commit: 8653be659f83e207eded0dbd8917a1898acf2727 Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> AuthorDate: Thu Dec 31 12:31:34 2015 +0000 Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> CommitDate: Thu Dec 31 12:31:34 2015 +0000 URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=8653be65
grsecurity-3.1-4.3.3-201512282134 4.3.3/0000_README | 2 +- ...> 4420_grsecurity-3.1-4.3.3-201512282134.patch} | 251 +++++++++++++-------- 2 files changed, 160 insertions(+), 93 deletions(-) diff --git a/4.3.3/0000_README b/4.3.3/0000_README index 2c1a853..0d44c02 100644 --- a/4.3.3/0000_README +++ b/4.3.3/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-3.1-4.3.3-201512222129.patch +Patch: 4420_grsecurity-3.1-4.3.3-201512282134.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch similarity index 99% rename from 4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch rename to 4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch index 2c1d2ad..0e5c122 100644 --- a/4.3.3/4420_grsecurity-3.1-4.3.3-201512222129.patch +++ b/4.3.3/4420_grsecurity-3.1-4.3.3-201512282134.patch @@ -1040,7 +1040,7 @@ index 0cfd7f947..63ed4c0 100644 Say Y here if you want to show the kernel pagetable layout in a debugfs file. This information is only useful for kernel developers diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index fe3ef39..9406984 100644 +index fe3ef39..60e6ae2 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -18,17 +18,41 @@ @@ -1158,8 +1158,11 @@ index fe3ef39..9406984 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \ : "r" (&v->counter), "Ir" (i) \ : "cc"); \ -@@ -80,6 +130,9 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v) \ +@@ -78,8 +128,12 @@ static inline int atomic_##op##_return_relaxed(int i, atomic_t *v) \ + } + #define atomic_add_return_relaxed atomic_add_return_relaxed ++#define atomic_add_return_unchecked atomic_add_return_unchecked_relaxed #define atomic_sub_return_relaxed atomic_sub_return_relaxed +#define ATOMIC_OP_RETURN(op, c_op, asm_op) __ATOMIC_OP_RETURN(op, _unchecked, c_op, asm_op, , )\ @@ -1168,7 +1171,7 @@ index fe3ef39..9406984 100644 static inline int atomic_cmpxchg_relaxed(atomic_t *ptr, int old, int new) { int oldval; -@@ -113,12 +166,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -113,12 +167,24 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) __asm__ __volatile__ ("@ atomic_add_unless\n" "1: ldrex %0, [%4]\n" " teq %0, %5\n" @@ -1196,7 +1199,7 @@ index fe3ef39..9406984 100644 : "=&r" (oldval), "=&r" (newval), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -129,14 +194,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -129,14 +195,36 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) return oldval; } @@ -1235,7 +1238,7 @@ index fe3ef39..9406984 100644 { \ unsigned long flags; \ \ -@@ -145,8 +232,11 @@ static inline void atomic_##op(int i, atomic_t *v) \ +@@ -145,8 +233,11 @@ static inline void atomic_##op(int i, atomic_t *v) \ raw_local_irq_restore(flags); \ } \ @@ -1249,7 +1252,7 @@ index fe3ef39..9406984 100644 { \ unsigned long flags; \ int val; \ -@@ -159,6 +249,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v) \ +@@ -159,6 +250,9 @@ static inline int atomic_##op##_return(int i, atomic_t *v) \ return val; \ } @@ -1259,7 +1262,7 @@ index fe3ef39..9406984 100644 static inline int atomic_cmpxchg(atomic_t *v, int old, int new) { int ret; -@@ -173,6 +266,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -173,6 +267,11 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return ret; } @@ -1271,7 +1274,7 @@ index fe3ef39..9406984 100644 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { int c, old; -@@ -201,16 +299,38 @@ ATOMIC_OP(xor, ^=, eor) +@@ -201,16 +300,38 @@ ATOMIC_OP(xor, ^=, eor) #undef ATOMIC_OPS #undef ATOMIC_OP_RETURN @@ -1299,18 +1302,18 @@ index fe3ef39..9406984 100644 #define atomic_inc_and_test(v) (atomic_add_return(1, v) == 0) +static inline int atomic_inc_and_test_unchecked(atomic_unchecked_t *v) +{ -+ return atomic_add_return_unchecked_relaxed(1, v) == 0; ++ return atomic_add_return_unchecked(1, v) == 0; +} #define atomic_dec_and_test(v) (atomic_sub_return(1, v) == 0) #define atomic_inc_return(v) (atomic_add_return(1, v)) +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) +{ -+ return atomic_add_return_unchecked_relaxed(1, v); ++ return atomic_add_return_unchecked(1, v); +} #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) -@@ -221,6 +341,14 @@ typedef struct { +@@ -221,6 +342,14 @@ typedef struct { long long counter; } atomic64_t; @@ -1325,7 +1328,7 @@ index fe3ef39..9406984 100644 #define ATOMIC64_INIT(i) { (i) } #ifdef CONFIG_ARM_LPAE -@@ -237,6 +365,19 @@ static inline long long atomic64_read(const atomic64_t *v) +@@ -237,6 +366,19 @@ static inline long long atomic64_read(const atomic64_t *v) return result; } @@ -1345,7 +1348,7 @@ index fe3ef39..9406984 100644 static inline void atomic64_set(atomic64_t *v, long long i) { __asm__ __volatile__("@ atomic64_set\n" -@@ -245,6 +386,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -245,6 +387,15 @@ static inline void atomic64_set(atomic64_t *v, long long i) : "r" (&v->counter), "r" (i) ); } @@ -1361,7 +1364,7 @@ index fe3ef39..9406984 100644 #else static inline long long atomic64_read(const atomic64_t *v) { -@@ -259,6 +409,19 @@ static inline long long atomic64_read(const atomic64_t *v) +@@ -259,6 +410,19 @@ static inline long long atomic64_read(const atomic64_t *v) return result; } @@ -1381,7 +1384,7 @@ index fe3ef39..9406984 100644 static inline void atomic64_set(atomic64_t *v, long long i) { long long tmp; -@@ -273,43 +436,73 @@ static inline void atomic64_set(atomic64_t *v, long long i) +@@ -273,43 +437,73 @@ static inline void atomic64_set(atomic64_t *v, long long i) : "r" (&v->counter), "r" (i) : "cc"); } @@ -1463,7 +1466,7 @@ index fe3ef39..9406984 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) \ : "r" (&v->counter), "r" (i) \ : "cc"); \ -@@ -317,6 +510,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \ +@@ -317,6 +511,9 @@ atomic64_##op##_return_relaxed(long long i, atomic64_t *v) \ return result; \ } @@ -1473,7 +1476,15 @@ index fe3ef39..9406984 100644 #define ATOMIC64_OPS(op, op1, op2) \ ATOMIC64_OP(op, op1, op2) \ ATOMIC64_OP_RETURN(op, op1, op2) -@@ -336,7 +532,12 @@ ATOMIC64_OP(xor, eor, eor) +@@ -325,6 +522,7 @@ ATOMIC64_OPS(add, adds, adc) + ATOMIC64_OPS(sub, subs, sbc) + + #define atomic64_add_return_relaxed atomic64_add_return_relaxed ++#define atomic64_add_return_unchecked atomic64_add_return_unchecked_relaxed + #define atomic64_sub_return_relaxed atomic64_sub_return_relaxed + + #define atomic64_andnot atomic64_andnot +@@ -336,7 +534,12 @@ ATOMIC64_OP(xor, eor, eor) #undef ATOMIC64_OPS #undef ATOMIC64_OP_RETURN @@ -1486,10 +1497,12 @@ index fe3ef39..9406984 100644 static inline long long atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) -@@ -362,6 +563,32 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) +@@ -361,6 +564,33 @@ atomic64_cmpxchg_relaxed(atomic64_t *ptr, long long old, long long new) + return oldval; } #define atomic64_cmpxchg_relaxed atomic64_cmpxchg_relaxed - ++#define atomic64_cmpxchg_unchecked atomic64_cmpxchg_unchecked_relaxed ++ +static inline long long +atomic64_cmpxchg_unchecked_relaxed(atomic64_unchecked_t *ptr, long long old, + long long new) @@ -1515,11 +1528,10 @@ index fe3ef39..9406984 100644 + + return oldval; +} -+ + static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) { - long long result; -@@ -385,21 +612,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) +@@ -385,21 +615,35 @@ static inline long long atomic64_xchg_relaxed(atomic64_t *ptr, long long new) static inline long long atomic64_dec_if_positive(atomic64_t *v) { long long result; @@ -1561,7 +1573,7 @@ index fe3ef39..9406984 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -423,13 +664,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -423,13 +667,25 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1590,7 +1602,7 @@ index fe3ef39..9406984 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -442,10 +695,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) +@@ -442,10 +698,13 @@ static inline int atomic64_add_unless(atomic64_t *v, long long a, long long u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1694,23 +1706,22 @@ index 0f84249..8e83c55 100644 struct of_cpuidle_method { const char *method; diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h -index fc8ba16..805a183 100644 +index fc8ba16..8b84f53 100644 --- a/arch/arm/include/asm/domain.h +++ b/arch/arm/include/asm/domain.h -@@ -42,7 +42,7 @@ +@@ -42,7 +42,6 @@ #define DOMAIN_USER 1 #define DOMAIN_IO 0 #endif -#define DOMAIN_VECTORS 3 -+//#define DOMAIN_VECTORS 3 /* * Domain types -@@ -51,8 +51,26 @@ +@@ -51,9 +50,27 @@ #define DOMAIN_CLIENT 1 #ifdef CONFIG_CPU_USE_DOMAINS #define DOMAIN_MANAGER 3 -+#define DOMAIN_VECTORS DOMAIN_USER ++#define DOMAIN_VECTORS 3 #else + +#ifdef CONFIG_PAX_KERNEXEC @@ -1728,12 +1739,13 @@ index fc8ba16..805a183 100644 +#define DOMAIN_USERCLIENT 1 +#define DOMAIN_VECTORS DOMAIN_USER +#endif -+#define DOMAIN_KERNELCLIENT 1 + #endif ++#define DOMAIN_KERNELCLIENT 1 #define domain_mask(dom) ((3) << (2 * (dom))) -@@ -62,7 +80,7 @@ + #define domain_val(dom,type) ((type) << (2 * (dom))) +@@ -62,7 +79,7 @@ #define DACR_INIT \ (domain_val(DOMAIN_USER, DOMAIN_NOACCESS) | \ domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ @@ -28770,7 +28782,7 @@ index 10e0272..b4bb9a7 100644 if (!(addr & ~PAGE_MASK)) return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index 91a4496..42fc304 100644 +index 91a4496..6414b5c 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -44,6 +44,7 @@ @@ -28781,27 +28793,42 @@ index 91a4496..42fc304 100644 #include "../realmode/rm/wakeup.h" -@@ -221,7 +222,7 @@ static int tboot_setup_sleep(void) +@@ -151,6 +152,10 @@ static int map_tboot_pages(unsigned long vaddr, unsigned long start_pfn, + if (!tboot_pg_dir) + return -1; + ++ clone_pgd_range(tboot_pg_dir + KERNEL_PGD_BOUNDARY, ++ swapper_pg_dir + KERNEL_PGD_BOUNDARY, ++ KERNEL_PGD_PTRS); ++ + for (; nr > 0; nr--, vaddr += PAGE_SIZE, start_pfn++) { + if (map_tboot_page(vaddr, start_pfn, PAGE_KERNEL_EXEC)) + return -1; +@@ -221,8 +226,6 @@ static int tboot_setup_sleep(void) void tboot_shutdown(u32 shutdown_type) { - void (*shutdown)(void); -+ void (* __noreturn shutdown)(void); - +- if (!tboot_enabled()) return; -@@ -242,8 +243,9 @@ void tboot_shutdown(u32 shutdown_type) + +@@ -242,9 +245,12 @@ void tboot_shutdown(u32 shutdown_type) tboot->shutdown_type = shutdown_type; switch_to_tboot_pt(); -+ cr4_clear_bits(X86_CR4_PCIDE); ++ __write_cr4(__read_cr4() & ~X86_CR4_PCIDE); - shutdown = (void(*)(void))(unsigned long)tboot->shutdown_entry; -+ shutdown = (void *)(unsigned long)tboot->shutdown_entry; - shutdown(); +- shutdown(); ++ /* ++ * PaX: can't be a C indirect function call due to KERNEXEC ++ */ ++ asm volatile("jmp *%0" : : "r"((unsigned long)tboot->shutdown_entry)); /* should not reach here */ -@@ -310,7 +312,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) + while (1) +@@ -310,7 +316,7 @@ static int tboot_extended_sleep(u8 sleep_state, u32 val_a, u32 val_b) return -ENODEV; } @@ -28810,7 +28837,7 @@ index 91a4496..42fc304 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -334,9 +336,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action, +@@ -334,9 +340,9 @@ static int tboot_cpu_callback(struct notifier_block *nfb, unsigned long action, { switch (action) { case CPU_DYING: @@ -28822,7 +28849,7 @@ index 91a4496..42fc304 100644 return NOTIFY_BAD; break; } -@@ -422,7 +424,7 @@ static __init int tboot_late_init(void) +@@ -422,7 +428,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -44150,7 +44177,7 @@ index c13fb5b..55a3802 100644 *off += size; diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index c4dcab0..89d8045 100644 +index c4dcab0..a505f18 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -382,7 +382,7 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, @@ -44162,6 +44189,17 @@ index c4dcab0..89d8045 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) +@@ -696,9 +696,7 @@ int vmbus_sendpacket_pagebuffer_ctl(struct vmbus_channel *channel, + * Adjust the size down since vmbus_channel_packet_page_buffer is the + * largest size we support + */ +- descsize = sizeof(struct vmbus_channel_packet_page_buffer) - +- ((MAX_PAGE_BUFFER_COUNT - pagecount) * +- sizeof(struct hv_page_buffer)); ++ descsize = offsetof(struct vmbus_channel_packet_page_buffer, range[pagecount]); + packetlen = descsize + bufferlen; + packetlen_aligned = ALIGN(packetlen, sizeof(u64)); + diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c index 6341be8..1a2fc8d 100644 --- a/drivers/hv/hv.c @@ -44570,6 +44608,19 @@ index 65e3240..e6c511d 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(amd756_lock); +diff --git a/drivers/i2c/busses/i2c-designware-pcidrv.c b/drivers/i2c/busses/i2c-designware-pcidrv.c +index df23e8c..1354d8e 100644 +--- a/drivers/i2c/busses/i2c-designware-pcidrv.c ++++ b/drivers/i2c/busses/i2c-designware-pcidrv.c +@@ -60,7 +60,7 @@ struct dw_scl_sda_cfg { + }; + + struct dw_pci_controller { +- u32 bus_num; ++ int bus_num; + u32 bus_cfg; + u32 tx_fifo_depth; + u32 rx_fifo_depth; diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c index 88eda09..cf40434 100644 --- a/drivers/i2c/busses/i2c-nforce2-s4985.c @@ -51116,7 +51167,7 @@ index 5fa98f5..322f0f8 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 5931a79..d536e64 100644 +index 5931a79..134ce31 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -101,7 +101,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, @@ -51137,6 +51188,16 @@ index 5931a79..d536e64 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); +@@ -1138,8 +1138,7 @@ int rndis_filter_device_add(struct hv_device *dev, + if (net_device->num_chn == 1) + goto out; + +- net_device->sub_cb_buf = vzalloc((net_device->num_chn - 1) * +- NETVSC_PACKET_SIZE); ++ net_device->sub_cb_buf = vzalloc(net_device->num_sc_offered * NETVSC_PACKET_SIZE); + if (!net_device->sub_cb_buf) { + net_device->num_chn = 1; + dev_info(&dev->device, "No memory for subchannels.\n"); diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c index cc56fac..c15b884 100644 --- a/drivers/net/ifb.c @@ -77227,7 +77288,7 @@ index e4141f2..d8263e8 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/exec.c b/fs/exec.c -index b06623a..1c50b96 100644 +index b06623a..122301f 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -56,8 +56,20 @@ @@ -77736,7 +77797,7 @@ index b06623a..1c50b96 100644 + if (*flags & MF_PAX_SEGMEXEC) + { + *flags &= ~MF_PAX_SEGMEXEC; -+ retval = -EINVAL; ++ retval = -EINVAL; + } +#endif + @@ -77761,7 +77822,7 @@ index b06623a..1c50b96 100644 + ) + { + *flags &= ~MF_PAX_MPROTECT; -+ retval = -EINVAL; ++ retval = -EINVAL; + } + + if ((*flags & MF_PAX_EMUTRAMP) @@ -97176,46 +97237,10 @@ index c1da539..1dcec55 100644 struct atmphy_ops { int (*start)(struct atm_dev *dev); diff --git a/include/linux/atomic.h b/include/linux/atomic.h -index 00a5763..5322059 100644 +index 00a5763..93fe7f4 100644 --- a/include/linux/atomic.h +++ b/include/linux/atomic.h -@@ -79,6 +79,11 @@ - #define atomic_add_return(...) \ - __atomic_op_fence(atomic_add_return, __VA_ARGS__) - #endif -+ -+#ifndef atomic_add_return_unchecked -+#define atomic_add_return_unchecked(...) \ -+ __atomic_op_fence(atomic_add_return_unchecked, __VA_ARGS__) -+#endif - #endif /* atomic_add_return_relaxed */ - - /* atomic_sub_return_relaxed */ -@@ -183,6 +188,11 @@ - #define atomic64_add_return(...) \ - __atomic_op_fence(atomic64_add_return, __VA_ARGS__) - #endif -+ -+#ifndef atomic64_add_return_unchecked -+#define atomic64_add_return_unchecked(...) \ -+ __atomic_op_fence(atomic64_add_return_unchecked, __VA_ARGS__) -+#endif - #endif /* atomic64_add_return_relaxed */ - - /* atomic64_sub_return_relaxed */ -@@ -255,6 +265,11 @@ - #define atomic64_cmpxchg(...) \ - __atomic_op_fence(atomic64_cmpxchg, __VA_ARGS__) - #endif -+ -+#ifndef atomic64_cmpxchg_unchecked -+#define atomic64_cmpxchg_unchecked(...) \ -+ __atomic_op_fence(atomic64_cmpxchg_unchecked, __VA_ARGS__) -+#endif - #endif /* atomic64_cmpxchg_relaxed */ - - /* cmpxchg_relaxed */ -@@ -335,7 +350,7 @@ +@@ -335,7 +335,7 @@ * Atomically adds @a to @v, so long as @v was not already @u. * Returns non-zero if @v was not @u, and zero otherwise. */ @@ -120311,10 +120336,20 @@ index 8a1741b..20d20e7 100644 if (!err) err = put_user(SCM_RIGHTS, &cm->cmsg_type); diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index fab4599..e488a92 100644 +index fab4599..daf360d 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c -@@ -2103,7 +2103,7 @@ EXPORT_SYMBOL(__skb_checksum); +@@ -969,7 +969,8 @@ static void skb_headers_offset_update(struct sk_buff *skb, int off) + if (skb->ip_summed == CHECKSUM_PARTIAL) + skb->csum_start += off; + /* {transport,network,mac}_header and tail are relative to skb->head */ +- skb->transport_header += off; ++ if (skb_transport_header_was_set(skb)) ++ skb->transport_header += off; + skb->network_header += off; + if (skb_mac_header_was_set(skb)) + skb->mac_header += off; +@@ -2103,7 +2104,7 @@ EXPORT_SYMBOL(__skb_checksum); __wsum skb_checksum(const struct sk_buff *skb, int offset, int len, __wsum csum) { @@ -120323,7 +120358,7 @@ index fab4599..e488a92 100644 .update = csum_partial_ext, .combine = csum_block_add_ext, }; -@@ -3318,12 +3318,14 @@ void __init skb_init(void) +@@ -3318,12 +3319,14 @@ void __init skb_init(void) skbuff_head_cache = kmem_cache_create("skbuff_head_cache", sizeof(struct sk_buff), 0, @@ -120340,7 +120375,7 @@ index fab4599..e488a92 100644 NULL); } -@@ -3643,7 +3645,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb, +@@ -3643,7 +3646,8 @@ static void __skb_complete_tx_timestamp(struct sk_buff *skb, serr->ee.ee_info = tstype; if (sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID) { serr->ee.ee_data = skb_shinfo(skb)->tskey; @@ -128018,6 +128053,36 @@ index aee2ec5..c276071 100644 /* record the root user tracking */ rb_link_node(&root_key_user.node, +diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c +index 0b9ec78..26f0e0a 100644 +--- a/security/keys/keyctl.c ++++ b/security/keys/keyctl.c +@@ -757,16 +757,16 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) + + /* the key is probably readable - now try to read it */ + can_read_key: +- ret = key_validate(key); +- if (ret == 0) { +- ret = -EOPNOTSUPP; +- if (key->type->read) { +- /* read the data with the semaphore held (since we +- * might sleep) */ +- down_read(&key->sem); ++ ret = -EOPNOTSUPP; ++ if (key->type->read) { ++ /* Read the data with the semaphore held (since we might sleep) ++ * to protect against the key being updated or revoked. ++ */ ++ down_read(&key->sem); ++ ret = key_validate(key); ++ if (ret == 0) + ret = key->type->read(key, buffer, buflen); +- up_read(&key->sem); +- } ++ up_read(&key->sem); + } + + error2: diff --git a/security/keys/keyring.c b/security/keys/keyring.c index d334370..b03e5a8 100644 --- a/security/keys/keyring.c @@ -131375,10 +131440,10 @@ index 0000000..7514850 +fi diff --git a/tools/gcc/initify_plugin.c b/tools/gcc/initify_plugin.c new file mode 100644 -index 0000000..9da49be +index 0000000..ed3a502 --- /dev/null +++ b/tools/gcc/initify_plugin.c -@@ -0,0 +1,586 @@ +@@ -0,0 +1,588 @@ +/* + * Copyright 2011-2015 by Emese Revfy <re.em...@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -131399,7 +131464,7 @@ index 0000000..9da49be +int plugin_is_GPL_compatible; + +static struct plugin_info initify_plugin_info = { -+ .version = "20151213", ++ .version = "20151228", + .help = "initify_plugin\n", +}; + @@ -131603,6 +131668,7 @@ index 0000000..9da49be + decl = get_inner_reference(op, &bitsize, &bitpos, &offset, &mode, &unsignedp, &reversep, &volatilep, true); + + switch (TREE_CODE_CLASS(TREE_CODE(decl))) { ++ case tcc_comparison: + case tcc_constant: + case tcc_statement: + return false; @@ -131634,6 +131700,7 @@ index 0000000..9da49be + return false; + + if (!DECL_P(decl)) { ++ debug_tree(vardecl); + debug_tree(op); + debug_tree(decl); + gcc_unreachable();
