diff options
-rw-r--r-- | 3.14.21/0000_README (renamed from 3.14.20/0000_README) | 2 | ||||
-rw-r--r-- | 3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch (renamed from 3.14.20/4420_grsecurity-3.0-3.14.20-201410081929.patch) | 708 | ||||
-rw-r--r-- | 3.14.21/4425_grsec_remove_EI_PAX.patch (renamed from 3.14.20/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.14.20/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4430_grsec-remove-localversion-grsec.patch (renamed from 3.14.20/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4435_grsec-mute-warnings.patch (renamed from 3.14.20/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4440_grsec-remove-protected-paths.patch (renamed from 3.14.20/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4450_grsec-kconfig-default-gids.patch (renamed from 3.14.20/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.14.20/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4470_disable-compat_vdso.patch (renamed from 3.14.20/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.14.21/4475_emutramp_default_on.patch (renamed from 3.14.20/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/0000_README (renamed from 3.16.4/0000_README) | 2 | ||||
-rw-r--r-- | 3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch (renamed from 3.16.4/4420_grsecurity-3.0-3.16.4-201410081932.patch) | 265 | ||||
-rw-r--r-- | 3.16.5/4425_grsec_remove_EI_PAX.patch (renamed from 3.16.4/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4427_force_XATTR_PAX_tmpfs.patch (renamed from 3.16.4/4427_force_XATTR_PAX_tmpfs.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4430_grsec-remove-localversion-grsec.patch (renamed from 3.16.4/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4435_grsec-mute-warnings.patch (renamed from 3.16.4/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4440_grsec-remove-protected-paths.patch (renamed from 3.16.4/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4450_grsec-kconfig-default-gids.patch (renamed from 3.16.4/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.16.4/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4470_disable-compat_vdso.patch (renamed from 3.16.4/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.16.5/4475_emutramp_default_on.patch (renamed from 3.16.4/4475_emutramp_default_on.patch) | 0 | ||||
-rw-r--r-- | 3.2.63/0000_README | 2 | ||||
-rw-r--r-- | 3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch (renamed from 3.2.63/4420_grsecurity-3.0-3.2.63-201410062032.patch) | 46 |
24 files changed, 397 insertions, 628 deletions
diff --git a/3.14.20/0000_README b/3.14.21/0000_README index 34185fb..485a73e 100644 --- a/3.14.20/0000_README +++ b/3.14.21/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.14.20-201410081929.patch +Patch: 4420_grsecurity-3.0-3.14.21-201410131959.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.14.20/4420_grsecurity-3.0-3.14.20-201410081929.patch b/3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch index 23ff6ad..61e17cf 100644 --- a/3.14.20/4420_grsecurity-3.0-3.14.20-201410081929.patch +++ b/3.14.21/4420_grsecurity-3.0-3.14.21-201410131959.patch @@ -287,7 +287,7 @@ index 7116fda..d8ed6e8 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index beb7e6f..70db31f 100644 +index 41e6e19..abeca4e 100644 --- a/Makefile +++ b/Makefile @@ -244,8 +244,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -38279,10 +38279,10 @@ index 929468e..efb12f0 100644 idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index c706d50..5e1b472 100644 +index 8c16c2f..3274b96 100644 --- a/drivers/block/drbd/drbd_nl.c +++ b/drivers/block/drbd/drbd_nl.c -@@ -3440,7 +3440,7 @@ out: +@@ -3446,7 +3446,7 @@ out: void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) { @@ -38291,7 +38291,7 @@ index c706d50..5e1b472 100644 struct sk_buff *msg; struct drbd_genlmsghdr *d_out; unsigned seq; -@@ -3453,7 +3453,7 @@ void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) +@@ -3459,7 +3459,7 @@ void drbd_bcast_event(struct drbd_conf *mdev, const struct sib_info *sib) return; } @@ -44744,10 +44744,10 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 18cda77..c5d72c7 100644 +index 4913c06..663bb94 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1707,6 +1707,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) +@@ -1711,6 +1711,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) return 1; } @@ -44758,7 +44758,7 @@ index 18cda77..c5d72c7 100644 static int grow_stripes(struct r5conf *conf, int num) { struct kmem_cache *sc; -@@ -1718,7 +1722,11 @@ static int grow_stripes(struct r5conf *conf, int num) +@@ -1722,7 +1726,11 @@ static int grow_stripes(struct r5conf *conf, int num) "raid%d-%s", conf->level, mdname(conf->mddev)); else sprintf(conf->cache_name[0], @@ -44770,7 +44770,7 @@ index 18cda77..c5d72c7 100644 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); conf->active_name = 0; -@@ -1991,21 +1999,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1995,21 +2003,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -44796,7 +44796,7 @@ index 18cda77..c5d72c7 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2033,7 +2041,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2037,7 +2045,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -58825,10 +58825,10 @@ index 7c6b73c..a8f0db2 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index f15d435..0f61ef5 100644 +index 5d12d69..161d0ce 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -801,35 +801,35 @@ struct cifs_tcon { +@@ -803,35 +803,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -58888,7 +58888,7 @@ index f15d435..0f61ef5 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -1165,7 +1165,7 @@ convert_delimiter(char *path, char delim) +@@ -1167,7 +1167,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -58897,7 +58897,7 @@ index f15d435..0f61ef5 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1531,8 +1531,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1533,8 +1533,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -58909,7 +58909,7 @@ index f15d435..0f61ef5 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/file.c b/fs/cifs/file.c -index 8175b18..9525542 100644 +index d375322..88c3ead 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping, @@ -58953,18 +58953,9 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index d1fdfa8..186defc 100644 +index e9ad8d3..6395e45 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -586,7 +586,7 @@ cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, - tmprc = CIFS_open(xid, &oparms, &oplock, NULL); - if (tmprc == -EOPNOTSUPP) - *symlink = true; -- else -+ else if (tmprc == 0) - CIFSSMBClose(xid, tcon, fid.netfid); - } - @@ -626,27 +626,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { @@ -59070,21 +59061,8 @@ index d1fdfa8..186defc 100644 #endif } -diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c -index e31a9df..1007867 100644 ---- a/fs/cifs/smb2maperror.c -+++ b/fs/cifs/smb2maperror.c -@@ -256,6 +256,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = { - {STATUS_DLL_MIGHT_BE_INCOMPATIBLE, -EIO, - "STATUS_DLL_MIGHT_BE_INCOMPATIBLE"}, - {STATUS_STOPPED_ON_SYMLINK, -EOPNOTSUPP, "STATUS_STOPPED_ON_SYMLINK"}, -+ {STATUS_IO_REPARSE_TAG_NOT_HANDLED, -EOPNOTSUPP, -+ "STATUS_REPARSE_NOT_HANDLED"}, - {STATUS_DEVICE_REQUIRES_CLEANING, -EIO, - "STATUS_DEVICE_REQUIRES_CLEANING"}, - {STATUS_DEVICE_DOOR_OPEN, -EIO, "STATUS_DEVICE_DOOR_OPEN"}, diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index f8977b2..bb38079 100644 +index 34a17d4..9ca186f 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -364,8 +364,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) @@ -59205,7 +59183,7 @@ index f8977b2..bb38079 100644 } diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c -index 9aab8fe..2bd5f3b 100644 +index 3487929..47a6ebf2 100644 --- a/fs/cifs/smb2pdu.c +++ b/fs/cifs/smb2pdu.c @@ -2100,8 +2100,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, @@ -59782,10 +59760,10 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index 31e46b1..88754df 100644 +index ea4449d..cb8ebd8 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,8 +55,20 @@ +@@ -56,8 +56,20 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -59806,7 +59784,7 @@ index 31e46b1..88754df 100644 #include <asm/mmu_context.h> #include <asm/tlb.h> -@@ -65,19 +77,34 @@ +@@ -66,19 +78,34 @@ #include <trace/events/sched.h> @@ -59843,7 +59821,7 @@ index 31e46b1..88754df 100644 write_unlock(&binfmt_lock); } -@@ -86,7 +113,7 @@ EXPORT_SYMBOL(__register_binfmt); +@@ -87,7 +114,7 @@ EXPORT_SYMBOL(__register_binfmt); void unregister_binfmt(struct linux_binfmt * fmt) { write_lock(&binfmt_lock); @@ -59852,7 +59830,7 @@ index 31e46b1..88754df 100644 write_unlock(&binfmt_lock); } -@@ -180,18 +207,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -181,18 +208,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -59874,7 +59852,7 @@ index 31e46b1..88754df 100644 return NULL; if (write) { -@@ -207,6 +226,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -208,6 +227,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -59892,7 +59870,7 @@ index 31e46b1..88754df 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -266,6 +296,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -267,6 +297,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_SOFTDIRTY | VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -59904,7 +59882,7 @@ index 31e46b1..88754df 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -276,6 +311,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -277,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -59917,7 +59895,7 @@ index 31e46b1..88754df 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,7 +437,7 @@ struct user_arg_ptr { +@@ -397,7 +438,7 @@ struct user_arg_ptr { } ptr; }; @@ -59926,7 +59904,7 @@ index 31e46b1..88754df 100644 { const char __user *native; -@@ -405,14 +446,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -406,14 +447,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -59943,7 +59921,7 @@ index 31e46b1..88754df 100644 return native; } -@@ -431,7 +472,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -432,7 +473,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -59952,7 +59930,7 @@ index 31e46b1..88754df 100644 return -EFAULT; if (i >= max) -@@ -466,7 +507,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -467,7 +508,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -59961,7 +59939,7 @@ index 31e46b1..88754df 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -548,7 +589,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -549,7 +590,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -59970,7 +59948,7 @@ index 31e46b1..88754df 100644 }; set_fs(KERNEL_DS); -@@ -583,7 +624,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -584,7 +625,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -59980,7 +59958,7 @@ index 31e46b1..88754df 100644 /* * ensure there are no vmas between where we want to go -@@ -592,6 +634,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -593,6 +635,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -59991,7 +59969,7 @@ index 31e46b1..88754df 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -673,10 +719,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -60002,7 +59980,7 @@ index 31e46b1..88754df 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -687,8 +729,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -688,8 +730,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -60031,7 +60009,7 @@ index 31e46b1..88754df 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -707,13 +769,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -708,13 +770,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -60045,7 +60023,7 @@ index 31e46b1..88754df 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -737,6 +792,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -738,6 +793,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -60073,7 +60051,7 @@ index 31e46b1..88754df 100644 if (ret) ret = -EFAULT; -@@ -772,6 +848,8 @@ static struct file *do_open_exec(struct filename *name) +@@ -773,6 +849,8 @@ static struct file *do_open_exec(struct filename *name) fsnotify_open(file); @@ -60082,7 +60060,7 @@ index 31e46b1..88754df 100644 err = deny_write_access(file); if (err) goto exit; -@@ -801,7 +879,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -802,7 +880,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -60091,15 +60069,15 @@ index 31e46b1..88754df 100644 set_fs(old_fs); return result; } -@@ -846,6 +924,7 @@ static int exec_mmap(struct mm_struct *mm) +@@ -847,6 +925,7 @@ static int exec_mmap(struct mm_struct *mm) tsk->mm = mm; tsk->active_mm = mm; activate_mm(active_mm, mm); + populate_stack(); + tsk->mm->vmacache_seqnum = 0; + vmacache_flush(tsk); task_unlock(tsk); - if (old_mm) { - up_read(&old_mm->mmap_sem); -@@ -1258,7 +1337,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) +@@ -1261,7 +1340,7 @@ static void check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -60108,7 +60086,7 @@ index 31e46b1..88754df 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; else p->fs->in_exec = 1; -@@ -1434,6 +1513,31 @@ static int exec_binprm(struct linux_binprm *bprm) +@@ -1437,6 +1516,31 @@ static int exec_binprm(struct linux_binprm *bprm) return ret; } @@ -60140,7 +60118,7 @@ index 31e46b1..88754df 100644 /* * sys_execve() executes a new program. */ -@@ -1441,6 +1545,11 @@ static int do_execve_common(struct filename *filename, +@@ -1444,6 +1548,11 @@ static int do_execve_common(struct filename *filename, struct user_arg_ptr argv, struct user_arg_ptr envp) { @@ -60152,7 +60130,7 @@ index 31e46b1..88754df 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1449,6 +1558,8 @@ static int do_execve_common(struct filename *filename, +@@ -1452,6 +1561,8 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(filename)) return PTR_ERR(filename); @@ -60161,7 +60139,7 @@ index 31e46b1..88754df 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1486,11 +1597,21 @@ static int do_execve_common(struct filename *filename, +@@ -1489,11 +1600,21 @@ static int do_execve_common(struct filename *filename, if (IS_ERR(file)) goto out_unmark; @@ -60183,7 +60161,7 @@ index 31e46b1..88754df 100644 retval = bprm_mm_init(bprm); if (retval) goto out_unmark; -@@ -1507,24 +1628,70 @@ static int do_execve_common(struct filename *filename, +@@ -1510,24 +1631,70 @@ static int do_execve_common(struct filename *filename, if (retval < 0) goto out; @@ -60258,7 +60236,7 @@ index 31e46b1..88754df 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1535,6 +1702,14 @@ static int do_execve_common(struct filename *filename, +@@ -1538,6 +1705,14 @@ static int do_execve_common(struct filename *filename, put_files_struct(displaced); return retval; @@ -60273,7 +60251,7 @@ index 31e46b1..88754df 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1626,3 +1801,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1629,3 +1804,312 @@ asmlinkage long compat_sys_execve(const char __user * filename, return compat_do_execve(getname(filename), argv, envp); } #endif @@ -62572,7 +62550,7 @@ index fe649d3..c679164 100644 __putname(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index d19b30a..ef89c36 100644 +index a4a8ed5..9e017c0 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, @@ -65896,10 +65874,10 @@ index 6f599c6..bd00271 100644 seq_printf(p, "softirq %llu", (unsigned long long)sum_softirq); diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 8f78819..ba6c272 100644 +index c4b2646..84f0d7b 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c -@@ -12,12 +12,19 @@ +@@ -13,12 +13,19 @@ #include <linux/swap.h> #include <linux/swapops.h> #include <linux/mmu_notifier.h> @@ -65919,7 +65897,7 @@ index 8f78819..ba6c272 100644 void task_mem(struct seq_file *m, struct mm_struct *mm) { unsigned long data, text, lib, swap; -@@ -53,8 +60,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) +@@ -54,8 +61,13 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) "VmExe:\t%8lu kB\n" "VmLib:\t%8lu kB\n" "VmPTE:\t%8lu kB\n" @@ -65935,7 +65913,7 @@ index 8f78819..ba6c272 100644 total_vm << (PAGE_SHIFT-10), mm->locked_vm << (PAGE_SHIFT-10), mm->pinned_vm << (PAGE_SHIFT-10), -@@ -64,7 +76,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) +@@ -65,7 +77,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) mm->stack_vm << (PAGE_SHIFT-10), text, lib, (PTRS_PER_PTE * sizeof(pte_t) * atomic_long_read(&mm->nr_ptes)) >> 10, @@ -65956,7 +65934,7 @@ index 8f78819..ba6c272 100644 } unsigned long task_vsize(struct mm_struct *mm) -@@ -270,13 +294,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -271,13 +295,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; } @@ -65975,7 +65953,7 @@ index 8f78819..ba6c272 100644 seq_setwidth(m, 25 + sizeof(void *) * 6 - 1); seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu ", -@@ -286,7 +310,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -287,7 +311,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) flags & VM_WRITE ? 'w' : '-', flags & VM_EXEC ? 'x' : '-', flags & VM_MAYSHARE ? 's' : 'p', @@ -65987,7 +65965,7 @@ index 8f78819..ba6c272 100644 MAJOR(dev), MINOR(dev), ino); /* -@@ -295,7 +323,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -296,7 +324,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) */ if (file) { seq_pad(m, ' '); @@ -65996,7 +65974,7 @@ index 8f78819..ba6c272 100644 goto done; } -@@ -321,8 +349,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -322,8 +350,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) * Thread stack in /proc/PID/task/TID/maps or * the main process stack. */ @@ -66008,7 +65986,7 @@ index 8f78819..ba6c272 100644 name = "[stack]"; } else { /* Thread stack in /proc/PID/maps */ -@@ -346,6 +375,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) +@@ -347,6 +376,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) struct proc_maps_private *priv = m->private; struct task_struct *task = priv->task; @@ -66022,7 +66000,7 @@ index 8f78819..ba6c272 100644 show_map_vma(m, vma, is_pid); if (m->count < m->size) /* vma is copied successfully */ -@@ -586,12 +622,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -587,12 +623,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -66051,7 +66029,7 @@ index 8f78819..ba6c272 100644 show_map_vma(m, vma, is_pid); seq_printf(m, -@@ -609,7 +656,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -610,7 +657,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -66063,7 +66041,7 @@ index 8f78819..ba6c272 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1387,6 +1438,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1388,6 +1439,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) char buffer[64]; int nid; @@ -66077,7 +66055,7 @@ index 8f78819..ba6c272 100644 if (!mm) return 0; -@@ -1404,11 +1462,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1405,11 +1463,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) mpol_to_str(buffer, sizeof(buffer), pol); mpol_cond_put(pol); @@ -66818,7 +66796,7 @@ index e18b988..f1d4ad0f 100644 int err; diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index 982ce05..c693331 100644 +index 287cd5f..c693331 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -51,7 +51,6 @@ MODULE_LICENSE("GPL"); @@ -66829,18 +66807,7 @@ index 982ce05..c693331 100644 static int udf_sync_inode(struct inode *inode); static int udf_alloc_i_data(struct inode *inode, size_t size); static sector_t inode_getblk(struct inode *, sector_t, int *, int *); -@@ -1271,13 +1270,25 @@ update_time: - return 0; - } - -+/* -+ * Maximum length of linked list formed by ICB hierarchy. The chosen number is -+ * arbitrary - just that we hopefully don't limit any real use of rewritten -+ * inode on write-once media but avoid looping for too long on corrupted media. -+ */ -+#define UDF_MAX_ICB_NESTING 1024 -+ - static void __udf_read_inode(struct inode *inode) +@@ -1282,8 +1281,11 @@ static void __udf_read_inode(struct inode *inode) { struct buffer_head *bh = NULL; struct fileEntry *fe; @@ -66849,13 +66816,10 @@ index 982ce05..c693331 100644 struct udf_inode_info *iinfo = UDF_I(inode); + struct udf_sb_info *sbi = UDF_SB(inode->i_sb); + unsigned int link_count; -+ unsigned int indirections = 0; + unsigned int indirections = 0; -+reread: - /* - * Set defaults, but the inode is still incomplete! - * Note: get_new_inode() sets the following on a new inode: -@@ -1307,6 +1318,7 @@ static void __udf_read_inode(struct inode *inode) + reread: +@@ -1316,6 +1318,7 @@ reread: } fe = (struct fileEntry *)bh->b_data; @@ -66863,48 +66827,7 @@ index 982ce05..c693331 100644 if (fe->icbTag.strategyType == cpu_to_le16(4096)) { struct buffer_head *ibh; -@@ -1314,28 +1326,26 @@ static void __udf_read_inode(struct inode *inode) - ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, - &ident); - if (ident == TAG_IDENT_IE && ibh) { -- struct buffer_head *nbh = NULL; - struct kernel_lb_addr loc; - struct indirectEntry *ie; - - ie = (struct indirectEntry *)ibh->b_data; - loc = lelb_to_cpu(ie->indirectICB.extLocation); - -- if (ie->indirectICB.extLength && -- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, -- &ident))) { -- if (ident == TAG_IDENT_FE || -- ident == TAG_IDENT_EFE) { -- memcpy(&iinfo->i_location, -- &loc, -- sizeof(struct kernel_lb_addr)); -- brelse(bh); -- brelse(ibh); -- brelse(nbh); -- __udf_read_inode(inode); -+ if (ie->indirectICB.extLength) { -+ brelse(bh); -+ brelse(ibh); -+ memcpy(&iinfo->i_location, &loc, -+ sizeof(struct kernel_lb_addr)); -+ if (++indirections > UDF_MAX_ICB_NESTING) { -+ udf_err(inode->i_sb, -+ "too many ICBs in ICB hierarchy" -+ " (max %d supported)\n", -+ UDF_MAX_ICB_NESTING); -+ make_bad_inode(inode); - return; - } -- brelse(nbh); -+ goto reread; - } - } - brelse(ibh); -@@ -1346,22 +1356,6 @@ static void __udf_read_inode(struct inode *inode) +@@ -1353,22 +1356,6 @@ reread: make_bad_inode(inode); return; } @@ -66927,7 +66850,7 @@ index 982ce05..c693331 100644 if (fe->icbTag.strategyType == cpu_to_le16(4)) iinfo->i_strat4096 = 0; else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */ -@@ -1551,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) +@@ -1558,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) } else make_bad_inode(inode); } @@ -66935,7 +66858,7 @@ index 982ce05..c693331 100644 } static int udf_alloc_i_data(struct inode *inode, size_t size) -@@ -1664,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) +@@ -1671,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); fe->permissions = cpu_to_le32(udfperms); @@ -67202,10 +67125,10 @@ index 78e62cc..eec3706 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..27cec32 +index 0000000..cdaa3ef --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1166 @@ +@@ -0,0 +1,1168 @@ +# +# grecurity configuration +# @@ -68146,6 +68069,8 @@ index 0000000..27cec32 + If you say Y here, neither TCP resets nor ICMP + destination-unreachable packets will be sent in response to packets + sent to ports for which no associated listening process exists. ++ It will also prevent the sending of ICMP protocol unreachable packets ++ in response to packets with unknown protocols. + This feature supports both IPV4 and IPV6 and exempts the + loopback interface from blackholing. Enabling this feature + makes a host more resilient to DoS attacks and reduces network @@ -81701,10 +81626,10 @@ index 0ceb389..eed3fb8 100644 void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, u32 offset, struct device_node *); diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h -index 1f44466..b481806 100644 +index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h -@@ -292,20 +292,20 @@ extern unsigned long preset_lpj; +@@ -280,20 +280,20 @@ extern unsigned long preset_lpj; /* * Convert various time units to each other: */ @@ -82353,7 +82278,7 @@ index c1b7414..5ea2ad8 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 290901a..e99b01c 100644 +index 2b58d19..6378966 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -307,7 +307,9 @@ struct vm_area_struct { @@ -83511,10 +83436,10 @@ index a964f72..b475afb 100644 } diff --git a/include/linux/sched.h b/include/linux/sched.h -index ccd0c6f..84d9030 100644 +index d7ca410..8b39a0c 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -129,6 +129,7 @@ struct fs_struct; +@@ -133,6 +133,7 @@ struct fs_struct; struct perf_event_context; struct blk_plug; struct filename; @@ -83522,7 +83447,7 @@ index ccd0c6f..84d9030 100644 /* * List of flags we want to share for kernel threads, -@@ -369,7 +370,7 @@ extern char __sched_text_start[], __sched_text_end[]; +@@ -373,7 +374,7 @@ extern char __sched_text_start[], __sched_text_end[]; extern int in_sched_functions(unsigned long addr); #define MAX_SCHEDULE_TIMEOUT LONG_MAX @@ -83531,7 +83456,7 @@ index ccd0c6f..84d9030 100644 extern signed long schedule_timeout_interruptible(signed long timeout); extern signed long schedule_timeout_killable(signed long timeout); extern signed long schedule_timeout_uninterruptible(signed long timeout); -@@ -380,6 +381,19 @@ struct nsproxy; +@@ -384,6 +385,19 @@ struct nsproxy; struct user_namespace; #ifdef CONFIG_MMU @@ -83551,7 +83476,7 @@ index ccd0c6f..84d9030 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -677,6 +691,17 @@ struct signal_struct { +@@ -681,6 +695,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -83569,7 +83494,7 @@ index ccd0c6f..84d9030 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; unsigned audit_tty_log_passwd; -@@ -703,7 +728,7 @@ struct signal_struct { +@@ -707,7 +732,7 @@ struct signal_struct { struct mutex cred_guard_mutex; /* guard against foreign influences on * credential calculations * (notably. ptrace) */ @@ -83578,7 +83503,7 @@ index ccd0c6f..84d9030 100644 /* * Bits in flags field of signal_struct. -@@ -757,6 +782,14 @@ struct user_struct { +@@ -761,6 +786,14 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -83593,7 +83518,7 @@ index ccd0c6f..84d9030 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -764,7 +797,7 @@ struct user_struct { +@@ -768,7 +801,7 @@ struct user_struct { #ifdef CONFIG_PERF_EVENTS atomic_long_t locked_vm; #endif @@ -83602,7 +83527,7 @@ index ccd0c6f..84d9030 100644 extern int uids_sysfs_init(void); -@@ -1164,6 +1197,9 @@ enum perf_event_task_context { +@@ -1168,6 +1201,9 @@ enum perf_event_task_context { struct task_struct { volatile long state; /* -1 unrunnable, 0 runnable, >0 stopped */ void *stack; @@ -83612,7 +83537,7 @@ index ccd0c6f..84d9030 100644 atomic_t usage; unsigned int flags; /* per process flags, defined below */ unsigned int ptrace; -@@ -1286,8 +1322,8 @@ struct task_struct { +@@ -1293,8 +1329,8 @@ struct task_struct { struct list_head thread_node; struct completion *vfork_done; /* for vfork() */ @@ -83623,7 +83548,7 @@ index ccd0c6f..84d9030 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1312,11 +1348,6 @@ struct task_struct { +@@ -1319,11 +1355,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -83635,7 +83560,7 @@ index ccd0c6f..84d9030 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1333,6 +1364,10 @@ struct task_struct { +@@ -1340,6 +1371,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -83646,7 +83571,7 @@ index ccd0c6f..84d9030 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1409,6 +1444,10 @@ struct task_struct { +@@ -1416,6 +1451,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -83657,7 +83582,7 @@ index ccd0c6f..84d9030 100644 /* journalling filesystem info */ void *journal_info; -@@ -1447,6 +1486,10 @@ struct task_struct { +@@ -1454,6 +1493,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -83668,7 +83593,7 @@ index ccd0c6f..84d9030 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1581,7 +1624,78 @@ struct task_struct { +@@ -1588,7 +1631,78 @@ struct task_struct { unsigned int sequential_io; unsigned int sequential_io_avg; #endif @@ -83748,7 +83673,7 @@ index ccd0c6f..84d9030 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1658,7 +1772,7 @@ struct pid_namespace; +@@ -1665,7 +1779,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -83757,7 +83682,7 @@ index ccd0c6f..84d9030 100644 { return tsk->pid; } -@@ -2006,6 +2120,25 @@ extern u64 sched_clock_cpu(int cpu); +@@ -2013,6 +2127,25 @@ extern u64 sched_clock_cpu(int cpu); extern void sched_clock_init(void); @@ -83783,7 +83708,7 @@ index ccd0c6f..84d9030 100644 #ifndef CONFIG_HAVE_UNSTABLE_SCHED_CLOCK static inline void sched_clock_tick(void) { -@@ -2130,7 +2263,9 @@ void yield(void); +@@ -2137,7 +2270,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -83793,7 +83718,7 @@ index ccd0c6f..84d9030 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2163,6 +2298,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2170,6 +2305,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -83801,7 +83726,7 @@ index ccd0c6f..84d9030 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2325,7 +2461,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2332,7 +2468,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -83810,7 +83735,7 @@ index ccd0c6f..84d9030 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2526,9 +2662,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2533,9 +2669,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -86193,7 +86118,7 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 93c5ef0..ac92caa 100644 +index 8b9521a..8a3cc34 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1079,6 +1079,7 @@ endif # CGROUPS @@ -86204,7 +86129,7 @@ index 93c5ef0..ac92caa 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1545,7 +1546,7 @@ config SLUB_DEBUG +@@ -1546,7 +1547,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -86213,7 +86138,7 @@ index 93c5ef0..ac92caa 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1833,7 +1834,7 @@ config INIT_ALL_POSSIBLE +@@ -1834,7 +1835,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -87551,10 +87476,10 @@ index e0573a4..20fb164 100644 /** diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index 334b398..9145fb1 100644 +index 8865cae..3530a18 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c -@@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); +@@ -124,7 +124,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); */ static atomic_t masters_in_kgdb; static atomic_t slaves_in_kgdb; @@ -87563,7 +87488,7 @@ index 334b398..9145fb1 100644 atomic_t kgdb_setting_breakpoint; struct task_struct *kgdb_usethread; -@@ -133,7 +133,7 @@ int kgdb_single_step; +@@ -134,7 +134,7 @@ int kgdb_single_step; static pid_t kgdb_sstep_pid; /* to keep track of the CPU which is doing the single stepping*/ @@ -87572,7 +87497,7 @@ index 334b398..9145fb1 100644 /* * If you are debugging a problem where roundup (the collection of -@@ -541,7 +541,7 @@ return_normal: +@@ -549,7 +549,7 @@ return_normal: * kernel will only try for the value of sstep_tries before * giving up and continuing on. */ @@ -87581,7 +87506,7 @@ index 334b398..9145fb1 100644 (kgdb_info[cpu].task && kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) { atomic_set(&kgdb_active, -1); -@@ -639,8 +639,8 @@ cpu_master_loop: +@@ -647,8 +647,8 @@ cpu_master_loop: } kgdb_restore: @@ -87592,7 +87517,7 @@ index 334b398..9145fb1 100644 if (kgdb_info[sstep_cpu].task) kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid; else -@@ -917,18 +917,18 @@ static void kgdb_unregister_callbacks(void) +@@ -925,18 +925,18 @@ static void kgdb_unregister_callbacks(void) static void kgdb_tasklet_bpt(unsigned long ing) { kgdb_breakpoint(); @@ -87637,7 +87562,7 @@ index 0b097c8..11dd5c5 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 3a140ca..6624485 100644 +index 4ced342f..6624485 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -158,8 +158,15 @@ static struct srcu_struct pmus_srcu; @@ -87767,18 +87692,6 @@ index 3a140ca..6624485 100644 &parent_event->child_total_time_running); /* -@@ -7836,8 +7848,10 @@ int perf_event_init_task(struct task_struct *child) - - for_each_task_context_nr(ctxn) { - ret = perf_event_init_context(child, ctxn); -- if (ret) -+ if (ret) { -+ perf_event_free_task(child); - return ret; -+ } - } - - return 0; diff --git a/kernel/events/internal.h b/kernel/events/internal.h index 569b2187..19940d9 100644 --- a/kernel/events/internal.h @@ -87897,10 +87810,10 @@ index 81b3d67..ef189a4 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index c44bff8..7361260 100644 +index e2c6853..9a6397e 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -180,6 +180,48 @@ void thread_info_cache_init(void) +@@ -182,6 +182,48 @@ void thread_info_cache_init(void) # endif #endif @@ -87949,7 +87862,7 @@ index c44bff8..7361260 100644 /* SLAB cache for signal_struct structures (tsk->signal) */ static struct kmem_cache *signal_cachep; -@@ -198,18 +240,22 @@ struct kmem_cache *vm_area_cachep; +@@ -200,18 +242,22 @@ struct kmem_cache *vm_area_cachep; /* SLAB cache for mm_struct structures (tsk->mm) */ static struct kmem_cache *mm_cachep; @@ -87975,7 +87888,7 @@ index c44bff8..7361260 100644 rt_mutex_debug_task_free(tsk); ftrace_graph_exit_task(tsk); put_seccomp_filter(tsk); -@@ -295,6 +341,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -297,6 +343,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) struct task_struct *tsk; struct thread_info *ti; unsigned long *stackend; @@ -87983,7 +87896,7 @@ index c44bff8..7361260 100644 int node = tsk_fork_get_node(orig); int err; -@@ -302,7 +349,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -304,7 +351,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) if (!tsk) return NULL; @@ -87992,7 +87905,7 @@ index c44bff8..7361260 100644 if (!ti) goto free_tsk; -@@ -311,6 +358,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -313,6 +360,9 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) goto free_ti; tsk->stack = ti; @@ -88002,7 +87915,7 @@ index c44bff8..7361260 100644 setup_thread_stack(tsk, orig); clear_user_return_notifier(tsk); -@@ -319,7 +369,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -321,7 +371,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -88011,7 +87924,7 @@ index c44bff8..7361260 100644 #endif /* -@@ -333,24 +383,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -335,24 +385,92 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) tsk->splice_pipe = NULL; tsk->task_frag.page = NULL; @@ -88108,7 +88021,7 @@ index c44bff8..7361260 100644 uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); -@@ -379,55 +497,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -381,55 +499,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -88168,7 +88081,7 @@ index c44bff8..7361260 100644 } /* -@@ -459,6 +537,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -461,6 +539,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -88200,7 +88113,7 @@ index c44bff8..7361260 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -468,14 +571,6 @@ out: +@@ -470,14 +573,6 @@ out: up_write(&oldmm->mmap_sem); uprobe_end_dup_mmap(); return retval; @@ -88215,7 +88128,7 @@ index c44bff8..7361260 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -689,8 +784,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -691,8 +786,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -88226,7 +88139,7 @@ index c44bff8..7361260 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -906,13 +1001,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -911,13 +1006,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -88248,7 +88161,7 @@ index c44bff8..7361260 100644 return 0; } -@@ -1130,7 +1232,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) +@@ -1135,7 +1237,7 @@ init_task_pid(struct task_struct *task, enum pid_type type, struct pid *pid) * parts of the process environment (as per the clone * flags). The actual kick-off is left to the caller. */ @@ -88257,7 +88170,7 @@ index c44bff8..7361260 100644 unsigned long stack_start, unsigned long stack_size, int __user *child_tidptr, -@@ -1202,6 +1304,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1207,6 +1309,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -88267,16 +88180,7 @@ index c44bff8..7361260 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1323,7 +1428,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, - goto bad_fork_cleanup_policy; - retval = audit_alloc(p); - if (retval) -- goto bad_fork_cleanup_policy; -+ goto bad_fork_cleanup_perf; - /* copy all the process information */ - retval = copy_semundo(clone_flags, p); - if (retval) -@@ -1449,6 +1554,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1454,6 +1559,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -88288,18 +88192,7 @@ index c44bff8..7361260 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1522,8 +1632,9 @@ bad_fork_cleanup_semundo: - exit_sem(p); - bad_fork_cleanup_audit: - audit_free(p); --bad_fork_cleanup_policy: -+bad_fork_cleanup_perf: - perf_event_free_task(p); -+bad_fork_cleanup_policy: - #ifdef CONFIG_NUMA - mpol_put(p->mempolicy); - bad_fork_cleanup_cgroup: -@@ -1539,6 +1650,8 @@ bad_fork_cleanup_count: +@@ -1545,6 +1655,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -88308,7 +88201,7 @@ index c44bff8..7361260 100644 return ERR_PTR(retval); } -@@ -1600,6 +1713,7 @@ long do_fork(unsigned long clone_flags, +@@ -1606,6 +1718,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -88316,7 +88209,7 @@ index c44bff8..7361260 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1616,6 +1730,8 @@ long do_fork(unsigned long clone_flags, +@@ -1622,6 +1735,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -88325,7 +88218,7 @@ index c44bff8..7361260 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1734,7 +1850,7 @@ void __init proc_caches_init(void) +@@ -1740,7 +1855,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -88334,7 +88227,7 @@ index c44bff8..7361260 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1774,7 +1890,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1780,7 +1895,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -88343,7 +88236,7 @@ index c44bff8..7361260 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1881,7 +1997,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1887,7 +2002,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -92322,7 +92215,7 @@ index 13d2f7c..c93d0b0 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index 7c7964c..2a0d412 100644 +index 3c49ab4..00a3aea 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -92605,7 +92498,7 @@ index e3be87e..7480b36 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 773aba8..0e70660 100644 +index 774a080..7fa60b1 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -94062,24 +93955,10 @@ index 09d9591..165bb75 100644 bdi_destroy(bdi); return err; diff --git a/mm/filemap.c b/mm/filemap.c -index 7a13f6a..e31738b 100644 +index c2cc7c9..50ef696 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -192,9 +192,11 @@ static int filemap_check_errors(struct address_space *mapping) - { - int ret = 0; - /* Check for outstanding write errors */ -- if (test_and_clear_bit(AS_ENOSPC, &mapping->flags)) -+ if (test_bit(AS_ENOSPC, &mapping->flags) && -+ test_and_clear_bit(AS_ENOSPC, &mapping->flags)) - ret = -ENOSPC; -- if (test_and_clear_bit(AS_EIO, &mapping->flags)) -+ if (test_bit(AS_EIO, &mapping->flags) && -+ test_and_clear_bit(AS_EIO, &mapping->flags)) - ret = -EIO; - return ret; - } -@@ -1766,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1768,7 +1768,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -94088,7 +93967,7 @@ index 7a13f6a..e31738b 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -1948,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, +@@ -1950,7 +1950,7 @@ static size_t __iovec_copy_from_user_inatomic(char *vaddr, while (bytes) { char __user *buf = iov->iov_base + base; @@ -94097,7 +93976,7 @@ index 7a13f6a..e31738b 100644 base = 0; left = __copy_from_user_inatomic(vaddr, buf, copy); -@@ -1977,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, +@@ -1979,7 +1979,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, BUG_ON(!in_atomic()); kaddr = kmap_atomic(page); if (likely(i->nr_segs == 1)) { @@ -94106,7 +93985,7 @@ index 7a13f6a..e31738b 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user_inatomic(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2005,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page, +@@ -2007,7 +2007,7 @@ size_t iov_iter_copy_from_user(struct page *page, kaddr = kmap(page); if (likely(i->nr_segs == 1)) { @@ -94115,7 +93994,7 @@ index 7a13f6a..e31738b 100644 char __user *buf = i->iov->iov_base + i->iov_offset; left = __copy_from_user(kaddr + offset, buf, bytes); copied = bytes - left; -@@ -2035,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) +@@ -2037,7 +2037,7 @@ void iov_iter_advance(struct iov_iter *i, size_t bytes) * zero-length segments (without overruning the iovec). */ while (bytes || unlikely(i->count && !iov->iov_len)) { @@ -94124,7 +94003,7 @@ index 7a13f6a..e31738b 100644 copy = min(bytes, iov->iov_len - base); BUG_ON(!i->count || i->count < copy); -@@ -2106,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2108,6 +2108,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -94176,43 +94055,19 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 1c42d0c..2a99426 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -1824,6 +1824,11 @@ static int __split_huge_page_map(struct page *page, - for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { - pte_t *pte, entry; - BUG_ON(PageCompound(page+i)); -+ /* -+ * Note that pmd_numa is not transferred deliberately -+ * to avoid any possibility that pte_numa leaks to -+ * a PROT_NONE VMA by accident. -+ */ - entry = mk_pte(page + i, vma->vm_page_prot); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); - if (!pmd_write(*pmd)) -@@ -1832,8 +1837,6 @@ static int __split_huge_page_map(struct page *page, - BUG_ON(page_mapcount(page) != 1); - if (!pmd_young(*pmd)) - entry = pte_mkold(entry); -- if (pmd_numa(*pmd)) -- entry = pte_mknuma(entry); - pte = pte_offset_map(&_pmd, haddr); - BUG_ON(!pte_none(*pte)); - set_pte_at(mm, haddr, pte, entry); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 923f38e..74e159a 100644 +index 67d0c17..b22c193 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2070,15 +2070,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2070,6 +2070,7 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; + ctl_table_no_const hugetlb_table; - tmp = h->max_huge_pages; - + if (!hugepages_supported()) + return -ENOTSUPP; +@@ -2079,9 +2080,10 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, if (write && h->order >= MAX_ORDER) return -EINVAL; @@ -94226,14 +94081,15 @@ index 923f38e..74e159a 100644 if (ret) goto out; -@@ -2123,15 +2125,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2126,6 +2128,7 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; + ctl_table_no_const hugetlb_table; - tmp = h->nr_overcommit_huge_pages; - + if (!hugepages_supported()) + return -ENOTSUPP; +@@ -2135,9 +2138,10 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, if (write && h->order >= MAX_ORDER) return -EINVAL; @@ -94247,7 +94103,7 @@ index 923f38e..74e159a 100644 if (ret) goto out; -@@ -2616,6 +2620,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2629,6 +2633,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -94275,7 +94131,7 @@ index 923f38e..74e159a 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2732,6 +2757,11 @@ retry_avoidcopy: +@@ -2745,6 +2770,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -94287,7 +94143,7 @@ index 923f38e..74e159a 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2896,6 +2926,10 @@ retry: +@@ -2909,6 +2939,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -94298,7 +94154,7 @@ index 923f38e..74e159a 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page, ptl); -@@ -2926,6 +2960,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2939,6 +2973,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -94309,7 +94165,7 @@ index 923f38e..74e159a 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2939,6 +2977,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2952,6 +2990,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -95307,7 +95163,7 @@ index 492e36f..3771c0a 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 15a8ea0..cb50389 100644 +index 796c7e6..3e6ec8a 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -747,6 +747,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -95383,23 +95239,10 @@ index 15a8ea0..cb50389 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index bed4880..95c4b9f 100644 +index 13f47fb..95c4b9f 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -148,8 +148,11 @@ static int remove_migration_pte(struct page *new, struct vm_area_struct *vma, - pte = pte_mkold(mk_pte(new, vma->vm_page_prot)); - if (pte_swp_soft_dirty(*ptep)) - pte = pte_mksoft_dirty(pte); -+ -+ /* Recheck VMA as permissions can change since migration started */ - if (is_write_migration_entry(entry)) -- pte = pte_mkwrite(pte); -+ pte = maybe_mkwrite(pte, vma); -+ - #ifdef CONFIG_HUGETLB_PAGE - if (PageHuge(new)) { - pte = pte_mkhuge(pte); -@@ -1485,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1488,8 +1488,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -95485,10 +95328,10 @@ index b1eb536..091d154 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 20ff0c3..005dc47 100644 +index dfe90657..3892436 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -36,6 +36,7 @@ +@@ -37,6 +37,7 @@ #include <linux/sched/sysctl.h> #include <linux/notifier.h> #include <linux/memory.h> @@ -95496,7 +95339,7 @@ index 20ff0c3..005dc47 100644 #include <asm/uaccess.h> #include <asm/cacheflush.h> -@@ -52,6 +53,16 @@ +@@ -53,6 +54,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -95513,7 +95356,7 @@ index 20ff0c3..005dc47 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -71,16 +82,25 @@ static void unmap_region(struct mm_struct *mm, +@@ -72,16 +83,25 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -95542,7 +95385,7 @@ index 20ff0c3..005dc47 100644 } EXPORT_SYMBOL(vm_get_page_prot); -@@ -90,6 +110,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; +@@ -91,6 +111,7 @@ unsigned long sysctl_overcommit_kbytes __read_mostly; int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT; unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ @@ -95550,7 +95393,7 @@ index 20ff0c3..005dc47 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -246,6 +267,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -95558,7 +95401,7 @@ index 20ff0c3..005dc47 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -290,6 +312,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -291,6 +313,12 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -95571,7 +95414,7 @@ index 20ff0c3..005dc47 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -940,6 +968,12 @@ static int +@@ -942,6 +970,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95584,7 +95427,7 @@ index 20ff0c3..005dc47 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -959,6 +993,12 @@ static int +@@ -961,6 +995,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -95597,7 +95440,7 @@ index 20ff0c3..005dc47 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -1001,13 +1041,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -1003,13 +1043,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -95619,7 +95462,7 @@ index 20ff0c3..005dc47 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -1023,6 +1070,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1025,6 +1072,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -95635,7 +95478,7 @@ index 20ff0c3..005dc47 100644 /* * Can it merge with the predecessor? */ -@@ -1042,9 +1098,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1044,9 +1100,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -95661,7 +95504,7 @@ index 20ff0c3..005dc47 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1058,12 +1129,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1060,12 +1131,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -95691,7 +95534,7 @@ index 20ff0c3..005dc47 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1172,8 +1258,10 @@ none: +@@ -1174,8 +1260,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -95704,7 +95547,7 @@ index 20ff0c3..005dc47 100644 mm->total_vm += pages; -@@ -1181,7 +1269,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1183,7 +1271,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -95713,7 +95556,7 @@ index 20ff0c3..005dc47 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1211,6 +1299,7 @@ static inline int mlock_future_check(struct mm_struct *mm, +@@ -1213,6 +1301,7 @@ static inline int mlock_future_check(struct mm_struct *mm, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -95721,7 +95564,7 @@ index 20ff0c3..005dc47 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1237,7 +1326,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1239,7 +1328,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -95730,7 +95573,7 @@ index 20ff0c3..005dc47 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1263,7 +1352,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1265,7 +1354,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -95739,7 +95582,7 @@ index 20ff0c3..005dc47 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1274,6 +1363,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1276,6 +1365,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -95783,7 +95626,7 @@ index 20ff0c3..005dc47 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1361,6 +1487,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1363,6 +1489,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } @@ -95793,7 +95636,7 @@ index 20ff0c3..005dc47 100644 addr = mmap_region(file, addr, len, vm_flags, pgoff); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || -@@ -1454,7 +1583,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1456,7 +1585,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -95802,7 +95645,7 @@ index 20ff0c3..005dc47 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1500,7 +1629,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1502,7 +1631,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, struct rb_node **rb_link, *rb_parent; unsigned long charged = 0; @@ -95825,7 +95668,7 @@ index 20ff0c3..005dc47 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) { unsigned long nr_pages; -@@ -1519,11 +1663,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1521,11 +1665,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, /* Clear old maps */ error = -ENOMEM; @@ -95838,7 +95681,7 @@ index 20ff0c3..005dc47 100644 } /* -@@ -1554,6 +1697,16 @@ munmap_back: +@@ -1556,6 +1699,16 @@ munmap_back: goto unacct_error; } @@ -95855,7 +95698,7 @@ index 20ff0c3..005dc47 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1573,6 +1726,13 @@ munmap_back: +@@ -1575,6 +1728,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -95869,7 +95712,7 @@ index 20ff0c3..005dc47 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1606,6 +1766,12 @@ munmap_back: +@@ -1608,6 +1768,12 @@ munmap_back: } vma_link(mm, vma, prev, rb_link, rb_parent); @@ -95882,7 +95725,7 @@ index 20ff0c3..005dc47 100644 /* Once vma denies write, undo our temporary denial count */ if (vm_flags & VM_DENYWRITE) allow_write_access(file); -@@ -1614,6 +1780,7 @@ out: +@@ -1616,6 +1782,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -95890,7 +95733,7 @@ index 20ff0c3..005dc47 100644 if (vm_flags & VM_LOCKED) { if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || vma == get_gate_vma(current->mm))) -@@ -1646,6 +1813,12 @@ unmap_and_free_vma: +@@ -1648,6 +1815,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -95903,7 +95746,7 @@ index 20ff0c3..005dc47 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1653,7 +1826,63 @@ unacct_error: +@@ -1655,7 +1828,63 @@ unacct_error: return error; } @@ -95968,7 +95811,7 @@ index 20ff0c3..005dc47 100644 { /* * We implement the search by looking for an rbtree node that -@@ -1701,11 +1930,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) +@@ -1703,11 +1932,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info) } } @@ -95999,7 +95842,7 @@ index 20ff0c3..005dc47 100644 if (gap_end >= low_limit && gap_end - gap_start >= length) goto found; -@@ -1755,7 +2002,7 @@ found: +@@ -1757,7 +2004,7 @@ found: return gap_start; } @@ -96008,7 +95851,7 @@ index 20ff0c3..005dc47 100644 { struct mm_struct *mm = current->mm; struct vm_area_struct *vma; -@@ -1809,6 +2056,24 @@ check_current: +@@ -1811,6 +2058,24 @@ check_current: gap_end = vma->vm_start; if (gap_end < low_limit) return -ENOMEM; @@ -96033,7 +95876,7 @@ index 20ff0c3..005dc47 100644 if (gap_start <= high_limit && gap_end - gap_start >= length) goto found; -@@ -1872,6 +2137,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1874,6 +2139,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -96041,7 +95884,7 @@ index 20ff0c3..005dc47 100644 if (len > TASK_SIZE - mmap_min_addr) return -ENOMEM; -@@ -1879,11 +2145,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1881,11 +2147,15 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -96058,7 +95901,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -1892,6 +2162,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1894,6 +2164,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, info.low_limit = mm->mmap_base; info.high_limit = TASK_SIZE; info.align_mask = 0; @@ -96066,7 +95909,7 @@ index 20ff0c3..005dc47 100644 return vm_unmapped_area(&info); } #endif -@@ -1910,6 +2181,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1912,6 +2183,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -96074,7 +95917,7 @@ index 20ff0c3..005dc47 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE - mmap_min_addr) -@@ -1918,12 +2190,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1920,12 +2192,16 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -96092,7 +95935,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -1932,6 +2208,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1934,6 +2210,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, info.low_limit = max(PAGE_SIZE, mmap_min_addr); info.high_limit = mm->mmap_base; info.align_mask = 0; @@ -96100,7 +95943,7 @@ index 20ff0c3..005dc47 100644 addr = vm_unmapped_area(&info); /* -@@ -1944,6 +2221,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1946,6 +2223,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -96113,7 +95956,7 @@ index 20ff0c3..005dc47 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -2045,6 +2328,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -2046,6 +2329,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -96142,7 +95985,7 @@ index 20ff0c3..005dc47 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -2061,6 +2366,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2062,6 +2367,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -96150,7 +95993,7 @@ index 20ff0c3..005dc47 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2071,6 +2377,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2072,6 +2378,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -96158,7 +96001,7 @@ index 20ff0c3..005dc47 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2100,37 +2407,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2101,37 +2408,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -96216,7 +96059,7 @@ index 20ff0c3..005dc47 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2165,6 +2483,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2166,6 +2484,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -96225,7 +96068,7 @@ index 20ff0c3..005dc47 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2179,6 +2499,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2180,6 +2500,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -96234,7 +96077,7 @@ index 20ff0c3..005dc47 100644 /* * We must make sure the anon_vma is allocated -@@ -2192,6 +2514,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2193,6 +2515,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -96250,7 +96093,7 @@ index 20ff0c3..005dc47 100644 vma_lock_anon_vma(vma); /* -@@ -2201,9 +2532,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2202,9 +2533,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -96269,7 +96112,7 @@ index 20ff0c3..005dc47 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2228,13 +2567,27 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2229,13 +2568,27 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -96297,7 +96140,7 @@ index 20ff0c3..005dc47 100644 khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); return error; -@@ -2332,6 +2685,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2333,6 +2686,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -96311,7 +96154,7 @@ index 20ff0c3..005dc47 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2376,6 +2736,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2377,6 +2737,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -96328,7 +96171,7 @@ index 20ff0c3..005dc47 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2401,14 +2771,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2404,14 +2774,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -96362,7 +96205,7 @@ index 20ff0c3..005dc47 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2421,6 +2810,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2424,6 +2813,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -96385,7 +96228,7 @@ index 20ff0c3..005dc47 100644 err = vma_dup_policy(vma, new); if (err) goto out_free_vma; -@@ -2440,6 +2845,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2443,6 +2848,38 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -96424,7 +96267,7 @@ index 20ff0c3..005dc47 100644 /* Success. */ if (!err) return 0; -@@ -2449,10 +2886,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2452,10 +2889,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -96444,7 +96287,7 @@ index 20ff0c3..005dc47 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2465,6 +2910,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2468,6 +2913,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -96460,7 +96303,7 @@ index 20ff0c3..005dc47 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2476,11 +2930,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2479,11 +2933,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -96491,7 +96334,7 @@ index 20ff0c3..005dc47 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2555,6 +3028,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2558,6 +3031,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -96500,7 +96343,7 @@ index 20ff0c3..005dc47 100644 return 0; } -@@ -2563,6 +3038,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2566,6 +3041,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -96514,7 +96357,7 @@ index 20ff0c3..005dc47 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2576,16 +3058,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2579,16 +3061,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -96531,7 +96374,7 @@ index 20ff0c3..005dc47 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2599,6 +3071,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2602,6 +3074,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -96539,7 +96382,7 @@ index 20ff0c3..005dc47 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2606,10 +3079,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2609,10 +3082,24 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -96564,7 +96407,7 @@ index 20ff0c3..005dc47 100644 error = mlock_future_check(mm, mm->def_flags, len); if (error) return error; -@@ -2623,21 +3110,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2626,21 +3113,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -96589,7 +96432,7 @@ index 20ff0c3..005dc47 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2651,7 +3137,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2654,7 +3140,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -96598,7 +96441,7 @@ index 20ff0c3..005dc47 100644 return -ENOMEM; } -@@ -2665,10 +3151,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2668,10 +3154,11 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -96612,7 +96455,7 @@ index 20ff0c3..005dc47 100644 return addr; } -@@ -2730,6 +3217,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2733,6 +3220,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -96620,7 +96463,7 @@ index 20ff0c3..005dc47 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2747,6 +3235,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2750,6 +3238,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -96634,7 +96477,7 @@ index 20ff0c3..005dc47 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2770,7 +3265,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2773,7 +3268,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -96656,7 +96499,7 @@ index 20ff0c3..005dc47 100644 return 0; } -@@ -2789,6 +3298,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2792,6 +3301,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct rb_node **rb_link, *rb_parent; bool faulted_in_anon_vma = true; @@ -96665,7 +96508,7 @@ index 20ff0c3..005dc47 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2853,6 +3364,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2856,6 +3367,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -96705,7 +96548,7 @@ index 20ff0c3..005dc47 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2864,6 +3408,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2867,6 +3411,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -96713,7 +96556,7 @@ index 20ff0c3..005dc47 100644 if (cur + npages > lim) return 0; return 1; -@@ -2934,6 +3479,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2937,6 +3482,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -97076,10 +96919,10 @@ index 05f1180..c3cde48 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index 8740213..f87e25b 100644 +index 3ee4f74..9f4fdd8 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -65,7 +65,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; +@@ -66,7 +66,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ @@ -97087,7 +96930,7 @@ index 8740213..f87e25b 100644 atomic_long_t mmap_pages_allocated; -@@ -845,15 +844,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -853,15 +852,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -97103,7 +96946,7 @@ index 8740213..f87e25b 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1564,6 +1554,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1572,6 +1562,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -97111,7 +96954,7 @@ index 8740213..f87e25b 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -1993,8 +1984,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, +@@ -2001,8 +1992,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -97122,7 +96965,7 @@ index 8740213..f87e25b 100644 { struct vm_area_struct *vma; -@@ -2035,8 +2026,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -2043,8 +2034,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -97133,7 +96976,7 @@ index 8740213..f87e25b 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -2045,7 +2036,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -2053,7 +2044,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Access another process' address space. * - source/target buffer must be kernel space */ @@ -97156,7 +96999,7 @@ index 9f45f87..749bfd8 100644 unsigned long bg_thresh, unsigned long dirty, diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 62e400d..2072e4e 100644 +index ff0f6b1..8a67124 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -61,6 +61,7 @@ @@ -97261,7 +97104,7 @@ index 62e400d..2072e4e 100644 } } -@@ -6605,4 +6645,4 @@ void dump_page(struct page *page, char *reason) +@@ -6606,4 +6646,4 @@ void dump_page(struct page *page, char *reason) { dump_page_badflags(page, reason, 0); } @@ -97521,7 +97364,7 @@ index f0d698b..7037c25 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index ea854eb..673c763 100644 +index 0b1c2a5..819c6bc 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -300,10 +300,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent) @@ -98261,7 +98104,7 @@ index 4bf8809..98a6914 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 25f14ad..c904f6f 100644 +index 7611f14..dfe9298 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -207,7 +207,7 @@ struct track { @@ -98282,7 +98125,7 @@ index 25f14ad..c904f6f 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2666,6 +2666,14 @@ static __always_inline void slab_free(struct kmem_cache *s, +@@ -2664,6 +2664,14 @@ static __always_inline void slab_free(struct kmem_cache *s, slab_free_hook(s, x); @@ -98297,7 +98140,7 @@ index 25f14ad..c904f6f 100644 redo: /* * Determine the currently cpus per cpu slab. -@@ -2733,7 +2741,7 @@ static int slub_min_objects; +@@ -2731,7 +2739,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -98306,7 +98149,7 @@ index 25f14ad..c904f6f 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3014,6 +3022,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -3012,6 +3020,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) s->inuse = size; if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) || @@ -98316,7 +98159,7 @@ index 25f14ad..c904f6f 100644 s->ctor)) { /* * Relocate free pointer after the object if it is not -@@ -3359,6 +3370,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3357,6 +3368,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -98376,7 +98219,7 @@ index 25f14ad..c904f6f 100644 size_t ksize(const void *object) { struct page *page; -@@ -3387,6 +3451,7 @@ void kfree(const void *x) +@@ -3385,6 +3449,7 @@ void kfree(const void *x) if (unlikely(ZERO_OR_NULL_PTR(x))) return; @@ -98384,7 +98227,7 @@ index 25f14ad..c904f6f 100644 page = virt_to_head_page(x); if (unlikely(!PageSlab(page))) { BUG_ON(!PageCompound(page)); -@@ -3692,7 +3757,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3690,7 +3755,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -98393,7 +98236,7 @@ index 25f14ad..c904f6f 100644 return 1; return 0; -@@ -3750,7 +3815,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3748,7 +3813,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s = find_mergeable(memcg, size, align, flags, name, ctor); if (s) { @@ -98402,7 +98245,7 @@ index 25f14ad..c904f6f 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3759,7 +3824,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, +@@ -3757,7 +3822,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -98411,7 +98254,7 @@ index 25f14ad..c904f6f 100644 s = NULL; } } -@@ -3879,7 +3944,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -3877,7 +3942,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -98420,7 +98263,7 @@ index 25f14ad..c904f6f 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4163,7 +4228,11 @@ static int list_locations(struct kmem_cache *s, char *buf, +@@ -4161,7 +4226,11 @@ static int list_locations(struct kmem_cache *s, char *buf, len += sprintf(buf + len, "%7ld ", l->count); if (l->addr) @@ -98432,7 +98275,7 @@ index 25f14ad..c904f6f 100644 else len += sprintf(buf + len, "<not-available>"); -@@ -4268,12 +4337,12 @@ static void resiliency_test(void) +@@ -4266,12 +4335,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -98447,7 +98290,7 @@ index 25f14ad..c904f6f 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4513,13 +4582,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) +@@ -4511,13 +4580,17 @@ static ssize_t ctor_show(struct kmem_cache *s, char *buf) { if (!s->ctor) return 0; @@ -98466,7 +98309,7 @@ index 25f14ad..c904f6f 100644 } SLAB_ATTR_RO(aliases); -@@ -4607,6 +4680,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) +@@ -4605,6 +4678,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf) SLAB_ATTR_RO(cache_dma); #endif @@ -98481,7 +98324,7 @@ index 25f14ad..c904f6f 100644 static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf) { return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU)); -@@ -4941,6 +5022,9 @@ static struct attribute *slab_attrs[] = { +@@ -4939,6 +5020,9 @@ static struct attribute *slab_attrs[] = { #ifdef CONFIG_ZONE_DMA &cache_dma_attr.attr, #endif @@ -98491,7 +98334,7 @@ index 25f14ad..c904f6f 100644 #ifdef CONFIG_NUMA &remote_node_defrag_ratio_attr.attr, #endif -@@ -5173,6 +5257,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5171,6 +5255,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -98499,7 +98342,7 @@ index 25f14ad..c904f6f 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5230,6 +5315,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5228,6 +5313,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -98507,7 +98350,7 @@ index 25f14ad..c904f6f 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5243,6 +5329,7 @@ struct saved_alias { +@@ -5241,6 +5327,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -98515,7 +98358,7 @@ index 25f14ad..c904f6f 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5265,6 +5352,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5263,6 +5350,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -98580,10 +98423,10 @@ index 0092097..33361ff 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 4a7f7e6..22cddf5 100644 +index beeeef8..1cb288b 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c -@@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex); +@@ -84,7 +84,7 @@ static DEFINE_MUTEX(swapon_mutex); static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait); /* Activity counter to indicate that a swapon or swapoff has occurred */ @@ -98592,7 +98435,7 @@ index 4a7f7e6..22cddf5 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1959,7 +1959,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1968,7 +1968,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) spin_unlock(&swap_lock); err = 0; @@ -98601,7 +98444,7 @@ index 4a7f7e6..22cddf5 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1976,8 +1976,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1985,8 +1985,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -98612,7 +98455,7 @@ index 4a7f7e6..22cddf5 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -2075,7 +2075,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -2084,7 +2084,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -98621,7 +98464,7 @@ index 4a7f7e6..22cddf5 100644 return 0; } -@@ -2534,7 +2534,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2544,7 +2544,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -100937,6 +100780,31 @@ index 94213c8..8bdb342 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, +diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c +index 3d4da2c..40f9c29 100644 +--- a/net/ipv4/ip_input.c ++++ b/net/ipv4/ip_input.c +@@ -147,6 +147,10 @@ + #include <linux/mroute.h> + #include <linux/netlink.h> + ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++extern int grsec_enable_blackhole; ++#endif ++ + /* + * Process Router Attention IP option (RFC 2113) + */ +@@ -223,6 +227,9 @@ static int ip_local_deliver_finish(struct sk_buff *skb) + if (!raw) { + if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { + IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS); ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) ++#endif + icmp_send(skb, ICMP_DEST_UNREACH, + ICMP_PROT_UNREACH, 0); + } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 580dd96..9fcef7e 100644 --- a/net/ipv4/ip_sockglue.c diff --git a/3.14.20/4425_grsec_remove_EI_PAX.patch b/3.14.21/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.14.20/4425_grsec_remove_EI_PAX.patch +++ b/3.14.21/4425_grsec_remove_EI_PAX.patch diff --git a/3.14.20/4427_force_XATTR_PAX_tmpfs.patch b/3.14.21/4427_force_XATTR_PAX_tmpfs.patch index 11a7d2c..11a7d2c 100644 --- a/3.14.20/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.14.21/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.14.20/4430_grsec-remove-localversion-grsec.patch b/3.14.21/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.14.20/4430_grsec-remove-localversion-grsec.patch +++ b/3.14.21/4430_grsec-remove-localversion-grsec.patch diff --git a/3.14.20/4435_grsec-mute-warnings.patch b/3.14.21/4435_grsec-mute-warnings.patch index 392cefb..392cefb 100644 --- a/3.14.20/4435_grsec-mute-warnings.patch +++ b/3.14.21/4435_grsec-mute-warnings.patch diff --git a/3.14.20/4440_grsec-remove-protected-paths.patch b/3.14.21/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.14.20/4440_grsec-remove-protected-paths.patch +++ b/3.14.21/4440_grsec-remove-protected-paths.patch diff --git a/3.14.20/4450_grsec-kconfig-default-gids.patch b/3.14.21/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.14.20/4450_grsec-kconfig-default-gids.patch +++ b/3.14.21/4450_grsec-kconfig-default-gids.patch diff --git a/3.14.20/4465_selinux-avc_audit-log-curr_ip.patch b/3.14.21/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.14.20/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.14.21/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.14.20/4470_disable-compat_vdso.patch b/3.14.21/4470_disable-compat_vdso.patch index d5eed75..d5eed75 100644 --- a/3.14.20/4470_disable-compat_vdso.patch +++ b/3.14.21/4470_disable-compat_vdso.patch diff --git a/3.14.20/4475_emutramp_default_on.patch b/3.14.21/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.14.20/4475_emutramp_default_on.patch +++ b/3.14.21/4475_emutramp_default_on.patch diff --git a/3.16.4/0000_README b/3.16.5/0000_README index 1714bb8..cfb5601 100644 --- a/3.16.4/0000_README +++ b/3.16.5/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.0-3.16.4-201410081932.patch +Patch: 4420_grsecurity-3.0-3.16.5-201410132000.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.16.4/4420_grsecurity-3.0-3.16.4-201410081932.patch b/3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch index bc75cf6..b90fe39 100644 --- a/3.16.4/4420_grsecurity-3.0-3.16.4-201410081932.patch +++ b/3.16.5/4420_grsecurity-3.0-3.16.5-201410132000.patch @@ -799,7 +799,7 @@ index ee78eba..a06b48d 100644 Daniel Borkmann <dborkman@redhat.com> -Alexei Starovoitov <ast@plumgrid.com> diff --git a/Makefile b/Makefile -index e75c75f..ebe05e8 100644 +index 41efc3d..8d20d06 100644 --- a/Makefile +++ b/Makefile @@ -303,8 +303,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -44096,19 +44096,6 @@ index b170bdf..3c76427 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(nforce2_lock); -diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c -index 93cfc83..b38b052 100644 ---- a/drivers/i2c/busses/i2c-rk3x.c -+++ b/drivers/i2c/busses/i2c-rk3x.c -@@ -238,7 +238,7 @@ static void rk3x_i2c_fill_transmit_buf(struct rk3x_i2c *i2c) - for (i = 0; i < 8; ++i) { - val = 0; - for (j = 0; j < 4; ++j) { -- if (i2c->processed == i2c->msg->len) -+ if ((i2c->processed == i2c->msg->len) && (cnt != 0)) - break; - - if (i2c->processed == 0 && cnt == 0) diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c index 80b47e8..1a6040d9 100644 --- a/drivers/i2c/i2c-dev.c @@ -46523,10 +46510,10 @@ index a46124e..caf0bd55 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 183588b..0eedcfa 100644 +index 9f0fbec..991e7a1 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1731,6 +1731,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) +@@ -1735,6 +1735,10 @@ static int grow_one_stripe(struct r5conf *conf, int hash) return 1; } @@ -46537,7 +46524,7 @@ index 183588b..0eedcfa 100644 static int grow_stripes(struct r5conf *conf, int num) { struct kmem_cache *sc; -@@ -1742,7 +1746,11 @@ static int grow_stripes(struct r5conf *conf, int num) +@@ -1746,7 +1750,11 @@ static int grow_stripes(struct r5conf *conf, int num) "raid%d-%s", conf->level, mdname(conf->mddev)); else sprintf(conf->cache_name[0], @@ -46549,7 +46536,7 @@ index 183588b..0eedcfa 100644 sprintf(conf->cache_name[1], "%s-alt", conf->cache_name[0]); conf->active_name = 0; -@@ -2018,21 +2026,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2022,21 +2030,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -46575,7 +46562,7 @@ index 183588b..0eedcfa 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -2060,7 +2068,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -2064,7 +2072,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -61597,18 +61584,9 @@ index 3b0c62e..f7d090c 100644 } diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index 84ca0a4..6395e45 100644 +index e9ad8d3..6395e45 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -586,7 +586,7 @@ cifs_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, - tmprc = CIFS_open(xid, &oparms, &oplock, NULL); - if (tmprc == -EOPNOTSUPP) - *symlink = true; -- else -+ else if (tmprc == 0) - CIFSSMBClose(xid, tcon, fid.netfid); - } - @@ -626,27 +626,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { @@ -61714,19 +61692,6 @@ index 84ca0a4..6395e45 100644 #endif } -diff --git a/fs/cifs/smb2maperror.c b/fs/cifs/smb2maperror.c -index a689514..a491814 100644 ---- a/fs/cifs/smb2maperror.c -+++ b/fs/cifs/smb2maperror.c -@@ -256,6 +256,8 @@ static const struct status_to_posix_error smb2_error_map_table[] = { - {STATUS_DLL_MIGHT_BE_INCOMPATIBLE, -EIO, - "STATUS_DLL_MIGHT_BE_INCOMPATIBLE"}, - {STATUS_STOPPED_ON_SYMLINK, -EOPNOTSUPP, "STATUS_STOPPED_ON_SYMLINK"}, -+ {STATUS_IO_REPARSE_TAG_NOT_HANDLED, -EOPNOTSUPP, -+ "STATUS_REPARSE_NOT_HANDLED"}, - {STATUS_DEVICE_REQUIRES_CLEANING, -EIO, - "STATUS_DEVICE_REQUIRES_CLEANING"}, - {STATUS_DEVICE_DOOR_OPEN, -EIO, "STATUS_DEVICE_DOOR_OPEN"}, diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index f325c59..6bba517 100644 --- a/fs/cifs/smb2ops.c @@ -69535,7 +69500,7 @@ index 2290d58..7791371 100644 int err; diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index 236cd48..a6a4053 100644 +index a932f77..a6a4053 100644 --- a/fs/udf/inode.c +++ b/fs/udf/inode.c @@ -51,7 +51,6 @@ MODULE_LICENSE("GPL"); @@ -69546,18 +69511,7 @@ index 236cd48..a6a4053 100644 static int udf_sync_inode(struct inode *inode); static int udf_alloc_i_data(struct inode *inode, size_t size); static sector_t inode_getblk(struct inode *, sector_t, int *, int *); -@@ -1271,13 +1270,25 @@ update_time: - return 0; - } - -+/* -+ * Maximum length of linked list formed by ICB hierarchy. The chosen number is -+ * arbitrary - just that we hopefully don't limit any real use of rewritten -+ * inode on write-once media but avoid looping for too long on corrupted media. -+ */ -+#define UDF_MAX_ICB_NESTING 1024 -+ - static void __udf_read_inode(struct inode *inode) +@@ -1282,8 +1281,11 @@ static void __udf_read_inode(struct inode *inode) { struct buffer_head *bh = NULL; struct fileEntry *fe; @@ -69566,13 +69520,10 @@ index 236cd48..a6a4053 100644 struct udf_inode_info *iinfo = UDF_I(inode); + struct udf_sb_info *sbi = UDF_SB(inode->i_sb); + unsigned int link_count; -+ unsigned int indirections = 0; + unsigned int indirections = 0; -+reread: - /* - * Set defaults, but the inode is still incomplete! - * Note: get_new_inode() sets the following on a new inode: -@@ -1307,6 +1318,7 @@ static void __udf_read_inode(struct inode *inode) + reread: +@@ -1316,6 +1318,7 @@ reread: } fe = (struct fileEntry *)bh->b_data; @@ -69580,48 +69531,7 @@ index 236cd48..a6a4053 100644 if (fe->icbTag.strategyType == cpu_to_le16(4096)) { struct buffer_head *ibh; -@@ -1314,28 +1326,26 @@ static void __udf_read_inode(struct inode *inode) - ibh = udf_read_ptagged(inode->i_sb, &iinfo->i_location, 1, - &ident); - if (ident == TAG_IDENT_IE && ibh) { -- struct buffer_head *nbh = NULL; - struct kernel_lb_addr loc; - struct indirectEntry *ie; - - ie = (struct indirectEntry *)ibh->b_data; - loc = lelb_to_cpu(ie->indirectICB.extLocation); - -- if (ie->indirectICB.extLength && -- (nbh = udf_read_ptagged(inode->i_sb, &loc, 0, -- &ident))) { -- if (ident == TAG_IDENT_FE || -- ident == TAG_IDENT_EFE) { -- memcpy(&iinfo->i_location, -- &loc, -- sizeof(struct kernel_lb_addr)); -- brelse(bh); -- brelse(ibh); -- brelse(nbh); -- __udf_read_inode(inode); -+ if (ie->indirectICB.extLength) { -+ brelse(bh); -+ brelse(ibh); -+ memcpy(&iinfo->i_location, &loc, -+ sizeof(struct kernel_lb_addr)); -+ if (++indirections > UDF_MAX_ICB_NESTING) { -+ udf_err(inode->i_sb, -+ "too many ICBs in ICB hierarchy" -+ " (max %d supported)\n", -+ UDF_MAX_ICB_NESTING); -+ make_bad_inode(inode); - return; - } -- brelse(nbh); -+ goto reread; - } - } - brelse(ibh); -@@ -1346,22 +1356,6 @@ static void __udf_read_inode(struct inode *inode) +@@ -1353,22 +1356,6 @@ reread: make_bad_inode(inode); return; } @@ -69644,7 +69554,7 @@ index 236cd48..a6a4053 100644 if (fe->icbTag.strategyType == cpu_to_le16(4)) iinfo->i_strat4096 = 0; else /* if (fe->icbTag.strategyType == cpu_to_le16(4096)) */ -@@ -1551,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) +@@ -1558,6 +1545,7 @@ static void udf_fill_inode(struct inode *inode, struct buffer_head *bh) } else make_bad_inode(inode); } @@ -69652,7 +69562,7 @@ index 236cd48..a6a4053 100644 } static int udf_alloc_i_data(struct inode *inode, size_t size) -@@ -1664,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) +@@ -1671,7 +1659,7 @@ static int udf_update_inode(struct inode *inode, int do_sync) FE_PERM_U_DELETE | FE_PERM_U_CHATTR)); fe->permissions = cpu_to_le32(udfperms); @@ -69919,10 +69829,10 @@ index 8bc1bbc..0d6911b 100644 diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..27cec32 +index 0000000..cdaa3ef --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1166 @@ +@@ -0,0 +1,1168 @@ +# +# grecurity configuration +# @@ -70863,6 +70773,8 @@ index 0000000..27cec32 + If you say Y here, neither TCP resets nor ICMP + destination-unreachable packets will be sent in response to packets + sent to ports for which no associated listening process exists. ++ It will also prevent the sending of ICMP protocol unreachable packets ++ in response to packets with unknown protocols. + This feature supports both IPV4 and IPV6 and exempts the + loopback interface from blackholing. Enabling this feature + makes a host more resilient to DoS attacks and reduces network @@ -85008,10 +84920,10 @@ index 8e10f57..d5f62bc 100644 unsigned long debug; struct isdn_ppp_compressor *compressor,*decompressor; diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h -index 1f44466..b481806 100644 +index c367cbd..c9b79e6 100644 --- a/include/linux/jiffies.h +++ b/include/linux/jiffies.h -@@ -292,20 +292,20 @@ extern unsigned long preset_lpj; +@@ -280,20 +280,20 @@ extern unsigned long preset_lpj; /* * Convert various time units to each other: */ @@ -89707,7 +89619,7 @@ index 30f5362..8ed8ac9 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 9d76b99..f8e6d37 100644 +index 35685a4..f8e6d37 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -1105,6 +1105,7 @@ endif # CGROUPS @@ -89718,15 +89630,7 @@ index 9d76b99..f8e6d37 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1432,6 +1433,7 @@ config FUTEX - - config HAVE_FUTEX_CMPXCHG - bool -+ depends on FUTEX - help - Architectures should select this if futex_atomic_cmpxchg_inatomic() - is implemented and always working. This removes a couple of runtime -@@ -1589,7 +1591,7 @@ config SLUB_DEBUG +@@ -1590,7 +1591,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -89735,7 +89639,7 @@ index 9d76b99..f8e6d37 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1877,7 +1879,7 @@ config INIT_ALL_POSSIBLE +@@ -1878,7 +1879,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -91077,7 +90981,7 @@ index 2f7c760..95b6a66 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index f626c9f..5486cad 100644 +index 2065959..5486cad 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -160,8 +160,15 @@ static struct srcu_struct pmus_srcu; @@ -91207,18 +91111,6 @@ index f626c9f..5486cad 100644 &parent_event->child_total_time_running); /* -@@ -7921,8 +7933,10 @@ int perf_event_init_task(struct task_struct *child) - - for_each_task_context_nr(ctxn) { - ret = perf_event_init_context(child, ctxn); -- if (ret) -+ if (ret) { -+ perf_event_free_task(child); - return ret; -+ } - } - - return 0; diff --git a/kernel/events/internal.h b/kernel/events/internal.h index 569b2187..19940d9 100644 --- a/kernel/events/internal.h @@ -91328,7 +91220,7 @@ index e5c4668..592d2e5 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 6a13c46..461e9c2 100644 +index b41958b..461e9c2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -183,6 +183,48 @@ void thread_info_cache_init(void) @@ -91698,15 +91590,6 @@ index 6a13c46..461e9c2 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (p->real_cred->user != INIT_USER && -@@ -1326,7 +1431,7 @@ static struct task_struct *copy_process(unsigned long clone_flags, - goto bad_fork_cleanup_policy; - retval = audit_alloc(p); - if (retval) -- goto bad_fork_cleanup_policy; -+ goto bad_fork_cleanup_perf; - /* copy all the process information */ - retval = copy_semundo(clone_flags, p); - if (retval) @@ -1452,6 +1557,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -91719,18 +91602,7 @@ index 6a13c46..461e9c2 100644 if (likely(p->pid)) { ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); -@@ -1525,8 +1635,9 @@ bad_fork_cleanup_semundo: - exit_sem(p); - bad_fork_cleanup_audit: - audit_free(p); --bad_fork_cleanup_policy: -+bad_fork_cleanup_perf: - perf_event_free_task(p); -+bad_fork_cleanup_policy: - #ifdef CONFIG_NUMA - mpol_put(p->mempolicy); - bad_fork_cleanup_threadgroup_lock: -@@ -1541,6 +1652,8 @@ bad_fork_cleanup_count: +@@ -1542,6 +1652,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -91739,7 +91611,7 @@ index 6a13c46..461e9c2 100644 return ERR_PTR(retval); } -@@ -1602,6 +1715,7 @@ long do_fork(unsigned long clone_flags, +@@ -1603,6 +1715,7 @@ long do_fork(unsigned long clone_flags, p = copy_process(clone_flags, stack_start, stack_size, child_tidptr, NULL, trace); @@ -91747,7 +91619,7 @@ index 6a13c46..461e9c2 100644 /* * Do this prior waking up the new thread - the thread pointer * might get invalid after that point, if the thread exits quickly. -@@ -1618,6 +1732,8 @@ long do_fork(unsigned long clone_flags, +@@ -1619,6 +1732,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -91756,7 +91628,7 @@ index 6a13c46..461e9c2 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1736,7 +1852,7 @@ void __init proc_caches_init(void) +@@ -1737,7 +1852,7 @@ void __init proc_caches_init(void) mm_cachep = kmem_cache_create("mm_struct", sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL); @@ -91765,7 +91637,7 @@ index 6a13c46..461e9c2 100644 mmap_init(); nsproxy_cache_init(); } -@@ -1776,7 +1892,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1777,7 +1892,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -91774,7 +91646,7 @@ index 6a13c46..461e9c2 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1883,7 +1999,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1884,7 +1999,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -96261,7 +96133,7 @@ index 13d2f7c..c93d0b0 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index 7c7964c..2a0d412 100644 +index 3c49ab4..00a3aea 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -96556,7 +96428,7 @@ index ca167e6..6cf8f83 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 2ff0580..af2fddd 100644 +index 5186298..0869bc2 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -352,9 +352,9 @@ struct buffer_data_page { @@ -100064,31 +99936,6 @@ index b32b70c..e512eb0 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 33514d8..03e5063 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -1780,6 +1780,11 @@ static int __split_huge_page_map(struct page *page, - for (i = 0; i < HPAGE_PMD_NR; i++, haddr += PAGE_SIZE) { - pte_t *pte, entry; - BUG_ON(PageCompound(page+i)); -+ /* -+ * Note that pmd_numa is not transferred deliberately -+ * to avoid any possibility that pte_numa leaks to -+ * a PROT_NONE VMA by accident. -+ */ - entry = mk_pte(page + i, vma->vm_page_prot); - entry = maybe_mkwrite(pte_mkdirty(entry), vma); - if (!pmd_write(*pmd)) -@@ -1788,8 +1793,6 @@ static int __split_huge_page_map(struct page *page, - BUG_ON(page_mapcount(page) != 1); - if (!pmd_young(*pmd)) - entry = pte_mkold(entry); -- if (pmd_numa(*pmd)) -- entry = pte_mknuma(entry); - pte = pte_offset_map(&_pmd, haddr); - BUG_ON(!pte_none(*pte)); - set_pte_at(mm, haddr, pte, entry); diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 7ae5444..aea22b2 100644 --- a/mm/hugetlb.c @@ -101263,23 +101110,10 @@ index 8f5330d..b41914b 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index be6dbf9..75c0f45 100644 +index 0bba979..75c0f45 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -146,8 +146,11 @@ static int remove_migration_pte(struct page *new, struct vm_area_struct *vma, - pte = pte_mkold(mk_pte(new, vma->vm_page_prot)); - if (pte_swp_soft_dirty(*ptep)) - pte = pte_mksoft_dirty(pte); -+ -+ /* Recheck VMA as permissions can change since migration started */ - if (is_write_migration_entry(entry)) -- pte = pte_mkwrite(pte); -+ pte = maybe_mkwrite(pte, vma); -+ - #ifdef CONFIG_HUGETLB_PAGE - if (PageHuge(new)) { - pte = pte_mkhuge(pte); -@@ -1506,8 +1509,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1509,8 +1509,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -109162,6 +108996,31 @@ index 9b84254..c776611 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, +diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c +index 3d4da2c..40f9c29 100644 +--- a/net/ipv4/ip_input.c ++++ b/net/ipv4/ip_input.c +@@ -147,6 +147,10 @@ + #include <linux/mroute.h> + #include <linux/netlink.h> + ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++extern int grsec_enable_blackhole; ++#endif ++ + /* + * Process Router Attention IP option (RFC 2113) + */ +@@ -223,6 +227,9 @@ static int ip_local_deliver_finish(struct sk_buff *skb) + if (!raw) { + if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { + IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS); ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) ++#endif + icmp_send(skb, ICMP_DEST_UNREACH, + ICMP_PROT_UNREACH, 0); + } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 64741b9..6f334a2 100644 --- a/net/ipv4/ip_sockglue.c @@ -116612,7 +116471,7 @@ index 81c916a..516f0bf 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c -index b87d7d8..0ccaac3 100644 +index 49acc98..b382009 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -2279,8 +2279,10 @@ int snd_soc_set_ac97_ops_of_reset(struct snd_ac97_bus_ops *ops, diff --git a/3.16.4/4425_grsec_remove_EI_PAX.patch b/3.16.5/4425_grsec_remove_EI_PAX.patch index fc51f79..fc51f79 100644 --- a/3.16.4/4425_grsec_remove_EI_PAX.patch +++ b/3.16.5/4425_grsec_remove_EI_PAX.patch diff --git a/3.16.4/4427_force_XATTR_PAX_tmpfs.patch b/3.16.5/4427_force_XATTR_PAX_tmpfs.patch index 2f1d3b4..2f1d3b4 100644 --- a/3.16.4/4427_force_XATTR_PAX_tmpfs.patch +++ b/3.16.5/4427_force_XATTR_PAX_tmpfs.patch diff --git a/3.16.4/4430_grsec-remove-localversion-grsec.patch b/3.16.5/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.16.4/4430_grsec-remove-localversion-grsec.patch +++ b/3.16.5/4430_grsec-remove-localversion-grsec.patch diff --git a/3.16.4/4435_grsec-mute-warnings.patch b/3.16.5/4435_grsec-mute-warnings.patch index 4a959cc..4a959cc 100644 --- a/3.16.4/4435_grsec-mute-warnings.patch +++ b/3.16.5/4435_grsec-mute-warnings.patch diff --git a/3.16.4/4440_grsec-remove-protected-paths.patch b/3.16.5/4440_grsec-remove-protected-paths.patch index 741546d..741546d 100644 --- a/3.16.4/4440_grsec-remove-protected-paths.patch +++ b/3.16.5/4440_grsec-remove-protected-paths.patch diff --git a/3.16.4/4450_grsec-kconfig-default-gids.patch b/3.16.5/4450_grsec-kconfig-default-gids.patch index 0451e5a..0451e5a 100644 --- a/3.16.4/4450_grsec-kconfig-default-gids.patch +++ b/3.16.5/4450_grsec-kconfig-default-gids.patch diff --git a/3.16.4/4465_selinux-avc_audit-log-curr_ip.patch b/3.16.5/4465_selinux-avc_audit-log-curr_ip.patch index 747ac53..747ac53 100644 --- a/3.16.4/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.16.5/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.16.4/4470_disable-compat_vdso.patch b/3.16.5/4470_disable-compat_vdso.patch index 431c5bb..431c5bb 100644 --- a/3.16.4/4470_disable-compat_vdso.patch +++ b/3.16.5/4470_disable-compat_vdso.patch diff --git a/3.16.4/4475_emutramp_default_on.patch b/3.16.5/4475_emutramp_default_on.patch index cf88fd9..cf88fd9 100644 --- a/3.16.4/4475_emutramp_default_on.patch +++ b/3.16.5/4475_emutramp_default_on.patch diff --git a/3.2.63/0000_README b/3.2.63/0000_README index c849374..e9d42c1 100644 --- a/3.2.63/0000_README +++ b/3.2.63/0000_README @@ -170,7 +170,7 @@ Patch: 1062_linux-3.2.63.patch From: http://www.kernel.org Desc: Linux 3.2.63 -Patch: 4420_grsecurity-3.0-3.2.63-201410062032.patch +Patch: 4420_grsecurity-3.0-3.2.63-201410131955.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.63/4420_grsecurity-3.0-3.2.63-201410062032.patch b/3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch index bb64ee2..05a34d4 100644 --- a/3.2.63/4420_grsecurity-3.0-3.2.63-201410062032.patch +++ b/3.2.63/4420_grsecurity-3.0-3.2.63-201410131955.patch @@ -45924,6 +45924,21 @@ index 62dc461..5250f0b 100644 /* dongle iscan controller */ struct brcmf_cfg80211_iscan_ctrl { +diff --git a/drivers/net/wireless/brcm80211/brcmsmac/otp.c b/drivers/net/wireless/brcm80211/brcmsmac/otp.c +index edf5515..91033e1 100644 +--- a/drivers/net/wireless/brcm80211/brcmsmac/otp.c ++++ b/drivers/net/wireless/brcm80211/brcmsmac/otp.c +@@ -378,8 +378,8 @@ ipxotp_read_region(struct otpinfo *oi, int region, u16 *data, uint *wlen) + } + + static const struct otp_fn_s ipxotp_fn = { +- (int (*)(struct si_pub *, struct otpinfo *)) ipxotp_init, +- (int (*)(struct otpinfo *, int, u16 *, uint *)) ipxotp_read_region, ++ .init = ipxotp_init, ++ .read_region = ipxotp_read_region, + }; + + static int otp_init(struct si_pub *sih, struct otpinfo *oi) diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c index b3d9f3f..9931f58 100644 --- a/drivers/net/wireless/iwlegacy/iwl3945-base.c @@ -65878,10 +65893,10 @@ index 8a89949..6776861 100644 xfs_init_zones(void) diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..5200d7b +index 0000000..0e0866c --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,1152 @@ +@@ -0,0 +1,1154 @@ +# +# grecurity configuration +# @@ -66808,6 +66823,8 @@ index 0000000..5200d7b + If you say Y here, neither TCP resets nor ICMP + destination-unreachable packets will be sent in response to packets + sent to ports for which no associated listening process exists. ++ It will also prevent the sending of ICMP protocol unreachable packets ++ in response to packets with unknown protocols. + This feature supports both IPV4 and IPV6 and exempts the + loopback interface from blackholing. Enabling this feature + makes a host more resilient to DoS attacks and reduces network @@ -102792,6 +102809,31 @@ index 5f28fab..ebd7a97 100644 .kind = "gretap", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, +diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c +index 073a9b0..8c29a4f 100644 +--- a/net/ipv4/ip_input.c ++++ b/net/ipv4/ip_input.c +@@ -145,6 +145,10 @@ + #include <linux/mroute.h> + #include <linux/netlink.h> + ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++extern int grsec_enable_blackhole; ++#endif ++ + /* + * Process Router Attention IP option (RFC 2113) + */ +@@ -233,6 +237,9 @@ static int ip_local_deliver_finish(struct sk_buff *skb) + if (!raw) { + if (xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { + IP_INC_STATS_BH(net, IPSTATS_MIB_INUNKNOWNPROTOS); ++#ifdef CONFIG_GRKERNSEC_BLACKHOLE ++ if (!grsec_enable_blackhole || (skb->dev->flags & IFF_LOOPBACK)) ++#endif + icmp_send(skb, ICMP_DEST_UNREACH, + ICMP_PROT_UNREACH, 0); + } diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 542a9c1..5b792eb 100644 --- a/net/ipv4/ip_sockglue.c |