grsec: Apply grsecurity-3.1-4.9.24-201704210851.patch

commit 08ef8b44e018880f9c921c04734a7155b4060124 Author: Brad Spengler <[email protected]> Date: Fri Apr 21 07:45:07 2017 -0400 Update size_overflow hash table commit 7d36ead53b4dbb86384ef6be930c3473b72110f6 Merge: e26e5cf c4b0241 Author: Brad Spengler <[email protected]> Date: Fri Apr 21 07:00:05 2017 -0400 Merge branch 'pax-test' into grsec-test Conflicts: drivers/media/usb/dvb-usb/dvb-usb-firmware.c commit c4b0241c552bd6cffd795a0418eb7a798bbfda2b Merge: 8c03f86 2f5e58e Author: Brad Spengler <[email protected]> Date: Fri Apr 21 06:58:42 2017 -0400 Merge branch 'linux-4.9.y' into pax-test Conflicts: arch/x86/mm/init.c drivers/char/mem.c Signature-tree: 81b453c78b21404818500b5f5a6857fda0618612
linux-scraping · Apr 21, 2017 · 89caeba · 89caeba
2 parents c95a09e + 2f5e58e
commit 89caeba
Show file tree

Hide file tree

Showing 77 changed files with 852 additions and 410 deletions.
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 VERSION = 4
 PATCHLEVEL = 9
-SUBLEVEL = 23
+SUBLEVEL = 24
 EXTRAVERSION =
 NAME = Roaring Lionus
 

diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c
@@ -269,11 +269,6 @@ static void ltq_hw5_irqdispatch(void)
 DEFINE_HWx_IRQDISPATCH(5)
 #endif
 
-static void ltq_hw_irq_handler(struct irq_desc *desc)
-{
- ltq_hw_irqdispatch(irq_desc_get_irq(desc) - 2);
-}
-
 #ifdef CONFIG_MIPS_MT_SMP
 void __init arch_init_ipiirq(int irq, struct irqaction *action)
 {
@@ -318,19 +313,23 @@ static struct irqaction irq_call = {
 asmlinkage void plat_irq_dispatch(void)
 {
  unsigned int pending = read_c0_status() & read_c0_cause() & ST0_IM;
- int irq;
-
- if (!pending) {
- spurious_interrupt();
- return;
+ unsigned int i;
+
+ if ((MIPS_CPU_TIMER_IRQ == 7) && (pending & CAUSEF_IP7)) {
+ do_IRQ(MIPS_CPU_TIMER_IRQ);
+ goto out;
+ } else {
+ for (i = 0; i < MAX_IM; i++) {
+ if (pending & (CAUSEF_IP2 << i)) {
+ ltq_hw_irqdispatch(i);
+ goto out;
+ }
+ }
  }
+ pr_alert("Spurious IRQ: CAUSE=0x%08x\n", read_c0_status());
 
- pending >>= CAUSEB_IP;
- while (pending) {
- irq = fls(pending) - 1;
- do_IRQ(MIPS_CPU_IRQ_BASE + irq);
- pending &= ~BIT(irq);
- }
+out:
+ return;
 }
 
 static int icu_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw)
@@ -355,6 +354,11 @@ static const struct irq_domain_ops irq_domain_ops = {
  .map = icu_map,
 };
 
+static struct irqaction cascade = {
+ .handler = no_action,
+ .name = "cascade",
+};
+
 int __init icu_of_init(struct device_node *node, struct device_node *parent)
 {
  struct device_node *eiu_node;
@@ -386,7 +390,7 @@ int __init icu_of_init(struct device_node *node, struct device_node *parent)
  mips_cpu_irq_init();
 
  for (i = 0; i < MAX_IM; i++)
- irq_set_chained_handler(i + 2, ltq_hw_irq_handler);
+ setup_irq(i + 2, &cascade);
 
  if (cpu_has_vint) {
  pr_info("Setting up vectored interrupts\n");

diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
@@ -42,10 +42,10 @@ static inline long access_ok(int type, const void __user * addr,
 #define get_user __get_user
 
 #if !defined(CONFIG_64BIT)
-#define LDD_USER(ptr)  __get_user_asm64(ptr)
+#define LDD_USER(val, ptr) __get_user_asm64(val, ptr)
 #define STD_USER(x, ptr) __put_user_asm64(x, ptr)
 #else
-#define LDD_USER(ptr)  __get_user_asm("ldd", ptr)
+#define LDD_USER(val, ptr) __get_user_asm(val, "ldd", ptr)
 #define STD_USER(x, ptr) __put_user_asm("std", x, ptr)
 #endif
 
@@ -100,63 +100,87 @@ struct exception_data {
  " mtsp %0,%%sr2\n\t" \
  : : "r"(get_fs()) : )
 
-#define __get_user(x, ptr) \
-({ \
- register long __gu_err __asm__ ("r8") = 0; \
- register long __gu_val; \
- \
- load_sr2(); \
- switch (sizeof(*(ptr))) { \
- case 1: __get_user_asm("ldb", ptr); break; \
- case 2: __get_user_asm("ldh", ptr); break; \
- case 4: __get_user_asm("ldw", ptr); break; \
- case 8: LDD_USER(ptr); break; \
- default: BUILD_BUG(); break; \
- } \
- \
- (x) = (__force __typeof__(*(ptr))) __gu_val; \
- __gu_err; \
+#define __get_user_internal(val, ptr) \
+({ \
+ register long __gu_err __asm__ ("r8") = 0; \
+ \
+ switch (sizeof(*(ptr))) { \
+ case 1: __get_user_asm(val, "ldb", ptr); break; \
+ case 2: __get_user_asm(val, "ldh", ptr); break; \
+ case 4: __get_user_asm(val, "ldw", ptr); break; \
+ case 8: LDD_USER(val, ptr); break; \
+ default: BUILD_BUG(); \
+ } \
+ \
+ __gu_err; \
 })
 
-#define __get_user_asm(ldx, ptr) \
+#define __get_user(val, ptr) \
+({ \
+ load_sr2(); \
+ __get_user_internal(val, ptr); \
+})
+
+#define __get_user_asm(val, ldx, ptr) \
+{ \
+ register long __gu_val; \
+ \
  __asm__("1: " ldx " 0(%%sr2,%2),%0\n" \
  "9:\n" \
  ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
  : "=r"(__gu_val), "=r"(__gu_err) \
- : "r"(ptr), "1"(__gu_err));
+ : "r"(ptr), "1"(__gu_err)); \
+ \
+ (val) = (__force __typeof__(*(ptr))) __gu_val; \
+}
 
 #if !defined(CONFIG_64BIT)
 
-#define __get_user_asm64(ptr) \
+#define __get_user_asm64(val, ptr) \
+{ \
+ union { \
+ unsigned long long l; \
+ __typeof__(*(ptr)) t; \
+ } __gu_tmp; \
+ \
  __asm__(" copy %%r0,%R0\n" \
  "1: ldw 0(%%sr2,%2),%0\n" \
  "2: ldw 4(%%sr2,%2),%R0\n" \
  "9:\n" \
  ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
  ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
- : "=r"(__gu_val), "=r"(__gu_err) \
- : "r"(ptr), "1"(__gu_err));
+ : "=&r"(__gu_tmp.l), "=r"(__gu_err) \
+ : "r"(ptr), "1"(__gu_err)); \
+ \
+ (val) = __gu_tmp.t; \
+}
 
 #endif /* !defined(CONFIG_64BIT) */
 
 
-#define __put_user(x, ptr) \
+#define __put_user_internal(x, ptr) \
 ({ \
  register long __pu_err __asm__ ("r8") = 0; \
  __typeof__(*(ptr)) __x = (__typeof__(*(ptr)))(x); \
  \
- load_sr2(); \
  switch (sizeof(*(ptr))) { \
-  case 1: __put_user_asm("stb", __x, ptr); break; \
-  case 2: __put_user_asm("sth", __x, ptr); break; \
-  case 4: __put_user_asm("stw", __x, ptr); break; \
-  case 8: STD_USER(__x, ptr); break; \
-  default: BUILD_BUG(); break; \
- } \
+ case 1: __put_user_asm("stb", __x, ptr); break; \
+ case 2: __put_user_asm("sth", __x, ptr); break; \
+ case 4: __put_user_asm("stw", __x, ptr); break; \
+ case 8: STD_USER(__x, ptr); break; \
+ default: BUILD_BUG();  \
+ } \
  \
  __pu_err; \
 })
 
+#define __put_user(x, ptr) \
+({ \
+ load_sr2(); \
+ __put_user_internal(x, ptr); \
+})
+
+
 /*
  * The "__put_user/kernel_asm()" macros tell gcc they read from memory
  * instead of writing. This is because they do not write to any memory

diff --git a/arch/parisc/lib/lusercopy.S b/arch/parisc/lib/lusercopy.S
@@ -201,7 +201,7 @@ ENTRY_CFI(pa_memcpy)
  add dst,len,end
 
  /* short copy with less than 16 bytes? */
- cmpib,>>=,n 15,len,.Lbyte_loop
+ cmpib,COND(>>=),n 15,len,.Lbyte_loop
 
  /* same alignment? */
  xor src,dst,t0
@@ -216,7 +216,7 @@ ENTRY_CFI(pa_memcpy)
  /* loop until we are 64-bit aligned */
 .Lalign_loop64:
  extru dst,31,3,t1
- cmpib,=,n 0,t1,.Lcopy_loop_16
+ cmpib,=,n 0,t1,.Lcopy_loop_16_start
 20: ldb,ma 1(srcspc,src),t1
 21: stb,ma t1,1(dstspc,dst)
  b .Lalign_loop64
@@ -225,6 +225,7 @@ ENTRY_CFI(pa_memcpy)
  ASM_EXCEPTIONTABLE_ENTRY(20b,.Lcopy_done)
  ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
 
+.Lcopy_loop_16_start:
  ldi 31,t0
 .Lcopy_loop_16:
  cmpb,COND(>>=),n t0,len,.Lword_loop
@@ -267,7 +268,7 @@ ENTRY_CFI(pa_memcpy)
  /* loop until we are 32-bit aligned */
 .Lalign_loop32:
  extru dst,31,2,t1
- cmpib,=,n 0,t1,.Lcopy_loop_4
+ cmpib,=,n 0,t1,.Lcopy_loop_8
 20: ldb,ma 1(srcspc,src),t1
 21: stb,ma t1,1(dstspc,dst)
  b .Lalign_loop32
@@ -277,7 +278,7 @@ ENTRY_CFI(pa_memcpy)
  ASM_EXCEPTIONTABLE_ENTRY(21b,.Lcopy_done)
 
 
-.Lcopy_loop_4:
+.Lcopy_loop_8:
  cmpib,COND(>>=),n 15,len,.Lbyte_loop
 
 10: ldw 0(srcspc,src),t1
@@ -299,7 +300,7 @@ ENTRY_CFI(pa_memcpy)
  ASM_EXCEPTIONTABLE_ENTRY(16b,.Lcopy_done)
  ASM_EXCEPTIONTABLE_ENTRY(17b,.Lcopy_done)
 
- b .Lcopy_loop_4
+ b .Lcopy_loop_8
  ldo -16(len),len
 
 .Lbyte_loop:
@@ -324,7 +325,7 @@ ENTRY_CFI(pa_memcpy)
 .Lunaligned_copy:
  /* align until dst is 32bit-word-aligned */
  extru dst,31,2,t1
- cmpib,COND(=),n 0,t1,.Lcopy_dstaligned
+ cmpib,=,n 0,t1,.Lcopy_dstaligned
 20: ldb 0(srcspc,src),t1
  ldo 1(src),src
 21: stb,ma t1,1(dstspc,dst)
@@ -362,7 +363,7 @@ ENTRY_CFI(pa_memcpy)
  cmpiclr,<> 1,t0,%r0
  b,n .Lcase1
 .Lcase0:
- cmpb,= %r0,len,.Lcda_finish
+ cmpb,COND(=) %r0,len,.Lcda_finish
  nop
 
 1: ldw,ma 4(srcspc,src), a3
@@ -376,7 +377,7 @@ ENTRY_CFI(pa_memcpy)
 1: ldw,ma 4(srcspc,src), a3
  ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
  ldo -1(len),len
- cmpb,=,n %r0,len,.Ldo0
+ cmpb,COND(=),n %r0,len,.Ldo0
 .Ldo4:
 1: ldw,ma 4(srcspc,src), a0
  ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcda_rdfault)
@@ -402,7 +403,7 @@ ENTRY_CFI(pa_memcpy)
 1: stw,ma t0, 4(dstspc,dst)
  ASM_EXCEPTIONTABLE_ENTRY(1b,.Lcopy_done)
  ldo -4(len),len
- cmpb,<> %r0,len,.Ldo4
+ cmpb,COND(<>) %r0,len,.Ldo4
  nop
 .Ldo0:
  shrpw a2, a3, %sar, t0
@@ -436,14 +437,14 @@ ENTRY_CFI(pa_memcpy)
  /* fault exception fixup handlers: */
 #ifdef CONFIG_64BIT
 .Lcopy16_fault:
-10: b .Lcopy_done
- std,ma t1,8(dstspc,dst)
+ b .Lcopy_done
+10: std,ma t1,8(dstspc,dst)
  ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
 #endif
 
 .Lcopy8_fault:
-10: b .Lcopy_done
- stw,ma t1,4(dstspc,dst)
+ b .Lcopy_done
+10: stw,ma t1,4(dstspc,dst)
  ASM_EXCEPTIONTABLE_ENTRY(10b,.Lcopy_done)
 
  .exit

diff --git a/arch/x86/entry/vdso/vdso32-setup.c b/arch/x86/entry/vdso/vdso32-setup.c
@@ -30,8 +30,10 @@ static int __init vdso32_setup(char *s)
 {
  vdso32_enabled = simple_strtoul(s, NULL, 0);
 
- if (vdso32_enabled > 1)
+ if (vdso32_enabled > 1) {
  pr_warn("vdso32 values other than 0 and 1 are no longer allowed; vdso disabled\n");
+ vdso32_enabled = 0;
+ }
 
  return 1;
 }
@@ -62,13 +64,18 @@ subsys_initcall(sysenter_setup);
 /* Register vsyscall32 into the ABI table */
 #include <linux/sysctl.h>
 
+static const int zero;
+static const int one = 1;
+
 static struct ctl_table abi_table2[] = {
  {
  .procname = "vsyscall32",
  .data = &vdso32_enabled,
  .maxlen = sizeof(int),
  .mode = 0644,
- .proc_handler = proc_dointvec
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = (int *)&zero,
+ .extra2 = (int *)&one,
  },
  {}
 };

diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c
@@ -507,6 +507,9 @@ static void intel_pmu_lbr_read_32(struct cpu_hw_events *cpuc)
  cpuc->lbr_entries[i].to = msr_lastbranch.to;
  cpuc->lbr_entries[i].mispred = 0;
  cpuc->lbr_entries[i].predicted = 0;
+ cpuc->lbr_entries[i].in_tx = 0;
+ cpuc->lbr_entries[i].abort = 0;
+ cpuc->lbr_entries[i].cycles = 0;
  cpuc->lbr_entries[i].reserved = 0;
  }
  cpuc->lbr_stack.nr = i;

diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h
@@ -293,7 +293,7 @@ struct task_struct;
 
 #define ARCH_DLINFO_IA32 \
 do { \
- if (vdso32_enabled) {  \
+ if (VDSO_CURRENT_BASE) { \
  NEW_AUX_ENT(AT_SYSINFO, VDSO_ENTRY); \
  NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_CURRENT_BASE); \
  } \