Move update_linux.sh to tools/scripts.
Change-Id: If50c4ed6d11e1a953001678717a5583f61fba907
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5328
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Reviewed-by: Sharath George
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.14.8 |
|
3 |
+Version: 4.14.54 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297 |
|
11 |
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
%description |
14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
25 | 25 |
%defattr(-,root,root) |
26 | 26 |
%{_includedir}/* |
27 | 27 |
%changelog |
28 |
+* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1 |
|
29 |
+- Update to version 4.14.54 |
|
28 | 30 |
* Fri Dec 22 2017 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1 |
29 | 31 |
- Version update |
30 | 32 |
* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
... | ... |
@@ -3,106 +3,165 @@ From: Alexey Makhalov <amakhalov@vmware.com> |
3 | 3 |
Date: Sat, 4 Feb 2017 04:15:14 +0000 |
4 | 4 |
Subject: [PATCH 2/3] Added PAX_RANDKSTACK |
5 | 5 |
|
6 |
+ Reworked to randomize kernel stack at entry of each syscall instead of exit |
|
7 |
+ |
|
8 |
+ Documentation of the original patch |
|
9 |
+ |
|
10 |
+ 1. Design |
|
11 |
+ |
|
12 |
+ The goal of RANDKSTACK is to introduce randomness into the kernel stack |
|
13 |
+ addresses of a task. |
|
14 |
+ |
|
15 |
+ Linux assigns two pages of kernel stack to every task. This stack is used |
|
16 |
+ whenever the task enters the kernel (system call, device interrupt, CPU |
|
17 |
+ exception, etc). Note that once the task is executing in kernel land, |
|
18 |
+ further kernel (re)entry events (device interrupts or CPU exceptions can |
|
19 |
+ occur at almost any time) will not cause a stack switch. |
|
20 |
+ |
|
21 |
+ By the time the task returns to userland, the kernel land stack pointer |
|
22 |
+ will be at the point of the initial entry to the kernel (this also means |
|
23 |
+ that signals are not delivered to the task until it is ready to return to |
|
24 |
+ userland, that is signals are asynchronous notifications from the userland |
|
25 |
+ point of view, not from the kernel's). |
|
26 |
+ |
|
27 |
+ This behaviour means that a userland originating attack against a kernel |
|
28 |
+ bug would find itself always at the same place on the task's kernel stack |
|
29 |
+ therefore we will introduce randomization into the initial value of the |
|
30 |
+ task's kernel stack pointer. There is another interesting consequence in |
|
31 |
+ that we can not only introduce but also change the randomization at each |
|
32 |
+ userland/kernel transition (compare this to RANDUSTACK where the userland |
|
33 |
+ stack pointer is randomized only once at the very beginning of the task's |
|
34 |
+ life therefore it is vulnerable to information leaking attacks). In the |
|
35 |
+ current implementation we opted for changing the randomization at every |
|
36 |
+ system call since that is the most likely method of kernel entry during |
|
37 |
+ an attack. Note that while per system call randomization prevents making |
|
38 |
+ use of leaked information about the randomization in a given task, it does |
|
39 |
+ not help with attacks where more than one task is involved (where one task |
|
40 |
+ may be able to learn the randomization of another and then communicate it |
|
41 |
+ to the other without having to enter the kernel). |
|
42 |
+ |
|
43 |
+ 2. Implementation |
|
44 |
+ |
|
45 |
+ RANDKSTACK randomizes every task's kernel stack pointer before returning |
|
46 |
+ from a system call to userland. The i386 specific system call entry point |
|
47 |
+ is in arch/i386/kernel/entry.S and this is where PaX adds a call to the |
|
48 |
+ kernel stack pointer randomization function pax_randomize_kstack() found |
|
49 |
+ in arch/i386/kernel/process.c. The code in entry.S needs to duplicate some |
|
50 |
+ code found at the ret_from_sys_call label because this code can be reached |
|
51 |
+ from different paths (e.g., exception handlers) where we do not want to |
|
52 |
+ apply randomization. Note also that if the task is being debugged (via |
|
53 |
+ the ptrace() interface) then new randomization is not applied. |
|
54 |
+ |
|
55 |
+ pax_randomize_kstack() gathers entropy from the rdtsc instruction (read |
|
56 |
+ time stamp counter) and applies it to bits 2-6 of the kernel stack pointer. |
|
57 |
+ This means that 5 bits are randomized providing a maximum shift of 128 |
|
58 |
+ bytes - this was deemed safe enough to not cause kernel stack overflows |
|
59 |
+ yet give enough randomness to deter guessing/brute forcing attempts. |
|
60 |
+ |
|
61 |
+ The use of rdtsc is justified by the facts that we need a quick entropy |
|
62 |
+ source and that by the time a remote attacker would get to execute his |
|
63 |
+ code to exploit a kernel bug, enough system calls would have been issued |
|
64 |
+ by the attacked process to accumulate more than 5 bits of 'real' entropy |
|
65 |
+ in the randomized bits (this is why xor is used to apply the rdtsc output). |
|
66 |
+ Note that most likely due to its microarchitecture, the Intel P4 CPU seems |
|
67 |
+ to always return the same value in the least significant bit of the time |
|
68 |
+ stamp counter therefore we ignore it in kernels compiled for the P4. |
|
69 |
+ |
|
70 |
+ The kernel stack pointer has to be modified at two places: tss->esp0 which |
|
71 |
+ is the ring-0 stack pointer in the Task State Segment of the current CPU |
|
72 |
+ (and is used to load esp on a ring transition, such as a system call), and |
|
73 |
+ second, current->thread.esp0 which is used to reload tss->esp0 on a context |
|
74 |
+ switch. There is one last subtlety: since the randomization is applied via |
|
75 |
+ xor and the initial kernel stack pointer of a new task points just above |
|
76 |
+ its assigned stack (and hence is a page aligned address), we would produce |
|
77 |
+ esp values pointing above the assigned stack, therefore in copy_thread() we |
|
78 |
+ initialize thread.esp0 to 4 bytes less than usual so that the randomization |
|
79 |
+ will shift it within the assigned stack and not above. Since this solution |
|
80 |
+ 'wastes' a mere 4 bytes on the kernel stack, we saw no need to apply it |
|
81 |
+ selectively to specific tasks only. |
|
82 |
+ |
|
83 |
+Signed-off-by: Him Kalyan Bordoloi<bordoloih@vmware.com> |
|
84 |
+ |
|
6 | 85 |
--- |
7 |
- arch/x86/entry/entry_64.S | 16 ++++++++++++++++ |
|
8 |
- arch/x86/kernel/process_64.c | 21 +++++++++++++++++++++ |
|
86 |
+ arch/x86/entry/entry_64.S | 17 +++++++++++++++-- |
|
87 |
+ arch/x86/kernel/process_64.c | 17 +++++++++++++++++ |
|
9 | 88 |
security/Kconfig | 16 ++++++++++++++++ |
10 |
- 3 files changed, 53 insertions(+) |
|
89 |
+ 3 files changed, 48 insertions(+), 2 deletions(-) |
|
11 | 90 |
|
12 | 91 |
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
13 |
-index 2e956af..53d4110 100644 |
|
92 |
+index f7bfa70..dedcbe2 100644 |
|
14 | 93 |
--- a/arch/x86/entry/entry_64.S |
15 | 94 |
+++ b/arch/x86/entry/entry_64.S |
16 |
-@@ -51,6 +51,16 @@ ENTRY(native_usergs_sysret64) |
|
95 |
+@@ -53,6 +53,14 @@ ENTRY(native_usergs_sysret64) |
|
17 | 96 |
END(native_usergs_sysret64) |
18 | 97 |
#endif /* CONFIG_PARAVIRT */ |
19 | 98 |
|
20 | 99 |
+.macro pax_rand_kstack |
21 | 100 |
+#ifdef CONFIG_PAX_RANDKSTACK |
22 |
-+ pushq %rax |
|
23 |
-+ pushq %r11 |
|
24 | 101 |
+ call pax_randomize_kstack |
25 |
-+ popq %r11 |
|
26 |
-+ popq %rax |
|
102 |
++ movq %rsp, %rdi |
|
103 |
++ movq %rax, %rsp |
|
27 | 104 |
+#endif |
28 | 105 |
+.endm |
29 | 106 |
+ |
30 | 107 |
.macro TRACE_IRQS_IRETQ |
31 | 108 |
#ifdef CONFIG_TRACE_IRQFLAGS |
32 | 109 |
bt $9, EFLAGS(%rsp) /* interrupts off? */ |
33 |
-@@ -217,6 +227,8 @@ entry_SYSCALL_64_fastpath: |
|
34 |
- testl $_TIF_ALLWORK_MASK, TASK_TI_flags(%r11) |
|
35 |
- jnz 1f |
|
110 |
+@@ -229,8 +237,10 @@ GLOBAL(entry_SYSCALL_64_after_hwframe) |
|
111 |
+ TRACE_IRQS_OFF |
|
36 | 112 |
|
113 |
+ /* IRQs are off. */ |
|
114 |
+- movq %rsp, %rdi |
|
37 | 115 |
+ pax_rand_kstack |
38 |
-+ |
|
39 |
- LOCKDEP_SYS_EXIT |
|
40 |
- TRACE_IRQS_ON /* user mode is traced as IRQs on */ |
|
41 |
- movq RIP(%rsp), %rcx |
|
42 |
-@@ -246,6 +258,8 @@ entry_SYSCALL64_slow_path: |
|
116 |
++ pushq %rdi |
|
43 | 117 |
call do_syscall_64 /* returns with IRQs disabled */ |
118 |
++ popq %rsp |
|
44 | 119 |
|
45 |
- return_from_SYSCALL_64: |
|
46 |
-+ pax_rand_kstack |
|
47 |
-+ |
|
48 |
- RESTORE_EXTRA_REGS |
|
49 | 120 |
TRACE_IRQS_IRETQ /* we're about to change IF */ |
50 | 121 |
|
51 |
-@@ -422,6 +436,7 @@ ENTRY(ret_from_fork) |
|
122 |
+@@ -391,8 +401,11 @@ ENTRY(ret_from_fork) |
|
123 |
+ |
|
124 |
+ 2: |
|
52 | 125 |
UNWIND_HINT_REGS |
53 |
- movq %rsp, %rdi |
|
54 |
- call syscall_return_slowpath /* returns with IRQs disabled */ |
|
126 |
+- movq %rsp, %rdi |
|
55 | 127 |
+ pax_rand_kstack |
128 |
++ pushq %rdi |
|
129 |
+ call syscall_return_slowpath /* returns with IRQs disabled */ |
|
130 |
++ popq %rsp |
|
131 |
++ |
|
56 | 132 |
TRACE_IRQS_ON /* user mode is traced as IRQS on */ |
57 |
- SWAPGS |
|
58 |
- jmp restore_regs_and_iret |
|
59 |
-@@ -611,6 +626,7 @@ ret_from_intr: |
|
60 |
- GLOBAL(retint_user) |
|
61 |
- mov %rsp,%rdi |
|
62 |
- call prepare_exit_to_usermode |
|
63 |
-+ pax_rand_kstack |
|
64 |
- TRACE_IRQS_IRETQ |
|
65 |
- SWAPGS |
|
66 |
- jmp restore_regs_and_iret |
|
133 |
+ jmp swapgs_restore_regs_and_return_to_usermode |
|
134 |
+ |
|
67 | 135 |
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
68 |
-index 302e7b2..bc45b66 100644 |
|
136 |
+index 9eb448c..a6fe370 100644 |
|
69 | 137 |
--- a/arch/x86/kernel/process_64.c |
70 | 138 |
+++ b/arch/x86/kernel/process_64.c |
71 |
-@@ -274,7 +274,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, |
|
72 |
- struct inactive_task_frame *frame; |
|
73 |
- struct task_struct *me = current; |
|
139 |
+@@ -61,6 +61,23 @@ |
|
140 |
+ |
|
141 |
+ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); |
|
74 | 142 |
|
75 | 143 |
+#ifdef CONFIG_PAX_RANDKSTACK |
76 |
-+ /* -16 to start from prev page (c000 -> bff0) |
|
77 |
-+ to avoid stack overflow after randomizarion */ |
|
78 |
-+ p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE - 16; |
|
79 |
-+#else |
|
80 |
- p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE; |
|
81 |
-+#endif |
|
82 |
- childregs = task_pt_regs(p); |
|
83 |
- fork_frame = container_of(childregs, struct fork_frame, regs); |
|
84 |
- frame = &fork_frame->frame; |
|
85 |
-@@ -699,3 +705,18 @@ unsigned long KSTK_ESP(struct task_struct *task) |
|
86 |
- { |
|
87 |
- return task_pt_regs(task)->sp; |
|
88 |
- } |
|
89 |
-+ |
|
90 |
-+#ifdef CONFIG_PAX_RANDKSTACK |
|
91 |
-+void pax_randomize_kstack(void) |
|
144 |
++unsigned long pax_randomize_kstack(void) |
|
92 | 145 |
+{ |
93 |
-+ struct thread_struct *thread = ¤t->thread; |
|
94 |
-+ unsigned long time; |
|
146 |
++ struct task_struct *task = current; |
|
147 |
++ unsigned long time; |
|
148 |
++ unsigned long sp1; |
|
149 |
++ |
|
95 | 150 |
+ |
96 |
-+ if (!randomize_va_space) |
|
97 |
-+ return; |
|
151 |
++ if (!randomize_va_space) |
|
152 |
++ return (unsigned long)task_pt_regs(task); |
|
98 | 153 |
+ |
99 |
-+ time = rdtsc() & 0xFUL; |
|
100 |
-+ thread->sp0 ^= (time << 4); |
|
101 |
-+ load_sp0(&per_cpu(cpu_tss, smp_processor_id()), thread); |
|
154 |
++ time = rdtsc() & 0xFUL; |
|
155 |
++ sp1 = (unsigned long)task_pt_regs(task) - (time << 4); |
|
156 |
++ return sp1; |
|
102 | 157 |
+} |
103 | 158 |
+#endif |
159 |
++ |
|
160 |
+ /* Prints also some state that isn't saved in the pt_regs */ |
|
161 |
+ void __show_regs(struct pt_regs *regs, int all) |
|
162 |
+ { |
|
104 | 163 |
diff --git a/security/Kconfig b/security/Kconfig |
105 |
-index 3cef193..edb7fcd 100644 |
|
164 |
+index f506b6b..a94f2f1 100644 |
|
106 | 165 |
--- a/security/Kconfig |
107 | 166 |
+++ b/security/Kconfig |
108 | 167 |
@@ -80,6 +80,22 @@ config PAX_MPROTECT |
... | ... |
@@ -128,6 +187,3 @@ index 3cef193..edb7fcd 100644 |
128 | 128 |
endif |
129 | 129 |
|
130 | 130 |
source security/keys/Kconfig |
131 |
-2.8.1 |
|
132 |
- |
... | ... |
@@ -161,11 +161,12 @@ Functions signature fixing is probably still required. |
161 | 161 |
create mode 100644 scripts/gcc-plugins/rap_plugin/rap_plugin.c |
162 | 162 |
create mode 100644 scripts/gcc-plugins/rap_plugin/sip.c |
163 | 163 |
|
164 |
+ |
|
164 | 165 |
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S |
165 |
-index 16627fe..b941202 100644 |
|
166 |
+index 12e8484..dea170b 100644 |
|
166 | 167 |
--- a/arch/x86/crypto/aesni-intel_asm.S |
167 | 168 |
+++ b/arch/x86/crypto/aesni-intel_asm.S |
168 |
-@@ -1396,7 +1396,7 @@ _esb_loop_\@: |
|
169 |
+@@ -1332,7 +1332,7 @@ _esb_loop_\@: |
|
169 | 170 |
* poly = x^128 + x^127 + x^126 + x^121 + 1 |
170 | 171 |
* |
171 | 172 |
*****************************************************************************/ |
... | ... |
@@ -174,7 +175,7 @@ index 16627fe..b941202 100644 |
174 | 174 |
push %r12 |
175 | 175 |
push %r13 |
176 | 176 |
push %r14 |
177 |
-@@ -1673,7 +1673,7 @@ ENDPROC(aesni_gcm_dec) |
|
177 |
+@@ -1595,7 +1595,7 @@ ENDPROC(aesni_gcm_dec) |
|
178 | 178 |
* |
179 | 179 |
* poly = x^128 + x^127 + x^126 + x^121 + 1 |
180 | 180 |
***************************************************************************/ |
... | ... |
@@ -183,7 +184,7 @@ index 16627fe..b941202 100644 |
183 | 183 |
push %r12 |
184 | 184 |
push %r13 |
185 | 185 |
push %r14 |
186 |
-@@ -2064,7 +2064,7 @@ ENDPROC(aesni_set_key) |
|
186 |
+@@ -1980,7 +1980,7 @@ ENDPROC(aesni_set_key) |
|
187 | 187 |
/* |
188 | 188 |
* void aesni_enc(struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src) |
189 | 189 |
*/ |
... | ... |
@@ -192,7 +193,7 @@ index 16627fe..b941202 100644 |
192 | 192 |
FRAME_BEGIN |
193 | 193 |
#ifndef __x86_64__ |
194 | 194 |
pushl KEYP |
195 |
-@@ -2255,7 +2255,7 @@ ENDPROC(_aesni_enc4) |
|
195 |
+@@ -2171,7 +2171,7 @@ ENDPROC(_aesni_enc4) |
|
196 | 196 |
/* |
197 | 197 |
* void aesni_dec (struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src) |
198 | 198 |
*/ |
... | ... |
@@ -201,7 +202,7 @@ index 16627fe..b941202 100644 |
201 | 201 |
FRAME_BEGIN |
202 | 202 |
#ifndef __x86_64__ |
203 | 203 |
pushl KEYP |
204 |
-@@ -2764,7 +2764,7 @@ ENDPROC(_aesni_inc) |
|
204 |
+@@ -2680,7 +2680,7 @@ ENDPROC(_aesni_inc) |
|
205 | 205 |
* void aesni_ctr_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, |
206 | 206 |
* size_t len, u8 *iv) |
207 | 207 |
*/ |
... | ... |
@@ -211,10 +212,10 @@ index 16627fe..b941202 100644 |
211 | 211 |
cmp $16, LEN |
212 | 212 |
jb .Lctr_enc_just_ret |
213 | 213 |
diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c |
214 |
-index 5c15d6b..51d6a65 100644 |
|
214 |
+index c690ddc..ca0084c 100644 |
|
215 | 215 |
--- a/arch/x86/crypto/aesni-intel_glue.c |
216 | 216 |
+++ b/arch/x86/crypto/aesni-intel_glue.c |
217 |
-@@ -73,9 +73,9 @@ struct aesni_xts_ctx { |
|
217 |
+@@ -74,9 +74,9 @@ struct aesni_xts_ctx { |
|
218 | 218 |
|
219 | 219 |
asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key, |
220 | 220 |
unsigned int key_len); |
... | ... |
@@ -227,7 +228,7 @@ index 5c15d6b..51d6a65 100644 |
227 | 227 |
asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out, |
228 | 228 |
const u8 *in, unsigned int len); |
229 | 229 |
diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S |
230 |
-index 8c1fcb6..9c229bd 100644 |
|
230 |
+index 8c1fcb6..9c229bdd8 100644 |
|
231 | 231 |
--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S |
232 | 232 |
+++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S |
233 | 233 |
@@ -156,7 +156,7 @@ ENTRY(__blowfish_enc_blk) |
... | ... |
@@ -249,10 +250,10 @@ index 8c1fcb6..9c229bd 100644 |
249 | 249 |
* %rdi: ctx |
250 | 250 |
* %rsi: dst |
251 | 251 |
diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S |
252 |
-index f7c495e..bc8523d 100644 |
|
252 |
+index a14af6e..f24f291 100644 |
|
253 | 253 |
--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S |
254 | 254 |
+++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S |
255 |
-@@ -892,7 +892,7 @@ __camellia_dec_blk16: |
|
255 |
+@@ -893,7 +893,7 @@ __camellia_dec_blk16: |
|
256 | 256 |
jmp .Ldec_max24; |
257 | 257 |
ENDPROC(__camellia_dec_blk16) |
258 | 258 |
|
... | ... |
@@ -261,7 +262,7 @@ index f7c495e..bc8523d 100644 |
261 | 261 |
/* input: |
262 | 262 |
* %rdi: ctx, CTX |
263 | 263 |
* %rsi: dst (16 blocks) |
264 |
-@@ -917,7 +917,7 @@ ENTRY(camellia_ecb_enc_16way) |
|
264 |
+@@ -918,7 +918,7 @@ ENTRY(camellia_ecb_enc_16way) |
|
265 | 265 |
ret; |
266 | 266 |
ENDPROC(camellia_ecb_enc_16way) |
267 | 267 |
|
... | ... |
@@ -270,7 +271,7 @@ index f7c495e..bc8523d 100644 |
270 | 270 |
/* input: |
271 | 271 |
* %rdi: ctx, CTX |
272 | 272 |
* %rsi: dst (16 blocks) |
273 |
-@@ -947,7 +947,7 @@ ENTRY(camellia_ecb_dec_16way) |
|
273 |
+@@ -948,7 +948,7 @@ ENTRY(camellia_ecb_dec_16way) |
|
274 | 274 |
ret; |
275 | 275 |
ENDPROC(camellia_ecb_dec_16way) |
276 | 276 |
|
... | ... |
@@ -279,7 +280,7 @@ index f7c495e..bc8523d 100644 |
279 | 279 |
/* input: |
280 | 280 |
* %rdi: ctx, CTX |
281 | 281 |
* %rsi: dst (16 blocks) |
282 |
-@@ -1004,7 +1004,7 @@ ENDPROC(camellia_cbc_dec_16way) |
|
282 |
+@@ -1005,7 +1005,7 @@ ENDPROC(camellia_cbc_dec_16way) |
|
283 | 283 |
vpslldq $8, tmp, tmp; \ |
284 | 284 |
vpsubq tmp, x, x; |
285 | 285 |
|
... | ... |
@@ -288,7 +289,7 @@ index f7c495e..bc8523d 100644 |
288 | 288 |
/* input: |
289 | 289 |
* %rdi: ctx, CTX |
290 | 290 |
* %rsi: dst (16 blocks) |
291 |
-@@ -1255,7 +1255,7 @@ camellia_xts_crypt_16way: |
|
291 |
+@@ -1256,7 +1256,7 @@ camellia_xts_crypt_16way: |
|
292 | 292 |
ret; |
293 | 293 |
ENDPROC(camellia_xts_crypt_16way) |
294 | 294 |
|
... | ... |
@@ -297,7 +298,7 @@ index f7c495e..bc8523d 100644 |
297 | 297 |
/* input: |
298 | 298 |
* %rdi: ctx, CTX |
299 | 299 |
* %rsi: dst (16 blocks) |
300 |
-@@ -1269,7 +1269,7 @@ ENTRY(camellia_xts_enc_16way) |
|
300 |
+@@ -1270,7 +1270,7 @@ ENTRY(camellia_xts_enc_16way) |
|
301 | 301 |
jmp camellia_xts_crypt_16way; |
302 | 302 |
ENDPROC(camellia_xts_enc_16way) |
303 | 303 |
|
... | ... |
@@ -307,10 +308,10 @@ index f7c495e..bc8523d 100644 |
307 | 307 |
* %rdi: ctx, CTX |
308 | 308 |
* %rsi: dst (16 blocks) |
309 | 309 |
diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S |
310 |
-index eee5b39..4aa502c 100644 |
|
310 |
+index b66bbfa..10093da 100644 |
|
311 | 311 |
--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S |
312 | 312 |
+++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S |
313 |
-@@ -935,7 +935,7 @@ __camellia_dec_blk32: |
|
313 |
+@@ -936,7 +936,7 @@ __camellia_dec_blk32: |
|
314 | 314 |
jmp .Ldec_max24; |
315 | 315 |
ENDPROC(__camellia_dec_blk32) |
316 | 316 |
|
... | ... |
@@ -319,7 +320,7 @@ index eee5b39..4aa502c 100644 |
319 | 319 |
/* input: |
320 | 320 |
* %rdi: ctx, CTX |
321 | 321 |
* %rsi: dst (32 blocks) |
322 |
-@@ -964,7 +964,7 @@ ENTRY(camellia_ecb_enc_32way) |
|
322 |
+@@ -965,7 +965,7 @@ ENTRY(camellia_ecb_enc_32way) |
|
323 | 323 |
ret; |
324 | 324 |
ENDPROC(camellia_ecb_enc_32way) |
325 | 325 |
|
... | ... |
@@ -328,7 +329,7 @@ index eee5b39..4aa502c 100644 |
328 | 328 |
/* input: |
329 | 329 |
* %rdi: ctx, CTX |
330 | 330 |
* %rsi: dst (32 blocks) |
331 |
-@@ -998,7 +998,7 @@ ENTRY(camellia_ecb_dec_32way) |
|
331 |
+@@ -999,7 +999,7 @@ ENTRY(camellia_ecb_dec_32way) |
|
332 | 332 |
ret; |
333 | 333 |
ENDPROC(camellia_ecb_dec_32way) |
334 | 334 |
|
... | ... |
@@ -337,7 +338,7 @@ index eee5b39..4aa502c 100644 |
337 | 337 |
/* input: |
338 | 338 |
* %rdi: ctx, CTX |
339 | 339 |
* %rsi: dst (32 blocks) |
340 |
-@@ -1080,7 +1080,7 @@ ENDPROC(camellia_cbc_dec_32way) |
|
340 |
+@@ -1081,7 +1081,7 @@ ENDPROC(camellia_cbc_dec_32way) |
|
341 | 341 |
vpslldq $8, tmp1, tmp1; \ |
342 | 342 |
vpsubq tmp1, x, x; |
343 | 343 |
|
... | ... |
@@ -346,7 +347,7 @@ index eee5b39..4aa502c 100644 |
346 | 346 |
/* input: |
347 | 347 |
* %rdi: ctx, CTX |
348 | 348 |
* %rsi: dst (32 blocks) |
349 |
-@@ -1373,7 +1373,7 @@ camellia_xts_crypt_32way: |
|
349 |
+@@ -1374,7 +1374,7 @@ camellia_xts_crypt_32way: |
|
350 | 350 |
ret; |
351 | 351 |
ENDPROC(camellia_xts_crypt_32way) |
352 | 352 |
|
... | ... |
@@ -355,7 +356,7 @@ index eee5b39..4aa502c 100644 |
355 | 355 |
/* input: |
356 | 356 |
* %rdi: ctx, CTX |
357 | 357 |
* %rsi: dst (32 blocks) |
358 |
-@@ -1388,7 +1388,7 @@ ENTRY(camellia_xts_enc_32way) |
|
358 |
+@@ -1389,7 +1389,7 @@ ENTRY(camellia_xts_enc_32way) |
|
359 | 359 |
jmp camellia_xts_crypt_32way; |
360 | 360 |
ENDPROC(camellia_xts_enc_32way) |
361 | 361 |
|
... | ... |
@@ -858,7 +859,7 @@ index fb58f58..cf67f33 100644 |
858 | 858 |
shl $6, NUM_BLKS /* convert to bytes */ |
859 | 859 |
jz .Ldone_hash |
860 | 860 |
diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c |
861 |
-index 9e79baf..c5186c7 100644 |
|
861 |
+index 9e79baf..c5186c74 100644 |
|
862 | 862 |
--- a/arch/x86/crypto/sha256_ssse3_glue.c |
863 | 863 |
+++ b/arch/x86/crypto/sha256_ssse3_glue.c |
864 | 864 |
@@ -40,9 +40,9 @@ |
... | ... |
@@ -1084,10 +1085,10 @@ index 694ea45..f2c1418 100644 |
1084 | 1084 |
push %ebx |
1085 | 1085 |
push %esi |
1086 | 1086 |
diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S |
1087 |
-index 1c3b7ce..edf12ec 100644 |
|
1087 |
+index e7273a6..dd44bac 100644 |
|
1088 | 1088 |
--- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S |
1089 | 1089 |
+++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S |
1090 |
-@@ -272,7 +272,7 @@ ENTRY(__twofish_enc_blk_3way) |
|
1090 |
+@@ -284,7 +284,7 @@ ENTRY(__twofish_enc_blk_3way) |
|
1091 | 1091 |
ret; |
1092 | 1092 |
ENDPROC(__twofish_enc_blk_3way) |
1093 | 1093 |
|
... | ... |
@@ -1129,40 +1130,41 @@ index 06fc70c..03f4755 100644 |
1129 | 1129 |
+CFLAGS_REMOVE_syscall_32.o = $(RAP_PLUGIN_ABS_CFLAGS) |
1130 | 1130 |
+CFLAGS_REMOVE_syscall_64.o = $(RAP_PLUGIN_ABS_CFLAGS) |
1131 | 1131 |
diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c |
1132 |
-index 03505ff..0caf70b 100644 |
|
1132 |
+index 60e21cc..0d2d08f 100644 |
|
1133 | 1133 |
--- a/arch/x86/entry/common.c |
1134 | 1134 |
+++ b/arch/x86/entry/common.c |
1135 |
-@@ -284,9 +284,29 @@ __visible void do_syscall_64(struct pt_regs *regs) |
|
1135 |
+@@ -285,10 +285,30 @@ __visible void do_syscall_64(struct pt_regs *regs) |
|
1136 | 1136 |
* regs->orig_ax, which changes the behavior of some syscalls. |
1137 | 1137 |
*/ |
1138 | 1138 |
if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) { |
1139 | 1139 |
+#ifdef CONFIG_PAX_RAP |
1140 | 1140 |
+ asm volatile("movq %[param1],%%rdi\n\t" |
1141 |
-+ "movq %[param2],%%rsi\n\t" |
|
1142 |
-+ "movq %[param3],%%rdx\n\t" |
|
1143 |
-+ "movq %[param4],%%rcx\n\t" |
|
1144 |
-+ "movq %[param5],%%r8\n\t" |
|
1145 |
-+ "movq %[param6],%%r9\n\t" |
|
1146 |
-+ "call *%P[syscall]\n\t" |
|
1147 |
-+ "mov %%rax,%[result]\n\t" |
|
1141 |
++ "movq %[param2],%%rsi\n\t" |
|
1142 |
++ "movq %[param3],%%rdx\n\t" |
|
1143 |
++ "movq %[param4],%%rcx\n\t" |
|
1144 |
++ "movq %[param5],%%r8\n\t" |
|
1145 |
++ "movq %[param6],%%r9\n\t" |
|
1146 |
++ "call *%P[syscall]\n\t" |
|
1147 |
++ "mov %%rax,%[result]\n\t" |
|
1148 | 1148 |
+ : [result] "=m" (regs->ax) |
1149 | 1149 |
+ : [syscall] "m" (sys_call_table[nr & __SYSCALL_MASK]), |
1150 |
-+ [param1] "m" (regs->di), |
|
1151 |
-+ [param2] "m" (regs->si), |
|
1152 |
-+ [param3] "m" (regs->dx), |
|
1153 |
-+ [param4] "m" (regs->r10), |
|
1154 |
-+ [param5] "m" (regs->r8), |
|
1155 |
-+ [param6] "m" (regs->r9) |
|
1150 |
++ [param1] "m" (regs->di), |
|
1151 |
++ [param2] "m" (regs->si), |
|
1152 |
++ [param3] "m" (regs->dx), |
|
1153 |
++ [param4] "m" (regs->r10), |
|
1154 |
++ [param5] "m" (regs->r8), |
|
1155 |
++ [param6] "m" (regs->r9) |
|
1156 | 1156 |
+ : "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory"); |
1157 | 1157 |
+#else |
1158 |
- regs->ax = sys_call_table[nr & __SYSCALL_MASK]( |
|
1158 |
+ nr = array_index_nospec(nr & __SYSCALL_MASK, NR_syscalls); |
|
1159 |
+ regs->ax = sys_call_table[nr]( |
|
1159 | 1160 |
regs->di, regs->si, regs->dx, |
1160 | 1161 |
regs->r10, regs->r8, regs->r9); |
1161 | 1162 |
+#endif |
1162 | 1163 |
} |
1163 | 1164 |
|
1164 | 1165 |
syscall_return_slowpath(regs); |
1165 |
-@@ -326,10 +346,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs) |
|
1166 |
+@@ -329,10 +349,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs) |
|
1166 | 1167 |
* the high bits are zero. Make sure we zero-extend all |
1167 | 1168 |
* of the args. |
1168 | 1169 |
*/ |
... | ... |
@@ -1240,10 +1242,10 @@ index 62be73b..4133797 100644 |
1240 | 1240 |
extern void e820__range_add (u64 start, u64 size, enum e820_type type); |
1241 | 1241 |
extern u64 e820__range_update(u64 start, u64 size, enum e820_type old_type, enum e820_type new_type); |
1242 | 1242 |
diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h |
1243 |
-index dcd9fb5..59f1e2a 100644 |
|
1243 |
+index e203169..0ef405e 100644 |
|
1244 | 1244 |
--- a/arch/x86/include/asm/fixmap.h |
1245 | 1245 |
+++ b/arch/x86/include/asm/fixmap.h |
1246 |
-@@ -146,7 +146,7 @@ extern pte_t *kmap_pte; |
|
1246 |
+@@ -149,7 +149,7 @@ extern pte_t *kmap_pte; |
|
1247 | 1247 |
extern pte_t *pkmap_page_table; |
1248 | 1248 |
|
1249 | 1249 |
void __native_set_fixmap(enum fixed_addresses idx, pte_t pte); |
... | ... |
@@ -1253,7 +1255,7 @@ index dcd9fb5..59f1e2a 100644 |
1253 | 1253 |
|
1254 | 1254 |
#ifndef CONFIG_PARAVIRT |
1255 | 1255 |
diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h |
1256 |
-index 8546faf..157cf48 100644 |
|
1256 |
+index 7948a17..bc2b010 100644 |
|
1257 | 1257 |
--- a/arch/x86/include/asm/module.h |
1258 | 1258 |
+++ b/arch/x86/include/asm/module.h |
1259 | 1259 |
@@ -15,6 +15,7 @@ struct mod_arch_specific { |
... | ... |
@@ -1280,7 +1282,7 @@ index 8546faf..157cf48 100644 |
1280 | 1280 |
+ |
1281 | 1281 |
#endif /* _ASM_X86_MODULE_H */ |
1282 | 1282 |
diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c |
1283 |
-index fa6ea7d..5fa4efe 100644 |
|
1283 |
+index e05babd..da8005e 100644 |
|
1284 | 1284 |
--- a/arch/x86/kernel/cpu/vmware.c |
1285 | 1285 |
+++ b/arch/x86/kernel/cpu/vmware.c |
1286 | 1286 |
@@ -262,11 +262,17 @@ static __init int activate_jump_labels(void) |
... | ... |
@@ -1316,7 +1318,7 @@ index 71c11ad..35d8c4d 100644 |
1316 | 1316 |
return __e820__mapped_all(start, end, type); |
1317 | 1317 |
} |
1318 | 1318 |
diff --git a/arch/x86/kernel/ftrace_64.S b/arch/x86/kernel/ftrace_64.S |
1319 |
-index c832291..77d90bc 100644 |
|
1319 |
+index 7cb8ba0..fd9df42 100644 |
|
1320 | 1320 |
--- a/arch/x86/kernel/ftrace_64.S |
1321 | 1321 |
+++ b/arch/x86/kernel/ftrace_64.S |
1322 | 1322 |
@@ -182,7 +182,7 @@ GLOBAL(ftrace_graph_call) |
... | ... |
@@ -1329,10 +1331,10 @@ index c832291..77d90bc 100644 |
1329 | 1329 |
END(ftrace_caller) |
1330 | 1330 |
|
1331 | 1331 |
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c |
1332 |
-index 5a6b8f8..f1e53dd 100644 |
|
1332 |
+index a66428dc..bed821f 100644 |
|
1333 | 1333 |
--- a/arch/x86/kernel/traps.c |
1334 | 1334 |
+++ b/arch/x86/kernel/traps.c |
1335 |
-@@ -211,6 +211,10 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, |
|
1335 |
+@@ -210,6 +210,10 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, |
|
1336 | 1336 |
|
1337 | 1337 |
tsk->thread.error_code = error_code; |
1338 | 1338 |
tsk->thread.trap_nr = trapnr; |
... | ... |
@@ -1344,10 +1346,10 @@ index 5a6b8f8..f1e53dd 100644 |
1344 | 1344 |
} |
1345 | 1345 |
|
1346 | 1346 |
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c |
1347 |
-index 17ebc5a..c9c5b2d 100644 |
|
1347 |
+index 004abf9..9db5ce3 100644 |
|
1348 | 1348 |
--- a/arch/x86/mm/pgtable.c |
1349 | 1349 |
+++ b/arch/x86/mm/pgtable.c |
1350 |
-@@ -579,7 +579,7 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) |
|
1350 |
+@@ -580,7 +580,7 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) |
|
1351 | 1351 |
fixmaps_set++; |
1352 | 1352 |
} |
1353 | 1353 |
|
... | ... |
@@ -1357,7 +1359,7 @@ index 17ebc5a..c9c5b2d 100644 |
1357 | 1357 |
{ |
1358 | 1358 |
__native_set_fixmap(idx, pfn_pte(phys >> PAGE_SHIFT, flags)); |
1359 | 1359 |
diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c |
1360 |
-index ffdbc48..174c597 100644 |
|
1360 |
+index abff76b..a7a7677 100644 |
|
1361 | 1361 |
--- a/arch/x86/oprofile/nmi_int.c |
1362 | 1362 |
+++ b/arch/x86/oprofile/nmi_int.c |
1363 | 1363 |
@@ -592,7 +592,7 @@ enum __force_cpu_type { |
... | ... |
@@ -1498,7 +1500,7 @@ index 9f2e3be..676c910 100644 |
1498 | 1498 |
int rv = param_set_int(val, kp); |
1499 | 1499 |
if (rv) |
1500 | 1500 |
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c |
1501 |
-index e1cbb78..cd98978 100644 |
|
1501 |
+index c04aa11..9abc067 100644 |
|
1502 | 1502 |
--- a/drivers/char/ipmi/ipmi_si_intf.c |
1503 | 1503 |
+++ b/drivers/char/ipmi/ipmi_si_intf.c |
1504 | 1504 |
@@ -1345,7 +1345,7 @@ static unsigned int num_slave_addrs; |
... | ... |
@@ -1523,7 +1525,7 @@ diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c |
1523 | 1523 |
index 0eca20c..32a2682 100644 |
1524 | 1524 |
--- a/drivers/char/tpm/tpm-chip.c |
1525 | 1525 |
+++ b/drivers/char/tpm/tpm-chip.c |
1526 |
-@@ -267,6 +267,11 @@ out: |
|
1526 |
+@@ -267,6 +267,11 @@ struct tpm_chip *tpm_chip_alloc(struct device *pdev, |
|
1527 | 1527 |
} |
1528 | 1528 |
EXPORT_SYMBOL_GPL(tpm_chip_alloc); |
1529 | 1529 |
|
... | ... |
@@ -1681,7 +1683,7 @@ index d127ace..6ee866f 100644 |
1681 | 1681 |
int i, j = 1; |
1682 | 1682 |
|
1683 | 1683 |
diff --git a/drivers/md/md.c b/drivers/md/md.c |
1684 |
-index 98ea863..3b810cc 100644 |
|
1684 |
+index e058c20..7671b14 100644 |
|
1685 | 1685 |
--- a/drivers/md/md.c |
1686 | 1686 |
+++ b/drivers/md/md.c |
1687 | 1687 |
@@ -5357,7 +5357,7 @@ static struct kobject *md_probe(dev_t dev, int *part, void *data) |
... | ... |
@@ -1693,7 +1695,7 @@ index 98ea863..3b810cc 100644 |
1693 | 1693 |
{ |
1694 | 1694 |
/* |
1695 | 1695 |
* val must be "md_*" or "mdNNN". |
1696 |
-@@ -9274,11 +9274,11 @@ static __exit void md_exit(void) |
|
1696 |
+@@ -9278,11 +9278,11 @@ static __exit void md_exit(void) |
|
1697 | 1697 |
subsys_initcall(md_init); |
1698 | 1698 |
module_exit(md_exit) |
1699 | 1699 |
|
... | ... |
@@ -2699,10 +2701,10 @@ index 6e13c93..839dd12 100644 |
2699 | 2699 |
/* |
2700 | 2700 |
* Init NAPI, so that state is set to NAPI_STATE_SCHED, |
2701 | 2701 |
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c |
2702 |
-index cae54f8..5155386 100644 |
|
2702 |
+index 633e55c..b9ad02a 100644 |
|
2703 | 2703 |
--- a/drivers/pci/pcie/aspm.c |
2704 | 2704 |
+++ b/drivers/pci/pcie/aspm.c |
2705 |
-@@ -1061,7 +1061,7 @@ void pci_disable_link_state(struct pci_dev *pdev, int state) |
|
2705 |
+@@ -1065,7 +1065,7 @@ void pci_disable_link_state(struct pci_dev *pdev, int state) |
|
2706 | 2706 |
} |
2707 | 2707 |
EXPORT_SYMBOL(pci_disable_link_state); |
2708 | 2708 |
|
... | ... |
@@ -2711,7 +2713,7 @@ index cae54f8..5155386 100644 |
2711 | 2711 |
{ |
2712 | 2712 |
int i; |
2713 | 2713 |
struct pcie_link_state *link; |
2714 |
-@@ -1088,7 +1088,7 @@ static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp) |
|
2714 |
+@@ -1092,7 +1092,7 @@ static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp) |
|
2715 | 2715 |
return 0; |
2716 | 2716 |
} |
2717 | 2717 |
|
... | ... |
@@ -2747,7 +2749,7 @@ index 3f38907..95540ea 100644 |
2747 | 2747 |
const u32 len) |
2748 | 2748 |
{ |
2749 | 2749 |
diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c |
2750 |
-index af3e4d3..c028cdc 100644 |
|
2750 |
+index 7173ae5..039ba66 100644 |
|
2751 | 2751 |
--- a/drivers/scsi/aacraid/aachba.c |
2752 | 2752 |
+++ b/drivers/scsi/aacraid/aachba.c |
2753 | 2753 |
@@ -812,6 +812,11 @@ static int aac_probe_container_callback1(struct scsi_cmnd * scsicmd) |
... | ... |
@@ -3522,7 +3524,7 @@ index 5caf5f3..fcff931 100644 |
3522 | 3522 |
struct bfad_s *bfad = pci_get_drvdata(pdev); |
3523 | 3523 |
unsigned long flags; |
3524 | 3524 |
diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c |
3525 |
-index b2e8c0d..e1bd5ea 100644 |
|
3525 |
+index 1aa46d0..5e4fa77 100644 |
|
3526 | 3526 |
--- a/drivers/scsi/bfa/bfad_bsg.c |
3527 | 3527 |
+++ b/drivers/scsi/bfa/bfad_bsg.c |
3528 | 3528 |
@@ -2145,7 +2145,7 @@ bfad_iocmd_fcport_get_stats(struct bfad_s *bfad, void *cmd) |
... | ... |
@@ -4127,7 +4129,7 @@ index 375c536..618843b 100644 |
4127 | 4127 |
{ |
4128 | 4128 |
int rc = -ENODEV; |
4129 | 4129 |
struct net_device *netdev = NULL; |
4130 |
-@@ -930,7 +930,7 @@ out_nodev: |
|
4130 |
+@@ -930,7 +930,7 @@ static int fcoe_transport_create(const char *buffer, struct kernel_param *kp) |
|
4131 | 4131 |
* |
4132 | 4132 |
* Returns: 0 for success |
4133 | 4133 |
*/ |
... | ... |
@@ -4136,7 +4138,7 @@ index 375c536..618843b 100644 |
4136 | 4136 |
{ |
4137 | 4137 |
int rc = -ENODEV; |
4138 | 4138 |
struct net_device *netdev = NULL; |
4139 |
-@@ -974,7 +974,7 @@ out_nodev: |
|
4139 |
+@@ -974,7 +974,7 @@ static int fcoe_transport_destroy(const char *buffer, struct kernel_param *kp) |
|
4140 | 4140 |
* |
4141 | 4141 |
* Returns: 0 for success |
4142 | 4142 |
*/ |
... | ... |
@@ -4145,7 +4147,7 @@ index 375c536..618843b 100644 |
4145 | 4145 |
{ |
4146 | 4146 |
int rc = -ENODEV; |
4147 | 4147 |
struct net_device *netdev = NULL; |
4148 |
-@@ -1008,7 +1008,7 @@ out_nodev: |
|
4148 |
+@@ -1008,7 +1008,7 @@ static int fcoe_transport_disable(const char *buffer, struct kernel_param *kp) |
|
4149 | 4149 |
* |
4150 | 4150 |
* Returns: 0 for success |
4151 | 4151 |
*/ |
... | ... |
@@ -4279,7 +4281,7 @@ index 8799990..3d36dee 100644 |
4279 | 4279 |
int ret = param_set_int(val, kp); |
4280 | 4280 |
struct MPT3SAS_ADAPTER *ioc; |
4281 | 4281 |
diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
4282 |
-index 22998cb..07719da 100644 |
|
4282 |
+index 33ff691..483fe89 100644 |
|
4283 | 4283 |
--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
4284 | 4284 |
+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
4285 | 4285 |
@@ -281,7 +281,7 @@ struct _scsi_io_transfer { |
... | ... |
@@ -4408,7 +4410,7 @@ index a260cde..1b99d3b 100644 |
4408 | 4408 |
int len = strlen(kmessage); |
4409 | 4409 |
|
4410 | 4410 |
diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c |
4411 |
-index 9269d56..219a68b 100644 |
|
4411 |
+index b90ef96..48c94ba 100644 |
|
4412 | 4412 |
--- a/drivers/video/console/dummycon.c |
4413 | 4413 |
+++ b/drivers/video/console/dummycon.c |
4414 | 4414 |
@@ -41,12 +41,61 @@ static void dummycon_init(struct vc_data *vc, int init) |
... | ... |
@@ -4475,7 +4477,7 @@ index 9269d56..219a68b 100644 |
4475 | 4475 |
|
4476 | 4476 |
/* |
4477 | 4477 |
* The console `switch' structure for the dummy console |
4478 |
-@@ -58,17 +107,17 @@ const struct consw dummy_con = { |
|
4478 |
+@@ -58,16 +107,16 @@ const struct consw dummy_con = { |
|
4479 | 4479 |
.owner = THIS_MODULE, |
4480 | 4480 |
.con_startup = dummycon_startup, |
4481 | 4481 |
.con_init = dummycon_init, |
... | ... |
@@ -4488,7 +4490,6 @@ index 9269d56..219a68b 100644 |
4488 | 4488 |
- .con_switch = DUMMY, |
4489 | 4489 |
- .con_blank = DUMMY, |
4490 | 4490 |
- .con_font_set = DUMMY, |
4491 |
-- .con_font_get = DUMMY, |
|
4492 | 4491 |
- .con_font_default = DUMMY, |
4493 | 4492 |
- .con_font_copy = DUMMY, |
4494 | 4493 |
+ .con_deinit = dummycon_deinit, |
... | ... |
@@ -4500,7 +4501,6 @@ index 9269d56..219a68b 100644 |
4500 | 4500 |
+ .con_switch = dummycon_switch, |
4501 | 4501 |
+ .con_blank = dummycon_blank, |
4502 | 4502 |
+ .con_font_set = dummycon_font_set, |
4503 |
-+ .con_font_get = dummycon_font_get, |
|
4504 | 4503 |
+ .con_font_default = dummycon_font_default, |
4505 | 4504 |
+ .con_font_copy = dummycon_font_copy, |
4506 | 4505 |
}; |
... | ... |
@@ -4558,7 +4558,7 @@ diff --git a/fs/exofs/inode.c b/fs/exofs/inode.c |
4558 | 4558 |
index 0ac6281..cec5adf 100644 |
4559 | 4559 |
--- a/fs/exofs/inode.c |
4560 | 4560 |
+++ b/fs/exofs/inode.c |
4561 |
-@@ -470,6 +470,11 @@ fail: |
|
4561 |
+@@ -470,6 +470,11 @@ static int readpage_strip(void *data, struct page *page) |
|
4562 | 4562 |
return ret; |
4563 | 4563 |
} |
4564 | 4564 |
|
... | ... |
@@ -4618,10 +4618,10 @@ index 94a745a..a79e320 100644 |
4618 | 4618 |
int rv; |
4619 | 4619 |
|
4620 | 4620 |
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c |
4621 |
-index 45e9654..076d7bb 100644 |
|
4621 |
+index 809cbcc..6525c05 100644 |
|
4622 | 4622 |
--- a/fs/lockd/svc.c |
4623 | 4623 |
+++ b/fs/lockd/svc.c |
4624 |
-@@ -602,7 +602,7 @@ static struct ctl_table nlm_sysctl_root[] = { |
|
4624 |
+@@ -614,7 +614,7 @@ static struct ctl_table nlm_sysctl_root[] = { |
|
4625 | 4625 |
*/ |
4626 | 4626 |
|
4627 | 4627 |
#define param_set_min_max(name, type, which_strtol, min, max) \ |
... | ... |
@@ -4634,7 +4634,7 @@ diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c |
4634 | 4634 |
index bf2c436..d04d41b 100644 |
4635 | 4635 |
--- a/fs/nfs/dir.c |
4636 | 4636 |
+++ b/fs/nfs/dir.c |
4637 |
-@@ -671,8 +671,9 @@ out: |
|
4637 |
+@@ -671,8 +671,9 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page, |
|
4638 | 4638 |
* We only need to convert from xdr once so future lookups are much simpler |
4639 | 4639 |
*/ |
4640 | 4640 |
static |
... | ... |
@@ -4858,7 +4858,7 @@ index 2c61c6b..43a01c7 100644 |
4858 | 4858 |
DECODE_HEAD; |
4859 | 4859 |
|
4860 | 4860 |
READ_BUF(4); |
4861 |
-@@ -896,8 +913,9 @@ xdr_error: |
|
4861 |
+@@ -896,8 +913,9 @@ static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_ne |
|
4862 | 4862 |
} |
4863 | 4863 |
|
4864 | 4864 |
static __be32 |
... | ... |
@@ -5109,7 +5109,7 @@ index 2c61c6b..43a01c7 100644 |
5109 | 5109 |
int i; |
5110 | 5110 |
__be32 *p, status; |
5111 | 5111 |
struct nfsd4_test_stateid_id *stateid; |
5112 |
-@@ -1554,8 +1593,9 @@ xdr_error: |
|
5112 |
+@@ -1554,8 +1593,9 @@ nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_sta |
|
5113 | 5113 |
goto out; |
5114 | 5114 |
} |
5115 | 5115 |
|
... | ... |
@@ -5459,7 +5459,7 @@ index 2c61c6b..43a01c7 100644 |
5459 | 5459 |
struct xdr_stream *xdr = &resp->xdr; |
5460 | 5460 |
struct svc_fh *fhp = *fhpp; |
5461 | 5461 |
unsigned int len; |
5462 |
-@@ -3250,8 +3307,10 @@ again: |
|
5462 |
+@@ -3250,8 +3307,10 @@ nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld) |
|
5463 | 5463 |
} |
5464 | 5464 |
|
5465 | 5465 |
static __be32 |
... | ... |
@@ -5572,7 +5572,7 @@ index 2c61c6b..43a01c7 100644 |
5572 | 5572 |
int maxcount; |
5573 | 5573 |
int bytes_left; |
5574 | 5574 |
loff_t offset; |
5575 |
-@@ -3707,8 +3776,9 @@ err_no_verf: |
|
5575 |
+@@ -3707,8 +3776,9 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4 |
|
5576 | 5576 |
} |
5577 | 5577 |
|
5578 | 5578 |
static __be32 |
... | ... |
@@ -5716,7 +5716,7 @@ index 2c61c6b..43a01c7 100644 |
5716 | 5716 |
struct xdr_stream *xdr = &resp->xdr; |
5717 | 5717 |
const struct nfsd4_layout_ops *ops; |
5718 | 5718 |
u32 starting_len = xdr->buf->len, needed_len; |
5719 |
-@@ -4118,9 +4199,9 @@ toosmall: |
|
5719 |
+@@ -4118,9 +4199,9 @@ nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr, |
|
5720 | 5720 |
} |
5721 | 5721 |
|
5722 | 5722 |
static __be32 |
... | ... |
@@ -5938,10 +5938,10 @@ index 2c61c6b..43a01c7 100644 |
5938 | 5938 |
|
5939 | 5939 |
/* |
5940 | 5940 |
diff --git a/include/linux/compiler.h b/include/linux/compiler.h |
5941 |
-index 2027104..4a9913a 100644 |
|
5941 |
+index e8c9cd1..247e6d0 100644 |
|
5942 | 5942 |
--- a/include/linux/compiler.h |
5943 | 5943 |
+++ b/include/linux/compiler.h |
5944 |
-@@ -257,27 +257,18 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, |
|
5944 |
+@@ -158,27 +158,18 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val, |
|
5945 | 5945 |
|
5946 | 5946 |
#include <uapi/linux/types.h> |
5947 | 5947 |
|
... | ... |
@@ -5979,7 +5979,7 @@ index 2027104..4a9913a 100644 |
5979 | 5979 |
/* |
5980 | 5980 |
* This function is not 'inline' because __no_sanitize_address confilcts |
5981 | 5981 |
* with inlining. Attempt to inline it may cause a build failure. |
5982 |
-@@ -287,29 +278,20 @@ void __read_once_size(const volatile void *p, void *res, int size) |
|
5982 |
+@@ -188,29 +179,20 @@ void __read_once_size(const volatile void *p, void *res, int size) |
|
5983 | 5983 |
static __no_sanitize_address __maybe_unused |
5984 | 5984 |
void __read_once_size_nocheck(const volatile void *p, void *res, int size) |
5985 | 5985 |
{ |
... | ... |
@@ -6017,9 +6017,9 @@ index 2027104..4a9913a 100644 |
6017 | 6017 |
|
6018 | 6018 |
/* |
6019 | 6019 |
* Prevent the compiler from merging or refetching reads or writes. The |
6020 |
-@@ -334,29 +316,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
|
6021 |
- * required ordering. |
|
6020 |
+@@ -236,30 +218,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
|
6022 | 6021 |
*/ |
6022 |
+ #include <asm/barrier.h> |
|
6023 | 6023 |
|
6024 | 6024 |
-#define __READ_ONCE(x, check) \ |
6025 | 6025 |
-({ \ |
... | ... |
@@ -6028,10 +6028,11 @@ index 2027104..4a9913a 100644 |
6028 | 6028 |
- __read_once_size(&(x), __u.__c, sizeof(x)); \ |
6029 | 6029 |
- else \ |
6030 | 6030 |
- __read_once_size_nocheck(&(x), __u.__c, sizeof(x)); \ |
6031 |
+- smp_read_barrier_depends(); /* Enforce dependency ordering from x */ \ |
|
6031 | 6032 |
- __u.__val; \ |
6032 |
-+#define READ_ONCE(x) ({ \ |
|
6033 |
-+ typeof(x) __val = *(volatile typeof(x) *)&(x); \ |
|
6034 |
-+ __val; \ |
|
6033 |
++#define READ_ONCE(x) ({ \ |
|
6034 |
++ typeof(x) __val = *(volatile typeof(x) *)&(x); \ |
|
6035 |
++ __val; \ |
|
6035 | 6036 |
}) |
6036 | 6037 |
-#define READ_ONCE(x) __READ_ONCE(x, 1) |
6037 | 6038 |
|
... | ... |
@@ -6047,14 +6048,18 @@ index 2027104..4a9913a 100644 |
6047 | 6047 |
- { .__val = (__force typeof(x)) (val) }; \ |
6048 | 6048 |
- __write_once_size(&(x), __u.__c, sizeof(x)); \ |
6049 | 6049 |
- __u.__val; \ |
6050 |
-+#define WRITE_ONCE(x, val) ({ \ |
|
6051 |
-+ typeof(x) __val = (val); \ |
|
6052 |
-+ (x) = *(volatile typeof(x) *)&__val; \ |
|
6053 |
-+ __val; \ |
|
6050 |
++#define WRITE_ONCE(x, val) ({ \ |
|
6051 |
++ typeof(x) __val = (val); \ |
|
6052 |
++ (x) = *(volatile typeof(x) *)&__val; \ |
|
6053 |
++ __val; \ |
|
6054 | 6054 |
}) |
6055 | 6055 |
|
6056 | 6056 |
#endif /* __KERNEL__ */ |
6057 |
-@@ -519,6 +487,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s |
|
6057 |
+diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h |
|
6058 |
+index 6b79a9b..5ddfac5 100644 |
|
6059 |
+--- a/include/linux/compiler_types.h |
|
6060 |
+@@ -266,6 +266,8 @@ struct ftrace_likely_data { |
|
6058 | 6061 |
# define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b)) |
6059 | 6062 |
#endif |
6060 | 6063 |
|
... | ... |
@@ -6064,7 +6069,7 @@ index 2027104..4a9913a 100644 |
6064 | 6064 |
#ifndef __native_word |
6065 | 6065 |
# define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long)) |
6066 | 6066 |
diff --git a/include/linux/linkage.h b/include/linux/linkage.h |
6067 |
-index 2e6f90b..1f221eb 100644 |
|
6067 |
+index f68db9e..30ed811 100644 |
|
6068 | 6068 |
--- a/include/linux/linkage.h |
6069 | 6069 |
+++ b/include/linux/linkage.h |
6070 | 6070 |
@@ -6,6 +6,7 @@ |
... | ... |
@@ -6237,7 +6242,7 @@ index a78186d..ef7fd29 100644 |
6237 | 6237 |
|
6238 | 6238 |
/* |
6239 | 6239 |
diff --git a/include/linux/timer.h b/include/linux/timer.h |
6240 |
-index ac66f29..fb350b0 100644 |
|
6240 |
+index e0ea1fe..f5d5636 100644 |
|
6241 | 6241 |
--- a/include/linux/timer.h |
6242 | 6242 |
+++ b/include/linux/timer.h |
6243 | 6243 |
@@ -173,7 +173,7 @@ static inline void init_timer_on_stack_key(struct timer_list *timer, |
... | ... |
@@ -6263,10 +6268,10 @@ index 792c3f6..f5223bf 100644 |
6263 | 6263 |
|
6264 | 6264 |
extern struct hlist_nulls_head *nf_conntrack_hash; |
6265 | 6265 |
diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c |
6266 |
-index 7b62df8..3e261db 100644 |
|
6266 |
+index d203a5d6..6d32f69 100644 |
|
6267 | 6267 |
--- a/kernel/bpf/core.c |
6268 | 6268 |
+++ b/kernel/bpf/core.c |
6269 |
-@@ -489,6 +489,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type, |
|
6269 |
+@@ -485,6 +485,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type, |
|
6270 | 6270 |
return ret; |
6271 | 6271 |
} |
6272 | 6272 |
|
... | ... |
@@ -6275,7 +6280,7 @@ index 7b62df8..3e261db 100644 |
6275 | 6275 |
struct bpf_binary_header * |
6276 | 6276 |
bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
6277 | 6277 |
unsigned int alignment, |
6278 |
-@@ -512,11 +514,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
|
6278 |
+@@ -508,11 +510,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr, |
|
6279 | 6279 |
hdr->pages = size / PAGE_SIZE; |
6280 | 6280 |
hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)), |
6281 | 6281 |
PAGE_SIZE - sizeof(*hdr)); |
... | ... |
@@ -6301,7 +6306,7 @@ index 7b62df8..3e261db 100644 |
6301 | 6301 |
} |
6302 | 6302 |
|
6303 | 6303 |
diff --git a/kernel/events/core.c b/kernel/events/core.c |
6304 |
-index 4f1d4bf..cf63e11 100644 |
|
6304 |
+index f42f7c7..444b7b9 100644 |
|
6305 | 6305 |
--- a/kernel/events/core.c |
6306 | 6306 |
+++ b/kernel/events/core.c |
6307 | 6307 |
@@ -1046,8 +1046,9 @@ static void __perf_mux_hrtimer_init(struct perf_cpu_context *cpuctx, int cpu) |
... | ... |
@@ -6315,7 +6320,7 @@ index 4f1d4bf..cf63e11 100644 |
6315 | 6315 |
struct hrtimer *timer = &cpuctx->hrtimer; |
6316 | 6316 |
struct pmu *pmu = cpuctx->ctx.pmu; |
6317 | 6317 |
unsigned long flags; |
6318 |
-@@ -9035,8 +9036,7 @@ perf_event_mux_interval_ms_store(struct device *dev, |
|
6318 |
+@@ -9039,8 +9040,7 @@ perf_event_mux_interval_ms_store(struct device *dev, |
|
6319 | 6319 |
cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu); |
6320 | 6320 |
cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer); |
6321 | 6321 |
|
... | ... |
@@ -6326,10 +6331,10 @@ index 4f1d4bf..cf63e11 100644 |
6326 | 6326 |
cpus_read_unlock(); |
6327 | 6327 |
mutex_unlock(&mux_interval_mutex); |
6328 | 6328 |
diff --git a/kernel/module.c b/kernel/module.c |
6329 |
-index de66ec8..9812431 100644 |
|
6329 |
+index 690c065..550cb81 100644 |
|
6330 | 6330 |
--- a/kernel/module.c |
6331 | 6331 |
+++ b/kernel/module.c |
6332 |
-@@ -2998,8 +2998,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) |
|
6332 |
+@@ -3007,8 +3007,15 @@ static struct module *setup_load_info(struct load_info *info, int flags) |
|
6333 | 6333 |
static int check_modinfo(struct module *mod, struct load_info *info, int flags) |
6334 | 6334 |
{ |
6335 | 6335 |
const char *modmagic = get_modinfo(info, "vermagic"); |
... | ... |
@@ -6345,7 +6350,7 @@ index de66ec8..9812431 100644 |
6345 | 6345 |
if (flags & MODULE_INIT_IGNORE_VERMAGIC) |
6346 | 6346 |
modmagic = NULL; |
6347 | 6347 |
|
6348 |
-@@ -3032,7 +3039,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) |
|
6348 |
+@@ -3043,7 +3050,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) |
|
6349 | 6349 |
return err; |
6350 | 6350 |
|
6351 | 6351 |
/* Set up license info based on the info section */ |
... | ... |
@@ -6355,7 +6360,7 @@ index de66ec8..9812431 100644 |
6355 | 6355 |
return 0; |
6356 | 6356 |
} |
6357 | 6357 |
diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
6358 |
-index 8fa7b6f..b2b63c2 100644 |
|
6358 |
+index 5506246..91811a7 100644 |
|
6359 | 6359 |
--- a/kernel/sched/core.c |
6360 | 6360 |
+++ b/kernel/sched/core.c |
6361 | 6361 |
@@ -2684,7 +2684,7 @@ static struct rq *finish_task_switch(struct task_struct *prev) |
... | ... |
@@ -6392,7 +6397,7 @@ index 4ae5c1e..04c05f8 100644 |
6392 | 6392 |
static void push_dl_tasks(struct rq *); |
6393 | 6393 |
static void pull_dl_task(struct rq *); |
6394 | 6394 |
diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c |
6395 |
-index 7464c5c..02a938d 100644 |
|
6395 |
+index 298f62b..6f2e85f 100644 |
|
6396 | 6396 |
--- a/kernel/sched/rt.c |
6397 | 6397 |
+++ b/kernel/sched/rt.c |
6398 | 6398 |
@@ -353,8 +353,8 @@ static inline int has_pushable_tasks(struct rq *rq) |
... | ... |
@@ -6407,10 +6412,10 @@ index 7464c5c..02a938d 100644 |
6407 | 6407 |
static void push_rt_tasks(struct rq *); |
6408 | 6408 |
static void pull_rt_task(struct rq *); |
6409 | 6409 |
diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
6410 |
-index b732e77..fbd3c0c 100644 |
|
6410 |
+index 307c35d..555b429 100644 |
|
6411 | 6411 |
--- a/kernel/sched/sched.h |
6412 | 6412 |
+++ b/kernel/sched/sched.h |
6413 |
-@@ -738,7 +738,10 @@ struct rq { |
|
6413 |
+@@ -740,7 +740,10 @@ struct rq { |
|
6414 | 6414 |
unsigned long cpu_capacity; |
6415 | 6415 |
unsigned long cpu_capacity_orig; |
6416 | 6416 |
|
... | ... |
@@ -6422,7 +6427,7 @@ index b732e77..fbd3c0c 100644 |
6422 | 6422 |
|
6423 | 6423 |
unsigned char idle_balance; |
6424 | 6424 |
/* For active balancing */ |
6425 |
-@@ -993,7 +996,7 @@ extern int migrate_swap(struct task_struct *, struct task_struct *); |
|
6425 |
+@@ -995,7 +998,7 @@ extern int migrate_swap(struct task_struct *, struct task_struct *); |
|
6426 | 6426 |
|
6427 | 6427 |
static inline void |
6428 | 6428 |
queue_balance_callback(struct rq *rq, |
... | ... |
@@ -6431,7 +6436,7 @@ index b732e77..fbd3c0c 100644 |
6431 | 6431 |
void (*func)(struct rq *rq)) |
6432 | 6432 |
{ |
6433 | 6433 |
lockdep_assert_held(&rq->lock); |
6434 |
-@@ -1001,7 +1004,7 @@ queue_balance_callback(struct rq *rq, |
|
6434 |
+@@ -1003,7 +1006,7 @@ queue_balance_callback(struct rq *rq, |
|
6435 | 6435 |
if (unlikely(head->next)) |
6436 | 6436 |
return; |
6437 | 6437 |
|
... | ... |
@@ -6453,7 +6458,7 @@ index 594d73f..fc9d65f 100644 |
6453 | 6453 |
void *data, |
6454 | 6454 |
gfp_t gfp) |
6455 | 6455 |
{ |
6456 |
-@@ -2773,7 +2773,7 @@ out: |
|
6456 |
+@@ -2773,7 +2773,7 @@ static struct page *do_read_cache_page(struct address_space *mapping, |
|
6457 | 6457 |
*/ |
6458 | 6458 |
struct page *read_cache_page(struct address_space *mapping, |
6459 | 6459 |
pgoff_t index, |
... | ... |
@@ -6571,7 +6576,7 @@ index aa04666..e5e4e18 100644 |
6571 | 6571 |
{ |
6572 | 6572 |
int *ip = (int *)kp->arg; |
6573 | 6573 |
struct svc_pool_map *m = &svc_pool_map; |
6574 |
-@@ -80,7 +80,7 @@ out: |
|
6574 |
+@@ -80,7 +80,7 @@ param_set_pool_mode(const char *val, struct kernel_param *kp) |
|
6575 | 6575 |
} |
6576 | 6576 |
|
6577 | 6577 |
static int |
... | ... |
@@ -7926,7 +7931,7 @@ index 0000000..65bc1cd |
7926 | 7926 |
+ U64TO8_LE(out, b); |
7927 | 7927 |
+} |
7928 | 7928 |
diff --git a/security/Kconfig b/security/Kconfig |
7929 |
-index edb7fcd..7a98e4c 100644 |
|
7929 |
+index 08d4882..bbb8aad 100644 |
|
7930 | 7930 |
--- a/security/Kconfig |
7931 | 7931 |
+++ b/security/Kconfig |
7932 | 7932 |
@@ -81,6 +81,24 @@ config PAX_MPROTECT |
... | ... |
@@ -8010,6 +8015,3 @@ index 1346ee5..17893fd 100644 |
8010 | 8010 |
{ |
8011 | 8011 |
int i; |
8012 | 8012 |
|
8013 |
-2.8.1 |
|
8014 |
- |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
# |
2 | 2 |
# Automatically generated file; DO NOT EDIT. |
3 |
-# Linux/x86 4.14.8 Kernel Configuration |
|
3 |
+# Linux/x86 4.14.54 Kernel Configuration |
|
4 | 4 |
# |
5 | 5 |
CONFIG_64BIT=y |
6 | 6 |
CONFIG_X86_64=y |
... | ... |
@@ -453,6 +453,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y |
453 | 453 |
CONFIG_X86_X2APIC=y |
454 | 454 |
# CONFIG_X86_MPPARSE is not set |
455 | 455 |
# CONFIG_GOLDFISH is not set |
456 |
+CONFIG_RETPOLINE=y |
|
456 | 457 |
# CONFIG_INTEL_RDT is not set |
457 | 458 |
# CONFIG_X86_EXTENDED_PLATFORM is not set |
458 | 459 |
# CONFIG_X86_INTEL_LPSS is not set |
... | ... |
@@ -1269,6 +1270,9 @@ CONFIG_NF_CONNTRACK_IPV6=m |
1269 | 1269 |
# CONFIG_NF_SOCKET_IPV6 is not set |
1270 | 1270 |
CONFIG_NF_TABLES_IPV6=m |
1271 | 1271 |
CONFIG_NFT_CHAIN_ROUTE_IPV6=m |
1272 |
+CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1273 |
+CONFIG_NFT_MASQ_IPV6=m |
|
1274 |
+CONFIG_NFT_REDIR_IPV6=m |
|
1272 | 1275 |
CONFIG_NFT_REJECT_IPV6=m |
1273 | 1276 |
CONFIG_NFT_DUP_IPV6=m |
1274 | 1277 |
# CONFIG_NFT_FIB_IPV6 is not set |
... | ... |
@@ -1276,10 +1280,7 @@ CONFIG_NF_DUP_IPV6=m |
1276 | 1276 |
CONFIG_NF_REJECT_IPV6=m |
1277 | 1277 |
CONFIG_NF_LOG_IPV6=m |
1278 | 1278 |
CONFIG_NF_NAT_IPV6=m |
1279 |
-CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1280 | 1279 |
CONFIG_NF_NAT_MASQUERADE_IPV6=m |
1281 |
-CONFIG_NFT_MASQ_IPV6=m |
|
1282 |
-CONFIG_NFT_REDIR_IPV6=m |
|
1283 | 1280 |
CONFIG_IP6_NF_IPTABLES=m |
1284 | 1281 |
CONFIG_IP6_NF_MATCH_AH=m |
1285 | 1282 |
CONFIG_IP6_NF_MATCH_EUI64=m |
... | ... |
@@ -1541,6 +1542,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y |
1541 | 1541 |
CONFIG_SYS_HYPERVISOR=y |
1542 | 1542 |
# CONFIG_GENERIC_CPU_DEVICES is not set |
1543 | 1543 |
CONFIG_GENERIC_CPU_AUTOPROBE=y |
1544 |
+CONFIG_GENERIC_CPU_VULNERABILITIES=y |
|
1544 | 1545 |
CONFIG_REGMAP=y |
1545 | 1546 |
CONFIG_REGMAP_I2C=y |
1546 | 1547 |
CONFIG_DMA_SHARED_BUFFER=y |
... | ... |
@@ -4469,8 +4471,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y |
4469 | 4469 |
# CONFIG_DEBUG_PER_CPU_MAPS is not set |
4470 | 4470 |
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y |
4471 | 4471 |
# CONFIG_DEBUG_STACKOVERFLOW is not set |
4472 |
-CONFIG_HAVE_ARCH_KMEMCHECK=y |
|
4473 |
-# CONFIG_KMEMCHECK is not set |
|
4474 | 4472 |
CONFIG_HAVE_ARCH_KASAN=y |
4475 | 4473 |
# CONFIG_KASAN is not set |
4476 | 4474 |
CONFIG_ARCH_HAS_KCOV=y |
... | ... |
@@ -4570,7 +4570,6 @@ CONFIG_FTRACE_SYSCALLS=y |
4570 | 4570 |
# CONFIG_TRACER_SNAPSHOT is not set |
4571 | 4571 |
CONFIG_BRANCH_PROFILE_NONE=y |
4572 | 4572 |
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set |
4573 |
-# CONFIG_PROFILE_ALL_BRANCHES is not set |
|
4574 | 4573 |
# CONFIG_STACK_TRACER is not set |
4575 | 4574 |
CONFIG_BLK_DEV_IO_TRACE=y |
4576 | 4575 |
CONFIG_KPROBE_EVENTS=y |
... | ... |
@@ -4657,9 +4656,9 @@ CONFIG_OPTIMIZE_INLINING=y |
4657 | 4657 |
# CONFIG_DEBUG_NMI_SELFTEST is not set |
4658 | 4658 |
# CONFIG_X86_DEBUG_FPU is not set |
4659 | 4659 |
# CONFIG_PUNIT_ATOM_DEBUG is not set |
4660 |
-CONFIG_FRAME_POINTER_UNWINDER=y |
|
4661 |
-# CONFIG_ORC_UNWINDER is not set |
|
4662 |
-# CONFIG_GUESS_UNWINDER is not set |
|
4660 |
+# CONFIG_UNWINDER_ORC is not set |
|
4661 |
+CONFIG_UNWINDER_FRAME_POINTER=y |
|
4662 |
+# CONFIG_UNWINDER_GUESS is not set |
|
4663 | 4663 |
|
4664 | 4664 |
# |
4665 | 4665 |
# Security options |
... | ... |
@@ -4676,6 +4675,7 @@ CONFIG_SECURITY=y |
4676 | 4676 |
# CONFIG_SECURITY_WRITABLE_HOOKS is not set |
4677 | 4677 |
CONFIG_SECURITYFS=y |
4678 | 4678 |
CONFIG_SECURITY_NETWORK=y |
4679 |
+CONFIG_PAGE_TABLE_ISOLATION=y |
|
4679 | 4680 |
# CONFIG_SECURITY_NETWORK_XFRM is not set |
4680 | 4681 |
CONFIG_SECURITY_PATH=y |
4681 | 4682 |
CONFIG_INTEL_TXT=y |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
# |
2 | 2 |
# Automatically generated file; DO NOT EDIT. |
3 |
-# Linux/x86 4.14.8 Kernel Configuration |
|
3 |
+# Linux/x86 4.14.54 Kernel Configuration |
|
4 | 4 |
# |
5 | 5 |
CONFIG_64BIT=y |
6 | 6 |
CONFIG_X86_64=y |
... | ... |
@@ -453,6 +453,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y |
453 | 453 |
CONFIG_X86_X2APIC=y |
454 | 454 |
# CONFIG_X86_MPPARSE is not set |
455 | 455 |
# CONFIG_GOLDFISH is not set |
456 |
+CONFIG_RETPOLINE=y |
|
456 | 457 |
# CONFIG_INTEL_RDT is not set |
457 | 458 |
# CONFIG_X86_EXTENDED_PLATFORM is not set |
458 | 459 |
# CONFIG_X86_INTEL_LPSS is not set |
... | ... |
@@ -1269,6 +1270,9 @@ CONFIG_NF_CONNTRACK_IPV6=m |
1269 | 1269 |
# CONFIG_NF_SOCKET_IPV6 is not set |
1270 | 1270 |
CONFIG_NF_TABLES_IPV6=m |
1271 | 1271 |
CONFIG_NFT_CHAIN_ROUTE_IPV6=m |
1272 |
+CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1273 |
+CONFIG_NFT_MASQ_IPV6=m |
|
1274 |
+CONFIG_NFT_REDIR_IPV6=m |
|
1272 | 1275 |
CONFIG_NFT_REJECT_IPV6=m |
1273 | 1276 |
CONFIG_NFT_DUP_IPV6=m |
1274 | 1277 |
# CONFIG_NFT_FIB_IPV6 is not set |
... | ... |
@@ -1276,10 +1280,7 @@ CONFIG_NF_DUP_IPV6=m |
1276 | 1276 |
CONFIG_NF_REJECT_IPV6=m |
1277 | 1277 |
CONFIG_NF_LOG_IPV6=m |
1278 | 1278 |
CONFIG_NF_NAT_IPV6=m |
1279 |
-CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1280 | 1279 |
CONFIG_NF_NAT_MASQUERADE_IPV6=m |
1281 |
-CONFIG_NFT_MASQ_IPV6=m |
|
1282 |
-CONFIG_NFT_REDIR_IPV6=m |
|
1283 | 1280 |
CONFIG_IP6_NF_IPTABLES=m |
1284 | 1281 |
CONFIG_IP6_NF_MATCH_AH=m |
1285 | 1282 |
CONFIG_IP6_NF_MATCH_EUI64=m |
... | ... |
@@ -1541,6 +1542,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y |
1541 | 1541 |
CONFIG_SYS_HYPERVISOR=y |
1542 | 1542 |
# CONFIG_GENERIC_CPU_DEVICES is not set |
1543 | 1543 |
CONFIG_GENERIC_CPU_AUTOPROBE=y |
1544 |
+CONFIG_GENERIC_CPU_VULNERABILITIES=y |
|
1544 | 1545 |
CONFIG_REGMAP=y |
1545 | 1546 |
CONFIG_REGMAP_I2C=y |
1546 | 1547 |
CONFIG_DMA_SHARED_BUFFER=y |
... | ... |
@@ -4469,8 +4471,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y |
4469 | 4469 |
# CONFIG_DEBUG_PER_CPU_MAPS is not set |
4470 | 4470 |
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y |
4471 | 4471 |
# CONFIG_DEBUG_STACKOVERFLOW is not set |
4472 |
-CONFIG_HAVE_ARCH_KMEMCHECK=y |
|
4473 |
-# CONFIG_KMEMCHECK is not set |
|
4474 | 4472 |
CONFIG_HAVE_ARCH_KASAN=y |
4475 | 4473 |
# CONFIG_KASAN is not set |
4476 | 4474 |
CONFIG_ARCH_HAS_KCOV=y |
... | ... |
@@ -4570,7 +4570,6 @@ CONFIG_FTRACE_SYSCALLS=y |
4570 | 4570 |
# CONFIG_TRACER_SNAPSHOT is not set |
4571 | 4571 |
CONFIG_BRANCH_PROFILE_NONE=y |
4572 | 4572 |
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set |
4573 |
-# CONFIG_PROFILE_ALL_BRANCHES is not set |
|
4574 | 4573 |
# CONFIG_STACK_TRACER is not set |
4575 | 4574 |
CONFIG_BLK_DEV_IO_TRACE=y |
4576 | 4575 |
CONFIG_KPROBE_EVENTS=y |
... | ... |
@@ -4657,9 +4656,9 @@ CONFIG_OPTIMIZE_INLINING=y |
4657 | 4657 |
# CONFIG_DEBUG_NMI_SELFTEST is not set |
4658 | 4658 |
# CONFIG_X86_DEBUG_FPU is not set |
4659 | 4659 |
# CONFIG_PUNIT_ATOM_DEBUG is not set |
4660 |
-CONFIG_FRAME_POINTER_UNWINDER=y |
|
4661 |
-# CONFIG_ORC_UNWINDER is not set |
|
4662 |
-# CONFIG_GUESS_UNWINDER is not set |
|
4660 |
+# CONFIG_UNWINDER_ORC is not set |
|
4661 |
+CONFIG_UNWINDER_FRAME_POINTER=y |
|
4662 |
+# CONFIG_UNWINDER_GUESS is not set |
|
4663 | 4663 |
|
4664 | 4664 |
# |
4665 | 4665 |
# Security options |
... | ... |
@@ -4676,6 +4675,7 @@ CONFIG_SECURITY=y |
4676 | 4676 |
# CONFIG_SECURITY_WRITABLE_HOOKS is not set |
4677 | 4677 |
CONFIG_SECURITYFS=y |
4678 | 4678 |
CONFIG_SECURITY_NETWORK=y |
4679 |
+CONFIG_PAGE_TABLE_ISOLATION=y |
|
4679 | 4680 |
# CONFIG_SECURITY_NETWORK_XFRM is not set |
4680 | 4681 |
CONFIG_SECURITY_PATH=y |
4681 | 4682 |
CONFIG_INTEL_TXT=y |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
# |
2 | 2 |
# Automatically generated file; DO NOT EDIT. |
3 |
-# Linux/x86 4.14.8 Kernel Configuration |
|
3 |
+# Linux/x86 4.14.54 Kernel Configuration |
|
4 | 4 |
# |
5 | 5 |
CONFIG_64BIT=y |
6 | 6 |
CONFIG_X86_64=y |
... | ... |
@@ -313,6 +313,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 |
313 | 313 |
CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y |
314 | 314 |
CONFIG_HAVE_COPY_THREAD_TLS=y |
315 | 315 |
CONFIG_HAVE_STACK_VALIDATION=y |
316 |
+CONFIG_HAVE_RELIABLE_STACKTRACE=y |
|
316 | 317 |
# CONFIG_HAVE_ARCH_HASH is not set |
317 | 318 |
# CONFIG_ISA_BUS_API is not set |
318 | 319 |
CONFIG_OLD_SIGSUSPEND3=y |
... | ... |
@@ -402,7 +403,6 @@ CONFIG_IOSCHED_NOOP=y |
402 | 402 |
CONFIG_IOSCHED_DEADLINE=m |
403 | 403 |
CONFIG_IOSCHED_CFQ=m |
404 | 404 |
CONFIG_CFQ_GROUP_IOSCHED=y |
405 |
-# CONFIG_DEFAULT_DEADLINE is not set |
|
406 | 405 |
CONFIG_DEFAULT_NOOP=y |
407 | 406 |
CONFIG_DEFAULT_IOSCHED="noop" |
408 | 407 |
# CONFIG_MQ_IOSCHED_DEADLINE is not set |
... | ... |
@@ -435,6 +435,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y |
435 | 435 |
CONFIG_X86_X2APIC=y |
436 | 436 |
CONFIG_X86_MPPARSE=y |
437 | 437 |
# CONFIG_GOLDFISH is not set |
438 |
+CONFIG_RETPOLINE=y |
|
438 | 439 |
# CONFIG_INTEL_RDT is not set |
439 | 440 |
# CONFIG_X86_EXTENDED_PLATFORM is not set |
440 | 441 |
# CONFIG_X86_INTEL_LPSS is not set |
... | ... |
@@ -1331,6 +1332,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y |
1331 | 1331 |
# CONFIG_SYS_HYPERVISOR is not set |
1332 | 1332 |
# CONFIG_GENERIC_CPU_DEVICES is not set |
1333 | 1333 |
CONFIG_GENERIC_CPU_AUTOPROBE=y |
1334 |
+CONFIG_GENERIC_CPU_VULNERABILITIES=y |
|
1334 | 1335 |
CONFIG_REGMAP=y |
1335 | 1336 |
CONFIG_REGMAP_I2C=m |
1336 | 1337 |
CONFIG_DMA_SHARED_BUFFER=y |
... | ... |
@@ -3092,8 +3094,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y |
3092 | 3092 |
# CONFIG_DEBUG_PER_CPU_MAPS is not set |
3093 | 3093 |
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y |
3094 | 3094 |
# CONFIG_DEBUG_STACKOVERFLOW is not set |
3095 |
-CONFIG_HAVE_ARCH_KMEMCHECK=y |
|
3096 |
-# CONFIG_KMEMCHECK is not set |
|
3097 | 3095 |
CONFIG_HAVE_ARCH_KASAN=y |
3098 | 3096 |
# CONFIG_KASAN is not set |
3099 | 3097 |
CONFIG_ARCH_HAS_KCOV=y |
... | ... |
@@ -3236,9 +3236,9 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=3 |
3236 | 3236 |
# CONFIG_DEBUG_NMI_SELFTEST is not set |
3237 | 3237 |
# CONFIG_X86_DEBUG_FPU is not set |
3238 | 3238 |
# CONFIG_PUNIT_ATOM_DEBUG is not set |
3239 |
-CONFIG_FRAME_POINTER_UNWINDER=y |
|
3240 |
-# CONFIG_ORC_UNWINDER is not set |
|
3241 |
-# CONFIG_GUESS_UNWINDER is not set |
|
3239 |
+# CONFIG_UNWINDER_ORC is not set |
|
3240 |
+CONFIG_UNWINDER_FRAME_POINTER=y |
|
3241 |
+# CONFIG_UNWINDER_GUESS is not set |
|
3242 | 3242 |
|
3243 | 3243 |
# |
3244 | 3244 |
# Security options |
... | ... |
@@ -3252,6 +3252,7 @@ CONFIG_KEYS_COMPAT=y |
3252 | 3252 |
# CONFIG_SECURITY_DMESG_RESTRICT is not set |
3253 | 3253 |
# CONFIG_SECURITY is not set |
3254 | 3254 |
# CONFIG_SECURITYFS is not set |
3255 |
+CONFIG_PAGE_TABLE_ISOLATION=y |
|
3255 | 3256 |
CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y |
3256 | 3257 |
CONFIG_HARDENED_USERCOPY=y |
3257 | 3258 |
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set |
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
# |
2 | 2 |
# Automatically generated file; DO NOT EDIT. |
3 |
-# Linux/x86 4.14.8 Kernel Configuration |
|
3 |
+# Linux/x86 4.14.54 Kernel Configuration |
|
4 | 4 |
# |
5 | 5 |
CONFIG_64BIT=y |
6 | 6 |
CONFIG_X86_64=y |
... | ... |
@@ -328,6 +328,7 @@ CONFIG_HAVE_EXIT_THREAD=y |
328 | 328 |
CONFIG_ARCH_MMAP_RND_BITS=32 |
329 | 329 |
CONFIG_HAVE_COPY_THREAD_TLS=y |
330 | 330 |
CONFIG_HAVE_STACK_VALIDATION=y |
331 |
+CONFIG_HAVE_RELIABLE_STACKTRACE=y |
|
331 | 332 |
# CONFIG_HAVE_ARCH_HASH is not set |
332 | 333 |
# CONFIG_ISA_BUS_API is not set |
333 | 334 |
# CONFIG_CPU_NO_EFFICIENT_FFS is not set |
... | ... |
@@ -448,6 +449,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y |
448 | 448 |
CONFIG_X86_X2APIC=y |
449 | 449 |
# CONFIG_X86_MPPARSE is not set |
450 | 450 |
# CONFIG_GOLDFISH is not set |
451 |
+CONFIG_RETPOLINE=y |
|
451 | 452 |
# CONFIG_INTEL_RDT is not set |
452 | 453 |
# CONFIG_X86_EXTENDED_PLATFORM is not set |
453 | 454 |
# CONFIG_X86_INTEL_LPSS is not set |
... | ... |
@@ -542,7 +544,6 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y |
542 | 542 |
CONFIG_ARCH_SPARSEMEM_DEFAULT=y |
543 | 543 |
CONFIG_ARCH_SELECT_MEMORY_MODEL=y |
544 | 544 |
CONFIG_ARCH_MEMORY_PROBE=y |
545 |
-CONFIG_ARCH_PROC_KCORE_TEXT=y |
|
546 | 545 |
CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 |
547 | 546 |
CONFIG_SELECT_MEMORY_MODEL=y |
548 | 547 |
CONFIG_SPARSEMEM_MANUAL=y |
... | ... |
@@ -1244,6 +1245,9 @@ CONFIG_NF_CONNTRACK_IPV6=m |
1244 | 1244 |
CONFIG_NF_SOCKET_IPV6=m |
1245 | 1245 |
CONFIG_NF_TABLES_IPV6=m |
1246 | 1246 |
CONFIG_NFT_CHAIN_ROUTE_IPV6=m |
1247 |
+CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1248 |
+CONFIG_NFT_MASQ_IPV6=m |
|
1249 |
+CONFIG_NFT_REDIR_IPV6=m |
|
1247 | 1250 |
CONFIG_NFT_REJECT_IPV6=m |
1248 | 1251 |
CONFIG_NFT_DUP_IPV6=m |
1249 | 1252 |
# CONFIG_NFT_FIB_IPV6 is not set |
... | ... |
@@ -1251,10 +1255,7 @@ CONFIG_NF_DUP_IPV6=m |
1251 | 1251 |
CONFIG_NF_REJECT_IPV6=m |
1252 | 1252 |
CONFIG_NF_LOG_IPV6=m |
1253 | 1253 |
CONFIG_NF_NAT_IPV6=m |
1254 |
-CONFIG_NFT_CHAIN_NAT_IPV6=m |
|
1255 | 1254 |
CONFIG_NF_NAT_MASQUERADE_IPV6=m |
1256 |
-CONFIG_NFT_MASQ_IPV6=m |
|
1257 |
-CONFIG_NFT_REDIR_IPV6=m |
|
1258 | 1255 |
CONFIG_IP6_NF_IPTABLES=m |
1259 | 1256 |
CONFIG_IP6_NF_MATCH_AH=m |
1260 | 1257 |
CONFIG_IP6_NF_MATCH_EUI64=m |
... | ... |
@@ -1513,6 +1514,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y |
1513 | 1513 |
# CONFIG_SYS_HYPERVISOR is not set |
1514 | 1514 |
# CONFIG_GENERIC_CPU_DEVICES is not set |
1515 | 1515 |
CONFIG_GENERIC_CPU_AUTOPROBE=y |
1516 |
+CONFIG_GENERIC_CPU_VULNERABILITIES=y |
|
1516 | 1517 |
CONFIG_REGMAP=y |
1517 | 1518 |
CONFIG_REGMAP_I2C=y |
1518 | 1519 |
CONFIG_DMA_SHARED_BUFFER=y |
... | ... |
@@ -4348,8 +4350,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y |
4348 | 4348 |
# CONFIG_DEBUG_PER_CPU_MAPS is not set |
4349 | 4349 |
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y |
4350 | 4350 |
# CONFIG_DEBUG_STACKOVERFLOW is not set |
4351 |
-CONFIG_HAVE_ARCH_KMEMCHECK=y |
|
4352 |
-# CONFIG_KMEMCHECK is not set |
|
4353 | 4351 |
CONFIG_HAVE_ARCH_KASAN=y |
4354 | 4352 |
# CONFIG_KASAN is not set |
4355 | 4353 |
CONFIG_ARCH_HAS_KCOV=y |
... | ... |
@@ -4449,7 +4449,6 @@ CONFIG_FTRACE=y |
4449 | 4449 |
# CONFIG_TRACER_SNAPSHOT is not set |
4450 | 4450 |
CONFIG_BRANCH_PROFILE_NONE=y |
4451 | 4451 |
# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set |
4452 |
-# CONFIG_PROFILE_ALL_BRANCHES is not set |
|
4453 | 4452 |
# CONFIG_STACK_TRACER is not set |
4454 | 4453 |
CONFIG_BLK_DEV_IO_TRACE=y |
4455 | 4454 |
CONFIG_KPROBE_EVENTS=y |
... | ... |
@@ -4534,9 +4533,9 @@ CONFIG_OPTIMIZE_INLINING=y |
4534 | 4534 |
# CONFIG_DEBUG_NMI_SELFTEST is not set |
4535 | 4535 |
# CONFIG_X86_DEBUG_FPU is not set |
4536 | 4536 |
# CONFIG_PUNIT_ATOM_DEBUG is not set |
4537 |
-CONFIG_FRAME_POINTER_UNWINDER=y |
|
4538 |
-# CONFIG_ORC_UNWINDER is not set |
|
4539 |
-# CONFIG_GUESS_UNWINDER is not set |
|
4537 |
+# CONFIG_UNWINDER_ORC is not set |
|
4538 |
+CONFIG_UNWINDER_FRAME_POINTER=y |
|
4539 |
+# CONFIG_UNWINDER_GUESS is not set |
|
4540 | 4540 |
|
4541 | 4541 |
# |
4542 | 4542 |
# Security options |
... | ... |
@@ -4559,6 +4558,7 @@ CONFIG_SECURITY=y |
4559 | 4559 |
# CONFIG_SECURITY_WRITABLE_HOOKS is not set |
4560 | 4560 |
CONFIG_SECURITYFS=y |
4561 | 4561 |
CONFIG_SECURITY_NETWORK=y |
4562 |
+CONFIG_PAGE_TABLE_ISOLATION=y |
|
4562 | 4563 |
# CONFIG_SECURITY_NETWORK_XFRM is not set |
4563 | 4564 |
CONFIG_SECURITY_PATH=y |
4564 | 4565 |
CONFIG_INTEL_TXT=y |
... | ... |
@@ -9,7 +9,7 @@ In case of panic kmsg will be dumped to vmware.log file |
9 | 9 |
1 file changed, 142 insertions(+), 3 deletions(-) |
10 | 10 |
|
11 | 11 |
diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c |
12 |
-index 40ed2685..50ed5769 100644 |
|
12 |
+index 8e005329648b..eb8515b5cad7 100644 |
|
13 | 13 |
--- a/arch/x86/kernel/cpu/vmware.c |
14 | 14 |
+++ b/arch/x86/kernel/cpu/vmware.c |
15 | 15 |
@@ -30,19 +30,24 @@ |
... | ... |
@@ -63,10 +63,10 @@ index 40ed2685..50ed5769 100644 |
63 | 63 |
} |
64 | 64 |
|
65 | 65 |
/* |
66 |
-@@ -212,3 +226,128 @@ const __refconst struct hypervisor_x86 x86_hyper_vmware = { |
|
67 |
- .x2apic_available = vmware_legacy_x2apic_available, |
|
66 |
+@@ -212,3 +226,128 @@ const __initconst struct hypervisor_x86 x86_hyper_vmware = { |
|
67 |
+ .init.init_platform = vmware_platform_setup, |
|
68 |
+ .init.x2apic_available = vmware_legacy_x2apic_available, |
|
68 | 69 |
}; |
69 |
- EXPORT_SYMBOL(x86_hyper_vmware); |
|
70 | 70 |
+ |
71 | 71 |
+#define MESSAGE_STATUS_SUCCESS (0x01 << 16) |
72 | 72 |
+#define MESSAGE_STATUS_CPT (0x10 << 16) |
... | ... |
@@ -192,6 +192,3 @@ index 40ed2685..50ed5769 100644 |
192 | 192 |
+ break; |
193 | 193 |
+ } |
194 | 194 |
+} |
195 |
-2.11.0 |
|
196 |
- |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-aws |
4 |
-Version: 4.14.8 |
|
4 |
+Version: 4.14.54 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297 |
|
12 |
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
|
13 | 13 |
Source1: config-aws |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.5.0 |
... | ... |
@@ -305,5 +305,7 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
305 | 305 |
/usr/share/doc/* |
306 | 306 |
|
307 | 307 |
%changelog |
308 |
+* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1 |
|
309 |
+- Update to version 4.14.54 |
|
308 | 310 |
* Thu Feb 22 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.14.8-1 |
309 | 311 |
- First build based on linux.spec and config. No AWS-specific patches yet. |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.14.8 |
|
4 |
+Version: 4.14.54 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297 |
|
12 |
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -186,6 +186,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
186 | 186 |
/usr/src/linux-headers-%{uname_r} |
187 | 187 |
|
188 | 188 |
%changelog |
189 |
+* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1 |
|
190 |
+- Update to version 4.14.54 |
|
189 | 191 |
* Fri Feb 02 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1 |
190 | 192 |
- Version update |
191 | 193 |
* Mon Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-2 |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.14.8 |
|
5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
4 |
+Version: 4.14.54 |
|
5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297 |
|
12 |
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -222,6 +222,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
222 | 222 |
/usr/src/linux-headers-%{uname_r} |
223 | 223 |
|
224 | 224 |
%changelog |
225 |
+* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1 |
|
226 |
+- Update to version 4.14.54 |
|
225 | 227 |
* Mon Mar 19 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2 |
226 | 228 |
- Extra hardening: slab_nomerge and some .config changes |
227 | 229 |
* Fri Feb 16 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1 |
... | ... |
@@ -1,15 +1,15 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.14.8 |
|
5 |
-Release: 2%{?kat_build:.%kat_build}%{?dist} |
|
4 |
+Version: 4.14.54 |
|
5 |
+Release: 1%{?kat_build:.%kat_build}%{?dist} |
|
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
8 | 8 |
Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297 |
|
12 |
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.5.0 |
... | ... |
@@ -341,6 +341,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
341 | 341 |
%endif |
342 | 342 |
|
343 | 343 |
%changelog |
344 |
+* Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1 |
|
345 |
+- Update to version 4.14.54 |
|
344 | 346 |
* Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2 |
345 | 347 |
- Added vchiq entry to rpi3 dts |
346 | 348 |
- Added dtb-rpi3 subpackage |
347 | 349 |
new file mode 100755 |
... | ... |
@@ -0,0 +1,18 @@ |
0 |
+#! /bin/sh |
|
1 |
+ |
|
2 |
+specs="linux-api-headers/linux-api-headers.spec linux/linux.spec linux/linux-esx.spec linux/linux-secure.spec linux/linux-aws.spec" |
|
3 |
+ |
|
4 |
+tarball_url=`curl -s https://www.kernel.org | grep -Eo 'https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.[0-9]*.tar.xz'` |
|
5 |
+tarball=$(basename $tarball_url) |
|
6 |
+version=`echo $tarball | sed 's/linux-//; s/.tar.xz//'` |
|
7 |
+echo latest linux version: $version |
|
8 |
+test -f stage/SOURCES/$tarball && echo up to date && exit 0 |
|
9 |
+$(cd stage/SOURCES && wget $tarball_url) |
|
10 |
+sha1=`sha1sum stage/SOURCES/$tarball | awk '{print $1}'` |
|
11 |
+changelog_entry=$(echo "`date +"%a %b %d %Y"` `git config user.name` <`git config user.email`> $version-1") |
|
12 |
+for spec in $specs; do |
|
13 |
+ sed -i '/^Version:/ s/4.14.[0-9]*/'$version'/' SPECS/$spec |
|
14 |
+ sed -i '/^Release:/ s/[0-9]*%/1%/' SPECS/$spec |
|
15 |
+ sed -i '/^%define sha1 linux/ s/=[0-9a-f]*$/='$sha1'/' SPECS/$spec |
|
16 |
+ sed -i '/^%changelog/a* '"$changelog_entry"'\n- Update to version '"$version"'' SPECS/$spec |
|
17 |
+done |
0 | 18 |
deleted file mode 100755 |
... | ... |
@@ -1,18 +0,0 @@ |
1 |
-#! /bin/sh |
|
2 |
- |
|
3 |
-specs="linux-api-headers/linux-api-headers.spec linux/linux.spec linux/linux-esx.spec linux/linux-secure.spec linux/linux-aws.spec" |
|
4 |
- |
|
5 |
-tarball_url=`curl -s https://www.kernel.org | grep -Eo 'https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.[0-9]*.tar.xz'` |
|
6 |
-tarball=$(basename $tarball_url) |
|
7 |
-version=`echo $tarball | sed 's/linux-//; s/.tar.xz//'` |
|
8 |
-echo latest linux version: $version |
|
9 |
-test -f stage/SOURCES/$tarball && echo up to date && exit 0 |
|
10 |
-$(cd stage/SOURCES && wget $tarball_url) |
|
11 |
-sha1=`sha1sum stage/SOURCES/$tarball | awk '{print $1}'` |
|
12 |
-changelog_entry=$(echo "`date +"%a %b %d %Y"` `git config user.name` <`git config user.email`> $version-1") |
|
13 |
-for spec in $specs; do |
|
14 |
- sed -i '/^Version:/ s/4.9.[0-9]*/'$version'/' SPECS/$spec |
|
15 |
- sed -i '/^Release:/ s/[0-9]*%/1%/' SPECS/$spec |
|
16 |
- sed -i '/^%define sha1 linux/ s/=[0-9a-f]*$/='$sha1'/' SPECS/$spec |
|
17 |
- sed -i '/^%changelog/a* '"$changelog_entry"'\n- Update to version '"$version"'' SPECS/$spec |
|
18 |
-done |