Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-patchset:master commit in: 3.14.17/, 3.2.62/
Date: Sat, 30 Aug 2014 12:13:25
Message-Id: 1409400940.8b190d8626dc2dd20eed2de289980bc5539492fb.blueness@gentoo
1 commit: 8b190d8626dc2dd20eed2de289980bc5539492fb
2 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3 AuthorDate: Sat Aug 30 12:15:40 2014 +0000
4 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5 CommitDate: Sat Aug 30 12:15:40 2014 +0000
6 URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=8b190d86
7
8 Grsec/PaX: 3.0-{3.2.62,3.14.17}-201408260041
9
10 ---
11 3.14.17/0000_README | 2 +-
12 ...4420_grsecurity-3.0-3.14.17-201408260041.patch} | 281 ++++++++++++--------
13 3.14.17/4465_selinux-avc_audit-log-curr_ip.patch | 2 +-
14 3.2.62/0000_README | 2 +-
15 ... 4420_grsecurity-3.0-3.2.62-201408260037.patch} | 288 +++++++++++++--------
16 5 files changed, 357 insertions(+), 218 deletions(-)
17
18 diff --git a/3.14.17/0000_README b/3.14.17/0000_README
19 index 2ab1642..4ec94f3 100644
20 --- a/3.14.17/0000_README
21 +++ b/3.14.17/0000_README
22 @@ -2,7 +2,7 @@ README
23 -----------------------------------------------------------------------------
24 Individual Patch Descriptions:
25 -----------------------------------------------------------------------------
26 -Patch: 4420_grsecurity-3.0-3.14.17-201408212334.patch
27 +Patch: 4420_grsecurity-3.0-3.14.17-201408260041.patch
28 From: http://www.grsecurity.net
29 Desc: hardened-sources base patch from upstream grsecurity
30
31
32 diff --git a/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch b/3.14.17/4420_grsecurity-3.0-3.14.17-201408260041.patch
33 similarity index 99%
34 rename from 3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
35 rename to 3.14.17/4420_grsecurity-3.0-3.14.17-201408260041.patch
36 index bf6a578..c27879a 100644
37 --- a/3.14.17/4420_grsecurity-3.0-3.14.17-201408212334.patch
38 +++ b/3.14.17/4420_grsecurity-3.0-3.14.17-201408260041.patch
39 @@ -65771,7 +65771,7 @@ index 467bb1c..cf9d65a 100644
40 return -EINVAL;
41
42 diff --git a/fs/seq_file.c b/fs/seq_file.c
43 -index 1d641bb..c2f4743 100644
44 +index 1d641bb..9ca7f61 100644
45 --- a/fs/seq_file.c
46 +++ b/fs/seq_file.c
47 @@ -10,6 +10,8 @@
48 @@ -65864,6 +65864,15 @@ index 1d641bb..c2f4743 100644
49 int res = -ENOMEM;
50
51 if (op) {
52 +@@ -605,7 +620,7 @@ EXPORT_SYMBOL(single_open);
53 + int single_open_size(struct file *file, int (*show)(struct seq_file *, void *),
54 + void *data, size_t size)
55 + {
56 +- char *buf = kmalloc(size, GFP_KERNEL);
57 ++ char *buf = kmalloc(size, GFP_KERNEL | GFP_USERCOPY);
58 + int ret;
59 + if (!buf)
60 + return -ENOMEM;
61 @@ -620,6 +635,17 @@ int single_open_size(struct file *file, int (*show)(struct seq_file *, void *),
62 }
63 EXPORT_SYMBOL(single_open_size);
64 @@ -70448,10 +70457,10 @@ index 0000000..18ffbbd
65 +}
66 diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
67 new file mode 100644
68 -index 0000000..bdd51ea
69 +index 0000000..1a94c11
70 --- /dev/null
71 +++ b/grsecurity/gracl_cap.c
72 -@@ -0,0 +1,110 @@
73 +@@ -0,0 +1,127 @@
74 +#include <linux/kernel.h>
75 +#include <linux/module.h>
76 +#include <linux/sched.h>
77 @@ -70462,6 +70471,29 @@ index 0000000..bdd51ea
78 +extern const char *captab_log[];
79 +extern int captab_log_entries;
80 +
81 ++int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap)
82 ++{
83 ++ struct acl_subject_label *curracl;
84 ++
85 ++ if (!gr_acl_is_enabled())
86 ++ return 1;
87 ++
88 ++ curracl = task->acl;
89 ++
90 ++ if (curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
91 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
92 ++ task->role->roletype, GR_GLOBAL_UID(cred->uid),
93 ++ GR_GLOBAL_GID(cred->gid), task->exec_file ?
94 ++ gr_to_filename(task->exec_file->f_path.dentry,
95 ++ task->exec_file->f_path.mnt) : curracl->filename,
96 ++ curracl->filename, 0UL,
97 ++ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
98 ++ return 1;
99 ++ }
100 ++
101 ++ return 0;
102 ++}
103 ++
104 +int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap)
105 +{
106 + struct acl_subject_label *curracl;
107 @@ -70498,19 +70530,13 @@ index 0000000..bdd51ea
108 + return 1;
109 + }
110 +
111 -+ curracl = task->acl;
112 -+
113 -+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
114 -+ && cap_raised(cred->cap_effective, cap)) {
115 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
116 -+ task->role->roletype, GR_GLOBAL_UID(cred->uid),
117 -+ GR_GLOBAL_GID(cred->gid), task->exec_file ?
118 -+ gr_to_filename(task->exec_file->f_path.dentry,
119 -+ task->exec_file->f_path.mnt) : curracl->filename,
120 -+ curracl->filename, 0UL,
121 -+ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
122 ++ /* only learn the capability use if the process has the capability in the
123 ++ general case, the two uses in sys.c of gr_learn_cap are an exception
124 ++ to this rule to ensure any role transition involves what the full-learned
125 ++ policy believes in a privileged process
126 ++ */
127 ++ if (cap_raised(cred->cap_effective, cap) && gr_learn_cap(task, cred, cap))
128 + return 1;
129 -+ }
130 +
131 + if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
132 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
133 @@ -74533,10 +74559,10 @@ index 0000000..baa635c
134 +}
135 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
136 new file mode 100644
137 -index 0000000..4d6fce8
138 +index 0000000..1e028d7
139 --- /dev/null
140 +++ b/grsecurity/grsec_disabled.c
141 -@@ -0,0 +1,433 @@
142 +@@ -0,0 +1,439 @@
143 +#include <linux/kernel.h>
144 +#include <linux/module.h>
145 +#include <linux/sched.h>
146 @@ -74578,6 +74604,12 @@ index 0000000..4d6fce8
147 + return 0;
148 +}
149 +
150 ++int
151 ++gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap)
152 ++{
153 ++ return 0;
154 ++}
155 ++
156 +void
157 +gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
158 +{
159 @@ -77219,10 +77251,10 @@ index 0000000..61b514e
160 +EXPORT_SYMBOL_GPL(gr_log_timechange);
161 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
162 new file mode 100644
163 -index 0000000..ee57dcf
164 +index 0000000..d1953de
165 --- /dev/null
166 +++ b/grsecurity/grsec_tpe.c
167 -@@ -0,0 +1,73 @@
168 +@@ -0,0 +1,78 @@
169 +#include <linux/kernel.h>
170 +#include <linux/sched.h>
171 +#include <linux/file.h>
172 @@ -77236,6 +77268,7 @@ index 0000000..ee57dcf
173 +{
174 +#ifdef CONFIG_GRKERNSEC
175 + struct inode *inode = file->f_path.dentry->d_parent->d_inode;
176 ++ struct inode *file_inode = file->f_path.dentry->d_inode;
177 + const struct cred *cred = current_cred();
178 + char *msg = NULL;
179 + char *msg2 = NULL;
180 @@ -77268,6 +77301,8 @@ index 0000000..ee57dcf
181 + msg2 = "file in world-writable directory";
182 + else if (inode->i_mode & S_IWGRP)
183 + msg2 = "file in group-writable directory";
184 ++ else if (file_inode->i_mode & S_IWOTH)
185 ++ msg2 = "file is world-writable";
186 +
187 + if (msg && msg2) {
188 + char fullmsg[70] = {0};
189 @@ -77287,6 +77322,8 @@ index 0000000..ee57dcf
190 + msg = "file in world-writable directory";
191 + else if (inode->i_mode & S_IWGRP)
192 + msg = "file in group-writable directory";
193 ++ else if (file_inode->i_mode & S_IWOTH)
194 ++ msg = "file is world-writable";
195 +
196 + if (msg) {
197 + gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, msg, file->f_path.dentry, file->f_path.mnt);
198 @@ -80340,10 +80377,10 @@ index 0000000..b02ba9d
199 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
200 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
201 new file mode 100644
202 -index 0000000..b87dd26
203 +index 0000000..acda855
204 --- /dev/null
205 +++ b/include/linux/grsecurity.h
206 -@@ -0,0 +1,252 @@
207 +@@ -0,0 +1,254 @@
208 +#ifndef GR_SECURITY_H
209 +#define GR_SECURITY_H
210 +#include <linux/fs.h>
211 @@ -80383,6 +80420,8 @@ index 0000000..b87dd26
212 +int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
213 +int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
214 +
215 ++int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
216 ++
217 +void gr_del_task_from_ip_table(struct task_struct *p);
218 +
219 +int gr_pid_is_chrooted(struct task_struct *p);
220 @@ -86311,10 +86350,25 @@ index 1191a44..7c81292 100644
221 +}
222 +EXPORT_SYMBOL(capable_wrt_inode_uidgid_nolog);
223 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
224 -index 0c753dd..dd7d3d6 100644
225 +index 0c753dd..3ce8cca 100644
226 --- a/kernel/cgroup.c
227 +++ b/kernel/cgroup.c
228 -@@ -5372,7 +5372,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
229 +@@ -5190,6 +5190,14 @@ static void cgroup_release_agent(struct work_struct *work)
230 + release_list);
231 + list_del_init(&cgrp->release_list);
232 + raw_spin_unlock(&release_list_lock);
233 ++
234 ++ /*
235 ++ * don't bother calling call_usermodehelper if we haven't
236 ++ * configured a binary to execute
237 ++ */
238 ++ if (cgrp->root->release_agent_path[0] == '\0')
239 ++ goto continue_free;
240 ++
241 + pathbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
242 + if (!pathbuf)
243 + goto continue_free;
244 +@@ -5372,7 +5380,7 @@ static int cgroup_css_links_read(struct seq_file *seq, void *v)
245 struct css_set *cset = link->cset;
246 struct task_struct *task;
247 int count = 0;
248 @@ -90941,7 +90995,7 @@ index 490fcbb..1e502c6 100644
249 .thread_should_run = ksoftirqd_should_run,
250 .thread_fn = run_ksoftirqd,
251 diff --git a/kernel/sys.c b/kernel/sys.c
252 -index c0a58be..784c618 100644
253 +index c0a58be..95e292b 100644
254 --- a/kernel/sys.c
255 +++ b/kernel/sys.c
256 @@ -148,6 +148,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
257 @@ -90957,17 +91011,28 @@ index c0a58be..784c618 100644
258 no_nice = security_task_setnice(p, niceval);
259 if (no_nice) {
260 error = no_nice;
261 -@@ -351,6 +357,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
262 +@@ -351,6 +357,20 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
263 goto error;
264 }
265
266 + if (gr_check_group_change(new->gid, new->egid, INVALID_GID))
267 + goto error;
268 +
269 ++ if (!gid_eq(new->gid, old->gid)) {
270 ++ /* make sure we generate a learn log for what will
271 ++ end up being a role transition after a full-learning
272 ++ policy is generated
273 ++ CAP_SETGID is required to perform a transition
274 ++ we may not log a CAP_SETGID check above, e.g.
275 ++ in the case where new rgid = old egid
276 ++ */
277 ++ gr_learn_cap(current, new, CAP_SETGID);
278 ++ }
279 ++
280 if (rgid != (gid_t) -1 ||
281 (egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
282 new->sgid = new->egid;
283 -@@ -386,6 +395,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
284 +@@ -386,6 +406,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
285 old = current_cred();
286
287 retval = -EPERM;
288 @@ -90978,7 +91043,7 @@ index c0a58be..784c618 100644
289 if (ns_capable(old->user_ns, CAP_SETGID))
290 new->gid = new->egid = new->sgid = new->fsgid = kgid;
291 else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
292 -@@ -403,7 +416,7 @@ error:
293 +@@ -403,7 +427,7 @@ error:
294 /*
295 * change the user struct in a credentials set to match the new UID
296 */
297 @@ -90987,7 +91052,7 @@ index c0a58be..784c618 100644
298 {
299 struct user_struct *new_user;
300
301 -@@ -483,6 +496,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
302 +@@ -483,7 +507,18 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
303 goto error;
304 }
305
306 @@ -90995,9 +91060,18 @@ index c0a58be..784c618 100644
307 + goto error;
308 +
309 if (!uid_eq(new->uid, old->uid)) {
310 ++ /* make sure we generate a learn log for what will
311 ++ end up being a role transition after a full-learning
312 ++ policy is generated
313 ++ CAP_SETUID is required to perform a transition
314 ++ we may not log a CAP_SETUID check above, e.g.
315 ++ in the case where new ruid = old euid
316 ++ */
317 ++ gr_learn_cap(current, new, CAP_SETUID);
318 retval = set_user(new);
319 if (retval < 0)
320 -@@ -533,6 +549,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
321 + goto error;
322 +@@ -533,6 +568,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
323 old = current_cred();
324
325 retval = -EPERM;
326 @@ -91010,7 +91084,7 @@ index c0a58be..784c618 100644
327 if (ns_capable(old->user_ns, CAP_SETUID)) {
328 new->suid = new->uid = kuid;
329 if (!uid_eq(kuid, old->uid)) {
330 -@@ -602,6 +624,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
331 +@@ -602,6 +643,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
332 goto error;
333 }
334
335 @@ -91020,7 +91094,7 @@ index c0a58be..784c618 100644
336 if (ruid != (uid_t) -1) {
337 new->uid = kruid;
338 if (!uid_eq(kruid, old->uid)) {
339 -@@ -684,6 +709,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
340 +@@ -684,6 +728,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
341 goto error;
342 }
343
344 @@ -91030,7 +91104,7 @@ index c0a58be..784c618 100644
345 if (rgid != (gid_t) -1)
346 new->gid = krgid;
347 if (egid != (gid_t) -1)
348 -@@ -745,12 +773,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
349 +@@ -745,12 +792,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
350 uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
351 ns_capable(old->user_ns, CAP_SETUID)) {
352 if (!uid_eq(kuid, old->fsuid)) {
353 @@ -91047,7 +91121,7 @@ index c0a58be..784c618 100644
354 abort_creds(new);
355 return old_fsuid;
356
357 -@@ -783,12 +815,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
358 +@@ -783,12 +834,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
359 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
360 gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
361 ns_capable(old->user_ns, CAP_SETGID)) {
362 @@ -91064,7 +91138,7 @@ index c0a58be..784c618 100644
363 abort_creds(new);
364 return old_fsgid;
365
366 -@@ -1167,19 +1203,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
367 +@@ -1167,19 +1222,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
368 return -EFAULT;
369
370 down_read(&uts_sem);
371 @@ -91089,7 +91163,7 @@ index c0a58be..784c618 100644
372 __OLD_UTS_LEN);
373 error |= __put_user(0, name->machine + __OLD_UTS_LEN);
374 up_read(&uts_sem);
375 -@@ -1381,6 +1417,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
376 +@@ -1381,6 +1436,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
377 */
378 new_rlim->rlim_cur = 1;
379 }
380 @@ -94354,7 +94428,7 @@ index b1eb536..091d154 100644
381 capable(CAP_IPC_LOCK))
382 ret = do_mlockall(flags);
383 diff --git a/mm/mmap.c b/mm/mmap.c
384 -index 20ff0c3..a9eda98 100644
385 +index 20ff0c3..005dc47 100644
386 --- a/mm/mmap.c
387 +++ b/mm/mmap.c
388 @@ -36,6 +36,7 @@
389 @@ -94427,15 +94501,20 @@ index 20ff0c3..a9eda98 100644
390 if (vma->vm_ops && vma->vm_ops->close)
391 vma->vm_ops->close(vma);
392 if (vma->vm_file)
393 -@@ -290,6 +312,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
394 +@@ -290,6 +312,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
395 * not page aligned -Ram Gupta
396 */
397 rlim = rlimit(RLIMIT_DATA);
398 ++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
399 ++ /* force a minimum 16MB brk heap on setuid/setgid binaries */
400 ++ if (rlim < PAGE_SIZE && (get_dumpable(mm) != SUID_DUMP_USER) && gr_is_global_nonroot(current_uid()))
401 ++ rlim = 4096 * PAGE_SIZE;
402 ++#endif
403 + gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
404 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
405 (mm->end_data - mm->start_data) > rlim)
406 goto out;
407 -@@ -940,6 +963,12 @@ static int
408 +@@ -940,6 +968,12 @@ static int
409 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
410 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
411 {
412 @@ -94448,7 +94527,7 @@ index 20ff0c3..a9eda98 100644
413 if (is_mergeable_vma(vma, file, vm_flags) &&
414 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
415 if (vma->vm_pgoff == vm_pgoff)
416 -@@ -959,6 +988,12 @@ static int
417 +@@ -959,6 +993,12 @@ static int
418 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
419 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
420 {
421 @@ -94461,7 +94540,7 @@ index 20ff0c3..a9eda98 100644
422 if (is_mergeable_vma(vma, file, vm_flags) &&
423 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
424 pgoff_t vm_pglen;
425 -@@ -1001,13 +1036,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
426 +@@ -1001,13 +1041,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
427 struct vm_area_struct *vma_merge(struct mm_struct *mm,
428 struct vm_area_struct *prev, unsigned long addr,
429 unsigned long end, unsigned long vm_flags,
430 @@ -94483,7 +94562,7 @@ index 20ff0c3..a9eda98 100644
431 /*
432 * We later require that vma->vm_flags == vm_flags,
433 * so this tests vma->vm_flags & VM_SPECIAL, too.
434 -@@ -1023,6 +1065,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
435 +@@ -1023,6 +1070,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
436 if (next && next->vm_end == end) /* cases 6, 7, 8 */
437 next = next->vm_next;
438
439 @@ -94499,7 +94578,7 @@ index 20ff0c3..a9eda98 100644
440 /*
441 * Can it merge with the predecessor?
442 */
443 -@@ -1042,9 +1093,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
444 +@@ -1042,9 +1098,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
445 /* cases 1, 6 */
446 err = vma_adjust(prev, prev->vm_start,
447 next->vm_end, prev->vm_pgoff, NULL);
448 @@ -94525,7 +94604,7 @@ index 20ff0c3..a9eda98 100644
449 if (err)
450 return NULL;
451 khugepaged_enter_vma_merge(prev);
452 -@@ -1058,12 +1124,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
453 +@@ -1058,12 +1129,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
454 mpol_equal(policy, vma_policy(next)) &&
455 can_vma_merge_before(next, vm_flags,
456 anon_vma, file, pgoff+pglen)) {
457 @@ -94555,7 +94634,7 @@ index 20ff0c3..a9eda98 100644
458 if (err)
459 return NULL;
460 khugepaged_enter_vma_merge(area);
461 -@@ -1172,8 +1253,10 @@ none:
462 +@@ -1172,8 +1258,10 @@ none:
463 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
464 struct file *file, long pages)
465 {
466 @@ -94568,7 +94647,7 @@ index 20ff0c3..a9eda98 100644
467
468 mm->total_vm += pages;
469
470 -@@ -1181,7 +1264,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
471 +@@ -1181,7 +1269,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
472 mm->shared_vm += pages;
473 if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
474 mm->exec_vm += pages;
475 @@ -94577,7 +94656,7 @@ index 20ff0c3..a9eda98 100644
476 mm->stack_vm += pages;
477 }
478 #endif /* CONFIG_PROC_FS */
479 -@@ -1211,6 +1294,7 @@ static inline int mlock_future_check(struct mm_struct *mm,
480 +@@ -1211,6 +1299,7 @@ static inline int mlock_future_check(struct mm_struct *mm,
481 locked += mm->locked_vm;
482 lock_limit = rlimit(RLIMIT_MEMLOCK);
483 lock_limit >>= PAGE_SHIFT;
484 @@ -94585,7 +94664,7 @@ index 20ff0c3..a9eda98 100644
485 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
486 return -EAGAIN;
487 }
488 -@@ -1237,7 +1321,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
489 +@@ -1237,7 +1326,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
490 * (the exception is when the underlying filesystem is noexec
491 * mounted, in which case we dont add PROT_EXEC.)
492 */
493 @@ -94594,7 +94673,7 @@ index 20ff0c3..a9eda98 100644
494 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
495 prot |= PROT_EXEC;
496
497 -@@ -1263,7 +1347,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
498 +@@ -1263,7 +1352,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
499 /* Obtain the address to map to. we verify (or select) it and ensure
500 * that it represents a valid section of the address space.
501 */
502 @@ -94603,7 +94682,7 @@ index 20ff0c3..a9eda98 100644
503 if (addr & ~PAGE_MASK)
504 return addr;
505
506 -@@ -1274,6 +1358,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
507 +@@ -1274,6 +1363,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
508 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
509 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
510
511 @@ -94647,7 +94726,7 @@ index 20ff0c3..a9eda98 100644
512 if (flags & MAP_LOCKED)
513 if (!can_do_mlock())
514 return -EPERM;
515 -@@ -1361,6 +1482,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
516 +@@ -1361,6 +1487,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
517 vm_flags |= VM_NORESERVE;
518 }
519
520 @@ -94657,7 +94736,7 @@ index 20ff0c3..a9eda98 100644
521 addr = mmap_region(file, addr, len, vm_flags, pgoff);
522 if (!IS_ERR_VALUE(addr) &&
523 ((vm_flags & VM_LOCKED) ||
524 -@@ -1454,7 +1578,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
525 +@@ -1454,7 +1583,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
526 vm_flags_t vm_flags = vma->vm_flags;
527
528 /* If it was private or non-writable, the write bit is already clear */
529 @@ -94666,7 +94745,7 @@ index 20ff0c3..a9eda98 100644
530 return 0;
531
532 /* The backer wishes to know when pages are first written to? */
533 -@@ -1500,7 +1624,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
534 +@@ -1500,7 +1629,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
535 struct rb_node **rb_link, *rb_parent;
536 unsigned long charged = 0;
537
538 @@ -94689,7 +94768,7 @@ index 20ff0c3..a9eda98 100644
539 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) {
540 unsigned long nr_pages;
541
542 -@@ -1519,11 +1658,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
543 +@@ -1519,11 +1663,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
544
545 /* Clear old maps */
546 error = -ENOMEM;
547 @@ -94702,7 +94781,7 @@ index 20ff0c3..a9eda98 100644
548 }
549
550 /*
551 -@@ -1554,6 +1692,16 @@ munmap_back:
552 +@@ -1554,6 +1697,16 @@ munmap_back:
553 goto unacct_error;
554 }
555
556 @@ -94719,7 +94798,7 @@ index 20ff0c3..a9eda98 100644
557 vma->vm_mm = mm;
558 vma->vm_start = addr;
559 vma->vm_end = addr + len;
560 -@@ -1573,6 +1721,13 @@ munmap_back:
561 +@@ -1573,6 +1726,13 @@ munmap_back:
562 if (error)
563 goto unmap_and_free_vma;
564
565 @@ -94733,7 +94812,7 @@ index 20ff0c3..a9eda98 100644
566 /* Can addr have changed??
567 *
568 * Answer: Yes, several device drivers can do it in their
569 -@@ -1606,6 +1761,12 @@ munmap_back:
570 +@@ -1606,6 +1766,12 @@ munmap_back:
571 }
572
573 vma_link(mm, vma, prev, rb_link, rb_parent);
574 @@ -94746,7 +94825,7 @@ index 20ff0c3..a9eda98 100644
575 /* Once vma denies write, undo our temporary denial count */
576 if (vm_flags & VM_DENYWRITE)
577 allow_write_access(file);
578 -@@ -1614,6 +1775,7 @@ out:
579 +@@ -1614,6 +1780,7 @@ out:
580 perf_event_mmap(vma);
581
582 vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
583 @@ -94754,7 +94833,7 @@ index 20ff0c3..a9eda98 100644
584 if (vm_flags & VM_LOCKED) {
585 if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
586 vma == get_gate_vma(current->mm)))
587 -@@ -1646,6 +1808,12 @@ unmap_and_free_vma:
588 +@@ -1646,6 +1813,12 @@ unmap_and_free_vma:
589 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
590 charged = 0;
591 free_vma:
592 @@ -94767,7 +94846,7 @@ index 20ff0c3..a9eda98 100644
593 kmem_cache_free(vm_area_cachep, vma);
594 unacct_error:
595 if (charged)
596 -@@ -1653,7 +1821,63 @@ unacct_error:
597 +@@ -1653,7 +1826,63 @@ unacct_error:
598 return error;
599 }
600
601 @@ -94832,7 +94911,7 @@ index 20ff0c3..a9eda98 100644
602 {
603 /*
604 * We implement the search by looking for an rbtree node that
605 -@@ -1701,11 +1925,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
606 +@@ -1701,11 +1930,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
607 }
608 }
609
610 @@ -94863,7 +94942,7 @@ index 20ff0c3..a9eda98 100644
611 if (gap_end >= low_limit && gap_end - gap_start >= length)
612 goto found;
613
614 -@@ -1755,7 +1997,7 @@ found:
615 +@@ -1755,7 +2002,7 @@ found:
616 return gap_start;
617 }
618
619 @@ -94872,7 +94951,7 @@ index 20ff0c3..a9eda98 100644
620 {
621 struct mm_struct *mm = current->mm;
622 struct vm_area_struct *vma;
623 -@@ -1809,6 +2051,24 @@ check_current:
624 +@@ -1809,6 +2056,24 @@ check_current:
625 gap_end = vma->vm_start;
626 if (gap_end < low_limit)
627 return -ENOMEM;
628 @@ -94897,7 +94976,7 @@ index 20ff0c3..a9eda98 100644
629 if (gap_start <= high_limit && gap_end - gap_start >= length)
630 goto found;
631
632 -@@ -1872,6 +2132,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
633 +@@ -1872,6 +2137,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
634 struct mm_struct *mm = current->mm;
635 struct vm_area_struct *vma;
636 struct vm_unmapped_area_info info;
637 @@ -94905,7 +94984,7 @@ index 20ff0c3..a9eda98 100644
638
639 if (len > TASK_SIZE - mmap_min_addr)
640 return -ENOMEM;
641 -@@ -1879,11 +2140,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
642 +@@ -1879,11 +2145,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
643 if (flags & MAP_FIXED)
644 return addr;
645
646 @@ -94922,7 +95001,7 @@ index 20ff0c3..a9eda98 100644
647 return addr;
648 }
649
650 -@@ -1892,6 +2157,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
651 +@@ -1892,6 +2162,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
652 info.low_limit = mm->mmap_base;
653 info.high_limit = TASK_SIZE;
654 info.align_mask = 0;
655 @@ -94930,7 +95009,7 @@ index 20ff0c3..a9eda98 100644
656 return vm_unmapped_area(&info);
657 }
658 #endif
659 -@@ -1910,6 +2176,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
660 +@@ -1910,6 +2181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
661 struct mm_struct *mm = current->mm;
662 unsigned long addr = addr0;
663 struct vm_unmapped_area_info info;
664 @@ -94938,7 +95017,7 @@ index 20ff0c3..a9eda98 100644
665
666 /* requested length too big for entire address space */
667 if (len > TASK_SIZE - mmap_min_addr)
668 -@@ -1918,12 +2185,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
669 +@@ -1918,12 +2190,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
670 if (flags & MAP_FIXED)
671 return addr;
672
673 @@ -94956,7 +95035,7 @@ index 20ff0c3..a9eda98 100644
674 return addr;
675 }
676
677 -@@ -1932,6 +2203,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
678 +@@ -1932,6 +2208,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
679 info.low_limit = max(PAGE_SIZE, mmap_min_addr);
680 info.high_limit = mm->mmap_base;
681 info.align_mask = 0;
682 @@ -94964,7 +95043,7 @@ index 20ff0c3..a9eda98 100644
683 addr = vm_unmapped_area(&info);
684
685 /*
686 -@@ -1944,6 +2216,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
687 +@@ -1944,6 +2221,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
688 VM_BUG_ON(addr != -ENOMEM);
689 info.flags = 0;
690 info.low_limit = TASK_UNMAPPED_BASE;
691 @@ -94977,7 +95056,7 @@ index 20ff0c3..a9eda98 100644
692 info.high_limit = TASK_SIZE;
693 addr = vm_unmapped_area(&info);
694 }
695 -@@ -2045,6 +2323,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
696 +@@ -2045,6 +2328,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
697 return vma;
698 }
699
700 @@ -95006,7 +95085,7 @@ index 20ff0c3..a9eda98 100644
701 /*
702 * Verify that the stack growth is acceptable and
703 * update accounting. This is shared with both the
704 -@@ -2061,6 +2361,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
705 +@@ -2061,6 +2366,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
706 return -ENOMEM;
707
708 /* Stack limit test */
709 @@ -95014,7 +95093,7 @@ index 20ff0c3..a9eda98 100644
710 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
711 return -ENOMEM;
712
713 -@@ -2071,6 +2372,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
714 +@@ -2071,6 +2377,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
715 locked = mm->locked_vm + grow;
716 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
717 limit >>= PAGE_SHIFT;
718 @@ -95022,7 +95101,7 @@ index 20ff0c3..a9eda98 100644
719 if (locked > limit && !capable(CAP_IPC_LOCK))
720 return -ENOMEM;
721 }
722 -@@ -2100,37 +2402,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
723 +@@ -2100,37 +2407,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
724 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
725 * vma is the last one with address > vma->vm_end. Have to extend vma.
726 */
727 @@ -95080,7 +95159,7 @@ index 20ff0c3..a9eda98 100644
728 unsigned long size, grow;
729
730 size = address - vma->vm_start;
731 -@@ -2165,6 +2478,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
732 +@@ -2165,6 +2483,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
733 }
734 }
735 }
736 @@ -95089,7 +95168,7 @@ index 20ff0c3..a9eda98 100644
737 vma_unlock_anon_vma(vma);
738 khugepaged_enter_vma_merge(vma);
739 validate_mm(vma->vm_mm);
740 -@@ -2179,6 +2494,8 @@ int expand_downwards(struct vm_area_struct *vma,
741 +@@ -2179,6 +2499,8 @@ int expand_downwards(struct vm_area_struct *vma,
742 unsigned long address)
743 {
744 int error;
745 @@ -95098,7 +95177,7 @@ index 20ff0c3..a9eda98 100644
746
747 /*
748 * We must make sure the anon_vma is allocated
749 -@@ -2192,6 +2509,15 @@ int expand_downwards(struct vm_area_struct *vma,
750 +@@ -2192,6 +2514,15 @@ int expand_downwards(struct vm_area_struct *vma,
751 if (error)
752 return error;
753
754 @@ -95114,7 +95193,7 @@ index 20ff0c3..a9eda98 100644
755 vma_lock_anon_vma(vma);
756
757 /*
758 -@@ -2201,9 +2527,17 @@ int expand_downwards(struct vm_area_struct *vma,
759 +@@ -2201,9 +2532,17 @@ int expand_downwards(struct vm_area_struct *vma,
760 */
761
762 /* Somebody else might have raced and expanded it already */
763 @@ -95133,7 +95212,7 @@ index 20ff0c3..a9eda98 100644
764 size = vma->vm_end - address;
765 grow = (vma->vm_start - address) >> PAGE_SHIFT;
766
767 -@@ -2228,13 +2562,27 @@ int expand_downwards(struct vm_area_struct *vma,
768 +@@ -2228,13 +2567,27 @@ int expand_downwards(struct vm_area_struct *vma,
769 vma->vm_pgoff -= grow;
770 anon_vma_interval_tree_post_update_vma(vma);
771 vma_gap_update(vma);
772 @@ -95161,7 +95240,7 @@ index 20ff0c3..a9eda98 100644
773 khugepaged_enter_vma_merge(vma);
774 validate_mm(vma->vm_mm);
775 return error;
776 -@@ -2332,6 +2680,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
777 +@@ -2332,6 +2685,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
778 do {
779 long nrpages = vma_pages(vma);
780
781 @@ -95175,7 +95254,7 @@ index 20ff0c3..a9eda98 100644
782 if (vma->vm_flags & VM_ACCOUNT)
783 nr_accounted += nrpages;
784 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
785 -@@ -2376,6 +2731,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
786 +@@ -2376,6 +2736,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
787 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
788 vma->vm_prev = NULL;
789 do {
790 @@ -95192,7 +95271,7 @@ index 20ff0c3..a9eda98 100644
791 vma_rb_erase(vma, &mm->mm_rb);
792 mm->map_count--;
793 tail_vma = vma;
794 -@@ -2401,14 +2766,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
795 +@@ -2401,14 +2771,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
796 struct vm_area_struct *new;
797 int err = -ENOMEM;
798
799 @@ -95226,7 +95305,7 @@ index 20ff0c3..a9eda98 100644
800 /* most fields are the same, copy all, and then fixup */
801 *new = *vma;
802
803 -@@ -2421,6 +2805,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
804 +@@ -2421,6 +2810,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
805 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
806 }
807
808 @@ -95249,7 +95328,7 @@ index 20ff0c3..a9eda98 100644
809 err = vma_dup_policy(vma, new);
810 if (err)
811 goto out_free_vma;
812 -@@ -2440,6 +2840,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
813 +@@ -2440,6 +2845,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
814 else
815 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
816
817 @@ -95288,7 +95367,7 @@ index 20ff0c3..a9eda98 100644
818 /* Success. */
819 if (!err)
820 return 0;
821 -@@ -2449,10 +2881,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
822 +@@ -2449,10 +2886,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
823 new->vm_ops->close(new);
824 if (new->vm_file)
825 fput(new->vm_file);
826 @@ -95308,7 +95387,7 @@ index 20ff0c3..a9eda98 100644
827 kmem_cache_free(vm_area_cachep, new);
828 out_err:
829 return err;
830 -@@ -2465,6 +2905,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
831 +@@ -2465,6 +2910,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
832 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
833 unsigned long addr, int new_below)
834 {
835 @@ -95324,7 +95403,7 @@ index 20ff0c3..a9eda98 100644
836 if (mm->map_count >= sysctl_max_map_count)
837 return -ENOMEM;
838
839 -@@ -2476,11 +2925,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
840 +@@ -2476,11 +2930,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
841 * work. This now handles partial unmappings.
842 * Jeremy Fitzhardinge <jeremy@××××.org>
843 */
844 @@ -95355,7 +95434,7 @@ index 20ff0c3..a9eda98 100644
845 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
846 return -EINVAL;
847
848 -@@ -2555,6 +3023,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
849 +@@ -2555,6 +3028,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
850 /* Fix up all other VM information */
851 remove_vma_list(mm, vma);
852
853 @@ -95364,7 +95443,7 @@ index 20ff0c3..a9eda98 100644
854 return 0;
855 }
856
857 -@@ -2563,6 +3033,13 @@ int vm_munmap(unsigned long start, size_t len)
858 +@@ -2563,6 +3038,13 @@ int vm_munmap(unsigned long start, size_t len)
859 int ret;
860 struct mm_struct *mm = current->mm;
861
862 @@ -95378,7 +95457,7 @@ index 20ff0c3..a9eda98 100644
863 down_write(&mm->mmap_sem);
864 ret = do_munmap(mm, start, len);
865 up_write(&mm->mmap_sem);
866 -@@ -2576,16 +3053,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
867 +@@ -2576,16 +3058,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
868 return vm_munmap(addr, len);
869 }
870
871 @@ -95395,7 +95474,7 @@ index 20ff0c3..a9eda98 100644
872 /*
873 * this is really a simplified "do_mmap". it only handles
874 * anonymous maps. eventually we may be able to do some
875 -@@ -2599,6 +3066,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
876 +@@ -2599,6 +3071,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
877 struct rb_node ** rb_link, * rb_parent;
878 pgoff_t pgoff = addr >> PAGE_SHIFT;
879 int error;
880 @@ -95403,7 +95482,7 @@ index 20ff0c3..a9eda98 100644
881
882 len = PAGE_ALIGN(len);
883 if (!len)
884 -@@ -2606,10 +3074,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
885 +@@ -2606,10 +3079,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
886
887 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
888
889 @@ -95428,7 +95507,7 @@ index 20ff0c3..a9eda98 100644
890 error = mlock_future_check(mm, mm->def_flags, len);
891 if (error)
892 return error;
893 -@@ -2623,21 +3105,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
894 +@@ -2623,21 +3110,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
895 /*
896 * Clear old maps. this also does some error checking for us
897 */
898 @@ -95453,7 +95532,7 @@ index 20ff0c3..a9eda98 100644
899 return -ENOMEM;
900
901 /* Can we just expand an old private anonymous mapping? */
902 -@@ -2651,7 +3132,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
903 +@@ -2651,7 +3137,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
904 */
905 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
906 if (!vma) {
907 @@ -95462,7 +95541,7 @@ index 20ff0c3..a9eda98 100644
908 return -ENOMEM;
909 }
910
911 -@@ -2665,10 +3146,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
912 +@@ -2665,10 +3151,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
913 vma_link(mm, vma, prev, rb_link, rb_parent);
914 out:
915 perf_event_mmap(vma);
916 @@ -95476,7 +95555,7 @@ index 20ff0c3..a9eda98 100644
917 return addr;
918 }
919
920 -@@ -2730,6 +3212,7 @@ void exit_mmap(struct mm_struct *mm)
921 +@@ -2730,6 +3217,7 @@ void exit_mmap(struct mm_struct *mm)
922 while (vma) {
923 if (vma->vm_flags & VM_ACCOUNT)
924 nr_accounted += vma_pages(vma);
925 @@ -95484,7 +95563,7 @@ index 20ff0c3..a9eda98 100644
926 vma = remove_vma(vma);
927 }
928 vm_unacct_memory(nr_accounted);
929 -@@ -2747,6 +3230,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
930 +@@ -2747,6 +3235,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
931 struct vm_area_struct *prev;
932 struct rb_node **rb_link, *rb_parent;
933
934 @@ -95498,7 +95577,7 @@ index 20ff0c3..a9eda98 100644
935 /*
936 * The vm_pgoff of a purely anonymous vma should be irrelevant
937 * until its first write fault, when page's anon_vma and index
938 -@@ -2770,7 +3260,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
939 +@@ -2770,7 +3265,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
940 security_vm_enough_memory_mm(mm, vma_pages(vma)))
941 return -ENOMEM;
942
943 @@ -95520,7 +95599,7 @@ index 20ff0c3..a9eda98 100644
944 return 0;
945 }
946
947 -@@ -2789,6 +3293,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
948 +@@ -2789,6 +3298,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
949 struct rb_node **rb_link, *rb_parent;
950 bool faulted_in_anon_vma = true;
951
952 @@ -95529,7 +95608,7 @@ index 20ff0c3..a9eda98 100644
953 /*
954 * If anonymous vma has not yet been faulted, update new pgoff
955 * to match new location, to increase its chance of merging.
956 -@@ -2853,6 +3359,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
957 +@@ -2853,6 +3364,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
958 return NULL;
959 }
960
961 @@ -95569,7 +95648,7 @@ index 20ff0c3..a9eda98 100644
962 /*
963 * Return true if the calling process may expand its vm space by the passed
964 * number of pages
965 -@@ -2864,6 +3403,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
966 +@@ -2864,6 +3408,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
967
968 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
969
970 @@ -95577,7 +95656,7 @@ index 20ff0c3..a9eda98 100644
971 if (cur + npages > lim)
972 return 0;
973 return 1;
974 -@@ -2934,6 +3474,22 @@ int install_special_mapping(struct mm_struct *mm,
975 +@@ -2934,6 +3479,22 @@ int install_special_mapping(struct mm_struct *mm,
976 vma->vm_start = addr;
977 vma->vm_end = addr + len;
978
979
980 diff --git a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch
981 index fb528d0..747ac53 100644
982 --- a/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch
983 +++ b/3.14.17/4465_selinux-avc_audit-log-curr_ip.patch
984 @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@×××.org>
985 diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig
986 --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400
987 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400
988 -@@ -1147,6 +1147,27 @@
989 +@@ -1137,6 +1137,27 @@
990 menu "Logging Options"
991 depends on GRKERNSEC
992
993
994 diff --git a/3.2.62/0000_README b/3.2.62/0000_README
995 index 67a218f..9c125a6 100644
996 --- a/3.2.62/0000_README
997 +++ b/3.2.62/0000_README
998 @@ -166,7 +166,7 @@ Patch: 1061_linux-3.2.62.patch
999 From: http://www.kernel.org
1000 Desc: Linux 3.2.62
1001
1002 -Patch: 4420_grsecurity-3.0-3.2.62-201408212331.patch
1003 +Patch: 4420_grsecurity-3.0-3.2.62-201408260037.patch
1004 From: http://www.grsecurity.net
1005 Desc: hardened-sources base patch from upstream grsecurity
1006
1007
1008 diff --git a/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch b/3.2.62/4420_grsecurity-3.0-3.2.62-201408260037.patch
1009 similarity index 99%
1010 rename from 3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
1011 rename to 3.2.62/4420_grsecurity-3.0-3.2.62-201408260037.patch
1012 index 0039dfe..a4df725 100644
1013 --- a/3.2.62/4420_grsecurity-3.0-3.2.62-201408212331.patch
1014 +++ b/3.2.62/4420_grsecurity-3.0-3.2.62-201408260037.patch
1015 @@ -69562,10 +69562,10 @@ index 0000000..18ffbbd
1016 +}
1017 diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c
1018 new file mode 100644
1019 -index 0000000..955ddfb
1020 +index 0000000..b2ec14c
1021 --- /dev/null
1022 +++ b/grsecurity/gracl_cap.c
1023 -@@ -0,0 +1,101 @@
1024 +@@ -0,0 +1,118 @@
1025 +#include <linux/kernel.h>
1026 +#include <linux/module.h>
1027 +#include <linux/sched.h>
1028 @@ -69576,6 +69576,29 @@ index 0000000..955ddfb
1029 +extern const char *captab_log[];
1030 +extern int captab_log_entries;
1031 +
1032 ++int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap)
1033 ++{
1034 ++ struct acl_subject_label *curracl;
1035 ++
1036 ++ if (!gr_acl_is_enabled())
1037 ++ return 1;
1038 ++
1039 ++ curracl = task->acl;
1040 ++
1041 ++ if (curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
1042 ++ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
1043 ++ task->role->roletype, cred->uid,
1044 ++ cred->gid, task->exec_file ?
1045 ++ gr_to_filename(task->exec_file->f_path.dentry,
1046 ++ task->exec_file->f_path.mnt) : curracl->filename,
1047 ++ curracl->filename, 0UL,
1048 ++ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
1049 ++ return 1;
1050 ++ }
1051 ++
1052 ++ return 0;
1053 ++}
1054 ++
1055 +int
1056 +gr_acl_is_capable(const int cap)
1057 +{
1058 @@ -69615,19 +69638,13 @@ index 0000000..955ddfb
1059 + return 1;
1060 + }
1061 +
1062 -+ curracl = task->acl;
1063 -+
1064 -+ if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
1065 -+ && cap_raised(cred->cap_effective, cap)) {
1066 -+ security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
1067 -+ task->role->roletype, cred->uid,
1068 -+ cred->gid, task->exec_file ?
1069 -+ gr_to_filename(task->exec_file->f_path.dentry,
1070 -+ task->exec_file->f_path.mnt) : curracl->filename,
1071 -+ curracl->filename, 0UL,
1072 -+ 0UL, "", (unsigned long) cap, &task->signal->saved_ip);
1073 ++ /* only learn the capability use if the process has the capability in the
1074 ++ general case, the two uses in sys.c of gr_learn_cap are an exception
1075 ++ to this rule to ensure any role transition involves what the full-learned
1076 ++ policy believes in a privileged process
1077 ++ */
1078 ++ if (cap_raised(cred->cap_effective, cap) && gr_learn_cap(task, cred, cap))
1079 + return 1;
1080 -+ }
1081 +
1082 + if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap))
1083 + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
1084 @@ -73616,10 +73633,10 @@ index 0000000..60b786f
1085 +}
1086 diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c
1087 new file mode 100644
1088 -index 0000000..dcc6b9f
1089 +index 0000000..a9ab1fe
1090 --- /dev/null
1091 +++ b/grsecurity/grsec_disabled.c
1092 -@@ -0,0 +1,441 @@
1093 +@@ -0,0 +1,447 @@
1094 +#include <linux/kernel.h>
1095 +#include <linux/module.h>
1096 +#include <linux/sched.h>
1097 @@ -73661,6 +73678,12 @@ index 0000000..dcc6b9f
1098 + return 0;
1099 +}
1100 +
1101 ++int
1102 ++gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap)
1103 ++{
1104 ++ return 0;
1105 ++}
1106 ++
1107 +void
1108 +gr_handle_proc_create(const struct dentry *dentry, const struct inode *inode)
1109 +{
1110 @@ -76284,10 +76307,10 @@ index 0000000..61b514e
1111 +EXPORT_SYMBOL_GPL(gr_log_timechange);
1112 diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c
1113 new file mode 100644
1114 -index 0000000..07e0dc0
1115 +index 0000000..1b915bb
1116 --- /dev/null
1117 +++ b/grsecurity/grsec_tpe.c
1118 -@@ -0,0 +1,73 @@
1119 +@@ -0,0 +1,78 @@
1120 +#include <linux/kernel.h>
1121 +#include <linux/sched.h>
1122 +#include <linux/file.h>
1123 @@ -76301,6 +76324,7 @@ index 0000000..07e0dc0
1124 +{
1125 +#ifdef CONFIG_GRKERNSEC
1126 + struct inode *inode = file->f_path.dentry->d_parent->d_inode;
1127 ++ struct inode *file_inode = file->f_path.dentry->d_inode;
1128 + const struct cred *cred = current_cred();
1129 + char *msg = NULL;
1130 + char *msg2 = NULL;
1131 @@ -76333,6 +76357,8 @@ index 0000000..07e0dc0
1132 + msg2 = "file in world-writable directory";
1133 + else if (inode->i_mode & S_IWGRP)
1134 + msg2 = "file in group-writable directory";
1135 ++ else if (file_inode->i_mode & S_IWOTH)
1136 ++ msg2 = "file is world-writable";
1137 +
1138 + if (msg && msg2) {
1139 + char fullmsg[70] = {0};
1140 @@ -76352,6 +76378,8 @@ index 0000000..07e0dc0
1141 + msg = "file in world-writable directory";
1142 + else if (inode->i_mode & S_IWGRP)
1143 + msg = "file in group-writable directory";
1144 ++ else if (file_inode->i_mode & S_IWOTH)
1145 ++ msg = "file is world-writable";
1146 +
1147 + if (msg) {
1148 + gr_log_str_fs(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, msg, file->f_path.dentry, file->f_path.mnt);
1149 @@ -79656,10 +79684,10 @@ index 0000000..b02ba9d
1150 +#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
1151 diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
1152 new file mode 100644
1153 -index 0000000..bc1de4cb
1154 +index 0000000..85351c8
1155 --- /dev/null
1156 +++ b/include/linux/grsecurity.h
1157 -@@ -0,0 +1,231 @@
1158 +@@ -0,0 +1,233 @@
1159 +#ifndef GR_SECURITY_H
1160 +#define GR_SECURITY_H
1161 +#include <linux/fs.h>
1162 @@ -79697,6 +79725,8 @@ index 0000000..bc1de4cb
1163 +int gr_check_user_change(int real, int effective, int fs);
1164 +int gr_check_group_change(int real, int effective, int fs);
1165 +
1166 ++int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
1167 ++
1168 +void gr_del_task_from_ip_table(struct task_struct *p);
1169 +
1170 +int gr_pid_is_chrooted(struct task_struct *p);
1171 @@ -86268,10 +86298,25 @@ index b463871..59495fd 100644
1172 * nsown_capable - Check superior capability to one's own user_ns
1173 * @cap: The capability in question
1174 diff --git a/kernel/cgroup.c b/kernel/cgroup.c
1175 -index 93fc15e..6e62dfa 100644
1176 +index 93fc15e..94e383a 100644
1177 --- a/kernel/cgroup.c
1178 +++ b/kernel/cgroup.c
1179 -@@ -5169,7 +5169,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
1180 +@@ -4750,6 +4750,14 @@ static void cgroup_release_agent(struct work_struct *work)
1181 + release_list);
1182 + list_del_init(&cgrp->release_list);
1183 + raw_spin_unlock(&release_list_lock);
1184 ++
1185 ++ /*
1186 ++ * don't bother calling call_usermodehelper if we haven't
1187 ++ * configured a binary to execute
1188 ++ */
1189 ++ if (cgrp->root->release_agent_path[0] == '\0')
1190 ++ goto continue_free;
1191 ++
1192 + pathbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
1193 + if (!pathbuf)
1194 + goto continue_free;
1195 +@@ -5169,7 +5177,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
1196 struct css_set *cg = link->cg;
1197 struct task_struct *task;
1198 int count = 0;
1199 @@ -91258,7 +91303,7 @@ index 2f194e9..2c05ea9 100644
1200 .priority = 10,
1201 };
1202 diff --git a/kernel/sys.c b/kernel/sys.c
1203 -index 9d557df..b2a5319 100644
1204 +index 9d557df..7207dae 100644
1205 --- a/kernel/sys.c
1206 +++ b/kernel/sys.c
1207 @@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
1208 @@ -91274,17 +91319,28 @@ index 9d557df..b2a5319 100644
1209 no_nice = security_task_setnice(p, niceval);
1210 if (no_nice) {
1211 error = no_nice;
1212 -@@ -597,6 +603,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
1213 +@@ -597,6 +603,20 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
1214 goto error;
1215 }
1216
1217 + if (gr_check_group_change(new->gid, new->egid, -1))
1218 + goto error;
1219 +
1220 ++ if (new->gid != old->gid) {
1221 ++ /* make sure we generate a learn log for what will
1222 ++ end up being a role transition after a full-learning
1223 ++ policy is generated
1224 ++ CAP_SETGID is required to perform a transition
1225 ++ we may not log a CAP_SETGID check above, e.g.
1226 ++ in the case where new rgid = old egid
1227 ++ */
1228 ++ gr_learn_cap(current, new, CAP_SETGID);
1229 ++ }
1230 ++
1231 if (rgid != (gid_t) -1 ||
1232 (egid != (gid_t) -1 && egid != old->gid))
1233 new->sgid = new->egid;
1234 -@@ -626,6 +635,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
1235 +@@ -626,6 +646,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
1236 old = current_cred();
1237
1238 retval = -EPERM;
1239 @@ -91295,7 +91351,7 @@ index 9d557df..b2a5319 100644
1240 if (nsown_capable(CAP_SETGID))
1241 new->gid = new->egid = new->sgid = new->fsgid = gid;
1242 else if (gid == old->gid || gid == old->sgid)
1243 -@@ -643,7 +656,7 @@ error:
1244 +@@ -643,7 +667,7 @@ error:
1245 /*
1246 * change the user struct in a credentials set to match the new UID
1247 */
1248 @@ -91304,7 +91360,7 @@ index 9d557df..b2a5319 100644
1249 {
1250 struct user_struct *new_user;
1251
1252 -@@ -713,6 +726,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
1253 +@@ -713,7 +737,18 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
1254 goto error;
1255 }
1256
1257 @@ -91312,9 +91368,18 @@ index 9d557df..b2a5319 100644
1258 + goto error;
1259 +
1260 if (new->uid != old->uid) {
1261 ++ /* make sure we generate a learn log for what will
1262 ++ end up being a role transition after a full-learning
1263 ++ policy is generated
1264 ++ CAP_SETUID is required to perform a transition
1265 ++ we may not log a CAP_SETUID check above, e.g.
1266 ++ in the case where new ruid = old euid
1267 ++ */
1268 ++ gr_learn_cap(current, new, CAP_SETUID);
1269 retval = set_user(new);
1270 if (retval < 0)
1271 -@@ -757,6 +773,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
1272 + goto error;
1273 +@@ -757,6 +792,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
1274 old = current_cred();
1275
1276 retval = -EPERM;
1277 @@ -91327,7 +91392,7 @@ index 9d557df..b2a5319 100644
1278 if (nsown_capable(CAP_SETUID)) {
1279 new->suid = new->uid = uid;
1280 if (uid != old->uid) {
1281 -@@ -811,6 +833,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
1282 +@@ -811,6 +852,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
1283 goto error;
1284 }
1285
1286 @@ -91337,7 +91402,7 @@ index 9d557df..b2a5319 100644
1287 if (ruid != (uid_t) -1) {
1288 new->uid = ruid;
1289 if (ruid != old->uid) {
1290 -@@ -875,6 +900,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
1291 +@@ -875,6 +919,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
1292 goto error;
1293 }
1294
1295 @@ -91347,7 +91412,7 @@ index 9d557df..b2a5319 100644
1296 if (rgid != (gid_t) -1)
1297 new->gid = rgid;
1298 if (egid != (gid_t) -1)
1299 -@@ -925,12 +953,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
1300 +@@ -925,12 +972,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
1301 uid == old->suid || uid == old->fsuid ||
1302 nsown_capable(CAP_SETUID)) {
1303 if (uid != old_fsuid) {
1304 @@ -91364,7 +91429,7 @@ index 9d557df..b2a5319 100644
1305 abort_creds(new);
1306 return old_fsuid;
1307
1308 -@@ -957,12 +989,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
1309 +@@ -957,12 +1008,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
1310 if (gid == old->gid || gid == old->egid ||
1311 gid == old->sgid || gid == old->fsgid ||
1312 nsown_capable(CAP_SETGID)) {
1313 @@ -91381,7 +91446,7 @@ index 9d557df..b2a5319 100644
1314 abort_creds(new);
1315 return old_fsgid;
1316
1317 -@@ -1270,19 +1306,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
1318 +@@ -1270,19 +1325,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
1319 return -EFAULT;
1320
1321 down_read(&uts_sem);
1322 @@ -91406,7 +91471,7 @@ index 9d557df..b2a5319 100644
1323 __OLD_UTS_LEN);
1324 error |= __put_user(0, name->machine + __OLD_UTS_LEN);
1325 up_read(&uts_sem);
1326 -@@ -1484,6 +1520,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
1327 +@@ -1484,6 +1539,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
1328 */
1329 new_rlim->rlim_cur = 1;
1330 }
1331 @@ -91420,7 +91485,7 @@ index 9d557df..b2a5319 100644
1332 }
1333 if (!retval) {
1334 if (old_rlim)
1335 -@@ -1747,7 +1790,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1336 +@@ -1747,7 +1809,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1337 error = get_dumpable(me->mm);
1338 break;
1339 case PR_SET_DUMPABLE:
1340 @@ -91429,7 +91494,7 @@ index 9d557df..b2a5319 100644
1341 error = -EINVAL;
1342 break;
1343 }
1344 -@@ -1808,7 +1851,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1345 +@@ -1808,7 +1870,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1346 error = prctl_get_seccomp();
1347 break;
1348 case PR_SET_SECCOMP:
1349 @@ -91438,7 +91503,7 @@ index 9d557df..b2a5319 100644
1350 break;
1351 case PR_GET_TSC:
1352 error = GET_TSC_CTL(arg2);
1353 -@@ -1868,6 +1911,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1354 +@@ -1868,6 +1930,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
1355 else
1356 error = PR_MCE_KILL_DEFAULT;
1357 break;
1358 @@ -95492,7 +95557,7 @@ index 1ffd97a..240aa20 100644
1359 int mminit_loglevel;
1360
1361 diff --git a/mm/mmap.c b/mm/mmap.c
1362 -index 6182c8a..7d532cf 100644
1363 +index 6182c8a..9476c8e 100644
1364 --- a/mm/mmap.c
1365 +++ b/mm/mmap.c
1366 @@ -30,6 +30,7 @@
1367 @@ -95564,15 +95629,20 @@ index 6182c8a..7d532cf 100644
1368 if (vma->vm_ops && vma->vm_ops->close)
1369 vma->vm_ops->close(vma);
1370 if (vma->vm_file) {
1371 -@@ -272,6 +294,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
1372 +@@ -272,6 +294,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
1373 * not page aligned -Ram Gupta
1374 */
1375 rlim = rlimit(RLIMIT_DATA);
1376 ++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
1377 ++ /* force a minimum 16MB brk heap on setuid/setgid binaries */
1378 ++ if (rlim < PAGE_SIZE && (get_dumpable(mm) != SUID_DUMPABLE_ENABLED) && current_uid())
1379 ++ rlim = 4096 * PAGE_SIZE;
1380 ++#endif
1381 + gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
1382 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
1383 (mm->end_data - mm->start_data) > rlim)
1384 goto out;
1385 -@@ -689,6 +712,12 @@ static int
1386 +@@ -689,6 +717,12 @@ static int
1387 can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
1388 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
1389 {
1390 @@ -95585,7 +95655,7 @@ index 6182c8a..7d532cf 100644
1391 if (is_mergeable_vma(vma, file, vm_flags) &&
1392 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
1393 if (vma->vm_pgoff == vm_pgoff)
1394 -@@ -708,6 +737,12 @@ static int
1395 +@@ -708,6 +742,12 @@ static int
1396 can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
1397 struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
1398 {
1399 @@ -95598,7 +95668,7 @@ index 6182c8a..7d532cf 100644
1400 if (is_mergeable_vma(vma, file, vm_flags) &&
1401 is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
1402 pgoff_t vm_pglen;
1403 -@@ -750,13 +785,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
1404 +@@ -750,13 +790,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
1405 struct vm_area_struct *vma_merge(struct mm_struct *mm,
1406 struct vm_area_struct *prev, unsigned long addr,
1407 unsigned long end, unsigned long vm_flags,
1408 @@ -95620,7 +95690,7 @@ index 6182c8a..7d532cf 100644
1409 /*
1410 * We later require that vma->vm_flags == vm_flags,
1411 * so this tests vma->vm_flags & VM_SPECIAL, too.
1412 -@@ -772,6 +814,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1413 +@@ -772,6 +819,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1414 if (next && next->vm_end == end) /* cases 6, 7, 8 */
1415 next = next->vm_next;
1416
1417 @@ -95636,7 +95706,7 @@ index 6182c8a..7d532cf 100644
1418 /*
1419 * Can it merge with the predecessor?
1420 */
1421 -@@ -791,9 +842,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1422 +@@ -791,9 +847,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1423 /* cases 1, 6 */
1424 err = vma_adjust(prev, prev->vm_start,
1425 next->vm_end, prev->vm_pgoff, NULL);
1426 @@ -95662,7 +95732,7 @@ index 6182c8a..7d532cf 100644
1427 if (err)
1428 return NULL;
1429 khugepaged_enter_vma_merge(prev);
1430 -@@ -807,12 +873,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1431 +@@ -807,12 +878,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
1432 mpol_equal(policy, vma_policy(next)) &&
1433 can_vma_merge_before(next, vm_flags,
1434 anon_vma, file, pgoff+pglen)) {
1435 @@ -95692,7 +95762,7 @@ index 6182c8a..7d532cf 100644
1436 if (err)
1437 return NULL;
1438 khugepaged_enter_vma_merge(area);
1439 -@@ -921,15 +1002,22 @@ none:
1440 +@@ -921,15 +1007,22 @@ none:
1441 void vm_stat_account(struct mm_struct *mm, unsigned long flags,
1442 struct file *file, long pages)
1443 {
1444 @@ -95718,7 +95788,7 @@ index 6182c8a..7d532cf 100644
1445 if (flags & (VM_RESERVED|VM_IO))
1446 mm->reserved_vm += pages;
1447 }
1448 -@@ -955,7 +1043,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1449 +@@ -955,7 +1048,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1450 * (the exception is when the underlying filesystem is noexec
1451 * mounted, in which case we dont add PROT_EXEC.)
1452 */
1453 @@ -95727,7 +95797,7 @@ index 6182c8a..7d532cf 100644
1454 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
1455 prot |= PROT_EXEC;
1456
1457 -@@ -981,7 +1069,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1458 +@@ -981,7 +1074,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1459 /* Obtain the address to map to. we verify (or select) it and ensure
1460 * that it represents a valid section of the address space.
1461 */
1462 @@ -95736,7 +95806,7 @@ index 6182c8a..7d532cf 100644
1463 if (addr & ~PAGE_MASK)
1464 return addr;
1465
1466 -@@ -992,6 +1080,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1467 +@@ -992,6 +1085,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1468 vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
1469 mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
1470
1471 @@ -95780,7 +95850,7 @@ index 6182c8a..7d532cf 100644
1472 if (flags & MAP_LOCKED)
1473 if (!can_do_mlock())
1474 return -EPERM;
1475 -@@ -1003,6 +1128,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1476 +@@ -1003,6 +1133,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1477 locked += mm->locked_vm;
1478 lock_limit = rlimit(RLIMIT_MEMLOCK);
1479 lock_limit >>= PAGE_SHIFT;
1480 @@ -95788,7 +95858,7 @@ index 6182c8a..7d532cf 100644
1481 if (locked > lock_limit && !capable(CAP_IPC_LOCK))
1482 return -EAGAIN;
1483 }
1484 -@@ -1073,6 +1199,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1485 +@@ -1073,6 +1204,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
1486 if (error)
1487 return error;
1488
1489 @@ -95798,7 +95868,7 @@ index 6182c8a..7d532cf 100644
1490 return mmap_region(file, addr, len, flags, vm_flags, pgoff);
1491 }
1492 EXPORT_SYMBOL(do_mmap_pgoff);
1493 -@@ -1153,7 +1282,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
1494 +@@ -1153,7 +1287,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
1495 vm_flags_t vm_flags = vma->vm_flags;
1496
1497 /* If it was private or non-writable, the write bit is already clear */
1498 @@ -95807,7 +95877,7 @@ index 6182c8a..7d532cf 100644
1499 return 0;
1500
1501 /* The backer wishes to know when pages are first written to? */
1502 -@@ -1202,17 +1331,32 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
1503 +@@ -1202,17 +1336,32 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
1504 unsigned long charged = 0;
1505 struct inode *inode = file ? file->f_path.dentry->d_inode : NULL;
1506
1507 @@ -95842,7 +95912,7 @@ index 6182c8a..7d532cf 100644
1508 if (!may_expand_vm(mm, len >> PAGE_SHIFT))
1509 return -ENOMEM;
1510
1511 -@@ -1258,6 +1402,16 @@ munmap_back:
1512 +@@ -1258,6 +1407,16 @@ munmap_back:
1513 goto unacct_error;
1514 }
1515
1516 @@ -95859,7 +95929,7 @@ index 6182c8a..7d532cf 100644
1517 vma->vm_mm = mm;
1518 vma->vm_start = addr;
1519 vma->vm_end = addr + len;
1520 -@@ -1266,8 +1420,9 @@ munmap_back:
1521 +@@ -1266,8 +1425,9 @@ munmap_back:
1522 vma->vm_pgoff = pgoff;
1523 INIT_LIST_HEAD(&vma->anon_vma_chain);
1524
1525 @@ -95870,7 +95940,7 @@ index 6182c8a..7d532cf 100644
1526 if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP))
1527 goto free_vma;
1528 if (vm_flags & VM_DENYWRITE) {
1529 -@@ -1281,6 +1436,19 @@ munmap_back:
1530 +@@ -1281,6 +1441,19 @@ munmap_back:
1531 error = file->f_op->mmap(file, vma);
1532 if (error)
1533 goto unmap_and_free_vma;
1534 @@ -95890,7 +95960,7 @@ index 6182c8a..7d532cf 100644
1535 if (vm_flags & VM_EXECUTABLE)
1536 added_exe_file_vma(mm);
1537
1538 -@@ -1293,6 +1461,8 @@ munmap_back:
1539 +@@ -1293,6 +1466,8 @@ munmap_back:
1540 pgoff = vma->vm_pgoff;
1541 vm_flags = vma->vm_flags;
1542 } else if (vm_flags & VM_SHARED) {
1543 @@ -95899,7 +95969,7 @@ index 6182c8a..7d532cf 100644
1544 error = shmem_zero_setup(vma);
1545 if (error)
1546 goto free_vma;
1547 -@@ -1316,14 +1486,19 @@ munmap_back:
1548 +@@ -1316,14 +1491,19 @@ munmap_back:
1549 vma_link(mm, vma, prev, rb_link, rb_parent);
1550 file = vma->vm_file;
1551
1552 @@ -95920,7 +95990,7 @@ index 6182c8a..7d532cf 100644
1553 if (vm_flags & VM_LOCKED) {
1554 if (!mlock_vma_pages_range(vma, addr, addr + len))
1555 mm->locked_vm += (len >> PAGE_SHIFT);
1556 -@@ -1341,6 +1516,12 @@ unmap_and_free_vma:
1557 +@@ -1341,6 +1521,12 @@ unmap_and_free_vma:
1558 unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
1559 charged = 0;
1560 free_vma:
1561 @@ -95933,7 +96003,7 @@ index 6182c8a..7d532cf 100644
1562 kmem_cache_free(vm_area_cachep, vma);
1563 unacct_error:
1564 if (charged)
1565 -@@ -1348,6 +1529,73 @@ unacct_error:
1566 +@@ -1348,6 +1534,73 @@ unacct_error:
1567 return error;
1568 }
1569
1570 @@ -96007,7 +96077,7 @@ index 6182c8a..7d532cf 100644
1571 /* Get an address range which is currently unmapped.
1572 * For shmat() with addr=0.
1573 *
1574 -@@ -1367,6 +1615,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
1575 +@@ -1367,6 +1620,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
1576 struct mm_struct *mm = current->mm;
1577 struct vm_area_struct *vma;
1578 unsigned long start_addr;
1579 @@ -96015,7 +96085,7 @@ index 6182c8a..7d532cf 100644
1580
1581 if (len > TASK_SIZE - mmap_min_addr)
1582 return -ENOMEM;
1583 -@@ -1374,18 +1623,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
1584 +@@ -1374,18 +1628,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
1585 if (flags & MAP_FIXED)
1586 return addr;
1587
1588 @@ -96046,7 +96116,7 @@ index 6182c8a..7d532cf 100644
1589 }
1590
1591 full_search:
1592 -@@ -1396,34 +1650,40 @@ full_search:
1593 +@@ -1396,34 +1655,40 @@ full_search:
1594 * Start a new search - just in case we missed
1595 * some holes.
1596 */
1597 @@ -96098,7 +96168,7 @@ index 6182c8a..7d532cf 100644
1598 mm->free_area_cache = addr;
1599 mm->cached_hole_size = ~0UL;
1600 }
1601 -@@ -1441,7 +1701,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1602 +@@ -1441,7 +1706,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1603 {
1604 struct vm_area_struct *vma;
1605 struct mm_struct *mm = current->mm;
1606 @@ -96108,7 +96178,7 @@ index 6182c8a..7d532cf 100644
1607 unsigned long low_limit = max(PAGE_SIZE, mmap_min_addr);
1608
1609 /* requested length too big for entire address space */
1610 -@@ -1451,13 +1712,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1611 +@@ -1451,13 +1717,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1612 if (flags & MAP_FIXED)
1613 return addr;
1614
1615 @@ -96131,7 +96201,7 @@ index 6182c8a..7d532cf 100644
1616 }
1617
1618 /* check if free_area_cache is useful for us */
1619 -@@ -1471,10 +1737,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1620 +@@ -1471,10 +1742,11 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1621
1622 /* make sure it can fit in the remaining address space */
1623 if (addr >= low_limit + len) {
1624 @@ -96146,7 +96216,7 @@ index 6182c8a..7d532cf 100644
1625 }
1626
1627 if (mm->mmap_base < low_limit + len)
1628 -@@ -1489,7 +1756,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1629 +@@ -1489,7 +1761,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1630 * return with success:
1631 */
1632 vma = find_vma(mm, addr);
1633 @@ -96155,7 +96225,7 @@ index 6182c8a..7d532cf 100644
1634 /* remember the address as a hint for next time */
1635 return (mm->free_area_cache = addr);
1636
1637 -@@ -1498,8 +1765,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1638 +@@ -1498,8 +1770,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
1639 mm->cached_hole_size = vma->vm_start - addr;
1640
1641 /* try just below the current vma->vm_start */
1642 @@ -96166,7 +96236,7 @@ index 6182c8a..7d532cf 100644
1643
1644 bottomup:
1645 /*
1646 -@@ -1508,13 +1775,21 @@ bottomup:
1647 +@@ -1508,13 +1780,21 @@ bottomup:
1648 * can happen with large stack limits and large mmap()
1649 * allocations.
1650 */
1651 @@ -96190,7 +96260,7 @@ index 6182c8a..7d532cf 100644
1652 mm->cached_hole_size = ~0UL;
1653
1654 return addr;
1655 -@@ -1523,6 +1798,12 @@ bottomup:
1656 +@@ -1523,6 +1803,12 @@ bottomup:
1657
1658 void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
1659 {
1660 @@ -96203,7 +96273,7 @@ index 6182c8a..7d532cf 100644
1661 /*
1662 * Is this a new hole at the highest possible address?
1663 */
1664 -@@ -1530,8 +1811,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
1665 +@@ -1530,8 +1816,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
1666 mm->free_area_cache = addr;
1667
1668 /* dont allow allocations above current base */
1669 @@ -96215,7 +96285,7 @@ index 6182c8a..7d532cf 100644
1670 }
1671
1672 unsigned long
1673 -@@ -1604,40 +1887,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
1674 +@@ -1604,40 +1892,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
1675
1676 EXPORT_SYMBOL(find_vma);
1677
1678 @@ -96291,7 +96361,7 @@ index 6182c8a..7d532cf 100644
1679
1680 /*
1681 * Verify that the stack growth is acceptable and
1682 -@@ -1655,6 +1948,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1683 +@@ -1655,6 +1953,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1684 return -ENOMEM;
1685
1686 /* Stack limit test */
1687 @@ -96299,7 +96369,7 @@ index 6182c8a..7d532cf 100644
1688 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
1689 return -ENOMEM;
1690
1691 -@@ -1665,6 +1959,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1692 +@@ -1665,6 +1964,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1693 locked = mm->locked_vm + grow;
1694 limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
1695 limit >>= PAGE_SHIFT;
1696 @@ -96307,7 +96377,7 @@ index 6182c8a..7d532cf 100644
1697 if (locked > limit && !capable(CAP_IPC_LOCK))
1698 return -ENOMEM;
1699 }
1700 -@@ -1683,7 +1978,6 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1701 +@@ -1683,7 +1983,6 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1702 return -ENOMEM;
1703
1704 /* Ok, everything looks good - let it rip */
1705 @@ -96315,7 +96385,7 @@ index 6182c8a..7d532cf 100644
1706 if (vma->vm_flags & VM_LOCKED)
1707 mm->locked_vm += grow;
1708 vm_stat_account(mm, vma->vm_flags, vma->vm_file, grow);
1709 -@@ -1695,37 +1989,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1710 +@@ -1695,37 +1994,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
1711 * PA-RISC uses this for its stack; IA64 for its Register Backing Store.
1712 * vma is the last one with address > vma->vm_end. Have to extend vma.
1713 */
1714 @@ -96373,7 +96443,7 @@ index 6182c8a..7d532cf 100644
1715 unsigned long size, grow;
1716
1717 size = address - vma->vm_start;
1718 -@@ -1740,6 +2045,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
1719 +@@ -1740,6 +2050,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
1720 }
1721 }
1722 }
1723 @@ -96382,7 +96452,7 @@ index 6182c8a..7d532cf 100644
1724 vma_unlock_anon_vma(vma);
1725 khugepaged_enter_vma_merge(vma);
1726 return error;
1727 -@@ -1753,6 +2060,8 @@ int expand_downwards(struct vm_area_struct *vma,
1728 +@@ -1753,6 +2065,8 @@ int expand_downwards(struct vm_area_struct *vma,
1729 unsigned long address)
1730 {
1731 int error;
1732 @@ -96391,7 +96461,7 @@ index 6182c8a..7d532cf 100644
1733
1734 /*
1735 * We must make sure the anon_vma is allocated
1736 -@@ -1766,6 +2075,15 @@ int expand_downwards(struct vm_area_struct *vma,
1737 +@@ -1766,6 +2080,15 @@ int expand_downwards(struct vm_area_struct *vma,
1738 if (error)
1739 return error;
1740
1741 @@ -96407,7 +96477,7 @@ index 6182c8a..7d532cf 100644
1742 vma_lock_anon_vma(vma);
1743
1744 /*
1745 -@@ -1775,9 +2093,17 @@ int expand_downwards(struct vm_area_struct *vma,
1746 +@@ -1775,9 +2098,17 @@ int expand_downwards(struct vm_area_struct *vma,
1747 */
1748
1749 /* Somebody else might have raced and expanded it already */
1750 @@ -96426,7 +96496,7 @@ index 6182c8a..7d532cf 100644
1751 size = vma->vm_end - address;
1752 grow = (vma->vm_start - address) >> PAGE_SHIFT;
1753
1754 -@@ -1787,18 +2113,48 @@ int expand_downwards(struct vm_area_struct *vma,
1755 +@@ -1787,18 +2118,48 @@ int expand_downwards(struct vm_area_struct *vma,
1756 if (!error) {
1757 vma->vm_start = address;
1758 vma->vm_pgoff -= grow;
1759 @@ -96475,7 +96545,7 @@ index 6182c8a..7d532cf 100644
1760 return expand_upwards(vma, address);
1761 }
1762
1763 -@@ -1821,6 +2177,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr)
1764 +@@ -1821,6 +2182,14 @@ find_extend_vma(struct mm_struct *mm, unsigned long addr)
1765 #else
1766 int expand_stack(struct vm_area_struct *vma, unsigned long address)
1767 {
1768 @@ -96490,7 +96560,7 @@ index 6182c8a..7d532cf 100644
1769 return expand_downwards(vma, address);
1770 }
1771
1772 -@@ -1861,7 +2225,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
1773 +@@ -1861,7 +2230,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
1774 do {
1775 long nrpages = vma_pages(vma);
1776
1777 @@ -96505,7 +96575,7 @@ index 6182c8a..7d532cf 100644
1778 vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
1779 vma = remove_vma(vma);
1780 } while (vma);
1781 -@@ -1906,6 +2276,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
1782 +@@ -1906,6 +2281,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
1783 insertion_point = (prev ? &prev->vm_next : &mm->mmap);
1784 vma->vm_prev = NULL;
1785 do {
1786 @@ -96522,7 +96592,7 @@ index 6182c8a..7d532cf 100644
1787 rb_erase(&vma->vm_rb, &mm->mm_rb);
1788 mm->map_count--;
1789 tail_vma = vma;
1790 -@@ -1934,14 +2314,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1791 +@@ -1934,14 +2319,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1792 struct vm_area_struct *new;
1793 int err = -ENOMEM;
1794
1795 @@ -96556,7 +96626,7 @@ index 6182c8a..7d532cf 100644
1796 /* most fields are the same, copy all, and then fixup */
1797 *new = *vma;
1798
1799 -@@ -1954,6 +2353,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1800 +@@ -1954,6 +2358,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1801 new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
1802 }
1803
1804 @@ -96579,7 +96649,7 @@ index 6182c8a..7d532cf 100644
1805 pol = mpol_dup(vma_policy(vma));
1806 if (IS_ERR(pol)) {
1807 err = PTR_ERR(pol);
1808 -@@ -1979,6 +2394,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1809 +@@ -1979,6 +2399,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1810 else
1811 err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
1812
1813 @@ -96622,7 +96692,7 @@ index 6182c8a..7d532cf 100644
1814 /* Success. */
1815 if (!err)
1816 return 0;
1817 -@@ -1991,10 +2442,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1818 +@@ -1991,10 +2447,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1819 removed_exe_file_vma(mm);
1820 fput(new->vm_file);
1821 }
1822 @@ -96642,7 +96712,7 @@ index 6182c8a..7d532cf 100644
1823 kmem_cache_free(vm_area_cachep, new);
1824 out_err:
1825 return err;
1826 -@@ -2007,6 +2466,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1827 +@@ -2007,6 +2471,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
1828 int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
1829 unsigned long addr, int new_below)
1830 {
1831 @@ -96658,7 +96728,7 @@ index 6182c8a..7d532cf 100644
1832 if (mm->map_count >= sysctl_max_map_count)
1833 return -ENOMEM;
1834
1835 -@@ -2018,11 +2486,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
1836 +@@ -2018,11 +2491,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
1837 * work. This now handles partial unmappings.
1838 * Jeremy Fitzhardinge <jeremy@××××.org>
1839 */
1840 @@ -96689,7 +96759,7 @@ index 6182c8a..7d532cf 100644
1841 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
1842 return -EINVAL;
1843
1844 -@@ -2097,6 +2584,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1845 +@@ -2097,6 +2589,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
1846 /* Fix up all other VM information */
1847 remove_vma_list(mm, vma);
1848
1849 @@ -96698,7 +96768,7 @@ index 6182c8a..7d532cf 100644
1850 return 0;
1851 }
1852
1853 -@@ -2109,22 +2598,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
1854 +@@ -2109,22 +2603,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
1855
1856 profile_munmap(addr);
1857
1858 @@ -96727,7 +96797,7 @@ index 6182c8a..7d532cf 100644
1859 /*
1860 * this is really a simplified "do_mmap". it only handles
1861 * anonymous maps. eventually we may be able to do some
1862 -@@ -2138,6 +2623,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1863 +@@ -2138,6 +2628,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1864 struct rb_node ** rb_link, * rb_parent;
1865 pgoff_t pgoff = addr >> PAGE_SHIFT;
1866 int error;
1867 @@ -96735,7 +96805,7 @@ index 6182c8a..7d532cf 100644
1868
1869 len = PAGE_ALIGN(len);
1870 if (!len)
1871 -@@ -2149,16 +2635,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1872 +@@ -2149,16 +2640,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1873
1874 flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
1875
1876 @@ -96767,7 +96837,7 @@ index 6182c8a..7d532cf 100644
1877 locked += mm->locked_vm;
1878 lock_limit = rlimit(RLIMIT_MEMLOCK);
1879 lock_limit >>= PAGE_SHIFT;
1880 -@@ -2175,22 +2675,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1881 +@@ -2175,22 +2680,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1882 /*
1883 * Clear old maps. this also does some error checking for us
1884 */
1885 @@ -96794,7 +96864,7 @@ index 6182c8a..7d532cf 100644
1886 return -ENOMEM;
1887
1888 /* Can we just expand an old private anonymous mapping? */
1889 -@@ -2204,7 +2704,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1890 +@@ -2204,7 +2709,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1891 */
1892 vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
1893 if (!vma) {
1894 @@ -96803,7 +96873,7 @@ index 6182c8a..7d532cf 100644
1895 return -ENOMEM;
1896 }
1897
1898 -@@ -2218,11 +2718,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1899 +@@ -2218,11 +2723,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len)
1900 vma_link(mm, vma, prev, rb_link, rb_parent);
1901 out:
1902 perf_event_mmap(vma);
1903 @@ -96818,7 +96888,7 @@ index 6182c8a..7d532cf 100644
1904 return addr;
1905 }
1906
1907 -@@ -2269,8 +2770,10 @@ void exit_mmap(struct mm_struct *mm)
1908 +@@ -2269,8 +2775,10 @@ void exit_mmap(struct mm_struct *mm)
1909 * Walk the list again, actually closing and freeing it,
1910 * with preemption enabled, without holding any MM locks.
1911 */
1912 @@ -96830,7 +96900,7 @@ index 6182c8a..7d532cf 100644
1913
1914 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
1915 }
1916 -@@ -2284,6 +2787,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
1917 +@@ -2284,6 +2792,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
1918 struct vm_area_struct * __vma, * prev;
1919 struct rb_node ** rb_link, * rb_parent;
1920
1921 @@ -96844,7 +96914,7 @@ index 6182c8a..7d532cf 100644
1922 /*
1923 * The vm_pgoff of a purely anonymous vma should be irrelevant
1924 * until its first write fault, when page's anon_vma and index
1925 -@@ -2306,7 +2816,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
1926 +@@ -2306,7 +2821,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma)
1927 if ((vma->vm_flags & VM_ACCOUNT) &&
1928 security_vm_enough_memory_mm(mm, vma_pages(vma)))
1929 return -ENOMEM;
1930 @@ -96867,7 +96937,7 @@ index 6182c8a..7d532cf 100644
1931 return 0;
1932 }
1933
1934 -@@ -2324,6 +2849,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
1935 +@@ -2324,6 +2854,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
1936 struct rb_node **rb_link, *rb_parent;
1937 struct mempolicy *pol;
1938
1939 @@ -96876,7 +96946,7 @@ index 6182c8a..7d532cf 100644
1940 /*
1941 * If anonymous vma has not yet been faulted, update new pgoff
1942 * to match new location, to increase its chance of merging.
1943 -@@ -2374,6 +2901,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
1944 +@@ -2374,6 +2906,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
1945 return NULL;
1946 }
1947
1948 @@ -96916,7 +96986,7 @@ index 6182c8a..7d532cf 100644
1949 /*
1950 * Return true if the calling process may expand its vm space by the passed
1951 * number of pages
1952 -@@ -2385,6 +2945,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
1953 +@@ -2385,6 +2950,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
1954
1955 lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
1956
1957 @@ -96924,7 +96994,7 @@ index 6182c8a..7d532cf 100644
1958 if (cur + npages > lim)
1959 return 0;
1960 return 1;
1961 -@@ -2455,6 +3016,22 @@ int install_special_mapping(struct mm_struct *mm,
1962 +@@ -2455,6 +3021,22 @@ int install_special_mapping(struct mm_struct *mm,
1963 vma->vm_start = addr;
1964 vma->vm_end = addr + len;
1965
1966 @@ -107303,16 +107373,6 @@ index ede01a8..756e6bd 100644
1967 if (err)
1968 goto out;
1969
1970 -diff --git a/scripts/Makefile b/scripts/Makefile
1971 -index 3626666..4d873cd 100644
1972 ---- a/scripts/Makefile
1973 -+++ b/scripts/Makefile
1974 -@@ -35,3 +35,5 @@ subdir-$(CONFIG_DTC) += dtc
1975 -
1976 - # Let clean descend into subdirs
1977 - subdir- += basic kconfig package selinux
1978 -+
1979 -+clean-files := randstruct.seed
1980 diff --git a/scripts/Makefile.build b/scripts/Makefile.build
1981 index d2b366c1..2d5a6f8 100644
1982 --- a/scripts/Makefile.build
Report Message
Find on MARC Find on Google Groups