1 |
commit: 8653be659f83e207eded0dbd8917a1898acf2727 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Dec 31 12:31:34 2015 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Dec 31 12:31:34 2015 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8653be65 |
7 |
|
8 |
grsecurity-3.1-4.3.3-201512282134 |
9 |
|
10 |
4.3.3/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.3.3-201512282134.patch} | 251 +++++++++++++-------- |
12 |
2 files changed, 160 insertions(+), 93 deletions(-) |
13 |
|
14 |
diff --git a/4.3.3/0000_README b/4.3.3/0000_README |
15 |
index 2c1a853..0d44c02 100644 |
16 |
--- a/4.3.3/0000_README |
17 |
+++ b/4.3.3/0000_README |
18 |
@@ -2,7 +2,7 @@ README |
19 |
----------------------------------------------------------------------------- |
20 |
Individual Patch Descriptions: |
21 |
----------------------------------------------------------------------------- |
22 |
-Patch: 4420_grsecurity-3.1-4.3.3-201512222129.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.3.3-201512282134.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch |
29 |
similarity index 99% |
30 |
rename from 4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch |
31 |
rename to 4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch |
32 |
index 2c1d2ad..0e5c122 100644 |
33 |
--- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch |
34 |
+++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch |
35 |
@@ -1040,7 +1040,7 @@ index 0cfd7f947..63ed4c0 100644 |
36 |
Say Y here if you want to show the kernel pagetable layout in a |
37 |
debugfs file. This information is only useful for kernel developers |
38 |
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h |
39 |
-index fe3ef39..9406984 100644 |
40 |
+index fe3ef39..60e6ae2 100644 |
41 |
--- a/arch/arm/include/asm/atomic.h |
42 |
+++ b/arch/arm/include/asm/atomic.h |
43 |
@@ -18,17 +18,41 @@ |
44 |
@@ -1158,8 +1158,11 @@ index fe3ef39..9406984 100644 |
45 |
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \ |
46 |
: "r" (&v->counter), "Ir" (i) \ |
47 |
: "cc"); \ |
48 |
-@@ -80,6 +130,9 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v) \ |
49 |
+@@ -78,8 +128,12 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v) \ |
50 |
+ } |
51 |
+ |
52 |
#define atomic_add_return_relaxed atomic_add_return_relaxed |
53 |
++#define atomic_add_return_unchecked atomic_add_return_unchecked_relaxed |
54 |
#define atomic_sub_return_relaxed atomic_sub_return_relaxed |
55 |
|
56 |
+#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op, , )\ |
57 |
@@ -1168,7 +1171,7 @@ index fe3ef39..9406984 100644 |
58 |
static inline int atomic_cmpxchg_relaxed(atomic_t *ptr, int old, int new) |
59 |
{ |
60 |
int oldval; |
61 |
-@@ -113,12 +166,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) |
62 |
+@@ -113,12 +167,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) |
63 |
__asm__ __volatile__ ("@ atomic_add_unless\n" |
64 |
"1: ldrex %0, [%4]\n" |
65 |
" teq %0, %5\n" |
66 |
@@ -1196,7 +1199,7 @@ index fe3ef39..9406984 100644 |
67 |
: "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter) |
68 |
: "r" (&v->counter), "r" (u), "r" (a) |
69 |
: "cc"); |
70 |
-@@ -129,14 +194,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) |
71 |
+@@ -129,14 +195,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) |
72 |
return oldval; |
73 |
} |
74 |
|
75 |
@@ -1235,7 +1238,7 @@ index fe3ef39..9406984 100644 |
76 |
{ \ |
77 |
unsigned long flags; \ |
78 |
\ |
79 |
-@@ -145,8 +232,11 @@ static inline void atomic_##op(int i, atomic_t *v) \ |
80 |
+@@ -145,8 +233,11 @@ static inline void atomic_##op(int i, atomic_t *v) \ |
81 |
raw_local_irq_restore(flags); \ |
82 |
} \ |
83 |
|
84 |
@@ -1249,7 +1252,7 @@ index fe3ef39..9406984 100644 |
85 |
{ \ |
86 |
unsigned long flags; \ |
87 |
int val; \ |
88 |
-@@ -159,6 +249,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v) \ |
89 |
+@@ -159,6 +250,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v) \ |
90 |
return val; \ |
91 |
} |
92 |
|
93 |
@@ -1259,7 +1262,7 @@ index fe3ef39..9406984 100644 |
94 |
static inline int atomic_cmpxchg(atomic_t *v, int old, int new) |
95 |
{ |
96 |
int ret; |
97 |
-@@ -173,6 +266,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) |
98 |
+@@ -173,6 +267,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) |
99 |
return ret; |
100 |
} |
101 |
|
102 |
@@ -1271,7 +1274,7 @@ index fe3ef39..9406984 100644 |
103 |
static inline int __atomic_add_unless(atomic_t *v, int a, int u) |
104 |
{ |
105 |
int c, old; |
106 |
-@@ -201,16 +299,38 @@ ATOMIC_OP(xor, ^=, eor) |
107 |
+@@ -201,16 +300,38 @@ ATOMIC_OP(xor, ^=, eor) |
108 |
|
109 |
#undef ATOMIC_OPS |
110 |
#undef ATOMIC_OP_RETURN |
111 |
@@ -1299,18 +1302,18 @@ index fe3ef39..9406984 100644 |
112 |
#define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0) |
113 |
+static inline int atomic_inc_and_test_unchecked(atomic_unchecked_t *v) |
114 |
+{ |
115 |
-+ return atomic_add_return_unchecked_relaxed(1, v) == 0; |
116 |
++ return atomic_add_return_unchecked(1, v) == 0; |
117 |
+} |
118 |
#define atomic_dec_and_test(v) (atomic_sub_return(1, v) == 0) |
119 |
#define atomic_inc_return(v) (atomic_add_return(1, v)) |
120 |
+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) |
121 |
+{ |
122 |
-+ return atomic_add_return_unchecked_relaxed(1, v); |
123 |
++ return atomic_add_return_unchecked(1, v); |
124 |
+} |
125 |
#define atomic_dec_return(v) (atomic_sub_return(1, v)) |
126 |
#define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) |
127 |
|
128 |
-@@ -221,6 +341,14 @@ typedef struct { |
129 |
+@@ -221,6 +342,14 @@ typedef struct { |
130 |
long long counter; |
131 |
} atomic64_t; |
132 |
|
133 |
@@ -1325,7 +1328,7 @@ index fe3ef39..9406984 100644 |
134 |
#define ATOMIC64_INIT(i) { (i) } |
135 |
|
136 |
#ifdef CONFIG_ARM_LPAE |
137 |
-@@ -237,6 +365,19 @@ static inline long long atomic64_read(const atomic64_t *v) |
138 |
+@@ -237,6 +366,19 @@ static inline long long atomic64_read(const atomic64_t *v) |
139 |
return result; |
140 |
} |
141 |
|
142 |
@@ -1345,7 +1348,7 @@ index fe3ef39..9406984 100644 |
143 |
static inline void atomic64_set(atomic64_t *v, long long i) |
144 |
{ |
145 |
__asm__ __volatile__("@ atomic64_set\n" |
146 |
-@@ -245,6 +386,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) |
147 |
+@@ -245,6 +387,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) |
148 |
: "r" (&v->counter), "r" (i) |
149 |
); |
150 |
} |
151 |
@@ -1361,7 +1364,7 @@ index fe3ef39..9406984 100644 |
152 |
#else |
153 |
static inline long long atomic64_read(const atomic64_t *v) |
154 |
{ |
155 |
-@@ -259,6 +409,19 @@ static inline long long atomic64_read(const atomic64_t *v) |
156 |
+@@ -259,6 +410,19 @@ static inline long long atomic64_read(const atomic64_t *v) |
157 |
return result; |
158 |
} |
159 |
|
160 |
@@ -1381,7 +1384,7 @@ index fe3ef39..9406984 100644 |
161 |
static inline void atomic64_set(atomic64_t *v, long long i) |
162 |
{ |
163 |
long long tmp; |
164 |
-@@ -273,43 +436,73 @@ static inline void atomic64_set(atomic64_t *v, long long i) |
165 |
+@@ -273,43 +437,73 @@ static inline void atomic64_set(atomic64_t *v, long long i) |
166 |
: "r" (&v->counter), "r" (i) |
167 |
: "cc"); |
168 |
} |
169 |
@@ -1463,7 +1466,7 @@ index fe3ef39..9406984 100644 |
170 |
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \ |
171 |
: "r" (&v->counter), "r" (i) \ |
172 |
: "cc"); \ |
173 |
-@@ -317,6 +510,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \ |
174 |
+@@ -317,6 +511,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \ |
175 |
return result; \ |
176 |
} |
177 |
|
178 |
@@ -1473,7 +1476,15 @@ index fe3ef39..9406984 100644 |
179 |
#define ATOMIC64_OPS(op, op1, op2) \ |
180 |
ATOMIC64_OP(op, op1, op2) \ |
181 |
ATOMIC64_OP_RETURN(op, op1, op2) |
182 |
-@@ -336,7 +532,12 @@ ATOMIC64_OP(xor, eor, eor) |
183 |
+@@ -325,6 +522,7 @@ ATOMIC64_OPS(add, adds, adc) |
184 |
+ ATOMIC64_OPS(sub, subs, sbc) |
185 |
+ |
186 |
+ #define atomic64_add_return_relaxed atomic64_add_return_relaxed |
187 |
++#define atomic64_add_return_unchecked atomic64_add_return_unchecked_relaxed |
188 |
+ #define atomic64_sub_return_relaxed atomic64_sub_return_relaxed |
189 |
+ |
190 |
+ #define atomic64_andnot atomic64_andnot |
191 |
+@@ -336,7 +534,12 @@ ATOMIC64_OP(xor, eor, eor) |
192 |
|
193 |
#undef ATOMIC64_OPS |
194 |
#undef ATOMIC64_OP_RETURN |
195 |
@@ -1486,10 +1497,12 @@ index fe3ef39..9406984 100644 |
196 |
|
197 |
static inline long long |
198 |
atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
199 |
-@@ -362,6 +563,32 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
200 |
+@@ -361,6 +564,33 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) |
201 |
+ return oldval; |
202 |
} |
203 |
#define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed |
204 |
- |
205 |
++#define atomic64_cmpxchg_unchecked atomic64_cmpxchg_unchecked_relaxed |
206 |
++ |
207 |
+static inline long long |
208 |
+atomic64_cmpxchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long old, |
209 |
+ long long new) |
210 |
@@ -1515,11 +1528,10 @@ index fe3ef39..9406984 100644 |
211 |
+ |
212 |
+ return oldval; |
213 |
+} |
214 |
-+ |
215 |
+ |
216 |
static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
217 |
{ |
218 |
- long long result; |
219 |
-@@ -385,21 +612,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
220 |
+@@ -385,21 +615,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) |
221 |
static inline long long atomic64_dec_if_positive(atomic64_t *v) |
222 |
{ |
223 |
long long result; |
224 |
@@ -1561,7 +1573,7 @@ index fe3ef39..9406984 100644 |
225 |
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) |
226 |
: "r" (&v->counter) |
227 |
: "cc"); |
228 |
-@@ -423,13 +664,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
229 |
+@@ -423,13 +667,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
230 |
" teq %0, %5\n" |
231 |
" teqeq %H0, %H5\n" |
232 |
" moveq %1, #0\n" |
233 |
@@ -1590,7 +1602,7 @@ index fe3ef39..9406984 100644 |
234 |
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) |
235 |
: "r" (&v->counter), "r" (u), "r" (a) |
236 |
: "cc"); |
237 |
-@@ -442,10 +695,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
238 |
+@@ -442,10 +698,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) |
239 |
|
240 |
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) |
241 |
#define atomic64_inc(v) atomic64_add(1LL, (v)) |
242 |
@@ -1694,23 +1706,22 @@ index 0f84249..8e83c55 100644 |
243 |
struct of_cpuidle_method { |
244 |
const char *method; |
245 |
diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h |
246 |
-index fc8ba16..805a183 100644 |
247 |
+index fc8ba16..8b84f53 100644 |
248 |
--- a/arch/arm/include/asm/domain.h |
249 |
+++ b/arch/arm/include/asm/domain.h |
250 |
-@@ -42,7 +42,7 @@ |
251 |
+@@ -42,7 +42,6 @@ |
252 |
#define DOMAIN_USER 1 |
253 |
#define DOMAIN_IO 0 |
254 |
#endif |
255 |
-#define DOMAIN_VECTORS 3 |
256 |
-+//#define DOMAIN_VECTORS 3 |
257 |
|
258 |
/* |
259 |
* Domain types |
260 |
-@@ -51,8 +51,26 @@ |
261 |
+@@ -51,9 +50,27 @@ |
262 |
#define DOMAIN_CLIENT 1 |
263 |
#ifdef CONFIG_CPU_USE_DOMAINS |
264 |
#define DOMAIN_MANAGER 3 |
265 |
-+#define DOMAIN_VECTORS DOMAIN_USER |
266 |
++#define DOMAIN_VECTORS 3 |
267 |
#else |
268 |
+ |
269 |
+#ifdef CONFIG_PAX_KERNEXEC |
270 |
@@ -1728,12 +1739,13 @@ index fc8ba16..805a183 100644 |
271 |
+#define DOMAIN_USERCLIENT 1 |
272 |
+#define DOMAIN_VECTORS DOMAIN_USER |
273 |
+#endif |
274 |
-+#define DOMAIN_KERNELCLIENT 1 |
275 |
+ |
276 |
#endif |
277 |
++#define DOMAIN_KERNELCLIENT 1 |
278 |
|
279 |
#define domain_mask(dom) ((3) << (2 * (dom))) |
280 |
-@@ -62,7 +80,7 @@ |
281 |
+ #define domain_val(dom,type) ((type) << (2 * (dom))) |
282 |
+@@ -62,7 +79,7 @@ |
283 |
#define DACR_INIT \ |
284 |
(domain_val(DOMAIN_USER, DOMAIN_NOACCESS) | \ |
285 |
domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ |
286 |
@@ -28770,7 +28782,7 @@ index 10e0272..b4bb9a7 100644 |
287 |
if (!(addr & ~PAGE_MASK)) |
288 |
return addr; |
289 |
diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c |
290 |
-index 91a4496..42fc304 100644 |
291 |
+index 91a4496..6414b5c 100644 |
292 |
--- a/arch/x86/kernel/tboot.c |
293 |
+++ b/arch/x86/kernel/tboot.c |
294 |
@@ -44,6 +44,7 @@ |
295 |
@@ -28781,27 +28793,42 @@ index 91a4496..42fc304 100644 |
296 |
|
297 |
#include "../realmode/rm/wakeup.h" |
298 |
|
299 |
-@@ -221,7 +222,7 @@ static int tboot_setup_sleep(void) |
300 |
+@@ -151,6 +152,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn, |
301 |
+ if (!tboot_pg_dir) |
302 |
+ return -1; |
303 |
+ |
304 |
++ clone_pgd_range(tboot_pg_dir + KERNEL_PGD_BOUNDARY, |
305 |
++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, |
306 |
++ KERNEL_PGD_PTRS); |
307 |
++ |
308 |
+ for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) { |
309 |
+ if (map_tboot_page(vaddr, start_pfn, PAGE_KERNEL_EXEC)) |
310 |
+ return -1; |
311 |
+@@ -221,8 +226,6 @@ static int tboot_setup_sleep(void) |
312 |
|
313 |
void tboot_shutdown(u32 shutdown_type) |
314 |
{ |
315 |
- void (*shutdown)(void); |
316 |
-+ void (* __noreturn shutdown)(void); |
317 |
- |
318 |
+- |
319 |
if (!tboot_enabled()) |
320 |
return; |
321 |
-@@ -242,8 +243,9 @@ void tboot_shutdown(u32 shutdown_type) |
322 |
+ |
323 |
+@@ -242,9 +245,12 @@ void tboot_shutdown(u32 shutdown_type) |
324 |
tboot->shutdown_type = shutdown_type; |
325 |
|
326 |
switch_to_tboot_pt(); |
327 |
-+ cr4_clear_bits(X86_CR4_PCIDE); |
328 |
++ __write_cr4(__read_cr4() & ~X86_CR4_PCIDE); |
329 |
|
330 |
- shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry; |
331 |
-+ shutdown = (void *)(unsigned long)tboot->shutdown_entry; |
332 |
- shutdown(); |
333 |
+- shutdown(); |
334 |
++ /* |
335 |
++ * PaX: can't be a C indirect function call due to KERNEXEC |
336 |
++ */ |
337 |
++ asm volatile("jmp *%0" : : "r"((unsigned long)tboot->shutdown_entry)); |
338 |
|
339 |
/* should not reach here */ |
340 |
-@@ -310,7 +312,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) |
341 |
+ while (1) |
342 |
+@@ -310,7 +316,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) |
343 |
return -ENODEV; |
344 |
} |
345 |
|
346 |
@@ -28810,7 +28837,7 @@ index 91a4496..42fc304 100644 |
347 |
|
348 |
static int tboot_wait_for_aps(int num_aps) |
349 |
{ |
350 |
-@@ -334,9 +336,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action, |
351 |
+@@ -334,9 +340,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action, |
352 |
{ |
353 |
switch (action) { |
354 |
case CPU_DYING: |
355 |
@@ -28822,7 +28849,7 @@ index 91a4496..42fc304 100644 |
356 |
return NOTIFY_BAD; |
357 |
break; |
358 |
} |
359 |
-@@ -422,7 +424,7 @@ static __init int tboot_late_init(void) |
360 |
+@@ -422,7 +428,7 @@ static __init int tboot_late_init(void) |
361 |
|
362 |
tboot_create_trampoline(); |
363 |
|
364 |
@@ -44150,7 +44177,7 @@ index c13fb5b..55a3802 100644 |
365 |
|
366 |
*off += size; |
367 |
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
368 |
-index c4dcab0..89d8045 100644 |
369 |
+index c4dcab0..a505f18 100644 |
370 |
--- a/drivers/hv/channel.c |
371 |
+++ b/drivers/hv/channel.c |
372 |
@@ -382,7 +382,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, |
373 |
@@ -44162,6 +44189,17 @@ index c4dcab0..89d8045 100644 |
374 |
|
375 |
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); |
376 |
if (ret) |
377 |
+@@ -696,9 +696,7 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel, |
378 |
+ * Adjust the size down since vmbus_channel_packet_page_buffer is the |
379 |
+ * largest size we support |
380 |
+ */ |
381 |
+- descsize = sizeof(struct vmbus_channel_packet_page_buffer) - |
382 |
+- ((MAX_PAGE_BUFFER_COUNT - pagecount) * |
383 |
+- sizeof(struct hv_page_buffer)); |
384 |
++ descsize = offsetof(struct vmbus_channel_packet_page_buffer, range[pagecount]); |
385 |
+ packetlen = descsize + bufferlen; |
386 |
+ packetlen_aligned = ALIGN(packetlen, sizeof(u64)); |
387 |
+ |
388 |
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c |
389 |
index 6341be8..1a2fc8d 100644 |
390 |
--- a/drivers/hv/hv.c |
391 |
@@ -44570,6 +44608,19 @@ index 65e3240..e6c511d 100644 |
392 |
|
393 |
/* Wrapper access functions for multiplexed SMBus */ |
394 |
static DEFINE_MUTEX(amd756_lock); |
395 |
+diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c |
396 |
+index df23e8c..1354d8e 100644 |
397 |
+--- a/drivers/i2c/busses/i2c-designware-pcidrv.c |
398 |
++++ b/drivers/i2c/busses/i2c-designware-pcidrv.c |
399 |
+@@ -60,7 +60,7 @@ struct dw_scl_sda_cfg { |
400 |
+ }; |
401 |
+ |
402 |
+ struct dw_pci_controller { |
403 |
+- u32 bus_num; |
404 |
++ int bus_num; |
405 |
+ u32 bus_cfg; |
406 |
+ u32 tx_fifo_depth; |
407 |
+ u32 rx_fifo_depth; |
408 |
diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c |
409 |
index 88eda09..cf40434 100644 |
410 |
--- a/drivers/i2c/busses/i2c-nforce2-s4985.c |
411 |
@@ -51116,7 +51167,7 @@ index 5fa98f5..322f0f8 100644 |
412 |
spinlock_t request_lock; |
413 |
struct list_head req_list; |
414 |
diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c |
415 |
-index 5931a79..d536e64 100644 |
416 |
+index 5931a79..134ce31 100644 |
417 |
--- a/drivers/net/hyperv/rndis_filter.c |
418 |
+++ b/drivers/net/hyperv/rndis_filter.c |
419 |
@@ -101,7 +101,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, |
420 |
@@ -51137,6 +51188,16 @@ index 5931a79..d536e64 100644 |
421 |
|
422 |
/* Ignore return since this msg is optional. */ |
423 |
rndis_filter_send_request(dev, request); |
424 |
+@@ -1138,8 +1138,7 @@ int rndis_filter_device_add(struct hv_device *dev, |
425 |
+ if (net_device->num_chn == 1) |
426 |
+ goto out; |
427 |
+ |
428 |
+- net_device->sub_cb_buf = vzalloc((net_device->num_chn - 1) * |
429 |
+- NETVSC_PACKET_SIZE); |
430 |
++ net_device->sub_cb_buf = vzalloc(net_device->num_sc_offered * NETVSC_PACKET_SIZE); |
431 |
+ if (!net_device->sub_cb_buf) { |
432 |
+ net_device->num_chn = 1; |
433 |
+ dev_info(&dev->device, "No memory for subchannels.\n"); |
434 |
diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c |
435 |
index cc56fac..c15b884 100644 |
436 |
--- a/drivers/net/ifb.c |
437 |
@@ -77227,7 +77288,7 @@ index e4141f2..d8263e8 100644 |
438 |
i += packet_length_size; |
439 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
440 |
diff --git a/fs/exec.c b/fs/exec.c |
441 |
-index b06623a..1c50b96 100644 |
442 |
+index b06623a..122301f 100644 |
443 |
--- a/fs/exec.c |
444 |
+++ b/fs/exec.c |
445 |
@@ -56,8 +56,20 @@ |
446 |
@@ -77736,7 +77797,7 @@ index b06623a..1c50b96 100644 |
447 |
+ if (*flags & MF_PAX_SEGMEXEC) |
448 |
+ { |
449 |
+ *flags &= ~MF_PAX_SEGMEXEC; |
450 |
-+ retval = -EINVAL; |
451 |
++ retval = -EINVAL; |
452 |
+ } |
453 |
+#endif |
454 |
+ |
455 |
@@ -77761,7 +77822,7 @@ index b06623a..1c50b96 100644 |
456 |
+ ) |
457 |
+ { |
458 |
+ *flags &= ~MF_PAX_MPROTECT; |
459 |
-+ retval = -EINVAL; |
460 |
++ retval = -EINVAL; |
461 |
+ } |
462 |
+ |
463 |
+ if ((*flags & MF_PAX_EMUTRAMP) |
464 |
@@ -97176,46 +97237,10 @@ index c1da539..1dcec55 100644 |
465 |
struct atmphy_ops { |
466 |
int (*start)(struct atm_dev *dev); |
467 |
diff --git a/include/linux/atomic.h b/include/linux/atomic.h |
468 |
-index 00a5763..5322059 100644 |
469 |
+index 00a5763..93fe7f4 100644 |
470 |
--- a/include/linux/atomic.h |
471 |
+++ b/include/linux/atomic.h |
472 |
-@@ -79,6 +79,11 @@ |
473 |
- #define atomic_add_return(...) \ |
474 |
- __atomic_op_fence(atomic_add_return, __VA_ARGS__) |
475 |
- #endif |
476 |
-+ |
477 |
-+#ifndef atomic_add_return_unchecked |
478 |
-+#define atomic_add_return_unchecked(...) \ |
479 |
-+ __atomic_op_fence(atomic_add_return_unchecked, __VA_ARGS__) |
480 |
-+#endif |
481 |
- #endif /* atomic_add_return_relaxed */ |
482 |
- |
483 |
- /* atomic_sub_return_relaxed */ |
484 |
-@@ -183,6 +188,11 @@ |
485 |
- #define atomic64_add_return(...) \ |
486 |
- __atomic_op_fence(atomic64_add_return, __VA_ARGS__) |
487 |
- #endif |
488 |
-+ |
489 |
-+#ifndef atomic64_add_return_unchecked |
490 |
-+#define atomic64_add_return_unchecked(...) \ |
491 |
-+ __atomic_op_fence(atomic64_add_return_unchecked, __VA_ARGS__) |
492 |
-+#endif |
493 |
- #endif /* atomic64_add_return_relaxed */ |
494 |
- |
495 |
- /* atomic64_sub_return_relaxed */ |
496 |
-@@ -255,6 +265,11 @@ |
497 |
- #define atomic64_cmpxchg(...) \ |
498 |
- __atomic_op_fence(atomic64_cmpxchg, __VA_ARGS__) |
499 |
- #endif |
500 |
-+ |
501 |
-+#ifndef atomic64_cmpxchg_unchecked |
502 |
-+#define atomic64_cmpxchg_unchecked(...) \ |
503 |
-+ __atomic_op_fence(atomic64_cmpxchg_unchecked, __VA_ARGS__) |
504 |
-+#endif |
505 |
- #endif /* atomic64_cmpxchg_relaxed */ |
506 |
- |
507 |
- /* cmpxchg_relaxed */ |
508 |
-@@ -335,7 +350,7 @@ |
509 |
+@@ -335,7 +335,7 @@ |
510 |
* Atomically adds @a to @v, so long as @v was not already @u. |
511 |
* Returns non-zero if @v was not @u, and zero otherwise. |
512 |
*/ |
513 |
@@ -120311,10 +120336,20 @@ index 8a1741b..20d20e7 100644 |
514 |
if (!err) |
515 |
err = put_user(SCM_RIGHTS, &cm->cmsg_type); |
516 |
diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
517 |
-index fab4599..e488a92 100644 |
518 |
+index fab4599..daf360d 100644 |
519 |
--- a/net/core/skbuff.c |
520 |
+++ b/net/core/skbuff.c |
521 |
-@@ -2103,7 +2103,7 @@ EXPORT_SYMBOL(__skb_checksum); |
522 |
+@@ -969,7 +969,8 @@ static void skb_headers_offset_update(struct sk_buff *skb, int off) |
523 |
+ if (skb->ip_summed == CHECKSUM_PARTIAL) |
524 |
+ skb->csum_start += off; |
525 |
+ /* {transport,network,mac}_header and tail are relative to skb->head */ |
526 |
+- skb->transport_header += off; |
527 |
++ if (skb_transport_header_was_set(skb)) |
528 |
++ skb->transport_header += off; |
529 |
+ skb->network_header += off; |
530 |
+ if (skb_mac_header_was_set(skb)) |
531 |
+ skb->mac_header += off; |
532 |
+@@ -2103,7 +2104,7 @@ EXPORT_SYMBOL(__skb_checksum); |
533 |
__wsum skb_checksum(const struct sk_buff *skb, int offset, |
534 |
int len, __wsum csum) |
535 |
{ |
536 |
@@ -120323,7 +120358,7 @@ index fab4599..e488a92 100644 |
537 |
.update = csum_partial_ext, |
538 |
.combine = csum_block_add_ext, |
539 |
}; |
540 |
-@@ -3318,12 +3318,14 @@ void __init skb_init(void) |
541 |
+@@ -3318,12 +3319,14 @@ void __init skb_init(void) |
542 |
skbuff_head_cache = kmem_cache_create("skbuff_head_cache", |
543 |
sizeof(struct sk_buff), |
544 |
0, |
545 |
@@ -120340,7 +120375,7 @@ index fab4599..e488a92 100644 |
546 |
NULL); |
547 |
} |
548 |
|
549 |
-@@ -3643,7 +3645,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb, |
550 |
+@@ -3643,7 +3646,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb, |
551 |
serr->ee.ee_info = tstype; |
552 |
if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { |
553 |
serr->ee.ee_data = skb_shinfo(skb)->tskey; |
554 |
@@ -128018,6 +128053,36 @@ index aee2ec5..c276071 100644 |
555 |
|
556 |
/* record the root user tracking */ |
557 |
rb_link_node(&root_key_user.node, |
558 |
+diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c |
559 |
+index 0b9ec78..26f0e0a 100644 |
560 |
+--- a/security/keys/keyctl.c |
561 |
++++ b/security/keys/keyctl.c |
562 |
+@@ -757,16 +757,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) |
563 |
+ |
564 |
+ /* the key is probably readable - now try to read it */ |
565 |
+ can_read_key: |
566 |
+- ret = key_validate(key); |
567 |
+- if (ret == 0) { |
568 |
+- ret = -EOPNOTSUPP; |
569 |
+- if (key->type->read) { |
570 |
+- /* read the data with the semaphore held (since we |
571 |
+- * might sleep) */ |
572 |
+- down_read(&key->sem); |
573 |
++ ret = -EOPNOTSUPP; |
574 |
++ if (key->type->read) { |
575 |
++ /* Read the data with the semaphore held (since we might sleep) |
576 |
++ * to protect against the key being updated or revoked. |
577 |
++ */ |
578 |
++ down_read(&key->sem); |
579 |
++ ret = key_validate(key); |
580 |
++ if (ret == 0) |
581 |
+ ret = key->type->read(key, buffer, buflen); |
582 |
+- up_read(&key->sem); |
583 |
+- } |
584 |
++ up_read(&key->sem); |
585 |
+ } |
586 |
+ |
587 |
+ error2: |
588 |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c |
589 |
index d334370..b03e5a8 100644 |
590 |
--- a/security/keys/keyring.c |
591 |
@@ -131375,10 +131440,10 @@ index 0000000..7514850 |
592 |
+fi |
593 |
diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c |
594 |
new file mode 100644 |
595 |
-index 0000000..9da49be |
596 |
+index 0000000..ed3a502 |
597 |
--- /dev/null |
598 |
+++ b/tools/gcc/initify_plugin.c |
599 |
-@@ -0,0 +1,586 @@ |
600 |
+@@ -0,0 +1,588 @@ |
601 |
+/* |
602 |
+ * Copyright 2011-2015 by Emese Revfy <re.emese@×××××.com> |
603 |
+ * Licensed under the GPL v2, or (at your option) v3 |
604 |
@@ -131399,7 +131464,7 @@ index 0000000..9da49be |
605 |
+int plugin_is_GPL_compatible; |
606 |
+ |
607 |
+static struct plugin_info initify_plugin_info = { |
608 |
-+ .version = "20151213", |
609 |
++ .version = "20151228", |
610 |
+ .help = "initify_plugin\n", |
611 |
+}; |
612 |
+ |
613 |
@@ -131603,6 +131668,7 @@ index 0000000..9da49be |
614 |
+ decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &reversep, &volatilep, true); |
615 |
+ |
616 |
+ switch (TREE_CODE_CLASS(TREE_CODE(decl))) { |
617 |
++ case tcc_comparison: |
618 |
+ case tcc_constant: |
619 |
+ case tcc_statement: |
620 |
+ return false; |
621 |
@@ -131634,6 +131700,7 @@ index 0000000..9da49be |
622 |
+ return false; |
623 |
+ |
624 |
+ if (!DECL_P(decl)) { |
625 |
++ debug_tree(vardecl); |
626 |
+ debug_tree(op); |
627 |
+ debug_tree(decl); |
628 |
+ gcc_unreachable(); |