diff options
Diffstat (limited to 'sys-kernel/linux-image-redcore-lts/files')
-rw-r--r-- | sys-kernel/linux-image-redcore-lts/files/5.10-amd_iommu_init_info.patch | 13 | ||||
-rw-r--r-- | sys-kernel/linux-image-redcore-lts/files/5.10-linux-hardened.patch | 354 |
2 files changed, 212 insertions, 155 deletions
diff --git a/sys-kernel/linux-image-redcore-lts/files/5.10-amd_iommu_init_info.patch b/sys-kernel/linux-image-redcore-lts/files/5.10-amd_iommu_init_info.patch deleted file mode 100644 index 8b17c2f6..00000000 --- a/sys-kernel/linux-image-redcore-lts/files/5.10-amd_iommu_init_info.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c -index c652f16eb702..b52ea079d555 100644 ---- a/drivers/iommu/amd/init.c -+++ b/drivers/iommu/amd/init.c -@@ -1680,7 +1680,7 @@ static void init_iommu_perf_ctr(struct amd_iommu *iommu) - return; - - pc_false: -- pci_err(pdev, "Unable to read/write to IOMMU perf counter.\n"); -+ pci_info(pdev, "Unable to read/write to IOMMU perf counter.\n"); - amd_iommu_pc_present = false; - return; - } diff --git a/sys-kernel/linux-image-redcore-lts/files/5.10-linux-hardened.patch b/sys-kernel/linux-image-redcore-lts/files/5.10-linux-hardened.patch index 1af30834..d2b02ca9 100644 --- a/sys-kernel/linux-image-redcore-lts/files/5.10-linux-hardened.patch +++ b/sys-kernel/linux-image-redcore-lts/files/5.10-linux-hardened.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt -index f6a1513dfb76..282777d18d19 100644 +index 26bfe7ae711b..0e8e3fdd7005 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -518,17 +518,6 @@ @@ -73,10 +73,10 @@ index d4b32cc32bb7..3cd263f8ac46 100644 =================== diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst -index 25e6673a085a..76f1892d65ed 100644 +index 4abcfff15e38..fa2d0a9709f2 100644 --- a/Documentation/networking/ip-sysctl.rst +++ b/Documentation/networking/ip-sysctl.rst -@@ -665,6 +665,24 @@ tcp_comp_sack_nr - INTEGER +@@ -664,6 +664,24 @@ tcp_comp_sack_nr - INTEGER Default : 44 @@ -101,8 +101,21 @@ index 25e6673a085a..76f1892d65ed 100644 tcp_slow_start_after_idle - BOOLEAN If set, provide RFC2861 behavior and time out the congestion window after an idle period. An idle period is defined at +diff --git a/Makefile b/Makefile +index 42c915ccc5b8..7bd6aed86f87 100644 +--- a/Makefile ++++ b/Makefile +@@ -2,7 +2,7 @@ + VERSION = 5 + PATCHLEVEL = 10 + SUBLEVEL = 40 +-EXTRAVERSION = ++EXTRAVERSION = -hardened1 + NAME = Dare mighty things + + # *DOCUMENTATION* diff --git a/arch/Kconfig b/arch/Kconfig -index ddd4641446bd..8e8f31cafe43 100644 +index 69fe7133c765..8b5c346d5dd8 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -752,7 +752,7 @@ config ARCH_MMAP_RND_BITS @@ -124,10 +137,10 @@ index ddd4641446bd..8e8f31cafe43 100644 help This value can be used to select the number of bits to use to diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig -index a6b5b7ef40ae..21088a6532d8 100644 +index 5e5cf3af6351..d13da5ae03e7 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig -@@ -1199,6 +1199,7 @@ config RODATA_FULL_DEFAULT_ENABLED +@@ -1200,6 +1200,7 @@ config RODATA_FULL_DEFAULT_ENABLED config ARM64_SW_TTBR0_PAN bool "Emulate Privileged Access Never using TTBR0_EL1 switching" @@ -135,7 +148,7 @@ index a6b5b7ef40ae..21088a6532d8 100644 help Enabling this option prevents the kernel from accessing user-space memory directly by pointing TTBR0_EL1 to a reserved -@@ -1789,6 +1790,7 @@ config RANDOMIZE_BASE +@@ -1794,6 +1795,7 @@ config RANDOMIZE_BASE bool "Randomize the address of the kernel image" select ARM64_MODULE_PLTS if MODULES select RELOCATABLE @@ -188,10 +201,10 @@ index 8d1c8dcb87fd..32c1609a1158 100644 #ifdef __AARCH64EB__ diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index fbf26e0f7a6a..ab11aeb0a807 100644 +index f3c8a8110f60..372192b9ebd1 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -1193,8 +1193,7 @@ config VM86 +@@ -1195,8 +1195,7 @@ config VM86 default X86_LEGACY_VM86 config X86_16BIT @@ -201,7 +214,7 @@ index fbf26e0f7a6a..ab11aeb0a807 100644 depends on MODIFY_LDT_SYSCALL help This option is required by programs like Wine to run 16-bit -@@ -2296,7 +2295,7 @@ config COMPAT_VDSO +@@ -2298,7 +2297,7 @@ config COMPAT_VDSO choice prompt "vsyscall table for legacy applications" depends on X86_64 @@ -210,7 +223,7 @@ index fbf26e0f7a6a..ab11aeb0a807 100644 help Legacy user code that does not know how to find the vDSO expects to be able to issue three syscalls by calling fixed addresses in -@@ -2392,8 +2391,7 @@ config CMDLINE_OVERRIDE +@@ -2394,8 +2393,7 @@ config CMDLINE_OVERRIDE be set to 'N' under normal conditions. config MODIFY_LDT_SYSCALL @@ -340,7 +353,7 @@ index b9a5d488f1a5..608cca19cf8c 100644 -extern unsigned long align_vdso_addr(unsigned long); #endif /* _ASM_X86_ELF_H */ diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 35ad8480c464..edaeeab9df4b 100644 +index 25148ebd3634..1a41d2c767a1 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -399,6 +399,7 @@ EXPORT_SYMBOL_GPL(native_write_cr4); @@ -468,7 +481,7 @@ index 569ac1d57f55..044d88da4aee 100644 native_write_cr4(cr4 ^ X86_CR4_PGE); /* write old PGE again and flush TLBs */ diff --git a/block/blk-mq.c b/block/blk-mq.c -index 55bcee5dc032..507336218518 100644 +index 4bf9449b4586..3215e9d0025c 100644 --- a/block/blk-mq.c +++ b/block/blk-mq.c @@ -569,7 +569,7 @@ EXPORT_SYMBOL(blk_mq_end_request); @@ -535,10 +548,10 @@ index 93fd984eb2f5..d9086484d2de 100644 A pseudo terminal (PTY) is a software device consisting of two halves: a master and a slave. The slave device behaves identical to diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 56ade99ef99f..5670bd7442df 100644 +index bc5314092aa4..4de9e74c701c 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -174,6 +174,7 @@ static void free_tty_struct(struct tty_struct *tty) +@@ -171,6 +171,7 @@ static void free_tty_struct(struct tty_struct *tty) put_device(tty->dev); kfree(tty->write_buf); tty->magic = 0xDEADDEAD; @@ -546,7 +559,7 @@ index 56ade99ef99f..5670bd7442df 100644 kfree(tty); } -@@ -2181,11 +2182,19 @@ static int tty_fasync(int fd, struct file *filp, int on) +@@ -2261,11 +2262,19 @@ static int tty_fasync(int fd, struct file *filp, int on) * FIXME: may race normal receive processing */ @@ -566,7 +579,7 @@ index 56ade99ef99f..5670bd7442df 100644 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN)) return -EPERM; if (get_user(ch, p)) -@@ -3014,6 +3023,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) +@@ -3100,6 +3109,7 @@ struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx) tty->index = idx; tty_line_name(driver, idx, tty->name); tty->dev = tty_get_device(tty); @@ -587,7 +600,7 @@ index 18e874b0441e..fc7a3a9aa72a 100644 obj-$(CONFIG_USB) += usbcore.o diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index 17202b2ee063..b62b3da81ac4 100644 +index 228e3d4e1a9f..4d4afa81d7f2 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -5114,6 +5114,12 @@ static void hub_port_connect(struct usb_hub *hub, int port1, u16 portstatus, @@ -654,7 +667,7 @@ index 000000000000..3fa188ac8f67 + unregister_sysctl_table(usb_table_header); +} diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index 9b4ac4415f1a..93b4b798bdcc 100644 +index db4de5367737..28bdbd91e33c 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c @@ -72,6 +72,9 @@ MODULE_PARM_DESC(autosuspend, "default autosuspend delay"); @@ -667,7 +680,7 @@ index 9b4ac4415f1a..93b4b798bdcc 100644 static bool match_endpoint(struct usb_endpoint_descriptor *epd, struct usb_endpoint_descriptor **bulk_in, struct usb_endpoint_descriptor **bulk_out, -@@ -978,6 +981,9 @@ static int __init usb_init(void) +@@ -1010,6 +1013,9 @@ static int __init usb_init(void) usb_debugfs_init(); usb_acpi_register(); @@ -677,7 +690,7 @@ index 9b4ac4415f1a..93b4b798bdcc 100644 retval = bus_register(&usb_bus_type); if (retval) goto bus_register_failed; -@@ -1012,6 +1018,8 @@ static int __init usb_init(void) +@@ -1044,6 +1050,8 @@ static int __init usb_init(void) bus_notifier_failed: bus_unregister(&usb_bus_type); bus_register_failed: @@ -686,7 +699,7 @@ index 9b4ac4415f1a..93b4b798bdcc 100644 usb_acpi_unregister(); usb_debugfs_cleanup(); out: -@@ -1035,6 +1043,7 @@ static void __exit usb_exit(void) +@@ -1067,6 +1075,7 @@ static void __exit usb_exit(void) usb_hub_cleanup(); bus_unregister_notifier(&usb_bus_type, &usb_bus_nb); bus_unregister(&usb_bus_type); @@ -695,10 +708,18 @@ index 9b4ac4415f1a..93b4b798bdcc 100644 usb_debugfs_cleanup(); idr_destroy(&usb_bus_idr); diff --git a/fs/exec.c b/fs/exec.c -index 547a2390baf5..5f8758368f15 100644 +index ca89e0e3ef10..d2a03d32e195 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -64,6 +64,7 @@ +@@ -34,6 +34,7 @@ + #include <linux/swap.h> + #include <linux/string.h> + #include <linux/init.h> ++#include <linux/sched.h> + #include <linux/sched/mm.h> + #include <linux/sched/coredump.h> + #include <linux/sched/signal.h> +@@ -64,6 +65,7 @@ #include <linux/compat.h> #include <linux/vmalloc.h> #include <linux/io_uring.h> @@ -706,11 +727,11 @@ index 547a2390baf5..5f8758368f15 100644 #include <linux/uaccess.h> #include <asm/mmu_context.h> -@@ -280,6 +281,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -280,6 +282,8 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; mmap_write_unlock(mm); bprm->p = vma->vm_end - sizeof(void *); -+ if (randomize_va_space) ++ if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) + bprm->p ^= get_random_int() & ~PAGE_MASK; return 0; err: @@ -731,7 +752,7 @@ index 5eea9912a0b9..f86f383a3e1d 100644 { return -ENXIO; diff --git a/fs/namei.c b/fs/namei.c -index d4a6dd772303..72f912c68975 100644 +index 4c9d0c36545d..e05f9512934a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -932,10 +932,10 @@ static inline void put_link(struct nameidata *nd) @@ -750,7 +771,7 @@ index d4a6dd772303..72f912c68975 100644 /** * may_follow_link - Check symlink following for unsafe situations diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig -index e2a488d403a6..ce54c1c693a8 100644 +index 14a72224b657..080a8027c6b1 100644 --- a/fs/nfs/Kconfig +++ b/fs/nfs/Kconfig @@ -195,7 +195,6 @@ config NFS_DEBUG @@ -774,7 +795,7 @@ index c930001056f9..6a0a51b3f593 100644 Exports the dump image of crashed kernel in ELF format. diff --git a/fs/stat.c b/fs/stat.c -index dacecdda2e79..14173d0f777d 100644 +index 1196af4d1ea0..4291a2c694e5 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -43,8 +43,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) @@ -793,9 +814,9 @@ index dacecdda2e79..14173d0f777d 100644 stat->ctime = inode->i_ctime; stat->blksize = i_blocksize(inode); stat->blocks = inode->i_blocks; -@@ -83,9 +88,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, - if (IS_DAX(inode)) - stat->attributes |= STATX_ATTR_DAX; +@@ -91,9 +96,14 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, + stat->attributes_mask |= (STATX_ATTR_AUTOMOUNT | + STATX_ATTR_DAX); - if (inode->i_op->getattr) - return inode->i_op->getattr(path, stat, request_mask, @@ -992,7 +1013,7 @@ index 2b5b64256cf4..8cdce21dce0f 100644 const struct kobj_ns_type_operations *kobj_child_ns_ops(struct kobject *parent); const struct kobj_ns_type_operations *kobj_ns_ops(struct kobject *kobj); diff --git a/include/linux/mm.h b/include/linux/mm.h -index db6ae4d3fb4e..3519e61b07fa 100644 +index 5106db3ad1ce..d8644f4bc544 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -759,7 +759,7 @@ static inline int is_vmalloc_or_module_addr(const void *x) @@ -1047,10 +1068,10 @@ index 5e76af742c80..9a6c682ec127 100644 extern phys_addr_t per_cpu_ptr_to_phys(void *addr); diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 96450f6fb1de..d020c26b612a 100644 +index 072ac6c1ef2b..2c8f98a8f8b0 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -1312,6 +1312,14 @@ static inline int perf_is_paranoid(void) +@@ -1315,6 +1315,14 @@ static inline int perf_is_paranoid(void) return sysctl_perf_event_paranoid > -1; } @@ -1230,7 +1251,7 @@ index 51298a4f4623..b835c57330f2 100644 int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *, loff_t *); diff --git a/include/linux/tty.h b/include/linux/tty.h -index eb33d948788c..116138eb394c 100644 +index 5972f43b9d5a..b1750024d570 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -14,6 +14,7 @@ @@ -1241,7 +1262,7 @@ index eb33d948788c..116138eb394c 100644 /* -@@ -342,6 +343,7 @@ struct tty_struct { +@@ -341,6 +342,7 @@ struct tty_struct { /* If the tty has a pending do_SAK, queue it here - akpm */ struct work_struct SAK_work; struct tty_port *port; @@ -1249,7 +1270,7 @@ index eb33d948788c..116138eb394c 100644 } __randomize_layout; /* Each of a tty's open files has private_data pointing to tty_file_private */ -@@ -351,6 +353,8 @@ struct tty_file_private { +@@ -350,6 +352,8 @@ struct tty_file_private { struct list_head list; }; @@ -1259,10 +1280,10 @@ index eb33d948788c..116138eb394c 100644 #define TTY_MAGIC 0x5401 diff --git a/include/linux/usb.h b/include/linux/usb.h -index 7d72c4e0713c..653265115e56 100644 +index d6a41841b93e..f7f3d138b4e6 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -2035,6 +2035,17 @@ extern void usb_led_activity(enum usb_led_event ev); +@@ -2037,6 +2037,17 @@ extern void usb_led_activity(enum usb_led_event ev); static inline void usb_led_activity(enum usb_led_event ev) {} #endif @@ -1281,10 +1302,10 @@ index 7d72c4e0713c..653265115e56 100644 #endif diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 6ef1c7109fc4..2140091b0b8d 100644 +index 7616c7bf4b24..bdbfcfe5df1e 100644 --- a/include/linux/user_namespace.h +++ b/include/linux/user_namespace.h -@@ -106,6 +106,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type); +@@ -109,6 +109,8 @@ void dec_ucount(struct ucounts *ucounts, enum ucount_type type); #ifdef CONFIG_USER_NS @@ -1293,7 +1314,7 @@ index 6ef1c7109fc4..2140091b0b8d 100644 static inline struct user_namespace *get_user_ns(struct user_namespace *ns) { if (ns) -@@ -139,6 +141,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); +@@ -142,6 +144,8 @@ extern bool current_in_userns(const struct user_namespace *target_ns); struct ns_common *ns_get_owner(struct ns_common *ns); #else @@ -1303,10 +1324,10 @@ index 6ef1c7109fc4..2140091b0b8d 100644 { return &init_user_ns; diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 938eaf9517e2..7c069063c20d 100644 +index 76dad53a410a..35de3a67efa4 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h -@@ -102,18 +102,18 @@ static inline void vmalloc_init(void) +@@ -97,18 +97,18 @@ static inline void vmalloc_init(void) static inline unsigned long vmalloc_nr_pages(void) { return 0; } #endif @@ -1335,7 +1356,7 @@ index 938eaf9517e2..7c069063c20d 100644 int node, const void *caller); diff --git a/include/net/tcp.h b/include/net/tcp.h -index d4ef5bf94168..34d0d5438108 100644 +index 7d66c61d22c7..cbb8c45ac186 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h @@ -245,6 +245,7 @@ void tcp_time_wait(struct sock *sk, int state, int timeo); @@ -1347,10 +1368,10 @@ index d4ef5bf94168..34d0d5438108 100644 #define TCP_RACK_LOSS_DETECTION 0x1 /* Use RACK to detect losses */ #define TCP_RACK_STATIC_REO_WND 0x2 /* Use static RACK reo wnd */ diff --git a/init/Kconfig b/init/Kconfig -index 0872a5a2e759..2feea719cc25 100644 +index fc4c9f416fad..36edd8448d40 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -419,6 +419,7 @@ config USELIB +@@ -418,6 +418,7 @@ config USELIB config AUDIT bool "Auditing support" depends on NET @@ -1358,7 +1379,7 @@ index 0872a5a2e759..2feea719cc25 100644 help Enable auditing infrastructure that can be used with another kernel subsystem, such as SELinux (which requires this for -@@ -1173,6 +1174,22 @@ config USER_NS +@@ -1172,6 +1173,22 @@ config USER_NS If unsure, say N. @@ -1443,7 +1464,7 @@ index 0872a5a2e759..2feea719cc25 100644 config ARCH_HAS_MEMBARRIER_CALLBACKS bool -@@ -1843,7 +1874,7 @@ config VM_EVENT_COUNTERS +@@ -1853,7 +1884,7 @@ config VM_EVENT_COUNTERS config SLUB_DEBUG default y @@ -1452,7 +1473,7 @@ index 0872a5a2e759..2feea719cc25 100644 depends on SLUB && SYSFS help SLUB has extensive debug support features. Disabling these can -@@ -1867,7 +1898,6 @@ config SLUB_MEMCG_SYSFS_ON +@@ -1877,7 +1908,6 @@ config SLUB_MEMCG_SYSFS_ON config COMPAT_BRK bool "Disable heap randomization" @@ -1460,7 +1481,7 @@ index 0872a5a2e759..2feea719cc25 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1914,7 +1944,6 @@ endchoice +@@ -1924,7 +1954,6 @@ endchoice config SLAB_MERGE_DEFAULT bool "Allow slab caches to be merged" @@ -1468,7 +1489,7 @@ index 0872a5a2e759..2feea719cc25 100644 help For reduced kernel memory fragmentation, slab caches can be merged when they share the same size and other characteristics. -@@ -1929,6 +1958,7 @@ config SLAB_MERGE_DEFAULT +@@ -1939,6 +1968,7 @@ config SLAB_MERGE_DEFAULT config SLAB_FREELIST_RANDOM bool "Randomize slab freelist" depends on SLAB || SLUB @@ -1476,7 +1497,7 @@ index 0872a5a2e759..2feea719cc25 100644 help Randomizes the freelist order used on creating new pages. This security feature reduces the predictability of the kernel slab -@@ -1937,6 +1967,7 @@ config SLAB_FREELIST_RANDOM +@@ -1947,6 +1977,7 @@ config SLAB_FREELIST_RANDOM config SLAB_FREELIST_HARDENED bool "Harden slab freelist metadata" depends on SLAB || SLUB @@ -1484,7 +1505,7 @@ index 0872a5a2e759..2feea719cc25 100644 help Many kernel heap attacks try to target slab cache metadata and other infrastructure. This options makes minor performance -@@ -1945,6 +1976,23 @@ config SLAB_FREELIST_HARDENED +@@ -1955,6 +1986,23 @@ config SLAB_FREELIST_HARDENED sanity-checking than others. This option is most effective with CONFIG_SLUB. @@ -1523,7 +1544,7 @@ index 68cee3bc8cfe..2059c66f7c9b 100644 pr_err("audit: error setting audit state (%d)\n", audit_default); diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c -index 55454d2278b1..de02792dc2fc 100644 +index 182e162f8fd0..1705707b3b90 100644 --- a/kernel/bpf/core.c +++ b/kernel/bpf/core.c @@ -524,7 +524,7 @@ void bpf_prog_kallsyms_del_all(struct bpf_prog *fp) @@ -1536,7 +1557,7 @@ index 55454d2278b1..de02792dc2fc 100644 static void diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c -index 8f50c9c19f1b..a54c05624647 100644 +index 9433ab9995cd..348c36273f1a 100644 --- a/kernel/bpf/syscall.c +++ b/kernel/bpf/syscall.c @@ -50,7 +50,7 @@ static DEFINE_SPINLOCK(map_idr_lock); @@ -1566,10 +1587,10 @@ index de7eac903a2a..5602178f3d21 100644 /** diff --git a/kernel/events/core.c b/kernel/events/core.c -index dc568ca295bd..d97501029990 100644 +index 45fa7167cee2..3710b7c7ed5d 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -407,8 +407,13 @@ static cpumask_var_t perf_online_mask; +@@ -408,8 +408,13 @@ static cpumask_var_t perf_online_mask; * 0 - disallow raw tracepoint access for unpriv * 1 - disallow cpu events for unpriv * 2 - disallow kernel profiling for unpriv @@ -1583,7 +1604,7 @@ index dc568ca295bd..d97501029990 100644 /* Minimum for 512 kiB + 1 user control page */ int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ -@@ -11638,7 +11643,7 @@ SYSCALL_DEFINE5(perf_event_open, +@@ -11690,7 +11695,7 @@ SYSCALL_DEFINE5(perf_event_open, return -EINVAL; /* Do we allow access to perf_event_open(2) ? */ @@ -1593,7 +1614,7 @@ index dc568ca295bd..d97501029990 100644 return err; diff --git a/kernel/fork.c b/kernel/fork.c -index dc55f68a6ee3..31932fe83510 100644 +index 7c044d377926..8066141b692f 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -82,6 +82,7 @@ @@ -1604,7 +1625,7 @@ index dc55f68a6ee3..31932fe83510 100644 #include <linux/oom.h> #include <linux/khugepaged.h> #include <linux/signalfd.h> -@@ -1863,6 +1864,10 @@ static __latent_entropy struct task_struct *copy_process( +@@ -1871,6 +1872,10 @@ static __latent_entropy struct task_struct *copy_process( if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -1615,7 +1636,7 @@ index dc55f68a6ee3..31932fe83510 100644 /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -2928,6 +2933,12 @@ int ksys_unshare(unsigned long unshare_flags) +@@ -2936,6 +2941,12 @@ int ksys_unshare(unsigned long unshare_flags) if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -1642,10 +1663,10 @@ index aa897c3f2e92..d8976886fd68 100644 struct rcu_head *next, *list; unsigned long flags; diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c -index 593df7edfe97..3285d81d8a26 100644 +index 61e250cdd7c9..9ef3aa84f3c9 100644 --- a/kernel/rcu/tree.c +++ b/kernel/rcu/tree.c -@@ -2722,7 +2722,7 @@ static __latent_entropy void rcu_core(void) +@@ -2727,7 +2727,7 @@ static __latent_entropy void rcu_core(void) queue_work_on(rdp->cpu, rcu_gp_wq, &rdp->strict_work); } @@ -1655,10 +1676,10 @@ index 593df7edfe97..3285d81d8a26 100644 rcu_core(); } diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index ae7ceba8fd4f..d118be5f18b8 100644 +index 1ad0e52487f6..2c20745f2597 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -10628,7 +10628,7 @@ static int newidle_balance(struct rq *this_rq, struct rq_flags *rf) +@@ -10663,7 +10663,7 @@ static int newidle_balance(struct rq *this_rq, struct rq_flags *rf) * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -1728,7 +1749,7 @@ index 09229ad82209..6a02d63b135a 100644 void tasklet_setup(struct tasklet_struct *t, diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index afad085960b8..8fd007fbec4c 100644 +index b9306d2bb426..c88545fb5967 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -103,38 +103,44 @@ @@ -1934,10 +1955,10 @@ index afad085960b8..8fd007fbec4c 100644 EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c -index 387b4bef7dd1..8fe28c28a906 100644 +index 9505b1f21cdf..b67bb69052af 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c -@@ -1587,7 +1587,7 @@ static void __hrtimer_run_queues(struct hrtimer_cpu_base *cpu_base, ktime_t now, +@@ -1605,7 +1605,7 @@ static void __hrtimer_run_queues(struct hrtimer_cpu_base *cpu_base, ktime_t now, } } @@ -1960,7 +1981,7 @@ index c3ad64fb9d8b..217bc49a3856 100644 struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index e703d5d9cbe8..5758274feaee 100644 +index ce396ea4de60..c3a6ef1f10ed 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -21,6 +21,13 @@ @@ -1978,7 +1999,7 @@ index e703d5d9cbe8..5758274feaee 100644 static DEFINE_MUTEX(userns_state_mutex); diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index c789b39ed527..5fce84adc315 100644 +index dcf4a9028e16..82f084142d8b 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -374,6 +374,9 @@ config DEBUG_FORCE_FUNCTION_ALIGN_32B @@ -2071,7 +2092,7 @@ index ea53b30cf483..5343bbeea5f8 100644 enum kobj_ns_type type = ops->type; int error; diff --git a/lib/nlattr.c b/lib/nlattr.c -index 74019c8ebf6b..c480b4e7ffef 100644 +index fe60f9ae9db1..0e9d8d239973 100644 --- a/lib/nlattr.c +++ b/lib/nlattr.c @@ -778,6 +778,8 @@ int nla_memcpy(void *dest, const struct nlattr *src, int count) @@ -2084,7 +2105,7 @@ index 74019c8ebf6b..c480b4e7ffef 100644 if (count > minlen) memset(dest + minlen, 0, count - minlen); diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 14c9a6af1b23..2501f75bd74d 100644 +index fd0fde639ec9..a4c940a6aff2 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -821,7 +821,7 @@ static char *ptr_to_id(char *buf, char *end, const void *ptr, @@ -2141,7 +2162,7 @@ index 5c8b4485860d..0e26c225bb53 100644 mm->brk = brk; goto success; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 32f783ddb5c3..3a7e9c279c35 100644 +index 7ffa706e5c30..fcdc61e5014f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -70,6 +70,7 @@ @@ -2168,7 +2189,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 #ifdef CONFIG_GCC_PLUGIN_LATENT_ENTROPY volatile unsigned long latent_entropy __latent_entropy; EXPORT_SYMBOL(latent_entropy); -@@ -1527,6 +1537,25 @@ static void __free_pages_ok(struct page *page, unsigned int order, +@@ -1529,6 +1539,25 @@ static void __free_pages_ok(struct page *page, unsigned int order, local_irq_restore(flags); } @@ -2194,7 +2215,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 void __free_pages_core(struct page *page, unsigned int order) { unsigned int nr_pages = 1 << order; -@@ -1546,7 +1575,6 @@ void __free_pages_core(struct page *page, unsigned int order) +@@ -1548,7 +1577,6 @@ void __free_pages_core(struct page *page, unsigned int order) } __ClearPageReserved(p); set_page_count(p, 0); @@ -2202,7 +2223,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 atomic_long_add(nr_pages, &page_zone(page)->managed_pages); /* -@@ -1605,6 +1633,7 @@ void __init memblock_free_pages(struct page *page, unsigned long pfn, +@@ -1607,6 +1635,7 @@ void __init memblock_free_pages(struct page *page, unsigned long pfn, { if (early_page_uninitialised(pfn)) return; @@ -2210,7 +2231,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 __free_pages_core(page, order); } -@@ -1696,6 +1725,7 @@ static void __init deferred_free_range(unsigned long pfn, +@@ -1698,6 +1727,7 @@ static void __init deferred_free_range(unsigned long pfn, if (nr_pages == pageblock_nr_pages && (pfn & (pageblock_nr_pages - 1)) == 0) { set_pageblock_migratetype(page, MIGRATE_MOVABLE); @@ -2218,7 +2239,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 __free_pages_core(page, pageblock_order); return; } -@@ -1703,6 +1733,7 @@ static void __init deferred_free_range(unsigned long pfn, +@@ -1705,6 +1735,7 @@ static void __init deferred_free_range(unsigned long pfn, for (i = 0; i < nr_pages; i++, page++, pfn++) { if ((pfn & (pageblock_nr_pages - 1)) == 0) set_pageblock_migratetype(page, MIGRATE_MOVABLE); @@ -2226,7 +2247,7 @@ index 32f783ddb5c3..3a7e9c279c35 100644 __free_pages_core(page, 0); } } -@@ -2282,6 +2313,12 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags +@@ -2284,6 +2315,12 @@ static void prep_new_page(struct page *page, unsigned int order, gfp_t gfp_flags { post_alloc_hook(page, order, gfp_flags); @@ -2240,10 +2261,10 @@ index 32f783ddb5c3..3a7e9c279c35 100644 kernel_init_free_pages(page, 1 << order); diff --git a/mm/slab.h b/mm/slab.h -index f9977d6613d6..2138deacf719 100644 +index e258ffcfb0ef..6208d0d5ef15 100644 --- a/mm/slab.h +++ b/mm/slab.h -@@ -435,9 +435,13 @@ static inline struct kmem_cache *virt_to_cache(const void *obj) +@@ -433,9 +433,13 @@ static inline struct kmem_cache *virt_to_cache(const void *obj) struct page *page; page = virt_to_head_page(obj); @@ -2257,7 +2278,7 @@ index f9977d6613d6..2138deacf719 100644 return page->slab_cache; } -@@ -467,10 +471,15 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) +@@ -465,10 +469,15 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) return s; cachep = virt_to_cache(x); @@ -2276,7 +2297,7 @@ index f9977d6613d6..2138deacf719 100644 return cachep; } -@@ -495,7 +504,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) +@@ -493,7 +502,7 @@ static inline size_t slab_ksize(const struct kmem_cache *s) * back there or track user information then we can * only use the space before that information. */ @@ -2285,7 +2306,7 @@ index f9977d6613d6..2138deacf719 100644 return s->inuse; /* * Else we can use all the padding etc for the allocation -@@ -621,8 +630,10 @@ static inline void cache_random_seq_destroy(struct kmem_cache *cachep) { } +@@ -619,8 +628,10 @@ static inline void cache_random_seq_destroy(struct kmem_cache *cachep) { } static inline bool slab_want_init_on_alloc(gfp_t flags, struct kmem_cache *c) { if (static_branch_unlikely(&init_on_alloc)) { @@ -2296,7 +2317,7 @@ index f9977d6613d6..2138deacf719 100644 if (c->flags & (SLAB_TYPESAFE_BY_RCU | SLAB_POISON)) return flags & __GFP_ZERO; return true; -@@ -632,9 +643,15 @@ static inline bool slab_want_init_on_alloc(gfp_t flags, struct kmem_cache *c) +@@ -630,9 +641,15 @@ static inline bool slab_want_init_on_alloc(gfp_t flags, struct kmem_cache *c) static inline bool slab_want_init_on_free(struct kmem_cache *c) { @@ -2316,7 +2337,7 @@ index f9977d6613d6..2138deacf719 100644 } diff --git a/mm/slab_common.c b/mm/slab_common.c -index f9ccd5dc13f3..2b73c12d8fce 100644 +index 8f27ccf9f7f3..f7832da1a63a 100644 --- a/mm/slab_common.c +++ b/mm/slab_common.c @@ -30,10 +30,10 @@ @@ -2342,7 +2363,7 @@ index f9ccd5dc13f3..2b73c12d8fce 100644 static int __init setup_slab_nomerge(char *str) { diff --git a/mm/slub.c b/mm/slub.c -index 34dcc09e2ec9..cb8abacabfdb 100644 +index 05a501b67cd5..e671c743f076 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -127,6 +127,12 @@ static inline bool kmem_cache_debug(struct kmem_cache *s) @@ -2358,28 +2379,32 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 void *fixup_red_left(struct kmem_cache *s, void *p) { if (kmem_cache_debug_flags(s, SLAB_RED_ZONE)) -@@ -486,13 +492,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) - * Debug settings: - */ - #if defined(CONFIG_SLUB_DEBUG_ON) --static slab_flags_t slub_debug = DEBUG_DEFAULT_FLAGS; -+static slab_flags_t slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; - #else --static slab_flags_t slub_debug; -+static slab_flags_t slub_debug __ro_after_init; - #endif - --static char *slub_debug_string; --static int disable_higher_order_debug; -+static char *slub_debug_string __ro_after_init; -+static int disable_higher_order_debug __ro_after_init; - - /* - * slub is about to manipulate internal object metadata. This memory lies -@@ -563,6 +569,33 @@ static inline unsigned int get_info_end(struct kmem_cache *s) - return s->inuse; +@@ -432,6 +438,55 @@ static inline bool cmpxchg_double_slab(struct kmem_cache *s, struct page *page, + return false; } ++#if defined(CONFIG_SLUB_DEBUG) || defined(CONFIG_SLAB_CANARY) ++/* ++ * See comment in calculate_sizes(). ++ */ ++static inline bool freeptr_outside_object(struct kmem_cache *s) ++{ ++ return s->offset >= s->inuse; ++} ++ ++/* ++ * Return offset of the end of info block which is inuse + free pointer if ++ * not overlapping with object. ++ */ ++static inline unsigned int get_info_end(struct kmem_cache *s) ++{ ++ if (freeptr_outside_object(s)) ++ return s->inuse + sizeof(void *); ++ else ++ return s->inuse; ++} ++#endif ++ +#ifdef CONFIG_SLAB_CANARY +static inline unsigned long *get_canary(struct kmem_cache *s, void *object) +{ @@ -2407,10 +2432,55 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 +#define check_canary(s, object, value) +#endif + + #ifdef CONFIG_SLUB_DEBUG + static unsigned long object_map[BITS_TO_LONGS(MAX_OBJS_PER_PAGE)]; + static DEFINE_SPINLOCK(object_map_lock); +@@ -486,13 +541,13 @@ static inline void *restore_red_left(struct kmem_cache *s, void *p) + * Debug settings: + */ + #if defined(CONFIG_SLUB_DEBUG_ON) +-static slab_flags_t slub_debug = DEBUG_DEFAULT_FLAGS; ++static slab_flags_t slub_debug __ro_after_init = DEBUG_DEFAULT_FLAGS; + #else +-static slab_flags_t slub_debug; ++static slab_flags_t slub_debug __ro_after_init; + #endif + +-static char *slub_debug_string; +-static int disable_higher_order_debug; ++static char *slub_debug_string __ro_after_init; ++static int disable_higher_order_debug __ro_after_init; + + /* + * slub is about to manipulate internal object metadata. This memory lies +@@ -543,26 +598,6 @@ static void print_section(char *level, char *text, u8 *addr, + metadata_access_disable(); + } + +-/* +- * See comment in calculate_sizes(). +- */ +-static inline bool freeptr_outside_object(struct kmem_cache *s) +-{ +- return s->offset >= s->inuse; +-} +- +-/* +- * Return offset of the end of info block which is inuse + free pointer if +- * not overlapping with object. +- */ +-static inline unsigned int get_info_end(struct kmem_cache *s) +-{ +- if (freeptr_outside_object(s)) +- return s->inuse + sizeof(void *); +- else +- return s->inuse; +-} +- static struct track *get_track(struct kmem_cache *s, void *object, enum track_item alloc) { -@@ -570,6 +603,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, +@@ -570,6 +605,9 @@ static struct track *get_track(struct kmem_cache *s, void *object, p = object + get_info_end(s); @@ -2420,7 +2490,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 return p + alloc; } -@@ -711,6 +747,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) +@@ -711,6 +749,9 @@ static void print_trailer(struct kmem_cache *s, struct page *page, u8 *p) off = get_info_end(s); @@ -2430,7 +2500,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 if (s->flags & SLAB_STORE_USER) off += 2 * sizeof(struct track); -@@ -819,8 +858,9 @@ static int check_bytes_and_report(struct kmem_cache *s, struct page *page, +@@ -819,8 +860,9 @@ static int check_bytes_and_report(struct kmem_cache *s, struct page *page, * Meta data starts here. * * A. Free pointer (if we cannot overwrite object on free) @@ -2442,7 +2512,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 * one word if debugging is on to be able to detect writes * before the word boundary. * -@@ -838,6 +878,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) +@@ -838,6 +880,9 @@ static int check_pad_bytes(struct kmem_cache *s, struct page *page, u8 *p) { unsigned long off = get_info_end(s); /* The end of info */ @@ -2452,7 +2522,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 if (s->flags & SLAB_STORE_USER) /* We also have user information there */ off += 2 * sizeof(struct track); -@@ -1561,6 +1604,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1558,6 +1603,8 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, object = next; next = get_freepointer(s, object); @@ -2461,7 +2531,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 if (slab_want_init_on_free(s)) { /* * Clear the object and the metadata, but don't touch -@@ -1571,8 +1616,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1568,8 +1615,12 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, : 0; memset((char *)object + s->inuse, 0, s->size - s->inuse - rsize); @@ -2475,7 +2545,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 /* If object's reuse doesn't have to be delayed */ if (!slab_free_hook(s, object)) { /* Move object to the new freelist */ -@@ -1580,6 +1629,18 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, +@@ -1577,6 +1628,18 @@ static inline bool slab_free_freelist_hook(struct kmem_cache *s, *head = object; if (!*tail) *tail = object; @@ -2494,7 +2564,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 } } while (object != old_tail); -@@ -1593,8 +1654,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page, +@@ -1590,8 +1653,9 @@ static void *setup_object(struct kmem_cache *s, struct page *page, void *object) { setup_object_debug(s, page, object); @@ -2505,7 +2575,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 kasan_unpoison_object_data(s, object); s->ctor(object); kasan_poison_object_data(s, object); -@@ -2885,8 +2947,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, +@@ -2882,8 +2946,28 @@ static __always_inline void *slab_alloc_node(struct kmem_cache *s, maybe_wipe_obj_freeptr(s, object); @@ -2535,7 +2605,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 slab_post_alloc_hook(s, objcg, gfpflags, 1, &object); -@@ -3275,7 +3357,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, +@@ -3272,7 +3356,7 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, void **p) { struct kmem_cache_cpu *c; @@ -2544,7 +2614,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 struct obj_cgroup *objcg = NULL; /* memcg and kmem_cache debug support */ -@@ -3325,11 +3407,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, +@@ -3322,11 +3406,35 @@ int kmem_cache_alloc_bulk(struct kmem_cache *s, gfp_t flags, size_t size, local_irq_enable(); /* Clear memory outside IRQ disabled fastpath loop */ @@ -2582,7 +2652,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 } /* memcg and kmem_cache debug support */ -@@ -3363,9 +3469,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); +@@ -3360,9 +3468,9 @@ EXPORT_SYMBOL(kmem_cache_alloc_bulk); * and increases the number of allocations possible without having to * take the list_lock. */ @@ -2595,7 +2665,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3533,6 +3639,7 @@ static void early_kmem_cache_node_alloc(int node) +@@ -3530,6 +3638,7 @@ static void early_kmem_cache_node_alloc(int node) init_object(kmem_cache_node, n, SLUB_RED_ACTIVE); init_tracking(kmem_cache_node, n); #endif @@ -2603,7 +2673,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 n = kasan_kmalloc(kmem_cache_node, n, sizeof(struct kmem_cache_node), GFP_KERNEL); page->freelist = get_freepointer(kmem_cache_node, n); -@@ -3713,6 +3820,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) +@@ -3710,6 +3819,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order) s->offset = ALIGN(freepointer_area / 2, sizeof(void *)); } @@ -2613,7 +2683,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 #ifdef CONFIG_SLUB_DEBUG if (flags & SLAB_STORE_USER) /* -@@ -3786,6 +3896,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) +@@ -3783,6 +3895,10 @@ static int kmem_cache_open(struct kmem_cache *s, slab_flags_t flags) #ifdef CONFIG_SLAB_FREELIST_HARDENED s->random = get_random_long(); #endif @@ -2624,7 +2694,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 if (!calculate_sizes(s, -1)) goto error; -@@ -4059,6 +4173,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, +@@ -4056,6 +4172,8 @@ void __check_heap_object(const void *ptr, unsigned long n, struct page *page, offset -= s->red_left_pad; } @@ -2633,7 +2703,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 /* Allow address range falling entirely within usercopy region. */ if (offset >= s->useroffset && offset - s->useroffset <= s->usersize && -@@ -4092,7 +4208,11 @@ size_t __ksize(const void *object) +@@ -4089,7 +4207,11 @@ size_t __ksize(const void *object) page = virt_to_head_page(object); if (unlikely(!PageSlab(page))) { @@ -2645,7 +2715,7 @@ index 34dcc09e2ec9..cb8abacabfdb 100644 return page_size(page); } -@@ -4883,7 +5003,7 @@ enum slab_stat_type { +@@ -4880,7 +5002,7 @@ enum slab_stat_type { #define SO_TOTAL (1 << SL_TOTAL) #ifdef CONFIG_MEMCG @@ -2701,10 +2771,10 @@ index 4ddb6e186dd5..62ed34dfceb7 100644 unsigned long arch_mmap_rnd(void) diff --git a/net/core/dev.c b/net/core/dev.c -index 38412e70f761..c3cd49e04b7b 100644 +index 2f17a4ac82f0..223c111f31ab 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -4856,7 +4856,7 @@ int netif_rx_any_context(struct sk_buff *skb) +@@ -4869,7 +4869,7 @@ int netif_rx_any_context(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_any_context); @@ -2713,7 +2783,7 @@ index 38412e70f761..c3cd49e04b7b 100644 { struct softnet_data *sd = this_cpu_ptr(&softnet_data); -@@ -6803,7 +6803,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) +@@ -6819,7 +6819,7 @@ static int napi_poll(struct napi_struct *n, struct list_head *repoll) return work; } @@ -2970,7 +3040,7 @@ index 87983e70f03f..d1584b4b39f9 100644 + + If unsure, say N. diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c -index 3e5f4f2e705e..791329c77dea 100644 +index 08829809e88b..d06be35bacbe 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -588,6 +588,15 @@ static struct ctl_table ipv4_table[] = { @@ -2990,7 +3060,7 @@ index 3e5f4f2e705e..791329c77dea 100644 }; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index ef4bdb038a4b..86967b09a8e2 100644 +index fac5c1469cee..7c3ffb3f4002 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -82,6 +82,7 @@ @@ -3001,7 +3071,7 @@ index ef4bdb038a4b..86967b09a8e2 100644 #define FLAG_DATA 0x01 /* Incoming frame contained data. */ #define FLAG_WIN_UPDATE 0x02 /* Incoming ACK was a window update. */ -@@ -6195,7 +6196,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, +@@ -6197,7 +6198,7 @@ static int tcp_rcv_synsent_state_process(struct sock *sk, struct sk_buff *skb, tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -3011,7 +3081,7 @@ index ef4bdb038a4b..86967b09a8e2 100644 * simultaneous connect with crossed SYNs. * Particularly, it can be connect to self. diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost -index f54b6ac37ac2..e53b3057d4cb 100644 +index 12a87be0fb44..f4c69e330a53 100644 --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -47,6 +47,7 @@ MODPOST = scripts/mod/modpost \ @@ -3039,7 +3109,7 @@ index ae19fb0243b9..ad78375ece5e 100644 secure! diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index f882ce0d9327..2cbc4e8a6295 100644 +index e08f75aed429..649595efc541 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -35,6 +35,8 @@ static int warn_unresolved = 0; @@ -3113,7 +3183,7 @@ index f882ce0d9327..2cbc4e8a6295 100644 } fprintf(stderr, "\n"); } -@@ -2559,7 +2580,7 @@ int main(int argc, char **argv) +@@ -2546,7 +2567,7 @@ int main(int argc, char **argv) struct dump_list *dump_read_start = NULL; struct dump_list **dump_read_iter = &dump_read_start; @@ -3122,7 +3192,7 @@ index f882ce0d9327..2cbc4e8a6295 100644 switch (opt) { case 'e': external_module = 1; -@@ -2570,6 +2591,9 @@ int main(int argc, char **argv) +@@ -2557,6 +2578,9 @@ int main(int argc, char **argv) (*dump_read_iter)->file = optarg; dump_read_iter = &(*dump_read_iter)->next; break; @@ -3132,7 +3202,7 @@ index f882ce0d9327..2cbc4e8a6295 100644 case 'm': modversions = 1; break; -@@ -2670,6 +2694,11 @@ int main(int argc, char **argv) +@@ -2657,6 +2681,11 @@ int main(int argc, char **argv) } free(buf.p); @@ -3324,7 +3394,7 @@ index 9e921fc72538..ae851a826c26 100644 int "NSA SELinux sidtab hashtable size" depends on SECURITY_SELINUX diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index c46312710e73..541c65650c5e 100644 +index 227eb8967963..a8fe132825cd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -136,21 +136,7 @@ static int __init selinux_enabled_setup(char *str) @@ -3351,10 +3421,10 @@ index c46312710e73..541c65650c5e 100644 /** * selinux_secmark_enabled - Check to see if SECMARK is currently enabled diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c -index 4bde570d56a2..cc5caffc07fa 100644 +index 2b745ae8cb98..de739d432da6 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c -@@ -725,7 +725,6 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, +@@ -724,7 +724,6 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -3362,7 +3432,7 @@ index 4bde570d56a2..cc5caffc07fa 100644 char *page; ssize_t length; unsigned int new_value; -@@ -749,18 +748,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, +@@ -748,18 +747,9 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, return PTR_ERR(page); length = -EINVAL; |