commit: 77b297713485d2da87bfe9b58e57627ecc71b222
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon May 12 12:35:58 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon May 12 12:35:58 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-patchset.git;a=commit;h=77b29771
Grsec/PaX: 3.0-{3.2.58,3.14.3}-201405112005
---
3.14.3/0000_README | 2 +-
... 4420_grsecurity-3.0-3.14.3-201405112005.patch} | 442 ++++++++++++++++++++-
3.2.58/0000_README | 2 +-
... 4420_grsecurity-3.0-3.2.58-201405112002.patch} | 47 ++-
4 files changed, 468 insertions(+), 25 deletions(-)
diff --git a/3.14.3/0000_README b/3.14.3/0000_README
index 4ea0a4a..99900e8 100644
--- a/3.14.3/0000_README
+++ b/3.14.3/0000_README
@@ -2,7 +2,7 @@ README
-----------------------------------------------------------------------------
Individual Patch Descriptions:
-----------------------------------------------------------------------------
-Patch: 4420_grsecurity-3.0-3.14.3-201405101947.patch
+Patch: 4420_grsecurity-3.0-3.14.3-201405112005.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch
b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch
similarity index 99%
rename from 3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch
rename to 3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch
index d17eca9..c5fa685 100644
--- a/3.14.3/4420_grsecurity-3.0-3.14.3-201405101947.patch
+++ b/3.14.3/4420_grsecurity-3.0-3.14.3-201405112005.patch
@@ -9763,6 +9763,142 @@ index 502f632..da1917f 100644
#define __S100 PAGE_READONLY
#define __S101 PAGE_READONLY
#define __S110 PAGE_SHARED
+diff --git a/arch/sparc/include/asm/pgtable_64.h
b/arch/sparc/include/asm/pgtable_64.h
+index 0f9e945..a949e55 100644
+--- a/arch/sparc/include/asm/pgtable_64.h
++++ b/arch/sparc/include/asm/pgtable_64.h
+@@ -71,6 +71,23 @@
+
+ #include <linux/sched.h>
+
++extern unsigned long sparc64_valid_addr_bitmap[];
++
++/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
++static inline bool __kern_addr_valid(unsigned long paddr)
++{
++ if ((paddr >> MAX_PHYS_ADDRESS_BITS) != 0UL)
++ return false;
++ return test_bit(paddr >> ILOG2_4MB, sparc64_valid_addr_bitmap);
++}
++
++static inline bool kern_addr_valid(unsigned long addr)
++{
++ unsigned long paddr = __pa(addr);
++
++ return __kern_addr_valid(paddr);
++}
++
+ /* Entries per page directory level. */
+ #define PTRS_PER_PTE (1UL << (PAGE_SHIFT-3))
+ #define PTRS_PER_PMD (1UL << PMD_BITS)
+@@ -79,9 +96,12 @@
+ /* Kernel has a separate 44bit address space. */
+ #define FIRST_USER_ADDRESS 0
+
+-#define pte_ERROR(e) __builtin_trap()
+-#define pmd_ERROR(e) __builtin_trap()
+-#define pgd_ERROR(e) __builtin_trap()
++#define pmd_ERROR(e) \
++ pr_err("%s:%d: bad pmd %p(%016lx) seen at (%pS)\n", \
++ __FILE__, __LINE__, &(e), pmd_val(e),
__builtin_return_address(0))
++#define pgd_ERROR(e) \
++ pr_err("%s:%d: bad pgd %p(%016lx) seen at (%pS)\n", \
++ __FILE__, __LINE__, &(e), pgd_val(e),
__builtin_return_address(0))
+
+ #endif /* !(__ASSEMBLY__) */
+
+@@ -633,7 +653,7 @@ static inline unsigned long pmd_large(pmd_t pmd)
+ {
+ pte_t pte = __pte(pmd_val(pmd));
+
+- return (pte_val(pte) & _PAGE_PMD_HUGE) && pte_present(pte);
++ return pte_val(pte) & _PAGE_PMD_HUGE;
+ }
+
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+@@ -719,20 +739,6 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd)
+ return __pmd(pte_val(pte));
+ }
+
+-static inline pmd_t pmd_mknotpresent(pmd_t pmd)
+-{
+- unsigned long mask;
+-
+- if (tlb_type == hypervisor)
+- mask = _PAGE_PRESENT_4V;
+- else
+- mask = _PAGE_PRESENT_4U;
+-
+- pmd_val(pmd) &= ~mask;
+-
+- return pmd;
+-}
+-
+ static inline pmd_t pmd_mksplitting(pmd_t pmd)
+ {
+ pte_t pte = __pte(pmd_val(pmd));
+@@ -757,6 +763,20 @@ static inline int pmd_present(pmd_t pmd)
+
+ #define pmd_none(pmd) (!pmd_val(pmd))
+
++/* pmd_bad() is only called on non-trans-huge PMDs. Our encoding is
++ * very simple, it's just the physical address. PTE tables are of
++ * size PAGE_SIZE so make sure the sub-PAGE_SIZE bits are clear and
++ * the top bits outside of the range of any physical address size we
++ * support are clear as well. We also validate the physical itself.
++ */
++#define pmd_bad(pmd) ((pmd_val(pmd) & ~PAGE_MASK) || \
++ !__kern_addr_valid(pmd_val(pmd)))
++
++#define pud_none(pud) (!pud_val(pud))
++
++#define pud_bad(pud) ((pud_val(pud) & ~PAGE_MASK) || \
++ !__kern_addr_valid(pud_val(pud)))
++
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ extern void set_pmd_at(struct mm_struct *mm, unsigned long addr,
+ pmd_t *pmdp, pmd_t pmd);
+@@ -790,10 +810,7 @@ static inline unsigned long __pmd_page(pmd_t pmd)
+ #define pud_page_vaddr(pud) \
+ ((unsigned long) __va(pud_val(pud)))
+ #define pud_page(pud) virt_to_page((void
*)pud_page_vaddr(pud))
+-#define pmd_bad(pmd) (0)
+ #define pmd_clear(pmdp) (pmd_val(*(pmdp)) = 0UL)
+-#define pud_none(pud) (!pud_val(pud))
+-#define pud_bad(pud) (0)
+ #define pud_present(pud) (pud_val(pud) != 0U)
+ #define pud_clear(pudp) (pud_val(*(pudp)) = 0UL)
+
+@@ -893,6 +910,10 @@ extern void update_mmu_cache(struct vm_area_struct *,
unsigned long, pte_t *);
+ extern void update_mmu_cache_pmd(struct vm_area_struct *vma, unsigned long
addr,
+ pmd_t *pmd);
+
++#define __HAVE_ARCH_PMDP_INVALIDATE
++extern void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
++ pmd_t *pmdp);
++
+ #define __HAVE_ARCH_PGTABLE_DEPOSIT
+ extern void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
+ pgtable_t pgtable);
+@@ -919,18 +940,6 @@ extern unsigned long pte_file(pte_t);
+ extern pte_t pgoff_to_pte(unsigned long);
+ #define PTE_FILE_MAX_BITS (64UL - PAGE_SHIFT - 1UL)
+
+-extern unsigned long sparc64_valid_addr_bitmap[];
+-
+-/* Needs to be defined here and not in linux/mm.h, as it is arch dependent */
+-static inline bool kern_addr_valid(unsigned long addr)
+-{
+- unsigned long paddr = __pa(addr);
+-
+- if ((paddr >> 41UL) != 0UL)
+- return false;
+- return test_bit(paddr >> 22, sparc64_valid_addr_bitmap);
+-}
+-
+ extern int page_in_phys_avail(unsigned long paddr);
+
+ /*
diff --git a/arch/sparc/include/asm/pgtsrmmu.h
b/arch/sparc/include/asm/pgtsrmmu.h
index 79da178..c2eede8 100644
--- a/arch/sparc/include/asm/pgtsrmmu.h
@@ -9940,6 +10076,20 @@ index a5f01ac..703b554 100644
/*
* Thread-synchronous status.
*
+diff --git a/arch/sparc/include/asm/tsb.h b/arch/sparc/include/asm/tsb.h
+index 2230f80..90916f9 100644
+--- a/arch/sparc/include/asm/tsb.h
++++ b/arch/sparc/include/asm/tsb.h
+@@ -171,7 +171,8 @@ extern struct tsb_phys_patch_entry __tsb_phys_patch,
__tsb_phys_patch_end;
+ andcc REG1, REG2, %g0; \
+ be,pt %xcc, 700f; \
+ sethi %hi(4 * 1024 * 1024), REG2; \
+- andn REG1, REG2, REG1; \
++ brgez,pn REG1, FAIL_LABEL; \
++ andn REG1, REG2, REG1; \
+ and VADDR, REG2, REG2; \
+ brlz,pt REG1, PTE_LABEL; \
+ or REG1, REG2, REG1; \
diff --git a/arch/sparc/include/asm/uaccess.h
b/arch/sparc/include/asm/uaccess.h
index 0167d26..767bb0c 100644
--- a/arch/sparc/include/asm/uaccess.h
@@ -10688,10 +10838,37 @@ index 4ced92f..965eeed 100644
}
EXPORT_SYMBOL(die_if_kernel);
diff --git a/arch/sparc/kernel/unaligned_64.c
b/arch/sparc/kernel/unaligned_64.c
-index 3c1a7cb..73e1923 100644
+index 3c1a7cb..9046547 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
-@@ -289,7 +289,7 @@ static void log_unaligned(struct pt_regs *regs)
+@@ -166,17 +166,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg,
struct pt_regs *regs)
+ unsigned long compute_effective_address(struct pt_regs *regs,
+ unsigned int insn, unsigned int rd)
+ {
++ int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
+ unsigned int rs1 = (insn >> 14) & 0x1f;
+ unsigned int rs2 = insn & 0x1f;
+- int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
++ unsigned long addr;
+
+ if (insn & 0x2000) {
+ maybe_flush_windows(rs1, 0, rd, from_kernel);
+- return (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
++ addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
+ } else {
+ maybe_flush_windows(rs1, rs2, rd, from_kernel);
+- return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
++ addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
+ }
++
++ if (!from_kernel && test_thread_flag(TIF_32BIT))
++ addr &= 0xffffffff;
++
++ return addr;
+ }
+
+ /* This is just to make gcc think die_if_kernel does return... */
+@@ -289,7 +295,7 @@ static void log_unaligned(struct pt_regs *regs)
static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
if (__ratelimit(&ratelimit)) {
@@ -11281,7 +11458,7 @@ index 59dbd46..1dd7f5e 100644
if (!(vma->vm_flags & (VM_READ | VM_EXEC)))
goto bad_area;
diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c
-index 69bb818..6ca35c8 100644
+index 69bb818..3542236 100644
--- a/arch/sparc/mm/fault_64.c
+++ b/arch/sparc/mm/fault_64.c
@@ -22,6 +22,9 @@
@@ -11303,7 +11480,124 @@ index 69bb818..6ca35c8 100644
printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr);
dump_stack();
unhandled_fault(regs->tpc, current, regs);
-@@ -271,6 +274,466 @@ static void noinline __kprobes
bogus_32bit_fault_address(struct pt_regs *regs,
+@@ -96,38 +99,51 @@ static unsigned int get_user_insn(unsigned long tpc)
+ pte_t *ptep, pte;
+ unsigned long pa;
+ u32 insn = 0;
+- unsigned long pstate;
+
+- if (pgd_none(*pgdp))
+- goto outret;
++ if (pgd_none(*pgdp) || unlikely(pgd_bad(*pgdp)))
++ goto out;
+ pudp = pud_offset(pgdp, tpc);
+- if (pud_none(*pudp))
+- goto outret;
+- pmdp = pmd_offset(pudp, tpc);
+- if (pmd_none(*pmdp))
+- goto outret;
++ if (pud_none(*pudp) || unlikely(pud_bad(*pudp)))
++ goto out;
+
+ /* This disables preemption for us as well. */
+- __asm__ __volatile__("rdpr %%pstate, %0" : "=r" (pstate));
+- __asm__ __volatile__("wrpr %0, %1, %%pstate"
+- : : "r" (pstate), "i" (PSTATE_IE));
+- ptep = pte_offset_map(pmdp, tpc);
+- pte = *ptep;
+- if (!pte_present(pte))
+- goto out;
++ local_irq_disable();
+
+- pa = (pte_pfn(pte) << PAGE_SHIFT);
+- pa += (tpc & ~PAGE_MASK);
++ pmdp = pmd_offset(pudp, tpc);
++ if (pmd_none(*pmdp) || unlikely(pmd_bad(*pmdp)))
++ goto out_irq_enable;
+
+- /* Use phys bypass so we don't pollute dtlb/dcache. */
+- __asm__ __volatile__("lduwa [%1] %2, %0"
+- : "=r" (insn)
+- : "r" (pa), "i" (ASI_PHYS_USE_EC));
++#ifdef CONFIG_TRANSPARENT_HUGEPAGE
++ if (pmd_trans_huge(*pmdp)) {
++ if (pmd_trans_splitting(*pmdp))
++ goto out_irq_enable;
+
++ pa = pmd_pfn(*pmdp) << PAGE_SHIFT;
++ pa += tpc & ~HPAGE_MASK;
++
++ /* Use phys bypass so we don't pollute dtlb/dcache. */
++ __asm__ __volatile__("lduwa [%1] %2, %0"
++ : "=r" (insn)
++ : "r" (pa), "i" (ASI_PHYS_USE_EC));
++ } else
++#endif
++ {
++ ptep = pte_offset_map(pmdp, tpc);
++ pte = *ptep;
++ if (pte_present(pte)) {
++ pa = (pte_pfn(pte) << PAGE_SHIFT);
++ pa += (tpc & ~PAGE_MASK);
++
++ /* Use phys bypass so we don't pollute dtlb/dcache. */
++ __asm__ __volatile__("lduwa [%1] %2, %0"
++ : "=r" (insn)
++ : "r" (pa), "i" (ASI_PHYS_USE_EC));
++ }
++ pte_unmap(ptep);
++ }
++out_irq_enable:
++ local_irq_enable();
+ out:
+- pte_unmap(ptep);
+- __asm__ __volatile__("wrpr %0, 0x0, %%pstate" : : "r" (pstate));
+-outret:
+ return insn;
+ }
+
+@@ -153,7 +169,8 @@ show_signal_msg(struct pt_regs *regs, int sig, int code,
+ }
+
+ static void do_fault_siginfo(int code, int sig, struct pt_regs *regs,
+- unsigned int insn, int fault_code)
++ unsigned long fault_addr, unsigned int insn,
++ int fault_code)
+ {
+ unsigned long addr;
+ siginfo_t info;
+@@ -161,10 +178,18 @@ static void do_fault_siginfo(int code, int sig, struct
pt_regs *regs,
+ info.si_code = code;
+ info.si_signo = sig;
+ info.si_errno = 0;
+- if (fault_code & FAULT_CODE_ITLB)
++ if (fault_code & FAULT_CODE_ITLB) {
+ addr = regs->tpc;
+- else
+- addr = compute_effective_address(regs, insn, 0);
++ } else {
++ /* If we were able to probe the faulting instruction, use it
++ * to compute a precise fault address. Otherwise use the fault
++ * time provided address which may only have page granularity.
++ */
++ if (insn)
++ addr = compute_effective_address(regs, insn, 0);
++ else
++ addr = fault_addr;
++ }
+ info.si_addr = (void __user *) addr;
+ info.si_trapno = 0;
+
+@@ -239,7 +264,7 @@ static void __kprobes do_kernel_fault(struct pt_regs
*regs, int si_code,
+ /* The si_code was set to make clear whether
+ * this was a SEGV_MAPERR or SEGV_ACCERR fault.
+ */
+- do_fault_siginfo(si_code, SIGSEGV, regs, insn, fault_code);
++ do_fault_siginfo(si_code, SIGSEGV, regs, address, insn,
fault_code);
+ return;
+ }
+
+@@ -271,6 +296,466 @@ static void noinline __kprobes
bogus_32bit_fault_address(struct pt_regs *regs,
show_regs(regs);
}
@@ -11770,7 +12064,7 @@ index 69bb818..6ca35c8 100644
asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
{
enum ctx_state prev_state = exception_enter();
-@@ -344,6 +807,29 @@ retry:
+@@ -344,6 +829,29 @@ retry:
if (!vma)
goto bad_area;
@@ -11800,6 +12094,28 @@ index 69bb818..6ca35c8 100644
/* Pure DTLB misses do not tell us whether the fault causing
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
+@@ -525,7 +1033,7 @@ do_sigbus:
+ * Send a sigbus, regardless of whether we were in kernel
+ * or user mode.
+ */
+- do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, insn, fault_code);
++ do_fault_siginfo(BUS_ADRERR, SIGBUS, regs, address, insn, fault_code);
+
+ /* Kernel mode? Handle exceptions or die */
+ if (regs->tstate & TSTATE_PRIV)
+diff --git a/arch/sparc/mm/gup.c b/arch/sparc/mm/gup.c
+index c4d3da6..1aed043 100644
+--- a/arch/sparc/mm/gup.c
++++ b/arch/sparc/mm/gup.c
+@@ -73,7 +73,7 @@ static int gup_huge_pmd(pmd_t *pmdp, pmd_t pmd, unsigned
long addr,
+ struct page *head, *page, *tail;
+ int refs;
+
+- if (!pmd_large(pmd))
++ if (!(pmd_val(pmd) & _PAGE_VALID))
+ return 0;
+
+ if (write && !pmd_write(pmd))
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
index 9bd9ce8..dc84852 100644
--- a/arch/sparc/mm/hugetlbpage.c
@@ -11944,6 +12260,67 @@ index eafbc65..5a8070d 100644
#endif /* CONFIG_SMP */
#endif /* CONFIG_DEBUG_DCFLUSH */
}
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index b12cb5e..b89aba2 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -134,7 +134,7 @@ no_cache_flush:
+
+ #ifdef CONFIG_TRANSPARENT_HUGEPAGE
+ static void tlb_batch_pmd_scan(struct mm_struct *mm, unsigned long vaddr,
+- pmd_t pmd, bool exec)
++ pmd_t pmd)
+ {
+ unsigned long end;
+ pte_t *pte;
+@@ -142,8 +142,11 @@ static void tlb_batch_pmd_scan(struct mm_struct *mm,
unsigned long vaddr,
+ pte = pte_offset_map(&pmd, vaddr);
+ end = vaddr + HPAGE_SIZE;
+ while (vaddr < end) {
+- if (pte_val(*pte) & _PAGE_VALID)
++ if (pte_val(*pte) & _PAGE_VALID) {
++ bool exec = pte_exec(*pte);
++
+ tlb_batch_add_one(mm, vaddr, exec);
++ }
+ pte++;
+ vaddr += PAGE_SIZE;
+ }
+@@ -177,19 +180,30 @@ void set_pmd_at(struct mm_struct *mm, unsigned long addr,
+ }
+
+ if (!pmd_none(orig)) {
+- pte_t orig_pte = __pte(pmd_val(orig));
+- bool exec = pte_exec(orig_pte);
+-
+ addr &= HPAGE_MASK;
+ if (pmd_trans_huge(orig)) {
++ pte_t orig_pte = __pte(pmd_val(orig));
++ bool exec = pte_exec(orig_pte);
++
+ tlb_batch_add_one(mm, addr, exec);
+ tlb_batch_add_one(mm, addr + REAL_HPAGE_SIZE, exec);
+ } else {
+- tlb_batch_pmd_scan(mm, addr, orig, exec);
++ tlb_batch_pmd_scan(mm, addr, orig);
+ }
+ }
+ }
+
++void pmdp_invalidate(struct vm_area_struct *vma, unsigned long address,
++ pmd_t *pmdp)
++{
++ pmd_t entry = *pmdp;
++
++ pmd_val(entry) &= ~_PAGE_VALID;
++
++ set_pmd_at(vma->vm_mm, address, pmdp, entry);
++ flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE);
++}
++
+ void pgtable_trans_huge_deposit(struct mm_struct *mm, pmd_t *pmdp,
+ pgtable_t pgtable)
+ {
diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig
index b3692ce..e4517c9 100644
--- a/arch/tile/Kconfig
@@ -27950,7 +28327,7 @@ index da6b35a..977e9cf 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c
-index 1f96f93..d5c8f7a 100644
+index 1f96f93..6f29be7 100644
--- a/arch/x86/kernel/vsyscall_64.c
+++ b/arch/x86/kernel/vsyscall_64.c
@@ -56,15 +56,13 @@
@@ -27970,6 +28347,15 @@ index 1f96f93..d5c8f7a 100644
else if (!strcmp("none", str))
vsyscall_mode = NONE;
else
+@@ -101,7 +99,7 @@ void update_vsyscall(struct timekeeper *tk)
+ vdata->monotonic_time_sec = tk->xtime_sec
+ + tk->wall_to_monotonic.tv_sec;
+ vdata->monotonic_time_snsec = tk->xtime_nsec
+- + (tk->wall_to_monotonic.tv_nsec
++ + ((u64)tk->wall_to_monotonic.tv_nsec
+ << tk->shift);
+ while (vdata->monotonic_time_snsec >=
+ (((u64)NSEC_PER_SEC) << tk->shift)) {
@@ -323,8 +321,7 @@ do_ret:
return true;
@@ -39200,7 +39586,7 @@ index 3d1cba9..0ab21d2 100644
if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. "
diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c
b/drivers/cpufreq/sparc-us3-cpufreq.c
-index 724ffbd..ad83692 100644
+index 724ffbd..f06aaaa 100644
--- a/drivers/cpufreq/sparc-us3-cpufreq.c
+++ b/drivers/cpufreq/sparc-us3-cpufreq.c
@@ -18,14 +18,12 @@
@@ -39219,7 +39605,7 @@ index 724ffbd..ad83692 100644
/* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled
* in the Safari config register.
-@@ -156,14 +154,26 @@ static int __init us3_freq_cpu_init(struct
cpufreq_policy *policy)
+@@ -156,18 +154,28 @@ static int __init us3_freq_cpu_init(struct
cpufreq_policy *policy)
static int us3_freq_cpu_exit(struct cpufreq_policy *policy)
{
@@ -39242,7 +39628,6 @@ index 724ffbd..ad83692 100644
+ .target_index = us3_freq_target,
+ .get = us3_freq_get,
+ .exit = us3_freq_cpu_exit,
-+ .owner = THIS_MODULE,
+ .name = "UltraSPARC-III",
+
+};
@@ -39250,7 +39635,11 @@ index 724ffbd..ad83692 100644
static int __init us3_freq_init(void)
{
unsigned long manuf, impl, ver;
-@@ -180,55 +190,15 @@ static int __init us3_freq_init(void)
+- int ret;
+
+ if (tlb_type != cheetah && tlb_type != cheetah_plus)
+ return -ENODEV;
+@@ -180,55 +188,15 @@ static int __init us3_freq_init(void)
(impl == CHEETAH_IMPL ||
impl == CHEETAH_PLUS_IMPL ||
impl == JAGUAR_IMPL ||
@@ -94729,7 +95118,7 @@ index 769a67a..414d24f 100644
if (nstart < prev->vm_end)
diff --git a/mm/mremap.c b/mm/mremap.c
-index 0843feb..4f5b2e6 100644
+index 0843feb..c3cde48 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -144,6 +144,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t
*old_pmd,
@@ -94745,7 +95134,26 @@ index 0843feb..4f5b2e6 100644
pte = move_soft_dirty_pte(pte);
set_pte_at(mm, new_addr, new_pte, pte);
}
-@@ -337,6 +343,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long
addr,
+@@ -194,10 +200,17 @@ unsigned long move_page_tables(struct vm_area_struct
*vma,
+ break;
+ if (pmd_trans_huge(*old_pmd)) {
+ int err = 0;
+- if (extent == HPAGE_PMD_SIZE)
++ if (extent == HPAGE_PMD_SIZE) {
++ VM_BUG_ON(vma->vm_file || !vma->anon_vma);
++ /* See comment in move_ptes() */
++ if (need_rmap_locks)
++ anon_vma_lock_write(vma->anon_vma);
+ err = move_huge_pmd(vma, new_vma, old_addr,
+ new_addr, old_end,
+ old_pmd, new_pmd);
++ if (need_rmap_locks)
++ anon_vma_unlock_write(vma->anon_vma);
++ }
+ if (err > 0) {
+ need_flush = true;
+ continue;
+@@ -337,6 +350,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long
addr,
if (is_vm_hugetlb_page(vma))
goto Einval;
@@ -94757,7 +95165,7 @@ index 0843feb..4f5b2e6 100644
/* We can't remap across vm area boundaries */
if (old_len > vma->vm_end - addr)
goto Efault;
-@@ -392,20 +403,25 @@ static unsigned long mremap_to(unsigned long addr,
unsigned long old_len,
+@@ -392,20 +410,25 @@ static unsigned long mremap_to(unsigned long addr,
unsigned long old_len,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
unsigned long map_flags;
@@ -94788,7 +95196,7 @@ index 0843feb..4f5b2e6 100644
goto out;
ret = do_munmap(mm, new_addr, new_len);
-@@ -474,6 +490,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
+@@ -474,6 +497,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
unsigned long ret = -EINVAL;
unsigned long charged = 0;
bool locked = false;
@@ -94796,7 +95204,7 @@ index 0843feb..4f5b2e6 100644
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
return ret;
-@@ -495,6 +512,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
+@@ -495,6 +519,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
if (!new_len)
return ret;
@@ -94814,7 +95222,7 @@ index 0843feb..4f5b2e6 100644
down_write(¤t->mm->mmap_sem);
if (flags & MREMAP_FIXED) {
-@@ -545,6 +573,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
+@@ -545,6 +580,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
new_addr = addr;
}
ret = addr;
@@ -94822,7 +95230,7 @@ index 0843feb..4f5b2e6 100644
goto out;
}
}
-@@ -568,7 +597,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
+@@ -568,7 +604,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned
long, old_len,
goto out;
}
diff --git a/3.2.58/0000_README b/3.2.58/0000_README
index ad7286d..5094122 100644
--- a/3.2.58/0000_README
+++ b/3.2.58/0000_README
@@ -150,7 +150,7 @@ Patch: 1057_linux-3.2.58.patch
From: http://www.kernel.org
Desc: Linux 3.2.58
-Patch: 4420_grsecurity-3.0-3.2.58-201405101946.patch
+Patch: 4420_grsecurity-3.0-3.2.58-201405112002.patch
From: http://www.grsecurity.net
Desc: hardened-sources base patch from upstream grsecurity
diff --git a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch
b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch
similarity index 99%
rename from 3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch
rename to 3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch
index ed3fd8f..b77f99b 100644
--- a/3.2.58/4420_grsecurity-3.0-3.2.58-201405101946.patch
+++ b/3.2.58/4420_grsecurity-3.0-3.2.58-201405112002.patch
@@ -8351,10 +8351,37 @@ index 0cbdaa4..f37a97c 100644
}
EXPORT_SYMBOL(die_if_kernel);
diff --git a/arch/sparc/kernel/unaligned_64.c
b/arch/sparc/kernel/unaligned_64.c
-index 76e4ac1..78f8bb1 100644
+index 76e4ac1..439d7e8 100644
--- a/arch/sparc/kernel/unaligned_64.c
+++ b/arch/sparc/kernel/unaligned_64.c
-@@ -279,7 +279,7 @@ static void log_unaligned(struct pt_regs *regs)
+@@ -156,17 +156,23 @@ static unsigned long *fetch_reg_addr(unsigned int reg,
struct pt_regs *regs)
+ unsigned long compute_effective_address(struct pt_regs *regs,
+ unsigned int insn, unsigned int rd)
+ {
++ int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
+ unsigned int rs1 = (insn >> 14) & 0x1f;
+ unsigned int rs2 = insn & 0x1f;
+- int from_kernel = (regs->tstate & TSTATE_PRIV) != 0;
++ unsigned long addr;
+
+ if (insn & 0x2000) {
+ maybe_flush_windows(rs1, 0, rd, from_kernel);
+- return (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
++ addr = (fetch_reg(rs1, regs) + sign_extend_imm13(insn));
+ } else {
+ maybe_flush_windows(rs1, rs2, rd, from_kernel);
+- return (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
++ addr = (fetch_reg(rs1, regs) + fetch_reg(rs2, regs));
+ }
++
++ if (!from_kernel && test_thread_flag(TIF_32BIT))
++ addr &= 0xffffffff;
++
++ return addr;
+ }
+
+ /* This is just to make gcc think die_if_kernel does return... */
+@@ -279,7 +285,7 @@ static void log_unaligned(struct pt_regs *regs)
static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5);
if (__ratelimit(&ratelimit)) {
@@ -63174,10 +63201,18 @@ index 03102d9..4ae347e 100644
}
diff --git a/fs/proc/stat.c b/fs/proc/stat.c
-index 4c9a859..0b51e6b 100644
+index 4c9a859..8c9ebb1 100644
--- a/fs/proc/stat.c
+++ b/fs/proc/stat.c
-@@ -67,6 +67,18 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -11,6 +11,7 @@
+ #include <linux/irqnr.h>
+ #include <asm/cputime.h>
+ #include <linux/tick.h>
++#include <linux/grsecurity.h>
+
+ #ifndef arch_irq_stat_cpu
+ #define arch_irq_stat_cpu(cpu) 0
+@@ -67,6 +68,18 @@ static int show_stat(struct seq_file *p, void *v)
u64 sum_softirq = 0;
unsigned int per_softirq_sums[NR_SOFTIRQS] = {0};
struct timespec boottime;
@@ -63196,7 +63231,7 @@ index 4c9a859..0b51e6b 100644
user = nice = system = idle = iowait =
irq = softirq = steal = cputime64_zero;
-@@ -79,24 +91,27 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -79,24 +92,27 @@ static int show_stat(struct seq_file *p, void *v)
nice = cputime64_add(nice, kstat_cpu(i).cpustat.nice);
system = cputime64_add(system, kstat_cpu(i).cpustat.system);
idle = cputime64_add(idle, get_idle_time(i));
@@ -63238,7 +63273,7 @@ index 4c9a859..0b51e6b 100644
seq_printf(p, "cpu %llu %llu %llu %llu %llu %llu %llu %llu %llu "
"%llu\n",
-@@ -116,12 +131,14 @@ static int show_stat(struct seq_file *p, void *v)
+@@ -116,12 +132,14 @@ static int show_stat(struct seq_file *p, void *v)
nice = kstat_cpu(i).cpustat.nice;
system = kstat_cpu(i).cpustat.system;
idle = get_idle_time(i);
