1 |
commit: 460567bd4695d06140d31ffc74dbe78ab9e5b519 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 21 21:32:54 2014 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 21 21:32:54 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=460567bd |
7 |
|
8 |
Grsec/PaX: 3.0-{3.2.54,3.12.8}-201401191015 |
9 |
|
10 |
--- |
11 |
3.12.8/0000_README | 2 +- |
12 |
... 4420_grsecurity-3.0-3.12.8-201401191015.patch} | 1113 +++++++++++++++++--- |
13 |
3.2.54/0000_README | 2 +- |
14 |
... 4420_grsecurity-3.0-3.2.54-201401191012.patch} | 517 ++++++--- |
15 |
4 files changed, 1344 insertions(+), 290 deletions(-) |
16 |
|
17 |
diff --git a/3.12.8/0000_README b/3.12.8/0000_README |
18 |
index 9b6bc77..ba454f4 100644 |
19 |
--- a/3.12.8/0000_README |
20 |
+++ b/3.12.8/0000_README |
21 |
@@ -2,7 +2,7 @@ README |
22 |
----------------------------------------------------------------------------- |
23 |
Individual Patch Descriptions: |
24 |
----------------------------------------------------------------------------- |
25 |
-Patch: 4420_grsecurity-3.0-3.12.8-201401160931.patch |
26 |
+Patch: 4420_grsecurity-3.0-3.12.8-201401191015.patch |
27 |
From: http://www.grsecurity.net |
28 |
Desc: hardened-sources base patch from upstream grsecurity |
29 |
|
30 |
|
31 |
diff --git a/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch b/3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch |
32 |
similarity index 99% |
33 |
rename from 3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch |
34 |
rename to 3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch |
35 |
index 7bb3c7f..07d9c25 100644 |
36 |
--- a/3.12.8/4420_grsecurity-3.0-3.12.8-201401160931.patch |
37 |
+++ b/3.12.8/4420_grsecurity-3.0-3.12.8-201401191015.patch |
38 |
@@ -4580,6 +4580,24 @@ index b1d17ee..7a6f4d3 100644 |
39 |
create_mapping(&map); |
40 |
} |
41 |
} |
42 |
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c |
43 |
+index 99b44e0..8c9106f 100644 |
44 |
+--- a/arch/arm/net/bpf_jit_32.c |
45 |
++++ b/arch/arm/net/bpf_jit_32.c |
46 |
+@@ -637,10 +637,10 @@ load_ind: |
47 |
+ emit(ARM_MUL(r_A, r_A, r_X), ctx); |
48 |
+ break; |
49 |
+ case BPF_S_ALU_DIV_K: |
50 |
+- /* current k == reciprocal_value(userspace k) */ |
51 |
++ if (k == 1) |
52 |
++ break; |
53 |
+ emit_mov_i(r_scratch, k, ctx); |
54 |
+- /* A = top 32 bits of the product */ |
55 |
+- emit(ARM_UMULL(r_scratch, r_A, r_A, r_scratch), ctx); |
56 |
++ emit_udiv(r_A, r_A, r_scratch, ctx); |
57 |
+ break; |
58 |
+ case BPF_S_ALU_DIV_X: |
59 |
+ update_on_xread(ctx); |
60 |
diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c |
61 |
index a5bc92d..0bb4730 100644 |
62 |
--- a/arch/arm/plat-omap/sram.c |
63 |
@@ -8478,6 +8496,25 @@ index 7ce9cf3..a964087 100644 |
64 |
/* If hint, make sure it matches our alignment restrictions */ |
65 |
if (!fixed && addr) { |
66 |
addr = _ALIGN_UP(addr, 1ul << pshift); |
67 |
+diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c |
68 |
+index 2345bdb..ebbb2f1 100644 |
69 |
+--- a/arch/powerpc/net/bpf_jit_comp.c |
70 |
++++ b/arch/powerpc/net/bpf_jit_comp.c |
71 |
+@@ -209,10 +209,11 @@ static int bpf_jit_build_body(struct sk_filter *fp, u32 *image, |
72 |
+ } |
73 |
+ PPC_DIVWU(r_A, r_A, r_X); |
74 |
+ break; |
75 |
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ |
76 |
++ case BPF_S_ALU_DIV_K: /* A /= K */ |
77 |
++ if (K == 1) |
78 |
++ break; |
79 |
+ PPC_LI32(r_scratch1, K); |
80 |
+- /* Top 32 bits of 64bit result -> A */ |
81 |
+- PPC_MULHWU(r_A, r_A, r_scratch1); |
82 |
++ PPC_DIVWU(r_A, r_A, r_scratch1); |
83 |
+ break; |
84 |
+ case BPF_S_ALU_AND_X: |
85 |
+ ctx->seen |= SEEN_XREG; |
86 |
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c |
87 |
index 9098692..3d54cd1 100644 |
88 |
--- a/arch/powerpc/platforms/cell/spufs/file.c |
89 |
@@ -8783,6 +8820,41 @@ index 4002329..99b67cb 100644 |
90 |
mm->get_unmapped_area = s390_get_unmapped_area_topdown; |
91 |
} |
92 |
} |
93 |
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c |
94 |
+index a5df511..06f5acc 100644 |
95 |
+--- a/arch/s390/net/bpf_jit_comp.c |
96 |
++++ b/arch/s390/net/bpf_jit_comp.c |
97 |
+@@ -371,11 +371,13 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter, |
98 |
+ /* dr %r4,%r12 */ |
99 |
+ EMIT2(0x1d4c); |
100 |
+ break; |
101 |
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K) */ |
102 |
+- /* m %r4,<d(K)>(%r13) */ |
103 |
+- EMIT4_DISP(0x5c40d000, EMIT_CONST(K)); |
104 |
+- /* lr %r5,%r4 */ |
105 |
+- EMIT2(0x1854); |
106 |
++ case BPF_S_ALU_DIV_K: /* A /= K */ |
107 |
++ if (K == 1) |
108 |
++ break; |
109 |
++ /* lhi %r4,0 */ |
110 |
++ EMIT4(0xa7480000); |
111 |
++ /* d %r4,<d(K)>(%r13) */ |
112 |
++ EMIT4_DISP(0x5d40d000, EMIT_CONST(K)); |
113 |
+ break; |
114 |
+ case BPF_S_ALU_MOD_X: /* A %= X */ |
115 |
+ jit->seen |= SEEN_XREG | SEEN_RET0; |
116 |
+@@ -391,6 +393,11 @@ static int bpf_jit_insn(struct bpf_jit *jit, struct sock_filter *filter, |
117 |
+ EMIT2(0x1854); |
118 |
+ break; |
119 |
+ case BPF_S_ALU_MOD_K: /* A %= K */ |
120 |
++ if (K == 1) { |
121 |
++ /* lhi %r5,0 */ |
122 |
++ EMIT4(0xa7580000); |
123 |
++ break; |
124 |
++ } |
125 |
+ /* lhi %r4,0 */ |
126 |
+ EMIT4(0xa7480000); |
127 |
+ /* d %r4,<d(K)>(%r13) */ |
128 |
diff --git a/arch/score/include/asm/cache.h b/arch/score/include/asm/cache.h |
129 |
index ae3d59f..f65f075 100644 |
130 |
--- a/arch/score/include/asm/cache.h |
131 |
@@ -11406,6 +11478,34 @@ index ed82eda..0d80e77 100644 |
132 |
#endif /* CONFIG_SMP */ |
133 |
#endif /* CONFIG_DEBUG_DCFLUSH */ |
134 |
} |
135 |
+diff --git a/arch/sparc/net/bpf_jit_comp.c b/arch/sparc/net/bpf_jit_comp.c |
136 |
+index 218b6b2..01fe994 100644 |
137 |
+--- a/arch/sparc/net/bpf_jit_comp.c |
138 |
++++ b/arch/sparc/net/bpf_jit_comp.c |
139 |
+@@ -497,9 +497,20 @@ void bpf_jit_compile(struct sk_filter *fp) |
140 |
+ case BPF_S_ALU_MUL_K: /* A *= K */ |
141 |
+ emit_alu_K(MUL, K); |
142 |
+ break; |
143 |
+- case BPF_S_ALU_DIV_K: /* A /= K */ |
144 |
+- emit_alu_K(MUL, K); |
145 |
+- emit_read_y(r_A); |
146 |
++ case BPF_S_ALU_DIV_K: /* A /= K with K != 0*/ |
147 |
++ if (K == 1) |
148 |
++ break; |
149 |
++ emit_write_y(G0); |
150 |
++#ifdef CONFIG_SPARC32 |
151 |
++ /* The Sparc v8 architecture requires |
152 |
++ * three instructions between a %y |
153 |
++ * register write and the first use. |
154 |
++ */ |
155 |
++ emit_nop(); |
156 |
++ emit_nop(); |
157 |
++ emit_nop(); |
158 |
++#endif |
159 |
++ emit_alu_K(DIV, K); |
160 |
+ break; |
161 |
+ case BPF_S_ALU_DIV_X: /* A /= X; */ |
162 |
+ emit_cmpi(r_X, 0); |
163 |
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig |
164 |
index d45a2c4..3c05a78 100644 |
165 |
--- a/arch/tile/Kconfig |
166 |
@@ -32910,7 +33010,7 @@ index 877b9a1..a8ecf42 100644 |
167 |
+ pax_force_retaddr |
168 |
ret |
169 |
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c |
170 |
-index 26328e8..5f96c25 100644 |
171 |
+index 26328e8..8dfe0d5 100644 |
172 |
--- a/arch/x86/net/bpf_jit_comp.c |
173 |
+++ b/arch/x86/net/bpf_jit_comp.c |
174 |
@@ -50,13 +50,90 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) |
175 |
@@ -33140,9 +33240,14 @@ index 26328e8..5f96c25 100644 |
176 |
break; |
177 |
case BPF_S_ALU_DIV_X: /* A /= X; */ |
178 |
seen |= SEEN_XREG; |
179 |
-@@ -360,13 +457,23 @@ void bpf_jit_compile(struct sk_filter *fp) |
180 |
+@@ -359,15 +456,29 @@ void bpf_jit_compile(struct sk_filter *fp) |
181 |
+ EMIT2(0x89, 0xd0); /* mov %edx,%eax */ |
182 |
break; |
183 |
case BPF_S_ALU_MOD_K: /* A %= K; */ |
184 |
++ if (K == 1) { |
185 |
++ CLEAR_A(); |
186 |
++ break; |
187 |
++ } |
188 |
EMIT2(0x31, 0xd2); /* xor %edx,%edx */ |
189 |
+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN |
190 |
+ DILUTE_CONST_SEQUENCE(K, randkey); |
191 |
@@ -33152,19 +33257,24 @@ index 26328e8..5f96c25 100644 |
192 |
EMIT2(0xf7, 0xf1); /* div %ecx */ |
193 |
EMIT2(0x89, 0xd0); /* mov %edx,%eax */ |
194 |
break; |
195 |
- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ |
196 |
+- case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ |
197 |
+- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */ |
198 |
+- EMIT(K, 4); |
199 |
+- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ |
200 |
++ case BPF_S_ALU_DIV_K: /* A /= K */ |
201 |
++ if (K == 1) |
202 |
++ break; |
203 |
++ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ |
204 |
+#ifdef CONFIG_GRKERNSEC_JIT_HARDEN |
205 |
+ DILUTE_CONST_SEQUENCE(K, randkey); |
206 |
-+ // imul rax, rcx |
207 |
-+ EMIT4(0x48, 0x0f, 0xaf, 0xc1); |
208 |
+#else |
209 |
- EMIT3(0x48, 0x69, 0xc0); /* imul imm32,%rax,%rax */ |
210 |
- EMIT(K, 4); |
211 |
++ EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */ |
212 |
+#endif |
213 |
- EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ |
214 |
++ EMIT2(0xf7, 0xf1); /* div %ecx */ |
215 |
break; |
216 |
case BPF_S_ALU_AND_X: |
217 |
-@@ -637,8 +744,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; |
218 |
+ seen |= SEEN_XREG; |
219 |
+@@ -637,8 +748,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; |
220 |
if (is_imm8(K)) { |
221 |
EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ |
222 |
} else { |
223 |
@@ -33174,7 +33284,7 @@ index 26328e8..5f96c25 100644 |
224 |
} |
225 |
} else { |
226 |
EMIT2(0x89,0xde); /* mov %ebx,%esi */ |
227 |
-@@ -728,10 +834,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; |
228 |
+@@ -728,10 +838,12 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; |
229 |
if (unlikely(proglen + ilen > oldproglen)) { |
230 |
pr_err("bpb_jit_compile fatal error\n"); |
231 |
kfree(addrs); |
232 |
@@ -33188,7 +33298,7 @@ index 26328e8..5f96c25 100644 |
233 |
} |
234 |
proglen += ilen; |
235 |
addrs[i] = proglen; |
236 |
-@@ -764,7 +872,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; |
237 |
+@@ -764,7 +876,6 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; |
238 |
|
239 |
if (image) { |
240 |
bpf_flush_icache(header, image + proglen); |
241 |
@@ -33196,7 +33306,7 @@ index 26328e8..5f96c25 100644 |
242 |
fp->bpf_func = (void *)image; |
243 |
} |
244 |
out: |
245 |
-@@ -776,10 +883,9 @@ static void bpf_jit_free_deferred(struct work_struct *work) |
246 |
+@@ -776,10 +887,9 @@ static void bpf_jit_free_deferred(struct work_struct *work) |
247 |
{ |
248 |
struct sk_filter *fp = container_of(work, struct sk_filter, work); |
249 |
unsigned long addr = (unsigned long)fp->bpf_func & PAGE_MASK; |
250 |
@@ -37564,7 +37674,7 @@ index d39cca6..8c1e269 100644 |
251 |
|
252 |
if (cmd != SIOCWANDEV) |
253 |
diff --git a/drivers/char/random.c b/drivers/char/random.c |
254 |
-index 7a744d3..35a177ee 100644 |
255 |
+index 7a744d3..895af8f 100644 |
256 |
--- a/drivers/char/random.c |
257 |
+++ b/drivers/char/random.c |
258 |
@@ -269,8 +269,13 @@ |
259 |
@@ -37610,7 +37720,20 @@ index 7a744d3..35a177ee 100644 |
260 |
smp_wmb(); |
261 |
|
262 |
if (out) |
263 |
-@@ -1029,7 +1041,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
264 |
+@@ -603,8 +615,11 @@ retry: |
265 |
+ |
266 |
+ if (!r->initialized && nbits > 0) { |
267 |
+ r->entropy_total += nbits; |
268 |
+- if (r->entropy_total > 128) |
269 |
++ if (r->entropy_total > 128) { |
270 |
+ r->initialized = 1; |
271 |
++ if (r == &nonblocking_pool) |
272 |
++ prandom_reseed_late(); |
273 |
++ } |
274 |
+ } |
275 |
+ |
276 |
+ trace_credit_entropy_bits(r->name, nbits, entropy_count, |
277 |
+@@ -1029,7 +1044,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, |
278 |
|
279 |
extract_buf(r, tmp); |
280 |
i = min_t(int, nbytes, EXTRACT_SIZE); |
281 |
@@ -37619,7 +37742,7 @@ index 7a744d3..35a177ee 100644 |
282 |
ret = -EFAULT; |
283 |
break; |
284 |
} |
285 |
-@@ -1365,7 +1377,7 @@ EXPORT_SYMBOL(generate_random_uuid); |
286 |
+@@ -1365,7 +1380,7 @@ EXPORT_SYMBOL(generate_random_uuid); |
287 |
#include <linux/sysctl.h> |
288 |
|
289 |
static int min_read_thresh = 8, min_write_thresh; |
290 |
@@ -37628,7 +37751,7 @@ index 7a744d3..35a177ee 100644 |
291 |
static int max_write_thresh = INPUT_POOL_WORDS * 32; |
292 |
static char sysctl_bootid[16]; |
293 |
|
294 |
-@@ -1381,7 +1393,7 @@ static char sysctl_bootid[16]; |
295 |
+@@ -1381,7 +1396,7 @@ static char sysctl_bootid[16]; |
296 |
static int proc_do_uuid(struct ctl_table *table, int write, |
297 |
void __user *buffer, size_t *lenp, loff_t *ppos) |
298 |
{ |
299 |
@@ -42599,9 +42722,27 @@ index aacf6bf..67d63f2 100644 |
300 |
"md/raid1:%s: read error corrected " |
301 |
"(%d sectors at %llu on %s)\n", |
302 |
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c |
303 |
-index 73dc8a3..bdd515a 100644 |
304 |
+index 73dc8a3..859d581f6 100644 |
305 |
--- a/drivers/md/raid10.c |
306 |
+++ b/drivers/md/raid10.c |
307 |
+@@ -1319,7 +1319,7 @@ read_again: |
308 |
+ /* Could not read all from this device, so we will |
309 |
+ * need another r10_bio. |
310 |
+ */ |
311 |
+- sectors_handled = (r10_bio->sectors + max_sectors |
312 |
++ sectors_handled = (r10_bio->sector + max_sectors |
313 |
+ - bio->bi_sector); |
314 |
+ r10_bio->sectors = max_sectors; |
315 |
+ spin_lock_irq(&conf->device_lock); |
316 |
+@@ -1327,7 +1327,7 @@ read_again: |
317 |
+ bio->bi_phys_segments = 2; |
318 |
+ else |
319 |
+ bio->bi_phys_segments++; |
320 |
+- spin_unlock(&conf->device_lock); |
321 |
++ spin_unlock_irq(&conf->device_lock); |
322 |
+ /* Cannot call generic_make_request directly |
323 |
+ * as that will be queued in __generic_make_request |
324 |
+ * and subsequent mempool_alloc might block |
325 |
@@ -1963,7 +1963,7 @@ static void end_sync_read(struct bio *bio, int error) |
326 |
/* The write handler will notice the lack of |
327 |
* R10BIO_Uptodate and record any errors etc |
328 |
@@ -42661,8 +42802,30 @@ index 73dc8a3..bdd515a 100644 |
329 |
} |
330 |
|
331 |
rdev_dec_pending(rdev, mddev); |
332 |
+@@ -3220,10 +3220,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, |
333 |
+ if (j == conf->copies) { |
334 |
+ /* Cannot recover, so abort the recovery or |
335 |
+ * record a bad block */ |
336 |
+- put_buf(r10_bio); |
337 |
+- if (rb2) |
338 |
+- atomic_dec(&rb2->remaining); |
339 |
+- r10_bio = rb2; |
340 |
+ if (any_working) { |
341 |
+ /* problem is that there are bad blocks |
342 |
+ * on other device(s) |
343 |
+@@ -3255,6 +3251,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, |
344 |
+ mirror->recovery_disabled |
345 |
+ = mddev->recovery_disabled; |
346 |
+ } |
347 |
++ put_buf(r10_bio); |
348 |
++ if (rb2) |
349 |
++ atomic_dec(&rb2->remaining); |
350 |
++ r10_bio = rb2; |
351 |
+ break; |
352 |
+ } |
353 |
+ } |
354 |
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c |
355 |
-index 8a0665d..984c46d 100644 |
356 |
+index 8a0665d..b322118 100644 |
357 |
--- a/drivers/md/raid5.c |
358 |
+++ b/drivers/md/raid5.c |
359 |
@@ -1887,21 +1887,21 @@ static void raid5_end_read_request(struct bio * bi, int error) |
360 |
@@ -42700,6 +42863,24 @@ index 8a0665d..984c46d 100644 |
361 |
> conf->max_nr_stripes) |
362 |
printk(KERN_WARNING |
363 |
"md/raid:%s: Too many read errors, failing device %s.\n", |
364 |
+@@ -3502,7 +3502,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s) |
365 |
+ */ |
366 |
+ set_bit(R5_Insync, &dev->flags); |
367 |
+ |
368 |
+- if (rdev && test_bit(R5_WriteError, &dev->flags)) { |
369 |
++ if (test_bit(R5_WriteError, &dev->flags)) { |
370 |
+ /* This flag does not apply to '.replacement' |
371 |
+ * only to .rdev, so make sure to check that*/ |
372 |
+ struct md_rdev *rdev2 = rcu_dereference( |
373 |
+@@ -3515,7 +3515,7 @@ static void analyse_stripe(struct stripe_head *sh, struct stripe_head_state *s) |
374 |
+ } else |
375 |
+ clear_bit(R5_WriteError, &dev->flags); |
376 |
+ } |
377 |
+- if (rdev && test_bit(R5_MadeGood, &dev->flags)) { |
378 |
++ if (test_bit(R5_MadeGood, &dev->flags)) { |
379 |
+ /* This flag does not apply to '.replacement' |
380 |
+ * only to .rdev, so make sure to check that*/ |
381 |
+ struct md_rdev *rdev2 = rcu_dereference( |
382 |
diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c |
383 |
index 401ef64..836e563 100644 |
384 |
--- a/drivers/media/dvb-core/dvbdev.c |
385 |
@@ -53511,7 +53692,7 @@ index 89dec7f..361b0d75 100644 |
386 |
fd_offset + ex.a_text); |
387 |
if (error != N_DATADDR(ex)) { |
388 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
389 |
-index 4c94a79..2610454 100644 |
390 |
+index 4c94a79..9d5fb56 100644 |
391 |
--- a/fs/binfmt_elf.c |
392 |
+++ b/fs/binfmt_elf.c |
393 |
@@ -34,6 +34,7 @@ |
394 |
@@ -53680,7 +53861,7 @@ index 4c94a79..2610454 100644 |
395 |
} |
396 |
|
397 |
error = load_addr; |
398 |
-@@ -538,6 +569,315 @@ out: |
399 |
+@@ -538,6 +569,336 @@ out: |
400 |
return error; |
401 |
} |
402 |
|
403 |
@@ -53821,12 +54002,48 @@ index 4c94a79..2610454 100644 |
404 |
+#endif |
405 |
+ |
406 |
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) |
407 |
-+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) |
408 |
++static unsigned long pax_parse_defaults(void) |
409 |
+{ |
410 |
+ unsigned long pax_flags = 0UL; |
411 |
+ |
412 |
++#ifdef CONFIG_PAX_SOFTMODE |
413 |
++ if (pax_softmode) |
414 |
++ return pax_flags; |
415 |
++#endif |
416 |
++ |
417 |
++#ifdef CONFIG_PAX_PAGEEXEC |
418 |
++ pax_flags |= MF_PAX_PAGEEXEC; |
419 |
++#endif |
420 |
++ |
421 |
++#ifdef CONFIG_PAX_SEGMEXEC |
422 |
++ pax_flags |= MF_PAX_SEGMEXEC; |
423 |
++#endif |
424 |
++ |
425 |
++#ifdef CONFIG_PAX_MPROTECT |
426 |
++ pax_flags |= MF_PAX_MPROTECT; |
427 |
++#endif |
428 |
++ |
429 |
++#ifdef CONFIG_PAX_RANDMMAP |
430 |
++ if (randomize_va_space) |
431 |
++ pax_flags |= MF_PAX_RANDMMAP; |
432 |
++#endif |
433 |
++ |
434 |
++ return pax_flags; |
435 |
++} |
436 |
++ |
437 |
++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) |
438 |
++{ |
439 |
++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK; |
440 |
++ |
441 |
+#ifdef CONFIG_PAX_EI_PAX |
442 |
+ |
443 |
++#ifdef CONFIG_PAX_SOFTMODE |
444 |
++ if (pax_softmode) |
445 |
++ return pax_flags; |
446 |
++#endif |
447 |
++ |
448 |
++ pax_flags = 0UL; |
449 |
++ |
450 |
+#ifdef CONFIG_PAX_PAGEEXEC |
451 |
+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) |
452 |
+ pax_flags |= MF_PAX_PAGEEXEC; |
453 |
@@ -53852,28 +54069,10 @@ index 4c94a79..2610454 100644 |
454 |
+ pax_flags |= MF_PAX_RANDMMAP; |
455 |
+#endif |
456 |
+ |
457 |
-+#else |
458 |
-+ |
459 |
-+#ifdef CONFIG_PAX_PAGEEXEC |
460 |
-+ pax_flags |= MF_PAX_PAGEEXEC; |
461 |
-+#endif |
462 |
-+ |
463 |
-+#ifdef CONFIG_PAX_SEGMEXEC |
464 |
-+ pax_flags |= MF_PAX_SEGMEXEC; |
465 |
-+#endif |
466 |
-+ |
467 |
-+#ifdef CONFIG_PAX_MPROTECT |
468 |
-+ pax_flags |= MF_PAX_MPROTECT; |
469 |
-+#endif |
470 |
-+ |
471 |
-+#ifdef CONFIG_PAX_RANDMMAP |
472 |
-+ if (randomize_va_space) |
473 |
-+ pax_flags |= MF_PAX_RANDMMAP; |
474 |
-+#endif |
475 |
-+ |
476 |
+#endif |
477 |
+ |
478 |
+ return pax_flags; |
479 |
++ |
480 |
+} |
481 |
+ |
482 |
+static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) |
483 |
@@ -53889,7 +54088,7 @@ index 4c94a79..2610454 100644 |
484 |
+ ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || |
485 |
+ ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || |
486 |
+ ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) |
487 |
-+ return ~0UL; |
488 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
489 |
+ |
490 |
+#ifdef CONFIG_PAX_SOFTMODE |
491 |
+ if (pax_softmode) |
492 |
@@ -53902,7 +54101,7 @@ index 4c94a79..2610454 100644 |
493 |
+ } |
494 |
+#endif |
495 |
+ |
496 |
-+ return ~0UL; |
497 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
498 |
+} |
499 |
+ |
500 |
+static unsigned long pax_parse_xattr_pax(struct file * const file) |
501 |
@@ -53914,23 +54113,23 @@ index 4c94a79..2610454 100644 |
502 |
+ unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; |
503 |
+ |
504 |
+ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); |
505 |
-+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value) |
506 |
-+ return ~0UL; |
507 |
++ if (xattr_size < 0 || xattr_size > sizeof xattr_value) |
508 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
509 |
+ |
510 |
+ for (i = 0; i < xattr_size; i++) |
511 |
+ switch (xattr_value[i]) { |
512 |
+ default: |
513 |
-+ return ~0UL; |
514 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
515 |
+ |
516 |
+#define parse_flag(option1, option2, flag) \ |
517 |
+ case option1: \ |
518 |
+ if (pax_flags_hardmode & MF_PAX_##flag) \ |
519 |
-+ return ~0UL; \ |
520 |
++ return PAX_PARSE_FLAGS_FALLBACK;\ |
521 |
+ pax_flags_hardmode |= MF_PAX_##flag; \ |
522 |
+ break; \ |
523 |
+ case option2: \ |
524 |
+ if (pax_flags_softmode & MF_PAX_##flag) \ |
525 |
-+ return ~0UL; \ |
526 |
++ return PAX_PARSE_FLAGS_FALLBACK;\ |
527 |
+ pax_flags_softmode |= MF_PAX_##flag; \ |
528 |
+ break; |
529 |
+ |
530 |
@@ -53944,7 +54143,7 @@ index 4c94a79..2610454 100644 |
531 |
+ } |
532 |
+ |
533 |
+ if (pax_flags_hardmode & pax_flags_softmode) |
534 |
-+ return ~0UL; |
535 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
536 |
+ |
537 |
+#ifdef CONFIG_PAX_SOFTMODE |
538 |
+ if (pax_softmode) |
539 |
@@ -53954,27 +54153,30 @@ index 4c94a79..2610454 100644 |
540 |
+ |
541 |
+ return pax_parse_xattr_pax_hardmode(pax_flags_hardmode); |
542 |
+#else |
543 |
-+ return ~0UL; |
544 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
545 |
+#endif |
546 |
+ |
547 |
+} |
548 |
+ |
549 |
+static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) |
550 |
+{ |
551 |
-+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; |
552 |
++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags; |
553 |
+ |
554 |
-+ pax_flags = pax_parse_ei_pax(elf_ex); |
555 |
++ pax_flags = pax_parse_defaults(); |
556 |
++ ei_pax_flags = pax_parse_ei_pax(elf_ex); |
557 |
+ pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata); |
558 |
+ xattr_pax_flags = pax_parse_xattr_pax(file); |
559 |
+ |
560 |
-+ if (pt_pax_flags == ~0UL) |
561 |
-+ pt_pax_flags = xattr_pax_flags; |
562 |
-+ else if (xattr_pax_flags == ~0UL) |
563 |
-+ xattr_pax_flags = pt_pax_flags; |
564 |
-+ if (pt_pax_flags != xattr_pax_flags) |
565 |
++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK && |
566 |
++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK && |
567 |
++ pt_pax_flags != xattr_pax_flags) |
568 |
+ return -EINVAL; |
569 |
-+ if (pt_pax_flags != ~0UL) |
570 |
++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
571 |
++ pax_flags = xattr_pax_flags; |
572 |
++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
573 |
+ pax_flags = pt_pax_flags; |
574 |
++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
575 |
++ pax_flags = ei_pax_flags; |
576 |
+ |
577 |
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) |
578 |
+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { |
579 |
@@ -53996,7 +54198,7 @@ index 4c94a79..2610454 100644 |
580 |
/* |
581 |
* These are the functions used to load ELF style executables and shared |
582 |
* libraries. There is no binary dependent code anywhere else. |
583 |
-@@ -554,6 +894,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) |
584 |
+@@ -554,6 +915,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) |
585 |
{ |
586 |
unsigned int random_variable = 0; |
587 |
|
588 |
@@ -54008,7 +54210,7 @@ index 4c94a79..2610454 100644 |
589 |
if ((current->flags & PF_RANDOMIZE) && |
590 |
!(current->personality & ADDR_NO_RANDOMIZE)) { |
591 |
random_variable = get_random_int() & STACK_RND_MASK; |
592 |
-@@ -572,7 +917,7 @@ static int load_elf_binary(struct linux_binprm *bprm) |
593 |
+@@ -572,7 +938,7 @@ static int load_elf_binary(struct linux_binprm *bprm) |
594 |
unsigned long load_addr = 0, load_bias = 0; |
595 |
int load_addr_set = 0; |
596 |
char * elf_interpreter = NULL; |
597 |
@@ -54017,7 +54219,7 @@ index 4c94a79..2610454 100644 |
598 |
struct elf_phdr *elf_ppnt, *elf_phdata; |
599 |
unsigned long elf_bss, elf_brk; |
600 |
int retval, i; |
601 |
-@@ -582,12 +927,12 @@ static int load_elf_binary(struct linux_binprm *bprm) |
602 |
+@@ -582,12 +948,12 @@ static int load_elf_binary(struct linux_binprm *bprm) |
603 |
unsigned long start_code, end_code, start_data, end_data; |
604 |
unsigned long reloc_func_desc __maybe_unused = 0; |
605 |
int executable_stack = EXSTACK_DEFAULT; |
606 |
@@ -54031,7 +54233,7 @@ index 4c94a79..2610454 100644 |
607 |
|
608 |
loc = kmalloc(sizeof(*loc), GFP_KERNEL); |
609 |
if (!loc) { |
610 |
-@@ -723,11 +1068,82 @@ static int load_elf_binary(struct linux_binprm *bprm) |
611 |
+@@ -723,11 +1089,82 @@ static int load_elf_binary(struct linux_binprm *bprm) |
612 |
goto out_free_dentry; |
613 |
|
614 |
/* OK, This is the point of no return */ |
615 |
@@ -54115,7 +54317,7 @@ index 4c94a79..2610454 100644 |
616 |
if (elf_read_implies_exec(loc->elf_ex, executable_stack)) |
617 |
current->personality |= READ_IMPLIES_EXEC; |
618 |
|
619 |
-@@ -817,6 +1233,20 @@ static int load_elf_binary(struct linux_binprm *bprm) |
620 |
+@@ -817,6 +1254,20 @@ static int load_elf_binary(struct linux_binprm *bprm) |
621 |
#else |
622 |
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); |
623 |
#endif |
624 |
@@ -54136,7 +54338,7 @@ index 4c94a79..2610454 100644 |
625 |
} |
626 |
|
627 |
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, |
628 |
-@@ -849,9 +1279,9 @@ static int load_elf_binary(struct linux_binprm *bprm) |
629 |
+@@ -849,9 +1300,9 @@ static int load_elf_binary(struct linux_binprm *bprm) |
630 |
* allowed task size. Note that p_filesz must always be |
631 |
* <= p_memsz so it is only necessary to check p_memsz. |
632 |
*/ |
633 |
@@ -54149,7 +54351,7 @@ index 4c94a79..2610454 100644 |
634 |
/* set_brk can never work. Avoid overflows. */ |
635 |
send_sig(SIGKILL, current, 0); |
636 |
retval = -EINVAL; |
637 |
-@@ -890,17 +1320,45 @@ static int load_elf_binary(struct linux_binprm *bprm) |
638 |
+@@ -890,17 +1341,45 @@ static int load_elf_binary(struct linux_binprm *bprm) |
639 |
goto out_free_dentry; |
640 |
} |
641 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
642 |
@@ -54201,7 +54403,7 @@ index 4c94a79..2610454 100644 |
643 |
load_bias); |
644 |
if (!IS_ERR((void *)elf_entry)) { |
645 |
/* |
646 |
-@@ -1122,7 +1580,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) |
647 |
+@@ -1122,7 +1601,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) |
648 |
* Decide what to dump of a segment, part, all or none. |
649 |
*/ |
650 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
651 |
@@ -54210,7 +54412,7 @@ index 4c94a79..2610454 100644 |
652 |
{ |
653 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
654 |
|
655 |
-@@ -1160,7 +1618,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
656 |
+@@ -1160,7 +1639,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
657 |
if (vma->vm_file == NULL) |
658 |
return 0; |
659 |
|
660 |
@@ -54219,7 +54421,7 @@ index 4c94a79..2610454 100644 |
661 |
goto whole; |
662 |
|
663 |
/* |
664 |
-@@ -1385,9 +1843,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
665 |
+@@ -1385,9 +1864,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
666 |
{ |
667 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
668 |
int i = 0; |
669 |
@@ -54231,7 +54433,7 @@ index 4c94a79..2610454 100644 |
670 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
671 |
} |
672 |
|
673 |
-@@ -1396,7 +1854,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, |
674 |
+@@ -1396,7 +1875,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, |
675 |
{ |
676 |
mm_segment_t old_fs = get_fs(); |
677 |
set_fs(KERNEL_DS); |
678 |
@@ -54240,7 +54442,7 @@ index 4c94a79..2610454 100644 |
679 |
set_fs(old_fs); |
680 |
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); |
681 |
} |
682 |
-@@ -2023,14 +2481,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
683 |
+@@ -2023,14 +2502,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
684 |
} |
685 |
|
686 |
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, |
687 |
@@ -54257,7 +54459,7 @@ index 4c94a79..2610454 100644 |
688 |
return size; |
689 |
} |
690 |
|
691 |
-@@ -2123,7 +2581,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
692 |
+@@ -2123,7 +2602,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
693 |
|
694 |
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); |
695 |
|
696 |
@@ -54266,7 +54468,7 @@ index 4c94a79..2610454 100644 |
697 |
offset += elf_core_extra_data_size(); |
698 |
e_shoff = offset; |
699 |
|
700 |
-@@ -2137,10 +2595,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
701 |
+@@ -2137,10 +2616,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
702 |
offset = dataoff; |
703 |
|
704 |
size += sizeof(*elf); |
705 |
@@ -54279,7 +54481,7 @@ index 4c94a79..2610454 100644 |
706 |
if (size > cprm->limit |
707 |
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) |
708 |
goto end_coredump; |
709 |
-@@ -2154,7 +2614,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
710 |
+@@ -2154,7 +2635,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
711 |
phdr.p_offset = offset; |
712 |
phdr.p_vaddr = vma->vm_start; |
713 |
phdr.p_paddr = 0; |
714 |
@@ -54288,7 +54490,7 @@ index 4c94a79..2610454 100644 |
715 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
716 |
offset += phdr.p_filesz; |
717 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
718 |
-@@ -2165,6 +2625,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
719 |
+@@ -2165,6 +2646,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
720 |
phdr.p_align = ELF_EXEC_PAGESIZE; |
721 |
|
722 |
size += sizeof(phdr); |
723 |
@@ -54296,7 +54498,7 @@ index 4c94a79..2610454 100644 |
724 |
if (size > cprm->limit |
725 |
|| !dump_write(cprm->file, &phdr, sizeof(phdr))) |
726 |
goto end_coredump; |
727 |
-@@ -2189,7 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
728 |
+@@ -2189,7 +2671,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
729 |
unsigned long addr; |
730 |
unsigned long end; |
731 |
|
732 |
@@ -54305,7 +54507,7 @@ index 4c94a79..2610454 100644 |
733 |
|
734 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
735 |
struct page *page; |
736 |
-@@ -2198,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
737 |
+@@ -2198,6 +2680,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
738 |
page = get_dump_page(addr); |
739 |
if (page) { |
740 |
void *kaddr = kmap(page); |
741 |
@@ -54313,7 +54515,7 @@ index 4c94a79..2610454 100644 |
742 |
stop = ((size += PAGE_SIZE) > cprm->limit) || |
743 |
!dump_write(cprm->file, kaddr, |
744 |
PAGE_SIZE); |
745 |
-@@ -2215,6 +2677,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
746 |
+@@ -2215,6 +2698,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
747 |
|
748 |
if (e_phnum == PN_XNUM) { |
749 |
size += sizeof(*shdr4extnum); |
750 |
@@ -54321,7 +54523,7 @@ index 4c94a79..2610454 100644 |
751 |
if (size > cprm->limit |
752 |
|| !dump_write(cprm->file, shdr4extnum, |
753 |
sizeof(*shdr4extnum))) |
754 |
-@@ -2235,6 +2698,167 @@ out: |
755 |
+@@ -2235,6 +2719,167 @@ out: |
756 |
|
757 |
#endif /* CONFIG_ELF_CORE */ |
758 |
|
759 |
@@ -59530,6 +59732,34 @@ index 72cb28e..5b5f87d 100644 |
760 |
set_fs(oldfs); |
761 |
|
762 |
if (host_err < 0) |
763 |
+diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c |
764 |
+index 9f6b486..a1a19163 100644 |
765 |
+--- a/fs/nilfs2/segment.c |
766 |
++++ b/fs/nilfs2/segment.c |
767 |
+@@ -1440,17 +1440,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci, |
768 |
+ |
769 |
+ nilfs_clear_logs(&sci->sc_segbufs); |
770 |
+ |
771 |
+- err = nilfs_segctor_extend_segments(sci, nilfs, nadd); |
772 |
+- if (unlikely(err)) |
773 |
+- return err; |
774 |
+- |
775 |
+ if (sci->sc_stage.flags & NILFS_CF_SUFREED) { |
776 |
+ err = nilfs_sufile_cancel_freev(nilfs->ns_sufile, |
777 |
+ sci->sc_freesegs, |
778 |
+ sci->sc_nfreesegs, |
779 |
+ NULL); |
780 |
+ WARN_ON(err); /* do not happen */ |
781 |
++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED; |
782 |
+ } |
783 |
++ |
784 |
++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd); |
785 |
++ if (unlikely(err)) |
786 |
++ return err; |
787 |
++ |
788 |
+ nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA); |
789 |
+ sci->sc_stage = prev_stage; |
790 |
+ } |
791 |
diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c |
792 |
index fea6bd5..8ee9d81 100644 |
793 |
--- a/fs/nls/nls_base.c |
794 |
@@ -62460,6 +62690,19 @@ index 9fbea87..6b19972 100644 |
795 |
int count; |
796 |
struct posix_acl *acl; |
797 |
struct posix_acl_entry *acl_e; |
798 |
+diff --git a/fs/xfs/xfs_attr_remote.c b/fs/xfs/xfs_attr_remote.c |
799 |
+index 712a502..18180a3 100644 |
800 |
+--- a/fs/xfs/xfs_attr_remote.c |
801 |
++++ b/fs/xfs/xfs_attr_remote.c |
802 |
+@@ -110,7 +110,7 @@ xfs_attr3_rmt_verify( |
803 |
+ if (be32_to_cpu(rmt->rm_bytes) > fsbsize - sizeof(*rmt)) |
804 |
+ return false; |
805 |
+ if (be32_to_cpu(rmt->rm_offset) + |
806 |
+- be32_to_cpu(rmt->rm_bytes) >= XATTR_SIZE_MAX) |
807 |
++ be32_to_cpu(rmt->rm_bytes) > XATTR_SIZE_MAX) |
808 |
+ return false; |
809 |
+ if (rmt->rm_owner == 0) |
810 |
+ return false; |
811 |
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c |
812 |
index f47e65c..e7125d9 100644 |
813 |
--- a/fs/xfs/xfs_bmap.c |
814 |
@@ -78073,7 +78316,7 @@ index cc7494a..1e27036 100644 |
815 |
extern bool qid_valid(struct kqid qid); |
816 |
|
817 |
diff --git a/include/linux/random.h b/include/linux/random.h |
818 |
-index bf9085e..1e8bbcf 100644 |
819 |
+index bf9085e..02aca5f 100644 |
820 |
--- a/include/linux/random.h |
821 |
+++ b/include/linux/random.h |
822 |
@@ -10,9 +10,19 @@ |
823 |
@@ -78098,7 +78341,7 @@ index bf9085e..1e8bbcf 100644 |
824 |
|
825 |
extern void get_random_bytes(void *buf, int nbytes); |
826 |
extern void get_random_bytes_arch(void *buf, int nbytes); |
827 |
-@@ -23,16 +33,21 @@ extern int random_int_secret_init(void); |
828 |
+@@ -23,16 +33,22 @@ extern int random_int_secret_init(void); |
829 |
extern const struct file_operations random_fops, urandom_fops; |
830 |
#endif |
831 |
|
832 |
@@ -78110,8 +78353,10 @@ index bf9085e..1e8bbcf 100644 |
833 |
+u32 prandom_u32(void) __intentional_overflow(-1); |
834 |
void prandom_bytes(void *buf, int nbytes); |
835 |
void prandom_seed(u32 seed); |
836 |
++void prandom_reseed_late(void); |
837 |
|
838 |
- u32 prandom_u32_state(struct rnd_state *); |
839 |
+-u32 prandom_u32_state(struct rnd_state *); |
840 |
++u32 prandom_u32_state(struct rnd_state *state); |
841 |
void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); |
842 |
|
843 |
+static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void) |
844 |
@@ -78122,6 +78367,20 @@ index bf9085e..1e8bbcf 100644 |
845 |
/* |
846 |
* Handle minimum values for seeds |
847 |
*/ |
848 |
+@@ -50,9 +66,10 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed) |
849 |
+ { |
850 |
+ u32 i = (seed >> 32) ^ (seed << 10) ^ seed; |
851 |
+ |
852 |
+- state->s1 = __seed(i, 2); |
853 |
+- state->s2 = __seed(i, 8); |
854 |
+- state->s3 = __seed(i, 16); |
855 |
++ state->s1 = __seed(i, 2U); |
856 |
++ state->s2 = __seed(i, 8U); |
857 |
++ state->s3 = __seed(i, 16U); |
858 |
++ state->s4 = __seed(i, 128U); |
859 |
+ } |
860 |
+ |
861 |
+ #ifdef CONFIG_ARCH_RANDOM |
862 |
diff --git a/include/linux/rculist.h b/include/linux/rculist.h |
863 |
index 4106721..132d42c 100644 |
864 |
--- a/include/linux/rculist.h |
865 |
@@ -78265,7 +78524,7 @@ index 6dacb93..6174423 100644 |
866 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
867 |
struct vm_area_struct *next) |
868 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
869 |
-index b1e963e..114b8fd 100644 |
870 |
+index b1e963e..4916219 100644 |
871 |
--- a/include/linux/sched.h |
872 |
+++ b/include/linux/sched.h |
873 |
@@ -62,6 +62,7 @@ struct bio_list; |
874 |
@@ -78394,7 +78653,7 @@ index b1e963e..114b8fd 100644 |
875 |
#ifdef CONFIG_FUTEX |
876 |
struct robust_list_head __user *robust_list; |
877 |
#ifdef CONFIG_COMPAT |
878 |
-@@ -1411,8 +1451,78 @@ struct task_struct { |
879 |
+@@ -1411,8 +1451,79 @@ struct task_struct { |
880 |
unsigned int sequential_io; |
881 |
unsigned int sequential_io_avg; |
882 |
#endif |
883 |
@@ -78436,6 +78695,7 @@ index b1e963e..114b8fd 100644 |
884 |
+#endif |
885 |
+ |
886 |
+extern int pax_check_flags(unsigned long *); |
887 |
++#define PAX_PARSE_FLAGS_FALLBACK (~0UL) |
888 |
+ |
889 |
+/* if tsk != current then task_lock must be held on it */ |
890 |
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) |
891 |
@@ -78473,7 +78733,7 @@ index b1e963e..114b8fd 100644 |
892 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
893 |
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
894 |
|
895 |
-@@ -1471,7 +1581,7 @@ struct pid_namespace; |
896 |
+@@ -1471,7 +1582,7 @@ struct pid_namespace; |
897 |
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, |
898 |
struct pid_namespace *ns); |
899 |
|
900 |
@@ -78482,7 +78742,7 @@ index b1e963e..114b8fd 100644 |
901 |
{ |
902 |
return tsk->pid; |
903 |
} |
904 |
-@@ -1921,7 +2031,9 @@ void yield(void); |
905 |
+@@ -1921,7 +2032,9 @@ void yield(void); |
906 |
extern struct exec_domain default_exec_domain; |
907 |
|
908 |
union thread_union { |
909 |
@@ -78492,7 +78752,7 @@ index b1e963e..114b8fd 100644 |
910 |
unsigned long stack[THREAD_SIZE/sizeof(long)]; |
911 |
}; |
912 |
|
913 |
-@@ -1954,6 +2066,7 @@ extern struct pid_namespace init_pid_ns; |
914 |
+@@ -1954,6 +2067,7 @@ extern struct pid_namespace init_pid_ns; |
915 |
*/ |
916 |
|
917 |
extern struct task_struct *find_task_by_vpid(pid_t nr); |
918 |
@@ -78500,7 +78760,7 @@ index b1e963e..114b8fd 100644 |
919 |
extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
920 |
struct pid_namespace *ns); |
921 |
|
922 |
-@@ -2118,7 +2231,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
923 |
+@@ -2118,7 +2232,7 @@ extern void __cleanup_sighand(struct sighand_struct *); |
924 |
extern void exit_itimers(struct signal_struct *); |
925 |
extern void flush_itimer_signals(void); |
926 |
|
927 |
@@ -78509,7 +78769,7 @@ index b1e963e..114b8fd 100644 |
928 |
|
929 |
extern int allow_signal(int); |
930 |
extern int disallow_signal(int); |
931 |
-@@ -2309,9 +2422,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
932 |
+@@ -2309,9 +2423,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
933 |
|
934 |
#endif |
935 |
|
936 |
@@ -80633,6 +80893,19 @@ index aa169c4..6a2771d 100644 |
937 |
MMAP_PAGE_ZERO) |
938 |
|
939 |
/* |
940 |
+diff --git a/include/uapi/linux/random.h b/include/uapi/linux/random.h |
941 |
+index 7471b5b..f97f514 100644 |
942 |
+--- a/include/uapi/linux/random.h |
943 |
++++ b/include/uapi/linux/random.h |
944 |
+@@ -41,7 +41,7 @@ struct rand_pool_info { |
945 |
+ }; |
946 |
+ |
947 |
+ struct rnd_state { |
948 |
+- __u32 s1, s2, s3; |
949 |
++ __u32 s1, s2, s3, s4; |
950 |
+ }; |
951 |
+ |
952 |
+ /* Exported functions */ |
953 |
diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h |
954 |
index 7530e74..e714828 100644 |
955 |
--- a/include/uapi/linux/screen_info.h |
956 |
@@ -80679,22 +80952,18 @@ index 0e011eb..82681b1 100644 |
957 |
#ifdef __HAVE_BUILTIN_BSWAP64__ |
958 |
return __builtin_bswap64(val); |
959 |
diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h |
960 |
-index 6d67213..8dab561 100644 |
961 |
+index 6d67213..552fdd9 100644 |
962 |
--- a/include/uapi/linux/sysctl.h |
963 |
+++ b/include/uapi/linux/sysctl.h |
964 |
-@@ -155,7 +155,11 @@ enum |
965 |
+@@ -155,8 +155,6 @@ enum |
966 |
KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ |
967 |
}; |
968 |
|
969 |
- |
970 |
-+#ifdef CONFIG_PAX_SOFTMODE |
971 |
-+enum { |
972 |
-+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ |
973 |
-+}; |
974 |
-+#endif |
975 |
- |
976 |
+- |
977 |
/* CTL_VM names: */ |
978 |
enum |
979 |
+ { |
980 |
diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h |
981 |
index e4629b9..6958086 100644 |
982 |
--- a/include/uapi/linux/xattr.h |
983 |
@@ -87851,6 +88120,396 @@ index 7811ed3..f80ca19 100644 |
984 |
|
985 |
static inline void *ptr_to_indirect(void *ptr) |
986 |
{ |
987 |
+diff --git a/lib/random32.c b/lib/random32.c |
988 |
+index 01e8890..1e5b2df 100644 |
989 |
+--- a/lib/random32.c |
990 |
++++ b/lib/random32.c |
991 |
+@@ -2,19 +2,19 @@ |
992 |
+ This is a maximally equidistributed combined Tausworthe generator |
993 |
+ based on code from GNU Scientific Library 1.5 (30 Jun 2004) |
994 |
+ |
995 |
+- x_n = (s1_n ^ s2_n ^ s3_n) |
996 |
++ lfsr113 version: |
997 |
+ |
998 |
+- s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19)) |
999 |
+- s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25)) |
1000 |
+- s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11)) |
1001 |
++ x_n = (s1_n ^ s2_n ^ s3_n ^ s4_n) |
1002 |
+ |
1003 |
+- The period of this generator is about 2^88. |
1004 |
++ s1_{n+1} = (((s1_n & 4294967294) << 18) ^ (((s1_n << 6) ^ s1_n) >> 13)) |
1005 |
++ s2_{n+1} = (((s2_n & 4294967288) << 2) ^ (((s2_n << 2) ^ s2_n) >> 27)) |
1006 |
++ s3_{n+1} = (((s3_n & 4294967280) << 7) ^ (((s3_n << 13) ^ s3_n) >> 21)) |
1007 |
++ s4_{n+1} = (((s4_n & 4294967168) << 13) ^ (((s4_n << 3) ^ s4_n) >> 12)) |
1008 |
++ |
1009 |
++ The period of this generator is about 2^113 (see erratum paper). |
1010 |
+ |
1011 |
+ From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe |
1012 |
+- Generators", Mathematics of Computation, 65, 213 (1996), 203--213. |
1013 |
+- |
1014 |
+- This is available on the net from L'Ecuyer's home page, |
1015 |
+- |
1016 |
++ Generators", Mathematics of Computation, 65, 213 (1996), 203--213: |
1017 |
+ http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps |
1018 |
+ ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps |
1019 |
+ |
1020 |
+@@ -29,7 +29,7 @@ |
1021 |
+ that paper.) |
1022 |
+ |
1023 |
+ This affects the seeding procedure by imposing the requirement |
1024 |
+- s1 > 1, s2 > 7, s3 > 15. |
1025 |
++ s1 > 1, s2 > 7, s3 > 15, s4 > 127. |
1026 |
+ |
1027 |
+ */ |
1028 |
+ |
1029 |
+@@ -38,6 +38,11 @@ |
1030 |
+ #include <linux/export.h> |
1031 |
+ #include <linux/jiffies.h> |
1032 |
+ #include <linux/random.h> |
1033 |
++#include <linux/sched.h> |
1034 |
++ |
1035 |
++#ifdef CONFIG_RANDOM32_SELFTEST |
1036 |
++static void __init prandom_state_selftest(void); |
1037 |
++#endif |
1038 |
+ |
1039 |
+ static DEFINE_PER_CPU(struct rnd_state, net_rand_state); |
1040 |
+ |
1041 |
+@@ -52,11 +57,12 @@ u32 prandom_u32_state(struct rnd_state *state) |
1042 |
+ { |
1043 |
+ #define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b) |
1044 |
+ |
1045 |
+- state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12); |
1046 |
+- state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4); |
1047 |
+- state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17); |
1048 |
++ state->s1 = TAUSWORTHE(state->s1, 6U, 13U, 4294967294U, 18U); |
1049 |
++ state->s2 = TAUSWORTHE(state->s2, 2U, 27U, 4294967288U, 2U); |
1050 |
++ state->s3 = TAUSWORTHE(state->s3, 13U, 21U, 4294967280U, 7U); |
1051 |
++ state->s4 = TAUSWORTHE(state->s4, 3U, 12U, 4294967168U, 13U); |
1052 |
+ |
1053 |
+- return (state->s1 ^ state->s2 ^ state->s3); |
1054 |
++ return (state->s1 ^ state->s2 ^ state->s3 ^ state->s4); |
1055 |
+ } |
1056 |
+ EXPORT_SYMBOL(prandom_u32_state); |
1057 |
+ |
1058 |
+@@ -126,6 +132,38 @@ void prandom_bytes(void *buf, int bytes) |
1059 |
+ } |
1060 |
+ EXPORT_SYMBOL(prandom_bytes); |
1061 |
+ |
1062 |
++static void prandom_warmup(struct rnd_state *state) |
1063 |
++{ |
1064 |
++ /* Calling RNG ten times to satify recurrence condition */ |
1065 |
++ prandom_u32_state(state); |
1066 |
++ prandom_u32_state(state); |
1067 |
++ prandom_u32_state(state); |
1068 |
++ prandom_u32_state(state); |
1069 |
++ prandom_u32_state(state); |
1070 |
++ prandom_u32_state(state); |
1071 |
++ prandom_u32_state(state); |
1072 |
++ prandom_u32_state(state); |
1073 |
++ prandom_u32_state(state); |
1074 |
++ prandom_u32_state(state); |
1075 |
++} |
1076 |
++ |
1077 |
++static void prandom_seed_very_weak(struct rnd_state *state, u32 seed) |
1078 |
++{ |
1079 |
++ /* Note: This sort of seeding is ONLY used in test cases and |
1080 |
++ * during boot at the time from core_initcall until late_initcall |
1081 |
++ * as we don't have a stronger entropy source available yet. |
1082 |
++ * After late_initcall, we reseed entire state, we have to (!), |
1083 |
++ * otherwise an attacker just needs to search 32 bit space to |
1084 |
++ * probe for our internal 128 bit state if he knows a couple |
1085 |
++ * of prandom32 outputs! |
1086 |
++ */ |
1087 |
++#define LCG(x) ((x) * 69069U) /* super-duper LCG */ |
1088 |
++ state->s1 = __seed(LCG(seed), 2U); |
1089 |
++ state->s2 = __seed(LCG(state->s1), 8U); |
1090 |
++ state->s3 = __seed(LCG(state->s2), 16U); |
1091 |
++ state->s4 = __seed(LCG(state->s3), 128U); |
1092 |
++} |
1093 |
++ |
1094 |
+ /** |
1095 |
+ * prandom_seed - add entropy to pseudo random number generator |
1096 |
+ * @seed: seed value |
1097 |
+@@ -141,7 +179,9 @@ void prandom_seed(u32 entropy) |
1098 |
+ */ |
1099 |
+ for_each_possible_cpu (i) { |
1100 |
+ struct rnd_state *state = &per_cpu(net_rand_state, i); |
1101 |
+- state->s1 = __seed(state->s1 ^ entropy, 2); |
1102 |
++ |
1103 |
++ state->s1 = __seed(state->s1 ^ entropy, 2U); |
1104 |
++ prandom_warmup(state); |
1105 |
+ } |
1106 |
+ } |
1107 |
+ EXPORT_SYMBOL(prandom_seed); |
1108 |
+@@ -154,46 +194,249 @@ static int __init prandom_init(void) |
1109 |
+ { |
1110 |
+ int i; |
1111 |
+ |
1112 |
++#ifdef CONFIG_RANDOM32_SELFTEST |
1113 |
++ prandom_state_selftest(); |
1114 |
++#endif |
1115 |
++ |
1116 |
+ for_each_possible_cpu(i) { |
1117 |
+ struct rnd_state *state = &per_cpu(net_rand_state,i); |
1118 |
+ |
1119 |
+-#define LCG(x) ((x) * 69069) /* super-duper LCG */ |
1120 |
+- state->s1 = __seed(LCG(i + jiffies), 2); |
1121 |
+- state->s2 = __seed(LCG(state->s1), 8); |
1122 |
+- state->s3 = __seed(LCG(state->s2), 16); |
1123 |
+- |
1124 |
+- /* "warm it up" */ |
1125 |
+- prandom_u32_state(state); |
1126 |
+- prandom_u32_state(state); |
1127 |
+- prandom_u32_state(state); |
1128 |
+- prandom_u32_state(state); |
1129 |
+- prandom_u32_state(state); |
1130 |
+- prandom_u32_state(state); |
1131 |
++ prandom_seed_very_weak(state, (i + jiffies) ^ random_get_entropy()); |
1132 |
++ prandom_warmup(state); |
1133 |
+ } |
1134 |
+ return 0; |
1135 |
+ } |
1136 |
+ core_initcall(prandom_init); |
1137 |
+ |
1138 |
++static void __prandom_timer(unsigned long dontcare); |
1139 |
++static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0); |
1140 |
++ |
1141 |
++static void __prandom_timer(unsigned long dontcare) |
1142 |
++{ |
1143 |
++ u32 entropy; |
1144 |
++ unsigned long expires; |
1145 |
++ |
1146 |
++ get_random_bytes(&entropy, sizeof(entropy)); |
1147 |
++ prandom_seed(entropy); |
1148 |
++ |
1149 |
++ /* reseed every ~60 seconds, in [40 .. 80) interval with slack */ |
1150 |
++ expires = 40 + (prandom_u32() % 40); |
1151 |
++ seed_timer.expires = jiffies + msecs_to_jiffies(expires * MSEC_PER_SEC); |
1152 |
++ |
1153 |
++ add_timer(&seed_timer); |
1154 |
++} |
1155 |
++ |
1156 |
++static void __init __prandom_start_seed_timer(void) |
1157 |
++{ |
1158 |
++ set_timer_slack(&seed_timer, HZ); |
1159 |
++ seed_timer.expires = jiffies + msecs_to_jiffies(40 * MSEC_PER_SEC); |
1160 |
++ add_timer(&seed_timer); |
1161 |
++} |
1162 |
++ |
1163 |
+ /* |
1164 |
+ * Generate better values after random number generator |
1165 |
+ * is fully initialized. |
1166 |
+ */ |
1167 |
+-static int __init prandom_reseed(void) |
1168 |
++static void __prandom_reseed(bool late) |
1169 |
+ { |
1170 |
+ int i; |
1171 |
++ unsigned long flags; |
1172 |
++ static bool latch = false; |
1173 |
++ static DEFINE_SPINLOCK(lock); |
1174 |
++ |
1175 |
++ /* only allow initial seeding (late == false) once */ |
1176 |
++ spin_lock_irqsave(&lock, flags); |
1177 |
++ if (latch && !late) |
1178 |
++ goto out; |
1179 |
++ latch = true; |
1180 |
+ |
1181 |
+ for_each_possible_cpu(i) { |
1182 |
+ struct rnd_state *state = &per_cpu(net_rand_state,i); |
1183 |
+- u32 seeds[3]; |
1184 |
++ u32 seeds[4]; |
1185 |
+ |
1186 |
+ get_random_bytes(&seeds, sizeof(seeds)); |
1187 |
+- state->s1 = __seed(seeds[0], 2); |
1188 |
+- state->s2 = __seed(seeds[1], 8); |
1189 |
+- state->s3 = __seed(seeds[2], 16); |
1190 |
++ state->s1 = __seed(seeds[0], 2U); |
1191 |
++ state->s2 = __seed(seeds[1], 8U); |
1192 |
++ state->s3 = __seed(seeds[2], 16U); |
1193 |
++ state->s4 = __seed(seeds[3], 128U); |
1194 |
+ |
1195 |
+- /* mix it in */ |
1196 |
+- prandom_u32_state(state); |
1197 |
++ prandom_warmup(state); |
1198 |
+ } |
1199 |
++out: |
1200 |
++ spin_unlock_irqrestore(&lock, flags); |
1201 |
++} |
1202 |
++ |
1203 |
++void prandom_reseed_late(void) |
1204 |
++{ |
1205 |
++ __prandom_reseed(true); |
1206 |
++} |
1207 |
++ |
1208 |
++static int __init prandom_reseed(void) |
1209 |
++{ |
1210 |
++ __prandom_reseed(false); |
1211 |
++ __prandom_start_seed_timer(); |
1212 |
+ return 0; |
1213 |
+ } |
1214 |
+ late_initcall(prandom_reseed); |
1215 |
++ |
1216 |
++#ifdef CONFIG_RANDOM32_SELFTEST |
1217 |
++static struct prandom_test1 { |
1218 |
++ u32 seed; |
1219 |
++ u32 result; |
1220 |
++} test1[] = { |
1221 |
++ { 1U, 3484351685U }, |
1222 |
++ { 2U, 2623130059U }, |
1223 |
++ { 3U, 3125133893U }, |
1224 |
++ { 4U, 984847254U }, |
1225 |
++}; |
1226 |
++ |
1227 |
++static struct prandom_test2 { |
1228 |
++ u32 seed; |
1229 |
++ u32 iteration; |
1230 |
++ u32 result; |
1231 |
++} test2[] = { |
1232 |
++ /* Test cases against taus113 from GSL library. */ |
1233 |
++ { 931557656U, 959U, 2975593782U }, |
1234 |
++ { 1339693295U, 876U, 3887776532U }, |
1235 |
++ { 1545556285U, 961U, 1615538833U }, |
1236 |
++ { 601730776U, 723U, 1776162651U }, |
1237 |
++ { 1027516047U, 687U, 511983079U }, |
1238 |
++ { 416526298U, 700U, 916156552U }, |
1239 |
++ { 1395522032U, 652U, 2222063676U }, |
1240 |
++ { 366221443U, 617U, 2992857763U }, |
1241 |
++ { 1539836965U, 714U, 3783265725U }, |
1242 |
++ { 556206671U, 994U, 799626459U }, |
1243 |
++ { 684907218U, 799U, 367789491U }, |
1244 |
++ { 2121230701U, 931U, 2115467001U }, |
1245 |
++ { 1668516451U, 644U, 3620590685U }, |
1246 |
++ { 768046066U, 883U, 2034077390U }, |
1247 |
++ { 1989159136U, 833U, 1195767305U }, |
1248 |
++ { 536585145U, 996U, 3577259204U }, |
1249 |
++ { 1008129373U, 642U, 1478080776U }, |
1250 |
++ { 1740775604U, 939U, 1264980372U }, |
1251 |
++ { 1967883163U, 508U, 10734624U }, |
1252 |
++ { 1923019697U, 730U, 3821419629U }, |
1253 |
++ { 442079932U, 560U, 3440032343U }, |
1254 |
++ { 1961302714U, 845U, 841962572U }, |
1255 |
++ { 2030205964U, 962U, 1325144227U }, |
1256 |
++ { 1160407529U, 507U, 240940858U }, |
1257 |
++ { 635482502U, 779U, 4200489746U }, |
1258 |
++ { 1252788931U, 699U, 867195434U }, |
1259 |
++ { 1961817131U, 719U, 668237657U }, |
1260 |
++ { 1071468216U, 983U, 917876630U }, |
1261 |
++ { 1281848367U, 932U, 1003100039U }, |
1262 |
++ { 582537119U, 780U, 1127273778U }, |
1263 |
++ { 1973672777U, 853U, 1071368872U }, |
1264 |
++ { 1896756996U, 762U, 1127851055U }, |
1265 |
++ { 847917054U, 500U, 1717499075U }, |
1266 |
++ { 1240520510U, 951U, 2849576657U }, |
1267 |
++ { 1685071682U, 567U, 1961810396U }, |
1268 |
++ { 1516232129U, 557U, 3173877U }, |
1269 |
++ { 1208118903U, 612U, 1613145022U }, |
1270 |
++ { 1817269927U, 693U, 4279122573U }, |
1271 |
++ { 1510091701U, 717U, 638191229U }, |
1272 |
++ { 365916850U, 807U, 600424314U }, |
1273 |
++ { 399324359U, 702U, 1803598116U }, |
1274 |
++ { 1318480274U, 779U, 2074237022U }, |
1275 |
++ { 697758115U, 840U, 1483639402U }, |
1276 |
++ { 1696507773U, 840U, 577415447U }, |
1277 |
++ { 2081979121U, 981U, 3041486449U }, |
1278 |
++ { 955646687U, 742U, 3846494357U }, |
1279 |
++ { 1250683506U, 749U, 836419859U }, |
1280 |
++ { 595003102U, 534U, 366794109U }, |
1281 |
++ { 47485338U, 558U, 3521120834U }, |
1282 |
++ { 619433479U, 610U, 3991783875U }, |
1283 |
++ { 704096520U, 518U, 4139493852U }, |
1284 |
++ { 1712224984U, 606U, 2393312003U }, |
1285 |
++ { 1318233152U, 922U, 3880361134U }, |
1286 |
++ { 855572992U, 761U, 1472974787U }, |
1287 |
++ { 64721421U, 703U, 683860550U }, |
1288 |
++ { 678931758U, 840U, 380616043U }, |
1289 |
++ { 692711973U, 778U, 1382361947U }, |
1290 |
++ { 677703619U, 530U, 2826914161U }, |
1291 |
++ { 92393223U, 586U, 1522128471U }, |
1292 |
++ { 1222592920U, 743U, 3466726667U }, |
1293 |
++ { 358288986U, 695U, 1091956998U }, |
1294 |
++ { 1935056945U, 958U, 514864477U }, |
1295 |
++ { 735675993U, 990U, 1294239989U }, |
1296 |
++ { 1560089402U, 897U, 2238551287U }, |
1297 |
++ { 70616361U, 829U, 22483098U }, |
1298 |
++ { 368234700U, 731U, 2913875084U }, |
1299 |
++ { 20221190U, 879U, 1564152970U }, |
1300 |
++ { 539444654U, 682U, 1835141259U }, |
1301 |
++ { 1314987297U, 840U, 1801114136U }, |
1302 |
++ { 2019295544U, 645U, 3286438930U }, |
1303 |
++ { 469023838U, 716U, 1637918202U }, |
1304 |
++ { 1843754496U, 653U, 2562092152U }, |
1305 |
++ { 400672036U, 809U, 4264212785U }, |
1306 |
++ { 404722249U, 965U, 2704116999U }, |
1307 |
++ { 600702209U, 758U, 584979986U }, |
1308 |
++ { 519953954U, 667U, 2574436237U }, |
1309 |
++ { 1658071126U, 694U, 2214569490U }, |
1310 |
++ { 420480037U, 749U, 3430010866U }, |
1311 |
++ { 690103647U, 969U, 3700758083U }, |
1312 |
++ { 1029424799U, 937U, 3787746841U }, |
1313 |
++ { 2012608669U, 506U, 3362628973U }, |
1314 |
++ { 1535432887U, 998U, 42610943U }, |
1315 |
++ { 1330635533U, 857U, 3040806504U }, |
1316 |
++ { 1223800550U, 539U, 3954229517U }, |
1317 |
++ { 1322411537U, 680U, 3223250324U }, |
1318 |
++ { 1877847898U, 945U, 2915147143U }, |
1319 |
++ { 1646356099U, 874U, 965988280U }, |
1320 |
++ { 805687536U, 744U, 4032277920U }, |
1321 |
++ { 1948093210U, 633U, 1346597684U }, |
1322 |
++ { 392609744U, 783U, 1636083295U }, |
1323 |
++ { 690241304U, 770U, 1201031298U }, |
1324 |
++ { 1360302965U, 696U, 1665394461U }, |
1325 |
++ { 1220090946U, 780U, 1316922812U }, |
1326 |
++ { 447092251U, 500U, 3438743375U }, |
1327 |
++ { 1613868791U, 592U, 828546883U }, |
1328 |
++ { 523430951U, 548U, 2552392304U }, |
1329 |
++ { 726692899U, 810U, 1656872867U }, |
1330 |
++ { 1364340021U, 836U, 3710513486U }, |
1331 |
++ { 1986257729U, 931U, 935013962U }, |
1332 |
++ { 407983964U, 921U, 728767059U }, |
1333 |
++}; |
1334 |
++ |
1335 |
++static void __init prandom_state_selftest(void) |
1336 |
++{ |
1337 |
++ int i, j, errors = 0, runs = 0; |
1338 |
++ bool error = false; |
1339 |
++ |
1340 |
++ for (i = 0; i < ARRAY_SIZE(test1); i++) { |
1341 |
++ struct rnd_state state; |
1342 |
++ |
1343 |
++ prandom_seed_very_weak(&state, test1[i].seed); |
1344 |
++ prandom_warmup(&state); |
1345 |
++ |
1346 |
++ if (test1[i].result != prandom_u32_state(&state)) |
1347 |
++ error = true; |
1348 |
++ } |
1349 |
++ |
1350 |
++ if (error) |
1351 |
++ pr_warn("prandom: seed boundary self test failed\n"); |
1352 |
++ else |
1353 |
++ pr_info("prandom: seed boundary self test passed\n"); |
1354 |
++ |
1355 |
++ for (i = 0; i < ARRAY_SIZE(test2); i++) { |
1356 |
++ struct rnd_state state; |
1357 |
++ |
1358 |
++ prandom_seed_very_weak(&state, test2[i].seed); |
1359 |
++ prandom_warmup(&state); |
1360 |
++ |
1361 |
++ for (j = 0; j < test2[i].iteration - 1; j++) |
1362 |
++ prandom_u32_state(&state); |
1363 |
++ |
1364 |
++ if (test2[i].result != prandom_u32_state(&state)) |
1365 |
++ errors++; |
1366 |
++ |
1367 |
++ runs++; |
1368 |
++ cond_resched(); |
1369 |
++ } |
1370 |
++ |
1371 |
++ if (errors) |
1372 |
++ pr_warn("prandom: %d/%d self tests failed\n", errors, runs); |
1373 |
++ else |
1374 |
++ pr_info("prandom: %d self tests passed\n", runs); |
1375 |
++} |
1376 |
++#endif |
1377 |
diff --git a/lib/strncpy_from_user.c b/lib/strncpy_from_user.c |
1378 |
index bb2b201..46abaf9 100644 |
1379 |
--- a/lib/strncpy_from_user.c |
1380 |
@@ -88179,6 +88838,37 @@ index b32b70c..e512eb0 100644 |
1381 |
pkmap_count[last_pkmap_nr] = 1; |
1382 |
set_page_address(page, (void *)vaddr); |
1383 |
|
1384 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
1385 |
+index 4796245..292a266 100644 |
1386 |
+--- a/mm/huge_memory.c |
1387 |
++++ b/mm/huge_memory.c |
1388 |
+@@ -1154,7 +1154,7 @@ alloc: |
1389 |
+ new_page = NULL; |
1390 |
+ |
1391 |
+ if (unlikely(!new_page)) { |
1392 |
+- if (is_huge_zero_pmd(orig_pmd)) { |
1393 |
++ if (!page) { |
1394 |
+ ret = do_huge_pmd_wp_zero_page_fallback(mm, vma, |
1395 |
+ address, pmd, orig_pmd, haddr); |
1396 |
+ } else { |
1397 |
+@@ -1181,7 +1181,7 @@ alloc: |
1398 |
+ |
1399 |
+ count_vm_event(THP_FAULT_ALLOC); |
1400 |
+ |
1401 |
+- if (is_huge_zero_pmd(orig_pmd)) |
1402 |
++ if (!page) |
1403 |
+ clear_huge_page(new_page, haddr, HPAGE_PMD_NR); |
1404 |
+ else |
1405 |
+ copy_user_huge_page(new_page, page, haddr, vma, HPAGE_PMD_NR); |
1406 |
+@@ -1207,7 +1207,7 @@ alloc: |
1407 |
+ page_add_new_anon_rmap(new_page, vma, haddr); |
1408 |
+ set_pmd_at(mm, haddr, pmd, entry); |
1409 |
+ update_mmu_cache_pmd(vma, address, pmd); |
1410 |
+- if (is_huge_zero_pmd(orig_pmd)) { |
1411 |
++ if (!page) { |
1412 |
+ add_mm_counter(mm, MM_ANONPAGES, HPAGE_PMD_NR); |
1413 |
+ put_huge_zero_page(); |
1414 |
+ } else { |
1415 |
diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
1416 |
index 0b7656e..d21cefc 100644 |
1417 |
--- a/mm/hugetlb.c |
1418 |
@@ -92546,7 +93236,7 @@ index de7c904..c84bf11 100644 |
1419 |
|
1420 |
if (S_ISREG(inode->i_mode)) |
1421 |
diff --git a/mm/util.c b/mm/util.c |
1422 |
-index eaf63fc2..32b2629 100644 |
1423 |
+index eaf63fc2..c6952b2 100644 |
1424 |
--- a/mm/util.c |
1425 |
+++ b/mm/util.c |
1426 |
@@ -294,6 +294,12 @@ done: |
1427 |
@@ -92562,6 +93252,18 @@ index eaf63fc2..32b2629 100644 |
1428 |
mm->get_unmapped_area = arch_get_unmapped_area; |
1429 |
} |
1430 |
#endif |
1431 |
+@@ -387,7 +393,10 @@ struct address_space *page_mapping(struct page *page) |
1432 |
+ { |
1433 |
+ struct address_space *mapping = page->mapping; |
1434 |
+ |
1435 |
+- VM_BUG_ON(PageSlab(page)); |
1436 |
++ /* This happens if someone calls flush_dcache_page on slab page */ |
1437 |
++ if (unlikely(PageSlab(page))) |
1438 |
++ return NULL; |
1439 |
++ |
1440 |
+ if (unlikely(PageSwapCache(page))) { |
1441 |
+ swp_entry_t entry; |
1442 |
+ |
1443 |
diff --git a/mm/vmalloc.c b/mm/vmalloc.c |
1444 |
index 1074543..136dbe0 100644 |
1445 |
--- a/mm/vmalloc.c |
1446 |
@@ -93673,6 +94375,68 @@ index 5b7d0e1..cb960fc 100644 |
1447 |
} |
1448 |
} |
1449 |
EXPORT_SYMBOL(dev_load); |
1450 |
+diff --git a/net/core/filter.c b/net/core/filter.c |
1451 |
+index 01b7808..ad30d62 100644 |
1452 |
+--- a/net/core/filter.c |
1453 |
++++ b/net/core/filter.c |
1454 |
+@@ -36,7 +36,6 @@ |
1455 |
+ #include <asm/uaccess.h> |
1456 |
+ #include <asm/unaligned.h> |
1457 |
+ #include <linux/filter.h> |
1458 |
+-#include <linux/reciprocal_div.h> |
1459 |
+ #include <linux/ratelimit.h> |
1460 |
+ #include <linux/seccomp.h> |
1461 |
+ #include <linux/if_vlan.h> |
1462 |
+@@ -166,7 +165,7 @@ unsigned int sk_run_filter(const struct sk_buff *skb, |
1463 |
+ A /= X; |
1464 |
+ continue; |
1465 |
+ case BPF_S_ALU_DIV_K: |
1466 |
+- A = reciprocal_divide(A, K); |
1467 |
++ A /= K; |
1468 |
+ continue; |
1469 |
+ case BPF_S_ALU_MOD_X: |
1470 |
+ if (X == 0) |
1471 |
+@@ -553,11 +552,6 @@ int sk_chk_filter(struct sock_filter *filter, unsigned int flen) |
1472 |
+ /* Some instructions need special checks */ |
1473 |
+ switch (code) { |
1474 |
+ case BPF_S_ALU_DIV_K: |
1475 |
+- /* check for division by zero */ |
1476 |
+- if (ftest->k == 0) |
1477 |
+- return -EINVAL; |
1478 |
+- ftest->k = reciprocal_value(ftest->k); |
1479 |
+- break; |
1480 |
+ case BPF_S_ALU_MOD_K: |
1481 |
+ /* check for division by zero */ |
1482 |
+ if (ftest->k == 0) |
1483 |
+@@ -853,27 +847,7 @@ void sk_decode_filter(struct sock_filter *filt, struct sock_filter *to) |
1484 |
+ to->code = decodes[code]; |
1485 |
+ to->jt = filt->jt; |
1486 |
+ to->jf = filt->jf; |
1487 |
+- |
1488 |
+- if (code == BPF_S_ALU_DIV_K) { |
1489 |
+- /* |
1490 |
+- * When loaded this rule user gave us X, which was |
1491 |
+- * translated into R = r(X). Now we calculate the |
1492 |
+- * RR = r(R) and report it back. If next time this |
1493 |
+- * value is loaded and RRR = r(RR) is calculated |
1494 |
+- * then the R == RRR will be true. |
1495 |
+- * |
1496 |
+- * One exception. X == 1 translates into R == 0 and |
1497 |
+- * we can't calculate RR out of it with r(). |
1498 |
+- */ |
1499 |
+- |
1500 |
+- if (filt->k == 0) |
1501 |
+- to->k = 1; |
1502 |
+- else |
1503 |
+- to->k = reciprocal_value(filt->k); |
1504 |
+- |
1505 |
+- BUG_ON(reciprocal_value(to->k) != filt->k); |
1506 |
+- } else |
1507 |
+- to->k = filt->k; |
1508 |
++ to->k = filt->k; |
1509 |
+ } |
1510 |
+ |
1511 |
+ int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf, unsigned int len) |
1512 |
diff --git a/net/core/flow.c b/net/core/flow.c |
1513 |
index dfa602c..3103d88 100644 |
1514 |
--- a/net/core/flow.c |
1515 |
@@ -94235,6 +94999,23 @@ index 008f337..b03b8c9 100644 |
1516 |
/* replace the top byte with new ECN | DSCP format */ |
1517 |
*hc06_ptr = tmp; |
1518 |
hc06_ptr += 4; |
1519 |
+diff --git a/net/ieee802154/nl-phy.c b/net/ieee802154/nl-phy.c |
1520 |
+index 22b1a70..4efd237 100644 |
1521 |
+--- a/net/ieee802154/nl-phy.c |
1522 |
++++ b/net/ieee802154/nl-phy.c |
1523 |
+@@ -224,8 +224,10 @@ static int ieee802154_add_iface(struct sk_buff *skb, |
1524 |
+ |
1525 |
+ if (info->attrs[IEEE802154_ATTR_DEV_TYPE]) { |
1526 |
+ type = nla_get_u8(info->attrs[IEEE802154_ATTR_DEV_TYPE]); |
1527 |
+- if (type >= __IEEE802154_DEV_MAX) |
1528 |
+- return -EINVAL; |
1529 |
++ if (type >= __IEEE802154_DEV_MAX) { |
1530 |
++ rc = -EINVAL; |
1531 |
++ goto nla_put_failure; |
1532 |
++ } |
1533 |
+ } |
1534 |
+ |
1535 |
+ dev = phy->add_iface(phy, devname, type); |
1536 |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
1537 |
index cfeb85c..385989a 100644 |
1538 |
--- a/net/ipv4/af_inet.c |
1539 |
@@ -94612,6 +95393,25 @@ index 7f80fb4..b0328f6 100644 |
1540 |
.kind = "ipip", |
1541 |
.maxtype = IFLA_IPTUN_MAX, |
1542 |
.policy = ipip_policy, |
1543 |
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
1544 |
+index 62212c7..1672409 100644 |
1545 |
+--- a/net/ipv4/ipmr.c |
1546 |
++++ b/net/ipv4/ipmr.c |
1547 |
+@@ -157,9 +157,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id) |
1548 |
+ static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4, |
1549 |
+ struct mr_table **mrt) |
1550 |
+ { |
1551 |
++ int err; |
1552 |
+ struct ipmr_result res; |
1553 |
+- struct fib_lookup_arg arg = { .result = &res, }; |
1554 |
+- int err; |
1555 |
++ struct fib_lookup_arg arg = { |
1556 |
++ .result = &res, |
1557 |
++ .flags = FIB_LOOKUP_NOREF, |
1558 |
++ }; |
1559 |
+ |
1560 |
+ err = fib_rules_lookup(net->ipv4.mr_rules_ops, |
1561 |
+ flowi4_to_flowi(flp4), 0, &arg); |
1562 |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c |
1563 |
index 85a4f21..1beb1f5 100644 |
1564 |
--- a/net/ipv4/netfilter/arp_tables.c |
1565 |
@@ -95559,6 +96359,25 @@ index c1e11b5..568e633 100644 |
1566 |
.kind = "ip6tnl", |
1567 |
.maxtype = IFLA_IPTUN_MAX, |
1568 |
.policy = ip6_tnl_policy, |
1569 |
+diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c |
1570 |
+index f365310..0eb4038 100644 |
1571 |
+--- a/net/ipv6/ip6mr.c |
1572 |
++++ b/net/ipv6/ip6mr.c |
1573 |
+@@ -141,9 +141,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id) |
1574 |
+ static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6, |
1575 |
+ struct mr6_table **mrt) |
1576 |
+ { |
1577 |
++ int err; |
1578 |
+ struct ip6mr_result res; |
1579 |
+- struct fib_lookup_arg arg = { .result = &res, }; |
1580 |
+- int err; |
1581 |
++ struct fib_lookup_arg arg = { |
1582 |
++ .result = &res, |
1583 |
++ .flags = FIB_LOOKUP_NOREF, |
1584 |
++ }; |
1585 |
+ |
1586 |
+ err = fib_rules_lookup(net->ipv6.mr6_rules_ops, |
1587 |
+ flowi6_to_flowi(flp6), 0, &arg); |
1588 |
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
1589 |
index d1e2e8e..51c19ae 100644 |
1590 |
--- a/net/ipv6/ipv6_sockglue.c |
1591 |
@@ -97780,7 +98599,7 @@ index 6b36561..4f21064 100644 |
1592 |
|
1593 |
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); |
1594 |
diff --git a/net/socket.c b/net/socket.c |
1595 |
-index e83c416..9169305 100644 |
1596 |
+index e83c416..6342a2f 100644 |
1597 |
--- a/net/socket.c |
1598 |
+++ b/net/socket.c |
1599 |
@@ -88,6 +88,7 @@ |
1600 |
@@ -97955,15 +98774,6 @@ index e83c416..9169305 100644 |
1601 |
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, |
1602 |
unsigned int, flags, struct sockaddr __user *, addr, |
1603 |
int, addr_len) |
1604 |
-@@ -1825,7 +1891,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, |
1605 |
- struct socket *sock; |
1606 |
- struct iovec iov; |
1607 |
- struct msghdr msg; |
1608 |
-- struct sockaddr_storage address; |
1609 |
-+ struct sockaddr_storage address = { }; |
1610 |
- int err, err2; |
1611 |
- int fput_needed; |
1612 |
- |
1613 |
@@ -2047,7 +2113,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
1614 |
* checking falls down on this. |
1615 |
*/ |
1616 |
@@ -97973,15 +98783,6 @@ index e83c416..9169305 100644 |
1617 |
ctl_len)) |
1618 |
goto out_freectl; |
1619 |
msg_sys->msg_control = ctl_buf; |
1620 |
-@@ -2198,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
1621 |
- int err, total_len, len; |
1622 |
- |
1623 |
- /* kernel mode address */ |
1624 |
-- struct sockaddr_storage addr; |
1625 |
-+ struct sockaddr_storage addr = { }; |
1626 |
- |
1627 |
- /* user mode address pointers */ |
1628 |
- struct sockaddr __user *uaddr; |
1629 |
@@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
1630 |
/* Save the user-mode address (verify_iovec will change the |
1631 |
* kernel msghdr to use the kernel address space) |
1632 |
@@ -100517,10 +101318,44 @@ index fc3e662..7844c60 100644 |
1633 |
lock = &avc_cache.slots_lock[hvalue]; |
1634 |
|
1635 |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
1636 |
-index 392a044..5e931be 100644 |
1637 |
+index 392a044..c3eb2bd 100644 |
1638 |
--- a/security/selinux/hooks.c |
1639 |
+++ b/security/selinux/hooks.c |
1640 |
-@@ -5693,7 +5693,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) |
1641 |
+@@ -220,6 +220,14 @@ static int inode_alloc_security(struct inode *inode) |
1642 |
+ return 0; |
1643 |
+ } |
1644 |
+ |
1645 |
++static void inode_free_rcu(struct rcu_head *head) |
1646 |
++{ |
1647 |
++ struct inode_security_struct *isec; |
1648 |
++ |
1649 |
++ isec = container_of(head, struct inode_security_struct, rcu); |
1650 |
++ kmem_cache_free(sel_inode_cache, isec); |
1651 |
++} |
1652 |
++ |
1653 |
+ static void inode_free_security(struct inode *inode) |
1654 |
+ { |
1655 |
+ struct inode_security_struct *isec = inode->i_security; |
1656 |
+@@ -230,8 +238,16 @@ static void inode_free_security(struct inode *inode) |
1657 |
+ list_del_init(&isec->list); |
1658 |
+ spin_unlock(&sbsec->isec_lock); |
1659 |
+ |
1660 |
+- inode->i_security = NULL; |
1661 |
+- kmem_cache_free(sel_inode_cache, isec); |
1662 |
++ /* |
1663 |
++ * The inode may still be referenced in a path walk and |
1664 |
++ * a call to selinux_inode_permission() can be made |
1665 |
++ * after inode_free_security() is called. Ideally, the VFS |
1666 |
++ * wouldn't do this, but fixing that is a much harder |
1667 |
++ * job. For now, simply free the i_security via RCU, and |
1668 |
++ * leave the current inode->i_security pointer intact. |
1669 |
++ * The inode will be freed after the RCU grace period too. |
1670 |
++ */ |
1671 |
++ call_rcu(&isec->rcu, inode_free_rcu); |
1672 |
+ } |
1673 |
+ |
1674 |
+ static int file_alloc_security(struct file *file) |
1675 |
+@@ -5693,7 +5709,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) |
1676 |
|
1677 |
#endif |
1678 |
|
1679 |
@@ -100529,7 +101364,7 @@ index 392a044..5e931be 100644 |
1680 |
.name = "selinux", |
1681 |
|
1682 |
.ptrace_access_check = selinux_ptrace_access_check, |
1683 |
-@@ -6045,6 +6045,9 @@ static void selinux_nf_ip_exit(void) |
1684 |
+@@ -6045,6 +6061,9 @@ static void selinux_nf_ip_exit(void) |
1685 |
#ifdef CONFIG_SECURITY_SELINUX_DISABLE |
1686 |
static int selinux_disabled; |
1687 |
|
1688 |
@@ -100539,7 +101374,7 @@ index 392a044..5e931be 100644 |
1689 |
int selinux_disable(void) |
1690 |
{ |
1691 |
if (ss_initialized) { |
1692 |
-@@ -6062,7 +6065,9 @@ int selinux_disable(void) |
1693 |
+@@ -6062,7 +6081,9 @@ int selinux_disable(void) |
1694 |
selinux_disabled = 1; |
1695 |
selinux_enabled = 0; |
1696 |
|
1697 |
@@ -100550,6 +101385,22 @@ index 392a044..5e931be 100644 |
1698 |
|
1699 |
/* Try to destroy the avc node cache */ |
1700 |
avc_disable(); |
1701 |
+diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h |
1702 |
+index aa47bca..6fd9dd2 100644 |
1703 |
+--- a/security/selinux/include/objsec.h |
1704 |
++++ b/security/selinux/include/objsec.h |
1705 |
+@@ -38,7 +38,10 @@ struct task_security_struct { |
1706 |
+ |
1707 |
+ struct inode_security_struct { |
1708 |
+ struct inode *inode; /* back pointer to inode object */ |
1709 |
+- struct list_head list; /* list of inode_security_struct */ |
1710 |
++ union { |
1711 |
++ struct list_head list; /* list of inode_security_struct */ |
1712 |
++ struct rcu_head rcu; /* for freeing the inode_security_struct */ |
1713 |
++ }; |
1714 |
+ u32 task_sid; /* SID of creating task */ |
1715 |
+ u32 sid; /* SID of this object */ |
1716 |
+ u16 sclass; /* security class of this object */ |
1717 |
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h |
1718 |
index c1af4e1..bcb003c 100644 |
1719 |
--- a/security/selinux/include/xfrm.h |
1720 |
@@ -101629,10 +102480,10 @@ index 0000000..414fe5e |
1721 |
+} |
1722 |
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c |
1723 |
new file mode 100644 |
1724 |
-index 0000000..3e46b2f |
1725 |
+index 0000000..59bf839 |
1726 |
--- /dev/null |
1727 |
+++ b/tools/gcc/constify_plugin.c |
1728 |
-@@ -0,0 +1,559 @@ |
1729 |
+@@ -0,0 +1,557 @@ |
1730 |
+/* |
1731 |
+ * Copyright 2011 by Emese Revfy <re.emese@×××××.com> |
1732 |
+ * Copyright 2011-2013 by PaX Team <pageexec@××××××××.hu> |
1733 |
@@ -101679,7 +102530,7 @@ index 0000000..3e46b2f |
1734 |
+int plugin_is_GPL_compatible; |
1735 |
+ |
1736 |
+static struct plugin_info const_plugin_info = { |
1737 |
-+ .version = "201401121315", |
1738 |
++ .version = "201401140130", |
1739 |
+ .help = "no-constify\tturn off constification\n", |
1740 |
+}; |
1741 |
+ |
1742 |
@@ -101805,8 +102656,10 @@ index 0000000..3e46b2f |
1743 |
+ } |
1744 |
+ TYPE_READONLY(type) = 0; |
1745 |
+ C_TYPE_FIELDS_READONLY(type) = 0; |
1746 |
-+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) |
1747 |
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { |
1748 |
++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); |
1749 |
+ TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type)); |
1750 |
++ } |
1751 |
+} |
1752 |
+ |
1753 |
+static void deconstify_tree(tree node) |
1754 |
@@ -101899,6 +102752,7 @@ index 0000000..3e46b2f |
1755 |
+ TYPE_READONLY(type) = 1; |
1756 |
+ C_TYPE_FIELDS_READONLY(type) = 1; |
1757 |
+ TYPE_CONSTIFY_VISITED(type) = 1; |
1758 |
++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); |
1759 |
+// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type)); |
1760 |
+} |
1761 |
+ |
1762 |
@@ -102010,7 +102864,7 @@ index 0000000..3e46b2f |
1763 |
+ TYPE_CONSTIFY_VISITED(type) = 1; |
1764 |
+} |
1765 |
+ |
1766 |
-+static void check_global_variables(void) |
1767 |
++static void check_global_variables(void *event_data, void *data) |
1768 |
+{ |
1769 |
+ struct varpool_node *node; |
1770 |
+ |
1771 |
@@ -102083,21 +102937,15 @@ index 0000000..3e46b2f |
1772 |
+ return ret; |
1773 |
+} |
1774 |
+ |
1775 |
-+static unsigned int check_variables(void) |
1776 |
-+{ |
1777 |
-+ check_global_variables(); |
1778 |
-+ return check_local_variables(); |
1779 |
-+} |
1780 |
-+ |
1781 |
+static struct gimple_opt_pass pass_local_variable = { |
1782 |
+ { |
1783 |
+ .type = GIMPLE_PASS, |
1784 |
-+ .name = "check_variables", |
1785 |
++ .name = "check_local_variables", |
1786 |
+#if BUILDING_GCC_VERSION >= 4008 |
1787 |
+ .optinfo_flags = OPTGROUP_NONE, |
1788 |
+#endif |
1789 |
+ .gate = NULL, |
1790 |
-+ .execute = check_variables, |
1791 |
++ .execute = check_local_variables, |
1792 |
+ .sub = NULL, |
1793 |
+ .next = NULL, |
1794 |
+ .static_pass_number = 0, |
1795 |
@@ -102184,6 +103032,7 @@ index 0000000..3e46b2f |
1796 |
+ |
1797 |
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info); |
1798 |
+ if (constify) { |
1799 |
++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); |
1800 |
+ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); |
1801 |
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info); |
1802 |
+ register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL); |
1803 |
|
1804 |
diff --git a/3.2.54/0000_README b/3.2.54/0000_README |
1805 |
index 155b184..30d9794 100644 |
1806 |
--- a/3.2.54/0000_README |
1807 |
+++ b/3.2.54/0000_README |
1808 |
@@ -134,7 +134,7 @@ Patch: 1053_linux-3.2.54.patch |
1809 |
From: http://www.kernel.org |
1810 |
Desc: Linux 3.2.54 |
1811 |
|
1812 |
-Patch: 4420_grsecurity-3.0-3.2.54-201401160931.patch |
1813 |
+Patch: 4420_grsecurity-3.0-3.2.54-201401191012.patch |
1814 |
From: http://www.grsecurity.net |
1815 |
Desc: hardened-sources base patch from upstream grsecurity |
1816 |
|
1817 |
|
1818 |
diff --git a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch |
1819 |
similarity index 99% |
1820 |
rename from 3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch |
1821 |
rename to 3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch |
1822 |
index 6d2be70..ec718f0 100644 |
1823 |
--- a/3.2.54/4420_grsecurity-3.0-3.2.54-201401160931.patch |
1824 |
+++ b/3.2.54/4420_grsecurity-3.0-3.2.54-201401191012.patch |
1825 |
@@ -23066,7 +23066,7 @@ index 09ff517..df19fbff 100644 |
1826 |
.short 0 |
1827 |
.quad 0x00cf9b000000ffff # __KERNEL32_CS |
1828 |
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c |
1829 |
-index e6fbb94..75e9d8c 100644 |
1830 |
+index e6fbb94..b372995 100644 |
1831 |
--- a/arch/x86/kernel/traps.c |
1832 |
+++ b/arch/x86/kernel/traps.c |
1833 |
@@ -70,12 +70,6 @@ asmlinkage int system_call(void); |
1834 |
@@ -23211,7 +23211,7 @@ index e6fbb94..75e9d8c 100644 |
1835 |
{ |
1836 |
if (!fixup_exception(regs)) { |
1837 |
task->thread.error_code = error_code; |
1838 |
-@@ -576,8 +605,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) |
1839 |
+@@ -576,18 +605,19 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) |
1840 |
void __math_state_restore(struct task_struct *tsk) |
1841 |
{ |
1842 |
/* We need a safe address that is cheap to find and that is already |
1843 |
@@ -23222,6 +23222,23 @@ index e6fbb94..75e9d8c 100644 |
1844 |
|
1845 |
/* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception |
1846 |
is pending. Clear the x87 state here by setting it to fixed |
1847 |
+ values. safe_address is a random variable that should be in L1 */ |
1848 |
+- alternative_input( |
1849 |
+- ASM_NOP8 ASM_NOP2, |
1850 |
+- "emms\n\t" /* clear stack tags */ |
1851 |
+- "fildl %P[addr]", /* set F?P to defined value */ |
1852 |
+- X86_FEATURE_FXSAVE_LEAK, |
1853 |
+- [addr] "m" (safe_address)); |
1854 |
++ if (unlikely(static_cpu_has(X86_FEATURE_FXSAVE_LEAK))) { |
1855 |
++ asm volatile( |
1856 |
++ "fnclex\n\t" |
1857 |
++ "emms\n\t" |
1858 |
++ "fildl %P[addr]" /* set F?P to defined value */ |
1859 |
++ : : [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); |
1860 |
++ } |
1861 |
+ |
1862 |
+ /* |
1863 |
+ * Paranoid restore. send a SIGSEGV if we fail to restore the state. |
1864 |
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S |
1865 |
index b9242ba..50c5edd 100644 |
1866 |
--- a/arch/x86/kernel/verify_cpu.S |
1867 |
@@ -33960,7 +33977,7 @@ index da3cfee..a5a6606 100644 |
1868 |
|
1869 |
*ppos = i; |
1870 |
diff --git a/drivers/char/random.c b/drivers/char/random.c |
1871 |
-index c244f0e..fc574b2 100644 |
1872 |
+index c244f0e..3f6ae58 100644 |
1873 |
--- a/drivers/char/random.c |
1874 |
+++ b/drivers/char/random.c |
1875 |
@@ -255,10 +255,8 @@ |
1876 |
@@ -34695,7 +34712,7 @@ index c244f0e..fc574b2 100644 |
1877 |
} |
1878 |
#endif |
1879 |
|
1880 |
-@@ -835,97 +916,109 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
1881 |
+@@ -835,104 +916,127 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, |
1882 |
* from the primary pool to the secondary extraction pool. We make |
1883 |
* sure we pull enough for a 'catastrophic reseed'. |
1884 |
*/ |
1885 |
@@ -34870,24 +34887,25 @@ index c244f0e..fc574b2 100644 |
1886 |
} hash; |
1887 |
__u32 workspace[SHA_WORKSPACE_WORDS]; |
1888 |
__u8 extract[64]; |
1889 |
-@@ -938,6 +1031,17 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
1890 |
- sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); |
1891 |
+ unsigned long flags; |
1892 |
|
1893 |
- /* |
1894 |
+- /* Generate a hash across the pool, 16 words (512 bits) at a time */ |
1895 |
++ /* |
1896 |
+ * If we have an architectural hardware random number |
1897 |
-+ * generator, mix that in, too. |
1898 |
++ * generator, use it for SHA's initial vector |
1899 |
+ */ |
1900 |
+ sha_init(hash.w); |
1901 |
+ for (i = 0; i < LONGS(20); i++) { |
1902 |
+ unsigned long v; |
1903 |
+ if (!arch_get_random_long(&v)) |
1904 |
+ break; |
1905 |
-+ hash.l[i] ^= v; |
1906 |
++ hash.l[i] = v; |
1907 |
+ } |
1908 |
+ |
1909 |
-+ /* |
1910 |
- * We mix the hash back into the pool to prevent backtracking |
1911 |
- * attacks (where the attacker knows the state of the pool |
1912 |
- * plus the current outputs, and attempts to find previous |
1913 |
++ /* Generate a hash across the pool, 16 words (512 bits) at a time */ |
1914 |
+ spin_lock_irqsave(&r->lock, flags); |
1915 |
+ for (i = 0; i < r->poolinfo->poolwords; i += 16) |
1916 |
+ sha_transform(hash.w, (__u8 *)(r->pool + i), workspace); |
1917 |
@@ -966,27 +1070,43 @@ static void extract_buf(struct entropy_store *r, __u8 *out) |
1918 |
hash.w[1] ^= hash.w[4]; |
1919 |
hash.w[2] ^= rol32(hash.w[2], 16); |
1920 |
@@ -40838,9 +40856,27 @@ index c706a7b..2cc7511 100644 |
1921 |
"md/raid1:%s: read error corrected " |
1922 |
"(%d sectors at %llu on %s)\n", |
1923 |
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c |
1924 |
-index 8bba438..f065cc3 100644 |
1925 |
+index 8bba438..a579e8c 100644 |
1926 |
--- a/drivers/md/raid10.c |
1927 |
+++ b/drivers/md/raid10.c |
1928 |
+@@ -997,7 +997,7 @@ read_again: |
1929 |
+ /* Could not read all from this device, so we will |
1930 |
+ * need another r10_bio. |
1931 |
+ */ |
1932 |
+- sectors_handled = (r10_bio->sectors + max_sectors |
1933 |
++ sectors_handled = (r10_bio->sector + max_sectors |
1934 |
+ - bio->bi_sector); |
1935 |
+ r10_bio->sectors = max_sectors; |
1936 |
+ spin_lock_irq(&conf->device_lock); |
1937 |
+@@ -1005,7 +1005,7 @@ read_again: |
1938 |
+ bio->bi_phys_segments = 2; |
1939 |
+ else |
1940 |
+ bio->bi_phys_segments++; |
1941 |
+- spin_unlock(&conf->device_lock); |
1942 |
++ spin_unlock_irq(&conf->device_lock); |
1943 |
+ /* Cannot call generic_make_request directly |
1944 |
+ * as that will be queued in __generic_make_request |
1945 |
+ * and subsequent mempool_alloc might block |
1946 |
@@ -1465,7 +1465,7 @@ static void end_sync_read(struct bio *bio, int error) |
1947 |
/* The write handler will notice the lack of |
1948 |
* R10BIO_Uptodate and record any errors etc |
1949 |
@@ -40900,6 +40936,28 @@ index 8bba438..f065cc3 100644 |
1950 |
} |
1951 |
|
1952 |
rdev_dec_pending(rdev, mddev); |
1953 |
+@@ -2563,10 +2563,6 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, |
1954 |
+ if (j == conf->copies) { |
1955 |
+ /* Cannot recover, so abort the recovery or |
1956 |
+ * record a bad block */ |
1957 |
+- put_buf(r10_bio); |
1958 |
+- if (rb2) |
1959 |
+- atomic_dec(&rb2->remaining); |
1960 |
+- r10_bio = rb2; |
1961 |
+ if (any_working) { |
1962 |
+ /* problem is that there are bad blocks |
1963 |
+ * on other device(s) |
1964 |
+@@ -2590,6 +2586,10 @@ static sector_t sync_request(struct mddev *mddev, sector_t sector_nr, |
1965 |
+ conf->mirrors[i].recovery_disabled |
1966 |
+ = mddev->recovery_disabled; |
1967 |
+ } |
1968 |
++ put_buf(r10_bio); |
1969 |
++ if (rb2) |
1970 |
++ atomic_dec(&rb2->remaining); |
1971 |
++ r10_bio = rb2; |
1972 |
+ break; |
1973 |
+ } |
1974 |
+ } |
1975 |
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c |
1976 |
index 26ef63a..bd587cd 100644 |
1977 |
--- a/drivers/md/raid5.c |
1978 |
@@ -42829,6 +42887,18 @@ index a4a3516..3b3a7e0 100644 |
1979 |
s->hdlctx.calibrate = bi.data.calibrate * s->par.bitrate / 16; |
1980 |
return 0; |
1981 |
|
1982 |
+diff --git a/drivers/net/hamradio/yam.c b/drivers/net/hamradio/yam.c |
1983 |
+index 96a98d2..e4260ab 100644 |
1984 |
+--- a/drivers/net/hamradio/yam.c |
1985 |
++++ b/drivers/net/hamradio/yam.c |
1986 |
+@@ -1060,6 +1060,7 @@ static int yam_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) |
1987 |
+ break; |
1988 |
+ |
1989 |
+ case SIOCYAMGCFG: |
1990 |
++ memset(&yi, 0, sizeof(yi)); |
1991 |
+ yi.cfg.mask = 0xffffffff; |
1992 |
+ yi.cfg.iobase = yp->iobase; |
1993 |
+ yi.cfg.irq = yp->irq; |
1994 |
diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c |
1995 |
index d0893e4..14b0d44 100644 |
1996 |
--- a/drivers/net/loopback.c |
1997 |
@@ -51597,7 +51667,7 @@ index a6395bd..f1e376a 100644 |
1998 |
(unsigned long) create_aout_tables((char __user *) bprm->p, bprm); |
1999 |
#ifdef __alpha__ |
2000 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
2001 |
-index 8dd615c..cb7cd01 100644 |
2002 |
+index 8dd615c..52ad259 100644 |
2003 |
--- a/fs/binfmt_elf.c |
2004 |
+++ b/fs/binfmt_elf.c |
2005 |
@@ -32,6 +32,7 @@ |
2006 |
@@ -51770,7 +51840,7 @@ index 8dd615c..cb7cd01 100644 |
2007 |
} |
2008 |
|
2009 |
error = load_addr; |
2010 |
-@@ -528,6 +559,315 @@ out: |
2011 |
+@@ -528,6 +559,336 @@ out: |
2012 |
return error; |
2013 |
} |
2014 |
|
2015 |
@@ -51911,12 +51981,48 @@ index 8dd615c..cb7cd01 100644 |
2016 |
+#endif |
2017 |
+ |
2018 |
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) |
2019 |
-+static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) |
2020 |
++static unsigned long pax_parse_defaults(void) |
2021 |
+{ |
2022 |
+ unsigned long pax_flags = 0UL; |
2023 |
+ |
2024 |
++#ifdef CONFIG_PAX_SOFTMODE |
2025 |
++ if (pax_softmode) |
2026 |
++ return pax_flags; |
2027 |
++#endif |
2028 |
++ |
2029 |
++#ifdef CONFIG_PAX_PAGEEXEC |
2030 |
++ pax_flags |= MF_PAX_PAGEEXEC; |
2031 |
++#endif |
2032 |
++ |
2033 |
++#ifdef CONFIG_PAX_SEGMEXEC |
2034 |
++ pax_flags |= MF_PAX_SEGMEXEC; |
2035 |
++#endif |
2036 |
++ |
2037 |
++#ifdef CONFIG_PAX_MPROTECT |
2038 |
++ pax_flags |= MF_PAX_MPROTECT; |
2039 |
++#endif |
2040 |
++ |
2041 |
++#ifdef CONFIG_PAX_RANDMMAP |
2042 |
++ if (randomize_va_space) |
2043 |
++ pax_flags |= MF_PAX_RANDMMAP; |
2044 |
++#endif |
2045 |
++ |
2046 |
++ return pax_flags; |
2047 |
++} |
2048 |
++ |
2049 |
++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex) |
2050 |
++{ |
2051 |
++ unsigned long pax_flags = PAX_PARSE_FLAGS_FALLBACK; |
2052 |
++ |
2053 |
+#ifdef CONFIG_PAX_EI_PAX |
2054 |
+ |
2055 |
++#ifdef CONFIG_PAX_SOFTMODE |
2056 |
++ if (pax_softmode) |
2057 |
++ return pax_flags; |
2058 |
++#endif |
2059 |
++ |
2060 |
++ pax_flags = 0UL; |
2061 |
++ |
2062 |
+#ifdef CONFIG_PAX_PAGEEXEC |
2063 |
+ if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC)) |
2064 |
+ pax_flags |= MF_PAX_PAGEEXEC; |
2065 |
@@ -51942,28 +52048,10 @@ index 8dd615c..cb7cd01 100644 |
2066 |
+ pax_flags |= MF_PAX_RANDMMAP; |
2067 |
+#endif |
2068 |
+ |
2069 |
-+#else |
2070 |
-+ |
2071 |
-+#ifdef CONFIG_PAX_PAGEEXEC |
2072 |
-+ pax_flags |= MF_PAX_PAGEEXEC; |
2073 |
-+#endif |
2074 |
-+ |
2075 |
-+#ifdef CONFIG_PAX_SEGMEXEC |
2076 |
-+ pax_flags |= MF_PAX_SEGMEXEC; |
2077 |
-+#endif |
2078 |
-+ |
2079 |
-+#ifdef CONFIG_PAX_MPROTECT |
2080 |
-+ pax_flags |= MF_PAX_MPROTECT; |
2081 |
-+#endif |
2082 |
-+ |
2083 |
-+#ifdef CONFIG_PAX_RANDMMAP |
2084 |
-+ if (randomize_va_space) |
2085 |
-+ pax_flags |= MF_PAX_RANDMMAP; |
2086 |
-+#endif |
2087 |
-+ |
2088 |
+#endif |
2089 |
+ |
2090 |
+ return pax_flags; |
2091 |
++ |
2092 |
+} |
2093 |
+ |
2094 |
+static unsigned long pax_parse_pt_pax(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata) |
2095 |
@@ -51979,7 +52067,7 @@ index 8dd615c..cb7cd01 100644 |
2096 |
+ ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) || |
2097 |
+ ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) || |
2098 |
+ ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP))) |
2099 |
-+ return ~0UL; |
2100 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2101 |
+ |
2102 |
+#ifdef CONFIG_PAX_SOFTMODE |
2103 |
+ if (pax_softmode) |
2104 |
@@ -51992,7 +52080,7 @@ index 8dd615c..cb7cd01 100644 |
2105 |
+ } |
2106 |
+#endif |
2107 |
+ |
2108 |
-+ return ~0UL; |
2109 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2110 |
+} |
2111 |
+ |
2112 |
+static unsigned long pax_parse_xattr_pax(struct file * const file) |
2113 |
@@ -52004,23 +52092,23 @@ index 8dd615c..cb7cd01 100644 |
2114 |
+ unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; |
2115 |
+ |
2116 |
+ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); |
2117 |
-+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value) |
2118 |
-+ return ~0UL; |
2119 |
++ if (xattr_size < 0 || xattr_size > sizeof xattr_value) |
2120 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2121 |
+ |
2122 |
+ for (i = 0; i < xattr_size; i++) |
2123 |
+ switch (xattr_value[i]) { |
2124 |
+ default: |
2125 |
-+ return ~0UL; |
2126 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2127 |
+ |
2128 |
+#define parse_flag(option1, option2, flag) \ |
2129 |
+ case option1: \ |
2130 |
+ if (pax_flags_hardmode & MF_PAX_##flag) \ |
2131 |
-+ return ~0UL; \ |
2132 |
++ return PAX_PARSE_FLAGS_FALLBACK;\ |
2133 |
+ pax_flags_hardmode |= MF_PAX_##flag; \ |
2134 |
+ break; \ |
2135 |
+ case option2: \ |
2136 |
+ if (pax_flags_softmode & MF_PAX_##flag) \ |
2137 |
-+ return ~0UL; \ |
2138 |
++ return PAX_PARSE_FLAGS_FALLBACK;\ |
2139 |
+ pax_flags_softmode |= MF_PAX_##flag; \ |
2140 |
+ break; |
2141 |
+ |
2142 |
@@ -52034,7 +52122,7 @@ index 8dd615c..cb7cd01 100644 |
2143 |
+ } |
2144 |
+ |
2145 |
+ if (pax_flags_hardmode & pax_flags_softmode) |
2146 |
-+ return ~0UL; |
2147 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2148 |
+ |
2149 |
+#ifdef CONFIG_PAX_SOFTMODE |
2150 |
+ if (pax_softmode) |
2151 |
@@ -52044,27 +52132,30 @@ index 8dd615c..cb7cd01 100644 |
2152 |
+ |
2153 |
+ return pax_parse_xattr_pax_hardmode(pax_flags_hardmode); |
2154 |
+#else |
2155 |
-+ return ~0UL; |
2156 |
++ return PAX_PARSE_FLAGS_FALLBACK; |
2157 |
+#endif |
2158 |
+ |
2159 |
+} |
2160 |
+ |
2161 |
+static long pax_parse_pax_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata, struct file * const file) |
2162 |
+{ |
2163 |
-+ unsigned long pax_flags, pt_pax_flags, xattr_pax_flags; |
2164 |
++ unsigned long pax_flags, ei_pax_flags, pt_pax_flags, xattr_pax_flags; |
2165 |
+ |
2166 |
-+ pax_flags = pax_parse_ei_pax(elf_ex); |
2167 |
++ pax_flags = pax_parse_defaults(); |
2168 |
++ ei_pax_flags = pax_parse_ei_pax(elf_ex); |
2169 |
+ pt_pax_flags = pax_parse_pt_pax(elf_ex, elf_phdata); |
2170 |
+ xattr_pax_flags = pax_parse_xattr_pax(file); |
2171 |
+ |
2172 |
-+ if (pt_pax_flags == ~0UL) |
2173 |
-+ pt_pax_flags = xattr_pax_flags; |
2174 |
-+ else if (xattr_pax_flags == ~0UL) |
2175 |
-+ xattr_pax_flags = pt_pax_flags; |
2176 |
-+ if (pt_pax_flags != xattr_pax_flags) |
2177 |
++ if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK && |
2178 |
++ xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK && |
2179 |
++ pt_pax_flags != xattr_pax_flags) |
2180 |
+ return -EINVAL; |
2181 |
-+ if (pt_pax_flags != ~0UL) |
2182 |
++ if (xattr_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
2183 |
++ pax_flags = xattr_pax_flags; |
2184 |
++ else if (pt_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
2185 |
+ pax_flags = pt_pax_flags; |
2186 |
++ else if (ei_pax_flags != PAX_PARSE_FLAGS_FALLBACK) |
2187 |
++ pax_flags = ei_pax_flags; |
2188 |
+ |
2189 |
+#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC) |
2190 |
+ if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) { |
2191 |
@@ -52086,7 +52177,7 @@ index 8dd615c..cb7cd01 100644 |
2192 |
/* |
2193 |
* These are the functions used to load ELF style executables and shared |
2194 |
* libraries. There is no binary dependent code anywhere else. |
2195 |
-@@ -544,6 +884,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) |
2196 |
+@@ -544,6 +905,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) |
2197 |
{ |
2198 |
unsigned int random_variable = 0; |
2199 |
|
2200 |
@@ -52098,7 +52189,7 @@ index 8dd615c..cb7cd01 100644 |
2201 |
if ((current->flags & PF_RANDOMIZE) && |
2202 |
!(current->personality & ADDR_NO_RANDOMIZE)) { |
2203 |
random_variable = get_random_int() & STACK_RND_MASK; |
2204 |
-@@ -562,7 +907,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2205 |
+@@ -562,7 +928,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2206 |
unsigned long load_addr = 0, load_bias = 0; |
2207 |
int load_addr_set = 0; |
2208 |
char * elf_interpreter = NULL; |
2209 |
@@ -52107,7 +52198,7 @@ index 8dd615c..cb7cd01 100644 |
2210 |
struct elf_phdr *elf_ppnt, *elf_phdata; |
2211 |
unsigned long elf_bss, elf_brk; |
2212 |
int retval, i; |
2213 |
-@@ -572,11 +917,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2214 |
+@@ -572,11 +938,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2215 |
unsigned long start_code, end_code, start_data, end_data; |
2216 |
unsigned long reloc_func_desc __maybe_unused = 0; |
2217 |
int executable_stack = EXSTACK_DEFAULT; |
2218 |
@@ -52120,7 +52211,7 @@ index 8dd615c..cb7cd01 100644 |
2219 |
|
2220 |
loc = kmalloc(sizeof(*loc), GFP_KERNEL); |
2221 |
if (!loc) { |
2222 |
-@@ -713,11 +1058,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2223 |
+@@ -713,11 +1079,82 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2224 |
|
2225 |
/* OK, This is the point of no return */ |
2226 |
current->flags &= ~PF_FORKNOEXEC; |
2227 |
@@ -52204,7 +52295,7 @@ index 8dd615c..cb7cd01 100644 |
2228 |
if (elf_read_implies_exec(loc->elf_ex, executable_stack)) |
2229 |
current->personality |= READ_IMPLIES_EXEC; |
2230 |
|
2231 |
-@@ -808,6 +1224,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2232 |
+@@ -808,6 +1245,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2233 |
#else |
2234 |
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); |
2235 |
#endif |
2236 |
@@ -52225,7 +52316,7 @@ index 8dd615c..cb7cd01 100644 |
2237 |
} |
2238 |
|
2239 |
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, |
2240 |
-@@ -840,9 +1270,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2241 |
+@@ -840,9 +1291,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2242 |
* allowed task size. Note that p_filesz must always be |
2243 |
* <= p_memsz so it is only necessary to check p_memsz. |
2244 |
*/ |
2245 |
@@ -52238,7 +52329,7 @@ index 8dd615c..cb7cd01 100644 |
2246 |
/* set_brk can never work. Avoid overflows. */ |
2247 |
send_sig(SIGKILL, current, 0); |
2248 |
retval = -EINVAL; |
2249 |
-@@ -881,17 +1311,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2250 |
+@@ -881,17 +1332,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) |
2251 |
goto out_free_dentry; |
2252 |
} |
2253 |
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { |
2254 |
@@ -52289,7 +52380,7 @@ index 8dd615c..cb7cd01 100644 |
2255 |
load_bias); |
2256 |
if (!IS_ERR((void *)elf_entry)) { |
2257 |
/* |
2258 |
-@@ -1098,7 +1555,7 @@ out: |
2259 |
+@@ -1098,7 +1576,7 @@ out: |
2260 |
* Decide what to dump of a segment, part, all or none. |
2261 |
*/ |
2262 |
static unsigned long vma_dump_size(struct vm_area_struct *vma, |
2263 |
@@ -52298,7 +52389,7 @@ index 8dd615c..cb7cd01 100644 |
2264 |
{ |
2265 |
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) |
2266 |
|
2267 |
-@@ -1132,7 +1589,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
2268 |
+@@ -1132,7 +1610,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, |
2269 |
if (vma->vm_file == NULL) |
2270 |
return 0; |
2271 |
|
2272 |
@@ -52307,7 +52398,7 @@ index 8dd615c..cb7cd01 100644 |
2273 |
goto whole; |
2274 |
|
2275 |
/* |
2276 |
-@@ -1354,9 +1811,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
2277 |
+@@ -1354,9 +1832,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) |
2278 |
{ |
2279 |
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; |
2280 |
int i = 0; |
2281 |
@@ -52319,7 +52410,7 @@ index 8dd615c..cb7cd01 100644 |
2282 |
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); |
2283 |
} |
2284 |
|
2285 |
-@@ -1851,14 +2308,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
2286 |
+@@ -1851,14 +2329,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, |
2287 |
} |
2288 |
|
2289 |
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, |
2290 |
@@ -52336,7 +52427,7 @@ index 8dd615c..cb7cd01 100644 |
2291 |
return size; |
2292 |
} |
2293 |
|
2294 |
-@@ -1952,7 +2409,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2295 |
+@@ -1952,7 +2430,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2296 |
|
2297 |
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); |
2298 |
|
2299 |
@@ -52345,7 +52436,7 @@ index 8dd615c..cb7cd01 100644 |
2300 |
offset += elf_core_extra_data_size(); |
2301 |
e_shoff = offset; |
2302 |
|
2303 |
-@@ -1966,10 +2423,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
2304 |
+@@ -1966,10 +2444,12 @@ static int elf_core_dump(struct coredump_params *cprm) |
2305 |
offset = dataoff; |
2306 |
|
2307 |
size += sizeof(*elf); |
2308 |
@@ -52358,7 +52449,7 @@ index 8dd615c..cb7cd01 100644 |
2309 |
if (size > cprm->limit |
2310 |
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) |
2311 |
goto end_coredump; |
2312 |
-@@ -1983,7 +2442,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2313 |
+@@ -1983,7 +2463,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2314 |
phdr.p_offset = offset; |
2315 |
phdr.p_vaddr = vma->vm_start; |
2316 |
phdr.p_paddr = 0; |
2317 |
@@ -52367,7 +52458,7 @@ index 8dd615c..cb7cd01 100644 |
2318 |
phdr.p_memsz = vma->vm_end - vma->vm_start; |
2319 |
offset += phdr.p_filesz; |
2320 |
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; |
2321 |
-@@ -1994,6 +2453,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2322 |
+@@ -1994,6 +2474,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2323 |
phdr.p_align = ELF_EXEC_PAGESIZE; |
2324 |
|
2325 |
size += sizeof(phdr); |
2326 |
@@ -52375,7 +52466,7 @@ index 8dd615c..cb7cd01 100644 |
2327 |
if (size > cprm->limit |
2328 |
|| !dump_write(cprm->file, &phdr, sizeof(phdr))) |
2329 |
goto end_coredump; |
2330 |
-@@ -2018,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2331 |
+@@ -2018,7 +2499,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2332 |
unsigned long addr; |
2333 |
unsigned long end; |
2334 |
|
2335 |
@@ -52384,7 +52475,7 @@ index 8dd615c..cb7cd01 100644 |
2336 |
|
2337 |
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { |
2338 |
struct page *page; |
2339 |
-@@ -2027,6 +2487,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2340 |
+@@ -2027,6 +2508,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2341 |
page = get_dump_page(addr); |
2342 |
if (page) { |
2343 |
void *kaddr = kmap(page); |
2344 |
@@ -52392,7 +52483,7 @@ index 8dd615c..cb7cd01 100644 |
2345 |
stop = ((size += PAGE_SIZE) > cprm->limit) || |
2346 |
!dump_write(cprm->file, kaddr, |
2347 |
PAGE_SIZE); |
2348 |
-@@ -2044,6 +2505,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2349 |
+@@ -2044,6 +2526,7 @@ static int elf_core_dump(struct coredump_params *cprm) |
2350 |
|
2351 |
if (e_phnum == PN_XNUM) { |
2352 |
size += sizeof(*shdr4extnum); |
2353 |
@@ -52400,7 +52491,7 @@ index 8dd615c..cb7cd01 100644 |
2354 |
if (size > cprm->limit |
2355 |
|| !dump_write(cprm->file, shdr4extnum, |
2356 |
sizeof(*shdr4extnum))) |
2357 |
-@@ -2064,6 +2526,167 @@ out: |
2358 |
+@@ -2064,6 +2547,167 @@ out: |
2359 |
|
2360 |
#endif /* CONFIG_ELF_CORE */ |
2361 |
|
2362 |
@@ -58300,6 +58391,34 @@ index 6a66fc0..cfdadae 100644 |
2363 |
set_fs(oldfs); |
2364 |
|
2365 |
if (host_err < 0) |
2366 |
+diff --git a/fs/nilfs2/segment.c b/fs/nilfs2/segment.c |
2367 |
+index 233d3ed..3ceaced 100644 |
2368 |
+--- a/fs/nilfs2/segment.c |
2369 |
++++ b/fs/nilfs2/segment.c |
2370 |
+@@ -1437,17 +1437,19 @@ static int nilfs_segctor_collect(struct nilfs_sc_info *sci, |
2371 |
+ |
2372 |
+ nilfs_clear_logs(&sci->sc_segbufs); |
2373 |
+ |
2374 |
+- err = nilfs_segctor_extend_segments(sci, nilfs, nadd); |
2375 |
+- if (unlikely(err)) |
2376 |
+- return err; |
2377 |
+- |
2378 |
+ if (sci->sc_stage.flags & NILFS_CF_SUFREED) { |
2379 |
+ err = nilfs_sufile_cancel_freev(nilfs->ns_sufile, |
2380 |
+ sci->sc_freesegs, |
2381 |
+ sci->sc_nfreesegs, |
2382 |
+ NULL); |
2383 |
+ WARN_ON(err); /* do not happen */ |
2384 |
++ sci->sc_stage.flags &= ~NILFS_CF_SUFREED; |
2385 |
+ } |
2386 |
++ |
2387 |
++ err = nilfs_segctor_extend_segments(sci, nilfs, nadd); |
2388 |
++ if (unlikely(err)) |
2389 |
++ return err; |
2390 |
++ |
2391 |
+ nadd = min_t(int, nadd << 1, SC_MAX_SEGDELTA); |
2392 |
+ sci->sc_stage = prev_stage; |
2393 |
+ } |
2394 |
diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c |
2395 |
index 97bfbdd..e7f644a 100644 |
2396 |
--- a/fs/nilfs2/super.c |
2397 |
@@ -77627,7 +77746,7 @@ index 2148b12..519b820 100644 |
2398 |
|
2399 |
static inline void anon_vma_merge(struct vm_area_struct *vma, |
2400 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
2401 |
-index 312d047..dbf4637 100644 |
2402 |
+index 312d047..a4bff08 100644 |
2403 |
--- a/include/linux/sched.h |
2404 |
+++ b/include/linux/sched.h |
2405 |
@@ -101,6 +101,7 @@ struct bio_list; |
2406 |
@@ -77828,7 +77947,7 @@ index 312d047..dbf4637 100644 |
2407 |
#ifdef CONFIG_FUNCTION_GRAPH_TRACER |
2408 |
/* Index of current stored address in ret_stack */ |
2409 |
int curr_ret_stack; |
2410 |
-@@ -1582,6 +1652,52 @@ struct task_struct { |
2411 |
+@@ -1582,6 +1652,53 @@ struct task_struct { |
2412 |
#endif |
2413 |
}; |
2414 |
|
2415 |
@@ -77844,6 +77963,7 @@ index 312d047..dbf4637 100644 |
2416 |
+#endif |
2417 |
+ |
2418 |
+extern int pax_check_flags(unsigned long *); |
2419 |
++#define PAX_PARSE_FLAGS_FALLBACK (~0UL) |
2420 |
+ |
2421 |
+/* if tsk != current then task_lock must be held on it */ |
2422 |
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR) |
2423 |
@@ -77881,7 +78001,7 @@ index 312d047..dbf4637 100644 |
2424 |
/* Future-safe accessor for struct task_struct's cpus_allowed. */ |
2425 |
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) |
2426 |
|
2427 |
-@@ -2097,7 +2213,9 @@ void yield(void); |
2428 |
+@@ -2097,7 +2214,9 @@ void yield(void); |
2429 |
extern struct exec_domain default_exec_domain; |
2430 |
|
2431 |
union thread_union { |
2432 |
@@ -77891,7 +78011,7 @@ index 312d047..dbf4637 100644 |
2433 |
unsigned long stack[THREAD_SIZE/sizeof(long)]; |
2434 |
}; |
2435 |
|
2436 |
-@@ -2130,6 +2248,7 @@ extern struct pid_namespace init_pid_ns; |
2437 |
+@@ -2130,6 +2249,7 @@ extern struct pid_namespace init_pid_ns; |
2438 |
*/ |
2439 |
|
2440 |
extern struct task_struct *find_task_by_vpid(pid_t nr); |
2441 |
@@ -77899,7 +78019,7 @@ index 312d047..dbf4637 100644 |
2442 |
extern struct task_struct *find_task_by_pid_ns(pid_t nr, |
2443 |
struct pid_namespace *ns); |
2444 |
|
2445 |
-@@ -2251,6 +2370,12 @@ static inline void mmdrop(struct mm_struct * mm) |
2446 |
+@@ -2251,6 +2371,12 @@ static inline void mmdrop(struct mm_struct * mm) |
2447 |
extern void mmput(struct mm_struct *); |
2448 |
/* Grab a reference to a task's mm, if it is not already going away */ |
2449 |
extern struct mm_struct *get_task_mm(struct task_struct *task); |
2450 |
@@ -77912,7 +78032,7 @@ index 312d047..dbf4637 100644 |
2451 |
/* Remove the current tasks stale references to the old mm_struct */ |
2452 |
extern void mm_release(struct task_struct *, struct mm_struct *); |
2453 |
/* Allocate a new mm structure and copy contents from tsk->mm */ |
2454 |
-@@ -2267,9 +2392,8 @@ extern void __cleanup_sighand(struct sighand_struct *); |
2455 |
+@@ -2267,9 +2393,8 @@ extern void __cleanup_sighand(struct sighand_struct *); |
2456 |
extern void exit_itimers(struct signal_struct *); |
2457 |
extern void flush_itimer_signals(void); |
2458 |
|
2459 |
@@ -77923,7 +78043,7 @@ index 312d047..dbf4637 100644 |
2460 |
extern int allow_signal(int); |
2461 |
extern int disallow_signal(int); |
2462 |
|
2463 |
-@@ -2432,9 +2556,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
2464 |
+@@ -2432,9 +2557,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) |
2465 |
|
2466 |
#endif |
2467 |
|
2468 |
@@ -78680,23 +78800,19 @@ index 27b3b0b..e093dd9 100644 |
2469 |
extern void register_syscore_ops(struct syscore_ops *ops); |
2470 |
extern void unregister_syscore_ops(struct syscore_ops *ops); |
2471 |
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h |
2472 |
-index 703cfa33..dff53c0 100644 |
2473 |
+index 703cfa33..04ef3d7 100644 |
2474 |
--- a/include/linux/sysctl.h |
2475 |
+++ b/include/linux/sysctl.h |
2476 |
-@@ -155,7 +155,11 @@ enum |
2477 |
+@@ -155,8 +155,6 @@ enum |
2478 |
KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ |
2479 |
}; |
2480 |
|
2481 |
- |
2482 |
-+#ifdef CONFIG_PAX_SOFTMODE |
2483 |
-+enum { |
2484 |
-+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ |
2485 |
-+}; |
2486 |
-+#endif |
2487 |
- |
2488 |
+- |
2489 |
/* CTL_VM names: */ |
2490 |
enum |
2491 |
-@@ -961,13 +965,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev); |
2492 |
+ { |
2493 |
+@@ -961,13 +959,13 @@ extern void sysctl_head_finish(struct ctl_table_header *prev); |
2494 |
extern int sysctl_perm(struct ctl_table_root *root, |
2495 |
struct ctl_table *table, int op); |
2496 |
|
2497 |
@@ -78712,7 +78828,7 @@ index 703cfa33..dff53c0 100644 |
2498 |
extern int proc_dointvec(struct ctl_table *, int, |
2499 |
void __user *, size_t *, loff_t *); |
2500 |
extern int proc_dointvec_minmax(struct ctl_table *, int, |
2501 |
-@@ -1045,7 +1049,9 @@ struct ctl_table |
2502 |
+@@ -1045,7 +1043,9 @@ struct ctl_table |
2503 |
struct ctl_table_poll *poll; |
2504 |
void *extra1; |
2505 |
void *extra2; |
2506 |
@@ -96334,10 +96450,25 @@ index 99ec116..c5628fe 100644 |
2507 |
return res; |
2508 |
} |
2509 |
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c |
2510 |
-index b5e64e4..4a9a5c4 100644 |
2511 |
+index b5e64e4..69801fa 100644 |
2512 |
--- a/net/ipv4/ipmr.c |
2513 |
+++ b/net/ipv4/ipmr.c |
2514 |
-@@ -1320,6 +1320,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi |
2515 |
+@@ -155,9 +155,12 @@ static struct mr_table *ipmr_get_table(struct net *net, u32 id) |
2516 |
+ static int ipmr_fib_lookup(struct net *net, struct flowi4 *flp4, |
2517 |
+ struct mr_table **mrt) |
2518 |
+ { |
2519 |
++ int err; |
2520 |
+ struct ipmr_result res; |
2521 |
+- struct fib_lookup_arg arg = { .result = &res, }; |
2522 |
+- int err; |
2523 |
++ struct fib_lookup_arg arg = { |
2524 |
++ .result = &res, |
2525 |
++ .flags = FIB_LOOKUP_NOREF, |
2526 |
++ }; |
2527 |
+ |
2528 |
+ err = fib_rules_lookup(net->ipv4.mr_rules_ops, |
2529 |
+ flowi4_to_flowi(flp4), 0, &arg); |
2530 |
+@@ -1320,6 +1323,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi |
2531 |
if (get_user(v, (u32 __user *)optval)) |
2532 |
return -EFAULT; |
2533 |
|
2534 |
@@ -97327,6 +97458,25 @@ index d3fde7e..f526e49 100644 |
2535 |
} |
2536 |
|
2537 |
int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) |
2538 |
+diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c |
2539 |
+index f5af259..f96c96f 100644 |
2540 |
+--- a/net/ipv6/ip6mr.c |
2541 |
++++ b/net/ipv6/ip6mr.c |
2542 |
+@@ -139,9 +139,12 @@ static struct mr6_table *ip6mr_get_table(struct net *net, u32 id) |
2543 |
+ static int ip6mr_fib_lookup(struct net *net, struct flowi6 *flp6, |
2544 |
+ struct mr6_table **mrt) |
2545 |
+ { |
2546 |
++ int err; |
2547 |
+ struct ip6mr_result res; |
2548 |
+- struct fib_lookup_arg arg = { .result = &res, }; |
2549 |
+- int err; |
2550 |
++ struct fib_lookup_arg arg = { |
2551 |
++ .result = &res, |
2552 |
++ .flags = FIB_LOOKUP_NOREF, |
2553 |
++ }; |
2554 |
+ |
2555 |
+ err = fib_rules_lookup(net->ipv6.mr6_rules_ops, |
2556 |
+ flowi6_to_flowi(flp6), 0, &arg); |
2557 |
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
2558 |
index b204df8..8f274f4 100644 |
2559 |
--- a/net/ipv6/ipv6_sockglue.c |
2560 |
@@ -99821,7 +99971,7 @@ index 8da4481..d02565e 100644 |
2561 |
+ (rtt >> sctp_rto_alpha); |
2562 |
} else { |
2563 |
diff --git a/net/socket.c b/net/socket.c |
2564 |
-index d4faade..2492841 100644 |
2565 |
+index d4faade..ab65211 100644 |
2566 |
--- a/net/socket.c |
2567 |
+++ b/net/socket.c |
2568 |
@@ -88,6 +88,7 @@ |
2569 |
@@ -99996,15 +100146,6 @@ index d4faade..2492841 100644 |
2570 |
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, |
2571 |
unsigned, flags, struct sockaddr __user *, addr, |
2572 |
int, addr_len) |
2573 |
-@@ -1737,7 +1803,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, |
2574 |
- struct socket *sock; |
2575 |
- struct iovec iov; |
2576 |
- struct msghdr msg; |
2577 |
-- struct sockaddr_storage address; |
2578 |
-+ struct sockaddr_storage address = { }; |
2579 |
- int err, err2; |
2580 |
- int fput_needed; |
2581 |
- |
2582 |
@@ -1966,7 +2032,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
2583 |
* checking falls down on this. |
2584 |
*/ |
2585 |
@@ -100014,15 +100155,6 @@ index d4faade..2492841 100644 |
2586 |
ctl_len)) |
2587 |
goto out_freectl; |
2588 |
msg_sys->msg_control = ctl_buf; |
2589 |
-@@ -2117,7 +2183,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
2590 |
- int err, iov_size, total_len, len; |
2591 |
- |
2592 |
- /* kernel mode address */ |
2593 |
-- struct sockaddr_storage addr; |
2594 |
-+ struct sockaddr_storage addr = { }; |
2595 |
- |
2596 |
- /* user mode address pointers */ |
2597 |
- struct sockaddr __user *uaddr; |
2598 |
@@ -2148,7 +2214,8 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
2599 |
/* Save the user-mode address (verify_iovec will change the |
2600 |
* kernel msghdr to use the kernel address space) |
2601 |
@@ -104196,7 +104328,7 @@ index dca1c22..4fa4591 100644 |
2602 |
lock = &avc_cache.slots_lock[hvalue]; |
2603 |
|
2604 |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c |
2605 |
-index 5898f34..f44199b 100644 |
2606 |
+index 5898f34..04f8b47 100644 |
2607 |
--- a/security/selinux/hooks.c |
2608 |
+++ b/security/selinux/hooks.c |
2609 |
@@ -95,8 +95,6 @@ |
2610 |
@@ -104208,7 +104340,41 @@ index 5898f34..f44199b 100644 |
2611 |
/* SECMARK reference count */ |
2612 |
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); |
2613 |
|
2614 |
-@@ -2001,6 +1999,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
2615 |
+@@ -217,6 +215,14 @@ static int inode_alloc_security(struct inode *inode) |
2616 |
+ return 0; |
2617 |
+ } |
2618 |
+ |
2619 |
++static void inode_free_rcu(struct rcu_head *head) |
2620 |
++{ |
2621 |
++ struct inode_security_struct *isec; |
2622 |
++ |
2623 |
++ isec = container_of(head, struct inode_security_struct, rcu); |
2624 |
++ kmem_cache_free(sel_inode_cache, isec); |
2625 |
++} |
2626 |
++ |
2627 |
+ static void inode_free_security(struct inode *inode) |
2628 |
+ { |
2629 |
+ struct inode_security_struct *isec = inode->i_security; |
2630 |
+@@ -227,8 +233,16 @@ static void inode_free_security(struct inode *inode) |
2631 |
+ list_del_init(&isec->list); |
2632 |
+ spin_unlock(&sbsec->isec_lock); |
2633 |
+ |
2634 |
+- inode->i_security = NULL; |
2635 |
+- kmem_cache_free(sel_inode_cache, isec); |
2636 |
++ /* |
2637 |
++ * The inode may still be referenced in a path walk and |
2638 |
++ * a call to selinux_inode_permission() can be made |
2639 |
++ * after inode_free_security() is called. Ideally, the VFS |
2640 |
++ * wouldn't do this, but fixing that is a much harder |
2641 |
++ * job. For now, simply free the i_security via RCU, and |
2642 |
++ * leave the current inode->i_security pointer intact. |
2643 |
++ * The inode will be freed after the RCU grace period too. |
2644 |
++ */ |
2645 |
++ call_rcu(&isec->rcu, inode_free_rcu); |
2646 |
+ } |
2647 |
+ |
2648 |
+ static int file_alloc_security(struct file *file) |
2649 |
+@@ -2001,6 +2015,13 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
2650 |
new_tsec->sid = old_tsec->exec_sid; |
2651 |
/* Reset exec SID on execve. */ |
2652 |
new_tsec->exec_sid = 0; |
2653 |
@@ -104222,7 +104388,7 @@ index 5898f34..f44199b 100644 |
2654 |
} else { |
2655 |
/* Check for a default transition on this program. */ |
2656 |
rc = security_transition_sid(old_tsec->sid, isec->sid, |
2657 |
-@@ -2013,7 +2018,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
2658 |
+@@ -2013,7 +2034,8 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) |
2659 |
COMMON_AUDIT_DATA_INIT(&ad, PATH); |
2660 |
ad.u.path = bprm->file->f_path; |
2661 |
|
2662 |
@@ -104232,7 +104398,7 @@ index 5898f34..f44199b 100644 |
2663 |
new_tsec->sid = old_tsec->sid; |
2664 |
|
2665 |
if (new_tsec->sid == old_tsec->sid) { |
2666 |
-@@ -4181,8 +4187,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) |
2667 |
+@@ -4181,8 +4203,10 @@ static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) |
2668 |
} |
2669 |
err = avc_has_perm(sk_sid, peer_sid, SECCLASS_PEER, |
2670 |
PEER__RECV, &ad); |
2671 |
@@ -104244,7 +104410,7 @@ index 5898f34..f44199b 100644 |
2672 |
} |
2673 |
|
2674 |
if (secmark_active) { |
2675 |
-@@ -5372,11 +5380,11 @@ static int selinux_setprocattr(struct task_struct *p, |
2676 |
+@@ -5372,11 +5396,11 @@ static int selinux_setprocattr(struct task_struct *p, |
2677 |
/* Check for ptracing, and update the task SID if ok. |
2678 |
Otherwise, leave SID unchanged and fail. */ |
2679 |
ptsid = 0; |
2680 |
@@ -104258,7 +104424,7 @@ index 5898f34..f44199b 100644 |
2681 |
|
2682 |
if (tracer) { |
2683 |
error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, |
2684 |
-@@ -5508,7 +5516,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) |
2685 |
+@@ -5508,7 +5532,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) |
2686 |
|
2687 |
#endif |
2688 |
|
2689 |
@@ -104267,7 +104433,7 @@ index 5898f34..f44199b 100644 |
2690 |
.name = "selinux", |
2691 |
|
2692 |
.ptrace_access_check = selinux_ptrace_access_check, |
2693 |
-@@ -5854,6 +5862,9 @@ static void selinux_nf_ip_exit(void) |
2694 |
+@@ -5854,6 +5878,9 @@ static void selinux_nf_ip_exit(void) |
2695 |
#ifdef CONFIG_SECURITY_SELINUX_DISABLE |
2696 |
static int selinux_disabled; |
2697 |
|
2698 |
@@ -104277,7 +104443,7 @@ index 5898f34..f44199b 100644 |
2699 |
int selinux_disable(void) |
2700 |
{ |
2701 |
if (ss_initialized) { |
2702 |
-@@ -5871,7 +5882,9 @@ int selinux_disable(void) |
2703 |
+@@ -5871,7 +5898,9 @@ int selinux_disable(void) |
2704 |
selinux_disabled = 1; |
2705 |
selinux_enabled = 0; |
2706 |
|
2707 |
@@ -104288,6 +104454,22 @@ index 5898f34..f44199b 100644 |
2708 |
|
2709 |
/* Try to destroy the avc node cache */ |
2710 |
avc_disable(); |
2711 |
+diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h |
2712 |
+index 26c7eee..7b1830b 100644 |
2713 |
+--- a/security/selinux/include/objsec.h |
2714 |
++++ b/security/selinux/include/objsec.h |
2715 |
+@@ -38,7 +38,10 @@ struct task_security_struct { |
2716 |
+ |
2717 |
+ struct inode_security_struct { |
2718 |
+ struct inode *inode; /* back pointer to inode object */ |
2719 |
+- struct list_head list; /* list of inode_security_struct */ |
2720 |
++ union { |
2721 |
++ struct list_head list; /* list of inode_security_struct */ |
2722 |
++ struct rcu_head rcu; /* for freeing the inode_security_struct */ |
2723 |
++ }; |
2724 |
+ u32 task_sid; /* SID of creating task */ |
2725 |
+ u32 sid; /* SID of this object */ |
2726 |
+ u16 sclass; /* security class of this object */ |
2727 |
diff --git a/security/selinux/include/xfrm.h b/security/selinux/include/xfrm.h |
2728 |
index b43813c..74be837 100644 |
2729 |
--- a/security/selinux/include/xfrm.h |
2730 |
@@ -105288,10 +105470,10 @@ index 0000000..414fe5e |
2731 |
+} |
2732 |
diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c |
2733 |
new file mode 100644 |
2734 |
-index 0000000..3e46b2f |
2735 |
+index 0000000..59bf839 |
2736 |
--- /dev/null |
2737 |
+++ b/tools/gcc/constify_plugin.c |
2738 |
-@@ -0,0 +1,559 @@ |
2739 |
+@@ -0,0 +1,557 @@ |
2740 |
+/* |
2741 |
+ * Copyright 2011 by Emese Revfy <re.emese@×××××.com> |
2742 |
+ * Copyright 2011-2013 by PaX Team <pageexec@××××××××.hu> |
2743 |
@@ -105338,7 +105520,7 @@ index 0000000..3e46b2f |
2744 |
+int plugin_is_GPL_compatible; |
2745 |
+ |
2746 |
+static struct plugin_info const_plugin_info = { |
2747 |
-+ .version = "201401121315", |
2748 |
++ .version = "201401140130", |
2749 |
+ .help = "no-constify\tturn off constification\n", |
2750 |
+}; |
2751 |
+ |
2752 |
@@ -105464,8 +105646,10 @@ index 0000000..3e46b2f |
2753 |
+ } |
2754 |
+ TYPE_READONLY(type) = 0; |
2755 |
+ C_TYPE_FIELDS_READONLY(type) = 0; |
2756 |
-+ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) |
2757 |
++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { |
2758 |
++ TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); |
2759 |
+ TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type)); |
2760 |
++ } |
2761 |
+} |
2762 |
+ |
2763 |
+static void deconstify_tree(tree node) |
2764 |
@@ -105558,6 +105742,7 @@ index 0000000..3e46b2f |
2765 |
+ TYPE_READONLY(type) = 1; |
2766 |
+ C_TYPE_FIELDS_READONLY(type) = 1; |
2767 |
+ TYPE_CONSTIFY_VISITED(type) = 1; |
2768 |
++// TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); |
2769 |
+// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type)); |
2770 |
+} |
2771 |
+ |
2772 |
@@ -105669,7 +105854,7 @@ index 0000000..3e46b2f |
2773 |
+ TYPE_CONSTIFY_VISITED(type) = 1; |
2774 |
+} |
2775 |
+ |
2776 |
-+static void check_global_variables(void) |
2777 |
++static void check_global_variables(void *event_data, void *data) |
2778 |
+{ |
2779 |
+ struct varpool_node *node; |
2780 |
+ |
2781 |
@@ -105742,21 +105927,15 @@ index 0000000..3e46b2f |
2782 |
+ return ret; |
2783 |
+} |
2784 |
+ |
2785 |
-+static unsigned int check_variables(void) |
2786 |
-+{ |
2787 |
-+ check_global_variables(); |
2788 |
-+ return check_local_variables(); |
2789 |
-+} |
2790 |
-+ |
2791 |
+static struct gimple_opt_pass pass_local_variable = { |
2792 |
+ { |
2793 |
+ .type = GIMPLE_PASS, |
2794 |
-+ .name = "check_variables", |
2795 |
++ .name = "check_local_variables", |
2796 |
+#if BUILDING_GCC_VERSION >= 4008 |
2797 |
+ .optinfo_flags = OPTGROUP_NONE, |
2798 |
+#endif |
2799 |
+ .gate = NULL, |
2800 |
-+ .execute = check_variables, |
2801 |
++ .execute = check_local_variables, |
2802 |
+ .sub = NULL, |
2803 |
+ .next = NULL, |
2804 |
+ .static_pass_number = 0, |
2805 |
@@ -105843,6 +106022,7 @@ index 0000000..3e46b2f |
2806 |
+ |
2807 |
+ register_callback(plugin_name, PLUGIN_INFO, NULL, &const_plugin_info); |
2808 |
+ if (constify) { |
2809 |
++ register_callback(plugin_name, PLUGIN_ALL_IPA_PASSES_START, check_global_variables, NULL); |
2810 |
+ register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); |
2811 |
+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info); |
2812 |
+ register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL); |
2813 |
@@ -106950,10 +107130,10 @@ index 0000000..679b9ef |
2814 |
+} |
2815 |
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data |
2816 |
new file mode 100644 |
2817 |
-index 0000000..2d131cc |
2818 |
+index 0000000..7b67f2b |
2819 |
--- /dev/null |
2820 |
+++ b/tools/gcc/size_overflow_hash.data |
2821 |
-@@ -0,0 +1,5998 @@ |
2822 |
+@@ -0,0 +1,6001 @@ |
2823 |
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL |
2824 |
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL |
2825 |
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL |
2826 |
@@ -107612,6 +107792,7 @@ index 0000000..2d131cc |
2827 |
+ext3_try_to_allocate_7590 ext3_try_to_allocate 3-5-0 7590 NULL |
2828 |
+create_dir_7614 create_dir 0 7614 NULL nohasharray |
2829 |
+groups_alloc_7614 groups_alloc 1 7614 &create_dir_7614 |
2830 |
++cpumask_first_7648 cpumask_first 0 7648 NULL |
2831 |
+set_connectable_7649 set_connectable 4 7649 NULL |
2832 |
+skb_copy_expand_7685 skb_copy_expand 3-2 7685 NULL nohasharray |
2833 |
+acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 1-2 7685 &skb_copy_expand_7685 |
2834 |
@@ -109798,6 +109979,7 @@ index 0000000..2d131cc |
2835 |
+lbs_failcount_read_31063 lbs_failcount_read 3 31063 NULL |
2836 |
+find_next_bit_le_31064 find_next_bit_le 0-2-3 31064 NULL |
2837 |
+sys_mincore_31079 sys_mincore 2-1 31079 NULL |
2838 |
++scb_status_31084 scb_status 0 31084 NULL |
2839 |
+sctp_setsockopt_context_31091 sctp_setsockopt_context 3 31091 NULL |
2840 |
+find_mergeable_31093 find_mergeable 2 31093 NULL |
2841 |
+compat_sys_get_mempolicy_31109 compat_sys_get_mempolicy 3 31109 NULL |
2842 |
@@ -111385,6 +111567,7 @@ index 0000000..2d131cc |
2843 |
+hash_setkey_48310 hash_setkey 3 48310 NULL |
2844 |
+bcm_download_config_file_48313 bcm_download_config_file 0 48313 NULL |
2845 |
+skb_add_data_48363 skb_add_data 3 48363 NULL |
2846 |
++eexp_start_irq_48364 eexp_start_irq 2 48364 NULL |
2847 |
+iscsi_complete_pdu_48372 iscsi_complete_pdu 4 48372 NULL |
2848 |
+lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL |
2849 |
+snd_power_wait_48422 snd_power_wait 0 48422 NULL |
2850 |
@@ -112954,10 +113137,10 @@ index 0000000..2d131cc |
2851 |
+selnl_msglen_65499 selnl_msglen 0 65499 NULL |
2852 |
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c |
2853 |
new file mode 100644 |
2854 |
-index 0000000..62a1ae8 |
2855 |
+index 0000000..50f8464 |
2856 |
--- /dev/null |
2857 |
+++ b/tools/gcc/size_overflow_plugin.c |
2858 |
-@@ -0,0 +1,4050 @@ |
2859 |
+@@ -0,0 +1,4072 @@ |
2860 |
+/* |
2861 |
+ * Copyright 2011, 2012, 2013, 2014 by Emese Revfy <re.emese@×××××.com> |
2862 |
+ * Licensed under the GPL v2, or (at your option) v3 |
2863 |
@@ -113018,9 +113201,9 @@ index 0000000..62a1ae8 |
2864 |
+#define MIN_CHECK true |
2865 |
+#define MAX_CHECK false |
2866 |
+ |
2867 |
-+#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t" |
2868 |
-+#define YES_ASM_STR "# size_overflow MARK_YES\n\t" |
2869 |
-+#define OK_ASM_STR "# size_overflow\n\t" |
2870 |
++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF " |
2871 |
++#define YES_ASM_STR "# size_overflow MARK_YES " |
2872 |
++#define OK_ASM_STR "# size_overflow " |
2873 |
+ |
2874 |
+#if BUILDING_GCC_VERSION == 4005 |
2875 |
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) |
2876 |
@@ -113087,7 +113270,7 @@ index 0000000..62a1ae8 |
2877 |
+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3); |
2878 |
+ |
2879 |
+static struct plugin_info size_overflow_plugin_info = { |
2880 |
-+ .version = "20140102beta", |
2881 |
++ .version = "20140111beta", |
2882 |
+ .help = "no-size-overflow\tturn off size overflow checking\n", |
2883 |
+}; |
2884 |
+ |
2885 |
@@ -115177,7 +115360,7 @@ index 0000000..62a1ae8 |
2886 |
+ str = get_asm_string(stmt); |
2887 |
+ if (!str) |
2888 |
+ return false; |
2889 |
-+ return !strcmp(str, TURN_OFF_ASM_STR); |
2890 |
++ return !strncmp(str, TURN_OFF_ASM_STR, sizeof(TURN_OFF_ASM_STR) - 1); |
2891 |
+} |
2892 |
+ |
2893 |
+static bool is_size_overflow_intentional_asm_yes(const_gimple stmt) |
2894 |
@@ -115187,7 +115370,7 @@ index 0000000..62a1ae8 |
2895 |
+ str = get_asm_string(stmt); |
2896 |
+ if (!str) |
2897 |
+ return false; |
2898 |
-+ return !strcmp(str, YES_ASM_STR); |
2899 |
++ return !strncmp(str, YES_ASM_STR, sizeof(YES_ASM_STR) - 1); |
2900 |
+} |
2901 |
+ |
2902 |
+static bool is_size_overflow_asm(const_gimple stmt) |
2903 |
@@ -115197,7 +115380,7 @@ index 0000000..62a1ae8 |
2904 |
+ str = get_asm_string(stmt); |
2905 |
+ if (!str) |
2906 |
+ return false; |
2907 |
-+ return !strncmp(str, "# size_overflow", 15); |
2908 |
++ return !strncmp(str, OK_ASM_STR, sizeof(OK_ASM_STR) - 1); |
2909 |
+} |
2910 |
+ |
2911 |
+static void print_missing_intentional(enum mark callee_attr, enum mark caller_attr, const_tree decl, unsigned int argnum) |
2912 |
@@ -116295,9 +116478,8 @@ index 0000000..62a1ae8 |
2913 |
+ |
2914 |
+ switch (cur_fndecl_attr) { |
2915 |
+ case MARK_NO: |
2916 |
-+ return MARK_NO; |
2917 |
+ case MARK_TURN_OFF: |
2918 |
-+ return MARK_TURN_OFF; |
2919 |
++ return cur_fndecl_attr; |
2920 |
+ default: |
2921 |
+ print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum); |
2922 |
+ return MARK_YES; |
2923 |
@@ -116437,6 +116619,23 @@ index 0000000..62a1ae8 |
2924 |
+ update_stmt(stmt); |
2925 |
+} |
2926 |
+ |
2927 |
++static char *create_asm_comment(unsigned int argnum, const_gimple stmt , const char *mark_str) |
2928 |
++{ |
2929 |
++ const char *fn_name; |
2930 |
++ char *asm_comment; |
2931 |
++ unsigned int len; |
2932 |
++ |
2933 |
++ if (argnum == 0) |
2934 |
++ fn_name = NAME(current_function_decl); |
2935 |
++ else |
2936 |
++ fn_name = NAME(gimple_call_fndecl(stmt)); |
2937 |
++ |
2938 |
++ len = asprintf(&asm_comment, "%s %s %u", mark_str, fn_name, argnum); |
2939 |
++ gcc_assert(len > 0); |
2940 |
++ |
2941 |
++ return asm_comment; |
2942 |
++} |
2943 |
++ |
2944 |
+static const char *convert_mark_to_str(enum mark mark) |
2945 |
+{ |
2946 |
+ switch (mark) { |
2947 |
@@ -116465,8 +116664,6 @@ index 0000000..62a1ae8 |
2948 |
+ return; |
2949 |
+ } |
2950 |
+ |
2951 |
-+ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt)); |
2952 |
-+ |
2953 |
+ asm_data->input = create_new_var(TREE_TYPE(asm_data->output)); |
2954 |
+ asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt); |
2955 |
+ |
2956 |
@@ -116480,16 +116677,20 @@ index 0000000..62a1ae8 |
2957 |
+ break; |
2958 |
+ case GIMPLE_NOP: { |
2959 |
+ enum mark mark; |
2960 |
-+ const char *str; |
2961 |
++ const char *mark_str; |
2962 |
++ char *asm_comment; |
2963 |
+ |
2964 |
+ mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum); |
2965 |
-+ str = convert_mark_to_str(mark); |
2966 |
+ |
2967 |
+ asm_data->input = asm_data->output; |
2968 |
+ asm_data->output = NULL; |
2969 |
+ asm_data->def_stmt = stmt; |
2970 |
+ |
2971 |
-+ create_asm_stmt(str, build_string(2, "rm"), NULL, asm_data); |
2972 |
++ mark_str = convert_mark_to_str(mark); |
2973 |
++ asm_comment = create_asm_comment(argnum, stmt, mark_str); |
2974 |
++ |
2975 |
++ create_asm_stmt(asm_comment, build_string(2, "rm"), NULL, asm_data); |
2976 |
++ free(asm_comment); |
2977 |
+ asm_data->input = NULL_TREE; |
2978 |
+ break; |
2979 |
+ } |
2980 |
@@ -116512,7 +116713,8 @@ index 0000000..62a1ae8 |
2981 |
+static void create_size_overflow_asm(gimple stmt, tree output_node, unsigned int argnum) |
2982 |
+{ |
2983 |
+ struct asm_data asm_data; |
2984 |
-+ const char *str; |
2985 |
++ const char *mark_str; |
2986 |
++ char *asm_comment; |
2987 |
+ enum mark mark; |
2988 |
+ |
2989 |
+ if (is_gimple_constant(output_node)) |
2990 |
@@ -116520,18 +116722,21 @@ index 0000000..62a1ae8 |
2991 |
+ |
2992 |
+ asm_data.output = output_node; |
2993 |
+ mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum); |
2994 |
-+ if (mark == MARK_TURN_OFF) |
2995 |
-+ return; |
2996 |
-+ |
2997 |
-+ search_missing_size_overflow_attribute_gimple(stmt, argnum); |
2998 |
++ if (mark != MARK_TURN_OFF) |
2999 |
++ search_missing_size_overflow_attribute_gimple(stmt, argnum); |
3000 |
+ |
3001 |
+ asm_data.def_stmt = get_def_stmt(asm_data.output); |
3002 |
++ if (is_size_overflow_intentional_asm_turn_off(asm_data.def_stmt)) |
3003 |
++ return; |
3004 |
++ |
3005 |
+ create_asm_input(stmt, argnum, &asm_data); |
3006 |
+ if (asm_data.input == NULL_TREE) |
3007 |
+ return; |
3008 |
+ |
3009 |
-+ str = convert_mark_to_str(mark); |
3010 |
-+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data); |
3011 |
++ mark_str = convert_mark_to_str(mark); |
3012 |
++ asm_comment = create_asm_comment(argnum, stmt, mark_str); |
3013 |
++ create_asm_stmt(asm_comment, build_string(1, "0"), build_string(3, "=rm"), &asm_data); |
3014 |
++ free(asm_comment); |
3015 |
+} |
3016 |
+ |
3017 |
+// Insert an asm stmt with "MARK_TURN_OFF", "MARK_YES" or "MARK_NOT_INTENTIONAL". |