Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 2.6.32/, 3.7.5/, 3.7.4/, 3.2.37/
Date: Wed, 30 Jan 2013 00:38:21
Message-Id: 1359506268.04f05e9597748ec6c7a09636e6a910d49244c26b.blueness@gentoo
1 commit: 04f05e9597748ec6c7a09636e6a910d49244c26b
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Jan 30 00:37:48 2013 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Jan 30 00:37:48 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=04f05e95
7
8 Grsec/PaX: 2.9.1-{2.6.32.60,3.2.37,3.7.5}-201301281957
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.60-201301281956.patch} | 157 ++++++---
13 3.2.37/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.37-201301281956.patch} | 357 ++++++++++++++++----
15 {3.7.4 => 3.7.5}/0000_README | 2 +-
16 .../4420_grsecurity-2.9.1-3.7.5-201301281957.patch | 277 +++++++++-------
17 {3.7.4 => 3.7.5}/4425_grsec_remove_EI_PAX.patch | 0
18 .../4430_grsec-remove-localversion-grsec.patch | 0
19 {3.7.4 => 3.7.5}/4435_grsec-mute-warnings.patch | 0
20 .../4440_grsec-remove-protected-paths.patch | 0
21 .../4450_grsec-kconfig-default-gids.patch | 0
22 .../4465_selinux-avc_audit-log-curr_ip.patch | 0
23 {3.7.4 => 3.7.5}/4470_disable-compat_vdso.patch | 0
24 13 files changed, 551 insertions(+), 246 deletions(-)
25
26 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
27 index e95f139..584dc17 100644
28 --- a/2.6.32/0000_README
29 +++ b/2.6.32/0000_README
30 @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch
31 From: http://www.kernel.org
32 Desc: Linux 2.6.32.59
33
34 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch
35 +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch
36 From: http://www.grsecurity.net
37 Desc: hardened-sources base patch from upstream grsecurity
38
39
40 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch
41 similarity index 99%
42 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch
43 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch
44 index 5cfce60..dd6c22f 100644
45 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301230046.patch
46 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201301281956.patch
47 @@ -70315,7 +70315,7 @@ index b9b37ff..19dfa23 100644
48 .close = binder_vma_close,
49 };
50 diff --git a/drivers/staging/b3dfg/b3dfg.c b/drivers/staging/b3dfg/b3dfg.c
51 -index cda26bb..39fed3f 100644
52 +index cda26bb4..39fed3f 100644
53 --- a/drivers/staging/b3dfg/b3dfg.c
54 +++ b/drivers/staging/b3dfg/b3dfg.c
55 @@ -455,7 +455,7 @@ static int b3dfg_vma_fault(struct vm_area_struct *vma,
56 @@ -75182,7 +75182,7 @@ index 0133b5a..3710d09 100644
57 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
58 #ifdef __alpha__
59 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
60 -index a64fde6..0f8c4d1 100644
61 +index a64fde6..621e25d 100644
62 --- a/fs/binfmt_elf.c
63 +++ b/fs/binfmt_elf.c
64 @@ -31,6 +31,7 @@
65 @@ -75651,7 +75651,7 @@ index a64fde6..0f8c4d1 100644
66 unsigned int random_variable = 0;
67
68 +#ifdef CONFIG_PAX_RANDUSTACK
69 -+ if (randomize_va_space)
70 ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
71 + return stack_top - current->mm->delta_stack;
72 +#endif
73 +
74 @@ -77563,15 +77563,16 @@ index ff57421..f65f88a 100644
75
76 out_free_fd:
77 diff --git a/fs/exec.c b/fs/exec.c
78 -index 86fafc6..509ab19 100644
79 +index 86fafc6..c1f24b5 100644
80 --- a/fs/exec.c
81 +++ b/fs/exec.c
82 -@@ -56,12 +56,33 @@
83 +@@ -56,12 +56,34 @@
84 #include <linux/fsnotify.h>
85 #include <linux/fs_struct.h>
86 #include <linux/pipe_fs_i.h>
87 +#include <linux/random.h>
88 +#include <linux/seq_file.h>
89 ++#include <linux/mman.h>
90 +
91 +#ifdef CONFIG_PAX_REFCOUNT
92 +#include <linux/kallsyms.h>
93 @@ -77600,7 +77601,7 @@ index 86fafc6..509ab19 100644
94 int core_uses_pid;
95 char core_pattern[CORENAME_MAX_SIZE] = "core";
96 unsigned int core_pipe_limit;
97 -@@ -178,18 +199,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
98 +@@ -178,18 +200,10 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
99 int write)
100 {
101 struct page *page;
102 @@ -77622,7 +77623,7 @@ index 86fafc6..509ab19 100644
103 return NULL;
104
105 if (write) {
106 -@@ -205,6 +218,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
107 +@@ -205,6 +219,17 @@ struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
108 if (size <= ARG_MAX)
109 return page;
110
111 @@ -77640,7 +77641,7 @@ index 86fafc6..509ab19 100644
112 /*
113 * Limit to 1/4-th the stack size for the argv+env strings.
114 * This ensures that:
115 -@@ -263,6 +287,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
116 +@@ -263,6 +288,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
117 vma->vm_end = STACK_TOP_MAX;
118 vma->vm_start = vma->vm_end - PAGE_SIZE;
119 vma->vm_flags = VM_STACK_FLAGS;
120 @@ -77652,7 +77653,7 @@ index 86fafc6..509ab19 100644
121 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
122
123 err = security_file_mmap(NULL, 0, 0, 0, vma->vm_start, 1);
124 -@@ -276,6 +305,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
125 +@@ -276,6 +306,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
126 mm->stack_vm = mm->total_vm = 1;
127 up_write(&mm->mmap_sem);
128 bprm->p = vma->vm_end - sizeof(void *);
129 @@ -77665,7 +77666,7 @@ index 86fafc6..509ab19 100644
130 return 0;
131 err:
132 up_write(&mm->mmap_sem);
133 -@@ -400,8 +435,9 @@ static int count(char __user * __user * argv, int max)
134 +@@ -400,8 +436,9 @@ static int count(char __user * __user * argv, int max)
135 if (!p)
136 break;
137 argv++;
138 @@ -77676,7 +77677,7 @@ index 86fafc6..509ab19 100644
139
140 if (fatal_signal_pending(current))
141 return -ERESTARTNOHAND;
142 -@@ -510,7 +546,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm)
143 +@@ -510,7 +547,7 @@ int copy_strings_kernel(int argc,char ** argv, struct linux_binprm *bprm)
144 int r;
145 mm_segment_t oldfs = get_fs();
146 set_fs(KERNEL_DS);
147 @@ -77685,7 +77686,7 @@ index 86fafc6..509ab19 100644
148 set_fs(oldfs);
149 return r;
150 }
151 -@@ -540,7 +576,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
152 +@@ -540,7 +577,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
153 unsigned long new_end = old_end - shift;
154 struct mmu_gather *tlb;
155
156 @@ -77695,7 +77696,7 @@ index 86fafc6..509ab19 100644
157
158 /*
159 * ensure there are no vmas between where we want to go
160 -@@ -549,6 +586,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
161 +@@ -549,6 +587,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
162 if (vma != find_vma(mm, new_start))
163 return -EFAULT;
164
165 @@ -77706,7 +77707,7 @@ index 86fafc6..509ab19 100644
166 /*
167 * cover the whole range: [new_start, old_end)
168 */
169 -@@ -630,10 +671,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
170 +@@ -630,10 +672,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
171 stack_top = arch_align_stack(stack_top);
172 stack_top = PAGE_ALIGN(stack_top);
173
174 @@ -77717,7 +77718,7 @@ index 86fafc6..509ab19 100644
175 stack_shift = vma->vm_end - stack_top;
176
177 bprm->p -= stack_shift;
178 -@@ -645,6 +682,14 @@ int setup_arg_pages(struct linux_binprm *bprm,
179 +@@ -645,6 +683,14 @@ int setup_arg_pages(struct linux_binprm *bprm,
180 bprm->exec -= stack_shift;
181
182 down_write(&mm->mmap_sem);
183 @@ -77732,7 +77733,7 @@ index 86fafc6..509ab19 100644
184 vm_flags = VM_STACK_FLAGS;
185
186 /*
187 -@@ -658,19 +703,24 @@ int setup_arg_pages(struct linux_binprm *bprm,
188 +@@ -658,19 +704,24 @@ int setup_arg_pages(struct linux_binprm *bprm,
189 vm_flags &= ~VM_EXEC;
190 vm_flags |= mm->def_flags;
191
192 @@ -77764,7 +77765,35 @@ index 86fafc6..509ab19 100644
193 stack_expand = EXTRA_STACK_VM_PAGES * PAGE_SIZE;
194 stack_size = vma->vm_end - vma->vm_start;
195 /*
196 -@@ -721,6 +771,8 @@ struct file *open_exec(const char *name)
197 +@@ -690,6 +741,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
198 + stack_base = vma->vm_start - stack_expand;
199 + #endif
200 + ret = expand_stack(vma, stack_base);
201 ++
202 ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR)
203 ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) {
204 ++ unsigned long size, flags, vm_flags;
205 ++
206 ++ size = STACK_TOP - vma->vm_end;
207 ++ flags = MAP_FIXED | MAP_PRIVATE;
208 ++ vm_flags = VM_DONTEXPAND | VM_RESERVED;
209 ++
210 ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0);
211 ++
212 ++#ifdef CONFIG_X86
213 ++ if (!ret) {
214 ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
215 ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0);
216 ++ }
217 ++#endif
218 ++
219 ++ }
220 ++#endif
221 ++
222 + if (ret)
223 + ret = -EFAULT;
224 +
225 +@@ -721,6 +793,8 @@ struct file *open_exec(const char *name)
226
227 fsnotify_open(file->f_path.dentry);
228
229 @@ -77773,7 +77802,7 @@ index 86fafc6..509ab19 100644
230 err = deny_write_access(file);
231 if (err)
232 goto exit;
233 -@@ -744,7 +796,7 @@ int kernel_read(struct file *file, loff_t offset,
234 +@@ -744,7 +818,7 @@ int kernel_read(struct file *file, loff_t offset,
235 old_fs = get_fs();
236 set_fs(get_ds());
237 /* The cast to a user pointer is valid due to the set_fs() */
238 @@ -77782,7 +77811,7 @@ index 86fafc6..509ab19 100644
239 set_fs(old_fs);
240 return result;
241 }
242 -@@ -985,6 +1037,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
243 +@@ -985,6 +1059,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
244 perf_event_comm(tsk);
245 }
246
247 @@ -77804,7 +77833,7 @@ index 86fafc6..509ab19 100644
248 int flush_old_exec(struct linux_binprm * bprm)
249 {
250 int retval;
251 -@@ -999,6 +1066,7 @@ int flush_old_exec(struct linux_binprm * bprm)
252 +@@ -999,6 +1088,7 @@ int flush_old_exec(struct linux_binprm * bprm)
253
254 set_mm_exe_file(bprm->mm, bprm->file);
255
256 @@ -77812,7 +77841,7 @@ index 86fafc6..509ab19 100644
257 /*
258 * Release all of the old mmap stuff
259 */
260 -@@ -1023,10 +1091,6 @@ EXPORT_SYMBOL(flush_old_exec);
261 +@@ -1023,10 +1113,6 @@ EXPORT_SYMBOL(flush_old_exec);
262
263 void setup_new_exec(struct linux_binprm * bprm)
264 {
265 @@ -77823,7 +77852,7 @@ index 86fafc6..509ab19 100644
266 arch_pick_mmap_layout(current->mm);
267
268 /* This is the point of no return */
269 -@@ -1037,18 +1101,7 @@ void setup_new_exec(struct linux_binprm * bprm)
270 +@@ -1037,18 +1123,7 @@ void setup_new_exec(struct linux_binprm * bprm)
271 else
272 set_dumpable(current->mm, suid_dumpable);
273
274 @@ -77843,7 +77872,7 @@ index 86fafc6..509ab19 100644
275
276 /* Set the new mm task size. We have to do that late because it may
277 * depend on TIF_32BIT which is only updated in flush_thread() on
278 -@@ -1090,14 +1143,14 @@ EXPORT_SYMBOL(setup_new_exec);
279 +@@ -1090,14 +1165,14 @@ EXPORT_SYMBOL(setup_new_exec);
280 */
281 int prepare_bprm_creds(struct linux_binprm *bprm)
282 {
283 @@ -77860,7 +77889,7 @@ index 86fafc6..509ab19 100644
284 return -ENOMEM;
285 }
286
287 -@@ -1105,7 +1158,7 @@ void free_bprm(struct linux_binprm *bprm)
288 +@@ -1105,7 +1180,7 @@ void free_bprm(struct linux_binprm *bprm)
289 {
290 free_arg_pages(bprm);
291 if (bprm->cred) {
292 @@ -77869,7 +77898,7 @@ index 86fafc6..509ab19 100644
293 abort_creds(bprm->cred);
294 }
295 kfree(bprm);
296 -@@ -1126,13 +1179,13 @@ void install_exec_creds(struct linux_binprm *bprm)
297 +@@ -1126,13 +1201,13 @@ void install_exec_creds(struct linux_binprm *bprm)
298 * credentials; any time after this it may be unlocked.
299 */
300 security_bprm_committed_creds(bprm);
301 @@ -77885,7 +77914,7 @@ index 86fafc6..509ab19 100644
302 * PTRACE_ATTACH
303 */
304 int check_unsafe_exec(struct linux_binprm *bprm)
305 -@@ -1152,7 +1205,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
306 +@@ -1152,7 +1227,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
307 }
308 rcu_read_unlock();
309
310 @@ -77894,7 +77923,7 @@ index 86fafc6..509ab19 100644
311 bprm->unsafe |= LSM_UNSAFE_SHARE;
312 } else {
313 res = -EAGAIN;
314 -@@ -1339,6 +1392,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
315 +@@ -1339,6 +1414,21 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
316
317 EXPORT_SYMBOL(search_binary_handler);
318
319 @@ -77916,7 +77945,7 @@ index 86fafc6..509ab19 100644
320 /*
321 * sys_execve() executes a new program.
322 */
323 -@@ -1347,11 +1415,35 @@ int do_execve(char * filename,
324 +@@ -1347,11 +1437,35 @@ int do_execve(char * filename,
325 char __user *__user *envp,
326 struct pt_regs * regs)
327 {
328 @@ -77952,7 +77981,7 @@ index 86fafc6..509ab19 100644
329
330 retval = unshare_files(&displaced);
331 if (retval)
332 -@@ -1377,12 +1469,27 @@ int do_execve(char * filename,
333 +@@ -1377,12 +1491,27 @@ int do_execve(char * filename,
334 if (IS_ERR(file))
335 goto out_unmark;
336
337 @@ -77980,7 +78009,7 @@ index 86fafc6..509ab19 100644
338 retval = bprm_mm_init(bprm);
339 if (retval)
340 goto out_file;
341 -@@ -1399,25 +1506,66 @@ int do_execve(char * filename,
342 +@@ -1399,25 +1528,66 @@ int do_execve(char * filename,
343 if (retval < 0)
344 goto out;
345
346 @@ -78051,7 +78080,7 @@ index 86fafc6..509ab19 100644
347 current->fs->in_exec = 0;
348 current->in_execve = 0;
349 acct_update_integrals(current);
350 -@@ -1426,6 +1574,14 @@ int do_execve(char * filename,
351 +@@ -1426,6 +1596,14 @@ int do_execve(char * filename,
352 put_files_struct(displaced);
353 return retval;
354
355 @@ -78066,7 +78095,7 @@ index 86fafc6..509ab19 100644
356 out:
357 if (bprm->mm) {
358 acct_arg_size(bprm, 0);
359 -@@ -1591,6 +1747,251 @@ out:
360 +@@ -1591,6 +1769,251 @@ out:
361 return ispipe;
362 }
363
364 @@ -78318,7 +78347,7 @@ index 86fafc6..509ab19 100644
365 static int zap_process(struct task_struct *start)
366 {
367 struct task_struct *t;
368 -@@ -1793,17 +2194,17 @@ static void wait_for_dump_helpers(struct file *file)
369 +@@ -1793,17 +2216,17 @@ static void wait_for_dump_helpers(struct file *file)
370 pipe = file->f_path.dentry->d_inode->i_pipe;
371
372 pipe_lock(pipe);
373 @@ -78341,7 +78370,7 @@ index 86fafc6..509ab19 100644
374 pipe_unlock(pipe);
375
376 }
377 -@@ -1826,10 +2227,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
378 +@@ -1826,10 +2249,13 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
379 char **helper_argv = NULL;
380 int helper_argc = 0;
381 int dump_count = 0;
382 @@ -78356,7 +78385,7 @@ index 86fafc6..509ab19 100644
383 binfmt = mm->binfmt;
384 if (!binfmt || !binfmt->core_dump)
385 goto fail;
386 -@@ -1874,6 +2278,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
387 +@@ -1874,6 +2300,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
388 */
389 clear_thread_flag(TIF_SIGPENDING);
390
391 @@ -78365,7 +78394,7 @@ index 86fafc6..509ab19 100644
392 /*
393 * lock_kernel() because format_corename() is controlled by sysctl, which
394 * uses lock_kernel()
395 -@@ -1908,7 +2314,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
396 +@@ -1908,7 +2336,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
397 goto fail_unlock;
398 }
399
400 @@ -78374,7 +78403,7 @@ index 86fafc6..509ab19 100644
401 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
402 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
403 task_tgid_vnr(current), current->comm);
404 -@@ -1972,7 +2378,7 @@ close_fail:
405 +@@ -1972,7 +2400,7 @@ close_fail:
406 filp_close(file, NULL);
407 fail_dropcount:
408 if (dump_count)
409 @@ -100120,7 +100149,7 @@ index 5ad70a6..108e1dc 100644
410
411 #ifdef CONFIG_KMEMTRACE
412 diff --git a/include/linux/snmp.h b/include/linux/snmp.h
413 -index 0f953fe..05d45da 100644
414 +index 0f953fe4..05d45da 100644
415 --- a/include/linux/snmp.h
416 +++ b/include/linux/snmp.h
417 @@ -208,7 +208,6 @@ enum
418 @@ -106263,10 +106292,20 @@ index 29bd4ba..8c5de90 100644
419 WARN_ON(pendowner->pi_blocked_on->lock != lock);
420
421 diff --git a/kernel/sched.c b/kernel/sched.c
422 -index 0591df8..db35e3d 100644
423 +index 0591df8..dcf3f9f 100644
424 --- a/kernel/sched.c
425 +++ b/kernel/sched.c
426 -@@ -5043,7 +5043,7 @@ out:
427 +@@ -2618,7 +2618,8 @@ out:
428 + */
429 + int wake_up_process(struct task_struct *p)
430 + {
431 +- return try_to_wake_up(p, TASK_ALL, 0);
432 ++ WARN_ON(task_is_stopped_or_traced(p));
433 ++ return try_to_wake_up(p, TASK_NORMAL, 0);
434 + }
435 + EXPORT_SYMBOL(wake_up_process);
436 +
437 +@@ -5043,7 +5044,7 @@ out:
438 * In CONFIG_NO_HZ case, the idle load balance owner will do the
439 * rebalancing for all the cpus for whom scheduler ticks are stopped.
440 */
441 @@ -106275,7 +106314,7 @@ index 0591df8..db35e3d 100644
442 {
443 int this_cpu = smp_processor_id();
444 struct rq *this_rq = cpu_rq(this_cpu);
445 -@@ -5700,6 +5700,8 @@ asmlinkage void __sched schedule(void)
446 +@@ -5700,6 +5701,8 @@ asmlinkage void __sched schedule(void)
447 struct rq *rq;
448 int cpu;
449
450 @@ -106284,7 +106323,7 @@ index 0591df8..db35e3d 100644
451 need_resched:
452 preempt_disable();
453 cpu = smp_processor_id();
454 -@@ -5770,7 +5772,7 @@ EXPORT_SYMBOL(schedule);
455 +@@ -5770,7 +5773,7 @@ EXPORT_SYMBOL(schedule);
456 * Look out! "owner" is an entirely speculative pointer
457 * access and not reliable.
458 */
459 @@ -106293,7 +106332,7 @@ index 0591df8..db35e3d 100644
460 {
461 unsigned int cpu;
462 struct rq *rq;
463 -@@ -5784,10 +5786,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner)
464 +@@ -5784,10 +5787,10 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner)
465 * DEBUG_PAGEALLOC could have unmapped it if
466 * the mutex owner just released it and exited.
467 */
468 @@ -106306,7 +106345,7 @@ index 0591df8..db35e3d 100644
469 #endif
470
471 /*
472 -@@ -5816,7 +5818,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner)
473 +@@ -5816,7 +5819,7 @@ int mutex_spin_on_owner(struct mutex *lock, struct thread_info *owner)
474 /*
475 * Is that owner really running on that cpu?
476 */
477 @@ -106315,7 +106354,7 @@ index 0591df8..db35e3d 100644
478 return 0;
479
480 cpu_relax();
481 -@@ -6359,6 +6361,8 @@ int can_nice(const struct task_struct *p, const int nice)
482 +@@ -6359,6 +6362,8 @@ int can_nice(const struct task_struct *p, const int nice)
483 /* convert nice value [19,-20] to rlimit style value [1,40] */
484 int nice_rlim = 20 - nice;
485
486 @@ -106324,7 +106363,7 @@ index 0591df8..db35e3d 100644
487 return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
488 capable(CAP_SYS_NICE));
489 }
490 -@@ -6392,7 +6396,8 @@ SYSCALL_DEFINE1(nice, int, increment)
491 +@@ -6392,7 +6397,8 @@ SYSCALL_DEFINE1(nice, int, increment)
492 if (nice > 19)
493 nice = 19;
494
495 @@ -106334,7 +106373,7 @@ index 0591df8..db35e3d 100644
496 return -EPERM;
497
498 retval = security_task_setnice(current, nice);
499 -@@ -8774,7 +8779,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd)
500 +@@ -8774,7 +8780,7 @@ static void init_sched_groups_power(int cpu, struct sched_domain *sd)
501 long power;
502 int weight;
503
504 @@ -107273,7 +107312,7 @@ index d9d6206..f19467e 100644
505 ret = -EIO;
506 bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
507 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
508 -index 4872937..ec96a13 100644
509 +index 4872937..26ba80f 100644
510 --- a/kernel/trace/ftrace.c
511 +++ b/kernel/trace/ftrace.c
512 @@ -1100,13 +1100,18 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
513 @@ -107297,6 +107336,15 @@ index 4872937..ec96a13 100644
514 }
515
516 /*
517 +@@ -2726,7 +2731,7 @@ static int ftrace_module_notify(struct notifier_block *self,
518 +
519 + struct notifier_block ftrace_module_nb = {
520 + .notifier_call = ftrace_module_notify,
521 +- .priority = 0,
522 ++ .priority = INT_MAX, /* Run before anything that can use kprobes */
523 + };
524 +
525 + extern unsigned long __start_mcount_loc[];
526 @@ -3068,8 +3073,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
527 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
528
529 @@ -108697,7 +108745,7 @@ index f03e8e2..7354343 100644
530
531
532 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
533 -index c346660..b47382f 100644
534 +index c346660..33486fe 100644
535 --- a/mm/kmemleak.c
536 +++ b/mm/kmemleak.c
537 @@ -358,7 +358,7 @@ static void print_unreferenced(struct seq_file *seq,
538 @@ -108705,10 +108753,19 @@ index c346660..b47382f 100644
539 for (i = 0; i < object->trace_len; i++) {
540 void *ptr = (void *)object->trace[i];
541 - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
542 -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr);
543 ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr);
544 }
545 }
546
547 +@@ -1677,7 +1677,7 @@ static int __init kmemleak_late_init(void)
548 + return -ENOMEM;
549 + }
550 +
551 +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL,
552 ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL,
553 + &kmemleak_fops);
554 + if (!dentry)
555 + pr_warning("Failed to create the debugfs kmemleak file\n");
556 diff --git a/mm/maccess.c b/mm/maccess.c
557 index 9073695..1127f348 100644
558 --- a/mm/maccess.c
559
560 diff --git a/3.2.37/0000_README b/3.2.37/0000_README
561 index 4df42aa..f61fd16 100644
562 --- a/3.2.37/0000_README
563 +++ b/3.2.37/0000_README
564 @@ -66,7 +66,7 @@ Patch: 1036_linux-3.2.37.patch
565 From: http://www.kernel.org
566 Desc: Linux 3.2.37
567
568 -Patch: 4420_grsecurity-2.9.1-3.2.37-201301230047.patch
569 +Patch: 4420_grsecurity-2.9.1-3.2.37-201301281956.patch
570 From: http://www.grsecurity.net
571 Desc: hardened-sources base patch from upstream grsecurity
572
573
574 diff --git a/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch b/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch
575 similarity index 99%
576 rename from 3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch
577 rename to 3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch
578 index b33e963..c2ee615 100644
579 --- a/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301230047.patch
580 +++ b/3.2.37/4420_grsecurity-2.9.1-3.2.37-201301281956.patch
581 @@ -3207,7 +3207,7 @@ index 937cf33..adb39bb 100644
582 * This routine handles page faults. It determines the address,
583 * and the problem, and then passes it off to one of the appropriate
584 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
585 -index 302d779..ad1772c 100644
586 +index 302d779..573314a 100644
587 --- a/arch/mips/mm/mmap.c
588 +++ b/arch/mips/mm/mmap.c
589 @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
590 @@ -3258,7 +3258,19 @@ index 302d779..ad1772c 100644
591 /* cache the address as a hint for next time */
592 return mm->free_area_cache = addr - len;
593 }
594 -@@ -165,7 +170,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
595 +@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
596 + goto bottomup;
597 +
598 + addr = mm->mmap_base - len;
599 +- if (do_color_align)
600 +- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
601 +
602 + do {
603 ++ if (do_color_align)
604 ++ addr = COLOUR_ALIGN_DOWN(addr, pgoff);
605 + /*
606 + * Lookup failure means no vma is above this address,
607 + * else if new region fits below vma->vm_start,
608 * return with success:
609 */
610 vma = find_vma(mm, addr);
611 @@ -3267,7 +3279,20 @@ index 302d779..ad1772c 100644
612 /* cache the address as a hint for next time */
613 return mm->free_area_cache = addr;
614 }
615 -@@ -242,30 +247,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
616 +@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
617 + mm->cached_hole_size = vma->vm_start - addr;
618 +
619 + /* try just below the current vma->vm_start */
620 +- addr = vma->vm_start - len;
621 +- if (do_color_align)
622 +- addr = COLOUR_ALIGN_DOWN(addr, pgoff);
623 +- } while (likely(len < vma->vm_start));
624 ++ addr = skip_heap_stack_gap(vma, len, offset);
625 ++ } while (!IS_ERR_VALUE(addr));
626 +
627 + bottomup:
628 + /*
629 +@@ -242,30 +245,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
630 mm->unmap_area = arch_unmap_area_topdown;
631 }
632 }
633 @@ -19327,7 +19352,7 @@ index 6a364a6..b147d11 100644
634 ip = *(u64 *)(fp+8);
635 if (!in_sched_functions(ip))
636 diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c
637 -index 2dc4121..89febda 100644
638 +index 2dc4121..5178bcc 100644
639 --- a/arch/x86/kernel/ptrace.c
640 +++ b/arch/x86/kernel/ptrace.c
641 @@ -181,14 +181,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs)
642 @@ -19349,6 +19374,15 @@ index 2dc4121..89febda 100644
643
644 return (unsigned long)regs;
645 }
646 +@@ -585,7 +584,7 @@ static void ptrace_triggered(struct perf_event *bp,
647 + static unsigned long ptrace_get_dr7(struct perf_event *bp[])
648 + {
649 + int i;
650 +- int dr7 = 0;
651 ++ unsigned long dr7 = 0;
652 + struct arch_hw_breakpoint *info;
653 +
654 + for (i = 0; i < HBP_NUM; i++) {
655 @@ -852,7 +851,7 @@ long arch_ptrace(struct task_struct *child, long request,
656 unsigned long addr, unsigned long data)
657 {
658 @@ -36651,7 +36685,7 @@ index b94d5f7..7f494c5 100644
659 extern int xpc_disengage_timedout;
660 extern int xpc_activate_IRQ_rcvd;
661 diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c
662 -index d971817..3805cce 100644
663 +index d971817..33bdca5 100644
664 --- a/drivers/misc/sgi-xp/xpc_main.c
665 +++ b/drivers/misc/sgi-xp/xpc_main.c
666 @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = {
667 @@ -36663,6 +36697,15 @@ index d971817..3805cce 100644
668
669 /*
670 * Timer function to enforce the timelimit on the partition disengage.
671 +@@ -1210,7 +1210,7 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args)
672 +
673 + if (((die_args->trapnr == X86_TRAP_MF) ||
674 + (die_args->trapnr == X86_TRAP_XF)) &&
675 +- !user_mode_vm(die_args->regs))
676 ++ !user_mode(die_args->regs))
677 + xpc_die_deactivate();
678 +
679 + break;
680 diff --git a/drivers/misc/ti-st/st_core.c b/drivers/misc/ti-st/st_core.c
681 index ba168a7..399925d6 100644
682 --- a/drivers/misc/ti-st/st_core.c
683 @@ -44544,7 +44587,7 @@ index a6395bd..f1e376a 100644
684 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
685 #ifdef __alpha__
686 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
687 -index 8dd615c..e65f3cf 100644
688 +index 8dd615c..60fbfd2 100644
689 --- a/fs/binfmt_elf.c
690 +++ b/fs/binfmt_elf.c
691 @@ -32,6 +32,7 @@
692 @@ -45011,7 +45054,7 @@ index 8dd615c..e65f3cf 100644
693 unsigned int random_variable = 0;
694
695 +#ifdef CONFIG_PAX_RANDUSTACK
696 -+ if (randomize_va_space)
697 ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP)
698 + return stack_top - current->mm->delta_stack;
699 +#endif
700 +
701 @@ -46441,15 +46484,16 @@ index 451b9b8..12e5a03 100644
702
703 out_free_fd:
704 diff --git a/fs/exec.c b/fs/exec.c
705 -index c27fa0d..02a6a78 100644
706 +index c27fa0d..fbd8ac4 100644
707 --- a/fs/exec.c
708 +++ b/fs/exec.c
709 -@@ -55,12 +55,33 @@
710 +@@ -55,12 +55,34 @@
711 #include <linux/pipe_fs_i.h>
712 #include <linux/oom.h>
713 #include <linux/compat.h>
714 +#include <linux/random.h>
715 +#include <linux/seq_file.h>
716 ++#include <linux/mman.h>
717 +
718 +#ifdef CONFIG_PAX_REFCOUNT
719 +#include <linux/kallsyms.h>
720 @@ -46478,7 +46522,7 @@ index c27fa0d..02a6a78 100644
721 int core_uses_pid;
722 char core_pattern[CORENAME_MAX_SIZE] = "core";
723 unsigned int core_pipe_limit;
724 -@@ -70,7 +91,7 @@ struct core_name {
725 +@@ -70,7 +92,7 @@ struct core_name {
726 char *corename;
727 int used, size;
728 };
729 @@ -46487,7 +46531,7 @@ index c27fa0d..02a6a78 100644
730
731 /* The maximal length of core_pattern is also specified in sysctl.c */
732
733 -@@ -188,18 +209,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
734 +@@ -188,18 +210,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
735 int write)
736 {
737 struct page *page;
738 @@ -46509,7 +46553,7 @@ index c27fa0d..02a6a78 100644
739 return NULL;
740
741 if (write) {
742 -@@ -215,6 +228,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
743 +@@ -215,6 +229,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
744 if (size <= ARG_MAX)
745 return page;
746
747 @@ -46527,7 +46571,7 @@ index c27fa0d..02a6a78 100644
748 /*
749 * Limit to 1/4-th the stack size for the argv+env strings.
750 * This ensures that:
751 -@@ -274,6 +298,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
752 +@@ -274,6 +299,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
753 vma->vm_end = STACK_TOP_MAX;
754 vma->vm_start = vma->vm_end - PAGE_SIZE;
755 vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP;
756 @@ -46539,7 +46583,7 @@ index c27fa0d..02a6a78 100644
757 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
758 INIT_LIST_HEAD(&vma->anon_vma_chain);
759
760 -@@ -288,6 +317,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
761 +@@ -288,6 +318,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm)
762 mm->stack_vm = mm->total_vm = 1;
763 up_write(&mm->mmap_sem);
764 bprm->p = vma->vm_end - sizeof(void *);
765 @@ -46552,7 +46596,7 @@ index c27fa0d..02a6a78 100644
766 return 0;
767 err:
768 up_write(&mm->mmap_sem);
769 -@@ -396,19 +431,7 @@ err:
770 +@@ -396,19 +432,7 @@ err:
771 return err;
772 }
773
774 @@ -46573,7 +46617,7 @@ index c27fa0d..02a6a78 100644
775 {
776 const char __user *native;
777
778 -@@ -417,14 +440,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
779 +@@ -417,14 +441,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr)
780 compat_uptr_t compat;
781
782 if (get_user(compat, argv.ptr.compat + nr))
783 @@ -46590,7 +46634,7 @@ index c27fa0d..02a6a78 100644
784
785 return native;
786 }
787 -@@ -443,11 +466,12 @@ static int count(struct user_arg_ptr argv, int max)
788 +@@ -443,11 +467,12 @@ static int count(struct user_arg_ptr argv, int max)
789 if (!p)
790 break;
791
792 @@ -46605,7 +46649,7 @@ index c27fa0d..02a6a78 100644
793
794 if (fatal_signal_pending(current))
795 return -ERESTARTNOHAND;
796 -@@ -477,7 +501,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
797 +@@ -477,7 +502,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv,
798
799 ret = -EFAULT;
800 str = get_user_arg_ptr(argv, argc);
801 @@ -46614,7 +46658,7 @@ index c27fa0d..02a6a78 100644
802 goto out;
803
804 len = strnlen_user(str, MAX_ARG_STRLEN);
805 -@@ -559,7 +583,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
806 +@@ -559,7 +584,7 @@ int copy_strings_kernel(int argc, const char *const *__argv,
807 int r;
808 mm_segment_t oldfs = get_fs();
809 struct user_arg_ptr argv = {
810 @@ -46623,7 +46667,7 @@ index c27fa0d..02a6a78 100644
811 };
812
813 set_fs(KERNEL_DS);
814 -@@ -594,7 +618,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
815 +@@ -594,7 +619,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
816 unsigned long new_end = old_end - shift;
817 struct mmu_gather tlb;
818
819 @@ -46633,7 +46677,7 @@ index c27fa0d..02a6a78 100644
820
821 /*
822 * ensure there are no vmas between where we want to go
823 -@@ -603,6 +628,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
824 +@@ -603,6 +629,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
825 if (vma != find_vma(mm, new_start))
826 return -EFAULT;
827
828 @@ -46644,7 +46688,7 @@ index c27fa0d..02a6a78 100644
829 /*
830 * cover the whole range: [new_start, old_end)
831 */
832 -@@ -683,10 +712,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
833 +@@ -683,10 +713,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
834 stack_top = arch_align_stack(stack_top);
835 stack_top = PAGE_ALIGN(stack_top);
836
837 @@ -46655,7 +46699,7 @@ index c27fa0d..02a6a78 100644
838 stack_shift = vma->vm_end - stack_top;
839
840 bprm->p -= stack_shift;
841 -@@ -698,8 +723,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
842 +@@ -698,8 +724,28 @@ int setup_arg_pages(struct linux_binprm *bprm,
843 bprm->exec -= stack_shift;
844
845 down_write(&mm->mmap_sem);
846 @@ -46684,7 +46728,7 @@ index c27fa0d..02a6a78 100644
847 /*
848 * Adjust stack execute permissions; explicitly enable for
849 * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone
850 -@@ -718,13 +763,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
851 +@@ -718,13 +764,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
852 goto out_unlock;
853 BUG_ON(prev != vma);
854
855 @@ -46698,7 +46742,35 @@ index c27fa0d..02a6a78 100644
856 /* mprotect_fixup is overkill to remove the temporary stack flags */
857 vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP;
858
859 -@@ -782,6 +820,8 @@ struct file *open_exec(const char *name)
860 +@@ -748,6 +787,27 @@ int setup_arg_pages(struct linux_binprm *bprm,
861 + #endif
862 + current->mm->start_stack = bprm->p;
863 + ret = expand_stack(vma, stack_base);
864 ++
865 ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR)
866 ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) {
867 ++ unsigned long size, flags, vm_flags;
868 ++
869 ++ size = STACK_TOP - vma->vm_end;
870 ++ flags = MAP_FIXED | MAP_PRIVATE;
871 ++ vm_flags = VM_DONTEXPAND | VM_RESERVED;
872 ++
873 ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0);
874 ++
875 ++#ifdef CONFIG_X86
876 ++ if (!ret) {
877 ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
878 ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0);
879 ++ }
880 ++#endif
881 ++
882 ++ }
883 ++#endif
884 ++
885 + if (ret)
886 + ret = -EFAULT;
887 +
888 +@@ -782,6 +842,8 @@ struct file *open_exec(const char *name)
889
890 fsnotify_open(file);
891
892 @@ -46707,7 +46779,7 @@ index c27fa0d..02a6a78 100644
893 err = deny_write_access(file);
894 if (err)
895 goto exit;
896 -@@ -805,7 +845,7 @@ int kernel_read(struct file *file, loff_t offset,
897 +@@ -805,7 +867,7 @@ int kernel_read(struct file *file, loff_t offset,
898 old_fs = get_fs();
899 set_fs(get_ds());
900 /* The cast to a user pointer is valid due to the set_fs() */
901 @@ -46716,7 +46788,7 @@ index c27fa0d..02a6a78 100644
902 set_fs(old_fs);
903 return result;
904 }
905 -@@ -1070,6 +1110,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
906 +@@ -1070,6 +1132,21 @@ void set_task_comm(struct task_struct *tsk, char *buf)
907 perf_event_comm(tsk);
908 }
909
910 @@ -46738,7 +46810,7 @@ index c27fa0d..02a6a78 100644
911 int flush_old_exec(struct linux_binprm * bprm)
912 {
913 int retval;
914 -@@ -1084,6 +1139,7 @@ int flush_old_exec(struct linux_binprm * bprm)
915 +@@ -1084,6 +1161,7 @@ int flush_old_exec(struct linux_binprm * bprm)
916
917 set_mm_exe_file(bprm->mm, bprm->file);
918
919 @@ -46746,7 +46818,7 @@ index c27fa0d..02a6a78 100644
920 /*
921 * Release all of the old mmap stuff
922 */
923 -@@ -1116,10 +1172,6 @@ EXPORT_SYMBOL(would_dump);
924 +@@ -1116,10 +1194,6 @@ EXPORT_SYMBOL(would_dump);
925
926 void setup_new_exec(struct linux_binprm * bprm)
927 {
928 @@ -46757,7 +46829,7 @@ index c27fa0d..02a6a78 100644
929 arch_pick_mmap_layout(current->mm);
930
931 /* This is the point of no return */
932 -@@ -1130,18 +1182,7 @@ void setup_new_exec(struct linux_binprm * bprm)
933 +@@ -1130,18 +1204,7 @@ void setup_new_exec(struct linux_binprm * bprm)
934 else
935 set_dumpable(current->mm, suid_dumpable);
936
937 @@ -46777,7 +46849,7 @@ index c27fa0d..02a6a78 100644
938
939 /* Set the new mm task size. We have to do that late because it may
940 * depend on TIF_32BIT which is only updated in flush_thread() on
941 -@@ -1266,7 +1307,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
942 +@@ -1266,7 +1329,7 @@ int check_unsafe_exec(struct linux_binprm *bprm)
943 }
944 rcu_read_unlock();
945
946 @@ -46786,7 +46858,7 @@ index c27fa0d..02a6a78 100644
947 bprm->unsafe |= LSM_UNSAFE_SHARE;
948 } else {
949 res = -EAGAIN;
950 -@@ -1461,6 +1502,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
951 +@@ -1461,6 +1524,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs)
952
953 EXPORT_SYMBOL(search_binary_handler);
954
955 @@ -46815,7 +46887,7 @@ index c27fa0d..02a6a78 100644
956 /*
957 * sys_execve() executes a new program.
958 */
959 -@@ -1469,6 +1532,11 @@ static int do_execve_common(const char *filename,
960 +@@ -1469,6 +1554,11 @@ static int do_execve_common(const char *filename,
961 struct user_arg_ptr envp,
962 struct pt_regs *regs)
963 {
964 @@ -46827,7 +46899,7 @@ index c27fa0d..02a6a78 100644
965 struct linux_binprm *bprm;
966 struct file *file;
967 struct files_struct *displaced;
968 -@@ -1476,6 +1544,8 @@ static int do_execve_common(const char *filename,
969 +@@ -1476,6 +1566,8 @@ static int do_execve_common(const char *filename,
970 int retval;
971 const struct cred *cred = current_cred();
972
973 @@ -46836,7 +46908,7 @@ index c27fa0d..02a6a78 100644
974 /*
975 * We move the actual failure in case of RLIMIT_NPROC excess from
976 * set*uid() to execve() because too many poorly written programs
977 -@@ -1516,12 +1586,27 @@ static int do_execve_common(const char *filename,
978 +@@ -1516,12 +1608,27 @@ static int do_execve_common(const char *filename,
979 if (IS_ERR(file))
980 goto out_unmark;
981
982 @@ -46864,7 +46936,7 @@ index c27fa0d..02a6a78 100644
983 retval = bprm_mm_init(bprm);
984 if (retval)
985 goto out_file;
986 -@@ -1538,24 +1623,65 @@ static int do_execve_common(const char *filename,
987 +@@ -1538,24 +1645,65 @@ static int do_execve_common(const char *filename,
988 if (retval < 0)
989 goto out;
990
991 @@ -46934,7 +47006,7 @@ index c27fa0d..02a6a78 100644
992 current->fs->in_exec = 0;
993 current->in_execve = 0;
994 acct_update_integrals(current);
995 -@@ -1564,6 +1690,14 @@ static int do_execve_common(const char *filename,
996 +@@ -1564,6 +1712,14 @@ static int do_execve_common(const char *filename,
997 put_files_struct(displaced);
998 return retval;
999
1000 @@ -46949,7 +47021,7 @@ index c27fa0d..02a6a78 100644
1001 out:
1002 if (bprm->mm) {
1003 acct_arg_size(bprm, 0);
1004 -@@ -1637,7 +1771,7 @@ static int expand_corename(struct core_name *cn)
1005 +@@ -1637,7 +1793,7 @@ static int expand_corename(struct core_name *cn)
1006 {
1007 char *old_corename = cn->corename;
1008
1009 @@ -46958,7 +47030,7 @@ index c27fa0d..02a6a78 100644
1010 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
1011
1012 if (!cn->corename) {
1013 -@@ -1734,7 +1868,7 @@ static int format_corename(struct core_name *cn, long signr)
1014 +@@ -1734,7 +1890,7 @@ static int format_corename(struct core_name *cn, long signr)
1015 int pid_in_pattern = 0;
1016 int err = 0;
1017
1018 @@ -46967,7 +47039,7 @@ index c27fa0d..02a6a78 100644
1019 cn->corename = kmalloc(cn->size, GFP_KERNEL);
1020 cn->used = 0;
1021
1022 -@@ -1831,6 +1965,250 @@ out:
1023 +@@ -1831,6 +1987,250 @@ out:
1024 return ispipe;
1025 }
1026
1027 @@ -47218,7 +47290,7 @@ index c27fa0d..02a6a78 100644
1028 static int zap_process(struct task_struct *start, int exit_code)
1029 {
1030 struct task_struct *t;
1031 -@@ -2004,17 +2382,17 @@ static void coredump_finish(struct mm_struct *mm)
1032 +@@ -2004,17 +2404,17 @@ static void coredump_finish(struct mm_struct *mm)
1033 void set_dumpable(struct mm_struct *mm, int value)
1034 {
1035 switch (value) {
1036 @@ -47239,7 +47311,7 @@ index c27fa0d..02a6a78 100644
1037 set_bit(MMF_DUMP_SECURELY, &mm->flags);
1038 smp_wmb();
1039 set_bit(MMF_DUMPABLE, &mm->flags);
1040 -@@ -2027,7 +2405,7 @@ static int __get_dumpable(unsigned long mm_flags)
1041 +@@ -2027,7 +2427,7 @@ static int __get_dumpable(unsigned long mm_flags)
1042 int ret;
1043
1044 ret = mm_flags & MMF_DUMPABLE_MASK;
1045 @@ -47248,7 +47320,7 @@ index c27fa0d..02a6a78 100644
1046 }
1047
1048 int get_dumpable(struct mm_struct *mm)
1049 -@@ -2042,17 +2420,17 @@ static void wait_for_dump_helpers(struct file *file)
1050 +@@ -2042,17 +2442,17 @@ static void wait_for_dump_helpers(struct file *file)
1051 pipe = file->f_path.dentry->d_inode->i_pipe;
1052
1053 pipe_lock(pipe);
1054 @@ -47271,7 +47343,7 @@ index c27fa0d..02a6a78 100644
1055 pipe_unlock(pipe);
1056
1057 }
1058 -@@ -2113,7 +2491,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1059 +@@ -2113,7 +2513,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1060 int retval = 0;
1061 int flag = 0;
1062 int ispipe;
1063 @@ -47281,7 +47353,7 @@ index c27fa0d..02a6a78 100644
1064 struct coredump_params cprm = {
1065 .signr = signr,
1066 .regs = regs,
1067 -@@ -2128,6 +2507,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1068 +@@ -2128,6 +2529,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1069
1070 audit_core_dumps(signr);
1071
1072 @@ -47291,7 +47363,7 @@ index c27fa0d..02a6a78 100644
1073 binfmt = mm->binfmt;
1074 if (!binfmt || !binfmt->core_dump)
1075 goto fail;
1076 -@@ -2138,14 +2520,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1077 +@@ -2138,14 +2542,16 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1078 if (!cred)
1079 goto fail;
1080 /*
1081 @@ -47312,7 +47384,7 @@ index c27fa0d..02a6a78 100644
1082 }
1083
1084 retval = coredump_wait(exit_code, &core_state);
1085 -@@ -2195,7 +2579,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1086 +@@ -2195,7 +2601,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1087 }
1088 cprm.limit = RLIM_INFINITY;
1089
1090 @@ -47321,7 +47393,7 @@ index c27fa0d..02a6a78 100644
1091 if (core_pipe_limit && (core_pipe_limit < dump_count)) {
1092 printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
1093 task_tgid_vnr(current), current->comm);
1094 -@@ -2222,9 +2606,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1095 +@@ -2222,9 +2628,19 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs)
1096 } else {
1097 struct inode *inode;
1098
1099 @@ -47341,7 +47413,7 @@ index c27fa0d..02a6a78 100644
1100 cprm.file = filp_open(cn.corename,
1101 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
1102 0600);
1103 -@@ -2265,7 +2659,7 @@ close_fail:
1104 +@@ -2265,7 +2681,7 @@ close_fail:
1105 filp_close(cprm.file, NULL);
1106 fail_dropcount:
1107 if (ispipe)
1108 @@ -47350,7 +47422,7 @@ index c27fa0d..02a6a78 100644
1109 fail_unlock:
1110 kfree(cn.corename);
1111 fail_corename:
1112 -@@ -2284,7 +2678,7 @@ fail:
1113 +@@ -2284,7 +2700,7 @@ fail:
1114 */
1115 int dump_write(struct file *file, const void *addr, int nr)
1116 {
1117 @@ -71904,10 +71976,86 @@ index 76b8e77..a2930e8 100644
1118 }
1119
1120 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
1121 -index 78ab24a..332c915 100644
1122 +index 78ab24a..f8e2cdc 100644
1123 --- a/kernel/ptrace.c
1124 +++ b/kernel/ptrace.c
1125 -@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state)
1126 +@@ -122,6 +122,40 @@ void __ptrace_unlink(struct task_struct *child)
1127 + spin_unlock(&child->sighand->siglock);
1128 + }
1129 +
1130 ++/* Ensure that nothing can wake it up, even SIGKILL */
1131 ++static bool ptrace_freeze_traced(struct task_struct *task)
1132 ++{
1133 ++ bool ret = false;
1134 ++
1135 ++ /* Lockless, nobody but us can set this flag */
1136 ++ if (task->jobctl & JOBCTL_LISTENING)
1137 ++ return ret;
1138 ++
1139 ++ spin_lock_irq(&task->sighand->siglock);
1140 ++ if (task_is_traced(task) && !__fatal_signal_pending(task)) {
1141 ++ task->state = __TASK_TRACED;
1142 ++ ret = true;
1143 ++ }
1144 ++ spin_unlock_irq(&task->sighand->siglock);
1145 ++
1146 ++ return ret;
1147 ++}
1148 ++
1149 ++static void ptrace_unfreeze_traced(struct task_struct *task)
1150 ++{
1151 ++ if (task->state != __TASK_TRACED)
1152 ++ return;
1153 ++
1154 ++ WARN_ON(!task->ptrace || task->parent != current);
1155 ++
1156 ++ spin_lock_irq(&task->sighand->siglock);
1157 ++ if (__fatal_signal_pending(task))
1158 ++ wake_up_state(task, __TASK_TRACED);
1159 ++ else
1160 ++ task->state = TASK_TRACED;
1161 ++ spin_unlock_irq(&task->sighand->siglock);
1162 ++}
1163 ++
1164 + /**
1165 + * ptrace_check_attach - check whether ptracee is ready for ptrace operation
1166 + * @child: ptracee to check for
1167 +@@ -151,28 +185,34 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state)
1168 + * be changed by us so it's not changing right after this.
1169 + */
1170 + read_lock(&tasklist_lock);
1171 +- if ((child->ptrace & PT_PTRACED) && child->parent == current) {
1172 ++ if (child->ptrace && child->parent == current) {
1173 ++ WARN_ON(child->state == __TASK_TRACED);
1174 + /*
1175 + * child->sighand can't be NULL, release_task()
1176 + * does ptrace_unlink() before __exit_signal().
1177 + */
1178 +- spin_lock_irq(&child->sighand->siglock);
1179 +- WARN_ON_ONCE(task_is_stopped(child));
1180 +- if (ignore_state || (task_is_traced(child) &&
1181 +- !(child->jobctl & JOBCTL_LISTENING)))
1182 ++ if (ignore_state || ptrace_freeze_traced(child))
1183 + ret = 0;
1184 +- spin_unlock_irq(&child->sighand->siglock);
1185 + }
1186 + read_unlock(&tasklist_lock);
1187 +
1188 +- if (!ret && !ignore_state)
1189 +- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH;
1190 ++ if (!ret && !ignore_state) {
1191 ++ if (!wait_task_inactive(child, __TASK_TRACED)) {
1192 ++ /*
1193 ++ * This can only happen if may_ptrace_stop() fails and
1194 ++ * ptrace_stop() changes ->state back to TASK_RUNNING,
1195 ++ * so we should not worry about leaking __TASK_TRACED.
1196 ++ */
1197 ++ WARN_ON(child->state == __TASK_TRACED);
1198 ++ ret = -ESRCH;
1199 ++ }
1200 ++ }
1201 +
1202 +- /* All systems go.. */
1203 return ret;
1204 }
1205
1206 @@ -71917,7 +72065,7 @@ index 78ab24a..332c915 100644
1207 {
1208 const struct cred *cred = current_cred(), *tcred;
1209
1210 -@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
1211 +@@ -198,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode)
1212 cred->gid == tcred->sgid &&
1213 cred->gid == tcred->gid))
1214 goto ok;
1215 @@ -71927,7 +72075,7 @@ index 78ab24a..332c915 100644
1216 goto ok;
1217 rcu_read_unlock();
1218 return -EPERM;
1219 -@@ -207,7 +209,9 @@ ok:
1220 +@@ -207,7 +248,9 @@ ok:
1221 smp_rmb();
1222 if (task->mm)
1223 dumpable = get_dumpable(task->mm);
1224 @@ -71938,7 +72086,7 @@ index 78ab24a..332c915 100644
1225 return -EPERM;
1226
1227 return security_ptrace_access_check(task, mode);
1228 -@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode)
1229 +@@ -217,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode)
1230 {
1231 int err;
1232 task_lock(task);
1233 @@ -71961,7 +72109,7 @@ index 78ab24a..332c915 100644
1234 task_unlock(task);
1235 return !err;
1236 }
1237 -@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request,
1238 +@@ -262,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request,
1239 goto out;
1240
1241 task_lock(task);
1242 @@ -71970,7 +72118,7 @@ index 78ab24a..332c915 100644
1243 task_unlock(task);
1244 if (retval)
1245 goto unlock_creds;
1246 -@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request,
1247 +@@ -277,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request,
1248 task->ptrace = PT_PTRACED;
1249 if (seize)
1250 task->ptrace |= PT_SEIZED;
1251 @@ -71979,7 +72127,7 @@ index 78ab24a..332c915 100644
1252 task->ptrace |= PT_PTRACE_CAP;
1253
1254 __ptrace_link(task, current);
1255 -@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
1256 +@@ -483,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
1257 break;
1258 return -EIO;
1259 }
1260 @@ -71988,7 +72136,7 @@ index 78ab24a..332c915 100644
1261 return -EFAULT;
1262 copied += retval;
1263 src += retval;
1264 -@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request,
1265 +@@ -680,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request,
1266 bool seized = child->ptrace & PT_SEIZED;
1267 int ret = -EIO;
1268 siginfo_t siginfo, *si;
1269 @@ -71997,7 +72145,7 @@ index 78ab24a..332c915 100644
1270 unsigned long __user *datalp = datavp;
1271 unsigned long flags;
1272
1273 -@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
1274 +@@ -882,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
1275 goto out;
1276 }
1277
1278 @@ -72020,7 +72168,16 @@ index 78ab24a..332c915 100644
1279 goto out_put_task_struct;
1280 }
1281
1282 -@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
1283 +@@ -899,6 +963,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
1284 + goto out_put_task_struct;
1285 +
1286 + ret = arch_ptrace(child, request, addr, data);
1287 ++ if (ret || request != PTRACE_DETACH)
1288 ++ ptrace_unfreeze_traced(child);
1289 +
1290 + out_put_task_struct:
1291 + put_task_struct(child);
1292 +@@ -915,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
1293 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
1294 if (copied != sizeof(tmp))
1295 return -EIO;
1296 @@ -72029,7 +72186,7 @@ index 78ab24a..332c915 100644
1297 }
1298
1299 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
1300 -@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
1301 +@@ -1025,21 +1091,31 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
1302 goto out;
1303 }
1304
1305 @@ -72052,6 +72209,17 @@ index 78ab24a..332c915 100644
1306 goto out_put_task_struct;
1307 }
1308
1309 + ret = ptrace_check_attach(child, request == PTRACE_KILL ||
1310 + request == PTRACE_INTERRUPT);
1311 +- if (!ret)
1312 ++ if (!ret) {
1313 + ret = compat_arch_ptrace(child, request, addr, data);
1314 ++ if (ret || request != PTRACE_DETACH)
1315 ++ ptrace_unfreeze_traced(child);
1316 ++ }
1317 +
1318 + out_put_task_struct:
1319 + put_task_struct(child);
1320 diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c
1321 index 636af6d..8af70ab 100644
1322 --- a/kernel/rcutiny.c
1323 @@ -72565,10 +72733,20 @@ index 3d9f31c..7fefc9e 100644
1324
1325 default:
1326 diff --git a/kernel/sched.c b/kernel/sched.c
1327 -index fcc893f..a628984 100644
1328 +index fcc893f..223b418 100644
1329 --- a/kernel/sched.c
1330 +++ b/kernel/sched.c
1331 -@@ -5290,6 +5290,8 @@ int can_nice(const struct task_struct *p, const int nice)
1332 +@@ -2924,7 +2924,8 @@ out:
1333 + */
1334 + int wake_up_process(struct task_struct *p)
1335 + {
1336 +- return try_to_wake_up(p, TASK_ALL, 0);
1337 ++ WARN_ON(task_is_stopped_or_traced(p));
1338 ++ return try_to_wake_up(p, TASK_NORMAL, 0);
1339 + }
1340 + EXPORT_SYMBOL(wake_up_process);
1341 +
1342 +@@ -5290,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice)
1343 /* convert nice value [19,-20] to rlimit style value [1,40] */
1344 int nice_rlim = 20 - nice;
1345
1346 @@ -72577,7 +72755,7 @@ index fcc893f..a628984 100644
1347 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
1348 capable(CAP_SYS_NICE));
1349 }
1350 -@@ -5323,7 +5325,8 @@ SYSCALL_DEFINE1(nice, int, increment)
1351 +@@ -5323,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment)
1352 if (nice > 19)
1353 nice = 19;
1354
1355 @@ -72587,7 +72765,7 @@ index fcc893f..a628984 100644
1356 return -EPERM;
1357
1358 retval = security_task_setnice(current, nice);
1359 -@@ -5480,6 +5483,7 @@ recheck:
1360 +@@ -5480,6 +5484,7 @@ recheck:
1361 unsigned long rlim_rtprio =
1362 task_rlimit(p, RLIMIT_RTPRIO);
1363
1364 @@ -72631,7 +72809,7 @@ index 66e4576..d05c6d5 100644
1365 int this_cpu = smp_processor_id();
1366 struct rq *this_rq = cpu_rq(this_cpu);
1367 diff --git a/kernel/signal.c b/kernel/signal.c
1368 -index 08e0b97..cdf6f49 100644
1369 +index 08e0b97..e3ad9b7 100644
1370 --- a/kernel/signal.c
1371 +++ b/kernel/signal.c
1372 @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep;
1373 @@ -72740,7 +72918,26 @@ index 08e0b97..cdf6f49 100644
1374
1375 return ret;
1376 }
1377 -@@ -2763,7 +2786,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
1378 +@@ -1765,6 +1788,10 @@ static inline int may_ptrace_stop(void)
1379 + * If SIGKILL was already sent before the caller unlocked
1380 + * ->siglock we must see ->core_state != NULL. Otherwise it
1381 + * is safe to enter schedule().
1382 ++ *
1383 ++ * This is almost outdated, a task with the pending SIGKILL can't
1384 ++ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported
1385 ++ * after SIGKILL was already dequeued.
1386 + */
1387 + if (unlikely(current->mm->core_state) &&
1388 + unlikely(current->mm == current->parent->mm))
1389 +@@ -1890,6 +1917,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info)
1390 + if (gstop_done)
1391 + do_notify_parent_cldstop(current, false, why);
1392 +
1393 ++ /* tasklist protects us from ptrace_freeze_traced() */
1394 + __set_current_state(TASK_RUNNING);
1395 + if (clear_code)
1396 + current->exit_code = 0;
1397 +@@ -2763,7 +2791,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
1398 int error = -ESRCH;
1399
1400 rcu_read_lock();
1401 @@ -73620,7 +73817,7 @@ index 16fc34a..efd8bb8 100644
1402 ret = -EIO;
1403 bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
1404 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
1405 -index 54dba59..5c6d44e 100644
1406 +index 54dba59..1690055 100644
1407 --- a/kernel/trace/ftrace.c
1408 +++ b/kernel/trace/ftrace.c
1409 @@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
1410 @@ -73652,6 +73849,15 @@ index 54dba59..5c6d44e 100644
1411 {
1412 struct ftrace_func_probe *entry;
1413 struct ftrace_page *pg;
1414 +@@ -3482,7 +3487,7 @@ static int ftrace_module_notify(struct notifier_block *self,
1415 +
1416 + struct notifier_block ftrace_module_nb = {
1417 + .notifier_call = ftrace_module_notify,
1418 +- .priority = 0,
1419 ++ .priority = INT_MAX, /* Run before anything that can use kprobes */
1420 + };
1421 +
1422 + extern unsigned long __start_mcount_loc[];
1423 @@ -3968,8 +3973,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
1424 #ifdef CONFIG_FUNCTION_GRAPH_TRACER
1425
1426 @@ -74947,7 +75153,7 @@ index 0c26b5e..1cc340f 100644
1427 #ifdef CONFIG_MEMORY_FAILURE
1428 extern bool is_free_buddy_page(struct page *page);
1429 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
1430 -index f3b2a00..61da94d 100644
1431 +index f3b2a00..5899e43 100644
1432 --- a/mm/kmemleak.c
1433 +++ b/mm/kmemleak.c
1434 @@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq,
1435 @@ -74955,10 +75161,19 @@ index f3b2a00..61da94d 100644
1436 for (i = 0; i < object->trace_len; i++) {
1437 void *ptr = (void *)object->trace[i];
1438 - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
1439 -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr);
1440 ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr);
1441 }
1442 }
1443
1444 +@@ -1745,7 +1745,7 @@ static int __init kmemleak_late_init(void)
1445 + return -ENOMEM;
1446 + }
1447 +
1448 +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL,
1449 ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL,
1450 + &kmemleak_fops);
1451 + if (!dentry)
1452 + pr_warning("Failed to create the debugfs kmemleak file\n");
1453 diff --git a/mm/maccess.c b/mm/maccess.c
1454 index d53adf9..03a24bf 100644
1455 --- a/mm/maccess.c
1456
1457 diff --git a/3.7.4/0000_README b/3.7.5/0000_README
1458 similarity index 96%
1459 rename from 3.7.4/0000_README
1460 rename to 3.7.5/0000_README
1461 index f410177..71573a5 100644
1462 --- a/3.7.4/0000_README
1463 +++ b/3.7.5/0000_README
1464 @@ -2,7 +2,7 @@ README
1465 -----------------------------------------------------------------------------
1466 Individual Patch Descriptions:
1467 -----------------------------------------------------------------------------
1468 -Patch: 4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1469 +Patch: 4420_grsecurity-2.9.1-3.7.5-201301281957.patch
1470 From: http://www.grsecurity.net
1471 Desc: hardened-sources base patch from upstream grsecurity
1472
1473
1474 diff --git a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch b/3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch
1475 similarity index 99%
1476 rename from 3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1477 rename to 3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch
1478 index 29e3b84..8d072d3 100644
1479 --- a/3.7.4/4420_grsecurity-2.9.1-3.7.4-201301252226.patch
1480 +++ b/3.7.5/4420_grsecurity-2.9.1-3.7.5-201301281957.patch
1481 @@ -251,7 +251,7 @@ index 9776f06..18b1856 100644
1482
1483 pcd. [PARIDE]
1484 diff --git a/Makefile b/Makefile
1485 -index f9196bc..63b33e4 100644
1486 +index ecf87b1..f0c8483 100644
1487 --- a/Makefile
1488 +++ b/Makefile
1489 @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
1490 @@ -3478,6 +3478,19 @@ index d9439ef..d0cac6b 100644
1491 /* Remember the address where we stopped this search: */
1492 mm->free_area_cache = addr + len;
1493 return addr;
1494 +diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c
1495 +index c64460b..4d250a6 100644
1496 +--- a/arch/ia64/kernel/topology.c
1497 ++++ b/arch/ia64/kernel/topology.c
1498 +@@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb,
1499 + return NOTIFY_OK;
1500 + }
1501 +
1502 +-static struct notifier_block __cpuinitdata cache_cpu_notifier =
1503 ++static struct notifier_block cache_cpu_notifier =
1504 + {
1505 + .notifier_call = cache_cpu_callback
1506 + };
1507 diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S
1508 index 0ccb28f..8992469 100644
1509 --- a/arch/ia64/kernel/vmlinux.lds.S
1510 @@ -3975,7 +3988,7 @@ index ddcec1e..c7f983e 100644
1511 * This routine handles page faults. It determines the address,
1512 * and the problem, and then passes it off to one of the appropriate
1513 diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
1514 -index 302d779..ee9ffb5 100644
1515 +index 302d779..573314a 100644
1516 --- a/arch/mips/mm/mmap.c
1517 +++ b/arch/mips/mm/mmap.c
1518 @@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp,
1519 @@ -4055,7 +4068,7 @@ index 302d779..ee9ffb5 100644
1520 - if (do_color_align)
1521 - addr = COLOUR_ALIGN_DOWN(addr, pgoff);
1522 - } while (likely(len < vma->vm_start));
1523 -+ addr = skip_heap_stack_gap(vma, len);
1524 ++ addr = skip_heap_stack_gap(vma, len, offset);
1525 + } while (!IS_ERR_VALUE(addr));
1526
1527 bottomup:
1528 @@ -15599,10 +15612,10 @@ index df5e41f..816c719 100644
1529 extern int generic_get_free_region(unsigned long base, unsigned long size,
1530 int replace_reg);
1531 diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
1532 -index 4a3374e..1ca3ecb 100644
1533 +index d18b2b8..d3b834c 100644
1534 --- a/arch/x86/kernel/cpu/perf_event.c
1535 +++ b/arch/x86/kernel/cpu/perf_event.c
1536 -@@ -1765,7 +1765,7 @@ static unsigned long get_segment_base(unsigned int segment)
1537 +@@ -1759,7 +1759,7 @@ static unsigned long get_segment_base(unsigned int segment)
1538 if (idx > GDT_ENTRIES)
1539 return 0;
1540
1541 @@ -15611,7 +15624,7 @@ index 4a3374e..1ca3ecb 100644
1542 }
1543
1544 return get_desc_base(desc + idx);
1545 -@@ -1855,7 +1855,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
1546 +@@ -1849,7 +1849,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
1547 break;
1548
1549 perf_callchain_store(entry, frame.return_address);
1550 @@ -20550,7 +20563,7 @@ index f3e2ec8..ad5287a 100644
1551 if (err) {
1552 pr_debug("do_boot_cpu failed %d\n", err);
1553 diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c
1554 -index cd3b243..4ba27a4 100644
1555 +index 9b4d51d..5d28b58 100644
1556 --- a/arch/x86/kernel/step.c
1557 +++ b/arch/x86/kernel/step.c
1558 @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re
1559 @@ -29978,10 +29991,10 @@ index bd4e5dc..0497b66 100644
1560 /*
1561 * Buggy BIOS check
1562 diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
1563 -index 586362e..ca71b9b 100644
1564 +index c8ac4fe..631818e 100644
1565 --- a/drivers/ata/libata-core.c
1566 +++ b/drivers/ata/libata-core.c
1567 -@@ -4775,7 +4775,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
1568 +@@ -4779,7 +4779,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
1569 struct ata_port *ap;
1570 unsigned int tag;
1571
1572 @@ -29990,7 +30003,7 @@ index 586362e..ca71b9b 100644
1573 ap = qc->ap;
1574
1575 qc->flags = 0;
1576 -@@ -4791,7 +4791,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
1577 +@@ -4795,7 +4795,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc)
1578 struct ata_port *ap;
1579 struct ata_link *link;
1580
1581 @@ -29999,7 +30012,7 @@ index 586362e..ca71b9b 100644
1582 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE));
1583 ap = qc->ap;
1584 link = qc->dev->link;
1585 -@@ -5887,6 +5887,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1586 +@@ -5891,6 +5891,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1587 return;
1588
1589 spin_lock(&lock);
1590 @@ -30007,7 +30020,7 @@ index 586362e..ca71b9b 100644
1591
1592 for (cur = ops->inherits; cur; cur = cur->inherits) {
1593 void **inherit = (void **)cur;
1594 -@@ -5900,8 +5901,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1595 +@@ -5904,8 +5905,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops)
1596 if (IS_ERR(*pp))
1597 *pp = NULL;
1598
1599 @@ -32395,10 +32408,10 @@ index 515a42c..5ecf3ba 100644
1600 void fw_card_initialize(struct fw_card *card,
1601 const struct fw_card_driver *driver, struct device *device);
1602 diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
1603 -index b298158..7ed8432 100644
1604 +index fd3ae62..669efe3 100644
1605 --- a/drivers/firmware/dmi_scan.c
1606 +++ b/drivers/firmware/dmi_scan.c
1607 -@@ -452,11 +452,6 @@ void __init dmi_scan_machine(void)
1608 +@@ -491,11 +491,6 @@ void __init dmi_scan_machine(void)
1609 }
1610 }
1611 else {
1612 @@ -32410,7 +32423,7 @@ index b298158..7ed8432 100644
1613 p = dmi_ioremap(0xF0000, 0x10000);
1614 if (p == NULL)
1615 goto error;
1616 -@@ -726,7 +721,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
1617 +@@ -770,7 +765,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
1618 if (buf == NULL)
1619 return -1;
1620
1621 @@ -32831,10 +32844,10 @@ index 92f1750..3beba74 100644
1622 return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
1623 }
1624 diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
1625 -index 3eea143..a0b77db 100644
1626 +index 67036e9..b9f1357 100644
1627 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
1628 +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
1629 -@@ -660,7 +660,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
1630 +@@ -681,7 +681,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring,
1631 i915_gem_clflush_object(obj);
1632
1633 if (obj->base.pending_write_domain)
1634 @@ -32843,7 +32856,7 @@ index 3eea143..a0b77db 100644
1635
1636 flush_domains |= obj->base.write_domain;
1637 }
1638 -@@ -691,9 +691,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
1639 +@@ -712,9 +712,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
1640
1641 static int
1642 validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
1643 @@ -36227,7 +36240,7 @@ index b94d5f7..7f494c5 100644
1644 extern int xpc_disengage_timedout;
1645 extern int xpc_activate_IRQ_rcvd;
1646 diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c
1647 -index d971817..3805cce 100644
1648 +index d971817..33bdca5 100644
1649 --- a/drivers/misc/sgi-xp/xpc_main.c
1650 +++ b/drivers/misc/sgi-xp/xpc_main.c
1651 @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = {
1652 @@ -36239,6 +36252,15 @@ index d971817..3805cce 100644
1653
1654 /*
1655 * Timer function to enforce the timelimit on the partition disengage.
1656 +@@ -1210,7 +1210,7 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args)
1657 +
1658 + if (((die_args->trapnr == X86_TRAP_MF) ||
1659 + (die_args->trapnr == X86_TRAP_XF)) &&
1660 +- !user_mode_vm(die_args->regs))
1661 ++ !user_mode(die_args->regs))
1662 + xpc_die_deactivate();
1663 +
1664 + break;
1665 diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
1666 index a0e1720..ee63d0b 100644
1667 --- a/drivers/mmc/core/mmc_ops.c
1668 @@ -37548,7 +37570,7 @@ index 76ba8a1..20ca857 100644
1669
1670 /* initialize our int15 lock */
1671 diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
1672 -index 213753b..b4abaac 100644
1673 +index 449f257..0731e96 100644
1674 --- a/drivers/pci/pcie/aspm.c
1675 +++ b/drivers/pci/pcie/aspm.c
1676 @@ -27,9 +27,9 @@
1677 @@ -38819,7 +38841,7 @@ index 21a045e..ec89e03 100644
1678
1679 transport_setup_device(&rport->dev);
1680 diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
1681 -index 352bc77..c049b14 100644
1682 +index a45e12a..d9120cb 100644
1683 --- a/drivers/scsi/sd.c
1684 +++ b/drivers/scsi/sd.c
1685 @@ -2899,7 +2899,7 @@ static int sd_probe(struct device *dev)
1686 @@ -47345,6 +47367,20 @@ index 71a600a..20d87b1 100644
1687 f_modown(filp, pid, type, force);
1688 return 0;
1689 }
1690 +diff --git a/fs/fhandle.c b/fs/fhandle.c
1691 +index f775bfd..629bd4c 100644
1692 +--- a/fs/fhandle.c
1693 ++++ b/fs/fhandle.c
1694 +@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path,
1695 + } else
1696 + retval = 0;
1697 + /* copy the mount id */
1698 +- if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id,
1699 +- sizeof(*mnt_id)) ||
1700 ++ if (put_user(real_mount(path->mnt)->mnt_id, mnt_id) ||
1701 + copy_to_user(ufh, handle,
1702 + sizeof(struct file_handle) + handle_bytes))
1703 + retval = -EFAULT;
1704 diff --git a/fs/fifo.c b/fs/fifo.c
1705 index cf6f434..3d7942c 100644
1706 --- a/fs/fifo.c
1707 @@ -64757,7 +64793,7 @@ index ecc5543..0e96bcc 100644
1708
1709 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
1710 diff --git a/include/linux/libata.h b/include/linux/libata.h
1711 -index e931c9a..7aa8f6f 100644
1712 +index 1e36c63..0c5046e 100644
1713 --- a/include/linux/libata.h
1714 +++ b/include/linux/libata.h
1715 @@ -915,7 +915,7 @@ struct ata_port_operations {
1716 @@ -65067,7 +65103,7 @@ index fed3def..7cc3f93 100644
1717 #define HID_GROUP_ANY 0x0000
1718
1719 diff --git a/include/linux/module.h b/include/linux/module.h
1720 -index 7760c6d..983ee18 100644
1721 +index 1375ee3..d631af0 100644
1722 --- a/include/linux/module.h
1723 +++ b/include/linux/module.h
1724 @@ -17,9 +17,11 @@
1725 @@ -65617,7 +65653,7 @@ index bfe1f47..6a33ee3 100644
1726 static inline void anon_vma_merge(struct vm_area_struct *vma,
1727 struct vm_area_struct *next)
1728 diff --git a/include/linux/sched.h b/include/linux/sched.h
1729 -index 0dd42a0..f5dc099 100644
1730 +index 3e63925..1d69dff 100644
1731 --- a/include/linux/sched.h
1732 +++ b/include/linux/sched.h
1733 @@ -61,6 +61,7 @@ struct bio_list;
1734 @@ -67585,10 +67621,10 @@ index f5b978a..69dbfe8 100644
1735 if (!S_ISBLK(stat.st_mode))
1736 return 0;
1737 diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c
1738 -index 5e4ded5..aa3cd7e 100644
1739 +index f9acf71..1e19144 100644
1740 --- a/init/do_mounts_initrd.c
1741 +++ b/init/do_mounts_initrd.c
1742 -@@ -54,8 +54,8 @@ static void __init handle_initrd(void)
1743 +@@ -58,8 +58,8 @@ static void __init handle_initrd(void)
1744 create_dev("/dev/root.old", Root_RAM0);
1745 /* mount initrd on rootfs' /root */
1746 mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
1747 @@ -67599,7 +67635,7 @@ index 5e4ded5..aa3cd7e 100644
1748
1749 /*
1750 * In case that a resume from disk is carried out by linuxrc or one of
1751 -@@ -69,31 +69,31 @@ static void __init handle_initrd(void)
1752 +@@ -73,31 +73,31 @@ static void __init handle_initrd(void)
1753 current->flags &= ~PF_FREEZER_SKIP;
1754
1755 /* move initrd to rootfs' /old */
1756 @@ -67638,7 +67674,7 @@ index 5e4ded5..aa3cd7e 100644
1757 printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
1758 if (fd < 0) {
1759 error = fd;
1760 -@@ -116,11 +116,11 @@ int __init initrd_load(void)
1761 +@@ -120,11 +120,11 @@ int __init initrd_load(void)
1762 * mounted in the normal path.
1763 */
1764 if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
1765 @@ -67810,7 +67846,7 @@ index 84c6bf1..8899338 100644
1766 next_state = Reset;
1767 return 0;
1768 diff --git a/init/main.c b/init/main.c
1769 -index e33e09d..b699703 100644
1770 +index cd147a9..12ce8c2 100644
1771 --- a/init/main.c
1772 +++ b/init/main.c
1773 @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { }
1774 @@ -67955,7 +67991,7 @@ index e33e09d..b699703 100644
1775 }
1776
1777 static int run_init_process(const char *init_filename)
1778 -@@ -876,7 +950,7 @@ static void __init kernel_init_freeable(void)
1779 +@@ -876,7 +950,7 @@ static noinline void __init kernel_init_freeable(void)
1780 do_basic_setup();
1781
1782 /* Open the /dev/console on the rootfs, this should never fail */
1783 @@ -67964,7 +68000,7 @@ index e33e09d..b699703 100644
1784 printk(KERN_WARNING "Warning: unable to open an initial console.\n");
1785
1786 (void) sys_dup(0);
1787 -@@ -889,11 +963,13 @@ static void __init kernel_init_freeable(void)
1788 +@@ -889,11 +963,13 @@ static noinline void __init kernel_init_freeable(void)
1789 if (!ramdisk_execute_command)
1790 ramdisk_execute_command = "/init";
1791
1792 @@ -68718,11 +68754,11 @@ index 9a61738..c5c8f3a 100644
1793 }
1794 EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint);
1795 diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
1796 -index 4d5f8d5..4743f33 100644
1797 +index 8875254..7cf4928 100644
1798 --- a/kernel/debug/kdb/kdb_main.c
1799 +++ b/kernel/debug/kdb/kdb_main.c
1800 -@@ -1972,7 +1972,7 @@ static int kdb_lsmod(int argc, const char **argv)
1801 - list_for_each_entry(mod, kdb_modules, list) {
1802 +@@ -1974,7 +1974,7 @@ static int kdb_lsmod(int argc, const char **argv)
1803 + continue;
1804
1805 kdb_printf("%-20s%8u 0x%p ", mod->name,
1806 - mod->core_size, (void *)mod);
1807 @@ -68730,7 +68766,7 @@ index 4d5f8d5..4743f33 100644
1808 #ifdef CONFIG_MODULE_UNLOAD
1809 kdb_printf("%4ld ", module_refcount(mod));
1810 #endif
1811 -@@ -1982,7 +1982,7 @@ static int kdb_lsmod(int argc, const char **argv)
1812 +@@ -1984,7 +1984,7 @@ static int kdb_lsmod(int argc, const char **argv)
1813 kdb_printf(" (Loading)");
1814 else
1815 kdb_printf(" (Live)");
1816 @@ -69773,7 +69809,7 @@ index 91c32a0..7b88d63 100644
1817 seq_printf(m, "%40s %14lu %29s %pS\n",
1818 name, stats->contending_point[i],
1819 diff --git a/kernel/module.c b/kernel/module.c
1820 -index 6e48c3a..ac2ef5b 100644
1821 +index 3e544f4..096cb73 100644
1822 --- a/kernel/module.c
1823 +++ b/kernel/module.c
1824 @@ -59,6 +59,7 @@
1825 @@ -69794,7 +69830,7 @@ index 6e48c3a..ac2ef5b 100644
1826
1827 int register_module_notifier(struct notifier_block * nb)
1828 {
1829 -@@ -318,7 +320,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
1830 +@@ -319,7 +321,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
1831 return true;
1832
1833 list_for_each_entry_rcu(mod, &modules, list) {
1834 @@ -69803,16 +69839,16 @@ index 6e48c3a..ac2ef5b 100644
1835 { mod->syms, mod->syms + mod->num_syms, mod->crcs,
1836 NOT_GPL_ONLY, false },
1837 { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
1838 -@@ -340,7 +342,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
1839 - #endif
1840 - };
1841 +@@ -344,7 +346,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr,
1842 + if (mod->state == MODULE_STATE_UNFORMED)
1843 + continue;
1844
1845 - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
1846 + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
1847 return true;
1848 }
1849 return false;
1850 -@@ -472,7 +474,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
1851 +@@ -484,7 +486,7 @@ static inline void __percpu *mod_percpu(struct module *mod)
1852 static int percpu_modalloc(struct module *mod,
1853 unsigned long size, unsigned long align)
1854 {
1855 @@ -69821,7 +69857,7 @@ index 6e48c3a..ac2ef5b 100644
1856 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
1857 mod->name, align, PAGE_SIZE);
1858 align = PAGE_SIZE;
1859 -@@ -1072,7 +1074,7 @@ struct module_attribute module_uevent =
1860 +@@ -1088,7 +1090,7 @@ struct module_attribute module_uevent =
1861 static ssize_t show_coresize(struct module_attribute *mattr,
1862 struct module_kobject *mk, char *buffer)
1863 {
1864 @@ -69830,7 +69866,7 @@ index 6e48c3a..ac2ef5b 100644
1865 }
1866
1867 static struct module_attribute modinfo_coresize =
1868 -@@ -1081,7 +1083,7 @@ static struct module_attribute modinfo_coresize =
1869 +@@ -1097,7 +1099,7 @@ static struct module_attribute modinfo_coresize =
1870 static ssize_t show_initsize(struct module_attribute *mattr,
1871 struct module_kobject *mk, char *buffer)
1872 {
1873 @@ -69839,7 +69875,7 @@ index 6e48c3a..ac2ef5b 100644
1874 }
1875
1876 static struct module_attribute modinfo_initsize =
1877 -@@ -1295,7 +1297,7 @@ resolve_symbol_wait(struct module *mod,
1878 +@@ -1311,7 +1313,7 @@ resolve_symbol_wait(struct module *mod,
1879 */
1880 #ifdef CONFIG_SYSFS
1881
1882 @@ -69848,7 +69884,7 @@ index 6e48c3a..ac2ef5b 100644
1883 static inline bool sect_empty(const Elf_Shdr *sect)
1884 {
1885 return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
1886 -@@ -1761,21 +1763,21 @@ static void set_section_ro_nx(void *base,
1887 +@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base,
1888
1889 static void unset_module_core_ro_nx(struct module *mod)
1890 {
1891 @@ -69878,10 +69914,10 @@ index 6e48c3a..ac2ef5b 100644
1892 set_memory_rw);
1893 }
1894
1895 -@@ -1786,14 +1788,14 @@ void set_all_modules_text_rw(void)
1896 -
1897 - mutex_lock(&module_mutex);
1898 +@@ -1804,14 +1806,14 @@ void set_all_modules_text_rw(void)
1899 list_for_each_entry_rcu(mod, &modules, list) {
1900 + if (mod->state == MODULE_STATE_UNFORMED)
1901 + continue;
1902 - if ((mod->module_core) && (mod->core_text_size)) {
1903 - set_page_attributes(mod->module_core,
1904 - mod->module_core + mod->core_text_size,
1905 @@ -69899,10 +69935,10 @@ index 6e48c3a..ac2ef5b 100644
1906 set_memory_rw);
1907 }
1908 }
1909 -@@ -1807,14 +1809,14 @@ void set_all_modules_text_ro(void)
1910 -
1911 - mutex_lock(&module_mutex);
1912 +@@ -1827,14 +1829,14 @@ void set_all_modules_text_ro(void)
1913 list_for_each_entry_rcu(mod, &modules, list) {
1914 + if (mod->state == MODULE_STATE_UNFORMED)
1915 + continue;
1916 - if ((mod->module_core) && (mod->core_text_size)) {
1917 - set_page_attributes(mod->module_core,
1918 - mod->module_core + mod->core_text_size,
1919 @@ -69920,7 +69956,7 @@ index 6e48c3a..ac2ef5b 100644
1920 set_memory_ro);
1921 }
1922 }
1923 -@@ -1860,16 +1862,19 @@ static void free_module(struct module *mod)
1924 +@@ -1880,16 +1882,19 @@ static void free_module(struct module *mod)
1925
1926 /* This may be NULL, but that's OK */
1927 unset_module_init_ro_nx(mod);
1928 @@ -69943,7 +69979,7 @@ index 6e48c3a..ac2ef5b 100644
1929
1930 #ifdef CONFIG_MPU
1931 update_protections(current->mm);
1932 -@@ -1939,9 +1944,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1933 +@@ -1959,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1934 int ret = 0;
1935 const struct kernel_symbol *ksym;
1936
1937 @@ -69975,7 +70011,7 @@ index 6e48c3a..ac2ef5b 100644
1938 switch (sym[i].st_shndx) {
1939 case SHN_COMMON:
1940 /* We compiled with -fno-common. These are not
1941 -@@ -1962,7 +1989,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1942 +@@ -1982,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1943 ksym = resolve_symbol_wait(mod, info, name);
1944 /* Ok if resolved. */
1945 if (ksym && !IS_ERR(ksym)) {
1946 @@ -69985,7 +70021,7 @@ index 6e48c3a..ac2ef5b 100644
1947 break;
1948 }
1949
1950 -@@ -1981,11 +2010,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1951 +@@ -2001,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
1952 secbase = (unsigned long)mod_percpu(mod);
1953 else
1954 secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
1955 @@ -70006,7 +70042,7 @@ index 6e48c3a..ac2ef5b 100644
1956 return ret;
1957 }
1958
1959 -@@ -2069,22 +2107,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
1960 +@@ -2089,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
1961 || s->sh_entsize != ~0UL
1962 || strstarts(sname, ".init"))
1963 continue;
1964 @@ -70033,7 +70069,7 @@ index 6e48c3a..ac2ef5b 100644
1965 }
1966
1967 pr_debug("Init section allocation order:\n");
1968 -@@ -2098,23 +2126,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
1969 +@@ -2118,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
1970 || s->sh_entsize != ~0UL
1971 || !strstarts(sname, ".init"))
1972 continue;
1973 @@ -70062,7 +70098,7 @@ index 6e48c3a..ac2ef5b 100644
1974 }
1975 }
1976
1977 -@@ -2286,7 +2304,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
1978 +@@ -2306,7 +2324,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
1979
1980 /* Put symbol section at end of init part of module. */
1981 symsect->sh_flags |= SHF_ALLOC;
1982 @@ -70071,7 +70107,7 @@ index 6e48c3a..ac2ef5b 100644
1983 info->index.sym) | INIT_OFFSET_MASK;
1984 pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
1985
1986 -@@ -2306,13 +2324,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
1987 +@@ -2326,13 +2344,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
1988 }
1989
1990 /* Append room for core symbols at end of core part. */
1991 @@ -70089,7 +70125,7 @@ index 6e48c3a..ac2ef5b 100644
1992 info->index.str) | INIT_OFFSET_MASK;
1993 pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
1994 }
1995 -@@ -2330,12 +2348,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
1996 +@@ -2350,12 +2368,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
1997 /* Make sure we get permanent strtab: don't use info->strtab. */
1998 mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
1999
2000 @@ -70106,7 +70142,7 @@ index 6e48c3a..ac2ef5b 100644
2001 src = mod->symtab;
2002 *s++ = 0;
2003 for (ndst = i = 0; i < mod->num_symtab; i++) {
2004 -@@ -2348,6 +2368,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
2005 +@@ -2368,6 +2388,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
2006 }
2007 }
2008 mod->core_num_syms = ndst;
2009 @@ -70115,7 +70151,7 @@ index 6e48c3a..ac2ef5b 100644
2010 }
2011 #else
2012 static inline void layout_symtab(struct module *mod, struct load_info *info)
2013 -@@ -2381,17 +2403,33 @@ void * __weak module_alloc(unsigned long size)
2014 +@@ -2401,17 +2423,33 @@ void * __weak module_alloc(unsigned long size)
2015 return size == 0 ? NULL : vmalloc_exec(size);
2016 }
2017
2018 @@ -70154,7 +70190,7 @@ index 6e48c3a..ac2ef5b 100644
2019 mutex_unlock(&module_mutex);
2020 }
2021 return ret;
2022 -@@ -2610,8 +2648,14 @@ static struct module *setup_load_info(struct load_info *info)
2023 +@@ -2630,8 +2668,14 @@ static struct module *setup_load_info(struct load_info *info)
2024 static int check_modinfo(struct module *mod, struct load_info *info)
2025 {
2026 const char *modmagic = get_modinfo(info, "vermagic");
2027 @@ -70169,7 +70205,7 @@ index 6e48c3a..ac2ef5b 100644
2028 /* This is allowed: modprobe --force will invalidate it. */
2029 if (!modmagic) {
2030 err = try_to_force_load(mod, "bad vermagic");
2031 -@@ -2634,7 +2678,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
2032 +@@ -2654,7 +2698,7 @@ static int check_modinfo(struct module *mod, struct load_info *info)
2033 }
2034
2035 /* Set up license info based on the info section */
2036 @@ -70178,7 +70214,7 @@ index 6e48c3a..ac2ef5b 100644
2037
2038 return 0;
2039 }
2040 -@@ -2728,7 +2772,7 @@ static int move_module(struct module *mod, struct load_info *info)
2041 +@@ -2748,7 +2792,7 @@ static int move_module(struct module *mod, struct load_info *info)
2042 void *ptr;
2043
2044 /* Do the allocs. */
2045 @@ -70187,7 +70223,7 @@ index 6e48c3a..ac2ef5b 100644
2046 /*
2047 * The pointer to this block is stored in the module structure
2048 * which is inside the block. Just mark it as not being a
2049 -@@ -2738,23 +2782,50 @@ static int move_module(struct module *mod, struct load_info *info)
2050 +@@ -2758,23 +2802,50 @@ static int move_module(struct module *mod, struct load_info *info)
2051 if (!ptr)
2052 return -ENOMEM;
2053
2054 @@ -70246,7 +70282,7 @@ index 6e48c3a..ac2ef5b 100644
2055
2056 /* Transfer each section which specifies SHF_ALLOC */
2057 pr_debug("final section addresses:\n");
2058 -@@ -2765,16 +2836,45 @@ static int move_module(struct module *mod, struct load_info *info)
2059 +@@ -2785,16 +2856,45 @@ static int move_module(struct module *mod, struct load_info *info)
2060 if (!(shdr->sh_flags & SHF_ALLOC))
2061 continue;
2062
2063 @@ -70299,7 +70335,7 @@ index 6e48c3a..ac2ef5b 100644
2064 pr_debug("\t0x%lx %s\n",
2065 (long)shdr->sh_addr, info->secstrings + shdr->sh_name);
2066 }
2067 -@@ -2829,12 +2929,12 @@ static void flush_module_icache(const struct module *mod)
2068 +@@ -2849,12 +2949,12 @@ static void flush_module_icache(const struct module *mod)
2069 * Do it before processing of module parameters, so the module
2070 * can provide parameter accessor functions of its own.
2071 */
2072 @@ -70318,7 +70354,7 @@ index 6e48c3a..ac2ef5b 100644
2073
2074 set_fs(old_fs);
2075 }
2076 -@@ -2904,8 +3004,10 @@ out:
2077 +@@ -2924,8 +3024,10 @@ out:
2078 static void module_deallocate(struct module *mod, struct load_info *info)
2079 {
2080 percpu_modfree(mod);
2081 @@ -70331,7 +70367,7 @@ index 6e48c3a..ac2ef5b 100644
2082 }
2083
2084 int __weak module_finalize(const Elf_Ehdr *hdr,
2085 -@@ -2918,7 +3020,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
2086 +@@ -2938,7 +3040,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
2087 static int post_relocation(struct module *mod, const struct load_info *info)
2088 {
2089 /* Sort exception table now relocations are done. */
2090 @@ -70341,7 +70377,7 @@ index 6e48c3a..ac2ef5b 100644
2091
2092 /* Copy relocated percpu area over. */
2093 percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
2094 -@@ -2989,9 +3093,38 @@ static struct module *load_module(void __user *umod,
2095 +@@ -3036,9 +3140,38 @@ again:
2096 if (err)
2097 goto free_unload;
2098
2099 @@ -70380,23 +70416,9 @@ index 6e48c3a..ac2ef5b 100644
2100 /* Fix up syms, so that st_value is a pointer to location. */
2101 err = simplify_symbols(mod, &info);
2102 if (err < 0)
2103 -@@ -3007,13 +3140,6 @@ static struct module *load_module(void __user *umod,
2104 -
2105 - flush_module_icache(mod);
2106 -
2107 -- /* Now copy in args */
2108 -- mod->args = strndup_user(uargs, ~0UL >> 1);
2109 -- if (IS_ERR(mod->args)) {
2110 -- err = PTR_ERR(mod->args);
2111 -- goto free_arch_cleanup;
2112 -- }
2113 --
2114 - /* Mark state as coming so strong_try_module_get() ignores us. */
2115 - mod->state = MODULE_STATE_COMING;
2116 -
2117 -@@ -3081,11 +3207,11 @@ again:
2118 - unlock:
2119 +@@ -3104,11 +3237,11 @@ again:
2120 mutex_unlock(&module_mutex);
2121 + dynamic_debug_remove(info.debug);
2122 synchronize_sched();
2123 - kfree(mod->args);
2124 free_arch_cleanup:
2125 @@ -70406,8 +70428,8 @@ index 6e48c3a..ac2ef5b 100644
2126 + kfree(mod->args);
2127 free_unload:
2128 module_unload_free(mod);
2129 - free_module:
2130 -@@ -3126,16 +3252,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
2131 + unlink_mod:
2132 +@@ -3155,16 +3288,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
2133 MODULE_STATE_COMING, mod);
2134
2135 /* Set RO and NX regions for core */
2136 @@ -70432,7 +70454,7 @@ index 6e48c3a..ac2ef5b 100644
2137
2138 do_mod_ctors(mod);
2139 /* Start the module */
2140 -@@ -3180,11 +3306,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
2141 +@@ -3209,11 +3342,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
2142 mod->strtab = mod->core_strtab;
2143 #endif
2144 unset_module_init_ro_nx(mod);
2145 @@ -70450,7 +70472,7 @@ index 6e48c3a..ac2ef5b 100644
2146 mutex_unlock(&module_mutex);
2147 wake_up_all(&module_wq);
2148
2149 -@@ -3216,10 +3343,16 @@ static const char *get_ksymbol(struct module *mod,
2150 +@@ -3245,10 +3379,16 @@ static const char *get_ksymbol(struct module *mod,
2151 unsigned long nextval;
2152
2153 /* At worse, next value is at end of module */
2154 @@ -70470,8 +70492,8 @@ index 6e48c3a..ac2ef5b 100644
2155
2156 /* Scan for closest preceding symbol, and next symbol. (ELF
2157 starts real symbols at 1). */
2158 -@@ -3454,7 +3587,7 @@ static int m_show(struct seq_file *m, void *p)
2159 - char buf[8];
2160 +@@ -3501,7 +3641,7 @@ static int m_show(struct seq_file *m, void *p)
2161 + return 0;
2162
2163 seq_printf(m, "%s %u",
2164 - mod->name, mod->init_size + mod->core_size);
2165 @@ -70479,7 +70501,7 @@ index 6e48c3a..ac2ef5b 100644
2166 print_unload_info(m, mod);
2167
2168 /* Informative for users. */
2169 -@@ -3463,7 +3596,7 @@ static int m_show(struct seq_file *m, void *p)
2170 +@@ -3510,7 +3650,7 @@ static int m_show(struct seq_file *m, void *p)
2171 mod->state == MODULE_STATE_COMING ? "Loading":
2172 "Live");
2173 /* Used by oprofile and other similar tools. */
2174 @@ -70488,7 +70510,7 @@ index 6e48c3a..ac2ef5b 100644
2175
2176 /* Taints info */
2177 if (mod->taints)
2178 -@@ -3499,7 +3632,17 @@ static const struct file_operations proc_modules_operations = {
2179 +@@ -3546,7 +3686,17 @@ static const struct file_operations proc_modules_operations = {
2180
2181 static int __init proc_modules_init(void)
2182 {
2183 @@ -70506,7 +70528,7 @@ index 6e48c3a..ac2ef5b 100644
2184 return 0;
2185 }
2186 module_init(proc_modules_init);
2187 -@@ -3558,12 +3701,12 @@ struct module *__module_address(unsigned long addr)
2188 +@@ -3607,14 +3757,14 @@ struct module *__module_address(unsigned long addr)
2189 {
2190 struct module *mod;
2191
2192 @@ -70515,14 +70537,16 @@ index 6e48c3a..ac2ef5b 100644
2193 + (addr < module_addr_min_rw || addr > module_addr_max_rw))
2194 return NULL;
2195
2196 - list_for_each_entry_rcu(mod, &modules, list)
2197 + list_for_each_entry_rcu(mod, &modules, list) {
2198 + if (mod->state == MODULE_STATE_UNFORMED)
2199 + continue;
2200 - if (within_module_core(addr, mod)
2201 - || within_module_init(addr, mod))
2202 + if (within_module_init(addr, mod) || within_module_core(addr, mod))
2203 return mod;
2204 + }
2205 return NULL;
2206 - }
2207 -@@ -3597,11 +3740,20 @@ bool is_module_text_address(unsigned long addr)
2208 +@@ -3649,11 +3799,20 @@ bool is_module_text_address(unsigned long addr)
2209 */
2210 struct module *__module_text_address(unsigned long addr)
2211 {
2212 @@ -71025,10 +71049,10 @@ index 76b8e77..a2930e8 100644
2213 }
2214
2215 diff --git a/kernel/ptrace.c b/kernel/ptrace.c
2216 -index 1f5e55d..8b8f969 100644
2217 +index fbea91d..9bf15e8 100644
2218 --- a/kernel/ptrace.c
2219 +++ b/kernel/ptrace.c
2220 -@@ -280,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request,
2221 +@@ -319,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request,
2222
2223 if (seize)
2224 flags |= PT_SEIZED;
2225 @@ -71037,7 +71061,7 @@ index 1f5e55d..8b8f969 100644
2226 flags |= PT_PTRACE_CAP;
2227 task->ptrace = flags;
2228
2229 -@@ -487,7 +487,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
2230 +@@ -526,7 +526,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
2231 break;
2232 return -EIO;
2233 }
2234 @@ -71046,7 +71070,7 @@ index 1f5e55d..8b8f969 100644
2235 return -EFAULT;
2236 copied += retval;
2237 src += retval;
2238 -@@ -672,7 +672,7 @@ int ptrace_request(struct task_struct *child, long request,
2239 +@@ -711,7 +711,7 @@ int ptrace_request(struct task_struct *child, long request,
2240 bool seized = child->ptrace & PT_SEIZED;
2241 int ret = -EIO;
2242 siginfo_t siginfo, *si;
2243 @@ -71055,7 +71079,7 @@ index 1f5e55d..8b8f969 100644
2244 unsigned long __user *datalp = datavp;
2245 unsigned long flags;
2246
2247 -@@ -874,14 +874,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
2248 +@@ -913,14 +913,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
2249 goto out;
2250 }
2251
2252 @@ -71078,7 +71102,7 @@ index 1f5e55d..8b8f969 100644
2253 goto out_put_task_struct;
2254 }
2255
2256 -@@ -907,7 +914,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
2257 +@@ -948,7 +955,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
2258 copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
2259 if (copied != sizeof(tmp))
2260 return -EIO;
2261 @@ -71087,7 +71111,7 @@ index 1f5e55d..8b8f969 100644
2262 }
2263
2264 int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
2265 -@@ -1017,14 +1024,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
2266 +@@ -1058,14 +1065,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
2267 goto out;
2268 }
2269
2270 @@ -71739,10 +71763,10 @@ index 15f60d0..7e50319 100644
2271 #ifdef CONFIG_RT_GROUP_SCHED
2272 /*
2273 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
2274 -index 2d8927f..f617765 100644
2275 +index c529d00..d00b4f3 100644
2276 --- a/kernel/sched/core.c
2277 +++ b/kernel/sched/core.c
2278 -@@ -3562,6 +3562,8 @@ int can_nice(const struct task_struct *p, const int nice)
2279 +@@ -3563,6 +3563,8 @@ int can_nice(const struct task_struct *p, const int nice)
2280 /* convert nice value [19,-20] to rlimit style value [1,40] */
2281 int nice_rlim = 20 - nice;
2282
2283 @@ -71751,7 +71775,7 @@ index 2d8927f..f617765 100644
2284 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
2285 capable(CAP_SYS_NICE));
2286 }
2287 -@@ -3595,7 +3597,8 @@ SYSCALL_DEFINE1(nice, int, increment)
2288 +@@ -3596,7 +3598,8 @@ SYSCALL_DEFINE1(nice, int, increment)
2289 if (nice > 19)
2290 nice = 19;
2291
2292 @@ -71761,7 +71785,7 @@ index 2d8927f..f617765 100644
2293 return -EPERM;
2294
2295 retval = security_task_setnice(current, nice);
2296 -@@ -3749,6 +3752,7 @@ recheck:
2297 +@@ -3750,6 +3753,7 @@ recheck:
2298 unsigned long rlim_rtprio =
2299 task_rlimit(p, RLIMIT_RTPRIO);
2300
2301 @@ -71783,7 +71807,7 @@ index 6b800a1..0c36227 100644
2302 int this_cpu = smp_processor_id();
2303 struct rq *this_rq = cpu_rq(this_cpu);
2304 diff --git a/kernel/signal.c b/kernel/signal.c
2305 -index e4d4014..76cf5dd 100644
2306 +index 57dde52..2c561f0 100644
2307 --- a/kernel/signal.c
2308 +++ b/kernel/signal.c
2309 @@ -49,12 +49,12 @@ static struct kmem_cache *sigqueue_cachep;
2310 @@ -71829,7 +71853,7 @@ index e4d4014..76cf5dd 100644
2311 if (is_global_init(tsk))
2312 return 1;
2313 if (handler != SIG_IGN && handler != SIG_DFL)
2314 -@@ -817,6 +820,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
2315 +@@ -811,6 +814,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
2316 }
2317 }
2318
2319 @@ -71843,7 +71867,7 @@ index e4d4014..76cf5dd 100644
2320 return security_task_kill(t, info, sig, 0);
2321 }
2322
2323 -@@ -1198,7 +1208,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
2324 +@@ -1192,7 +1202,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
2325 return send_signal(sig, info, p, 1);
2326 }
2327
2328 @@ -71852,7 +71876,7 @@ index e4d4014..76cf5dd 100644
2329 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
2330 {
2331 return send_signal(sig, info, t, 0);
2332 -@@ -1235,6 +1245,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
2333 +@@ -1229,6 +1239,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
2334 unsigned long int flags;
2335 int ret, blocked, ignored;
2336 struct k_sigaction *action;
2337 @@ -71860,7 +71884,7 @@ index e4d4014..76cf5dd 100644
2338
2339 spin_lock_irqsave(&t->sighand->siglock, flags);
2340 action = &t->sighand->action[sig-1];
2341 -@@ -1249,9 +1260,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
2342 +@@ -1243,9 +1254,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
2343 }
2344 if (action->sa.sa_handler == SIG_DFL)
2345 t->signal->flags &= ~SIGNAL_UNKILLABLE;
2346 @@ -71879,7 +71903,7 @@ index e4d4014..76cf5dd 100644
2347 return ret;
2348 }
2349
2350 -@@ -1318,8 +1338,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
2351 +@@ -1312,8 +1332,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
2352 ret = check_kill_permission(sig, info, p);
2353 rcu_read_unlock();
2354
2355 @@ -71892,7 +71916,7 @@ index e4d4014..76cf5dd 100644
2356
2357 return ret;
2358 }
2359 -@@ -2864,7 +2887,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
2360 +@@ -2863,7 +2886,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
2361 int error = -ESRCH;
2362
2363 rcu_read_lock();
2364 @@ -72672,7 +72696,7 @@ index c0bd030..62a1927 100644
2365 ret = -EIO;
2366 bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
2367 diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
2368 -index 51b7159..18137d6 100644
2369 +index 356bc2f..7c94fc0 100644
2370 --- a/kernel/trace/ftrace.c
2371 +++ b/kernel/trace/ftrace.c
2372 @@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
2373 @@ -73270,10 +73294,10 @@ index 06fdfa1..97c5c7d 100644
2374 }
2375 EXPORT_SYMBOL(bitmap_parselist_user);
2376 diff --git a/lib/bug.c b/lib/bug.c
2377 -index a28c141..2bd3d95 100644
2378 +index d0cdf14..4d07bd2 100644
2379 --- a/lib/bug.c
2380 +++ b/lib/bug.c
2381 -@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
2382 +@@ -134,6 +134,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs)
2383 return BUG_TRAP_TYPE_NONE;
2384
2385 bug = find_bug(bugaddr);
2386 @@ -73916,7 +73940,7 @@ index 3c5197d..08d0065 100644
2387 #ifdef CONFIG_MEMORY_FAILURE
2388 extern bool is_free_buddy_page(struct page *page);
2389 diff --git a/mm/kmemleak.c b/mm/kmemleak.c
2390 -index a217cc5..74c9ec0 100644
2391 +index a217cc5..44b2b35 100644
2392 --- a/mm/kmemleak.c
2393 +++ b/mm/kmemleak.c
2394 @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq,
2395 @@ -73924,10 +73948,19 @@ index a217cc5..74c9ec0 100644
2396 for (i = 0; i < object->trace_len; i++) {
2397 void *ptr = (void *)object->trace[i];
2398 - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr);
2399 -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr);
2400 ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr);
2401 }
2402 }
2403
2404 +@@ -1852,7 +1852,7 @@ static int __init kmemleak_late_init(void)
2405 + return -ENOMEM;
2406 + }
2407 +
2408 +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL,
2409 ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL,
2410 + &kmemleak_fops);
2411 + if (!dentry)
2412 + pr_warning("Failed to create the debugfs kmemleak file\n");
2413 diff --git a/mm/maccess.c b/mm/maccess.c
2414 index d53adf9..03a24bf 100644
2415 --- a/mm/maccess.c
2416
2417 diff --git a/3.7.4/4425_grsec_remove_EI_PAX.patch b/3.7.5/4425_grsec_remove_EI_PAX.patch
2418 similarity index 100%
2419 rename from 3.7.4/4425_grsec_remove_EI_PAX.patch
2420 rename to 3.7.5/4425_grsec_remove_EI_PAX.patch
2421
2422 diff --git a/3.7.4/4430_grsec-remove-localversion-grsec.patch b/3.7.5/4430_grsec-remove-localversion-grsec.patch
2423 similarity index 100%
2424 rename from 3.7.4/4430_grsec-remove-localversion-grsec.patch
2425 rename to 3.7.5/4430_grsec-remove-localversion-grsec.patch
2426
2427 diff --git a/3.7.4/4435_grsec-mute-warnings.patch b/3.7.5/4435_grsec-mute-warnings.patch
2428 similarity index 100%
2429 rename from 3.7.4/4435_grsec-mute-warnings.patch
2430 rename to 3.7.5/4435_grsec-mute-warnings.patch
2431
2432 diff --git a/3.7.4/4440_grsec-remove-protected-paths.patch b/3.7.5/4440_grsec-remove-protected-paths.patch
2433 similarity index 100%
2434 rename from 3.7.4/4440_grsec-remove-protected-paths.patch
2435 rename to 3.7.5/4440_grsec-remove-protected-paths.patch
2436
2437 diff --git a/3.7.4/4450_grsec-kconfig-default-gids.patch b/3.7.5/4450_grsec-kconfig-default-gids.patch
2438 similarity index 100%
2439 rename from 3.7.4/4450_grsec-kconfig-default-gids.patch
2440 rename to 3.7.5/4450_grsec-kconfig-default-gids.patch
2441
2442 diff --git a/3.7.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.7.5/4465_selinux-avc_audit-log-curr_ip.patch
2443 similarity index 100%
2444 rename from 3.7.4/4465_selinux-avc_audit-log-curr_ip.patch
2445 rename to 3.7.5/4465_selinux-avc_audit-log-curr_ip.patch
2446
2447 diff --git a/3.7.4/4470_disable-compat_vdso.patch b/3.7.5/4470_disable-compat_vdso.patch
2448 similarity index 100%
2449 rename from 3.7.4/4470_disable-compat_vdso.patch
2450 rename to 3.7.5/4470_disable-compat_vdso.patch
Report Message
Find on MARC Find on Google Groups