1 |
commit: a6229b99579efd5285746356612b4c3e70b6c407 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jul 1 22:16:19 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jul 1 22:16:19 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=a6229b99 |
7 |
|
8 |
Grsec/PaX: 3.1-{3.2.69,3.14.46,4.0.7}-201506300712 |
9 |
|
10 |
{4.0.6 => 3.14.46}/0000_README | 6 +- |
11 |
3.14.46/1045_linux-3.14.46.patch | 829 +++++++++++++++++++++ |
12 |
.../4420_grsecurity-3.1-3.14.46-201506300711.patch | 270 ++----- |
13 |
{4.0.6 => 3.14.46}/4425_grsec_remove_EI_PAX.patch | 0 |
14 |
.../4427_force_XATTR_PAX_tmpfs.patch | 0 |
15 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
16 |
.../4435_grsec-mute-warnings.patch | 0 |
17 |
.../4440_grsec-remove-protected-paths.patch | 0 |
18 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
19 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
20 |
.../4470_disable-compat_vdso.patch | 0 |
21 |
{4.0.6 => 3.14.46}/4475_emutramp_default_on.patch | 0 |
22 |
3.2.69/0000_README | 2 +- |
23 |
... 4420_grsecurity-3.1-3.2.69-201506300708.patch} | 69 +- |
24 |
{3.14.45 => 4.0.7}/0000_README | 6 +- |
25 |
4.0.7/1006_linux-4.0.7.patch | 707 ++++++++++++++++++ |
26 |
.../4420_grsecurity-3.1-4.0.7-201506300712.patch | 235 ++---- |
27 |
{3.14.45 => 4.0.7}/4425_grsec_remove_EI_PAX.patch | 0 |
28 |
{4.0.6 => 4.0.7}/4427_force_XATTR_PAX_tmpfs.patch | 0 |
29 |
.../4430_grsec-remove-localversion-grsec.patch | 0 |
30 |
{4.0.6 => 4.0.7}/4435_grsec-mute-warnings.patch | 0 |
31 |
.../4440_grsec-remove-protected-paths.patch | 0 |
32 |
.../4450_grsec-kconfig-default-gids.patch | 0 |
33 |
.../4465_selinux-avc_audit-log-curr_ip.patch | 0 |
34 |
{4.0.6 => 4.0.7}/4470_disable-compat_vdso.patch | 0 |
35 |
{3.14.45 => 4.0.7}/4475_emutramp_default_on.patch | 0 |
36 |
26 files changed, 1725 insertions(+), 399 deletions(-) |
37 |
|
38 |
diff --git a/4.0.6/0000_README b/3.14.46/0000_README |
39 |
similarity index 92% |
40 |
rename from 4.0.6/0000_README |
41 |
rename to 3.14.46/0000_README |
42 |
index 67f188e..de59c28 100644 |
43 |
--- a/4.0.6/0000_README |
44 |
+++ b/3.14.46/0000_README |
45 |
@@ -2,7 +2,11 @@ README |
46 |
----------------------------------------------------------------------------- |
47 |
Individual Patch Descriptions: |
48 |
----------------------------------------------------------------------------- |
49 |
-Patch: 4420_grsecurity-3.1-4.0.6-201506272327.patch |
50 |
+Patch: 1045_linux-3.14.46.patch |
51 |
+From: http://www.kernel.org |
52 |
+Desc: Linux 3.14.46 |
53 |
+ |
54 |
+Patch: 4420_grsecurity-3.1-3.14.46-201506300711.patch |
55 |
From: http://www.grsecurity.net |
56 |
Desc: hardened-sources base patch from upstream grsecurity |
57 |
|
58 |
|
59 |
diff --git a/3.14.46/1045_linux-3.14.46.patch b/3.14.46/1045_linux-3.14.46.patch |
60 |
new file mode 100644 |
61 |
index 0000000..12790dc |
62 |
--- /dev/null |
63 |
+++ b/3.14.46/1045_linux-3.14.46.patch |
64 |
@@ -0,0 +1,829 @@ |
65 |
+diff --git a/Makefile b/Makefile |
66 |
+index c92186c..def39fd 100644 |
67 |
+--- a/Makefile |
68 |
++++ b/Makefile |
69 |
+@@ -1,6 +1,6 @@ |
70 |
+ VERSION = 3 |
71 |
+ PATCHLEVEL = 14 |
72 |
+-SUBLEVEL = 45 |
73 |
++SUBLEVEL = 46 |
74 |
+ EXTRAVERSION = |
75 |
+ NAME = Remembering Coco |
76 |
+ |
77 |
+diff --git a/arch/arm/include/asm/kvm_host.h b/arch/arm/include/asm/kvm_host.h |
78 |
+index 09af149..530f56e 100644 |
79 |
+--- a/arch/arm/include/asm/kvm_host.h |
80 |
++++ b/arch/arm/include/asm/kvm_host.h |
81 |
+@@ -42,7 +42,7 @@ |
82 |
+ |
83 |
+ struct kvm_vcpu; |
84 |
+ u32 *kvm_vcpu_reg(struct kvm_vcpu *vcpu, u8 reg_num, u32 mode); |
85 |
+-int kvm_target_cpu(void); |
86 |
++int __attribute_const__ kvm_target_cpu(void); |
87 |
+ int kvm_reset_vcpu(struct kvm_vcpu *vcpu); |
88 |
+ void kvm_reset_coprocs(struct kvm_vcpu *vcpu); |
89 |
+ |
90 |
+diff --git a/arch/arm/include/asm/kvm_mmu.h b/arch/arm/include/asm/kvm_mmu.h |
91 |
+index 7b362bc..0cbdb8e 100644 |
92 |
+--- a/arch/arm/include/asm/kvm_mmu.h |
93 |
++++ b/arch/arm/include/asm/kvm_mmu.h |
94 |
+@@ -127,6 +127,18 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd) |
95 |
+ (__boundary - 1 < (end) - 1)? __boundary: (end); \ |
96 |
+ }) |
97 |
+ |
98 |
++static inline bool kvm_page_empty(void *ptr) |
99 |
++{ |
100 |
++ struct page *ptr_page = virt_to_page(ptr); |
101 |
++ return page_count(ptr_page) == 1; |
102 |
++} |
103 |
++ |
104 |
++ |
105 |
++#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep) |
106 |
++#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp) |
107 |
++#define kvm_pud_table_empty(pudp) (0) |
108 |
++ |
109 |
++ |
110 |
+ struct kvm; |
111 |
+ |
112 |
+ #define kvm_flush_dcache_to_poc(a,l) __cpuc_flush_dcache_area((a), (l)) |
113 |
+diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S |
114 |
+index 797b1a6..7e666cf 100644 |
115 |
+--- a/arch/arm/kernel/hyp-stub.S |
116 |
++++ b/arch/arm/kernel/hyp-stub.S |
117 |
+@@ -134,9 +134,7 @@ ENTRY(__hyp_stub_install_secondary) |
118 |
+ mcr p15, 4, r7, c1, c1, 3 @ HSTR |
119 |
+ |
120 |
+ THUMB( orr r7, #(1 << 30) ) @ HSCTLR.TE |
121 |
+-#ifdef CONFIG_CPU_BIG_ENDIAN |
122 |
+- orr r7, #(1 << 9) @ HSCTLR.EE |
123 |
+-#endif |
124 |
++ARM_BE8(orr r7, r7, #(1 << 25)) @ HSCTLR.EE |
125 |
+ mcr p15, 4, r7, c1, c0, 0 @ HSCTLR |
126 |
+ |
127 |
+ mrc p15, 4, r7, c1, c1, 1 @ HDCR |
128 |
+diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c |
129 |
+index bd18bb8..df6e75e 100644 |
130 |
+--- a/arch/arm/kvm/arm.c |
131 |
++++ b/arch/arm/kvm/arm.c |
132 |
+@@ -82,7 +82,7 @@ struct kvm_vcpu *kvm_arm_get_running_vcpu(void) |
133 |
+ /** |
134 |
+ * kvm_arm_get_running_vcpus - get the per-CPU array of currently running vcpus. |
135 |
+ */ |
136 |
+-struct kvm_vcpu __percpu **kvm_get_running_vcpus(void) |
137 |
++struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void) |
138 |
+ { |
139 |
+ return &kvm_arm_running_vcpu; |
140 |
+ } |
141 |
+@@ -155,16 +155,6 @@ int kvm_arch_vcpu_fault(struct kvm_vcpu *vcpu, struct vm_fault *vmf) |
142 |
+ return VM_FAULT_SIGBUS; |
143 |
+ } |
144 |
+ |
145 |
+-void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, |
146 |
+- struct kvm_memory_slot *dont) |
147 |
+-{ |
148 |
+-} |
149 |
+- |
150 |
+-int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot, |
151 |
+- unsigned long npages) |
152 |
+-{ |
153 |
+- return 0; |
154 |
+-} |
155 |
+ |
156 |
+ /** |
157 |
+ * kvm_arch_destroy_vm - destroy the VM data structure |
158 |
+@@ -224,33 +214,6 @@ long kvm_arch_dev_ioctl(struct file *filp, |
159 |
+ return -EINVAL; |
160 |
+ } |
161 |
+ |
162 |
+-void kvm_arch_memslots_updated(struct kvm *kvm) |
163 |
+-{ |
164 |
+-} |
165 |
+- |
166 |
+-int kvm_arch_prepare_memory_region(struct kvm *kvm, |
167 |
+- struct kvm_memory_slot *memslot, |
168 |
+- struct kvm_userspace_memory_region *mem, |
169 |
+- enum kvm_mr_change change) |
170 |
+-{ |
171 |
+- return 0; |
172 |
+-} |
173 |
+- |
174 |
+-void kvm_arch_commit_memory_region(struct kvm *kvm, |
175 |
+- struct kvm_userspace_memory_region *mem, |
176 |
+- const struct kvm_memory_slot *old, |
177 |
+- enum kvm_mr_change change) |
178 |
+-{ |
179 |
+-} |
180 |
+- |
181 |
+-void kvm_arch_flush_shadow_all(struct kvm *kvm) |
182 |
+-{ |
183 |
+-} |
184 |
+- |
185 |
+-void kvm_arch_flush_shadow_memslot(struct kvm *kvm, |
186 |
+- struct kvm_memory_slot *slot) |
187 |
+-{ |
188 |
+-} |
189 |
+ |
190 |
+ struct kvm_vcpu *kvm_arch_vcpu_create(struct kvm *kvm, unsigned int id) |
191 |
+ { |
192 |
+diff --git a/arch/arm/kvm/coproc.c b/arch/arm/kvm/coproc.c |
193 |
+index c58a351..7c73290 100644 |
194 |
+--- a/arch/arm/kvm/coproc.c |
195 |
++++ b/arch/arm/kvm/coproc.c |
196 |
+@@ -742,7 +742,7 @@ static bool is_valid_cache(u32 val) |
197 |
+ u32 level, ctype; |
198 |
+ |
199 |
+ if (val >= CSSELR_MAX) |
200 |
+- return -ENOENT; |
201 |
++ return false; |
202 |
+ |
203 |
+ /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */ |
204 |
+ level = (val >> 1); |
205 |
+diff --git a/arch/arm/kvm/mmu.c b/arch/arm/kvm/mmu.c |
206 |
+index c93ef38..70ed2c1 100644 |
207 |
+--- a/arch/arm/kvm/mmu.c |
208 |
++++ b/arch/arm/kvm/mmu.c |
209 |
+@@ -90,103 +90,115 @@ static void *mmu_memory_cache_alloc(struct kvm_mmu_memory_cache *mc) |
210 |
+ return p; |
211 |
+ } |
212 |
+ |
213 |
+-static bool page_empty(void *ptr) |
214 |
++static void clear_pgd_entry(struct kvm *kvm, pgd_t *pgd, phys_addr_t addr) |
215 |
+ { |
216 |
+- struct page *ptr_page = virt_to_page(ptr); |
217 |
+- return page_count(ptr_page) == 1; |
218 |
++ pud_t *pud_table __maybe_unused = pud_offset(pgd, 0); |
219 |
++ pgd_clear(pgd); |
220 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
221 |
++ pud_free(NULL, pud_table); |
222 |
++ put_page(virt_to_page(pgd)); |
223 |
+ } |
224 |
+ |
225 |
+ static void clear_pud_entry(struct kvm *kvm, pud_t *pud, phys_addr_t addr) |
226 |
+ { |
227 |
+- if (pud_huge(*pud)) { |
228 |
+- pud_clear(pud); |
229 |
+- kvm_tlb_flush_vmid_ipa(kvm, addr); |
230 |
+- } else { |
231 |
+- pmd_t *pmd_table = pmd_offset(pud, 0); |
232 |
+- pud_clear(pud); |
233 |
+- kvm_tlb_flush_vmid_ipa(kvm, addr); |
234 |
+- pmd_free(NULL, pmd_table); |
235 |
+- } |
236 |
++ pmd_t *pmd_table = pmd_offset(pud, 0); |
237 |
++ VM_BUG_ON(pud_huge(*pud)); |
238 |
++ pud_clear(pud); |
239 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
240 |
++ pmd_free(NULL, pmd_table); |
241 |
+ put_page(virt_to_page(pud)); |
242 |
+ } |
243 |
+ |
244 |
+ static void clear_pmd_entry(struct kvm *kvm, pmd_t *pmd, phys_addr_t addr) |
245 |
+ { |
246 |
+- if (kvm_pmd_huge(*pmd)) { |
247 |
+- pmd_clear(pmd); |
248 |
+- kvm_tlb_flush_vmid_ipa(kvm, addr); |
249 |
+- } else { |
250 |
+- pte_t *pte_table = pte_offset_kernel(pmd, 0); |
251 |
+- pmd_clear(pmd); |
252 |
+- kvm_tlb_flush_vmid_ipa(kvm, addr); |
253 |
+- pte_free_kernel(NULL, pte_table); |
254 |
+- } |
255 |
++ pte_t *pte_table = pte_offset_kernel(pmd, 0); |
256 |
++ VM_BUG_ON(kvm_pmd_huge(*pmd)); |
257 |
++ pmd_clear(pmd); |
258 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
259 |
++ pte_free_kernel(NULL, pte_table); |
260 |
+ put_page(virt_to_page(pmd)); |
261 |
+ } |
262 |
+ |
263 |
+-static void clear_pte_entry(struct kvm *kvm, pte_t *pte, phys_addr_t addr) |
264 |
++static void unmap_ptes(struct kvm *kvm, pmd_t *pmd, |
265 |
++ phys_addr_t addr, phys_addr_t end) |
266 |
+ { |
267 |
+- if (pte_present(*pte)) { |
268 |
+- kvm_set_pte(pte, __pte(0)); |
269 |
+- put_page(virt_to_page(pte)); |
270 |
+- kvm_tlb_flush_vmid_ipa(kvm, addr); |
271 |
++ phys_addr_t start_addr = addr; |
272 |
++ pte_t *pte, *start_pte; |
273 |
++ |
274 |
++ start_pte = pte = pte_offset_kernel(pmd, addr); |
275 |
++ do { |
276 |
++ if (!pte_none(*pte)) { |
277 |
++ kvm_set_pte(pte, __pte(0)); |
278 |
++ put_page(virt_to_page(pte)); |
279 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
280 |
++ } |
281 |
++ } while (pte++, addr += PAGE_SIZE, addr != end); |
282 |
++ |
283 |
++ if (kvm_pte_table_empty(start_pte)) |
284 |
++ clear_pmd_entry(kvm, pmd, start_addr); |
285 |
+ } |
286 |
+-} |
287 |
+ |
288 |
+-static void unmap_range(struct kvm *kvm, pgd_t *pgdp, |
289 |
+- unsigned long long start, u64 size) |
290 |
++static void unmap_pmds(struct kvm *kvm, pud_t *pud, |
291 |
++ phys_addr_t addr, phys_addr_t end) |
292 |
+ { |
293 |
+- pgd_t *pgd; |
294 |
+- pud_t *pud; |
295 |
+- pmd_t *pmd; |
296 |
+- pte_t *pte; |
297 |
+- unsigned long long addr = start, end = start + size; |
298 |
+- u64 next; |
299 |
+- |
300 |
+- while (addr < end) { |
301 |
+- pgd = pgdp + pgd_index(addr); |
302 |
+- pud = pud_offset(pgd, addr); |
303 |
+- if (pud_none(*pud)) { |
304 |
+- addr = kvm_pud_addr_end(addr, end); |
305 |
+- continue; |
306 |
+- } |
307 |
++ phys_addr_t next, start_addr = addr; |
308 |
++ pmd_t *pmd, *start_pmd; |
309 |
+ |
310 |
+- if (pud_huge(*pud)) { |
311 |
+- /* |
312 |
+- * If we are dealing with a huge pud, just clear it and |
313 |
+- * move on. |
314 |
+- */ |
315 |
+- clear_pud_entry(kvm, pud, addr); |
316 |
+- addr = kvm_pud_addr_end(addr, end); |
317 |
+- continue; |
318 |
++ start_pmd = pmd = pmd_offset(pud, addr); |
319 |
++ do { |
320 |
++ next = kvm_pmd_addr_end(addr, end); |
321 |
++ if (!pmd_none(*pmd)) { |
322 |
++ if (kvm_pmd_huge(*pmd)) { |
323 |
++ pmd_clear(pmd); |
324 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
325 |
++ put_page(virt_to_page(pmd)); |
326 |
++ } else { |
327 |
++ unmap_ptes(kvm, pmd, addr, next); |
328 |
++ } |
329 |
+ } |
330 |
++ } while (pmd++, addr = next, addr != end); |
331 |
+ |
332 |
+- pmd = pmd_offset(pud, addr); |
333 |
+- if (pmd_none(*pmd)) { |
334 |
+- addr = kvm_pmd_addr_end(addr, end); |
335 |
+- continue; |
336 |
+- } |
337 |
++ if (kvm_pmd_table_empty(start_pmd)) |
338 |
++ clear_pud_entry(kvm, pud, start_addr); |
339 |
++} |
340 |
+ |
341 |
+- if (!kvm_pmd_huge(*pmd)) { |
342 |
+- pte = pte_offset_kernel(pmd, addr); |
343 |
+- clear_pte_entry(kvm, pte, addr); |
344 |
+- next = addr + PAGE_SIZE; |
345 |
+- } |
346 |
++static void unmap_puds(struct kvm *kvm, pgd_t *pgd, |
347 |
++ phys_addr_t addr, phys_addr_t end) |
348 |
++{ |
349 |
++ phys_addr_t next, start_addr = addr; |
350 |
++ pud_t *pud, *start_pud; |
351 |
+ |
352 |
+- /* |
353 |
+- * If the pmd entry is to be cleared, walk back up the ladder |
354 |
+- */ |
355 |
+- if (kvm_pmd_huge(*pmd) || page_empty(pte)) { |
356 |
+- clear_pmd_entry(kvm, pmd, addr); |
357 |
+- next = kvm_pmd_addr_end(addr, end); |
358 |
+- if (page_empty(pmd) && !page_empty(pud)) { |
359 |
+- clear_pud_entry(kvm, pud, addr); |
360 |
+- next = kvm_pud_addr_end(addr, end); |
361 |
++ start_pud = pud = pud_offset(pgd, addr); |
362 |
++ do { |
363 |
++ next = kvm_pud_addr_end(addr, end); |
364 |
++ if (!pud_none(*pud)) { |
365 |
++ if (pud_huge(*pud)) { |
366 |
++ pud_clear(pud); |
367 |
++ kvm_tlb_flush_vmid_ipa(kvm, addr); |
368 |
++ put_page(virt_to_page(pud)); |
369 |
++ } else { |
370 |
++ unmap_pmds(kvm, pud, addr, next); |
371 |
+ } |
372 |
+ } |
373 |
++ } while (pud++, addr = next, addr != end); |
374 |
+ |
375 |
+- addr = next; |
376 |
+- } |
377 |
++ if (kvm_pud_table_empty(start_pud)) |
378 |
++ clear_pgd_entry(kvm, pgd, start_addr); |
379 |
++} |
380 |
++ |
381 |
++ |
382 |
++static void unmap_range(struct kvm *kvm, pgd_t *pgdp, |
383 |
++ phys_addr_t start, u64 size) |
384 |
++{ |
385 |
++ pgd_t *pgd; |
386 |
++ phys_addr_t addr = start, end = start + size; |
387 |
++ phys_addr_t next; |
388 |
++ |
389 |
++ pgd = pgdp + pgd_index(addr); |
390 |
++ do { |
391 |
++ next = kvm_pgd_addr_end(addr, end); |
392 |
++ unmap_puds(kvm, pgd, addr, next); |
393 |
++ } while (pgd++, addr = next, addr != end); |
394 |
+ } |
395 |
+ |
396 |
+ static void stage2_flush_ptes(struct kvm *kvm, pmd_t *pmd, |
397 |
+@@ -747,6 +759,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, |
398 |
+ struct kvm_mmu_memory_cache *memcache = &vcpu->arch.mmu_page_cache; |
399 |
+ struct vm_area_struct *vma; |
400 |
+ pfn_t pfn; |
401 |
++ pgprot_t mem_type = PAGE_S2; |
402 |
+ |
403 |
+ write_fault = kvm_is_write_fault(kvm_vcpu_get_hsr(vcpu)); |
404 |
+ if (fault_status == FSC_PERM && !write_fault) { |
405 |
+@@ -797,6 +810,9 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, |
406 |
+ if (is_error_pfn(pfn)) |
407 |
+ return -EFAULT; |
408 |
+ |
409 |
++ if (kvm_is_mmio_pfn(pfn)) |
410 |
++ mem_type = PAGE_S2_DEVICE; |
411 |
++ |
412 |
+ spin_lock(&kvm->mmu_lock); |
413 |
+ if (mmu_notifier_retry(kvm, mmu_seq)) |
414 |
+ goto out_unlock; |
415 |
+@@ -804,7 +820,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, |
416 |
+ hugetlb = transparent_hugepage_adjust(&pfn, &fault_ipa); |
417 |
+ |
418 |
+ if (hugetlb) { |
419 |
+- pmd_t new_pmd = pfn_pmd(pfn, PAGE_S2); |
420 |
++ pmd_t new_pmd = pfn_pmd(pfn, mem_type); |
421 |
+ new_pmd = pmd_mkhuge(new_pmd); |
422 |
+ if (writable) { |
423 |
+ kvm_set_s2pmd_writable(&new_pmd); |
424 |
+@@ -813,13 +829,14 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, |
425 |
+ coherent_cache_guest_page(vcpu, hva & PMD_MASK, PMD_SIZE); |
426 |
+ ret = stage2_set_pmd_huge(kvm, memcache, fault_ipa, &new_pmd); |
427 |
+ } else { |
428 |
+- pte_t new_pte = pfn_pte(pfn, PAGE_S2); |
429 |
++ pte_t new_pte = pfn_pte(pfn, mem_type); |
430 |
+ if (writable) { |
431 |
+ kvm_set_s2pte_writable(&new_pte); |
432 |
+ kvm_set_pfn_dirty(pfn); |
433 |
+ } |
434 |
+ coherent_cache_guest_page(vcpu, hva, PAGE_SIZE); |
435 |
+- ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, false); |
436 |
++ ret = stage2_set_pte(kvm, memcache, fault_ipa, &new_pte, |
437 |
++ mem_type == PAGE_S2_DEVICE); |
438 |
+ } |
439 |
+ |
440 |
+ |
441 |
+@@ -1099,3 +1116,49 @@ out: |
442 |
+ free_hyp_pgds(); |
443 |
+ return err; |
444 |
+ } |
445 |
++ |
446 |
++void kvm_arch_commit_memory_region(struct kvm *kvm, |
447 |
++ struct kvm_userspace_memory_region *mem, |
448 |
++ const struct kvm_memory_slot *old, |
449 |
++ enum kvm_mr_change change) |
450 |
++{ |
451 |
++ gpa_t gpa = old->base_gfn << PAGE_SHIFT; |
452 |
++ phys_addr_t size = old->npages << PAGE_SHIFT; |
453 |
++ if (change == KVM_MR_DELETE || change == KVM_MR_MOVE) { |
454 |
++ spin_lock(&kvm->mmu_lock); |
455 |
++ unmap_stage2_range(kvm, gpa, size); |
456 |
++ spin_unlock(&kvm->mmu_lock); |
457 |
++ } |
458 |
++} |
459 |
++ |
460 |
++int kvm_arch_prepare_memory_region(struct kvm *kvm, |
461 |
++ struct kvm_memory_slot *memslot, |
462 |
++ struct kvm_userspace_memory_region *mem, |
463 |
++ enum kvm_mr_change change) |
464 |
++{ |
465 |
++ return 0; |
466 |
++} |
467 |
++ |
468 |
++void kvm_arch_free_memslot(struct kvm *kvm, struct kvm_memory_slot *free, |
469 |
++ struct kvm_memory_slot *dont) |
470 |
++{ |
471 |
++} |
472 |
++ |
473 |
++int kvm_arch_create_memslot(struct kvm *kvm, struct kvm_memory_slot *slot, |
474 |
++ unsigned long npages) |
475 |
++{ |
476 |
++ return 0; |
477 |
++} |
478 |
++ |
479 |
++void kvm_arch_memslots_updated(struct kvm *kvm) |
480 |
++{ |
481 |
++} |
482 |
++ |
483 |
++void kvm_arch_flush_shadow_all(struct kvm *kvm) |
484 |
++{ |
485 |
++} |
486 |
++ |
487 |
++void kvm_arch_flush_shadow_memslot(struct kvm *kvm, |
488 |
++ struct kvm_memory_slot *slot) |
489 |
++{ |
490 |
++} |
491 |
+diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h |
492 |
+index 0a1d697..3fb0946 100644 |
493 |
+--- a/arch/arm64/include/asm/kvm_host.h |
494 |
++++ b/arch/arm64/include/asm/kvm_host.h |
495 |
+@@ -42,7 +42,7 @@ |
496 |
+ #define KVM_VCPU_MAX_FEATURES 2 |
497 |
+ |
498 |
+ struct kvm_vcpu; |
499 |
+-int kvm_target_cpu(void); |
500 |
++int __attribute_const__ kvm_target_cpu(void); |
501 |
+ int kvm_reset_vcpu(struct kvm_vcpu *vcpu); |
502 |
+ int kvm_arch_dev_ioctl_check_extension(long ext); |
503 |
+ |
504 |
+@@ -177,7 +177,7 @@ static inline int kvm_test_age_hva(struct kvm *kvm, unsigned long hva) |
505 |
+ } |
506 |
+ |
507 |
+ struct kvm_vcpu *kvm_arm_get_running_vcpu(void); |
508 |
+-struct kvm_vcpu __percpu **kvm_get_running_vcpus(void); |
509 |
++struct kvm_vcpu * __percpu *kvm_get_running_vcpus(void); |
510 |
+ |
511 |
+ u64 kvm_call_hyp(void *hypfn, ...); |
512 |
+ |
513 |
+diff --git a/arch/arm64/include/asm/kvm_mmu.h b/arch/arm64/include/asm/kvm_mmu.h |
514 |
+index 7d29847..8e138c7 100644 |
515 |
+--- a/arch/arm64/include/asm/kvm_mmu.h |
516 |
++++ b/arch/arm64/include/asm/kvm_mmu.h |
517 |
+@@ -125,6 +125,21 @@ static inline void kvm_set_s2pmd_writable(pmd_t *pmd) |
518 |
+ #define kvm_pud_addr_end(addr, end) pud_addr_end(addr, end) |
519 |
+ #define kvm_pmd_addr_end(addr, end) pmd_addr_end(addr, end) |
520 |
+ |
521 |
++static inline bool kvm_page_empty(void *ptr) |
522 |
++{ |
523 |
++ struct page *ptr_page = virt_to_page(ptr); |
524 |
++ return page_count(ptr_page) == 1; |
525 |
++} |
526 |
++ |
527 |
++#define kvm_pte_table_empty(ptep) kvm_page_empty(ptep) |
528 |
++#ifndef CONFIG_ARM64_64K_PAGES |
529 |
++#define kvm_pmd_table_empty(pmdp) kvm_page_empty(pmdp) |
530 |
++#else |
531 |
++#define kvm_pmd_table_empty(pmdp) (0) |
532 |
++#endif |
533 |
++#define kvm_pud_table_empty(pudp) (0) |
534 |
++ |
535 |
++ |
536 |
+ struct kvm; |
537 |
+ |
538 |
+ #define kvm_flush_dcache_to_poc(a,l) __flush_dcache_area((a), (l)) |
539 |
+diff --git a/arch/arm64/kvm/hyp.S b/arch/arm64/kvm/hyp.S |
540 |
+index b0d1512..5dfc8331 100644 |
541 |
+--- a/arch/arm64/kvm/hyp.S |
542 |
++++ b/arch/arm64/kvm/hyp.S |
543 |
+@@ -830,7 +830,7 @@ el1_trap: |
544 |
+ mrs x2, far_el2 |
545 |
+ |
546 |
+ 2: mrs x0, tpidr_el2 |
547 |
+- str x1, [x0, #VCPU_ESR_EL2] |
548 |
++ str w1, [x0, #VCPU_ESR_EL2] |
549 |
+ str x2, [x0, #VCPU_FAR_EL2] |
550 |
+ str x3, [x0, #VCPU_HPFAR_EL2] |
551 |
+ |
552 |
+diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c |
553 |
+index 0324458..7691b25 100644 |
554 |
+--- a/arch/arm64/kvm/sys_regs.c |
555 |
++++ b/arch/arm64/kvm/sys_regs.c |
556 |
+@@ -836,7 +836,7 @@ static bool is_valid_cache(u32 val) |
557 |
+ u32 level, ctype; |
558 |
+ |
559 |
+ if (val >= CSSELR_MAX) |
560 |
+- return -ENOENT; |
561 |
++ return false; |
562 |
+ |
563 |
+ /* Bottom bit is Instruction or Data bit. Next 3 bits are level. */ |
564 |
+ level = (val >> 1); |
565 |
+@@ -962,7 +962,7 @@ static unsigned int num_demux_regs(void) |
566 |
+ |
567 |
+ static int write_demux_regids(u64 __user *uindices) |
568 |
+ { |
569 |
+- u64 val = KVM_REG_ARM | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX; |
570 |
++ u64 val = KVM_REG_ARM64 | KVM_REG_SIZE_U32 | KVM_REG_ARM_DEMUX; |
571 |
+ unsigned int i; |
572 |
+ |
573 |
+ val |= KVM_REG_ARM_DEMUX_ID_CCSIDR; |
574 |
+diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c |
575 |
+index 26b03e1..8ff2b3c 100644 |
576 |
+--- a/drivers/bluetooth/ath3k.c |
577 |
++++ b/drivers/bluetooth/ath3k.c |
578 |
+@@ -79,6 +79,7 @@ static const struct usb_device_id ath3k_table[] = { |
579 |
+ { USB_DEVICE(0x0489, 0xe057) }, |
580 |
+ { USB_DEVICE(0x0489, 0xe056) }, |
581 |
+ { USB_DEVICE(0x0489, 0xe05f) }, |
582 |
++ { USB_DEVICE(0x0489, 0xe076) }, |
583 |
+ { USB_DEVICE(0x0489, 0xe078) }, |
584 |
+ { USB_DEVICE(0x04c5, 0x1330) }, |
585 |
+ { USB_DEVICE(0x04CA, 0x3004) }, |
586 |
+@@ -109,6 +110,7 @@ static const struct usb_device_id ath3k_table[] = { |
587 |
+ { USB_DEVICE(0x13d3, 0x3402) }, |
588 |
+ { USB_DEVICE(0x13d3, 0x3408) }, |
589 |
+ { USB_DEVICE(0x13d3, 0x3432) }, |
590 |
++ { USB_DEVICE(0x13d3, 0x3474) }, |
591 |
+ |
592 |
+ /* Atheros AR5BBU12 with sflash firmware */ |
593 |
+ { USB_DEVICE(0x0489, 0xE02C) }, |
594 |
+@@ -133,6 +135,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
595 |
+ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
596 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
597 |
+ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, |
598 |
++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, |
599 |
+ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
600 |
+ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
601 |
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, |
602 |
+@@ -163,6 +166,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
603 |
+ { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, |
604 |
+ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
605 |
+ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
606 |
++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, |
607 |
+ |
608 |
+ /* Atheros AR5BBU22 with sflash firmware */ |
609 |
+ { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 }, |
610 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
611 |
+index 9eb1669..c0e7a9aa9 100644 |
612 |
+--- a/drivers/bluetooth/btusb.c |
613 |
++++ b/drivers/bluetooth/btusb.c |
614 |
+@@ -157,6 +157,7 @@ static const struct usb_device_id blacklist_table[] = { |
615 |
+ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
616 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
617 |
+ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, |
618 |
++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, |
619 |
+ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
620 |
+ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
621 |
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, |
622 |
+@@ -187,6 +188,7 @@ static const struct usb_device_id blacklist_table[] = { |
623 |
+ { USB_DEVICE(0x13d3, 0x3402), .driver_info = BTUSB_ATH3012 }, |
624 |
+ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
625 |
+ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
626 |
++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, |
627 |
+ |
628 |
+ /* Atheros AR5BBU12 with sflash firmware */ |
629 |
+ { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, |
630 |
+diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c |
631 |
+index 28486b1..ae6dae8 100644 |
632 |
+--- a/drivers/crypto/caam/caamrng.c |
633 |
++++ b/drivers/crypto/caam/caamrng.c |
634 |
+@@ -56,7 +56,7 @@ |
635 |
+ |
636 |
+ /* Buffer, its dma address and lock */ |
637 |
+ struct buf_data { |
638 |
+- u8 buf[RN_BUF_SIZE]; |
639 |
++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; |
640 |
+ dma_addr_t addr; |
641 |
+ struct completion filled; |
642 |
+ u32 hw_desc[DESC_JOB_O_LEN]; |
643 |
+diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c |
644 |
+index 9683747..f2511a0 100644 |
645 |
+--- a/drivers/gpu/drm/mgag200/mgag200_mode.c |
646 |
++++ b/drivers/gpu/drm/mgag200/mgag200_mode.c |
647 |
+@@ -1529,6 +1529,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector, |
648 |
+ return MODE_BANDWIDTH; |
649 |
+ } |
650 |
+ |
651 |
++ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 || |
652 |
++ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) { |
653 |
++ return MODE_H_ILLEGAL; |
654 |
++ } |
655 |
++ |
656 |
+ if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 || |
657 |
+ mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 || |
658 |
+ mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 || |
659 |
+diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c |
660 |
+index 8f580fd..ce21132 100644 |
661 |
+--- a/drivers/scsi/lpfc/lpfc_sli.c |
662 |
++++ b/drivers/scsi/lpfc/lpfc_sli.c |
663 |
+@@ -265,6 +265,16 @@ lpfc_sli4_eq_get(struct lpfc_queue *q) |
664 |
+ return NULL; |
665 |
+ |
666 |
+ q->hba_index = idx; |
667 |
++ |
668 |
++ /* |
669 |
++ * insert barrier for instruction interlock : data from the hardware |
670 |
++ * must have the valid bit checked before it can be copied and acted |
671 |
++ * upon. Given what was seen in lpfc_sli4_cq_get() of speculative |
672 |
++ * instructions allowing action on content before valid bit checked, |
673 |
++ * add barrier here as well. May not be needed as "content" is a |
674 |
++ * single 32-bit entity here (vs multi word structure for cq's). |
675 |
++ */ |
676 |
++ mb(); |
677 |
+ return eqe; |
678 |
+ } |
679 |
+ |
680 |
+@@ -370,6 +380,17 @@ lpfc_sli4_cq_get(struct lpfc_queue *q) |
681 |
+ |
682 |
+ cqe = q->qe[q->hba_index].cqe; |
683 |
+ q->hba_index = idx; |
684 |
++ |
685 |
++ /* |
686 |
++ * insert barrier for instruction interlock : data from the hardware |
687 |
++ * must have the valid bit checked before it can be copied and acted |
688 |
++ * upon. Speculative instructions were allowing a bcopy at the start |
689 |
++ * of lpfc_sli4_fp_handle_wcqe(), which is called immediately |
690 |
++ * after our return, to copy data before the valid bit check above |
691 |
++ * was done. As such, some of the copied data was stale. The barrier |
692 |
++ * ensures the check is before any data is copied. |
693 |
++ */ |
694 |
++ mb(); |
695 |
+ return cqe; |
696 |
+ } |
697 |
+ |
698 |
+diff --git a/fs/pipe.c b/fs/pipe.c |
699 |
+index 78fd0d0..46f1ab2 100644 |
700 |
+--- a/fs/pipe.c |
701 |
++++ b/fs/pipe.c |
702 |
+@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe) |
703 |
+ } |
704 |
+ |
705 |
+ static int |
706 |
+-pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, |
707 |
+- int atomic) |
708 |
++pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov, |
709 |
++ size_t *remaining, int atomic) |
710 |
+ { |
711 |
+ unsigned long copy; |
712 |
+ |
713 |
+- while (len > 0) { |
714 |
++ while (*remaining > 0) { |
715 |
+ while (!iov->iov_len) |
716 |
+ iov++; |
717 |
+- copy = min_t(unsigned long, len, iov->iov_len); |
718 |
++ copy = min_t(unsigned long, *remaining, iov->iov_len); |
719 |
+ |
720 |
+ if (atomic) { |
721 |
+- if (__copy_from_user_inatomic(to, iov->iov_base, copy)) |
722 |
++ if (__copy_from_user_inatomic(addr + *offset, |
723 |
++ iov->iov_base, copy)) |
724 |
+ return -EFAULT; |
725 |
+ } else { |
726 |
+- if (copy_from_user(to, iov->iov_base, copy)) |
727 |
++ if (copy_from_user(addr + *offset, |
728 |
++ iov->iov_base, copy)) |
729 |
+ return -EFAULT; |
730 |
+ } |
731 |
+- to += copy; |
732 |
+- len -= copy; |
733 |
++ *offset += copy; |
734 |
++ *remaining -= copy; |
735 |
+ iov->iov_base += copy; |
736 |
+ iov->iov_len -= copy; |
737 |
+ } |
738 |
+@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, |
739 |
+ } |
740 |
+ |
741 |
+ static int |
742 |
+-pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, |
743 |
+- int atomic) |
744 |
++pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset, |
745 |
++ size_t *remaining, int atomic) |
746 |
+ { |
747 |
+ unsigned long copy; |
748 |
+ |
749 |
+- while (len > 0) { |
750 |
++ while (*remaining > 0) { |
751 |
+ while (!iov->iov_len) |
752 |
+ iov++; |
753 |
+- copy = min_t(unsigned long, len, iov->iov_len); |
754 |
++ copy = min_t(unsigned long, *remaining, iov->iov_len); |
755 |
+ |
756 |
+ if (atomic) { |
757 |
+- if (__copy_to_user_inatomic(iov->iov_base, from, copy)) |
758 |
++ if (__copy_to_user_inatomic(iov->iov_base, |
759 |
++ addr + *offset, copy)) |
760 |
+ return -EFAULT; |
761 |
+ } else { |
762 |
+- if (copy_to_user(iov->iov_base, from, copy)) |
763 |
++ if (copy_to_user(iov->iov_base, |
764 |
++ addr + *offset, copy)) |
765 |
+ return -EFAULT; |
766 |
+ } |
767 |
+- from += copy; |
768 |
+- len -= copy; |
769 |
++ *offset += copy; |
770 |
++ *remaining -= copy; |
771 |
+ iov->iov_base += copy; |
772 |
+ iov->iov_len -= copy; |
773 |
+ } |
774 |
+@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, |
775 |
+ struct pipe_buffer *buf = pipe->bufs + curbuf; |
776 |
+ const struct pipe_buf_operations *ops = buf->ops; |
777 |
+ void *addr; |
778 |
+- size_t chars = buf->len; |
779 |
++ size_t chars = buf->len, remaining; |
780 |
+ int error, atomic; |
781 |
+ |
782 |
+ if (chars > total_len) |
783 |
+@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, |
784 |
+ } |
785 |
+ |
786 |
+ atomic = !iov_fault_in_pages_write(iov, chars); |
787 |
++ remaining = chars; |
788 |
+ redo: |
789 |
+ addr = ops->map(pipe, buf, atomic); |
790 |
+- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); |
791 |
++ error = pipe_iov_copy_to_user(iov, addr, &buf->offset, |
792 |
++ &remaining, atomic); |
793 |
+ ops->unmap(pipe, buf, addr); |
794 |
+ if (unlikely(error)) { |
795 |
+ /* |
796 |
+@@ -426,7 +432,6 @@ redo: |
797 |
+ break; |
798 |
+ } |
799 |
+ ret += chars; |
800 |
+- buf->offset += chars; |
801 |
+ buf->len -= chars; |
802 |
+ |
803 |
+ /* Was it a packet buffer? Clean up and exit */ |
804 |
+@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
805 |
+ if (ops->can_merge && offset + chars <= PAGE_SIZE) { |
806 |
+ int error, atomic = 1; |
807 |
+ void *addr; |
808 |
++ size_t remaining = chars; |
809 |
+ |
810 |
+ error = ops->confirm(pipe, buf); |
811 |
+ if (error) |
812 |
+@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
813 |
+ iov_fault_in_pages_read(iov, chars); |
814 |
+ redo1: |
815 |
+ addr = ops->map(pipe, buf, atomic); |
816 |
+- error = pipe_iov_copy_from_user(offset + addr, iov, |
817 |
+- chars, atomic); |
818 |
++ error = pipe_iov_copy_from_user(addr, &offset, iov, |
819 |
++ &remaining, atomic); |
820 |
+ ops->unmap(pipe, buf, addr); |
821 |
+ ret = error; |
822 |
+ do_wakeup = 1; |
823 |
+@@ -575,6 +581,8 @@ redo1: |
824 |
+ struct page *page = pipe->tmp_page; |
825 |
+ char *src; |
826 |
+ int error, atomic = 1; |
827 |
++ int offset = 0; |
828 |
++ size_t remaining; |
829 |
+ |
830 |
+ if (!page) { |
831 |
+ page = alloc_page(GFP_HIGHUSER); |
832 |
+@@ -595,14 +603,15 @@ redo1: |
833 |
+ chars = total_len; |
834 |
+ |
835 |
+ iov_fault_in_pages_read(iov, chars); |
836 |
++ remaining = chars; |
837 |
+ redo2: |
838 |
+ if (atomic) |
839 |
+ src = kmap_atomic(page); |
840 |
+ else |
841 |
+ src = kmap(page); |
842 |
+ |
843 |
+- error = pipe_iov_copy_from_user(src, iov, chars, |
844 |
+- atomic); |
845 |
++ error = pipe_iov_copy_from_user(src, &offset, iov, |
846 |
++ &remaining, atomic); |
847 |
+ if (atomic) |
848 |
+ kunmap_atomic(src); |
849 |
+ else |
850 |
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c |
851 |
+index 8a86319..cb347e8 100644 |
852 |
+--- a/kernel/trace/trace_events_filter.c |
853 |
++++ b/kernel/trace/trace_events_filter.c |
854 |
+@@ -1399,19 +1399,24 @@ static int check_preds(struct filter_parse_state *ps) |
855 |
+ { |
856 |
+ int n_normal_preds = 0, n_logical_preds = 0; |
857 |
+ struct postfix_elt *elt; |
858 |
++ int cnt = 0; |
859 |
+ |
860 |
+ list_for_each_entry(elt, &ps->postfix, list) { |
861 |
+- if (elt->op == OP_NONE) |
862 |
++ if (elt->op == OP_NONE) { |
863 |
++ cnt++; |
864 |
+ continue; |
865 |
++ } |
866 |
+ |
867 |
++ cnt--; |
868 |
+ if (elt->op == OP_AND || elt->op == OP_OR) { |
869 |
+ n_logical_preds++; |
870 |
+ continue; |
871 |
+ } |
872 |
+ n_normal_preds++; |
873 |
++ WARN_ON_ONCE(cnt < 0); |
874 |
+ } |
875 |
+ |
876 |
+- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { |
877 |
++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { |
878 |
+ parse_error(ps, FILT_ERR_INVALID_FILTER, 0); |
879 |
+ return -EINVAL; |
880 |
+ } |
881 |
+diff --git a/virt/kvm/arm/vgic.c b/virt/kvm/arm/vgic.c |
882 |
+index 4eec2d4..1316e55 100644 |
883 |
+--- a/virt/kvm/arm/vgic.c |
884 |
++++ b/virt/kvm/arm/vgic.c |
885 |
+@@ -1654,7 +1654,7 @@ out: |
886 |
+ return ret; |
887 |
+ } |
888 |
+ |
889 |
+-static bool vgic_ioaddr_overlap(struct kvm *kvm) |
890 |
++static int vgic_ioaddr_overlap(struct kvm *kvm) |
891 |
+ { |
892 |
+ phys_addr_t dist = kvm->arch.vgic.vgic_dist_base; |
893 |
+ phys_addr_t cpu = kvm->arch.vgic.vgic_cpu_base; |
894 |
|
895 |
diff --git a/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch b/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch |
896 |
similarity index 99% |
897 |
rename from 3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch |
898 |
rename to 3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch |
899 |
index 47c91dd..008971f 100644 |
900 |
--- a/3.14.45/4420_grsecurity-3.1-3.14.45-201506262046.patch |
901 |
+++ b/3.14.46/4420_grsecurity-3.1-3.14.46-201506300711.patch |
902 |
@@ -295,7 +295,7 @@ index 5d91ba1..ef1d374 100644 |
903 |
|
904 |
pcd. [PARIDE] |
905 |
diff --git a/Makefile b/Makefile |
906 |
-index c92186c..34822ca 100644 |
907 |
+index def39fd..4636aea 100644 |
908 |
--- a/Makefile |
909 |
+++ b/Makefile |
910 |
@@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
911 |
@@ -3307,7 +3307,7 @@ index 7bcee5c..e2f3249 100644 |
912 |
__data_loc = .; |
913 |
#endif |
914 |
diff --git a/arch/arm/kvm/arm.c b/arch/arm/kvm/arm.c |
915 |
-index bd18bb8..2bf342f 100644 |
916 |
+index df6e75e..1858aa0 100644 |
917 |
--- a/arch/arm/kvm/arm.c |
918 |
+++ b/arch/arm/kvm/arm.c |
919 |
@@ -57,7 +57,7 @@ static unsigned long hyp_default_vectors; |
920 |
@@ -3319,7 +3319,7 @@ index bd18bb8..2bf342f 100644 |
921 |
static u8 kvm_next_vmid; |
922 |
static DEFINE_SPINLOCK(kvm_vmid_lock); |
923 |
|
924 |
-@@ -408,7 +408,7 @@ void force_vm_exit(const cpumask_t *mask) |
925 |
+@@ -371,7 +371,7 @@ void force_vm_exit(const cpumask_t *mask) |
926 |
*/ |
927 |
static bool need_new_vmid_gen(struct kvm *kvm) |
928 |
{ |
929 |
@@ -3328,7 +3328,7 @@ index bd18bb8..2bf342f 100644 |
930 |
} |
931 |
|
932 |
/** |
933 |
-@@ -441,7 +441,7 @@ static void update_vttbr(struct kvm *kvm) |
934 |
+@@ -404,7 +404,7 @@ static void update_vttbr(struct kvm *kvm) |
935 |
|
936 |
/* First user of a new VMID generation? */ |
937 |
if (unlikely(kvm_next_vmid == 0)) { |
938 |
@@ -3337,7 +3337,7 @@ index bd18bb8..2bf342f 100644 |
939 |
kvm_next_vmid = 1; |
940 |
|
941 |
/* |
942 |
-@@ -458,7 +458,7 @@ static void update_vttbr(struct kvm *kvm) |
943 |
+@@ -421,7 +421,7 @@ static void update_vttbr(struct kvm *kvm) |
944 |
kvm_call_hyp(__kvm_flush_vm_context); |
945 |
} |
946 |
|
947 |
@@ -3346,7 +3346,7 @@ index bd18bb8..2bf342f 100644 |
948 |
kvm->arch.vmid = kvm_next_vmid; |
949 |
kvm_next_vmid++; |
950 |
|
951 |
-@@ -1033,7 +1033,7 @@ static void check_kvm_target_cpu(void *ret) |
952 |
+@@ -996,7 +996,7 @@ static void check_kvm_target_cpu(void *ret) |
953 |
/** |
954 |
* Initialize Hyp-mode and memory mappings on all CPUs. |
955 |
*/ |
956 |
@@ -17263,7 +17263,7 @@ index 5f55e69..e20bfb1 100644 |
957 |
|
958 |
#ifdef CONFIG_SMP |
959 |
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
960 |
-index be12c53..4d24039 100644 |
961 |
+index be12c53..e1f11c6 100644 |
962 |
--- a/arch/x86/include/asm/mmu_context.h |
963 |
+++ b/arch/x86/include/asm/mmu_context.h |
964 |
@@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm); |
965 |
@@ -17355,9 +17355,9 @@ index be12c53..4d24039 100644 |
966 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
967 |
+ if (!(__supported_pte_mask & _PAGE_NX)) { |
968 |
+ smp_mb__before_clear_bit(); |
969 |
-+ cpu_clear(cpu, prev->context.cpu_user_cs_mask); |
970 |
++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask); |
971 |
+ smp_mb__after_clear_bit(); |
972 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
973 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
974 |
+ } |
975 |
+#endif |
976 |
+ |
977 |
@@ -17429,7 +17429,7 @@ index be12c53..4d24039 100644 |
978 |
+ |
979 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) |
980 |
+ if (!(__supported_pte_mask & _PAGE_NX)) |
981 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
982 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
983 |
+#endif |
984 |
+ |
985 |
+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) |
986 |
@@ -26015,7 +26015,7 @@ index c2bedae..25e7ab60 100644 |
987 |
.name = "data", |
988 |
.mode = S_IRUGO, |
989 |
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
990 |
-index c37886d..d851d32 100644 |
991 |
+index c37886d..3f425e3 100644 |
992 |
--- a/arch/x86/kernel/ldt.c |
993 |
+++ b/arch/x86/kernel/ldt.c |
994 |
@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) |
995 |
@@ -26057,7 +26057,7 @@ index c37886d..d851d32 100644 |
996 |
+ mm->context.user_cs_limit = ~0UL; |
997 |
+ |
998 |
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
999 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
1000 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
1001 |
+#endif |
1002 |
+ |
1003 |
+#endif |
1004 |
@@ -31983,7 +31983,7 @@ index 903ec1e..c4166b2 100644 |
1005 |
} |
1006 |
|
1007 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
1008 |
-index ebc551c..40d1269 100644 |
1009 |
+index ebc551c..bb37882 100644 |
1010 |
--- a/arch/x86/mm/fault.c |
1011 |
+++ b/arch/x86/mm/fault.c |
1012 |
@@ -14,11 +14,18 @@ |
1013 |
@@ -32288,7 +32288,7 @@ index ebc551c..40d1269 100644 |
1014 |
+ } |
1015 |
+ |
1016 |
+#ifdef CONFIG_SMP |
1017 |
-+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask))) |
1018 |
++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask))) |
1019 |
+#else |
1020 |
+ if (likely(address > get_limit(regs->cs))) |
1021 |
+#endif |
1022 |
@@ -40653,19 +40653,6 @@ index d97a03d..acf64bb 100644 |
1023 |
|
1024 |
return 0; |
1025 |
} |
1026 |
-diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c |
1027 |
-index 28486b1..ae6dae8 100644 |
1028 |
---- a/drivers/crypto/caam/caamrng.c |
1029 |
-+++ b/drivers/crypto/caam/caamrng.c |
1030 |
-@@ -56,7 +56,7 @@ |
1031 |
- |
1032 |
- /* Buffer, its dma address and lock */ |
1033 |
- struct buf_data { |
1034 |
-- u8 buf[RN_BUF_SIZE]; |
1035 |
-+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; |
1036 |
- dma_addr_t addr; |
1037 |
- struct completion filled; |
1038 |
- u32 hw_desc[DESC_JOB_O_LEN]; |
1039 |
diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c |
1040 |
index 12fea3e2..1e28f47 100644 |
1041 |
--- a/drivers/crypto/hifn_795x.c |
1042 |
@@ -73032,7 +73019,7 @@ index 17679f2..85f4981 100644 |
1043 |
} |
1044 |
putname(tmp); |
1045 |
diff --git a/fs/pipe.c b/fs/pipe.c |
1046 |
-index 78fd0d0..e829d3e 100644 |
1047 |
+index 46f1ab2..e829d3e 100644 |
1048 |
--- a/fs/pipe.c |
1049 |
+++ b/fs/pipe.c |
1050 |
@@ -37,7 +37,7 @@ unsigned int pipe_max_size = 1048576; |
1051 |
@@ -73062,109 +73049,7 @@ index 78fd0d0..e829d3e 100644 |
1052 |
mutex_unlock(&pipe->mutex); |
1053 |
} |
1054 |
EXPORT_SYMBOL(pipe_unlock); |
1055 |
-@@ -117,25 +117,27 @@ void pipe_wait(struct pipe_inode_info *pipe) |
1056 |
- } |
1057 |
- |
1058 |
- static int |
1059 |
--pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, |
1060 |
-- int atomic) |
1061 |
-+pipe_iov_copy_from_user(void *addr, int *offset, struct iovec *iov, |
1062 |
-+ size_t *remaining, int atomic) |
1063 |
- { |
1064 |
- unsigned long copy; |
1065 |
- |
1066 |
-- while (len > 0) { |
1067 |
-+ while (*remaining > 0) { |
1068 |
- while (!iov->iov_len) |
1069 |
- iov++; |
1070 |
-- copy = min_t(unsigned long, len, iov->iov_len); |
1071 |
-+ copy = min_t(unsigned long, *remaining, iov->iov_len); |
1072 |
- |
1073 |
- if (atomic) { |
1074 |
-- if (__copy_from_user_inatomic(to, iov->iov_base, copy)) |
1075 |
-+ if (__copy_from_user_inatomic(addr + *offset, |
1076 |
-+ iov->iov_base, copy)) |
1077 |
- return -EFAULT; |
1078 |
- } else { |
1079 |
-- if (copy_from_user(to, iov->iov_base, copy)) |
1080 |
-+ if (copy_from_user(addr + *offset, |
1081 |
-+ iov->iov_base, copy)) |
1082 |
- return -EFAULT; |
1083 |
- } |
1084 |
-- to += copy; |
1085 |
-- len -= copy; |
1086 |
-+ *offset += copy; |
1087 |
-+ *remaining -= copy; |
1088 |
- iov->iov_base += copy; |
1089 |
- iov->iov_len -= copy; |
1090 |
- } |
1091 |
-@@ -143,25 +145,27 @@ pipe_iov_copy_from_user(void *to, struct iovec *iov, unsigned long len, |
1092 |
- } |
1093 |
- |
1094 |
- static int |
1095 |
--pipe_iov_copy_to_user(struct iovec *iov, const void *from, unsigned long len, |
1096 |
-- int atomic) |
1097 |
-+pipe_iov_copy_to_user(struct iovec *iov, void *addr, int *offset, |
1098 |
-+ size_t *remaining, int atomic) |
1099 |
- { |
1100 |
- unsigned long copy; |
1101 |
- |
1102 |
-- while (len > 0) { |
1103 |
-+ while (*remaining > 0) { |
1104 |
- while (!iov->iov_len) |
1105 |
- iov++; |
1106 |
-- copy = min_t(unsigned long, len, iov->iov_len); |
1107 |
-+ copy = min_t(unsigned long, *remaining, iov->iov_len); |
1108 |
- |
1109 |
- if (atomic) { |
1110 |
-- if (__copy_to_user_inatomic(iov->iov_base, from, copy)) |
1111 |
-+ if (__copy_to_user_inatomic(iov->iov_base, |
1112 |
-+ addr + *offset, copy)) |
1113 |
- return -EFAULT; |
1114 |
- } else { |
1115 |
-- if (copy_to_user(iov->iov_base, from, copy)) |
1116 |
-+ if (copy_to_user(iov->iov_base, |
1117 |
-+ addr + *offset, copy)) |
1118 |
- return -EFAULT; |
1119 |
- } |
1120 |
-- from += copy; |
1121 |
-- len -= copy; |
1122 |
-+ *offset += copy; |
1123 |
-+ *remaining -= copy; |
1124 |
- iov->iov_base += copy; |
1125 |
- iov->iov_len -= copy; |
1126 |
- } |
1127 |
-@@ -395,7 +399,7 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, |
1128 |
- struct pipe_buffer *buf = pipe->bufs + curbuf; |
1129 |
- const struct pipe_buf_operations *ops = buf->ops; |
1130 |
- void *addr; |
1131 |
-- size_t chars = buf->len; |
1132 |
-+ size_t chars = buf->len, remaining; |
1133 |
- int error, atomic; |
1134 |
- |
1135 |
- if (chars > total_len) |
1136 |
-@@ -409,9 +413,11 @@ pipe_read(struct kiocb *iocb, const struct iovec *_iov, |
1137 |
- } |
1138 |
- |
1139 |
- atomic = !iov_fault_in_pages_write(iov, chars); |
1140 |
-+ remaining = chars; |
1141 |
- redo: |
1142 |
- addr = ops->map(pipe, buf, atomic); |
1143 |
-- error = pipe_iov_copy_to_user(iov, addr + buf->offset, chars, atomic); |
1144 |
-+ error = pipe_iov_copy_to_user(iov, addr, &buf->offset, |
1145 |
-+ &remaining, atomic); |
1146 |
- ops->unmap(pipe, buf, addr); |
1147 |
- if (unlikely(error)) { |
1148 |
- /* |
1149 |
-@@ -426,7 +432,6 @@ redo: |
1150 |
- break; |
1151 |
- } |
1152 |
- ret += chars; |
1153 |
-- buf->offset += chars; |
1154 |
- buf->len -= chars; |
1155 |
- |
1156 |
- /* Was it a packet buffer? Clean up and exit */ |
1157 |
-@@ -449,9 +454,9 @@ redo: |
1158 |
+@@ -454,9 +454,9 @@ redo: |
1159 |
} |
1160 |
if (bufs) /* More to do? */ |
1161 |
continue; |
1162 |
@@ -73176,7 +73061,7 @@ index 78fd0d0..e829d3e 100644 |
1163 |
/* syscall merging: Usually we must not sleep |
1164 |
* if O_NONBLOCK is set, or if we got some data. |
1165 |
* But if a writer sleeps in kernel space, then |
1166 |
-@@ -513,7 +518,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
1167 |
+@@ -518,7 +518,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
1168 |
ret = 0; |
1169 |
__pipe_lock(pipe); |
1170 |
|
1171 |
@@ -73185,26 +73070,7 @@ index 78fd0d0..e829d3e 100644 |
1172 |
send_sig(SIGPIPE, current, 0); |
1173 |
ret = -EPIPE; |
1174 |
goto out; |
1175 |
-@@ -531,6 +536,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
1176 |
- if (ops->can_merge && offset + chars <= PAGE_SIZE) { |
1177 |
- int error, atomic = 1; |
1178 |
- void *addr; |
1179 |
-+ size_t remaining = chars; |
1180 |
- |
1181 |
- error = ops->confirm(pipe, buf); |
1182 |
- if (error) |
1183 |
-@@ -539,8 +545,8 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov, |
1184 |
- iov_fault_in_pages_read(iov, chars); |
1185 |
- redo1: |
1186 |
- addr = ops->map(pipe, buf, atomic); |
1187 |
-- error = pipe_iov_copy_from_user(offset + addr, iov, |
1188 |
-- chars, atomic); |
1189 |
-+ error = pipe_iov_copy_from_user(addr, &offset, iov, |
1190 |
-+ &remaining, atomic); |
1191 |
- ops->unmap(pipe, buf, addr); |
1192 |
- ret = error; |
1193 |
- do_wakeup = 1; |
1194 |
-@@ -562,7 +568,7 @@ redo1: |
1195 |
+@@ -568,7 +568,7 @@ redo1: |
1196 |
for (;;) { |
1197 |
int bufs; |
1198 |
|
1199 |
@@ -73213,34 +73079,7 @@ index 78fd0d0..e829d3e 100644 |
1200 |
send_sig(SIGPIPE, current, 0); |
1201 |
if (!ret) |
1202 |
ret = -EPIPE; |
1203 |
-@@ -575,6 +581,8 @@ redo1: |
1204 |
- struct page *page = pipe->tmp_page; |
1205 |
- char *src; |
1206 |
- int error, atomic = 1; |
1207 |
-+ int offset = 0; |
1208 |
-+ size_t remaining; |
1209 |
- |
1210 |
- if (!page) { |
1211 |
- page = alloc_page(GFP_HIGHUSER); |
1212 |
-@@ -595,14 +603,15 @@ redo1: |
1213 |
- chars = total_len; |
1214 |
- |
1215 |
- iov_fault_in_pages_read(iov, chars); |
1216 |
-+ remaining = chars; |
1217 |
- redo2: |
1218 |
- if (atomic) |
1219 |
- src = kmap_atomic(page); |
1220 |
- else |
1221 |
- src = kmap(page); |
1222 |
- |
1223 |
-- error = pipe_iov_copy_from_user(src, iov, chars, |
1224 |
-- atomic); |
1225 |
-+ error = pipe_iov_copy_from_user(src, &offset, iov, |
1226 |
-+ &remaining, atomic); |
1227 |
- if (atomic) |
1228 |
- kunmap_atomic(src); |
1229 |
- else |
1230 |
-@@ -653,9 +662,9 @@ redo2: |
1231 |
+@@ -662,9 +662,9 @@ redo2: |
1232 |
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); |
1233 |
do_wakeup = 0; |
1234 |
} |
1235 |
@@ -73252,7 +73091,7 @@ index 78fd0d0..e829d3e 100644 |
1236 |
} |
1237 |
out: |
1238 |
__pipe_unlock(pipe); |
1239 |
-@@ -710,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait) |
1240 |
+@@ -719,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait) |
1241 |
mask = 0; |
1242 |
if (filp->f_mode & FMODE_READ) { |
1243 |
mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0; |
1244 |
@@ -73261,7 +73100,7 @@ index 78fd0d0..e829d3e 100644 |
1245 |
mask |= POLLHUP; |
1246 |
} |
1247 |
|
1248 |
-@@ -720,7 +729,7 @@ pipe_poll(struct file *filp, poll_table *wait) |
1249 |
+@@ -729,7 +729,7 @@ pipe_poll(struct file *filp, poll_table *wait) |
1250 |
* Most Unices do not set POLLERR for FIFOs but on Linux they |
1251 |
* behave exactly like pipes for poll(). |
1252 |
*/ |
1253 |
@@ -73270,7 +73109,7 @@ index 78fd0d0..e829d3e 100644 |
1254 |
mask |= POLLERR; |
1255 |
} |
1256 |
|
1257 |
-@@ -732,7 +741,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe) |
1258 |
+@@ -741,7 +741,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe) |
1259 |
int kill = 0; |
1260 |
|
1261 |
spin_lock(&inode->i_lock); |
1262 |
@@ -73279,7 +73118,7 @@ index 78fd0d0..e829d3e 100644 |
1263 |
inode->i_pipe = NULL; |
1264 |
kill = 1; |
1265 |
} |
1266 |
-@@ -749,11 +758,11 @@ pipe_release(struct inode *inode, struct file *file) |
1267 |
+@@ -758,11 +758,11 @@ pipe_release(struct inode *inode, struct file *file) |
1268 |
|
1269 |
__pipe_lock(pipe); |
1270 |
if (file->f_mode & FMODE_READ) |
1271 |
@@ -73294,7 +73133,7 @@ index 78fd0d0..e829d3e 100644 |
1272 |
wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP); |
1273 |
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); |
1274 |
kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); |
1275 |
-@@ -818,7 +827,7 @@ void free_pipe_info(struct pipe_inode_info *pipe) |
1276 |
+@@ -827,7 +827,7 @@ void free_pipe_info(struct pipe_inode_info *pipe) |
1277 |
kfree(pipe); |
1278 |
} |
1279 |
|
1280 |
@@ -73303,7 +73142,7 @@ index 78fd0d0..e829d3e 100644 |
1281 |
|
1282 |
/* |
1283 |
* pipefs_dname() is called from d_path(). |
1284 |
-@@ -848,8 +857,9 @@ static struct inode * get_pipe_inode(void) |
1285 |
+@@ -857,8 +857,9 @@ static struct inode * get_pipe_inode(void) |
1286 |
goto fail_iput; |
1287 |
|
1288 |
inode->i_pipe = pipe; |
1289 |
@@ -73315,7 +73154,7 @@ index 78fd0d0..e829d3e 100644 |
1290 |
inode->i_fop = &pipefifo_fops; |
1291 |
|
1292 |
/* |
1293 |
-@@ -1028,17 +1038,17 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1294 |
+@@ -1037,17 +1038,17 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1295 |
spin_lock(&inode->i_lock); |
1296 |
if (inode->i_pipe) { |
1297 |
pipe = inode->i_pipe; |
1298 |
@@ -73336,7 +73175,7 @@ index 78fd0d0..e829d3e 100644 |
1299 |
spin_unlock(&inode->i_lock); |
1300 |
free_pipe_info(pipe); |
1301 |
pipe = inode->i_pipe; |
1302 |
-@@ -1063,10 +1073,10 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1303 |
+@@ -1072,10 +1073,10 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1304 |
* opened, even when there is no process writing the FIFO. |
1305 |
*/ |
1306 |
pipe->r_counter++; |
1307 |
@@ -73349,7 +73188,7 @@ index 78fd0d0..e829d3e 100644 |
1308 |
if ((filp->f_flags & O_NONBLOCK)) { |
1309 |
/* suppress POLLHUP until we have |
1310 |
* seen a writer */ |
1311 |
-@@ -1085,14 +1095,14 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1312 |
+@@ -1094,14 +1095,14 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1313 |
* errno=ENXIO when there is no process reading the FIFO. |
1314 |
*/ |
1315 |
ret = -ENXIO; |
1316 |
@@ -73367,7 +73206,7 @@ index 78fd0d0..e829d3e 100644 |
1317 |
if (wait_for_partner(pipe, &pipe->r_counter)) |
1318 |
goto err_wr; |
1319 |
} |
1320 |
-@@ -1106,11 +1116,11 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1321 |
+@@ -1115,11 +1116,11 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1322 |
* the process can at least talk to itself. |
1323 |
*/ |
1324 |
|
1325 |
@@ -73382,7 +73221,7 @@ index 78fd0d0..e829d3e 100644 |
1326 |
wake_up_partner(pipe); |
1327 |
break; |
1328 |
|
1329 |
-@@ -1124,13 +1134,13 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1330 |
+@@ -1133,13 +1134,13 @@ static int fifo_open(struct inode *inode, struct file *filp) |
1331 |
return 0; |
1332 |
|
1333 |
err_rd: |
1334 |
@@ -73398,7 +73237,7 @@ index 78fd0d0..e829d3e 100644 |
1335 |
wake_up_interruptible(&pipe->wait); |
1336 |
ret = -ERESTARTSYS; |
1337 |
goto err; |
1338 |
-@@ -1208,7 +1218,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) |
1339 |
+@@ -1217,7 +1218,7 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long nr_pages) |
1340 |
* Currently we rely on the pipe array holding a power-of-2 number |
1341 |
* of pages. |
1342 |
*/ |
1343 |
@@ -73407,7 +73246,7 @@ index 78fd0d0..e829d3e 100644 |
1344 |
{ |
1345 |
unsigned long nr_pages; |
1346 |
|
1347 |
-@@ -1256,13 +1266,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) |
1348 |
+@@ -1265,13 +1266,16 @@ long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg) |
1349 |
|
1350 |
switch (cmd) { |
1351 |
case F_SETPIPE_SZ: { |
1352 |
@@ -103316,22 +103155,31 @@ index c6646a5..574b47c 100644 |
1353 |
|
1354 |
/* Add an additional event_call dynamically */ |
1355 |
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c |
1356 |
-index 8a86319..32ef21b 100644 |
1357 |
+index cb347e8..0adf74e 100644 |
1358 |
--- a/kernel/trace/trace_events_filter.c |
1359 |
+++ b/kernel/trace/trace_events_filter.c |
1360 |
-@@ -1399,19 +1399,27 @@ static int check_preds(struct filter_parse_state *ps) |
1361 |
+@@ -1086,6 +1086,9 @@ static void parse_init(struct filter_parse_state *ps, |
1362 |
+ |
1363 |
+ static char infix_next(struct filter_parse_state *ps) |
1364 |
{ |
1365 |
- int n_normal_preds = 0, n_logical_preds = 0; |
1366 |
- struct postfix_elt *elt; |
1367 |
-+ int cnt = 0; |
1368 |
++ if (!ps->infix.cnt) |
1369 |
++ return 0; |
1370 |
++ |
1371 |
+ ps->infix.cnt--; |
1372 |
|
1373 |
- list_for_each_entry(elt, &ps->postfix, list) { |
1374 |
-- if (elt->op == OP_NONE) |
1375 |
-+ if (elt->op == OP_NONE) { |
1376 |
-+ cnt++; |
1377 |
- continue; |
1378 |
-+ } |
1379 |
+ return ps->infix.string[ps->infix.tail++]; |
1380 |
+@@ -1101,6 +1104,9 @@ static char infix_peek(struct filter_parse_state *ps) |
1381 |
|
1382 |
+ static void infix_advance(struct filter_parse_state *ps) |
1383 |
+ { |
1384 |
++ if (!ps->infix.cnt) |
1385 |
++ return; |
1386 |
++ |
1387 |
+ ps->infix.cnt--; |
1388 |
+ ps->infix.tail++; |
1389 |
+ } |
1390 |
+@@ -1410,8 +1416,12 @@ static int check_preds(struct filter_parse_state *ps) |
1391 |
+ cnt--; |
1392 |
if (elt->op == OP_AND || elt->op == OP_OR) { |
1393 |
n_logical_preds++; |
1394 |
+ cnt--; |
1395 |
@@ -103341,13 +103189,7 @@ index 8a86319..32ef21b 100644 |
1396 |
+ // a reject here when it's backported |
1397 |
+ cnt--; |
1398 |
n_normal_preds++; |
1399 |
-+ WARN_ON_ONCE(cnt < 0); |
1400 |
- } |
1401 |
- |
1402 |
-- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { |
1403 |
-+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { |
1404 |
- parse_error(ps, FILT_ERR_INVALID_FILTER, 0); |
1405 |
- return -EINVAL; |
1406 |
+ WARN_ON_ONCE(cnt < 0); |
1407 |
} |
1408 |
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c |
1409 |
index 0b99120..881174f 100644 |
1410 |
@@ -107266,7 +107108,7 @@ index d4c97ba..916b1d4 100644 |
1411 |
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); |
1412 |
|
1413 |
diff --git a/mm/mprotect.c b/mm/mprotect.c |
1414 |
-index 769a67a..414d24f 100644 |
1415 |
+index 769a67a..c99f865 100644 |
1416 |
--- a/mm/mprotect.c |
1417 |
+++ b/mm/mprotect.c |
1418 |
@@ -24,10 +24,18 @@ |
1419 |
@@ -107315,8 +107157,8 @@ index 769a67a..414d24f 100644 |
1420 |
+ |
1421 |
+#ifdef CONFIG_SMP |
1422 |
+ wmb(); |
1423 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
1424 |
-+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask); |
1425 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
1426 |
++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask); |
1427 |
+#endif |
1428 |
+ |
1429 |
+ set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id()); |
1430 |
|
1431 |
diff --git a/4.0.6/4425_grsec_remove_EI_PAX.patch b/3.14.46/4425_grsec_remove_EI_PAX.patch |
1432 |
similarity index 100% |
1433 |
rename from 4.0.6/4425_grsec_remove_EI_PAX.patch |
1434 |
rename to 3.14.46/4425_grsec_remove_EI_PAX.patch |
1435 |
|
1436 |
diff --git a/3.14.45/4427_force_XATTR_PAX_tmpfs.patch b/3.14.46/4427_force_XATTR_PAX_tmpfs.patch |
1437 |
similarity index 100% |
1438 |
rename from 3.14.45/4427_force_XATTR_PAX_tmpfs.patch |
1439 |
rename to 3.14.46/4427_force_XATTR_PAX_tmpfs.patch |
1440 |
|
1441 |
diff --git a/4.0.6/4430_grsec-remove-localversion-grsec.patch b/3.14.46/4430_grsec-remove-localversion-grsec.patch |
1442 |
similarity index 100% |
1443 |
rename from 4.0.6/4430_grsec-remove-localversion-grsec.patch |
1444 |
rename to 3.14.46/4430_grsec-remove-localversion-grsec.patch |
1445 |
|
1446 |
diff --git a/3.14.45/4435_grsec-mute-warnings.patch b/3.14.46/4435_grsec-mute-warnings.patch |
1447 |
similarity index 100% |
1448 |
rename from 3.14.45/4435_grsec-mute-warnings.patch |
1449 |
rename to 3.14.46/4435_grsec-mute-warnings.patch |
1450 |
|
1451 |
diff --git a/4.0.6/4440_grsec-remove-protected-paths.patch b/3.14.46/4440_grsec-remove-protected-paths.patch |
1452 |
similarity index 100% |
1453 |
rename from 4.0.6/4440_grsec-remove-protected-paths.patch |
1454 |
rename to 3.14.46/4440_grsec-remove-protected-paths.patch |
1455 |
|
1456 |
diff --git a/3.14.45/4450_grsec-kconfig-default-gids.patch b/3.14.46/4450_grsec-kconfig-default-gids.patch |
1457 |
similarity index 100% |
1458 |
rename from 3.14.45/4450_grsec-kconfig-default-gids.patch |
1459 |
rename to 3.14.46/4450_grsec-kconfig-default-gids.patch |
1460 |
|
1461 |
diff --git a/3.14.45/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.46/4465_selinux-avc_audit-log-curr_ip.patch |
1462 |
similarity index 100% |
1463 |
rename from 3.14.45/4465_selinux-avc_audit-log-curr_ip.patch |
1464 |
rename to 3.14.46/4465_selinux-avc_audit-log-curr_ip.patch |
1465 |
|
1466 |
diff --git a/3.14.45/4470_disable-compat_vdso.patch b/3.14.46/4470_disable-compat_vdso.patch |
1467 |
similarity index 100% |
1468 |
rename from 3.14.45/4470_disable-compat_vdso.patch |
1469 |
rename to 3.14.46/4470_disable-compat_vdso.patch |
1470 |
|
1471 |
diff --git a/4.0.6/4475_emutramp_default_on.patch b/3.14.46/4475_emutramp_default_on.patch |
1472 |
similarity index 100% |
1473 |
rename from 4.0.6/4475_emutramp_default_on.patch |
1474 |
rename to 3.14.46/4475_emutramp_default_on.patch |
1475 |
|
1476 |
diff --git a/3.2.69/0000_README b/3.2.69/0000_README |
1477 |
index 05b7791..d006716 100644 |
1478 |
--- a/3.2.69/0000_README |
1479 |
+++ b/3.2.69/0000_README |
1480 |
@@ -194,7 +194,7 @@ Patch: 1068_linux-3.2.69.patch |
1481 |
From: http://www.kernel.org |
1482 |
Desc: Linux 3.2.69 |
1483 |
|
1484 |
-Patch: 4420_grsecurity-3.1-3.2.69-201506262041.patch |
1485 |
+Patch: 4420_grsecurity-3.1-3.2.69-201506300708.patch |
1486 |
From: http://www.grsecurity.net |
1487 |
Desc: hardened-sources base patch from upstream grsecurity |
1488 |
|
1489 |
|
1490 |
diff --git a/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch b/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch |
1491 |
similarity index 99% |
1492 |
rename from 3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch |
1493 |
rename to 3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch |
1494 |
index ce279a5..e8aabfa 100644 |
1495 |
--- a/3.2.69/4420_grsecurity-3.1-3.2.69-201506262041.patch |
1496 |
+++ b/3.2.69/4420_grsecurity-3.1-3.2.69-201506300708.patch |
1497 |
@@ -14572,7 +14572,7 @@ index 5f55e69..e20bfb1 100644 |
1498 |
|
1499 |
#ifdef CONFIG_SMP |
1500 |
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
1501 |
-index 6902152..da4283a 100644 |
1502 |
+index 6902152..737f889 100644 |
1503 |
--- a/arch/x86/include/asm/mmu_context.h |
1504 |
+++ b/arch/x86/include/asm/mmu_context.h |
1505 |
@@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm); |
1506 |
@@ -14634,9 +14634,9 @@ index 6902152..da4283a 100644 |
1507 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
1508 |
+ if (!(__supported_pte_mask & _PAGE_NX)) { |
1509 |
+ smp_mb__before_clear_bit(); |
1510 |
-+ cpu_clear(cpu, prev->context.cpu_user_cs_mask); |
1511 |
++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask); |
1512 |
+ smp_mb__after_clear_bit(); |
1513 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
1514 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
1515 |
+ } |
1516 |
+#endif |
1517 |
+ |
1518 |
@@ -14678,7 +14678,7 @@ index 6902152..da4283a 100644 |
1519 |
+ |
1520 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) |
1521 |
+ if (!(__supported_pte_mask & _PAGE_NX)) |
1522 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
1523 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
1524 |
+#endif |
1525 |
+ |
1526 |
+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) |
1527 |
@@ -22436,7 +22436,7 @@ index 4b6701e..1a3dcdb 100644 |
1528 |
}; |
1529 |
#endif |
1530 |
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
1531 |
-index 0a8e65e..288a4b0 100644 |
1532 |
+index 0a8e65e..6e8de34 100644 |
1533 |
--- a/arch/x86/kernel/ldt.c |
1534 |
+++ b/arch/x86/kernel/ldt.c |
1535 |
@@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) |
1536 |
@@ -22478,7 +22478,7 @@ index 0a8e65e..288a4b0 100644 |
1537 |
+ mm->context.user_cs_limit = ~0UL; |
1538 |
+ |
1539 |
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
1540 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
1541 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
1542 |
+#endif |
1543 |
+ |
1544 |
+#endif |
1545 |
@@ -28430,7 +28430,7 @@ index d0474ad..36e9257 100644 |
1546 |
extern u32 pnp_bios_is_utter_crap; |
1547 |
pnp_bios_is_utter_crap = 1; |
1548 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
1549 |
-index 351590e..825bba9 100644 |
1550 |
+index 351590e..ad0d399 100644 |
1551 |
--- a/arch/x86/mm/fault.c |
1552 |
+++ b/arch/x86/mm/fault.c |
1553 |
@@ -13,11 +13,18 @@ |
1554 |
@@ -28716,7 +28716,7 @@ index 351590e..825bba9 100644 |
1555 |
+ } |
1556 |
+ |
1557 |
+#ifdef CONFIG_SMP |
1558 |
-+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask))) |
1559 |
++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask))) |
1560 |
+#else |
1561 |
+ if (likely(address > get_limit(regs->cs))) |
1562 |
+#endif |
1563 |
@@ -29896,7 +29896,7 @@ index 29f7c6d9..5122941 100644 |
1564 |
printk(KERN_INFO "Write protecting the kernel text: %luk\n", |
1565 |
size >> 10); |
1566 |
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c |
1567 |
-index 44b93da..5a0b3ee 100644 |
1568 |
+index 44b93da..79d59f5 100644 |
1569 |
--- a/arch/x86/mm/init_64.c |
1570 |
+++ b/arch/x86/mm/init_64.c |
1571 |
@@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); |
1572 |
@@ -30013,6 +30013,15 @@ index 44b93da..5a0b3ee 100644 |
1573 |
adr = (void *)(((unsigned long)adr) | left); |
1574 |
|
1575 |
return adr; |
1576 |
+@@ -413,7 +427,7 @@ phys_pmd_init(pmd_t *pmd_page, unsigned long address, unsigned long end, |
1577 |
+ |
1578 |
+ int i = pmd_index(address); |
1579 |
+ |
1580 |
+- for (; i < PTRS_PER_PMD; i++, address += PMD_SIZE) { |
1581 |
++ for (; i < PTRS_PER_PMD; i++, address = (address & PMD_MASK) + PMD_SIZE) { |
1582 |
+ unsigned long pte_phys; |
1583 |
+ pmd_t *pmd = pmd_page + pmd_index(address); |
1584 |
+ pte_t *pte; |
1585 |
@@ -546,7 +560,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, |
1586 |
unmap_low_page(pmd); |
1587 |
|
1588 |
@@ -96101,10 +96110,30 @@ index 875fed4..7a76cbb 100644 |
1589 |
} |
1590 |
|
1591 |
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c |
1592 |
-index b0996c1..7e5c12f 100644 |
1593 |
+index b0996c1..9c39703 100644 |
1594 |
--- a/kernel/trace/trace_events_filter.c |
1595 |
+++ b/kernel/trace/trace_events_filter.c |
1596 |
-@@ -1343,19 +1343,27 @@ static int check_preds(struct filter_parse_state *ps) |
1597 |
+@@ -1027,6 +1027,9 @@ static void parse_init(struct filter_parse_state *ps, |
1598 |
+ |
1599 |
+ static char infix_next(struct filter_parse_state *ps) |
1600 |
+ { |
1601 |
++ if (!ps->infix.cnt) |
1602 |
++ return 0; |
1603 |
++ |
1604 |
+ ps->infix.cnt--; |
1605 |
+ |
1606 |
+ return ps->infix.string[ps->infix.tail++]; |
1607 |
+@@ -1042,6 +1045,9 @@ static char infix_peek(struct filter_parse_state *ps) |
1608 |
+ |
1609 |
+ static void infix_advance(struct filter_parse_state *ps) |
1610 |
+ { |
1611 |
++ if (!ps->infix.cnt) |
1612 |
++ return; |
1613 |
++ |
1614 |
+ ps->infix.cnt--; |
1615 |
+ ps->infix.tail++; |
1616 |
+ } |
1617 |
+@@ -1343,19 +1349,27 @@ static int check_preds(struct filter_parse_state *ps) |
1618 |
{ |
1619 |
int n_normal_preds = 0, n_logical_preds = 0; |
1620 |
struct postfix_elt *elt; |
1621 |
@@ -97671,6 +97700,18 @@ index 011b110..05d1b6f 100644 |
1622 |
select PROC_PAGE_MONITOR |
1623 |
|
1624 |
config NOMMU_INITIAL_TRIM_EXCESS |
1625 |
+diff --git a/mm/Kconfig.debug b/mm/Kconfig.debug |
1626 |
+index 8b1a477..f3a339f 100644 |
1627 |
+--- a/mm/Kconfig.debug |
1628 |
++++ b/mm/Kconfig.debug |
1629 |
+@@ -1,6 +1,7 @@ |
1630 |
+ config DEBUG_PAGEALLOC |
1631 |
+ bool "Debug page memory allocations" |
1632 |
+ depends on DEBUG_KERNEL |
1633 |
++ depends on !PAX_MEMORY_SANITIZE |
1634 |
+ depends on !HIBERNATION || ARCH_SUPPORTS_DEBUG_PAGEALLOC && !PPC && !SPARC |
1635 |
+ depends on !KMEMCHECK |
1636 |
+ select PAGE_POISONING if !ARCH_SUPPORTS_DEBUG_PAGEALLOC |
1637 |
diff --git a/mm/backing-dev.c b/mm/backing-dev.c |
1638 |
index 2b49dd2..0527d62 100644 |
1639 |
--- a/mm/backing-dev.c |
1640 |
@@ -100638,7 +100679,7 @@ index cf332bc..add7e3a 100644 |
1641 |
|
1642 |
if (active_mm != mm) |
1643 |
diff --git a/mm/mprotect.c b/mm/mprotect.c |
1644 |
-index 5a688a2..fffb9f6 100644 |
1645 |
+index 5a688a2..fa006d9 100644 |
1646 |
--- a/mm/mprotect.c |
1647 |
+++ b/mm/mprotect.c |
1648 |
@@ -23,10 +23,16 @@ |
1649 |
@@ -100685,8 +100726,8 @@ index 5a688a2..fffb9f6 100644 |
1650 |
+ |
1651 |
+#ifdef CONFIG_SMP |
1652 |
+ wmb(); |
1653 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
1654 |
-+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask); |
1655 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
1656 |
++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask); |
1657 |
+#endif |
1658 |
+ |
1659 |
+ set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id()); |
1660 |
|
1661 |
diff --git a/3.14.45/0000_README b/4.0.7/0000_README |
1662 |
similarity index 92% |
1663 |
rename from 3.14.45/0000_README |
1664 |
rename to 4.0.7/0000_README |
1665 |
index b4be2cb..1c85007 100644 |
1666 |
--- a/3.14.45/0000_README |
1667 |
+++ b/4.0.7/0000_README |
1668 |
@@ -2,7 +2,11 @@ README |
1669 |
----------------------------------------------------------------------------- |
1670 |
Individual Patch Descriptions: |
1671 |
----------------------------------------------------------------------------- |
1672 |
-Patch: 4420_grsecurity-3.1-3.14.45-201506262046.patch |
1673 |
+Patch: 1006_linux-4.0.7.patch |
1674 |
+From: http://www.kernel.org |
1675 |
+Desc: Linux 4.0.7 |
1676 |
+ |
1677 |
+Patch: 4420_grsecurity-3.1-4.0.7-201506300712.patch |
1678 |
From: http://www.grsecurity.net |
1679 |
Desc: hardened-sources base patch from upstream grsecurity |
1680 |
|
1681 |
|
1682 |
diff --git a/4.0.7/1006_linux-4.0.7.patch b/4.0.7/1006_linux-4.0.7.patch |
1683 |
new file mode 100644 |
1684 |
index 0000000..0b9b646 |
1685 |
--- /dev/null |
1686 |
+++ b/4.0.7/1006_linux-4.0.7.patch |
1687 |
@@ -0,0 +1,707 @@ |
1688 |
+diff --git a/Makefile b/Makefile |
1689 |
+index af6da04..bd76a8e 100644 |
1690 |
+--- a/Makefile |
1691 |
++++ b/Makefile |
1692 |
+@@ -1,6 +1,6 @@ |
1693 |
+ VERSION = 4 |
1694 |
+ PATCHLEVEL = 0 |
1695 |
+-SUBLEVEL = 6 |
1696 |
++SUBLEVEL = 7 |
1697 |
+ EXTRAVERSION = |
1698 |
+ NAME = Hurr durr I'ma sheep |
1699 |
+ |
1700 |
+diff --git a/arch/arm/mach-exynos/common.h b/arch/arm/mach-exynos/common.h |
1701 |
+index f70eca7..0ef8d4b 100644 |
1702 |
+--- a/arch/arm/mach-exynos/common.h |
1703 |
++++ b/arch/arm/mach-exynos/common.h |
1704 |
+@@ -153,6 +153,8 @@ extern void exynos_enter_aftr(void); |
1705 |
+ |
1706 |
+ extern struct cpuidle_exynos_data cpuidle_coupled_exynos_data; |
1707 |
+ |
1708 |
++extern void exynos_set_delayed_reset_assertion(bool enable); |
1709 |
++ |
1710 |
+ extern void s5p_init_cpu(void __iomem *cpuid_addr); |
1711 |
+ extern unsigned int samsung_rev(void); |
1712 |
+ extern void __iomem *cpu_boot_reg_base(void); |
1713 |
+diff --git a/arch/arm/mach-exynos/exynos.c b/arch/arm/mach-exynos/exynos.c |
1714 |
+index 9e9dfdf..1081ff1 100644 |
1715 |
+--- a/arch/arm/mach-exynos/exynos.c |
1716 |
++++ b/arch/arm/mach-exynos/exynos.c |
1717 |
+@@ -166,6 +166,33 @@ static void __init exynos_init_io(void) |
1718 |
+ exynos_map_io(); |
1719 |
+ } |
1720 |
+ |
1721 |
++/* |
1722 |
++ * Set or clear the USE_DELAYED_RESET_ASSERTION option. Used by smp code |
1723 |
++ * and suspend. |
1724 |
++ * |
1725 |
++ * This is necessary only on Exynos4 SoCs. When system is running |
1726 |
++ * USE_DELAYED_RESET_ASSERTION should be set so the ARM CLK clock down |
1727 |
++ * feature could properly detect global idle state when secondary CPU is |
1728 |
++ * powered down. |
1729 |
++ * |
1730 |
++ * However this should not be set when such system is going into suspend. |
1731 |
++ */ |
1732 |
++void exynos_set_delayed_reset_assertion(bool enable) |
1733 |
++{ |
1734 |
++ if (soc_is_exynos4()) { |
1735 |
++ unsigned int tmp, core_id; |
1736 |
++ |
1737 |
++ for (core_id = 0; core_id < num_possible_cpus(); core_id++) { |
1738 |
++ tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id)); |
1739 |
++ if (enable) |
1740 |
++ tmp |= S5P_USE_DELAYED_RESET_ASSERTION; |
1741 |
++ else |
1742 |
++ tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION); |
1743 |
++ pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id)); |
1744 |
++ } |
1745 |
++ } |
1746 |
++} |
1747 |
++ |
1748 |
+ static const struct of_device_id exynos_dt_pmu_match[] = { |
1749 |
+ { .compatible = "samsung,exynos3250-pmu" }, |
1750 |
+ { .compatible = "samsung,exynos4210-pmu" }, |
1751 |
+diff --git a/arch/arm/mach-exynos/platsmp.c b/arch/arm/mach-exynos/platsmp.c |
1752 |
+index d2e9f12..d45e8cd 100644 |
1753 |
+--- a/arch/arm/mach-exynos/platsmp.c |
1754 |
++++ b/arch/arm/mach-exynos/platsmp.c |
1755 |
+@@ -34,30 +34,6 @@ |
1756 |
+ |
1757 |
+ extern void exynos4_secondary_startup(void); |
1758 |
+ |
1759 |
+-/* |
1760 |
+- * Set or clear the USE_DELAYED_RESET_ASSERTION option, set on Exynos4 SoCs |
1761 |
+- * during hot-(un)plugging CPUx. |
1762 |
+- * |
1763 |
+- * The feature can be cleared safely during first boot of secondary CPU. |
1764 |
+- * |
1765 |
+- * Exynos4 SoCs require setting USE_DELAYED_RESET_ASSERTION during powering |
1766 |
+- * down a CPU so the CPU idle clock down feature could properly detect global |
1767 |
+- * idle state when CPUx is off. |
1768 |
+- */ |
1769 |
+-static void exynos_set_delayed_reset_assertion(u32 core_id, bool enable) |
1770 |
+-{ |
1771 |
+- if (soc_is_exynos4()) { |
1772 |
+- unsigned int tmp; |
1773 |
+- |
1774 |
+- tmp = pmu_raw_readl(EXYNOS_ARM_CORE_OPTION(core_id)); |
1775 |
+- if (enable) |
1776 |
+- tmp |= S5P_USE_DELAYED_RESET_ASSERTION; |
1777 |
+- else |
1778 |
+- tmp &= ~(S5P_USE_DELAYED_RESET_ASSERTION); |
1779 |
+- pmu_raw_writel(tmp, EXYNOS_ARM_CORE_OPTION(core_id)); |
1780 |
+- } |
1781 |
+-} |
1782 |
+- |
1783 |
+ #ifdef CONFIG_HOTPLUG_CPU |
1784 |
+ static inline void cpu_leave_lowpower(u32 core_id) |
1785 |
+ { |
1786 |
+@@ -73,8 +49,6 @@ static inline void cpu_leave_lowpower(u32 core_id) |
1787 |
+ : "=&r" (v) |
1788 |
+ : "Ir" (CR_C), "Ir" (0x40) |
1789 |
+ : "cc"); |
1790 |
+- |
1791 |
+- exynos_set_delayed_reset_assertion(core_id, false); |
1792 |
+ } |
1793 |
+ |
1794 |
+ static inline void platform_do_lowpower(unsigned int cpu, int *spurious) |
1795 |
+@@ -87,14 +61,6 @@ static inline void platform_do_lowpower(unsigned int cpu, int *spurious) |
1796 |
+ /* Turn the CPU off on next WFI instruction. */ |
1797 |
+ exynos_cpu_power_down(core_id); |
1798 |
+ |
1799 |
+- /* |
1800 |
+- * Exynos4 SoCs require setting |
1801 |
+- * USE_DELAYED_RESET_ASSERTION so the CPU idle |
1802 |
+- * clock down feature could properly detect |
1803 |
+- * global idle state when CPUx is off. |
1804 |
+- */ |
1805 |
+- exynos_set_delayed_reset_assertion(core_id, true); |
1806 |
+- |
1807 |
+ wfi(); |
1808 |
+ |
1809 |
+ if (pen_release == core_id) { |
1810 |
+@@ -354,9 +320,6 @@ static int exynos_boot_secondary(unsigned int cpu, struct task_struct *idle) |
1811 |
+ udelay(10); |
1812 |
+ } |
1813 |
+ |
1814 |
+- /* No harm if this is called during first boot of secondary CPU */ |
1815 |
+- exynos_set_delayed_reset_assertion(core_id, false); |
1816 |
+- |
1817 |
+ /* |
1818 |
+ * now the secondary core is starting up let it run its |
1819 |
+ * calibrations, then wait for it to finish |
1820 |
+@@ -403,6 +366,8 @@ static void __init exynos_smp_prepare_cpus(unsigned int max_cpus) |
1821 |
+ |
1822 |
+ exynos_sysram_init(); |
1823 |
+ |
1824 |
++ exynos_set_delayed_reset_assertion(true); |
1825 |
++ |
1826 |
+ if (read_cpuid_part() == ARM_CPU_PART_CORTEX_A9) |
1827 |
+ scu_enable(scu_base_addr()); |
1828 |
+ |
1829 |
+diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c |
1830 |
+index 318d127..582ef2d 100644 |
1831 |
+--- a/arch/arm/mach-exynos/suspend.c |
1832 |
++++ b/arch/arm/mach-exynos/suspend.c |
1833 |
+@@ -235,6 +235,8 @@ static void exynos_pm_enter_sleep_mode(void) |
1834 |
+ |
1835 |
+ static void exynos_pm_prepare(void) |
1836 |
+ { |
1837 |
++ exynos_set_delayed_reset_assertion(false); |
1838 |
++ |
1839 |
+ /* Set wake-up mask registers */ |
1840 |
+ exynos_pm_set_wakeup_mask(); |
1841 |
+ |
1842 |
+@@ -383,6 +385,7 @@ early_wakeup: |
1843 |
+ |
1844 |
+ /* Clear SLEEP mode set in INFORM1 */ |
1845 |
+ pmu_raw_writel(0x0, S5P_INFORM1); |
1846 |
++ exynos_set_delayed_reset_assertion(true); |
1847 |
+ } |
1848 |
+ |
1849 |
+ static void exynos3250_pm_resume(void) |
1850 |
+diff --git a/arch/powerpc/kernel/idle_power7.S b/arch/powerpc/kernel/idle_power7.S |
1851 |
+index 05adc8b..401d8d0 100644 |
1852 |
+--- a/arch/powerpc/kernel/idle_power7.S |
1853 |
++++ b/arch/powerpc/kernel/idle_power7.S |
1854 |
+@@ -500,9 +500,11 @@ BEGIN_FTR_SECTION |
1855 |
+ CHECK_HMI_INTERRUPT |
1856 |
+ END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) |
1857 |
+ ld r1,PACAR1(r13) |
1858 |
++ ld r6,_CCR(r1) |
1859 |
+ ld r4,_MSR(r1) |
1860 |
+ ld r5,_NIP(r1) |
1861 |
+ addi r1,r1,INT_FRAME_SIZE |
1862 |
++ mtcr r6 |
1863 |
+ mtspr SPRN_SRR1,r4 |
1864 |
+ mtspr SPRN_SRR0,r5 |
1865 |
+ rfid |
1866 |
+diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c |
1867 |
+index 4e3d5a9..03189d8 100644 |
1868 |
+--- a/arch/x86/kernel/kprobes/core.c |
1869 |
++++ b/arch/x86/kernel/kprobes/core.c |
1870 |
+@@ -354,6 +354,7 @@ int __copy_instruction(u8 *dest, u8 *src) |
1871 |
+ { |
1872 |
+ struct insn insn; |
1873 |
+ kprobe_opcode_t buf[MAX_INSN_SIZE]; |
1874 |
++ int length; |
1875 |
+ unsigned long recovered_insn = |
1876 |
+ recover_probed_instruction(buf, (unsigned long)src); |
1877 |
+ |
1878 |
+@@ -361,16 +362,18 @@ int __copy_instruction(u8 *dest, u8 *src) |
1879 |
+ return 0; |
1880 |
+ kernel_insn_init(&insn, (void *)recovered_insn, MAX_INSN_SIZE); |
1881 |
+ insn_get_length(&insn); |
1882 |
++ length = insn.length; |
1883 |
++ |
1884 |
+ /* Another subsystem puts a breakpoint, failed to recover */ |
1885 |
+ if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) |
1886 |
+ return 0; |
1887 |
+- memcpy(dest, insn.kaddr, insn.length); |
1888 |
++ memcpy(dest, insn.kaddr, length); |
1889 |
+ |
1890 |
+ #ifdef CONFIG_X86_64 |
1891 |
+ if (insn_rip_relative(&insn)) { |
1892 |
+ s64 newdisp; |
1893 |
+ u8 *disp; |
1894 |
+- kernel_insn_init(&insn, dest, insn.length); |
1895 |
++ kernel_insn_init(&insn, dest, length); |
1896 |
+ insn_get_displacement(&insn); |
1897 |
+ /* |
1898 |
+ * The copied instruction uses the %rip-relative addressing |
1899 |
+@@ -394,7 +397,7 @@ int __copy_instruction(u8 *dest, u8 *src) |
1900 |
+ *(s32 *) disp = (s32) newdisp; |
1901 |
+ } |
1902 |
+ #endif |
1903 |
+- return insn.length; |
1904 |
++ return length; |
1905 |
+ } |
1906 |
+ |
1907 |
+ static int arch_copy_kprobe(struct kprobe *p) |
1908 |
+diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
1909 |
+index 4ee827d..3cb2b58 100644 |
1910 |
+--- a/arch/x86/kvm/lapic.c |
1911 |
++++ b/arch/x86/kvm/lapic.c |
1912 |
+@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic) |
1913 |
+ apic->divide_count); |
1914 |
+ } |
1915 |
+ |
1916 |
++static void apic_update_lvtt(struct kvm_lapic *apic) |
1917 |
++{ |
1918 |
++ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) & |
1919 |
++ apic->lapic_timer.timer_mode_mask; |
1920 |
++ |
1921 |
++ if (apic->lapic_timer.timer_mode != timer_mode) { |
1922 |
++ apic->lapic_timer.timer_mode = timer_mode; |
1923 |
++ hrtimer_cancel(&apic->lapic_timer.timer); |
1924 |
++ } |
1925 |
++} |
1926 |
++ |
1927 |
+ static void apic_timer_expired(struct kvm_lapic *apic) |
1928 |
+ { |
1929 |
+ struct kvm_vcpu *vcpu = apic->vcpu; |
1930 |
+@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) |
1931 |
+ apic_set_reg(apic, APIC_LVTT + 0x10 * i, |
1932 |
+ lvt_val | APIC_LVT_MASKED); |
1933 |
+ } |
1934 |
++ apic_update_lvtt(apic); |
1935 |
+ atomic_set(&apic->lapic_timer.pending, 0); |
1936 |
+ |
1937 |
+ } |
1938 |
+@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) |
1939 |
+ |
1940 |
+ break; |
1941 |
+ |
1942 |
+- case APIC_LVTT: { |
1943 |
+- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask; |
1944 |
+- |
1945 |
+- if (apic->lapic_timer.timer_mode != timer_mode) { |
1946 |
+- apic->lapic_timer.timer_mode = timer_mode; |
1947 |
+- hrtimer_cancel(&apic->lapic_timer.timer); |
1948 |
+- } |
1949 |
+- |
1950 |
++ case APIC_LVTT: |
1951 |
+ if (!kvm_apic_sw_enabled(apic)) |
1952 |
+ val |= APIC_LVT_MASKED; |
1953 |
+ val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask); |
1954 |
+ apic_set_reg(apic, APIC_LVTT, val); |
1955 |
++ apic_update_lvtt(apic); |
1956 |
+ break; |
1957 |
+- } |
1958 |
+ |
1959 |
+ case APIC_TMICT: |
1960 |
+ if (apic_lvtt_tscdeadline(apic)) |
1961 |
+@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu) |
1962 |
+ |
1963 |
+ for (i = 0; i < APIC_LVT_NUM; i++) |
1964 |
+ apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED); |
1965 |
+- apic->lapic_timer.timer_mode = 0; |
1966 |
++ apic_update_lvtt(apic); |
1967 |
+ apic_set_reg(apic, APIC_LVT0, |
1968 |
+ SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT)); |
1969 |
+ |
1970 |
+@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu, |
1971 |
+ |
1972 |
+ apic_update_ppr(apic); |
1973 |
+ hrtimer_cancel(&apic->lapic_timer.timer); |
1974 |
++ apic_update_lvtt(apic); |
1975 |
+ update_divide_count(apic); |
1976 |
+ start_apic_timer(apic); |
1977 |
+ apic->irr_pending = true; |
1978 |
+diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c |
1979 |
+index 288547a..f26ebc5 100644 |
1980 |
+--- a/drivers/bluetooth/ath3k.c |
1981 |
++++ b/drivers/bluetooth/ath3k.c |
1982 |
+@@ -80,6 +80,7 @@ static const struct usb_device_id ath3k_table[] = { |
1983 |
+ { USB_DEVICE(0x0489, 0xe057) }, |
1984 |
+ { USB_DEVICE(0x0489, 0xe056) }, |
1985 |
+ { USB_DEVICE(0x0489, 0xe05f) }, |
1986 |
++ { USB_DEVICE(0x0489, 0xe076) }, |
1987 |
+ { USB_DEVICE(0x0489, 0xe078) }, |
1988 |
+ { USB_DEVICE(0x04c5, 0x1330) }, |
1989 |
+ { USB_DEVICE(0x04CA, 0x3004) }, |
1990 |
+@@ -111,6 +112,7 @@ static const struct usb_device_id ath3k_table[] = { |
1991 |
+ { USB_DEVICE(0x13d3, 0x3408) }, |
1992 |
+ { USB_DEVICE(0x13d3, 0x3423) }, |
1993 |
+ { USB_DEVICE(0x13d3, 0x3432) }, |
1994 |
++ { USB_DEVICE(0x13d3, 0x3474) }, |
1995 |
+ |
1996 |
+ /* Atheros AR5BBU12 with sflash firmware */ |
1997 |
+ { USB_DEVICE(0x0489, 0xE02C) }, |
1998 |
+@@ -135,6 +137,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
1999 |
+ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
2000 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
2001 |
+ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, |
2002 |
++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, |
2003 |
+ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
2004 |
+ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
2005 |
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, |
2006 |
+@@ -166,6 +169,7 @@ static const struct usb_device_id ath3k_blist_tbl[] = { |
2007 |
+ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
2008 |
+ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, |
2009 |
+ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
2010 |
++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, |
2011 |
+ |
2012 |
+ /* Atheros AR5BBU22 with sflash firmware */ |
2013 |
+ { USB_DEVICE(0x0489, 0xE036), .driver_info = BTUSB_ATH3012 }, |
2014 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
2015 |
+index 2c527da..4fc4157 100644 |
2016 |
+--- a/drivers/bluetooth/btusb.c |
2017 |
++++ b/drivers/bluetooth/btusb.c |
2018 |
+@@ -174,6 +174,7 @@ static const struct usb_device_id blacklist_table[] = { |
2019 |
+ { USB_DEVICE(0x0489, 0xe056), .driver_info = BTUSB_ATH3012 }, |
2020 |
+ { USB_DEVICE(0x0489, 0xe057), .driver_info = BTUSB_ATH3012 }, |
2021 |
+ { USB_DEVICE(0x0489, 0xe05f), .driver_info = BTUSB_ATH3012 }, |
2022 |
++ { USB_DEVICE(0x0489, 0xe076), .driver_info = BTUSB_ATH3012 }, |
2023 |
+ { USB_DEVICE(0x0489, 0xe078), .driver_info = BTUSB_ATH3012 }, |
2024 |
+ { USB_DEVICE(0x04c5, 0x1330), .driver_info = BTUSB_ATH3012 }, |
2025 |
+ { USB_DEVICE(0x04ca, 0x3004), .driver_info = BTUSB_ATH3012 }, |
2026 |
+@@ -205,6 +206,7 @@ static const struct usb_device_id blacklist_table[] = { |
2027 |
+ { USB_DEVICE(0x13d3, 0x3408), .driver_info = BTUSB_ATH3012 }, |
2028 |
+ { USB_DEVICE(0x13d3, 0x3423), .driver_info = BTUSB_ATH3012 }, |
2029 |
+ { USB_DEVICE(0x13d3, 0x3432), .driver_info = BTUSB_ATH3012 }, |
2030 |
++ { USB_DEVICE(0x13d3, 0x3474), .driver_info = BTUSB_ATH3012 }, |
2031 |
+ |
2032 |
+ /* Atheros AR5BBU12 with sflash firmware */ |
2033 |
+ { USB_DEVICE(0x0489, 0xe02c), .driver_info = BTUSB_IGNORE }, |
2034 |
+diff --git a/drivers/clk/at91/clk-pll.c b/drivers/clk/at91/clk-pll.c |
2035 |
+index 6ec79db..cbbe403 100644 |
2036 |
+--- a/drivers/clk/at91/clk-pll.c |
2037 |
++++ b/drivers/clk/at91/clk-pll.c |
2038 |
+@@ -173,8 +173,7 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate, |
2039 |
+ int i = 0; |
2040 |
+ |
2041 |
+ /* Check if parent_rate is a valid input rate */ |
2042 |
+- if (parent_rate < characteristics->input.min || |
2043 |
+- parent_rate > characteristics->input.max) |
2044 |
++ if (parent_rate < characteristics->input.min) |
2045 |
+ return -ERANGE; |
2046 |
+ |
2047 |
+ /* |
2048 |
+@@ -187,6 +186,15 @@ static long clk_pll_get_best_div_mul(struct clk_pll *pll, unsigned long rate, |
2049 |
+ if (!mindiv) |
2050 |
+ mindiv = 1; |
2051 |
+ |
2052 |
++ if (parent_rate > characteristics->input.max) { |
2053 |
++ tmpdiv = DIV_ROUND_UP(parent_rate, characteristics->input.max); |
2054 |
++ if (tmpdiv > PLL_DIV_MAX) |
2055 |
++ return -ERANGE; |
2056 |
++ |
2057 |
++ if (tmpdiv > mindiv) |
2058 |
++ mindiv = tmpdiv; |
2059 |
++ } |
2060 |
++ |
2061 |
+ /* |
2062 |
+ * Calculate the maximum divider which is limited by PLL register |
2063 |
+ * layout (limited by the MUL or DIV field size). |
2064 |
+diff --git a/drivers/clk/at91/pmc.h b/drivers/clk/at91/pmc.h |
2065 |
+index 69abb08..eb8e5dc 100644 |
2066 |
+--- a/drivers/clk/at91/pmc.h |
2067 |
++++ b/drivers/clk/at91/pmc.h |
2068 |
+@@ -121,7 +121,7 @@ extern void __init of_at91sam9x5_clk_smd_setup(struct device_node *np, |
2069 |
+ struct at91_pmc *pmc); |
2070 |
+ #endif |
2071 |
+ |
2072 |
+-#if defined(CONFIG_HAVE_AT91_SMD) |
2073 |
++#if defined(CONFIG_HAVE_AT91_H32MX) |
2074 |
+ extern void __init of_sama5d4_clk_h32mx_setup(struct device_node *np, |
2075 |
+ struct at91_pmc *pmc); |
2076 |
+ #endif |
2077 |
+diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c |
2078 |
+index f347ab7..08b0da2 100644 |
2079 |
+--- a/drivers/crypto/caam/caamhash.c |
2080 |
++++ b/drivers/crypto/caam/caamhash.c |
2081 |
+@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req) |
2082 |
+ |
2083 |
+ state->current_buf = 0; |
2084 |
+ state->buf_dma = 0; |
2085 |
++ state->buflen_0 = 0; |
2086 |
++ state->buflen_1 = 0; |
2087 |
+ |
2088 |
+ return 0; |
2089 |
+ } |
2090 |
+diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c |
2091 |
+index ae31e55..a48dc25 100644 |
2092 |
+--- a/drivers/crypto/caam/caamrng.c |
2093 |
++++ b/drivers/crypto/caam/caamrng.c |
2094 |
+@@ -56,7 +56,7 @@ |
2095 |
+ |
2096 |
+ /* Buffer, its dma address and lock */ |
2097 |
+ struct buf_data { |
2098 |
+- u8 buf[RN_BUF_SIZE]; |
2099 |
++ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; |
2100 |
+ dma_addr_t addr; |
2101 |
+ struct completion filled; |
2102 |
+ u32 hw_desc[DESC_JOB_O_LEN]; |
2103 |
+diff --git a/drivers/gpu/drm/i915/i915_drv.c b/drivers/gpu/drm/i915/i915_drv.c |
2104 |
+index ec4d932..169123a 100644 |
2105 |
+--- a/drivers/gpu/drm/i915/i915_drv.c |
2106 |
++++ b/drivers/gpu/drm/i915/i915_drv.c |
2107 |
+@@ -693,6 +693,16 @@ static int i915_drm_resume(struct drm_device *dev) |
2108 |
+ intel_init_pch_refclk(dev); |
2109 |
+ drm_mode_config_reset(dev); |
2110 |
+ |
2111 |
++ /* |
2112 |
++ * Interrupts have to be enabled before any batches are run. |
2113 |
++ * If not the GPU will hang. i915_gem_init_hw() will initiate |
2114 |
++ * batches to update/restore the context. |
2115 |
++ * |
2116 |
++ * Modeset enabling in intel_modeset_init_hw() also needs |
2117 |
++ * working interrupts. |
2118 |
++ */ |
2119 |
++ intel_runtime_pm_enable_interrupts(dev_priv); |
2120 |
++ |
2121 |
+ mutex_lock(&dev->struct_mutex); |
2122 |
+ if (i915_gem_init_hw(dev)) { |
2123 |
+ DRM_ERROR("failed to re-initialize GPU, declaring wedged!\n"); |
2124 |
+@@ -700,9 +710,6 @@ static int i915_drm_resume(struct drm_device *dev) |
2125 |
+ } |
2126 |
+ mutex_unlock(&dev->struct_mutex); |
2127 |
+ |
2128 |
+- /* We need working interrupts for modeset enabling ... */ |
2129 |
+- intel_runtime_pm_enable_interrupts(dev_priv); |
2130 |
+- |
2131 |
+ intel_modeset_init_hw(dev); |
2132 |
+ |
2133 |
+ spin_lock_irq(&dev_priv->irq_lock); |
2134 |
+diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c |
2135 |
+index 7a628e4..9536ec3 100644 |
2136 |
+--- a/drivers/gpu/drm/i915/i915_gem.c |
2137 |
++++ b/drivers/gpu/drm/i915/i915_gem.c |
2138 |
+@@ -2732,6 +2732,9 @@ void i915_gem_reset(struct drm_device *dev) |
2139 |
+ void |
2140 |
+ i915_gem_retire_requests_ring(struct intel_engine_cs *ring) |
2141 |
+ { |
2142 |
++ if (list_empty(&ring->request_list)) |
2143 |
++ return; |
2144 |
++ |
2145 |
+ WARN_ON(i915_verify_lists(ring->dev)); |
2146 |
+ |
2147 |
+ /* Retire requests first as we use it above for the early return. |
2148 |
+@@ -3088,8 +3091,8 @@ int i915_vma_unbind(struct i915_vma *vma) |
2149 |
+ } else if (vma->ggtt_view.pages) { |
2150 |
+ sg_free_table(vma->ggtt_view.pages); |
2151 |
+ kfree(vma->ggtt_view.pages); |
2152 |
+- vma->ggtt_view.pages = NULL; |
2153 |
+ } |
2154 |
++ vma->ggtt_view.pages = NULL; |
2155 |
+ } |
2156 |
+ |
2157 |
+ drm_mm_remove_node(&vma->node); |
2158 |
+diff --git a/drivers/gpu/drm/mgag200/mgag200_mode.c b/drivers/gpu/drm/mgag200/mgag200_mode.c |
2159 |
+index 9872ba9..2ffeda3 100644 |
2160 |
+--- a/drivers/gpu/drm/mgag200/mgag200_mode.c |
2161 |
++++ b/drivers/gpu/drm/mgag200/mgag200_mode.c |
2162 |
+@@ -1526,6 +1526,11 @@ static int mga_vga_mode_valid(struct drm_connector *connector, |
2163 |
+ return MODE_BANDWIDTH; |
2164 |
+ } |
2165 |
+ |
2166 |
++ if ((mode->hdisplay % 8) != 0 || (mode->hsync_start % 8) != 0 || |
2167 |
++ (mode->hsync_end % 8) != 0 || (mode->htotal % 8) != 0) { |
2168 |
++ return MODE_H_ILLEGAL; |
2169 |
++ } |
2170 |
++ |
2171 |
+ if (mode->crtc_hdisplay > 2048 || mode->crtc_hsync_start > 4096 || |
2172 |
+ mode->crtc_hsync_end > 4096 || mode->crtc_htotal > 4096 || |
2173 |
+ mode->crtc_vdisplay > 2048 || mode->crtc_vsync_start > 4096 || |
2174 |
+diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c |
2175 |
+index 686411e..b82f2dd 100644 |
2176 |
+--- a/drivers/gpu/drm/radeon/radeon_kms.c |
2177 |
++++ b/drivers/gpu/drm/radeon/radeon_kms.c |
2178 |
+@@ -547,6 +547,9 @@ static int radeon_info_ioctl(struct drm_device *dev, void *data, struct drm_file |
2179 |
+ else |
2180 |
+ *value = 1; |
2181 |
+ break; |
2182 |
++ case RADEON_INFO_VA_UNMAP_WORKING: |
2183 |
++ *value = true; |
2184 |
++ break; |
2185 |
+ default: |
2186 |
+ DRM_DEBUG_KMS("Invalid request %d\n", info->request); |
2187 |
+ return -EINVAL; |
2188 |
+diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c |
2189 |
+index 147029a..ac72ece 100644 |
2190 |
+--- a/drivers/infiniband/ulp/isert/ib_isert.c |
2191 |
++++ b/drivers/infiniband/ulp/isert/ib_isert.c |
2192 |
+@@ -2316,7 +2316,6 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd, |
2193 |
+ page_off = offset % PAGE_SIZE; |
2194 |
+ |
2195 |
+ send_wr->sg_list = ib_sge; |
2196 |
+- send_wr->num_sge = sg_nents; |
2197 |
+ send_wr->wr_id = (uintptr_t)&isert_cmd->tx_desc; |
2198 |
+ /* |
2199 |
+ * Perform mapping of TCM scatterlist memory ib_sge dma_addr. |
2200 |
+@@ -2336,14 +2335,17 @@ isert_build_rdma_wr(struct isert_conn *isert_conn, struct isert_cmd *isert_cmd, |
2201 |
+ ib_sge->addr, ib_sge->length, ib_sge->lkey); |
2202 |
+ page_off = 0; |
2203 |
+ data_left -= ib_sge->length; |
2204 |
++ if (!data_left) |
2205 |
++ break; |
2206 |
+ ib_sge++; |
2207 |
+ isert_dbg("Incrementing ib_sge pointer to %p\n", ib_sge); |
2208 |
+ } |
2209 |
+ |
2210 |
++ send_wr->num_sge = ++i; |
2211 |
+ isert_dbg("Set outgoing sg_list: %p num_sg: %u from TCM SGLs\n", |
2212 |
+ send_wr->sg_list, send_wr->num_sge); |
2213 |
+ |
2214 |
+- return sg_nents; |
2215 |
++ return send_wr->num_sge; |
2216 |
+ } |
2217 |
+ |
2218 |
+ static int |
2219 |
+@@ -3311,6 +3313,7 @@ static void isert_free_conn(struct iscsi_conn *conn) |
2220 |
+ { |
2221 |
+ struct isert_conn *isert_conn = conn->context; |
2222 |
+ |
2223 |
++ isert_wait4flush(isert_conn); |
2224 |
+ isert_put_conn(isert_conn); |
2225 |
+ } |
2226 |
+ |
2227 |
+diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
2228 |
+index 9b4e30a..beda011 100644 |
2229 |
+--- a/drivers/md/dm.c |
2230 |
++++ b/drivers/md/dm.c |
2231 |
+@@ -1889,8 +1889,8 @@ static int map_request(struct dm_target *ti, struct request *rq, |
2232 |
+ dm_kill_unmapped_request(rq, r); |
2233 |
+ return r; |
2234 |
+ } |
2235 |
+- if (IS_ERR(clone)) |
2236 |
+- return DM_MAPIO_REQUEUE; |
2237 |
++ if (r != DM_MAPIO_REMAPPED) |
2238 |
++ return r; |
2239 |
+ if (setup_clone(clone, rq, tio, GFP_KERNEL)) { |
2240 |
+ /* -ENOMEM */ |
2241 |
+ ti->type->release_clone_rq(clone); |
2242 |
+diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c |
2243 |
+index 75345c1..5c91df5 100644 |
2244 |
+--- a/drivers/net/wireless/b43/main.c |
2245 |
++++ b/drivers/net/wireless/b43/main.c |
2246 |
+@@ -5365,6 +5365,10 @@ static void b43_supported_bands(struct b43_wldev *dev, bool *have_2ghz_phy, |
2247 |
+ *have_5ghz_phy = true; |
2248 |
+ return; |
2249 |
+ case 0x4321: /* BCM4306 */ |
2250 |
++ /* There are 14e4:4321 PCI devs with 2.4 GHz BCM4321 (N-PHY) */ |
2251 |
++ if (dev->phy.type != B43_PHYTYPE_G) |
2252 |
++ break; |
2253 |
++ /* fall through */ |
2254 |
+ case 0x4313: /* BCM4311 */ |
2255 |
+ case 0x431a: /* BCM4318 */ |
2256 |
+ case 0x432a: /* BCM4321 */ |
2257 |
+diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c |
2258 |
+index 220c0fd..50faef4 100644 |
2259 |
+--- a/drivers/usb/class/cdc-acm.c |
2260 |
++++ b/drivers/usb/class/cdc-acm.c |
2261 |
+@@ -1468,6 +1468,11 @@ skip_countries: |
2262 |
+ goto alloc_fail8; |
2263 |
+ } |
2264 |
+ |
2265 |
++ if (quirks & CLEAR_HALT_CONDITIONS) { |
2266 |
++ usb_clear_halt(usb_dev, usb_rcvbulkpipe(usb_dev, epread->bEndpointAddress)); |
2267 |
++ usb_clear_halt(usb_dev, usb_sndbulkpipe(usb_dev, epwrite->bEndpointAddress)); |
2268 |
++ } |
2269 |
++ |
2270 |
+ return 0; |
2271 |
+ alloc_fail8: |
2272 |
+ if (acm->country_codes) { |
2273 |
+@@ -1747,6 +1752,10 @@ static const struct usb_device_id acm_ids[] = { |
2274 |
+ .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */ |
2275 |
+ }, |
2276 |
+ |
2277 |
++ { USB_DEVICE(0x2912, 0x0001), /* ATOL FPrint */ |
2278 |
++ .driver_info = CLEAR_HALT_CONDITIONS, |
2279 |
++ }, |
2280 |
++ |
2281 |
+ /* Nokia S60 phones expose two ACM channels. The first is |
2282 |
+ * a modem and is picked up by the standard AT-command |
2283 |
+ * information below. The second is 'vendor-specific' but |
2284 |
+diff --git a/drivers/usb/class/cdc-acm.h b/drivers/usb/class/cdc-acm.h |
2285 |
+index ffeb3c8..b3b6c9d 100644 |
2286 |
+--- a/drivers/usb/class/cdc-acm.h |
2287 |
++++ b/drivers/usb/class/cdc-acm.h |
2288 |
+@@ -133,3 +133,4 @@ struct acm { |
2289 |
+ #define NO_DATA_INTERFACE BIT(4) |
2290 |
+ #define IGNORE_DEVICE BIT(5) |
2291 |
+ #define QUIRK_CONTROL_LINE_STATE BIT(6) |
2292 |
++#define CLEAR_HALT_CONDITIONS BIT(7) |
2293 |
+diff --git a/include/uapi/drm/radeon_drm.h b/include/uapi/drm/radeon_drm.h |
2294 |
+index 50d0fb4..76d2ede 100644 |
2295 |
+--- a/include/uapi/drm/radeon_drm.h |
2296 |
++++ b/include/uapi/drm/radeon_drm.h |
2297 |
+@@ -1034,6 +1034,7 @@ struct drm_radeon_cs { |
2298 |
+ #define RADEON_INFO_VRAM_USAGE 0x1e |
2299 |
+ #define RADEON_INFO_GTT_USAGE 0x1f |
2300 |
+ #define RADEON_INFO_ACTIVE_CU_COUNT 0x20 |
2301 |
++#define RADEON_INFO_VA_UNMAP_WORKING 0x25 |
2302 |
+ |
2303 |
+ struct drm_radeon_info { |
2304 |
+ uint32_t request; |
2305 |
+diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c |
2306 |
+index ced69da..7f2e97c 100644 |
2307 |
+--- a/kernel/trace/trace_events_filter.c |
2308 |
++++ b/kernel/trace/trace_events_filter.c |
2309 |
+@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps) |
2310 |
+ { |
2311 |
+ int n_normal_preds = 0, n_logical_preds = 0; |
2312 |
+ struct postfix_elt *elt; |
2313 |
++ int cnt = 0; |
2314 |
+ |
2315 |
+ list_for_each_entry(elt, &ps->postfix, list) { |
2316 |
+- if (elt->op == OP_NONE) |
2317 |
++ if (elt->op == OP_NONE) { |
2318 |
++ cnt++; |
2319 |
+ continue; |
2320 |
++ } |
2321 |
+ |
2322 |
+ if (elt->op == OP_AND || elt->op == OP_OR) { |
2323 |
+ n_logical_preds++; |
2324 |
++ cnt--; |
2325 |
+ continue; |
2326 |
+ } |
2327 |
++ if (elt->op != OP_NOT) |
2328 |
++ cnt--; |
2329 |
+ n_normal_preds++; |
2330 |
++ WARN_ON_ONCE(cnt < 0); |
2331 |
+ } |
2332 |
+ |
2333 |
+- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { |
2334 |
++ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { |
2335 |
+ parse_error(ps, FILT_ERR_INVALID_FILTER, 0); |
2336 |
+ return -EINVAL; |
2337 |
+ } |
2338 |
+diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c |
2339 |
+index 87eff31..60b3100 100644 |
2340 |
+--- a/sound/pci/hda/patch_sigmatel.c |
2341 |
++++ b/sound/pci/hda/patch_sigmatel.c |
2342 |
+@@ -100,6 +100,7 @@ enum { |
2343 |
+ STAC_HP_ENVY_BASS, |
2344 |
+ STAC_HP_BNB13_EQ, |
2345 |
+ STAC_HP_ENVY_TS_BASS, |
2346 |
++ STAC_HP_ENVY_TS_DAC_BIND, |
2347 |
+ STAC_92HD83XXX_GPIO10_EAPD, |
2348 |
+ STAC_92HD83XXX_MODELS |
2349 |
+ }; |
2350 |
+@@ -2170,6 +2171,22 @@ static void stac92hd83xxx_fixup_gpio10_eapd(struct hda_codec *codec, |
2351 |
+ spec->eapd_switch = 0; |
2352 |
+ } |
2353 |
+ |
2354 |
++static void hp_envy_ts_fixup_dac_bind(struct hda_codec *codec, |
2355 |
++ const struct hda_fixup *fix, |
2356 |
++ int action) |
2357 |
++{ |
2358 |
++ struct sigmatel_spec *spec = codec->spec; |
2359 |
++ static hda_nid_t preferred_pairs[] = { |
2360 |
++ 0xd, 0x13, |
2361 |
++ 0 |
2362 |
++ }; |
2363 |
++ |
2364 |
++ if (action != HDA_FIXUP_ACT_PRE_PROBE) |
2365 |
++ return; |
2366 |
++ |
2367 |
++ spec->gen.preferred_dacs = preferred_pairs; |
2368 |
++} |
2369 |
++ |
2370 |
+ static const struct hda_verb hp_bnb13_eq_verbs[] = { |
2371 |
+ /* 44.1KHz base */ |
2372 |
+ { 0x22, 0x7A6, 0x3E }, |
2373 |
+@@ -2685,6 +2702,12 @@ static const struct hda_fixup stac92hd83xxx_fixups[] = { |
2374 |
+ {} |
2375 |
+ }, |
2376 |
+ }, |
2377 |
++ [STAC_HP_ENVY_TS_DAC_BIND] = { |
2378 |
++ .type = HDA_FIXUP_FUNC, |
2379 |
++ .v.func = hp_envy_ts_fixup_dac_bind, |
2380 |
++ .chained = true, |
2381 |
++ .chain_id = STAC_HP_ENVY_TS_BASS, |
2382 |
++ }, |
2383 |
+ [STAC_92HD83XXX_GPIO10_EAPD] = { |
2384 |
+ .type = HDA_FIXUP_FUNC, |
2385 |
+ .v.func = stac92hd83xxx_fixup_gpio10_eapd, |
2386 |
+@@ -2763,6 +2786,8 @@ static const struct snd_pci_quirk stac92hd83xxx_fixup_tbl[] = { |
2387 |
+ "HP bNB13", STAC_HP_BNB13_EQ), |
2388 |
+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x190e, |
2389 |
+ "HP ENVY TS", STAC_HP_ENVY_TS_BASS), |
2390 |
++ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1967, |
2391 |
++ "HP ENVY TS", STAC_HP_ENVY_TS_DAC_BIND), |
2392 |
+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1940, |
2393 |
+ "HP bNB13", STAC_HP_BNB13_EQ), |
2394 |
+ SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1941, |
2395 |
|
2396 |
diff --git a/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch b/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch |
2397 |
similarity index 99% |
2398 |
rename from 4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch |
2399 |
rename to 4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch |
2400 |
index 01515b8..37bee2c 100644 |
2401 |
--- a/4.0.6/4420_grsecurity-3.1-4.0.6-201506272327.patch |
2402 |
+++ b/4.0.7/4420_grsecurity-3.1-4.0.7-201506300712.patch |
2403 |
@@ -373,7 +373,7 @@ index 4d68ec8..9546b75 100644 |
2404 |
|
2405 |
pcd. [PARIDE] |
2406 |
diff --git a/Makefile b/Makefile |
2407 |
-index af6da04..22820aa 100644 |
2408 |
+index bd76a8e..ed02758 100644 |
2409 |
--- a/Makefile |
2410 |
+++ b/Makefile |
2411 |
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
2412 |
@@ -3437,7 +3437,7 @@ index 3e58d71..029817c 100644 |
2413 |
/* See rational for this in __copy_to_user() above. */ |
2414 |
if (n < 64) |
2415 |
diff --git a/arch/arm/mach-exynos/suspend.c b/arch/arm/mach-exynos/suspend.c |
2416 |
-index 318d127..9aab0d1 100644 |
2417 |
+index 582ef2d..d314e82 100644 |
2418 |
--- a/arch/arm/mach-exynos/suspend.c |
2419 |
+++ b/arch/arm/mach-exynos/suspend.c |
2420 |
@@ -18,6 +18,7 @@ |
2421 |
@@ -3448,7 +3448,7 @@ index 318d127..9aab0d1 100644 |
2422 |
#include <linux/irqchip/arm-gic.h> |
2423 |
#include <linux/err.h> |
2424 |
#include <linux/regulator/machine.h> |
2425 |
-@@ -632,8 +633,10 @@ void __init exynos_pm_init(void) |
2426 |
+@@ -635,8 +636,10 @@ void __init exynos_pm_init(void) |
2427 |
tmp |= pm_data->wake_disable_mask; |
2428 |
pmu_raw_writel(tmp, S5P_WAKEUP_MASK); |
2429 |
|
2430 |
@@ -17369,7 +17369,7 @@ index 09b9620..923aecd 100644 |
2431 |
atomic_t perf_rdpmc_allowed; /* nonzero if rdpmc is allowed */ |
2432 |
} mm_context_t; |
2433 |
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
2434 |
-index 883f6b93..6869d96 100644 |
2435 |
+index 883f6b93..bb405b5 100644 |
2436 |
--- a/arch/x86/include/asm/mmu_context.h |
2437 |
+++ b/arch/x86/include/asm/mmu_context.h |
2438 |
@@ -42,6 +42,20 @@ void destroy_context(struct mm_struct *mm); |
2439 |
@@ -17461,9 +17461,9 @@ index 883f6b93..6869d96 100644 |
2440 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
2441 |
+ if (!(__supported_pte_mask & _PAGE_NX)) { |
2442 |
+ smp_mb__before_atomic(); |
2443 |
-+ cpu_clear(cpu, prev->context.cpu_user_cs_mask); |
2444 |
++ cpumask_clear_cpu(cpu, &prev->context.cpu_user_cs_mask); |
2445 |
+ smp_mb__after_atomic(); |
2446 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
2447 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
2448 |
+ } |
2449 |
+#endif |
2450 |
+ |
2451 |
@@ -17537,7 +17537,7 @@ index 883f6b93..6869d96 100644 |
2452 |
+ |
2453 |
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) |
2454 |
+ if (!(__supported_pte_mask & _PAGE_NX)) |
2455 |
-+ cpu_set(cpu, next->context.cpu_user_cs_mask); |
2456 |
++ cpumask_set_cpu(cpu, &next->context.cpu_user_cs_mask); |
2457 |
+#endif |
2458 |
+ |
2459 |
+#if defined(CONFIG_X86_32) && (defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)) |
2460 |
@@ -22048,7 +22048,7 @@ index cf3df1d..b637d9a 100644 |
2461 |
|
2462 |
if (__die(str, regs, err)) |
2463 |
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c |
2464 |
-index 5abd4cd..c65733b 100644 |
2465 |
+index 5abd4cd..ca97162 100644 |
2466 |
--- a/arch/x86/kernel/dumpstack_32.c |
2467 |
+++ b/arch/x86/kernel/dumpstack_32.c |
2468 |
@@ -61,15 +61,14 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, |
2469 |
@@ -22125,7 +22125,7 @@ index 5abd4cd..c65733b 100644 |
2470 |
} |
2471 |
+ |
2472 |
+#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY) |
2473 |
-+void pax_check_alloca(unsigned long size) |
2474 |
++void __used pax_check_alloca(unsigned long size) |
2475 |
+{ |
2476 |
+ unsigned long sp = (unsigned long)&sp, stack_left; |
2477 |
+ |
2478 |
@@ -22136,7 +22136,7 @@ index 5abd4cd..c65733b 100644 |
2479 |
+EXPORT_SYMBOL(pax_check_alloca); |
2480 |
+#endif |
2481 |
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c |
2482 |
-index ff86f19..73eabf4 100644 |
2483 |
+index ff86f19..a2efee8 100644 |
2484 |
--- a/arch/x86/kernel/dumpstack_64.c |
2485 |
+++ b/arch/x86/kernel/dumpstack_64.c |
2486 |
@@ -153,12 +153,12 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, |
2487 |
@@ -22211,7 +22211,7 @@ index ff86f19..73eabf4 100644 |
2488 |
} |
2489 |
+ |
2490 |
+#if defined(CONFIG_PAX_MEMORY_STACKLEAK) || defined(CONFIG_PAX_USERCOPY) |
2491 |
-+void pax_check_alloca(unsigned long size) |
2492 |
++void __used pax_check_alloca(unsigned long size) |
2493 |
+{ |
2494 |
+ unsigned long sp = (unsigned long)&sp, stack_start, stack_end; |
2495 |
+ unsigned cpu, used; |
2496 |
@@ -23060,7 +23060,7 @@ index 31e2d5b..b31c76d 100644 |
2497 |
#endif |
2498 |
|
2499 |
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
2500 |
-index f0095a7..ec77893 100644 |
2501 |
+index f0095a7..7ece039 100644 |
2502 |
--- a/arch/x86/kernel/entry_64.S |
2503 |
+++ b/arch/x86/kernel/entry_64.S |
2504 |
@@ -59,6 +59,8 @@ |
2505 |
@@ -23114,7 +23114,7 @@ index f0095a7..ec77893 100644 |
2506 |
+ |
2507 |
+#ifdef CONFIG_PAX_KERNEXEC |
2508 |
+ GET_CR0_INTO_RDI |
2509 |
-+ bts $16,%rdi |
2510 |
++ bts $X86_CR0_WP_BIT,%rdi |
2511 |
+ jnc 3f |
2512 |
+ mov %cs,%edi |
2513 |
+ cmp $__KERNEL_CS,%edi |
2514 |
@@ -23175,7 +23175,7 @@ index f0095a7..ec77893 100644 |
2515 |
+ cmp $__KERNEXEC_KERNEL_CS,%edi |
2516 |
+ jz 2f |
2517 |
+ GET_CR0_INTO_RDI |
2518 |
-+ bts $16,%rdi |
2519 |
++ bts $X86_CR0_WP_BIT,%rdi |
2520 |
+ jnc 4f |
2521 |
+1: |
2522 |
+#endif |
2523 |
@@ -23213,7 +23213,7 @@ index f0095a7..ec77893 100644 |
2524 |
+ |
2525 |
+#ifdef CONFIG_PAX_KERNEXEC |
2526 |
+2: GET_CR0_INTO_RDI |
2527 |
-+ btr $16,%rdi |
2528 |
++ btr $X86_CR0_WP_BIT,%rdi |
2529 |
+ jnc 4f |
2530 |
+ ljmpq __KERNEL_CS,3f |
2531 |
+3: SET_RDI_INTO_CR0 |
2532 |
@@ -23301,7 +23301,7 @@ index f0095a7..ec77893 100644 |
2533 |
+ |
2534 |
+#ifdef CONFIG_PAX_KERNEXEC |
2535 |
+ GET_CR0_INTO_RDI |
2536 |
-+ bts $16,%rdi |
2537 |
++ bts $X86_CR0_WP_BIT,%rdi |
2538 |
+ SET_RDI_INTO_CR0 |
2539 |
+#endif |
2540 |
+ |
2541 |
@@ -23346,7 +23346,7 @@ index f0095a7..ec77893 100644 |
2542 |
+ |
2543 |
+#ifdef CONFIG_PAX_KERNEXEC |
2544 |
+ GET_CR0_INTO_RDI |
2545 |
-+ btr $16,%rdi |
2546 |
++ btr $X86_CR0_WP_BIT,%rdi |
2547 |
+ jnc 3f |
2548 |
+ SET_RDI_INTO_CR0 |
2549 |
+#endif |
2550 |
@@ -23393,7 +23393,7 @@ index f0095a7..ec77893 100644 |
2551 |
+ |
2552 |
+#ifdef CONFIG_PAX_KERNEXEC |
2553 |
+ GET_CR0_INTO_RDI |
2554 |
-+ bts $16,%rdi |
2555 |
++ bts $X86_CR0_WP_BIT,%rdi |
2556 |
+ jc 110f |
2557 |
+ SET_RDI_INTO_CR0 |
2558 |
+ or $2,%ebx |
2559 |
@@ -23426,7 +23426,7 @@ index f0095a7..ec77893 100644 |
2560 |
+ btr $1,%ebx |
2561 |
+ jnc 110f |
2562 |
+ GET_CR0_INTO_RDI |
2563 |
-+ btr $16,%rdi |
2564 |
++ btr $X86_CR0_WP_BIT,%rdi |
2565 |
+ SET_RDI_INTO_CR0 |
2566 |
+110: |
2567 |
+#endif |
2568 |
@@ -25578,7 +25578,7 @@ index 25ecd56..e12482f 100644 |
2569 |
} |
2570 |
|
2571 |
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c |
2572 |
-index 4e3d5a9..03fffd8 100644 |
2573 |
+index 03189d8..4705700 100644 |
2574 |
--- a/arch/x86/kernel/kprobes/core.c |
2575 |
+++ b/arch/x86/kernel/kprobes/core.c |
2576 |
@@ -120,9 +120,12 @@ __synthesize_relative_insn(void *from, void *to, u8 op) |
2577 |
@@ -25619,17 +25619,17 @@ index 4e3d5a9..03fffd8 100644 |
2578 |
} |
2579 |
|
2580 |
/* |
2581 |
-@@ -364,7 +367,9 @@ int __copy_instruction(u8 *dest, u8 *src) |
2582 |
+@@ -367,7 +370,9 @@ int __copy_instruction(u8 *dest, u8 *src) |
2583 |
/* Another subsystem puts a breakpoint, failed to recover */ |
2584 |
if (insn.opcode.bytes[0] == BREAKPOINT_INSTRUCTION) |
2585 |
return 0; |
2586 |
+ pax_open_kernel(); |
2587 |
- memcpy(dest, insn.kaddr, insn.length); |
2588 |
+ memcpy(dest, insn.kaddr, length); |
2589 |
+ pax_close_kernel(); |
2590 |
|
2591 |
#ifdef CONFIG_X86_64 |
2592 |
if (insn_rip_relative(&insn)) { |
2593 |
-@@ -391,7 +396,9 @@ int __copy_instruction(u8 *dest, u8 *src) |
2594 |
+@@ -394,7 +399,9 @@ int __copy_instruction(u8 *dest, u8 *src) |
2595 |
return 0; |
2596 |
} |
2597 |
disp = (u8 *) dest + insn_offset_displacement(&insn); |
2598 |
@@ -25638,8 +25638,8 @@ index 4e3d5a9..03fffd8 100644 |
2599 |
+ pax_close_kernel(); |
2600 |
} |
2601 |
#endif |
2602 |
- return insn.length; |
2603 |
-@@ -533,7 +540,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs, |
2604 |
+ return length; |
2605 |
+@@ -536,7 +543,7 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs, |
2606 |
* nor set current_kprobe, because it doesn't use single |
2607 |
* stepping. |
2608 |
*/ |
2609 |
@@ -25648,7 +25648,7 @@ index 4e3d5a9..03fffd8 100644 |
2610 |
preempt_enable_no_resched(); |
2611 |
return; |
2612 |
} |
2613 |
-@@ -550,9 +557,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs, |
2614 |
+@@ -553,9 +560,9 @@ static void setup_singlestep(struct kprobe *p, struct pt_regs *regs, |
2615 |
regs->flags &= ~X86_EFLAGS_IF; |
2616 |
/* single step inline if the instruction is an int3 */ |
2617 |
if (p->opcode == BREAKPOINT_INSTRUCTION) |
2618 |
@@ -25660,7 +25660,7 @@ index 4e3d5a9..03fffd8 100644 |
2619 |
} |
2620 |
NOKPROBE_SYMBOL(setup_singlestep); |
2621 |
|
2622 |
-@@ -602,7 +609,7 @@ int kprobe_int3_handler(struct pt_regs *regs) |
2623 |
+@@ -605,7 +612,7 @@ int kprobe_int3_handler(struct pt_regs *regs) |
2624 |
struct kprobe *p; |
2625 |
struct kprobe_ctlblk *kcb; |
2626 |
|
2627 |
@@ -25669,7 +25669,7 @@ index 4e3d5a9..03fffd8 100644 |
2628 |
return 0; |
2629 |
|
2630 |
addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t)); |
2631 |
-@@ -637,7 +644,7 @@ int kprobe_int3_handler(struct pt_regs *regs) |
2632 |
+@@ -640,7 +647,7 @@ int kprobe_int3_handler(struct pt_regs *regs) |
2633 |
setup_singlestep(p, regs, kcb, 0); |
2634 |
return 1; |
2635 |
} |
2636 |
@@ -25678,7 +25678,7 @@ index 4e3d5a9..03fffd8 100644 |
2637 |
/* |
2638 |
* The breakpoint instruction was removed right |
2639 |
* after we hit it. Another cpu has removed |
2640 |
-@@ -684,6 +691,9 @@ static void __used kretprobe_trampoline_holder(void) |
2641 |
+@@ -687,6 +694,9 @@ static void __used kretprobe_trampoline_holder(void) |
2642 |
" movq %rax, 152(%rsp)\n" |
2643 |
RESTORE_REGS_STRING |
2644 |
" popfq\n" |
2645 |
@@ -25688,7 +25688,7 @@ index 4e3d5a9..03fffd8 100644 |
2646 |
#else |
2647 |
" pushf\n" |
2648 |
SAVE_REGS_STRING |
2649 |
-@@ -824,7 +834,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs, |
2650 |
+@@ -827,7 +837,7 @@ static void resume_execution(struct kprobe *p, struct pt_regs *regs, |
2651 |
struct kprobe_ctlblk *kcb) |
2652 |
{ |
2653 |
unsigned long *tos = stack_addr(regs); |
2654 |
@@ -25697,7 +25697,7 @@ index 4e3d5a9..03fffd8 100644 |
2655 |
unsigned long orig_ip = (unsigned long)p->addr; |
2656 |
kprobe_opcode_t *insn = p->ainsn.insn; |
2657 |
|
2658 |
-@@ -1007,7 +1017,7 @@ int kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, |
2659 |
+@@ -1010,7 +1020,7 @@ int kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, |
2660 |
struct die_args *args = data; |
2661 |
int ret = NOTIFY_DONE; |
2662 |
|
2663 |
@@ -25789,7 +25789,7 @@ index c2bedae..25e7ab60 100644 |
2664 |
.name = "data", |
2665 |
.mode = S_IRUGO, |
2666 |
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
2667 |
-index c37886d..d851d32 100644 |
2668 |
+index c37886d..3f425e3 100644 |
2669 |
--- a/arch/x86/kernel/ldt.c |
2670 |
+++ b/arch/x86/kernel/ldt.c |
2671 |
@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) |
2672 |
@@ -25831,7 +25831,7 @@ index c37886d..d851d32 100644 |
2673 |
+ mm->context.user_cs_limit = ~0UL; |
2674 |
+ |
2675 |
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP) |
2676 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
2677 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
2678 |
+#endif |
2679 |
+ |
2680 |
+#endif |
2681 |
@@ -28771,7 +28771,7 @@ index 106c015..2db7161 100644 |
2682 |
0, 0, 0, /* CR3 checked later */ |
2683 |
CR4_RESERVED_BITS, |
2684 |
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
2685 |
-index 4ee827d..83c8e31 100644 |
2686 |
+index 3cb2b58..83c8e31 100644 |
2687 |
--- a/arch/x86/kvm/lapic.c |
2688 |
+++ b/arch/x86/kvm/lapic.c |
2689 |
@@ -56,7 +56,7 @@ |
2690 |
@@ -28783,72 +28783,6 @@ index 4ee827d..83c8e31 100644 |
2691 |
|
2692 |
#define APIC_LVT_NUM 6 |
2693 |
/* 14 is the version for Xeon and Pentium 8.4.8*/ |
2694 |
-@@ -1064,6 +1064,17 @@ static void update_divide_count(struct kvm_lapic *apic) |
2695 |
- apic->divide_count); |
2696 |
- } |
2697 |
- |
2698 |
-+static void apic_update_lvtt(struct kvm_lapic *apic) |
2699 |
-+{ |
2700 |
-+ u32 timer_mode = kvm_apic_get_reg(apic, APIC_LVTT) & |
2701 |
-+ apic->lapic_timer.timer_mode_mask; |
2702 |
-+ |
2703 |
-+ if (apic->lapic_timer.timer_mode != timer_mode) { |
2704 |
-+ apic->lapic_timer.timer_mode = timer_mode; |
2705 |
-+ hrtimer_cancel(&apic->lapic_timer.timer); |
2706 |
-+ } |
2707 |
-+} |
2708 |
-+ |
2709 |
- static void apic_timer_expired(struct kvm_lapic *apic) |
2710 |
- { |
2711 |
- struct kvm_vcpu *vcpu = apic->vcpu; |
2712 |
-@@ -1272,6 +1283,7 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) |
2713 |
- apic_set_reg(apic, APIC_LVTT + 0x10 * i, |
2714 |
- lvt_val | APIC_LVT_MASKED); |
2715 |
- } |
2716 |
-+ apic_update_lvtt(apic); |
2717 |
- atomic_set(&apic->lapic_timer.pending, 0); |
2718 |
- |
2719 |
- } |
2720 |
-@@ -1304,20 +1316,13 @@ static int apic_reg_write(struct kvm_lapic *apic, u32 reg, u32 val) |
2721 |
- |
2722 |
- break; |
2723 |
- |
2724 |
-- case APIC_LVTT: { |
2725 |
-- u32 timer_mode = val & apic->lapic_timer.timer_mode_mask; |
2726 |
-- |
2727 |
-- if (apic->lapic_timer.timer_mode != timer_mode) { |
2728 |
-- apic->lapic_timer.timer_mode = timer_mode; |
2729 |
-- hrtimer_cancel(&apic->lapic_timer.timer); |
2730 |
-- } |
2731 |
-- |
2732 |
-+ case APIC_LVTT: |
2733 |
- if (!kvm_apic_sw_enabled(apic)) |
2734 |
- val |= APIC_LVT_MASKED; |
2735 |
- val &= (apic_lvt_mask[0] | apic->lapic_timer.timer_mode_mask); |
2736 |
- apic_set_reg(apic, APIC_LVTT, val); |
2737 |
-+ apic_update_lvtt(apic); |
2738 |
- break; |
2739 |
-- } |
2740 |
- |
2741 |
- case APIC_TMICT: |
2742 |
- if (apic_lvtt_tscdeadline(apic)) |
2743 |
-@@ -1552,7 +1557,7 @@ void kvm_lapic_reset(struct kvm_vcpu *vcpu) |
2744 |
- |
2745 |
- for (i = 0; i < APIC_LVT_NUM; i++) |
2746 |
- apic_set_reg(apic, APIC_LVTT + 0x10 * i, APIC_LVT_MASKED); |
2747 |
-- apic->lapic_timer.timer_mode = 0; |
2748 |
-+ apic_update_lvtt(apic); |
2749 |
- apic_set_reg(apic, APIC_LVT0, |
2750 |
- SET_APIC_DELIVERY_MODE(0, APIC_MODE_EXTINT)); |
2751 |
- |
2752 |
-@@ -1778,6 +1783,7 @@ void kvm_apic_post_state_restore(struct kvm_vcpu *vcpu, |
2753 |
- |
2754 |
- apic_update_ppr(apic); |
2755 |
- hrtimer_cancel(&apic->lapic_timer.timer); |
2756 |
-+ apic_update_lvtt(apic); |
2757 |
- update_divide_count(apic); |
2758 |
- start_apic_timer(apic); |
2759 |
- apic->irr_pending = true; |
2760 |
diff --git a/arch/x86/kvm/lapic.h b/arch/x86/kvm/lapic.h |
2761 |
index 0bc6c65..ca4f92d 100644 |
2762 |
--- a/arch/x86/kvm/lapic.h |
2763 |
@@ -31924,7 +31858,7 @@ index 903ec1e..c4166b2 100644 |
2764 |
} |
2765 |
|
2766 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
2767 |
-index ede025f..1ef909b 100644 |
2768 |
+index ede025f..ecc2d96 100644 |
2769 |
--- a/arch/x86/mm/fault.c |
2770 |
+++ b/arch/x86/mm/fault.c |
2771 |
@@ -13,12 +13,19 @@ |
2772 |
@@ -32240,7 +32174,7 @@ index ede025f..1ef909b 100644 |
2773 |
+ } |
2774 |
+ |
2775 |
+#ifdef CONFIG_SMP |
2776 |
-+ if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask))) |
2777 |
++ if (likely(address > get_limit(regs->cs) && cpumask_test_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask))) |
2778 |
+#else |
2779 |
+ if (likely(address > get_limit(regs->cs))) |
2780 |
+#endif |
2781 |
@@ -34266,7 +34200,7 @@ index 3250f23..7a97ba2 100644 |
2782 |
* functions differently. Tracing normally |
2783 |
diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c |
2784 |
new file mode 100644 |
2785 |
-index 0000000..dace51c |
2786 |
+index 0000000..3fda3f3 |
2787 |
--- /dev/null |
2788 |
+++ b/arch/x86/mm/uderef_64.c |
2789 |
@@ -0,0 +1,37 @@ |
2790 |
@@ -34279,7 +34213,7 @@ index 0000000..dace51c |
2791 |
+ * - remain leaf functions under all configurations, |
2792 |
+ * - never be called directly, only dereferenced from the wrappers. |
2793 |
+ */ |
2794 |
-+void __pax_open_userland(void) |
2795 |
++void __used __pax_open_userland(void) |
2796 |
+{ |
2797 |
+ unsigned int cpu; |
2798 |
+ |
2799 |
@@ -34288,12 +34222,12 @@ index 0000000..dace51c |
2800 |
+ |
2801 |
+ cpu = raw_get_cpu(); |
2802 |
+ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL); |
2803 |
-+ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); |
2804 |
++ write_cr3(__pa_nodebug(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH); |
2805 |
+ raw_put_cpu_no_resched(); |
2806 |
+} |
2807 |
+EXPORT_SYMBOL(__pax_open_userland); |
2808 |
+ |
2809 |
-+void __pax_close_userland(void) |
2810 |
++void __used __pax_close_userland(void) |
2811 |
+{ |
2812 |
+ unsigned int cpu; |
2813 |
+ |
2814 |
@@ -34302,7 +34236,7 @@ index 0000000..dace51c |
2815 |
+ |
2816 |
+ cpu = raw_get_cpu(); |
2817 |
+ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER); |
2818 |
-+ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); |
2819 |
++ write_cr3(__pa_nodebug(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH); |
2820 |
+ raw_put_cpu_no_resched(); |
2821 |
+} |
2822 |
+EXPORT_SYMBOL(__pax_close_userland); |
2823 |
@@ -40248,32 +40182,6 @@ index 832a2c3..1794080 100644 |
2824 |
.attrs = cpuidle_default_attrs, |
2825 |
.name = "cpuidle", |
2826 |
}; |
2827 |
-diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c |
2828 |
-index f347ab7..08b0da2 100644 |
2829 |
---- a/drivers/crypto/caam/caamhash.c |
2830 |
-+++ b/drivers/crypto/caam/caamhash.c |
2831 |
-@@ -1543,6 +1543,8 @@ static int ahash_init(struct ahash_request *req) |
2832 |
- |
2833 |
- state->current_buf = 0; |
2834 |
- state->buf_dma = 0; |
2835 |
-+ state->buflen_0 = 0; |
2836 |
-+ state->buflen_1 = 0; |
2837 |
- |
2838 |
- return 0; |
2839 |
- } |
2840 |
-diff --git a/drivers/crypto/caam/caamrng.c b/drivers/crypto/caam/caamrng.c |
2841 |
-index ae31e55..a48dc25 100644 |
2842 |
---- a/drivers/crypto/caam/caamrng.c |
2843 |
-+++ b/drivers/crypto/caam/caamrng.c |
2844 |
-@@ -56,7 +56,7 @@ |
2845 |
- |
2846 |
- /* Buffer, its dma address and lock */ |
2847 |
- struct buf_data { |
2848 |
-- u8 buf[RN_BUF_SIZE]; |
2849 |
-+ u8 buf[RN_BUF_SIZE] ____cacheline_aligned; |
2850 |
- dma_addr_t addr; |
2851 |
- struct completion filled; |
2852 |
- u32 hw_desc[DESC_JOB_O_LEN]; |
2853 |
diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c |
2854 |
index 8d2a772..33826c9 100644 |
2855 |
--- a/drivers/crypto/hifn_795x.c |
2856 |
@@ -45724,7 +45632,7 @@ index 79f6941..b33b4e0 100644 |
2857 |
pmd->bl_info.value_type.inc = data_block_inc; |
2858 |
pmd->bl_info.value_type.dec = data_block_dec; |
2859 |
diff --git a/drivers/md/dm.c b/drivers/md/dm.c |
2860 |
-index 9b4e30a..83c927d 100644 |
2861 |
+index beda011..de57372 100644 |
2862 |
--- a/drivers/md/dm.c |
2863 |
+++ b/drivers/md/dm.c |
2864 |
@@ -188,9 +188,9 @@ struct mapped_device { |
2865 |
@@ -67579,7 +67487,7 @@ index 8c52472..c4e3a69 100644 |
2866 |
|
2867 |
#else |
2868 |
diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c |
2869 |
-index 1e51714..411eded 100644 |
2870 |
+index 1e51714e..411eded 100644 |
2871 |
--- a/fs/cachefiles/namei.c |
2872 |
+++ b/fs/cachefiles/namei.c |
2873 |
@@ -309,7 +309,7 @@ try_again: |
2874 |
@@ -68764,7 +68672,7 @@ index e4141f2..d8263e8 100644 |
2875 |
i += packet_length_size; |
2876 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
2877 |
diff --git a/fs/exec.c b/fs/exec.c |
2878 |
-index 1202445..7a6fde9 100644 |
2879 |
+index 1202445..620c98e 100644 |
2880 |
--- a/fs/exec.c |
2881 |
+++ b/fs/exec.c |
2882 |
@@ -56,8 +56,20 @@ |
2883 |
@@ -69568,7 +69476,7 @@ index 1202445..7a6fde9 100644 |
2884 |
+EXPORT_SYMBOL(__check_object_size); |
2885 |
+ |
2886 |
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK |
2887 |
-+void pax_track_stack(void) |
2888 |
++void __used pax_track_stack(void) |
2889 |
+{ |
2890 |
+ unsigned long sp = (unsigned long)&sp; |
2891 |
+ if (sp < current_thread_info()->lowest_stack && |
2892 |
@@ -69581,7 +69489,7 @@ index 1202445..7a6fde9 100644 |
2893 |
+#endif |
2894 |
+ |
2895 |
+#ifdef CONFIG_PAX_SIZE_OVERFLOW |
2896 |
-+void __nocapture(1, 3, 4) report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
2897 |
++void __nocapture(1, 3, 4) __used report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) |
2898 |
+{ |
2899 |
+ printk(KERN_EMERG "PAX: size overflow detected in function %s %s:%u %s", func, file, line, ssa_name); |
2900 |
+ dump_stack(); |
2901 |
@@ -103116,38 +103024,29 @@ index a9c10a3..1864f6b 100644 |
2902 |
|
2903 |
/* Add an additional event_call dynamically */ |
2904 |
diff --git a/kernel/trace/trace_events_filter.c b/kernel/trace/trace_events_filter.c |
2905 |
-index ced69da..7f2e97c 100644 |
2906 |
+index 7f2e97c..085a257 100644 |
2907 |
--- a/kernel/trace/trace_events_filter.c |
2908 |
+++ b/kernel/trace/trace_events_filter.c |
2909 |
-@@ -1369,19 +1369,26 @@ static int check_preds(struct filter_parse_state *ps) |
2910 |
- { |
2911 |
- int n_normal_preds = 0, n_logical_preds = 0; |
2912 |
- struct postfix_elt *elt; |
2913 |
-+ int cnt = 0; |
2914 |
+@@ -1056,6 +1056,9 @@ static void parse_init(struct filter_parse_state *ps, |
2915 |
|
2916 |
- list_for_each_entry(elt, &ps->postfix, list) { |
2917 |
-- if (elt->op == OP_NONE) |
2918 |
-+ if (elt->op == OP_NONE) { |
2919 |
-+ cnt++; |
2920 |
- continue; |
2921 |
-+ } |
2922 |
+ static char infix_next(struct filter_parse_state *ps) |
2923 |
+ { |
2924 |
++ if (!ps->infix.cnt) |
2925 |
++ return 0; |
2926 |
++ |
2927 |
+ ps->infix.cnt--; |
2928 |
|
2929 |
- if (elt->op == OP_AND || elt->op == OP_OR) { |
2930 |
- n_logical_preds++; |
2931 |
-+ cnt--; |
2932 |
- continue; |
2933 |
- } |
2934 |
-+ if (elt->op != OP_NOT) |
2935 |
-+ cnt--; |
2936 |
- n_normal_preds++; |
2937 |
-+ WARN_ON_ONCE(cnt < 0); |
2938 |
- } |
2939 |
+ return ps->infix.string[ps->infix.tail++]; |
2940 |
+@@ -1071,6 +1074,9 @@ static char infix_peek(struct filter_parse_state *ps) |
2941 |
|
2942 |
-- if (!n_normal_preds || n_logical_preds >= n_normal_preds) { |
2943 |
-+ if (cnt != 1 || !n_normal_preds || n_logical_preds >= n_normal_preds) { |
2944 |
- parse_error(ps, FILT_ERR_INVALID_FILTER, 0); |
2945 |
- return -EINVAL; |
2946 |
- } |
2947 |
+ static void infix_advance(struct filter_parse_state *ps) |
2948 |
+ { |
2949 |
++ if (!ps->infix.cnt) |
2950 |
++ return; |
2951 |
++ |
2952 |
+ ps->infix.cnt--; |
2953 |
+ ps->infix.tail++; |
2954 |
+ } |
2955 |
diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c |
2956 |
index b6fce36..d9f11a3 100644 |
2957 |
--- a/kernel/trace/trace_functions_graph.c |
2958 |
@@ -107036,7 +106935,7 @@ index 9ec50a3..0476e2d 100644 |
2959 |
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); |
2960 |
|
2961 |
diff --git a/mm/mprotect.c b/mm/mprotect.c |
2962 |
-index 8858483..8145fa5 100644 |
2963 |
+index 8858483..72f2464 100644 |
2964 |
--- a/mm/mprotect.c |
2965 |
+++ b/mm/mprotect.c |
2966 |
@@ -24,10 +24,18 @@ |
2967 |
@@ -107085,8 +106984,8 @@ index 8858483..8145fa5 100644 |
2968 |
+ |
2969 |
+#ifdef CONFIG_SMP |
2970 |
+ wmb(); |
2971 |
-+ cpus_clear(mm->context.cpu_user_cs_mask); |
2972 |
-+ cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask); |
2973 |
++ cpumask_clear(&mm->context.cpu_user_cs_mask); |
2974 |
++ cpumask_set_cpu(smp_processor_id(), &mm->context.cpu_user_cs_mask); |
2975 |
+#endif |
2976 |
+ |
2977 |
+ set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id()); |
2978 |
|
2979 |
diff --git a/3.14.45/4425_grsec_remove_EI_PAX.patch b/4.0.7/4425_grsec_remove_EI_PAX.patch |
2980 |
similarity index 100% |
2981 |
rename from 3.14.45/4425_grsec_remove_EI_PAX.patch |
2982 |
rename to 4.0.7/4425_grsec_remove_EI_PAX.patch |
2983 |
|
2984 |
diff --git a/4.0.6/4427_force_XATTR_PAX_tmpfs.patch b/4.0.7/4427_force_XATTR_PAX_tmpfs.patch |
2985 |
similarity index 100% |
2986 |
rename from 4.0.6/4427_force_XATTR_PAX_tmpfs.patch |
2987 |
rename to 4.0.7/4427_force_XATTR_PAX_tmpfs.patch |
2988 |
|
2989 |
diff --git a/3.14.45/4430_grsec-remove-localversion-grsec.patch b/4.0.7/4430_grsec-remove-localversion-grsec.patch |
2990 |
similarity index 100% |
2991 |
rename from 3.14.45/4430_grsec-remove-localversion-grsec.patch |
2992 |
rename to 4.0.7/4430_grsec-remove-localversion-grsec.patch |
2993 |
|
2994 |
diff --git a/4.0.6/4435_grsec-mute-warnings.patch b/4.0.7/4435_grsec-mute-warnings.patch |
2995 |
similarity index 100% |
2996 |
rename from 4.0.6/4435_grsec-mute-warnings.patch |
2997 |
rename to 4.0.7/4435_grsec-mute-warnings.patch |
2998 |
|
2999 |
diff --git a/3.14.45/4440_grsec-remove-protected-paths.patch b/4.0.7/4440_grsec-remove-protected-paths.patch |
3000 |
similarity index 100% |
3001 |
rename from 3.14.45/4440_grsec-remove-protected-paths.patch |
3002 |
rename to 4.0.7/4440_grsec-remove-protected-paths.patch |
3003 |
|
3004 |
diff --git a/4.0.6/4450_grsec-kconfig-default-gids.patch b/4.0.7/4450_grsec-kconfig-default-gids.patch |
3005 |
similarity index 100% |
3006 |
rename from 4.0.6/4450_grsec-kconfig-default-gids.patch |
3007 |
rename to 4.0.7/4450_grsec-kconfig-default-gids.patch |
3008 |
|
3009 |
diff --git a/4.0.6/4465_selinux-avc_audit-log-curr_ip.patch b/4.0.7/4465_selinux-avc_audit-log-curr_ip.patch |
3010 |
similarity index 100% |
3011 |
rename from 4.0.6/4465_selinux-avc_audit-log-curr_ip.patch |
3012 |
rename to 4.0.7/4465_selinux-avc_audit-log-curr_ip.patch |
3013 |
|
3014 |
diff --git a/4.0.6/4470_disable-compat_vdso.patch b/4.0.7/4470_disable-compat_vdso.patch |
3015 |
similarity index 100% |
3016 |
rename from 4.0.6/4470_disable-compat_vdso.patch |
3017 |
rename to 4.0.7/4470_disable-compat_vdso.patch |
3018 |
|
3019 |
diff --git a/3.14.45/4475_emutramp_default_on.patch b/4.0.7/4475_emutramp_default_on.patch |
3020 |
similarity index 100% |
3021 |
rename from 3.14.45/4475_emutramp_default_on.patch |
3022 |
rename to 4.0.7/4475_emutramp_default_on.patch |