */ | ||
5708 | + "1: add %0, %2 \n" | ||
5709 | +#else | ||
5710 | + " addu %0, %2 \n" | ||
5711 | +#endif | ||
5712 | + " sw %0, %1 \n" | ||
5713 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5714 | + /* Note: Dest reg is not modified on overflow */ | ||
5715 | + "2: \n" | ||
5716 | + _ASM_EXTABLE(1b, 2b) | ||
5717 | +#endif | ||
5718 | + : "=&r" (result), "+m" (v->counter) : "Ir" (i)); | ||
5719 | + raw_local_irq_restore(flags); | ||
5720 | + } | ||
5721 | + | ||
5722 | + smp_llsc_mb(); | ||
5723 | + | ||
5724 | + return result; | ||
5725 | +} | ||
5726 | + | ||
5727 | +static __inline__ int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) | ||
5728 | { | ||
5729 | int result; | ||
5730 | |||
5731 | @@ -178,7 +416,93 @@ static __inline__ int atomic_add_return(int i, atomic_t * v) | ||
5732 | return result; | ||
5733 | } | ||
5734 | |||
5735 | -static __inline__ int atomic_sub_return(int i, atomic_t * v) | ||
5736 | +static __inline__ int atomic_sub_return(int i, atomic_t *v) | ||
5737 | +{ | ||
5738 | + int result; | ||
5739 | + int temp; | ||
5740 | + | ||
5741 | + smp_mb__before_llsc(); | ||
5742 | + | ||
5743 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5744 | + __asm__ __volatile__( | ||
5745 | + " .set mips3 \n" | ||
5746 | + "1: ll %1, %2 # atomic_sub_return \n" | ||
5747 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5748 | + "2: sub %0, %1, %3 \n" | ||
5749 | +#else | ||
5750 | + " subu %0, %1, %3 \n" | ||
5751 | +#endif | ||
5752 | + " sc %0, %2 \n" | ||
5753 | + " beqzl %0, 1b \n" | ||
5754 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5755 | + " b 4f \n" | ||
5756 | + " .set noreorder \n" | ||
5757 | + "3: b 5f \n" | ||
5758 | + " move %0, %1 \n" | ||
5759 | + " .set reorder \n" | ||
5760 | + _ASM_EXTABLE(2b, 3b) | ||
5761 | +#endif | ||
5762 | + "4: subu %0, %1, %3 \n" | ||
5763 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5764 | + "5: \n" | ||
5765 | +#endif | ||
5766 | + " .set mips0 \n" | ||
5767 | + : "=&r" (result), "=&r" (temp), "=m" (v->counter) | ||
5768 | + : "Ir" (i), "m" (v->counter) | ||
5769 | + : "memory"); | ||
5770 | + } else if (kernel_uses_llsc) { | ||
5771 | + __asm__ __volatile__( | ||
5772 | + " .set mips3 \n" | ||
5773 | + "1: ll %1, %2 # atomic_sub_return \n" | ||
5774 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5775 | + "2: sub %0, %1, %3 \n" | ||
5776 | +#else | ||
5777 | + " subu %0, %1, %3 \n" | ||
5778 | +#endif | ||
5779 | + " sc %0, %2 \n" | ||
5780 | + " bnez %0, 4f \n" | ||
5781 | + " b 1b \n" | ||
5782 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5783 | + " .set noreorder \n" | ||
5784 | + "3: b 5f \n" | ||
5785 | + " move %0, %1 \n" | ||
5786 | + " .set reorder \n" | ||
5787 | + _ASM_EXTABLE(2b, 3b) | ||
5788 | +#endif | ||
5789 | + "4: subu %0, %1, %3 \n" | ||
5790 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5791 | + "5: \n" | ||
5792 | +#endif | ||
5793 | + " .set mips0 \n" | ||
5794 | + : "=&r" (result), "=&r" (temp), "+m" (v->counter) | ||
5795 | + : "Ir" (i)); | ||
5796 | + } else { | ||
5797 | + unsigned long flags; | ||
5798 | + | ||
5799 | + raw_local_irq_save(flags); | ||
5800 | + __asm__ __volatile__( | ||
5801 | + " lw %0, %1 \n" | ||
5802 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5803 | + /* Exception on overflow. */ | ||
5804 | + "1: sub %0, %2 \n" | ||
5805 | +#else | ||
5806 | + " subu %0, %2 \n" | ||
5807 | +#endif | ||
5808 | + " sw %0, %1 \n" | ||
5809 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5810 | + /* Note: Dest reg is not modified on overflow */ | ||
5811 | + "2: \n" | ||
5812 | + _ASM_EXTABLE(1b, 2b) | ||
5813 | +#endif | ||
5814 | + : "=&r" (result), "+m" (v->counter) : "Ir" (i)); | ||
5815 | + raw_local_irq_restore(flags); | ||
5816 | + } | ||
5817 | + | ||
5818 | + smp_llsc_mb(); | ||
5819 | + | ||
5820 | + return result; | ||
5821 | +} | ||
5822 | +static __inline__ int atomic_sub_return_unchecked(int i, atomic_unchecked_t *v) | ||
5823 | { | ||
5824 | int result; | ||
5825 | |||
5826 | @@ -238,7 +562,7 @@ static __inline__ int atomic_sub_return(int i, atomic_t * v) | ||
5827 | * Atomically test @v and subtract @i if @v is greater or equal than @i. | ||
5828 | * The function returns the old value of @v minus @i. | ||
5829 | */ | ||
5830 | -static __inline__ int atomic_sub_if_positive(int i, atomic_t * v) | ||
5831 | +static __inline__ int atomic_sub_if_positive(int i, atomic_t *v) | ||
5832 | { | ||
5833 | int result; | ||
5834 | |||
5835 | @@ -295,8 +619,26 @@ static __inline__ int atomic_sub_if_positive(int i, atomic_t * v) | ||
5836 | return result; | ||
5837 | } | ||
5838 | |||
5839 | -#define atomic_cmpxchg(v, o, n) (cmpxchg(&((v)->counter), (o), (n))) | ||
5840 | -#define atomic_xchg(v, new) (xchg(&((v)->counter), (new))) | ||
5841 | +static inline int atomic_cmpxchg(atomic_t *v, int old, int new) | ||
5842 | +{ | ||
5843 | + return cmpxchg(&v->counter, old, new); | ||
5844 | +} | ||
5845 | + | ||
5846 | +static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, | ||
5847 | + int new) | ||
5848 | +{ | ||
5849 | + return cmpxchg(&(v->counter), old, new); | ||
5850 | +} | ||
5851 | + | ||
5852 | +static inline int atomic_xchg(atomic_t *v, int new) | ||
5853 | +{ | ||
5854 | + return xchg(&v->counter, new); | ||
5855 | +} | ||
5856 | + | ||
5857 | +static inline int atomic_xchg_unchecked(atomic_unchecked_t *v, int new) | ||
5858 | +{ | ||
5859 | + return xchg(&(v->counter), new); | ||
5860 | +} | ||
5861 | |||
5862 | /** | ||
5863 | * __atomic_add_unless - add unless the number is a given value | ||
5864 | @@ -324,6 +666,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5865 | |||
5866 | #define atomic_dec_return(v) atomic_sub_return(1, (v)) | ||
5867 | #define atomic_inc_return(v) atomic_add_return(1, (v)) | ||
5868 | +static __inline__ int atomic_inc_return_unchecked(atomic_unchecked_t *v) | ||
5869 | +{ | ||
5870 | + return atomic_add_return_unchecked(1, v); | ||
5871 | +} | ||
5276 | 5872 | ||
5277 | /* | 5873 | /* |
5874 | * atomic_sub_and_test - subtract value from variable and test result | ||
5875 | @@ -345,6 +691,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5876 | * other cases. | ||
5877 | */ | ||
5878 | #define atomic_inc_and_test(v) (atomic_inc_return(v) == 0) | ||
5879 | +static __inline__ int atomic_inc_and_test_unchecked(atomic_unchecked_t *v) | ||
5880 | +{ | ||
5881 | + return atomic_add_return_unchecked(1, v) == 0; | ||
5882 | +} | ||
5883 | |||
5884 | /* | ||
5885 | * atomic_dec_and_test - decrement by 1 and test | ||
5886 | @@ -369,6 +719,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5887 | * Atomically increments @v by 1. | ||
5888 | */ | ||
5889 | #define atomic_inc(v) atomic_add(1, (v)) | ||
5890 | +static __inline__ void atomic_inc_unchecked(atomic_unchecked_t *v) | ||
5891 | +{ | ||
5892 | + atomic_add_unchecked(1, v); | ||
5893 | +} | ||
5894 | |||
5895 | /* | ||
5896 | * atomic_dec - decrement and test | ||
5897 | @@ -377,6 +731,10 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5898 | * Atomically decrements @v by 1. | ||
5899 | */ | ||
5900 | #define atomic_dec(v) atomic_sub(1, (v)) | ||
5901 | +static __inline__ void atomic_dec_unchecked(atomic_unchecked_t *v) | ||
5902 | +{ | ||
5903 | + atomic_sub_unchecked(1, v); | ||
5904 | +} | ||
5905 | |||
5906 | /* | ||
5907 | * atomic_add_negative - add and test if negative | ||
5908 | @@ -398,14 +756,30 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5909 | * @v: pointer of type atomic64_t | ||
5910 | * | ||
5911 | */ | ||
5912 | -#define atomic64_read(v) (*(volatile long *)&(v)->counter) | ||
5913 | +static inline long atomic64_read(const atomic64_t *v) | ||
5914 | +{ | ||
5915 | + return (*(volatile const long *) &v->counter); | ||
5916 | +} | ||
5917 | + | ||
5918 | +static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v) | ||
5919 | +{ | ||
5920 | + return (*(volatile const long *) &v->counter); | ||
5921 | +} | ||
5922 | |||
5923 | /* | ||
5924 | * atomic64_set - set atomic variable | ||
5925 | * @v: pointer of type atomic64_t | ||
5926 | * @i: required value | ||
5927 | */ | ||
5928 | -#define atomic64_set(v, i) ((v)->counter = (i)) | ||
5929 | +static inline void atomic64_set(atomic64_t *v, long i) | ||
5930 | +{ | ||
5931 | + v->counter = i; | ||
5932 | +} | ||
5933 | + | ||
5934 | +static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, long i) | ||
5935 | +{ | ||
5936 | + v->counter = i; | ||
5937 | +} | ||
5938 | |||
5939 | /* | ||
5940 | * atomic64_add - add integer to atomic variable | ||
5941 | @@ -414,7 +788,66 @@ static __inline__ int __atomic_add_unless(atomic_t *v, int a, int u) | ||
5942 | * | ||
5943 | * Atomically adds @i to @v. | ||
5944 | */ | ||
5945 | -static __inline__ void atomic64_add(long i, atomic64_t * v) | ||
5946 | +static __inline__ void atomic64_add(long i, atomic64_t *v) | ||
5947 | +{ | ||
5948 | + long temp; | ||
5949 | + | ||
5950 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
5951 | + __asm__ __volatile__( | ||
5952 | + " .set mips3 \n" | ||
5953 | + "1: lld %0, %1 # atomic64_add \n" | ||
5954 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5955 | + /* Exception on overflow. */ | ||
5956 | + "2: dadd %0, %2 \n" | ||
5957 | +#else | ||
5958 | + " daddu %0, %2 \n" | ||
5959 | +#endif | ||
5960 | + " scd %0, %1 \n" | ||
5961 | + " beqzl %0, 1b \n" | ||
5962 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5963 | + "3: \n" | ||
5964 | + _ASM_EXTABLE(2b, 3b) | ||
5965 | +#endif | ||
5966 | + " .set mips0 \n" | ||
5967 | + : "=&r" (temp), "+m" (v->counter) | ||
5968 | + : "Ir" (i)); | ||
5969 | + } else if (kernel_uses_llsc) { | ||
5970 | + __asm__ __volatile__( | ||
5971 | + " .set mips3 \n" | ||
5972 | + "1: lld %0, %1 # atomic64_add \n" | ||
5973 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5974 | + /* Exception on overflow. */ | ||
5975 | + "2: dadd %0, %2 \n" | ||
5976 | +#else | ||
5977 | + " daddu %0, %2 \n" | ||
5978 | +#endif | ||
5979 | + " scd %0, %1 \n" | ||
5980 | + " beqz %0, 1b \n" | ||
5981 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5982 | + "3: \n" | ||
5983 | + _ASM_EXTABLE(2b, 3b) | ||
5984 | +#endif | ||
5985 | + " .set mips0 \n" | ||
5986 | + : "=&r" (temp), "+m" (v->counter) | ||
5987 | + : "Ir" (i)); | ||
5988 | + } else { | ||
5989 | + unsigned long flags; | ||
5990 | + | ||
5991 | + raw_local_irq_save(flags); | ||
5992 | + __asm__ __volatile__( | ||
5993 | +#ifdef CONFIG_PAX_REFCOUNT | ||
5994 | + /* Exception on overflow. */ | ||
5995 | + "1: dadd %0, %1 \n" | ||
5996 | + "2: \n" | ||
5997 | + _ASM_EXTABLE(1b, 2b) | ||
5998 | +#else | ||
5999 | + " daddu %0, %1 \n" | ||
6000 | +#endif | ||
6001 | + : "+r" (v->counter) : "Ir" (i)); | ||
6002 | + raw_local_irq_restore(flags); | ||
6003 | + } | ||
6004 | +} | ||
6005 | +static __inline__ void atomic64_add_unchecked(long i, atomic64_unchecked_t *v) | ||
6006 | { | ||
6007 | if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6008 | long temp; | ||
6009 | @@ -457,7 +890,67 @@ static __inline__ void atomic64_add(long i, atomic64_t * v) | ||
6010 | * | ||
6011 | * Atomically subtracts @i from @v. | ||
6012 | */ | ||
6013 | -static __inline__ void atomic64_sub(long i, atomic64_t * v) | ||
6014 | +static __inline__ void atomic64_sub(long i, atomic64_t *v) | ||
6015 | +{ | ||
6016 | + long temp; | ||
6017 | + | ||
6018 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6019 | + __asm__ __volatile__( | ||
6020 | + " .set mips3 \n" | ||
6021 | + "1: lld %0, %1 # atomic64_sub \n" | ||
6022 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6023 | + /* Exception on overflow. */ | ||
6024 | + "2: dsub %0, %2 \n" | ||
6025 | +#else | ||
6026 | + " dsubu %0, %2 \n" | ||
6027 | +#endif | ||
6028 | + " scd %0, %1 \n" | ||
6029 | + " beqzl %0, 1b \n" | ||
6030 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6031 | + "3: \n" | ||
6032 | + _ASM_EXTABLE(2b, 3b) | ||
6033 | +#endif | ||
6034 | + " .set mips0 \n" | ||
6035 | + : "=&r" (temp), "+m" (v->counter) | ||
6036 | + : "Ir" (i)); | ||
6037 | + } else if (kernel_uses_llsc) { | ||
6038 | + __asm__ __volatile__( | ||
6039 | + " .set mips3 \n" | ||
6040 | + "1: lld %0, %1 # atomic64_sub \n" | ||
6041 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6042 | + /* Exception on overflow. */ | ||
6043 | + "2: dsub %0, %2 \n" | ||
6044 | +#else | ||
6045 | + " dsubu %0, %2 \n" | ||
6046 | +#endif | ||
6047 | + " scd %0, %1 \n" | ||
6048 | + " beqz %0, 1b \n" | ||
6049 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6050 | + "3: \n" | ||
6051 | + _ASM_EXTABLE(2b, 3b) | ||
6052 | +#endif | ||
6053 | + " .set mips0 \n" | ||
6054 | + : "=&r" (temp), "+m" (v->counter) | ||
6055 | + : "Ir" (i)); | ||
6056 | + } else { | ||
6057 | + unsigned long flags; | ||
6058 | + | ||
6059 | + raw_local_irq_save(flags); | ||
6060 | + __asm__ __volatile__( | ||
6061 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6062 | + /* Exception on overflow. */ | ||
6063 | + "1: dsub %0, %1 \n" | ||
6064 | + "2: \n" | ||
6065 | + _ASM_EXTABLE(1b, 2b) | ||
6066 | +#else | ||
6067 | + " dsubu %0, %1 \n" | ||
6068 | +#endif | ||
6069 | + : "+r" (v->counter) : "Ir" (i)); | ||
6070 | + raw_local_irq_restore(flags); | ||
6071 | + } | ||
6072 | +} | ||
6073 | + | ||
6074 | +static __inline__ void atomic64_sub_unchecked(long i, atomic64_unchecked_t *v) | ||
6075 | { | ||
6076 | if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6077 | long temp; | ||
6078 | @@ -496,7 +989,93 @@ static __inline__ void atomic64_sub(long i, atomic64_t * v) | ||
6079 | /* | ||
6080 | * Same as above, but return the result value | ||
6081 | */ | ||
6082 | -static __inline__ long atomic64_add_return(long i, atomic64_t * v) | ||
6083 | +static __inline__ long atomic64_add_return(long i, atomic64_t *v) | ||
6084 | +{ | ||
6085 | + long result; | ||
6086 | + long temp; | ||
6087 | + | ||
6088 | + smp_mb__before_llsc(); | ||
6089 | + | ||
6090 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6091 | + __asm__ __volatile__( | ||
6092 | + " .set mips3 \n" | ||
6093 | + "1: lld %1, %2 # atomic64_add_return \n" | ||
6094 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6095 | + "2: dadd %0, %1, %3 \n" | ||
6096 | +#else | ||
6097 | + " daddu %0, %1, %3 \n" | ||
6098 | +#endif | ||
6099 | + " scd %0, %2 \n" | ||
6100 | + " beqzl %0, 1b \n" | ||
6101 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6102 | + " b 4f \n" | ||
6103 | + " .set noreorder \n" | ||
6104 | + "3: b 5f \n" | ||
6105 | + " move %0, %1 \n" | ||
6106 | + " .set reorder \n" | ||
6107 | + _ASM_EXTABLE(2b, 3b) | ||
6108 | +#endif | ||
6109 | + "4: daddu %0, %1, %3 \n" | ||
6110 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6111 | + "5: \n" | ||
6112 | +#endif | ||
6113 | + " .set mips0 \n" | ||
6114 | + : "=&r" (result), "=&r" (temp), "+m" (v->counter) | ||
6115 | + : "Ir" (i)); | ||
6116 | + } else if (kernel_uses_llsc) { | ||
6117 | + __asm__ __volatile__( | ||
6118 | + " .set mips3 \n" | ||
6119 | + "1: lld %1, %2 # atomic64_add_return \n" | ||
6120 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6121 | + "2: dadd %0, %1, %3 \n" | ||
6122 | +#else | ||
6123 | + " daddu %0, %1, %3 \n" | ||
6124 | +#endif | ||
6125 | + " scd %0, %2 \n" | ||
6126 | + " bnez %0, 4f \n" | ||
6127 | + " b 1b \n" | ||
6128 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6129 | + " .set noreorder \n" | ||
6130 | + "3: b 5f \n" | ||
6131 | + " move %0, %1 \n" | ||
6132 | + " .set reorder \n" | ||
6133 | + _ASM_EXTABLE(2b, 3b) | ||
6134 | +#endif | ||
6135 | + "4: daddu %0, %1, %3 \n" | ||
6136 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6137 | + "5: \n" | ||
6138 | +#endif | ||
6139 | + " .set mips0 \n" | ||
6140 | + : "=&r" (result), "=&r" (temp), "=m" (v->counter) | ||
6141 | + : "Ir" (i), "m" (v->counter) | ||
6142 | + : "memory"); | ||
6143 | + } else { | ||
6144 | + unsigned long flags; | ||
6145 | + | ||
6146 | + raw_local_irq_save(flags); | ||
6147 | + __asm__ __volatile__( | ||
6148 | + " ld %0, %1 \n" | ||
6149 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6150 | + /* Exception on overflow. */ | ||
6151 | + "1: dadd %0, %2 \n" | ||
6152 | +#else | ||
6153 | + " daddu %0, %2 \n" | ||
6154 | +#endif | ||
6155 | + " sd %0, %1 \n" | ||
6156 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6157 | + /* Note: Dest reg is not modified on overflow */ | ||
6158 | + "2: \n" | ||
6159 | + _ASM_EXTABLE(1b, 2b) | ||
6160 | +#endif | ||
6161 | + : "=&r" (result), "+m" (v->counter) : "Ir" (i)); | ||
6162 | + raw_local_irq_restore(flags); | ||
6163 | + } | ||
6164 | + | ||
6165 | + smp_llsc_mb(); | ||
6166 | + | ||
6167 | + return result; | ||
6168 | +} | ||
6169 | +static __inline__ long atomic64_add_return_unchecked(long i, atomic64_unchecked_t *v) | ||
6170 | { | ||
6171 | long result; | ||
6172 | |||
6173 | @@ -546,7 +1125,97 @@ static __inline__ long atomic64_add_return(long i, atomic64_t * v) | ||
6174 | return result; | ||
6175 | } | ||
6176 | |||
6177 | -static __inline__ long atomic64_sub_return(long i, atomic64_t * v) | ||
6178 | +static __inline__ long atomic64_sub_return(long i, atomic64_t *v) | ||
6179 | +{ | ||
6180 | + long result; | ||
6181 | + long temp; | ||
6182 | + | ||
6183 | + smp_mb__before_llsc(); | ||
6184 | + | ||
6185 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6186 | + long temp; | ||
6187 | + | ||
6188 | + __asm__ __volatile__( | ||
6189 | + " .set mips3 \n" | ||
6190 | + "1: lld %1, %2 # atomic64_sub_return \n" | ||
6191 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6192 | + "2: dsub %0, %1, %3 \n" | ||
6193 | +#else | ||
6194 | + " dsubu %0, %1, %3 \n" | ||
6195 | +#endif | ||
6196 | + " scd %0, %2 \n" | ||
6197 | + " beqzl %0, 1b \n" | ||
6198 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6199 | + " b 4f \n" | ||
6200 | + " .set noreorder \n" | ||
6201 | + "3: b 5f \n" | ||
6202 | + " move %0, %1 \n" | ||
6203 | + " .set reorder \n" | ||
6204 | + _ASM_EXTABLE(2b, 3b) | ||
6205 | +#endif | ||
6206 | + "4: dsubu %0, %1, %3 \n" | ||
6207 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6208 | + "5: \n" | ||
6209 | +#endif | ||
6210 | + " .set mips0 \n" | ||
6211 | + : "=&r" (result), "=&r" (temp), "=m" (v->counter) | ||
6212 | + : "Ir" (i), "m" (v->counter) | ||
6213 | + : "memory"); | ||
6214 | + } else if (kernel_uses_llsc) { | ||
6215 | + __asm__ __volatile__( | ||
6216 | + " .set mips3 \n" | ||
6217 | + "1: lld %1, %2 # atomic64_sub_return \n" | ||
6218 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6219 | + "2: dsub %0, %1, %3 \n" | ||
6220 | +#else | ||
6221 | + " dsubu %0, %1, %3 \n" | ||
6222 | +#endif | ||
6223 | + " scd %0, %2 \n" | ||
6224 | + " bnez %0, 4f \n" | ||
6225 | + " b 1b \n" | ||
6226 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6227 | + " .set noreorder \n" | ||
6228 | + "3: b 5f \n" | ||
6229 | + " move %0, %1 \n" | ||
6230 | + " .set reorder \n" | ||
6231 | + _ASM_EXTABLE(2b, 3b) | ||
6232 | +#endif | ||
6233 | + "4: dsubu %0, %1, %3 \n" | ||
6234 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6235 | + "5: \n" | ||
6236 | +#endif | ||
6237 | + " .set mips0 \n" | ||
6238 | + : "=&r" (result), "=&r" (temp), "=m" (v->counter) | ||
6239 | + : "Ir" (i), "m" (v->counter) | ||
6240 | + : "memory"); | ||
6241 | + } else { | ||
6242 | + unsigned long flags; | ||
6243 | + | ||
6244 | + raw_local_irq_save(flags); | ||
6245 | + __asm__ __volatile__( | ||
6246 | + " ld %0, %1 \n" | ||
6247 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6248 | + /* Exception on overflow. */ | ||
6249 | + "1: dsub %0, %2 \n" | ||
6250 | +#else | ||
6251 | + " dsubu %0, %2 \n" | ||
6252 | +#endif | ||
6253 | + " sd %0, %1 \n" | ||
6254 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6255 | + /* Note: Dest reg is not modified on overflow */ | ||
6256 | + "2: \n" | ||
6257 | + _ASM_EXTABLE(1b, 2b) | ||
6258 | +#endif | ||
6259 | + : "=&r" (result), "+m" (v->counter) : "Ir" (i)); | ||
6260 | + raw_local_irq_restore(flags); | ||
6261 | + } | ||
6262 | + | ||
6263 | + smp_llsc_mb(); | ||
6264 | + | ||
6265 | + return result; | ||
6266 | +} | ||
6267 | + | ||
6268 | +static __inline__ long atomic64_sub_return_unchecked(long i, atomic64_unchecked_t *v) | ||
6269 | { | ||
6270 | long result; | ||
6271 | |||
6272 | @@ -605,7 +1274,7 @@ static __inline__ long atomic64_sub_return(long i, atomic64_t * v) | ||
6273 | * Atomically test @v and subtract @i if @v is greater or equal than @i. | ||
6274 | * The function returns the old value of @v minus @i. | ||
6275 | */ | ||
6276 | -static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v) | ||
6277 | +static __inline__ long atomic64_sub_if_positive(long i, atomic64_t *v) | ||
6278 | { | ||
6279 | long result; | ||
6280 | |||
6281 | @@ -662,9 +1331,26 @@ static __inline__ long atomic64_sub_if_positive(long i, atomic64_t * v) | ||
6282 | return result; | ||
6283 | } | ||
6284 | |||
6285 | -#define atomic64_cmpxchg(v, o, n) \ | ||
6286 | - ((__typeof__((v)->counter))cmpxchg(&((v)->counter), (o), (n))) | ||
6287 | -#define atomic64_xchg(v, new) (xchg(&((v)->counter), (new))) | ||
6288 | +static inline long atomic64_cmpxchg(atomic64_t *v, long old, long new) | ||
6289 | +{ | ||
6290 | + return cmpxchg(&v->counter, old, new); | ||
6291 | +} | ||
6292 | + | ||
6293 | +static inline long atomic64_cmpxchg_unchecked(atomic64_unchecked_t *v, long old, | ||
6294 | + long new) | ||
6295 | +{ | ||
6296 | + return cmpxchg(&(v->counter), old, new); | ||
6297 | +} | ||
6298 | + | ||
6299 | +static inline long atomic64_xchg(atomic64_t *v, long new) | ||
6300 | +{ | ||
6301 | + return xchg(&v->counter, new); | ||
6302 | +} | ||
6303 | + | ||
6304 | +static inline long atomic64_xchg_unchecked(atomic64_unchecked_t *v, long new) | ||
6305 | +{ | ||
6306 | + return xchg(&(v->counter), new); | ||
6307 | +} | ||
6308 | |||
6309 | /** | ||
6310 | * atomic64_add_unless - add unless the number is a given value | ||
6311 | @@ -694,6 +1380,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) | ||
6312 | |||
6313 | #define atomic64_dec_return(v) atomic64_sub_return(1, (v)) | ||
6314 | #define atomic64_inc_return(v) atomic64_add_return(1, (v)) | ||
6315 | +#define atomic64_inc_return_unchecked(v) atomic64_add_return_unchecked(1, (v)) | ||
6316 | |||
6317 | /* | ||
6318 | * atomic64_sub_and_test - subtract value from variable and test result | ||
6319 | @@ -715,6 +1402,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) | ||
6320 | * other cases. | ||
6321 | */ | ||
6322 | #define atomic64_inc_and_test(v) (atomic64_inc_return(v) == 0) | ||
6323 | +#define atomic64_inc_and_test_unchecked(v) atomic64_add_return_unchecked(1, (v)) == 0) | ||
6324 | |||
6325 | /* | ||
6326 | * atomic64_dec_and_test - decrement by 1 and test | ||
6327 | @@ -739,6 +1427,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) | ||
6328 | * Atomically increments @v by 1. | ||
6329 | */ | ||
6330 | #define atomic64_inc(v) atomic64_add(1, (v)) | ||
6331 | +#define atomic64_inc_unchecked(v) atomic64_add_unchecked(1, (v)) | ||
6332 | |||
6333 | /* | ||
6334 | * atomic64_dec - decrement and test | ||
6335 | @@ -747,6 +1436,7 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) | ||
6336 | * Atomically decrements @v by 1. | ||
6337 | */ | ||
6338 | #define atomic64_dec(v) atomic64_sub(1, (v)) | ||
6339 | +#define atomic64_dec_unchecked(v) atomic64_sub_unchecked(1, (v)) | ||
6340 | |||
6341 | /* | ||
6342 | * atomic64_add_negative - add and test if negative | ||
5278 | diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h | 6343 | diff --git a/arch/mips/include/asm/cache.h b/arch/mips/include/asm/cache.h |
5279 | index b4db69f..8f3b093 100644 | 6344 | index b4db69f..8f3b093 100644 |
5280 | --- a/arch/mips/include/asm/cache.h | 6345 | --- a/arch/mips/include/asm/cache.h |
@@ -5329,6 +6394,97 @@ index c1f6afa..38cc6e9 100644 | |||
5329 | +#define arch_align_stack(x) ((x) & ~0xfUL) | 6394 | +#define arch_align_stack(x) ((x) & ~0xfUL) |
5330 | 6395 | ||
5331 | #endif /* _ASM_EXEC_H */ | 6396 | #endif /* _ASM_EXEC_H */ |
6397 | diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h | ||
6398 | index d44622c..64990d2 100644 | ||
6399 | --- a/arch/mips/include/asm/local.h | ||
6400 | +++ b/arch/mips/include/asm/local.h | ||
6401 | @@ -12,15 +12,25 @@ typedef struct | ||
6402 | atomic_long_t a; | ||
6403 | } local_t; | ||
6404 | |||
6405 | +typedef struct { | ||
6406 | + atomic_long_unchecked_t a; | ||
6407 | +} local_unchecked_t; | ||
6408 | + | ||
6409 | #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) } | ||
6410 | |||
6411 | #define local_read(l) atomic_long_read(&(l)->a) | ||
6412 | +#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a) | ||
6413 | #define local_set(l, i) atomic_long_set(&(l)->a, (i)) | ||
6414 | +#define local_set_unchecked(l, i) atomic_long_set_unchecked(&(l)->a, (i)) | ||
6415 | |||
6416 | #define local_add(i, l) atomic_long_add((i), (&(l)->a)) | ||
6417 | +#define local_add_unchecked(i, l) atomic_long_add_unchecked((i), (&(l)->a)) | ||
6418 | #define local_sub(i, l) atomic_long_sub((i), (&(l)->a)) | ||
6419 | +#define local_sub_unchecked(i, l) atomic_long_sub_unchecked((i), (&(l)->a)) | ||
6420 | #define local_inc(l) atomic_long_inc(&(l)->a) | ||
6421 | +#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a) | ||
6422 | #define local_dec(l) atomic_long_dec(&(l)->a) | ||
6423 | +#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a) | ||
6424 | |||
6425 | /* | ||
6426 | * Same as above, but return the result value | ||
6427 | @@ -70,6 +80,51 @@ static __inline__ long local_add_return(long i, local_t * l) | ||
6428 | return result; | ||
6429 | } | ||
6430 | |||
6431 | +static __inline__ long local_add_return_unchecked(long i, local_unchecked_t * l) | ||
6432 | +{ | ||
6433 | + unsigned long result; | ||
6434 | + | ||
6435 | + if (kernel_uses_llsc && R10000_LLSC_WAR) { | ||
6436 | + unsigned long temp; | ||
6437 | + | ||
6438 | + __asm__ __volatile__( | ||
6439 | + " .set mips3 \n" | ||
6440 | + "1:" __LL "%1, %2 # local_add_return \n" | ||
6441 | + " addu %0, %1, %3 \n" | ||
6442 | + __SC "%0, %2 \n" | ||
6443 | + " beqzl %0, 1b \n" | ||
6444 | + " addu %0, %1, %3 \n" | ||
6445 | + " .set mips0 \n" | ||
6446 | + : "=&r" (result), "=&r" (temp), "=m" (l->a.counter) | ||
6447 | + : "Ir" (i), "m" (l->a.counter) | ||
6448 | + : "memory"); | ||
6449 | + } else if (kernel_uses_llsc) { | ||
6450 | + unsigned long temp; | ||
6451 | + | ||
6452 | + __asm__ __volatile__( | ||
6453 | + " .set mips3 \n" | ||
6454 | + "1:" __LL "%1, %2 # local_add_return \n" | ||
6455 | + " addu %0, %1, %3 \n" | ||
6456 | + __SC "%0, %2 \n" | ||
6457 | + " beqz %0, 1b \n" | ||
6458 | + " addu %0, %1, %3 \n" | ||
6459 | + " .set mips0 \n" | ||
6460 | + : "=&r" (result), "=&r" (temp), "=m" (l->a.counter) | ||
6461 | + : "Ir" (i), "m" (l->a.counter) | ||
6462 | + : "memory"); | ||
6463 | + } else { | ||
6464 | + unsigned long flags; | ||
6465 | + | ||
6466 | + local_irq_save(flags); | ||
6467 | + result = l->a.counter; | ||
6468 | + result += i; | ||
6469 | + l->a.counter = result; | ||
6470 | + local_irq_restore(flags); | ||
6471 | + } | ||
6472 | + | ||
6473 | + return result; | ||
6474 | +} | ||
6475 | + | ||
6476 | static __inline__ long local_sub_return(long i, local_t * l) | ||
6477 | { | ||
6478 | unsigned long result; | ||
6479 | @@ -117,6 +172,8 @@ static __inline__ long local_sub_return(long i, local_t * l) | ||
6480 | |||
6481 | #define local_cmpxchg(l, o, n) \ | ||
6482 | ((long)cmpxchg_local(&((l)->a.counter), (o), (n))) | ||
6483 | +#define local_cmpxchg_unchecked(l, o, n) \ | ||
6484 | + ((long)cmpxchg_local(&((l)->a.counter), (o), (n))) | ||
6485 | #define local_xchg(l, n) (atomic_long_xchg((&(l)->a), (n))) | ||
6486 | |||
6487 | /** | ||
5332 | diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h | 6488 | diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h |
5333 | index f59552f..3abe9b9 100644 | 6489 | index f59552f..3abe9b9 100644 |
5334 | --- a/arch/mips/include/asm/page.h | 6490 | --- a/arch/mips/include/asm/page.h |
@@ -5428,6 +6584,31 @@ index 202e581..689ca79 100644 | |||
5428 | #include <asm/processor.h> | 6584 | #include <asm/processor.h> |
5429 | 6585 | ||
5430 | /* | 6586 | /* |
6587 | diff --git a/arch/mips/kernel/irq.c b/arch/mips/kernel/irq.c | ||
6588 | index d1fea7a..45602ea 100644 | ||
6589 | --- a/arch/mips/kernel/irq.c | ||
6590 | +++ b/arch/mips/kernel/irq.c | ||
6591 | @@ -77,17 +77,17 @@ void ack_bad_irq(unsigned int irq) | ||
6592 | printk("unexpected IRQ # %d\n", irq); | ||
6593 | } | ||
6594 | |||
6595 | -atomic_t irq_err_count; | ||
6596 | +atomic_unchecked_t irq_err_count; | ||
6597 | |||
6598 | int arch_show_interrupts(struct seq_file *p, int prec) | ||
6599 | { | ||
6600 | - seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read(&irq_err_count)); | ||
6601 | + seq_printf(p, "%*s: %10u\n", prec, "ERR", atomic_read_unchecked(&irq_err_count)); | ||
6602 | return 0; | ||
6603 | } | ||
6604 | |||
6605 | asmlinkage void spurious_interrupt(void) | ||
6606 | { | ||
6607 | - atomic_inc(&irq_err_count); | ||
6608 | + atomic_inc_unchecked(&irq_err_count); | ||
6609 | } | ||
6610 | |||
6611 | void __init init_IRQ(void) | ||
5431 | diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c | 6612 | diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c |
5432 | index c6a041d..b3e7318 100644 | 6613 | index c6a041d..b3e7318 100644 |
5433 | --- a/arch/mips/kernel/process.c | 6614 | --- a/arch/mips/kernel/process.c |
@@ -5527,8 +6708,100 @@ index 74f485d..47d2c38 100644 | |||
5527 | LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? | 6708 | LONG_L t0, TI_FLAGS($28) # syscall tracing enabled? |
5528 | and t0, t1, t0 | 6709 | and t0, t1, t0 |
5529 | bnez t0, trace_a_syscall | 6710 | bnez t0, trace_a_syscall |
6711 | diff --git a/arch/mips/kernel/sync-r4k.c b/arch/mips/kernel/sync-r4k.c | ||
6712 | index 1ff43d5..96fec68 100644 | ||
6713 | --- a/arch/mips/kernel/sync-r4k.c | ||
6714 | +++ b/arch/mips/kernel/sync-r4k.c | ||
6715 | @@ -21,8 +21,8 @@ | ||
6716 | #include <asm/mipsregs.h> | ||
6717 | |||
6718 | static atomic_t __cpuinitdata count_start_flag = ATOMIC_INIT(0); | ||
6719 | -static atomic_t __cpuinitdata count_count_start = ATOMIC_INIT(0); | ||
6720 | -static atomic_t __cpuinitdata count_count_stop = ATOMIC_INIT(0); | ||
6721 | +static atomic_unchecked_t __cpuinitdata count_count_start = ATOMIC_INIT(0); | ||
6722 | +static atomic_unchecked_t __cpuinitdata count_count_stop = ATOMIC_INIT(0); | ||
6723 | static atomic_t __cpuinitdata count_reference = ATOMIC_INIT(0); | ||
6724 | |||
6725 | #define COUNTON 100 | ||
6726 | @@ -69,13 +69,13 @@ void __cpuinit synchronise_count_master(int cpu) | ||
6727 | |||
6728 | for (i = 0; i < NR_LOOPS; i++) { | ||
6729 | /* slaves loop on '!= 2' */ | ||
6730 | - while (atomic_read(&count_count_start) != 1) | ||
6731 | + while (atomic_read_unchecked(&count_count_start) != 1) | ||
6732 | mb(); | ||
6733 | - atomic_set(&count_count_stop, 0); | ||
6734 | + atomic_set_unchecked(&count_count_stop, 0); | ||
6735 | smp_wmb(); | ||
6736 | |||
6737 | /* this lets the slaves write their count register */ | ||
6738 | - atomic_inc(&count_count_start); | ||
6739 | + atomic_inc_unchecked(&count_count_start); | ||
6740 | |||
6741 | /* | ||
6742 | * Everyone initialises count in the last loop: | ||
6743 | @@ -86,11 +86,11 @@ void __cpuinit synchronise_count_master(int cpu) | ||
6744 | /* | ||
6745 | * Wait for all slaves to leave the synchronization point: | ||
6746 | */ | ||
6747 | - while (atomic_read(&count_count_stop) != 1) | ||
6748 | + while (atomic_read_unchecked(&count_count_stop) != 1) | ||
6749 | mb(); | ||
6750 | - atomic_set(&count_count_start, 0); | ||
6751 | + atomic_set_unchecked(&count_count_start, 0); | ||
6752 | smp_wmb(); | ||
6753 | - atomic_inc(&count_count_stop); | ||
6754 | + atomic_inc_unchecked(&count_count_stop); | ||
6755 | } | ||
6756 | /* Arrange for an interrupt in a short while */ | ||
6757 | write_c0_compare(read_c0_count() + COUNTON); | ||
6758 | @@ -131,8 +131,8 @@ void __cpuinit synchronise_count_slave(int cpu) | ||
6759 | initcount = atomic_read(&count_reference); | ||
6760 | |||
6761 | for (i = 0; i < NR_LOOPS; i++) { | ||
6762 | - atomic_inc(&count_count_start); | ||
6763 | - while (atomic_read(&count_count_start) != 2) | ||
6764 | + atomic_inc_unchecked(&count_count_start); | ||
6765 | + while (atomic_read_unchecked(&count_count_start) != 2) | ||
6766 | mb(); | ||
6767 | |||
6768 | /* | ||
6769 | @@ -141,8 +141,8 @@ void __cpuinit synchronise_count_slave(int cpu) | ||
6770 | if (i == NR_LOOPS-1) | ||
6771 | write_c0_count(initcount); | ||
6772 | |||
6773 | - atomic_inc(&count_count_stop); | ||
6774 | - while (atomic_read(&count_count_stop) != 2) | ||
6775 | + atomic_inc_unchecked(&count_count_stop); | ||
6776 | + while (atomic_read_unchecked(&count_count_stop) != 2) | ||
6777 | mb(); | ||
6778 | } | ||
6779 | /* Arrange for an interrupt in a short while */ | ||
6780 | diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c | ||
6781 | index a75ae40..0d0f56a 100644 | ||
6782 | --- a/arch/mips/kernel/traps.c | ||
6783 | +++ b/arch/mips/kernel/traps.c | ||
6784 | @@ -675,7 +675,17 @@ asmlinkage void do_ov(struct pt_regs *regs) | ||
6785 | { | ||
6786 | siginfo_t info; | ||
6787 | |||
6788 | - die_if_kernel("Integer overflow", regs); | ||
6789 | + if (unlikely(!user_mode(regs))) { | ||
6790 | + | ||
6791 | +#ifdef CONFIG_PAX_REFCOUNT | ||
6792 | + if (fixup_exception(regs)) { | ||
6793 | + pax_report_refcount_overflow(regs); | ||
6794 | + return; | ||
6795 | + } | ||
6796 | +#endif | ||
6797 | + | ||
6798 | + die("Integer overflow", regs); | ||
6799 | + } | ||
6800 | |||
6801 | info.si_code = FPE_INTOVF; | ||
6802 | info.si_signo = SIGFPE; | ||
5530 | diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c | 6803 | diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c |
5531 | index 0fead53..a2c0fb5 100644 | 6804 | index 0fead53..eeb00a6 100644 |
5532 | --- a/arch/mips/mm/fault.c | 6805 | --- a/arch/mips/mm/fault.c |
5533 | +++ b/arch/mips/mm/fault.c | 6806 | +++ b/arch/mips/mm/fault.c |
5534 | @@ -27,6 +27,23 @@ | 6807 | @@ -27,6 +27,23 @@ |
@@ -5555,6 +6828,21 @@ index 0fead53..a2c0fb5 100644 | |||
5555 | /* | 6828 | /* |
5556 | * This routine handles page faults. It determines the address, | 6829 | * This routine handles page faults. It determines the address, |
5557 | * and the problem, and then passes it off to one of the appropriate | 6830 | * and the problem, and then passes it off to one of the appropriate |
6831 | @@ -196,6 +213,14 @@ bad_area: | ||
6832 | bad_area_nosemaphore: | ||
6833 | /* User mode accesses just cause a SIGSEGV */ | ||
6834 | if (user_mode(regs)) { | ||
6835 | + | ||
6836 | +#ifdef CONFIG_PAX_PAGEEXEC | ||
6837 | + if (cpu_has_rixi && (mm->pax_flags & MF_PAX_PAGEEXEC) && !write && address == instruction_pointer(regs)) { | ||
6838 | + pax_report_fault(regs, (void *)address, (void *)user_stack_pointer(regs)); | ||
6839 | + do_group_exit(SIGKILL); | ||
6840 | + } | ||
6841 | +#endif | ||
6842 | + | ||
6843 | tsk->thread.cp0_badvaddr = address; | ||
6844 | tsk->thread.error_code = write; | ||
6845 | #if 0 | ||
5558 | diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c | 6846 | diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c |
5559 | index 7e5fe27..9656513 100644 | 6847 | index 7e5fe27..9656513 100644 |
5560 | --- a/arch/mips/mm/mmap.c | 6848 | --- a/arch/mips/mm/mmap.c |
@@ -5662,6 +6950,31 @@ index 7e5fe27..9656513 100644 | |||
5662 | int __virt_addr_valid(const volatile void *kaddr) | 6950 | int __virt_addr_valid(const volatile void *kaddr) |
5663 | { | 6951 | { |
5664 | return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); | 6952 | return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); |
6953 | diff --git a/arch/mips/sgi-ip27/ip27-nmi.c b/arch/mips/sgi-ip27/ip27-nmi.c | ||
6954 | index a2358b4..7cead4f 100644 | ||
6955 | --- a/arch/mips/sgi-ip27/ip27-nmi.c | ||
6956 | +++ b/arch/mips/sgi-ip27/ip27-nmi.c | ||
6957 | @@ -187,9 +187,9 @@ void | ||
6958 | cont_nmi_dump(void) | ||
6959 | { | ||
6960 | #ifndef REAL_NMI_SIGNAL | ||
6961 | - static atomic_t nmied_cpus = ATOMIC_INIT(0); | ||
6962 | + static atomic_unchecked_t nmied_cpus = ATOMIC_INIT(0); | ||
6963 | |||
6964 | - atomic_inc(&nmied_cpus); | ||
6965 | + atomic_inc_unchecked(&nmied_cpus); | ||
6966 | #endif | ||
6967 | /* | ||
6968 | * Only allow 1 cpu to proceed | ||
6969 | @@ -233,7 +233,7 @@ cont_nmi_dump(void) | ||
6970 | udelay(10000); | ||
6971 | } | ||
6972 | #else | ||
6973 | - while (atomic_read(&nmied_cpus) != num_online_cpus()); | ||
6974 | + while (atomic_read_unchecked(&nmied_cpus) != num_online_cpus()); | ||
6975 | #endif | ||
6976 | |||
6977 | /* | ||
5665 | diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h | 6978 | diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h |
5666 | index 967d144..db12197 100644 | 6979 | index 967d144..db12197 100644 |
5667 | --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h | 6980 | --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h |
@@ -6442,7 +7755,7 @@ index 4aad413..85d86bf 100644 | |||
6442 | #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ | 7755 | #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ |
6443 | #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ | 7756 | #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ |
6444 | diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h | 7757 | diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h |
6445 | index 362142b..8b22c1b 100644 | 7758 | index e1fb161..2290d1d 100644 |
6446 | --- a/arch/powerpc/include/asm/reg.h | 7759 | --- a/arch/powerpc/include/asm/reg.h |
6447 | +++ b/arch/powerpc/include/asm/reg.h | 7760 | +++ b/arch/powerpc/include/asm/reg.h |
6448 | @@ -234,6 +234,7 @@ | 7761 | @@ -234,6 +234,7 @@ |
@@ -6454,7 +7767,7 @@ index 362142b..8b22c1b 100644 | |||
6454 | #define DSISR_ISSTORE 0x02000000 /* access was a store */ | 7767 | #define DSISR_ISSTORE 0x02000000 /* access was a store */ |
6455 | #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ | 7768 | #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ |
6456 | diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h | 7769 | diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h |
6457 | index ffbaabe..eabe843 100644 | 7770 | index 48cfc85..891382f 100644 |
6458 | --- a/arch/powerpc/include/asm/smp.h | 7771 | --- a/arch/powerpc/include/asm/smp.h |
6459 | +++ b/arch/powerpc/include/asm/smp.h | 7772 | +++ b/arch/powerpc/include/asm/smp.h |
6460 | @@ -50,7 +50,7 @@ struct smp_ops_t { | 7773 | @@ -50,7 +50,7 @@ struct smp_ops_t { |
@@ -6695,10 +8008,10 @@ index 645170a..6cf0271 100644 | |||
6695 | ld r4,_DAR(r1) | 8008 | ld r4,_DAR(r1) |
6696 | bl .bad_page_fault | 8009 | bl .bad_page_fault |
6697 | diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S | 8010 | diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S |
6698 | index 4e00d22..b26abcc 100644 | 8011 | index 902ca3c..e942155 100644 |
6699 | --- a/arch/powerpc/kernel/exceptions-64s.S | 8012 | --- a/arch/powerpc/kernel/exceptions-64s.S |
6700 | +++ b/arch/powerpc/kernel/exceptions-64s.S | 8013 | +++ b/arch/powerpc/kernel/exceptions-64s.S |
6701 | @@ -1356,10 +1356,10 @@ handle_page_fault: | 8014 | @@ -1357,10 +1357,10 @@ handle_page_fault: |
6702 | 11: ld r4,_DAR(r1) | 8015 | 11: ld r4,_DAR(r1) |
6703 | ld r5,_DSISR(r1) | 8016 | ld r5,_DSISR(r1) |
6704 | addi r3,r1,STACK_FRAME_OVERHEAD | 8017 | addi r3,r1,STACK_FRAME_OVERHEAD |
@@ -6744,10 +8057,10 @@ index 2e3200c..72095ce 100644 | |||
6744 | /* Find this entry, or if that fails, the next avail. entry */ | 8057 | /* Find this entry, or if that fails, the next avail. entry */ |
6745 | while (entry->jump[0]) { | 8058 | while (entry->jump[0]) { |
6746 | diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c | 8059 | diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c |
6747 | index 076d124..6cb2cbf 100644 | 8060 | index 7baa27b..f6b394a 100644 |
6748 | --- a/arch/powerpc/kernel/process.c | 8061 | --- a/arch/powerpc/kernel/process.c |
6749 | +++ b/arch/powerpc/kernel/process.c | 8062 | +++ b/arch/powerpc/kernel/process.c |
6750 | @@ -874,8 +874,8 @@ void show_regs(struct pt_regs * regs) | 8063 | @@ -884,8 +884,8 @@ void show_regs(struct pt_regs * regs) |
6751 | * Lookup NIP late so we have the best change of getting the | 8064 | * Lookup NIP late so we have the best change of getting the |
6752 | * above info out without failing | 8065 | * above info out without failing |
6753 | */ | 8066 | */ |
@@ -6758,7 +8071,7 @@ index 076d124..6cb2cbf 100644 | |||
6758 | #endif | 8071 | #endif |
6759 | #ifdef CONFIG_PPC_TRANSACTIONAL_MEM | 8072 | #ifdef CONFIG_PPC_TRANSACTIONAL_MEM |
6760 | printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch); | 8073 | printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch); |
6761 | @@ -1335,10 +1335,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) | 8074 | @@ -1345,10 +1345,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) |
6762 | newsp = stack[0]; | 8075 | newsp = stack[0]; |
6763 | ip = stack[STACK_FRAME_LR_SAVE]; | 8076 | ip = stack[STACK_FRAME_LR_SAVE]; |
6764 | if (!firstframe || ip != lr) { | 8077 | if (!firstframe || ip != lr) { |
@@ -6771,7 +8084,7 @@ index 076d124..6cb2cbf 100644 | |||
6771 | (void *)current->ret_stack[curr_frame].ret); | 8084 | (void *)current->ret_stack[curr_frame].ret); |
6772 | curr_frame--; | 8085 | curr_frame--; |
6773 | } | 8086 | } |
6774 | @@ -1358,7 +1358,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) | 8087 | @@ -1368,7 +1368,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) |
6775 | struct pt_regs *regs = (struct pt_regs *) | 8088 | struct pt_regs *regs = (struct pt_regs *) |
6776 | (sp + STACK_FRAME_OVERHEAD); | 8089 | (sp + STACK_FRAME_OVERHEAD); |
6777 | lr = regs->link; | 8090 | lr = regs->link; |
@@ -6780,7 +8093,7 @@ index 076d124..6cb2cbf 100644 | |||
6780 | regs->trap, (void *)regs->nip, (void *)lr); | 8093 | regs->trap, (void *)regs->nip, (void *)lr); |
6781 | firstframe = 1; | 8094 | firstframe = 1; |
6782 | } | 8095 | } |
6783 | @@ -1394,58 +1394,3 @@ void notrace __ppc64_runlatch_off(void) | 8096 | @@ -1404,58 +1404,3 @@ void notrace __ppc64_runlatch_off(void) |
6784 | mtspr(SPRN_CTRLT, ctrl); | 8097 | mtspr(SPRN_CTRLT, ctrl); |
6785 | } | 8098 | } |
6786 | #endif /* CONFIG_PPC64 */ | 8099 | #endif /* CONFIG_PPC64 */ |
@@ -6918,10 +8231,10 @@ index e68a845..8b140e6 100644 | |||
6918 | }; | 8231 | }; |
6919 | 8232 | ||
6920 | diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c | 8233 | diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c |
6921 | index e4f205a..8bfffb8 100644 | 8234 | index 88929b1..bece8f8 100644 |
6922 | --- a/arch/powerpc/kernel/traps.c | 8235 | --- a/arch/powerpc/kernel/traps.c |
6923 | +++ b/arch/powerpc/kernel/traps.c | 8236 | +++ b/arch/powerpc/kernel/traps.c |
6924 | @@ -143,6 +143,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) | 8237 | @@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) |
6925 | return flags; | 8238 | return flags; |
6926 | } | 8239 | } |
6927 | 8240 | ||
@@ -6930,7 +8243,7 @@ index e4f205a..8bfffb8 100644 | |||
6930 | static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, | 8243 | static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, |
6931 | int signr) | 8244 | int signr) |
6932 | { | 8245 | { |
6933 | @@ -192,6 +194,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, | 8246 | @@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, |
6934 | panic("Fatal exception in interrupt"); | 8247 | panic("Fatal exception in interrupt"); |
6935 | if (panic_on_oops) | 8248 | if (panic_on_oops) |
6936 | panic("Fatal exception"); | 8249 | panic("Fatal exception"); |
@@ -7157,10 +8470,10 @@ index e779642..e5bb889 100644 | |||
7157 | }; | 8470 | }; |
7158 | 8471 | ||
7159 | diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c | 8472 | diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c |
7160 | index 2859a1f..74f9a6e 100644 | 8473 | index cafad40..9cbc0fc 100644 |
7161 | --- a/arch/powerpc/mm/numa.c | 8474 | --- a/arch/powerpc/mm/numa.c |
7162 | +++ b/arch/powerpc/mm/numa.c | 8475 | +++ b/arch/powerpc/mm/numa.c |
7163 | @@ -919,7 +919,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, | 8476 | @@ -920,7 +920,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, |
7164 | return ret; | 8477 | return ret; |
7165 | } | 8478 | } |
7166 | 8479 | ||
@@ -8429,6 +9742,57 @@ index 7ff45e4..a58f271 100644 | |||
8429 | audit_syscall_exit(regs); | 9742 | audit_syscall_exit(regs); |
8430 | 9743 | ||
8431 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) | 9744 | if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) |
9745 | diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c | ||
9746 | index 77539ed..3ffffe7 100644 | ||
9747 | --- a/arch/sparc/kernel/smp_64.c | ||
9748 | +++ b/arch/sparc/kernel/smp_64.c | ||
9749 | @@ -868,8 +868,8 @@ extern unsigned long xcall_flush_dcache_page_cheetah; | ||
9750 | extern unsigned long xcall_flush_dcache_page_spitfire; | ||
9751 | |||
9752 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
9753 | -extern atomic_t dcpage_flushes; | ||
9754 | -extern atomic_t dcpage_flushes_xcall; | ||
9755 | +extern atomic_unchecked_t dcpage_flushes; | ||
9756 | +extern atomic_unchecked_t dcpage_flushes_xcall; | ||
9757 | #endif | ||
9758 | |||
9759 | static inline void __local_flush_dcache_page(struct page *page) | ||
9760 | @@ -893,7 +893,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) | ||
9761 | return; | ||
9762 | |||
9763 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
9764 | - atomic_inc(&dcpage_flushes); | ||
9765 | + atomic_inc_unchecked(&dcpage_flushes); | ||
9766 | #endif | ||
9767 | |||
9768 | this_cpu = get_cpu(); | ||
9769 | @@ -917,7 +917,7 @@ void smp_flush_dcache_page_impl(struct page *page, int cpu) | ||
9770 | xcall_deliver(data0, __pa(pg_addr), | ||
9771 | (u64) pg_addr, cpumask_of(cpu)); | ||
9772 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
9773 | - atomic_inc(&dcpage_flushes_xcall); | ||
9774 | + atomic_inc_unchecked(&dcpage_flushes_xcall); | ||
9775 | #endif | ||
9776 | } | ||
9777 | } | ||
9778 | @@ -936,7 +936,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) | ||
9779 | preempt_disable(); | ||
9780 | |||
9781 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
9782 | - atomic_inc(&dcpage_flushes); | ||
9783 | + atomic_inc_unchecked(&dcpage_flushes); | ||
9784 | #endif | ||
9785 | data0 = 0; | ||
9786 | pg_addr = page_address(page); | ||
9787 | @@ -953,7 +953,7 @@ void flush_dcache_page_all(struct mm_struct *mm, struct page *page) | ||
9788 | xcall_deliver(data0, __pa(pg_addr), | ||
9789 | (u64) pg_addr, cpu_online_mask); | ||
9790 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
9791 | - atomic_inc(&dcpage_flushes_xcall); | ||
9792 | + atomic_inc_unchecked(&dcpage_flushes_xcall); | ||
9793 | #endif | ||
9794 | } | ||
9795 | __local_flush_dcache_page(page); | ||
8432 | diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c | 9796 | diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c |
8433 | index 3a8d184..49498a8 100644 | 9797 | index 3a8d184..49498a8 100644 |
8434 | --- a/arch/sparc/kernel/sys_sparc_32.c | 9798 | --- a/arch/sparc/kernel/sys_sparc_32.c |
@@ -8702,7 +10066,7 @@ index 6629829..036032d 100644 | |||
8702 | } | 10066 | } |
8703 | 10067 | ||
8704 | diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c | 10068 | diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c |
8705 | index b3f833a..ac74b2d 100644 | 10069 | index b3f833a..f485f80 100644 |
8706 | --- a/arch/sparc/kernel/traps_64.c | 10070 | --- a/arch/sparc/kernel/traps_64.c |
8707 | +++ b/arch/sparc/kernel/traps_64.c | 10071 | +++ b/arch/sparc/kernel/traps_64.c |
8708 | @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) | 10072 | @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) |
@@ -8772,6 +10136,55 @@ index b3f833a..ac74b2d 100644 | |||
8772 | } | 10136 | } |
8773 | 10137 | ||
8774 | struct sun4v_error_entry { | 10138 | struct sun4v_error_entry { |
10139 | @@ -1830,8 +1841,8 @@ struct sun4v_error_entry { | ||
10140 | /*0x38*/u64 reserved_5; | ||
10141 | }; | ||
10142 | |||
10143 | -static atomic_t sun4v_resum_oflow_cnt = ATOMIC_INIT(0); | ||
10144 | -static atomic_t sun4v_nonresum_oflow_cnt = ATOMIC_INIT(0); | ||
10145 | +static atomic_unchecked_t sun4v_resum_oflow_cnt = ATOMIC_INIT(0); | ||
10146 | +static atomic_unchecked_t sun4v_nonresum_oflow_cnt = ATOMIC_INIT(0); | ||
10147 | |||
10148 | static const char *sun4v_err_type_to_str(u8 type) | ||
10149 | { | ||
10150 | @@ -1923,7 +1934,7 @@ static void sun4v_report_real_raddr(const char *pfx, struct pt_regs *regs) | ||
10151 | } | ||
10152 | |||
10153 | static void sun4v_log_error(struct pt_regs *regs, struct sun4v_error_entry *ent, | ||
10154 | - int cpu, const char *pfx, atomic_t *ocnt) | ||
10155 | + int cpu, const char *pfx, atomic_unchecked_t *ocnt) | ||
10156 | { | ||
10157 | u64 *raw_ptr = (u64 *) ent; | ||
10158 | u32 attrs; | ||
10159 | @@ -1981,8 +1992,8 @@ static void sun4v_log_error(struct pt_regs *regs, struct sun4v_error_entry *ent, | ||
10160 | |||
10161 | show_regs(regs); | ||
10162 | |||
10163 | - if ((cnt = atomic_read(ocnt)) != 0) { | ||
10164 | - atomic_set(ocnt, 0); | ||
10165 | + if ((cnt = atomic_read_unchecked(ocnt)) != 0) { | ||
10166 | + atomic_set_unchecked(ocnt, 0); | ||
10167 | wmb(); | ||
10168 | printk("%s: Queue overflowed %d times.\n", | ||
10169 | pfx, cnt); | ||
10170 | @@ -2036,7 +2047,7 @@ void sun4v_resum_error(struct pt_regs *regs, unsigned long offset) | ||
10171 | */ | ||
10172 | void sun4v_resum_overflow(struct pt_regs *regs) | ||
10173 | { | ||
10174 | - atomic_inc(&sun4v_resum_oflow_cnt); | ||
10175 | + atomic_inc_unchecked(&sun4v_resum_oflow_cnt); | ||
10176 | } | ||
10177 | |||
10178 | /* We run with %pil set to PIL_NORMAL_MAX and PSTATE_IE enabled in %pstate. | ||
10179 | @@ -2089,7 +2100,7 @@ void sun4v_nonresum_overflow(struct pt_regs *regs) | ||
10180 | /* XXX Actually even this can make not that much sense. Perhaps | ||
10181 | * XXX we should just pull the plug and panic directly from here? | ||
10182 | */ | ||
10183 | - atomic_inc(&sun4v_nonresum_oflow_cnt); | ||
10184 | + atomic_inc_unchecked(&sun4v_nonresum_oflow_cnt); | ||
10185 | } | ||
10186 | |||
10187 | unsigned long sun4v_err_itlb_vaddr; | ||
8775 | @@ -2104,9 +2115,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) | 10188 | @@ -2104,9 +2115,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) |
8776 | 10189 | ||
8777 | printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n", | 10190 | printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n", |
@@ -9956,10 +11369,20 @@ index 5062ff3..e0b75f3 100644 | |||
9956 | * load/store/atomic was a write or not, it only says that there | 11369 | * load/store/atomic was a write or not, it only says that there |
9957 | * was no match. So in such a case we (carefully) read the | 11370 | * was no match. So in such a case we (carefully) read the |
9958 | diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c | 11371 | diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c |
9959 | index d2b5944..bd813f2 100644 | 11372 | index d2b5944..d878f3c 100644 |
9960 | --- a/arch/sparc/mm/hugetlbpage.c | 11373 | --- a/arch/sparc/mm/hugetlbpage.c |
9961 | +++ b/arch/sparc/mm/hugetlbpage.c | 11374 | +++ b/arch/sparc/mm/hugetlbpage.c |
9962 | @@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, | 11375 | @@ -28,7 +28,8 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, |
11376 | unsigned long addr, | ||
11377 | unsigned long len, | ||
11378 | unsigned long pgoff, | ||
11379 | - unsigned long flags) | ||
11380 | + unsigned long flags, | ||
11381 | + unsigned long offset) | ||
11382 | { | ||
11383 | unsigned long task_size = TASK_SIZE; | ||
11384 | struct vm_unmapped_area_info info; | ||
11385 | @@ -38,15 +39,22 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, | ||
9963 | 11386 | ||
9964 | info.flags = 0; | 11387 | info.flags = 0; |
9965 | info.length = len; | 11388 | info.length = len; |
@@ -9968,7 +11391,9 @@ index d2b5944..bd813f2 100644 | |||
9968 | info.high_limit = min(task_size, VA_EXCLUDE_START); | 11391 | info.high_limit = min(task_size, VA_EXCLUDE_START); |
9969 | info.align_mask = PAGE_MASK & ~HPAGE_MASK; | 11392 | info.align_mask = PAGE_MASK & ~HPAGE_MASK; |
9970 | info.align_offset = 0; | 11393 | info.align_offset = 0; |
9971 | @@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, | 11394 | + info.threadstack_offset = offset; |
11395 | addr = vm_unmapped_area(&info); | ||
11396 | |||
9972 | if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { | 11397 | if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { |
9973 | VM_BUG_ON(addr != -ENOMEM); | 11398 | VM_BUG_ON(addr != -ENOMEM); |
9974 | info.low_limit = VA_EXCLUDE_END; | 11399 | info.low_limit = VA_EXCLUDE_END; |
@@ -9981,7 +11406,25 @@ index d2b5944..bd813f2 100644 | |||
9981 | info.high_limit = task_size; | 11406 | info.high_limit = task_size; |
9982 | addr = vm_unmapped_area(&info); | 11407 | addr = vm_unmapped_area(&info); |
9983 | } | 11408 | } |
9984 | @@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | 11409 | @@ -58,7 +66,8 @@ static unsigned long |
11410 | hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | ||
11411 | const unsigned long len, | ||
11412 | const unsigned long pgoff, | ||
11413 | - const unsigned long flags) | ||
11414 | + const unsigned long flags, | ||
11415 | + const unsigned long offset) | ||
11416 | { | ||
11417 | struct mm_struct *mm = current->mm; | ||
11418 | unsigned long addr = addr0; | ||
11419 | @@ -73,6 +82,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | ||
11420 | info.high_limit = mm->mmap_base; | ||
11421 | info.align_mask = PAGE_MASK & ~HPAGE_MASK; | ||
11422 | info.align_offset = 0; | ||
11423 | + info.threadstack_offset = offset; | ||
11424 | addr = vm_unmapped_area(&info); | ||
11425 | |||
11426 | /* | ||
11427 | @@ -85,6 +95,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, | ||
9985 | VM_BUG_ON(addr != -ENOMEM); | 11428 | VM_BUG_ON(addr != -ENOMEM); |
9986 | info.flags = 0; | 11429 | info.flags = 0; |
9987 | info.low_limit = TASK_UNMAPPED_BASE; | 11430 | info.low_limit = TASK_UNMAPPED_BASE; |
@@ -9994,7 +11437,7 @@ index d2b5944..bd813f2 100644 | |||
9994 | info.high_limit = STACK_TOP32; | 11437 | info.high_limit = STACK_TOP32; |
9995 | addr = vm_unmapped_area(&info); | 11438 | addr = vm_unmapped_area(&info); |
9996 | } | 11439 | } |
9997 | @@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, | 11440 | @@ -99,6 +115,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, |
9998 | struct mm_struct *mm = current->mm; | 11441 | struct mm_struct *mm = current->mm; |
9999 | struct vm_area_struct *vma; | 11442 | struct vm_area_struct *vma; |
10000 | unsigned long task_size = TASK_SIZE; | 11443 | unsigned long task_size = TASK_SIZE; |
@@ -10002,7 +11445,7 @@ index d2b5944..bd813f2 100644 | |||
10002 | 11445 | ||
10003 | if (test_thread_flag(TIF_32BIT)) | 11446 | if (test_thread_flag(TIF_32BIT)) |
10004 | task_size = STACK_TOP32; | 11447 | task_size = STACK_TOP32; |
10005 | @@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, | 11448 | @@ -114,19 +131,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, |
10006 | return addr; | 11449 | return addr; |
10007 | } | 11450 | } |
10008 | 11451 | ||
@@ -10019,6 +11462,54 @@ index d2b5944..bd813f2 100644 | |||
10019 | return addr; | 11462 | return addr; |
10020 | } | 11463 | } |
10021 | if (mm->get_unmapped_area == arch_get_unmapped_area) | 11464 | if (mm->get_unmapped_area == arch_get_unmapped_area) |
11465 | return hugetlb_get_unmapped_area_bottomup(file, addr, len, | ||
11466 | - pgoff, flags); | ||
11467 | + pgoff, flags, offset); | ||
11468 | else | ||
11469 | return hugetlb_get_unmapped_area_topdown(file, addr, len, | ||
11470 | - pgoff, flags); | ||
11471 | + pgoff, flags, offset); | ||
11472 | } | ||
11473 | |||
11474 | pte_t *huge_pte_alloc(struct mm_struct *mm, | ||
11475 | diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c | ||
11476 | index 04fd55a..4ede686 100644 | ||
11477 | --- a/arch/sparc/mm/init_64.c | ||
11478 | +++ b/arch/sparc/mm/init_64.c | ||
11479 | @@ -188,9 +188,9 @@ unsigned long sparc64_kern_sec_context __read_mostly; | ||
11480 | int num_kernel_image_mappings; | ||
11481 | |||
11482 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
11483 | -atomic_t dcpage_flushes = ATOMIC_INIT(0); | ||
11484 | +atomic_unchecked_t dcpage_flushes = ATOMIC_INIT(0); | ||
11485 | #ifdef CONFIG_SMP | ||
11486 | -atomic_t dcpage_flushes_xcall = ATOMIC_INIT(0); | ||
11487 | +atomic_unchecked_t dcpage_flushes_xcall = ATOMIC_INIT(0); | ||
11488 | #endif | ||
11489 | #endif | ||
11490 | |||
11491 | @@ -198,7 +198,7 @@ inline void flush_dcache_page_impl(struct page *page) | ||
11492 | { | ||
11493 | BUG_ON(tlb_type == hypervisor); | ||
11494 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
11495 | - atomic_inc(&dcpage_flushes); | ||
11496 | + atomic_inc_unchecked(&dcpage_flushes); | ||
11497 | #endif | ||
11498 | |||
11499 | #ifdef DCACHE_ALIASING_POSSIBLE | ||
11500 | @@ -466,10 +466,10 @@ void mmu_info(struct seq_file *m) | ||
11501 | |||
11502 | #ifdef CONFIG_DEBUG_DCFLUSH | ||
11503 | seq_printf(m, "DCPageFlushes\t: %d\n", | ||
11504 | - atomic_read(&dcpage_flushes)); | ||
11505 | + atomic_read_unchecked(&dcpage_flushes)); | ||
11506 | #ifdef CONFIG_SMP | ||
11507 | seq_printf(m, "DCPageFlushesXC\t: %d\n", | ||
11508 | - atomic_read(&dcpage_flushes_xcall)); | ||
11509 | + atomic_read_unchecked(&dcpage_flushes_xcall)); | ||
11510 | #endif /* CONFIG_SMP */ | ||
11511 | #endif /* CONFIG_DEBUG_DCFLUSH */ | ||
11512 | } | ||
10022 | diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h | 11513 | diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h |
10023 | index f4500c6..889656c 100644 | 11514 | index f4500c6..889656c 100644 |
10024 | --- a/arch/tile/include/asm/atomic_64.h | 11515 | --- a/arch/tile/include/asm/atomic_64.h |
@@ -10958,6 +12449,57 @@ index 477e9d7..3ab339f 100644 | |||
10958 | ret | 12449 | ret |
10959 | ENDPROC(aesni_xts_crypt8) | 12450 | ENDPROC(aesni_xts_crypt8) |
10960 | 12451 | ||
12452 | diff --git a/arch/x86/crypto/blowfish-avx2-asm_64.S b/arch/x86/crypto/blowfish-avx2-asm_64.S | ||
12453 | index 784452e..46982c7 100644 | ||
12454 | --- a/arch/x86/crypto/blowfish-avx2-asm_64.S | ||
12455 | +++ b/arch/x86/crypto/blowfish-avx2-asm_64.S | ||
12456 | @@ -221,6 +221,7 @@ __blowfish_enc_blk32: | ||
12457 | |||
12458 | write_block(RXl, RXr); | ||
12459 | |||
12460 | + pax_force_retaddr 0, 1 | ||
12461 | ret; | ||
12462 | ENDPROC(__blowfish_enc_blk32) | ||
12463 | |||
12464 | @@ -250,6 +251,7 @@ __blowfish_dec_blk32: | ||
12465 | |||
12466 | write_block(RXl, RXr); | ||
12467 | |||
12468 | + pax_force_retaddr 0, 1 | ||
12469 | ret; | ||
12470 | ENDPROC(__blowfish_dec_blk32) | ||
12471 | |||
12472 | @@ -284,6 +286,7 @@ ENTRY(blowfish_ecb_enc_32way) | ||
12473 | |||
12474 | vzeroupper; | ||
12475 | |||
12476 | + pax_force_retaddr 0, 1 | ||
12477 | ret; | ||
12478 | ENDPROC(blowfish_ecb_enc_32way) | ||
12479 | |||
12480 | @@ -318,6 +321,7 @@ ENTRY(blowfish_ecb_dec_32way) | ||
12481 | |||
12482 | vzeroupper; | ||
12483 | |||
12484 | + pax_force_retaddr 0, 1 | ||
12485 | ret; | ||
12486 | ENDPROC(blowfish_ecb_dec_32way) | ||
12487 | |||
12488 | @@ -365,6 +369,7 @@ ENTRY(blowfish_cbc_dec_32way) | ||
12489 | |||
12490 | vzeroupper; | ||
12491 | |||
12492 | + pax_force_retaddr 0, 1 | ||
12493 | ret; | ||
12494 | ENDPROC(blowfish_cbc_dec_32way) | ||
12495 | |||
12496 | @@ -445,5 +450,6 @@ ENTRY(blowfish_ctr_32way) | ||
12497 | |||
12498 | vzeroupper; | ||
12499 | |||
12500 | + pax_force_retaddr 0, 1 | ||
12501 | ret; | ||
12502 | ENDPROC(blowfish_ctr_32way) | ||
10961 | diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S | 12503 | diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S |
10962 | index 246c670..4d1ed00 100644 | 12504 | index 246c670..4d1ed00 100644 |
10963 | --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S | 12505 | --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S |
@@ -11013,6 +12555,174 @@ index 246c670..4d1ed00 100644 | |||
11013 | + pax_force_retaddr 0, 1 | 12555 | + pax_force_retaddr 0, 1 |
11014 | ret; | 12556 | ret; |
11015 | ENDPROC(blowfish_dec_blk_4way) | 12557 | ENDPROC(blowfish_dec_blk_4way) |
12558 | diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S | ||
12559 | index ce71f92..2dd5b1e 100644 | ||
12560 | --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S | ||
12561 | +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S | ||
12562 | @@ -16,6 +16,7 @@ | ||
12563 | */ | ||
12564 | |||
12565 | #include <linux/linkage.h> | ||
12566 | +#include <asm/alternative-asm.h> | ||
12567 | |||
12568 | #define CAMELLIA_TABLE_BYTE_LEN 272 | ||
12569 | |||
12570 | @@ -191,6 +192,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd: | ||
12571 | roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7, | ||
12572 | %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15, | ||
12573 | %rcx, (%r9)); | ||
12574 | + pax_force_retaddr_bts | ||
12575 | ret; | ||
12576 | ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd) | ||
12577 | |||
12578 | @@ -199,6 +201,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab: | ||
12579 | roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3, | ||
12580 | %xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11, | ||
12581 | %rax, (%r9)); | ||
12582 | + pax_force_retaddr_bts | ||
12583 | ret; | ||
12584 | ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab) | ||
12585 | |||
12586 | @@ -780,6 +783,7 @@ __camellia_enc_blk16: | ||
12587 | %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, | ||
12588 | %xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax)); | ||
12589 | |||
12590 | + pax_force_retaddr_bts | ||
12591 | ret; | ||
12592 | |||
12593 | .align 8 | ||
12594 | @@ -865,6 +869,7 @@ __camellia_dec_blk16: | ||
12595 | %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, | ||
12596 | %xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax)); | ||
12597 | |||
12598 | + pax_force_retaddr_bts | ||
12599 | ret; | ||
12600 | |||
12601 | .align 8 | ||
12602 | @@ -904,6 +909,7 @@ ENTRY(camellia_ecb_enc_16way) | ||
12603 | %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, | ||
12604 | %xmm8, %rsi); | ||
12605 | |||
12606 | + pax_force_retaddr 0, 1 | ||
12607 | ret; | ||
12608 | ENDPROC(camellia_ecb_enc_16way) | ||
12609 | |||
12610 | @@ -932,6 +938,7 @@ ENTRY(camellia_ecb_dec_16way) | ||
12611 | %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, | ||
12612 | %xmm8, %rsi); | ||
12613 | |||
12614 | + pax_force_retaddr 0, 1 | ||
12615 | ret; | ||
12616 | ENDPROC(camellia_ecb_dec_16way) | ||
12617 | |||
12618 | @@ -981,6 +988,7 @@ ENTRY(camellia_cbc_dec_16way) | ||
12619 | %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, | ||
12620 | %xmm8, %rsi); | ||
12621 | |||
12622 | + pax_force_retaddr 0, 1 | ||
12623 | ret; | ||
12624 | ENDPROC(camellia_cbc_dec_16way) | ||
12625 | |||
12626 | @@ -1092,6 +1100,7 @@ ENTRY(camellia_ctr_16way) | ||
12627 | %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, | ||
12628 | %xmm8, %rsi); | ||
12629 | |||
12630 | + pax_force_retaddr 0, 1 | ||
12631 | ret; | ||
12632 | ENDPROC(camellia_ctr_16way) | ||
12633 | |||
12634 | @@ -1234,6 +1243,7 @@ camellia_xts_crypt_16way: | ||
12635 | %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9, | ||
12636 | %xmm8, %rsi); | ||
12637 | |||
12638 | + pax_force_retaddr 0, 1 | ||
12639 | ret; | ||
12640 | ENDPROC(camellia_xts_crypt_16way) | ||
12641 | |||
12642 | diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S | ||
12643 | index 91a1878..bcf340a 100644 | ||
12644 | --- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S | ||
12645 | +++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S | ||
12646 | @@ -11,6 +11,7 @@ | ||
12647 | */ | ||
12648 | |||
12649 | #include <linux/linkage.h> | ||
12650 | +#include <asm/alternative-asm.h> | ||
12651 | |||
12652 | #define CAMELLIA_TABLE_BYTE_LEN 272 | ||
12653 | |||
12654 | @@ -212,6 +213,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd: | ||
12655 | roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7, | ||
12656 | %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15, | ||
12657 | %rcx, (%r9)); | ||
12658 | + pax_force_retaddr_bts | ||
12659 | ret; | ||
12660 | ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd) | ||
12661 | |||
12662 | @@ -220,6 +222,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab: | ||
12663 | roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3, | ||
12664 | %ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11, | ||
12665 | %rax, (%r9)); | ||
12666 | + pax_force_retaddr_bts | ||
12667 | ret; | ||
12668 | ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab) | ||
12669 | |||
12670 | @@ -802,6 +805,7 @@ __camellia_enc_blk32: | ||
12671 | %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, | ||
12672 | %ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax)); | ||
12673 | |||
12674 | + pax_force_retaddr_bts | ||
12675 | ret; | ||
12676 | |||
12677 | .align 8 | ||
12678 | @@ -887,6 +891,7 @@ __camellia_dec_blk32: | ||
12679 | %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, | ||
12680 | %ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax)); | ||
12681 | |||
12682 | + pax_force_retaddr_bts | ||
12683 | ret; | ||
12684 | |||
12685 | .align 8 | ||
12686 | @@ -930,6 +935,7 @@ ENTRY(camellia_ecb_enc_32way) | ||
12687 | |||
12688 | vzeroupper; | ||
12689 | |||
12690 | + pax_force_retaddr 0, 1 | ||
12691 | ret; | ||
12692 | ENDPROC(camellia_ecb_enc_32way) | ||
12693 | |||
12694 | @@ -962,6 +968,7 @@ ENTRY(camellia_ecb_dec_32way) | ||
12695 | |||
12696 | vzeroupper; | ||
12697 | |||
12698 | + pax_force_retaddr 0, 1 | ||
12699 | ret; | ||
12700 | ENDPROC(camellia_ecb_dec_32way) | ||
12701 | |||
12702 | @@ -1028,6 +1035,7 @@ ENTRY(camellia_cbc_dec_32way) | ||
12703 | |||
12704 | vzeroupper; | ||
12705 | |||
12706 | + pax_force_retaddr 0, 1 | ||
12707 | ret; | ||
12708 | ENDPROC(camellia_cbc_dec_32way) | ||
12709 | |||
12710 | @@ -1166,6 +1174,7 @@ ENTRY(camellia_ctr_32way) | ||
12711 | |||
12712 | vzeroupper; | ||
12713 | |||
12714 | + pax_force_retaddr 0, 1 | ||
12715 | ret; | ||
12716 | ENDPROC(camellia_ctr_32way) | ||
12717 | |||
12718 | @@ -1331,6 +1340,7 @@ camellia_xts_crypt_32way: | ||
12719 | |||
12720 | vzeroupper; | ||
12721 | |||
12722 | + pax_force_retaddr 0, 1 | ||
12723 | ret; | ||
12724 | ENDPROC(camellia_xts_crypt_32way) | ||
12725 | |||
11016 | diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S | 12726 | diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S |
11017 | index 310319c..ce174a4 100644 | 12727 | index 310319c..ce174a4 100644 |
11018 | --- a/arch/x86/crypto/camellia-x86_64-asm_64.S | 12728 | --- a/arch/x86/crypto/camellia-x86_64-asm_64.S |
@@ -11205,6 +12915,69 @@ index e3531f8..18ded3a 100644 | |||
11205 | + pax_force_retaddr | 12915 | + pax_force_retaddr |
11206 | ret; | 12916 | ret; |
11207 | ENDPROC(cast6_xts_dec_8way) | 12917 | ENDPROC(cast6_xts_dec_8way) |
12918 | diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S | ||
12919 | index dbc4339..3d868c5 100644 | ||
12920 | --- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S | ||
12921 | +++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S | ||
12922 | @@ -45,6 +45,7 @@ | ||
12923 | |||
12924 | #include <asm/inst.h> | ||
12925 | #include <linux/linkage.h> | ||
12926 | +#include <asm/alternative-asm.h> | ||
12927 | |||
12928 | ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction | ||
12929 | |||
12930 | @@ -312,6 +313,7 @@ do_return: | ||
12931 | popq %rsi | ||
12932 | popq %rdi | ||
12933 | popq %rbx | ||
12934 | + pax_force_retaddr 0, 1 | ||
12935 | ret | ||
12936 | |||
12937 | ################################################################ | ||
12938 | diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S | ||
12939 | index 586f41a..d02851e 100644 | ||
12940 | --- a/arch/x86/crypto/ghash-clmulni-intel_asm.S | ||
12941 | +++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S | ||
12942 | @@ -18,6 +18,7 @@ | ||
12943 | |||
12944 | #include <linux/linkage.h> | ||
12945 | #include <asm/inst.h> | ||
12946 | +#include <asm/alternative-asm.h> | ||
12947 | |||
12948 | .data | ||
12949 | |||
12950 | @@ -93,6 +94,7 @@ __clmul_gf128mul_ble: | ||
12951 | psrlq $1, T2 | ||
12952 | pxor T2, T1 | ||
12953 | pxor T1, DATA | ||
12954 | + pax_force_retaddr | ||
12955 | ret | ||
12956 | ENDPROC(__clmul_gf128mul_ble) | ||
12957 | |||
12958 | @@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul) | ||
12959 | call __clmul_gf128mul_ble | ||
12960 | PSHUFB_XMM BSWAP DATA | ||
12961 | movups DATA, (%rdi) | ||
12962 | + pax_force_retaddr | ||
12963 | ret | ||
12964 | ENDPROC(clmul_ghash_mul) | ||
12965 | |||
12966 | @@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update) | ||
12967 | PSHUFB_XMM BSWAP DATA | ||
12968 | movups DATA, (%rdi) | ||
12969 | .Lupdate_just_ret: | ||
12970 | + pax_force_retaddr | ||
12971 | ret | ||
12972 | ENDPROC(clmul_ghash_update) | ||
12973 | |||
12974 | @@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey) | ||
12975 | pand .Lpoly, %xmm1 | ||
12976 | pxor %xmm1, %xmm0 | ||
12977 | movups %xmm0, (%rdi) | ||
12978 | + pax_force_retaddr | ||
12979 | ret | ||
12980 | ENDPROC(clmul_ghash_setkey) | ||
11208 | diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S | 12981 | diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S |
11209 | index 9279e0b..9270820 100644 | 12982 | index 9279e0b..9270820 100644 |
11210 | --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S | 12983 | --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S |
@@ -11313,6 +13086,81 @@ index 2f202f4..d9164d6 100644 | |||
11313 | + pax_force_retaddr | 13086 | + pax_force_retaddr |
11314 | ret; | 13087 | ret; |
11315 | ENDPROC(serpent_xts_dec_8way_avx) | 13088 | ENDPROC(serpent_xts_dec_8way_avx) |
13089 | diff --git a/arch/x86/crypto/serpent-avx2-asm_64.S b/arch/x86/crypto/serpent-avx2-asm_64.S | ||
13090 | index b222085..abd483c 100644 | ||
13091 | --- a/arch/x86/crypto/serpent-avx2-asm_64.S | ||
13092 | +++ b/arch/x86/crypto/serpent-avx2-asm_64.S | ||
13093 | @@ -15,6 +15,7 @@ | ||
13094 | */ | ||
13095 | |||
13096 | #include <linux/linkage.h> | ||
13097 | +#include <asm/alternative-asm.h> | ||
13098 | #include "glue_helper-asm-avx2.S" | ||
13099 | |||
13100 | .file "serpent-avx2-asm_64.S" | ||
13101 | @@ -610,6 +611,7 @@ __serpent_enc_blk16: | ||
13102 | write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); | ||
13103 | write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); | ||
13104 | |||
13105 | + pax_force_retaddr | ||
13106 | ret; | ||
13107 | ENDPROC(__serpent_enc_blk16) | ||
13108 | |||
13109 | @@ -664,6 +666,7 @@ __serpent_dec_blk16: | ||
13110 | write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); | ||
13111 | write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); | ||
13112 | |||
13113 | + pax_force_retaddr | ||
13114 | ret; | ||
13115 | ENDPROC(__serpent_dec_blk16) | ||
13116 | |||
13117 | @@ -684,6 +687,7 @@ ENTRY(serpent_ecb_enc_16way) | ||
13118 | |||
13119 | vzeroupper; | ||
13120 | |||
13121 | + pax_force_retaddr | ||
13122 | ret; | ||
13123 | ENDPROC(serpent_ecb_enc_16way) | ||
13124 | |||
13125 | @@ -704,6 +708,7 @@ ENTRY(serpent_ecb_dec_16way) | ||
13126 | |||
13127 | vzeroupper; | ||
13128 | |||
13129 | + pax_force_retaddr | ||
13130 | ret; | ||
13131 | ENDPROC(serpent_ecb_dec_16way) | ||
13132 | |||
13133 | @@ -725,6 +730,7 @@ ENTRY(serpent_cbc_dec_16way) | ||
13134 | |||
13135 | vzeroupper; | ||
13136 | |||
13137 | + pax_force_retaddr | ||
13138 | ret; | ||
13139 | ENDPROC(serpent_cbc_dec_16way) | ||
13140 | |||
13141 | @@ -748,6 +754,7 @@ ENTRY(serpent_ctr_16way) | ||
13142 | |||
13143 | vzeroupper; | ||
13144 | |||
13145 | + pax_force_retaddr | ||
13146 | ret; | ||
13147 | ENDPROC(serpent_ctr_16way) | ||
13148 | |||
13149 | @@ -772,6 +779,7 @@ ENTRY(serpent_xts_enc_16way) | ||
13150 | |||
13151 | vzeroupper; | ||
13152 | |||
13153 | + pax_force_retaddr | ||
13154 | ret; | ||
13155 | ENDPROC(serpent_xts_enc_16way) | ||
13156 | |||
13157 | @@ -796,5 +804,6 @@ ENTRY(serpent_xts_dec_16way) | ||
13158 | |||
13159 | vzeroupper; | ||
13160 | |||
13161 | + pax_force_retaddr | ||
13162 | ret; | ||
13163 | ENDPROC(serpent_xts_dec_16way) | ||
11316 | diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 13164 | diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S |
11317 | index acc066c..1559cc4 100644 | 13165 | index acc066c..1559cc4 100644 |
11318 | --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 13166 | --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S |
@@ -11367,6 +13215,126 @@ index a410950..3356d42 100644 | |||
11367 | ret | 13215 | ret |
11368 | 13216 | ||
11369 | ENDPROC(\name) | 13217 | ENDPROC(\name) |
13218 | diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S | ||
13219 | index 642f156..4ab07b9 100644 | ||
13220 | --- a/arch/x86/crypto/sha256-avx-asm.S | ||
13221 | +++ b/arch/x86/crypto/sha256-avx-asm.S | ||
13222 | @@ -49,6 +49,7 @@ | ||
13223 | |||
13224 | #ifdef CONFIG_AS_AVX | ||
13225 | #include <linux/linkage.h> | ||
13226 | +#include <asm/alternative-asm.h> | ||
13227 | |||
13228 | ## assume buffers not aligned | ||
13229 | #define VMOVDQ vmovdqu | ||
13230 | @@ -460,6 +461,7 @@ done_hash: | ||
13231 | popq %r13 | ||
13232 | popq %rbp | ||
13233 | popq %rbx | ||
13234 | + pax_force_retaddr 0, 1 | ||
13235 | ret | ||
13236 | ENDPROC(sha256_transform_avx) | ||
13237 | |||
13238 | diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S | ||
13239 | index 9e86944..2e7f95a 100644 | ||
13240 | --- a/arch/x86/crypto/sha256-avx2-asm.S | ||
13241 | +++ b/arch/x86/crypto/sha256-avx2-asm.S | ||
13242 | @@ -50,6 +50,7 @@ | ||
13243 | |||
13244 | #ifdef CONFIG_AS_AVX2 | ||
13245 | #include <linux/linkage.h> | ||
13246 | +#include <asm/alternative-asm.h> | ||
13247 | |||
13248 | ## assume buffers not aligned | ||
13249 | #define VMOVDQ vmovdqu | ||
13250 | @@ -720,6 +721,7 @@ done_hash: | ||
13251 | popq %r12 | ||
13252 | popq %rbp | ||
13253 | popq %rbx | ||
13254 | + pax_force_retaddr 0, 1 | ||
13255 | ret | ||
13256 | ENDPROC(sha256_transform_rorx) | ||
13257 | |||
13258 | diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S | ||
13259 | index f833b74..c36ed14 100644 | ||
13260 | --- a/arch/x86/crypto/sha256-ssse3-asm.S | ||
13261 | +++ b/arch/x86/crypto/sha256-ssse3-asm.S | ||
13262 | @@ -47,6 +47,7 @@ | ||
13263 | ######################################################################## | ||
13264 | |||
13265 | #include <linux/linkage.h> | ||
13266 | +#include <asm/alternative-asm.h> | ||
13267 | |||
13268 | ## assume buffers not aligned | ||
13269 | #define MOVDQ movdqu | ||
13270 | @@ -471,6 +472,7 @@ done_hash: | ||
13271 | popq %rbp | ||
13272 | popq %rbx | ||
13273 | |||
13274 | + pax_force_retaddr 0, 1 | ||
13275 | ret | ||
13276 | ENDPROC(sha256_transform_ssse3) | ||
13277 | |||
13278 | diff --git a/arch/x86/crypto/sha512-avx-asm.S b/arch/x86/crypto/sha512-avx-asm.S | ||
13279 | index 974dde9..4533d34 100644 | ||
13280 | --- a/arch/x86/crypto/sha512-avx-asm.S | ||
13281 | +++ b/arch/x86/crypto/sha512-avx-asm.S | ||
13282 | @@ -49,6 +49,7 @@ | ||
13283 | |||
13284 | #ifdef CONFIG_AS_AVX | ||
13285 | #include <linux/linkage.h> | ||
13286 | +#include <asm/alternative-asm.h> | ||
13287 | |||
13288 | .text | ||
13289 | |||
13290 | @@ -364,6 +365,7 @@ updateblock: | ||
13291 | mov frame_RSPSAVE(%rsp), %rsp | ||
13292 | |||
13293 | nowork: | ||
13294 | + pax_force_retaddr 0, 1 | ||
13295 | ret | ||
13296 | ENDPROC(sha512_transform_avx) | ||
13297 | |||
13298 | diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S | ||
13299 | index 568b961..061ef1d 100644 | ||
13300 | --- a/arch/x86/crypto/sha512-avx2-asm.S | ||
13301 | +++ b/arch/x86/crypto/sha512-avx2-asm.S | ||
13302 | @@ -51,6 +51,7 @@ | ||
13303 | |||
13304 | #ifdef CONFIG_AS_AVX2 | ||
13305 | #include <linux/linkage.h> | ||
13306 | +#include <asm/alternative-asm.h> | ||
13307 | |||
13308 | .text | ||
13309 | |||
13310 | @@ -678,6 +679,7 @@ done_hash: | ||
13311 | |||
13312 | # Restore Stack Pointer | ||
13313 | mov frame_RSPSAVE(%rsp), %rsp | ||
13314 | + pax_force_retaddr 0, 1 | ||
13315 | ret | ||
13316 | ENDPROC(sha512_transform_rorx) | ||
13317 | |||
13318 | diff --git a/arch/x86/crypto/sha512-ssse3-asm.S b/arch/x86/crypto/sha512-ssse3-asm.S | ||
13319 | index fb56855..e23914f 100644 | ||
13320 | --- a/arch/x86/crypto/sha512-ssse3-asm.S | ||
13321 | +++ b/arch/x86/crypto/sha512-ssse3-asm.S | ||
13322 | @@ -48,6 +48,7 @@ | ||
13323 | ######################################################################## | ||
13324 | |||
13325 | #include <linux/linkage.h> | ||
13326 | +#include <asm/alternative-asm.h> | ||
13327 | |||
13328 | .text | ||
13329 | |||
13330 | @@ -363,6 +364,7 @@ updateblock: | ||
13331 | mov frame_RSPSAVE(%rsp), %rsp | ||
13332 | |||
13333 | nowork: | ||
13334 | + pax_force_retaddr 0, 1 | ||
13335 | ret | ||
13336 | ENDPROC(sha512_transform_ssse3) | ||
13337 | |||
11370 | diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 13338 | diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S |
11371 | index 0505813..63b1d00 100644 | 13339 | index 0505813..63b1d00 100644 |
11372 | --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 13340 | --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S |
@@ -11442,6 +13410,74 @@ index 0505813..63b1d00 100644 | |||
11442 | + pax_force_retaddr 0, 1 | 13410 | + pax_force_retaddr 0, 1 |
11443 | ret; | 13411 | ret; |
11444 | ENDPROC(twofish_xts_dec_8way) | 13412 | ENDPROC(twofish_xts_dec_8way) |
13413 | diff --git a/arch/x86/crypto/twofish-avx2-asm_64.S b/arch/x86/crypto/twofish-avx2-asm_64.S | ||
13414 | index e1a83b9..33006b9 100644 | ||
13415 | --- a/arch/x86/crypto/twofish-avx2-asm_64.S | ||
13416 | +++ b/arch/x86/crypto/twofish-avx2-asm_64.S | ||
13417 | @@ -11,6 +11,7 @@ | ||
13418 | */ | ||
13419 | |||
13420 | #include <linux/linkage.h> | ||
13421 | +#include <asm/alternative-asm.h> | ||
13422 | #include "glue_helper-asm-avx2.S" | ||
13423 | |||
13424 | .file "twofish-avx2-asm_64.S" | ||
13425 | @@ -422,6 +423,7 @@ __twofish_enc_blk16: | ||
13426 | outunpack_enc16(RA, RB, RC, RD); | ||
13427 | write_blocks16(RA, RB, RC, RD); | ||
13428 | |||
13429 | + pax_force_retaddr_bts | ||
13430 | ret; | ||
13431 | ENDPROC(__twofish_enc_blk16) | ||
13432 | |||
13433 | @@ -454,6 +456,7 @@ __twofish_dec_blk16: | ||
13434 | outunpack_dec16(RA, RB, RC, RD); | ||
13435 | write_blocks16(RA, RB, RC, RD); | ||
13436 | |||
13437 | + pax_force_retaddr_bts | ||
13438 | ret; | ||
13439 | ENDPROC(__twofish_dec_blk16) | ||
13440 | |||
13441 | @@ -476,6 +479,7 @@ ENTRY(twofish_ecb_enc_16way) | ||
13442 | popq %r12; | ||
13443 | vzeroupper; | ||
13444 | |||
13445 | + pax_force_retaddr 0, 1 | ||
13446 | ret; | ||
13447 | ENDPROC(twofish_ecb_enc_16way) | ||
13448 | |||
13449 | @@ -498,6 +502,7 @@ ENTRY(twofish_ecb_dec_16way) | ||
13450 | popq %r12; | ||
13451 | vzeroupper; | ||
13452 | |||
13453 | + pax_force_retaddr 0, 1 | ||
13454 | ret; | ||
13455 | ENDPROC(twofish_ecb_dec_16way) | ||
13456 | |||
13457 | @@ -521,6 +526,7 @@ ENTRY(twofish_cbc_dec_16way) | ||
13458 | popq %r12; | ||
13459 | vzeroupper; | ||
13460 | |||
13461 | + pax_force_retaddr 0, 1 | ||
13462 | ret; | ||
13463 | ENDPROC(twofish_cbc_dec_16way) | ||
13464 | |||
13465 | @@ -546,6 +552,7 @@ ENTRY(twofish_ctr_16way) | ||
13466 | popq %r12; | ||
13467 | vzeroupper; | ||
13468 | |||
13469 | + pax_force_retaddr 0, 1 | ||
13470 | ret; | ||
13471 | ENDPROC(twofish_ctr_16way) | ||
13472 | |||
13473 | @@ -574,6 +581,7 @@ twofish_xts_crypt_16way: | ||
13474 | popq %r12; | ||
13475 | vzeroupper; | ||
13476 | |||
13477 | + pax_force_retaddr 0, 1 | ||
13478 | ret; | ||
13479 | ENDPROC(twofish_xts_crypt_16way) | ||
13480 | |||
11445 | diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 13481 | diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S |
11446 | index 1c3b7ce..b365c5e 100644 | 13482 | index 1c3b7ce..b365c5e 100644 |
11447 | --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 13483 | --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S |
@@ -11518,7 +13554,7 @@ index 52ff81c..98af645 100644 | |||
11518 | set_fs(KERNEL_DS); | 13554 | set_fs(KERNEL_DS); |
11519 | has_dumped = 1; | 13555 | has_dumped = 1; |
11520 | diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c | 13556 | diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c |
11521 | index cf1a471..3bc4cf8 100644 | 13557 | index cf1a471..5ba2673 100644 |
11522 | --- a/arch/x86/ia32/ia32_signal.c | 13558 | --- a/arch/x86/ia32/ia32_signal.c |
11523 | +++ b/arch/x86/ia32/ia32_signal.c | 13559 | +++ b/arch/x86/ia32/ia32_signal.c |
11524 | @@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, | 13560 | @@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, |
@@ -11548,7 +13584,12 @@ index cf1a471..3bc4cf8 100644 | |||
11548 | }; | 13584 | }; |
11549 | 13585 | ||
11550 | frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); | 13586 | frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); |
11551 | @@ -463,16 +463,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, | 13587 | @@ -459,20 +459,22 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, |
13588 | else | ||
13589 | put_user_ex(0, &frame->uc.uc_flags); | ||
13590 | put_user_ex(0, &frame->uc.uc_link); | ||
13591 | - err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp); | ||
13592 | + __compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp); | ||
11552 | 13593 | ||
11553 | if (ksig->ka.sa.sa_flags & SA_RESTORER) | 13594 | if (ksig->ka.sa.sa_flags & SA_RESTORER) |
11554 | restorer = ksig->ka.sa.sa_restorer; | 13595 | restorer = ksig->ka.sa.sa_restorer; |
@@ -11571,7 +13612,7 @@ index cf1a471..3bc4cf8 100644 | |||
11571 | 13612 | ||
11572 | err |= copy_siginfo_to_user32(&frame->info, &ksig->info); | 13613 | err |= copy_siginfo_to_user32(&frame->info, &ksig->info); |
11573 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S | 13614 | diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S |
11574 | index 474dc1b..24aaa3e 100644 | 13615 | index 474dc1b..9297c58 100644 |
11575 | --- a/arch/x86/ia32/ia32entry.S | 13616 | --- a/arch/x86/ia32/ia32entry.S |
11576 | +++ b/arch/x86/ia32/ia32entry.S | 13617 | +++ b/arch/x86/ia32/ia32entry.S |
11577 | @@ -15,8 +15,10 @@ | 13618 | @@ -15,8 +15,10 @@ |
@@ -11631,7 +13672,7 @@ index 474dc1b..24aaa3e 100644 | |||
11631 | movl %ebp,%ebp /* zero extension */ | 13672 | movl %ebp,%ebp /* zero extension */ |
11632 | pushq_cfi $__USER32_DS | 13673 | pushq_cfi $__USER32_DS |
11633 | /*CFI_REL_OFFSET ss,0*/ | 13674 | /*CFI_REL_OFFSET ss,0*/ |
11634 | @@ -135,24 +157,44 @@ ENTRY(ia32_sysenter_target) | 13675 | @@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target) |
11635 | CFI_REL_OFFSET rsp,0 | 13676 | CFI_REL_OFFSET rsp,0 |
11636 | pushfq_cfi | 13677 | pushfq_cfi |
11637 | /*CFI_REL_OFFSET rflags,0*/ | 13678 | /*CFI_REL_OFFSET rflags,0*/ |
@@ -11665,8 +13706,8 @@ index 474dc1b..24aaa3e 100644 | |||
11665 | 32bit zero extended */ | 13706 | 32bit zero extended */ |
11666 | + | 13707 | + |
11667 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | 13708 | +#ifdef CONFIG_PAX_MEMORY_UDEREF |
11668 | + mov pax_user_shadow_base,%r11 | 13709 | + addq pax_user_shadow_base,%rbp |
11669 | + add %r11,%rbp | 13710 | + ASM_PAX_OPEN_USERLAND |
11670 | +#endif | 13711 | +#endif |
11671 | + | 13712 | + |
11672 | ASM_STAC | 13713 | ASM_STAC |
@@ -11675,13 +13716,18 @@ index 474dc1b..24aaa3e 100644 | |||
11675 | ASM_CLAC | 13716 | ASM_CLAC |
11676 | - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 13717 | - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
11677 | - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 13718 | - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
13719 | + | ||
13720 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
13721 | + ASM_PAX_CLOSE_USERLAND | ||
13722 | +#endif | ||
13723 | + | ||
11678 | + GET_THREAD_INFO(%r11) | 13724 | + GET_THREAD_INFO(%r11) |
11679 | + orl $TS_COMPAT,TI_status(%r11) | 13725 | + orl $TS_COMPAT,TI_status(%r11) |
11680 | + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) | 13726 | + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) |
11681 | CFI_REMEMBER_STATE | 13727 | CFI_REMEMBER_STATE |
11682 | jnz sysenter_tracesys | 13728 | jnz sysenter_tracesys |
11683 | cmpq $(IA32_NR_syscalls-1),%rax | 13729 | cmpq $(IA32_NR_syscalls-1),%rax |
11684 | @@ -162,12 +204,15 @@ sysenter_do_call: | 13730 | @@ -162,12 +209,15 @@ sysenter_do_call: |
11685 | sysenter_dispatch: | 13731 | sysenter_dispatch: |
11686 | call *ia32_sys_call_table(,%rax,8) | 13732 | call *ia32_sys_call_table(,%rax,8) |
11687 | movq %rax,RAX-ARGOFFSET(%rsp) | 13733 | movq %rax,RAX-ARGOFFSET(%rsp) |
@@ -11699,7 +13745,7 @@ index 474dc1b..24aaa3e 100644 | |||
11699 | /* clear IF, that popfq doesn't enable interrupts early */ | 13745 | /* clear IF, that popfq doesn't enable interrupts early */ |
11700 | andl $~0x200,EFLAGS-R11(%rsp) | 13746 | andl $~0x200,EFLAGS-R11(%rsp) |
11701 | movl RIP-R11(%rsp),%edx /* User %eip */ | 13747 | movl RIP-R11(%rsp),%edx /* User %eip */ |
11702 | @@ -193,6 +238,9 @@ sysexit_from_sys_call: | 13748 | @@ -193,6 +243,9 @@ sysexit_from_sys_call: |
11703 | movl %eax,%esi /* 2nd arg: syscall number */ | 13749 | movl %eax,%esi /* 2nd arg: syscall number */ |
11704 | movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ | 13750 | movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ |
11705 | call __audit_syscall_entry | 13751 | call __audit_syscall_entry |
@@ -11709,7 +13755,7 @@ index 474dc1b..24aaa3e 100644 | |||
11709 | movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ | 13755 | movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ |
11710 | cmpq $(IA32_NR_syscalls-1),%rax | 13756 | cmpq $(IA32_NR_syscalls-1),%rax |
11711 | ja ia32_badsys | 13757 | ja ia32_badsys |
11712 | @@ -204,7 +252,7 @@ sysexit_from_sys_call: | 13758 | @@ -204,7 +257,7 @@ sysexit_from_sys_call: |
11713 | .endm | 13759 | .endm |
11714 | 13760 | ||
11715 | .macro auditsys_exit exit | 13761 | .macro auditsys_exit exit |
@@ -11718,7 +13764,7 @@ index 474dc1b..24aaa3e 100644 | |||
11718 | jnz ia32_ret_from_sys_call | 13764 | jnz ia32_ret_from_sys_call |
11719 | TRACE_IRQS_ON | 13765 | TRACE_IRQS_ON |
11720 | ENABLE_INTERRUPTS(CLBR_NONE) | 13766 | ENABLE_INTERRUPTS(CLBR_NONE) |
11721 | @@ -215,11 +263,12 @@ sysexit_from_sys_call: | 13767 | @@ -215,11 +268,12 @@ sysexit_from_sys_call: |
11722 | 1: setbe %al /* 1 if error, 0 if not */ | 13768 | 1: setbe %al /* 1 if error, 0 if not */ |
11723 | movzbl %al,%edi /* zero-extend that into %edi */ | 13769 | movzbl %al,%edi /* zero-extend that into %edi */ |
11724 | call __audit_syscall_exit | 13770 | call __audit_syscall_exit |
@@ -11732,7 +13778,7 @@ index 474dc1b..24aaa3e 100644 | |||
11732 | jz \exit | 13778 | jz \exit |
11733 | CLEAR_RREGS -ARGOFFSET | 13779 | CLEAR_RREGS -ARGOFFSET |
11734 | jmp int_with_check | 13780 | jmp int_with_check |
11735 | @@ -237,7 +286,7 @@ sysexit_audit: | 13781 | @@ -237,7 +291,7 @@ sysexit_audit: |
11736 | 13782 | ||
11737 | sysenter_tracesys: | 13783 | sysenter_tracesys: |
11738 | #ifdef CONFIG_AUDITSYSCALL | 13784 | #ifdef CONFIG_AUDITSYSCALL |
@@ -11741,7 +13787,7 @@ index 474dc1b..24aaa3e 100644 | |||
11741 | jz sysenter_auditsys | 13787 | jz sysenter_auditsys |
11742 | #endif | 13788 | #endif |
11743 | SAVE_REST | 13789 | SAVE_REST |
11744 | @@ -249,6 +298,9 @@ sysenter_tracesys: | 13790 | @@ -249,6 +303,9 @@ sysenter_tracesys: |
11745 | RESTORE_REST | 13791 | RESTORE_REST |
11746 | cmpq $(IA32_NR_syscalls-1),%rax | 13792 | cmpq $(IA32_NR_syscalls-1),%rax |
11747 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ | 13793 | ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ |
@@ -11751,7 +13797,7 @@ index 474dc1b..24aaa3e 100644 | |||
11751 | jmp sysenter_do_call | 13797 | jmp sysenter_do_call |
11752 | CFI_ENDPROC | 13798 | CFI_ENDPROC |
11753 | ENDPROC(ia32_sysenter_target) | 13799 | ENDPROC(ia32_sysenter_target) |
11754 | @@ -276,19 +328,25 @@ ENDPROC(ia32_sysenter_target) | 13800 | @@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target) |
11755 | ENTRY(ia32_cstar_target) | 13801 | ENTRY(ia32_cstar_target) |
11756 | CFI_STARTPROC32 simple | 13802 | CFI_STARTPROC32 simple |
11757 | CFI_SIGNAL_FRAME | 13803 | CFI_SIGNAL_FRAME |
@@ -11779,14 +13825,15 @@ index 474dc1b..24aaa3e 100644 | |||
11779 | movl %eax,%eax /* zero extension */ | 13825 | movl %eax,%eax /* zero extension */ |
11780 | movq %rax,ORIG_RAX-ARGOFFSET(%rsp) | 13826 | movq %rax,ORIG_RAX-ARGOFFSET(%rsp) |
11781 | movq %rcx,RIP-ARGOFFSET(%rsp) | 13827 | movq %rcx,RIP-ARGOFFSET(%rsp) |
11782 | @@ -304,12 +362,19 @@ ENTRY(ia32_cstar_target) | 13828 | @@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target) |
11783 | /* no need to do an access_ok check here because r8 has been | 13829 | /* no need to do an access_ok check here because r8 has been |
11784 | 32bit zero extended */ | 13830 | 32bit zero extended */ |
11785 | /* hardware stack frame is complete now */ | 13831 | /* hardware stack frame is complete now */ |
11786 | + | 13832 | + |
11787 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | 13833 | +#ifdef CONFIG_PAX_MEMORY_UDEREF |
11788 | + mov pax_user_shadow_base,%r11 | 13834 | + ASM_PAX_OPEN_USERLAND |
11789 | + add %r11,%r8 | 13835 | + movq pax_user_shadow_base,%r8 |
13836 | + addq RSP-ARGOFFSET(%rsp),%r8 | ||
11790 | +#endif | 13837 | +#endif |
11791 | + | 13838 | + |
11792 | ASM_STAC | 13839 | ASM_STAC |
@@ -11795,13 +13842,18 @@ index 474dc1b..24aaa3e 100644 | |||
11795 | ASM_CLAC | 13842 | ASM_CLAC |
11796 | - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 13843 | - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
11797 | - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) | 13844 | - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) |
13845 | + | ||
13846 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
13847 | + ASM_PAX_CLOSE_USERLAND | ||
13848 | +#endif | ||
13849 | + | ||
11798 | + GET_THREAD_INFO(%r11) | 13850 | + GET_THREAD_INFO(%r11) |
11799 | + orl $TS_COMPAT,TI_status(%r11) | 13851 | + orl $TS_COMPAT,TI_status(%r11) |
11800 | + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) | 13852 | + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) |
11801 | CFI_REMEMBER_STATE | 13853 | CFI_REMEMBER_STATE |
11802 | jnz cstar_tracesys | 13854 | jnz cstar_tracesys |
11803 | cmpq $IA32_NR_syscalls-1,%rax | 13855 | cmpq $IA32_NR_syscalls-1,%rax |
11804 | @@ -319,12 +384,15 @@ cstar_do_call: | 13856 | @@ -319,12 +395,15 @@ cstar_do_call: |
11805 | cstar_dispatch: | 13857 | cstar_dispatch: |
11806 | call *ia32_sys_call_table(,%rax,8) | 13858 | call *ia32_sys_call_table(,%rax,8) |
11807 | movq %rax,RAX-ARGOFFSET(%rsp) | 13859 | movq %rax,RAX-ARGOFFSET(%rsp) |
@@ -11819,7 +13871,7 @@ index 474dc1b..24aaa3e 100644 | |||
11819 | RESTORE_ARGS 0,-ARG_SKIP,0,0,0 | 13871 | RESTORE_ARGS 0,-ARG_SKIP,0,0,0 |
11820 | movl RIP-ARGOFFSET(%rsp),%ecx | 13872 | movl RIP-ARGOFFSET(%rsp),%ecx |
11821 | CFI_REGISTER rip,rcx | 13873 | CFI_REGISTER rip,rcx |
11822 | @@ -352,7 +420,7 @@ sysretl_audit: | 13874 | @@ -352,7 +431,7 @@ sysretl_audit: |
11823 | 13875 | ||
11824 | cstar_tracesys: | 13876 | cstar_tracesys: |
11825 | #ifdef CONFIG_AUDITSYSCALL | 13877 | #ifdef CONFIG_AUDITSYSCALL |
@@ -11828,7 +13880,7 @@ index 474dc1b..24aaa3e 100644 | |||
11828 | jz cstar_auditsys | 13880 | jz cstar_auditsys |
11829 | #endif | 13881 | #endif |
11830 | xchgl %r9d,%ebp | 13882 | xchgl %r9d,%ebp |
11831 | @@ -366,6 +434,9 @@ cstar_tracesys: | 13883 | @@ -366,11 +445,19 @@ cstar_tracesys: |
11832 | xchgl %ebp,%r9d | 13884 | xchgl %ebp,%r9d |
11833 | cmpq $(IA32_NR_syscalls-1),%rax | 13885 | cmpq $(IA32_NR_syscalls-1),%rax |
11834 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ | 13886 | ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ |
@@ -11838,7 +13890,17 @@ index 474dc1b..24aaa3e 100644 | |||
11838 | jmp cstar_do_call | 13890 | jmp cstar_do_call |
11839 | END(ia32_cstar_target) | 13891 | END(ia32_cstar_target) |
11840 | 13892 | ||
11841 | @@ -407,19 +478,26 @@ ENTRY(ia32_syscall) | 13893 | ia32_badarg: |
13894 | ASM_CLAC | ||
13895 | + | ||
13896 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
13897 | + ASM_PAX_CLOSE_USERLAND | ||
13898 | +#endif | ||
13899 | + | ||
13900 | movq $-EFAULT,%rax | ||
13901 | jmp ia32_sysret | ||
13902 | CFI_ENDPROC | ||
13903 | @@ -407,19 +494,26 @@ ENTRY(ia32_syscall) | ||
11842 | CFI_REL_OFFSET rip,RIP-RIP | 13904 | CFI_REL_OFFSET rip,RIP-RIP |
11843 | PARAVIRT_ADJUST_EXCEPTION_FRAME | 13905 | PARAVIRT_ADJUST_EXCEPTION_FRAME |
11844 | SWAPGS | 13906 | SWAPGS |
@@ -11872,7 +13934,7 @@ index 474dc1b..24aaa3e 100644 | |||
11872 | jnz ia32_tracesys | 13934 | jnz ia32_tracesys |
11873 | cmpq $(IA32_NR_syscalls-1),%rax | 13935 | cmpq $(IA32_NR_syscalls-1),%rax |
11874 | ja ia32_badsys | 13936 | ja ia32_badsys |
11875 | @@ -442,6 +520,9 @@ ia32_tracesys: | 13937 | @@ -442,6 +536,9 @@ ia32_tracesys: |
11876 | RESTORE_REST | 13938 | RESTORE_REST |
11877 | cmpq $(IA32_NR_syscalls-1),%rax | 13939 | cmpq $(IA32_NR_syscalls-1),%rax |
11878 | ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ | 13940 | ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ |
@@ -13109,9 +15171,18 @@ index 59c6c40..5e0b22c 100644 | |||
13109 | struct compat_timespec { | 15171 | struct compat_timespec { |
13110 | compat_time_t tv_sec; | 15172 | compat_time_t tv_sec; |
13111 | diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h | 15173 | diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h |
13112 | index e99ac27..e89e28c 100644 | 15174 | index e99ac27..10d834e 100644 |
13113 | --- a/arch/x86/include/asm/cpufeature.h | 15175 | --- a/arch/x86/include/asm/cpufeature.h |
13114 | +++ b/arch/x86/include/asm/cpufeature.h | 15176 | +++ b/arch/x86/include/asm/cpufeature.h |
15177 | @@ -203,7 +203,7 @@ | ||
15178 | #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */ | ||
15179 | #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */ | ||
15180 | #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */ | ||
15181 | - | ||
15182 | +#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */ | ||
15183 | |||
15184 | /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */ | ||
15185 | #define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/ | ||
13115 | @@ -211,7 +211,7 @@ | 15186 | @@ -211,7 +211,7 @@ |
13116 | #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ | 15187 | #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ |
13117 | #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ | 15188 | #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ |
@@ -13121,7 +15192,15 @@ index e99ac27..e89e28c 100644 | |||
13121 | #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ | 15192 | #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ |
13122 | #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ | 15193 | #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ |
13123 | #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ | 15194 | #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ |
13124 | @@ -394,7 +394,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) | 15195 | @@ -353,6 +353,7 @@ extern const char * const x86_power_flags[32]; |
15196 | #undef cpu_has_centaur_mcr | ||
15197 | #define cpu_has_centaur_mcr 0 | ||
15198 | |||
15199 | +#define cpu_has_pcid boot_cpu_has(X86_FEATURE_PCID) | ||
15200 | #endif /* CONFIG_X86_64 */ | ||
15201 | |||
15202 | #if __GNUC__ >= 4 | ||
15203 | @@ -394,7 +395,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) | ||
13125 | ".section .discard,\"aw\",@progbits\n" | 15204 | ".section .discard,\"aw\",@progbits\n" |
13126 | " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ | 15205 | " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ |
13127 | ".previous\n" | 15206 | ".previous\n" |
@@ -13444,12 +15523,14 @@ index 75ce3f4..882e801 100644 | |||
13444 | 15523 | ||
13445 | #endif /* _ASM_X86_EMERGENCY_RESTART_H */ | 15524 | #endif /* _ASM_X86_EMERGENCY_RESTART_H */ |
13446 | diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h | 15525 | diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h |
13447 | index e25cc33..425d099 100644 | 15526 | index e25cc33..7d3ec01 100644 |
13448 | --- a/arch/x86/include/asm/fpu-internal.h | 15527 | --- a/arch/x86/include/asm/fpu-internal.h |
13449 | +++ b/arch/x86/include/asm/fpu-internal.h | 15528 | +++ b/arch/x86/include/asm/fpu-internal.h |
13450 | @@ -127,7 +127,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk) | 15529 | @@ -126,8 +126,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk) |
15530 | #define user_insn(insn, output, input...) \ | ||
13451 | ({ \ | 15531 | ({ \ |
13452 | int err; \ | 15532 | int err; \ |
15533 | + pax_open_userland(); \ | ||
13453 | asm volatile(ASM_STAC "\n" \ | 15534 | asm volatile(ASM_STAC "\n" \ |
13454 | - "1:" #insn "\n\t" \ | 15535 | - "1:" #insn "\n\t" \ |
13455 | + "1:" \ | 15536 | + "1:" \ |
@@ -13458,7 +15539,15 @@ index e25cc33..425d099 100644 | |||
13458 | "2: " ASM_CLAC "\n" \ | 15539 | "2: " ASM_CLAC "\n" \ |
13459 | ".section .fixup,\"ax\"\n" \ | 15540 | ".section .fixup,\"ax\"\n" \ |
13460 | "3: movl $-1,%[err]\n" \ | 15541 | "3: movl $-1,%[err]\n" \ |
13461 | @@ -300,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) | 15542 | @@ -136,6 +139,7 @@ static inline void sanitize_i387_state(struct task_struct *tsk) |
15543 | _ASM_EXTABLE(1b, 3b) \ | ||
15544 | : [err] "=r" (err), output \ | ||
15545 | : "0"(0), input); \ | ||
15546 | + pax_close_userland(); \ | ||
15547 | err; \ | ||
15548 | }) | ||
15549 | |||
15550 | @@ -300,7 +304,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) | ||
13462 | "emms\n\t" /* clear stack tags */ | 15551 | "emms\n\t" /* clear stack tags */ |
13463 | "fildl %P[addr]", /* set F?P to defined value */ | 15552 | "fildl %P[addr]", /* set F?P to defined value */ |
13464 | X86_FEATURE_FXSAVE_LEAK, | 15553 | X86_FEATURE_FXSAVE_LEAK, |
@@ -13468,7 +15557,7 @@ index e25cc33..425d099 100644 | |||
13468 | return fpu_restore_checking(&tsk->thread.fpu); | 15557 | return fpu_restore_checking(&tsk->thread.fpu); |
13469 | } | 15558 | } |
13470 | diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h | 15559 | diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h |
13471 | index be27ba1..8f13ff9 100644 | 15560 | index be27ba1..04a8801 100644 |
13472 | --- a/arch/x86/include/asm/futex.h | 15561 | --- a/arch/x86/include/asm/futex.h |
13473 | +++ b/arch/x86/include/asm/futex.h | 15562 | +++ b/arch/x86/include/asm/futex.h |
13474 | @@ -12,6 +12,7 @@ | 15563 | @@ -12,6 +12,7 @@ |
@@ -13507,8 +15596,11 @@ index be27ba1..8f13ff9 100644 | |||
13507 | : "r" (oparg), "i" (-EFAULT), "1" (0)) | 15596 | : "r" (oparg), "i" (-EFAULT), "1" (0)) |
13508 | 15597 | ||
13509 | static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) | 15598 | static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) |
13510 | @@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) | 15599 | @@ -57,12 +59,13 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) |
13511 | 15600 | ||
15601 | pagefault_disable(); | ||
15602 | |||
15603 | + pax_open_userland(); | ||
13512 | switch (op) { | 15604 | switch (op) { |
13513 | case FUTEX_OP_SET: | 15605 | case FUTEX_OP_SET: |
13514 | - __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); | 15606 | - __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg); |
@@ -13520,9 +15612,19 @@ index be27ba1..8f13ff9 100644 | |||
13520 | uaddr, oparg); | 15612 | uaddr, oparg); |
13521 | break; | 15613 | break; |
13522 | case FUTEX_OP_OR: | 15614 | case FUTEX_OP_OR: |
13523 | @@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, | 15615 | @@ -77,6 +80,7 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) |
15616 | default: | ||
15617 | ret = -ENOSYS; | ||
15618 | } | ||
15619 | + pax_close_userland(); | ||
15620 | |||
15621 | pagefault_enable(); | ||
15622 | |||
15623 | @@ -115,18 +119,20 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, | ||
15624 | if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) | ||
13524 | return -EFAULT; | 15625 | return -EFAULT; |
13525 | 15626 | ||
15627 | + pax_open_userland(); | ||
13526 | asm volatile("\t" ASM_STAC "\n" | 15628 | asm volatile("\t" ASM_STAC "\n" |
13527 | - "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" | 15629 | - "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" |
13528 | + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n" | 15630 | + "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n" |
@@ -13537,6 +15639,10 @@ index be27ba1..8f13ff9 100644 | |||
13537 | : "i" (-EFAULT), "r" (newval), "1" (oldval) | 15639 | : "i" (-EFAULT), "r" (newval), "1" (oldval) |
13538 | : "memory" | 15640 | : "memory" |
13539 | ); | 15641 | ); |
15642 | + pax_close_userland(); | ||
15643 | |||
15644 | *uval = oldval; | ||
15645 | return ret; | ||
13540 | diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h | 15646 | diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h |
13541 | index 1da97ef..9c2ebff 100644 | 15647 | index 1da97ef..9c2ebff 100644 |
13542 | --- a/arch/x86/include/asm/hw_irq.h | 15648 | --- a/arch/x86/include/asm/hw_irq.h |
@@ -13923,29 +16029,31 @@ index 5f55e69..e20bfb1 100644 | |||
13923 | 16029 | ||
13924 | #ifdef CONFIG_SMP | 16030 | #ifdef CONFIG_SMP |
13925 | diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h | 16031 | diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
13926 | index cdbf367..adb37ac 100644 | 16032 | index cdbf367..4c73c9e 100644 |
13927 | --- a/arch/x86/include/asm/mmu_context.h | 16033 | --- a/arch/x86/include/asm/mmu_context.h |
13928 | +++ b/arch/x86/include/asm/mmu_context.h | 16034 | +++ b/arch/x86/include/asm/mmu_context.h |
13929 | @@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); | 16035 | @@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm); |
13930 | 16036 | ||
13931 | static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) | 16037 | static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) |
13932 | { | 16038 | { |
13933 | + | 16039 | + |
13934 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | 16040 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
13935 | + unsigned int i; | 16041 | + if (!(static_cpu_has(X86_FEATURE_PCID))) { |
13936 | + pgd_t *pgd; | 16042 | + unsigned int i; |
16043 | + pgd_t *pgd; | ||
13937 | + | 16044 | + |
13938 | + pax_open_kernel(); | 16045 | + pax_open_kernel(); |
13939 | + pgd = get_cpu_pgd(smp_processor_id()); | 16046 | + pgd = get_cpu_pgd(smp_processor_id(), kernel); |
13940 | + for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) | 16047 | + for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i) |
13941 | + set_pgd_batched(pgd+i, native_make_pgd(0)); | 16048 | + set_pgd_batched(pgd+i, native_make_pgd(0)); |
13942 | + pax_close_kernel(); | 16049 | + pax_close_kernel(); |
16050 | + } | ||
13943 | +#endif | 16051 | +#endif |
13944 | + | 16052 | + |
13945 | #ifdef CONFIG_SMP | 16053 | #ifdef CONFIG_SMP |
13946 | if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) | 16054 | if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK) |
13947 | this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); | 16055 | this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY); |
13948 | @@ -34,16 +46,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, | 16056 | @@ -34,16 +48,55 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, |
13949 | struct task_struct *tsk) | 16057 | struct task_struct *tsk) |
13950 | { | 16058 | { |
13951 | unsigned cpu = smp_processor_id(); | 16059 | unsigned cpu = smp_processor_id(); |
@@ -13966,17 +16074,42 @@ index cdbf367..adb37ac 100644 | |||
13966 | /* Re-load page tables */ | 16074 | /* Re-load page tables */ |
13967 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 16075 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
13968 | + pax_open_kernel(); | 16076 | + pax_open_kernel(); |
13969 | + __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); | 16077 | + |
13970 | + __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); | 16078 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
16079 | + if (static_cpu_has(X86_FEATURE_PCID)) | ||
16080 | + __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd); | ||
16081 | + else | ||
16082 | +#endif | ||
16083 | + | ||
16084 | + __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd); | ||
16085 | + __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd); | ||
13971 | + pax_close_kernel(); | 16086 | + pax_close_kernel(); |
13972 | + load_cr3(get_cpu_pgd(cpu)); | 16087 | + BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK)); |
16088 | + | ||
16089 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
16090 | + if (static_cpu_has(X86_FEATURE_PCID)) { | ||
16091 | + if (static_cpu_has(X86_FEATURE_INVPCID)) { | ||
16092 | + unsigned long descriptor[2]; | ||
16093 | + descriptor[0] = PCID_USER; | ||
16094 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory"); | ||
16095 | + } else { | ||
16096 | + write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); | ||
16097 | + if (static_cpu_has(X86_FEATURE_STRONGUDEREF)) | ||
16098 | + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); | ||
16099 | + else | ||
16100 | + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); | ||
16101 | + } | ||
16102 | + } else | ||
16103 | +#endif | ||
16104 | + | ||
16105 | + load_cr3(get_cpu_pgd(cpu, kernel)); | ||
13973 | +#else | 16106 | +#else |
13974 | load_cr3(next->pgd); | 16107 | load_cr3(next->pgd); |
13975 | +#endif | 16108 | +#endif |
13976 | 16109 | ||
13977 | /* stop flush ipis for the previous mm */ | 16110 | /* stop flush ipis for the previous mm */ |
13978 | cpumask_clear_cpu(cpu, mm_cpumask(prev)); | 16111 | cpumask_clear_cpu(cpu, mm_cpumask(prev)); |
13979 | @@ -53,9 +79,38 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, | 16112 | @@ -53,9 +106,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, |
13980 | */ | 16113 | */ |
13981 | if (unlikely(prev->context.ldt != next->context.ldt)) | 16114 | if (unlikely(prev->context.ldt != next->context.ldt)) |
13982 | load_LDT_nolock(&next->context); | 16115 | load_LDT_nolock(&next->context); |
@@ -14006,17 +16139,42 @@ index cdbf367..adb37ac 100644 | |||
14006 | + | 16139 | + |
14007 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 16140 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
14008 | + pax_open_kernel(); | 16141 | + pax_open_kernel(); |
14009 | + __clone_user_pgds(get_cpu_pgd(cpu), next->pgd); | 16142 | + |
14010 | + __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd); | 16143 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
16144 | + if (static_cpu_has(X86_FEATURE_PCID)) | ||
16145 | + __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd); | ||
16146 | + else | ||
16147 | +#endif | ||
16148 | + | ||
16149 | + __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd); | ||
16150 | + __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd); | ||
14011 | + pax_close_kernel(); | 16151 | + pax_close_kernel(); |
14012 | + load_cr3(get_cpu_pgd(cpu)); | 16152 | + BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK)); |
16153 | + | ||
16154 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
16155 | + if (static_cpu_has(X86_FEATURE_PCID)) { | ||
16156 | + if (static_cpu_has(X86_FEATURE_INVPCID)) { | ||
16157 | + unsigned long descriptor[2]; | ||
16158 | + descriptor[0] = PCID_USER; | ||
16159 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory"); | ||
16160 | + } else { | ||
16161 | + write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); | ||
16162 | + if (static_cpu_has(X86_FEATURE_STRONGUDEREF)) | ||
16163 | + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); | ||
16164 | + else | ||
16165 | + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); | ||
16166 | + } | ||
16167 | + } else | ||
16168 | +#endif | ||
16169 | + | ||
16170 | + load_cr3(get_cpu_pgd(cpu, kernel)); | ||
14013 | +#endif | 16171 | +#endif |
14014 | + | 16172 | + |
14015 | +#ifdef CONFIG_SMP | 16173 | +#ifdef CONFIG_SMP |
14016 | this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); | 16174 | this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK); |
14017 | BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); | 16175 | BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next); |
14018 | 16176 | ||
14019 | @@ -64,11 +119,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, | 16177 | @@ -64,11 +171,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next, |
14020 | * tlb flush IPI delivery. We must reload CR3 | 16178 | * tlb flush IPI delivery. We must reload CR3 |
14021 | * to make sure to use no freed page tables. | 16179 | * to make sure to use no freed page tables. |
14022 | */ | 16180 | */ |
@@ -14381,7 +16539,7 @@ index 4cc9f2b..5fd9226 100644 | |||
14381 | 16539 | ||
14382 | /* | 16540 | /* |
14383 | diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h | 16541 | diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h |
14384 | index 1e67223..dd6e7ea 100644 | 16542 | index 1e67223..92a9585 100644 |
14385 | --- a/arch/x86/include/asm/pgtable.h | 16543 | --- a/arch/x86/include/asm/pgtable.h |
14386 | +++ b/arch/x86/include/asm/pgtable.h | 16544 | +++ b/arch/x86/include/asm/pgtable.h |
14387 | @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); | 16545 | @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); |
@@ -14487,23 +16645,24 @@ index 1e67223..dd6e7ea 100644 | |||
14487 | } | 16645 | } |
14488 | 16646 | ||
14489 | static inline pte_t pte_mkdirty(pte_t pte) | 16647 | static inline pte_t pte_mkdirty(pte_t pte) |
14490 | @@ -394,6 +459,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); | 16648 | @@ -394,6 +459,16 @@ pte_t *populate_extra_pte(unsigned long vaddr); |
14491 | #endif | 16649 | #endif |
14492 | 16650 | ||
14493 | #ifndef __ASSEMBLY__ | 16651 | #ifndef __ASSEMBLY__ |
14494 | + | 16652 | + |
14495 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 16653 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
14496 | +extern pgd_t cpu_pgd[NR_CPUS][PTRS_PER_PGD]; | 16654 | +extern pgd_t cpu_pgd[NR_CPUS][2][PTRS_PER_PGD]; |
14497 | +static inline pgd_t *get_cpu_pgd(unsigned int cpu) | 16655 | +enum cpu_pgd_type {kernel = 0, user = 1}; |
16656 | +static inline pgd_t *get_cpu_pgd(unsigned int cpu, enum cpu_pgd_type type) | ||
14498 | +{ | 16657 | +{ |
14499 | + return cpu_pgd[cpu]; | 16658 | + return cpu_pgd[cpu][type]; |
14500 | +} | 16659 | +} |
14501 | +#endif | 16660 | +#endif |
14502 | + | 16661 | + |
14503 | #include <linux/mm_types.h> | 16662 | #include <linux/mm_types.h> |
14504 | #include <linux/log2.h> | 16663 | #include <linux/log2.h> |
14505 | 16664 | ||
14506 | @@ -529,7 +603,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) | 16665 | @@ -529,7 +604,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud) |
14507 | * Currently stuck as a macro due to indirect forward reference to | 16666 | * Currently stuck as a macro due to indirect forward reference to |
14508 | * linux/mmzone.h's __section_mem_map_addr() definition: | 16667 | * linux/mmzone.h's __section_mem_map_addr() definition: |
14509 | */ | 16668 | */ |
@@ -14512,7 +16671,7 @@ index 1e67223..dd6e7ea 100644 | |||
14512 | 16671 | ||
14513 | /* Find an entry in the second-level page table.. */ | 16672 | /* Find an entry in the second-level page table.. */ |
14514 | static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) | 16673 | static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address) |
14515 | @@ -569,7 +643,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) | 16674 | @@ -569,7 +644,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd) |
14516 | * Currently stuck as a macro due to indirect forward reference to | 16675 | * Currently stuck as a macro due to indirect forward reference to |
14517 | * linux/mmzone.h's __section_mem_map_addr() definition: | 16676 | * linux/mmzone.h's __section_mem_map_addr() definition: |
14518 | */ | 16677 | */ |
@@ -14521,7 +16680,7 @@ index 1e67223..dd6e7ea 100644 | |||
14521 | 16680 | ||
14522 | /* to find an entry in a page-table-directory. */ | 16681 | /* to find an entry in a page-table-directory. */ |
14523 | static inline unsigned long pud_index(unsigned long address) | 16682 | static inline unsigned long pud_index(unsigned long address) |
14524 | @@ -584,7 +658,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) | 16683 | @@ -584,7 +659,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) |
14525 | 16684 | ||
14526 | static inline int pgd_bad(pgd_t pgd) | 16685 | static inline int pgd_bad(pgd_t pgd) |
14527 | { | 16686 | { |
@@ -14530,7 +16689,7 @@ index 1e67223..dd6e7ea 100644 | |||
14530 | } | 16689 | } |
14531 | 16690 | ||
14532 | static inline int pgd_none(pgd_t pgd) | 16691 | static inline int pgd_none(pgd_t pgd) |
14533 | @@ -607,7 +681,12 @@ static inline int pgd_none(pgd_t pgd) | 16692 | @@ -607,7 +682,12 @@ static inline int pgd_none(pgd_t pgd) |
14534 | * pgd_offset() returns a (pgd_t *) | 16693 | * pgd_offset() returns a (pgd_t *) |
14535 | * pgd_index() is used get the offset into the pgd page's array of pgd_t's; | 16694 | * pgd_index() is used get the offset into the pgd page's array of pgd_t's; |
14536 | */ | 16695 | */ |
@@ -14538,13 +16697,13 @@ index 1e67223..dd6e7ea 100644 | |||
14538 | +#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address)) | 16697 | +#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address)) |
14539 | + | 16698 | + |
14540 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 16699 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
14541 | +#define pgd_offset_cpu(cpu, address) (get_cpu_pgd(cpu) + pgd_index(address)) | 16700 | +#define pgd_offset_cpu(cpu, type, address) (get_cpu_pgd(cpu, type) + pgd_index(address)) |
14542 | +#endif | 16701 | +#endif |
14543 | + | 16702 | + |
14544 | /* | 16703 | /* |
14545 | * a shortcut which implies the use of the kernel's pgd, instead | 16704 | * a shortcut which implies the use of the kernel's pgd, instead |
14546 | * of a process's | 16705 | * of a process's |
14547 | @@ -618,6 +697,22 @@ static inline int pgd_none(pgd_t pgd) | 16706 | @@ -618,6 +698,23 @@ static inline int pgd_none(pgd_t pgd) |
14548 | #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) | 16707 | #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) |
14549 | #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) | 16708 | #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) |
14550 | 16709 | ||
@@ -14559,6 +16718,7 @@ index 1e67223..dd6e7ea 100644 | |||
14559 | +#define pax_user_shadow_base pax_user_shadow_base(%rip) | 16718 | +#define pax_user_shadow_base pax_user_shadow_base(%rip) |
14560 | +#else | 16719 | +#else |
14561 | +extern unsigned long pax_user_shadow_base; | 16720 | +extern unsigned long pax_user_shadow_base; |
16721 | +extern pgdval_t clone_pgd_mask; | ||
14562 | +#endif | 16722 | +#endif |
14563 | +#endif | 16723 | +#endif |
14564 | + | 16724 | + |
@@ -14567,7 +16727,7 @@ index 1e67223..dd6e7ea 100644 | |||
14567 | #ifndef __ASSEMBLY__ | 16727 | #ifndef __ASSEMBLY__ |
14568 | 16728 | ||
14569 | extern int direct_gbpages; | 16729 | extern int direct_gbpages; |
14570 | @@ -784,11 +879,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, | 16730 | @@ -784,11 +881,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, |
14571 | * dst and src can be on the same page, but the range must not overlap, | 16731 | * dst and src can be on the same page, but the range must not overlap, |
14572 | * and must not cross a page boundary. | 16732 | * and must not cross a page boundary. |
14573 | */ | 16733 | */ |
@@ -14859,10 +17019,33 @@ index e642300..0ef8f31 100644 | |||
14859 | #define pgprot_writecombine pgprot_writecombine | 17019 | #define pgprot_writecombine pgprot_writecombine |
14860 | extern pgprot_t pgprot_writecombine(pgprot_t prot); | 17020 | extern pgprot_t pgprot_writecombine(pgprot_t prot); |
14861 | diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h | 17021 | diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h |
14862 | index 22224b3..4080dab 100644 | 17022 | index 22224b3..b3a2f90 100644 |
14863 | --- a/arch/x86/include/asm/processor.h | 17023 | --- a/arch/x86/include/asm/processor.h |
14864 | +++ b/arch/x86/include/asm/processor.h | 17024 | +++ b/arch/x86/include/asm/processor.h |
14865 | @@ -282,7 +282,7 @@ struct tss_struct { | 17025 | @@ -198,9 +198,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx, |
17026 | : "memory"); | ||
17027 | } | ||
17028 | |||
17029 | +/* invpcid (%rdx),%rax */ | ||
17030 | +#define __ASM_INVPCID ".byte 0x66,0x0f,0x38,0x82,0x02" | ||
17031 | + | ||
17032 | +#define INVPCID_SINGLE_ADDRESS 0UL | ||
17033 | +#define INVPCID_SINGLE_CONTEXT 1UL | ||
17034 | +#define INVPCID_ALL_GLOBAL 2UL | ||
17035 | +#define INVPCID_ALL_MONGLOBAL 3UL | ||
17036 | + | ||
17037 | +#define PCID_KERNEL 0UL | ||
17038 | +#define PCID_USER 1UL | ||
17039 | +#define PCID_NOFLUSH (1UL << 63) | ||
17040 | + | ||
17041 | static inline void load_cr3(pgd_t *pgdir) | ||
17042 | { | ||
17043 | - write_cr3(__pa(pgdir)); | ||
17044 | + write_cr3(__pa(pgdir) | PCID_KERNEL); | ||
17045 | } | ||
17046 | |||
17047 | #ifdef CONFIG_X86_32 | ||
17048 | @@ -282,7 +294,7 @@ struct tss_struct { | ||
14866 | 17049 | ||
14867 | } ____cacheline_aligned; | 17050 | } ____cacheline_aligned; |
14868 | 17051 | ||
@@ -14871,7 +17054,47 @@ index 22224b3..4080dab 100644 | |||
14871 | 17054 | ||
14872 | /* | 17055 | /* |
14873 | * Save the original ist values for checking stack pointers during debugging | 17056 | * Save the original ist values for checking stack pointers during debugging |
14874 | @@ -823,11 +823,18 @@ static inline void spin_lock_prefetch(const void *x) | 17057 | @@ -452,6 +464,7 @@ struct thread_struct { |
17058 | unsigned short ds; | ||
17059 | unsigned short fsindex; | ||
17060 | unsigned short gsindex; | ||
17061 | + unsigned short ss; | ||
17062 | #endif | ||
17063 | #ifdef CONFIG_X86_32 | ||
17064 | unsigned long ip; | ||
17065 | @@ -552,29 +565,8 @@ static inline void load_sp0(struct tss_struct *tss, | ||
17066 | extern unsigned long mmu_cr4_features; | ||
17067 | extern u32 *trampoline_cr4_features; | ||
17068 | |||
17069 | -static inline void set_in_cr4(unsigned long mask) | ||
17070 | -{ | ||
17071 | - unsigned long cr4; | ||
17072 | - | ||
17073 | - mmu_cr4_features |= mask; | ||
17074 | - if (trampoline_cr4_features) | ||
17075 | - *trampoline_cr4_features = mmu_cr4_features; | ||
17076 | - cr4 = read_cr4(); | ||
17077 | - cr4 |= mask; | ||
17078 | - write_cr4(cr4); | ||
17079 | -} | ||
17080 | - | ||
17081 | -static inline void clear_in_cr4(unsigned long mask) | ||
17082 | -{ | ||
17083 | - unsigned long cr4; | ||
17084 | - | ||
17085 | - mmu_cr4_features &= ~mask; | ||
17086 | - if (trampoline_cr4_features) | ||
17087 | - *trampoline_cr4_features = mmu_cr4_features; | ||
17088 | - cr4 = read_cr4(); | ||
17089 | - cr4 &= ~mask; | ||
17090 | - write_cr4(cr4); | ||
17091 | -} | ||
17092 | +extern void set_in_cr4(unsigned long mask); | ||
17093 | +extern void clear_in_cr4(unsigned long mask); | ||
17094 | |||
17095 | typedef struct { | ||
17096 | unsigned long seg; | ||
17097 | @@ -823,11 +815,18 @@ static inline void spin_lock_prefetch(const void *x) | ||
14875 | */ | 17098 | */ |
14876 | #define TASK_SIZE PAGE_OFFSET | 17099 | #define TASK_SIZE PAGE_OFFSET |
14877 | #define TASK_SIZE_MAX TASK_SIZE | 17100 | #define TASK_SIZE_MAX TASK_SIZE |
@@ -14892,7 +17115,7 @@ index 22224b3..4080dab 100644 | |||
14892 | .vm86_info = NULL, \ | 17115 | .vm86_info = NULL, \ |
14893 | .sysenter_cs = __KERNEL_CS, \ | 17116 | .sysenter_cs = __KERNEL_CS, \ |
14894 | .io_bitmap_ptr = NULL, \ | 17117 | .io_bitmap_ptr = NULL, \ |
14895 | @@ -841,7 +848,7 @@ static inline void spin_lock_prefetch(const void *x) | 17118 | @@ -841,7 +840,7 @@ static inline void spin_lock_prefetch(const void *x) |
14896 | */ | 17119 | */ |
14897 | #define INIT_TSS { \ | 17120 | #define INIT_TSS { \ |
14898 | .x86_tss = { \ | 17121 | .x86_tss = { \ |
@@ -14901,7 +17124,7 @@ index 22224b3..4080dab 100644 | |||
14901 | .ss0 = __KERNEL_DS, \ | 17124 | .ss0 = __KERNEL_DS, \ |
14902 | .ss1 = __KERNEL_CS, \ | 17125 | .ss1 = __KERNEL_CS, \ |
14903 | .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ | 17126 | .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ |
14904 | @@ -852,11 +859,7 @@ static inline void spin_lock_prefetch(const void *x) | 17127 | @@ -852,11 +851,7 @@ static inline void spin_lock_prefetch(const void *x) |
14905 | extern unsigned long thread_saved_pc(struct task_struct *tsk); | 17128 | extern unsigned long thread_saved_pc(struct task_struct *tsk); |
14906 | 17129 | ||
14907 | #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) | 17130 | #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) |
@@ -14914,7 +17137,7 @@ index 22224b3..4080dab 100644 | |||
14914 | 17137 | ||
14915 | /* | 17138 | /* |
14916 | * The below -8 is to reserve 8 bytes on top of the ring0 stack. | 17139 | * The below -8 is to reserve 8 bytes on top of the ring0 stack. |
14917 | @@ -871,7 +874,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); | 17140 | @@ -871,7 +866,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); |
14918 | #define task_pt_regs(task) \ | 17141 | #define task_pt_regs(task) \ |
14919 | ({ \ | 17142 | ({ \ |
14920 | struct pt_regs *__regs__; \ | 17143 | struct pt_regs *__regs__; \ |
@@ -14923,7 +17146,7 @@ index 22224b3..4080dab 100644 | |||
14923 | __regs__ - 1; \ | 17146 | __regs__ - 1; \ |
14924 | }) | 17147 | }) |
14925 | 17148 | ||
14926 | @@ -881,13 +884,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); | 17149 | @@ -881,13 +876,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); |
14927 | /* | 17150 | /* |
14928 | * User space process size. 47bits minus one guard page. | 17151 | * User space process size. 47bits minus one guard page. |
14929 | */ | 17152 | */ |
@@ -14939,7 +17162,7 @@ index 22224b3..4080dab 100644 | |||
14939 | 17162 | ||
14940 | #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ | 17163 | #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ |
14941 | IA32_PAGE_OFFSET : TASK_SIZE_MAX) | 17164 | IA32_PAGE_OFFSET : TASK_SIZE_MAX) |
14942 | @@ -898,11 +901,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); | 17165 | @@ -898,11 +893,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); |
14943 | #define STACK_TOP_MAX TASK_SIZE_MAX | 17166 | #define STACK_TOP_MAX TASK_SIZE_MAX |
14944 | 17167 | ||
14945 | #define INIT_THREAD { \ | 17168 | #define INIT_THREAD { \ |
@@ -14953,7 +17176,7 @@ index 22224b3..4080dab 100644 | |||
14953 | } | 17176 | } |
14954 | 17177 | ||
14955 | /* | 17178 | /* |
14956 | @@ -930,6 +933,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, | 17179 | @@ -930,6 +925,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, |
14957 | */ | 17180 | */ |
14958 | #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) | 17181 | #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) |
14959 | 17182 | ||
@@ -14964,7 +17187,17 @@ index 22224b3..4080dab 100644 | |||
14964 | #define KSTK_EIP(task) (task_pt_regs(task)->ip) | 17187 | #define KSTK_EIP(task) (task_pt_regs(task)->ip) |
14965 | 17188 | ||
14966 | /* Get/set a process' ability to use the timestamp counter instruction */ | 17189 | /* Get/set a process' ability to use the timestamp counter instruction */ |
14967 | @@ -970,7 +977,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old, | 17190 | @@ -942,7 +941,8 @@ extern int set_tsc_mode(unsigned int val); |
17191 | extern u16 amd_get_nb_id(int cpu); | ||
17192 | |||
17193 | struct aperfmperf { | ||
17194 | - u64 aperf, mperf; | ||
17195 | + u64 aperf __intentional_overflow(0); | ||
17196 | + u64 mperf __intentional_overflow(0); | ||
17197 | }; | ||
17198 | |||
17199 | static inline void get_aperfmperf(struct aperfmperf *am) | ||
17200 | @@ -970,7 +970,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old, | ||
14968 | return ratio; | 17201 | return ratio; |
14969 | } | 17202 | } |
14970 | 17203 | ||
@@ -14973,7 +17206,7 @@ index 22224b3..4080dab 100644 | |||
14973 | extern void free_init_pages(char *what, unsigned long begin, unsigned long end); | 17206 | extern void free_init_pages(char *what, unsigned long begin, unsigned long end); |
14974 | 17207 | ||
14975 | void default_idle(void); | 17208 | void default_idle(void); |
14976 | @@ -980,6 +987,6 @@ bool xen_set_default_idle(void); | 17209 | @@ -980,6 +980,6 @@ bool xen_set_default_idle(void); |
14977 | #define xen_set_default_idle 0 | 17210 | #define xen_set_default_idle 0 |
14978 | #endif | 17211 | #endif |
14979 | 17212 | ||
@@ -15221,7 +17454,7 @@ index cad82c9..2e5c5c1 100644 | |||
15221 | 17454 | ||
15222 | #endif /* __KERNEL__ */ | 17455 | #endif /* __KERNEL__ */ |
15223 | diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h | 17456 | diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h |
15224 | index c48a950..c6d7468 100644 | 17457 | index c48a950..bc40804 100644 |
15225 | --- a/arch/x86/include/asm/segment.h | 17458 | --- a/arch/x86/include/asm/segment.h |
15226 | +++ b/arch/x86/include/asm/segment.h | 17459 | +++ b/arch/x86/include/asm/segment.h |
15227 | @@ -64,10 +64,15 @@ | 17460 | @@ -64,10 +64,15 @@ |
@@ -15282,15 +17515,32 @@ index c48a950..c6d7468 100644 | |||
15282 | #define GDT_ENTRY_TSS 8 /* needs two entries */ | 17515 | #define GDT_ENTRY_TSS 8 /* needs two entries */ |
15283 | #define GDT_ENTRY_LDT 10 /* needs two entries */ | 17516 | #define GDT_ENTRY_LDT 10 /* needs two entries */ |
15284 | #define GDT_ENTRY_TLS_MIN 12 | 17517 | #define GDT_ENTRY_TLS_MIN 12 |
15285 | @@ -185,6 +200,7 @@ | 17518 | @@ -173,6 +188,8 @@ |
17519 | #define GDT_ENTRY_PER_CPU 15 /* Abused to load per CPU data from limit */ | ||
17520 | #define __PER_CPU_SEG (GDT_ENTRY_PER_CPU * 8 + 3) | ||
17521 | |||
17522 | +#define GDT_ENTRY_UDEREF_KERNEL_DS 16 | ||
17523 | + | ||
17524 | /* TLS indexes for 64bit - hardcoded in arch_prctl */ | ||
17525 | #define FS_TLS 0 | ||
17526 | #define GS_TLS 1 | ||
17527 | @@ -180,12 +197,14 @@ | ||
17528 | #define GS_TLS_SEL ((GDT_ENTRY_TLS_MIN+GS_TLS)*8 + 3) | ||
17529 | #define FS_TLS_SEL ((GDT_ENTRY_TLS_MIN+FS_TLS)*8 + 3) | ||
17530 | |||
17531 | -#define GDT_ENTRIES 16 | ||
17532 | +#define GDT_ENTRIES 17 | ||
17533 | |||
15286 | #endif | 17534 | #endif |
15287 | 17535 | ||
15288 | #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8) | 17536 | #define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8) |
15289 | +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8) | 17537 | +#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8) |
15290 | #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8) | 17538 | #define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8) |
17539 | +#define __UDEREF_KERNEL_DS (GDT_ENTRY_UDEREF_KERNEL_DS*8) | ||
15291 | #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) | 17540 | #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) |
15292 | #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) | 17541 | #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) |
15293 | @@ -265,7 +281,7 @@ static inline unsigned long get_limit(unsigned long segment) | 17542 | #ifndef CONFIG_PARAVIRT |
17543 | @@ -265,7 +284,7 @@ static inline unsigned long get_limit(unsigned long segment) | ||
15294 | { | 17544 | { |
15295 | unsigned long __limit; | 17545 | unsigned long __limit; |
15296 | asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); | 17546 | asm("lsll %1,%0" : "=r" (__limit) : "r" (segment)); |
@@ -15299,6 +17549,99 @@ index c48a950..c6d7468 100644 | |||
15299 | } | 17549 | } |
15300 | 17550 | ||
15301 | #endif /* !__ASSEMBLY__ */ | 17551 | #endif /* !__ASSEMBLY__ */ |
17552 | diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h | ||
17553 | index 8d3120f..352b440 100644 | ||
17554 | --- a/arch/x86/include/asm/smap.h | ||
17555 | +++ b/arch/x86/include/asm/smap.h | ||
17556 | @@ -25,11 +25,40 @@ | ||
17557 | |||
17558 | #include <asm/alternative-asm.h> | ||
17559 | |||
17560 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
17561 | +#define ASM_PAX_OPEN_USERLAND \ | ||
17562 | + 661: jmp 663f; \ | ||
17563 | + .pushsection .altinstr_replacement, "a" ; \ | ||
17564 | + 662: pushq %rax; nop; \ | ||
17565 | + .popsection ; \ | ||
17566 | + .pushsection .altinstructions, "a" ; \ | ||
17567 | + altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\ | ||
17568 | + .popsection ; \ | ||
17569 | + call __pax_open_userland; \ | ||
17570 | + popq %rax; \ | ||
17571 | + 663: | ||
17572 | + | ||
17573 | +#define ASM_PAX_CLOSE_USERLAND \ | ||
17574 | + 661: jmp 663f; \ | ||
17575 | + .pushsection .altinstr_replacement, "a" ; \ | ||
17576 | + 662: pushq %rax; nop; \ | ||
17577 | + .popsection; \ | ||
17578 | + .pushsection .altinstructions, "a" ; \ | ||
17579 | + altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\ | ||
17580 | + .popsection; \ | ||
17581 | + call __pax_close_userland; \ | ||
17582 | + popq %rax; \ | ||
17583 | + 663: | ||
17584 | +#else | ||
17585 | +#define ASM_PAX_OPEN_USERLAND | ||
17586 | +#define ASM_PAX_CLOSE_USERLAND | ||
17587 | +#endif | ||
17588 | + | ||
17589 | #ifdef CONFIG_X86_SMAP | ||
17590 | |||
17591 | #define ASM_CLAC \ | ||
17592 | 661: ASM_NOP3 ; \ | ||
17593 | - .pushsection .altinstr_replacement, "ax" ; \ | ||
17594 | + .pushsection .altinstr_replacement, "a" ; \ | ||
17595 | 662: __ASM_CLAC ; \ | ||
17596 | .popsection ; \ | ||
17597 | .pushsection .altinstructions, "a" ; \ | ||
17598 | @@ -38,7 +67,7 @@ | ||
17599 | |||
17600 | #define ASM_STAC \ | ||
17601 | 661: ASM_NOP3 ; \ | ||
17602 | - .pushsection .altinstr_replacement, "ax" ; \ | ||
17603 | + .pushsection .altinstr_replacement, "a" ; \ | ||
17604 | 662: __ASM_STAC ; \ | ||
17605 | .popsection ; \ | ||
17606 | .pushsection .altinstructions, "a" ; \ | ||
17607 | @@ -56,6 +85,37 @@ | ||
17608 | |||
17609 | #include <asm/alternative.h> | ||
17610 | |||
17611 | +#define __HAVE_ARCH_PAX_OPEN_USERLAND | ||
17612 | +#define __HAVE_ARCH_PAX_CLOSE_USERLAND | ||
17613 | + | ||
17614 | +extern void __pax_open_userland(void); | ||
17615 | +static __always_inline unsigned long pax_open_userland(void) | ||
17616 | +{ | ||
17617 | + | ||
17618 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
17619 | + asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[open]", X86_FEATURE_STRONGUDEREF) | ||
17620 | + : | ||
17621 | + : [open] "i" (__pax_open_userland) | ||
17622 | + : "memory", "rax"); | ||
17623 | +#endif | ||
17624 | + | ||
17625 | + return 0; | ||
17626 | +} | ||
17627 | + | ||
17628 | +extern void __pax_close_userland(void); | ||
17629 | +static __always_inline unsigned long pax_close_userland(void) | ||
17630 | +{ | ||
17631 | + | ||
17632 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
17633 | + asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[close]", X86_FEATURE_STRONGUDEREF) | ||
17634 | + : | ||
17635 | + : [close] "i" (__pax_close_userland) | ||
17636 | + : "memory", "rax"); | ||
17637 | +#endif | ||
17638 | + | ||
17639 | + return 0; | ||
17640 | +} | ||
17641 | + | ||
17642 | #ifdef CONFIG_X86_SMAP | ||
17643 | |||
17644 | static __always_inline void clac(void) | ||
15302 | diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h | 17645 | diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h |
15303 | index b073aae..39f9bdd 100644 | 17646 | index b073aae..39f9bdd 100644 |
15304 | --- a/arch/x86/include/asm/smp.h | 17647 | --- a/arch/x86/include/asm/smp.h |
@@ -15704,8 +18047,106 @@ index a1df6e8..e002940 100644 | |||
15704 | + | 18047 | + |
15705 | #endif | 18048 | #endif |
15706 | #endif /* _ASM_X86_THREAD_INFO_H */ | 18049 | #endif /* _ASM_X86_THREAD_INFO_H */ |
18050 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h | ||
18051 | index 50a7fc0..45844c0 100644 | ||
18052 | --- a/arch/x86/include/asm/tlbflush.h | ||
18053 | +++ b/arch/x86/include/asm/tlbflush.h | ||
18054 | @@ -17,18 +17,44 @@ | ||
18055 | |||
18056 | static inline void __native_flush_tlb(void) | ||
18057 | { | ||
18058 | + if (static_cpu_has(X86_FEATURE_INVPCID)) { | ||
18059 | + unsigned long descriptor[2]; | ||
18060 | + | ||
18061 | + descriptor[0] = PCID_KERNEL; | ||
18062 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory"); | ||
18063 | + return; | ||
18064 | + } | ||
18065 | + | ||
18066 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
18067 | + if (static_cpu_has(X86_FEATURE_PCID)) { | ||
18068 | + unsigned int cpu = raw_get_cpu(); | ||
18069 | + | ||
18070 | + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER); | ||
18071 | + native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL); | ||
18072 | + raw_put_cpu_no_resched(); | ||
18073 | + return; | ||
18074 | + } | ||
18075 | +#endif | ||
18076 | + | ||
18077 | native_write_cr3(native_read_cr3()); | ||
18078 | } | ||
18079 | |||
18080 | static inline void __native_flush_tlb_global_irq_disabled(void) | ||
18081 | { | ||
18082 | - unsigned long cr4; | ||
18083 | + if (static_cpu_has(X86_FEATURE_INVPCID)) { | ||
18084 | + unsigned long descriptor[2]; | ||
18085 | |||
18086 | - cr4 = native_read_cr4(); | ||
18087 | - /* clear PGE */ | ||
18088 | - native_write_cr4(cr4 & ~X86_CR4_PGE); | ||
18089 | - /* write old PGE again and flush TLBs */ | ||
18090 | - native_write_cr4(cr4); | ||
18091 | + descriptor[0] = PCID_KERNEL; | ||
18092 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory"); | ||
18093 | + } else { | ||
18094 | + unsigned long cr4; | ||
18095 | + | ||
18096 | + cr4 = native_read_cr4(); | ||
18097 | + /* clear PGE */ | ||
18098 | + native_write_cr4(cr4 & ~X86_CR4_PGE); | ||
18099 | + /* write old PGE again and flush TLBs */ | ||
18100 | + native_write_cr4(cr4); | ||
18101 | + } | ||
18102 | } | ||
18103 | |||
18104 | static inline void __native_flush_tlb_global(void) | ||
18105 | @@ -49,6 +75,42 @@ static inline void __native_flush_tlb_global(void) | ||
18106 | |||
18107 | static inline void __native_flush_tlb_single(unsigned long addr) | ||
18108 | { | ||
18109 | + | ||
18110 | + if (static_cpu_has(X86_FEATURE_INVPCID)) { | ||
18111 | + unsigned long descriptor[2]; | ||
18112 | + | ||
18113 | + descriptor[0] = PCID_KERNEL; | ||
18114 | + descriptor[1] = addr; | ||
18115 | + | ||
18116 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
18117 | + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) || addr >= TASK_SIZE_MAX) { | ||
18118 | + if (addr < TASK_SIZE_MAX) | ||
18119 | + descriptor[1] += pax_user_shadow_base; | ||
18120 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); | ||
18121 | + } | ||
18122 | + | ||
18123 | + descriptor[0] = PCID_USER; | ||
18124 | + descriptor[1] = addr; | ||
18125 | +#endif | ||
18126 | + | ||
18127 | + asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory"); | ||
18128 | + return; | ||
18129 | + } | ||
18130 | + | ||
18131 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | ||
18132 | + if (static_cpu_has(X86_FEATURE_PCID)) { | ||
18133 | + unsigned int cpu = raw_get_cpu(); | ||
18134 | + | ||
18135 | + native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); | ||
18136 | + asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); | ||
18137 | + native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); | ||
18138 | + raw_put_cpu_no_resched(); | ||
18139 | + | ||
18140 | + if (!static_cpu_has(X86_FEATURE_STRONGUDEREF) && addr < TASK_SIZE_MAX) | ||
18141 | + addr += pax_user_shadow_base; | ||
18142 | + } | ||
18143 | +#endif | ||
18144 | + | ||
18145 | asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); | ||
18146 | } | ||
18147 | |||
15707 | diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h | 18148 | diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h |
15708 | index 5ee2687..70d5895 100644 | 18149 | index 5ee2687..74590b9 100644 |
15709 | --- a/arch/x86/include/asm/uaccess.h | 18150 | --- a/arch/x86/include/asm/uaccess.h |
15710 | +++ b/arch/x86/include/asm/uaccess.h | 18151 | +++ b/arch/x86/include/asm/uaccess.h |
15711 | @@ -7,6 +7,7 @@ | 18152 | @@ -7,6 +7,7 @@ |
@@ -15765,7 +18206,20 @@ index 5ee2687..70d5895 100644 | |||
15765 | 18206 | ||
15766 | /* | 18207 | /* |
15767 | * The exception table consists of pairs of addresses relative to the | 18208 | * The exception table consists of pairs of addresses relative to the |
15768 | @@ -176,13 +207,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) | 18209 | @@ -165,10 +196,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) |
18210 | register __inttype(*(ptr)) __val_gu asm("%edx"); \ | ||
18211 | __chk_user_ptr(ptr); \ | ||
18212 | might_fault(); \ | ||
18213 | + pax_open_userland(); \ | ||
18214 | asm volatile("call __get_user_%P3" \ | ||
18215 | : "=a" (__ret_gu), "=r" (__val_gu) \ | ||
18216 | : "0" (ptr), "i" (sizeof(*(ptr)))); \ | ||
18217 | (x) = (__typeof__(*(ptr))) __val_gu; \ | ||
18218 | + pax_close_userland(); \ | ||
18219 | __ret_gu; \ | ||
18220 | }) | ||
18221 | |||
18222 | @@ -176,13 +209,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) | ||
15769 | asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ | 18223 | asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ |
15770 | : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") | 18224 | : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") |
15771 | 18225 | ||
@@ -15790,7 +18244,7 @@ index 5ee2687..70d5895 100644 | |||
15790 | "3: " ASM_CLAC "\n" \ | 18244 | "3: " ASM_CLAC "\n" \ |
15791 | ".section .fixup,\"ax\"\n" \ | 18245 | ".section .fixup,\"ax\"\n" \ |
15792 | "4: movl %3,%0\n" \ | 18246 | "4: movl %3,%0\n" \ |
15793 | @@ -195,8 +234,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) | 18247 | @@ -195,8 +236,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) |
15794 | 18248 | ||
15795 | #define __put_user_asm_ex_u64(x, addr) \ | 18249 | #define __put_user_asm_ex_u64(x, addr) \ |
15796 | asm volatile(ASM_STAC "\n" \ | 18250 | asm volatile(ASM_STAC "\n" \ |
@@ -15801,34 +18255,50 @@ index 5ee2687..70d5895 100644 | |||
15801 | "3: " ASM_CLAC "\n" \ | 18255 | "3: " ASM_CLAC "\n" \ |
15802 | _ASM_EXTABLE_EX(1b, 2b) \ | 18256 | _ASM_EXTABLE_EX(1b, 2b) \ |
15803 | _ASM_EXTABLE_EX(2b, 3b) \ | 18257 | _ASM_EXTABLE_EX(2b, 3b) \ |
15804 | @@ -246,7 +285,7 @@ extern void __put_user_8(void); | 18258 | @@ -246,7 +287,8 @@ extern void __put_user_8(void); |
15805 | __typeof__(*(ptr)) __pu_val; \ | 18259 | __typeof__(*(ptr)) __pu_val; \ |
15806 | __chk_user_ptr(ptr); \ | 18260 | __chk_user_ptr(ptr); \ |
15807 | might_fault(); \ | 18261 | might_fault(); \ |
15808 | - __pu_val = x; \ | 18262 | - __pu_val = x; \ |
15809 | + __pu_val = (x); \ | 18263 | + __pu_val = (x); \ |
18264 | + pax_open_userland(); \ | ||
15810 | switch (sizeof(*(ptr))) { \ | 18265 | switch (sizeof(*(ptr))) { \ |
15811 | case 1: \ | 18266 | case 1: \ |
15812 | __put_user_x(1, __pu_val, ptr, __ret_pu); \ | 18267 | __put_user_x(1, __pu_val, ptr, __ret_pu); \ |
15813 | @@ -345,7 +384,7 @@ do { \ | 18268 | @@ -264,6 +306,7 @@ extern void __put_user_8(void); |
18269 | __put_user_x(X, __pu_val, ptr, __ret_pu); \ | ||
18270 | break; \ | ||
18271 | } \ | ||
18272 | + pax_close_userland(); \ | ||
18273 | __ret_pu; \ | ||
18274 | }) | ||
18275 | |||
18276 | @@ -344,8 +387,10 @@ do { \ | ||
18277 | } while (0) | ||
15814 | 18278 | ||
15815 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | 18279 | #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ |
18280 | +do { \ | ||
18281 | + pax_open_userland(); \ | ||
15816 | asm volatile(ASM_STAC "\n" \ | 18282 | asm volatile(ASM_STAC "\n" \ |
15817 | - "1: mov"itype" %2,%"rtype"1\n" \ | 18283 | - "1: mov"itype" %2,%"rtype"1\n" \ |
15818 | + "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\ | 18284 | + "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\ |
15819 | "2: " ASM_CLAC "\n" \ | 18285 | "2: " ASM_CLAC "\n" \ |
15820 | ".section .fixup,\"ax\"\n" \ | 18286 | ".section .fixup,\"ax\"\n" \ |
15821 | "3: mov %3,%0\n" \ | 18287 | "3: mov %3,%0\n" \ |
15822 | @@ -353,7 +392,7 @@ do { \ | 18288 | @@ -353,8 +398,10 @@ do { \ |
15823 | " jmp 2b\n" \ | 18289 | " jmp 2b\n" \ |
15824 | ".previous\n" \ | 18290 | ".previous\n" \ |
15825 | _ASM_EXTABLE(1b, 3b) \ | 18291 | _ASM_EXTABLE(1b, 3b) \ |
15826 | - : "=r" (err), ltype(x) \ | 18292 | - : "=r" (err), ltype(x) \ |
18293 | - : "m" (__m(addr)), "i" (errret), "0" (err)) | ||
15827 | + : "=r" (err), ltype (x) \ | 18294 | + : "=r" (err), ltype (x) \ |
15828 | : "m" (__m(addr)), "i" (errret), "0" (err)) | 18295 | + : "m" (__m(addr)), "i" (errret), "0" (err)); \ |
18296 | + pax_close_userland(); \ | ||
18297 | +} while (0) | ||
15829 | 18298 | ||
15830 | #define __get_user_size_ex(x, ptr, size) \ | 18299 | #define __get_user_size_ex(x, ptr, size) \ |
15831 | @@ -378,7 +417,7 @@ do { \ | 18300 | do { \ |
18301 | @@ -378,7 +425,7 @@ do { \ | ||
15832 | } while (0) | 18302 | } while (0) |
15833 | 18303 | ||
15834 | #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ | 18304 | #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ |
@@ -15837,7 +18307,7 @@ index 5ee2687..70d5895 100644 | |||
15837 | "2:\n" \ | 18307 | "2:\n" \ |
15838 | _ASM_EXTABLE_EX(1b, 2b) \ | 18308 | _ASM_EXTABLE_EX(1b, 2b) \ |
15839 | : ltype(x) : "m" (__m(addr))) | 18309 | : ltype(x) : "m" (__m(addr))) |
15840 | @@ -395,13 +434,24 @@ do { \ | 18310 | @@ -395,13 +442,24 @@ do { \ |
15841 | int __gu_err; \ | 18311 | int __gu_err; \ |
15842 | unsigned long __gu_val; \ | 18312 | unsigned long __gu_val; \ |
15843 | __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ | 18313 | __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ |
@@ -15864,21 +18334,26 @@ index 5ee2687..70d5895 100644 | |||
15864 | 18334 | ||
15865 | /* | 18335 | /* |
15866 | * Tell gcc we read from memory instead of writing: this is because | 18336 | * Tell gcc we read from memory instead of writing: this is because |
15867 | @@ -410,7 +460,7 @@ struct __large_struct { unsigned long buf[100]; }; | 18337 | @@ -409,8 +467,10 @@ struct __large_struct { unsigned long buf[100]; }; |
18338 | * aliasing issues. | ||
15868 | */ | 18339 | */ |
15869 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ | 18340 | #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ |
18341 | +do { \ | ||
18342 | + pax_open_userland(); \ | ||
15870 | asm volatile(ASM_STAC "\n" \ | 18343 | asm volatile(ASM_STAC "\n" \ |
15871 | - "1: mov"itype" %"rtype"1,%2\n" \ | 18344 | - "1: mov"itype" %"rtype"1,%2\n" \ |
15872 | + "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\ | 18345 | + "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\ |
15873 | "2: " ASM_CLAC "\n" \ | 18346 | "2: " ASM_CLAC "\n" \ |
15874 | ".section .fixup,\"ax\"\n" \ | 18347 | ".section .fixup,\"ax\"\n" \ |
15875 | "3: mov %3,%0\n" \ | 18348 | "3: mov %3,%0\n" \ |
15876 | @@ -418,10 +468,10 @@ struct __large_struct { unsigned long buf[100]; }; | 18349 | @@ -418,10 +478,12 @@ struct __large_struct { unsigned long buf[100]; }; |
15877 | ".previous\n" \ | 18350 | ".previous\n" \ |
15878 | _ASM_EXTABLE(1b, 3b) \ | 18351 | _ASM_EXTABLE(1b, 3b) \ |
15879 | : "=r"(err) \ | 18352 | : "=r"(err) \ |
15880 | - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) | 18353 | - : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err)) |
15881 | + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err)) | 18354 | + : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err));\ |
18355 | + pax_close_userland(); \ | ||
18356 | +} while (0) | ||
15882 | 18357 | ||
15883 | #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \ | 18358 | #define __put_user_asm_ex(x, addr, itype, rtype, ltype) \ |
15884 | - asm volatile("1: mov"itype" %"rtype"0,%1\n" \ | 18359 | - asm volatile("1: mov"itype" %"rtype"0,%1\n" \ |
@@ -15886,7 +18361,21 @@ index 5ee2687..70d5895 100644 | |||
15886 | "2:\n" \ | 18361 | "2:\n" \ |
15887 | _ASM_EXTABLE_EX(1b, 2b) \ | 18362 | _ASM_EXTABLE_EX(1b, 2b) \ |
15888 | : : ltype(x), "m" (__m(addr))) | 18363 | : : ltype(x), "m" (__m(addr))) |
15889 | @@ -460,8 +510,12 @@ struct __large_struct { unsigned long buf[100]; }; | 18364 | @@ -431,11 +493,13 @@ struct __large_struct { unsigned long buf[100]; }; |
18365 | */ | ||
18366 | #define uaccess_try do { \ | ||
18367 | current_thread_info()->uaccess_err = 0; \ | ||
18368 | + pax_open_userland(); \ | ||
18369 | stac(); \ | ||
18370 | barrier(); | ||
18371 | |||
18372 | #define uaccess_catch(err) \ | ||
18373 | clac(); \ | ||
18374 | + pax_close_userland(); \ | ||
18375 | (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \ | ||
18376 | } while (0) | ||
18377 | |||
18378 | @@ -460,8 +524,12 @@ struct __large_struct { unsigned long buf[100]; }; | ||
15890 | * On error, the variable @x is set to zero. | 18379 | * On error, the variable @x is set to zero. |
15891 | */ | 18380 | */ |
15892 | 18381 | ||
@@ -15899,7 +18388,7 @@ index 5ee2687..70d5895 100644 | |||
15899 | 18388 | ||
15900 | /** | 18389 | /** |
15901 | * __put_user: - Write a simple value into user space, with less checking. | 18390 | * __put_user: - Write a simple value into user space, with less checking. |
15902 | @@ -483,8 +537,12 @@ struct __large_struct { unsigned long buf[100]; }; | 18391 | @@ -483,8 +551,12 @@ struct __large_struct { unsigned long buf[100]; }; |
15903 | * Returns zero on success, or -EFAULT on error. | 18392 | * Returns zero on success, or -EFAULT on error. |
15904 | */ | 18393 | */ |
15905 | 18394 | ||
@@ -15912,7 +18401,7 @@ index 5ee2687..70d5895 100644 | |||
15912 | 18401 | ||
15913 | #define __get_user_unaligned __get_user | 18402 | #define __get_user_unaligned __get_user |
15914 | #define __put_user_unaligned __put_user | 18403 | #define __put_user_unaligned __put_user |
15915 | @@ -502,7 +560,7 @@ struct __large_struct { unsigned long buf[100]; }; | 18404 | @@ -502,7 +574,7 @@ struct __large_struct { unsigned long buf[100]; }; |
15916 | #define get_user_ex(x, ptr) do { \ | 18405 | #define get_user_ex(x, ptr) do { \ |
15917 | unsigned long __gue_val; \ | 18406 | unsigned long __gue_val; \ |
15918 | __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ | 18407 | __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ |
@@ -15921,7 +18410,7 @@ index 5ee2687..70d5895 100644 | |||
15921 | } while (0) | 18410 | } while (0) |
15922 | 18411 | ||
15923 | #define put_user_try uaccess_try | 18412 | #define put_user_try uaccess_try |
15924 | @@ -519,8 +577,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); | 18413 | @@ -519,8 +591,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); |
15925 | extern __must_check long strlen_user(const char __user *str); | 18414 | extern __must_check long strlen_user(const char __user *str); |
15926 | extern __must_check long strnlen_user(const char __user *str, long n); | 18415 | extern __must_check long strnlen_user(const char __user *str, long n); |
15927 | 18416 | ||
@@ -16107,7 +18596,7 @@ index 7f760a9..04b1c65 100644 | |||
16107 | } | 18596 | } |
16108 | 18597 | ||
16109 | diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h | 18598 | diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h |
16110 | index 142810c..1f2a0a7 100644 | 18599 | index 142810c..1dbe82f 100644 |
16111 | --- a/arch/x86/include/asm/uaccess_64.h | 18600 | --- a/arch/x86/include/asm/uaccess_64.h |
16112 | +++ b/arch/x86/include/asm/uaccess_64.h | 18601 | +++ b/arch/x86/include/asm/uaccess_64.h |
16113 | @@ -10,6 +10,9 @@ | 18602 | @@ -10,6 +10,9 @@ |
@@ -16426,8 +18915,9 @@ index 142810c..1f2a0a7 100644 | |||
16426 | } | 18915 | } |
16427 | } | 18916 | } |
16428 | 18917 | ||
16429 | static __must_check __always_inline int | 18918 | -static __must_check __always_inline int |
16430 | -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) | 18919 | -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) |
18920 | +static __must_check __always_inline unsigned long | ||
16431 | +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) | 18921 | +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) |
16432 | { | 18922 | { |
16433 | - return copy_user_generic(dst, (__force const void *)src, size); | 18923 | - return copy_user_generic(dst, (__force const void *)src, size); |
@@ -16567,12 +19057,14 @@ index d8d9922..bf6cecb 100644 | |||
16567 | extern struct x86_init_ops x86_init; | 19057 | extern struct x86_init_ops x86_init; |
16568 | extern struct x86_cpuinit_ops x86_cpuinit; | 19058 | extern struct x86_cpuinit_ops x86_cpuinit; |
16569 | diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h | 19059 | diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h |
16570 | index 0415cda..b43d877 100644 | 19060 | index 0415cda..3b22adc 100644 |
16571 | --- a/arch/x86/include/asm/xsave.h | 19061 | --- a/arch/x86/include/asm/xsave.h |
16572 | +++ b/arch/x86/include/asm/xsave.h | 19062 | +++ b/arch/x86/include/asm/xsave.h |
16573 | @@ -71,7 +71,9 @@ static inline int xsave_user(struct xsave_struct __user *buf) | 19063 | @@ -70,8 +70,11 @@ static inline int xsave_user(struct xsave_struct __user *buf) |
19064 | if (unlikely(err)) | ||
16574 | return -EFAULT; | 19065 | return -EFAULT; |
16575 | 19066 | ||
19067 | + pax_open_userland(); | ||
16576 | __asm__ __volatile__(ASM_STAC "\n" | 19068 | __asm__ __volatile__(ASM_STAC "\n" |
16577 | - "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" | 19069 | - "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" |
16578 | + "1:" | 19070 | + "1:" |
@@ -16581,7 +19073,14 @@ index 0415cda..b43d877 100644 | |||
16581 | "2: " ASM_CLAC "\n" | 19073 | "2: " ASM_CLAC "\n" |
16582 | ".section .fixup,\"ax\"\n" | 19074 | ".section .fixup,\"ax\"\n" |
16583 | "3: movl $-1,%[err]\n" | 19075 | "3: movl $-1,%[err]\n" |
16584 | @@ -87,12 +89,14 @@ static inline int xsave_user(struct xsave_struct __user *buf) | 19076 | @@ -81,18 +84,22 @@ static inline int xsave_user(struct xsave_struct __user *buf) |
19077 | : [err] "=r" (err) | ||
19078 | : "D" (buf), "a" (-1), "d" (-1), "0" (0) | ||
19079 | : "memory"); | ||
19080 | + pax_close_userland(); | ||
19081 | return err; | ||
19082 | } | ||
19083 | |||
16585 | static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) | 19084 | static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) |
16586 | { | 19085 | { |
16587 | int err; | 19086 | int err; |
@@ -16590,6 +19089,7 @@ index 0415cda..b43d877 100644 | |||
16590 | u32 lmask = mask; | 19089 | u32 lmask = mask; |
16591 | u32 hmask = mask >> 32; | 19090 | u32 hmask = mask >> 32; |
16592 | 19091 | ||
19092 | + pax_open_userland(); | ||
16593 | __asm__ __volatile__(ASM_STAC "\n" | 19093 | __asm__ __volatile__(ASM_STAC "\n" |
16594 | - "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" | 19094 | - "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" |
16595 | + "1:" | 19095 | + "1:" |
@@ -16598,6 +19098,14 @@ index 0415cda..b43d877 100644 | |||
16598 | "2: " ASM_CLAC "\n" | 19098 | "2: " ASM_CLAC "\n" |
16599 | ".section .fixup,\"ax\"\n" | 19099 | ".section .fixup,\"ax\"\n" |
16600 | "3: movl $-1,%[err]\n" | 19100 | "3: movl $-1,%[err]\n" |
19101 | @@ -102,6 +109,7 @@ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) | ||
19102 | : [err] "=r" (err) | ||
19103 | : "D" (xstate), "a" (lmask), "d" (hmask), "0" (0) | ||
19104 | : "memory"); /* memory required? */ | ||
19105 | + pax_close_userland(); | ||
19106 | return err; | ||
19107 | } | ||
19108 | |||
16601 | diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h | 19109 | diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h |
16602 | index bbae024..e1528f9 100644 | 19110 | index bbae024..e1528f9 100644 |
16603 | --- a/arch/x86/include/uapi/asm/e820.h | 19111 | --- a/arch/x86/include/uapi/asm/e820.h |
@@ -17197,7 +19705,7 @@ index 5013a48..0782c53 100644 | |||
17197 | if (c->x86_model == 3 && c->x86_mask == 0) | 19705 | if (c->x86_model == 3 && c->x86_mask == 0) |
17198 | size = 64; | 19706 | size = 64; |
17199 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | 19707 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
17200 | index 22018f7..bc6f5e3 100644 | 19708 | index 22018f7..df77e23 100644 |
17201 | --- a/arch/x86/kernel/cpu/common.c | 19709 | --- a/arch/x86/kernel/cpu/common.c |
17202 | +++ b/arch/x86/kernel/cpu/common.c | 19710 | +++ b/arch/x86/kernel/cpu/common.c |
17203 | @@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { | 19711 | @@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { |
@@ -17261,7 +19769,65 @@ index 22018f7..bc6f5e3 100644 | |||
17261 | static int __init x86_xsave_setup(char *s) | 19769 | static int __init x86_xsave_setup(char *s) |
17262 | { | 19770 | { |
17263 | setup_clear_cpu_cap(X86_FEATURE_XSAVE); | 19771 | setup_clear_cpu_cap(X86_FEATURE_XSAVE); |
17264 | @@ -386,7 +332,7 @@ void switch_to_new_gdt(int cpu) | 19772 | @@ -288,6 +234,57 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c) |
19773 | set_in_cr4(X86_CR4_SMAP); | ||
19774 | } | ||
19775 | |||
19776 | +#ifdef CONFIG_X86_64 | ||
19777 | +static __init int setup_disable_pcid(char *arg) | ||
19778 | +{ | ||
19779 | + setup_clear_cpu_cap(X86_FEATURE_PCID); | ||
19780 | + | ||
19781 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
19782 | + if (clone_pgd_mask != ~(pgdval_t)0UL) | ||
19783 | + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; | ||
19784 | +#endif | ||
19785 | + | ||
19786 | + return 1; | ||
19787 | +} | ||
19788 | +__setup("nopcid", setup_disable_pcid); | ||
19789 | + | ||
19790 | +static void setup_pcid(struct cpuinfo_x86 *c) | ||
19791 | +{ | ||
19792 | + if (!cpu_has(c, X86_FEATURE_PCID)) { | ||
19793 | + | ||
19794 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
19795 | + if (clone_pgd_mask != ~(pgdval_t)0UL) { | ||
19796 | + pax_open_kernel(); | ||
19797 | + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; | ||
19798 | + pax_close_kernel(); | ||
19799 | + printk("PAX: slow and weak UDEREF enabled\n"); | ||
19800 | + } else | ||
19801 | + printk("PAX: UDEREF disabled\n"); | ||
19802 | +#endif | ||
19803 | + | ||
19804 | + return; | ||
19805 | + } | ||
19806 | + | ||
19807 | + printk("PAX: PCID detected\n"); | ||
19808 | + set_in_cr4(X86_CR4_PCIDE); | ||
19809 | + | ||
19810 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
19811 | + pax_open_kernel(); | ||
19812 | + clone_pgd_mask = ~(pgdval_t)0UL; | ||
19813 | + pax_close_kernel(); | ||
19814 | + if (pax_user_shadow_base) | ||
19815 | + printk("PAX: weak UDEREF enabled\n"); | ||
19816 | + else { | ||
19817 | + set_cpu_cap(c, X86_FEATURE_STRONGUDEREF); | ||
19818 | + printk("PAX: strong UDEREF enabled\n"); | ||
19819 | + } | ||
19820 | +#endif | ||
19821 | + | ||
19822 | + if (cpu_has(c, X86_FEATURE_INVPCID)) | ||
19823 | + printk("PAX: INVPCID detected\n"); | ||
19824 | +} | ||
19825 | +#endif | ||
19826 | + | ||
19827 | /* | ||
19828 | * Some CPU features depend on higher CPUID levels, which may not always | ||
19829 | * be available due to CPUID level capping or broken virtualization | ||
19830 | @@ -386,7 +383,7 @@ void switch_to_new_gdt(int cpu) | ||
17265 | { | 19831 | { |
17266 | struct desc_ptr gdt_descr; | 19832 | struct desc_ptr gdt_descr; |
17267 | 19833 | ||
@@ -17270,7 +19836,18 @@ index 22018f7..bc6f5e3 100644 | |||
17270 | gdt_descr.size = GDT_SIZE - 1; | 19836 | gdt_descr.size = GDT_SIZE - 1; |
17271 | load_gdt(&gdt_descr); | 19837 | load_gdt(&gdt_descr); |
17272 | /* Reload the per-cpu base */ | 19838 | /* Reload the per-cpu base */ |
17273 | @@ -882,6 +828,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) | 19839 | @@ -874,6 +871,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) |
19840 | setup_smep(c); | ||
19841 | setup_smap(c); | ||
19842 | |||
19843 | +#ifdef CONFIG_X86_64 | ||
19844 | + setup_pcid(c); | ||
19845 | +#endif | ||
19846 | + | ||
19847 | /* | ||
19848 | * The vendor-specific functions might have changed features. | ||
19849 | * Now we do "generic changes." | ||
19850 | @@ -882,6 +883,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) | ||
17274 | /* Filter out anything that depends on CPUID levels we don't have */ | 19851 | /* Filter out anything that depends on CPUID levels we don't have */ |
17275 | filter_cpuid_features(c, true); | 19852 | filter_cpuid_features(c, true); |
17276 | 19853 | ||
@@ -17281,7 +19858,7 @@ index 22018f7..bc6f5e3 100644 | |||
17281 | /* If the model name is still unset, do table lookup. */ | 19858 | /* If the model name is still unset, do table lookup. */ |
17282 | if (!c->x86_model_id[0]) { | 19859 | if (!c->x86_model_id[0]) { |
17283 | const char *p; | 19860 | const char *p; |
17284 | @@ -1069,10 +1019,12 @@ static __init int setup_disablecpuid(char *arg) | 19861 | @@ -1069,10 +1074,12 @@ static __init int setup_disablecpuid(char *arg) |
17285 | } | 19862 | } |
17286 | __setup("clearcpuid=", setup_disablecpuid); | 19863 | __setup("clearcpuid=", setup_disablecpuid); |
17287 | 19864 | ||
@@ -17296,7 +19873,7 @@ index 22018f7..bc6f5e3 100644 | |||
17296 | 19873 | ||
17297 | DEFINE_PER_CPU_FIRST(union irq_stack_union, | 19874 | DEFINE_PER_CPU_FIRST(union irq_stack_union, |
17298 | irq_stack_union) __aligned(PAGE_SIZE); | 19875 | irq_stack_union) __aligned(PAGE_SIZE); |
17299 | @@ -1086,7 +1038,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = | 19876 | @@ -1086,7 +1093,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = |
17300 | EXPORT_PER_CPU_SYMBOL(current_task); | 19877 | EXPORT_PER_CPU_SYMBOL(current_task); |
17301 | 19878 | ||
17302 | DEFINE_PER_CPU(unsigned long, kernel_stack) = | 19879 | DEFINE_PER_CPU(unsigned long, kernel_stack) = |
@@ -17305,7 +19882,7 @@ index 22018f7..bc6f5e3 100644 | |||
17305 | EXPORT_PER_CPU_SYMBOL(kernel_stack); | 19882 | EXPORT_PER_CPU_SYMBOL(kernel_stack); |
17306 | 19883 | ||
17307 | DEFINE_PER_CPU(char *, irq_stack_ptr) = | 19884 | DEFINE_PER_CPU(char *, irq_stack_ptr) = |
17308 | @@ -1231,7 +1183,7 @@ void __cpuinit cpu_init(void) | 19885 | @@ -1231,7 +1238,7 @@ void __cpuinit cpu_init(void) |
17309 | load_ucode_ap(); | 19886 | load_ucode_ap(); |
17310 | 19887 | ||
17311 | cpu = stack_smp_processor_id(); | 19888 | cpu = stack_smp_processor_id(); |
@@ -17314,7 +19891,7 @@ index 22018f7..bc6f5e3 100644 | |||
17314 | oist = &per_cpu(orig_ist, cpu); | 19891 | oist = &per_cpu(orig_ist, cpu); |
17315 | 19892 | ||
17316 | #ifdef CONFIG_NUMA | 19893 | #ifdef CONFIG_NUMA |
17317 | @@ -1257,7 +1209,7 @@ void __cpuinit cpu_init(void) | 19894 | @@ -1257,7 +1264,7 @@ void __cpuinit cpu_init(void) |
17318 | switch_to_new_gdt(cpu); | 19895 | switch_to_new_gdt(cpu); |
17319 | loadsegment(fs, 0); | 19896 | loadsegment(fs, 0); |
17320 | 19897 | ||
@@ -17323,7 +19900,7 @@ index 22018f7..bc6f5e3 100644 | |||
17323 | 19900 | ||
17324 | memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); | 19901 | memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); |
17325 | syscall_init(); | 19902 | syscall_init(); |
17326 | @@ -1266,7 +1218,6 @@ void __cpuinit cpu_init(void) | 19903 | @@ -1266,7 +1273,6 @@ void __cpuinit cpu_init(void) |
17327 | wrmsrl(MSR_KERNEL_GS_BASE, 0); | 19904 | wrmsrl(MSR_KERNEL_GS_BASE, 0); |
17328 | barrier(); | 19905 | barrier(); |
17329 | 19906 | ||
@@ -17331,7 +19908,7 @@ index 22018f7..bc6f5e3 100644 | |||
17331 | enable_x2apic(); | 19908 | enable_x2apic(); |
17332 | 19909 | ||
17333 | /* | 19910 | /* |
17334 | @@ -1318,7 +1269,7 @@ void __cpuinit cpu_init(void) | 19911 | @@ -1318,7 +1324,7 @@ void __cpuinit cpu_init(void) |
17335 | { | 19912 | { |
17336 | int cpu = smp_processor_id(); | 19913 | int cpu = smp_processor_id(); |
17337 | struct task_struct *curr = current; | 19914 | struct task_struct *curr = current; |
@@ -17734,7 +20311,7 @@ index a9e2207..d70c83a 100644 | |||
17734 | 20311 | ||
17735 | intel_ds_init(); | 20312 | intel_ds_init(); |
17736 | diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c | 20313 | diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
17737 | index 52441a2..f94fae8 100644 | 20314 | index 8aac56b..588fb13 100644 |
17738 | --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c | 20315 | --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
17739 | +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c | 20316 | +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c |
17740 | @@ -3093,7 +3093,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) | 20317 | @@ -3093,7 +3093,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) |
@@ -18233,7 +20810,7 @@ index d15f575..d692043 100644 | |||
18233 | #include <asm/processor.h> | 20810 | #include <asm/processor.h> |
18234 | #include <asm/fcntl.h> | 20811 | #include <asm/fcntl.h> |
18235 | diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S | 20812 | diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S |
18236 | index 8f3e2de..caecc4e 100644 | 20813 | index 8f3e2de..6b71e39 100644 |
18237 | --- a/arch/x86/kernel/entry_32.S | 20814 | --- a/arch/x86/kernel/entry_32.S |
18238 | +++ b/arch/x86/kernel/entry_32.S | 20815 | +++ b/arch/x86/kernel/entry_32.S |
18239 | @@ -177,13 +177,153 @@ | 20816 | @@ -177,13 +177,153 @@ |
@@ -18743,6 +21320,15 @@ index 8f3e2de..caecc4e 100644 | |||
18743 | 21320 | ||
18744 | ENTRY(simd_coprocessor_error) | 21321 | ENTRY(simd_coprocessor_error) |
18745 | RING0_INT_FRAME | 21322 | RING0_INT_FRAME |
21323 | @@ -826,7 +1065,7 @@ ENTRY(simd_coprocessor_error) | ||
21324 | .section .altinstructions,"a" | ||
21325 | altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f | ||
21326 | .previous | ||
21327 | -.section .altinstr_replacement,"ax" | ||
21328 | +.section .altinstr_replacement,"a" | ||
21329 | 663: pushl $do_simd_coprocessor_error | ||
21330 | 664: | ||
21331 | .previous | ||
18746 | @@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) | 21332 | @@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) |
18747 | #endif | 21333 | #endif |
18748 | jmp error_code | 21334 | jmp error_code |
@@ -18993,7 +21579,7 @@ index 8f3e2de..caecc4e 100644 | |||
18993 | 21579 | ||
18994 | /* | 21580 | /* |
18995 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S | 21581 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
18996 | index 7272089..6204f9c5 100644 | 21582 | index 7272089..0b74104 100644 |
18997 | --- a/arch/x86/kernel/entry_64.S | 21583 | --- a/arch/x86/kernel/entry_64.S |
18998 | +++ b/arch/x86/kernel/entry_64.S | 21584 | +++ b/arch/x86/kernel/entry_64.S |
18999 | @@ -59,6 +59,8 @@ | 21585 | @@ -59,6 +59,8 @@ |
@@ -19080,7 +21666,7 @@ index 7272089..6204f9c5 100644 | |||
19080 | #endif | 21666 | #endif |
19081 | 21667 | ||
19082 | 21668 | ||
19083 | @@ -284,6 +293,309 @@ ENTRY(native_usergs_sysret64) | 21669 | @@ -284,6 +293,430 @@ ENTRY(native_usergs_sysret64) |
19084 | ENDPROC(native_usergs_sysret64) | 21670 | ENDPROC(native_usergs_sysret64) |
19085 | #endif /* CONFIG_PARAVIRT */ | 21671 | #endif /* CONFIG_PARAVIRT */ |
19086 | 21672 | ||
@@ -19100,18 +21686,19 @@ index 7272089..6204f9c5 100644 | |||
19100 | + | 21686 | + |
19101 | + .macro pax_enter_kernel | 21687 | + .macro pax_enter_kernel |
19102 | + pax_set_fptr_mask | 21688 | + pax_set_fptr_mask |
19103 | +#ifdef CONFIG_PAX_KERNEXEC | 21689 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
19104 | + call pax_enter_kernel | 21690 | + call pax_enter_kernel |
19105 | +#endif | 21691 | +#endif |
19106 | + .endm | 21692 | + .endm |
19107 | + | 21693 | + |
19108 | + .macro pax_exit_kernel | 21694 | + .macro pax_exit_kernel |
19109 | +#ifdef CONFIG_PAX_KERNEXEC | 21695 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
19110 | + call pax_exit_kernel | 21696 | + call pax_exit_kernel |
19111 | +#endif | 21697 | +#endif |
21698 | + | ||
19112 | + .endm | 21699 | + .endm |
19113 | + | 21700 | + |
19114 | +#ifdef CONFIG_PAX_KERNEXEC | 21701 | +#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) |
19115 | +ENTRY(pax_enter_kernel) | 21702 | +ENTRY(pax_enter_kernel) |
19116 | + pushq %rdi | 21703 | + pushq %rdi |
19117 | + | 21704 | + |
@@ -19119,6 +21706,7 @@ index 7272089..6204f9c5 100644 | |||
19119 | + PV_SAVE_REGS(CLBR_RDI) | 21706 | + PV_SAVE_REGS(CLBR_RDI) |
19120 | +#endif | 21707 | +#endif |
19121 | + | 21708 | + |
21709 | +#ifdef CONFIG_PAX_KERNEXEC | ||
19122 | + GET_CR0_INTO_RDI | 21710 | + GET_CR0_INTO_RDI |
19123 | + bts $16,%rdi | 21711 | + bts $16,%rdi |
19124 | + jnc 3f | 21712 | + jnc 3f |
@@ -19126,6 +21714,32 @@ index 7272089..6204f9c5 100644 | |||
19126 | + cmp $__KERNEL_CS,%edi | 21714 | + cmp $__KERNEL_CS,%edi |
19127 | + jnz 2f | 21715 | + jnz 2f |
19128 | +1: | 21716 | +1: |
21717 | +#endif | ||
21718 | + | ||
21719 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
21720 | + 661: jmp 111f | ||
21721 | + .pushsection .altinstr_replacement, "a" | ||
21722 | + 662: ASM_NOP2 | ||
21723 | + .popsection | ||
21724 | + .pushsection .altinstructions, "a" | ||
21725 | + altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 | ||
21726 | + .popsection | ||
21727 | + GET_CR3_INTO_RDI | ||
21728 | + cmp $0,%dil | ||
21729 | + jnz 112f | ||
21730 | + mov $__KERNEL_DS,%edi | ||
21731 | + mov %edi,%ss | ||
21732 | + jmp 111f | ||
21733 | +112: cmp $1,%dil | ||
21734 | + jz 113f | ||
21735 | + ud2 | ||
21736 | +113: sub $4097,%rdi | ||
21737 | + bts $63,%rdi | ||
21738 | + SET_RDI_INTO_CR3 | ||
21739 | + mov $__UDEREF_KERNEL_DS,%edi | ||
21740 | + mov %edi,%ss | ||
21741 | +111: | ||
21742 | +#endif | ||
19129 | + | 21743 | + |
19130 | +#ifdef CONFIG_PARAVIRT | 21744 | +#ifdef CONFIG_PARAVIRT |
19131 | + PV_RESTORE_REGS(CLBR_RDI) | 21745 | + PV_RESTORE_REGS(CLBR_RDI) |
@@ -19135,10 +21749,12 @@ index 7272089..6204f9c5 100644 | |||
19135 | + pax_force_retaddr | 21749 | + pax_force_retaddr |
19136 | + retq | 21750 | + retq |
19137 | + | 21751 | + |
21752 | +#ifdef CONFIG_PAX_KERNEXEC | ||
19138 | +2: ljmpq __KERNEL_CS,1b | 21753 | +2: ljmpq __KERNEL_CS,1b |
19139 | +3: ljmpq __KERNEXEC_KERNEL_CS,4f | 21754 | +3: ljmpq __KERNEXEC_KERNEL_CS,4f |
19140 | +4: SET_RDI_INTO_CR0 | 21755 | +4: SET_RDI_INTO_CR0 |
19141 | + jmp 1b | 21756 | + jmp 1b |
21757 | +#endif | ||
19142 | +ENDPROC(pax_enter_kernel) | 21758 | +ENDPROC(pax_enter_kernel) |
19143 | + | 21759 | + |
19144 | +ENTRY(pax_exit_kernel) | 21760 | +ENTRY(pax_exit_kernel) |
@@ -19148,6 +21764,7 @@ index 7272089..6204f9c5 100644 | |||
19148 | + PV_SAVE_REGS(CLBR_RDI) | 21764 | + PV_SAVE_REGS(CLBR_RDI) |
19149 | +#endif | 21765 | +#endif |
19150 | + | 21766 | + |
21767 | +#ifdef CONFIG_PAX_KERNEXEC | ||
19151 | + mov %cs,%rdi | 21768 | + mov %cs,%rdi |
19152 | + cmp $__KERNEXEC_KERNEL_CS,%edi | 21769 | + cmp $__KERNEXEC_KERNEL_CS,%edi |
19153 | + jz 2f | 21770 | + jz 2f |
@@ -19155,6 +21772,30 @@ index 7272089..6204f9c5 100644 | |||
19155 | + bts $16,%rdi | 21772 | + bts $16,%rdi |
19156 | + jnc 4f | 21773 | + jnc 4f |
19157 | +1: | 21774 | +1: |
21775 | +#endif | ||
21776 | + | ||
21777 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
21778 | + 661: jmp 111f | ||
21779 | + .pushsection .altinstr_replacement, "a" | ||
21780 | + 662: ASM_NOP2 | ||
21781 | + .popsection | ||
21782 | + .pushsection .altinstructions, "a" | ||
21783 | + altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 | ||
21784 | + .popsection | ||
21785 | + mov %ss,%edi | ||
21786 | + cmp $__UDEREF_KERNEL_DS,%edi | ||
21787 | + jnz 111f | ||
21788 | + GET_CR3_INTO_RDI | ||
21789 | + cmp $0,%dil | ||
21790 | + jz 112f | ||
21791 | + ud2 | ||
21792 | +112: add $4097,%rdi | ||
21793 | + bts $63,%rdi | ||
21794 | + SET_RDI_INTO_CR3 | ||
21795 | + mov $__KERNEL_DS,%edi | ||
21796 | + mov %edi,%ss | ||
21797 | +111: | ||
21798 | +#endif | ||
19158 | + | 21799 | + |
19159 | +#ifdef CONFIG_PARAVIRT | 21800 | +#ifdef CONFIG_PARAVIRT |
19160 | + PV_RESTORE_REGS(CLBR_RDI); | 21801 | + PV_RESTORE_REGS(CLBR_RDI); |
@@ -19164,6 +21805,7 @@ index 7272089..6204f9c5 100644 | |||
19164 | + pax_force_retaddr | 21805 | + pax_force_retaddr |
19165 | + retq | 21806 | + retq |
19166 | + | 21807 | + |
21808 | +#ifdef CONFIG_PAX_KERNEXEC | ||
19167 | +2: GET_CR0_INTO_RDI | 21809 | +2: GET_CR0_INTO_RDI |
19168 | + btr $16,%rdi | 21810 | + btr $16,%rdi |
19169 | + jnc 4f | 21811 | + jnc 4f |
@@ -19172,6 +21814,7 @@ index 7272089..6204f9c5 100644 | |||
19172 | + jmp 1b | 21814 | + jmp 1b |
19173 | +4: ud2 | 21815 | +4: ud2 |
19174 | + jmp 4b | 21816 | + jmp 4b |
21817 | +#endif | ||
19175 | +ENDPROC(pax_exit_kernel) | 21818 | +ENDPROC(pax_exit_kernel) |
19176 | +#endif | 21819 | +#endif |
19177 | + | 21820 | + |
@@ -19204,6 +21847,22 @@ index 7272089..6204f9c5 100644 | |||
19204 | + PV_SAVE_REGS(CLBR_RDI) | 21847 | + PV_SAVE_REGS(CLBR_RDI) |
19205 | +#endif | 21848 | +#endif |
19206 | + | 21849 | + |
21850 | + 661: jmp 111f | ||
21851 | + .pushsection .altinstr_replacement, "a" | ||
21852 | + 662: ASM_NOP2 | ||
21853 | + .popsection | ||
21854 | + .pushsection .altinstructions, "a" | ||
21855 | + altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 | ||
21856 | + .popsection | ||
21857 | + GET_CR3_INTO_RDI | ||
21858 | + cmp $1,%dil | ||
21859 | + jnz 4f | ||
21860 | + sub $4097,%rdi | ||
21861 | + bts $63,%rdi | ||
21862 | + SET_RDI_INTO_CR3 | ||
21863 | + jmp 3f | ||
21864 | +111: | ||
21865 | + | ||
19207 | + GET_CR3_INTO_RDI | 21866 | + GET_CR3_INTO_RDI |
19208 | + mov %rdi,%rbx | 21867 | + mov %rdi,%rbx |
19209 | + add $__START_KERNEL_map,%rbx | 21868 | + add $__START_KERNEL_map,%rbx |
@@ -19232,10 +21891,7 @@ index 7272089..6204f9c5 100644 | |||
19232 | + i = i + 1 | 21891 | + i = i + 1 |
19233 | + .endr | 21892 | + .endr |
19234 | + | 21893 | + |
19235 | +#ifdef CONFIG_PARAVIRT | 21894 | +2: SET_RDI_INTO_CR3 |
19236 | +2: | ||
19237 | +#endif | ||
19238 | + SET_RDI_INTO_CR3 | ||
19239 | + | 21895 | + |
19240 | +#ifdef CONFIG_PAX_KERNEXEC | 21896 | +#ifdef CONFIG_PAX_KERNEXEC |
19241 | + GET_CR0_INTO_RDI | 21897 | + GET_CR0_INTO_RDI |
@@ -19243,6 +21899,8 @@ index 7272089..6204f9c5 100644 | |||
19243 | + SET_RDI_INTO_CR0 | 21899 | + SET_RDI_INTO_CR0 |
19244 | +#endif | 21900 | +#endif |
19245 | + | 21901 | + |
21902 | +3: | ||
21903 | + | ||
19246 | +#ifdef CONFIG_PARAVIRT | 21904 | +#ifdef CONFIG_PARAVIRT |
19247 | + PV_RESTORE_REGS(CLBR_RDI) | 21905 | + PV_RESTORE_REGS(CLBR_RDI) |
19248 | +#endif | 21906 | +#endif |
@@ -19251,6 +21909,7 @@ index 7272089..6204f9c5 100644 | |||
19251 | + popq %rdi | 21909 | + popq %rdi |
19252 | + pax_force_retaddr | 21910 | + pax_force_retaddr |
19253 | + retq | 21911 | + retq |
21912 | +4: ud2 | ||
19254 | +ENDPROC(pax_enter_kernel_user) | 21913 | +ENDPROC(pax_enter_kernel_user) |
19255 | + | 21914 | + |
19256 | +ENTRY(pax_exit_kernel_user) | 21915 | +ENTRY(pax_exit_kernel_user) |
@@ -19261,6 +21920,24 @@ index 7272089..6204f9c5 100644 | |||
19261 | + PV_SAVE_REGS(CLBR_RDI) | 21920 | + PV_SAVE_REGS(CLBR_RDI) |
19262 | +#endif | 21921 | +#endif |
19263 | + | 21922 | + |
21923 | + GET_CR3_INTO_RDI | ||
21924 | + 661: jmp 1f | ||
21925 | + .pushsection .altinstr_replacement, "a" | ||
21926 | + 662: ASM_NOP2 | ||
21927 | + .popsection | ||
21928 | + .pushsection .altinstructions, "a" | ||
21929 | + altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 | ||
21930 | + .popsection | ||
21931 | + cmp $0,%dil | ||
21932 | + jnz 3f | ||
21933 | + add $4097,%rdi | ||
21934 | + bts $63,%rdi | ||
21935 | + SET_RDI_INTO_CR3 | ||
21936 | + jmp 2f | ||
21937 | +1: | ||
21938 | + | ||
21939 | + mov %rdi,%rbx | ||
21940 | + | ||
19264 | +#ifdef CONFIG_PAX_KERNEXEC | 21941 | +#ifdef CONFIG_PAX_KERNEXEC |
19265 | + GET_CR0_INTO_RDI | 21942 | + GET_CR0_INTO_RDI |
19266 | + btr $16,%rdi | 21943 | + btr $16,%rdi |
@@ -19268,8 +21945,6 @@ index 7272089..6204f9c5 100644 | |||
19268 | + SET_RDI_INTO_CR0 | 21945 | + SET_RDI_INTO_CR0 |
19269 | +#endif | 21946 | +#endif |
19270 | + | 21947 | + |
19271 | + GET_CR3_INTO_RDI | ||
19272 | + mov %rdi,%rbx | ||
19273 | + add $__START_KERNEL_map,%rbx | 21948 | + add $__START_KERNEL_map,%rbx |
19274 | + sub phys_base(%rip),%rbx | 21949 | + sub phys_base(%rip),%rbx |
19275 | + | 21950 | + |
@@ -19293,9 +21968,10 @@ index 7272089..6204f9c5 100644 | |||
19293 | + movb $0x67,i*8(%rbx) | 21968 | + movb $0x67,i*8(%rbx) |
19294 | + i = i + 1 | 21969 | + i = i + 1 |
19295 | + .endr | 21970 | + .endr |
21971 | +2: | ||
19296 | + | 21972 | + |
19297 | +#ifdef CONFIG_PARAVIRT | 21973 | +#ifdef CONFIG_PARAVIRT |
19298 | +2: PV_RESTORE_REGS(CLBR_RDI) | 21974 | + PV_RESTORE_REGS(CLBR_RDI) |
19299 | +#endif | 21975 | +#endif |
19300 | + | 21976 | + |
19301 | + popq %rbx | 21977 | + popq %rbx |
@@ -19303,7 +21979,6 @@ index 7272089..6204f9c5 100644 | |||
19303 | + pax_force_retaddr | 21979 | + pax_force_retaddr |
19304 | + retq | 21980 | + retq |
19305 | +3: ud2 | 21981 | +3: ud2 |
19306 | + jmp 3b | ||
19307 | +ENDPROC(pax_exit_kernel_user) | 21982 | +ENDPROC(pax_exit_kernel_user) |
19308 | +#endif | 21983 | +#endif |
19309 | + | 21984 | + |
@@ -19318,6 +21993,26 @@ index 7272089..6204f9c5 100644 | |||
19318 | + or $2,%ebx | 21993 | + or $2,%ebx |
19319 | +110: | 21994 | +110: |
19320 | +#endif | 21995 | +#endif |
21996 | + | ||
21997 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
21998 | + 661: jmp 111f | ||
21999 | + .pushsection .altinstr_replacement, "a" | ||
22000 | + 662: ASM_NOP2 | ||
22001 | + .popsection | ||
22002 | + .pushsection .altinstructions, "a" | ||
22003 | + altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2 | ||
22004 | + .popsection | ||
22005 | + GET_CR3_INTO_RDI | ||
22006 | + cmp $0,%dil | ||
22007 | + jz 111f | ||
22008 | + sub $4097,%rdi | ||
22009 | + or $4,%ebx | ||
22010 | + bts $63,%rdi | ||
22011 | + SET_RDI_INTO_CR3 | ||
22012 | + mov $__UDEREF_KERNEL_DS,%edi | ||
22013 | + mov %edi,%ss | ||
22014 | +111: | ||
22015 | +#endif | ||
19321 | + .endm | 22016 | + .endm |
19322 | + | 22017 | + |
19323 | + .macro pax_exit_kernel_nmi | 22018 | + .macro pax_exit_kernel_nmi |
@@ -19329,6 +22024,18 @@ index 7272089..6204f9c5 100644 | |||
19329 | + SET_RDI_INTO_CR0 | 22024 | + SET_RDI_INTO_CR0 |
19330 | +110: | 22025 | +110: |
19331 | +#endif | 22026 | +#endif |
22027 | + | ||
22028 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
22029 | + btr $2,%ebx | ||
22030 | + jnc 111f | ||
22031 | + GET_CR3_INTO_RDI | ||
22032 | + add $4097,%rdi | ||
22033 | + bts $63,%rdi | ||
22034 | + SET_RDI_INTO_CR3 | ||
22035 | + mov $__KERNEL_DS,%edi | ||
22036 | + mov %edi,%ss | ||
22037 | +111: | ||
22038 | +#endif | ||
19332 | + .endm | 22039 | + .endm |
19333 | + | 22040 | + |
19334 | + .macro pax_erase_kstack | 22041 | + .macro pax_erase_kstack |
@@ -19390,7 +22097,7 @@ index 7272089..6204f9c5 100644 | |||
19390 | 22097 | ||
19391 | .macro TRACE_IRQS_IRETQ offset=ARGOFFSET | 22098 | .macro TRACE_IRQS_IRETQ offset=ARGOFFSET |
19392 | #ifdef CONFIG_TRACE_IRQFLAGS | 22099 | #ifdef CONFIG_TRACE_IRQFLAGS |
19393 | @@ -375,8 +687,8 @@ ENDPROC(native_usergs_sysret64) | 22100 | @@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64) |
19394 | .endm | 22101 | .endm |
19395 | 22102 | ||
19396 | .macro UNFAKE_STACK_FRAME | 22103 | .macro UNFAKE_STACK_FRAME |
@@ -19401,7 +22108,7 @@ index 7272089..6204f9c5 100644 | |||
19401 | .endm | 22108 | .endm |
19402 | 22109 | ||
19403 | /* | 22110 | /* |
19404 | @@ -463,7 +775,7 @@ ENDPROC(native_usergs_sysret64) | 22111 | @@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64) |
19405 | movq %rsp, %rsi | 22112 | movq %rsp, %rsi |
19406 | 22113 | ||
19407 | leaq -RBP(%rsp),%rdi /* arg1 for handler */ | 22114 | leaq -RBP(%rsp),%rdi /* arg1 for handler */ |
@@ -19410,7 +22117,7 @@ index 7272089..6204f9c5 100644 | |||
19410 | je 1f | 22117 | je 1f |
19411 | SWAPGS | 22118 | SWAPGS |
19412 | /* | 22119 | /* |
19413 | @@ -498,9 +810,10 @@ ENTRY(save_rest) | 22120 | @@ -498,9 +931,10 @@ ENTRY(save_rest) |
19414 | movq_cfi r15, R15+16 | 22121 | movq_cfi r15, R15+16 |
19415 | movq %r11, 8(%rsp) /* return address */ | 22122 | movq %r11, 8(%rsp) /* return address */ |
19416 | FIXUP_TOP_OF_STACK %r11, 16 | 22123 | FIXUP_TOP_OF_STACK %r11, 16 |
@@ -19422,7 +22129,7 @@ index 7272089..6204f9c5 100644 | |||
19422 | 22129 | ||
19423 | /* save complete stack frame */ | 22130 | /* save complete stack frame */ |
19424 | .pushsection .kprobes.text, "ax" | 22131 | .pushsection .kprobes.text, "ax" |
19425 | @@ -529,9 +842,10 @@ ENTRY(save_paranoid) | 22132 | @@ -529,9 +963,10 @@ ENTRY(save_paranoid) |
19426 | js 1f /* negative -> in kernel */ | 22133 | js 1f /* negative -> in kernel */ |
19427 | SWAPGS | 22134 | SWAPGS |
19428 | xorl %ebx,%ebx | 22135 | xorl %ebx,%ebx |
@@ -19435,7 +22142,7 @@ index 7272089..6204f9c5 100644 | |||
19435 | .popsection | 22142 | .popsection |
19436 | 22143 | ||
19437 | /* | 22144 | /* |
19438 | @@ -553,7 +867,7 @@ ENTRY(ret_from_fork) | 22145 | @@ -553,7 +988,7 @@ ENTRY(ret_from_fork) |
19439 | 22146 | ||
19440 | RESTORE_REST | 22147 | RESTORE_REST |
19441 | 22148 | ||
@@ -19444,7 +22151,7 @@ index 7272089..6204f9c5 100644 | |||
19444 | jz 1f | 22151 | jz 1f |
19445 | 22152 | ||
19446 | testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET | 22153 | testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET |
19447 | @@ -571,7 +885,7 @@ ENTRY(ret_from_fork) | 22154 | @@ -571,7 +1006,7 @@ ENTRY(ret_from_fork) |
19448 | RESTORE_REST | 22155 | RESTORE_REST |
19449 | jmp int_ret_from_sys_call | 22156 | jmp int_ret_from_sys_call |
19450 | CFI_ENDPROC | 22157 | CFI_ENDPROC |
@@ -19453,7 +22160,7 @@ index 7272089..6204f9c5 100644 | |||
19453 | 22160 | ||
19454 | /* | 22161 | /* |
19455 | * System call entry. Up to 6 arguments in registers are supported. | 22162 | * System call entry. Up to 6 arguments in registers are supported. |
19456 | @@ -608,7 +922,7 @@ END(ret_from_fork) | 22163 | @@ -608,7 +1043,7 @@ END(ret_from_fork) |
19457 | ENTRY(system_call) | 22164 | ENTRY(system_call) |
19458 | CFI_STARTPROC simple | 22165 | CFI_STARTPROC simple |
19459 | CFI_SIGNAL_FRAME | 22166 | CFI_SIGNAL_FRAME |
@@ -19462,7 +22169,7 @@ index 7272089..6204f9c5 100644 | |||
19462 | CFI_REGISTER rip,rcx | 22169 | CFI_REGISTER rip,rcx |
19463 | /*CFI_REGISTER rflags,r11*/ | 22170 | /*CFI_REGISTER rflags,r11*/ |
19464 | SWAPGS_UNSAFE_STACK | 22171 | SWAPGS_UNSAFE_STACK |
19465 | @@ -621,16 +935,23 @@ GLOBAL(system_call_after_swapgs) | 22172 | @@ -621,16 +1056,23 @@ GLOBAL(system_call_after_swapgs) |
19466 | 22173 | ||
19467 | movq %rsp,PER_CPU_VAR(old_rsp) | 22174 | movq %rsp,PER_CPU_VAR(old_rsp) |
19468 | movq PER_CPU_VAR(kernel_stack),%rsp | 22175 | movq PER_CPU_VAR(kernel_stack),%rsp |
@@ -19488,7 +22195,7 @@ index 7272089..6204f9c5 100644 | |||
19488 | jnz tracesys | 22195 | jnz tracesys |
19489 | system_call_fastpath: | 22196 | system_call_fastpath: |
19490 | #if __SYSCALL_MASK == ~0 | 22197 | #if __SYSCALL_MASK == ~0 |
19491 | @@ -640,7 +961,7 @@ system_call_fastpath: | 22198 | @@ -640,7 +1082,7 @@ system_call_fastpath: |
19492 | cmpl $__NR_syscall_max,%eax | 22199 | cmpl $__NR_syscall_max,%eax |
19493 | #endif | 22200 | #endif |
19494 | ja badsys | 22201 | ja badsys |
@@ -19497,7 +22204,7 @@ index 7272089..6204f9c5 100644 | |||
19497 | call *sys_call_table(,%rax,8) # XXX: rip relative | 22204 | call *sys_call_table(,%rax,8) # XXX: rip relative |
19498 | movq %rax,RAX-ARGOFFSET(%rsp) | 22205 | movq %rax,RAX-ARGOFFSET(%rsp) |
19499 | /* | 22206 | /* |
19500 | @@ -654,10 +975,13 @@ sysret_check: | 22207 | @@ -654,10 +1096,13 @@ sysret_check: |
19501 | LOCKDEP_SYS_EXIT | 22208 | LOCKDEP_SYS_EXIT |
19502 | DISABLE_INTERRUPTS(CLBR_NONE) | 22209 | DISABLE_INTERRUPTS(CLBR_NONE) |
19503 | TRACE_IRQS_OFF | 22210 | TRACE_IRQS_OFF |
@@ -19512,7 +22219,7 @@ index 7272089..6204f9c5 100644 | |||
19512 | /* | 22219 | /* |
19513 | * sysretq will re-enable interrupts: | 22220 | * sysretq will re-enable interrupts: |
19514 | */ | 22221 | */ |
19515 | @@ -709,14 +1033,18 @@ badsys: | 22222 | @@ -709,14 +1154,18 @@ badsys: |
19516 | * jump back to the normal fast path. | 22223 | * jump back to the normal fast path. |
19517 | */ | 22224 | */ |
19518 | auditsys: | 22225 | auditsys: |
@@ -19532,7 +22239,7 @@ index 7272089..6204f9c5 100644 | |||
19532 | jmp system_call_fastpath | 22239 | jmp system_call_fastpath |
19533 | 22240 | ||
19534 | /* | 22241 | /* |
19535 | @@ -737,7 +1065,7 @@ sysret_audit: | 22242 | @@ -737,7 +1186,7 @@ sysret_audit: |
19536 | /* Do syscall tracing */ | 22243 | /* Do syscall tracing */ |
19537 | tracesys: | 22244 | tracesys: |
19538 | #ifdef CONFIG_AUDITSYSCALL | 22245 | #ifdef CONFIG_AUDITSYSCALL |
@@ -19541,7 +22248,7 @@ index 7272089..6204f9c5 100644 | |||
19541 | jz auditsys | 22248 | jz auditsys |
19542 | #endif | 22249 | #endif |
19543 | SAVE_REST | 22250 | SAVE_REST |
19544 | @@ -745,12 +1073,16 @@ tracesys: | 22251 | @@ -745,12 +1194,16 @@ tracesys: |
19545 | FIXUP_TOP_OF_STACK %rdi | 22252 | FIXUP_TOP_OF_STACK %rdi |
19546 | movq %rsp,%rdi | 22253 | movq %rsp,%rdi |
19547 | call syscall_trace_enter | 22254 | call syscall_trace_enter |
@@ -19558,7 +22265,7 @@ index 7272089..6204f9c5 100644 | |||
19558 | RESTORE_REST | 22265 | RESTORE_REST |
19559 | #if __SYSCALL_MASK == ~0 | 22266 | #if __SYSCALL_MASK == ~0 |
19560 | cmpq $__NR_syscall_max,%rax | 22267 | cmpq $__NR_syscall_max,%rax |
19561 | @@ -759,7 +1091,7 @@ tracesys: | 22268 | @@ -759,7 +1212,7 @@ tracesys: |
19562 | cmpl $__NR_syscall_max,%eax | 22269 | cmpl $__NR_syscall_max,%eax |
19563 | #endif | 22270 | #endif |
19564 | ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ | 22271 | ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ |
@@ -19567,7 +22274,7 @@ index 7272089..6204f9c5 100644 | |||
19567 | call *sys_call_table(,%rax,8) | 22274 | call *sys_call_table(,%rax,8) |
19568 | movq %rax,RAX-ARGOFFSET(%rsp) | 22275 | movq %rax,RAX-ARGOFFSET(%rsp) |
19569 | /* Use IRET because user could have changed frame */ | 22276 | /* Use IRET because user could have changed frame */ |
19570 | @@ -780,7 +1112,9 @@ GLOBAL(int_with_check) | 22277 | @@ -780,7 +1233,9 @@ GLOBAL(int_with_check) |
19571 | andl %edi,%edx | 22278 | andl %edi,%edx |
19572 | jnz int_careful | 22279 | jnz int_careful |
19573 | andl $~TS_COMPAT,TI_status(%rcx) | 22280 | andl $~TS_COMPAT,TI_status(%rcx) |
@@ -19578,7 +22285,7 @@ index 7272089..6204f9c5 100644 | |||
19578 | 22285 | ||
19579 | /* Either reschedule or signal or syscall exit tracking needed. */ | 22286 | /* Either reschedule or signal or syscall exit tracking needed. */ |
19580 | /* First do a reschedule test. */ | 22287 | /* First do a reschedule test. */ |
19581 | @@ -826,7 +1160,7 @@ int_restore_rest: | 22288 | @@ -826,7 +1281,7 @@ int_restore_rest: |
19582 | TRACE_IRQS_OFF | 22289 | TRACE_IRQS_OFF |
19583 | jmp int_with_check | 22290 | jmp int_with_check |
19584 | CFI_ENDPROC | 22291 | CFI_ENDPROC |
@@ -19587,7 +22294,7 @@ index 7272089..6204f9c5 100644 | |||
19587 | 22294 | ||
19588 | .macro FORK_LIKE func | 22295 | .macro FORK_LIKE func |
19589 | ENTRY(stub_\func) | 22296 | ENTRY(stub_\func) |
19590 | @@ -839,9 +1173,10 @@ ENTRY(stub_\func) | 22297 | @@ -839,9 +1294,10 @@ ENTRY(stub_\func) |
19591 | DEFAULT_FRAME 0 8 /* offset 8: return address */ | 22298 | DEFAULT_FRAME 0 8 /* offset 8: return address */ |
19592 | call sys_\func | 22299 | call sys_\func |
19593 | RESTORE_TOP_OF_STACK %r11, 8 | 22300 | RESTORE_TOP_OF_STACK %r11, 8 |
@@ -19599,7 +22306,7 @@ index 7272089..6204f9c5 100644 | |||
19599 | .endm | 22306 | .endm |
19600 | 22307 | ||
19601 | .macro FIXED_FRAME label,func | 22308 | .macro FIXED_FRAME label,func |
19602 | @@ -851,9 +1186,10 @@ ENTRY(\label) | 22309 | @@ -851,9 +1307,10 @@ ENTRY(\label) |
19603 | FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET | 22310 | FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET |
19604 | call \func | 22311 | call \func |
19605 | RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET | 22312 | RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET |
@@ -19611,7 +22318,7 @@ index 7272089..6204f9c5 100644 | |||
19611 | .endm | 22318 | .endm |
19612 | 22319 | ||
19613 | FORK_LIKE clone | 22320 | FORK_LIKE clone |
19614 | @@ -870,9 +1206,10 @@ ENTRY(ptregscall_common) | 22321 | @@ -870,9 +1327,10 @@ ENTRY(ptregscall_common) |
19615 | movq_cfi_restore R12+8, r12 | 22322 | movq_cfi_restore R12+8, r12 |
19616 | movq_cfi_restore RBP+8, rbp | 22323 | movq_cfi_restore RBP+8, rbp |
19617 | movq_cfi_restore RBX+8, rbx | 22324 | movq_cfi_restore RBX+8, rbx |
@@ -19623,7 +22330,7 @@ index 7272089..6204f9c5 100644 | |||
19623 | 22330 | ||
19624 | ENTRY(stub_execve) | 22331 | ENTRY(stub_execve) |
19625 | CFI_STARTPROC | 22332 | CFI_STARTPROC |
19626 | @@ -885,7 +1222,7 @@ ENTRY(stub_execve) | 22333 | @@ -885,7 +1343,7 @@ ENTRY(stub_execve) |
19627 | RESTORE_REST | 22334 | RESTORE_REST |
19628 | jmp int_ret_from_sys_call | 22335 | jmp int_ret_from_sys_call |
19629 | CFI_ENDPROC | 22336 | CFI_ENDPROC |
@@ -19632,7 +22339,7 @@ index 7272089..6204f9c5 100644 | |||
19632 | 22339 | ||
19633 | /* | 22340 | /* |
19634 | * sigreturn is special because it needs to restore all registers on return. | 22341 | * sigreturn is special because it needs to restore all registers on return. |
19635 | @@ -902,7 +1239,7 @@ ENTRY(stub_rt_sigreturn) | 22342 | @@ -902,7 +1360,7 @@ ENTRY(stub_rt_sigreturn) |
19636 | RESTORE_REST | 22343 | RESTORE_REST |
19637 | jmp int_ret_from_sys_call | 22344 | jmp int_ret_from_sys_call |
19638 | CFI_ENDPROC | 22345 | CFI_ENDPROC |
@@ -19641,7 +22348,7 @@ index 7272089..6204f9c5 100644 | |||
19641 | 22348 | ||
19642 | #ifdef CONFIG_X86_X32_ABI | 22349 | #ifdef CONFIG_X86_X32_ABI |
19643 | ENTRY(stub_x32_rt_sigreturn) | 22350 | ENTRY(stub_x32_rt_sigreturn) |
19644 | @@ -916,7 +1253,7 @@ ENTRY(stub_x32_rt_sigreturn) | 22351 | @@ -916,7 +1374,7 @@ ENTRY(stub_x32_rt_sigreturn) |
19645 | RESTORE_REST | 22352 | RESTORE_REST |
19646 | jmp int_ret_from_sys_call | 22353 | jmp int_ret_from_sys_call |
19647 | CFI_ENDPROC | 22354 | CFI_ENDPROC |
@@ -19650,7 +22357,7 @@ index 7272089..6204f9c5 100644 | |||
19650 | 22357 | ||
19651 | ENTRY(stub_x32_execve) | 22358 | ENTRY(stub_x32_execve) |
19652 | CFI_STARTPROC | 22359 | CFI_STARTPROC |
19653 | @@ -930,7 +1267,7 @@ ENTRY(stub_x32_execve) | 22360 | @@ -930,7 +1388,7 @@ ENTRY(stub_x32_execve) |
19654 | RESTORE_REST | 22361 | RESTORE_REST |
19655 | jmp int_ret_from_sys_call | 22362 | jmp int_ret_from_sys_call |
19656 | CFI_ENDPROC | 22363 | CFI_ENDPROC |
@@ -19659,7 +22366,7 @@ index 7272089..6204f9c5 100644 | |||
19659 | 22366 | ||
19660 | #endif | 22367 | #endif |
19661 | 22368 | ||
19662 | @@ -967,7 +1304,7 @@ vector=vector+1 | 22369 | @@ -967,7 +1425,7 @@ vector=vector+1 |
19663 | 2: jmp common_interrupt | 22370 | 2: jmp common_interrupt |
19664 | .endr | 22371 | .endr |
19665 | CFI_ENDPROC | 22372 | CFI_ENDPROC |
@@ -19668,7 +22375,7 @@ index 7272089..6204f9c5 100644 | |||
19668 | 22375 | ||
19669 | .previous | 22376 | .previous |
19670 | END(interrupt) | 22377 | END(interrupt) |
19671 | @@ -987,6 +1324,16 @@ END(interrupt) | 22378 | @@ -987,6 +1445,16 @@ END(interrupt) |
19672 | subq $ORIG_RAX-RBP, %rsp | 22379 | subq $ORIG_RAX-RBP, %rsp |
19673 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP | 22380 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP |
19674 | SAVE_ARGS_IRQ | 22381 | SAVE_ARGS_IRQ |
@@ -19685,7 +22392,7 @@ index 7272089..6204f9c5 100644 | |||
19685 | call \func | 22392 | call \func |
19686 | .endm | 22393 | .endm |
19687 | 22394 | ||
19688 | @@ -1019,7 +1366,7 @@ ret_from_intr: | 22395 | @@ -1019,7 +1487,7 @@ ret_from_intr: |
19689 | 22396 | ||
19690 | exit_intr: | 22397 | exit_intr: |
19691 | GET_THREAD_INFO(%rcx) | 22398 | GET_THREAD_INFO(%rcx) |
@@ -19694,7 +22401,7 @@ index 7272089..6204f9c5 100644 | |||
19694 | je retint_kernel | 22401 | je retint_kernel |
19695 | 22402 | ||
19696 | /* Interrupt came from user space */ | 22403 | /* Interrupt came from user space */ |
19697 | @@ -1041,12 +1388,16 @@ retint_swapgs: /* return to user-space */ | 22404 | @@ -1041,12 +1509,16 @@ retint_swapgs: /* return to user-space */ |
19698 | * The iretq could re-enable interrupts: | 22405 | * The iretq could re-enable interrupts: |
19699 | */ | 22406 | */ |
19700 | DISABLE_INTERRUPTS(CLBR_ANY) | 22407 | DISABLE_INTERRUPTS(CLBR_ANY) |
@@ -19711,7 +22418,7 @@ index 7272089..6204f9c5 100644 | |||
19711 | /* | 22418 | /* |
19712 | * The iretq could re-enable interrupts: | 22419 | * The iretq could re-enable interrupts: |
19713 | */ | 22420 | */ |
19714 | @@ -1129,7 +1480,7 @@ ENTRY(retint_kernel) | 22421 | @@ -1129,7 +1601,7 @@ ENTRY(retint_kernel) |
19715 | #endif | 22422 | #endif |
19716 | 22423 | ||
19717 | CFI_ENDPROC | 22424 | CFI_ENDPROC |
@@ -19720,7 +22427,7 @@ index 7272089..6204f9c5 100644 | |||
19720 | /* | 22427 | /* |
19721 | * End of kprobes section | 22428 | * End of kprobes section |
19722 | */ | 22429 | */ |
19723 | @@ -1147,7 +1498,7 @@ ENTRY(\sym) | 22430 | @@ -1147,7 +1619,7 @@ ENTRY(\sym) |
19724 | interrupt \do_sym | 22431 | interrupt \do_sym |
19725 | jmp ret_from_intr | 22432 | jmp ret_from_intr |
19726 | CFI_ENDPROC | 22433 | CFI_ENDPROC |
@@ -19729,7 +22436,7 @@ index 7272089..6204f9c5 100644 | |||
19729 | .endm | 22436 | .endm |
19730 | 22437 | ||
19731 | #ifdef CONFIG_SMP | 22438 | #ifdef CONFIG_SMP |
19732 | @@ -1208,12 +1559,22 @@ ENTRY(\sym) | 22439 | @@ -1208,12 +1680,22 @@ ENTRY(\sym) |
19733 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 22440 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19734 | call error_entry | 22441 | call error_entry |
19735 | DEFAULT_FRAME 0 | 22442 | DEFAULT_FRAME 0 |
@@ -19753,7 +22460,7 @@ index 7272089..6204f9c5 100644 | |||
19753 | .endm | 22460 | .endm |
19754 | 22461 | ||
19755 | .macro paranoidzeroentry sym do_sym | 22462 | .macro paranoidzeroentry sym do_sym |
19756 | @@ -1226,15 +1587,25 @@ ENTRY(\sym) | 22463 | @@ -1226,15 +1708,25 @@ ENTRY(\sym) |
19757 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 22464 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19758 | call save_paranoid | 22465 | call save_paranoid |
19759 | TRACE_IRQS_OFF | 22466 | TRACE_IRQS_OFF |
@@ -19781,7 +22488,7 @@ index 7272089..6204f9c5 100644 | |||
19781 | .macro paranoidzeroentry_ist sym do_sym ist | 22488 | .macro paranoidzeroentry_ist sym do_sym ist |
19782 | ENTRY(\sym) | 22489 | ENTRY(\sym) |
19783 | INTR_FRAME | 22490 | INTR_FRAME |
19784 | @@ -1245,14 +1616,30 @@ ENTRY(\sym) | 22491 | @@ -1245,14 +1737,30 @@ ENTRY(\sym) |
19785 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 22492 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19786 | call save_paranoid | 22493 | call save_paranoid |
19787 | TRACE_IRQS_OFF_DEBUG | 22494 | TRACE_IRQS_OFF_DEBUG |
@@ -19813,7 +22520,7 @@ index 7272089..6204f9c5 100644 | |||
19813 | .endm | 22520 | .endm |
19814 | 22521 | ||
19815 | .macro errorentry sym do_sym | 22522 | .macro errorentry sym do_sym |
19816 | @@ -1264,13 +1651,23 @@ ENTRY(\sym) | 22523 | @@ -1264,13 +1772,23 @@ ENTRY(\sym) |
19817 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 | 22524 | CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 |
19818 | call error_entry | 22525 | call error_entry |
19819 | DEFAULT_FRAME 0 | 22526 | DEFAULT_FRAME 0 |
@@ -19838,7 +22545,7 @@ index 7272089..6204f9c5 100644 | |||
19838 | .endm | 22545 | .endm |
19839 | 22546 | ||
19840 | /* error code is on the stack already */ | 22547 | /* error code is on the stack already */ |
19841 | @@ -1284,13 +1681,23 @@ ENTRY(\sym) | 22548 | @@ -1284,13 +1802,23 @@ ENTRY(\sym) |
19842 | call save_paranoid | 22549 | call save_paranoid |
19843 | DEFAULT_FRAME 0 | 22550 | DEFAULT_FRAME 0 |
19844 | TRACE_IRQS_OFF | 22551 | TRACE_IRQS_OFF |
@@ -19863,7 +22570,7 @@ index 7272089..6204f9c5 100644 | |||
19863 | .endm | 22570 | .endm |
19864 | 22571 | ||
19865 | zeroentry divide_error do_divide_error | 22572 | zeroentry divide_error do_divide_error |
19866 | @@ -1320,9 +1727,10 @@ gs_change: | 22573 | @@ -1320,9 +1848,10 @@ gs_change: |
19867 | 2: mfence /* workaround */ | 22574 | 2: mfence /* workaround */ |
19868 | SWAPGS | 22575 | SWAPGS |
19869 | popfq_cfi | 22576 | popfq_cfi |
@@ -19875,7 +22582,7 @@ index 7272089..6204f9c5 100644 | |||
19875 | 22582 | ||
19876 | _ASM_EXTABLE(gs_change,bad_gs) | 22583 | _ASM_EXTABLE(gs_change,bad_gs) |
19877 | .section .fixup,"ax" | 22584 | .section .fixup,"ax" |
19878 | @@ -1350,9 +1758,10 @@ ENTRY(call_softirq) | 22585 | @@ -1350,9 +1879,10 @@ ENTRY(call_softirq) |
19879 | CFI_DEF_CFA_REGISTER rsp | 22586 | CFI_DEF_CFA_REGISTER rsp |
19880 | CFI_ADJUST_CFA_OFFSET -8 | 22587 | CFI_ADJUST_CFA_OFFSET -8 |
19881 | decl PER_CPU_VAR(irq_count) | 22588 | decl PER_CPU_VAR(irq_count) |
@@ -19887,7 +22594,7 @@ index 7272089..6204f9c5 100644 | |||
19887 | 22594 | ||
19888 | #ifdef CONFIG_XEN | 22595 | #ifdef CONFIG_XEN |
19889 | zeroentry xen_hypervisor_callback xen_do_hypervisor_callback | 22596 | zeroentry xen_hypervisor_callback xen_do_hypervisor_callback |
19890 | @@ -1390,7 +1799,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) | 22597 | @@ -1390,7 +1920,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) |
19891 | decl PER_CPU_VAR(irq_count) | 22598 | decl PER_CPU_VAR(irq_count) |
19892 | jmp error_exit | 22599 | jmp error_exit |
19893 | CFI_ENDPROC | 22600 | CFI_ENDPROC |
@@ -19896,7 +22603,7 @@ index 7272089..6204f9c5 100644 | |||
19896 | 22603 | ||
19897 | /* | 22604 | /* |
19898 | * Hypervisor uses this for application faults while it executes. | 22605 | * Hypervisor uses this for application faults while it executes. |
19899 | @@ -1449,7 +1858,7 @@ ENTRY(xen_failsafe_callback) | 22606 | @@ -1449,7 +1979,7 @@ ENTRY(xen_failsafe_callback) |
19900 | SAVE_ALL | 22607 | SAVE_ALL |
19901 | jmp error_exit | 22608 | jmp error_exit |
19902 | CFI_ENDPROC | 22609 | CFI_ENDPROC |
@@ -19905,7 +22612,7 @@ index 7272089..6204f9c5 100644 | |||
19905 | 22612 | ||
19906 | apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ | 22613 | apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ |
19907 | xen_hvm_callback_vector xen_evtchn_do_upcall | 22614 | xen_hvm_callback_vector xen_evtchn_do_upcall |
19908 | @@ -1501,18 +1910,33 @@ ENTRY(paranoid_exit) | 22615 | @@ -1501,18 +2031,33 @@ ENTRY(paranoid_exit) |
19909 | DEFAULT_FRAME | 22616 | DEFAULT_FRAME |
19910 | DISABLE_INTERRUPTS(CLBR_NONE) | 22617 | DISABLE_INTERRUPTS(CLBR_NONE) |
19911 | TRACE_IRQS_OFF_DEBUG | 22618 | TRACE_IRQS_OFF_DEBUG |
@@ -19941,7 +22648,7 @@ index 7272089..6204f9c5 100644 | |||
19941 | jmp irq_return | 22648 | jmp irq_return |
19942 | paranoid_userspace: | 22649 | paranoid_userspace: |
19943 | GET_THREAD_INFO(%rcx) | 22650 | GET_THREAD_INFO(%rcx) |
19944 | @@ -1541,7 +1965,7 @@ paranoid_schedule: | 22651 | @@ -1541,7 +2086,7 @@ paranoid_schedule: |
19945 | TRACE_IRQS_OFF | 22652 | TRACE_IRQS_OFF |
19946 | jmp paranoid_userspace | 22653 | jmp paranoid_userspace |
19947 | CFI_ENDPROC | 22654 | CFI_ENDPROC |
@@ -19950,7 +22657,7 @@ index 7272089..6204f9c5 100644 | |||
19950 | 22657 | ||
19951 | /* | 22658 | /* |
19952 | * Exception entry point. This expects an error code/orig_rax on the stack. | 22659 | * Exception entry point. This expects an error code/orig_rax on the stack. |
19953 | @@ -1568,12 +1992,13 @@ ENTRY(error_entry) | 22660 | @@ -1568,12 +2113,13 @@ ENTRY(error_entry) |
19954 | movq_cfi r14, R14+8 | 22661 | movq_cfi r14, R14+8 |
19955 | movq_cfi r15, R15+8 | 22662 | movq_cfi r15, R15+8 |
19956 | xorl %ebx,%ebx | 22663 | xorl %ebx,%ebx |
@@ -19965,7 +22672,7 @@ index 7272089..6204f9c5 100644 | |||
19965 | ret | 22672 | ret |
19966 | 22673 | ||
19967 | /* | 22674 | /* |
19968 | @@ -1600,7 +2025,7 @@ bstep_iret: | 22675 | @@ -1600,7 +2146,7 @@ bstep_iret: |
19969 | movq %rcx,RIP+8(%rsp) | 22676 | movq %rcx,RIP+8(%rsp) |
19970 | jmp error_swapgs | 22677 | jmp error_swapgs |
19971 | CFI_ENDPROC | 22678 | CFI_ENDPROC |
@@ -19974,7 +22681,7 @@ index 7272089..6204f9c5 100644 | |||
19974 | 22681 | ||
19975 | 22682 | ||
19976 | /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ | 22683 | /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ |
19977 | @@ -1611,7 +2036,7 @@ ENTRY(error_exit) | 22684 | @@ -1611,7 +2157,7 @@ ENTRY(error_exit) |
19978 | DISABLE_INTERRUPTS(CLBR_NONE) | 22685 | DISABLE_INTERRUPTS(CLBR_NONE) |
19979 | TRACE_IRQS_OFF | 22686 | TRACE_IRQS_OFF |
19980 | GET_THREAD_INFO(%rcx) | 22687 | GET_THREAD_INFO(%rcx) |
@@ -19983,7 +22690,7 @@ index 7272089..6204f9c5 100644 | |||
19983 | jne retint_kernel | 22690 | jne retint_kernel |
19984 | LOCKDEP_SYS_EXIT_IRQ | 22691 | LOCKDEP_SYS_EXIT_IRQ |
19985 | movl TI_flags(%rcx),%edx | 22692 | movl TI_flags(%rcx),%edx |
19986 | @@ -1620,7 +2045,7 @@ ENTRY(error_exit) | 22693 | @@ -1620,7 +2166,7 @@ ENTRY(error_exit) |
19987 | jnz retint_careful | 22694 | jnz retint_careful |
19988 | jmp retint_swapgs | 22695 | jmp retint_swapgs |
19989 | CFI_ENDPROC | 22696 | CFI_ENDPROC |
@@ -19992,7 +22699,7 @@ index 7272089..6204f9c5 100644 | |||
19992 | 22699 | ||
19993 | /* | 22700 | /* |
19994 | * Test if a given stack is an NMI stack or not. | 22701 | * Test if a given stack is an NMI stack or not. |
19995 | @@ -1678,9 +2103,11 @@ ENTRY(nmi) | 22702 | @@ -1678,9 +2224,11 @@ ENTRY(nmi) |
19996 | * If %cs was not the kernel segment, then the NMI triggered in user | 22703 | * If %cs was not the kernel segment, then the NMI triggered in user |
19997 | * space, which means it is definitely not nested. | 22704 | * space, which means it is definitely not nested. |
19998 | */ | 22705 | */ |
@@ -20005,7 +22712,7 @@ index 7272089..6204f9c5 100644 | |||
20005 | /* | 22712 | /* |
20006 | * Check the special variable on the stack to see if NMIs are | 22713 | * Check the special variable on the stack to see if NMIs are |
20007 | * executing. | 22714 | * executing. |
20008 | @@ -1714,8 +2141,7 @@ nested_nmi: | 22715 | @@ -1714,8 +2262,7 @@ nested_nmi: |
20009 | 22716 | ||
20010 | 1: | 22717 | 1: |
20011 | /* Set up the interrupted NMIs stack to jump to repeat_nmi */ | 22718 | /* Set up the interrupted NMIs stack to jump to repeat_nmi */ |
@@ -20015,7 +22722,7 @@ index 7272089..6204f9c5 100644 | |||
20015 | CFI_ADJUST_CFA_OFFSET 1*8 | 22722 | CFI_ADJUST_CFA_OFFSET 1*8 |
20016 | leaq -10*8(%rsp), %rdx | 22723 | leaq -10*8(%rsp), %rdx |
20017 | pushq_cfi $__KERNEL_DS | 22724 | pushq_cfi $__KERNEL_DS |
20018 | @@ -1733,6 +2159,7 @@ nested_nmi_out: | 22725 | @@ -1733,6 +2280,7 @@ nested_nmi_out: |
20019 | CFI_RESTORE rdx | 22726 | CFI_RESTORE rdx |
20020 | 22727 | ||
20021 | /* No need to check faults here */ | 22728 | /* No need to check faults here */ |
@@ -20023,7 +22730,7 @@ index 7272089..6204f9c5 100644 | |||
20023 | INTERRUPT_RETURN | 22730 | INTERRUPT_RETURN |
20024 | 22731 | ||
20025 | CFI_RESTORE_STATE | 22732 | CFI_RESTORE_STATE |
20026 | @@ -1849,6 +2276,8 @@ end_repeat_nmi: | 22733 | @@ -1849,6 +2397,8 @@ end_repeat_nmi: |
20027 | */ | 22734 | */ |
20028 | movq %cr2, %r12 | 22735 | movq %cr2, %r12 |
20029 | 22736 | ||
@@ -20032,7 +22739,7 @@ index 7272089..6204f9c5 100644 | |||
20032 | /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ | 22739 | /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ |
20033 | movq %rsp,%rdi | 22740 | movq %rsp,%rdi |
20034 | movq $-1,%rsi | 22741 | movq $-1,%rsi |
20035 | @@ -1861,26 +2290,31 @@ end_repeat_nmi: | 22742 | @@ -1861,26 +2411,31 @@ end_repeat_nmi: |
20036 | movq %r12, %cr2 | 22743 | movq %r12, %cr2 |
20037 | 1: | 22744 | 1: |
20038 | 22745 | ||
@@ -20188,7 +22895,7 @@ index 55b6761..a6456fc 100644 | |||
20188 | init_level4_pgt[511] = early_level4_pgt[511]; | 22895 | init_level4_pgt[511] = early_level4_pgt[511]; |
20189 | 22896 | ||
20190 | diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S | 22897 | diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S |
20191 | index 73afd11..d1670f5 100644 | 22898 | index 73afd11..0ef46f2 100644 |
20192 | --- a/arch/x86/kernel/head_32.S | 22899 | --- a/arch/x86/kernel/head_32.S |
20193 | +++ b/arch/x86/kernel/head_32.S | 22900 | +++ b/arch/x86/kernel/head_32.S |
20194 | @@ -26,6 +26,12 @@ | 22901 | @@ -26,6 +26,12 @@ |
@@ -20509,7 +23216,7 @@ index 73afd11..d1670f5 100644 | |||
20509 | + | 23216 | + |
20510 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 23217 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
20511 | +ENTRY(cpu_pgd) | 23218 | +ENTRY(cpu_pgd) |
20512 | + .rept NR_CPUS | 23219 | + .rept 2*NR_CPUS |
20513 | + .fill 4,8,0 | 23220 | + .fill 4,8,0 |
20514 | + .endr | 23221 | + .endr |
20515 | +#endif | 23222 | +#endif |
@@ -20620,7 +23327,7 @@ index 73afd11..d1670f5 100644 | |||
20620 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 | 23327 | + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 |
20621 | + .endr | 23328 | + .endr |
20622 | diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S | 23329 | diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
20623 | index a836860..bdeb7a5 100644 | 23330 | index a836860..1b5c665 100644 |
20624 | --- a/arch/x86/kernel/head_64.S | 23331 | --- a/arch/x86/kernel/head_64.S |
20625 | +++ b/arch/x86/kernel/head_64.S | 23332 | +++ b/arch/x86/kernel/head_64.S |
20626 | @@ -20,6 +20,8 @@ | 23333 | @@ -20,6 +20,8 @@ |
@@ -20755,7 +23462,7 @@ index a836860..bdeb7a5 100644 | |||
20755 | 23462 | ||
20756 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 23463 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
20757 | +NEXT_PAGE(cpu_pgd) | 23464 | +NEXT_PAGE(cpu_pgd) |
20758 | + .rept NR_CPUS | 23465 | + .rept 2*NR_CPUS |
20759 | + .fill 512,8,0 | 23466 | + .fill 512,8,0 |
20760 | + .endr | 23467 | + .endr |
20761 | +#endif | 23468 | +#endif |
@@ -20800,7 +23507,7 @@ index a836860..bdeb7a5 100644 | |||
20800 | NEXT_PAGE(level2_kernel_pgt) | 23507 | NEXT_PAGE(level2_kernel_pgt) |
20801 | /* | 23508 | /* |
20802 | * 512 MB kernel mapping. We spend a full page on this pagetable | 23509 | * 512 MB kernel mapping. We spend a full page on this pagetable |
20803 | @@ -488,39 +544,64 @@ NEXT_PAGE(level2_kernel_pgt) | 23510 | @@ -488,39 +544,70 @@ NEXT_PAGE(level2_kernel_pgt) |
20804 | KERNEL_IMAGE_SIZE/PMD_SIZE) | 23511 | KERNEL_IMAGE_SIZE/PMD_SIZE) |
20805 | 23512 | ||
20806 | NEXT_PAGE(level2_fixmap_pgt) | 23513 | NEXT_PAGE(level2_fixmap_pgt) |
@@ -20843,6 +23550,12 @@ index a836860..bdeb7a5 100644 | |||
20843 | + .quad 0x0000f40000000000 /* node/CPU stored in limit */ | 23550 | + .quad 0x0000f40000000000 /* node/CPU stored in limit */ |
20844 | + /* asm/segment.h:GDT_ENTRIES must match this */ | 23551 | + /* asm/segment.h:GDT_ENTRIES must match this */ |
20845 | + | 23552 | + |
23553 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
23554 | + .quad 0x00cf93000000ffff /* __UDEREF_KERNEL_DS */ | ||
23555 | +#else | ||
23556 | + .quad 0x0 /* unused */ | ||
23557 | +#endif | ||
23558 | + | ||
20846 | + /* zero the remaining page */ | 23559 | + /* zero the remaining page */ |
20847 | + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0 | 23560 | + .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0 |
20848 | + .endr | 23561 | + .endr |
@@ -20881,7 +23594,7 @@ index a836860..bdeb7a5 100644 | |||
20881 | - .skip PAGE_SIZE | 23594 | - .skip PAGE_SIZE |
20882 | + .fill 512,8,0 | 23595 | + .fill 512,8,0 |
20883 | diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c | 23596 | diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c |
20884 | index 0fa6912..37fce70 100644 | 23597 | index 0fa6912..b37438b 100644 |
20885 | --- a/arch/x86/kernel/i386_ksyms_32.c | 23598 | --- a/arch/x86/kernel/i386_ksyms_32.c |
20886 | +++ b/arch/x86/kernel/i386_ksyms_32.c | 23599 | +++ b/arch/x86/kernel/i386_ksyms_32.c |
20887 | @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void); | 23600 | @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void); |
@@ -20897,7 +23610,7 @@ index 0fa6912..37fce70 100644 | |||
20897 | 23610 | ||
20898 | EXPORT_SYMBOL(__get_user_1); | 23611 | EXPORT_SYMBOL(__get_user_1); |
20899 | EXPORT_SYMBOL(__get_user_2); | 23612 | EXPORT_SYMBOL(__get_user_2); |
20900 | @@ -37,3 +41,7 @@ EXPORT_SYMBOL(strstr); | 23613 | @@ -37,3 +41,11 @@ EXPORT_SYMBOL(strstr); |
20901 | 23614 | ||
20902 | EXPORT_SYMBOL(csum_partial); | 23615 | EXPORT_SYMBOL(csum_partial); |
20903 | EXPORT_SYMBOL(empty_zero_page); | 23616 | EXPORT_SYMBOL(empty_zero_page); |
@@ -20905,8 +23618,12 @@ index 0fa6912..37fce70 100644 | |||
20905 | +#ifdef CONFIG_PAX_KERNEXEC | 23618 | +#ifdef CONFIG_PAX_KERNEXEC |
20906 | +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); | 23619 | +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); |
20907 | +#endif | 23620 | +#endif |
23621 | + | ||
23622 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
23623 | +EXPORT_SYMBOL(cpu_pgd); | ||
23624 | +#endif | ||
20908 | diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c | 23625 | diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c |
20909 | index cb33909..1163b40 100644 | 23626 | index f7ea30d..6318acc 100644 |
20910 | --- a/arch/x86/kernel/i387.c | 23627 | --- a/arch/x86/kernel/i387.c |
20911 | +++ b/arch/x86/kernel/i387.c | 23628 | +++ b/arch/x86/kernel/i387.c |
20912 | @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) | 23629 | @@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void) |
@@ -22278,7 +24995,7 @@ index 7305f7d..22f73d6 100644 | |||
22278 | } | 24995 | } |
22279 | - | 24996 | - |
22280 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c | 24997 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
22281 | index 355ae06..4530766 100644 | 24998 | index 355ae06..560fbbe 100644 |
22282 | --- a/arch/x86/kernel/process_64.c | 24999 | --- a/arch/x86/kernel/process_64.c |
22283 | +++ b/arch/x86/kernel/process_64.c | 25000 | +++ b/arch/x86/kernel/process_64.c |
22284 | @@ -151,10 +151,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, | 25001 | @@ -151,10 +151,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, |
@@ -22294,7 +25011,16 @@ index 355ae06..4530766 100644 | |||
22294 | set_tsk_thread_flag(p, TIF_FORK); | 25011 | set_tsk_thread_flag(p, TIF_FORK); |
22295 | p->fpu_counter = 0; | 25012 | p->fpu_counter = 0; |
22296 | p->thread.io_bitmap_ptr = NULL; | 25013 | p->thread.io_bitmap_ptr = NULL; |
22297 | @@ -273,7 +274,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | 25014 | @@ -165,6 +166,8 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, |
25015 | p->thread.fs = p->thread.fsindex ? 0 : me->thread.fs; | ||
25016 | savesegment(es, p->thread.es); | ||
25017 | savesegment(ds, p->thread.ds); | ||
25018 | + savesegment(ss, p->thread.ss); | ||
25019 | + BUG_ON(p->thread.ss == __UDEREF_KERNEL_DS); | ||
25020 | memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps)); | ||
25021 | |||
25022 | if (unlikely(p->flags & PF_KTHREAD)) { | ||
25023 | @@ -273,7 +276,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
22298 | struct thread_struct *prev = &prev_p->thread; | 25024 | struct thread_struct *prev = &prev_p->thread; |
22299 | struct thread_struct *next = &next_p->thread; | 25025 | struct thread_struct *next = &next_p->thread; |
22300 | int cpu = smp_processor_id(); | 25026 | int cpu = smp_processor_id(); |
@@ -22303,7 +25029,17 @@ index 355ae06..4530766 100644 | |||
22303 | unsigned fsindex, gsindex; | 25029 | unsigned fsindex, gsindex; |
22304 | fpu_switch_t fpu; | 25030 | fpu_switch_t fpu; |
22305 | 25031 | ||
22306 | @@ -355,10 +356,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | 25032 | @@ -296,6 +299,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
25033 | if (unlikely(next->ds | prev->ds)) | ||
25034 | loadsegment(ds, next->ds); | ||
25035 | |||
25036 | + savesegment(ss, prev->ss); | ||
25037 | + if (unlikely(next->ss != prev->ss)) | ||
25038 | + loadsegment(ss, next->ss); | ||
25039 | |||
25040 | /* We must save %fs and %gs before load_TLS() because | ||
25041 | * %fs and %gs may be cleared by load_TLS(). | ||
25042 | @@ -355,10 +361,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
22307 | prev->usersp = this_cpu_read(old_rsp); | 25043 | prev->usersp = this_cpu_read(old_rsp); |
22308 | this_cpu_write(old_rsp, next->usersp); | 25044 | this_cpu_write(old_rsp, next->usersp); |
22309 | this_cpu_write(current_task, next_p); | 25045 | this_cpu_write(current_task, next_p); |
@@ -22316,7 +25052,7 @@ index 355ae06..4530766 100644 | |||
22316 | 25052 | ||
22317 | /* | 25053 | /* |
22318 | * Now maybe reload the debug registers and handle I/O bitmaps | 25054 | * Now maybe reload the debug registers and handle I/O bitmaps |
22319 | @@ -427,12 +427,11 @@ unsigned long get_wchan(struct task_struct *p) | 25055 | @@ -427,12 +432,11 @@ unsigned long get_wchan(struct task_struct *p) |
22320 | if (!p || p == current || p->state == TASK_RUNNING) | 25056 | if (!p || p == current || p->state == TASK_RUNNING) |
22321 | return 0; | 25057 | return 0; |
22322 | stack = (unsigned long)task_stack_page(p); | 25058 | stack = (unsigned long)task_stack_page(p); |
@@ -22637,7 +25373,7 @@ index f2bb9c9..bed145d7 100644 | |||
22637 | 25373 | ||
22638 | 1: | 25374 | 1: |
22639 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c | 25375 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
22640 | index 56f7fcf..fa229f4 100644 | 25376 | index 56f7fcf..2cfe4f1 100644 |
22641 | --- a/arch/x86/kernel/setup.c | 25377 | --- a/arch/x86/kernel/setup.c |
22642 | +++ b/arch/x86/kernel/setup.c | 25378 | +++ b/arch/x86/kernel/setup.c |
22643 | @@ -110,6 +110,7 @@ | 25379 | @@ -110,6 +110,7 @@ |
@@ -22648,7 +25384,61 @@ index 56f7fcf..fa229f4 100644 | |||
22648 | 25384 | ||
22649 | /* | 25385 | /* |
22650 | * max_low_pfn_mapped: highest direct mapped pfn under 4GB | 25386 | * max_low_pfn_mapped: highest direct mapped pfn under 4GB |
22651 | @@ -444,7 +445,7 @@ static void __init parse_setup_data(void) | 25387 | @@ -205,12 +206,50 @@ EXPORT_SYMBOL(boot_cpu_data); |
25388 | #endif | ||
25389 | |||
25390 | |||
25391 | -#if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64) | ||
25392 | -unsigned long mmu_cr4_features; | ||
25393 | +#ifdef CONFIG_X86_64 | ||
25394 | +unsigned long mmu_cr4_features __read_only = X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE; | ||
25395 | +#elif defined(CONFIG_X86_PAE) | ||
25396 | +unsigned long mmu_cr4_features __read_only = X86_CR4_PAE; | ||
25397 | #else | ||
25398 | -unsigned long mmu_cr4_features = X86_CR4_PAE; | ||
25399 | +unsigned long mmu_cr4_features __read_only; | ||
25400 | #endif | ||
25401 | |||
25402 | +void set_in_cr4(unsigned long mask) | ||
25403 | +{ | ||
25404 | + unsigned long cr4 = read_cr4(); | ||
25405 | + | ||
25406 | + if ((cr4 & mask) == mask && cr4 == mmu_cr4_features) | ||
25407 | + return; | ||
25408 | + | ||
25409 | + pax_open_kernel(); | ||
25410 | + mmu_cr4_features |= mask; | ||
25411 | + pax_close_kernel(); | ||
25412 | + | ||
25413 | + if (trampoline_cr4_features) | ||
25414 | + *trampoline_cr4_features = mmu_cr4_features; | ||
25415 | + cr4 |= mask; | ||
25416 | + write_cr4(cr4); | ||
25417 | +} | ||
25418 | +EXPORT_SYMBOL(set_in_cr4); | ||
25419 | + | ||
25420 | +void clear_in_cr4(unsigned long mask) | ||
25421 | +{ | ||
25422 | + unsigned long cr4 = read_cr4(); | ||
25423 | + | ||
25424 | + if (!(cr4 & mask) && cr4 == mmu_cr4_features) | ||
25425 | + return; | ||
25426 | + | ||
25427 | + pax_open_kernel(); | ||
25428 | + mmu_cr4_features &= ~mask; | ||
25429 | + pax_close_kernel(); | ||
25430 | + | ||
25431 | + if (trampoline_cr4_features) | ||
25432 | + *trampoline_cr4_features = mmu_cr4_features; | ||
25433 | + cr4 &= ~mask; | ||
25434 | + write_cr4(cr4); | ||
25435 | +} | ||
25436 | +EXPORT_SYMBOL(clear_in_cr4); | ||
25437 | + | ||
25438 | /* Boot loader ID and version as integers, for the benefit of proc_dointvec */ | ||
25439 | int bootloader_type, bootloader_version; | ||
25440 | |||
25441 | @@ -444,7 +483,7 @@ static void __init parse_setup_data(void) | ||
22652 | 25442 | ||
22653 | switch (data->type) { | 25443 | switch (data->type) { |
22654 | case SETUP_E820_EXT: | 25444 | case SETUP_E820_EXT: |
@@ -22657,7 +25447,7 @@ index 56f7fcf..fa229f4 100644 | |||
22657 | break; | 25447 | break; |
22658 | case SETUP_DTB: | 25448 | case SETUP_DTB: |
22659 | add_dtb(pa_data); | 25449 | add_dtb(pa_data); |
22660 | @@ -771,7 +772,7 @@ static void __init trim_bios_range(void) | 25450 | @@ -771,7 +810,7 @@ static void __init trim_bios_range(void) |
22661 | * area (640->1Mb) as ram even though it is not. | 25451 | * area (640->1Mb) as ram even though it is not. |
22662 | * take them out. | 25452 | * take them out. |
22663 | */ | 25453 | */ |
@@ -22666,7 +25456,7 @@ index 56f7fcf..fa229f4 100644 | |||
22666 | 25456 | ||
22667 | sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); | 25457 | sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); |
22668 | } | 25458 | } |
22669 | @@ -779,7 +780,7 @@ static void __init trim_bios_range(void) | 25459 | @@ -779,7 +818,7 @@ static void __init trim_bios_range(void) |
22670 | /* called before trim_bios_range() to spare extra sanitize */ | 25460 | /* called before trim_bios_range() to spare extra sanitize */ |
22671 | static void __init e820_add_kernel_range(void) | 25461 | static void __init e820_add_kernel_range(void) |
22672 | { | 25462 | { |
@@ -22675,7 +25465,7 @@ index 56f7fcf..fa229f4 100644 | |||
22675 | u64 size = __pa_symbol(_end) - start; | 25465 | u64 size = __pa_symbol(_end) - start; |
22676 | 25466 | ||
22677 | /* | 25467 | /* |
22678 | @@ -841,8 +842,12 @@ static void __init trim_low_memory_range(void) | 25468 | @@ -841,8 +880,12 @@ static void __init trim_low_memory_range(void) |
22679 | 25469 | ||
22680 | void __init setup_arch(char **cmdline_p) | 25470 | void __init setup_arch(char **cmdline_p) |
22681 | { | 25471 | { |
@@ -22688,7 +25478,7 @@ index 56f7fcf..fa229f4 100644 | |||
22688 | 25478 | ||
22689 | early_reserve_initrd(); | 25479 | early_reserve_initrd(); |
22690 | 25480 | ||
22691 | @@ -934,14 +939,14 @@ void __init setup_arch(char **cmdline_p) | 25481 | @@ -934,14 +977,14 @@ void __init setup_arch(char **cmdline_p) |
22692 | 25482 | ||
22693 | if (!boot_params.hdr.root_flags) | 25483 | if (!boot_params.hdr.root_flags) |
22694 | root_mountflags &= ~MS_RDONLY; | 25484 | root_mountflags &= ~MS_RDONLY; |
@@ -22785,7 +25575,7 @@ index 5cdff03..80fa283 100644 | |||
22785 | * Up to this point, the boot CPU has been using .init.data | 25575 | * Up to this point, the boot CPU has been using .init.data |
22786 | * area. Reload any changed state for the boot CPU. | 25576 | * area. Reload any changed state for the boot CPU. |
22787 | diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c | 25577 | diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c |
22788 | index 6956299..f20beae 100644 | 25578 | index 6956299..18126ec4 100644 |
22789 | --- a/arch/x86/kernel/signal.c | 25579 | --- a/arch/x86/kernel/signal.c |
22790 | +++ b/arch/x86/kernel/signal.c | 25580 | +++ b/arch/x86/kernel/signal.c |
22791 | @@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) | 25581 | @@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) |
@@ -22818,8 +25608,12 @@ index 6956299..f20beae 100644 | |||
22818 | 25608 | ||
22819 | if (err) | 25609 | if (err) |
22820 | return -EFAULT; | 25610 | return -EFAULT; |
22821 | @@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, | 25611 | @@ -364,10 +364,13 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, |
22822 | err |= __save_altstack(&frame->uc.uc_stack, regs->sp); | 25612 | else |
25613 | put_user_ex(0, &frame->uc.uc_flags); | ||
25614 | put_user_ex(0, &frame->uc.uc_link); | ||
25615 | - err |= __save_altstack(&frame->uc.uc_stack, regs->sp); | ||
25616 | + __save_altstack_ex(&frame->uc.uc_stack, regs->sp); | ||
22823 | 25617 | ||
22824 | /* Set up to return from userspace. */ | 25618 | /* Set up to return from userspace. */ |
22825 | - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); | 25619 | - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); |
@@ -22839,6 +25633,15 @@ index 6956299..f20beae 100644 | |||
22839 | } put_user_catch(err); | 25633 | } put_user_catch(err); |
22840 | 25634 | ||
22841 | err |= copy_siginfo_to_user(&frame->info, &ksig->info); | 25635 | err |= copy_siginfo_to_user(&frame->info, &ksig->info); |
25636 | @@ -429,7 +432,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, | ||
25637 | else | ||
25638 | put_user_ex(0, &frame->uc.uc_flags); | ||
25639 | put_user_ex(0, &frame->uc.uc_link); | ||
25640 | - err |= __save_altstack(&frame->uc.uc_stack, regs->sp); | ||
25641 | + __save_altstack_ex(&frame->uc.uc_stack, regs->sp); | ||
25642 | |||
25643 | /* Set up to return from userspace. If provided, use a stub | ||
25644 | already in userspace. */ | ||
22842 | @@ -615,7 +618,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) | 25645 | @@ -615,7 +618,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs) |
22843 | { | 25646 | { |
22844 | int usig = signr_convert(ksig->sig); | 25647 | int usig = signr_convert(ksig->sig); |
@@ -22876,10 +25679,35 @@ index 48d2b7d..90d328a 100644 | |||
22876 | .smp_prepare_cpus = native_smp_prepare_cpus, | 25679 | .smp_prepare_cpus = native_smp_prepare_cpus, |
22877 | .smp_cpus_done = native_smp_cpus_done, | 25680 | .smp_cpus_done = native_smp_cpus_done, |
22878 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c | 25681 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c |
22879 | index bfd348e..4816ad8 100644 | 25682 | index bfd348e..914f323 100644 |
22880 | --- a/arch/x86/kernel/smpboot.c | 25683 | --- a/arch/x86/kernel/smpboot.c |
22881 | +++ b/arch/x86/kernel/smpboot.c | 25684 | +++ b/arch/x86/kernel/smpboot.c |
22882 | @@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) | 25685 | @@ -251,14 +251,18 @@ notrace static void __cpuinit start_secondary(void *unused) |
25686 | |||
25687 | enable_start_cpu0 = 0; | ||
25688 | |||
25689 | -#ifdef CONFIG_X86_32 | ||
25690 | - /* switch away from the initial page table */ | ||
25691 | - load_cr3(swapper_pg_dir); | ||
25692 | - __flush_tlb_all(); | ||
25693 | -#endif | ||
25694 | - | ||
25695 | /* otherwise gcc will move up smp_processor_id before the cpu_init */ | ||
25696 | barrier(); | ||
25697 | + | ||
25698 | + /* switch away from the initial page table */ | ||
25699 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
25700 | + load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); | ||
25701 | + __flush_tlb_all(); | ||
25702 | +#elif defined(CONFIG_X86_32) | ||
25703 | + load_cr3(swapper_pg_dir); | ||
25704 | + __flush_tlb_all(); | ||
25705 | +#endif | ||
25706 | + | ||
25707 | /* | ||
25708 | * Check TSC synchronization with the BP: | ||
25709 | */ | ||
25710 | @@ -748,6 +752,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) | ||
22883 | idle->thread.sp = (unsigned long) (((struct pt_regs *) | 25711 | idle->thread.sp = (unsigned long) (((struct pt_regs *) |
22884 | (THREAD_SIZE + task_stack_page(idle))) - 1); | 25712 | (THREAD_SIZE + task_stack_page(idle))) - 1); |
22885 | per_cpu(current_task, cpu) = idle; | 25713 | per_cpu(current_task, cpu) = idle; |
@@ -22887,7 +25715,7 @@ index bfd348e..4816ad8 100644 | |||
22887 | 25715 | ||
22888 | #ifdef CONFIG_X86_32 | 25716 | #ifdef CONFIG_X86_32 |
22889 | /* Stack for startup_32 can be just as for start_secondary onwards */ | 25717 | /* Stack for startup_32 can be just as for start_secondary onwards */ |
22890 | @@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) | 25718 | @@ -755,11 +760,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) |
22891 | #else | 25719 | #else |
22892 | clear_tsk_thread_flag(idle, TIF_FORK); | 25720 | clear_tsk_thread_flag(idle, TIF_FORK); |
22893 | initial_gs = per_cpu_offset(cpu); | 25721 | initial_gs = per_cpu_offset(cpu); |
@@ -22904,19 +25732,19 @@ index bfd348e..4816ad8 100644 | |||
22904 | initial_code = (unsigned long)start_secondary; | 25732 | initial_code = (unsigned long)start_secondary; |
22905 | stack_start = idle->thread.sp; | 25733 | stack_start = idle->thread.sp; |
22906 | 25734 | ||
22907 | @@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) | 25735 | @@ -908,6 +915,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) |
22908 | /* the FPU context is blank, nobody can own it */ | 25736 | /* the FPU context is blank, nobody can own it */ |
22909 | __cpu_disable_lazy_restore(cpu); | 25737 | __cpu_disable_lazy_restore(cpu); |
22910 | 25738 | ||
22911 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 25739 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
22912 | + clone_pgd_range(get_cpu_pgd(cpu) + KERNEL_PGD_BOUNDARY, | 25740 | + clone_pgd_range(get_cpu_pgd(cpu, kernel) + KERNEL_PGD_BOUNDARY, |
25741 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, | ||
25742 | + KERNEL_PGD_PTRS); | ||
25743 | + clone_pgd_range(get_cpu_pgd(cpu, user) + KERNEL_PGD_BOUNDARY, | ||
22913 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, | 25744 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, |
22914 | + KERNEL_PGD_PTRS); | 25745 | + KERNEL_PGD_PTRS); |
22915 | +#endif | 25746 | +#endif |
22916 | + | 25747 | + |
22917 | + /* the FPU context is blank, nobody can own it */ | ||
22918 | + __cpu_disable_lazy_restore(cpu); | ||
22919 | + | ||
22920 | err = do_boot_cpu(apicid, cpu, tidle); | 25748 | err = do_boot_cpu(apicid, cpu, tidle); |
22921 | if (err) { | 25749 | if (err) { |
22922 | pr_debug("do_boot_cpu failed %d\n", err); | 25750 | pr_debug("do_boot_cpu failed %d\n", err); |
@@ -23153,7 +25981,7 @@ index 0000000..5877189 | |||
23153 | + return arch_get_unmapped_area(filp, addr0, len, pgoff, flags); | 25981 | + return arch_get_unmapped_area(filp, addr0, len, pgoff, flags); |
23154 | +} | 25982 | +} |
23155 | diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c | 25983 | diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c |
23156 | index dbded5a..ace2781 100644 | 25984 | index 30277e2..5664a29 100644 |
23157 | --- a/arch/x86/kernel/sys_x86_64.c | 25985 | --- a/arch/x86/kernel/sys_x86_64.c |
23158 | +++ b/arch/x86/kernel/sys_x86_64.c | 25986 | +++ b/arch/x86/kernel/sys_x86_64.c |
23159 | @@ -81,8 +81,8 @@ out: | 25987 | @@ -81,8 +81,8 @@ out: |
@@ -23171,8 +25999,8 @@ index dbded5a..ace2781 100644 | |||
23171 | *begin = new_begin; | 25999 | *begin = new_begin; |
23172 | } | 26000 | } |
23173 | } else { | 26001 | } else { |
23174 | - *begin = TASK_UNMAPPED_BASE; | 26002 | - *begin = current->mm->mmap_legacy_base; |
23175 | + *begin = mm->mmap_base; | 26003 | + *begin = mm->mmap_legacy_base; |
23176 | *end = TASK_SIZE; | 26004 | *end = TASK_SIZE; |
23177 | } | 26005 | } |
23178 | } | 26006 | } |
@@ -23932,7 +26760,7 @@ index 9a907a6..f83f921 100644 | |||
23932 | (unsigned long)VSYSCALL_START); | 26760 | (unsigned long)VSYSCALL_START); |
23933 | 26761 | ||
23934 | diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c | 26762 | diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c |
23935 | index b014d94..6d6ca7b 100644 | 26763 | index b014d94..e775258 100644 |
23936 | --- a/arch/x86/kernel/x8664_ksyms_64.c | 26764 | --- a/arch/x86/kernel/x8664_ksyms_64.c |
23937 | +++ b/arch/x86/kernel/x8664_ksyms_64.c | 26765 | +++ b/arch/x86/kernel/x8664_ksyms_64.c |
23938 | @@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string); | 26766 | @@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string); |
@@ -23944,6 +26772,14 @@ index b014d94..6d6ca7b 100644 | |||
23944 | 26772 | ||
23945 | EXPORT_SYMBOL(copy_page); | 26773 | EXPORT_SYMBOL(copy_page); |
23946 | EXPORT_SYMBOL(clear_page); | 26774 | EXPORT_SYMBOL(clear_page); |
26775 | @@ -66,3 +64,7 @@ EXPORT_SYMBOL(empty_zero_page); | ||
26776 | #ifndef CONFIG_PARAVIRT | ||
26777 | EXPORT_SYMBOL(native_load_gs_index); | ||
26778 | #endif | ||
26779 | + | ||
26780 | +#ifdef CONFIG_PAX_PER_CPU_PGD | ||
26781 | +EXPORT_SYMBOL(cpu_pgd); | ||
26782 | +#endif | ||
23947 | diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c | 26783 | diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c |
23948 | index 45a14db..075bb9b 100644 | 26784 | index 45a14db..075bb9b 100644 |
23949 | --- a/arch/x86/kernel/x86_init.c | 26785 | --- a/arch/x86/kernel/x86_init.c |
@@ -25213,27 +28049,43 @@ index 176cca6..1166c50 100644 | |||
25213 | .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ | 28049 | .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ |
25214 | 2: | 28050 | 2: |
25215 | diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S | 28051 | diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S |
25216 | index a30ca15..d25fab6 100644 | 28052 | index a30ca15..6b3f4e1 100644 |
25217 | --- a/arch/x86/lib/copy_user_64.S | 28053 | --- a/arch/x86/lib/copy_user_64.S |
25218 | +++ b/arch/x86/lib/copy_user_64.S | 28054 | +++ b/arch/x86/lib/copy_user_64.S |
25219 | @@ -18,6 +18,7 @@ | 28055 | @@ -18,31 +18,7 @@ |
25220 | #include <asm/alternative-asm.h> | 28056 | #include <asm/alternative-asm.h> |
25221 | #include <asm/asm.h> | 28057 | #include <asm/asm.h> |
25222 | #include <asm/smap.h> | 28058 | #include <asm/smap.h> |
28059 | - | ||
28060 | -/* | ||
28061 | - * By placing feature2 after feature1 in altinstructions section, we logically | ||
28062 | - * implement: | ||
28063 | - * If CPU has feature2, jmp to alt2 is used | ||
28064 | - * else if CPU has feature1, jmp to alt1 is used | ||
28065 | - * else jmp to orig is used. | ||
28066 | - */ | ||
28067 | - .macro ALTERNATIVE_JUMP feature1,feature2,orig,alt1,alt2 | ||
28068 | -0: | ||
28069 | - .byte 0xe9 /* 32bit jump */ | ||
28070 | - .long \orig-1f /* by default jump to orig */ | ||
28071 | -1: | ||
28072 | - .section .altinstr_replacement,"ax" | ||
28073 | -2: .byte 0xe9 /* near jump with 32bit immediate */ | ||
28074 | - .long \alt1-1b /* offset */ /* or alternatively to alt1 */ | ||
28075 | -3: .byte 0xe9 /* near jump with 32bit immediate */ | ||
28076 | - .long \alt2-1b /* offset */ /* or alternatively to alt2 */ | ||
28077 | - .previous | ||
28078 | - | ||
28079 | - .section .altinstructions,"a" | ||
28080 | - altinstruction_entry 0b,2b,\feature1,5,5 | ||
28081 | - altinstruction_entry 0b,3b,\feature2,5,5 | ||
28082 | - .previous | ||
28083 | - .endm | ||
25223 | +#include <asm/pgtable.h> | 28084 | +#include <asm/pgtable.h> |
25224 | 28085 | ||
25225 | /* | 28086 | .macro ALIGN_DESTINATION |
25226 | * By placing feature2 after feature1 in altinstructions section, we logically | 28087 | #ifdef FIX_ALIGNMENT |
25227 | @@ -31,7 +32,7 @@ | 28088 | @@ -70,52 +46,6 @@ |
25228 | .byte 0xe9 /* 32bit jump */ | ||
25229 | .long \orig-1f /* by default jump to orig */ | ||
25230 | 1: | ||
25231 | - .section .altinstr_replacement,"ax" | ||
25232 | + .section .altinstr_replacement,"a" | ||
25233 | 2: .byte 0xe9 /* near jump with 32bit immediate */ | ||
25234 | .long \alt1-1b /* offset */ /* or alternatively to alt1 */ | ||
25235 | 3: .byte 0xe9 /* near jump with 32bit immediate */ | ||
25236 | @@ -70,47 +71,20 @@ | ||
25237 | #endif | 28089 | #endif |
25238 | .endm | 28090 | .endm |
25239 | 28091 | ||
@@ -25267,24 +28119,34 @@ index a30ca15..d25fab6 100644 | |||
25267 | - CFI_ENDPROC | 28119 | - CFI_ENDPROC |
25268 | -ENDPROC(_copy_from_user) | 28120 | -ENDPROC(_copy_from_user) |
25269 | - | 28121 | - |
25270 | .section .fixup,"ax" | 28122 | - .section .fixup,"ax" |
25271 | /* must zero dest */ | 28123 | - /* must zero dest */ |
25272 | ENTRY(bad_from_user) | 28124 | -ENTRY(bad_from_user) |
25273 | bad_from_user: | 28125 | -bad_from_user: |
28126 | - CFI_STARTPROC | ||
28127 | - movl %edx,%ecx | ||
28128 | - xorl %eax,%eax | ||
28129 | - rep | ||
28130 | - stosb | ||
28131 | -bad_to_user: | ||
28132 | - movl %edx,%eax | ||
28133 | - ret | ||
28134 | - CFI_ENDPROC | ||
28135 | -ENDPROC(bad_from_user) | ||
28136 | - .previous | ||
28137 | - | ||
28138 | /* | ||
28139 | * copy_user_generic_unrolled - memory copy with exception handling. | ||
28140 | * This version is for CPUs like P4 that don't have efficient micro | ||
28141 | @@ -131,6 +61,7 @@ ENDPROC(bad_from_user) | ||
28142 | */ | ||
28143 | ENTRY(copy_user_generic_unrolled) | ||
25274 | CFI_STARTPROC | 28144 | CFI_STARTPROC |
25275 | + testl %edx,%edx | 28145 | + ASM_PAX_OPEN_USERLAND |
25276 | + js bad_to_user | 28146 | ASM_STAC |
25277 | movl %edx,%ecx | 28147 | cmpl $8,%edx |
25278 | xorl %eax,%eax | 28148 | jb 20f /* less then 8 bytes, go to byte copy loop */ |
25279 | rep | 28149 | @@ -141,19 +72,19 @@ ENTRY(copy_user_generic_unrolled) |
25280 | stosb | ||
25281 | bad_to_user: | ||
25282 | movl %edx,%eax | ||
25283 | + pax_force_retaddr | ||
25284 | ret | ||
25285 | CFI_ENDPROC | ||
25286 | ENDPROC(bad_from_user) | ||
25287 | @@ -141,19 +115,19 @@ ENTRY(copy_user_generic_unrolled) | ||
25288 | jz 17f | 28150 | jz 17f |
25289 | 1: movq (%rsi),%r8 | 28151 | 1: movq (%rsi),%r8 |
25290 | 2: movq 1*8(%rsi),%r9 | 28152 | 2: movq 1*8(%rsi),%r9 |
@@ -25308,32 +28170,51 @@ index a30ca15..d25fab6 100644 | |||
25308 | 16: movq %r11,7*8(%rdi) | 28170 | 16: movq %r11,7*8(%rdi) |
25309 | leaq 64(%rsi),%rsi | 28171 | leaq 64(%rsi),%rsi |
25310 | leaq 64(%rdi),%rdi | 28172 | leaq 64(%rdi),%rdi |
25311 | @@ -180,6 +154,7 @@ ENTRY(copy_user_generic_unrolled) | 28173 | @@ -180,6 +111,8 @@ ENTRY(copy_user_generic_unrolled) |
25312 | jnz 21b | 28174 | jnz 21b |
25313 | 23: xor %eax,%eax | 28175 | 23: xor %eax,%eax |
25314 | ASM_CLAC | 28176 | ASM_CLAC |
28177 | + ASM_PAX_CLOSE_USERLAND | ||
25315 | + pax_force_retaddr | 28178 | + pax_force_retaddr |
25316 | ret | 28179 | ret |
25317 | 28180 | ||
25318 | .section .fixup,"ax" | 28181 | .section .fixup,"ax" |
25319 | @@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string) | 28182 | @@ -235,6 +168,7 @@ ENDPROC(copy_user_generic_unrolled) |
28183 | */ | ||
28184 | ENTRY(copy_user_generic_string) | ||
28185 | CFI_STARTPROC | ||
28186 | + ASM_PAX_OPEN_USERLAND | ||
28187 | ASM_STAC | ||
28188 | andl %edx,%edx | ||
28189 | jz 4f | ||
28190 | @@ -251,6 +185,8 @@ ENTRY(copy_user_generic_string) | ||
25320 | movsb | 28191 | movsb |
25321 | 4: xorl %eax,%eax | 28192 | 4: xorl %eax,%eax |
25322 | ASM_CLAC | 28193 | ASM_CLAC |
28194 | + ASM_PAX_CLOSE_USERLAND | ||
25323 | + pax_force_retaddr | 28195 | + pax_force_retaddr |
25324 | ret | 28196 | ret |
25325 | 28197 | ||
25326 | .section .fixup,"ax" | 28198 | .section .fixup,"ax" |
25327 | @@ -286,6 +262,7 @@ ENTRY(copy_user_enhanced_fast_string) | 28199 | @@ -278,6 +214,7 @@ ENDPROC(copy_user_generic_string) |
28200 | */ | ||
28201 | ENTRY(copy_user_enhanced_fast_string) | ||
28202 | CFI_STARTPROC | ||
28203 | + ASM_PAX_OPEN_USERLAND | ||
28204 | ASM_STAC | ||
28205 | andl %edx,%edx | ||
28206 | jz 2f | ||
28207 | @@ -286,6 +223,8 @@ ENTRY(copy_user_enhanced_fast_string) | ||
25328 | movsb | 28208 | movsb |
25329 | 2: xorl %eax,%eax | 28209 | 2: xorl %eax,%eax |
25330 | ASM_CLAC | 28210 | ASM_CLAC |
28211 | + ASM_PAX_CLOSE_USERLAND | ||
25331 | + pax_force_retaddr | 28212 | + pax_force_retaddr |
25332 | ret | 28213 | ret |
25333 | 28214 | ||
25334 | .section .fixup,"ax" | 28215 | .section .fixup,"ax" |
25335 | diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S | 28216 | diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S |
25336 | index 6a4f43c..f08b4a2 100644 | 28217 | index 6a4f43c..55d26f2 100644 |
25337 | --- a/arch/x86/lib/copy_user_nocache_64.S | 28218 | --- a/arch/x86/lib/copy_user_nocache_64.S |
25338 | +++ b/arch/x86/lib/copy_user_nocache_64.S | 28219 | +++ b/arch/x86/lib/copy_user_nocache_64.S |
25339 | @@ -8,6 +8,7 @@ | 28220 | @@ -8,6 +8,7 @@ |
@@ -25352,7 +28233,7 @@ index 6a4f43c..f08b4a2 100644 | |||
25352 | 28233 | ||
25353 | .macro ALIGN_DESTINATION | 28234 | .macro ALIGN_DESTINATION |
25354 | #ifdef FIX_ALIGNMENT | 28235 | #ifdef FIX_ALIGNMENT |
25355 | @@ -49,6 +51,15 @@ | 28236 | @@ -49,6 +51,16 @@ |
25356 | */ | 28237 | */ |
25357 | ENTRY(__copy_user_nocache) | 28238 | ENTRY(__copy_user_nocache) |
25358 | CFI_STARTPROC | 28239 | CFI_STARTPROC |
@@ -25365,10 +28246,11 @@ index 6a4f43c..f08b4a2 100644 | |||
25365 | +1: | 28246 | +1: |
25366 | +#endif | 28247 | +#endif |
25367 | + | 28248 | + |
28249 | + ASM_PAX_OPEN_USERLAND | ||
25368 | ASM_STAC | 28250 | ASM_STAC |
25369 | cmpl $8,%edx | 28251 | cmpl $8,%edx |
25370 | jb 20f /* less then 8 bytes, go to byte copy loop */ | 28252 | jb 20f /* less then 8 bytes, go to byte copy loop */ |
25371 | @@ -59,19 +70,19 @@ ENTRY(__copy_user_nocache) | 28253 | @@ -59,19 +71,19 @@ ENTRY(__copy_user_nocache) |
25372 | jz 17f | 28254 | jz 17f |
25373 | 1: movq (%rsi),%r8 | 28255 | 1: movq (%rsi),%r8 |
25374 | 2: movq 1*8(%rsi),%r9 | 28256 | 2: movq 1*8(%rsi),%r9 |
@@ -25392,9 +28274,11 @@ index 6a4f43c..f08b4a2 100644 | |||
25392 | 16: movnti %r11,7*8(%rdi) | 28274 | 16: movnti %r11,7*8(%rdi) |
25393 | leaq 64(%rsi),%rsi | 28275 | leaq 64(%rsi),%rsi |
25394 | leaq 64(%rdi),%rdi | 28276 | leaq 64(%rdi),%rdi |
25395 | @@ -99,6 +110,7 @@ ENTRY(__copy_user_nocache) | 28277 | @@ -98,7 +110,9 @@ ENTRY(__copy_user_nocache) |
28278 | jnz 21b | ||
25396 | 23: xorl %eax,%eax | 28279 | 23: xorl %eax,%eax |
25397 | ASM_CLAC | 28280 | ASM_CLAC |
28281 | + ASM_PAX_CLOSE_USERLAND | ||
25398 | sfence | 28282 | sfence |
25399 | + pax_force_retaddr | 28283 | + pax_force_retaddr |
25400 | ret | 28284 | ret |
@@ -25421,27 +28305,38 @@ index 2419d5f..953ee51 100644 | |||
25421 | CFI_RESTORE_STATE | 28305 | CFI_RESTORE_STATE |
25422 | 28306 | ||
25423 | diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c | 28307 | diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c |
25424 | index 25b7ae8..169fafc 100644 | 28308 | index 25b7ae8..c40113e 100644 |
25425 | --- a/arch/x86/lib/csum-wrappers_64.c | 28309 | --- a/arch/x86/lib/csum-wrappers_64.c |
25426 | +++ b/arch/x86/lib/csum-wrappers_64.c | 28310 | +++ b/arch/x86/lib/csum-wrappers_64.c |
25427 | @@ -52,7 +52,7 @@ csum_partial_copy_from_user(const void __user *src, void *dst, | 28311 | @@ -52,8 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst, |
25428 | len -= 2; | 28312 | len -= 2; |
25429 | } | 28313 | } |
25430 | } | 28314 | } |
25431 | - isum = csum_partial_copy_generic((__force const void *)src, | 28315 | - isum = csum_partial_copy_generic((__force const void *)src, |
28316 | + pax_open_userland(); | ||
28317 | + stac(); | ||
25432 | + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src), | 28318 | + isum = csum_partial_copy_generic((const void __force_kernel *)____m(src), |
25433 | dst, len, isum, errp, NULL); | 28319 | dst, len, isum, errp, NULL); |
28320 | + clac(); | ||
28321 | + pax_close_userland(); | ||
25434 | if (unlikely(*errp)) | 28322 | if (unlikely(*errp)) |
25435 | goto out_err; | 28323 | goto out_err; |
25436 | @@ -105,7 +105,7 @@ csum_partial_copy_to_user(const void *src, void __user *dst, | 28324 | |
28325 | @@ -105,8 +109,13 @@ csum_partial_copy_to_user(const void *src, void __user *dst, | ||
25437 | } | 28326 | } |
25438 | 28327 | ||
25439 | *errp = 0; | 28328 | *errp = 0; |
25440 | - return csum_partial_copy_generic(src, (void __force *)dst, | 28329 | - return csum_partial_copy_generic(src, (void __force *)dst, |
25441 | + return csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), | 28330 | + pax_open_userland(); |
28331 | + stac(); | ||
28332 | + isum = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst), | ||
25442 | len, isum, NULL, errp); | 28333 | len, isum, NULL, errp); |
28334 | + clac(); | ||
28335 | + pax_close_userland(); | ||
28336 | + return isum; | ||
25443 | } | 28337 | } |
25444 | EXPORT_SYMBOL(csum_partial_copy_to_user); | 28338 | EXPORT_SYMBOL(csum_partial_copy_to_user); |
28339 | |||
25445 | diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S | 28340 | diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S |
25446 | index a451235..1daa956 100644 | 28341 | index a451235..1daa956 100644 |
25447 | --- a/arch/x86/lib/getuser.S | 28342 | --- a/arch/x86/lib/getuser.S |
@@ -25646,9 +28541,18 @@ index 05a95e7..326f2fa 100644 | |||
25646 | CFI_ENDPROC | 28541 | CFI_ENDPROC |
25647 | ENDPROC(__iowrite32_copy) | 28542 | ENDPROC(__iowrite32_copy) |
25648 | diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S | 28543 | diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S |
25649 | index 56313a3..aa84a79 100644 | 28544 | index 56313a3..9b59269 100644 |
25650 | --- a/arch/x86/lib/memcpy_64.S | 28545 | --- a/arch/x86/lib/memcpy_64.S |
25651 | +++ b/arch/x86/lib/memcpy_64.S | 28546 | +++ b/arch/x86/lib/memcpy_64.S |
28547 | @@ -24,7 +24,7 @@ | ||
28548 | * This gets patched over the unrolled variant (below) via the | ||
28549 | * alternative instructions framework: | ||
28550 | */ | ||
28551 | - .section .altinstr_replacement, "ax", @progbits | ||
28552 | + .section .altinstr_replacement, "a", @progbits | ||
28553 | .Lmemcpy_c: | ||
28554 | movq %rdi, %rax | ||
28555 | movq %rdx, %rcx | ||
25652 | @@ -33,6 +33,7 @@ | 28556 | @@ -33,6 +33,7 @@ |
25653 | rep movsq | 28557 | rep movsq |
25654 | movl %edx, %ecx | 28558 | movl %edx, %ecx |
@@ -25657,7 +28561,13 @@ index 56313a3..aa84a79 100644 | |||
25657 | ret | 28561 | ret |
25658 | .Lmemcpy_e: | 28562 | .Lmemcpy_e: |
25659 | .previous | 28563 | .previous |
25660 | @@ -49,6 +50,7 @@ | 28564 | @@ -44,11 +45,12 @@ |
28565 | * This gets patched over the unrolled variant (below) via the | ||
28566 | * alternative instructions framework: | ||
28567 | */ | ||
28568 | - .section .altinstr_replacement, "ax", @progbits | ||
28569 | + .section .altinstr_replacement, "a", @progbits | ||
28570 | .Lmemcpy_c_e: | ||
25661 | movq %rdi, %rax | 28571 | movq %rdi, %rax |
25662 | movq %rdx, %rcx | 28572 | movq %rdx, %rcx |
25663 | rep movsb | 28573 | rep movsb |
@@ -25737,7 +28647,7 @@ index 56313a3..aa84a79 100644 | |||
25737 | CFI_ENDPROC | 28647 | CFI_ENDPROC |
25738 | ENDPROC(memcpy) | 28648 | ENDPROC(memcpy) |
25739 | diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S | 28649 | diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S |
25740 | index 65268a6..c9518d1 100644 | 28650 | index 65268a6..5aa7815 100644 |
25741 | --- a/arch/x86/lib/memmove_64.S | 28651 | --- a/arch/x86/lib/memmove_64.S |
25742 | +++ b/arch/x86/lib/memmove_64.S | 28652 | +++ b/arch/x86/lib/memmove_64.S |
25743 | @@ -61,13 +61,13 @@ ENTRY(memmove) | 28653 | @@ -61,13 +61,13 @@ ENTRY(memmove) |
@@ -25852,7 +28762,7 @@ index 65268a6..c9518d1 100644 | |||
25852 | jmp 13f | 28762 | jmp 13f |
25853 | 12: | 28763 | 12: |
25854 | cmp $1, %rdx | 28764 | cmp $1, %rdx |
25855 | @@ -202,6 +202,7 @@ ENTRY(memmove) | 28765 | @@ -202,14 +202,16 @@ ENTRY(memmove) |
25856 | movb (%rsi), %r11b | 28766 | movb (%rsi), %r11b |
25857 | movb %r11b, (%rdi) | 28767 | movb %r11b, (%rdi) |
25858 | 13: | 28768 | 13: |
@@ -25860,7 +28770,9 @@ index 65268a6..c9518d1 100644 | |||
25860 | retq | 28770 | retq |
25861 | CFI_ENDPROC | 28771 | CFI_ENDPROC |
25862 | 28772 | ||
25863 | @@ -210,6 +211,7 @@ ENTRY(memmove) | 28773 | - .section .altinstr_replacement,"ax" |
28774 | + .section .altinstr_replacement,"a" | ||
28775 | .Lmemmove_begin_forward_efs: | ||
25864 | /* Forward moving data. */ | 28776 | /* Forward moving data. */ |
25865 | movq %rdx, %rcx | 28777 | movq %rdx, %rcx |
25866 | rep movsb | 28778 | rep movsb |
@@ -25869,9 +28781,18 @@ index 65268a6..c9518d1 100644 | |||
25869 | .Lmemmove_end_forward_efs: | 28781 | .Lmemmove_end_forward_efs: |
25870 | .previous | 28782 | .previous |
25871 | diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S | 28783 | diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S |
25872 | index 2dcb380..963660a 100644 | 28784 | index 2dcb380..50a78bc 100644 |
25873 | --- a/arch/x86/lib/memset_64.S | 28785 | --- a/arch/x86/lib/memset_64.S |
25874 | +++ b/arch/x86/lib/memset_64.S | 28786 | +++ b/arch/x86/lib/memset_64.S |
28787 | @@ -16,7 +16,7 @@ | ||
28788 | * | ||
28789 | * rax original destination | ||
28790 | */ | ||
28791 | - .section .altinstr_replacement, "ax", @progbits | ||
28792 | + .section .altinstr_replacement, "a", @progbits | ||
28793 | .Lmemset_c: | ||
28794 | movq %rdi,%r9 | ||
28795 | movq %rdx,%rcx | ||
25875 | @@ -30,6 +30,7 @@ | 28796 | @@ -30,6 +30,7 @@ |
25876 | movl %edx,%ecx | 28797 | movl %edx,%ecx |
25877 | rep stosb | 28798 | rep stosb |
@@ -25880,7 +28801,15 @@ index 2dcb380..963660a 100644 | |||
25880 | ret | 28801 | ret |
25881 | .Lmemset_e: | 28802 | .Lmemset_e: |
25882 | .previous | 28803 | .previous |
25883 | @@ -52,6 +53,7 @@ | 28804 | @@ -45,13 +46,14 @@ |
28805 | * | ||
28806 | * rax original destination | ||
28807 | */ | ||
28808 | - .section .altinstr_replacement, "ax", @progbits | ||
28809 | + .section .altinstr_replacement, "a", @progbits | ||
28810 | .Lmemset_c_e: | ||
28811 | movq %rdi,%r9 | ||
28812 | movb %sil,%al | ||
25884 | movq %rdx,%rcx | 28813 | movq %rdx,%rcx |
25885 | rep stosb | 28814 | rep stosb |
25886 | movq %r9,%rax | 28815 | movq %r9,%rax |
@@ -27157,10 +30086,18 @@ index 3eb18ac..6890bc3 100644 | |||
27157 | +EXPORT_SYMBOL(set_fs); | 30086 | +EXPORT_SYMBOL(set_fs); |
27158 | +#endif | 30087 | +#endif |
27159 | diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c | 30088 | diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c |
27160 | index 906fea3..5646695 100644 | 30089 | index 906fea3..0194a18 100644 |
27161 | --- a/arch/x86/lib/usercopy_64.c | 30090 | --- a/arch/x86/lib/usercopy_64.c |
27162 | +++ b/arch/x86/lib/usercopy_64.c | 30091 | +++ b/arch/x86/lib/usercopy_64.c |
27163 | @@ -39,7 +39,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) | 30092 | @@ -18,6 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) |
30093 | might_fault(); | ||
30094 | /* no memory constraint because it doesn't change any memory gcc knows | ||
30095 | about */ | ||
30096 | + pax_open_userland(); | ||
30097 | stac(); | ||
30098 | asm volatile( | ||
30099 | " testq %[size8],%[size8]\n" | ||
30100 | @@ -39,9 +40,10 @@ unsigned long __clear_user(void __user *addr, unsigned long size) | ||
27164 | _ASM_EXTABLE(0b,3b) | 30101 | _ASM_EXTABLE(0b,3b) |
27165 | _ASM_EXTABLE(1b,2b) | 30102 | _ASM_EXTABLE(1b,2b) |
27166 | : [size8] "=&c"(size), [dst] "=&D" (__d0) | 30103 | : [size8] "=&c"(size), [dst] "=&D" (__d0) |
@@ -27168,8 +30105,11 @@ index 906fea3..5646695 100644 | |||
27168 | + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)), | 30105 | + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)), |
27169 | [zero] "r" (0UL), [eight] "r" (8UL)); | 30106 | [zero] "r" (0UL), [eight] "r" (8UL)); |
27170 | clac(); | 30107 | clac(); |
30108 | + pax_close_userland(); | ||
27171 | return size; | 30109 | return size; |
27172 | @@ -54,12 +54,11 @@ unsigned long clear_user(void __user *to, unsigned long n) | 30110 | } |
30111 | EXPORT_SYMBOL(__clear_user); | ||
30112 | @@ -54,12 +56,11 @@ unsigned long clear_user(void __user *to, unsigned long n) | ||
27173 | } | 30113 | } |
27174 | EXPORT_SYMBOL(clear_user); | 30114 | EXPORT_SYMBOL(clear_user); |
27175 | 30115 | ||
@@ -27186,7 +30126,7 @@ index 906fea3..5646695 100644 | |||
27186 | } | 30126 | } |
27187 | EXPORT_SYMBOL(copy_in_user); | 30127 | EXPORT_SYMBOL(copy_in_user); |
27188 | 30128 | ||
27189 | @@ -69,7 +68,7 @@ EXPORT_SYMBOL(copy_in_user); | 30129 | @@ -69,11 +70,13 @@ EXPORT_SYMBOL(copy_in_user); |
27190 | * it is not necessary to optimize tail handling. | 30130 | * it is not necessary to optimize tail handling. |
27191 | */ | 30131 | */ |
27192 | unsigned long | 30132 | unsigned long |
@@ -27195,6 +30135,31 @@ index 906fea3..5646695 100644 | |||
27195 | { | 30135 | { |
27196 | char c; | 30136 | char c; |
27197 | unsigned zero_len; | 30137 | unsigned zero_len; |
30138 | |||
30139 | + clac(); | ||
30140 | + pax_close_userland(); | ||
30141 | for (; len; --len, to++) { | ||
30142 | if (__get_user_nocheck(c, from++, sizeof(char))) | ||
30143 | break; | ||
30144 | @@ -84,6 +87,5 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) | ||
30145 | for (c = 0, zero_len = len; zerorest && zero_len; --zero_len) | ||
30146 | if (__put_user_nocheck(c, to++, sizeof(char))) | ||
30147 | break; | ||
30148 | - clac(); | ||
30149 | return len; | ||
30150 | } | ||
30151 | diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile | ||
30152 | index 23d8e5f..9ccc13a 100644 | ||
30153 | --- a/arch/x86/mm/Makefile | ||
30154 | +++ b/arch/x86/mm/Makefile | ||
30155 | @@ -28,3 +28,7 @@ obj-$(CONFIG_ACPI_NUMA) += srat.o | ||
30156 | obj-$(CONFIG_NUMA_EMU) += numa_emulation.o | ||
30157 | |||
30158 | obj-$(CONFIG_MEMTEST) += memtest.o | ||
30159 | + | ||
30160 | +quote:=" | ||
30161 | +obj-$(CONFIG_X86_64) += uderef_64.o | ||
30162 | +CFLAGS_uderef_64.o := $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS)) | ||
27198 | diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c | 30163 | diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c |
27199 | index 903ec1e..c4166b2 100644 | 30164 | index 903ec1e..c4166b2 100644 |
27200 | --- a/arch/x86/mm/extable.c | 30165 | --- a/arch/x86/mm/extable.c |
@@ -27250,7 +30215,7 @@ index 903ec1e..c4166b2 100644 | |||
27250 | } | 30215 | } |
27251 | 30216 | ||
27252 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c | 30217 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
27253 | index 654be4a..d36985f 100644 | 30218 | index 654be4a..a4a3da1 100644 |
27254 | --- a/arch/x86/mm/fault.c | 30219 | --- a/arch/x86/mm/fault.c |
27255 | +++ b/arch/x86/mm/fault.c | 30220 | +++ b/arch/x86/mm/fault.c |
27256 | @@ -14,11 +14,18 @@ | 30221 | @@ -14,11 +14,18 @@ |
@@ -27340,7 +30305,7 @@ index 654be4a..d36985f 100644 | |||
27340 | DEFINE_SPINLOCK(pgd_lock); | 30305 | DEFINE_SPINLOCK(pgd_lock); |
27341 | LIST_HEAD(pgd_list); | 30306 | LIST_HEAD(pgd_list); |
27342 | 30307 | ||
27343 | @@ -232,10 +273,22 @@ void vmalloc_sync_all(void) | 30308 | @@ -232,10 +273,27 @@ void vmalloc_sync_all(void) |
27344 | for (address = VMALLOC_START & PMD_MASK; | 30309 | for (address = VMALLOC_START & PMD_MASK; |
27345 | address >= TASK_SIZE && address < FIXADDR_TOP; | 30310 | address >= TASK_SIZE && address < FIXADDR_TOP; |
27346 | address += PMD_SIZE) { | 30311 | address += PMD_SIZE) { |
@@ -27355,15 +30320,20 @@ index 654be4a..d36985f 100644 | |||
27355 | + | 30320 | + |
27356 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 30321 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
27357 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { | 30322 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { |
27358 | + pgd_t *pgd = get_cpu_pgd(cpu); | 30323 | + pgd_t *pgd = get_cpu_pgd(cpu, user); |
27359 | + pmd_t *ret; | 30324 | + pmd_t *ret; |
30325 | + | ||
30326 | + ret = vmalloc_sync_one(pgd, address); | ||
30327 | + if (!ret) | ||
30328 | + break; | ||
30329 | + pgd = get_cpu_pgd(cpu, kernel); | ||
27360 | +#else | 30330 | +#else |
27361 | list_for_each_entry(page, &pgd_list, lru) { | 30331 | list_for_each_entry(page, &pgd_list, lru) { |
27362 | + pgd_t *pgd; | 30332 | + pgd_t *pgd; |
27363 | spinlock_t *pgt_lock; | 30333 | spinlock_t *pgt_lock; |
27364 | pmd_t *ret; | 30334 | pmd_t *ret; |
27365 | 30335 | ||
27366 | @@ -243,8 +296,14 @@ void vmalloc_sync_all(void) | 30336 | @@ -243,8 +301,14 @@ void vmalloc_sync_all(void) |
27367 | pgt_lock = &pgd_page_get_mm(page)->page_table_lock; | 30337 | pgt_lock = &pgd_page_get_mm(page)->page_table_lock; |
27368 | 30338 | ||
27369 | spin_lock(pgt_lock); | 30339 | spin_lock(pgt_lock); |
@@ -27379,34 +30349,47 @@ index 654be4a..d36985f 100644 | |||
27379 | 30349 | ||
27380 | if (!ret) | 30350 | if (!ret) |
27381 | break; | 30351 | break; |
27382 | @@ -278,6 +337,11 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) | 30352 | @@ -278,6 +342,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) |
27383 | * an interrupt in the middle of a task switch.. | 30353 | * an interrupt in the middle of a task switch.. |
27384 | */ | 30354 | */ |
27385 | pgd_paddr = read_cr3(); | 30355 | pgd_paddr = read_cr3(); |
27386 | + | 30356 | + |
27387 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 30357 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
27388 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK)); | 30358 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (pgd_paddr & __PHYSICAL_MASK)); |
30359 | + vmalloc_sync_one(__va(pgd_paddr + PAGE_SIZE), address); | ||
27389 | +#endif | 30360 | +#endif |
27390 | + | 30361 | + |
27391 | pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); | 30362 | pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); |
27392 | if (!pmd_k) | 30363 | if (!pmd_k) |
27393 | return -1; | 30364 | return -1; |
27394 | @@ -373,7 +437,14 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) | 30365 | @@ -373,11 +443,25 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) |
27395 | * happen within a race in page table update. In the later | 30366 | * happen within a race in page table update. In the later |
27396 | * case just flush: | 30367 | * case just flush: |
27397 | */ | 30368 | */ |
30369 | - pgd = pgd_offset(current->active_mm, address); | ||
27398 | + | 30370 | + |
30371 | pgd_ref = pgd_offset_k(address); | ||
30372 | if (pgd_none(*pgd_ref)) | ||
30373 | return -1; | ||
30374 | |||
27399 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 30375 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
27400 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK)); | 30376 | + BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (read_cr3() & __PHYSICAL_MASK)); |
27401 | + pgd = pgd_offset_cpu(smp_processor_id(), address); | 30377 | + pgd = pgd_offset_cpu(smp_processor_id(), user, address); |
30378 | + if (pgd_none(*pgd)) { | ||
30379 | + set_pgd(pgd, *pgd_ref); | ||
30380 | + arch_flush_lazy_mmu_mode(); | ||
30381 | + } else { | ||
30382 | + BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); | ||
30383 | + } | ||
30384 | + pgd = pgd_offset_cpu(smp_processor_id(), kernel, address); | ||
27402 | +#else | 30385 | +#else |
27403 | pgd = pgd_offset(current->active_mm, address); | 30386 | + pgd = pgd_offset(current->active_mm, address); |
27404 | +#endif | 30387 | +#endif |
27405 | + | 30388 | + |
27406 | pgd_ref = pgd_offset_k(address); | 30389 | if (pgd_none(*pgd)) { |
27407 | if (pgd_none(*pgd_ref)) | 30390 | set_pgd(pgd, *pgd_ref); |
27408 | return -1; | 30391 | arch_flush_lazy_mmu_mode(); |
27409 | @@ -543,7 +614,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) | 30392 | @@ -543,7 +627,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) |
27410 | static int is_errata100(struct pt_regs *regs, unsigned long address) | 30393 | static int is_errata100(struct pt_regs *regs, unsigned long address) |
27411 | { | 30394 | { |
27412 | #ifdef CONFIG_X86_64 | 30395 | #ifdef CONFIG_X86_64 |
@@ -27415,7 +30398,7 @@ index 654be4a..d36985f 100644 | |||
27415 | return 1; | 30398 | return 1; |
27416 | #endif | 30399 | #endif |
27417 | return 0; | 30400 | return 0; |
27418 | @@ -570,7 +641,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) | 30401 | @@ -570,7 +654,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) |
27419 | } | 30402 | } |
27420 | 30403 | ||
27421 | static const char nx_warning[] = KERN_CRIT | 30404 | static const char nx_warning[] = KERN_CRIT |
@@ -27424,7 +30407,7 @@ index 654be4a..d36985f 100644 | |||
27424 | 30407 | ||
27425 | static void | 30408 | static void |
27426 | show_fault_oops(struct pt_regs *regs, unsigned long error_code, | 30409 | show_fault_oops(struct pt_regs *regs, unsigned long error_code, |
27427 | @@ -579,15 +650,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, | 30410 | @@ -579,15 +663,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, |
27428 | if (!oops_may_print()) | 30411 | if (!oops_may_print()) |
27429 | return; | 30412 | return; |
27430 | 30413 | ||
@@ -27454,7 +30437,7 @@ index 654be4a..d36985f 100644 | |||
27454 | printk(KERN_ALERT "BUG: unable to handle kernel "); | 30437 | printk(KERN_ALERT "BUG: unable to handle kernel "); |
27455 | if (address < PAGE_SIZE) | 30438 | if (address < PAGE_SIZE) |
27456 | printk(KERN_CONT "NULL pointer dereference"); | 30439 | printk(KERN_CONT "NULL pointer dereference"); |
27457 | @@ -750,6 +833,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, | 30440 | @@ -750,6 +846,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, |
27458 | return; | 30441 | return; |
27459 | } | 30442 | } |
27460 | #endif | 30443 | #endif |
@@ -27477,7 +30460,7 @@ index 654be4a..d36985f 100644 | |||
27477 | /* Kernel addresses are always protection faults: */ | 30460 | /* Kernel addresses are always protection faults: */ |
27478 | if (address >= TASK_SIZE) | 30461 | if (address >= TASK_SIZE) |
27479 | error_code |= PF_PROT; | 30462 | error_code |= PF_PROT; |
27480 | @@ -835,7 +934,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, | 30463 | @@ -835,7 +947,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, |
27481 | if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { | 30464 | if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { |
27482 | printk(KERN_ERR | 30465 | printk(KERN_ERR |
27483 | "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", | 30466 | "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", |
@@ -27486,7 +30469,7 @@ index 654be4a..d36985f 100644 | |||
27486 | code = BUS_MCEERR_AR; | 30469 | code = BUS_MCEERR_AR; |
27487 | } | 30470 | } |
27488 | #endif | 30471 | #endif |
27489 | @@ -898,6 +997,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) | 30472 | @@ -898,6 +1010,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) |
27490 | return 1; | 30473 | return 1; |
27491 | } | 30474 | } |
27492 | 30475 | ||
@@ -27586,7 +30569,7 @@ index 654be4a..d36985f 100644 | |||
27586 | /* | 30569 | /* |
27587 | * Handle a spurious fault caused by a stale TLB entry. | 30570 | * Handle a spurious fault caused by a stale TLB entry. |
27588 | * | 30571 | * |
27589 | @@ -964,6 +1156,9 @@ int show_unhandled_signals = 1; | 30572 | @@ -964,6 +1169,9 @@ int show_unhandled_signals = 1; |
27590 | static inline int | 30573 | static inline int |
27591 | access_error(unsigned long error_code, struct vm_area_struct *vma) | 30574 | access_error(unsigned long error_code, struct vm_area_struct *vma) |
27592 | { | 30575 | { |
@@ -27596,7 +30579,7 @@ index 654be4a..d36985f 100644 | |||
27596 | if (error_code & PF_WRITE) { | 30579 | if (error_code & PF_WRITE) { |
27597 | /* write, present and write, not present: */ | 30580 | /* write, present and write, not present: */ |
27598 | if (unlikely(!(vma->vm_flags & VM_WRITE))) | 30581 | if (unlikely(!(vma->vm_flags & VM_WRITE))) |
27599 | @@ -992,7 +1187,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) | 30582 | @@ -992,7 +1200,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) |
27600 | if (error_code & PF_USER) | 30583 | if (error_code & PF_USER) |
27601 | return false; | 30584 | return false; |
27602 | 30585 | ||
@@ -27605,7 +30588,7 @@ index 654be4a..d36985f 100644 | |||
27605 | return false; | 30588 | return false; |
27606 | 30589 | ||
27607 | return true; | 30590 | return true; |
27608 | @@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) | 30591 | @@ -1008,18 +1216,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) |
27609 | { | 30592 | { |
27610 | struct vm_area_struct *vma; | 30593 | struct vm_area_struct *vma; |
27611 | struct task_struct *tsk; | 30594 | struct task_struct *tsk; |
@@ -27644,7 +30627,7 @@ index 654be4a..d36985f 100644 | |||
27644 | 30627 | ||
27645 | /* | 30628 | /* |
27646 | * Detect and handle instructions that would cause a page fault for | 30629 | * Detect and handle instructions that would cause a page fault for |
27647 | @@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) | 30630 | @@ -1080,7 +1303,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) |
27648 | * User-mode registers count as a user access even for any | 30631 | * User-mode registers count as a user access even for any |
27649 | * potential system fault or CPU buglet: | 30632 | * potential system fault or CPU buglet: |
27650 | */ | 30633 | */ |
@@ -27653,7 +30636,7 @@ index 654be4a..d36985f 100644 | |||
27653 | local_irq_enable(); | 30636 | local_irq_enable(); |
27654 | error_code |= PF_USER; | 30637 | error_code |= PF_USER; |
27655 | } else { | 30638 | } else { |
27656 | @@ -1142,6 +1352,11 @@ retry: | 30639 | @@ -1142,6 +1365,11 @@ retry: |
27657 | might_sleep(); | 30640 | might_sleep(); |
27658 | } | 30641 | } |
27659 | 30642 | ||
@@ -27665,7 +30648,7 @@ index 654be4a..d36985f 100644 | |||
27665 | vma = find_vma(mm, address); | 30648 | vma = find_vma(mm, address); |
27666 | if (unlikely(!vma)) { | 30649 | if (unlikely(!vma)) { |
27667 | bad_area(regs, error_code, address); | 30650 | bad_area(regs, error_code, address); |
27668 | @@ -1153,18 +1368,24 @@ retry: | 30651 | @@ -1153,18 +1381,24 @@ retry: |
27669 | bad_area(regs, error_code, address); | 30652 | bad_area(regs, error_code, address); |
27670 | return; | 30653 | return; |
27671 | } | 30654 | } |
@@ -27701,7 +30684,7 @@ index 654be4a..d36985f 100644 | |||
27701 | if (unlikely(expand_stack(vma, address))) { | 30684 | if (unlikely(expand_stack(vma, address))) { |
27702 | bad_area(regs, error_code, address); | 30685 | bad_area(regs, error_code, address); |
27703 | return; | 30686 | return; |
27704 | @@ -1230,3 +1451,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) | 30687 | @@ -1230,3 +1464,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) |
27705 | __do_page_fault(regs, error_code); | 30688 | __do_page_fault(regs, error_code); |
27706 | exception_exit(prev_state); | 30689 | exception_exit(prev_state); |
27707 | } | 30690 | } |
@@ -28132,7 +31115,7 @@ index ae1aa71..d9bea75 100644 | |||
28132 | 31115 | ||
28133 | #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/ | 31116 | #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/ |
28134 | diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c | 31117 | diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
28135 | index 1f34e92..d252637 100644 | 31118 | index 1f34e92..c97b98f 100644 |
28136 | --- a/arch/x86/mm/init.c | 31119 | --- a/arch/x86/mm/init.c |
28137 | +++ b/arch/x86/mm/init.c | 31120 | +++ b/arch/x86/mm/init.c |
28138 | @@ -4,6 +4,7 @@ | 31121 | @@ -4,6 +4,7 @@ |
@@ -28152,15 +31135,18 @@ index 1f34e92..d252637 100644 | |||
28152 | 31135 | ||
28153 | #include "mm_internal.h" | 31136 | #include "mm_internal.h" |
28154 | 31137 | ||
28155 | @@ -465,7 +468,15 @@ void __init init_mem_mapping(void) | 31138 | @@ -465,7 +468,18 @@ void __init init_mem_mapping(void) |
28156 | early_ioremap_page_table_range_init(); | 31139 | early_ioremap_page_table_range_init(); |
28157 | #endif | 31140 | #endif |
28158 | 31141 | ||
28159 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 31142 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
28160 | + clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY, | 31143 | + clone_pgd_range(get_cpu_pgd(0, kernel) + KERNEL_PGD_BOUNDARY, |
28161 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, | 31144 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, |
28162 | + KERNEL_PGD_PTRS); | 31145 | + KERNEL_PGD_PTRS); |
28163 | + load_cr3(get_cpu_pgd(0)); | 31146 | + clone_pgd_range(get_cpu_pgd(0, user) + KERNEL_PGD_BOUNDARY, |
31147 | + swapper_pg_dir + KERNEL_PGD_BOUNDARY, | ||
31148 | + KERNEL_PGD_PTRS); | ||
31149 | + load_cr3(get_cpu_pgd(0, kernel)); | ||
28164 | +#else | 31150 | +#else |
28165 | load_cr3(swapper_pg_dir); | 31151 | load_cr3(swapper_pg_dir); |
28166 | +#endif | 31152 | +#endif |
@@ -28168,7 +31154,7 @@ index 1f34e92..d252637 100644 | |||
28168 | __flush_tlb_all(); | 31154 | __flush_tlb_all(); |
28169 | 31155 | ||
28170 | early_memtest(0, max_pfn_mapped << PAGE_SHIFT); | 31156 | early_memtest(0, max_pfn_mapped << PAGE_SHIFT); |
28171 | @@ -481,10 +492,40 @@ void __init init_mem_mapping(void) | 31157 | @@ -481,10 +495,40 @@ void __init init_mem_mapping(void) |
28172 | * Access has to be given to non-kernel-ram areas as well, these contain the PCI | 31158 | * Access has to be given to non-kernel-ram areas as well, these contain the PCI |
28173 | * mmio resources as well as potential bios/acpi data regions. | 31159 | * mmio resources as well as potential bios/acpi data regions. |
28174 | */ | 31160 | */ |
@@ -28210,7 +31196,7 @@ index 1f34e92..d252637 100644 | |||
28210 | if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) | 31196 | if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) |
28211 | return 0; | 31197 | return 0; |
28212 | if (!page_is_ram(pagenr)) | 31198 | if (!page_is_ram(pagenr)) |
28213 | @@ -538,8 +579,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) | 31199 | @@ -538,8 +582,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) |
28214 | #endif | 31200 | #endif |
28215 | } | 31201 | } |
28216 | 31202 | ||
@@ -28591,7 +31577,7 @@ index 3ac7e31..89611b7 100644 | |||
28591 | printk(KERN_INFO "Write protecting the kernel text: %luk\n", | 31577 | printk(KERN_INFO "Write protecting the kernel text: %luk\n", |
28592 | size >> 10); | 31578 | size >> 10); |
28593 | diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c | 31579 | diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c |
28594 | index bb00c46..f31d2f0 100644 | 31580 | index bb00c46..bf91a67 100644 |
28595 | --- a/arch/x86/mm/init_64.c | 31581 | --- a/arch/x86/mm/init_64.c |
28596 | +++ b/arch/x86/mm/init_64.c | 31582 | +++ b/arch/x86/mm/init_64.c |
28597 | @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); | 31583 | @@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on); |
@@ -28603,7 +31589,7 @@ index bb00c46..f31d2f0 100644 | |||
28603 | EXPORT_SYMBOL_GPL(__supported_pte_mask); | 31589 | EXPORT_SYMBOL_GPL(__supported_pte_mask); |
28604 | 31590 | ||
28605 | int force_personality32; | 31591 | int force_personality32; |
28606 | @@ -184,12 +184,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) | 31592 | @@ -184,12 +184,29 @@ void sync_global_pgds(unsigned long start, unsigned long end) |
28607 | 31593 | ||
28608 | for (address = start; address <= end; address += PGDIR_SIZE) { | 31594 | for (address = start; address <= end; address += PGDIR_SIZE) { |
28609 | const pgd_t *pgd_ref = pgd_offset_k(address); | 31595 | const pgd_t *pgd_ref = pgd_offset_k(address); |
@@ -28621,12 +31607,19 @@ index bb00c46..f31d2f0 100644 | |||
28621 | + | 31607 | + |
28622 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 31608 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
28623 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { | 31609 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { |
28624 | + pgd_t *pgd = pgd_offset_cpu(cpu, address); | 31610 | + pgd_t *pgd = pgd_offset_cpu(cpu, user, address); |
31611 | + | ||
31612 | + if (pgd_none(*pgd)) | ||
31613 | + set_pgd(pgd, *pgd_ref); | ||
31614 | + else | ||
31615 | + BUG_ON(pgd_page_vaddr(*pgd) | ||
31616 | + != pgd_page_vaddr(*pgd_ref)); | ||
31617 | + pgd = pgd_offset_cpu(cpu, kernel, address); | ||
28625 | +#else | 31618 | +#else |
28626 | list_for_each_entry(page, &pgd_list, lru) { | 31619 | list_for_each_entry(page, &pgd_list, lru) { |
28627 | pgd_t *pgd; | 31620 | pgd_t *pgd; |
28628 | spinlock_t *pgt_lock; | 31621 | spinlock_t *pgt_lock; |
28629 | @@ -198,6 +208,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) | 31622 | @@ -198,6 +215,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) |
28630 | /* the pgt_lock only for Xen */ | 31623 | /* the pgt_lock only for Xen */ |
28631 | pgt_lock = &pgd_page_get_mm(page)->page_table_lock; | 31624 | pgt_lock = &pgd_page_get_mm(page)->page_table_lock; |
28632 | spin_lock(pgt_lock); | 31625 | spin_lock(pgt_lock); |
@@ -28634,7 +31627,7 @@ index bb00c46..f31d2f0 100644 | |||
28634 | 31627 | ||
28635 | if (pgd_none(*pgd)) | 31628 | if (pgd_none(*pgd)) |
28636 | set_pgd(pgd, *pgd_ref); | 31629 | set_pgd(pgd, *pgd_ref); |
28637 | @@ -205,7 +216,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) | 31630 | @@ -205,7 +223,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) |
28638 | BUG_ON(pgd_page_vaddr(*pgd) | 31631 | BUG_ON(pgd_page_vaddr(*pgd) |
28639 | != pgd_page_vaddr(*pgd_ref)); | 31632 | != pgd_page_vaddr(*pgd_ref)); |
28640 | 31633 | ||
@@ -28645,7 +31638,7 @@ index bb00c46..f31d2f0 100644 | |||
28645 | } | 31638 | } |
28646 | spin_unlock(&pgd_lock); | 31639 | spin_unlock(&pgd_lock); |
28647 | } | 31640 | } |
28648 | @@ -238,7 +252,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) | 31641 | @@ -238,7 +259,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) |
28649 | { | 31642 | { |
28650 | if (pgd_none(*pgd)) { | 31643 | if (pgd_none(*pgd)) { |
28651 | pud_t *pud = (pud_t *)spp_getpage(); | 31644 | pud_t *pud = (pud_t *)spp_getpage(); |
@@ -28654,7 +31647,7 @@ index bb00c46..f31d2f0 100644 | |||
28654 | if (pud != pud_offset(pgd, 0)) | 31647 | if (pud != pud_offset(pgd, 0)) |
28655 | printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", | 31648 | printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", |
28656 | pud, pud_offset(pgd, 0)); | 31649 | pud, pud_offset(pgd, 0)); |
28657 | @@ -250,7 +264,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) | 31650 | @@ -250,7 +271,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) |
28658 | { | 31651 | { |
28659 | if (pud_none(*pud)) { | 31652 | if (pud_none(*pud)) { |
28660 | pmd_t *pmd = (pmd_t *) spp_getpage(); | 31653 | pmd_t *pmd = (pmd_t *) spp_getpage(); |
@@ -28663,7 +31656,7 @@ index bb00c46..f31d2f0 100644 | |||
28663 | if (pmd != pmd_offset(pud, 0)) | 31656 | if (pmd != pmd_offset(pud, 0)) |
28664 | printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", | 31657 | printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", |
28665 | pmd, pmd_offset(pud, 0)); | 31658 | pmd, pmd_offset(pud, 0)); |
28666 | @@ -279,7 +293,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) | 31659 | @@ -279,7 +300,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) |
28667 | pmd = fill_pmd(pud, vaddr); | 31660 | pmd = fill_pmd(pud, vaddr); |
28668 | pte = fill_pte(pmd, vaddr); | 31661 | pte = fill_pte(pmd, vaddr); |
28669 | 31662 | ||
@@ -28673,7 +31666,7 @@ index bb00c46..f31d2f0 100644 | |||
28673 | 31666 | ||
28674 | /* | 31667 | /* |
28675 | * It's enough to flush this one mapping. | 31668 | * It's enough to flush this one mapping. |
28676 | @@ -338,14 +354,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, | 31669 | @@ -338,14 +361,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, |
28677 | pgd = pgd_offset_k((unsigned long)__va(phys)); | 31670 | pgd = pgd_offset_k((unsigned long)__va(phys)); |
28678 | if (pgd_none(*pgd)) { | 31671 | if (pgd_none(*pgd)) { |
28679 | pud = (pud_t *) spp_getpage(); | 31672 | pud = (pud_t *) spp_getpage(); |
@@ -28690,7 +31683,7 @@ index bb00c46..f31d2f0 100644 | |||
28690 | } | 31683 | } |
28691 | pmd = pmd_offset(pud, phys); | 31684 | pmd = pmd_offset(pud, phys); |
28692 | BUG_ON(!pmd_none(*pmd)); | 31685 | BUG_ON(!pmd_none(*pmd)); |
28693 | @@ -586,7 +600,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, | 31686 | @@ -586,7 +607,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, |
28694 | prot); | 31687 | prot); |
28695 | 31688 | ||
28696 | spin_lock(&init_mm.page_table_lock); | 31689 | spin_lock(&init_mm.page_table_lock); |
@@ -28699,7 +31692,7 @@ index bb00c46..f31d2f0 100644 | |||
28699 | spin_unlock(&init_mm.page_table_lock); | 31692 | spin_unlock(&init_mm.page_table_lock); |
28700 | } | 31693 | } |
28701 | __flush_tlb_all(); | 31694 | __flush_tlb_all(); |
28702 | @@ -627,7 +641,7 @@ kernel_physical_mapping_init(unsigned long start, | 31695 | @@ -627,7 +648,7 @@ kernel_physical_mapping_init(unsigned long start, |
28703 | page_size_mask); | 31696 | page_size_mask); |
28704 | 31697 | ||
28705 | spin_lock(&init_mm.page_table_lock); | 31698 | spin_lock(&init_mm.page_table_lock); |
@@ -28708,7 +31701,7 @@ index bb00c46..f31d2f0 100644 | |||
28708 | spin_unlock(&init_mm.page_table_lock); | 31701 | spin_unlock(&init_mm.page_table_lock); |
28709 | pgd_changed = true; | 31702 | pgd_changed = true; |
28710 | } | 31703 | } |
28711 | @@ -1221,8 +1235,8 @@ int kern_addr_valid(unsigned long addr) | 31704 | @@ -1221,8 +1242,8 @@ int kern_addr_valid(unsigned long addr) |
28712 | static struct vm_area_struct gate_vma = { | 31705 | static struct vm_area_struct gate_vma = { |
28713 | .vm_start = VSYSCALL_START, | 31706 | .vm_start = VSYSCALL_START, |
28714 | .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), | 31707 | .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), |
@@ -28719,7 +31712,7 @@ index bb00c46..f31d2f0 100644 | |||
28719 | }; | 31712 | }; |
28720 | 31713 | ||
28721 | struct vm_area_struct *get_gate_vma(struct mm_struct *mm) | 31714 | struct vm_area_struct *get_gate_vma(struct mm_struct *mm) |
28722 | @@ -1256,7 +1270,7 @@ int in_gate_area_no_mm(unsigned long addr) | 31715 | @@ -1256,7 +1277,7 @@ int in_gate_area_no_mm(unsigned long addr) |
28723 | 31716 | ||
28724 | const char *arch_vma_name(struct vm_area_struct *vma) | 31717 | const char *arch_vma_name(struct vm_area_struct *vma) |
28725 | { | 31718 | { |
@@ -28822,7 +31815,7 @@ index d87dd6d..bf3fa66 100644 | |||
28822 | 31815 | ||
28823 | pte = kmemcheck_pte_lookup(address); | 31816 | pte = kmemcheck_pte_lookup(address); |
28824 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c | 31817 | diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
28825 | index 845df68..1d8d29f 100644 | 31818 | index 5c1ae28..45f4ac9 100644 |
28826 | --- a/arch/x86/mm/mmap.c | 31819 | --- a/arch/x86/mm/mmap.c |
28827 | +++ b/arch/x86/mm/mmap.c | 31820 | +++ b/arch/x86/mm/mmap.c |
28828 | @@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) | 31821 | @@ -52,7 +52,7 @@ static unsigned int stack_maxrandom_size(void) |
@@ -28880,32 +31873,24 @@ index 845df68..1d8d29f 100644 | |||
28880 | return TASK_UNMAPPED_BASE + mmap_rnd(); | 31873 | return TASK_UNMAPPED_BASE + mmap_rnd(); |
28881 | } | 31874 | } |
28882 | 31875 | ||
28883 | @@ -113,11 +126,23 @@ static unsigned long mmap_legacy_base(void) | 31876 | @@ -112,8 +125,15 @@ static unsigned long mmap_legacy_base(void) |
31877 | */ | ||
28884 | void arch_pick_mmap_layout(struct mm_struct *mm) | 31878 | void arch_pick_mmap_layout(struct mm_struct *mm) |
28885 | { | 31879 | { |
28886 | if (mmap_is_legacy()) { | 31880 | - mm->mmap_legacy_base = mmap_legacy_base(); |
28887 | - mm->mmap_base = mmap_legacy_base(); | 31881 | - mm->mmap_base = mmap_base(); |
28888 | + mm->mmap_base = mmap_legacy_base(mm); | 31882 | + mm->mmap_legacy_base = mmap_legacy_base(mm); |
28889 | + | 31883 | + mm->mmap_base = mmap_base(mm); |
28890 | +#ifdef CONFIG_PAX_RANDMMAP | ||
28891 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | ||
28892 | + mm->mmap_base += mm->delta_mmap; | ||
28893 | +#endif | ||
28894 | + | ||
28895 | mm->get_unmapped_area = arch_get_unmapped_area; | ||
28896 | mm->unmap_area = arch_unmap_area; | ||
28897 | } else { | ||
28898 | - mm->mmap_base = mmap_base(); | ||
28899 | + mm->mmap_base = mmap_base(mm); | ||
28900 | + | 31884 | + |
28901 | +#ifdef CONFIG_PAX_RANDMMAP | 31885 | +#ifdef CONFIG_PAX_RANDMMAP |
28902 | + if (mm->pax_flags & MF_PAX_RANDMMAP) | 31886 | + if (mm->pax_flags & MF_PAX_RANDMMAP) { |
28903 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | 31887 | + mm->mmap_legacy_base += mm->delta_mmap; |
31888 | + mm->mmap_base -= mm->delta_mmap + mm->delta_stack; | ||
31889 | + } | ||
28904 | +#endif | 31890 | +#endif |
28905 | + | 31891 | |
28906 | mm->get_unmapped_area = arch_get_unmapped_area_topdown; | 31892 | if (mmap_is_legacy()) { |
28907 | mm->unmap_area = arch_unmap_area_topdown; | 31893 | mm->mmap_base = mm->mmap_legacy_base; |
28908 | } | ||
28909 | diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c | 31894 | diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c |
28910 | index dc0b727..f612039 100644 | 31895 | index dc0b727..f612039 100644 |
28911 | --- a/arch/x86/mm/mmio-mod.c | 31896 | --- a/arch/x86/mm/mmio-mod.c |
@@ -28982,7 +31967,7 @@ index d0b1773..4c3327c 100644 | |||
28982 | 31967 | ||
28983 | struct split_state { | 31968 | struct split_state { |
28984 | diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c | 31969 | diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c |
28985 | index bb32480..aef8278 100644 | 31970 | index bb32480..75f2f5e 100644 |
28986 | --- a/arch/x86/mm/pageattr.c | 31971 | --- a/arch/x86/mm/pageattr.c |
28987 | +++ b/arch/x86/mm/pageattr.c | 31972 | +++ b/arch/x86/mm/pageattr.c |
28988 | @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, | 31973 | @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, |
@@ -29047,7 +32032,7 @@ index bb32480..aef8278 100644 | |||
29047 | 32032 | ||
29048 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 32033 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
29049 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { | 32034 | + for (cpu = 0; cpu < nr_cpu_ids; ++cpu) { |
29050 | + pgd_t *pgd = get_cpu_pgd(cpu); | 32035 | + pgd_t *pgd = get_cpu_pgd(cpu, kernel); |
29051 | +#else | 32036 | +#else |
29052 | list_for_each_entry(page, &pgd_list, lru) { | 32037 | list_for_each_entry(page, &pgd_list, lru) { |
29053 | - pgd_t *pgd; | 32038 | - pgd_t *pgd; |
@@ -29183,10 +32168,10 @@ index 9f0614d..92ae64a 100644 | |||
29183 | p += get_opcode(p, &opcode); | 32168 | p += get_opcode(p, &opcode); |
29184 | for (i = 0; i < ARRAY_SIZE(imm_wop); i++) | 32169 | for (i = 0; i < ARRAY_SIZE(imm_wop); i++) |
29185 | diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c | 32170 | diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c |
29186 | index 17fda6a..489c74a 100644 | 32171 | index 17fda6a..f7d54a0 100644 |
29187 | --- a/arch/x86/mm/pgtable.c | 32172 | --- a/arch/x86/mm/pgtable.c |
29188 | +++ b/arch/x86/mm/pgtable.c | 32173 | +++ b/arch/x86/mm/pgtable.c |
29189 | @@ -91,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd) | 32174 | @@ -91,10 +91,67 @@ static inline void pgd_list_del(pgd_t *pgd) |
29190 | list_del(&page->lru); | 32175 | list_del(&page->lru); |
29191 | } | 32176 | } |
29192 | 32177 | ||
@@ -29199,6 +32184,9 @@ index 17fda6a..489c74a 100644 | |||
29199 | +{ | 32184 | +{ |
29200 | + unsigned int count = USER_PGD_PTRS; | 32185 | + unsigned int count = USER_PGD_PTRS; |
29201 | 32186 | ||
32187 | + if (!pax_user_shadow_base) | ||
32188 | + return; | ||
32189 | + | ||
29202 | + while (count--) | 32190 | + while (count--) |
29203 | + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); | 32191 | + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); |
29204 | +} | 32192 | +} |
@@ -29253,7 +32241,7 @@ index 17fda6a..489c74a 100644 | |||
29253 | static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) | 32241 | static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm) |
29254 | { | 32242 | { |
29255 | BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); | 32243 | BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm)); |
29256 | @@ -135,6 +189,7 @@ static void pgd_dtor(pgd_t *pgd) | 32244 | @@ -135,6 +192,7 @@ static void pgd_dtor(pgd_t *pgd) |
29257 | pgd_list_del(pgd); | 32245 | pgd_list_del(pgd); |
29258 | spin_unlock(&pgd_lock); | 32246 | spin_unlock(&pgd_lock); |
29259 | } | 32247 | } |
@@ -29261,7 +32249,7 @@ index 17fda6a..489c74a 100644 | |||
29261 | 32249 | ||
29262 | /* | 32250 | /* |
29263 | * List of all pgd's needed for non-PAE so it can invalidate entries | 32251 | * List of all pgd's needed for non-PAE so it can invalidate entries |
29264 | @@ -147,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd) | 32252 | @@ -147,7 +205,7 @@ static void pgd_dtor(pgd_t *pgd) |
29265 | * -- nyc | 32253 | * -- nyc |
29266 | */ | 32254 | */ |
29267 | 32255 | ||
@@ -29270,7 +32258,7 @@ index 17fda6a..489c74a 100644 | |||
29270 | /* | 32258 | /* |
29271 | * In PAE mode, we need to do a cr3 reload (=tlb flush) when | 32259 | * In PAE mode, we need to do a cr3 reload (=tlb flush) when |
29272 | * updating the top-level pagetable entries to guarantee the | 32260 | * updating the top-level pagetable entries to guarantee the |
29273 | @@ -159,7 +214,7 @@ static void pgd_dtor(pgd_t *pgd) | 32261 | @@ -159,7 +217,7 @@ static void pgd_dtor(pgd_t *pgd) |
29274 | * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate | 32262 | * not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate |
29275 | * and initialize the kernel pmds here. | 32263 | * and initialize the kernel pmds here. |
29276 | */ | 32264 | */ |
@@ -29279,7 +32267,7 @@ index 17fda6a..489c74a 100644 | |||
29279 | 32267 | ||
29280 | void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) | 32268 | void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) |
29281 | { | 32269 | { |
29282 | @@ -177,36 +232,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) | 32270 | @@ -177,36 +235,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd) |
29283 | */ | 32271 | */ |
29284 | flush_tlb_mm(mm); | 32272 | flush_tlb_mm(mm); |
29285 | } | 32273 | } |
@@ -29329,7 +32317,7 @@ index 17fda6a..489c74a 100644 | |||
29329 | return -ENOMEM; | 32317 | return -ENOMEM; |
29330 | } | 32318 | } |
29331 | 32319 | ||
29332 | @@ -219,51 +276,55 @@ static int preallocate_pmds(pmd_t *pmds[]) | 32320 | @@ -219,51 +279,55 @@ static int preallocate_pmds(pmd_t *pmds[]) |
29333 | * preallocate which never got a corresponding vma will need to be | 32321 | * preallocate which never got a corresponding vma will need to be |
29334 | * freed manually. | 32322 | * freed manually. |
29335 | */ | 32323 | */ |
@@ -29402,7 +32390,7 @@ index 17fda6a..489c74a 100644 | |||
29402 | 32390 | ||
29403 | pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); | 32391 | pgd = (pgd_t *)__get_free_page(PGALLOC_GFP); |
29404 | 32392 | ||
29405 | @@ -272,11 +333,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) | 32393 | @@ -272,11 +336,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm) |
29406 | 32394 | ||
29407 | mm->pgd = pgd; | 32395 | mm->pgd = pgd; |
29408 | 32396 | ||
@@ -29416,7 +32404,7 @@ index 17fda6a..489c74a 100644 | |||
29416 | 32404 | ||
29417 | /* | 32405 | /* |
29418 | * Make sure that pre-populating the pmds is atomic with | 32406 | * Make sure that pre-populating the pmds is atomic with |
29419 | @@ -286,14 +347,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) | 32407 | @@ -286,14 +350,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm) |
29420 | spin_lock(&pgd_lock); | 32408 | spin_lock(&pgd_lock); |
29421 | 32409 | ||
29422 | pgd_ctor(mm, pgd); | 32410 | pgd_ctor(mm, pgd); |
@@ -29434,7 +32422,7 @@ index 17fda6a..489c74a 100644 | |||
29434 | out_free_pgd: | 32422 | out_free_pgd: |
29435 | free_page((unsigned long)pgd); | 32423 | free_page((unsigned long)pgd); |
29436 | out: | 32424 | out: |
29437 | @@ -302,7 +363,7 @@ out: | 32425 | @@ -302,7 +366,7 @@ out: |
29438 | 32426 | ||
29439 | void pgd_free(struct mm_struct *mm, pgd_t *pgd) | 32427 | void pgd_free(struct mm_struct *mm, pgd_t *pgd) |
29440 | { | 32428 | { |
@@ -29532,6 +32520,49 @@ index 282375f..e03a98f 100644 | |||
29532 | } | 32520 | } |
29533 | } | 32521 | } |
29534 | EXPORT_SYMBOL_GPL(leave_mm); | 32522 | EXPORT_SYMBOL_GPL(leave_mm); |
32523 | diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c | ||
32524 | new file mode 100644 | ||
32525 | index 0000000..dace51c | ||
32526 | --- /dev/null | ||
32527 | +++ b/arch/x86/mm/uderef_64.c | ||
32528 | @@ -0,0 +1,37 @@ | ||
32529 | +#include <linux/mm.h> | ||
32530 | +#include <asm/pgtable.h> | ||
32531 | +#include <asm/uaccess.h> | ||
32532 | + | ||
32533 | +#ifdef CONFIG_PAX_MEMORY_UDEREF | ||
32534 | +/* PaX: due to the special call convention these functions must | ||
32535 | + * - remain leaf functions under all configurations, | ||
32536 | + * - never be called directly, only dereferenced from the wrappers. | ||
32537 | + */ | ||
32538 | +void __pax_open_userland(void) | ||
32539 | +{ | ||
32540 | + unsigned int cpu; | ||
32541 | + | ||
32542 | + if (unlikely(!segment_eq(get_fs(), USER_DS))) | ||
32543 | + return; | ||
32544 | + | ||
32545 | + cpu = raw_get_cpu(); | ||
32546 | + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL); | ||
32547 | + write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); | ||
32548 | + raw_put_cpu_no_resched(); | ||
32549 | +} | ||
32550 | +EXPORT_SYMBOL(__pax_open_userland); | ||
32551 | + | ||
32552 | +void __pax_close_userland(void) | ||
32553 | +{ | ||
32554 | + unsigned int cpu; | ||
32555 | + | ||
32556 | + if (unlikely(!segment_eq(get_fs(), USER_DS))) | ||
32557 | + return; | ||
32558 | + | ||
32559 | + cpu = raw_get_cpu(); | ||
32560 | + BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER); | ||
32561 | + write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); | ||
32562 | + raw_put_cpu_no_resched(); | ||
32563 | +} | ||
32564 | +EXPORT_SYMBOL(__pax_close_userland); | ||
32565 | +#endif | ||
29535 | diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S | 32566 | diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S |
29536 | index 877b9a1..a8ecf42 100644 | 32567 | index 877b9a1..a8ecf42 100644 |
29537 | --- a/arch/x86/net/bpf_jit.S | 32568 | --- a/arch/x86/net/bpf_jit.S |
@@ -30444,7 +33475,7 @@ index c77b24a..c979855 100644 | |||
30444 | } | 33475 | } |
30445 | EXPORT_SYMBOL(pcibios_set_irq_routing); | 33476 | EXPORT_SYMBOL(pcibios_set_irq_routing); |
30446 | diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c | 33477 | diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c |
30447 | index 40e4469..0592924 100644 | 33478 | index 40e4469..d915bf9 100644 |
30448 | --- a/arch/x86/platform/efi/efi_32.c | 33479 | --- a/arch/x86/platform/efi/efi_32.c |
30449 | +++ b/arch/x86/platform/efi/efi_32.c | 33480 | +++ b/arch/x86/platform/efi/efi_32.c |
30450 | @@ -44,11 +44,22 @@ void efi_call_phys_prelog(void) | 33481 | @@ -44,11 +44,22 @@ void efi_call_phys_prelog(void) |
@@ -30487,7 +33518,7 @@ index 40e4469..0592924 100644 | |||
30487 | load_gdt(&gdt_descr); | 33518 | load_gdt(&gdt_descr); |
30488 | 33519 | ||
30489 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 33520 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
30490 | + load_cr3(get_cpu_pgd(smp_processor_id())); | 33521 | + load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); |
30491 | +#else | 33522 | +#else |
30492 | load_cr3(swapper_pg_dir); | 33523 | load_cr3(swapper_pg_dir); |
30493 | +#endif | 33524 | +#endif |
@@ -30496,7 +33527,7 @@ index 40e4469..0592924 100644 | |||
30496 | 33527 | ||
30497 | local_irq_restore(efi_rt_eflags); | 33528 | local_irq_restore(efi_rt_eflags); |
30498 | diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c | 33529 | diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c |
30499 | index 39a0e7f1..ecc2f1e 100644 | 33530 | index 39a0e7f1..872396e 100644 |
30500 | --- a/arch/x86/platform/efi/efi_64.c | 33531 | --- a/arch/x86/platform/efi/efi_64.c |
30501 | +++ b/arch/x86/platform/efi/efi_64.c | 33532 | +++ b/arch/x86/platform/efi/efi_64.c |
30502 | @@ -76,6 +76,11 @@ void __init efi_call_phys_prelog(void) | 33533 | @@ -76,6 +76,11 @@ void __init efi_call_phys_prelog(void) |
@@ -30517,7 +33548,7 @@ index 39a0e7f1..ecc2f1e 100644 | |||
30517 | kfree(save_pgd); | 33548 | kfree(save_pgd); |
30518 | + | 33549 | + |
30519 | +#ifdef CONFIG_PAX_PER_CPU_PGD | 33550 | +#ifdef CONFIG_PAX_PER_CPU_PGD |
30520 | + load_cr3(get_cpu_pgd(smp_processor_id())); | 33551 | + load_cr3(get_cpu_pgd(smp_processor_id(), kernel)); |
30521 | +#endif | 33552 | +#endif |
30522 | + | 33553 | + |
30523 | __flush_tlb_all(); | 33554 | __flush_tlb_all(); |
@@ -30884,10 +33915,18 @@ index c1b2791..f9e31c7 100644 | |||
30884 | END(trampoline_header) | 33915 | END(trampoline_header) |
30885 | 33916 | ||
30886 | diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S | 33917 | diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S |
30887 | index bb360dc..3e5945f 100644 | 33918 | index bb360dc..d0fd8f8 100644 |
30888 | --- a/arch/x86/realmode/rm/trampoline_64.S | 33919 | --- a/arch/x86/realmode/rm/trampoline_64.S |
30889 | +++ b/arch/x86/realmode/rm/trampoline_64.S | 33920 | +++ b/arch/x86/realmode/rm/trampoline_64.S |
30890 | @@ -107,7 +107,7 @@ ENTRY(startup_32) | 33921 | @@ -94,6 +94,7 @@ ENTRY(startup_32) |
33922 | movl %edx, %gs | ||
33923 | |||
33924 | movl pa_tr_cr4, %eax | ||
33925 | + andl $~X86_CR4_PCIDE, %eax | ||
33926 | movl %eax, %cr4 # Enable PAE mode | ||
33927 | |||
33928 | # Setup trampoline 4 level pagetables | ||
33929 | @@ -107,7 +108,7 @@ ENTRY(startup_32) | ||
30891 | wrmsr | 33930 | wrmsr |
30892 | 33931 | ||
30893 | # Enable paging and in turn activate Long Mode | 33932 | # Enable paging and in turn activate Long Mode |
@@ -31484,7 +34523,7 @@ index fdc3ba2..3daee39 100644 | |||
31484 | .alloc_pud = xen_alloc_pmd_init, | 34523 | .alloc_pud = xen_alloc_pmd_init, |
31485 | .release_pud = xen_release_pmd_init, | 34524 | .release_pud = xen_release_pmd_init, |
31486 | diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c | 34525 | diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c |
31487 | index d99cae8..18401e1 100644 | 34526 | index a1e58e1..9392ad8 100644 |
31488 | --- a/arch/x86/xen/smp.c | 34527 | --- a/arch/x86/xen/smp.c |
31489 | +++ b/arch/x86/xen/smp.c | 34528 | +++ b/arch/x86/xen/smp.c |
31490 | @@ -240,11 +240,6 @@ static void __init xen_smp_prepare_boot_cpu(void) | 34529 | @@ -240,11 +240,6 @@ static void __init xen_smp_prepare_boot_cpu(void) |
@@ -31665,6 +34704,28 @@ index af00795..2bb8105 100644 | |||
31665 | 34704 | ||
31666 | #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ | 34705 | #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ |
31667 | #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ | 34706 | #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ |
34707 | diff --git a/block/blk-cgroup.c b/block/blk-cgroup.c | ||
34708 | index e8918ff..b3ffc51 100644 | ||
34709 | --- a/block/blk-cgroup.c | ||
34710 | +++ b/block/blk-cgroup.c | ||
34711 | @@ -825,7 +825,7 @@ static void blkcg_css_free(struct cgroup *cgroup) | ||
34712 | |||
34713 | static struct cgroup_subsys_state *blkcg_css_alloc(struct cgroup *cgroup) | ||
34714 | { | ||
34715 | - static atomic64_t id_seq = ATOMIC64_INIT(0); | ||
34716 | + static atomic64_unchecked_t id_seq = ATOMIC64_INIT(0); | ||
34717 | struct blkcg *blkcg; | ||
34718 | struct cgroup *parent = cgroup->parent; | ||
34719 | |||
34720 | @@ -840,7 +840,7 @@ static struct cgroup_subsys_state *blkcg_css_alloc(struct cgroup *cgroup) | ||
34721 | |||
34722 | blkcg->cfq_weight = CFQ_WEIGHT_DEFAULT; | ||
34723 | blkcg->cfq_leaf_weight = CFQ_WEIGHT_DEFAULT; | ||
34724 | - blkcg->id = atomic64_inc_return(&id_seq); /* root is 0, start from 1 */ | ||
34725 | + blkcg->id = atomic64_inc_return_unchecked(&id_seq); /* root is 0, start from 1 */ | ||
34726 | done: | ||
34727 | spin_lock_init(&blkcg->lock); | ||
34728 | INIT_RADIX_TREE(&blkcg->blkg_tree, GFP_ATOMIC); | ||
31668 | diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c | 34729 | diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c |
31669 | index 58916af..eb9dbcf6 100644 | 34730 | index 58916af..eb9dbcf6 100644 |
31670 | --- a/block/blk-iopoll.c | 34731 | --- a/block/blk-iopoll.c |
@@ -31958,6 +35019,28 @@ index 33dc6a0..4b24b47 100644 | |||
31958 | } | 35019 | } |
31959 | EXPORT_SYMBOL_GPL(cper_next_record_id); | 35020 | EXPORT_SYMBOL_GPL(cper_next_record_id); |
31960 | 35021 | ||
35022 | diff --git a/drivers/acpi/apei/ghes.c b/drivers/acpi/apei/ghes.c | ||
35023 | index fcd7d91..6b2f1a3 100644 | ||
35024 | --- a/drivers/acpi/apei/ghes.c | ||
35025 | +++ b/drivers/acpi/apei/ghes.c | ||
35026 | @@ -468,7 +468,7 @@ static void __ghes_print_estatus(const char *pfx, | ||
35027 | const struct acpi_hest_generic *generic, | ||
35028 | const struct acpi_hest_generic_status *estatus) | ||
35029 | { | ||
35030 | - static atomic_t seqno; | ||
35031 | + static atomic_unchecked_t seqno; | ||
35032 | unsigned int curr_seqno; | ||
35033 | char pfx_seq[64]; | ||
35034 | |||
35035 | @@ -479,7 +479,7 @@ static void __ghes_print_estatus(const char *pfx, | ||
35036 | else | ||
35037 | pfx = KERN_ERR; | ||
35038 | } | ||
35039 | - curr_seqno = atomic_inc_return(&seqno); | ||
35040 | + curr_seqno = atomic_inc_return_unchecked(&seqno); | ||
35041 | snprintf(pfx_seq, sizeof(pfx_seq), "%s{%u}" HW_ERR, pfx, curr_seqno); | ||
35042 | printk("%s""Hardware error from APEI Generic Hardware Error Source: %d\n", | ||
35043 | pfx_seq, generic->header.source_id); | ||
31961 | diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c | 35044 | diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c |
31962 | index be60399..778b33e8 100644 | 35045 | index be60399..778b33e8 100644 |
31963 | --- a/drivers/acpi/bgrt.c | 35046 | --- a/drivers/acpi/bgrt.c |
@@ -32095,9 +35178,18 @@ index 7b9bdd8..37638ca 100644 | |||
32095 | unsigned long timeout_msec) | 35178 | unsigned long timeout_msec) |
32096 | { | 35179 | { |
32097 | diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c | 35180 | diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
32098 | index adf002a..39bb8f9 100644 | 35181 | index adf002a..06c46a7 100644 |
32099 | --- a/drivers/ata/libata-core.c | 35182 | --- a/drivers/ata/libata-core.c |
32100 | +++ b/drivers/ata/libata-core.c | 35183 | +++ b/drivers/ata/libata-core.c |
35184 | @@ -98,7 +98,7 @@ static unsigned int ata_dev_set_xfermode(struct ata_device *dev); | ||
35185 | static void ata_dev_xfermask(struct ata_device *dev); | ||
35186 | static unsigned long ata_dev_blacklisted(const struct ata_device *dev); | ||
35187 | |||
35188 | -atomic_t ata_print_id = ATOMIC_INIT(0); | ||
35189 | +atomic_unchecked_t ata_print_id = ATOMIC_INIT(0); | ||
35190 | |||
35191 | struct ata_force_param { | ||
35192 | const char *name; | ||
32101 | @@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) | 35193 | @@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) |
32102 | struct ata_port *ap; | 35194 | struct ata_port *ap; |
32103 | unsigned int tag; | 35195 | unsigned int tag; |
@@ -32135,6 +35227,41 @@ index adf002a..39bb8f9 100644 | |||
32135 | spin_unlock(&lock); | 35227 | spin_unlock(&lock); |
32136 | } | 35228 | } |
32137 | 35229 | ||
35230 | @@ -6133,7 +6135,7 @@ int ata_host_register(struct ata_host *host, struct scsi_host_template *sht) | ||
35231 | |||
35232 | /* give ports names and add SCSI hosts */ | ||
35233 | for (i = 0; i < host->n_ports; i++) | ||
35234 | - host->ports[i]->print_id = atomic_inc_return(&ata_print_id); | ||
35235 | + host->ports[i]->print_id = atomic_inc_return_unchecked(&ata_print_id); | ||
35236 | |||
35237 | |||
35238 | /* Create associated sysfs transport objects */ | ||
35239 | diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c | ||
35240 | index 0101af5..c70c325 100644 | ||
35241 | --- a/drivers/ata/libata-scsi.c | ||
35242 | +++ b/drivers/ata/libata-scsi.c | ||
35243 | @@ -4105,7 +4105,7 @@ int ata_sas_port_init(struct ata_port *ap) | ||
35244 | |||
35245 | if (rc) | ||
35246 | return rc; | ||
35247 | - ap->print_id = atomic_inc_return(&ata_print_id); | ||
35248 | + ap->print_id = atomic_inc_return_unchecked(&ata_print_id); | ||
35249 | return 0; | ||
35250 | } | ||
35251 | EXPORT_SYMBOL_GPL(ata_sas_port_init); | ||
35252 | diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h | ||
35253 | index 577d902b..cb4781e 100644 | ||
35254 | --- a/drivers/ata/libata.h | ||
35255 | +++ b/drivers/ata/libata.h | ||
35256 | @@ -53,7 +53,7 @@ enum { | ||
35257 | ATA_DNXFER_QUIET = (1 << 31), | ||
35258 | }; | ||
35259 | |||
35260 | -extern atomic_t ata_print_id; | ||
35261 | +extern atomic_unchecked_t ata_print_id; | ||
35262 | extern int atapi_passthru16; | ||
35263 | extern int libata_fua; | ||
35264 | extern int libata_noacpi; | ||
32138 | diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c | 35265 | diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c |
32139 | index 7638121..357a965 100644 | 35266 | index 7638121..357a965 100644 |
32140 | --- a/drivers/ata/pata_arasan_cf.c | 35267 | --- a/drivers/ata/pata_arasan_cf.c |
@@ -33663,6 +36790,28 @@ index a5dca6a..bb27967 100644 | |||
33663 | kfree(tconn->current_epoch); | 36790 | kfree(tconn->current_epoch); |
33664 | 36791 | ||
33665 | idr_destroy(&tconn->volumes); | 36792 | idr_destroy(&tconn->volumes); |
36793 | diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c | ||
36794 | index 9e3f441..4044d47 100644 | ||
36795 | --- a/drivers/block/drbd/drbd_nl.c | ||
36796 | +++ b/drivers/block/drbd/drbd_nl.c | ||
36797 | @@ -3339,7 +3339,7 @@ out: | ||
36798 | |||
36799 | void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) | ||
36800 | { | ||
36801 | - static atomic_t drbd_genl_seq = ATOMIC_INIT(2); /* two. */ | ||
36802 | + static atomic_unchecked_t drbd_genl_seq = ATOMIC_INIT(2); /* two. */ | ||
36803 | struct sk_buff *msg; | ||
36804 | struct drbd_genlmsghdr *d_out; | ||
36805 | unsigned seq; | ||
36806 | @@ -3352,7 +3352,7 @@ void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) | ||
36807 | return; | ||
36808 | } | ||
36809 | |||
36810 | - seq = atomic_inc_return(&drbd_genl_seq); | ||
36811 | + seq = atomic_inc_return_unchecked(&drbd_genl_seq); | ||
36812 | msg = genlmsg_new(NLMSG_GOODSIZE, GFP_NOIO); | ||
36813 | if (!msg) | ||
36814 | goto failed; | ||
33666 | diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c | 36815 | diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c |
33667 | index 4222aff..1f79506 100644 | 36816 | index 4222aff..1f79506 100644 |
33668 | --- a/drivers/block/drbd/drbd_receiver.c | 36817 | --- a/drivers/block/drbd/drbd_receiver.c |
@@ -34436,10 +37585,10 @@ index 84ddc55..1d32f1e 100644 | |||
34436 | return 0; | 37585 | return 0; |
34437 | } | 37586 | } |
34438 | diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c | 37587 | diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c |
34439 | index 1b456fe..2510242 100644 | 37588 | index fc45567..fa2a590 100644 |
34440 | --- a/drivers/char/virtio_console.c | 37589 | --- a/drivers/char/virtio_console.c |
34441 | +++ b/drivers/char/virtio_console.c | 37590 | +++ b/drivers/char/virtio_console.c |
34442 | @@ -679,7 +679,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, | 37591 | @@ -682,7 +682,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, |
34443 | if (to_user) { | 37592 | if (to_user) { |
34444 | ssize_t ret; | 37593 | ssize_t ret; |
34445 | 37594 | ||
@@ -34448,7 +37597,7 @@ index 1b456fe..2510242 100644 | |||
34448 | if (ret) | 37597 | if (ret) |
34449 | return -EFAULT; | 37598 | return -EFAULT; |
34450 | } else { | 37599 | } else { |
34451 | @@ -778,7 +778,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, | 37600 | @@ -785,7 +785,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, |
34452 | if (!port_has_data(port) && !port->host_connected) | 37601 | if (!port_has_data(port) && !port->host_connected) |
34453 | return 0; | 37602 | return 0; |
34454 | 37603 | ||
@@ -34508,6 +37657,19 @@ index a2b2541..bc1e7ff 100644 | |||
34508 | .notifier_call = arch_timer_cpu_notify, | 37657 | .notifier_call = arch_timer_cpu_notify, |
34509 | }; | 37658 | }; |
34510 | 37659 | ||
37660 | diff --git a/drivers/clocksource/bcm_kona_timer.c b/drivers/clocksource/bcm_kona_timer.c | ||
37661 | index 350f493..489479e 100644 | ||
37662 | --- a/drivers/clocksource/bcm_kona_timer.c | ||
37663 | +++ b/drivers/clocksource/bcm_kona_timer.c | ||
37664 | @@ -199,7 +199,7 @@ static struct irqaction kona_timer_irq = { | ||
37665 | .handler = kona_timer_interrupt, | ||
37666 | }; | ||
37667 | |||
37668 | -static void __init kona_timer_init(void) | ||
37669 | +static void __init kona_timer_init(struct device_node *np) | ||
37670 | { | ||
37671 | kona_timers_init(); | ||
37672 | kona_timer_clockevents_init(); | ||
34511 | diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c | 37673 | diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c |
34512 | index ade7513..069445f 100644 | 37674 | index ade7513..069445f 100644 |
34513 | --- a/drivers/clocksource/metag_generic.c | 37675 | --- a/drivers/clocksource/metag_generic.c |
@@ -34574,10 +37736,10 @@ index edc089e..bc7c0bc 100644 | |||
34574 | pr_debug("CPU%u - ACPI performance management activated.\n", cpu); | 37736 | pr_debug("CPU%u - ACPI performance management activated.\n", cpu); |
34575 | for (i = 0; i < perf->state_count; i++) | 37737 | for (i = 0; i < perf->state_count; i++) |
34576 | diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c | 37738 | diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c |
34577 | index 178fe7a..5ee8501 100644 | 37739 | index 6485547..477033e 100644 |
34578 | --- a/drivers/cpufreq/cpufreq.c | 37740 | --- a/drivers/cpufreq/cpufreq.c |
34579 | +++ b/drivers/cpufreq/cpufreq.c | 37741 | +++ b/drivers/cpufreq/cpufreq.c |
34580 | @@ -1853,7 +1853,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, | 37742 | @@ -1854,7 +1854,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, |
34581 | return NOTIFY_OK; | 37743 | return NOTIFY_OK; |
34582 | } | 37744 | } |
34583 | 37745 | ||
@@ -34586,7 +37748,7 @@ index 178fe7a..5ee8501 100644 | |||
34586 | .notifier_call = cpufreq_cpu_callback, | 37748 | .notifier_call = cpufreq_cpu_callback, |
34587 | }; | 37749 | }; |
34588 | 37750 | ||
34589 | @@ -1885,8 +1885,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) | 37751 | @@ -1886,8 +1886,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) |
34590 | 37752 | ||
34591 | pr_debug("trying to register driver %s\n", driver_data->name); | 37753 | pr_debug("trying to register driver %s\n", driver_data->name); |
34592 | 37754 | ||
@@ -34601,7 +37763,7 @@ index 178fe7a..5ee8501 100644 | |||
34601 | write_lock_irqsave(&cpufreq_driver_lock, flags); | 37763 | write_lock_irqsave(&cpufreq_driver_lock, flags); |
34602 | if (cpufreq_driver) { | 37764 | if (cpufreq_driver) { |
34603 | diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c | 37765 | diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c |
34604 | index 5af40ad..ddf907b 100644 | 37766 | index a86ff72..aad2b03 100644 |
34605 | --- a/drivers/cpufreq/cpufreq_governor.c | 37767 | --- a/drivers/cpufreq/cpufreq_governor.c |
34606 | +++ b/drivers/cpufreq/cpufreq_governor.c | 37768 | +++ b/drivers/cpufreq/cpufreq_governor.c |
34607 | @@ -235,7 +235,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, | 37769 | @@ -235,7 +235,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy, |
@@ -34632,7 +37794,7 @@ index 5af40ad..ddf907b 100644 | |||
34632 | cpufreq_unregister_notifier(cs_ops->notifier_block, | 37794 | cpufreq_unregister_notifier(cs_ops->notifier_block, |
34633 | CPUFREQ_TRANSITION_NOTIFIER); | 37795 | CPUFREQ_TRANSITION_NOTIFIER); |
34634 | diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h | 37796 | diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h |
34635 | index e16a961..0e68927 100644 | 37797 | index 0d9e6be..461fd3b 100644 |
34636 | --- a/drivers/cpufreq/cpufreq_governor.h | 37798 | --- a/drivers/cpufreq/cpufreq_governor.h |
34637 | +++ b/drivers/cpufreq/cpufreq_governor.h | 37799 | +++ b/drivers/cpufreq/cpufreq_governor.h |
34638 | @@ -204,7 +204,7 @@ struct common_dbs_data { | 37800 | @@ -204,7 +204,7 @@ struct common_dbs_data { |
@@ -34645,7 +37807,7 @@ index e16a961..0e68927 100644 | |||
34645 | 37807 | ||
34646 | /* Governer Per policy data */ | 37808 | /* Governer Per policy data */ |
34647 | diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c | 37809 | diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c |
34648 | index 93eb5cb..f8ab572 100644 | 37810 | index c087347..dad6268 100644 |
34649 | --- a/drivers/cpufreq/cpufreq_ondemand.c | 37811 | --- a/drivers/cpufreq/cpufreq_ondemand.c |
34650 | +++ b/drivers/cpufreq/cpufreq_ondemand.c | 37812 | +++ b/drivers/cpufreq/cpufreq_ondemand.c |
34651 | @@ -615,14 +615,18 @@ void od_register_powersave_bias_handler(unsigned int (*f) | 37813 | @@ -615,14 +615,18 @@ void od_register_powersave_bias_handler(unsigned int (*f) |
@@ -34889,6 +38051,28 @@ index 428754a..8bdf9cc 100644 | |||
34889 | .attrs = cpuidle_default_attrs, | 38051 | .attrs = cpuidle_default_attrs, |
34890 | .name = "cpuidle", | 38052 | .name = "cpuidle", |
34891 | }; | 38053 | }; |
38054 | diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c | ||
38055 | index ebf130e..e32d8a9 100644 | ||
38056 | --- a/drivers/crypto/hifn_795x.c | ||
38057 | +++ b/drivers/crypto/hifn_795x.c | ||
38058 | @@ -51,7 +51,7 @@ module_param_string(hifn_pll_ref, hifn_pll_ref, sizeof(hifn_pll_ref), 0444); | ||
38059 | MODULE_PARM_DESC(hifn_pll_ref, | ||
38060 | "PLL reference clock (pci[freq] or ext[freq], default ext)"); | ||
38061 | |||
38062 | -static atomic_t hifn_dev_number; | ||
38063 | +static atomic_unchecked_t hifn_dev_number; | ||
38064 | |||
38065 | #define ACRYPTO_OP_DECRYPT 0 | ||
38066 | #define ACRYPTO_OP_ENCRYPT 1 | ||
38067 | @@ -2577,7 +2577,7 @@ static int hifn_probe(struct pci_dev *pdev, const struct pci_device_id *id) | ||
38068 | goto err_out_disable_pci_device; | ||
38069 | |||
38070 | snprintf(name, sizeof(name), "hifn%d", | ||
38071 | - atomic_inc_return(&hifn_dev_number)-1); | ||
38072 | + atomic_inc_return_unchecked(&hifn_dev_number)-1); | ||
38073 | |||
38074 | err = pci_request_regions(pdev, name); | ||
38075 | if (err) | ||
34892 | diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c | 38076 | diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c |
34893 | index 3b36797..db0b0c0 100644 | 38077 | index 3b36797..db0b0c0 100644 |
34894 | --- a/drivers/devfreq/devfreq.c | 38078 | --- a/drivers/devfreq/devfreq.c |
@@ -34933,6 +38117,22 @@ index b70709b..1d8d02a 100644 | |||
34933 | .notifier_call = sh_dmae_nmi_handler, | 38117 | .notifier_call = sh_dmae_nmi_handler, |
34934 | 38118 | ||
34935 | /* Run before NMI debug handler and KGDB */ | 38119 | /* Run before NMI debug handler and KGDB */ |
38120 | diff --git a/drivers/edac/edac_device.c b/drivers/edac/edac_device.c | ||
38121 | index 211021d..201d47f 100644 | ||
38122 | --- a/drivers/edac/edac_device.c | ||
38123 | +++ b/drivers/edac/edac_device.c | ||
38124 | @@ -474,9 +474,9 @@ void edac_device_reset_delay_period(struct edac_device_ctl_info *edac_dev, | ||
38125 | */ | ||
38126 | int edac_device_alloc_index(void) | ||
38127 | { | ||
38128 | - static atomic_t device_indexes = ATOMIC_INIT(0); | ||
38129 | + static atomic_unchecked_t device_indexes = ATOMIC_INIT(0); | ||
38130 | |||
38131 | - return atomic_inc_return(&device_indexes) - 1; | ||
38132 | + return atomic_inc_return_unchecked(&device_indexes) - 1; | ||
38133 | } | ||
38134 | EXPORT_SYMBOL_GPL(edac_device_alloc_index); | ||
38135 | |||
34936 | diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c | 38136 | diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c |
34937 | index c4d700a..0b57abd 100644 | 38137 | index c4d700a..0b57abd 100644 |
34938 | --- a/drivers/edac/edac_mc_sysfs.c | 38138 | --- a/drivers/edac/edac_mc_sysfs.c |
@@ -34967,6 +38167,28 @@ index c4d700a..0b57abd 100644 | |||
34967 | err = device_create_file(&mci->dev, | 38167 | err = device_create_file(&mci->dev, |
34968 | &dev_attr_sdram_scrub_rate); | 38168 | &dev_attr_sdram_scrub_rate); |
34969 | if (err) { | 38169 | if (err) { |
38170 | diff --git a/drivers/edac/edac_pci.c b/drivers/edac/edac_pci.c | ||
38171 | index dd370f9..0281629 100644 | ||
38172 | --- a/drivers/edac/edac_pci.c | ||
38173 | +++ b/drivers/edac/edac_pci.c | ||
38174 | @@ -29,7 +29,7 @@ | ||
38175 | |||
38176 | static DEFINE_MUTEX(edac_pci_ctls_mutex); | ||
38177 | static LIST_HEAD(edac_pci_list); | ||
38178 | -static atomic_t pci_indexes = ATOMIC_INIT(0); | ||
38179 | +static atomic_unchecked_t pci_indexes = ATOMIC_INIT(0); | ||
38180 | |||
38181 | /* | ||
38182 | * edac_pci_alloc_ctl_info | ||
38183 | @@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(edac_pci_reset_delay_period); | ||
38184 | */ | ||
38185 | int edac_pci_alloc_index(void) | ||
38186 | { | ||
38187 | - return atomic_inc_return(&pci_indexes) - 1; | ||
38188 | + return atomic_inc_return_unchecked(&pci_indexes) - 1; | ||
38189 | } | ||
38190 | EXPORT_SYMBOL_GPL(edac_pci_alloc_index); | ||
38191 | |||
34970 | diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c | 38192 | diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c |
34971 | index e8658e4..22746d6 100644 | 38193 | index e8658e4..22746d6 100644 |
34972 | --- a/drivers/edac/edac_pci_sysfs.c | 38194 | --- a/drivers/edac/edac_pci_sysfs.c |
@@ -35077,9 +38299,21 @@ index 51b7e3a..aa8a3e8 100644 | |||
35077 | void amd_report_gart_errors(bool); | 38299 | void amd_report_gart_errors(bool); |
35078 | void amd_register_ecc_decoder(void (*f)(int, struct mce *)); | 38300 | void amd_register_ecc_decoder(void (*f)(int, struct mce *)); |
35079 | diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c | 38301 | diff --git a/drivers/firewire/core-card.c b/drivers/firewire/core-card.c |
35080 | index 57ea7f4..789e3c3 100644 | 38302 | index 57ea7f4..af06b76 100644 |
35081 | --- a/drivers/firewire/core-card.c | 38303 | --- a/drivers/firewire/core-card.c |
35082 | +++ b/drivers/firewire/core-card.c | 38304 | +++ b/drivers/firewire/core-card.c |
38305 | @@ -528,9 +528,9 @@ void fw_card_initialize(struct fw_card *card, | ||
38306 | const struct fw_card_driver *driver, | ||
38307 | struct device *device) | ||
38308 | { | ||
38309 | - static atomic_t index = ATOMIC_INIT(-1); | ||
38310 | + static atomic_unchecked_t index = ATOMIC_INIT(-1); | ||
38311 | |||
38312 | - card->index = atomic_inc_return(&index); | ||
38313 | + card->index = atomic_inc_return_unchecked(&index); | ||
38314 | card->driver = driver; | ||
38315 | card->device = device; | ||
38316 | card->current_tlabel = 0; | ||
35083 | @@ -680,7 +680,7 @@ EXPORT_SYMBOL_GPL(fw_card_release); | 38317 | @@ -680,7 +680,7 @@ EXPORT_SYMBOL_GPL(fw_card_release); |
35084 | 38318 | ||
35085 | void fw_core_remove_card(struct fw_card *card) | 38319 | void fw_core_remove_card(struct fw_card *card) |
@@ -35634,7 +38868,7 @@ index e913d32..4d9b351 100644 | |||
35634 | if (IS_GEN6(dev) || IS_GEN7(dev)) { | 38868 | if (IS_GEN6(dev) || IS_GEN7(dev)) { |
35635 | seq_printf(m, | 38869 | seq_printf(m, |
35636 | diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c | 38870 | diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c |
35637 | index f968590..19115e35 100644 | 38871 | index 17d9b0b..860e6d9 100644 |
35638 | --- a/drivers/gpu/drm/i915/i915_dma.c | 38872 | --- a/drivers/gpu/drm/i915/i915_dma.c |
35639 | +++ b/drivers/gpu/drm/i915/i915_dma.c | 38873 | +++ b/drivers/gpu/drm/i915/i915_dma.c |
35640 | @@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) | 38874 | @@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) |
@@ -35823,10 +39057,10 @@ index e5e32869..1678f36 100644 | |||
35823 | iir = I915_READ(IIR); | 39057 | iir = I915_READ(IIR); |
35824 | 39058 | ||
35825 | diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c | 39059 | diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c |
35826 | index e1f4e6e..c94a4b3 100644 | 39060 | index eea5982..eeef407 100644 |
35827 | --- a/drivers/gpu/drm/i915/intel_display.c | 39061 | --- a/drivers/gpu/drm/i915/intel_display.c |
35828 | +++ b/drivers/gpu/drm/i915/intel_display.c | 39062 | +++ b/drivers/gpu/drm/i915/intel_display.c |
35829 | @@ -8933,13 +8933,13 @@ struct intel_quirk { | 39063 | @@ -8935,13 +8935,13 @@ struct intel_quirk { |
35830 | int subsystem_vendor; | 39064 | int subsystem_vendor; |
35831 | int subsystem_device; | 39065 | int subsystem_device; |
35832 | void (*hook)(struct drm_device *dev); | 39066 | void (*hook)(struct drm_device *dev); |
@@ -35842,7 +39076,7 @@ index e1f4e6e..c94a4b3 100644 | |||
35842 | 39076 | ||
35843 | static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) | 39077 | static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
35844 | { | 39078 | { |
35845 | @@ -8947,18 +8947,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) | 39079 | @@ -8949,18 +8949,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) |
35846 | return 1; | 39080 | return 1; |
35847 | } | 39081 | } |
35848 | 39082 | ||
@@ -36722,10 +39956,112 @@ index 8c04943..4370ed9 100644 | |||
36722 | err = drm_debugfs_create_files(dc->debugfs_files, | 39956 | err = drm_debugfs_create_files(dc->debugfs_files, |
36723 | ARRAY_SIZE(debugfs_files), | 39957 | ARRAY_SIZE(debugfs_files), |
36724 | diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c | 39958 | diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c |
36725 | index 402f486..f862d7e 100644 | 39959 | index 402f486..5340852 100644 |
36726 | --- a/drivers/hid/hid-core.c | 39960 | --- a/drivers/hid/hid-core.c |
36727 | +++ b/drivers/hid/hid-core.c | 39961 | +++ b/drivers/hid/hid-core.c |
36728 | @@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); | 39962 | @@ -63,6 +63,8 @@ struct hid_report *hid_register_report(struct hid_device *device, unsigned type, |
39963 | struct hid_report_enum *report_enum = device->report_enum + type; | ||
39964 | struct hid_report *report; | ||
39965 | |||
39966 | + if (id >= HID_MAX_IDS) | ||
39967 | + return NULL; | ||
39968 | if (report_enum->report_id_hash[id]) | ||
39969 | return report_enum->report_id_hash[id]; | ||
39970 | |||
39971 | @@ -404,8 +406,10 @@ static int hid_parser_global(struct hid_parser *parser, struct hid_item *item) | ||
39972 | |||
39973 | case HID_GLOBAL_ITEM_TAG_REPORT_ID: | ||
39974 | parser->global.report_id = item_udata(item); | ||
39975 | - if (parser->global.report_id == 0) { | ||
39976 | - hid_err(parser->device, "report_id 0 is invalid\n"); | ||
39977 | + if (parser->global.report_id == 0 || | ||
39978 | + parser->global.report_id >= HID_MAX_IDS) { | ||
39979 | + hid_err(parser->device, "report_id %u is invalid\n", | ||
39980 | + parser->global.report_id); | ||
39981 | return -1; | ||
39982 | } | ||
39983 | return 0; | ||
39984 | @@ -575,7 +579,7 @@ static void hid_close_report(struct hid_device *device) | ||
39985 | for (i = 0; i < HID_REPORT_TYPES; i++) { | ||
39986 | struct hid_report_enum *report_enum = device->report_enum + i; | ||
39987 | |||
39988 | - for (j = 0; j < 256; j++) { | ||
39989 | + for (j = 0; j < HID_MAX_IDS; j++) { | ||
39990 | struct hid_report *report = report_enum->report_id_hash[j]; | ||
39991 | if (report) | ||
39992 | hid_free_report(report); | ||
39993 | @@ -755,6 +759,56 @@ int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size) | ||
39994 | } | ||
39995 | EXPORT_SYMBOL_GPL(hid_parse_report); | ||
39996 | |||
39997 | +static const char * const hid_report_names[] = { | ||
39998 | + "HID_INPUT_REPORT", | ||
39999 | + "HID_OUTPUT_REPORT", | ||
40000 | + "HID_FEATURE_REPORT", | ||
40001 | +}; | ||
40002 | +/** | ||
40003 | + * hid_validate_report - validate existing device report | ||
40004 | + * | ||
40005 | + * @device: hid device | ||
40006 | + * @type: which report type to examine | ||
40007 | + * @id: which report ID to examine (0 for first) | ||
40008 | + * @fields: expected number of fields | ||
40009 | + * @report_counts: expected number of values per field | ||
40010 | + * | ||
40011 | + * Validate the report details after parsing. | ||
40012 | + */ | ||
40013 | +struct hid_report *hid_validate_report(struct hid_device *hid, | ||
40014 | + unsigned int type, unsigned int id, | ||
40015 | + unsigned int fields, | ||
40016 | + unsigned int report_counts) | ||
40017 | +{ | ||
40018 | + struct hid_report *report; | ||
40019 | + unsigned int i; | ||
40020 | + | ||
40021 | + if (type > HID_FEATURE_REPORT) { | ||
40022 | + hid_err(hid, "invalid HID report %u\n", type); | ||
40023 | + return NULL; | ||
40024 | + } | ||
40025 | + | ||
40026 | + report = hid->report_enum[type].report_id_hash[id]; | ||
40027 | + if (!report) { | ||
40028 | + hid_err(hid, "missing %s %u\n", hid_report_names[type], id); | ||
40029 | + return NULL; | ||
40030 | + } | ||
40031 | + if (report->maxfield < fields) { | ||
40032 | + hid_err(hid, "not enough fields in %s %u\n", | ||
40033 | + hid_report_names[type], id); | ||
40034 | + return NULL; | ||
40035 | + } | ||
40036 | + for (i = 0; i < fields; i++) { | ||
40037 | + if (report->field[i]->report_count < report_counts) { | ||
40038 | + hid_err(hid, "not enough values in %s %u fields\n", | ||
40039 | + hid_report_names[type], id); | ||
40040 | + return NULL; | ||
40041 | + } | ||
40042 | + } | ||
40043 | + return report; | ||
40044 | +} | ||
40045 | +EXPORT_SYMBOL_GPL(hid_validate_report); | ||
40046 | + | ||
40047 | /** | ||
40048 | * hid_open_report - open a driver-specific device report | ||
40049 | * | ||
40050 | @@ -1152,7 +1206,12 @@ EXPORT_SYMBOL_GPL(hid_output_report); | ||
40051 | |||
40052 | int hid_set_field(struct hid_field *field, unsigned offset, __s32 value) | ||
40053 | { | ||
40054 | - unsigned size = field->report_size; | ||
40055 | + unsigned size; | ||
40056 | + | ||
40057 | + if (!field) | ||
40058 | + return -1; | ||
40059 | + | ||
40060 | + size = field->report_size; | ||
40061 | |||
40062 | hid_dump_input(field->report->device, field->usage + offset, value); | ||
40063 | |||
40064 | @@ -2275,7 +2334,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); | ||
36729 | 40065 | ||
36730 | int hid_add_device(struct hid_device *hdev) | 40066 | int hid_add_device(struct hid_device *hdev) |
36731 | { | 40067 | { |
@@ -36734,7 +40070,7 @@ index 402f486..f862d7e 100644 | |||
36734 | int ret; | 40070 | int ret; |
36735 | 40071 | ||
36736 | if (WARN_ON(hdev->status & HID_STAT_ADDED)) | 40072 | if (WARN_ON(hdev->status & HID_STAT_ADDED)) |
36737 | @@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev) | 40073 | @@ -2309,7 +2368,7 @@ int hid_add_device(struct hid_device *hdev) |
36738 | /* XXX hack, any other cleaner solution after the driver core | 40074 | /* XXX hack, any other cleaner solution after the driver core |
36739 | * is converted to allow more than 20 bytes as the device name? */ | 40075 | * is converted to allow more than 20 bytes as the device name? */ |
36740 | dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, | 40076 | dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, |
@@ -36743,6 +40079,349 @@ index 402f486..f862d7e 100644 | |||
36743 | 40079 | ||
36744 | hid_debug_register(hdev, dev_name(&hdev->dev)); | 40080 | hid_debug_register(hdev, dev_name(&hdev->dev)); |
36745 | ret = device_add(&hdev->dev); | 40081 | ret = device_add(&hdev->dev); |
40082 | diff --git a/drivers/hid/hid-lenovo-tpkbd.c b/drivers/hid/hid-lenovo-tpkbd.c | ||
40083 | index 07837f5..b697ada 100644 | ||
40084 | --- a/drivers/hid/hid-lenovo-tpkbd.c | ||
40085 | +++ b/drivers/hid/hid-lenovo-tpkbd.c | ||
40086 | @@ -341,6 +341,11 @@ static int tpkbd_probe_tp(struct hid_device *hdev) | ||
40087 | char *name_mute, *name_micmute; | ||
40088 | int ret; | ||
40089 | |||
40090 | + /* Validate required reports. */ | ||
40091 | + if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 4, 4, 1) || | ||
40092 | + !hid_validate_report(hdev, HID_OUTPUT_REPORT, 3, 1, 2)) | ||
40093 | + return -ENODEV; | ||
40094 | + | ||
40095 | if (sysfs_create_group(&hdev->dev.kobj, | ||
40096 | &tpkbd_attr_group_pointer)) { | ||
40097 | hid_warn(hdev, "Could not create sysfs group\n"); | ||
40098 | diff --git a/drivers/hid/hid-lg2ff.c b/drivers/hid/hid-lg2ff.c | ||
40099 | index b3cd150..9805197 100644 | ||
40100 | --- a/drivers/hid/hid-lg2ff.c | ||
40101 | +++ b/drivers/hid/hid-lg2ff.c | ||
40102 | @@ -64,26 +64,13 @@ int lg2ff_init(struct hid_device *hid) | ||
40103 | struct hid_report *report; | ||
40104 | struct hid_input *hidinput = list_entry(hid->inputs.next, | ||
40105 | struct hid_input, list); | ||
40106 | - struct list_head *report_list = | ||
40107 | - &hid->report_enum[HID_OUTPUT_REPORT].report_list; | ||
40108 | struct input_dev *dev = hidinput->input; | ||
40109 | int error; | ||
40110 | |||
40111 | - if (list_empty(report_list)) { | ||
40112 | - hid_err(hid, "no output report found\n"); | ||
40113 | + /* Check that the report looks ok */ | ||
40114 | + report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7); | ||
40115 | + if (!report) | ||
40116 | return -ENODEV; | ||
40117 | - } | ||
40118 | - | ||
40119 | - report = list_entry(report_list->next, struct hid_report, list); | ||
40120 | - | ||
40121 | - if (report->maxfield < 1) { | ||
40122 | - hid_err(hid, "output report is empty\n"); | ||
40123 | - return -ENODEV; | ||
40124 | - } | ||
40125 | - if (report->field[0]->report_count < 7) { | ||
40126 | - hid_err(hid, "not enough values in the field\n"); | ||
40127 | - return -ENODEV; | ||
40128 | - } | ||
40129 | |||
40130 | lg2ff = kmalloc(sizeof(struct lg2ff_device), GFP_KERNEL); | ||
40131 | if (!lg2ff) | ||
40132 | diff --git a/drivers/hid/hid-lg3ff.c b/drivers/hid/hid-lg3ff.c | ||
40133 | index e52f181..53ac79b 100644 | ||
40134 | --- a/drivers/hid/hid-lg3ff.c | ||
40135 | +++ b/drivers/hid/hid-lg3ff.c | ||
40136 | @@ -66,10 +66,11 @@ static int hid_lg3ff_play(struct input_dev *dev, void *data, | ||
40137 | int x, y; | ||
40138 | |||
40139 | /* | ||
40140 | - * Maxusage should always be 63 (maximum fields) | ||
40141 | - * likely a better way to ensure this data is clean | ||
40142 | + * Available values in the field should always be 63, but we only use up to | ||
40143 | + * 35. Instead, clear the entire area, however big it is. | ||
40144 | */ | ||
40145 | - memset(report->field[0]->value, 0, sizeof(__s32)*report->field[0]->maxusage); | ||
40146 | + memset(report->field[0]->value, 0, | ||
40147 | + sizeof(__s32) * report->field[0]->report_count); | ||
40148 | |||
40149 | switch (effect->type) { | ||
40150 | case FF_CONSTANT: | ||
40151 | @@ -129,32 +130,14 @@ static const signed short ff3_joystick_ac[] = { | ||
40152 | int lg3ff_init(struct hid_device *hid) | ||
40153 | { | ||
40154 | struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); | ||
40155 | - struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; | ||
40156 | struct input_dev *dev = hidinput->input; | ||
40157 | - struct hid_report *report; | ||
40158 | - struct hid_field *field; | ||
40159 | const signed short *ff_bits = ff3_joystick_ac; | ||
40160 | int error; | ||
40161 | int i; | ||
40162 | |||
40163 | - /* Find the report to use */ | ||
40164 | - if (list_empty(report_list)) { | ||
40165 | - hid_err(hid, "No output report found\n"); | ||
40166 | - return -1; | ||
40167 | - } | ||
40168 | - | ||
40169 | /* Check that the report looks ok */ | ||
40170 | - report = list_entry(report_list->next, struct hid_report, list); | ||
40171 | - if (!report) { | ||
40172 | - hid_err(hid, "NULL output report\n"); | ||
40173 | - return -1; | ||
40174 | - } | ||
40175 | - | ||
40176 | - field = report->field[0]; | ||
40177 | - if (!field) { | ||
40178 | - hid_err(hid, "NULL field\n"); | ||
40179 | - return -1; | ||
40180 | - } | ||
40181 | + if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 35)) | ||
40182 | + return -ENODEV; | ||
40183 | |||
40184 | /* Assume single fixed device G940 */ | ||
40185 | for (i = 0; ff_bits[i] >= 0; i++) | ||
40186 | diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c | ||
40187 | index 0ddae2a..8b89f0f 100644 | ||
40188 | --- a/drivers/hid/hid-lg4ff.c | ||
40189 | +++ b/drivers/hid/hid-lg4ff.c | ||
40190 | @@ -484,34 +484,16 @@ static enum led_brightness lg4ff_led_get_brightness(struct led_classdev *led_cde | ||
40191 | int lg4ff_init(struct hid_device *hid) | ||
40192 | { | ||
40193 | struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); | ||
40194 | - struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; | ||
40195 | struct input_dev *dev = hidinput->input; | ||
40196 | - struct hid_report *report; | ||
40197 | - struct hid_field *field; | ||
40198 | struct lg4ff_device_entry *entry; | ||
40199 | struct lg_drv_data *drv_data; | ||
40200 | struct usb_device_descriptor *udesc; | ||
40201 | int error, i, j; | ||
40202 | __u16 bcdDevice, rev_maj, rev_min; | ||
40203 | |||
40204 | - /* Find the report to use */ | ||
40205 | - if (list_empty(report_list)) { | ||
40206 | - hid_err(hid, "No output report found\n"); | ||
40207 | - return -1; | ||
40208 | - } | ||
40209 | - | ||
40210 | /* Check that the report looks ok */ | ||
40211 | - report = list_entry(report_list->next, struct hid_report, list); | ||
40212 | - if (!report) { | ||
40213 | - hid_err(hid, "NULL output report\n"); | ||
40214 | + if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) | ||
40215 | return -1; | ||
40216 | - } | ||
40217 | - | ||
40218 | - field = report->field[0]; | ||
40219 | - if (!field) { | ||
40220 | - hid_err(hid, "NULL field\n"); | ||
40221 | - return -1; | ||
40222 | - } | ||
40223 | |||
40224 | /* Check what wheel has been connected */ | ||
40225 | for (i = 0; i < ARRAY_SIZE(lg4ff_devices); i++) { | ||
40226 | diff --git a/drivers/hid/hid-lgff.c b/drivers/hid/hid-lgff.c | ||
40227 | index d7ea8c8..a84fb40 100644 | ||
40228 | --- a/drivers/hid/hid-lgff.c | ||
40229 | +++ b/drivers/hid/hid-lgff.c | ||
40230 | @@ -128,27 +128,14 @@ static void hid_lgff_set_autocenter(struct input_dev *dev, u16 magnitude) | ||
40231 | int lgff_init(struct hid_device* hid) | ||
40232 | { | ||
40233 | struct hid_input *hidinput = list_entry(hid->inputs.next, struct hid_input, list); | ||
40234 | - struct list_head *report_list = &hid->report_enum[HID_OUTPUT_REPORT].report_list; | ||
40235 | struct input_dev *dev = hidinput->input; | ||
40236 | - struct hid_report *report; | ||
40237 | - struct hid_field *field; | ||
40238 | const signed short *ff_bits = ff_joystick; | ||
40239 | int error; | ||
40240 | int i; | ||
40241 | |||
40242 | - /* Find the report to use */ | ||
40243 | - if (list_empty(report_list)) { | ||
40244 | - hid_err(hid, "No output report found\n"); | ||
40245 | - return -1; | ||
40246 | - } | ||
40247 | - | ||
40248 | /* Check that the report looks ok */ | ||
40249 | - report = list_entry(report_list->next, struct hid_report, list); | ||
40250 | - field = report->field[0]; | ||
40251 | - if (!field) { | ||
40252 | - hid_err(hid, "NULL field\n"); | ||
40253 | - return -1; | ||
40254 | - } | ||
40255 | + if (!hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 1, 7)) | ||
40256 | + return -ENODEV; | ||
40257 | |||
40258 | for (i = 0; i < ARRAY_SIZE(devices); i++) { | ||
40259 | if (dev->id.vendor == devices[i].idVendor && | ||
40260 | diff --git a/drivers/hid/hid-logitech-dj.c b/drivers/hid/hid-logitech-dj.c | ||
40261 | index 5207591a..6c9197f 100644 | ||
40262 | --- a/drivers/hid/hid-logitech-dj.c | ||
40263 | +++ b/drivers/hid/hid-logitech-dj.c | ||
40264 | @@ -421,7 +421,7 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev, | ||
40265 | struct hid_report *report; | ||
40266 | struct hid_report_enum *output_report_enum; | ||
40267 | u8 *data = (u8 *)(&dj_report->device_index); | ||
40268 | - int i; | ||
40269 | + unsigned int i, length; | ||
40270 | |||
40271 | output_report_enum = &hdev->report_enum[HID_OUTPUT_REPORT]; | ||
40272 | report = output_report_enum->report_id_hash[REPORT_ID_DJ_SHORT]; | ||
40273 | @@ -431,7 +431,9 @@ static int logi_dj_recv_send_report(struct dj_receiver_dev *djrcv_dev, | ||
40274 | return -ENODEV; | ||
40275 | } | ||
40276 | |||
40277 | - for (i = 0; i < report->field[0]->report_count; i++) | ||
40278 | + length = min_t(size_t, sizeof(*dj_report) - 1, | ||
40279 | + report->field[0]->report_count); | ||
40280 | + for (i = 0; i < length; i++) | ||
40281 | report->field[0]->value[i] = data[i]; | ||
40282 | |||
40283 | hid_hw_request(hdev, report, HID_REQ_SET_REPORT); | ||
40284 | @@ -738,6 +740,12 @@ static int logi_dj_probe(struct hid_device *hdev, | ||
40285 | goto hid_parse_fail; | ||
40286 | } | ||
40287 | |||
40288 | + if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, REPORT_ID_DJ_SHORT, | ||
40289 | + 1, 3)) { | ||
40290 | + retval = -ENODEV; | ||
40291 | + goto hid_parse_fail; | ||
40292 | + } | ||
40293 | + | ||
40294 | /* Starts the usb device and connects to upper interfaces hiddev and | ||
40295 | * hidraw */ | ||
40296 | retval = hid_hw_start(hdev, HID_CONNECT_DEFAULT); | ||
40297 | diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c | ||
40298 | index d39a5ce..4892dfc 100644 | ||
40299 | --- a/drivers/hid/hid-multitouch.c | ||
40300 | +++ b/drivers/hid/hid-multitouch.c | ||
40301 | @@ -330,9 +330,18 @@ static void mt_feature_mapping(struct hid_device *hdev, | ||
40302 | break; | ||
40303 | } | ||
40304 | } | ||
40305 | + /* Ignore if value index is out of bounds. */ | ||
40306 | + if (td->inputmode_index < 0 || | ||
40307 | + td->inputmode_index >= field->report_count) { | ||
40308 | + dev_err(&hdev->dev, "HID_DG_INPUTMODE out of range\n"); | ||
40309 | + td->inputmode = -1; | ||
40310 | + } | ||
40311 | |||
40312 | break; | ||
40313 | case HID_DG_CONTACTMAX: | ||
40314 | + /* Ignore if value count is out of bounds. */ | ||
40315 | + if (field->report_count < 1) | ||
40316 | + break; | ||
40317 | td->maxcontact_report_id = field->report->id; | ||
40318 | td->maxcontacts = field->value[0]; | ||
40319 | if (!td->maxcontacts && | ||
40320 | @@ -743,15 +752,21 @@ static void mt_touch_report(struct hid_device *hid, struct hid_report *report) | ||
40321 | unsigned count; | ||
40322 | int r, n; | ||
40323 | |||
40324 | + if (report->maxfield == 0) | ||
40325 | + return; | ||
40326 | + | ||
40327 | /* | ||
40328 | * Includes multi-packet support where subsequent | ||
40329 | * packets are sent with zero contactcount. | ||
40330 | */ | ||
40331 | - if (td->cc_index >= 0) { | ||
40332 | - struct hid_field *field = report->field[td->cc_index]; | ||
40333 | - int value = field->value[td->cc_value_index]; | ||
40334 | - if (value) | ||
40335 | - td->num_expected = value; | ||
40336 | + if (td->cc_index >= 0 && td->cc_index < report->maxfield) { | ||
40337 | + field = report->field[td->cc_index]; | ||
40338 | + if (td->cc_value_index >= 0 && | ||
40339 | + td->cc_value_index < field->report_count) { | ||
40340 | + int value = field->value[td->cc_value_index]; | ||
40341 | + if (value) | ||
40342 | + td->num_expected = value; | ||
40343 | + } | ||
40344 | } | ||
40345 | |||
40346 | for (r = 0; r < report->maxfield; r++) { | ||
40347 | diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c | ||
40348 | index ef95102..5482156 100644 | ||
40349 | --- a/drivers/hid/hid-ntrig.c | ||
40350 | +++ b/drivers/hid/hid-ntrig.c | ||
40351 | @@ -115,7 +115,8 @@ static inline int ntrig_get_mode(struct hid_device *hdev) | ||
40352 | struct hid_report *report = hdev->report_enum[HID_FEATURE_REPORT]. | ||
40353 | report_id_hash[0x0d]; | ||
40354 | |||
40355 | - if (!report) | ||
40356 | + if (!report || report->maxfield < 1 || | ||
40357 | + report->field[0]->report_count < 1) | ||
40358 | return -EINVAL; | ||
40359 | |||
40360 | hid_hw_request(hdev, report, HID_REQ_GET_REPORT); | ||
40361 | diff --git a/drivers/hid/hid-picolcd_core.c b/drivers/hid/hid-picolcd_core.c | ||
40362 | index b48092d..72bba1e 100644 | ||
40363 | --- a/drivers/hid/hid-picolcd_core.c | ||
40364 | +++ b/drivers/hid/hid-picolcd_core.c | ||
40365 | @@ -290,7 +290,7 @@ static ssize_t picolcd_operation_mode_store(struct device *dev, | ||
40366 | buf += 10; | ||
40367 | cnt -= 10; | ||
40368 | } | ||
40369 | - if (!report) | ||
40370 | + if (!report || report->maxfield < 1) | ||
40371 | return -EINVAL; | ||
40372 | |||
40373 | while (cnt > 0 && (buf[cnt-1] == '\n' || buf[cnt-1] == '\r')) | ||
40374 | diff --git a/drivers/hid/hid-pl.c b/drivers/hid/hid-pl.c | ||
40375 | index d29112f..2dcd7d9 100644 | ||
40376 | --- a/drivers/hid/hid-pl.c | ||
40377 | +++ b/drivers/hid/hid-pl.c | ||
40378 | @@ -132,8 +132,14 @@ static int plff_init(struct hid_device *hid) | ||
40379 | strong = &report->field[0]->value[2]; | ||
40380 | weak = &report->field[0]->value[3]; | ||
40381 | debug("detected single-field device"); | ||
40382 | - } else if (report->maxfield >= 4 && report->field[0]->maxusage == 1 && | ||
40383 | - report->field[0]->usage[0].hid == (HID_UP_LED | 0x43)) { | ||
40384 | + } else if (report->field[0]->maxusage == 1 && | ||
40385 | + report->field[0]->usage[0].hid == | ||
40386 | + (HID_UP_LED | 0x43) && | ||
40387 | + report->maxfield >= 4 && | ||
40388 | + report->field[0]->report_count >= 1 && | ||
40389 | + report->field[1]->report_count >= 1 && | ||
40390 | + report->field[2]->report_count >= 1 && | ||
40391 | + report->field[3]->report_count >= 1) { | ||
40392 | report->field[0]->value[0] = 0x00; | ||
40393 | report->field[1]->value[0] = 0x00; | ||
40394 | strong = &report->field[2]->value[0]; | ||
40395 | diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c | ||
40396 | index ca749810..aa34755 100644 | ||
40397 | --- a/drivers/hid/hid-sensor-hub.c | ||
40398 | +++ b/drivers/hid/hid-sensor-hub.c | ||
40399 | @@ -221,7 +221,8 @@ int sensor_hub_get_feature(struct hid_sensor_hub_device *hsdev, u32 report_id, | ||
40400 | |||
40401 | mutex_lock(&data->mutex); | ||
40402 | report = sensor_hub_report(report_id, hsdev->hdev, HID_FEATURE_REPORT); | ||
40403 | - if (!report || (field_index >= report->maxfield)) { | ||
40404 | + if (!report || (field_index >= report->maxfield) || | ||
40405 | + report->field[field_index]->report_count < 1) { | ||
40406 | ret = -EINVAL; | ||
40407 | goto done_proc; | ||
40408 | } | ||
40409 | diff --git a/drivers/hid/hid-steelseries.c b/drivers/hid/hid-steelseries.c | ||
40410 | index d164911..ef42e86 100644 | ||
40411 | --- a/drivers/hid/hid-steelseries.c | ||
40412 | +++ b/drivers/hid/hid-steelseries.c | ||
40413 | @@ -249,6 +249,11 @@ static int steelseries_srws1_probe(struct hid_device *hdev, | ||
40414 | goto err_free; | ||
40415 | } | ||
40416 | |||
40417 | + if (!hid_validate_report(hdev, HID_OUTPUT_REPORT, 0, 1, 16)) { | ||
40418 | + ret = -ENODEV; | ||
40419 | + goto err_free; | ||
40420 | + } | ||
40421 | + | ||
40422 | ret = hid_hw_start(hdev, HID_CONNECT_DEFAULT); | ||
40423 | if (ret) { | ||
40424 | hid_err(hdev, "hw start failed\n"); | ||
36746 | diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c | 40425 | diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c |
36747 | index 90124ff..3761764 100644 | 40426 | index 90124ff..3761764 100644 |
36748 | --- a/drivers/hid/hid-wiimote-debug.c | 40427 | --- a/drivers/hid/hid-wiimote-debug.c |
@@ -36756,6 +40435,66 @@ index 90124ff..3761764 100644 | |||
36756 | return -EFAULT; | 40435 | return -EFAULT; |
36757 | 40436 | ||
36758 | *off += size; | 40437 | *off += size; |
40438 | diff --git a/drivers/hid/hid-zpff.c b/drivers/hid/hid-zpff.c | ||
40439 | index 6ec28a3..b124991 100644 | ||
40440 | --- a/drivers/hid/hid-zpff.c | ||
40441 | +++ b/drivers/hid/hid-zpff.c | ||
40442 | @@ -68,22 +68,12 @@ static int zpff_init(struct hid_device *hid) | ||
40443 | struct hid_report *report; | ||
40444 | struct hid_input *hidinput = list_entry(hid->inputs.next, | ||
40445 | struct hid_input, list); | ||
40446 | - struct list_head *report_list = | ||
40447 | - &hid->report_enum[HID_OUTPUT_REPORT].report_list; | ||
40448 | struct input_dev *dev = hidinput->input; | ||
40449 | int error; | ||
40450 | |||
40451 | - if (list_empty(report_list)) { | ||
40452 | - hid_err(hid, "no output report found\n"); | ||
40453 | + report = hid_validate_report(hid, HID_OUTPUT_REPORT, 0, 4, 1); | ||
40454 | + if (!report) | ||
40455 | return -ENODEV; | ||
40456 | - } | ||
40457 | - | ||
40458 | - report = list_entry(report_list->next, struct hid_report, list); | ||
40459 | - | ||
40460 | - if (report->maxfield < 4) { | ||
40461 | - hid_err(hid, "not enough fields in report\n"); | ||
40462 | - return -ENODEV; | ||
40463 | - } | ||
40464 | |||
40465 | zpff = kzalloc(sizeof(struct zpff_device), GFP_KERNEL); | ||
40466 | if (!zpff) | ||
40467 | diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c | ||
40468 | index fc307e0..2b255e8 100644 | ||
40469 | --- a/drivers/hid/uhid.c | ||
40470 | +++ b/drivers/hid/uhid.c | ||
40471 | @@ -47,7 +47,7 @@ struct uhid_device { | ||
40472 | struct mutex report_lock; | ||
40473 | wait_queue_head_t report_wait; | ||
40474 | atomic_t report_done; | ||
40475 | - atomic_t report_id; | ||
40476 | + atomic_unchecked_t report_id; | ||
40477 | struct uhid_event report_buf; | ||
40478 | }; | ||
40479 | |||
40480 | @@ -187,7 +187,7 @@ static int uhid_hid_get_raw(struct hid_device *hid, unsigned char rnum, | ||
40481 | |||
40482 | spin_lock_irqsave(&uhid->qlock, flags); | ||
40483 | ev->type = UHID_FEATURE; | ||
40484 | - ev->u.feature.id = atomic_inc_return(&uhid->report_id); | ||
40485 | + ev->u.feature.id = atomic_inc_return_unchecked(&uhid->report_id); | ||
40486 | ev->u.feature.rnum = rnum; | ||
40487 | ev->u.feature.rtype = report_type; | ||
40488 | |||
40489 | @@ -471,7 +471,7 @@ static int uhid_dev_feature_answer(struct uhid_device *uhid, | ||
40490 | spin_lock_irqsave(&uhid->qlock, flags); | ||
40491 | |||
40492 | /* id for old report; drop it silently */ | ||
40493 | - if (atomic_read(&uhid->report_id) != ev->u.feature_answer.id) | ||
40494 | + if (atomic_read_unchecked(&uhid->report_id) != ev->u.feature_answer.id) | ||
40495 | goto unlock; | ||
40496 | if (atomic_read(&uhid->report_done)) | ||
40497 | goto unlock; | ||
36759 | diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c | 40498 | diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
36760 | index 0b122f8..b1d8160 100644 | 40499 | index 0b122f8..b1d8160 100644 |
36761 | --- a/drivers/hv/channel.c | 40500 | --- a/drivers/hv/channel.c |
@@ -36784,6 +40523,91 @@ index ae49237..380d4c9 100644 | |||
36784 | 40523 | ||
36785 | __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), | 40524 | __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), |
36786 | "=a"(hv_status_lo) : "d" (control_hi), | 40525 | "=a"(hv_status_lo) : "d" (control_hi), |
40526 | diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c | ||
40527 | index deb5c25..ed2d4fd 100644 | ||
40528 | --- a/drivers/hv/hv_balloon.c | ||
40529 | +++ b/drivers/hv/hv_balloon.c | ||
40530 | @@ -464,7 +464,7 @@ MODULE_PARM_DESC(hot_add, "If set attempt memory hot_add"); | ||
40531 | |||
40532 | module_param(pressure_report_delay, uint, (S_IRUGO | S_IWUSR)); | ||
40533 | MODULE_PARM_DESC(pressure_report_delay, "Delay in secs in reporting pressure"); | ||
40534 | -static atomic_t trans_id = ATOMIC_INIT(0); | ||
40535 | +static atomic_unchecked_t trans_id = ATOMIC_INIT(0); | ||
40536 | |||
40537 | static int dm_ring_size = (5 * PAGE_SIZE); | ||
40538 | |||
40539 | @@ -825,7 +825,7 @@ static void hot_add_req(struct work_struct *dummy) | ||
40540 | memset(&resp, 0, sizeof(struct dm_hot_add_response)); | ||
40541 | resp.hdr.type = DM_MEM_HOT_ADD_RESPONSE; | ||
40542 | resp.hdr.size = sizeof(struct dm_hot_add_response); | ||
40543 | - resp.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40544 | + resp.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40545 | |||
40546 | #ifdef CONFIG_MEMORY_HOTPLUG | ||
40547 | pg_start = dm->ha_wrk.ha_page_range.finfo.start_page; | ||
40548 | @@ -960,7 +960,7 @@ static void post_status(struct hv_dynmem_device *dm) | ||
40549 | memset(&status, 0, sizeof(struct dm_status)); | ||
40550 | status.hdr.type = DM_STATUS_REPORT; | ||
40551 | status.hdr.size = sizeof(struct dm_status); | ||
40552 | - status.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40553 | + status.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40554 | |||
40555 | /* | ||
40556 | * The host expects the guest to report free memory. | ||
40557 | @@ -980,7 +980,7 @@ static void post_status(struct hv_dynmem_device *dm) | ||
40558 | * send the status. This can happen if we were interrupted | ||
40559 | * after we picked our transaction ID. | ||
40560 | */ | ||
40561 | - if (status.hdr.trans_id != atomic_read(&trans_id)) | ||
40562 | + if (status.hdr.trans_id != atomic_read_unchecked(&trans_id)) | ||
40563 | return; | ||
40564 | |||
40565 | vmbus_sendpacket(dm->dev->channel, &status, | ||
40566 | @@ -1081,7 +1081,7 @@ static void balloon_up(struct work_struct *dummy) | ||
40567 | bl_resp = (struct dm_balloon_response *)send_buffer; | ||
40568 | memset(send_buffer, 0, PAGE_SIZE); | ||
40569 | bl_resp->hdr.type = DM_BALLOON_RESPONSE; | ||
40570 | - bl_resp->hdr.trans_id = atomic_inc_return(&trans_id); | ||
40571 | + bl_resp->hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40572 | bl_resp->hdr.size = sizeof(struct dm_balloon_response); | ||
40573 | bl_resp->more_pages = 1; | ||
40574 | |||
40575 | @@ -1152,7 +1152,7 @@ static void balloon_down(struct hv_dynmem_device *dm, | ||
40576 | |||
40577 | memset(&resp, 0, sizeof(struct dm_unballoon_response)); | ||
40578 | resp.hdr.type = DM_UNBALLOON_RESPONSE; | ||
40579 | - resp.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40580 | + resp.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40581 | resp.hdr.size = sizeof(struct dm_unballoon_response); | ||
40582 | |||
40583 | vmbus_sendpacket(dm_device.dev->channel, &resp, | ||
40584 | @@ -1215,7 +1215,7 @@ static void version_resp(struct hv_dynmem_device *dm, | ||
40585 | memset(&version_req, 0, sizeof(struct dm_version_request)); | ||
40586 | version_req.hdr.type = DM_VERSION_REQUEST; | ||
40587 | version_req.hdr.size = sizeof(struct dm_version_request); | ||
40588 | - version_req.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40589 | + version_req.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40590 | version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN7; | ||
40591 | version_req.is_last_attempt = 1; | ||
40592 | |||
40593 | @@ -1385,7 +1385,7 @@ static int balloon_probe(struct hv_device *dev, | ||
40594 | memset(&version_req, 0, sizeof(struct dm_version_request)); | ||
40595 | version_req.hdr.type = DM_VERSION_REQUEST; | ||
40596 | version_req.hdr.size = sizeof(struct dm_version_request); | ||
40597 | - version_req.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40598 | + version_req.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40599 | version_req.version.version = DYNMEM_PROTOCOL_VERSION_WIN8; | ||
40600 | version_req.is_last_attempt = 0; | ||
40601 | |||
40602 | @@ -1416,7 +1416,7 @@ static int balloon_probe(struct hv_device *dev, | ||
40603 | memset(&cap_msg, 0, sizeof(struct dm_capabilities)); | ||
40604 | cap_msg.hdr.type = DM_CAPABILITIES_REPORT; | ||
40605 | cap_msg.hdr.size = sizeof(struct dm_capabilities); | ||
40606 | - cap_msg.hdr.trans_id = atomic_inc_return(&trans_id); | ||
40607 | + cap_msg.hdr.trans_id = atomic_inc_return_unchecked(&trans_id); | ||
40608 | |||
40609 | cap_msg.caps.cap_bits.balloon = 1; | ||
40610 | cap_msg.caps.cap_bits.hot_add = 1; | ||
36787 | diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h | 40611 | diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h |
36788 | index 12f2f9e..679603c 100644 | 40612 | index 12f2f9e..679603c 100644 |
36789 | --- a/drivers/hv/hyperv_vmbus.h | 40613 | --- a/drivers/hv/hyperv_vmbus.h |
@@ -37385,6 +41209,32 @@ index 1f95bba..9530f87 100644 | |||
37385 | (u64) cmpxchg((u64 *) qp->r_sge.sge.vaddr, | 41209 | (u64) cmpxchg((u64 *) qp->r_sge.sge.vaddr, |
37386 | sdata, wqe->wr.wr.atomic.swap); | 41210 | sdata, wqe->wr.wr.atomic.swap); |
37387 | goto send_comp; | 41211 | goto send_comp; |
41212 | diff --git a/drivers/infiniband/hw/mlx4/mad.c b/drivers/infiniband/hw/mlx4/mad.c | ||
41213 | index 4d599ce..697b17f 100644 | ||
41214 | --- a/drivers/infiniband/hw/mlx4/mad.c | ||
41215 | +++ b/drivers/infiniband/hw/mlx4/mad.c | ||
41216 | @@ -98,7 +98,7 @@ __be64 mlx4_ib_gen_node_guid(void) | ||
41217 | |||
41218 | __be64 mlx4_ib_get_new_demux_tid(struct mlx4_ib_demux_ctx *ctx) | ||
41219 | { | ||
41220 | - return cpu_to_be64(atomic_inc_return(&ctx->tid)) | | ||
41221 | + return cpu_to_be64(atomic_inc_return_unchecked(&ctx->tid)) | | ||
41222 | cpu_to_be64(0xff00000000000000LL); | ||
41223 | } | ||
41224 | |||
41225 | diff --git a/drivers/infiniband/hw/mlx4/mlx4_ib.h b/drivers/infiniband/hw/mlx4/mlx4_ib.h | ||
41226 | index f61ec26..ebf72cf 100644 | ||
41227 | --- a/drivers/infiniband/hw/mlx4/mlx4_ib.h | ||
41228 | +++ b/drivers/infiniband/hw/mlx4/mlx4_ib.h | ||
41229 | @@ -398,7 +398,7 @@ struct mlx4_ib_demux_ctx { | ||
41230 | struct list_head mcg_mgid0_list; | ||
41231 | struct workqueue_struct *mcg_wq; | ||
41232 | struct mlx4_ib_demux_pv_ctx **tun; | ||
41233 | - atomic_t tid; | ||
41234 | + atomic_unchecked_t tid; | ||
41235 | int flushing; /* flushing the work queue */ | ||
41236 | }; | ||
41237 | |||
37388 | diff --git a/drivers/infiniband/hw/mthca/mthca_cmd.c b/drivers/infiniband/hw/mthca/mthca_cmd.c | 41238 | diff --git a/drivers/infiniband/hw/mthca/mthca_cmd.c b/drivers/infiniband/hw/mthca/mthca_cmd.c |
37389 | index 9d3e5c1..d9afe4a 100644 | 41239 | index 9d3e5c1..d9afe4a 100644 |
37390 | --- a/drivers/infiniband/hw/mthca/mthca_cmd.c | 41240 | --- a/drivers/infiniband/hw/mthca/mthca_cmd.c |
@@ -37913,6 +41763,28 @@ index fa061d4..4a6957c 100644 | |||
37913 | 41763 | ||
37914 | snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); | 41764 | snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); |
37915 | led->xpad = xpad; | 41765 | led->xpad = xpad; |
41766 | diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c | ||
41767 | index e204f26..8459f15 100644 | ||
41768 | --- a/drivers/input/misc/ims-pcu.c | ||
41769 | +++ b/drivers/input/misc/ims-pcu.c | ||
41770 | @@ -1621,7 +1621,7 @@ static int ims_pcu_identify_type(struct ims_pcu *pcu, u8 *device_id) | ||
41771 | |||
41772 | static int ims_pcu_init_application_mode(struct ims_pcu *pcu) | ||
41773 | { | ||
41774 | - static atomic_t device_no = ATOMIC_INIT(0); | ||
41775 | + static atomic_unchecked_t device_no = ATOMIC_INIT(0); | ||
41776 | |||
41777 | const struct ims_pcu_device_info *info; | ||
41778 | u8 device_id; | ||
41779 | @@ -1653,7 +1653,7 @@ static int ims_pcu_init_application_mode(struct ims_pcu *pcu) | ||
41780 | } | ||
41781 | |||
41782 | /* Device appears to be operable, complete initialization */ | ||
41783 | - pcu->device_no = atomic_inc_return(&device_no) - 1; | ||
41784 | + pcu->device_no = atomic_inc_return_unchecked(&device_no) - 1; | ||
41785 | |||
41786 | error = ims_pcu_setup_backlight(pcu); | ||
41787 | if (error) | ||
37916 | diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h | 41788 | diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h |
37917 | index 2f0b39d..7370f13 100644 | 41789 | index 2f0b39d..7370f13 100644 |
37918 | --- a/drivers/input/mouse/psmouse.h | 41790 | --- a/drivers/input/mouse/psmouse.h |
@@ -37961,6 +41833,28 @@ index 25fc597..558bf3b3 100644 | |||
37961 | serio->dev.bus = &serio_bus; | 41833 | serio->dev.bus = &serio_bus; |
37962 | serio->dev.release = serio_release_port; | 41834 | serio->dev.release = serio_release_port; |
37963 | serio->dev.groups = serio_device_attr_groups; | 41835 | serio->dev.groups = serio_device_attr_groups; |
41836 | diff --git a/drivers/input/serio/serio_raw.c b/drivers/input/serio/serio_raw.c | ||
41837 | index 59df2e7..8f1cafb 100644 | ||
41838 | --- a/drivers/input/serio/serio_raw.c | ||
41839 | +++ b/drivers/input/serio/serio_raw.c | ||
41840 | @@ -293,7 +293,7 @@ static irqreturn_t serio_raw_interrupt(struct serio *serio, unsigned char data, | ||
41841 | |||
41842 | static int serio_raw_connect(struct serio *serio, struct serio_driver *drv) | ||
41843 | { | ||
41844 | - static atomic_t serio_raw_no = ATOMIC_INIT(0); | ||
41845 | + static atomic_unchecked_t serio_raw_no = ATOMIC_INIT(0); | ||
41846 | struct serio_raw *serio_raw; | ||
41847 | int err; | ||
41848 | |||
41849 | @@ -304,7 +304,7 @@ static int serio_raw_connect(struct serio *serio, struct serio_driver *drv) | ||
41850 | } | ||
41851 | |||
41852 | snprintf(serio_raw->name, sizeof(serio_raw->name), | ||
41853 | - "serio_raw%ld", (long)atomic_inc_return(&serio_raw_no) - 1); | ||
41854 | + "serio_raw%ld", (long)atomic_inc_return_unchecked(&serio_raw_no) - 1); | ||
41855 | kref_init(&serio_raw->kref); | ||
41856 | INIT_LIST_HEAD(&serio_raw->client_list); | ||
41857 | init_waitqueue_head(&serio_raw->wait); | ||
37964 | diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c | 41858 | diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c |
37965 | index d8f98b1..f62a640 100644 | 41859 | index d8f98b1..f62a640 100644 |
37966 | --- a/drivers/iommu/iommu.c | 41860 | --- a/drivers/iommu/iommu.c |
@@ -38095,6 +41989,19 @@ index 600c79b..3752bab 100644 | |||
38095 | tty_port_tty_set(&cs->port, NULL); | 41989 | tty_port_tty_set(&cs->port, NULL); |
38096 | 41990 | ||
38097 | mutex_unlock(&cs->mutex); | 41991 | mutex_unlock(&cs->mutex); |
41992 | diff --git a/drivers/isdn/gigaset/usb-gigaset.c b/drivers/isdn/gigaset/usb-gigaset.c | ||
41993 | index d0a41cb..f0cdb8c 100644 | ||
41994 | --- a/drivers/isdn/gigaset/usb-gigaset.c | ||
41995 | +++ b/drivers/isdn/gigaset/usb-gigaset.c | ||
41996 | @@ -547,7 +547,7 @@ static int gigaset_brkchars(struct cardstate *cs, const unsigned char buf[6]) | ||
41997 | gigaset_dbg_buffer(DEBUG_USBREQ, "brkchars", 6, buf); | ||
41998 | memcpy(cs->hw.usb->bchars, buf, 6); | ||
41999 | return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), 0x19, 0x41, | ||
42000 | - 0, 0, &buf, 6, 2000); | ||
42001 | + 0, 0, buf, 6, 2000); | ||
42002 | } | ||
42003 | |||
42004 | static void gigaset_freebcshw(struct bc_state *bcs) | ||
38098 | diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c | 42005 | diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c |
38099 | index 4d9b195..455075c 100644 | 42006 | index 4d9b195..455075c 100644 |
38100 | --- a/drivers/isdn/hardware/avm/b1.c | 42007 | --- a/drivers/isdn/hardware/avm/b1.c |
@@ -38117,6 +42024,19 @@ index 4d9b195..455075c 100644 | |||
38117 | return -EFAULT; | 42024 | return -EFAULT; |
38118 | } else { | 42025 | } else { |
38119 | memcpy(buf, dp, left); | 42026 | memcpy(buf, dp, left); |
42027 | diff --git a/drivers/isdn/i4l/isdn_common.c b/drivers/isdn/i4l/isdn_common.c | ||
42028 | index 9bb12ba..d4262f7 100644 | ||
42029 | --- a/drivers/isdn/i4l/isdn_common.c | ||
42030 | +++ b/drivers/isdn/i4l/isdn_common.c | ||
42031 | @@ -1651,6 +1651,8 @@ isdn_ioctl(struct file *file, uint cmd, ulong arg) | ||
42032 | } else | ||
42033 | return -EINVAL; | ||
42034 | case IIOCDBGVAR: | ||
42035 | + if (!capable(CAP_SYS_RAWIO)) | ||
42036 | + return -EPERM; | ||
42037 | if (arg) { | ||
42038 | if (copy_to_user(argp, &dev, sizeof(ulong))) | ||
42039 | return -EFAULT; | ||
38120 | diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c | 42040 | diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c |
38121 | index 3c5f249..5fac4d0 100644 | 42041 | index 3c5f249..5fac4d0 100644 |
38122 | --- a/drivers/isdn/i4l/isdn_tty.c | 42042 | --- a/drivers/isdn/i4l/isdn_tty.c |
@@ -38385,6 +42305,19 @@ index 0003992..854bbce 100644 | |||
38385 | closure_set_ip(cl); | 42305 | closure_set_ip(cl); |
38386 | cl->fn = fn; | 42306 | cl->fn = fn; |
38387 | cl->wq = wq; | 42307 | cl->wq = wq; |
42308 | diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c | ||
42309 | index b4713ce..b30139b 100644 | ||
42310 | --- a/drivers/md/bcache/super.c | ||
42311 | +++ b/drivers/md/bcache/super.c | ||
42312 | @@ -1603,7 +1603,7 @@ err_unlock_gc: | ||
42313 | err: | ||
42314 | closure_sync(&op.cl); | ||
42315 | /* XXX: test this, it's broken */ | ||
42316 | - bch_cache_set_error(c, err); | ||
42317 | + bch_cache_set_error(c, "%s", err); | ||
42318 | } | ||
42319 | |||
42320 | static bool can_attach_cache(struct cache *ca, struct cache_set *c) | ||
38388 | diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c | 42321 | diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c |
38389 | index 5a2c754..0fa55db 100644 | 42322 | index 5a2c754..0fa55db 100644 |
38390 | --- a/drivers/md/bitmap.c | 42323 | --- a/drivers/md/bitmap.c |
@@ -38939,6 +42872,19 @@ index c7a9be1..683f6f8 100644 | |||
38939 | 42872 | ||
38940 | module_param_array(video_nr, int, NULL, 0444); | 42873 | module_param_array(video_nr, int, NULL, 0444); |
38941 | module_param_array(vbi_nr, int, NULL, 0444); | 42874 | module_param_array(vbi_nr, int, NULL, 0444); |
42875 | diff --git a/drivers/media/pci/ivtv/ivtv-driver.c b/drivers/media/pci/ivtv/ivtv-driver.c | ||
42876 | index 07b8460..e6d7265 100644 | ||
42877 | --- a/drivers/media/pci/ivtv/ivtv-driver.c | ||
42878 | +++ b/drivers/media/pci/ivtv/ivtv-driver.c | ||
42879 | @@ -84,7 +84,7 @@ static struct pci_device_id ivtv_pci_tbl[] = { | ||
42880 | MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl); | ||
42881 | |||
42882 | /* ivtv instance counter */ | ||
42883 | -static atomic_t ivtv_instance = ATOMIC_INIT(0); | ||
42884 | +static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0); | ||
42885 | |||
42886 | /* Parameter declarations */ | ||
42887 | static int cardtype[IVTV_MAX_CARDS]; | ||
38942 | diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c | 42888 | diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c |
38943 | index d338b19..aae4f9e 100644 | 42889 | index d338b19..aae4f9e 100644 |
38944 | --- a/drivers/media/platform/omap/omap_vout.c | 42890 | --- a/drivers/media/platform/omap/omap_vout.c |
@@ -39149,6 +43095,80 @@ index 545c04c..a14bded 100644 | |||
39149 | i = -EFAULT; | 43095 | i = -EFAULT; |
39150 | unlock: | 43096 | unlock: |
39151 | mutex_unlock(&dev->lock); | 43097 | mutex_unlock(&dev->lock); |
43098 | diff --git a/drivers/media/radio/radio-maxiradio.c b/drivers/media/radio/radio-maxiradio.c | ||
43099 | index bd4d3a7..ffc0b9d 100644 | ||
43100 | --- a/drivers/media/radio/radio-maxiradio.c | ||
43101 | +++ b/drivers/media/radio/radio-maxiradio.c | ||
43102 | @@ -61,7 +61,7 @@ MODULE_PARM_DESC(radio_nr, "Radio device number"); | ||
43103 | /* TEA5757 pin mappings */ | ||
43104 | static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16; | ||
43105 | |||
43106 | -static atomic_t maxiradio_instance = ATOMIC_INIT(0); | ||
43107 | +static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0); | ||
43108 | |||
43109 | #define PCI_VENDOR_ID_GUILLEMOT 0x5046 | ||
43110 | #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001 | ||
43111 | diff --git a/drivers/media/radio/radio-shark.c b/drivers/media/radio/radio-shark.c | ||
43112 | index 8fa18ab..caee70f 100644 | ||
43113 | --- a/drivers/media/radio/radio-shark.c | ||
43114 | +++ b/drivers/media/radio/radio-shark.c | ||
43115 | @@ -79,7 +79,7 @@ struct shark_device { | ||
43116 | u32 last_val; | ||
43117 | }; | ||
43118 | |||
43119 | -static atomic_t shark_instance = ATOMIC_INIT(0); | ||
43120 | +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0); | ||
43121 | |||
43122 | static void shark_write_val(struct snd_tea575x *tea, u32 val) | ||
43123 | { | ||
43124 | diff --git a/drivers/media/radio/radio-shark2.c b/drivers/media/radio/radio-shark2.c | ||
43125 | index 9fb6697..f167415 100644 | ||
43126 | --- a/drivers/media/radio/radio-shark2.c | ||
43127 | +++ b/drivers/media/radio/radio-shark2.c | ||
43128 | @@ -74,7 +74,7 @@ struct shark_device { | ||
43129 | u8 *transfer_buffer; | ||
43130 | }; | ||
43131 | |||
43132 | -static atomic_t shark_instance = ATOMIC_INIT(0); | ||
43133 | +static atomic_unchecked_t shark_instance = ATOMIC_INIT(0); | ||
43134 | |||
43135 | static int shark_write_reg(struct radio_tea5777 *tea, u64 reg) | ||
43136 | { | ||
43137 | diff --git a/drivers/media/radio/radio-si476x.c b/drivers/media/radio/radio-si476x.c | ||
43138 | index 9dc8baf..796d52f 100644 | ||
43139 | --- a/drivers/media/radio/radio-si476x.c | ||
43140 | +++ b/drivers/media/radio/radio-si476x.c | ||
43141 | @@ -1456,7 +1456,7 @@ static int si476x_radio_probe(struct platform_device *pdev) | ||
43142 | struct si476x_radio *radio; | ||
43143 | struct v4l2_ctrl *ctrl; | ||
43144 | |||
43145 | - static atomic_t instance = ATOMIC_INIT(0); | ||
43146 | + static atomic_unchecked_t instance = ATOMIC_INIT(0); | ||
43147 | |||
43148 | radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL); | ||
43149 | if (!radio) | ||
43150 | diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c | ||
43151 | index 1cf382a..c22998c 100644 | ||
43152 | --- a/drivers/media/rc/rc-main.c | ||
43153 | +++ b/drivers/media/rc/rc-main.c | ||
43154 | @@ -1030,7 +1030,7 @@ EXPORT_SYMBOL_GPL(rc_free_device); | ||
43155 | int rc_register_device(struct rc_dev *dev) | ||
43156 | { | ||
43157 | static bool raw_init = false; /* raw decoders loaded? */ | ||
43158 | - static atomic_t devno = ATOMIC_INIT(0); | ||
43159 | + static atomic_unchecked_t devno = ATOMIC_INIT(0); | ||
43160 | struct rc_map *rc_map; | ||
43161 | const char *path; | ||
43162 | int rc; | ||
43163 | @@ -1061,7 +1061,7 @@ int rc_register_device(struct rc_dev *dev) | ||
43164 | */ | ||
43165 | mutex_lock(&dev->lock); | ||
43166 | |||
43167 | - dev->devno = (unsigned long)(atomic_inc_return(&devno) - 1); | ||
43168 | + dev->devno = (unsigned long)(atomic_inc_return_unchecked(&devno) - 1); | ||
43169 | dev_set_name(&dev->dev, "rc%ld", dev->devno); | ||
43170 | dev_set_drvdata(&dev->dev, dev); | ||
43171 | rc = device_add(&dev->dev); | ||
39152 | diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c | 43172 | diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c |
39153 | index 3940bb0..fb3952a 100644 | 43173 | index 3940bb0..fb3952a 100644 |
39154 | --- a/drivers/media/usb/dvb-usb/cxusb.c | 43174 | --- a/drivers/media/usb/dvb-usb/cxusb.c |
@@ -39206,6 +43226,22 @@ index f129551..ecf6514 100644 | |||
39206 | return -EFAULT; | 43226 | return -EFAULT; |
39207 | return 0; | 43227 | return 0; |
39208 | } | 43228 | } |
43229 | diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c | ||
43230 | index 8ed5da2..47fee46 100644 | ||
43231 | --- a/drivers/media/v4l2-core/v4l2-device.c | ||
43232 | +++ b/drivers/media/v4l2-core/v4l2-device.c | ||
43233 | @@ -74,9 +74,9 @@ int v4l2_device_put(struct v4l2_device *v4l2_dev) | ||
43234 | EXPORT_SYMBOL_GPL(v4l2_device_put); | ||
43235 | |||
43236 | int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename, | ||
43237 | - atomic_t *instance) | ||
43238 | + atomic_unchecked_t *instance) | ||
43239 | { | ||
43240 | - int num = atomic_inc_return(instance) - 1; | ||
43241 | + int num = atomic_inc_return_unchecked(instance) - 1; | ||
43242 | int len = strlen(basename); | ||
43243 | |||
43244 | if (basename[len - 1] >= '0' && basename[len - 1] <= '9') | ||
39209 | diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c | 43245 | diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c |
39210 | index 7658586..1079260 100644 | 43246 | index 7658586..1079260 100644 |
39211 | --- a/drivers/media/v4l2-core/v4l2-ioctl.c | 43247 | --- a/drivers/media/v4l2-core/v4l2-ioctl.c |
@@ -40377,6 +44413,18 @@ index d3f8797..82a03d3 100644 | |||
40377 | 44413 | ||
40378 | vlan_req = (struct qlcnic_vlan_req *)&req->words[1]; | 44414 | vlan_req = (struct qlcnic_vlan_req *)&req->words[1]; |
40379 | vlan_req->vlan_id = cpu_to_le16(vlan_id); | 44415 | vlan_req->vlan_id = cpu_to_le16(vlan_id); |
44416 | diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c | ||
44417 | index 887aebe..9095ff9 100644 | ||
44418 | --- a/drivers/net/ethernet/realtek/8139cp.c | ||
44419 | +++ b/drivers/net/ethernet/realtek/8139cp.c | ||
44420 | @@ -524,6 +524,7 @@ rx_status_loop: | ||
44421 | PCI_DMA_FROMDEVICE); | ||
44422 | if (dma_mapping_error(&cp->pdev->dev, new_mapping)) { | ||
44423 | dev->stats.rx_dropped++; | ||
44424 | + kfree_skb(new_skb); | ||
44425 | goto rx_next; | ||
44426 | } | ||
44427 | |||
40380 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c | 44428 | diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c |
40381 | index 393f961..d343034 100644 | 44429 | index 393f961..d343034 100644 |
40382 | --- a/drivers/net/ethernet/realtek/r8169.c | 44430 | --- a/drivers/net/ethernet/realtek/r8169.c |
@@ -40594,10 +44642,32 @@ index b305105..8ead6df 100644 | |||
40594 | }; | 44642 | }; |
40595 | 44643 | ||
40596 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c | 44644 | diff --git a/drivers/net/tun.c b/drivers/net/tun.c |
40597 | index 2491eb2..694b2ec 100644 | 44645 | index 2491eb2..1a453eb 100644 |
40598 | --- a/drivers/net/tun.c | 44646 | --- a/drivers/net/tun.c |
40599 | +++ b/drivers/net/tun.c | 44647 | +++ b/drivers/net/tun.c |
40600 | @@ -1869,7 +1869,7 @@ unlock: | 44648 | @@ -1076,8 +1076,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, |
44649 | u32 rxhash; | ||
44650 | |||
44651 | if (!(tun->flags & TUN_NO_PI)) { | ||
44652 | - if ((len -= sizeof(pi)) > total_len) | ||
44653 | + if (len < sizeof(pi)) | ||
44654 | return -EINVAL; | ||
44655 | + len -= sizeof(pi); | ||
44656 | |||
44657 | if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi))) | ||
44658 | return -EFAULT; | ||
44659 | @@ -1085,8 +1086,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, | ||
44660 | } | ||
44661 | |||
44662 | if (tun->flags & TUN_VNET_HDR) { | ||
44663 | - if ((len -= tun->vnet_hdr_sz) > total_len) | ||
44664 | + if (len < tun->vnet_hdr_sz) | ||
44665 | return -EINVAL; | ||
44666 | + len -= tun->vnet_hdr_sz; | ||
44667 | |||
44668 | if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso))) | ||
44669 | return -EFAULT; | ||
44670 | @@ -1869,7 +1871,7 @@ unlock: | ||
40601 | } | 44671 | } |
40602 | 44672 | ||
40603 | static long __tun_chr_ioctl(struct file *file, unsigned int cmd, | 44673 | static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
@@ -40606,7 +44676,7 @@ index 2491eb2..694b2ec 100644 | |||
40606 | { | 44676 | { |
40607 | struct tun_file *tfile = file->private_data; | 44677 | struct tun_file *tfile = file->private_data; |
40608 | struct tun_struct *tun; | 44678 | struct tun_struct *tun; |
40609 | @@ -1881,6 +1881,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, | 44679 | @@ -1881,6 +1883,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, |
40610 | int vnet_hdr_sz; | 44680 | int vnet_hdr_sz; |
40611 | int ret; | 44681 | int ret; |
40612 | 44682 | ||
@@ -40707,6 +44777,28 @@ index cba1d46..f703766 100644 | |||
40707 | result = | 44777 | result = |
40708 | hso_start_serial_device(serial_table[i], GFP_NOIO); | 44778 | hso_start_serial_device(serial_table[i], GFP_NOIO); |
40709 | hso_kick_transmit(dev2ser(serial_table[i])); | 44779 | hso_kick_transmit(dev2ser(serial_table[i])); |
44780 | diff --git a/drivers/net/usb/sierra_net.c b/drivers/net/usb/sierra_net.c | ||
44781 | index a79e9d3..78cd4fa 100644 | ||
44782 | --- a/drivers/net/usb/sierra_net.c | ||
44783 | +++ b/drivers/net/usb/sierra_net.c | ||
44784 | @@ -52,7 +52,7 @@ static const char driver_name[] = "sierra_net"; | ||
44785 | /* atomic counter partially included in MAC address to make sure 2 devices | ||
44786 | * do not end up with the same MAC - concept breaks in case of > 255 ifaces | ||
44787 | */ | ||
44788 | -static atomic_t iface_counter = ATOMIC_INIT(0); | ||
44789 | +static atomic_unchecked_t iface_counter = ATOMIC_INIT(0); | ||
44790 | |||
44791 | /* | ||
44792 | * SYNC Timer Delay definition used to set the expiry time | ||
44793 | @@ -698,7 +698,7 @@ static int sierra_net_bind(struct usbnet *dev, struct usb_interface *intf) | ||
44794 | dev->net->netdev_ops = &sierra_net_device_ops; | ||
44795 | |||
44796 | /* change MAC addr to include, ifacenum, and to be unique */ | ||
44797 | - dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter); | ||
44798 | + dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter); | ||
44799 | dev->net->dev_addr[ETH_ALEN-1] = ifacenum; | ||
44800 | |||
44801 | /* we will have to manufacture ethernet headers, prepare template */ | ||
40710 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c | 44802 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c |
40711 | index 57325f3..36b181f 100644 | 44803 | index 57325f3..36b181f 100644 |
40712 | --- a/drivers/net/vxlan.c | 44804 | --- a/drivers/net/vxlan.c |
@@ -41111,8 +45203,29 @@ index d532948..e0d8bb1 100644 | |||
41111 | 45203 | ||
41112 | memset(buf, 0, sizeof(buf)); | 45204 | memset(buf, 0, sizeof(buf)); |
41113 | buf_size = min(count, sizeof(buf) - 1); | 45205 | buf_size = min(count, sizeof(buf) - 1); |
45206 | diff --git a/drivers/net/wireless/iwlwifi/dvm/main.c b/drivers/net/wireless/iwlwifi/dvm/main.c | ||
45207 | index a8afc7b..de058b2 100644 | ||
45208 | --- a/drivers/net/wireless/iwlwifi/dvm/main.c | ||
45209 | +++ b/drivers/net/wireless/iwlwifi/dvm/main.c | ||
45210 | @@ -1189,7 +1189,7 @@ static void iwl_option_config(struct iwl_priv *priv) | ||
45211 | static int iwl_eeprom_init_hw_params(struct iwl_priv *priv) | ||
45212 | { | ||
45213 | struct iwl_nvm_data *data = priv->nvm_data; | ||
45214 | - char *debug_msg; | ||
45215 | + static const char debug_msg[] = "Device SKU: 24GHz %s %s, 52GHz %s %s, 11.n %s %s\n"; | ||
45216 | |||
45217 | if (data->sku_cap_11n_enable && | ||
45218 | !priv->cfg->ht_params) { | ||
45219 | @@ -1203,7 +1203,6 @@ static int iwl_eeprom_init_hw_params(struct iwl_priv *priv) | ||
45220 | return -EINVAL; | ||
45221 | } | ||
45222 | |||
45223 | - debug_msg = "Device SKU: 24GHz %s %s, 52GHz %s %s, 11.n %s %s\n"; | ||
45224 | IWL_DEBUG_INFO(priv, debug_msg, | ||
45225 | data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled", | ||
45226 | data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled", | ||
41114 | diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c | 45227 | diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c |
41115 | index 50ba0a4..29424e7 100644 | 45228 | index aeb70e1..d7b5bb5 100644 |
41116 | --- a/drivers/net/wireless/iwlwifi/pcie/trans.c | 45229 | --- a/drivers/net/wireless/iwlwifi/pcie/trans.c |
41117 | +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c | 45230 | +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c |
41118 | @@ -1329,7 +1329,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, | 45231 | @@ -1329,7 +1329,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, |
@@ -41203,7 +45316,7 @@ index 7510723..5ba37f5 100644 | |||
41203 | 45316 | ||
41204 | static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) | 45317 | static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) |
41205 | diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c | 45318 | diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c |
41206 | index 2c12311..7b77f24 100644 | 45319 | index d955741..8730748 100644 |
41207 | --- a/drivers/net/wireless/rt2x00/rt2x00queue.c | 45320 | --- a/drivers/net/wireless/rt2x00/rt2x00queue.c |
41208 | +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c | 45321 | +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c |
41209 | @@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, | 45322 | @@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, |
@@ -41607,6 +45720,26 @@ index 7d72c5e..edce02c 100644 | |||
41607 | char name[SLOT_NAME_SIZE]; | 45720 | char name[SLOT_NAME_SIZE]; |
41608 | int retval = -ENOMEM; | 45721 | int retval = -ENOMEM; |
41609 | 45722 | ||
45723 | diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c | ||
45724 | index 5127f3f..b225573 100644 | ||
45725 | --- a/drivers/pci/hotplug/pciehp_hpc.c | ||
45726 | +++ b/drivers/pci/hotplug/pciehp_hpc.c | ||
45727 | @@ -773,14 +773,12 @@ static void pcie_shutdown_notification(struct controller *ctrl) | ||
45728 | static int pcie_init_slot(struct controller *ctrl) | ||
45729 | { | ||
45730 | struct slot *slot; | ||
45731 | - char name[32]; | ||
45732 | |||
45733 | slot = kzalloc(sizeof(*slot), GFP_KERNEL); | ||
45734 | if (!slot) | ||
45735 | return -ENOMEM; | ||
45736 | |||
45737 | - snprintf(name, sizeof(name), "pciehp-%u", PSN(ctrl)); | ||
45738 | - slot->wq = alloc_workqueue(name, 0, 0); | ||
45739 | + slot->wq = alloc_workqueue("pciehp-%u", 0, 0, PSN(ctrl)); | ||
45740 | if (!slot->wq) | ||
45741 | goto abort; | ||
45742 | |||
41610 | diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c | 45743 | diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c |
41611 | index 5b4a9d9..cd5ac1f 100644 | 45744 | index 5b4a9d9..cd5ac1f 100644 |
41612 | --- a/drivers/pci/pci-sysfs.c | 45745 | --- a/drivers/pci/pci-sysfs.c |
@@ -41885,6 +46018,19 @@ index 54d31c0..3f896d3 100644 | |||
41885 | 46018 | ||
41886 | /* | 46019 | /* |
41887 | * Polling driver | 46020 | * Polling driver |
46021 | diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c | ||
46022 | index e4ac38a..b13344c 100644 | ||
46023 | --- a/drivers/platform/x86/wmi.c | ||
46024 | +++ b/drivers/platform/x86/wmi.c | ||
46025 | @@ -743,7 +743,7 @@ static int wmi_create_device(const struct guid_block *gblock, | ||
46026 | wblock->dev.class = &wmi_class; | ||
46027 | |||
46028 | wmi_gtoa(gblock->guid, guid_string); | ||
46029 | - dev_set_name(&wblock->dev, guid_string); | ||
46030 | + dev_set_name(&wblock->dev, "%s", guid_string); | ||
46031 | |||
46032 | dev_set_drvdata(&wblock->dev, wblock); | ||
46033 | |||
41888 | diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c | 46034 | diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c |
41889 | index 769d265..a3a05ca 100644 | 46035 | index 769d265..a3a05ca 100644 |
41890 | --- a/drivers/pnp/pnpbios/bioscalls.c | 46036 | --- a/drivers/pnp/pnpbios/bioscalls.c |
@@ -42060,6 +46206,28 @@ index 29178f7..c65f324 100644 | |||
42060 | for (i = 0; i < ARRAY_SIZE(power_supply_attrs); i++) | 46206 | for (i = 0; i < ARRAY_SIZE(power_supply_attrs); i++) |
42061 | __power_supply_attrs[i] = &power_supply_attrs[i].attr; | 46207 | __power_supply_attrs[i] = &power_supply_attrs[i].attr; |
42062 | } | 46208 | } |
46209 | diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c | ||
46210 | index 815d6df..811633a 100644 | ||
46211 | --- a/drivers/regulator/core.c | ||
46212 | +++ b/drivers/regulator/core.c | ||
46213 | @@ -3529,7 +3529,7 @@ regulator_register(const struct regulator_desc *regulator_desc, | ||
46214 | { | ||
46215 | const struct regulation_constraints *constraints = NULL; | ||
46216 | const struct regulator_init_data *init_data; | ||
46217 | - static atomic_t regulator_no = ATOMIC_INIT(0); | ||
46218 | + static atomic_unchecked_t regulator_no = ATOMIC_INIT(0); | ||
46219 | struct regulator_dev *rdev; | ||
46220 | struct device *dev; | ||
46221 | int ret, i; | ||
46222 | @@ -3599,7 +3599,7 @@ regulator_register(const struct regulator_desc *regulator_desc, | ||
46223 | rdev->dev.of_node = config->of_node; | ||
46224 | rdev->dev.parent = dev; | ||
46225 | dev_set_name(&rdev->dev, "regulator.%d", | ||
46226 | - atomic_inc_return(®ulator_no) - 1); | ||
46227 | + atomic_inc_return_unchecked(®ulator_no) - 1); | ||
46228 | ret = device_register(&rdev->dev); | ||
46229 | if (ret != 0) { | ||
46230 | put_device(&rdev->dev); | ||
42063 | diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c | 46231 | diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c |
42064 | index d428ef9..fdc0357 100644 | 46232 | index d428ef9..fdc0357 100644 |
42065 | --- a/drivers/regulator/max8660.c | 46233 | --- a/drivers/regulator/max8660.c |
@@ -42214,6 +46382,50 @@ index 23a90e7..9cf04ee 100644 | |||
42214 | 46382 | ||
42215 | /* | 46383 | /* |
42216 | * Queue element to wait for room in request queue. FIFO order is | 46384 | * Queue element to wait for room in request queue. FIFO order is |
46385 | diff --git a/drivers/scsi/fcoe/fcoe_sysfs.c b/drivers/scsi/fcoe/fcoe_sysfs.c | ||
46386 | index 8c05ae01..b2cf224 100644 | ||
46387 | --- a/drivers/scsi/fcoe/fcoe_sysfs.c | ||
46388 | +++ b/drivers/scsi/fcoe/fcoe_sysfs.c | ||
46389 | @@ -33,8 +33,8 @@ | ||
46390 | */ | ||
46391 | #include "libfcoe.h" | ||
46392 | |||
46393 | -static atomic_t ctlr_num; | ||
46394 | -static atomic_t fcf_num; | ||
46395 | +static atomic_unchecked_t ctlr_num; | ||
46396 | +static atomic_unchecked_t fcf_num; | ||
46397 | |||
46398 | /* | ||
46399 | * fcoe_fcf_dev_loss_tmo: the default number of seconds that fcoe sysfs | ||
46400 | @@ -681,7 +681,7 @@ struct fcoe_ctlr_device *fcoe_ctlr_device_add(struct device *parent, | ||
46401 | if (!ctlr) | ||
46402 | goto out; | ||
46403 | |||
46404 | - ctlr->id = atomic_inc_return(&ctlr_num) - 1; | ||
46405 | + ctlr->id = atomic_inc_return_unchecked(&ctlr_num) - 1; | ||
46406 | ctlr->f = f; | ||
46407 | ctlr->mode = FIP_CONN_TYPE_FABRIC; | ||
46408 | INIT_LIST_HEAD(&ctlr->fcfs); | ||
46409 | @@ -898,7 +898,7 @@ struct fcoe_fcf_device *fcoe_fcf_device_add(struct fcoe_ctlr_device *ctlr, | ||
46410 | fcf->dev.parent = &ctlr->dev; | ||
46411 | fcf->dev.bus = &fcoe_bus_type; | ||
46412 | fcf->dev.type = &fcoe_fcf_device_type; | ||
46413 | - fcf->id = atomic_inc_return(&fcf_num) - 1; | ||
46414 | + fcf->id = atomic_inc_return_unchecked(&fcf_num) - 1; | ||
46415 | fcf->state = FCOE_FCF_STATE_UNKNOWN; | ||
46416 | |||
46417 | fcf->dev_loss_tmo = ctlr->fcf_dev_loss_tmo; | ||
46418 | @@ -934,8 +934,8 @@ int __init fcoe_sysfs_setup(void) | ||
46419 | { | ||
46420 | int error; | ||
46421 | |||
46422 | - atomic_set(&ctlr_num, 0); | ||
46423 | - atomic_set(&fcf_num, 0); | ||
46424 | + atomic_set_unchecked(&ctlr_num, 0); | ||
46425 | + atomic_set_unchecked(&fcf_num, 0); | ||
46426 | |||
46427 | error = bus_register(&fcoe_bus_type); | ||
46428 | if (error) | ||
42217 | diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c | 46429 | diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c |
42218 | index df0c3c7..b00e1d0 100644 | 46430 | index df0c3c7..b00e1d0 100644 |
42219 | --- a/drivers/scsi/hosts.c | 46431 | --- a/drivers/scsi/hosts.c |
@@ -42925,7 +47137,7 @@ index 4d231c1..2892c37 100644 | |||
42925 | ddb_entry->default_relogin_timeout = | 47137 | ddb_entry->default_relogin_timeout = |
42926 | (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? | 47138 | (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? |
42927 | diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c | 47139 | diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c |
42928 | index 3b1ea34..1583a72 100644 | 47140 | index eaa808e..95f8841 100644 |
42929 | --- a/drivers/scsi/scsi.c | 47141 | --- a/drivers/scsi/scsi.c |
42930 | +++ b/drivers/scsi/scsi.c | 47142 | +++ b/drivers/scsi/scsi.c |
42931 | @@ -661,7 +661,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) | 47143 | @@ -661,7 +661,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) |
@@ -43091,7 +47303,7 @@ index f379c7f..e8fc69c 100644 | |||
43091 | 47303 | ||
43092 | transport_setup_device(&rport->dev); | 47304 | transport_setup_device(&rport->dev); |
43093 | diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c | 47305 | diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
43094 | index 610417e..1544fa9 100644 | 47306 | index 610417e..167c46c 100644 |
43095 | --- a/drivers/scsi/sd.c | 47307 | --- a/drivers/scsi/sd.c |
43096 | +++ b/drivers/scsi/sd.c | 47308 | +++ b/drivers/scsi/sd.c |
43097 | @@ -2928,7 +2928,7 @@ static int sd_probe(struct device *dev) | 47309 | @@ -2928,7 +2928,7 @@ static int sd_probe(struct device *dev) |
@@ -43103,6 +47315,15 @@ index 610417e..1544fa9 100644 | |||
43103 | 47315 | ||
43104 | if (!sdp->request_queue->rq_timeout) { | 47316 | if (!sdp->request_queue->rq_timeout) { |
43105 | if (sdp->type != TYPE_MOD) | 47317 | if (sdp->type != TYPE_MOD) |
47318 | @@ -2941,7 +2941,7 @@ static int sd_probe(struct device *dev) | ||
47319 | device_initialize(&sdkp->dev); | ||
47320 | sdkp->dev.parent = dev; | ||
47321 | sdkp->dev.class = &sd_disk_class; | ||
47322 | - dev_set_name(&sdkp->dev, dev_name(dev)); | ||
47323 | + dev_set_name(&sdkp->dev, "%s", dev_name(dev)); | ||
47324 | |||
47325 | if (device_add(&sdkp->dev)) | ||
47326 | goto out_free_index; | ||
43106 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c | 47327 | diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c |
43107 | index df5e961..df6b97f 100644 | 47328 | index df5e961..df6b97f 100644 |
43108 | --- a/drivers/scsi/sg.c | 47329 | --- a/drivers/scsi/sg.c |
@@ -43129,6 +47350,37 @@ index 32b7bb1..2f1c4bd 100644 | |||
43129 | 47350 | ||
43130 | static u8 *buf; | 47351 | static u8 *buf; |
43131 | 47352 | ||
47353 | diff --git a/drivers/staging/android/timed_output.c b/drivers/staging/android/timed_output.c | ||
47354 | index ec9e2ae..cd15d67 100644 | ||
47355 | --- a/drivers/staging/android/timed_output.c | ||
47356 | +++ b/drivers/staging/android/timed_output.c | ||
47357 | @@ -25,7 +25,7 @@ | ||
47358 | #include "timed_output.h" | ||
47359 | |||
47360 | static struct class *timed_output_class; | ||
47361 | -static atomic_t device_count; | ||
47362 | +static atomic_unchecked_t device_count; | ||
47363 | |||
47364 | static ssize_t enable_show(struct device *dev, struct device_attribute *attr, | ||
47365 | char *buf) | ||
47366 | @@ -59,7 +59,7 @@ static int create_timed_output_class(void) | ||
47367 | timed_output_class = class_create(THIS_MODULE, "timed_output"); | ||
47368 | if (IS_ERR(timed_output_class)) | ||
47369 | return PTR_ERR(timed_output_class); | ||
47370 | - atomic_set(&device_count, 0); | ||
47371 | + atomic_set_unchecked(&device_count, 0); | ||
47372 | } | ||
47373 | |||
47374 | return 0; | ||
47375 | @@ -76,7 +76,7 @@ int timed_output_dev_register(struct timed_output_dev *tdev) | ||
47376 | if (ret < 0) | ||
47377 | return ret; | ||
47378 | |||
47379 | - tdev->index = atomic_inc_return(&device_count); | ||
47380 | + tdev->index = atomic_inc_return_unchecked(&device_count); | ||
47381 | tdev->dev = device_create(timed_output_class, NULL, | ||
47382 | MKDEV(0, tdev->index), NULL, tdev->name); | ||
47383 | if (IS_ERR(tdev->dev)) | ||
43132 | diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c | 47384 | diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c |
43133 | index 3675020..e80d92c 100644 | 47385 | index 3675020..e80d92c 100644 |
43134 | --- a/drivers/staging/media/solo6x10/solo6x10-core.c | 47386 | --- a/drivers/staging/media/solo6x10/solo6x10-core.c |
@@ -43142,6 +47394,32 @@ index 3675020..e80d92c 100644 | |||
43142 | struct device *dev = &solo_dev->dev; | 47394 | struct device *dev = &solo_dev->dev; |
43143 | const char *driver; | 47395 | const char *driver; |
43144 | int i; | 47396 | int i; |
47397 | diff --git a/drivers/staging/media/solo6x10/solo6x10-p2m.c b/drivers/staging/media/solo6x10/solo6x10-p2m.c | ||
47398 | index 3335941..2b26186 100644 | ||
47399 | --- a/drivers/staging/media/solo6x10/solo6x10-p2m.c | ||
47400 | +++ b/drivers/staging/media/solo6x10/solo6x10-p2m.c | ||
47401 | @@ -77,7 +77,7 @@ int solo_p2m_dma_desc(struct solo_dev *solo_dev, | ||
47402 | |||
47403 | /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */ | ||
47404 | if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) { | ||
47405 | - p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M; | ||
47406 | + p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M; | ||
47407 | if (p2m_id < 0) | ||
47408 | p2m_id = -p2m_id; | ||
47409 | } | ||
47410 | diff --git a/drivers/staging/media/solo6x10/solo6x10.h b/drivers/staging/media/solo6x10/solo6x10.h | ||
47411 | index 6f91d2e..3f011d2 100644 | ||
47412 | --- a/drivers/staging/media/solo6x10/solo6x10.h | ||
47413 | +++ b/drivers/staging/media/solo6x10/solo6x10.h | ||
47414 | @@ -238,7 +238,7 @@ struct solo_dev { | ||
47415 | |||
47416 | /* P2M DMA Engine */ | ||
47417 | struct solo_p2m_dev p2m_dev[SOLO_NR_P2M]; | ||
47418 | - atomic_t p2m_count; | ||
47419 | + atomic_unchecked_t p2m_count; | ||
47420 | int p2m_jiffies; | ||
47421 | unsigned int p2m_timeouts; | ||
47422 | |||
43145 | diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c | 47423 | diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c |
43146 | index 34afc16..ffe44dd 100644 | 47424 | index 34afc16..ffe44dd 100644 |
43147 | --- a/drivers/staging/octeon/ethernet-rx.c | 47425 | --- a/drivers/staging/octeon/ethernet-rx.c |
@@ -43337,48 +47615,50 @@ index c699a30..b90a5fd 100644 | |||
43337 | pDevice->apdev->netdev_ops = &apdev_netdev_ops; | 47615 | pDevice->apdev->netdev_ops = &apdev_netdev_ops; |
43338 | 47616 | ||
43339 | pDevice->apdev->type = ARPHRD_IEEE80211; | 47617 | pDevice->apdev->type = ARPHRD_IEEE80211; |
43340 | diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c | ||
43341 | index d7e51e4..d07eaab 100644 | ||
43342 | --- a/drivers/staging/zcache/tmem.c | ||
43343 | +++ b/drivers/staging/zcache/tmem.c | ||
43344 | @@ -51,7 +51,7 @@ | ||
43345 | * A tmem host implementation must use this function to register callbacks | ||
43346 | * for memory allocation. | ||
43347 | */ | ||
43348 | -static struct tmem_hostops tmem_hostops; | ||
43349 | +static tmem_hostops_no_const tmem_hostops; | ||
43350 | |||
43351 | static void tmem_objnode_tree_init(void); | ||
43352 | |||
43353 | @@ -65,7 +65,7 @@ void tmem_register_hostops(struct tmem_hostops *m) | ||
43354 | * A tmem host implementation must use this function to register | ||
43355 | * callbacks for a page-accessible memory (PAM) implementation. | ||
43356 | */ | ||
43357 | -static struct tmem_pamops tmem_pamops; | ||
43358 | +static tmem_pamops_no_const tmem_pamops; | ||
43359 | |||
43360 | void tmem_register_pamops(struct tmem_pamops *m) | ||
43361 | { | ||
43362 | diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h | 47618 | diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h |
43363 | index d128ce2..a43980c 100644 | 47619 | index d128ce2..fc1f9a1 100644 |
43364 | --- a/drivers/staging/zcache/tmem.h | 47620 | --- a/drivers/staging/zcache/tmem.h |
43365 | +++ b/drivers/staging/zcache/tmem.h | 47621 | +++ b/drivers/staging/zcache/tmem.h |
43366 | @@ -226,6 +226,7 @@ struct tmem_pamops { | 47622 | @@ -225,7 +225,7 @@ struct tmem_pamops { |
47623 | bool (*is_remote)(void *); | ||
43367 | int (*replace_in_obj)(void *, struct tmem_obj *); | 47624 | int (*replace_in_obj)(void *, struct tmem_obj *); |
43368 | #endif | 47625 | #endif |
43369 | }; | 47626 | -}; |
43370 | +typedef struct tmem_pamops __no_const tmem_pamops_no_const; | 47627 | +} __no_const; |
43371 | extern void tmem_register_pamops(struct tmem_pamops *m); | 47628 | extern void tmem_register_pamops(struct tmem_pamops *m); |
43372 | 47629 | ||
43373 | /* memory allocation methods provided by the host implementation */ | 47630 | /* memory allocation methods provided by the host implementation */ |
43374 | @@ -235,6 +236,7 @@ struct tmem_hostops { | 47631 | @@ -234,7 +234,7 @@ struct tmem_hostops { |
47632 | void (*obj_free)(struct tmem_obj *, struct tmem_pool *); | ||
43375 | struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *); | 47633 | struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *); |
43376 | void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *); | 47634 | void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *); |
43377 | }; | 47635 | -}; |
43378 | +typedef struct tmem_hostops __no_const tmem_hostops_no_const; | 47636 | +} __no_const; |
43379 | extern void tmem_register_hostops(struct tmem_hostops *m); | 47637 | extern void tmem_register_hostops(struct tmem_hostops *m); |
43380 | 47638 | ||
43381 | /* core tmem accessor functions */ | 47639 | /* core tmem accessor functions */ |
47640 | diff --git a/drivers/target/sbp/sbp_target.c b/drivers/target/sbp/sbp_target.c | ||
47641 | index d3536f5..a0c2ce9 100644 | ||
47642 | --- a/drivers/target/sbp/sbp_target.c | ||
47643 | +++ b/drivers/target/sbp/sbp_target.c | ||
47644 | @@ -62,7 +62,7 @@ static const u32 sbp_unit_directory_template[] = { | ||
47645 | |||
47646 | #define SESSION_MAINTENANCE_INTERVAL HZ | ||
47647 | |||
47648 | -static atomic_t login_id = ATOMIC_INIT(0); | ||
47649 | +static atomic_unchecked_t login_id = ATOMIC_INIT(0); | ||
47650 | |||
47651 | static void session_maintenance_work(struct work_struct *); | ||
47652 | static int sbp_run_transaction(struct fw_card *, int, int, int, int, | ||
47653 | @@ -444,7 +444,7 @@ static void sbp_management_request_login( | ||
47654 | login->lun = se_lun; | ||
47655 | login->status_fifo_addr = sbp2_pointer_to_addr(&req->orb.status_fifo); | ||
47656 | login->exclusive = LOGIN_ORB_EXCLUSIVE(be32_to_cpu(req->orb.misc)); | ||
47657 | - login->login_id = atomic_inc_return(&login_id); | ||
47658 | + login->login_id = atomic_inc_return_unchecked(&login_id); | ||
47659 | |||
47660 | login->tgt_agt = sbp_target_agent_register(login); | ||
47661 | if (IS_ERR(login->tgt_agt)) { | ||
43382 | diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c | 47662 | diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c |
43383 | index 4630481..c26782a 100644 | 47663 | index 4630481..c26782a 100644 |
43384 | --- a/drivers/target/target_core_device.c | 47664 | --- a/drivers/target/target_core_device.c |
@@ -43586,6 +47866,95 @@ index 81e939e..95ead10 100644 | |||
43586 | return 0; | 47866 | return 0; |
43587 | 47867 | ||
43588 | return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; | 47868 | return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; |
47869 | diff --git a/drivers/tty/hvc/hvsi.c b/drivers/tty/hvc/hvsi.c | ||
47870 | index 4190199..48f2920 100644 | ||
47871 | --- a/drivers/tty/hvc/hvsi.c | ||
47872 | +++ b/drivers/tty/hvc/hvsi.c | ||
47873 | @@ -85,7 +85,7 @@ struct hvsi_struct { | ||
47874 | int n_outbuf; | ||
47875 | uint32_t vtermno; | ||
47876 | uint32_t virq; | ||
47877 | - atomic_t seqno; /* HVSI packet sequence number */ | ||
47878 | + atomic_unchecked_t seqno; /* HVSI packet sequence number */ | ||
47879 | uint16_t mctrl; | ||
47880 | uint8_t state; /* HVSI protocol state */ | ||
47881 | uint8_t flags; | ||
47882 | @@ -295,7 +295,7 @@ static int hvsi_version_respond(struct hvsi_struct *hp, uint16_t query_seqno) | ||
47883 | |||
47884 | packet.hdr.type = VS_QUERY_RESPONSE_PACKET_HEADER; | ||
47885 | packet.hdr.len = sizeof(struct hvsi_query_response); | ||
47886 | - packet.hdr.seqno = atomic_inc_return(&hp->seqno); | ||
47887 | + packet.hdr.seqno = atomic_inc_return_unchecked(&hp->seqno); | ||
47888 | packet.verb = VSV_SEND_VERSION_NUMBER; | ||
47889 | packet.u.version = HVSI_VERSION; | ||
47890 | packet.query_seqno = query_seqno+1; | ||
47891 | @@ -555,7 +555,7 @@ static int hvsi_query(struct hvsi_struct *hp, uint16_t verb) | ||
47892 | |||
47893 | packet.hdr.type = VS_QUERY_PACKET_HEADER; | ||
47894 | packet.hdr.len = sizeof(struct hvsi_query); | ||
47895 | - packet.hdr.seqno = atomic_inc_return(&hp->seqno); | ||
47896 | + packet.hdr.seqno = atomic_inc_return_unchecked(&hp->seqno); | ||
47897 | packet.verb = verb; | ||
47898 | |||
47899 | pr_debug("%s: sending %i bytes\n", __func__, packet.hdr.len); | ||
47900 | @@ -597,7 +597,7 @@ static int hvsi_set_mctrl(struct hvsi_struct *hp, uint16_t mctrl) | ||
47901 | int wrote; | ||
47902 | |||
47903 | packet.hdr.type = VS_CONTROL_PACKET_HEADER, | ||
47904 | - packet.hdr.seqno = atomic_inc_return(&hp->seqno); | ||
47905 | + packet.hdr.seqno = atomic_inc_return_unchecked(&hp->seqno); | ||
47906 | packet.hdr.len = sizeof(struct hvsi_control); | ||
47907 | packet.verb = VSV_SET_MODEM_CTL; | ||
47908 | packet.mask = HVSI_TSDTR; | ||
47909 | @@ -680,7 +680,7 @@ static int hvsi_put_chars(struct hvsi_struct *hp, const char *buf, int count) | ||
47910 | BUG_ON(count > HVSI_MAX_OUTGOING_DATA); | ||
47911 | |||
47912 | packet.hdr.type = VS_DATA_PACKET_HEADER; | ||
47913 | - packet.hdr.seqno = atomic_inc_return(&hp->seqno); | ||
47914 | + packet.hdr.seqno = atomic_inc_return_unchecked(&hp->seqno); | ||
47915 | packet.hdr.len = count + sizeof(struct hvsi_header); | ||
47916 | memcpy(&packet.data, buf, count); | ||
47917 | |||
47918 | @@ -697,7 +697,7 @@ static void hvsi_close_protocol(struct hvsi_struct *hp) | ||
47919 | struct hvsi_control packet __ALIGNED__; | ||
47920 | |||
47921 | packet.hdr.type = VS_CONTROL_PACKET_HEADER; | ||
47922 | - packet.hdr.seqno = atomic_inc_return(&hp->seqno); | ||
47923 | + packet.hdr.seqno = atomic_inc_return_unchecked(&hp->seqno); | ||
47924 | packet.hdr.len = 6; | ||
47925 | packet.verb = VSV_CLOSE_PROTOCOL; | ||
47926 | |||
47927 | diff --git a/drivers/tty/hvc/hvsi_lib.c b/drivers/tty/hvc/hvsi_lib.c | ||
47928 | index 3396eb9..6d3d540 100644 | ||
47929 | --- a/drivers/tty/hvc/hvsi_lib.c | ||
47930 | +++ b/drivers/tty/hvc/hvsi_lib.c | ||
47931 | @@ -9,7 +9,7 @@ | ||
47932 | |||
47933 | static int hvsi_send_packet(struct hvsi_priv *pv, struct hvsi_header *packet) | ||
47934 | { | ||
47935 | - packet->seqno = atomic_inc_return(&pv->seqno); | ||
47936 | + packet->seqno = atomic_inc_return_unchecked(&pv->seqno); | ||
47937 | |||
47938 | /* Assumes that always succeeds, works in practice */ | ||
47939 | return pv->put_chars(pv->termno, (char *)packet, packet->len); | ||
47940 | @@ -21,7 +21,7 @@ static void hvsi_start_handshake(struct hvsi_priv *pv) | ||
47941 | |||
47942 | /* Reset state */ | ||
47943 | pv->established = 0; | ||
47944 | - atomic_set(&pv->seqno, 0); | ||
47945 | + atomic_set_unchecked(&pv->seqno, 0); | ||
47946 | |||
47947 | pr_devel("HVSI@%x: Handshaking started\n", pv->termno); | ||
47948 | |||
47949 | @@ -265,7 +265,7 @@ int hvsilib_read_mctrl(struct hvsi_priv *pv) | ||
47950 | pv->mctrl_update = 0; | ||
47951 | q.hdr.type = VS_QUERY_PACKET_HEADER; | ||
47952 | q.hdr.len = sizeof(struct hvsi_query); | ||
47953 | - q.hdr.seqno = atomic_inc_return(&pv->seqno); | ||
47954 | + q.hdr.seqno = atomic_inc_return_unchecked(&pv->seqno); | ||
47955 | q.verb = VSV_SEND_MODEM_CTL_STATUS; | ||
47956 | rc = hvsi_send_packet(pv, &q.hdr); | ||
47957 | if (rc <= 0) { | ||
43589 | diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c | 47958 | diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c |
43590 | index 8fd72ff..34a0bed 100644 | 47959 | index 8fd72ff..34a0bed 100644 |
43591 | --- a/drivers/tty/ipwireless/tty.c | 47960 | --- a/drivers/tty/ipwireless/tty.c |
@@ -43798,6 +48167,37 @@ index 354564e..fe50d9a 100644 | |||
43798 | atomic_dec(&rp_num_ports_open); | 48167 | atomic_dec(&rp_num_ports_open); |
43799 | clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); | 48168 | clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); |
43800 | spin_unlock_irqrestore(&info->port.lock, flags); | 48169 | spin_unlock_irqrestore(&info->port.lock, flags); |
48170 | diff --git a/drivers/tty/serial/ioc4_serial.c b/drivers/tty/serial/ioc4_serial.c | ||
48171 | index e2520ab..034e20b 100644 | ||
48172 | --- a/drivers/tty/serial/ioc4_serial.c | ||
48173 | +++ b/drivers/tty/serial/ioc4_serial.c | ||
48174 | @@ -437,7 +437,7 @@ struct ioc4_soft { | ||
48175 | } is_intr_info[MAX_IOC4_INTR_ENTS]; | ||
48176 | |||
48177 | /* Number of entries active in the above array */ | ||
48178 | - atomic_t is_num_intrs; | ||
48179 | + atomic_unchecked_t is_num_intrs; | ||
48180 | } is_intr_type[IOC4_NUM_INTR_TYPES]; | ||
48181 | |||
48182 | /* is_ir_lock must be held while | ||
48183 | @@ -974,7 +974,7 @@ intr_connect(struct ioc4_soft *soft, int type, | ||
48184 | BUG_ON(!((type == IOC4_SIO_INTR_TYPE) | ||
48185 | || (type == IOC4_OTHER_INTR_TYPE))); | ||
48186 | |||
48187 | - i = atomic_inc_return(&soft-> is_intr_type[type].is_num_intrs) - 1; | ||
48188 | + i = atomic_inc_return_unchecked(&soft-> is_intr_type[type].is_num_intrs) - 1; | ||
48189 | BUG_ON(!(i < MAX_IOC4_INTR_ENTS || (printk("i %d\n", i), 0))); | ||
48190 | |||
48191 | /* Save off the lower level interrupt handler */ | ||
48192 | @@ -1001,7 +1001,7 @@ static irqreturn_t ioc4_intr(int irq, void *arg) | ||
48193 | |||
48194 | soft = arg; | ||
48195 | for (intr_type = 0; intr_type < IOC4_NUM_INTR_TYPES; intr_type++) { | ||
48196 | - num_intrs = (int)atomic_read( | ||
48197 | + num_intrs = (int)atomic_read_unchecked( | ||
48198 | &soft->is_intr_type[intr_type].is_num_intrs); | ||
48199 | |||
48200 | this_mir = this_ir = pending_intrs(soft, intr_type); | ||
43801 | diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c | 48201 | diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c |
43802 | index 1002054..dd644a8 100644 | 48202 | index 1002054..dd644a8 100644 |
43803 | --- a/drivers/tty/serial/kgdboc.c | 48203 | --- a/drivers/tty/serial/kgdboc.c |
@@ -43904,6 +48304,28 @@ index 1002054..dd644a8 100644 | |||
43904 | #ifdef CONFIG_KGDB_SERIAL_CONSOLE | 48304 | #ifdef CONFIG_KGDB_SERIAL_CONSOLE |
43905 | /* This is only available if kgdboc is a built in for early debugging */ | 48305 | /* This is only available if kgdboc is a built in for early debugging */ |
43906 | static int __init kgdboc_early_init(char *opt) | 48306 | static int __init kgdboc_early_init(char *opt) |
48307 | diff --git a/drivers/tty/serial/msm_serial.c b/drivers/tty/serial/msm_serial.c | ||
48308 | index b11e997..6d25a3b 100644 | ||
48309 | --- a/drivers/tty/serial/msm_serial.c | ||
48310 | +++ b/drivers/tty/serial/msm_serial.c | ||
48311 | @@ -857,7 +857,7 @@ static struct uart_driver msm_uart_driver = { | ||
48312 | .cons = MSM_CONSOLE, | ||
48313 | }; | ||
48314 | |||
48315 | -static atomic_t msm_uart_next_id = ATOMIC_INIT(0); | ||
48316 | +static atomic_unchecked_t msm_uart_next_id = ATOMIC_INIT(0); | ||
48317 | |||
48318 | static int __init msm_serial_probe(struct platform_device *pdev) | ||
48319 | { | ||
48320 | @@ -867,7 +867,7 @@ static int __init msm_serial_probe(struct platform_device *pdev) | ||
48321 | int irq; | ||
48322 | |||
48323 | if (pdev->id == -1) | ||
48324 | - pdev->id = atomic_inc_return(&msm_uart_next_id) - 1; | ||
48325 | + pdev->id = atomic_inc_return_unchecked(&msm_uart_next_id) - 1; | ||
48326 | |||
48327 | if (unlikely(pdev->id < 0 || pdev->id >= UART_NR)) | ||
48328 | return -ENXIO; | ||
43907 | diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c | 48329 | diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c |
43908 | index 0c8a9fa..234a95f 100644 | 48330 | index 0c8a9fa..234a95f 100644 |
43909 | --- a/drivers/tty/serial/samsung.c | 48331 | --- a/drivers/tty/serial/samsung.c |
@@ -44812,6 +49234,29 @@ index d53547d..6a22d02 100644 | |||
44812 | if (atomic_read(&urb->reject)) | 49234 | if (atomic_read(&urb->reject)) |
44813 | wake_up(&usb_kill_urb_queue); | 49235 | wake_up(&usb_kill_urb_queue); |
44814 | usb_put_urb(urb); | 49236 | usb_put_urb(urb); |
49237 | diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c | ||
49238 | index da2905a..834a569 100644 | ||
49239 | --- a/drivers/usb/core/hub.c | ||
49240 | +++ b/drivers/usb/core/hub.c | ||
49241 | @@ -27,6 +27,7 @@ | ||
49242 | #include <linux/freezer.h> | ||
49243 | #include <linux/random.h> | ||
49244 | #include <linux/pm_qos.h> | ||
49245 | +#include <linux/grsecurity.h> | ||
49246 | |||
49247 | #include <asm/uaccess.h> | ||
49248 | #include <asm/byteorder.h> | ||
49249 | @@ -4424,6 +4425,10 @@ static void hub_port_connect_change(struct usb_hub *hub, int port1, | ||
49250 | goto done; | ||
49251 | return; | ||
49252 | } | ||
49253 | + | ||
49254 | + if (gr_handle_new_usb()) | ||
49255 | + goto done; | ||
49256 | + | ||
49257 | if (hub_is_superspeed(hub->hdev)) | ||
49258 | unit_load = 150; | ||
49259 | else | ||
44815 | diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c | 49260 | diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c |
44816 | index 444d30e..f15c850 100644 | 49261 | index 444d30e..f15c850 100644 |
44817 | --- a/drivers/usb/core/message.c | 49262 | --- a/drivers/usb/core/message.c |
@@ -44851,6 +49296,19 @@ index b10da72..43aa0b2 100644 | |||
44851 | 49296 | ||
44852 | INIT_LIST_HEAD(&dev->ep0.urb_list); | 49297 | INIT_LIST_HEAD(&dev->ep0.urb_list); |
44853 | dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; | 49298 | dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; |
49299 | diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c | ||
49300 | index f77083f..f3e2e34 100644 | ||
49301 | --- a/drivers/usb/dwc3/gadget.c | ||
49302 | +++ b/drivers/usb/dwc3/gadget.c | ||
49303 | @@ -550,8 +550,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep, | ||
49304 | if (!usb_endpoint_xfer_isoc(desc)) | ||
49305 | return 0; | ||
49306 | |||
49307 | - memset(&trb_link, 0, sizeof(trb_link)); | ||
49308 | - | ||
49309 | /* Link TRB for ISOC. The HWO bit is never reset */ | ||
49310 | trb_st_hw = &dep->trb_pool[0]; | ||
49311 | |||
44854 | diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c | 49312 | diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c |
44855 | index 5e29dde..eca992f 100644 | 49313 | index 5e29dde..eca992f 100644 |
44856 | --- a/drivers/usb/early/ehci-dbgp.c | 49314 | --- a/drivers/usb/early/ehci-dbgp.c |
@@ -44977,6 +49435,28 @@ index b369292..9f3ba40 100644 | |||
44977 | gs_buf_free(&port->port_write_buf); | 49435 | gs_buf_free(&port->port_write_buf); |
44978 | gs_free_requests(gser->out, &port->read_pool, NULL); | 49436 | gs_free_requests(gser->out, &port->read_pool, NULL); |
44979 | gs_free_requests(gser->out, &port->read_queue, NULL); | 49437 | gs_free_requests(gser->out, &port->read_queue, NULL); |
49438 | diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c | ||
49439 | index ba6a5d6..f88f7f3 100644 | ||
49440 | --- a/drivers/usb/misc/appledisplay.c | ||
49441 | +++ b/drivers/usb/misc/appledisplay.c | ||
49442 | @@ -83,7 +83,7 @@ struct appledisplay { | ||
49443 | spinlock_t lock; | ||
49444 | }; | ||
49445 | |||
49446 | -static atomic_t count_displays = ATOMIC_INIT(0); | ||
49447 | +static atomic_unchecked_t count_displays = ATOMIC_INIT(0); | ||
49448 | static struct workqueue_struct *wq; | ||
49449 | |||
49450 | static void appledisplay_complete(struct urb *urb) | ||
49451 | @@ -281,7 +281,7 @@ static int appledisplay_probe(struct usb_interface *iface, | ||
49452 | |||
49453 | /* Register backlight device */ | ||
49454 | snprintf(bl_name, sizeof(bl_name), "appledisplay%d", | ||
49455 | - atomic_inc_return(&count_displays) - 1); | ||
49456 | + atomic_inc_return_unchecked(&count_displays) - 1); | ||
49457 | memset(&props, 0, sizeof(struct backlight_properties)); | ||
49458 | props.type = BACKLIGHT_RAW; | ||
49459 | props.max_brightness = 0xff; | ||
44980 | diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c | 49460 | diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c |
44981 | index 5f3bcd3..bfca43f 100644 | 49461 | index 5f3bcd3..bfca43f 100644 |
44982 | --- a/drivers/usb/serial/console.c | 49462 | --- a/drivers/usb/serial/console.c |
@@ -45044,7 +49524,7 @@ index d6bea3e..60b250e 100644 | |||
45044 | 49524 | ||
45045 | /** | 49525 | /** |
45046 | diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c | 49526 | diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c |
45047 | index 6ef94bc..1b41265 100644 | 49527 | index 028fc83..65bb105 100644 |
45048 | --- a/drivers/usb/wusbcore/wa-xfer.c | 49528 | --- a/drivers/usb/wusbcore/wa-xfer.c |
45049 | +++ b/drivers/usb/wusbcore/wa-xfer.c | 49529 | +++ b/drivers/usb/wusbcore/wa-xfer.c |
45050 | @@ -296,7 +296,7 @@ out: | 49530 | @@ -296,7 +296,7 @@ out: |
@@ -45056,6 +49536,28 @@ index 6ef94bc..1b41265 100644 | |||
45056 | } | 49536 | } |
45057 | 49537 | ||
45058 | /* | 49538 | /* |
49539 | diff --git a/drivers/vfio/vfio.c b/drivers/vfio/vfio.c | ||
49540 | index 6d78736..65be90e 100644 | ||
49541 | --- a/drivers/vfio/vfio.c | ||
49542 | +++ b/drivers/vfio/vfio.c | ||
49543 | @@ -486,7 +486,7 @@ static int vfio_group_nb_add_dev(struct vfio_group *group, struct device *dev) | ||
49544 | return 0; | ||
49545 | |||
49546 | /* TODO Prevent device auto probing */ | ||
49547 | - WARN("Device %s added to live group %d!\n", dev_name(dev), | ||
49548 | + WARN(1, "Device %s added to live group %d!\n", dev_name(dev), | ||
49549 | iommu_group_id(group->iommu_group)); | ||
49550 | |||
49551 | return 0; | ||
49552 | @@ -506,7 +506,7 @@ static int vfio_group_nb_del_dev(struct vfio_group *group, struct device *dev) | ||
49553 | if (likely(!device)) | ||
49554 | return 0; | ||
49555 | |||
49556 | - WARN("Device %s removed from live group %d!\n", dev_name(dev), | ||
49557 | + WARN(1, "Device %s removed from live group %d!\n", dev_name(dev), | ||
49558 | iommu_group_id(group->iommu_group)); | ||
49559 | |||
49560 | vfio_device_put(device); | ||
45059 | diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c | 49561 | diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c |
45060 | index 5174eba..86e764a 100644 | 49562 | index 5174eba..86e764a 100644 |
45061 | --- a/drivers/vhost/vringh.c | 49563 | --- a/drivers/vhost/vringh.c |
@@ -45234,6 +49736,28 @@ index 098bfc6..796841d 100644 | |||
45234 | return -EINVAL; | 49736 | return -EINVAL; |
45235 | if (!registered_fb[con2fb.framebuffer]) | 49737 | if (!registered_fb[con2fb.framebuffer]) |
45236 | request_module("fb%d", con2fb.framebuffer); | 49738 | request_module("fb%d", con2fb.framebuffer); |
49739 | diff --git a/drivers/video/hyperv_fb.c b/drivers/video/hyperv_fb.c | ||
49740 | index d4d2c5f..ebbd113 100644 | ||
49741 | --- a/drivers/video/hyperv_fb.c | ||
49742 | +++ b/drivers/video/hyperv_fb.c | ||
49743 | @@ -233,7 +233,7 @@ static uint screen_fb_size; | ||
49744 | static inline int synthvid_send(struct hv_device *hdev, | ||
49745 | struct synthvid_msg *msg) | ||
49746 | { | ||
49747 | - static atomic64_t request_id = ATOMIC64_INIT(0); | ||
49748 | + static atomic64_unchecked_t request_id = ATOMIC64_INIT(0); | ||
49749 | int ret; | ||
49750 | |||
49751 | msg->pipe_hdr.type = PIPE_MSG_DATA; | ||
49752 | @@ -241,7 +241,7 @@ static inline int synthvid_send(struct hv_device *hdev, | ||
49753 | |||
49754 | ret = vmbus_sendpacket(hdev->channel, msg, | ||
49755 | msg->vid_hdr.size + sizeof(struct pipe_msg_hdr), | ||
49756 | - atomic64_inc_return(&request_id), | ||
49757 | + atomic64_inc_return_unchecked(&request_id), | ||
49758 | VM_PKT_DATA_INBAND, 0); | ||
49759 | |||
49760 | if (ret) | ||
45237 | diff --git a/drivers/video/i810/i810_accel.c b/drivers/video/i810/i810_accel.c | 49761 | diff --git a/drivers/video/i810/i810_accel.c b/drivers/video/i810/i810_accel.c |
45238 | index 7672d2e..b56437f 100644 | 49762 | index 7672d2e..b56437f 100644 |
45239 | --- a/drivers/video/i810/i810_accel.c | 49763 | --- a/drivers/video/i810/i810_accel.c |
@@ -48501,6 +53025,28 @@ index 370b24c..ff0be7b 100644 | |||
48501 | ---help--- | 53025 | ---help--- |
48502 | A.out (Assembler.OUTput) is a set of formats for libraries and | 53026 | A.out (Assembler.OUTput) is a set of formats for libraries and |
48503 | executables used in the earliest versions of UNIX. Linux used | 53027 | executables used in the earliest versions of UNIX. Linux used |
53028 | diff --git a/fs/afs/inode.c b/fs/afs/inode.c | ||
53029 | index 789bc25..fafaeea 100644 | ||
53030 | --- a/fs/afs/inode.c | ||
53031 | +++ b/fs/afs/inode.c | ||
53032 | @@ -141,7 +141,7 @@ struct inode *afs_iget_autocell(struct inode *dir, const char *dev_name, | ||
53033 | struct afs_vnode *vnode; | ||
53034 | struct super_block *sb; | ||
53035 | struct inode *inode; | ||
53036 | - static atomic_t afs_autocell_ino; | ||
53037 | + static atomic_unchecked_t afs_autocell_ino; | ||
53038 | |||
53039 | _enter("{%x:%u},%*.*s,", | ||
53040 | AFS_FS_I(dir)->fid.vid, AFS_FS_I(dir)->fid.vnode, | ||
53041 | @@ -154,7 +154,7 @@ struct inode *afs_iget_autocell(struct inode *dir, const char *dev_name, | ||
53042 | data.fid.unique = 0; | ||
53043 | data.fid.vnode = 0; | ||
53044 | |||
53045 | - inode = iget5_locked(sb, atomic_inc_return(&afs_autocell_ino), | ||
53046 | + inode = iget5_locked(sb, atomic_inc_return_unchecked(&afs_autocell_ino), | ||
53047 | afs_iget5_autocell_test, afs_iget5_set, | ||
53048 | &data); | ||
53049 | if (!inode) { | ||
48504 | diff --git a/fs/aio.c b/fs/aio.c | 53050 | diff --git a/fs/aio.c b/fs/aio.c |
48505 | index 2bbcacf..8614116 100644 | 53051 | index 2bbcacf..8614116 100644 |
48506 | --- a/fs/aio.c | 53052 | --- a/fs/aio.c |
@@ -49711,10 +54257,10 @@ index d50bbe5..af3b649 100644 | |||
49711 | goto err; | 54257 | goto err; |
49712 | } | 54258 | } |
49713 | diff --git a/fs/bio.c b/fs/bio.c | 54259 | diff --git a/fs/bio.c b/fs/bio.c |
49714 | index 94bbc04..6fe78a4 100644 | 54260 | index c5eae72..599e3cf 100644 |
49715 | --- a/fs/bio.c | 54261 | --- a/fs/bio.c |
49716 | +++ b/fs/bio.c | 54262 | +++ b/fs/bio.c |
49717 | @@ -1096,7 +1096,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, | 54263 | @@ -1106,7 +1106,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
49718 | /* | 54264 | /* |
49719 | * Overflow, abort | 54265 | * Overflow, abort |
49720 | */ | 54266 | */ |
@@ -49723,7 +54269,7 @@ index 94bbc04..6fe78a4 100644 | |||
49723 | return ERR_PTR(-EINVAL); | 54269 | return ERR_PTR(-EINVAL); |
49724 | 54270 | ||
49725 | nr_pages += end - start; | 54271 | nr_pages += end - start; |
49726 | @@ -1230,7 +1230,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, | 54272 | @@ -1240,7 +1240,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, |
49727 | /* | 54273 | /* |
49728 | * Overflow, abort | 54274 | * Overflow, abort |
49729 | */ | 54275 | */ |
@@ -49732,7 +54278,7 @@ index 94bbc04..6fe78a4 100644 | |||
49732 | return ERR_PTR(-EINVAL); | 54278 | return ERR_PTR(-EINVAL); |
49733 | 54279 | ||
49734 | nr_pages += end - start; | 54280 | nr_pages += end - start; |
49735 | @@ -1492,7 +1492,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) | 54281 | @@ -1502,7 +1502,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) |
49736 | const int read = bio_data_dir(bio) == READ; | 54282 | const int read = bio_data_dir(bio) == READ; |
49737 | struct bio_map_data *bmd = bio->bi_private; | 54283 | struct bio_map_data *bmd = bio->bi_private; |
49738 | int i; | 54284 | int i; |
@@ -49774,6 +54320,59 @@ index 7fb054b..ad36c67 100644 | |||
49774 | parent_start = 0; | 54320 | parent_start = 0; |
49775 | 54321 | ||
49776 | WARN_ON(trans->transid != btrfs_header_generation(parent)); | 54322 | WARN_ON(trans->transid != btrfs_header_generation(parent)); |
54323 | diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c | ||
54324 | index f26f38c..3d0f149 100644 | ||
54325 | --- a/fs/btrfs/delayed-inode.c | ||
54326 | +++ b/fs/btrfs/delayed-inode.c | ||
54327 | @@ -458,7 +458,7 @@ static int __btrfs_add_delayed_deletion_item(struct btrfs_delayed_node *node, | ||
54328 | |||
54329 | static void finish_one_item(struct btrfs_delayed_root *delayed_root) | ||
54330 | { | ||
54331 | - int seq = atomic_inc_return(&delayed_root->items_seq); | ||
54332 | + int seq = atomic_inc_return_unchecked(&delayed_root->items_seq); | ||
54333 | if ((atomic_dec_return(&delayed_root->items) < | ||
54334 | BTRFS_DELAYED_BACKGROUND || seq % BTRFS_DELAYED_BATCH == 0) && | ||
54335 | waitqueue_active(&delayed_root->wait)) | ||
54336 | @@ -1391,7 +1391,7 @@ void btrfs_assert_delayed_root_empty(struct btrfs_root *root) | ||
54337 | static int refs_newer(struct btrfs_delayed_root *delayed_root, | ||
54338 | int seq, int count) | ||
54339 | { | ||
54340 | - int val = atomic_read(&delayed_root->items_seq); | ||
54341 | + int val = atomic_read_unchecked(&delayed_root->items_seq); | ||
54342 | |||
54343 | if (val < seq || val >= seq + count) | ||
54344 | return 1; | ||
54345 | @@ -1408,7 +1408,7 @@ void btrfs_balance_delayed_items(struct btrfs_root *root) | ||
54346 | if (atomic_read(&delayed_root->items) < BTRFS_DELAYED_BACKGROUND) | ||
54347 | return; | ||
54348 | |||
54349 | - seq = atomic_read(&delayed_root->items_seq); | ||
54350 | + seq = atomic_read_unchecked(&delayed_root->items_seq); | ||
54351 | |||
54352 | if (atomic_read(&delayed_root->items) >= BTRFS_DELAYED_WRITEBACK) { | ||
54353 | int ret; | ||
54354 | diff --git a/fs/btrfs/delayed-inode.h b/fs/btrfs/delayed-inode.h | ||
54355 | index 1d5c5f7..0ba0afc 100644 | ||
54356 | --- a/fs/btrfs/delayed-inode.h | ||
54357 | +++ b/fs/btrfs/delayed-inode.h | ||
54358 | @@ -43,7 +43,7 @@ struct btrfs_delayed_root { | ||
54359 | */ | ||
54360 | struct list_head prepare_list; | ||
54361 | atomic_t items; /* for delayed items */ | ||
54362 | - atomic_t items_seq; /* for delayed items */ | ||
54363 | + atomic_unchecked_t items_seq; /* for delayed items */ | ||
54364 | int nodes; /* for delayed nodes */ | ||
54365 | wait_queue_head_t wait; | ||
54366 | }; | ||
54367 | @@ -87,7 +87,7 @@ static inline void btrfs_init_delayed_root( | ||
54368 | struct btrfs_delayed_root *delayed_root) | ||
54369 | { | ||
54370 | atomic_set(&delayed_root->items, 0); | ||
54371 | - atomic_set(&delayed_root->items_seq, 0); | ||
54372 | + atomic_set_unchecked(&delayed_root->items_seq, 0); | ||
54373 | delayed_root->nodes = 0; | ||
54374 | spin_lock_init(&delayed_root->lock); | ||
54375 | init_waitqueue_head(&delayed_root->wait); | ||
49777 | diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c | 54376 | diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c |
49778 | index 0f81d67..0ad55fe 100644 | 54377 | index 0f81d67..0ad55fe 100644 |
49779 | --- a/fs/btrfs/ioctl.c | 54378 | --- a/fs/btrfs/ioctl.c |
@@ -49995,6 +54594,28 @@ index f02d82b..2632cf86 100644 | |||
49995 | int err; | 54594 | int err; |
49996 | u32 ftype; | 54595 | u32 ftype; |
49997 | struct ceph_mds_reply_info_parsed *rinfo; | 54596 | struct ceph_mds_reply_info_parsed *rinfo; |
54597 | diff --git a/fs/ceph/super.c b/fs/ceph/super.c | ||
54598 | index 7d377c9..3fb6559 100644 | ||
54599 | --- a/fs/ceph/super.c | ||
54600 | +++ b/fs/ceph/super.c | ||
54601 | @@ -839,7 +839,7 @@ static int ceph_compare_super(struct super_block *sb, void *data) | ||
54602 | /* | ||
54603 | * construct our own bdi so we can control readahead, etc. | ||
54604 | */ | ||
54605 | -static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); | ||
54606 | +static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); | ||
54607 | |||
54608 | static int ceph_register_bdi(struct super_block *sb, | ||
54609 | struct ceph_fs_client *fsc) | ||
54610 | @@ -856,7 +856,7 @@ static int ceph_register_bdi(struct super_block *sb, | ||
54611 | default_backing_dev_info.ra_pages; | ||
54612 | |||
54613 | err = bdi_register(&fsc->backing_dev_info, NULL, "ceph-%ld", | ||
54614 | - atomic_long_inc_return(&bdi_seq)); | ||
54615 | + atomic_long_inc_return_unchecked(&bdi_seq)); | ||
54616 | if (!err) | ||
54617 | sb->s_bdi = &fsc->backing_dev_info; | ||
54618 | return err; | ||
49998 | diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c | 54619 | diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c |
49999 | index d597483..747901b 100644 | 54620 | index d597483..747901b 100644 |
50000 | --- a/fs/cifs/cifs_debug.c | 54621 | --- a/fs/cifs/cifs_debug.c |
@@ -50073,10 +54694,10 @@ index 3752b9f..8db5569 100644 | |||
50073 | 54694 | ||
50074 | atomic_set(&midCount, 0); | 54695 | atomic_set(&midCount, 0); |
50075 | diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h | 54696 | diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h |
50076 | index 4f07f6f..55de8ce 100644 | 54697 | index ea3a0b3..0194e39 100644 |
50077 | --- a/fs/cifs/cifsglob.h | 54698 | --- a/fs/cifs/cifsglob.h |
50078 | +++ b/fs/cifs/cifsglob.h | 54699 | +++ b/fs/cifs/cifsglob.h |
50079 | @@ -751,35 +751,35 @@ struct cifs_tcon { | 54700 | @@ -752,35 +752,35 @@ struct cifs_tcon { |
50080 | __u16 Flags; /* optional support bits */ | 54701 | __u16 Flags; /* optional support bits */ |
50081 | enum statusEnum tidStatus; | 54702 | enum statusEnum tidStatus; |
50082 | #ifdef CONFIG_CIFS_STATS | 54703 | #ifdef CONFIG_CIFS_STATS |
@@ -50136,7 +54757,7 @@ index 4f07f6f..55de8ce 100644 | |||
50136 | } smb2_stats; | 54757 | } smb2_stats; |
50137 | #endif /* CONFIG_CIFS_SMB2 */ | 54758 | #endif /* CONFIG_CIFS_SMB2 */ |
50138 | } stats; | 54759 | } stats; |
50139 | @@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim) | 54760 | @@ -1081,7 +1081,7 @@ convert_delimiter(char *path, char delim) |
50140 | } | 54761 | } |
50141 | 54762 | ||
50142 | #ifdef CONFIG_CIFS_STATS | 54763 | #ifdef CONFIG_CIFS_STATS |
@@ -50145,7 +54766,7 @@ index 4f07f6f..55de8ce 100644 | |||
50145 | 54766 | ||
50146 | static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, | 54767 | static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, |
50147 | unsigned int bytes) | 54768 | unsigned int bytes) |
50148 | @@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; | 54769 | @@ -1446,8 +1446,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; |
50149 | /* Various Debug counters */ | 54770 | /* Various Debug counters */ |
50150 | GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ | 54771 | GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ |
50151 | #ifdef CONFIG_CIFS_STATS2 | 54772 | #ifdef CONFIG_CIFS_STATS2 |
@@ -50833,7 +55454,7 @@ index f09b908..04b9690 100644 | |||
50833 | dcache_init(); | 55454 | dcache_init(); |
50834 | inode_init(); | 55455 | inode_init(); |
50835 | diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c | 55456 | diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c |
50836 | index 4888cb3..e0f7cf8 100644 | 55457 | index c7c83ff..bda9461 100644 |
50837 | --- a/fs/debugfs/inode.c | 55458 | --- a/fs/debugfs/inode.c |
50838 | +++ b/fs/debugfs/inode.c | 55459 | +++ b/fs/debugfs/inode.c |
50839 | @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); | 55460 | @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); |
@@ -50884,7 +55505,7 @@ index e4141f2..d8263e8 100644 | |||
50884 | i += packet_length_size; | 55505 | i += packet_length_size; |
50885 | if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) | 55506 | if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
50886 | diff --git a/fs/exec.c b/fs/exec.c | 55507 | diff --git a/fs/exec.c b/fs/exec.c |
50887 | index ffd7a81..d95acf6 100644 | 55508 | index 1f44670..3c84660 100644 |
50888 | --- a/fs/exec.c | 55509 | --- a/fs/exec.c |
50889 | +++ b/fs/exec.c | 55510 | +++ b/fs/exec.c |
50890 | @@ -55,8 +55,20 @@ | 55511 | @@ -55,8 +55,20 @@ |
@@ -51366,7 +55987,7 @@ index ffd7a81..d95acf6 100644 | |||
51366 | out: | 55987 | out: |
51367 | if (bprm->mm) { | 55988 | if (bprm->mm) { |
51368 | acct_arg_size(bprm, 0); | 55989 | acct_arg_size(bprm, 0); |
51369 | @@ -1701,3 +1875,285 @@ asmlinkage long compat_sys_execve(const char __user * filename, | 55990 | @@ -1701,3 +1875,287 @@ asmlinkage long compat_sys_execve(const char __user * filename, |
51370 | return error; | 55991 | return error; |
51371 | } | 55992 | } |
51372 | #endif | 55993 | #endif |
@@ -51475,7 +56096,7 @@ index ffd7a81..d95acf6 100644 | |||
51475 | + offset = vma_fault->vm_pgoff << PAGE_SHIFT; | 56096 | + offset = vma_fault->vm_pgoff << PAGE_SHIFT; |
51476 | + if (vma_fault->vm_file) | 56097 | + if (vma_fault->vm_file) |
51477 | + path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); | 56098 | + path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE); |
51478 | + else if (pc >= mm->start_brk && pc < mm->brk) | 56099 | + else if ((unsigned long)pc >= mm->start_brk && (unsigned long)pc < mm->brk) |
51479 | + path_fault = "<heap>"; | 56100 | + path_fault = "<heap>"; |
51480 | + else if (vma_fault->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) | 56101 | + else if (vma_fault->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) |
51481 | + path_fault = "<stack>"; | 56102 | + path_fault = "<stack>"; |
@@ -51513,7 +56134,9 @@ index ffd7a81..d95acf6 100644 | |||
51513 | + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), | 56134 | + printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), |
51514 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); | 56135 | + from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid())); |
51515 | + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); | 56136 | + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); |
56137 | + preempt_disable(); | ||
51516 | + show_regs(regs); | 56138 | + show_regs(regs); |
56139 | + preempt_enable(); | ||
51517 | + force_sig_info(SIGKILL, SEND_SIG_FORCED, current); | 56140 | + force_sig_info(SIGKILL, SEND_SIG_FORCED, current); |
51518 | +} | 56141 | +} |
51519 | +#endif | 56142 | +#endif |
@@ -51905,7 +56528,7 @@ index 49d3c01..9579efd 100644 | |||
51905 | else if (input->reserved_blocks > input->blocks_count / 5) | 56528 | else if (input->reserved_blocks > input->blocks_count / 5) |
51906 | ext4_warning(sb, "Reserved blocks too high (%u)", | 56529 | ext4_warning(sb, "Reserved blocks too high (%u)", |
51907 | diff --git a/fs/ext4/super.c b/fs/ext4/super.c | 56530 | diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
51908 | index 6681c03..d88cd33 100644 | 56531 | index 3f7c39e..227f24f 100644 |
51909 | --- a/fs/ext4/super.c | 56532 | --- a/fs/ext4/super.c |
51910 | +++ b/fs/ext4/super.c | 56533 | +++ b/fs/ext4/super.c |
51911 | @@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data) | 56534 | @@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data) |
@@ -52096,9 +56719,18 @@ index d8ac61d..79a36f0 100644 | |||
52096 | .seq = SEQCNT_ZERO, | 56719 | .seq = SEQCNT_ZERO, |
52097 | .umask = 0022, | 56720 | .umask = 0022, |
52098 | diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c | 56721 | diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c |
52099 | index e2cba1f..17a25bb 100644 | 56722 | index e2cba1f..20319c5 100644 |
52100 | --- a/fs/fscache/cookie.c | 56723 | --- a/fs/fscache/cookie.c |
52101 | +++ b/fs/fscache/cookie.c | 56724 | +++ b/fs/fscache/cookie.c |
56725 | @@ -19,7 +19,7 @@ | ||
56726 | |||
56727 | struct kmem_cache *fscache_cookie_jar; | ||
56728 | |||
56729 | -static atomic_t fscache_object_debug_id = ATOMIC_INIT(0); | ||
56730 | +static atomic_unchecked_t fscache_object_debug_id = ATOMIC_INIT(0); | ||
56731 | |||
56732 | static int fscache_acquire_non_index_cookie(struct fscache_cookie *cookie); | ||
56733 | static int fscache_alloc_object(struct fscache_cache *cache, | ||
52102 | @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie( | 56734 | @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie( |
52103 | parent ? (char *) parent->def->name : "<no-parent>", | 56735 | parent ? (char *) parent->def->name : "<no-parent>", |
52104 | def->name, netfs_data); | 56736 | def->name, netfs_data); |
@@ -52164,7 +56796,7 @@ index e2cba1f..17a25bb 100644 | |||
52164 | _leave(" = -ENOMEDIUM [no cache]"); | 56796 | _leave(" = -ENOMEDIUM [no cache]"); |
52165 | return -ENOMEDIUM; | 56797 | return -ENOMEDIUM; |
52166 | } | 56798 | } |
52167 | @@ -255,12 +255,12 @@ static int fscache_alloc_object(struct fscache_cache *cache, | 56799 | @@ -255,14 +255,14 @@ static int fscache_alloc_object(struct fscache_cache *cache, |
52168 | object = cache->ops->alloc_object(cache, cookie); | 56800 | object = cache->ops->alloc_object(cache, cookie); |
52169 | fscache_stat_d(&fscache_n_cop_alloc_object); | 56801 | fscache_stat_d(&fscache_n_cop_alloc_object); |
52170 | if (IS_ERR(object)) { | 56802 | if (IS_ERR(object)) { |
@@ -52177,8 +56809,11 @@ index e2cba1f..17a25bb 100644 | |||
52177 | - fscache_stat(&fscache_n_object_alloc); | 56809 | - fscache_stat(&fscache_n_object_alloc); |
52178 | + fscache_stat_unchecked(&fscache_n_object_alloc); | 56810 | + fscache_stat_unchecked(&fscache_n_object_alloc); |
52179 | 56811 | ||
52180 | object->debug_id = atomic_inc_return(&fscache_object_debug_id); | 56812 | - object->debug_id = atomic_inc_return(&fscache_object_debug_id); |
56813 | + object->debug_id = atomic_inc_return_unchecked(&fscache_object_debug_id); | ||
52181 | 56814 | ||
56815 | _debug("ALLOC OBJ%x: %s {%lx}", | ||
56816 | object->debug_id, cookie->def->name, object->events); | ||
52182 | @@ -376,7 +376,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) | 56817 | @@ -376,7 +376,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) |
52183 | 56818 | ||
52184 | _enter("{%s}", cookie->def->name); | 56819 | _enter("{%s}", cookie->def->name); |
@@ -53671,7 +58306,7 @@ index 916da8c..1588998 100644 | |||
53671 | next->d_inode->i_ino, | 58306 | next->d_inode->i_ino, |
53672 | dt_type(next->d_inode)) < 0) | 58307 | dt_type(next->d_inode)) < 0) |
53673 | diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c | 58308 | diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c |
53674 | index 9760ecb..9b838ef 100644 | 58309 | index acd3947..1f896e2 100644 |
53675 | --- a/fs/lockd/clntproc.c | 58310 | --- a/fs/lockd/clntproc.c |
53676 | +++ b/fs/lockd/clntproc.c | 58311 | +++ b/fs/lockd/clntproc.c |
53677 | @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; | 58312 | @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; |
@@ -54301,7 +58936,7 @@ index 9ed9361..2b72db1 100644 | |||
54301 | out: | 58936 | out: |
54302 | return len; | 58937 | return len; |
54303 | diff --git a/fs/namespace.c b/fs/namespace.c | 58938 | diff --git a/fs/namespace.c b/fs/namespace.c |
54304 | index 7b1ca9b..6faeccf 100644 | 58939 | index a45ba4f..44cfe66 100644 |
54305 | --- a/fs/namespace.c | 58940 | --- a/fs/namespace.c |
54306 | +++ b/fs/namespace.c | 58941 | +++ b/fs/namespace.c |
54307 | @@ -1265,6 +1265,9 @@ static int do_umount(struct mount *mnt, int flags) | 58942 | @@ -1265,6 +1265,9 @@ static int do_umount(struct mount *mnt, int flags) |
@@ -54369,6 +59004,24 @@ index 7b1ca9b..6faeccf 100644 | |||
54369 | return retval; | 59004 | return retval; |
54370 | } | 59005 | } |
54371 | 59006 | ||
59007 | @@ -2344,7 +2363,7 @@ static void free_mnt_ns(struct mnt_namespace *ns) | ||
59008 | * number incrementing at 10Ghz will take 12,427 years to wrap which | ||
59009 | * is effectively never, so we can ignore the possibility. | ||
59010 | */ | ||
59011 | -static atomic64_t mnt_ns_seq = ATOMIC64_INIT(1); | ||
59012 | +static atomic64_unchecked_t mnt_ns_seq = ATOMIC64_INIT(1); | ||
59013 | |||
59014 | static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) | ||
59015 | { | ||
59016 | @@ -2359,7 +2378,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) | ||
59017 | kfree(new_ns); | ||
59018 | return ERR_PTR(ret); | ||
59019 | } | ||
59020 | - new_ns->seq = atomic64_add_return(1, &mnt_ns_seq); | ||
59021 | + new_ns->seq = atomic64_inc_return_unchecked(&mnt_ns_seq); | ||
59022 | atomic_set(&new_ns->count, 1); | ||
59023 | new_ns->root = NULL; | ||
59024 | INIT_LIST_HEAD(&new_ns->list); | ||
54372 | @@ -2500,8 +2519,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) | 59025 | @@ -2500,8 +2519,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) |
54373 | } | 59026 | } |
54374 | EXPORT_SYMBOL(mount_subtree); | 59027 | EXPORT_SYMBOL(mount_subtree); |
@@ -54659,18 +59312,10 @@ index e7bc1d7..06bd4bb 100644 | |||
54659 | } | 59312 | } |
54660 | 59313 | ||
54661 | diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c | 59314 | diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c |
54662 | index 6c80083..a1e6299 100644 | 59315 | index 77cc85d..a1e6299 100644 |
54663 | --- a/fs/notify/fanotify/fanotify_user.c | 59316 | --- a/fs/notify/fanotify/fanotify_user.c |
54664 | +++ b/fs/notify/fanotify/fanotify_user.c | 59317 | +++ b/fs/notify/fanotify/fanotify_user.c |
54665 | @@ -122,6 +122,7 @@ static int fill_event_metadata(struct fsnotify_group *group, | 59318 | @@ -253,8 +253,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, |
54666 | metadata->event_len = FAN_EVENT_METADATA_LEN; | ||
54667 | metadata->metadata_len = FAN_EVENT_METADATA_LEN; | ||
54668 | metadata->vers = FANOTIFY_METADATA_VERSION; | ||
54669 | + metadata->reserved = 0; | ||
54670 | metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS; | ||
54671 | metadata->pid = pid_vnr(event->tgid); | ||
54672 | if (unlikely(event->mask & FAN_Q_OVERFLOW)) | ||
54673 | @@ -252,8 +253,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, | ||
54674 | 59319 | ||
54675 | fd = fanotify_event_metadata.fd; | 59320 | fd = fanotify_event_metadata.fd; |
54676 | ret = -EFAULT; | 59321 | ret = -EFAULT; |
@@ -54717,9 +59362,18 @@ index aa411c3..c260a84 100644 | |||
54717 | "inode 0x%lx or driver bug.", vdir->i_ino); | 59362 | "inode 0x%lx or driver bug.", vdir->i_ino); |
54718 | goto err_out; | 59363 | goto err_out; |
54719 | diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c | 59364 | diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c |
54720 | index c5670b8..01a3656 100644 | 59365 | index c5670b8..2b43d9b 100644 |
54721 | --- a/fs/ntfs/file.c | 59366 | --- a/fs/ntfs/file.c |
54722 | +++ b/fs/ntfs/file.c | 59367 | +++ b/fs/ntfs/file.c |
59368 | @@ -1282,7 +1282,7 @@ static inline size_t ntfs_copy_from_user(struct page **pages, | ||
59369 | char *addr; | ||
59370 | size_t total = 0; | ||
59371 | unsigned len; | ||
59372 | - int left; | ||
59373 | + unsigned left; | ||
59374 | |||
59375 | do { | ||
59376 | len = PAGE_CACHE_SIZE - ofs; | ||
54723 | @@ -2241,6 +2241,6 @@ const struct inode_operations ntfs_file_inode_ops = { | 59377 | @@ -2241,6 +2241,6 @@ const struct inode_operations ntfs_file_inode_ops = { |
54724 | #endif /* NTFS_RW */ | 59378 | #endif /* NTFS_RW */ |
54725 | }; | 59379 | }; |
@@ -54729,6 +59383,81 @@ index c5670b8..01a3656 100644 | |||
54729 | 59383 | ||
54730 | -const struct inode_operations ntfs_empty_inode_ops = {}; | 59384 | -const struct inode_operations ntfs_empty_inode_ops = {}; |
54731 | +const struct inode_operations ntfs_empty_inode_ops __read_only; | 59385 | +const struct inode_operations ntfs_empty_inode_ops __read_only; |
59386 | diff --git a/fs/ntfs/super.c b/fs/ntfs/super.c | ||
59387 | index 82650d5..db37dcf 100644 | ||
59388 | --- a/fs/ntfs/super.c | ||
59389 | +++ b/fs/ntfs/super.c | ||
59390 | @@ -685,7 +685,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb, | ||
59391 | if (!silent) | ||
59392 | ntfs_error(sb, "Primary boot sector is invalid."); | ||
59393 | } else if (!silent) | ||
59394 | - ntfs_error(sb, read_err_str, "primary"); | ||
59395 | + ntfs_error(sb, read_err_str, "%s", "primary"); | ||
59396 | if (!(NTFS_SB(sb)->on_errors & ON_ERRORS_RECOVER)) { | ||
59397 | if (bh_primary) | ||
59398 | brelse(bh_primary); | ||
59399 | @@ -701,7 +701,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb, | ||
59400 | goto hotfix_primary_boot_sector; | ||
59401 | brelse(bh_backup); | ||
59402 | } else if (!silent) | ||
59403 | - ntfs_error(sb, read_err_str, "backup"); | ||
59404 | + ntfs_error(sb, read_err_str, "%s", "backup"); | ||
59405 | /* Try to read NT3.51- backup boot sector. */ | ||
59406 | if ((bh_backup = sb_bread(sb, nr_blocks >> 1))) { | ||
59407 | if (is_boot_sector_ntfs(sb, (NTFS_BOOT_SECTOR*) | ||
59408 | @@ -712,7 +712,7 @@ static struct buffer_head *read_ntfs_boot_sector(struct super_block *sb, | ||
59409 | "sector."); | ||
59410 | brelse(bh_backup); | ||
59411 | } else if (!silent) | ||
59412 | - ntfs_error(sb, read_err_str, "backup"); | ||
59413 | + ntfs_error(sb, read_err_str, "%s", "backup"); | ||
59414 | /* We failed. Cleanup and return. */ | ||
59415 | if (bh_primary) | ||
59416 | brelse(bh_primary); | ||
59417 | diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c | ||
59418 | index 20dfec7..e238cb7 100644 | ||
59419 | --- a/fs/ocfs2/aops.c | ||
59420 | +++ b/fs/ocfs2/aops.c | ||
59421 | @@ -1756,7 +1756,7 @@ try_again: | ||
59422 | goto out; | ||
59423 | } else if (ret == 1) { | ||
59424 | clusters_need = wc->w_clen; | ||
59425 | - ret = ocfs2_refcount_cow(inode, filp, di_bh, | ||
59426 | + ret = ocfs2_refcount_cow(inode, di_bh, | ||
59427 | wc->w_cpos, wc->w_clen, UINT_MAX); | ||
59428 | if (ret) { | ||
59429 | mlog_errno(ret); | ||
59430 | diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c | ||
59431 | index ff54014..ff125fd 100644 | ||
59432 | --- a/fs/ocfs2/file.c | ||
59433 | +++ b/fs/ocfs2/file.c | ||
59434 | @@ -370,7 +370,7 @@ static int ocfs2_cow_file_pos(struct inode *inode, | ||
59435 | if (!(ext_flags & OCFS2_EXT_REFCOUNTED)) | ||
59436 | goto out; | ||
59437 | |||
59438 | - return ocfs2_refcount_cow(inode, NULL, fe_bh, cpos, 1, cpos+1); | ||
59439 | + return ocfs2_refcount_cow(inode, fe_bh, cpos, 1, cpos+1); | ||
59440 | |||
59441 | out: | ||
59442 | return status; | ||
59443 | @@ -899,7 +899,7 @@ static int ocfs2_zero_extend_get_range(struct inode *inode, | ||
59444 | zero_clusters = last_cpos - zero_cpos; | ||
59445 | |||
59446 | if (needs_cow) { | ||
59447 | - rc = ocfs2_refcount_cow(inode, NULL, di_bh, zero_cpos, | ||
59448 | + rc = ocfs2_refcount_cow(inode, di_bh, zero_cpos, | ||
59449 | zero_clusters, UINT_MAX); | ||
59450 | if (rc) { | ||
59451 | mlog_errno(rc); | ||
59452 | @@ -2078,7 +2078,7 @@ static int ocfs2_prepare_inode_for_refcount(struct inode *inode, | ||
59453 | |||
59454 | *meta_level = 1; | ||
59455 | |||
59456 | - ret = ocfs2_refcount_cow(inode, file, di_bh, cpos, clusters, UINT_MAX); | ||
59457 | + ret = ocfs2_refcount_cow(inode, di_bh, cpos, clusters, UINT_MAX); | ||
59458 | if (ret) | ||
59459 | mlog_errno(ret); | ||
59460 | out: | ||
54732 | diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c | 59461 | diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c |
54733 | index aebeacd..0dcdd26 100644 | 59462 | index aebeacd..0dcdd26 100644 |
54734 | --- a/fs/ocfs2/localalloc.c | 59463 | --- a/fs/ocfs2/localalloc.c |
@@ -54742,6 +59471,19 @@ index aebeacd..0dcdd26 100644 | |||
54742 | 59471 | ||
54743 | bail: | 59472 | bail: |
54744 | if (handle) | 59473 | if (handle) |
59474 | diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c | ||
59475 | index f1fc172..452068b 100644 | ||
59476 | --- a/fs/ocfs2/move_extents.c | ||
59477 | +++ b/fs/ocfs2/move_extents.c | ||
59478 | @@ -69,7 +69,7 @@ static int __ocfs2_move_extent(handle_t *handle, | ||
59479 | u64 ino = ocfs2_metadata_cache_owner(context->et.et_ci); | ||
59480 | u64 old_blkno = ocfs2_clusters_to_blocks(inode->i_sb, p_cpos); | ||
59481 | |||
59482 | - ret = ocfs2_duplicate_clusters_by_page(handle, context->file, cpos, | ||
59483 | + ret = ocfs2_duplicate_clusters_by_page(handle, inode, cpos, | ||
59484 | p_cpos, new_p_cpos, len); | ||
59485 | if (ret) { | ||
59486 | mlog_errno(ret); | ||
54745 | diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h | 59487 | diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h |
54746 | index d355e6e..578d905 100644 | 59488 | index d355e6e..578d905 100644 |
54747 | --- a/fs/ocfs2/ocfs2.h | 59489 | --- a/fs/ocfs2/ocfs2.h |
@@ -54763,6 +59505,188 @@ index d355e6e..578d905 100644 | |||
54763 | }; | 59505 | }; |
54764 | 59506 | ||
54765 | enum ocfs2_local_alloc_state | 59507 | enum ocfs2_local_alloc_state |
59508 | diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c | ||
59509 | index 998b17e..aefe414 100644 | ||
59510 | --- a/fs/ocfs2/refcounttree.c | ||
59511 | +++ b/fs/ocfs2/refcounttree.c | ||
59512 | @@ -49,7 +49,6 @@ | ||
59513 | |||
59514 | struct ocfs2_cow_context { | ||
59515 | struct inode *inode; | ||
59516 | - struct file *file; | ||
59517 | u32 cow_start; | ||
59518 | u32 cow_len; | ||
59519 | struct ocfs2_extent_tree data_et; | ||
59520 | @@ -66,7 +65,7 @@ struct ocfs2_cow_context { | ||
59521 | u32 *num_clusters, | ||
59522 | unsigned int *extent_flags); | ||
59523 | int (*cow_duplicate_clusters)(handle_t *handle, | ||
59524 | - struct file *file, | ||
59525 | + struct inode *inode, | ||
59526 | u32 cpos, u32 old_cluster, | ||
59527 | u32 new_cluster, u32 new_len); | ||
59528 | }; | ||
59529 | @@ -2922,14 +2921,12 @@ static int ocfs2_clear_cow_buffer(handle_t *handle, struct buffer_head *bh) | ||
59530 | } | ||
59531 | |||
59532 | int ocfs2_duplicate_clusters_by_page(handle_t *handle, | ||
59533 | - struct file *file, | ||
59534 | + struct inode *inode, | ||
59535 | u32 cpos, u32 old_cluster, | ||
59536 | u32 new_cluster, u32 new_len) | ||
59537 | { | ||
59538 | int ret = 0, partial; | ||
59539 | - struct inode *inode = file_inode(file); | ||
59540 | - struct ocfs2_caching_info *ci = INODE_CACHE(inode); | ||
59541 | - struct super_block *sb = ocfs2_metadata_cache_get_super(ci); | ||
59542 | + struct super_block *sb = inode->i_sb; | ||
59543 | u64 new_block = ocfs2_clusters_to_blocks(sb, new_cluster); | ||
59544 | struct page *page; | ||
59545 | pgoff_t page_index; | ||
59546 | @@ -2973,13 +2970,6 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, | ||
59547 | if (PAGE_CACHE_SIZE <= OCFS2_SB(sb)->s_clustersize) | ||
59548 | BUG_ON(PageDirty(page)); | ||
59549 | |||
59550 | - if (PageReadahead(page)) { | ||
59551 | - page_cache_async_readahead(mapping, | ||
59552 | - &file->f_ra, file, | ||
59553 | - page, page_index, | ||
59554 | - readahead_pages); | ||
59555 | - } | ||
59556 | - | ||
59557 | if (!PageUptodate(page)) { | ||
59558 | ret = block_read_full_page(page, ocfs2_get_block); | ||
59559 | if (ret) { | ||
59560 | @@ -2999,7 +2989,8 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle, | ||
59561 | } | ||
59562 | } | ||
59563 | |||
59564 | - ocfs2_map_and_dirty_page(inode, handle, from, to, | ||
59565 | + ocfs2_map_and_dirty_page(inode, | ||
59566 | + handle, from, to, | ||
59567 | page, 0, &new_block); | ||
59568 | mark_page_accessed(page); | ||
59569 | unlock: | ||
59570 | @@ -3015,12 +3006,11 @@ unlock: | ||
59571 | } | ||
59572 | |||
59573 | int ocfs2_duplicate_clusters_by_jbd(handle_t *handle, | ||
59574 | - struct file *file, | ||
59575 | + struct inode *inode, | ||
59576 | u32 cpos, u32 old_cluster, | ||
59577 | u32 new_cluster, u32 new_len) | ||
59578 | { | ||
59579 | int ret = 0; | ||
59580 | - struct inode *inode = file_inode(file); | ||
59581 | struct super_block *sb = inode->i_sb; | ||
59582 | struct ocfs2_caching_info *ci = INODE_CACHE(inode); | ||
59583 | int i, blocks = ocfs2_clusters_to_blocks(sb, new_len); | ||
59584 | @@ -3145,7 +3135,7 @@ static int ocfs2_replace_clusters(handle_t *handle, | ||
59585 | |||
59586 | /*If the old clusters is unwritten, no need to duplicate. */ | ||
59587 | if (!(ext_flags & OCFS2_EXT_UNWRITTEN)) { | ||
59588 | - ret = context->cow_duplicate_clusters(handle, context->file, | ||
59589 | + ret = context->cow_duplicate_clusters(handle, context->inode, | ||
59590 | cpos, old, new, len); | ||
59591 | if (ret) { | ||
59592 | mlog_errno(ret); | ||
59593 | @@ -3423,35 +3413,12 @@ static int ocfs2_replace_cow(struct ocfs2_cow_context *context) | ||
59594 | return ret; | ||
59595 | } | ||
59596 | |||
59597 | -static void ocfs2_readahead_for_cow(struct inode *inode, | ||
59598 | - struct file *file, | ||
59599 | - u32 start, u32 len) | ||
59600 | -{ | ||
59601 | - struct address_space *mapping; | ||
59602 | - pgoff_t index; | ||
59603 | - unsigned long num_pages; | ||
59604 | - int cs_bits = OCFS2_SB(inode->i_sb)->s_clustersize_bits; | ||
59605 | - | ||
59606 | - if (!file) | ||
59607 | - return; | ||
59608 | - | ||
59609 | - mapping = file->f_mapping; | ||
59610 | - num_pages = (len << cs_bits) >> PAGE_CACHE_SHIFT; | ||
59611 | - if (!num_pages) | ||
59612 | - num_pages = 1; | ||
59613 | - | ||
59614 | - index = ((loff_t)start << cs_bits) >> PAGE_CACHE_SHIFT; | ||
59615 | - page_cache_sync_readahead(mapping, &file->f_ra, file, | ||
59616 | - index, num_pages); | ||
59617 | -} | ||
59618 | - | ||
59619 | /* | ||
59620 | * Starting at cpos, try to CoW write_len clusters. Don't CoW | ||
59621 | * past max_cpos. This will stop when it runs into a hole or an | ||
59622 | * unrefcounted extent. | ||
59623 | */ | ||
59624 | static int ocfs2_refcount_cow_hunk(struct inode *inode, | ||
59625 | - struct file *file, | ||
59626 | struct buffer_head *di_bh, | ||
59627 | u32 cpos, u32 write_len, u32 max_cpos) | ||
59628 | { | ||
59629 | @@ -3480,8 +3447,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode, | ||
59630 | |||
59631 | BUG_ON(cow_len == 0); | ||
59632 | |||
59633 | - ocfs2_readahead_for_cow(inode, file, cow_start, cow_len); | ||
59634 | - | ||
59635 | context = kzalloc(sizeof(struct ocfs2_cow_context), GFP_NOFS); | ||
59636 | if (!context) { | ||
59637 | ret = -ENOMEM; | ||
59638 | @@ -3503,7 +3468,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode, | ||
59639 | context->ref_root_bh = ref_root_bh; | ||
59640 | context->cow_duplicate_clusters = ocfs2_duplicate_clusters_by_page; | ||
59641 | context->get_clusters = ocfs2_di_get_clusters; | ||
59642 | - context->file = file; | ||
59643 | |||
59644 | ocfs2_init_dinode_extent_tree(&context->data_et, | ||
59645 | INODE_CACHE(inode), di_bh); | ||
59646 | @@ -3532,7 +3496,6 @@ out: | ||
59647 | * clusters between cpos and cpos+write_len are safe to modify. | ||
59648 | */ | ||
59649 | int ocfs2_refcount_cow(struct inode *inode, | ||
59650 | - struct file *file, | ||
59651 | struct buffer_head *di_bh, | ||
59652 | u32 cpos, u32 write_len, u32 max_cpos) | ||
59653 | { | ||
59654 | @@ -3552,7 +3515,7 @@ int ocfs2_refcount_cow(struct inode *inode, | ||
59655 | num_clusters = write_len; | ||
59656 | |||
59657 | if (ext_flags & OCFS2_EXT_REFCOUNTED) { | ||
59658 | - ret = ocfs2_refcount_cow_hunk(inode, file, di_bh, cpos, | ||
59659 | + ret = ocfs2_refcount_cow_hunk(inode, di_bh, cpos, | ||
59660 | num_clusters, max_cpos); | ||
59661 | if (ret) { | ||
59662 | mlog_errno(ret); | ||
59663 | diff --git a/fs/ocfs2/refcounttree.h b/fs/ocfs2/refcounttree.h | ||
59664 | index 7754608..6422bbcdb 100644 | ||
59665 | --- a/fs/ocfs2/refcounttree.h | ||
59666 | +++ b/fs/ocfs2/refcounttree.h | ||
59667 | @@ -53,7 +53,7 @@ int ocfs2_prepare_refcount_change_for_del(struct inode *inode, | ||
59668 | int *credits, | ||
59669 | int *ref_blocks); | ||
59670 | int ocfs2_refcount_cow(struct inode *inode, | ||
59671 | - struct file *filep, struct buffer_head *di_bh, | ||
59672 | + struct buffer_head *di_bh, | ||
59673 | u32 cpos, u32 write_len, u32 max_cpos); | ||
59674 | |||
59675 | typedef int (ocfs2_post_refcount_func)(struct inode *inode, | ||
59676 | @@ -85,11 +85,11 @@ int ocfs2_refcount_cow_xattr(struct inode *inode, | ||
59677 | u32 cpos, u32 write_len, | ||
59678 | struct ocfs2_post_refcount *post); | ||
59679 | int ocfs2_duplicate_clusters_by_page(handle_t *handle, | ||
59680 | - struct file *file, | ||
59681 | + struct inode *inode, | ||
59682 | u32 cpos, u32 old_cluster, | ||
59683 | u32 new_cluster, u32 new_len); | ||
59684 | int ocfs2_duplicate_clusters_by_jbd(handle_t *handle, | ||
59685 | - struct file *file, | ||
59686 | + struct inode *inode, | ||
59687 | u32 cpos, u32 old_cluster, | ||
59688 | u32 new_cluster, u32 new_len); | ||
59689 | int ocfs2_cow_sync_writeback(struct super_block *sb, | ||
54766 | diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c | 59690 | diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c |
54767 | index b7e74b5..19c6536 100644 | 59691 | index b7e74b5..19c6536 100644 |
54768 | --- a/fs/ocfs2/suballoc.c | 59692 | --- a/fs/ocfs2/suballoc.c |
@@ -56263,7 +61187,7 @@ index 6b6a993..807cccc 100644 | |||
56263 | kfree(s); | 61187 | kfree(s); |
56264 | } | 61188 | } |
56265 | diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c | 61189 | diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c |
56266 | index 3e636d8..83e3b71 100644 | 61190 | index 65fc60a..350cc48 100644 |
56267 | --- a/fs/proc/task_mmu.c | 61191 | --- a/fs/proc/task_mmu.c |
56268 | +++ b/fs/proc/task_mmu.c | 61192 | +++ b/fs/proc/task_mmu.c |
56269 | @@ -11,12 +11,19 @@ | 61193 | @@ -11,12 +11,19 @@ |
@@ -56686,10 +61610,10 @@ index 2b7882b..1c5ef48 100644 | |||
56686 | 61610 | ||
56687 | /* balance leaf returns 0 except if combining L R and S into | 61611 | /* balance leaf returns 0 except if combining L R and S into |
56688 | diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c | 61612 | diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c |
56689 | index 33532f7..4846ade 100644 | 61613 | index 1d48974..2f8f4e0 100644 |
56690 | --- a/fs/reiserfs/procfs.c | 61614 | --- a/fs/reiserfs/procfs.c |
56691 | +++ b/fs/reiserfs/procfs.c | 61615 | +++ b/fs/reiserfs/procfs.c |
56692 | @@ -112,7 +112,7 @@ static int show_super(struct seq_file *m, struct super_block *sb) | 61616 | @@ -114,7 +114,7 @@ static int show_super(struct seq_file *m, void *unused) |
56693 | "SMALL_TAILS " : "NO_TAILS ", | 61617 | "SMALL_TAILS " : "NO_TAILS ", |
56694 | replay_only(sb) ? "REPLAY_ONLY " : "", | 61618 | replay_only(sb) ? "REPLAY_ONLY " : "", |
56695 | convert_reiserfs(sb) ? "CONV " : "", | 61619 | convert_reiserfs(sb) ? "CONV " : "", |
@@ -57374,10 +62298,10 @@ index ca9ecaa..60100c7 100644 | |||
57374 | kfree(s); | 62298 | kfree(s); |
57375 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig | 62299 | diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig |
57376 | new file mode 100644 | 62300 | new file mode 100644 |
57377 | index 0000000..712a85d | 62301 | index 0000000..76e84b9 |
57378 | --- /dev/null | 62302 | --- /dev/null |
57379 | +++ b/grsecurity/Kconfig | 62303 | +++ b/grsecurity/Kconfig |
57380 | @@ -0,0 +1,1043 @@ | 62304 | @@ -0,0 +1,1063 @@ |
57381 | +# | 62305 | +# |
57382 | +# grecurity configuration | 62306 | +# grecurity configuration |
57383 | +# | 62307 | +# |
@@ -58349,6 +63273,26 @@ index 0000000..712a85d | |||
58349 | + option with name "socket_server_gid" is created. | 63273 | + option with name "socket_server_gid" is created. |
58350 | + | 63274 | + |
58351 | +endmenu | 63275 | +endmenu |
63276 | + | ||
63277 | +menu "Physical Protections" | ||
63278 | +depends on GRKERNSEC | ||
63279 | + | ||
63280 | +config GRKERNSEC_DENYUSB | ||
63281 | + bool "Deny new USB connections after toggle" | ||
63282 | + default y if GRKERNSEC_CONFIG_AUTO | ||
63283 | + help | ||
63284 | + If you say Y here, a new sysctl option with name "deny_new_usb" | ||
63285 | + will be created. Setting its value to 1 will prevent any new | ||
63286 | + USB devices from being recognized by the OS. Any attempted USB | ||
63287 | + device insertion will be logged. This option is intended to be | ||
63288 | + used against custom USB devices designed to exploit vulnerabilities | ||
63289 | + in various USB device drivers. | ||
63290 | + | ||
63291 | + For greatest effectiveness, this sysctl should be set after any | ||
63292 | + relevant init scripts. Once set, it cannot be unset. | ||
63293 | + | ||
63294 | +endmenu | ||
63295 | + | ||
58352 | +menu "Sysctl Support" | 63296 | +menu "Sysctl Support" |
58353 | +depends on GRKERNSEC && SYSCTL | 63297 | +depends on GRKERNSEC && SYSCTL |
58354 | + | 63298 | + |
@@ -58423,10 +63367,10 @@ index 0000000..712a85d | |||
58423 | +endmenu | 63367 | +endmenu |
58424 | diff --git a/grsecurity/Makefile b/grsecurity/Makefile | 63368 | diff --git a/grsecurity/Makefile b/grsecurity/Makefile |
58425 | new file mode 100644 | 63369 | new file mode 100644 |
58426 | index 0000000..36845aa | 63370 | index 0000000..b0b77d5 |
58427 | --- /dev/null | 63371 | --- /dev/null |
58428 | +++ b/grsecurity/Makefile | 63372 | +++ b/grsecurity/Makefile |
58429 | @@ -0,0 +1,42 @@ | 63373 | @@ -0,0 +1,43 @@ |
58430 | +# grsecurity's ACL system was originally written in 2001 by Michael Dalton | 63374 | +# grsecurity's ACL system was originally written in 2001 by Michael Dalton |
58431 | +# during 2001-2009 it has been completely redesigned by Brad Spengler | 63375 | +# during 2001-2009 it has been completely redesigned by Brad Spengler |
58432 | +# into an RBAC system | 63376 | +# into an RBAC system |
@@ -58439,7 +63383,8 @@ index 0000000..36845aa | |||
58439 | + | 63383 | + |
58440 | +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ | 63384 | +obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \ |
58441 | + grsec_mount.o grsec_sig.o grsec_sysctl.o \ | 63385 | + grsec_mount.o grsec_sig.o grsec_sysctl.o \ |
58442 | + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o | 63386 | + grsec_time.o grsec_tpe.o grsec_link.o grsec_pax.o grsec_ptrace.o \ |
63387 | + grsec_usb.o | ||
58443 | + | 63388 | + |
58444 | +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ | 63389 | +obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \ |
58445 | + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ | 63390 | + gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \ |
@@ -65724,10 +70669,10 @@ index 0000000..8ca18bf | |||
65724 | +} | 70669 | +} |
65725 | diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c | 70670 | diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c |
65726 | new file mode 100644 | 70671 | new file mode 100644 |
65727 | index 0000000..ab2d875 | 70672 | index 0000000..836f38f |
65728 | --- /dev/null | 70673 | --- /dev/null |
65729 | +++ b/grsecurity/grsec_init.c | 70674 | +++ b/grsecurity/grsec_init.c |
65730 | @@ -0,0 +1,279 @@ | 70675 | @@ -0,0 +1,280 @@ |
65731 | +#include <linux/kernel.h> | 70676 | +#include <linux/kernel.h> |
65732 | +#include <linux/sched.h> | 70677 | +#include <linux/sched.h> |
65733 | +#include <linux/mm.h> | 70678 | +#include <linux/mm.h> |
@@ -65756,6 +70701,7 @@ index 0000000..ab2d875 | |||
65756 | +int grsec_enable_chdir; | 70701 | +int grsec_enable_chdir; |
65757 | +int grsec_enable_mount; | 70702 | +int grsec_enable_mount; |
65758 | +int grsec_enable_rofs; | 70703 | +int grsec_enable_rofs; |
70704 | +int grsec_deny_new_usb; | ||
65759 | +int grsec_enable_chroot_findtask; | 70705 | +int grsec_enable_chroot_findtask; |
65760 | +int grsec_enable_chroot_mount; | 70706 | +int grsec_enable_chroot_mount; |
65761 | +int grsec_enable_chroot_shmat; | 70707 | +int grsec_enable_chroot_shmat; |
@@ -67123,10 +72069,10 @@ index 0000000..4030d57 | |||
67123 | +} | 72069 | +} |
67124 | diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c | 72070 | diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c |
67125 | new file mode 100644 | 72071 | new file mode 100644 |
67126 | index 0000000..7624d1c | 72072 | index 0000000..a9e378f |
67127 | --- /dev/null | 72073 | --- /dev/null |
67128 | +++ b/grsecurity/grsec_sysctl.c | 72074 | +++ b/grsecurity/grsec_sysctl.c |
67129 | @@ -0,0 +1,460 @@ | 72075 | @@ -0,0 +1,472 @@ |
67130 | +#include <linux/kernel.h> | 72076 | +#include <linux/kernel.h> |
67131 | +#include <linux/sched.h> | 72077 | +#include <linux/sched.h> |
67132 | +#include <linux/sysctl.h> | 72078 | +#include <linux/sysctl.h> |
@@ -67147,11 +72093,12 @@ index 0000000..7624d1c | |||
67147 | + return 0; | 72093 | + return 0; |
67148 | +} | 72094 | +} |
67149 | + | 72095 | + |
67150 | +#ifdef CONFIG_GRKERNSEC_ROFS | 72096 | +#if defined(CONFIG_GRKERNSEC_ROFS) || defined(CONFIG_GRKERNSEC_DENYUSB) |
67151 | +static int __maybe_unused one = 1; | 72097 | +static int __maybe_unused __read_only one = 1; |
67152 | +#endif | 72098 | +#endif |
67153 | + | 72099 | + |
67154 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) | 72100 | +#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_ROFS) || \ |
72101 | + defined(CONFIG_GRKERNSEC_DENYUSB) | ||
67155 | +struct ctl_table grsecurity_table[] = { | 72102 | +struct ctl_table grsecurity_table[] = { |
67156 | +#ifdef CONFIG_GRKERNSEC_SYSCTL | 72103 | +#ifdef CONFIG_GRKERNSEC_SYSCTL |
67157 | +#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO | 72104 | +#ifdef CONFIG_GRKERNSEC_SYSCTL_DISTRO |
@@ -67584,6 +72531,17 @@ index 0000000..7624d1c | |||
67584 | + .extra2 = &one, | 72531 | + .extra2 = &one, |
67585 | + }, | 72532 | + }, |
67586 | +#endif | 72533 | +#endif |
72534 | +#ifdef CONFIG_GRKERNSEC_DENYUSB | ||
72535 | + { | ||
72536 | + .procname = "deny_new_usb", | ||
72537 | + .data = &grsec_deny_new_usb, | ||
72538 | + .maxlen = sizeof(int), | ||
72539 | + .mode = 0600, | ||
72540 | + .proc_handler = &proc_dointvec_minmax, | ||
72541 | + .extra1 = &one, | ||
72542 | + .extra2 = &one, | ||
72543 | + }, | ||
72544 | +#endif | ||
67587 | + { } | 72545 | + { } |
67588 | +}; | 72546 | +}; |
67589 | +#endif | 72547 | +#endif |
@@ -67688,6 +72646,27 @@ index 0000000..ee57dcf | |||
67688 | +#endif | 72646 | +#endif |
67689 | + return 1; | 72647 | + return 1; |
67690 | +} | 72648 | +} |
72649 | diff --git a/grsecurity/grsec_usb.c b/grsecurity/grsec_usb.c | ||
72650 | new file mode 100644 | ||
72651 | index 0000000..ae02d8e | ||
72652 | --- /dev/null | ||
72653 | +++ b/grsecurity/grsec_usb.c | ||
72654 | @@ -0,0 +1,15 @@ | ||
72655 | +#include <linux/kernel.h> | ||
72656 | +#include <linux/grinternal.h> | ||
72657 | +#include <linux/module.h> | ||
72658 | + | ||
72659 | +int gr_handle_new_usb(void) | ||
72660 | +{ | ||
72661 | +#ifdef CONFIG_GRKERNSEC_DENYUSB | ||
72662 | + if (grsec_deny_new_usb) { | ||
72663 | + printk(KERN_ALERT "grsec: denied insert of new USB device\n"); | ||
72664 | + return 1; | ||
72665 | + } | ||
72666 | +#endif | ||
72667 | + return 0; | ||
72668 | +} | ||
72669 | +EXPORT_SYMBOL_GPL(gr_handle_new_usb); | ||
67691 | diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c | 72670 | diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c |
67692 | new file mode 100644 | 72671 | new file mode 100644 |
67693 | index 0000000..9f7b1ac | 72672 | index 0000000..9f7b1ac |
@@ -68342,6 +73321,23 @@ index a59ff51..2594a70 100644 | |||
68342 | #endif /* CONFIG_MMU */ | 73321 | #endif /* CONFIG_MMU */ |
68343 | 73322 | ||
68344 | #endif /* !__ASSEMBLY__ */ | 73323 | #endif /* !__ASSEMBLY__ */ |
73324 | diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h | ||
73325 | index c184aa8..d049942 100644 | ||
73326 | --- a/include/asm-generic/uaccess.h | ||
73327 | +++ b/include/asm-generic/uaccess.h | ||
73328 | @@ -343,4 +343,12 @@ clear_user(void __user *to, unsigned long n) | ||
73329 | return __clear_user(to, n); | ||
73330 | } | ||
73331 | |||
73332 | +#ifndef __HAVE_ARCH_PAX_OPEN_USERLAND | ||
73333 | +//static inline unsigned long pax_open_userland(void) { return 0; } | ||
73334 | +#endif | ||
73335 | + | ||
73336 | +#ifndef __HAVE_ARCH_PAX_CLOSE_USERLAND | ||
73337 | +//static inline unsigned long pax_close_userland(void) { return 0; } | ||
73338 | +#endif | ||
73339 | + | ||
73340 | #endif /* __ASM_GENERIC_UACCESS_H */ | ||
68345 | diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h | 73341 | diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h |
68346 | index eb58d2d..df131bf 100644 | 73342 | index eb58d2d..df131bf 100644 |
68347 | --- a/include/asm-generic/vmlinux.lds.h | 73343 | --- a/include/asm-generic/vmlinux.lds.h |
@@ -68631,7 +73627,7 @@ index 1186098..f87e53d 100644 | |||
68631 | /** | 73627 | /** |
68632 | * struct clk_init_data - holds init data that's common to all clocks and is | 73628 | * struct clk_init_data - holds init data that's common to all clocks and is |
68633 | diff --git a/include/linux/compat.h b/include/linux/compat.h | 73629 | diff --git a/include/linux/compat.h b/include/linux/compat.h |
68634 | index 7f0c1dd..b5729c6 100644 | 73630 | index 7f0c1dd..206ac34 100644 |
68635 | --- a/include/linux/compat.h | 73631 | --- a/include/linux/compat.h |
68636 | +++ b/include/linux/compat.h | 73632 | +++ b/include/linux/compat.h |
68637 | @@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, | 73633 | @@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, |
@@ -68652,6 +73648,14 @@ index 7f0c1dd..b5729c6 100644 | |||
68652 | 73648 | ||
68653 | asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t); | 73649 | asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t); |
68654 | /* | 73650 | /* |
73651 | @@ -669,6 +669,7 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr, | ||
73652 | |||
73653 | int compat_restore_altstack(const compat_stack_t __user *uss); | ||
73654 | int __compat_save_altstack(compat_stack_t __user *, unsigned long); | ||
73655 | +void __compat_save_altstack_ex(compat_stack_t __user *, unsigned long); | ||
73656 | |||
73657 | asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid, | ||
73658 | struct compat_timespec __user *interval); | ||
68655 | diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h | 73659 | diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h |
68656 | index 842de22..7f3a41f 100644 | 73660 | index 842de22..7f3a41f 100644 |
68657 | --- a/include/linux/compiler-gcc4.h | 73661 | --- a/include/linux/compiler-gcc4.h |
@@ -70049,10 +75053,10 @@ index 0000000..be66033 | |||
70049 | +#endif | 75053 | +#endif |
70050 | diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h | 75054 | diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h |
70051 | new file mode 100644 | 75055 | new file mode 100644 |
70052 | index 0000000..fd8598b | 75056 | index 0000000..e337683 |
70053 | --- /dev/null | 75057 | --- /dev/null |
70054 | +++ b/include/linux/grinternal.h | 75058 | +++ b/include/linux/grinternal.h |
70055 | @@ -0,0 +1,228 @@ | 75059 | @@ -0,0 +1,229 @@ |
70056 | +#ifndef __GRINTERNAL_H | 75060 | +#ifndef __GRINTERNAL_H |
70057 | +#define __GRINTERNAL_H | 75061 | +#define __GRINTERNAL_H |
70058 | + | 75062 | + |
@@ -70101,6 +75105,7 @@ index 0000000..fd8598b | |||
70101 | +extern int grsec_enable_forkfail; | 75105 | +extern int grsec_enable_forkfail; |
70102 | +extern int grsec_enable_time; | 75106 | +extern int grsec_enable_time; |
70103 | +extern int grsec_enable_rofs; | 75107 | +extern int grsec_enable_rofs; |
75108 | +extern int grsec_deny_new_usb; | ||
70104 | +extern int grsec_enable_chroot_shmat; | 75109 | +extern int grsec_enable_chroot_shmat; |
70105 | +extern int grsec_enable_chroot_mount; | 75110 | +extern int grsec_enable_chroot_mount; |
70106 | +extern int grsec_enable_chroot_double; | 75111 | +extern int grsec_enable_chroot_double; |
@@ -70402,10 +75407,10 @@ index 0000000..a4396b5 | |||
70402 | +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " | 75407 | +#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for " |
70403 | diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h | 75408 | diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h |
70404 | new file mode 100644 | 75409 | new file mode 100644 |
70405 | index 0000000..3676b0b | 75410 | index 0000000..d6f5a21 |
70406 | --- /dev/null | 75411 | --- /dev/null |
70407 | +++ b/include/linux/grsecurity.h | 75412 | +++ b/include/linux/grsecurity.h |
70408 | @@ -0,0 +1,242 @@ | 75413 | @@ -0,0 +1,244 @@ |
70409 | +#ifndef GR_SECURITY_H | 75414 | +#ifndef GR_SECURITY_H |
70410 | +#define GR_SECURITY_H | 75415 | +#define GR_SECURITY_H |
70411 | +#include <linux/fs.h> | 75416 | +#include <linux/fs.h> |
@@ -70427,6 +75432,8 @@ index 0000000..3676b0b | |||
70427 | +#error "CONFIG_PAX enabled, but no PaX options are enabled." | 75432 | +#error "CONFIG_PAX enabled, but no PaX options are enabled." |
70428 | +#endif | 75433 | +#endif |
70429 | + | 75434 | + |
75435 | +int gr_handle_new_usb(void); | ||
75436 | + | ||
70430 | +void gr_handle_brute_attach(unsigned long mm_flags); | 75437 | +void gr_handle_brute_attach(unsigned long mm_flags); |
70431 | +void gr_handle_brute_check(void); | 75438 | +void gr_handle_brute_check(void); |
70432 | +void gr_handle_kernel_exploit(void); | 75439 | +void gr_handle_kernel_exploit(void); |
@@ -70673,6 +75680,35 @@ index 0000000..e7ffaaf | |||
70673 | + const int protocol); | 75680 | + const int protocol); |
70674 | + | 75681 | + |
70675 | +#endif | 75682 | +#endif |
75683 | diff --git a/include/linux/hid.h b/include/linux/hid.h | ||
75684 | index 0c48991..76e41d8 100644 | ||
75685 | --- a/include/linux/hid.h | ||
75686 | +++ b/include/linux/hid.h | ||
75687 | @@ -393,10 +393,12 @@ struct hid_report { | ||
75688 | struct hid_device *device; /* associated device */ | ||
75689 | }; | ||
75690 | |||
75691 | +#define HID_MAX_IDS 256 | ||
75692 | + | ||
75693 | struct hid_report_enum { | ||
75694 | unsigned numbered; | ||
75695 | struct list_head report_list; | ||
75696 | - struct hid_report *report_id_hash[256]; | ||
75697 | + struct hid_report *report_id_hash[HID_MAX_IDS]; | ||
75698 | }; | ||
75699 | |||
75700 | #define HID_REPORT_TYPES 3 | ||
75701 | @@ -747,6 +749,10 @@ void hid_output_report(struct hid_report *report, __u8 *data); | ||
75702 | struct hid_device *hid_allocate_device(void); | ||
75703 | struct hid_report *hid_register_report(struct hid_device *device, unsigned type, unsigned id); | ||
75704 | int hid_parse_report(struct hid_device *hid, __u8 *start, unsigned size); | ||
75705 | +struct hid_report *hid_validate_report(struct hid_device *hid, | ||
75706 | + unsigned int type, unsigned int id, | ||
75707 | + unsigned int fields, | ||
75708 | + unsigned int report_counts); | ||
75709 | int hid_open_report(struct hid_device *device); | ||
75710 | int hid_check_keys_pressed(struct hid_device *hid); | ||
75711 | int hid_connect(struct hid_device *hid, unsigned int connect_mask); | ||
70676 | diff --git a/include/linux/highmem.h b/include/linux/highmem.h | 75712 | diff --git a/include/linux/highmem.h b/include/linux/highmem.h |
70677 | index 7fb31da..08b5114 100644 | 75713 | index 7fb31da..08b5114 100644 |
70678 | --- a/include/linux/highmem.h | 75714 | --- a/include/linux/highmem.h |
@@ -70929,7 +75965,7 @@ index 3e203eb..3fe68d0 100644 | |||
70929 | void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, | 75965 | void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, |
70930 | u32 offset, struct device_node *); | 75966 | u32 offset, struct device_node *); |
70931 | diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h | 75967 | diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h |
70932 | index 6883e19..06992b1 100644 | 75968 | index 6883e19..e854fcb 100644 |
70933 | --- a/include/linux/kallsyms.h | 75969 | --- a/include/linux/kallsyms.h |
70934 | +++ b/include/linux/kallsyms.h | 75970 | +++ b/include/linux/kallsyms.h |
70935 | @@ -15,7 +15,8 @@ | 75971 | @@ -15,7 +15,8 @@ |
@@ -70942,12 +75978,13 @@ index 6883e19..06992b1 100644 | |||
70942 | /* Lookup the address for a symbol. Returns 0 if not found. */ | 75978 | /* Lookup the address for a symbol. Returns 0 if not found. */ |
70943 | unsigned long kallsyms_lookup_name(const char *name); | 75979 | unsigned long kallsyms_lookup_name(const char *name); |
70944 | 75980 | ||
70945 | @@ -106,6 +107,17 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u | 75981 | @@ -106,6 +107,21 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u |
70946 | /* Stupid that this does nothing, but I didn't create this mess. */ | 75982 | /* Stupid that this does nothing, but I didn't create this mess. */ |
70947 | #define __print_symbol(fmt, addr) | 75983 | #define __print_symbol(fmt, addr) |
70948 | #endif /*CONFIG_KALLSYMS*/ | 75984 | #endif /*CONFIG_KALLSYMS*/ |
70949 | +#else /* when included by kallsyms.c, vsnprintf.c, or | 75985 | +#else /* when included by kallsyms.c, vsnprintf.c, kprobes.c, or |
70950 | + arch/x86/kernel/dumpstack.c, with HIDESYM enabled */ | 75986 | + arch/x86/kernel/dumpstack.c, with HIDESYM enabled */ |
75987 | +extern unsigned long kallsyms_lookup_name(const char *name); | ||
70951 | +extern void __print_symbol(const char *fmt, unsigned long address); | 75988 | +extern void __print_symbol(const char *fmt, unsigned long address); |
70952 | +extern int sprint_backtrace(char *buffer, unsigned long address); | 75989 | +extern int sprint_backtrace(char *buffer, unsigned long address); |
70953 | +extern int sprint_symbol(char *buffer, unsigned long address); | 75990 | +extern int sprint_symbol(char *buffer, unsigned long address); |
@@ -70956,6 +75993,9 @@ index 6883e19..06992b1 100644 | |||
70956 | + unsigned long *symbolsize, | 75993 | + unsigned long *symbolsize, |
70957 | + unsigned long *offset, | 75994 | + unsigned long *offset, |
70958 | + char **modname, char *namebuf); | 75995 | + char **modname, char *namebuf); |
75996 | +extern int kallsyms_lookup_size_offset(unsigned long addr, | ||
75997 | + unsigned long *symbolsize, | ||
75998 | + unsigned long *offset); | ||
70959 | +#endif | 75999 | +#endif |
70960 | 76000 | ||
70961 | /* This macro allows us to keep printk typechecking */ | 76001 | /* This macro allows us to keep printk typechecking */ |
@@ -71133,7 +76173,7 @@ index b83e565..baa6c1d 100644 | |||
71133 | * list_move - delete from one list and add as another's head | 76173 | * list_move - delete from one list and add as another's head |
71134 | * @list: the entry to move | 76174 | * @list: the entry to move |
71135 | diff --git a/include/linux/math64.h b/include/linux/math64.h | 76175 | diff --git a/include/linux/math64.h b/include/linux/math64.h |
71136 | index 2913b86..4209244 100644 | 76176 | index 2913b86..8dcbb1e 100644 |
71137 | --- a/include/linux/math64.h | 76177 | --- a/include/linux/math64.h |
71138 | +++ b/include/linux/math64.h | 76178 | +++ b/include/linux/math64.h |
71139 | @@ -15,7 +15,7 @@ | 76179 | @@ -15,7 +15,7 @@ |
@@ -71145,6 +76185,15 @@ index 2913b86..4209244 100644 | |||
71145 | { | 76185 | { |
71146 | *remainder = dividend % divisor; | 76186 | *remainder = dividend % divisor; |
71147 | return dividend / divisor; | 76187 | return dividend / divisor; |
76188 | @@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder) | ||
76189 | /** | ||
76190 | * div64_u64 - unsigned 64bit divide with 64bit divisor | ||
76191 | */ | ||
76192 | -static inline u64 div64_u64(u64 dividend, u64 divisor) | ||
76193 | +static inline u64 __intentional_overflow(0) div64_u64(u64 dividend, u64 divisor) | ||
76194 | { | ||
76195 | return dividend / divisor; | ||
76196 | } | ||
71148 | @@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) | 76197 | @@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor) |
71149 | #define div64_ul(x, y) div_u64((x), (y)) | 76198 | #define div64_ul(x, y) div_u64((x), (y)) |
71150 | 76199 | ||
@@ -71421,7 +76470,7 @@ index e0c8528..bcf0c29 100644 | |||
71421 | #endif /* __KERNEL__ */ | 76470 | #endif /* __KERNEL__ */ |
71422 | #endif /* _LINUX_MM_H */ | 76471 | #endif /* _LINUX_MM_H */ |
71423 | diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h | 76472 | diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h |
71424 | index ace9a5f..81bdb59 100644 | 76473 | index 4a189ba..04101d6 100644 |
71425 | --- a/include/linux/mm_types.h | 76474 | --- a/include/linux/mm_types.h |
71426 | +++ b/include/linux/mm_types.h | 76475 | +++ b/include/linux/mm_types.h |
71427 | @@ -289,6 +289,8 @@ struct vm_area_struct { | 76476 | @@ -289,6 +289,8 @@ struct vm_area_struct { |
@@ -71433,7 +76482,7 @@ index ace9a5f..81bdb59 100644 | |||
71433 | }; | 76482 | }; |
71434 | 76483 | ||
71435 | struct core_thread { | 76484 | struct core_thread { |
71436 | @@ -437,6 +439,24 @@ struct mm_struct { | 76485 | @@ -438,6 +440,24 @@ struct mm_struct { |
71437 | int first_nid; | 76486 | int first_nid; |
71438 | #endif | 76487 | #endif |
71439 | struct uprobes_state uprobes_state; | 76488 | struct uprobes_state uprobes_state; |
@@ -72097,6 +77146,61 @@ index 4ea1d37..80f4b33 100644 | |||
72097 | 77146 | ||
72098 | /* | 77147 | /* |
72099 | * The return value from decompress routine is the length of the | 77148 | * The return value from decompress routine is the length of the |
77149 | diff --git a/include/linux/preempt.h b/include/linux/preempt.h | ||
77150 | index f5d4723..a6ea2fa 100644 | ||
77151 | --- a/include/linux/preempt.h | ||
77152 | +++ b/include/linux/preempt.h | ||
77153 | @@ -18,8 +18,13 @@ | ||
77154 | # define sub_preempt_count(val) do { preempt_count() -= (val); } while (0) | ||
77155 | #endif | ||
77156 | |||
77157 | +#define raw_add_preempt_count(val) do { preempt_count() += (val); } while (0) | ||
77158 | +#define raw_sub_preempt_count(val) do { preempt_count() -= (val); } while (0) | ||
77159 | + | ||
77160 | #define inc_preempt_count() add_preempt_count(1) | ||
77161 | +#define raw_inc_preempt_count() raw_add_preempt_count(1) | ||
77162 | #define dec_preempt_count() sub_preempt_count(1) | ||
77163 | +#define raw_dec_preempt_count() raw_sub_preempt_count(1) | ||
77164 | |||
77165 | #define preempt_count() (current_thread_info()->preempt_count) | ||
77166 | |||
77167 | @@ -64,6 +69,12 @@ do { \ | ||
77168 | barrier(); \ | ||
77169 | } while (0) | ||
77170 | |||
77171 | +#define raw_preempt_disable() \ | ||
77172 | +do { \ | ||
77173 | + raw_inc_preempt_count(); \ | ||
77174 | + barrier(); \ | ||
77175 | +} while (0) | ||
77176 | + | ||
77177 | #define sched_preempt_enable_no_resched() \ | ||
77178 | do { \ | ||
77179 | barrier(); \ | ||
77180 | @@ -72,6 +83,12 @@ do { \ | ||
77181 | |||
77182 | #define preempt_enable_no_resched() sched_preempt_enable_no_resched() | ||
77183 | |||
77184 | +#define raw_preempt_enable_no_resched() \ | ||
77185 | +do { \ | ||
77186 | + barrier(); \ | ||
77187 | + raw_dec_preempt_count(); \ | ||
77188 | +} while (0) | ||
77189 | + | ||
77190 | #define preempt_enable() \ | ||
77191 | do { \ | ||
77192 | preempt_enable_no_resched(); \ | ||
77193 | @@ -116,8 +133,10 @@ do { \ | ||
77194 | * region. | ||
77195 | */ | ||
77196 | #define preempt_disable() barrier() | ||
77197 | +#define raw_preempt_disable() barrier() | ||
77198 | #define sched_preempt_enable_no_resched() barrier() | ||
77199 | #define preempt_enable_no_resched() barrier() | ||
77200 | +#define raw_preempt_enable_no_resched() barrier() | ||
77201 | #define preempt_enable() barrier() | ||
77202 | |||
77203 | #define preempt_disable_notrace() barrier() | ||
72100 | diff --git a/include/linux/printk.h b/include/linux/printk.h | 77204 | diff --git a/include/linux/printk.h b/include/linux/printk.h |
72101 | index 22c7052..ad3fa0a 100644 | 77205 | index 22c7052..ad3fa0a 100644 |
72102 | --- a/include/linux/printk.h | 77206 | --- a/include/linux/printk.h |
@@ -72314,7 +77418,7 @@ index 6dacb93..6174423 100644 | |||
72314 | static inline void anon_vma_merge(struct vm_area_struct *vma, | 77418 | static inline void anon_vma_merge(struct vm_area_struct *vma, |
72315 | struct vm_area_struct *next) | 77419 | struct vm_area_struct *next) |
72316 | diff --git a/include/linux/sched.h b/include/linux/sched.h | 77420 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
72317 | index 178a8d9..450bf11 100644 | 77421 | index 178a8d9..918ea01 100644 |
72318 | --- a/include/linux/sched.h | 77422 | --- a/include/linux/sched.h |
72319 | +++ b/include/linux/sched.h | 77423 | +++ b/include/linux/sched.h |
72320 | @@ -62,6 +62,7 @@ struct bio_list; | 77424 | @@ -62,6 +62,7 @@ struct bio_list; |
@@ -72334,7 +77438,7 @@ index 178a8d9..450bf11 100644 | |||
72334 | extern signed long schedule_timeout_interruptible(signed long timeout); | 77438 | extern signed long schedule_timeout_interruptible(signed long timeout); |
72335 | extern signed long schedule_timeout_killable(signed long timeout); | 77439 | extern signed long schedule_timeout_killable(signed long timeout); |
72336 | extern signed long schedule_timeout_uninterruptible(signed long timeout); | 77440 | extern signed long schedule_timeout_uninterruptible(signed long timeout); |
72337 | @@ -314,6 +315,19 @@ struct nsproxy; | 77441 | @@ -314,6 +315,18 @@ struct nsproxy; |
72338 | struct user_namespace; | 77442 | struct user_namespace; |
72339 | 77443 | ||
72340 | #ifdef CONFIG_MMU | 77444 | #ifdef CONFIG_MMU |
@@ -72350,11 +77454,10 @@ index 178a8d9..450bf11 100644 | |||
72350 | + | 77454 | + |
72351 | +extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset); | 77455 | +extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset); |
72352 | +extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset); | 77456 | +extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset); |
72353 | + | ||
72354 | extern void arch_pick_mmap_layout(struct mm_struct *mm); | 77457 | extern void arch_pick_mmap_layout(struct mm_struct *mm); |
72355 | extern unsigned long | 77458 | extern unsigned long |
72356 | arch_get_unmapped_area(struct file *, unsigned long, unsigned long, | 77459 | arch_get_unmapped_area(struct file *, unsigned long, unsigned long, |
72357 | @@ -591,6 +605,17 @@ struct signal_struct { | 77460 | @@ -591,6 +604,17 @@ struct signal_struct { |
72358 | #ifdef CONFIG_TASKSTATS | 77461 | #ifdef CONFIG_TASKSTATS |
72359 | struct taskstats *stats; | 77462 | struct taskstats *stats; |
72360 | #endif | 77463 | #endif |
@@ -72372,7 +77475,7 @@ index 178a8d9..450bf11 100644 | |||
72372 | #ifdef CONFIG_AUDIT | 77475 | #ifdef CONFIG_AUDIT |
72373 | unsigned audit_tty; | 77476 | unsigned audit_tty; |
72374 | unsigned audit_tty_log_passwd; | 77477 | unsigned audit_tty_log_passwd; |
72375 | @@ -671,6 +696,14 @@ struct user_struct { | 77478 | @@ -671,6 +695,14 @@ struct user_struct { |
72376 | struct key *session_keyring; /* UID's default session keyring */ | 77479 | struct key *session_keyring; /* UID's default session keyring */ |
72377 | #endif | 77480 | #endif |
72378 | 77481 | ||
@@ -72387,7 +77490,7 @@ index 178a8d9..450bf11 100644 | |||
72387 | /* Hash table maintenance information */ | 77490 | /* Hash table maintenance information */ |
72388 | struct hlist_node uidhash_node; | 77491 | struct hlist_node uidhash_node; |
72389 | kuid_t uid; | 77492 | kuid_t uid; |
72390 | @@ -1158,8 +1191,8 @@ struct task_struct { | 77493 | @@ -1158,8 +1190,8 @@ struct task_struct { |
72391 | struct list_head thread_group; | 77494 | struct list_head thread_group; |
72392 | 77495 | ||
72393 | struct completion *vfork_done; /* for vfork() */ | 77496 | struct completion *vfork_done; /* for vfork() */ |
@@ -72398,7 +77501,7 @@ index 178a8d9..450bf11 100644 | |||
72398 | 77501 | ||
72399 | cputime_t utime, stime, utimescaled, stimescaled; | 77502 | cputime_t utime, stime, utimescaled, stimescaled; |
72400 | cputime_t gtime; | 77503 | cputime_t gtime; |
72401 | @@ -1184,11 +1217,6 @@ struct task_struct { | 77504 | @@ -1184,11 +1216,6 @@ struct task_struct { |
72402 | struct task_cputime cputime_expires; | 77505 | struct task_cputime cputime_expires; |
72403 | struct list_head cpu_timers[3]; | 77506 | struct list_head cpu_timers[3]; |
72404 | 77507 | ||
@@ -72410,7 +77513,7 @@ index 178a8d9..450bf11 100644 | |||
72410 | char comm[TASK_COMM_LEN]; /* executable name excluding path | 77513 | char comm[TASK_COMM_LEN]; /* executable name excluding path |
72411 | - access with [gs]et_task_comm (which lock | 77514 | - access with [gs]et_task_comm (which lock |
72412 | it with task_lock()) | 77515 | it with task_lock()) |
72413 | @@ -1205,6 +1233,10 @@ struct task_struct { | 77516 | @@ -1205,6 +1232,10 @@ struct task_struct { |
72414 | #endif | 77517 | #endif |
72415 | /* CPU-specific state of this task */ | 77518 | /* CPU-specific state of this task */ |
72416 | struct thread_struct thread; | 77519 | struct thread_struct thread; |
@@ -72421,7 +77524,7 @@ index 178a8d9..450bf11 100644 | |||
72421 | /* filesystem information */ | 77524 | /* filesystem information */ |
72422 | struct fs_struct *fs; | 77525 | struct fs_struct *fs; |
72423 | /* open file information */ | 77526 | /* open file information */ |
72424 | @@ -1278,6 +1310,10 @@ struct task_struct { | 77527 | @@ -1278,6 +1309,10 @@ struct task_struct { |
72425 | gfp_t lockdep_reclaim_gfp; | 77528 | gfp_t lockdep_reclaim_gfp; |
72426 | #endif | 77529 | #endif |
72427 | 77530 | ||
@@ -72432,7 +77535,7 @@ index 178a8d9..450bf11 100644 | |||
72432 | /* journalling filesystem info */ | 77535 | /* journalling filesystem info */ |
72433 | void *journal_info; | 77536 | void *journal_info; |
72434 | 77537 | ||
72435 | @@ -1316,6 +1352,10 @@ struct task_struct { | 77538 | @@ -1316,6 +1351,10 @@ struct task_struct { |
72436 | /* cg_list protected by css_set_lock and tsk->alloc_lock */ | 77539 | /* cg_list protected by css_set_lock and tsk->alloc_lock */ |
72437 | struct list_head cg_list; | 77540 | struct list_head cg_list; |
72438 | #endif | 77541 | #endif |
@@ -72443,7 +77546,7 @@ index 178a8d9..450bf11 100644 | |||
72443 | #ifdef CONFIG_FUTEX | 77546 | #ifdef CONFIG_FUTEX |
72444 | struct robust_list_head __user *robust_list; | 77547 | struct robust_list_head __user *robust_list; |
72445 | #ifdef CONFIG_COMPAT | 77548 | #ifdef CONFIG_COMPAT |
72446 | @@ -1416,8 +1456,76 @@ struct task_struct { | 77549 | @@ -1416,8 +1455,76 @@ struct task_struct { |
72447 | unsigned int sequential_io; | 77550 | unsigned int sequential_io; |
72448 | unsigned int sequential_io_avg; | 77551 | unsigned int sequential_io_avg; |
72449 | #endif | 77552 | #endif |
@@ -72520,7 +77623,7 @@ index 178a8d9..450bf11 100644 | |||
72520 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ | 77623 | /* Future-safe accessor for struct task_struct's cpus_allowed. */ |
72521 | #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) | 77624 | #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
72522 | 77625 | ||
72523 | @@ -1476,7 +1584,7 @@ struct pid_namespace; | 77626 | @@ -1476,7 +1583,7 @@ struct pid_namespace; |
72524 | pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, | 77627 | pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, |
72525 | struct pid_namespace *ns); | 77628 | struct pid_namespace *ns); |
72526 | 77629 | ||
@@ -72529,7 +77632,7 @@ index 178a8d9..450bf11 100644 | |||
72529 | { | 77632 | { |
72530 | return tsk->pid; | 77633 | return tsk->pid; |
72531 | } | 77634 | } |
72532 | @@ -1919,7 +2027,9 @@ void yield(void); | 77635 | @@ -1919,7 +2026,9 @@ void yield(void); |
72533 | extern struct exec_domain default_exec_domain; | 77636 | extern struct exec_domain default_exec_domain; |
72534 | 77637 | ||
72535 | union thread_union { | 77638 | union thread_union { |
@@ -72539,7 +77642,7 @@ index 178a8d9..450bf11 100644 | |||
72539 | unsigned long stack[THREAD_SIZE/sizeof(long)]; | 77642 | unsigned long stack[THREAD_SIZE/sizeof(long)]; |
72540 | }; | 77643 | }; |
72541 | 77644 | ||
72542 | @@ -1952,6 +2062,7 @@ extern struct pid_namespace init_pid_ns; | 77645 | @@ -1952,6 +2061,7 @@ extern struct pid_namespace init_pid_ns; |
72543 | */ | 77646 | */ |
72544 | 77647 | ||
72545 | extern struct task_struct *find_task_by_vpid(pid_t nr); | 77648 | extern struct task_struct *find_task_by_vpid(pid_t nr); |
@@ -72547,7 +77650,7 @@ index 178a8d9..450bf11 100644 | |||
72547 | extern struct task_struct *find_task_by_pid_ns(pid_t nr, | 77650 | extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
72548 | struct pid_namespace *ns); | 77651 | struct pid_namespace *ns); |
72549 | 77652 | ||
72550 | @@ -2118,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *); | 77653 | @@ -2118,7 +2228,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
72551 | extern void exit_itimers(struct signal_struct *); | 77654 | extern void exit_itimers(struct signal_struct *); |
72552 | extern void flush_itimer_signals(void); | 77655 | extern void flush_itimer_signals(void); |
72553 | 77656 | ||
@@ -72556,7 +77659,7 @@ index 178a8d9..450bf11 100644 | |||
72556 | 77659 | ||
72557 | extern int allow_signal(int); | 77660 | extern int allow_signal(int); |
72558 | extern int disallow_signal(int); | 77661 | extern int disallow_signal(int); |
72559 | @@ -2309,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) | 77662 | @@ -2309,9 +2419,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
72560 | 77663 | ||
72561 | #endif | 77664 | #endif |
72562 | 77665 | ||
@@ -72629,6 +77732,18 @@ index 429c199..4d42e38 100644 | |||
72629 | }; | 77732 | }; |
72630 | 77733 | ||
72631 | /* shm_mode upper byte flags */ | 77734 | /* shm_mode upper byte flags */ |
77735 | diff --git a/include/linux/signal.h b/include/linux/signal.h | ||
77736 | index d897484..323ba98 100644 | ||
77737 | --- a/include/linux/signal.h | ||
77738 | +++ b/include/linux/signal.h | ||
77739 | @@ -433,6 +433,7 @@ void signals_init(void); | ||
77740 | |||
77741 | int restore_altstack(const stack_t __user *); | ||
77742 | int __save_altstack(stack_t __user *, unsigned long); | ||
77743 | +void __save_altstack_ex(stack_t __user *, unsigned long); | ||
77744 | |||
77745 | #ifdef CONFIG_PROC_FS | ||
77746 | struct seq_file; | ||
72632 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h | 77747 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
72633 | index dec1748..112c1f9 100644 | 77748 | index dec1748..112c1f9 100644 |
72634 | --- a/include/linux/skbuff.h | 77749 | --- a/include/linux/skbuff.h |
@@ -72953,6 +78068,20 @@ index 027276f..092bfe8 100644 | |||
72953 | void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); | 78068 | void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); |
72954 | 78069 | ||
72955 | #ifdef CONFIG_TRACING | 78070 | #ifdef CONFIG_TRACING |
78071 | diff --git a/include/linux/smp.h b/include/linux/smp.h | ||
78072 | index c848876..11e8a84 100644 | ||
78073 | --- a/include/linux/smp.h | ||
78074 | +++ b/include/linux/smp.h | ||
78075 | @@ -221,7 +221,9 @@ static inline void kick_all_cpus_sync(void) { } | ||
78076 | #endif | ||
78077 | |||
78078 | #define get_cpu() ({ preempt_disable(); smp_processor_id(); }) | ||
78079 | +#define raw_get_cpu() ({ raw_preempt_disable(); raw_smp_processor_id(); }) | ||
78080 | #define put_cpu() preempt_enable() | ||
78081 | +#define raw_put_cpu_no_resched() raw_preempt_enable_no_resched() | ||
78082 | |||
78083 | /* | ||
78084 | * Callback to arch code if there's nosmp or maxcpus=0 on the | ||
72956 | diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h | 78085 | diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h |
72957 | index 54f91d3..be2c379 100644 | 78086 | index 54f91d3..be2c379 100644 |
72958 | --- a/include/linux/sock_diag.h | 78087 | --- a/include/linux/sock_diag.h |
@@ -73096,7 +78225,7 @@ index a5ffd32..0935dea 100644 | |||
73096 | extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, | 78225 | extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, |
73097 | unsigned long offset, size_t size, | 78226 | unsigned long offset, size_t size, |
73098 | diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h | 78227 | diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h |
73099 | index 4147d70..d356a10 100644 | 78228 | index 84662ec..d8f8adb 100644 |
73100 | --- a/include/linux/syscalls.h | 78229 | --- a/include/linux/syscalls.h |
73101 | +++ b/include/linux/syscalls.h | 78230 | +++ b/include/linux/syscalls.h |
73102 | @@ -97,8 +97,12 @@ struct sigaltstack; | 78231 | @@ -97,8 +97,12 @@ struct sigaltstack; |
@@ -73601,6 +78730,25 @@ index c586679..f06b389 100644 | |||
73601 | } | 78730 | } |
73602 | 78731 | ||
73603 | static inline void __dec_zone_page_state(struct page *page, | 78732 | static inline void __dec_zone_page_state(struct page *page, |
78733 | diff --git a/include/linux/workqueue.h b/include/linux/workqueue.h | ||
78734 | index 623488f..44b5742 100644 | ||
78735 | --- a/include/linux/workqueue.h | ||
78736 | +++ b/include/linux/workqueue.h | ||
78737 | @@ -410,11 +410,11 @@ __alloc_workqueue_key(const char *fmt, unsigned int flags, int max_active, | ||
78738 | alloc_workqueue(fmt, WQ_UNBOUND | __WQ_ORDERED | (flags), 1, ##args) | ||
78739 | |||
78740 | #define create_workqueue(name) \ | ||
78741 | - alloc_workqueue((name), WQ_MEM_RECLAIM, 1) | ||
78742 | + alloc_workqueue("%s", WQ_MEM_RECLAIM, 1, (name)) | ||
78743 | #define create_freezable_workqueue(name) \ | ||
78744 | - alloc_workqueue((name), WQ_FREEZABLE | WQ_UNBOUND | WQ_MEM_RECLAIM, 1) | ||
78745 | + alloc_workqueue("%s", WQ_FREEZABLE | WQ_UNBOUND | WQ_MEM_RECLAIM, 1, (name)) | ||
78746 | #define create_singlethread_workqueue(name) \ | ||
78747 | - alloc_workqueue((name), WQ_UNBOUND | WQ_MEM_RECLAIM, 1) | ||
78748 | + alloc_workqueue("%s", WQ_UNBOUND | WQ_MEM_RECLAIM, 1, (name)) | ||
78749 | |||
78750 | extern void destroy_workqueue(struct workqueue_struct *wq); | ||
78751 | |||
73604 | diff --git a/include/linux/xattr.h b/include/linux/xattr.h | 78752 | diff --git a/include/linux/xattr.h b/include/linux/xattr.h |
73605 | index fdbafc6..49dfe4f 100644 | 78753 | index fdbafc6..49dfe4f 100644 |
73606 | --- a/include/linux/xattr.h | 78754 | --- a/include/linux/xattr.h |
@@ -73658,6 +78806,19 @@ index 95d1c91..6798cca 100644 | |||
73658 | 78806 | ||
73659 | /* | 78807 | /* |
73660 | * Newer version of video_device, handled by videodev2.c | 78808 | * Newer version of video_device, handled by videodev2.c |
78809 | diff --git a/include/media/v4l2-device.h b/include/media/v4l2-device.h | ||
78810 | index c9b1593..a572459 100644 | ||
78811 | --- a/include/media/v4l2-device.h | ||
78812 | +++ b/include/media/v4l2-device.h | ||
78813 | @@ -95,7 +95,7 @@ int __must_check v4l2_device_register(struct device *dev, struct v4l2_device *v4 | ||
78814 | this function returns 0. If the name ends with a digit (e.g. cx18), | ||
78815 | then the name will be set to cx18-0 since cx180 looks really odd. */ | ||
78816 | int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename, | ||
78817 | - atomic_t *instance); | ||
78818 | + atomic_unchecked_t *instance); | ||
78819 | |||
78820 | /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects. | ||
78821 | Since the parent disappears this ensures that v4l2_dev doesn't have an | ||
73661 | diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h | 78822 | diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h |
73662 | index adcbb20..62c2559 100644 | 78823 | index adcbb20..62c2559 100644 |
73663 | --- a/include/net/9p/transport.h | 78824 | --- a/include/net/9p/transport.h |
@@ -73760,7 +78921,7 @@ index de2c785..0588a6b 100644 | |||
73760 | /** inet_connection_sock - INET connection oriented sock | 78921 | /** inet_connection_sock - INET connection oriented sock |
73761 | * | 78922 | * |
73762 | diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h | 78923 | diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h |
73763 | index 53f464d..ba76aaa 100644 | 78924 | index 53f464d..0bd0b49 100644 |
73764 | --- a/include/net/inetpeer.h | 78925 | --- a/include/net/inetpeer.h |
73765 | +++ b/include/net/inetpeer.h | 78926 | +++ b/include/net/inetpeer.h |
73766 | @@ -47,8 +47,8 @@ struct inet_peer { | 78927 | @@ -47,8 +47,8 @@ struct inet_peer { |
@@ -73774,20 +78935,28 @@ index 53f464d..ba76aaa 100644 | |||
73774 | }; | 78935 | }; |
73775 | struct rcu_head rcu; | 78936 | struct rcu_head rcu; |
73776 | struct inet_peer *gc_next; | 78937 | struct inet_peer *gc_next; |
73777 | @@ -182,11 +182,11 @@ static inline int inet_getid(struct inet_peer *p, int more) | 78938 | @@ -178,16 +178,13 @@ static inline void inet_peer_refcheck(const struct inet_peer *p) |
78939 | /* can be called with or without local BH being disabled */ | ||
78940 | static inline int inet_getid(struct inet_peer *p, int more) | ||
78941 | { | ||
78942 | - int old, new; | ||
78943 | + int id; | ||
73778 | more++; | 78944 | more++; |
73779 | inet_peer_refcheck(p); | 78945 | inet_peer_refcheck(p); |
73780 | do { | 78946 | - do { |
73781 | - old = atomic_read(&p->ip_id_count); | 78947 | - old = atomic_read(&p->ip_id_count); |
73782 | + old = atomic_read_unchecked(&p->ip_id_count); | 78948 | - new = old + more; |
73783 | new = old + more; | 78949 | - if (!new) |
73784 | if (!new) | 78950 | - new = 1; |
73785 | new = 1; | ||
73786 | - } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); | 78951 | - } while (atomic_cmpxchg(&p->ip_id_count, old, new) != old); |
73787 | + } while (atomic_cmpxchg_unchecked(&p->ip_id_count, old, new) != old); | 78952 | - return new; |
73788 | return new; | 78953 | + id = atomic_add_return_unchecked(more, &p->ip_id_count); |
78954 | + if (!id) | ||
78955 | + id = atomic_inc_return_unchecked(&p->ip_id_count); | ||
78956 | + return id; | ||
73789 | } | 78957 | } |
73790 | 78958 | ||
78959 | #endif /* _NET_INETPEER_H */ | ||
73791 | diff --git a/include/net/ip.h b/include/net/ip.h | 78960 | diff --git a/include/net/ip.h b/include/net/ip.h |
73792 | index a68f838..74518ab 100644 | 78961 | index a68f838..74518ab 100644 |
73793 | --- a/include/net/ip.h | 78962 | --- a/include/net/ip.h |
@@ -75126,7 +80295,7 @@ index a67ef9d..2d17ed9 100644 | |||
75126 | #ifdef CONFIG_BLK_DEV_RAM | 80295 | #ifdef CONFIG_BLK_DEV_RAM |
75127 | int fd; | 80296 | int fd; |
75128 | diff --git a/init/main.c b/init/main.c | 80297 | diff --git a/init/main.c b/init/main.c |
75129 | index 9484f4b..4c01430 100644 | 80298 | index 9484f4b..0eac7c3 100644 |
75130 | --- a/init/main.c | 80299 | --- a/init/main.c |
75131 | +++ b/init/main.c | 80300 | +++ b/init/main.c |
75132 | @@ -100,6 +100,8 @@ static inline void mark_rodata_ro(void) { } | 80301 | @@ -100,6 +100,8 @@ static inline void mark_rodata_ro(void) { } |
@@ -75138,7 +80307,7 @@ index 9484f4b..4c01430 100644 | |||
75138 | /* | 80307 | /* |
75139 | * Debug helper: via this flag we know that we are in 'early bootup code' | 80308 | * Debug helper: via this flag we know that we are in 'early bootup code' |
75140 | * where only the boot processor is running with IRQ disabled. This means | 80309 | * where only the boot processor is running with IRQ disabled. This means |
75141 | @@ -153,6 +155,64 @@ static int __init set_reset_devices(char *str) | 80310 | @@ -153,6 +155,74 @@ static int __init set_reset_devices(char *str) |
75142 | 80311 | ||
75143 | __setup("reset_devices", set_reset_devices); | 80312 | __setup("reset_devices", set_reset_devices); |
75144 | 80313 | ||
@@ -75153,11 +80322,10 @@ index 9484f4b..4c01430 100644 | |||
75153 | +#endif | 80322 | +#endif |
75154 | + | 80323 | + |
75155 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) | 80324 | +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) |
75156 | +unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT; | 80325 | +unsigned long pax_user_shadow_base __read_only; |
75157 | +EXPORT_SYMBOL(pax_user_shadow_base); | 80326 | +EXPORT_SYMBOL(pax_user_shadow_base); |
75158 | +extern char pax_enter_kernel_user[]; | 80327 | +extern char pax_enter_kernel_user[]; |
75159 | +extern char pax_exit_kernel_user[]; | 80328 | +extern char pax_exit_kernel_user[]; |
75160 | +extern pgdval_t clone_pgd_mask; | ||
75161 | +#endif | 80329 | +#endif |
75162 | + | 80330 | + |
75163 | +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) | 80331 | +#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF) |
@@ -75182,11 +80350,22 @@ index 9484f4b..4c01430 100644 | |||
75182 | + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1); | 80350 | + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1); |
75183 | + clone_pgd_mask = ~(pgdval_t)0UL; | 80351 | + clone_pgd_mask = ~(pgdval_t)0UL; |
75184 | + pax_user_shadow_base = 0UL; | 80352 | + pax_user_shadow_base = 0UL; |
80353 | + setup_clear_cpu_cap(X86_FEATURE_PCID); | ||
75185 | +#endif | 80354 | +#endif |
75186 | + | 80355 | + |
75187 | + return 0; | 80356 | + return 0; |
75188 | +} | 80357 | +} |
75189 | +early_param("pax_nouderef", setup_pax_nouderef); | 80358 | +early_param("pax_nouderef", setup_pax_nouderef); |
80359 | + | ||
80360 | +#ifdef CONFIG_X86_64 | ||
80361 | +static int __init setup_pax_weakuderef(char *str) | ||
80362 | +{ | ||
80363 | + if (clone_pgd_mask != ~(pgdval_t)0UL) | ||
80364 | + pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT; | ||
80365 | + return 1; | ||
80366 | +} | ||
80367 | +__setup("pax_weakuderef", setup_pax_weakuderef); | ||
80368 | +#endif | ||
75190 | +#endif | 80369 | +#endif |
75191 | + | 80370 | + |
75192 | +#ifdef CONFIG_PAX_SOFTMODE | 80371 | +#ifdef CONFIG_PAX_SOFTMODE |
@@ -75203,7 +80382,7 @@ index 9484f4b..4c01430 100644 | |||
75203 | static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; | 80382 | static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; |
75204 | const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; | 80383 | const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; |
75205 | static const char *panic_later, *panic_param; | 80384 | static const char *panic_later, *panic_param; |
75206 | @@ -655,8 +715,6 @@ static void __init do_ctors(void) | 80385 | @@ -655,8 +725,6 @@ static void __init do_ctors(void) |
75207 | bool initcall_debug; | 80386 | bool initcall_debug; |
75208 | core_param(initcall_debug, initcall_debug, bool, 0644); | 80387 | core_param(initcall_debug, initcall_debug, bool, 0644); |
75209 | 80388 | ||
@@ -75212,7 +80391,7 @@ index 9484f4b..4c01430 100644 | |||
75212 | static int __init_or_module do_one_initcall_debug(initcall_t fn) | 80391 | static int __init_or_module do_one_initcall_debug(initcall_t fn) |
75213 | { | 80392 | { |
75214 | ktime_t calltime, delta, rettime; | 80393 | ktime_t calltime, delta, rettime; |
75215 | @@ -679,23 +737,22 @@ int __init_or_module do_one_initcall(initcall_t fn) | 80394 | @@ -679,23 +747,22 @@ int __init_or_module do_one_initcall(initcall_t fn) |
75216 | { | 80395 | { |
75217 | int count = preempt_count(); | 80396 | int count = preempt_count(); |
75218 | int ret; | 80397 | int ret; |
@@ -75240,7 +80419,7 @@ index 9484f4b..4c01430 100644 | |||
75240 | 80419 | ||
75241 | return ret; | 80420 | return ret; |
75242 | } | 80421 | } |
75243 | @@ -748,8 +805,14 @@ static void __init do_initcall_level(int level) | 80422 | @@ -748,8 +815,14 @@ static void __init do_initcall_level(int level) |
75244 | level, level, | 80423 | level, level, |
75245 | &repair_env_string); | 80424 | &repair_env_string); |
75246 | 80425 | ||
@@ -75256,7 +80435,7 @@ index 9484f4b..4c01430 100644 | |||
75256 | } | 80435 | } |
75257 | 80436 | ||
75258 | static void __init do_initcalls(void) | 80437 | static void __init do_initcalls(void) |
75259 | @@ -783,8 +846,14 @@ static void __init do_pre_smp_initcalls(void) | 80438 | @@ -783,8 +856,14 @@ static void __init do_pre_smp_initcalls(void) |
75260 | { | 80439 | { |
75261 | initcall_t *fn; | 80440 | initcall_t *fn; |
75262 | 80441 | ||
@@ -75272,7 +80451,7 @@ index 9484f4b..4c01430 100644 | |||
75272 | } | 80451 | } |
75273 | 80452 | ||
75274 | /* | 80453 | /* |
75275 | @@ -802,8 +871,8 @@ static int run_init_process(const char *init_filename) | 80454 | @@ -802,8 +881,8 @@ static int run_init_process(const char *init_filename) |
75276 | { | 80455 | { |
75277 | argv_init[0] = init_filename; | 80456 | argv_init[0] = init_filename; |
75278 | return do_execve(init_filename, | 80457 | return do_execve(init_filename, |
@@ -75283,7 +80462,7 @@ index 9484f4b..4c01430 100644 | |||
75283 | } | 80462 | } |
75284 | 80463 | ||
75285 | static noinline void __init kernel_init_freeable(void); | 80464 | static noinline void __init kernel_init_freeable(void); |
75286 | @@ -880,7 +949,7 @@ static noinline void __init kernel_init_freeable(void) | 80465 | @@ -880,7 +959,7 @@ static noinline void __init kernel_init_freeable(void) |
75287 | do_basic_setup(); | 80466 | do_basic_setup(); |
75288 | 80467 | ||
75289 | /* Open the /dev/console on the rootfs, this should never fail */ | 80468 | /* Open the /dev/console on the rootfs, this should never fail */ |
@@ -75292,7 +80471,7 @@ index 9484f4b..4c01430 100644 | |||
75292 | pr_err("Warning: unable to open an initial console.\n"); | 80471 | pr_err("Warning: unable to open an initial console.\n"); |
75293 | 80472 | ||
75294 | (void) sys_dup(0); | 80473 | (void) sys_dup(0); |
75295 | @@ -893,11 +962,13 @@ static noinline void __init kernel_init_freeable(void) | 80474 | @@ -893,11 +972,13 @@ static noinline void __init kernel_init_freeable(void) |
75296 | if (!ramdisk_execute_command) | 80475 | if (!ramdisk_execute_command) |
75297 | ramdisk_execute_command = "/init"; | 80476 | ramdisk_execute_command = "/init"; |
75298 | 80477 | ||
@@ -75721,10 +80900,10 @@ index f6c2ce5..982c0f9 100644 | |||
75721 | + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); | 80900 | + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); |
75722 | +} | 80901 | +} |
75723 | diff --git a/kernel/cgroup.c b/kernel/cgroup.c | 80902 | diff --git a/kernel/cgroup.c b/kernel/cgroup.c |
75724 | index c6e77ef..af531a0 100644 | 80903 | index 2e9b387..61817b1 100644 |
75725 | --- a/kernel/cgroup.c | 80904 | --- a/kernel/cgroup.c |
75726 | +++ b/kernel/cgroup.c | 80905 | +++ b/kernel/cgroup.c |
75727 | @@ -5391,7 +5391,7 @@ static int cgroup_css_links_read(struct cgroup *cont, | 80906 | @@ -5398,7 +5398,7 @@ static int cgroup_css_links_read(struct cgroup *cont, |
75728 | struct css_set *cg = link->cg; | 80907 | struct css_set *cg = link->cg; |
75729 | struct task_struct *task; | 80908 | struct task_struct *task; |
75730 | int count = 0; | 80909 | int count = 0; |
@@ -76272,7 +81451,7 @@ index e76e495..cbfe63a 100644 | |||
76272 | 81451 | ||
76273 | /* | 81452 | /* |
76274 | diff --git a/kernel/events/internal.h b/kernel/events/internal.h | 81453 | diff --git a/kernel/events/internal.h b/kernel/events/internal.h |
76275 | index ca65997..cc8cee4 100644 | 81454 | index ca65997..60df03d 100644 |
76276 | --- a/kernel/events/internal.h | 81455 | --- a/kernel/events/internal.h |
76277 | +++ b/kernel/events/internal.h | 81456 | +++ b/kernel/events/internal.h |
76278 | @@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) | 81457 | @@ -81,10 +81,10 @@ static inline unsigned long perf_data_size(struct ring_buffer *rb) |
@@ -76280,11 +81459,12 @@ index ca65997..cc8cee4 100644 | |||
76280 | } | 81459 | } |
76281 | 81460 | ||
76282 | -#define DEFINE_OUTPUT_COPY(func_name, memcpy_func) \ | 81461 | -#define DEFINE_OUTPUT_COPY(func_name, memcpy_func) \ |
81462 | -static inline unsigned int \ | ||
76283 | +#define DEFINE_OUTPUT_COPY(func_name, memcpy_func, user) \ | 81463 | +#define DEFINE_OUTPUT_COPY(func_name, memcpy_func, user) \ |
76284 | static inline unsigned int \ | 81464 | +static inline unsigned long \ |
76285 | func_name(struct perf_output_handle *handle, \ | 81465 | func_name(struct perf_output_handle *handle, \ |
76286 | - const void *buf, unsigned int len) \ | 81466 | - const void *buf, unsigned int len) \ |
76287 | + const void user *buf, unsigned int len) \ | 81467 | + const void user *buf, unsigned long len) \ |
76288 | { \ | 81468 | { \ |
76289 | unsigned long size, written; \ | 81469 | unsigned long size, written; \ |
76290 | \ | 81470 | \ |
@@ -76309,6 +81489,19 @@ index ca65997..cc8cee4 100644 | |||
76309 | 81489 | ||
76310 | /* Callchain handling */ | 81490 | /* Callchain handling */ |
76311 | extern struct perf_callchain_entry * | 81491 | extern struct perf_callchain_entry * |
81492 | diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c | ||
81493 | index f356974..cb8c570 100644 | ||
81494 | --- a/kernel/events/uprobes.c | ||
81495 | +++ b/kernel/events/uprobes.c | ||
81496 | @@ -1556,7 +1556,7 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) | ||
81497 | { | ||
81498 | struct page *page; | ||
81499 | uprobe_opcode_t opcode; | ||
81500 | - int result; | ||
81501 | + long result; | ||
81502 | |||
81503 | pagefault_disable(); | ||
81504 | result = __copy_from_user_inatomic(&opcode, (void __user*)vaddr, | ||
76312 | diff --git a/kernel/exit.c b/kernel/exit.c | 81505 | diff --git a/kernel/exit.c b/kernel/exit.c |
76313 | index 7bb73f9..d7978ed 100644 | 81506 | index 7bb73f9..d7978ed 100644 |
76314 | --- a/kernel/exit.c | 81507 | --- a/kernel/exit.c |
@@ -76370,7 +81563,7 @@ index 7bb73f9..d7978ed 100644 | |||
76370 | { | 81563 | { |
76371 | struct signal_struct *sig = current->signal; | 81564 | struct signal_struct *sig = current->signal; |
76372 | diff --git a/kernel/fork.c b/kernel/fork.c | 81565 | diff --git a/kernel/fork.c b/kernel/fork.c |
76373 | index 987b28a..11ee8a5 100644 | 81566 | index ffbc090..08ceeee 100644 |
76374 | --- a/kernel/fork.c | 81567 | --- a/kernel/fork.c |
76375 | +++ b/kernel/fork.c | 81568 | +++ b/kernel/fork.c |
76376 | @@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) | 81569 | @@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) |
@@ -76665,7 +81858,7 @@ index 987b28a..11ee8a5 100644 | |||
76665 | if (clone_flags & CLONE_VFORK) { | 81858 | if (clone_flags & CLONE_VFORK) { |
76666 | p->vfork_done = &vfork; | 81859 | p->vfork_done = &vfork; |
76667 | init_completion(&vfork); | 81860 | init_completion(&vfork); |
76668 | @@ -1723,7 +1785,7 @@ void __init proc_caches_init(void) | 81861 | @@ -1729,7 +1791,7 @@ void __init proc_caches_init(void) |
76669 | mm_cachep = kmem_cache_create("mm_struct", | 81862 | mm_cachep = kmem_cache_create("mm_struct", |
76670 | sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, | 81863 | sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, |
76671 | SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); | 81864 | SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); |
@@ -76674,7 +81867,7 @@ index 987b28a..11ee8a5 100644 | |||
76674 | mmap_init(); | 81867 | mmap_init(); |
76675 | nsproxy_cache_init(); | 81868 | nsproxy_cache_init(); |
76676 | } | 81869 | } |
76677 | @@ -1763,7 +1825,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) | 81870 | @@ -1769,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) |
76678 | return 0; | 81871 | return 0; |
76679 | 81872 | ||
76680 | /* don't need lock here; in the worst case we'll do useless copy */ | 81873 | /* don't need lock here; in the worst case we'll do useless copy */ |
@@ -76683,7 +81876,7 @@ index 987b28a..11ee8a5 100644 | |||
76683 | return 0; | 81876 | return 0; |
76684 | 81877 | ||
76685 | *new_fsp = copy_fs_struct(fs); | 81878 | *new_fsp = copy_fs_struct(fs); |
76686 | @@ -1875,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) | 81879 | @@ -1881,7 +1943,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) |
76687 | fs = current->fs; | 81880 | fs = current->fs; |
76688 | spin_lock(&fs->lock); | 81881 | spin_lock(&fs->lock); |
76689 | current->fs = new_fs; | 81882 | current->fs = new_fs; |
@@ -76694,7 +81887,7 @@ index 987b28a..11ee8a5 100644 | |||
76694 | else | 81887 | else |
76695 | new_fs = fs; | 81888 | new_fs = fs; |
76696 | diff --git a/kernel/futex.c b/kernel/futex.c | 81889 | diff --git a/kernel/futex.c b/kernel/futex.c |
76697 | index 49dacfb..5c6b450 100644 | 81890 | index 49dacfb..2ac4526 100644 |
76698 | --- a/kernel/futex.c | 81891 | --- a/kernel/futex.c |
76699 | +++ b/kernel/futex.c | 81892 | +++ b/kernel/futex.c |
76700 | @@ -54,6 +54,7 @@ | 81893 | @@ -54,6 +54,7 @@ |
@@ -76717,6 +81910,15 @@ index 49dacfb..5c6b450 100644 | |||
76717 | /* | 81910 | /* |
76718 | * The futex address must be "naturally" aligned. | 81911 | * The futex address must be "naturally" aligned. |
76719 | */ | 81912 | */ |
81913 | @@ -440,7 +446,7 @@ static int cmpxchg_futex_value_locked(u32 *curval, u32 __user *uaddr, | ||
81914 | |||
81915 | static int get_futex_value_locked(u32 *dest, u32 __user *from) | ||
81916 | { | ||
81917 | - int ret; | ||
81918 | + unsigned long ret; | ||
81919 | |||
81920 | pagefault_disable(); | ||
81921 | ret = __copy_from_user_inatomic(dest, from, sizeof(u32)); | ||
76720 | @@ -2733,6 +2739,7 @@ static int __init futex_init(void) | 81922 | @@ -2733,6 +2739,7 @@ static int __init futex_init(void) |
76721 | { | 81923 | { |
76722 | u32 curval; | 81924 | u32 curval; |
@@ -77144,10 +82346,20 @@ index 8241906..d625f2c 100644 | |||
77144 | kernel_cap_t new_cap; | 82346 | kernel_cap_t new_cap; |
77145 | int err, i; | 82347 | int err, i; |
77146 | diff --git a/kernel/kprobes.c b/kernel/kprobes.c | 82348 | diff --git a/kernel/kprobes.c b/kernel/kprobes.c |
77147 | index bddf3b2..07b90dd 100644 | 82349 | index bddf3b2..233bf40 100644 |
77148 | --- a/kernel/kprobes.c | 82350 | --- a/kernel/kprobes.c |
77149 | +++ b/kernel/kprobes.c | 82351 | +++ b/kernel/kprobes.c |
77150 | @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) | 82352 | @@ -31,6 +31,9 @@ |
82353 | * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi | ||
82354 | * <prasanna@in.ibm.com> added function-return probes. | ||
82355 | */ | ||
82356 | +#ifdef CONFIG_GRKERNSEC_HIDESYM | ||
82357 | +#define __INCLUDED_BY_HIDESYM 1 | ||
82358 | +#endif | ||
82359 | #include <linux/kprobes.h> | ||
82360 | #include <linux/hash.h> | ||
82361 | #include <linux/init.h> | ||
82362 | @@ -185,7 +188,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) | ||
77151 | * kernel image and loaded module images reside. This is required | 82363 | * kernel image and loaded module images reside. This is required |
77152 | * so x86_64 can correctly handle the %rip-relative fixups. | 82364 | * so x86_64 can correctly handle the %rip-relative fixups. |
77153 | */ | 82365 | */ |
@@ -77156,7 +82368,7 @@ index bddf3b2..07b90dd 100644 | |||
77156 | if (!kip->insns) { | 82368 | if (!kip->insns) { |
77157 | kfree(kip); | 82369 | kfree(kip); |
77158 | return NULL; | 82370 | return NULL; |
77159 | @@ -225,7 +225,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) | 82371 | @@ -225,7 +228,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx) |
77160 | */ | 82372 | */ |
77161 | if (!list_is_singular(&kip->list)) { | 82373 | if (!list_is_singular(&kip->list)) { |
77162 | list_del(&kip->list); | 82374 | list_del(&kip->list); |
@@ -77165,7 +82377,7 @@ index bddf3b2..07b90dd 100644 | |||
77165 | kfree(kip); | 82377 | kfree(kip); |
77166 | } | 82378 | } |
77167 | return 1; | 82379 | return 1; |
77168 | @@ -2083,7 +2083,7 @@ static int __init init_kprobes(void) | 82380 | @@ -2083,7 +2086,7 @@ static int __init init_kprobes(void) |
77169 | { | 82381 | { |
77170 | int i, err = 0; | 82382 | int i, err = 0; |
77171 | unsigned long offset = 0, size = 0; | 82383 | unsigned long offset = 0, size = 0; |
@@ -77174,7 +82386,7 @@ index bddf3b2..07b90dd 100644 | |||
77174 | const char *symbol_name; | 82386 | const char *symbol_name; |
77175 | void *addr; | 82387 | void *addr; |
77176 | struct kprobe_blackpoint *kb; | 82388 | struct kprobe_blackpoint *kb; |
77177 | @@ -2168,11 +2168,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, | 82389 | @@ -2168,11 +2171,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, |
77178 | kprobe_type = "k"; | 82390 | kprobe_type = "k"; |
77179 | 82391 | ||
77180 | if (sym) | 82392 | if (sym) |
@@ -77188,7 +82400,7 @@ index bddf3b2..07b90dd 100644 | |||
77188 | p->addr, kprobe_type, p->addr); | 82400 | p->addr, kprobe_type, p->addr); |
77189 | 82401 | ||
77190 | if (!pp) | 82402 | if (!pp) |
77191 | @@ -2209,7 +2209,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) | 82403 | @@ -2209,7 +2212,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) |
77192 | const char *sym = NULL; | 82404 | const char *sym = NULL; |
77193 | unsigned int i = *(loff_t *) v; | 82405 | unsigned int i = *(loff_t *) v; |
77194 | unsigned long offset = 0; | 82406 | unsigned long offset = 0; |
@@ -78369,7 +83581,7 @@ index 42670e9..8719c2f 100644 | |||
78369 | .clock_get = thread_cpu_clock_get, | 83581 | .clock_get = thread_cpu_clock_get, |
78370 | .timer_create = thread_cpu_timer_create, | 83582 | .timer_create = thread_cpu_timer_create, |
78371 | diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c | 83583 | diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c |
78372 | index 424c2d4..a9194f7 100644 | 83584 | index 424c2d4..679242f 100644 |
78373 | --- a/kernel/posix-timers.c | 83585 | --- a/kernel/posix-timers.c |
78374 | +++ b/kernel/posix-timers.c | 83586 | +++ b/kernel/posix-timers.c |
78375 | @@ -43,6 +43,7 @@ | 83587 | @@ -43,6 +43,7 @@ |
@@ -78461,6 +83673,15 @@ index 424c2d4..a9194f7 100644 | |||
78461 | } | 83673 | } |
78462 | 83674 | ||
78463 | static int common_timer_create(struct k_itimer *new_timer) | 83675 | static int common_timer_create(struct k_itimer *new_timer) |
83676 | @@ -597,7 +598,7 @@ SYSCALL_DEFINE3(timer_create, const clockid_t, which_clock, | ||
83677 | struct k_clock *kc = clockid_to_kclock(which_clock); | ||
83678 | struct k_itimer *new_timer; | ||
83679 | int error, new_timer_id; | ||
83680 | - sigevent_t event; | ||
83681 | + sigevent_t event = { }; | ||
83682 | int it_id_set = IT_ID_NOT_SET; | ||
83683 | |||
83684 | if (!kc) | ||
78464 | @@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, | 83685 | @@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, |
78465 | if (copy_from_user(&new_tp, tp, sizeof (*tp))) | 83686 | if (copy_from_user(&new_tp, tp, sizeof (*tp))) |
78466 | return -EFAULT; | 83687 | return -EFAULT; |
@@ -79674,7 +84895,7 @@ index e8b3350..d83d44e 100644 | |||
79674 | .priority = CPU_PRI_MIGRATION, | 84895 | .priority = CPU_PRI_MIGRATION, |
79675 | }; | 84896 | }; |
79676 | diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c | 84897 | diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
79677 | index c61a614..d7f3d7e 100644 | 84898 | index 03b73be..9422b9f 100644 |
79678 | --- a/kernel/sched/fair.c | 84899 | --- a/kernel/sched/fair.c |
79679 | +++ b/kernel/sched/fair.c | 84900 | +++ b/kernel/sched/fair.c |
79680 | @@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated) | 84901 | @@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated) |
@@ -79686,7 +84907,7 @@ index c61a614..d7f3d7e 100644 | |||
79686 | p->mm->numa_scan_offset = 0; | 84907 | p->mm->numa_scan_offset = 0; |
79687 | } | 84908 | } |
79688 | 84909 | ||
79689 | @@ -5686,7 +5686,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } | 84910 | @@ -5687,7 +5687,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } |
79690 | * run_rebalance_domains is triggered when needed from the scheduler tick. | 84911 | * run_rebalance_domains is triggered when needed from the scheduler tick. |
79691 | * Also triggered for nohz idle balancing (with nohz_balancing_kick set). | 84912 | * Also triggered for nohz idle balancing (with nohz_balancing_kick set). |
79692 | */ | 84913 | */ |
@@ -79709,7 +84930,7 @@ index ce39224d..0e09343 100644 | |||
79709 | #define sched_class_highest (&stop_sched_class) | 84930 | #define sched_class_highest (&stop_sched_class) |
79710 | #define for_each_class(class) \ | 84931 | #define for_each_class(class) \ |
79711 | diff --git a/kernel/signal.c b/kernel/signal.c | 84932 | diff --git a/kernel/signal.c b/kernel/signal.c |
79712 | index 113411b..17190e2 100644 | 84933 | index 113411b..20d0a99 100644 |
79713 | --- a/kernel/signal.c | 84934 | --- a/kernel/signal.c |
79714 | +++ b/kernel/signal.c | 84935 | +++ b/kernel/signal.c |
79715 | @@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep; | 84936 | @@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep; |
@@ -79835,7 +85056,24 @@ index 113411b..17190e2 100644 | |||
79835 | if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { | 85056 | if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { |
79836 | error = check_kill_permission(sig, info, p); | 85057 | error = check_kill_permission(sig, info, p); |
79837 | /* | 85058 | /* |
79838 | @@ -3240,8 +3271,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, | 85059 | @@ -3219,6 +3250,16 @@ int __save_altstack(stack_t __user *uss, unsigned long sp) |
85060 | __put_user(t->sas_ss_size, &uss->ss_size); | ||
85061 | } | ||
85062 | |||
85063 | +#ifdef CONFIG_X86 | ||
85064 | +void __save_altstack_ex(stack_t __user *uss, unsigned long sp) | ||
85065 | +{ | ||
85066 | + struct task_struct *t = current; | ||
85067 | + put_user_ex((void __user *)t->sas_ss_sp, &uss->ss_sp); | ||
85068 | + put_user_ex(sas_ss_flags(sp), &uss->ss_flags); | ||
85069 | + put_user_ex(t->sas_ss_size, &uss->ss_size); | ||
85070 | +} | ||
85071 | +#endif | ||
85072 | + | ||
85073 | #ifdef CONFIG_COMPAT | ||
85074 | COMPAT_SYSCALL_DEFINE2(sigaltstack, | ||
85075 | const compat_stack_t __user *, uss_ptr, | ||
85076 | @@ -3240,8 +3281,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, | ||
79839 | } | 85077 | } |
79840 | seg = get_fs(); | 85078 | seg = get_fs(); |
79841 | set_fs(KERNEL_DS); | 85079 | set_fs(KERNEL_DS); |
@@ -79846,6 +85084,23 @@ index 113411b..17190e2 100644 | |||
79846 | compat_user_stack_pointer()); | 85084 | compat_user_stack_pointer()); |
79847 | set_fs(seg); | 85085 | set_fs(seg); |
79848 | if (ret >= 0 && uoss_ptr) { | 85086 | if (ret >= 0 && uoss_ptr) { |
85087 | @@ -3268,6 +3309,16 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp) | ||
85088 | __put_user(sas_ss_flags(sp), &uss->ss_flags) | | ||
85089 | __put_user(t->sas_ss_size, &uss->ss_size); | ||
85090 | } | ||
85091 | + | ||
85092 | +#ifdef CONFIG_X86 | ||
85093 | +void __compat_save_altstack_ex(compat_stack_t __user *uss, unsigned long sp) | ||
85094 | +{ | ||
85095 | + struct task_struct *t = current; | ||
85096 | + put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &uss->ss_sp); | ||
85097 | + put_user_ex(sas_ss_flags(sp), &uss->ss_flags); | ||
85098 | + put_user_ex(t->sas_ss_size, &uss->ss_size); | ||
85099 | +} | ||
85100 | +#endif | ||
85101 | #endif | ||
85102 | |||
85103 | #ifdef __ARCH_WANT_SYS_SIGPENDING | ||
79849 | diff --git a/kernel/smp.c b/kernel/smp.c | 85104 | diff --git a/kernel/smp.c b/kernel/smp.c |
79850 | index 4dba0f7..fe9f773 100644 | 85105 | index 4dba0f7..fe9f773 100644 |
79851 | --- a/kernel/smp.c | 85106 | --- a/kernel/smp.c |
@@ -80658,10 +85913,10 @@ index b8b8560..75b1a09 100644 | |||
80658 | ret = -EIO; | 85913 | ret = -EIO; |
80659 | bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, | 85914 | bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, |
80660 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c | 85915 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
80661 | index 6c508ff..ee55a13 100644 | 85916 | index f23449d..b8cc3a1 100644 |
80662 | --- a/kernel/trace/ftrace.c | 85917 | --- a/kernel/trace/ftrace.c |
80663 | +++ b/kernel/trace/ftrace.c | 85918 | +++ b/kernel/trace/ftrace.c |
80664 | @@ -1915,12 +1915,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) | 85919 | @@ -1925,12 +1925,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) |
80665 | if (unlikely(ftrace_disabled)) | 85920 | if (unlikely(ftrace_disabled)) |
80666 | return 0; | 85921 | return 0; |
80667 | 85922 | ||
@@ -80681,7 +85936,7 @@ index 6c508ff..ee55a13 100644 | |||
80681 | } | 85936 | } |
80682 | 85937 | ||
80683 | /* | 85938 | /* |
80684 | @@ -3931,8 +3936,10 @@ static int ftrace_process_locs(struct module *mod, | 85939 | @@ -3994,8 +3999,10 @@ static int ftrace_process_locs(struct module *mod, |
80685 | if (!count) | 85940 | if (!count) |
80686 | return 0; | 85941 | return 0; |
80687 | 85942 | ||
@@ -80692,7 +85947,7 @@ index 6c508ff..ee55a13 100644 | |||
80692 | 85947 | ||
80693 | start_pg = ftrace_allocate_pages(count); | 85948 | start_pg = ftrace_allocate_pages(count); |
80694 | if (!start_pg) | 85949 | if (!start_pg) |
80695 | @@ -4655,8 +4662,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, | 85950 | @@ -4718,8 +4725,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, |
80696 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER | 85951 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
80697 | 85952 | ||
80698 | static int ftrace_graph_active; | 85953 | static int ftrace_graph_active; |
@@ -80701,7 +85956,7 @@ index 6c508ff..ee55a13 100644 | |||
80701 | int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) | 85956 | int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) |
80702 | { | 85957 | { |
80703 | return 0; | 85958 | return 0; |
80704 | @@ -4800,6 +4805,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, | 85959 | @@ -4863,6 +4868,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, |
80705 | return NOTIFY_DONE; | 85960 | return NOTIFY_DONE; |
80706 | } | 85961 | } |
80707 | 85962 | ||
@@ -80712,7 +85967,7 @@ index 6c508ff..ee55a13 100644 | |||
80712 | int register_ftrace_graph(trace_func_graph_ret_t retfunc, | 85967 | int register_ftrace_graph(trace_func_graph_ret_t retfunc, |
80713 | trace_func_graph_ent_t entryfunc) | 85968 | trace_func_graph_ent_t entryfunc) |
80714 | { | 85969 | { |
80715 | @@ -4813,7 +4822,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, | 85970 | @@ -4876,7 +4885,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, |
80716 | goto out; | 85971 | goto out; |
80717 | } | 85972 | } |
80718 | 85973 | ||
@@ -80999,10 +86254,10 @@ index e444ff8..438b8f4 100644 | |||
80999 | *data_page = bpage; | 86254 | *data_page = bpage; |
81000 | 86255 | ||
81001 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c | 86256 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
81002 | index f7bc3ce..b8ef9b5 100644 | 86257 | index 0582a01..310bed1 100644 |
81003 | --- a/kernel/trace/trace.c | 86258 | --- a/kernel/trace/trace.c |
81004 | +++ b/kernel/trace/trace.c | 86259 | +++ b/kernel/trace/trace.c |
81005 | @@ -3303,7 +3303,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) | 86260 | @@ -3327,7 +3327,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) |
81006 | return 0; | 86261 | return 0; |
81007 | } | 86262 | } |
81008 | 86263 | ||
@@ -81024,11 +86279,31 @@ index 51b4448..7be601f 100644 | |||
81024 | 86279 | ||
81025 | /* | 86280 | /* |
81026 | * Normal trace_printk() and friends allocates special buffers | 86281 | * Normal trace_printk() and friends allocates special buffers |
86282 | diff --git a/kernel/trace/trace_clock.c b/kernel/trace/trace_clock.c | ||
86283 | index 26dc348..8708ca7 100644 | ||
86284 | --- a/kernel/trace/trace_clock.c | ||
86285 | +++ b/kernel/trace/trace_clock.c | ||
86286 | @@ -123,7 +123,7 @@ u64 notrace trace_clock_global(void) | ||
86287 | return now; | ||
86288 | } | ||
86289 | |||
86290 | -static atomic64_t trace_counter; | ||
86291 | +static atomic64_unchecked_t trace_counter; | ||
86292 | |||
86293 | /* | ||
86294 | * trace_clock_counter(): simply an atomic counter. | ||
86295 | @@ -132,5 +132,5 @@ static atomic64_t trace_counter; | ||
86296 | */ | ||
86297 | u64 notrace trace_clock_counter(void) | ||
86298 | { | ||
86299 | - return atomic64_add_return(1, &trace_counter); | ||
86300 | + return atomic64_inc_return_unchecked(&trace_counter); | ||
86301 | } | ||
81027 | diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c | 86302 | diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c |
81028 | index 6953263..2004e16 100644 | 86303 | index 3d18aad..d1be0eb 100644 |
81029 | --- a/kernel/trace/trace_events.c | 86304 | --- a/kernel/trace/trace_events.c |
81030 | +++ b/kernel/trace/trace_events.c | 86305 | +++ b/kernel/trace/trace_events.c |
81031 | @@ -1748,10 +1748,6 @@ static LIST_HEAD(ftrace_module_file_list); | 86306 | @@ -1794,10 +1794,6 @@ static LIST_HEAD(ftrace_module_file_list); |
81032 | struct ftrace_module_file_ops { | 86307 | struct ftrace_module_file_ops { |
81033 | struct list_head list; | 86308 | struct list_head list; |
81034 | struct module *mod; | 86309 | struct module *mod; |
@@ -81039,7 +86314,7 @@ index 6953263..2004e16 100644 | |||
81039 | }; | 86314 | }; |
81040 | 86315 | ||
81041 | static struct ftrace_module_file_ops * | 86316 | static struct ftrace_module_file_ops * |
81042 | @@ -1792,17 +1788,12 @@ trace_create_file_ops(struct module *mod) | 86317 | @@ -1838,17 +1834,12 @@ trace_create_file_ops(struct module *mod) |
81043 | 86318 | ||
81044 | file_ops->mod = mod; | 86319 | file_ops->mod = mod; |
81045 | 86320 | ||
@@ -81063,7 +86338,7 @@ index 6953263..2004e16 100644 | |||
81063 | 86338 | ||
81064 | list_add(&file_ops->list, &ftrace_module_file_list); | 86339 | list_add(&file_ops->list, &ftrace_module_file_list); |
81065 | 86340 | ||
81066 | @@ -1895,8 +1886,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call, | 86341 | @@ -1941,8 +1932,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call, |
81067 | struct ftrace_module_file_ops *file_ops) | 86342 | struct ftrace_module_file_ops *file_ops) |
81068 | { | 86343 | { |
81069 | return __trace_add_new_event(call, tr, | 86344 | return __trace_add_new_event(call, tr, |
@@ -81162,10 +86437,10 @@ index b20428c..4845a10 100644 | |||
81162 | 86437 | ||
81163 | local_irq_save(flags); | 86438 | local_irq_save(flags); |
81164 | diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c | 86439 | diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c |
81165 | index d8c30db..f2f6af5 100644 | 86440 | index 9064b91..1f5d2f8 100644 |
81166 | --- a/kernel/user_namespace.c | 86441 | --- a/kernel/user_namespace.c |
81167 | +++ b/kernel/user_namespace.c | 86442 | +++ b/kernel/user_namespace.c |
81168 | @@ -79,6 +79,21 @@ int create_user_ns(struct cred *new) | 86443 | @@ -82,6 +82,21 @@ int create_user_ns(struct cred *new) |
81169 | !kgid_has_mapping(parent_ns, group)) | 86444 | !kgid_has_mapping(parent_ns, group)) |
81170 | return -EPERM; | 86445 | return -EPERM; |
81171 | 86446 | ||
@@ -81187,30 +86462,7 @@ index d8c30db..f2f6af5 100644 | |||
81187 | ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); | 86462 | ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL); |
81188 | if (!ns) | 86463 | if (!ns) |
81189 | return -ENOMEM; | 86464 | return -ENOMEM; |
81190 | @@ -105,6 +120,7 @@ int create_user_ns(struct cred *new) | 86465 | @@ -862,7 +877,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) |
81191 | int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) | ||
81192 | { | ||
81193 | struct cred *cred; | ||
81194 | + int err; | ||
81195 | |||
81196 | if (!(unshare_flags & CLONE_NEWUSER)) | ||
81197 | return 0; | ||
81198 | @@ -113,8 +129,12 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) | ||
81199 | if (!cred) | ||
81200 | return -ENOMEM; | ||
81201 | |||
81202 | - *new_cred = cred; | ||
81203 | - return create_user_ns(cred); | ||
81204 | + err = create_user_ns(cred); | ||
81205 | + if (err) | ||
81206 | + put_cred(cred); | ||
81207 | + else | ||
81208 | + *new_cred = cred; | ||
81209 | + return err; | ||
81210 | } | ||
81211 | |||
81212 | void free_user_ns(struct user_namespace *ns) | ||
81213 | @@ -853,7 +873,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) | ||
81214 | if (atomic_read(¤t->mm->mm_users) > 1) | 86466 | if (atomic_read(¤t->mm->mm_users) > 1) |
81215 | return -EINVAL; | 86467 | return -EINVAL; |
81216 | 86468 | ||
@@ -81246,10 +86498,10 @@ index 05039e3..17490c7 100644 | |||
81246 | .thread_should_run = watchdog_should_run, | 86498 | .thread_should_run = watchdog_should_run, |
81247 | .thread_fn = watchdog, | 86499 | .thread_fn = watchdog, |
81248 | diff --git a/kernel/workqueue.c b/kernel/workqueue.c | 86500 | diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
81249 | index ee8e29a..410568e 100644 | 86501 | index 6f01921..139869b 100644 |
81250 | --- a/kernel/workqueue.c | 86502 | --- a/kernel/workqueue.c |
81251 | +++ b/kernel/workqueue.c | 86503 | +++ b/kernel/workqueue.c |
81252 | @@ -4584,7 +4584,7 @@ static void rebind_workers(struct worker_pool *pool) | 86504 | @@ -4596,7 +4596,7 @@ static void rebind_workers(struct worker_pool *pool) |
81253 | WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); | 86505 | WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND)); |
81254 | worker_flags |= WORKER_REBOUND; | 86506 | worker_flags |= WORKER_REBOUND; |
81255 | worker_flags &= ~WORKER_UNBOUND; | 86507 | worker_flags &= ~WORKER_UNBOUND; |
@@ -81937,9 +87189,18 @@ index e742d06..c56fdd8 100644 | |||
81937 | 87189 | ||
81938 | config NOMMU_INITIAL_TRIM_EXCESS | 87190 | config NOMMU_INITIAL_TRIM_EXCESS |
81939 | diff --git a/mm/backing-dev.c b/mm/backing-dev.c | 87191 | diff --git a/mm/backing-dev.c b/mm/backing-dev.c |
81940 | index 5025174..9fc1c5c 100644 | 87192 | index 5025174..9d67dcd 100644 |
81941 | --- a/mm/backing-dev.c | 87193 | --- a/mm/backing-dev.c |
81942 | +++ b/mm/backing-dev.c | 87194 | +++ b/mm/backing-dev.c |
87195 | @@ -12,7 +12,7 @@ | ||
87196 | #include <linux/device.h> | ||
87197 | #include <trace/events/writeback.h> | ||
87198 | |||
87199 | -static atomic_long_t bdi_seq = ATOMIC_LONG_INIT(0); | ||
87200 | +static atomic_long_unchecked_t bdi_seq = ATOMIC_LONG_INIT(0); | ||
87201 | |||
87202 | struct backing_dev_info default_backing_dev_info = { | ||
87203 | .name = "default", | ||
81943 | @@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy); | 87204 | @@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy); |
81944 | int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, | 87205 | int bdi_setup_and_register(struct backing_dev_info *bdi, char *name, |
81945 | unsigned int cap) | 87206 | unsigned int cap) |
@@ -81954,12 +87215,12 @@ index 5025174..9fc1c5c 100644 | |||
81954 | 87215 | ||
81955 | - sprintf(tmp, "%.28s%s", name, "-%d"); | 87216 | - sprintf(tmp, "%.28s%s", name, "-%d"); |
81956 | - err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); | 87217 | - err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq)); |
81957 | + err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq)); | 87218 | + err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return_unchecked(&bdi_seq)); |
81958 | if (err) { | 87219 | if (err) { |
81959 | bdi_destroy(bdi); | 87220 | bdi_destroy(bdi); |
81960 | return err; | 87221 | return err; |
81961 | diff --git a/mm/filemap.c b/mm/filemap.c | 87222 | diff --git a/mm/filemap.c b/mm/filemap.c |
81962 | index 7905fe7..e60faa8 100644 | 87223 | index 7905fe7..f59502b 100644 |
81963 | --- a/mm/filemap.c | 87224 | --- a/mm/filemap.c |
81964 | +++ b/mm/filemap.c | 87225 | +++ b/mm/filemap.c |
81965 | @@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) | 87226 | @@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) |
@@ -81971,6 +87232,42 @@ index 7905fe7..e60faa8 100644 | |||
81971 | file_accessed(file); | 87232 | file_accessed(file); |
81972 | vma->vm_ops = &generic_file_vm_ops; | 87233 | vma->vm_ops = &generic_file_vm_ops; |
81973 | return 0; | 87234 | return 0; |
87235 | @@ -1948,7 +1948,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, | ||
87236 | |||
87237 | while (bytes) { | ||
87238 | char __user *buf = iov->iov_base + base; | ||
87239 | - int copy = min(bytes, iov->iov_len - base); | ||
87240 | + size_t copy = min(bytes, iov->iov_len - base); | ||
87241 | |||
87242 | base = 0; | ||
87243 | left = __copy_from_user_inatomic(vaddr, buf, copy); | ||
87244 | @@ -1977,7 +1977,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, | ||
87245 | BUG_ON(!in_atomic()); | ||
87246 | kaddr = kmap_atomic(page); | ||
87247 | if (likely(i->nr_segs == 1)) { | ||
87248 | - int left; | ||
87249 | + size_t left; | ||
87250 | char __user *buf = i->iov->iov_base + i->iov_offset; | ||
87251 | left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); | ||
87252 | copied = bytes - left; | ||
87253 | @@ -2005,7 +2005,7 @@ size_t iov_iter_copy_from_user(struct page *page, | ||
87254 | |||
87255 | kaddr = kmap(page); | ||
87256 | if (likely(i->nr_segs == 1)) { | ||
87257 | - int left; | ||
87258 | + size_t left; | ||
87259 | char __user *buf = i->iov->iov_base + i->iov_offset; | ||
87260 | left = __copy_from_user(kaddr + offset, buf, bytes); | ||
87261 | copied = bytes - left; | ||
87262 | @@ -2035,7 +2035,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) | ||
87263 | * zero-length segments (without overruning the iovec). | ||
87264 | */ | ||
87265 | while (bytes || unlikely(i->count && !iov->iov_len)) { | ||
87266 | - int copy; | ||
87267 | + size_t copy; | ||
87268 | |||
87269 | copy = min(bytes, iov->iov_len - base); | ||
87270 | BUG_ON(!i->count || i->count < copy); | ||
81974 | @@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i | 87271 | @@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i |
81975 | *pos = i_size_read(inode); | 87272 | *pos = i_size_read(inode); |
81976 | 87273 | ||
@@ -82024,7 +87321,7 @@ index b32b70c..e512eb0 100644 | |||
82024 | set_page_address(page, (void *)vaddr); | 87321 | set_page_address(page, (void *)vaddr); |
82025 | 87322 | ||
82026 | diff --git a/mm/hugetlb.c b/mm/hugetlb.c | 87323 | diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
82027 | index 5cf99bf..28634c8 100644 | 87324 | index 7c5eb85..5c01c2f 100644 |
82028 | --- a/mm/hugetlb.c | 87325 | --- a/mm/hugetlb.c |
82029 | +++ b/mm/hugetlb.c | 87326 | +++ b/mm/hugetlb.c |
82030 | @@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, | 87327 | @@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, |
@@ -82159,7 +87456,7 @@ index 5cf99bf..28634c8 100644 | |||
82159 | if (!ptep) | 87456 | if (!ptep) |
82160 | return VM_FAULT_OOM; | 87457 | return VM_FAULT_OOM; |
82161 | diff --git a/mm/internal.h b/mm/internal.h | 87458 | diff --git a/mm/internal.h b/mm/internal.h |
82162 | index 8562de0..7fdfe92 100644 | 87459 | index 8562de0..92b2073 100644 |
82163 | --- a/mm/internal.h | 87460 | --- a/mm/internal.h |
82164 | +++ b/mm/internal.h | 87461 | +++ b/mm/internal.h |
82165 | @@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); | 87462 | @@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); |
@@ -82170,6 +87467,15 @@ index 8562de0..7fdfe92 100644 | |||
82170 | extern void prep_compound_page(struct page *page, unsigned long order); | 87467 | extern void prep_compound_page(struct page *page, unsigned long order); |
82171 | #ifdef CONFIG_MEMORY_FAILURE | 87468 | #ifdef CONFIG_MEMORY_FAILURE |
82172 | extern bool is_free_buddy_page(struct page *page); | 87469 | extern bool is_free_buddy_page(struct page *page); |
87470 | @@ -355,7 +356,7 @@ extern u32 hwpoison_filter_enable; | ||
87471 | |||
87472 | extern unsigned long vm_mmap_pgoff(struct file *, unsigned long, | ||
87473 | unsigned long, unsigned long, | ||
87474 | - unsigned long, unsigned long); | ||
87475 | + unsigned long, unsigned long) __intentional_overflow(-1); | ||
87476 | |||
87477 | extern void set_pageblock_order(void); | ||
87478 | unsigned long reclaim_clean_pages_from_list(struct zone *zone, | ||
82173 | diff --git a/mm/kmemleak.c b/mm/kmemleak.c | 87479 | diff --git a/mm/kmemleak.c b/mm/kmemleak.c |
82174 | index c8d7f31..2dbeffd 100644 | 87480 | index c8d7f31..2dbeffd 100644 |
82175 | --- a/mm/kmemleak.c | 87481 | --- a/mm/kmemleak.c |
@@ -82412,10 +87718,10 @@ index ceb0c7f..b2b8e94 100644 | |||
82412 | } else { | 87718 | } else { |
82413 | pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", | 87719 | pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", |
82414 | diff --git a/mm/memory.c b/mm/memory.c | 87720 | diff --git a/mm/memory.c b/mm/memory.c |
82415 | index 5e50800..c47ba9a 100644 | 87721 | index 5a35443..7c0340f 100644 |
82416 | --- a/mm/memory.c | 87722 | --- a/mm/memory.c |
82417 | +++ b/mm/memory.c | 87723 | +++ b/mm/memory.c |
82418 | @@ -429,6 +429,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, | 87724 | @@ -428,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, |
82419 | free_pte_range(tlb, pmd, addr); | 87725 | free_pte_range(tlb, pmd, addr); |
82420 | } while (pmd++, addr = next, addr != end); | 87726 | } while (pmd++, addr = next, addr != end); |
82421 | 87727 | ||
@@ -82423,7 +87729,7 @@ index 5e50800..c47ba9a 100644 | |||
82423 | start &= PUD_MASK; | 87729 | start &= PUD_MASK; |
82424 | if (start < floor) | 87730 | if (start < floor) |
82425 | return; | 87731 | return; |
82426 | @@ -443,6 +444,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, | 87732 | @@ -442,6 +443,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, |
82427 | pmd = pmd_offset(pud, start); | 87733 | pmd = pmd_offset(pud, start); |
82428 | pud_clear(pud); | 87734 | pud_clear(pud); |
82429 | pmd_free_tlb(tlb, pmd, start); | 87735 | pmd_free_tlb(tlb, pmd, start); |
@@ -82432,7 +87738,7 @@ index 5e50800..c47ba9a 100644 | |||
82432 | } | 87738 | } |
82433 | 87739 | ||
82434 | static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, | 87740 | static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, |
82435 | @@ -462,6 +465,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, | 87741 | @@ -461,6 +464,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, |
82436 | free_pmd_range(tlb, pud, addr, next, floor, ceiling); | 87742 | free_pmd_range(tlb, pud, addr, next, floor, ceiling); |
82437 | } while (pud++, addr = next, addr != end); | 87743 | } while (pud++, addr = next, addr != end); |
82438 | 87744 | ||
@@ -82440,7 +87746,7 @@ index 5e50800..c47ba9a 100644 | |||
82440 | start &= PGDIR_MASK; | 87746 | start &= PGDIR_MASK; |
82441 | if (start < floor) | 87747 | if (start < floor) |
82442 | return; | 87748 | return; |
82443 | @@ -476,6 +480,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, | 87749 | @@ -475,6 +479,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, |
82444 | pud = pud_offset(pgd, start); | 87750 | pud = pud_offset(pgd, start); |
82445 | pgd_clear(pgd); | 87751 | pgd_clear(pgd); |
82446 | pud_free_tlb(tlb, pud, start); | 87752 | pud_free_tlb(tlb, pud, start); |
@@ -82449,7 +87755,7 @@ index 5e50800..c47ba9a 100644 | |||
82449 | } | 87755 | } |
82450 | 87756 | ||
82451 | /* | 87757 | /* |
82452 | @@ -1638,12 +1644,6 @@ no_page_table: | 87758 | @@ -1644,12 +1650,6 @@ no_page_table: |
82453 | return page; | 87759 | return page; |
82454 | } | 87760 | } |
82455 | 87761 | ||
@@ -82462,7 +87768,7 @@ index 5e50800..c47ba9a 100644 | |||
82462 | /** | 87768 | /** |
82463 | * __get_user_pages() - pin user pages in memory | 87769 | * __get_user_pages() - pin user pages in memory |
82464 | * @tsk: task_struct of target task | 87770 | * @tsk: task_struct of target task |
82465 | @@ -1730,10 +1730,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, | 87771 | @@ -1736,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, |
82466 | 87772 | ||
82467 | i = 0; | 87773 | i = 0; |
82468 | 87774 | ||
@@ -82475,7 +87781,7 @@ index 5e50800..c47ba9a 100644 | |||
82475 | if (!vma && in_gate_area(mm, start)) { | 87781 | if (!vma && in_gate_area(mm, start)) { |
82476 | unsigned long pg = start & PAGE_MASK; | 87782 | unsigned long pg = start & PAGE_MASK; |
82477 | pgd_t *pgd; | 87783 | pgd_t *pgd; |
82478 | @@ -1782,7 +1782,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, | 87784 | @@ -1788,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, |
82479 | goto next_page; | 87785 | goto next_page; |
82480 | } | 87786 | } |
82481 | 87787 | ||
@@ -82484,7 +87790,7 @@ index 5e50800..c47ba9a 100644 | |||
82484 | (vma->vm_flags & (VM_IO | VM_PFNMAP)) || | 87790 | (vma->vm_flags & (VM_IO | VM_PFNMAP)) || |
82485 | !(vm_flags & vma->vm_flags)) | 87791 | !(vm_flags & vma->vm_flags)) |
82486 | return i ? : -EFAULT; | 87792 | return i ? : -EFAULT; |
82487 | @@ -1811,11 +1811,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, | 87793 | @@ -1817,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, |
82488 | int ret; | 87794 | int ret; |
82489 | unsigned int fault_flags = 0; | 87795 | unsigned int fault_flags = 0; |
82490 | 87796 | ||
@@ -82496,7 +87802,7 @@ index 5e50800..c47ba9a 100644 | |||
82496 | if (foll_flags & FOLL_WRITE) | 87802 | if (foll_flags & FOLL_WRITE) |
82497 | fault_flags |= FAULT_FLAG_WRITE; | 87803 | fault_flags |= FAULT_FLAG_WRITE; |
82498 | if (nonblocking) | 87804 | if (nonblocking) |
82499 | @@ -1895,7 +1890,7 @@ next_page: | 87805 | @@ -1901,7 +1896,7 @@ next_page: |
82500 | start += page_increm * PAGE_SIZE; | 87806 | start += page_increm * PAGE_SIZE; |
82501 | nr_pages -= page_increm; | 87807 | nr_pages -= page_increm; |
82502 | } while (nr_pages && start < vma->vm_end); | 87808 | } while (nr_pages && start < vma->vm_end); |
@@ -82505,7 +87811,7 @@ index 5e50800..c47ba9a 100644 | |||
82505 | return i; | 87811 | return i; |
82506 | } | 87812 | } |
82507 | EXPORT_SYMBOL(__get_user_pages); | 87813 | EXPORT_SYMBOL(__get_user_pages); |
82508 | @@ -2102,6 +2097,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, | 87814 | @@ -2108,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, |
82509 | page_add_file_rmap(page); | 87815 | page_add_file_rmap(page); |
82510 | set_pte_at(mm, addr, pte, mk_pte(page, prot)); | 87816 | set_pte_at(mm, addr, pte, mk_pte(page, prot)); |
82511 | 87817 | ||
@@ -82516,7 +87822,7 @@ index 5e50800..c47ba9a 100644 | |||
82516 | retval = 0; | 87822 | retval = 0; |
82517 | pte_unmap_unlock(pte, ptl); | 87823 | pte_unmap_unlock(pte, ptl); |
82518 | return retval; | 87824 | return retval; |
82519 | @@ -2146,9 +2145,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, | 87825 | @@ -2152,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, |
82520 | if (!page_count(page)) | 87826 | if (!page_count(page)) |
82521 | return -EINVAL; | 87827 | return -EINVAL; |
82522 | if (!(vma->vm_flags & VM_MIXEDMAP)) { | 87828 | if (!(vma->vm_flags & VM_MIXEDMAP)) { |
@@ -82538,7 +87844,7 @@ index 5e50800..c47ba9a 100644 | |||
82538 | } | 87844 | } |
82539 | return insert_page(vma, addr, page, vma->vm_page_prot); | 87845 | return insert_page(vma, addr, page, vma->vm_page_prot); |
82540 | } | 87846 | } |
82541 | @@ -2231,6 +2242,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, | 87847 | @@ -2237,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, |
82542 | unsigned long pfn) | 87848 | unsigned long pfn) |
82543 | { | 87849 | { |
82544 | BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); | 87850 | BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); |
@@ -82546,7 +87852,7 @@ index 5e50800..c47ba9a 100644 | |||
82546 | 87852 | ||
82547 | if (addr < vma->vm_start || addr >= vma->vm_end) | 87853 | if (addr < vma->vm_start || addr >= vma->vm_end) |
82548 | return -EFAULT; | 87854 | return -EFAULT; |
82549 | @@ -2478,7 +2490,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, | 87855 | @@ -2484,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, |
82550 | 87856 | ||
82551 | BUG_ON(pud_huge(*pud)); | 87857 | BUG_ON(pud_huge(*pud)); |
82552 | 87858 | ||
@@ -82557,7 +87863,7 @@ index 5e50800..c47ba9a 100644 | |||
82557 | if (!pmd) | 87863 | if (!pmd) |
82558 | return -ENOMEM; | 87864 | return -ENOMEM; |
82559 | do { | 87865 | do { |
82560 | @@ -2498,7 +2512,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, | 87866 | @@ -2504,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, |
82561 | unsigned long next; | 87867 | unsigned long next; |
82562 | int err; | 87868 | int err; |
82563 | 87869 | ||
@@ -82568,7 +87874,7 @@ index 5e50800..c47ba9a 100644 | |||
82568 | if (!pud) | 87874 | if (!pud) |
82569 | return -ENOMEM; | 87875 | return -ENOMEM; |
82570 | do { | 87876 | do { |
82571 | @@ -2586,6 +2602,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo | 87877 | @@ -2592,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo |
82572 | copy_user_highpage(dst, src, va, vma); | 87878 | copy_user_highpage(dst, src, va, vma); |
82573 | } | 87879 | } |
82574 | 87880 | ||
@@ -82755,7 +88061,7 @@ index 5e50800..c47ba9a 100644 | |||
82755 | /* | 88061 | /* |
82756 | * This routine handles present pages, when users try to write | 88062 | * This routine handles present pages, when users try to write |
82757 | * to a shared page. It is done by copying the page to a new address | 88063 | * to a shared page. It is done by copying the page to a new address |
82758 | @@ -2802,6 +2998,12 @@ gotten: | 88064 | @@ -2808,6 +3004,12 @@ gotten: |
82759 | */ | 88065 | */ |
82760 | page_table = pte_offset_map_lock(mm, pmd, address, &ptl); | 88066 | page_table = pte_offset_map_lock(mm, pmd, address, &ptl); |
82761 | if (likely(pte_same(*page_table, orig_pte))) { | 88067 | if (likely(pte_same(*page_table, orig_pte))) { |
@@ -82768,7 +88074,7 @@ index 5e50800..c47ba9a 100644 | |||
82768 | if (old_page) { | 88074 | if (old_page) { |
82769 | if (!PageAnon(old_page)) { | 88075 | if (!PageAnon(old_page)) { |
82770 | dec_mm_counter_fast(mm, MM_FILEPAGES); | 88076 | dec_mm_counter_fast(mm, MM_FILEPAGES); |
82771 | @@ -2853,6 +3055,10 @@ gotten: | 88077 | @@ -2859,6 +3061,10 @@ gotten: |
82772 | page_remove_rmap(old_page); | 88078 | page_remove_rmap(old_page); |
82773 | } | 88079 | } |
82774 | 88080 | ||
@@ -82779,7 +88085,7 @@ index 5e50800..c47ba9a 100644 | |||
82779 | /* Free the old page.. */ | 88085 | /* Free the old page.. */ |
82780 | new_page = old_page; | 88086 | new_page = old_page; |
82781 | ret |= VM_FAULT_WRITE; | 88087 | ret |= VM_FAULT_WRITE; |
82782 | @@ -3128,6 +3334,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, | 88088 | @@ -3134,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, |
82783 | swap_free(entry); | 88089 | swap_free(entry); |
82784 | if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) | 88090 | if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) |
82785 | try_to_free_swap(page); | 88091 | try_to_free_swap(page); |
@@ -82791,7 +88097,7 @@ index 5e50800..c47ba9a 100644 | |||
82791 | unlock_page(page); | 88097 | unlock_page(page); |
82792 | if (page != swapcache) { | 88098 | if (page != swapcache) { |
82793 | /* | 88099 | /* |
82794 | @@ -3151,6 +3362,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, | 88100 | @@ -3157,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, |
82795 | 88101 | ||
82796 | /* No need to invalidate - it was non-present before */ | 88102 | /* No need to invalidate - it was non-present before */ |
82797 | update_mmu_cache(vma, address, page_table); | 88103 | update_mmu_cache(vma, address, page_table); |
@@ -82803,7 +88109,7 @@ index 5e50800..c47ba9a 100644 | |||
82803 | unlock: | 88109 | unlock: |
82804 | pte_unmap_unlock(page_table, ptl); | 88110 | pte_unmap_unlock(page_table, ptl); |
82805 | out: | 88111 | out: |
82806 | @@ -3170,40 +3386,6 @@ out_release: | 88112 | @@ -3176,40 +3392,6 @@ out_release: |
82807 | } | 88113 | } |
82808 | 88114 | ||
82809 | /* | 88115 | /* |
@@ -82844,7 +88150,7 @@ index 5e50800..c47ba9a 100644 | |||
82844 | * We enter with non-exclusive mmap_sem (to exclude vma changes, | 88150 | * We enter with non-exclusive mmap_sem (to exclude vma changes, |
82845 | * but allow concurrent faults), and pte mapped but not yet locked. | 88151 | * but allow concurrent faults), and pte mapped but not yet locked. |
82846 | * We return with mmap_sem still held, but pte unmapped and unlocked. | 88152 | * We return with mmap_sem still held, but pte unmapped and unlocked. |
82847 | @@ -3212,27 +3394,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, | 88153 | @@ -3218,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, |
82848 | unsigned long address, pte_t *page_table, pmd_t *pmd, | 88154 | unsigned long address, pte_t *page_table, pmd_t *pmd, |
82849 | unsigned int flags) | 88155 | unsigned int flags) |
82850 | { | 88156 | { |
@@ -82877,7 +88183,7 @@ index 5e50800..c47ba9a 100644 | |||
82877 | if (unlikely(anon_vma_prepare(vma))) | 88183 | if (unlikely(anon_vma_prepare(vma))) |
82878 | goto oom; | 88184 | goto oom; |
82879 | page = alloc_zeroed_user_highpage_movable(vma, address); | 88185 | page = alloc_zeroed_user_highpage_movable(vma, address); |
82880 | @@ -3256,6 +3434,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, | 88186 | @@ -3262,6 +3440,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, |
82881 | if (!pte_none(*page_table)) | 88187 | if (!pte_none(*page_table)) |
82882 | goto release; | 88188 | goto release; |
82883 | 88189 | ||
@@ -82889,7 +88195,7 @@ index 5e50800..c47ba9a 100644 | |||
82889 | inc_mm_counter_fast(mm, MM_ANONPAGES); | 88195 | inc_mm_counter_fast(mm, MM_ANONPAGES); |
82890 | page_add_new_anon_rmap(page, vma, address); | 88196 | page_add_new_anon_rmap(page, vma, address); |
82891 | setpte: | 88197 | setpte: |
82892 | @@ -3263,6 +3446,12 @@ setpte: | 88198 | @@ -3269,6 +3452,12 @@ setpte: |
82893 | 88199 | ||
82894 | /* No need to invalidate - it was non-present before */ | 88200 | /* No need to invalidate - it was non-present before */ |
82895 | update_mmu_cache(vma, address, page_table); | 88201 | update_mmu_cache(vma, address, page_table); |
@@ -82902,7 +88208,7 @@ index 5e50800..c47ba9a 100644 | |||
82902 | unlock: | 88208 | unlock: |
82903 | pte_unmap_unlock(page_table, ptl); | 88209 | pte_unmap_unlock(page_table, ptl); |
82904 | return 0; | 88210 | return 0; |
82905 | @@ -3406,6 +3595,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, | 88211 | @@ -3412,6 +3601,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
82906 | */ | 88212 | */ |
82907 | /* Only go through if we didn't race with anybody else... */ | 88213 | /* Only go through if we didn't race with anybody else... */ |
82908 | if (likely(pte_same(*page_table, orig_pte))) { | 88214 | if (likely(pte_same(*page_table, orig_pte))) { |
@@ -82915,7 +88221,7 @@ index 5e50800..c47ba9a 100644 | |||
82915 | flush_icache_page(vma, page); | 88221 | flush_icache_page(vma, page); |
82916 | entry = mk_pte(page, vma->vm_page_prot); | 88222 | entry = mk_pte(page, vma->vm_page_prot); |
82917 | if (flags & FAULT_FLAG_WRITE) | 88223 | if (flags & FAULT_FLAG_WRITE) |
82918 | @@ -3425,6 +3620,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, | 88224 | @@ -3431,6 +3626,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
82919 | 88225 | ||
82920 | /* no need to invalidate: a not-present page won't be cached */ | 88226 | /* no need to invalidate: a not-present page won't be cached */ |
82921 | update_mmu_cache(vma, address, page_table); | 88227 | update_mmu_cache(vma, address, page_table); |
@@ -82930,7 +88236,7 @@ index 5e50800..c47ba9a 100644 | |||
82930 | } else { | 88236 | } else { |
82931 | if (cow_page) | 88237 | if (cow_page) |
82932 | mem_cgroup_uncharge_page(cow_page); | 88238 | mem_cgroup_uncharge_page(cow_page); |
82933 | @@ -3746,6 +3949,12 @@ int handle_pte_fault(struct mm_struct *mm, | 88239 | @@ -3752,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm, |
82934 | if (flags & FAULT_FLAG_WRITE) | 88240 | if (flags & FAULT_FLAG_WRITE) |
82935 | flush_tlb_fix_spurious_fault(vma, address); | 88241 | flush_tlb_fix_spurious_fault(vma, address); |
82936 | } | 88242 | } |
@@ -82943,7 +88249,7 @@ index 5e50800..c47ba9a 100644 | |||
82943 | unlock: | 88249 | unlock: |
82944 | pte_unmap_unlock(pte, ptl); | 88250 | pte_unmap_unlock(pte, ptl); |
82945 | return 0; | 88251 | return 0; |
82946 | @@ -3762,6 +3971,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, | 88252 | @@ -3768,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
82947 | pmd_t *pmd; | 88253 | pmd_t *pmd; |
82948 | pte_t *pte; | 88254 | pte_t *pte; |
82949 | 88255 | ||
@@ -82954,7 +88260,7 @@ index 5e50800..c47ba9a 100644 | |||
82954 | __set_current_state(TASK_RUNNING); | 88260 | __set_current_state(TASK_RUNNING); |
82955 | 88261 | ||
82956 | count_vm_event(PGFAULT); | 88262 | count_vm_event(PGFAULT); |
82957 | @@ -3773,6 +3986,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, | 88263 | @@ -3779,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, |
82958 | if (unlikely(is_vm_hugetlb_page(vma))) | 88264 | if (unlikely(is_vm_hugetlb_page(vma))) |
82959 | return hugetlb_fault(mm, vma, address, flags); | 88265 | return hugetlb_fault(mm, vma, address, flags); |
82960 | 88266 | ||
@@ -82989,7 +88295,7 @@ index 5e50800..c47ba9a 100644 | |||
82989 | retry: | 88295 | retry: |
82990 | pgd = pgd_offset(mm, address); | 88296 | pgd = pgd_offset(mm, address); |
82991 | pud = pud_alloc(mm, pgd, address); | 88297 | pud = pud_alloc(mm, pgd, address); |
82992 | @@ -3871,6 +4112,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) | 88298 | @@ -3877,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) |
82993 | spin_unlock(&mm->page_table_lock); | 88299 | spin_unlock(&mm->page_table_lock); |
82994 | return 0; | 88300 | return 0; |
82995 | } | 88301 | } |
@@ -83013,7 +88319,7 @@ index 5e50800..c47ba9a 100644 | |||
83013 | #endif /* __PAGETABLE_PUD_FOLDED */ | 88319 | #endif /* __PAGETABLE_PUD_FOLDED */ |
83014 | 88320 | ||
83015 | #ifndef __PAGETABLE_PMD_FOLDED | 88321 | #ifndef __PAGETABLE_PMD_FOLDED |
83016 | @@ -3901,6 +4159,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) | 88322 | @@ -3907,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) |
83017 | spin_unlock(&mm->page_table_lock); | 88323 | spin_unlock(&mm->page_table_lock); |
83018 | return 0; | 88324 | return 0; |
83019 | } | 88325 | } |
@@ -83044,7 +88350,7 @@ index 5e50800..c47ba9a 100644 | |||
83044 | #endif /* __PAGETABLE_PMD_FOLDED */ | 88350 | #endif /* __PAGETABLE_PMD_FOLDED */ |
83045 | 88351 | ||
83046 | #if !defined(__HAVE_ARCH_GATE_AREA) | 88352 | #if !defined(__HAVE_ARCH_GATE_AREA) |
83047 | @@ -3914,7 +4196,7 @@ static int __init gate_vma_init(void) | 88353 | @@ -3920,7 +4202,7 @@ static int __init gate_vma_init(void) |
83048 | gate_vma.vm_start = FIXADDR_USER_START; | 88354 | gate_vma.vm_start = FIXADDR_USER_START; |
83049 | gate_vma.vm_end = FIXADDR_USER_END; | 88355 | gate_vma.vm_end = FIXADDR_USER_END; |
83050 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; | 88356 | gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; |
@@ -83053,7 +88359,7 @@ index 5e50800..c47ba9a 100644 | |||
83053 | 88359 | ||
83054 | return 0; | 88360 | return 0; |
83055 | } | 88361 | } |
83056 | @@ -4048,8 +4330,8 @@ out: | 88362 | @@ -4054,8 +4336,8 @@ out: |
83057 | return ret; | 88363 | return ret; |
83058 | } | 88364 | } |
83059 | 88365 | ||
@@ -83064,7 +88370,7 @@ index 5e50800..c47ba9a 100644 | |||
83064 | { | 88370 | { |
83065 | resource_size_t phys_addr; | 88371 | resource_size_t phys_addr; |
83066 | unsigned long prot = 0; | 88372 | unsigned long prot = 0; |
83067 | @@ -4074,8 +4356,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, | 88373 | @@ -4080,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, |
83068 | * Access another process' address space as given in mm. If non-NULL, use the | 88374 | * Access another process' address space as given in mm. If non-NULL, use the |
83069 | * given task for page fault accounting. | 88375 | * given task for page fault accounting. |
83070 | */ | 88376 | */ |
@@ -83075,7 +88381,7 @@ index 5e50800..c47ba9a 100644 | |||
83075 | { | 88381 | { |
83076 | struct vm_area_struct *vma; | 88382 | struct vm_area_struct *vma; |
83077 | void *old_buf = buf; | 88383 | void *old_buf = buf; |
83078 | @@ -4083,7 +4365,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, | 88384 | @@ -4089,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
83079 | down_read(&mm->mmap_sem); | 88385 | down_read(&mm->mmap_sem); |
83080 | /* ignore errors, just check how much was successfully transferred */ | 88386 | /* ignore errors, just check how much was successfully transferred */ |
83081 | while (len) { | 88387 | while (len) { |
@@ -83084,7 +88390,7 @@ index 5e50800..c47ba9a 100644 | |||
83084 | void *maddr; | 88390 | void *maddr; |
83085 | struct page *page = NULL; | 88391 | struct page *page = NULL; |
83086 | 88392 | ||
83087 | @@ -4142,8 +4424,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, | 88393 | @@ -4148,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, |
83088 | * | 88394 | * |
83089 | * The caller must hold a reference on @mm. | 88395 | * The caller must hold a reference on @mm. |
83090 | */ | 88396 | */ |
@@ -83095,7 +88401,7 @@ index 5e50800..c47ba9a 100644 | |||
83095 | { | 88401 | { |
83096 | return __access_remote_vm(NULL, mm, addr, buf, len, write); | 88402 | return __access_remote_vm(NULL, mm, addr, buf, len, write); |
83097 | } | 88403 | } |
83098 | @@ -4153,11 +4435,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, | 88404 | @@ -4159,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, |
83099 | * Source/target buffer must be kernel space, | 88405 | * Source/target buffer must be kernel space, |
83100 | * Do not walk the page table directly, use get_user_pages | 88406 | * Do not walk the page table directly, use get_user_pages |
83101 | */ | 88407 | */ |
@@ -83272,7 +88578,7 @@ index 79b7cf7..9944291 100644 | |||
83272 | capable(CAP_IPC_LOCK)) | 88578 | capable(CAP_IPC_LOCK)) |
83273 | ret = do_mlockall(flags); | 88579 | ret = do_mlockall(flags); |
83274 | diff --git a/mm/mmap.c b/mm/mmap.c | 88580 | diff --git a/mm/mmap.c b/mm/mmap.c |
83275 | index 7dbe397..e84c411 100644 | 88581 | index 8d25fdc..bfb7626 100644 |
83276 | --- a/mm/mmap.c | 88582 | --- a/mm/mmap.c |
83277 | +++ b/mm/mmap.c | 88583 | +++ b/mm/mmap.c |
83278 | @@ -36,6 +36,7 @@ | 88584 | @@ -36,6 +36,7 @@ |
@@ -86930,6 +92236,89 @@ index f680ee1..97e3542 100644 | |||
86930 | 92236 | ||
86931 | if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) | 92237 | if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) |
86932 | has_directlink_flag = 1; | 92238 | has_directlink_flag = 1; |
92239 | diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c | ||
92240 | index de27b31..7058bfe 100644 | ||
92241 | --- a/net/batman-adv/bridge_loop_avoidance.c | ||
92242 | +++ b/net/batman-adv/bridge_loop_avoidance.c | ||
92243 | @@ -1522,6 +1522,8 @@ out: | ||
92244 | * in these cases, the skb is further handled by this function and | ||
92245 | * returns 1, otherwise it returns 0 and the caller shall further | ||
92246 | * process the skb. | ||
92247 | + * | ||
92248 | + * This call might reallocate skb data. | ||
92249 | */ | ||
92250 | int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid) | ||
92251 | { | ||
92252 | diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c | ||
92253 | index f105219..7614af3 100644 | ||
92254 | --- a/net/batman-adv/gateway_client.c | ||
92255 | +++ b/net/batman-adv/gateway_client.c | ||
92256 | @@ -508,6 +508,7 @@ out: | ||
92257 | return 0; | ||
92258 | } | ||
92259 | |||
92260 | +/* this call might reallocate skb data */ | ||
92261 | static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len) | ||
92262 | { | ||
92263 | int ret = false; | ||
92264 | @@ -568,6 +569,7 @@ out: | ||
92265 | return ret; | ||
92266 | } | ||
92267 | |||
92268 | +/* this call might reallocate skb data */ | ||
92269 | bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) | ||
92270 | { | ||
92271 | struct ethhdr *ethhdr; | ||
92272 | @@ -619,6 +621,12 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) | ||
92273 | |||
92274 | if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr))) | ||
92275 | return false; | ||
92276 | + | ||
92277 | + /* skb->data might have been reallocated by pskb_may_pull() */ | ||
92278 | + ethhdr = (struct ethhdr *)skb->data; | ||
92279 | + if (ntohs(ethhdr->h_proto) == ETH_P_8021Q) | ||
92280 | + ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN); | ||
92281 | + | ||
92282 | udphdr = (struct udphdr *)(skb->data + *header_len); | ||
92283 | *header_len += sizeof(*udphdr); | ||
92284 | |||
92285 | @@ -634,12 +642,14 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len) | ||
92286 | return true; | ||
92287 | } | ||
92288 | |||
92289 | +/* this call might reallocate skb data */ | ||
92290 | bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, | ||
92291 | - struct sk_buff *skb, struct ethhdr *ethhdr) | ||
92292 | + struct sk_buff *skb) | ||
92293 | { | ||
92294 | struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL; | ||
92295 | struct batadv_orig_node *orig_dst_node = NULL; | ||
92296 | struct batadv_gw_node *curr_gw = NULL; | ||
92297 | + struct ethhdr *ethhdr; | ||
92298 | bool ret, out_of_range = false; | ||
92299 | unsigned int header_len = 0; | ||
92300 | uint8_t curr_tq_avg; | ||
92301 | @@ -648,6 +658,7 @@ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, | ||
92302 | if (!ret) | ||
92303 | goto out; | ||
92304 | |||
92305 | + ethhdr = (struct ethhdr *)skb->data; | ||
92306 | orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source, | ||
92307 | ethhdr->h_dest); | ||
92308 | if (!orig_dst_node) | ||
92309 | diff --git a/net/batman-adv/gateway_client.h b/net/batman-adv/gateway_client.h | ||
92310 | index 039902d..1037d75 100644 | ||
92311 | --- a/net/batman-adv/gateway_client.h | ||
92312 | +++ b/net/batman-adv/gateway_client.h | ||
92313 | @@ -34,7 +34,6 @@ void batadv_gw_node_delete(struct batadv_priv *bat_priv, | ||
92314 | void batadv_gw_node_purge(struct batadv_priv *bat_priv); | ||
92315 | int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset); | ||
92316 | bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len); | ||
92317 | -bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, | ||
92318 | - struct sk_buff *skb, struct ethhdr *ethhdr); | ||
92319 | +bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, struct sk_buff *skb); | ||
92320 | |||
92321 | #endif /* _NET_BATMAN_ADV_GATEWAY_CLIENT_H_ */ | ||
86933 | diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c | 92322 | diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c |
86934 | index 522243a..b48c0ef 100644 | 92323 | index 522243a..b48c0ef 100644 |
86935 | --- a/net/batman-adv/hard-interface.c | 92324 | --- a/net/batman-adv/hard-interface.c |
@@ -86953,10 +92342,31 @@ index 522243a..b48c0ef 100644 | |||
86953 | 92342 | ||
86954 | return hard_iface; | 92343 | return hard_iface; |
86955 | diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c | 92344 | diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c |
86956 | index 819dfb0..9a672d1 100644 | 92345 | index 819dfb0..226bacd 100644 |
86957 | --- a/net/batman-adv/soft-interface.c | 92346 | --- a/net/batman-adv/soft-interface.c |
86958 | +++ b/net/batman-adv/soft-interface.c | 92347 | +++ b/net/batman-adv/soft-interface.c |
86959 | @@ -253,7 +253,7 @@ static int batadv_interface_tx(struct sk_buff *skb, | 92348 | @@ -180,6 +180,9 @@ static int batadv_interface_tx(struct sk_buff *skb, |
92349 | if (batadv_bla_tx(bat_priv, skb, vid)) | ||
92350 | goto dropped; | ||
92351 | |||
92352 | + /* skb->data might have been reallocated by batadv_bla_tx() */ | ||
92353 | + ethhdr = (struct ethhdr *)skb->data; | ||
92354 | + | ||
92355 | /* Register the client MAC in the transtable */ | ||
92356 | if (!is_multicast_ether_addr(ethhdr->h_source)) | ||
92357 | batadv_tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif); | ||
92358 | @@ -220,6 +223,10 @@ static int batadv_interface_tx(struct sk_buff *skb, | ||
92359 | default: | ||
92360 | break; | ||
92361 | } | ||
92362 | + | ||
92363 | + /* reminder: ethhdr might have become unusable from here on | ||
92364 | + * (batadv_gw_is_dhcp_target() might have reallocated skb data) | ||
92365 | + */ | ||
92366 | } | ||
92367 | |||
92368 | /* ethernet packet should be broadcasted */ | ||
92369 | @@ -253,7 +260,7 @@ static int batadv_interface_tx(struct sk_buff *skb, | ||
86960 | primary_if->net_dev->dev_addr, ETH_ALEN); | 92370 | primary_if->net_dev->dev_addr, ETH_ALEN); |
86961 | 92371 | ||
86962 | /* set broadcast sequence number */ | 92372 | /* set broadcast sequence number */ |
@@ -86965,7 +92375,16 @@ index 819dfb0..9a672d1 100644 | |||
86965 | bcast_packet->seqno = htonl(seqno); | 92375 | bcast_packet->seqno = htonl(seqno); |
86966 | 92376 | ||
86967 | batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); | 92377 | batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); |
86968 | @@ -472,7 +472,7 @@ static int batadv_softif_init_late(struct net_device *dev) | 92378 | @@ -266,7 +273,7 @@ static int batadv_interface_tx(struct sk_buff *skb, |
92379 | /* unicast packet */ | ||
92380 | } else { | ||
92381 | if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_OFF) { | ||
92382 | - ret = batadv_gw_out_of_range(bat_priv, skb, ethhdr); | ||
92383 | + ret = batadv_gw_out_of_range(bat_priv, skb); | ||
92384 | if (ret) | ||
92385 | goto dropped; | ||
92386 | } | ||
92387 | @@ -472,7 +479,7 @@ static int batadv_softif_init_late(struct net_device *dev) | ||
86969 | atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); | 92388 | atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); |
86970 | 92389 | ||
86971 | atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); | 92390 | atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); |
@@ -87006,7 +92425,7 @@ index aba8364..50fcbb8 100644 | |||
87006 | atomic_t batman_queue_left; | 92425 | atomic_t batman_queue_left; |
87007 | char num_ifaces; | 92426 | char num_ifaces; |
87008 | diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c | 92427 | diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c |
87009 | index 0bb3b59..ffcbf2f 100644 | 92428 | index 0bb3b59..0e3052e 100644 |
87010 | --- a/net/batman-adv/unicast.c | 92429 | --- a/net/batman-adv/unicast.c |
87011 | +++ b/net/batman-adv/unicast.c | 92430 | +++ b/net/batman-adv/unicast.c |
87012 | @@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, | 92431 | @@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, |
@@ -87018,6 +92437,58 @@ index 0bb3b59..ffcbf2f 100644 | |||
87018 | frag1->seqno = htons(seqno - 1); | 92437 | frag1->seqno = htons(seqno - 1); |
87019 | frag2->seqno = htons(seqno); | 92438 | frag2->seqno = htons(seqno); |
87020 | 92439 | ||
92440 | @@ -326,7 +326,9 @@ static bool batadv_unicast_push_and_fill_skb(struct sk_buff *skb, int hdr_size, | ||
92441 | * @skb: the skb containing the payload to encapsulate | ||
92442 | * @orig_node: the destination node | ||
92443 | * | ||
92444 | - * Returns false if the payload could not be encapsulated or true otherwise | ||
92445 | + * Returns false if the payload could not be encapsulated or true otherwise. | ||
92446 | + * | ||
92447 | + * This call might reallocate skb data. | ||
92448 | */ | ||
92449 | static bool batadv_unicast_prepare_skb(struct sk_buff *skb, | ||
92450 | struct batadv_orig_node *orig_node) | ||
92451 | @@ -343,7 +345,9 @@ static bool batadv_unicast_prepare_skb(struct sk_buff *skb, | ||
92452 | * @orig_node: the destination node | ||
92453 | * @packet_subtype: the batman 4addr packet subtype to use | ||
92454 | * | ||
92455 | - * Returns false if the payload could not be encapsulated or true otherwise | ||
92456 | + * Returns false if the payload could not be encapsulated or true otherwise. | ||
92457 | + * | ||
92458 | + * This call might reallocate skb data. | ||
92459 | */ | ||
92460 | bool batadv_unicast_4addr_prepare_skb(struct batadv_priv *bat_priv, | ||
92461 | struct sk_buff *skb, | ||
92462 | @@ -401,7 +405,7 @@ int batadv_unicast_generic_send_skb(struct batadv_priv *bat_priv, | ||
92463 | struct batadv_neigh_node *neigh_node; | ||
92464 | int data_len = skb->len; | ||
92465 | int ret = NET_RX_DROP; | ||
92466 | - unsigned int dev_mtu; | ||
92467 | + unsigned int dev_mtu, header_len; | ||
92468 | |||
92469 | /* get routing information */ | ||
92470 | if (is_multicast_ether_addr(ethhdr->h_dest)) { | ||
92471 | @@ -429,10 +433,12 @@ find_router: | ||
92472 | switch (packet_type) { | ||
92473 | case BATADV_UNICAST: | ||
92474 | batadv_unicast_prepare_skb(skb, orig_node); | ||
92475 | + header_len = sizeof(struct batadv_unicast_packet); | ||
92476 | break; | ||
92477 | case BATADV_UNICAST_4ADDR: | ||
92478 | batadv_unicast_4addr_prepare_skb(bat_priv, skb, orig_node, | ||
92479 | packet_subtype); | ||
92480 | + header_len = sizeof(struct batadv_unicast_4addr_packet); | ||
92481 | break; | ||
92482 | default: | ||
92483 | /* this function supports UNICAST and UNICAST_4ADDR only. It | ||
92484 | @@ -441,6 +447,7 @@ find_router: | ||
92485 | goto out; | ||
92486 | } | ||
92487 | |||
92488 | + ethhdr = (struct ethhdr *)(skb->data + header_len); | ||
92489 | unicast_packet = (struct batadv_unicast_packet *)skb->data; | ||
92490 | |||
92491 | /* inform the destination node that we are still missing a correct route | ||
87021 | diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c | 92492 | diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c |
87022 | index ace5e55..a65a1c0 100644 | 92493 | index ace5e55..a65a1c0 100644 |
87023 | --- a/net/bluetooth/hci_core.c | 92494 | --- a/net/bluetooth/hci_core.c |
@@ -87303,6 +92774,28 @@ index 3ee690e..00d581b 100644 | |||
87303 | register_netdevice_notifier(¬ifier); | 92774 | register_netdevice_notifier(¬ifier); |
87304 | 92775 | ||
87305 | if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { | 92776 | if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { |
92777 | diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c | ||
92778 | index eb0a46a..5f3bae8 100644 | ||
92779 | --- a/net/ceph/messenger.c | ||
92780 | +++ b/net/ceph/messenger.c | ||
92781 | @@ -186,7 +186,7 @@ static void con_fault(struct ceph_connection *con); | ||
92782 | #define MAX_ADDR_STR_LEN 64 /* 54 is enough */ | ||
92783 | |||
92784 | static char addr_str[ADDR_STR_COUNT][MAX_ADDR_STR_LEN]; | ||
92785 | -static atomic_t addr_str_seq = ATOMIC_INIT(0); | ||
92786 | +static atomic_unchecked_t addr_str_seq = ATOMIC_INIT(0); | ||
92787 | |||
92788 | static struct page *zero_page; /* used in certain error cases */ | ||
92789 | |||
92790 | @@ -197,7 +197,7 @@ const char *ceph_pr_addr(const struct sockaddr_storage *ss) | ||
92791 | struct sockaddr_in *in4 = (struct sockaddr_in *) ss; | ||
92792 | struct sockaddr_in6 *in6 = (struct sockaddr_in6 *) ss; | ||
92793 | |||
92794 | - i = atomic_inc_return(&addr_str_seq) & ADDR_STR_COUNT_MASK; | ||
92795 | + i = atomic_inc_return_unchecked(&addr_str_seq) & ADDR_STR_COUNT_MASK; | ||
92796 | s = addr_str[i]; | ||
92797 | |||
92798 | switch (ss->ss_family) { | ||
87306 | diff --git a/net/compat.c b/net/compat.c | 92799 | diff --git a/net/compat.c b/net/compat.c |
87307 | index f0a1ba6..0541331 100644 | 92800 | index f0a1ba6..0541331 100644 |
87308 | --- a/net/compat.c | 92801 | --- a/net/compat.c |
@@ -87738,8 +93231,30 @@ index f9765203..9feaef8 100644 | |||
87738 | mutex_unlock(&net_mutex); | 93231 | mutex_unlock(&net_mutex); |
87739 | return error; | 93232 | return error; |
87740 | } | 93233 | } |
93234 | diff --git a/net/core/netpoll.c b/net/core/netpoll.c | ||
93235 | index cec074b..a53a938 100644 | ||
93236 | --- a/net/core/netpoll.c | ||
93237 | +++ b/net/core/netpoll.c | ||
93238 | @@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) | ||
93239 | struct udphdr *udph; | ||
93240 | struct iphdr *iph; | ||
93241 | struct ethhdr *eth; | ||
93242 | - static atomic_t ip_ident; | ||
93243 | + static atomic_unchecked_t ip_ident; | ||
93244 | struct ipv6hdr *ip6h; | ||
93245 | |||
93246 | udp_len = len + sizeof(*udph); | ||
93247 | @@ -499,7 +499,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) | ||
93248 | put_unaligned(0x45, (unsigned char *)iph); | ||
93249 | iph->tos = 0; | ||
93250 | put_unaligned(htons(ip_len), &(iph->tot_len)); | ||
93251 | - iph->id = htons(atomic_inc_return(&ip_ident)); | ||
93252 | + iph->id = htons(atomic_inc_return_unchecked(&ip_ident)); | ||
93253 | iph->frag_off = 0; | ||
93254 | iph->ttl = 64; | ||
93255 | iph->protocol = IPPROTO_UDP; | ||
87741 | diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c | 93256 | diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c |
87742 | index a08bd2b..4e8f43c 100644 | 93257 | index a08bd2b..c59bd7c 100644 |
87743 | --- a/net/core/rtnetlink.c | 93258 | --- a/net/core/rtnetlink.c |
87744 | +++ b/net/core/rtnetlink.c | 93259 | +++ b/net/core/rtnetlink.c |
87745 | @@ -58,7 +58,7 @@ struct rtnl_link { | 93260 | @@ -58,7 +58,7 @@ struct rtnl_link { |
@@ -87777,10 +93292,28 @@ index a08bd2b..4e8f43c 100644 | |||
87777 | } | 93292 | } |
87778 | EXPORT_SYMBOL_GPL(__rtnl_link_unregister); | 93293 | EXPORT_SYMBOL_GPL(__rtnl_link_unregister); |
87779 | 93294 | ||
93295 | @@ -2374,7 +2377,7 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb) | ||
93296 | struct nlattr *extfilt; | ||
93297 | u32 filter_mask = 0; | ||
93298 | |||
93299 | - extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct rtgenmsg), | ||
93300 | + extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg), | ||
93301 | IFLA_EXT_MASK); | ||
93302 | if (extfilt) | ||
93303 | filter_mask = nla_get_u32(extfilt); | ||
87780 | diff --git a/net/core/scm.c b/net/core/scm.c | 93304 | diff --git a/net/core/scm.c b/net/core/scm.c |
87781 | index 03795d0..eaf7368 100644 | 93305 | index 03795d0..98d6bdb 100644 |
87782 | --- a/net/core/scm.c | 93306 | --- a/net/core/scm.c |
87783 | +++ b/net/core/scm.c | 93307 | +++ b/net/core/scm.c |
93308 | @@ -54,7 +54,7 @@ static __inline__ int scm_check_creds(struct ucred *creds) | ||
93309 | return -EINVAL; | ||
93310 | |||
93311 | if ((creds->pid == task_tgid_vnr(current) || | ||
93312 | - ns_capable(current->nsproxy->pid_ns->user_ns, CAP_SYS_ADMIN)) && | ||
93313 | + ns_capable(task_active_pid_ns(current)->user_ns, CAP_SYS_ADMIN)) && | ||
93314 | ((uid_eq(uid, cred->uid) || uid_eq(uid, cred->euid) || | ||
93315 | uid_eq(uid, cred->suid)) || nsown_capable(CAP_SETUID)) && | ||
93316 | ((gid_eq(gid, cred->gid) || gid_eq(gid, cred->egid) || | ||
87784 | @@ -210,7 +210,7 @@ EXPORT_SYMBOL(__scm_send); | 93317 | @@ -210,7 +210,7 @@ EXPORT_SYMBOL(__scm_send); |
87785 | int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) | 93318 | int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) |
87786 | { | 93319 | { |
@@ -88092,6 +93625,19 @@ index a55eecc..dd8428c 100644 | |||
88092 | return -EFAULT; | 93625 | return -EFAULT; |
88093 | 93626 | ||
88094 | *lenp = len; | 93627 | *lenp = len; |
93628 | diff --git a/net/ieee802154/6lowpan.c b/net/ieee802154/6lowpan.c | ||
93629 | index 55e1fd5..fd602b8 100644 | ||
93630 | --- a/net/ieee802154/6lowpan.c | ||
93631 | +++ b/net/ieee802154/6lowpan.c | ||
93632 | @@ -459,7 +459,7 @@ static int lowpan_header_create(struct sk_buff *skb, | ||
93633 | hc06_ptr += 3; | ||
93634 | } else { | ||
93635 | /* compress nothing */ | ||
93636 | - memcpy(hc06_ptr, &hdr, 4); | ||
93637 | + memcpy(hc06_ptr, hdr, 4); | ||
93638 | /* replace the top byte with new ECN | DSCP format */ | ||
93639 | *hc06_ptr = tmp; | ||
93640 | hc06_ptr += 4; | ||
88095 | diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c | 93641 | diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
88096 | index d01be2a..8976537 100644 | 93642 | index d01be2a..8976537 100644 |
88097 | --- a/net/ipv4/af_inet.c | 93643 | --- a/net/ipv4/af_inet.c |
@@ -88223,9 +93769,18 @@ index dfc39d4..0d4fa52 100644 | |||
88223 | #endif | 93769 | #endif |
88224 | if (dflt != &ipv4_devconf_dflt) | 93770 | if (dflt != &ipv4_devconf_dflt) |
88225 | diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c | 93771 | diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c |
88226 | index 4cfe34d..a6ba66e 100644 | 93772 | index 4cfe34d..d2fac8a 100644 |
88227 | --- a/net/ipv4/esp4.c | 93773 | --- a/net/ipv4/esp4.c |
88228 | +++ b/net/ipv4/esp4.c | 93774 | +++ b/net/ipv4/esp4.c |
93775 | @@ -477,7 +477,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu) | ||
93776 | } | ||
93777 | |||
93778 | return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - | ||
93779 | - net_adj) & ~(align - 1)) + (net_adj - 2); | ||
93780 | + net_adj) & ~(align - 1)) + net_adj - 2; | ||
93781 | } | ||
93782 | |||
93783 | static void esp4_err(struct sk_buff *skb, u32 info) | ||
88229 | @@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) | 93784 | @@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) |
88230 | return; | 93785 | return; |
88231 | 93786 | ||
@@ -88276,6 +93831,30 @@ index 8f6cb7a..34507f9 100644 | |||
88276 | 93831 | ||
88277 | return nh->nh_saddr; | 93832 | return nh->nh_saddr; |
88278 | } | 93833 | } |
93834 | diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c | ||
93835 | index 49616fe..6e8a13d 100644 | ||
93836 | --- a/net/ipv4/fib_trie.c | ||
93837 | +++ b/net/ipv4/fib_trie.c | ||
93838 | @@ -71,7 +71,6 @@ | ||
93839 | #include <linux/init.h> | ||
93840 | #include <linux/list.h> | ||
93841 | #include <linux/slab.h> | ||
93842 | -#include <linux/prefetch.h> | ||
93843 | #include <linux/export.h> | ||
93844 | #include <net/net_namespace.h> | ||
93845 | #include <net/ip.h> | ||
93846 | @@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c) | ||
93847 | if (!c) | ||
93848 | continue; | ||
93849 | |||
93850 | - if (IS_LEAF(c)) { | ||
93851 | - prefetch(rcu_dereference_rtnl(p->child[idx])); | ||
93852 | + if (IS_LEAF(c)) | ||
93853 | return (struct leaf *) c; | ||
93854 | - } | ||
93855 | |||
93856 | /* Rescan start scanning in new node */ | ||
93857 | p = (struct tnode *) c; | ||
88279 | diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c | 93858 | diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c |
88280 | index 6acb541..9ea617d 100644 | 93859 | index 6acb541..9ea617d 100644 |
88281 | --- a/net/ipv4/inet_connection_sock.c | 93860 | --- a/net/ipv4/inet_connection_sock.c |
@@ -88385,7 +93964,7 @@ index b66910a..cfe416e 100644 | |||
88385 | return -ENOMEM; | 93964 | return -ENOMEM; |
88386 | } | 93965 | } |
88387 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c | 93966 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c |
88388 | index 855004f..68e7458 100644 | 93967 | index 855004f..9644112 100644 |
88389 | --- a/net/ipv4/ip_gre.c | 93968 | --- a/net/ipv4/ip_gre.c |
88390 | +++ b/net/ipv4/ip_gre.c | 93969 | +++ b/net/ipv4/ip_gre.c |
88391 | @@ -115,7 +115,7 @@ static bool log_ecn_error = true; | 93970 | @@ -115,7 +115,7 @@ static bool log_ecn_error = true; |
@@ -88397,6 +93976,15 @@ index 855004f..68e7458 100644 | |||
88397 | static int ipgre_tunnel_init(struct net_device *dev); | 93976 | static int ipgre_tunnel_init(struct net_device *dev); |
88398 | 93977 | ||
88399 | static int ipgre_net_id __read_mostly; | 93978 | static int ipgre_net_id __read_mostly; |
93979 | @@ -572,7 +572,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, | ||
93980 | if (daddr) | ||
93981 | memcpy(&iph->daddr, daddr, 4); | ||
93982 | if (iph->daddr) | ||
93983 | - return t->hlen; | ||
93984 | + return t->hlen + sizeof(*iph); | ||
93985 | |||
93986 | return -(t->hlen + sizeof(*iph)); | ||
93987 | } | ||
88400 | @@ -919,7 +919,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { | 93988 | @@ -919,7 +919,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { |
88401 | [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, | 93989 | [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, |
88402 | }; | 93990 | }; |
@@ -88749,10 +94337,10 @@ index d35bbf0..faa3ab8 100644 | |||
88749 | sizeof(net->ipv4.dev_addr_genid)); | 94337 | sizeof(net->ipv4.dev_addr_genid)); |
88750 | return 0; | 94338 | return 0; |
88751 | diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c | 94339 | diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c |
88752 | index fa2f63f..6554815 100644 | 94340 | index 3f25e75..3ae0f4d 100644 |
88753 | --- a/net/ipv4/sysctl_net_ipv4.c | 94341 | --- a/net/ipv4/sysctl_net_ipv4.c |
88754 | +++ b/net/ipv4/sysctl_net_ipv4.c | 94342 | +++ b/net/ipv4/sysctl_net_ipv4.c |
88755 | @@ -55,7 +55,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, | 94343 | @@ -57,7 +57,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, |
88756 | { | 94344 | { |
88757 | int ret; | 94345 | int ret; |
88758 | int range[2]; | 94346 | int range[2]; |
@@ -88761,7 +94349,7 @@ index fa2f63f..6554815 100644 | |||
88761 | .data = &range, | 94349 | .data = &range, |
88762 | .maxlen = sizeof(range), | 94350 | .maxlen = sizeof(range), |
88763 | .mode = table->mode, | 94351 | .mode = table->mode, |
88764 | @@ -108,7 +108,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, | 94352 | @@ -110,7 +110,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, |
88765 | int ret; | 94353 | int ret; |
88766 | gid_t urange[2]; | 94354 | gid_t urange[2]; |
88767 | kgid_t low, high; | 94355 | kgid_t low, high; |
@@ -88770,7 +94358,7 @@ index fa2f63f..6554815 100644 | |||
88770 | .data = &urange, | 94358 | .data = &urange, |
88771 | .maxlen = sizeof(urange), | 94359 | .maxlen = sizeof(urange), |
88772 | .mode = table->mode, | 94360 | .mode = table->mode, |
88773 | @@ -139,7 +139,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, | 94361 | @@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, |
88774 | void __user *buffer, size_t *lenp, loff_t *ppos) | 94362 | void __user *buffer, size_t *lenp, loff_t *ppos) |
88775 | { | 94363 | { |
88776 | char val[TCP_CA_NAME_MAX]; | 94364 | char val[TCP_CA_NAME_MAX]; |
@@ -88779,7 +94367,7 @@ index fa2f63f..6554815 100644 | |||
88779 | .data = val, | 94367 | .data = val, |
88780 | .maxlen = TCP_CA_NAME_MAX, | 94368 | .maxlen = TCP_CA_NAME_MAX, |
88781 | }; | 94369 | }; |
88782 | @@ -158,7 +158,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, | 94370 | @@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, |
88783 | void __user *buffer, size_t *lenp, | 94371 | void __user *buffer, size_t *lenp, |
88784 | loff_t *ppos) | 94372 | loff_t *ppos) |
88785 | { | 94373 | { |
@@ -88788,7 +94376,7 @@ index fa2f63f..6554815 100644 | |||
88788 | int ret; | 94376 | int ret; |
88789 | 94377 | ||
88790 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); | 94378 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); |
88791 | @@ -175,7 +175,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, | 94379 | @@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, |
88792 | void __user *buffer, size_t *lenp, | 94380 | void __user *buffer, size_t *lenp, |
88793 | loff_t *ppos) | 94381 | loff_t *ppos) |
88794 | { | 94382 | { |
@@ -88797,7 +94385,7 @@ index fa2f63f..6554815 100644 | |||
88797 | int ret; | 94385 | int ret; |
88798 | 94386 | ||
88799 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); | 94387 | tbl.data = kmalloc(tbl.maxlen, GFP_USER); |
88800 | @@ -201,15 +201,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, | 94388 | @@ -203,15 +203,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, |
88801 | struct mem_cgroup *memcg; | 94389 | struct mem_cgroup *memcg; |
88802 | #endif | 94390 | #endif |
88803 | 94391 | ||
@@ -88818,7 +94406,7 @@ index fa2f63f..6554815 100644 | |||
88818 | } | 94406 | } |
88819 | 94407 | ||
88820 | ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); | 94408 | ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); |
88821 | @@ -236,7 +238,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, | 94409 | @@ -238,7 +240,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, |
88822 | static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, | 94410 | static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, |
88823 | size_t *lenp, loff_t *ppos) | 94411 | size_t *lenp, loff_t *ppos) |
88824 | { | 94412 | { |
@@ -88827,7 +94415,7 @@ index fa2f63f..6554815 100644 | |||
88827 | struct tcp_fastopen_context *ctxt; | 94415 | struct tcp_fastopen_context *ctxt; |
88828 | int ret; | 94416 | int ret; |
88829 | u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ | 94417 | u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ |
88830 | @@ -477,7 +479,7 @@ static struct ctl_table ipv4_table[] = { | 94418 | @@ -481,7 +483,7 @@ static struct ctl_table ipv4_table[] = { |
88831 | }, | 94419 | }, |
88832 | { | 94420 | { |
88833 | .procname = "ip_local_reserved_ports", | 94421 | .procname = "ip_local_reserved_ports", |
@@ -88836,7 +94424,7 @@ index fa2f63f..6554815 100644 | |||
88836 | .maxlen = 65536, | 94424 | .maxlen = 65536, |
88837 | .mode = 0644, | 94425 | .mode = 0644, |
88838 | .proc_handler = proc_do_large_bitmap, | 94426 | .proc_handler = proc_do_large_bitmap, |
88839 | @@ -842,11 +844,10 @@ static struct ctl_table ipv4_net_table[] = { | 94427 | @@ -846,11 +848,10 @@ static struct ctl_table ipv4_net_table[] = { |
88840 | 94428 | ||
88841 | static __net_init int ipv4_sysctl_init_net(struct net *net) | 94429 | static __net_init int ipv4_sysctl_init_net(struct net *net) |
88842 | { | 94430 | { |
@@ -88850,7 +94438,7 @@ index fa2f63f..6554815 100644 | |||
88850 | if (table == NULL) | 94438 | if (table == NULL) |
88851 | goto err_alloc; | 94439 | goto err_alloc; |
88852 | 94440 | ||
88853 | @@ -881,15 +882,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) | 94441 | @@ -885,15 +886,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) |
88854 | 94442 | ||
88855 | tcp_init_mem(net); | 94443 | tcp_init_mem(net); |
88856 | 94444 | ||
@@ -88871,7 +94459,7 @@ index fa2f63f..6554815 100644 | |||
88871 | err_alloc: | 94459 | err_alloc: |
88872 | return -ENOMEM; | 94460 | return -ENOMEM; |
88873 | } | 94461 | } |
88874 | @@ -911,16 +914,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { | 94462 | @@ -915,16 +918,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { |
88875 | static __init int sysctl_ipv4_init(void) | 94463 | static __init int sysctl_ipv4_init(void) |
88876 | { | 94464 | { |
88877 | struct ctl_table_header *hdr; | 94465 | struct ctl_table_header *hdr; |
@@ -89212,7 +94800,7 @@ index 9a459be..086b866 100644 | |||
89212 | return -ENOMEM; | 94800 | return -ENOMEM; |
89213 | } | 94801 | } |
89214 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c | 94802 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
89215 | index fb8c94c..fb18024 100644 | 94803 | index fb8c94c..80a31d8 100644 |
89216 | --- a/net/ipv6/addrconf.c | 94804 | --- a/net/ipv6/addrconf.c |
89217 | +++ b/net/ipv6/addrconf.c | 94805 | +++ b/net/ipv6/addrconf.c |
89218 | @@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, | 94806 | @@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, |
@@ -89224,7 +94812,24 @@ index fb8c94c..fb18024 100644 | |||
89224 | net->dev_base_seq; | 94812 | net->dev_base_seq; |
89225 | hlist_for_each_entry_rcu(dev, head, index_hlist) { | 94813 | hlist_for_each_entry_rcu(dev, head, index_hlist) { |
89226 | if (idx < s_idx) | 94814 | if (idx < s_idx) |
89227 | @@ -2380,7 +2380,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) | 94815 | @@ -1124,12 +1124,10 @@ retry: |
94816 | if (ifp->flags & IFA_F_OPTIMISTIC) | ||
94817 | addr_flags |= IFA_F_OPTIMISTIC; | ||
94818 | |||
94819 | - ift = !max_addresses || | ||
94820 | - ipv6_count_addresses(idev) < max_addresses ? | ||
94821 | - ipv6_add_addr(idev, &addr, tmp_plen, | ||
94822 | - ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, | ||
94823 | - addr_flags) : NULL; | ||
94824 | - if (IS_ERR_OR_NULL(ift)) { | ||
94825 | + ift = ipv6_add_addr(idev, &addr, tmp_plen, | ||
94826 | + ipv6_addr_type(&addr)&IPV6_ADDR_SCOPE_MASK, | ||
94827 | + addr_flags); | ||
94828 | + if (IS_ERR(ift)) { | ||
94829 | in6_ifa_put(ifp); | ||
94830 | in6_dev_put(idev); | ||
94831 | pr_info("%s: retry temporary address regeneration\n", __func__); | ||
94832 | @@ -2380,7 +2378,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) | ||
89228 | p.iph.ihl = 5; | 94833 | p.iph.ihl = 5; |
89229 | p.iph.protocol = IPPROTO_IPV6; | 94834 | p.iph.protocol = IPPROTO_IPV6; |
89230 | p.iph.ttl = 64; | 94835 | p.iph.ttl = 64; |
@@ -89233,7 +94838,7 @@ index fb8c94c..fb18024 100644 | |||
89233 | 94838 | ||
89234 | if (ops->ndo_do_ioctl) { | 94839 | if (ops->ndo_do_ioctl) { |
89235 | mm_segment_t oldfs = get_fs(); | 94840 | mm_segment_t oldfs = get_fs(); |
89236 | @@ -4002,7 +4002,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, | 94841 | @@ -4002,7 +4000,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, |
89237 | s_ip_idx = ip_idx = cb->args[2]; | 94842 | s_ip_idx = ip_idx = cb->args[2]; |
89238 | 94843 | ||
89239 | rcu_read_lock(); | 94844 | rcu_read_lock(); |
@@ -89242,7 +94847,7 @@ index fb8c94c..fb18024 100644 | |||
89242 | for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { | 94847 | for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { |
89243 | idx = 0; | 94848 | idx = 0; |
89244 | head = &net->dev_index_head[h]; | 94849 | head = &net->dev_index_head[h]; |
89245 | @@ -4587,7 +4587,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) | 94850 | @@ -4587,7 +4585,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
89246 | dst_free(&ifp->rt->dst); | 94851 | dst_free(&ifp->rt->dst); |
89247 | break; | 94852 | break; |
89248 | } | 94853 | } |
@@ -89251,7 +94856,7 @@ index fb8c94c..fb18024 100644 | |||
89251 | } | 94856 | } |
89252 | 94857 | ||
89253 | static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) | 94858 | static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) |
89254 | @@ -4607,7 +4607,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, | 94859 | @@ -4607,7 +4605,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, |
89255 | int *valp = ctl->data; | 94860 | int *valp = ctl->data; |
89256 | int val = *valp; | 94861 | int val = *valp; |
89257 | loff_t pos = *ppos; | 94862 | loff_t pos = *ppos; |
@@ -89260,7 +94865,7 @@ index fb8c94c..fb18024 100644 | |||
89260 | int ret; | 94865 | int ret; |
89261 | 94866 | ||
89262 | /* | 94867 | /* |
89263 | @@ -4689,7 +4689,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, | 94868 | @@ -4689,7 +4687,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, |
89264 | int *valp = ctl->data; | 94869 | int *valp = ctl->data; |
89265 | int val = *valp; | 94870 | int val = *valp; |
89266 | loff_t pos = *ppos; | 94871 | loff_t pos = *ppos; |
@@ -89269,6 +94874,19 @@ index fb8c94c..fb18024 100644 | |||
89269 | int ret; | 94874 | int ret; |
89270 | 94875 | ||
89271 | /* | 94876 | /* |
94877 | diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c | ||
94878 | index 40ffd72..aeac0dc 100644 | ||
94879 | --- a/net/ipv6/esp6.c | ||
94880 | +++ b/net/ipv6/esp6.c | ||
94881 | @@ -425,7 +425,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu) | ||
94882 | net_adj = 0; | ||
94883 | |||
94884 | return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) - | ||
94885 | - net_adj) & ~(align - 1)) + (net_adj - 2); | ||
94886 | + net_adj) & ~(align - 1)) + net_adj - 2; | ||
94887 | } | ||
94888 | |||
94889 | static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, | ||
89272 | diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c | 94890 | diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c |
89273 | index b4ff0a4..db9b764 100644 | 94891 | index b4ff0a4..db9b764 100644 |
89274 | --- a/net/ipv6/icmp.c | 94892 | --- a/net/ipv6/icmp.c |
@@ -89448,10 +95066,52 @@ index dffdc1a..ccc6678 100644 | |||
89448 | err_alloc: | 95066 | err_alloc: |
89449 | return -ENOMEM; | 95067 | return -ENOMEM; |
89450 | } | 95068 | } |
95069 | diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c | ||
95070 | index c2e73e6..12cca6f 100644 | ||
95071 | --- a/net/ipv6/output_core.c | ||
95072 | +++ b/net/ipv6/output_core.c | ||
95073 | @@ -8,8 +8,8 @@ | ||
95074 | |||
95075 | void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) | ||
95076 | { | ||
95077 | - static atomic_t ipv6_fragmentation_id; | ||
95078 | - int old, new; | ||
95079 | + static atomic_unchecked_t ipv6_fragmentation_id; | ||
95080 | + int id; | ||
95081 | |||
95082 | #if IS_ENABLED(CONFIG_IPV6) | ||
95083 | if (rt && !(rt->dst.flags & DST_NOPEER)) { | ||
95084 | @@ -25,13 +25,10 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) | ||
95085 | } | ||
95086 | } | ||
95087 | #endif | ||
95088 | - do { | ||
95089 | - old = atomic_read(&ipv6_fragmentation_id); | ||
95090 | - new = old + 1; | ||
95091 | - if (!new) | ||
95092 | - new = 1; | ||
95093 | - } while (atomic_cmpxchg(&ipv6_fragmentation_id, old, new) != old); | ||
95094 | - fhdr->identification = htonl(new); | ||
95095 | + id = atomic_inc_return_unchecked(&ipv6_fragmentation_id); | ||
95096 | + if (!id) | ||
95097 | + id = atomic_inc_return_unchecked(&ipv6_fragmentation_id); | ||
95098 | + fhdr->identification = htonl(id); | ||
95099 | } | ||
95100 | EXPORT_SYMBOL(ipv6_select_ident); | ||
95101 | |||
89451 | diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c | 95102 | diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c |
89452 | index eedff8c..6e13a47 100644 | 95103 | index eedff8c..7d7e24a 100644 |
89453 | --- a/net/ipv6/raw.c | 95104 | --- a/net/ipv6/raw.c |
89454 | +++ b/net/ipv6/raw.c | 95105 | +++ b/net/ipv6/raw.c |
95106 | @@ -108,7 +108,7 @@ found: | ||
95107 | */ | ||
95108 | static int icmpv6_filter(const struct sock *sk, const struct sk_buff *skb) | ||
95109 | { | ||
95110 | - struct icmp6hdr *_hdr; | ||
95111 | + struct icmp6hdr _hdr; | ||
95112 | const struct icmp6hdr *hdr; | ||
95113 | |||
95114 | hdr = skb_header_pointer(skb, skb_transport_offset(skb), | ||
89455 | @@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) | 95115 | @@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) |
89456 | { | 95116 | { |
89457 | if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) && | 95117 | if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) && |
@@ -89887,10 +95547,10 @@ index 4fe76ff..426a904 100644 | |||
89887 | }; | 95547 | }; |
89888 | 95548 | ||
89889 | diff --git a/net/key/af_key.c b/net/key/af_key.c | 95549 | diff --git a/net/key/af_key.c b/net/key/af_key.c |
89890 | index 9da8620..97070ad 100644 | 95550 | index ab8bd2c..cd2d641 100644 |
89891 | --- a/net/key/af_key.c | 95551 | --- a/net/key/af_key.c |
89892 | +++ b/net/key/af_key.c | 95552 | +++ b/net/key/af_key.c |
89893 | @@ -3047,10 +3047,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc | 95553 | @@ -3048,10 +3048,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc |
89894 | static u32 get_acqseq(void) | 95554 | static u32 get_acqseq(void) |
89895 | { | 95555 | { |
89896 | u32 res; | 95556 | u32 res; |
@@ -89904,10 +95564,10 @@ index 9da8620..97070ad 100644 | |||
89904 | return res; | 95564 | return res; |
89905 | } | 95565 | } |
89906 | diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c | 95566 | diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c |
89907 | index 4fdb306e..920086a 100644 | 95567 | index ae36f8e..09d42ac 100644 |
89908 | --- a/net/mac80211/cfg.c | 95568 | --- a/net/mac80211/cfg.c |
89909 | +++ b/net/mac80211/cfg.c | 95569 | +++ b/net/mac80211/cfg.c |
89910 | @@ -804,7 +804,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, | 95570 | @@ -806,7 +806,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, |
89911 | ret = ieee80211_vif_use_channel(sdata, chandef, | 95571 | ret = ieee80211_vif_use_channel(sdata, chandef, |
89912 | IEEE80211_CHANCTX_EXCLUSIVE); | 95572 | IEEE80211_CHANCTX_EXCLUSIVE); |
89913 | } | 95573 | } |
@@ -89916,7 +95576,7 @@ index 4fdb306e..920086a 100644 | |||
89916 | local->_oper_chandef = *chandef; | 95576 | local->_oper_chandef = *chandef; |
89917 | ieee80211_hw_config(local, 0); | 95577 | ieee80211_hw_config(local, 0); |
89918 | } | 95578 | } |
89919 | @@ -2920,7 +2920,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, | 95579 | @@ -2922,7 +2922,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, |
89920 | else | 95580 | else |
89921 | local->probe_req_reg--; | 95581 | local->probe_req_reg--; |
89922 | 95582 | ||
@@ -89925,7 +95585,7 @@ index 4fdb306e..920086a 100644 | |||
89925 | break; | 95585 | break; |
89926 | 95586 | ||
89927 | ieee80211_queue_work(&local->hw, &local->reconfig_filter); | 95587 | ieee80211_queue_work(&local->hw, &local->reconfig_filter); |
89928 | @@ -3383,8 +3383,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, | 95588 | @@ -3385,8 +3385,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, |
89929 | if (chanctx_conf) { | 95589 | if (chanctx_conf) { |
89930 | *chandef = chanctx_conf->def; | 95590 | *chandef = chanctx_conf->def; |
89931 | ret = 0; | 95591 | ret = 0; |
@@ -90034,7 +95694,7 @@ index 514e90f..56f22bf 100644 | |||
90034 | } | 95694 | } |
90035 | 95695 | ||
90036 | diff --git a/net/mac80211/main.c b/net/mac80211/main.c | 95696 | diff --git a/net/mac80211/main.c b/net/mac80211/main.c |
90037 | index 8a7bfc4..4407cd0 100644 | 95697 | index 8a7bfc4..be07e86 100644 |
90038 | --- a/net/mac80211/main.c | 95698 | --- a/net/mac80211/main.c |
90039 | +++ b/net/mac80211/main.c | 95699 | +++ b/net/mac80211/main.c |
90040 | @@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) | 95700 | @@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) |
@@ -90046,8 +95706,17 @@ index 8a7bfc4..4407cd0 100644 | |||
90046 | ret = drv_config(local, changed); | 95706 | ret = drv_config(local, changed); |
90047 | /* | 95707 | /* |
90048 | * Goal: | 95708 | * Goal: |
95709 | @@ -921,7 +921,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) | ||
95710 | hw->queues = IEEE80211_MAX_QUEUES; | ||
95711 | |||
95712 | local->workqueue = | ||
95713 | - alloc_ordered_workqueue(wiphy_name(local->hw.wiphy), 0); | ||
95714 | + alloc_ordered_workqueue("%s", 0, wiphy_name(local->hw.wiphy)); | ||
95715 | if (!local->workqueue) { | ||
95716 | result = -ENOMEM; | ||
95717 | goto fail_workqueue; | ||
90049 | diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c | 95718 | diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c |
90050 | index 7fc5d0d..07ea536 100644 | 95719 | index 3401262..d5cd68d 100644 |
90051 | --- a/net/mac80211/pm.c | 95720 | --- a/net/mac80211/pm.c |
90052 | +++ b/net/mac80211/pm.c | 95721 | +++ b/net/mac80211/pm.c |
90053 | @@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | 95722 | @@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) |
@@ -90068,7 +95737,7 @@ index 7fc5d0d..07ea536 100644 | |||
90068 | if (local->wowlan) { | 95737 | if (local->wowlan) { |
90069 | int err = drv_suspend(local, wowlan); | 95738 | int err = drv_suspend(local, wowlan); |
90070 | if (err < 0) { | 95739 | if (err < 0) { |
90071 | @@ -113,7 +113,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) | 95740 | @@ -116,7 +116,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) |
90072 | WARN_ON(!list_empty(&local->chanctx_list)); | 95741 | WARN_ON(!list_empty(&local->chanctx_list)); |
90073 | 95742 | ||
90074 | /* stop hardware - this must stop RX */ | 95743 | /* stop hardware - this must stop RX */ |
@@ -90450,9 +96119,18 @@ index 0ab9636..cea3c6a 100644 | |||
90450 | { | 96119 | { |
90451 | if (users > 0) | 96120 | if (users > 0) |
90452 | diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c | 96121 | diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c |
90453 | index a99b6c3..3841268 100644 | 96122 | index a99b6c3..cb372f9 100644 |
90454 | --- a/net/netfilter/nf_conntrack_proto_dccp.c | 96123 | --- a/net/netfilter/nf_conntrack_proto_dccp.c |
90455 | +++ b/net/netfilter/nf_conntrack_proto_dccp.c | 96124 | +++ b/net/netfilter/nf_conntrack_proto_dccp.c |
96125 | @@ -428,7 +428,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, | ||
96126 | const char *msg; | ||
96127 | u_int8_t state; | ||
96128 | |||
96129 | - dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); | ||
96130 | + dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); | ||
96131 | BUG_ON(dh == NULL); | ||
96132 | |||
96133 | state = dccp_state_table[CT_DCCP_ROLE_CLIENT][dh->dccph_type][CT_DCCP_NONE]; | ||
90456 | @@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, | 96134 | @@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb, |
90457 | out_invalid: | 96135 | out_invalid: |
90458 | if (LOG_INVALID(net, IPPROTO_DCCP)) | 96136 | if (LOG_INVALID(net, IPPROTO_DCCP)) |
@@ -90462,6 +96140,24 @@ index a99b6c3..3841268 100644 | |||
90462 | return false; | 96140 | return false; |
90463 | } | 96141 | } |
90464 | 96142 | ||
96143 | @@ -486,7 +486,7 @@ static int dccp_packet(struct nf_conn *ct, const struct sk_buff *skb, | ||
96144 | u_int8_t type, old_state, new_state; | ||
96145 | enum ct_dccp_roles role; | ||
96146 | |||
96147 | - dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); | ||
96148 | + dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); | ||
96149 | BUG_ON(dh == NULL); | ||
96150 | type = dh->dccph_type; | ||
96151 | |||
96152 | @@ -577,7 +577,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, | ||
96153 | unsigned int cscov; | ||
96154 | const char *msg; | ||
96155 | |||
96156 | - dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &dh); | ||
96157 | + dh = skb_header_pointer(skb, dataoff, sizeof(_dh), &_dh); | ||
96158 | if (dh == NULL) { | ||
96159 | msg = "nf_ct_dccp: short packet "; | ||
96160 | goto out_invalid; | ||
90465 | @@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, | 96161 | @@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl, |
90466 | 96162 | ||
90467 | out_invalid: | 96163 | out_invalid: |
@@ -90471,6 +96167,49 @@ index a99b6c3..3841268 100644 | |||
90471 | return -NF_ACCEPT; | 96167 | return -NF_ACCEPT; |
90472 | } | 96168 | } |
90473 | 96169 | ||
96170 | diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c | ||
96171 | index 4d4d8f1..e0f9a32 100644 | ||
96172 | --- a/net/netfilter/nf_conntrack_proto_tcp.c | ||
96173 | +++ b/net/netfilter/nf_conntrack_proto_tcp.c | ||
96174 | @@ -526,7 +526,7 @@ static bool tcp_in_window(const struct nf_conn *ct, | ||
96175 | const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple; | ||
96176 | __u32 seq, ack, sack, end, win, swin; | ||
96177 | s16 receiver_offset; | ||
96178 | - bool res; | ||
96179 | + bool res, in_recv_win; | ||
96180 | |||
96181 | /* | ||
96182 | * Get the required data from the packet. | ||
96183 | @@ -649,14 +649,18 @@ static bool tcp_in_window(const struct nf_conn *ct, | ||
96184 | receiver->td_end, receiver->td_maxend, receiver->td_maxwin, | ||
96185 | receiver->td_scale); | ||
96186 | |||
96187 | + /* Is the ending sequence in the receive window (if available)? */ | ||
96188 | + in_recv_win = !receiver->td_maxwin || | ||
96189 | + after(end, sender->td_end - receiver->td_maxwin - 1); | ||
96190 | + | ||
96191 | pr_debug("tcp_in_window: I=%i II=%i III=%i IV=%i\n", | ||
96192 | before(seq, sender->td_maxend + 1), | ||
96193 | - after(end, sender->td_end - receiver->td_maxwin - 1), | ||
96194 | + (in_recv_win ? 1 : 0), | ||
96195 | before(sack, receiver->td_end + 1), | ||
96196 | after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)); | ||
96197 | |||
96198 | if (before(seq, sender->td_maxend + 1) && | ||
96199 | - after(end, sender->td_end - receiver->td_maxwin - 1) && | ||
96200 | + in_recv_win && | ||
96201 | before(sack, receiver->td_end + 1) && | ||
96202 | after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) { | ||
96203 | /* | ||
96204 | @@ -725,7 +729,7 @@ static bool tcp_in_window(const struct nf_conn *ct, | ||
96205 | nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, | ||
96206 | "nf_ct_tcp: %s ", | ||
96207 | before(seq, sender->td_maxend + 1) ? | ||
96208 | - after(end, sender->td_end - receiver->td_maxwin - 1) ? | ||
96209 | + in_recv_win ? | ||
96210 | before(sack, receiver->td_end + 1) ? | ||
96211 | after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1) ? "BUG" | ||
96212 | : "ACK is under the lower bound (possible overly delayed ACK)" | ||
90474 | diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c | 96213 | diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c |
90475 | index bd700b4..4a3dc61 100644 | 96214 | index bd700b4..4a3dc61 100644 |
90476 | --- a/net/netfilter/nf_conntrack_standalone.c | 96215 | --- a/net/netfilter/nf_conntrack_standalone.c |
@@ -90553,7 +96292,7 @@ index f042ae5..30ea486 100644 | |||
90553 | } | 96292 | } |
90554 | EXPORT_SYMBOL(nf_unregister_sockopt); | 96293 | EXPORT_SYMBOL(nf_unregister_sockopt); |
90555 | diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c | 96294 | diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c |
90556 | index 962e979..d4ae2e9 100644 | 96295 | index 962e979..e46f350 100644 |
90557 | --- a/net/netfilter/nfnetlink_log.c | 96296 | --- a/net/netfilter/nfnetlink_log.c |
90558 | +++ b/net/netfilter/nfnetlink_log.c | 96297 | +++ b/net/netfilter/nfnetlink_log.c |
90559 | @@ -82,7 +82,7 @@ static int nfnl_log_net_id __read_mostly; | 96298 | @@ -82,7 +82,7 @@ static int nfnl_log_net_id __read_mostly; |
@@ -90565,7 +96304,27 @@ index 962e979..d4ae2e9 100644 | |||
90565 | }; | 96304 | }; |
90566 | 96305 | ||
90567 | static struct nfnl_log_net *nfnl_log_pernet(struct net *net) | 96306 | static struct nfnl_log_net *nfnl_log_pernet(struct net *net) |
90568 | @@ -559,7 +559,7 @@ __build_packet_message(struct nfnl_log_net *log, | 96307 | @@ -419,6 +419,7 @@ __build_packet_message(struct nfnl_log_net *log, |
96308 | nfmsg->version = NFNETLINK_V0; | ||
96309 | nfmsg->res_id = htons(inst->group_num); | ||
96310 | |||
96311 | + memset(&pmsg, 0, sizeof(pmsg)); | ||
96312 | pmsg.hw_protocol = skb->protocol; | ||
96313 | pmsg.hook = hooknum; | ||
96314 | |||
96315 | @@ -498,7 +499,10 @@ __build_packet_message(struct nfnl_log_net *log, | ||
96316 | if (indev && skb->dev && | ||
96317 | skb->mac_header != skb->network_header) { | ||
96318 | struct nfulnl_msg_packet_hw phw; | ||
96319 | - int len = dev_parse_header(skb, phw.hw_addr); | ||
96320 | + int len; | ||
96321 | + | ||
96322 | + memset(&phw, 0, sizeof(phw)); | ||
96323 | + len = dev_parse_header(skb, phw.hw_addr); | ||
96324 | if (len > 0) { | ||
96325 | phw.hw_addrlen = htons(len); | ||
96326 | if (nla_put(inst->skb, NFULA_HWADDR, sizeof(phw), &phw)) | ||
96327 | @@ -559,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log, | ||
90569 | /* global sequence number */ | 96328 | /* global sequence number */ |
90570 | if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && | 96329 | if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && |
90571 | nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, | 96330 | nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, |
@@ -90574,6 +96333,130 @@ index 962e979..d4ae2e9 100644 | |||
90574 | goto nla_put_failure; | 96333 | goto nla_put_failure; |
90575 | 96334 | ||
90576 | if (data_len) { | 96335 | if (data_len) { |
96336 | diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c | ||
96337 | index 5352b2d..e0083ce 100644 | ||
96338 | --- a/net/netfilter/nfnetlink_queue_core.c | ||
96339 | +++ b/net/netfilter/nfnetlink_queue_core.c | ||
96340 | @@ -444,7 +444,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue, | ||
96341 | if (indev && entskb->dev && | ||
96342 | entskb->mac_header != entskb->network_header) { | ||
96343 | struct nfqnl_msg_packet_hw phw; | ||
96344 | - int len = dev_parse_header(entskb, phw.hw_addr); | ||
96345 | + int len; | ||
96346 | + | ||
96347 | + memset(&phw, 0, sizeof(phw)); | ||
96348 | + len = dev_parse_header(entskb, phw.hw_addr); | ||
96349 | if (len) { | ||
96350 | phw.hw_addrlen = htons(len); | ||
96351 | if (nla_put(skb, NFQA_HWADDR, sizeof(phw), &phw)) | ||
96352 | diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c | ||
96353 | index 7011c71..6113cc7 100644 | ||
96354 | --- a/net/netfilter/xt_TCPMSS.c | ||
96355 | +++ b/net/netfilter/xt_TCPMSS.c | ||
96356 | @@ -52,7 +52,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, | ||
96357 | { | ||
96358 | const struct xt_tcpmss_info *info = par->targinfo; | ||
96359 | struct tcphdr *tcph; | ||
96360 | - unsigned int tcplen, i; | ||
96361 | + int len, tcp_hdrlen; | ||
96362 | + unsigned int i; | ||
96363 | __be16 oldval; | ||
96364 | u16 newmss; | ||
96365 | u8 *opt; | ||
96366 | @@ -64,11 +65,14 @@ tcpmss_mangle_packet(struct sk_buff *skb, | ||
96367 | if (!skb_make_writable(skb, skb->len)) | ||
96368 | return -1; | ||
96369 | |||
96370 | - tcplen = skb->len - tcphoff; | ||
96371 | + len = skb->len - tcphoff; | ||
96372 | + if (len < (int)sizeof(struct tcphdr)) | ||
96373 | + return -1; | ||
96374 | + | ||
96375 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); | ||
96376 | + tcp_hdrlen = tcph->doff * 4; | ||
96377 | |||
96378 | - /* Header cannot be larger than the packet */ | ||
96379 | - if (tcplen < tcph->doff*4) | ||
96380 | + if (len < tcp_hdrlen) | ||
96381 | return -1; | ||
96382 | |||
96383 | if (info->mss == XT_TCPMSS_CLAMP_PMTU) { | ||
96384 | @@ -87,9 +91,8 @@ tcpmss_mangle_packet(struct sk_buff *skb, | ||
96385 | newmss = info->mss; | ||
96386 | |||
96387 | opt = (u_int8_t *)tcph; | ||
96388 | - for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) { | ||
96389 | - if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS && | ||
96390 | - opt[i+1] == TCPOLEN_MSS) { | ||
96391 | + for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) { | ||
96392 | + if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) { | ||
96393 | u_int16_t oldmss; | ||
96394 | |||
96395 | oldmss = (opt[i+2] << 8) | opt[i+3]; | ||
96396 | @@ -112,9 +115,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, | ||
96397 | } | ||
96398 | |||
96399 | /* There is data after the header so the option can't be added | ||
96400 | - without moving it, and doing so may make the SYN packet | ||
96401 | - itself too large. Accept the packet unmodified instead. */ | ||
96402 | - if (tcplen > tcph->doff*4) | ||
96403 | + * without moving it, and doing so may make the SYN packet | ||
96404 | + * itself too large. Accept the packet unmodified instead. | ||
96405 | + */ | ||
96406 | + if (len > tcp_hdrlen) | ||
96407 | return 0; | ||
96408 | |||
96409 | /* | ||
96410 | @@ -143,10 +147,10 @@ tcpmss_mangle_packet(struct sk_buff *skb, | ||
96411 | newmss = min(newmss, (u16)1220); | ||
96412 | |||
96413 | opt = (u_int8_t *)tcph + sizeof(struct tcphdr); | ||
96414 | - memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr)); | ||
96415 | + memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr)); | ||
96416 | |||
96417 | inet_proto_csum_replace2(&tcph->check, skb, | ||
96418 | - htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1); | ||
96419 | + htons(len), htons(len + TCPOLEN_MSS), 1); | ||
96420 | opt[0] = TCPOPT_MSS; | ||
96421 | opt[1] = TCPOLEN_MSS; | ||
96422 | opt[2] = (newmss & 0xff00) >> 8; | ||
96423 | diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c | ||
96424 | index b68fa19..625fa1d 100644 | ||
96425 | --- a/net/netfilter/xt_TCPOPTSTRIP.c | ||
96426 | +++ b/net/netfilter/xt_TCPOPTSTRIP.c | ||
96427 | @@ -38,7 +38,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, | ||
96428 | struct tcphdr *tcph; | ||
96429 | u_int16_t n, o; | ||
96430 | u_int8_t *opt; | ||
96431 | - int len; | ||
96432 | + int len, tcp_hdrlen; | ||
96433 | |||
96434 | /* This is a fragment, no TCP header is available */ | ||
96435 | if (par->fragoff != 0) | ||
96436 | @@ -52,7 +52,9 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, | ||
96437 | return NF_DROP; | ||
96438 | |||
96439 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); | ||
96440 | - if (tcph->doff * 4 > len) | ||
96441 | + tcp_hdrlen = tcph->doff * 4; | ||
96442 | + | ||
96443 | + if (len < tcp_hdrlen) | ||
96444 | return NF_DROP; | ||
96445 | |||
96446 | opt = (u_int8_t *)tcph; | ||
96447 | @@ -61,10 +63,10 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb, | ||
96448 | * Walk through all TCP options - if we find some option to remove, | ||
96449 | * set all octets to %TCPOPT_NOP and adjust checksum. | ||
96450 | */ | ||
96451 | - for (i = sizeof(struct tcphdr); i < tcp_hdrlen(skb); i += optl) { | ||
96452 | + for (i = sizeof(struct tcphdr); i < tcp_hdrlen - 1; i += optl) { | ||
96453 | optl = optlen(opt, i); | ||
96454 | |||
96455 | - if (i + optl > tcp_hdrlen(skb)) | ||
96456 | + if (i + optl > tcp_hdrlen) | ||
96457 | break; | ||
96458 | |||
96459 | if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i])) | ||
90577 | diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c | 96460 | diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c |
90578 | new file mode 100644 | 96461 | new file mode 100644 |
90579 | index 0000000..c566332 | 96462 | index 0000000..c566332 |
@@ -90688,7 +96571,7 @@ index 57ee84d..8b99cf5 100644 | |||
90688 | ); | 96571 | ); |
90689 | 96572 | ||
90690 | diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c | 96573 | diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c |
90691 | index 2fd6dbe..1032269 100644 | 96574 | index 1076fe1..f190285 100644 |
90692 | --- a/net/netlink/genetlink.c | 96575 | --- a/net/netlink/genetlink.c |
90693 | +++ b/net/netlink/genetlink.c | 96576 | +++ b/net/netlink/genetlink.c |
90694 | @@ -310,18 +310,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) | 96577 | @@ -310,18 +310,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) |
@@ -91296,18 +97179,6 @@ index f226709..0e735a8 100644 | |||
91296 | _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); | 97179 | _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); |
91297 | 97180 | ||
91298 | ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); | 97181 | ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); |
91299 | diff --git a/net/sched/sch_atm.c b/net/sched/sch_atm.c | ||
91300 | index ca8e0a5..1f9c314 100644 | ||
91301 | --- a/net/sched/sch_atm.c | ||
91302 | +++ b/net/sched/sch_atm.c | ||
91303 | @@ -605,6 +605,7 @@ static int atm_tc_dump_class(struct Qdisc *sch, unsigned long cl, | ||
91304 | struct sockaddr_atmpvc pvc; | ||
91305 | int state; | ||
91306 | |||
91307 | + memset(&pvc, 0, sizeof(pvc)); | ||
91308 | pvc.sap_family = AF_ATMPVC; | ||
91309 | pvc.sap_addr.itf = flow->vcc->dev ? flow->vcc->dev->number : -1; | ||
91310 | pvc.sap_addr.vpi = flow->vcc->vpi; | ||
91311 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c | 97182 | diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c |
91312 | index 391a245..296b3d7 100644 | 97183 | index 391a245..296b3d7 100644 |
91313 | --- a/net/sctp/ipv6.c | 97184 | --- a/net/sctp/ipv6.c |
@@ -91513,6 +97384,25 @@ index bf3c6e8..376d8d0 100644 | |||
91513 | int i; | 97384 | int i; |
91514 | 97385 | ||
91515 | table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); | 97386 | table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); |
97387 | diff --git a/net/sctp/transport.c b/net/sctp/transport.c | ||
97388 | index 098f1d5f..60da2f7 100644 | ||
97389 | --- a/net/sctp/transport.c | ||
97390 | +++ b/net/sctp/transport.c | ||
97391 | @@ -178,12 +178,12 @@ static void sctp_transport_destroy(struct sctp_transport *transport) | ||
97392 | { | ||
97393 | SCTP_ASSERT(transport->dead, "Transport is not dead", return); | ||
97394 | |||
97395 | - call_rcu(&transport->rcu, sctp_transport_destroy_rcu); | ||
97396 | - | ||
97397 | sctp_packet_free(&transport->packet); | ||
97398 | |||
97399 | if (transport->asoc) | ||
97400 | sctp_association_put(transport->asoc); | ||
97401 | + | ||
97402 | + call_rcu(&transport->rcu, sctp_transport_destroy_rcu); | ||
97403 | } | ||
97404 | |||
97405 | /* Start T3_rtx timer if it is not already running and update the heartbeat | ||
91516 | diff --git a/net/socket.c b/net/socket.c | 97406 | diff --git a/net/socket.c b/net/socket.c |
91517 | index 4ca1526..df83e47 100644 | 97407 | index 4ca1526..df83e47 100644 |
91518 | --- a/net/socket.c | 97408 | --- a/net/socket.c |
@@ -91759,8 +97649,30 @@ index 4ca1526..df83e47 100644 | |||
91759 | 97649 | ||
91760 | set_fs(KERNEL_DS); | 97650 | set_fs(KERNEL_DS); |
91761 | if (level == SOL_SOCKET) | 97651 | if (level == SOL_SOCKET) |
97652 | diff --git a/net/sunrpc/auth_gss/svcauth_gss.c b/net/sunrpc/auth_gss/svcauth_gss.c | ||
97653 | index 29b4ba9..f648ae7 100644 | ||
97654 | --- a/net/sunrpc/auth_gss/svcauth_gss.c | ||
97655 | +++ b/net/sunrpc/auth_gss/svcauth_gss.c | ||
97656 | @@ -1144,7 +1144,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, | ||
97657 | uint64_t *handle) | ||
97658 | { | ||
97659 | struct rsc rsci, *rscp = NULL; | ||
97660 | - static atomic64_t ctxhctr; | ||
97661 | + static atomic64_unchecked_t ctxhctr = ATOMIC64_INIT(0); | ||
97662 | long long ctxh; | ||
97663 | struct gss_api_mech *gm = NULL; | ||
97664 | time_t expiry; | ||
97665 | @@ -1155,7 +1155,7 @@ static int gss_proxy_save_rsc(struct cache_detail *cd, | ||
97666 | status = -ENOMEM; | ||
97667 | /* the handle needs to be just a unique id, | ||
97668 | * use a static counter */ | ||
97669 | - ctxh = atomic64_inc_return(&ctxhctr); | ||
97670 | + ctxh = atomic64_inc_return_unchecked(&ctxhctr); | ||
97671 | |||
97672 | /* make a copy for the caller */ | ||
97673 | *handle = ctxh; | ||
91762 | diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c | 97674 | diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c |
91763 | index 5a750b9..ca5d7af 100644 | 97675 | index 426f8fc..1ef9c32 100644 |
91764 | --- a/net/sunrpc/clnt.c | 97676 | --- a/net/sunrpc/clnt.c |
91765 | +++ b/net/sunrpc/clnt.c | 97677 | +++ b/net/sunrpc/clnt.c |
91766 | @@ -1288,7 +1288,9 @@ call_start(struct rpc_task *task) | 97678 | @@ -1288,7 +1288,9 @@ call_start(struct rpc_task *task) |
@@ -92179,6 +98091,19 @@ index 8800604..0526440 100644 | |||
92179 | 98091 | ||
92180 | table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); | 98092 | table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); |
92181 | if (table == NULL) | 98093 | if (table == NULL) |
98094 | diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c | ||
98095 | index 3f77f42..662d89b 100644 | ||
98096 | --- a/net/vmw_vsock/af_vsock.c | ||
98097 | +++ b/net/vmw_vsock/af_vsock.c | ||
98098 | @@ -335,7 +335,7 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk)) | ||
98099 | for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) { | ||
98100 | struct vsock_sock *vsk; | ||
98101 | list_for_each_entry(vsk, &vsock_connected_table[i], | ||
98102 | - connected_table); | ||
98103 | + connected_table) | ||
98104 | fn(sk_vsock(vsk)); | ||
98105 | } | ||
98106 | |||
92182 | diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c | 98107 | diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c |
92183 | index c8717c1..08539f5 100644 | 98108 | index c8717c1..08539f5 100644 |
92184 | --- a/net/wireless/wext-core.c | 98109 | --- a/net/wireless/wext-core.c |
@@ -92318,7 +98243,7 @@ index ea970b8..c68edb9f 100644 | |||
92318 | } | 98243 | } |
92319 | 98244 | ||
92320 | diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c | 98245 | diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c |
92321 | index 78f66fa..9286768 100644 | 98246 | index 78f66fa..b93d547 100644 |
92322 | --- a/net/xfrm/xfrm_state.c | 98247 | --- a/net/xfrm/xfrm_state.c |
92323 | +++ b/net/xfrm/xfrm_state.c | 98248 | +++ b/net/xfrm/xfrm_state.c |
92324 | @@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) | 98249 | @@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) |
@@ -92412,6 +98337,19 @@ index 78f66fa..9286768 100644 | |||
92412 | module_put(mode->afinfo->owner); | 98337 | module_put(mode->afinfo->owner); |
92413 | err = 0; | 98338 | err = 0; |
92414 | } | 98339 | } |
98340 | @@ -1486,10 +1493,10 @@ EXPORT_SYMBOL(xfrm_find_acq_byseq); | ||
98341 | u32 xfrm_get_acqseq(void) | ||
98342 | { | ||
98343 | u32 res; | ||
98344 | - static atomic_t acqseq; | ||
98345 | + static atomic_unchecked_t acqseq; | ||
98346 | |||
98347 | do { | ||
98348 | - res = atomic_inc_return(&acqseq); | ||
98349 | + res = atomic_inc_return_unchecked(&acqseq); | ||
98350 | } while (!res); | ||
98351 | |||
98352 | return res; | ||
92415 | diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c | 98353 | diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c |
92416 | index 05a6e3d..6716ec9 100644 | 98354 | index 05a6e3d..6716ec9 100644 |
92417 | --- a/net/xfrm/xfrm_sysctl.c | 98355 | --- a/net/xfrm/xfrm_sysctl.c |
@@ -92861,10 +98799,10 @@ index f5eb43d..1814de8 100644 | |||
92861 | shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); | 98799 | shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); |
92862 | shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); | 98800 | shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); |
92863 | diff --git a/security/Kconfig b/security/Kconfig | 98801 | diff --git a/security/Kconfig b/security/Kconfig |
92864 | index e9c6ac7..a4d558d 100644 | 98802 | index e9c6ac7..c5d45c8 100644 |
92865 | --- a/security/Kconfig | 98803 | --- a/security/Kconfig |
92866 | +++ b/security/Kconfig | 98804 | +++ b/security/Kconfig |
92867 | @@ -4,6 +4,956 @@ | 98805 | @@ -4,6 +4,959 @@ |
92868 | 98806 | ||
92869 | menu "Security options" | 98807 | menu "Security options" |
92870 | 98808 | ||
@@ -93232,7 +99170,7 @@ index e9c6ac7..a4d558d 100644 | |||
93232 | +config PAX_NOEXEC | 99170 | +config PAX_NOEXEC |
93233 | + bool "Enforce non-executable pages" | 99171 | + bool "Enforce non-executable pages" |
93234 | + default y if GRKERNSEC_CONFIG_AUTO | 99172 | + default y if GRKERNSEC_CONFIG_AUTO |
93235 | + depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 | 99173 | + depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86 |
93236 | + help | 99174 | + help |
93237 | + By design some architectures do not allow for protecting memory | 99175 | + By design some architectures do not allow for protecting memory |
93238 | + pages against execution or even if they do, Linux does not make | 99176 | + pages against execution or even if they do, Linux does not make |
@@ -93262,8 +99200,6 @@ index e9c6ac7..a4d558d 100644 | |||
93262 | + bool "Paging based non-executable pages" | 99200 | + bool "Paging based non-executable pages" |
93263 | + default y if GRKERNSEC_CONFIG_AUTO | 99201 | + default y if GRKERNSEC_CONFIG_AUTO |
93264 | + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) | 99202 | + depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7) |
93265 | + select S390_SWITCH_AMODE if S390 | ||
93266 | + select S390_EXEC_PROTECT if S390 | ||
93267 | + select ARCH_TRACK_EXEC_LIMIT if X86_32 | 99203 | + select ARCH_TRACK_EXEC_LIMIT if X86_32 |
93268 | + help | 99204 | + help |
93269 | + This implementation is based on the paging feature of the CPU. | 99205 | + This implementation is based on the paging feature of the CPU. |
@@ -93445,7 +99381,7 @@ index e9c6ac7..a4d558d 100644 | |||
93445 | +config PAX_KERNEXEC | 99381 | +config PAX_KERNEXEC |
93446 | + bool "Enforce non-executable kernel pages" | 99382 | + bool "Enforce non-executable kernel pages" |
93447 | + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) | 99383 | + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) |
93448 | + depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN | 99384 | + depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN |
93449 | + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) | 99385 | + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) |
93450 | + select PAX_KERNEXEC_PLUGIN if X86_64 | 99386 | + select PAX_KERNEXEC_PLUGIN if X86_64 |
93451 | + help | 99387 | + help |
@@ -93677,7 +99613,7 @@ index e9c6ac7..a4d558d 100644 | |||
93677 | +config PAX_MEMORY_UDEREF | 99613 | +config PAX_MEMORY_UDEREF |
93678 | + bool "Prevent invalid userland pointer dereference" | 99614 | + bool "Prevent invalid userland pointer dereference" |
93679 | + default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) | 99615 | + default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) |
93680 | + depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN | 99616 | + depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN |
93681 | + select PAX_PER_CPU_PGD if X86_64 | 99617 | + select PAX_PER_CPU_PGD if X86_64 |
93682 | + help | 99618 | + help |
93683 | + By saying Y here the kernel will be prevented from dereferencing | 99619 | + By saying Y here the kernel will be prevented from dereferencing |
@@ -93694,10 +99630,15 @@ index e9c6ac7..a4d558d 100644 | |||
93694 | + VMs running on CPUs without hardware virtualization support (i.e., | 99630 | + VMs running on CPUs without hardware virtualization support (i.e., |
93695 | + the majority of IA-32 CPUs) will likely experience the slowdown. | 99631 | + the majority of IA-32 CPUs) will likely experience the slowdown. |
93696 | + | 99632 | + |
99633 | + On X86_64 the kernel will make use of PCID support when available | ||
99634 | + (Intel's Westmere, Sandy Bridge, etc) for better security (default) | ||
99635 | + or performance impact. Pass pax_weakuderef on the kernel command | ||
99636 | + line to choose the latter. | ||
99637 | + | ||
93697 | +config PAX_REFCOUNT | 99638 | +config PAX_REFCOUNT |
93698 | + bool "Prevent various kernel object reference counter overflows" | 99639 | + bool "Prevent various kernel object reference counter overflows" |
93699 | + default y if GRKERNSEC_CONFIG_AUTO | 99640 | + default y if GRKERNSEC_CONFIG_AUTO |
93700 | + depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86) | 99641 | + depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || MIPS || SPARC64 || X86) |
93701 | + help | 99642 | + help |
93702 | + By saying Y here the kernel will detect and prevent overflowing | 99643 | + By saying Y here the kernel will detect and prevent overflowing |
93703 | + various (but not all) kinds of object reference counters. Such | 99644 | + various (but not all) kinds of object reference counters. Such |
@@ -93821,7 +99762,7 @@ index e9c6ac7..a4d558d 100644 | |||
93821 | source security/keys/Kconfig | 99762 | source security/keys/Kconfig |
93822 | 99763 | ||
93823 | config SECURITY_DMESG_RESTRICT | 99764 | config SECURITY_DMESG_RESTRICT |
93824 | @@ -103,7 +1053,7 @@ config INTEL_TXT | 99765 | @@ -103,7 +1056,7 @@ config INTEL_TXT |
93825 | config LSM_MMAP_MIN_ADDR | 99766 | config LSM_MMAP_MIN_ADDR |
93826 | int "Low address space for LSM to protect from user allocation" | 99767 | int "Low address space for LSM to protect from user allocation" |
93827 | depends on SECURITY && SECURITY_SELINUX | 99768 | depends on SECURITY && SECURITY_SELINUX |
@@ -94416,6 +100357,37 @@ index a3dce87..9ca1435 100644 | |||
94416 | } | 100357 | } |
94417 | 100358 | ||
94418 | /* Save user chosen LSM */ | 100359 | /* Save user chosen LSM */ |
100360 | diff --git a/security/selinux/avc.c b/security/selinux/avc.c | ||
100361 | index dad36a6..7e5ffbf 100644 | ||
100362 | --- a/security/selinux/avc.c | ||
100363 | +++ b/security/selinux/avc.c | ||
100364 | @@ -59,7 +59,7 @@ struct avc_node { | ||
100365 | struct avc_cache { | ||
100366 | struct hlist_head slots[AVC_CACHE_SLOTS]; /* head for avc_node->list */ | ||
100367 | spinlock_t slots_lock[AVC_CACHE_SLOTS]; /* lock for writes */ | ||
100368 | - atomic_t lru_hint; /* LRU hint for reclaim scan */ | ||
100369 | + atomic_unchecked_t lru_hint; /* LRU hint for reclaim scan */ | ||
100370 | atomic_t active_nodes; | ||
100371 | u32 latest_notif; /* latest revocation notification */ | ||
100372 | }; | ||
100373 | @@ -167,7 +167,7 @@ void __init avc_init(void) | ||
100374 | spin_lock_init(&avc_cache.slots_lock[i]); | ||
100375 | } | ||
100376 | atomic_set(&avc_cache.active_nodes, 0); | ||
100377 | - atomic_set(&avc_cache.lru_hint, 0); | ||
100378 | + atomic_set_unchecked(&avc_cache.lru_hint, 0); | ||
100379 | |||
100380 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), | ||
100381 | 0, SLAB_PANIC, NULL); | ||
100382 | @@ -242,7 +242,7 @@ static inline int avc_reclaim_node(void) | ||
100383 | spinlock_t *lock; | ||
100384 | |||
100385 | for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) { | ||
100386 | - hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); | ||
100387 | + hvalue = atomic_inc_return_unchecked(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1); | ||
100388 | head = &avc_cache.slots[hvalue]; | ||
100389 | lock = &avc_cache.slots_lock[hvalue]; | ||
100390 | |||
94419 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c | 100391 | diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
94420 | index 5c6f2cd..b4f945c 100644 | 100392 | index 5c6f2cd..b4f945c 100644 |
94421 | --- a/security/selinux/hooks.c | 100393 | --- a/security/selinux/hooks.c |
@@ -95014,6 +100986,27 @@ index 7d8803a..559f8d0 100644 | |||
95014 | 100986 | ||
95015 | list_add(&s->list, &cs4297a_devs); | 100987 | list_add(&s->list, &cs4297a_devs); |
95016 | 100988 | ||
100989 | diff --git a/sound/pci/hda/hda_codec.c b/sound/pci/hda/hda_codec.c | ||
100990 | index 55108b5..d973e11 100644 | ||
100991 | --- a/sound/pci/hda/hda_codec.c | ||
100992 | +++ b/sound/pci/hda/hda_codec.c | ||
100993 | @@ -916,14 +916,10 @@ find_codec_preset(struct hda_codec *codec) | ||
100994 | mutex_unlock(&preset_mutex); | ||
100995 | |||
100996 | if (mod_requested < HDA_MODREQ_MAX_COUNT) { | ||
100997 | - char name[32]; | ||
100998 | if (!mod_requested) | ||
100999 | - snprintf(name, sizeof(name), "snd-hda-codec-id:%08x", | ||
101000 | - codec->vendor_id); | ||
101001 | + request_module("snd-hda-codec-id:%08x", codec->vendor_id); | ||
101002 | else | ||
101003 | - snprintf(name, sizeof(name), "snd-hda-codec-id:%04x*", | ||
101004 | - (codec->vendor_id >> 16) & 0xffff); | ||
101005 | - request_module(name); | ||
101006 | + request_module("snd-hda-codec-id:%04x*", (codec->vendor_id >> 16) & 0xffff); | ||
101007 | mod_requested++; | ||
101008 | goto again; | ||
101009 | } | ||
95017 | diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h | 101010 | diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h |
95018 | index 4631a23..001ae57 100644 | 101011 | index 4631a23..001ae57 100644 |
95019 | --- a/sound/pci/ymfpci/ymfpci.h | 101012 | --- a/sound/pci/ymfpci/ymfpci.h |
@@ -96334,10 +102327,10 @@ index 0000000..568b360 | |||
96334 | +} | 102327 | +} |
96335 | diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c | 102328 | diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c |
96336 | new file mode 100644 | 102329 | new file mode 100644 |
96337 | index 0000000..0408e06 | 102330 | index 0000000..257529f |
96338 | --- /dev/null | 102331 | --- /dev/null |
96339 | +++ b/tools/gcc/kernexec_plugin.c | 102332 | +++ b/tools/gcc/kernexec_plugin.c |
96340 | @@ -0,0 +1,465 @@ | 102333 | @@ -0,0 +1,471 @@ |
96341 | +/* | 102334 | +/* |
96342 | + * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> | 102335 | + * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> |
96343 | + * Licensed under the GPL v2 | 102336 | + * Licensed under the GPL v2 |
@@ -96389,7 +102382,7 @@ index 0000000..0408e06 | |||
96389 | +int plugin_is_GPL_compatible; | 102382 | +int plugin_is_GPL_compatible; |
96390 | + | 102383 | + |
96391 | +static struct plugin_info kernexec_plugin_info = { | 102384 | +static struct plugin_info kernexec_plugin_info = { |
96392 | + .version = "201302112000", | 102385 | + .version = "201308230150", |
96393 | + .help = "method=[bts|or]\tinstrumentation method\n" | 102386 | + .help = "method=[bts|or]\tinstrumentation method\n" |
96394 | +}; | 102387 | +}; |
96395 | + | 102388 | + |
@@ -96540,7 +102533,7 @@ index 0000000..0408e06 | |||
96540 | +static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) | 102533 | +static void kernexec_instrument_fptr_bts(gimple_stmt_iterator *gsi) |
96541 | +{ | 102534 | +{ |
96542 | + gimple assign_intptr, assign_new_fptr, call_stmt; | 102535 | + gimple assign_intptr, assign_new_fptr, call_stmt; |
96543 | + tree intptr, old_fptr, new_fptr, kernexec_mask; | 102536 | + tree intptr, orptr, old_fptr, new_fptr, kernexec_mask; |
96544 | + | 102537 | + |
96545 | + call_stmt = gsi_stmt(*gsi); | 102538 | + call_stmt = gsi_stmt(*gsi); |
96546 | + old_fptr = gimple_call_fn(call_stmt); | 102539 | + old_fptr = gimple_call_fn(call_stmt); |
@@ -96549,16 +102542,20 @@ index 0000000..0408e06 | |||
96549 | + intptr = create_tmp_var(long_unsigned_type_node, "kernexec_bts"); | 102542 | + intptr = create_tmp_var(long_unsigned_type_node, "kernexec_bts"); |
96550 | +#if BUILDING_GCC_VERSION <= 4007 | 102543 | +#if BUILDING_GCC_VERSION <= 4007 |
96551 | + add_referenced_var(intptr); | 102544 | + add_referenced_var(intptr); |
96552 | + mark_sym_for_renaming(intptr); | ||
96553 | +#endif | 102545 | +#endif |
102546 | + intptr = make_ssa_name(intptr, NULL); | ||
96554 | + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); | 102547 | + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); |
102548 | + SSA_NAME_DEF_STMT(intptr) = assign_intptr; | ||
96555 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); | 102549 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
96556 | + update_stmt(assign_intptr); | 102550 | + update_stmt(assign_intptr); |
96557 | + | 102551 | + |
96558 | + // apply logical or to temporary unsigned long and bitmask | 102552 | + // apply logical or to temporary unsigned long and bitmask |
96559 | + kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); | 102553 | + kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0x8000000000000000LL); |
96560 | +// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); | 102554 | +// kernexec_mask = build_int_cstu(long_long_unsigned_type_node, 0xffffffff80000000LL); |
96561 | + assign_intptr = gimple_build_assign(intptr, fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask)); | 102555 | + orptr = fold_build2(BIT_IOR_EXPR, long_long_unsigned_type_node, intptr, kernexec_mask); |
102556 | + intptr = make_ssa_name(SSA_NAME_VAR(intptr), NULL); | ||
102557 | + assign_intptr = gimple_build_assign(intptr, orptr); | ||
102558 | + SSA_NAME_DEF_STMT(intptr) = assign_intptr; | ||
96562 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); | 102559 | + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); |
96563 | + update_stmt(assign_intptr); | 102560 | + update_stmt(assign_intptr); |
96564 | + | 102561 | + |
@@ -96566,9 +102563,10 @@ index 0000000..0408e06 | |||
96566 | + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); | 102563 | + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); |
96567 | +#if BUILDING_GCC_VERSION <= 4007 | 102564 | +#if BUILDING_GCC_VERSION <= 4007 |
96568 | + add_referenced_var(new_fptr); | 102565 | + add_referenced_var(new_fptr); |
96569 | + mark_sym_for_renaming(new_fptr); | ||
96570 | +#endif | 102566 | +#endif |
102567 | + new_fptr = make_ssa_name(new_fptr, NULL); | ||
96571 | + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); | 102568 | + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); |
102569 | + SSA_NAME_DEF_STMT(new_fptr) = assign_new_fptr; | ||
96572 | + gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); | 102570 | + gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); |
96573 | + update_stmt(assign_new_fptr); | 102571 | + update_stmt(assign_new_fptr); |
96574 | + | 102572 | + |
@@ -96596,8 +102594,8 @@ index 0000000..0408e06 | |||
96596 | + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_or"); | 102594 | + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_or"); |
96597 | +#if BUILDING_GCC_VERSION <= 4007 | 102595 | +#if BUILDING_GCC_VERSION <= 4007 |
96598 | + add_referenced_var(new_fptr); | 102596 | + add_referenced_var(new_fptr); |
96599 | + mark_sym_for_renaming(new_fptr); | ||
96600 | +#endif | 102597 | +#endif |
102598 | + new_fptr = make_ssa_name(new_fptr, NULL); | ||
96601 | + | 102599 | + |
96602 | + // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr)); | 102600 | + // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr)); |
96603 | + input = build_tree_list(NULL_TREE, build_string(2, "0")); | 102601 | + input = build_tree_list(NULL_TREE, build_string(2, "0")); |
@@ -96612,6 +102610,7 @@ index 0000000..0408e06 | |||
96612 | + vec_safe_push(outputs, output); | 102610 | + vec_safe_push(outputs, output); |
96613 | +#endif | 102611 | +#endif |
96614 | + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); | 102612 | + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); |
102613 | + SSA_NAME_DEF_STMT(new_fptr) = asm_or_stmt; | ||
96615 | + gimple_asm_set_volatile(asm_or_stmt, true); | 102614 | + gimple_asm_set_volatile(asm_or_stmt, true); |
96616 | + gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); | 102615 | + gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); |
96617 | + update_stmt(asm_or_stmt); | 102616 | + update_stmt(asm_or_stmt); |
@@ -96805,10 +102804,10 @@ index 0000000..0408e06 | |||
96805 | +} | 102804 | +} |
96806 | diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c | 102805 | diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c |
96807 | new file mode 100644 | 102806 | new file mode 100644 |
96808 | index 0000000..b5395ba | 102807 | index 0000000..2ef6fd9 |
96809 | --- /dev/null | 102808 | --- /dev/null |
96810 | +++ b/tools/gcc/latent_entropy_plugin.c | 102809 | +++ b/tools/gcc/latent_entropy_plugin.c |
96811 | @@ -0,0 +1,327 @@ | 102810 | @@ -0,0 +1,321 @@ |
96812 | +/* | 102811 | +/* |
96813 | + * Copyright 2012-2013 by the PaX Team <pageexec@freemail.hu> | 102812 | + * Copyright 2012-2013 by the PaX Team <pageexec@freemail.hu> |
96814 | + * Licensed under the GPL v2 | 102813 | + * Licensed under the GPL v2 |
@@ -96860,7 +102859,7 @@ index 0000000..b5395ba | |||
96860 | +static tree latent_entropy_decl; | 102859 | +static tree latent_entropy_decl; |
96861 | + | 102860 | + |
96862 | +static struct plugin_info latent_entropy_plugin_info = { | 102861 | +static struct plugin_info latent_entropy_plugin_info = { |
96863 | + .version = "201303102320", | 102862 | + .version = "201308230230", |
96864 | + .help = NULL | 102863 | + .help = NULL |
96865 | +}; | 102864 | +}; |
96866 | + | 102865 | + |
@@ -96969,13 +102968,10 @@ index 0000000..b5395ba | |||
96969 | + op = get_op(&rhs); | 102968 | + op = get_op(&rhs); |
96970 | + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); | 102969 | + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); |
96971 | + assign = gimple_build_assign(local_entropy, addxorrol); | 102970 | + assign = gimple_build_assign(local_entropy, addxorrol); |
96972 | +#if BUILDING_GCC_VERSION <= 4007 | ||
96973 | + find_referenced_vars_in(assign); | ||
96974 | +#endif | ||
96975 | +//debug_bb(bb); | ||
96976 | + gsi = gsi_after_labels(bb); | 102971 | + gsi = gsi_after_labels(bb); |
96977 | + gsi_insert_before(&gsi, assign, GSI_NEW_STMT); | 102972 | + gsi_insert_before(&gsi, assign, GSI_NEW_STMT); |
96978 | + update_stmt(assign); | 102973 | + update_stmt(assign); |
102974 | +//debug_bb(bb); | ||
96979 | +} | 102975 | +} |
96980 | + | 102976 | + |
96981 | +static void perturb_latent_entropy(basic_block bb, tree rhs) | 102977 | +static void perturb_latent_entropy(basic_block bb, tree rhs) |
@@ -96988,13 +102984,14 @@ index 0000000..b5395ba | |||
96988 | + temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); | 102984 | + temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); |
96989 | +#if BUILDING_GCC_VERSION <= 4007 | 102985 | +#if BUILDING_GCC_VERSION <= 4007 |
96990 | + add_referenced_var(temp); | 102986 | + add_referenced_var(temp); |
96991 | + mark_sym_for_renaming(temp); | ||
96992 | +#endif | 102987 | +#endif |
96993 | + | 102988 | + |
96994 | + // 2. read... | 102989 | + // 2. read... |
102990 | + temp = make_ssa_name(temp, NULL); | ||
96995 | + assign = gimple_build_assign(temp, latent_entropy_decl); | 102991 | + assign = gimple_build_assign(temp, latent_entropy_decl); |
102992 | + SSA_NAME_DEF_STMT(temp) = assign; | ||
96996 | +#if BUILDING_GCC_VERSION <= 4007 | 102993 | +#if BUILDING_GCC_VERSION <= 4007 |
96997 | + find_referenced_vars_in(assign); | 102994 | + add_referenced_var(latent_entropy_decl); |
96998 | +#endif | 102995 | +#endif |
96999 | + gsi = gsi_after_labels(bb); | 102996 | + gsi = gsi_after_labels(bb); |
97000 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); | 102997 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
@@ -97002,18 +102999,14 @@ index 0000000..b5395ba | |||
97002 | + | 102999 | + |
97003 | + // 3. ...modify... | 103000 | + // 3. ...modify... |
97004 | + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); | 103001 | + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); |
103002 | + temp = make_ssa_name(SSA_NAME_VAR(temp), NULL); | ||
97005 | + assign = gimple_build_assign(temp, addxorrol); | 103003 | + assign = gimple_build_assign(temp, addxorrol); |
97006 | +#if BUILDING_GCC_VERSION <= 4007 | 103004 | + SSA_NAME_DEF_STMT(temp) = assign; |
97007 | + find_referenced_vars_in(assign); | ||
97008 | +#endif | ||
97009 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); | 103005 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
97010 | + update_stmt(assign); | 103006 | + update_stmt(assign); |
97011 | + | 103007 | + |
97012 | + // 4. ...write latent_entropy | 103008 | + // 4. ...write latent_entropy |
97013 | + assign = gimple_build_assign(latent_entropy_decl, temp); | 103009 | + assign = gimple_build_assign(latent_entropy_decl, temp); |
97014 | +#if BUILDING_GCC_VERSION <= 4007 | ||
97015 | + find_referenced_vars_in(assign); | ||
97016 | +#endif | ||
97017 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); | 103010 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
97018 | + update_stmt(assign); | 103011 | + update_stmt(assign); |
97019 | +} | 103012 | +} |
@@ -97064,21 +103057,21 @@ index 0000000..b5395ba | |||
97064 | + | 103057 | + |
97065 | + assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); | 103058 | + assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); |
97066 | +// gimple_set_location(assign, loc); | 103059 | +// gimple_set_location(assign, loc); |
97067 | +#if BUILDING_GCC_VERSION <= 4007 | ||
97068 | + find_referenced_vars_in(assign); | ||
97069 | +#endif | ||
97070 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); | 103060 | + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); |
97071 | + update_stmt(assign); | 103061 | + update_stmt(assign); |
103062 | +//debug_bb(bb); | ||
97072 | + bb = bb->next_bb; | 103063 | + bb = bb->next_bb; |
97073 | + | 103064 | + |
97074 | + // 3. instrument each BB with an operation on the local entropy variable | 103065 | + // 3. instrument each BB with an operation on the local entropy variable |
97075 | + while (bb != EXIT_BLOCK_PTR) { | 103066 | + while (bb != EXIT_BLOCK_PTR) { |
97076 | + perturb_local_entropy(bb, local_entropy); | 103067 | + perturb_local_entropy(bb, local_entropy); |
103068 | +//debug_bb(bb); | ||
97077 | + bb = bb->next_bb; | 103069 | + bb = bb->next_bb; |
97078 | + }; | 103070 | + }; |
97079 | + | 103071 | + |
97080 | + // 4. mix local entropy into the global entropy variable | 103072 | + // 4. mix local entropy into the global entropy variable |
97081 | + perturb_latent_entropy(EXIT_BLOCK_PTR->prev_bb, local_entropy); | 103073 | + perturb_latent_entropy(EXIT_BLOCK_PTR->prev_bb, local_entropy); |
103074 | +//debug_bb(EXIT_BLOCK_PTR->prev_bb); | ||
97082 | + return 0; | 103075 | + return 0; |
97083 | +} | 103076 | +} |
97084 | + | 103077 | + |
@@ -103494,10 +109487,10 @@ index 0000000..b04803b | |||
103494 | +alloc_dr_65495 alloc_dr 2 65495 NULL | 109487 | +alloc_dr_65495 alloc_dr 2 65495 NULL |
103495 | diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c | 109488 | diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c |
103496 | new file mode 100644 | 109489 | new file mode 100644 |
103497 | index 0000000..9db0d0e | 109490 | index 0000000..03d0c84 |
103498 | --- /dev/null | 109491 | --- /dev/null |
103499 | +++ b/tools/gcc/size_overflow_plugin.c | 109492 | +++ b/tools/gcc/size_overflow_plugin.c |
103500 | @@ -0,0 +1,2114 @@ | 109493 | @@ -0,0 +1,2113 @@ |
103501 | +/* | 109494 | +/* |
103502 | + * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com> | 109495 | + * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com> |
103503 | + * Licensed under the GPL v2, or (at your option) v3 | 109496 | + * Licensed under the GPL v2, or (at your option) v3 |
@@ -103587,7 +109580,7 @@ index 0000000..9db0d0e | |||
103587 | +static void print_missing_msg(tree func, unsigned int argnum); | 109580 | +static void print_missing_msg(tree func, unsigned int argnum); |
103588 | + | 109581 | + |
103589 | +static struct plugin_info size_overflow_plugin_info = { | 109582 | +static struct plugin_info size_overflow_plugin_info = { |
103590 | + .version = "20130410beta", | 109583 | + .version = "20130822beta", |
103591 | + .help = "no-size-overflow\tturn off size overflow checking\n", | 109584 | + .help = "no-size-overflow\tturn off size overflow checking\n", |
103592 | +}; | 109585 | +}; |
103593 | + | 109586 | + |
@@ -103967,7 +109960,6 @@ index 0000000..9db0d0e | |||
103967 | + | 109960 | + |
103968 | +#if BUILDING_GCC_VERSION <= 4007 | 109961 | +#if BUILDING_GCC_VERSION <= 4007 |
103969 | + add_referenced_var(new_var); | 109962 | + add_referenced_var(new_var); |
103970 | + mark_sym_for_renaming(new_var); | ||
103971 | +#endif | 109963 | +#endif |
103972 | + return new_var; | 109964 | + return new_var; |
103973 | +} | 109965 | +} |
@@ -106228,6 +112220,32 @@ index 0000000..4fae911 | |||
106228 | + | 112220 | + |
106229 | + return 0; | 112221 | + return 0; |
106230 | +} | 112222 | +} |
112223 | diff --git a/tools/lib/lk/Makefile b/tools/lib/lk/Makefile | ||
112224 | index 926cbf3..b8403e0 100644 | ||
112225 | --- a/tools/lib/lk/Makefile | ||
112226 | +++ b/tools/lib/lk/Makefile | ||
112227 | @@ -10,7 +10,7 @@ LIB_OBJS += $(OUTPUT)debugfs.o | ||
112228 | |||
112229 | LIBFILE = liblk.a | ||
112230 | |||
112231 | -CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC | ||
112232 | +CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC | ||
112233 | EXTLIBS = -lpthread -lrt -lelf -lm | ||
112234 | ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 | ||
112235 | ALL_LDFLAGS = $(LDFLAGS) | ||
112236 | diff --git a/tools/perf/Makefile b/tools/perf/Makefile | ||
112237 | index b0f164b..63c9f7d 100644 | ||
112238 | --- a/tools/perf/Makefile | ||
112239 | +++ b/tools/perf/Makefile | ||
112240 | @@ -188,7 +188,7 @@ endif | ||
112241 | |||
112242 | ifndef PERF_DEBUG | ||
112243 | ifeq ($(call try-cc,$(SOURCE_HELLO),$(CFLAGS) -D_FORTIFY_SOURCE=2,-D_FORTIFY_SOURCE=2),y) | ||
112244 | - CFLAGS := $(CFLAGS) -D_FORTIFY_SOURCE=2 | ||
112245 | + CFLAGS := $(CFLAGS) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 | ||
112246 | endif | ||
112247 | endif | ||
112248 | |||
106231 | diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h | 112249 | diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h |
106232 | index 6789d78..4afd019e 100644 | 112250 | index 6789d78..4afd019e 100644 |
106233 | --- a/tools/perf/util/include/asm/alternative-asm.h | 112251 | --- a/tools/perf/util/include/asm/alternative-asm.h |
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 36a0fef5af..5af34f6110 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/x86 3.10.4 Kernel Configuration | 3 | # Linux/x86 3.10.10 Kernel Configuration |
4 | # | 4 | # |
5 | # CONFIG_64BIT is not set | 5 | # CONFIG_64BIT is not set |
6 | CONFIG_X86_32=y | 6 | CONFIG_X86_32=y |
@@ -5634,6 +5634,11 @@ CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y | |||
5634 | # CONFIG_GRKERNSEC_SOCKET is not set | 5634 | # CONFIG_GRKERNSEC_SOCKET is not set |
5635 | 5635 | ||
5636 | # | 5636 | # |
5637 | # Physical Protections | ||
5638 | # | ||
5639 | # CONFIG_GRKERNSEC_DENYUSB is not set | ||
5640 | |||
5641 | # | ||
5637 | # Sysctl Support | 5642 | # Sysctl Support |
5638 | # | 5643 | # |
5639 | CONFIG_GRKERNSEC_SYSCTL=y | 5644 | CONFIG_GRKERNSEC_SYSCTL=y |
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 3e48639202..9732d747e8 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 | |||
@@ -1,6 +1,6 @@ | |||
1 | # | 1 | # |
2 | # Automatically generated file; DO NOT EDIT. | 2 | # Automatically generated file; DO NOT EDIT. |
3 | # Linux/x86 3.10.4 Kernel Configuration | 3 | # Linux/x86 3.10.10 Kernel Configuration |
4 | # | 4 | # |
5 | CONFIG_64BIT=y | 5 | CONFIG_64BIT=y |
6 | CONFIG_X86_64=y | 6 | CONFIG_X86_64=y |
@@ -5571,6 +5571,11 @@ CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y | |||
5571 | # CONFIG_GRKERNSEC_SOCKET is not set | 5571 | # CONFIG_GRKERNSEC_SOCKET is not set |
5572 | 5572 | ||
5573 | # | 5573 | # |
5574 | # Physical Protections | ||
5575 | # | ||
5576 | # CONFIG_GRKERNSEC_DENYUSB is not set | ||
5577 | |||
5578 | # | ||
5574 | # Sysctl Support | 5579 | # Sysctl Support |
5575 | # | 5580 | # |
5576 | CONFIG_GRKERNSEC_SYSCTL=y | 5581 | CONFIG_GRKERNSEC_SYSCTL=y |
diff --git a/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch b/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch deleted file mode 100644 index aeaeb33d7a..0000000000 --- a/main/linux-grsec/net-ip_gre-fix-ipgre_header-to-return-correct-offset.patch +++ /dev/null | |||
@@ -1,45 +0,0 @@ | |||
1 | From patchwork Tue Aug 6 10:45:43 2013 | ||
2 | Content-Type: text/plain; charset="utf-8" | ||
3 | MIME-Version: 1.0 | ||
4 | Content-Transfer-Encoding: 8bit | ||
5 | Subject: [net] ip_gre: fix ipgre_header to return correct offset | ||
6 | From: =?utf-8?q?Timo_Ter=C3=A4s?= <timo.teras@iki.fi> | ||
7 | X-Patchwork-Id: 264994 | ||
8 | Message-Id: <1375785943-23908-1-git-send-email-timo.teras@iki.fi> | ||
9 | To: netdev@vger.kernel.org | ||
10 | Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>, | ||
11 | Pravin B Shelar <pshelar@nicira.com> | ||
12 | Date: Tue, 6 Aug 2013 13:45:43 +0300 | ||
13 | |||
14 | Fix ipgre_header() (header_ops->create) to return the correct | ||
15 | amount of bytes pushed. Most callers of dev_hard_header() seem | ||
16 | to care only if it was success, but af_packet.c uses it as | ||
17 | offset to the skb to copy from userspace only once. In practice | ||
18 | this fixes packet socket sendto()/sendmsg() to gre tunnels. | ||
19 | |||
20 | Regression introduced in c54419321455631079c7d6e60bc732dd0c5914c5 | ||
21 | ("GRE: Refactor GRE tunneling code.") | ||
22 | |||
23 | Cc: Pravin B Shelar <pshelar@nicira.com> | ||
24 | Signed-off-by: Timo Teräs <timo.teras@iki.fi> | ||
25 | |||
26 | --- | ||
27 | Should go to 3.10-stable too. Without this dmvpn setup does not work | ||
28 | at all, as opennhrp uses packet sockets to send the nhrp packets. | ||
29 | |||
30 | net/ipv4/ip_gre.c | 2 +- | ||
31 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
32 | |||
33 | diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c | ||
34 | index 855004f..c52fee0 100644 | ||
35 | --- a/net/ipv4/ip_gre.c | ||
36 | +++ b/net/ipv4/ip_gre.c | ||
37 | @@ -572,7 +572,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, | ||
38 | if (daddr) | ||
39 | memcpy(&iph->daddr, daddr, 4); | ||
40 | if (iph->daddr) | ||
41 | - return t->hlen; | ||
42 | + return t->hlen + sizeof(*iph); | ||
43 | |||
44 | return -(t->hlen + sizeof(*iph)); | ||
45 | } | ||