Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.2.28/, 2.6.32/, 3.5.2/
Date: Wed, 29 Aug 2012 03:50:35
Message-Id: 1346212177.faf75b3fcbabeaab23af0a979389878c0f945e36.blueness@gentoo
1 commit: faf75b3fcbabeaab23af0a979389878c0f945e36
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Wed Aug 29 03:49:37 2012 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Wed Aug 29 03:49:37 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=faf75b3f
7
8 Grsec/PaX: 2.9.1-{2.6.32.59,3.2.28,3.5.2}-201208271906
9
10 ---
11 2.6.32/0000_README | 2 +-
12 ..._grsecurity-2.9.1-2.6.32.59-201208271903.patch} | 380 +++++++++++-------
13 3.2.28/0000_README | 2 +-
14 ...420_grsecurity-2.9.1-3.2.28-201208271905.patch} | 419 ++++++++++++--------
15 3.5.2/0000_README | 2 +-
16 ...4420_grsecurity-2.9.1-3.5.3-201208271906.patch} | 175 ++++++---
17 6 files changed, 600 insertions(+), 380 deletions(-)
18
19 diff --git a/2.6.32/0000_README b/2.6.32/0000_README
20 index 9c19fa1..16680e5 100644
21 --- a/2.6.32/0000_README
22 +++ b/2.6.32/0000_README
23 @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch
24 From: http://www.kernel.org
25 Desc: Linux 2.6.32.59
26
27 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch
28 +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
29 From: http://www.grsecurity.net
30 Desc: hardened-sources base patch from upstream grsecurity
31
32
33 diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
34 similarity index 99%
35 rename from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch
36 rename to 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
37 index da02455..63a8206 100644
38 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208232048.patch
39 +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208271903.patch
40 @@ -4802,6 +4802,26 @@ index b97c2d6..dd01a6a 100644
41 }
42 return error;
43 }
44 +diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c
45 +index 3370e62..527c659 100644
46 +--- a/arch/powerpc/kernel/syscalls.c
47 ++++ b/arch/powerpc/kernel/syscalls.c
48 +@@ -201,11 +201,11 @@ long ppc64_personality(unsigned long personality)
49 + long ret;
50 +
51 + if (personality(current->personality) == PER_LINUX32
52 +- && personality == PER_LINUX)
53 +- personality = PER_LINUX32;
54 ++ && personality(personality) == PER_LINUX)
55 ++ personality = (personality & ~PER_MASK) | PER_LINUX32;
56 + ret = sys_personality(personality);
57 +- if (ret == PER_LINUX32)
58 +- ret = PER_LINUX;
59 ++ if (personality(ret) == PER_LINUX32)
60 ++ ret = (ret & ~PER_MASK) | PER_LINUX;
61 + return ret;
62 + }
63 + #endif
64 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
65 index 6f0ae1a..e4b6a56 100644
66 --- a/arch/powerpc/kernel/traps.c
67 @@ -9657,7 +9677,7 @@ index 588a7aa..a3468b0 100644
68
69 if (err)
70 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
71 -index 4edd8eb..29124b4 100644
72 +index 4edd8eb..273579e 100644
73 --- a/arch/x86/ia32/ia32entry.S
74 +++ b/arch/x86/ia32/ia32entry.S
75 @@ -13,7 +13,9 @@
76 @@ -9716,7 +9736,7 @@ index 4edd8eb..29124b4 100644
77 movl %ebp,%ebp /* zero extension */
78 pushq $__USER32_DS
79 CFI_ADJUST_CFA_OFFSET 8
80 -@@ -135,28 +157,42 @@ ENTRY(ia32_sysenter_target)
81 +@@ -135,28 +157,47 @@ ENTRY(ia32_sysenter_target)
82 pushfq
83 CFI_ADJUST_CFA_OFFSET 8
84 /*CFI_REL_OFFSET rflags,0*/
85 @@ -9739,6 +9759,11 @@ index 4edd8eb..29124b4 100644
86 cld
87 SAVE_ARGS 0,0,1
88 + pax_enter_kernel_user
89 ++
90 ++#ifdef CONFIG_PAX_RANDKSTACK
91 ++ pax_erase_kstack
92 ++#endif
93 ++
94 + /*
95 + * No need to follow this irqs on/off section: the syscall
96 + * disabled irqs, here we enable it straight after entry:
97 @@ -9765,7 +9790,7 @@ index 4edd8eb..29124b4 100644
98 CFI_REMEMBER_STATE
99 jnz sysenter_tracesys
100 cmpq $(IA32_NR_syscalls-1),%rax
101 -@@ -166,13 +202,15 @@ sysenter_do_call:
102 +@@ -166,13 +207,15 @@ sysenter_do_call:
103 sysenter_dispatch:
104 call *ia32_sys_call_table(,%rax,8)
105 movq %rax,RAX-ARGOFFSET(%rsp)
106 @@ -9784,7 +9809,7 @@ index 4edd8eb..29124b4 100644
107 /* clear IF, that popfq doesn't enable interrupts early */
108 andl $~0x200,EFLAGS-R11(%rsp)
109 movl RIP-R11(%rsp),%edx /* User %eip */
110 -@@ -200,6 +238,9 @@ sysexit_from_sys_call:
111 +@@ -200,6 +243,9 @@ sysexit_from_sys_call:
112 movl %eax,%esi /* 2nd arg: syscall number */
113 movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
114 call audit_syscall_entry
115 @@ -9794,7 +9819,7 @@ index 4edd8eb..29124b4 100644
116 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
117 cmpq $(IA32_NR_syscalls-1),%rax
118 ja ia32_badsys
119 -@@ -211,7 +252,7 @@ sysexit_from_sys_call:
120 +@@ -211,7 +257,7 @@ sysexit_from_sys_call:
121 .endm
122
123 .macro auditsys_exit exit
124 @@ -9803,7 +9828,7 @@ index 4edd8eb..29124b4 100644
125 jnz ia32_ret_from_sys_call
126 TRACE_IRQS_ON
127 sti
128 -@@ -221,12 +262,12 @@ sysexit_from_sys_call:
129 +@@ -221,12 +267,12 @@ sysexit_from_sys_call:
130 movzbl %al,%edi /* zero-extend that into %edi */
131 inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
132 call audit_syscall_exit
133 @@ -9818,7 +9843,7 @@ index 4edd8eb..29124b4 100644
134 jz \exit
135 CLEAR_RREGS -ARGOFFSET
136 jmp int_with_check
137 -@@ -244,7 +285,7 @@ sysexit_audit:
138 +@@ -244,7 +290,7 @@ sysexit_audit:
139
140 sysenter_tracesys:
141 #ifdef CONFIG_AUDITSYSCALL
142 @@ -9827,17 +9852,17 @@ index 4edd8eb..29124b4 100644
143 jz sysenter_auditsys
144 #endif
145 SAVE_REST
146 -@@ -252,6 +293,9 @@ sysenter_tracesys:
147 - movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
148 - movq %rsp,%rdi /* &pt_regs -> arg1 */
149 - call syscall_trace_enter
150 +@@ -256,6 +302,9 @@ sysenter_tracesys:
151 + RESTORE_REST
152 + cmpq $(IA32_NR_syscalls-1),%rax
153 + ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
154 +
155 + pax_erase_kstack
156 +
157 - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
158 - RESTORE_REST
159 - cmpq $(IA32_NR_syscalls-1),%rax
160 -@@ -283,19 +327,20 @@ ENDPROC(ia32_sysenter_target)
161 + jmp sysenter_do_call
162 + CFI_ENDPROC
163 + ENDPROC(ia32_sysenter_target)
164 +@@ -283,19 +332,25 @@ ENDPROC(ia32_sysenter_target)
165 ENTRY(ia32_cstar_target)
166 CFI_STARTPROC32 simple
167 CFI_SIGNAL_FRAME
168 @@ -9851,6 +9876,11 @@ index 4edd8eb..29124b4 100644
169 movq PER_CPU_VAR(kernel_stack),%rsp
170 + SAVE_ARGS 8*6,1,1
171 + pax_enter_kernel_user
172 ++
173 ++#ifdef CONFIG_PAX_RANDKSTACK
174 ++ pax_erase_kstack
175 ++#endif
176 ++
177 /*
178 * No need to follow this irqs on/off section: the syscall
179 * disabled irqs and here we enable it straight after entry:
180 @@ -9860,7 +9890,7 @@ index 4edd8eb..29124b4 100644
181 movl %eax,%eax /* zero extension */
182 movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
183 movq %rcx,RIP-ARGOFFSET(%rsp)
184 -@@ -311,13 +356,19 @@ ENTRY(ia32_cstar_target)
185 +@@ -311,13 +366,19 @@ ENTRY(ia32_cstar_target)
186 /* no need to do an access_ok check here because r8 has been
187 32bit zero extended */
188 /* hardware stack frame is complete now */
189 @@ -9883,7 +9913,7 @@ index 4edd8eb..29124b4 100644
190 CFI_REMEMBER_STATE
191 jnz cstar_tracesys
192 cmpq $IA32_NR_syscalls-1,%rax
193 -@@ -327,13 +378,15 @@ cstar_do_call:
194 +@@ -327,13 +388,15 @@ cstar_do_call:
195 cstar_dispatch:
196 call *ia32_sys_call_table(,%rax,8)
197 movq %rax,RAX-ARGOFFSET(%rsp)
198 @@ -9902,7 +9932,7 @@ index 4edd8eb..29124b4 100644
199 RESTORE_ARGS 1,-ARG_SKIP,1,1,1
200 movl RIP-ARGOFFSET(%rsp),%ecx
201 CFI_REGISTER rip,rcx
202 -@@ -361,7 +414,7 @@ sysretl_audit:
203 +@@ -361,7 +424,7 @@ sysretl_audit:
204
205 cstar_tracesys:
206 #ifdef CONFIG_AUDITSYSCALL
207 @@ -9911,17 +9941,17 @@ index 4edd8eb..29124b4 100644
208 jz cstar_auditsys
209 #endif
210 xchgl %r9d,%ebp
211 -@@ -370,6 +423,9 @@ cstar_tracesys:
212 - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
213 - movq %rsp,%rdi /* &pt_regs -> arg1 */
214 - call syscall_trace_enter
215 +@@ -375,6 +438,9 @@ cstar_tracesys:
216 + xchgl %ebp,%r9d
217 + cmpq $(IA32_NR_syscalls-1),%rax
218 + ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
219 +
220 + pax_erase_kstack
221 +
222 - LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
223 - RESTORE_REST
224 - xchgl %ebp,%r9d
225 -@@ -415,11 +471,6 @@ ENTRY(ia32_syscall)
226 + jmp cstar_do_call
227 + END(ia32_cstar_target)
228 +
229 +@@ -415,11 +481,6 @@ ENTRY(ia32_syscall)
230 CFI_REL_OFFSET rip,RIP-RIP
231 PARAVIRT_ADJUST_EXCEPTION_FRAME
232 SWAPGS
233 @@ -9933,7 +9963,7 @@ index 4edd8eb..29124b4 100644
234 movl %eax,%eax
235 pushq %rax
236 CFI_ADJUST_CFA_OFFSET 8
237 -@@ -427,9 +478,15 @@ ENTRY(ia32_syscall)
238 +@@ -427,9 +488,20 @@ ENTRY(ia32_syscall)
239 /* note the registers are not zero extended to the sf.
240 this could be a problem. */
241 SAVE_ARGS 0,0,1
242 @@ -9941,6 +9971,11 @@ index 4edd8eb..29124b4 100644
243 - orl $TS_COMPAT,TI_status(%r10)
244 - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
245 + pax_enter_kernel_user
246 ++
247 ++#ifdef CONFIG_PAX_RANDKSTACK
248 ++ pax_erase_kstack
249 ++#endif
250 ++
251 + /*
252 + * No need to follow this irqs on/off section: the syscall
253 + * disabled irqs and here we enable it straight after entry:
254 @@ -9952,17 +9987,17 @@ index 4edd8eb..29124b4 100644
255 jnz ia32_tracesys
256 cmpq $(IA32_NR_syscalls-1),%rax
257 ja ia32_badsys
258 -@@ -448,6 +505,9 @@ ia32_tracesys:
259 - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
260 - movq %rsp,%rdi /* &pt_regs -> arg1 */
261 - call syscall_trace_enter
262 +@@ -452,6 +524,9 @@ ia32_tracesys:
263 + RESTORE_REST
264 + cmpq $(IA32_NR_syscalls-1),%rax
265 + ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */
266 +
267 + pax_erase_kstack
268 +
269 - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
270 - RESTORE_REST
271 - cmpq $(IA32_NR_syscalls-1),%rax
272 -@@ -462,6 +522,7 @@ ia32_badsys:
273 + jmp ia32_do_call
274 + END(ia32_syscall)
275 +
276 +@@ -462,6 +537,7 @@ ia32_badsys:
277
278 quiet_ni_syscall:
279 movq $-ENOSYS,%rax
280 @@ -17126,7 +17161,7 @@ index 4c07cca..2c8427d 100644
281 ret
282 ENDPROC(efi_call6)
283 diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
284 -index c097e7d..853746c 100644
285 +index c097e7d..a3f1930 100644
286 --- a/arch/x86/kernel/entry_32.S
287 +++ b/arch/x86/kernel/entry_32.S
288 @@ -95,12 +95,6 @@
289 @@ -17142,7 +17177,7 @@ index c097e7d..853746c 100644
290 /*
291 * User gs save/restore
292 *
293 -@@ -185,13 +179,146 @@
294 +@@ -185,13 +179,153 @@
295 /*CFI_REL_OFFSET gs, PT_GS*/
296 .endm
297 .macro SET_KERNEL_GS reg
298 @@ -17246,10 +17281,10 @@ index c097e7d..853746c 100644
299 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
300 +/*
301 + * ebp: thread_info
302 -+ * ecx, edx: can be clobbered
303 + */
304 +ENTRY(pax_erase_kstack)
305 + pushl %edi
306 ++ pushl %ecx
307 + pushl %eax
308 +
309 + mov TI_lowest_stack(%ebp), %edi
310 @@ -17273,6 +17308,12 @@ index c097e7d..853746c 100644
311 +2: cld
312 + mov %esp, %ecx
313 + sub %edi, %ecx
314 ++
315 ++ cmp $THREAD_SIZE_asm, %ecx
316 ++ jb 3f
317 ++ ud2
318 ++3:
319 ++
320 + shr $2, %ecx
321 + rep stosl
322 +
323 @@ -17281,6 +17322,7 @@ index c097e7d..853746c 100644
324 + mov %edi, TI_lowest_stack(%ebp)
325 +
326 + popl %eax
327 ++ popl %ecx
328 + popl %edi
329 + ret
330 +ENDPROC(pax_erase_kstack)
331 @@ -17290,7 +17332,7 @@ index c097e7d..853746c 100644
332 cld
333 PUSH_GS
334 pushl %fs
335 -@@ -224,7 +351,7 @@
336 +@@ -224,7 +358,7 @@
337 pushl %ebx
338 CFI_ADJUST_CFA_OFFSET 4
339 CFI_REL_OFFSET ebx, 0
340 @@ -17299,7 +17341,7 @@ index c097e7d..853746c 100644
341 movl %edx, %ds
342 movl %edx, %es
343 movl $(__KERNEL_PERCPU), %edx
344 -@@ -232,6 +359,15 @@
345 +@@ -232,6 +366,15 @@
346 SET_KERNEL_GS %edx
347 .endm
348
349 @@ -17315,7 +17357,7 @@ index c097e7d..853746c 100644
350 .macro RESTORE_INT_REGS
351 popl %ebx
352 CFI_ADJUST_CFA_OFFSET -4
353 -@@ -331,7 +467,7 @@ ENTRY(ret_from_fork)
354 +@@ -331,7 +474,7 @@ ENTRY(ret_from_fork)
355 CFI_ADJUST_CFA_OFFSET -4
356 jmp syscall_exit
357 CFI_ENDPROC
358 @@ -17324,7 +17366,7 @@ index c097e7d..853746c 100644
359
360 /*
361 * Return to user mode is not as complex as all this looks,
362 -@@ -347,12 +483,29 @@ ret_from_exception:
363 +@@ -347,12 +490,29 @@ ret_from_exception:
364 preempt_stop(CLBR_ANY)
365 ret_from_intr:
366 GET_THREAD_INFO(%ebp)
367 @@ -17355,7 +17397,7 @@ index c097e7d..853746c 100644
368
369 ENTRY(resume_userspace)
370 LOCKDEP_SYS_EXIT
371 -@@ -364,8 +517,8 @@ ENTRY(resume_userspace)
372 +@@ -364,8 +524,8 @@ ENTRY(resume_userspace)
373 andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
374 # int/exception return?
375 jne work_pending
376 @@ -17366,7 +17408,7 @@ index c097e7d..853746c 100644
377
378 #ifdef CONFIG_PREEMPT
379 ENTRY(resume_kernel)
380 -@@ -380,7 +533,7 @@ need_resched:
381 +@@ -380,7 +540,7 @@ need_resched:
382 jz restore_all
383 call preempt_schedule_irq
384 jmp need_resched
385 @@ -17375,7 +17417,7 @@ index c097e7d..853746c 100644
386 #endif
387 CFI_ENDPROC
388
389 -@@ -414,25 +567,36 @@ sysenter_past_esp:
390 +@@ -414,25 +574,36 @@ sysenter_past_esp:
391 /*CFI_REL_OFFSET cs, 0*/
392 /*
393 * Push current_thread_info()->sysenter_return to the stack.
394 @@ -17415,7 +17457,18 @@ index c097e7d..853746c 100644
395 movl %ebp,PT_EBP(%esp)
396 .section __ex_table,"a"
397 .align 4
398 -@@ -455,12 +619,24 @@ sysenter_do_call:
399 +@@ -441,6 +612,10 @@ sysenter_past_esp:
400 +
401 + GET_THREAD_INFO(%ebp)
402 +
403 ++#ifdef CONFIG_PAX_RANDKSTACK
404 ++ pax_erase_kstack
405 ++#endif
406 ++
407 + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
408 + jnz sysenter_audit
409 + sysenter_do_call:
410 +@@ -455,12 +630,24 @@ sysenter_do_call:
411 testl $_TIF_ALLWORK_MASK, %ecx
412 jne sysexit_audit
413 sysenter_exit:
414 @@ -17440,7 +17493,7 @@ index c097e7d..853746c 100644
415 PTGS_TO_GS
416 ENABLE_INTERRUPTS_SYSEXIT
417
418 -@@ -477,6 +653,9 @@ sysenter_audit:
419 +@@ -477,6 +664,9 @@ sysenter_audit:
420 movl %eax,%edx /* 2nd arg: syscall number */
421 movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
422 call audit_syscall_entry
423 @@ -17450,7 +17503,7 @@ index c097e7d..853746c 100644
424 pushl %ebx
425 CFI_ADJUST_CFA_OFFSET 4
426 movl PT_EAX(%esp),%eax /* reload syscall number */
427 -@@ -504,11 +683,17 @@ sysexit_audit:
428 +@@ -504,11 +694,17 @@ sysexit_audit:
429
430 CFI_ENDPROC
431 .pushsection .fixup,"ax"
432 @@ -17470,7 +17523,19 @@ index c097e7d..853746c 100644
433 .popsection
434 PTGS_TO_GS_EX
435 ENDPROC(ia32_sysenter_target)
436 -@@ -538,6 +723,15 @@ syscall_exit:
437 +@@ -520,6 +716,11 @@ ENTRY(system_call)
438 + CFI_ADJUST_CFA_OFFSET 4
439 + SAVE_ALL
440 + GET_THREAD_INFO(%ebp)
441 ++
442 ++#ifdef CONFIG_PAX_RANDKSTACK
443 ++ pax_erase_kstack
444 ++#endif
445 ++
446 + # system call tracing in operation / emulation
447 + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
448 + jnz syscall_trace_entry
449 +@@ -538,6 +739,15 @@ syscall_exit:
450 testl $_TIF_ALLWORK_MASK, %ecx # current->work
451 jne syscall_exit_work
452
453 @@ -17486,7 +17551,7 @@ index c097e7d..853746c 100644
454 restore_all:
455 TRACE_IRQS_IRET
456 restore_all_notrace:
457 -@@ -602,10 +796,29 @@ ldt_ss:
458 +@@ -602,10 +812,29 @@ ldt_ss:
459 mov PT_OLDESP(%esp), %eax /* load userspace esp */
460 mov %dx, %ax /* eax: new kernel esp */
461 sub %eax, %edx /* offset (low word is 0) */
462 @@ -17517,7 +17582,7 @@ index c097e7d..853746c 100644
463 pushl $__ESPFIX_SS
464 CFI_ADJUST_CFA_OFFSET 4
465 push %eax /* new kernel esp */
466 -@@ -636,36 +849,30 @@ work_resched:
467 +@@ -636,36 +865,30 @@ work_resched:
468 movl TI_flags(%ebp), %ecx
469 andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
470 # than syscall tracing?
471 @@ -17559,7 +17624,7 @@ index c097e7d..853746c 100644
472
473 # perform syscall exit tracing
474 ALIGN
475 -@@ -673,11 +880,14 @@ syscall_trace_entry:
476 +@@ -673,11 +896,14 @@ syscall_trace_entry:
477 movl $-ENOSYS,PT_EAX(%esp)
478 movl %esp, %eax
479 call syscall_trace_enter
480 @@ -17575,7 +17640,7 @@ index c097e7d..853746c 100644
481
482 # perform syscall exit tracing
483 ALIGN
484 -@@ -690,20 +900,24 @@ syscall_exit_work:
485 +@@ -690,20 +916,24 @@ syscall_exit_work:
486 movl %esp, %eax
487 call syscall_trace_leave
488 jmp resume_userspace
489 @@ -17603,7 +17668,7 @@ index c097e7d..853746c 100644
490 CFI_ENDPROC
491
492 /*
493 -@@ -726,6 +940,33 @@ PTREGSCALL(rt_sigreturn)
494 +@@ -726,6 +956,33 @@ PTREGSCALL(rt_sigreturn)
495 PTREGSCALL(vm86)
496 PTREGSCALL(vm86old)
497
498 @@ -17637,7 +17702,7 @@ index c097e7d..853746c 100644
499 .macro FIXUP_ESPFIX_STACK
500 /*
501 * Switch back for ESPFIX stack to the normal zerobased stack
502 -@@ -735,7 +976,13 @@ PTREGSCALL(vm86old)
503 +@@ -735,7 +992,13 @@ PTREGSCALL(vm86old)
504 * normal stack and adjusts ESP with the matching offset.
505 */
506 /* fixup the stack */
507 @@ -17652,7 +17717,7 @@ index c097e7d..853746c 100644
508 mov GDT_ENTRY_ESPFIX_SS * 8 + 4(%ebx), %al /* bits 16..23 */
509 mov GDT_ENTRY_ESPFIX_SS * 8 + 7(%ebx), %ah /* bits 24..31 */
510 shl $16, %eax
511 -@@ -793,7 +1040,7 @@ vector=vector+1
512 +@@ -793,7 +1056,7 @@ vector=vector+1
513 .endr
514 2: jmp common_interrupt
515 .endr
516 @@ -17661,7 +17726,7 @@ index c097e7d..853746c 100644
517
518 .previous
519 END(interrupt)
520 -@@ -840,7 +1087,7 @@ ENTRY(coprocessor_error)
521 +@@ -840,7 +1103,7 @@ ENTRY(coprocessor_error)
522 CFI_ADJUST_CFA_OFFSET 4
523 jmp error_code
524 CFI_ENDPROC
525 @@ -17670,7 +17735,7 @@ index c097e7d..853746c 100644
526
527 ENTRY(simd_coprocessor_error)
528 RING0_INT_FRAME
529 -@@ -850,7 +1097,7 @@ ENTRY(simd_coprocessor_error)
530 +@@ -850,7 +1113,7 @@ ENTRY(simd_coprocessor_error)
531 CFI_ADJUST_CFA_OFFSET 4
532 jmp error_code
533 CFI_ENDPROC
534 @@ -17679,7 +17744,7 @@ index c097e7d..853746c 100644
535
536 ENTRY(device_not_available)
537 RING0_INT_FRAME
538 -@@ -860,7 +1107,7 @@ ENTRY(device_not_available)
539 +@@ -860,7 +1123,7 @@ ENTRY(device_not_available)
540 CFI_ADJUST_CFA_OFFSET 4
541 jmp error_code
542 CFI_ENDPROC
543 @@ -17688,7 +17753,7 @@ index c097e7d..853746c 100644
544
545 #ifdef CONFIG_PARAVIRT
546 ENTRY(native_iret)
547 -@@ -869,12 +1116,12 @@ ENTRY(native_iret)
548 +@@ -869,12 +1132,12 @@ ENTRY(native_iret)
549 .align 4
550 .long native_iret, iret_exc
551 .previous
552 @@ -17703,7 +17768,7 @@ index c097e7d..853746c 100644
553 #endif
554
555 ENTRY(overflow)
556 -@@ -885,7 +1132,7 @@ ENTRY(overflow)
557 +@@ -885,7 +1148,7 @@ ENTRY(overflow)
558 CFI_ADJUST_CFA_OFFSET 4
559 jmp error_code
560 CFI_ENDPROC
561 @@ -17712,7 +17777,7 @@ index c097e7d..853746c 100644
562
563 ENTRY(bounds)
564 RING0_INT_FRAME
565 -@@ -895,7 +1142,7 @@ ENTRY(bounds)
566 +@@ -895,7 +1158,7 @@ ENTRY(bounds)
567 CFI_ADJUST_CFA_OFFSET 4
568 jmp error_code
569 CFI_ENDPROC
570 @@ -17721,7 +17786,7 @@ index c097e7d..853746c 100644
571
572 ENTRY(invalid_op)
573 RING0_INT_FRAME
574 -@@ -905,7 +1152,7 @@ ENTRY(invalid_op)
575 +@@ -905,7 +1168,7 @@ ENTRY(invalid_op)
576 CFI_ADJUST_CFA_OFFSET 4
577 jmp error_code
578 CFI_ENDPROC
579 @@ -17730,7 +17795,7 @@ index c097e7d..853746c 100644
580
581 ENTRY(coprocessor_segment_overrun)
582 RING0_INT_FRAME
583 -@@ -915,7 +1162,7 @@ ENTRY(coprocessor_segment_overrun)
584 +@@ -915,7 +1178,7 @@ ENTRY(coprocessor_segment_overrun)
585 CFI_ADJUST_CFA_OFFSET 4
586 jmp error_code
587 CFI_ENDPROC
588 @@ -17739,7 +17804,7 @@ index c097e7d..853746c 100644
589
590 ENTRY(invalid_TSS)
591 RING0_EC_FRAME
592 -@@ -923,7 +1170,7 @@ ENTRY(invalid_TSS)
593 +@@ -923,7 +1186,7 @@ ENTRY(invalid_TSS)
594 CFI_ADJUST_CFA_OFFSET 4
595 jmp error_code
596 CFI_ENDPROC
597 @@ -17748,7 +17813,7 @@ index c097e7d..853746c 100644
598
599 ENTRY(segment_not_present)
600 RING0_EC_FRAME
601 -@@ -931,7 +1178,7 @@ ENTRY(segment_not_present)
602 +@@ -931,7 +1194,7 @@ ENTRY(segment_not_present)
603 CFI_ADJUST_CFA_OFFSET 4
604 jmp error_code
605 CFI_ENDPROC
606 @@ -17757,7 +17822,7 @@ index c097e7d..853746c 100644
607
608 ENTRY(stack_segment)
609 RING0_EC_FRAME
610 -@@ -939,7 +1186,7 @@ ENTRY(stack_segment)
611 +@@ -939,7 +1202,7 @@ ENTRY(stack_segment)
612 CFI_ADJUST_CFA_OFFSET 4
613 jmp error_code
614 CFI_ENDPROC
615 @@ -17766,7 +17831,7 @@ index c097e7d..853746c 100644
616
617 ENTRY(alignment_check)
618 RING0_EC_FRAME
619 -@@ -947,7 +1194,7 @@ ENTRY(alignment_check)
620 +@@ -947,7 +1210,7 @@ ENTRY(alignment_check)
621 CFI_ADJUST_CFA_OFFSET 4
622 jmp error_code
623 CFI_ENDPROC
624 @@ -17775,7 +17840,7 @@ index c097e7d..853746c 100644
625
626 ENTRY(divide_error)
627 RING0_INT_FRAME
628 -@@ -957,7 +1204,7 @@ ENTRY(divide_error)
629 +@@ -957,7 +1220,7 @@ ENTRY(divide_error)
630 CFI_ADJUST_CFA_OFFSET 4
631 jmp error_code
632 CFI_ENDPROC
633 @@ -17784,7 +17849,7 @@ index c097e7d..853746c 100644
634
635 #ifdef CONFIG_X86_MCE
636 ENTRY(machine_check)
637 -@@ -968,7 +1215,7 @@ ENTRY(machine_check)
638 +@@ -968,7 +1231,7 @@ ENTRY(machine_check)
639 CFI_ADJUST_CFA_OFFSET 4
640 jmp error_code
641 CFI_ENDPROC
642 @@ -17793,7 +17858,7 @@ index c097e7d..853746c 100644
643 #endif
644
645 ENTRY(spurious_interrupt_bug)
646 -@@ -979,7 +1226,7 @@ ENTRY(spurious_interrupt_bug)
647 +@@ -979,7 +1242,7 @@ ENTRY(spurious_interrupt_bug)
648 CFI_ADJUST_CFA_OFFSET 4
649 jmp error_code
650 CFI_ENDPROC
651 @@ -17802,7 +17867,7 @@ index c097e7d..853746c 100644
652
653 ENTRY(kernel_thread_helper)
654 pushl $0 # fake return address for unwinder
655 -@@ -1095,7 +1342,7 @@ ENDPROC(xen_failsafe_callback)
656 +@@ -1095,7 +1358,7 @@ ENDPROC(xen_failsafe_callback)
657
658 ENTRY(mcount)
659 ret
660 @@ -17811,7 +17876,7 @@ index c097e7d..853746c 100644
661
662 ENTRY(ftrace_caller)
663 cmpl $0, function_trace_stop
664 -@@ -1124,7 +1371,7 @@ ftrace_graph_call:
665 +@@ -1124,7 +1387,7 @@ ftrace_graph_call:
666 .globl ftrace_stub
667 ftrace_stub:
668 ret
669 @@ -17820,7 +17885,7 @@ index c097e7d..853746c 100644
670
671 #else /* ! CONFIG_DYNAMIC_FTRACE */
672
673 -@@ -1160,7 +1407,7 @@ trace:
674 +@@ -1160,7 +1423,7 @@ trace:
675 popl %ecx
676 popl %eax
677 jmp ftrace_stub
678 @@ -17829,7 +17894,7 @@ index c097e7d..853746c 100644
679 #endif /* CONFIG_DYNAMIC_FTRACE */
680 #endif /* CONFIG_FUNCTION_TRACER */
681
682 -@@ -1181,7 +1428,7 @@ ENTRY(ftrace_graph_caller)
683 +@@ -1181,7 +1444,7 @@ ENTRY(ftrace_graph_caller)
684 popl %ecx
685 popl %eax
686 ret
687 @@ -17838,7 +17903,7 @@ index c097e7d..853746c 100644
688
689 .globl return_to_handler
690 return_to_handler:
691 -@@ -1198,7 +1445,6 @@ return_to_handler:
692 +@@ -1198,7 +1461,6 @@ return_to_handler:
693 ret
694 #endif
695
696 @@ -17846,7 +17911,7 @@ index c097e7d..853746c 100644
697 #include "syscall_table_32.S"
698
699 syscall_table_size=(.-sys_call_table)
700 -@@ -1255,15 +1501,18 @@ error_code:
701 +@@ -1255,15 +1517,18 @@ error_code:
702 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
703 REG_TO_PTGS %ecx
704 SET_KERNEL_GS %ecx
705 @@ -17867,7 +17932,7 @@ index c097e7d..853746c 100644
706
707 /*
708 * Debug traps and NMI can happen at the one SYSENTER instruction
709 -@@ -1309,7 +1558,7 @@ debug_stack_correct:
710 +@@ -1309,7 +1574,7 @@ debug_stack_correct:
711 call do_debug
712 jmp ret_from_exception
713 CFI_ENDPROC
714 @@ -17876,7 +17941,7 @@ index c097e7d..853746c 100644
715
716 /*
717 * NMI is doubly nasty. It can happen _while_ we're handling
718 -@@ -1351,6 +1600,9 @@ nmi_stack_correct:
719 +@@ -1351,6 +1616,9 @@ nmi_stack_correct:
720 xorl %edx,%edx # zero error code
721 movl %esp,%eax # pt_regs pointer
722 call do_nmi
723 @@ -17886,7 +17951,7 @@ index c097e7d..853746c 100644
724 jmp restore_all_notrace
725 CFI_ENDPROC
726
727 -@@ -1391,12 +1643,15 @@ nmi_espfix_stack:
728 +@@ -1391,12 +1659,15 @@ nmi_espfix_stack:
729 FIXUP_ESPFIX_STACK # %eax == %esp
730 xorl %edx,%edx # zero error code
731 call do_nmi
732 @@ -17903,7 +17968,7 @@ index c097e7d..853746c 100644
733
734 ENTRY(int3)
735 RING0_INT_FRAME
736 -@@ -1409,7 +1664,7 @@ ENTRY(int3)
737 +@@ -1409,7 +1680,7 @@ ENTRY(int3)
738 call do_int3
739 jmp ret_from_exception
740 CFI_ENDPROC
741 @@ -17912,7 +17977,7 @@ index c097e7d..853746c 100644
742
743 ENTRY(general_protection)
744 RING0_EC_FRAME
745 -@@ -1417,7 +1672,7 @@ ENTRY(general_protection)
746 +@@ -1417,7 +1688,7 @@ ENTRY(general_protection)
747 CFI_ADJUST_CFA_OFFSET 4
748 jmp error_code
749 CFI_ENDPROC
750 @@ -17922,7 +17987,7 @@ index c097e7d..853746c 100644
751 /*
752 * End of kprobes section
753 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
754 -index 34a56a9..74613c5 100644
755 +index 34a56a9..0d13843 100644
756 --- a/arch/x86/kernel/entry_64.S
757 +++ b/arch/x86/kernel/entry_64.S
758 @@ -53,6 +53,8 @@
759 @@ -17998,7 +18063,7 @@ index 34a56a9..74613c5 100644
760 retq
761 #endif
762
763 -@@ -174,6 +182,282 @@ ENTRY(native_usergs_sysret64)
764 +@@ -174,6 +182,280 @@ ENTRY(native_usergs_sysret64)
765 ENDPROC(native_usergs_sysret64)
766 #endif /* CONFIG_PARAVIRT */
767
768 @@ -18227,12 +18292,9 @@ index 34a56a9..74613c5 100644
769 +.endm
770 +
771 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
772 -+/*
773 -+ * r11: thread_info
774 -+ * rcx, rdx: can be clobbered
775 -+ */
776 +ENTRY(pax_erase_kstack)
777 + pushq %rdi
778 ++ pushq %rcx
779 + pushq %rax
780 + pushq %r11
781 +
782 @@ -18273,6 +18335,7 @@ index 34a56a9..74613c5 100644
783 +
784 + popq %r11
785 + popq %rax
786 ++ popq %rcx
787 + popq %rdi
788 + pax_force_retaddr
789 + ret
790 @@ -18281,7 +18344,7 @@ index 34a56a9..74613c5 100644
791
792 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
793 #ifdef CONFIG_TRACE_IRQFLAGS
794 -@@ -233,8 +517,8 @@ ENDPROC(native_usergs_sysret64)
795 +@@ -233,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
796 .endm
797
798 .macro UNFAKE_STACK_FRAME
799 @@ -18292,7 +18355,7 @@ index 34a56a9..74613c5 100644
800 .endm
801
802 /*
803 -@@ -317,7 +601,7 @@ ENTRY(save_args)
804 +@@ -317,7 +599,7 @@ ENTRY(save_args)
805 leaq -ARGOFFSET+16(%rsp),%rdi /* arg1 for handler */
806 movq_cfi rbp, 8 /* push %rbp */
807 leaq 8(%rsp), %rbp /* mov %rsp, %ebp */
808 @@ -18301,7 +18364,7 @@ index 34a56a9..74613c5 100644
809 je 1f
810 SWAPGS
811 /*
812 -@@ -337,9 +621,10 @@ ENTRY(save_args)
813 +@@ -337,9 +619,10 @@ ENTRY(save_args)
814 * We entered an interrupt context - irqs are off:
815 */
816 2: TRACE_IRQS_OFF
817 @@ -18313,7 +18376,7 @@ index 34a56a9..74613c5 100644
818
819 ENTRY(save_rest)
820 PARTIAL_FRAME 1 REST_SKIP+8
821 -@@ -352,9 +637,10 @@ ENTRY(save_rest)
822 +@@ -352,9 +635,10 @@ ENTRY(save_rest)
823 movq_cfi r15, R15+16
824 movq %r11, 8(%rsp) /* return address */
825 FIXUP_TOP_OF_STACK %r11, 16
826 @@ -18325,7 +18388,7 @@ index 34a56a9..74613c5 100644
827
828 /* save complete stack frame */
829 .pushsection .kprobes.text, "ax"
830 -@@ -383,9 +669,10 @@ ENTRY(save_paranoid)
831 +@@ -383,9 +667,10 @@ ENTRY(save_paranoid)
832 js 1f /* negative -> in kernel */
833 SWAPGS
834 xorl %ebx,%ebx
835 @@ -18338,7 +18401,7 @@ index 34a56a9..74613c5 100644
836 .popsection
837
838 /*
839 -@@ -409,7 +696,7 @@ ENTRY(ret_from_fork)
840 +@@ -409,7 +694,7 @@ ENTRY(ret_from_fork)
841
842 RESTORE_REST
843
844 @@ -18347,7 +18410,7 @@ index 34a56a9..74613c5 100644
845 je int_ret_from_sys_call
846
847 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
848 -@@ -419,7 +706,7 @@ ENTRY(ret_from_fork)
849 +@@ -419,7 +704,7 @@ ENTRY(ret_from_fork)
850 jmp ret_from_sys_call # go to the SYSRET fastpath
851
852 CFI_ENDPROC
853 @@ -18356,7 +18419,7 @@ index 34a56a9..74613c5 100644
854
855 /*
856 * System call entry. Upto 6 arguments in registers are supported.
857 -@@ -455,7 +742,7 @@ END(ret_from_fork)
858 +@@ -455,7 +740,7 @@ END(ret_from_fork)
859 ENTRY(system_call)
860 CFI_STARTPROC simple
861 CFI_SIGNAL_FRAME
862 @@ -18365,12 +18428,17 @@ index 34a56a9..74613c5 100644
863 CFI_REGISTER rip,rcx
864 /*CFI_REGISTER rflags,r11*/
865 SWAPGS_UNSAFE_STACK
866 -@@ -468,12 +755,13 @@ ENTRY(system_call_after_swapgs)
867 +@@ -468,12 +753,18 @@ ENTRY(system_call_after_swapgs)
868
869 movq %rsp,PER_CPU_VAR(old_rsp)
870 movq PER_CPU_VAR(kernel_stack),%rsp
871 + SAVE_ARGS 8*6,1
872 + pax_enter_kernel_user
873 ++
874 ++#ifdef CONFIG_PAX_RANDKSTACK
875 ++ pax_erase_kstack
876 ++#endif
877 ++
878 /*
879 * No need to follow this irqs off/on section - it's straight
880 * and short:
881 @@ -18380,7 +18448,7 @@ index 34a56a9..74613c5 100644
882 movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
883 movq %rcx,RIP-ARGOFFSET(%rsp)
884 CFI_REL_OFFSET rip,RIP-ARGOFFSET
885 -@@ -483,7 +771,7 @@ ENTRY(system_call_after_swapgs)
886 +@@ -483,7 +774,7 @@ ENTRY(system_call_after_swapgs)
887 system_call_fastpath:
888 cmpq $__NR_syscall_max,%rax
889 ja badsys
890 @@ -18389,7 +18457,7 @@ index 34a56a9..74613c5 100644
891 call *sys_call_table(,%rax,8) # XXX: rip relative
892 movq %rax,RAX-ARGOFFSET(%rsp)
893 /*
894 -@@ -502,6 +790,8 @@ sysret_check:
895 +@@ -502,6 +793,8 @@ sysret_check:
896 andl %edi,%edx
897 jnz sysret_careful
898 CFI_REMEMBER_STATE
899 @@ -18398,7 +18466,7 @@ index 34a56a9..74613c5 100644
900 /*
901 * sysretq will re-enable interrupts:
902 */
903 -@@ -555,14 +845,18 @@ badsys:
904 +@@ -555,14 +848,18 @@ badsys:
905 * jump back to the normal fast path.
906 */
907 auditsys:
908 @@ -18418,7 +18486,7 @@ index 34a56a9..74613c5 100644
909 jmp system_call_fastpath
910
911 /*
912 -@@ -592,16 +886,20 @@ tracesys:
913 +@@ -592,16 +889,20 @@ tracesys:
914 FIXUP_TOP_OF_STACK %rdi
915 movq %rsp,%rdi
916 call syscall_trace_enter
917 @@ -18440,7 +18508,7 @@ index 34a56a9..74613c5 100644
918 call *sys_call_table(,%rax,8)
919 movq %rax,RAX-ARGOFFSET(%rsp)
920 /* Use IRET because user could have changed frame */
921 -@@ -613,7 +911,7 @@ tracesys:
922 +@@ -613,7 +914,7 @@ tracesys:
923 GLOBAL(int_ret_from_sys_call)
924 DISABLE_INTERRUPTS(CLBR_NONE)
925 TRACE_IRQS_OFF
926 @@ -18449,15 +18517,18 @@ index 34a56a9..74613c5 100644
927 je retint_restore_args
928 movl $_TIF_ALLWORK_MASK,%edi
929 /* edi: mask to check */
930 -@@ -624,6 +922,7 @@ GLOBAL(int_with_check)
931 +@@ -624,7 +925,9 @@ GLOBAL(int_with_check)
932 andl %edi,%edx
933 jnz int_careful
934 andl $~TS_COMPAT,TI_status(%rcx)
935 +- jmp retint_swapgs
936 ++ pax_exit_kernel_user
937 + pax_erase_kstack
938 - jmp retint_swapgs
939 ++ jmp retint_swapgs_pax
940
941 /* Either reschedule or signal or syscall exit tracking needed. */
942 -@@ -674,7 +973,7 @@ int_restore_rest:
943 + /* First do a reschedule test. */
944 +@@ -674,7 +977,7 @@ int_restore_rest:
945 TRACE_IRQS_OFF
946 jmp int_with_check
947 CFI_ENDPROC
948 @@ -18466,7 +18537,7 @@ index 34a56a9..74613c5 100644
949
950 /*
951 * Certain special system calls that need to save a complete full stack frame.
952 -@@ -690,7 +989,7 @@ ENTRY(\label)
953 +@@ -690,7 +993,7 @@ ENTRY(\label)
954 call \func
955 jmp ptregscall_common
956 CFI_ENDPROC
957 @@ -18475,7 +18546,7 @@ index 34a56a9..74613c5 100644
958 .endm
959
960 PTREGSCALL stub_clone, sys_clone, %r8
961 -@@ -708,9 +1007,10 @@ ENTRY(ptregscall_common)
962 +@@ -708,9 +1011,10 @@ ENTRY(ptregscall_common)
963 movq_cfi_restore R12+8, r12
964 movq_cfi_restore RBP+8, rbp
965 movq_cfi_restore RBX+8, rbx
966 @@ -18487,7 +18558,7 @@ index 34a56a9..74613c5 100644
967
968 ENTRY(stub_execve)
969 CFI_STARTPROC
970 -@@ -726,7 +1026,7 @@ ENTRY(stub_execve)
971 +@@ -726,7 +1030,7 @@ ENTRY(stub_execve)
972 RESTORE_REST
973 jmp int_ret_from_sys_call
974 CFI_ENDPROC
975 @@ -18496,7 +18567,7 @@ index 34a56a9..74613c5 100644
976
977 /*
978 * sigreturn is special because it needs to restore all registers on return.
979 -@@ -744,7 +1044,7 @@ ENTRY(stub_rt_sigreturn)
980 +@@ -744,7 +1048,7 @@ ENTRY(stub_rt_sigreturn)
981 RESTORE_REST
982 jmp int_ret_from_sys_call
983 CFI_ENDPROC
984 @@ -18505,7 +18576,7 @@ index 34a56a9..74613c5 100644
985
986 /*
987 * Build the entry stubs and pointer table with some assembler magic.
988 -@@ -780,7 +1080,7 @@ vector=vector+1
989 +@@ -780,7 +1084,7 @@ vector=vector+1
990 2: jmp common_interrupt
991 .endr
992 CFI_ENDPROC
993 @@ -18514,7 +18585,7 @@ index 34a56a9..74613c5 100644
994
995 .previous
996 END(interrupt)
997 -@@ -800,6 +1100,16 @@ END(interrupt)
998 +@@ -800,6 +1104,16 @@ END(interrupt)
999 CFI_ADJUST_CFA_OFFSET 10*8
1000 call save_args
1001 PARTIAL_FRAME 0
1002 @@ -18531,7 +18602,7 @@ index 34a56a9..74613c5 100644
1003 call \func
1004 .endm
1005
1006 -@@ -822,7 +1132,7 @@ ret_from_intr:
1007 +@@ -822,7 +1136,7 @@ ret_from_intr:
1008 CFI_ADJUST_CFA_OFFSET -8
1009 exit_intr:
1010 GET_THREAD_INFO(%rcx)
1011 @@ -18540,11 +18611,12 @@ index 34a56a9..74613c5 100644
1012 je retint_kernel
1013
1014 /* Interrupt came from user space */
1015 -@@ -844,12 +1154,15 @@ retint_swapgs: /* return to user-space */
1016 +@@ -844,12 +1158,16 @@ retint_swapgs: /* return to user-space */
1017 * The iretq could re-enable interrupts:
1018 */
1019 DISABLE_INTERRUPTS(CLBR_ANY)
1020 + pax_exit_kernel_user
1021 ++retint_swapgs_pax:
1022 TRACE_IRQS_IRETQ
1023 SWAPGS
1024 jmp restore_args
1025 @@ -18556,7 +18628,7 @@ index 34a56a9..74613c5 100644
1026 /*
1027 * The iretq could re-enable interrupts:
1028 */
1029 -@@ -940,7 +1253,7 @@ ENTRY(retint_kernel)
1030 +@@ -940,7 +1258,7 @@ ENTRY(retint_kernel)
1031 #endif
1032
1033 CFI_ENDPROC
1034 @@ -18565,7 +18637,7 @@ index 34a56a9..74613c5 100644
1035
1036 /*
1037 * APIC interrupts.
1038 -@@ -953,7 +1266,7 @@ ENTRY(\sym)
1039 +@@ -953,7 +1271,7 @@ ENTRY(\sym)
1040 interrupt \do_sym
1041 jmp ret_from_intr
1042 CFI_ENDPROC
1043 @@ -18574,7 +18646,7 @@ index 34a56a9..74613c5 100644
1044 .endm
1045
1046 #ifdef CONFIG_SMP
1047 -@@ -1032,12 +1345,22 @@ ENTRY(\sym)
1048 +@@ -1032,12 +1350,22 @@ ENTRY(\sym)
1049 CFI_ADJUST_CFA_OFFSET 15*8
1050 call error_entry
1051 DEFAULT_FRAME 0
1052 @@ -18598,7 +18670,7 @@ index 34a56a9..74613c5 100644
1053 .endm
1054
1055 .macro paranoidzeroentry sym do_sym
1056 -@@ -1049,12 +1372,22 @@ ENTRY(\sym)
1057 +@@ -1049,12 +1377,22 @@ ENTRY(\sym)
1058 subq $15*8, %rsp
1059 call save_paranoid
1060 TRACE_IRQS_OFF
1061 @@ -18622,7 +18694,7 @@ index 34a56a9..74613c5 100644
1062 .endm
1063
1064 .macro paranoidzeroentry_ist sym do_sym ist
1065 -@@ -1066,15 +1399,30 @@ ENTRY(\sym)
1066 +@@ -1066,15 +1404,30 @@ ENTRY(\sym)
1067 subq $15*8, %rsp
1068 call save_paranoid
1069 TRACE_IRQS_OFF
1070 @@ -18655,7 +18727,7 @@ index 34a56a9..74613c5 100644
1071 .endm
1072
1073 .macro errorentry sym do_sym
1074 -@@ -1085,13 +1433,23 @@ ENTRY(\sym)
1075 +@@ -1085,13 +1438,23 @@ ENTRY(\sym)
1076 CFI_ADJUST_CFA_OFFSET 15*8
1077 call error_entry
1078 DEFAULT_FRAME 0
1079 @@ -18680,7 +18752,7 @@ index 34a56a9..74613c5 100644
1080 .endm
1081
1082 /* error code is on the stack already */
1083 -@@ -1104,13 +1462,23 @@ ENTRY(\sym)
1084 +@@ -1104,13 +1467,23 @@ ENTRY(\sym)
1085 call save_paranoid
1086 DEFAULT_FRAME 0
1087 TRACE_IRQS_OFF
1088 @@ -18705,7 +18777,7 @@ index 34a56a9..74613c5 100644
1089 .endm
1090
1091 zeroentry divide_error do_divide_error
1092 -@@ -1141,9 +1509,10 @@ gs_change:
1093 +@@ -1141,9 +1514,10 @@ gs_change:
1094 SWAPGS
1095 popf
1096 CFI_ADJUST_CFA_OFFSET -8
1097 @@ -18717,7 +18789,7 @@ index 34a56a9..74613c5 100644
1098
1099 .section __ex_table,"a"
1100 .align 8
1101 -@@ -1193,11 +1562,12 @@ ENTRY(kernel_thread)
1102 +@@ -1193,11 +1567,12 @@ ENTRY(kernel_thread)
1103 * of hacks for example to fork off the per-CPU idle tasks.
1104 * [Hopefully no generic code relies on the reschedule -AK]
1105 */
1106 @@ -18732,7 +18804,7 @@ index 34a56a9..74613c5 100644
1107
1108 ENTRY(child_rip)
1109 pushq $0 # fake return address
1110 -@@ -1208,13 +1578,14 @@ ENTRY(child_rip)
1111 +@@ -1208,13 +1583,14 @@ ENTRY(child_rip)
1112 */
1113 movq %rdi, %rax
1114 movq %rsi, %rdi
1115 @@ -18748,7 +18820,7 @@ index 34a56a9..74613c5 100644
1116
1117 /*
1118 * execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
1119 -@@ -1241,11 +1612,11 @@ ENTRY(kernel_execve)
1120 +@@ -1241,11 +1617,11 @@ ENTRY(kernel_execve)
1121 RESTORE_REST
1122 testq %rax,%rax
1123 je int_ret_from_sys_call
1124 @@ -18762,7 +18834,7 @@ index 34a56a9..74613c5 100644
1125
1126 /* Call softirq on interrupt stack. Interrupts are off. */
1127 ENTRY(call_softirq)
1128 -@@ -1263,9 +1634,10 @@ ENTRY(call_softirq)
1129 +@@ -1263,9 +1639,10 @@ ENTRY(call_softirq)
1130 CFI_DEF_CFA_REGISTER rsp
1131 CFI_ADJUST_CFA_OFFSET -8
1132 decl PER_CPU_VAR(irq_count)
1133 @@ -18774,7 +18846,7 @@ index 34a56a9..74613c5 100644
1134
1135 #ifdef CONFIG_XEN
1136 zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
1137 -@@ -1303,7 +1675,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
1138 +@@ -1303,7 +1680,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
1139 decl PER_CPU_VAR(irq_count)
1140 jmp error_exit
1141 CFI_ENDPROC
1142 @@ -18783,7 +18855,7 @@ index 34a56a9..74613c5 100644
1143
1144 /*
1145 * Hypervisor uses this for application faults while it executes.
1146 -@@ -1362,7 +1734,7 @@ ENTRY(xen_failsafe_callback)
1147 +@@ -1362,7 +1739,7 @@ ENTRY(xen_failsafe_callback)
1148 SAVE_ALL
1149 jmp error_exit
1150 CFI_ENDPROC
1151 @@ -18792,7 +18864,7 @@ index 34a56a9..74613c5 100644
1152
1153 #endif /* CONFIG_XEN */
1154
1155 -@@ -1405,16 +1777,31 @@ ENTRY(paranoid_exit)
1156 +@@ -1405,16 +1782,31 @@ ENTRY(paranoid_exit)
1157 TRACE_IRQS_OFF
1158 testl %ebx,%ebx /* swapgs needed? */
1159 jnz paranoid_restore
1160 @@ -18825,7 +18897,7 @@ index 34a56a9..74613c5 100644
1161 jmp irq_return
1162 paranoid_userspace:
1163 GET_THREAD_INFO(%rcx)
1164 -@@ -1443,7 +1830,7 @@ paranoid_schedule:
1165 +@@ -1443,7 +1835,7 @@ paranoid_schedule:
1166 TRACE_IRQS_OFF
1167 jmp paranoid_userspace
1168 CFI_ENDPROC
1169 @@ -18834,7 +18906,7 @@ index 34a56a9..74613c5 100644
1170
1171 /*
1172 * Exception entry point. This expects an error code/orig_rax on the stack.
1173 -@@ -1470,12 +1857,13 @@ ENTRY(error_entry)
1174 +@@ -1470,12 +1862,13 @@ ENTRY(error_entry)
1175 movq_cfi r14, R14+8
1176 movq_cfi r15, R15+8
1177 xorl %ebx,%ebx
1178 @@ -18849,7 +18921,7 @@ index 34a56a9..74613c5 100644
1179 ret
1180 CFI_ENDPROC
1181
1182 -@@ -1497,7 +1885,7 @@ error_kernelspace:
1183 +@@ -1497,7 +1890,7 @@ error_kernelspace:
1184 cmpq $gs_change,RIP+8(%rsp)
1185 je error_swapgs
1186 jmp error_sti
1187 @@ -18858,7 +18930,7 @@ index 34a56a9..74613c5 100644
1188
1189
1190 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
1191 -@@ -1517,7 +1905,7 @@ ENTRY(error_exit)
1192 +@@ -1517,7 +1910,7 @@ ENTRY(error_exit)
1193 jnz retint_careful
1194 jmp retint_swapgs
1195 CFI_ENDPROC
1196 @@ -18867,7 +18939,7 @@ index 34a56a9..74613c5 100644
1197
1198
1199 /* runs on exception stack */
1200 -@@ -1529,6 +1917,16 @@ ENTRY(nmi)
1201 +@@ -1529,6 +1922,16 @@ ENTRY(nmi)
1202 CFI_ADJUST_CFA_OFFSET 15*8
1203 call save_paranoid
1204 DEFAULT_FRAME 0
1205 @@ -18884,7 +18956,7 @@ index 34a56a9..74613c5 100644
1206 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
1207 movq %rsp,%rdi
1208 movq $-1,%rsi
1209 -@@ -1539,12 +1937,28 @@ ENTRY(nmi)
1210 +@@ -1539,12 +1942,28 @@ ENTRY(nmi)
1211 DISABLE_INTERRUPTS(CLBR_NONE)
1212 testl %ebx,%ebx /* swapgs needed? */
1213 jnz nmi_restore
1214 @@ -18914,7 +18986,7 @@ index 34a56a9..74613c5 100644
1215 jmp irq_return
1216 nmi_userspace:
1217 GET_THREAD_INFO(%rcx)
1218 -@@ -1573,14 +1987,14 @@ nmi_schedule:
1219 +@@ -1573,14 +1992,14 @@ nmi_schedule:
1220 jmp paranoid_exit
1221 CFI_ENDPROC
1222 #endif
1223 @@ -68795,7 +68867,7 @@ index 90a6087..fa05803 100644
1224 if (rc < 0)
1225 goto out_free;
1226 diff --git a/fs/eventpoll.c b/fs/eventpoll.c
1227 -index f539204..068db1f 100644
1228 +index f539204..b2ad18e 100644
1229 --- a/fs/eventpoll.c
1230 +++ b/fs/eventpoll.c
1231 @@ -200,6 +200,12 @@ struct eventpoll {
1232 @@ -69086,8 +69158,8 @@ index f539204..068db1f 100644
1233 + error = PTR_ERR(file);
1234 + goto out_free_fd;
1235 + }
1236 -+ fd_install(fd, file);
1237 + ep->file = file;
1238 ++ fd_install(fd, file);
1239 + return fd;
1240
1241 +out_free_fd:
1242 @@ -107553,10 +107625,10 @@ index d52f7a0..b66cdd9 100755
1243 rm -f tags
1244 xtags ctags
1245 diff --git a/security/Kconfig b/security/Kconfig
1246 -index fb363cd..124d914 100644
1247 +index fb363cd..a34a964 100644
1248 --- a/security/Kconfig
1249 +++ b/security/Kconfig
1250 -@@ -4,6 +4,870 @@
1251 +@@ -4,6 +4,882 @@
1252
1253 menu "Security options"
1254
1255 @@ -108140,6 +108212,10 @@ index fb363cd..124d914 100644
1256 + Select the method used to instrument function pointer dereferences.
1257 + Note that binary modules cannot be instrumented by this approach.
1258 +
1259 ++ Note that the implementation requires a gcc with plugin support,
1260 ++ i.e., gcc 4.5 or newer. You may need to install the supporting
1261 ++ headers explicitly in addition to the normal gcc package.
1262 ++
1263 + config PAX_KERNEXEC_PLUGIN_METHOD_BTS
1264 + bool "bts"
1265 + help
1266 @@ -108313,11 +108389,12 @@ index fb363cd..124d914 100644
1267 + and you are advised to test this feature on your expected workload
1268 + before deploying it.
1269 +
1270 -+ Note: full support for this feature requires gcc with plugin support
1271 -+ so make sure your compiler is at least gcc 4.5.0. Using older gcc
1272 -+ versions means that functions with large enough stack frames may
1273 -+ leave uninitialized memory behind that may be exposed to a later
1274 -+ syscall leaking the stack.
1275 ++ Note that the full feature requires a gcc with plugin support,
1276 ++ i.e., gcc 4.5 or newer. You may need to install the supporting
1277 ++ headers explicitly in addition to the normal gcc package. Using
1278 ++ older gcc versions means that functions with large enough stack
1279 ++ frames may leave uninitialized memory behind that may be exposed
1280 ++ to a later syscall leaking the stack.
1281 +
1282 +config PAX_MEMORY_UDEREF
1283 + bool "Prevent invalid userland pointer dereference"
1284 @@ -108395,11 +108472,14 @@ index fb363cd..124d914 100644
1285 + arguments marked by a size_overflow attribute with double integer
1286 + precision (DImode/TImode for 32/64 bit integer types).
1287 +
1288 -+ The recomputed argument is checked against INT_MAX and an event
1289 ++ The recomputed argument is checked against TYPE_MAX and an event
1290 + is logged on overflow and the triggering process is killed.
1291 +
1292 -+ Homepage:
1293 -+ http://www.grsecurity.net/~ephox/overflow_plugin/
1294 ++ Homepage: http://www.grsecurity.net/~ephox/overflow_plugin/
1295 ++
1296 ++ Note that the implementation requires a gcc with plugin support,
1297 ++ i.e., gcc 4.5 or newer. You may need to install the supporting
1298 ++ headers explicitly in addition to the normal gcc package.
1299 +
1300 +config PAX_LATENT_ENTROPY
1301 + bool "Generate some entropy during boot"
1302 @@ -108411,6 +108491,10 @@ index fb363cd..124d914 100644
1303 + there is little 'natural' source of entropy normally. The cost
1304 + is some slowdown of the boot process.
1305 +
1306 ++ Note that the implementation requires a gcc with plugin support,
1307 ++ i.e., gcc 4.5 or newer. You may need to install the supporting
1308 ++ headers explicitly in addition to the normal gcc package.
1309 ++
1310 + Note that entropy extracted this way is not cryptographically
1311 + secure!
1312 +
1313 @@ -108427,7 +108511,7 @@ index fb363cd..124d914 100644
1314 config KEYS
1315 bool "Enable access key retention support"
1316 help
1317 -@@ -146,7 +1010,7 @@ config INTEL_TXT
1318 +@@ -146,7 +1022,7 @@ config INTEL_TXT
1319 config LSM_MMAP_MIN_ADDR
1320 int "Low address space for LSM to protect from user allocation"
1321 depends on SECURITY && SECURITY_SELINUX
1322
1323 diff --git a/3.2.28/0000_README b/3.2.28/0000_README
1324 index af762d4..8e8f3c9 100644
1325 --- a/3.2.28/0000_README
1326 +++ b/3.2.28/0000_README
1327 @@ -30,7 +30,7 @@ Patch: 1027_linux-3.2.28.patch
1328 From: http://www.kernel.org
1329 Desc: Linux 3.2.28
1330
1331 -Patch: 4420_grsecurity-2.9.1-3.2.28-201208232048.patch
1332 +Patch: 4420_grsecurity-2.9.1-3.2.28-201208271905.patch
1333 From: http://www.grsecurity.net
1334 Desc: hardened-sources base patch from upstream grsecurity
1335
1336
1337 diff --git a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch
1338 similarity index 99%
1339 rename from 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch
1340 rename to 3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch
1341 index 3457f14..11d1b8e 100644
1342 --- a/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208232048.patch
1343 +++ b/3.2.28/4420_grsecurity-2.9.1-3.2.28-201208271905.patch
1344 @@ -4435,6 +4435,26 @@ index a50b5ec..547078a 100644
1345 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
1346 } else {
1347 err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
1348 +diff --git a/arch/powerpc/kernel/syscalls.c b/arch/powerpc/kernel/syscalls.c
1349 +index f2496f2..4e3cc47 100644
1350 +--- a/arch/powerpc/kernel/syscalls.c
1351 ++++ b/arch/powerpc/kernel/syscalls.c
1352 +@@ -107,11 +107,11 @@ long ppc64_personality(unsigned long personality)
1353 + long ret;
1354 +
1355 + if (personality(current->personality) == PER_LINUX32
1356 +- && personality == PER_LINUX)
1357 +- personality = PER_LINUX32;
1358 ++ && personality(personality) == PER_LINUX)
1359 ++ personality = (personality & ~PER_MASK) | PER_LINUX32;
1360 + ret = sys_personality(personality);
1361 +- if (ret == PER_LINUX32)
1362 +- ret = PER_LINUX;
1363 ++ if (personality(ret) == PER_LINUX32)
1364 ++ ret = (ret & ~PER_MASK) | PER_LINUX;
1365 + return ret;
1366 + }
1367 + #endif
1368 diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
1369 index 5459d14..10f8070 100644
1370 --- a/arch/powerpc/kernel/traps.c
1371 @@ -8730,7 +8750,7 @@ index 6557769..ef6ae89 100644
1372
1373 if (err)
1374 diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
1375 -index a6253ec..4ad2120 100644
1376 +index a6253ec..0a325de 100644
1377 --- a/arch/x86/ia32/ia32entry.S
1378 +++ b/arch/x86/ia32/ia32entry.S
1379 @@ -13,7 +13,9 @@
1380 @@ -8789,7 +8809,7 @@ index a6253ec..4ad2120 100644
1381 movl %ebp,%ebp /* zero extension */
1382 pushq_cfi $__USER32_DS
1383 /*CFI_REL_OFFSET ss,0*/
1384 -@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target)
1385 +@@ -134,25 +156,44 @@ ENTRY(ia32_sysenter_target)
1386 CFI_REL_OFFSET rsp,0
1387 pushfq_cfi
1388 /*CFI_REL_OFFSET rflags,0*/
1389 @@ -8809,6 +8829,11 @@ index a6253ec..4ad2120 100644
1390 cld
1391 SAVE_ARGS 0,1,0
1392 + pax_enter_kernel_user
1393 ++
1394 ++#ifdef CONFIG_PAX_RANDKSTACK
1395 ++ pax_erase_kstack
1396 ++#endif
1397 ++
1398 + /*
1399 + * No need to follow this irqs on/off section: the syscall
1400 + * disabled irqs, here we enable it straight after entry:
1401 @@ -8835,7 +8860,7 @@ index a6253ec..4ad2120 100644
1402 CFI_REMEMBER_STATE
1403 jnz sysenter_tracesys
1404 cmpq $(IA32_NR_syscalls-1),%rax
1405 -@@ -162,13 +198,15 @@ sysenter_do_call:
1406 +@@ -162,13 +203,15 @@ sysenter_do_call:
1407 sysenter_dispatch:
1408 call *ia32_sys_call_table(,%rax,8)
1409 movq %rax,RAX-ARGOFFSET(%rsp)
1410 @@ -8854,7 +8879,7 @@ index a6253ec..4ad2120 100644
1411 /* clear IF, that popfq doesn't enable interrupts early */
1412 andl $~0x200,EFLAGS-R11(%rsp)
1413 movl RIP-R11(%rsp),%edx /* User %eip */
1414 -@@ -194,6 +232,9 @@ sysexit_from_sys_call:
1415 +@@ -194,6 +237,9 @@ sysexit_from_sys_call:
1416 movl %eax,%esi /* 2nd arg: syscall number */
1417 movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
1418 call audit_syscall_entry
1419 @@ -8864,7 +8889,7 @@ index a6253ec..4ad2120 100644
1420 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
1421 cmpq $(IA32_NR_syscalls-1),%rax
1422 ja ia32_badsys
1423 -@@ -205,7 +246,7 @@ sysexit_from_sys_call:
1424 +@@ -205,7 +251,7 @@ sysexit_from_sys_call:
1425 .endm
1426
1427 .macro auditsys_exit exit
1428 @@ -8873,7 +8898,7 @@ index a6253ec..4ad2120 100644
1429 jnz ia32_ret_from_sys_call
1430 TRACE_IRQS_ON
1431 sti
1432 -@@ -215,12 +256,12 @@ sysexit_from_sys_call:
1433 +@@ -215,12 +261,12 @@ sysexit_from_sys_call:
1434 movzbl %al,%edi /* zero-extend that into %edi */
1435 inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */
1436 call audit_syscall_exit
1437 @@ -8888,7 +8913,7 @@ index a6253ec..4ad2120 100644
1438 jz \exit
1439 CLEAR_RREGS -ARGOFFSET
1440 jmp int_with_check
1441 -@@ -238,7 +279,7 @@ sysexit_audit:
1442 +@@ -238,7 +284,7 @@ sysexit_audit:
1443
1444 sysenter_tracesys:
1445 #ifdef CONFIG_AUDITSYSCALL
1446 @@ -8897,17 +8922,17 @@ index a6253ec..4ad2120 100644
1447 jz sysenter_auditsys
1448 #endif
1449 SAVE_REST
1450 -@@ -246,6 +287,9 @@ sysenter_tracesys:
1451 - movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */
1452 - movq %rsp,%rdi /* &pt_regs -> arg1 */
1453 - call syscall_trace_enter
1454 +@@ -250,6 +296,9 @@ sysenter_tracesys:
1455 + RESTORE_REST
1456 + cmpq $(IA32_NR_syscalls-1),%rax
1457 + ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
1458 +
1459 + pax_erase_kstack
1460 +
1461 - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1462 - RESTORE_REST
1463 - cmpq $(IA32_NR_syscalls-1),%rax
1464 -@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target)
1465 + jmp sysenter_do_call
1466 + CFI_ENDPROC
1467 + ENDPROC(ia32_sysenter_target)
1468 +@@ -277,19 +326,25 @@ ENDPROC(ia32_sysenter_target)
1469 ENTRY(ia32_cstar_target)
1470 CFI_STARTPROC32 simple
1471 CFI_SIGNAL_FRAME
1472 @@ -8921,6 +8946,11 @@ index a6253ec..4ad2120 100644
1473 movq PER_CPU_VAR(kernel_stack),%rsp
1474 + SAVE_ARGS 8*6,0,0
1475 + pax_enter_kernel_user
1476 ++
1477 ++#ifdef CONFIG_PAX_RANDKSTACK
1478 ++ pax_erase_kstack
1479 ++#endif
1480 ++
1481 /*
1482 * No need to follow this irqs on/off section: the syscall
1483 * disabled irqs and here we enable it straight after entry:
1484 @@ -8930,7 +8960,7 @@ index a6253ec..4ad2120 100644
1485 movl %eax,%eax /* zero extension */
1486 movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
1487 movq %rcx,RIP-ARGOFFSET(%rsp)
1488 -@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target)
1489 +@@ -305,13 +360,19 @@ ENTRY(ia32_cstar_target)
1490 /* no need to do an access_ok check here because r8 has been
1491 32bit zero extended */
1492 /* hardware stack frame is complete now */
1493 @@ -8953,7 +8983,7 @@ index a6253ec..4ad2120 100644
1494 CFI_REMEMBER_STATE
1495 jnz cstar_tracesys
1496 cmpq $IA32_NR_syscalls-1,%rax
1497 -@@ -321,13 +372,15 @@ cstar_do_call:
1498 +@@ -321,13 +382,15 @@ cstar_do_call:
1499 cstar_dispatch:
1500 call *ia32_sys_call_table(,%rax,8)
1501 movq %rax,RAX-ARGOFFSET(%rsp)
1502 @@ -8972,7 +9002,7 @@ index a6253ec..4ad2120 100644
1503 RESTORE_ARGS 0,-ARG_SKIP,0,0,0
1504 movl RIP-ARGOFFSET(%rsp),%ecx
1505 CFI_REGISTER rip,rcx
1506 -@@ -355,7 +408,7 @@ sysretl_audit:
1507 +@@ -355,7 +418,7 @@ sysretl_audit:
1508
1509 cstar_tracesys:
1510 #ifdef CONFIG_AUDITSYSCALL
1511 @@ -8981,17 +9011,17 @@ index a6253ec..4ad2120 100644
1512 jz cstar_auditsys
1513 #endif
1514 xchgl %r9d,%ebp
1515 -@@ -364,6 +417,9 @@ cstar_tracesys:
1516 - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
1517 - movq %rsp,%rdi /* &pt_regs -> arg1 */
1518 - call syscall_trace_enter
1519 +@@ -369,6 +432,9 @@ cstar_tracesys:
1520 + xchgl %ebp,%r9d
1521 + cmpq $(IA32_NR_syscalls-1),%rax
1522 + ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
1523 +
1524 + pax_erase_kstack
1525 +
1526 - LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */
1527 - RESTORE_REST
1528 - xchgl %ebp,%r9d
1529 -@@ -409,20 +465,21 @@ ENTRY(ia32_syscall)
1530 + jmp cstar_do_call
1531 + END(ia32_cstar_target)
1532 +
1533 +@@ -409,20 +475,26 @@ ENTRY(ia32_syscall)
1534 CFI_REL_OFFSET rip,RIP-RIP
1535 PARAVIRT_ADJUST_EXCEPTION_FRAME
1536 SWAPGS
1537 @@ -9010,6 +9040,11 @@ index a6253ec..4ad2120 100644
1538 - orl $TS_COMPAT,TI_status(%r10)
1539 - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10)
1540 + pax_enter_kernel_user
1541 ++
1542 ++#ifdef CONFIG_PAX_RANDKSTACK
1543 ++ pax_erase_kstack
1544 ++#endif
1545 ++
1546 + /*
1547 + * No need to follow this irqs on/off section: the syscall
1548 + * disabled irqs and here we enable it straight after entry:
1549 @@ -9021,17 +9056,17 @@ index a6253ec..4ad2120 100644
1550 jnz ia32_tracesys
1551 cmpq $(IA32_NR_syscalls-1),%rax
1552 ja ia32_badsys
1553 -@@ -441,6 +498,9 @@ ia32_tracesys:
1554 - movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */
1555 - movq %rsp,%rdi /* &pt_regs -> arg1 */
1556 - call syscall_trace_enter
1557 +@@ -445,6 +517,9 @@ ia32_tracesys:
1558 + RESTORE_REST
1559 + cmpq $(IA32_NR_syscalls-1),%rax
1560 + ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */
1561 +
1562 + pax_erase_kstack
1563 +
1564 - LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */
1565 - RESTORE_REST
1566 - cmpq $(IA32_NR_syscalls-1),%rax
1567 -@@ -455,6 +515,7 @@ ia32_badsys:
1568 + jmp ia32_do_call
1569 + END(ia32_syscall)
1570 +
1571 +@@ -455,6 +530,7 @@ ia32_badsys:
1572
1573 quiet_ni_syscall:
1574 movq $-ENOSYS,%rax
1575 @@ -14925,10 +14960,10 @@ index cd28a35..c72ed9a 100644
1576 #include <asm/processor.h>
1577 #include <asm/fcntl.h>
1578 diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
1579 -index bcda816..5c89791 100644
1580 +index bcda816..cbab6db 100644
1581 --- a/arch/x86/kernel/entry_32.S
1582 +++ b/arch/x86/kernel/entry_32.S
1583 -@@ -180,13 +180,146 @@
1584 +@@ -180,13 +180,153 @@
1585 /*CFI_REL_OFFSET gs, PT_GS*/
1586 .endm
1587 .macro SET_KERNEL_GS reg
1588 @@ -15032,10 +15067,10 @@ index bcda816..5c89791 100644
1589 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
1590 +/*
1591 + * ebp: thread_info
1592 -+ * ecx, edx: can be clobbered
1593 + */
1594 +ENTRY(pax_erase_kstack)
1595 + pushl %edi
1596 ++ pushl %ecx
1597 + pushl %eax
1598 +
1599 + mov TI_lowest_stack(%ebp), %edi
1600 @@ -15059,6 +15094,12 @@ index bcda816..5c89791 100644
1601 +2: cld
1602 + mov %esp, %ecx
1603 + sub %edi, %ecx
1604 ++
1605 ++ cmp $THREAD_SIZE_asm, %ecx
1606 ++ jb 3f
1607 ++ ud2
1608 ++3:
1609 ++
1610 + shr $2, %ecx
1611 + rep stosl
1612 +
1613 @@ -15067,6 +15108,7 @@ index bcda816..5c89791 100644
1614 + mov %edi, TI_lowest_stack(%ebp)
1615 +
1616 + popl %eax
1617 ++ popl %ecx
1618 + popl %edi
1619 + ret
1620 +ENDPROC(pax_erase_kstack)
1621 @@ -15076,7 +15118,7 @@ index bcda816..5c89791 100644
1622 cld
1623 PUSH_GS
1624 pushl_cfi %fs
1625 -@@ -209,7 +342,7 @@
1626 +@@ -209,7 +349,7 @@
1627 CFI_REL_OFFSET ecx, 0
1628 pushl_cfi %ebx
1629 CFI_REL_OFFSET ebx, 0
1630 @@ -15085,7 +15127,7 @@ index bcda816..5c89791 100644
1631 movl %edx, %ds
1632 movl %edx, %es
1633 movl $(__KERNEL_PERCPU), %edx
1634 -@@ -217,6 +350,15 @@
1635 +@@ -217,6 +357,15 @@
1636 SET_KERNEL_GS %edx
1637 .endm
1638
1639 @@ -15101,7 +15143,7 @@ index bcda816..5c89791 100644
1640 .macro RESTORE_INT_REGS
1641 popl_cfi %ebx
1642 CFI_RESTORE ebx
1643 -@@ -302,7 +444,7 @@ ENTRY(ret_from_fork)
1644 +@@ -302,7 +451,7 @@ ENTRY(ret_from_fork)
1645 popfl_cfi
1646 jmp syscall_exit
1647 CFI_ENDPROC
1648 @@ -15110,7 +15152,7 @@ index bcda816..5c89791 100644
1649
1650 /*
1651 * Interrupt exit functions should be protected against kprobes
1652 -@@ -336,7 +478,15 @@ resume_userspace_sig:
1653 +@@ -336,7 +485,15 @@ resume_userspace_sig:
1654 andl $SEGMENT_RPL_MASK, %eax
1655 #endif
1656 cmpl $USER_RPL, %eax
1657 @@ -15126,7 +15168,7 @@ index bcda816..5c89791 100644
1658
1659 ENTRY(resume_userspace)
1660 LOCKDEP_SYS_EXIT
1661 -@@ -348,8 +498,8 @@ ENTRY(resume_userspace)
1662 +@@ -348,8 +505,8 @@ ENTRY(resume_userspace)
1663 andl $_TIF_WORK_MASK, %ecx # is there any work to be done on
1664 # int/exception return?
1665 jne work_pending
1666 @@ -15137,7 +15179,7 @@ index bcda816..5c89791 100644
1667
1668 #ifdef CONFIG_PREEMPT
1669 ENTRY(resume_kernel)
1670 -@@ -364,7 +514,7 @@ need_resched:
1671 +@@ -364,7 +521,7 @@ need_resched:
1672 jz restore_all
1673 call preempt_schedule_irq
1674 jmp need_resched
1675 @@ -15146,7 +15188,7 @@ index bcda816..5c89791 100644
1676 #endif
1677 CFI_ENDPROC
1678 /*
1679 -@@ -398,23 +548,34 @@ sysenter_past_esp:
1680 +@@ -398,23 +555,34 @@ sysenter_past_esp:
1681 /*CFI_REL_OFFSET cs, 0*/
1682 /*
1683 * Push current_thread_info()->sysenter_return to the stack.
1684 @@ -15184,7 +15226,18 @@ index bcda816..5c89791 100644
1685 movl %ebp,PT_EBP(%esp)
1686 .section __ex_table,"a"
1687 .align 4
1688 -@@ -437,12 +598,24 @@ sysenter_do_call:
1689 +@@ -423,6 +591,10 @@ sysenter_past_esp:
1690 +
1691 + GET_THREAD_INFO(%ebp)
1692 +
1693 ++#ifdef CONFIG_PAX_RANDKSTACK
1694 ++ pax_erase_kstack
1695 ++#endif
1696 ++
1697 + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
1698 + jnz sysenter_audit
1699 + sysenter_do_call:
1700 +@@ -437,12 +609,24 @@ sysenter_do_call:
1701 testl $_TIF_ALLWORK_MASK, %ecx
1702 jne sysexit_audit
1703 sysenter_exit:
1704 @@ -15209,7 +15262,7 @@ index bcda816..5c89791 100644
1705 PTGS_TO_GS
1706 ENABLE_INTERRUPTS_SYSEXIT
1707
1708 -@@ -459,6 +632,9 @@ sysenter_audit:
1709 +@@ -459,6 +643,9 @@ sysenter_audit:
1710 movl %eax,%edx /* 2nd arg: syscall number */
1711 movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */
1712 call audit_syscall_entry
1713 @@ -15219,7 +15272,7 @@ index bcda816..5c89791 100644
1714 pushl_cfi %ebx
1715 movl PT_EAX(%esp),%eax /* reload syscall number */
1716 jmp sysenter_do_call
1717 -@@ -485,11 +661,17 @@ sysexit_audit:
1718 +@@ -485,11 +672,17 @@ sysexit_audit:
1719
1720 CFI_ENDPROC
1721 .pushsection .fixup,"ax"
1722 @@ -15239,7 +15292,19 @@ index bcda816..5c89791 100644
1723 .popsection
1724 PTGS_TO_GS_EX
1725 ENDPROC(ia32_sysenter_target)
1726 -@@ -522,6 +704,15 @@ syscall_exit:
1727 +@@ -504,6 +697,11 @@ ENTRY(system_call)
1728 + pushl_cfi %eax # save orig_eax
1729 + SAVE_ALL
1730 + GET_THREAD_INFO(%ebp)
1731 ++
1732 ++#ifdef CONFIG_PAX_RANDKSTACK
1733 ++ pax_erase_kstack
1734 ++#endif
1735 ++
1736 + # system call tracing in operation / emulation
1737 + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp)
1738 + jnz syscall_trace_entry
1739 +@@ -522,6 +720,15 @@ syscall_exit:
1740 testl $_TIF_ALLWORK_MASK, %ecx # current->work
1741 jne syscall_exit_work
1742
1743 @@ -15255,7 +15320,7 @@ index bcda816..5c89791 100644
1744 restore_all:
1745 TRACE_IRQS_IRET
1746 restore_all_notrace:
1747 -@@ -581,14 +772,34 @@ ldt_ss:
1748 +@@ -581,14 +788,34 @@ ldt_ss:
1749 * compensating for the offset by changing to the ESPFIX segment with
1750 * a base address that matches for the difference.
1751 */
1752 @@ -15293,7 +15358,7 @@ index bcda816..5c89791 100644
1753 pushl_cfi $__ESPFIX_SS
1754 pushl_cfi %eax /* new kernel esp */
1755 /* Disable interrupts, but do not irqtrace this section: we
1756 -@@ -617,34 +828,28 @@ work_resched:
1757 +@@ -617,34 +844,28 @@ work_resched:
1758 movl TI_flags(%ebp), %ecx
1759 andl $_TIF_WORK_MASK, %ecx # is there any work to be done other
1760 # than syscall tracing?
1761 @@ -15333,7 +15398,7 @@ index bcda816..5c89791 100644
1762
1763 # perform syscall exit tracing
1764 ALIGN
1765 -@@ -652,11 +857,14 @@ syscall_trace_entry:
1766 +@@ -652,11 +873,14 @@ syscall_trace_entry:
1767 movl $-ENOSYS,PT_EAX(%esp)
1768 movl %esp, %eax
1769 call syscall_trace_enter
1770 @@ -15349,7 +15414,7 @@ index bcda816..5c89791 100644
1771
1772 # perform syscall exit tracing
1773 ALIGN
1774 -@@ -669,20 +877,24 @@ syscall_exit_work:
1775 +@@ -669,20 +893,24 @@ syscall_exit_work:
1776 movl %esp, %eax
1777 call syscall_trace_leave
1778 jmp resume_userspace
1779 @@ -15377,7 +15442,7 @@ index bcda816..5c89791 100644
1780 CFI_ENDPROC
1781 /*
1782 * End of kprobes section
1783 -@@ -756,6 +968,36 @@ ptregs_clone:
1784 +@@ -756,6 +984,36 @@ ptregs_clone:
1785 CFI_ENDPROC
1786 ENDPROC(ptregs_clone)
1787
1788 @@ -15414,7 +15479,7 @@ index bcda816..5c89791 100644
1789 .macro FIXUP_ESPFIX_STACK
1790 /*
1791 * Switch back for ESPFIX stack to the normal zerobased stack
1792 -@@ -765,8 +1007,15 @@ ENDPROC(ptregs_clone)
1793 +@@ -765,8 +1023,15 @@ ENDPROC(ptregs_clone)
1794 * normal stack and adjusts ESP with the matching offset.
1795 */
1796 /* fixup the stack */
1797 @@ -15432,7 +15497,7 @@ index bcda816..5c89791 100644
1798 shl $16, %eax
1799 addl %esp, %eax /* the adjusted stack pointer */
1800 pushl_cfi $__KERNEL_DS
1801 -@@ -819,7 +1068,7 @@ vector=vector+1
1802 +@@ -819,7 +1084,7 @@ vector=vector+1
1803 .endr
1804 2: jmp common_interrupt
1805 .endr
1806 @@ -15441,7 +15506,7 @@ index bcda816..5c89791 100644
1807
1808 .previous
1809 END(interrupt)
1810 -@@ -867,7 +1116,7 @@ ENTRY(coprocessor_error)
1811 +@@ -867,7 +1132,7 @@ ENTRY(coprocessor_error)
1812 pushl_cfi $do_coprocessor_error
1813 jmp error_code
1814 CFI_ENDPROC
1815 @@ -15450,7 +15515,7 @@ index bcda816..5c89791 100644
1816
1817 ENTRY(simd_coprocessor_error)
1818 RING0_INT_FRAME
1819 -@@ -888,7 +1137,7 @@ ENTRY(simd_coprocessor_error)
1820 +@@ -888,7 +1153,7 @@ ENTRY(simd_coprocessor_error)
1821 #endif
1822 jmp error_code
1823 CFI_ENDPROC
1824 @@ -15459,7 +15524,7 @@ index bcda816..5c89791 100644
1825
1826 ENTRY(device_not_available)
1827 RING0_INT_FRAME
1828 -@@ -896,7 +1145,7 @@ ENTRY(device_not_available)
1829 +@@ -896,7 +1161,7 @@ ENTRY(device_not_available)
1830 pushl_cfi $do_device_not_available
1831 jmp error_code
1832 CFI_ENDPROC
1833 @@ -15468,7 +15533,7 @@ index bcda816..5c89791 100644
1834
1835 #ifdef CONFIG_PARAVIRT
1836 ENTRY(native_iret)
1837 -@@ -905,12 +1154,12 @@ ENTRY(native_iret)
1838 +@@ -905,12 +1170,12 @@ ENTRY(native_iret)
1839 .align 4
1840 .long native_iret, iret_exc
1841 .previous
1842 @@ -15483,7 +15548,7 @@ index bcda816..5c89791 100644
1843 #endif
1844
1845 ENTRY(overflow)
1846 -@@ -919,7 +1168,7 @@ ENTRY(overflow)
1847 +@@ -919,7 +1184,7 @@ ENTRY(overflow)
1848 pushl_cfi $do_overflow
1849 jmp error_code
1850 CFI_ENDPROC
1851 @@ -15492,7 +15557,7 @@ index bcda816..5c89791 100644
1852
1853 ENTRY(bounds)
1854 RING0_INT_FRAME
1855 -@@ -927,7 +1176,7 @@ ENTRY(bounds)
1856 +@@ -927,7 +1192,7 @@ ENTRY(bounds)
1857 pushl_cfi $do_bounds
1858 jmp error_code
1859 CFI_ENDPROC
1860 @@ -15501,7 +15566,7 @@ index bcda816..5c89791 100644
1861
1862 ENTRY(invalid_op)
1863 RING0_INT_FRAME
1864 -@@ -935,7 +1184,7 @@ ENTRY(invalid_op)
1865 +@@ -935,7 +1200,7 @@ ENTRY(invalid_op)
1866 pushl_cfi $do_invalid_op
1867 jmp error_code
1868 CFI_ENDPROC
1869 @@ -15510,7 +15575,7 @@ index bcda816..5c89791 100644
1870
1871 ENTRY(coprocessor_segment_overrun)
1872 RING0_INT_FRAME
1873 -@@ -943,35 +1192,35 @@ ENTRY(coprocessor_segment_overrun)
1874 +@@ -943,35 +1208,35 @@ ENTRY(coprocessor_segment_overrun)
1875 pushl_cfi $do_coprocessor_segment_overrun
1876 jmp error_code
1877 CFI_ENDPROC
1878 @@ -15551,7 +15616,7 @@ index bcda816..5c89791 100644
1879
1880 ENTRY(divide_error)
1881 RING0_INT_FRAME
1882 -@@ -979,7 +1228,7 @@ ENTRY(divide_error)
1883 +@@ -979,7 +1244,7 @@ ENTRY(divide_error)
1884 pushl_cfi $do_divide_error
1885 jmp error_code
1886 CFI_ENDPROC
1887 @@ -15560,7 +15625,7 @@ index bcda816..5c89791 100644
1888
1889 #ifdef CONFIG_X86_MCE
1890 ENTRY(machine_check)
1891 -@@ -988,7 +1237,7 @@ ENTRY(machine_check)
1892 +@@ -988,7 +1253,7 @@ ENTRY(machine_check)
1893 pushl_cfi machine_check_vector
1894 jmp error_code
1895 CFI_ENDPROC
1896 @@ -15569,7 +15634,7 @@ index bcda816..5c89791 100644
1897 #endif
1898
1899 ENTRY(spurious_interrupt_bug)
1900 -@@ -997,7 +1246,7 @@ ENTRY(spurious_interrupt_bug)
1901 +@@ -997,7 +1262,7 @@ ENTRY(spurious_interrupt_bug)
1902 pushl_cfi $do_spurious_interrupt_bug
1903 jmp error_code
1904 CFI_ENDPROC
1905 @@ -15578,7 +15643,7 @@ index bcda816..5c89791 100644
1906 /*
1907 * End of kprobes section
1908 */
1909 -@@ -1112,7 +1361,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
1910 +@@ -1112,7 +1377,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK,
1911
1912 ENTRY(mcount)
1913 ret
1914 @@ -15587,7 +15652,7 @@ index bcda816..5c89791 100644
1915
1916 ENTRY(ftrace_caller)
1917 cmpl $0, function_trace_stop
1918 -@@ -1141,7 +1390,7 @@ ftrace_graph_call:
1919 +@@ -1141,7 +1406,7 @@ ftrace_graph_call:
1920 .globl ftrace_stub
1921 ftrace_stub:
1922 ret
1923 @@ -15596,7 +15661,7 @@ index bcda816..5c89791 100644
1924
1925 #else /* ! CONFIG_DYNAMIC_FTRACE */
1926
1927 -@@ -1177,7 +1426,7 @@ trace:
1928 +@@ -1177,7 +1442,7 @@ trace:
1929 popl %ecx
1930 popl %eax
1931 jmp ftrace_stub
1932 @@ -15605,7 +15670,7 @@ index bcda816..5c89791 100644
1933 #endif /* CONFIG_DYNAMIC_FTRACE */
1934 #endif /* CONFIG_FUNCTION_TRACER */
1935
1936 -@@ -1198,7 +1447,7 @@ ENTRY(ftrace_graph_caller)
1937 +@@ -1198,7 +1463,7 @@ ENTRY(ftrace_graph_caller)
1938 popl %ecx
1939 popl %eax
1940 ret
1941 @@ -15614,7 +15679,7 @@ index bcda816..5c89791 100644
1942
1943 .globl return_to_handler
1944 return_to_handler:
1945 -@@ -1212,7 +1461,6 @@ return_to_handler:
1946 +@@ -1212,7 +1477,6 @@ return_to_handler:
1947 jmp *%ecx
1948 #endif
1949
1950 @@ -15622,7 +15687,7 @@ index bcda816..5c89791 100644
1951 #include "syscall_table_32.S"
1952
1953 syscall_table_size=(.-sys_call_table)
1954 -@@ -1258,15 +1506,18 @@ error_code:
1955 +@@ -1258,15 +1522,18 @@ error_code:
1956 movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart
1957 REG_TO_PTGS %ecx
1958 SET_KERNEL_GS %ecx
1959 @@ -15643,7 +15708,7 @@ index bcda816..5c89791 100644
1960
1961 /*
1962 * Debug traps and NMI can happen at the one SYSENTER instruction
1963 -@@ -1308,7 +1559,7 @@ debug_stack_correct:
1964 +@@ -1308,7 +1575,7 @@ debug_stack_correct:
1965 call do_debug
1966 jmp ret_from_exception
1967 CFI_ENDPROC
1968 @@ -15652,7 +15717,7 @@ index bcda816..5c89791 100644
1969
1970 /*
1971 * NMI is doubly nasty. It can happen _while_ we're handling
1972 -@@ -1345,6 +1596,9 @@ nmi_stack_correct:
1973 +@@ -1345,6 +1612,9 @@ nmi_stack_correct:
1974 xorl %edx,%edx # zero error code
1975 movl %esp,%eax # pt_regs pointer
1976 call do_nmi
1977 @@ -15662,7 +15727,7 @@ index bcda816..5c89791 100644
1978 jmp restore_all_notrace
1979 CFI_ENDPROC
1980
1981 -@@ -1381,12 +1635,15 @@ nmi_espfix_stack:
1982 +@@ -1381,12 +1651,15 @@ nmi_espfix_stack:
1983 FIXUP_ESPFIX_STACK # %eax == %esp
1984 xorl %edx,%edx # zero error code
1985 call do_nmi
1986 @@ -15679,7 +15744,7 @@ index bcda816..5c89791 100644
1987
1988 ENTRY(int3)
1989 RING0_INT_FRAME
1990 -@@ -1398,14 +1655,14 @@ ENTRY(int3)
1991 +@@ -1398,14 +1671,14 @@ ENTRY(int3)
1992 call do_int3
1993 jmp ret_from_exception
1994 CFI_ENDPROC
1995 @@ -15696,7 +15761,7 @@ index bcda816..5c89791 100644
1996
1997 #ifdef CONFIG_KVM_GUEST
1998 ENTRY(async_page_fault)
1999 -@@ -1413,7 +1670,7 @@ ENTRY(async_page_fault)
2000 +@@ -1413,7 +1686,7 @@ ENTRY(async_page_fault)
2001 pushl_cfi $do_async_page_fault
2002 jmp error_code
2003 CFI_ENDPROC
2004 @@ -15706,7 +15771,7 @@ index bcda816..5c89791 100644
2005
2006 /*
2007 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
2008 -index faf8d5e..4f16a68 100644
2009 +index faf8d5e..ed7340c 100644
2010 --- a/arch/x86/kernel/entry_64.S
2011 +++ b/arch/x86/kernel/entry_64.S
2012 @@ -55,6 +55,8 @@
2013 @@ -15782,7 +15847,7 @@ index faf8d5e..4f16a68 100644
2014 jmp *%rdi
2015 #endif
2016
2017 -@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
2018 +@@ -178,6 +186,280 @@ ENTRY(native_usergs_sysret64)
2019 ENDPROC(native_usergs_sysret64)
2020 #endif /* CONFIG_PARAVIRT */
2021
2022 @@ -16011,12 +16076,9 @@ index faf8d5e..4f16a68 100644
2023 +.endm
2024 +
2025 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
2026 -+/*
2027 -+ * r11: thread_info
2028 -+ * rcx, rdx: can be clobbered
2029 -+ */
2030 +ENTRY(pax_erase_kstack)
2031 + pushq %rdi
2032 ++ pushq %rcx
2033 + pushq %rax
2034 + pushq %r11
2035 +
2036 @@ -16057,6 +16119,7 @@ index faf8d5e..4f16a68 100644
2037 +
2038 + popq %r11
2039 + popq %rax
2040 ++ popq %rcx
2041 + popq %rdi
2042 + pax_force_retaddr
2043 + ret
2044 @@ -16065,7 +16128,7 @@ index faf8d5e..4f16a68 100644
2045
2046 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
2047 #ifdef CONFIG_TRACE_IRQFLAGS
2048 -@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
2049 +@@ -231,8 +513,8 @@ ENDPROC(native_usergs_sysret64)
2050 .endm
2051
2052 .macro UNFAKE_STACK_FRAME
2053 @@ -16076,7 +16139,7 @@ index faf8d5e..4f16a68 100644
2054 .endm
2055
2056 /*
2057 -@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
2058 +@@ -319,7 +601,7 @@ ENDPROC(native_usergs_sysret64)
2059 movq %rsp, %rsi
2060
2061 leaq -RBP(%rsp),%rdi /* arg1 for handler */
2062 @@ -16085,7 +16148,7 @@ index faf8d5e..4f16a68 100644
2063 je 1f
2064 SWAPGS
2065 /*
2066 -@@ -355,9 +639,10 @@ ENTRY(save_rest)
2067 +@@ -355,9 +637,10 @@ ENTRY(save_rest)
2068 movq_cfi r15, R15+16
2069 movq %r11, 8(%rsp) /* return address */
2070 FIXUP_TOP_OF_STACK %r11, 16
2071 @@ -16097,7 +16160,7 @@ index faf8d5e..4f16a68 100644
2072
2073 /* save complete stack frame */
2074 .pushsection .kprobes.text, "ax"
2075 -@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
2076 +@@ -386,9 +669,10 @@ ENTRY(save_paranoid)
2077 js 1f /* negative -> in kernel */
2078 SWAPGS
2079 xorl %ebx,%ebx
2080 @@ -16110,7 +16173,7 @@ index faf8d5e..4f16a68 100644
2081 .popsection
2082
2083 /*
2084 -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
2085 +@@ -410,7 +694,7 @@ ENTRY(ret_from_fork)
2086
2087 RESTORE_REST
2088
2089 @@ -16119,7 +16182,7 @@ index faf8d5e..4f16a68 100644
2090 je int_ret_from_sys_call
2091
2092 testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
2093 -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
2094 +@@ -420,7 +704,7 @@ ENTRY(ret_from_fork)
2095 jmp ret_from_sys_call # go to the SYSRET fastpath
2096
2097 CFI_ENDPROC
2098 @@ -16128,7 +16191,7 @@ index faf8d5e..4f16a68 100644
2099
2100 /*
2101 * System call entry. Up to 6 arguments in registers are supported.
2102 -@@ -456,7 +742,7 @@ END(ret_from_fork)
2103 +@@ -456,7 +740,7 @@ END(ret_from_fork)
2104 ENTRY(system_call)
2105 CFI_STARTPROC simple
2106 CFI_SIGNAL_FRAME
2107 @@ -16137,12 +16200,17 @@ index faf8d5e..4f16a68 100644
2108 CFI_REGISTER rip,rcx
2109 /*CFI_REGISTER rflags,r11*/
2110 SWAPGS_UNSAFE_STACK
2111 -@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs)
2112 +@@ -469,12 +753,18 @@ ENTRY(system_call_after_swapgs)
2113
2114 movq %rsp,PER_CPU_VAR(old_rsp)
2115 movq PER_CPU_VAR(kernel_stack),%rsp
2116 + SAVE_ARGS 8*6,0
2117 + pax_enter_kernel_user
2118 ++
2119 ++#ifdef CONFIG_PAX_RANDKSTACK
2120 ++ pax_erase_kstack
2121 ++#endif
2122 ++
2123 /*
2124 * No need to follow this irqs off/on section - it's straight
2125 * and short:
2126 @@ -16152,7 +16220,7 @@ index faf8d5e..4f16a68 100644
2127 movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
2128 movq %rcx,RIP-ARGOFFSET(%rsp)
2129 CFI_REL_OFFSET rip,RIP-ARGOFFSET
2130 -@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs)
2131 +@@ -484,7 +774,7 @@ ENTRY(system_call_after_swapgs)
2132 system_call_fastpath:
2133 cmpq $__NR_syscall_max,%rax
2134 ja badsys
2135 @@ -16161,7 +16229,7 @@ index faf8d5e..4f16a68 100644
2136 call *sys_call_table(,%rax,8) # XXX: rip relative
2137 movq %rax,RAX-ARGOFFSET(%rsp)
2138 /*
2139 -@@ -503,6 +790,8 @@ sysret_check:
2140 +@@ -503,6 +793,8 @@ sysret_check:
2141 andl %edi,%edx
2142 jnz sysret_careful
2143 CFI_REMEMBER_STATE
2144 @@ -16170,7 +16238,7 @@ index faf8d5e..4f16a68 100644
2145 /*
2146 * sysretq will re-enable interrupts:
2147 */
2148 -@@ -554,14 +843,18 @@ badsys:
2149 +@@ -554,14 +846,18 @@ badsys:
2150 * jump back to the normal fast path.
2151 */
2152 auditsys:
2153 @@ -16190,7 +16258,7 @@ index faf8d5e..4f16a68 100644
2154 jmp system_call_fastpath
2155
2156 /*
2157 -@@ -591,16 +884,20 @@ tracesys:
2158 +@@ -591,16 +887,20 @@ tracesys:
2159 FIXUP_TOP_OF_STACK %rdi
2160 movq %rsp,%rdi
2161 call syscall_trace_enter
2162 @@ -16212,7 +16280,7 @@ index faf8d5e..4f16a68 100644
2163 call *sys_call_table(,%rax,8)
2164 movq %rax,RAX-ARGOFFSET(%rsp)
2165 /* Use IRET because user could have changed frame */
2166 -@@ -612,7 +909,7 @@ tracesys:
2167 +@@ -612,7 +912,7 @@ tracesys:
2168 GLOBAL(int_ret_from_sys_call)
2169 DISABLE_INTERRUPTS(CLBR_NONE)
2170 TRACE_IRQS_OFF
2171 @@ -16221,15 +16289,18 @@ index faf8d5e..4f16a68 100644
2172 je retint_restore_args
2173 movl $_TIF_ALLWORK_MASK,%edi
2174 /* edi: mask to check */
2175 -@@ -623,6 +920,7 @@ GLOBAL(int_with_check)
2176 +@@ -623,7 +923,9 @@ GLOBAL(int_with_check)
2177 andl %edi,%edx
2178 jnz int_careful
2179 andl $~TS_COMPAT,TI_status(%rcx)
2180 +- jmp retint_swapgs
2181 ++ pax_exit_kernel_user
2182 + pax_erase_kstack
2183 - jmp retint_swapgs
2184 ++ jmp retint_swapgs_pax
2185
2186 /* Either reschedule or signal or syscall exit tracking needed. */
2187 -@@ -669,7 +967,7 @@ int_restore_rest:
2188 + /* First do a reschedule test. */
2189 +@@ -669,7 +971,7 @@ int_restore_rest:
2190 TRACE_IRQS_OFF
2191 jmp int_with_check
2192 CFI_ENDPROC
2193 @@ -16238,7 +16309,7 @@ index faf8d5e..4f16a68 100644
2194
2195 /*
2196 * Certain special system calls that need to save a complete full stack frame.
2197 -@@ -685,7 +983,7 @@ ENTRY(\label)
2198 +@@ -685,7 +987,7 @@ ENTRY(\label)
2199 call \func
2200 jmp ptregscall_common
2201 CFI_ENDPROC
2202 @@ -16247,7 +16318,7 @@ index faf8d5e..4f16a68 100644
2203 .endm
2204
2205 PTREGSCALL stub_clone, sys_clone, %r8
2206 -@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common)
2207 +@@ -703,9 +1005,10 @@ ENTRY(ptregscall_common)
2208 movq_cfi_restore R12+8, r12
2209 movq_cfi_restore RBP+8, rbp
2210 movq_cfi_restore RBX+8, rbx
2211 @@ -16259,7 +16330,7 @@ index faf8d5e..4f16a68 100644
2212
2213 ENTRY(stub_execve)
2214 CFI_STARTPROC
2215 -@@ -720,7 +1019,7 @@ ENTRY(stub_execve)
2216 +@@ -720,7 +1023,7 @@ ENTRY(stub_execve)
2217 RESTORE_REST
2218 jmp int_ret_from_sys_call
2219 CFI_ENDPROC
2220 @@ -16268,7 +16339,7 @@ index faf8d5e..4f16a68 100644
2221
2222 /*
2223 * sigreturn is special because it needs to restore all registers on return.
2224 -@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn)
2225 +@@ -738,7 +1041,7 @@ ENTRY(stub_rt_sigreturn)
2226 RESTORE_REST
2227 jmp int_ret_from_sys_call
2228 CFI_ENDPROC
2229 @@ -16277,7 +16348,7 @@ index faf8d5e..4f16a68 100644
2230
2231 /*
2232 * Build the entry stubs and pointer table with some assembler magic.
2233 -@@ -773,7 +1072,7 @@ vector=vector+1
2234 +@@ -773,7 +1076,7 @@ vector=vector+1
2235 2: jmp common_interrupt
2236 .endr
2237 CFI_ENDPROC
2238 @@ -16286,7 +16357,7 @@ index faf8d5e..4f16a68 100644
2239
2240 .previous
2241 END(interrupt)
2242 -@@ -793,6 +1092,16 @@ END(interrupt)
2243 +@@ -793,6 +1096,16 @@ END(interrupt)
2244 subq $ORIG_RAX-RBP, %rsp
2245 CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
2246 SAVE_ARGS_IRQ
2247 @@ -16303,7 +16374,7 @@ index faf8d5e..4f16a68 100644
2248 call \func
2249 .endm
2250
2251 -@@ -824,7 +1133,7 @@ ret_from_intr:
2252 +@@ -824,7 +1137,7 @@ ret_from_intr:
2253
2254 exit_intr:
2255 GET_THREAD_INFO(%rcx)
2256 @@ -16312,11 +16383,12 @@ index faf8d5e..4f16a68 100644
2257 je retint_kernel
2258
2259 /* Interrupt came from user space */
2260 -@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */
2261 +@@ -846,12 +1159,16 @@ retint_swapgs: /* return to user-space */
2262 * The iretq could re-enable interrupts:
2263 */
2264 DISABLE_INTERRUPTS(CLBR_ANY)
2265 + pax_exit_kernel_user
2266 ++retint_swapgs_pax:
2267 TRACE_IRQS_IRETQ
2268 SWAPGS
2269 jmp restore_args
2270 @@ -16328,7 +16400,7 @@ index faf8d5e..4f16a68 100644
2271 /*
2272 * The iretq could re-enable interrupts:
2273 */
2274 -@@ -940,7 +1252,7 @@ ENTRY(retint_kernel)
2275 +@@ -940,7 +1257,7 @@ ENTRY(retint_kernel)
2276 #endif
2277
2278 CFI_ENDPROC
2279 @@ -16337,7 +16409,7 @@ index faf8d5e..4f16a68 100644
2280 /*
2281 * End of kprobes section
2282 */
2283 -@@ -956,7 +1268,7 @@ ENTRY(\sym)
2284 +@@ -956,7 +1273,7 @@ ENTRY(\sym)
2285 interrupt \do_sym
2286 jmp ret_from_intr
2287 CFI_ENDPROC
2288 @@ -16346,7 +16418,7 @@ index faf8d5e..4f16a68 100644
2289 .endm
2290
2291 #ifdef CONFIG_SMP
2292 -@@ -1021,12 +1333,22 @@ ENTRY(\sym)
2293 +@@ -1021,12 +1338,22 @@ ENTRY(\sym)
2294 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
2295 call error_entry
2296 DEFAULT_FRAME 0
2297 @@ -16370,7 +16442,7 @@ index faf8d5e..4f16a68 100644
2298 .endm
2299
2300 .macro paranoidzeroentry sym do_sym
2301 -@@ -1038,15 +1360,25 @@ ENTRY(\sym)
2302 +@@ -1038,15 +1365,25 @@ ENTRY(\sym)
2303 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
2304 call save_paranoid
2305 TRACE_IRQS_OFF
2306 @@ -16398,7 +16470,7 @@ index faf8d5e..4f16a68 100644
2307 .macro paranoidzeroentry_ist sym do_sym ist
2308 ENTRY(\sym)
2309 INTR_FRAME
2310 -@@ -1056,14 +1388,30 @@ ENTRY(\sym)
2311 +@@ -1056,14 +1393,30 @@ ENTRY(\sym)
2312 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
2313 call save_paranoid
2314 TRACE_IRQS_OFF
2315 @@ -16430,7 +16502,7 @@ index faf8d5e..4f16a68 100644
2316 .endm
2317
2318 .macro errorentry sym do_sym
2319 -@@ -1074,13 +1422,23 @@ ENTRY(\sym)
2320 +@@ -1074,13 +1427,23 @@ ENTRY(\sym)
2321 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
2322 call error_entry
2323 DEFAULT_FRAME 0
2324 @@ -16455,7 +16527,7 @@ index faf8d5e..4f16a68 100644
2325 .endm
2326
2327 /* error code is on the stack already */
2328 -@@ -1093,13 +1451,23 @@ ENTRY(\sym)
2329 +@@ -1093,13 +1456,23 @@ ENTRY(\sym)
2330 call save_paranoid
2331 DEFAULT_FRAME 0
2332 TRACE_IRQS_OFF
2333 @@ -16480,7 +16552,7 @@ index faf8d5e..4f16a68 100644
2334 .endm
2335
2336 zeroentry divide_error do_divide_error
2337 -@@ -1129,9 +1497,10 @@ gs_change:
2338 +@@ -1129,9 +1502,10 @@ gs_change:
2339 2: mfence /* workaround */
2340 SWAPGS
2341 popfq_cfi
2342 @@ -16492,7 +16564,7 @@ index faf8d5e..4f16a68 100644
2343
2344 .section __ex_table,"a"
2345 .align 8
2346 -@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper)
2347 +@@ -1153,13 +1527,14 @@ ENTRY(kernel_thread_helper)
2348 * Here we are in the child and the registers are set as they were
2349 * at kernel_thread() invocation in the parent.
2350 */
2351 @@ -16508,7 +16580,7 @@ index faf8d5e..4f16a68 100644
2352
2353 /*
2354 * execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
2355 -@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve)
2356 +@@ -1186,11 +1561,11 @@ ENTRY(kernel_execve)
2357 RESTORE_REST
2358 testq %rax,%rax
2359 je int_ret_from_sys_call
2360 @@ -16522,7 +16594,7 @@ index faf8d5e..4f16a68 100644
2361
2362 /* Call softirq on interrupt stack. Interrupts are off. */
2363 ENTRY(call_softirq)
2364 -@@ -1208,9 +1578,10 @@ ENTRY(call_softirq)
2365 +@@ -1208,9 +1583,10 @@ ENTRY(call_softirq)
2366 CFI_DEF_CFA_REGISTER rsp
2367 CFI_ADJUST_CFA_OFFSET -8
2368 decl PER_CPU_VAR(irq_count)
2369 @@ -16534,7 +16606,7 @@ index faf8d5e..4f16a68 100644
2370
2371 #ifdef CONFIG_XEN
2372 zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
2373 -@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
2374 +@@ -1248,7 +1624,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
2375 decl PER_CPU_VAR(irq_count)
2376 jmp error_exit
2377 CFI_ENDPROC
2378 @@ -16543,7 +16615,7 @@ index faf8d5e..4f16a68 100644
2379
2380 /*
2381 * Hypervisor uses this for application faults while it executes.
2382 -@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback)
2383 +@@ -1307,7 +1683,7 @@ ENTRY(xen_failsafe_callback)
2384 SAVE_ALL
2385 jmp error_exit
2386 CFI_ENDPROC
2387 @@ -16552,7 +16624,7 @@ index faf8d5e..4f16a68 100644
2388
2389 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
2390 xen_hvm_callback_vector xen_evtchn_do_upcall
2391 -@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit)
2392 +@@ -1356,16 +1732,31 @@ ENTRY(paranoid_exit)
2393 TRACE_IRQS_OFF
2394 testl %ebx,%ebx /* swapgs needed? */
2395 jnz paranoid_restore
2396 @@ -16585,7 +16657,7 @@ index faf8d5e..4f16a68 100644
2397 jmp irq_return
2398 paranoid_userspace:
2399 GET_THREAD_INFO(%rcx)
2400 -@@ -1394,7 +1780,7 @@ paranoid_schedule:
2401 +@@ -1394,7 +1785,7 @@ paranoid_schedule:
2402 TRACE_IRQS_OFF
2403 jmp paranoid_userspace
2404 CFI_ENDPROC
2405 @@ -16594,7 +16666,7 @@ index faf8d5e..4f16a68 100644
2406
2407 /*
2408 * Exception entry point. This expects an error code/orig_rax on the stack.
2409 -@@ -1421,12 +1807,13 @@ ENTRY(error_entry)
2410 +@@ -1421,12 +1812,13 @@ ENTRY(error_entry)
2411 movq_cfi r14, R14+8
2412 movq_cfi r15, R15+8
2413 xorl %ebx,%ebx
2414 @@ -16609,7 +16681,7 @@ index faf8d5e..4f16a68 100644
2415 ret
2416
2417 /*
2418 -@@ -1453,7 +1840,7 @@ bstep_iret:
2419 +@@ -1453,7 +1845,7 @@ bstep_iret:
2420 movq %rcx,RIP+8(%rsp)
2421 jmp error_swapgs
2422 CFI_ENDPROC
2423 @@ -16618,7 +16690,7 @@ index faf8d5e..4f16a68 100644
2424
2425
2426 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
2427 -@@ -1473,7 +1860,7 @@ ENTRY(error_exit)
2428 +@@ -1473,7 +1865,7 @@ ENTRY(error_exit)
2429 jnz retint_careful
2430 jmp retint_swapgs
2431 CFI_ENDPROC
2432 @@ -16627,7 +16699,7 @@ index faf8d5e..4f16a68 100644
2433
2434
2435 /* runs on exception stack */
2436 -@@ -1485,6 +1872,16 @@ ENTRY(nmi)
2437 +@@ -1485,6 +1877,16 @@ ENTRY(nmi)
2438 CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
2439 call save_paranoid
2440 DEFAULT_FRAME 0
2441 @@ -16644,7 +16716,7 @@ index faf8d5e..4f16a68 100644
2442 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
2443 movq %rsp,%rdi
2444 movq $-1,%rsi
2445 -@@ -1495,12 +1892,28 @@ ENTRY(nmi)
2446 +@@ -1495,12 +1897,28 @@ ENTRY(nmi)
2447 DISABLE_INTERRUPTS(CLBR_NONE)
2448 testl %ebx,%ebx /* swapgs needed? */
2449 jnz nmi_restore
2450 @@ -16674,7 +16746,7 @@ index faf8d5e..4f16a68 100644
2451 jmp irq_return
2452 nmi_userspace:
2453 GET_THREAD_INFO(%rcx)
2454 -@@ -1529,14 +1942,14 @@ nmi_schedule:
2455 +@@ -1529,14 +1947,14 @@ nmi_schedule:
2456 jmp paranoid_exit
2457 CFI_ENDPROC
2458 #endif
2459 @@ -44582,6 +44654,20 @@ index 608c1c3..7d040a8 100644
2460 set_fs(fs_save);
2461 return rc;
2462 }
2463 +diff --git a/fs/eventpoll.c b/fs/eventpoll.c
2464 +index a6f3763..f38ed00 100644
2465 +--- a/fs/eventpoll.c
2466 ++++ b/fs/eventpoll.c
2467 +@@ -1540,8 +1540,8 @@ SYSCALL_DEFINE1(epoll_create1, int, flags)
2468 + error = PTR_ERR(file);
2469 + goto out_free_fd;
2470 + }
2471 +- fd_install(fd, file);
2472 + ep->file = file;
2473 ++ fd_install(fd, file);
2474 + return fd;
2475 +
2476 + out_free_fd:
2477 diff --git a/fs/exec.c b/fs/exec.c
2478 index 160cd2f..7f5ba47 100644
2479 --- a/fs/exec.c
2480 @@ -50737,6 +50823,19 @@ index 23ce927..e274cc1 100644
2481
2482 if (!IS_ERR(s))
2483 kfree(s);
2484 +diff --git a/fs/xfs/xfs_rtalloc.c b/fs/xfs/xfs_rtalloc.c
2485 +index 87323f1..dab9d00 100644
2486 +--- a/fs/xfs/xfs_rtalloc.c
2487 ++++ b/fs/xfs/xfs_rtalloc.c
2488 +@@ -858,7 +858,7 @@ xfs_rtbuf_get(
2489 + xfs_buf_t *bp; /* block buffer, result */
2490 + xfs_inode_t *ip; /* bitmap or summary inode */
2491 + xfs_bmbt_irec_t map;
2492 +- int nmap;
2493 ++ int nmap = 1;
2494 + int error; /* error value */
2495 +
2496 + ip = issum ? mp->m_rsumip : mp->m_rbmip;
2497 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
2498 new file mode 100644
2499 index 0000000..cb7b8ea
2500 @@ -63132,7 +63231,7 @@ index a6deef4..c56a7f2 100644
2501 and pointers */
2502 #endif
2503 diff --git a/include/linux/init.h b/include/linux/init.h
2504 -index 9146f39..e19693b 100644
2505 +index 9146f39..5c80baf 100644
2506 --- a/include/linux/init.h
2507 +++ b/include/linux/init.h
2508 @@ -38,9 +38,15 @@
2509 @@ -63179,22 +63278,6 @@ index 9146f39..e19693b 100644
2510 #define __meminitdata __section(.meminit.data)
2511 #define __meminitconst __section(.meminit.rodata)
2512 #define __memexit __section(.memexit.text) __exitused __cold notrace
2513 -@@ -293,13 +299,13 @@ void __init parse_early_options(char *cmdline);
2514 -
2515 - /* Each module must use one module_init(). */
2516 - #define module_init(initfn) \
2517 -- static inline initcall_t __inittest(void) \
2518 -+ static inline __used initcall_t __inittest(void) \
2519 - { return initfn; } \
2520 - int init_module(void) __attribute__((alias(#initfn)));
2521 -
2522 - /* This is only required if you want to be unloadable. */
2523 - #define module_exit(exitfn) \
2524 -- static inline exitcall_t __exittest(void) \
2525 -+ static inline __used exitcall_t __exittest(void) \
2526 - { return exitfn; } \
2527 - void cleanup_module(void) __attribute__((alias(#exitfn)));
2528 -
2529 diff --git a/include/linux/init_task.h b/include/linux/init_task.h
2530 index cdde2b3..d782954 100644
2531 --- a/include/linux/init_task.h
2532 @@ -71586,18 +71669,10 @@ index fea790a..ebb0e82 100644
2533 "stack [addr=%p]\n", addr);
2534 }
2535 diff --git a/lib/extable.c b/lib/extable.c
2536 -index 4cac81e..63e9b8f 100644
2537 +index 4cac81e..ba85842 100644
2538 --- a/lib/extable.c
2539 +++ b/lib/extable.c
2540 -@@ -13,6 +13,7 @@
2541 - #include <linux/init.h>
2542 - #include <linux/sort.h>
2543 - #include <asm/uaccess.h>
2544 -+#include <asm/pgtable.h>
2545 -
2546 - #ifndef ARCH_HAS_SORT_EXTABLE
2547 - /*
2548 -@@ -36,8 +37,10 @@ static int cmp_ex(const void *a, const void *b)
2549 +@@ -36,8 +36,10 @@ static int cmp_ex(const void *a, const void *b)
2550 void sort_extable(struct exception_table_entry *start,
2551 struct exception_table_entry *finish)
2552 {
2553 @@ -80936,10 +81011,10 @@ index 38f6617..e70b72b 100755
2554
2555 exuberant()
2556 diff --git a/security/Kconfig b/security/Kconfig
2557 -index 51bd5a0..7963a07 100644
2558 +index 51bd5a0..047aa78 100644
2559 --- a/security/Kconfig
2560 +++ b/security/Kconfig
2561 -@@ -4,6 +4,876 @@
2562 +@@ -4,6 +4,888 @@
2563
2564 menu "Security options"
2565
2566 @@ -81525,6 +81600,10 @@ index 51bd5a0..7963a07 100644
2567 + Select the method used to instrument function pointer dereferences.
2568 + Note that binary modules cannot be instrumented by this approach.
2569 +
2570 ++ Note that the implementation requires a gcc with plugin support,
2571 ++ i.e., gcc 4.5 or newer. You may need to install the supporting
2572 ++ headers explicitly in addition to the normal gcc package.
2573 ++
2574 + config PAX_KERNEXEC_PLUGIN_METHOD_BTS
2575 + bool "bts"
2576 + help
2577 @@ -81698,11 +81777,12 @@ index 51bd5a0..7963a07 100644
2578 + and you are advised to test this feature on your expected workload
2579 + before deploying it.
2580 +
2581 -+ Note: full support for this feature requires gcc with plugin support
2582 -+ so make sure your compiler is at least gcc 4.5.0. Using older gcc
2583 -+ versions means that functions with large enough stack frames may
2584 -+ leave uninitialized memory behind that may be exposed to a later