1 |
commit: 8bf1f839085fc6cb7cde16cc44895e8203618936 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jun 27 10:28:23 2016 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Jun 27 10:28:23 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8bf1f839 |
7 |
|
8 |
grsecurity-3.1-4.5.7-201606262019 |
9 |
|
10 |
4.5.7/0000_README | 2 +- |
11 |
...> 4420_grsecurity-3.1-4.5.7-201606262019.patch} | 1079 +++++++++++++++----- |
12 |
2 files changed, 848 insertions(+), 233 deletions(-) |
13 |
|
14 |
diff --git a/4.5.7/0000_README b/4.5.7/0000_README |
15 |
index 068b4c9..b74a9dd 100644 |
16 |
--- a/4.5.7/0000_README |
17 |
+++ b/4.5.7/0000_README |
18 |
@@ -2,7 +2,7 @@ README |
19 |
----------------------------------------------------------------------------- |
20 |
Individual Patch Descriptions: |
21 |
----------------------------------------------------------------------------- |
22 |
-Patch: 4420_grsecurity-3.1-4.5.7-201606202152.patch |
23 |
+Patch: 4420_grsecurity-3.1-4.5.7-201606262019.patch |
24 |
From: http://www.grsecurity.net |
25 |
Desc: hardened-sources base patch from upstream grsecurity |
26 |
|
27 |
|
28 |
diff --git a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch |
29 |
similarity index 99% |
30 |
rename from 4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch |
31 |
rename to 4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch |
32 |
index 5ac1e8a..3d3b9d3 100644 |
33 |
--- a/4.5.7/4420_grsecurity-3.1-4.5.7-201606202152.patch |
34 |
+++ b/4.5.7/4420_grsecurity-3.1-4.5.7-201606262019.patch |
35 |
@@ -1,3 +1,15 @@ |
36 |
+diff --git a/.gitignore b/.gitignore |
37 |
+index fd3a355..c47e86a 100644 |
38 |
+--- a/.gitignore |
39 |
++++ b/.gitignore |
40 |
+@@ -37,6 +37,7 @@ modules.builtin |
41 |
+ Module.symvers |
42 |
+ *.dwo |
43 |
+ *.su |
44 |
++*.c.[012]*.* |
45 |
+ |
46 |
+ # |
47 |
+ # Top-level generic files |
48 |
diff --git a/Documentation/dontdiff b/Documentation/dontdiff |
49 |
index 8ea834f..1462492 100644 |
50 |
--- a/Documentation/dontdiff |
51 |
@@ -408,7 +420,7 @@ index a93b414..f50a50b 100644 |
52 |
|
53 |
A toggle value indicating if modules are allowed to be loaded |
54 |
diff --git a/Makefile b/Makefile |
55 |
-index 90e4bd9..44d0d41 100644 |
56 |
+index 90e4bd9..66ce952 100644 |
57 |
--- a/Makefile |
58 |
+++ b/Makefile |
59 |
@@ -298,7 +298,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ |
60 |
@@ -422,16 +434,7 @@ index 90e4bd9..44d0d41 100644 |
61 |
|
62 |
ifeq ($(shell $(HOSTCC) -v 2>&1 | grep -c "clang version"), 1) |
63 |
HOSTCFLAGS += -Wno-unused-value -Wno-unused-parameter \ |
64 |
-@@ -417,6 +419,8 @@ export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE |
65 |
- export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL |
66 |
- export KBUILD_ARFLAGS |
67 |
- |
68 |
-+export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS |
69 |
-+ |
70 |
- # When compiling out-of-tree modules, put MODVERDIR in the module |
71 |
- # tree rather than in the kernel tree. The kernel tree might |
72 |
- # even be read-only. |
73 |
-@@ -547,7 +551,7 @@ ifeq ($(KBUILD_EXTMOD),) |
74 |
+@@ -547,7 +549,7 @@ ifeq ($(KBUILD_EXTMOD),) |
75 |
# in parallel |
76 |
PHONY += scripts |
77 |
scripts: scripts_basic include/config/auto.conf include/config/tristate.conf \ |
78 |
@@ -440,23 +443,16 @@ index 90e4bd9..44d0d41 100644 |
79 |
$(Q)$(MAKE) $(build)=$(@) |
80 |
|
81 |
# Objects we will link into vmlinux / subdirs we need to visit |
82 |
-@@ -622,6 +626,15 @@ endif |
83 |
+@@ -622,6 +624,8 @@ endif |
84 |
# Tell gcc to never replace conditional load with a non-conditional one |
85 |
KBUILD_CFLAGS += $(call cc-option,--param=allow-store-data-races=0) |
86 |
|
87 |
-+PHONY += gcc-plugins |
88 |
-+gcc-plugins: scripts_basic |
89 |
-+ifdef CONFIG_GCC_PLUGINS |
90 |
-+ $(Q)$(MAKE) $(build)=scripts/gcc-plugins |
91 |
-+endif |
92 |
-+ @: |
93 |
-+ |
94 |
+include scripts/Makefile.gcc-plugins |
95 |
+ |
96 |
ifdef CONFIG_READABLE_ASM |
97 |
# Disable optimizations that make assembler listings hard to read. |
98 |
# reorder blocks reorders the control in the function |
99 |
-@@ -715,7 +728,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) |
100 |
+@@ -715,7 +719,7 @@ KBUILD_CFLAGS += $(call cc-option, -gsplit-dwarf, -g) |
101 |
else |
102 |
KBUILD_CFLAGS += -g |
103 |
endif |
104 |
@@ -465,7 +461,7 @@ index 90e4bd9..44d0d41 100644 |
105 |
endif |
106 |
ifdef CONFIG_DEBUG_INFO_DWARF4 |
107 |
KBUILD_CFLAGS += $(call cc-option, -gdwarf-4,) |
108 |
-@@ -887,7 +900,7 @@ export mod_sign_cmd |
109 |
+@@ -887,7 +891,7 @@ export mod_sign_cmd |
110 |
|
111 |
|
112 |
ifeq ($(KBUILD_EXTMOD),) |
113 |
@@ -474,7 +470,7 @@ index 90e4bd9..44d0d41 100644 |
114 |
|
115 |
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ |
116 |
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \ |
117 |
-@@ -990,7 +1003,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
118 |
+@@ -990,7 +994,7 @@ prepare1: prepare2 $(version_h) include/generated/utsrelease.h \ |
119 |
|
120 |
archprepare: archheaders archscripts prepare1 scripts_basic |
121 |
|
122 |
@@ -483,7 +479,7 @@ index 90e4bd9..44d0d41 100644 |
123 |
$(Q)$(MAKE) $(build)=. |
124 |
|
125 |
# All the preparing.. |
126 |
-@@ -1185,7 +1198,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \ |
127 |
+@@ -1185,7 +1189,11 @@ MRPROPER_FILES += .config .config.old .version .old_version \ |
128 |
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ |
129 |
signing_key.pem signing_key.priv signing_key.x509 \ |
130 |
x509.genkey extra_certificates signing_key.x509.keyid \ |
131 |
@@ -496,7 +492,7 @@ index 90e4bd9..44d0d41 100644 |
132 |
|
133 |
# clean - Delete most, but leave enough to build external modules |
134 |
# |
135 |
-@@ -1224,7 +1241,7 @@ distclean: mrproper |
136 |
+@@ -1224,7 +1232,7 @@ distclean: mrproper |
137 |
@find $(srctree) $(RCS_FIND_IGNORE) \ |
138 |
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \ |
139 |
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ |
140 |
@@ -505,6 +501,14 @@ index 90e4bd9..44d0d41 100644 |
141 |
-type f -print | xargs rm -f |
142 |
|
143 |
|
144 |
+@@ -1443,6 +1451,7 @@ clean: $(clean-dirs) |
145 |
+ -o -name '.*.d' -o -name '.*.tmp' -o -name '*.mod.c' \ |
146 |
+ -o -name '*.symtypes' -o -name 'modules.order' \ |
147 |
+ -o -name modules.builtin -o -name '.tmp_*.o.*' \ |
148 |
++ -o -name '*.c.[012]*.*' \ |
149 |
+ -o -name '*.gcno' \) -type f -print | xargs rm -f |
150 |
+ |
151 |
+ # Generate tags for editors |
152 |
diff --git a/arch/Kconfig b/arch/Kconfig |
153 |
index f6b649d..5ba628b 100644 |
154 |
--- a/arch/Kconfig |
155 |
@@ -8882,7 +8886,7 @@ index 2c01665..85a54a8 100644 |
156 |
sechdrs, module); |
157 |
#endif |
158 |
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c |
159 |
-index 54ed9c7..681162e 100644 |
160 |
+index 54ed9c7..681162e5 100644 |
161 |
--- a/arch/powerpc/kernel/process.c |
162 |
+++ b/arch/powerpc/kernel/process.c |
163 |
@@ -1185,8 +1185,8 @@ void show_regs(struct pt_regs * regs) |
164 |
@@ -17956,7 +17960,7 @@ index 0224987..0359810 100644 |
165 |
|
166 |
fprintf(outfile, "const struct vdso_image %s = {\n", name); |
167 |
diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c |
168 |
-index b8f69e2..2489643 100644 |
169 |
+index b8f69e2..b142158 100644 |
170 |
--- a/arch/x86/entry/vdso/vma.c |
171 |
+++ b/arch/x86/entry/vdso/vma.c |
172 |
@@ -20,10 +20,7 @@ |
173 |
@@ -18012,7 +18016,7 @@ index b8f69e2..2489643 100644 |
174 |
up_fail: |
175 |
if (ret) |
176 |
- current->mm->context.vdso = NULL; |
177 |
-+ current->mm->context.vdso = 0; |
178 |
++ mm->context.vdso = 0; |
179 |
|
180 |
up_write(&mm->mmap_sem); |
181 |
return ret; |
182 |
@@ -21815,14 +21819,14 @@ index 9fb2f2b..8e18c70 100644 |
183 |
#define MODULES_END VMALLOC_END |
184 |
#define MODULES_LEN (MODULES_VADDR - MODULES_END) |
185 |
diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h |
186 |
-index 2ee7811..afd76c0 100644 |
187 |
+index 2ee7811..1779bde 100644 |
188 |
--- a/arch/x86/include/asm/pgtable_64.h |
189 |
+++ b/arch/x86/include/asm/pgtable_64.h |
190 |
@@ -16,11 +16,17 @@ |
191 |
|
192 |
extern pud_t level3_kernel_pgt[512]; |
193 |
extern pud_t level3_ident_pgt[512]; |
194 |
-+extern pud_t level3_vmalloc_start_pgt[512]; |
195 |
++extern pud_t level3_vmalloc_start_pgt[4][512]; |
196 |
+extern pud_t level3_vmalloc_end_pgt[512]; |
197 |
+extern pud_t level3_vmemmap_pgt[512]; |
198 |
+extern pud_t level2_vmemmap_pgt[512]; |
199 |
@@ -25822,6 +25826,28 @@ index a316ca9..07e219e 100644 |
200 |
|
201 |
ret = intel_cqm_setup_rmid_cache(); |
202 |
if (ret) |
203 |
+diff --git a/arch/x86/kernel/cpu/perf_event_intel_cstate.c b/arch/x86/kernel/cpu/perf_event_intel_cstate.c |
204 |
+index 75a38b5..36cb0a9 100644 |
205 |
+--- a/arch/x86/kernel/cpu/perf_event_intel_cstate.c |
206 |
++++ b/arch/x86/kernel/cpu/perf_event_intel_cstate.c |
207 |
+@@ -92,14 +92,14 @@ |
208 |
+ #include "perf_event.h" |
209 |
+ |
210 |
+ #define DEFINE_CSTATE_FORMAT_ATTR(_var, _name, _format) \ |
211 |
+-static ssize_t __cstate_##_var##_show(struct kobject *kobj, \ |
212 |
+- struct kobj_attribute *attr, \ |
213 |
++static ssize_t __cstate_##_var##_show(struct device *dev, \ |
214 |
++ struct device_attribute *attr, \ |
215 |
+ char *page) \ |
216 |
+ { \ |
217 |
+ BUILD_BUG_ON(sizeof(_format) >= PAGE_SIZE); \ |
218 |
+ return sprintf(page, _format "\n"); \ |
219 |
+ } \ |
220 |
+-static struct kobj_attribute format_attr_##_var = \ |
221 |
++static struct device_attribute format_attr_##_var = \ |
222 |
+ __ATTR(_name, 0444, __cstate_##_var##_show, NULL) |
223 |
+ |
224 |
+ static ssize_t cstate_get_attr_cpumask(struct device *dev, |
225 |
diff --git a/arch/x86/kernel/cpu/perf_event_intel_ds.c b/arch/x86/kernel/cpu/perf_event_intel_ds.c |
226 |
index 9551401..649b91c 100644 |
227 |
--- a/arch/x86/kernel/cpu/perf_event_intel_ds.c |
228 |
@@ -27568,7 +27594,7 @@ index 6bc9ae2..33997fe 100644 |
229 |
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0 |
230 |
+ .endr |
231 |
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
232 |
-index ffdc0e8..f429d4f 100644 |
233 |
+index ffdc0e8..60b5d16 100644 |
234 |
--- a/arch/x86/kernel/head_64.S |
235 |
+++ b/arch/x86/kernel/head_64.S |
236 |
@@ -20,6 +20,8 @@ |
237 |
@@ -27593,12 +27619,15 @@ index ffdc0e8..f429d4f 100644 |
238 |
|
239 |
.text |
240 |
__HEAD |
241 |
-@@ -92,11 +100,33 @@ startup_64: |
242 |
+@@ -92,11 +100,36 @@ startup_64: |
243 |
* Fixup the physical addresses in the page table |
244 |
*/ |
245 |
addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) |
246 |
+ addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) |
247 |
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip) |
248 |
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 8(%rip) |
249 |
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 16(%rip) |
250 |
++ addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8) + 24(%rip) |
251 |
+ addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip) |
252 |
+ addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip) |
253 |
+ addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip) |
254 |
@@ -27629,7 +27658,7 @@ index ffdc0e8..f429d4f 100644 |
255 |
|
256 |
/* |
257 |
* Set up the identity mapping for the switchover. These |
258 |
-@@ -180,11 +210,12 @@ ENTRY(secondary_startup_64) |
259 |
+@@ -180,11 +213,12 @@ ENTRY(secondary_startup_64) |
260 |
/* Sanitize CPU configuration */ |
261 |
call verify_cpu |
262 |
|
263 |
@@ -27644,7 +27673,7 @@ index ffdc0e8..f429d4f 100644 |
264 |
movq %rcx, %cr4 |
265 |
|
266 |
/* Setup early boot stage 4 level pagetables. */ |
267 |
-@@ -205,10 +236,21 @@ ENTRY(secondary_startup_64) |
268 |
+@@ -205,10 +239,21 @@ ENTRY(secondary_startup_64) |
269 |
movl $MSR_EFER, %ecx |
270 |
rdmsr |
271 |
btsl $_EFER_SCE, %eax /* Enable System Call */ |
272 |
@@ -27667,7 +27696,7 @@ index ffdc0e8..f429d4f 100644 |
273 |
1: wrmsr /* Make changes effective */ |
274 |
|
275 |
/* Setup cr0 */ |
276 |
-@@ -288,6 +330,7 @@ ENTRY(secondary_startup_64) |
277 |
+@@ -288,6 +333,7 @@ ENTRY(secondary_startup_64) |
278 |
* REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, |
279 |
* address given in m16:64. |
280 |
*/ |
281 |
@@ -27675,7 +27704,7 @@ index ffdc0e8..f429d4f 100644 |
282 |
movq initial_code(%rip),%rax |
283 |
pushq $0 # fake return address to stop unwinder |
284 |
pushq $__KERNEL_CS # set correct cs |
285 |
-@@ -321,7 +364,7 @@ ENDPROC(start_cpu0) |
286 |
+@@ -321,7 +367,7 @@ ENDPROC(start_cpu0) |
287 |
.quad INIT_PER_CPU_VAR(irq_stack_union) |
288 |
|
289 |
GLOBAL(stack_start) |
290 |
@@ -27684,7 +27713,7 @@ index ffdc0e8..f429d4f 100644 |
291 |
.word 0 |
292 |
__FINITDATA |
293 |
|
294 |
-@@ -401,7 +444,7 @@ early_idt_handler_common: |
295 |
+@@ -401,7 +447,7 @@ early_idt_handler_common: |
296 |
call dump_stack |
297 |
#ifdef CONFIG_KALLSYMS |
298 |
leaq early_idt_ripmsg(%rip),%rdi |
299 |
@@ -27693,7 +27722,7 @@ index ffdc0e8..f429d4f 100644 |
300 |
call __print_symbol |
301 |
#endif |
302 |
#endif /* EARLY_PRINTK */ |
303 |
-@@ -430,6 +473,7 @@ ENDPROC(early_idt_handler_common) |
304 |
+@@ -430,6 +476,7 @@ ENDPROC(early_idt_handler_common) |
305 |
early_recursion_flag: |
306 |
.long 0 |
307 |
|
308 |
@@ -27701,7 +27730,7 @@ index ffdc0e8..f429d4f 100644 |
309 |
#ifdef CONFIG_EARLY_PRINTK |
310 |
early_idt_msg: |
311 |
.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" |
312 |
-@@ -452,40 +496,67 @@ GLOBAL(name) |
313 |
+@@ -452,40 +499,70 @@ GLOBAL(name) |
314 |
__INITDATA |
315 |
NEXT_PAGE(early_level4_pgt) |
316 |
.fill 511,8,0 |
317 |
@@ -27723,7 +27752,10 @@ index ffdc0e8..f429d4f 100644 |
318 |
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0 |
319 |
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE |
320 |
+ .org init_level4_pgt + L4_VMALLOC_START*8, 0 |
321 |
-+ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE |
322 |
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*0 + _KERNPG_TABLE |
323 |
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*1 + _KERNPG_TABLE |
324 |
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*2 + _KERNPG_TABLE |
325 |
++ .quad level3_vmalloc_start_pgt - __START_KERNEL_map + PAGE_SIZE*3 + _KERNPG_TABLE |
326 |
+ .org init_level4_pgt + L4_VMALLOC_END*8, 0 |
327 |
+ .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE |
328 |
+ .org init_level4_pgt + L4_VMEMMAP_START*8, 0 |
329 |
@@ -27750,7 +27782,7 @@ index ffdc0e8..f429d4f 100644 |
330 |
+#endif |
331 |
+ |
332 |
+NEXT_PAGE(level3_vmalloc_start_pgt) |
333 |
-+ .fill 512,8,0 |
334 |
++ .fill 4*512,8,0 |
335 |
+ |
336 |
+NEXT_PAGE(level3_vmalloc_end_pgt) |
337 |
+ .fill 512,8,0 |
338 |
@@ -27781,7 +27813,7 @@ index ffdc0e8..f429d4f 100644 |
339 |
|
340 |
NEXT_PAGE(level2_kernel_pgt) |
341 |
/* |
342 |
-@@ -502,31 +573,79 @@ NEXT_PAGE(level2_kernel_pgt) |
343 |
+@@ -502,31 +579,79 @@ NEXT_PAGE(level2_kernel_pgt) |
344 |
KERNEL_IMAGE_SIZE/PMD_SIZE) |
345 |
|
346 |
NEXT_PAGE(level2_fixmap_pgt) |
347 |
@@ -28964,7 +28996,7 @@ index 005c03e..7000fe4 100644 |
348 |
if ((s64)val != *(s32 *)loc) |
349 |
goto overflow; |
350 |
diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c |
351 |
-index 64f9616..c94695d 100644 |
352 |
+index 64f9616..4036384 100644 |
353 |
--- a/arch/x86/kernel/msr.c |
354 |
+++ b/arch/x86/kernel/msr.c |
355 |
@@ -39,6 +39,7 @@ |
356 |
@@ -28975,19 +29007,21 @@ index 64f9616..c94695d 100644 |
357 |
|
358 |
#include <asm/processor.h> |
359 |
#include <asm/msr.h> |
360 |
-@@ -83,6 +84,11 @@ static ssize_t msr_write(struct file *file, const char __user *buf, |
361 |
+@@ -83,6 +84,13 @@ static ssize_t msr_write(struct file *file, const char __user *buf, |
362 |
int err = 0; |
363 |
ssize_t bytes = 0; |
364 |
|
365 |
+#ifdef CONFIG_GRKERNSEC_KMEM |
366 |
-+ gr_handle_msr_write(); |
367 |
-+ return -EPERM; |
368 |
++ if (reg != MSR_IA32_ENERGY_PERF_BIAS) { |
369 |
++ gr_handle_msr_write(); |
370 |
++ return -EPERM; |
371 |
++ } |
372 |
+#endif |
373 |
+ |
374 |
if (count % 8) |
375 |
return -EINVAL; /* Invalid chunk size */ |
376 |
|
377 |
-@@ -130,6 +136,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) |
378 |
+@@ -130,6 +138,10 @@ static long msr_ioctl(struct file *file, unsigned int ioc, unsigned long arg) |
379 |
err = -EBADF; |
380 |
break; |
381 |
} |
382 |
@@ -28998,7 +29032,7 @@ index 64f9616..c94695d 100644 |
383 |
if (copy_from_user(®s, uregs, sizeof regs)) { |
384 |
err = -EFAULT; |
385 |
break; |
386 |
-@@ -213,7 +223,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb, |
387 |
+@@ -213,7 +225,7 @@ static int msr_class_cpu_callback(struct notifier_block *nfb, |
388 |
return notifier_from_errno(err); |
389 |
} |
390 |
|
391 |
@@ -35741,7 +35775,7 @@ index 740d7ac..4091827 100644 |
392 |
#endif /* CONFIG_HUGETLB_PAGE */ |
393 |
|
394 |
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
395 |
-index 493f541..eeba8bb 100644 |
396 |
+index 493f541..d8e6b22 100644 |
397 |
--- a/arch/x86/mm/init.c |
398 |
+++ b/arch/x86/mm/init.c |
399 |
@@ -4,6 +4,7 @@ |
400 |
@@ -35780,7 +35814,7 @@ index 493f541..eeba8bb 100644 |
401 |
__flush_tlb_all(); |
402 |
|
403 |
early_memtest(0, max_pfn_mapped << PAGE_SHIFT); |
404 |
-@@ -634,10 +648,40 @@ void __init init_mem_mapping(void) |
405 |
+@@ -634,10 +648,34 @@ void __init init_mem_mapping(void) |
406 |
* Access has to be given to non-kernel-ram areas as well, these contain the PCI |
407 |
* mmio resources as well as potential bios/acpi data regions. |
408 |
*/ |
409 |
@@ -35792,37 +35826,30 @@ index 493f541..eeba8bb 100644 |
410 |
+ |
411 |
int devmem_is_allowed(unsigned long pagenr) |
412 |
{ |
413 |
-- if (pagenr < 256) |
414 |
+#ifdef CONFIG_GRKERNSEC_KMEM |
415 |
+ /* allow BDA */ |
416 |
+ if (!pagenr) |
417 |
- return 1; |
418 |
++ return 1; |
419 |
+ /* allow EBDA */ |
420 |
+ if (pagenr >= ebda_start && pagenr < ebda_end) |
421 |
+ return 1; |
422 |
+ /* if tboot is in use, allow access to its hardcoded serial log range */ |
423 |
+ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT))) |
424 |
+ return 1; |
425 |
-+#else |
426 |
-+ if (!pagenr) |
427 |
-+ return 1; |
428 |
-+#ifdef CONFIG_VM86 |
429 |
-+ if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT)) |
430 |
-+ return 1; |
431 |
-+#endif |
432 |
-+#endif |
433 |
-+ |
434 |
+ if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT)) |
435 |
+ return 1; |
436 |
-+#ifdef CONFIG_GRKERNSEC_KMEM |
437 |
+ /* throw out everything else below 1MB */ |
438 |
+ if (pagenr <= 256) |
439 |
+ return 0; |
440 |
++#else |
441 |
+ if (pagenr < 256) |
442 |
+ return 1; |
443 |
+#endif |
444 |
++ |
445 |
if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) |
446 |
return 0; |
447 |
if (!page_is_ram(pagenr)) |
448 |
-@@ -683,8 +727,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) |
449 |
+@@ -683,8 +721,127 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) |
450 |
#endif |
451 |
} |
452 |
|
453 |
@@ -38861,14 +38888,17 @@ index e3679db..16b93d1 100644 |
454 |
|
455 |
#ifdef CONFIG_ACPI_NUMA |
456 |
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c |
457 |
-index c913ca4..a314c65 100644 |
458 |
+index c913ca4..55f8877 100644 |
459 |
--- a/arch/x86/xen/mmu.c |
460 |
+++ b/arch/x86/xen/mmu.c |
461 |
-@@ -1950,7 +1950,11 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) |
462 |
+@@ -1950,7 +1950,14 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) |
463 |
* L3_k[511] -> level2_fixmap_pgt */ |
464 |
convert_pfn_mfn(level3_kernel_pgt); |
465 |
|
466 |
-+ convert_pfn_mfn(level3_vmalloc_start_pgt); |
467 |
++ convert_pfn_mfn(level3_vmalloc_start_pgt[0]); |
468 |
++ convert_pfn_mfn(level3_vmalloc_start_pgt[1]); |
469 |
++ convert_pfn_mfn(level3_vmalloc_start_pgt[2]); |
470 |
++ convert_pfn_mfn(level3_vmalloc_start_pgt[3]); |
471 |
+ convert_pfn_mfn(level3_vmalloc_end_pgt); |
472 |
+ convert_pfn_mfn(level3_vmemmap_pgt); |
473 |
/* L3_k[511][506] -> level1_fixmap_pgt */ |
474 |
@@ -38876,11 +38906,14 @@ index c913ca4..a314c65 100644 |
475 |
convert_pfn_mfn(level2_fixmap_pgt); |
476 |
} |
477 |
/* We get [511][511] and have Xen's version of level2_kernel_pgt */ |
478 |
-@@ -1980,11 +1984,22 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) |
479 |
+@@ -1980,11 +1987,25 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) |
480 |
set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); |
481 |
set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); |
482 |
set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); |
483 |
-+ set_page_prot(level3_vmalloc_start_pgt, PAGE_KERNEL_RO); |
484 |
++ set_page_prot(level3_vmalloc_start_pgt[0], PAGE_KERNEL_RO); |
485 |
++ set_page_prot(level3_vmalloc_start_pgt[1], PAGE_KERNEL_RO); |
486 |
++ set_page_prot(level3_vmalloc_start_pgt[2], PAGE_KERNEL_RO); |
487 |
++ set_page_prot(level3_vmalloc_start_pgt[3], PAGE_KERNEL_RO); |
488 |
+ set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO); |
489 |
+ set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO); |
490 |
set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); |
491 |
@@ -38900,7 +38933,7 @@ index c913ca4..a314c65 100644 |
492 |
|
493 |
/* Pin down new L4 */ |
494 |
pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, |
495 |
-@@ -2395,6 +2410,7 @@ static void __init xen_post_allocator_init(void) |
496 |
+@@ -2395,6 +2416,7 @@ static void __init xen_post_allocator_init(void) |
497 |
pv_mmu_ops.set_pud = xen_set_pud; |
498 |
#if CONFIG_PGTABLE_LEVELS == 4 |
499 |
pv_mmu_ops.set_pgd = xen_set_pgd; |
500 |
@@ -38908,7 +38941,7 @@ index c913ca4..a314c65 100644 |
501 |
#endif |
502 |
|
503 |
/* This will work as long as patching hasn't happened yet |
504 |
-@@ -2423,6 +2439,10 @@ static void xen_leave_lazy_mmu(void) |
505 |
+@@ -2423,6 +2445,10 @@ static void xen_leave_lazy_mmu(void) |
506 |
preempt_enable(); |
507 |
} |
508 |
|
509 |
@@ -38919,7 +38952,7 @@ index c913ca4..a314c65 100644 |
510 |
static const struct pv_mmu_ops xen_mmu_ops __initconst = { |
511 |
.read_cr2 = xen_read_cr2, |
512 |
.write_cr2 = xen_write_cr2, |
513 |
-@@ -2435,7 +2455,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { |
514 |
+@@ -2435,7 +2461,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { |
515 |
.flush_tlb_single = xen_flush_tlb_single, |
516 |
.flush_tlb_others = xen_flush_tlb_others, |
517 |
|
518 |
@@ -38928,7 +38961,7 @@ index c913ca4..a314c65 100644 |
519 |
|
520 |
.pgd_alloc = xen_pgd_alloc, |
521 |
.pgd_free = xen_pgd_free, |
522 |
-@@ -2472,6 +2492,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { |
523 |
+@@ -2472,6 +2498,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { |
524 |
.pud_val = PV_CALLEE_SAVE(xen_pud_val), |
525 |
.make_pud = PV_CALLEE_SAVE(xen_make_pud), |
526 |
.set_pgd = xen_set_pgd_hyper, |
527 |
@@ -44269,6 +44302,23 @@ index 984c5e9..c873659 100644 |
528 |
err_out: |
529 |
mutex_unlock(&devfreq_list_lock); |
530 |
|
531 |
+diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c |
532 |
+index 155c146..0a697f4 100644 |
533 |
+--- a/drivers/dma-buf/dma-buf.c |
534 |
++++ b/drivers/dma-buf/dma-buf.c |
535 |
+@@ -835,10 +835,9 @@ static int dma_buf_describe(struct seq_file *s) |
536 |
+ |
537 |
+ static int dma_buf_show(struct seq_file *s, void *unused) |
538 |
+ { |
539 |
+- void (*func)(struct seq_file *) = s->private; |
540 |
++ int (*func)(struct seq_file *) = s->private; |
541 |
+ |
542 |
+- func(s); |
543 |
+- return 0; |
544 |
++ return func(s); |
545 |
+ } |
546 |
+ |
547 |
+ static int dma_buf_debug_open(struct inode *inode, struct file *file) |
548 |
diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c |
549 |
index 10fcaba..326f709 100644 |
550 |
--- a/drivers/dma/sh/shdma-base.c |
551 |
@@ -45707,6 +45757,212 @@ index 7b69070..d7bd78b 100644 |
552 |
pqn->q); |
553 |
if (retval != 0) |
554 |
return retval; |
555 |
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c |
556 |
+index ff08ce4..5b8758f 100644 |
557 |
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c |
558 |
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c |
559 |
+@@ -239,10 +239,16 @@ int cz_dpm_powergate_vce(struct pp_hwmgr *hwmgr, bool bgate) |
560 |
+ |
561 |
+ static struct phm_master_table_item cz_enable_clock_power_gatings_list[] = { |
562 |
+ /*we don't need an exit table here, because there is only D3 cold on Kv*/ |
563 |
+- { phm_cf_want_uvd_power_gating, cz_tf_uvd_power_gating_initialize }, |
564 |
+- { phm_cf_want_vce_power_gating, cz_tf_vce_power_gating_initialize }, |
565 |
++ { |
566 |
++ .isFunctionNeededInRuntimeTable = phm_cf_want_uvd_power_gating, |
567 |
++ .tableFunction = cz_tf_uvd_power_gating_initialize |
568 |
++ }, |
569 |
++ { |
570 |
++ .isFunctionNeededInRuntimeTable = phm_cf_want_vce_power_gating, |
571 |
++ .tableFunction = cz_tf_vce_power_gating_initialize |
572 |
++ }, |
573 |
+ /* to do { NULL, cz_tf_xdma_power_gating_enable }, */ |
574 |
+- { NULL, NULL } |
575 |
++ { } |
576 |
+ }; |
577 |
+ |
578 |
+ struct phm_master_table_header cz_phm_enable_clock_power_gatings_master = { |
579 |
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c |
580 |
+index 2ea012e..b4256b4 100644 |
581 |
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c |
582 |
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c |
583 |
+@@ -915,13 +915,13 @@ static int cz_tf_update_low_mem_pstate(struct pp_hwmgr *hwmgr, |
584 |
+ } |
585 |
+ |
586 |
+ static struct phm_master_table_item cz_set_power_state_list[] = { |
587 |
+- {NULL, cz_tf_update_sclk_limit}, |
588 |
+- {NULL, cz_tf_set_deep_sleep_sclk_threshold}, |
589 |
+- {NULL, cz_tf_set_watermark_threshold}, |
590 |
+- {NULL, cz_tf_set_enabled_levels}, |
591 |
+- {NULL, cz_tf_enable_nb_dpm}, |
592 |
+- {NULL, cz_tf_update_low_mem_pstate}, |
593 |
+- {NULL, NULL} |
594 |
++ { .tableFunction = cz_tf_update_sclk_limit }, |
595 |
++ { .tableFunction = cz_tf_set_deep_sleep_sclk_threshold }, |
596 |
++ { .tableFunction = cz_tf_set_watermark_threshold }, |
597 |
++ { .tableFunction = cz_tf_set_enabled_levels }, |
598 |
++ { .tableFunction = cz_tf_enable_nb_dpm }, |
599 |
++ { .tableFunction = cz_tf_update_low_mem_pstate }, |
600 |
++ { } |
601 |
+ }; |
602 |
+ |
603 |
+ static struct phm_master_table_header cz_set_power_state_master = { |
604 |
+@@ -931,15 +931,15 @@ static struct phm_master_table_header cz_set_power_state_master = { |
605 |
+ }; |
606 |
+ |
607 |
+ static struct phm_master_table_item cz_setup_asic_list[] = { |
608 |
+- {NULL, cz_tf_reset_active_process_mask}, |
609 |
+- {NULL, cz_tf_upload_pptable_to_smu}, |
610 |
+- {NULL, cz_tf_init_sclk_limit}, |
611 |
+- {NULL, cz_tf_init_uvd_limit}, |
612 |
+- {NULL, cz_tf_init_vce_limit}, |
613 |
+- {NULL, cz_tf_init_acp_limit}, |
614 |
+- {NULL, cz_tf_init_power_gate_state}, |
615 |
+- {NULL, cz_tf_init_sclk_threshold}, |
616 |
+- {NULL, NULL} |
617 |
++ { .tableFunction = cz_tf_reset_active_process_mask }, |
618 |
++ { .tableFunction = cz_tf_upload_pptable_to_smu }, |
619 |
++ { .tableFunction = cz_tf_init_sclk_limit }, |
620 |
++ { .tableFunction = cz_tf_init_uvd_limit }, |
621 |
++ { .tableFunction = cz_tf_init_vce_limit }, |
622 |
++ { .tableFunction = cz_tf_init_acp_limit }, |
623 |
++ { .tableFunction = cz_tf_init_power_gate_state }, |
624 |
++ { .tableFunction = cz_tf_init_sclk_threshold }, |
625 |
++ { } |
626 |
+ }; |
627 |
+ |
628 |
+ static struct phm_master_table_header cz_setup_asic_master = { |
629 |
+@@ -984,10 +984,10 @@ static int cz_tf_reset_cc6_data(struct pp_hwmgr *hwmgr, |
630 |
+ } |
631 |
+ |
632 |
+ static struct phm_master_table_item cz_power_down_asic_list[] = { |
633 |
+- {NULL, cz_tf_power_up_display_clock_sys_pll}, |
634 |
+- {NULL, cz_tf_clear_nb_dpm_flag}, |
635 |
+- {NULL, cz_tf_reset_cc6_data}, |
636 |
+- {NULL, NULL} |
637 |
++ { .tableFunction = cz_tf_power_up_display_clock_sys_pll }, |
638 |
++ { .tableFunction = cz_tf_clear_nb_dpm_flag }, |
639 |
++ { .tableFunction = cz_tf_reset_cc6_data }, |
640 |
++ { } |
641 |
+ }; |
642 |
+ |
643 |
+ static struct phm_master_table_header cz_power_down_asic_master = { |
644 |
+@@ -1095,8 +1095,8 @@ static int cz_tf_check_for_dpm_enabled(struct pp_hwmgr *hwmgr, |
645 |
+ } |
646 |
+ |
647 |
+ static struct phm_master_table_item cz_disable_dpm_list[] = { |
648 |
+- { NULL, cz_tf_check_for_dpm_enabled}, |
649 |
+- {NULL, NULL}, |
650 |
++ { .tableFunction = cz_tf_check_for_dpm_enabled }, |
651 |
++ { }, |
652 |
+ }; |
653 |
+ |
654 |
+ |
655 |
+@@ -1107,13 +1107,13 @@ static struct phm_master_table_header cz_disable_dpm_master = { |
656 |
+ }; |
657 |
+ |
658 |
+ static struct phm_master_table_item cz_enable_dpm_list[] = { |
659 |
+- { NULL, cz_tf_check_for_dpm_disabled }, |
660 |
+- { NULL, cz_tf_program_voting_clients }, |
661 |
+- { NULL, cz_tf_start_dpm}, |
662 |
+- { NULL, cz_tf_program_bootup_state}, |
663 |
+- { NULL, cz_tf_enable_didt }, |
664 |
+- { NULL, cz_tf_reset_acp_boot_level }, |
665 |
+- {NULL, NULL}, |
666 |
++ { .tableFunction = cz_tf_check_for_dpm_disabled }, |
667 |
++ { .tableFunction = cz_tf_program_voting_clients }, |
668 |
++ { .tableFunction = cz_tf_start_dpm }, |
669 |
++ { .tableFunction = cz_tf_program_bootup_state }, |
670 |
++ { .tableFunction = cz_tf_enable_didt }, |
671 |
++ { .tableFunction = cz_tf_reset_acp_boot_level }, |
672 |
++ { }, |
673 |
+ }; |
674 |
+ |
675 |
+ static struct phm_master_table_header cz_enable_dpm_master = { |
676 |
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c |
677 |
+index e76a7de..ae5fb7e 100644 |
678 |
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c |
679 |
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/fiji_thermal.c |
680 |
+@@ -617,17 +617,17 @@ static int tf_fiji_thermal_disable_alert(struct pp_hwmgr *hwmgr, |
681 |
+ |
682 |
+ static struct phm_master_table_item |
683 |
+ fiji_thermal_start_thermal_controller_master_list[] = { |
684 |
+- {NULL, tf_fiji_thermal_initialize}, |
685 |
+- {NULL, tf_fiji_thermal_set_temperature_range}, |
686 |
+- {NULL, tf_fiji_thermal_enable_alert}, |
687 |
++ { .tableFunction = tf_fiji_thermal_initialize}, |
688 |
++ { .tableFunction = tf_fiji_thermal_set_temperature_range}, |
689 |
++ { .tableFunction = tf_fiji_thermal_enable_alert}, |
690 |
+ /* We should restrict performance levels to low before we halt the SMC. |
691 |
+ * On the other hand we are still in boot state when we do this |
692 |
+ * so it would be pointless. |
693 |
+ * If this assumption changes we have to revisit this table. |
694 |
+ */ |
695 |
+- {NULL, tf_fiji_thermal_setup_fan_table}, |
696 |
+- {NULL, tf_fiji_thermal_start_smc_fan_control}, |
697 |
+- {NULL, NULL} |
698 |
++ { .tableFunction = tf_fiji_thermal_setup_fan_table}, |
699 |
++ { .tableFunction = tf_fiji_thermal_start_smc_fan_control}, |
700 |
++ { } |
701 |
+ }; |
702 |
+ |
703 |
+ static struct phm_master_table_header |
704 |
+@@ -639,10 +639,10 @@ fiji_thermal_start_thermal_controller_master = { |
705 |
+ |
706 |
+ static struct phm_master_table_item |
707 |
+ fiji_thermal_set_temperature_range_master_list[] = { |
708 |
+- {NULL, tf_fiji_thermal_disable_alert}, |
709 |
+- {NULL, tf_fiji_thermal_set_temperature_range}, |
710 |
+- {NULL, tf_fiji_thermal_enable_alert}, |
711 |
+- {NULL, NULL} |
712 |
++ { .tableFunction = tf_fiji_thermal_disable_alert}, |
713 |
++ { .tableFunction = tf_fiji_thermal_set_temperature_range}, |
714 |
++ { .tableFunction = tf_fiji_thermal_enable_alert}, |
715 |
++ { } |
716 |
+ }; |
717 |
+ |
718 |
+ struct phm_master_table_header |
719 |
+diff --git a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c |
720 |
+index a188174..74acdc0 100644 |
721 |
+--- a/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c |
722 |
++++ b/drivers/gpu/drm/amd/powerplay/hwmgr/tonga_thermal.c |
723 |
+@@ -526,16 +526,16 @@ static int tf_tonga_thermal_disable_alert(struct pp_hwmgr *hwmgr, void *input, v |
724 |
+ } |
725 |
+ |
726 |
+ static struct phm_master_table_item tonga_thermal_start_thermal_controller_master_list[] = { |
727 |
+- { NULL, tf_tonga_thermal_initialize }, |
728 |
+- { NULL, tf_tonga_thermal_set_temperature_range }, |
729 |
+- { NULL, tf_tonga_thermal_enable_alert }, |
730 |
++ { .tableFunction = tf_tonga_thermal_initialize }, |
731 |
++ { .tableFunction = tf_tonga_thermal_set_temperature_range }, |
732 |
++ { .tableFunction = tf_tonga_thermal_enable_alert }, |
733 |
+ /* We should restrict performance levels to low before we halt the SMC. |
734 |
+ * On the other hand we are still in boot state when we do this so it would be pointless. |
735 |
+ * If this assumption changes we have to revisit this table. |
736 |
+ */ |
737 |
+- { NULL, tf_tonga_thermal_setup_fan_table}, |
738 |
+- { NULL, tf_tonga_thermal_start_smc_fan_control}, |
739 |
+- { NULL, NULL } |
740 |
++ { .tableFunction = tf_tonga_thermal_setup_fan_table}, |
741 |
++ { .tableFunction = tf_tonga_thermal_start_smc_fan_control}, |
742 |
++ { } |
743 |
+ }; |
744 |
+ |
745 |
+ static struct phm_master_table_header tonga_thermal_start_thermal_controller_master = { |
746 |
+@@ -545,10 +545,10 @@ static struct phm_master_table_header tonga_thermal_start_thermal_controller_mas |
747 |
+ }; |
748 |
+ |
749 |
+ static struct phm_master_table_item tonga_thermal_set_temperature_range_master_list[] = { |
750 |
+- { NULL, tf_tonga_thermal_disable_alert}, |
751 |
+- { NULL, tf_tonga_thermal_set_temperature_range}, |
752 |
+- { NULL, tf_tonga_thermal_enable_alert}, |
753 |
+- { NULL, NULL } |
754 |
++ { .tableFunction = tf_tonga_thermal_disable_alert}, |
755 |
++ { .tableFunction = tf_tonga_thermal_set_temperature_range}, |
756 |
++ { .tableFunction = tf_tonga_thermal_enable_alert}, |
757 |
++ { } |
758 |
+ }; |
759 |
+ |
760 |
+ struct phm_master_table_header tonga_thermal_set_temperature_range_master = { |
761 |
diff --git a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c b/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c |
762 |
index 8b2becd..2d8f572 100644 |
763 |
--- a/drivers/gpu/drm/amd/scheduler/gpu_scheduler.c |
764 |
@@ -48656,6 +48912,29 @@ index c13fb5b..55a3802 100644 |
765 |
return -EFAULT; |
766 |
|
767 |
*off += size; |
768 |
+diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c |
769 |
+index 2f1ddca..700145b 100644 |
770 |
+--- a/drivers/hid/usbhid/hiddev.c |
771 |
++++ b/drivers/hid/usbhid/hiddev.c |
772 |
+@@ -516,13 +516,13 @@ static noinline int hiddev_ioctl_usage(struct hiddev *hiddev, unsigned int cmd, |
773 |
+ goto inval; |
774 |
+ } else if (uref->usage_index >= field->report_count) |
775 |
+ goto inval; |
776 |
+- |
777 |
+- else if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) && |
778 |
+- (uref_multi->num_values > HID_MAX_MULTI_USAGES || |
779 |
+- uref->usage_index + uref_multi->num_values > field->report_count)) |
780 |
+- goto inval; |
781 |
+ } |
782 |
+ |
783 |
++ if ((cmd == HIDIOCGUSAGES || cmd == HIDIOCSUSAGES) && |
784 |
++ (uref_multi->num_values > HID_MAX_MULTI_USAGES || |
785 |
++ uref->usage_index + uref_multi->num_values > field->report_count)) |
786 |
++ goto inval; |
787 |
++ |
788 |
+ switch (cmd) { |
789 |
+ case HIDIOCGUSAGE: |
790 |
+ uref->value = field->value[uref->usage_index]; |
791 |
diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
792 |
index 1161d68..7a42e2c 100644 |
793 |
--- a/drivers/hv/channel.c |
794 |
@@ -48681,27 +48960,76 @@ index 1161d68..7a42e2c 100644 |
795 |
packetlen_aligned = ALIGN(packetlen, sizeof(u64)); |
796 |
|
797 |
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c |
798 |
-index 11bca51..17bdc9b 100644 |
799 |
+index 11bca51..360c83e 100644 |
800 |
--- a/drivers/hv/hv.c |
801 |
+++ b/drivers/hv/hv.c |
802 |
-@@ -95,7 +95,7 @@ u64 hv_do_hypercall(u64 control, void *input, void *output) |
803 |
+@@ -183,6 +183,8 @@ static struct clocksource hyperv_cs_tsc = { |
804 |
+ }; |
805 |
+ #endif |
806 |
+ |
807 |
++extern char hv_hypercall_page[PAGE_SIZE] __aligned(PAGE_SIZE); |
808 |
++asm(".text; .balign 4096; hv_hypercall_page: .fill 4096,1,0xcc; .previous;"); |
809 |
+ |
810 |
+ /* |
811 |
+ * hv_init - Main initialization routine. |
812 |
+@@ -193,7 +195,6 @@ int hv_init(void) |
813 |
{ |
814 |
- u64 input_address = (input) ? virt_to_phys(input) : 0; |
815 |
- u64 output_address = (output) ? virt_to_phys(output) : 0; |
816 |
-- void *hypercall_page = hv_context.hypercall_page; |
817 |
-+ void *hypercall_page = (void *)ktva_ktla((unsigned long)hv_context.hypercall_page); |
818 |
- #ifdef CONFIG_X86_64 |
819 |
- u64 hv_status = 0; |
820 |
+ int max_leaf; |
821 |
+ union hv_x64_msr_hypercall_contents hypercall_msr; |
822 |
+- void *virtaddr = NULL; |
823 |
|
824 |
-@@ -218,7 +218,7 @@ int hv_init(void) |
825 |
+ memset(hv_context.synic_event_page, 0, sizeof(void *) * NR_CPUS); |
826 |
+ memset(hv_context.synic_message_page, 0, |
827 |
+@@ -218,14 +219,9 @@ int hv_init(void) |
828 |
/* See if the hypercall page is already set */ |
829 |
rdmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); |
830 |
|
831 |
- virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_EXEC); |
832 |
-+ virtaddr = __vmalloc(PAGE_SIZE, GFP_KERNEL, PAGE_KERNEL_RX); |
833 |
+- |
834 |
+- if (!virtaddr) |
835 |
+- goto cleanup; |
836 |
+- |
837 |
+ hypercall_msr.enable = 1; |
838 |
|
839 |
- if (!virtaddr) |
840 |
+- hypercall_msr.guest_physical_address = vmalloc_to_pfn(virtaddr); |
841 |
++ hypercall_msr.guest_physical_address = __phys_to_pfn(__pa(ktla_ktva((unsigned long)hv_hypercall_page))); |
842 |
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); |
843 |
+ |
844 |
+ /* Confirm that hypercall page did get setup. */ |
845 |
+@@ -235,7 +231,7 @@ int hv_init(void) |
846 |
+ if (!hypercall_msr.enable) |
847 |
goto cleanup; |
848 |
+ |
849 |
+- hv_context.hypercall_page = virtaddr; |
850 |
++ hv_context.hypercall_page = hv_hypercall_page; |
851 |
+ |
852 |
+ #ifdef CONFIG_X86_64 |
853 |
+ if (ms_hyperv.features & HV_X64_MSR_REFERENCE_TSC_AVAILABLE) { |
854 |
+@@ -259,13 +255,9 @@ int hv_init(void) |
855 |
+ return 0; |
856 |
+ |
857 |
+ cleanup: |
858 |
+- if (virtaddr) { |
859 |
+- if (hypercall_msr.enable) { |
860 |
+- hypercall_msr.as_uint64 = 0; |
861 |
+- wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); |
862 |
+- } |
863 |
+- |
864 |
+- vfree(virtaddr); |
865 |
++ if (hypercall_msr.enable) { |
866 |
++ hypercall_msr.as_uint64 = 0; |
867 |
++ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); |
868 |
+ } |
869 |
+ |
870 |
+ return -ENOTSUPP; |
871 |
+@@ -286,7 +278,6 @@ void hv_cleanup(void) |
872 |
+ if (hv_context.hypercall_page) { |
873 |
+ hypercall_msr.as_uint64 = 0; |
874 |
+ wrmsrl(HV_X64_MSR_HYPERCALL, hypercall_msr.as_uint64); |
875 |
+- vfree(hv_context.hypercall_page); |
876 |
+ hv_context.hypercall_page = NULL; |
877 |
+ } |
878 |
+ |
879 |
diff --git a/drivers/hv/hv_balloon.c b/drivers/hv/hv_balloon.c |
880 |
index b853b4b..3647b37 100644 |
881 |
--- a/drivers/hv/hv_balloon.c |
882 |
@@ -67848,10 +68176,25 @@ index 3f155e7..0f4b1f0 100644 |
883 |
&proc_bus_pci_dev_operations); |
884 |
proc_initialized = 1; |
885 |
diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c |
886 |
-index 7796d0a..c83b0ae 100644 |
887 |
+index 7796d0a..2f9d2f6 100644 |
888 |
--- a/drivers/pci/setup-bus.c |
889 |
+++ b/drivers/pci/setup-bus.c |
890 |
-@@ -1115,7 +1115,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, |
891 |
+@@ -406,8 +406,12 @@ static void __assign_resources_sorted(struct list_head *head, |
892 |
+ |
893 |
+ /* Update res in head list with add_size in realloc_head list */ |
894 |
+ list_for_each_entry_safe(dev_res, tmp_res, head, list) { |
895 |
+- dev_res->res->end += get_res_add_size(realloc_head, |
896 |
+- dev_res->res); |
897 |
++ resource_size_t add_size = get_res_add_size(realloc_head, dev_res->res); |
898 |
++ |
899 |
++ if (dev_res->res->start == 0 && dev_res->res->end == RESOURCE_SIZE_MAX) |
900 |
++ dev_res->res->end = add_size - 1; |
901 |
++ else |
902 |
++ dev_res->res->end += get_res_add_size(realloc_head, dev_res->res); |
903 |
+ |
904 |
+ /* |
905 |
+ * There are two kinds of additional resources in the list: |
906 |
+@@ -1115,7 +1119,7 @@ static int pbus_size_mem(struct pci_bus *bus, unsigned long mask, |
907 |
return 0; |
908 |
} |
909 |
|
910 |
@@ -97715,7 +98058,7 @@ index e4141f2..d8263e8 100644 |
911 |
i += packet_length_size; |
912 |
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) |
913 |
diff --git a/fs/exec.c b/fs/exec.c |
914 |
-index dcd4ac7..50eef0a 100644 |
915 |
+index dcd4ac7..f651515 100644 |
916 |
--- a/fs/exec.c |
917 |
+++ b/fs/exec.c |
918 |
@@ -56,8 +56,20 @@ |
919 |
@@ -97924,7 +98267,14 @@ index dcd4ac7..50eef0a 100644 |
920 |
/* |
921 |
* cover the whole range: [new_start, old_end) |
922 |
*/ |
923 |
-@@ -681,10 +727,6 @@ int setup_arg_pages(struct linux_binprm *bprm, |
924 |
+@@ -675,20 +721,16 @@ int setup_arg_pages(struct linux_binprm *bprm, |
925 |
+ stack_base = PAGE_ALIGN(stack_top - stack_base); |
926 |
+ |
927 |
+ stack_shift = vma->vm_start - stack_base; |
928 |
+- mm->arg_start = bprm->p - stack_shift; |
929 |
++ mm->arg_end = mm->arg_start = bprm->p - stack_shift; |
930 |
+ bprm->p = vma->vm_end - stack_shift; |
931 |
+ #else |
932 |
stack_top = arch_align_stack(stack_top); |
933 |
stack_top = PAGE_ALIGN(stack_top); |
934 |
|
935 |
@@ -97935,6 +98285,11 @@ index dcd4ac7..50eef0a 100644 |
936 |
stack_shift = vma->vm_end - stack_top; |
937 |
|
938 |
bprm->p -= stack_shift; |
939 |
+- mm->arg_start = bprm->p; |
940 |
++ mm->arg_end = mm->arg_start = bprm->p; |
941 |
+ #endif |
942 |
+ |
943 |
+ if (bprm->loader) |
944 |
@@ -696,8 +738,28 @@ int setup_arg_pages(struct linux_binprm *bprm, |
945 |
bprm->exec -= stack_shift; |
946 |
|
947 |
@@ -103205,7 +103560,7 @@ index 7824bfb..bddd8a4 100644 |
948 |
out: |
949 |
return len; |
950 |
diff --git a/fs/namespace.c b/fs/namespace.c |
951 |
-index 4fb1691..a518f2e0 100644 |
952 |
+index 4fb1691..3077a5c 100644 |
953 |
--- a/fs/namespace.c |
954 |
+++ b/fs/namespace.c |
955 |
@@ -1516,6 +1516,9 @@ static int do_umount(struct mount *mnt, int flags) |
956 |
@@ -103292,16 +103647,15 @@ index 4fb1691..a518f2e0 100644 |
957 |
atomic_set(&new_ns->count, 1); |
958 |
new_ns->root = NULL; |
959 |
INIT_LIST_HEAD(&new_ns->list); |
960 |
-@@ -2778,7 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) |
961 |
+@@ -2778,6 +2797,7 @@ static struct mnt_namespace *alloc_mnt_ns(struct user_namespace *user_ns) |
962 |
return new_ns; |
963 |
} |
964 |
|
965 |
--struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns, |
966 |
-+__latent_entropy struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns, |
967 |
++__latent_entropy |
968 |
+ struct mnt_namespace *copy_mnt_ns(unsigned long flags, struct mnt_namespace *ns, |
969 |
struct user_namespace *user_ns, struct fs_struct *new_fs) |
970 |
{ |
971 |
- struct mnt_namespace *new_ns; |
972 |
-@@ -2899,8 +2918,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) |
973 |
+@@ -2899,8 +2919,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name) |
974 |
} |
975 |
EXPORT_SYMBOL(mount_subtree); |
976 |
|
977 |
@@ -103312,7 +103666,7 @@ index 4fb1691..a518f2e0 100644 |
978 |
{ |
979 |
int ret; |
980 |
char *kernel_type; |
981 |
-@@ -3006,6 +3025,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, |
982 |
+@@ -3006,6 +3026,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, |
983 |
if (error) |
984 |
goto out2; |
985 |
|
986 |
@@ -103324,7 +103678,7 @@ index 4fb1691..a518f2e0 100644 |
987 |
get_fs_root(current->fs, &root); |
988 |
old_mp = lock_mount(&old); |
989 |
error = PTR_ERR(old_mp); |
990 |
-@@ -3324,7 +3348,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns) |
991 |
+@@ -3324,7 +3349,7 @@ static int mntns_install(struct nsproxy *nsproxy, struct ns_common *ns) |
992 |
!ns_capable(current_user_ns(), CAP_SYS_ADMIN)) |
993 |
return -EPERM; |
994 |
|
995 |
@@ -106266,7 +106620,7 @@ index 4123551..813b403 100644 |
996 |
|
997 |
#endif /* _NFSD4_CURRENT_STATE_H */ |
998 |
diff --git a/fs/nfsd/nfs2acl.c b/fs/nfsd/nfs2acl.c |
999 |
-index 1580ea6..9c7f44f 100644 |
1000 |
+index 1580ea6..5d74e50 100644 |
1001 |
--- a/fs/nfsd/nfs2acl.c |
1002 |
+++ b/fs/nfsd/nfs2acl.c |
1003 |
@@ -27,9 +27,10 @@ nfsacld_proc_null(struct svc_rqst *rqstp, void *argp, void *resp) |
1004 |
@@ -106296,6 +106650,47 @@ index 1580ea6..9c7f44f 100644 |
1005 |
struct inode *inode; |
1006 |
svc_fh *fh; |
1007 |
__be32 nfserr = 0; |
1008 |
+@@ -104,22 +105,21 @@ static __be32 nfsacld_proc_setacl(struct svc_rqst * rqstp, |
1009 |
+ goto out; |
1010 |
+ |
1011 |
+ inode = d_inode(fh->fh_dentry); |
1012 |
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) { |
1013 |
+- error = -EOPNOTSUPP; |
1014 |
+- goto out_errno; |
1015 |
+- } |
1016 |
+ |
1017 |
+ error = fh_want_write(fh); |
1018 |
+ if (error) |
1019 |
+ goto out_errno; |
1020 |
+ |
1021 |
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS); |
1022 |
++ fh_lock(fh); |
1023 |
++ |
1024 |
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access); |
1025 |
+ if (error) |
1026 |
+- goto out_drop_write; |
1027 |
+- error = inode->i_op->set_acl(inode, argp->acl_default, |
1028 |
+- ACL_TYPE_DEFAULT); |
1029 |
++ goto out_drop_lock; |
1030 |
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default); |
1031 |
+ if (error) |
1032 |
+- goto out_drop_write; |
1033 |
++ goto out_drop_lock; |
1034 |
++ |
1035 |
++ fh_unlock(fh); |
1036 |
+ |
1037 |
+ fh_drop_write(fh); |
1038 |
+ |
1039 |
+@@ -131,7 +131,8 @@ out: |
1040 |
+ posix_acl_release(argp->acl_access); |
1041 |
+ posix_acl_release(argp->acl_default); |
1042 |
+ return nfserr; |
1043 |
+-out_drop_write: |
1044 |
++out_drop_lock: |
1045 |
++ fh_unlock(fh); |
1046 |
+ fh_drop_write(fh); |
1047 |
+ out_errno: |
1048 |
+ nfserr = nfserrno(error); |
1049 |
@@ -141,9 +142,10 @@ out_errno: |
1050 |
/* |
1051 |
* Check file attributes |
1052 |
@@ -106472,7 +106867,7 @@ index 1580ea6..9c7f44f 100644 |
1053 |
sizeof(struct nfsd3_##rest##res), \ |
1054 |
0, \ |
1055 |
diff --git a/fs/nfsd/nfs3acl.c b/fs/nfsd/nfs3acl.c |
1056 |
-index 01df4cd..f11e111 100644 |
1057 |
+index 01df4cd..36a8d76 100644 |
1058 |
--- a/fs/nfsd/nfs3acl.c |
1059 |
+++ b/fs/nfsd/nfs3acl.c |
1060 |
@@ -26,9 +26,10 @@ nfsd3_proc_null(struct svc_rqst *rqstp, void *argp, void *resp) |
1061 |
@@ -106502,7 +106897,37 @@ index 01df4cd..f11e111 100644 |
1062 |
struct inode *inode; |
1063 |
svc_fh *fh; |
1064 |
__be32 nfserr = 0; |
1065 |
-@@ -125,9 +126,10 @@ out: |
1066 |
+@@ -95,22 +96,20 @@ static __be32 nfsd3_proc_setacl(struct svc_rqst * rqstp, |
1067 |
+ goto out; |
1068 |
+ |
1069 |
+ inode = d_inode(fh->fh_dentry); |
1070 |
+- if (!IS_POSIXACL(inode) || !inode->i_op->set_acl) { |
1071 |
+- error = -EOPNOTSUPP; |
1072 |
+- goto out_errno; |
1073 |
+- } |
1074 |
+ |
1075 |
+ error = fh_want_write(fh); |
1076 |
+ if (error) |
1077 |
+ goto out_errno; |
1078 |
+ |
1079 |
+- error = inode->i_op->set_acl(inode, argp->acl_access, ACL_TYPE_ACCESS); |
1080 |
++ fh_lock(fh); |
1081 |
++ |
1082 |
++ error = set_posix_acl(inode, ACL_TYPE_ACCESS, argp->acl_access); |
1083 |
+ if (error) |
1084 |
+- goto out_drop_write; |
1085 |
+- error = inode->i_op->set_acl(inode, argp->acl_default, |
1086 |
+- ACL_TYPE_DEFAULT); |
1087 |
++ goto out_drop_lock; |
1088 |
++ error = set_posix_acl(inode, ACL_TYPE_DEFAULT, argp->acl_default); |
1089 |
+ |
1090 |
+-out_drop_write: |
1091 |
++out_drop_lock: |
1092 |
++ fh_unlock(fh); |
1093 |
+ fh_drop_write(fh); |
1094 |
+ out_errno: |
1095 |
+ nfserr = nfserrno(error); |
1096 |
+@@ -125,9 +124,10 @@ out: |
1097 |
/* |
1098 |
* XDR decode functions |
1099 |
*/ |
1100 |
@@ -106515,7 +106940,7 @@ index 01df4cd..f11e111 100644 |
1101 |
p = nfs3svc_decode_fh(p, &args->fh); |
1102 |
if (!p) |
1103 |
return 0; |
1104 |
-@@ -137,9 +139,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p, |
1105 |
+@@ -137,9 +137,10 @@ static int nfs3svc_decode_getaclargs(struct svc_rqst *rqstp, __be32 *p, |
1106 |
} |
1107 |
|
1108 |
|
1109 |
@@ -106528,7 +106953,7 @@ index 01df4cd..f11e111 100644 |
1110 |
struct kvec *head = rqstp->rq_arg.head; |
1111 |
unsigned int base; |
1112 |
int n; |
1113 |
-@@ -168,9 +171,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p, |
1114 |
+@@ -168,9 +169,10 @@ static int nfs3svc_decode_setaclargs(struct svc_rqst *rqstp, __be32 *p, |
1115 |
*/ |
1116 |
|
1117 |
/* GETACL */ |
1118 |
@@ -106541,7 +106966,7 @@ index 01df4cd..f11e111 100644 |
1119 |
struct dentry *dentry = resp->fh.fh_dentry; |
1120 |
|
1121 |
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh); |
1122 |
-@@ -213,9 +217,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p, |
1123 |
+@@ -213,9 +215,10 @@ static int nfs3svc_encode_getaclres(struct svc_rqst *rqstp, __be32 *p, |
1124 |
} |
1125 |
|
1126 |
/* SETACL */ |
1127 |
@@ -106554,7 +106979,7 @@ index 01df4cd..f11e111 100644 |
1128 |
p = nfs3svc_encode_post_op_attr(rqstp, p, &resp->fh); |
1129 |
|
1130 |
return xdr_ressize_check(rqstp, p); |
1131 |
-@@ -224,9 +229,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p, |
1132 |
+@@ -224,9 +227,10 @@ static int nfs3svc_encode_setaclres(struct svc_rqst *rqstp, __be32 *p, |
1133 |
/* |
1134 |
* XDR release functions |
1135 |
*/ |
1136 |
@@ -106567,7 +106992,7 @@ index 01df4cd..f11e111 100644 |
1137 |
fh_put(&resp->fh); |
1138 |
posix_acl_release(resp->acl_access); |
1139 |
posix_acl_release(resp->acl_default); |
1140 |
-@@ -240,10 +246,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p, |
1141 |
+@@ -240,10 +244,10 @@ static int nfs3svc_release_getacl(struct svc_rqst *rqstp, __be32 *p, |
1142 |
struct nfsd3_voidargs { int dummy; }; |
1143 |
|
1144 |
#define PROC(name, argt, rest, relt, cache, respsize) \ |
1145 |
@@ -107598,6 +108023,45 @@ index 2246454..b866de8 100644 |
1146 |
fh_put(&resp->fh1); |
1147 |
fh_put(&resp->fh2); |
1148 |
return 1; |
1149 |
+diff --git a/fs/nfsd/nfs4acl.c b/fs/nfsd/nfs4acl.c |
1150 |
+index 6adabd6..71292a0 100644 |
1151 |
+--- a/fs/nfsd/nfs4acl.c |
1152 |
++++ b/fs/nfsd/nfs4acl.c |
1153 |
+@@ -770,9 +770,6 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1154 |
+ dentry = fhp->fh_dentry; |
1155 |
+ inode = d_inode(dentry); |
1156 |
+ |
1157 |
+- if (!inode->i_op->set_acl || !IS_POSIXACL(inode)) |
1158 |
+- return nfserr_attrnotsupp; |
1159 |
+- |
1160 |
+ if (S_ISDIR(inode->i_mode)) |
1161 |
+ flags = NFS4_ACL_DIR; |
1162 |
+ |
1163 |
+@@ -782,16 +779,19 @@ nfsd4_set_nfs4_acl(struct svc_rqst *rqstp, struct svc_fh *fhp, |
1164 |
+ if (host_error < 0) |
1165 |
+ goto out_nfserr; |
1166 |
+ |
1167 |
+- host_error = inode->i_op->set_acl(inode, pacl, ACL_TYPE_ACCESS); |
1168 |
++ fh_lock(fhp); |
1169 |
++ |
1170 |
++ host_error = set_posix_acl(inode, ACL_TYPE_ACCESS, pacl); |
1171 |
+ if (host_error < 0) |
1172 |
+- goto out_release; |
1173 |
++ goto out_drop_lock; |
1174 |
+ |
1175 |
+ if (S_ISDIR(inode->i_mode)) { |
1176 |
+- host_error = inode->i_op->set_acl(inode, dpacl, |
1177 |
+- ACL_TYPE_DEFAULT); |
1178 |
++ host_error = set_posix_acl(inode, ACL_TYPE_DEFAULT, dpacl); |
1179 |
+ } |
1180 |
+ |
1181 |
+-out_release: |
1182 |
++out_drop_lock: |
1183 |
++ fh_unlock(fhp); |
1184 |
++ |
1185 |
+ posix_acl_release(pacl); |
1186 |
+ posix_acl_release(dpacl); |
1187 |
+ out_nfserr: |
1188 |
diff --git a/fs/nfsd/nfs4callback.c b/fs/nfsd/nfs4callback.c |
1189 |
index 7389cb1..e031e30d 100644 |
1190 |
--- a/fs/nfsd/nfs4callback.c |
1191 |
@@ -112182,7 +112646,7 @@ index ab8dad3..932cb27 100644 |
1192 |
|
1193 |
if (!capable(CAP_SYS_RESOURCE) && size > pipe_max_size) { |
1194 |
diff --git a/fs/posix_acl.c b/fs/posix_acl.c |
1195 |
-index 711dd51..e55fd79 100644 |
1196 |
+index 711dd51..afa7a82 100644 |
1197 |
--- a/fs/posix_acl.c |
1198 |
+++ b/fs/posix_acl.c |
1199 |
@@ -20,6 +20,7 @@ |
1200 |
@@ -112262,6 +112726,74 @@ index 711dd51..e55fd79 100644 |
1201 |
acl_e->e_gid = |
1202 |
make_kgid(user_ns, |
1203 |
le32_to_cpu(entry->e_id)); |
1204 |
+@@ -786,39 +797,47 @@ posix_acl_xattr_get(const struct xattr_handler *handler, |
1205 |
+ return error; |
1206 |
+ } |
1207 |
+ |
1208 |
++int |
1209 |
++set_posix_acl(struct inode *inode, int type, struct posix_acl *acl) |
1210 |
++{ |
1211 |
++ if (!IS_POSIXACL(inode)) |
1212 |
++ return -EOPNOTSUPP; |
1213 |
++ if (!inode->i_op->set_acl) |
1214 |
++ return -EOPNOTSUPP; |
1215 |
++ |
1216 |
++ if (type == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) |
1217 |
++ return acl ? -EACCES : 0; |
1218 |
++ if (!inode_owner_or_capable(inode)) |
1219 |
++ return -EPERM; |
1220 |
++ |
1221 |
++ if (acl) { |
1222 |
++ int ret = posix_acl_valid(acl); |
1223 |
++ if (ret) |
1224 |
++ return ret; |
1225 |
++ } |
1226 |
++ return inode->i_op->set_acl(inode, acl, type); |
1227 |
++} |
1228 |
++EXPORT_SYMBOL(set_posix_acl); |
1229 |
++ |
1230 |
+ static int |
1231 |
+ posix_acl_xattr_set(const struct xattr_handler *handler, |
1232 |
+- struct dentry *dentry, const char *name, |
1233 |
+- const void *value, size_t size, int flags) |
1234 |
++ struct dentry *dentry, |
1235 |
++ const char *name, const void *value, |
1236 |
++ size_t size, int flags) |
1237 |
+ { |
1238 |
+ struct inode *inode = d_backing_inode(dentry); |
1239 |
+ struct posix_acl *acl = NULL; |
1240 |
+ int ret; |
1241 |
+ |
1242 |
+- if (!IS_POSIXACL(inode)) |
1243 |
+- return -EOPNOTSUPP; |
1244 |
+- if (!inode->i_op->set_acl) |
1245 |
+- return -EOPNOTSUPP; |
1246 |
+- |
1247 |
+- if (handler->flags == ACL_TYPE_DEFAULT && !S_ISDIR(inode->i_mode)) |
1248 |
+- return value ? -EACCES : 0; |
1249 |
+- if (!inode_owner_or_capable(inode)) |
1250 |
+- return -EPERM; |
1251 |
++ if (strcmp(name, "") != 0) |
1252 |
++ return -EINVAL; |
1253 |
+ |
1254 |
+ if (value) { |
1255 |
+ acl = posix_acl_from_xattr(&init_user_ns, value, size); |
1256 |
+ if (IS_ERR(acl)) |
1257 |
+ return PTR_ERR(acl); |
1258 |
+- |
1259 |
+- if (acl) { |
1260 |
+- ret = posix_acl_valid(acl); |
1261 |
+- if (ret) |
1262 |
+- goto out; |
1263 |
+- } |
1264 |
+ } |
1265 |
+- |
1266 |
+- ret = inode->i_op->set_acl(inode, acl, handler->flags); |
1267 |
+-out: |
1268 |
++ ret = set_posix_acl(inode, handler->flags, acl); |
1269 |
+ posix_acl_release(acl); |
1270 |
+ return ret; |
1271 |
+ } |
1272 |
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig |
1273 |
index 1ade120..a86f1a2 100644 |
1274 |
--- a/fs/proc/Kconfig |
1275 |
@@ -128108,7 +128640,7 @@ index a76c917..75d6aeb 100644 |
1276 |
asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, compat_size_t); |
1277 |
/* |
1278 |
diff --git a/include/linux/compiler-gcc.h b/include/linux/compiler-gcc.h |
1279 |
-index eeae401..c108d27 100644 |
1280 |
+index eeae401..985c04d 100644 |
1281 |
--- a/include/linux/compiler-gcc.h |
1282 |
+++ b/include/linux/compiler-gcc.h |
1283 |
@@ -116,9 +116,9 @@ |
1284 |
@@ -128124,7 +128656,7 @@ index eeae401..c108d27 100644 |
1285 |
#define __maybe_unused __attribute__((unused)) |
1286 |
#define __always_unused __attribute__((unused)) |
1287 |
|
1288 |
-@@ -184,9 +184,39 @@ |
1289 |
+@@ -184,9 +184,41 @@ |
1290 |
# define __compiletime_warning(message) __attribute__((warning(message))) |
1291 |
# define __compiletime_error(message) __attribute__((error(message))) |
1292 |
#endif /* __CHECKER__ */ |
1293 |
@@ -128153,9 +128685,11 @@ index eeae401..c108d27 100644 |
1294 |
+#define __intentional_overflow(...) __attribute__((intentional_overflow(__VA_ARGS__))) |
1295 |
+#endif |
1296 |
+ |
1297 |
++#ifndef __CHECKER__ |
1298 |
+#ifdef LATENT_ENTROPY_PLUGIN |
1299 |
+#define __latent_entropy __attribute__((latent_entropy)) |
1300 |
+#endif |
1301 |
++#endif |
1302 |
+ |
1303 |
+#ifdef INITIFY_PLUGIN |
1304 |
+#define __nocapture(...) __attribute__((nocapture(__VA_ARGS__))) |
1305 |
@@ -130605,34 +131139,24 @@ index ba7a9b0..33a0237 100644 |
1306 |
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp); |
1307 |
extern void unregister_pppox_proto(int proto_num); |
1308 |
diff --git a/include/linux/init.h b/include/linux/init.h |
1309 |
-index b449f37..61005b3 100644 |
1310 |
+index b449f37..3416791 100644 |
1311 |
--- a/include/linux/init.h |
1312 |
+++ b/include/linux/init.h |
1313 |
-@@ -37,9 +37,17 @@ |
1314 |
- * section. |
1315 |
- */ |
1316 |
+@@ -39,7 +39,7 @@ |
1317 |
|
1318 |
-+#define add_init_latent_entropy __latent_entropy |
1319 |
-+ |
1320 |
-+#ifdef CONFIG_MEMORY_HOTPLUG |
1321 |
-+#define add_meminit_latent_entropy |
1322 |
-+#else |
1323 |
-+#define add_meminit_latent_entropy __latent_entropy |
1324 |
-+#endif |
1325 |
-+ |
1326 |
/* These are for everybody (although not all archs will actually |
1327 |
discard it in modules) */ |
1328 |
-#define __init __section(.init.text) __cold notrace |
1329 |
-+#define __init __section(.init.text) __cold notrace add_init_latent_entropy |
1330 |
++#define __init __section(.init.text) __cold notrace __latent_entropy |
1331 |
#define __initdata __section(.init.data) |
1332 |
#define __initconst __constsection(.init.rodata) |
1333 |
#define __exitdata __section(.exit.data) |
1334 |
-@@ -92,7 +100,7 @@ |
1335 |
+@@ -92,7 +92,7 @@ |
1336 |
#define __exit __section(.exit.text) __exitused __cold notrace |
1337 |
|
1338 |
/* Used for MEMORY_HOTPLUG */ |
1339 |
-#define __meminit __section(.meminit.text) __cold notrace |
1340 |
-+#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy |
1341 |
++#define __meminit __section(.meminit.text) __cold notrace __latent_entropy |
1342 |
#define __meminitdata __section(.meminit.data) |
1343 |
#define __meminitconst __constsection(.meminit.rodata) |
1344 |
#define __memexit __section(.memexit.text) __exitused __cold notrace |
1345 |
@@ -132727,7 +133251,7 @@ index b2505ac..5f7ab55 100644 |
1346 |
extern bool qid_valid(struct kqid qid); |
1347 |
|
1348 |
diff --git a/include/linux/random.h b/include/linux/random.h |
1349 |
-index 9c29122..9112a5b9 100644 |
1350 |
+index 9c29122..f94151b 100644 |
1351 |
--- a/include/linux/random.h |
1352 |
+++ b/include/linux/random.h |
1353 |
@@ -18,9 +18,19 @@ struct random_ready_callback { |
1354 |
@@ -132735,14 +133259,14 @@ index 9c29122..9112a5b9 100644 |
1355 |
|
1356 |
extern void add_device_randomness(const void *, unsigned int); |
1357 |
+ |
1358 |
++#if defined(LATENT_ENTROPY_PLUGIN) && !defined(__CHECKER__) |
1359 |
+static inline void add_latent_entropy(void) |
1360 |
+{ |
1361 |
-+ |
1362 |
-+#ifdef LATENT_ENTROPY_PLUGIN |
1363 |
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); |
1364 |
-+#endif |
1365 |
-+ |
1366 |
+} |
1367 |
++#else |
1368 |
++static inline void add_latent_entropy(void) {} |
1369 |
++#endif |
1370 |
+ |
1371 |
extern void add_input_randomness(unsigned int type, unsigned int code, |
1372 |
- unsigned int value); |
1373 |
@@ -134629,10 +135153,21 @@ index 00c9d68..bc0188b 100644 |
1374 |
|
1375 |
struct tty_ldisc { |
1376 |
diff --git a/include/linux/types.h b/include/linux/types.h |
1377 |
-index 70dd3df..c61727f 100644 |
1378 |
+index 70dd3df..7950943 100644 |
1379 |
--- a/include/linux/types.h |
1380 |
+++ b/include/linux/types.h |
1381 |
-@@ -176,10 +176,26 @@ typedef struct { |
1382 |
+@@ -160,8 +160,10 @@ typedef unsigned __bitwise__ oom_flags_t; |
1383 |
+ |
1384 |
+ #ifdef CONFIG_PHYS_ADDR_T_64BIT |
1385 |
+ typedef u64 phys_addr_t; |
1386 |
++#define RESOURCE_SIZE_MAX ULLONG_MAX |
1387 |
+ #else |
1388 |
+ typedef u32 phys_addr_t; |
1389 |
++#define RESOURCE_SIZE_MAX ULONG_MAX |
1390 |
+ #endif |
1391 |
+ |
1392 |
+ typedef phys_addr_t resource_size_t; |
1393 |
+@@ -176,10 +178,26 @@ typedef struct { |
1394 |
int counter; |
1395 |
} atomic_t; |
1396 |
|
1397 |
@@ -136759,20 +137294,6 @@ index 2232080..ae4d217 100644 |
1398 |
help |
1399 |
Randomizing heap placement makes heap exploits harder, but it |
1400 |
also breaks ancient binaries (including anything libc5 based). |
1401 |
-diff --git a/init/Makefile b/init/Makefile |
1402 |
-index 7bc47ee..6da2dc7 100644 |
1403 |
---- a/init/Makefile |
1404 |
-+++ b/init/Makefile |
1405 |
-@@ -2,6 +2,9 @@ |
1406 |
- # Makefile for the linux kernel. |
1407 |
- # |
1408 |
- |
1409 |
-+ccflags-y := $(GCC_PLUGINS_CFLAGS) |
1410 |
-+asflags-y := $(GCC_PLUGINS_AFLAGS) |
1411 |
-+ |
1412 |
- obj-y := main.o version.o mounts.o |
1413 |
- ifneq ($(CONFIG_BLK_DEV_INITRD),y) |
1414 |
- obj-y += noinitramfs.o |
1415 |
diff --git a/init/do_mounts.c b/init/do_mounts.c |
1416 |
index dea5de9..497f996 100644 |
1417 |
--- a/init/do_mounts.c |
1418 |
@@ -148942,7 +149463,7 @@ index 62bbf35..04d12eb 100644 |
1419 |
struct bdi_writeback *wb = dtc->wb; |
1420 |
unsigned long write_bw = wb->avg_write_bandwidth; |
1421 |
diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
1422 |
-index 1d11790..1cc6074 100644 |
1423 |
+index 1d11790..6d640cb 100644 |
1424 |
--- a/mm/page_alloc.c |
1425 |
+++ b/mm/page_alloc.c |
1426 |
@@ -63,6 +63,7 @@ |
1427 |
@@ -148990,7 +149511,6 @@ index 1d11790..1cc6074 100644 |
1428 |
local_irq_restore(flags); |
1429 |
} |
1430 |
|
1431 |
-+#ifdef CONFIG_PAX_LATENT_ENTROPY |
1432 |
+bool __meminitdata extra_latent_entropy; |
1433 |
+ |
1434 |
+static int __init setup_pax_extra_latent_entropy(char *str) |
1435 |
@@ -149000,6 +149520,7 @@ index 1d11790..1cc6074 100644 |
1436 |
+} |
1437 |
+early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy); |
1438 |
+ |
1439 |
++#ifdef LATENT_ENTROPY_PLUGIN |
1440 |
+volatile u64 latent_entropy __latent_entropy; |
1441 |
+EXPORT_SYMBOL(latent_entropy); |
1442 |
+#endif |
1443 |
@@ -149007,11 +149528,10 @@ index 1d11790..1cc6074 100644 |
1444 |
static void __init __free_pages_boot_core(struct page *page, |
1445 |
unsigned long pfn, unsigned int order) |
1446 |
{ |
1447 |
-@@ -1059,6 +1084,19 @@ static void __init __free_pages_boot_core(struct page *page, |
1448 |
+@@ -1059,6 +1084,21 @@ static void __init __free_pages_boot_core(struct page *page, |
1449 |
__ClearPageReserved(p); |
1450 |
set_page_count(p, 0); |
1451 |
|
1452 |
-+#ifdef CONFIG_PAX_LATENT_ENTROPY |
1453 |
+ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { |
1454 |
+ u64 hash = 0; |
1455 |
+ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; |
1456 |
@@ -149019,15 +149539,18 @@ index 1d11790..1cc6074 100644 |
1457 |
+ |
1458 |
+ for (index = 0; index < end; index++) |
1459 |
+ hash ^= hash + data[index]; |
1460 |
++#ifdef LATENT_ENTROPY_PLUGIN |
1461 |
+ latent_entropy ^= hash; |
1462 |
+ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); |
1463 |
-+ } |
1464 |
++#else |
1465 |
++ add_device_randomness((const void *)&hash, sizeof(hash)); |
1466 |
+#endif |
1467 |
++ } |
1468 |
+ |
1469 |
page_zone(page)->managed_pages += nr_pages; |
1470 |
set_page_refcounted(page); |
1471 |
__free_pages(page, order); |
1472 |
-@@ -1115,7 +1153,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node, |
1473 |
+@@ -1115,7 +1155,6 @@ static inline bool __meminit meminit_pfn_in_nid(unsigned long pfn, int node, |
1474 |
} |
1475 |
#endif |
1476 |
|
1477 |
@@ -149035,7 +149558,7 @@ index 1d11790..1cc6074 100644 |
1478 |
void __init __free_pages_bootmem(struct page *page, unsigned long pfn, |
1479 |
unsigned int order) |
1480 |
{ |
1481 |
-@@ -1419,9 +1456,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags, |
1482 |
+@@ -1419,9 +1458,11 @@ static int prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags, |
1483 |
kernel_map_pages(page, 1 << order, 1); |
1484 |
kasan_alloc_pages(page, order); |
1485 |
|
1486 |
@@ -149047,7 +149570,7 @@ index 1d11790..1cc6074 100644 |
1487 |
|
1488 |
if (order && (gfp_flags & __GFP_COMP)) |
1489 |
prep_compound_page(page, order); |
1490 |
-@@ -1955,8 +1994,9 @@ static void drain_pages(unsigned int cpu) |
1491 |
+@@ -1955,8 +1996,9 @@ static void drain_pages(unsigned int cpu) |
1492 |
* The CPU has to be pinned. When zone parameter is non-NULL, spill just |
1493 |
* the single zone's pages. |
1494 |
*/ |
1495 |
@@ -149058,7 +149581,7 @@ index 1d11790..1cc6074 100644 |
1496 |
int cpu = smp_processor_id(); |
1497 |
|
1498 |
if (zone) |
1499 |
-@@ -2016,8 +2056,7 @@ void drain_all_pages(struct zone *zone) |
1500 |
+@@ -2016,8 +2058,7 @@ void drain_all_pages(struct zone *zone) |
1501 |
else |
1502 |
cpumask_clear_cpu(cpu, &cpus_with_pcps); |
1503 |
} |
1504 |
@@ -149068,7 +149591,7 @@ index 1d11790..1cc6074 100644 |
1505 |
} |
1506 |
|
1507 |
#ifdef CONFIG_HIBERNATION |
1508 |
-@@ -2289,7 +2328,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone, |
1509 |
+@@ -2289,7 +2330,7 @@ struct page *buffered_rmqueue(struct zone *preferred_zone, |
1510 |
} |
1511 |
|
1512 |
__mod_zone_page_state(zone, NR_ALLOC_BATCH, -(1 << order)); |
1513 |
@@ -149077,7 +149600,7 @@ index 1d11790..1cc6074 100644 |
1514 |
!test_bit(ZONE_FAIR_DEPLETED, &zone->flags)) |
1515 |
set_bit(ZONE_FAIR_DEPLETED, &zone->flags); |
1516 |
|
1517 |
-@@ -2506,7 +2545,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) |
1518 |
+@@ -2506,7 +2547,7 @@ static void reset_alloc_batches(struct zone *preferred_zone) |
1519 |
do { |
1520 |
mod_zone_page_state(zone, NR_ALLOC_BATCH, |
1521 |
high_wmark_pages(zone) - low_wmark_pages(zone) - |
1522 |
@@ -149086,7 +149609,7 @@ index 1d11790..1cc6074 100644 |
1523 |
clear_bit(ZONE_FAIR_DEPLETED, &zone->flags); |
1524 |
} while (zone++ != preferred_zone); |
1525 |
} |
1526 |
-@@ -6100,7 +6139,7 @@ static void __setup_per_zone_wmarks(void) |
1527 |
+@@ -6100,7 +6141,7 @@ static void __setup_per_zone_wmarks(void) |
1528 |
|
1529 |
__mod_zone_page_state(zone, NR_ALLOC_BATCH, |
1530 |
high_wmark_pages(zone) - low_wmark_pages(zone) - |
1531 |
@@ -153559,6 +154082,33 @@ index 30d875d..760f4f1 100644 |
1532 |
err_alloc: |
1533 |
return -ENOMEM; |
1534 |
} |
1535 |
+diff --git a/net/ieee802154/core.c b/net/ieee802154/core.c |
1536 |
+index c35fdfa..063ef67 100644 |
1537 |
+--- a/net/ieee802154/core.c |
1538 |
++++ b/net/ieee802154/core.c |
1539 |
+@@ -110,7 +110,7 @@ struct wpan_phy *wpan_phy_idx_to_wpan_phy(int wpan_phy_idx) |
1540 |
+ struct wpan_phy * |
1541 |
+ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size) |
1542 |
+ { |
1543 |
+- static atomic_t wpan_phy_counter = ATOMIC_INIT(0); |
1544 |
++ static atomic_unchecked_t wpan_phy_counter = ATOMIC_INIT(0); |
1545 |
+ struct cfg802154_registered_device *rdev; |
1546 |
+ size_t alloc_size; |
1547 |
+ |
1548 |
+@@ -121,11 +121,11 @@ wpan_phy_new(const struct cfg802154_ops *ops, size_t priv_size) |
1549 |
+ |
1550 |
+ rdev->ops = ops; |
1551 |
+ |
1552 |
+- rdev->wpan_phy_idx = atomic_inc_return(&wpan_phy_counter); |
1553 |
++ rdev->wpan_phy_idx = atomic_inc_return_unchecked(&wpan_phy_counter); |
1554 |
+ |
1555 |
+ if (unlikely(rdev->wpan_phy_idx < 0)) { |
1556 |
+ /* ugh, wrapped! */ |
1557 |
+- atomic_dec(&wpan_phy_counter); |
1558 |
++ atomic_dec_unchecked(&wpan_phy_counter); |
1559 |
+ kfree(rdev); |
1560 |
+ return NULL; |
1561 |
+ } |
1562 |
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
1563 |
index 5c5db66..c10a4a2 100644 |
1564 |
--- a/net/ipv4/af_inet.c |
1565 |
@@ -157793,7 +158343,7 @@ index 45da11a..ef3e5dc 100644 |
1566 |
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), |
1567 |
GFP_KERNEL); |
1568 |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c |
1569 |
-index 6b94f0b..bb0cc8b 100644 |
1570 |
+index 6b94f0b..03e9b12 100644 |
1571 |
--- a/net/netfilter/nf_conntrack_core.c |
1572 |
+++ b/net/netfilter/nf_conntrack_core.c |
1573 |
@@ -1581,7 +1581,7 @@ void *nf_ct_alloc_hashtable(unsigned int *sizep, int nulls) |
1574 |
@@ -157805,6 +158355,15 @@ index 6b94f0b..bb0cc8b 100644 |
1575 |
{ |
1576 |
int i, bucket, rc; |
1577 |
unsigned int hashsize, old_size; |
1578 |
+@@ -1780,7 +1780,7 @@ void nf_conntrack_init_end(void) |
1579 |
+ |
1580 |
+ int nf_conntrack_init_net(struct net *net) |
1581 |
+ { |
1582 |
+- static atomic64_t unique_id; |
1583 |
++ static atomic64_unchecked_t unique_id; |
1584 |
+ int ret = -ENOMEM; |
1585 |
+ int cpu; |
1586 |
+ |
1587 |
@@ -1804,7 +1804,7 @@ int nf_conntrack_init_net(struct net *net) |
1588 |
goto err_pcpu_lists; |
1589 |
|
1590 |
@@ -161469,10 +162028,42 @@ index 805681a..17a7088 100644 |
1591 |
.done = link->done, |
1592 |
}; |
1593 |
diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include |
1594 |
-index 1db6d73..0819042 100644 |
1595 |
+index 1db6d73..6e020e4 100644 |
1596 |
--- a/scripts/Kbuild.include |
1597 |
+++ b/scripts/Kbuild.include |
1598 |
-@@ -146,7 +146,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4)) |
1599 |
+@@ -107,16 +107,20 @@ as-option = $(call try-run,\ |
1600 |
+ as-instr = $(call try-run,\ |
1601 |
+ printf "%b\n" "$(1)" | $(CC) $(KBUILD_AFLAGS) -c -x assembler -o "$$TMP" -,$(2),$(3)) |
1602 |
+ |
1603 |
++# Do not attempt to build with gcc plugins during cc-option tests. |
1604 |
++# (And this uses delayed resolution so the flags will be up to date.) |
1605 |
++CC_OPTION_CFLAGS = $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) |
1606 |
++ |
1607 |
+ # cc-option |
1608 |
+ # Usage: cflags-y += $(call cc-option,-march=winchip-c6,-march=i586) |
1609 |
+ |
1610 |
+ cc-option = $(call try-run,\ |
1611 |
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) |
1612 |
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) |
1613 |
+ |
1614 |
+ # cc-option-yn |
1615 |
+ # Usage: flag := $(call cc-option-yn,-march=winchip-c6) |
1616 |
+ cc-option-yn = $(call try-run,\ |
1617 |
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) |
1618 |
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) $(1) -c -x c /dev/null -o "$$TMP",y,n) |
1619 |
+ |
1620 |
+ # cc-option-align |
1621 |
+ # Prefix align with either -falign or -malign |
1622 |
+@@ -126,7 +130,7 @@ cc-option-align = $(subst -functions=0,,\ |
1623 |
+ # cc-disable-warning |
1624 |
+ # Usage: cflags-y += $(call cc-disable-warning,unused-but-set-variable) |
1625 |
+ cc-disable-warning = $(call try-run,\ |
1626 |
+- $(CC) $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) |
1627 |
++ $(CC) $(KBUILD_CPPFLAGS) $(CC_OPTION_CFLAGS) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) |
1628 |
+ |
1629 |
+ # cc-name |
1630 |
+ # Expands to either gcc or clang |
1631 |
+@@ -146,7 +150,7 @@ cc-ifversion = $(shell [ $(cc-version) $(1) $(2) ] && echo $(3) || echo $(4)) |
1632 |
# cc-ldoption |
1633 |
# Usage: ldflags += $(call cc-ldoption, -Wl$(comma)--hash-style=both) |
1634 |
cc-ldoption = $(call try-run,\ |
1635 |
@@ -161482,17 +162073,15 @@ index 1db6d73..0819042 100644 |
1636 |
# ld-option |
1637 |
# Usage: LDFLAGS += $(call ld-option, -X) |
1638 |
diff --git a/scripts/Makefile b/scripts/Makefile |
1639 |
-index fd0d53d..1471190 100644 |
1640 |
+index fd0d53d..9364092 100644 |
1641 |
--- a/scripts/Makefile |
1642 |
+++ b/scripts/Makefile |
1643 |
-@@ -44,6 +44,7 @@ subdir-y += mod |
1644 |
- subdir-$(CONFIG_SECURITY_SELINUX) += selinux |
1645 |
- subdir-$(CONFIG_DTC) += dtc |
1646 |
+@@ -46,4 +46,4 @@ subdir-$(CONFIG_DTC) += dtc |
1647 |
subdir-$(CONFIG_GDB_SCRIPTS) += gdb |
1648 |
-+subdir-$(CONFIG_GCC_PLUGINS) += gcc-plugins |
1649 |
|
1650 |
# Let clean descend into subdirs |
1651 |
- subdir- += basic kconfig package |
1652 |
+-subdir- += basic kconfig package |
1653 |
++subdir- += basic kconfig package gcc-plugins |
1654 |
diff --git a/scripts/Makefile.build b/scripts/Makefile.build |
1655 |
index 2c47f9c..9d46008 100644 |
1656 |
--- a/scripts/Makefile.build |
1657 |
@@ -161507,16 +162096,17 @@ index 2c47f9c..9d46008 100644 |
1658 |
endif |
1659 |
|
1660 |
diff --git a/scripts/Makefile.clean b/scripts/Makefile.clean |
1661 |
-index 55c96cb..e4e88ab 100644 |
1662 |
+index 55c96cb..50616ea 100644 |
1663 |
--- a/scripts/Makefile.clean |
1664 |
+++ b/scripts/Makefile.clean |
1665 |
-@@ -38,7 +38,8 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn)) |
1666 |
+@@ -38,7 +38,9 @@ subdir-ymn := $(addprefix $(obj)/,$(subdir-ymn)) |
1667 |
__clean-files := $(extra-y) $(extra-m) $(extra-) \ |
1668 |
$(always) $(targets) $(clean-files) \ |
1669 |
$(host-progs) \ |
1670 |
- $(hostprogs-y) $(hostprogs-m) $(hostprogs-) |
1671 |
+ $(hostprogs-y) $(hostprogs-m) $(hostprogs-) \ |
1672 |
-+ $(hostlibs-y) $(hostlibs-m) $(hostlibs-) |
1673 |
++ $(hostlibs-y) $(hostlibs-m) $(hostlibs-) \ |
1674 |
++ $(hostcxxlibs-y) $(hostcxxlibs-m) |
1675 |
|
1676 |
__clean-files := $(filter-out $(no-clean-files), $(__clean-files)) |
1677 |
|
1678 |
@@ -161537,10 +162127,10 @@ index 53449a6..c1fd180 100644 |
1679 |
warning-2 += -Wdisabled-optimization |
1680 |
diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins |
1681 |
new file mode 100644 |
1682 |
-index 0000000..08d4e22 |
1683 |
+index 0000000..97e7a48 |
1684 |
--- /dev/null |
1685 |
+++ b/scripts/Makefile.gcc-plugins |
1686 |
-@@ -0,0 +1,71 @@ |
1687 |
+@@ -0,0 +1,96 @@ |
1688 |
+ifdef CONFIG_GCC_PLUGINS |
1689 |
+ __PLUGINCC := $(call cc-ifversion, -ge, 0408, $(HOSTCXX), $(HOSTCC)) |
1690 |
+ PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)") |
1691 |
@@ -161568,13 +162158,19 @@ index 0000000..08d4e22 |
1692 |
+ |
1693 |
+ gcc-plugin-y += colorize_plugin.so |
1694 |
+ |
1695 |
++ gcc-plugin-subdir-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin |
1696 |
+ gcc-plugin-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin/size_overflow_plugin.so |
1697 |
+ gcc-plugin-cflags-$(CONFIG_PAX_SIZE_OVERFLOW) += -DSIZE_OVERFLOW_PLUGIN |
1698 |
+ |
1699 |
++ gcc-plugin-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so |
1700 |
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN |
1701 |
++ gcc-plugin-cflags-$(CONFIG_GRKERNSEC_RANDSTRUCT_PERFORMANCE) += -fplugin-arg-randomize_layout_plugin-performance-mode |
1702 |
++ |
1703 |
++ |
1704 |
+ gcc-plugin-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so |
1705 |
+ gcc-plugin-cflags-$(CONFIG_PAX_LATENT_ENTROPY) += -DLATENT_ENTROPY_PLUGIN |
1706 |
+ ifdef CONFIG_PAX_LATENT_ENTROPY |
1707 |
-+ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable |
1708 |
++ DISABLE_LATENT_ENTROPY_PLUGIN += -fplugin-arg-latent_entropy_plugin-disable |
1709 |
+ endif |
1710 |
+ |
1711 |
+ gcc-plugin-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so |
1712 |
@@ -161583,6 +162179,7 @@ index 0000000..08d4e22 |
1713 |
+ gcc-plugin-y += initify_plugin.so |
1714 |
+ gcc-plugin-cflags-y += -DINITIFY_PLUGIN |
1715 |
+ |
1716 |
++ gcc-plugin-subdir-$(CONFIG_PAX_RAP) += rap_plugin |
1717 |
+ gcc-plugin-$(CONFIG_PAX_RAP) += rap_plugin/rap_plugin.so |
1718 |
+ gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -DRAP_PLUGIN -fplugin-arg-rap_plugin-check=call |
1719 |
+# gcc-plugin-cflags-$(CONFIG_PAX_RAP) += -fplugin-arg-rap_plugin-report=func,fptr,abs |
1720 |
@@ -161595,25 +162192,43 @@ index 0000000..08d4e22 |
1721 |
+ GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) |
1722 |
+ GCC_PLUGINS_AFLAGS := $(gcc-plugin-aflags-y) |
1723 |
+ |
1724 |
++ export PLUGINCC GCC_PLUGIN GCC_PLUGIN_SUBDIR GCC_PLUGINS_CFLAGS GCC_PLUGINS_AFLAGS |
1725 |
+ export DISABLE_LATENT_ENTROPY_PLUGIN RAP_PLUGIN_ABS_CFLAGS |
1726 |
+ |
1727 |
++ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) |
1728 |
++ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) |
1729 |
++ GCC_PLUGIN := $(gcc-plugin-y) |
1730 |
++ GCC_PLUGIN_SUBDIR := $(gcc-plugin-subdir-y) |
1731 |
++endif |
1732 |
++ |
1733 |
++# If plugins aren't supported, abort the build before hard-to-read compiler |
1734 |
++# errors start getting spewed by the main build. |
1735 |
++PHONY += gcc-plugins-check |
1736 |
++gcc-plugins-check: FORCE |
1737 |
++ifdef CONFIG_GCC_PLUGINS |
1738 |
+ ifeq ($(PLUGINCC),) |
1739 |
+ ifneq ($(GCC_PLUGINS_CFLAGS),) |
1740 |
+ ifeq ($(call cc-ifversion, -ge, 0405, y), y) |
1741 |
-+ PLUGINCC := $(shell $(CONFIG_SHELL) -x $(srctree)/scripts/gcc-plugin.sh "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)") |
1742 |
-+ $(warning warning, your gcc installation does not support plugins, perhaps the necessary headers are missing?) |
1743 |
++ $(Q)$(srctree)/scripts/gcc-plugin.sh --show-error "$(__PLUGINCC)" "$(HOSTCXX)" "$(CC)" || true |
1744 |
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc installation does not support plugins, perhaps the necessary headers are missing?" >&2 |
1745 |
+ else |
1746 |
-+ $(warning warning, your gcc version does not support plugins, you should upgrade it to gcc 4.5 at least) |
1747 |
++ @echo "Cannot use CONFIG_GCC_PLUGINS: your gcc version does not support plugins, you should upgrade it to at least gcc 4.5" >&2 |
1748 |
+ endif |
1749 |
-+ $(warning PAX_MEMORY_STACKLEAK and other features will be less secure) |
1750 |
++ @echo "PAX_MEMORY_STACKLEAK and other features will be less secure" >&2 && exit 1 |
1751 |
+ endif |
1752 |
+ endif |
1753 |
++endif |
1754 |
++ @: |
1755 |
+ |
1756 |
-+ KBUILD_CFLAGS += $(GCC_PLUGINS_CFLAGS) |
1757 |
-+ KBUILD_AFLAGS += $(GCC_PLUGINS_AFLAGS) |
1758 |
++# Actually do the build, if requested. |
1759 |
++PHONY += gcc-plugins |
1760 |
++gcc-plugins: scripts_basic gcc-plugins-check |
1761 |
++ifdef CONFIG_GCC_PLUGINS |
1762 |
++ $(Q)$(MAKE) $(build)=scripts/gcc-plugins |
1763 |
+endif |
1764 |
++ @: |
1765 |
diff --git a/scripts/Makefile.host b/scripts/Makefile.host |
1766 |
-index 133edfa..3439bd8 100644 |
1767 |
+index 133edfa..ac03751 100644 |
1768 |
--- a/scripts/Makefile.host |
1769 |
+++ b/scripts/Makefile.host |
1770 |
@@ -20,7 +20,25 @@ |
1771 |
@@ -161672,7 +162287,7 @@ index 133edfa..3439bd8 100644 |
1772 |
host-objdirs := $(addprefix $(obj)/,$(host-objdirs)) |
1773 |
|
1774 |
obj-dirs += $(host-objdirs) |
1775 |
-@@ -124,5 +158,39 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ |
1776 |
+@@ -124,5 +158,42 @@ quiet_cmd_host-cxxobjs = HOSTCXX $@ |
1777 |
$(host-cxxobjs): $(obj)/%.o: $(src)/%.cc FORCE |
1778 |
$(call if_changed_dep,host-cxxobjs) |
1779 |
|
1780 |
@@ -161684,6 +162299,9 @@ index 133edfa..3439bd8 100644 |
1781 |
+ $(call if_changed_dep,host-cshobjs) |
1782 |
+ |
1783 |
+# Compile .c file, create position independent .o file |
1784 |
++# Note that plugin capable gcc versions can be either C or C++ based |
1785 |
++# therefore plugin source files have to be compilable in both C and C++ mode. |
1786 |
++# This is why a C++ compiler is invoked on a .c file. |
1787 |
+# host-cxxshobjs -> .o |
1788 |
+quiet_cmd_host-cxxshobjs = HOSTCXX -fPIC $@ |
1789 |
+ cmd_host-cxxshobjs = $(HOSTCXX) $(hostcxx_flags) -fPIC -c -o $@ $< |
1790 |
@@ -161698,7 +162316,7 @@ index 133edfa..3439bd8 100644 |
1791 |
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) |
1792 |
+$(host-cshlib): FORCE |
1793 |
+ $(call if_changed,host-cshlib) |
1794 |
-+$(call multi_depend, $(host-cshlib), .so, -objs -cshobjs) |
1795 |
++$(call multi_depend, $(host-cshlib), .so, -objs) |
1796 |
+ |
1797 |
+# Link a shared library, based on position independent .o files |
1798 |
+# *.o -> .so shared library (host-cxxshlib) |
1799 |
@@ -161708,7 +162326,7 @@ index 133edfa..3439bd8 100644 |
1800 |
+ $(HOST_LOADLIBES) $(HOSTLOADLIBES_$(@F)) |
1801 |
+$(host-cxxshlib): FORCE |
1802 |
+ $(call if_changed,host-cxxshlib) |
1803 |
-+$(call multi_depend, $(host-cxxshlib), .so, -objs -cxxshobjs) |
1804 |
++$(call multi_depend, $(host-cxxshlib), .so, -objs) |
1805 |
+ |
1806 |
targets += $(host-csingle) $(host-cmulti) $(host-cobjs)\ |
1807 |
- $(host-cxxmulti) $(host-cxxobjs) |
1808 |
@@ -161917,12 +162535,19 @@ index e229b84..7141e8e 100644 |
1809 |
while (get_node_by_phandle(root, phandle)) |
1810 |
diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh |
1811 |
new file mode 100644 |
1812 |
-index 0000000..fb92075 |
1813 |
+index 0000000..b65224b |
1814 |
--- /dev/null |
1815 |
+++ b/scripts/gcc-plugin.sh |
1816 |
-@@ -0,0 +1,51 @@ |
1817 |
+@@ -0,0 +1,65 @@ |
1818 |
+#!/bin/sh |
1819 |
+srctree=$(dirname "$0") |
1820 |
++ |
1821 |
++SHOW_ERROR= |
1822 |
++if [ "$1" = "--show-error" ] ; then |
1823 |
++ SHOW_ERROR=1 |
1824 |
++ shift || true |
1825 |
++fi |
1826 |
++ |
1827 |
+gccplugins_dir=$($3 -print-file-name=plugin) |
1828 |
+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/gcc-plugins -I"${gccplugins_dir}"/include 2>&1 <<EOF |
1829 |
+#include "gcc-common.h" |
1830 |
@@ -161936,6 +162561,9 @@ index 0000000..fb92075 |
1831 |
+ |
1832 |
+if [ $? -ne 0 ] |
1833 |
+then |
1834 |
++ if [ -n "$SHOW_ERROR" ] ; then |
1835 |
++ echo "${plugincc}" >&2 |
1836 |
++ fi |
1837 |
+ exit 1 |
1838 |
+fi |
1839 |
+ |
1840 |
@@ -161971,6 +162599,10 @@ index 0000000..fb92075 |
1841 |
+ echo "$2" |
1842 |
+ exit 0 |
1843 |
+fi |
1844 |
++ |
1845 |
++if [ -n "$SHOW_ERROR" ] ; then |
1846 |
++ echo "${plugincc}" >&2 |
1847 |
++fi |
1848 |
+exit 1 |
1849 |
diff --git a/scripts/gcc-plugins/.gitignore b/scripts/gcc-plugins/.gitignore |
1850 |
new file mode 100644 |
1851 |
@@ -161981,67 +162613,45 @@ index 0000000..de92ed9 |
1852 |
+randomize_layout_seed.h |
1853 |
diff --git a/scripts/gcc-plugins/Makefile b/scripts/gcc-plugins/Makefile |
1854 |
new file mode 100644 |
1855 |
-index 0000000..ad7ca02 |
1856 |
+index 0000000..ec5bc00 |
1857 |
--- /dev/null |
1858 |
+++ b/scripts/gcc-plugins/Makefile |
1859 |
-@@ -0,0 +1,57 @@ |
1860 |
-+#CC := gcc |
1861 |
-+#PLUGIN_SOURCE_FILES := pax_plugin.c |
1862 |
-+#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) |
1863 |
-+GCCPLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) |
1864 |
-+#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 |
1865 |
+@@ -0,0 +1,35 @@ |
1866 |
++GCC_PLUGINS_DIR := $(shell $(CC) -print-file-name=plugin) |
1867 |
+ |
1868 |
+ifeq ($(PLUGINCC),$(HOSTCC)) |
1869 |
-+HOSTLIBS := hostlibs |
1870 |
-+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W |
1871 |
-+export HOST_EXTRACFLAGS |
1872 |
++ HOSTLIBS := hostlibs |
1873 |
++ HOST_EXTRACFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu99 -ggdb -Wall -W |
1874 |
++ export HOST_EXTRACFLAGS |
1875 |
+else |
1876 |
-+HOSTLIBS := hostcxxlibs |
1877 |
-+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti -fno-exceptions -fasynchronous-unwind-tables -ggdb -Wall -W -Wno-unused-parameter -Wno-narrowing -Wno-unused-variable |
1878 |
-+export HOST_EXTRACXXFLAGS |
1879 |
++ HOSTLIBS := hostcxxlibs |
1880 |
++ HOST_EXTRACXXFLAGS += -I$(GCC_PLUGINS_DIR)/include -I$(src) -std=gnu++98 -fno-rtti |
1881 |
++ HOST_EXTRACXXFLAGS += -fno-exceptions -fasynchronous-unwind-tables -ggdb |
1882 |
++ HOST_EXTRACXXFLAGS += -Wno-narrowing -Wno-unused-variable |
1883 |
++ HOST_EXTRACXXFLAGS += -Wall -W -Wno-unused-parameter |
1884 |
++ export HOST_EXTRACXXFLAGS |
1885 |
+endif |
1886 |
+ |
1887 |
-+export GCCPLUGINS_DIR HOSTLIBS |
1888 |
-+ |
1889 |
-+$(HOSTLIBS)-$(CONFIG_PAX_CONSTIFY_PLUGIN) := constify_plugin.so |
1890 |
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so |
1891 |
-+$(HOSTLIBS)-$(CONFIG_KALLOCSTAT_PLUGIN) += kallocstat_plugin.so |
1892 |
-+$(HOSTLIBS)-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so |
1893 |
-+$(HOSTLIBS)-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so |
1894 |
-+$(HOSTLIBS)-y += colorize_plugin.so |
1895 |
-+$(HOSTLIBS)-$(CONFIG_PAX_LATENT_ENTROPY) += latent_entropy_plugin.so |
1896 |
-+$(HOSTLIBS)-$(CONFIG_PAX_MEMORY_STRUCTLEAK) += structleak_plugin.so |
1897 |
-+$(HOSTLIBS)-y += initify_plugin.so |
1898 |
-+$(HOSTLIBS)-$(CONFIG_GRKERNSEC_RANDSTRUCT) += randomize_layout_plugin.so |
1899 |
-+ |
1900 |
-+subdir-$(CONFIG_PAX_SIZE_OVERFLOW) := size_overflow_plugin |
1901 |
-+subdir- += size_overflow_plugin |
1902 |
-+ |
1903 |
-+subdir-$(CONFIG_PAX_RAP) += rap_plugin |
1904 |
-+subdir- += rap_plugin |
1905 |
++export HOSTLIBS |
1906 |
+ |
1907 |
++$(HOSTLIBS)-y := $(foreach p,$(GCC_PLUGIN),$(if $(findstring /,$(p)),,$(p))) |
1908 |
+always := $($(HOSTLIBS)-y) |
1909 |
-+ |
1910 |
-+constify_plugin-objs := constify_plugin.o |
1911 |
-+stackleak_plugin-objs := stackleak_plugin.o |
1912 |
-+kallocstat_plugin-objs := kallocstat_plugin.o |
1913 |
-+kernexec_plugin-objs := kernexec_plugin.o |
1914 |
-+checker_plugin-objs := checker_plugin.o |
1915 |
-+colorize_plugin-objs := colorize_plugin.o |
1916 |
-+latent_entropy_plugin-objs := latent_entropy_plugin.o |
1917 |
-+structleak_plugin-objs := structleak_plugin.o |
1918 |
-+initify_plugin-objs := initify_plugin.o |
1919 |
-+randomize_layout_plugin-objs := randomize_layout_plugin.o |
1920 |
++$(foreach p,$($(HOSTLIBS)-y:%.so=%),$(eval $(p)-objs := $(p).o)) |
1921 |
+ |
1922 |
+$(obj)/randomize_layout_plugin.o: $(objtree)/$(obj)/randomize_layout_seed.h |
1923 |
+ |
1924 |
+quiet_cmd_create_randomize_layout_seed = GENSEED $@ |
1925 |
-+ cmd_create_randomize_layout_seed = \ |
1926 |
++ cmd_create_randomize_layout_seed = \ |
1927 |
+ $(CONFIG_SHELL) $(srctree)/$(src)/gen-random-seed.sh $@ $(objtree)/include/generated/randomize_layout_hash.h |
1928 |
+$(objtree)/$(obj)/randomize_layout_seed.h: FORCE |
1929 |
+ $(call if_changed,create_randomize_layout_seed) |
1930 |
-+ |
1931 |
++ |
1932 |
+targets += randomize_layout_seed.h randomize_layout_hash.h |
1933 |
++ |
1934 |
++subdir-y := $(GCC_PLUGIN_SUBDIR) |
1935 |
++subdir- += $(GCC_PLUGIN_SUBDIR) |
1936 |
++ |
1937 |
++clean-files += *.so |
1938 |
diff --git a/scripts/gcc-plugins/checker_plugin.c b/scripts/gcc-plugins/checker_plugin.c |
1939 |
new file mode 100644 |
1940 |
index 0000000..efaf576 |
1941 |
@@ -167639,14 +168249,16 @@ index 0000000..a716d7a |
1942 |
+} |
1943 |
diff --git a/scripts/gcc-plugins/rap_plugin/Makefile b/scripts/gcc-plugins/rap_plugin/Makefile |
1944 |
new file mode 100644 |
1945 |
-index 0000000..8171be8 |
1946 |
+index 0000000..f2a0a03 |
1947 |
--- /dev/null |
1948 |
+++ b/scripts/gcc-plugins/rap_plugin/Makefile |
1949 |
-@@ -0,0 +1,4 @@ |
1950 |
+@@ -0,0 +1,6 @@ |
1951 |
+$(HOSTLIBS)-$(CONFIG_PAX_RAP) += rap_plugin.so |
1952 |
+always := $($(HOSTLIBS)-y) |
1953 |
+ |
1954 |
+rap_plugin-objs := $(patsubst $(srctree)/$(src)/%.c,%.o,$(wildcard $(srctree)/$(src)/*.c)) |
1955 |
++ |
1956 |
++clean-files += *.so |
1957 |
diff --git a/scripts/gcc-plugins/rap_plugin/rap.h b/scripts/gcc-plugins/rap_plugin/rap.h |
1958 |
new file mode 100644 |
1959 |
index 0000000..f6a284d |
1960 |
@@ -168933,10 +169545,10 @@ index 0000000..c4b24b9 |
1961 |
+size_overflow_hash_aux.h |
1962 |
diff --git a/scripts/gcc-plugins/size_overflow_plugin/Makefile b/scripts/gcc-plugins/size_overflow_plugin/Makefile |
1963 |
new file mode 100644 |
1964 |
-index 0000000..f74d85a |
1965 |
+index 0000000..a6418b4 |
1966 |
--- /dev/null |
1967 |
+++ b/scripts/gcc-plugins/size_overflow_plugin/Makefile |
1968 |
-@@ -0,0 +1,28 @@ |
1969 |
+@@ -0,0 +1,30 @@ |
1970 |
+HOST_EXTRACXXFLAGS += $(call hostcc-option, -fno-ipa-icf) |
1971 |
+ |
1972 |
+$(HOSTLIBS)-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so |
1973 |
@@ -168965,6 +169577,8 @@ index 0000000..f74d85a |
1974 |
+ $(call if_changed,build_disable_size_overflow_hash) |
1975 |
+ |
1976 |
+targets += size_overflow_hash.h size_overflow_hash_aux.h disable_size_overflow_hash.h |
1977 |
++ |
1978 |
++clean-files += *.so |
1979 |
diff --git a/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data b/scripts/gcc-plugins/size_overflow_plugin/disable_size_overflow_hash.data |
1980 |
new file mode 100644 |
1981 |
index 0000000..e0a04a1 |
1982 |
@@ -210718,10 +211332,10 @@ index 23ba1c6..cad2484 100755 |
1983 |
# Find all available archs |
1984 |
find_all_archs() |
1985 |
diff --git a/security/Kconfig b/security/Kconfig |
1986 |
-index e452378..8059bd2 100644 |
1987 |
+index e452378..e634654 100644 |
1988 |
--- a/security/Kconfig |
1989 |
+++ b/security/Kconfig |
1990 |
-@@ -4,6 +4,993 @@ |
1991 |
+@@ -4,6 +4,994 @@ |
1992 |
|
1993 |
menu "Security options" |
1994 |
|
1995 |
@@ -211673,7 +212287,8 @@ index e452378..8059bd2 100644 |
1996 |
+ extract some entropy from both original and artificially created |
1997 |
+ program state. This will help especially embedded systems where |
1998 |
+ there is little 'natural' source of entropy normally. The cost |
1999 |
-+ is some slowdown of the boot process and fork and irq processing. |
2000 |
++ is some slowdown of the boot process (about 0.5%) and fork and |
2001 |
++ irq processing. |
2002 |
+ |
2003 |
+ When pax_extra_latent_entropy is passed on the kernel command line, |
2004 |
+ entropy will be extracted from up to the first 4GB of RAM while the |
2005 |
@@ -211715,7 +212330,7 @@ index e452378..8059bd2 100644 |
2006 |
source security/keys/Kconfig |
2007 |
|
2008 |
config SECURITY_DMESG_RESTRICT |
2009 |
-@@ -104,7 +1091,7 @@ config INTEL_TXT |
2010 |
+@@ -104,7 +1092,7 @@ config INTEL_TXT |
2011 |
config LSM_MMAP_MIN_ADDR |
2012 |
int "Low address space for LSM to protect from user allocation" |
2013 |
depends on SECURITY && SECURITY_SELINUX |